[ovirt-users] Re: Replacing ovirt certificates issue
Seems that all services (imageio, ovn, web socket) are fine after following the above and importing the new self signed CA certificate. DId run also engine-setup as I was trying to fix the imageio cert issue, though seems that that was only fixed after importing the CA cert at browser and engine-setup might not be needed. On Wed, Nov 18, 2020 at 3:07 PM Alex K wrote: > Seems I had a typo at > /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf. > I will repeat the test to verify that all services are functional > following this process. > > On Wed, Nov 18, 2020 at 10:24 AM Alex K wrote: > >> Hi all, >> >> I am trying to replace the ovirt certificate at ovirt 4.3 following this: >> >> >> https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html/administration_guide/appe-red_hat_enterprise_virtualization_and_ssl >> >> I am doing the following: >> I have engine FQDN: manager.lab.local >> >> 1. Create root CA private key: >> openssl genrsa -des3 -out root.key 2048 >> >> 2. Generate root certificate: (enter passphrase of root key) >> openssl req -x509 -new -nodes -key root.key -sha256 -days 3650 -out >> root.pem >> cp root.pem /tmp >> >> 3. Create key and CSR for engine: >> openssl genrsa -out manager.lab.local.key 2048 >> openssl req -new -out manager.lab.local.csr -key manager.lab.local.key >> >> 4. Generate a certificate for engine and sign with the root CA key: >> >> openssl x509 -req -in manager.lab.local.csr \ >> -CA root.pem \ >> -CAkey root.key \ >> -CAcreateserial \ >> -out manager.lab.local.crt \ >> -days 3650 \ >> -sha256 \ >> -extensions v3_req >> >> 5. Verify the trust chain and check the certificate details: >> openssl verify -CAfile root.pem manager.lab.local.crt >> openssl x509 -text -noout -in manager.lab.local.crt | head -15 >> >> 6. Generate a P12 container: (with empty password) >> openssl pkcs12 -export -out /tmp/apache.p12 \ >> -inkey manager.lab.local.key \ >> -in manager.lab.local.crt >> >> 8. Export key and cert: >> openssl pkcs12 -in apache.p12 -nocerts -nodes > /tmp/apache.key >> openssl pkcs12 -in apache.p12 -nokeys > /tmp/apache.cer >> >> From the above steps we should have the following: >> >> /tmp/root.pem >> /tmp/apache.p12 >> /tmp/apache.key >> /tmp/apache.cer >> >> 9. Place the certificates: >> hosted-engine --set-maintenance --mode=global >> cp -p /etc/pki/ovirt-engine/keys/apache.p12 /tmp/apache.p12.bck >> cp /tmp/apache.p12 /etc/pki/ovirt-engine/keys/apache.p12 >> cp /tmp/root.pem /etc/pki/ca-trust/source/anchors >> update-ca-trust >> rm /etc/pki/ovirt-engine/apache-ca.pem >> cp /tmp/root.pem /etc/pki/ovirt-engine/apache-ca.pem >> >> Backup existing key and cert: >> cp /etc/pki/ovirt-engine/keys/apache.key.nopass >> /etc/pki/ovirt-engine/keys/apache.key.nopass.bck >> cp /etc/pki/ovirt-engine/certs/apache.cer >> /etc/pki/ovirt-engine/certs/apache.cer.bck >> cp /tmp/apache.key /etc/pki/ovirt-engine/keys/apache.key.nopass >> cp /tmp/apache.cer /etc/pki/ovirt-engine/certs/apache.cer >> chown root:ovirt /etc/pki/ovirt-engine/keys/apache.key.nopass >> chmod 640 /etc/pki/ovirt-engine/keys/apache.key.nopass >> systemctl restart httpd.service >> >> 10. Create a new trust store configuration file: >> vi /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf >> >> ENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts" >> ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="" >> >> 11. Edit /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf : >> vi /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf >> >> SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer >> SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass >> >> 12. Edit /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf: >> vi /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf >> >> # Key file for SSL connections >> ssl_key_file = /etc/pki/ovirt-engine/keys/apache.key.nopass >> # Certificate file for SSL connections >> ssl_cert_file = /etc/pki/ovirt-engine/certs/apache.cer >> >> 13. Import the certificate at system-wide java trust store >> >> update-ca-trust extract >> keytool -list -alias ovirt -keystore /etc/pki/java/cacerts >> >> 14. Restart services: >> systemctl restart httpd.service >> systemctl restart ovirt-provider-ovn.service >> systemctl restart ovirt-imageio-proxy >> systemctl restart ovirt-websocket-proxy >> systemctl restart ovirt-engine.service >> >> Following the above I get at engine GUI: >> >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target >> >> I have tried also to run engine-setup in case it could fix anything (it >> renewed the cert due to missing subjectAltName), and the above error still >> persists. >> I have tried several other suggestions from similar issues reported at >> this list without any luck. >> I have run out of ideas. Am I missing anything? >> Thanx for any suggestions. >> Alex >> >
[ovirt-users] Re: How to create a backup in event of hardware failure of a single hosted engine?
On Wed, Nov 18, 2020 at 1:40 PM wrote: > Hello Alex, > How do i prepare the gluster volume as the gluster volume is also hosted > on the 1st baremetal, can you elaborate this setup? > just reading the docs of gluster must consists of 3 node either 3 gluster > nodes or 2 gluster nodes + 1 arbiter on a replica set > Indeed, for production use, you need replica 3 gluster setup (either replica 3 or 2 + 1 arbiter). In your case, you may go temporarily with a replica 2 (two hosts) setup. In this case, it is best practise to dedicate a separate network for the gluster traffic. Lets assume gluster0 and gluster1 are the hostnames of each host at the gluster storage network and the bricks are at /gluster/engine/brick. Then you need to run from gluster0 host: gluster peer probe gluster1 gluster volume add-brick engine replica 2 gluster1:/gluster/engine/brick In that case though you need to adjust quorum: gluster volume set engine cluster.server-quorum-type none gluster volume set engine cluster.quorum-type fixed gluster volume set engine cluster.quorum-count 1 Repeat for each volume and wait for heal (sync to complete). Check heal status of each volume: gluster volume heal info I do not include all details here. I assume the existing gluster volumes are already configured with the appropriate settings. As soon as you have the replica 2 setup in place, you then can proceed with a replica 3 setup with the same approach. Remember to enable quorum at each volume. Hope that helps. > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/MV2H6DNLD5JAKIEBFRQ4VROUYRHI2DMZ/ > ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/OK7GRCKTT6T7XKJ5YGEIVBERYR5KZAAW/
[ovirt-users] Ovirt 4 2 NIC's
Hi everyone! Hope someone can help me with this.. I have 3 servers with centos 8 and ovirt 4 installed. Each server has 2 nic. Server A = HE (HA) Nic1= 192.169.2.24 Nic2=no ip Server B = HE (HA) Nic1= 192.169.2.25 Nic2=no ip Server C = simply host. Nic1= 192.169.2.26 Nic2=no ip How can i configure the second NIC in each server in order to use it for clients connect to the vms?. I want one nic for management, the other for connections. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/PL7WFXC4UZBUZ45HMZQ7QSRFSMQXRA4A/
[ovirt-users] Re: Migration VM
Hi Nikolov, I solved it, the error was in cpu virtualization. Thanks for the support !!! ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/CZLLF2MK66IERJWUDBWRTSEEQWNNTC2T/
[ovirt-users] Re: How to create a backup in event of hardware failure of a single hosted engine?
What are you trying to achive ? Best Regards, Strahil Nikolov В сряда, 18 ноември 2020 г., 13:40:18 Гринуич+2, ernestclydeac...@gmail.com написа: Hello Alex, How do i prepare the gluster volume as the gluster volume is also hosted on the 1st baremetal, can you elaborate this setup? just reading the docs of gluster must consists of 3 node either 3 gluster nodes or 2 gluster nodes + 1 arbiter on a replica set ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/MV2H6DNLD5JAKIEBFRQ4VROUYRHI2DMZ/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/4XN5RCEE3ORAYTEJ7WP3335N6KCNDLIS/
[ovirt-users] Re: Migration VM
Once the vm fails, you can check in the host's vdsm log the whole xml file. Can you share that ? Best Regards, Strahil Nikolov В сряда, 18 ноември 2020 г., 11:31:55 Гринуич+2, tiziano.paci...@par-tec.it написа: Hi, I installed a new server, using the ovirt iso, with the target of migrating the VMs coming from another cluster, contained on another ovirt node. I tried to migrate a vm using the Export Domain, once imported on the new node, i see the vm from web dashboard but, from command line “virsh list --all” is absent, the imported vm does not appear in the list. Also if I try to start it, I get the following error: VM X is down with error. Exit message: unsupported configuration: bus must be 0 for ide controller. Can you help me? ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/HOO52SLJHMO3TLOPXUV6GWABNLN6PLCK/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZHQICPRHEGZ3WXNYDRSCA2S63FBSTXQL/
[ovirt-users] Re: Hosted Engine can't migrate
Hi Bradley, usually this is not supposed to happen. I can propose you a fast fix: - Set a node into maintenance (via the UI) and then from the "Installation" drop down menu (upper right) click "reinstall" There is a tab for the HostedEngine and you have to mark it as deployed/installed If it doesn't work,ssh to one of the hosts and provide the output of: hosted-engine --vm-status Best Regards В сряда, 18 ноември 2020 г., 08:08:36 Гринуич+2, McNamara, Bradley написа: I'm new to oVirt, but not new to virtualization technologies. I've run into a wall, but the solution has gotta be simple. I've seen other threads with the same issue, but a solution is never posted. I've followed the guide perfectly. I get the self-hosted engine up and running with no issues. I add hosts to the cluster, but it won't let me migrate the HE because of Hosted Engine HA score of "N/A" on every host except the one it was initially deployed on. The physical servers are exactly the same: same networks, storage, OS, patches, etc. The additional hosts are added thru the HE GUI and are added without issue. Is there a secret button I gotta push? What am I missing? This is with 4.3 on CentOS 7.9. HELP! Thanks. :-) ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/TKNPG3TRZGZIUCVWHL6SPFOMZPFDXGYP/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/K4BP7GI6XNMY3ZRZ6TFS57YK6VHAYEYT/
[ovirt-users] Re: Found a host rebooting - ways to watch?
I would recommend you to check this one: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html/administration_guide/chap-event_notifications Best Regards, Strahil Nikolov В вторник, 17 ноември 2020 г., 22:00:08 Гринуич+2, Chris Adams написа: I just noticed that one of my oVirt physical hosts has been rebooting due to an apparent hardware voltage fault. It's a Dell, and I've got their tools installed and am monitoring status, but the issue clears itself. It has apparently been doing this for a bit now, and we didn't catch it because (a) there weren't any VMs on it (probably were the first time but they were restarted elsewhere fast enough that it wasn't noticed) and (b) it reboots fast enough that at most it pops up in our monitoring system for one pass and then clears so our NOC either didn't see it or assumed it was okay since it cleared. oVirt has been logging alerts when it happens, but seeing that requires someone to log in and check the logs (and we've got a bunch of different systems to manage, including multiple oVirt clusters, so nobody is doing that on a regular basis). We monitor most things with SNMP and/or CLI checks (we have PRTG, Nagios, and LibreNMS for various different things). What are people doing to monitor the health of their oVirt systems? Is it possible to get alerts emailed to admins? Is there any SNMP support in oVirt to allow external systems to monitor its health? This setup is on 4.3.10 if that matters. -- Chris Adams ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/APZCECDMZDOGFBMXKAPSDJJENUSEOEOJ/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/FDSPEACILOFIDMZFPW7H6EDAVYLYQVOS/
[ovirt-users] Re: Hosted Engine can't migrate
On Wed, Nov 18, 2020 at 7:08 AM McNamara, Bradley < bradley.mcnam...@seattle.gov> wrote: > I'm new to oVirt, but not new to virtualization technologies. I've run > into a wall, but the solution has gotta be simple. I've seen other threads > with the same issue, but a solution is never posted. > > I've followed the guide perfectly. I get the self-hosted engine up and > running with no issues. I add hosts to the cluster, but it won't let me > migrate the HE because of Hosted Engine HA score of "N/A" on every host > except the one it was initially deployed on. The physical servers are > exactly the same: same networks, storage, OS, patches, etc. The > additional hosts are added thru the HE GUI and are added without issue. Is > there a secret button I gotta push? > > What am I missing? This is with 4.3 on CentOS 7.9. > > HELP! Thanks. :-) > If you go in Compute --> Hosts in web admin gui, do the added hosts have a crown icon on the left of their "Name" column? If not, when you added them possibly you overlooked the "Hosted Engine" section in the window, where by default, if I'm not wrong, the value is "None": that means that the added host doesn't contributed to be one of the "Hosted Engine" ones electable to host the engine VM, but only an hyoervisor. Long time ago I opened two bugzillas about this default with some notes for improving a better experience If this is the case, you can remove the hosts one by one and add them again selecting "Deploy" in the Hosted Engine section, for how many you would like to contribute to the score and to be able to host the hosted engine VM. HIH, Gianluca ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/VQJO2A7DHR5AIXSM3GXNB6PFSMPILHUZ/
[ovirt-users] Re: Replacing ovirt certificates issue
Seems I had a typo at /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf. I will repeat the test to verify that all services are functional following this process. On Wed, Nov 18, 2020 at 10:24 AM Alex K wrote: > Hi all, > > I am trying to replace the ovirt certificate at ovirt 4.3 following this: > > > https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html/administration_guide/appe-red_hat_enterprise_virtualization_and_ssl > > I am doing the following: > I have engine FQDN: manager.lab.local > > 1. Create root CA private key: > openssl genrsa -des3 -out root.key 2048 > > 2. Generate root certificate: (enter passphrase of root key) > openssl req -x509 -new -nodes -key root.key -sha256 -days 3650 -out > root.pem > cp root.pem /tmp > > 3. Create key and CSR for engine: > openssl genrsa -out manager.lab.local.key 2048 > openssl req -new -out manager.lab.local.csr -key manager.lab.local.key > > 4. Generate a certificate for engine and sign with the root CA key: > > openssl x509 -req -in manager.lab.local.csr \ > -CA root.pem \ > -CAkey root.key \ > -CAcreateserial \ > -out manager.lab.local.crt \ > -days 3650 \ > -sha256 \ > -extensions v3_req > > 5. Verify the trust chain and check the certificate details: > openssl verify -CAfile root.pem manager.lab.local.crt > openssl x509 -text -noout -in manager.lab.local.crt | head -15 > > 6. Generate a P12 container: (with empty password) > openssl pkcs12 -export -out /tmp/apache.p12 \ > -inkey manager.lab.local.key \ > -in manager.lab.local.crt > > 8. Export key and cert: > openssl pkcs12 -in apache.p12 -nocerts -nodes > /tmp/apache.key > openssl pkcs12 -in apache.p12 -nokeys > /tmp/apache.cer > > From the above steps we should have the following: > > /tmp/root.pem > /tmp/apache.p12 > /tmp/apache.key > /tmp/apache.cer > > 9. Place the certificates: > hosted-engine --set-maintenance --mode=global > cp -p /etc/pki/ovirt-engine/keys/apache.p12 /tmp/apache.p12.bck > cp /tmp/apache.p12 /etc/pki/ovirt-engine/keys/apache.p12 > cp /tmp/root.pem /etc/pki/ca-trust/source/anchors > update-ca-trust > rm /etc/pki/ovirt-engine/apache-ca.pem > cp /tmp/root.pem /etc/pki/ovirt-engine/apache-ca.pem > > Backup existing key and cert: > cp /etc/pki/ovirt-engine/keys/apache.key.nopass > /etc/pki/ovirt-engine/keys/apache.key.nopass.bck > cp /etc/pki/ovirt-engine/certs/apache.cer > /etc/pki/ovirt-engine/certs/apache.cer.bck > cp /tmp/apache.key /etc/pki/ovirt-engine/keys/apache.key.nopass > cp /tmp/apache.cer /etc/pki/ovirt-engine/certs/apache.cer > chown root:ovirt /etc/pki/ovirt-engine/keys/apache.key.nopass > chmod 640 /etc/pki/ovirt-engine/keys/apache.key.nopass > systemctl restart httpd.service > > 10. Create a new trust store configuration file: > vi /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf > > ENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts" > ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="" > > 11. Edit /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf : > vi /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf > > SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer > SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass > > 12. Edit /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf: > vi /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf > > # Key file for SSL connections > ssl_key_file = /etc/pki/ovirt-engine/keys/apache.key.nopass > # Certificate file for SSL connections > ssl_cert_file = /etc/pki/ovirt-engine/certs/apache.cer > > 13. Import the certificate at system-wide java trust store > > update-ca-trust extract > keytool -list -alias ovirt -keystore /etc/pki/java/cacerts > > 14. Restart services: > systemctl restart httpd.service > systemctl restart ovirt-provider-ovn.service > systemctl restart ovirt-imageio-proxy > systemctl restart ovirt-websocket-proxy > systemctl restart ovirt-engine.service > > Following the above I get at engine GUI: > > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > > I have tried also to run engine-setup in case it could fix anything (it > renewed the cert due to missing subjectAltName), and the above error still > persists. > I have tried several other suggestions from similar issues reported at > this list without any luck. > I have run out of ideas. Am I missing anything? > Thanx for any suggestions. > Alex > ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/NADGNIZR53ETECWMNTYN33DQJMOENHS7/
[ovirt-users] Re: How to create a backup in event of hardware failure of a single hosted engine?
Hello Alex, How do i prepare the gluster volume as the gluster volume is also hosted on the 1st baremetal, can you elaborate this setup? just reading the docs of gluster must consists of 3 node either 3 gluster nodes or 2 gluster nodes + 1 arbiter on a replica set ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/MV2H6DNLD5JAKIEBFRQ4VROUYRHI2DMZ/
[ovirt-users] Migration VM
Hi, I installed a new server, using the ovirt iso, with the target of migrating the VMs coming from another cluster, contained on another ovirt node. I tried to migrate a vm using the Export Domain, once imported on the new node, i see the vm from web dashboard but, from command line “virsh list --all” is absent, the imported vm does not appear in the list. Also if I try to start it, I get the following error: VM X is down with error. Exit message: unsupported configuration: bus must be 0 for ide controller. Can you help me? ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/HOO52SLJHMO3TLOPXUV6GWABNLN6PLCK/
[ovirt-users] Can't use ovirt web interface (500 error)
Hi, After updating to the latest version of ovirt (standalone installed with engine-setup) I am no longer able to use the web ui. After I log in, in fact, I get a modal error entitled "operation canceled" and with content "a request to the server failed, error 500" Looking at the requests it actually receives an error 500 when it goes to make a request to "/ovirt-engine/webadmin/GenericApiGWTService" which replies "The call failed on the server; see server log for details" These are the last lines of the engine.log: https://pastebin.com/uFgZASuW Is anyone experiencing the same problem or know how to fix it? ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/WBNIEQ6LCFXSBRK45X3ISAUQSL7RJ3DQ/
[ovirt-users] Re: OVIRT and KUBEVIRT
Hi Andre, On Wed, Nov 18, 2020 at 7:04 AM Andre Meyer Pflug wrote: > Is there someone who has done an NON PERSISTANT VDI over oVirt using > kubevirt (on OKD) as the infraestructure for vm's? > > We plan to do a 1.000.000 concurrent users deployment... > I am working on KubeVirt. I can't tell you how the integration in oVirt works in detail and which capabilities you inherit from normal RHV flows, but I can tell you a little bit about this from the kubevirt and openshift perspective. I think that you will need a bunch of openshift clusters (10+) to cope with that number of VMs/Pods. Also keep in mind that you will have to use for VDI something like citrix, windows remote desktop or so on. KubeVirt does not support spice, just in case that this was your target. Others can probably tell you more. Best Regards, Roman > > Any help is welcome! > > Kind regards, > > > Andre Meyer Pflug > DDESK LLC > > > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/Y3SYDD7IECRVNRPFOJOJMIZ36KHYRIPR/ > ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/2XATWOFBPPZWCUUYFG2QTJ25VDV6WGOW/
[ovirt-users] Replacing ovirt certificates issue
Hi all, I am trying to replace the ovirt certificate at ovirt 4.3 following this: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html/administration_guide/appe-red_hat_enterprise_virtualization_and_ssl I am doing the following: I have engine FQDN: manager.lab.local 1. Create root CA private key: openssl genrsa -des3 -out root.key 2048 2. Generate root certificate: (enter passphrase of root key) openssl req -x509 -new -nodes -key root.key -sha256 -days 3650 -out root.pem cp root.pem /tmp 3. Create key and CSR for engine: openssl genrsa -out manager.lab.local.key 2048 openssl req -new -out manager.lab.local.csr -key manager.lab.local.key 4. Generate a certificate for engine and sign with the root CA key: openssl x509 -req -in manager.lab.local.csr \ -CA root.pem \ -CAkey root.key \ -CAcreateserial \ -out manager.lab.local.crt \ -days 3650 \ -sha256 \ -extensions v3_req 5. Verify the trust chain and check the certificate details: openssl verify -CAfile root.pem manager.lab.local.crt openssl x509 -text -noout -in manager.lab.local.crt | head -15 6. Generate a P12 container: (with empty password) openssl pkcs12 -export -out /tmp/apache.p12 \ -inkey manager.lab.local.key \ -in manager.lab.local.crt 8. Export key and cert: openssl pkcs12 -in apache.p12 -nocerts -nodes > /tmp/apache.key openssl pkcs12 -in apache.p12 -nokeys > /tmp/apache.cer >From the above steps we should have the following: /tmp/root.pem /tmp/apache.p12 /tmp/apache.key /tmp/apache.cer 9. Place the certificates: hosted-engine --set-maintenance --mode=global cp -p /etc/pki/ovirt-engine/keys/apache.p12 /tmp/apache.p12.bck cp /tmp/apache.p12 /etc/pki/ovirt-engine/keys/apache.p12 cp /tmp/root.pem /etc/pki/ca-trust/source/anchors update-ca-trust rm /etc/pki/ovirt-engine/apache-ca.pem cp /tmp/root.pem /etc/pki/ovirt-engine/apache-ca.pem Backup existing key and cert: cp /etc/pki/ovirt-engine/keys/apache.key.nopass /etc/pki/ovirt-engine/keys/apache.key.nopass.bck cp /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/certs/apache.cer.bck cp /tmp/apache.key /etc/pki/ovirt-engine/keys/apache.key.nopass cp /tmp/apache.cer /etc/pki/ovirt-engine/certs/apache.cer chown root:ovirt /etc/pki/ovirt-engine/keys/apache.key.nopass chmod 640 /etc/pki/ovirt-engine/keys/apache.key.nopass systemctl restart httpd.service 10. Create a new trust store configuration file: vi /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf ENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts" ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="" 11. Edit /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf : vi /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass 12. Edit /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf: vi /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf # Key file for SSL connections ssl_key_file = /etc/pki/ovirt-engine/keys/apache.key.nopass # Certificate file for SSL connections ssl_cert_file = /etc/pki/ovirt-engine/certs/apache.cer 13. Import the certificate at system-wide java trust store update-ca-trust extract keytool -list -alias ovirt -keystore /etc/pki/java/cacerts 14. Restart services: systemctl restart httpd.service systemctl restart ovirt-provider-ovn.service systemctl restart ovirt-imageio-proxy systemctl restart ovirt-websocket-proxy systemctl restart ovirt-engine.service Following the above I get at engine GUI: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target I have tried also to run engine-setup in case it could fix anything (it renewed the cert due to missing subjectAltName), and the above error still persists. I have tried several other suggestions from similar issues reported at this list without any luck. I have run out of ideas. Am I missing anything? Thanx for any suggestions. Alex ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/FSIKZJWMW6KKBLCHGZWWXVGQYLPMW7PJ/
