Re: [ovirt-users] Can HA Agent control NFS Mount?

[Bob Doolittle]

It turns out I was wrong before. I don't have to start up Engine to get 
into this situation.


I did the following:

 * Turn on Global Maintenance
 * Engine init 0
 * Reboot node
 * Wait a few minutes
 * poweroff


I'll get the timeouts and hangs during shutdown again, and a reset 
instead of poweroff.


It's possible that somehow the system is coming out of Global 
Maintenance mode during shutdown, and the Engine VM is starting up and 
causing this issue.


I did the following.
1. hosted-engine --set-maintenance --mode=none
You can see the attached output from 'hosted-engine --vm-status' 
(hosted-engine.out) at this point, indicating that the system is in 
Global Maintenance


2. Waited 60 seconds, and checked sanlock
You can see the attached output of 'sanlock client status' 
(sanlock-status.out) at this point, showing the Engine VM locks being held


3. I stopped the vdsmd service (note that the first time I tried I got 
"Job for vdsmd.service cancelled", and re-issued the stop.
You can see the attached output of 'sanlock client status', and the 
following commands (output)


What's interesting and I didn't notice right away, is that after I 
stopped vdsmd the sanlock status started changing as if the locks were 
being manipulated.
After I stopped vdsmd, the HA services, and libvirtd, and waited 60 
seconds, I noticed the locks seemed to be changing state and that 
HostedEngine was listed. At that point I got suspicious and started 
vdsmd again so that I could recheck Global Maintenance mode, and I found 
that the system was no longer *in* maintenance, and that the Engine VM 
was running.


So I think this partly explains the situation. Somehow the act of 
stopping vdsmd is making the system look like it is *out* of Global 
Maintenance mode, and the Engine VM starts up while the system is 
shutting down. This creates new sanlock leases on the Engine VM storage, 
which prevents the system from shutting down cleanly. Oddly after a 
reboot Global Maintenance is preserved.


But there may be more going on. Even if I stop vdsmd, the HA services, 
and libvirtd, and sleep 60 seconds, I still see a lock held on the 
Engine VM storage:


daemon 6f3af037-d05e-4ad8-a53c-61627e0c2464.xion2.smar
p -1 helper
p -1 listener
p -1 status
s 
003510e8-966a-47e6-a5eb-3b5c8a6070a9:1:/rhev/data-center/mnt/xion2.smartcity.net\:_export_VM__NewDataDomain/003510e8-966a-47e6-a5eb-3b5c8a6070a9/dom_md/ids:0
s 
hosted-engine:1:/rhev/data-center/mnt/xion2\:_export_vm_he1/18eeab54-e482-497f-b096-11f8a43f94f4/ha_agent/hosted-engine.lockspace:0


It stays in this state however and HostedEngine doesn't grab a lock again.
In any case no matter what I do, it's impossible to shut the system down 
cleanly.


-Bob

On 06/13/2014 08:33 AM, Doron Fediuck wrote:

- Original Message -

From: "Andrew Lau"
To: "Bob Doolittle"
Cc: "users"
Sent: Friday, June 6, 2014 6:14:18 AM
Subject: Re: [ovirt-users] Can HA Agent control NFS Mount?

On Fri, Jun 6, 2014 at 1:09 PM, Bob Doolittle  wrote:

Thanks Andrew, I'll try this workaround tomorrow for sure. But reading
though that bug report (closed not a bug) it states that the problem should
only arise if something is not releasing a sanlock lease. So if we've
entered Global Maintenance and shut down Engine, the question is what's
holding the lease?

How can that be debugged?

For me it's wdmd and sanlock itself failing to shutdown properly. I
also noticed even when in global maintenance and the engine VM powered
off there is still a sanlock lease for the
/rhev/mnt/hosted-engine/? lease file or something along those
lines. So the global maintenance may not actually be releasing that
lock.

I'm not too familiar with sanlock etc. So it's like stabbing in the dark :(


Sounds like a bug since once the VM is off there should not
be a lease taken.

Please check if after a minute you still have a lease taken
according to:http://www.ovirt.org/SANLock#sanlock_timeouts

In this case try to stop vdsm and libvirt just so we'll know
who still keeps the lease.


-Bob

On Jun 5, 2014 10:56 PM, "Andrew Lau"  wrote:

On Mon, May 26, 2014 at 5:10 AM, Bob Doolittle
wrote:

On 05/25/2014 02:51 PM, Joop wrote:

On 25-5-2014 19:38, Bob Doolittle wrote:

Also curious is that when I say "poweroff" it actually reboots and
comes
up again. Could that be due to the timeouts on the way down?


Ah, that's something my F19 host does too. Some more info: if engine
hasn't been started on the host then I can shutdown it and it will
poweroff.
IF engine has been run on it then it will reboot.
Its not vdsm (I think) because my shutdown sequence is (on my f19
host):
  service ovirt-agent-ha stop
  service ovirt-agent-broker stop
  service vdsmd stop
  ssh root@engine01 "init 0"
init 0

I don't use maintenance mode because when I poweron my host (= my
desktop)
I want engine to power on automatically which it does most of the time
within 10 min.

For comparison, I see this issue and I *do* use maintenance mode
(because
presumably that

Re: [ovirt-users] Live Snapshot issue (once more) with the new QEMU Packages (V10) from CENTOS Updates

[Douglas Schilling Landgraf]

Hi Christian,

On 06/13/2014 04:02 PM, Christian Rebel wrote:

Hi all,

after today's CentOS "yum update", I had once more the Problem with LIVE
Snapshots due to the new "qemu packages".
Can anyone explain me why there is such a huge difference between the
"CENTOS QEMU Packages" and the "Jenkins RHEV qemu Packages".


CentOS package doesn't enable the rhev-features during the build of 
package. We are working with CentOS guys to get such build directly in 
CentOS Virt repo instead of in our jenkins server.


Threads about this topic in CentOS Virt SIG:
http://lists.centos.org/pipermail/centos-virt/2014-May/003832.html
http://lists.centos.org/pipermail/centos-virt/2014-June/003869.html
http://lists.centos.org/pipermail/centos-virt/2014-June/003883.html
http://lists.centos.org/pipermail/centos-virt/2014-June/003921.html



CENTOS QEMU = LIVE Snapshot failed (tested with qemu versions V8 and V10)
*   VDSErrorException: VDSGenericException: VDSErrorException: Failed to
SnapshotVDS, error = Snapshot failed, code = 48

JENKINS QEMU = LIVE Snapshots ok (tested with qemu versions V8 and V10)
*   Command CreateAllSnapshotsFromVm, Parameters Type
org.ovirt.engine.core.common.asynctasks.AsyncTaskParameters) returned status
finished, result 'success'.



Hi Karanbir, do you have any update on that topic?

Thanks!

--
Cheers
Douglas
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Live Snapshot issue (once more) with the new QEMU Packages (V10) from CENTOS Updates

[Christian Rebel]

Hi all,

after today's CentOS "yum update", I had once more the Problem with LIVE
Snapshots due to the new "qemu packages".
Can anyone explain me why there is such a huge difference between the
"CENTOS QEMU Packages" and the "Jenkins RHEV qemu Packages". 

CENTOS QEMU = LIVE Snapshot failed (tested with qemu versions V8 and V10)
*   VDSErrorException: VDSGenericException: VDSErrorException: Failed to
SnapshotVDS, error = Snapshot failed, code = 48

JENKINS QEMU = LIVE Snapshots ok (tested with qemu versions V8 and V10)
*   Command CreateAllSnapshotsFromVm, Parameters Type
org.ovirt.engine.core.common.asynctasks.AsyncTaskParameters) returned status
finished, result 'success'.

Thanks!
Christian



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Live Snapshot issue (once more) with the new QEMU Packages (V5.10) from CENTOS Updates

[Christian Rebel]

Hi all,

after today's CentOS "yum update", I had once more the Problem with LIVE
Snapshots due to the new "qemu packages".
Can anyone explain me why there is such a huge difference between the
"CENTOS QEMU Packages" and the "Jenkins RHEV qemu Packages". 

CENTOS QEMU = LIVE Snapshot failed (tested with qemu versions V5.8 and 5.10)
*   VDSErrorException: VDSGenericException: VDSErrorException: Failed to
SnapshotVDS, error = Snapshot failed, code = 48

JENKINS QEMU = LIVE Snapshots ok (tested with qemu versions V5.8 and 5.10)
*   Command CreateAllSnapshotsFromVm, Parameters Type
org.ovirt.engine.core.common.asynctasks.AsyncTaskParameters) returned status
finished, result 'success'.

Thanks!
Christian



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Network traffic being mirrored

[Antoni Segura Puimedon]

- Original Message -
> From: "Jim Rippon" 
> To: Users@ovirt.org
> Sent: Friday, June 13, 2014 1:23:10 PM
> Subject: Re: [ovirt-users] Network traffic being mirrored
> 
> 
> 
> In the end I didn't trace the cause of this issue, but a reboot of the host
> appears to have stopped the odd behaviour. I'll keep an eye on it and
> feedback if I see a repeat, perhaps there is something I can do to provide
> some useful debugging information - open to suggestions?

Well, if it happens again I'd like the output of:

vdsClient -s 0 getVdsCapabilites

iptables -n -L

ip -o -d link show

> 
> Jim
> 
> On 2014-06-12 14:40, Jim Rippon wrote:
> 
> 
> 
> Hi guys,
> 
> I am seeing network traffic being sent to all my VMs on one of my oVirt
> hosts, but not the other two in that same datacentre. The VMs are running
> CentOS, and I've been monitoring the sessions with iptraf, and can see
> traffic from all other VMs on that network being received by all other VMs
> running on this host which have an interface on that same network.
> 
> Is this something anyone has seen, or could anyone suggest anything I should
> be looking at to further diagnose?
> 
> Many thanks,
> 
> Jim Rippon
> 
> ___
> Users mailing list Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
> 
> 
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] After Upgrade to 3.4.2 no conole icon activation

[Markus Stockhausen]

Hello,

after starting a VM in webadmin on ovirt engine 3.4.2 we have
to manually switch to another VM and back to get the console
icon active.

Is this behaviour desired?

Markus

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
Weitergabe dieser Mail ist nicht gestattet.

Über das Internet versandte E-Mails können unter fremden Namen erstellt oder
manipuliert werden. Deshalb ist diese als E-Mail verschickte Nachricht keine
rechtsverbindliche Willenserklärung.

Collogia
Unternehmensberatung AG
Ubierring 11
D-50678 Köln

Vorstand:
Kadir Akin
Dr. Michael Höhnerbach

Vorsitzender des Aufsichtsrates:
Hans Kristian Langva

Registergericht: Amtsgericht Köln
Registernummer: HRB 52 497

This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.

e-mails sent over the internet may have been written under a wrong name or
been manipulated. That is why this message sent as an e-mail is not a
legally binding declaration of intention.

Collogia
Unternehmensberatung AG
Ubierring 11
D-50678 Köln

executive board:
Kadir Akin
Dr. Michael Höhnerbach

President of the supervisory board:
Hans Kristian Langva

Registry office: district court Cologne
Register number: HRB 52 497


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] [ ERROR ] Failed to execute stage 'Closing up': Command '/bin/systemctl' failed to execute

[Gianluca Cecchi]

Il 13/giu/2014 19:14 "Todd"  ha scritto:
>
> This is what I found, thank you for sharing:
>
> [root@ovirt ~]# journalctl -r -a -u ovirt-engine
>
> -- Logs begin at Wed 2014-06-04 10:56:26 EDT, end at Fri 2014-06-13
13:04:02 EDT
>
> Jun 12 17:02:18 ovirt.od.itots.local ovirt-engine.py[6127]: 2014-06-12
17:02:18,
>
> Jun 12 17:02:17 ovirt.od.itots.local systemd[1]: Starting oVirt Engine...
>
> Jun 12 17:01:28 ovirt.od.itots.local systemd[1]: Stopped oVirt Engine.
>
> -- Reboot --
>
> Jun 11 00:11:07 ovirt.od.itots.local systemd[1]: Unit
ovirt-engine.service enter
>
> Jun 11 00:11:07 ovirt.od.itots.local systemd[1]: Failed to start oVirt
Engine.
>
> Jun 11 00:11:07 ovirt.od.itots.local systemd[1]: ovirt-engine.service:
main proc
>
> Jun 11 00:11:07 ovirt.od.itots.local ovirt-engine.py[6504]: 2014-06-11
00:11:07,
>
> Jun 11 00:11:07 ovirt.od.itots.local systemd[1]: Starting oVirt Engine...
>
> Jun 11 00:10:39 ovirt.od.itots.local systemd[1]: Stopped oVirt Engine.
>
> Jun 11 00:02:02 ovirt.od.itots.local systemd[1]: Unit
ovirt-engine.service enter
>
> Jun 11 00:02:02 ovirt.od.itots.local systemd[1]: Failed to start oVirt
Engine.
>
> Jun 11 00:02:02 ovirt.od.itots.local systemd[1]: ovirt-engine.service:
main proc
>
> Jun 11 00:02:02 ovirt.od.itots.local ovirt-engine.py[3623]: 2014-06-11
00:02:02,
>
> Jun 11 00:02:02 ovirt.od.itots.local systemd[1]: Starting oVirt Engine...
>
> Jun 11 00:01:34 ovirt.od.itots.local systemd[1]: Stopped oVirt Engine.
>
> Jun 10 20:31:22 ovirt.od.itots.local systemd[1]: Unit
ovirt-engine.service enter
>
> Jun 10 20:31:22 ovirt.od.itots.local systemd[1]: Failed to start oVirt
Engine.
>
> Jun 10 20:31:22 ovirt.od.itots.local systemd[1]: ovirt-engine.service:
main proc
>
> Jun 10 20:31:22 ovirt.od.itots.local ovirt-engine.py[31568]: 2014-06-10
20:31:22
>
> Jun 10 20:31:22 ovirt.od.itots.local systemd[1]: Starting oVirt Engine...
>
> Jun 10 20:30:53 ovirt.od.itots.local systemd[1]: Stopped oVirt Engine.
>
> Jun 10 20:29:11 ovirt.od.itots.local systemd[1]: Unit
ovirt-engine.service enter
>
> Jun 10 20:29:11 ovirt.od.itots.local systemd[1]: Failed to start oVirt
Engine.
>
> Jun 10 20:29:11 ovirt.od.itots.local systemd[1]: ovirt-engine.service:
main proc
>
> Jun 10 20:29:11 ovirt.od.itots.local ovirt-engine.py[28721]: 2014-06-10
20:29:11
>
> Jun 10 20:29:11 ovirt.od.itots.local systemd[1]: Starting oVirt Engine...
>
> Jun 10 20:28:12 ovirt.od.itots.local systemd[1]: Stopped oVirt Engine.
>
>
>
> [root@ovirt ~]# systemctl status ovirt-engine
>
> ovirt-engine.service - oVirt Engine
>
>Loaded: loaded (/usr/lib/systemd/system/ovirt-engine.service; disabled)
>
>Active: failed (Result: exit-code) since Thu 2014-06-12 17:02:18 EDT;
20h ago
>
> Main PID: 6127 (code=exited, status=1/FAILURE)
>
>CGroup: /system.slice/ovirt-engine.service
>
>
>
> Jun 12 17:02:18 ovirt.od.itots.local ovirt-engine.py[6127]: 2014-06-12
17:02:...
>
> Jun 12 17:02:18 ovirt.od.itots.local systemd[1]: ovirt-engine.service:
main ...E
>
> Jun 12 17:02:18 ovirt.od.itots.local systemd[1]: Failed to start oVirt
Engine.
>
> Jun 12 17:02:18 ovirt.od.itots.local systemd[1]: Unit
ovirt-engine.service e
>
> Hint: Some lines were ellipsized, use -l to show in full.
>
>
>
> Todd
>
>
>
> From: Gianluca Cecchi [mailto:gianluca.cec...@gmail.com]
> Sent: Thursday, June 12, 2014 6:35 PM
> To: Todd; users
>
> Subject: Re: [ovirt-users] [ ERROR ] Failed to execute stage 'Closing
up': Command '/bin/systemctl' failed to execute
>
>
>
> On Fri, Jun 13, 2014 at 12:23 AM, Todd  wrote:
>
> One thing I did, I added an additional 4 to make it 8GB to the machine.
>
>
>
> And it still does the same thing, but it is saying there is a problem
with the systemctl “Closing up” error.
>
>
>
> How is that related to the amount of memory, at present, I just want to
bring up the web interface and get it installed.
>
>
>
> Todd
>
>
>
>
>
> Keep replies on list, so that other can help too if necessary.
> I think the init service should have been installed anyway.
> What you get from the command
>
> # systemctl status ovirt-engine
>
> for example on my system I get this
>
>
> [g.cecchi@tekkaman ~]$ sudo systemctl status ovirt-engine
> ovirt-engine.service - oVirt Engine
>Loaded: loaded (/usr/lib/systemd/system/ovirt-engine.service; enabled)
>Active: active (running) since Fri 2014-06-13 00:24:55 CEST; 2min 49s
ago
>  Main PID: 1899 (ovirt-engine.py)
>CGroup: name=systemd:/system/ovirt-engine.service
>├─1899 /usr/bin/python
/usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.py
--redirect-output --system...
>└─2370 ovirt-engine -server -XX:+TieredCompilation -Xms1g
-Xmx1g -XX:PermSize=256m -XX:MaxPermSize=256m -Djava
>
> Jun 13 00:24:54 tekkaman.localdomain.local systemd[1]: Starting oVirt
Engine...
> Jun 13 00:24:55 tekkaman.localdomain.local systemd[1]: Started oVirt
Engine.
>
> And also the command
>
> # journalctl -r -a -u ovirt-engine
>
> for example I had a failure on November and the comamnd at a 

[ovirt-users] [ ERROR ] Failed to execute stage 'Closing up': Command '/bin/systemctl' failed to execute

[Todd]

I have increased the amount of Ram from 4GB to 8GB

 

This is what I found:


[root@ovirt ~]# journalctl -r -a -u ovirt-engine

-- Logs begin at Wed 2014-06-04 10:56:26 EDT, end at Fri 2014-06-13 13:04:02
EDT

Jun 12 17:02:18 ovirt.od.itots.local ovirt-engine.py[6127]: 2014-06-12
17:02:18,

Jun 12 17:02:17 ovirt.od.itots.local systemd[1]: Starting oVirt Engine...

Jun 12 17:01:28 ovirt.od.itots.local systemd[1]: Stopped oVirt Engine.

-- Reboot --

Jun 11 00:11:07 ovirt.od.itots.local systemd[1]: Unit ovirt-engine.service
enter

Jun 11 00:11:07 ovirt.od.itots.local systemd[1]: Failed to start oVirt
Engine.

Jun 11 00:11:07 ovirt.od.itots.local systemd[1]: ovirt-engine.service: main
proc

Jun 11 00:11:07 ovirt.od.itots.local ovirt-engine.py[6504]: 2014-06-11
00:11:07,

Jun 11 00:11:07 ovirt.od.itots.local systemd[1]: Starting oVirt Engine...

Jun 11 00:10:39 ovirt.od.itots.local systemd[1]: Stopped oVirt Engine.

Jun 11 00:02:02 ovirt.od.itots.local systemd[1]: Unit ovirt-engine.service
enter

Jun 11 00:02:02 ovirt.od.itots.local systemd[1]: Failed to start oVirt
Engine.

Jun 11 00:02:02 ovirt.od.itots.local systemd[1]: ovirt-engine.service: main
proc

Jun 11 00:02:02 ovirt.od.itots.local ovirt-engine.py[3623]: 2014-06-11
00:02:02,

Jun 11 00:02:02 ovirt.od.itots.local systemd[1]: Starting oVirt Engine...

Jun 11 00:01:34 ovirt.od.itots.local systemd[1]: Stopped oVirt Engine.

Jun 10 20:31:22 ovirt.od.itots.local systemd[1]: Unit ovirt-engine.service
enter

Jun 10 20:31:22 ovirt.od.itots.local systemd[1]: Failed to start oVirt
Engine.

Jun 10 20:31:22 ovirt.od.itots.local systemd[1]: ovirt-engine.service: main
proc

Jun 10 20:31:22 ovirt.od.itots.local ovirt-engine.py[31568]: 2014-06-10
20:31:22

Jun 10 20:31:22 ovirt.od.itots.local systemd[1]: Starting oVirt Engine...

Jun 10 20:30:53 ovirt.od.itots.local systemd[1]: Stopped oVirt Engine.

Jun 10 20:29:11 ovirt.od.itots.local systemd[1]: Unit ovirt-engine.service
enter

Jun 10 20:29:11 ovirt.od.itots.local systemd[1]: Failed to start oVirt
Engine.

Jun 10 20:29:11 ovirt.od.itots.local systemd[1]: ovirt-engine.service: main
proc

Jun 10 20:29:11 ovirt.od.itots.local ovirt-engine.py[28721]: 2014-06-10
20:29:11

Jun 10 20:29:11 ovirt.od.itots.local systemd[1]: Starting oVirt Engine...

Jun 10 20:28:12 ovirt.od.itots.local systemd[1]: Stopped oVirt Engine.

 


[root@ovirt ~]# systemctl status ovirt-engine

ovirt-engine.service - oVirt Engine

   Loaded: loaded (/usr/lib/systemd/system/ovirt-engine.service; disabled)

   Active: failed (Result: exit-code) since Thu 2014-06-12 17:02:18 EDT; 20h
ago

Main PID: 6127 (code=exited, status=1/FAILURE)

   CGroup: /system.slice/ovirt-engine.service

 

Jun 12 17:02:18 ovirt.od.itots.local ovirt-engine.py[6127]: 2014-06-12
17:02:...

Jun 12 17:02:18 ovirt.od.itots.local systemd[1]: ovirt-engine.service: main
...E

Jun 12 17:02:18 ovirt.od.itots.local systemd[1]: Failed to start oVirt
Engine.

Jun 12 17:02:18 ovirt.od.itots.local systemd[1]: Unit ovirt-engine.service
e

Hint: Some lines were ellipsized, use -l to show in full.

 

Todd


---

Message: 3

Date: Thu, 12 Jun 2014 21:51:20 +0200

From: Gianluca Cecchi < 
gianluca.cec...@gmail.com>

To: Todd <  td...@yahoo.com>

Cc: users <  users@ovirt.org>

Subject: Re: [ovirt-users] [ ERROR ] Failed to execute stage 'Closing

up': Command '/bin/systemctl' failed to execute

Message-ID:

<

cag2kncw5wlnitxsz2bjgmjzr1o_dmhpzzucoqowaoa4mfrh...@mail.gmail.com>

Content-Type: text/plain; charset="utf-8"

 

How much ram do you have on this system?

-- next part --

An HTML attachment was scrubbed...

URL: <

http://lists.ovirt.org/pipermail/users/attachments/20140612/2600b1d7/attachm
ent-0001.html

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] localdomain

[Michal Skrivanek]

On 13 Jun 2014, at 15:17, Koen Vanoppen wrote:

> > The cloud-init integration was a little flaky when I was using it,
> 
> > when it was introduced in 3.3 - definitely
> ...
> 
> Indeed. We are now using 3.4 and in works much better. And indeed the root 
> password option also works now! :-)
> And we can add a domain IF we type domain after every VM that has to be 
> created. (There a some... We work for The airport :-) ). So isn't there a 
> option where we can OR just remove the domain so the only thing left is the 
> name we gave to the machine OR set a standard domain that ovirt uses with 
> every VM created…?

I'm not sure if cloud-init has an option specifically for domain….their docs 
is…well…not that great
Since there's the custom script option where you can add anything…how about 
just set it there directly? it gets "merged" with the options we have in the UI 
so as long as it's syntactically correct cloud-config snippet, it should work

Thanks,
michal

> 
> Kind regards and thx in advance!
> 
> 
> 
> 2014-06-13 10:53 GMT+02:00 Michal Skrivanek :
> 
> On 12 Jun 2014, at 05:11, Andrew Lau wrote:
> 
> > The cloud-init integration was a little flaky when I was using it,
> 
> when it was introduced in 3.3 - definitely
> 
> >
> > I ended up not using any of the inbuilt oVirt options (eg. hostname,
> > root password). Root password never worked for me as it'd force a
> > reset on first login.. defeating the purpose.
> 
> yes. This has been fixed since (IIRC in 3.4, maybe a bit later, not sure)
> 
> I'm not aware of any further issues with cloud-init recently…it should be fine
> there's always room for some enhancements…but pretty much you can add 
> whatever is missing in a custom config section (also for windows sysprep) 
> today
> 
> Thanks,
> michal
> 
> > Just passing a full cloud-init config into the bottom section worked
> > for me, so for your case just define the hostname there instead.
> >
> >
> > On Tue, May 27, 2014 at 9:33 PM, Koen Vanoppen  
> > wrote:
> >> Hi Guys,
> >>
> >> It's bin a while :-). Luckily :-).
> >>
> >> I have a quick question. Is there a way to change the default .localdomain
> >> for the FQDN in ovirt?
> >> I would be handy if we just had to fill in the hostname of our vm (we are
> >> using 3.4, with the cloud-init feature) and he automatically adds our 
> >> domain
> >> in stead of .localdomain.
> >>
> >> Kind regards,
> >>
> >> Koen
> >>
> >> ___
> >> Users mailing list
> >> Users@ovirt.org
> >> http://lists.ovirt.org/mailman/listinfo/users
> >>
> > ___
> > Users mailing list
> > Users@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> 
> 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Can HA Agent control NFS Mount?

[Bob Doolittle]

Doron,

This is my normal process but it does not resolve the issue.

A few of us who have experienced this have tried a number of things.

I see two hangs/wdmd timeouts during shutdown, so I think there are two 
remaining lease holders.


I find if I stop vdsmd, ovirt-ha-agent, and ovirt-ha-broker services I 
only experience the last hang (almost at the end, as it's shutting down 
filesystems).
Any hang results in a wdmd timeout and consequently a reboot instead of 
poweroff.


If I never bring engine up, things shut down cleanly.

I will try your suggestions in the other mail a bit later this morning.

-Bob

On 06/13/2014 08:28 AM, Doron Fediuck wrote:

Bob,
the way to handle it is to switch to global maintenance,
and then ssh into the VM and shut it down.

After rebooting you should switch maintenance mode to off.

- Original Message -

From: "Bob Doolittle" 
To: "Sven Kieske" 
Cc: "users" , "Doron Fediuck" , "Itamar Heim" 

Sent: Friday, June 13, 2014 3:16:12 PM
Subject: Re: [ovirt-users] Can HA Agent control NFS Mount?

Would that help the issue being reported in this thread at all? This thread
was about issues with clean shutdown of a single node hosted environment,
which result in hangs/timeouts and the inability to issue poweroff without
it resulting in a reboot.

There have been no suggestions about how to resolve those issues, which
seem related to sanlock leases not being cleanly released.

-Bob
On Jun 13, 2014 5:14 AM, "Sven Kieske"  wrote:


I suppose a hosted-engine solution without HA
would suffice the use case of just having one system to host and manage
vms, with the ability to extend this system to many more.

Am 03.06.2014 13:52, schrieb Itamar Heim:

what would look different for hosted-engine on a single host? just not
have the "ha" feature?

--
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt - Node install on CentOS

[Simon Barrett]

One thing I do have to tweak is the group on /var/run/sanlock/sanlock.sock. By 
default, when I reboot the owner/group/perms are this:

srw-rw 1 sanlock root 0 Jun 13 09:08 sanlock.sock

vdsm then has problems accessing sanlock.sock and I see errors like this in 
engine.log:

2014-06-13 06:18:41,436 INFO  
[org.ovirt.engine.core.vdsbroker.vdsbroker.CreateStoragePoolVDSCommand] 
(org.ovirt.thread.pool-6-thread-17) [12b48409] Command 
org.ovirt.engine.core.vdsbroker.vdsbroke
r.CreateStoragePoolVDSCommand return value
StatusOnlyReturnForXmlRpc [mStatus=StatusForXmlRpc [mCode=661, mMessage=Cannot 
acquire host id: ('634aad80-503a-4e59-9738-15b6fb1bf10a', SanlockException(13, 
'Sanlock lockspace add failure', 'Permission denied'))]]

If I chgrp qemu /var/run/sanlock/sanlock.sock then all works fine.

I know I can change the default group membership for sanlock in 
/etc/libvirt/qemu-sanlock.conf but was wondering if this is something that the 
vdsm install should take care of?

Thanks,

Simon

From: users-boun...@ovirt.org [mailto:users-boun...@ovirt.org] On Behalf Of Joop
Sent: 13 June 2014 11:54
Cc: users@ovirt.org
Subject: Re: [ovirt-users] oVirt - Node install on CentOS

Sven Kieske wrote:

+1 from me, this should work without manual tweaking (except for live

snapshots).



Am 09.06.2014 20:32, schrieb Joop:



If you install a minimal Centos-6.5 and add the ovirt repository and

then add the host using the webui of engine then it will install all

needed packages (vdsm/libvirt/kvm) and you're done. You can then replace

the standard qemu with the one that will do live snapshots. Depending on

where you're storage is located you shouldn't have to tinker with

memberships etc.






Looking at this again I would like the webui install process to add the repo 
too :-)
If engine-setup is up to date it could know the location  of the ovirt-repo.rpm 
and install it automatically. There is probably a very good reason why it 
doesn't do this since I can't imagine I'm the first one to think about this.

Joop
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] localdomain

[Koen Vanoppen]

> The cloud-init integration was a little flaky when I was using it,

> when it was introduced in 3.3 - definitely
...

Indeed. We are now using 3.4 and in works much better. And indeed the root
password option also works now! :-)
And we can add a domain IF we type domain after every VM that has to be
created. (There a some... We work for The airport :-) ). So isn't there a
option where we can OR just remove the domain so the only thing left is the
name we gave to the machine OR set a standard domain that ovirt uses with
every VM created...?

Kind regards and thx in advance!



2014-06-13 10:53 GMT+02:00 Michal Skrivanek :

>
> On 12 Jun 2014, at 05:11, Andrew Lau wrote:
>
> > The cloud-init integration was a little flaky when I was using it,
>
> when it was introduced in 3.3 - definitely
>
> >
> > I ended up not using any of the inbuilt oVirt options (eg. hostname,
> > root password). Root password never worked for me as it'd force a
> > reset on first login.. defeating the purpose.
>
> yes. This has been fixed since (IIRC in 3.4, maybe a bit later, not sure)
>
> I'm not aware of any further issues with cloud-init recently…it should be
> fine
> there's always room for some enhancements…but pretty much you can add
> whatever is missing in a custom config section (also for windows sysprep)
> today
>
> Thanks,
> michal
>
> > Just passing a full cloud-init config into the bottom section worked
> > for me, so for your case just define the hostname there instead.
> >
> >
> > On Tue, May 27, 2014 at 9:33 PM, Koen Vanoppen 
> wrote:
> >> Hi Guys,
> >>
> >> It's bin a while :-). Luckily :-).
> >>
> >> I have a quick question. Is there a way to change the default
> .localdomain
> >> for the FQDN in ovirt?
> >> I would be handy if we just had to fill in the hostname of our vm (we
> are
> >> using 3.4, with the cloud-init feature) and he automatically adds our
> domain
> >> in stead of .localdomain.
> >>
> >> Kind regards,
> >>
> >> Koen
> >>
> >> ___
> >> Users mailing list
> >> Users@ovirt.org
> >> http://lists.ovirt.org/mailman/listinfo/users
> >>
> > ___
> > Users mailing list
> > Users@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] novnc error

[Garrett Baltezegar]

If I can help by providing any additional information about our current
network or system setup for your testing purposes , please let me know!
On Jun 13, 2014 8:36 AM, "Alon Bar-Lev"  wrote:

>
>
> - Original Message -
> > From: "Frantisek Kobzik" 
> > To: "Garrett Baltezegar" 
> > Cc: "Alon Bar-Lev" , users@ovirt.org
> > Sent: Friday, June 13, 2014 3:34:42 PM
> > Subject: Re: [ovirt-users] novnc error
> >
> > Great, I'm happy that it's working now!
>
> Regardless, we should reproduce this exception and see if it is relevant
> to upstream.
>
> >
> > Cheers,
> > Franta.
> >
> >
> > - Original Message -
> > From: "Garrett Baltezegar" 
> > To: "Frantisek Kobzik" 
> > Cc: "Alon Bar-Lev" , users@ovirt.org
> > Sent: Friday, June 13, 2014 2:26:06 PM
> > Subject: Re: [ovirt-users] novnc error
> >
> > Our local Linux ninja rebuilt the underlying server from scratch last
> > night, to fix another storage issue we were having.  While he was testing
> > the storage FIX, he discovered that novnc is up and running this morning.
> >  There must have been a bad configuration somewhere along the way that
> was
> > causing the problem.  To confirm, however, I tested with IP and FQDN, and
> > only FQDN works, as it should, I believe.
> >
> > I really appreciate everyone's help on this problem!!
> >
> >
> > On Fri, Jun 13, 2014 at 8:10 AM, Frantisek Kobzik 
> > wrote:
> >
> > > Hi Garrett,
> > >
> > > just a question about accessing the engine via the browser: do you
> access
> > > engine via the fqdn you typed in in the engine-setup? For instance, if
> you
> > > issue the certificates for 'mycompany.com' and use let's say ip
> address
> > > in the browser, websockify won't work...
> > >
> > > Cheers,
> > > Franta
> > >
> > >
> > > - Original Message -
> > > From: "Garrett Baltezegar" 
> > > To: "Alon Bar-Lev" 
> > > Cc: users@ovirt.org
> > > Sent: Thursday, June 12, 2014 11:50:30 PM
> > > Subject: Re: [ovirt-users] novnc error
> > >
> > >
> > >
> > > Python-websockify - 0.5.1-1.e16.no arch
> > >
> > > Numpy isn't installed
> > > On Jun 12, 2014 5:15 PM, "Alon Bar-Lev" < alo...@redhat.com > wrote:
> > >
> > >
> > >
> > >
> > > - Original Message -
> > > > From: "Garrett Baltezegar" < my9...@gmail.com >
> > > > To: "Alon Bar-Lev" < alo...@redhat.com >
> > > > Cc: users@ovirt.org
> > > > Sent: Friday, June 13, 2014 12:12:28 AM
> > > > Subject: Re: [ovirt-users] novnc error
> > > >
> > > > I've checked /var/log/messages a few times, but it doesn't seem like
> much
> > > > is being written to it; the last entry I have is from ~6 hours ago.
> > > >
> > > > When running
> > > >
> > >
> "/usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.py
> > > > --debug start" I see the following information as the service is
> > > starting:
> > > >
> > > > WARNING: no 'numpy' module, HyBi protocol will be slower
> > > > ovirt-websocket-proxy[14511] DEBUG _daemon:403 daemon entry pid=14511
> > > > ovirt-websocket-proxy[14511] DEBUG _daemon:404 background=False
> > > > ovirt-websocket-proxy[14511] DEBUG loadFile:70 loading config
> > > > '/usr/share/ovirt-
> > > > engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.conf'
> > > > ovirt-websocket-proxy[14511] DEBUG loadFile:70 loading config
> > > > '/etc/ovirt-engine
> > > > /ovirt-websocket-proxy.conf.d/10-setup.conf'
> > > > ovirt-websocket-proxy[14511] DEBUG _daemon:440 I am a daemon 14511
> > > > ovirt-websocket-proxy[14511] DEBUG _setLimits:377 Setting rlimits
> > > > WebSocket server settings:
> > > > - Listen on *:6100
> > > > - Flash security policy server
> > > > - SSL/TLS support
> > > > - Deny non-SSL/TLS connections
> > > > - proxying from *:6100 to targets in /dummy
> > > >
> > > >
> > > >
> > > > I see the following info after I attempted a novnc connection
> through the
> > > > browser:
> > > >
> > > > 1: 10.255.239.1 : new handler Process
> > > > 1: handler exception: WSRequestHandler instance has no attribute
> > > 'last_code'
> > > > 1: Traceback (most recent call last):
> > > > File "/usr/lib/python2.6/site-packages/websockify/websocket.py", line
> > > 696,
> > > > in top_new_client
> > > > self.client = self.do_handshake(startsock, address)
> > > > File "/usr/lib/python2.6/site-packages/websockify/websocket.py", line
> > > 628,
> > > > in do_handshake
> > > > if wsh.last_code == 101:
> > > > AttributeError: WSRequestHandler instance has no attribute
> 'last_code'
> > > >
> > > >
> > >
> > > What version of python-websockify do you have?
> > > What version of numpy do you have (if any)?
> > >
> > > > Thanks!
> > > >
> > > >
> > > > On Thu, Jun 12, 2014 at 4:56 PM, Alon Bar-Lev < alo...@redhat.com >
> > > wrote:
> > > >
> > > > >
> > > > >
> > > > > - Original Message -
> > > > > > From: "Garrett Baltezegar" < my9...@gmail.com >
> > > > > > To: "Alon Bar-Lev" < alo...@redhat.com >
> > > > > > Cc: users@ovirt.org
> > > > > > Sent: Thursday, June 12, 2014 11:49:50 PM
> > > > > > Subject: Re: [ovirt-users] nov

Re: [ovirt-users] novnc error

[Alon Bar-Lev]

- Original Message -
> From: "Frantisek Kobzik" 
> To: "Garrett Baltezegar" 
> Cc: "Alon Bar-Lev" , users@ovirt.org
> Sent: Friday, June 13, 2014 3:34:42 PM
> Subject: Re: [ovirt-users] novnc error
> 
> Great, I'm happy that it's working now!

Regardless, we should reproduce this exception and see if it is relevant to 
upstream.

> 
> Cheers,
> Franta.
> 
> 
> - Original Message -
> From: "Garrett Baltezegar" 
> To: "Frantisek Kobzik" 
> Cc: "Alon Bar-Lev" , users@ovirt.org
> Sent: Friday, June 13, 2014 2:26:06 PM
> Subject: Re: [ovirt-users] novnc error
> 
> Our local Linux ninja rebuilt the underlying server from scratch last
> night, to fix another storage issue we were having.  While he was testing
> the storage FIX, he discovered that novnc is up and running this morning.
>  There must have been a bad configuration somewhere along the way that was
> causing the problem.  To confirm, however, I tested with IP and FQDN, and
> only FQDN works, as it should, I believe.
> 
> I really appreciate everyone's help on this problem!!
> 
> 
> On Fri, Jun 13, 2014 at 8:10 AM, Frantisek Kobzik 
> wrote:
> 
> > Hi Garrett,
> >
> > just a question about accessing the engine via the browser: do you access
> > engine via the fqdn you typed in in the engine-setup? For instance, if you
> > issue the certificates for 'mycompany.com' and use let's say ip address
> > in the browser, websockify won't work...
> >
> > Cheers,
> > Franta
> >
> >
> > - Original Message -
> > From: "Garrett Baltezegar" 
> > To: "Alon Bar-Lev" 
> > Cc: users@ovirt.org
> > Sent: Thursday, June 12, 2014 11:50:30 PM
> > Subject: Re: [ovirt-users] novnc error
> >
> >
> >
> > Python-websockify - 0.5.1-1.e16.no arch
> >
> > Numpy isn't installed
> > On Jun 12, 2014 5:15 PM, "Alon Bar-Lev" < alo...@redhat.com > wrote:
> >
> >
> >
> >
> > - Original Message -
> > > From: "Garrett Baltezegar" < my9...@gmail.com >
> > > To: "Alon Bar-Lev" < alo...@redhat.com >
> > > Cc: users@ovirt.org
> > > Sent: Friday, June 13, 2014 12:12:28 AM
> > > Subject: Re: [ovirt-users] novnc error
> > >
> > > I've checked /var/log/messages a few times, but it doesn't seem like much
> > > is being written to it; the last entry I have is from ~6 hours ago.
> > >
> > > When running
> > >
> > "/usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.py
> > > --debug start" I see the following information as the service is
> > starting:
> > >
> > > WARNING: no 'numpy' module, HyBi protocol will be slower
> > > ovirt-websocket-proxy[14511] DEBUG _daemon:403 daemon entry pid=14511
> > > ovirt-websocket-proxy[14511] DEBUG _daemon:404 background=False
> > > ovirt-websocket-proxy[14511] DEBUG loadFile:70 loading config
> > > '/usr/share/ovirt-
> > > engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.conf'
> > > ovirt-websocket-proxy[14511] DEBUG loadFile:70 loading config
> > > '/etc/ovirt-engine
> > > /ovirt-websocket-proxy.conf.d/10-setup.conf'
> > > ovirt-websocket-proxy[14511] DEBUG _daemon:440 I am a daemon 14511
> > > ovirt-websocket-proxy[14511] DEBUG _setLimits:377 Setting rlimits
> > > WebSocket server settings:
> > > - Listen on *:6100
> > > - Flash security policy server
> > > - SSL/TLS support
> > > - Deny non-SSL/TLS connections
> > > - proxying from *:6100 to targets in /dummy
> > >
> > >
> > >
> > > I see the following info after I attempted a novnc connection through the
> > > browser:
> > >
> > > 1: 10.255.239.1 : new handler Process
> > > 1: handler exception: WSRequestHandler instance has no attribute
> > 'last_code'
> > > 1: Traceback (most recent call last):
> > > File "/usr/lib/python2.6/site-packages/websockify/websocket.py", line
> > 696,
> > > in top_new_client
> > > self.client = self.do_handshake(startsock, address)
> > > File "/usr/lib/python2.6/site-packages/websockify/websocket.py", line
> > 628,
> > > in do_handshake
> > > if wsh.last_code == 101:
> > > AttributeError: WSRequestHandler instance has no attribute 'last_code'
> > >
> > >
> >
> > What version of python-websockify do you have?
> > What version of numpy do you have (if any)?
> >
> > > Thanks!
> > >
> > >
> > > On Thu, Jun 12, 2014 at 4:56 PM, Alon Bar-Lev < alo...@redhat.com >
> > wrote:
> > >
> > > >
> > > >
> > > > - Original Message -
> > > > > From: "Garrett Baltezegar" < my9...@gmail.com >
> > > > > To: "Alon Bar-Lev" < alo...@redhat.com >
> > > > > Cc: users@ovirt.org
> > > > > Sent: Thursday, June 12, 2014 11:49:50 PM
> > > > > Subject: Re: [ovirt-users] novnc error
> > > > >
> > > > > It looks like a blank page loads. Just tried this in both Chrome and
> > > > > Internet Explorer, and got the same result.
> > > > >
> > > > > The proxy is installed locally on the ovirt server, by the way. Nmap
> > > > shows
> > > > > port 6100 TCP listening.
> > > >
> > > > do you see anything relevant at /var/log/messages?
> > > >
> > > > try to stop the ovirt-websocket-proxy service and run it in debug mode:
> > > >
> > > > # su - -s /b

Re: [ovirt-users] novnc error

[Frantisek Kobzik]

Great, I'm happy that it's working now!

Cheers,
Franta.


- Original Message -
From: "Garrett Baltezegar" 
To: "Frantisek Kobzik" 
Cc: "Alon Bar-Lev" , users@ovirt.org
Sent: Friday, June 13, 2014 2:26:06 PM
Subject: Re: [ovirt-users] novnc error

Our local Linux ninja rebuilt the underlying server from scratch last
night, to fix another storage issue we were having.  While he was testing
the storage FIX, he discovered that novnc is up and running this morning.
 There must have been a bad configuration somewhere along the way that was
causing the problem.  To confirm, however, I tested with IP and FQDN, and
only FQDN works, as it should, I believe.

I really appreciate everyone's help on this problem!!


On Fri, Jun 13, 2014 at 8:10 AM, Frantisek Kobzik 
wrote:

> Hi Garrett,
>
> just a question about accessing the engine via the browser: do you access
> engine via the fqdn you typed in in the engine-setup? For instance, if you
> issue the certificates for 'mycompany.com' and use let's say ip address
> in the browser, websockify won't work...
>
> Cheers,
> Franta
>
>
> - Original Message -
> From: "Garrett Baltezegar" 
> To: "Alon Bar-Lev" 
> Cc: users@ovirt.org
> Sent: Thursday, June 12, 2014 11:50:30 PM
> Subject: Re: [ovirt-users] novnc error
>
>
>
> Python-websockify - 0.5.1-1.e16.no arch
>
> Numpy isn't installed
> On Jun 12, 2014 5:15 PM, "Alon Bar-Lev" < alo...@redhat.com > wrote:
>
>
>
>
> - Original Message -
> > From: "Garrett Baltezegar" < my9...@gmail.com >
> > To: "Alon Bar-Lev" < alo...@redhat.com >
> > Cc: users@ovirt.org
> > Sent: Friday, June 13, 2014 12:12:28 AM
> > Subject: Re: [ovirt-users] novnc error
> >
> > I've checked /var/log/messages a few times, but it doesn't seem like much
> > is being written to it; the last entry I have is from ~6 hours ago.
> >
> > When running
> >
> "/usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.py
> > --debug start" I see the following information as the service is
> starting:
> >
> > WARNING: no 'numpy' module, HyBi protocol will be slower
> > ovirt-websocket-proxy[14511] DEBUG _daemon:403 daemon entry pid=14511
> > ovirt-websocket-proxy[14511] DEBUG _daemon:404 background=False
> > ovirt-websocket-proxy[14511] DEBUG loadFile:70 loading config
> > '/usr/share/ovirt-
> > engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.conf'
> > ovirt-websocket-proxy[14511] DEBUG loadFile:70 loading config
> > '/etc/ovirt-engine
> > /ovirt-websocket-proxy.conf.d/10-setup.conf'
> > ovirt-websocket-proxy[14511] DEBUG _daemon:440 I am a daemon 14511
> > ovirt-websocket-proxy[14511] DEBUG _setLimits:377 Setting rlimits
> > WebSocket server settings:
> > - Listen on *:6100
> > - Flash security policy server
> > - SSL/TLS support
> > - Deny non-SSL/TLS connections
> > - proxying from *:6100 to targets in /dummy
> >
> >
> >
> > I see the following info after I attempted a novnc connection through the
> > browser:
> >
> > 1: 10.255.239.1 : new handler Process
> > 1: handler exception: WSRequestHandler instance has no attribute
> 'last_code'
> > 1: Traceback (most recent call last):
> > File "/usr/lib/python2.6/site-packages/websockify/websocket.py", line
> 696,
> > in top_new_client
> > self.client = self.do_handshake(startsock, address)
> > File "/usr/lib/python2.6/site-packages/websockify/websocket.py", line
> 628,
> > in do_handshake
> > if wsh.last_code == 101:
> > AttributeError: WSRequestHandler instance has no attribute 'last_code'
> >
> >
>
> What version of python-websockify do you have?
> What version of numpy do you have (if any)?
>
> > Thanks!
> >
> >
> > On Thu, Jun 12, 2014 at 4:56 PM, Alon Bar-Lev < alo...@redhat.com >
> wrote:
> >
> > >
> > >
> > > - Original Message -
> > > > From: "Garrett Baltezegar" < my9...@gmail.com >
> > > > To: "Alon Bar-Lev" < alo...@redhat.com >
> > > > Cc: users@ovirt.org
> > > > Sent: Thursday, June 12, 2014 11:49:50 PM
> > > > Subject: Re: [ovirt-users] novnc error
> > > >
> > > > It looks like a blank page loads. Just tried this in both Chrome and
> > > > Internet Explorer, and got the same result.
> > > >
> > > > The proxy is installed locally on the ovirt server, by the way. Nmap
> > > shows
> > > > port 6100 TCP listening.
> > >
> > > do you see anything relevant at /var/log/messages?
> > >
> > > try to stop the ovirt-websocket-proxy service and run it in debug mode:
> > >
> > > # su - -s /bin/sh ovirt
> > > $
> > >
> /usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.py
> > > --debug start
> > >
> > > see what you get.
> > >
> > > >
> > > > Thanks for the quick response!
> > > > On Jun 12, 2014 4:39 PM, "Alon Bar-Lev" < alo...@redhat.com > wrote:
> > > >
> > > > >
> > > > >
> > > > > - Original Message -
> > > > > > From: "Garrett Baltezegar" < my9...@gmail.com >
> > > > > > To: users@ovirt.org
> > > > > > Sent: Thursday, June 12, 2014 11:33:09 PM
> > > > > > Subject: [ovirt-users] novnc error
> > > > > >
> > > > > > Hello 

Re: [ovirt-users] Can HA Agent control NFS Mount?

[Doron Fediuck]

- Original Message -
> From: "Andrew Lau" 
> To: "Bob Doolittle" 
> Cc: "users" 
> Sent: Friday, June 6, 2014 6:14:18 AM
> Subject: Re: [ovirt-users] Can HA Agent control NFS Mount?
> 
> On Fri, Jun 6, 2014 at 1:09 PM, Bob Doolittle  wrote:
> > Thanks Andrew, I'll try this workaround tomorrow for sure. But reading
> > though that bug report (closed not a bug) it states that the problem should
> > only arise if something is not releasing a sanlock lease. So if we've
> > entered Global Maintenance and shut down Engine, the question is what's
> > holding the lease?
> >
> > How can that be debugged?
> 
> For me it's wdmd and sanlock itself failing to shutdown properly. I
> also noticed even when in global maintenance and the engine VM powered
> off there is still a sanlock lease for the
> /rhev/mnt/hosted-engine/? lease file or something along those
> lines. So the global maintenance may not actually be releasing that
> lock.
> 
> I'm not too familiar with sanlock etc. So it's like stabbing in the dark :(
> 

Sounds like a bug since once the VM is off there should not
be a lease taken.

Please check if after a minute you still have a lease taken
according to: http://www.ovirt.org/SANLock#sanlock_timeouts

In this case try to stop vdsm and libvirt just so we'll know
who still keeps the lease.

> >
> > -Bob
> >
> > On Jun 5, 2014 10:56 PM, "Andrew Lau"  wrote:
> >>
> >> On Mon, May 26, 2014 at 5:10 AM, Bob Doolittle 
> >> wrote:
> >> >
> >> > On 05/25/2014 02:51 PM, Joop wrote:
> >> >>
> >> >> On 25-5-2014 19:38, Bob Doolittle wrote:
> >> >>>
> >> >>>
> >> >>> Also curious is that when I say "poweroff" it actually reboots and
> >> >>> comes
> >> >>> up again. Could that be due to the timeouts on the way down?
> >> >>>
> >> >> Ah, that's something my F19 host does too. Some more info: if engine
> >> >> hasn't been started on the host then I can shutdown it and it will
> >> >> poweroff.
> >> >> IF engine has been run on it then it will reboot.
> >> >> Its not vdsm (I think) because my shutdown sequence is (on my f19
> >> >> host):
> >> >>  service ovirt-agent-ha stop
> >> >>  service ovirt-agent-broker stop
> >> >>  service vdsmd stop
> >> >>  ssh root@engine01 "init 0"
> >> >> init 0
> >> >>
> >> >> I don't use maintenance mode because when I poweron my host (= my
> >> >> desktop)
> >> >> I want engine to power on automatically which it does most of the time
> >> >> within 10 min.
> >> >
> >> >
> >> > For comparison, I see this issue and I *do* use maintenance mode
> >> > (because
> >> > presumably that's the 'blessed' way to shut things down and I'm scared
> >> > to
> >> > mess this complex system up by straying off the beaten path ;). My
> >> > process
> >> > is:
> >> >
> >> > ssh root@engine "init 0"
> >> > (wait for "vdsClient -s 0 list | grep Status:" to show the vm as down)
> >> > hosted-engine --set-maintenance --mode=global
> >> > poweroff
> >> >
> >> > And then on startup:
> >> > hosted-engine --set-maintenance --mode=none
> >> > hosted-engine --vm-start
> >> >
> >> > There are two issues here. I am not sure if they are related or not.
> >> > 1. The NFS timeout during shutdown (Joop do you see this also? Or just
> >> > #2?)
> >> > 2. The system reboot instead of poweroff (which messes up remote machine
> >> > management)
> >> >
> >> > Thanks,
> >> >  Bob
> >> >
> >> >
> >> >> I think wdmd or sanlock are causing the reboot instead of poweroff
> >>
> >> While searching for my issue of wdmd/sanlock not shutting down, I
> >> found this which may interest you both:
> >> https://bugzilla.redhat.com/show_bug.cgi?id=888197
> >>
> >> Specifically:
> >> "To shut down sanlock without causing a wdmd reboot, you can run the
> >> following command: "sanlock client shutdown -f 1"
> >>
> >> This will cause sanlock to kill any pid's that are holding leases,
> >> release those leases, and then exit.
> >> "
> >>
> >> >>
> >> >> Joop
> >> >>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Can HA Agent control NFS Mount?

[Doron Fediuck]

Bob,
the way to handle it is to switch to global maintenance,
and then ssh into the VM and shut it down.

After rebooting you should switch maintenance mode to off.

- Original Message -
> From: "Bob Doolittle" 
> To: "Sven Kieske" 
> Cc: "users" , "Doron Fediuck" , "Itamar 
> Heim" 
> Sent: Friday, June 13, 2014 3:16:12 PM
> Subject: Re: [ovirt-users] Can HA Agent control NFS Mount?
> 
> Would that help the issue being reported in this thread at all? This thread
> was about issues with clean shutdown of a single node hosted environment,
> which result in hangs/timeouts and the inability to issue poweroff without
> it resulting in a reboot.
> 
> There have been no suggestions about how to resolve those issues, which
> seem related to sanlock leases not being cleanly released.
> 
> -Bob
> On Jun 13, 2014 5:14 AM, "Sven Kieske"  wrote:
> 
> > I suppose a hosted-engine solution without HA
> > would suffice the use case of just having one system to host and manage
> > vms, with the ability to extend this system to many more.
> >
> > Am 03.06.2014 13:52, schrieb Itamar Heim:
> > > what would look different for hosted-engine on a single host? just not
> > > have the "ha" feature?
> >
> > --
> > Mit freundlichen Grüßen / Regards
> >
> > Sven Kieske
> >
> > Systemadministrator
> > Mittwald CM Service GmbH & Co. KG
> > Königsberger Straße 6
> > 32339 Espelkamp
> > T: +49-5772-293-100
> > F: +49-5772-293-333
> > https://www.mittwald.de
> > Geschäftsführer: Robert Meyer
> > St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
> > Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
> > ___
> > Users mailing list
> > Users@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] novnc error

[Garrett Baltezegar]

Our local Linux ninja rebuilt the underlying server from scratch last
night, to fix another storage issue we were having.  While he was testing
the storage FIX, he discovered that novnc is up and running this morning.
 There must have been a bad configuration somewhere along the way that was
causing the problem.  To confirm, however, I tested with IP and FQDN, and
only FQDN works, as it should, I believe.

I really appreciate everyone's help on this problem!!


On Fri, Jun 13, 2014 at 8:10 AM, Frantisek Kobzik 
wrote:

> Hi Garrett,
>
> just a question about accessing the engine via the browser: do you access
> engine via the fqdn you typed in in the engine-setup? For instance, if you
> issue the certificates for 'mycompany.com' and use let's say ip address
> in the browser, websockify won't work...
>
> Cheers,
> Franta
>
>
> - Original Message -
> From: "Garrett Baltezegar" 
> To: "Alon Bar-Lev" 
> Cc: users@ovirt.org
> Sent: Thursday, June 12, 2014 11:50:30 PM
> Subject: Re: [ovirt-users] novnc error
>
>
>
> Python-websockify - 0.5.1-1.e16.no arch
>
> Numpy isn't installed
> On Jun 12, 2014 5:15 PM, "Alon Bar-Lev" < alo...@redhat.com > wrote:
>
>
>
>
> - Original Message -
> > From: "Garrett Baltezegar" < my9...@gmail.com >
> > To: "Alon Bar-Lev" < alo...@redhat.com >
> > Cc: users@ovirt.org
> > Sent: Friday, June 13, 2014 12:12:28 AM
> > Subject: Re: [ovirt-users] novnc error
> >
> > I've checked /var/log/messages a few times, but it doesn't seem like much
> > is being written to it; the last entry I have is from ~6 hours ago.
> >
> > When running
> >
> "/usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.py
> > --debug start" I see the following information as the service is
> starting:
> >
> > WARNING: no 'numpy' module, HyBi protocol will be slower
> > ovirt-websocket-proxy[14511] DEBUG _daemon:403 daemon entry pid=14511
> > ovirt-websocket-proxy[14511] DEBUG _daemon:404 background=False
> > ovirt-websocket-proxy[14511] DEBUG loadFile:70 loading config
> > '/usr/share/ovirt-
> > engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.conf'
> > ovirt-websocket-proxy[14511] DEBUG loadFile:70 loading config
> > '/etc/ovirt-engine
> > /ovirt-websocket-proxy.conf.d/10-setup.conf'
> > ovirt-websocket-proxy[14511] DEBUG _daemon:440 I am a daemon 14511
> > ovirt-websocket-proxy[14511] DEBUG _setLimits:377 Setting rlimits
> > WebSocket server settings:
> > - Listen on *:6100
> > - Flash security policy server
> > - SSL/TLS support
> > - Deny non-SSL/TLS connections
> > - proxying from *:6100 to targets in /dummy
> >
> >
> >
> > I see the following info after I attempted a novnc connection through the
> > browser:
> >
> > 1: 10.255.239.1 : new handler Process
> > 1: handler exception: WSRequestHandler instance has no attribute
> 'last_code'
> > 1: Traceback (most recent call last):
> > File "/usr/lib/python2.6/site-packages/websockify/websocket.py", line
> 696,
> > in top_new_client
> > self.client = self.do_handshake(startsock, address)
> > File "/usr/lib/python2.6/site-packages/websockify/websocket.py", line
> 628,
> > in do_handshake
> > if wsh.last_code == 101:
> > AttributeError: WSRequestHandler instance has no attribute 'last_code'
> >
> >
>
> What version of python-websockify do you have?
> What version of numpy do you have (if any)?
>
> > Thanks!
> >
> >
> > On Thu, Jun 12, 2014 at 4:56 PM, Alon Bar-Lev < alo...@redhat.com >
> wrote:
> >
> > >
> > >
> > > - Original Message -
> > > > From: "Garrett Baltezegar" < my9...@gmail.com >
> > > > To: "Alon Bar-Lev" < alo...@redhat.com >
> > > > Cc: users@ovirt.org
> > > > Sent: Thursday, June 12, 2014 11:49:50 PM
> > > > Subject: Re: [ovirt-users] novnc error
> > > >
> > > > It looks like a blank page loads. Just tried this in both Chrome and
> > > > Internet Explorer, and got the same result.
> > > >
> > > > The proxy is installed locally on the ovirt server, by the way. Nmap
> > > shows
> > > > port 6100 TCP listening.
> > >
> > > do you see anything relevant at /var/log/messages?
> > >
> > > try to stop the ovirt-websocket-proxy service and run it in debug mode:
> > >
> > > # su - -s /bin/sh ovirt
> > > $
> > >
> /usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.py
> > > --debug start
> > >
> > > see what you get.
> > >
> > > >
> > > > Thanks for the quick response!
> > > > On Jun 12, 2014 4:39 PM, "Alon Bar-Lev" < alo...@redhat.com > wrote:
> > > >
> > > > >
> > > > >
> > > > > - Original Message -
> > > > > > From: "Garrett Baltezegar" < my9...@gmail.com >
> > > > > > To: users@ovirt.org
> > > > > > Sent: Thursday, June 12, 2014 11:33:09 PM
> > > > > > Subject: [ovirt-users] novnc error
> > > > > >
> > > > > > Hello everyone,
> > > > > >
> > > > > > I'm running into an error getting novnc up and running with
> ovirt,
> > > and
> > > > > I'm
> > > > > > hoping someone can help.
> > > > > >
> > > > > > My system is a CentOS minimal x86_64 install running ovirt fine.
> I

Re: [ovirt-users] python-sdk: attach disk snapshot to another virtual machine

[Juan Hernandez]

On 06/13/2014 10:43 AM, Michael Ablassmeier wrote:
> hi guys,
> 
> according to an commit in Oct. 2013 there was a patch added to the SDK
> which allows to attach an existing snapshot to a virtual machine:
> 
>   commit 72e67dd5406f3c193234697ce88d92dbe64759d7
>   Author: Michael pasternak 
>   Date:   Wed Oct 30 11:24:19 2013 +0200
>  sdk: regenerate against the latest api
> [..]
>  - added ability to attach a disk snapshot to the virtual machine
> [..]
> 
> I think this may be related to the new backup API:
> 
>   http://www.ovirt.org/Features/Backup-Restore_API_Integration
> 
> can anyone give me an pointer on how to this through the python-sdk? Or
> is there an example for this anywhere to be found? Thanks!
> 

It should be something like this:

#!/usr/bin/python

import ovirtsdk.api
import ovirtsdk.xml

api = ovirtsdk.api.API(
  url="https://fedora.example.com/ovirt-engine/api";,
  username="admin@internal",
  password="",
  insecure=True,
  debug=False
)

# Find the snapshot that contains the disk that we want to backup:
vm = api.vms.get("myvm")
snaps = vm.snapshots.list()
snap = None
for current in snaps:
if current.get_description() == "mysnap":
snap = current

# Find the disk that we want to backup:
disks = snap.disks.list()
disk = None
for current in disks:
if current.get_name() == "mydisk":
disk = current

# Find the backup appliance VM:
appliance = api.vms.get("backupvm")

# Attach the disk to the backup appliance:
appliance.disks.add(disk)

# Tell the backup appliance to perform the backup, connecting
# with SSH, or with any other way that the backup appliance
# supports.

# Bye:
api.disconnect()

With a similar script you can also disconnect the disk from the backup
appliance.

-- 
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Can HA Agent control NFS Mount?

[Bob Doolittle]

Would that help the issue being reported in this thread at all? This thread
was about issues with clean shutdown of a single node hosted environment,
which result in hangs/timeouts and the inability to issue poweroff without
it resulting in a reboot.

There have been no suggestions about how to resolve those issues, which
seem related to sanlock leases not being cleanly released.

-Bob
On Jun 13, 2014 5:14 AM, "Sven Kieske"  wrote:

> I suppose a hosted-engine solution without HA
> would suffice the use case of just having one system to host and manage
> vms, with the ability to extend this system to many more.
>
> Am 03.06.2014 13:52, schrieb Itamar Heim:
> > what would look different for hosted-engine on a single host? just not
> > have the "ha" feature?
>
> --
> Mit freundlichen Grüßen / Regards
>
> Sven Kieske
>
> Systemadministrator
> Mittwald CM Service GmbH & Co. KG
> Königsberger Straße 6
> 32339 Espelkamp
> T: +49-5772-293-100
> F: +49-5772-293-333
> https://www.mittwald.de
> Geschäftsführer: Robert Meyer
> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] novnc error

[Frantisek Kobzik]

Hi Garrett,

just a question about accessing the engine via the browser: do you access 
engine via the fqdn you typed in in the engine-setup? For instance, if you 
issue the certificates for 'mycompany.com' and use let's say ip address in the 
browser, websockify won't work...

Cheers,
Franta


- Original Message -
From: "Garrett Baltezegar" 
To: "Alon Bar-Lev" 
Cc: users@ovirt.org
Sent: Thursday, June 12, 2014 11:50:30 PM
Subject: Re: [ovirt-users] novnc error



Python-websockify - 0.5.1-1.e16.no arch 

Numpy isn't installed 
On Jun 12, 2014 5:15 PM, "Alon Bar-Lev" < alo...@redhat.com > wrote: 




- Original Message - 
> From: "Garrett Baltezegar" < my9...@gmail.com > 
> To: "Alon Bar-Lev" < alo...@redhat.com > 
> Cc: users@ovirt.org 
> Sent: Friday, June 13, 2014 12:12:28 AM 
> Subject: Re: [ovirt-users] novnc error 
> 
> I've checked /var/log/messages a few times, but it doesn't seem like much 
> is being written to it; the last entry I have is from ~6 hours ago. 
> 
> When running 
> "/usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.py
>  
> --debug start" I see the following information as the service is starting: 
> 
> WARNING: no 'numpy' module, HyBi protocol will be slower 
> ovirt-websocket-proxy[14511] DEBUG _daemon:403 daemon entry pid=14511 
> ovirt-websocket-proxy[14511] DEBUG _daemon:404 background=False 
> ovirt-websocket-proxy[14511] DEBUG loadFile:70 loading config 
> '/usr/share/ovirt- 
> engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.conf' 
> ovirt-websocket-proxy[14511] DEBUG loadFile:70 loading config 
> '/etc/ovirt-engine 
> /ovirt-websocket-proxy.conf.d/10-setup.conf' 
> ovirt-websocket-proxy[14511] DEBUG _daemon:440 I am a daemon 14511 
> ovirt-websocket-proxy[14511] DEBUG _setLimits:377 Setting rlimits 
> WebSocket server settings: 
> - Listen on *:6100 
> - Flash security policy server 
> - SSL/TLS support 
> - Deny non-SSL/TLS connections 
> - proxying from *:6100 to targets in /dummy 
> 
> 
> 
> I see the following info after I attempted a novnc connection through the 
> browser: 
> 
> 1: 10.255.239.1 : new handler Process 
> 1: handler exception: WSRequestHandler instance has no attribute 'last_code' 
> 1: Traceback (most recent call last): 
> File "/usr/lib/python2.6/site-packages/websockify/websocket.py", line 696, 
> in top_new_client 
> self.client = self.do_handshake(startsock, address) 
> File "/usr/lib/python2.6/site-packages/websockify/websocket.py", line 628, 
> in do_handshake 
> if wsh.last_code == 101: 
> AttributeError: WSRequestHandler instance has no attribute 'last_code' 
> 
> 

What version of python-websockify do you have? 
What version of numpy do you have (if any)? 

> Thanks! 
> 
> 
> On Thu, Jun 12, 2014 at 4:56 PM, Alon Bar-Lev < alo...@redhat.com > wrote: 
> 
> > 
> > 
> > - Original Message - 
> > > From: "Garrett Baltezegar" < my9...@gmail.com > 
> > > To: "Alon Bar-Lev" < alo...@redhat.com > 
> > > Cc: users@ovirt.org 
> > > Sent: Thursday, June 12, 2014 11:49:50 PM 
> > > Subject: Re: [ovirt-users] novnc error 
> > > 
> > > It looks like a blank page loads. Just tried this in both Chrome and 
> > > Internet Explorer, and got the same result. 
> > > 
> > > The proxy is installed locally on the ovirt server, by the way. Nmap 
> > shows 
> > > port 6100 TCP listening. 
> > 
> > do you see anything relevant at /var/log/messages? 
> > 
> > try to stop the ovirt-websocket-proxy service and run it in debug mode: 
> > 
> > # su - -s /bin/sh ovirt 
> > $ 
> > /usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.py
> >  
> > --debug start 
> > 
> > see what you get. 
> > 
> > > 
> > > Thanks for the quick response! 
> > > On Jun 12, 2014 4:39 PM, "Alon Bar-Lev" < alo...@redhat.com > wrote: 
> > > 
> > > > 
> > > > 
> > > > - Original Message - 
> > > > > From: "Garrett Baltezegar" < my9...@gmail.com > 
> > > > > To: users@ovirt.org 
> > > > > Sent: Thursday, June 12, 2014 11:33:09 PM 
> > > > > Subject: [ovirt-users] novnc error 
> > > > > 
> > > > > Hello everyone, 
> > > > > 
> > > > > I'm running into an error getting novnc up and running with ovirt, 
> > and 
> > > > I'm 
> > > > > hoping someone can help. 
> > > > > 
> > > > > My system is a CentOS minimal x86_64 install running ovirt fine. I 
> > have 
> > > > > created VMs and I'm able to configure the console options. When I 
> > > > attempt to 
> > > > > connect to them, however, I get a Server disconnected (code: 1006) 
> > error. 
> > > > > I've searched online for a solution, but everything seems to point to 
> > > > simply 
> > > > > running the engine-setup configuration utility and installing the 
> > > > ca.crt. I 
> > > > > have tried both of these things, but I keep getting the same 
> > message, in 
> > > > > Internet Explorer, Chrome and Firefox. 
> > > > > 
> > > > > Disabled iptables and selinux. 
> > > > > Connected directly to VM with VNC 
> > > > > Checked ovirt-websocket-proxy, and it is

Re: [ovirt-users] oVirt - Node install on CentOS

[Sandro Bonazzola]

Il 13/06/2014 13:40, Sandro Bonazzola ha scritto:
> Il 13/06/2014 13:19, Sven Kieske ha scritto:
>> +1 on that one too.
>>
>> I'm adding sandro to the conversation.
>> Is there any reason, why this is not done?
>> If not, I would open an RFE for that.
>>
>> Am 13.06.2014 12:53, schrieb Joop:
>>> Looking at this again I would like the webui install process to add the
>>> repo too :-)
>>> If engine-setup is up to date it could know the location  of the
>>> ovirt-repo.rpm and install it automatically. There is probably a very
>>> good reason why it doesn't do this since I can't imagine I'm the first
>>> one to think about this.
>>
> 
> Not sure about the reason. CCing Alon, maybe we can handle that in 
> ovirt-host-deploy.
> 
> 
> 


-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt - Node install on CentOS

[Sandro Bonazzola]

Il 13/06/2014 13:19, Sven Kieske ha scritto:
> +1 on that one too.
> 
> I'm adding sandro to the conversation.
> Is there any reason, why this is not done?
> If not, I would open an RFE for that.
> 
> Am 13.06.2014 12:53, schrieb Joop:
>> Looking at this again I would like the webui install process to add the
>> repo too :-)
>> If engine-setup is up to date it could know the location  of the
>> ovirt-repo.rpm and install it automatically. There is probably a very
>> good reason why it doesn't do this since I can't imagine I'm the first
>> one to think about this.
> 

Not sure about the reason. CCing Alon, maybe we can handle that in 
ovirt-host-deploy.



-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Network traffic being mirrored

[Jim Rippon]

 

In the end I didn't trace the cause of this issue, but a reboot of the
host appears to have stopped the odd behaviour. I'll keep an eye on it
and feedback if I see a repeat, perhaps there is something I can do to
provide some useful debugging information - open to suggestions? 

Jim 

On 2014-06-12 14:40, Jim Rippon wrote: 

> Hi guys, 
> 
> I am seeing network traffic being sent to all my VMs on one of my oVirt 
> hosts, but not the other two in that same datacentre. The VMs are running 
> CentOS, and I've been monitoring the sessions with iptraf, and can see 
> traffic from all other VMs on that network being received by all other VMs 
> running on this host which have an interface on that same network. 
> 
> Is this something anyone has seen, or could anyone suggest anything I should 
> be looking at to further diagnose? 
> 
> Many thanks, 
> 
> Jim Rippon 
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users [1]

 

Links:
--
[1] http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] KSM and cross-vm attack

[Sven Kieske]

This site misses public keys for sending encrypted mails.

That's not that good for a security related mail.

I'm sure it just isn't mentioned in the wiki, could one
use the same keys as for redhat security mailings?

Am 13.06.2014 13:16, schrieb Doron Fediuck:
> One more thing;
> 
> For future reference, please us the procedures details here: 
> http://www.ovirt.org/Security
> For anything which may impact other users as well.

-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt - Node install on CentOS

[Sven Kieske]

+1 on that one too.

I'm adding sandro to the conversation.
Is there any reason, why this is not done?
If not, I would open an RFE for that.

Am 13.06.2014 12:53, schrieb Joop:
> Looking at this again I would like the webui install process to add the
> repo too :-)
> If engine-setup is up to date it could know the location  of the
> ovirt-repo.rpm and install it automatically. There is probably a very
> good reason why it doesn't do this since I can't imagine I'm the first
> one to think about this.

-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] KSM and cross-vm attack

[Sven Kieske]

Done that:
https://bugzilla.redhat.com/show_bug.cgi?id=1109157

Am 13.06.2014 12:36, schrieb Dan Kenigsberg:
> It would be relatively simple to disable KSM per VM. This way, a
> customer that values security more than density, could pay more to keep
> his memory pages unscanned by KSM.
> 
> Anyone cares to open an RFE for that? I remember that the idea was
> discussed, but I do not find a formal bug that tracks this.

-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] KSM and cross-vm attack

[Doron Fediuck]

- Original Message -
> From: "Doron Fediuck" 
> To: "Dan Kenigsberg" 
> Cc: users@ovirt.org
> Sent: Friday, June 13, 2014 2:14:30 PM
> Subject: Re: [ovirt-users] KSM and cross-vm attack
> 
> 
> 
> - Original Message -
> > From: "Dan Kenigsberg" 
> > To: "Jorick Astrego" , ali...@redhat.com,
> > do...@redhat.com
> > Cc: users@ovirt.org
> > Sent: Friday, June 13, 2014 1:36:17 PM
> > Subject: Re: [ovirt-users] KSM and cross-vm attack
> > 
> > On Fri, Jun 13, 2014 at 11:05:37AM +0200, Jorick Astrego wrote:
> > > Hi Sven,
> > > 
> > > Thanks for you response, I will read some more.
> > > 
> > > But as you say it has been known for a while and I was aware of it for
> > > many
> > > years although never diving into the specifics. I always thought it was
> > > not
> > > a practical attack vector
> > > 
> > > What caught my attention was that it was so fast it can be done in less
> > > then
> > > a minute:
> > > 
> > >Lightning-Fast Attack: *Even in the worst case scenario (cross-VM)
> > >the attack**
> > >**succeeds in less than a minute. To the best of our knowledge, no
> > >faster attack**
> > >**has been implemented against AES in a realistic cloud-like
> > >setting. This also**
> > >**means that just one minute of co-location with the encryption
> > >server suffices to**
> > >**recover the key.*
> > > 
> > > 
> > > >For the most parts, it's easier to hack you machine directly
> > > >or social-engineer your way into it, than it is to hack/get
> > > >access to a different vm on the same system and than hack another vm.
> > > 
> > > So that was the part that worries me, if I have a public cloud offering
> > > and
> > > someone doesn't hack a vm but simply rents one. He can then spawn a new
> > > VM
> > > every couple of minutes and it will probably be on a different host each
> > > time. with different neighbours.
> > > 
> > > You could hack every vulnerable customer VM in a couple of hours this way
> > > and it would all be undetected.
> > > 
> > > >There are also still no automatic tools for this, which I'm aware of
> > > >(if they are, I'd like to be pointed to them).
> > > >
> > > >As soon as automatic attack tools will cover this scenario I'm pretty
> > > >sure we'll see an increase in hacked vms and sniffed private keys.
> > > I'm sure there are automatic tools being built as we speak but they will
> > > not
> > > be generally available.
> > 
> > It would be relatively simple to disable KSM per VM. This way, a
> > customer that values security more than density, could pay more to keep
> > his memory pages unscanned by KSM.
> > 
> > Anyone cares to open an RFE for that? I remember that the idea was
> > discussed, but I do not find a formal bug that tracks this.
> 
> Indeed we had an old bz for it. A brand new ovirt RFE will help.
> Also, it is possible to disable ksm for a cluster today. So it's already
> possible
> to have an optimized cluster and a more strict one in the same DC.

One more thing;

For future reference, please us the procedures details here: 
http://www.ovirt.org/Security
For anything which may impact other users as well.

Thanks,
Doron
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] KSM and cross-vm attack

[Doron Fediuck]

- Original Message -
> From: "Dan Kenigsberg" 
> To: "Jorick Astrego" , ali...@redhat.com, 
> do...@redhat.com
> Cc: users@ovirt.org
> Sent: Friday, June 13, 2014 1:36:17 PM
> Subject: Re: [ovirt-users] KSM and cross-vm attack
> 
> On Fri, Jun 13, 2014 at 11:05:37AM +0200, Jorick Astrego wrote:
> > Hi Sven,
> > 
> > Thanks for you response, I will read some more.
> > 
> > But as you say it has been known for a while and I was aware of it for many
> > years although never diving into the specifics. I always thought it was not
> > a practical attack vector
> > 
> > What caught my attention was that it was so fast it can be done in less
> > then
> > a minute:
> > 
> >Lightning-Fast Attack: *Even in the worst case scenario (cross-VM)
> >the attack**
> >**succeeds in less than a minute. To the best of our knowledge, no
> >faster attack**
> >**has been implemented against AES in a realistic cloud-like
> >setting. This also**
> >**means that just one minute of co-location with the encryption
> >server suffices to**
> >**recover the key.*
> > 
> > 
> > >For the most parts, it's easier to hack you machine directly
> > >or social-engineer your way into it, than it is to hack/get
> > >access to a different vm on the same system and than hack another vm.
> > 
> > So that was the part that worries me, if I have a public cloud offering and
> > someone doesn't hack a vm but simply rents one. He can then spawn a new VM
> > every couple of minutes and it will probably be on a different host each
> > time. with different neighbours.
> > 
> > You could hack every vulnerable customer VM in a couple of hours this way
> > and it would all be undetected.
> > 
> > >There are also still no automatic tools for this, which I'm aware of
> > >(if they are, I'd like to be pointed to them).
> > >
> > >As soon as automatic attack tools will cover this scenario I'm pretty
> > >sure we'll see an increase in hacked vms and sniffed private keys.
> > I'm sure there are automatic tools being built as we speak but they will
> > not
> > be generally available.
> 
> It would be relatively simple to disable KSM per VM. This way, a
> customer that values security more than density, could pay more to keep
> his memory pages unscanned by KSM.
> 
> Anyone cares to open an RFE for that? I remember that the idea was
> discussed, but I do not find a formal bug that tracks this.

Indeed we had an old bz for it. A brand new ovirt RFE will help.
Also, it is possible to disable ksm for a cluster today. So it's already 
possible
to have an optimized cluster and a more strict one in the same DC.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt - Node install on CentOS

[Joop]

Sven Kieske wrote:

+1 from me, this should work without manual tweaking (except for live
snapshots).

Am 09.06.2014 20:32, schrieb Joop:
  

If you install a minimal Centos-6.5 and add the ovirt repository and
then add the host using the webui of engine then it will install all
needed packages (vdsm/libvirt/kvm) and you're done. You can then replace
the standard qemu with the one that will do live snapshots. Depending on
where you're storage is located you shouldn't have to tinker with
memberships etc.



  
Looking at this again I would like the webui install process to add the 
repo too :-)
If engine-setup is up to date it could know the location  of the 
ovirt-repo.rpm and install it automatically. There is probably a very 
good reason why it doesn't do this since I can't imagine I'm the first 
one to think about this.


Joop

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] SLA : RAM scheduling

[Joop]

Michal Skrivanek wrote:

On 13 Jun 2014, at 11:04, Sven Kieske wrote:

  

Well, I know this is not that
helpful but afaik there is work done
to replace xml-rpc communication with json based
communication.



@Sven:
yeah, and one of the (many) reasons why we want it. But that's vdsm. 
Scheduler is a different package/app.

Typical workaround is to use a string type to pass integer numbers (or use 
smaller numbers:)

  

Am 13.06.2014 10:57, schrieb Joop:


Then oVirt shouldn't either use that kind of numbers or should not use
xmlrpc.

Sorry but thats a non-answer and doesn't help anybody.
  


@Joop:
what's with the attitude?
I have nothing to do with the scheduler and I have no idea what is it trying or 
supposed to return…I'm just pointing out the error is due to the large whatever 
number being returned; in hope of someone with knowledge of the scheduler will 
take it from there.
I'd tend to agree XMLRPC is not the best thing to use; and I think it's 
important to keep reminding the common pitfalls of it.

  
Sorry I'm only trying to help someone which got the code and it doesn't 
seem to work and I just figured out what is not working and replied that 
back to the list for everyone to see and comment on. With the now 
supplied reason I understand why it doesn't work but don't understand 
why the code is supplied in this form. Looking at the output again I 
don't get why the numbers are that big. The servers only have 32G and 
now way you use calc will it come close to the numbers seen :-(


Joop


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] KSM and cross-vm attack

[Dan Kenigsberg]

On Fri, Jun 13, 2014 at 11:05:37AM +0200, Jorick Astrego wrote:
> Hi Sven,
> 
> Thanks for you response, I will read some more.
> 
> But as you say it has been known for a while and I was aware of it for many
> years although never diving into the specifics. I always thought it was not
> a practical attack vector
> 
> What caught my attention was that it was so fast it can be done in less then
> a minute:
> 
>Lightning-Fast Attack: *Even in the worst case scenario (cross-VM)
>the attack**
>**succeeds in less than a minute. To the best of our knowledge, no
>faster attack**
>**has been implemented against AES in a realistic cloud-like
>setting. This also**
>**means that just one minute of co-location with the encryption
>server suffices to**
>**recover the key.*
> 
> 
> >For the most parts, it's easier to hack you machine directly
> >or social-engineer your way into it, than it is to hack/get
> >access to a different vm on the same system and than hack another vm.
> 
> So that was the part that worries me, if I have a public cloud offering and
> someone doesn't hack a vm but simply rents one. He can then spawn a new VM
> every couple of minutes and it will probably be on a different host each
> time. with different neighbours.
> 
> You could hack every vulnerable customer VM in a couple of hours this way
> and it would all be undetected.
> 
> >There are also still no automatic tools for this, which I'm aware of
> >(if they are, I'd like to be pointed to them).
> >
> >As soon as automatic attack tools will cover this scenario I'm pretty
> >sure we'll see an increase in hacked vms and sniffed private keys.
> I'm sure there are automatic tools being built as we speak but they will not
> be generally available.

It would be relatively simple to disable KSM per VM. This way, a
customer that values security more than density, could pay more to keep
his memory pages unscanned by KSM.

Anyone cares to open an RFE for that? I remember that the idea was
discussed, but I do not find a formal bug that tracks this.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] fail to shutdown ubuntu guest

[Michal Skrivanek]

On 13 Jun 2014, at 12:19, Dan Kenigsberg wrote:

> On Fri, Jun 13, 2014 at 09:22:37AM +0800, John Xue wrote:
>> I went through the xfce GUI options "Settings Manager" - "Power
>> Manager" to the field "When power button is pressed", set to power
>> off, but only successful one time, after reboot it was already set to
>> "Ask". If no one login to guest(just power on from console, and power
>> off), it always fail.
>> 
>> I try to modify acpi configuration:
>> #cat /etc/acpi/events/powerbtn
>> event=button[ /]power
>> #action=/etc/acpi/powerbtn.sh
>> action=/sbin/poweroff
>> 
>> It work, but I think this isn't a good solution. Any idea? Thanks!
>> 
>> On Thu, Jun 12, 2014 at 11:50 PM, Dan Kenigsberg  wrote:
>>> On Thu, Jun 12, 2014 at 01:37:19PM +, Sven Kieske wrote:
 are you sure acpid is running inside the guest?
>>> 
>>> ... or a guest agent?
>> 
>> yes, both of them are running in guest.
>> 
>>> 
>>> Can you find the shutdown request on /var/log/vdsm/vdsm.log on the host
>>> that runs your guest?
>> 
>> yes, this is the log:
>> 
>> Thread-158109::DEBUG::2014-06-12
>> 16:08:26,589::BindingXMLRPC::965::vds::(wrapper) client
>> [10.10.10.75]::call vmShutdown with
>> ('b552d1aa-bc35-4788-a448-1726d4b984d5', '30', 'System Administrator
>> has initiated shutdown of this Virtual Machine. Virtual Machine is
>> shutting down.') {} flowID [5939b847]
>> Thread-158109::DEBUG::2014-06-12
>> 16:08:26,590::vm::2532::vm.Vm::(shutdown)
>> vmId=`b552d1aa-bc35-4788-a448-1726d4b984d5`::guestAgent shutdown
>> called
>> Thread-158109::DEBUG::2014-06-12
>> 16:08:26,590::guestIF::304::vm.Vm::(desktopShutdown)
>> vmId=`b552d1aa-bc35-4788-a448-1726d4b984d5`::desktopShutdown called
>> Thread-158109::DEBUG::2014-06-12
>> 16:08:26,591::BindingXMLRPC::972::vds::(wrapper) return vmShutdown
>> with {'status': {'message': 'Machine shut down', 'code': 0}}
> 
> I there no attempt to use ACPI lower in the logs?

if the agent is responsive (which it is here) then no ACPI is attempted
guest agent just runs /sbin/shutdown directly

Thanks,
michal

> 
> Anyway, it seems that an ACPI even is received by the guest. Could you
> now share the log of your guest agent, in order to see if it received
> the shutdown request and handled it somehow?
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] SLA : RAM scheduling

[Michal Skrivanek]

On 13 Jun 2014, at 11:04, Sven Kieske wrote:

> Well, I know this is not that
> helpful but afaik there is work done
> to replace xml-rpc communication with json based
> communication.

@Sven:
yeah, and one of the (many) reasons why we want it. But that's vdsm. 
Scheduler is a different package/app.
Typical workaround is to use a string type to pass integer numbers (or use 
smaller numbers:)

> 
> 
> Am 13.06.2014 10:57, schrieb Joop:
>> Then oVirt shouldn't either use that kind of numbers or should not use
>> xmlrpc.
>> 
>> Sorry but thats a non-answer and doesn't help anybody.

@Joop:
what's with the attitude?
I have nothing to do with the scheduler and I have no idea what is it trying or 
supposed to return…I'm just pointing out the error is due to the large whatever 
number being returned; in hope of someone with knowledge of the scheduler will 
take it from there.
I'd tend to agree XMLRPC is not the best thing to use; and I think it's 
important to keep reminding the common pitfalls of it.

>> 
>> Howto solve this problem. Do you need a BZ?

patches welcome, BZ always helps. However I'd wait for someone more familiar 
with the code to answer.

Thanks,
michal

>> 
>> Joop
> 
> -- 
> Mit freundlichen Grüßen / Regards
> 
> Sven Kieske
> 
> Systemadministrator
> Mittwald CM Service GmbH & Co. KG
> Königsberger Straße 6
> 32339 Espelkamp
> T: +49-5772-293-100
> F: +49-5772-293-333
> https://www.mittwald.de
> Geschäftsführer: Robert Meyer
> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] fail to shutdown ubuntu guest

[Dan Kenigsberg]

On Fri, Jun 13, 2014 at 09:22:37AM +0800, John Xue wrote:
> I went through the xfce GUI options "Settings Manager" - "Power
> Manager" to the field "When power button is pressed", set to power
> off, but only successful one time, after reboot it was already set to
> "Ask". If no one login to guest(just power on from console, and power
> off), it always fail.
> 
> I try to modify acpi configuration:
> #cat /etc/acpi/events/powerbtn
> event=button[ /]power
> #action=/etc/acpi/powerbtn.sh
> action=/sbin/poweroff
> 
> It work, but I think this isn't a good solution. Any idea? Thanks!
> 
> On Thu, Jun 12, 2014 at 11:50 PM, Dan Kenigsberg  wrote:
> > On Thu, Jun 12, 2014 at 01:37:19PM +, Sven Kieske wrote:
> >> are you sure acpid is running inside the guest?
> >
> > ... or a guest agent?
> 
> yes, both of them are running in guest.
> 
> >
> > Can you find the shutdown request on /var/log/vdsm/vdsm.log on the host
> > that runs your guest?
> 
> yes, this is the log:
> 
> Thread-158109::DEBUG::2014-06-12
> 16:08:26,589::BindingXMLRPC::965::vds::(wrapper) client
> [10.10.10.75]::call vmShutdown with
> ('b552d1aa-bc35-4788-a448-1726d4b984d5', '30', 'System Administrator
> has initiated shutdown of this Virtual Machine. Virtual Machine is
> shutting down.') {} flowID [5939b847]
> Thread-158109::DEBUG::2014-06-12
> 16:08:26,590::vm::2532::vm.Vm::(shutdown)
> vmId=`b552d1aa-bc35-4788-a448-1726d4b984d5`::guestAgent shutdown
> called
> Thread-158109::DEBUG::2014-06-12
> 16:08:26,590::guestIF::304::vm.Vm::(desktopShutdown)
> vmId=`b552d1aa-bc35-4788-a448-1726d4b984d5`::desktopShutdown called
> Thread-158109::DEBUG::2014-06-12
> 16:08:26,591::BindingXMLRPC::972::vds::(wrapper) return vmShutdown
> with {'status': {'message': 'Machine shut down', 'code': 0}}

I there no attempt to use ACPI lower in the logs?

Anyway, it seems that an ACPI even is received by the guest. Could you
now share the log of your guest agent, in order to see if it received
the shutdown request and handled it somehow?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] VDSM update warning

[Chris]

Hi,

After updating VDSM to 4.14.9-0.el6 on a running vdsm node, I saw this
warning/error:

  Updating   : vdsm-python-zombiereaper-4.14.9-0.el6.noarch1/10
  Updating   : vdsm-python-4.14.9-0.el6.x86_64 2/10
  Updating   : vdsm-xmlrpc-4.14.9-0.el6.noarch 3/10
  Updating   : vdsm-cli-4.14.9-0.el6.noarch4/10
  Updating   : vdsm-4.14.9-0.el6.x86_645/10

Checking configuration status...

Traceback (most recent call last):
  File "/usr/bin/vdsm-tool", line 145, in 
sys.exit(main())
  File "/usr/bin/vdsm-tool", line 142, in main
return tool_command[cmd]["command"](*args[1:])
  File "/usr/lib64/python2.6/site-packages/vdsm/tool/configurator.py",
line 230, in configure
service.service_stop(s)
  File "/usr/lib64/python2.6/site-packages/vdsm/tool/service.py", line
370, in service_stop
return _runAlts(_srvStopAlts, srvName)
  File "/usr/lib64/python2.6/site-packages/vdsm/tool/service.py", line
351, in _runAlts
"%s failed" % alt.func_name, out, err)
vdsm.tool.service.ServiceOperationError: ServiceOperationError:
_serviceStop failed
Sending stop signal sanlock (1809): [  OK  ]
Waiting for sanlock (1809) to stop:[FAILED]


Do I need to be worried about it?

--
Chris
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Installation of ovirt-node-iso rpm on oVirt Engine

[Fabian Deutsch]

Am Freitag, den 13.06.2014, 09:08 + schrieb Sven Kieske:
> CC'ing Fabian, who should know the actual image location.
> 
> Am 05.06.2014 10:58, schrieb Faltermeier, Florian:
> > Hi all,
> > 
> > I'm planning to update/reinstall my ovirt 3.4 hypervisors via the update 
> > mechanism that provided in the ovirt-engine.
> > I red the documentation about Ovirt Node http://www.ovirt.org/Category:Node
> > 
> > The first topic Upgrading -> Through ovirt Engine tells me that I have to 
> > install the "ovirt-node-iso rpm".
> > So where can I find an actual RPM package? I've googled around already but  
> > I didn't found any useful hints.

Hey Florian,

currently we don't have this rpm around. But I am optimistic that we
will have one for - at latest - the test day.

Onc eit is available we'll announce it on the users ml as well.

Greetings
fabian

> > Thank you!
> > 
> > Regards,
> > Florian
> 



signature.asc
Description: This is a digitally signed message part
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Qemu guest agent to install RPMs in guest VM from host machine

[Michal Skrivanek]

On 12 Jun 2014, at 12:42, Puneet Bakshi wrote:

> ​​
> Hi,
> 
> I want to be able to install RPM packages (available in host system at some 
> path) to the guest VM and want this facility to be available as a tool.
> 
> I am thinking of having a gemu guest agent (qemu-ga) running inside guest VM. 
> I did not find any available command ("virsh qemu-agent-command  
> ...") which can do the same.

why would you use a guest agent (which is primarily targeted for 
virtualization-related tasks/coordination) rather than a generic remote 
execution tools (like, well, plain ssh:)
The only benefit/difference with the guest agent is that it doesn't require a 
network connection. Do you have such a requirement?

> 
> I am planning to implement a command in qemu guest agent, which I can invoke 
> from virsh like below.
> 
> "virsh qemu-agent-command vm_01  \
> '{"execute":"guest-rpm-install", \
>   "arguments":{"path":"/usr/local/bin/ABC.rpm"}}
>   
> I am able to pass arguments from host to guest VM but how am I supposed to 
> pass the whole RPM image from host to guest (which the guest agent can 
> receive and install)?

exactly;-) So are you trying to come up with something isolated from network 
completely?
If not I'd go with a dedicated/different tool

Thanks,
michal

> 
> Regards,
> ~Puneet
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt - Node install on CentOS

[Sven Kieske]

+1 from me, this should work without manual tweaking (except for live
snapshots).

Am 09.06.2014 20:32, schrieb Joop:
> If you install a minimal Centos-6.5 and add the ovirt repository and
> then add the host using the webui of engine then it will install all
> needed packages (vdsm/libvirt/kvm) and you're done. You can then replace
> the standard qemu with the one that will do live snapshots. Depending on
> where you're storage is located you shouldn't have to tinker with
> memberships etc.

-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Can HA Agent control NFS Mount?

[Sven Kieske]

I suppose a hosted-engine solution without HA
would suffice the use case of just having one system to host and manage
vms, with the ability to extend this system to many more.

Am 03.06.2014 13:52, schrieb Itamar Heim:
> what would look different for hosted-engine on a single host? just not
> have the "ha" feature?

-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Installation of ovirt-node-iso rpm on oVirt Engine

[Sven Kieske]

CC'ing Fabian, who should know the actual image location.

Am 05.06.2014 10:58, schrieb Faltermeier, Florian:
> Hi all,
> 
> I'm planning to update/reinstall my ovirt 3.4 hypervisors via the update 
> mechanism that provided in the ovirt-engine.
> I red the documentation about Ovirt Node http://www.ovirt.org/Category:Node
> 
> The first topic Upgrading -> Through ovirt Engine tells me that I have to 
> install the "ovirt-node-iso rpm".
> So where can I find an actual RPM package? I've googled around already but  I 
> didn't found any useful hints.
> 
> Thank you!
> 
> Regards,
> Florian

-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] KSM and cross-vm attack

[Jorick Astrego]

Hi Sven,

Thanks for you response, I will read some more.

But as you say it has been known for a while and I was aware of it for 
many years although never diving into the specifics. I always thought it 
was not a practical attack vector


What caught my attention was that it was so fast it can be done in less 
then a minute:


   Lightning-Fast Attack: *Even in the worst case scenario (cross-VM)
   the attack**
   **succeeds in less than a minute. To the best of our knowledge, no
   faster attack**
   **has been implemented against AES in a realistic cloud-like
   setting. This also**
   **means that just one minute of co-location with the encryption
   server suffices to**
   **recover the key.*



For the most parts, it's easier to hack you machine directly
or social-engineer your way into it, than it is to hack/get
access to a different vm on the same system and than hack another vm.


So that was the part that worries me, if I have a public cloud offering 
and someone doesn't hack a vm but simply rents one. He can then spawn a 
new VM every couple of minutes and it will probably be on a different 
host each time. with different neighbours.


You could hack every vulnerable customer VM in a couple of hours this 
way and it would all be undetected.



There are also still no automatic tools for this, which I'm aware of
(if they are, I'd like to be pointed to them).

As soon as automatic attack tools will cover this scenario I'm pretty
sure we'll see an increase in hacked vms and sniffed private keys.
I'm sure there are automatic tools being built as we speak but they will 
not be generally available.



Kind regards,

Jorick Astrego
Netbulae B.V.



On 06/13/2014 09:38 AM, Sven Kieske wrote:

Hi,

it's kind of you to let those know
about these attacks who do not already know them, but
this should be well understood by every professional by know.

Shared resources are never secure, if you
can not control the access from third parties
to shared memory.

this does not just affect KSM (or similar
techniques from vmware, xen and microsoft)
but also L3-Caches of modern CPUs.

If you are interested in these topics, here are some papers:

L3-Side-Channel attack to recover private
GPG-Keys from another VM:

http://eprint.iacr.org/2013/448.pdf

Correlation attack against openssl,
polarssl and libgcrypt on xen and vmware:

https://eprint.iacr.org/2014/248.pdf

I don't know if IBMs PowerVM is vulnerable to such
attacks, as it's LPAR architecture is certified
EAL 4+ (which might not tell anything about this attack
vector).

But you always need to have in mind, what attack
scenario you talk about:

These attacks are about a malicious vm (this could be a
hacked/hijacked vm) which recovers parts of the shared memory
from a known other instance to attack.

if you have high security concerns you might want _not_
to share your physical server with third party controlled
vms, or with vms which might be the target of getting hacked
(or which runs software, which is known to be vulnerable).

I still consider this scenario not as that relevant today, as
there are many more low hanging fruits (sadly).

This means in short:

For the most parts, it's easier to hack you machine directly
or social-engineer your way into it, than it is to hack/get
access to a different vm on the same system and than hack another vm.

There are also still no automatic tools for this, which I'm aware of
(if they are, I'd like to be pointed to them).

As soon as automatic attack tools will cover this scenario I'm pretty
sure we'll see an increase in hacked vms and sniffed private keys.


HTH



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] SLA : RAM scheduling

[Sven Kieske]

Well, I know this is not that
helpful but afaik there is work done
to replace xml-rpc communication with json based
communication.


Am 13.06.2014 10:57, schrieb Joop:
> Then oVirt shouldn't either use that kind of numbers or should not use
> xmlrpc.
> 
> Sorry but thats a non-answer and doesn't help anybody.
> 
> Howto solve this problem. Do you need a BZ?
> 
> Joop

-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] SLA : RAM scheduling

[Joop]

Michal Skrivanek wrote:

On 11 Jun 2014, at 14:31, noc wrote:

  

On 26-5-2014 16:22, Gilad Chaplik wrote:


Hi Nathanaël,

happy to assist :) hope it will work in first run:

1) install the proxy and ovirtsdk.
2) put attached file in the right place (according to docs: ".../plugins"), 
make sure to edit the file with your ovirt's ip, user@domain and PW.
3) restart proxy service.
3) use config tool to configure ovirt-engine:
* "ExternalSchedulerServiceURL"="http://:18781/"
* "ExternalSchedulerEnabled"=true
4) restart ovirt-engine service.
5) under configure->cluster_policy see that weight function 
memory_even_distribution was added (should be in manage policy units or /sth- you 
will see it in the main dialog as well).
6) clone/copy currernt cluster's used cluster policy (probably none - prefer it 
to have no balancing modules to avoid conflicts), name it 'your_name' and 
attach memory_even_distribution weight (you can leave it as the only weight 
module in weight section to avoid configuring factors).
7) replace cluster's cluster policy with newly created one.

try it out and let me know how goes :-)


  

Ok, progress of some sort :-)

I added the weight function to the cluster and when I replace my dns name with 
localhost in ExternalSchedulerServiceURL then engine.log shows that it can 
contact the scheduler. I expected a rebalance but nothing happened. Stopping 
and starting a VM does provoke a reaction, an error :-(

From the scheduler.log I see that engine contacts it and pushes some 
information, the log also shows that some information is returned and then 
there is a big error message in the log of engine.



xmlrpc is infamous about not being able to handle numbers like 
9223372010239819775

  
Then oVirt shouldn't either use that kind of numbers or should not use 
xmlrpc.


Sorry but thats a non-answer and doesn't help anybody.

Howto solve this problem. Do you need a BZ?

Joop

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] localdomain

[Michal Skrivanek]

On 12 Jun 2014, at 05:11, Andrew Lau wrote:

> The cloud-init integration was a little flaky when I was using it,

when it was introduced in 3.3 - definitely

> 
> I ended up not using any of the inbuilt oVirt options (eg. hostname,
> root password). Root password never worked for me as it'd force a
> reset on first login.. defeating the purpose.

yes. This has been fixed since (IIRC in 3.4, maybe a bit later, not sure)

I'm not aware of any further issues with cloud-init recently…it should be fine
there's always room for some enhancements…but pretty much you can add whatever 
is missing in a custom config section (also for windows sysprep) today

Thanks,
michal

> Just passing a full cloud-init config into the bottom section worked
> for me, so for your case just define the hostname there instead.
> 
> 
> On Tue, May 27, 2014 at 9:33 PM, Koen Vanoppen  
> wrote:
>> Hi Guys,
>> 
>> It's bin a while :-). Luckily :-).
>> 
>> I have a quick question. Is there a way to change the default .localdomain
>> for the FQDN in ovirt?
>> I would be handy if we just had to fill in the hostname of our vm (we are
>> using 3.4, with the cloud-init feature) and he automatically adds our domain
>> in stead of .localdomain.
>> 
>> Kind regards,
>> 
>> Koen
>> 
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] SLA : RAM scheduling

[Michal Skrivanek]

On 11 Jun 2014, at 14:31, noc wrote:

> On 26-5-2014 16:22, Gilad Chaplik wrote:
>> Hi Nathanaël,
>> 
>> happy to assist :) hope it will work in first run:
>> 
>> 1) install the proxy and ovirtsdk.
>> 2) put attached file in the right place (according to docs: ".../plugins"), 
>> make sure to edit the file with your ovirt's ip, user@domain and PW.
>> 3) restart proxy service.
>> 3) use config tool to configure ovirt-engine:
>> * "ExternalSchedulerServiceURL"="http://:18781/"
>> * "ExternalSchedulerEnabled"=true
>> 4) restart ovirt-engine service.
>> 5) under configure->cluster_policy see that weight function 
>> memory_even_distribution was added (should be in manage policy units or 
>> /sth- you will see it in the main dialog as well).
>> 6) clone/copy currernt cluster's used cluster policy (probably none - prefer 
>> it to have no balancing modules to avoid conflicts), name it 'your_name' and 
>> attach memory_even_distribution weight (you can leave it as the only weight 
>> module in weight section to avoid configuring factors).
>> 7) replace cluster's cluster policy with newly created one.
>> 
>> try it out and let me know how goes :-)
>> 
>> 
> Ok, progress of some sort :-)
> 
> I added the weight function to the cluster and when I replace my dns name 
> with localhost in ExternalSchedulerServiceURL then engine.log shows that it 
> can contact the scheduler. I expected a rebalance but nothing happened. 
> Stopping and starting a VM does provoke a reaction, an error :-(
> 
> From the scheduler.log I see that engine contacts it and pushes some 
> information, the log also shows that some information is returned and then 
> there is a big error message in the log of engine.

xmlrpc is infamous about not being able to handle numbers like 
9223372010239819775

Thanks,
michal
> 
> Joop
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] novnc error

[Frantisek Kobzik]

Hi guys,

I actually use the same version of websockify without problems (but on Fedora). 
For me this looks like some problem with certificates. Let me investigate 
further.

F.


- Original Message -
From: "Alon Bar-Lev" 
To: "Garrett Baltezegar" , "Frantisek Kobzik" 

Cc: users@ovirt.org
Sent: Friday, June 13, 2014 8:16:08 AM
Subject: Re: [ovirt-users] novnc error

Frantisek,

Can you please help? there seems to have incompatibility with SimpleHTTPServer?
Or use of undocumented feature?

Alon

- Original Message -
> From: "Garrett Baltezegar" 
> To: "Alon Bar-Lev" 
> Cc: users@ovirt.org
> Sent: Friday, June 13, 2014 12:50:30 AM
> Subject: Re: [ovirt-users] novnc error
> 
> Python-websockify - 0.5.1-1.e16.no arch
> 
> Numpy isn't installed
> On Jun 12, 2014 5:15 PM, "Alon Bar-Lev"  wrote:
> 
> >
> >
> > - Original Message -
> > > From: "Garrett Baltezegar" 
> > > To: "Alon Bar-Lev" 
> > > Cc: users@ovirt.org
> > > Sent: Friday, June 13, 2014 12:12:28 AM
> > > Subject: Re: [ovirt-users] novnc error
> > >
> > > I've checked /var/log/messages a few times, but it doesn't seem like much
> > > is being written to it; the last entry I have is from ~6 hours ago.
> > >
> > > When running
> > >
> > "/usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.py
> > > --debug start" I see the following information as the service is
> > starting:
> > >
> > > WARNING: no 'numpy' module, HyBi protocol will be slower
> > > ovirt-websocket-proxy[14511] DEBUG _daemon:403 daemon entry pid=14511
> > > ovirt-websocket-proxy[14511] DEBUG _daemon:404 background=False
> > > ovirt-websocket-proxy[14511] DEBUG loadFile:70 loading config
> > > '/usr/share/ovirt-
> > > engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.conf'
> > > ovirt-websocket-proxy[14511] DEBUG loadFile:70 loading config
> > > '/etc/ovirt-engine
> > > /ovirt-websocket-proxy.conf.d/10-setup.conf'
> > > ovirt-websocket-proxy[14511] DEBUG _daemon:440 I am a daemon 14511
> > > ovirt-websocket-proxy[14511] DEBUG _setLimits:377 Setting rlimits
> > > WebSocket server settings:
> > >   - Listen on *:6100
> > >   - Flash security policy server
> > >   - SSL/TLS support
> > >   - Deny non-SSL/TLS connections
> > >   - proxying from *:6100 to targets in /dummy
> > >
> > >
> > >
> > > I see the following info after I attempted a novnc connection through the
> > > browser:
> > >
> > > 1: 10.255.239.1: new handler Process
> > > 1: handler exception: WSRequestHandler instance has no attribute
> > 'last_code'
> > > 1: Traceback (most recent call last):
> > > File "/usr/lib/python2.6/site-packages/websockify/websocket.py", line
> > 696,
> > > in top_new_client
> > >   self.client = self.do_handshake(startsock, address)
> > > File "/usr/lib/python2.6/site-packages/websockify/websocket.py", line
> > 628,
> > > in do_handshake
> > >   if wsh.last_code == 101:
> > > AttributeError: WSRequestHandler instance has no attribute 'last_code'
> > >
> > >
> >
> > What version of python-websockify do you have?
> > What version of numpy do you have (if any)?
> >
> > > Thanks!
> > >
> > >
> > > On Thu, Jun 12, 2014 at 4:56 PM, Alon Bar-Lev  wrote:
> > >
> > > >
> > > >
> > > > - Original Message -
> > > > > From: "Garrett Baltezegar" 
> > > > > To: "Alon Bar-Lev" 
> > > > > Cc: users@ovirt.org
> > > > > Sent: Thursday, June 12, 2014 11:49:50 PM
> > > > > Subject: Re: [ovirt-users] novnc error
> > > > >
> > > > > It looks like a blank page loads.  Just tried this in both Chrome and
> > > > > Internet Explorer, and got the same result.
> > > > >
> > > > > The proxy is installed locally on the ovirt server, by the way.  Nmap
> > > > shows
> > > > > port 6100 TCP listening.
> > > >
> > > > do you see anything relevant at /var/log/messages?
> > > >
> > > > try to stop the ovirt-websocket-proxy service and run it in debug mode:
> > > >
> > > > # su - -s /bin/sh ovirt
> > > > $
> > > >
> > /usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.py
> > > > --debug start
> > > >
> > > > see what you get.
> > > >
> > > > >
> > > > > Thanks for the quick response!
> > > > > On Jun 12, 2014 4:39 PM, "Alon Bar-Lev"  wrote:
> > > > >
> > > > > >
> > > > > >
> > > > > > - Original Message -
> > > > > > > From: "Garrett Baltezegar" 
> > > > > > > To: users@ovirt.org
> > > > > > > Sent: Thursday, June 12, 2014 11:33:09 PM
> > > > > > > Subject: [ovirt-users] novnc error
> > > > > > >
> > > > > > > Hello everyone,
> > > > > > >
> > > > > > > I'm running into an error getting novnc up and running with
> > ovirt,
> > > > and
> > > > > > I'm
> > > > > > > hoping someone can help.
> > > > > > >
> > > > > > > My system is a CentOS minimal x86_64 install running ovirt fine.
> > I
> > > > have
> > > > > > > created VMs and I'm able to configure the console options. When I
> > > > > > attempt to
> > > > > > > connect to them, however, I get a Server disconnected (code:
> > 1006)
> > > > error.
> > > > > > > I've searched online for

[ovirt-users] python-sdk: attach disk snapshot to another virtual machine

[Michael Ablassmeier]

hi guys,

according to an commit in Oct. 2013 there was a patch added to the SDK
which allows to attach an existing snapshot to a virtual machine:

 commit 72e67dd5406f3c193234697ce88d92dbe64759d7
 Author: Michael pasternak 
 Date:   Wed Oct 30 11:24:19 2013 +0200
sdk: regenerate against the latest api
   [..]
- added ability to attach a disk snapshot to the virtual machine
   [..]

I think this may be related to the new backup API:

 http://www.ovirt.org/Features/Backup-Restore_API_Integration

can anyone give me an pointer on how to this through the python-sdk? Or
is there an example for this anywhere to be found? Thanks!

bye,
- michael
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Resource Pools in oVirt

[Doron Fediuck]

- Original Message -
> From: "s k" 
> To: users@ovirt.org
> Sent: Wednesday, June 11, 2014 12:18:35 AM
> Subject: [ovirt-users] Resource Pools in oVirt
> 
> Hello all,
> 
> As far as I understand, CPU Shares can be set on each VM individually and
> cannot be changed while it's powered on.
> 
> 
> It would be great if we could create resource pools (similar to what VMware
> does) for CPU shares so that we could assign priorities on multiple VMs and
> be able to move them between Resource Pools of different priorities. I know
> that we can configure quotas but it's not the same as CPU shares.
> 
> Is that something planned for a future release? Shall I open an RFE for that
> ?
> 
> Regards,
> 
> Sokratis
> 

Hi Sokratis,
thanks for the feedback.

We have an RFE[1] opened to allow changing shares dynamically for a VM while 
it's
running.

As you probably know VMWare's implementation handles much more than shares, so
it's a wider concept.

In oVirt we've been working hard to introduce QoS elements during 3.3 and 3.5
versions[2]. Once we have it all in place we'll start heading for the next level
(up) which will be a Policy to aggregate QoS aspects for a VM. Once we have a
policy you'll be able to assign it to multiple VMs and have much better control
over resource including a planning element. So you should be monitoring the 
Policy
task progress once we start working on it.

So... as you can understand this is a lot of work (which I'm sure was the same
for VMWare when they did it). Until then you'll be able to handle it using [1]
I expect to happen in the next version, and as always- patches are welcomed!

Thanks,
Doron

[1] Bug 1103537 - [RFE] Dynamic CPU Shares
[2] QoS aspects:
http://www.ovirt.org/Features/CPU_SLA
http://www.ovirt.org/Features/Network_QoS
http://www.ovirt.org/Features/blkio-support
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Resource Pools in oVirt

[Michal Skrivanek]

On 10 Jun 2014, at 23:18, s k wrote:

> Hello all,
> 
> As far as I understand, CPU Shares can be set on each VM individually and 
> cannot be changed while it's powered on.
> 
> 
> It would be great if we could create resource pools (similar to what VMware 
> does) for CPU shares so that we could assign priorities on multiple VMs and 
> be able to move them between Resource Pools of different priorities.  I know 
> that we can configure quotas but it's not the same as CPU shares.
> 
> Is that something planned for a future release? Shall I open an RFE for that ?

Doron would know…?

> 
> Regards,
> 
> Sokratis
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Live migration - quest VM stall

[Michal Skrivanek]

On 9 Jun 2014, at 21:05, Markus Stockhausen wrote:

> Hello,
> 
> at the moment we are investigating stalls of Windows XP VMs during
> live migration. Our environment consists of:
> 
> - FC20 hypervisor nodes 
> - qemu 1.6.2
> - OVirt 3.4.1
> - Guest: Windows XP SP2
> - VM Disks: Virtio & IDE tested
> - SPICE / VNC: both tested
> - Balloon: With & without tested
> - Cluster compatibility: 3.4 - CPU Nehalem
> 
> After 2-10 live migrations the Windows XP guest is no longer responsive.
> 
> First of all we thougth that it might be related to SPICE because we were
> no longer able to logon to the console. So we installed XP telnet server in 
> the VM but that showed a similar behaviour:
> 
> - The telnet welcome dialogue is always available (network seems ok)
> - Sometime after a live migration  if you enter the password the telnet 
>   gives no response.
> In parallel the SPICE console allows to move open windows. But as soon
> as one clicks on the start the menu the system gives no response.
> 
> Even after updating to qemu 2.0 with virt-preview respositories the
> behaviour stays the same. Looks like the system cannot access

This really seems more either SPICE or QEMU related….
You can isolate the behavior to that single VM? Or single OS type(others work 
ok)? or it's happening for any other VM randomly?

Thanks,
michal

> 
> Any ideas?
> 
> Markus
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] KSM and cross-vm attack

[Sven Kieske]

Hi,

it's kind of you to let those know
about these attacks who do not already know them, but
this should be well understood by every professional by know.

Shared resources are never secure, if you
can not control the access from third parties
to shared memory.

this does not just affect KSM (or similar
techniques from vmware, xen and microsoft)
but also L3-Caches of modern CPUs.

If you are interested in these topics, here are some papers:

L3-Side-Channel attack to recover private
GPG-Keys from another VM:

http://eprint.iacr.org/2013/448.pdf

Correlation attack against openssl,
polarssl and libgcrypt on xen and vmware:

https://eprint.iacr.org/2014/248.pdf

I don't know if IBMs PowerVM is vulnerable to such
attacks, as it's LPAR architecture is certified
EAL 4+ (which might not tell anything about this attack
vector).

But you always need to have in mind, what attack
scenario you talk about:

These attacks are about a malicious vm (this could be a
hacked/hijacked vm) which recovers parts of the shared memory
from a known other instance to attack.

if you have high security concerns you might want _not_
to share your physical server with third party controlled
vms, or with vms which might be the target of getting hacked
(or which runs software, which is known to be vulnerable).

I still consider this scenario not as that relevant today, as
there are many more low hanging fruits (sadly).

This means in short:

For the most parts, it's easier to hack you machine directly
or social-engineer your way into it, than it is to hack/get
access to a different vm on the same system and than hack another vm.

There are also still no automatic tools for this, which I'm aware of
(if they are, I'd like to be pointed to them).

As soon as automatic attack tools will cover this scenario I'm pretty
sure we'll see an increase in hacked vms and sniffed private keys.


HTH

-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users