[ovirt-devel] Re: ovirt-imageio fails tests on CentOS Stream 9 / qemu-6.1.0

[Sandro Bonazzola]

Il giorno gio 9 set 2021 alle ore 16:22 Michal Skrivanek <
michal.skriva...@redhat.com> ha scritto:

>
>
> > On 9. 9. 2021, at 11:47, Vojtech Juranek  wrote:
> >
> > On Wednesday, 8 September 2021 16:19:39 CEST Sandro Bonazzola wrote:
> >> Hi,
> >> running ovirt-imageio check-patch on CentOS Stream 9 fails.
> >
> > do we have some CentOS Stream 9 images somewhere which I can use?
>
> not yet.
> I guess we should be adding it to OST at some point, rather sooner than
> later.
> volunteers welcomed;)
>

If for "image" you intend...

ISO:
https://composes.stream.centos.org/production/latest-CentOS-Stream/compose/BaseOS/x86_64/iso/
container: quay.io/centos/centos:stream9-development
image on glance.ovirt.org: CentOS Stream 9 Generic Cloud Image v20210803.0
for x86_64 (0ee4ad3)

:-)



>
> >
> >> Is anyone around from the storage team who can have a look?
> >>
> https://jenkins.ovirt.org/job/ovirt-imageio_standard-check-patch/3974//artif
> >> act/check-patch.el9stream.x86_64/mock_logs/script/stdout_stderr.log
> >>
> >> Thanks,
> >
> > ___
> > Devel mailing list -- devel@ovirt.org
> > To unsubscribe send an email to devel-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> https://lists.ovirt.org/archives/list/devel@ovirt.org/message/FU5UZT3KA2TESXI3RT2RPBSKG5RJGDWL/
> ___
> Devel mailing list -- devel@ovirt.org
> To unsubscribe send an email to devel-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/devel@ovirt.org/message/ZQKYWQRBNECSSBU3ENVRDVBQAVJPBV4S/
>


-- 

Sandro Bonazzola

MANAGER, SOFTWARE ENGINEERING, EMEA R RHV

Red Hat EMEA 

sbona...@redhat.com


*Red Hat respects your work life balance. Therefore there is no need to
answer this email out of your office hours.*
___
Devel mailing list -- devel@ovirt.org
To unsubscribe send an email to devel-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/devel@ovirt.org/message/OZJVSDZR4P445SUU7OZ74PIDQ436PBVR/

[ovirt-devel] Re: noVNC not working when FIPS is enabled

[Michal Skrivanek]

> On 8. 9. 2021, at 20:48, Milan Zamazal  wrote:
> 
> Hi,
> 
> we had to disable VNC OST test some time ago because it started failing.
> I looked at why it fails and the reason provided by
> ovirt-websocket-proxy is
> 
>  do_vencrypt_handshake:187 Server supports the following subtypes: 263

263 is VNC_AUTH_VENCRYPT_X509SASL
because with fips we change libvirt configuration to SASL? 

>  Server does not support X509VNC. OvirtProxy only supports X509VNC
> 
> This happens only when FIPS is enabled and is reproducible outside OST.
> The only thing that seems to have influence on whether it works or not
> is the value of `fips' kernel command line parameter -- when it's
> changed to fips=0 then noVNC console works without any other changes.
> 
> So it looks like some change in QEMU.  I'm not an expert in this area
> and don't know what those protocols are about, why the proxy supports
> only X509VNC and why the mismatch in expectations on both the ends
> happens when FIPS is enabled.  Can anybody help clarify it and provide
> an idea how to resolve the problem?
> 
> Thanks,
> Milan
> ___
> Devel mailing list -- devel@ovirt.org
> To unsubscribe send an email to devel-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/devel@ovirt.org/message/S6MCLJV2QMQ3YLJDUUBT3AZVEADXJ6GK/
___
Devel mailing list -- devel@ovirt.org
To unsubscribe send an email to devel-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/devel@ovirt.org/message/D4VH66AQU4EIJBTLBULDCW6DGDUKEWJK/

[ovirt-devel] Re: ovirt-imageio fails tests on CentOS Stream 9 / qemu-6.1.0

[Michal Skrivanek]

> On 9. 9. 2021, at 11:47, Vojtech Juranek  wrote:
> 
> On Wednesday, 8 September 2021 16:19:39 CEST Sandro Bonazzola wrote:
>> Hi,
>> running ovirt-imageio check-patch on CentOS Stream 9 fails.
> 
> do we have some CentOS Stream 9 images somewhere which I can use?

not yet.
I guess we should be adding it to OST at some point, rather sooner than later.
volunteers welcomed;)

> 
>> Is anyone around from the storage team who can have a look?
>> https://jenkins.ovirt.org/job/ovirt-imageio_standard-check-patch/3974//artif
>> act/check-patch.el9stream.x86_64/mock_logs/script/stdout_stderr.log
>> 
>> Thanks,
> 
> ___
> Devel mailing list -- devel@ovirt.org
> To unsubscribe send an email to devel-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/devel@ovirt.org/message/FU5UZT3KA2TESXI3RT2RPBSKG5RJGDWL/
___
Devel mailing list -- devel@ovirt.org
To unsubscribe send an email to devel-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/devel@ovirt.org/message/ZQKYWQRBNECSSBU3ENVRDVBQAVJPBV4S/

[ovirt-devel] Re: ovirt-engine-extension-aaa-ldap broken, if using CNAME for LDAP server DNS

[Yedidyah Bar David]

On Wed, Sep 8, 2021 at 2:36 AM Erdősi Péter 
wrote:

> Hello!
>
> We're started the upgrade one of our oVirt clusters to the recent 4.4
> minor version (4.4.8.5-1.el8) and we found a bug in the recent change of
> the aaa-ldap plugin.
> This bug came along after the IPv4/IPv6 selection introduced in
> ovirt-engine-extension-aaa-ldap 1.4.4
>
> We've dig down in the rabbit hole, and it looks like, our DNS solution is
> just not compatible with the plugin after this commit:
> https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/commit/4c0f2e72df88ce653ce552057554465fb901820f
>
> I don't know, how the industry actually use CNAME records, but we have a
> rule, that we use independet DNS names for services, and machines itself.
> This become handy, when you migrate/upgrade services, like LDAP to another
> machine, and I think, this should be supported.
>
> Our LDAP server service domain is actually ldap-master.niif.hu and
> ldap.niif.hu, but in real, there are two servers, which actually have
> their own FQDNs.
>
> The actual DNS structure:
>
> host -t CNAME ldap-master.niif.hu
> ldap-master.niif.hu is an alias for elm.niif.hu.
>
> host -t CNAME ldap.niif.hu
> ldap.niif.hu is an alias for holly.ldap.einfra.hu.
>
> host elm.niif.hu
> elm.niif.hu has address 193.225.14.175
> elm.niif.hu has IPv6 address 2001:738:0:701::3
>
> host holly.ldap.einfra.hu
> holly.ldap.einfra.hu has address 193.224.92.6
> holly.ldap.einfra.hu has IPv6 address 2001:738:0:431::6
>
> The commit above (as far as I understand) only tries to resolve A and 
> records in DNS, and drop the connection if it not found. Of course, the
> certificate only have ldap-master and ldap.niif.hu in it, so using holly
> end elm does not solve the problem (also, if the service will be migrated,
> the service domain will be kept, but not the machine's FQDN, since we
> cannot afford to shut down one of our LDAP server for a migration windows.
>
> We've tried to downgrade the package to 1.4.3, which is works fine.
>
> The actual error looks like this (engine.log)
>
> 2021-09-07 15:53:09,833+02 WARN
> [org.ovirt.engine.extension.aaa.ldap.AuthnExtension] (default task-1) []
> [ovirt-engine-extension-aaa-ldap.authn::NIIFLdap-authn] Cannot initialize
> LDAP framework, deferring initialization. Error: An error occurred while
> attempting to connect to server ldap-master.niif.hu:636:
> IOException(LDAPException(resultCode=91 (connect error), errorMessage='An
> error occurred while attempting to establish a connection to server
> ldap-master.niif.hu/193.225.14.175:636:  UnknownHostException(
> ldap-master.niif.hu), ldapSDKVersion=4.0.14,
> revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))
> 2021-09-07 15:53:09,833+02 ERROR
> [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default
> task-1) [] Internal Server Error: An error occurred while attempting to
> connect to server ldap-master.niif.hu:636:
> IOException(LDAPException(resultCode=91 (connect error), errorMessage='An
> error occurred while attempting to establish a connection to server
> ldap-master.niif.hu/193.225.14.175:636:  UnknownHostException(
> ldap-master.niif.hu), ldapSDKVersion=4.0.14,
> revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))
> 2021-09-07 15:53:09,833+02 ERROR
> [org.ovirt.engine.core.sso.service.SsoService] (default task-1) [] An error
> occurred while attempting to connect to server ldap-master.niif.hu:636:
> IOException(LDAPException(resultCode=91 (connect error), errorMessage='An
> error occurred while attempting to establish a connection to server
> ldap-master.niif.hu/193.225.14.175:636:  UnknownHostException(
> ldap-master.niif.hu), ldapSDKVersion=4.0.14,
> revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))
> 2021-09-07 15:53:09,854+02 ERROR
> [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-1) []
> server_error: An error occurred while attempting to connect to server
> ldap-master.niif.hu:636:  IOException(LDAPException(resultCode=91
> (connect error), errorMessage='An error occurred while attempting to
> establish a connection to server ldap-master.niif.hu/193.225.14.175:636:
> UnknownHostException(ldap-master.niif.hu), ldapSDKVersion=4.0.14,
> revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))
>
> As we tried to run the setup tool, that is also looks broken (after that,
> we've copied the required files to /etc/ovirt-engine/aaa and
> /etc/ovirt-engine/extensions.d/ from other, working hosted engine) so we've
> tested the plugin itself, and the setup too, but no luck.
>
> I think, this (CNAME in DNS) should be working with the plugin.
>
> Could you please investigate this issue? (we're here to help test the
> repaired version/patch, if needed, but not feel the knowledge to create the
> patch ourself)
>

>From very casual skimming of the patch, it seems to me like you should be
able to restore the previous behavior by setting in your conf file
'pool.default.socketfactory.resolver.detectIPVersion = false'. Can you
please try that?

[ovirt-devel] Re: self hosted engine installation stucks in "run engine-setup with answerfile"

[Yedidyah Bar David]

Hi,

On Thu, Sep 9, 2021 at 11:48 AM  wrote:

> Hi, I'm building ovirt-engine and ovirt-engine-appliance rpm on CentOS8.
>

Perhaps explain what you are trying to do that is different from what oVirt
does?


> But when I install ovirt using "hosted-engine --deploy" command using
> local repository that contains the rpms,
> the installation always stucks in "run engine-setup with answerfile".
>
> So I checked engine-setup log in /var/log/ovirt-engine/setup of
> HostedEngineLocal VM, the error log is as follow.
> I've been trying to solve this problem for a long time, but i'm just not
> sure what the problem is.
>
> ---
> 2021-09-08 14:44:23,841+0900 DEBUG otopi.plugins.otopi.dialog.human
> human.queryString:159 query OVESETUP_ENGINE_DB_PASSWORD
> 2021-09-08 14:44:23,842+0900 DEBUG otopi.plugins.otopi.dialog.human
> dialog.__logString:204 DIALOG:SEND Engine database password:
>

This is a prompt for the "engine database password". It should not normally
appear in the log. By default, we use automatic DB provisioning and so
generate a random password (and do not prompt for one). Perhaps compare
your answer file with the one in the standard appliance?

Best regards,
-- 
Didi
___
Devel mailing list -- devel@ovirt.org
To unsubscribe send an email to devel-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/devel@ovirt.org/message/TTASKFS2ZWU7EZOVBFVYAUXJKCU3KUZJ/

[ovirt-devel] Re: ovirt-imageio fails tests on CentOS Stream 9 / qemu-6.1.0

[Nir Soffer]

On Wed, Sep 8, 2021 at 5:20 PM Sandro Bonazzola  wrote:
>
> Hi,
> running ovirt-imageio check-patch on CentOS Stream 9 fails.
> Is anyone around from the storage team who can have a look?
> https://jenkins.ovirt.org/job/ovirt-imageio_standard-check-patch/3974//artifact/check-patch.el9stream.x86_64/mock_logs/script/stdout_stderr.log

I checked the failures, the first is a wrong check that should be
removed, the second
is testing for tls 1.1 support that we should really remove at this point.

Nir

> Thanks,
> --
>
> Sandro Bonazzola
>
> MANAGER, SOFTWARE ENGINEERING, EMEA R RHV
>
> Red Hat EMEA
>
> sbona...@redhat.com
>
> Red Hat respects your work life balance. Therefore there is no need to answer 
> this email out of your office hours.
>
>
> ___
> Devel mailing list -- devel@ovirt.org
> To unsubscribe send an email to devel-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/devel@ovirt.org/message/UL5H2CMHFHQIIPE56SC6VCFOQEO45AN5/
___
Devel mailing list -- devel@ovirt.org
To unsubscribe send an email to devel-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/devel@ovirt.org/message/ILPT7ZSMPR2FGHWNH4VGVVTQEXVNRXI6/

[ovirt-devel] Re: ovirt-imageio fails tests on CentOS Stream 9 / qemu-6.1.0

[Vojtech Juranek]

On Wednesday, 8 September 2021 16:19:39 CEST Sandro Bonazzola wrote:
> Hi,
> running ovirt-imageio check-patch on CentOS Stream 9 fails.

do we have some CentOS Stream 9 images somewhere which I can use?

> Is anyone around from the storage team who can have a look?
> https://jenkins.ovirt.org/job/ovirt-imageio_standard-check-patch/3974//artif
> act/check-patch.el9stream.x86_64/mock_logs/script/stdout_stderr.log
> 
> Thanks,



signature.asc
Description: This is a digitally signed message part.
___
Devel mailing list -- devel@ovirt.org
To unsubscribe send an email to devel-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/devel@ovirt.org/message/FU5UZT3KA2TESXI3RT2RPBSKG5RJGDWL/

[ovirt-devel] self hosted engine installation stucks in "run engine-setup with answerfile"

[parkyh0413]

Hi, I'm building ovirt-engine and ovirt-engine-appliance rpm on CentOS8.
But when I install ovirt using "hosted-engine --deploy" command using local 
repository that contains the rpms,
the installation always stucks in "run engine-setup with answerfile".

So I checked engine-setup log in /var/log/ovirt-engine/setup of 
HostedEngineLocal VM, the error log is as follow.
I've been trying to solve this problem for a long time, but i'm just not sure 
what the problem is.

---
2021-09-08 14:44:23,841+0900 DEBUG otopi.plugins.otopi.dialog.human 
human.queryString:159 query OVESETUP_ENGINE_DB_PASSWORD
2021-09-08 14:44:23,842+0900 DEBUG otopi.plugins.otopi.dialog.human 
dialog.__logString:204 DIALOG:SEND Engine database password:
2021-09-08 14:44:23,843+0900 DEBUG 
otopi.ovirt_engine_setup.engine_common.database database.getCredentials:1343 
dbenv: {'OVESETUP_DB/host': 'localhost', 'OVESETUP_DB/port': 5432, 
'OVESETUP_DB/secured': False, 'OVESETUP_DB/securedHostValidation': False, 
'OVESETUP_DB/database': 'engine', 'OVESETUP_DB/user': 'engine', 
'OVESETUP_DB/password': ''}
2021-09-08 14:44:23,845+0900 DEBUG 
otopi.ovirt_engine_setup.engine_common.database database.execute:234 Database: 
'None', Statement: '
select 1
', args: {}
2021-09-08 14:44:23,846+0900 DEBUG 
otopi.ovirt_engine_setup.engine_common.database database.execute:239 Creating 
own connection
2021-09-08 14:44:23,848+0900 DEBUG 
otopi.ovirt_engine_setup.engine_common.database database.tryDatabaseConnect:394 
Connection failed
Traceback (most recent call last):
  File 
"/usr/share/ovirt-engine/setup/ovirt_engine_setup/engine_common/database.py", 
line 390, in tryDatabaseConnect
transaction=False,
  File 
"/usr/share/ovirt-engine/setup/ovirt_engine_setup/engine_common/database.py", 
line 248, in execute
database=database,
  File 
"/usr/share/ovirt-engine/setup/ovirt_engine_setup/engine_common/database.py", 
line 181, in connect
sslmode=sslmode,
  File "/usr/lib64/python3.6/site-packages/psycopg2/__init__.py", line 130, in 
connect
conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
psycopg2.OperationalError: could not connect to server: Connection refused
Is the server running on host "localhost" (::1) and accepting
TCP/IP connections on port 5432?
could not connect to server: Connection refused
Is the server running on host "localhost" (127.0.0.1) and accepting
TCP/IP connections on port 5432?

2021-09-08 14:44:23,849+0900 ERROR 
otopi.ovirt_engine_setup.engine_common.database database.getCredentials:1361 
Cannot connect to Engine database: Cannot connect to database: could not 
connect to server: Connection refused
Is the server running on host "localhost" (::1) and accepting
TCP/IP connections on port 5432?
could not connect to server: Connection refused
Is the server running on host "localhost" (127.0.0.1) and accepting
TCP/IP connections on port 5432?
---

Regards,
parkyh0413
___
Devel mailing list -- devel@ovirt.org
To unsubscribe send an email to devel-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/devel@ovirt.org/message/5ZKPCGE5UF5FMSRO75CR322MO3K7J2CJ/