Re: [ovirt-users] Ovirt 4.0 and EL 7.4
On Fri, Nov 10, 2017 at 5:58 PM, VONDRA Alain wrote: > Hi Pavel, > > You wrote that vdsm has to be patch to run without issues, but where can I > find the patch or which lines do I have to modify, because I still have > issues like that : > > > > vdsm vds ERROR failed to retrieve hardware info > > Traceback (most recent call last): > > File "/usr/share/vdsm/API.py", line 1344, in getHardwareInfo... > > vdsm[3980]: vdsm vds.dispatcher ERROR SSL error during reading data: > unexpected eof > > vdsm[3980]: vdsm vds ERROR failed to retrieve hardware info > > Traceback (most recent call last): > > File "/usr/share/vdsm/API.py", line 1344, in getHardwareInfo... > > vdsm[3980]: vdsm vds ERROR failed to retrieve hardware info > > Traceback (most recent call last): > > File "/usr/share/vdsm/API.py", line 1344, in getHardwareInfo... > This sounds like a different issue (which is ALSO fixed in latest 4.1 - https://gerrit.ovirt.org/#/c/77432/ perhaps?). I assume you'll keep running into issues, some of which we've already fixed - I hope you can upgrade soon to the latest 4.1. Y. > > > Thanks > > > > -- > > *Alain VONDRA * > *Chargé d'Exploitation et de Sécurité des Systèmes d'Information * > *Direction Administrative et Financière* > * +33 1 44 39 77 76 <+33%201%2044%2039%2077%2076> * > > *UNICEF France 3 rue Duguay Trouin 75006 PARIS* > * www.unicef.fr <http://www.unicef.fr/> * > <http://www.unicef.fr> > > <http://www.unicef.fr/> > > <http://www.unicef.fr/> <http://www.unicef.fr/> <http://www.unicef.fr/> > > > > ------------------ > <http://www.unicef.fr> > > *De :* users-boun...@ovirt.org [mailto:users-boun...@ovirt.org] *De la > part de* Jorick Astrego > *Envoyé :* mardi 10 octobre 2017 19:41 > *À :* users@ovirt.org > *Objet :* Re: [ovirt-users] Ovirt 4.0 and EL 7.4 > > > > Hi, > > I've redeployed a node with 7.3 to fix this issue but got the same errors > with ovirt 4.0. > > MainThread::DEBUG::2017-10-10 > 18:30:30,945::upgrade::90::upgrade::(apply_upgrade) > Running upgrade upgrade-unified-persistence > MainThread::DEBUG::2017-10-10 > 18:30:30,951::libvirtconnection::160::root::(get) > trying to connect libvirt > MainThread::ERROR::2017-10-10 > 18:30:41,125::upgrade::94::upgrade::(apply_upgrade) > Failed to run upgrade-unified-persistence > Traceback (most recent call last): > File "/usr/lib/python2.7/site-packages/vdsm/tool/upgrade.py", line 92, > in apply_upgrade > upgrade.run(ns, args) > File "/usr/lib/python2.7/site-packages/vdsm/tool/unified_persistence.py", > line 195, in run > run() > File "/usr/lib/python2.7/site-packages/vdsm/tool/unified_persistence.py", > line 46, in run > networks, bondings = _getNetInfo() > File "/usr/lib/python2.7/site-packages/vdsm/tool/unified_persistence.py", > line 132, in _getNetInfo > netinfo = NetInfo(netswitch.netinfo()) > File "/usr/lib/python2.7/site-packages/vdsm/network/netswitch.py", line > 298, in netinfo > _netinfo = netinfo_get(compatibility=compatibility) > File "/usr/lib/python2.7/site-packages/vdsm/network/netinfo/cache.py", > line 109, in get > return _get(vdsmnets) > File "/usr/lib/python2.7/site-packages/vdsm/network/netinfo/cache.py", > line 70, in _get > libvirt_nets = libvirt.networks() > File "/usr/lib/python2.7/site-packages/vdsm/network/libvirt.py", line > 113, in networks > conn = libvirtconnection.get() > File "/usr/lib/python2.7/site-packages/vdsm/libvirtconnection.py", line > 163, in get > password) > File "/usr/lib/python2.7/site-packages/vdsm/libvirtconnection.py", line > 99, in open_connection > return utils.retry(libvirtOpen, timeout=10, sleep=0.2) > File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 547, in > retry > return func() > File "/usr/lib64/python2.7/site-packages/libvirt.py", line 105, in > openAuth > if ret is None:raise libvirtError('virConnectOpenAuth() failed') > libvirtError: authentication failed: authentication failed > > > > Oct 10 19:35:55 host1 sasldblistusers2: _sasldb_getkeyhandle has failed > > Oct 10 19:36:20 host1 libvirtd: 2017-10-10 17:36:20.002+: 13660: error > : virNetSASLSessionListMechanisms:390 : internal error: cannot list SASL > mechanisms -4 (SASL(-4): no mechanism available: Internal Error -4 in > server.c near line 1757) > Oct 10 19:36:20 host1 libvirtd: 2017-10-10
Re: [ovirt-users] Ovirt 4.0 and EL 7.4
Hello Alain, This bug can be fixed by https://gerrit.ovirt.org/#/c/77432/ Also the following patches are useful: https://gerrit.ovirt.org/#/c/78005/ https://gerrit.ovirt.org/#/c/78830/ https://gerrit.ovirt.org/#/c/78831/ Alternatively, you can add the following repos to your /etc/yum.repos.d and yum update. [thepax-ovirt40] name=Latest oVirt 4.0 packages baseurl=https://thepax.gitlab.io/ovirt40/RPMS enabled=1 gpgcheck=0 [thepax-ovirt40-plus] name=Patched oVirt 4.0 packages baseurl=https://thepax.gitlab.io/ovirt40-plus/RPMS enabled=1 gpgcheck=0 From: VONDRA Alain Date: Friday, 10 November 2017 at 18:58 To: Jorick Astrego , "users@ovirt.org" Cc: Pavel Gashev Subject: RE: [ovirt-users] Ovirt 4.0 and EL 7.4 Hi Pavel, You wrote that vdsm has to be patch to run without issues, but where can I find the patch or which lines do I have to modify, because I still have issues like that : vdsm vds ERROR failed to retrieve hardware info Traceback (most recent call last): File "/usr/share/vdsm/API.py", line 1344, in getHardwareInfo... vdsm[3980]: vdsm vds.dispatcher ERROR SSL error during reading data: unexpected eof vdsm[3980]: vdsm vds ERROR failed to retrieve hardware info Traceback (most recent call last): File "/usr/share/vdsm/API.py", line 1344, in getHardwareInfo... vdsm[3980]: vdsm vds ERROR failed to retrieve hardware info Traceback (most recent call last): File "/usr/share/vdsm/API.py", line 1344, in getHardwareInfo... Thanks Alain VONDRA Chargé d'Exploitation et de Sécurité des Systèmes d'Information Direction Administrative et Financière +33 1 44 39 77 76 UNICEF France 3 rue Duguay Trouin 75006 PARIS www.unicef.fr<http://www.unicef.fr/> [cid:image001.png@01D35A6D.7D185C80]<http://www.unicef.fr/> De : users-boun...@ovirt.org [mailto:users-boun...@ovirt.org] De la part de Jorick Astrego Envoyé : mardi 10 octobre 2017 19:41 À : users@ovirt.org Objet : Re: [ovirt-users] Ovirt 4.0 and EL 7.4 Hi, I've redeployed a node with 7.3 to fix this issue but got the same errors with ovirt 4.0. MainThread::DEBUG::2017-10-10 18:30:30,945::upgrade::90::upgrade::(apply_upgrade) Running upgrade upgrade-unified-persistence MainThread::DEBUG::2017-10-10 18:30:30,951::libvirtconnection::160::root::(get) trying to connect libvirt MainThread::ERROR::2017-10-10 18:30:41,125::upgrade::94::upgrade::(apply_upgrade) Failed to run upgrade-unified-persistence Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/vdsm/tool/upgrade.py", line 92, in apply_upgrade upgrade.run(ns, args) File "/usr/lib/python2.7/site-packages/vdsm/tool/unified_persistence.py", line 195, in run run() File "/usr/lib/python2.7/site-packages/vdsm/tool/unified_persistence.py", line 46, in run networks, bondings = _getNetInfo() File "/usr/lib/python2.7/site-packages/vdsm/tool/unified_persistence.py", line 132, in _getNetInfo netinfo = NetInfo(netswitch.netinfo()) File "/usr/lib/python2.7/site-packages/vdsm/network/netswitch.py", line 298, in netinfo _netinfo = netinfo_get(compatibility=compatibility) File "/usr/lib/python2.7/site-packages/vdsm/network/netinfo/cache.py", line 109, in get return _get(vdsmnets) File "/usr/lib/python2.7/site-packages/vdsm/network/netinfo/cache.py", line 70, in _get libvirt_nets = libvirt.networks() File "/usr/lib/python2.7/site-packages/vdsm/network/libvirt.py", line 113, in networks conn = libvirtconnection.get() File "/usr/lib/python2.7/site-packages/vdsm/libvirtconnection.py", line 163, in get password) File "/usr/lib/python2.7/site-packages/vdsm/libvirtconnection.py", line 99, in open_connection return utils.retry(libvirtOpen, timeout=10, sleep=0.2) File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 547, in retry return func() File "/usr/lib64/python2.7/site-packages/libvirt.py", line 105, in openAuth if ret is None:raise libvirtError('virConnectOpenAuth() failed') libvirtError: authentication failed: authentication failed Oct 10 19:35:55 host1 sasldblistusers2: _sasldb_getkeyhandle has failed Oct 10 19:36:20 host1 libvirtd: 2017-10-10 17:36:20.002+: 13660: error : virNetSASLSessionListMechanisms:390 : internal error: cannot list SASL mechanisms -4 (SASL(-4): no mechanism available: Internal Error -4 in server.c near line 1757) Oct 10 19:36:20 host1 libvirtd: 2017-10-10 17:36:20.002+: 13660: error : remoteDispatchAuthSaslInit:3411 : authentication failed: authentication failed Oct 10 19:36:20 host1 libvirtd: 2017-10-10 17:36:20.002+: 13650: error : virNetSocketReadWire:1808 : End of file while reading data: Input/output error Oct 10 19:36:20 host1 vdsm-tool: libvirt: XML-RPC error : authentication failed: a
Re: [ovirt-users] Ovirt 4.0 and EL 7.4
Hi Pavel, You wrote that vdsm has to be patch to run without issues, but where can I find the patch or which lines do I have to modify, because I still have issues like that : vdsm vds ERROR failed to retrieve hardware info Traceback (most recent call last): File "/usr/share/vdsm/API.py", line 1344, in getHardwareInfo... vdsm[3980]: vdsm vds.dispatcher ERROR SSL error during reading data: unexpected eof vdsm[3980]: vdsm vds ERROR failed to retrieve hardware info Traceback (most recent call last): File "/usr/share/vdsm/API.py", line 1344, in getHardwareInfo... vdsm[3980]: vdsm vds ERROR failed to retrieve hardware info Traceback (most recent call last): File "/usr/share/vdsm/API.py", line 1344, in getHardwareInfo... Thanks Alain VONDRA Chargé d'Exploitation et de Sécurité des Systèmes d'Information Direction Administrative et Financière +33 1 44 39 77 76 UNICEF France 3 rue Duguay Trouin 75006 PARIS www.unicef.fr<http://www.unicef.fr/> <http://www.unicef.fr> <http://www.unicef.fr/> <http://www.unicef.fr/><http://www.unicef.fr/>[cid:20-NOV-2017_b6f93210-e459-4491-a078-a0ee02457f91.png]<http://www.unicef.fr/> <http://www.unicef.fr> De : users-boun...@ovirt.org [mailto:users-boun...@ovirt.org] De la part de Jorick Astrego Envoyé : mardi 10 octobre 2017 19:41 À : users@ovirt.org Objet : Re: [ovirt-users] Ovirt 4.0 and EL 7.4 Hi, I've redeployed a node with 7.3 to fix this issue but got the same errors with ovirt 4.0. MainThread::DEBUG::2017-10-10 18:30:30,945::upgrade::90::upgrade::(apply_upgrade) Running upgrade upgrade-unified-persistence MainThread::DEBUG::2017-10-10 18:30:30,951::libvirtconnection::160::root::(get) trying to connect libvirt MainThread::ERROR::2017-10-10 18:30:41,125::upgrade::94::upgrade::(apply_upgrade) Failed to run upgrade-unified-persistence Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/vdsm/tool/upgrade.py", line 92, in apply_upgrade upgrade.run(ns, args) File "/usr/lib/python2.7/site-packages/vdsm/tool/unified_persistence.py", line 195, in run run() File "/usr/lib/python2.7/site-packages/vdsm/tool/unified_persistence.py", line 46, in run networks, bondings = _getNetInfo() File "/usr/lib/python2.7/site-packages/vdsm/tool/unified_persistence.py", line 132, in _getNetInfo netinfo = NetInfo(netswitch.netinfo()) File "/usr/lib/python2.7/site-packages/vdsm/network/netswitch.py", line 298, in netinfo _netinfo = netinfo_get(compatibility=compatibility) File "/usr/lib/python2.7/site-packages/vdsm/network/netinfo/cache.py", line 109, in get return _get(vdsmnets) File "/usr/lib/python2.7/site-packages/vdsm/network/netinfo/cache.py", line 70, in _get libvirt_nets = libvirt.networks() File "/usr/lib/python2.7/site-packages/vdsm/network/libvirt.py", line 113, in networks conn = libvirtconnection.get() File "/usr/lib/python2.7/site-packages/vdsm/libvirtconnection.py", line 163, in get password) File "/usr/lib/python2.7/site-packages/vdsm/libvirtconnection.py", line 99, in open_connection return utils.retry(libvirtOpen, timeout=10, sleep=0.2) File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 547, in retry return func() File "/usr/lib64/python2.7/site-packages/libvirt.py", line 105, in openAuth if ret is None:raise libvirtError('virConnectOpenAuth() failed') libvirtError: authentication failed: authentication failed Oct 10 19:35:55 host1 sasldblistusers2: _sasldb_getkeyhandle has failed Oct 10 19:36:20 host1 libvirtd: 2017-10-10 17:36:20.002+: 13660: error : virNetSASLSessionListMechanisms:390 : internal error: cannot list SASL mechanisms -4 (SASL(-4): no mechanism available: Internal Error -4 in server.c near line 1757) Oct 10 19:36:20 host1 libvirtd: 2017-10-10 17:36:20.002+: 13660: error : remoteDispatchAuthSaslInit:3411 : authentication failed: authentication failed Oct 10 19:36:20 host1 libvirtd: 2017-10-10 17:36:20.002+: 13650: error : virNetSocketReadWire:1808 : End of file while reading data: Input/output error Oct 10 19:36:20 host1 vdsm-tool: libvirt: XML-RPC error : authentication failed: authentication failed Oct 10 19:36:20 host1 systemd: vdsm-network.service: control process exited, code=exited status=1 Oct 10 19:36:20 host1 systemd: Failed to start Virtual Desktop Server Manager network restoration. Oct 10 19:36:20 host1 systemd: Dependency failed for Virtual Desktop Server Manager. Oct 10 19:36:20 host1 systemd: Dependency failed for MOM instance configured for VDSM purposes. Oct 10 19:36:20 host1 systemd: Job mom-vdsm.service/start failed with result 'dependency'. Oct 10 19:36:20 host1 systemd: Job vdsmd.service/start fa
Re: [ovirt-users] Ovirt 4.0 and EL 7.4
; Oct 10 19:36:20 host1 systemd: Dependency failed for MOM instance > configured for VDSM purposes. > Oct 10 19:36:20 host1 systemd: Job mom-vdsm.service/start failed > with result 'dependency'. > Oct 10 19:36:20 host1 systemd: Job vdsmd.service/start failed with > result 'dependency'. > Oct 10 19:36:20 host1 systemd: Unit vdsm-network.service entered > failed state. > Oct 10 19:36:20 host1 systemd: vdsm-network.service failed. > > > cat /etc/redhat-release > CentOS Linux release 7.3.1611 (Core) > > cat /etc/libvirt/passwd.db > cat: /etc/libvirt/passwd.db: No such file or directory > > vdsm-4.18.21-1.el7.centos.x86_64 > vdsm-api-4.18.21-1.el7.centos.noarch > vdsm-xmlrpc-4.18.21-1.el7.centos.noarch > vdsm-hook-vmfex-dev-4.18.21-1.el7.centos.noarch > vdsm-cli-4.18.21-1.el7.centos.noarch > vdsm-python-4.18.21-1.el7.centos.noarch > vdsm-yajsonrpc-4.18.21-1.el7.centos.noarch > vdsm-infra-4.18.21-1.el7.centos.noarch > vdsm-jsonrpc-4.18.21-1.el7.centos.noarch > > libvirt-daemon-driver-storage-scsi-3.2.0-1.el7.x86_64 > libvirt-daemon-driver-storage-rbd-3.2.0-1.el7.x86_64 > libvirt-daemon-driver-nodedev-3.2.0-1.el7.x86_64 > libvirt-client-3.2.0-1.el7.x86_64 > libvirt-python-2.0.0-2.el7.x86_64 > libvirt-daemon-driver-network-3.2.0-1.el7.x86_64 > libvirt-daemon-driver-storage-mpath-3.2.0-1.el7.x86_64 > libvirt-daemon-driver-storage-iscsi-3.2.0-1.el7.x86_64 > libvirt-daemon-driver-storage-logical-3.2.0-1.el7.x86_64 > libvirt-daemon-driver-storage-3.2.0-1.el7.x86_64 > libvirt-daemon-driver-secret-3.2.0-1.el7.x86_64 > libvirt-daemon-driver-interface-3.2.0-1.el7.x86_64 > libvirt-daemon-kvm-3.2.0-1.el7.x86_64 > libvirt-libs-3.2.0-1.el7.x86_64 > libvirt-daemon-driver-storage-core-3.2.0-1.el7.x86_64 > libvirt-daemon-driver-qemu-3.2.0-1.el7.x86_64 > libvirt-daemon-config-nwfilter-3.2.0-1.el7.x86_64 > libvirt-daemon-driver-storage-disk-3.2.0-1.el7.x86_64 > libvirt-daemon-driver-storage-gluster-3.2.0-1.el7.x86_64 > libvirt-lock-sanlock-3.2.0-1.el7.x86_64 > libvirt-daemon-3.2.0-1.el7.x86_64 > libvirt-daemon-driver-nwfilter-3.2.0-1.el7.x86_64 > > ovirt-imageio-common-0.4.0-1.el7.noarch > ovirt-release40-4.0.6-2.el7.centos.noarch > ovirt-vmconsole-1.0.4-1.el7.centos.noarch > ovirt-imageio-daemon-0.4.0-1.el7.noarch > ovirt-vmconsole-host-1.0.4-1.el7.centos.noarch > > Also tried with "mech_list: digest-md5" > > cat /etc/sasl2/libvirt.conf |grep mech_list > #mech_list: gssapi > mech_list: digest-md5 > #mech_list: scram-sha-1 > #mech_list: scram-sha-1 gssapi > > > On 10/05/2017 01:26 PM, Pavel Gashev wrote: >> Full /etc/sasl2/libvirt.conf: >> mech_list: digest-md5 >> sasldb_path: /etc/libvirt/passwd.db >> >> Also note that VDSM has to be patched to work on 7.4 with no issues. oVirt >> 3.6 and 4.1 have required fixes, but oVirt 4.0 doesn’t. >> >> On 04/10/2017, 18:44,"users-boun...@ovirt.org on behalf of Alan Griffiths" >> wrote: >> >> That didn't seem to make any difference. >> >> I can make it work by disabling authentication >> >> auth_unix_rw="none" in /etc/libvirt/libvirtd.conf >> >> On 4 October 2017 at 15:05, VONDRA Alain wrote: >> > Hi, >> > Did you modify your /etc/sasl2/libvirt.conf, because the update has >> modify the way to authenticate from md5 to gssapi. >> > >> > If not just change this line : >> > mech_list: gssapi >> > to >> > mech_list: digest-md5 >> > >> > And restart services >> > >> > As mentioned in the libvirt.conf file : >> > >> > # NB, previously DIGEST-MD5 was set as the default mechanism for >> > # libvirt. Per RFC 6331 this is vulnerable to many serious security >> > # flaws and should no longer be used. Thus GSSAPI is now the default. >> > # >> > # To use GSSAPI requires that a libvirtd service principal is >> > # added to the Kerberos server for each host running libvirtd. >> > # This principal needs to be exported to the keytab file listed below >> > >> > Alain >> > >> > >> > >> > Alain VONDRA >> > >> > Chargé d'Exploitation et de Sécurité des Systèmes d'Information >> > Direction Administrative et Financière >&g
Re: [ovirt-users] Ovirt 4.0 and EL 7.4
0-1.el7.x86_64 libvirt-daemon-driver-storage-3.2.0-1.el7.x86_64 libvirt-daemon-driver-secret-3.2.0-1.el7.x86_64 libvirt-daemon-driver-interface-3.2.0-1.el7.x86_64 libvirt-daemon-kvm-3.2.0-1.el7.x86_64 libvirt-libs-3.2.0-1.el7.x86_64 libvirt-daemon-driver-storage-core-3.2.0-1.el7.x86_64 libvirt-daemon-driver-qemu-3.2.0-1.el7.x86_64 libvirt-daemon-config-nwfilter-3.2.0-1.el7.x86_64 libvirt-daemon-driver-storage-disk-3.2.0-1.el7.x86_64 libvirt-daemon-driver-storage-gluster-3.2.0-1.el7.x86_64 libvirt-lock-sanlock-3.2.0-1.el7.x86_64 libvirt-daemon-3.2.0-1.el7.x86_64 libvirt-daemon-driver-nwfilter-3.2.0-1.el7.x86_64 ovirt-imageio-common-0.4.0-1.el7.noarch ovirt-release40-4.0.6-2.el7.centos.noarch ovirt-vmconsole-1.0.4-1.el7.centos.noarch ovirt-imageio-daemon-0.4.0-1.el7.noarch ovirt-vmconsole-host-1.0.4-1.el7.centos.noarch Also tried with "mech_list: digest-md5" cat /etc/sasl2/libvirt.conf |grep mech_list #mech_list: gssapi mech_list: digest-md5 #mech_list: scram-sha-1 #mech_list: scram-sha-1 gssapi On 10/05/2017 01:26 PM, Pavel Gashev wrote: > Full /etc/sasl2/libvirt.conf: > mech_list: digest-md5 > sasldb_path: /etc/libvirt/passwd.db > > Also note that VDSM has to be patched to work on 7.4 with no issues. oVirt > 3.6 and 4.1 have required fixes, but oVirt 4.0 doesn’t. > > On 04/10/2017, 18:44, "users-boun...@ovirt.org on behalf of Alan Griffiths" > wrote: > > That didn't seem to make any difference. > > I can make it work by disabling authentication > > auth_unix_rw="none" in /etc/libvirt/libvirtd.conf > > On 4 October 2017 at 15:05, VONDRA Alain wrote: > > Hi, > > Did you modify your /etc/sasl2/libvirt.conf, because the update has > modify the way to authenticate from md5 to gssapi. > > > > If not just change this line : > > mech_list: gssapi > > to > > mech_list: digest-md5 > > > > And restart services > > > > As mentioned in the libvirt.conf file : > > > > # NB, previously DIGEST-MD5 was set as the default mechanism for > > # libvirt. Per RFC 6331 this is vulnerable to many serious security > > # flaws and should no longer be used. Thus GSSAPI is now the default. > > # > > # To use GSSAPI requires that a libvirtd service principal is > > # added to the Kerberos server for each host running libvirtd. > > # This principal needs to be exported to the keytab file listed below > > > > Alain > > > > > > > > Alain VONDRA > > > > Chargé d'Exploitation et de Sécurité des Systèmes d'Information > > Direction Administrative et Financière > > +33 1 44 39 77 76 > > > > UNICEF France > > 3 rue Duguay Trouin 75006 > > PARIS > > www.unicef.fr > > -Message d'origine- > > De : users-boun...@ovirt.org [mailto:users-boun...@ovirt.org] De la > part de Alan Griffiths > > Envoyé : mercredi 4 octobre 2017 15:50 > > À : Ovirt Users > > Objet : [ovirt-users] Ovirt 4.0 and EL 7.4 > > > > Hi, > > > > Is 4.0 supported/known to work on CentOS 7.4? > > > > I've just tried to upgrade one of the hosts in my lab from 7.3 to 7.4 > and now vdsm-network fails to start with > > > > vdsm-tool: libvirt: XML-RPC error : authentication failed: > authentication failed > > > > To even get this far I had to exclude gluster packages as 7.4 > introduces 3.8 but ovirt 4.0 repo is still on 3.7. > > > > So, more generally. If I'm on ovirt 4.0, gluster 3.7 and EL 7.3. What > is the best ordering for getting to ovirt 4.1 and EL 7.4? > > > > Thanks, > > > > Alan > > ___ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users Met vriendelijke groet, With kind regards, Jorick Astrego Netbulae Virtualization Experts Tel: 053 20 30 270 i...@netbulae.euStaalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Ovirt 4.0 and EL 7.4
Full /etc/sasl2/libvirt.conf: mech_list: digest-md5 sasldb_path: /etc/libvirt/passwd.db Also note that VDSM has to be patched to work on 7.4 with no issues. oVirt 3.6 and 4.1 have required fixes, but oVirt 4.0 doesn’t. On 04/10/2017, 18:44, "users-boun...@ovirt.org on behalf of Alan Griffiths" wrote: That didn't seem to make any difference. I can make it work by disabling authentication auth_unix_rw="none" in /etc/libvirt/libvirtd.conf On 4 October 2017 at 15:05, VONDRA Alain wrote: > Hi, > Did you modify your /etc/sasl2/libvirt.conf, because the update has modify the way to authenticate from md5 to gssapi. > > If not just change this line : > mech_list: gssapi > to > mech_list: digest-md5 > > And restart services > > As mentioned in the libvirt.conf file : > > # NB, previously DIGEST-MD5 was set as the default mechanism for > # libvirt. Per RFC 6331 this is vulnerable to many serious security > # flaws and should no longer be used. Thus GSSAPI is now the default. > # > # To use GSSAPI requires that a libvirtd service principal is > # added to the Kerberos server for each host running libvirtd. > # This principal needs to be exported to the keytab file listed below > > Alain > > > > Alain VONDRA > > Chargé d'Exploitation et de Sécurité des Systèmes d'Information > Direction Administrative et Financière > +33 1 44 39 77 76 > > UNICEF France > 3 rue Duguay Trouin 75006 > PARIS > www.unicef.fr > -Message d'origine- > De : users-boun...@ovirt.org [mailto:users-boun...@ovirt.org] De la part de Alan Griffiths > Envoyé : mercredi 4 octobre 2017 15:50 > À : Ovirt Users > Objet : [ovirt-users] Ovirt 4.0 and EL 7.4 > > Hi, > > Is 4.0 supported/known to work on CentOS 7.4? > > I've just tried to upgrade one of the hosts in my lab from 7.3 to 7.4 and now vdsm-network fails to start with > > vdsm-tool: libvirt: XML-RPC error : authentication failed: authentication failed > > To even get this far I had to exclude gluster packages as 7.4 introduces 3.8 but ovirt 4.0 repo is still on 3.7. > > So, more generally. If I'm on ovirt 4.0, gluster 3.7 and EL 7.3. What is the best ordering for getting to ovirt 4.1 and EL 7.4? > > Thanks, > > Alan > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Ovirt 4.0 and EL 7.4
That didn't seem to make any difference. I can make it work by disabling authentication auth_unix_rw="none" in /etc/libvirt/libvirtd.conf On 4 October 2017 at 15:05, VONDRA Alain wrote: > Hi, > Did you modify your /etc/sasl2/libvirt.conf, because the update has modify > the way to authenticate from md5 to gssapi. > > If not just change this line : > mech_list: gssapi > to > mech_list: digest-md5 > > And restart services > > As mentioned in the libvirt.conf file : > > # NB, previously DIGEST-MD5 was set as the default mechanism for > # libvirt. Per RFC 6331 this is vulnerable to many serious security > # flaws and should no longer be used. Thus GSSAPI is now the default. > # > # To use GSSAPI requires that a libvirtd service principal is > # added to the Kerberos server for each host running libvirtd. > # This principal needs to be exported to the keytab file listed below > > Alain > > > > Alain VONDRA > > Chargé d'Exploitation et de Sécurité des Systèmes d'Information > Direction Administrative et Financière > +33 1 44 39 77 76 > > UNICEF France > 3 rue Duguay Trouin 75006 > PARIS > www.unicef.fr > -Message d'origine- > De : users-boun...@ovirt.org [mailto:users-boun...@ovirt.org] De la part de > Alan Griffiths > Envoyé : mercredi 4 octobre 2017 15:50 > À : Ovirt Users > Objet : [ovirt-users] Ovirt 4.0 and EL 7.4 > > Hi, > > Is 4.0 supported/known to work on CentOS 7.4? > > I've just tried to upgrade one of the hosts in my lab from 7.3 to 7.4 and now > vdsm-network fails to start with > > vdsm-tool: libvirt: XML-RPC error : authentication failed: authentication > failed > > To even get this far I had to exclude gluster packages as 7.4 introduces 3.8 > but ovirt 4.0 repo is still on 3.7. > > So, more generally. If I'm on ovirt 4.0, gluster 3.7 and EL 7.3. What is the > best ordering for getting to ovirt 4.1 and EL 7.4? > > Thanks, > > Alan > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Ovirt 4.0 and EL 7.4
Hi, Did you modify your /etc/sasl2/libvirt.conf, because the update has modify the way to authenticate from md5 to gssapi. If not just change this line : mech_list: gssapi to mech_list: digest-md5 And restart services As mentioned in the libvirt.conf file : # NB, previously DIGEST-MD5 was set as the default mechanism for # libvirt. Per RFC 6331 this is vulnerable to many serious security # flaws and should no longer be used. Thus GSSAPI is now the default. # # To use GSSAPI requires that a libvirtd service principal is # added to the Kerberos server for each host running libvirtd. # This principal needs to be exported to the keytab file listed below Alain Alain VONDRA Chargé d'Exploitation et de Sécurité des Systèmes d'Information Direction Administrative et Financière +33 1 44 39 77 76 UNICEF France 3 rue Duguay Trouin 75006 PARIS www.unicef.fr -Message d'origine- De : users-boun...@ovirt.org [mailto:users-boun...@ovirt.org] De la part de Alan Griffiths Envoyé : mercredi 4 octobre 2017 15:50 À : Ovirt Users Objet : [ovirt-users] Ovirt 4.0 and EL 7.4 Hi, Is 4.0 supported/known to work on CentOS 7.4? I've just tried to upgrade one of the hosts in my lab from 7.3 to 7.4 and now vdsm-network fails to start with vdsm-tool: libvirt: XML-RPC error : authentication failed: authentication failed To even get this far I had to exclude gluster packages as 7.4 introduces 3.8 but ovirt 4.0 repo is still on 3.7. So, more generally. If I'm on ovirt 4.0, gluster 3.7 and EL 7.3. What is the best ordering for getting to ovirt 4.1 and EL 7.4? Thanks, Alan ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Ovirt 4.0 and EL 7.4
Il 04 Ott 2017 15:51, "Alan Griffiths" ha scritto: Hi, Is 4.0 supported/known to work on CentOS 7.4? I've just tried to upgrade one of the hosts in my lab from 7.3 to 7.4 and now vdsm-network fails to start with vdsm-tool: libvirt: XML-RPC error : authentication failed: authentication failed To even get this far I had to exclude gluster packages as 7.4 introduces 3.8 but ovirt 4.0 repo is still on 3.7. So, more generally. If I'm on ovirt 4.0, gluster 3.7 and EL 7.3. What is the best ordering for getting to ovirt 4.1 and EL 7.4? I would suggest to first upgrade to oVirt 4.1 and then complete the update to CentOS 7.4 Thanks, Alan ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Ovirt 4.0 and EL 7.4
Hi, Is 4.0 supported/known to work on CentOS 7.4? I've just tried to upgrade one of the hosts in my lab from 7.3 to 7.4 and now vdsm-network fails to start with vdsm-tool: libvirt: XML-RPC error : authentication failed: authentication failed To even get this far I had to exclude gluster packages as 7.4 introduces 3.8 but ovirt 4.0 repo is still on 3.7. So, more generally. If I'm on ovirt 4.0, gluster 3.7 and EL 7.3. What is the best ordering for getting to ovirt 4.1 and EL 7.4? Thanks, Alan ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users