from:"Dominik Holler"

Re: [ovirt-users] VDSM service won't start

2017-01-13 Thread Dominik Holler

On Fri, 13 Jan 2017 10:45:43 -0500
"paul.greene.va"  wrote:

> 
> After a reboot the virtual interfaces usually initially come up, but
> go down again within a few minutes.
> 
> Running journalctl -xe gives these three messages:
> 
> "failed to start Virtual Desktop Server Manager network restoration"
> 
> "Dependency failed for Virtual Desktop Server Manager"  (but it
> doesn't say which dependency failed"
> 
> "Dependency failed for MOM instance configured for VDSM purposes"  
> (again, doesn't way which dependency)
> 
> Any suggestions?
> 

Is libvirtd.service running?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt multiips hook

2016-12-19 Thread Dominik Holler

Hello,
to check where the hook script behaves unexpected, the hook is extended
[1] to be more verbose. What is the output in vdsm.log of the more
verbose hook script?

[1]
  https://bugzilla.redhat.com/attachment.cgi?id=1233353

On Sun, 18 Dec 2016 17:38:50 +
Bill Bill <jax2...@outlook.com> wrote:

> Hi Dan,
> 
> Thanks for getting back to me & for your help. The script is 755
> permissions and oVirt sees it under the host hooks as well. The dump
> is below:
> 
> (I replaced our node IP with “mynodeIP” for privacy) I don’t see the
> IP’s from the custom property listed in the dump and I also don’t see
> any errors in the vdsm log. If I grep multiips in the vdsm log I can
> see entries, but none appear to be errors.
> 
> Grep vdsm log for before_vm_start shows:
> 
> Thread-79534::DEBUG::2016-12-18
> 12:24:45,006::commands::68::root::(execCmd) /usr/bin/taskset
> --cpu-list 0-23 /usr/libexec/vdsm/hooks/before_vm_start/multiips (cwd
> None)
> 
> Then if I grep the path:
> 
> cat /var/log/vdsm/vdsm.log
> | /usr/libexec/vdsm/hooks/before_vm_start/multiips Traceback (most
> recent call last): File
> "/usr/libexec/vdsm/hooks/before_vm_start/multiips", line 6, in
>  import hooking ImportError: No module named hooking
> 
> 
> ///
> ///
> 
> 
>   vpsclass1vm-user2-3
>   84100056-5bb7-4904-aff6-ef0a51ffd7b1
>   http://ovirt.org/vm/tune/1.0;>
> 
>   
>   4294967296
>   1048576
>   1048576
>   16
>   
> 1020
>   
>   
> /machine
>   
>   
> 
>   oVirt
>   oVirt Node
>   7-0.1406.el7.centos.2.3
>name='serial'>----0CC47A7ED960  name='uuid'>84100056-5bb7-4904-aff6-ef0a51ffd7b1 
>   
>   
> hvm
> 
> 
>   
>   
> 
>   
>   
> Haswell-noTSX
> 
> 
>   
> 
>   
>   
> 
> 
> 
>   
>   destroy
>   restart
>   destroy
>   
> /usr/libexec/qemu-kvm
> 
>   
>   
>   
>   
>   
>   
>unit='0'/> 
> 
>error_policy='stop' io='threads'/>  file='/rhev/data-center/3fd2ad92-e1eb-49c2-906d-00ec233f610a/d8a0172e-837f-4552-92c7-566dc4e548e4/images/f64b31f1-1e28-4067-9776-c8cdedd039dc/bab16012-9bd5-4005-bee4-2512a8c6c6a3'>
>  
>   
> 
>  file='/rhev/data-center/3fd2ad92-e1eb-49c2-906d-00ec233f610a/d8a0172e-837f-4552-92c7-566dc4e548e4/images/f64b31f1-1e28-4067-9776-c8cdedd039dc/8c053bcf-c1cc-4c7d-80e1-7bd937785fc4'/>
>  
>   
>   f64b31f1-1e28-4067-9776-c8cdedd039dc
>   
>function='0x0'/> 
> 
>   
>function='0x0'/> 
> 
>   
>function='0x0'/> 
> 
>   
>function='0x2'/> 
> 
>   
> 
> 
>   
>function='0x1'/> 
> 
>   
>   
>   
>   
>   
>   
>   
>function='0x0'/> 
> 
>path='/var/lib/libvirt/qemu/channels/84100056-5bb7-4904-aff6-ef0a51ffd7b1.com.redhat.rhevm.vdsm'/>
>  state='connected'/>   type='virtio-serial' controller='0' bus='0' port='1'/> 
> 
>path='/var/lib/libvirt/qemu/channels/84100056-5bb7-4904-aff6-ef0a51ffd7b1.org.qemu.guest_agent.0'/>
>  state='connected'/>   type='virtio-serial' controller='0' bus='0' port='2'/> 
> 
>state='disconnected'/> 
>   
> 
> 
>   
> 
> 
>   
> 
>  keymap='en-us' passwdValidTo='1970-01-01T00:00:01'>  type='network' address='mynodeIP' network='vdsm-Public'/> 
>  listen='mynodeIP' keymap='en-us' defaultMode='secure'
> passwdValidTo='1970-01-01T00:00:01'>  address='mynodeIP' network='vdsm-Public'/>  mode='secure'/>   name='inputs' mode='secure'/> 
>   
>   
>   
>   
> 
> 
>heads='1' primary='yes'/> 
>        function='0x0'/> 
> 
>   
>function='0x0'/> 
>   
>   
> system_u:system_r:svirt_t:s0:c310,c350
> system_u:object_r:svirt_image_t:s0:c310,c350
>   
>   
> +107:+107
> +107:+107
>   
> 
> 
> ///
> ///
> 
> Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for
> Windows 10
> 
> From: Dan Kenigsberg<mailto:dan...@redhat.com>
> Sent: Sunday, December 18, 2016 10:59 AM
> To: Bill Bill<mailto:jax2...@outlook.com>
> Cc: users<mailto:users@ovirt.org>; Dominik
> Holler<mailto:dhol...@redhat.com> Subject: Re: oVirt multiips hook
>

Re: [ovirt-users] prevent ovirt from managing a particular vlan setting on an interface

2017-03-28 Thread Dominik Holler

On Tue, 28 Mar 2017 09:17:24 +0200
Gianluca Cecchi  wrote:

> And I want to retain that vlan configuration.

Why not building the vlan configuration using oVirt?

> I remember a thread where something similar was referred, with a
> parameter inside vdsm.conf, but I'm not able to find it...
> I don't remember if that setting was targeted at ignoring the
> particular network interface as a whole, actually..
> I would like to have eth3.100 and eth4.100 as single interfaces
> pointing to an iSCSI storage, but also use (throuch oVirt
> configuration) a bond0 device with eth3 and eth4 as slaves
> So that VMs vlans with ID xx would be defined on bond0.xx and bridges
> with those bonds as interfaces
> 
> In case not possible can I sort of manually force this config and have
> oVirt accept it, even if not able to automagically create it?
> 

You can try to 
ifdown eth3.100 and eth4.100, 
configure the ovirtmgmt on top if the bond by ovirt
and ifup eth3.100 and eth4.100 again.

But that is ugly and you have to test if this works.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Getting error when i try to assign logical networks to interfaces

2017-03-23 Thread Dominik Holler

Are you using Fibre Channel over Ethernet?

On Thu, 23 Mar 2017 09:25:04 +0200
martin chamambo  wrote:

> I havent set up any hooks and when i try to assign logical networks
> to an already existing interface on the host ,it gives me this error
> 
> Hook error: Hook Error: ('Traceback (most recent call last):\n  File
> "/usr/libexec/vdsm/hooks/before_network_setup/50_fcoe", line 18, in
> \nfrom vdsm.netconfpersistence import
> RunningConfig\nImportError: No module named netconfpersistence\n',)

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Networking and oVirt 4.1

2017-07-05 Thread Dominik Holler

On Mon, 3 Jul 2017 15:27:36 +0200
Gabriel Stein  wrote:

> Hi all,
> 
> I'm installing oVirt for the first time and I'm having some issues
> with the Networking.
> 
> Setup:
> 
> OS: CentOS 7 Mininal
> 3 Bare Metal Servers(1 for Engine, 2 for Nodes).
> Network:
> Nn Trunk Interfaces with VLANs and Bridges.
> e.g.:
> trunk.100, VLAN: 100, Bridge: vmbr100. IPV4 only.
> 
> I have already a VLAN for MGMNT, without DHCP Server(not needed for
> oVirt, but explaining my setup).
> 
> 
> Networking works as expected, I can ping/ssh each host without
> problems.
> 
> On the two nodes, I have a Interface named ovirtmgmt and dhcp...
> 
> Question 1: What kind of configuration can I use here? Can I set
> static IPs from VLAN MGMNT and put everything from oVirt on that
> VLAN? 

Yes.

> oVirt doens't have a Internal DHCP Server for Nodes, or?
> 

oVirt doens't have an internal DHCP Server.

> Question 2: Should I leave oVirt to Setup it(ovirtmgmt Interface) for
> me?
> 

I would use the comfort oVirt provides to configure the hosts, if there
is not a good reason to take the burden on me.

> Problems:
> 
> I configured the Engine with the IP 1.1.1.1, and I reach the web
> interface with https://FQDN( which is IP: 1.1.1.1)
> 
> But, when I add a Host to the Cluster, I have some errors:
> 
> "Host  does not comply with the cluster Default networks, the
> following networks are missing on host: 'ovirtmgmt'"

Try to use the "Setup Host Networks" functionality of oVirt.
If you select a host in the Administration Portal, there is
a tab labeled "Network Interfaces", which provides a button "Setup Host
Networks".
In the "Setup Host Networks" dialog is a graphical representation of
all logical networks, which can be assigned by drag'n drop to the
network interfaces of the host.

> Question 3: I saw that Engine tries to call dhclient and Setup an IP
> for it, but could I have  static IPs? Where can I configure it?

In the "Setup Host Networks" dialog each assigned logical network has an
icon of a pencil, which can be used to open an other dialog to
configure IP addresses.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Fwd: Configure Wifi Interface with oVirt Host

2017-09-05 Thread Dominik Holler

On Thu, 31 Aug 2017 16:46:15 +0100
Sec For  wrote:

> Now, I have moved into wifi - where I have *wlp2s0 *interface, When I
> click host->setup network -> it don't get wlp2s0 interface to link
> with ovirt engine.
> 
> How do we connect wifi interface wlp2s0 to ovirt engine?
> 

We never checked WiFi interfaces or planned to work with wireless
NICs. If you are interested in using wireless NICs on oVirt hosts,
you are welcome to open a bug which explains how you like to use
wireless networking and the reason for using it.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt Remote Access

2017-11-24 Thread Dominik Holler

Do you use oVirt Self-Hosted Engine?

On Fri, 24 Nov 2017 15:23:47 -0200
Emerson Jr  wrote:

> Hi,
> 
> I'm having a hard time understanding what happened after I configured
> oVirt network ("bridge" on the CentOS), it changed the routes metric
> and now I can't access my oVirt portal from another computer on the
> network (https:// /UserPortal).
> 
> It was working before, I have two Lan interfaces on the network of the
> server, one of them the IP is bridged to the oVirt, the other one is
> not, I was using the not bridge IP to access it.
> 
> 
> Thanks.

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] 10Gb Networking with OVN

2017-12-13 Thread Dominik Holler

On Tue, 12 Dec 2017 23:12:12 +0200
Yaniv Kaul <yk...@redhat.com> wrote:

> On Mon, Dec 11, 2017 at 8:21 PM, Beau Sapach <bsap...@ualberta.ca>
> wrote:
> 
> > Yes, we've done some testing.  With an oVirt VM running on a host
> > using 10Gb ethernet copying data to a physical machine also using
> > 10Gb ethernet we don't see network utilization exceed 800Mbits or
> > so.  A bit of research online yields some experimentation done by
> > others who used SR-IOV to achieve 10Gb from a VM.
> >  
> 
> Are you using multiple TCP streams, jumbo frames, threads, etc.?

Please verify that the expected interface is used. The automatic
configuration uses ovirtmgmt to transport the data.
This can be changed manually by executing 

vdsm-tool ovn-config IP_OF_OVN_CENTRAL IP_OF_LOCAL_INTERFACE

on the host.

Are you using NICs which supports GENEVE offloading?


> Y.
> 
> 
> > I'm not sure where the bottleneck is, possibly in the VirtIO driver.
> >
> > Beau
> >
> > On Mon, Dec 11, 2017 at 1:23 AM, Dominik Holler <dhol...@redhat.com>
> > wrote:
> >  
> >> Is there an indication that the VMs will not take advantage of
> >> 10Gb?
> >>
> >> On Thu, 7 Dec 2017 15:27:25 -0700
> >> Beau Sapach <bsap...@ualberta.ca> wrote:
> >>  
> >> > Hello everyone,
> >> >
> >> > I see here:
> >> > https://www.ovirt.org/blog/2017/09/introducing-ovirt-4.2.0/ that
> >> > version 4.2 will have OVN support.  Does anyone know if this will
> >> > allow VMs to take advantage of 10Gb networking without needing
> >> > SR-IOV?
> >> >
> >> >  
> >>
> >>  
> >
> >
> > --
> > Beau Sapach
> > *System Administrator | Information Technology Services |
> > University of Alberta Libraries*
> > *Phone: 780.492.4181 <(780)%20492-4181> | Email:
> > beau.sap...@ualberta.ca <beau.sap...@ualberta.ca>*
> >
> >
> > ___
> > Users mailing list
> > Users@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >
> >  

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Virtualized server & oVirt Node on different subnets

2017-12-19 Thread Dominik Holler

On Tue, 19 Dec 2017 18:03:54 +0200
andreil1  wrote:

> Hi,
> 
> I have oVirt node running on internal network, address range
> 192.168.0.x, and need to install virtualized server on DMZ zone
> 192.168.1.x. Server has several NICs. DMZ NIC will be connected
> directly to router with firewall. What is the best solution ?
> 
> 1) Undefine one NIC on CentOS host / node, and assign IP on
> virtualized server in passthrough mode.

Will work, but you have to think how to handle migration of the 
virtualized server to another node.

> 2) Create 2nd oVirtmgmt bridge and link it to NIC on DMZ (if thats
> possible at all).
> 

I would recommend not using ovirtmgmt for the DMZ traffic, but creating
a new logical network in oVirt and assign this new logical network to
the desired network interface of the node. This will setup the second
bridge automatically.

> Thanks in advance.
> Andrei
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Error during SSO authentication Cannot authenticate user 'admin@internal'

2017-11-14 Thread Dominik Holler

Can you connect to http://hostname:8080/ovirt-engine/api/ using this
credentials?

Even if the already posted stacktrace looks like expected, maybe you
can share your /etc/ovirt-provider-ovn (without
ovirt-sso-client-secret, which seems to be correct)?

Thanks,
Dominik

On Tue, 14 Nov 2017 09:51:27 +0100
Martin Perina  wrote:

> On Tue, Nov 14, 2017 at 12:44 AM, Sverker Abrahamsson <
> sver...@abrahamsson.com> wrote:  
> 
> > Since upgrading my test lab to ovirt 4.2 I can't get
> > ovirt-provider-ovn to work. From ovirt-provider-ovn.log:
> >
> > 2017-11-14 00:40:15,795   Request: POST : /v2.0///tokens
> > 2017-11-14 00:40:15,795   Request body:
> > {
> >   "auth" : {
> > "passwordCredentials" : {
> >   "username" : "admin@internal",
> >   "password" : "x"
> > }
> >   }
> > }
> > 2017-11-14 00:40:15,819   Starting new HTTPS connection (1): h2-int
> > 2017-11-14 00:40:20,829   "POST /ovirt-engine/sso/oauth/token
> > HTTP/1.1" 400 118
> > 2017-11-14 00:40:20,830   Error during SSO authentication Cannot
> > authenticate user 'admin@internal': The username or password is
> > incorrect.. : access_deniedNone
> > Traceback (most recent call last):
> >   File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py",
> > line 119, in _handle_request
> > method, path_parts, content)
> >   File
> > "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line
> > 177, in handle_request handler, content, parameters
> >   File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line
> > 28, in call_response_handler
> > return response_handler(content, parameters)
> >   File
> > "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py",
> > line 58, in post_tokens user_password=user_password)
> >   File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line
> > 26, in create_token
> > return auth.core.plugin.create_token(user_at_domain,
> > user_password) File
> > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/plugin.py", line
> > 48, in create_token timeout=self._timeout())
> >   File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py",
> > line 62, in create_token
> > username, password, engine_url, ca_file, timeout)
> >   File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py",
> > line 54, in wrapper
> > _check_for_error(response)
> >   File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py",
> > line 168, in _check_for_error
> > result['error'], details))
> > Unauthorized: Error during SSO authentication Cannot authenticate
> > user 'admin@internal': The username or password is incorrect.. :
> > access_deniedNone
> >
> > And in engine.log:
> >
> > 2017-11-14 00:40:20,828+01 ERROR
> > [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-16) []
> > OAuthException access_denied: Cannot authenticate user
> > 'admin@internal': The username or password is incorrect.. 
> 
> Could you please provide full engine logs so we can investigate?
> 
> 
> 
> Thanks
> 
> Martin
> 
> 
> >
> > The password in the request is the same as used to log in to the
> > admin portal and works fine there.
> >
> > /Sverker
> >
> > ___
> > Users mailing list
> > Users@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >  
> 
> 
> 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] 10Gb Networking with OVN

2017-12-11 Thread Dominik Holler

Is there an indication that the VMs will not take advantage of 10Gb?

On Thu, 7 Dec 2017 15:27:25 -0700
Beau Sapach  wrote:

> Hello everyone,
> 
> I see here:
> https://www.ovirt.org/blog/2017/09/introducing-ovirt-4.2.0/ that
> version 4.2 will have OVN support.  Does anyone know if this will
> allow VMs to take advantage of 10Gb networking without needing SR-IOV?
> 
> 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] 10Gb Networking with OVN

2017-12-11 Thread Dominik Holler

Thanks for the hint, we are going to check this.
You are welcome to share if you have any hints about a possible
bottleneck in you scenario.

On Mon, 11 Dec 2017 11:21:58 -0700
Beau Sapach <bsap...@ualberta.ca> wrote:

> Yes, we've done some testing.  With an oVirt VM running on a host
> using 10Gb ethernet copying data to a physical machine also using
> 10Gb ethernet we don't see network utilization exceed 800Mbits or
> so.  A bit of research online yields some experimentation done by
> others who used SR-IOV to achieve 10Gb from a VM.
> 
> I'm not sure where the bottleneck is, possibly in the VirtIO driver.
> 
> Beau
> 
> On Mon, Dec 11, 2017 at 1:23 AM, Dominik Holler <dhol...@redhat.com>
> wrote:
> 
> > Is there an indication that the VMs will not take advantage of 10Gb?
> >
> > On Thu, 7 Dec 2017 15:27:25 -0700
> > Beau Sapach <bsap...@ualberta.ca> wrote:
> >  
> > > Hello everyone,
> > >
> > > I see here:
> > > https://www.ovirt.org/blog/2017/09/introducing-ovirt-4.2.0/ that
> > > version 4.2 will have OVN support.  Does anyone know if this will
> > > allow VMs to take advantage of 10Gb networking without needing
> > > SR-IOV?
> > >
> > >  
> >
> >  
> 
> 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] newbie questions on networking

2018-05-04 Thread Dominik Holler

On Thu, 3 May 2018 09:30:17 -0700
"Rue, Randy"  wrote:

> Hi Again,
> 
> I'm not sure if my first post yesterday went through, I can see it in 
> the list archives but I didn't receive a copy and I've confirmed my
> list settings include me getting a copy of my own posts. In any case,
> nobody has replied and unless I'm the only guy that needs my VMs to
> talk to the rest of the world I assume someone else knows how to fix
> this.
> 
> I've read and re-read the Quick Start Guide, Installation Guide and 
> Administration Guide even though they appear to describe an earlier 
> version. If I've overlooked the answer and this is an RTFM issue,
> feel free to tell me so but I'd be grateful if you'd also tell me
> exactly which part of the FM to read.
> 
> Again, my VM is getting an IP address and nameserver settings from
> the DHCP service running on the server room subnet the oVirt host
> sits in. 

This looks like the oVirt setup is fine.

> From the Vm, I can ping the static IP of the host the vm is
> on, but not anything else on the server room subnet including the
> other hosts or the subnet's gateway. The "route" command sits for
> about 10 seconds before completing but eventually shows two rows, one

Maybe the route command tries to resolve hostnames using an unreachable
DNS server?

> for default with the correct local gateway and one for the local
> subnet. All appears to be well on the VM, the problem appears to be
> the host is not passing traffic.
> 

Maybe the host passes the traffic, but the network equipment outside
the host prevents IP spoofing of the host?
Can you check if the VM traffic is pushed out of the host's interface,
e.g. by tcpdump on the hosts outgoing interface?

To check if the problem is the network between the hosts, you can check
connectivity between two VMs on two different host connected via
an external network of the ovirt-provider-ovn. This way the VM
traffic will be tunneled in the physical network.

> The dialogue for the interface on the host shows some logos on the 
> ovirtmgmt network that's assigned to it, including a green "VM" tile.
> Is this the "outside" role for commodity connections to a VM?
> 
> I've also spent some time rooting around different parts of the admin 
> interface and found some settings under the ovirtmgmt network's vNIC 
> Profiles for the "Network Filter." Tried changing that to "allow
> IPv4" and then to "No Network Filter" with no change.
> 
> I hope to hear from you soon.
> 
> randy in Seattle
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Can't add newly reinstalled ovirt node

2018-05-04 Thread Dominik Holler

On Thu, 3 May 2018 22:26:57 +0200
Jakov Sosic  wrote:

> Hi,
> 
> after installing 4.2.1.1 oVirt node, and adding it in hosted oVirt 
> engine I get the following error:
> 
> Ansible host-deploy playbook execution has started on host vhost01.
> Ansible host-deploy playbook execution has successfully finished on
> host vhost01.
> Status of host vhost01 was set to NonOperational.
> Host vhost01 does not comply with the cluster Lenovo networks, the 
> following networks are missing on host: 'VLAN10'
> Host vhost01 installation failed. Failed to configure management
> network on the host.
> 

Can you please share links to the vdsm.log and supervdsm.log of the
host?


> One more interesting thing:
> 
> Compute => Hosts => vhost02 => Network interfaces
> 
> is empty... there are no recognized interfaces on this host.
> 
> 
> Any idea?
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] vNIC Network Filter setting

2018-05-04 Thread Dominik Holler

On Fri, 4 May 2018 13:05:41 +0530
TranceWorldLogic  wrote:

> Hi,
> 
> I want to set default vNIC profile "Network Filter" setting as
> "no-ip-muticast" rather than "vdsm-no-muticast-snooping".
> 
> Can it possible in ovirt ?

No, I am not aware of.

> If yes, how to do same ?
> 

If you think this would be useful, please open a bug to discuss this.

> 
> Thanks,
> ~Rohit

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] newbie questions on networking

2018-05-07 Thread Dominik Holler

On Mon, 7 May 2018 11:43:51 -0700
"Rue, Randy"  wrote:

> I've sort of had some progress. On Friday I went to the dentist and
> when I returned, my VM could ping google.
> 
> I don't believe I changed anything Friday morning but I confess I've 
> been flailing on this for so long I'm not keeping detailed notes on
> what I change. And as I'm evaluating oVirt as a possible replacement
> for our production xencenter/xenserver systems, I need to know what
> was wrong and what fixed it.
> 
> I reinstalled the ovirt-engine box and two hosts and started again.
> The only change I've made beyond the default is to remove the 
> no-mac-spoofing filter from the ovirtmgmt vNIC profile so there are
> no filters applied. At this point I'm back to an ubuntu LTS server VM
> that again, is getting a DHCP IP address, nameserver entries in
> resolv.conf, and "route" shows correct local routing for addresses on
> the same subnet and the correct gateway for the rest of the world.
> The VM is even registering its hostname in our DNS correctly. And I
> can ping the static IP of the host the VM is on, but not the subnet
> gateway or anything in the real world.
> 

Can you ping the DHCP server?

> Two things I haven't mentioned that I haven't seen anything in the
> docs about. My ovirt-engine box is on a different subnet than my
> hosts, and my hosts are using a bonded pair of physical interfaces
> (XOR mode) for their single LAN connection.

Was the bond created before adding the hosts to oVirt, or after adding
the hosts via oVirt web UI?
If the switch requires configuration for the bond, is this applied?
Can you check if the VM can ping the getaway, if you use a simple
Ethernet connection instead of the bond?

> Did I miss something in the docs where these are a problem?
> 
> Dominik, to answer your thoughts earlier:
> 
> * name resolution isn't happening at all, the VM can't reach a DNS
> server
> 
> * I don't manage the data center network gear but am pretty sure
> there's no configuration that blocks traffic. This is supported by my
> temporary success on Friday. And we also have other virtualization
> hosts (VMWare hosts) in the same subnet, that forward traffic to/from
> their VMs just fine.
> 

OK, L3 seems to work now sometimes.

> * tcpdump on the host's ovirtmgmt interface is pretty noisy but if I 
> grep for the ubuntu DDNS name I see a slew of ARP requests. I can see 
> pings to the host's IP address, and attempts to SSH from the VM to
> its host. Any attempt to touch anything past the host shows nothing
> on any interface in tcpdump, not a ping to the subnet gateway, not an
> SSH attempt, not a DNS query or a ping to known IP address.
> 

The outgoing ARP requests looks like the traffic of the VM is forwarded
to ovirtmgmt.
Do you see ARP reply to the VM?
Maybe the VM fails to get the MAC address of the gateway.

> * hot damn, here's a clue! I can ping other oVirt hosts! (by IP only)
> I also tried pinging the ovirt-engine box, wasn't surprised when that 
> failed as the VM would need to reach the gateway to get to the
> different subnet.
> 
> So it appears that even though I've set up the ovirtmgmt network
> using defaults, and it has the "VM Network" option checked, my
> logical network is still set to only allow traffic between the VMs
> and hosts.
> 
> What am I missing?
> 
> -randy

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Re: newbie questions on networking

2018-05-08 Thread Dominik Holler

On Mon, 7 May 2018 15:59:54 -0700
"Rue, Randy" <randy...@gmail.com> wrote:

> I installed the ovirt node to standalone interfaces, then created the 
> bond via the ovirt-node webui at port 9090, before adding the node to 
> the cluster.
> 

I recommend to use oVirt to configure the network interfaces of the
host, whenever possible. So the bond of the host should be configured by
oVirt, but maybe there is an additional configuration on the switch
required, too.

The troubleshooting can be done step by step, to find the action which
breaks the network connection.
1. After the ovirt-node is installed, the network connection of
   the host should be verified.
2. After the host is added to oVirt, the network connection of
   the host should be verified again.
3. The network connection of a VM running on the host should be
   verified.
4. The bond should be configured by oVirt, and the network connection
   of the host should be verified again. Maybe there is additional
   configuration on the switch required, too.
5. The network connection of a VM running on the host with bond should
   be verified, again.

In which step the network connection  breaks?

> The DHCP server happens to be in the same subnet but no, I can't ping
> it as I can't ping anything beyond the physical interfaces of the
> hosts.
> 

Interesting, so DHCP is working for the VM, but not a ping to the DHCP
server?

> I've added a third host and can also ping that from the VM on node 1.
> 
> For a hoot also spun up a new CentOS VM in case this was an OS
> problem. Same results. And when the two VMs are on different hosts,
> they can't ping each other. When I migrate one so they're both on the
> same host, they can each ping each other.
> 
> On 5/7/2018 1:58 PM, Dominik Holler wrote:
> > On Mon, 7 May 2018 11:43:51 -0700
> > "Rue, Randy" <randy...@gmail.com> wrote:
> >  
> >> I've sort of had some progress. On Friday I went to the dentist and
> >> when I returned, my VM could ping google.
> >>
> >> I don't believe I changed anything Friday morning but I confess
> >> I've been flailing on this for so long I'm not keeping detailed
> >> notes on what I change. And as I'm evaluating oVirt as a possible
> >> replacement for our production xencenter/xenserver systems, I need
> >> to know what was wrong and what fixed it.
> >>
> >> I reinstalled the ovirt-engine box and two hosts and started again.
> >> The only change I've made beyond the default is to remove the
> >> no-mac-spoofing filter from the ovirtmgmt vNIC profile so there are
> >> no filters applied. At this point I'm back to an ubuntu LTS server
> >> VM that again, is getting a DHCP IP address, nameserver entries in
> >> resolv.conf, and "route" shows correct local routing for addresses
> >> on the same subnet and the correct gateway for the rest of the
> >> world. The VM is even registering its hostname in our DNS
> >> correctly. And I can ping the static IP of the host the VM is on,
> >> but not the subnet gateway or anything in the real world.
> >>  
> > Can you ping the DHCP server?
> >  
> >> Two things I haven't mentioned that I haven't seen anything in the
> >> docs about. My ovirt-engine box is on a different subnet than my
> >> hosts, and my hosts are using a bonded pair of physical interfaces
> >> (XOR mode) for their single LAN connection.  
> > Was the bond created before adding the hosts to oVirt, or after
> > adding the hosts via oVirt web UI?
> > If the switch requires configuration for the bond, is this applied?
> > Can you check if the VM can ping the getaway, if you use a simple
> > Ethernet connection instead of the bond?
> >  
> >> Did I miss something in the docs where these are a problem?
> >>
> >> Dominik, to answer your thoughts earlier:
> >>
> >> * name resolution isn't happening at all, the VM can't reach a DNS
> >> server
> >>
> >> * I don't manage the data center network gear but am pretty sure
> >> there's no configuration that blocks traffic. This is supported by
> >> my temporary success on Friday. And we also have other
> >> virtualization hosts (VMWare hosts) in the same subnet, that
> >> forward traffic to/from their VMs just fine.
> >>  
> > OK, L3 seems to work now sometimes.
> >  
> >> * tcpdump on the host's ovirtmgmt interface is pretty noisy but if
> >> I grep for the ubuntu DDNS name I see a slew of ARP requests. I
> >> can see pings to the host's IP address, and attempts to SSH from
> >> the VM to its host. Any attempt to

[ovirt-users] Re: newbie questions on networking

2018-05-08 Thread Dominik Holler

On Mon, 7 May 2018 22:44:08 +
Justin Zygmont  wrote:

> >Was the bond created before adding the hosts to oVirt, or after
> >adding the hosts via oVirt web UI? If the switch requires
> >configuration for the bond, is this applied? Can you check if the VM
> >can ping the getaway, if you use a simple Ethernet connection
> >instead of the >bond?  
> 
> Should any of this be done before adding the host to oVirt?

It is recommended to do as much as possible configuration via oVirt.
If the configuration via oVirt is not possible, the network
configuration has to be done before adding the host to oVirt.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org

[ovirt-users] Re: hosted engine with openvswitch

2018-05-10 Thread Dominik Holler

On Thu, 10 May 2018 19:15:07 +0200
Sverker Abrahamsson  wrote:

> Hi
> I have a problem with running hosted engine with openvswitch. I have

Which version of oVirt?
How do you configured hosted engine to use openvswitch?
Did you follow the steps in
https://lists.ovirt.org/pipermail/users/2017-March/080748.html
?

> one cluster where the ovirt engine runs on the host, there it works

What is the switch type of this cluster?

> and when starting a vm the interface definition looks like this:
> 
>      
>       slot="0x03" type="pci" />
>      
>      
>      
>      
>      
>      
> 

Where do you pick up this xml?

> The xml for that vm as fetched from vdsm does not contain virtualport 

Where do you pick up this xml, maybe from a logfile or virsh?

> tag nor does it use the correct bridge, it looks like this:
> 
> 
>      
>      
>      
>       type="pci"/>  
>      
>      
>      
> 
> 
> I.e. somewhere the definition is modified to contain the correct data
> to work with openvswitch
> 
> On the other cluster where I try to run hosted engine I don't get the 

What is the switch type of this cluster?

> above behaviour. When the engine vm starts the interface settings are 
> not modified to use the bridge in openvswitch, with the result that
> the vm fails to start:
> 

Can you share the error message from engine.log and vdsm.log, and maybe
supervdsm.log?

>      
>      
>      
>      
>      
>       slot="0x03" type="pci"/>
>      
>      
>      
>      
> 
> Last login: Thu May 10 16:23:48 2018 from 172.27.1.32
> [root@h2 ~]# ovs-vsctl show
> dfcf7463-ce51-4115-9a3a-ecab9efa8146
>      Bridge "vdsmbr_H91hH5sG"
>      Port "vdsmbr_H91hH5sG"
>      Interface "vdsmbr_H91hH5sG"
>      type: internal
>      Port ovirtmgmt
>      Interface ovirtmgmt
>      type: internal
>      Port "dummy0"
>      Interface "dummy0"
>      ovs_version: "2.9.0"
> 
> I assumed first there is a hook that make the needed change, but the 
> only hooks I can find that mentions openvswitch are 
> ovirt_provider_ovn_hook and 50_openstacknet but both those would set
> the source bridge to br-int and not look up the dynamic name of the
> bridge as created by vdsm.
> 
> One special thing about the host where I try to run hosted engine is 
> that the there is a dummy port since otherwise I couldn't get vdsm to 
> create the bridge, but that shouldn't affect changing the interface 
> definition for the vm.
> 
> Where should I look next?
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org

[ovirt-users] Re: Private VLANs

2018-05-15 Thread Dominik Holler

On Tue, 15 May 2018 08:45:05 +0800
Colin Coe  wrote:

> Hi all
> 
> We running RHEV 4.1.10 on HPE Blade servers using Virtual Connect
> which talk to Cisco switches.
> 
> I want to implement private VLANs, does the combination of oVirt +
> Cisco switches + HPE Virtual Connect work with private VLANs?
> 
> To be clear, I want to have a couple of logical networks (i.e. VLANs)
> where the nodes in that VLAN cannot talk directly but must go through
> the router/firewall.
> 

What is a 'node' in you scenario?
Is this a oVirt host or a VM?
May I ask what would you like to achieve?
Does
https://bugzilla.redhat.com/show_bug.cgi?id=1009608
reflect what you want to achieve?

Unfortunately private VLANs are not directly supported by oVirt,
but there is the vdsm_hook isolatedprivatevlan in
https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/isolatedprivatevlan
which might solve your issue.

> Thanks
> 
> CC
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives:

Re: [ovirt-users] Re 2: q: lldpad.service needed for oVirt node (bug # 1401409) ?

2018-01-22 Thread Dominik Holler

Thanks for the feedback!
To my eyes the problem looks like not already covered by bug #1401409,
please open a new bug.
Until this new bug is fixed, you can disable the usage of LLDP for each
affected interfaces on the affected host by:

/usr/sbin/lldptool set-lldp -i $iface adminStatus=disabled


On Mon, 22 Jan 2018 21:31:52 +0200
Andrei V <andre...@starlett.lv> wrote:

> On 01/22/2018 07:15 PM, Dominik Holler wrote:
> > Yes, the service is required to provide LLDP information and is a
> > dependency of the vdsm-network package.
> > Is this uncomfortable for you?  
> 
> It crashes on my CentOS 7.
> 
> Node have 2 bridged interfaces, and its seems this bug recorded here.
> https://bugzilla.redhat.com/show_bug.cgi?id=1401409
> 
> [root@node10 ~]# journalctl -u lldpad.service
> -- Logs begin at P  2018-01-22 18:28:47 EET, end at P  2018-01-22
> 21:24:00 EET. --
> jan 22 18:29:40 node10.domain.com systemd[1]: Started Link Layer
> Discovery Protocol Agent Daemon..
> jan 22 18:29:40 node10.domain.com systemd[1]: Starting Link Layer
> Discovery Protocol Agent Daemon
> jan 22 18:32:34 node10.domain.com lldpad[1821]: recvfrom(Event
> interface): No buffer space available
> jan 22 18:32:35 node10.domain.com lldpad[1821]: recvfrom(Event
> interface): No buffer space available
> jan 22 18:32:50 node10.domain.com lldpad[1821]: recvfrom(Event
> interface): No buffer space available
> jan 22 18:32:55 node10.domain.com lldpad[1821]: recvfrom(Event
> interface): No buffer space available
> jan 22 19:08:34 node10.domain.com lldpad[1821]: lldpad: lldp/rx.c:142:
> rxProcessFrame: Assertion `agent->rx.framein && agent->rx
> jan 22 19:08:34 node10.domain.com systemd[1]: lldpad.service: main
> process exited, code=dumped, status=6/ABRT
> jan 22 19:08:34 node10.domain.com systemd[1]: Unit lldpad.service
> entered failed state.
> jan 22 19:08:34 node10.domain.com systemd[1]: lldpad.service failed.
> 
> 
> abrt-cli list --since 1516639049
> id dfc13676b38d3173315ac7c1c4c71a9d82acd9c7
> reason: lldpad killed by SIGABRT
> time:   piektdiena, 2018. gada 12. janvāris, plkst. 00 un 28
> cmdline:    /usr/sbin/lldpad -t
> package:    lldpad-1.0.1-3.git036e314.el7
> uid:    0 (root)
> count:  4
> Directory:  /var/tmp/abrt/ccpp-2018-01-12-00:28:02-1779
> 
> 
> > On Mon, 22 Jan 2018 11:31:39 +0200
> > Andrei V <andre...@starlett.lv> wrote:
> >  
> >> Hi,
> >>
> >> Does lldpad.service (Link Layer Discovery Protocol) needed for
> >> oVirt node ?
> >>
> >> Thanks
> >>
> >>
> >> ___
> >> Users mailing list
> >> Users@ovirt.org
> >> http://lists.ovirt.org/mailman/listinfo/users  
> 
> 
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Defining custom network filter or editing existing

2018-02-13 Thread Dominik Holler

On Mon, 12 Feb 2018 16:09:59 -0800
Tim Thompson  wrote:

> All,
> 
> I was wondering if someone can point me in the direction of the 
> documentation related to defining custom network filters (nwfilter)
> in 4.2. I found the docs on assigning a network filter to a vNIC
> profile, but I cannot find any mention of how you can create your
> own. Normally you'd use 'virst nwfilter-define', but that is locked
> out since vdsm manages everything. I need to expand clean-traffic's
> scope to include ipv6, since it doesn't handle ipv6 at all by
> default, it seems.
> 

Custom network filters are not supported.
If you still want to use custom network filters, you would have to:
- add custom network properties on oVirt-engine level,
- add a hook like vdsm_hooks/noipspoof/noipspoof.py which modifies
  libvirt's domain XML to activate the custom network filter and
- be yourself responsible to deploy the custom network filter
  definition to all nodes
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] ovn related events every 5 minutes on 4.2.1

2018-02-23 Thread Dominik Holler

On Fri, 23 Feb 2018 14:57:05 +0100
Gianluca Cecchi  wrote:

> Hello,
> in my events pane of 4.2.1 I see, every 5 minutes, this event
> 
> Networks of Provider ovirt-provider-ovn were successfully
> synchronized.
> 
> that fills so my table and prevent easy reading of other ones...
> Can I disable or "relax" this?
> 

Hello Gianluca,
please find [1] if you want to disable this automatic background
synchronization.
If you want to change the interval to 2h, you can do it like this
engine-config -s ExternalNetworkProviderSynchronizationRate=7200
Dominik

[1]
  https://gist.github.com/dominikholler/ed372e368d734a00cfc71e19b6ef5463
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Re: losing ib0 connection after activating host

2018-08-23 Thread Dominik Holler

Is ifcfg-ib0 created before adding the host?
Can ib0 be reconfigured using engine, e.g. by
"Compute > Hosts > hostx > Network Interfaces > Setup Host Networks"?
If this some kind of self-hosted engine?

On Thu, 23 Aug 2018 09:30:59 -0400
Douglas Duckworth  wrote:

> Here's a link to the files:
> 
> https://bit.ly/2wjZ6Vo
> 
> Thank you!
> 
> Thanks,
> 
> Douglas Duckworth, MSc, LFCS
> HPC System Administrator
> Scientific Computing Unit
> Weill Cornell Medicine
> 1300 York - LC-502
> E: d...@med.cornell.edu
> O: 212-746-6305
> F: 212-746-8690
> 
> 
> On Thu, Aug 23, 2018 at 6:51 AM, Dominik Holler 
> wrote:
> 
> > Would you please share the vdsm.log and the supervdsm.log from this
> > host?
> >
> > On Wed, 22 Aug 2018 11:36:09 -0400
> > Douglas Duckworth  wrote:
> >  
> > > Hi
> > >
> > > I keep losing ib0 connection on hypervisor after adding host to
> > > engine. This makes the host not really work since NFS will be
> > > mounted over ib0.
> > >
> > > I don't really understand why this occurs.
> > >
> > > OS:
> > >
> > > [root@ovirt-hv2 ~]# cat /etc/redhat-release
> > > CentOS Linux release 7.5.1804 (Core)
> > >
> > > Here's the network script:
> > >
> > > [root@ovirt-hv2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ib0
> > > DEVICE=ib0
> > > BOOTPROTO=static
> > > IPADDR=172.16.0.207
> > > NETMASK=255.255.255.0
> > > ONBOOT=yes
> > > ZONE=public
> > >
> > > When I try "ifup"
> > >
> > > [root@ovirt-hv2 ~]# ifup ib0
> > > Error: Connection activation failed: No suitable device found for
> > > this connection.
> > >
> > > The error in syslog:
> > >
> > > Aug 22 11:31:50 ovirt-hv2 kernel: IPv4: martian source 172.16.0.87
> > > from 172.16.0.49, on dev ib0
> > > Aug 22 11:31:53 ovirt-hv2 NetworkManager[1070]: 
> > > [1534951913.7486] audit: op="connection-activate"
> > > uuid="2ab4abde-b8a5-6cbc-19b1-2bfb193e4e89" name="System ib0"
> > > result="fail" reason="No suitable device found for this
> > > connection.
> > >
> > > As you can see media state up:
> > >
> > > [root@ovirt-hv2 ~]# ip a
> > > 1: lo:  mtu 65536 qdisc noqueue state
> > > UNKNOWN group default qlen 1000
> > > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> > > inet 127.0.0.1/8 scope host lo
> > >valid_lft forever preferred_lft forever
> > > 2: em1:  mtu 1500 qdisc mq master
> > > ovirtmgmt state UP group default qlen 1000
> > > link/ether 50:9a:4c:89:d3:81 brd ff:ff:ff:ff:ff:ff
> > > 3: em2:  mtu 1500 qdisc mq
> > > state DOWN group default qlen 1000
> > > link/ether 50:9a:4c:89:d3:82 brd ff:ff:ff:ff:ff:ff
> > > 4: p1p1:  mtu 1500 qdisc mq
> > > state DOWN group default qlen 1000
> > > link/ether b4:96:91:13:ea:68 brd ff:ff:ff:ff:ff:ff
> > > 5: p1p2:  mtu 1500 qdisc mq
> > > state DOWN group default qlen 1000
> > > link/ether b4:96:91:13:ea:6a brd ff:ff:ff:ff:ff:ff
> > > 6: idrac:  mtu 1500 qdisc
> > > pfifo_fast state UNKNOWN group default qlen 1000
> > > link/ether 50:9a:4c:89:d3:84 brd ff:ff:ff:ff:ff:ff
> > > inet 169.254.0.2/16 brd 169.254.255.255 scope global idrac
> > >valid_lft forever preferred_lft forever
> > > 7: ib0:  mtu 2044 qdisc mq state
> > > UP group default qlen 256
> > > link/infiniband
> > > a0:00:02:08:fe:80:00:00:00:00:00:00:ec:0d:9a:03:00:1d:13:41 brd
> > > 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff
> > > 8: ovs-system:  mtu 1500 qdisc noop state
> > > DOWN group default qlen 1000
> > > link/ether 12:b4:30:22:39:5b brd ff:ff:ff:ff:ff:ff
> > > 9: br-int:  mtu 1500 qdisc noop state DOWN
> > > group default qlen 1000
> > > link/ether 3e:32:e6:66:98:49 brd ff:ff:ff:ff:ff:ff
> > > 25: ovirtmgmt:  mtu 1500 qdisc
> > > noqueue state UP group default qlen 1000
> > > link/ether 50:9a:4c:89:d3:81 brd ff:ff:ff:ff:ff:ff
> > > inet 10.0.0.183/16 brd 10.0.255.255 scope global ovirtmgmt
> > >valid_lft forever preferred_lft forever
> > > 26: genev_sys_6081:  mtu 65000
> > > qdisc noqueue master ovs-system state UNKNOWN group default qlen
> > > 1000 link/ether aa:32:82:1b:01:d9 brd ff:ff:ff:ff:ff:ff
> > > 27: ;vds

[ovirt-users] Re: losing ib0 connection after activating host

2018-08-24 Thread Dominik Holler

On Thu, 23 Aug 2018 13:51:39 -0400
Douglas Duckworth  wrote:

> THANKS!
> 
> ib0 now up with NFS storage back on this hypervisor
> 

Thanks for letting us know.

> Though how do I make it a transfer network?  I don't see an option.
> 

I do not understand the meaning of "transfer network".
The network interface to use for NFS results from the routing tables of
the host.
In "Compute > Clusters > Clustername > Logical Networks > Manage
Networks" network roles for some kind of loads can be assigned, but not
for NFS access.


> Thanks,
> 
> Douglas Duckworth, MSc, LFCS
> HPC System Administrator
> Scientific Computing Unit
> Weill Cornell Medicine
> 1300 York - LC-502
> E: d...@med.cornell.edu
> O: 212-746-6305
> F: 212-746-8690
> 
> 
> On Thu, Aug 23, 2018 at 11:12 AM, Douglas Duckworth
>  > wrote:  
> 
> > Hi Dominik
> >
> > Yes, the network-script was created by our Ansible role that deploys
> > CentOS hosts.  It pulls the IP from DNS then templates the script
> > and copies to host.
> >
> > I will try this oVirt step then see if it works!
> >
> > Thanks,
> >
> > Douglas Duckworth, MSc, LFCS
> > HPC System Administrator
> > Scientific Computing Unit
> > Weill Cornell Medicine
> > 1300 York - LC-502
> > E: d...@med.cornell.edu
> > O: 212-746-6305
> > F: 212-746-8690
> >
> >
> > On Thu, Aug 23, 2018 at 11:09 AM, Dominik Holler
> >  wrote:
> >  
> >> Is ifcfg-ib0 created before adding the host?
> >> Can ib0 be reconfigured using engine, e.g. by
> >> "Compute > Hosts > hostx > Network Interfaces > Setup Host
> >> Networks"? If this some kind of self-hosted engine?
> >>
> >> On Thu, 23 Aug 2018 09:30:59 -0400
> >> Douglas Duckworth  wrote:
> >>  
> >> > Here's a link to the files:
> >> >
> >> > https://urldefense.proofpoint.com/v2/url?u=https-3A__bit.ly_  
> >> 2wjZ6Vo=DwICAg=lb62iw4YL4RFalcE2hQUQealT9-RXrryqt9KZX2qu
> >> 2s=2Fzhh_78OGspKQpl_e-CbhH6xUjnRkaqPFUS2wTJ2cw=Y25-
> >> OOvgu58jlC82-fzBeNIpQ7ZscoHznffUhqE6EBM=QQXlC9Tisa60TvimyS
> >> 3BnFDCaDF7VPD8eCzT-Fke-p0=  
> >> >
> >> > Thank you!
> >> >
> >> > Thanks,
> >> >
> >> > Douglas Duckworth, MSc, LFCS
> >> > HPC System Administrator
> >> > Scientific Computing Unit
> >> > Weill Cornell Medicine
> >> > 1300 York - LC-502
> >> > E: d...@med.cornell.edu
> >> > O: 212-746-6305
> >> > F: 212-746-8690
> >> >
> >> >
> >> > On Thu, Aug 23, 2018 at 6:51 AM, Dominik Holler
> >> >  wrote:
> >> >  
> >> > > Would you please share the vdsm.log and the supervdsm.log from
> >> > > this host?
> >> > >
> >> > > On Wed, 22 Aug 2018 11:36:09 -0400
> >> > > Douglas Duckworth  wrote:
> >> > >  
> >> > > > Hi
> >> > > >
> >> > > > I keep losing ib0 connection on hypervisor after adding host
> >> > > > to engine. This makes the host not really work since NFS
> >> > > > will be mounted over ib0.
> >> > > >
> >> > > > I don't really understand why this occurs.
> >> > > >
> >> > > > OS:
> >> > > >
> >> > > > [root@ovirt-hv2 ~]# cat /etc/redhat-release
> >> > > > CentOS Linux release 7.5.1804 (Core)
> >> > > >
> >> > > > Here's the network script:
> >> > > >
> >> > > > [root@ovirt-hv2 ~]#
> >> > > > cat /etc/sysconfig/network-scripts/ifcfg-ib0 DEVICE=ib0
> >> > > > BOOTPROTO=static
> >> > > > IPADDR=172.16.0.207
> >> > > > NETMASK=255.255.255.0
> >> > > > ONBOOT=yes
> >> > > > ZONE=public
> >> > > >
> >> > > > When I try "ifup"
> >> > > >
> >> > > > [root@ovirt-hv2 ~]# ifup ib0
> >> > > > Error: Connection activation failed: No suitable device
> >> > > > found for this connection.
> >> > > >
> >> > > > The error in syslog:
> >> > > >
> >> > > > Aug 22 11:31:50 ovirt-hv2 kernel: IPv4: martian source
> >> > > > 172.16.0.87 from 172.16.0.49, on dev ib0
> >> > > > Aug 22 11:31:53

[ovirt-users] Re: losing ib0 connection after activating host

2018-08-24 Thread Dominik Holler

On Fri, 24 Aug 2018 09:46:25 -0400
Douglas Duckworth  wrote:

> Sorry, I mean "migration network" for moving live migration traffic.
> 

You have to create a new logical network in
"Network > Networks > New"
and assign this to ib0 in
"Compute > Hosts > hostname > Network Interfaces > Setup Host Networks".
After this you can assign a role to this network in
"Compute > Clusters > Clustername > Logical Networks > Manage Networks"


> FDR infiniband much faster than 1Gb network which currently acts as
> migration network, vm network, display network, mgmt network, etc.
> 
> Thanks,
> 
> Douglas Duckworth, MSc, LFCS
> HPC System Administrator
> Scientific Computing Unit
> Weill Cornell Medicine
> 1300 York - LC-502
> E: d...@med.cornell.edu
> O: 212-746-6305
> F: 212-746-8690
> 
> 
> On Fri, Aug 24, 2018 at 9:36 AM, Dominik Holler 
> wrote:
> 
> > On Thu, 23 Aug 2018 13:51:39 -0400
> > Douglas Duckworth  wrote:
> >  
> > > THANKS!
> > >
> > > ib0 now up with NFS storage back on this hypervisor
> > >  
> >
> > Thanks for letting us know.
> >  
> > > Though how do I make it a transfer network?  I don't see an
> > > option. 
> >
> > I do not understand the meaning of "transfer network".
> > The network interface to use for NFS results from the routing
> > tables of the host.
> > In "Compute > Clusters > Clustername > Logical Networks > Manage
> > Networks" network roles for some kind of loads can be assigned, but
> > not for NFS access.
> >
> >  
> > > Thanks,
> > >
> > > Douglas Duckworth, MSc, LFCS
> > > HPC System Administrator
> > > Scientific Computing Unit
> > > Weill Cornell Medicine
> > > 1300 York - LC-502
> > > E: d...@med.cornell.edu
> > > O: 212-746-6305
> > > F: 212-746-8690
> > >
> > >
> > > On Thu, Aug 23, 2018 at 11:12 AM, Douglas Duckworth
> > >  > > > wrote:  
> > >  
> > > > Hi Dominik
> > > >
> > > > Yes, the network-script was created by our Ansible role that
> > > > deploys CentOS hosts.  It pulls the IP from DNS then templates
> > > > the script and copies to host.
> > > >
> > > > I will try this oVirt step then see if it works!
> > > >
> > > > Thanks,
> > > >
> > > > Douglas Duckworth, MSc, LFCS
> > > > HPC System Administrator
> > > > Scientific Computing Unit
> > > > Weill Cornell Medicine
> > > > 1300 York - LC-502
> > > > E: d...@med.cornell.edu
> > > > O: 212-746-6305
> > > > F: 212-746-8690
> > > >
> > > >
> > > > On Thu, Aug 23, 2018 at 11:09 AM, Dominik Holler
> > > >  wrote:
> > > >  
> > > >> Is ifcfg-ib0 created before adding the host?
> > > >> Can ib0 be reconfigured using engine, e.g. by
> > > >> "Compute > Hosts > hostx > Network Interfaces > Setup Host
> > > >> Networks"? If this some kind of self-hosted engine?
> > > >>
> > > >> On Thu, 23 Aug 2018 09:30:59 -0400
> > > >> Douglas Duckworth  wrote:
> > > >>  
> > > >> > Here's a link to the files:
> > > >> >
> > > >> > https://urldefense.proofpoint.com/v2/url?u=https-3A__bit.ly_  
> > > >> 2wjZ6Vo=DwICAg=lb62iw4YL4RFalcE2hQUQealT9-RXrryqt9KZX2qu
> > > >> 2s=2Fzhh_78OGspKQpl_e-CbhH6xUjnRkaqPFUS2wTJ2cw=Y25-
> > > >> OOvgu58jlC82-fzBeNIpQ7ZscoHznffUhqE6EBM=QQXlC9Tisa60TvimyS
> > > >> 3BnFDCaDF7VPD8eCzT-Fke-p0=  
> > > >> >
> > > >> > Thank you!
> > > >> >
> > > >> > Thanks,
> > > >> >
> > > >> > Douglas Duckworth, MSc, LFCS
> > > >> > HPC System Administrator
> > > >> > Scientific Computing Unit
> > > >> > Weill Cornell Medicine
> > > >> > 1300 York - LC-502
> > > >> > E: d...@med.cornell.edu
> > > >> > O: 212-746-6305
> > > >> > F: 212-746-8690
> > > >> >
> > > >> >
> > > >> > On Thu, Aug 23, 2018 at 6:51 AM, Dominik Holler
> > > >> >  wrote:
> > > >> >  
> > > >> > > Would you please share the vdsm.log and the supervds

[ovirt-users] Re: mask or disabled lldpad service

2018-08-28 Thread Dominik Holler

On Tue, 28 Aug 2018 15:18:33 +0200
Klaas Demter  wrote:

> Hi,
> I have a  QLogic Corp. QLogic 2x1GE+2x10GE QL41162HMRJ CNA network
> card. This network card comes with it's own lldp implementation inside
> their management firmware. Running two lldp agents seems to create
> several issues
> (http://lists.us.dell.com/pipermail/linux-poweredge/2018-July/051860.html).
> The QLogic engineers said I need to disable lldpad in the operating
> system. This leads me here, what is lldp actually used for within
> ovirt? 

LLDP information is provided on REST-API and UI, see
https://ovirt.org/develop/release-management/features/network/lldp/
for details.
LLDP is optional. It is save to mask lldpad.
For this reason lldpad is just "wanted", but not "required" by
supervdsmd.

> If it is actually needed how could I deal with a card that
> does not support lldpad but rather has it's own implementation?
> 
> Greetings
> Klaas
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/ List
> Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/SYN4HQXBLLRIFVKTBZUO5VNVLFWVXAOG/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/LD4XJHVUKKRDFQU2CVQWLAHAMU2DGNGQ/

[ovirt-users] Re: losing ib0 connection after activating host

2018-08-23 Thread Dominik Holler

Would you please share the vdsm.log and the supervdsm.log from this
host?

On Wed, 22 Aug 2018 11:36:09 -0400
Douglas Duckworth  wrote:

> Hi
> 
> I keep losing ib0 connection on hypervisor after adding host to
> engine. This makes the host not really work since NFS will be mounted
> over ib0.
> 
> I don't really understand why this occurs.
> 
> OS:
> 
> [root@ovirt-hv2 ~]# cat /etc/redhat-release
> CentOS Linux release 7.5.1804 (Core)
> 
> Here's the network script:
> 
> [root@ovirt-hv2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ib0
> DEVICE=ib0
> BOOTPROTO=static
> IPADDR=172.16.0.207
> NETMASK=255.255.255.0
> ONBOOT=yes
> ZONE=public
> 
> When I try "ifup"
> 
> [root@ovirt-hv2 ~]# ifup ib0
> Error: Connection activation failed: No suitable device found for this
> connection.
> 
> The error in syslog:
> 
> Aug 22 11:31:50 ovirt-hv2 kernel: IPv4: martian source 172.16.0.87
> from 172.16.0.49, on dev ib0
> Aug 22 11:31:53 ovirt-hv2 NetworkManager[1070]: 
> [1534951913.7486] audit: op="connection-activate"
> uuid="2ab4abde-b8a5-6cbc-19b1-2bfb193e4e89" name="System ib0"
> result="fail" reason="No suitable device found for this connection.
> 
> As you can see media state up:
> 
> [root@ovirt-hv2 ~]# ip a
> 1: lo:  mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
>valid_lft forever preferred_lft forever
> 2: em1:  mtu 1500 qdisc mq master
> ovirtmgmt state UP group default qlen 1000
> link/ether 50:9a:4c:89:d3:81 brd ff:ff:ff:ff:ff:ff
> 3: em2:  mtu 1500 qdisc mq state
> DOWN group default qlen 1000
> link/ether 50:9a:4c:89:d3:82 brd ff:ff:ff:ff:ff:ff
> 4: p1p1:  mtu 1500 qdisc mq state
> DOWN group default qlen 1000
> link/ether b4:96:91:13:ea:68 brd ff:ff:ff:ff:ff:ff
> 5: p1p2:  mtu 1500 qdisc mq state
> DOWN group default qlen 1000
> link/ether b4:96:91:13:ea:6a brd ff:ff:ff:ff:ff:ff
> 6: idrac:  mtu 1500 qdisc pfifo_fast
> state UNKNOWN group default qlen 1000
> link/ether 50:9a:4c:89:d3:84 brd ff:ff:ff:ff:ff:ff
> inet 169.254.0.2/16 brd 169.254.255.255 scope global idrac
>valid_lft forever preferred_lft forever
> 7: ib0:  mtu 2044 qdisc mq state UP
> group default qlen 256
> link/infiniband
> a0:00:02:08:fe:80:00:00:00:00:00:00:ec:0d:9a:03:00:1d:13:41 brd
> 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff
> 8: ovs-system:  mtu 1500 qdisc noop state DOWN
> group default qlen 1000
> link/ether 12:b4:30:22:39:5b brd ff:ff:ff:ff:ff:ff
> 9: br-int:  mtu 1500 qdisc noop state DOWN group
> default qlen 1000
> link/ether 3e:32:e6:66:98:49 brd ff:ff:ff:ff:ff:ff
> 25: ovirtmgmt:  mtu 1500 qdisc
> noqueue state UP group default qlen 1000
> link/ether 50:9a:4c:89:d3:81 brd ff:ff:ff:ff:ff:ff
> inet 10.0.0.183/16 brd 10.0.255.255 scope global ovirtmgmt
>valid_lft forever preferred_lft forever
> 26: genev_sys_6081:  mtu 65000 qdisc
> noqueue master ovs-system state UNKNOWN group default qlen 1000
> link/ether aa:32:82:1b:01:d9 brd ff:ff:ff:ff:ff:ff
> 27: ;vdsmdummy;:  mtu 1500 qdisc noop state DOWN
> group default qlen 1000
> link/ether 32:ff:5d:b8:c2:b4 brd ff:ff:ff:ff:ff:ff
> 
> The card is FDR:
> 
> [root@ovirt-hv2 ~]# lspci -v | grep Mellanox
> 01:00.0 Network controller: Mellanox Technologies MT27500 Family
> [ConnectX-3]
> Subsystem: Mellanox Technologies Device 0051
> 
> Latest OFED driver:
> 
> [root@ovirt-hv2 ~]# /etc/init.d/openibd status
> 
>   HCA driver loaded
> 
> Configured IPoIB devices:
> ib0
> 
> Currently active IPoIB devices:
> ib0
> Configured Mellanox EN devices:
> 
> Currently active Mellanox devices:
> ib0
> 
> The following OFED modules are loaded:
> 
>   rdma_ucm
>   rdma_cm
>   ib_ipoib
>   mlx4_core
>   mlx4_ib
>   mlx4_en
>   mlx5_core
>   mlx5_ib
>   ib_uverbs
>   ib_umad
>   ib_ucm
>   ib_cm
>   ib_core
>   mlxfw
>   mlx5_fpga_tools
> 
> I can add an IP to ib0 using "ip addr" though I need Network Manager
> to work with ib0.
> 
> 
> Thanks,
> 
> Douglas Duckworth, MSc, LFCS
> HPC System Administrator
> Scientific Computing Unit
> Weill Cornell Medicine
> 1300 York - LC-502
> E: d...@med.cornell.edu
> O: 212-746-6305
> F: 212-746-8690
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VQLZ6YQSGNFZSTLHQVKZAXQ2EYVKM7XY/

[ovirt-users] Re: interface up when not used

2018-07-24 Thread Dominik Holler

On Tue, 24 Jul 2018 11:04:58 +0200
Fabrice Bacchella  wrote:

> To monitoring the network interfaces, I have a script that check if
> ifAdminStatus and ifOperStatus values matches in snmp.
> 
> But with oVirt it fails on a server with 4 physical interfaces, but
> only two connected, and return an error:
> 

You want that eth0 and eth1 are UP, and eth2 and eth3 are DOWN?

> snmptable XXX IF-MIB::ifTable | less
> SNMP table: IF-MIB::ifTable
> 
>  ifIndex ifDescr ifAdminStatus ifOperStatus
>1  loup   up
>2eth0up   up
>3eth1up   up
>4eth2up down
>5eth3up down
>   24 ;vdsmdummy;  down down
>   25   vnet0up   up
> 
> 
> And indeed on the server:
> 
> ip link show eth2
> 4: eth2:  mtu 1500 qdisc mq state
> DOWN mode DEFAULT group default qlen 1000 link/ether
> 40:a8:f0:30:81:1a brd ff:ff:ff:ff:ff:ff
> 

looks like eth2 is DOWN, as expected.

> 
> It's up, but I don't configured it on oVirt, removed ifcg-eth2. Is
> there a way to disable it ?

eth2 seems to be in state DOWN, which seems to be reflected in
ifOperStatus.

Is the issue that ifAdminStatus is up for eth2 and eth3, but you want
it to be down?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/6UT2T3IFNWUFMOWHKK6LZRQOZHJ5HOXI/

[ovirt-users] Re: OVN and MTU of vnics based on it clarification

2018-07-09 Thread Dominik Holler

On Sat, 7 Jul 2018 16:28:49 +0200
Gianluca Cecchi  wrote:

> Hello,
> I'm testing a virtual rhcs cluster based on 4 nodes that are CentOS
> 7.4 VMs. So the stack is based on Corosync/Pacemaker
> I have two oVirt hosts and so my plan is to put two VMs on first host
> and two VMs on the second host, to simulate a two sites config and
> site loss, before going to physical production config.
> Incidentally the two hypervisor hosts are indeed placed into different
> physical datacenters.
> So far so good.
> I decided to use OVN for the intracluster dedicated network
> configured for corosync (each VM has two vnics, one on production lan
> and one for intracluster).
> I detected that the cluster worked and formed (also only two nodes)
> only if the VMs run on the same host, while it seems they are not
> able to communicate when on different hosts. Ping is ok and an
> attempt of ssh session between them on intracluster lan, but cluster
> doesn't come up So after digging in past mailing list mails I found
> this recent one:
> https://lists.ovirt.org/archives/list/users@ovirt.org/thread/RMS7XFOZ67O3ERJB4ABX5MGXTE5FO2LT/
> 
> where the solution was to set 1400 for the MTU of the interfaces on
> OVN network.
> It seems it resolves the problem also in my scenario:
> - I live migrated two VMs on the second host and rhcs clusterware
> didn't complain
> - I relocated a resource group composed by several LV/FS, VIP and
> application from VM running on host1 to VM running on host2 without
> problems.
> 

There will be a new feature [1][2] about propagating the MTU of the
logical network into the guest.
In ovirt-4.2.5 the logical network MTU <= 1500 will be propagated for
clusters with switch type OVS and linux bridge, and MTU > 1500 will be
propagated only for clusters with switch type linux bridge, if the
requirements [3] are fulfilled in oVirt >= 4.2.5. OVS clusters will
work for MTU > 1500 latest in oVirt 4.3.
In this new feature a new default config setting "MTU for tunneled
networks" is introduced, which will be set initially to 1442.

> So the question is: can anyone confirm what are guidelines for
> settings vnics on OVN?

In the context of oVirt, I am only aware of [1] and [4].
Starting from oVirt 4.1 you can activate the OVN's internal dhcp server
by creating a subnet for the network [4]. The default configuration will
offer a MTU of 1442 to the guest, which is optimal for GENEVE tunneled
networks over physical networks with a MTU of 1500.

> Is there already a document in place about MTU
> settings for OVN based vnics? 

There are some documents about MTU in OpenStack referenced in [1].

> Other particular settings or
> limitations if I want to configure a vnic on OVN?
> 

libvirt's network filters are not applied to OVN networks, so you
should disable network filtering in oVirt's vNIC profile. This is
tracked in [5].


[1]
  
https://ovirt.org/develop/release-management/features/network/managed_mtu_for_vm_networks/

[2]
  https://github.com/oVirt/ovirt-site/pull/1667

[3]
  
https://ovirt.org/develop/release-management/features/network/managed_mtu_for_vm_networks/#limitations

[4]
  https://github.com/oVirt/ovirt-provider-ovn/#section-dhcp

[5]
  https://bugzilla.redhat.com/show_bug.cgi?id=1502754

> Thanks,
> 
> Gianluca
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/LZXNYHK554BCVHAXG2JXJ6AG3TU5DK4Y/

Re: [ovirt-users] q: lldpad.service needed for oVirt node ?

2018-01-22 Thread Dominik Holler

Yes, the service is required to provide LLDP information and is a
dependency of the vdsm-network package.
Is this uncomfortable for you?

On Mon, 22 Jan 2018 11:31:39 +0200
Andrei V  wrote:

> Hi,
> 
> Does lldpad.service (Link Layer Discovery Protocol) needed for oVirt
> node ?
> 
> Thanks
> 
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] How to manage virtual networks in oVirt 4.2?

2018-01-23 Thread Dominik Holler

The ovirt-provider-ovn implements parts of OpenStack Networking API
(Neutron). This way every client for OpenStack Networking API may work
for the features which are already implemented by ovirt-provider-ovn.
I successfully used the neutron cli, e.g. by
OS_PASSWORD=xxx OS_AUTH_URL=https://0.0.0.0:35357/v2.0 \
OS_CACERT=/etc/pki/ovirt-engine/ca.pem neutron ovn-nbctl

The library shade [1] is very usable, because you are able to restrict
to parts of the API which are already implemented.

Ansibles os_* modules [2] are not yet working fluently because of some
gaps in the API in the current implementation.

There are still many gaps in the implementation, e.g. NAT, but
you are welcome to report gaps in the API which hurts you as bugs on
ovirt-provider-ovn.

There is no technical limitation in using the raw ovn-nbctl commands,
but this not supported.

[1]
  https://docs.openstack.org/shade/latest/

[2]
  http://docs.ansible.com/ansible/latest/os_network_module.html

On Tue, 23 Jan 2018 23:43:49 +0300
Dmitry Semenov  wrote:

> I use OVN with linuxbridge. Where and how I may adjust routing, NAT
> etc. for virtual networks? ManageIQ doesn't see them (probably it is
> devoted that my switch type should be OVS) :(
> 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Ovirt and OVH vRack

2018-03-15 Thread Dominik Holler

On Thu, 15 Mar 2018 09:09:41 +
Fabien Carré  wrote:

> Hello,
> I am trying to set up an oVirt environment using OVH servers. So far
> I have installed an engine (4.2) and a node. The node is attached to
> a NAS through a vRack
> https://www.ovh.co.uk/solutions/vrack/network-technology.xml. I am
> using one vlan to connect it, which is the management network
> 
> 
> However it is not a perfect setup (cf attached screenshot). The
> management network is in  "Out-of-Sync" state.
> on the node :
> # ip addr
> 28: eno4.100@eno4:  mtu 1500 qdisc
> noqueue master ovirtmgmt state UP qlen 1000
> link/ether 0c:c4:ff:7a:6c:13 brd ff:ff:ff:ff:ff:ff
> 29: ovirtmgmt:  mtu 1500 qdisc
> noqueue state UP qlen 1000
> link/ether 0c:c4:ff:7a:6c:13 brd ff:ff:ff:ff:ff:ff
> inet 10.100.0.11/24 brd 10.100.0.255 scope global ovirtmgmt
>valid_lft forever preferred_lft forever
> 
> 
> [image: Screenshot from 2018-03-15 09-03-37.png]
> It does not seem possible to add extra vlan. I wanted to have one for
> the vms and one for the hosts.
> Can you give me some help or guidance ?
> 
> Also generally speaking do you think such a setup is fine ?
> 
> Thank you
> Fabien


If you are limited to a single VLAN, I would use this as a single
logical network in oVirt. To isolate the traffic between VMs, I
would use external logical networks on the ovirt-provider-ovn.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Can't sync networks

2018-04-09 Thread Dominik Holler

On Mon, 9 Apr 2018 07:39:13 -0700
Cole Johnson <sizzlinsagu...@gmail.com> wrote:

> Where can I find this information?  The best I can find is if I am in
> the "Setup Host" dialog, and mouse over the un-synced network.  The
> message reads "Host Network's configurations differ from DC".

The table below this message in dialog.jpeg shows the values not in
sync, which is the default route of the host.
 
> If this
> is the error message, what do I need to do to make the configurations
> match?  

Ensure that the gateway of ovirtmgt is the default route on the host.

> Isn't this the whole point of what I am trying to do here?  I
> have attached some screenshots of the different messages that I
> encounter.
> 
> On Mon, Apr 9, 2018 at 12:54 AM, Dominik Holler <dhol...@redhat.com>
> wrote:
> > On Wed, 4 Apr 2018 11:19:33 -0700
> > Cole Johnson <sizzlinsagu...@gmail.com> wrote:
> >  
> >> Hello,
> >> I am trying to set up a 3 host gluster hyperconverged self hosted
> >> engine running on oVirt Nodes. ( I think that I have all of the
> >> buzzwords here) All of the hardware is the same.  I am using the
> >> guide from here:
> >> https://www.ovirt.org/blog/2018/02/up-and-running-with-ovirt-4-2-and-gluster-storage/
> >> and the documentation here:
> >> https://www.ovirt.org/documentation/gluster-hyperconverged/Gluster_Hyperconverged_Guide/
> >> for reference.
> >> I have used the setup wizards from the cockpit interface to setup
> >> gluster and the hosted engine successfully.  I have configured the
> >> gluster storage and setup all of the hosts inside the hosted
> >> engine.
> >>
> >> My problem occurs when I try to configure a separate storage
> >> network as shown in the blog post.  I can get thru the process as
> >> outlined, on all three hosts, but the status will not change from
> >> "out-of-sync".  I can press the "Sync All Networks", and I get a
> >> notification which says "Finished SyncAllHostNetworks", but the
> >> status of the storage network remains "out-of-sync" .
> >>  
> >
> >
> > The "Setup Host Networks" dialog presents the information why the
> > network is marked as "out-of-sync".
> > Does the information presented helps you?
> >  
> >> I don't know if this is related, but I cannot migrate the
> >> HostedEngine vm between hosts.
> >>
> >> I have attached the contents of vdsm.log
> >>
> >> Any help is appreciated.  
> >  

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] OVN between two different datacenters with different networks

2018-04-10 Thread Dominik Holler

On Tue, 10 Apr 2018 11:48:50 +
Vasily Lamykin  wrote:

> Hi, all
> I try to configure ovn in engine, what I do by step:
> 1.Created network test1 with external ovn provider on engine1
> 2.Created subnet for this network
> 3.Connect engine2 to engine1 ovn provider(through “add provider”)
> 4.Successfully imported network test1 on engine2
> 5.I see subnet’s on all engines
> 6.Created 2 VM with nic in network test1 on both engines
> 7.Assigned ips from one subnet(192.168.10.0/24) to all VMs
> 

The subnet is used to configure OVN's internal DHCP server.
This means you use DHCP to assign IPs to the vNICs, which is already a
good test if the VM is connected as expected.

> Expected results: VM from engine1 can ping VM from engine2 in same
> subnet in ovn network test1
> 
> Now, I don’t have ping ability between two VMs
> 
> ovn-nbctl show
> switch 54beaa3c-de8f-435f-b132-8542ddeb4b4b (test-ovn-phys)
> port b580d44d-e616-42dd-9e17-63983d0f91e5
> addresses: ["00:1a:4a:16:01:01 dynamic"]
> port cfd5f32c-00a7-419e-8bbe-27518a4c74dc
> addresses: ["00:1a:4a:16:01:00 dynamic"]
> 
> node from engine1 with testVM
> vnet0:  mtu 1500 qdisc pfifo_fast
> master ovs-system state UNKNOWN qlen 1000 link/ether
> fe:1a:4a:16:01:01 brd ff:ff:ff:ff:ff:ff inet6
> fe80::fc1a:4aff:fe16:101/64 scope link valid_lft forever
> preferred_lft forever
> 
> node from engine2 with testVM
> vnet0:  mtu 1500 qdisc pfifo_fast
> master ovs-system state UNKNOWN qlen 1000 link/ether
> fe:1a:4a:16:01:00 brd ff:ff:ff:ff:ff:ff inet6
> fe80::fc1a:4aff:fe16:100/64 scope link valid_lft forever
> preferred_lft forever
> 
> How can I do ovn connection? What I did wrong?
> 

Please note that per host only a single OVN central is supported!

Please check via
sudo ovn-sbctl show
on engine1 if both hosts are connected to OVN central engine1.

Probably the host of engine2 is configured to use engine2 as it's OVN
central. Probable the host of engine2 has to be connected to OVN
central engine1 and the tunneling interface might require some
configuration.

Both is handled by executing
/usr/libexec/ovirt-provider-ovn/setup_ovn_controller.sh \
 IP-central tunneling-IP key_file cert_file ca_file
on the host.

Probably
IP-central is IP-of-engine1
tunneling-IP is IP-of-host-of-engine-2
and key_file cert_file ca_file has to be stolen from host of engine1
and copied in a new location on host2 and configured on host2.


> 
> 
> Информация в этом сообщении предназначена исключительно для
> конкретных лиц, которым она адресована. В сообщении может содержаться
> конфиденциальная информация, которая не может быть раскрыта или
> использована кем-либо, кроме адресатов. Если вы не адресат этого
> сообщения, то использование, переадресация, копирование или
> распространение содержания сообщения или его части незаконно и
> запрещено. Если Вы получили это сообщение ошибочно, пожалуйста,
> незамедлительно сообщите отправителю об этом и удалите со всем
> содержимым само сообщение и любые возможные его копии и приложения.
> 
> The information contained in this communication is intended solely
> for the use of the individual or entity to whom it is addressed and
> others authorized to receive it. It may contain confidential or
> legally privileged information. The contents may not be disclosed or
> used by anyone other than the addressee. If you are not the intended
> recipient(s), any use, disclosure, copying, distribution or any
> action taken or omitted to be taken in reliance on it is prohibited
> and may be unlawful. If you have received this communication in error
> please notify us immediately by responding to this email and then
> delete the e-mail and all attachments and any copies thereof.
> 
> -

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] admin account constantly gets locked

2018-04-12 Thread Dominik Holler

On Thu, 12 Apr 2018 13:57:45 +0200
Martin Perina  wrote:

> On Thu, Apr 12, 2018 at 1:04 PM, Martin Perina 
> wrote:
> 
> >
> >
> > On Thu, Apr 12, 2018 at 12:44 PM, Eitan Raviv 
> > wrote: 
> >> The recurring denied access for every SyncNetworkProvider might be
> >> because you changed the admin password on the engine but not on the
> >> provider.
> >>
> >> Dominik, will updating to the same password on the provider solve
> >> the denied access?
> >> Martin, does the engine lock out the admin user for failed retries?
> >>  
> >
> > Of course, after 5 incorrect logins the account is locked. But I
> > looked at logs and I can't see any login errors, so currently
> > trying to reproduce to find out what's going on ...
> >  
> 
> OK, so confirmed. If you change password for admin@internal using
> aaa-jdbc-tool and you don't change immediately for OVN provider, then
> admin@interal account is locked.
> 
> We should probably change logic in OVN provider to shutdown the OVN
> provider service if authentication failure to engine is raised. Using
> this we will break OVN provider, but
> it seems to me much less severe than locking admin@internal account.
> Dominik, what do you think?
> 

If we would shutdown the provider an authentication failure, and
engine's admin has no access to engine's host super user shell, there is
no way to recover for engine's admin.
Even the authentication failure might be triggered from outside oVirt
engine, shutting down the provider will disable the start of VMs with
OVN networks.

What is you opinion about the approach if the request comes from inside
engine, e.g. by SyncNetworkProviderCommand or other operations, the
provider object inside engine would be marked as invalid on
authentication error and block all interaction until the
credentials is updated?


> 
> 
> > 
> >
> >  
> >>
> >>
> >> HTH
> >>
> >>
> >> On Thu, Apr 12, 2018 at 12:29 PM, Käfer Marcel <  
> >> marcel.kae...@putzbrunn.de> wrote:  
> >>  
> >>> Here are the logfiles…
> >>>
> >>>
> >>>
> >>> Thanks
> >>>
> >>>
> >>>
> >>> *Von:* Eitan Raviv [mailto:era...@redhat.com]
> >>> *Gesendet:* Donnerstag, 12. April 2018 11:12
> >>> *An:* Käfer Marcel
> >>> *Cc:* users@ovirt.org; Martin Perina
> >>> *Betreff:* Re: [ovirt-users] admin account constantly gets locked
> >>>
> >>>
> >>>
> >>> The sync network command is probably unrelated.
> >>>
> >>> Can you attach the full engine and the setup logs?
> >>>
> >>> Martin, this looks a bit like [1]. Any idea?
> >>>
> >>> Thanks
> >>>
> >>>
> >>>
> >>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1410955
> >>>
> >>>
> >>>
> >>> On Thu, Apr 12, 2018 at 10:22 AM, Käfer Marcel <  
> >>> marcel.kae...@putzbrunn.de> wrote:  
> >>>
> >>> Hello,
> >>>
> >>> a few days ago I installed an ovirt-engine 4.2.2.6 following the
> >>> steps of the documentation. After the installation I logged in to
> >>> the admin page, configured a datadomain and changed the admin
> >>> password. After a few hours I tried to login again, using the new
> >>> password and got "Unable to log in because the user account is
> >>> disabled or locked. Contact the system administrator." So I
> >>> unlocked the admin account from the shell using
> >>> "ovirt-aaa-jdbc-tool user unlock admin" which worked fine and I
> >>> was able to continue working till the next login.
> >>>
> >>> I traced the /var/log/ovirt-engine/engine.log and found this after
> >>> unlocking the admin account again.
> >>>
> >>> 2018-04-12 09:06:19,984+02 INFO  [org.ovirt.engine.core.bll.pro
> >>> vider.network.SyncNetworkProviderCommand]
> >>> (EE-ManagedThreadFactory-engineScheduled-Thread-87) [2ed5aa42]
> >>> Lock Acquired to object
> >>> 'EngineLock:{exclusiveLocks='[ 
> >>> e37c0b9e-09bc-4893-9b0c-c70f56d6ecfc=PROVIDER]',
> >>> sharedLocks=''}' 2018-04-12 09:06:19,991+02 INFO
> >>> [org.ovirt.engine.core.bll.pro
> >>> vider.network.SyncNetworkProviderCommand]
> >>> (EE-ManagedThreadFactory-engineScheduled-Thread-87) [2ed5aa42]
> >>> Running command: SyncNetworkProviderCommand internal: true.
> >>> 2018-04-12 09:06:20,102+02 INFO
> >>> [org.ovirt.engine.extension.aaa.jdbc.core.Authentication]
> >>> (default task-239) [] locking user: admin due to interval
> >>> failures 2018-04-12 09:06:25,046+02 ERROR
> >>> [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-239) []
> >>> OAuthException access_denied: Cannot authenticate user
> >>> 'admin@internal': The username or password is incorrect..
> >>> 2018-04-12 09:06:25,049+02 ERROR [org.ovirt.engine.core.bll.pro
> >>> vider.network.SyncNetworkProviderCommand]
> >>> (EE-ManagedThreadFactory-engineScheduled-Thread-87) [2ed5aa42]
> >>> Command 'org.ovirt.engine.core.bll.pro
> >>> vider.network.SyncNetworkProviderCommand' failed:
> >>> EngineException: (Failed with error Unauthorized and code 5050)
> >>> 2018-04-12 09:06:25,050+02 INFO  [org.ovirt.engine.core.bll.pro
> >>> vider.network.SyncNetworkProviderCommand]
> >>>

Re: [ovirt-users] Can't sync networks

2018-04-09 Thread Dominik Holler

On Wed, 4 Apr 2018 11:19:33 -0700
Cole Johnson  wrote:

> Hello,
> I am trying to set up a 3 host gluster hyperconverged self hosted
> engine running on oVirt Nodes. ( I think that I have all of the
> buzzwords here) All of the hardware is the same.  I am using the guide
> from here:
> https://www.ovirt.org/blog/2018/02/up-and-running-with-ovirt-4-2-and-gluster-storage/
> and the documentation here:
> https://www.ovirt.org/documentation/gluster-hyperconverged/Gluster_Hyperconverged_Guide/
> for reference.
> I have used the setup wizards from the cockpit interface to setup
> gluster and the hosted engine successfully.  I have configured the
> gluster storage and setup all of the hosts inside the hosted engine.
> 
> My problem occurs when I try to configure a separate storage network
> as shown in the blog post.  I can get thru the process as outlined, on
> all three hosts, but the status will not change from "out-of-sync".  I
> can press the "Sync All Networks", and I get a notification which says
> "Finished SyncAllHostNetworks", but the status of the storage network
> remains "out-of-sync" .
> 


The "Setup Host Networks" dialog presents the information why the
network is marked as "out-of-sync".
Does the information presented helps you? 

> I don't know if this is related, but I cannot migrate the HostedEngine
> vm between hosts.
> 
> I have attached the contents of vdsm.log
> 
> Any help is appreciated.

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] External Provider https (unknown error)

2018-04-06 Thread Dominik Holler

On Wed, 4 Apr 2018 13:29:56 +0200
Stefan Wendler  wrote:

> Hi,
> 
> I am currently trying to attach Glance (OpenStack Image) and Cinder
> (OpenStack Volume) as external provider and am facing a problem when
> trying to use https in the Provider-URL on an ovirt 3.6 and 4.1
> cluster.
> 
> The Provider-URL I am using is in the form:
> https://:9292 (or port 8776 for Cinder -  is either a fqdn
> or an IP-Address)
> 
> Whenever I press the "Test" button in the "Add Provider" dialog I get
> the message "Test Failed (unknown error)." There is no entry in any
> logfile whatsoever (at least not in any logs that are associated with
> ovirt). I would expect an ssl cert dialog here. I can telnet to the
> destination ports from the engine and the nodes so Clance and Cinder
> are reachable
> 
> I have also read that this might happen, if there is a corrupted
> /var/lib/ovirt-engine/external_truststore
> But this file is not even existing and when i create it by hand, it is
> not touched.
> 
> How can I get this to work or even get an error message that gives me
> a hint where to look?
> 

If there is something logged, it would be in engine.log.
Can you please re-check if there is something related logged in
engine.log?

Are you using authentication?

Do you use HTTPS for Glance/Cinder and authentication?

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] admin account constantly gets locked

2018-04-17 Thread Dominik Holler

I created https://bugzilla.redhat.com/1568413 to track the issue.

On Thu, 12 Apr 2018 13:57:45 +0200
Martin Perina  wrote:

> On Thu, Apr 12, 2018 at 1:04 PM, Martin Perina 
> wrote:
> 
> >
> >
> > On Thu, Apr 12, 2018 at 12:44 PM, Eitan Raviv 
> > wrote: 
> >> The recurring denied access for every SyncNetworkProvider might be
> >> because you changed the admin password on the engine but not on the
> >> provider.
> >>
> >> Dominik, will updating to the same password on the provider solve
> >> the denied access?
> >> Martin, does the engine lock out the admin user for failed retries?
> >>  
> >
> > Of course, after 5 incorrect logins the account is locked. But I
> > looked at logs and I can't see any login errors, so currently
> > trying to reproduce to find out what's going on ...
> >  
> 
> OK, so confirmed. If you change password for admin@internal using
> aaa-jdbc-tool and you don't change immediately for OVN provider, then
> admin@interal account is locked.
> 
> We should probably change logic in OVN provider to shutdown the OVN
> provider service if authentication failure to engine is raised. Using
> this we will break OVN provider, but
> it seems to me much less severe than locking admin@internal account.
> Dominik, what do you think?
> 
> 
> 
> > 
> >
> >  
> >>
> >>
> >> HTH
> >>
> >>
> >> On Thu, Apr 12, 2018 at 12:29 PM, Käfer Marcel <  
> >> marcel.kae...@putzbrunn.de> wrote:  
> >>  
> >>> Here are the logfiles…
> >>>
> >>>
> >>>
> >>> Thanks
> >>>
> >>>
> >>>
> >>> *Von:* Eitan Raviv [mailto:era...@redhat.com]
> >>> *Gesendet:* Donnerstag, 12. April 2018 11:12
> >>> *An:* Käfer Marcel
> >>> *Cc:* users@ovirt.org; Martin Perina
> >>> *Betreff:* Re: [ovirt-users] admin account constantly gets locked
> >>>
> >>>
> >>>
> >>> The sync network command is probably unrelated.
> >>>
> >>> Can you attach the full engine and the setup logs?
> >>>
> >>> Martin, this looks a bit like [1]. Any idea?
> >>>
> >>> Thanks
> >>>
> >>>
> >>>
> >>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1410955
> >>>
> >>>
> >>>
> >>> On Thu, Apr 12, 2018 at 10:22 AM, Käfer Marcel <  
> >>> marcel.kae...@putzbrunn.de> wrote:  
> >>>
> >>> Hello,
> >>>
> >>> a few days ago I installed an ovirt-engine 4.2.2.6 following the
> >>> steps of the documentation. After the installation I logged in to
> >>> the admin page, configured a datadomain and changed the admin
> >>> password. After a few hours I tried to login again, using the new
> >>> password and got "Unable to log in because the user account is
> >>> disabled or locked. Contact the system administrator." So I
> >>> unlocked the admin account from the shell using
> >>> "ovirt-aaa-jdbc-tool user unlock admin" which worked fine and I
> >>> was able to continue working till the next login.
> >>>
> >>> I traced the /var/log/ovirt-engine/engine.log and found this after
> >>> unlocking the admin account again.
> >>>
> >>> 2018-04-12 09:06:19,984+02 INFO  [org.ovirt.engine.core.bll.pro
> >>> vider.network.SyncNetworkProviderCommand]
> >>> (EE-ManagedThreadFactory-engineScheduled-Thread-87) [2ed5aa42]
> >>> Lock Acquired to object
> >>> 'EngineLock:{exclusiveLocks='[ 
> >>> e37c0b9e-09bc-4893-9b0c-c70f56d6ecfc=PROVIDER]',
> >>> sharedLocks=''}' 2018-04-12 09:06:19,991+02 INFO
> >>> [org.ovirt.engine.core.bll.pro
> >>> vider.network.SyncNetworkProviderCommand]
> >>> (EE-ManagedThreadFactory-engineScheduled-Thread-87) [2ed5aa42]
> >>> Running command: SyncNetworkProviderCommand internal: true.
> >>> 2018-04-12 09:06:20,102+02 INFO
> >>> [org.ovirt.engine.extension.aaa.jdbc.core.Authentication]
> >>> (default task-239) [] locking user: admin due to interval
> >>> failures 2018-04-12 09:06:25,046+02 ERROR
> >>> [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-239) []
> >>> OAuthException access_denied: Cannot authenticate user
> >>> 'admin@internal': The username or password is incorrect..
> >>> 2018-04-12 09:06:25,049+02 ERROR [org.ovirt.engine.core.bll.pro
> >>> vider.network.SyncNetworkProviderCommand]
> >>> (EE-ManagedThreadFactory-engineScheduled-Thread-87) [2ed5aa42]
> >>> Command 'org.ovirt.engine.core.bll.pro
> >>> vider.network.SyncNetworkProviderCommand' failed:
> >>> EngineException: (Failed with error Unauthorized and code 5050)
> >>> 2018-04-12 09:06:25,050+02 INFO  [org.ovirt.engine.core.bll.pro
> >>> vider.network.SyncNetworkProviderCommand]
> >>> (EE-ManagedThreadFactory-engineScheduled-Thread-87) [2ed5aa42]
> >>> Lock freed to object
> >>> 'EngineLock:{exclusiveLocks='[ 
> >>> e37c0b9e-09bc-4893-9b0c-c70f56d6ecfc=PROVIDER]',
> >>> sharedLocks=''}'
> >>>
> >>> It seems like the SyncNetworkProviderCommand is somehow locking
> >>> the admin account. I already restarted the whole machine but it
> >>> didn't help.
> >>>
> >>> Can someone please point me in the right direction, where to find
> >>> the error?
> >>>
> >>> Thanks in advance
> >>>
> >>>
> >>>

Re: [ovirt-users] Add new node failure - 2nd network (DMZ)

2018-04-16 Thread Dominik Holler

On Mon, 16 Apr 2018 13:20:18 +0300
Andrei Verovski  wrote:

> Hi,
> 
> I have simple cluster with node11 having 2nd network for DMZ zone
> (for internet servers). This network attached to node11 2nd ethernet
> adapter called ‘DMZ_node11’.
> 
> Now I’m trying to add 2nd host to the cluster (node12).
> Attempt to activate newly added node12 results in this error.
> Host node12 does not comply with the cluster ClusterRiga11 networks,
> the following networks are missing on host: ‘DMZ_node11'
> 
> However, I found no way to add new host to the oVirt network
> ‘DMZ_node11’. Network -> Networks -> DMZ_Node11 -> Setup Host Network
> lists only Ethernet interfaces on node11, not on new node12.
> 
> Cluster is running, screwing something up is not an option.
> 
> How I can fix this problem ?
> 

You can add the network "DMZ_node11" via the dialog in
Compute -> Hosts -> node12 -> Network Interfaces -> Setup Host Networks

> Thanks in advance.
> Andrei
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] admin account constantly gets locked

2018-04-17 Thread Dominik Holler

I created https://bugzilla.redhat.com/1568413 to track the issue.

On Thu, 12 Apr 2018 13:57:45 +0200
Martin Perina  wrote:

> On Thu, Apr 12, 2018 at 1:04 PM, Martin Perina 
> wrote:
> 
> >
> >
> > On Thu, Apr 12, 2018 at 12:44 PM, Eitan Raviv 
> > wrote: 
> >> The recurring denied access for every SyncNetworkProvider might be
> >> because you changed the admin password on the engine but not on the
> >> provider.
> >>
> >> Dominik, will updating to the same password on the provider solve
> >> the denied access?
> >> Martin, does the engine lock out the admin user for failed retries?
> >>  
> >
> > Of course, after 5 incorrect logins the account is locked. But I
> > looked at logs and I can't see any login errors, so currently
> > trying to reproduce to find out what's going on ...
> >  
> 
> OK, so confirmed. If you change password for admin@internal using
> aaa-jdbc-tool and you don't change immediately for OVN provider, then
> admin@interal account is locked.
> 
> We should probably change logic in OVN provider to shutdown the OVN
> provider service if authentication failure to engine is raised. Using
> this we will break OVN provider, but
> it seems to me much less severe than locking admin@internal account.
> Dominik, what do you think?
> 
> 
> 
> > 
> >
> >  
> >>
> >>
> >> HTH
> >>
> >>
> >> On Thu, Apr 12, 2018 at 12:29 PM, Käfer Marcel <  
> >> marcel.kae...@putzbrunn.de> wrote:  
> >>  
> >>> Here are the logfiles…
> >>>
> >>>
> >>>
> >>> Thanks
> >>>
> >>>
> >>>
> >>> *Von:* Eitan Raviv [mailto:era...@redhat.com]
> >>> *Gesendet:* Donnerstag, 12. April 2018 11:12
> >>> *An:* Käfer Marcel
> >>> *Cc:* users@ovirt.org; Martin Perina
> >>> *Betreff:* Re: [ovirt-users] admin account constantly gets locked
> >>>
> >>>
> >>>
> >>> The sync network command is probably unrelated.
> >>>
> >>> Can you attach the full engine and the setup logs?
> >>>
> >>> Martin, this looks a bit like [1]. Any idea?
> >>>
> >>> Thanks
> >>>
> >>>
> >>>
> >>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1410955
> >>>
> >>>
> >>>
> >>> On Thu, Apr 12, 2018 at 10:22 AM, Käfer Marcel <  
> >>> marcel.kae...@putzbrunn.de> wrote:  
> >>>
> >>> Hello,
> >>>
> >>> a few days ago I installed an ovirt-engine 4.2.2.6 following the
> >>> steps of the documentation. After the installation I logged in to
> >>> the admin page, configured a datadomain and changed the admin
> >>> password. After a few hours I tried to login again, using the new
> >>> password and got "Unable to log in because the user account is
> >>> disabled or locked. Contact the system administrator." So I
> >>> unlocked the admin account from the shell using
> >>> "ovirt-aaa-jdbc-tool user unlock admin" which worked fine and I
> >>> was able to continue working till the next login.
> >>>
> >>> I traced the /var/log/ovirt-engine/engine.log and found this after
> >>> unlocking the admin account again.
> >>>
> >>> 2018-04-12 09:06:19,984+02 INFO  [org.ovirt.engine.core.bll.pro
> >>> vider.network.SyncNetworkProviderCommand]
> >>> (EE-ManagedThreadFactory-engineScheduled-Thread-87) [2ed5aa42]
> >>> Lock Acquired to object
> >>> 'EngineLock:{exclusiveLocks='[ 
> >>> e37c0b9e-09bc-4893-9b0c-c70f56d6ecfc=PROVIDER]',
> >>> sharedLocks=''}' 2018-04-12 09:06:19,991+02 INFO
> >>> [org.ovirt.engine.core.bll.pro
> >>> vider.network.SyncNetworkProviderCommand]
> >>> (EE-ManagedThreadFactory-engineScheduled-Thread-87) [2ed5aa42]
> >>> Running command: SyncNetworkProviderCommand internal: true.
> >>> 2018-04-12 09:06:20,102+02 INFO
> >>> [org.ovirt.engine.extension.aaa.jdbc.core.Authentication]
> >>> (default task-239) [] locking user: admin due to interval
> >>> failures 2018-04-12 09:06:25,046+02 ERROR
> >>> [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-239) []
> >>> OAuthException access_denied: Cannot authenticate user
> >>> 'admin@internal': The username or password is incorrect..
> >>> 2018-04-12 09:06:25,049+02 ERROR [org.ovirt.engine.core.bll.pro
> >>> vider.network.SyncNetworkProviderCommand]
> >>> (EE-ManagedThreadFactory-engineScheduled-Thread-87) [2ed5aa42]
> >>> Command 'org.ovirt.engine.core.bll.pro
> >>> vider.network.SyncNetworkProviderCommand' failed:
> >>> EngineException: (Failed with error Unauthorized and code 5050)
> >>> 2018-04-12 09:06:25,050+02 INFO  [org.ovirt.engine.core.bll.pro
> >>> vider.network.SyncNetworkProviderCommand]
> >>> (EE-ManagedThreadFactory-engineScheduled-Thread-87) [2ed5aa42]
> >>> Lock freed to object
> >>> 'EngineLock:{exclusiveLocks='[ 
> >>> e37c0b9e-09bc-4893-9b0c-c70f56d6ecfc=PROVIDER]',
> >>> sharedLocks=''}'
> >>>
> >>> It seems like the SyncNetworkProviderCommand is somehow locking
> >>> the admin account. I already restarted the whole machine but it
> >>> didn't help.
> >>>
> >>> Can someone please point me in the right direction, where to find
> >>> the error?
> >>>
> >>> Thanks in advance
> >>>
> >>>
> >>>

Re: [ovirt-users] Failed to synchronize networks of Provider ovirt-provider-ovn

2018-03-16 Thread Dominik Holler

On Fri, 16 Mar 2018 17:46:36 +0200
Kapetanakis Giannis <bil...@edu.physics.uoc.gr> wrote:

> On 16/03/18 17:40, Kapetanakis Giannis wrote:
> > On 16/03/18 15:21, Dominik Holler wrote:  
> >> On Fri, 16 Mar 2018 12:46:13 +0200
> >> Kapetanakis Giannis <bil...@edu.physics.uoc.gr> wrote:
> >>  
> >>> Hi,
> >>>
> >>> After upgrading to 4.2.1 I have problems with ovn provider.
> >>> I'm getting "Failed to synchronize networks of Provider
> >>> ovirt-provider-ovn."
> >>>
> >>> I use custom SSL certificate in apache and I guess this is the
> >>> reason.
> >>>
> >>> I've tried to update ovirt-provider-ovn.conf with
> >>> [OVIRT]
> >>> #ovirt-ca-file=/etc/pki/ovirt-engine/ca.pem
> >>> ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem
> >>>
> >>> but still no go  
> >   
> >>
> >> Would you share the lines in engine.log produced by clicking the
> >> "Test" button in the "Edit Provider" dialog?
> >> On Clicking the test button, are you asked about "Import provider
> >> certificate"?  
> 
> SORRY wrong provider.
> 
> It asks for the cert.
> Failed to communicate with the external provider, see log for
> additional details.
> 
> 2018-03-16 17:44:08,262+02 INFO
> [org.ovirt.engine.core.bll.provider.ImportProviderCertificateCommand]
> (default task-52) [4731d25d-fce3-4408-99ea-8f9d1b5ee5b6] Running
> command: ImportProviderCertificateCommand internal: false. Entities
> affected :  ID: aaa0----123456789aaa Type:
> SystemAction group CREATE_STORAGE_POOL with role type ADMIN
> 2018-03-16 17:44:08,275+02 INFO
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (default task-52) [4731d25d-fce3-4408-99ea-8f9d1b5ee5b6] EVENT_ID:
> PROVIDER_CERTIFICATE_IMPORTED(213), Certificate for provider
> ovirt-provider-ovn was imported. (User: admin@internal) 2018-03-16
> 17:44:08,302+02 INFO
> [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand]
> (default task-44) [f4b2c57b-60c7-4ef9-a59f-0c5b22fa0356] Running
> command: TestProviderConnectivityCommand internal: false. Entities
> affected :  ID: aaa0----123456789aaa Type:
> SystemAction group CREATE_STORAGE_POOL with role type ADMIN
> 2018-03-16 17:44:08,360+02 ERROR
> [org.ovirt.engine.core.bll.provider.network.openstack.BaseNetworkProviderProxy]
> (default task-44) [f4b2c57b-60c7-4ef9-a59f-0c5b22fa0356] Bad Gateway
> (OpenStack response error code: 502) 2018-03-16 17:44:08,360+02 ERROR
> [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand]
> (default task-44) [f4b2c57b-60c7-4ef9-a59f-0c5b22fa0356] Command
> 'org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand'
> failed: EngineException: (Failed with error PROVIDER_FAILURE and code
> 5050)
> 
> and in provider log:
> 
> 2018-03-16 17:45:33,961 requests.packages.urllib3.connectionpool
> Starting new HTTPS connection (1): engine-host 2018-03-16
> 17:45:33,961 requests.packages.urllib3.connectionpool Starting new
> HTTPS connection (1): engine-host 2018-03-16 17:45:33,966 root [SSL:
> CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
> Traceback (most recent call last): File
> "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 131,
> in _handle_request method, path_parts, content) File
> "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line
> 175, in handle_request return self.call_response_handler(handler,
> content, parameters) File
> "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in
> call_response_handler return response_handler(content, parameters)
> File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py",
> line 62, in post_tokens user_password=user_password) File
> "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 26, in
> create_token return auth.core.plugin.create_token(user_at_domain,
> user_password) File
> "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/plugin.py", line
> 48, in create_token timeout=self._timeout()) File
> "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75,
> in create_token username, password, engine_url, ca_file, timeout)
> File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line
> 91, in _get_sso_token timeout=timeout File
> "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54,
> in wrapper response = func(*args, **kwargs) File
> "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py&quo

Re: [ovirt-users] Failed to synchronize networks of Provider ovirt-provider-ovn

2018-03-16 Thread Dominik Holler

On Fri, 16 Mar 2018 12:46:13 +0200
Kapetanakis Giannis  wrote:

> Hi,
> 
> After upgrading to 4.2.1 I have problems with ovn provider.
> I'm getting "Failed to synchronize networks of Provider
> ovirt-provider-ovn."
> 
> I use custom SSL certificate in apache and I guess this is the reason.
> 
> I've tried to update ovirt-provider-ovn.conf with
> [OVIRT]
> #ovirt-ca-file=/etc/pki/ovirt-engine/ca.pem
> ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem
> 
> but still no go
> 
> Any tips on this?
> 
> thanks
> 
> G
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

Would you share the lines in engine.log produced by clicking the "Test"
button in the "Edit Provider" dialog?
On Clicking the test button, are you asked about "Import provider
certificate"?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] how update the network name of a vmnic with API SDK python ?

2018-03-21 Thread Dominik Holler

On Wed, 21 Mar 2018 05:30:25 +
Nicolas Vaye  wrote:

> Hi,
> 
> i want to change the network name of the existing nic for a VM with
> python SDK API ? Can i have some help please ?
> 
> the VM name is testnico
> the nic name is nic1
> the new network name is vlan_NEW
> 
> and here is the source file written by me (which doesn't work) :
> 
> 
> #!/usr/bin/env python
> # -*- coding: utf-8 -*-
> 
> 
> import logging
> import time
> 
> import ovirtsdk4 as sdk
> import ovirtsdk4.types as types
> 
> logging.basicConfig(level=logging.DEBUG, filename='example.log')
> 
> # This example will connect to the server and start a virtual machine
> # with cloud-init, in order to automatically configure the network and
> # the password of the `root` user.
> 
> # Create the connection to the server:
> connection = sdk.Connection(
> url='https://ocenter.province-sud.prod/ovirt-engine/api',
> username='admin@internal',
> password='',
> ca_file='CA_ocenter.pem',
> debug=True,
> log=logging.getLogger(),
> )
> 
> # Find the virtual machine:
> vms_service = connection.system_service().vms_service()
> vm = vms_service.list(search = 'name=testnico')[0]
> 
> # Find the service that manages the virtual machine:
> vm_service = vms_service.vm_service(vm.id)
> 
> 
> 
> 
> # In order to specify the network that the new interface will be
> # connected to we need to specify the identifier of the virtual
> network # interface profile, so we need to find it:
> profiles_service = connection.system_service().vnic_profiles_service()
> profile_id = None
> for profile in profiles_service.list():
> print "profile "+profile.name+","+profile.id
> if profile.name == 'vlan_NEW':
> profile_id = profile.id
> break
> 
> # Locate the service that manages the network interface cards of the
> # virtual machine:
> nics_service = vm_service.nics_service()
> 
> #print nics_service
> 
> # Find the nic1 of the VM
> for nic in nics_service.list():
> print "nic "+nic.name+","+nic.id+','+nic.vnic_profile.id
> if nic.name == 'nic1':
> nic_service = nics_service.nic_service(nic.id)
> break
> 
> 
> print "nic_service nic1 ==>"+str(nic_service)
> #pprint(vars(nic_service.network_filter_parameters_service().parameter_service()))
> 
> 
> #nic_service.vnic_profile.id=profile_id
> #nic_service.update()
> 
> nic_service.update(
> vnic_profile=types.VnicProfile(
> id=profile_id,
> )
> )
> 

nic_service.update(
types.Nic(
vnic_profile=types.VnicProfile(
id=profile_id,
)
)
)


> 
> # Close the connection to the server:
> connection.close()
> 
> 
> The result is :
> 
> Traceback (most recent call last):
>   File "start_vm_with_cloud_init.py", line 85, in 
> id=profile_id,
> TypeError: update() got an unexpected keyword argument 'vnic_profile'
> 
> 
> How can i do ?
> 

update() expects a parameter of type types.Nic, which has the parameter
vnic_profile.

> Thanks.
> 
> Nicolas VAYE
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Re: nul interface error when engine is creating ovirtmgmt bridge post-deployment

2018-10-11 Thread Dominik Holler

On Thu, 11 Oct 2018 16:00:37 -
"Brad Riemann"  wrote:

> > On Wed, 10 Oct 2018 16:27:38 -
> > "Brad Riemann"  wrote:
> > 
> > 
> > This is correct.
> > 
> > 
> > The physical interface (or bridge) which has the IP address used to add
> > the host is used for ovirtmgmt during the initial host setup.
> > For some reason oVirt does not detect the NIC or birdge which has the 
> > expected
> > IP address.
> > Is there an physical interface on the host with the IP address used to add 
> > the host to oVirt?
> > Would you please share the line containing
> > [api.host] FINISH getCapabilities return
> > of /var/log/vdsm.log on the host and the IP address used to add the host to 
> > oVirt?
> >   
> Ah.. crude.. yeah the node is behind a nat too, so it's probably looking at 
> the public ip and can't find it so errors out.
> 
> I'll send you an email directly with this line, I'm not to keen on letting 
> our subnets be shown on the net, but you can share among the rhel team if 
> need be.
> > 
> > 
> > OVN will not work, because the ovn-controller on the host has to
> > connect to ovn-central on Engine's host.
> > To prevent ovn-controller to try to connect to the ovn-central, the
> > default network provider should be disabled in this cluster.  
> 
> Based on your last comment in the response i'll bet that being behind the nat 
> answers my issue in general.

Ack, host behind the nat does not work, the IP address of NIC or bridge
on the node has to match the IP address used to add the node in Engine.

> Supplying the logs anyway for sanity but i'm betting that because i'm
> initiating the update of the logical networks from the GUI it takes a
> different approach to push down the changes than the initial setup?

No, but the initial setup fails to detect the NIC or bridge to
configure.

> The more I think about it the less sense it makes since it SHOULD use
> the same delivery methods, no?
> 
> And before anyone calls me ridiculous for having this connectivity go through 
> a nat on both sides, I know, I inherited the methodology and am trying to 
> work within confines that I am allowed.
> 

I regret that nat on both sides will not work.

> Anywho, here goes, thanks for the reply appreciate the feedback GREATLY.
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/JODZ7JJUOGMRNLRH3BDJBKIQUDP3EEPA/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/DNV256BHLQNDUD2ZFTLJLH7HLOMHIGEG/

[ovirt-users] Re: How Many Logical networks supported

2018-10-12 Thread Dominik Holler

On Thu, 11 Oct 2018 11:31:04 -
p.stanifo...@leedsbeckett.ac.uk wrote:

> Hello,
>  We are currently using oVirt for teaching and one of our 
> requirements is for security such as IR PEN testing etc. We would like to 
> create individual logical networks with a network profile that includes port 
> mirroring, this is to reduce the amount of traffic they can see and the 
> targets available.
> 
> We are looking to to add VMs into Affinity Groups so they will run on the 
> same host to make the port-mirror work but don't no if there is a limit on 
> the number of logical networks that is allowed/practical.
> 

I am not aware that oVirt is limiting the number of logical networks.
Beside the 4096 VLANs which are technically allowed.
But I ensure check if the boot and configuration times are acceptable,
if many logical networks are used.

I would be interested to know if using OVN via ovirt-provider-ovn is
helping to speed up boot and configuration times. But I expect
port-mirroring is more complex in OVN.


> Thanks,
>  Regards,
> Paul S.  
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/HL53NTRMFTJAZ23N7FNQOXBBWXLBUS7N/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/372NH54NJYEERUAXFF2TVIT7GRGI5QBP/

[ovirt-users] Re: vNIC tagged VLANs and Bond VLANs support

2018-10-12 Thread Dominik Holler

On Wed, 10 Oct 2018 14:38:01 -
g...@santconsulting.com wrote:

> Hi, 
> 
> We have a need to create a VLAN tagged vNIC over a Bond interface and allow 
> that same VLAN to be accessible to a VM who's NIC is the same Bond. Our 
> testing shows that once you create the VLAN tagged vNIC, the VLAN is no 
> longer available to VMs over the bond. Below is the config we are trying to 
> create.  
> 
> VM#1
> oVirt Interface = Bond0 
> Logical Network = vNIC70 (tagged VLAN 70)
> VM Host Interface = eth0
> 
> VM#2
> oVirt Interface = Bond0 
> Logical Network = Bond0 / Host based VLAN 70 tag as sub-interface (eth0.70)
> VM Host Interface = eth0.70
> 
> Is there a way around this issue while supporting the requirement? 
> 

Not really, a second NIC or bond is required on the host.

> Thanks!
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/USPMFD3NUAGE4PLOV62HSQDNEMHL37TU/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RMJUJOUI36PSZGBRIW5C53QN6YZOBOTK/

[ovirt-users] Re: Adding a new Host to Cluster via oVirt Manager fails with "No Route to Host"

2018-10-12 Thread Dominik Holler

On Tue, 09 Oct 2018 12:57:30 -
"Markus Frei"  wrote:

> Additionally here is the corresponding snippet from the engine.log:
> 
> https://paste.simplylinux.ch/view/c62f0f7d

This logfile indicates that Engine has problems to reach the data base,
which is the reason for the strange behavior.

Can you please check if the data base is alive and can be reached from
Engine's host?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/LMFZS3RZ24S5LLCK5Y7AUXWVYKFGWNLX/

[ovirt-users] Re: VLAN tagging with external provider networks

2018-10-12 Thread Dominik Holler

On Thu, 09 Aug 2018 21:17:46 -
anurag.porripire...@bigswitch.com wrote:

> Hi,
> 
> I see that checking the "External provider" box whilst creating networks 
> clears and grays out VLAN tagging. Is VLAN tagging for external provider 
> networks not supported? 
> 

VLAN tagging on external providers is working according to the
OpenStack Networking API via "physical networks" with
ovirt-provider-ovn and planned for ovirt-4.2.7 with neutron on top of
ovn, see
https://ovirt.org/develop/release-management/features/network/provider-physical-network/
for details.
This is not yet supported, because this requires the not supported
"Open vSwitch" switchtype, which is does not provider all features of
the "Linux Bridge" switchtype.

> Thanks,
> Anurag
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/O7OHI3NNR7TANQU5VSTMOSHSUWSUZSW5/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/67IJ7ZDVTFQHF5M53RKLNYSMFWAMT46E/

[ovirt-users] Re: Best Openstack version to integrate with oVirt 4.2.7

2018-11-14 Thread Dominik Holler

On Wed, 14 Nov 2018 18:04:20 +0200
Dan Kenigsberg  wrote:

> On Sun, Nov 11, 2018 at 7:04 PM Gianluca Cecchi
>  wrote:
> >
> > On Sun, Nov 11, 2018 at 3:50 PM Nir Soffer  wrote:  
> >>
> >> On Sat, Nov 10, 2018 at 6:52 PM Gianluca Cecchi 
> >>  wrote:  
> >>>
> >>> Hello,
> >>> do you think it is ok to use Rocky version of Openstack to integrate its 
> >>> services with oVirt 4.2.7 on CentOS 7?
> >>> I see on https://repos.fedorapeople.org/repos/openstack/ that, if Rocky 
> >>> is too new, between the older releases available there are, from newer to 
> >>> older:
> >>> Queens
> >>> Pike
> >>> Ocata
> >>> Newton  
> >>
> >>
> >> Nobody working on oVirt is testing any release of Openstack in the recent 
> >> years.  
> 
> Actually, Neutron and Glance are actively tested.
> 
> >>  
> >
> > Strange... I think oVirt is the natural platform to test features to have 
> > them on RHV if considered enterprise ready.
> > And reading the downstream latest documentation for RHV 4.2 I see this 
> > regarding external providers:
> > https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2/html/administration_guide/chap-external_providers
> >
> > And there is explicit reference to
> >
> > 1) Glance
> > https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2/html/administration_guide/sect-adding_external_providers#Adding_an_OpenStack_Image_Service_Glance_for_Image_Management
> > without any particular restriction described
> >
> > 2) Neutron
> > https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2/html/administration_guide/sect-adding_external_providers#Adding_an_OpenStack_Network_Service_Neutron_for_Network_Provisioning
> > with the note:
> > "
> > Important
> > Red Hat Virtualization supports Red Hat OpenStack Platform versions 8, 9, 
> > 10, 11, and 12 as external network providers.
> > "
> >
> > BTW: the release cycles are here:
> > https://access.redhat.com/support/policy/updates/openstack/platform
> >
> > 3) Cinder
> > https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2/html/administration_guide/sect-adding_external_providers#Adding_an_OpenStack_Block_Storage_Cinder_Instance_for_Storage_Management
> > with the only note regarding Ceph as a provider for block storage to use 
> > with Cinder
> > "
> > Add an OpenStack Block Storage (Cinder) instance for storage management to 
> > the Red Hat Virtualization Manager. The OpenStack Cinder volumes are 
> > provisioned by Ceph Storage.
> > "
> >
> > Coming back to oVirt 4.2.7 I see all of the 3 above providers present and 
> > referenced when I go and add external providers, so it doesn't seem to the 
> > final user/admin as an abandoned feature
> >  
> >> The Cinder/Ceph support was released as tech preview in 3.6, and no work 
> >> was
> >> done since then, and I think this will be deprecated soon.
> >>  
> >
> > Actually it seems yet a tech preview in latest 4.2, if the manual is 
> > correct (see link given above for Cinder)
> >  
> >>
> >> For 4.3 we are working on a different direction, using Cinderlib
> >> https://github.com/Akrog/cinderlib
> >>
> >>
> >>
> >> This is a way to use Cinder drivers without Openstack installation.
> >> The same library is used to provide Cinder based storage in Kubernetes.
> >> https://github.com/Akrog/ember-csi
> >>
> >> You can find an early draft here for this feature. Note that it is 
> >> expected to be
> >> updated in the next weeks, but it can give you some idea on what we are
> >> working on.
> >> https://github.com/oVirt/ovirt-site/blob/f88f38ebb9afff656ab68a2d60c2b3ae88c21860/source/develop/release-management/features/storage/cinderlib-integration.html.md
> >>
> >> This will be tested with some version of Cinder drivers. I guess we will 
> >> have
> >> more info about it during 4.3 development.
> >>  
> >
> > I will go through reading them, thanks
> >
> >  
> >>>
> >>> At the moment I have two separate lab environments:
> >>> oVirt with 4.2.7
> >>> Openstack with Rocky (single host with packstack allinone)
> >>>
> >>> just trying first integration steps with these versions, it seems I'm not 
> >>> able to communicate with glance, because I get in engine.log
> >>> 2018-11-10 17:32:58,386+01 ERROR 
> >>> [org.ovirt.engine.core.bll.provider.storage.AbstractOpenStackStorageProviderProxy]
> >>>  (default task-51) [e2fccee7-1bb2-400f-b8d3-b87b679117d1] Not Found 
> >>> (OpenStack response error code: 404)  
> >>
> >>
> >> I think Glance support should work. Elad, which version of Glance was
> >> tested for 4.2?  
> >
> >
> > Based on the restrictions described for Neutron Provider above, I right 
> > deployed, always on CentOS 7.5 and using packstack allinone method, the 
> > oldest release I found a repo for at 
> > http://mirror.centos.org/centos/7/cloud/x86_64/ .
> > That is Ocata (aka the base for OSP 11) and at least the glance connection 
> > works now out of the box, using the same parameters that dind't work with 
> > Rocky.
> >
> > 2018-11-11

[ovirt-users] Re: Best Openstack version to integrate with oVirt 4.2.7

2018-11-14 Thread Dominik Holler

On Wed, 14 Nov 2018 19:05:39 +0100
Gianluca Cecchi  wrote:

> On Wed, Nov 14, 2018 at 6:07 PM Dominik Holler  wrote:
> 
> > On Wed, 14 Nov 2018 18:04:20 +0200
> > Dan Kenigsberg  wrote:
> >  
> 
> [snip]
> 
> > > Donna if a problem in configuration with packstack passing from Ocata  
> > to Rocky or any feature itself that changed with Rocky.  
> > > > I have both (Rocky server and Ocata server) and can compare them if it  
> > can be of any help to have Rocky working with oVirt 4.2.7  
> > >
> > > Would you share your provider credentials? OpenStack dropped support
> > > for keystone v2, and in ovirt-4.2.7 we've introduced support for
> > > keystone v3. It smells related to your issue.
> > >  
> >
> > Keystone v3 is only supported for oVirt's OpenStack Network Provider,
> > not for storage providers.
> > Please let us know, if you find any issues in using Neutron
> > integration as external Network provider for oVirt.
> > Please note, that for packstack's queens and rocky also the
> > OVN layer 2 should work. In my simple packstack environment, even
> > physnet worked.
> > Please note that the oVirt's deployment of the Neutron provider on
> > host does not work for queens and rocky. Best way to prevent that
> > the deployment is triggered is to set no default network provider of
> > the cluster.
> >
> >  
> I see that when configuring "OpenStack Image" provider the authentication
> section contain "API Version" field greyed and pre-filled with "v2.0", so I
> cannot change it
> When trying to configure Openstack Neutron provider I can select "v2.0" or
> "v3"
> 
> I don't find clear reference on how to manually configure the network node
> as a host.
> Is it sufficient to enable ovirt 4.2 repos and install
> vdsm-hook-openstacknet on it and then add it to the manager?

for a packstack network host it is just:
systemctl stop iptables
yum install -y https://resources.ovirt.org/pub/yum-repo/ovirt-release42.rpm
before adding the host in oVirt

my full personal notes are at
https://gitlab.com/snippets/1778319





___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/4X4MZ6DXZRBQ7BGENY22IFMZ6C6CC6VI/

[ovirt-users] Re: Out-of-sync networks can only be detached

2018-10-09 Thread Dominik Holler

On Tue, 9 Oct 2018 13:24:51 +0200
Sakhi Hadebe  wrote:

> Hi,
> 
> I have a 3-node oVirt cluster. I have configured 2 logical networks:
> ovirtmgmt and public. Public logical network is attached in only 2 nodes
> and failing to attach on the 3rd node with the below error
> Invalid operation, out-of-sync network 'public' can only be detached.
> 
> Please  have been stuck on this for almost the whole day now. How do I fix
> this error?
> 

The error message in the UI might be include the wrong network name.
I guess the network ovirtmgmt is out-of-sync on the 3rd node.
Why the network is out of sync, is shown as a tooltip if you hover the
mouse pointer over ovirtmgmt in
"Compute > Hosts > 3rd host > Network Interfaces > Setup Host Networks"
If the shown information does not help you, please share a screenshot
of this dialog.

If there is a line like:
The following Network definitions on the Network Interface are different than 
those on the Logical Network. Please synchronize the Network Interface before 
editing network ${NETWORK_NOT_IN_SYNC}. The non-synchronized values are\: 
${OUT_OF_SYNC_VALUES}.
in engine.log, please share this line, too.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/V4HDJJQIOJBD2BT2JZKZXWRPMW6EGNT5/

[ovirt-users] Re: Networking in oVirt

2018-09-29 Thread Dominik Holler

On Fri, 28 Sep 2018 19:16:50 +0200
si...@turka.nl wrote:

> Hi all,
> 
> Today I have installed oVirt 4.2 on a single machine (self hosted 
> engine).
> 
> My server has 6 physical adapters, but only 1 has an active uplink 
> (enp2s0f0). The server is directly connected to the internet.
> 
> The installation of oVirt created the following interfaces:
> - br-int
> - ovirtmgmt [IP configured: inet 85.17.x.x]
> - virbr0 [IP configured: inet 192.168.122.1]
> - virbr0-nic
> - vnet0
> 
> The hosted-engine is attached to ovirtmgmt and got IP 192.168.122.76 
> assigned. The hosted-engine does have access to the internet.
> 
> The logical network ovirtmgmt is assigned to the physical interface 
> enp2s0f0 when I check this via the oVirt webgui.
> 
> I have 2 questions.
> 
> Q1:
> I would like to achieve the following:
> - Create a new network, call it vm_network.
> - Create VM's and attach them to the vm_network.

This is no problem.

> - These VM's should able to access the internet.
> 

Can you explain this more detailed?
oVirt does not provider snat, so you require either multiple internet
IP addresses or a node, e.g. a VM, doing the routing/snat.

> Is this possible, if so, how do I achieve this?
> 
> 
> Q2:
> When my first question is answered and I have VM's running, some of the 
> VM's I would like to give an external/public IP address. How do I 
> achieve this?
> 

Let's postpone this until the first question is answered.

> 
> Thanks!
> 
> Sinan
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/YQAADTUEQEDLOQ6LXZU2XMKE5JCSH3QC/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/O57ZHABXT374VG3JKDFTVJNS6ONKZPLR/

[ovirt-users] Re: Out-of-sync networks can only be detached

2018-10-11 Thread Dominik Holler

ad-65) [550b0278] Lock
> Acquired to object
> 'EngineLock:{exclusiveLocks='[1a7e6539-4a99-4051-9998-803883d118f2=PROVIDER]',
> sharedLocks=''}'
> 2018-10-11 13:55:38,226+02 INFO
> [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand]
> (EE-ManagedThreadFactory-engineScheduled-Thread-65) [550b0278] Running
> command: SyncNetworkProviderCommand internal: true.
> 2018-10-11 13:55:38,327+02 INFO
> [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-342) []
> User admin@internal successfully logged in with scopes: ovirt-app-api
> ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search
> ovirt-ext=token-info:validate ovirt-ext=token:password-access
> 2018-10-11 13:55:38,483+02 INFO
> [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand]
> (EE-ManagedThreadFactory-engineScheduled-Thread-65) [550b0278] Lock freed
> to object
> 'EngineLock:{exclusiveLocks='[1a7e6539-4a99-4051-9998-803883d118f2=PROVIDER]',
> sharedLocks=''}'
> 
> On Tue, Oct 9, 2018 at 5:01 PM Dominik Holler  wrote:
> 
> > On Tue, 9 Oct 2018 13:24:51 +0200
> > Sakhi Hadebe  wrote:
> >  
>  [...]  
> > fix  
>  [...]  
> >
> > The error message in the UI might be include the wrong network name.
> > I guess the network ovirtmgmt is out-of-sync on the 3rd node.
> > Why the network is out of sync, is shown as a tooltip if you hover the
> > mouse pointer over ovirtmgmt in
> > "Compute > Hosts > 3rd host > Network Interfaces > Setup Host Networks"
> > If the shown information does not help you, please share a screenshot
> > of this dialog.
> >
> > If there is a line like:
> > The following Network definitions on the Network Interface are different
> > than those on the Logical Network. Please synchronize the Network Interface
> > before editing network ${NETWORK_NOT_IN_SYNC}. The non-synchronized values
> > are\: ${OUT_OF_SYNC_VALUES}.
> > in engine.log, please share this line, too.
> >  
> 
> 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/R4FE4JPSH6YZ4T3QP5XXYHBKQCMVDKJP/

[ovirt-users] Re: nul interface error when engine is creating ovirtmgmt bridge post-deployment

2018-10-11 Thread Dominik Holler

On Wed, 10 Oct 2018 16:27:38 -
"Brad Riemann"  wrote:

> Hello again,
> 
> I've been working on an automated solution that uses the API to add a host on 
> first boot, the code checks out (or maybe it doesn't), however I can confirm 
> that the ovirt engine works through adding all requirements of a host 
> properly except when it gets to setting up the bridge on the new node. The 
> following link contains the log lines from the engine.log file, I can confirm 
> that if I go to the engine web interface, I see my two interfaces on the new 
> node, em1 and em2 (this is a Dell R420 server), and I can click on the "Setup 
> Host Networks" button. The proceeding dialog window gives me the ability to 
> drag over the ovirtmgmt logical interface onto the active physical interface 
> and once saved I can see the engine go to work on setting up the bridge 
> without an issue. 
> My understanding is that this is supposed to be an automated process
> (which is what i'm going for),

This is correct.

>  might someone be able to help me understand why im seeing the error I
> am? Am I just missing something from the api standpo
> int that is supposed to tell the system which physical interface it needs
> to use for building the ovirtmgmt bridge on top of?
> 

The physical interface (or bridge) which has the IP address used to add
the host is used for ovirtmgmt during the initial host setup.
For some reason oVirt does not detect the NIC or birdge which has the expected
IP address.
Is there an physical interface on the host with the IP address used to add 
the host to oVirt?
Would you please share the line containing
[api.host] FINISH getCapabilities return
of /var/log/vdsm.log on the host and the IP address used to add the host to 
oVirt?


> One thing to note (it shouldn't matter I don't think) but the engine is 
> behind a nat,

OVN will not work, because the ovn-controller on the host has to
connect to ovn-central on Engine's host.
To prevent ovn-controller to try to connect to the ovn-central, the
default network provider should be disabled in this cluster.

> communicating over a vpn to the new node. I have to nat traffic from
> the engine so the ip address seen is different than what was supplied
> to the ansible playbook, i'm not familiar with ansible nor the
> playbooks used to know if that will have adverse impacts such as i'm
> seeing in the logs.
> 
> Logs: https://pastebin.com/UC4WfBix
> 
> Thank you in advance,
> Brad
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/7SXE4KGIWU3P4LTWBVBVWXXSDLWCZS7Z/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/EGMCH7KS4RYEH64NDHHZWYKBZYZK62AG/

[ovirt-users] Re: Adding hosts to oVirt-Engine

2018-10-03 Thread Dominik Holler

On Wed, 03 Oct 2018 08:59:30 -
manish.shu...@locuz.com wrote:

> Dear Dominik,
> 
> PLease find the engine.log addon lines for ref.
> 
> 2018-10-01 17:37:11,409+05 INFO  
> [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand] 
> (EE-ManagedThreadFactory-engineScheduled-Thread-10) [4a271954] Lock freed to 
> object 
> 'EngineLock:{exclusiveLocks='[12201c8a-28dc-4a62-a0ad-567a2ec033d1=PROVIDER]',
>  sharedLocks=''}'
> 2018-10-01 17:37:22,628+05 INFO  
> [org.ovirt.engine.core.bll.gluster.tasks.GlusterTasksService] 
> (DefaultQuartzScheduler4) [678d0978] No up server in cluster
> 2018-10-01 17:38:16,191+05 INFO  
> [org.ovirt.engine.core.bll.hostdeploy.UpdateVdsCommand] (default task-26) 
> [04cd3470-cc73-498e-b040-0e7795296f1b] Running command: UpdateVdsCommand 
> internal: false. Entities affected :  ID: 
> 0a9b10cf-d9b7-4df7-a16e-7c943ea7b77f Type: VDSAction group 
> EDIT_HOST_CONFIGURATION with role type ADMIN
> 2018-10-01 17:38:16,218+05 WARN  
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] 
> (default task-26) [04cd3470-cc73-498e-b040-0e7795296f1b] EVENT_ID: 
> VDS_ALERT_FENCE_IS_NOT_CONFIGURED(9,000), Failed to verify Power Management 
> configuration for Host ovirthost.
> 2018-10-01 17:38:16,236+05 INFO  
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] 
> (default task-26) [04cd3470-cc73-498e-b040-0e7795296f1b] EVENT_ID: 
> USER_UPDATE_VDS(43), Host ovirthost configuration was updated by 
> admin@internal-authz.
> 2018-10-01 17:38:21,680+05 INFO  
> [org.ovirt.engine.core.bll.hostdeploy.HostEnrollCertificateCommand] (default 
> task-24) [16688947-ae1b-4716-821b-0e4335547817] Running command: 
> HostEnrollCertificateCommand internal: false. Entities affected :  ID: 
> 0a9b10cf-d9b7-4df7-a16e-7c943ea7b77f Type: VDSAction group 
> EDIT_HOST_CONFIGURATION with role type ADMIN
> 2018-10-01 17:38:21,763+05 INFO  
> [org.ovirt.engine.core.bll.hostdeploy.HostEnrollCertificateInternalCommand] 
> (EE-ManagedThreadFactory-commandCoordinator-Thread-1) 
> [16688947-ae1b-4716-821b-0e4335547817] Running command: 
> HostEnrollCertificateInternalCommand internal: true. Entities affected :  ID: 
> 0a9b10cf-d9b7-4df7-a16e-7c943ea7b77f Type: VDS
> 2018-10-01 17:38:21,776+05 INFO  
> [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] 
> (EE-ManagedThreadFactory-commandCoordinator-Thread-1) 
> [16688947-ae1b-4716-821b-0e4335547817] START, SetVdsStatusVDSCommand(HostName 
> = ovirthost, 
> SetVdsStatusVDSCommandParameters:{hostId='0a9b10cf-d9b7-4df7-a16e-7c943ea7b77f',
>  status='Installing', nonOperationalReason='NONE', 
> stopSpmFailureLogged='false', maintenanceReason='null'}), log id: 791bccb6
> 2018-10-01 17:38:21,790+05 INFO  
> [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] 
> (EE-ManagedThreadFactory-commandCoordinator-Thread-1) 
> [16688947-ae1b-4716-821b-0e4335547817] FINISH, SetVdsStatusVDSCommand, log 
> id: 791bccb6
> 2018-10-01 17:38:21,796+05 INFO  
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] 
> (default task-24) [16688947-ae1b-4716-821b-0e4335547817] EVENT_ID: 
> HOST_CERTIFICATION_ENROLLMENT_STARTED(880), Enrolling certificate for host 
> ovirthost was started (User: admin@internal-authz).
> 2018-10-01 17:38:21,873+05 INFO  
> [org.ovirt.engine.core.bll.hostdeploy.VdsDeployBase] 
> (EE-ManagedThreadFactory-commandCoordinator-Thread-1) 
> [16688947-ae1b-4716-821b-0e4335547817] Connected to host 192.168.0.28 with 
> SSH key fingerprint: SHA256:CH5CIcXhbxey7j0jsipi8yTCp1iXlBbcG8m+4ic8IAM
> 2018-10-01 17:38:21,953+05 ERROR 
> [org.ovirt.engine.core.bll.hostdeploy.VdsDeployBase] 
> (EE-ManagedThreadFactory-commandCoordinator-Thread-1) 
> [16688947-ae1b-4716-821b-0e4335547817] Error during host 192.168.0.28 install
> 2018-10-01 17:38:21,969+05 ERROR 
> [org.ovirt.engine.core.bll.hostdeploy.HostEnrollCertificateInternalCommand] 
> (EE-ManagedThreadFactory-commandCoordinator-Thread-1) 
> [16688947-ae1b-4716-821b-0e4335547817] Failed to enroll certificate for host 
> 'ovirthost': SSH authentication to 'root@192.168.0.28' failed. Please verify 
> provided credentials. Make sure key is authorized at host
> 2018-10-01 17:38:21,970+05 ERROR 
> [org.ovirt.engine.core.bll.hostdeploy.HostEnrollCertificateInternalCommand] 
> (EE-ManagedThreadFactory-commandCoordinator-Thread-1) 
> [16688947-ae1b-4716-821b-0e4335547817] Exception: 
> javax.naming.AuthenticationException: SSH authentication to 
> 'root@192.168.0.28' failed. Please verify provided credentials. Make sure key 
> is authorized at host
> 2018-10-01 17:38:21,993+05 INFO  
> [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] 
> (EE-ManagedThreadFactory-commandCoordinator-Thread-1) 
> [16688947-ae1b-4716-821b-0e4335547817] START, SetVdsStatusVDSCommand(HostName 
> = ovirthost, 
> SetVdsStatusVDSCommandParameters:{hostId='0a9b10cf-d9b7-4df7-a16e-7c943ea7b77f',
>  status='InstallFailed', nonOperationalReason='NONE', 
>

[ovirt-users] Re: Adding hosts to oVirt-Engine

2018-10-03 Thread Dominik Holler

On Wed, 03 Oct 2018 06:42:43 -
manish.shu...@locuz.com wrote:

> Below error i am getting while adding same host in to Engine.
> Error log on Engine. Kindlly Suggest
> 
> 2018-10-03 12:02:32,271+05 ERROR 
> [org.ovirt.engine.core.vdsbroker.vdsbroker.GetCapabilitiesAsyncVDSCommand] 
> (EE-ManagedThreadFactory-engineScheduled-Thread-96) [] Command 
> 'GetCapabilitiesAsyncVDSCommand(HostName = 192.168.0.28, 
> VdsIdAndVdsVDSCommandParametersBase:{hostId='0fb0f4ac-162e-4cfd-ab15-641c04861d2f',
>  vds='Host[192.168.0.28,0fb0f4ac-162e-4cfd-ab15-641c04861d2f]'})' execution 
> failed: java.net.ConnectException: Connection refused
> 2018-10-03 12:02:33,342+05 INFO  
> [org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (SSL Stomp Reactor) [] 
> Connecting to /192.168.0.28
> 2018-10-03 12:02:33,345+05 ERROR 
> [org.ovirt.engine.core.vdsbroker.vdsbroker.GetAllVmStatsVDSCommand] 
> (EE-ManagedThreadFactory-engineScheduled-Thread-67) [] Command 
> 'GetAllVmStatsVDSCommand(HostName = 192.168.0.28, 
> VdsIdVDSCommandParametersBase:{hostId='0fb0f4ac-162e-4cfd-ab15-641c04861d2f'})'
>  execution failed: java.net.ConnectException: Connection refused
> 2018-10-03 12:02:33,345+05 INFO  
> [org.ovirt.engine.core.vdsbroker.monitoring.PollVmStatsRefresher] 
> (EE-ManagedThreadFactory-engineScheduled-Thread-67) [] Failed to fetch vms 
> info for host '192.168.0.28' - skipping VMs monitoring.
> 2018-10-03 12:02:35,283+05 INFO  
> [org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (SSL Stomp Reactor) [] 
> Connecting to /192.168.0.28
> 2018-10-03 12:02:35,285+05 ERROR 
> [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] 
> (EE-ManagedThreadFactory-engineScheduled-Thread-32) [] Unable to 
> RefreshCapabilities: ConnectException: Connection refused
> 2018-10-03 12:02:35,288+05 ERROR 
> [org.ovirt.engine.core.vdsbroker.vdsbroker.GetCapabilitiesAsyncVDSCommand] 
> (EE-ManagedThreadFactory-engineScheduled-Thread-32) [] Command 
> 'GetCapabilitiesAsyncVDSCommand(HostName = 192.168.0.28, 
> VdsIdAndVdsVDSCommandParametersBase:{hostId='0fb0f4ac-162e-4cfd-ab15-641c04861d2f',
>  vds='Host[192.168.0.28,0fb0f4ac-162e-4cfd-ab15-641c04861d2f]'})' execution 
> failed: java.net.ConnectException: Connection refused

Would you please share the corresponding log files
from /var/log/ovirt-engine/ and some lines more preceding of engine.log?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ENCQO644IRN7QVFVWA2MRPWBGLLWG3RH/

[ovirt-users] Re: VM create with network interface via the API

2018-09-20 Thread Dominik Holler

On Thu, 20 Sep 2018 18:37:40 -
"Alan Bunch"  wrote:

> Hello all and thank you in advance for your help.
> 
> I have been able to work out how to add vm via a call to the vms
> API.   I am passing in a template via the api call and that is
> working.  I do not have a network installed in the template. My use
> case for that was to hit “New vm”, fill in the hostname and network
> and let cloud-init set the hostname.  That way I can create a new vm
> with just a few clicks.  
> 
> What I can’t seem to figure out is how to define the network
> interface in the add vm api call.   It looks like I should have to
> add the network interface in a second call after creation.If I
> add the interface in the   section for cloud-init I
> seems to have a chicken and egg problem.  When I add the
>  section and the data for the ip address, netmask,
> default gateway, I get;  standalone="yes"?>  [Cannot add VM. Static IPv4
> address is missing in cloud-init configuration.]
> Operation Failed 
> 

In
https://github.com/oVirt/ovirt-system-tests/blob/master/basic-suite-4.2/test-scenarios/004_basic_sanity.py#L894
and
https://github.com/oVirt/ovirt-system-tests/blob/master/network-suite-master/lib/virtlib.py#L79
are examples of how to use cloud-init.

> That would seem to indicate to me that I need and interface before I
> can configure it.  That makes sense.  But how do I get an interface
> before I create the vm ?
> 

If you want to use the python sdk, please find in github.com -
ovirt-engine-sdk how to add a vNIC to a VM. You can add the vNIC after
VM is created, but before the VM is booted the first time.

> What might I be missing?
> 
> The desired result is create a vm and set the hostname and ip info
> via the api so that I get a fully formed vm connected to the
> network.  That gets me to the point of being able to download build
> scripts to install and start puppet.
> 
> Alan
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/ List
> Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/YQRSABCJ7Y3L44XRFLUFDTFPK6OGBKPH/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OWBWY5CU3XMDUO4QR3FN7IP45S4PM7Y3/

[ovirt-users] Re: Cannot configure local storage, network issue?

2018-09-21 Thread Dominik Holler

On Fri, 21 Sep 2018 15:05:59 +0200
Sandro Bonazzola  wrote:

> Il giorno ven 21 set 2018 alle ore 14:58 Callum Smith
>  ha scritto:
> 
> > Dear All,
> >
> > I'lm getting this problem when trying to add local storage from the
> > node:
> >
> > Cannot edit Host. Moving a host to a cluster with different
> > management network is not allowed. That might cause connectivity
> > loss.
> >
> > The cluster the host is in uses a different default network to the
> > default cluster - is this the problem?
> >

Yes, but you can remove the host from oVirt and add again to the new
cluster.

> >  
> Adding Dominik
> 
> 
> 
> > Regards,
> > Callum
> >
> > --
> >
> > Callum Smith
> > Research Computing Core
> > Wellcome Trust Centre for Human Genetics
> > University of Oxford
> > e. cal...@well.ox.ac.uk
> >
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> > oVirt Code of Conduct:
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/UW7UZBPD5SWQ54PWETWPYY2AYZDV5IVK/
> >  
> 
> 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/E2NNO7BZJ22HK4ATBQ27C7FEVMIP2IOH/

[ovirt-users] Re: VLAN Trunk interface with OVN provider (ovirt HE 4.2.6.4-1.el7)

2018-09-21 Thread Dominik Holler

On Fri, 21 Sep 2018 14:17:37 +0200
Sandro Bonazzola  wrote:

> Il giorno ven 21 set 2018 alle ore 12:34 Davide Butti
>  ha scritto:
> 
> > Hello; I'm having some hard time getting my oVirt cluster back to
> > work, after the last update to 4.2.6.
> >
> > One thing that does not work anymore is VLAN Trunks; before the
> > update, the cluster was running in OVS mode, and I could define
> > logical networks without VLAN tag; then, networks packets got
> > forwarded to the guest as "tagged".
> >
> > Right now version 4.2.6 won't allow me to assign the (OVS) Logical
> > network to the guest NICs anymore, but it insists that I use a vNIC
> > profile from an external provider.
> >
> > First question: Is this expected? Must I really work with externally
> > provided networks only?
> >

Yes, this way there is a clean separation between VM networks and host
networks.

> > Anyway, for the vNIC interfaces that only carry untagged traffic, I
> > was able to define an external OVN network, connect it to the
> > corresponding "Data center Network", and everything works as it did
> > before. But the "trick" does not work for "trunk" interfaces that
> > should carry VLAN tagged traffic.
> >
> > So to the second (main) question? How is this to be solved? Is
> > there a way to define a VLAN trunk under OVN? 

Trunk is not implemented in ovirt-provider-ovn.
If you think that this would be helpful for you, you are welcome to
create a bug and explain in short words your motivation.

> > Or is there a way to
> > pickup a Data Center logical network to attach to the vNIC as we
> > did before?
> >

As it is not working with networks provided by ovirt-provider-ovn, it
should work with neutron networks in clusters with OVS switch type, or
with oVirt logical networks or neutron networks in clusters with
linux-bridge switch type.

> >  
> 
> Dominic, can you please have a look?
> 
> 
> 
> 
> > Thanks in advance for your help!
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> > oVirt Code of Conduct:
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/P4OCWNPMJ442EJJJ3IC6MQD5G44ID26B/
> >  
> 
> 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7STI2AQATLR5OEBXSRCX5YQ4USOKLRWO/

[ovirt-users] Re: VLAN Trunk interface with OVN provider (ovirt HE 4.2.6.4-1.el7)

2018-09-21 Thread Dominik Holler

On Fri, 21 Sep 2018 16:56:58 -
"Davide Butti"  wrote:

> Hi Dominik, thanks for your reply. Of course use cases for VLAN
> trunks to the guests are not difficult to find, for example when you
> want to run a virtual router inside the VM, and you don't want to

Why does PCI passthrough / SR-IOV does not fit in your case?

> define dozens or hundreds individual VLANs into the router. Anyways,
> I'll take the time to write a full bug description to try and have
> this supported.
> 

Thanks.

> In the meantime I've found another disturbing issue: even when I
> create a vNIC profile with "no network filter" assigned, the vNIC
> will only accept incoming network packets with the "correct"
> destination MAC address, although the VM is also replying to ARP
> queries for different ones (ARP spoofing, which is needed by many
> Virtual-IP protocols). What's going on in this case? Is there a
> "no-mac-spoofing" filter which is applied inadvertently, independent
> of vNIC profile? Or am I missing something? 

You miss nothing, oVirt configures OVN to bind the "correct" MAC
address on the VM's port.

> Do you believe I should post a bug for this issue, too?
> 

Would be nice if you would post a bug for this, too.
It would be helpful if you would give at least one concrete example of
a Virtual-IP protocol which should work inside the VM and runs into the
issue.


> Thanks again,

I have to thank you for the feedback!


> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/ List
> Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/UPKTZANZ2YEJDSIJLJTDU2NYBDGTWTOM/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/K42SJLAOCE6Q4KWAAKJBL6CBWT7MU75H/

[ovirt-users] Re: Cannot configure local storage, network issue?

2018-09-24 Thread Dominik Holler





On Mon, 24 Sep 2018 07:57:03 +
Callum Smith  wrote:

> Dear Dominik,
> 
> Thanks for taking the time to reply, and sorry for my delay in
> replying. I don't actually want to remove the host from the cluster,
> I want to configure local storage. The whole point of the configure
> local storage tool is to create a new cluster with local storage of
> the machine configured right?
> 

Yes, so the host has to be removed from the old culster, and even from
the old data center.
If you want to configure the default network 'ovirtmgmt' before adding
the host, I expect the following steps should fit your scenario:
1. Create new data center with local storage type
2. Create new cluster in the new data center
3. Modify ovirtmgmt of the new data center
4. Add the host to the new cluster
5. Add new storage domain to the new data center with
   storage type "Local on Host"

Does this fit to your needs?

> Regards,
> Callum
> 
> --
> 
> Callum Smith
> Research Computing Core
> Wellcome Trust Centre for Human Genetics
> University of Oxford
> e. cal...@well.ox.ac.uk<mailto:cal...@well.ox.ac.uk>
> 
> On 21 Sep 2018, at 15:14, Dominik Holler
> mailto:dhol...@redhat.com>> wrote:
> 
> On Fri, 21 Sep 2018 15:05:59 +0200
> Sandro Bonazzola mailto:sbona...@redhat.com>>
> wrote:
> 
> Il giorno ven 21 set 2018 alle ore 14:58 Callum Smith
> mailto:cal...@well.ox.ac.uk>> ha scritto:
> 
> Dear All,
> 
> I'lm getting this problem when trying to add local storage from the
> node:
> 
> Cannot edit Host. Moving a host to a cluster with different
> management network is not allowed. That might cause connectivity
> loss.
> 
> The cluster the host is in uses a different default network to the
> default cluster - is this the problem?
> 
> 
> Yes, but you can remove the host from oVirt and add again to the new
> cluster.
> 
> 
> Adding Dominik
> 
> 
> 
> Regards,
> Callum
> 
> --
> 
> Callum Smith
> Research Computing Core
> Wellcome Trust Centre for Human Genetics
> University of Oxford
> e. cal...@well.ox.ac.uk<mailto:cal...@well.ox.ac.uk>
> 
> ___
> Users mailing list -- users@ovirt.org<mailto:users@ovirt.org>
> To unsubscribe send an email to
> users-le...@ovirt.org<mailto:users-le...@ovirt.org> Privacy
> Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of
> Conduct: https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/UW7UZBPD5SWQ54PWETWPYY2AYZDV5IVK/
> 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/X3OFNVRV5KACX7DLVRNWKQBEM4OISANZ/

[ovirt-users] Re: Live Migration broken in 4.2.6 under OVS/OVN networking

2018-09-25 Thread Dominik Holler

On Mon, 24 Sep 2018 14:57:24 -
"Davide Butti"  wrote:

> Hello; despite many tests and tentative adjustments, I'm currently unable to 
> live migrate VMs on oVirt 4.2.6.
> 
> The vdsm.log contains a "failed to migrate" error, that points to an attempt 
> to access a non-existent network port "TestOne". This is in fact the name of 
> the (externally defined) network, and isn't anywhere to be seen as OVS port.
> 
> 2018-09-24 14:32:57,059+ ERROR (migsrc/4c0255b5) [virt.vm] 
> (vmId='4c0255b5-0f52-4da7-ac97-d54d815cd6ab') Cannot get interface MTU on 
> 'TestOne': No such device (migration:290)
> 2018-09-24 14:32:57,793+ ERROR (migsrc/4c0255b5) [virt.vm] 
> (vmId='4c0255b5-0f52-4da7-ac97-d54d815cd6ab') Failed to migrate 
> (migration:455)
> Traceback (most recent call last):
>   File "/usr/lib/python2.7/site-packages/vdsm/virt/migration.py", line 437, 
> in _regular_run
> self._startUnderlyingMigration(time.time())
>   File "/usr/lib/python2.7/site-packages/vdsm/virt/migration.py", line 509, 
> in _startUnderlyingMigration
> self._perform_with_conv_schedule(duri, muri)
>   File "/usr/lib/python2.7/site-packages/vdsm/virt/migration.py", line 587, 
> in _perform_with_conv_schedule
> self._perform_migration(duri, muri)
>   File "/usr/lib/python2.7/site-packages/vdsm/virt/migration.py", line 529, 
> in _perform_migration
> self._migration_flags)
>   File "/usr/lib/python2.7/site-packages/vdsm/virt/virdomain.py", line 98, in 
> f
> ret = attr(*args, **kwargs)
>   File "/usr/lib/python2.7/site-packages/vdsm/common/libvirtconnection.py", 
> line 130, in wrapper
> ret = f(*args, **kwargs)
>   File "/usr/lib/python2.7/site-packages/vdsm/common/function.py", line 92, 
> in wrapper
> return func(inst, *args, **kwargs)
>   File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1746, in 
> migrateToURI3
> if ret == -1: raise libvirtError ('virDomainMigrateToURI3() failed', 
> dom=self)
> libvirtError: Cannot get interface MTU on 'TestOne': No such device
> 
> The setup was previously working under OVS, and I have 
> "migration_ovs_hook_enabled = true" under /etc/vdsm/vdsm.conf
> 

Can you please remove the "migration_ovs_hook_enabled = true" from
vdsm.conf?
If removing this option from vdsm.conf works for you, would you please
create a bug for this? - Thanks!
In 4.2.6 only OVN networks for VMs in clusters with switch type OVS are
allowed. OVN networks does not require migration_ovs_hook_enabled and
migration seems to be broken if set.


> Do I need to change anything? Is this supposed to work in the first place?
> 
> Many thanks for your help, have a nice day
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/HAQ3PDEUUKSXKED7ET6EKKOV4XYYOLUD/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/S3NDYTTTXZHVHW2VU3QZNK3VN3VWPNHM/

[ovirt-users] Re: Best way to update dns config of ovirt node

2018-09-25 Thread Dominik Holler

On Tue, 25 Sep 2018 08:19:55 +0300
Edward Haas  wrote:

> On Mon, Sep 17, 2018 at 11:50 AM, Gianluca Cecchi  > wrote:  
> 
> > On Sun, Sep 16, 2018 at 7:56 AM Edward Haas  wrote:
> >  
>  [...]  
>  [...]  
>  [...]  
>  [...]  
>  [...]  
>  [...]  
>  [...]  
>  [...]  
>  [...]  
> >>>
> >>> Thanks for your answer Edward.
> >>> What do you mean with "network attachment window"?
> >>> a) Network > Networks, then select ovirtmgmt line and edit, putting DNS
> >>> info (that is empty right now)
> >>> or
> >>> b) Compute > Hosts, then select host1 line, click on host1 name, then
> >>> Network Interfaces and Setup Host Networks. then edit ovirtmgmt > DNS
> >>> Configuration (that is empty right now)
> >>> or what?
> >>>  
> >>
> >> I meant (b). Option (a) is there to apply the same DNS entries over all
> >> hosts for that specific network.
> >> I do not see a problem of using both.
> >>  
> >
> > OK.
> > What is it expected to happen if for example I have 4 active nodes and use
> > a)?
> > Possibly all of them loosing ovirtmgmt connection with possibly dangerous
> > effects?
> >  
> 
> I consider touching the management network always as a risk, but it should
> work if you do not have VM/s on it.
> I do not recall if changing the DNS on the Network immediately causes
> setup-network commands to be sent to all hosts.
> 

Changing the DNS on the Network does immediately causes setup-network
commands to be sent to all hosts, after a big warning is shown in web UI.

> 
> >
> >  
>  [...]  
> >
> > The strange thing is that apparently it made what you say (from a files
> > content point of view) but there is no match if you go into configuration
> > inside web admin gui pages, neither at cluster level, nor at host level.
> > This was what seemed strange to me.
> > Please notice that these hosts were installed in 4.1.x and then update
> > several times up to 4.2.6.
> > So it could be the case of some sort of bug in previous versions and not
> > if I plain install right now in 4.2.6 (not tested)
> >
> >
> >  
> >> Upgraded systems (hosts have been added before DNS configuration was
> >> available) will have it empty and you will need to explicitly set it.
> >>  
> > It is not my case.
> >  
> 
> We will have to check this then. We may have changed the policy on this
> issue due to other complaints.
> (An argument that we should not enforce DNS entries if not explicitly
> requested sounds valid to me)
> 
> 

It is possible to overwrite the DNS per host. This will be reported as
'out-of-sync'. You can explicitly mark the DNS setting of a host as
synchronized to the network.

> >
> >
> >  
>  [...]  
>  [...]  
>  [...]  
> >> The DNS entry are supposed to be applied immediately through ifcfg,
> >> rebooting is an precaution to make sure it has been correctly persisted.
> >> And if the management network is not serving VM/s, then no VM evacuation
> >> is needed.
> >>  
> >
> > If host is not reachable through ovirtmgmt doesn't fencing take place? And
> > so indirect consequence a move of the VMs it had in charge?
> >  
> 
> Correct, but as far as I know it is not immediate. There is a grace period
> in which Engine (and VDSM) attempts to confirm connectivity.
> VDSM will also (try to) revert back to the previous working configuration
> in a "revert" action.
> It may also be a matter of the level of "defence" needed. As mentioned,
> there is a risk in touching the management network and your mentioned steps
> are a way to reduce the risks.
> But lets get another opinion on this, I may be wrong here.
> 

Maybe I did not get the point here.
Except a scenario of adding a host with FQDN instead of IP address to
host engine, I am not aware of a scenario to make the host unreachable
for engine by changing the DNS on the hosts.

> 
> >  
>  [...]  
>  [...]  
>  [...]  
> >
> > This is a Red Hat case number, not a bugzilla entry. Because I had the
> > same kind of problems on oVirt based environments and RHV based ones that
> > are present.
> > So for RHV  I opened a case.
> > As a consequence of the case, it was created this solution that I have not
> > tested yet:
> > https://access.redhat.com/solutions/3613731
> >
> > Please note that it requires RH account, but in my opinion should be of
> > public domain or similar information put inside oVirt documentation pages.
> > It could happen having to change DNS and it can be useful to know the
> > recommended workflow for that
> >  
>  [...]  
>  [...]  
>  [...]  
>  [...]  
> > Note also my comments regarding environment installed in 4.1 and then
> > updated to 4.2
> >
> > Thanks
> > Gianluca
> >  
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives:

[ovirt-users] Re: VM Migration

2018-09-27 Thread Dominik Holler

Would you share the vdsm.log and maybe supervdsm.log of the migration
target host?

On Thu, 27 Sep 2018 21:37:59 +0530
Budur Nagaraju  wrote:

> Hi
> 
> Can someone help on the same?
> 
> Thanks,
> Nagaraju
> 
> 
> On Thu, Sep 27, 2018, 2:50 PM Budur Nagaraju  wrote:
> 
> > Hi ,
> >
> > Have build oVirt4.2 setup with node4.2 ,while doing a vm migration am
> > facing issues , below is the attached error.
> >
> > Can you please help to resolve?
> >
> >
> > https://pastebin.com/BAzCsbAS
> >
> >
> > Thanks,
> > Nagaraju
> >
> >  
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/I36V7PXK5TRD7LWRQU5YG56WVG7TUFQM/

[ovirt-users] Re: Live Migration broken in 4.2.6 under OVS/OVN networking

2018-09-25 Thread Dominik Holler

On Tue, 25 Sep 2018 14:44:33 -
"Davide Butti"  wrote:

> Yes, after setting "migration_ovs_hook_enabled = false" it works indeed, 
> thanks.
> 

Thanks for the feedback.

> Shouldn't the upgrade process that care of resetting this option 
> automatically?
> 

Either this or maybe the migration_ovs_hook_enabled can be removed
completely. Your bug will help to track this.

> Also, after the upgrade no VM can be started before redefining all the 
> network connections - shouldn't the release notes be updated to inform about 
> that?
> 

Maybe this did not get enough attention, because the OVS switch type is
just in technology preview state.
For completeness, the reference to the bug to track the relevant change:
https://bugzilla.redhat.com/1539589


> I will post a bug with an explanation of the issues I've encountered, hope 
> this helps.


Sure! Thanks.

> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/P6FVI6EPHIQOGCQ6UZLDPONGKNKE6HHZ/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QMXABHSSF3U5427NPMK4FTYGXRCN3ZI6/

[ovirt-users] Re: ovirtmgmt always out of sync on ovirt node

2019-01-18 Thread Dominik Holler

On Fri, 18 Jan 2019 12:58:12 +0100
Jorick Astrego  wrote:

> 
> On 1/18/19 11:12 AM, Sandro Bonazzola wrote:
> >
> >
> > Il giorno ven 18 gen 2019 alle ore 10:05 Jorick Astrego
> > mailto:jor...@netbulae.eu>> ha scritto:
> >
> > Hi,
> >
> > We're switching from Centos 7 hosts to oVirt node ng (tried 4.2.7,
> > 4.3rc1 and 4.3rc2) and after adding them to oVirt (currently on
> > 4.3rc2) the ovirtmgmt interface is always out of sync.
> >
> > Tried synching the network and refresh capabilities. I also tried
> > removing ovirtmgmt from the interface and adding it to a bond,
> > then I get this error:
> >
> > Cannot setup Networks. The following Network definitions on
> > the Network Interface are different than those on the Logical
> > Network. Please synchronize the Network Interface before
> > editing network ovirtmgmt. The non-synchronized values are:
> > ${OUTAVERAGELINKSHARE} ${HOST_OUT_OF_SYNC} - null,
> > ${DC_OUT_OF_SYNC} - 50
> >
> > I can setup the bond at install so the ovirtmgmt will use it so I
> > can use the host, but I'm hesitant to do this in production as I
> > cannot change the interface anymore.
> >
> >
> > Thanks for the report Jorick, adding some people for investigating on
> > this issue.
> > Did you open a bug to track this? If I understood correctly this
> > affects ovirt-engine from 4.3.0 rc2 with ovirt-node-ng both from
> > stable 4.2.7 and from pre release rc1 and rc2 right?
> 
> Yep, BZ:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1667411
> 

Thanks for creating the bug.
I asked on the bug for further information.


> > Did you see same issue with engine 4.2.7 and node-ng 4.2.7? If not,
> > seems to be a regression in ovirt-engine.
> >
> >
> Sorry didn't try, I had already upgraded the engine. Will see if I can
> reproduce on the older version.
> 
> >  
> >
> > Regards,
> >
> > Jorick Astrego
> >
> >
> >
> >
> >
> > Met vriendelijke groet, With kind regards,
> >
> > Jorick Astrego
> > *
> > Netbulae Virtualization Experts *
> > 
> > Tel: 053 20 30 270  i...@netbulae.eu 
> > Staalsteden 4-3AKvK 08198180
> > Fax: 053 20 30 271  www.netbulae.eu 
> > 7547
> > TA Enschede BTW NL821234584B01
> >
> >
> > 
> >
> > ___
> > Users mailing list -- users@ovirt.org 
> > To unsubscribe send an email to users-le...@ovirt.org
> > 
> > Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> > oVirt Code of Conduct:
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> > 
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/S4SMWRA4DDA5P3DO5NAKPRUWK42QZVGJ/
> >
> >
> >
> > -- 
> >
> > SANDRO BONAZZOLA
> >
> > MANAGER, SOFTWARE ENGINEERING, EMEA R RHV
> >
> > Red Hat EMEA 
> >
> > sbona...@redhat.com    
> >
> > 
> >
> 
> 
> 
> 
> Met vriendelijke groet, With kind regards,
> 
> Jorick Astrego
> 
> Netbulae Virtualization Experts 
> 
> 
> 
>   Tel: 053 20 30 270  i...@netbulae.euStaalsteden 4-3A
> KvK 08198180
>   Fax: 053 20 30 271  www.netbulae.eu 7547 TA Enschede
> BTW NL821234584B01
> 
> 
> 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/2LV2HC2HFP5WPPLNKBCB3C5DZYQRZU3H/

[ovirt-users] Re: Import VM from OVA not working

2019-01-18 Thread Dominik Holler

On Fri, 18 Jan 2019 05:31:58 -
k...@intercom.pro wrote:

> Hi all.
> 
> Make dir /var/lib/exports/import
> 
> chown 36:36 /var/lib/exports/import/VM.ova
> 
> Go to oVirt admin portal. Import Vm from OVA source. In file path -  
> /var/lib/exports/import/VM.ova
> 

Are you aware that the path /var/lib/exports/import/VM.ova is
supposed to be on the host selected in the line above the path in the
same dialog?

> Error:
> Failed to load VM configuration from OVA file: /var/lib/exports/import/VM.ova
> 
> Log file ovirt-query-ova-ansible:
> 
> 2019-01-18 10:26:25,018 p=8066 u=ovirt |  Traceback (most recent call last):
>   File 
> "/root/.ansible/tmp/ansible-tmp-1547789184.32-243441920380227/query_ova.py", 
> line 59, in 
> ovf = get_ovf_from_dir(ova_path, sys.argv[2])
>   File 
> "/root/.ansible/tmp/ansible-tmp-1547789184.32-243441920380227/query_ova.py", 
> line 29, in get_ovf_from_dir
> files = os.listdir(ova_path)
> OSError: [Errno 2] No such file or directory: '/var/lib/exports/import/VM.ova'
> 
> ls -la /var/lib/exports/import/
> 
> -rw-r--r--. 1 vdsm kvm  4165205504 Jan 17 22:51 VM.ova
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/MI3NGTD2UDW5Y5DJQPLHYDOBMEACLEAZ/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/NXGMU4S5BSXDRSTHTGITF5JAWEJRC2CC/

[ovirt-users] Re: ovirt 4.2 HCI rollout

2019-01-21 Thread Dominik Holler

Would you please share the related ovirt-host-deploy-ansible-*.log
stored on the host in /var/log/ovirt-hosted-engine-setup ?

Would you please also share the output of
getent ahosts YOUR_HOSED_ENGNE_FQDN | cut -d' ' -f1 | uniq
if executed on this host?


On Mon, 21 Jan 2019 13:37:53 -
"Markus Schaufler"  wrote:

> Hi,
> 
> I'm trying a (nested) ovirt 4.2.7 HCI rollout on 3 centos VM's by following 
> https://ovirt.org/documentation/gluster-hyperconverged/chap-Deploying_Hyperconverged.html
> gluster deployment was successful but at HE deployment "stage 5" I got 
> following error:
> 
> [ INFO ] TASK [Reconfigure OVN central address]
> [ ERROR ] fatal: [localhost]: FAILED! => {"msg": "The task includes an option 
> with an undefined variable. The error was: 'dict object' has no attribute 
> 'stdout_lines'\n\nThe error appears to have been in 
> '/usr/share/ovirt-hosted-engine-setup/ansible/create_target_vm.yml': line 
> 522, column 5, but may\nbe elsewhere in the file depending on the exact 
> syntax problem.\n\nThe offending line appears to be:\n\n # 
> https://github.com/oVirt/ovirt-engine/blob/master/packaging/playbooks/roles/ovirt-provider-ovn-driver/tasks/main.yml\n
>  - name: Reconfigure OVN central address\n ^ here\n"}
> 
> 
> /var/log/messages:
> Jan 21 14:09:56 HCI01 journal: ovirt-ha-agent 
> ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine ERROR Engine VM 
> stopped on localhost
> Jan 21 14:10:01 HCI01 systemd: Started Session 22 of user root.
> Jan 21 14:10:02 HCI01 systemd: Started Session c306 of user root.
> Jan 21 14:10:03 HCI01 systemd: Started Session c307 of user root.
> Jan 21 14:10:06 HCI01 vdsm[3650]: WARN executor state: count=5 
> workers=set([, 
>object at 0x7fd2d4679490> at 0x7fd2d4679710> timeout=7.5, duration=7 at 
> 0x7fd33c1e0ed0> disca
> rded task#=413 at 0x7fd2d5ed0510>,  at 0x7fd2d5ed0b10>,  0x7fd2d425f650>,  =periodic/2 waiting task#=412 at 0x7fd2d5ed07d0>])
> Jan 21 14:10:06 HCI01 kernel: ovirtmgmt: port 2(vnet0) entered disabled state
> Jan 21 14:10:06 HCI01 kernel: device vnet0 left promiscuous mode
> Jan 21 14:10:06 HCI01 kernel: ovirtmgmt: port 2(vnet0) entered disabled state
> Jan 21 14:10:06 HCI01 NetworkManager[3666]:   [1548076206.9177] device 
> (vnet0): state change: disconnected -> unmanaged (reason 'unmanaged', 
> sys-iface-state: 'remo
> ved')
> Jan 21 14:10:06 HCI01 NetworkManager[3666]:   [1548076206.9180] device 
> (vnet0): released from master device ovirtmgmt
> Jan 21 14:10:06 HCI01 lldpad: recvfrom(Event interface): No buffer space 
> available
> Jan 21 14:10:06 HCI01 libvirtd: 2019-01-21 13:10:06.925+: 2651: error : 
> qemuMonitorIORead:609 : Unable to read from monitor: Connection reset by peer
> Jan 21 14:10:07 HCI01 kvm: 0 guests now active
> Jan 21 14:10:07 HCI01 systemd-machined: Machine qemu-3-HostedEngine 
> terminated.
> Jan 21 14:10:07 HCI01 libvirtd: 2019-01-21 13:10:07.125+: 2704: warning : 
> qemuGetProcessInfo:1406 : cannot parse process status data
> Jan 21 14:10:07 HCI01 libvirtd: 2019-01-21 13:10:07.125+: 2704: warning : 
> qemuGetProcessInfo:1406 : cannot parse process status data
> Jan 21 14:10:07 HCI01 libvirtd: 2019-01-21 13:10:07.125+: 2704: warning : 
> qemuGetProcessInfo:1406 : cannot parse process status data
> Jan 21 14:10:07 HCI01 libvirtd: 2019-01-21 13:10:07.125+: 2704: warning : 
> qemuGetProcessInfo:1406 : cannot parse process status data
> Jan 21 14:10:07 HCI01 libvirtd: 2019-01-21 13:10:07.126+: 2704: error : 
> virNetDevTapInterfaceStats:764 : internal error: /proc/net/dev: Interface not 
> found
> Jan 21 14:10:07 HCI01 firewalld[24040]: WARNING: COMMAND_FAILED: 
> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-is-bridged 
> --physdev-out vnet0 -g FP-vnet
> 0' failed: iptables v1.4.21: goto 'FP-vnet0' is not a chain#012#012Try 
> `iptables -h' or 'iptables --help' for more information.
> Jan 21 14:10:07 HCI01 firewalld[24040]: WARNING: COMMAND_FAILED: 
> '/usr/sbin/iptables -w2 -w -D libvirt-out -m physdev --physdev-out vnet0 -g 
> FP-vnet0' failed: iptables v
> 1.4.21: goto 'FP-vnet0' is not a chain#012#012Try `iptables -h' or 'iptables 
> --help' for more information.
> Jan 21 14:10:07 HCI01 firewalld[24040]: WARNING: COMMAND_FAILED: 
> '/usr/sbin/iptables -w2 -w -D libvirt-in -m physdev --physdev-in vnet0 -g 
> FJ-vnet0' failed: iptables v1.
> 4.21: goto 'FJ-vnet0' is not a chain#012#012Try `iptables -h' or 'iptables 
> --help' for more information.
> Jan 21 14:10:07 HCI01 firewalld[24040]: WARNING: COMMAND_FAILED: 
> '/usr/sbin/iptables -w2 -w -D libvirt-host-in -m physdev --physdev-in vnet0 
> -g HJ-vnet0' failed: iptable
> s v1.4.21: goto 'HJ-vnet0' is not a chain#012#012Try `iptables -h' or 
> 'iptables --help' for more information.
> Jan 21 14:10:07 HCI01 firewalld[24040]: WARNING: COMMAND_FAILED: 
> '/usr/sbin/iptables -w2 -w -F FP-vnet0' failed: iptables: No 
> chain/target/match by that name.
> Jan 21 14:10:07 HCI01 firewalld[24040]: WARNING:

[ovirt-users] Re: How to connect 2 hosts

2019-01-21 Thread Dominik Holler

On Mon, 21 Jan 2019 17:56:14 +
Adamantini Peratikou  wrote:

> Thank you for your reply amd advice.
> 
> I ve tried that, but unfortunately when the vm-router starts on host1 it will 
> only assign IPs toVMs residing on host1. If i migrate the  vm-router on host2 
> it will  assign IPs only on Vms residing on host2.
> 
> And even if i assign IPs manually..
> I can ping all the VMs under host1 from a host1 VM,
> I can ping all the VMs under host2 from a host2 VM.
> 
> I cannot ping a host2 VM from a host1VM and vice versa.
> 

Let's ensure that the hosts can communicate via the logical network:
If you assign IP addresses to the network attachments of the
logical network on host1 and host2, can host1 ping from
host2 via this IP addresses on the VLAN/logical network?

How are the hosts connected?

> 
>  Dominik Holler wrote 
> 
> On Mon, 21 Jan 2019 14:00:14 -
> adamantini.perati...@ouc.ac.cy wrote:
> 
> > I  have the following configuraton:
> > 1 cluster, 2 Hosts
> >
> >  I would like to use a Vm-router under Host 1 to act as a dhcp server for 
> > both HOST1 and HOST2 VMs is it possible?
> 
> 
> Yes.
> oVirt's logical networks provides isolation on layer 2.
> If the switch connection the two hosts does not block this, you can
> 1. create a new logical network with a vlan tag in oVirt,
> 2. connect this new logical network to both hosts,
>( Compute > Hosts > xxx > Network Interfaces > Setup Host Networks)
> 3. add a new network interface with network profile of the new logical
>network to the router/dhcp server VM and
> 4. use the same logical network for the network interface of the client
>VMs.
> 
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> > oVirt Code of Conduct: 
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives: 
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/4NBEAG24CADMVTQBCIQBQGU5JDYULRS3/
> 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JMTNFFRLH6BDJ4CRIMB2BB4KWIQAC56Z/

[ovirt-users] Re: How to connect 2 hosts

2019-01-21 Thread Dominik Holler

On Mon, 21 Jan 2019 14:00:14 -
adamantini.perati...@ouc.ac.cy wrote:

> I  have the following configuraton:
> 1 cluster, 2 Hosts 
> 
>  I would like to use a Vm-router under Host 1 to act as a dhcp server for 
> both HOST1 and HOST2 VMs is it possible?

Yes.
oVirt's logical networks provides isolation on layer 2.
If the switch connection the two hosts does not block this, you can 
1. create a new logical network with a vlan tag in oVirt,
2. connect this new logical network to both hosts,
   ( Compute > Hosts > xxx > Network Interfaces > Setup Host Networks)
3. add a new network interface with network profile of the new logical
   network to the router/dhcp server VM and
4. use the same logical network for the network interface of the client
   VMs.

> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/4NBEAG24CADMVTQBCIQBQGU5JDYULRS3/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/U22KRRI5Q5HVOA53I3K32AX5S3XG57KG/

[ovirt-users] Re: How to connect 2 hosts

2019-01-22 Thread Dominik Holler

On Tue, 22 Jan 2019 07:33:19 -
"ada per"  wrote:

> Thank you i try pinging Host1 from Host 2 with the following results:
> On a logical network Host1 can ping host2 but while on  a VLAN host 1 cannot 
> ping host2.
> 
> The hosts are physically connected via a switch.

Can you please check if the switch allows VLANs on the used ports?

Alternatively, you can connect the VMs via
external networks without subnets, e.g. provided by preconfigured
ovirt-provider-ovn, to the router VM.

> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/AASF52IJU4SEUCIZDN3VYAN36SL7V7GT/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/CNJZ3KZ7PLCAV5TE75UWT3HNIAWLPNJ4/

[ovirt-users] Re: Roles and Permissions and Inheritance

2019-01-22 Thread Dominik Holler

On Wed, 12 Dec 2018 15:25:56 -
"Brian Wilson"  wrote:

> Is there a way to prevent Roles Assigned to Groups on Objects to only apply 
> to where it is set?
> 
> 
> Basically looking for a way to do what we had done in VMWare which involved 
> using the do not propagate permission setting.
> 
> 
> be able 
> Seems to me that right now there is no way to set this so if i give access to 
> something at the top level of a DC those accesses wlll overide if i then 
> explcitly set another role and permission on an object underneath
> 
> 
> Lets take as a concrete example the ovirtmgmt network.   I do not want users 
> in the engine to be able to place VMs on this (but i want the Superusers to 
> be able to still) How can i accomplish this with the way roles and 
> permissions work with Ovirt?
> 

The attachment of logical networks to VMs is manged in oVirt by "vNIC
Profiles". The Boolean property "Public" of vNIC Profiles enables simple
permission management to allow or deny the attachment of the logical
network to a VM by Users.

If "Public" is set, all Users are allowed to attach the related logical
network to the VMs he/she is allowed to manage.

If "Public" is not set, only Users/Administrators with the required permissions
(e.g. "Assign vNIC Profile to VM") are allowed to attach the logical
network to a VM.

If you want to prevent users in the Engine to be able to place VMs on
ovirtmgmt, you have to remove this "Public" permissions from the ovirtmgmt 
object.
In the web UI, this can be done like this:
In Administration > Configure > Roles
Select the role "VnicProfileUser".
This will show a table of the allowed User-Object pairs.
Select the pair of the user "Everyone" and the "Object" ovirtmgmt
and remove this pair.
This will prevent users attaching their VMs to ovirtmgmt.
Please make sure that there are no additional permissions on ovirtmgmt
and/or its vNic Profile that violates the desired permissions level.  
However, if the VM was already created and has an interface attached to 
'ovirtmgmt',
these attainments has to be removed or replaced manually.

> 
> thanks!
> Brian
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/PY6ZITVTLFNXFXN7PQ6TO46UMTVOGB23/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/6YZDHOSHHQPIVYYTFFHEW7NPRT2CX45D/

[ovirt-users] Re: How to connect 2 hosts

2019-01-22 Thread Dominik Holler

On Tue, 22 Jan 2019 16:18:06 +0200
ada per  wrote:

> Thank you for all the advice.
> 
> The reason  for the issue was the physical switch like you said!!
> 
> The issue is now fixed.
> 

Thanks for letting us know!

> Thanks 
> 
> 
> On Tue, 22 Jan 2019, 10:04 Dominik Holler  
> > On Tue, 22 Jan 2019 07:33:19 -
> > "ada per"  wrote:
> >
> > > Thank you i try pinging Host1 from Host 2 with the following results:
> > > On a logical network Host1 can ping host2 but while on  a VLAN host 1
> > cannot ping host2.
> > >
> > > The hosts are physically connected via a switch.
> >
> > Can you please check if the switch allows VLANs on the used ports?
> >
> > Alternatively, you can connect the VMs via
> > external networks without subnets, e.g. provided by preconfigured
> > ovirt-provider-ovn, to the router VM.
> >
> > > ___
> > > Users mailing list -- users@ovirt.org
> > > To unsubscribe send an email to users-le...@ovirt.org
> > > Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> > > oVirt Code of Conduct:
> > https://www.ovirt.org/community/about/community-guidelines/
> > > List Archives:
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/AASF52IJU4SEUCIZDN3VYAN36SL7V7GT/
> >
> >
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XZWE7QXILQDCFFTVDZD7PRIBZI6I6RGV/

[ovirt-users] Re: losing ib0 connection after activating host

2018-12-10 Thread Dominik Holler

On Mon, 10 Dec 2018 18:09:40 +
Douglas Duckworth  wrote:

> Hi Dominik,
> 
> I have added LACP bond network to all hosts and renamed the Hosted Engine 
> using "/usr/share/ovirt-engine/setup/bin/ovirt-engine-rename."
> 
> However, I am still missing the option to assign Migration and Management 
> network roles to this new bond.
> 
> Can you advise where I can find this option?
> 

You cannot assign this role to the host interface directly, but to the
network, which is assigned to the interface, in
"Compute > Clusters > Clustername > Logical Networks > Manage Networks"

> Thanks,
> 
> Douglas Duckworth, MSc, LFCS
> HPC System Administrator
> Scientific Computing Unit<https://scu.med.cornell.edu>
> Weill Cornell Medicine
> 1300 York Avenue
> New York, NY 10065
> E: d...@med.cornell.edu<mailto:d...@med.cornell.edu>
> O: 212-746-6305
> F: 212-746-8690
> 
> 
> On Fri, Aug 24, 2018 at 11:52 AM Dominik Holler 
> mailto:dhol...@redhat.com>> wrote:
> On Fri, 24 Aug 2018 09:46:25 -0400
> Douglas Duckworth mailto:dod2...@med.cornell.edu>> 
> wrote:
> 
> > Sorry, I mean "migration network" for moving live migration traffic.
> >  
> 
> You have to create a new logical network in
> "Network > Networks > New"
> and assign this to ib0 in
> "Compute > Hosts > hostname > Network Interfaces > Setup Host Networks".
> After this you can assign a role to this network in
> "Compute > Clusters > Clustername > Logical Networks > Manage Networks"
> 
> 
> > FDR infiniband much faster than 1Gb network which currently acts as
> > migration network, vm network, display network, mgmt network, etc.
> >
> > Thanks,
> >
> > Douglas Duckworth, MSc, LFCS
> > HPC System Administrator
> > Scientific Computing Unit
> > Weill Cornell Medicine
> > 1300 York - LC-502
> > E: d...@med.cornell.edu<mailto:d...@med.cornell.edu>
> > O: 212-746-6305
> > F: 212-746-8690
> >
> >
> > On Fri, Aug 24, 2018 at 9:36 AM, Dominik Holler 
> > mailto:dhol...@redhat.com>>
> > wrote:
> >  
> > > On Thu, 23 Aug 2018 13:51:39 -0400
> > > Douglas Duckworth 
> > > mailto:dod2...@med.cornell.edu>> wrote:
> > >  
> > > > THANKS!
> > > >
> > > > ib0 now up with NFS storage back on this hypervisor
> > > >  
> > >
> > > Thanks for letting us know.
> > >  
> > > > Though how do I make it a transfer network?  I don't see an
> > > > option.  
> > >
> > > I do not understand the meaning of "transfer network".
> > > The network interface to use for NFS results from the routing
> > > tables of the host.
> > > In "Compute > Clusters > Clustername > Logical Networks > Manage
> > > Networks" network roles for some kind of loads can be assigned, but
> > > not for NFS access.
> > >
> > >  
> > > > Thanks,
> > > >
> > > > Douglas Duckworth, MSc, LFCS
> > > > HPC System Administrator
> > > > Scientific Computing Unit
> > > > Weill Cornell Medicine
> > > > 1300 York - LC-502
> > > > E: d...@med.cornell.edu<mailto:d...@med.cornell.edu>
> > > > O: 212-746-6305
> > > > F: 212-746-8690
> > > >
> > > >
> > > > On Thu, Aug 23, 2018 at 11:12 AM, Douglas Duckworth
> > > > mailto:dod2...@med.cornell.edu>  
> > > > > wrote:  
> > > >  
> > > > > Hi Dominik
> > > > >
> > > > > Yes, the network-script was created by our Ansible role that
> > > > > deploys CentOS hosts.  It pulls the IP from DNS then templates
> > > > > the script and copies to host.
> > > > >
> > > > > I will try this oVirt step then see if it works!
> > > > >
> > > > > Thanks,
> > > > >
> > > > > Douglas Duckworth, MSc, LFCS
> > > > > HPC System Administrator
> > > > > Scientific Computing Unit
> > > > > Weill Cornell Medicine
> > > > > 1300 York - LC-502
> > > > > E: d...@med.cornell.edu<mailto:d...@med.cornell.edu>
> > > > > O: 212-746-6305
> > > > > F: 212-746-8690
> > > > >
> > > > >
> > > > > On Thu, Aug 23, 2018 at 11:09 AM, Dominik Holler
> > > > > mailto:dhol...@redhat.c

[ovirt-users] Re: Ovirt VDI Solution network issue

2019-01-11 Thread Dominik Holler

On Thu, 10 Jan 2019 17:45:34 +0100
Sandro Bonazzola  wrote:

>Il giorno mar 8 gen 2019, 19:10  ha scritto:
>
>> Hello, first time poster looking for help on setting up the network for a
>> VDI deployment.
>

Should the virtual machines be accessible from outside, e.g. to access
remote desktop, or do you want to use the oVirt SPICE console?

>
>Welcome to the oVirt community!
>
>
>
>A little background, I have Ovirt engine running on a Vmware virtual
>> machine and have added a physical host to serve up virtual machines running
>> windows 7 to our developers.
>
>
>why not using self hosted engine instead of the VMware VM?
>
>
>
>The host has a static IP address and when I create a virtual machine I can
>> see the default network is attached and up but does not receive an IP
>> address. It does have a MAC so I'm wondering if I need to have our network
>> team assign an IP for that MAC?

Yes, if your network team would assign an IP for that MAC, e.g. for
static assignment inside the virtual machine or via DHCP.
Please note that oVirt allows you to manage the MAC addresses of the
VMs.
(With the exception of external networks like OVN or OpenStack
Neutron networks) oVirt's VM networking is focused on layer 2, and does
not care about layer 3 issues like IP address management and routing.

>> I will be creating around 20 vm's that
>> would get wiped after use so assigning static ip's might cause issues.

I could image that there are some less straight forward solutions like
cloudinit, or a script inside the VM possible, but I would prefer to
manage the IP addresses outside the guests, e.g. by a DHCP server.

> Am I
>> missing something or is there a better way to setup the LAN for this host?

Straight forward would be the use a DHCP server for IP address
management.
A simple way would be to use a DHCP server of your host management
network. The host management network is represented by the logical
network "ovirtmgmt" in oVirt. This DHCP server is probably managed
by your network team.

A more complex way would be to create a dedicated VLAN on layer 2,
represented in oVirt by a new logical network with a VLAN tag.
All the VDI VMs could be attached to this new logical network and a
dedicated node could provide higher layer services like a DHCP server
and IP routing between the new VLAN and the host management network.
This node could be a usual physical router, or a oVirt VM, with access
to both layer 2 networks.
Please note that the already existing routers have to learn about the
new network, if the VDI clients cannot added to the new VLAN.

>> Thanks for any help!
>>
>
>
>adding some people for your questions.
>
>
>___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/YZTZ3IZVXMBWFAH44HVQXB4GWKPVOF7H/
>>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/2OJADXHNTHGM3XYXL2FEMQMPPZR44SPB/

[ovirt-users] Re: move 'ovirtmgmt' bridge to a bonded NIC team

2019-01-09 Thread Dominik Holler

On Tue, 8 Jan 2019 17:01:38 +
Shawn Southern  wrote:

>We've recently added additional NICs to our oVirt nodes, and want to move the 
>ovirtmgmt interface to one of the bonded interfaces, away from the single 
>ethernet port currently used.  This is to provide redundant connectivity to 
>the nodes.
>
>I've not had any luck finding documentation on how to do this.  If we change 
>it manually by editing files in /etc/sysconfig/network-scripts, VDSM simply 
>changes everything back.
>

Please use oVirt Engine to manage the network configuration.

>I'm just looking to be pointed in the right direction here.
>

I see no reason why the usual way of configuring host networking via
Compute > Hosts > hostname > Network Interfaces > Setup Host Networks
should not work.
ovirtmgmt must not be used by a VM on this host during the change,
and ovirtmgmt should use a static IP address in
Setup Host Networks > Edit management network: ovirtmgmt > IPv4.
It might be a good idea to move the host to maintenance before the change,
and ensure connectivity from the bond to oVirt Engine, because the change will 
be rolled back,
if connectivity is lost.

>Thanks!
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/I7MG6G6XMTFCWSHZOXUOAKREFT6LSDIL/

[ovirt-users] Re: Failed to synchronize networks of Provider ovirt-provider-ovn

2018-09-12 Thread Dominik Holler

On Wed, 12 Sep 2018 14:42:15 -
m...@set-pro.net wrote:

> I have a same issue with OVN provider and SSL, but certificate
> changes not helps to resolve it. I use following
> https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2/html/administration_guide/appe-red_hat_enterprise_virtualization_and_ssl#Replacing_the_Manager_SSL_Certificate
> to replace my cert, and after reboot get this error.
> ovirt-ca-file= is a same SSL file which use WebUI.
> I restart ovirt-provider-ovn, i restart engine, i restart everything
> what i can restart. Nothing helps...
> 
> Logs below.
> 
> [root@engine ~]# tail -n 50 /var/log/ovirt-provider-ovn.log
> 2018-09-12 14:10:23,828 root [SSL: CERTIFICATE_VERIFY_FAILED]
> certificate verify failed (_ssl.c:579) Traceback (most recent call
> last): File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py",
> line 133, in _handle_request method, path_parts, content
>   File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py",
> line 175, in handle_request return
> self.call_response_handler(handler, content, parameters) File
> "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in
> call_response_handler return response_handler(content, parameters)
> File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py",
> line 62, in post_tokens user_password=user_password) File
> "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 26, in
> create_token return auth.core.plugin.create_token(user_at_domain,
> user_password) File
> "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/plugin.py", line
> 48, in create_token timeout=self._timeout()) File
> "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75,
> in create_token username, password, engine_url, ca_file, timeout)
> File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line
> 91, in _get_sso_token timeout=timeout File
> "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54,
> in wrapper response = func(*args, **kwargs) File
> "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47,
> in wrapper raise BadGateway(e) BadGateway: [SSL:
> CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
> 
> 
> [root@engine ~]# tail -n 20 /var/log/ovirt-engine/engine.log
> 2018-09-12 14:10:23,773+03 INFO
> [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand]
> (EE-ManagedThreadFactory-engineScheduled-Thread-47) [316db685] Lock
> Acquired to object
> 'EngineLock:{exclusiveLocks='[14e4fb72-9764-4757-b37d-4d487995571a=PROVIDER]',
> sharedLocks=''}' 2018-09-12 14:10:23,778+03 INFO
> [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand]
> (EE-ManagedThreadFactory-engineScheduled-Thread-47) [316db685]
> Running command: SyncNetworkProviderCommand internal: true.
> 2018-09-12 14:10:23,836+03 ERROR
> [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand]
> (EE-ManagedThreadFactory-engineScheduled-Thread-47) [316db685]
> Command
> 'org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand'
> failed: EngineException: (Failed with error Bad Gateway and code
> 5050) 2018-09-12 14:10:23,837+03 INFO
> [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand]
> (EE-ManagedThreadFactory-engineScheduled-Thread-47) [316db685] Lock
> freed to object
> 'EngineLock:{exclusiveLocks='[14e4fb72-9764-4757-b37d-4d487995571a=PROVIDER]',
> sharedLocks=''}' 2018-09-12 14:14:12,477+03 INFO
> [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default
> task-6) [] User admin@internal successfully logged in with scopes:
> ovirt-app-admin ovirt-app-api ovirt-app-portal
> ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all
> ovirt-ext=token-info:authz-search
> ovirt-ext=token-info:public-authz-search
> ovirt-ext=token-info:validate ovirt-ext=token:password-access
> 2018-09-12 14:14:12,587+03 INFO
> [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default
> task-6) [1bf1b763] Running command: CreateUserSessionCommand
> internal: false. 2018-09-12 14:14:12,628+03 INFO
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (default task-6) [1bf1b763] EVENT_ID: USER_VDC_LOGIN(30), User
> admin@internal-authz connecting from '10.0.3.61' using session
> 's8jAm7BUJGlicthm6yZBA3CUM8QpRdtwFaK3M/IppfhB3fHFB9gmNf0cAlbl1xIhcJ2WX+ww7e71Ri+MxJSsIg=='
> logged in. 2018-09-12 14:14:30,972+03 INFO
> [org.ovirt.engine.core.bll.provider.ImportProviderCertificateCommand]
> (default task-6) [ee3cc8a7-4485-4fdf-a0c2-e9d67b5cfcd3] Running
> command: ImportProviderCertificateCommand internal: false. Entities
> affected :  ID: aaa0----123456789aaa Type:
> SystemAction group CREATE_STORAGE_POOL with role type ADMIN
> 2018-09-12 14:14:30,982+03 INFO
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (default task-6) [ee3cc8a7-4485-4fdf-a0c2-e9d67b5cfcd3] EVENT_ID:
> PROVIDER_CERTIFICATE_IMPORTED(213), Certificate for provider
>

[ovirt-users] Re: Failed to synchronize networks of Provider ovirt-provider-ovn

2018-09-14 Thread Dominik Holler

On Thu, 13 Sep 2018 11:08:28 +0200
Robert O'Kane  wrote:

> Hello,
> 
> I have a simmilar issue with ovirt-provider-ovn.
> 
> But in my config I see:
> 
> ovirt-sso-client-secret=to_be_set
> 
> Where do I find / how do I generate this token?
> 

Usually engine-setup will generate an appropriate automatically.
/etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf.

If you want to (or have to?) generate manually the client secrete,
follow this steps:

1. Run /usr/share/ovirt-engine/bin/ovirt-register-sso-client-tool.sh 
   with
   Client Id: ovirt-provider-ovn
   Client CA Certificate File Location: /etc/pki/ovirt-engine/certs/engine.cer
   Callback Prefix URL: https://:443/ovirt-engine/
2. Use the SSO_CLIENT_SECRET from the outfile produced by the previous
   command in
   /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
3. Restart ovirt-engine and ovirt-provider-ovn
   systemctl restart ovirt-engine
   systemctl restart ovirt-provider-ovn


> Thanks,
> 
> Robert O'Kane
> 
> 
> 
> On 09/12/2018 04:42 PM, m...@set-pro.net wrote:
> > I have a same issue with OVN provider and SSL, but certificate
> > changes not helps to resolve it. I use following
> > https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2/html/administration_guide/appe-red_hat_enterprise_virtualization_and_ssl#Replacing_the_Manager_SSL_Certificate
> > to replace my cert, and after reboot get this error.
> > ovirt-ca-file= is a same SSL file which use WebUI.
> > I restart ovirt-provider-ovn, i restart engine, i restart
> > everything what i can restart. Nothing helps...
> > 
> > Logs below.
> > 
> > [root@engine ~]# tail -n 50 /var/log/ovirt-provider-ovn.log
> > 2018-09-12 14:10:23,828 root [SSL: CERTIFICATE_VERIFY_FAILED]
> > certificate verify failed (_ssl.c:579) Traceback (most recent call
> > last): File
> > "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 133,
> > in _handle_request method, path_parts, content File
> > "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line
> > 175, in handle_request return self.call_response_handler(handler,
> > content, parameters) File
> > "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in
> > call_response_handler return response_handler(content, parameters)
> > File
> > "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py",
> > line 62, in post_tokens user_password=user_password) File
> > "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 26, in
> > create_token return auth.core.plugin.create_token(user_at_domain,
> > user_password) File
> > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/plugin.py", line
> > 48, in create_token timeout=self._timeout()) File
> > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75,
> > in create_token username, password, engine_url, ca_file, timeout)
> > File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py",
> > line 91, in _get_sso_token timeout=timeout File
> > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 54,
> > in wrapper response = func(*args, **kwargs) File
> > "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 47,
> > in wrapper raise BadGateway(e) BadGateway: [SSL:
> > CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
> > 
> > 
> > [root@engine ~]# tail -n 20 /var/log/ovirt-engine/engine.log
> > 2018-09-12 14:10:23,773+03 INFO
> > [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand]
> > (EE-ManagedThreadFactory-engineScheduled-Thread-47) [316db685] Lock
> > Acquired to object
> > 'EngineLock:{exclusiveLocks='[14e4fb72-9764-4757-b37d-4d487995571a=PROVIDER]',
> > sharedLocks=''}' 2018-09-12 14:10:23,778+03 INFO
> > [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand]
> > (EE-ManagedThreadFactory-engineScheduled-Thread-47) [316db685]
> > Running command: SyncNetworkProviderCommand internal: true.
> > 2018-09-12 14:10:23,836+03 ERROR
> > [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand]
> > (EE-ManagedThreadFactory-engineScheduled-Thread-47) [316db685]
> > Command
> > 'org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand'
> > failed: EngineException: (Failed with error Bad Gateway and code
> > 5050) 2018-09-12 14:10:23,837+03 INFO
> > [org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand]
> > (EE-ManagedThreadFactory-engineScheduled-Thread-47) [316db685] Lock
> > freed to object
> > 'EngineLock:{exclusiveLocks='[14e4fb72-9764-4757-b37d-4d487995571a=PROVIDER]',
> > sharedLocks=''}' 2018-09-12 14:14:12,477+03 INFO
> > [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default
> > task-6) [] User admin@internal successfully logged in with scopes:
> > ovirt-app-admin ovirt-app-api ovirt-app-portal
> > ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all
> > ovirt-ext=token-info:authz-search
> > ovirt-ext=token-info:public-authz-search
> > ovirt-ext=token-info:validate

[ovirt-users] Re: How to change host ips in engine database

2018-09-19 Thread Dominik Holler

On Tue, 18 Sep 2018 19:10:48 -0300
Jayme  wrote:

> I changed engine and host ips to a totally different subnet.  My

The way to change the IP addresses of the hosts via oVirt UI is
Compute > Hosts > hostname > Network Interfaces > Setup Host Networks >
Edit Managment NetworkL ovirtmgmgt
Did you try this already?

> cluster is up and engine is working but I'm seeing that network is
> out of sync.  If I attempt to sync the network it's changing the host
> ips back to the old subnet.  I assume I changed the IPS improperly.
> How can I update the Ovirt engine db and change the IPS manaully so
> when the sync operation occurs it sets the new and proper ips?  The
> engine loses connectivity with the host when it changes the subnet
> back to the original since it has no routes to it

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/WNGAFW7WULDEFBNV2477XCYI3BUG4VCI/

[ovirt-users] Re: ovirt-sdk_external network add

2019-01-28 Thread Dominik Holler

On Mon, 28 Jan 2019 16:34:30 -
"ada per"  wrote:

> Hello everyone, 
> I  have the following script, 
> i ve been looking in ovirt-sdk but i cannot seem to find the proper
> way of adding an external provider network under ovirt-ovn I manage
> to add logical networks and vlans but no luck in external provider. 
> 
> Any advice is appreciated 
> 
> network = networks_service.add(
> network=types.Network(
> name='ext_net',
> description='Testing network', 
> data_center=types.DataCenter(
> name='Default'
> ),
>  usages=[types.NetworkUsage.VM],
>  external_provider='ovirt-provider-ovn',  -->i know this
> part is wrong what is it supposed to be called? ),

external_provider=types.OpenStackNetworkProvider(
id=provider.id
)

please find a full example script in
https://gist.github.com/dominikholler/be7286931c0ea26b14965a5f91783cd4

> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/ List
> Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/LGGF7HZTMWDMCLNUATLHIXRYP7666TE4/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/NDVTGOIK7YVHKBUSKXDWF7KQ7PFJFISN/

[ovirt-users] Re: SR-IOV and linux bridges

2019-03-21 Thread Dominik Holler

On Wed, 20 Mar 2019 14:32:26 -
opieke...@hotmail.com wrote:

> Hello, I believe I have setup my environment to support SR-IOV. 
> I am not sure why the system creates a linux bridge when you setup and

The bridges are created if you assign the logical network to the host.
They would be used if you would connect a non-passtrough vNIC to the
network.

> bind a VM network to a virtual function on the NIC.
> 

The virtual function is bound to a concrete vNIC.
The virtual functions should not use these bridges.


> I have 2 VLANs 102 and 112 however, there are linux bridges now setup.  
> 
> I would assume with SR-IOV the VF would be connected only to the VM.
> 
> 
> [root@rhv1 ~]# brctl show
> bridge name   bridge id   STP enabled interfaces
> ;vdsmdummy;   8000.   no
> ovirtmgmt 8000.64122536772a   no  enp2s0f0
>   vnet0
> vlan-102  8000.0201   no  enp130s16f4.102
> vlan-112  8000.163d99a43b4a   no  enp130s16f2.112
> 
> [root@rhv1 ~]# ip a | grep enp130s16f
> 28: enp130s16f2:  mtu 1500 qdisc mq state UP 
> group default qlen 1000
> 29: enp130s16f4:  mtu 1500 qdisc mq state UP 
> group default qlen 1000
> 30: enp130s16f6:  mtu 1500 qdisc mq state UP 
> group default qlen 1000
> 35: enp130s16f2.112@enp130s16f2:  mtu 1500 
> qdisc noqueue master vlan-112 state UP group default qlen 1000
> 45: enp130s16f4.102@enp130s16f4:  mtu 1500 
> qdisc noqueue master vlan-102 state UP group default qlen 1000
> 
> [root@rhv1 ~]# virsh dumpxml nsg-v-west
> Please enter your authentication name: vuser
> Please enter your password:
> 
>   nsg-v-west
>   27e8e6b0-62a9-4acd-8d88-0c777adb6dc1
>   http://ovirt.org/vm/tune/1.0; 
> xmlns:ovirt-vm="http://ovirt.org/vm/1.0;>
> 
> http://ovirt.org/vm/1.0;>
> 4.2
> False
> false
> 4096
>  type="int">4096
> auto_resume
> 1553092201.47
> 
> ;vdsmdummy;
> 
> 
> 
> 
> ;vdsmdummy;
> 
> 
> 
> 
> 
> 200ee819-d377-4069-bcfa-e6e168ca7adf
> 
> e7ff0aff-4f25-4279-92d8-1f4928dcabb7
> 
> ec42e166-4a9e-11e9-b2f6-00163e2d699c
> 
> 91620241-bcb5-4177-ace1-918050841d0c
> 
> 
> 
> 
> 
> 200ee819-d377-4069-bcfa-e6e168ca7adf
> 
> e7ff0aff-4f25-4279-92d8-1f4928dcabb7
> 0
> 
> /rhev/data-center/mnt/192.168.0.15:_volume1_rhv/200ee819-d377-4069-bcfa-e6e168ca7adf/images/e7ff0aff-4f25-4279-92d8-1f4928dcabb7/91620241-bcb5-4177-ace1-918050841d0c.lease
> 
> /rhev/data-center/mnt/192.168.0.15:_volume1_rhv/200ee819-d377-4069-bcfa-e6e168ca7adf/images/e7ff0aff-4f25-4279-92d8-1f4928dcabb7/91620241-bcb5-4177-ace1-918050841d0c
> 
> 91620241-bcb5-4177-ace1-918050841d0c
> 
> 
> 
> 
> 
> 
> 
> 
> 1048576
> 
> 
>   
>   16777216
>   4194304
>   4194304
>   
> 
>   
> 
>   
>   32
>   1
>   
> /machine
>   
>   
> 
>   Red Hat
>   RHEV Hypervisor
>   7.6-4.el7
>   20ba27d8-a49a-2a45-b993-0cd2851eea03
>   27e8e6b0-62a9-4acd-8d88-0c777adb6dc1
> 
>   
>   
> hvm
> 
> 
> 
>   
>   
> 
>   
>   
> SandyBridge
> 
> 
> 
> 
> 
> 
> 
> 
> 
>   
> 
>   
>   
> 
> 
> 
>   
>   destroy
>   restart
>   destroy
>   
> 
> 
>   
>   
> /usr/libexec/qemu-kvm
> 
>io='threads'/>
>file='/rhev/data-center/mnt/192.168.0.15:_volume1_rhv/200ee819-d377-4069-bcfa-e6e168ca7adf/images/e7ff0aff-4f25-4279-92d8-1f4928dcabb7/91620241-bcb5-4177-ace1-918050841d0c'/>
>   
>   
>   e7ff0aff-4f25-4279-92d8-1f4928dcabb7
>   
>   
> 
> 
>   
>   
>   
>   
>   
>   
> 
> 
>   
>function='0x2'/>
> 
> 
>   
>function='0x1'/>
> 
> 
>   
>function='0x0'/>
> 
> 
>   
>   
>function='0x0'/>
> 
> 
>   
> 
> 
>   
>   
>   
>  function='0x0'/>
>   
>   
> 
>   
>   
>function='0x0'/>
> 
> 
>   
>   
>   
>  function='0x0'/>
>   
>   
> 
>   
>   
>function='0x0'/>
> 
> 
>path='/var/run/ovirt-vmconsole-console/27e8e6b0-62a9-4acd-8d88-0c777adb6dc1.sock'/>
>   
> 
>   
>   
> 
> 
>path='/var/run/ovirt-vmconsole-console/27e8e6b0-62a9-4acd-8d88-0c777adb6dc1.sock'/>
>   
>   
> 
> 
>path='/var/lib/libvirt/qemu/channels/27e8e6b0-62a9-4acd-8d88-0c777adb6dc1.ovirt-guest-agent.0'/>
>   
>   
>   
> 
> 
>

[ovirt-users] Re: How to fix ovn apparent inconsistency?

2019-03-22 Thread Dominik Holler

On Fri, 22 Mar 2019 16:14:59 +0100
Gianluca Cecchi  wrote:

> On Fri, Mar 22, 2019 at 3:21 PM Dominik Holler  wrote:
> 
> >
> > > I'm now able to create/attach an ovn based nic to a VM, but if I try to
> > > power on this VM I get an error in web admin gui
> > >
> > > Failed to run VM p2vorasvi11
> > >
> > > and in engine.log:
> > >
> > > 2019-03-22 14:30:34,498+01 ERROR
> > > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> > > (ForkJoinPool-1-worker-5) [] EVENT_ID: VM_DOWN_ERROR(119), VM p2vorasvi11
> > > is down with error. Exit message: Hook Error: ('',).
> > >
> > > If I put a standard nic the VM is able to start without problem.
> > > Full log in engine.log during startup here:
> > >
> > https://drive.google.com/file/d/1vDY64QaRkb8LWHJ9gD16bsJlyovISNwr/view?usp=sharing
> > >
> >
> > Can you please share the relevant part of vdsm.log, too?
> >
> >
> >
> It seems this below regarding sudo and password required for it:
> 
> 2019-03-22 14:30:30,247+0100 INFO  (jsonrpc/6) [jsonrpc.JsonRpcServer] RPC
> call Host.getStats succeeded in 0.05 seconds (__init__:312)
> 2019-03-22 14:30:33,667+0100 INFO  (vm/e54f8a2d) [root]
> /usr/libexec/vdsm/hooks/before_device_create/20_ovirt_provider_ovn_vhostuser_hook:
> rc=1 err=Traceback (most recent call last):
>   File
> "/usr/libexec/vdsm/hooks/before_device_create/20_ovirt_provider_ovn_vhostuser_hook",
> line 134, in 
> main()
>   File
> "/usr/libexec/vdsm/hooks/before_device_create/20_ovirt_provider_ovn_vhostuser_hook",
> line 120, in main
> if not is_netdev_datapath():
>   File
> "/usr/libexec/vdsm/hooks/before_device_create/20_ovirt_provider_ovn_vhostuser_hook",
> line 110, in is_netdev_datapath
> data, headings = list_ovs_table('bridge')
>   File
> "/usr/libexec/vdsm/hooks/before_device_create/20_ovirt_provider_ovn_vhostuser_hook",
> line 42, in list_ovs_table
> exec_cmd('ovs-vsctl', '--format=json', 'list', table)[0]
>   File
> "/usr/libexec/vdsm/hooks/before_device_create/20_ovirt_provider_ovn_vhostuser_hook",
> line 36, in exec_cmd
> (args, err))
> RuntimeError: Failed to execute ('ovs-vsctl', '--format=json', 'list',
> 'bridge'), due to: ['sudo: a password is required']
>  (hooks:114)
> 2019-03-22 14:30:33,733+0100 INFO  (vm/e54f8a2d) [root]
> /usr/libexec/vdsm/hooks/before_device_create/50_macspoof: rc=0 err=
> (hooks:114)
> 2019-03-22 14:30:33,802+0100 INFO  (vm/e54f8a2d) [root]
> /usr/libexec/vdsm/hooks/before_device_create/50_vmfex: rc=0 err= (hooks:114)
> 2019-03-22 14:30:33,803+0100 ERROR (vm/e54f8a2d) [virt.vm]
> (vmId='e54f8a2d-432f-41f6-95b2-7bca3e5ebb4b') The vm start process failed
> (vm:937)
> Traceback (most recent call last):
>   File "/usr/lib/python2.7/site-packages/vdsm/virt/vm.py", line 866, in
> _startUnderlyingVm
> self._run()
>   File "/usr/lib/python2.7/site-packages/vdsm/virt/vm.py", line 2842, in
> _run
> self._buildDomainXML(),
>   File "/usr/lib/python2.7/site-packages/vdsm/virt/vm.py", line 2265, in
> _buildDomainXML
> dom, self.id, self._custom)
>   File "/usr/lib/python2.7/site-packages/vdsm/virt/domxml_preprocess.py",
> line 243, in replace_device_xml_with_hooks_xml
> dev_custom)
>   File "/usr/lib/python2.7/site-packages/vdsm/common/hooks.py", line 138,
> in before_device_create
> params=customProperties)
>   File "/usr/lib/python2.7/site-packages/vdsm/common/hooks.py", line 124,
> in _runHooksDir
> raise exception.HookError(err)
> HookError: Hook Error: ('',)

Thanks for raising this.
I created https://bugzilla.redhat.com/1691933 to track this.

Do you uninstalled vdsm-hook-openstacknet?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/W252WLQ4EX24O4M4SFGFP3MNTMR4BRGN/

[ovirt-users] Re: VM bandwidth limitations

2019-04-04 Thread Dominik Holler

On Sun, 10 Mar 2019 13:45:59 -0400
John Florian  wrote:

> In my oVirt deployment at home, I'm trying to minimize the amount of
> physical HW and its 24/7 power draw.  As such I have the NFS server for
> my domain virtualized.  This is not used for oVirt's SD, but rather the
> NFS server's back-end storage comes from oVirt's SD.  To maximize the
> performance of my NFS server, do I still need to use bonded NICs to
> increase bandwidth like I would a physical server or does the
> VirtIO-SCSI stuff magically make this unnecessary? 

This depends on the scenario.
Bonding two VirtIO vNICs connected to the same network would be not
increase the throughput, since a single vNIC has by default no
artificial bandwidth limit.
But bonding two SR-IOV VF on two different NICs might be increase the
performance.
 

> In my head I can argue it both ways,

You are welcome to share.

> but have never seen it stated one way or the other,
> oddly.
> 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/6TO6ZF4XFM2K4AHYT4TDQKYJ2LUIL6VE/

[ovirt-users] Re: remote-viewer can not display console properly

2019-04-08 Thread Dominik Holler


Can you please check, if the host (e.g. ping ) and the TCP port
for SSL (e.g. nc -z -v  ) mentioned in the console.vv,
which describes the connection settings to the display, are reachable
from your client?




On Sun, 7 Apr 2019 09:04:50 +0800 (CST)
裴旭斌-运维-省公司  wrote:

> I'm using Spice and access it from admin portal.
> 
> 
> Thanks.
> 
> 
> 
>  
>  
> 邮件原文
> 发件人：Strahil  
> 收件人：users  ,pxb  
> 抄　送: (无)
> 发送时间：2019-04-07 01:21:50
> 主题：Re: [ovirt-users] remote-viewer can not display console properly
> 
> Which type of console are you using ? Spice or VNC?
> Are you accessing it from admin portal or VM portal?
> 
> Best Regards,
> Strahil NikolovOn Apr 6, 2019 20:07, p...@zj.sgcc.com.cn wrote:
> >
> > I installed ovirt 4.2.8 on centos7,hosts and vms runs norml. However, the 
> > virtual machine console often does not display properly. When I open the 
> > console, only "connected to graphic server" is displayed.
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> > oVirt Code of Conduct: 
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives: 
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/GNXWBQLPII5ACXQTVEKQ6RIL3FB7T5EL/
> 
> Subject：Re: [ovirt-users] remote-viewer can not display console properly
> 
> 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/MJETLI65BX6T5RRDKXUPCI7L66DCIIT7/

[ovirt-users] Re: How to fix ovn apparent inconsistency?

2019-03-23 Thread Dominik Holler

On Sat, 23 Mar 2019 15:19:06 +0100
Gianluca Cecchi  wrote:

> On Fri, Mar 22, 2019 at 10:19 PM Dominik Holler  wrote:
> 
> >
> > > in _runHooksDir
> > > raise exception.HookError(err)
> > > HookError: Hook Error: ('',)
> >
> > Thanks for raising this.
> > I created https://bugzilla.redhat.com/1691933 to track this.
> >
> > Do you uninstalled vdsm-hook-openstacknet?
> >
> 
> No.
> It seems to me this package had never got installed but in 4.2.x OVN
> external network provider worked.
> The environment was created at beginning 2017 with 4.0.6 and then gradually
> updated, now at 4.3.2.
> OVN originally installed when in 4.1.0 with the manual way before official
> inclusion in engine-setup
> 
> [root@ov300 ~]# rpm -q vdsm-hook-openstacknet
> package vdsm-hook-openstacknet is not installed
> [root@ov300 ~]#
> 
> [root@ov300 ~]# ll -rt /var/log/yum.log*
> -rw---. 1 root root 63893 Sep 29  2017 /var/log/yum.log-20180101
> -rw---. 1 root root 13840 Feb  9  2018 /var/log/yum.log-20180326
> -rw---. 1 root root 43106 Nov 22 11:47 /var/log/yum.log-20190101
> -rw---. 1 root root 38473 Mar  5 13:46 /var/log/yum.log-20190306
> -rw---. 1 root root  5018 Mar 22 14:11 /var/log/yum.log
> [root@ov300 ~]#
> 
> [root@ov300 ~]# grep vdsm-hook-openstacknet /var/log/yum.log*
> [root@ov300 ~]#
> 
> And the same for the other two hosts
> I can confirm that if I install that package (no vdsm restart):
> 
> Installing:
>  vdsm-hook-openstacknet  noarch
> 4.30.11-1.el7   ovirt-4.3   14 k
> 
> The VM with OVN network card on ovn192 is able to boot now and I have the
> vnet1 interface on ov300
> 
> [root@ov300 ~]# ovs-vsctl show
> f1a41e9c-16fb-4aa2-a386-2f366ade4d3c
> Bridge br-int
> fail_mode: secure
> Port br-int
> Interface br-int
> type: internal
> Port "ovn-b8872a-0"
> Interface "ovn-b8872a-0"
> type: geneve
> options: {csum="true", key=flow, remote_ip="10.4.192.34"}
> Port "ovn-1dce5b-0"
> Interface "ovn-1dce5b-0"
> type: geneve
> options: {csum="true", key=flow, remote_ip="10.4.192.32"}
> Port "vnet1"
> Interface "vnet1"
> ovs_version: "2.10.1"
> [root@ov300 ~]#
> 
> [root@ovmgr1 ~]# ovn-sbctl show
> Chassis "ddecf0da-4708-4f93-958b-6af365a5eeca"
> hostname: "ov300.datacenter.polimi.it"
> Encap geneve
> ip: "10.4.192.33"
> options: {csum="true"}
> Port_Binding "84c78095-744c-4415-805f-5f739af3d4d3"
> Chassis "1dce5b7c-a9fc-4ddb-99b4-e2c9e0fa54c5"
> hostname: "ov200.datacenter.polimi.it"
> Encap geneve
> ip: "10.4.192.32"
> options: {csum="true"}
> Chassis "b8872ab5-4606-4a79-b77d-9d956a18d349"
> hostname: "ov301.datacenter.polimi.it"
> Encap geneve
> ip: "10.4.192.34"
> options: {csum="true"}
> [root@ovmgr1 ~]#
> 
> And on engine:
> [root@ovmgr1 ~]# ovn-nbctl show
> switch fc2fc4e8-ff71-4ec3-ba03-536a870cd483
> (ovirt-ovn192-1e252228-ade7-47c8-acda-5209be358fcf)
> port 84c78095-744c-4415-805f-5f739af3d4d3
> addresses: ["00:1a:4a:17:01:53 dynamic"]
> switch 9e77163a-c4e4-4abf-a554-0388e6b5e4ce
> (ovirt-ovn172-4ac7ba24-aad5-432d-b1d2-672eaeea7d63)
> [root@ovmgr1 ~]#
> 
> So at the end it could be a missing dependency during install of new
> packages?
> 

Not by intention. If vdsm-hook-openstacknet is installed, a file in
/etc/sudoers.d/ is created, which allows vdsm to call ovs-vsctl without
restricted parameters.
/etc/sudoers.d/50_vdsm_hook_ovirt_provider_ovn_hook of ovirt-provider-ovn-driver
should allow vdsm to call ovs-vsctl with all required parameters, but
it does not. This is why I created bug 1691933.
In the newer installations I checked vdsm-hook-openstacknet was
installed and hides the bug.
Maybe there are upgrade paths, which results in scenarios, where
vdsm-hook-openstacknet is not installed, which should be fine, but shows
the bug.


> I have to dig a bit more, because from first tests if I start another VM on
> the same ovn192 network also on the same host they are not able to
> communicate
> Possibly an iptables misconfiguration on host?
> 

Just to understand the error, would you please check if
/var/log/openvswitch/ovn-controller.log
or any other logfile in the same directory contains any hints?

Wo

[ovirt-users] Re: Node losing management network address?

2019-02-26 Thread Dominik Holler

On Mon, 25 Feb 2019 13:46:59 +0200
Juhani Rautiainen  wrote:

> Hi!
> 
> I had weird occurence in my two node ovirt cluster today (I have HE).
> I noticed that one node had ovirtmgmt network unsynchronized. I tried
> to resynchronize it. This led the node being rebooted by HP ILO. After
> reboot the node came up with DHCP address. Tried to change it back by
> fixing ifcfg-ovirtmgmt to original static address.

How did you fix? By ovirt-engine's web UI, REST-API or by modifying a
config file on the host, or cockpit?

> It reverter back to
> DHCP if I tried the resync the network. I decided to remove HE from
> the node in order to remove the node in order to be able to add it
> back. After I started HE removal, address popped back to static
> address. I did upgrade which was pending on node and after reboot it
> came back with DHCP address again. After this I removed the node from
> the cluster, added it back and now it seems to work. I'm just
> wondering how I prevent this from happening again?

If you would share the vdsm.log files containing the relevant flow, this
would help to understand what happened.

> How this unsync
> situation happens for instance and why it decides that DHCP is the way
> to go?
> 
> -Juhani
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/G5K6WJXAUENHV63QSWQIZLO74FDGBLTY/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/HY23H4MRZNUONGN32SM5IF2JCJSDUZ3P/

[ovirt-users] Re: Node losing management network address?

2019-02-27 Thread Dominik Holler

On Wed, 27 Feb 2019 13:24:14 +0200
Juhani Rautiainen  wrote:

> On Wed, Feb 27, 2019 at 10:49 AM Dominik Holler  wrote:
> >
> 
> > > I just copied that ifcfg-ovirtmgmt file from second node and fixed
> > > IP-address to correct one before doing ifdown/ifup. That file had
> > > changed to DHCP so my instinct was trying to correct that one.
> > >
> >
> > Please let oVirt doing the work for you. If you interface to oVirt is
> > the web UI, please use the dialog "Edit Managment Network: ovirtmgmt"
> > which opens by clicking on the pencil symbol next to ovirtmgmt in
> > Compute > Hosts > xxx > Network Interfaces > Setup Host Networks
> > This will enable oVirt to recognize this change as intended.
> 
> Problem was that oVirt couldn't do the work anymore. It had for some
> reason switched that node to using DHCP addresses. DHCP gave totally
> different address to the node which was not known by ovirt engine.
> This is why I tried above change because I had lost connections to
> node after the resync. I had to use HP ILO console to see what's going
> on and found out that it had switched to DHCP and had wrong. And it
> used ILO fencing to boot the server because it couldn't reach it
> (which took many aftive vm's down). After the boot it still couldn't
> connect because address was still given by DHCP.

You did the right thing to establish a temporary connection of host and
engine. As soon as the engine is able to communicate with the host,
oVirt's web ui (or REST-API) should be used to configure the management
network address and to ensure, that the host is in sync with oVirt's config.

> What I'm wondering
> why it switched to DHCP when it had had static since first minute?
> 

This is a valid question.

> > > I noticed that one node had ovirtmgmt network unsynchronized. I tried

oVirt detected a difference between the expected configuration and applied
configuration. This might happen if the interface configuration is change
directly on the host instead of using oVirt Engine.

> > > to resynchronize it.

If you have the vdsm.log, the relevant lines start at the pattern
Calling 'Host.setupNetworks'
and ends at the pattern
FINISH getCapabilities

> > > This led the node being rebooted by HP ILO. After
> > > reboot the node came up with DHCP address. 

I have no idea why this happened, maybe there is a trace
in /var/log/messages ?

VDSM would revert a change in management networking configuration,
if after the change communication to engine is broken.
But if the host is rebooted during the change, there might be a
problem.
If you think you triggered
Bug 1664106 - [Network] Host reboot while setup networks leads to host stuck on 
status 'connecting'
you logfiles would be very helpful, if they are attached to the bug.
Thanks!

> >
> > Maybe no required anymore, since you described very precise what you
> > did.
> 
> Or not clearly enough.
> 
> Thanks,
> -Juhani
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/DYJ76YVMW2W5MOR43XSAEUOMELZ7MUOK/

[ovirt-users] Re: Node losing management network address?

2019-02-27 Thread Dominik Holler

On Wed, 27 Feb 2019 08:52:24 +0200
Juhani Rautiainen  wrote:

> On Tue, Feb 26, 2019 at 12:05 PM Dominik Holler  wrote:
> >
> > On Mon, 25 Feb 2019 13:46:59 +0200
> > Juhani Rautiainen  wrote:
> >
> > > Hi!
> > >
> > > I had weird occurence in my two node ovirt cluster today (I have HE).
> > > I noticed that one node had ovirtmgmt network unsynchronized. I tried
> > > to resynchronize it. This led the node being rebooted by HP ILO. After
> > > reboot the node came up with DHCP address. Tried to change it back by
> > > fixing ifcfg-ovirtmgmt to original static address.
> >
> > How did you fix? By ovirt-engine's web UI, REST-API or by modifying a
> > config file on the host, or cockpit?
> 
> I just copied that ifcfg-ovirtmgmt file from second node and fixed
> IP-address to correct one before doing ifdown/ifup. That file had
> changed to DHCP so my instinct was trying to correct that one.
> 

Please let oVirt doing the work for you. If you interface to oVirt is
the web UI, please use the dialog "Edit Managment Network: ovirtmgmt"
which opens by clicking on the pencil symbol next to ovirtmgmt in
Compute > Hosts > xxx > Network Interfaces > Setup Host Networks
This will enable oVirt to recognize this change as intended.

> >
> > If you would share the vdsm.log files containing the relevant flow, this
> > would help to understand what happened.
> 
> Can I upload these somewhere? I can find the vdsm logs from the
> failure time frame. From engine logs I can see that EVENT_ID:
> VDS_NETWORKS_OUT_OF_SYNC(1,110) started weeks earlier (February 6th).
> The problem really just flared when I noticed it and tried to resync.
> There are not old enough vdsm logs to see what happened back then.
> This event continues daily so is there anything on vdsm logs which is
> connected to that event that I could dig for? Just noticed that this
> is pretty much the date I upgraded cluster from 4.2.8 to 4.3.
> 

Maybe no required anymore, since you described very precise what you
did.

> Thanks,
> Juhani
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/75HVUDC4BTRDLGJLPH4AFEKPSTGZ7C5W/

[ovirt-users] Re: Host choice when migrating VMs

2019-02-22 Thread Dominik Holler

On Fri, 22 Feb 2019 15:02:10 +0100 (CET)
Karli Sjöberg  wrote:

> 
> 
> Den 22 feb. 2019 09:24 skrev Nicolas Ecarnot :
> Hello,
> > 
> > I'm almost sure the following is useless as I think I know how it's
> > working, but as I'm preparing a major change in our infrastructure, I'd
> > rather be sure and not mess up. And also to be sure.
> > (Just to be sure)
> > 
> > For some reasons, and for the first time in our infra., one of our new
> > DC will temporary include heterogeneous hosts : some networks will be
> > available only on parts of them.
> > 

Should work.

> Hosts _needs_ the same networks to be available in the same cluster. 
> Different networked hosts needs to be put in a separate cluster.
> 

This is the most straight approach, which is supported by oVirt.
But there is the possibility to attach logical networks, which are
neither required in the cluster, nor attached to all hosts in the
cluster, to a VM. oVirt's scheduling will respect this.
Of course this introduces some obvious limitations, e.g. you cannot
hotplug a network to a VM, which runs on a host, which is not connected
to this network or neither you nor oVirt can schedule a VM to a host,
which does not provide all the networks attached to the VM.

If you want to be even more sure, the reference to the relevant source
https://github.com/oVirt/ovirt-engine/blob/7d111f3aa089f77f92049f4d3ec792e5ff7e5324/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/scheduling/policyunits/NetworkPolicyUnit.java#L132


> /K
> 
> 
> > Please may someone confirm me that with every load balancing / VM
> > startup / VM migration / host choice, oVirt will smartly choose the
> > available host equipped with the adequate networks?
> > 
> > --
> > Nicolas ECARNOT
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> > oVirt Code of Conduct: 
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives: 
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/QGX3PHA4T3SXXDTYZ4VGY6UHECO7P6V5/
> > 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OAO3TSWWPXX3SUXOIOLTARDYD4OEE3W4/

[ovirt-users] Re: Host choice when migrating VMs

2019-02-22 Thread Dominik Holler

On Fri, 22 Feb 2019 15:50:23 +0100 (CET)
Karli Sjöberg  wrote:

> 
> 
> Den 22 feb. 2019 15:48 skrev Dominik Holler :
> On Fri, 22 Feb 2019 15:46:00 +0100 (CET)
> > Karli Sjöberg wrote:
> > 
> > >
> > >
> > > Den 22 feb. 2019 15:35 skrev Dominik Holler :
> > > On Fri, 22 Feb 2019 15:02:10 +0100 (CET)
> > > > Karli Sjöberg wrote:
> > > >
> > > > >
> > > > >
> > > > > Den 22 feb. 2019 09:24 skrev Nicolas Ecarnot :
> > > > > Hello,
> > > > > >
> > > > > > I'm almost sure the following is useless as I think I know how it's
> > > > > > working, but as I'm preparing a major change in our infrastructure, 
> > > > > > I'd
> > > > > > rather be sure and not mess up. And also to be sure.
> > > > > > (Just to be sure)
> > > > > >
> > > > > > For some reasons, and for the first time in our infra., one of our 
> > > > > > new
> > > > > > DC will temporary include heterogeneous hosts : some networks will 
> > > > > > be
> > > > > > available only on parts of them.
> > > > > >
> > > >
> > > > Should work.
> > > >
> > > > > Hosts _needs_ the same networks to be available in the same cluster. 
> > > > > Different networked hosts needs to be put in a separate cluster.
> > > > >
> > > >
> > > > This is the most straight approach, which is supported by oVirt.
> > > > But there is the possibility to attach logical networks, which are
> > > > neither required in the cluster, nor attached to all hosts in the
> > > > cluster, to a VM. oVirt's scheduling will respect this.
> > > >
> > > So you're saying oVirt knows which other hosts in the cluster have the 
> > > non-mandatory network(s) the VM has and only chooses between those a host 
> > > to migrate the VM to?
> > >
> > 
> > Yes. If you try to trigger the migration manually, UI will provide you
> > the list of possible hosts to migrate the VM.
> > 
> Well, what about automatically migrated VM's?
> 

The same rules apply.

> /K
> 
> 
> > > /K
> > >
> > > Of course this introduces some obvious limitations, e.g. you cannot
> > > > hotplug a network to a VM, which runs on a host, which is not connected
> > > > to this network or neither you nor oVirt can schedule a VM to a host,
> > > > which does not provide all the networks attached to the VM.
> > > >
> > > > If you want to be even more sure, the reference to the relevant source
> > > > https://github.com/oVirt/ovirt-engine/blob/7d111f3aa089f77f92049f4d3ec792e5ff7e5324/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/scheduling/policyunits/NetworkPolicyUnit.java#L132
> > > >
> > > >
> > > > > /K
> > > > >
> > > > >
> > > > > > Please may someone confirm me that with every load balancing / VM
> > > > > > startup / VM migration / host choice, oVirt will smartly choose the
> > > > > > available host equipped with the adequate networks?
> > > > > >
> > > > > > --
> > > > > > Nicolas ECARNOT
> > > > > > ___
> > > > > > Users mailing list -- users@ovirt.org
> > > > > > To unsubscribe send an email to users-le...@ovirt.org
> > > > > > Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> > > > > > oVirt Code of Conduct: 
> > > > > > https://www.ovirt.org/community/about/community-guidelines/
> > > > > > List Archives: 
> > > > > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/QGX3PHA4T3SXXDTYZ4VGY6UHECO7P6V5/
> > > > > >
> > > >
> > > >
> > 
> > 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/C23VQXZZS6GS4OQS6JHWEOPVHLK73QCI/

[ovirt-users] Re: Host choice when migrating VMs

2019-02-22 Thread Dominik Holler

On Fri, 22 Feb 2019 15:46:00 +0100 (CET)
Karli Sjöberg  wrote:

> 
> 
> Den 22 feb. 2019 15:35 skrev Dominik Holler :
> On Fri, 22 Feb 2019 15:02:10 +0100 (CET)
> > Karli Sjöberg wrote:
> > 
> > >
> > >
> > > Den 22 feb. 2019 09:24 skrev Nicolas Ecarnot :
> > > Hello,
> > > >
> > > > I'm almost sure the following is useless as I think I know how it's
> > > > working, but as I'm preparing a major change in our infrastructure, I'd
> > > > rather be sure and not mess up. And also to be sure.
> > > > (Just to be sure)
> > > >
> > > > For some reasons, and for the first time in our infra., one of our new
> > > > DC will temporary include heterogeneous hosts : some networks will be
> > > > available only on parts of them.
> > > >
> > 
> > Should work.
> > 
> > > Hosts _needs_ the same networks to be available in the same cluster. 
> > > Different networked hosts needs to be put in a separate cluster.
> > >
> > 
> > This is the most straight approach, which is supported by oVirt.
> > But there is the possibility to attach logical networks, which are
> > neither required in the cluster, nor attached to all hosts in the
> > cluster, to a VM. oVirt's scheduling will respect this.
> > 
> So you're saying oVirt knows which other hosts in the cluster have the 
> non-mandatory network(s) the VM has and only chooses between those a host to 
> migrate the VM to?
> 

Yes. If you try to trigger the migration manually, UI will provide you
the list of possible hosts to migrate the VM.

> /K
> 
> Of course this introduces some obvious limitations, e.g. you cannot
> > hotplug a network to a VM, which runs on a host, which is not connected
> > to this network or neither you nor oVirt can schedule a VM to a host,
> > which does not provide all the networks attached to the VM.
> > 
> > If you want to be even more sure, the reference to the relevant source
> > https://github.com/oVirt/ovirt-engine/blob/7d111f3aa089f77f92049f4d3ec792e5ff7e5324/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/scheduling/policyunits/NetworkPolicyUnit.java#L132
> > 
> > 
> > > /K
> > >
> > >
> > > > Please may someone confirm me that with every load balancing / VM
> > > > startup / VM migration / host choice, oVirt will smartly choose the
> > > > available host equipped with the adequate networks?
> > > >
> > > > --
> > > > Nicolas ECARNOT
> > > > ___
> > > > Users mailing list -- users@ovirt.org
> > > > To unsubscribe send an email to users-le...@ovirt.org
> > > > Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> > > > oVirt Code of Conduct: 
> > > > https://www.ovirt.org/community/about/community-guidelines/
> > > > List Archives: 
> > > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/QGX3PHA4T3SXXDTYZ4VGY6UHECO7P6V5/
> > > >
> > 
> > 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/O42QHQSJTSWGBFUWOQPALSO457MP3SL4/

[ovirt-users] Re: Ovn command line issue

2019-03-01 Thread Dominik Holler

On Fri, 01 Mar 2019 08:30:18 -
"Akshita Jain"  wrote:

> I want to use ovn-nbctl ls-add command on ovirt engine to create the switch 
> but I'm not able to make communication between vms in switch created by above 
> command.
> Please tell me the exact procedure or any command which can be used to create 
> the switches by commands .

You can create the logical network in oVirt and the underlying OVN
switch in a single step via the oVirt's REST-API, please find an
example in
https://gist.github.com/dominikholler/be7286931c0ea26b14965a5f91783cd4

If you like to have more granularity in creating the OVN logical switch,
you can create the OVN logical switch via OpenStack Networking API on
the ovirt-provider-ovn and import the OpenStack network into oVirt as
logical network by oVirt REST-API or automatic synchronization.

If you prefer to use ansible, please find an example in
https://github.com/oVirt/ovirt-system-tests/blob/master/network-suite-master/ansible/roles/create-ovn-entities/tasks/main.yml

The python module 'openstack' can be used like this:

import openstack
cloud = openstack.connect(cloud='ovirt')
cloud.create_network('ovn_net')

The configuration if the python module 'openstack' is documented in
https://docs.openstack.org/python-openstackclient/pike/configuration/index.html
e.g. a file clouds.yaml in the working directory with content
similar to:
clouds:
  ovirt:
auth:
  auth_url: https://0.0.0.0:35357/v2.0
  password: '123456'
  username: admin@internal
verify: false

should do the trick.
Alternatively the configuration could be provided by the environment
variables: OS_USERNAME, OS_PASSWORD, OS_AUTH_URL
and OS_CACERT.

The same configuration works for the OpenStack command line:
openstack network create ovn_net

Does this help you to avoid the usage of "ovn-nbctl ls-add"?

> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/JYQUQICDPIU2YD57OKTLBXIRNWQVT2JH/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/R5TWCIVFKTYKQR4AGYKDN7IDJCLFMWB3/

[ovirt-users] Re: R: R: R: R: R: R: R: R: vm_network not sync

2019-03-22 Thread Dominik Holler

On Fri, 22 Mar 2019 12:14:12 +
Fabio Zaltron  wrote:

> Dominik, sorry...
> 

You are welcome to ask!

> I've a problem now for to install Windows2016...when i attach 
> virtio-win-0.1.1 and browse to viostor-2k16-amd64, this happens:
> 
> 

Would you please create a new thread, with a new subject to get the
attention of the related experts?
Thanks.


> 
> [cid:image001.jpg@01D4E0B1.268AF0A0]
> 
> 
> 
> And if i choice VIO-SCSI this:
> 
> 
> 
> [cid:image002.jpg@01D4E0B1.268AF0A0]
> 
> 
> 
> Zaltron Fabio
> 
> 
> 
> Via Rovigana, 34/A
> 
> 35043 Monselice (PD)
> 
> E-mail: f...@corelink.it
> 
> Tel: (+39) 0429 1702612
> 
> Mob: (+39) 349 1048723
> 
> Web: www.corelink.it
> 
> 
> 
> 
> 
> 
> 
> -Messaggio originale-
> Da: Dominik Holler 
> Inviato: venerdì 22 marzo 2019 12:25
> A: Fabio Zaltron 
> Cc: Miguel Duarte de Mora Barroso ; users 
> 
> Oggetto: Re: R: R: R: R: R: R: R: [ovirt-users] vm_network not sync
> 
> 
> 
> On Fri, 22 Mar 2019 10:58:56 +
> 
> Fabio Zaltron mailto:f...@corelink.it>> wrote:
> 
> 
> 
> > No, its not so...vm_network have ip from DHCP, so i cannot to remove ip...
> 
> 
> 
> Why not? Just set "Boot Protocol" to "None" in web ui "Setup Host Network" 
> and ensure that the assigned local network ovirtmgmt has the IP address of 
> the Hostname used to add the host to oVirt.
> 
> 
> 
> > If i set ovirtmgmt as default route, the vm_network came still out of 
> > sync... as the first time...
> 
> >
> 
> > Zaltron Fabio
> 
> >
> 
> > Via Rovigana, 34/A
> 
> > 35043 Monselice (PD)
> 
> > E-mail: f...@corelink.it<mailto:f...@corelink.it>
> 
> > Tel: (+39) 0429 1702612
> 
> > Mob: (+39) 349 1048723
> 
> > Web: www.corelink.it<http://www.corelink.it>
> 
> >
> 
> >
> 
> >
> 
> > -Messaggio originale-
> 
> > Da: Dominik Holler mailto:dhol...@redhat.com>>
> 
> > Inviato: venerdì 22 marzo 2019 11:51
> 
> > A: Fabio Zaltron mailto:f...@corelink.it>>
> 
> > Cc: Miguel Duarte de Mora Barroso 
> > mailto:mdbarr...@redhat.com>>; users
> 
> > mailto:users@ovirt.org>>
> 
> > Oggetto: Re: R: R: R: R: R: R: [ovirt-users] vm_network not sync
> 
> >
> 
> > On Fri, 22 Mar 2019 10:30:46 +
> 
> > Fabio Zaltron mailto:f...@corelink.it>> wrote:
> 
> >
> 
> > > Is not resolved, because now i still have ovirtmgmt lan out of sync...
> 
> > > Is there a solution for to have all network sync?
> 
> > >
> 
> >
> 
> > After you removed the IP address from vm_network on the host and assign the 
> > "Default Route" role back to ovirtmgmt, the networks should be in sync.
> 
> >
> 
> > > Zaltron Fabio
> 
> > >
> 
> > > Via Rovigana, 34/A
> 
> > > 35043 Monselice (PD)
> 
> > > E-mail: f...@corelink.it<mailto:f...@corelink.it>
> 
> > > Tel: (+39) 0429 1702612
> 
> > > Mob: (+39) 349 1048723
> 
> > > Web: www.corelink.it<http://www.corelink.it>
> 
> > >
> 
> > >
> 
> > >
> 
> > > -Messaggio originale-
> 
> > > Da: Dominik Holler mailto:dhol...@redhat.com>>
> 
> > > Inviato: venerdì 22 marzo 2019 11:28
> 
> > > A: Fabio Zaltron mailto:f...@corelink.it>>
> 
> > > Cc: Miguel Duarte de Mora Barroso 
> > > mailto:mdbarr...@redhat.com>>; users
> 
> > > mailto:users@ovirt.org>>
> 
> > > Oggetto: Re: R: R: R: R: R: [ovirt-users] vm_network not sync
> 
> > >
> 
> > > On Fri, 22 Mar 2019 09:38:33 +
> 
> > > Fabio Zaltron mailto:f...@corelink.it>> wrote:
> 
> > >
> 
> > > > If i set default route on vm_network or ovirtmgmt the VM that i create, 
> > > > can to browse Internet without problem... in each case, my dhcp server 
> > > > assign correctly the ip, gw and dns to Virtual Machine...
> 
> > >
> 
> > > Yes, oVirt provides just layer 2 networking to VMs (only external 
> > > networks provides some layer 3 functionality).
> 
> > >
> 
> > > So all layer 3 settings in
> 
> > > "Compute > Hosts > xxx > Network Interfaces > Setup Host Networks"
> 
> > > are related to host networking only, and unrelated to VM networking.
> 
> > >
> 
> > > Is you

[ovirt-users] Re: ovn-provider-network

2019-03-22 Thread Dominik Holler

On Fri, 15 Mar 2019 14:49:04 +
"Staniforth, Paul"  wrote:

> Thanks,
>   I can see now from "ovn-sbctl show" on the engine machine  that 
> 2 of our hosts haven't  deployed ovn
> 
> ● ovn-controller.service - OVN controller daemon
>Loaded: loaded (/usr/lib/systemd/system/ovn-controller.service; disabled; 
> vendor preset: disabled)
>Active: inactive (dead)
> This was one of the things that was confusing me
> 
> I'll see if I can deploy ovn without reinstalling, also is it possible to 
> change the deployment to use a different network rather than ovirtmgmt?
> 


Just to have this link available in the archive for other users in a
similar situation: The procedure is documented in
https://ovirt.org/documentation/admin-guide/chap-External_Providers.html#configuring-hosts-for-an-ovn-tunnel-network


> Regards,
> Paul S.
> 
> From: Miguel Duarte de Mora Barroso 
> Sent: 15 March 2019 11:28
> To: Staniforth, Paul
> Cc: users@ovirt.org
> Subject: Re: [ovirt-users] ovn-provider-network
> 
> On Thu, Mar 14, 2019 at 3:04 PM Staniforth, Paul
>  wrote:
> >
> > Thanks Miguel,
> >  if we configure it connect to a physical network 
> > and select the Data Centre Network  I assume it will create the overlay 
> > network on top of that logical network.
> 
> Let me clarify; the network on top of which it sets up the overlay is
> defined when the host is added, and is *only* used for inter-host
> communication. When within the same host, it simply uses the OVS
> bridge.
> 
> What (I think) you mean uses the localnet feature of OVN, where the
> packets leaving the OVS bridge are forwarded to the external logical
> network you configure.
> 
> These 2 concepts are unrelated.
> 
> 
> > Also is there any documentation about the ovn-provider-network architecture.
> >
> > Regards,
> > Paul S.
> > 
> > From: Miguel Duarte de Mora Barroso 
> > Sent: 14 March 2019 13:15
> > To: Staniforth, Paul
> > Cc: users@ovirt.org
> > Subject: Re: [ovirt-users] ovn-provider-network
> >
> > On Wed, Mar 13, 2019 at 10:08 PM Staniforth, Paul
> >  wrote:
> > >
> > > Hello,
> > >
> > >   we are using oVirt-4.2.8 and I have created a logical 
> > > network using the ovn-network-provider, I haven't configured it to 
> > > connect to a physical network.
> > >
> > >
> > > I have 2 VMs running on 2 hosts which can connect to each other this 
> > > logical network. The only connection between the hosts is over the 
> > > ovirtmgmt network so presumably the traffic is using this?
> >
> > Yes, OVN sets up an overlay network on top of ovirtmgmt network.
> >
> > >
> > >
> > > Thanks,
> > >
> > >Paul S.
> > >
> > > To view the terms under which this email is distributed, please go to:-
> > > http://leedsbeckett.ac.uk/disclaimer/email/
> > >
> > > ___
> > > Users mailing list -- users@ovirt.org
> > > To unsubscribe send an email to users-le...@ovirt.org
> > > Privacy Statement: 
> > > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.org%2Fsite%2Fprivacy-policy%2Fdata=02%7C01%7CP.Staniforth%40leedsbeckett.ac.uk%7Cc1a89b8a39764e42ed5a08d6a9395111%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C636882460976049145sdata=7Fn7bcDC1yOgjfKewdHjExwScVuw03joXYKx16G%2BMOM%3Dreserved=0
> > > oVirt Code of Conduct: 
> > > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.org%2Fcommunity%2Fabout%2Fcommunity-guidelines%2Fdata=02%7C01%7CP.Staniforth%40leedsbeckett.ac.uk%7Cc1a89b8a39764e42ed5a08d6a9395111%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C636882460976049145sdata=rUqtChv%2FOG7HHS8gySIpHsh3s9VrqO2GzrdTO08DL4Q%3Dreserved=0
> > > List Archives: 
> > > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.ovirt.org%2Farchives%2Flist%2Fusers%40ovirt.org%2Fmessage%2FB22LIMO6RI4SBYAOVDRWPQX3UUUYTUGL%2Fdata=02%7C01%7CP.Staniforth%40leedsbeckett.ac.uk%7Cc1a89b8a39764e42ed5a08d6a9395111%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C636882460976049145sdata=FtjV4dRfhlnZaJ2syoBcOCT8Nx9yS1UNjkBuX9aru0s%3Dreserved=0
> > To view the terms under which this email is distributed, please go to:-
> > http://leedsbeckett.ac.uk/disclaimer/email/
> To view the terms under which this email is distributed, please go to:-
> http://leedsbeckett.ac.uk/disclaimer/email/
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/YN5ZSTSH766Z565BEX372OLZNF2IAVOE/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to

[ovirt-users] Re: R: R: R: R: R: R: R: vm_network not sync

2019-03-22 Thread Dominik Holler

On Fri, 22 Mar 2019 10:58:56 +
Fabio Zaltron  wrote:

> No, its not so...vm_network have ip from DHCP, so i cannot to remove ip...

Why not? Just set "Boot Protocol" to "None" in web ui "Setup Host
Network" and ensure that the assigned local network ovirtmgmt has the IP address
of the Hostname used to add the host to oVirt.

> If i set ovirtmgmt as default route, the vm_network came still out of sync... 
> as the first time...
> 
> Zaltron Fabio
> 
> Via Rovigana, 34/A
> 35043 Monselice (PD)
> E-mail: f...@corelink.it
> Tel: (+39) 0429 1702612
> Mob: (+39) 349 1048723
> Web: www.corelink.it
> 
> 
> 
> -Messaggio originale-
> Da: Dominik Holler 
> Inviato: venerdì 22 marzo 2019 11:51
> A: Fabio Zaltron 
> Cc: Miguel Duarte de Mora Barroso ; users 
> 
> Oggetto: Re: R: R: R: R: R: R: [ovirt-users] vm_network not sync
> 
> On Fri, 22 Mar 2019 10:30:46 +
> Fabio Zaltron  wrote:
> 
> > Is not resolved, because now i still have ovirtmgmt lan out of sync...
> > Is there a solution for to have all network sync?
> >
> 
> After you removed the IP address from vm_network on the host and assign the 
> "Default Route" role back to ovirtmgmt, the networks should be in sync.
> 
> > Zaltron Fabio
> >
> > Via Rovigana, 34/A
> > 35043 Monselice (PD)
> > E-mail: f...@corelink.it
> > Tel: (+39) 0429 1702612
> > Mob: (+39) 349 1048723
> > Web: www.corelink.it
> >
> >
> >
> > -Messaggio originale-
> > Da: Dominik Holler 
> > Inviato: venerdì 22 marzo 2019 11:28
> > A: Fabio Zaltron 
> > Cc: Miguel Duarte de Mora Barroso ; users
> > 
> > Oggetto: Re: R: R: R: R: R: [ovirt-users] vm_network not sync
> >
> > On Fri, 22 Mar 2019 09:38:33 +
> > Fabio Zaltron  wrote:
> >
> > > If i set default route on vm_network or ovirtmgmt the VM that i create, 
> > > can to browse Internet without problem... in each case, my dhcp server 
> > > assign correctly the ip, gw and dns to Virtual Machine...
> >
> > Yes, oVirt provides just layer 2 networking to VMs (only external networks 
> > provides some layer 3 functionality).
> >
> > So all layer 3 settings in
> > "Compute > Hosts > xxx > Network Interfaces > Setup Host Networks"
> > are related to host networking only, and unrelated to VM networking.
> >
> > Is your initial problem solved now?
> >
> > >
> > > Zaltron Fabio
> > >
> > > Via Rovigana, 34/A
> > > 35043 Monselice (PD)
> > > E-mail: f...@corelink.it
> > > Tel: (+39) 0429 1702612
> > > Mob: (+39) 349 1048723
> > > Web: www.corelink.it
> > >
> > >
> > >
> > > -Messaggio originale-
> > > Da: Dominik Holler 
> > > Inviato: venerdì 22 marzo 2019 10:35
> > > A: Fabio Zaltron 
> > > Cc: Miguel Duarte de Mora Barroso ; users
> > > 
> > > Oggetto: Re: R: R: R: R: [ovirt-users] vm_network not sync
> > >
> > > On Fri, 22 Mar 2019 09:07:27 +
> > > Fabio Zaltron  wrote:
> > >
> > > > I've done "refresh capabilities", but at this moment i can to send you 
> > > > the vdsm.log in attach.
> > > >
> > >
> > > This vdsm.log is helpful, thanks.
> > > The relation of the default gateway to the networks is ambiguous, because 
> > > ovirtmgmt and vm_network are in the same IP network.
> > >
> > > Are you aware that vm_network might not require an IP address for 
> > > vm_network?
> > >
> > >
> > > >
> > > >
> > > > Zaltron Fabio
> > > >
> > > > Via Rovigana, 34/A
> > > > 35043 Monselice (PD)
> > > > E-mail: f...@corelink.it
> > > > Tel: (+39) 0429 1702612
> > > > Mob: (+39) 349 1048723
> > > > Web: www.corelink.it
> > > >
> > > >
> > > >
> > > > -Messaggio originale-
> > > > Da: Dominik Holler 
> > > > Inviato: venerdì 22 marzo 2019 09:50
> > > > A: Fabio Zaltron 
> > > > Cc: Miguel Duarte de Mora Barroso ; users
> > > > 
> > > > Oggetto: Re: R: R: R: [ovirt-users] vm_network not sync
> > > >
> > > > On Fri, 22 Mar 2019 08:32:29 + Fabio Zaltron 
> > > > wrote:
> > > >
> > > > > Here we are:
> > > > >
> > > > >
> > > > >
> > > > > [cid:image0

[ovirt-users] Re: R: R: R: R: R: R: R: R: vm_network not sync

2019-03-22 Thread Dominik Holler

On Fri, 22 Mar 2019 11:46:43 +
Fabio Zaltron  wrote:

> Ah ok, you're right...now i've set to none the vm_network and it seems all 
> ok... The VM, receive a ip from my dhcp and i can to browse...thanks
> 


Thanks for letting me know!

> Zaltron Fabio
> 
> Via Rovigana, 34/A
> 35043 Monselice (PD)
> E-mail: f...@corelink.it
> Tel: (+39) 0429 1702612
> Mob: (+39) 349 1048723
> Web: www.corelink.it
> 
> 
> 
> -Messaggio originale-
> Da: Dominik Holler 
> Inviato: venerdì 22 marzo 2019 12:25
> A: Fabio Zaltron 
> Cc: Miguel Duarte de Mora Barroso ; users 
> 
> Oggetto: Re: R: R: R: R: R: R: R: [ovirt-users] vm_network not sync
> 
> On Fri, 22 Mar 2019 10:58:56 +
> Fabio Zaltron  wrote:
> 
> > No, its not so...vm_network have ip from DHCP, so i cannot to remove ip...
> 
> Why not? Just set "Boot Protocol" to "None" in web ui "Setup Host Network" 
> and ensure that the assigned local network ovirtmgmt has the IP address of 
> the Hostname used to add the host to oVirt.
> 
> > If i set ovirtmgmt as default route, the vm_network came still out of 
> > sync... as the first time...
> >
> > Zaltron Fabio
> >
> > Via Rovigana, 34/A
> > 35043 Monselice (PD)
> > E-mail: f...@corelink.it
> > Tel: (+39) 0429 1702612
> > Mob: (+39) 349 1048723
> > Web: www.corelink.it
> >
> >
> >
> > -Messaggio originale-
> > Da: Dominik Holler 
> > Inviato: venerdì 22 marzo 2019 11:51
> > A: Fabio Zaltron 
> > Cc: Miguel Duarte de Mora Barroso ; users
> > 
> > Oggetto: Re: R: R: R: R: R: R: [ovirt-users] vm_network not sync
> >
> > On Fri, 22 Mar 2019 10:30:46 +
> > Fabio Zaltron  wrote:
> >
> > > Is not resolved, because now i still have ovirtmgmt lan out of sync...
> > > Is there a solution for to have all network sync?
> > >
> >
> > After you removed the IP address from vm_network on the host and assign the 
> > "Default Route" role back to ovirtmgmt, the networks should be in sync.
> >
> > > Zaltron Fabio
> > >
> > > Via Rovigana, 34/A
> > > 35043 Monselice (PD)
> > > E-mail: f...@corelink.it
> > > Tel: (+39) 0429 1702612
> > > Mob: (+39) 349 1048723
> > > Web: www.corelink.it
> > >
> > >
> > >
> > > -Messaggio originale-
> > > Da: Dominik Holler 
> > > Inviato: venerdì 22 marzo 2019 11:28
> > > A: Fabio Zaltron 
> > > Cc: Miguel Duarte de Mora Barroso ; users
> > > 
> > > Oggetto: Re: R: R: R: R: R: [ovirt-users] vm_network not sync
> > >
> > > On Fri, 22 Mar 2019 09:38:33 +
> > > Fabio Zaltron  wrote:
> > >
> > > > If i set default route on vm_network or ovirtmgmt the VM that i create, 
> > > > can to browse Internet without problem... in each case, my dhcp server 
> > > > assign correctly the ip, gw and dns to Virtual Machine...
> > >
> > > Yes, oVirt provides just layer 2 networking to VMs (only external 
> > > networks provides some layer 3 functionality).
> > >
> > > So all layer 3 settings in
> > > "Compute > Hosts > xxx > Network Interfaces > Setup Host Networks"
> > > are related to host networking only, and unrelated to VM networking.
> > >
> > > Is your initial problem solved now?
> > >
> > > >
> > > > Zaltron Fabio
> > > >
> > > > Via Rovigana, 34/A
> > > > 35043 Monselice (PD)
> > > > E-mail: f...@corelink.it
> > > > Tel: (+39) 0429 1702612
> > > > Mob: (+39) 349 1048723
> > > > Web: www.corelink.it
> > > >
> > > >
> > > >
> > > > -Messaggio originale-
> > > > Da: Dominik Holler 
> > > > Inviato: venerdì 22 marzo 2019 10:35
> > > > A: Fabio Zaltron 
> > > > Cc: Miguel Duarte de Mora Barroso ; users
> > > > 
> > > > Oggetto: Re: R: R: R: R: [ovirt-users] vm_network not sync
> > > >
> > > > On Fri, 22 Mar 2019 09:07:27 + Fabio Zaltron 
> > > > wrote:
> > > >
> > > > > I've done "refresh capabilities", but at this moment i can to send 
> > > > > you the vdsm.log in attach.
> > > > >
> > > >
> > > > This vdsm.log is helpful, thanks.
> > > > The relation of the default gateway to the networks is ambiguous, 
> > > > because ovirtmgm

[ovirt-users] Re: R: R: R: R: R: vm_network not sync

2019-03-22 Thread Dominik Holler

On Fri, 22 Mar 2019 09:38:33 +
Fabio Zaltron  wrote:

> If i set default route on vm_network or ovirtmgmt the VM that i create, can 
> to browse Internet without problem... in each case, my dhcp server assign 
> correctly the ip, gw and dns to Virtual Machine...

Yes, oVirt provides just layer 2 networking to VMs (only external
networks provides some layer 3 functionality).
So all layer 3 settings in
"Compute > Hosts > xxx > Network Interfaces > Setup Host Networks"
are related to host networking only, and unrelated to VM networking.

Is your initial problem solved now?

> 
> Zaltron Fabio
> 
> Via Rovigana, 34/A
> 35043 Monselice (PD)
> E-mail: f...@corelink.it
> Tel: (+39) 0429 1702612
> Mob: (+39) 349 1048723
> Web: www.corelink.it
> 
> 
> 
> -Messaggio originale-
> Da: Dominik Holler 
> Inviato: venerdì 22 marzo 2019 10:35
> A: Fabio Zaltron 
> Cc: Miguel Duarte de Mora Barroso ; users 
> 
> Oggetto: Re: R: R: R: R: [ovirt-users] vm_network not sync
> 
> On Fri, 22 Mar 2019 09:07:27 +
> Fabio Zaltron  wrote:
> 
> > I've done "refresh capabilities", but at this moment i can to send you the 
> > vdsm.log in attach.
> >
> 
> This vdsm.log is helpful, thanks.
> The relation of the default gateway to the networks is ambiguous, because 
> ovirtmgmt and vm_network are in the same IP network.
> 
> Are you aware that vm_network might not require an IP address for vm_network?
> 
> 
> >
> >
> > Zaltron Fabio
> >
> > Via Rovigana, 34/A
> > 35043 Monselice (PD)
> > E-mail: f...@corelink.it
> > Tel: (+39) 0429 1702612
> > Mob: (+39) 349 1048723
> > Web: www.corelink.it
> >
> >
> >
> > -Messaggio originale-
> > Da: Dominik Holler 
> > Inviato: venerdì 22 marzo 2019 09:50
> > A: Fabio Zaltron 
> > Cc: Miguel Duarte de Mora Barroso ; users
> > 
> > Oggetto: Re: R: R: R: [ovirt-users] vm_network not sync
> >
> > On Fri, 22 Mar 2019 08:32:29 +
> > Fabio Zaltron  wrote:
> >
> > > Here we are:
> > >
> > >
> > >
> > > [cid:image001.jpg@01D4E092.2F40CD10]
> > >
> >
> >
> > Thanks, looks like the host would have two default gateways, which is 
> > strange.
> >
> > Would you please trigger
> > Compute > Hosts > mini.corelink.it > Management > Refresh Capabilities and 
> > share the output of executing grep  "FINISH getCapabilities"  
> > /var/log/vdsm/vdsm.log | tail -n 1 on mini.corelink.it after triggering 
> > "Refresh Capabilities" ?
> >
> >
> > >
> > >
> > > Zaltron Fabio
> > >
> > >
> > >
> > > Via Rovigana, 34/A
> > >
> > > 35043 Monselice (PD)
> > >
> > > E-mail: f...@corelink.it
> > >
> > > Tel: (+39) 0429 1702612
> > >
> > > Mob: (+39) 349 1048723
> > >
> > > Web: www.corelink.it
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > -Messaggio originale-
> > > Da: Dominik Holler 
> > > Inviato: venerdì 22 marzo 2019 09:31
> > > A: Fabio Zaltron 
> > > Cc: Sandro Bonazzola ; Miguel Duarte de Mora
> > > Barroso ; users 
> > > Oggetto: Re: R: R: [ovirt-users] vm_network not sync
> > >
> > >
> > >
> > > On Fri, 22 Mar 2019 08:26:14 +
> > >
> > > Fabio Zaltron mailto:f...@corelink.it>> wrote:
> > >
> > >
> > >
> > > > Hi Dominik, i dont want that vm_network is used for default route...
> > >
> > > > My wm_network is in dhcp, but if a set default route on
> > > > vm_network,
> > >
> > > >
> > >
> > > >
> > >
> > > >
> > >
> > > > [cid:image001.png@01D4E091.50188150]
> > >
> > > >
> > >
> > > > the ovirtmgmt came out of sync...
> > >
> > > >
> > >
> > > >
> > >
> > > >
> > >
> > > > [cid:image002.png@01D4E091.50188150]
> > >
> > > >
> > >
> > > >
> > >
> > > >
> > >
> > > > And so i dont resolve nothing… 
> > >
> > > >
> > >
> > > >
> > >
> > >
> > >
> > > At least the vm_network is now in sync ;-) Would you please share a 
> > > screensh

[ovirt-users] Re: R: R: R: R: R: R: vm_network not sync

2019-03-22 Thread Dominik Holler

On Fri, 22 Mar 2019 10:30:46 +
Fabio Zaltron  wrote:

> Is not resolved, because now i still have ovirtmgmt lan out of sync...
> Is there a solution for to have all network sync?
> 

After you removed the IP address from vm_network on the host and assign
the "Default Route" role back to ovirtmgmt, the networks should be in sync.

> Zaltron Fabio
> 
> Via Rovigana, 34/A
> 35043 Monselice (PD)
> E-mail: f...@corelink.it
> Tel: (+39) 0429 1702612
> Mob: (+39) 349 1048723
> Web: www.corelink.it
> 
> 
> 
> -Messaggio originale-
> Da: Dominik Holler 
> Inviato: venerdì 22 marzo 2019 11:28
> A: Fabio Zaltron 
> Cc: Miguel Duarte de Mora Barroso ; users 
> 
> Oggetto: Re: R: R: R: R: R: [ovirt-users] vm_network not sync
> 
> On Fri, 22 Mar 2019 09:38:33 +
> Fabio Zaltron  wrote:
> 
> > If i set default route on vm_network or ovirtmgmt the VM that i create, can 
> > to browse Internet without problem... in each case, my dhcp server assign 
> > correctly the ip, gw and dns to Virtual Machine...
> 
> Yes, oVirt provides just layer 2 networking to VMs (only external networks 
> provides some layer 3 functionality).
> 
> So all layer 3 settings in
> "Compute > Hosts > xxx > Network Interfaces > Setup Host Networks"
> are related to host networking only, and unrelated to VM networking.
> 
> Is your initial problem solved now?
> 
> >
> > Zaltron Fabio
> >
> > Via Rovigana, 34/A
> > 35043 Monselice (PD)
> > E-mail: f...@corelink.it
> > Tel: (+39) 0429 1702612
> > Mob: (+39) 349 1048723
> > Web: www.corelink.it
> >
> >
> >
> > -Messaggio originale-
> > Da: Dominik Holler 
> > Inviato: venerdì 22 marzo 2019 10:35
> > A: Fabio Zaltron 
> > Cc: Miguel Duarte de Mora Barroso ; users
> > 
> > Oggetto: Re: R: R: R: R: [ovirt-users] vm_network not sync
> >
> > On Fri, 22 Mar 2019 09:07:27 +
> > Fabio Zaltron  wrote:
> >
> > > I've done "refresh capabilities", but at this moment i can to send you 
> > > the vdsm.log in attach.
> > >
> >
> > This vdsm.log is helpful, thanks.
> > The relation of the default gateway to the networks is ambiguous, because 
> > ovirtmgmt and vm_network are in the same IP network.
> >
> > Are you aware that vm_network might not require an IP address for 
> > vm_network?
> >
> >
> > >
> > >
> > > Zaltron Fabio
> > >
> > > Via Rovigana, 34/A
> > > 35043 Monselice (PD)
> > > E-mail: f...@corelink.it
> > > Tel: (+39) 0429 1702612
> > > Mob: (+39) 349 1048723
> > > Web: www.corelink.it
> > >
> > >
> > >
> > > -Messaggio originale-
> > > Da: Dominik Holler 
> > > Inviato: venerdì 22 marzo 2019 09:50
> > > A: Fabio Zaltron 
> > > Cc: Miguel Duarte de Mora Barroso ; users
> > > 
> > > Oggetto: Re: R: R: R: [ovirt-users] vm_network not sync
> > >
> > > On Fri, 22 Mar 2019 08:32:29 +
> > > Fabio Zaltron  wrote:
> > >
> > > > Here we are:
> > > >
> > > >
> > > >
> > > > [cid:image001.jpg@01D4E092.2F40CD10]
> > > >
> > >
> > >
> > > Thanks, looks like the host would have two default gateways, which is 
> > > strange.
> > >
> > > Would you please trigger
> > > Compute > Hosts > mini.corelink.it > Management > Refresh Capabilities 
> > > and share the output of executing grep  "FINISH getCapabilities"  
> > > /var/log/vdsm/vdsm.log | tail -n 1 on mini.corelink.it after triggering 
> > > "Refresh Capabilities" ?
> > >
> > >
> > > >
> > > >
> > > > Zaltron Fabio
> > > >
> > > >
> > > >
> > > > Via Rovigana, 34/A
> > > >
> > > > 35043 Monselice (PD)
> > > >
> > > > E-mail: f...@corelink.it
> > > >
> > > > Tel: (+39) 0429 1702612
> > > >
> > > > Mob: (+39) 349 1048723
> > > >
> > > > Web: www.corelink.it
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > -Messaggio originale-
> > > > Da: Dominik Holler 
> > > > Inviato: venerdì 22 marzo 2019 09:31
&g

[ovirt-users] Re: How to fix ovn apparent inconsistency?

2019-03-22 Thread Dominik Holler

On Fri, 22 Mar 2019 10:49:08 +0100
Gianluca Cecchi  wrote:

> On Thu, Mar 21, 2019 at 3:46 PM Gianluca Cecchi 
> wrote:
> 
> >
> > . . .
> >
> > I'm trying to add with name "MYOVN" from web admin gui: should I use
> > instead another name?
> >
> > Gianluca
> >
> >
> > Tried also this as detailed by Dominik, renewing certificates:
> https://www.mail-archive.com/users@ovirt.org/msg53697.html
> 
> Not understood what to do in step
> 2. Use the SSO_CLIENT_SECRET from the outfile produced by the previous
>command in
> /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
> "Use" in which way???
> 

use as  in

[OVIRT]
ovirt-sso-client-secret=

> I named with default "ovirt-provider-ovn" the OVN provider, after enabling
> debug in OVN I get thsi when I test the connection in web admin gui
> 
> 2019-03-22 10:40:41,917 root From: :::10.4.192.43:44744 Request: POST
> /v2.0/tokens
> 2019-03-22 10:40:41,918 root Request body:
> {"auth": {"passwordCredentials": {"username": "admin@internal", "password":
> ""}}}
> 2019-03-22 10:40:41,918 auth.plugins.ovirt.sso Connecting to oVirt engine's
> SSO module: https://ovmgr1.mydomain:443/ovirt-engine/sso/oauth/token
> 2019-03-22 10:40:41,918 auth.plugins.ovirt.sso Connecting to oVirt engine's
> SSO module: https://ovmgr1.mydomain:443/ovirt-engine/sso/oauth/token
> 2019-03-22 10:40:41,921 urllib3.connectionpool Starting new HTTPS
> connection (1): ovmgr1.mydomain
> 2019-03-22 10:40:46,961 urllib3.connectionpool https://ovmgr1.mydomain:443
> "POST /ovirt-engine/sso/oauth/token HTTP/1.1" 400 148
> 2019-03-22 10:40:46,964 root From: :::10.4.192.43:44744 Request: POST
> /v2.0/tokens
> 2019-03-22 10:40:46,964 root Request body:
> {"auth": {"passwordCredentials": {"username": "admin@internal", "password":
> ""}}}
> 2019-03-22 10:40:46,964 root Error during SSO authentication Cannot
> authenticate user 'admin@internal': Unable to log in. Verify your login
> information or contact the system administrator.. : access_denied
> Traceback (most recent call last):
>   File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 134,
> in _handle_request
> method, path_parts, content
>   File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line
> 175, in handle_request
> return self.call_response_handler(handler, content, parameters)
>   File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in
> call_response_handler
> return response_handler(content, parameters)
>   File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line
> 62, in post_tokens
> user_password=user_password)
>   File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 26, in
> create_token
> return auth.core.plugin.create_token(user_at_domain, user_password)
>   File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/plugin.py", line
> 48, in create_token
> timeout=self._timeout())
>   File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75,
> in create_token
> username, password, engine_url, ca_file, timeout)
>   File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91,
> in _get_sso_token
> timeout=timeout
>   File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 55,
> in wrapper
> _check_for_error(response)
>   File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 181,
> in _check_for_error
> result['error'], details))
> Unauthorized: Error during SSO authentication Cannot authenticate user
> 'admin@internal': Unable to log in. Verify your login information or
> contact the system administrator.. : access_denied
> 
> It seems I have not completely understood the link between SSO and
> admin@internal as a user for OVN authentication
> 

The ovirt-sso-client-id and ovirt-sso-client-secret is required, to
allow the ovirt-provider-ovn to connect to Engine's SSO for checking to
user visible username, e.g. admin@internal, and password.

I guess you are already aware of the doc in
https://github.com/oVirt/ovirt-provider-ovn/#section-ovirt

ovirt-provider-ovn does not store neither the user, e.g. admin@internal
password nor the session token, it is just forwarded to Engine's SSO to
check for validity.

If you are interested in the details, the session token is generated
by _get_sso_token in
https://github.com/oVirt/ovirt-provider-ovn/blob/master/provider/auth/plugins/ovirt/sso.py#L79
and validated by another method in
https://github.com/oVirt/ovirt-provider-ovn/blob/master/provider/auth/plugins/ovirt/sso.py#L125
where the ovirt-sso-client-id and ovirt-sso-client-secret are
used as client_id, client_secret.

In your case _get_sso_token is already failing, which does not use the
ovirt-sso-client-secret.

To solve this praticular issue, the provider in oVirt web admin ui
should use the usual oVirt password for admin@internal.


> Gianluca
___
Users mailing list -- users@ovirt.org
To unsubscribe send an

1 2 3 >

1 - 100 of 296 matches

Mail list logo