[ovirt-users] how to disable drap file into virt-viewer in ovirt?

2016-04-25 Thread CheungPaul
Dears:
We perfer user can not transfer file into VM, but we found that user can drap 
file into the VM's destop. 
how to disable it?




Sincerely yours,
PaulCheung


 tel: 180-8882-7173
  ___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] hosted engine won't come up

2016-04-25 Thread Pat Riehecky
I've just done a clean install of the 3.6 hosted engine (decided to wipe 
out my previous system)


The install went in just fine, no errors I saw, but I'm getting 
interesting errors in the ovirt-hosted-engine-ha agent.log


I have no idea what to do about these errors

-
MainThread::INFO::2016-04-25 
22:28:33,842::hosted_engine::462::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(start_monitoring) 
Current state EngineUp (score: 3400)
MainThread::INFO::2016-04-25 
22:28:43,896::hosted_engine::613::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(_initialize_vdsm) 
Initializing VDSM
MainThread::INFO::2016-04-25 
22:28:43,953::hosted_engine::658::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(_initialize_storage_images) 
Connecting the storage
MainThread::INFO::2016-04-25 
22:28:43,954::storage_server::207::ovirt_hosted_engine_ha.lib.storage_server.StorageServer::(connect_storage_server) 
Connecting storage server
MainThread::INFO::2016-04-25 
22:28:43,954::storage_server::219::ovirt_hosted_engine_ha.lib.storage_server.StorageServer::(connect_storage_server) 
Refreshing the storage domain
MainThread::INFO::2016-04-25 
22:28:44,064::hosted_engine::685::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(_initialize_storage_images) 
Preparing images
MainThread::INFO::2016-04-25 
22:28:44,064::image::126::ovirt_hosted_engine_ha.lib.image.Image::(prepare_images) 
Preparing images
MainThread::INFO::2016-04-25 
22:28:45,070::hosted_engine::688::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(_initialize_storage_images) 
Reloading vm.conf from the shared storage domain
MainThread::INFO::2016-04-25 
22:28:45,071::config::205::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine.config::(refresh_local_conf_file) 
Trying to get a fresher copy of vm configuration from the OVF_STORE
MainThread::WARNING::2016-04-25 
22:28:45,658::ovf_store::104::ovirt_hosted_engine_ha.lib.ovf.ovf_store.OVFStore::(scan) 
Unable to find OVF_STORE
MainThread::ERROR::2016-04-25 
22:28:45,658::config::234::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine.config::(refresh_local_conf_file) 
Unable to get vm.conf from OVF_STORE, falling back to initial vm.conf
MainThread::INFO::2016-04-25 
22:28:45,744::hosted_engine::462::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(start_monitoring) 
Current state EngineUp (score: 3400)
MainThread::INFO::2016-04-25 
22:28:55,796::hosted_engine::613::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(_initialize_vdsm) 
Initializing VDSM
MainThread::INFO::2016-04-25 
22:28:55,855::hosted_engine::658::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(_initialize_storage_images) 
Connecting the storage
MainThread::INFO::2016-04-25 
22:28:55,856::storage_server::207::ovirt_hosted_engine_ha.lib.storage_server.StorageServer::(connect_storage_server) 
Connecting storage server
MainThread::INFO::2016-04-25 
22:28:55,856::storage_server::219::ovirt_hosted_engine_ha.lib.storage_server.StorageServer::(connect_storage_server) 
Refreshing the storage domain
MainThread::INFO::2016-04-25 
22:28:55,967::hosted_engine::685::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(_initialize_storage_images) 
Preparing images
MainThread::INFO::2016-04-25 
22:28:55,967::image::126::ovirt_hosted_engine_ha.lib.image.Image::(prepare_images) 
Preparing images
MainThread::INFO::2016-04-25 
22:28:56,987::hosted_engine::688::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(_initialize_storage_images) 
Reloading vm.conf from the shared storage domain
MainThread::INFO::2016-04-25 
22:28:56,988::config::205::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine.config::(refresh_local_conf_file) 
Trying to get a fresher copy of vm configuration from the OVF_STORE
MainThread::WARNING::2016-04-25 
22:28:57,572::ovf_store::104::ovirt_hosted_engine_ha.lib.ovf.ovf_store.OVFStore::(scan) 
Unable to find OVF_STORE
MainThread::ERROR::2016-04-25 
22:28:57,573::config::234::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine.config::(refresh_local_conf_file) 
Unable to get vm.conf from OVF_STORE, falling back to initial vm.conf
MainThread::INFO::2016-04-25 
22:28:57,661::hosted_engine::462::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(start_monitoring) 
Current state EngineUp (score: 3400)
MainThread::INFO::2016-04-25 
22:29:07,711::states::421::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(consume) 
Engine vm running on localhost
MainThread::INFO::2016-04-25 
22:29:07,716::hosted_engine::613::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(_initialize_vdsm) 
Initializing VDSM
MainThread::INFO::2016-04-25 
22:29:07,774::hosted_engine::658::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(_initialize_storage_images) 
Connecting the storage
MainThread::INFO::2016-04-25 
22:29:07,774::storage_server::207::ovirt_hosted_engine_ha.lib.storage_server.StorageServer::(connect_storage_server) 
Connecting 

[ovirt-users] All field on guest info tab are unknown

2016-04-25 Thread Kevin C
Hi list,

On a windows VM, all field in "Guest info" tab are "unknown". ovirt agent start 
successfully, I can see IP adress or applications. All drivers are OK.

Must I reinstall my agents ?

Thanks 

Kevin C

smime.p7s
Description: S/MIME cryptographic signature
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt 3.5 and SSLv3

2016-04-25 Thread Robert Story
On Sun, 24 Apr 2016 21:37:07 +0200 Piotr wrote:
PK> Looking at the info you pasted I see:
PK> "java.net.NoRouteToHostException: No route to host".
PK> It usually mean that there is/was something wrong with your network.

I saw that too, and tried pings first. Those worked fine, and the
re-install worked right away after I made the java sslv3 change.

I'm going to reinstall and move a host from a different lab. We'll see if I
have the same experience with it...

Robert

PK> On Wed, Apr 20, 2016 at 3:28 PM, Robert Story  wrote:
PK> > On Wed, 20 Apr 2016 08:52:49 -0400 Alexander wrote:  
PK> > AW> On Wednesday, April 20, 2016 08:39:14 AM Robert Story wrote:  
PK> > AW> > Yesterday I had to re-install a host node in my 3.5.6 cluster. 
After a fresh
PK> > AW> > install of CentOS 7.2, attempts to re-install failed, as did 
removing and
PK> > AW> > re-adding the node. Here is a log excerpt from the engine:
PK> > AW> >
PK> > AW> > [...]
PK> > AW> > [org.ovirt.engine.core.vdsbroker.VdsManager]
PK> > AW> > (DefaultQuartzScheduler_Worker-38) Host eclipse is not responding. 
It will
PK> > AW> > stay in Connecting state for a grace period of 120 seconds and 
after that
PK> > AW> > an attempt to fence the host will be issued. 2016-04-19 
18:22:01,938 ERROR
PK> > AW> > [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo]
PK> > AW> > (DefaultQuartzScheduler_Worker-38) Failure to refresh Vds runtime 
info:
PK> > AW> > org.ovirt.engine.core.vdsbroker.vdsbroker.VDSNetworkException:
PK> > AW> > java.net.NoRouteToHostException: No route to host at
PK> > AW> > 
org.ovirt.engine.core.vdsbroker.vdsbroker.VdsBrokerCommand.createNetworkExc
PK> > AW> > eption(VdsBrokerCommand.java:126) [vdsbroker.jar:]
PK> > AW> >
PK> > AW> > Luckily seeing SSL+java in the log tickled my memory about java 
disabling
PK> > AW> > SSLv3, and google helped me find this workaround:
PK> > AW> >
PK> > AW> >  - edit /usr/lib/jvm/java/jre/lib/security/java.security
PK> > AW> >  - look for jdk.tls.disabledAlgorithms
PK> > AW> >  - remove SSLv3 from the list
PK> > AW> >  - service ovirt-engine restart
PK> > AW> >
PK> > AW> > Google also tells me that this should be an issue for 3.5, and 
there is a
PK> > AW> > vdsm setting, VdsmSSLProtocol, that can be set to use TLS, but I 
can't find
PK> > AW> > how to change/set it. Anyone know the secret?  
PK> > AW>
PK> > AW> Pretty much everything engine related can be configured with
PK> > AW> engine-config. engine-config -l will give you a list of all the
PK> > AW> options. engine-config -g  will get the current value,
PK> > AW> engine-config -s = will set it. A quick grep indicates 
that
PK> > AW> you are looking for the VdsmSSLProtocol key.  
PK> >
PK> > Hmmm..
PK> >
PK> >   # engine-config -g VdsmSSLProtocol
PK> >   VdsmSSLProtocol: TLSv1 version: general
PK> >
PK> > Looks like it's already set to TLS, making me wonder why I needed to 
remove SSLv3.  I just put it back and restarted the engine, and it seems to be 
communicating with all hosts ok. So maybe it's just some process/code using 
during install that isn't using this setting...


pgpEdK00i1P3K.pgp
Description: OpenPGP digital signature
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] advanced users authentication, using kerberos, CAS SSO and Active Directory

2016-04-25 Thread Fabrice Bacchella
I have a production were hard coded password are avoided. We prefer to use 
kerberos. We also provided a SSO for Web UI using CAS 
. We use ActiveDirectory for user 
backend.

So I wanted a oVirt installation that will use kerberos for API authentication. 
For the web ui, kerberos is not always the best solution, so I wanted to 
integrated it in our CAS.

The Apache part was easy to setup.

I will show only subpart of the whole Apache setup and only authentication 
related part

# The CAS modules
LoadModule authz_user_module  /usr/lib64/httpd/modules/mod_authz_user.so
# Needed because auth_cas_module forget to link openssl
LoadModule ssl_module/usr/lib64/httpd/modules/mod_ssl.so
LoadModule auth_cas_module   /usr/lib64/httpd/modules/mod_auth_cas.so

# For the kerberos authentication on the API
LoadModule auth_gssapi_module/usr/lib64/httpd/modules/mod_auth_gssapi.so
LoadModule session_module/usr/lib64/httpd/modules/mod_session.so
LoadModule session_cookie_module /usr/lib64/httpd/modules/mod_session_cookie.so

CASLoginURL https://sso/cas/login
CASValidateSAML On
CASValidateURL https://sso/cas/samlValidate


RequestHeader unset X-Remote-User early

RewriteEngine on
RewriteCond %{LA-U:REMOTE_USER} ^(.*@DOMAIN)$
RewriteRule ^(.*)$ - [L,P,E=REMOTE_USER:%1]

RequestHeader set X-Remote-User %{REMOTE_USER}s

AuthType GSSAPI
AuthName "GSSAPI Single Sign On Login"
GssapiCredStore keytab:.../httpd.keytab
Require valid-user

GssapiUseSessions On
Session On
SessionCookieName ovirt_gssapi_session path=/private;httponly;secure;


AuthType CAS
Require valid-user
CASAuthNHeader X-Remote-User


The authn file /etc/ovirt-engine/extensions.d/apachesso-authn.properties is :

ovirt.engine.extension.name = apachesso-authn
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module = 
org.ovirt.engine-extensions.aaa.misc
ovirt.engine.extension.binding.jbossmodule.class = 
org.ovirt.engineextensions.aaa.misc.http.AuthnExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
ovirt.engine.aaa.authn.profile.name = apachesso
ovirt.engine.aaa.authn.authz.plugin = DOMAIN-authz
config.artifact.name = HEADER
config.artifact.arg = X-Remote-User
And the authz file /etc/ovirt-engine/extensions.d/DOMAIN-authz.properties is:

ovirt.engine.extension.name = DOMAIN-authz
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module = 
org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class = 
org.ovirt.engineextensions.aaa.ldap.AuthzExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 = ../aaa/DOMAIN.properties
I had some difficulties with AD backend. A straightforward solution would have 
been :

include = 

vars.domain = DOMAIN
vars.user = BINDDN
vars.password = BINDPWD
vars.forest = domain.com

pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
pool.default.serverset.type = srvrecord
pool.default.serverset.srvrecord.domain = ${global:vars.domain}

pool.default.ssl.startTLS = true
pool.default.ssl.truststore.file = .../domain.jks
pool.default.ssl.truststore.password = 
# Only TLSv1.2 is secure nowadays
pool.default.ssl.startTLSProtocol = TLSv1.2

# long time out should be avoided
pool.default.connection-options.connectTimeoutMillis = 500
But if fails. We have a special setup with about 100 domain controlers and only 
two of them can be reached from the ovirt engine. So my first try was so 
defined them directly in the configuration file:

pool.default.serverset.type = failover
pool.default.serverset.failover.1.server = dcX.domain.com
pool.default.serverset.failover.2.server = dcY.domain.com
But that fails. Server-engine was still using a lot of unreachable domain 
controler. After some digging I found that other part of the ldap extension use 
a different serverset, I don’t know why it don’t reuse the default pool. It’s 
called pool.default.dc-resolve (it should be called pool.dc-resolve, as it’s 
not the default but a custom one), so I added in my configuration:

pool.default.dc-resolve.default.serverset.type = failover
pool.default.dc-resolve.serverset.failover.1.server = dcX.domain.com
pool.default.dc-resolve.serverset.failover.2.server = dcY.domain.com
But there is a better solution. Ondra Machacek point it to me. In Active 
Directory, there is something called a “site”, with a subset of all the domain 
controler in it. It can be found under CN=Sites,CN=Configuration,DC=DOMAIN,...

To list them:

ldapsearch -H ldap://somedc -b CN=Sites,CN=Configuration,DC=DOMAIN -s one -o 
ldif-wrap=no cn
The information to write down is the cn returned

You get a list of all domain, just pick the 

Re: [ovirt-users] audit_log table performance tuning

2016-04-25 Thread Juan Hernández
On 04/23/2016 07:17 AM, Oved Ourfali wrote:
> 
> On Apr 23, 2016 7:46 AM, "Marina Kalinin"  > wrote:
>>
>> Hi all,
>>
>> So far I created this solution for immediate remedy:
>> https://access.redhat.com/solutions/721423
>>
>> I created this general RFE, that would help in our situation:
>> https://bugzilla.redhat.com/show_bug.cgi?id=1329793
>>
>> However, this RFE is not all what I have in my mind.
> 
> I also don't think we should have such tool as mentioned in the RFE.
> 
>> I am thinking if there is anyway we can limit the number of identical
> records in audit_log?
> 
> Identical records might imply some issue, so I don't think they should
> be limited. What we can add configuration for is maybe the frequency in
> which the data is purged, which is 30 days currently, afair.
> 
>> Or, as Oved suggested, something to do with RestAPI and CFME to reduce
> the amount of logging?
>> BTW, does current version of CFME already contains this feature:
>> http://old.ovirt.org/Features/RESTSessionManagement
>> ?
> 
> CFME uses the session. However, I think that we don't reuse the session
> among unrelated requests.
> Not 100% sure about that.
> 
> Juan?
> 

CFME does use the persistent authentication mechanism. It creates new
sessions (which triggers the audit log message) in the following situations:

1. When CFME starts it creates a new session to poll RHEV-M events. This
session is reused as long as CFME is running.

2. When a refresh of the inventory is performed. Each refresh creates a
new session.

3. When performing actions like start or shutdown a VM. Each of these
actions creates a new session.

So unless there is a high level of activity in the environment (starting
virtual machines, stopping them, etc) there shouldn't be a high amount
of activity in the logs.

In systems where high activity is detected I'd suggest to configure the
RHEVM-M web server log file so that we will have a clear idea of what is
creating sessions. This can be achieved adding the following line to the
/etc/httpd/conf.d/ssl.conf file:

  CustomLog logs/api_log "%h %t \"%r\" User-Agent=\"%{User-Agent}i\"
JSESSIONID=\"%{JSESSIONID}C\" Prefer=\"%{Prefer}i\" %>s"

Then restart the web server:

  # service httpd restart

The content of that "api_log" file would help us what is really sending
requests that trigger the login/logout audit messages.

Note that the additional log file consumes resources, both CPU and disk
space, so it should be disabled once the relevant information is captured.

>>
>> Thank you,
>> Marina.
>>
>> 
>>>
>>>
>>>
>>> On Sun, Apr 17, 2016 at 9:33 AM, Oved Ourfali  > wrote:

 Juan - we should try to reduce this number consumed by CFME, if
> possible.
 CC-ing Eli for DB related tips.
>>>
>>>
>>> Reminds me of https://gerrit.ovirt.org/#/c/55743/ .
>>
>> This commit is great, however not relevant for my case, since
> event_notification_hist is empty.
>>>
>>> Y.


 On Fri, Apr 15, 2016 at 1:12 AM, Marina Kalinin  > wrote:
>
> Hi,
>
> Any suggestions or maybe already available features in the pipeline
> for tuning the database, and specifically the audit_log table?
>
> The problem today is that with multiple applications accessing the
> engine through the RestAPI, especially deployments with CloudForms,
> create huge amount of login records in the audit_table. Which, in turns,
> consumes most of the available memory on the machine running the engine
> and the database and results in a terrible performance of engine and
> inaccessible Web UI.
>
> The solution today is to delete those records from the table [1]:
> => delete from audit_log where message like '%logged%';
>
>
> Are there any current tunings we can apply to the database?
> And if not - do we have any RFEs on limiting the records entered to
> the database or a way to delete/filter those records somehow from the WebUI?
> All I could find was RFE#1120659 [2], but it does not describe the
> exact issue.
>
>
> --
> Thanks,
> Marina.
>
>
> [1] https://access.redhat.com/solutions/2110011
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=1120659
> ___
> Users mailing list
> Users@ovirt.org 
> http://lists.ovirt.org/mailman/listinfo/users
>
>


 ___
 Users mailing list
 Users@ovirt.org 
 http://lists.ovirt.org/mailman/listinfo/users

>>>
>>
>>
>>
>> --
>> --
>>  mku
> 
> 
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 


-- 
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta

Re: [ovirt-users] [hosted-engine] engine VM doesn't respawn when its host was killed (poweroff)

2016-04-25 Thread Wee Sritippho

The hosted engine storage is located in an external Fibre Channel SAN.

On 25/4/2559 16:19, Martin Sivak wrote:

Hi,

it seems that all nodes lost access to storage for some reason after
the host was killed. Where is your hosted engine storage located?

Regards

--
Martin Sivak
SLA / oVirt


On Mon, Apr 25, 2016 at 10:58 AM, Wee Sritippho  wrote:

Hi,

 From the hosted-engine FAQ, the engine VM should be up and running in about
5 minutes after its host was forced poweroff. However, after updated oVirt
3.6.4 to 3.6.5, the engine VM won't restart automatically even after 10+
minutes (I already made sure that global maintenance mode is set to none). I
initially thought its a time sync issue, so I installed and enabled ntp on
the hosts and engine. However, the issue still persists.

###Versions:
[root@host01 ~]# rpm -qa | grep ovirt
libgovirt-0.3.3-1.el7_2.1.x86_64
ovirt-vmconsole-1.0.0-1.el7.centos.noarch
ovirt-vmconsole-host-1.0.0-1.el7.centos.noarch
ovirt-hosted-engine-ha-1.3.5.3-1.el7.centos.noarch
ovirt-host-deploy-1.4.1-1.el7.centos.noarch
ovirt-engine-sdk-python-3.6.5.0-1.el7.centos.noarch
ovirt-hosted-engine-setup-1.3.5.0-1.el7.centos.noarch
ovirt-release36-007-1.noarch
ovirt-setup-lib-1.0.1-1.el7.centos.noarch
[root@host01 ~]# rpm -qa | grep vdsm
vdsm-infra-4.17.26-0.el7.centos.noarch
vdsm-jsonrpc-4.17.26-0.el7.centos.noarch
vdsm-gluster-4.17.26-0.el7.centos.noarch
vdsm-python-4.17.26-0.el7.centos.noarch
vdsm-yajsonrpc-4.17.26-0.el7.centos.noarch
vdsm-4.17.26-0.el7.centos.noarch
vdsm-cli-4.17.26-0.el7.centos.noarch
vdsm-xmlrpc-4.17.26-0.el7.centos.noarch
vdsm-hook-vmfex-dev-4.17.26-0.el7.centos.noarch

###Log files:
https://app.box.com/s/fkurmwagogwkv5smkwwq7i4ztmwf9q9r

###After host02 was killed:
[root@host03 wees]# hosted-engine --vm-status


--== Host 1 status ==--

Status up-to-date  : True
Hostname   : host01.ovirt.forest.go.th
Host ID: 1
Engine status  : {"reason": "vm not running on this
host", "health": "bad", "vm": "down", "detail": "unknown"}
Score  : 3400
stopped: False
Local maintenance  : False
crc32  : 396766e0
Host timestamp : 4391


--== Host 2 status ==--

Status up-to-date  : True
Hostname   : host02.ovirt.forest.go.th
Host ID: 2
Engine status  : {"health": "good", "vm": "up",
"detail": "up"}
Score  : 0
stopped: True
Local maintenance  : False
crc32  : 3a345b65
Host timestamp : 1458


--== Host 3 status ==--

Status up-to-date  : True
Hostname   : host03.ovirt.forest.go.th
Host ID: 3
Engine status  : {"reason": "vm not running on this
host", "health": "bad", "vm": "down", "detail": "unknown"}
Score  : 3400
stopped: False
Local maintenance  : False
crc32  : 4c34b0ed
Host timestamp : 11958

###After host02 was killed for a while:
[root@host03 wees]# hosted-engine --vm-status


--== Host 1 status ==--

Status up-to-date  : False
Hostname   : host01.ovirt.forest.go.th
Host ID: 1
Engine status  : unknown stale-data
Score  : 3400
stopped: False
Local maintenance  : False
crc32  : 72e4e418
Host timestamp : 4415


--== Host 2 status ==--

Status up-to-date  : False
Hostname   : host02.ovirt.forest.go.th
Host ID: 2
Engine status  : unknown stale-data
Score  : 0
stopped: True
Local maintenance  : False
crc32  : 3a345b65
Host timestamp : 1458


--== Host 3 status ==--

Status up-to-date  : False
Hostname   : host03.ovirt.forest.go.th
Host ID: 3
Engine status  : unknown stale-data
Score  : 3400
stopped: False
Local maintenance  : False
crc32  : 4c34b0ed
Host timestamp : 11958

###After host02 was up again completely:
[root@host03 wees]# hosted-engine --vm-status


--== Host 1 status ==--

Status up-to-date  : True
Hostname   : host01.ovirt.forest.go.th
Host ID: 1
Engine status   

Re: [ovirt-users] [hosted-engine] engine VM doesn't respawn when its host was killed (poweroff)

2016-04-25 Thread Martin Sivak
Hi,

it seems that all nodes lost access to storage for some reason after
the host was killed. Where is your hosted engine storage located?

Regards

--
Martin Sivak
SLA / oVirt


On Mon, Apr 25, 2016 at 10:58 AM, Wee Sritippho  wrote:
> Hi,
>
> From the hosted-engine FAQ, the engine VM should be up and running in about
> 5 minutes after its host was forced poweroff. However, after updated oVirt
> 3.6.4 to 3.6.5, the engine VM won't restart automatically even after 10+
> minutes (I already made sure that global maintenance mode is set to none). I
> initially thought its a time sync issue, so I installed and enabled ntp on
> the hosts and engine. However, the issue still persists.
>
> ###Versions:
> [root@host01 ~]# rpm -qa | grep ovirt
> libgovirt-0.3.3-1.el7_2.1.x86_64
> ovirt-vmconsole-1.0.0-1.el7.centos.noarch
> ovirt-vmconsole-host-1.0.0-1.el7.centos.noarch
> ovirt-hosted-engine-ha-1.3.5.3-1.el7.centos.noarch
> ovirt-host-deploy-1.4.1-1.el7.centos.noarch
> ovirt-engine-sdk-python-3.6.5.0-1.el7.centos.noarch
> ovirt-hosted-engine-setup-1.3.5.0-1.el7.centos.noarch
> ovirt-release36-007-1.noarch
> ovirt-setup-lib-1.0.1-1.el7.centos.noarch
> [root@host01 ~]# rpm -qa | grep vdsm
> vdsm-infra-4.17.26-0.el7.centos.noarch
> vdsm-jsonrpc-4.17.26-0.el7.centos.noarch
> vdsm-gluster-4.17.26-0.el7.centos.noarch
> vdsm-python-4.17.26-0.el7.centos.noarch
> vdsm-yajsonrpc-4.17.26-0.el7.centos.noarch
> vdsm-4.17.26-0.el7.centos.noarch
> vdsm-cli-4.17.26-0.el7.centos.noarch
> vdsm-xmlrpc-4.17.26-0.el7.centos.noarch
> vdsm-hook-vmfex-dev-4.17.26-0.el7.centos.noarch
>
> ###Log files:
> https://app.box.com/s/fkurmwagogwkv5smkwwq7i4ztmwf9q9r
>
> ###After host02 was killed:
> [root@host03 wees]# hosted-engine --vm-status
>
>
> --== Host 1 status ==--
>
> Status up-to-date  : True
> Hostname   : host01.ovirt.forest.go.th
> Host ID: 1
> Engine status  : {"reason": "vm not running on this
> host", "health": "bad", "vm": "down", "detail": "unknown"}
> Score  : 3400
> stopped: False
> Local maintenance  : False
> crc32  : 396766e0
> Host timestamp : 4391
>
>
> --== Host 2 status ==--
>
> Status up-to-date  : True
> Hostname   : host02.ovirt.forest.go.th
> Host ID: 2
> Engine status  : {"health": "good", "vm": "up",
> "detail": "up"}
> Score  : 0
> stopped: True
> Local maintenance  : False
> crc32  : 3a345b65
> Host timestamp : 1458
>
>
> --== Host 3 status ==--
>
> Status up-to-date  : True
> Hostname   : host03.ovirt.forest.go.th
> Host ID: 3
> Engine status  : {"reason": "vm not running on this
> host", "health": "bad", "vm": "down", "detail": "unknown"}
> Score  : 3400
> stopped: False
> Local maintenance  : False
> crc32  : 4c34b0ed
> Host timestamp : 11958
>
> ###After host02 was killed for a while:
> [root@host03 wees]# hosted-engine --vm-status
>
>
> --== Host 1 status ==--
>
> Status up-to-date  : False
> Hostname   : host01.ovirt.forest.go.th
> Host ID: 1
> Engine status  : unknown stale-data
> Score  : 3400
> stopped: False
> Local maintenance  : False
> crc32  : 72e4e418
> Host timestamp : 4415
>
>
> --== Host 2 status ==--
>
> Status up-to-date  : False
> Hostname   : host02.ovirt.forest.go.th
> Host ID: 2
> Engine status  : unknown stale-data
> Score  : 0
> stopped: True
> Local maintenance  : False
> crc32  : 3a345b65
> Host timestamp : 1458
>
>
> --== Host 3 status ==--
>
> Status up-to-date  : False
> Hostname   : host03.ovirt.forest.go.th
> Host ID: 3
> Engine status  : unknown stale-data
> Score  : 3400
> stopped: False
> Local maintenance  : False
> crc32  : 4c34b0ed
> Host timestamp : 11958
>
> ###After host02 was up again completely:
> [root@host03 wees]# hosted-engine --vm-status
>
>
> --== Host 1 status ==--
>
> Status up-to-date  : True
> 

[ovirt-users] [hosted-engine] engine VM doesn't respawn when its host was killed (poweroff)

2016-04-25 Thread Wee Sritippho

Hi,

From the hosted-engine FAQ, the engine VM should be up and running in 
about 5 minutes after its host was forced poweroff. However, after 
updated oVirt 3.6.4 to 3.6.5, the engine VM won't restart automatically 
even after 10+ minutes (I already made sure that global maintenance mode 
is set to none). I initially thought its a time sync issue, so I 
installed and enabled ntp on the hosts and engine. However, the issue 
still persists.


###Versions:
[root@host01 ~]# rpm -qa | grep ovirt
libgovirt-0.3.3-1.el7_2.1.x86_64
ovirt-vmconsole-1.0.0-1.el7.centos.noarch
ovirt-vmconsole-host-1.0.0-1.el7.centos.noarch
ovirt-hosted-engine-ha-1.3.5.3-1.el7.centos.noarch
ovirt-host-deploy-1.4.1-1.el7.centos.noarch
ovirt-engine-sdk-python-3.6.5.0-1.el7.centos.noarch
ovirt-hosted-engine-setup-1.3.5.0-1.el7.centos.noarch
ovirt-release36-007-1.noarch
ovirt-setup-lib-1.0.1-1.el7.centos.noarch
[root@host01 ~]# rpm -qa | grep vdsm
vdsm-infra-4.17.26-0.el7.centos.noarch
vdsm-jsonrpc-4.17.26-0.el7.centos.noarch
vdsm-gluster-4.17.26-0.el7.centos.noarch
vdsm-python-4.17.26-0.el7.centos.noarch
vdsm-yajsonrpc-4.17.26-0.el7.centos.noarch
vdsm-4.17.26-0.el7.centos.noarch
vdsm-cli-4.17.26-0.el7.centos.noarch
vdsm-xmlrpc-4.17.26-0.el7.centos.noarch
vdsm-hook-vmfex-dev-4.17.26-0.el7.centos.noarch

###Log files:
https://app.box.com/s/fkurmwagogwkv5smkwwq7i4ztmwf9q9r

###After host02 was killed:
[root@host03 wees]# hosted-engine --vm-status


--== Host 1 status ==--

Status up-to-date  : True
Hostname   : host01.ovirt.forest.go.th
Host ID: 1
Engine status  : {"reason": "vm not running on this 
host", "health": "bad", "vm": "down", "detail": "unknown"}

Score  : 3400
stopped: False
Local maintenance  : False
crc32  : 396766e0
Host timestamp : 4391


--== Host 2 status ==--

Status up-to-date  : True
Hostname   : host02.ovirt.forest.go.th
Host ID: 2
Engine status  : {"health": "good", "vm": "up", 
"detail": "up"}

Score  : 0
stopped: True
Local maintenance  : False
crc32  : 3a345b65
Host timestamp : 1458


--== Host 3 status ==--

Status up-to-date  : True
Hostname   : host03.ovirt.forest.go.th
Host ID: 3
Engine status  : {"reason": "vm not running on this 
host", "health": "bad", "vm": "down", "detail": "unknown"}

Score  : 3400
stopped: False
Local maintenance  : False
crc32  : 4c34b0ed
Host timestamp : 11958

###After host02 was killed for a while:
[root@host03 wees]# hosted-engine --vm-status


--== Host 1 status ==--

Status up-to-date  : False
Hostname   : host01.ovirt.forest.go.th
Host ID: 1
Engine status  : unknown stale-data
Score  : 3400
stopped: False
Local maintenance  : False
crc32  : 72e4e418
Host timestamp : 4415


--== Host 2 status ==--

Status up-to-date  : False
Hostname   : host02.ovirt.forest.go.th
Host ID: 2
Engine status  : unknown stale-data
Score  : 0
stopped: True
Local maintenance  : False
crc32  : 3a345b65
Host timestamp : 1458


--== Host 3 status ==--

Status up-to-date  : False
Hostname   : host03.ovirt.forest.go.th
Host ID: 3
Engine status  : unknown stale-data
Score  : 3400
stopped: False
Local maintenance  : False
crc32  : 4c34b0ed
Host timestamp : 11958

###After host02 was up again completely:
[root@host03 wees]# hosted-engine --vm-status


--== Host 1 status ==--

Status up-to-date  : True
Hostname   : host01.ovirt.forest.go.th
Host ID: 1
Engine status  : {"reason": "vm not running on this 
host", "health": "bad", "vm": "down", "detail": "unknown"}

Score  : 0
stopped: False
Local maintenance  : False
crc32  : f5728fca
Host timestamp : 


--== Host 2 status ==--


Re: [ovirt-users] ovirt-vmconsole serial

2016-04-25 Thread Nathanaël Blanchet

Le 24/04/2016 19:49, Paul Groeneweg | Pazion a écrit :
I have followed the setup on 
http://www.ovirt.org/documentation/admin-guide/serial-console-setup/


I am able to ssh to the hosted engine and select a VM.
A VM with console enabled and permissions set gives a blank screen ( 
freezes ).

Many reasons can lead to this, depending on the guest os.
Have you modified all needed files into the guest OS?

 This is what I did for my vms (tty0 is to get the boot sequence into 
the spice/vnc console insted of a black screen)


CentOS 5:

 * grub.conf

for i in $(cat /tmp/update_grub); do ssh root@$i 'sed -e 
"s/^\\t\(kernel\).*$/&*console\=tty0 console\=ttyS0*/g" -i 
/etc/grub.conf'; done


 * inittab

for i in $(cat /tmp/liste) ; do echo $i; ssh root@$i "sed -i \"/tty6/a 
*S0:2345:respawn:/sbin/mingetty ttyS0*\" /etc/inittab"; done


 * securetty

for i in $(cat /tmp/liste) ; do echo $i; ssh root@$i "sed -i \"/tty11/a 
*ttyS0*\" /etc/securetty"; done


CentOS 6:

 * grub.conf

for i in $(cat /tmp/update_grub); do ssh root@$i 'sed -e 
"s/^\\t\(kernel\).*$/&*console\=tty0 console\=ttyS0*/g" -i 
/etc/grub.conf'; done


 * securetty

for i in $(cat /tmp/liste) ; do echo $i; ssh root@$i "sed -i \"/tty11/a 
*ttyS0*\" /etc/securetty"; done


CentOS 7 : securetty file already includes ttyS0 by default

 * grub2.cfg

for i in $(cat /tmp/update_grub2);do echo -e "$i:\n"; ssh root@$i 'sed 
-e "s/^\\t\(linux16\).*$/&*console\=tty0 console\=ttyS0*/g" -i 
/boot/grub2/grub.cfg'; done
for i in $(cat /tmp/update_grub2);do echo -e "$i:\n"; ssh root@$i 
'grub2-mkconfig -o /boot/grub2/grub.cfg'; done


As a last alternative, grubby does the staff on every OS and grub 
versions, but doesn't modify the securetty file.


 * grubby

for i in $(cat /tmp/update_grub2);do echo -e "$i:\n"; ssh root@$i 
"grubby --update-kernel=ALL --args=\"console=tty0 console=ttyS0\""; done


So I checked serial-getty@.service

So you run el7 :)

Am I right this service should run on a host?

Sure, but not enough


When I check status, I get this:

... systemd[1]: *Dependency failed for Serial Getty on hvc0.*

.. systemd[1]: *Job serial-getty@hvc0.service/start failed with result 
'dependency'.*


*
*

What needs to be done? When I restart the service it takes a long tine 
and looks like a timeout is triggered.



you can check if ttyS0 is opened with  stty < /dev/ttyS0
If true, the issue might come from a right permission.
Did you add the wanted user (doesn't work with group) per vm with the 
minimum UserVmManager role?
if the user is SuperUser, it still can't connect to the console due to a 
bug.


Looking forward to use the serial console feature.


it works very well and it is very convinient:)

Just a last tip : the default escape character to escape from ssh is "~."

Good luck!


*
*



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


--
Nathanaël Blanchet

Supervision réseau
Pôle Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5   
Tél. 33 (0)4 67 54 84 55
Fax  33 (0)4 67 54 84 14
blanc...@abes.fr

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users