[ovirt-users] Re: websockify + ovirt

[Pascal D]

Michal,

Could you explain in details this part of your email?

> We modified the client to sign the request for proxy that is verified by the 
> (also
> modified) proxy. There are small changes but they would need to be done for 
> any other
> client you’re trying to use (and for the proxy if you’d want to use a 
> non-ovirt
> websockify)

Where can i find this information? Right now, using the stock websockify and 
using my version of flexVDI (which works BTW perfectly with libvirt qxl 
protected by password) and a valid SSL certificates between browser and proxy, 
I am getting this error when trying to connect to ovirt:

```
+ exec python3 -m websockify 5959 --verbose --record /tmp/websockify.log 
--cert=/etc/letsencrypt/live/ws1..net/cert.pem 
--key=/etc/letsencrypt/live/ws1.xxx.net/privkey.pem --ssl-target --ssl-only 
--verify-client --cafile=/tmp/cafile-143249.crt '--ssl-ciphers=HIGH:!aNULL' 
xx.xxx.xxx.xxx:5915

WebSocket server settings:
  - Listen on :5959
  - SSL/TLS support
  - Deny non-SSL/TLS connections
  - Recording to '/tmp/websockify.log.*'
  - proxying from :5959 to xx.xxx.xxx.xxx:5915 (using SSL)
70.182.176.222: new handler Process
handler exception: [Errno 0] Error
exception
Traceback (most recent call last):
  File "/var/www/websockify/websockify/websockifyserver.py", line 662, in 
top_new_client
client = self.do_handshake(startsock, address)
  File "/var/www/websockify/websockify/websockifyserver.py", line 565, in 
do_handshake
retsock = context.wrap_socket(
  File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
  File "/usr/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
  File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
OSError: [Errno 0] Error

```

so it seems my main problem is SSL between the webproxy and ovirt. I am just 
not sure how to debug this.  Is the connection between the proxy and the host 
encrypted? If yes, what role does the cafile received in the console.vv plays 
and what about the host-subject.  this is the part I am missing
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/B7TKD27A4TWK26PFVDQV27QQMKA55YWX/

[ovirt-users] Problem to create provider

[miguel . garcia]

We have a problem to create the first provider in the ovirt cluster by 
following next steps:

Go to Administration - Provider - click Add
Filled up fields for new provider with next information:

Name: ovirt-provider-ovn
Type: External Network Provider
Network Plugin: oVirt Network Provider for OVN
Provider URL: https://ovirthostname:9696
Uncheck Read-only

Check Request authentication
username : admin@internal
Protocol HTTPS
Hostname ovirthostname
API port: 35357

Click Test

Result:
Test Failed (unknow error)

Log file:
2021-03-23 15:23:50,986-04 ERROR 
[org.ovirt.engine.core.bll.provider.network.openstack.ExternalNetworkProviderProxy]
 (default task-118) [501852ef-cd76-40d0-8ef3-6b0826b3c0dd] Failed to 
communicate with external provider 'ovirt-provider-ovn' due to error 
'ConnectException: Connection refused (Connection refused)'  
[org.ovirt.engine.core.utils.servlet.ServletUtils] (default t2021-03-23 
15:23:50,986-04 ERROR 
[org.ovirt.engine.core.bll.GetProviderCertificateChainQuery] (default task-118) 
[501852ef-cd76-40d0-8ef3-6b0826b3c0dd] Error in encoding certificate: 
EngineException: Connection refused (Connection refused) (Failed with error 
PROVIDER_FAILURE and code 5050)

I think I would expect to ask the certificate to complete connection but does 
not ask for certificate at all.

Any idea how to solve this?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JX5D6IRKYT5FVL4Z26ZQNDA4DYLYOCDE/

[ovirt-users] [ANN] Async release for oVirt 4.4.5

[Sandro Bonazzola]

On March 23rd 2021 the oVirt project released an async update to the
following packages:

   -

   ovirt-ansible-collection-1.4.1
   -

   vdsm-4.40.50.9
   -

   ovirt-engine-4.4.5.11
   -

   ovirt-release44-4.4.5.1
   -

   ovirt-engine-appliance-4.4-20210323171213.1
   -

   oVirt Node is still building, will follow tomorrow.


Fixing the following bugs:

   -

   Bug 1940438  -
   Revoking a token using ovirt_auth module fails hosted_engine_setup ansible
   role
   -

   Bug 1941311  - Live
   merge after extend disk fails - 'Vm' object has no attribute
   'refreshDriveVolume'
   -

   Bug 1940448  -
   Upgrade to 4.4.5 fails schema upgrade if user_profiles table contains
   duplicate entries


-- 

Sandro Bonazzola

MANAGER, SOFTWARE ENGINEERING, EMEA R RHV

Red Hat EMEA 

sbona...@redhat.com


*Red Hat respects your work life balance. Therefore there is no need to
answer this email out of your office hours.*
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/AQHS2NPU45WAUWDIFYCH7IB5UDEPCWLG/

[ovirt-users] Re: The best HCI config with 8Nodes and 2 sites?

[Gilboa Davara]

On Tue, Mar 23, 2021 at 6:42 PM Arman Khalatyan  wrote:
>
> Hello everybody,
> I would like to deploy HCI with our 2 buildings each with 8 compute nodes.
> Each host has a mirrored OS disks and 1 slot for the SSD. So I will use SSD 
> for the glusterfs.
> my question is what is the best type of the glusterfs volume?
> I can leave with 8way mirror but what happened if the connection between 
> buildings will go down?
> where will my ovirt-engine start?

I'd start by asking a simple question: Is there any solid reason to do
an 8-way cross building gluster cluster?
Beyond the unbelievable waste of space (8 way mirror) that can only be
solved by creating a complex setup of alternating normal and arbiter
gluster bricks, you are also literally opening yourself to countless
gluster stability and performance problems due to semi-reliable
cross-building network link(s).
In-short, unless you really, really, really need an 8 way mirror,
simply don't do it.

If I were you, I'd go with the much simpler and better solution of
creating two separate clusters, one in every building, making sure
each VM has an active version in one cluster and a recent backup in
the other (and vice versa).

- Gilboa
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/PUYQI5WTJ5CJULQFYSVOBNOYW5FUUAWH/

[ovirt-users] Is it possible to upgrade 3 node HCI from 4.3 to 4.4?

[Jayme]

I have a fairly stock three node HCI setup running oVirt 4.3.9. The hosts
are oVirt node. I'm using GlusterFS storage for the self hosted engine and
for some VMs. I also have some other VMs running from an external NFS
storage domain.

Is it possible for me to upgrade this environment to 4.4 while keeping some
of the VMs on GlusterFS storage domains running? Does the upgrade require
an additional physical host? I'm reading through the upgrade guide and it's
not very clear to me how the engine is reinstalled on CentOS8. Do you need
a 4th host, or do you take one of the three existing hosts down, wipe it
and install ovirt node 4.4?

Would it be easier for me to just move all VMs to my NFS storage domain,
wipe all hosts and deploy a brand new 4.4 HCI cluster then import the NFS
storage domain? Will the 4.3 VMs on the NFS storage domain import/run
properly into the new 4.4 deployment or are there any other considerations?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/62ZSJ5IMZ43HCM356DJH6D3M76F3TGJF/

[ovirt-users] The best HCI config with 8Nodes and 2 sites?

[Arman Khalatyan]

Hello everybody,
I would like to deploy HCI with our 2 buildings each with 8 compute nodes.
Each host has a mirrored OS disks and 1 slot for the SSD. So I will use SSD
for the glusterfs.
my question is what is the best type of the glusterfs volume?
I can leave with 8way mirror but what happened if the connection between
buildings will go down?
where will my ovirt-engine start?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/2TFWRRFCS2WMQGHGIABHT2JQMEALUUSE/

[ovirt-users] Re: websockify + ovirt

[Pascal D]

Michal,

Thank you for your response. I know I am all over the place as I am trying to 
figure what works and what doesn't. What I know so far is this. 
spice-web-client from eyeos  https://github.com/eyeos/spice-web-client and the 
forked version from flex-vdi https://github.com/flexVDI/spice-web-client work 
great with an unmodified websockify proxy and a spice enabled libvirt VM. I 
have tested it, and the only few things missing are USB support, multi-monitors 
and file xfer. But the performance are great and can play sound and videos. All 
in all those guys did an amazing work. So I am trying to take it further and 
have it working with ovirt.

My first step was to try to understand how remote-viewer was connecting to 
ovirt. I was able to find out that out of the console.vv file only host, port, 
password, tls-port and host-subject and ca. I then tried to understand where in 
remote-viewer the authentication happened and in what form. So far I have track 
it down to spice-gtk. I am still looking there.

I also tried to understand how ovirt websockify version was working but not 
knowing for sure that it is indeed working make it challenging. Again I don't 
quite understand the steps it does to start the proxying. It seems to me that 
it trap the authentication and do its own but since I don't have a client 
working I can't really tell. the websockify guys say the authentication should 
happen on the client but when I look at the websocket-proxy code from ovirt it 
seems it is happening on the proxy.

So what am I looking for is an example of a client (in whatever language) that 
authenticate against ovirt so that I can test it and adapt it to 
spice-web-client.  Any help would be appreciated.

Here are some questions I have:

why is there a port and a tls-port? what the purpose of port? When I filter it 
out of console.vv, remote-viewer is still able to work with ovirt.
What's the purpose of host-subject? How is it used? How is it sent to ovirt.  
Same for password?  What the protocol there?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/D32MRAANPFOWH5LBRGTB7RHVPH746LRQ/

[ovirt-users] Re: One host 4.4.5 upgade failed

[ozmen62]

yes, it is running.

Some how, weve figured out the storage server and host don't communicate each 
other.
We re-deploy target group and the host is seeing the storage now.
I'm not sure it's about upgrade or not, but seems solved.

Thanks for interest
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SEUUN6A2ESEDBDB2Z5JEYHL4J6U3QSXJ/

[ovirt-users] Re: Ovirt Node (iso) - OK to enable Centos-BaseOS/Centos-Appstream repos ?

[Vojtech Juranek]

On Tuesday, 23 March 2021 11:56:26 CET morgan cox wrote:
> Hi.
> 
> I have installed Ovirt nodes via the ovirt-node iso (centos8 based) - on a
> fresh install the standard CentOS repos are disabled (the ovirt 4-4  repo
> is enabled)
 
> As part of our company hardening we need to install a few packages from the
> Centos repos.
 
> Can I enable the CentOS-Linux-AppStream.repo + CentOS-Linux-BaseOS.repo
> repos or will this cause issues when we update the node ?

AFAIK it shouldn't break anything. ovirt repos have newer versions, so 
anything required by ovirt should be installed from ovirt repo during upgrade.


> Thanks
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/ List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/JITF2KTDAE7V2
> FMEYRJZOMUDCNKBGL56/



signature.asc
Description: This is a digitally signed message part.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3FWG6DQOQ5ZSO2SMGUNX2BYUY4NUVARH/

[ovirt-users] Re: One host 4.4.5 upgade failed

[Vojtech Juranek]

Is vdsmd running on the host?
If not, what is in the vdsm log?
If yes, what is in engine log (/var/log/ovirt-engine/engine.log) - why it 
failed to activate it?


On Tuesday, 23 March 2021 09:54:40 CET ozme...@hotmail.com wrote:
> journalctl returns
> WARN Failed to retrieve Hosted Engine HA info, is Hosted Engine setup
> finished?
 
> also, #  cat /var/log/vdsm/vdsm.log | grep ERROR
> 
> ERROR (jsonrpc/6) [storage.TaskManager.Task]
> (Task='039a0aea-a855-4e3e-b3ff-0f26c0c3900a') Unexpected error (task:880)
> ERROR (jsonrpc/6) [storage.Dispatcher] FINISH getStorageDomainStats
> error=Storage domain does not exist:
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/ List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/L3QSU4V3FVH6C
> IKTBG5H26ZMOAILACHO/



signature.asc
Description: This is a digitally signed message part.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZE3RKBV3FLZ5TLTQTZDODM3BXZMI52I2/

[ovirt-users] Ovirt Node (iso) - OK to enable Centos-BaseOS/Centos-Appstream repos ?

[morgan cox]

Hi.

I have installed Ovirt nodes via the ovirt-node iso (centos8 based) - on a 
fresh install the standard CentOS repos are disabled (the ovirt 4-4  repo is 
enabled)

As part of our company hardening we need to install a few packages from the 
Centos repos.

Can I enable the CentOS-Linux-AppStream.repo + CentOS-Linux-BaseOS.repo repos 
or will this cause issues when we update the node ?

Thanks
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JITF2KTDAE7V2FMEYRJZOMUDCNKBGL56/

[ovirt-users] Re: user portal

[Enrico Becchetti]

I've got a new X509 valid certificate signed from official CA , so my 
question is ,

Can I add this cert inside engine ?
Thanks again
Enrico

Il 23/03/21 09:45, Michal Skrivanek ha scritto:



On 23. 3. 2021, at 7:55, Enrico Becchetti 
mailto:enrico.becche...@pg.infn.it>> wrote:


Hi,

I've added a new ip public address and SSO_ALTERNATE_ENGINE_FQDNS,
after that I run engine-setup. and now ovirt can also be access with 
a new name

but the last item is about X509 certificate.
How can I add a second certificate for this new url ?


I think you’d have to use your own CA, the internal one doesn’t 
generate certificates with other names.

or as Didi suggested modify your DNS to use same FQDN for both ways



Best regards.
Enrico

Il 07/03/21 08:51, Yedidyah Bar David ha scritto:

On Fri, Mar 5, 2021 at 10:18 AM Enrico Becchetti
mailto:enrico.becche...@pg.infn.it>> 
wrote:

  Dear all,
I'm using ovirt 4.3.2 with its engine on a virtual machine. The nodes
are all Centos 7.7.

Is this a hosted-engine?

no

Both engine and hypervisor systems work on a 10.0.0.0 private network.
Now I would like to let users access the ovirt web page (user portal)
and for this
I must necessarily add a second network interface to the engine by
inserting a public ip. I can't use NAT.
Can you give me any advice for this operation ?
Can I add the network interface and then run engine-setup ?
Will oVirt be accessible from both ip addresses at the end of this
operation ?

Generally speaking:

1. You should be able to add an IP address to the existing NIC. If this
is a hosted-engine, this might be simpler than adding a NIC. Of course,
this might not be relevant in your case, depending on network topology,
conf, etc.

2. The engine itself does not care at all about which IP addresses are
used to connect to it. Neither is httpd that is running there as a 
frontend
to it - it listens on all addresses. So just add the address 
somehow, perhaps
restart httpd if needed (but I do not think so), and everything 
should work.


3. The engine _does_ care about the _name_. So make sure you use the
existing name. For this, you'll have to change your DNS, or /etc/hosts,
as applicable.

4. If it's complex for you to keep the existing name (e.g. because 
you want

to make it work from both old and new addresses, etc.), you can also add
another name that the engine will agree to be connected to, using
SSO_ALTERNATE_ENGINE_FQDNS, see e.g. [1].

Best regards,

[1] 
https://www.ovirt.org/develop/networking/changing-engine-hostname.html 




Lots of thanks.
Enrico

--
___

Enrico Becchetti    Servizio di Calcolo e Reti

Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica  06123 Perugia (ITALY)
Phone:+39 075 5852777 Skype:enrico_becchetti 
  Mail: Enrico.Becchettipg.infn.it
__
___
Users mailing list -- users@ovirt.org 
To unsubscribe send an email to users-le...@ovirt.org 

Privacy Statement: https://www.ovirt.org/privacy-policy.html 

oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/ 

List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZW2SGNYGA4MEGUCA2ONQ3RVBRWIYMUJZ/ 







--
___

Enrico Becchetti    Servizio di Calcolo e Reti

Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica  06123 Perugia (ITALY)
Phone:+39 075 5852777Skype:enrico_becchetti 
Mail: Enrico.Becchettipg.infn.it
__
___
Users mailing list --users@ovirt.org 
To unsubscribe send an email tousers-le...@ovirt.org 

Privacy Statement:https://www.ovirt.org/privacy-policy.html 

oVirt Code of 
Conduct:https://www.ovirt.org/community/about/community-guidelines/ 

List 
Archives:https://lists.ovirt.org/archives/list/users@ovirt.org/message/MTSY7BKGWKFGBQXREFO4IBZESB62ESWG/ 






--
___

Enrico BecchettiServizio di Calcolo e Reti

Istituto Nazionale di Fisica Nucleare - Sezione di 

[ovirt-users] Re: websockify + ovirt

[Michal Skrivanek]

> On 19. 3. 2021, at 20:26, Pascal DeMilly  wrote:
> 
> I will. I wish there was more documentation on how all of this works. My 
> current test sniffing the network show that actually the traffic is not on 
> the port as defined in the console file but on the tls-port of that file.  so 
> I am a little confused how all of this works. And since everything is  SSLed 
> it is quite difficult to know what is happening

Hi,
I don’t entirely follow your steps, but let me try to describe the ovirt 
specific implementation. spice-html5 used to work, but we removed it couple 
releases back since it’s not performing well and it’s not maintained much. It 
worked the same way as novnc.

We need to secure the communication between the client and the proxy(which is 
done by wss) and also make sure that only authorized targets are being proxied, 
and not any random request.
In oVirt we add one more layer to the stock novnc-websockify communication.  It 
could be that websockify added these options later on but when we integrated 
these consoles it had nothing.
We modified the client to sign the request for proxy that is verified by the 
(also modified) proxy. There are small changes but they would need to be done 
for any other client you’re trying to use (and for the proxy if you’d want to 
use a non-ovirt websockify)

HTH.
michal

> 
> On Fri, Mar 19, 2021 at 11:28 AM Vincent Royer  > wrote:
> Obviously I am assuming spice-html5 works with ovirt. Maybe it doesn't. I was 
> never able to make it work except with direct libvirt over spice.
> 
> I could never get the html5 implementation working.  If you get this new 
> spice-web-client working, please post your config to the list!
> 
>  
> ___
> Users mailing list -- users@ovirt.org 
> To unsubscribe send an email to users-le...@ovirt.org 
> 
> Privacy Statement: https://www.ovirt.org/privacy-policy.html 
> 
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/ 
> 
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/W3TBF4XPURKRVI2J3AWUDCTRCTYYHXGZ/
>  
> 
> ___
> Users mailing list -- users@ovirt.org 
> To unsubscribe send an email to users-le...@ovirt.org 
> 
> Privacy Statement: https://www.ovirt.org/privacy-policy.html 
> 
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/ 
> 
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/PJIOIEM5XXYZRAXQQJCS6MWPP3POBPMY/
>  
> 
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/6XTZH5LS63MEL6LO4PY3UGQAWKT24SCW/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XFUOLQ3HMXR4RHHDTQWEBMFJULXSQAU5/

[ovirt-users] Re: One host 4.4.5 upgade failed

[ozmen62]

journalctl returns
WARN Failed to retrieve Hosted Engine HA info, is Hosted Engine setup finished?

also, #  cat /var/log/vdsm/vdsm.log | grep ERROR

ERROR (jsonrpc/6) [storage.TaskManager.Task] 
(Task='039a0aea-a855-4e3e-b3ff-0f26c0c3900a') Unexpected error (task:880)
ERROR (jsonrpc/6) [storage.Dispatcher] FINISH getStorageDomainStats 
error=Storage domain does not exist:
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/L3QSU4V3FVH6CIKTBG5H26ZMOAILACHO/

[ovirt-users] Re: user portal

[Michal Skrivanek]

> On 23. 3. 2021, at 7:55, Enrico Becchetti  wrote:
> 
> Hi,
> 
> I've added a new ip public address and SSO_ALTERNATE_ENGINE_FQDNS,
> after that I run engine-setup. and now ovirt can also be access with a new 
> name
> but the last item is about X509 certificate.
> How can I add a second certificate for this new url ?

I think you’d have to use your own CA, the internal one doesn’t generate 
certificates with other names.
or as Didi suggested modify your DNS to use same FQDN for both ways


> Best regards.
> Enrico
> 
> Il 07/03/21 08:51, Yedidyah Bar David ha scritto:
>> On Fri, Mar 5, 2021 at 10:18 AM Enrico Becchetti
>> mailto:enrico.becche...@pg.infn.it>> wrote:
>>>   Dear all,
>>> I'm using ovirt 4.3.2 with its engine on a virtual machine. The nodes
>>> are all Centos 7.7.
>> Is this a hosted-engine?
> no
>>> Both engine and hypervisor systems work on a 10.0.0.0 private network.
>>> Now I would like to let users access the ovirt web page (user portal)
>>> and for this
>>> I must necessarily add a second network interface to the engine by
>>> inserting a public ip. I can't use NAT.
>>> Can you give me any advice for this operation ?
>>> Can I add the network interface and then run engine-setup ?
>>> Will oVirt be accessible from both ip addresses at the end of this
>>> operation ?
>> Generally speaking:
>> 
>> 1. You should be able to add an IP address to the existing NIC. If this
>> is a hosted-engine, this might be simpler than adding a NIC. Of course,
>> this might not be relevant in your case, depending on network topology,
>> conf, etc.
>> 
>> 2. The engine itself does not care at all about which IP addresses are
>> used to connect to it. Neither is httpd that is running there as a frontend
>> to it - it listens on all addresses. So just add the address somehow, perhaps
>> restart httpd if needed (but I do not think so), and everything should work.
>> 
>> 3. The engine _does_ care about the _name_. So make sure you use the
>> existing name. For this, you'll have to change your DNS, or /etc/hosts,
>> as applicable.
>> 
>> 4. If it's complex for you to keep the existing name (e.g. because you want
>> to make it work from both old and new addresses, etc.), you can also add
>> another name that the engine will agree to be connected to, using
>> SSO_ALTERNATE_ENGINE_FQDNS, see e.g. [1].
>> 
>> Best regards,
>> 
>> [1] https://www.ovirt.org/develop/networking/changing-engine-hostname.html
>> 
>>> Lots of thanks.
>>> Enrico
>>> 
>>> --
>>> ___
>>> 
>>> Enrico BecchettiServizio di Calcolo e Reti
>>> 
>>> Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
>>> Via Pascoli,c/o Dipartimento di Fisica  06123 Perugia (ITALY)
>>> Phone:+39 075 5852777   Skype:enrico_becchetti
>>>   Mail: Enrico.Becchettipg.infn.it
>>> __
>>> ___
>>> Users mailing list -- users@ovirt.org
>>> To unsubscribe send an email to users-le...@ovirt.org
>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>>> oVirt Code of Conduct: 
>>> https://www.ovirt.org/community/about/community-guidelines/
>>> List Archives: 
>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZW2SGNYGA4MEGUCA2ONQ3RVBRWIYMUJZ/
>> 
>> 
> 
> 
> -- 
> ___
> 
> Enrico BecchettiServizio di Calcolo e Reti
> 
> Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
> Via Pascoli,c/o Dipartimento di Fisica  06123 Perugia (ITALY)
> Phone:+39 075 5852777 Skype:enrico_becchetti 
> 
> Mail: Enrico.Becchettipg.infn.it
> __
> ___
> Users mailing list -- users@ovirt.org 
> To unsubscribe send an email to users-le...@ovirt.org 
> 
> Privacy Statement: https://www.ovirt.org/privacy-policy.html 
> 
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/ 
> 
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/MTSY7BKGWKFGBQXREFO4IBZESB62ESWG/
>  
> 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/EIFTHZ7D673LAPPQ7WZGUVDDQE3USLIY/

[ovirt-users] Re: What do some of the terms mean in the documentation?

[Strahil Nikolov via Users]

Hi,

ovirt has 2 types of systems:- Hypervisor- Engine

The ovirt Node is a kind of appliance that works as a Hypervisor. You can also 
use Linux host with the necessary repos and software.
The engine is a physical/virtual system that can contain the engine , which is 
the brain of the solution, and several databases (which can be moved away).
The most used case is a Hyperconverged setup (hosts should be multiple by 3) 
where :- Gluster (a network distributed ) is running locally and provides 
shared storage- oVirt vdsm (host software receiving commands from the engine) 
is taking care for engine- Hosted Engine - a VM that is running on one of the 
hosts and will serve as an Engine
Best Regards,Strahil Nikolov
 
 
  On Mon, Mar 22, 2021 at 12:14, Jayme wrote:   
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/R7YMM7ZORKLHBRGA47QB7L7DEXK3C2DU/
  
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/42M2YIOVYD2XWHELHLL2HPBPY2BQVD7Q/

[ovirt-users] Re: One host 4.4.5 upgade failed

[Vojtech Juranek]

On Tuesday, 23 March 2021 07:47:23 CET ozme...@hotmail.com wrote:
> Stop failed\nb'Job for vdsmd.service canceled.\\n' ", "stderr_lines":
> ["Error:  ServiceOperationError: _systemctlStop failed", "b'Job for
> vdsmd.service canceled.\\n' "], "stdout": "\nChecking configuration
> status...\n\nlibvirt is already configured for vdsm\nSUCCESS: ssl config

it looks like systemd failed to restart vdsmd service. Configuration itself 
looks good. Could you try manually restart vdsmd service:

systemctl restart vdsmd

If it fails, please provide output of 

journalctl -u vdsmd


signature.asc
Description: This is a digitally signed message part.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BL7MQDJQOBPXCZZQOEO4RP6KGZZOLHK5/

[ovirt-users] Re: One host 4.4.5 upgade failed

[ozmen62]

Hi again,
I've managed the reinstall last image. Now kernel is fixed.
But vdsm returns this message;

FINISH getStorageDomainStats error=Storage domain does not exist
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/4D7PDQFHELME3GCRMBEWEVR5R5OGK3VO/

[ovirt-users] Re: Cinderlib problem after upgrade from 4.3.10 to 4.4.5

[Benny Zlotnik]

If the log is empty it usually means cinderlib-client.py failed during
startup, probably because the dependencies are missing.
python3-cinderlib is required on the engine machine (and ceph-common,
since you use ceph), python3-os-brick is required on the hosts (and
ceph-common).
See the instructions here for ussuri:
https://ovirt.org/documentation/installing_ovirt_as_a_standalone_manager_with_local_databases/#Set_up_Cinderlib

On Tue, Mar 23, 2021 at 9:20 AM Marc-Christian Schröer
 wrote:
>
> Hello all,
>
> first of all thank you very much for this stable virtualization environment. 
> It has been a pillar for our company’s business for more than 5 years now and 
> after migrating from version 3 to 4 it has been so stable ever since. Anyway, 
> I ran into a problem I cannot fix on my own yesterday:
>
> After a lot of consideration and hesitation since this is a production 
> environment I followed the upgrade guide 
> (https://www.ovirt.org/documentation/upgrade_guide/), configured a vanilla 
> CentOS 8 server as controller, decommissioned the old 4.3 controller and 
> fired up the new one. It worked like a charm until I tried to migrate VMs, 
> start new ones or even create new disks. We use Ceph as managed storage, 
> providing a SSD only and a HDD only pool. The UI simply told me that there 
> was an error.
>
> I started investigating the issue and found corresponding log entries in 
> ovirt-engine.log:
>
> 2021-03-22 10:36:37,247+01 ERROR 
> [org.ovirt.engine.core.common.utils.cinderlib.CinderlibExecutor] 
> (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-24) 
> [67bf193c] cinderlib execution failed:
>
> But that was all the engine had to say about the issue. There was no stack 
> trace or additional information. There is no logfile in 
> /var/log/ovirt-engine/cinderlib/, the directory simply is empty while on the 
> other controller it was frequently filed with annoying „already mounted“ 
> messages.
>
> Can anyone help me with that issue? I searched the web for a solution or 
> someone else with the same problem, but came up empty. Is there a way to turn 
> up the log level for cinderlib? Are there any dependencies I have to install 
> besides the ovirt packages? Any help is very much appreciated!
>
> Kind regards and stay healthy,
> Marc
>
> --
> 
>
>  Dipl.-Inform. Marc-Christian Schröer  schro...@ingenit.com
>  Geschäftsführer / CEO
>  --
>  ingenit GmbH & Co. KG   Tel. +49 (0)231 58 698-120
>  Emil-Figge-Strasse 76-80Fax. +49 (0)231 58 698-121
>  D-44227 Dortmund   www.ingenit.com
>
>  Registergericht: Amtsgericht Dortmund, HRA 13 914
>  Gesellschafter : Thomas Klute, Marc-Christian Schröer
> 
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/O22IFE3PSFJ6VMCVAPINHMRCAHCRYM2A/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3EXKE44PBNBTMZT7VJP4T7RT2XSNQGGY/

[ovirt-users] Cinderlib problem after upgrade from 4.3.10 to 4.4.5

[Marc-Christian Schröer]

Hello all,

first of all thank you very much for this stable virtualization environment. It 
has been a pillar for our company’s business for more than 5 years now and 
after migrating from version 3 to 4 it has been so stable ever since. Anyway, I 
ran into a problem I cannot fix on my own yesterday:

After a lot of consideration and hesitation since this is a production 
environment I followed the upgrade guide 
(https://www.ovirt.org/documentation/upgrade_guide/ 
), configured a vanilla 
CentOS 8 server as controller, decommissioned the old 4.3 controller and fired 
up the new one. It worked like a charm until I tried to migrate VMs, start new 
ones or even create new disks. We use Ceph as managed storage, providing a SSD 
only and a HDD only pool. The UI simply told me that there was an error.

I started investigating the issue and found corresponding log entries in 
ovirt-engine.log:

2021-03-22 10:36:37,247+01 ERROR 
[org.ovirt.engine.core.common.utils.cinderlib.CinderlibExecutor] 
(EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-24) 
[67bf193c] cinderlib execution failed:

But that was all the engine had to say about the issue. There was no stack 
trace or additional information. There is no logfile in 
/var/log/ovirt-engine/cinderlib/, the directory simply is empty while on the 
other controller it was frequently filed with annoying „already mounted“ 
messages.

Can anyone help me with that issue? I searched the web for a solution or 
someone else with the same problem, but came up empty. Is there a way to turn 
up the log level for cinderlib? Are there any dependencies I have to install 
besides the ovirt packages? Any help is very much appreciated!

Kind regards and stay healthy,
Marc

-- 


 Dipl.-Inform. Marc-Christian Schröer  schro...@ingenit.com
 Geschäftsführer / CEO
 --
 ingenit GmbH & Co. KG   Tel. +49 (0)231 58 698-120
 Emil-Figge-Strasse 76-80Fax. +49 (0)231 58 698-121
 D-44227 Dortmund   www.ingenit.com

 Registergericht: Amtsgericht Dortmund, HRA 13 914
 Gesellschafter : Thomas Klute, Marc-Christian Schröer


___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/O22IFE3PSFJ6VMCVAPINHMRCAHCRYM2A/

[ovirt-users] Re: user portal

[Enrico Becchetti]

Hi,

I've added a new ip public address and SSO_ALTERNATE_ENGINE_FQDNS,
after that I run engine-setup. and now ovirt can also be access with a 
new name

but the last item is about X509 certificate.
How can I add a second certificate for this new url ?
Best regards.
Enrico

Il 07/03/21 08:51, Yedidyah Bar David ha scritto:

On Fri, Mar 5, 2021 at 10:18 AM Enrico Becchetti
 wrote:

   Dear all,
I'm using ovirt 4.3.2 with its engine on a virtual machine. The nodes
are all Centos 7.7.

Is this a hosted-engine?

no

Both engine and hypervisor systems work on a 10.0.0.0 private network.
Now I would like to let users access the ovirt web page (user portal)
and for this
I must necessarily add a second network interface to the engine by
inserting a public ip. I can't use NAT.
Can you give me any advice for this operation ?
Can I add the network interface and then run engine-setup ?
Will oVirt be accessible from both ip addresses at the end of this
operation ?

Generally speaking:

1. You should be able to add an IP address to the existing NIC. If this
is a hosted-engine, this might be simpler than adding a NIC. Of course,
this might not be relevant in your case, depending on network topology,
conf, etc.

2. The engine itself does not care at all about which IP addresses are
used to connect to it. Neither is httpd that is running there as a frontend
to it - it listens on all addresses. So just add the address somehow, perhaps
restart httpd if needed (but I do not think so), and everything should work.

3. The engine _does_ care about the _name_. So make sure you use the
existing name. For this, you'll have to change your DNS, or /etc/hosts,
as applicable.

4. If it's complex for you to keep the existing name (e.g. because you want
to make it work from both old and new addresses, etc.), you can also add
another name that the engine will agree to be connected to, using
SSO_ALTERNATE_ENGINE_FQDNS, see e.g. [1].

Best regards,

[1] https://www.ovirt.org/develop/networking/changing-engine-hostname.html


Lots of thanks.
Enrico

--
___

Enrico BecchettiServizio di Calcolo e Reti

Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica  06123 Perugia (ITALY)
Phone:+39 075 5852777   Skype:enrico_becchetti
   Mail: Enrico.Becchettipg.infn.it
__
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZW2SGNYGA4MEGUCA2ONQ3RVBRWIYMUJZ/






--
___

Enrico BecchettiServizio di Calcolo e Reti

Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica  06123 Perugia (ITALY)
Phone:+39 075 5852777   Skype:enrico_becchetti
 Mail: Enrico.Becchettipg.infn.it
__
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/MTSY7BKGWKFGBQXREFO4IBZESB62ESWG/

[ovirt-users] One host 4.4.5 upgade failed

[ozmen62]

Hi,
We have 2 hosts, upgarded to 4.4.5.
Engine and one of the hosts was successfull 
But, of of the hosts stucked and doesnt upgrade.

successful one has these kernels
# vmlinuz-4.18.0-240.1.1.el8_3.x86_64
# vmlinuz-4.18.0-240.15.1.el8_3.x86_64

Unsuccessful one has;
# vmlinuz-4.18.0-193.28.1.el8_2.x86_64
# vmlinuz-4.18.0-240.1.1.el8_3.x86_64

Unsuccessful one has "/usr/share/ovirt-node-ng-image-update/" directory and 
image but we dont make it upgrade
This is the some part of the log file from engine;

FAILED! => {"changed": true, "cmd": ["vdsm-tool", "configure", "--force"], 
"delta": "0:00:10.773484", "end": "2021-03-23 09:00:08.285785", "msg": 
"non-zero return code", "rc": 1, "start": "2021-03-23 08:59:57.512301", 
"stderr": "Error:  ServiceOperationError: _systemctlStop failed\nb'Job for 
vdsmd.service canceled.\\n' ", "stderr_lines": ["Error:  ServiceOperationError: 
_systemctlStop failed", "b'Job for vdsmd.service canceled.\\n' "], "stdout": 
"\nChecking configuration status...\n\nlibvirt is already configured for 
vdsm\nSUCCESS: ssl configured to true. No conflicts\nsanlock is configured for 
vdsm\nlvm is configured for vdsm\nCurrent revision of multipath.conf detected, 
preserving\nabrt is already configured for vdsm\nManaged volume database is 
already configured", "stdout_lines": ["", "Checking configuration status...", 
"", "libvirt is already configured for vdsm", "SUCCESS: ssl configured to true. 
No conflicts", "sanlock is configured for vdsm", "lvm is configured for vdsm", 
"Cur
 rent revision of multipath.conf detected, preserving", "abrt is already 
configured for vdsm", "Managed volume database is already configured"]}

when we triggered the dnf update/upgrade it says "there is no upgrade" both 
engine web page and cli

Is there any suggestion for upgrading the host, it's stucked on 
"NonOperational" mode
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GJIN32DXWAIA4LYRTFDS3ALCDLQ76PZ7/