[ovirt-users] Re: oVirt 4.3 DWH with Grafana
On Fri, Nov 20, 2020 at 8:45 AM Vrgotic, Marko wrote: > Dear oVirt, > > > > We are currently running oVirt 4.3 and upgrade/migration to 4.4 won’t be > possible for few more months. > > > > I am looking into guidelines, how to, for setting up Grafana using > DataWarehouse as data source. > > > > Did anyone already did this, and would be willing to share the steps? > AFAIU this is definitely not tested/recommended/supported, but the current (4.4) dashboards use only 4.3 dwh compatibility views. So in theory, 4.4 grafana setup can work against your 4.3 engine/dwh without problems. So you can try something like: 1. Install el8 on some machine 2. Install ovirt-release (4.4!) 3. Install ovirt-engine-dwh-grafana-integration-setup. I *think*, didn't try, that it would carry with it all the dependencies it needs. 4. Run engine-setup. When prompted, only accept "Configure grafana?", and reply "No" to everything else 5. Follow the other prompts as applicable This should be enough. Not sure about the commands to add SSO on the engine machine. Perhaps better verify this first against a test engine (can be on another el7/ovirt4.3 VM with no hosts). But, repeating: this isn't recommended. Did you consider upgrading only your engine, and keep your hosts 4.3 until you can upgrade them later? Best regards, -- Didi ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/FAIAXTXBE5UCF37UZIK46J6VBOIYRLKH/
[ovirt-users] Re: Replacing ovirt certificates issue
On Fri, Nov 20, 2020 at 1:37 PM Alex K wrote:
> Following the above, I was seeing that OVN provider connectivity test was
> failing due to some certificate issue and had to do the following to fix
> it:
>
Is this on the same systems of "[ovirt-users] Fix corrupt self-hosted
engine", or unrelated?
>
> names="ovirt-provider-ovn"
>
> subject="$(\
> openssl x509 \
> -in /etc/pki/ovirt-engine/certs/apache.cer \
> -noout \
> -subject | \
> sed \
> 's;subject= \(.*\);\1;'
> )"
>
> . /usr/share/ovirt-engine/bin/engine-prolog.sh
>
> for name in $names; do
> /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh \
> --name="${name}" \
> --password=mypass \
> --subject="${subject}" \
> --keep-key \
> --san=DNS:"${ENGINE_FQDN}"
> done
>
> Having fixed the above, when trying to connect two VMs on some OVN logical
> switches it seems they are not able to reach each other.
> I had previously added such logical switched at engine by running:
>
> ovn-nbctl ls-add ovn-net0
> ovn-nbctl ls-add ovn-net1
> etc
>
> Checking the logs at the host /var/log/openvswitch/ovsdb-server.log I see:
> reconnect|WARN|unix#45: connection dropped (Connection reset by peer)
>
> Also systemctl status ovirt-provider-ovn.service at engine shows:
> /usr/lib/python2.7/site-packages/urllib3/connection.py:344:
> SubjectAltNameWarning:...
>
> I have restarted at engine both engine and ovn services:
> systemctl restart ovirt-engine
> systemctl status ovirt-provider-ovn.service
>
> I have also restarted the relevant service at each host:
> systemctl restart ovn-controller.service
>
> When running at host the following it stucks and does not give any output:
> ovn-sbctl show
>
> I see that the certificate is imported at key-store as it has the same
> fingerprint with the previous root CA:
>
> keytool -list -alias ovirt-provider-ovn -keystore
> /var/lib/ovirt-engine/external_truststore
>
> At this same cluster, I had previously changed the domain name of each
> host and engine using the rename tool.
>
After that, did ovn still work well?
> And now replaced the certificates as per previous described so as to fix
> the imageio cert issue and ovn issue.
>
> It seems that OVN is not happy with the status of certificates.
> When testing connection at engine GUI i get a prompt to trust the cert,
> and when pressing ok i get a green confirmation of successful connection.
>
> Is there anything else that can be done to fix OVN functionality?
>
No idea, adding Dominik.
Best regards,
> Thanx
> Alex
>
>
>
>
>
> On Thu, Nov 19, 2020 at 9:00 AM Alex K wrote:
>
>> Seems that all services (imageio, ovn, web socket) are fine after
>> following the above and importing the new self signed CA certificate.
>> DId run also engine-setup as I was trying to fix the imageio cert issue,
>> though seems that that was only fixed after importing the CA cert at
>> browser and engine-setup might not be needed.
>>
>> On Wed, Nov 18, 2020 at 3:07 PM Alex K wrote:
>>
>>> Seems I had a typo at
>>> /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf.
>>> I will repeat the test to verify that all services are functional
>>> following this process.
>>>
>>> On Wed, Nov 18, 2020 at 10:24 AM Alex K wrote:
>>>
Hi all,
I am trying to replace the ovirt certificate at ovirt 4.3 following
this:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html/administration_guide/appe-red_hat_enterprise_virtualization_and_ssl
I am doing the following:
I have engine FQDN: manager.lab.local
1. Create root CA private key:
openssl genrsa -des3 -out root.key 2048
2. Generate root certificate: (enter passphrase of root key)
openssl req -x509 -new -nodes -key root.key -sha256 -days 3650 -out
root.pem
cp root.pem /tmp
3. Create key and CSR for engine:
openssl genrsa -out manager.lab.local.key 2048
openssl req -new -out manager.lab.local.csr -key manager.lab.local.key
4. Generate a certificate for engine and sign with the root CA key:
openssl x509 -req -in manager.lab.local.csr \
-CA root.pem \
-CAkey root.key \
-CAcreateserial \
-out manager.lab.local.crt \
-days 3650 \
-sha256 \
-extensions v3_req
5. Verify the trust chain and check the certificate details:
openssl verify -CAfile root.pem manager.lab.local.crt
openssl x509 -text -noout -in manager.lab.local.crt | head -15
6. Generate a P12 container: (with empty password)
openssl pkcs12 -export -out /tmp/apache.p12 \
-inkey manager.lab.local.key \
-in manager.lab.local.crt
8. Export key and cert:
openssl pkcs12 -in apache.p12 -nocerts -nodes > /tmp/apache.key
openssl pkcs12 -in apache.p12 -nokeys > /tmp/apache.cer
From the above steps we should have the following:
/tmp/root.pem
[ovirt-users] Re: Fix corrupt self-hosted engine
On Thu, Nov 19, 2020 at 11:33 PM Alex K wrote: > For the records, > > After having fixed the major fs issues with guestfish and since the DB was > not starting up, I removed everything from DB data dir and recreated it as > below: > > rm -rf /var/opt/rh/rh-postgresql10/lib/pgsql/data/* > /opt/rh/rh-postgresql10/root/usr/bin/postgresql-setup --initdb > systemctl restart rh-postgresql10-postgresql.service > Generally speaking, this should not be needed. --provision-all-databases should do this for you. > > Then proceeded with the restoration, where I requested to provision all > missing databases: > engine-backup --mode=restore --file=engine-backup.gz > --provision-all-databases \ > --log=restore.log --restore-permissions > > Following this, ran engine-setup, as instructed from the restore > operation. > Gained engine web access and saw the same running VMs were shown as up > without issues. > I only observed one VM not able to start due to illegal volume, but that's > another story. > Glad to hear that, thanks for the report! Best regards, > > > On Thu, Nov 19, 2020 at 9:42 PM Alex K wrote: > >> >> >> On Thu, Nov 19, 2020 at 5:31 PM Alex K wrote: >> >>> Hi Didi, >>> >>> On Thu, Nov 19, 2020 at 5:13 PM Yedidyah Bar David >>> wrote: >>> On Thu, Nov 19, 2020 at 4:37 PM Alex K wrote: > Hi all, > > I have a corrupt self-hosted engine (with several file system errors, > postgres not able to start) and thus it does not give access to the web > UI. > This happened following an unlucky split brain resolution (I am running 2 > nodes). The two hosts are running VMs also which I would like to keep > running as they are needed. > > When trying to boot into rescue mode (using > systemd.unit=emergency.target boot parameter) I get a cursor and nothing > else. > This means that more than just the DB is corrupt... > > I have backups of engine files with scope all (using the engine-backup > tool). > What is the best approach to try and fix the engine or redeploy. > If you are careful, and know what you are doing, you can try something like the following. I am not giving many details, hopefully you can find on the net tutorials about how to use the things I suggest: 1. Move to global maintenance 2. Stop the current dead vm (if needed) 3. Find current vm conf, edit it to boot from a rescue iso image of your preference or from net/PXE etc., and start the vm with '--vm-conf' pointing to your edited file. 4. Connect a console (hosted-engine --console, or 'virsh console', or use '--add-console-password' and remote viewer, if needed) 5. Clean the disk and install the OS, oVirt, etc. 6. Copy your backup into the vm and restore with engine-backup 7. Then cleanly stop the machine, exit global maint, and let HA start it (or start it yourself with --vm-start). At the time, we had a bug [1] to document this. The result is [2]. It does not detail how to boot/reinstall os/etc., only restore (if e.g. db is dead but fs is ok). For something somewhat similar to what you want, see also [3], which uses guestfish. Might be useful, depending on how badly your disk is corrupted. >>> I went with the guestfish approach. It has fixed some fs issues and now >>> the yum etc seem fine apart from postgres. >>> I had tried previously to uninstall/install packages so I ended >>> installing them again with yum install ovirt\*setup\*. >>> Now I think I have to run engine-setup but I get the error: >>> >>> Failed to execute stage 'Environment setup': Cannot connect to Engine >>> database using existing credentials: engine@localhost:5432 >>> >> Seems that I need to have psql running to be able to run engine-backup >> --mode=restore. Are there any steps how one could manually prepare pgsql >> for ovirt so as to attempt restoration? >> >>> >>> So I guess I need to follow [2]. What do you think? >>> >>> How did you run into a split brain? There is a lock on the shared storage that should prevent this. Good luck and best regards, [1] https://bugzilla.redhat.com/show_bug.cgi?id=1482710 [2] https://www.ovirt.org/documentation/administration_guide/#Overwriting_a_Self-Hosted_Engine [3] https://bugzilla.redhat.com/show_bug.cgi?id=1569827#c4 -- Didi >>> ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/SU6V565Y5GAZ67FF5MUDGFLEJ2L2LZV7/ > -- Didi ___ Users mailing list --
[ovirt-users] Re: Unable to move or copy disks
You still haven't provided debug logs from the Gluster Bricks. There will be always a chance that a bug hits you ... no matter OS and tech. What matters - is how you debug and overcome that bug. Check the gluster brick debug logs and you can test if the issue happens with an older version. Also, consider providing oVirt version, Gluster version and some details about your setup - otherwise helping you is almost impossible. Best Regards, Strahil Nikolov В събота, 21 ноември 2020 г., 18:16:13 Гринуич+2, supo...@logicworks.pt написа: With older gluster verison this does not happens. Always get this error: VDSM NODE3 command HSMGetAllTasksStatusesVDS failed: low level Image copy failed: () and in the vdsm.log: ERROR (tasks/7) [storage.Image] Copy image error: image=6939cc5d-dbca-488d-ab7a-c8b8d39c3656, src domain=70e33d55-f1be-4826-b85a-9650c76c8db8, dst domain=0b80eac1-8bbb-4634-9098-4155602c7b38 (image:485) ERROR (tasks/7) [storage.TaskManager.Task] (Task='fbf02f6b-c107-4c1e-a9c7-b13261bf99e0') Unexpected error (task:875) For smaller installations, without the need of storage HA, maybe it's better to use NFS? Is more stable? Regards José De: "Strahil Nikolov" Para: supo...@logicworks.pt Cc: users@ovirt.org Enviadas: Sexta-feira, 20 De Novembro de 2020 21:55:28 Assunto: Re: [ovirt-users] Unable to move or copy disks I can recommend you to: - enable debug level of gluster's bricks - try to reproduce the issue I had similar issue with gluster v6.6 and above. Best Regards, Strahil Nikolov В петък, 20 ноември 2020 г., 23:35:14 Гринуич+2, написа: I tried to move the VM disk with the VM up I also tried to move or copy the disk with the VM down, and get the same error. Strange is, I have a gluster storage domain, with an older gluster version, that worked. I was able to move the disk to this older gluster and also I was able to copy the disk from to this older gluster storage What should I do with this VM? Should I shut it down and try delete the snapshot? Regards José De: "Strahil Nikolov" Para: users@ovirt.org, supo...@logicworks.pt Enviadas: Sexta-feira, 20 De Novembro de 2020 21:05:19 Assunto: Re: [ovirt-users] Unable to move or copy disks Can you try a live migration ? I got a similar case and the live migration somehow triggered a fix. Best Regards, Strahil Nikolov В петък, 20 ноември 2020 г., 21:04:13 Гринуич+2, написа: Hi, I was trying to move a disk between glusters domain storage without success. # gluster --version glusterfs 6.10 Now have a VM with this message: The VM has snapshot(s) with disk(s) in illegal status. Please don't shutdown the VM before successfully retrying the snapshot delete oVirt verison is Version 4.3.10.4-1.el7 I cannot delete the snapshot. What should I do? hanks -- Jose Ferradeira http://www.logicworks.pt ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/EAYBO6KEKQSSZRLDFGQQQTMUTTYRQBZO/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/VIVNXE4C3MZTCLSAARMH3ESSE7K2QIWU/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/7GELOZ5HTTD67MBMQGARPS5YLB3WUVAF/
[ovirt-users] Re: Unable to move or copy disks
With older gluster verison this does not happens. Always get this error: VDSM NODE3 command HSMGetAllTasksStatusesVDS failed: low level Image copy failed: () and in the vdsm.log: ERR OR (tasks/7) [storage.Image] Copy image error: image=6939cc5d-dbca-488d-ab7a-c8b8d39c3656, src domain=70e33d55-f1be-4826-b85a-9650c76c8db8, dst dom ain=0b80eac1-8bbb-4634-9098-4155602c7b38 (image:485) ERR OR (tasks/7) [storage.TaskManager.Task] (Task='fbf02f6b-c107-4c1e-a9c7-b13261bf99e0') Unexpected error (task:875) For smaller installations, without the need of storage HA, maybe it's better to use NFS? Is more stable? Regards José De: "Strahil Nikolov" Para: supo...@logicworks.pt Cc: users@ovirt.org Enviadas: Sexta-feira, 20 De Novembro de 2020 21:55:28 Assunto: Re: [ovirt-users] Unable to move or copy disks I can recommend you to: - enable debug level of gluster's bricks - try to reproduce the issue I had similar issue with gluster v6.6 and above. Best Regards, Strahil Nikolov В петък, 20 ноември 2020 г., 23:35:14 Гринуич+2, написа: I tried to move the VM disk with the VM up I also tried to move or copy the disk with the VM down, and get the same error. Strange is, I have a gluster storage domain, with an older gluster version, that worked. I was able to move the disk to this older gluster and also I was able to copy the disk from to this older gluster storage What should I do with this VM? Should I shut it down and try delete the snapshot? Regards José De: "Strahil Nikolov" Para: users@ovirt.org, supo...@logicworks.pt Enviadas: Sexta-feira, 20 De Novembro de 2020 21:05:19 Assunto: Re: [ovirt-users] Unable to move or copy disks Can you try a live migration ? I got a similar case and the live migration somehow triggered a fix. Best Regards, Strahil Nikolov В петък, 20 ноември 2020 г., 21:04:13 Гринуич+2, написа: Hi, I was trying to move a disk between glusters domain storage without success. # gluster --version glusterfs 6.10 Now have a VM with this message: The VM has snapshot(s) with disk(s) in illegal status. Please don't shutdown the VM before successfully retrying the snapshot delete oVirt verison is Version 4.3.10.4-1.el7 I cannot delete the snapshot. What should I do? hanks -- Jose Ferradeira http://www.logicworks.pt ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/EAYBO6KEKQSSZRLDFGQQQTMUTTYRQBZO/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/VIVNXE4C3MZTCLSAARMH3ESSE7K2QIWU/
[ovirt-users] Re: User portal and DNS entries removal
Have you thought to use a vdsm hook that executes your logic once a VM is removed ? This way users won't have the ability to alter the DNS records themselves ,which is way more secure and reliable. Best Regards, Strahil Nikolov В събота, 21 ноември 2020 г., 10:26:45 Гринуич+2, Nathanaël Blanchet написа: Hello, We project to use User portal to give more autonomy to users for creating VMs. Creation, modifications are easy et friendship, and network is dealt with external dhcp/ddns. But when deleting a VM, DNS leases with a long TTL still remains and it is not possible to access a new VM that is named as same as the precedent one. I wrote a playbook that erases all related DNS entries and I'm used to run it with AWX for other cases. Is there a way to integrate this playbook into User portal to be run when deleting a VM so as the DNS database to be still clean? ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/PPEDJKD6NUJONACMFFJFQJ7YR3TC2QFN/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/4Q7FDMX566YOLL6WIATBNTQAMLSUKI2K/
[ovirt-users] Can't delete a disk after a failed upload
Hi, After trying to upload an ISO via the web interface, the upload remains in the "paused by system" state. When I click "cancel" in the upload menu the status stops at "finalizing cleanup". Is there an alternative way to delete this disk? ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/QBEKSUXPXVMUFMPQFD24OH7DABAQ5ALG/
[ovirt-users] User portal and DNS entries removal
Hello,We project to use User portal to give more autonomy to users for creating VMs. Creation, modifications are easy et friendship, and network is dealt with external dhcp/ddns. But when deleting a VM, DNS leases with a long TTL still remains and it is not possible to access a new VM that is named as same as the precedent one. I wrote a playbook that erases all related DNS entries and I'm used to run it with AWX for other cases. Is there a way to integrate this playbook into User portal to be run when deleting a VM so as the DNS database to be still clean?___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/PPEDJKD6NUJONACMFFJFQJ7YR3TC2QFN/
