Today was a day for a new message.   I have a resource pool and I wanted to add a new host.

However, when I tried to add it with XenCenter; I was rewarded with:

I never seen this before. I am using the same hardware and the same version of Xenserver. So what is the problem?

My first guess was the firmware.   We use HP hardware and HP offers a nice little utility which will upgrade the BIOS and the firmware of a system.

We ran the update but the message appeared again.

Could it be the BIOS was configured different? It was easy to overlook as we have a standard for new installs.  The server was in another building so the thought of driving over was not interesting.

Luckily Xenserver has a nice command to verify the BIOS settings.   The command is host-cpu-info.

[root@poolmaster ~]# xe host-cpu-info
                cpu_count: 8
                   vendor: GenuineIntel
                    speed: 2666.762
                modelname: Intel(R) Xeon(R) CPU           X5550  @ 2.67GHz
                   family: 6
                    model: 26
                 stepping: 5
                    flags: fpu de tsc msr pae mce cx8 apic sep mtrr mca cmov pat clflush acpi mmx fxsr sse sse2 ss ht nx constant_tsc nonstop_tsc aperfmperf pni vmx est ssse3 sse4_1 sse4_2 popcnt hypervisor ida tpr_shadow vnmi flexpriority ept vpid
                 features: 009ce3bd-bfebfbff-00000001-28100800
    features_after_reboot: 009ce3bd-bfebfbff-00000001-28100800
        physical_features: 009ce3bd-bfebfbff-00000001-28100800
                 maskable: full

Now access the console of the new host and issue the command:

[root@newhost ~]# xe host-cpu-info
cpu_count                : 8
                   vendor: GenuineIntel
                    speed: 2666.762
                modelname: Intel(R) Xeon(R) CPU           X5550  @ 2.67GHz
                   family: 6
                    model: 26
                 stepping: 5
                    flags: fpu de tsc msr pae mce cx8 apic sep mtrr mca cmov pat clflush acpi mmx fxsr sse sse2 ss ht constant_tsc nonstop_tsc aperfmperf pni vmx est ssse3 sse4_1 sse4_2 popcnt hypervisor ida tpr_shadow vnmi flexpriority ept vpid
                 features: 009ce3bd-bfebfbff-00000001-28000800
    features_after_reboot: 009ce3bd-bfebfbff-00000001-28000800
        physical_features: 009ce3bd-bfebfbff-00000001-28000800
                 maskable: full

If you compare the flags list, you will see the pool master has an NX flag while the new host does not.   The “Non-eXecute” (NX) flag is used to protect the cpus against executing non-executable memory (for example heap) which blocks exploitation of security vulnerabilities.

Normally, this flag is enabled so either a person made a mistake or it was running an older OS at one point.

The flag was enabled, the system was rebooted and it was added to the pool

Lesson of the day:  Bios flags are compared and will prevent a host from joining a pool if they are not the same as the resource pool master.

Advertisements