[ovirt-users] Re: Cannot log into oVirt Manager - certificate issue

2022-02-08 Thread Gilboa Davara 
On Wed, Feb 9, 2022 at 7:52 AM Patrick Hibbs  wrote:

> The certificates used in SPICE connections are stored on the VM hosts. By
> default they are at /etc/pki/vdsm/libvirt-spice, and configured by VDSM in
> /etc/libvirt/qemu.conf. Their default names are ca-cert.pem,
> server-cert.pem, and server-key.pem. Using openssl x509 -noout -text -in
>  should show you the certificate's expiration info.
>
> Note: Don't try to change anything, it will be overwritten by VDSM on the
> next host update / reinstall.
>
> As for remote-viewer, if you run it manually from the console with
> "remote-viewer --debug " or "remote-viewer --verbose
> "  it will print log information about the connection
> it's trying to establish.
>
> -Patrick Hibbs
>
>
Hello,

You must have missed my answer above. (Understandable, given the length of
this thread...)
I replaced and verified /etc/pki/vdsm/libvirt-spice/server-cert.pem
Restarted all the services on the host.

$ openssl x509 -in /etc/pki/vdsm/libvirt-spice/server-cert.pem -noout
-dates
notBefore=Feb  7 13:59:14 2022 GMT
notAfter=Feb  7 13:59:14 2027 GMT
$ openssl x509 -in /etc/pki/vdsm/libvirt-spice/ca-cert.pem -noout -dates
notBefore=Dec 26 16:25:01 2020 GMT
notAfter=Dec 25 16:25:01 2030 GMT

However, remote-viewer still fails:
$ remote-viewer --debug console.vv
...
(remote-viewer:14874): Spice-WARNING **: 18:14:33.500:
../subprojects/spice-common/common/ssl_verify.c:506:openssl
_verify: ssl: subject 'O=localdomain,CN=gilboa-wx-srv.localdomain'
verification failed

The main problem here is that while we assume the problem is expired
certificates, it can be something else (Subject, CN, etc).
The error is not informative..

- Gilboa.




> On Wed, 2022-02-09 at 06:58 +0200, Gilboa Davara wrote:
>
>
>
> On Wed, Feb 9, 2022 at 1:05 AM Strahil Nikolov 
> wrote:
>
> I have no clue , but I would give vdsm.service a restart.
>
>
> Thanks again for the prompt response.
> Tried that, restarted all services and the all the VMS, didn't work.
>
> Any idea how I can verify the certificate information actually being used
> by qemu for the spice console?
> remote-viewer just fails, without giving any meaningful error message.
>
> - Gilboa
>
>
>
> Best Regards,
> Strahil Nikolov
>
> On Tue, Feb 8, 2022 at 18:19, Gilboa Davara
>  wrote:
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
>
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/2GAQH44QD6KTS4RHXQBDWL6PNI6OKCS3/
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/OG57VT2XGDTY2MFOJFFUCZAMXS22W4OG/
>
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/AKQVBARD4EWIS3PCQYLX7AH575XRDYAD/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5FFDOORY2QJ6QGWT3RNVVYE2DIVTB4KL/

[ovirt-users] Re: Network filters in oVirt : zero-trust, IP and port filtering

2022-02-08 Thread Ales Musil 
On Wed, Feb 9, 2022 at 7:25 AM ravi k  wrote:

> > you can use it from the engine under some conditions.
> > 1) You need to make sure that all hosts have this filter.
> > 2) You need to define this filter in engine DB otherwise you would need
> > some kind of hook to apply it.
>
> Thanks a lot for that. If there's any doc that hints on how to define the
> filter in the engine DB, can you please point me there?


This query should do the trick:
INSERT INTO network_filter VALUES (uuid_generate_v1(),
'clean-traffic-gateway' , '4.6');

Instead of  'clean-traffic-gateway' insert the name of your filter.
The third parameter is cluster version which you can find in your cluster
definition,
if you are past 4.4.6 it should be 4.6.

Once this is done you should see the filter available in the list on vNIC
profiles.



> Right now I'm creating a filter to test for this functionality. Once it's
> working I'll then try defining it in the DB.
> Also if it's working as expected we'll submit it to libvirt as well.
>

If the filter gets accepted to libvirt, feel free to open PR on
ovirt-engine to include this filter for other oVirt users.


>
> Regards,
> ravi
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/6DTFTTGNWTNRQQ3V2PMED6BMOKWPQJ66/
>

Regards,
Ales

-- 

Ales Musil

Senior Software Engineer - RHV Network

Red Hat EMEA 

amu...@redhat.comIM: amusil

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/WKDM5HDZKQJ5C7PNDNDUJ4U7ZZP5CYLW/

[ovirt-users] Re: Network filters in oVirt : zero-trust, IP and port filtering

2022-02-08 Thread ravi k 
> you can use it from the engine under some conditions.
> 1) You need to make sure that all hosts have this filter.
> 2) You need to define this filter in engine DB otherwise you would need
> some kind of hook to apply it.

Thanks a lot for that. If there's any doc that hints on how to define the 
filter in the engine DB, can you please point me there? Right now I'm creating 
a filter to test for this functionality. Once it's working I'll then try 
defining it in the DB. 
Also if it's working as expected we'll submit it to libvirt as well. 

Regards,
ravi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/6DTFTTGNWTNRQQ3V2PMED6BMOKWPQJ66/

[ovirt-users] Re: Network filters in oVirt : zero-trust, IP and port filtering

2022-02-08 Thread Ales Musil 
On Wed, Feb 9, 2022 at 6:54 AM ravi k  wrote:

> Good people of the community,
>

Hi,


> Hope you are all doing well. We are exploring the network filters in oVirt
> to check if we can implement a zero-trust model at the network level. The
> intention is to have a filter which takes two parameters, IP and PORT.
> After that there will be a 'deny all' rule. We realized that none of the
> default network filters offer such a functionality and the only option is
> to write a custom filter
>
Why don't we have such a filter in libvirt and thereby in oVirt? Someone
> would've already thought about such a use case. So I was thinking maybe
> network filters aren't meant to be used for implementing such
> functionalities like zero-trust?
>

You can definitely implement this filter on your own and if you feel like
it is a good solution send a patch to libvirt. oVirt really depends on what
is configured in libvirt, so if you define you filter
you can use it from the engine under some conditions.
1) You need to make sure that all hosts have this filter.
2) You need to define this filter in engine DB otherwise you would need
some kind of hook to apply it.


>
> Also what are some practical use cases of the default filters that are
> provided? I was able to understand and use the clean-traffic and
> clean-traffic-gateway.
>

You can read what the predefined filters can offer in
https://libvirt.org/formatnwfilter.html#nwfexamples


>
> Regards,
> ravi
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/J2PUNVD7N45X7YDE5UX2CXWGDEFDS46M/
>

Regards,
Ales

-- 

Ales Musil

Senior Software Engineer - RHV Network

Red Hat EMEA 

amu...@redhat.comIM: amusil

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/DA3YUL4UXMIPAS4MRP75CON2TJYHSR63/

[ovirt-users] what are the steps to swap/upgrade/reboot my main storage domain with minimum downtime

2022-02-08 Thread Pascal D 
I need to upgrade my main domain storage (NFS) which hosts 100s of VMs and 
templates including the hosted engine. Can I put the data center in global 
maintenance, do a quick sync and swap of the domain storage and bring it back 
up without missing a beat?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/LM4CUDWXJKR2RH5ITCAQG4O56J3YXA2N/

[ovirt-users] Re: Cannot log into oVirt Manager - certificate issue

2022-02-08 Thread Patrick Hibbs 
The certificates used in SPICE connections are stored on the VM hosts.
By default they are at /etc/pki/vdsm/libvirt-spice, and configured by
VDSM in /etc/libvirt/qemu.conf. Their default names are ca-cert.pem,
server-cert.pem, and server-key.pem. Using openssl x509 -noout -text -
in  should show you the certificate's expiration
info.

Note: Don't try to change anything, it will be overwritten by VDSM on
the next host update / reinstall.

As for remote-viewer, if you run it manually from the console with
"remote-viewer --debug " or "remote-viewer --
verbose "  it will print log information about the
connection it's trying to establish.

-Patrick Hibbs

On Wed, 2022-02-09 at 06:58 +0200, Gilboa Davara wrote:
> 
> 
> On Wed, Feb 9, 2022 at 1:05 AM Strahil Nikolov
>  wrote:
> > I have no clue , but I would give vdsm.service a restart.
> > 
> 
> 
> Thanks again for the prompt response.
> Tried that, restarted all services and the all the VMS, didn't work.
> 
> Any idea how I can verify the certificate information actually being
> used by qemu for the spice console?
> remote-viewer just fails, without giving any meaningful error
> message.
> 
> - Gilboa
>  
> > 
> > Best Regards,
> > Strahil Nikolov
> > 
> > > On Tue, Feb 8, 2022 at 18:19, Gilboa Davara
> > >  wrote:
> > > ___
> > > Users mailing list -- users@ovirt.org
> > > To unsubscribe send an email to users-le...@ovirt.org
> > > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > > oVirt Code of Conduct:
> > > https://www.ovirt.org/community/about/community-guidelines/
> > > List Archives: 
> > >
> >
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/2GAQH44QD6KTS4RHXQBDWL6PNI6OKCS3/
> > > 
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/OG57VT2XGDTY2MFOJFFUCZAMXS22W4OG/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/AKQVBARD4EWIS3PCQYLX7AH575XRDYAD/

[ovirt-users] Network filters in oVirt : zero-trust, IP and port filtering

2022-02-08 Thread ravi k 
Good people of the community, 
Hope you are all doing well. We are exploring the network filters in oVirt to 
check if we can implement a zero-trust model at the network level. The 
intention is to have a filter which takes two parameters, IP and PORT. After 
that there will be a 'deny all' rule. We realized that none of the default 
network filters offer such a functionality and the only option is to write a 
custom filter. 
Why don't we have such a filter in libvirt and thereby in oVirt? Someone 
would've already thought about such a use case. So I was thinking maybe network 
filters aren't meant to be used for implementing such functionalities like 
zero-trust?

Also what are some practical use cases of the default filters that are 
provided? I was able to understand and use the clean-traffic and 
clean-traffic-gateway.

Regards,
ravi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/J2PUNVD7N45X7YDE5UX2CXWGDEFDS46M/

[ovirt-users] Re: Cannot log into oVirt Manager - certificate issue

2022-02-08 Thread Gilboa Davara 
On Wed, Feb 9, 2022 at 1:05 AM Strahil Nikolov 
wrote:

> I have no clue , but I would give vdsm.service a restart.
>

Thanks again for the prompt response.
Tried that, restarted all services and the all the VMS, didn't work.

Any idea how I can verify the certificate information actually being used
by qemu for the spice console?
remote-viewer just fails, without giving any meaningful error message.

- Gilboa


>
> Best Regards,
> Strahil Nikolov
>
> On Tue, Feb 8, 2022 at 18:19, Gilboa Davara
>  wrote:
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
>
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/2GAQH44QD6KTS4RHXQBDWL6PNI6OKCS3/
>
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OG57VT2XGDTY2MFOJFFUCZAMXS22W4OG/

[ovirt-users] Re: Unable to install on a bonded NIC

2022-02-08 Thread Gianluca Cecchi 
On Tue, Feb 8, 2022 at 10:41 PM Tim W. via Users  wrote:

> I think I found the problem.  The regex in
> 001_validate_network_interfaces.yml really wants there to be a number after
> the 'bond' identifier, i.e. bond0.  However, the regex is as follows:
>
>   bond_valid_name="{{ iface_item | regex_search('(^bond[0-9]+)') }}"
>
> which will not return a good value if just 'bond' is passed to it (the
> output of nmcli -g GENERAL.TYPE device show).
>
> However, I am not an ansible expert, nor am I an expert on how these
> scripts are called.  I humbly request someone else's expert opinion on this.
>
> Thanks again.
>


I think the main failure reason is about the current bonding mode:
balance-rr that is not supported:

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html/administration_guide/sect-network_bonding#Bonding_Modes

Actually here below in hosted engine installation guide:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html/installing_red_hat_virtualization_as_a_self-hosted_engine_using_the_command_line/installing_hosts_for_rhv_she_cli_deploy#Recommended_practices_for_configuring_host_networks_SHE_cli_deploy

is stated:
"
If the ovirtmgmt network is not used by virtual machines, the network may
use any supported bonding mode.
"

But in 001_validate_network_interfaces.yml there is:

  - name: Set variable for supported bond modes
set_fact:
  acceptable_bond_modes: ['active-backup', 'balance-xor', 'broadcast',
'802.3ad']

and then a when condition with

hostvars[inventory_hostname]['ansible_' + iface_item]['mode'] in
acceptable_bond_modes

so that the balance-rr interface is filtered out.
Not digged about the "false" positive regarding messages about only team
devices detected...

HIH,
Gianluca
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SG227ZIDUQR2CBTZ4UKAKJYMFSODHXDU/

[ovirt-users] Re: Unable to install on a bonded NIC

2022-02-08 Thread Timothy J. Wielgos via Users 
 bond0 is the name of the bond.  However, the output of the query to network 
manager that is coming up is just 'bond'

[root@mustafar ~]# ip addr sho bond06: bond0: 
 mtu 1500 qdisc noqueue state UP group 
default qlen 1000    link/ether [redacted] brd ff:ff:ff:ff:ff:ff    inet 
192.168.5.83/24 brd 192.168.5.255 scope global noprefixroute bond0       
valid_lft forever preferred_lft forever    inet6 [redacted]/64 scope global 
dynamic noprefixroute        valid_lft 29sec preferred_lft 19sec    inet6 
fe80::7766:8381:983a:9198/64 scope link noprefixroute        valid_lft forever 
preferred_lft forever

On Tuesday, February 8, 2022, 05:06:58 PM CST, Strahil Nikolov 
 wrote:  
 
 What is your bond name ?

 
 
  On Tue, Feb 8, 2022 at 23:41, Tim W. via Users wrote:   I 
think I found the problem.  The regex in 001_validate_network_interfaces.yml 
really wants there to be a number after the 'bond' identifier, i.e. bond0.  
However, the regex is as follows:

  bond_valid_name="{{ iface_item | regex_search('(^bond[0-9]+)') }}"

which will not return a good value if just 'bond' is passed to it (the output 
of nmcli -g GENERAL.TYPE device show).

However, I am not an ansible expert, nor am I an expert on how these scripts 
are called.  I humbly request someone else's expert opinion on this.

Thanks again.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/6AYCPB63G6INUDEFIQP2KI6SU2UFS6XF/
  
  ___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/E6ETDK6FM5BVUS32RJG2IAP6DWUVCC74/

[ovirt-users] Re: Unable to install on a bonded NIC

2022-02-08 Thread Strahil Nikolov via Users 
What is your bond name ?

 
 
  On Tue, Feb 8, 2022 at 23:41, Tim W. via Users wrote:   I 
think I found the problem.  The regex in 001_validate_network_interfaces.yml 
really wants there to be a number after the 'bond' identifier, i.e. bond0.  
However, the regex is as follows:

  bond_valid_name="{{ iface_item | regex_search('(^bond[0-9]+)') }}"

which will not return a good value if just 'bond' is passed to it (the output 
of nmcli -g GENERAL.TYPE device show).

However, I am not an ansible expert, nor am I an expert on how these scripts 
are called.  I humbly request someone else's expert opinion on this.

Thanks again.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/6AYCPB63G6INUDEFIQP2KI6SU2UFS6XF/
  
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/DCQTL2PEIIMKPKZFNSPYUNMPK2SJBUL2/

[ovirt-users] Re: hosted engine deployment (v4.4.10) - TASK Check engine VM health - fatal FAILED

2022-02-08 Thread Strahil Nikolov via Users 
Or just add an exclude in /etc/dnf/dnf.conf
 
 
  On Tue, Feb 8, 2022 at 18:32, Gilboa Davara wrote:   
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/AMWN33K6BELU6VXBGVMTUEDHR2YKTIC5/
  
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/WUWCVPNAIDSXCJLEIGF6CKL47DIS7GMF/

[ovirt-users] Re: Cannot log into oVirt Manager - certificate issue

2022-02-08 Thread Strahil Nikolov via Users 
 I have no clue , but I would give vdsm.service a restart.
Best Regards,Strahil Nikolov
 
  On Tue, Feb 8, 2022 at 18:19, Gilboa Davara wrote:   
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/2GAQH44QD6KTS4RHXQBDWL6PNI6OKCS3/
  
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/IJDRPMDM3IK5V5E4LCFPUKY5SDHXMQ4W/

[ovirt-users] Re: Unable to install on a bonded NIC

2022-02-08 Thread Tim W. via Users 
I think I found the problem.  The regex in 001_validate_network_interfaces.yml 
really wants there to be a number after the 'bond' identifier, i.e. bond0.  
However, the regex is as follows:

  bond_valid_name="{{ iface_item | regex_search('(^bond[0-9]+)') }}"

which will not return a good value if just 'bond' is passed to it (the output 
of nmcli -g GENERAL.TYPE device show).

However, I am not an ansible expert, nor am I an expert on how these scripts 
are called.  I humbly request someone else's expert opinion on this.

Thanks again.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/6AYCPB63G6INUDEFIQP2KI6SU2UFS6XF/

[ovirt-users] Re: Unable to install on a bonded NIC

2022-02-08 Thread weeglos--- via Users 
Thanks for your reply!

The only shell command in that script is the one you mentioned.  Here is the 
output:

[root@mustafar ~]# set -euo pipefail && nmcli -g GENERAL.TYPE device show
bond

ethernet

ethernet

ethernet

ethernet

loopback
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/O7VW3MDA3PWDF7BEZHQAXFO5EEOMU7IO/

[ovirt-users] Re: hosted engine deployment (v4.4.10) - TASK Check engine VM health - fatal FAILED

2022-02-08 Thread Gilboa Davara 
>
> [ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Fail if Engine IP is
> different from engine's he_fqdn resolved IP]
> [ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg":
> "Engine VM IP address is while the engine's he_fqdn
> ovirt-engine.mgmt.pss.local resolves to 10.210.1.101. If you are using
> DHCP, check your DHCP reservation configuration"}
>
>
Hello,

It's a known issue (Yesterday it took me 4 cups of coffee and ~4-5 of lost
sleep to remember this fact...)
The Latest qemu update (6.1) is broken, and fails during --deploy.
Make sure you run 'dnf downgrade qemu*' a couple of times on the first
host, until you get qemu-6.0.
Once done, try deploying again.

- Gilboa
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/AMWN33K6BELU6VXBGVMTUEDHR2YKTIC5/

[ovirt-users] Re: Cannot log into oVirt Manager - certificate issue

2022-02-08 Thread Gilboa Davara 
Hello,

On Tue, Feb 8, 2022 at 5:39 PM Strahil Nikolov 
wrote:

> From the web UI there is an option to to regenerate the certificate
> Compute -> Hosts -> Management -> Maintenance -> Installation -> Enroll
> certificate
>
> Also, if you have RH dev subscription , you can check
> https://access.redhat.com/solutions/3532921 for the manual approach.
>
> Best Regards,
> Strahil Nikolov
>

Thanks for the prompt response.
Sadly enough as luck would have it, it hit this issues on one of the
single-host setups - which cannot go into maintenance.
Soon after sending this email, I managed to find the RHV solution, which
got VDSM working again.
However, I cannot seem to get vmconsole working - trying to get spice
console connected still uses the old certificates, even though I replaced
and verified /etc/pki/vdsm/libvirt-spice/server-cert.pem

$ openssl x509 -in /etc/pki/vdsm/libvirt-spice/server-cert.pem -noout
-dates
notBefore=Feb  7 13:59:14 2022 GMT
notAfter=Feb  7 13:59:14 2027 GMT
$ openssl x509 -in /etc/pki/vdsm/libvirt-spice/ca-cert.pem -noout -dates
notBefore=Dec 26 16:25:01 2020 GMT
notAfter=Dec 25 16:25:01 2030 GMT
$ remote-viewer console.vv
...
(remote-viewer:14874): Spice-WARNING **: 18:14:33.500:
../subprojects/spice-common/common/ssl_verify.c:506:openssl
_verify: ssl: subject 'O=localdomain,CN=gilboa-wx-srv.localdomain'
verification failed

Any idea what I'm missing?

- Gilboa





>
> On Tue, Feb 8, 2022 at 12:13, Gilboa Davara
>  wrote:
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
>
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/DQOEYXG2XNM5TFZJHNDNPPKL3OIQI4SO/
>
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/2GAQH44QD6KTS4RHXQBDWL6PNI6OKCS3/

[ovirt-users] Re: Unable to install on a bonded NIC

2022-02-08 Thread Strahil Nikolov via Users 
Can you execute the commands from 
/usr/share/ansible/collections/ansible_collections/ovirt/ovirt/roles/hosted_engine_setup/tasks/filter_team_devices.yml
 (on the Hypervisor) and share the output ?
The first task executes 'nmcli -g GENERAL.TYPE device show' shows all available 
devices
Best Regards,Strahil Nikolov
 
 
  On Tue, Feb 8, 2022 at 17:33, weeglos--- via Users wrote:   
From the install script output:

...
[ INFO  ] Checking available network interfaces:
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Execute just a specific set 
of steps]
[ INFO  ] ok: [localhost]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Force facts gathering]
[ INFO  ] ok: [localhost]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Detecting interface on 
existing management bridge]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Set variable for supported 
bond modes]
[ INFO  ] ok: [localhost]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Get all active network 
interfaces]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Filter bonds with bad naming]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Generate output list]
[ INFO  ] ok: [localhost]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Collect interface types]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Check for Team devices]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Get list of Team devices]
[ INFO  ] ok: [localhost]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Collect Team devices]
[ INFO  ] ok: [localhost]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Filter team devices]
[ INFO  ] ok: [localhost]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Fail if only team devices are 
available]
[ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg": "Only Team 
devices  are present. Teaming is unsupported."}
[ ERROR ] Failed to execute stage 'Environment customization': Failed executing 
ansible-playbook
[ INFO  ] Stage: Clean up
...
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/72G4Y5WXPKFRM24JQS7AV3CCPZDEQBBH/
  
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FIM3VRZMKLOYYSSCH2QSFTUQSBSRKM4J/

[ovirt-users] Re: Cannot log into oVirt Manager - certificate issue

2022-02-08 Thread Strahil Nikolov via Users 
>From the web UI there is an option to to regenerate the certificate Compute -> 
>Hosts -> Management -> Maintenance -> Installation -> Enroll certificate
Also, if you have RH dev subscription , you can check 
https://access.redhat.com/solutions/3532921 for the manual approach.
Best Regards,Strahil Nikolov 
 
  On Tue, Feb 8, 2022 at 12:13, Gilboa Davara wrote:   
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/DQOEYXG2XNM5TFZJHNDNPPKL3OIQI4SO/
  
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XXXQQORUSD7QBKVRCARBULKOA3I3IPBW/

[ovirt-users] Re: Unable to install on a bonded NIC

2022-02-08 Thread weeglos--- via Users 
From the install script output:

...
[ INFO  ] Checking available network interfaces:
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Execute just a specific set 
of steps]
[ INFO  ] ok: [localhost]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Force facts gathering]
[ INFO  ] ok: [localhost]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Detecting interface on 
existing management bridge]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Set variable for supported 
bond modes]
[ INFO  ] ok: [localhost]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Get all active network 
interfaces]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Filter bonds with bad naming]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Generate output list]
[ INFO  ] ok: [localhost]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Collect interface types]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Check for Team devices]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Get list of Team devices]
[ INFO  ] ok: [localhost]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Collect Team devices]
[ INFO  ] ok: [localhost]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Filter team devices]
[ INFO  ] ok: [localhost]
[ INFO  ] TASK [ovirt.ovirt.hosted_engine_setup : Fail if only team devices are 
available]
[ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg": "Only Team 
devices  are present. Teaming is unsupported."}
[ ERROR ] Failed to execute stage 'Environment customization': Failed executing 
ansible-playbook
[ INFO  ] Stage: Clean up
...
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/72G4Y5WXPKFRM24JQS7AV3CCPZDEQBBH/

[ovirt-users] Re: hosted engine deployment (v4.4.10) - TASK Check engine VM health - fatal FAILED

2022-02-08 Thread Charles Kozler 
While I have not answered your question directly, I would strongly advise
you just use ovirt-node

I went through similar build issues all the time. Ansible (well, whoever
wrote the playbook) can be finicky sometimes and I found when I deployed
ovirt-node I was done in under an hour with absolutely zero issues

The +1 is knowing that if I upgrade ovirt on ovirt-node, I will (hopefully)
have a much lesser chance of breaking ovirt on an upgrade

On Tue, Feb 8, 2022 at 9:04 AM Charles Stellen  wrote:

> Dear Ovirt Hackers,
>
> sorry: incidently send to de...@ovitr.org
>
> we are dealing with hosted engine deployment issue on a fresh AMD EPYC
> servers:
>
> and we are ready to donate hardware to Ovirt community after we pass
> this issue ( :-) )
>
> 0/ base infra:
>
> - 3 identical physical servers (produced in 2021-4Q)
> - fresh, clean and recent version of centos 8 stream installed
> (@^minimal-environment)
> - servers are interconnected with cisco switch, each other are network
> visible,
> all with nice internet access (NAT)
>
>
> 1/ storage:
>
> - all 3 servers/nodes host nice and clean glusterfs (v9.5) and volume
> "vol-images01" is ready for VM images
> - ovirt hosted engine deployment procedure:
> - easily accept mentioned glusterfs storage domain
> - mount it during "hosted-engine --deploy" with no issue
> - all permissions are set correctly at all glustrfs nodes ("chown
> vdsm.kvm vol-images01")
> - no issue with storage domain at all
>
>
> 2/ ovirt - hosted engine deployment:
>
> - all 3 servers successfully deployed recent ovirt version with standart
> procedure
> (on top of minimal install of centos 8 stream):
>
> dnf -y install ovirt-host
> virt-host-validate: PASS ALL
>
> - at first server we continue with:
>
> dnf -y install ovirt-engine-appliance
> hosted-engine --deploy (pure commandline - so no cockpit is used)
>
> DEPLOYMENT ISSUE:
>
> - during "hosted-engine --deploy" procedure - hosted engine becomes
> temporairly accessible at:https://server01:6900/ovirt-engine/
> - with request to manualy set "ovirtmgmt" virtual nic
> - Hosts > server01 > Network Interfaces > [SETUP HOST NETWORKS]
> "ovirtmgmt" dropped to eno1 - [OK]
> - than All pass fine - and host "server01" becomes Active
> - back to commandline to Continue with deployment "Pause execution until
> /tmp/ansible.jksf4_n2_he_setup_lock is removed"
> by removing the lock file
>
> - deployment than pass all steps_until_ "[ INFO ] TASK
> [ovirt.ovirt.hosted_engine_setup : Check engine VM health]"
>
> ISSUE DETAILS: new VM becomes not accessible in the final stage - as it
> should be reachable at its final IP:
>
> [ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Fail if Engine IP is
> different from engine's he_fqdn resolved IP]
> [ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg":
> "Engine VM IP address is while the engine's he_fqdn
> ovirt-engine.mgmt.pss.local resolves to 10.210.1.101. If you are using
> DHCP, check your DHCP reservation configuration"}
>
> - problem is, that even if we go with "Static" IP (provided during
> answering procedure) or with "DHCP" way (with properly set DHCP and DNS
> server responding with correct IP for both
> WE STUCK THERE
>
> WE TRYIED:
> - no success to connect to terminal/vnc of running VM "HostedEngine" to
> figure out the internal network issue
>
> any suggestion howto "connect" into newly deployed UP and RUNNING
> HostedEngine VM? to figure out eventually manualy fix the internal
> network issue?
>
>
> Thank You all for your help
> Charles Stellen
>
>
> PS: we are advanced in Ovirt deployment (from version 4.0), also we are
> advanced in GNU/Linux KVM based virtualisation for 10+ years,
> so any suggests or any details requested - WE ARE READY to provide
> online debuging or direct access to servers is not a problem
>
> PPS: after we pass this deployment - and after decomissioning procedure
> - we are ready to provide older HW to Ovirt community
>
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/LKOLWUCOFAHCXSSIBVHQ2NIJWPHOV7JE/
>

-- 
*Notice to Recipient*: *https://www.flyerft.com/disclaimer 
*
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZNAUTQDMXTWST3LSLPTMUS7NHWDHHCEQ/

[ovirt-users] Re: hosted engine deployment (v4.4.10) - TASK Check engine VM health - fatal FAILED

2022-02-08 Thread Yedidyah Bar David 
On Tue, Feb 8, 2022 at 4:05 PM Charles Stellen  wrote:
>
> Dear Ovirt Hackers,
>
> sorry: incidently send to de...@ovitr.org
>
> we are dealing with hosted engine deployment issue on a fresh AMD EPYC
> servers:
>
> and we are ready to donate hardware to Ovirt community after we pass
> this issue ( :-) )
>
> 0/ base infra:
>
> - 3 identical physical servers (produced in 2021-4Q)
> - fresh, clean and recent version of centos 8 stream installed
> (@^minimal-environment)
> - servers are interconnected with cisco switch, each other are network
> visible,
> all with nice internet access (NAT)
>
>
> 1/ storage:
>
> - all 3 servers/nodes host nice and clean glusterfs (v9.5) and volume
> "vol-images01" is ready for VM images
> - ovirt hosted engine deployment procedure:
> - easily accept mentioned glusterfs storage domain
> - mount it during "hosted-engine --deploy" with no issue
> - all permissions are set correctly at all glustrfs nodes ("chown
> vdsm.kvm vol-images01")
> - no issue with storage domain at all
>
>
> 2/ ovirt - hosted engine deployment:
>
> - all 3 servers successfully deployed recent ovirt version with standart
> procedure
> (on top of minimal install of centos 8 stream):
>
> dnf -y install ovirt-host
> virt-host-validate: PASS ALL
>
> - at first server we continue with:
>
> dnf -y install ovirt-engine-appliance
> hosted-engine --deploy (pure commandline - so no cockpit is used)
>
> DEPLOYMENT ISSUE:
>
> - during "hosted-engine --deploy" procedure - hosted engine becomes
> temporairly accessible at:https://server01:6900/ovirt-engine/
> - with request to manualy set "ovirtmgmt" virtual nic
> - Hosts > server01 > Network Interfaces > [SETUP HOST NETWORKS]
> "ovirtmgmt" dropped to eno1 - [OK]
> - than All pass fine - and host "server01" becomes Active
> - back to commandline to Continue with deployment "Pause execution until
> /tmp/ansible.jksf4_n2_he_setup_lock is removed"
> by removing the lock file
>
> - deployment than pass all steps_until_ "[ INFO ] TASK
> [ovirt.ovirt.hosted_engine_setup : Check engine VM health]"
>
> ISSUE DETAILS: new VM becomes not accessible in the final stage - as it
> should be reachable at its final IP:

Can you please try with qemu 6.0.0?

See other threads here about broken 6.1. Sorry for that.

Good luck and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/55EAJSAUCO47ZZ7PDYFSTRGGQZXFQPYP/

[ovirt-users] What replaces ISO domains how to re-use ISO files on multiple Data Centers?

2022-02-08 Thread Brian Levinsen 
Hello.

I have been searching but not been able to find a solution.
As far as I could find the Storage Domain Type ISO is deprecated.

We have used this for hosting one central location for ISO images.

Everywhere I found they say to use a Data Domain.
But a Data Domain can not be attached to multiple Data Centers?

So how do we in newer versions of ovirt share ISO files with multiple Data 
Centers?

/Brian
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YXQVTWK2WEFMETQH3XWMXM2RTAMKF7B4/

[ovirt-users] hosted engine deployment (v4.4.10) - TASK Check engine VM health - fatal FAILED

2022-02-08 Thread Charles Stellen 

Dear Ovirt Hackers,

sorry: incidently send to de...@ovitr.org

we are dealing with hosted engine deployment issue on a fresh AMD EPYC 
servers:


and we are ready to donate hardware to Ovirt community after we pass 
this issue ( :-) )


0/ base infra:

- 3 identical physical servers (produced in 2021-4Q)
- fresh, clean and recent version of centos 8 stream installed 
(@^minimal-environment)
- servers are interconnected with cisco switch, each other are network 
visible,

all with nice internet access (NAT)


1/ storage:

- all 3 servers/nodes host nice and clean glusterfs (v9.5) and volume 
"vol-images01" is ready for VM images

- ovirt hosted engine deployment procedure:
- easily accept mentioned glusterfs storage domain
- mount it during "hosted-engine --deploy" with no issue
- all permissions are set correctly at all glustrfs nodes ("chown 
vdsm.kvm vol-images01")

- no issue with storage domain at all


2/ ovirt - hosted engine deployment:

- all 3 servers successfully deployed recent ovirt version with standart 
procedure

(on top of minimal install of centos 8 stream):

dnf -y install ovirt-host
virt-host-validate: PASS ALL

- at first server we continue with:

dnf -y install ovirt-engine-appliance
hosted-engine --deploy (pure commandline - so no cockpit is used)

DEPLOYMENT ISSUE:

- during "hosted-engine --deploy" procedure - hosted engine becomes 
temporairly accessible at:https://server01:6900/ovirt-engine/

- with request to manualy set "ovirtmgmt" virtual nic
- Hosts > server01 > Network Interfaces > [SETUP HOST NETWORKS]
"ovirtmgmt" dropped to eno1 - [OK]
- than All pass fine - and host "server01" becomes Active
- back to commandline to Continue with deployment "Pause execution until 
/tmp/ansible.jksf4_n2_he_setup_lock is removed"

by removing the lock file

- deployment than pass all steps_until_ "[ INFO ] TASK 
[ovirt.ovirt.hosted_engine_setup : Check engine VM health]"


ISSUE DETAILS: new VM becomes not accessible in the final stage - as it 
should be reachable at its final IP:


[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Fail if Engine IP is 
different from engine's he_fqdn resolved IP]
[ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg": 
"Engine VM IP address is while the engine's he_fqdn 
ovirt-engine.mgmt.pss.local resolves to 10.210.1.101. If you are using 
DHCP, check your DHCP reservation configuration"}


- problem is, that even if we go with "Static" IP (provided during 
answering procedure) or with "DHCP" way (with properly set DHCP and DNS 
server responding with correct IP for both

WE STUCK THERE

WE TRYIED:
- no success to connect to terminal/vnc of running VM "HostedEngine" to 
figure out the internal network issue


any suggestion howto "connect" into newly deployed UP and RUNNING 
HostedEngine VM? to figure out eventually manualy fix the internal 
network issue?



Thank You all for your help
Charles Stellen


PS: we are advanced in Ovirt deployment (from version 4.0), also we are 
advanced in GNU/Linux KVM based virtualisation for 10+ years,

so any suggests or any details requested - WE ARE READY to provide
online debuging or direct access to servers is not a problem

PPS: after we pass this deployment - and after decomissioning procedure 
- we are ready to provide older HW to Ovirt community





OpenPGP_signature
Description: OpenPGP digital signature
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/LKOLWUCOFAHCXSSIBVHQ2NIJWPHOV7JE/

[ovirt-users] Re: RHGS and RHV closing down: could you please put that on the home page?

2022-02-08 Thread Michal Skrivanek 


> On 8. 2. 2022, at 6:14, Guillaume Pavese 
>  wrote:
> 
> To replicate HCI without Gluster, 
> is there a way to set up a Managed Block Storage (I think that means Ceph?) 
> cluster hosted on the hypervisors, in a similar way as a Gluster Replica 3 ?

oVirt's MBS (CEPH) support is targeted for external CEPH clusters, I'm not 
aware of any effort to colocate the services like with gluster. With gluster we 
tried to ignore the impact of one affecting the other, with CEPH being more 
demanding it would be even more difficult.

> Is that possible/recommended or discouraged?

it might work in the ideal case, but since there is no awareness (like there is 
in Gluster) when you e.g. fence bunch of oVirt hosts you may easily do some 
damage to each.

> We are not ready for Openshift/Kubevirt yet and we would like to investigate 
> whether oVirt on Ceph in HCI is doable.

OKD Virtualization (okd+kubevirt/hco+rook) would be doable in future...most 
people are not ready just yet, and the project is not so polished yet either, 
but it will get there...

Thanks,
michal

> 
> Thank for any feedback
> 
> Guillaume Pavese
> Ingénieur Système et Réseau
> Interactiv-Group
> 
> 
> On Mon, Feb 7, 2022 at 10:47 PM Nir Soffer  > wrote:
> On Mon, Feb 7, 2022 at 3:04 PM Sandro Bonazzola  > wrote:
> 
> 
> Il giorno lun 7 feb 2022 alle ore 09:28 Thomas Hoberg  > ha scritto:
> Sandro, I am ever so glad you're fighting on, buon coraggio!
> 
> Thanks :-)
>  
> 
> Yes, please write a blog post on how oVirt could develop without a commercial 
> downstream product that pays your salaries.
> 
> I have no magic recipe but I know oVirt is used in several universities with 
> computer science departments. If just 1 student for each of them would 
> contribute 1 patch per semester that would help keeping oVirt alive even 
> without any downstream company backing it.
> And there are also people in this list like @Jean-Louis Dupond 
>  who are contributing fixes, latest is here 
> https://github.com/oVirt/ovirt-engine/pull/59 
>   .
> I don't want to write a book on how an opensource project can be healthy, I 
> believe there are already out there :-) .
> It would indeed help if some company or foundation would show up and get 
> engaged with the project but this is not strictly needed for an open source 
> project to be alive.
> 
> 
> Ideally you'd add a perspective for current HCI users, many of which chose 
> this approach, because a fault-tolerant SAN or NAS wasn't available.
> 
> I'll let the storage team to answer here
> 
> The oVirt storage team never worked on HCI and we don't plan to work on
> it in the future. HCI was designed and maintained by Gluster folks. Our
> contribution for HCI was adding 4k support, enabling usage of VDO.
> 
> Improving on the HCI side is unlikely to come from Red Hat, but nothing
> blocks other companies or contributors from working on this.
> 
> Our focus for 4.5 is Managed Block Storage and incremental backup.
> 
> Nir
> ___
> Users mailing list -- users@ovirt.org 
> To unsubscribe send an email to users-le...@ovirt.org 
> 
> Privacy Statement: https://www.ovirt.org/privacy-policy.html 
> 
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/ 
> 
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/5JBTH3JKW23ZRKDTPLBNTIIF3PMFKZ3L/
>  
> 
> 
> Ce message et toutes les pièces jointes (ci-après le “message”) sont établis 
> à l’intention exclusive de ses destinataires et sont confidentiels. Si vous 
> recevez ce message par erreur, merci de le détruire et d’en avertir 
> immédiatement l’expéditeur. Toute utilisation de ce message non conforme a sa 
> destination, toute diffusion ou toute publication, totale ou partielle, est 
> interdite, sauf autorisation expresse. L’internet ne permettant pas d’assurer 
> l’intégrité de ce message . Interactiv-group (et ses filiales) décline(nt) 
> toute responsabilité au titre de ce message, dans l’hypothèse ou il aurait 
> été modifié. IT, ES, UK.  
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/VMNBYFNOMBRBGKMBOSM4AFXCFIHD2FAI/

___
Users

[ovirt-users] Re: Cannot log into oVirt Manager - certificate issue

2022-02-08 Thread Gilboa Davara 
Hello,

On Mon, Feb 7, 2022 at 4:14 PM Martin Perina  wrote:

>
>> I don't know how, but the only errors I saw in the WebUI were update
>> related (failed to check updates on host).
>>
>
> That is not related to certificates errors used for engine <-> VDSM
> communication
>
> There was an error in engine-setup, but at this stage it was far, far too
>> late.
>>
>
> The warning/alerts mentioned above are stored in engine's audit log, which
> can be viewed within Events tab in webadmin, where you should see something
> like:
>
> Host ${VdsName} certification is about to expire at ${ExpirationDate}.
> Please renew the host's certification.
>
> or
>
> Engine's certification is about to expire at ${ExpirationDate}. Please
> renew the engine's certification.
>
>>
>>

Hello,

I just lost at least two more setups, while (slowly) upgrading it to
-streams.
Zero warning on the UI (verified twice).
Zero warning in the vdsm log (verified before I started the upgrade).
Once I upgraded the hosted engine to streams (engine-setup --offline,
distro sync, engine-setup), the VDSM's services stopped working on all
hosts (sadly enough, at least two setups are single host setups).
Tried restarting the VDSM service, and now they are spewing SSL handshake
errors.
E.g. ERROR ssl handshake: SSLError, address: :::127.0.0.1

So, given the fact that I have a working HE on all machines, how can I
renew the vdsm certificates?
I assume I cannot simply restart the HE service and try to enroll new
certificates?

- Gilboa
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/DQOEYXG2XNM5TFZJHNDNPPKL3OIQI4SO/