Citrix Systems Server 6 User Manual
Citrix XenServer ® 6.0 Administrator's Guide
Published Friday, 02 March 2012
1.1 Edition
Citrix XenServer ® 6.0 Administrator's Guide
Copyright © 2012 Citrix Systems. Inc. All Rights Reserved.
Version: 6.0
Citrix, Inc.
851 West Cypress Creek Road
Fort Lauderdale, FL 33309
United States of America
Disclaimers
This document is furnished "AS IS." Citrix, Inc. disclaims all warranties regarding the contents of this document,
including, but not limited to, implied warranties of merchantability and fitness for any particular purpose. This
document may contain technical or other inaccuracies or typographical errors. Citrix, Inc. reserves the right to
revise the information in this document at any time without notice. This document and the software described
in this document constitute confidential information of Citrix, Inc. and its licensors, and are furnished under a
license from Citrix, Inc.
Citrix Systems, Inc., the Citrix logo, Citrix XenServer and Citrix XenCenter, are trademarks of Citrix Systems, Inc.
and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office
and in other countries. All other trademarks and registered trademarks are property of their respective owners.
Trademarks
Citrix®
XenServer ®
XenCenter ®
Contents
Document Overview .......................................................................................... 1
Introducing XenServer ........................................................................................................ 1
Benefits of Using XenServer ........................................................................................ 1
Administering XenServer ............................................................................................. 2
XenServer Editions ...................................................................................................... 2
New Features in XenServer 6.0 ........................................................................................... 2
XenServer Documentation .................................................................................................. 4
Managing Users ................................................................................................. 5
Authenticating Users With Active Directory (AD) .................................................................. 5
Configuring Active Directory Authentication ................................................................. 6
User Authentication .................................................................................................... 8
Removing Access for a User ........................................................................................ 9
Leaving an AD Domain .............................................................................................. 10
Role Based Access Control ................................................................................................ 10
Roles ........................................................................................................................ 11
Definitions of RBAC Roles and Permissions ................................................................. 12
Using RBAC with the CLI ........................................................................................... 17
To List All the Available Defined Roles in XenServer ............................................ 17
To Display a List of Current Subjects: ................................................................. 18
To Add a Subject to RBAC ................................................................................. 19
To Assign an RBAC Role to a Created subject ...................................................... 19
To Change a Subject's RBAC Role: ...................................................................... 19
Auditing ................................................................................................................... 20
Audit Log xe CLI Commands .............................................................................. 20
To Obtain All Audit Records From the Pool ......................................................... 20
To Obtain Audit Records of the Pool Since a Precise Millisecond Timestamp .......... 20
To Obtain Audit Records of the Pool Since a Precise Minute Timestamp ................ 20
How Does XenServer Compute the Roles for the Session? ........................................... 20
XenServer Hosts and Resource Pools .............................................................. 22
iii
Hosts and Resource Pools Overview .................................................................................. 22
Requirements for Creating Resource Pools ......................................................................... 22
Creating a Resource Pool .................................................................................................. 23
Creating Heterogeneous Resource Pools ............................................................................ 23
Adding Shared Storage ...................................................................................................... 24
Removing a XenServer Host from a Resource Pool .............................................................. 25
Preparing a Pool of XenServer Hosts for Maintenance ........................................................ 25
High Availability ................................................................................................................ 26
HA Overview ............................................................................................................ 26
Overcommitting ................................................................................................ 26
Overcommitment Warning ................................................................................ 27
Host Fencing .................................................................................................... 27
Configuration Requirements ...................................................................................... 27
Restart Priorities ....................................................................................................... 28
Enabling HA on a XenServer Pool ...................................................................................... 29
Enabling HA Using the CLI ......................................................................................... 29
Removing HA Protection from a VM using the CLI ...................................................... 29
Recovering an Unreachable Host ............................................................................... 30
Shutting Down a host When HA is Enabled ................................................................ 30
Shutting Down a VM When it is Protected by HA ....................................................... 30
Host Power On ................................................................................................................. 30
Powering on Hosts Remotely ..................................................................................... 30
Using the CLI to Manage Host Power On ................................................................... 31
To Enable Host Power On Using the CLI ............................................................. 31
To Turn on Hosts Remotely Using the CLI ........................................................... 31
Configuring a Custom Script for XenServer's Host Power On Feature ............................ 31
Key/Value Pairs ................................................................................................. 32
host.power_on_mode ............................................................................... 32
host.power_on_config .............................................................................. 32
Sample Script ................................................................................................... 32
Storage ............................................................................................................. 34
iv
Storage Overview ............................................................................................................. 34
Storage Repositories (SRs) ......................................................................................... 34
Virtual Disk Images (VDIs) ......................................................................................... 34
Physical Block Devices (PBDs) .................................................................................... 34
Virtual Block Devices (VBDs) ..................................................................................... 35
Summary of Storage objects ..................................................................................... 35
Virtual Disk Data Formats ......................................................................................... 35
VHD-based VDIs ............................................................................................... 35
VHD Chain Coalescing ............................................................................... 36
Space Utilization ....................................................................................... 36
LUN-based VDIs ................................................................................................ 36
Storage Repository Types .................................................................................................. 37
Local LVM ................................................................................................................. 37
Creating a Local LVM SR (lvm) ........................................................................... 38
Local EXT3 VHD ........................................................................................................ 38
Creating a Local EXT3 SR (ext) ........................................................................... 38
udev ........................................................................................................................ 38
ISO ........................................................................................................................... 38
Software iSCSI Support ............................................................................................. 39
XenServer Host iSCSI configuration .................................................................... 39
Citrix StorageLink SRs ................................................................................................ 39
Upgrading XenServer with StorageLink SRs ......................................................... 40
Creating a Shared StorageLink SR ...................................................................... 40
Managing Hardware Host Bus Adapters (HBAs) .......................................................... 44
Sample QLogic iSCSI HBA setup ......................................................................... 44
Removing HBA-based SAS, FC or iSCSI Device Entries .......................................... 45
LVM over iSCSI ......................................................................................................... 45
Creating a Shared LVM Over iSCSI SR Using the Software iSCSI Initiator
(lvmoiscsi) ........................................................................................................ 45
Creating a Shared LVM over Fibre Channel / iSCSI HBA or SAS SR (lvmohba) .......... 46
NFS VHD .................................................................................................................. 48
Creating a Shared NFS SR (NFS) ......................................................................... 49
v
LVM over Hardware HBA ........................................................................................... 49
Storage Configuration ....................................................................................................... 49
Creating Storage Repositories .................................................................................... 49
Upgrading LVM Storage from XenServer 5.0 or Earlier ................................................. 50
LVM Performance Considerations .............................................................................. 50
VDI Types ......................................................................................................... 50
Creating a Raw Virtual Disk Using the xe CLI ...................................................... 51
Converting Between VDI Formats .............................................................................. 51
Probing an SR ........................................................................................................... 51
Storage Multipathing ................................................................................................ 54
MPP RDAC Driver Support for LSI Arrays. ................................................................... 55
Managing Storage Repositories ......................................................................................... 55
Destroying or Forgetting a SR .................................................................................... 55
Introducing an SR ..................................................................................................... 55
Resizing an SR .......................................................................................................... 56
Converting Local Fibre Channel SRs to Shared SRs ...................................................... 56
Moving Virtual Disk Images (VDIs) Between SRs ......................................................... 57
Copying All of a VMs VDIs to a Different SR ....................................................... 57
Copying Individual VDIs to a Different SR ........................................................... 57
Adjusting the Disk IO Scheduler ................................................................................ 57
Automatically Reclaiming Space When Deleting Snapshots .......................................... 58
Reclaiming Space Using the Off Line Coalesce Tool ............................................. 58
Virtual Disk QoS Settings ................................................................................................... 59
Configuring VM Memory ................................................................................. 61
What is Dynamic Memory Control (DMC)? ......................................................................... 61
The Concept of Dynamic Range ................................................................................. 61
The Concept of Static Range ..................................................................................... 62
DMC Behaviour ........................................................................................................ 62
How Does DMC Work? ............................................................................................. 62
Memory Constraints ................................................................................................. 63
Supported Operating Systems ................................................................................... 63
vi
xe CLI Commands ............................................................................................................. 64
Display the Static Memory Properties of a VM ........................................................... 64
Display the Dynamic Memory Properties of a VM ....................................................... 65
Updating Memory Properties .................................................................................... 65
Update Individual Memory Properties ....................................................................... 66
Upgrade Issues ................................................................................................................. 66
Workload Balancing Interaction ......................................................................................... 66
Xen Memory Usage ......................................................................................... 67
Setting Control Domain Memory ....................................................................................... 67
Networking ...................................................................................................... 69
Networking Support .......................................................................................................... 69
vSwitch Networks ............................................................................................................. 69
XenServer Networking Overview ....................................................................................... 70
Network Objects ....................................................................................................... 70
Networks .................................................................................................................. 71
VLANs ...................................................................................................................... 71
Using VLANs with Management Interfaces ......................................................... 71
Using VLANs with Virtual Machines ................................................................... 71
Using VLANs with Dedicated Storage NICs .......................................................... 71
Combining Management Interfaces and Guest VLANs on a Single Host NIC ........... 71
NIC Bonds ................................................................................................................ 71
Switch Configuration ......................................................................................... 73
Active-Active Bonding ....................................................................................... 74
Active-Passive Bonding ...................................................................................... 75
Initial Networking Configuration ................................................................................ 76
Managing Networking Configuration .................................................................................. 76
Cross-Server Private networks ................................................................................... 76
Creating Networks in a Standalone Server ................................................................. 77
Creating Networks in Resource Pools ......................................................................... 78
Creating VLANs ......................................................................................................... 78
Creating NIC Bonds on a Standalone Host .................................................................. 78
vii
Creating a NIC bond ......................................................................................... 79
Controlling the MAC Address of the Bond .......................................................... 79
Reverting NIC bonds ......................................................................................... 80
Creating NIC bonds in resource pools ........................................................................ 80
Adding NIC bonds to new resource pools ........................................................... 80
Adding NIC bonds to an existing pool ................................................................ 81
Configuring a dedicated storage NIC .......................................................................... 81
Using SR-IOV Enabled NICs ........................................................................................ 82
Controlling the rate of outgoing data (QoS) ................................................................ 82
Changing networking configuration options ............................................................... 83
Hostname ......................................................................................................... 84
DNS servers ...................................................................................................... 84
Changing IP address configuration for a standalone host ..................................... 84
Changing IP address configuration in resource pools ........................................... 84
Primary management interface ......................................................................... 85
Disabling management access ........................................................................... 85
Adding a new physical NIC ................................................................................ 85
Networking Troubleshooting ............................................................................................. 85
Diagnosing network corruption ................................................................................. 86
Recovering from a bad network configuration ............................................................ 86
Disaster Recovery and Backup ........................................................................ 87
Understanding XenServer DR ............................................................................................. 87
DR Infrastructure Requirements ........................................................................................ 88
Deployment Considerations .............................................................................................. 89
Steps to Take Before a Disaster ................................................................................. 89
Steps to Take After a Disaster ................................................................................... 89
Steps to Take After a Recovery .................................................................................. 89
Enabling Disaster Recovery in XenCenter ........................................................................... 89
Recovering VMs and vApps in the Event of Disaster (Failover) ............................................. 90
Restoring VMs and vApps to the Primary Site After Disaster (Failback) ................................. 90
Test Failover ..................................................................................................................... 91
viii
vApps ............................................................................................................................... 92
Using the Manage vApps dialog box in XenCenter ...................................................... 93
Backing Up and Restoring XenServer Hosts and VMs .......................................................... 93
Backing up Virtual Machine metadata ....................................................................... 94
Backing up single host installations .................................................................... 95
Backing up pooled installations ......................................................................... 95
Backing up XenServer hosts ...................................................................................... 95
Backing up VMs ........................................................................................................ 96
VM Snapshots .................................................................................................................. 97
Regular Snapshots .................................................................................................... 97
Quiesced Snapshots .................................................................................................. 97
Snapshots with memory ........................................................................................... 97
Creating a VM Snapshot ........................................................................................... 97
Creating a snapshot with memory ............................................................................. 98
To list all of the snapshots on a XenServer pool .......................................................... 98
To list the snapshots on a particular VM .................................................................... 98
Restoring a VM to its previous state .......................................................................... 99
Deleting a snapshot .......................................................................................... 99
Snapshot Templates ................................................................................................ 100
Creating a template from a snapshot ............................................................... 100
Exporting a snapshot to a template ................................................................. 100
Advanced Notes for Quiesced Snapshots .......................................................... 101
VM Protection and Recovery ........................................................................................... 102
Naming convention for VM archive folders ............................................................... 102
Coping with machine failures .......................................................................................... 102
Member failures ..................................................................................................... 103
Master failures ....................................................................................................... 103
Pool failures ........................................................................................................... 104
Coping with Failure due to Configuration Errors ........................................................ 104
Physical Machine failure .......................................................................................... 104
Monitoring and Managing XenServer ........................................................... 106
ix
Alerts ............................................................................................................................. 106
Customizing Alerts .................................................................................................. 107
Configuring Email Alerts .......................................................................................... 108
Custom Fields and Tags ................................................................................................... 109
Custom Searches ............................................................................................................ 109
Determining throughput of physical bus adapters ............................................................. 109
Troubleshooting ............................................................................................. 110
XenServer host logs ........................................................................................................ 110
Sending host log messages to a central server .......................................................... 110
XenCenter logs ............................................................................................................... 111
Troubleshooting connections between XenCenter and the XenServer host ......................... 111
A. Command Line Interface ........................................................................... 112
Basic xe Syntax ............................................................................................................... 112
Special Characters and Syntax ......................................................................................... 113
Command Types ............................................................................................................. 113
Parameter Types ..................................................................................................... 114
Low-level Parameter Commands .............................................................................. 115
Low-level List Commands ........................................................................................ 115
xe Command Reference .................................................................................................. 116
Appliance Commands ............................................................................................. 116
Appliance Parameters ..................................................................................... 116
appliance-assert-can-be-recovered ................................................................... 116
appliance-create ............................................................................................. 116
appliance-destroy ........................................................................................... 117
appliance-recover ........................................................................................... 117
appliance-shutdown ........................................................................................ 117
appliance-start ................................................................................................ 117
Audit Commands .................................................................................................... 117
audit-log-get parameters ................................................................................. 117
audit-log-get ................................................................................................... 117
Bonding Commands ................................................................................................ 118
x
Bond Parameters ............................................................................................ 118
bond-create .................................................................................................... 118
bond-destroy .................................................................................................. 118
CD Commands ........................................................................................................ 118
CD Parameters ................................................................................................ 118
cd-list ............................................................................................................. 119
Console Commands ................................................................................................ 120
Console Parameters ........................................................................................ 120
Disaster Recovery (DR) Commands .......................................................................... 120
drtask-create .................................................................................................. 120
drtask-destroy ................................................................................................. 121
vm-assert-can-be-recovered ............................................................................ 121
appliance-assert-can-be-recovered ................................................................... 121
appliance-recover ........................................................................................... 121
vm-recover ..................................................................................................... 121
sr-enable-database-replication ......................................................................... 121
sr-disable-database-replication ........................................................................ 121
Example Usage ............................................................................................... 121
Event Commands .................................................................................................... 122
Event Classes .................................................................................................. 122
event-wait ...................................................................................................... 123
GPU Commands ...................................................................................................... 123
Physical GPU (pGPU) Parameters ..................................................................... 123
GPU Group Parameters ................................................................................... 124
Virtual GPU (vGPU) Parameters ....................................................................... 124
vgpu-create .................................................................................................... 125
vgpu-destroy ................................................................................................... 125
Host Commands ..................................................................................................... 125
Host Selectors ................................................................................................. 125
Host Parameters ............................................................................................. 126
host-backup .................................................................................................... 129
xi
host-bugreport-upload .................................................................................... 129
host-crashdump-destroy .................................................................................. 129
host-crashdump-upload ................................................................................... 129
host-disable .................................................................................................... 129
host-dmesg ..................................................................................................... 129
host-emergency-management-reconfigure ....................................................... 130
host-enable .................................................................................................... 130
host-evacuate ................................................................................................. 130
host-forget ..................................................................................................... 130
host-get-system-status .................................................................................... 130
host-get-system-status-capabilities ................................................................... 131
host-is-in-emergency-mode ............................................................................. 132
host-apply-edition .......................................................................................... 132
host-license-add ............................................................................................. 132
host-license-view ............................................................................................ 132
host-logs-download ......................................................................................... 132
host-management-disable ............................................................................... 132
host-management-reconfigure ......................................................................... 133
host-power-on ................................................................................................ 133
host-get-cpu-features ...................................................................................... 133
host-set-cpu-features ...................................................................................... 133
host-set-power-on .......................................................................................... 133
host-reboot .................................................................................................... 133
host-restore .................................................................................................... 134
host-set-hostname-live .................................................................................... 134
host-shutdown ................................................................................................ 134
host-syslog-reconfigure ................................................................................... 134
host-data-source-list ....................................................................................... 135
host-data-source-record .................................................................................. 135
host-data-source-forget ................................................................................... 135
host-data-source-query ................................................................................... 135
xii
Log Commands ....................................................................................................... 136
log-set-output ................................................................................................. 136
Message Commands ............................................................................................... 136
Message Parameters ....................................................................................... 136
message-create ............................................................................................... 136
message-destroy ............................................................................................. 137
message-list .................................................................................................... 137
Network Commands ............................................................................................... 137
Network Parameters ....................................................................................... 137
network-create ............................................................................................... 138
network-destroy ............................................................................................. 138
Patch (Update) Commands ...................................................................................... 138
Patch Parameters ............................................................................................ 138
patch-apply .................................................................................................... 139
patch-clean ..................................................................................................... 139
patch-pool-apply ............................................................................................. 139
patch-precheck ............................................................................................... 139
patch-upload .................................................................................................. 139
PBD Commands ...................................................................................................... 139
PBD Parameters .............................................................................................. 139
pbd-create ...................................................................................................... 140
pbd-destroy .................................................................................................... 140
pbd-plug ......................................................................................................... 140
pbd-unplug ..................................................................................................... 140
PIF Commands ........................................................................................................ 140
PIF Parameters ............................................................................................... 141
pif-forget ........................................................................................................ 143
pif-introduce ................................................................................................... 143
pif-plug ........................................................................................................... 143
pif-reconfigure-ip ............................................................................................ 143
pif-scan .......................................................................................................... 144
xiii
pif-unplug ....................................................................................................... 144
Pool Commands ...................................................................................................... 144
Pool Parameters ............................................................................................. 144
pool-designate-new-master ............................................................................. 145
pool-dump-database ....................................................................................... 145
pool-eject ....................................................................................................... 146
pool-emergency-reset-master .......................................................................... 146
pool-emergency-transition-to-master ............................................................... 146
pool-ha-enable ............................................................................................... 146
pool-ha-disable ............................................................................................... 146
pool-join ......................................................................................................... 146
pool-recover-slaves ......................................................................................... 146
pool-restore-database ..................................................................................... 146
pool-sync-database ......................................................................................... 146
Storage Manager Commands ................................................................................... 147
SM Parameters ............................................................................................... 147
SR Commands ........................................................................................................ 147
SR Parameters ................................................................................................ 147
sr-create ......................................................................................................... 148
sr-destroy ....................................................................................................... 149
sr-enable-database-replication ......................................................................... 149
sr-disable-database-replication ........................................................................ 149
sr-forget ......................................................................................................... 149
sr-introduce .................................................................................................... 149
sr-probe ......................................................................................................... 149
sr-scan ........................................................................................................... 149
Task Commands ...................................................................................................... 150
Task Parameters .............................................................................................. 150
task-cancel ..................................................................................................... 151
Template Commands .............................................................................................. 151
Template Parameters ...................................................................................... 151
xiv
template-export .............................................................................................. 157
Update Commands ................................................................................................. 157
update-upload ................................................................................................ 158
User Commands ..................................................................................................... 158
user-password-change ..................................................................................... 158
VBD Commands ...................................................................................................... 158
VBD Parameters .............................................................................................. 158
vbd-create ...................................................................................................... 159
vbd-destroy .................................................................................................... 160
vbd-eject ........................................................................................................ 160
vbd-insert ....................................................................................................... 160
vbd-plug ......................................................................................................... 160
vbd-unplug ..................................................................................................... 160
VDI Commands ....................................................................................................... 160
VDI Parameters ............................................................................................... 161
vdi-clone ........................................................................................................ 162
vdi-copy ......................................................................................................... 162
vdi-create ....................................................................................................... 162
vdi-destroy ..................................................................................................... 163
vdi-forget ........................................................................................................ 163
vdi-import ...................................................................................................... 163
vdi-introduce .................................................................................................. 163
vdi-resize ........................................................................................................ 163
vdi-snapshot ................................................................................................... 164
vdi-unlock ....................................................................................................... 164
VIF Commands ....................................................................................................... 164
VIF Parameters ............................................................................................... 164
vif-create ........................................................................................................ 166
vif-destroy ...................................................................................................... 166
vif-plug ........................................................................................................... 166
vif-unplug ....................................................................................................... 166
xv
VLAN Commands .................................................................................................... 166
vlan-create ..................................................................................................... 167
pool-vlan-create .............................................................................................. 167
vlan-destroy .................................................................................................... 167
VM Commands ....................................................................................................... 167
VM Selectors .................................................................................................. 167
VM Parameters ............................................................................................... 167
vm-assert-can-be-recovered ............................................................................ 174
vm-cd-add ...................................................................................................... 174
vm-cd-eject .................................................................................................... 174
vm-cd-insert ................................................................................................... 174
vm-cd-list ....................................................................................................... 174
vm-cd-remove ................................................................................................ 174
vm-clone ........................................................................................................ 175
vm-compute-maximum-memory ...................................................................... 175
vm-copy ......................................................................................................... 175
vm-crashdump-list .......................................................................................... 175
vm-data-source-list ......................................................................................... 176
vm-data-source-record .................................................................................... 176
vm-data-source-forget ..................................................................................... 176
vm-data-source-query ..................................................................................... 176
vm-destroy ..................................................................................................... 177
vm-disk-add .................................................................................................... 177
vm-disk-list ..................................................................................................... 177
vm-disk-remove .............................................................................................. 177
vm-export ....................................................................................................... 177
vm-import ...................................................................................................... 178
vm-install ........................................................................................................ 178
vm-memory-shadow-multiplier-set .................................................................. 179
vm-migrate ..................................................................................................... 179
vm-reboot ...................................................................................................... 179
xvi
vm-recover ..................................................................................................... 179
vm-reset-powerstate ....................................................................................... 179
vm-resume ..................................................................................................... 180
vm-shutdown ................................................................................................. 180
vm-start ......................................................................................................... 180
vm-suspend .................................................................................................... 180
vm-uninstall .................................................................................................... 181
vm-vcpu-hotplug ............................................................................................. 181
vm-vif-list ....................................................................................................... 181
Workload Balancing XE Commands .......................................................................... 181
pool-initialize-wlb ............................................................................................ 181
pool-param-set other-config ............................................................................ 181
pool-retrieve-wlb-diagnostics ........................................................................... 182
host-retrieve-wlb-evacuate-recommendations .................................................. 182
vm-retrieve-wlb-recommendations .................................................................. 182
pool-certificate-list .......................................................................................... 182
pool-certificate-install ...................................................................................... 182
pool-certificate-sync ........................................................................................ 182
pool-param-set ............................................................................................... 182
pool-deconfigure-wlb ...................................................................................... 183
pool-retrieve-wlb-configuration ....................................................................... 183
pool-retrieve-wlb-recommendations ............................................................... 183
pool-retrieve-wlb-report ................................................................................. 183
pool-send-wlb-configuration ........................................................................... 184
B. Workload Balancing Service Commands ................................................... 186
Service Commands ......................................................................................................... 186
Logging in to the Workload Balancing Virtual Appliance ............................................ 186
service workloadbalancing restart ............................................................................ 186
service workloadbalancing start ............................................................................... 186
service workloadbalancing stop ............................................................................... 186
service workloadbalancing status ............................................................................. 186
xvii
Modifying the Workload Balancing configuration options .......................................... 187
Editing the Workload Balancing configuration file ..................................................... 187
Increasing the Detail in the Workload Balancing Log ................................................. 188
xviii
Document Overview
This document is a system administrator's guide for Citrix XenServer®, the complete server virtualization platform
from Citrix®. It contains procedures to guide you through configuring a XenServer deployment. In particular, it
focuses on setting up storage, networking and resource pools, and how to administer XenServer hosts using the
xe command line interface.
This document covers the following topics:
• Managing users with Active Directory and Role Based Access Controls
• Creating resource pools and setting up High Availability
• Configuring and managing storage repositories
• Configuring virtual machine memory using Dynamic Memory Control
• Setting control domain memory on a XenServer host
• Configuring networking
• Recovering virtual machines using Disaster Recovery and backing up data
• Monitoring and managing XenServer
• Troubleshooting XenServer
• Using the XenServer xe command line interface
Introducing XenServer
Citrix XenServer® is the complete server virtualization platform from Citrix®. The XenServer package contains
all you need to create and manage a deployment of virtual x86 computers running on Xen®, the open-source
paravirtualizing hypervisor with near-native performance. XenServer is optimized for both Windows and Linux
virtual servers.
XenServer runs directly on server hardware without requiring an underlying operating system, which results in
an efficient and scalable system. XenServer works by abstracting elements from the physical machine (such as
hard drives, resources and ports) and allocating them to the virtual machines running on it.
A virtual machine (VM) is a computer composed entirely of software that can run its own operating system and
applications as if it were a physical computer. A VM behaves exactly like a physical computer and contains its own
virtual (software-based) CPU, RAM, hard disk and network interface card (NIC).
XenServer lets you create VMs, take VM disk snapshots and manage VM workloads. For a comprehensive list of
major XenServer features and editions, visit www.citrix.com/xenserver.
Benefits of Using XenServer
Using XenServer reduces costs by:
• Consolidating multiple VMs onto physical servers
• Reducing the number of separate disk images that need to be managed
• Allowing for easy integration with existing networking and storage infrastructures
Using XenServer increases flexibility by:
• Allowing you to schedule zero downtime maintenance by using XenMotion to live migrate VMs between
XenServer hosts
• Increasing availability of VMs by using High Availability to configure policies that restart VMs on another
XenServer host if one fails
1
• Increasing portability of VM images, as one VM image will work on a range of deployment infrastructures
Administering XenServer
There are two methods by which to administer XenServer: XenCenter and the XenServer Command-Line Interface
(CLI).
XenCenter is a graphical, Windows-based user interface. XenCenter allows you to manage XenServer hosts, pools
and shared storage, and to deploy, manage and monitor VMs from your Windows desktop machine.
The XenCenter Help is a great resource for getting started with XenCenter.
The XenServer Command-line Interface (CLI) allows you to administer XenServer using the Linux-based xe
commands.
For a comprehensive list of xe commands and descriptions, see the XenServer Administrator's Guide.
XenServer Editions
The features available in XenServer depend on the edition. The four editions of XenServer are:
• Citrix XenServer (Free): Proven virtualization platform that delivers uncompromised performance, scale, and
flexibility at no cost.
• Citrix XenServer Advanced Edition: Key high availability and advanced management tools that take virtual
infrastructure to the next level.
• Citrix XenServer Enterprise Edition: Essential integration and optimization capabilities for production
deployments of virtual machines.
• Citrix XenServer Platinum Edition: Advanced automation and cloud computing features for enterprise-wide
virtual environments.
For more information about how the XenServer edition affects the features available, visit www.citrix.com/
xenserver.
New Features in XenServer 6.0
XenServer 6.0 includes a number of new features and ongoing improvements, including:
Integrated Site Recovery (Disaster Recovery):
• Automated remote data replication between storage arrays with fast recovery and failback capabilities.
Integrated Site Recovery replaces StorageLink Gateway Site Recovery used in previous versions, removes the
Windows VM requirement, and works with any iSCSI or Hardware HBA storage repository.
Integrated StorageLink:
• Access to use existing storage array-based features such as data replication, de-duplication, snapshot and
cloning. Replaces the StorageLink Gateway technology used in previous editions and removes the requirement
to run a VM with the StorageLink components.
GPU Pass-Through:
• Enables a physical GPU to be assigned to a VM providing high-end graphics. Allows applications to leverage
GPU instructions in XenDesktop VDI deployments with HDX 3D Pro.
Virtual Appliance Support (vApp):
• Ability to create multi-VM and boot sequenced virtual appliances (vApps) that integrate with Integrated Site
Recovery and High Availability. vApps can be easily imported and exported using the Open Virtualization Format
(OVF) standard.
2
Rolling Pool Upgrade Wizard:
• Simplify upgrades (automated or semi-automated) to XenServer 6.0 with a wizard that performs pre-checks
with a step-by-step process that blocks unsupported upgrades.
Microsoft SCVMM and SCOM Support:
• Manage XenServer hosts and VMs with System Center Virtual Machine Manager (SCVMM) 2012. System Center
Operations Manager (SCOM) 2012 will also be able to manage and monitor XenServer hosts and VMs. System
Center integration is available with a special supplemental pack from Citrix. For more information refer to
Microsoft System Center Virtual Machine Manager 2012.
Distributed Virtual Switch Improvements:
• New fail safe mode allows Cross-Server Private Networks, ACLs, QoS, RSPAN and NetFlow settings to continue
to be applied to a running VM in the event of vSwitch Controller failure.
Increased Performance and Scale:
• Supported limits have been increased to 1 TB memory for XenServer hosts, and up to16 virtual processors and
128 GB virtual memory for VMs. Improved XenServer Tools with smaller footprint.
Networking Improvements:
• Open vSwitch is now the default networking stack in XenServer 6.0 and now provides formal support for ActiveBackup NIC bonding.
VM Import and Export Improvements:
• Full support for VM disk and OVF appliance imports directly from XenCenter with the ability to change VM
parameters (virtual processor, virtual memory, virtual interfaces, and target storage repository) with the Import
wizard. Full OVF import support for XenServer, XenConvert and VMware.
SR-IOV Improvements:
• Improved scalability and certification with the SR-IOV Test Kit. Experimental SR-IOV with XenMotion support
with Solarflare SR-IOV adapters.
Simplified Installer:
• Host installations only require a single ISO.
Enhanced Guest OS Support:
• Support for Ubuntu 10.04 (32/64-bit).
• Updated support for Debian Squeeze 6.0 64-bit, Oracle Enterprise Linux 6.0 (32/64-bit), and SLES 10 SP4 (32/64bit).
• Experimental VM templates for CentOS 6.0 (32/64-bit) Ubuntu 10.10 (32/64-bit) and Solaris 10.
Workload Balancing Improvements:
• New, ready-to-use Linux-based virtual appliance with a smaller footprint replaces the Windows-based virtual
appliance and eliminates the Windows licensing dependency.
XenDesktop Enhancements:
• HDX enhancements for optimized user experience with virtual desktops, GPU Pass-Through, and increased VM
and XenServer host limits.
3
VM Protection and Recovery:
• Now available for Advanced, Enterprise and Platinum Edition customers.
NFS Support for High Availability:
• HA Heartbeat disk can now reside on a NFS storage repository.
XenCenter Improvements:
• XenCenter operations now run in parallel, and XenCenter will be available in Japanese and Simplified Chinese
(ETA Q4 2011).
Host Architectural Improvements:
• XenServer 6.0 now runs on the Xen 4.1 hypervisor, provides GPT support and a smaller, more scalable Dom0.
XenServer Documentation
XenServer documentation shipped with this release includes:
• Release Notes cover known issues that affect this release.
• XenServer Quick Start Guide provides an introduction for new users to the XenServer environment and
components. This guide steps through the installation and configuration essentials to get XenServer and the
XenCenter management console up and running quickly. After installation, it demonstrates how to create a
Windows VM, VM template and pool of XenServer hosts. It introduces basic administrative tasks and advanced
features, such as shared storage, VM snapshots and XenMotion live migration.
• XenServer Installation Guide steps through the installation, configuration and initial operation of XenServer
and the XenCenter management console.
• XenServer Virtual Machine Installation Guide describes how to install Windows and Linux VMs within a
XenServer environment. This guide explains how to create new VMs from installation media, from VM
templates included in the XenServer package and from existing physical machines (P2V). It explains how to
import disk images and how to import and export appliances.
• XenServer Administrator's Guide gives an in-depth description of the tasks involved in configuring a XenServer
deployment, including setting up storage, networking and pools. It describes how to administer XenServer
using the xe Command Line Interface.
• vSwitch Controller User Guide is a comprehensive user guide to the vSwitch and Controller for XenServer.
• Supplemental Packs and the DDK introduces the XenServer Driver Development Kit, which can be used to
modify and extend the functionality of XenServer.
• XenServer Software Development Kit Guide presents an overview of the XenServer SDK. It includes code
samples that demonstrate how to write applications that interface with XenServer hosts.
• XenAPI Specification is a reference guide for programmers to the XenServer API.
For additional resources, visit the Citrix Knowledge Center.
4
Managing Users
Defining users, groups, roles and permissions allows you to control who has access to your XenServer hosts and
pools and what actions they can perform.
When you first install XenServer, a user account is added to XenServer automatically. This account is the local
super user (LSU), or root, which is authenticated locally by the XenServer computer.
The local super user (LSU), or root, is a special user account used for system administration and has all rights or
permissions. In XenServer, the local super user is the default account at installation. The LSU is authenticated
by XenServer and not an external authentication service. This means that if the external authentication service
fails, the LSU can still log in and manage the system. The LSU can always access the XenServer physical server
through SSH.
You can create additional users by adding their Active Directory accounts through either the XenCenter's Users
tab or the CLI. All editions of XenServer can add user accounts from Active Directory. However, only XenServer
Enterprise and Platinum editions let you assign these Active Directory accounts different levels of permissions
(through the Role Based Access Control (RBAC) feature). If you do not use Active Directory in your environment,
you are limited to the LSU account.
The permissions assigned to users when you first add their accounts varies according to your version of XenServer:
• In the XenServer and XenServer Advanced edition, when you create (add) new users, XenServer automatically
grants the accounts access to all features available in that version.
• In the XenServer Enterprise and Platinum editions, when you create new users, XenServer does not assign
newly created user accounts roles automatically. As a result, these accounts do not have any access to the
XenServer pool until you assign them a role.
If you do not have one of these editions, you can add users from Active Directory. However, all users will have
the Pool Administrator role.
These permissions are granted through roles, as discussed in the section called “Authenticating Users With Active
Directory (AD)”.
Authenticating Users With Active Directory (AD)
If you want to have multiple user accounts on a server or a pool, you must use Active Directory user accounts for
authentication. This lets XenServer users log in to a pool's XenServers using their Windows domain credentials.
The only way you can configure varying levels of access for specific users is by enabling Active Directory
authentication, adding user accounts, and assign roles to those accounts.
Active Directory users can use the xe CLI (passing appropriate -u and -pw arguments) and also connect to the
host using XenCenter. Authentication is done on a per-resource pool basis.
Access is controlled by the use of subjects. A subject in XenServer maps to an entity on your directory server
(either a user or a group). When external authentication is enabled, the credentials used to create a session are
first checked against the local root credentials (in case your directory server is unavailable) and then against the
subject list. To permit access, you must create a subject entry for the person or group you wish to grant access
to. This can be done using XenCenter or the xe CLI.
If you are familiar with XenCenter, note that the XenServer CLI uses slightly different terminology to refer to Active
Directory and user account features:
XenCenter Term XenServer CLI Term
Users Subjects
Add users Add subjects
5
Understanding Active Directory Authentication in the XenServer Environment
Even though XenServers are Linux-based, XenServer lets you use Active Directory accounts for XenServer user
accounts. To do so, it passes Active Directory credentials to the Active Directory domain controller.
When added to XenServer, Active Directory users and groups become XenServer subjects, generally referred to
as simply users in XenCenter. When a subject is registered with XenServer, users/groups are authenticated with
Active Directory on login and do not need to qualify their user name with a domain name.
Note:
By default, if you did not qualify the user name (for example, enter either mydomain\myuser
or myser@mydomain.com), XenCenter always attempts to log users in to Active Directory
authentication servers using the domain to which it is currently joined. The exception to this
is the LSU account, which XenCenter always authenticates locally (that is, on the XenServer)
first.
The external authentication process works as follows:
1. The credentials supplied when connecting to a server are passed to the Active Directory domain controller
for authentication.
2. The domain controller checks the credentials. If they are invalid, the authentication fails immediately.
3. If the credentials are valid, the Active Directory controller is queried to get the subject identifier and group
membership associated with the credentials.
4. If the subject identifier matches the one stored in the XenServer, the authentication is completed successfully.
When you join a domain, you enable Active Directory authentication for the pool. However, when a pool is joined
to a domain, only users in that domain (or a domain with which it has trust relationships) can connect to the pool.
Note:
Manually updating the DNS configuration of a DHCP-configured network PIF is unsupported
and might cause Active Directory integration, and consequently user authentication, to fail
or stop working.
Upgrading XenServer
When you upgrade from an earlier version of XenServer, any user accounts created in the previous XenServer
version are assigned the role of pool-admin. This is done for backwards compatibility reasons. As a result, if you
are upgrading from a previous version of XenServer, make sure you revisit the role associated with each user
account to make sure it is still appropriate.
Configuring Active Directory Authentication
XenServer supports use of Active Directory servers using Windows 2003 or later.
Active Directory authentication for a XenServer host requires that the same DNS servers are used for both the
Active Directory server (configured to allow for interoperability) and the XenServer host. In some configurations,
the active directory server may provide the DNS itself. This can be achieved either using DHCP to provide the
IP address and a list of DNS servers to the XenServer host, or by setting values in the PIF objects or using the
installer if a manual static configuration is used.
Citrix recommends enabling DHCP to broadcast host names. In particular, the host names localhost or linux
should not be assigned to hosts.
Warning:
XenServer hostnames should be unique throughout the XenServer deployment.
6
Note the following:
• XenServer labels its AD entry on the AD database using its hostname. Therefore, if two XenServer hosts have
the same hostname and are joined to the same AD domain, the second XenServer will overwrite the AD entry
of the first XenServer, regardless of if they are in the same or in different pools, causing the AD authentication
on the first XenServer to stop working.
It is possible to use the same hostname in two XenServer hosts, as long as they join different AD domains.
• The XenServer hosts can be in different time-zones, as it is the UTC time that is compared. To ensure
synchronization is correct, you may choose to use the same NTP servers for your XenServer pool and the Active
Directory server.
• Mixed-authentication pools are not supported (that is, you cannot have a pool where some servers in the pool
are configured to use Active Directory and some are not).
• The XenServer Active Directory integration uses the Kerberos protocol to communicate with the Active
Directory servers. Consequently, XenServer does not support communicating with Active Directory servers that
do not utilize Kerberos.
• For external authentication using Active Directory to be successful, it is important that the clocks on your
XenServer hosts are synchronized with those on your Active Directory server. When XenServer joins the Active
Directory domain, this will be checked and authentication will fail if there is too much skew between the
servers.
Warning:
Host names must consist solely of no more than 63 alphanumeric characters, and must not
be purely numeric.
Once you have Active Directory authentication enabled, if you subsequently add a server to that pool, you are
prompted to configure Active Directory on the server joining the pool. When you are prompted for credentials
on the joining server, enter Active Directory credentials with sufficient privileges to add servers to that domain.
Active Directory integration
Make sure that the following firewall ports are open for outbound traffic in order for XenServer to access the
domain controllers.
Port Protocol Use
53 UDP/TCP DNS
88 UDP/TCP Kerberos 5
123 UDP NTP
137 UDP NetBIOS Name Service
139 TCP NetBIOS Session (SMB)
389 UDP/TCP LDAP
445 TCP SMB over TCP
464 UDP/TCP Machine password changes
3268 TCP Global Catalog Search
Note:
To view the firewall rules on a Linux computer using iptables, run the following command:
iptables - nL
7
Note:
XenServer uses Likewise (Likewise uses Kerberos) to authenticate the AD user in the AD server,
and to encrypt communications with the AD server.
How does XenServer manage the machine account password for AD integration?
Similarly to Windows client machines, Likewise automatically updates the machine account password, renewing
it once every 30 days, or as specified in the machine account password renewal policy in the AD server. For more
information, refer to http://support.microsoft.com/kb/154501.
Enabling external authentication on a pool
• External authentication using Active Directory can be configured using either XenCenter or the CLI using the
command below.
xe pool-enable-external-auth auth-type=AD \
service-name=<full-qualified-domain> \
config:user=<username> \
config:pass=<password>
The user specified needs to have Add/remove computer objects or workstations privileges,
which is the default for domain administrators.
Note:
If you are not using DHCP on the network used by Active Directory and your XenServer hosts,
use you can use these two approaches to setup your DNS:
1. Set up your domain DNS suffix search order for resolving non-FQDNs:
xe pif-param-set uuid=<pif-uuid_in_the_dns_subnetwork> \
“other-config:domain=suffix1.com suffix2.com suffix3.com”
2. Configure the DNS server to use on your XenServer hosts:
xe pif-reconfigure-ip mode=static dns=<dnshost>
3. Manually set the primary management interface to use a PIF that is on the same network
as your DNS server:
xe host-management-reconfigure pif-uuid=<pif_in_the_dns_subnetwork>
Note:
External authentication is a per-host property. However, Citrix advises that you enable and
disable this on a per-pool basis – in this case XenServer will deal with any failures that occur
when enabling authentication on a particular host and perform any roll-back of changes that
may be required, ensuring that a consistent configuration is used across the pool. Use the
host-param-list command to inspect properties of a host and to determine the status of
external authentication by checking the values of the relevant fields.
Disabling external authentication
• Use XenCenter to disable Active Directory authentication, or the following xe command:
xe pool-disable-external-auth
User Authentication
To allow a user access to your XenServer host, you must add a subject for that user or a group that they are in.
(Transitive group memberships are also checked in the normal way, for example: adding a subject for group A,
where group A contains group B and user 1 is a member of group B would permit access to user 1.) If
8
you wish to manage user permissions in Active Directory, you could create a single group that you then add and
remove users to/from; alternatively, you can add and remove individual users from XenServer, or a combination
of users and groups as your would be appropriate for your authentication requirements. The subject list can be
managed from XenCenter or using the CLI as described below.
When authenticating a user, the credentials are first checked against the local root account, allowing you to
recover a system whose AD server has failed. If the credentials (i.e. username then password) do not match/
authenticate, then an authentication request is made to the AD server – if this is successful the user's information
will be retrieved and validated against the local subject list, otherwise access will be denied. Validation against the
subject list will succeed if the user or a group in the transitive group membership of the user is in the subject list.
Note:
When using Active Directory groups to grant access for Pool Administrator users who will
require host ssh access, the number of users in the Active Directory group must not exceed
500.
Allowing a user access to XenServer using the CLI
• To add an AD subject to XenServer:
xe subject-add subject-name=<entity name>
The entity name should be the name of the user or group to which you want to grant access. You may
optionally include the domain of the entity (for example, '<xendt\user1>' as opposed to '<user1>') although
the behavior will be the same unless disambiguation is required.
Removing access for a user using the CLI
1. Identify the subject identifier for the subject t you wish to revoke access. This would be the user or the group
containing the user (removing a group would remove access to all users in that group, providing they are
not also specified in the subject list). You can do this using the subject list command:
xe subject-list
You may wish to apply a filter to the list, for example to get the subject identifier for a user named user1
in the testad domain, you could use the following command:
xe subject-list other-config:subject-name='<domain\user>'
2. Remove the user using the subject-remove command, passing in the subject identifier you learned in the
previous step:
xe subject-remove subject-uuid=<subject-uuid>
3. You may wish to terminate any current session this user has already authenticated. See Terminating all
authenticated sessions using xe and Terminating individual user sessions using xe for more information about
terminating sessions. If you do not terminate sessions the users whose permissions have been revoked may
be able to continue to access the system until they log out.
Listing subjects with access
• To identify the list of users and groups with permission to access your XenServer host or pool, use the
following command:
xe subject-list
Removing Access for a User
Once a user is authenticated, they will have access to the server until they end their session, or another user
terminates their session. Removing a user from the subject list, or removing them from a group that is in the
subject list, will not automatically revoke any already-authenticated sessions that the user has; this means that
9
they may be able to continue to access the pool using XenCenter or other API sessions that they have already
created. In order to terminate these sessions forcefully, XenCenter and the CLI provide facilities to terminate
individual sessions, or all currently active sessions. See the XenCenter help for more information on procedures
using XenCenter, or below for procedures using the CLI.
Terminating all authenticated sessions using xe
• Execute the following CLI command:
xe session-subject-identifier-logout-all
Terminating individual user sessions using xe
1. Determine the subject identifier whose session you wish to log out. Use either the session-subjectidentifier-list or subject-list xe commands to find this (the first shows users who have sessions, the second
shows all users but can be filtered, for example, using a command like xe subject-list other-config:subjectname=xendt\\user1 – depending on your shell you may need a double-backslash as shown).
2. Use the session-subject-logout command, passing the subject identifier you have determined in the
previous step as a parameter, for example:
xe session-subject-identifier-logout subject-identifier=<subject-id>
Leaving an AD Domain
Warning:
When you leave the domain (that is, disable Active Directory authentication and disconnect
a pool or server from its domain), any users who authenticated to the pool or server with
Active Directory credentials are disconnected.
Use XenCenter to leave an AD domain. See the XenCenter help for more information. Alternately run the pool-
disable-external-auth command, specifying the pool uuid if required.
Note:
Leaving the domain will not cause the host objects to be removed from the AD database. See
this knowledge base article for more information about this and how to remove the disabled
host entries.
Role Based Access Control
Note:
The full RBAC feature is only available in Citrix XenServer Enterprise Edition or higher. To
learn more about upgrading XenServer, click here.
XenServer's Role Based Access Control (RBAC) allows you to assign users, roles, and permissions to control who
has access to your XenServer and what actions they can perform. The XenServer RBAC system maps a user
(or a group of users) to defined roles (a named set of permissions), which in turn have associated XenServer
permissions (the ability to perform certain operations).
As users are not assigned permissions directly, but acquire them through their assigned role, management of
individual user permissions becomes a matter of simply assigning the user to the appropriate role; this simplifies
common operations. XenServer maintains a list of authorized users and their roles.
RBAC allows you to easily restrict which operations different groups of users can perform- thus reducing the
probability of an accident by an inexperienced user.
To facilitate compliance and auditing, RBAC also provides an Audit Log feature and its corresponding Workload
Balancing Pool Audit Trail report.
10
RBAC depends on Active Directory for authentication services. Specifically, XenServer keeps a list of authorized
users based on Active Directory user and group accounts. As a result, you must join the pool to the domain and
add Active Directory accounts before you can assign roles.
The local super user (LSU), or root, is a special user account used for system administration and has all rights or
permissions. In XenServer, the local super user is the default account at installation. The LSU is authenticated via
XenServer and not external authentication service, so if the external authentication service fails, the LSU can still
log in and manage the system. The LSU can always access the XenServer physical host via SSH.
RBAC process
This is the standard process for implementing RBAC and assigning a user or group a role:
1. Join the domain. See Enabling external authentication on a pool
2. Add an Active Directory user or group to the pool. This becomes a subject. See the section called “To Add a
Subject to RBAC”.
3. Assign (or modify) the subject's RBAC role. See the section called “To Assign an RBAC Role to a Created subject”.
Roles
XenServer is shipped with the following six, pre-established roles:
• Pool Administrator (Pool Admin) – the same as being the local root. Can perform all operations.
Note:
The local super user (root) will always have the "Pool Admin" role. The Pool Admin role has
the same permissions as the local root.
• Pool Operator (Pool Operator) – can do everything apart from adding/removing users and modifying their
roles. This role is focused mainly on host and pool management (i.e. creating storage, making pools, managing
the hosts etc.)
• Virtual Machine Power Administrator (VM Power Admin) – creates and manages Virtual Machines. This role is
focused on provisioning VMs for use by a VM operator.
• Virtual Machine Administrator (VM Admin) – similar to a VM Power Admin, but cannot migrate VMs or perform
snapshots.
• Virtual Machine Operator (VM Operator) – similar to VM Admin, but cannot create/destroy VMs – but can
perform start/stop lifecycle operations.
• Read-only (Read Only) – can view resource pool and performance data.
11
Note:
You cannot add, remove or modify roles in this version of XenServer.
Warning:
You can not assign the role of pool-admin to an AD group which has more than 500 members,
if you want users of the AD group to have SSH access.
For a summary of the permissions available for each role and more detailed information on the operations
available for each permission, see the section called “Definitions of RBAC Roles and Permissions”.
All XenServer users need to be allocated to an appropriate role. By default, all new users will be allocated to the
Pool Administrator role. It is possible for a user to be assigned to multiple roles; in that scenario, the user will
have the union of all the permissions of all their assigned roles.
A user's role can be changed in two ways:
1. Modify the subject -> role mapping (this requires the assign/modify role permission, only available to a Pool
Administrator.)
2. Modify the user's containing group membership in Active Directory.
Definitions of RBAC Roles and Permissions
The following table summarizes which permissions are available for each role. For details on the operations
available for each permission, see Definitions of permissions.
Table 1. Permissions available for each role
Role
permissions
Assign/
modify roles
Log in to
(physical)
server
consoles
(through SSH
and
XenCenter)
Server
backup/
restore
Import/
export OVF/
OVA
packages and
disk images
Pool Admin Pool
Operator
X
X
X
X
VM Power
Admin
VM Admin VM Operator Read Only
Log out
active user
connections
Create and
dismiss alerts
X X
X X
12
Loading...