Forum
Welcome, Guest
Username: Password: Remember me
This is the optional category header for the Suggestion Box.
  • Page:
  • 1

TOPIC:

After Citrix security patch XS82E031 check_xapi errors 2 years 6 months ago #2532

  • Hans Hoeksma
  • Hans Hoeksma's Avatar Topic Author
  • Offline
  • Posts: 13
Gents,
After we have done the implementation of the standard Citrix security patch XS82E031, our log files in XenCenter suddenly shows errors with
1) check_xapi
2) check_slave_status

We went to Citrix first, why this was happing, just after implementing a Citrix security patch.
Their answer was:
The hotfix XS82E031 removes HTTP access to the management network static web page.
This web page can now only be accessed through HTTPS.

The alerts in XenCenter "HA lizard - check_xapi: Pool Host on Server: 161.89.92.182 not responding to HTTP - manual intervention may be required" probably means that HA Lizard is doing something that we no longer support, i.e. probing the HTTP landing page (probably to check the host is up).

Is this a known issue or is there a bypass known to this?

Looking forward to your comments
Hans

Please Log in or Create an account to join the conversation.

Last edit: by Hans Hoeksma.

After Citrix security patch XS82E031 check_xapi errors 2 years 6 months ago #2533

  • Salvatore Costantino
  • Salvatore Costantino's Avatar
  • Offline
  • Posts: 722
The Citrix explanation is precisely what is happening. We use curl to check the http landing page of the host. Will try to get a fix a and new version released this week to address this.

Thanks for bringing to our attention.

Please Log in or Create an account to join the conversation.

After Citrix security patch XS82E031 check_xapi errors 2 years 6 months ago #2534

  • Salvatore Costantino
  • Salvatore Costantino's Avatar
  • Offline
  • Posts: 722
Version 2.3.1 has been released which addresses this issue. You can install the RPM on top of your existing installation.

wget halizard.org/release/ha-lizard/ha-lizard-2.3.1-1.rpm
rpm -Uvh ha-lizard-2.3.1-1.rpm

Please update post once installed..
thanks

Please Log in or Create an account to join the conversation.

After Citrix security patch XS82E031 check_xapi errors 2 years 6 months ago #2535

  • Hans Hoeksma
  • Hans Hoeksma's Avatar Topic Author
  • Offline
  • Posts: 13
Hi Salvatore,
Thanks for the quick response, but have a few questions on this as I am al little nOOb
1) What is the rollback of this, if it is not working? We have to implement this on both production hypervisors so I have to be very carefully here.
2) Do the servers have to be restarted or is a restart of the toolstack sufficient?

Hans

Please Log in or Create an account to join the conversation.

After Citrix security patch XS82E031 check_xapi errors 2 years 6 months ago #2536

  • Salvatore Costantino
  • Salvatore Costantino's Avatar
  • Offline
  • Posts: 722
Hi Hans,
It is not necessary to restart the toolstack or the host. For good measure, you may just restart ha-lizard after the update. The code change in this release is rather insignificant, so I would not expect any issues. Regardless, if you do need to roll back, all versions since inception are available here:

halizard.org/release/ha-lizard/

Download the RPM matching your current version. If you need to rollback, you will probably need to pass the RPM --force option to go back, but again, I don't think you will need to do that. You could alternatively just backup the /etc/ha-lizard directory and its init scripts /etc/init.d/ha-lizard and /etc/init.d/ha-lizard-watchdog.

The update procedure is pretty straight forward.

disable HA for the pool (from either host)
ha-cfg ha-disable

download and install the rpm (on each host)

service ha-lizard restart (on each host)

enable HA for the pool (from either host)
ha-cfg ha-enable

Please Log in or Create an account to join the conversation.

After Citrix security patch XS82E031 check_xapi errors 2 years 6 months ago #2537

  • Hans Hoeksma
  • Hans Hoeksma's Avatar Topic Author
  • Offline
  • Posts: 13
Salvatore,
We just implemented the patch and all is looking fine!
Thanks for the support :-)

Hans

Please Log in or Create an account to join the conversation.

  • Page:
  • 1