[ovirt-users] Re: Unable to log into Administration Portal

[Strahil]

Zachary,

The version lock is used by oVirt devs to prevent the system to update too far 
ahead of the oVirt level.
Don't remove that next time.

You should access the engine only by https://FQDN .IP should not be used.

If you have some kind of snapshot (for example gluster) - you can consider 
reverting.

Even consider restore from backup.

I'm pretty sure that almost every failiure is recorded somewhere there ... (I 
am still new to advise location).

Bet Regards,
Strahil Nikolov
On Jun 23, 2019 04:41, zachary.win...@witsconsult.com wrote:
>
> I suppose I just keep striking out on recent oVirt updates.  Today (22 June 
> 2019, all previous updates have been installed successfully) I saw that an 
> update was available for my Enterprise Linux Host (main oVirt engine, CentOS 
> 7 x64), and I attempted to update it.  The update failed, which had never 
> happened before.  I logged in via SSH and saw that the updates had been 
> halted due to "yum versionlock."  I cleared versionlock and proceeded with 
> the update, which appeared to work successfully.  I rebooted the system, 
> which came up a-ok.  However, I can no longer reach the Administration Portal 
> page.  The browser only hangs.  I see the following: 
>
> - type in the IP address to the server and get the https:// address>/ovirt-engine/sso/oauth/authorize page, which tells me: 
>
> "The FQDN used to access the system is not a valid engine FQDN. You must 
> access the system using the engine FQDN or one of the engine alternate FQDNs. 
> Click here to continue." 
>
> When I click the provided link, I get the same hanging behavior and it never 
> loads the login page. 
>
> - I was able to connect via Cockpit to https://:9090 and log in 
> successfully as root after SSH'ing in and restarting the engine.  There are 
> no major issues displayed, and I was able to create a Diagnostic Report.  
> Under Hostname > oVirt Machines, it will actually redirect me to the login 
> page at https://fqdn/ovirt-engine/sso/login.html.  The page will actually 
> load after the redirect, but when I enter my admin@internal credentials it 
> just hangs and spins. 
>
> When I return to "Virtual Machines" in Cockpit, I have 
> Host/Cluster/Templates/VDSM options, I see "oVirt login in progress" with a 
> continually spinning circle, never actually able to authenticate. 
>
>
> In /var/log/ovirt-engine/ui.log, I see: 
>
> 2019-06-22 19:08:02,533-04 ERROR 
> [org.ovirt.engine.ui.frontend.server.gwt.OvirtRemoteLoggingService] (default 
> task-4) [] Permutation name: C92E6928986552EDD0E1C99CDC0CC8AB 
> 2019-06-22 19:08:02,533-04 ERROR 
> [org.ovirt.engine.ui.frontend.server.gwt.OvirtRemoteLoggingService] (default 
> task-4) [] Uncaught exception: 
> com.google.gwt.core.client.JavaScriptException: (TypeError) : Cannot read 
> property 'kh' of null 
>     at 
> org.ovirt.engine.ui.uicommonweb.dataprovider.AsyncDataProvider.$lambda$4(AsyncDataProvider.java:387)
>  
>     at 
> org.ovirt.engine.ui.uicommonweb.dataprovider.AsyncDataProvider$lambda$4$Type.executed(AsyncDataProvider.java:387)
>  
>     at 
> org.ovirt.engine.ui.frontend.Frontend$2.$onFailure(Frontend.java:329) 
> [frontend.jar:] 
>     at 
> org.ovirt.engine.ui.frontend.Frontend$2.onFailure(Frontend.java:329) 
> [frontend.jar:] 
>     at 
> org.ovirt.engine.ui.frontend.communication.OperationProcessor$2.$onFailure(OperationProcessor.java:184)
>  [frontend.jar:] 
>     at 
> org.ovirt.engine.ui.frontend.communication.OperationProcessor$2.onFailure(OperationProcessor.java:184)
>  [frontend.jar:] 
>     at 
> org.ovirt.engine.ui.frontend.communication.GWTRPCCommunicationProvider.$handleMultipleQueriesFailure(GWTRPCCommunicationProvider.java:305)
>  [frontend.jar:] 
>     at 
> org.ovirt.engine.ui.frontend.communication.GWTRPCCommunicationProvider$5$1.onFailure(GWTRPCCommunicationProvider.java:263)
>  [frontend.jar:] 
>     at 
> com.google.gwt.user.client.rpc.impl.RequestCallbackAdapter.onResponseReceived(RequestCallbackAdapter.java:198)
>  [gwt-servlet.jar:] 
>     at 
> com.google.gwt.http.client.Request.$fireOnResponseReceived(Request.java:233) 
> [gwt-servlet.jar:] 
>     at 
> com.google.gwt.http.client.RequestBuilder$1.onReadyStateChange(RequestBuilder.java:409)
>  [gwt-servlet.jar:] 
>     at Unknown.eval(webadmin-0.js) 
>     at com.google.gwt.core.client.impl.Impl.apply(Impl.java:236) 
> [gwt-servlet.jar:] 
>     at com.google.gwt.cor
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/R5G27V32W5DOZGGDYPLTEHXNB6TWYSZL/

[ovirt-users] Re: Import VM from ovirt-exported ova

[Strahil]

When adding the iscsi domain - it complains about the name.
Do you have a  local (to the cluster) domain that could have the same name with 
the name of the iscsi storage domain ?

If tar fails to extract the archive - then the oVirt will also fail.
Can you export a new OVA and test it before trying to import ?

Best Regards,
Strahil NikolovOn Jun 22, 2019 23:26, David Paning  wrote:
>
> Ammending my post: 
> i tried to extract the ova file, but this fails like this: 
>
> # tar xvf VM0001.ova 
> vm.ovf 
> 3223a5b9-275f-4ecc-a221-795f675e667e 
> tar: Unexpected EOF in archive 
> tar: rmtlseek not stopped at a record boundary 
> tar: Error is not recoverable: exiting now 
>
> The result still is: 
> # ls -al 
> total 20064272 
> drwxr-xr-x.  2 vdsm kvm 4096 Jun 22 20:52 . 
> dr-xr-xr-x. 21 root root    4096 Jun 22 20:45 .. 
> -rw---.  1 root root 10272886272 Jun 22 20:52 
> 3223a5b9-275f-4ecc-a221-795f675e667e 
> -rw-r--r--.  1 vdsm kvm  10272899072 Jun 21 21:13 VM0001.ova 
> -rw-r--r--.  1 root root   11469 May 30 19:07 vm.ovf 
>
> Disk space is sufficient, with double the capacity of the uncompressed VM 
> size... 
>
> It starts to turn into a bit of a nightmare: 
> 1) Importing the VM from OVA fails like described above 
> 2) Attempting to import the "Export"-storage domain of the previous oVirt 
> 4.3.3.1 installation where i had exportet the VM to failed, as tthere is no 
> storage domain recognized 
> 3) Attempting to import the iSCSI-based "Data"-domain of that same previous 
> cluster fails, due to the folloing error: 
> "Error while executing action: Cannot add Storage. The Storage Domain name is 
> already in use." 
>
> The iSCSI-LUN is not connected to any other initiator. 
> The hosts which belonged to the former oVirt cluster are erased or offline... 
>
> As i still have all the sSCSI-LUNs, is there any option left to get hold of 
> that VirtualMachine? 
>
> It's not just this machine, but also wondering how to prepare for the next 
> time i have to migrate the cluster... 
>
> Any suggestion on how to proceed best is highly welcome ;-)
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/SGG3K3RH6GNJT2BIE7URVASXEGM3CFSU/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/AFIHBJFSNGB5Z4P62PDYOBSKSDK4LR6V/

[ovirt-users] Unable to log into Administration Portal

[zachary . winter]

I suppose I just keep striking out on recent oVirt updates.  Today (22 June 
2019, all previous updates have been installed successfully) I saw that an 
update was available for my Enterprise Linux Host (main oVirt engine, CentOS 7 
x64), and I attempted to update it.  The update failed, which had never 
happened before.  I logged in via SSH and saw that the updates had been halted 
due to "yum versionlock."  I cleared versionlock and proceeded with the update, 
which appeared to work successfully.  I rebooted the system, which came up 
a-ok.  However, I can no longer reach the Administration Portal page.  The 
browser only hangs.  I see the following:

- type in the IP address to the server and get the https:///ovirt-engine/sso/oauth/authorize page, which tells me:

"The FQDN used to access the system is not a valid engine FQDN. You must access 
the system using the engine FQDN or one of the engine alternate FQDNs.
Click here to continue."

When I click the provided link, I get the same hanging behavior and it never 
loads the login page.

- I was able to connect via Cockpit to https://:9090 and log in 
successfully as root after SSH'ing in and restarting the engine.  There are no 
major issues displayed, and I was able to create a Diagnostic Report.  Under 
Hostname > oVirt Machines, it will actually redirect me to the login page at 
https://fqdn/ovirt-engine/sso/login.html.  The page will actually load after 
the redirect, but when I enter my admin@internal credentials it just hangs and 
spins.

When I return to "Virtual Machines" in Cockpit, I have 
Host/Cluster/Templates/VDSM options, I see "oVirt login in progress" with a 
continually spinning circle, never actually able to authenticate.

 
In /var/log/ovirt-engine/ui.log, I see:

2019-06-22 19:08:02,533-04 ERROR 
[org.ovirt.engine.ui.frontend.server.gwt.OvirtRemoteLoggingService] (default 
task-4) [] Permutation name: C92E6928986552EDD0E1C99CDC0CC8AB
2019-06-22 19:08:02,533-04 ERROR 
[org.ovirt.engine.ui.frontend.server.gwt.OvirtRemoteLoggingService] (default 
task-4) [] Uncaught exception: com.google.gwt.core.client.JavaScriptException: 
(TypeError) : Cannot read property 'kh' of null
at 
org.ovirt.engine.ui.uicommonweb.dataprovider.AsyncDataProvider.$lambda$4(AsyncDataProvider.java:387)
at 
org.ovirt.engine.ui.uicommonweb.dataprovider.AsyncDataProvider$lambda$4$Type.executed(AsyncDataProvider.java:387)
at 
org.ovirt.engine.ui.frontend.Frontend$2.$onFailure(Frontend.java:329) 
[frontend.jar:]
at org.ovirt.engine.ui.frontend.Frontend$2.onFailure(Frontend.java:329) 
[frontend.jar:]
at 
org.ovirt.engine.ui.frontend.communication.OperationProcessor$2.$onFailure(OperationProcessor.java:184)
 [frontend.jar:]
at 
org.ovirt.engine.ui.frontend.communication.OperationProcessor$2.onFailure(OperationProcessor.java:184)
 [frontend.jar:]
at 
org.ovirt.engine.ui.frontend.communication.GWTRPCCommunicationProvider.$handleMultipleQueriesFailure(GWTRPCCommunicationProvider.java:305)
 [frontend.jar:]
at 
org.ovirt.engine.ui.frontend.communication.GWTRPCCommunicationProvider$5$1.onFailure(GWTRPCCommunicationProvider.java:263)
 [frontend.jar:]
at 
com.google.gwt.user.client.rpc.impl.RequestCallbackAdapter.onResponseReceived(RequestCallbackAdapter.java:198)
 [gwt-servlet.jar:]
at 
com.google.gwt.http.client.Request.$fireOnResponseReceived(Request.java:233) 
[gwt-servlet.jar:]
at 
com.google.gwt.http.client.RequestBuilder$1.onReadyStateChange(RequestBuilder.java:409)
 [gwt-servlet.jar:]
at Unknown.eval(webadmin-0.js)
at com.google.gwt.core.client.impl.Impl.apply(Impl.java:236) 
[gwt-servlet.jar:]
at com.google.gwt.core.client.impl.Impl.entry0(Impl.java:275) 
[gwt-servlet.jar:]
at Unknown.eval(webadmin-0.js)

In engine.log, I see some update related errors:


2019-06-22 18:46:54,053-04 ERROR 
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] 
(EE-ManagedThreadFactory-engineScheduled-Thread-22) [] EVENT_ID: 
VDS_BROKER_COMMAND_FAILURE(10,802), VDSM ovirt2. command 
HSMGetAllTasksStatusesVDS failed: Not SPM
2019-06-22 18:46:54,054-04 ERROR 
[org.ovirt.engine.core.vdsbroker.vdsbroker.HSMGetAllTasksStatusesVDSCommand] 
(EE-ManagedThreadFactory-engineScheduled-Thread-22) [] Command 
'HSMGetAllTasksStatusesVDSCommand(HostName = ovirt2., 
VdsIdVDSCommandParametersBase:{hostId='2f1da67f-66f7-40d6-81c4-dde82d6a6dd6'})' 
execution failed: IRSGenericException: IRSErrorException: 
IRSNonOperationalException: Not SPM
2019-06-22 19:01:18,875-04 ERROR 
[org.ovirt.engine.core.bll.host.HostUpgradeManager] 
(EE-ManagedThreadFactory-hostUpdatesChecker-Thread-2) [] Failed to run 
check-update of host 'ovirt1.'. Error: fatal: [ovirt1.]: FAILED! => {"changed": 
false, "msg": "yum lockfile is held by another process"}
2019-06-22 19:01:18,875-04 ERROR 
[org.ovirt.engine.core.bll.hostdeploy.HostUpdatesChecker] 
(EE-ManagedThreadFactory-hostUpdatesChecker-Thre

[ovirt-users] Re: Error when upgrading Node

[zachary . winter]

Regarding "Perhaps try to find out what exactly failed?", that is why I posted 
this thread.  I am new to oVirt and trying to master it, but I do not know 
where to look.  I have not found any documentation yet that tells me which logs 
to look at when, so please bear with me as I try to figure this out.  Thank you 
however for your help.

I ran the yum command you listed and got the debug output.  I do in fact have a 
storage domain on the Node, and I am almost certain that is why it is failing.  
I suspect that removing the storage domain will allow the update to work, but I 
am confused though because I have successfully updated this node with a storage 
domain on it several times now, so is this going to be a permanent requirement? 
 

is there any advanced documentation (i.e., this log captures this, here is what 
to look for when this happens) available?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5JDMG35ORY7P4UGQM2ASV3TMQPLUDG4B/

[ovirt-users] Re: Import VM from ovirt-exported ova

[David Paning]

Ammending my post:
i tried to extract the ova file, but this fails like this:

# tar xvf VM0001.ova 
vm.ovf
3223a5b9-275f-4ecc-a221-795f675e667e
tar: Unexpected EOF in archive
tar: rmtlseek not stopped at a record boundary
tar: Error is not recoverable: exiting now

The result still is:
# ls -al
total 20064272
drwxr-xr-x.  2 vdsm kvm 4096 Jun 22 20:52 .
dr-xr-xr-x. 21 root root4096 Jun 22 20:45 ..
-rw---.  1 root root 10272886272 Jun 22 20:52 
3223a5b9-275f-4ecc-a221-795f675e667e
-rw-r--r--.  1 vdsm kvm  10272899072 Jun 21 21:13 VM0001.ova
-rw-r--r--.  1 root root   11469 May 30 19:07 vm.ovf

Disk space is sufficient, with double the capacity of the uncompressed VM 
size...

It starts to turn into a bit of a nightmare:
1) Importing the VM from OVA fails like described above
2) Attempting to import the "Export"-storage domain of the previous oVirt 
4.3.3.1 installation where i had exportet the VM to failed, as tthere is no 
storage domain recognized 
3) Attempting to import the iSCSI-based "Data"-domain of that same previous 
cluster fails, due to the folloing error:
"Error while executing action: Cannot add Storage. The Storage Domain name is 
already in use."
 
The iSCSI-LUN is not connected to any other initiator.
The hosts which belonged to the former oVirt cluster are erased or offline...

As i still have all the sSCSI-LUNs, is there any option left to get hold of 
that VirtualMachine?

It's not just this machine, but also wondering how to prepare for the next time 
i have to migrate the cluster... 

Any suggestion on how to proceed best is highly welcome ;-)
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SGG3K3RH6GNJT2BIE7URVASXEGM3CFSU/

[ovirt-users] Re: ovirt-vmconsole: Pemission denied (publickey) when I select VM id

[Jonathan Gregoire]

Hi Michal,

Thanks for you reply!


Log from my node :

[root@dl360g9-1 ~]# tail -f -n0 /var/log/messages | grep sshd

Jun 21 10:15:50 dl360g9-1 sshd[35907]: rexec line 25: Deprecated option 
RSAAuthentication

Jun 21 10:15:50 dl360g9-1 sshd[35907]: Connection from 10.194.16.160 port 40858 
on 10.194.16.150 port 2223

Jun 21 10:15:50 dl360g9-1 sshd[35907]: reprocess config line 25: Deprecated 
option RSAAuthentication

Jun 21 10:15:50 dl360g9-1 sshd[35907]: User ovirt-vmconsole not allowed because 
account is locked

Jun 21 10:15:50 dl360g9-1 sshd[35907]: input_userauth_request: invalid user 
ovirt-vmconsole [preauth]

Jun 21 10:15:50 dl360g9-1 sshd[35907]: Connection closed by 10.194.16.160 port 
40858 [preauth]

Then I’ve tryto unlock the ovirt-vmconsole account:

[root@dl360g9-1 ~]# passwd -u ovirt-vmconsole -f

Unlocking password for user ovirt-vmconsole.

passwd: Success

[root@dl360g9-1 ~]#

Give another try and got this log:

[root@dl360g9-1 ~]# tail -f -n0 /var/log/messages | grep sshd

Jun 21 10:22:44 dl360g9-1 sshd[36199]: rexec line 25: Deprecated option 
RSAAuthentication

Jun 21 10:22:44 dl360g9-1 sshd[36199]: Connection from 10.194.16.160 port 40954 
on 10.194.16.150 port 2223

Jun 21 10:22:44 dl360g9-1 sshd[36199]: reprocess config line 25: Deprecated 
option RSAAuthentication

Jun 21 10:22:44 dl360g9-1 sshd[36199]: User ovirt-vmconsole authorized keys 
/dev/null is not a regular file

Jun 21 10:22:44 dl360g9-1 sshd[36199]: Failed publickey for ovirt-vmconsole 
from 10.194.16.160 port 40954 ssh2: RSA 
SHA256:FWlv2d+MlM43y0QQvnZUAMHgvLh+rQ8jYtZsWh6KId4

Jun 21 10:22:44 dl360g9-1 sshd[36199]: Accepted certificate ID 
"vmconsole-proxy-user" (serial 0) signed by RSA CA 
SHA256:vmH4XmKfgYJBpJym9T+WK2y2abk9aniCh6TiuJcB1+U via 
/etc/pki/ovirt-vmconsole/ca.pub

Jun 21 10:22:44 dl360g9-1 sshd[36199]: Postponed publickey for ovirt-vmconsole 
from 10.194.16.160 port 40954 ssh2: RSA 
SHA256:FWlv2d+MlM43y0QQvnZUAMHgvLh+rQ8jYtZsWh6KId4 [preauth]

Jun 21 10:22:44 dl360g9-1 sshd[36199]: Accepted certificate ID 
"vmconsole-proxy-user" (serial 0) signed by RSA CA 
SHA256:vmH4XmKfgYJBpJym9T+WK2y2abk9aniCh6TiuJcB1+U via 
/etc/pki/ovirt-vmconsole/ca.pub

Jun 21 10:22:44 dl360g9-1 sshd[36199]: error: key_verify: error in libcrypto

Jun 21 10:22:44 dl360g9-1 sshd[36199]: Failed publickey for ovirt-vmconsole 
from 10.194.16.160 port 40954 ssh2: RSA-CERT ID vmconsole-proxy-user (serial 0) 
CA RSA SHA256:vmH4XmKfgYJBpJym9T+WK2y2abk9aniCh6TiuJcB1+U

Jun 21 10:22:44 dl360g9-1 sshd[36199]: Connection closed by 10.194.16.160 port 
40954 [preauth]


So it looks like is wrong with my cert refered in 
/usr/share/ovirt-vmconsole/ovirt-vmconsole-host/ovirt-vmconsole-host-sshd/sshd_config
 on my nodes. How to retrieve the good certificate and the Hostkey?
HostCertificate /etc/pki/ovirt-vmconsole/host-ssh_host_rsa-cert.pub

HostKey /etc/pki/ovirt-vmconsole/host-ssh_host_rsa


Jonathan Gregoire


De : Michal Skrivanek 
Envoyé : 21 juin 2019 08:26
À : Jonathan Greg
Cc : users@ovirt.org
Objet : Re: [ovirt-users] Re: ovirt-vmconsole: Pemission denied (publickey) 
when I select VM id



> On 20 Jun 2019, at 15:25, Jonathan Greg  wrote:
>
> Here is the log I get from the engine node when I do "ssh -t -p  
> ovirt-vmcons...@ovirt-engine01.int.cloche.ca-i
>  .ssh/serialconsolekey connect and I enter a console id":
>
> [root@ovirt-engine01 ~]# tail -f /var/log/messages
> Jun 20 09:22:13 ovirt-engine01 sshd[8836]: rexec line 24: Deprecated option 
> RSAAuthentication
> Jun 20 09:22:13 ovirt-engine01 sshd[8836]: reprocess config line 24: 
> Deprecated option RSAAuthentication
> Jun 20 09:22:14 ovirt-engine01 sshd[8836]: Accepted publickey for 
> ovirt-vmconsole from 192.168.30.217 port 55849 ssh2: RSA 
> SHA256:rYFIGj3UaNY28ocnmWqK3UZpznU0bzo6tPR+NpnR6Hw
> Jun 20 09:22:14 ovirt-engine01 sshd[8836]: Attempt to write login records by 
> non-root user (aborting)
> Jun 20 09:22:20 ovirt-engine01 ovirt-vmconsole-proxy-shell[8849]: INFO 
> Opening console 
> '7e2c5638-f97c-45c4-8487-153764db2fc7.s...@c200m2-1.int.cloche.ca' on behalf 
> of 'admin_internal-authz'[4907b7e8-dbda-11e8-9a2e-00163e1b3a71]
> Jun 20 09:22:20 ovirt-engine01 sshd[8836]: Attempt to write login records by 
> non-root user (aborting)
> Jun 20 09:22:21 ovirt-engine01 sshd[8848]: Received disconnect from 
> 192.168.30.217 port 55849:11: disconnected by user
> Jun 20 09:22:21 ovirt-engine01 sshd[8848]: Disconnected from 192.168.30.217 
> port 55849

the problem seems to be between the proxy and the target host, you’d need to 
get logs from there.
check out logs/issues of the sshd process handling the incoming requests 
(/usr/sbin/sshd -f 
/usr/share/ovirt-vmconsole/ovirt-vmconsole-host/ovirt-vmconsole-host-sshd/sshd_config
 -D)
it could be a certificates issue. Is this an older setup or anything regarding 
host certificates changed recently/ever?

Thanks,
michal
> _