[ovirt-users] static IP with OVN subnet
Hello, Hope you are all doing well. We have an interesting thing going on and so wanted to share with you all for some ideas and feedback. We configured a cluster with OVS switch and added an external network with subnet. So OVN started managing the subnet using DHCP. But here's the problem. When we add a nic with this network, an ip is assigned by DHCP. But we want an IP of our choice to be assigned. Here's what we tried. 1. We tried using the ovn-nbctl lsp-set-address like ovn-nbctl lsp-set-addresses 7840c97b-73c2-4246-a2a8-0e9e5b7f420a "56:6f:6b:54:00:ec 10.19.3.8" to update the static IP. But this does not persist a NIC unplug or a VM reboot. So you might ask why not just try assigning a static IP and not add the external subnet. We want to use security groups. For security groups to work, the ip assigned to the NIC and the IP in the value for fixed_ips in `openstack port show` should be the same. So the same thing repeats here as well. If we use the `openstack port set` to update the fixed_ips, a NIC unplug or a VM reboot will remove the IP. We have an internal IPAM that provides us IPs during our automated provisioning. Did anyone try this or have any ideas how to work around this? The only option seems to be just use DHCP and then update that IP in our internal IPAM tool. Please let me know if I'm unclear and any more info is required. Regards, rav ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/M3GBNIFQS43ZYKQJMX3E2N5CSZK5NZVC/
[ovirt-users] why ovirtmgmt requires untagged network
Hello, I tried searching the archives but couldn't find anything related, so posting a new thread. When adding a new host to the cluster, why do we need to assign the IP on an untagged network in the bond? It is failing with error in setupnetworks when we tried it with the IP assigned to a vlan interface over the bond. For context, the cluster is an ovs-switch based cluster. It works when added to a traditional linux bridge based cluster. Can someone throw some light on this please? Regards, Ravi ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/XR5Z7VJCO6BLB3SMA67QIW246UUHZGEH/
[ovirt-users] adding host to cluster with ovs switch failing
Hello all, I'm facing a strange error. I was able to add a host to a linux bridge based cluster. However if I try adding the host to a cluster with OVS switch it is failing. I can see that nmstate was able to create the ovirtmgmt bridge as well. At that point of time both the ovirtmgmt and the bond0.vlan interfaces have the ip assigned. It then fails and rolls back the config. A workaround that I found to be working was to add the host to linux bridge cluster first and then change the cluster to OVS cluster. Here's a background about the setup. The host is an AMD EPYC with OEL 8.6 installed. The OLVM manager is a standalone VM at 4.4.8. We have a bond0 and ip is assigned to bond0.1222 interface. The interfaces are in a LACP bond on the switch as well. I enabled debug in NetworkManager in the hope of finding some clues, but couldn't. I know 4.4 is EOL. As this is a user mailing list, I thought I'll reach out in hope if someone has seen any similar issue. supervdsm log MainProcess|jsonrpc/3::DEBUG::2022-05-26 14:32:25,336::plugin::172::root::(apply_changes) Nispor: desired network state {'name': 'bond0', 'type': 'bond', 'state': 'up', 'mac-address': 'e4:3d:1a:82:9f:c0', 'link-aggregation': {'port': ['ens10f0np0', 'ens5f0np0'], 'options': {'ad_actor_sys_prio': 65535, 'ad_actor_system': '00:00:00:00:00:00', 'ad_select': 'stable', 'ad_user_port_key': 0, 'all_slaves_active': 'dropped', 'arp_all_targets': 'any', 'arp_interval': 0, 'arp_validate': 'none', 'downdelay': 0, 'lacp_rate': 'slow', 'miimon': 100, 'min_links': 0, 'updelay': 0, 'use_carrier': True, 'xmit_hash_policy': 'layer2', 'arp_ip_target': ''}, 'mode': '802.3ad'}, 'ipv4': {'enabled': False}, 'ipv6': {'enabled': False}, 'mtu': 1500, 'lldp': {'enabled': False}, 'accept-all-mac-addresses': False, '_brport_options': {'name': 'bond0'}, '_controller': 'vdsmbr_6SMdIi3B', '_controller_type': 'ovs-bridge'} MainProcess|jsonrpc/3::DEBUG::2022-05-26 14:32:25,336::plugin::172::root::(apply_changes) Nispor: desired network state {'name': 'ovirtmgmt', 'type': 'ovs-interface', 'state': 'up', 'mtu': 1500, 'ipv4': {'enabled': True, 'address': [{'ip': '10.129.221.19', 'prefix-length': 24}], 'dhcp': False, '_dns': {'server': ['10.150.5.100', '10.229.0.60'], 'search': [], '_priority': 0}, '_routes': [{'table-id': 329647082, 'destination': '0.0.0.0/0', 'next-hop-address': '10.129.221.1', 'next-hop-interface': 'ovirtmgmt'}, {'table-id': 329647082, 'destination': '10.129.221.0/24', 'next-hop-address': '10.129.221.19', 'next-hop-interface': 'ovirtmgmt'}, {'table-id': 254, 'destination': '0.0.0.0/0', 'next-hop-address': '10.129.221.1', 'next-hop-interface': 'ovirtmgmt'}], '_route_rules': [{'ip-from': '', 'ip-to': '10.129.221.0/24', 'priority': 3200, 'route-table': 329647082}, {'ip-from': '10.129.221.0/24', 'ip-to': '', 'priority': 3200, 'route-table': 329647082}]}, 'ipv6': {'enabled': False, '_routes': [], '_route_rules': []}, 'mac-address': 'E4:3D:1A:82:9F:C0', '_brport_options': {'name': 'ovirtmgmt', 'vlan': {'mode': 'access', 'tag': 1222}}, '_controller': 'vdsmbr_6SMdIi3B', '_controller_type': 'ovs-bridge'} MainProcess|jsonrpc/3::DEBUG::2022-05-26 14:32:25,336::plugin::172::root::(apply_changes) Nispor: desired network state {'name': 'vdsmbr_6SMdIi3B', 'state': 'up', 'type': 'ovs-bridge', 'bridge': {'port': [{'name': 'bond0'}, {'name': 'ovirtmgmt', 'vlan': {'mode': 'access', 'tag': 1222}}]}, 'ipv6': {'enabled': False}} MainProcess|jsonrpc/3::DEBUG::2022-05-26 14:32:25,340::context::148::root::(register_async) Async action: Update profile uuid:d8c57758-f784-44f4-a33a-c050ec50b9b9 iface:bond0 type:bond started MainProcess|jsonrpc/3::DEBUG::2022-05-26 14:32:25,340::context::148::root::(register_async) Async action: Add profile: 623b6249-7cfa-4813-9ef6-4870ec6f3a79, iface:bond0, type:ovs-port started MainProcess|jsonrpc/3::DEBUG::2022-05-26 14:32:25,340::context::148::root::(register_async) Async action: Add profile: ed8f5cae-5400-42fd-a72e-645e1fa61a39, iface:ovirtmgmt, type:ovs-interface started MainProcess|jsonrpc/3::DEBUG::2022-05-26 14:32:25,341::context::148::root::(register_async) Async action: Add profile: 3572b137-2091-4825-b418-4d6966430cc1, iface:ovirtmgmt, type:ovs-port started MainProcess|jsonrpc/3::DEBUG::2022-05-26 14:32:25,341::context::148::root::(register_async) Async action: Add profile: bd45447d-f241-4d14-bf5b-28c3966c011d, iface:vdsmbr_6SMdIi3B, type:ovs-bridge started MainProcess|jsonrpc/3::DEBUG::2022-05-26 14:32:25,343::context::157::root::(finish_async) Async action: Update profile uuid:d8c57758-f784-44f4-a33a-c050ec50b9b9 iface:bond0 type:bond finished MainProcess|jsonrpc/3::DEBUG::2022-05-26 14:32:25,349::context::157::root::(finish_async) Async action: Add profile: 623b6249-7cfa-4813-9ef6-4870ec6f3a79, iface:bond0, type:ovs-port finished MainProcess|jsonrpc/3::DEBUG::2022-05-26 14:32:25,350::context::157::root::(finish_async) Async action: Add profile:
[ovirt-users] Re: LACP across multiple switches
> For the ovirtmgmt there’s some caveats to add it on top of bonds. I’m not > sure if as today > is solved, but you need to preconfigure vdsm if you want the bonded > interfaces to host > ovirtmgmt. Can you please elaborate on the "preconfigure vdsm if you want the bonded interfaces to host ovirtmgmt" bit. What config should be changed in vdsm for it to work? Regards, Ravi ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/6IMHJIUJPUMWHAUKI5GKQ5KFK7VMW3KV/
[ovirt-users] what happens during a host bootstrap
Hello, When we add a host to ovirt, the steps at a high level are virtualization checks, installation of packages, and creation of a bridge. Can someone please share more details around the bridge creation? I'll try explaining what I observed. We have a bond0 and the ip is assigned to bond0.121 interface. When we add the host to ovirt, the vdsm bridge is created and ovirtmgmt port is added to the bridge. In case of a OVS switch based cluster, the br-int bridge is also created. The current ip details are obtained, bond0 and bond0.121 are brought down and the ip is assigned to the ovirtmgmt interface. With 4.4 and above this is performed using nmstatectl. I enabled debug in nmstate to observe the steps in detail. So if there's any document or page that I can refer to please post the link. I'm trying to debug a issue where nmstate is creating the ovirtmgmt but rolling back the config due to connectivity failure. So it got me interested in understanding what happens in the background during the setupnetworks phase. Regards. Ravi ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/4HUBGGW7LVNIEQIU3R6ZXSQDPWRDP4E7/
[ovirt-users] Re: new host addition to OVN cluster fails with Connectivity check failed, rolling back
What's surprising is we're seeing the same issue in 4.4.8 as well. Sadly even this is also EOL now. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/X2BIPN3Z5CYFN3PSOVBNDQPX5CFNANOW/
[ovirt-users] Re: new host addition to OVN cluster fails with Connectivity check failed, rolling back
> I would suggest to rather go with 4.5 directly. Thanks. I'm afraid we may not be able to go with 4.5 yet as we're going with Oracle. Regards, Ravi ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/C76W2CX54BI3FWKD6HH7PTR4ZEMAZET5/
[ovirt-users] Re: new host addition to OVN cluster fails with Connectivity check failed, rolling back
Hi Sandro, Thanks for that. I remember you mentioned this in another post too :) I posted about this as there might be some users using 4.3 and might pitch in with some ideas. We're starting out with a greenfield setup. Would you suggest that we rather go with 4.4 directly? Regards, Ravi ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/LO42OOBSIL5W5BUC2DGDCJNIEMSBLSPG/
[ovirt-users] new host addition to OVN cluster fails with Connectivity check failed, rolling back
Hello, I have a a oVirt 4.3 installation with two clusters. One of the cluster has switch type as OVS. I'm trying to add a second host to this cluster. I did a clean install of the OS, configured bond0 and bond0.2306 as the VLAN interface. I was able to add the host to the cluster. When I go to setup networks and drag ovirtmgmt onto bond0, I notice in the host that it was able to create the vdsm and br_int bridges, create ovirtmgmt interface and assign the IP on top of it. However I also notice that the bond0.2306 interface also exists with the ip assigned. Then it rolls back the config removing the bridges. I checked the supervdsm log and see that it's rolling back because "connectivity::48::root::(check) Connectivity check failed, rolling back" I'm pasting the relevant lines from supervdsm below MainProcess|jsonrpc/1::DEBUG::2022-04-21 11:26:53,381::supervdsm_server::106::SuperVdsm.ServerCallback::(wrapper) return network_caps with {'bridges': {}, 'bondings': {'bond0': {'ipv4addrs': [], 'active_slave': '', 'ad_aggregator_id': '1', 'netmask': '', 'ad_partner_mac': '44:38:39:ff:01:33', 'hwaddr': '7c:d3:0a:60:e9:48', 'speed': 2, 'gateway': '', 'ipv6autoconf': True, 'addr': '', 'dhcpv6': False, 'ipv6addrs': [], 'mtu': '9000', 'dhcpv4': False, 'switch': 'legacy', 'ipv4defaultroute': False, 'slaves': ['eno1', 'eno2'], 'ipv6gateway': '::', 'opts': {'mode': '4'}}}, 'nameservers': ['10.222.0.6', '10.333.0.6'], 'nics': {'eno1': {'permhwaddr': '7c:d3:0a:60:e9:48', 'ipv6autoconf': True, 'addr': '', 'speed': 1, 'dhcpv6': False, 'ipv6addrs': [], 'ad_aggregator_id': '1', 'dhcpv4': False, 'netmask': '', 'ipv4defaultroute': False, 'ipv4addrs': [], 'hwaddr': '7c:d3:0a:60:e9:48', 'mtu': '9000', 'ipv6gateway': '::', 'gateway': ''}, 'eno2': {'permhwaddr': '7c:d3:0a:60:e9:49', 'ipv6autoco nf': True, 'addr': '', 'speed': 1, 'dhcpv6': False, 'ipv6addrs': [], 'ad_aggregator_id': '1', 'dhcpv4': False, 'netmask': '', 'ipv4defaultroute': False, 'ipv4addrs': [], 'hwaddr': '7c:d3:0a:60:e9:48', 'mtu': '9000', 'ipv6gateway': '::', 'gateway': ''}, 'eno3': {'ipv6autoconf': True, 'addr': '', 'speed': 1, 'dhcpv6': False, 'ipv6addrs': [], 'mtu': '1500', 'dhcpv4': False, 'netmask': '', 'ipv4defaultroute': False, 'ipv4addrs': [], 'hwaddr': '7c:d3:0a:60:e9:4a', 'ipv6gateway': '::', 'gateway': ''}, 'eno4': {'ipv6autoconf': True, 'addr': '', 'speed': 1, 'dhcpv6': False, 'ipv6addrs': [], 'mtu': '1500', 'dhcpv4': False, 'netmask': '', 'ipv4defaultroute': False, 'ipv4addrs': [], 'hwaddr': '7c:d3:0a:60:e9:4b', 'ipv6gateway': '::', 'gateway': ''}, 'enp0s20f0u1u6': {'ipv6autoconf': True, 'addr': '', 'speed': 0, 'dhcpv6': False, 'ipv6addrs': [], 'mtu': '1500', 'dhcpv4': False, 'netmask': '', 'ipv4defaultroute': False, 'ipv4addrs': [], 'hwaddr': '7e:d3:0a:60:e9:4f', 'ipv6gateway': ' ::', 'gateway': ''}}, 'supportsIPv6': True, 'vlans': {'bond0.2306': {'iface': 'bond0', 'ipv6autoconf': True, 'addr': '10.119.6.237', 'dhcpv6': False, 'ipv6addrs': [], 'vlanid': 2306, 'mtu': '9000', 'dhcpv4': False, 'netmask': '255.255.255.0', 'ipv4defaultroute': True, 'ipv4addrs': ['10.119.6.237/24'], 'ipv6gateway': '::', 'gateway': '10.119.6.1'}}, 'networks': {}} MainProcess|jsonrpc/1::DEBUG::2022-04-21 11:26:54,243::supervdsm_server::99::SuperVdsm.ServerCallback::(wrapper) call get_pti with () {} MainProcess|jsonrpc/1::DEBUG::2022-04-21 11:26:54,243::supervdsm_server::106::SuperVdsm.ServerCallback::(wrapper) return get_pti with -1 MainProcess|jsonrpc/1::DEBUG::2022-04-21 11:26:54,244::supervdsm_server::99::SuperVdsm.ServerCallback::(wrapper) call get_retp with () {} MainProcess|jsonrpc/1::DEBUG::2022-04-21 11:26:54,244::supervdsm_server::106::SuperVdsm.ServerCallback::(wrapper) return get_retp with -1 MainProcess|jsonrpc/1::DEBUG::2022-04-21 11:26:54,244::supervdsm_server::99::SuperVdsm.ServerCallback::(wrapper) call get_ibrs with () {} MainProcess|jsonrpc/1::DEBUG::2022-04-21 11:26:54,245::supervdsm_server::106::SuperVdsm.ServerCallback::(wrapper) return get_ibrs with 1 MainProcess|jsonrpc/1::DEBUG::2022-04-21 11:26:54,245::supervdsm_server::99::SuperVdsm.ServerCallback::(wrapper) call get_ssbd with () {} MainProcess|jsonrpc/1::DEBUG::2022-04-21 11:26:54,245::supervdsm_server::106::SuperVdsm.ServerCallback::(wrapper) return get_ssbd with -1 MainProcess|jsonrpc/1::DEBUG::2022-04-21 11:26:54,246::supervdsm_server::99::SuperVdsm.ServerCallback::(wrapper) call check_qemu_conf_contains with ('vnc_tls', '1') {} MainProcess|jsonrpc/1::DEBUG::2022-04-21 11:26:54,250::supervdsm_server::106::SuperVdsm.ServerCallback::(wrapper) return check_qemu_conf_contains with True MainProcess|jsonrpc/2::DEBUG::2022-04-21 11:26:55,304::supervdsm_server::99::SuperVdsm.ServerCallback::(wrapper) call setupNetworks with ({u'ovirtmgmt': {u'ipv6autoconf': True, u'vlan': u'2306', u'ipaddr': u'10.119.6.237', u'switch': u'ovs', u'mtu': 9000, u'bonding': u'bond0', u'dhcpv6': False, u'STP': u'no', u'bridged': u'true',
[ovirt-users] OVN in oVirt : practical use cases
Hello, I was exploring OVN in oVirt and got thinking as to where it's practical use cases are? Folks who've implemented it in their production environments, can you please explain how you are using OVN in your environment. It seemed to be a bit complex for implementing and maintaining. It might be complex to me because I'm still fairly new to it. So is the OVN/OVS implementation geared towards teams that build the backend functionalities for virtualization softwares like VMware NSX etc? Hence my question asking if there are any practical benefits to using OVN/OVS in a regular virtualization environment. For example, if we're a financial or automobile setup where we use oVirt for provisioning VMs, what extra value does OVN/OVS add if we were to use it. Regards, Ravi ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/5EBFOJSMKRYVA5YT7TLMAG23JV2TSBSQ/
[ovirt-users] Re: OVN routing and firewalling in oVirt
Thank you very much for listing down the steps. It's been 5 years. So I'm not sure if we still need to create LRPs and LSPs manually? I ask because I do not see any provision in the oVirt interface. If we have a large number of networks defined in OVN, then it'll be a task to add the LRPs and LSPs? Regards, Ravi ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/MTQJCOKHMG2J7H6MFERPL2BGGHDYTYPY/
[ovirt-users] Duplicate nameserver in Host causing unassigned state when adding. possible bug?
Hello all, We are running oVirt 4.3.10.4-1.0.22.el7. I noticed an interesting issue or a possible bug yesterday. I was trying to add a host when I noticed that it was failing and the host status was going into 'unassigned' state. I saw the below error in the engine log. /var/log/ovirt-engine/engine.log 2022-04-07 15:17:07,739+04 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.CollectVdsNetworkDataAfterInstallationVDSCommand] (EE-ManagedThreadFactory-engine-Thread-24723) [4917a348] HostName = olvsrv005u 2022-04-07 15:17:07,739+04 ERROR [org.ovirt.engine.core.vdsbroker.vdsbroker.CollectVdsNetworkDataAfterInstallationVDSCommand] (EE-ManagedThreadFactory-engine-Thread-24723) [4917a348] Failed in 'CollectVdsNetworkDataAfterInstallationVDS' method, for vds: 'olvsrv005u'; host: '10.119.6.232': CallableStatementCallback; SQL [{call insertnameserver(?, ?, ?)}ERROR: duplicate key value violates unique constraint "name_server_pkey" Detail: Key (dns_resolver_configuration_id, address)=(459b68e6-b684-4cf6-8834-755249a6bd3a, 10.119.10.212) already exists. Where: SQL statement "INSERT INTO name_server( address, position, dns_resolver_configuration_id) VALUES ( v_address, v_position, v_dns_resolver_configuration_id)" PL/pgSQL function insertnameserver(uuid,character varying,smallint) line 3 at SQL statement; nested exception is org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "name_server_pkey" Detail: Key (dns_resolver_configuration_id, address)=(459b68e6-b684-4cf6-8834-755249a6bd3a, 10.119.10.212) already exists. Then I checked the resolv.conf on the host [root@olvsrv005u ~]# cat /etc/resolv.conf # Version: 1.00 search uat.abc.com nameserver 10.119.10.212 nameserver 10.119.10.212 Well, ideally it's of no use having duplicate nameserver. But it was not affecting the functionality of the host. However it was failing the addition of the host, probably because it was failing when updating the host's config in the engine DB due to the duplicate nameserver. To test this I commented the duplicate value and checked. The host is now added successfully. 2022-04-07 15:33:37,301+04 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.GetHardwareInfoAsyncVDSCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-39) [] START, GetHardwareInfoAsyncVDSCommand(HostName = olvsrv005u, VdsIdA ndVdsVDSCommandParametersBase:{hostId='459b68e6-b684-4cf6-8834-755249a6bd3a', vds='Host[olvsrv005u,459b68e6-b684-4cf6-8834-755249a6bd3a]'}), log id: 52e7ec52 2022-04-07 15:33:37,301+04 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.GetHardwareInfoAsyncVDSCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-39) [] FINISH, GetHardwareInfoAsyncVDSCommand, return: , log id: 52e7ec52 2022-04-07 15:33:37,356+04 INFO [org.ovirt.engine.core.bll.SetNonOperationalVdsCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-39) [3de72cb7] Running command: SetNonOperationalVdsCommand internal: true. Entities affected : ID: 459b68e6-b684-4cf6-8834-755249a6bd3a Type: VDS 2022-04-07 15:33:37,360+04 INFO [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-39) [3de72cb7] START, SetVdsStatusVDSCommand(HostName = olvsrv005u, SetVdsStatusVDSCommandPa rameters:{hostId='459b68e6-b684-4cf6-8834-755249a6bd3a', status='NonOperational', nonOperationalReason='NETWORK_UNREACHABLE', stopSpmFailureLogged='false', maintenanceReason='null'}), log id: 1bfc90a3 2022-04-07 15:33:37,363+04 INFO [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-39) [3de72cb7] FINISH, SetVdsStatusVDSCommand, return: , log id: 1bfc90a3 2022-04-07 15:33:37,404+04 ERROR [org.ovirt.engine.core.bll.SetNonOperationalVdsCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-39) [3de72cb7] Host 'olvsrv005u' is set to Non-Operational, it is missing the following networks Should I raise this as a bug? I'm of the opinion that it should be because if it's not breaking the host's functionality then it should be ok. Regards, Ravi ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/AG2YNGDUGRJR5C3KITMIGPGUJ4LRCF3Y/
[ovirt-users] Re: Network filters in oVirt : zero-trust, IP and port filtering
I've created the below filter. The intention is that it will allow incoming traffic only from SRCIP parameter and within the port range. However I'm still able to access the VM from other IPs as well. We are running oVirt 4.3 and the networks are vlan tagged. virsh -r nwfilter-dumpxml clean-ip-port-filter f9d2ff6b-db31-41a0-8f1b-97dc0166c10a Could it be because of the statement "VLAN (802.1Q) packets, if sent by a virtual machine, cannot be filtered with rules for protocol IDs arp, rarp, ipv4 and ipv6 but only with protocol IDs mac and vlan." in https://libvirt.org/formatnwfilter.html? If netfilters do not work with vlan packets, is there any other way I can implement such filtering? Regards, Ravi ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/26QZXVTPR32XMZXXUZUXLAEGM6NK62DR/
[ovirt-users] Re: Link multiple self-hosted engines
The thread https://lists.ovirt.org/archives/list/users@ovirt.org/thread/CD5WDA2Y77MHQOV73DQ5UA7W3YO7COUY/ also suggests using ManageIQ. I'll read more on that to find out. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/K2T6V4JDT5HYU6JLCWHTCQQWPBZ7LPEL/
[ovirt-users] Link multiple self-hosted engines
Hello, We are planning to install self-hosted engines in our production and DR locations which are separated physically. VMware's vcenter has a feature wherein we can link vcenters so we can access both DCs in the same console. Do we have something like that in oVirt as well? I was searching and found this for oVirt 3.5 https://lists.ovirt.org/archives/list/users@ovirt.org/thread/4LDSUM4NRHUONOC4HUPRYNKXCNL4TRBF/#B6QUSHZYFZ2MLUSU5VXA542UTKG6PXUH The suggestion which mentions about using ManageIq seemed interesting. If anyone is managing multiple oVirt environments please share some ideas from experience. Regards, Ravi ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/IGJLBFPJUKI46DBTT3KDS66FYBTRROK6/
[ovirt-users] Re: OVS switch type for hosted-engine
I tried this and it didn't work. In 4.3 the option to change the switch type is not allowed. I still changed the switch type of ovirtmgmt in the file and rebooted. But it didn't have any effect. Isn't there a way we can specify OVS as switch type when installing the self-hosted engine? Regards, Ravi ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/I2IOHY42OKJ6QSQTI6KM7KHMRKMV6SAH/
[ovirt-users] Re: OVS switch type for hosted-engine
> Just to close this thread, we were able to manually convert our hosted-engine > 4.1.1 Hello Devin, Thanks a lot for this. I was setting up a cluster and intended it enable OVN in it. I came across this thread when searching for a solution. Does this change in 4.3 version or 4.4 so we can specify switch type when creating a self-hosted engine. Any ideas? Regards, Ravi ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/743UMYSQV3MQGBFTGTW7D7UL3N5ECIEZ/
[ovirt-users] Re: New oVirt self-hosted engine deployment : design ideas
> If you are going to have more hosts, please note that it's not > recommended to have more than 8 hosted-engine hosts. So if you'll > still want to keep them all in the same cluster, some of them will be > HE hosts and some not - this might be slightly confusing, depending on > your use case. Thanks a lot for replying. I'm planning to just have 2 self-hosted hosts in the cluster01. I'll create a cluster02 and add the remaining regular hosts to it. > You can try searching the list archives for previous discussions about > topology/architecture that people had over the years. > > You might want to check also this somewhat-old but still mostly > relevant doc, which is for RHV, but probably applies 99% to oVirt as > well: > > https://www.redhat.com/en/resources/best-practice-rhv-technology-detail > > Good luck and best regards, I'll go through this doc and will also search the threads. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/FCA27NIWKSDPNGMSEH2CLOBTLU37J3IC/
[ovirt-users] New oVirt self-hosted engine deployment : design ideas
Hello, We are creating a self-hosted engine deployment and have come up with a draft design. I thought I'll get your thoughts on improving it. It is still a test setup and so we can make changes to make it resilient. We have four hosts, host01..04. I did the self-hosted engine deployment on the first node which created a dc, cluster01 and a storage domain hosted_storage. I added host02 also as a self-hosted engine host to cluster01. Now the questions :-) 1. It is recommended not to use this SD hosted_storage for regular VMs. So I'll create another SD dc_sd01. Should I use this dc_sd01 and cluster01 when creating regular VMs? What's the best practice? 2. It is a bit confusing to get my head around this concept of running regular VMs on these self-hosted engine hosts. Can I just run regular VMs in these hosts and they'll run fine? 3. Please do suggest any other recommendations from experience in terms of designing the clusters, storage domains etc. It'll help as it is a new setup and we have the scope to make changes. Regards, Ravi ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/VPBNU6TW2AOXPANQCF5KIXRHNTCNXL4Q/
[ovirt-users] New virtual machine default properties
Hello, We are currently using oVirt version 4.3.10.4-1.0.22.el7. When we click on create new VM, the OS is selected as "other OS" and "optimized for" is desktop. I'm creating the VMs from Ansible. The problem is that the "video type" is defaulting to QXL due to which the VM is failing to start with an error " Exit message: unsupported configuration: this QEMU does not support 'qxl' video device." It used to default to VGA earlier because this playbook was working earlier. So I'm guessing some config would've been changed which is causing this. But I was not able to find where this default config is set. Can you please help? I checked to see if I can set it in the Ansible playbook. But Ansible's ovirt_vm module only provides headless_mode and protocol options. It would be nice if it provided the video type parameter as well. Is there any config file in the engine that I can tweak to set the default values for a new VM creation? Regards, Ravi ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/SCGRB67GVOW4TJ62Z5OQVPG566JXI4T7/
[ovirt-users] Re: Network filters in oVirt : zero-trust, IP and port filtering
> you can use it from the engine under some conditions. > 1) You need to make sure that all hosts have this filter. > 2) You need to define this filter in engine DB otherwise you would need > some kind of hook to apply it. Thanks a lot for that. If there's any doc that hints on how to define the filter in the engine DB, can you please point me there? Right now I'm creating a filter to test for this functionality. Once it's working I'll then try defining it in the DB. Also if it's working as expected we'll submit it to libvirt as well. Regards, ravi ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/6DTFTTGNWTNRQQ3V2PMED6BMOKWPQJ66/
[ovirt-users] Network filters in oVirt : zero-trust, IP and port filtering
Good people of the community, Hope you are all doing well. We are exploring the network filters in oVirt to check if we can implement a zero-trust model at the network level. The intention is to have a filter which takes two parameters, IP and PORT. After that there will be a 'deny all' rule. We realized that none of the default network filters offer such a functionality and the only option is to write a custom filter. Why don't we have such a filter in libvirt and thereby in oVirt? Someone would've already thought about such a use case. So I was thinking maybe network filters aren't meant to be used for implementing such functionalities like zero-trust? Also what are some practical use cases of the default filters that are provided? I was able to understand and use the clean-traffic and clean-traffic-gateway. Regards, ravi ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/J2PUNVD7N45X7YDE5UX2CXWGDEFDS46M/
[ovirt-users] Re: Installing a windows vm from importing an OVA Template
Hello, I work along with Moiz and here's what we tried. We created a blank VM, loaded Windows 2016 ISO and booted it up. When we select the OS as Windows 2016 x64 the ISO is loaded but the screen is stuck with the windows logo. The CPU spikes up to 99%. However if we select the OS as 'Other OS' the installation proceeds. We compared the XML files in both cases and noticed that the below parameters are added when we select the OS as windows 2016. I guess this is expected because of the line "hypervEnabled = vmInfoBuildUtils.isHypervEnabled(vm.getVmOsId(), vm.getCompatibilityVersion());" in https://github.com/oVirt/ovirt-engine/blob/ovirt-engine-4.3/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/builder/vminfo/LibvirtVmXmlBuilder.java However the question is why are the hyperv enlightenments causing a problem? The host details are as below: Linux server01 3.10.0-1160.49.1.el7.x86_64 #1 SMP Tue Nov 23 11:18:01 PST 2021 x86_64 x86_64 x86_64 GNU/Linux lscpu Architecture: x86_64 CPU op-mode(s):32-bit, 64-bit Byte Order:Little Endian CPU(s):96 On-line CPU(s) list: 0-95 Thread(s) per core:2 Core(s) per socket:24 Socket(s): 2 NUMA node(s): 2 Vendor ID: GenuineIntel CPU family:6 Model: 85 Model name:Intel(R) Xeon(R) Platinum 8160 CPU @ 2.10GHz Stepping: 4 CPU MHz: 2100.000 BogoMIPS: 4200.00 Virtualization:VT-x L1d cache: 32K L1i cache: 32K L2 cache: 1024K L3 cache: 33792K NUMA node0 CPU(s): 0-23,48-71 NUMA node1 CPU(s): 24-47,72-95 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb cat_l3 cdp_l3 invpcid_single intel_ppin intel_pt ssbd mba ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm cqm mpx rdt_a avx512f avx512dq rdseed adx smap clflushopt clwb avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local dtherm ida arat pln pts hwp_epp pku ospke md_clear spec_ctrl intel_stibp flush_l1d The CPU type in ovirt detects it as Intel Skylake-Server-noTSX-IBRS Family. We tried changing the cpu type for the VM to broadwell and other types to no effect. The ovirt version is 4.3.10.4-1.0.22.el7 ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/5BKRP3PVXH7UW3Z736VURGDQGBWPH6WO/
[ovirt-users] Re: New oVirt setup with OVN : Hypervisor with LACP bond : queries
>With those conditions you don't need to start any > service, everything should be running and the hosts installed > in the cluster will have tunnels ready on ovirtmgmt. Thanks for that. It is clear now. We have an existing oVirt setup with logical networks created. In order to test OVN we are going to add a new cluster with switch type as OVS and the default network provider as ovirt-provider-ovn. We will then add a host to this cluster. The section 14.2.7.5 mentions "You can create an external provider network that overlays a native Red Hat Virtualization network so that the virtual machines on each appear to be sharing the same subnet." Does this mean that we should always first create a native RHV network that talks to the physical network? Is it not possible for OVN to talk directly to the physical network by using the LACP bond configured in the physical host? ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/AHMBUFPAMNGNOCX47UCFZCDAJ3PKXLSR/
[ovirt-users] Re: New oVirt setup with OVN : Hypervisor with LACP bond : queries
> You should not run ovn-config manually, if the host bond0 has ovirtmgmt on > top of it. That is all done by host deploy. The step might be needed if you > want to have a tunnel on a different interface than ovirtmgmt is using. Thanks for that. We performed a normal oVirt install and as a part of it the controller was installed in the manager. I can see the pre-req rpms and services are also installed in the hypervisors. So If I understood correctly you're saying that the tunnels and bridge would've been already created when we added the host? If we just bring up the openvswitch and ovn-controller services we should be able to see the tunnels and bridge. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/XOBGD7VYYBAW4MK2F3SSWHFHWAHGLUYW/
[ovirt-users] Re: New oVirt setup with OVN : Hypervisor with LACP bond : queries
> Can you give some more details about your current vSphere infrastructure? > What about the level of downtime you could give when migrating? > Have you already planned the strategy to transfer your VMs from vSphere to > oVirt? We are still in the initial stages and so conducting a POC. > Take care that probably on your VMware side your VMs have virtual hw for > nics defined as vmxnet, so when you migrate to oVirt, it will change and so > depending on your OS type (Windows based or Linux based) and in case of > Linux, depending on your distro and version, some manual operations could > be required to remap vnic assignments and definitions. We are planning to clone a VM and then migrate it to note down the findings. We will surely verify the virtual nic hw as well. > Take care that in RHV this feature is still considered Technology Preview, > so not recommended for production. It could apply to oVirt even more, so... > BTW, what do you mean with "... the fact that we have a SDN..."? Do you > mean standard virtual networking in contrast with physical one or do you > have any kind of special networking in vSphere now (NSX or such...)? We have SDN implemented at our physical network level. IIRC it is Cumulus. We do not have NSX. What I meant was as we have SDN implemented at the physical network level. So will it make it easier to connect our Ovirt to the physical network. I will go through the docs you updated and come back. > That was a thread originated by me... ;-) > But please consider that it is 5 years old now! At that time we were at 4.1 > stage, while now we are at very different 4.4, so refer in case to recent > threads and better recent upstream (oVirt) and downstream (RHV) official > documentation pointed above > Also, at that time ansible was not very much in place, while now in many > configuration tasks it is deeply involved. > The main concern in that thread was the impact of having OVN tunneling on > the ovirtmgmt management network, that is the default choice when you > configure OVN, in contrast with creating a dedicated network for it. My apologies. I wasn't clear. As the IP was assigned on bond0 which is a LACP bond, do we need to make any changes before running the vdsm-tool ovn-config ? > some manual undocumented steps through OpenStack Networking API or Ansible > could be required depending on your needs I'll go through the docs you mentioned and update here about my progress. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/FCOB5JRZVHFYDDUNWP5JUL2T6OA2IILG/
[ovirt-users] New oVirt setup with OVN : Hypervisor with LACP bond : queries
Hello team, Thank you for all the wonderful work you've been doing. I'm starting out new with oVirt and OVN. So please excuse me if the questions are too naive. We intend to do a POC to check if we can migrate VMs off our current VMware to oVirt. The intention is to migrate the VMs with the same IP into oVirt. We've setup oVirt with three hypervisors. All of them have four ethernet adapters. We have SDN implemented in our network and LACP bonds are created at the switch level. So we've created two bonds, bond0 and bond1 in each hypervisor. bond0 has the logical networks with vlan tagging created like bond0.101, bond0.102 etc. As a part of the POC we also want to explore OVN as well to check if we can implement a zero trust security policy. Here are the questions now :) 1. We would like to migrate VMs with the current IP into oVirt. Is it possible to achieve this? I've been reading notes and pages that mention about extending the physical network into OVN. But it's a bit confusing on how to implement it. How do we connect OVN to the physical network? Does the fact that we have a SDN make it easier to get this done? I am still reading the ovn-architecture page. It is mentioned that the gateway is the component that extends a tunnel-based logical network into a physical network. 2. We have the IP for the hypervisor assigned on a logical network(ovirtmgmt) in bond0. I read in https://lists.ovirt.org/archives/list/users@ovirt.org/thread/CIE6MZ47GRCEX4Z6GWRLFSERCEODADJY/ that oVirt does not care about how the IP is configured when creating the tunnels. 3. Once we have OVN setup, ovn logical networks created and VMs created/migrated, how do we establish the zero trust policy? From what I've read there are ACLs and security groups. Any pointers on where to explore more about implementing it. If you've read till here, thank you for your patience. Regards, ravi ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/OUEO35NTR4LA4XW3JA6TFLFJAP7NH23I/