On Wed, Feb 9, 2022 at 7:52 AM Patrick Hibbs wrote:
> The certificates used in SPICE connections are stored on the VM hosts. By
> default they are at /etc/pki/vdsm/libvirt-spice, and configured by VDSM in
> /etc/libvirt/qemu.conf. Their default names are ca-cert.pem,
> server-cert.pem, and
On Wed, Feb 9, 2022 at 7:25 AM ravi k wrote:
> > you can use it from the engine under some conditions.
> > 1) You need to make sure that all hosts have this filter.
> > 2) You need to define this filter in engine DB otherwise you would need
> > some kind of hook to apply it.
>
> Thanks a lot for
> you can use it from the engine under some conditions.
> 1) You need to make sure that all hosts have this filter.
> 2) You need to define this filter in engine DB otherwise you would need
> some kind of hook to apply it.
Thanks a lot for that. If there's any doc that hints on how to define the
On Wed, Feb 9, 2022 at 6:54 AM ravi k wrote:
> Good people of the community,
>
Hi,
> Hope you are all doing well. We are exploring the network filters in oVirt
> to check if we can implement a zero-trust model at the network level. The
> intention is to have a filter which takes two
I need to upgrade my main domain storage (NFS) which hosts 100s of VMs and
templates including the hosted engine. Can I put the data center in global
maintenance, do a quick sync and swap of the domain storage and bring it back
up without missing a beat?
The certificates used in SPICE connections are stored on the VM hosts.
By default they are at /etc/pki/vdsm/libvirt-spice, and configured by
VDSM in /etc/libvirt/qemu.conf. Their default names are ca-cert.pem,
server-cert.pem, and server-key.pem. Using openssl x509 -noout -text -
in should show
Good people of the community,
Hope you are all doing well. We are exploring the network filters in oVirt to
check if we can implement a zero-trust model at the network level. The
intention is to have a filter which takes two parameters, IP and PORT. After
that there will be a 'deny all' rule.
On Wed, Feb 9, 2022 at 1:05 AM Strahil Nikolov
wrote:
> I have no clue , but I would give vdsm.service a restart.
>
Thanks again for the prompt response.
Tried that, restarted all services and the all the VMS, didn't work.
Any idea how I can verify the certificate information actually being
On Tue, Feb 8, 2022 at 10:41 PM Tim W. via Users wrote:
> I think I found the problem. The regex in
> 001_validate_network_interfaces.yml really wants there to be a number after
> the 'bond' identifier, i.e. bond0. However, the regex is as follows:
>
> bond_valid_name="{{ iface_item |
bond0 is the name of the bond. However, the output of the query to network
manager that is coming up is just 'bond'
[root@mustafar ~]# ip addr sho bond06: bond0:
mtu 1500 qdisc noqueue state UP group
default qlen 1000 link/ether [redacted] brd ff:ff:ff:ff:ff:ff inet
192.168.5.83/24
What is your bond name ?
On Tue, Feb 8, 2022 at 23:41, Tim W. via Users wrote: I
think I found the problem. The regex in 001_validate_network_interfaces.yml
really wants there to be a number after the 'bond' identifier, i.e. bond0.
However, the regex is as follows:
Or just add an exclude in /etc/dnf/dnf.conf
On Tue, Feb 8, 2022 at 18:32, Gilboa Davara wrote:
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement:
I have no clue , but I would give vdsm.service a restart.
Best Regards,Strahil Nikolov
On Tue, Feb 8, 2022 at 18:19, Gilboa Davara wrote:
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy
I think I found the problem. The regex in 001_validate_network_interfaces.yml
really wants there to be a number after the 'bond' identifier, i.e. bond0.
However, the regex is as follows:
bond_valid_name="{{ iface_item | regex_search('(^bond[0-9]+)') }}"
which will not return a good value
Thanks for your reply!
The only shell command in that script is the one you mentioned. Here is the
output:
[root@mustafar ~]# set -euo pipefail && nmcli -g GENERAL.TYPE device show
bond
ethernet
ethernet
ethernet
ethernet
loopback
___
Users
>
> [ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Fail if Engine IP is
> different from engine's he_fqdn resolved IP]
> [ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg":
> "Engine VM IP address is while the engine's he_fqdn
> ovirt-engine.mgmt.pss.local resolves to
Hello,
On Tue, Feb 8, 2022 at 5:39 PM Strahil Nikolov
wrote:
> From the web UI there is an option to to regenerate the certificate
> Compute -> Hosts -> Management -> Maintenance -> Installation -> Enroll
> certificate
>
> Also, if you have RH dev subscription , you can check
>
Can you execute the commands from
/usr/share/ansible/collections/ansible_collections/ovirt/ovirt/roles/hosted_engine_setup/tasks/filter_team_devices.yml
(on the Hypervisor) and share the output ?
The first task executes 'nmcli -g GENERAL.TYPE device show' shows all available
devices
Best
>From the web UI there is an option to to regenerate the certificate Compute ->
>Hosts -> Management -> Maintenance -> Installation -> Enroll certificate
Also, if you have RH dev subscription , you can check
https://access.redhat.com/solutions/3532921 for the manual approach.
Best
From the install script output:
...
[ INFO ] Checking available network interfaces:
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Execute just a specific set
of steps]
[ INFO ] ok: [localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Force facts gathering]
[ INFO ] ok:
While I have not answered your question directly, I would strongly advise
you just use ovirt-node
I went through similar build issues all the time. Ansible (well, whoever
wrote the playbook) can be finicky sometimes and I found when I deployed
ovirt-node I was done in under an hour with
On Tue, Feb 8, 2022 at 4:05 PM Charles Stellen wrote:
>
> Dear Ovirt Hackers,
>
> sorry: incidently send to de...@ovitr.org
>
> we are dealing with hosted engine deployment issue on a fresh AMD EPYC
> servers:
>
> and we are ready to donate hardware to Ovirt community after we pass
> this issue (
Hello.
I have been searching but not been able to find a solution.
As far as I could find the Storage Domain Type ISO is deprecated.
We have used this for hosting one central location for ISO images.
Everywhere I found they say to use a Data Domain.
But a Data Domain can not be attached to
Dear Ovirt Hackers,
sorry: incidently send to de...@ovitr.org
we are dealing with hosted engine deployment issue on a fresh AMD EPYC
servers:
and we are ready to donate hardware to Ovirt community after we pass
this issue ( :-) )
0/ base infra:
- 3 identical physical servers (produced in
> On 8. 2. 2022, at 6:14, Guillaume Pavese
> wrote:
>
> To replicate HCI without Gluster,
> is there a way to set up a Managed Block Storage (I think that means Ceph?)
> cluster hosted on the hypervisors, in a similar way as a Gluster Replica 3 ?
oVirt's MBS (CEPH) support is targeted for
Hello,
On Mon, Feb 7, 2022 at 4:14 PM Martin Perina wrote:
>
>> I don't know how, but the only errors I saw in the WebUI were update
>> related (failed to check updates on host).
>>
>
> That is not related to certificates errors used for engine <-> VDSM
> communication
>
> There was an error in
26 matches
Mail list logo
