[ovirt-users] Re: SSL error on oVirt 4.2.4
Has anyone seen or had this issue? I am not having luck or if someone could explain the working logic of engine talking to vdsm with certs. Don On Mon, Oct 10, 2022 at 9:45 PM Don Dupuis wrote: > Hello > I have oVirt cluster with 25 hypervisors that has been running fine for a > couple of years and today all of a sudden engine was getting ssl errors > talking to the hypervisors. Error in engine.log is: > > 2022-10-10 16:20:23,562-05 ERROR > [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] > (EE-ManagedThreadFactory-engineScheduled-Thread-47) [] Unable to > RefreshCapabilities: VDSNetworkException: VDSGenericException: > VDSNetworkException: Received fatal alert: unknown_ca > > Certificates don't seem expired and I ran the command: > > openssl x509 -noout -in /etc/pki/ovirt-engine/ca.pem -fingerprint > > openssl x509 -noout -in /etc/pki/vdsm/certs/cacert.pem -fingerprint > # openssl x509 -noout -in /etc/pki/vdsm/libvirt-spice/ca-cert.pem -fingerprint > # openssl x509 -noout -in /etc/pki/vdsm/libvirt-vnc/ca-cert.pem -fingerprint > # openssl x509 -noout -in /etc/pki/CA/cacert.pem -fingerprint > > Those commands show that the fingerprints are the same. > > openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem > /etc/pki/ovirt-engine/certs/engine.cer > # openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem > /etc/pki/ovirt-engine/certs/apache.cer > # openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem > /etc/pki/ovirt-engine/certs/websocket-proxy.cer > # openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem > /etc/pki/ovirt-engine/certs/jboss.cer > # openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem > /etc/pki/ovirt-engine/certs/imageio-proxy.cer > # openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem > /etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer > > These verification commands come back as OK. I am having trouble finding my > problem. Does anyone have any suggestions? I am not finding any hits on > google and unknown_ca. > > Also the vdsm log on hypervisors has this: > > 2022-10-10 15:54:42,843-0500 ERROR (Reactor thread) > [ProtocolDetector.SSLHandshakeDispatcher] ssl handshake: SSLError, address: > :::192.168.50.26 (sslutils:263) > > Thanks > > Don > > ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/HCJZ34SQQGN5EUVP77RMRJTJCGLOA6YT/
[ovirt-users] Re: How to configure HA virtual machine on hosts without IPMI
Thanks a lot for the information. I will then go for an APC network power plug best regards, Samuel Do Right Thing (做正确的事) / Pursue Excellence (追求卓越) / Help Others Succeed (成就他人) From: Martin Perina Date: 2022-10-11 11:46 To: samuel@horebdata.cn CC: users Subject: [ovirt-users] Re: How to configure HA virtual machine on hosts without IPMI Hi, there is no other way how to provide reliable HA VMs in oVirt wihout any hardware power management. If your servers don't provide any HW power management (such as IPMI, ILO, DRAC, ...), then the only option is to attach their power supply inputs through UPS with remote access and use apc fencing driver to restart servers using UPS. Martin On Tue, Oct 11, 2022 at 9:41 AM samuel@horebdata.cn wrote: Dear Ovirt folks, I am thinking of deploly an experimental Ovirt 3-node Cluster on servers without IPMI. As far i know, Ovirts needs each host to have fence agent working for any HA virtual machine. My question is, are there any other ways in Ovirt to support fencing without using IPMI? thanks a lot, Samuel Do Right Thing (做正确的事) / Pursue Excellence (追求卓越) / Help Others Succeed (成就他人) ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/EXOTNSY5DMLFYEGCPB4QDX4QUBVETCIJ/ -- Martin Perina Manager, Software Engineering Red Hat Czech s.r.o. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/NF3FIHQDXZW4PIAXPOFRHK4RDPHW3BXD/
[ovirt-users] Re: How to configure HA virtual machine on hosts without IPMI
Don't storage leases solve that problem? I seem to recall a HA VM also works when (gets restarted on other node) a hypervisor completely loses power, ie there is no response on the fencing device. I'd expect it to work the same without a fencing device. Greetings Klaas On 10/11/22 11:46, Martin Perina wrote: Hi, there is no other way how to provide reliable HA VMs in oVirt wihout any hardware power management. If your servers don't provide any HW power management (such as IPMI, ILO, DRAC, ...), then the only option is to attach their power supply inputs through UPS with remote access and use apc fencing driver to restart servers using UPS. Martin On Tue, Oct 11, 2022 at 9:41 AM samuel@horebdata.cn wrote: Dear Ovirt folks, I am thinking of deploly an experimental Ovirt 3-node Cluster on servers without IPMI. As far i know, Ovirts needs each host to have fence agent working for any HA virtual machine. My question is, are there any other ways in Ovirt to support fencing without using IPMI? thanks a lot, Samuel Do Right Thing (做正确的事) / Pursue Excellence (追求卓越) / Help Others Succeed (成就他人) ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/EXOTNSY5DMLFYEGCPB4QDX4QUBVETCIJ/ -- Martin Perina Manager, Software Engineering Red Hat Czech s.r.o. ___ Users mailing list --users@ovirt.org To unsubscribe send an email tousers-le...@ovirt.org Privacy Statement:https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct:https://www.ovirt.org/community/about/community-guidelines/ List Archives:https://lists.ovirt.org/archives/list/users@ovirt.org/message/PS6PVOKZX5AUEW7ZI4PSI45V4NBIOJHS/___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/RQI3IGEM3FEZC4MRWC7PPBX6UL6SC2U3/
[ovirt-users] Re: Snapshot not working
Sorry for my ignorance. But, im trying since a few days to upload the requested logs, but it keeping me saying they are too big. How con i upload them? El vie, 7 de oct. de 2022 19:09, Facundo Badaracco escribió: > sorry for the delay. > > there are the engine.log, vdsm.log from spm and the host where the vm is > running. > > thx in advance! > > -- Forwarded message - > De: Facundo Badaracco > Date: jue, 6 oct 2022 a la(s) 20:22 > Subject: Re: [ovirt-users] Re: Snapshot not working > To: Benny Zlotnik > > > sorry for the delay. > > there are the engine.log, vdsm.log from spm and the host where the vm is > running. > > thx in advance! > > El jue, 6 oct 2022 a la(s) 20:03, Facundo Badaracco (varekoa...@gmail.com) > escribió: > >> sorry for the delay. >> >> there are the engine.log, vdsm.log from spm and the host where the vm is >> running. >> >> thx in advance! >> >> >> El jue, 6 oct 2022 a la(s) 05:30, Benny Zlotnik (bzlot...@redhat.com) >> escribió: >> >>> Can you provide relevant ovirt-engine and vdsm logs (SPM and host where >>> VM runs) >>> >>> On Tue, Oct 4, 2022 at 7:49 PM Facundo Badaracco >>> wrote: >>> > >>> > Someone? Any hint? >>> > >>> > El jue, 29 de sep. de 2022 10:58, Facundo Badaracco < >>> varekoa...@gmail.com> escribió: >>> >> >>> >> hi everyone, >>> >> >>> >> I have a glusterFS replica x3 node. >>> >> >>> >> I can't create snapshot. when I create it, if I select to save the >>> memory, then in the disks section only appears the snapshot of the memory >>> and in locked state. If instead, I remove the option to make snapshot of >>> the memory, it does not make the snapshot saying "failed". >>> >> >>> >> Any idea? >>> > >>> > ___ >>> > Users mailing list -- users@ovirt.org >>> > To unsubscribe send an email to users-le...@ovirt.org >>> > Privacy Statement: https://www.ovirt.org/privacy-policy.html >>> > oVirt Code of Conduct: >>> https://www.ovirt.org/community/about/community-guidelines/ >>> > List Archives: >>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/5LQQKPQC6LRNEMCR5U3WYZIR35FSO6AK/ >>> >>> ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/SMUYRQ4TGTZPBRWLUNHAAZDQFDLOBY5R/
[ovirt-users] Re: How to configure HA virtual machine on hosts without IPMI
Hi, there is no other way how to provide reliable HA VMs in oVirt wihout any hardware power management. If your servers don't provide any HW power management (such as IPMI, ILO, DRAC, ...), then the only option is to attach their power supply inputs through UPS with remote access and use apc fencing driver to restart servers using UPS. Martin On Tue, Oct 11, 2022 at 9:41 AM samuel@horebdata.cn < samuel@horebdata.cn> wrote: > Dear Ovirt folks, > > I am thinking of deploly an experimental Ovirt 3-node Cluster on servers > without IPMI. As far i know, Ovirts needs each host to have fence agent > working for any HA virtual machine. My question is, are there any other > ways in Ovirt to support fencing without using IPMI? > > thanks a lot, > > Samuel > > > -- > Do Right Thing (做正确的事) / Pursue Excellence (追求卓越) / Help Others Succeed > (成就他人) > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/EXOTNSY5DMLFYEGCPB4QDX4QUBVETCIJ/ > -- Martin Perina Manager, Software Engineering Red Hat Czech s.r.o. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/PS6PVOKZX5AUEW7ZI4PSI45V4NBIOJHS/
[ovirt-users] Re: Convert raw images to qcow format
It’s possible with the API, see http://ovirt.github.io/ovirt-engine-api-model/master/#services/disk/methods/convert On Tuesday, October 11, 2022, Jonas wrote: > Hi there > > I want to create incremental backups of a few imported VMs, but the VM > disks are in the raw disk format which does not support incremental backup. > Is there a way to convert existing disks from raw to qcow in oVirt? Since > qemu-img can do this,I assume there must be a way.. > > Thank you > Jonas > ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/Y2KNZ4LXLD33URESISCOGX262UDIAJWH/
[ovirt-users] How to configure HA virtual machine on hosts without IPMI
Dear Ovirt folks, I am thinking of deploly an experimental Ovirt 3-node Cluster on servers without IPMI. As far i know, Ovirts needs each host to have fence agent working for any HA virtual machine. My question is, are there any other ways in Ovirt to support fencing without using IPMI? thanks a lot, Samuel Do Right Thing (做正确的事) / Pursue Excellence (追求卓越) / Help Others Succeed (成就他人) ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/EXOTNSY5DMLFYEGCPB4QDX4QUBVETCIJ/
[ovirt-users] Local (Deployment) VM Can't Reach "centos-ceph-pacific" Repo
Hi All,
OK, new issue: :-(
If I'm reading things right the local (deployment) vm can't get to the
centos-ceph-pacific repo.
The repo is installed on the host machine (along with all of the relevant
dependant repos).
I thought that local 192.168.222.0/24 network was nated out the virbr0 virtual
bridge - am I wrong in this (ie do we need to update/change our routing
tables/whatever)?
Here is the (relevant part) of the log:
~~~
2022-10-11 16:22:14,749+1100 INFO otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:115 TASK [ovirt.ovirt.engine_setup : Install
oVirt Engine package]
2022-10-11 16:26:03,643+1100 DEBUG
otopi.ovirt_hosted_engine_setup.ansible_utils ansible_utils._process_output:109
{'results': [], 'rc': 1, 'msg': "Failed to download metadata for repo
'centos-ceph-pacific': Cannot download repomd.xml: Cannot download
repodata/repomd.xml: All mirrors were tried", 'invocation': {'module_args':
{'name': ['ovirt-engine'], 'state': 'present', 'allow_downgrade': False,
'autoremove': False, 'bugfix': False, 'cacheonly': False, 'disable_gpg_check':
False, 'disable_plugin': [], 'disablerepo': [], 'download_only': False,
'enable_plugin': [], 'enablerepo': [], 'exclude': [], 'installroot': '/',
'install_repoquery': True, 'install_weak_deps': True, 'security': False,
'skip_broken': False, 'update_cache': False, 'update_only': False,
'validate_certs': True, 'lock_timeout': 30, 'allowerasing': False, 'nobest':
False, 'conf_file': None, 'disable_excludes': None, 'download_dir': None,
'list': None, 'releasever': None}}, '_ansible_no_log': False, 'changed': False,
'
_ansible_delegated_vars': {'ansible_host': '192.168.222.77', 'ansible_port':
None, 'ansible_user': 'root', 'ansible_connection': 'smart'}}
2022-10-11 16:26:03,744+1100 ERROR
otopi.ovirt_hosted_engine_setup.ansible_utils ansible_utils._process_output:113
fatal: [localhost -> 192.168.222.77]: FAILED! => {"changed": false, "msg":
"Failed to download metadata for repo 'centos-ceph-pacific': Cannot download
repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried", "rc":
1, "results": []}
2022-10-11 16:26:04,045+1100 INFO otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:115 TASK [ovirt.ovirt.hosted_engine_setup : Sync
on engine machine]
2022-10-11 16:26:04,947+1100 INFO otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:115 changed: [localhost -> 192.168.222.77]
2022-10-11 16:26:05,449+1100 INFO otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:115 TASK [ovirt.ovirt.hosted_engine_setup : Set
destination directory path]
2022-10-11 16:26:05,950+1100 INFO otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:115 ok: [localhost -> localhost]
2022-10-11 16:26:06,352+1100 INFO otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:115 TASK [ovirt.ovirt.hosted_engine_setup :
Create destination directory]
2022-10-11 16:26:06,953+1100 INFO otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:115 changed: [localhost -> localhost]
2022-10-11 16:26:07,355+1100 INFO otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:115 TASK [ovirt.ovirt.hosted_engine_setup :
include_tasks]
2022-10-11 16:26:07,856+1100 INFO otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:115 ok: [localhost]
2022-10-11 16:26:08,357+1100 INFO otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:115 TASK [ovirt.ovirt.hosted_engine_setup : Find
the local appliance image]
2022-10-11 16:26:08,959+1100 INFO otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:115 ok: [localhost -> localhost]
2022-10-11 16:26:09,460+1100 INFO otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:115 TASK [ovirt.ovirt.hosted_engine_setup : Set
local_vm_disk_path]
2022-10-11 16:26:09,862+1100 INFO otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:115 ok: [localhost -> localhost]
2022-10-11 16:26:10,363+1100 INFO otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:115 TASK [ovirt.ovirt.hosted_engine_setup : Give
the vm time to flush dirty buffers]
2022-10-11 16:26:20,986+1100 INFO otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:115 ok: [localhost -> localhost]
2022-10-11 16:26:21,388+1100 INFO otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:115 TASK [ovirt.ovirt.hosted_engine_setup : Copy
engine logs]
2022-10-11 16:26:27,901+1100 INFO otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:115 changed: [localhost]
2022-10-11 16:26:28,403+1100 INFO otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:115 TASK [ovirt.ovirt.hosted_engine_setup :
Change ownership of copied engine logs]
2022-10-11 16:26:29,005+1100 INFO
[ovirt-users] Convert raw images to qcow format
Hi there I want to create incremental backups of a few imported VMs, but the VM disks are in the raw disk format which does not support incremental backup. Is there a way to convert existing disks from raw to qcow in oVirt? Since qemu-img can do this,I assume there must be a way.. Thank you Jonas___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/OYDUK5LEV2HPZNGHT5KBNXVNCMLMNNY2/
[ovirt-users] Re: Pre-Installing OpenVSwitch For oVirt Self-Hoster Install - Issues?
Hi All, OK, so I actually ended up solving the underlying issue that I was trying to work around with this - see https://lists.ovirt.org/archives/list/users@ovirt.org/thread/UYX2L76UOAMAOQ2IWCQ4KJIJHOFXKNFJ/ for details Cheers Dulux-Oz ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZMSTBZBB4RNUXEEXC5KPPBZJEAST7EGL/
[ovirt-users] Re: Network Interface Already In USe - Self-Hosted Install
Hi All, OK, so after much reading of logs, Ansible files, blog posts, documentation, and much gnashing of teeth, glasses of bourbon, language to make a sailor blush, tears, blood, sweat, and various versions of "DOH!", I finally worked out what was wrong - what I did wrong - and so I'm putting it down here so that the next person who comes along with the same (or a similar) issue doesn't have to go through what I went through - and I'm including a couple of suggestions to the devs/doco writers which (I believe) would have stopped me from making my mistake in the first place. When I did my install I used the command: ~~~ hosted-engine --deploy --4 --ansible-extra-vars=he_ipv4_subnet_prefix=172.16.1 ~~~ I did this because we're running an IPv4 network and because the oVirt Engine needs to be on the 172.16.1.0/24 network - and that's what I thought the "he_ipv4_subnet_prefix" option did, and I was trying to let the deployment script know this in advance instead of having to discover this itself. Now that I've gone back over *all* the doco I realise that the "he_ipv4_subnet_prefix" option is *not* used for this purpose, but is instead used for the *temporary* ip address of the deployment engine when the default subnet of 192.168.222.0/24 is not available. Because I was specifying the 172.16.1.0/24 network (which is already in use) the deployment failed because it was attempting to create that network as a temporary network for the initial deployment. So yes, as I said, my fault - no question about that at all. Some suggestions: Although it is stated in the documentation - Installing oVirt As A Self-Hosted Engine Using The Command Line, section 2.3.2 (https://www.ovirt.org/documentation/installing_ovirt_as_a_self-hosted_engine_using_the_command_line/index.html#Network-range-for-SHE-deployment_SHE_cli_deploy) - (I believe) it is not very clear what is happening here, so a "Note:" or some sort of statement explicitly stating what this is used for might be in order. For example, here is the note I made for our team in our internal documentation: ~~~ **Note:** he_ipv4_subnet_prefix=x.x.x: - This is a temporary network prefix if 192.168.222.0/24 (the default) is not available - this is ***NOT*** the final working subnet of the oVirt Engine. ~~~ I also believe - quite strongly, in fact - that having the entire deployment hidden behind the "black box" that is the Ansible deployment - while making things easy by automating the deployment - makes troubleshooting more difficult. I believe that if there was a definite "Step-By-Step" list of what was going on behind the scenes - perhaps as an Appendix to the documentation - then the mistake I made would have been a lot harder to make - ie if there was such a list then it would have been less likely to make the assumption I made. I'm thinking something along the lines of (and I am aware that what follows is not correct): ~~~ 1. Collect info - this is stored in "/path/file" temporarily. 2. Install Deployment VM. 3. Deployment VM creates internal bridge - this uses 192.168.222.0/24 by default but can be overridden by "he_ipv4_subnet_prefix". 4. Deployment Engine creates oVirt Engine. etc, etc, etc ~~~ Anyway, that's my feedback / suggestions / mea culpa / whatever. :-) Cheers Dulux-Oz ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/FUBH7MVCYMSGLWXEXCVQIM6QHDJUM6GV/
