[ovirt-users] Re: about the expiration time of the oVirt certs
Thanks for your recommendation! I think Ovirt should integrate tools with similar functions into the management portal. This is important for long-term user stability. On 09/30/2021 23:38, Strahil Nikolov via Users wrote: I think you are looking for certmonger, but it will require some manual steps: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system-level_authentication_guide/certmongerx Best Regards, Strahil Nikolov On Thu, Sep 30, 2021 at 10:17, Tommy Sway wrote: As you know, there are many kinds of certificates in Ovirt, used for communication, authentication and so on. However, in practice, there is a security risk related to the above certificates. That is, you need to generate a new certificate after the certificate expires. Otherwise, a problem will occur. In addition, different certificates expire at different times, which brings a lot of management trouble to users. Especially in the production system, a huge virtualization cluster may run thousands of VMS. If a cluster certificate has a problem, the impact is very serious. So I felt there was an urgent need for a technical tool that could help users quickly locate certificates, identify their expiration dates, and rebuild them. Even if there is no tool, there should be a way to solve the problems caused by partial certificate expiration. I think it should include the following points: First, how to list the certificate in detail Second, how to check the certificate expiration time Third, how to rebuild the certificate Does anyone else have this kind of confusion? What's a good solution? Thanks. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3WFDWAZ2ZE6L44YAYXK7Q5NUNZSDR4AU/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/RQZP2LZYZ74SXYN75JWV4WKLEYDTM6U7/
[ovirt-users]Re: 回复: Re: About the vm memory limit
which slows the process (in your case the VM). Is it a clerical error? Should it be speed up the process? On 09/30/2021 23:34, Strahil Nikolov via Users wrote: Each VM for that 4TB host will be a single process. When that process addresses some memory location, the kernel will lookup in the translation lookaside buffer (TLB) and in case the Host is using Hugepages the kernel needs less time to find the memory page (page table walk), which slows the process (in your case the VM). Simplified said -> the VM process should be seen as an Oracle DB. On bare metal you want to disable transparent hugepages and enable the 2M hugepages for ODB - so logically VMs doing the same workload should be treated the same way. Here is a link to Oracle's OLVM (based on oVirt): https://docs.oracle.com/en/virtualization/oracle-linux-virtualization-manager/admin/gs-optimize.html#optimize-vm-perf Best Regards, Strahil Nikolov On Thu, Sep 30, 2021 at 6:25, Tommy Sway wrote: In my scenario, the physical machine has a lot of memory (4TB), with dozens of virtual machines running on it, each vm is running a database, and every vm is set up with traditional large-page memory. In this case, whether it is necessary to set up large page memory on the physical machine and what type of large page memory should be set up, this issue has not been determined, I am also very confused. -Original Message- From: users-boun...@ovirt.org On Behalf Of Strahil Nikolov via Users Sent: Wednesday, September 29, 2021 8:50 PM To: 'users' ; Tommy Sway Subject: [ovirt-users]Re: 回复: Re: About the vm memory limit I got a 3 TB host (physical) with Oracle without Traditional Hugepages. The DB will work even without hugepages... but how much memory will be lost - that's another story. Disable the transparent Huge Pages and check this documentation - should be valid for oVirt 4.3 and OLVM 4.3 as they share the same source: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html/virtual_machine_management_guide/configuring_high_performance_virtual_machines_templates_and_pools#Configuring_Huge_Pages Best Regards, Strahil Nikolov В сряда, 29 септември 2021 г., 15:20:54 ч. Гринуич+3, Tommy Sway написа: I’am 4.3, but the memory of the VM and the SGA is large , 32GB, so the vm should set the traditional hugepage for the database SGA. I don't know how to set up a large page on a KVM host. Because if I make it a traditional big page, how big should I make it? Will non-VM SGA usage of many VMs be affected? After all, not all memory used by QEMU needs to be HugePage, and traditional large page memory needs to be used by specific code calls and is not transparent. These are all questions. From: users-boun...@ovirt.org On Behalf Of Strahil Nikolov via Users Sent: Wednesday, September 29, 2021 5:39 PM To: Tommy Sway ; 'users' Subject: [ovirt-users]Re: 回复: Re: About the vm memory limit If you are on 4.3 -> disable transparent hugepages both Hypervisor and VM. If you are using 4.4 -> disable transparent hugepages and also cobfigure regular huge pages. Best Regards, Strahil Nikolov > On Wed, Sep 29, 2021 at 5:34, Tommy Sway wrote: > From the Oracle OLVM support: > > Configuring the Hugepages for guest VMs should be suffice, however, it needs > the KVM hosts too configured with the Hugepages. > Since, if it not you may end with issues while staring the guest VMs. > > I really don't know what to do now. > > > > > > -Original Message- > From: users-boun...@ovirt.org On Behalf Of > Strahil Nikolov via Users > Sent: Tuesday, September 28, 2021 3:39 PM > To: 'users' ; Tommy Sway > Subject: [ovirt-users]Re: 回复: Re: About the vm memory limit > > I think that if you run VMs with Databases, you must disable transparent huge > pages on Hypervisour level and on VM level. Yet, if you wish you can use > regular huge pages on VM level. > > Best Regards, > Strahil Nikolov > > > > > > > В вторник, 28 септември 2021 г., 09:21:09 ч. Гринуич+3, Tommy Sway > написа: > > > > > > > What problem will appear if I use the default transparent huge page enabled > mode for physical hosts, but configure traditional huge page memory on the > virtual machine for database SGA ? > Or is it better to disable transparent huge page on physical machines and > still use traditional huge page memory on virtual machines? > > Which one is prefer ? > > > From: users-boun...@ovirt.org On Behalf Of > Strahil Nikolov via Users > Sent: Tuesday, September 28, 2021 12:05 AM > To: tommy ; 'users' > Subject: [ovirt-users]Re: 回复: Re: About the vm memory limit > > https://docs.oracle.com/en/database/oracle/oracle-database/19/ladbi/di > sabling-transparent-hugepages.html > > https://access.redhat.com/solutions/1320153 (requires RH dev > subscription or other type of subscription) -> In short add > 'transparent_hugepage=never' to the kernel params > > SLES11/12/15 -> >
[ovirt-users] Re: Using third-party certificate: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have an engine with a similar issue. You might want to revert to the old self signed cert created by installation, and then follow the instructions at https://ovirt.org/documentation/administration_guide/index.html to try re-installing the third party cert after you're sure the original cert is working properly. My temp fix for this (didn't survive an engine VM reboot) was to cat the cert I was installing with its intermediate-root cert into a file named full.crt and then running a command as root like... keytool -import -trustcacerts -keystore /etc/pki/java/cacerts -storepass changeit -alias "$YOURALIAS" -import -file full.crt and then systemctl restart ovirt-engine #to pick up the change. Still trying to track down what's different on this one vs others that work. key size is larger cert has alternative name. On Thu, Sep 30, 2021 at 4:47 PM Nicolás wrote: > Please, any help with this? > > El 29/9/21 a las 13:21, nico...@devels.es escribió: > > Hi, > > > > I'm making a bare metal oVirt installation, version 4.4.8. > > 'ovirt-engine' command ends well, however, we're using a third-party > > certificate (from LetsEncrypt) both for the apache server and the > > ovirt-websocket-proxy. So we changed configuration files regarding > > httpd and ovirt-websocket-proxy. > > > > Once changed the configurations, if I try to log in to the oVirt > > engine, I get a "PKIX path building failed: > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > > find valid certification path to requested target" error. > > > > In prior versions we used to add the chain to the > > /etc/pki/ovirt-engine/.truststore file, however, simply listing the > > current certificates seems not to be working on 4.4.8. > > > > # LANG=C keytool -list -keystore /etc/pki/ovirt-engine/.truststore > > -alias intermedia_le -storepass mypass > > keytool error: java.io.IOException: Invalid keystore format > > > > Is there something I'm missing here? > > > > Thank > > ___ > > Users mailing list -- users@ovirt.org > > To unsubscribe send an email to users-le...@ovirt.org > > Privacy Statement: https://www.ovirt.org/privacy-policy.html > > oVirt Code of Conduct: > > https://www.ovirt.org/community/about/community-guidelines/ > > List Archives: > > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/5VWVBQGIWJSPWVTV5UK2I2VXBNDV6GSS/ > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/VKYBE6TJZFMAXX2G6GPMXIQYW7F5LABY/ > ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/K7Q2WDCSCZPSKL2IHJA6C2BIFGYLH3IZ/
[ovirt-users] Re: Using third-party certificate: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Please, any help with this? El 29/9/21 a las 13:21, nico...@devels.es escribió: Hi, I'm making a bare metal oVirt installation, version 4.4.8. 'ovirt-engine' command ends well, however, we're using a third-party certificate (from LetsEncrypt) both for the apache server and the ovirt-websocket-proxy. So we changed configuration files regarding httpd and ovirt-websocket-proxy. Once changed the configurations, if I try to log in to the oVirt engine, I get a "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" error. In prior versions we used to add the chain to the /etc/pki/ovirt-engine/.truststore file, however, simply listing the current certificates seems not to be working on 4.4.8. # LANG=C keytool -list -keystore /etc/pki/ovirt-engine/.truststore -alias intermedia_le -storepass mypass keytool error: java.io.IOException: Invalid keystore format Is there something I'm missing here? Thank ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/5VWVBQGIWJSPWVTV5UK2I2VXBNDV6GSS/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/VKYBE6TJZFMAXX2G6GPMXIQYW7F5LABY/
[ovirt-users] Re: about the expiration time of the oVirt certs
I think you are looking for certmonger, but it will require some manual steps: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system-level_authentication_guide/certmongerx Best Regards,Strahil Nikolov On Thu, Sep 30, 2021 at 10:17, Tommy Sway wrote: As you know, there are many kinds of certificates in Ovirt, used for communication, authentication and so on. However, in practice, there is a security risk related to the above certificates. That is, you need to generate a new certificate after the certificate expires. Otherwise, a problem will occur. In addition, different certificates expire at different times, which brings a lot of management trouble to users. Especially in the production system, a huge virtualization cluster may run thousands of VMS. If a cluster certificate has a problem, the impact is very serious. So I felt there was an urgent need for a technical tool that could help users quickly locate certificates, identify their expiration dates, and rebuild them. Even if there is no tool, there should be a way to solve the problems caused by partial certificate expiration. I think it should include the following points: First, how to list the certificate in detail Second, how to check the certificate expiration time Third, how to rebuild the certificate Does anyone else have this kind of confusion? What's a good solution? Thanks. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3WFDWAZ2ZE6L44YAYXK7Q5NUNZSDR4AU/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/6UKQQE7QYIRCEEDAPJ4MQ4CUY7UK2XOX/
[ovirt-users] SSl vdmsd failed ssl
Hello, good evening, I want to consult the following case, we have two ovirt 3.6 servers with hosted-engine, yesterday some multipath servers were presented and two machines were blocked, which was not possible to start, checking we found that the ssl of the nodes They are expired and we change them only in the nodes. We could start the hosted-engine but the two nodes are not responsive comes out in vdsm daemon vdsm [43067]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: unexpected eof I appreciate any ideas or suggestions to be able to recover normal operation. Thanks ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/TH6KYE4H2N2NHCI4SFBSIEQY27BA3TQC/
[ovirt-users]Re: 回复: Re: About the vm memory limit
Each VM for that 4TB host will be a single process. When that process addresses some memory location, the kernel will lookup in the translation lookaside buffer (TLB) and in case the Host is using Hugepages the kernel needs less time to find the memory page (page table walk), which slows the process (in your case the VM). Simplified said -> the VM process should be seen as an Oracle DB. On bare metal you want to disable transparent hugepages and enable the 2M hugepages for ODB - so logically VMs doing the same workload should be treated the same way. Here is a link to Oracle's OLVM (based on oVirt): https://docs.oracle.com/en/virtualization/oracle-linux-virtualization-manager/admin/gs-optimize.html#optimize-vm-perf Best Regards,Strahil Nikolov On Thu, Sep 30, 2021 at 6:25, Tommy Sway wrote: In my scenario, the physical machine has a lot of memory (4TB), with dozens of virtual machines running on it, each vm is running a database, and every vm is set up with traditional large-page memory. In this case, whether it is necessary to set up large page memory on the physical machine and what type of large page memory should be set up, this issue has not been determined, I am also very confused. -Original Message- From: users-boun...@ovirt.org On Behalf Of Strahil Nikolov via Users Sent: Wednesday, September 29, 2021 8:50 PM To: 'users' ; Tommy Sway Subject: [ovirt-users]Re: 回复: Re: About the vm memory limit I got a 3 TB host (physical) with Oracle without Traditional Hugepages. The DB will work even without hugepages... but how much memory will be lost - that's another story. Disable the transparent Huge Pages and check this documentation - should be valid for oVirt 4.3 and OLVM 4.3 as they share the same source: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html/virtual_machine_management_guide/configuring_high_performance_virtual_machines_templates_and_pools#Configuring_Huge_Pages Best Regards, Strahil Nikolov В сряда, 29 септември 2021 г., 15:20:54 ч. Гринуич+3, Tommy Sway написа: I’am 4.3, but the memory of the VM and the SGA is large , 32GB, so the vm should set the traditional hugepage for the database SGA. I don't know how to set up a large page on a KVM host. Because if I make it a traditional big page, how big should I make it? Will non-VM SGA usage of many VMs be affected? After all, not all memory used by QEMU needs to be HugePage, and traditional large page memory needs to be used by specific code calls and is not transparent. These are all questions. From: users-boun...@ovirt.org On Behalf Of Strahil Nikolov via Users Sent: Wednesday, September 29, 2021 5:39 PM To: Tommy Sway ; 'users' Subject: [ovirt-users]Re: 回复: Re: About the vm memory limit If you are on 4.3 -> disable transparent hugepages both Hypervisor and VM. If you are using 4.4 -> disable transparent hugepages and also cobfigure regular huge pages. Best Regards, Strahil Nikolov > On Wed, Sep 29, 2021 at 5:34, Tommy Sway wrote: > From the Oracle OLVM support: > > Configuring the Hugepages for guest VMs should be suffice, however, it needs > the KVM hosts too configured with the Hugepages. > Since, if it not you may end with issues while staring the guest VMs. > > I really don't know what to do now. > > > > > > -Original Message- > From: users-boun...@ovirt.org On Behalf Of > Strahil Nikolov via Users > Sent: Tuesday, September 28, 2021 3:39 PM > To: 'users' ; Tommy Sway > Subject: [ovirt-users]Re: 回复: Re: About the vm memory limit > > I think that if you run VMs with Databases, you must disable transparent huge > pages on Hypervisour level and on VM level. Yet, if you wish you can use > regular huge pages on VM level. > > Best Regards, > Strahil Nikolov > > > > > > > В вторник, 28 септември 2021 г., 09:21:09 ч. Гринуич+3, Tommy Sway > написа: > > > > > > > What problem will appear if I use the default transparent huge page enabled > mode for physical hosts, but configure traditional huge page memory on the > virtual machine for database SGA ? > Or is it better to disable transparent huge page on physical machines and > still use traditional huge page memory on virtual machines? > > Which one is prefer ? > > > From: users-boun...@ovirt.org On Behalf Of > Strahil Nikolov via Users > Sent: Tuesday, September 28, 2021 12:05 AM > To: tommy ; 'users' > Subject: [ovirt-users]Re: 回复: Re: About the vm memory limit > > https://docs.oracle.com/en/database/oracle/oracle-database/19/ladbi/di > sabling-transparent-hugepages.html > > https://access.redhat.com/solutions/1320153 (requires RH dev > subscription or other type of subscription) -> In short add > 'transparent_hugepage=never' to the kernel params > > SLES11/12/15 -> > https://www.suse.com/c/sles-1112-os-tuning-optimisation-guide-part-1/ > > > Best Regards, > Strahil Nikolov > > > > > >> On Mon, Sep 27, 2021 at 16:33,
[ovirt-users] Re: Intermittent failure to upload ISOs
On Thu, Sep 30, 2021 at 12:23 PM wrote: Thanks for reporting. > This may be the same issue as described here: > https://lists.ovirt.org/archives/list/users@ovirt.org/thread/CJISJIDQKSINIJUA5UO6Y4BRFQYEOYLA/ > https://bugzilla.redhat.com/show_bug.cgi?id=1977276 > > I am on 4.4.8.6-1.el8, installed a couple days ago from the ovirt node ISO. > In particular, I noticed if I SSH into the hosted engine and tail -f > /var/log/ovirt-imageio/daemon.log, in the failure case I get something like: > > 2021-09-30 08:15:52,330 INFO(Thread-8) [http] OPEN connection=8 > client=:::192.168.1.53 > 2021-09-30 08:16:23,315 INFO(Thread-8) [http] CLOSE connection=8 > client=:::192.168.1.53 [connection 1 ops, 30.984947 s] [dispatch 1 ops, > 0.97 s] There is no activity since the upload never started. > No activity in tail -f /var/log/ovirt-imageio/daemon.log on the host (I only > have one host) in the failure case, just the engine. In the success case, > there is activity in both logs. > > It is very intermittent. Sometimes uploads work most of the time (maybe 4 out > of 5), and I've had other times that uploads do not work at all (0 out of 5). > > I think when it's behaving particularly badly, restarting the engine > (hosted-engine --vm-shutdown, then hosted-engine --vm-start) helps, but I > haven't figured out a reliable pattern. (I am logged in as admin.) I've tried > several browsers, closing/reopening the browser, etc. > > Hoping this info will help in tracking it down. We tracked this down, and it is fixed upstream. The fix should be available in 4.4.9. See https://gerrit.ovirt.org/c/ovirt-engine/+/116861 Until this is fixed, you can upload using the SDK, which is also a better way to upload and download images anyway. Install these packages on the host used for uploading: dnf install ovirt-imageio-client python3-ovirt-engine-sdk4 (packages are already installed on hosts and engine) Create ovirt configuration file if needed: $ cat ~/.config/ovirt.conf [my-engine] engine_url = https://my-engine.example.com username = admin@internal password = mypassword cafile = /path/to/cacert.pem cafile can be downloaded from: https://my-engine.example.com/ovirt-engine/services/pki-resource?resource=ca-certificate=X509-PEM-CA Then you can upload using: python3 /usr/share/doc/python3-ovirt-engine-sdk4/examples/upload_disk.py -c my-engine --sd-name my-storage-domain /path/to/iso See --help for more options. Nir ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/VANDRITI5YPVDLCSJ7FSOPLBF5DDKCGB/
[ovirt-users] Re: oVirt/Hyperconverged issue
Thank you for the clarification. On Tue, Sep 28, 2021 at 9:05 PM Jayme wrote: > With 4 servers only three would be used for hyperconverged storage, the > 4th would be added as a compute node which would not participate in > GlusterFS storage. > > To expand hyper-converged to more than 3 servers you have to add hosts in > multiples of 3 > > On Tue, Sep 28, 2021 at 9:49 AM wrote: > >> Kindly share also for the latest ovirt OS 4.4 is it possible the >> Hyperconverged to scaling up till 4 nodes? or only can use 3 nodes? >> ___ >> Users mailing list -- users@ovirt.org >> To unsubscribe send an email to users-le...@ovirt.org >> Privacy Statement: https://www.ovirt.org/privacy-policy.html >> oVirt Code of Conduct: >> https://www.ovirt.org/community/about/community-guidelines/ >> List Archives: >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/SG725S4G57UAVBTBV5QLBO7V2AOF2MCO/ >> > ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/KYVREKY24USAWWV3W5RS2LLON6BNS7VO/
[ovirt-users] Intermittent failure to upload ISOs
This may be the same issue as described here: https://lists.ovirt.org/archives/list/users@ovirt.org/thread/CJISJIDQKSINIJUA5UO6Y4BRFQYEOYLA/ https://bugzilla.redhat.com/show_bug.cgi?id=1977276 I am on 4.4.8.6-1.el8, installed a couple days ago from the ovirt node ISO. In particular, I noticed if I SSH into the hosted engine and tail -f /var/log/ovirt-imageio/daemon.log, in the failure case I get something like: 2021-09-30 08:15:52,330 INFO(Thread-8) [http] OPEN connection=8 client=:::192.168.1.53 2021-09-30 08:16:23,315 INFO(Thread-8) [http] CLOSE connection=8 client=:::192.168.1.53 [connection 1 ops, 30.984947 s] [dispatch 1 ops, 0.97 s] No activity in tail -f /var/log/ovirt-imageio/daemon.log on the host (I only have one host) in the failure case, just the engine. In the success case, there is activity in both logs. It is very intermittent. Sometimes uploads work most of the time (maybe 4 out of 5), and I've had other times that uploads do not work at all (0 out of 5). I think when it's behaving particularly badly, restarting the engine (hosted-engine --vm-shutdown, then hosted-engine --vm-start) helps, but I haven't figured out a reliable pattern. (I am logged in as admin.) I've tried several browsers, closing/reopening the browser, etc. Hoping this info will help in tracking it down. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/DZMW4JFTLB5XAEKKJTYAFXUOOCVF3RDR/
[ovirt-users] about the expiration time of the oVirt certs
As you know, there are many kinds of certificates in Ovirt, used for communication, authentication and so on. However, in practice, there is a security risk related to the above certificates. That is, you need to generate a new certificate after the certificate expires. Otherwise, a problem will occur. In addition, different certificates expire at different times, which brings a lot of management trouble to users. Especially in the production system, a huge virtualization cluster may run thousands of VMS. If a cluster certificate has a problem, the impact is very serious. So I felt there was an urgent need for a technical tool that could help users quickly locate certificates, identify their expiration dates, and rebuild them. Even if there is no tool, there should be a way to solve the problems caused by partial certificate expiration. I think it should include the following points: First, how to list the certificate in detail Second, how to check the certificate expiration time Third, how to rebuild the certificate Does anyone else have this kind of confusion? What's a good solution? Thanks. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3WFDWAZ2ZE6L44YAYXK7Q5NUNZSDR4AU/
[ovirt-users] Re: oVirt - No supported package manager found in your system
On Thu, Sep 16, 2021 at 12:31 PM German Sandoval wrote: > > Probably this isn't the place to ask, but I'm doing a test with an Almalinux > Physical host and trying to install a standalone instance and I get this > error when I use the Engine-Setup, I'm using a Centos stream guide. > > [ INFO ] Stage: Initializing > [ INFO ] Stage: Environment setup > Configuration files: > /etc/ovirt-engine-setup.conf.d/10-packaging-jboss.conf, > /etc/ovirt-engine-setup.conf.d/10-packaging.conf > Log file: > /var/log/ovirt-engine/setup/ovirt-engine-setup-20210915140413-hsjs2f.log > Version: otopi-1.9.5 (otopi-1.9.5-1.el8) > [ ERROR ] Failed to execute stage 'Environment setup': No supported package > manager found in your system Please check/share the complete log - the snippet you copied isn't enough. I am not aware of anyone trying this yet. Should hopefully not be that hard. > I haven't found I guide for Alma Linux, So I can assume maybe oVirt still not > supported on this OS, I couldn't find much information regarding this error. This error is emitted when engine-setup fails to initiate both yum (which it used in el7) and dnf. > > https://bugzilla.redhat.com/show_bug.cgi?id=1908602 > https://bugzilla.redhat.com/show_bug.cgi?format=multiple=1909965 I don't think these are related. Best regards, -- Didi ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/GWSW4QDVP2GFBJOHNGCPAR2OCP6OMPRG/
[ovirt-users] Help ovirt 3.6
Hello, good evening, I want to consult the following case, we have two ovirt 3.6 servers with hosted-engine, yesterday some multipath servers were presented and two machines were blocked, which was not possible to start, checking we found that the ssl of the nodes They are expired and we change them only in the nodes. We could start the hosted-engine but the two nodes are not responsive comes out in vdsm daemon vdsm [43067]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: unexpected eof I appreciate any ideas or suggestions to be able to recover normal operation. Thanks ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/V7KZDVA3HDBHEKI4TYFQAMGIO3HSK7NS/
