from:"Patrick Hibbs"

[ovirt-users] Re: ovirt 4.5 VNC Failed to complete handshake Error in the pull function on Windows

2023-06-24 Thread Patrick Hibbs

/src/vncconnection.c No CA certificate provided, using GNUTLS global 
trust


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:34.111: 
../src/vncconnection.c Failed to find certificate CA/cacrl.pem


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:34.113: 
../src/vncconnection.c Failed to find certificate 
libvirt/private/clientkey.pem


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:34.113: 
../src/vncconnection.c Failed to find certificate libvirt/clientcert.pem


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:34.114: 
../src/vncconnection.c Waiting for missing credentials


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:34.117: 
../src/vncconnection.c Got all credentials


(

remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:34.120: 
../src/vncconnection.c No CA certificate provided; trying the system 
trust store instead


(remote-viewer.exe:9460): GLib-GIO-WARNING **: 19:16:34.120: 
Unexpectedly, UWP app 
`Clipchamp.Clipchamp_2.6.2.0_neutral__yxz26nhyzhsrt' (AUMId 
`Clipchamp.Clipchamp_yxz26nhyzhsrt!App') supports 41 extensions but 
has no verbs


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:34.132: 
../src/vncconnection.c Using the system trust store and CRL


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:34.132: 
../src/vncconnection.c No client cert or key provided


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:34.133: 
../src/vncconnection.c No CA revocation list provided


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:34.133: 
../src/vncconnection.c Error: Failed to complete handshake Error in 
the pull function.


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:34.134: 
../src/vncconnection.c Emit main context 16


(remote-viewer.exe:9460): virt-viewer-WARNING **: 19:16:34.134: 
vnc-session: got vnc error Failed to complete handshake Error in the 
pull function.


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:34.135: 
../src/vncdisplay.c VNC server error


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:34.135: 
../src/vncconnection.c Auth failed


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:34.135: 
../src/vncconnection.c Doing final VNC cleanup


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:34.136: 
../src/vncconnection.c Close VncConnection=070f1c90


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:34.136: 
../src/vncconnection.c Emit main context 15


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:34.137: 
../src/vncdisplay.c Disconnected from VNC server


(remote-viewer.exe:9460): virt-viewer-DEBUG: 19:16:34.137: Not 
removing main window 0 044694d0


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:34.138: 
../src/vncdisplay.c Grab sequence is now


(remote-viewer.exe:9460): virt-viewer-DEBUG: 19:16:34.138: Disconnected

(remote-viewer.exe:9460): virt-viewer-DEBUG: 19:16:47.126: close 
vnc=070ec090


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:47.127: 
../src/vncconnection.c Init VncConnection=053f6af0


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:47.127: 
../src/vncdisplaykeymap.c Using Win32 virtual keycode mapping


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:47.128: 
../src/vncdisplay.c Grab sequence is now Control_L+Alt_L


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:47.129: 
../src/vncdisplay.c Display destroy, requesting that VNC connection close


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:47.129: 
../src/vncdisplay.c Releasing VNC widget


(remote-viewer.exe:9460): gtk-vnc-DEBUG: 19:16:47.129: 
../src/vncconnection.c Finalize VncConnection=053f6af0


            This looks like your Windows host lacks the ovirt-engine CA 
in it's trust store. You should try importing the CA first before 
opening the console.vv file.


            It's not possible* to use a third party CA to secure the 
VNC connections. As the VNC connections originate on the virtualization 
hosts themselves, the CA that they use is the internal ovirt-engine CA 
that was automatically generated by engine-setup.


            If you don't want to import the ovirt-engine CA on the 
end-user machines, your best option is to force end users through the 
end-user portal. Alternatively, you could disable VNC encryption 
entirely and secure the link via other means.




            *: Technically it is possible to use a third party CA cert 
on the VNC connections, but it will only work until VDSM reboots the 
host or performs a host upgrade. As there is no way to force VDSM to 
ignore the "invalid" custom cert.



-Patrick Hibbs

The solutions provided here was not successfull 
https://access.redhat.com/solutions/6217601


BR

R A


___
Users mailing list --users@ovirt.org
To unsubscribe send an email tousers-le...@ovirt.org
Privacy Statement:https://www.ovirt.org/privacy-policy.html
oVirt Code of 
Conduct:https://www.ovirt.org/community/about/community-guidelines/
List 
Archives:https://lists.ovirt.org/archives/list/users@ovirt.org/message/XG7T3A77SJKNTFBEOCVETNOXLJM4VZS5/___

[ovirt-users] Re: Warning alert: Failed to parse server certificates

2022-12-02 Thread Patrick Hibbs

Hello,

Is that an error on the oVirt login page or is that an error generated
by the web browser?

What do your engine logs (in /var/log/ovirt-engine) say?

I'm afraid you'll need to give more information for others to be able to
help you.

-Patrick Hibbs

On 12/2/22 12:39, m...@alexsmirnov.us wrote:

After an update 2 days ago we no longer able to log into the oVirt console.
The certificate was expiring, so we ran the system update and the ovirt-engine
update as well. It went fine and re-issued (upgraded) certificates. After the
work was done, we no longer able to log into the WEB UI. The error we get on
the screen is 'Failed to parse server certificates'. After an attempt to login
as local administrator, it reverts back to landing page with the same error.
Any help is appreciated at this time.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZJO3UF7ECUFK4GMSK64LQPQB46LMQFS5/

[ovirt-users] Re: Forced restart when losing communication with the Storages

2022-11-30 Thread Patrick Hibbs

Hello,

I've seen something similar to this too. Although, for me it occurred
when a standalone engine attempted to allocate a new disk on a Gluster
storage. While the cluster's VMs were experiencing high virtual disk
I/O. (Found out later they were doing updates at an odd time...)

The result was random VMs being forced off until it had cleared enough
of the bottleneck, and one host was rebooted. After around 3 minutes of
wait time. I'm assuming it used ssh as the hosts in question have a
configuration problem with their power management and cannot be reset
currently by the PDU. But it was still an odd occurrence given that the
engine host itself was the cause of the storage "outage."

Is this the correct behavior of oVirt?

-Patrick Hibbs

On 11/30/22 07:45, Murilo Morais wrote:
Konstantin, thank you very much for the explanation, it was very
enlightening.

I believe I left something open in the previous message.

I'm using Hosted Engine, all VMs have HA enabled and Power Management
is disabled on all hosts. No IPMI configured (at least I didn't
configure anything about iLO/IPMI in oVirt).

There was a loss of communication with the Storage for approximately 3
minutes and this caused all Hosts to reboot.

Em qua., 30 de nov. de 2022 às 08:50, Volenbovskyi, Konstantin
escreveu:

Hi,

I would say that you observed ‘fencing’ and not SSH soft fencing,
but actual reboot via IPMI.

https://www.ovirt.org/develop/developer-guide/engine/automatic-fencing.html

You can disable Power management for hosts.

Before doing that you need to understand following:

-what is impact on VMs when this happens?

-the working assumption is that your VMs work just fine, but you
need to think about other cases where VMs lose their storage
and/or network.

For me it seems that this was storage domain that is not a VM
storage domain, so VMs’ disks were just fine.

Maybe it was hosted_storage domain in your case…

-any of those VMs are High-availability VMs? Once you disable
Power Management you will not have automatic restart on different
hosts of those.

You need to understand that idea of fencing is either to recover
host automatically and possibly to restart VMs

and make sure that there are no duplicated VMs.

There are 100% cases where fencing is used and there is subset of
those, X% number of cases where you would consider that behavior
is suboptimal.

The drawback of disabling fencing is that you might get suboptimal
behavior in Y% cases (100% minus X%)

BR,

Konstantin

*From: *Murilo Morais
*Date: *Wednesday, 30 November 2022 at 12:13
*To: *users
*Subject: *[ovirt-users] Forced restart when losing communication
with the Storages

Good morning everyone!

Is there a way to disable the forced reboot of the machines? This
morning there was an event in our infrastructure where the hosts
lost communication with the Storage but this caused all the hosts
to restart abruptly.

Would this be the correct behavior of oVirt? Is there any way to
disable this?

___
Users mailing list --users@ovirt.org
To unsubscribe send an email tousers-le...@ovirt.org
Privacy Statement:https://www.ovirt.org/privacy-policy.html
oVirt Code of
Conduct:https://www.ovirt.org/community/about/community-guidelines/
List
Archives:https://lists.ovirt.org/archives/list/users@ovirt.org/message/JVNIMYBAXJE3YTM2BKB57VGYES2GIRF3/___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/G53SP5NRFJKBEFBJPIJYMXA2OFKB4IKI/

[ovirt-users] Re: About oVirt’s future

2022-11-15 Thread Patrick Hibbs

Hello all,

 For anyone's wondering about oVirt's chances of ongoing
development,
this: https://github.com/oVirt/ovirt-engine/pulse/monthly is the
current monthly stats (issues closed, commits made, number of
contributors, etc.) on just the engine's GitHub repo, within the oVirt
organization. (I.e. not VDSM, or the ansible scripts, etc. Those stats
are available in their respective repos linked
here: https://github.com/orgs/oVirt/repositories) As of this mail, the
engine alone also has 228 forks on GitHub. (Which are not necessarily
"forks" as in "We're creating our own version for the public", as they
are personal repos that are used as staging areas for getting changes /
commits pulled into the main project.) I highly doubt that all of
those forks are solely Red Hat employees and their local working trees,
so the project appears to be safe for now development wise, but if a RH
person wants to clarify feel free to do so. A list of known non-RH
contributors to compare to would be nice, as GitHub doesn't make that
obvious. 

 For those still worried, there's also been access requests for
translation submissions right here on the user mailing list. (As of
this mail, the most recent seems to have been on Oct
21: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JJ4FLNKSSQN7PKURKMOVVBMAKLQXQO6K/
 ). So there's definitely a healthy amount of interest in oVirt's
future development. Like others in this thread however, I too would
like to know if there is an overall management group / "public face"
that has been settled on by the community, or if RH still has the final
say over everything? If it's still the latter, are we to the point yet
of needing to create such a group? Or is that planned and the oVirt
project hasn't gotten to that stage yet?

 With regards to didi's request for mailing list moderators, I
imagine there are others more qualified than myself for that task, that
have also been here far longer than me, but I wouldn't mind helping if
permitted.

-Patrick Hibbs

On Tue, 2022-11-15 at 07:44 +, Nathanaël Blanchet via Users wrote:
> Hello all,
> This is definitely a really sad new, but it is a natural consequence
> of rhv die and I don't know why redhat should continue to invest in
> ovirt.
> I believed that more professional developpers were involved in RHV
> project, beginning by big companies as oracle who provides downstream
> OLVM... Does it mean they are about to let their own commercial
> product die as well if they don't involve in the upstream ovirt
> project? 
> I think as well about Chinese community that do love ovirt.
> Was redhat really the only one to develop ovirt? They made great job
> and this software is wonderfully mature after more of 10 years of
> development. 
> Sorry to tell that not everybody is able to lead such a big project,
> someone may contribute to some part but we do need genius or
> professional developpers if we want ovirt to survive.
> Most of the job has been accomplished for the ovirt project we all
> know and I'm sure okd can't be in the next months or years the
> immediate ovirt replacement. So without developing new features, the
> main effort may be to maintain it by integrating new package versions
> like el9,wildfly and so on...
> Definitely a sad new...
> 
> Le 14 nov. 2022 23:40, Frank Wall  a écrit :
> Hi Didi,
> 
> thanks for keeping us updated. However, I'm concerned...
> 
> > Ultimately, the future of oVirt lies in the hands of the community.
> If
> > you, as a community member, use and like oVirt, and want to see it
> > thrive, now is the best time to help with this!
> 
> I don't want to be rude, but this sounds to me like no developers
> have shown interest in keeping oVirt alive. Is this true? Is no other
> company actively developing oVirt anymore?
> 
> > We worked hard over the last year or so on making sure the oVirt
> > project will be able to sustain development even without much
> > involvement from us - including moving most of the infrastructure
> from
> > private systems that were funded by/for oVirt/RHV, elsewhere - code
> > review from Gerrit to GitHub, and CI (Continuous Integration) from
> > jenkins to GitHub/Copr/CentOS CBS.
> 
> I appreciate the effort to make the source code accessible. However,
> I'm also wondering: was any sort of governing organization
> established,
> so that development could actually take place when RedHat pulls the 
> plug?
> 
> The answer to this is probably related to my previous question,
> whether
> or not there are any non-RedHat developers involved.
> 
> 
> Ciao
> - Frank
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement:

[ovirt-users] Re: Engine's certification is about to expire at .... Please renew the engine's certification.

2022-10-19 Thread Patrick Hibbs

Yes as long as you rerun engine-setup it should renew the internal CA
and it's certs, even if you don't actually upgrade the engine.

-Patrick Hibbs

On Fri, 2022-10-14 at 08:40 +0100, nico...@devels.es wrote:
> Thanks Patrick.
> 
> We're not planning to upgrade the engine yet, would this solution
> still 
> be valid if I re-run the engine-setup process without upgrading to
> 4.5?
> 
> Thanks again.
> 
> El 2022-10-13 19:17, Patrick Hibbs escribió:
> > Hello,
> > 
> > That means the engine certificate signed by the internal engine CA
> > is
> > about to expire. (It's used to communicate with VDSM and VNC
> > connections.)
> > 
> > The engine should auto renew it during the next upgrade. If you
> > have
> > downtime, you can renew it manually by rerunning engine-setup on
> > the
> > engine host.
> > 
> > The custom cert you give to apache is not affected by this renewal,
> > but
> > the engine will start having issues if it's internal cert isn't
> > renewed.
> > 
> > Do keep in mind that some users have reported having issues when
> > renewing this cert, (engine-setup not actually renewing it
> > properly,
> > hosts loosing connectivity, etc.) so I would plan on there being a
> > complete service interruption, e.g. all VMs inaccessible / down,
> > during
> > the renewal process. (Maybe do it over a weekend.)
> > 
> > -Patrick Hibbs
> > 
> > On Thu, 2022-10-13 at 11:14 +0100, nico...@devels.es wrote:
> > > Hi,
> > > 
> > > I'm running oVirt 4.4 and recently I got a message in the events
> > > list
> > > like this:
> > > 
> > >    Engine's certification is about to expire at 2022-10-30.
> > > Please
> > > renew
> > > the engine's certification.
> > > 
> > > What does that exactly mean? And how can it be renewed?
> > > 
> > > I'm using a custom TLS certificate both for web access and
> > > websocket
> > > proxy. Does it need to be renewed anyways?
> > > 
> > > Thanks.
> > > ___
> > > Users mailing list -- users@ovirt.org
> > > To unsubscribe send an email to users-le...@ovirt.org
> > > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > > oVirt Code of Conduct:
> > > https://www.ovirt.org/community/about/community-guidelines/
> > > List Archives:
> > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/Y6VVJOL47YPYGNMXXWUK24F752PRKMLV/
> > 
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > oVirt Code of Conduct:
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/SK4HD755QPUFVXOWPIJ56NMM5F65GP6N/
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/QM3CTGTR566MBD5HBMZKW4GR7NHWXWCQ/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7GEQ5GUWJUUZSNAZFBS4XUWUBUM4VJME/

[ovirt-users] Re: Engine's certification is about to expire at .... Please renew the engine's certification.

2022-10-13 Thread Patrick Hibbs

Hello,

That means the engine certificate signed by the internal engine CA is
about to expire. (It's used to communicate with VDSM and VNC
connections.)

The engine should auto renew it during the next upgrade. If you have
downtime, you can renew it manually by rerunning engine-setup on the
engine host.

The custom cert you give to apache is not affected by this renewal, but
the engine will start having issues if it's internal cert isn't
renewed.

Do keep in mind that some users have reported having issues when
renewing this cert, (engine-setup not actually renewing it properly,
hosts loosing connectivity, etc.) so I would plan on there being a
complete service interruption, e.g. all VMs inaccessible / down, during
the renewal process. (Maybe do it over a weekend.)

-Patrick Hibbs

On Thu, 2022-10-13 at 11:14 +0100, nico...@devels.es wrote:
> Hi,
> 
> I'm running oVirt 4.4 and recently I got a message in the events list
> like this:
> 
>    Engine's certification is about to expire at 2022-10-30. Please
> renew 
> the engine's certification.
> 
> What does that exactly mean? And how can it be renewed?
> 
> I'm using a custom TLS certificate both for web access and websocket 
> proxy. Does it need to be renewed anyways?
> 
> Thanks.
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/Y6VVJOL47YPYGNMXXWUK24F752PRKMLV/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SK4HD755QPUFVXOWPIJ56NMM5F65GP6N/

[ovirt-users] Re: noVNC console doesn't work.

2022-10-03 Thread Patrick Hibbs

If that file doesn't exist on the engine VM, then you might want to try
checking the RPM database on that VM and make that sure you don't have
broken packages. Run $dnf check and $rpm --verify -a
That should give you a list of what packages are broken and what files
are missing / corrupted. You can then reinstall the affected packages.

The CA used by noVNC is the engine's internal CA. Regardless as to what
apache is set to use on the engine host. Your paid CA cert is
irrelevant here.
Longer explanation: The VNC connection originates from the hypervisor
host running the target VM, not the engine VM itself. Essentially,
noVNC is a web app that was pulled into the browser using a connection
secured by your paid CA, then the web app established a new connection
to a different server (the hypervisor host) using a different CA (the
engine's internal CA).

-Patrick Hibbs

On Mon, 2022-10-03 at 20:47 +0200, Jirka Simon wrote:
> Ahoj Michale,
> 
> I tried it and the result is the same.  Message in engine log is
> strange file really doesn't exists '/usr/share/ovirt-
> engine/files/novnc/vendor/promise.js on the engone VM.
> 
> Certificate we use is valid with payed  CA and its CA is in any
> browser by default. Maybe there can be something wrong when i changed
> default certificate to the custom one. But before today's morning
> upgrade everything worked fine.
> 
> let me check this. 
> 
> 
> Thank you 
> Jirka
> 
> On 10/3/22 14:24, Michal Skrivanek wrote:
> 
> > There's been no interesting change between these versions. I would
> > rather suspect certificates...can you try in brand new browser
> > sessions and make sure the engine CA is imported? 
> > 
> > 
> > 
> > > On 3. 10. 2022, at 13:40, Jirka Simon  wrote:
> > > 
> > > 
> > > Hello there, 
> > > after update from 4.5.2.4 to 4.5.2.5  stopped to work noVNC
> > > client within browser,  it writes  Something went wrong,
> > > connection is closed in browser and then i th engine log is this
> > > message.
> > > 2022-10-03 13:34:55,772+02 INFO
> > >  [org.ovirt.engine.core.utils.servlet.ServletUtils] (default
> > > task-13) [] Can't read file '/usr/share/ovirt-
> > > engine/files/novnc/vendor/promise.js' for request '/ovirt-
> > > engine/services/files/novnc/vendor/promise.js' -- 404
> > > thank k you for any advice.
> > > 
> > > Jirka
> > > ___
> > > Users mailing list -- users@ovirt.org
> > > To unsubscribe send an email to users-le...@ovirt.org
> > > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > > oVirt Code of Conduct:
> > > https://www.ovirt.org/community/about/community-guidelines/
> > > List Archives:
> > >
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/Y325XTSQAEEYR7C3NNWR32TJ4DMYQDBQ/
> > 
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/CKEOEPZWTKZFJ3OQQF4HIKHJTJOJWD6R/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/CABKLQOEFD5JJPZ7E6KYLEIOKAVHNHMH/

[ovirt-users] Re: Editing vm devices

2022-09-28 Thread Patrick Hibbs

No, that's for PCI passthrough. The tab I'm referring to is the one
next to it in the UI labeled "VM Devices." Which (should?) allow
editing the virtual devices in the guest.

Currently, it only allows us to view the settings for vm devices, and
it has a button for editing VGPU properties (but not all of them) only.

-Patrick Hibbs

On Wed, 2022-09-28 at 02:13 +, Hean-Seng Tan wrote:
> I never needed to this but I could see host devices tab on web
> console for a vm in oVirt 4.5.0. Clicking on Add Device button will
> bring up a window to select host and some devices from the host to
> attach to the vm. Is this what you are looking for?
> 
> -HS Tan
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/XIO46DJOCGZB7UTF75P5YEMTL5WRCHU7/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/O4Y3436PKZL3G7KDUTCHUFS77GQD6CQD/

[ovirt-users] Editing vm devices

2022-09-26 Thread Patrick Hibbs

Hello,

I was trying to get some guest os hardware working and
ultimately had to use the qemu-cmdline vdsm hook to set the pci bus id
and address for a given vm device.

I noticed that ovirt had a vmdevices tab in the Admin UI with this
information in it, but it could not be edited. After looking through
things I found this:
https://www.ovirt.org/develop/release-management/features/virt/expose-vm-devices.html

Apparently ovirt had at one point planned on allowing the administrator
to change individual vm device properties, and some of this support
such as the property persistence in the ovirt database, was already
implemented. The only thing that seems to be missing is marking the 
fields in the Admin UI as editable, and the hook to update the database
from those fields.

Does anyone know if there are any plans on actually finishing this
feature and getting it into a ovirt release? Or if not, why? The linked
page is outdated, and claims the original target was ovirt 3.6.

-Patrick Hibbs

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YWZXC2SQRB2YO5UPKWXHM323EIJAGWQQ/

[ovirt-users] Re: Selecting login profile with LDAP integration

2022-08-19 Thread Patrick Hibbs

If you followed an older guide, what you've probably done is setup the
deprecated aaa plugin. New installations use keycloak by default, which
has it's own setup method for integrating an LDAP authentication
source.

It is possible to use the older plugin system, but it won't be
supported moving forward and is liable to be removed entirely. I can't
recommend it's use.

There is a link to a guide on configuring keycloak integration on the
mailing list:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UMG3BB5I4T5AGPWY2XABNFJUOQVBIIGV/

That being said, it's probably possible to enable the deprecated
interface on a new installation, but I'm not sure how to do it. You
might get an idea or two from the link above however. (The external
keycloak guide.)

As for the other interfaces, there was a comment a while ago about how
email addresses can wind up looking weird with keycloak integration.
Specifically, if a user's email address is used ( b...@example.com ) it
can require having the auth source appended ( b...@example.com@example-
authz ) during login for it to work. You might want to give that a try
first.

-Patrick Hibbs

On Fri, 2022-08-19 at 05:34 +, Dave Lennox wrote:
> trying to validate the login against the Internal profile so I assume
> it isn't able to try multiple authentication sources?

[ovirt-users] Re: Task Run PKI enroll request for vdsm and QEMU failed to execute. Ovirt 4.5.1

2022-07-22 Thread Patrick Hibbs

That error is saying the enrollment script cannot access the serial.txt
file to generate the new certificate's serial number. That file should
be located at /etc/pki/ovirt-engine/serial.txt Owned by the ovirt user
/ group. (Oddly enough on my system that file is world readable /
writable. Which seems like it should be wrong...)

There may also be backup files of it in that same directory.

If the file doesn't exist at all and there are no backups: You could
try to create a new one by figuring out what the highest serial number
issued by the internal ca is, incrementing it by one, and echoing that
into a new serial.txt file. (Setting permissions as appropriate.)
Although in this case, I'd ask why the file was deleted in the first
place.

-Patrick Hibbs

On Wed, 2022-07-20 at 19:44 +, xavi...@rogers.com wrote:
> Log:
> 
> 2022-07-20 17:50:43 UTC - TASK [ovirt-host-deploy-vdsm-certificates :
> Run PKI enroll request for vdsm and QEMU] ***
> 2022-07-20 17:50:43 UTC - 
> 2022-07-20 17:50:43 UTC - {
>   "status" : "OK",
>   "msg" : "",
>   "data" : {
>     "uuid" : "67f44c2c-edf2-454b-ab5f-a3a6e3076ddc",
>     "counter" : 179,
>     "stdout" : "",
>     "start_line" : 171,
>     "end_line" : 171,
>     "runner_ident" : "6b4c5f52-0854-11ed-b044-00163e598f5b",
>     "event" : "runner_on_failed",
>     "pid" : 32040,
>     "created" : "2022-07-20T17:50:43.065710",
>     "parent_uuid" : "00163e59-8f5b-ba87-8722-02a4",
>     "event_data" : {
>   "playbook" : "ovirt-host-deploy.yml",
>   "playbook_uuid" : "4f7a6915-ae99-445b-ac02-ba66bbd1aa57",
>   "play" : "all",
>   "play_uuid" : "00163e59-8f5b-ba87-8722-0008",
>   "play_pattern" : "all",
>   "task" : "Run PKI enroll request for vdsm and QEMU",
>   "task_uuid" : "00163e59-8f5b-ba87-8722-02a4",
>   "task_action" : "command",
>   "task_args" : "",
>   "task_path" : "/usr/share/ovirt-engine/ansible-runner-service-
> project/project/roles/ovirt-host-deploy-vdsm-
> certificates/tasks/main.yml:38",
>   "role" : "ovirt-host-deploy-vdsm-certificates",
>   "host" : "xnet-node-02.xnet.local",
>   "remote_addr" : "xnet-node-02.xnet.local",
>   "res" : {
>     "results" : [ {
>   "msg" : "non-zero return code",
>   "cmd" : [ "/usr/share/ovirt-engine/bin/pki-enroll-
> request.sh", "--name=xnet-node-02.xnet.local", "--
> subject=/O=xnet.local/CN=xnet-node-02.xnet.local", "--san=DNS:xnet-
> node-02.xnet.local", "--days=398", "--timeout=30", "--ca-file=ca", "-
> -cert-dir=certs", "--req-dir=requests" ],
>   "stdout" : "",
>   "stderr" : "Using configuration from openssl.conf\nunable
> to load number from serial.txt\nerror while loading serial
> number\n140364123252544:error:0D066096:asn1 encoding
> routines:a2i_ASN1_INTEGER:short line:crypto/asn1/f_int.c:140:\nCannot
> sign certificate",
>   "rc" : 1,
>   "start" : "2022-07-20 17:50:42.811555",
>   "end" : "2022-07-20 17:50:42.840405",
>   "delta" : "0:00:00.028850",
>   "changed" : true,
>   "failed" : true,
>   "invocation" : {
>     "module_args" : {
>   "_raw_params" : "\"/usr/share/ovirt-engine/bin/pki-
> enroll-request.sh\"\n\"--name=xnet-node-02.xnet.local\"\n\"--
> subject=/O=xnet.local/CN=xnet-node-02.xnet.local\"\n\"--san=DNS:xnet-
> node-02.xnet.local\"\n\"--days=398\"\n\"--timeout=30\"\n\"--ca-
> file=ca\"\n\"--cert-dir=certs\"\n\"--req-dir=requests\"\n",
>   "warn" : true,
>   "_uses_shell" : false,
>   "stdin_add_newline" : true,
>   "strip_empty_ends" : true,
>   "argv" : null,
>   "chdir" : null,
>   "executable" : null,
>   "creates" : null,
>   "removes"

[ovirt-users] Re: oVirt over gluster: Replacing a dead host

2022-07-18 Thread Patrick Hibbs

If I'm understanding your question / setup correctly, the best way
would be to simply mount -o bind the old path to the new one. The old
path would still be used by gluster, but it would ultimately go to the
new location.

Changing the brick path on a single brick while leaving the original
path intact on others may be possible, the gluster docs are silent
either way, but I'd doubt oVirt would work correctly in that
circumstance.
Maybe Sandro can point us at someone who would know more on that
subject? :)

If it is possible to do, and standard disclaimer: I'm *NOT*
recommending anyone do it, I'd imagine you'd need to follow
instructions similar
to (https://serverfault.com/questions/631365/rename-a-glusterfs-peer)
replacing the peer name with the brick directory.

-Patrick Hibbs

On Mon, 2022-07-18 at 08:19 +0300, Gilboa Davara wrote:
> Hello,
> 
> Many thanks for your email.
> I should add that this is a test environment we set up in preparation
> for a planned CentOS 7 / oVirt 4.3 upgrade to CentOS 8 Streams /
> oVirt 4.5 upgrade in one of our old(er) oVirt clusters.
> In this case, we blew up the software RAID during the OS replacement
> (CentOS 7 -> 8) so have a host, but no storage.
> And as an added bonus, the FS locations are a bit different. (due MD
> changes we made during the blowup).
> 
> So, essentially the host is alive, but we need to create a new brick
> using a known good brick.
> A couple of questions:
> Assuming I have a known good brick to copy but the FS location is
> different and given the fact I cannot simply remove/add brick, how do
> I change the brick path?
> Old location:
> office-wx-hv1-lab-gfs:/mnt/LogGFSData/brick
> New location:
> office-wx-hv1-lab-gfs.localdomain:/gluster/brick/data/brick
> 
> Thanks again,
> Gilboa
> 
> On Mon, Jul 18, 2022 at 1:32 AM Patrick Hibbs
>  wrote:
> > What you are missing is the fact that gluster requires more than
> > one set of bricks to recover from a dead host. I.e. In your set up,
> > you'd need 6 hosts. 4x replicas and 2x arbiters with at least one
> > set (2x replicas and 1x arbiter) operational bare minimum.
> > Automated commands to fix the volume do not exist otherwise. (It's
> > a Gluster limitation.) This can be fixed manually however.
> > 
> > Standard Disclaimer: Back up your data first! Fixing this issue
> > requires manual intervention. Reader assumes all responsiblity for
> > any action resulting from the instructions below. Etc.
> > 
> > If it's just a dead brick, (i.e. the host is still functional), all
> > you really need to do is replace the underlying storage:
> > 
> > 1. Take the gluster volume offline.
> > 2. Remove the bad storage device, and attach the replacement.
> > 3. rsync / scp / etc. the data from a known good brick (be sure to
> > include hidden files / preserve file times and ownership / SELinux
> > labels / etc. ). 
> > 4. Restart the gluster volume.
> > 
> > Gluster *might* still need to heal everything after all of that,
> > but it should start the volume and get it running again.
> > 
> > If the host itself is dead, (and the underlying storage is still
> > functional), you can just move the underlying storage over to the
> > new host:
> > 
> > 1. Take the gluster volume offline.
> > 2. Attach the old storage.
> > 3. Fix up the ids on the volume file.
> > (https://serverfault.com/questions/631365/rename-a-glusterfs-peer)
> > 4. Restart the gluster volume.
> > 
> > If both the host and underlying storage are dead, you'll need to do
> > both tasks:
> > 
> > 1. Take the gluster volume offline.
> > 2. Attach the new storage.
> > 3. rsync / scp / etc. the data from a known good brick (be sure to
> > include hidden files / preserve file times and ownership / SELinux
> > labels / etc. ).
> > 4. Fix up the ids on the volume file.
> > 5. Restart the gluster volume.
> > 
> > Keep in mind one thing however: If the gluster host you are
> > replacing is used by oVirt to connect to the volume (I.e. It's the
> > host named in the volume config in the Admin portal). The new host
> > will need to retain the old hostname / IP, or you'll need to update
> > oVirt's config. Otherwise the VM hosts will wind up in Unassigned /
> > Non-functional status.
> > 
> > - Patrick Hibbs
> > 
> > On Sun, 2022-07-17 at 22:15 +0300, Gilboa Davara wrote:
> > > Hello all,
> > > 
> > > I'm attempting to replace a dead host in a replica 2 + arbiter
> > > gluster setup and replace it with a new host.
> > > I've already set up a new host (same hostname..localdomain) and
> > > got into th

[ovirt-users] Re: oVirt over gluster: Replacing a dead host

2022-07-17 Thread Patrick Hibbs

What you are missing is the fact that gluster requires more than one
set of bricks to recover from a dead host. I.e. In your set up, you'd
need 6 hosts. 4x replicas and 2x arbiters with at least one set (2x
replicas and 1x arbiter) operational bare minimum.
Automated commands to fix the volume do not exist otherwise. (It's a
Gluster limitation.) This can be fixed manually however.

Standard Disclaimer: Back up your data first! Fixing this issue
requires manual intervention. Reader assumes all responsiblity for any
action resulting from the instructions below. Etc.

If it's just a dead brick, (i.e. the host is still functional), all you
really need to do is replace the underlying storage:

1. Take the gluster volume offline.
2. Remove the bad storage device, and attach the replacement.
3. rsync / scp / etc. the data from a known good brick (be sure to
include hidden files / preserve file times and ownership / SELinux
labels / etc. ). 
4. Restart the gluster volume.

Gluster *might* still need to heal everything after all of that, but it
should start the volume and get it running again.

If the host itself is dead, (and the underlying storage is still
functional), you can just move the underlying storage over to the new
host:

1. Take the gluster volume offline.
2. Attach the old storage.
3. Fix up the ids on the volume file.
(https://serverfault.com/questions/631365/rename-a-glusterfs-peer)
4. Restart the gluster volume.

If both the host and underlying storage are dead, you'll need to do
both tasks:

1. Take the gluster volume offline.
2. Attach the new storage.
3. rsync / scp / etc. the data from a known good brick (be sure to
include hidden files / preserve file times and ownership / SELinux
labels / etc. ).
4. Fix up the ids on the volume file.
5. Restart the gluster volume.

Keep in mind one thing however: If the gluster host you are replacing
is used by oVirt to connect to the volume (I.e. It's the host named in
the volume config in the Admin portal). The new host will need to
retain the old hostname / IP, or you'll need to update oVirt's config.
Otherwise the VM hosts will wind up in Unassigned / Non-functional
status.

- Patrick Hibbs

On Sun, 2022-07-17 at 22:15 +0300, Gilboa Davara wrote:
> Hello all,
> 
> I'm attempting to replace a dead host in a replica 2 + arbiter
> gluster setup and replace it with a new host.
> I've already set up a new host (same hostname..localdomain) and got
> into the cluster.
> 
> $ gluster peer status
> Number of Peers: 2
> 
> Hostname: office-wx-hv3-lab-gfs
> Uuid: 4e13f796-b818-4e07-8523-d84eb0faa4f9
> State: Peer in Cluster (Connected)
> 
> Hostname: office-wx-hv1-lab-gfs.localdomain <-- This is a new
> host.
> Uuid: eee17c74-0d93-4f92-b81d-87f6b9c2204d
> State: Peer in Cluster (Connected)
> 
> $ gluster volume info GV2Data
>  Volume Name: GV2Data
> Type: Replicate
> Volume ID: c1946fc2-ed94-4b9f-9da3-f0f1ee90f303
> Status: Stopped
> Snapshot Count: 0
> Number of Bricks: 1 x (2 + 1) = 3
> Transport-type: tcp
> Bricks:
> Brick1: office-wx-hv1-lab-gfs:/mnt/LogGFSData/brick  <-- This is
> the dead host.
> Brick2: office-wx-hv2-lab-gfs:/mnt/LogGFSData/brick
> Brick3: office-wx-hv3-lab-gfs:/mnt/LogGFSData/brick (arbiter)
> ...
> 
> Looking at the docs, it seems that I need to remove the dead brick.
> 
> $ gluster volume remove-brick GV2Data office-wx-hv1-lab-
> gfs:/mnt/LogGFSData/brick start
> Running remove-brick with cluster.force-migration enabled can result
> in data corruption. It is safer to disable this option so that files
> that receive writes during migration are not migrated.
> Files that are not migrated can then be manually copied after the
> remove-brick commit operation.
> Do you want to continue with your current cluster.force-migration
> settings? (y/n) y
> volume remove-brick start: failed: Removing bricks from replicate
> configuration is not allowed without reducing replica count
> explicitly
> 
> So I guess I need to drop from replica 2 + arbiter to replica 1 +
> arbiter (?).
> 
> $ gluster volume remove-brick GV2Data replica 1 office-wx-hv1-lab-
> gfs:/mnt/LogGFSData/brick start
> Running remove-brick with cluster.force-migration enabled can result
> in data corruption. It is safer to disable this option so that files
> that receive writes during migration are not migrated.
> Files that are not migrated can then be manually copied after the
> remove-brick commit operation.
> Do you want to continue with your current cluster.force-migration
> settings? (y/n) y
> volume remove-brick start: failed: need 2(xN) bricks for reducing
> replica count of the volume from 3 to 1
> 
> ... What am I missing?
> 
> - Gilboa
> ___
> Users mailing list -- users@ovirt.org
> To unsubscri

[ovirt-users] Re: Grafana - Origin Not Allowed

2022-06-13 Thread Patrick Hibbs

I meant update the password in grafana's Web UI.

You can find it by going to the Monitoring Portal -> Gear Icon on the
left hand side -> Data Sources -> oVirt DWH -> PostgreSQL Connection.
There you can change the parameters used by grafana to connect to the
engine database. (You'll have to hit the reset button to allow updating
the password.)

*Note: The gear icon will only show up if the logged in user has
administrative permissions within grafana. Only the built in oVirt
admin user (admin@internal-authz) has this permission by default. But
you can delegate those permissions within grafana.

- Patrick Hibbs

On Mon, 2022-06-13 at 08:34 +0100, Maton, Brett wrote:
>   I've not restored from a backup or changed the grafana databse user
> password, no idea why this has 'just' stopped working (or when as I
> don't look at grafana that often).
> 
> I tried updating the grafana db user password, but still no joy...
> 
> I grabbed the password from /etc/ovirt-engine-dwh/ovirt-engine-
> dwhd.conf.d/10-setup-grafana-database.conf - GRAFANA_DB_PASSWD
> 
> and then updated the database user:
> 
> su - postgres
> psql -d ovirt_engine_history
> ALTER ROLE ovirt_engine_history_grafana WITH PASSWORD 'password from
> config file';
> 
> 
> On Fri, 10 Jun 2022 at 17:32, Patrick Hibbs 
> wrote:
> > That can happen if the builtin password for the engine database's
> > grafana user changes, or if you manually restore the grafana
> > database from a backup.
> > 
> > You could try resetting the password by copying it back into the
> > data source config in grafana's UI. (You'll need admin privlieges
> > for grafana to do so.)
> > The password for the engine database's grafana user should be
> > located in /etc/ovirt-engine-dwh/ovirt-engine-dwhd.conf.d/10-setup-
> > grafana-database.conf on the engine host.
> > 
> > -Patrick Hibbs
> > 
> > On Thu, 2022-06-09 at 09:32 +0100, Maton, Brett wrote:
> > > oVirt 4.5.0.8-1.el8 
> > > 
> > > I tried to connect to grafana via the monitoring portal link from
> > > the dash and all panels are failing to display any data with
> > > varying error messages, but all include 'Origin Not Allowed'
> > > 
> > > I navigated to Data Sources and ran a test on the PostgreSQL
> > > connection (localhost) which threw the same Origin Not Allowed
> > > error message.
> > > 
> > > Any suggestions?
> > > ___
> > > Users mailing list -- users@ovirt.org
> > > To unsubscribe send an email to users-le...@ovirt.org
> > > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > > oVirt Code of Conduct:
> > > https://www.ovirt.org/community/about/community-guidelines/
> > > List Archives:
> > >
> >
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/V5I3LPPDKLL7BXDDBOFIS22JMS5ONUYU/
> > 
> > 
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > oVirt Code of Conduct:
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> >
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/KDPMJGJ22DJH4FZW2Y2UVDBZD3KBJN37/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZMWOQQHJAVCM5NLTDXXIJL7Y3U65HNTV/

[ovirt-users] Re: Grafana - Origin Not Allowed

2022-06-10 Thread Patrick Hibbs

That can happen if the builtin password for the engine database's
grafana user changes, or if you manually restore the grafana database
from a backup.

You could try resetting the password by copying it back into the data
source config in grafana's UI. (You'll need admin privlieges for
grafana to do so.)
The password for the engine database's grafana user should be located
in /etc/ovirt-engine-dwh/ovirt-engine-dwhd.conf.d/10-setup-grafana-
database.conf on the engine host.

-Patrick Hibbs

On Thu, 2022-06-09 at 09:32 +0100, Maton, Brett wrote:
> oVirt 4.5.0.8-1.el8 
> 
> I tried to connect to grafana via the monitoring portal link from the
> dash and all panels are failing to display any data with varying
> error messages, but all include 'Origin Not Allowed'
> 
> I navigated to Data Sources and ran a test on the PostgreSQL
> connection (localhost) which threw the same Origin Not Allowed error
> message.
> 
> Any suggestions?
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/V5I3LPPDKLL7BXDDBOFIS22JMS5ONUYU/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/KDPMJGJ22DJH4FZW2Y2UVDBZD3KBJN37/

[ovirt-users] Re: Engine Certificate renewal caused "Error while executing action InstallVds: Internal Engine Error"

2022-06-06 Thread Patrick Hibbs

My engine version at the time was ovirt-engine-4.5.0.8-1.el8.noarch.

Unfortunately I had to reinstall the engine over the weekend, so I'm
afraid the log is no longer available.

That being said, given that the engine only started doing that after I
force renewed the internal engine certificate via engine-setup (by
renaming /etc/pki/ovirt-engine/keys/engine.p12), I would assume that
engine-setup didn't update something correctly. Perhaps the error can
be traced to engine-setup's need for a specific time frame to renew the
cert?

Anotheruser opened a bug for engine-setup not renewing the internal
engine  cert  despite  the WebUI's  complaints:
https://bugzilla.redhat.com/show_bug.cgi?id=2093954

-Patrick Hibbs

On Mon, 2022-06-06 at 12:02 +0200, Milan Zamazal wrote:
> Patrick Hibbs  writes:
> 
> > Secondproblem: After having renewed the engine certificate, the
> > engine
> > canno longer update a host certificate nor (re-)install a host.
> > Giving
> > me the following error in the Admin WebUI: "Error while executing
> > action InstallVds: Internal Engine Error"
> > 
> > I've attached the logs from the engine.
> 
> The attached log refers to another log
> /var/log/ovirt-engine/host-deploy/ovirt-enroll-certs-ansible-
> 20220603115134-virt02.codenet-1a0acee9-f33e-44e3-a863-
> cd2ee0a4289e.log
> where the actual error should be visible.
> 
> Also, what's your Engine version?
> 
> Regards,
> Milan
> 

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TVWIRU6KR2UAOLCOIJGK2XNM5XZRQHS5/

[ovirt-users] Re: how to force engine certificate renewal

2022-06-06 Thread Patrick Hibbs

I wouldn't force it. I tried that last week and spent the weekend
reinstalling the engine host. Due to the engine no longer being able to
install new / reinstall existing hosts or enroll host certificates
after doing so.

Might just be better to wait until engine-setup does it automatically.

-Patrick Hibbs

On Mon, 2022-06-06 at 07:26 +0100, Maton, Brett wrote:
> oVirt: 4.5.0.8-1.el8
> 
> Hi,
> 
>   I got a warning yesterday that the engine certificate is 'about' to
> expire, in 6 months
> >   Engine's certification is about to expire at 2022-12-10. Please
> > renew the engine's certification.
> > 
> 
>   I tried 'engine-setup --offline' but wasn't prompted to update the
> engine certificate.
> 
> Regards,
> Brett
> 
> On Thu, 26 May 2022 at 10:14, Gianluca Cecchi
>  wrote:
> > Hello,
> > I'm currently still on 4.4.x.
> > Suppose I have an engine certificate expiring on mid August and I
> > want to force renew it now using "engine-setup --offline" command.
> > How can I do it if possible?
> > How many days before expiration I get the message that it is
> > expiring soon with a proposal of renewing it when running "engine-
> > setup"?
> > 
> > Thanks,
> > Gianluca
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > oVirt Code of Conduct:
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> >
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/4BZ724AJQ3OWJRZLCSR2Y3PPCBKG7QNC/
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/PWETJKNUX4WXAWCAYSWVMY6QSV46GVZK/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YFVV2L2C4GFLO5I5AKYBZN5QLA3ERBXD/

[ovirt-users] Re: CPU_TYPE_UNSUPPORTED_IN_THIS_CLUSTER_VERSION

2022-06-05 Thread Patrick Hibbs

That's an AMD Jaguar architecture CPU according to CPU-World.

It's meant for low-power desktop use, and was initially produced in
2014. As the flags show, It does support svm.

Only an AMD cpu type will work with AMD host CPUs. However, if you've
already tried the existing Opteron types and it doesn't work, then the
host CPU isn't officially supported by oVirt. (FYI: Desktop and Mobile
CPUs aren't officially supported by oVirt regardless of manufacturer.)

As such, you'll need to manually add the cpu model to oVirt's database
to get it to work correctly. Sadly, that's a question for the devs. I
think I've seen a write up somewhere for that but I can't find it
currently. If any dev would like to chime in, I'd love to get that info
for my own use.

It would be nice if oVirt would just allow a generic profile even if it
was fully unsupported. Like how VMWare has the allow unsupported
checkbox in it's advanced settings. At the very least it would allow
for testing / development or for small setups where going out to buy a
new server blade isn't an option at any price.

-Patrick Hibbs

On Fri, 2022-06-03 at 21:34 +0200, Pavel Mlčoch wrote:
> I'm trying install ovirt cluster with ovirt-engine as VM on
> server1(currently rocky8.6) and ovirt-node as server2.
> I create cluster and try add server2, but I always get unsupported
> CPU
> type error. I tried edit cluster with CPU Types AMD opterons, Intel
> IvyB, Intel Nahalem and error stays the same.
> 
> Know anybody which CPU type can be used for Athlon5350 or how to
> solve
> this error?
> 
> oVirt Open Virtualization Manager
> Software Version:4.5.0.8-1.el8
> 
> VARIANT="oVirt Node 4.5.0.3"
> 
> INFO  [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring]
> (EE-
> ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-45)
> [7501128a] Host 'server2.pavkamlc.cz'(f8c2d5e5-5177-42cc-a406-
> 599efbe3b32a) is already in NonOperational status for reason
> 'CPU_TYPE_UNSUPPORTED_IN_THIS_CLUSTER_VERSION'. SetNonOperationalVds
> command is skipped.
> 
> model name  : AMD Athlon(tm) 5350 APU with Radeon(tm) R3
> flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr
> pge
> mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext
> fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc
> cpuid
> extd_apicid aperfmperf pni pclmulqdq monitor ssse3 cx16 sse4_1 sse4_2
> movbe popcnt aes xsave avx f16c lahf_lm cmp_legacy svm extapic
> cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt
> topoext perfctr_nb bpext perfctr_llc hw_pstate proc_feedback ssbd
> vmmcall bmi1 xsaveopt arat npt lbrv svm_lock nrip_save tsc_scale
> flushbyasid decodeassists pausefilter pfthreshold overflow_recov
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZHTZ37W7NBSIW25MU7SFUOA2OREFYZFN/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZYMM4M3J7XRYTKUHBXYXI63I5WKU4THV/

[ovirt-users] Re: local on host storage domain full, how to clean up

2022-06-05 Thread Patrick Hibbs

You can use the all_disks_for_vms view, instead of all_disks. Then add
the vm_id and / or vm_names columns.

For example:

/usr/share/ovirt-engine/dbscripts/engine-psql.sh -c "select
disk_id,image_guid,disk_alias,disk_profile_name,vm_id,vm_names from
all_disks_for_vms where disk_content_type='0' order by disk_alias" >
/root/disk_ids-to_vms.txt

-Patrick Hibbs


On Sun, 2022-06-05 at 16:16 +0200, Gianluca Cecchi wrote:
> 
> 
> On Mon, May 30, 2022 at 4:44 PM _isi _  wrote:
> > Do you mean something like this ?
> > 
> > /usr/share/ovirt-engine/dbscripts/engine-psql.sh -c "select
> > disk_id,image_guid,disk_alias,disk_profile_name from all_disks
> > where disk_content_type='0' order by disk_alias" > /root/disk_ids-
> > to_vms.txt
> > 
> > isi
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > oVirt Code of Conduct:
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> >
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/3FBFDABUYYTMVWQGJWRKAXESO3S67JWO/
> > 
> 
> 
> partially, because in my case if I take a VM with VM ID 711e5dc6-
> 04a1-42a4-b52c-96685bc19b1f
> 
> It has 3 disks, one of which has the alias ostack-ceph1_Disk3
> 
> the query for this disk gives
>  select disk_id,image_guid,disk_alias,disk_profile_name from
> all_disks where disk_content_type='0' order by disk_alias;
> . . .
>  1093ada3-65b2-407a-a6b8-fd9529f4a0db | ded7c7c7-477f-44e3-8ac5-
> 8908bde6340c | ostack-ceph1_Disk3   | 2t_1
> 
> And I get under /2t_1
> 
> /2t_1/images/caa6fd69-e371-4476-89eb-cbbae82c2add/images
> 
> # ll | grep 1093
> drwxr-xr-x. 2 vdsm kvm 4096 Apr 20  2021 1093ada3-65b2-407a-a6b8-
> fd9529f4a0db
> #
> 
> # cd 1093ada3-65b2-407a-a6b8-fd9529f4a0db/
> # ll
> total 156872396
> -rw-rw. 1 vdsm kvm 161061273600 Apr 30  2021 ded7c7c7-477f-44e3-
> 8ac5-8908bde6340c
> -rw-r--r--. 1 vdsm kvm          289 Apr 20  2021 ded7c7c7-477f-44e3-
> 8ac5-8908bde6340c.meta
> # 
> 
> but I miss the link between the id of the VM and the disk, that is
> what I would like to get
> 
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/BJ5J4KNMMZ4PNWAYHAC36AW7T4W4ICZU/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/U5OKETQOCAVR3LS6VPUAZFV5VLNBF3KV/

[ovirt-users] Engine Certificate renewal caused "Error while executing action InstallVds: Internal Engine Error"

2022-06-03 Thread Patrick Hibbs

OK, while I was debugging the other problem, the engine complained
about the internal engine cert expiring in three months. As I had to
completely shutdown the entire data center (all hosts including the
engine itself) at once, I figured I'd go ahead and renew the engine
cert so I wouldn't have to do it later.

First problem: engine-setup won't renew the engine certificate
(engine.cer / engine.p12) at three months out despite the scary
warnings in the notifications tab in the Admin WebUI. It can be forced
to by renaming the files however.

Second problem: After having renewed the engine certificate, the engine
can no longer update a host certificate nor (re-)install a host. Giving
me the following error in the Admin WebUI: "Error while executing
action InstallVds: Internal Engine Error"

I've attached the logs from the engine.

-Patrick Hibbs


2022-06-03 11:50:31,057-04 INFO  [org.ovirt.engine.core.sso.service.AuthenticationService] (default task-1) [] User admin@internal-authz with profile [internal] successfully logged in with scopes: ovirt-app-admin ovirt-app-api ovirt-app-portal ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovirt-ext=token:password-access
2022-06-03 11:50:31,373-04 INFO  [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-1) [1881b773] Running command: CreateUserSessionCommand internal: false.
2022-06-03 11:50:31,575-04 INFO  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-1) [1881b773] EVENT_ID: USER_VDC_LOGIN(30), User admin@internal-authz connecting from '192.168.1.3' using session 'goYlqp8O7TJoxJs4kXEfUkNBLDqNlrufYnKyECljCZ46NR14dHnRT7Fka3lmJTmw/26lWZhKPLwruuQMS7EG4w==' logged in.
2022-06-03 11:50:31,621-04 INFO  [org.ovirt.engine.ui.frontend.server.gwt.plugin.PluginDataManager] (default task-1) [] Reading UI plugin descriptor '/usr/share/ovirt-engine/ui-plugins/ui-extensions.json'
2022-06-03 11:50:31,630-04 INFO  [org.ovirt.engine.ui.frontend.server.gwt.plugin.PluginDataManager] (default task-1) [] Reading UI plugin configuration '/etc/ovirt-engine/ui-plugins/ui-extensions-config.json'
2022-06-03 11:50:45,670-04 INFO  [org.ovirt.engine.core.bll.hostdeploy.InstallVdsCommand] (default task-4) [9b088ca5-18db-4980-a3d6-bb1524bd6428] Running command: InstallVdsCommand internal: false. Entities affected :  ID: 58f72ae7-058a-46de-aef1-a4f832058394 Type: VDSAction group EDIT_HOST_CONFIGURATION with role type ADMIN
2022-06-03 11:50:45,757-04 INFO  [org.ovirt.engine.core.utils.transaction.TransactionSupport] (default task-4) [9b088ca5-18db-4980-a3d6-bb1524bd6428] transaction rolled back
2022-06-03 11:50:45,759-04 ERROR [org.ovirt.engine.core.bll.hostdeploy.InstallVdsCommand] (default task-4) [9b088ca5-18db-4980-a3d6-bb1524bd6428] Command 'org.ovirt.engine.core.bll.hostdeploy.InstallVdsCommand' failed: Failed managing transaction
2022-06-03 11:50:45,759-04 ERROR [org.ovirt.engine.core.bll.hostdeploy.InstallVdsCommand] (default task-4) [9b088ca5-18db-4980-a3d6-bb1524bd6428] Exception: java.lang.RuntimeException: Failed managing transaction
	at org.ovirt.engine.core.utils//org.ovirt.engine.core.utils.transaction.TransactionSupport.executeInNewTransaction(TransactionSupport.java:203)
	at deployment.engine.ear.bll.jar//org.ovirt.engine.core.bll.hostdeploy.UpdateVdsCommand.updateVdsData(UpdateVdsCommand.java:264)
	at deployment.engine.ear.bll.jar//org.ovirt.engine.core.bll.hostdeploy.UpdateVdsCommand.executeCommand(UpdateVdsCommand.java:177)
	at deployment.engine.ear.bll.jar//org.ovirt.engine.core.bll.CommandBase.executeWithoutTransaction(CommandBase.java:1174)
	at deployment.engine.ear.bll.jar//org.ovirt.engine.core.bll.CommandBase.executeActionInTransactionScope(CommandBase.java:1332)
	at deployment.engine.ear.bll.jar//org.ovirt.engine.core.bll.CommandBase.runInTransaction(CommandBase.java:2010)
	at org.ovirt.engine.core.utils//org.ovirt.engine.core.utils.transaction.TransactionSupport.executeInNewTransaction(TransactionSupport.java:181)
	at org.ovirt.engine.core.utils//org.ovirt.engine.core.utils.transaction.TransactionSupport.executeInRequired(TransactionSupport.java:113)
	at org.ovirt.engine.core.utils//org.ovirt.engine.core.utils.transaction.TransactionSupport.executeInScope(TransactionSupport.java:81)
	at deployment.engine.ear.bll.jar//org.ovirt.engine.core.bll.CommandBase.execute(CommandBase.java:1392)
	at deployment.engine.ear.bll.jar//org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:424)
	at deployment.engine.ear.bll.jar//org.ovirt.engine.core.bll.executor.DefaultBackendActionExecutor.execute(DefaultBackendActionExecutor.java:13)
	at deployment.engine.ear.bll.jar//org.ovirt.engine.core.bll.Backend.runAction(Backend.java:450)
	at deployment.engine.ear.bll.jar//org.ovirt.engine.core.bll.Backend.runActionImpl(Backend.java:432)
	at deployment.engine.e

[ovirt-users] Re: HA VM Lease failure with full data storage domain

2022-06-02 Thread Patrick Hibbs

Here's the ausearch results from that host. Looks like more than one
issue. (openvswitch is also in there.)

I'll see about opening the bug. Should I file it on oVirt's github or
the RedHat bugzilla?

-Patrick Hibbs

On Thu, 2022-06-02 at 22:08 +0300, Nir Soffer wrote:
> On Thu, Jun 2, 2022 at 9:52 PM Patrick Hibbs 
> wrote:
> > 
> > The attached logs are from the cluster hosts that were running the
> > HA
> > VMs during the failures.
> > 
> > I've finally got all of my HA VMs up again. The last one didn't
> > start
> > again until after I freed up more space in the storage domain than
> > what
> > was originally available when the VM was running previously. (It
> > now
> > has over 150GB of free space. Which should be more than enough, but
> > it
> > didn't boot with 140GB avaiable)
> > 
> > SideNote:
> > I just found this in the logs on the original host that the HA VMs
> > were
> > running on:
> > 
> > ---snip---
> > Jun 02 10:33:29 ryuki.codenet sanlock[1054]: 2022-06-02 10:33:29
> > 674607
> > [1054]: s1 check_our_lease warning 71 last_success 674536
> >   # semanage
> > fcontext -a -t virt_image_t '1055'
> >   *  Plugin
> > catchall (2.13 confidence) suggests   **
> >   Then you
> > should
> > report this as a bug.
> >   You can
> > generate
> > a local policy module to allow this access.
> >   Do
> 
> Not clear what is the selinux issue. If you run:
> 
>     ausearch -m avc
> 
> It should be more clear.
> 
> > Jun 02 10:33:45 ryuki.codenet sanlock[1054]: 2022-06-02 10:33:45
> > 674623
> > [1054]: s1 kill 3441 sig 15 count 8
> > Jun 02 10:33:45 ryuki.codenet sanlock[1054]: 2022-06-02 10:33:45
> > 674623
> > [1054]: s1 kill 4337 sig 15 count 8
> > Jun 02 10:33:46 ryuki.codenet sanlock[1054]: 2022-06-02 10:33:46
> > 674624
> > [1054]: s1 kill 3206 sig 15 count 9
> 
> This means that the host could not access the storage for 80 seconds,
> and the
> leases expired. When leases expire, sanlock must kill the process
> holding the
> lease. Here we see that sanlock send a SIGTERM to 3 processes.
> 
> If these are VMs, they will pause and libvirt will release the lease.
> 
> I can check the log deeper next week.
> 
> Nir
> 
> > Jun 02 10:33:47 ryuki.codenet kernel: ovirtmgmt: port 4(vnet2)
> > entered
> > disabled state
> > ---snip---
> > 
> > That looks like some SELinux failure.
> > 
> > -Patrick Hibbs
> > 
> > On Thu, 2022-06-02 at 19:44 +0300, Nir Soffer wrote:
> > > On Thu, Jun 2, 2022 at 7:14 PM Patrick Hibbs
> > > 
> > > wrote:
> > > > 
> > > > OK, so the data storage domain on a cluster filled up to the
> > > > point
> > > > that
> > > > the OS refused to allocate any more space.
> > > > 
> > > > This happened because I tried to create a new prealloc'd disk
> > > > from
> > > > the
> > > > Admin WebUI. The disk creation claims to be completed
> > > > successfully,
> > > > I've not tried to use that disk yet, but due to a timeout with
> > > > the
> > > > storage domain in question the engine began trying to fence all
> > > > of
> > > > the
> > > > HA VMs.
> > > > The fencing failed for all of the HA VMs leaving them in a
> > > > powered
> > > > off
> > > > state. Despite all of the HA VMs being up at the time, so no
> > > > reallocation of the leases should have been necessary.
> > > 
> > > Leases are not reallocated during fencing, not sure why you
> > > expect
> > > this to happen.
> > > 
> > > > Attempting to
> > > > restart them manually from the Admin WebUI failed. With the
> > > > original
> > > > host they were running on complaining about "no space left on
> > > > device",
> > > > and the other hosts claiming that the original host still held
> > > > the
> > > > VM
> > > > lease.
> > > 
> > > No space left on device may be an unfortunate error from sanlock,
> > > meaning that there is no locksapce. This means the host has
> > > trouble
> >

[ovirt-users] HA VM Lease failure with full data storage domain

2022-06-02 Thread Patrick Hibbs

OK, so the data storage domain on a cluster filled up to the point that
the OS refused to allocate any more space.

This happened because I tried to create a new prealloc'd disk from the
Admin WebUI. The disk creation claims to be completed successfully,
I've not tried to use that disk yet, but due to a timeout with the
storage domain in question the engine began trying to fence all of the
HA VMs.

The fencing failed for all of the HA VMs leaving them in a powered off
state. Despite all of the HA VMs being up at the time, so no
reallocation of the leases should have been necessary. Attempting to
restart them manually from the Admin WebUI failed. With the original
host they were running on complaining about "no space left on device",
and the other hosts claiming that the original host still held the VM
lease.

After cleaning up some old snapshots, the HA VMs would still not boot.
Toggling the High Availability setting for each one and allowing the
lease to be removed from the storage domain was required to get the VMs
to start again. Re-enabling the High Availability setting there after
fixed the lease issue. But now some, not all, of the HA VMs are still
throwing "no space left on device" errors when attempting to start
them. The others are working just fine even with their HA lease
enabled.

My questions are:

1. Why does oVirt claim to have a constantly allocated HA VM lease on
the storage domain when it's clearly only done while the VM is running?

2. Why does oVirt deallocate the HA VM lease when performing a fencing
operation?

3. Why can't oVirt clear the old HA VM lease when the VM is down and
the storage pool has space available? (How much space is even needed?
The leases section of the storage domain in the Admin WebUI doesn't
contain any useful info beyond the fact that a lease should exist for a
VM even when it's off.)

4. Is there a better way to force start a HA VM when the lease is old
and the VM is powered off?

5. Should I file a bug on the whole HA VM failing to reacquire a lease
on a full storage pool?

-Patrick Hibbs

[ovirt-users] Re: new cluster, 6 nodes

2022-05-31 Thread Patrick Hibbs

1) If you have a hardware RAID you want to use, you should just use NFS
/ Direct SCSI / FibreChannel on top of it and forgo Gluster. As it's
been reported on the list that Gluster has latency issues when dealing
with a hardware RAID. Makes sense considering that Gluster is
essentially a software RAID. Using both is redundant, and counter
productive. (As a bad write on Gluster won't be detected / show up on
hardware and vice versa.)

Throwing Gluster on top of LVM on top of a hardware RAID, is not
something I'd recommend. You've got way to many layers of abstraction
there and it will be a huge pain to debug, or perform data recovery, if
something goes wrong later. Not to mention all of the resources spent
trying to figure out what data block goes where. (Don't forget that
each VM adds another layer of abstraction for it's virtual harddisk
paritions / filesystem.) LVM and a hardware RAID perform virtually all
of the tasks Gluster would offer you. If having a fail over node is
important to you, I'd just drop the hardware RAID and use Gluster. I
personally don't use LVM, as I find it to be the source of a lot of
unnecessary headaches, but you can use it with Gluster without penalty.

Gluster, in my opinion, tends to work best without abstraction layers
underneath it. You can use LVM, but I personally would prefer physical
partitions / disks for the bricks. As there is less chance of LVM
grabbing the wrong partitions and causing a boot to emergency mode.
(Which is reported on the list a lot.) Granted that's not fesible in
many cases, but I consider it when Gluster is involved.

2) If you choose to use Gluster, the only thing you'll really lose by
doing a 3 node pool to start with is the time to replicate to the new
bricks after adding them. Although, if you want to test how things work
with your hardware RAID you may want to start with all 6, so that you
can get accurate measurements, especially latency, for real usage.

-Patrick Hibbs

On Tue, 2022-05-31 at 03:14 +, b...@fastmail.com wrote:
> Hi all, planning a new 6 node hyper-converged cluster. Have a couple
> of questions 
> 
> 1) storage - I think we want to do 2x replicas and 1 arbiter, in the
> chained configuration seen here (example 5.7)
> https://access.redhat.com/documentation/en-us/red_hat_gluster_storage/3.5/html/administration_guide/creating_arbitrated_replicated_volumes
> 
> any suggestions on how that looks from the bottom up? for example
> does each host have all their disks in a single hardware raid6
> volume, and then the bricks are thinly provisioned via LVM on top so
> each node has 2 data and 1 arbiter bricks. or is something else
> recommended? 
> 
> 2) setup - Do I start with a 3 node pool and extend to 6 or use
> ansible to set up 6 from the start? 
> 
> Thanks
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/KPE7N5VCLBMXM5OXVNTDZUCZPVRAUZMB/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5YBP2VKAO7LRVEPYCXO35GIQW3FADXFO/

[ovirt-users] Re: oVirt survey questions gathering

2022-05-20 Thread Patrick Hibbs

My question suggestions:

1. Do you use any 3rd party management utility?
- oVirt Desktop Client
- moVirt
- Other: Free text entry.

2. If you use a third party management utility, what kind of users are
allowed to use it?
- Admins only.
- End Users only.
- Admins / End Users.
- Auditors.
- Everyone.

3. If you use a third party management utility, what is your primary
reason for using it?
- Avoid using a web browser.
- Limit engine visibility to end-users / avoid overwhelming them.
- Backup and Restoration.
- Security.
- Other: Free text entry.

4. If you use a third party management utility, what is a feature you'd
like to see implemented most?
- Image upload / download.
- VM creation / deletion.
- VM config edit.
- Other: Free text entry.

5. What is the most frusturating part of managing an oVirt
installation?
- Storage Domain connectivity.
- CentOS Stream updates.
- Certificate Management.
- Lack of CPU type options / Unsupported configurations.
- Lack of official support for versions other than the most recent
release of oVirt.
- Other: Free text entry.

6. What feature would you like to see implemented in oVirt? (Select all
that apply.)
- More CPU types / allow unsupported VM hosts.
- Centralized Certificate Management.
- VM PCI bus tree editing. (Change order of the VM's PCI devices /
Change PCI slot numbers for VM devices / etc.)
- UEFI vars support for non-SecureBoot VMs.
- VM UEFI firmware replacement. (Upload replacement firmware for a VM
to use via the WebUI.)
- Additional Engine / VDSM Host OS support. (Alma / Rocky / Debian /
etc.)
- Integrated Power Utilization Monitoring.
- Other: Free text entry.

-Patrick Hibbs

On Mon, 2022-05-16 at 11:47 +0200, Sandro Bonazzola wrote:
> Hi, as every year I'd like to have a survey gathering feedback from
> the oVirt community.
> I would like to get input from the community itself on what you'd
> like to know from the other members of the community.
> 
> As oVirt developer: which question may help you take decisions on new
> features or deprecate existing ones you consider unused?
> As oVirt sysadmin user: which question may help you take decisions on
> your datacenters planning?
> As a third party software vendor (backup, monitoring, ...): which
> questions may help you drive your further developments integrating
> with oVirt?
> As a downstream vendor, integrator, consultant offering services
> around oVirt: which questions may help you drive your investment on
> contributing to oVirt project?
> As a university, research center, high school, code club, which
> questions may help you drive your decision to be involved with the
> future of oVirt project?
> Any other questions you think may be relevant and worth asking the
> oVirt community?
> 
> Collecting questions suggested in this thread here:
> https://github.com/oVirt/ovirt-site/wiki/oVirt-2022-Survey-questions
> 
> Thanks,
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/W6O77QNAAMJJYGWJXU24SS2P6GIDJNOF/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VGIQOPRDC5G3PM6T35ZQX7V2MXXPEZ2F/

[ovirt-users] Re: Upload Cerfiticate issue

2022-05-11 Thread Patrick Hibbs

No. The AIA section is for certificate distribution only. It's used if
the client cannot build a valid certificate chain with it's current
information. In that case it needs an insecure connection, or a secure
connection that the client can build a certificate chain for, to be
able to download the CA. You cannot use a certificate you don't have to
establish a secure connection for downloading that same certificate.

-Patrick Hibbs

On Wed, 2022-05-11 at 15:41 +, lou...@ameritech.net wrote:
> I started to investigate based on your question regarding a secure
> connection.  From that investigation this what I’ve found:
> 
> When viewing he certificate the AIA section shows the following:
> 
> Authority Info (AIA)
> Location:
> http://ovirtdl380gen10.cscd.net:80/ovirt-engine/services/pki-resource?resource=ca-certificate=X509-PEM-CA
> 
> Method: CA Issuers
> 
> It appears that the certificate is being issue/released on port 80,
> could this be the reason no connection can be established with the
> “ovirt imageio” service; since the service is looking for a
> connection on a secured port such as 443?
> 
> How can or what should be done to correct this.  If this is the issue
> I suspect that I need to have a certificate that is from port 443 or
> some other secured connection.  
> 
> Thanks
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/2C3FIPZEZ4HQ636J4FTVSEHBML3SLUL7/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JFBPITB3BCHZFD7VDM2NMEQ5BRHS3EON/

[ovirt-users] Re: Upload Cerfiticate issue

2022-05-10 Thread Patrick Hibbs

You shouldn't need to change anything if you are using the apache cert
generated by engine-setup. That whole conversation only applies if
you've changed the certificate used by apache on the engine host.

For default setups, you just need to import and trust the CA generated
by engine-setup into your browser(s).

-Patrick Hibbs

On Mon, 2022-05-09 at 19:38 +, lou...@ameritech.net wrote:
> I’m trying to upload an ISO image in ovirt 4.4.10, It’s been a huge
> challenge to accomplish this.  I read several post regarding this
> issue, I really don’t have s clear understanding of solution to this
> issue.  My experience has not been very fruitful at all.  
> 
> When I try to perform the upload using the web GUI I get the
> following message in the status column: “Paused by System“.  I’ve
> been reading for roughly three weeks trying to understand and resolve
> the issue.  There is a tremendous amount of discussion centered
> around changing certificate file located in the directory
> “etcpki/ovirt-engine”, however it not clear at all what files need to
> change.  
> 
> My installation is an out-of-box installation with any certificates
> beginning generated as part of the install process, I’ve imported the
> certificate that was generated into my browser/Firefox 91.9.0.  
> Based on what I’ve been reading the solution to my problems is that
> the certificate does not match the certificate defined in the
> “imageio-service”, my question is why because it was generated as
> part of the installation?  
> 
> What files in the “/etc/pki/ovirt-engine” must be changed to get
> things working.  Further should  or do I copy the certificate saved
> from the GUI to files under “/etc/pki/ovirt-engine” directory?  
> 
> I feel like I’m so close after six month of reading and re-installs,
> what do I do next?  
> 
> Thanks
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/YVGGVNOQ5FL7OXW35RGENZHQGTGO624V/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/PMYYUCQ565YEYEV2QILI3ZSKNFSTIAJB/

[ovirt-users] Re: Ovirt engine Isuue

2022-05-05 Thread Patrick Hibbs

I upgraded my engine from 4.4 to 4.5 while excluding the postgresql-
jdbc package. Works just fine, with the Web UI.

What storage you use has nothing to do with the postgresql-jdbc issue.

-Patrick Hibbs

On Thu, 2022-05-05 at 18:31 +, brian.homr...@gmail.com wrote:
> For everyone recommending the downgrade of postgresql-jdbc,  can
> someone CONFIRM that they have a running ovirt-engine WITH WEB UI
> after they did this?
> 
> I have a server that is running a hosted-engine instance which was
> successfully written to shared storage so it deployed fully and ran
> thru the Gluster external setup.
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/HAZ7LDP5QGKPRSCCG7ZMJ3HBFXNQUN5Q/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/6XMTOWTQ662V33UEZWMM4UI2OQAGVNKH/

[ovirt-users] Re: Webadmin and API down with error 500 after updating from 4.4 to 4.5

2022-05-01 Thread Patrick Hibbs

As RockyLinux seems to have postgresql-jdbc-42.2.3-3.el8_2, you
shouldn't be hitting the major bug currently. Also you are using oVirt
4.4 and shouldn't be hitting the ansible-core issue either.

I'm afraid we'll need more info from your logs to give you any help.

-Patrick Hibbs

On Sat, 2022-04-30 at 18:27 +, brian.homr...@gmail.com wrote:
> I'm attempting a 4.4.9 install on Rocky 8.5,  and getting the same
> errors.
> 
> Any insight on this error
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZS5U2QJA4DPSCGJEIARJJG4WMLLFD2C2/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/2ONI6ITXAFOT67GLQKBDYALAQ4YKVBGR/

[ovirt-users] Re: Issue upgrading 4.4 to 4.5 Gluster HCG

2022-05-01 Thread Patrick Hibbs

This bug also affects non-hyperconverged Gluster volumes run by Debian
hosts. (Debian uses Gluster 9. Specifically glusterfs-server 9.2-1.)

Funnily enough, Gluster 9 is compatible with both oVirt 4.4 and 4.5.
With no changes required on the Gluster side at all. So it seems that
this bug is purely an oVirt 4.5 issue.

Is there an ETA on the upstream update?

-Patrick Hibbs

On Fri, 2022-04-29 at 02:39 +0300, Nir Soffer wrote:
> On Tue, Apr 26, 2022 at 12:47 PM Alessandro De Salvo
>  wrote:
> > 
> > Hi,
> > 
> > the error with XML and gluster is the same I reported with a
> > possible fix in vdsm in another thread.
> > 
> > The following fix worked for me, i.e. replacing the following line
> > in /usr/lib/python3.6/site-packages/vdsm/gluster/cli.y
> > 
> > 429c429
> > < if (el.find('stripeCount')): value['stripeCount'] =
> > el.find('stripeCount').text
> > 
> > ---
> > >     value['stripeCount'] = el.find('stripeCount').text
> > 
> > In this way, after restarting vdsmd and supervdsmd, I was able to
> > connect to gluster 10 volumes. I can file a bug if someone could
> > please point me where to file it :-)
> 
> Someone already filed a bug:
> https://github.com/oVirt/vdsm/issues/155
> 
> You can send a pull request with this fix:
> https://github.com/oVirt/vdsm/pulls
> 
> Nir
> 
> > 
> > Cheers,
> > 
> > 
> >     Alessandro
> > 
> > 
> > Il 26/04/22 10:55, Sandro Bonazzola ha scritto:
> > 
> > @Gobinda Das can you please have a look?
> > 
> > Il giorno mar 26 apr 2022 alle ore 06:47 Abe E 
> > ha scritto:
> > > 
> > > Hey All,
> > > 
> > > I am having an issue upgrading from 4.4 to 4.5.
> > > My setup
> > > 3 Node Gluster (Cluster 1) + 3 Node Cluster (Cluster 2)
> > > 
> > > If i recall the process correctly, the process I did last week:
> > > 
> > > On all my Nodes:
> > > dnf install -y centos-release-ovirt45 --enablerepo=extras
> > > 
> > > On Ovirt Engine:
> > > dnf install -y centos-release-ovirt45
> > > dnf update -y --nobest
> > > engine-setup
> > > 
> > > Once the engine was upgraded successfully I ran the upgrade from
> > > the GUI on the Cluster 2 Nodes one by one although when they came
> > > back, they complained of "Host failed to attach one of the
> > > Storage Domains attached to it." which is the "hosted_storage",
> > > "data" (gluster).
> > > 
> > > I thought maybe its due to the fact that 4.5 brings an update to
> > > the glusterfs version, so I decided to upgrade Node 3 in my
> > > Gluster Cluster and it booted to emergency mode after the install
> > > "succeeded".
> > > 
> > > I feel like I did something wrong, aside from my bravery of
> > > upgrading so much before realizing somethings not right.
> > > 
> > > My VDSM Logs from one of the nodes that fails to connect to
> > > storage (FYI I have 2 Networks, one for Mgmt and 1 for storage
> > > that are up):
> > > 
> > > [root@ovirt-4 ~]# tail -f /var/log/vdsm/vdsm.log
> > > 2022-04-25 22:41:31,584-0600 INFO  (jsonrpc/3) [vdsm.api] FINISH
> > > repoStats return={} from=:::172.17.117.80,38712,
> > > task_id=8370855e-dea6-4168-870a-d6235d9044e9 (api:54)
> > > 2022-04-25 22:41:31,584-0600 INFO  (jsonrpc/3) [vdsm.api] START
> > > multipath_health() from=:::172.17.117.80,38712,
> > > task_id=14eb199a-7fbf-4638-a6bf-a384dfbb9d2c (api:48)
> > > 2022-04-25 22:41:31,584-0600 INFO  (jsonrpc/3) [vdsm.api] FINISH
> > > multipath_health return={} from=:::172.17.117.80,38712,
> > > task_id=14eb199a-7fbf-4638-a6bf-a384dfbb9d2c (api:54)
> > > 2022-04-25 22:41:31,602-0600 INFO  (periodic/1) [vdsm.api] START
> > > repoStats(domains=()) from=internal, task_id=08a5c00b-1f66-493f-
> > > a408-d4006ddaa959 (api:48)
> > > 2022-04-25 22:41:31,603-0600 INFO  (periodic/1) [vdsm.api] FINISH
> > > repoStats return={} from=internal, task_id=08a5c00b-1f66-493f-
> > > a408-d4006ddaa959 (api:54)
> > > 2022-04-25 22:41:31,606-0600 INFO  (jsonrpc/3) [api.host] FINISH
> > > getStats return={'status': {'code': 0, 'message': 'Done'},
> > > 'info': (suppressed)} from=:::172.17.117.80,38712 (api:54)
> > > 2022-04-25 22:41:35,393-0600 INFO  (jsonrpc/5) [api.host] START
> > > getAllVmStats() from=:::172.17.117.80,38712 (api:48)
> > > 2022-04-25 22:41:35,393-0600 INFO  (jsonr

[ovirt-users] Re: HELP ME! Failed to validate the SSL certificate for localhost:443

2022-04-30 Thread Patrick Hibbs

>[ERROR] fatal:[localhost -> my_fqdn.domain]:FAILED!=>{"attempts":12,
>"changed":false,"msg":"Failed to validate the SSL certificate for
>localhost:443.
>Make sure your managed systems have a valid CA certificate installed. 

Given that this seems to be an error from engine-setup, you've probably
answered "localhost" when it asked you for the Host FQDN. Run engine-
cleanup and then rerun engine-setup and give it the host's actual FQDN
when engine-setup asks for it. (Typing localhost won't resolve it. You
must give engine-setup the actual FQDN you want the engine to use.)

-Patrick Hibbs

On Sat, 2022-04-30 at 02:35 +, natchaw...@gmail.com wrote:
> My records on the DNS server are as follows. When I check with
> nslookup, there is no
> access problem.
> 
> i'm not use localhost.
> 
> =
> 
> Forward Lookup Zones
> domain.co.th
> gateway-node.doamin.co.th.  IN  A  10.99.101.90
> manage-node.doamin.co.th.  IN  A  10.99.101.111
> 
> Reverse Lookup Zones
> 10.99.101.in-addr.arpa
> 10.99.101.90   IN   PTR   gateway-node.doamin.co.th.
> 10.99.101.111  IN  PTR   manage-node.doamin.co.th.
> =
> 
> What exactly is the problem that needs to be solved?
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/P7KQVKBEHEAUNXT2H43ZTS32KCARXAWE/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FKEFAG5L2JJ4TFN6CEBOVB4OKTU2FQBW/

[ovirt-users] Re: unable to upgrade engine to 4.4.10 from 4.4.8

2022-04-29 Thread Patrick Hibbs

No. The CentOS repos are controlled by the centos-stream-repos package,
but I would not recommend installing that package on a non CentOS
Stream system, as you would have conflicting packages and would most
likely break your underlying system.

-Patrick Hibbs

On Thu, 2022-04-28 at 12:43 +, Diggy Mc wrote:
> > I would add, as you are on CentOS Linux 8, I would recommend
> > switching it
> > either to some other RHEL clone (Alma, Rocky,...) or to CentOS
> > Stream as a
> > first step.
> 
> Wouldn't updating the oVirt packages (# dnf update ovirt\*setup\*)
> switch the repositories to CentOS Stream?
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/EKRUW4BF3LSNT2W2PMQKJK3D7F4V2L4U/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/DAH26VZVGDXCLDS4XCHAJLULLDPQ4XVY/

[ovirt-users] Re: unable to upgrade engine to 4.4.10 from 4.4.8

2022-04-29 Thread Patrick Hibbs

Sorry for the delay, my mail client missed this one.

The ovirt-release.rpm package contains the ovirt-*.repo
files which define the mirrorlists used to install / update oVirt's
packages for that specific major and minor version of oVirt.

The ovirt\*setup\* packages only contain the files needed to install /
upgrade the engine itself. They do not have the .repo files needed to
locate those packages.

-Patrick Hibbs

On Thu, 2022-04-28 at 12:41 +, Diggy Mc wrote:
> > Redownload the latest 4.4 release rpm and install it on the hosts.
> > That
> > should fix your mirrorlists.
> 
> Patrick,  I'm not sure how updating the hosts first would fix the
> mirrorlist/repositories on the hosted engine.
> 
> The command I ran on the hosted engine, per the published
> instructions was:
> # dnf update ovirt\*setup\*
> which should update only the oVirt packages.  Can/should I disable
> the broken CentOS Linux repositories and try again?
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/O5FRTXSINT74GINNX3RAIBYWZX3FWESK/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GWFIIBT24DGMECSLQD5C5EPZW3SAAMHA/

[ovirt-users] Re: unable to upgrade engine to 4.4.10 from 4.4.8

2022-04-28 Thread Patrick Hibbs

The ovirt-release rpm only contains the repos for oVirt specific stuff.
You've changed the repos for the CentOS base installation. (I.e. the
"core" distribution repos.) To fix this, you need to:

1) Reinstall the centos-stream-repos package.
2) Run rpm --verify * and look for any .repo files under
/etc/yum.repos.d/ in the output then search for the packages they came
from and reinstall them with dnf reinstall .
3) Download and install ovirt-release44.rpm.

-Patrick Hibbs

On Thu, 2022-04-28 at 17:15 +0300, Andrei Verovski wrote:
> Hi,
> 
> Is this correct order of actions:
> 
> 1) download ovirt-release44.rpm
> 2) Remove all repos from /etc/yum.repos.d/ - because of outdated data
> 3)  Install ovirt-release44.rpm, which does have all correct repos’
> list inside.
> 
> 
> > On 28 Apr 2022, at 16:46, Patrick Hibbs 
> > wrote:
> > 
> > That's kinda messed up.
> > 
> > You did not need to change the mirrorlists for the base
> > installation,
> > as the current ovirt-release44.rpm fixes those for you. By doing
> > what
> > you did, you now have a base system trying to install most of it's
> > packages from the CentOS vault, which is intermittent / slow with
> > out-
> > dated packages, and gaining no real benefit from it.
> > 
> > I'd revert those changes, restore your repo files to their default
> > versions, and install the current ovirt-release rpm.
> > 
> > -Patrick Hibbs
> > 
> > On Thu, 2022-04-28 at 16:25 +0300, Andrei Verovski wrote:
> > > Hi,
> > > 
> > > I have same issue.
> > > Partially I fixed it with conversion to CentOS Stream.
> > > 
> > > rm -rf /var/cache/dnf
> > > cd /etc/yum.repos.d/
> > > sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
> > > sed -i
> > > 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g'
> > >  /etc/yum.repos.d/CentOS-*
> > > 
> > > sudo dnf install --disablerepo='*'
> > > https://resources.ovirt.org/pub/yum-repo/ovirt-release44.rpm
> > > 
> > > dnf distro-sync —nobest
> > > 
> > > It install latest oVirt Engine 4.4.10.2, yet Web UI still shows
> > > 4.4.7.6.
> > > 
> > > engine-setup fails with:
> > > [ INFO  ] DNF Downloaded CentOS Linux 8 - AppStream
> > > [ ERROR ] DNF Failed to download metadata for repo 'appstream':
> > > Cannot prepare internal mirrorlist: No URLs in mirrorlist
> > > [ ERROR ] Failed to execute stage 'Environment setup': Failed to
> > > download metadata for repo 'appstream': Cannot prepare internal
> > > mirrorlist: No URLs in mirrorlist
> > > 
> > > I don’t know if its safe to leave oVirt Engine in this half-
> > > upgraded
> > > condition or better to revert back to pristine 4.4.7.6.
> > > 
> > > 
> > > Anyone found solution to upgrade to 4.4.10.2 ?
> > > 
> > > Thanks in advance.
> > > 
> > > 
> > > > On 28 Apr 2022, at 15:43, Diggy Mc  wrote:
> > > > 
> > > > > I would add, as you are on CentOS Linux 8, I would recommend
> > > > > switching it
> > > > > either to some other RHEL clone (Alma, Rocky,...) or to
> > > > > CentOS
> > > > > Stream as a
> > > > > first step.
> > > > 
> > > > Wouldn't updating the oVirt packages (# dnf update
> > > > ovirt\*setup\*)
> > > > switch the repositories to CentOS Stream?
> > > > ___
> > > > Users mailing list -- users@ovirt.org
> > > > To unsubscribe send an email to users-le...@ovirt.org
> > > > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > > > oVirt Code of Conduct:
> > > > https://www.ovirt.org/community/about/community-guidelines/
> > > > List Archives:
> > > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/EKRUW4BF3LSNT2W2PMQKJK3D7F4V2L4U/
> > > ___
> > > Users mailing list -- users@ovirt.org
> > > To unsubscribe send an email to users-le...@ovirt.org
> > > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > > oVirt Code of Conduct:
> > > https://www.ovirt.org/community/about/community-guidelines/
> > > List Archives:
> > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/HPIGXJZNK3BITHWX75JW2YGHB77EPLAR/
> > 
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > oVirt Code of Conduct:
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/A5RU5PGZENL3GXI4IISKSYEQJ3RFTLVJ/
> 

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/EZJTD3DP5JANUVCKTSKU6VHUUJYA7DSK/

[ovirt-users] Re: unable to upgrade engine to 4.4.10 from 4.4.8

2022-04-28 Thread Patrick Hibbs

That's kinda messed up.

You did not need to change the mirrorlists for the base installation,
as the current ovirt-release44.rpm fixes those for you. By doing what
you did, you now have a base system trying to install most of it's
packages from the CentOS vault, which is intermittent / slow with out-
dated packages, and gaining no real benefit from it.

I'd revert those changes, restore your repo files to their default
versions, and install the current ovirt-release rpm.

-Patrick Hibbs

On Thu, 2022-04-28 at 16:25 +0300, Andrei Verovski wrote:
> Hi,
> 
> I have same issue.
> Partially I fixed it with conversion to CentOS Stream.
> 
> rm -rf /var/cache/dnf
> cd /etc/yum.repos.d/
> sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
> sed -i
> 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g'
>  /etc/yum.repos.d/CentOS-*
> 
> sudo dnf install --disablerepo='*'
> https://resources.ovirt.org/pub/yum-repo/ovirt-release44.rpm
> 
> dnf distro-sync —nobest
> 
> It install latest oVirt Engine 4.4.10.2, yet Web UI still shows
> 4.4.7.6.
> 
> engine-setup fails with:
> [ INFO  ] DNF Downloaded CentOS Linux 8 - AppStream
> [ ERROR ] DNF Failed to download metadata for repo 'appstream':
> Cannot prepare internal mirrorlist: No URLs in mirrorlist
> [ ERROR ] Failed to execute stage 'Environment setup': Failed to
> download metadata for repo 'appstream': Cannot prepare internal
> mirrorlist: No URLs in mirrorlist
> 
> I don’t know if its safe to leave oVirt Engine in this half-upgraded
> condition or better to revert back to pristine 4.4.7.6.
> 
> 
> Anyone found solution to upgrade to 4.4.10.2 ?
> 
> Thanks in advance.
> 
> 
> > On 28 Apr 2022, at 15:43, Diggy Mc  wrote:
> > 
> > > I would add, as you are on CentOS Linux 8, I would recommend
> > > switching it
> > > either to some other RHEL clone (Alma, Rocky,...) or to CentOS
> > > Stream as a
> > > first step.
> > 
> > Wouldn't updating the oVirt packages (# dnf update ovirt\*setup\*)
> > switch the repositories to CentOS Stream?
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > oVirt Code of Conduct:
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/EKRUW4BF3LSNT2W2PMQKJK3D7F4V2L4U/
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/HPIGXJZNK3BITHWX75JW2YGHB77EPLAR/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/A5RU5PGZENL3GXI4IISKSYEQJ3RFTLVJ/

[ovirt-users] Re: unable to upgrade engine to 4.4.10 from 4.4.8

2022-04-27 Thread Patrick Hibbs

Redownload the latest 4.4 release rpm and install it on the hosts. That
should fix your mirrorlists.

Do be aware that there is an ongoing issue with postgresql-jdbc and
that you'll need to exclude it from the upgrade process with "dnf
update -x postgresql-jdbc" otherwise the engine will fail to start.
You'll also need to exclude ansible-core if you are running centos-
stream.

Also, "oVirt 4.4.x is EOL. Please upgrade to oVirt 4.5 as soon as
practical."

-Patrick Hibbs

On Wed, 2022-04-27 at 22:24 +, Diggy Mc wrote:
> ovirt-
> 4.4  
>  Latest oVirt 4.4 Release

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/337MGHVGMRHP7PTMT53NE6MLBN3Q5MSB/

[ovirt-users] Re: Q: Non-Operational Node Hosts - Ghost Network Problem

2022-04-27 Thread Patrick Hibbs

Your logs suggest that VDSM hasn't detected the removal of the network
yet. Did you try clicking on the "Sync Host Networks" button on the
non-operational hosts?

If you've changed the network config, VDSM may have failed to set up
the host properly. What does the output of "ip addr show" on these
hosts?

Manually removing the network from the hosts is only a temporary fix.
VDSM will attempt to recreate the network on restart if VDSM's config
isn't sync'd with the engine.

-Patrick Hibbs

On Wed, 2022-04-27 at 12:36 +0300, Andrei Verovski wrote:
> Hi,
> 
> 
> I run into nasty and unexpected problem (oVirt 4.4.7.6-1.el8 ) and 2
> non-operational node hosts, which seem relate to ghost network
> glitch.
> Everything worked fine for a very long time until I did the
> following.
> 
> 1) Made a backup of several VMs which have network “CloudLink-ISP2”.
> 2) Moved VM disks into another node hosts, which don’t have link
> “CloudLink-ISP2”, and forgot (preliminary to move) to re-configure
> network interface (remove link to “CloudLink-ISP2”) as I did before..
> 3) Now I have 2 hosts in non-operational mode which is a really big
> problem - there are only 3 nodes total in a cluster.
> 
> I tried to fix this by adding 3rd network “CloudLink-ISP2” to each
> non-operational hosts, and connected ethernet interfaces to a switch.
> Unfortunately, it didn’t helped either because for whatever reason
> link did not go up.
> 
> How I can remove any reference to “CloudLink-ISP2” from node11 and
> node14? They don’t have any VMs needed that “CloudLink-ISP2”. I
> edited even inactive VMs and removed “CloudLink-ISP2”.
> May be there is an option to ignore missing or downed links whn
> activating node hosts?
> 
> Thanks in advance for any help.
> 
> 
> ——
> 
> Logs:
> 
> 2022-04-27 11:16:59,769+03 ERROR
> [org.ovirt.engine.core.bll.SetNonOperationalVdsCommand] (EE-
> ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-51)
> [5ab20328] Host 'node14' is set to Non-Operational, it is missing the
> following networks: 'CloudLink-ISP2'
> 2022-04-27 11:16:59,790+03 WARN 
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector
> ] (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-
> Thread-51) [5ab20328] EVENT_ID: VDS_SET_NONOPERATIONAL_NETWORK(519),
> Host node14 does not comply with the cluster ClusterRiga11 networks,
> the following networks are missing on host: 'CloudLink-ISP2'
> 2022-04-27 11:16:59,884+03 INFO 
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector
> ] (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-
> Thread-51) [55610e1e] EVENT_ID: VDS_DETECTED(13), Status of host
> node14 was set to NonOperational.
> 2022-04-27 11:16:59,907+03 INFO 
> [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (EE-
> ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-51)
> [5d6ef791] Host 'node14'(aa871d44-94e2-4fdb-aeb3-ca0ae8dc568f) is
> already in NonOperational status for reason 'NETWORK_UNREACHABLE'.
> SetNonOperationalVds command is skipped.
> 
> 2022-04-27 11:12:26,050+03 ERROR
> [org.ovirt.engine.core.bll.SetNonOperationalVdsCommand] (EE-
> ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-19)
> [5400352e] Host 'node11' is set to Non-Operational, it is missing the
> following networks: 'CloudLink-ISP2'
> 2022-04-27 11:12:26,070+03 WARN 
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector
> ] (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-
> Thread-19) [5400352e] EVENT_ID: VDS_SET_NONOPERATIONAL_NETWORK(519),
> Host node11 does not comply with the cluster ClusterRiga11 networks,
> the following networks are missing on host: 'CloudLink-ISP2'
> 2022-04-27 11:12:26,192+03 INFO 
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector
> ] (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-
> Thread-19) [57d79e54] EVENT_ID: VDS_DETECTED(13), Status of host
> node11 was set to NonOperational.
> 2022-04-27 11:12:26,214+03 INFO 
> [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (EE-
> ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-19)
> [151821e3] Host 'node11'(3c854f9c-2cdd-423e-bca0-37964ba76702) is
> already in NonOperational status for reason 'NETWORK_UNREACHABLE'.
> SetNonOperationalVds command is skipped.
> 
> 2022-04-27 11:51:10,539+03 INFO 
> [org.ovirt.engine.core.vdsbroker.VdsManager] (EE-
> ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-62)
> [] Clearing domains data for host node14
> 2022-04-27 11:51:10,539+03 INFO 
> [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (

[ovirt-users] Re: Issue on Ovirt Node 4.4.10 installation by using DUD for MPTSAS driver update

2022-04-25 Thread Patrick Hibbs

That error typically means you don't have the correct DUD for the
kernel you are using. Each DUD is kernel specific, and will only work
on the kernel it was built for.

You need to find whatever DUD matches the kernel used in oVirt Node
4.4.10.

Alternatively, to quote the inevitable response from Sandro Bonazzola:
"oVirt Node 4.4 is now EOL. Please upgrade to oVirt Node 4.5 as soon as
practical."

-Patrick Hibbs

On Fri, 2022-04-22 at 22:19 +, peter...@guest-tek.com wrote:
> Hello, 
> 
> I'm trying to install Ovirt Node 4.4.10 to my server and it gets an
> error when I'm trying to install iso for my MPT SAS driver by using
> DUD. 
> In the boot menu, I pressed tab to enter Kernel and added "inst,dd".
> After that I got a screen shows a list of disk devices and selected
> USB that has iso file for MPT SAS :
> "Device : sda1 / Type : Vfat / Label : OEMDRV / UUDI : 6837-8481"
> 
> Then, I selected drivers to install : 
> "/media/DD-2/rpms/x86_64/kmod-mptsas-3.04.20-
> 6.e18_5.elrepo.x86_64.rpm"
> 
> And I pressed "C" to continue and gets an error message below :
> 
> "modprobe : ERROR : could not insert 'mptsas' : invalid argument"
> 
> Could you please help me what's the next step I can try to fix the
> issue? 
> 
> Thank you
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/ARCK2NHPQ4AQK7I5EUISUCSQCTHXIV7Q/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YPK6NWVAMJWELMLDGABQLOMCVURAROJP/

[ovirt-users] Re: Unable to access ovirt Admin Screen from ovirt Host

2022-04-09 Thread Patrick Hibbs

>AH00558: httpd: Could not reliably determine the server's fully
> qualified domain name, using fe80::d6f5:efff:fe0f:cd00. Set the
> 'ServerName' directive globally to suppress this message

That effectively means: "Apache cannot determine what the virtual
hostname is supposed to be for an interface it's running on."

In this case, the interface in question is whichever one has / had
fe80::d6f5:efff:fe0f:cd00 as it's address at the time the error was
logged.

To fix it, you'll need to set the hostname somewhere. Either in
/etc/hosts which will allow you to set it only for the IP address in
question, or in Apache's config where it will become the default
hostname used as a last resort.

Until this is fixed, oVirt won't reliably know what the hostname is for
a given connection and therefore SSO, and the web UI, will fail.


>[Sat Apr 09 10:47:17.532141 2022] [lbmethod_heartbeat:notice] [pid
> 36315:tid 140286292900160] AH02282: No slotmem from mod_heartmonitor

This module is for load balancing. It's not required by oVirt. You may
want to consider disabling it until you get the web UI working on the
server to reduce the chances of it causing problems while you
troubleshoot.

The rest are just status messages from Apache's startup.

-Patrick Hibbs

On Sat, 2022-04-09 at 15:47 +, lou...@ameritech.net wrote:
> This has not been easy to say the least I've been working on this for
> months and have done several re-installs from scratch to include the
> OS/RHEL 8.5.  Below is a snap shot of the logs, I don't understand
> what they are trying to tell me about the error, any help is greatly
> appreciated.
> 
> sudo more /var/log/httpd/error_log
> [Sat Apr 09 10:47:17.463649 2022] [core:notice] [pid 36315:tid
> 140286292900160] SELinux policy enabled; httpd running as context
> system_u:system_
> r:httpd_t:s0
> [Sat Apr 09 10:47:17.464791 2022] [suexec:notice] [pid 36315:tid
> 140286292900160] AH01232: suEXEC mechanism enabled (wrapper:
> /usr/sbin/suexec)
> [Sat Apr 09 10:47:17.512147 2022] [so:warn] [pid 36315:tid
> 140286292900160] AH01574: module proxy_module is already loaded,
> skipping
> AH00558: httpd: Could not reliably determine the server's fully
> qualified domain name, using fe80::d6f5:efff:fe0f:cd00. Set the
> 'ServerName' dire
> ctive globally to suppress this message
> [Sat Apr 09 10:47:17.532141 2022] [lbmethod_heartbeat:notice] [pid
> 36315:tid 140286292900160] AH02282: No slotmem from mod_heartmonitor
> [Sat Apr 09 10:47:17.537642 2022] [mpm_event:notice] [pid 36315:tid
> 140286292900160] AH00489: Apache/2.4.37 (Red Hat Enterprise Linux)
> OpenSSL/1.
> 1.1k mod_fcgid/2.3.9 mod_wsgi/4.6.4 Python/3.6 configured -- resuming
> normal operations
> [Sat Apr 09 10:47:17.537676 2022] [core:notice] [pid 36315:tid
> 140286292900160] AH00094: Command line: '/usr/sbin/httpd -D
> FOREGROUND'
> [Sat Apr 09 10:52:36.458433 2022] [core:notice] [pid 3400:tid
> 139718137252160] SELinux policy enabled; httpd running as context
> system_u:system_r
> :httpd_t:s0
> [Sat Apr 09 10:52:36.459740 2022] [suexec:notice] [pid 3400:tid
> 139718137252160] AH01232: suEXEC mechanism enabled (wrapper:
> /usr/sbin/suexec)
> [Sat Apr 09 10:52:36.482068 2022] [so:warn] [pid 3400:tid
> 139718137252160] AH01574: module proxy_module is already loaded,
> skipping
> AH00558: httpd: Could not reliably determine the server's fully
> qualified domain name, using fe80::d6f5:efff:fe0f:cd00. Set the
> 'ServerName' dire
> ctive globally to suppress this message
> [Sat Apr 09 10:52:36.501468 2022] [lbmethod_heartbeat:notice] [pid
> 3400:tid 139718137252160] AH02282: No slotmem from mod_heartmonitor
> [Sat Apr 09 10:52:36.506571 2022] [mpm_event:notice] [pid 3400:tid
> 139718137252160] AH00489: Apache/2.4.37 (Red Hat Enterprise Linux)
> OpenSSL/1.1
> .1k mod_fcgid/2.3.9 mod_wsgi/4.6.4 Python/3.6 configured -- resuming
> normal operations
> [Sat Apr 09 10:52:36.506594 2022] [core:notice] [pid 3400:tid
> 139718137252160] AH00094: Command line: '/usr/sbin/httpd -D
> FOREGROUND'
> 
> 
> Thanks
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/RQUEM2OM7LS4KJVK7HQCAH7C672R7PGM/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UQ3VXN6WXHWFXDZVDXL4UWMBPMAIAGT5/

[ovirt-users] Re: Engine across Clusters

2022-03-11 Thread Patrick Hibbs

If you are trying to re-use the existing bricks (gluster hosts) for
both clusters, you could potentially do it by making a seperate volume
on each brick. Then just have both clusters use their own specific
volume.

Underneath the volumes could have different physical media backing
them, or if you're willing to sacrifice space and visibility in the
GUI, the same media. (You'll need to keep them on separate filesystem
trees though.)

As for the engine VM, there's no way for it to use a separate cluster
other than the one it's assigned to, and VMs cannot be shared /
migrated across clusters. (Again, that's due to oVirt not having a
generic CPU type that would work regardless of the host's
manufacturer.)

I've never tried this but, you could potentially fudge it by exporting
the engine VM and re-importing it into the new cluster, setup some
external failover solution that would remap the IPs / hostname, and
start up the VM on the alternate cluster if the original one went down
using the rest api. oVirt can recover from an unexpected engine host
shutdown, (it has to for the hosted engine to work at all), but that
support assumes that only one engine host is present per database. At
the very least, the engine database would need to be on a separate
host, possibly with it's own mirroring and failover solution, and once
the original engine VM was restored, said VM would need to recognize
the other engine already has control over the data center, and not
interfere with the other engine. (I.e. The restored engine would need
to terminate until the replacement was shut down. Both VMs can *never*
be running at the same time.)

Of course, it goes without saying that this idea is completely
unsupported, the second engine VM would need to be kept up-to-date with
the original to avoid conflicts, and such a setup would be inherently
unstable. (Only as stable as the chosen database mirroring and failover
solution.) But if you've got a test setup to toy around and get
measurements with, it might be a fun project to spend a weekend on. :)

-Patrick Hibbs

On Fri, 2022-03-11 at 18:14 +, Abe E wrote:
> Has anyone setup hype converged gluster (3Nodes) and then added more
> after while maintaining access to the engine?
> An oversight on my end was 2 fold, Engine gluster being on engine
> nodes and new nodes requiring their own cluster due to different CPU
> type.
> 
> So basically I am trying to see if I can setup a new cluster for my
> other nodes that require it while trying to give them ability to run
> the engine and ofcourse because they arent part of the engine
> cluster, we all know how that goes. Has anyone dealt with this or
> worked around it, any advices?
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/QGP2ZCESCWLFQXHX5XSVNM5AK7KXAOAX/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OTGI4A6AZ3CMPWFQMA7JKQOUX2Y5BURL/

[ovirt-users] Re: Unable to upload ISO Image in ovirt 4.4.10

2022-03-08 Thread Patrick Hibbs

I'd also like to see an external notification
mechanism added too. Like an e-mail notification when something gets
too close to expiry. (Could just use sendmail configured by the host
initially, but I'm sure others would love to configure that via the Web
GUI too.) Also, maybe make the expiries configurable from the GUI tab
too.

As to what such a system would look like, I'd say use VDSM's database
to store the certificates / keys (along with a backup of the previous
key to prevent an upgrade failure from requiring a host reinstall) and
provide a REST API / VDSM command to access and manage them. With only
VDSM's cert and a client key permanently stored on the host file
systems. (VDSM needs to connect to the DB anyway to do something
useful.) When VDSM starts, it could connect to the DB and pull down any
updated certs / keys from it's database for use by the host's services
and itself. That way any changes to the keys or certs are picked up
when VDSM resets, and changes simply require the administrator to put
the affected hosts into and out of maintenance. As a bonus, this design
also gives us auditing of certificate changes (regulatory / legal /
policy compliance) for free.

As stated before, I'd love to hear other solutions / viewpoints.

-Patrick Hibbs

On Sun, 2022-03-06 at 23:58 +0200, Nir Soffer wrote:
> On Sun, Mar 6, 2022 at 11:42 PM Patrick Hibbs
>  wrote:
> > 
> > I set up a new ovirt test instance on a clean Rocky Linux 8.5
> > server
> > with a custom apache cert about two weeks ago.
> 
> Do you have single server used both for running ovirt-engine and
> as a hypervisor? This requires special configuration. If engine is
> not running on the hypervisor, for example engine runs in a VM or
> on another host, everything should work out of the box.
> 
> > Uploading a test image
> > via the browser didn't work until I changed the .truststore file.
> 
> .truststore file where?
> 
> > I should also point out that I also had to set the cert in apache's
> > config. Simply replacing the symlink in the cert directory didn't
> > work
> > as it wasn't pointing to it at all. (Instead it was pointing at
> > some
> > snakeoil cert generated by apache.) Granted, the apache issue is
> > specific to Rocky, but the imageio service is definitely in ovirt's
> > full control.
> > 
> > If the imageio service is supposed to work out of the box with a
> > custom
> > certificate, there's something amiss.
> 
> These are the defaults:
> 
> $ ovirt-imageio --show-config | jq '.tls'
> {
>   "ca_file": "/etc/pki/ovirt-engine/apache-ca.pem",
>   "cert_file": "/etc/pki/ovirt-engine/certs/apache.cer",
>   "enable": true,
>   "enable_tls1_1": false,
>   "key_file": "/etc/pki/ovirt-engine/keys/apache.key.nopass"
> }
> 
> The ovirt-imageio service works with apache configuration files.
> If these symlinks point to the right files, everything should work
> out of the box.
> 
> If you change the apache PKI files, you need to modify ovirt-imageio
> configuration by adding a drop-in configuration file with the right
> configuration:
> 
> $ cat /etc/ovirt-imageio/conf.d/99-local.conf
> [tls]
> key_file = /path/to/keyfile
> cert_file = /path/to/certfile
> ca_file = /path/to/cafile
> 
> Note: the following configuration *must not* change:
> 
> $ ovirt-imageio --show-config | jq '.backend_http'
> {
>   "buffer_size": 8388608,
>   "ca_file": "/etc/pki/ovirt-engine/ca.pem"
> }
> 
> This CA file is used to access the hosts, which are managed by
> ovirt-engine self signed CA, and cannot be replaced.
> 
> > WARNING: Small rant follows:
> > 
> > Yes, I could have changed a config file instead of changing
> > .truststore, but it's just another way to achieve the same result.
> > (And
> > the one I discovered back in ovirt 3.x.) It doesn't make the
> > process
> > any eaiser, if anything it's just another option to check if
> > something
> > goes wrong. Instead of checking only .truststore, Now we have to
> > check
> > .truststore, and any number of extra config files for a redirect
> > statement, and the load ordering of those config files, *and*
> > whether
> > or not those redirect statements point to a valid cert or not.
> > Instead
> > of having just one place to troubleshoot, now there's at least
> > four.
> > The config file change also doesn't make it any eaiser to perform
> > those
> > changes. You still need to manually make these changes via ssh on
> > the
> > engine host. Why would I want to advice changing a config file, and
> > risk t

[ovirt-users] Re: Unable to upload ISO Image in ovirt 4.4.10

2022-03-06 Thread Patrick Hibbs

I set up a new ovirt test instance on a clean Rocky Linux 8.5 server
with a custom apache cert about two weeks ago. Uploading a test image
via the browser didn't work until I changed the .truststore file.

I should also point out that I also had to set the cert in apache's
config. Simply replacing the symlink in the cert directory didn't work
as it wasn't pointing to it at all. (Instead it was pointing at some
snakeoil cert generated by apache.) Granted, the apache issue is
specific to Rocky, but the imageio service is definitely in ovirt's
full control.

If the imageio service is supposed to work out of the box with a custom
certificate, there's something amiss.

WARNING: Small rant follows:

Yes, I could have changed a config file instead of changing
.truststore, but it's just another way to achieve the same result. (And
the one I discovered back in ovirt 3.x.) It doesn't make the process
any eaiser, if anything it's just another option to check if something
goes wrong. Instead of checking only .truststore, Now we have to check
.truststore, and any number of extra config files for a redirect
statement, and the load ordering of those config files, *and* whether
or not those redirect statements point to a valid cert or not. Instead
of having just one place to troubleshoot, now there's at least four.
The config file change also doesn't make it any eaiser to perform those
changes. You still need to manually make these changes via ssh on the
engine host. Why would I want to advice changing a config file, and
risk that much of an additional mess to deal with in support, when I
can tell them one specific file to fix that has none of these extras to
deal with? Personally, I would choose the option with less chance for
human error.

/rant

-Patrick Hibbs

On Sun, 2022-03-06 at 21:54 +0200, Nir Soffer wrote:
> On Sun, Mar 6, 2022 at 9:42 PM  wrote:
> > 
> > I don't have the file "ovirt-imageio-proxy" on my system, is there
> > another file that I should be looking at?  Once I locate the
> > correct file what content in the file needs to change?
> > 
> > I'm using  the latest release of "Firefox/91.6.0" as my browser, 
> > and i import the "Engine CA" after the fact.  However, after the
> > import I tried again and got the same results.
> 
> In oVirt 4.4 the ovirt-imageio-proxy service was replaced with the
> ovirt-imageio service.
> 
> The built-in configuration should work with the default (self signed)
> CA and with custom
> CA without any configuration change.
> 
> Is this all-in-one installation, when ovirt-engine is installed on
> the
> single hypervisor,
> and the same host is added later as an hypervisor?
> 
> To make sure you configured the browser correctly, please open the
> "upload" dialog
> and click the "Test connection" button. If the testing the connection
> works the browser
> can communicate with the ovirt-imageio service and your system is
> ready for upload
> from the browser.
> 
> Nir
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/4JN43TC3CGMLUZW6OCUTEZHQDNJDMRNP/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GJ6UALLOL6NBQA7O5W6AATKBTXC6SELP/

[ovirt-users] Re: Importing KVMs and QCOW

2022-03-05 Thread Patrick Hibbs

If that's the case you can just go to the disks page in the ovirt admin
site ( Main Menu => Storage => Disks ) and upload them there. Then you
can create a new VM and click on the attach button in the VM properties
to use the uploaded disk.

-Patrick Hibbs

On Sat, 2022-03-05 at 22:06 +, Abe E wrote:
> Does this not assume one has a KVM running in a KVMManager or the
> like?
> All I have is a qcow or a .raw file from for example Ruckus for a
> virtual smartzone VM that I want to import, I dont have the option of
> a URI to point to.
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/TW35JMN4CBC2DWGMOBV2HDJWT2NJ75OS/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/CHPYEKP7KHYZDPJACTR35HTBL3MX6OBK/

[ovirt-users] Re: Unable to upload ISO Image in ovirt 4.4.10

2022-03-05 Thread Patrick Hibbs

That's typically one of three issues:

1. You've replaced the certificate used by apache, but haven't updated
the configuration for the ovirt-imageio-proxy.

2. You're using an older web browser. (Pale Moon, Waterfox, older
versions of Chrome, etc.)

3. There's an issue that causes the initial transfers (upload or
download) to fail once or twice every ~24 hours.

If it's the first issue, a quick fix is to simply add your new
certificate's CA cert to the hidden /etc/pki/ovirt-engine/.truststore
file (It's a java keystore.) then restart the engine and imageio-proxy.

If it's the second issue, try using a newer browser. Current versions
of Chrome are known to work.

If it's the third issue, abort the download and try again. Assuming
you've ruled out the other two issues, it should work. If not, we might
need your logs to determine what's wrong.

If your engine is stuck with an aborted download, try restarting both
the ovirt-engine and ovirt-imageio-proxy services. (That should get rid
of the bad download state.)

-Patrick Hibbs

On Wed, 2022-03-02 at 23:42 +, lou...@ameritech.net wrote:
> I recently installed ovirt 4.4.10 on my server successfully; however;
> I'm unable to upload images using the ovirt GUI.  I tried the
> following: 
> 
> Storage> Disk> Upload> Start > Completed the form pointing to the
> source location of the image
> 
>  Once I click the OK button the status of the image go's into a
> Locked Status then switches to "Paused by System" and jsut hangs from
> there.  
> 
> A few days later I tried to delete the upload because the state did
> not change.  I tried the following to Cancel the upload:
> Storage> Disk> Upload> Cancel
> 
> Once the above is complete the status changes to "Finalizing
> Cleanup".  
> 
> What should be done to resolve this issue?
> 
> Thanks
> 
>   
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/WIJFGDZAWGZOKL5A432H33H4XAKDNVV6/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/WBD5GG53F4FY25OBHSS5C4HLSVODUIOC/

[ovirt-users] Re: Migrating VMs from 4.3 Ovirt Env to new 4.4 Env

2022-02-22 Thread Patrick Hibbs

You're welcome. Good to hear you didn't loose anything.

Export to OVA has one of the hosts write an OVA file to the selected
host's filesystem. (As long as VDSM has write privileges to do so.) The
OVA file contains the *entire* VM configuration (Number of CPUs /
Chipset / Network Adapters / etc.) in addtion to a copy of the attached
disks. The intent of this is to allow importing the VM into another
hypervisor. (oVirt, or even other tech entirely such as VMWare /
Virtualbox / etc.) This tends to not work very well however due to the
previously discussed failures, and the fact that oVirt's conversion
code isn't very good. Even between oVirt versions on the same cluster,
an exported OVA may not re-import cleanly, if at all. (This is probably
related to the lack of a generic CPU target in oVirt, as no other
hypervisor solution is going to put forth the effort to maintain
compatibility with oVirt's overly-specific CPU model selections, flags,
and custom virtual hardware layouts.)

Export to Export Domain simply writes the disk images and VM domain XML
to the Export Domain for later import into another oVirt instance.
(This was the original way oVirt handled backups, and migration between
oVirt clusters.) This has been deprecated for a while now, and oVirt
4.4 can't even create a new Export Domain. (Although 4.4 will allow
importing an existing one.) Essentially, it's no different than OVA
Exports beyond the oVirt specific nature of it. (Both make a complete
copy of the VM and attached storage, OVA just adds a translation /
compatibility layer step, and it's output is meant to be handled
directly by the administrator.)

Exporting a template simply exports the template. It has a copy of the
disks just like the other two options. With the added caveat that you
need to instantiate a new VM from it prior to use. Which may or may not
be what you need for backups. Depending on whether or not you have
organizational policies / regulatory compliance to worry about. As this
will necessitate a bunch of changes in the virtualized hardware. That
being said, I can't say to it's reliability as I've never really used
templates for backup purposes.

If you really need a backup, OVA is fine. (Though you should test re-
importing it before calling the job finished.) If you really want to be
sure, use an external cloning solution like Clonezilla, (If you only
need to back up a few VMs) or something like FOG. (If you need more
advanced options, like a regular backup schedule, automated backups /
restorations, logging, access control, etc.)

- Patrick Hibbs

On Tue, 2022-02-22 at 01:24 +, Abe E wrote:
> Hey Patrick, First of all thank you for your help these past few
> days, I see you are quite experienced haha.
> 
> I thought so too, because i have like 10 VMs that are just clones of
> 1 main rockylinux vm I built and some failed while others passed,
> quite random. I almost destroyed the old VMs too so I am happy I
> discovered it when I did.
> 
> Im still trying to wrap my head around it all but please correct me
> if i am wrong.
> Export to OVA - Simply exports to OVA whereas Export to Export Domain
> will export the actual image files?
> 
> Another Idea I had was making the VM into a template and exporting
> that.
> Does this idea makes sense, it seems it generates the same disks as
> the original and then allows you to build a VM from them -- Or it is
> the exact same as Exporting a VM to EDomain in the first place.
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/LW4ZLFI7LAMBLYDRQ4EORJSCHNLK2HI4/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JBECARLVGKODCC4GLWSUHVS35GBFKN36/

[ovirt-users] Re: Migrating VMs from 4.3 Ovirt Env to new 4.4 Env

2022-02-21 Thread Patrick Hibbs

I've found that the first export attempt always fails, but subsequent
exports tend to work afterwards. Although, it resets after a time. I'm
not sure if this is authentication related or not, but it only seems to
work for about 24 hours.

The easiest way to check that I've found is:

1. Make the initial export and let it finish.

2. Discard that initial export.

3. Export the VM again.

4. Try to archive it. (tar -cvJf a.tar.xz a.ova)

5. Check the file size of the archive, if it's greater than a couple MB
you're probably fine. (Do try to import it back and use it, if you want
to be sure.) If not, go to step 3.

It's definitely a pain, but the alternative would be to boot some other
VM and run a clone of the original. I've used FOG in the past for this
and it works fine even on the same hypervisor host. (Writes the disk
images to a NFS share or local filesystem) But you could use anything.
Others here have used Clonezilla. If you have a tape drive or some
other external backup device you could pass it through to another VM
and use it to write the backup directly.

Also, as a sidenote: oVirt 4.4 uses a newer imageio proxy that only
seems to work with Chromium based browsers. So don't try using Pale
Moon, Waterfox, etc. with it as you'll always get bad exports and
failed uploads. I had to find out the hard way.

- Patrick Hibbs

On Mon, 2022-02-21 at 19:34 +, Abe E wrote:
> So as title states I am moving VMs from an old system of ours with
> alot of issues to a new 4.4 HC Gluster envr although it seems I am
> running into what I have learnt is a 4.3 bug of some sort with
> exporting OVAs. 
> 
> Some of my OVAs are showing large GB sizes although their actual size
> may be 20K so they are showing no boot device as well, theres really
> no data there. Some OVAs are fine but some are broken. So I was
> wondering if anyone has dealt with this and whats the best way around
> this issue?
> 
> I have no access remotely at the moment but when I get to them, I
> read somewhere its better to just detach disks and download them to a
> HDD for example and build new VMs and upload those disks and attach
> them instead this way? 
> 
> Please do share if you have any better ways, usually I just Export
> OVA to an external HDD, remount to new ovirt and import OVA but seems
> a few of these VMs out of alot did not succeed and I am running out
> of downtime window.
> 
> Thanks a bunch, I have noticed repeated names helping me, I am very
> grateful for your help.
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZVJBUKWK4VLLJRC3Y6WTD7WDA4GECOF2/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZPDLSBJEMXECO5RFJKIOKWZ62EOALEX4/

[ovirt-users] Re: Broke my GlusterFS somehow

2022-02-19 Thread Patrick Hibbs

OK, where to begin.

As for your Gluster issue, Gluster maintains it's own copy of the
configuration for each brick outside of oVirt / VDSM. As you have
changed the network config manually, you also needed to change the
Gluster config to match as well. The fact that you haven't is the
reason why Gluster failed to restart the volume.

However, In a hyperconverged configuration, oVirt maintains the gluster
configuration in it's database. Manually fixing Gluster's configuration
on the bricks themselves won't fix the engine's copy. (Believe me, I
had to fix this before myself because I didn't use hostnames initially
for the bricks. It's a pain to manually fix the database.) That copy is
used to connect the VM's to their storage. If the engine's copy doesn't
match Gluster's config, you'll have a working Gluster volume but the
hosts won't be able to start VMs.

Essentially, in a hyperconverged configuration oVirt doesn't allow
removal of host with a Gluster brick unless removal of that host won't
break Gluster and prevent the volume from running. (I.e. you can't
remove a host if doing so would cause the volume to loose quorum.)

Your options for fixing Gluster are either:
1. Add enough new bricks to the Gluster volumes so that
removal of an old host (brick) doesn't cause quorum loss.

- OR -

2. Manually update the engine's database with the engine and
all hosts offline to point to the correct hosts, after manually
updating the bricks and bringing back up the volume.

The first option is your safest bet. But that assumes that the volume
is up and can accept new bricks in the first place. If not, you could
potentially still do the first option but it would require reverting
your network configuration changes on each host first.

The second option is one of last resort. This is the reason why I said
updating the interfaces manually instead of using the web interface was
a bad idea. If possible, use the first option. If not, you'd be better
off just hosing the oVirt installation and reinstalling from scratch.

If you *really* need to use the second option, you'll need to follow
these instructions on each brick:
https://serverfault.com/questions/631365/rename-a-glusterfs-peer

and then update the engine database manually to point to the correct
hostnames for each brick. (Keep in mind I am *NOT* recommending that
you do this. This information is provided for educational /
experimental purposes only.)

As for Matthew's solution, the only reason it worked at all was because
you removed and re-added the host from the cluster. Had you not done
that, VDSM would have overwritten your changes on the next host upgrade
/ reinstall, and as you have seen that solution won't completely fix a
host in a hyperconverged configuration.

As to the question about oVirt's Logical Networks, what I meant was
that oVirt doesn't care what the IP configuration is for them, and that
if you wanted to change which network the roles used you needed to do
so elsewhere in the web interface. The only thing that does matter for
each role is that all of the clients using or hosts providing that role
can communicate with each other on that interface. (I.e. If you use
"Network Bob" for storage and migration, then all hosts with a "Network
Bob" interface must be able to communicate with each other over that
interface. If you use "Network Alice" for VM consoles, then all end-
user workstations must be able to commuicate with the "Network Alice"
interface. The exact IPs, vlan IDs, routing tables, and firewall
restrictions for a logical network don't matter as long as each role
can still reach the role on other hosts over the assigned interface.)

-Patrick Hibbs

On Sun, 2022-02-20 at 01:17 +, Abe E wrote:
> So upon changing my ovirt nodes (3Hyperconverged Gluster) as well as
> my engines hostname without a hitch I had an issue with 1 node and
> somehow I did something that broke its gluster and it wouldnt
> activate,
> So the gluster service wont start and after trying to open the node
> from webgui to see what its showing in its virtualization tab I was
> able to see that it allows me to run the hyperconverged wizard using
> the existing config. Due to this i lost the engine because well the
> 3rd node is just arbiter and node 2 complained about not having
> shared storage.
> 
> This node is the one which I built ovirt gluster from so i assumed it
> would rebuild its gluster.. i accidentally clicked cleanup which got
> rid of my gluster brick mounts :)) then I tried to halt it and
> rebuild using existing configuration. Here is my issue though, am I
> able to rebuild my node?
> 
> This is a new lab system so I believe i have all my vms still on my
> external HDDs. If I can restore this 1 node and have it rejoin the
> gluster then great, otherwise whats the best route using the webgui
> (I am remote at the moment) to ju

[ovirt-users] Re: ovirtmgmt VLAN and IP Change

2022-02-18 Thread Patrick Hibbs

Hello,

Network configuration for an ovirt host is managed by VDSM. If you try
to make changes manually, such as through calling nmcli or manually
editing the network scripts via an ssh session on each host, VDSM will
just reset everything back to the configuration it had before. (It's on
a timer, and it will also happen if VDSM / the host restarts.)

To make permanent changes to the network configuration, you'll need to
configure the IP addresses / VLANs through the web admin interface for
each host.

The steps to do this safely are:

Go to web admin, Main menu -> Compute -> Hosts.

For each host,

1. Migrate or power off all running VMs. (You can see and control each
VM running on a host by clicking on the host's name and selecting the
"Virtual Machines" tab.)

2. Put the host into maintenance.

3. Click on the host's name and then go to the Network Interfaces tab.

4. Click on the "Setup Host Networks" button. For each interface listed
on the dialog, there is a pencil icon on the far right. Click on that
pencil to edit the configuration for that interface.

5. Make your changes as desired. A couple things to note:

Be careful about where you define a gateway, it will effect
the  host's routing table and can prevent the engine from being able to
contact that host.

The engine will not validate the IP configuration on the UI
screen. I.e. You can set any IP address / subnet mask even if it
doesn't match the network address / subnet mask of any other host on
the same logical network. Nor will the engine protect against reusing
an IP of an existing host on the network. (Regardless if said host is
registered with the engine.) Be careful when you type in those
addresses. They are functionally just a text box.

6. Once your changes are done make sure that the "Verify connectivity
between Host and Engine" and "Save network configuration" check boxes
are checked then, click on the OK button.

7. Wait a few minutes. The engine will update the interfaces and the
display in the host list. If the engine cannot complete the network
changes, it should revert them back to what they were originally.

As a side note because the engine doesn't make this very clear in the
UI: If you want to change the network used for the various roles,
(storage, VM, console, management, default gateway, migration) you do
so at the cluster level. (Main menu-> Compute -> Clusters -> Cluster
name -> Logical Networks) The roles are assigned to virtual networks,
not the interfaces on each host.

- Patrick Hibbs

On Sat, 2022-02-19 at 01:09 +, Abe E wrote:
> Hello All,
> 
> So due to some issues with provisioning new networks in our lab, I
> have to use a different VLAN in for my ovirt cluster.
> 
> Cluster -> 3 Hosts (Hyperconverged)
> What I want to do is essentially change the Ovirtmgmt interface to
> another vlan but also change the IP Schemes, I wont be needing to
> change the storage network vlans.
> 
> I am just wondering how this is done safely. 
> Can I through the engine, put the host 1 by 1 into maint mode and
> manually adjust the IPs and apply and reconfigure the switch port?
> What about the IP that the engine has set or would I change that
> manually through console once I change the ovirtmgmt vlan on all the
> nodes?
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/5JTGYJ6K5CDYFQ22QFOFF4LP5XCHMSK7/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RSRY3SLNOGC5UJAOYFIGM4SH6SI2BY27/

[ovirt-users] Re: Cannot log into oVirt Manager - certificate issue

2022-02-08 Thread Patrick Hibbs

The certificates used in SPICE connections are stored on the VM hosts.
By default they are at /etc/pki/vdsm/libvirt-spice, and configured by
VDSM in /etc/libvirt/qemu.conf. Their default names are ca-cert.pem,
server-cert.pem, and server-key.pem. Using openssl x509 -noout -text -
in  should show you the certificate's expiration
info.

Note: Don't try to change anything, it will be overwritten by VDSM on
the next host update / reinstall.

As for remote-viewer, if you run it manually from the console with
"remote-viewer --debug " or "remote-viewer --
verbose "  it will print log information about the
connection it's trying to establish.

-Patrick Hibbs

On Wed, 2022-02-09 at 06:58 +0200, Gilboa Davara wrote:
> 
> 
> On Wed, Feb 9, 2022 at 1:05 AM Strahil Nikolov
>  wrote:
> > I have no clue , but I would give vdsm.service a restart.
> > 
> 
> 
> Thanks again for the prompt response.
> Tried that, restarted all services and the all the VMS, didn't work.
> 
> Any idea how I can verify the certificate information actually being
> used by qemu for the spice console?
> remote-viewer just fails, without giving any meaningful error
> message.
> 
> - Gilboa
>  
> > 
> > Best Regards,
> > Strahil Nikolov
> > 
> > > On Tue, Feb 8, 2022 at 18:19, Gilboa Davara
> > >  wrote:
> > > ___
> > > Users mailing list -- users@ovirt.org
> > > To unsubscribe send an email to users-le...@ovirt.org
> > > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > > oVirt Code of Conduct:
> > > https://www.ovirt.org/community/about/community-guidelines/
> > > List Archives: 
> > >
> >
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/2GAQH44QD6KTS4RHXQBDWL6PNI6OKCS3/
> > > 
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/OG57VT2XGDTY2MFOJFFUCZAMXS22W4OG/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/AKQVBARD4EWIS3PCQYLX7AH575XRDYAD/

[ovirt-users] Re: Alternative Perspective - Re: oVirt alternatives

2022-02-06 Thread Patrick Hibbs

I wouldn't mind doing some testing. I have a little coding experience
but it's mostly on the desktop (Application) side of things not Web.
Although if it meant getting a proper certificate management UI I'd be
willing do it. (I've been thinking about rolling up my sleeves for that
exact purpose anyway.)

The main issue as I see it is two fold:

 1. We don't have all of the needed sources to rebuild ovirt
from scratch. I.e. We're missing the oVirt Node build scripts.
 Further, we also don't have a complete set of SRPMs.
I've tried getting them for backup / disaster recovery issues, and it's
a huge pain to track them all down from the various repos that are
involved. Keep in mind that was *before* RH started archiving repos so
it's probably even harder now. (Note: You can't just do "reposync --
source" that's been broken for years because CentOS didn't want to
rebuild their package lists to include them automaticly. Some of them
are on vault.centos.org, but some are not. Tracking down the third
party repos oVirt uses is also difficult for the same reason.) Does
anyone have a link to the complete set of source packages outside of
oVirt's dev team?

        2. oVirt's fate is still very much uncertain. I don't think
anyone really wants to go through the trouble of creating a fork unless
oVirt as a project is truely EOL'd. Currently we know that RHVM will
EOL in a few years, but the oVirt project itself has made no such
annoucement. All of the threads on this subject are more or less
contingency planning sessions and criticism of a decision they haven't
made yet. Personally, I think we should wait until oVirt has made their
statement publicly before going down this path.

As for why the criticism is being made, I can say it has some merrit.
If oVirt were to continue past RHVM's EOL, or if oVirt were to be
forked by the community into a new project, accepting the RH
deprecations into oVirt's design and source tree is short-sighted. At
best it's them trying to avoid techincal debt and loosing (unofficial)
support for RHEL. At worst, it's oVirt degrading itself in deference to
RH's new shiny offering at the oVirt users' expense and detriment.
Again, we're now at two functionalities that have been, or will be,
removed: SPICE (which is all around better than the suggested VNC
replacement) and now GlusterFS (which will cause massive downtime for
those unfortunate enough to have used it as their storage backend.)
Given that oVirt never really supported RHEL outright, (i.e. it's not
tested on that platform), and that many of the people on this mailing
list have requested support for CentOS's various replacement distros.
I, and others, don't see a reason for oVirt's continuing to accept
these changes. A statement on the matter would be nice.

Personally, I will wait for an official annoucement from oVirt before
making any decisions as well. Although, for what it's worth, I would
cast my vote to retain the GlusterFS support if it's avaiable on the
hosts. I was already using GlusterFS 9 packages in oVirt 4.3 and CentOS
7 so I could connect a set of raspberry pi 4 bricks to the engine. So
it's not like the support cannot exist if RH doesn't provide the
packages for it. (Fun home experiment. Turns out it works just fine. I
can easily run 20+ VMs concurrently with this setup, and it pays for
itself via the electric bill as a bonus.)

-Patrick Hibbs

On Sun, 2022-02-06 at 19:07 +, David White via Users wrote:
> At the risk of sounding like a Red Hat or IBM fanboy, I have decided
> to give Red Hat the benefit of the doubt here, and to not make any
> decisions about switching off of oVirt until and unless an official
> announcement is made.
> 
> In the meantime, I know that I need to move off of Gluster (and I
> made that decision before the Gluster announcement), and I would need
> storage with any other solution anyway, so that's where I'm going to
> focus my own efforts.
> 
> In the meantime, while I realize that the optics of a company like
> IBM / Red Hat shutting a project like oVirt down looks bad to the
> FOSS community, I'm going to push back a little bit. We have had
> access to a FOSS application that obviously works for a lot of
> people. No company is required to provide their services for free,
> and likewise, I'm of the opinion that one needs to be willing to pay
> (or contribute in some way) for a quality product service. It reminds
> me of the mantra: "Fast, Cheap, Free - pick two".
> 
> So here's an alternative perspective: What can the community
> contribute and do in order to keep the project going? Anyone could
> fork it, rebrand it, and run with it. 
> 
> I claim to be a software developer, and the uplink in my datacenter
> is only 100mbps right now (of course I can increase it when needed),
> so I doubt I could provide much value in terms of hosting or coding. 
> 
> But I do know security. I'

[ovirt-users] Re: Remove obsolete Gluster hyperconverged doc

2022-02-05 Thread Patrick Hibbs

Wait a minute.

Use of GlusterFS as a storage backend is now deperecated and will be
removed in a future update?

What are those who's deployments have GlusterFS as their storage
backend supposed to use as a replacement?

I'm feeling vibes of the SPICE deprecation all over again. but
moving all of the VM storage data isn't a quick process, and I don't
want to move it to something else that will also be depercated by a
future RH whim

-Patrick Hibbs

On Fri, 2022-02-04 at 08:42 +0100, Sandro Bonazzola wrote:
> 
> 
> Il giorno ven 4 feb 2022 alle ore 08:19 Strahil Nikolov
>  ha scritto:
> > Hi Sandro,
> > 
> > It seems that with
> >
> https://github.com/oVirt/ovirt-site/commit/f3286b2e1f2871978d054250556f1b4f0eb7f09e#diff-41cf6794ba4200b839c53531555f0f3998df4cbb01a4d5cb0b94e3ca5e23947d
> > all refference to Gluster & Hyperconverged is removed from the
> > website.
> > 
> > 
> > Can you clarify the situation with Hyperconverged deployments ?
> > 
> 
> 
> Hi, the Gluster & Hyperconverged deployment moved outside the
> documentation section on the
> website: https://ovirt.org/dropped/gluster-hyperconverged/ as it's
> outdated and unmaintained.
> GlusterFS is being deprecated for usage on storage
> domains: Bug 2016359 - Deprecate usage of GlusterFS for Storage
> Domains
> And the hyperconverged solution for oVirt is based on GlusterFS, so
> it's being deprecated as well.
>  
> > 
> > 
> > Best Regards,
> > Strahil Nikolov
> 
> 
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/KEBL4DVAQJZF64JF5UFPCKD2LKXKUMIP/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FMX53FXRRPKDHJGWDGANP64C2PKAYXI3/

[ovirt-users] Re: gluster and virtualization

2022-02-02 Thread Patrick Hibbs

You're getting multiple DMAR errors. That's related to your IOMMU
setup, which would be affected if you're turning VT on and off in the
BIOS. 

That's not really LVM so much as it is something trying to remap your
storage device's PCI link after the filesystem was mounted. (Whether by
LVM, systemd, mount cmd from the terminal, etc.)
Which will cause the underlying block device to become unresponsive.
Even worse, it can make the FS get stuck unmounting and prevent a
reboot from succeeding after all of the consoles have been killed.
Requiring someone to power cycle the machine manually if it cannot be
fenced via some power distribution unit. (Speaking from experience
here...)

As for the issue itself, there's a couple of things you can try:

Try booting the machine in question with "intel_iommu=on iommu=pt" on
the kernel command line. That will put the IOMMU in passthrough mode
which may help.

Try moving the physical drives to a different port on the motherboard.
Some boards have different IOMMU groups for different ports even if
they are of the same kind. Regardless if it's AHCI / M.2 / etc.
If you have a real PCI RAID expansion card or something similar, you
could try checking the PCI link id it's using and moving it to another
link that does work. (Plug it into another PCI slot so it gets a
different IOMMU group assignment.)
If you're willing to spend money, maybe try getting a PCI AHCI / RAID
expansion card if you don't have one. That would at least give you more
options if you cannot move the drives to a different port.

Long term, the best option would be to move those gluster bricks to
another host that isn't acting as a VM hypervisor. These kinds of bugs
can crop up with kernel updates, and as the kernel's IOMMU support is
still kinda iffy, production-wise it's better to avoid the issue
entirely.

-Patrick Hibbs

On Wed, 2022-02-02 at 12:51 +, Strahil Nikolov via Users wrote:
> Most probably when virtualization is enabled vdsm services can start
> and they create a lvm filter for your Gluster bricks.
> 
> Boot the system (most probably with virtualization disabled), move
> your entry from /etc/fstab to a dedicated '.mount' unit and boot with
> the virt enabled.
> 
> Once booted with the flag enabled -> check the situation (for example
> blacklist local disks in /etc/multipath/conf.d/blacklist.conf, check
> and adjust the LVM filter, etc).
> 
> Best Regards,
> Strahil Nikolov
> 
> 
> > On Wed, Feb 2, 2022 at 11:52, eev...@digitaldatatechs.com
> >  wrote:
> > My setup is 3 ovirt nodes that run gluster independently of the
> > engine server, even thought the engine still controls it. So 4
> > nodes, one engine and 3 clustered nodes.
> > This has been and running with no issues except this:
> > But now my arbiter node will not load the gluster drive when
> > virtualization is enable in the BIOS. I've been scratching my head
> > on this and need some direction.
> > I am attaching the error.
> > 
> > https://1drv.ms/u/s!AvgvEzKKSZHbhMRQmUHDvv_Xv7dkhw?e=QGdfYR
> > 
> > Keep in mind, this error does not occur is VT is turned off..it
> > boots normally. 
> > 
> > Thanks in advance.
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > oVirt Code of Conduct:
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> >
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/HXRDM6W3IRTSUK46FYZZR4JRR766B2AX/
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/2EK2SJK3VTQZ4C626N4RVFT3XIXUA3WW/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/PGSRI4KLNRV2L6Y4W4YW2JELVAYXICLL/

[ovirt-users] Re: remote-viewer VNC mode issue

2021-12-16 Thread Patrick Hibbs

Hello,

 Apperently, VNC with TLS enabled is the default. At the very
least I don't remember ever enabling it.

 Attempting to disable it as a quick test, by altering
/etc/libvirt/qemu.conf and setting vlc_tls=0 fixes it. So I guess, I'll
need to disable it at the cluster level for a permanent fix. (And then
reinstall the hosts)

 After seeing the previous reply, I figured that the "direct
connection to the VM host" meant the VNC connection would be using TLS.
SPICE "Just Works(TM)" with TLS enabled, but for VNC it requires a TLS
cert to be installed on the ovirt host servers. And of course, the
default is the internal engine CA. With no easy way to override it.
(I.e. The new cert config won't survive a host reinstall / upgrade.)
Which defeats the entire purpose of having a third party CA for end-
user connections. I guess we'll have to disable this method of VM
console access for now, and rely on noVNC until the cert issue gets
fixed.

 I'm not sure that the user mailing list is the place for
feature requests, but just in case and to avoid criticizing without
offering a solution, I would love some mechanism in the web interface
to upload a new third party CA cert for the hosts to use with end-user
requests. (VNC, image io proxy, cockpit, etc.) The internal engine CA
could even be used to secure those cert updates. (As the engine itself
could prompt the hosts to install the new cert via VDSM or something.
Even better that method wouldn't require a host reinstall to finish.)
That would simplify managment and renewal of the certs. As the
operation could be delegated / restricted to users with a specific
permission, (like with the VM permissions), and prevent us from needing
to manually configure things in a text file. (The engine host could use
this also.)

Thanks for the suggestions everyone.

-Patrick Hibbs

On Wed, 2021-12-15 at 00:05 +, Staniforth, Paul wrote:
> Hi Patrick,
> 
> The ovirt-vmconsole is a for emulated serial connections (via a ssh
> tunnel).
> 
> The VNC ports are the same range as spice5900 - 6923.
> 
> Do you have encryption enabled for VNC?
> 
> 
> Regards,
>    Paul S.
> From: Patrick Hibbs 
> Sent: 14 December 2021 22:53
> To: Staniforth, Paul 
> Cc: oVirt Users Mailing List 
> Subject: Re: [ovirt-users] Re: remote-viewer VNC mode issue
>  
> Caution External Mail: Do not click any links or open any attachments
> unless you trust the sender and know that the content is safe.
> Hello,
> 
> Well a quick check of the hosts say that they have ovirt-vmconsole
> enabled on their firewall, but there doesn't seem to be any logs for
> the vmconsoles on them. Running wireshark on one of the end-user
> machines shows that the host does send packets back and forth but
> then the end-user machine TCP resets the connection. (I assume due to
> the credential failure.) So it doesn't seem to be a firewall issue.
> 
> Is there anything I can do to get some more logs from the vmconsoles
> on the Host?
> 
> Thanks.
> 
> -Patrick Hibbs
> 
> On Tue, 2021-12-14 at 12:56 +, Staniforth, Paul wrote:
> > Hello Patrick,
> >     with noVNC the connection is made via the
> > websocket-poxy service (probably on the engine server).
> > The remote-viewer connects directly from the client machine to the
> > virtual host the VM is running on. Maybe check the network/firewall
> > between the client and the host, also the OTP expires after 120
> > seconds.
> > 
> > 
> > Regards,
> > 
> > Paul S.
> > From: Strahil Nikolov via Users 
> > Sent: 14 December 2021 12:12
> > To: hibbsncc1...@gmail.com ; oVirt Users
> > Mailing List 
> > Subject: [ovirt-users] Re: remote-viewer VNC mode issue
> >  
> > Caution External Mail: Do not click any links or open any
> > attachments unless you trust the sender and know that the content
> > is safe.
> > The most common problem is the CA of oVirt not trusted in the web
> > browser of the client.
> > 
> > 
> > Best Regards,
> > Strahil Nikolov
> > 
> > > On Sun, Dec 12, 2021 at 0:00, Patrick Hibbs
> > >  wrote:
> > > Hello,
> > > 
> > >     As oVirt unfortuately now requires VNC for the VM consoles,
> > > I've been attempting to get VNC mode working on my end user
> > > clients.
> > > 
> > >     The noVNC browser client works just fine, but for some reason
> > > the default download to remote-viewer fails on the same hosts.
> > > 
> > > All the end-user gets is a quick flash of the remote-viewer
> > > window on
> > > their screen.
> > > 
> > > Running remote-viewer in debug mode I get this:
> > > 
>

[ovirt-users] Re: remote-viewer VNC mode issue

2021-12-14 Thread Patrick Hibbs

Hello,

 Well a quick check of the hosts say that they have ovirt-
vmconsole enabled on their firewall, but there doesn't seem to be any
logs for the vmconsoles on them. Running wireshark on one of the end-
user machines shows that the host does send packets back and forth but
then the end-user machine TCP resets the connection. (I assume due to
the credential failure.) So it doesn't seem to be a firewall issue.

Is there anything I can do to get some more logs from the vmconsoles on
the Host?

Thanks.

-Patrick Hibbs

On Tue, 2021-12-14 at 12:56 +, Staniforth, Paul wrote:
> Hello Patrick,
>     with noVNC the connection is made via the
> websocket-poxy service (probably on the engine server).
> The remote-viewer connects directly from the client machine to the
> virtual host the VM is running on. Maybe check the network/firewall
> between the client and the host, also the OTP expires after 120
> seconds.
> 
> 
> Regards,
> 
> Paul S.
> From: Strahil Nikolov via Users 
> Sent: 14 December 2021 12:12
> To: hibbsncc1...@gmail.com ; oVirt Users
> Mailing List 
> Subject: [ovirt-users] Re: remote-viewer VNC mode issue 
> Caution External Mail: Do not click any links or open any attachments
> unless you trust the sender and know that the content is safe.
> The most common problem is the CA of oVirt not trusted in the web
> browser of the client.
> 
> 
> Best Regards,
> Strahil Nikolov
> 
> > On Sun, Dec 12, 2021 at 0:00, Patrick Hibbs
> >  wrote:
> > Hello,
> > 
> >     As oVirt unfortuately now requires VNC for the VM consoles,
> > I've been attempting to get VNC mode working on my end user
> > clients.
> > 
> >     The noVNC browser client works just fine, but for some reason
> > the default download to remote-viewer fails on the same hosts.
> > 
> > All the end-user gets is a quick flash of the remote-viewer window
> > on
> > their screen.
> > 
> > Running remote-viewer in debug mode I get this:
> > 
> > ---log snip---
> > 
> > $ remote-viewer -v --debug Downloads/console.vv
> > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.906: Opening
> > display
> > to Downloads/console.vv
> > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.906: Guest (null)
> > has
> > a vnc display
> > Guest (null) has a vnc display
> > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.952: Spice
> > foreign
> > menu updated
> > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.952: After open
> > connection callback fd=-1
> > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.952: Opening
> > connection to display at Downloads/console.vv
> > Opening connection to display at Downloads/console.vv
> > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.953: fullscreen
> > display 0: 0
> > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.953: notebook
> > show
> > status 0x560a419d2280
> > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.032: notebook
> > show
> > status 0x560a419d2280
> > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.032: Insert
> > display 0
> > 0x560a423fa1e0
> > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.032: notebook
> > show
> > status 0x560a419d2280
> > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.052: Allocated
> > 1024x740
> > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.052: Child
> > allocate
> > 1024x640
> > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.053: Got VNC
> > credential request for 1 credential(s)
> > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.067: Not removing
> > main window 0 0x560a4195d910
> > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.067: Disconnected
> > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.067: close
> > vnc=0x560a419fc220
> > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.068: notebook
> > show
> > status 0x560a419d2280
> > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.068: Guest (null)
> > display has disconnected, shutting down
> > Guest (null) display has disconnected, shutting down
> > 
> > ---log snip---
> > 
> > It seems to be failing a credential request, but I'm not sure why.
> > The
> > engine logs only show the VM console ticket being created, but does
> > not
> > show any connection attempts unless noVNC is used.
> > 
> > ---log snip---
> > 
> > 2021-12-11 16:48:23,402-05 INFO 
> > [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-16)
> > [68b90cfe] Running command: SetVmTicketCommand internal: false.
> > Entities affected

[ovirt-users] remote-viewer VNC mode issue

2021-12-11 Thread Patrick Hibbs

Hello,

As oVirt unfortuately now requires VNC for the VM consoles,
I've been attempting to get VNC mode working on my end user clients.

The noVNC browser client works just fine, but for some reason
the default download to remote-viewer fails on the same hosts.

All the end-user gets is a quick flash of the remote-viewer window on
their screen.

Running remote-viewer in debug mode I get this:

---log snip---

$ remote-viewer -v --debug Downloads/console.vv
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.906: Opening display
to Downloads/console.vv
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.906: Guest (null) has
a vnc display
Guest (null) has a vnc display
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.952: Spice foreign
menu updated
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.952: After open
connection callback fd=-1
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.952: Opening
connection to display at Downloads/console.vv
Opening connection to display at Downloads/console.vv
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.953: fullscreen
display 0: 0
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.953: notebook show
status 0x560a419d2280
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.032: notebook show
status 0x560a419d2280
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.032: Insert display 0
0x560a423fa1e0
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.032: notebook show
status 0x560a419d2280
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.052: Allocated
1024x740
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.052: Child allocate
1024x640
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.053: Got VNC
credential request for 1 credential(s)
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.067: Not removing
main window 0 0x560a4195d910
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.067: Disconnected
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.067: close
vnc=0x560a419fc220
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.068: notebook show
status 0x560a419d2280
(remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.068: Guest (null)
display has disconnected, shutting down
Guest (null) display has disconnected, shutting down

---log snip---

It seems to be failing a credential request, but I'm not sure why. The
engine logs only show the VM console ticket being created, but does not
show any connection attempts unless noVNC is used.

---log snip---

2021-12-11 16:48:23,402-05 INFO 
[org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-16)
[68b90cfe] Running command: SetVmTicketCommand internal: false.
Entities affected :  ID: bb05ab12-91e5-4ab6-92b1-b911ed78f64f Type:
VMAction group CONNECT_TO_VM with role type USER
2021-12-11 16:48:23,414-05 INFO 
[org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand]
(default task-16) [68b90cfe] START, SetVmTicketVDSCommand(HostName = --
REDACTED--, SetVmTicketVDSCommandParameters:{hostId='1fdd841b-477f-
4d13-9935-7908924dd5a1', vmId='bb05ab12-91e5-4ab6-92b1-b911ed78f64f',
protocol='VNC', ticket='ocziPsEOF4km', validTime='120', userName='--
REDACTED--@--REDACTED--', userId='e83ab2b3-c464-49a4-a0ab-
4e62e8131304', disconnectAction='LOCK_SCREEN'}), log id: f6dccdd
2021-12-11 16:48:23,435-05 INFO 
[org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand]
(default task-16) [68b90cfe] FINISH, SetVmTicketVDSCommand, return: ,
log id: f6dccdd
2021-12-11 16:48:23,461-05 INFO 
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-16) [68b90cfe] EVENT_ID: VM_SET_TICKET(164), User --
REDACTED--@--REDACTED--@--REDACTED-- initiated console session for VM
Test
#

---log snip---

What else can I do to troubleshoot this?

- Patrick Hibbs

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/Q5ENXJJU5V7LJOHFB6D6VODNRAW33KQQ/

[ovirt-users] Re: no QXL ?

2021-12-07 Thread Patrick Hibbs

Hello,

 Can I ask why this is being removed?

 The linked bugzilla report doesn't give a reason, and at least
two others have expressed concerns over SPICE's deprecation.

 Personally, I would like to know why it's being removed
entirely with no recourse instead of becoming an option to enable in
the VM config, or an optional RPM that can be installed by the
sysadmin.

Thanks.

On Tue, 2021-12-07 at 09:41 +0200, Arik Hadas wrote:
> 
> 
> On Tue, Dec 7, 2021 at 8:33 AM Patrick Hibbs 
> wrote:
> > Hello,
> > 
> > Are we to assume that VNC mode is the only thing that will
> > be supported for the VM consoles moving forward then? 
> > As the pure SPICE mode only works with QXL display as far as I can
> > tell.
> > 
> > I ask because the VNC or SPICE+VNC modes haven't worked in
> > my environment for over a year now, and that change
> > would effectively prevent the use of any VM console in my
> > environment.  (Use of VNC with remote viewer always gives
> > me an authentication error.) Not that it's a normal environment,
> > but that kind of thing should be advertised more. Just in case
> > simillar issues exist in other deployments.
> > 
> 
> 
> Yes, one would need to make sure vnc/vga works well before upgrading
> to the next cluster-level (in oVirt 4.5)
> In general it is recommended to test the configuration in the new
> cluster-level by setting some representative VMs in the environment
> with a custom compatibility level  and check that they work properly
> before upgrading to that cluster-level.
>  
> > 
> > Thanks.
> > 
> > On Mon, 2021-12-06 at 22:03 +0200, Arik Hadas wrote:
> > > 
> > > 
> > > On Mon, Dec 6, 2021 at 8:45 PM lejeczek via Users
> > >  wrote:
> > > > 
> > > > 
> > > > On 06/12/2021 17:42, lejeczek via Users wrote:
> > > > > Hi.
> > > > >
> > > > > I've Qemu/Libvirt from 
> > > > > ovirt-release-master-4.5.0-
> > > > 0.0.master.20211206152702.gitebb0229.el9.noarch 
> > > > > and it seems QXL is not there.
> > > > > Is that a fluke or intention?
> > > > > Do you have QXL working?
> > > > >
> > > > upss.. pardon me, these are from CentOS 9 Steam own repos 
> > > > actually.
> > > > 
> > > 
> > > 
> > > Right, and that's the reason for the ongoing work on removing qxl
> > > on cluster level 4.7:
> > > https://bugzilla.redhat.com/show_bug.cgi?id=1976607
> > >  
> > > > ___
> > > > Users mailing list -- users@ovirt.org
> > > > To unsubscribe send an email to users-le...@ovirt.org
> > > > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > > > oVirt Code of Conduct:
> > > > https://www.ovirt.org/community/about/community-guidelines/
> > > > List Archives:
> > > >
> > >
> >
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/DZMAQQJMPHD2L4DPVHTET5N4KB4MZDUY/
> > > ___
> > > Users mailing list -- users@ovirt.org
> > > To unsubscribe send an email to users-le...@ovirt.org
> > > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > > oVirt Code of Conduct:
> > > https://www.ovirt.org/community/about/community-guidelines/
> > > List Archives:
> > >
> >
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/22NZAQL46WMEFFKQ66EKZBHGE5KCX3MY/
> > 
> > 
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > oVirt Code of Conduct:
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> >
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/GT5YYVAFM4P7AMCFFCJNYZO75Y6M3H4R/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UVPLNOGVY6DD6S7HKC5JEZ43N4NLHMRY/

[ovirt-users] Re: no QXL ?

2021-12-06 Thread Patrick Hibbs

Hello,

 Are we to assume that VNC mode is the only thing that will be
supported for the VM consoles moving forward then? 
As the pure SPICE mode only works with QXL display as far as I can
tell.

 I ask because the VNC or SPICE+VNC modes haven't worked in my
environment for over a year now, and that change
would effectively prevent the use of any VM console in my environment.
 (Use of VNC with remote viewer always gives
me an authentication error.) Not that it's a normal environment, but
that kind of thing should be advertised more. Just in case
simillar issues exist in other deployments.

Thanks.

On Mon, 2021-12-06 at 22:03 +0200, Arik Hadas wrote:
> 
> 
> On Mon, Dec 6, 2021 at 8:45 PM lejeczek via Users 
> wrote:
> > 
> > 
> > On 06/12/2021 17:42, lejeczek via Users wrote:
> > > Hi.
> > >
> > > I've Qemu/Libvirt from 
> > > ovirt-release-master-4.5.0-
> > 0.0.master.20211206152702.gitebb0229.el9.noarch 
> > > and it seems QXL is not there.
> > > Is that a fluke or intention?
> > > Do you have QXL working?
> > >
> > upss.. pardon me, these are from CentOS 9 Steam own repos 
> > actually.
> > 
> 
> 
> Right, and that's the reason for the ongoing work on removing qxl on
> cluster level 4.7:
> https://bugzilla.redhat.com/show_bug.cgi?id=1976607
>  
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > oVirt Code of Conduct:
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> >
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/DZMAQQJMPHD2L4DPVHTET5N4KB4MZDUY/
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/22NZAQL46WMEFFKQ66EKZBHGE5KCX3MY/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GT5YYVAFM4P7AMCFFCJNYZO75Y6M3H4R/

[ovirt-users] Re: How to re-import a VM with an invalid timezone?

2021-08-31 Thread Patrick Hibbs

Hello,
Option 2 worked. Thanks for the support!
Thanks,Patrick
On Mon, 2021-08-30 at 19:04 +0300, Saif Abu Saleh wrote:
> Hi Patrick,
> 
> hope you are doing well
> 
> We identified the issue and it will be fixed in future version
> 
> However, there is two workarounds that you can do in order to fix the
> issue:
> 
> option 1- Change the existing VM's that is failing to default time-
> zone and try to do the process again
> 
> option 2- you can extend the time-zones list and add the time-zone
> that is missing
> in order to do that you need to follow the instructions here and then
> add this time zone line:
> America/Indianapolis=US Eastern Standard Time
> then restart the engine
> 
> 
> Thanks,
> Saif
> On Sun, Aug 29, 2021 at 9:02 PM Patrick Hibbs  > wrote:
> > Hello,
> > Unfortuately, I can't give you the exact information as oVirt
> > doesn't display that information on the VM import window. It should
> > just have been the default timezone or Eastern Standard Time (-
> > 5:00).
> > The VM is on a data storage domain that was detached from the old
> > engine installation and then reattached to the current
> > installation. As per: 
> > https://www.ovirt.org/documentation/administration_guide/index.html#Migrating_SD_between_DC_different_env
> >  
> > Hence it's not an OVA file. I can access the raw storage partition,
> > but I'm not sure how to open it to get to the actual metadata or
> > which one it even is.
> > Thanks,Patrick
> > On Sun, 2021-08-29 at 15:08 +0300, Saif Abu Saleh wrote:
> > > Hi,
> > > 
> > > Can you please provide what time-zone the VM you are trying to
> > > Import has? 
> > > 
> > > if you are trying to import from the OVA you can get the time-
> > > zone by going to the host location where the exported OVA
> > > exists, 
> > > open it and check what is the value of the  tag
> > > 
> > > 
> > > Thanks,
> > > Saif
> > > 
> > > > From: 
> > > > Date: Fri, Aug 27, 2021 at 9:27 AM
> > > > Subject: [ovirt-users] How to re-import a VM with an invalid
> > > > timezone?
> > > > To:  
> > > > 
> > > > 
> > > > I've just finished my upgrade to oVirt 4.4.8.4, but I've got
> > > > one previously working VM that I cannot reimport. (I did a
> > > > fresh install instead of restoring an engine backup.) It's a
> > > > Windows VM, and every attempt I make to import it causes the
> > > > following error:
> > > > 
> > > > 
> > > > 
> > > > Cannot import VM. Invalid time zone for given OS type.
> > > > 
> > > > Attribute: vm.vmStatic
> > > > 
> > > > 
> > > > 
> > > > The interface doesn't give me the option to change the timezone
> > > > before import. The most that I can get from the logs on either
> > > > the engine host or SPM host is this:
> > > > 
> > > > 
> > > > 
> > > > 2021-08-26 17:38:30,793-04 WARN 
> > > > [org.ovirt.engine.core.bll.exportimport.ImportVmFromConfigurati
> > > > onCommand] (default task-35) [96d9f0ea-99be-477a-b1d1-
> > > > 3781ffbac041] Validation of action 'ImportVmFromConfiguration'
> > > > failed for user admin@internal-authz. Reasons:
> > > > VAR__ACTION__IMPORT,VAR__TYPE__VM,ACTION_TYPE_FAILED_INVALID_TI
> > > > MEZONE,$groups [Ljava.lang.Class;@b263017,$message
> > > > ACTION_TYPE_FAILED_INVALID_TIMEZONE,$payload
> > > > [Ljava.lang.Class;@3b789cbf,ACTION_TYPE_FAILED_ATTRIBUTE_PATH,$
> > > > path vm.vmStatic,$validatedValue 
> > > > org.ovirt.engine.core.common.businessentities.VmStatic@9f994c52
> > > > 
> > > > 
> > > > 
> > > > Does anyone know how to get a VM imported in this case?
> > > > 
> > > > 
> > > > 
> > > > Thanks.
> > > > 
> > > > ___
> > > > 
> > > > Users mailing list -- users@ovirt.org
> > > > 
> > > > To unsubscribe send an email to users-le...@ovirt.org
> > > > 
> > > > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > > > 
> > > > oVirt Code of Conduct: 
> > > > https://www.ovirt.org/community/about/community-guidelines/
> > > > 
> > > > List Archives: 
> > > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/J4L5M3PDZRBFCNT7HINQGSXICPTTFH32/
> > > > 
> > > > 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/HSWCOGH552RAJCYB2DA57IKGCRNBGMFL/

[ovirt-users] Re: How to re-import a VM with an invalid timezone?

2021-08-30 Thread Patrick Hibbs

Hello,
Unfortuately, I can't give you the exact information as oVirt doesn't
display that information on the VM import window. It should just have
been the default timezone or Eastern Standard Time (-5:00).
The VM is on a data storage domain that was detached from the old
engine installation and then reattached to the current installation. As
per: 
https://www.ovirt.org/documentation/administration_guide/index.html#Migrating_SD_between_DC_different_env
 
Hence it's not an OVA file. I can access the raw storage partition, but
I'm not sure how to open it to get to the actual metadata or which one
it even is.
Thanks,Patrick
On Sun, 2021-08-29 at 15:08 +0300, Saif Abu Saleh wrote:
> Hi,
> 
> Can you please provide what time-zone the VM you are trying to Import
> has? 
> 
> if you are trying to import from the OVA you can get the time-zone by
> going to the host location where the exported OVA exists, 
> open it and check what is the value of the  tag
> 
> 
> Thanks,
> Saif
> 
> > From: 
> > Date: Fri, Aug 27, 2021 at 9:27 AM
> > Subject: [ovirt-users] How to re-import a VM with an invalid
> > timezone?
> > To:  
> > 
> > 
> > I've just finished my upgrade to oVirt 4.4.8.4, but I've got one
> > previously working VM that I cannot reimport. (I did a fresh
> > install instead of restoring an engine backup.) It's a Windows VM,
> > and every attempt I make to import it causes the following error:
> > 
> > 
> > 
> > Cannot import VM. Invalid time zone for given OS type.
> > 
> > Attribute: vm.vmStatic
> > 
> > 
> > 
> > The interface doesn't give me the option to change the timezone
> > before import. The most that I can get from the logs on either the
> > engine host or SPM host is this:
> > 
> > 
> > 
> > 2021-08-26 17:38:30,793-04 WARN 
> > [org.ovirt.engine.core.bll.exportimport.ImportVmFromConfigurationCo
> > mmand] (default task-35) [96d9f0ea-99be-477a-b1d1-3781ffbac041]
> > Validation of action 'ImportVmFromConfiguration' failed for user 
> > admin@internal-authz. Reasons:
> > VAR__ACTION__IMPORT,VAR__TYPE__VM,ACTION_TYPE_FAILED_INVALID_TIMEZO
> > NE,$groups [Ljava.lang.Class;@b263017,$message
> > ACTION_TYPE_FAILED_INVALID_TIMEZONE,$payload
> > [Ljava.lang.Class;@3b789cbf,ACTION_TYPE_FAILED_ATTRIBUTE_PATH,$path
> > vm.vmStatic,$validatedValue 
> > org.ovirt.engine.core.common.businessentities.VmStatic@9f994c52
> > 
> > 
> > 
> > Does anyone know how to get a VM imported in this case?
> > 
> > 
> > 
> > Thanks.
> > 
> > ___
> > 
> > Users mailing list -- users@ovirt.org
> > 
> > To unsubscribe send an email to users-le...@ovirt.org
> > 
> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > 
> > oVirt Code of Conduct: 
> > https://www.ovirt.org/community/about/community-guidelines/
> > 
> > List Archives: 
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/J4L5M3PDZRBFCNT7HINQGSXICPTTFH32/
> > 
> > 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BH4L64GJT52C6B2H7H55YFAK27MX5N5C/

58 matches

Mail list logo