[ovirt-users] Re: Cant fix network

[David Johnson]

Well, I futzed around for about 3 hours bouncing the engine and the host,
and finally I hit some combination that allowed me to save the
configuration of the ovirtmgmt network on this host. I had to update my
DHCP configuration to force the correct static IP address to the MAC (not
sure why the host insisted on setting this node to DHCP when I configured
it static everywhere, but we got it).

I now have one host started. Working on the next steps - importing the
storage domain.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/P2UWHMEI45KXYB3SNS3USYS2US65ID5D/

[ovirt-users] Re: Install Ovirt 4.4.10 to standalone system from iso fails

[Guillaume Pavese]

Not sure about recovering your cluster on a 4.5 install with a 4.4 backup.
I would also like to know if that is possible.

As a separate note, if you really need to install 4.4 instead of 4.5; I
managed to install a 4.4.10 hosted engine recently by
- extracting the ova from the ovirt-appliance rpm
- mount the image with guestmount
- do : echo "exclude=postgresql-jdbc" >> /etc/dnf/dnf.conf in the image
- rebuild the ova and point the installer to it when asked for a custom ova
path

This stopped the installation playbook from upgrading to the unsupported
postgresql-jdbc


Guillaume Pavese
Ingénieur Système et Réseau
Interactiv-Group


On Tue, Jun 14, 2022 at 12:19 AM David Johnson 
wrote:

> It looks like I've run into this now:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=2077794
>
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/SBCWNXLFLJBKTA3TFJARE7QCYZQ6QMMH/
>
> It looks like a permanent fix was put in place in 4.5.
>
> Should I consider just bumping up to 4.5 instead of trying to reinstall
> 4.4?  Will I be able to recover my cluster from the engine backup?
>
> *David Johnson*
> *Director of Development, Maxis Technology*
> 844.696.2947 ext 702 (o) | 479.531.3590 (c)
> 
> 
> 
>
> *Follow us:*  
>
>
> On Mon, Jun 13, 2022 at 1:49 AM David Johnson <
> djohn...@maxistechnology.com> wrote:
>
>> This came in just as the engine came up.
>>
>> The final pieces of the puzzle were:
>>
>> The database@server notation expressed in the logs is cool, but
>> is not how it is expressed to actually connect. That threw up a red herring.
>> I had to create all of the postgres users
>> Postgres ident authentication requires an ident server such as oidentd.
>> It used to be installed by default, but must be installed after the fact by
>> the system admin now.
>>
>> Your guess about a not-clean system is not too far off.  Just before this
>> email came in I hit a snag with the CA and key generation. I ran
>> engine-cleanup, then ran engine-setup again, and now the non-UI functions
>> of the engine are (apparently) back up.
>>
>> Now the engine is running, but the web gui is throwing 500 errors.
>> Internet cut out so I'll get back to it in the morning.
>>
>> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/Y5PKNTFPVPATL4PWUCH2CJ27RPOWYZFF/
>

-- 


Ce message et toutes les pièces jointes (ci-après le “message”) sont 
établis à l’intention exclusive de ses destinataires et sont confidentiels. 
Si vous recevez ce message par erreur, merci de le détruire et d’en avertir 
immédiatement l’expéditeur. Toute utilisation de ce message non conforme a 
sa destination, toute diffusion ou toute publication, totale ou partielle, 
est interdite, sauf autorisation expresse. L’internet ne permettant pas 
d’assurer l’intégrité de ce message . Interactiv-group (et ses filiales) 
décline(nt) toute responsabilité au titre de ce message, dans l’hypothèse 
ou il aurait été modifié. IT, ES, UK.  

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QMQTF2N64HGORHVR7F2FTXEURUOXF2LV/

[ovirt-users] Cant fix network

[David Johnson]

Good afternoon all,

Welcome to the third part of my trilogy of disaster recovery woes. Much of
my woe is self inflicted, but I have learned enough from this that I now
know how to ask the right question about the original problem that got me
here.

After reinstalling the engine from the ground up, ovirt immediately
recognized the first host (yay) whose network configuration I had manually
fixed on the host console.

I removed the host from the engine, stripped its system down to the bare
OS, then attempted to reinstall ovirt.

Apparently the original network configuration is still saved on the host,
because reinstall kicks the host off of the management network, replacing
the good configuration that I just made on the host with the bad one that
was the original cause of my heartache.

What is wrong with this configuration is that the storage network is on a
10 gbit sfp+ physical network, isolated from the 1 gbit ovirtmgt network
with RJ12 connectors. There is no way to bridge the two networks

Here is the original (bad) configuration:
[image: image.png]


Here is the corrected configuration.  Note that it wont let me connect to
the network.  it's frustrating because I know that the engine is not
communicating with the host, and I can map out the fix here, but I can't
save it.

[image: image.png]

It will not allow me to remove the host or switch the host to inoperable or
maintenance mode.

Please advise.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/HUMF6TOAAEUNYH7UCONV2N7TLOMTKUH7/

[ovirt-users] Re: OVIRT Package Upgrade Interrupted

[Strahil Nikolov via Users]

If you use Gluster, don't forget to bump the OP version once you are happy with 
your tests.It controls the backward compatibility, but also some internal 
mechanisms and optimizations.

Best Regards,Strahil Nikolov 
 
  On Mon, Jun 13, 2022 at 19:54, Abe E wrote:   Thank You 
Strahil, I was actually able to use the node snapshot to revert a version back 
and get things going again. 
This time I'll wait till its completed its testing phase and maybe get a small 
lab to test the upgrade on, I need to remove the testing Repo as well, I was 
not aware that it was added/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YJVADSIW2A3HL7JAHR2O4WNN5T2TAMMU/
  
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/EMWGYPAHNYVON5JAAWMALUTC3PE7COT7/

[ovirt-users] Re: Install Ovirt 4.4.10 to standalone system from iso fails

[David Johnson]

The last thing I need is the complication of having the engine hosted on
the cluster. It's way too easy to shoot yourself in the foot that way.

On Mon, Jun 13, 2022, 11:32 PM Sketch  wrote:

> On Tue, 14 Jun 2022, Guillaume Pavese wrote:
>
> > Not sure about recovering your cluster on a 4.5 install with a 4.4
> backup. I
> > would also like to know if that is possible.
>
> It's definitely possible.  I had an issue with my 4.4->4.5 upgrade (always
> make a backup first) and wanted to switch my engine from CentOS Stream to
> Rocky anyway, so I built a new host and installed 4.5 using my backup from
> 4.4.10.
>
> With 4.3->4.4 this was the only way to upgrade due to the OS version
> change.  4.3 requires el7, 4.4 requires el8, and there is no in-place
> el7->el8 upgrade (except maybe for very specific versions of RHEL).  So
> you had to make a backup on 4.3, reinstall your engine host with el8, then
> restore the backup on 4.4.  Plus a few extra steps if using
> the self-hosted engine...
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/4ZJLBWZAOLYB34X3E5OTB5BW745QMAQK/

[ovirt-users] Re: Install Ovirt 4.4.10 to standalone system from iso fails

[Sketch]

On Tue, 14 Jun 2022, Guillaume Pavese wrote:


Not sure about recovering your cluster on a 4.5 install with a 4.4 backup. I
would also like to know if that is possible.


It's definitely possible.  I had an issue with my 4.4->4.5 upgrade (always 
make a backup first) and wanted to switch my engine from CentOS Stream to 
Rocky anyway, so I built a new host and installed 4.5 using my backup from 
4.4.10.


With 4.3->4.4 this was the only way to upgrade due to the OS version 
change.  4.3 requires el7, 4.4 requires el8, and there is no in-place 
el7->el8 upgrade (except maybe for very specific versions of RHEL).  So 
you had to make a backup on 4.3, reinstall your engine host with el8, then 
restore the backup on 4.4.  Plus a few extra steps if using 
the self-hosted engine...

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5RGQ2IANC7ZUK7MECFIZZBEGPLH2UURR/

[ovirt-users] Initramfs and vmlinuz corrupted, how to recover?

[douglasddr8]

I have a Dell server with a BIOS bug, it corrupted the files during a UEFI boot.
I noticed that the initramfs and vmlinuz files are zero-sized
How can I retrieve or generate new ones?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RIRR4M632QHNMGQLUINB34NJX6SQXQ2B/

[ovirt-users] Reinstall standalone node without vms loss

[douglasddr8]

My server failed and I can't boot via UEFI
How can I reinstall this node (standalone) without losing my virtual machines?. 
I checked the filesystem and it's completely intact, I couldn't figure out what 
caused the UEFI to fail.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GOCKQS4FXDK5IBBRZZNRALSUHOO5SHAV/

[ovirt-users] Re: Reinstall standalone node without vms loss

[Strahil Nikolov via Users]

You don't need to reinstall the whole system.Get an install media, boot from it 
and pick troubleshoot.
Then follow https://access.redhat.com/solutions/3486741 (requires a 
subscription, but you can get one on https://developers.redhat.com/ -> bottom 
of the page).
Best Regards,Strahil Nikolov
 
 
My server failed and I can't boot via UEFI
How can I reinstall this node (standalone) without losing my virtual machines?. 
I checked the filesystem and it's completely intact, I couldn't figure out what 
caused the UEFI to fail.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GOCKQS4FXDK5IBBRZZNRALSUHOO5SHAV/
  
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TGZLBBHHE3EADOXXGOGLMY6QDFPEWDVY/

[ovirt-users] The he_fqdn proposed for the engine VM resolves on this host

[khznm 21]

Installing  oVirt  is not so easy as stated, i am struck up in  FQDN resolution 
,  i  have this  FQDN (vmanager.headache.com) resolve to ip 10.1.1.6 in DNS 
within the network,additionally i also input this entries into  /etc/hosts 
file.  while installing  ( may be 8 times ) ,i am struck up with error " 
he_fqdn proposed for the engine VM resolves on this host " .   The network is 
using vlan ip,  the host is already installed bare metal into cisco c240-m5 
with RH virtualization ver 4.4 ,its installed on  IP :10.1.1.5.   the problem 
is with installing the  self hosted engine (ovirt).
the vlan are like  eno2.vlan7  and  eno2.vlan7.1 

/etc/hosts
10.1.1.6   vmanager.headache.com  vmanager
10.1.1.5vhrh1.headache.com  vhrh1
10.1.1.6vmanager.headache.com  
10.1.1.5vhrh1.headache.com  

i even  tried  cli install,,here also the same issue .. below are the error ..
Host name is not valid: vmanager.headache.com  resolves to 10.1.1.6
Host name is not valid: vman.headache.com did not resolve into an IP address

Pls any body help here ,,,what i am doing wrong... 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/DWCNTLLIR36PPQNW4MWVIUH24VAECXPA/

[ovirt-users] Re: can't use vmconsole anymore

[Guillaume Pavese]

I think that I am progressing in troubleshooting.
it seems like the certificates for the vmconsole-proxy were not renewed
like the other certificates during engine-setup --upgrade

[root@vs-inf-prd-ovt-fr-501 ~]# openssl x509 -in
/etc/pki/ovirt-engine/certs/vmconsole-proxy-helper.cer -noout -text | grep
Not
Not Before: Mar 30 04:48:40 2021 GMT
Not After : May  3 04:48:40 2022 GMT
[root@vs-inf-prd-ovt-fr-501 ~]# openssl x509 -in
/etc/pki/ovirt-engine/certs/vmconsole-proxy-host.cer -noout -text | grep Not
Not Before: Mar 30 04:48:41 2021 GMT
Not After : May  3 04:48:41 2022 GMT
[root@vs-inf-prd-ovt-fr-501 ~]# openssl x509 -in
/etc/pki/ovirt-engine/certs/vmconsole-proxy-user.cer -noout -text | grep Not
Not Before: Mar 30 04:48:41 2021 GMT
Not After : May  3 04:48:41 2022 GMT

What is the proper procedure to renew these certificates?

Guillaume Pavese
Ingénieur Système et Réseau
Interactiv-Group


On Mon, Jun 13, 2022 at 6:23 PM Guillaume Pavese <
guillaume.pav...@interactiv-group.com> wrote:

> Thanks for your answer, I checked but I am still stuck :
>
> I confirm that the servlet can be reached, according to your recommended
> test (Method Not Allowed.):
>
> [root@vs-inf-prd-ovt-fr-501 ~]# wget
> https://localhost:443/ovirt-engine/services/vmconsole-proxy
> --no-check-certificate
> --2022-06-13 10:30:11--
> https://localhost/ovirt-engine/services/vmconsole-proxy
> Resolving localhost (localhost)... ::1, 127.0.0.1
> Connecting to localhost (localhost)|::1|:443... connected.
> The certificate's owner does not match hostname 'localhost'
> HTTP request sent, awaiting response... 405 Method Not Allowed
> 2022-06-13 10:30:11 ERROR 405: Method Not Allowed.
>
> I retried ovirt-vmconsole-list.py with "--debug", and looked at the logs :
>
> [root@vs-inf-prd-ovt-fr-501 ~]#
> /usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py --debug
> --version "1" keys
> [root@vs-inf-prd-ovt-fr-501 ~]#
> [root@vs-inf-prd-ovt-fr-501 ~]# grep vmconsole /var/log/messages
> Jun 13 10:35:41 vs-inf-prd-ovt-fr-501 journal[3112274]: 2022-06-13
> 10:35:41,222+0200 ovirt-vmconsole-list: ERROR main:265 Error: HTTP Error
> 403: Forbidden
>
> To be noted,
> We did change the engine's CA certificate at some point by following this
> procedure
> https://ovirt.org/documentation/administration_guide/index.html#Replacing_the_Manager_CA_Certificate
> We also renewed the certificates during a standard engine --setup upgrade
> to 4.4.10
>
>
>
> Guillaume Pavese
> Ingénieur Système et Réseau
> Interactiv-Group
>
>
> On Mon, Jun 13, 2022 at 4:47 PM Radoslaw Szwajkowski 
> wrote:
>
>> Hi,
>> the first thing to check is the firewall:  check with wget if the
>> servlet can be reached (method not allow error means you have
>> connected)
>>
>> wget localhost:8080/ovirt-engine/services/vmconsole-proxy
>> HTTP request sent, awaiting response... 405 Method Not Allowed
>> 2022-06-13 09:36:48 ERROR 405: Method Not Allowed.
>>
>> When using the ovirt-vmconsole-list you can also check system log[1]
>> i.e. if the server cannot be reached you should see sth like this
>>
>> grep vmconsole  /var/log/messages
>> Jun 13 08:58:02 developer journal[2972]: 2022-06-13 08:58:02,992+0200
>> ovirt-vmconsole-list: ERROR main:265 Error: > Connection refused>
>>
>> Note also that you can increase the log level by passing "--debug"
>> param or just look inside the script.
>>
>> best regards,
>> radek
>>
>> [1] https://github.com/oVirt/ovirt-vmconsole#problem-determination
>>
>> On Mon, Jun 13, 2022 at 8:22 AM Guillaume Pavese
>>  wrote:
>> >
>> > Hello everyone,
>> >
>> > We have the same problem on our oVirt 4.4.10 Production server.
>> > ssh connection to vmconsole@engine was previously working in 4.4.6.
>> but it stopped working at some point, maybe since upgraded to 4.4.10
>> >
>> > contrary to a working test environment that was directly installed on
>> 4.4.10,
>> > And as for Nathanaël,
>> > the following returns nothing : ovirt-vmconsole-list.py --version "1"
>> keys
>> >
>> > [root@vs-inf-prd-ovt-fr-501 ~]#
>> /usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py --version
>> "1" keys
>> > [root@vs-inf-prd-ovt-fr-501 ~]#
>> >
>> > I have verified that the keys stills appear on users' Option -> "User's
>> Public Key" in the engine's UI
>> >
>> > What can I try to fix this?
>> >
>> >
>> > Guillaume Pavese
>> > Ingénieur Système et Réseau
>> > Interactiv-Group
>> >
>> >
>> > On Mon, May 10, 2021 at 9:47 PM Nathanaël Blanchet 
>> wrote:
>> >>
>> >> Hi,
>> >>
>> >> I can't still connect to my vms with vmconsole proxy on my production
>> engine (other test and dev engine are OK).
>> >>
>> >> the ssh key for the wanted user is available in the the API:
>> >>
>> >> 
>> >> > href="/ovirt-engine/api/users/64b7f3bf-9d43-4508-af93-63ad77652be3/sshpublickeys/aaace8d4-08d3-4452-ac91-df4b491bd899"
>> id="aaace8d4-08d3-4452-ac91-df4b491bd899">
>> >> 
>> >> ssh-rsa
>> 

[ovirt-users] Re: Install Ovirt 4.4.10 to standalone system from iso fails

[David Johnson]

This came in just as the engine came up.

The final pieces of the puzzle were:

The database@server notation expressed in the logs is cool, but is not how
it is expressed to actually connect. That threw up a red herring.
I had to create all of the postgres users
Postgres ident authentication requires an ident server such as oidentd. It
used to be installed by default, but must be installed after the fact by
the system admin now.

Your guess about a not-clean system is not too far off.  Just before this
email came in I hit a snag with the CA and key generation. I ran
engine-cleanup, then ran engine-setup again, and now the non-UI functions
of the engine are (apparently) back up.

Now the engine is running, but the web gui is throwing 500 errors. Internet
cut out so I'll get back to it in the morning.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UI4SKPAREPCSD5X5LPXEAMEL4BWJYE2I/

[ovirt-users] Re: can't use vmconsole anymore

[Michal Skrivanek]

> On 13. 6. 2022, at 11:23, Guillaume Pavese 
>  wrote:
> 
> Thanks for your answer, I checked but I am still stuck :
> 
> I confirm that the servlet can be reached, according to your recommended test 
> (Method Not Allowed.):
> 
> [root@vs-inf-prd-ovt-fr-501 ~]# wget 
> https://localhost:443/ovirt-engine/services/vmconsole-proxy 
>  
> --no-check-certificate
> --2022-06-13 10:30:11--  
> https://localhost/ovirt-engine/services/vmconsole-proxy 
> 
> Resolving localhost (localhost)... ::1, 127.0.0.1
> Connecting to localhost (localhost)|::1|:443... connected.
> The certificate's owner does not match hostname 'localhost'
> HTTP request sent, awaiting response... 405 Method Not Allowed
> 2022-06-13 10:30:11 ERROR 405: Method Not Allowed.
> 
> I retried ovirt-vmconsole-list.py with "--debug", and looked at the logs : 
> 
> [root@vs-inf-prd-ovt-fr-501 ~]# 
> /usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py --debug 
> --version "1" keys
> [root@vs-inf-prd-ovt-fr-501 ~]# 
> [root@vs-inf-prd-ovt-fr-501 ~]# grep vmconsole /var/log/messages
> Jun 13 10:35:41 vs-inf-prd-ovt-fr-501 journal[3112274]: 2022-06-13 
> 10:35:41,222+0200 ovirt-vmconsole-list: ERROR main:265 Error: HTTP Error 403: 
> Forbidden
> 
> To be noted,
> We did change the engine's CA certificate at some point by following this 
> procedure 
> https://ovirt.org/documentation/administration_guide/index.html#Replacing_the_Manager_CA_Certificate
>  
> 
> We also renewed the certificates during a standard engine --setup upgrade to 
> 4.4.10

hm, that might be related

the helpwer needs to work first before trying to see about user keys...
IIRC what it's supposed to do is to connect to engine' servlet at 
ENGINE_BASE_URL using ENGINE_CA from 
/etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf

Normally it should point to apache-ca.pem that's the same one used for web ui. 
And it's the one you replace with your own. Maybe permissions are wrong that 
vmconsole can't read it or something?
Can you check that?

Thanks,
michal
> 
> 
> 
> Guillaume Pavese
> Ingénieur Système et Réseau
> Interactiv-Group
> 
> 
> On Mon, Jun 13, 2022 at 4:47 PM Radoslaw Szwajkowski  > wrote:
> Hi,
> the first thing to check is the firewall:  check with wget if the
> servlet can be reached (method not allow error means you have
> connected)
> 
> wget localhost:8080/ovirt-engine/services/vmconsole-proxy
> HTTP request sent, awaiting response... 405 Method Not Allowed
> 2022-06-13 09:36:48 ERROR 405: Method Not Allowed.
> 
> When using the ovirt-vmconsole-list you can also check system log[1]
> i.e. if the server cannot be reached you should see sth like this
> 
> grep vmconsole  /var/log/messages
> Jun 13 08:58:02 developer journal[2972]: 2022-06-13 08:58:02,992+0200
> ovirt-vmconsole-list: ERROR main:265 Error:  Connection refused>
> 
> Note also that you can increase the log level by passing "--debug"
> param or just look inside the script.
> 
> best regards,
> radek
> 
> [1] https://github.com/oVirt/ovirt-vmconsole#problem-determination 
> 
> 
> On Mon, Jun 13, 2022 at 8:22 AM Guillaume Pavese
>  > wrote:
> >
> > Hello everyone,
> >
> > We have the same problem on our oVirt 4.4.10 Production server.
> > ssh connection to vmconsole@engine was previously working in 4.4.6. but it 
> > stopped working at some point, maybe since upgraded to 4.4.10
> >
> > contrary to a working test environment that was directly installed on 
> > 4.4.10,
> > And as for Nathanaël,
> > the following returns nothing : ovirt-vmconsole-list.py --version "1" keys
> >
> > [root@vs-inf-prd-ovt-fr-501 ~]# 
> > /usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py --version 
> > "1" keys
> > [root@vs-inf-prd-ovt-fr-501 ~]#
> >
> > I have verified that the keys stills appear on users' Option -> "User's 
> > Public Key" in the engine's UI
> >
> > What can I try to fix this?
> >
> >
> > Guillaume Pavese
> > Ingénieur Système et Réseau
> > Interactiv-Group
> >
> >
> > On Mon, May 10, 2021 at 9:47 PM Nathanaël Blanchet  > > wrote:
> >>
> >> Hi,
> >>
> >> I can't still connect to my vms with vmconsole proxy on my production 
> >> engine (other test and dev engine are OK).
> >>
> >> the ssh key for the wanted user is available in the the API:
> >>
> >> 
> >>  >> href="/ovirt-engine/api/users/64b7f3bf-9d43-4508-af93-63ad77652be3/sshpublickeys/aaace8d4-08d3-4452-ac91-df4b491bd899"
> >>  id="aaace8d4-08d3-4452-ac91-df4b491bd899">
> >> 
> >> ssh-rsa 
> >> 

[ovirt-users] Re: can't use vmconsole anymore

[Michal Skrivanek]

> On 13. 6. 2022, at 11:42, Guillaume Pavese 
>  wrote:
> 
> I think that I am progressing in troubleshooting.
> it seems like the certificates for the vmconsole-proxy were not renewed like 
> the other certificates during engine-setup --upgrade
> 
> [root@vs-inf-prd-ovt-fr-501 ~]# openssl x509 -in 
> /etc/pki/ovirt-engine/certs/vmconsole-proxy-helper.cer -noout -text | grep Not
> Not Before: Mar 30 04:48:40 2021 GMT
> Not After : May  3 04:48:40 2022 GMT
> [root@vs-inf-prd-ovt-fr-501 ~]# openssl x509 -in 
> /etc/pki/ovirt-engine/certs/vmconsole-proxy-host.cer -noout -text | grep Not
> Not Before: Mar 30 04:48:41 2021 GMT
> Not After : May  3 04:48:41 2022 GMT
> [root@vs-inf-prd-ovt-fr-501 ~]# openssl x509 -in 
> /etc/pki/ovirt-engine/certs/vmconsole-proxy-user.cer -noout -text | grep Not
> Not Before: Mar 30 04:48:41 2021 GMT
> Not After : May  3 04:48:41 2022 GMT
> 
> What is the proper procedure to renew these certificates?

https://bugzilla.redhat.com/show_bug.cgi?id=1988496

remove them and rerun engine-setup it should recreate them


> 
> Guillaume Pavese
> Ingénieur Système et Réseau
> Interactiv-Group
> 
> 
> On Mon, Jun 13, 2022 at 6:23 PM Guillaume Pavese 
>  > wrote:
> Thanks for your answer, I checked but I am still stuck :
> 
> I confirm that the servlet can be reached, according to your recommended test 
> (Method Not Allowed.):
> 
> [root@vs-inf-prd-ovt-fr-501 ~]# wget 
> https://localhost:443/ovirt-engine/services/vmconsole-proxy 
>  
> --no-check-certificate
> --2022-06-13 10:30:11--  
> https://localhost/ovirt-engine/services/vmconsole-proxy 
> 
> Resolving localhost (localhost)... ::1, 127.0.0.1
> Connecting to localhost (localhost)|::1|:443... connected.
> The certificate's owner does not match hostname 'localhost'
> HTTP request sent, awaiting response... 405 Method Not Allowed
> 2022-06-13 10:30:11 ERROR 405: Method Not Allowed.
> 
> I retried ovirt-vmconsole-list.py with "--debug", and looked at the logs : 
> 
> [root@vs-inf-prd-ovt-fr-501 ~]# 
> /usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py --debug 
> --version "1" keys
> [root@vs-inf-prd-ovt-fr-501 ~]# 
> [root@vs-inf-prd-ovt-fr-501 ~]# grep vmconsole /var/log/messages
> Jun 13 10:35:41 vs-inf-prd-ovt-fr-501 journal[3112274]: 2022-06-13 
> 10:35:41,222+0200 ovirt-vmconsole-list: ERROR main:265 Error: HTTP Error 403: 
> Forbidden
> 
> To be noted,
> We did change the engine's CA certificate at some point by following this 
> procedure 
> https://ovirt.org/documentation/administration_guide/index.html#Replacing_the_Manager_CA_Certificate
>  
> 
> We also renewed the certificates during a standard engine --setup upgrade to 
> 4.4.10
> 
> 
> 
> Guillaume Pavese
> Ingénieur Système et Réseau
> Interactiv-Group
> 
> 
> On Mon, Jun 13, 2022 at 4:47 PM Radoslaw Szwajkowski  > wrote:
> Hi,
> the first thing to check is the firewall:  check with wget if the
> servlet can be reached (method not allow error means you have
> connected)
> 
> wget localhost:8080/ovirt-engine/services/vmconsole-proxy
> HTTP request sent, awaiting response... 405 Method Not Allowed
> 2022-06-13 09:36:48 ERROR 405: Method Not Allowed.
> 
> When using the ovirt-vmconsole-list you can also check system log[1]
> i.e. if the server cannot be reached you should see sth like this
> 
> grep vmconsole  /var/log/messages
> Jun 13 08:58:02 developer journal[2972]: 2022-06-13 08:58:02,992+0200
> ovirt-vmconsole-list: ERROR main:265 Error:  Connection refused>
> 
> Note also that you can increase the log level by passing "--debug"
> param or just look inside the script.
> 
> best regards,
> radek
> 
> [1] https://github.com/oVirt/ovirt-vmconsole#problem-determination 
> 
> 
> On Mon, Jun 13, 2022 at 8:22 AM Guillaume Pavese
>  > wrote:
> >
> > Hello everyone,
> >
> > We have the same problem on our oVirt 4.4.10 Production server.
> > ssh connection to vmconsole@engine was previously working in 4.4.6. but it 
> > stopped working at some point, maybe since upgraded to 4.4.10
> >
> > contrary to a working test environment that was directly installed on 
> > 4.4.10,
> > And as for Nathanaël,
> > the following returns nothing : ovirt-vmconsole-list.py --version "1" keys
> >
> > [root@vs-inf-prd-ovt-fr-501 ~]# 
> > /usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py --version 
> > "1" keys
> > [root@vs-inf-prd-ovt-fr-501 ~]#
> >
> > I have verified that the keys stills appear on users' Option -> "User's 
> > Public Key" in the engine's UI
> >
> > What can I try to fix this?
> >
> >
> 

[ovirt-users] Re: Grafana - Origin Not Allowed

[Maton, Brett]

Thanks Nardus,

  ProxyPreserveHost did the trick, all seems to be working now.

On Mon, 13 Jun 2022 at 12:43, Nardus Geldenhuys  wrote:

> This worked for us:
>
> edit /etc/httpd/conf.d/ovirt-engine-grafana-proxy.conf
> add "ProxyPreserveHost On"
> should look like this now:
>
> 
> LoadModule proxy_module modules/mod_proxy.so
> 
>
> 
> ProxyPreserveHost On
> ProxyPass http://127.0.0.1:3000 retry=0 disablereuse=On
> ProxyPassReverse http://127.0.0.1:3000/ovirt-engine-grafana
> 
>
> systemctl restart httpd
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/TZFFIN4ESDYTJLNHYW7WDXYKECEZ57K6/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VOIFYLPZPJ77TWAJAWTLH3ZH57WASSCI/

[ovirt-users] Re: Grafana - Origin Not Allowed

[Nardus Geldenhuys]

This worked for us:

edit /etc/httpd/conf.d/ovirt-engine-grafana-proxy.conf
add "ProxyPreserveHost On"
should look like this now:


LoadModule proxy_module modules/mod_proxy.so



ProxyPreserveHost On
ProxyPass http://127.0.0.1:3000 retry=0 disablereuse=On
ProxyPassReverse http://127.0.0.1:3000/ovirt-engine-grafana


systemctl restart httpd
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TZFFIN4ESDYTJLNHYW7WDXYKECEZ57K6/

[ovirt-users] Re: can't use vmconsole anymore

[Guillaume Pavese]

Hello everyone,

We have the same problem on our oVirt 4.4.10 Production server.
ssh connection to vmconsole@engine was previously working in 4.4.6. but it
stopped working at some point, maybe since upgraded to 4.4.10

contrary to a working test environment that was directly installed on
4.4.10,
And as for Nathanaël,
the following returns nothing : ovirt-vmconsole-list.py --version "1" keys

[root@vs-inf-prd-ovt-fr-501 ~]#
/usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py --version
"1" keys
[root@vs-inf-prd-ovt-fr-501 ~]#

I have verified that the keys stills appear on users' Option -> "User's
Public Key" in the engine's UI

What can I try to fix this?


Guillaume Pavese
Ingénieur Système et Réseau
Interactiv-Group


On Mon, May 10, 2021 at 9:47 PM Nathanaël Blanchet  wrote:

> Hi,
>
> I can't still connect to my vms with vmconsole proxy on my production
> engine (other test and dev engine are OK).
>
> the ssh key for the wanted user is available in the the API:
>
> 
>  href="/ovirt-engine/api/users/64b7f3bf-9d43-4508-af93-63ad77652be3/sshpublickeys/aaace8d4-08d3-4452-ac91-df4b491bd899"
> id="aaace8d4-08d3-4452-ac91-df4b491bd899">
> 
> ssh-rsa
> B3NzaC1yc2EBIwAAAQEAyfrDI84RWtSvFOUvpb9DkbnIuEfZEQAt4ZCXDHNXcmRwa9iXfPbj69gkOJyj7Jhj9RinJn9at4NgJtrO/rRRgT+SzYUWpdO2KWHgRM5v1rpYcw820ZDdAZk+yxCjQsy6kd49q/q6B+Uzg8Kpth+CAV1ubRrBYqFiuT/qQe9y+0N1TkNdASWL38oZH9K0rzbDb4WlU2Er2BCXzoLF2NBk7iyaS3+Y65DqWPPHHdh89nilC6k5N7SCUkSOayrjh7NnErkBAKZ6PPaarZqZhZPrCbHZnu0oqA0XQXKLcYpwuhNwcK8e4ZWsDwMmArnNcmS6JFxnPIrGYxxmv01K6VXVvw==
> 
>  id="64b7f3bf-9d43-4508-af93-63ad77652be3"/>
> 
> 
>
> But /usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py
> --version "1" keys still returns nothing.
>
> On the engine:
>
> [root@air ~]# systemctl status ovirt-vmconsole-proxy-sshd.service
> ● ovirt-vmconsole-proxy-sshd.service - oVirt VM Console SSH server daemon
>Loaded: loaded
> (/usr/lib/systemd/system/ovirt-vmconsole-proxy-sshd.service; enabled;
> vendor preset: disabled)
>Active: active (running) since Mon 2021-05-10 14:16:55 CEST; 22min ago
>  Main PID: 3649210 (sshd)
> Tasks: 1 (limit: 204594)
>Memory: 2.7M
>CGroup: /system.slice/ovirt-vmconsole-proxy-sshd.service
>└─3649210 /usr/sbin/sshd -f
> /usr/share/ovirt-vmconsole/ovirt-vmconsole-proxy/ovirt-vmconsole-proxy-sshd/sshd_config
> -D
>
> mai 10 14:16:55 air.v100.abes.fr systemd[1]: Started oVirt VM Console SSH
> server daemon.
> mai 10 14:16:55 air.v100.abes.fr sshd[3649210]: Server listening on
> 0.0.0.0 port .
> mai 10 14:16:55 air.v100.abes.fr sshd[3649210]: Server listening on ::
> port .
> mai 10 14:17:01 air.v100.abes.fr ovirt-vmconsole-proxy-keys[3649214]:
> ERROR '"keys"'
> mai 10 14:17:01 air.v100.abes.fr sshd[3649212]: AuthorizedKeysCommand
> /usr/libexec/ovirt-vmconsole-proxy-keys ovirt-vmconsole failed, status 1
> mai 10 14:17:02 air.v100.abes.fr ovirt-vmconsole-proxy-keys[3649218]:
> ERROR '"keys"'
> mai 10 14:17:02 air.v100.abes.fr sshd[3649212]: AuthorizedKeysCommand
> /usr/libexec/ovirt-vmconsole-proxy-keys ovirt-vmconsole failed, status 1
> mai 10 14:17:02 air.v100.abes.fr sshd[3649212]: Connection closed by
> authenticating user ovirt-vmconsole 10.34.100.131 port 46874 [preauth]
>
> I tried to execute /usr/libexec/ovirt-vmconsole-proxy-keys ovirt-vmconsole
> but it gives an internal ERROR (as on the other working engine, so it may
> be not relevant)
>
> What can I test more?
> Le 18/04/2021 à 15:59, Sharon Gratch a écrit :
>
> Hi,
>
> Please follow the instructions mentioned here:
> https://www.ovirt.org/documentation/virtual_machine_management_guide/#Logging_in_to_a_virtual_machine_using_SPICE
>
> -
> > " Opening a Serial Console to a Virtual Machine".
>
> It seems that something is wrong with the user permissions/keys.
> Is the 4.4.5 oVirt installation an upgraded or a new installation?
> You mentioned that it's working with your other engines? Do they all use
> the 4.4.5 version?
>
> Thanks,
> Sharon
>
>
> On Fri, Apr 16, 2021 at 1:31 PM Nathanaël Blanchet 
> wrote:
>
>> I removed the user and created an other time. Now, I have this
>>
>> The key seems to be present in the DB
>>
>> engine=# SELECT users.username, user_profiles.property_content::text
>> FROM user_profiles
>> JOIN users ON users.user_id = user_profiles.user_id
>> WHERE user_profiles.property_type= 'SSH_PUBLIC_KEY';
>>   username |
>> property_content
>>
>>
>> --+---
>>
>> --
>> ---
>>   sblanc...@levant.abes.fr | 

[ovirt-users] Re: Grafana - Origin Not Allowed

[Maton, Brett]

  I've not restored from a backup or changed the grafana databse user
password, no idea why this has 'just' stopped working (or when as I don't
look at grafana that often).

I tried updating the grafana db user password, but still no joy...

I grabbed the password from
/etc/ovirt-engine-dwh/ovirt-engine-dwhd.conf.d/10-setup-grafana-database.conf -
GRAFANA_DB_PASSWD

and then updated the database user:

su - postgres
psql -d ovirt_engine_history
ALTER ROLE ovirt_engine_history_grafana WITH PASSWORD 'password from config
file';


On Fri, 10 Jun 2022 at 17:32, Patrick Hibbs  wrote:

> That can happen if the builtin password for the engine database's grafana
> user changes, or if you manually restore the grafana database from a backup.
>
> You could try resetting the password by copying it back into the data
> source config in grafana's UI. (You'll need admin privlieges for grafana to
> do so.)
> The password for the engine database's grafana user should be located in
> /etc/ovirt-engine-dwh/ovirt-engine-dwhd.conf.d/10-setup-grafana-database.conf
> on the engine host.
>
> -Patrick Hibbs
>
> On Thu, 2022-06-09 at 09:32 +0100, Maton, Brett wrote:
>
> oVirt 4.5.0.8-1.el8
>
> I tried to connect to grafana via the monitoring portal link from the dash
> and all panels are failing to display any data with varying error messages,
> but all include 'Origin Not Allowed'
>
> I navigated to Data Sources and ran a test on the PostgreSQL connection
> (localhost) which threw the same Origin Not Allowed error message.
>
> Any suggestions?
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/V5I3LPPDKLL7BXDDBOFIS22JMS5ONUYU/
>
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/KDPMJGJ22DJH4FZW2Y2UVDBZD3KBJN37/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZACPIB4DC53BH26WDBDYVYNWXHH3N5U2/

[ovirt-users] Re: can't use vmconsole anymore

[Radoslaw Szwajkowski]

Hi,
the first thing to check is the firewall:  check with wget if the
servlet can be reached (method not allow error means you have
connected)

wget localhost:8080/ovirt-engine/services/vmconsole-proxy
HTTP request sent, awaiting response... 405 Method Not Allowed
2022-06-13 09:36:48 ERROR 405: Method Not Allowed.

When using the ovirt-vmconsole-list you can also check system log[1]
i.e. if the server cannot be reached you should see sth like this

grep vmconsole  /var/log/messages
Jun 13 08:58:02 developer journal[2972]: 2022-06-13 08:58:02,992+0200
ovirt-vmconsole-list: ERROR main:265 Error: 

Note also that you can increase the log level by passing "--debug"
param or just look inside the script.

best regards,
radek

[1] https://github.com/oVirt/ovirt-vmconsole#problem-determination

On Mon, Jun 13, 2022 at 8:22 AM Guillaume Pavese
 wrote:
>
> Hello everyone,
>
> We have the same problem on our oVirt 4.4.10 Production server.
> ssh connection to vmconsole@engine was previously working in 4.4.6. but it 
> stopped working at some point, maybe since upgraded to 4.4.10
>
> contrary to a working test environment that was directly installed on 4.4.10,
> And as for Nathanaël,
> the following returns nothing : ovirt-vmconsole-list.py --version "1" keys
>
> [root@vs-inf-prd-ovt-fr-501 ~]# 
> /usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py --version 
> "1" keys
> [root@vs-inf-prd-ovt-fr-501 ~]#
>
> I have verified that the keys stills appear on users' Option -> "User's 
> Public Key" in the engine's UI
>
> What can I try to fix this?
>
>
> Guillaume Pavese
> Ingénieur Système et Réseau
> Interactiv-Group
>
>
> On Mon, May 10, 2021 at 9:47 PM Nathanaël Blanchet  wrote:
>>
>> Hi,
>>
>> I can't still connect to my vms with vmconsole proxy on my production engine 
>> (other test and dev engine are OK).
>>
>> the ssh key for the wanted user is available in the the API:
>>
>> 
>> > href="/ovirt-engine/api/users/64b7f3bf-9d43-4508-af93-63ad77652be3/sshpublickeys/aaace8d4-08d3-4452-ac91-df4b491bd899"
>>  id="aaace8d4-08d3-4452-ac91-df4b491bd899">
>> 
>> ssh-rsa 
>> B3NzaC1yc2EBIwAAAQEAyfrDI84RWtSvFOUvpb9DkbnIuEfZEQAt4ZCXDHNXcmRwa9iXfPbj69gkOJyj7Jhj9RinJn9at4NgJtrO/rRRgT+SzYUWpdO2KWHgRM5v1rpYcw820ZDdAZk+yxCjQsy6kd49q/q6B+Uzg8Kpth+CAV1ubRrBYqFiuT/qQe9y+0N1TkNdASWL38oZH9K0rzbDb4WlU2Er2BCXzoLF2NBk7iyaS3+Y65DqWPPHHdh89nilC6k5N7SCUkSOayrjh7NnErkBAKZ6PPaarZqZhZPrCbHZnu0oqA0XQXKLcYpwuhNwcK8e4ZWsDwMmArnNcmS6JFxnPIrGYxxmv01K6VXVvw==
>> 
>> > id="64b7f3bf-9d43-4508-af93-63ad77652be3"/>
>> 
>> 
>>
>> But /usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py  
>> --version "1" keys still returns nothing.
>>
>> On the engine:
>>
>> [root@air ~]# systemctl status ovirt-vmconsole-proxy-sshd.service
>> ● ovirt-vmconsole-proxy-sshd.service - oVirt VM Console SSH server daemon
>>Loaded: loaded 
>> (/usr/lib/systemd/system/ovirt-vmconsole-proxy-sshd.service; enabled; vendor 
>> preset: disabled)
>>Active: active (running) since Mon 2021-05-10 14:16:55 CEST; 22min ago
>>  Main PID: 3649210 (sshd)
>> Tasks: 1 (limit: 204594)
>>Memory: 2.7M
>>CGroup: /system.slice/ovirt-vmconsole-proxy-sshd.service
>>└─3649210 /usr/sbin/sshd -f 
>> /usr/share/ovirt-vmconsole/ovirt-vmconsole-proxy/ovirt-vmconsole-proxy-sshd/sshd_config
>>  -D
>>
>> mai 10 14:16:55 air.v100.abes.fr systemd[1]: Started oVirt VM Console SSH 
>> server daemon.
>> mai 10 14:16:55 air.v100.abes.fr sshd[3649210]: Server listening on 0.0.0.0 
>> port .
>> mai 10 14:16:55 air.v100.abes.fr sshd[3649210]: Server listening on :: port 
>> .
>> mai 10 14:17:01 air.v100.abes.fr ovirt-vmconsole-proxy-keys[3649214]: ERROR 
>> '"keys"'
>> mai 10 14:17:01 air.v100.abes.fr sshd[3649212]: AuthorizedKeysCommand 
>> /usr/libexec/ovirt-vmconsole-proxy-keys ovirt-vmconsole failed, status 1
>> mai 10 14:17:02 air.v100.abes.fr ovirt-vmconsole-proxy-keys[3649218]: ERROR 
>> '"keys"'
>> mai 10 14:17:02 air.v100.abes.fr sshd[3649212]: AuthorizedKeysCommand 
>> /usr/libexec/ovirt-vmconsole-proxy-keys ovirt-vmconsole failed, status 1
>> mai 10 14:17:02 air.v100.abes.fr sshd[3649212]: Connection closed by 
>> authenticating user ovirt-vmconsole 10.34.100.131 port 46874 [preauth]
>>
>> I tried to execute /usr/libexec/ovirt-vmconsole-proxy-keys ovirt-vmconsole 
>> but it gives an internal ERROR (as on the other working engine, so it may be 
>> not relevant)
>>
>> What can I test more?
>>
>> Le 18/04/2021 à 15:59, Sharon Gratch a écrit :
>>
>> Hi,
>>
>> Please follow the instructions mentioned here:
>> https://www.ovirt.org/documentation/virtual_machine_management_guide/#Logging_in_to_a_virtual_machine_using_SPICE
>>   - > " Opening a Serial Console to a Virtual Machine".
>>
>> It seems that something is wrong with the user permissions/keys.
>> Is the 4.4.5 oVirt installation an upgraded or a new installation?
>> You mentioned that it's working with your other engines? Do they all use the 
>> 4.4.5 version?
>>
>> Thanks,
>> Sharon
>>

[ovirt-users] Re: can't use vmconsole anymore

[Guillaume Pavese]

Thanks for your answer, I checked but I am still stuck :

I confirm that the servlet can be reached, according to your recommended
test (Method Not Allowed.):

[root@vs-inf-prd-ovt-fr-501 ~]# wget
https://localhost:443/ovirt-engine/services/vmconsole-proxy
--no-check-certificate
--2022-06-13 10:30:11--
https://localhost/ovirt-engine/services/vmconsole-proxy
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:443... connected.
The certificate's owner does not match hostname 'localhost'
HTTP request sent, awaiting response... 405 Method Not Allowed
2022-06-13 10:30:11 ERROR 405: Method Not Allowed.

I retried ovirt-vmconsole-list.py with "--debug", and looked at the logs :

[root@vs-inf-prd-ovt-fr-501 ~]#
/usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py --debug
--version "1" keys
[root@vs-inf-prd-ovt-fr-501 ~]#
[root@vs-inf-prd-ovt-fr-501 ~]# grep vmconsole /var/log/messages
Jun 13 10:35:41 vs-inf-prd-ovt-fr-501 journal[3112274]: 2022-06-13
10:35:41,222+0200 ovirt-vmconsole-list: ERROR main:265 Error: HTTP Error
403: Forbidden

To be noted,
We did change the engine's CA certificate at some point by following this
procedure
https://ovirt.org/documentation/administration_guide/index.html#Replacing_the_Manager_CA_Certificate
We also renewed the certificates during a standard engine --setup upgrade
to 4.4.10



Guillaume Pavese
Ingénieur Système et Réseau
Interactiv-Group


On Mon, Jun 13, 2022 at 4:47 PM Radoslaw Szwajkowski 
wrote:

> Hi,
> the first thing to check is the firewall:  check with wget if the
> servlet can be reached (method not allow error means you have
> connected)
>
> wget localhost:8080/ovirt-engine/services/vmconsole-proxy
> HTTP request sent, awaiting response... 405 Method Not Allowed
> 2022-06-13 09:36:48 ERROR 405: Method Not Allowed.
>
> When using the ovirt-vmconsole-list you can also check system log[1]
> i.e. if the server cannot be reached you should see sth like this
>
> grep vmconsole  /var/log/messages
> Jun 13 08:58:02 developer journal[2972]: 2022-06-13 08:58:02,992+0200
> ovirt-vmconsole-list: ERROR main:265 Error:  Connection refused>
>
> Note also that you can increase the log level by passing "--debug"
> param or just look inside the script.
>
> best regards,
> radek
>
> [1] https://github.com/oVirt/ovirt-vmconsole#problem-determination
>
> On Mon, Jun 13, 2022 at 8:22 AM Guillaume Pavese
>  wrote:
> >
> > Hello everyone,
> >
> > We have the same problem on our oVirt 4.4.10 Production server.
> > ssh connection to vmconsole@engine was previously working in 4.4.6. but
> it stopped working at some point, maybe since upgraded to 4.4.10
> >
> > contrary to a working test environment that was directly installed on
> 4.4.10,
> > And as for Nathanaël,
> > the following returns nothing : ovirt-vmconsole-list.py --version "1"
> keys
> >
> > [root@vs-inf-prd-ovt-fr-501 ~]#
> /usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py --version
> "1" keys
> > [root@vs-inf-prd-ovt-fr-501 ~]#
> >
> > I have verified that the keys stills appear on users' Option -> "User's
> Public Key" in the engine's UI
> >
> > What can I try to fix this?
> >
> >
> > Guillaume Pavese
> > Ingénieur Système et Réseau
> > Interactiv-Group
> >
> >
> > On Mon, May 10, 2021 at 9:47 PM Nathanaël Blanchet 
> wrote:
> >>
> >> Hi,
> >>
> >> I can't still connect to my vms with vmconsole proxy on my production
> engine (other test and dev engine are OK).
> >>
> >> the ssh key for the wanted user is available in the the API:
> >>
> >> 
> >>  href="/ovirt-engine/api/users/64b7f3bf-9d43-4508-af93-63ad77652be3/sshpublickeys/aaace8d4-08d3-4452-ac91-df4b491bd899"
> id="aaace8d4-08d3-4452-ac91-df4b491bd899">
> >> 
> >> ssh-rsa
> B3NzaC1yc2EBIwAAAQEAyfrDI84RWtSvFOUvpb9DkbnIuEfZEQAt4ZCXDHNXcmRwa9iXfPbj69gkOJyj7Jhj9RinJn9at4NgJtrO/rRRgT+SzYUWpdO2KWHgRM5v1rpYcw820ZDdAZk+yxCjQsy6kd49q/q6B+Uzg8Kpth+CAV1ubRrBYqFiuT/qQe9y+0N1TkNdASWL38oZH9K0rzbDb4WlU2Er2BCXzoLF2NBk7iyaS3+Y65DqWPPHHdh89nilC6k5N7SCUkSOayrjh7NnErkBAKZ6PPaarZqZhZPrCbHZnu0oqA0XQXKLcYpwuhNwcK8e4ZWsDwMmArnNcmS6JFxnPIrGYxxmv01K6VXVvw==
> >> 
> >>  href="/ovirt-engine/api/users/64b7f3bf-9d43-4508-af93-63ad77652be3"
> id="64b7f3bf-9d43-4508-af93-63ad77652be3"/>
> >> 
> >> 
> >>
> >> But /usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py
> --version "1" keys still returns nothing.
> >>
> >> On the engine:
> >>
> >> [root@air ~]# systemctl status ovirt-vmconsole-proxy-sshd.service
> >> ● ovirt-vmconsole-proxy-sshd.service - oVirt VM Console SSH server
> daemon
> >>Loaded: loaded
> (/usr/lib/systemd/system/ovirt-vmconsole-proxy-sshd.service; enabled;
> vendor preset: disabled)
> >>Active: active (running) since Mon 2021-05-10 14:16:55 CEST; 22min
> ago
> >>  Main PID: 3649210 (sshd)
> >> Tasks: 1 (limit: 204594)
> >>Memory: 2.7M
> >>CGroup: /system.slice/ovirt-vmconsole-proxy-sshd.service
> >>└─3649210 /usr/sbin/sshd -f
> 

[ovirt-users] Re: Install Ovirt 4.4.10 to standalone system from iso fails

[David Johnson]

It looks like I've run into this now:

https://bugzilla.redhat.com/show_bug.cgi?id=2077794
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SBCWNXLFLJBKTA3TFJARE7QCYZQ6QMMH/

It looks like a permanent fix was put in place in 4.5.

Should I consider just bumping up to 4.5 instead of trying to reinstall
4.4?  Will I be able to recover my cluster from the engine backup?

*David Johnson*
*Director of Development, Maxis Technology*
844.696.2947 ext 702 (o) | 479.531.3590 (c)




*Follow us:*  


On Mon, Jun 13, 2022 at 1:49 AM David Johnson 
wrote:

> This came in just as the engine came up.
>
> The final pieces of the puzzle were:
>
> The database@server notation expressed in the logs is cool, but
> is not how it is expressed to actually connect. That threw up a red herring.
> I had to create all of the postgres users
> Postgres ident authentication requires an ident server such as oidentd. It
> used to be installed by default, but must be installed after the fact by
> the system admin now.
>
> Your guess about a not-clean system is not too far off.  Just before this
> email came in I hit a snag with the CA and key generation. I ran
> engine-cleanup, then ran engine-setup again, and now the non-UI functions
> of the engine are (apparently) back up.
>
> Now the engine is running, but the web gui is throwing 500 errors.
> Internet cut out so I'll get back to it in the morning.
>
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/Y5PKNTFPVPATL4PWUCH2CJ27RPOWYZFF/

[ovirt-users] Re: Grafana - Origin Not Allowed

[Patrick Hibbs]

I meant update the password in grafana's Web UI.

You can find it by going to the Monitoring Portal -> Gear Icon on the
left hand side -> Data Sources -> oVirt DWH -> PostgreSQL Connection.
There you can change the parameters used by grafana to connect to the
engine database. (You'll have to hit the reset button to allow updating
the password.)

*Note: The gear icon will only show up if the logged in user has
administrative permissions within grafana. Only the built in oVirt
admin user (admin@internal-authz) has this permission by default. But
you can delegate those permissions within grafana.

- Patrick Hibbs

On Mon, 2022-06-13 at 08:34 +0100, Maton, Brett wrote:
>   I've not restored from a backup or changed the grafana databse user
> password, no idea why this has 'just' stopped working (or when as I
> don't look at grafana that often).
> 
> I tried updating the grafana db user password, but still no joy...
> 
> I grabbed the password from /etc/ovirt-engine-dwh/ovirt-engine-
> dwhd.conf.d/10-setup-grafana-database.conf - GRAFANA_DB_PASSWD
> 
> and then updated the database user:
> 
> su - postgres
> psql -d ovirt_engine_history
> ALTER ROLE ovirt_engine_history_grafana WITH PASSWORD 'password from
> config file';
> 
> 
> On Fri, 10 Jun 2022 at 17:32, Patrick Hibbs 
> wrote:
> > That can happen if the builtin password for the engine database's
> > grafana user changes, or if you manually restore the grafana
> > database from a backup.
> > 
> > You could try resetting the password by copying it back into the
> > data source config in grafana's UI. (You'll need admin privlieges
> > for grafana to do so.)
> > The password for the engine database's grafana user should be
> > located in /etc/ovirt-engine-dwh/ovirt-engine-dwhd.conf.d/10-setup-
> > grafana-database.conf on the engine host.
> > 
> > -Patrick Hibbs
> > 
> > On Thu, 2022-06-09 at 09:32 +0100, Maton, Brett wrote:
> > > oVirt 4.5.0.8-1.el8 
> > > 
> > > I tried to connect to grafana via the monitoring portal link from
> > > the dash and all panels are failing to display any data with
> > > varying error messages, but all include 'Origin Not Allowed'
> > > 
> > > I navigated to Data Sources and ran a test on the PostgreSQL
> > > connection (localhost) which threw the same Origin Not Allowed
> > > error message.
> > > 
> > > Any suggestions?
> > > ___
> > > Users mailing list -- users@ovirt.org
> > > To unsubscribe send an email to users-le...@ovirt.org
> > > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > > oVirt Code of Conduct:
> > > https://www.ovirt.org/community/about/community-guidelines/
> > > List Archives:
> > >
> >
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/V5I3LPPDKLL7BXDDBOFIS22JMS5ONUYU/
> > 
> > 
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > oVirt Code of Conduct:
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> >
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/KDPMJGJ22DJH4FZW2Y2UVDBZD3KBJN37/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZMWOQQHJAVCM5NLTDXXIJL7Y3U65HNTV/

[ovirt-users] Re: OVIRT Package Upgrade Interrupted

[Abe E]

Thank You Strahil, I was actually able to use the node snapshot to revert a 
version back and get things going again. 
This time I'll wait till its completed its testing phase and maybe get a small 
lab to test the upgrade on, I need to remove the testing Repo as well, I was 
not aware that it was added/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YJVADSIW2A3HL7JAHR2O4WNN5T2TAMMU/