[ovirt-users] Re: VDSM certs expired, manual renewal not working
Yes, that is the exact guide I followed. I can now actually use vdsm-client on each host after cert swap but ovirt-engine still can't establish connection. I had to manually generate the apache certs to get into the UI console at the beginning and that was successful. Is there a specific cert that ovirt-engine uses for mTLS handshahe? On 10/03/2023 07:54, Patrick Chiang wrote: Hi, Where do host certs need to be stored on the ovirt-engine side? Did you try this link? https://access.redhat.com/solutions/3532921 How to manually renew RHV host SSL certificate if expired? You can register a Red Hat developer subscription (free) to access this link. Patrick___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/EM52NJGLGSO76C6YB7B2RYQS2XCKTM4X/
[ovirt-users] Re: VDSM certs expired, manual renewal not working
Hi, Where do host certs need to be stored on the ovirt-engine side? > Did you try this link? https://access.redhat.com/solutions/3532921 How to manually renew RHV host SSL certificate if expired? You can register a Red Hat developer subscription (free) to access this link. Patrick ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/DJVWQB6ADHFE7EVLA5INL6VWFR5VW3UN/
[ovirt-users] Re: Bcp vm
Is it possible to correct issue through Management->SSH Management ? ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/DKG3YYHEXAIJFBDSAMI7HB7TSBKN2URX/
[ovirt-users] Re: VDSM certs expired, manual renewal not working
To continue the troubleshooting, I believe there is mutual SSL between ovirt-engine and host so I think what I am missing is to put this new cert for ovirt-engine to use it as client cert auth. But where to put it? I noticed that generating the cert does not put it in /etc/pki/ovirt-engine/certs altho I am not sure if that is significant or not. I tried to manually replace the cert there named hostname.cer but it doesn't do anything. Where do host certs need to be stored on the ovirt-engine side? I also updated the libvirt-migrate cert which has it's own key and different CA but that didn't make a difference. Best regards On 10/03/2023 05:13, cen wrote: Hi Our VDSM certs have expired, both hosts are unassigned and can't be put into maintenance from UI. vdsm-client is not working, times out even with --insecure flag. Does host and port need to be specified when run locally or should defaults work? Error in console events is: Get Host Capabilities Failed: PKIX path validation failed... I followed a RHV guide for this exact situation and generated new vdsm certificate using the ovirt-engine CA. The new cert seems identical to the old one, everything matches (algos, extensions, CA, CN, SAN etc) just new date. After restarting libvirtd and vdsmd on the host with new cert in place the host is still not reachable. However, error message is now slightly different: get Host Capabilities failed: Received fatal error: certificate_expired Cert was replaced in the following locations: /etc/pki/vdsm/certs/vdsmcert.pem /etc/pki/vdsm/libvirt-spice/server-cert.pem /etc/pki/libvirt/clientcert.pem Is there another location missing? What else can I try? All help appreciated in advance ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/HLYWZLI6OZ5CEY2WDQS5E6YKYJWZQS2F/
[ovirt-users] Re: Bcp vm
Hello Jayme. I accidentally recreated ~/.ssh/authorized_keys. Now at logs I see -- fatal: [MY_SERVER]: UNREACHABLE! => { "changed": false, "unreachable": true } Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). -- Please advice how to resolve. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/RDMPYDXV3VPURWPQBIYMDABZGKTNLS2L/
[ovirt-users] VDSM certs expired, manual renewal not working
Hi Our VDSM certs have expired, both hosts are unassigned and can't be put into maintenance from UI. vdsm-client is not working, times out even with --insecure flag. Does host and port need to be specified when run locally or should defaults work? Error in console events is: Get Host Capabilities Failed: PKIX path validation failed... I followed a RHV guide for this exact situation and generated new vdsm certificate using the ovirt-engine CA. The new cert seems identical to the old one, everything matches (algos, extensions, CA, CN, SAN etc) just new date. After restarting libvirtd and vdsmd on the host with new cert in place the host is still not reachable. However, error message is now slightly different: get Host Capabilities failed: Received fatal error: certificate_expired Cert was replaced in the following locations: /etc/pki/vdsm/certs/vdsmcert.pem /etc/pki/vdsm/libvirt-spice/server-cert.pem /etc/pki/libvirt/clientcert.pem Is there another location missing? What else can I try? All help appreciated in advance ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/W4JMNMJ34VMIIDFJFHWW4NF6SD4H4CA3/
[ovirt-users] Re: vm disk stuck on "paused by system"
Never mind that, finalization just took about an hour to finish, but its done now. I was able to successfully delete the VM, all is good again, thanks. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/FPB2MNCH7QXQ6H4ZR3CGARZX74WOHXBU/
[ovirt-users] Re: vm disk stuck on "paused by system"
I did not try that! found 2 transfers "paused by system" in /ovirt-engine/api/imagetransfers POST /ovirt-engine/api/imagetransfers/f48eb885-f82d-4f86-8e7f-cb995d1581f0/finalize complete POST /ovirt-engine/api/vms/f9ec0eaa-1721-4114-a3b2-94fa6eca3f15/backups/10404c7c-1106-413b-9ced-bdd907e996a6/finalize complete Now the task is stuck on backup finalizing > merge snapshots... which i deleted 6 hours ago, while trying to fix this issue or make it go away... So what next? :) ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/6D4433VCR7HSUXNFFSLZ4NMXIYPWN763/
[ovirt-users] Re: vm disk stuck on "paused by system"
I meant to finalize the transfer, not the backup: the api call is something like POST /ovirt-engine/imagetransfer//finalize On Thu, Mar 9, 2023 at 7:55 PM wrote: > Yes i have, below is a snippet of DEBUG log: > > [root] < POST > /ovirt-engine/api/vms/f9ec0eaa-1721-4114-a3b2-94fa6eca3f15/backups/10404c7c-1106-413b-9ced-bdd907e996a6/finalize > HTTP/1.1 > [root] > [Cannot stop VM backup. There is an active image > transfer for VM backup] > [root] > Operation Failed > [root] > > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/Z33SMJ2B27HF3SGONN7UZA6GJ6J5YENO/ > ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/62SVW7K36ZAFTH52SZIJWUZIV7IOYBHA/
[ovirt-users] Re: vm disk stuck on "paused by system"
Yes i have, below is a snippet of DEBUG log: [root] < POST /ovirt-engine/api/vms/f9ec0eaa-1721-4114-a3b2-94fa6eca3f15/backups/10404c7c-1106-413b-9ced-bdd907e996a6/finalize HTTP/1.1 [root] > [Cannot stop VM backup. There is an active image transfer for VM backup] [root] > Operation Failed [root] > ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/Z33SMJ2B27HF3SGONN7UZA6GJ6J5YENO/
[ovirt-users] Re: vm disk stuck on "paused by system"
Did you try to finalize the disk transfer first? On Thu, Mar 9, 2023 at 7:14 PM wrote: > Hi, > > i was working on my own backup application (web front end for ovirtsdk) > and i somehow managed to get my Vm disks, stuck on status: "paused by > system". > > I have tried to stop the backup and finalize the backup manually, but > nothing works. > > ovirtsdk4.Error: Fault reason is "Operation Failed". Fault detail is > "[Cannot backup VM: Disk is locked. Please try again later.]". HTTP > response code is 409. > ovirtsdk4.Error: Fault reason is "Operation Failed". Fault detail is > "[Cannot stop VM backup. There is an active image transfer for VM backup]". > HTTP response code is 409. > > The API is showing that a backup exists and is in state: > ready, the backup cannot be transferd. > > I i try and take a full new backup of the VM, all i get is more snapshots > stuck on "paused by system" i cannot delete the VM or the disk. > > Using lastest version of oVirt Software Version:4.5.4-1.el8 > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/IULXGV45DBUVQT4NXGCFL7365ZJF5F5G/ > ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/NQBLDQBM7PPWGUD6UPE4GH7QWYGX2KQ6/
[ovirt-users] vm disk stuck on "paused by system"
Hi, i was working on my own backup application (web front end for ovirtsdk) and i somehow managed to get my Vm disks, stuck on status: "paused by system". I have tried to stop the backup and finalize the backup manually, but nothing works. ovirtsdk4.Error: Fault reason is "Operation Failed". Fault detail is "[Cannot backup VM: Disk is locked. Please try again later.]". HTTP response code is 409. ovirtsdk4.Error: Fault reason is "Operation Failed". Fault detail is "[Cannot stop VM backup. There is an active image transfer for VM backup]". HTTP response code is 409. The API is showing that a backup exists and is in state: ready, the backup cannot be transferd. I i try and take a full new backup of the VM, all i get is more snapshots stuck on "paused by system" i cannot delete the VM or the disk. Using lastest version of oVirt Software Version:4.5.4-1.el8 ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/IULXGV45DBUVQT4NXGCFL7365ZJF5F5G/
[ovirt-users] Re: renew certificates
Run engine-setup on your engine, it should ask to renew the cert and CA for you. -Darrell > On Mar 9, 2023, at 6:19 AM, Demeter Tibor wrote: > > Dear listmembers, > > We have an ovirt 4.3 hyperconverged system and couple certificates will > expire in next month. > > /etc/pki/ovirt-engine/certs/ovirt-provider-ovn Apr 11 08:16:33 2023 > GMT > /etc/pki/ovirt-engine/certs/ovn-ndb.cerApr 11 08:16:32 2023 > GMT > /etc/pki/ovirt-engine/certs/ovn-sdb.cerApr 11 08:16:32 2023 > GMT > > How can I renew these certficates? > Thanks in advance, > Regards > Tibor > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/VH7LJ3UXPKY6MUPPNPAW5HBBP5OKMCXX/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/22U5GOCREWBKQX43ZNKVE6OGSGZFTKUW/
[ovirt-users] renew certificates
Dear listmembers, We have an ovirt 4.3 hyperconverged system and couple certificates will expire in next month. /etc/pki/ovirt-engine/certs/ovirt-provider-ovn Apr 11 08:16:33 2023 GMT /etc/pki/ovirt-engine/certs/ovn-ndb.cer Apr 11 08:16:32 2023 GMT /etc/pki/ovirt-engine/certs/ovn-sdb.cer Apr 11 08:16:32 2023 GMT How can I renew these certficates? Thanks in advance, Regards Tibor ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/VH7LJ3UXPKY6MUPPNPAW5HBBP5OKMCXX/
[ovirt-users] Re: Bcp vm
Exporting ova can be a decent backup method depending on environment. It can be resource intensive and you can’t do incremental backups. For an enterprise grade backup solution look into vprotect. For more simple backup operations I wrote this ansible playbook a while back to automate backing up vm ova images to an nfs mount using ansible. I’ve been using it myself for several years and it has worked well for my use case: https://github.com/silverorange/ovirt_ansible_backup On Thu, Mar 9, 2023 at 6:32 AM Ali Gusainov wrote: > Hello experts. > > Environment: > 2 identical servers running >CentOS Linux release 7.7.1908 >oVirt Version:4.3.7.2-1.el7 >No clusters configured. > NFS share for backups on third server. > > Have some questions. > 1. Need to create backups of virtual machines to NFS without downtime. Can > an 'OVA export' be a complete policy for backups? > 2. Is there a way to export vm to OVA via command line? > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/VARQGZIIZZGSMJFRMJIPWSPH3QIRM6Z7/ > ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/UNRMUSF6CKBDJQH5GLU3M2WFURS46O67/
[ovirt-users] Bcp vm
Hello experts. Environment: 2 identical servers running CentOS Linux release 7.7.1908 oVirt Version:4.3.7.2-1.el7 No clusters configured. NFS share for backups on third server. Have some questions. 1. Need to create backups of virtual machines to NFS without downtime. Can an 'OVA export' be a complete policy for backups? 2. Is there a way to export vm to OVA via command line? ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/VARQGZIIZZGSMJFRMJIPWSPH3QIRM6Z7/