Despite a previous release including a lot of new features, we managed to strike again with even more content packed into this shorter month. XO 5.80 has landed with a lot of new stuff available: VMware migration tool from the web UI, OpenID Connect support, REST API async actions and VM replication health-check for the biggest changes. But also with many other things.
🔐 OpenID Connect support
You can now login to your Xen Orchestra using OpenID Connect, which is a very convenient and secure protocol. It's the 3rd generation of OpenID technology, built on top of the OAuth 2.0 authorization framework. We also managed to enable auto discovery, to make it very simple to configure.
It's also very extensible and easy to use. We'll show here how to use it with KeyCloak, an open source Single Sign-On platform.
Creating the client in KeyCloak
We wanted to provide a real example with KeyCloak. Obviously, any SSO server with OpenID Connect will also work. First, you need to create the "client" (the application that will use OpenID):
In the client creation wizard, you need to select the "OpenID Connect" type, and choose a client ID (you need to keep this in mind to configure it in Xen Orchestra). Here, we are using
Don't forget to switch "Client authentication" to On:
Now you also need to add a URL in the "Valid redirect URIs": in short, that's where KeyCloak will send you after a successful authentication. Use your XO URL (or IP address) on a format
https://xoa.example.org/*. Note that if you access your XO both with IP and name, you can add multiple URIs.
Now the client is created, you can edit it and check the "Credentials" tab, in order to copy the "Client secret": it will be needed in XO plugin configuration:
Last thing needed to configure the plugin on the XO side: the "Auto-discovery URL". It's available in the left menu "Realm settings". Copy the "OpenID Endpoint Configuration" somewhere.
Now you should have, in our example:
- the client ID,
- the Client secret
- the "Auto-discovery URL"
Enabling and configuring the plugin
This is pretty straightforward:
Don't forget to enable and save the plugin configuration!
Login to XO
That's it! With this configured with a strong auth process in KeyCloak, you can safely expose Xen Orchestra on the internet. Note the new login button on the top:
🐦 VMware migration tool
Our VMware migration tool, logically called V2V (Virtual to Virtual, or VMware to Vates), is now usable directly from the Xen Orchestra web UI, in the "Import" menu. A new entry there: "From VMware":
After giving the vCenter credentials, you can click on "Connect" and go to the next step:
On this screen, you will basically select which VM to replicate, and to which pool, storage and network. When it's done, just click on "Import" and there you go!
Don't forget to give your feedback on our dedicated forum thread.
Current limitations and next steps
We have various improvements in the pipes. So far, the delta import is only supported up to VMware 6.5. This will be solved in our next release, to support all VMware versions in delta mode. If you use something more recent, you can just shutdown the VM, the replication will work, but not in "warm" mode (ie: delta).
Also, our internal XO task system is about to be exposed with this feature, so even in case of using the "thin mode" (mode we recommend to use), you'll be notified of the progress of the first read.
And finally, multi-VMs import will also land for our next release.
💾 Pool Metadata restore
If you lose all your hosts, but not your shared storage, it might be shorter to re-install XCP-ng on some fresh hardware, and restore the pool metadata. Thanks to this, all your VMs will be back (and the configuration with it!) in a minute. No need to restore all your backups!
Now, the restore menu is more complete:
It will overwrite any previous configuration on your pool:
As you can see, it's also multi-pool compatible: it means you can restore multiple metadata backups to multiple pools at once!
Despite the fact we've had the pool metadata restore for a while, it wasn't practical due to a limitation we removed. Now, this is another life saver for your XCP-ng/XenServer infrastructure.
⚕️ Continuous Replication health check
We integrated a way to automatically test your backups, a few releases ago:
Now, we extended this feature to the Continuous Replication backup type. You just have to enable the feature in your backup job, and that's it! After each VM is replicated on the destination, we'll start a copy of it (to avoid any replication disruption, also without networking) and see if it boots until the VM tools are started. Then, we remove it. Simple and efficient.
If any VM fails, you'll be notified directly in your backup logs.
📡 REST API async actions
You can now start, reboot or shutdown (both soft & hard) and snapshot your VMs with the REST API! Since those operations can be long, we plugged it to our new task system. Yes, the task system we already told you about for the next big XO release, XO 6.
List the available actions
To see the actions available on a given object, get the collection at
For example, to list all actions on a given VM:
-b authenticationToken=KQxFkTbs \
Start an action
Post at the action endpoint which is
For instance, to reboot a VM:
-X POST \
-b authenticationToken=KQxFkTbs \
Force an action in sync mode
For some cases, you might prefer to send a sync action, meaning the HTTP call will only return when the action is finished. To do that, just add the
?sync query string to your HTTP call.
🔭 XO Lite
We continue to work on XO Lite, and this time we made some progress on displaying tasks and also listing all the available updates for your pool.
In the "Dashboard" and in "Task tab" of your pool, you can now see the XCP-ng active tasks running:
List of updates available
In the dashboard view (or at the pool level), you can see all the available updates.
And there's always various stuff added that doesn't fit in a specific category 😊
XOA check: free memory
When you do an XOA check (on your XO virtual Appliance), we added an extra check to see if you have enough RAM to run everything without any issue. It's helpful to reduce the time to find potential issues, or even fixing problems before they appear.
Warning modal with PV tools
If you enable "Windows Update tools", you'll have a confirmation modal with a warning, avoiding some mistakes:
Backup logs improved
We improved the logs of your backup jobs. if you are using NBD, it will be visible:
☸️ Announcing Project Pyrgos: turnkey k8s
Just announced yesterday, if you are interested in deploying production-ready Kubernetes clusters easily, don't miss our previous blog post: