Wouldn't there be another way to access console from the hypervisor to the
hosted-engine (without X) ?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
>I'm not sure about first part, but it should be accessible from
>engine's hypervisor using QEMU console. You can list VMs running on
>the host with
>$ virsh -r list
That would be nice, but the list is empty...However I can see it with vdsClient
-s 0 list and hosted-engine --vm-status after
Actually I found my answer : it was just a problem on the NFS share, no
relationship with ovirt itself, sorry about that.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
ot;inavtive" and "unknown"
Any ideas ?
- Mail original -
De: "Alexis HAUSER" <alexis.hau...@telecom-bretagne.eu>
À: "Martin Polednik" <mpoled...@redhat.com>
Cc: "users" <users@ovirt.org>
Envoyé: Mercredi 8 Juin 2016
Hi,
I'm looking for a way to change the duration of all tickets from all VMs. How
can I do this ? I'd like to change it to 5 min instead of 2 min.
It seems it is possible to change these parameters using the RestAPI, with
"action.grace_period.expiry" or "action.ticket.value"...
Anyway, these
hi,
I made a terrible and stupid mistake : I changed the VLAN of the wrong ovirt
network interface : ovirtmgmt...
I now don't have anymore access to my hosted engine. I can still access to the
host hypervisor anyway.
Any idea how I can change the ovirtmgmt VLAN (disabling the option enable
It is telling you where is the log file to check :
Log file is located at
/var/log/ovirt-hosted-engine-setup/ovirt-hosted-engine-setup-20160614145427-u8mxun.log
That would give more details
___
Users mailing list
Users@ovirt.org
> http://imgur.com/a/6xkaS
I had similar errors with one single host and a hosted-engine VM.
My case should be totally different, but one thing you could try first is to
check VM is really up.
In my issues, VM was shown by hosted-engine command as up, but was down. with
vdsClient command, you
>Thanks for the report.
>Can you please summarize how you solved the wrong-vlan issue? Thanks.
Actually, this isn't very clear. After changing the ovirtmgmt VLAN, I wasn't
able to access the web interface anymore (or even to ping the FQDN of the
hosted-engine VM).
After trying a lot of
>Wouldn't there be another way to access console from the hypervisor to the
>hosted-engine (without X) ?
>Not really if you don't have network afaik. Have you done the virsh
>command with root permissions?
>sudo virsh list
>sudo virsh console vm
>If list even under root permissions doesn't show
>'ovirt-engine-extensions-tool' logs would be more helpfull.
Here it is :
https://bpaste.net/show/a166df875909
I can't see anything else than this SSL error and what seems to be a missing
python module : "ImportError: No module named dnf"
Can you see something else or do you have any idea of
>This is output of installation script
>'ovirt-engine-extension-aaa-ldap-setup', which is written in python, but
>aaa-ldap extension in Java. So the strange thing is that you can connect
>via
>startTLS in python script, but later you can't connect with aaa-ldap
>Java extension.
>Can you please
>Default password is 'changeit' (without quotes).
>Hmm, can you please try use the .jks file generated by aaa-ldap-setup
>tool? Just to be sure.
I still have the same error with the default jks
>Anyway, the strange thing is that aaa-ldap-setup tool passes, but
>extension don't work later.
>Oh, I see it, we was blind all the time. The problem is in AD2 and AD3.
>AD1 and AD4 are fine.
>So yes the problem is on AD side but only for AD2 and AD3, that's why it
>worked for
>aaa-ldap-setup :)
>So actually this command shouldn't work for you:
> LDAPTLS_CACERT=/somewhere/myca.pem
This is really weird : If I manually run : dig _ldap._tcp.my_forst_name.com SRV
I can see the 4 AD servers in ANSWER, AUTHORITY and ADDITIONAL SECTION
If I use : pool.default.serverset.srvrecord.service = ldaps
In the logs I see this : "An error occurred while attempting to query DNS in
order to
>Well startTLS is prefered always before ldaps, not only in AD. So maybe
>you can open
>documentation bug, so we will properly describe how this DNS SRV server
>set works and what
>needs to be done, to get it properly working.
Ok, I'll do that. I counted : that will be my 18th bug in my list
>you use '_ldaps._tcp' in ovirt not '_ldap._tcp' as in dig.
>And '_ldaps' is what's missing in your DNS.
Oh ! you're right, I didn't even see that ! I was confused by all this. I'll
ask someone to add these SRV records.
>Unfortunatelly using '_ldaps._tcp' is not any standart. But that's what
>Please don't port 636 for DNS server, 636 is only for LDAPS protocol:
>vars.dns = dns://one.of.adservers.com
Ok, but as I explained, even without using 636, the result is the same.
When using the option "pool.default.serverset.srvrecord.service = ldaps" and
"dns://one.of.adservers.com"
I get
>You use 389 with SSL? I guess you wrongly specified it.
>But, if you want to use SSL and you have it on 636, then you should
>create new SRV dns
>records for example: _ldaps._tcp.university.mydomain.com ... 636
Where should I add this ? in /etc/hosts ? Somewhere in the ovirt config ? On
the
>> Where should I add this ? in /etc/hosts ? Somewhere in the ovirt config ? On
>> the DNS server I'm using ?
>On DNS you are using, usually on AD DNS.
Well actually this DNS name doesn't exist and seem to be only an unspecified
variable in ovirt...I have no reason to create a DNS entry for it.
Hi,
I'm trying to find what are the different ways / approaches to automated
users/groups creation, based on a LDAP/AD database.
This is my first problematic : when a LDAP/AD provider is joined, and a user is
created in ovirt from this provider, the user heritates a part of the
attributes
>Until administrators will fix AD servers, in order to use SSL you can
>temporarily use following setup:
> pool.default.serverset.single.server = AD1
> pool.default.dc-resolve.enable = false
> pool.default.ssl.startTLS = true
>But this is only temporary solution and you should switch back to
>> Thank you, this actually works. Yes, I'll remove it as soon as possible.
>> Now with RHEV + AD, it seems better than RHEV + LDAP for groups : it finds
>> most of the groups a user belongs to. RHEV + LDAP is only able to find one
>> group a user belongs to >>(which is not the same group found
hi,
I realized that I still have a process of creating a VM pool in the Tasks
since...May 20...
How can I check if there is a stuck job or something still trying to do it ? If
nothing is going on, how can I clear this from the event logs ?
___
Users
>we were looking for a prepackaged solution because of the lack of
>human resources to devote to the project.
>But if pursuing this research becomes too exhausting we would probably
>develop a linux solution and in that case the kind of terminal you
>suggested is interesting indeed.
Hi, I'm
Hi,
I'm using 3.6.3.4-1.el7.centos and I'm having troubles joining an LDAP provider.
When I try to login into the new profile, I get a "general command validation
failure" error.
This is what I can get from ovirt-engine/engine.log :
tail -n 400 /var/log/ovirt-engine/engine.log | grep -i
>> pool.default.ssl.truststore.file = /tmp/.jks
>
> Maybe trailing space here ^ ?
>
>> pool.default.ssl.truststore.password =
>>
>
> Sadly it doesn't help
>
>So please ensure also that file '/tmp/.jks' is readable by ovirt
>user. The configuration looks fine.
> All permissions are
>> pool.default.ssl.truststore.file = /tmp/.jks
>
> Maybe trailing space here ^ ?
>
>> pool.default.ssl.truststore.password =
>>
>
> Sadly it doesn't help
>
>So please ensure also that file '/tmp/.jks' is readable by ovirt
>user. The configuration looks fine.
All permissions are
> pool.default.ssl.truststore.file = /tmp/.jks
Maybe trailing space here ^ ?
> pool.default.ssl.truststore.password =
>
Sadly it doesn't help
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
> As I explained, my groups are not in the same dn path than my users. As it
> is not possible to add multiple dn path, my only solution is to use users.
> Well, that's the 1st time I've heard about LDAP setup where users and
> groups of one domain are not under same baseDN. Usually all LDAP
Hi,
I would like to know what happens to storage when using the different method of
cloning or generating VMs using templates / pools.
I'd like to know also in what case VM and virtual disks are totally independent
and in what case they are not.
Sadly the RHEV documentation doesn't really
>Regarding your examples, I cannot say exactly because of lack of some
>details. What storage type are you using? How do you measure the space used
>on the physical disk?
simply df -h on the PC sharing the NFS storage.
>> For example, when making a VM from template, using pre-allocated disk
>>
> >
> > Is it possible now to search for groups instead of users / manipulate
> > groups in the web interface ?
> Sure, if you type some search term into UI users/permissions dialog it
> will also search for groups.
Is their a way to search for attributes into the ovirt web interface, for
>> Is their a way to search for attributes into the ovirt web interface, for
>> example "memberof" ?
>>
>> I can't imagine adding hundreds or thousand of users one by one...What
>> would be the solutions ?
>>
>You can assign specific permission to the group that relevant users are
>member of (we
>Are you sure you've specified correct CA?
>
>Can you try running this command:
> LDAPTLS_CACERT=your_ldap_ca_cert.crt ldapsearch -H ldaps://@HOST@ -x
>-D '@USERDN@' -w '@USERPW@' -b '@BASEDN@'
>
>If it fail then most probably you have incorrect CA certificate.
>If it succeed, please open bug
>> However, I can't login with any user...But with ldapsearch I can find those
>> users with uid=user
>>
>> I used ovirt-engine-extensions-tool aaa login-user --profile=xxx
>> --user-name=xxx
>> and I realize now what is the problem : the available namespaces shows the
>> wrong dn. It should
> >
> > Is it possible now to search for groups instead of users / manipulate
> > groups in the web interface ?
> Sure, if you type some search term into UI users/permissions dialog it
> will also search for groups.
Thank you for all your answers, we can say my problem is now solved
>Note in
>> Should I report this on the bugzilla ?
>>
>You can, but I beleive this is not bug, but some misconfiguration, many
>times I've tried completelly simillar setup and it worked.
>
>Btw.. did you used 'ovirt-engine-extension-aaa-ldap-setup'? If not you
>can install it.
> $ yum install
>Or do you use rfc2307? You can find out running this command:
> LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://myldap -b
>'ou=people,o=unix,dc=somewhere,dc=any' -D
>'cn=mysearchuser,ou=admin,o=unix,dc=somewhere,dc=any' -W
>'(&(objectClass=posixAccount)(uid=*)(uid=myuser))'
>If ^this
>> Yes this is actually the tool I used first, then I modified manually as on
>> the documentation.
>>
>> The problem in this approach is the fact you need a .profile file to be able
>> to set up a TLS connection between the LDAP >and the engine. But this file
>> is generated after the
>>I am unsure I understand. What is missing in interactive setup to
>>properly setup TLS?
>>You just enter CA certificte path/url/system and Java keystore file is
>>created for you by the tool.
>I'll try to generate a new file with the interactive setup and tell you if the
>result is
Hi,
I added an Active Directory server to RHEV, but I can't perform any search and
I don't see any namespace in the interface.
I'm able to perform search using with the same search user DN / passwd and
certificate :
LDAPTLS_CACERT=/somewhere/myca.pem ldapsearch -H ldaps://myserver.com -x -D
>Can you please send what's happening during initialization of engine?
>(logs right after ovirt-engine is restarted).
>Or run this command and send output of file 'login.log':
> $ ovirt-engine-extensions-tool --log-level=FINEST --log-file=login.log
>aaa login-user --profile=ad
Ok I start to understand where was the problem :
[81387.469731] CPU: 1 PID: 20688 Comm: umount Tainted: G I
3.10.0-327.13.1.el7.x86_64 #1
[81387.469733] Hardware name: Dell Inc. PowerEdge R610/086HF8, BIOS 1.2.6
07/17/2009
[81387.469734]
> That's right. You can add similar lines for other OSes as needed.
Is there a way to change it for all os in a row ? something like
"os.all.devices.display.vramMultiplier.value = 2"
How is that memory used on the hypervisor ? Will this use the physical vram for
the same amount or will it
> Look for vramMultiplier in osinfo-defaults.properties file.
> The following formula applies: vram_size = vramMultiplier * vgamem
> You must restart Engine to apply the new setting.
The only thin I found about it in that file is :
os.rhel_7x64.devices.display.vramMultiplier.value = 2
I am not
>Unfortunately we know that migrating from HE to HE is not as simple as
>from physical to HE:
>https://bugzilla.redhat.com/show_bug.cgi?id=1240466#c21
>In general the issue is that the DB backup form the old hosted-engine
>VM contains a lot of references to the previous hosted-engine env and
>you
Hi,
I'm currently using an NFS storage for my hosted-engine. However, this NFS
server will be removed soon. I'd like to move the hosted-engine to an iSCSI
storage. How can I proceed ? The options for moving/copying VM disk don't seem
to be available for the hosted engine in the web interface.
d_storage :)
- Mail original -
De: "Simone Tiraboschi" <stira...@redhat.com>
À: "Alexis HAUSER" <alexis.hau...@telecom-bretagne.eu>
Cc: "users" <users@ovirt.org>
Envoyé: Mercredi 10 Août 2016 11:37:15
Objet: Re: [ovirt-users] 3.6 : iSCSI L
> Yes, you cannot remove the master storage domain, so you need to create
> another
> domain and make it the master. Then you will be able to detach the
> original storage
> domain properly.
> Nir
I would love to do that...But it's not possible as long as the master data
domain is in
Hi,
I am reinstalling a new Node with a new hosted-engine and I would like to
import an iSCSI storage from a previous ovirt installation.
However, I can see all LUN present on that iSCSI but the one I want... I
checked from the iSCSI array and this disk still exists, it's just not detected
> Hi Alexis
> Were you able to resolve your storage LUN issue?
> Regards,
> Kevin
I am trying the suggested solution on this post by Nir Soffer : reconnect the
storage to the older hypervisor and detach it correctly...But it doesn't work :
>From the DC :
1. I set the storage (which is
This doesn't looks really good, right ? Should I report that somewhere ?
I actually had this bug when using RHEL7 profile for a Fedora 24 (to provide
enough vram, because the default with other profiles is really lower).
[Wed Jul 13 11:00:12 2016] [ cut here ]
[Wed Jul
> The issue seams here: please ensure that you can correctly connect
> your storage server.
> Can you please attach vdsm logs?
Yes actually I figured out it was a DNS problem : as mentioned in the messages
from the log I provided, it wasn't able to reach the NFS where the engine was
(as it
>Sounds like a possible networking problem. Have you assigned IP
>addresses to the storage interfaces on this new host?
hum, What do you mean by storage interfaces ? The other host on the same
network can access it.
> If you're using
> VLANs, are they set up correctly on your switch ports
Hi,
I just added a second host but it can't become operational, because it can't
access to the iSCSI storage domain. My first question : is it normal or not, is
RHEV really able to manage the fact an iSCSI LUN can be accessed from multiple
hosts ?
I don't find anything in the logs, except
> I don't understand. iSCSI is a network storage protocol. What do you
> mean by "I access it directly"? When you set up the first host with an
> iSCSI storage domain, you would have had to point it to an IP address,
> "discover" the LUNs and then attach to them. This sets up the domain.
As I
>I'm still finding this hard to understand. If you are using iSCSI, you
>/are/ using a server (called the "Target" in SCSI speak). Is the iSCSI
>storage actually on the first host?
It's a Dell bay (or "storage array", I think that's the correct name in
english...)
> How did you actually do
Here are the two Events I can see :
Host Hypervisor has network interface which exceeded the defined threshold
[95%] (em1: transmit rate[98%], receive rate [4%])
Migration failed (VM: Clone-ubuntu, Source: Hypervisor, Destination:
hypervisor22).
Any ideas ?
It it not the first time I have
>Normally you should not have to do that. It could be that it was not
>allowed access, and you'd have to leave it a while for the host to retry.
It looped on retrying to make it work for 24 hours...It was authorized. But
actually when I first add the host, it didn't have authorization. I added
> Use "Clusters" -> "Logical Networks" -> "Manage Networks" for assigning
> network for migrations. It's ovirtmgmt by default. Note that migration
> network has to have IPs on hosts.
Nice, do you think I should dedicate a link only for migration, for safety ?
>Hosts have VDSM configuration
After assigning an IP adress to a VLAN network (it was using DHCP by default)
that was on the same NIC than ovirtmgmt, my hosted-engine crashed and can't
start again...I have no idea how to fix this.
I had a similar issue some months ago but with a different error. I tried to
restart the ha
This is what happens when I try to start the ovirt-guest-agent in Ubuntu-Mate
16.04 Xenial, any ideas ?
/etc/init.d/ovirt-guest-agent status
● ovirt-guest-agent.service - oVirt Guest Agent
Loaded: loaded (/lib/systemd/system/ovirt-guest-agent.service; disabled;
vendor preset: enabled)
Sorry it's a standard Ubuntu, not Ubuntu-Mate
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
3.6.5
So this is a bug ?
- Mail original -
De: "Arman Khalatyan" <arm2...@gmail.com>
À: "Alexis HAUSER" <alexis.hau...@telecom-bretagne.eu>
Cc: "users" <users@ovirt.org>
Envoyé: Vendredi 8 Juillet 2016 09:38:21
Objet: Re: [ovirt-u
> Restart engine, or run engine-setup it will clear Zombie tasks.
Still having this stuck task since may 20, restarting engine didn't fix it.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Hi,
I was using a NFS storage and I'm now moving all VMs from there to an iSCSI.
I successfully moved most VMs disks but now when I try to move those made from
template using thin and VMs from pool, I get the following error :
"the template that this VM is based on doesn't exit on any storage
Hi,
I would like to change the video memory size (vram_size parameter), how can I
proceed ?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Hi, I installed a new node with a new hosted engine, version 3.6, added a data
domain, but I can't see the hosted_storage.
I tried to use the "import storage" on it but it keeps having unattached
status, and in the logs I can see :
"2016-08-09 05:39:32,821 WARN
Actually, I solved my problem by solving a bug I was affected by (SELinux
preventing to add storage domain), removing the unattached hosted_storage and
restarting ovirt-engine.
It added it automatically with the VM as usual :)
- Mail original -
De: "Alexis HAUSER" &
Hi,
Since I use several hosts with ovirt, I get very unstable reactions everytime I
change anything about networks...
What are the requirement for networks when using multiple hosts ? If I add a
logical network to a NIC to my first host, the second host becomes non
operationnal...Do I really
>On that same note... I would love to deploy several Thin clients around my
>house using a single Centos Server for my kids to use.
>Is this still not possible?
>Do I still have to assign each of my kids a vm?
>Regards,
>--
>Fernando Fuentes
>ffuen...@txweather.org
Hi,
I'm trying to "deploy" the hosted engine (3.6) on a second node for HA. I used
hosted-engine --delpoy, answering the script questions it's a new host setup.
However it is requesting me for a FQDN, an engine name and a password for
admin@internal. Is this a normal behavior ?
It seems
>This instead is an issue of your env:
>your additional host is still named 'localhost.localdomain': of course
>the engine VM will be able to resolve it but it will not reach your
>host; in that case the engine will just try to add the engine VM
>itself as an host creating a mess.
>Since we saw
>No, it's not: you have to point to the same storage server you used
>for the first host, hosted-engine-setup will detect the existing
>installation and it will ask if you are going to add an additional
>host.
>At that point it will consume the answer file saved on the shared storage.
This is
> This is that part that confused me a bit : I need to set up a new FQDN for
> the engine, but a different one right ? So each engine on each node needs a
> different FQDN ?
> No, you have just to use a sensate globally resolvable FQDN for your
> additional host: 'localhost.localdomain' is
Ok, now after removing it, it auto-adds itself to the web interface.
I tries to "install" and fails with just after the step "installating host
stage: termination" "host is not rechable". I can ping it and its FQDN from
the engine and other host.
Any ideas ?
hi,
I'd like to know what happens when you create a new network, tagged with VLAN
for example 25 and using em2 :
- the packets outgoing from em2.25 are tagged, right ?
- the packets outgoing from em2 are tagged or not ?
- the result is packets inside ovirt are tagged, but when you go out of it
>No, in both the case it's referring to the host you are going to add to
>your engine (the host where you are running hosted-engine --deploy): the
>first one is a label to easily identify your host, the second one the
>address to reach it.
Thanks, then it means only the default label is wrong,
lla about this and if not I'll open
one.
- Mail original -
De: "Simone Tiraboschi" <stira...@redhat.com>
À: "Alexis HAUSER" <alexis.hau...@telecom-bretagne.eu>
Cc: "users" <users@ovirt.org>
Envoyé: Jeudi 25 Août 2016 16:56:17
Objet: Re: [ovirt-user
Hi,
I have an Ovirt installation with 3 nodes (5 soon), containing 6 network cards
(8 soon), a multipath iSCSI array and I would like to know how you would advice
me to choose which link to bond or not.
I thought about :
1+2 : ovirtmgmt (bond)
3+4 : iSCSI (multipath)
5 : VM and Display
Hi,
Is there a way to separate the network flow from NFS ? I know it is possible to
do it with VM, display, ovirtmgmt, iSCSI, but what about NFS ? Does it use
ovirtmgmt ?
Thanks in advance
___
Users mailing list
Users@ovirt.org
Hi,
Is it possible in ovirt-4.0 to extend the size of a data domain ?
In theory it should be possible with LVM to do it, but does ovirt provide this
functionality ?
Regards
___
Users mailing list
Users@ovirt.org
hi, I'm trying to figure out how to manage VM permissions with ovirt.
>From what I've understood, if you add a user to user role in the system
>preferences, this user can access every VM and resources on the cluster, with
>the associated permissions; right ?
Now, if I want to control who has
Hi,
I would like to bond 2 NICS from RHV side. There 2 links would go on 2
separates switch.
Which kind of bond would you advice me to use (betweem the 4 proposed mode or
the custom mode) ?
Regardes
___
Users mailing list
Users@ovirt.org
After rebooting the manager VM, hosts are connecting/non responsive and data
domains inactive. Here are the engine and vdsmd logs. Any ideas ?
Engine logs :
2017-05-11 17:28:09,302 WARN
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(DefaultQuartzScheduler5)
Hi,
In the way Ovirt is currently designed, is there a way to separate the
following elements in different VLANs :
1) Communication betweem nodes (hypervisors) and engine (manager)
2) Access to webadmin interface
3) access to user web interface
It seems that the following elements all
different FQDN are necessary, right ? I heard HA
requires to access to the engine FQDN...
Do you have any idea how to solve this situation ?
Alexis
On 24 August 2017 at 15:39, Alexis HAUSER
<alexis.hau...@imt-atlantique.fr> wrote:
>
> In the way Ovirt is currently designed, is
88 matches
Mail list logo
