[ovirt-users] Ovirt Node Next mass deploy

2016-07-21 Thread Giorgio Biacchi
Hi list,
starting from here
(http://lists.ovirt.org/pipermail/devel/2016-January/012073.html) and adjusting
broken links now I'm able to pxe boot CentOS 7 + kernel arguments:

LABEL node_4
 MENU LABEL Ovirt Node 4.0
 KERNEL centos7/x86_64/vmlinuz
 APPEND initrd=centos7/x86_64/initrd.img ramdisk_size=10 ksdevice=link
inst.ks=http://172.20.22.10/ks/ks_ovirt-node-4.0.cfg
inst.updates=http://jenkins.ovirt.org/job/ovirt-node-ng_master_build-artifacts-fc22-x86_64/lastSuccessfulBuild/artifact/exported-artifacts/product.img
inst.stage2=http://mi.mirror.garr.it/mirrors/CentOS/7/os/x86_64/

I think this method is the best for me because with a custom kickstart I can set
ssh keys and custom hooks and have a fully automated installation, but I'm not
sure if the lastSuccessfulBuild/artifact/exported-artifacts/product.img is the
correct image to pass to have a "stable" node.

There's any other "stable" product.img I can use?

Thanks
-- 
gb

PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Ovirt Node NG 4.0.0 wants to bridge my infiniband link

2016-07-04 Thread Giorgio Biacchi
As I said, Infiniband is not ethernet so it cannot be L2 bridged. This is normal
and I understand why it can't be done. I'd like to know if there's a way to
configure host networking for infiniband link without bridging because is not
necessary to have a bridge there. In addition to this, 3.6 behavior was
different. Here's all the relevant configuration files generated by 3.6 and 4.0:

- 3.6 ---

[root@node3.6]# cat /etc/sysconfig/network-scripts/ifcfg-ib0
# Generated by VDSM version 4.17.11-7.gitc0752ac.el7
DEVICE=ib0
HWADDR=80:00:00:48:fe:80:00:00:00:00:00:00:00:02:c9:03:00:0a:06:9f
ONBOOT=yes
BOOTPROTO=dhcp
MTU=65520
DEFROUTE=no
NM_CONTROLLED=no
IPV6INIT=no

[root@node3.6]# cat /var/lib/vdsm/persistence/netconf/nets/ibstorage
{
"nic": "ib0",
"bootproto": "dhcp",
"blockingdhcp": true,
"bridged": "false",
"mtu": "65520"
}

-

- 4.0 ---

[root@node4.0]# cat /etc/sysconfig/network-scripts/ifcfg-ib0
# Generated by VDSM version 4.18.5.1-1.el7.centos
DEVICE=ib0
BRIDGE=ibstorage
ONBOOT=yes
MTU=65520
NM_CONTROLLED=no
IPV6INIT=no

[root@node4.0]# cat /var/lib/vdsm/persistence/netconf/nets/ibstorage
{
"ipv6autoconf": false,
"nic": "ib0",
"mtu": 65520,
"switch": "legacy",
"dhcpv6": false,
"stp": false,
"bridged": true,
"defaultRoute": false
}

[root@node4.0]# cat /var/lib/vdsm/persistence/netconf/nets/ib0
{
"ipv6autoconf": false,
"nic": "ib0",
"mtu": 65520,
"switch": "legacy",
"dhcpv6": false,
"stp": false,
"bridged": true,
"defaultRoute": false
}

[root@node4.0]# cat /etc/sysconfig/network-scripts/ifcfg-ibstorage
# Generated by VDSM version 4.18.5.1-1.el7.centos
DEVICE=ibstorage
TYPE=Bridge
DELAY=0
STP=off
ONBOOT=yes
DEFROUTE=no
NM_CONTROLLED=no
IPV6INIT=no
MTU=65520

-

So it seems that 4.0 generates more files and wants to bridge an ethernet
unbridgeable link. Steps to attempt to configure the connection for 4.0 was the
same done successfully for 3.6.

Thanks again

On 07/04/2016 03:25 PM, Arman Khalatyan wrote:
> As I remember the IBoIP is not fully implemented Ethernet protocol, it does 
> not
> support bridging.
> 
> 
> ***
> 
>  Dr. Arman Khalatyan  eScience -SuperComputing
>  Leibniz-Institut für Astrophysik Potsdam (AIP)
>  An der Sternwarte 16, 14482 Potsdam, Germany  
> 
> ***********
> 
> On Mon, Jul 4, 2016 at 2:58 PM, Yevgeny Zaspitsky <yzasp...@redhat.com
> <mailto:yzasp...@redhat.com>> wrote:
> 
> Hello,
> 
> What's "couple of vdsm hooks"? Could you provide the source code of those?
> 
> Regards,
> Yevgeny
> 
> On Mon, Jul 4, 2016 at 1:43 PM, Giorgio Biacchi <gior...@di.unimi.it
> <mailto:gior...@di.unimi.it>> wrote:
> 
> Hi list,
> I'm trying a test installation of the new Ovirt Node Image and engine 
> before
> upgrading my 3.6 installation.
> 
> In my current environment every hypervisor access the NFS shared data
> domain via
> infiniband. With a couple of vdsm hooks I was able to set the 
> infiniband
> link in
> connected mode and set a MTU of 65520. In my case the infiniband link 
> is
> used as
> a common NIC, I don't use RDMA, only IP over infiniband to access the
> data domain.
> 
> Now, when I attempt to setup host networking, the system try to 
> bridge the
> connection "ibstorage" (defined in networks tab) with ib0 device. But 
> a non
> ethernet device cannot be bridged that way and host networking setup 
> fails.
> 
> Any idea or suggestion? With 3.6 (node and engine) all was fine.
> 
> Thanks
> --
> gb
> 
> PGP Key: http://pgp.mit.edu/
> Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 
> 0F34
> ___
> Users mailing list
> Users@ovirt.org <mailto:Users@ovirt.org>
> http://lists.ovirt.org/mailman/listinfo/users
> 
> 
> 
> ___
> Users mailing list
> Users@ovirt.org <mailto:Users@ovirt.org>
> http://lists.ovirt.org/mailman/listinfo/users
> 
> 

-- 
gb

PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Ovirt Node NG 4.0.0 wants to bridge my infiniband link

2016-07-04 Thread Giorgio Biacchi
Thanks,
setting the link as non VM networks let me configure the interface as needed.

Regards

On 07/04/2016 04:16 PM, Yevgeny Zaspitsky wrote:
> Infiniband should not be bridged.
> Ovirt tries to build a bridge over a NIC if the network is a VM one. Please
> verify that it isn't.
> 
> On Mon, Jul 4, 2016 at 5:10 PM, Giorgio Biacchi <gior...@di.unimi.it
> <mailto:gior...@di.unimi.it>> wrote:
> 
> As I said, Infiniband is not ethernet so it cannot be L2 bridged. This is 
> normal
> and I understand why it can't be done. I'd like to know if there's a way 
> to
> configure host networking for infiniband link without bridging because is 
> not
> necessary to have a bridge there. In addition to this, 3.6 behavior was
> different. Here's all the relevant configuration files generated by 3.6 
> and 4.0:
> 
> - 3.6 ---
> 
> [root@node3.6]# cat /etc/sysconfig/network-scripts/ifcfg-ib0
> # Generated by VDSM version 4.17.11-7.gitc0752ac.el7
> DEVICE=ib0
> HWADDR=80:00:00:48:fe:80:00:00:00:00:00:00:00:02:c9:03:00:0a:06:9f
> ONBOOT=yes
> BOOTPROTO=dhcp
> MTU=65520
> DEFROUTE=no
> NM_CONTROLLED=no
> IPV6INIT=no
> 
> [root@node3.6]# cat /var/lib/vdsm/persistence/netconf/nets/ibstorage
> {
> "nic": "ib0",
> "bootproto": "dhcp",
> "blockingdhcp": true,
> "bridged": "false",
> "mtu": "65520"
> }
> 
> -
> 
> - 4.0 ---
> 
> [root@node4.0]# cat /etc/sysconfig/network-scripts/ifcfg-ib0
> # Generated by VDSM version 4.18.5.1-1.el7.centos
> DEVICE=ib0
> BRIDGE=ibstorage
> ONBOOT=yes
> MTU=65520
> NM_CONTROLLED=no
> IPV6INIT=no
> 
> [root@node4.0]# cat /var/lib/vdsm/persistence/netconf/nets/ibstorage
> {
> "ipv6autoconf": false,
> "nic": "ib0",
> "mtu": 65520,
> "switch": "legacy",
> "dhcpv6": false,
> "stp": false,
> "bridged": true,
> "defaultRoute": false
> }
> 
> [root@node4.0]# cat /var/lib/vdsm/persistence/netconf/nets/ib0
> {
> "ipv6autoconf": false,
> "nic": "ib0",
> "mtu": 65520,
> "switch": "legacy",
> "dhcpv6": false,
> "stp": false,
> "bridged": true,
> "defaultRoute": false
> }
> 
> [root@node4.0]# cat /etc/sysconfig/network-scripts/ifcfg-ibstorage
> # Generated by VDSM version 4.18.5.1-1.el7.centos
> DEVICE=ibstorage
> TYPE=Bridge
> DELAY=0
> STP=off
> ONBOOT=yes
> DEFROUTE=no
> NM_CONTROLLED=no
> IPV6INIT=no
> MTU=65520
> 
> -
> 
> So it seems that 4.0 generates more files and wants to bridge an ethernet
> unbridgeable link. Steps to attempt to configure the connection for 4.0 
> was the
> same done successfully for 3.6.
> 
> Thanks again
> 
> On 07/04/2016 03:25 PM, Arman Khalatyan wrote:
> > As I remember the IBoIP is not fully implemented Ethernet protocol, it 
> does not
> > support bridging.
> >
> >
> > ***
> >
> >  Dr. Arman Khalatyan  eScience -SuperComputing
> >  Leibniz-Institut für Astrophysik Potsdam (AIP)
> >  An der Sternwarte 16, 14482 Potsdam, Germany
> >
> > ***
> >
> > On Mon, Jul 4, 2016 at 2:58 PM, Yevgeny Zaspitsky <yzasp...@redhat.com 
> <mailto:yzasp...@redhat.com>
> > <mailto:yzasp...@redhat.com <mailto:yzasp...@redhat.com>>> wrote:
> >
> > Hello,
> >
> > What's "couple of vdsm hooks"? Could you provide the source code of 
> those?
> >
> > Regards,
> > Yevgeny
> >
> > On Mon, Jul 4, 2016 at 1:43 PM, Giorgio Biacchi 
> <gior...@di.unimi.it <mailto:gior...@di.unimi.it>
> > <mailto:gior...@di.unimi.it <mailto:gior...@di.unimi.it>>> wrote:
> >
> > Hi list,
> > I'm trying a test installation of the new Ovirt Node Image and 

Re: [ovirt-users] Ovirt Node Next mass deploy

2016-07-22 Thread Giorgio Biacchi
On 07/21/2016 01:40 PM, Giorgio Biacchi wrote:
> Hi list,
> starting from here
> (http://lists.ovirt.org/pipermail/devel/2016-January/012073.html) and 
> adjusting
> broken links now I'm able to pxe boot CentOS 7 + kernel arguments:
> 
> LABEL node_4
>  MENU LABEL Ovirt Node 4.0
>  KERNEL centos7/x86_64/vmlinuz
>  APPEND initrd=centos7/x86_64/initrd.img ramdisk_size=10 ksdevice=link
> inst.ks=http://172.20.22.10/ks/ks_ovirt-node-4.0.cfg
> inst.updates=http://jenkins.ovirt.org/job/ovirt-node-ng_master_build-artifacts-fc22-x86_64/lastSuccessfulBuild/artifact/exported-artifacts/product.img
> inst.stage2=http://mi.mirror.garr.it/mirrors/CentOS/7/os/x86_64/
> 
> I think this method is the best for me because with a custom kickstart I can 
> set
> ssh keys and custom hooks and have a fully automated installation, but I'm not
> sure if the lastSuccessfulBuild/artifact/exported-artifacts/product.img is the
> correct image to pass to have a "stable" node.
> 
> There's any other "stable" product.img I can use?
> 
> Thanks
> 

Hello again,
just found out that the simplest method to obtain a stable product.img and
ovirt-node-ng-image.squashfs.img is to loop mount an ovirt node iso, get the
files from there and make them available via http.

Now with a modified PXE and kickstart file I'm able to automate the installation
process.

Here's my PXE conf and kickstart file, maybe they will be useful for someone...

---  ---

LABEL node_4
MENU LABEL Ovirt Node 4.0.2 (testing)
KERNEL centos7/x86_64/vmlinuz
APPEND initrd=centos7/x86_64/initrd.img ramdisk_size=10 ksdevice=link
inst.ks=http://172.20.22.10/ks/ks_ovirt-node-4.0.cfg
inst.updates=http://172.20.22.10/node-4.0.2/product.img
inst.stage2=http://mi.mirror.garr.it/mirrors/CentOS/7/os/x86_64/

---  ---

---  ---
#
# CentOS 7.2 compatible kickstart for CI auto-installation
#

lang en_US.UTF-8
keyboard us
timezone --utc Etc/UTC --ntpservers=tempo.ien.it
auth --enableshadow --passalgo=sha512
selinux --permissive
network --bootproto=dhcp --onboot=on
firstboot --reconfig

#Set root password
rootpw --iscrypted 

# or use plain text
#rootpw --plaintext ovirt

reboot

clearpart --all --initlabel --disklabel=gpt
bootloader --timeout=1

# FIXME This should be fixed more elegantly with
https://bugzilla.redhat.com/663099#c14
# At best we could use: autopart --type=thinp
# autopart can not be used in CI currently, because updates.img is not passed to
# the installation

# Manual layout:
reqpart --add-boot
part pv.01 --size=42000 --grow
volgroup HostVG pv.01
logvol swap --vgname=HostVG --name=swap --fstype=swap --recommended
logvol none --vgname=HostVG --name=HostPool --thinpool --size=4 --grow
logvol / --vgname=HostVG --name=root --thin --poolname=HostPool
--fsoptions="defaults,discard" --size=6000
logvol /var --vgname=HostVG --name=var --thin --poolname=HostPool
--fsoptions="defaults,discard" --size=15000

#
# The trick is to loop in the squashfs image as a device
# from the host
#
liveimg --url="http://172.20.22.10/node-4.0.2/ovirt-node-ng-image.squashfs.img;

%pre
# Assumption: A virtio device with the serial livesrc is passed, pointing
# to the squashfs on the host.
mkdir -p /mnt/livesrc
mount /dev/disk/by-id/virtio-livesrc /mnt/livesrc
%end

%post
PATH=/bin:/sbin:/usr/bin:/usr/sbin
export PATH

#Setup public ssh keys, at least ovirt-engine one..

cd /root
mkdir --mode=700 .ssh

cat >> .ssh/authorized_keys << "PUBLIC_KEY"
ssh-rsa
B3NzaC1yc2EDAQABAAABAQDAhTqyQ6dloDVxjcmDw0CQHDXc6EVtvOqKzCUrNbZ1zt3sZveaWsOVE5NnzFQ6xvgGNXjou4eRuWcdgCows02GqVOPVYqlt8OBThU5lDqPwL7Znz33VO9vKegz8LgotRLSu7ivPPU7zlkNoEBGIDlf3VaQ1K7c+WzflNYkq4qn2dZdtqqQvqgXdAprfC99A37txNzHtu4X/KEWLc67QWPno3a8wpHl0bMYqaYWHLoROcyTvyXvJWrGYRhV0VUqNKcqqFL6fIWwv0ezqCkny1hqKiPch2Re8mEa84Fbd5tFscXhJ2n/R3C+5UkyVbAQPEiL7OhvDPe//USF+MWLMBQ9
ovirt-engine
PUBLIC_KEY

chmod 600 .ssh/authorized_keys
chmod 700 .ssh
chcon -t ssh_home_t .ssh/
chcon -t ssh_home_t .ssh/authorized_keys

#My custom VDSM hooks

mkdir -p /usr/libexec/vdsm/hooks/before_vdsm_start
cd /usr/libexec/vdsm/hooks/before_vdsm_start

cat >> 10_set_ib0_connected_mode << "EOF"
#!/bin/sh

echo Setting IB connected mode
echo connected > /sys/class/net/ib0/mode
sleep 3
MODE=$(cat /sys/class/net/ib0/mode)
RATE=$(cat /sys/class/infiniband/mlx4_0/ports/1/rate)
echo ib0 is now in $MODE mode with rate $RATE
EOF

chmod +x /usr/libexec/vdsm/hooks/before_vdsm_start/10_set_ib0_connected_mode

mkdir -p /usr/libexec/vdsm/hooks/after_network_setup
cd /usr/libexec/vdsm/hooks/after_network_setup

cat >> 10_set_ib0_connected_mode << "EOF"
#!/bin/sh

echo connected > /sys/class/net/ib0/mode
sleep 3
ip link set mtu 65520 dev ib0
EOF

chmod +x /usr/libexec/vdsm/hooks/after_network_setup/10_set_ib0_connected_mode

# FIXME maybe the folowing lines can be collapsed
# in future into i.e. "

[ovirt-users] Ovirt Node NG 4.0.0 wants to bridge my infiniband link

2016-07-04 Thread Giorgio Biacchi
Hi list,
I'm trying a test installation of the new Ovirt Node Image and engine before
upgrading my 3.6 installation.

In my current environment every hypervisor access the NFS shared data domain via
infiniband. With a couple of vdsm hooks I was able to set the infiniband link in
connected mode and set a MTU of 65520. In my case the infiniband link is used as
a common NIC, I don't use RDMA, only IP over infiniband to access the data 
domain.

Now, when I attempt to setup host networking, the system try to bridge the
connection "ibstorage" (defined in networks tab) with ib0 device. But a non
ethernet device cannot be bridged that way and host networking setup fails.

Any idea or suggestion? With 3.6 (node and engine) all was fine.

Thanks
-- 
gb

PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Ovirt Node NG 4.0.0 wants to bridge my infiniband link

2016-07-04 Thread Giorgio Biacchi
Hi,
hooks are only needed to set connected mode and the correct MTU on the
infiniband link. The problem is bound to the host networking setup procedure.

Here's the hooks:

cat /usr/libexec/vdsm/hooks/before_vdsm_start/10_set_ib0_connected_mode
#!/bin/sh

echo Setting IB connected mode
echo connected > /sys/class/net/ib0/mode
sleep 3
MODE=$(cat /sys/class/net/ib0/mode)
RATE=$(cat /sys/class/infiniband/mlx4_0/ports/1/rate)
echo ib0 is now in $MODE mode with rate $RATE

cat /usr/libexec/vdsm/hooks/after_network_setup/10_set_ib0_connected_mode
#!/bin/sh

echo connected > /sys/class/net/ib0/mode
sleep 3
ip link set mtu 65520 dev ib0

As you can see they work:

[root@node]# systemctl restart vdsmd
[root@node]# ip l sh dev ib0
5: ib0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65520 qdisc pfifo_fast state UP
mode DEFAULT qlen 256
link/infiniband 80:00:02:08:fe:80:00:00:00:00:00:00:00:02:c9:03:00:0a:08:c7
brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff
[root@node]# cat /sys/class/net/ib0/mode
connected

In networks tab in the admin portal I've defined a logical network ibstorage
with the correct MTU.

When I attempt to setup host networking vdsm generates the ibstorage device and
a config to bridge it with ib0 but ib0 is not an ethernet device so it cannot be
bridged. With 3.6 the configuration was directly applied to ib0 without any 
bridge.

Thanks

On 07/04/2016 02:58 PM, Yevgeny Zaspitsky wrote:
> Hello,
> 
> What's "couple of vdsm hooks"? Could you provide the source code of those?
> 
> Regards,
> Yevgeny
> 
> On Mon, Jul 4, 2016 at 1:43 PM, Giorgio Biacchi <gior...@di.unimi.it
> <mailto:gior...@di.unimi.it>> wrote:
> 
> Hi list,
> I'm trying a test installation of the new Ovirt Node Image and engine 
> before
> upgrading my 3.6 installation.
> 
> In my current environment every hypervisor access the NFS shared data 
> domain via
> infiniband. With a couple of vdsm hooks I was able to set the infiniband 
> link in
> connected mode and set a MTU of 65520. In my case the infiniband link is 
> used as
> a common NIC, I don't use RDMA, only IP over infiniband to access the data
> domain.
> 
> Now, when I attempt to setup host networking, the system try to bridge the
> connection "ibstorage" (defined in networks tab) with ib0 device. But a 
> non
> ethernet device cannot be bridged that way and host networking setup 
> fails.
> 
> Any idea or suggestion? With 3.6 (node and engine) all was fine.
> 
> Thanks
> --
> gb
> 
> PGP Key: http://pgp.mit.edu/
> Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
> ___
> Users mailing list
> Users@ovirt.org <mailto:Users@ovirt.org>
> http://lists.ovirt.org/mailman/listinfo/users
> 
> 

-- 
gb

PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Infiniband migration network

2017-02-02 Thread Giorgio Biacchi

Hi,
you cant bridge infiniband. You have to set the network as "no VM network" so it 
will not be bridged.


I have a similar setup where Infiniband is used for data domain mount and vm 
migrations and to have it working in connected mode with a MTU of 65520 you also 
need a couple of vdsm hooks on all the hypervisors.


Regards

On 02/02/2017 03:57 PM, Logan Kuhn wrote:

We are starting to scale and have started to notice the limitations of using the
default network for everything.  We have infiniband in our vm hosts and would
like to use that as our migration network, but haven't figured out how.
Creating a logical network and assigning it to one of the infiniband networks
doesn't seem to work because infiniband doesn't handle bridging well.

Regards,
Logan


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



--
gb

PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Python-SDK4: How to list VM user sessions?

2017-04-10 Thread Giorgio Biacchi

Hi,
I'm taking over Giulio because he's not at work now. I'm starting to understand 
what's happening because we have not that users (and many others) in the users 
tab in the admin portal.


We have heavily modified the paradigm of ovirt, VM are bound to thin clients and 
not to users, this because we want to reproduce a lab/classroom environment and 
we don't use the user portal. We wrote an alternative administration portal 
where we define classrooms, thin clients and associations between clients and VMs.


Windows VMs are joined to a AD domain and linux VMs are joined to IPA, home dirs 
are remotely mounted upon user login.


So there's no need to have all that users (over 31000) in the admin portal 
because they have no permission on any VM, they can login from any client to the 
VM bound to that client.


In the admin portal, if I go to a VM with a logged in user in the "Guest info" 
tab I can see which user is logged in because, I think, the guest agents are 
aware of the logged in username, but there's no "user object" in the engine when 
I try to get that information via API.


Thanks for your time and patience..

Regards,
Giorgio

On 04/10/2017 01:18 PM, Juan Hernández wrote:

On 04/10/2017 11:10 AM, Giulio Casella wrote:

On 07/04/2017 16:00, Juan Hernández wrote:

I have been trying to reproduce this and I wasn't able. In theory the
404 error that you get should only happen if the virtual machine doesn't
exist, but that isn't the case.

Can you check the server.log file and share the complete stack traces
that should appear after the "HTTP 404 Not Found" message?



No problem, find attached a snippet of server.log.

Bye,
Giulio



Thanks, that helps. What the engine isn't finding is the user, not the
virtual machine. Can you provide more information about that user? I
mean, take the virtual machine and find via the GUI which user is using
it. Then go to https://.../ovirt-engine/api/users and find that user.
Share the definition of that user that you get there, if possible.


On 03/31/2017 10:25 AM, Giulio Casella wrote:

On 30/03/2017 20:05, Juan Hernández wrote:

On 03/30/2017 01:01 PM, Giulio Casella wrote:

Hi,
I'm trying to obtain a list of users connected to a VM, using
python SDK
v4.
Here's what I'm doing:

vm = vms_service.list(search="name=vmname")[0]
vm_service = vms_service.vm_service(vm.id)
sessions = vm_service.sessions_service().list()

But "sessions" is None.

Same result using:

s = connection.follow_link(vm.sessions)

"s" is None.

I tried also using curl, and if I connect to:

https://my.ovirt.host/ovirt-engine/api/v4/vms//sessions

I get a beautiful 404.

Also using v3 of python SDK I obtain the same behaviour.

So I suspect that retrieving user sessions via API is not implemented,
is it? If not, what I'm doing wrong?

I'm using RHV 4.0.6.3-0.1.el7ev

Thanks in advance,
Giulio



Giulio, you should never get a 404 error from that URL, unless the
virtual doesn't exist or isn't visible for you. What user name are you
to create the SDK connection? An administrator or a regular user?



I tried with a regular domain user (with superuser role assigned) and
admin@internal, with same result.


Also, please check the /var/log/ovirt-engine/server.log and
/var/log/ovirt-engine/engine.log when you send that request. Do you see
there something relevant?


server.log reports:

2017-03-31 10:03:11,346 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n]
(default task-33) RESTEASY002010: Failed to execute:
javax.ws.rs.WebApplicationException: HTTP 404 Not Found

(no surprise here, same message obtained by curl).

engine.log is full of:

ERROR [org.ovirt.engine.core.aaa.filters.SsoRestApiAuthFilter] (default
task-7) [] Cannot authenticate using authentication Headers:
invalid_grant: The provided authorization grant for the auth code has
expired

(indipendently of my request)

It's quite strange I can perform almost every other operation (e.g.
getting other VM parameters, running methods, etc.)




Finally, please run your script with the 'debug=True' option in the
connection, and with a log file, like here:


https://github.com/oVirt/ovirt-engine-sdk/blob/master/sdk/examples/list_vms.py#L20-L37



Then share that log file so that we can check what the server is
returning exactly. Make sure to remove your password from that log file
before sharing it.


Find attached produced log (passwords purged).

BTW: VM is a Fedora 24, with guest agents correctly installed (I can see
user sessions in admin portal and in postgresql DB).

Thanks,
Giulio



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users







___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



--
gb

PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
___
Users mailing list
Users@ovirt.org

[ovirt-users] Update to 4.2.0 failing in db check

2017-12-20 Thread Giorgio Biacchi

Hello list,
I was about to upgrade from 4.1.8.2-1.el7.centos to 4.2.0 but engine-setup 
fails. Here's the relevant output:


[ ERROR ] Failed to execute stage 'Setup validation': Failed checking Engine 
database: an exception occurred while validating the Engine database, please 
check the logs for getting more info:

 Constraint violation found in  vm_interface (vmt_guid) |1

[ INFO  ] Stage: Clean up
  Log file is located at 
/var/log/ovirt-engine/setup/ovirt-engine-setup-20171220110337-cy5ri9.log
[ INFO  ] Generating answer file 
'/var/lib/ovirt-engine/setup/answers/20171220110551-setup.conf'

[ INFO  ] Stage: Pre-termination
[ INFO  ] Stage: Termination
[ ERROR ] Execution of setup failed

any ideas??
--
gb

PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Update to 4.2.0 failing in db check

2017-12-21 Thread Giorgio Biacchi

Hi,
I have additional info on the problem. I run 
/usr/share/ovirt-engine/setup/dbutils/fkvalidator.sh and the problem is on 4 
templates subversions. In detail we have two templates and each one has two 
subversions.


Other templates with no subversions have no problem.

Thanks again, I hope this helps in debugging.

On 12/20/2017 04:04 PM, Martin Perina wrote:

Hi,

could you please share the full setup log?

​/var/log/ovirt-engine/setup/ovirt-engine-setup-20171220110337-cy5ri9.log

Thanks

Martin


On Wed, Dec 20, 2017 at 2:22 PM, Sandro Bonazzola <sbona...@redhat.com 
<mailto:sbona...@redhat.com>> wrote:




2017-12-20 11:58 GMT+01:00 Giorgio Biacchi <gior...@di.unimi.it
<mailto:gior...@di.unimi.it>>:

Hello list,
I was about to upgrade from 4.1.8.2-1.el7.centos to 4.2.0 but
engine-setup fails. Here's the relevant output:

[ ERROR ] Failed to execute stage 'Setup validation': Failed checking
Engine database: an exception occurred while validating the Engine
database, please check the logs for getting more info:
          Constraint violation found in  vm_interface (vmt_guid) |1

[ INFO  ] Stage: Clean up
           Log file is located at
​​
/var/log/ovirt-engine/setup/ovirt-engine-setup-20171220110337-cy5ri9.log
[ INFO  ] Generating answer file
'/var/lib/ovirt-engine/setup/answers/20171220110551-setup.co
<http://20171220110551-setup.co>nf'
[ INFO  ] Stage: Pre-termination
[ INFO  ] Stage: Termination
[ ERROR ] Execution of setup failed

any ideas??


Adding some people, I think one of your vms has an invalid configuration
saved in the db.


-- 
gb


PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 
0F34
___
Users mailing list
Users@ovirt.org <mailto:Users@ovirt.org>
http://lists.ovirt.org/mailman/listinfo/users
<http://lists.ovirt.org/mailman/listinfo/users>




-- 


SANDRO BONAZZOLA

ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R

Red Hat EMEA <https://www.redhat.com/>

<https://red.ht/sig>  
TRIED. TESTED. TRUSTED. <https://redhat.com/trusted>





--
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.


--
gb

PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Shutdown all VM's command line

2018-01-11 Thread Giorgio Biacchi

On 01/11/2018 11:44 AM, Kapetanakis Giannis wrote:

On 10/01/18 22:11, Wesley Stewart wrote:

Marcelo,

I would greatly appreciate seeing a script!  It would be an excellent chance 
for me to learn a bit about using ovirt from the command line as well!


I'm using something like this with ovirt-shell

vm_shutdown:
#!/bin/sh
LOG=/root/ovirt/vm_shutdown_log
echo `date` >> $LOG
/usr/bin/ovirt-shell -f /root/ovirt/vm_shutdown_script >> $LOG
echo "" >> $LOG

vm_shutdown_script:
list vms --kwargs status-state=up|grep name | sed s/'name   :'/'action vm'/ | 
sed -e 's/$/ shutdown/' > /root/ovirt/new_vm_shutdown_script
file /root/ovirt/new_vm_shutdown_script

new_vm_shutdown_script now lists entries like this:
action vm vm1 shutdown
action vm vm2 shutdown
etc.

G


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



You can use python SDK.

Somthing like this should work

#!/usr/bin/env python

import ovirtsdk4 as sdk

ovaddress = ""
username="admin@internal"
password="*"

connection = sdk.Connection(
  url=ovaddress,
  username=username,
  password=password,
  ca_file='ca.crt',
  insecure=True
)

system_service = connection.system_service()
vms_service = system_service.vms_service()
vms = vms_service.list()

for vm in vms:
vm_service = vms_service.vm_service(vm.id)
vm_service.shutdown()

connection.close()

--
gb

PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Permission on Vm and User portal

2018-01-26 Thread Giorgio Biacchi

It seems it's a bug. There's already another thread here with this subject:

Ovirt 4.2 Bug with Permissons on the Vm Portal?

I've enabled ovirt 4.2 pre-release repo but the problem is still present in 
version 4.2.1.3-1.el7.centos


Somewhere i read that will be fixed in 4.2.2, I'm waiting...

Regards

On 01/26/2018 12:13 PM, Donny Davis wrote:

I have been trying to get this worked out myself.

Firstly someone with a system permission will be able to see things from the 
system level. I have been adding the permission at the cluster level, but I also 
just can't seem to figure out the user portal in 4.2. they can either see it all 
or nothing, even vms they create.


I have been using the permissions from this post to no avail.
These permissions have worked fine since 3.x days

http://lists.ovirt.org/pipermail/users/2015-January/030981.html



On Jan 25, 2018 11:57 AM, "carl langlois" > wrote:


Hi all,

In 4.1 i was able to assign 1 user to one VM and in the user portal that
same user was only seeing this specific VM. But with 4.2 i have trouble with
permission.

The way i add permission to a specific user is go click on the VM in the
admin portal, then go in permission and add the user(active directory user).
If i log back with this user on the user portal i do not see the VM that was
given the permission.
But if i add the same user in the system permission tab in the admin portal
and give it the UserRole and log back to the user portal, now he can see all
the VM but i only want the user to see is vm not all others ...

there is a difference when the is add from the two different place.. is the
attribute :
when add from the sytem permission it add the (System) in the inherited
permission colum,
when add from the VM permission tab it does not have that..


Any hints would appreciated.

Carl

___
Users mailing list
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users




___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



--
gb

PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Ovirt 4.2 Bug with Permissons on the Vm Portal?

2018-01-12 Thread Giorgio Biacchi

It's the same for me also.

Ovirt is connected to FreeIPA this time, so it seems not to be bound to a 
specific AAA engine extension.


Do we have to submit a new bug on bugzilla??

Regards

On 01/11/2018 02:04 PM, Latchezar Filtchev wrote:

Hi Guys,

The same here. Upgrade 4.1.8 to 4.2. oVirt connected to Active Directory. User 
cannot see machines in VM portal. Still playing with permissions.


Any ideas?

Thank you!

Best,

Latcho

*From:*users-boun...@ovirt.org [mailto:users-boun...@ovirt.org] *On Behalf Of 
*Thomas Fecke

*Sent:* Monday, January 08, 2018 3:17 PM
*To:* users@ovirt.org
*Subject:* [ovirt-users] Ovirt 4.2 Bug with Permissons on the Vm Portal?

Hello Guys,

i recently upgrade to 4.2

We used the User Portal before. Every User could see his__ VM´s, every Admin 
just could see his VM´s ( User View ).


After the Update:

Admin´s can see every VM in VM Portal

The Users can´t see Vm´s anymore. The Portal is Empty. Role “UserVMManager” is 
set.

We tested some Scenarios: If the User create a new Virtual Machine, it is shown 
in the VM Portal. When he log out and in again -> VM is gone in his View


Admin View: The VM was created, Permission where set. Everything seems to be 
good.

Any Ideas? Thanks Guys__



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



--
gb

PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Permission on Vm and User portal

2018-02-16 Thread Giorgio Biacchi

Hi,
check the workaround in the last comment here:

https://github.com/oVirt/ovirt-web-ui/issues/460

It seems to work.

Regards

On 02/16/2018 09:59 AM, Thomas Fecke wrote:

Hey Guys,

Just upgrade to 4.2.2 and still the same Issue.

Someone found a Solution?

*From:*users-boun...@ovirt.org [mailto:users-boun...@ovirt.org] *On Behalf Of 
*carl langlois

*Sent:* Freitag, 26. Januar 2018 15:19
*To:* gior...@di.unimi.it
*Cc:* users <users@ovirt.org>
*Subject:* Re: [ovirt-users] Permission on Vm and User portal

Thanks all for the info .. so it seem that will have to wait 4.2.2. like last 
comment in this issue is specifying


https://github.com/oVirt/ovirt-web-ui/issues/460

Regards

Carl

On Fri, Jan 26, 2018 at 6:43 AM, Giorgio Biacchi <gior...@di.unimi.it 
<mailto:gior...@di.unimi.it>> wrote:


It seems it's a bug. There's already another thread here with this subject:

Ovirt 4.2 Bug with Permissons on the Vm Portal?

I've enabled ovirt 4.2 pre-release repo but the problem is still present in
version 4.2.1.3-1.el7.centos

Somewhere i read that will be fixed in 4.2.2, I'm waiting...

Regards

On 01/26/2018 12:13 PM, Donny Davis wrote:

I have been trying to get this worked out myself.

Firstly someone with a system permission will be able to see things from
the system level. I have been adding the permission at the cluster
level, but I also just can't seem to figure out the user portal in 4.2.
they can either see it all or nothing, even vms they create.

I have been using the permissions from this post to no avail.
These permissions have worked fine since 3.x days

http://lists.ovirt.org/pipermail/users/2015-January/030981.html



On Jan 25, 2018 11:57 AM, "carl langlois" <crl.langl...@gmail.com
<mailto:crl.langl...@gmail.com> <mailto:crl.langl...@gmail.com
<mailto:crl.langl...@gmail.com>>> wrote:

     Hi all,

     In 4.1 i was able to assign 1 user to one VM and in the user portal
that
     same user was only seeing this specific VM. But with 4.2 i have
trouble with
     permission.

     The way i add permission to a specific user is go click on the VM
in the
     admin portal, then go in permission and add the user(active
directory user).
     If i log back with this user on the user portal i do not see the VM
that was
     given the permission.
     But if i add the same user in the system permission tab in the
admin portal
     and give it the UserRole and log back to the user portal, now he
can see all
     the VM but i only want the user to see is vm not all others ...

     there is a difference when the is add from the two different
place.. is the
     attribute :
     when add from the sytem permission it add the (System) in the 
inherited
     permission colum,
     when add from the VM permission tab it does not have that..


     Any hints would appreciated.

     Carl

     ___
     Users mailing list
Users@ovirt.org <mailto:Users@ovirt.org> <mailto:Users@ovirt.org
<mailto:Users@ovirt.org>>
http://lists.ovirt.org/mailman/listinfo/users
     <http://lists.ovirt.org/mailman/listinfo/users>



___
Users mailing list
Users@ovirt.org <mailto:Users@ovirt.org>
http://lists.ovirt.org/mailman/listinfo/users


-- 
gb


PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34


___
Users mailing list
Users@ovirt.org <mailto:Users@ovirt.org>
http://lists.ovirt.org/mailman/listinfo/users



--
gb

PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Update to 4.2.0 failing in db check

2017-12-21 Thread Giorgio Biacchi

On 12/21/2017 11:24 AM, Sandro Bonazzola wrote:



2017-12-21 11:03 GMT+01:00 Giorgio Biacchi <gior...@di.unimi.it 
<mailto:gior...@di.unimi.it>>:


Hi,
I have additional info on the problem. I run
/usr/share/ovirt-engine/setup/dbutils/fkvalidator.sh and the problem is on 4
templates subversions. In detail we have two templates and each one has two
subversions.

Other templates with no subversions have no problem.

Thanks again, I hope this helps in debugging.


Thanks Giorgio, do you mind open a bug on 
https://bugzilla.redhat.com/enter_bug.cgi?product=ovirt-engine to track this?


Bug 1528316 Submitted





On 12/20/2017 04:04 PM, Martin Perina wrote:

Hi,

could you please share the full setup log?


​/var/log/ovirt-engine/setup/ovirt-engine-setup-20171220110337-cy5ri9.log

Thanks

Martin


On Wed, Dec 20, 2017 at 2:22 PM, Sandro Bonazzola <sbona...@redhat.com
<mailto:sbona...@redhat.com> <mailto:sbona...@redhat.com
<mailto:sbona...@redhat.com>>> wrote:



     2017-12-20 11:58 GMT+01:00 Giorgio Biacchi <gior...@di.unimi.it
<mailto:gior...@di.unimi.it>
     <mailto:gior...@di.unimi.it <mailto:gior...@di.unimi.it>>>:

         Hello list,
         I was about to upgrade from 4.1.8.2-1.el7.centos to 4.2.0 but
         engine-setup fails. Here's the relevant output:

         [ ERROR ] Failed to execute stage 'Setup validation': Failed
checking
         Engine database: an exception occurred while validating the 
Engine
         database, please check the logs for getting more info:
                   Constraint violation found in  vm_interface 
(vmt_guid) |1

         [ INFO  ] Stage: Clean up
                    Log file is located at
         ​​

/var/log/ovirt-engine/setup/ovirt-engine-setup-20171220110337-cy5ri9.log

         [ INFO  ] Generating answer file
         '/var/lib/ovirt-engine/setup/answers/20171220110551-setup.co
<http://20171220110551-setup.co>
         <http://20171220110551-setup.co
<http://20171220110551-setup.co>>nf'
         [ INFO  ] Stage: Pre-termination
         [ INFO  ] Stage: Termination
         [ ERROR ] Execution of setup failed

         any ideas??


     Adding some people, I think one of your vms has an invalid
configuration
     saved in the db.


         --         gb

         PGP Key: http://pgp.mit.edu/
         Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC
DC90 B9CB 0F34
         ___
         Users mailing list
Users@ovirt.org <mailto:Users@ovirt.org> <mailto:Users@ovirt.org
<mailto:Users@ovirt.org>>
http://lists.ovirt.org/mailman/listinfo/users
<http://lists.ovirt.org/mailman/listinfo/users>
         <http://lists.ovirt.org/mailman/listinfo/users
<http://lists.ovirt.org/mailman/listinfo/users>>




     --
     SANDRO BONAZZOLA

     ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION 
R

     Red Hat EMEA <https://www.redhat.com/>

     <https://red.ht/sig>
     TRIED. TESTED. TRUSTED. <https://redhat.com/trusted>





-- 
Martin Perina

Associate Manager, Software Engineering
Red Hat Czech s.r.o.


-- 
gb


PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34




--

SANDRO BONAZZOLA

ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R

Red Hat EMEA <https://www.redhat.com/>

<https://red.ht/sig>  
TRIED. TESTED. TRUSTED. <https://redhat.com/trusted>




--
gb

PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Ovirt 4.2 Bug with Permissons on the Vm Portal?

2018-01-17 Thread Giorgio Biacchi

On 01/12/2018 05:53 PM, Michal Skrivanek wrote:



On 12 Jan 2018, at 12:27, Giorgio Biacchi <gior...@di.unimi.it 
<mailto:gior...@di.unimi.it>> wrote:


It's the same for me also.

Ovirt is connected to FreeIPA this time, so it seems not to be bound to a 
specific AAA engine extension.


Do we have to submit a new bug on bugzilla??


Looks like https://github.com/oVirt/ovirt-web-ui/issues/460 ?
Somehow it diappeared in recent 4.2.1 builds, can you check that by any chance 
on your setup too?


I just enabled Ovirt Release Pre repo and updated to 4.2.1.1-1.el7 but the 
problem still is present. I've done a test, as a user I created a Vm, the Vm is 
visible from Vm Portal. From the admin portal I removed the UserVmManager 
permission on that Vm. From the Vm Portal the Vm go away. So far so good.


Then I re added the previously removed permission to the Vm but the Vm do not 
appears in the Vm portal once I log back in as a normal user.


Thanks



Thanks,
michal



Regards

On 01/11/2018 02:04 PM, Latchezar Filtchev wrote:

Hi Guys,
The same here. Upgrade 4.1.8 to 4.2. oVirt connected to Active Directory. 
User cannot see machines in VM portal. Still playing with permissions.

Any ideas?
Thank you!
Best,
Latcho
*From:*users-boun...@ovirt.org <mailto:users-boun...@ovirt.org> 
[mailto:users-boun...@ovirt.org] *On Behalf Of *Thomas Fecke

*Sent:* Monday, January 08, 2018 3:17 PM
*To:* users@ovirt.org <mailto:users@ovirt.org>
*Subject:* [ovirt-users] Ovirt 4.2 Bug with Permissons on the Vm Portal?
Hello Guys,
i recently upgrade to 4.2
We used the User Portal before. Every User could see his__ VM´s, every Admin 
just could see his VM´s ( User View ).

After the Update:
Admin´s can see every VM in VM Portal
The Users can´t see Vm´s anymore. The Portal is Empty. Role “UserVMManager” 
is set.
We tested some Scenarios: If the User create a new Virtual Machine, it is 
shown in the VM Portal. When he log out and in again -> VM is gone in his View
Admin View: The VM was created, Permission where set. Everything seems to be 
good.

Any Ideas? Thanks Guys__
___
Users mailing list
Users@ovirt.org <mailto:Users@ovirt.org>
http://lists.ovirt.org/mailman/listinfo/users


--
gb

PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
___
Users mailing list
Users@ovirt.org <mailto:Users@ovirt.org>
http://lists.ovirt.org/mailman/listinfo/users






--
gb

PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] Re: How to recreate Ovirt CA from scratch

2019-02-20 Thread Giorgio Biacchi
On 2/20/19 7:47 AM, Yedidyah Bar David wrote:
> On Tue, Feb 19, 2019 at 3:18 PM Giorgio Biacchi  wrote:
>>
>> Hi list,
>> during our datacenter lifetime many things changed. We moved the engine
>> twice on different hosts with, of course, different FQDNs, and many
>> other changes. Now we are stuck with an error when we try to upload an
>> image to a data domain. The error is somehow bound to a failure to
>> validate the ovirt-imageio-proxy certificate and, since the current root
>> CA certificate is still signed with sha1WithRSAEncryption we'd like to
>> regenerate the whole CA.
> 
> Is "sha1" all your problem? You might want to check:
> 
> https://www.ovirt.org/develop/migrate-pki-to-sha256.html

Today I repeated the procedure described in the link here above and
finally I was successful. Maybe yesterday I was too quick to fall back
to the original state but my enviroment is in production and I was scared...

I had some problems while enrolling the new certificate on the
hypervisors, but removing/rebooting/readding did the trick.

Our engine have an SSO_ALTERNATE_ENGINE_FQDN (before it was the real
engine FQDN) so I found that ImageProxyAddress was still pointing to the
old name. I'm now able (as before) to access the admin portal with both
names but only one (the one with the green lock in the browser) is the
FQDN in the certificate, so I did:

engine-config --set ImageProxyAddress=realFQDN:54323

and now I have sha256 certs and ovirt-imageio-proxy working as expected. :)

Thanks for your hints..

> 
>>
>> That's the steps we've done.. without success...
>>
>> 1) Make a tar.gz of the /etc/pki/ovirt-engine as backup
>> 2) Create a new CA cert using the same private key:
>> openssl req -key /etc/pki/ovirt-engine/private/ca.pem -new -x509 
>> -days
>> 3650 -sha256 -extensions v3_ca -out newca.cert.pem
>> 3) Put the new CA cert in place
>> mv ca.pem ca.pem.orig.20190219;mv newca.cert.pem ca.pem
>> 4) Resign all the other certs
>> names="engine apache websocket-proxy jboss imageio-proxy"
>> for name in $names; do
>> subject="$(
>> openssl \
>> x509 \
>> -in /etc/pki/ovirt-engine/certs/"${name}".cer \
>> -noout \
>> -subject \
>> | sed \
>> 's;subject= \(.*\);\1;' \
>> )"
>> /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh \
>> --name="${name}" \
>> --password=mypass \
>> --subject="${subject}" \
>> --keep-key
>> done
>> 5) Restart all the services
>> systemctl restart httpd
>> systemctl restart ovirt-engine
>> systemctl restart ovirt-websocket-proxy
>> systemctl restart ovirt-imageio-proxy
>>
>>
>> The following step was to take the backup at 1) and fall back to the
>> initial state because nothing worked as expected.
>>
>> There's any documented procedure about how to recreate Ovirt CA from
>> scratch??
> 
> I do not think so.
> 
> Seems like this isn't what you want to do, either, as you try to keep
> the existing keys (and recreate only certs).
> 
> If that's really what you want to do, you can simply remove
> everything under /etc/pki/ovirt-engine that's not packaged by
> any rpm, e.g. using:
> 
> find . -type f | xargs rpm -qf | awk '/is not owned by any package/ {print 
> $2}'
> 
> and then run engine-setup.
> 
> Obviously, this will break everything - you will have to
> reinstall all hosts (or at least "Enroll Certificates" from
> the web ui) etc. If it's a hosted-engine, make sure to move
> it to global maintenance beforehand.
> 
> See also:
> 
> https://ovirt.org/develop/release-management/features/infra/pki-renew.html
> 
> So far, we didn't make engine-setup suggest to renew pki
> on the grounds of not using sha256, considering it not-yet-
> mandatory, and only documented the above link (and made new
> setups use sha256 by default). Feel free to open an RFE for
> this, and once it's fixed, the answer to your question will
> be "Run engine-setup"...
> 
> Best regards,
> 

-- 
gb

PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ME4HOKHGSPPXVUUAJA7EPBJHBM72S7YF/


[ovirt-users] How to recreate Ovirt CA from scratch

2019-02-19 Thread Giorgio Biacchi
Hi list,
during our datacenter lifetime many things changed. We moved the engine
twice on different hosts with, of course, different FQDNs, and many
other changes. Now we are stuck with an error when we try to upload an
image to a data domain. The error is somehow bound to a failure to
validate the ovirt-imageio-proxy certificate and, since the current root
CA certificate is still signed with sha1WithRSAEncryption we'd like to
regenerate the whole CA.

That's the steps we've done.. without success...

1) Make a tar.gz of the /etc/pki/ovirt-engine as backup
2) Create a new CA cert using the same private key:
openssl req -key /etc/pki/ovirt-engine/private/ca.pem -new -x509 -days
3650 -sha256 -extensions v3_ca -out newca.cert.pem
3) Put the new CA cert in place
mv ca.pem ca.pem.orig.20190219;mv newca.cert.pem ca.pem
4) Resign all the other certs
names="engine apache websocket-proxy jboss imageio-proxy"
for name in $names; do
subject="$(
openssl \
x509 \
-in /etc/pki/ovirt-engine/certs/"${name}".cer \
-noout \
-subject \
| sed \
's;subject= \(.*\);\1;' \
)"
/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh \
--name="${name}" \
--password=mypass \
--subject="${subject}" \
--keep-key
done
5) Restart all the services
systemctl restart httpd
systemctl restart ovirt-engine
systemctl restart ovirt-websocket-proxy
systemctl restart ovirt-imageio-proxy


The following step was to take the backup at 1) and fall back to the
initial state because nothing worked as expected.

There's any documented procedure about how to recreate Ovirt CA from
scratch??

Thanks in advance
-- 
gb

PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BBHOYNCALUHU7HQJOXA7KCN2MDFRT6JR/


[ovirt-users] Re: Can't add freshly installed node.. host has no default route

2020-05-12 Thread Giorgio Biacchi
On 5/12/20 12:28 PM, Dominik Holler wrote:
> 
> 
> On Tue, May 12, 2020 at 8:49 AM Giorgio Biacchi  <mailto:gior...@di.unimi.it>> wrote:
> 
> On 5/11/20 5:53 PM, Dominik Holler wrote:
> >
> >
> > On Mon, May 11, 2020 at 12:31 PM Giorgio Biacchi
> mailto:gior...@di.unimi.it>
> > <mailto:gior...@di.unimi.it <mailto:gior...@di.unimi.it>>> wrote:
> >
> >     Hi list,
> >     I've spent a couple of days trying to understand why this was
> >     happening...
> >
> >     For the installation I have a well tested installation server
> with a
> >     custom kickstart file to setup ssh keys and custom hooks for
> infiniband
> >     and I'm installing Ovirt Node 4.3.9 via pxe, this is particularly
> >     useful
> >     when I have to install a bunch of blades at once.. In the past
> I had no
> >     issues and all was working like a charm until now when some
> hardware
> >     failed and I had to replace it.
> >
> >     As expected I have no issues in the node installation
> process.. the
> >     troubles begins when I try to add the node, installation fails
> and in
> >     the UI I have an exclamation mark with the message "Host has
> no default
> >     route." but I can ping and do ssh to the host from the
> manager.. the
> >     problem is somewhere else in the communication between the
> engine and
> >     vdsmd preventing the engine to refresh the host capabilities.
> >
> >     So from the engine I tried:
> >
> >     [root@manager ~]# openssl s_client -connect 172.20.22.78:54321
> <http://172.20.22.78:54321>
> >     <http://172.20.22.78:54321>
> >     CONNECTED(0003)
> >     ---
> >     Certificate chain
> >       0 s:/CN=cn128.lagrange.di.unimi.it/O=VDSM
> <http://cn128.lagrange.di.unimi.it/O=VDSM>
> >     <http://cn128.lagrange.di.unimi.it/O=VDSM> Certificate
> >         i:/CN=VDSM Certificate Authority
> >       1 s:/CN=VDSM Certificate Authority
> >         i:/CN=VDSM Certificate Authority
> >     ---
> >
> >     The host has still the self signed vdsm certificate.. and on the
> >     host in
> >     vdsm.log I find:
> >
> >     2020-05-11 09:52:25,433+ ERROR (Reactor thread)
> >     [ProtocolDetector.SSLHandshakeDispatcher] ssl handshake: SSLError,
> >     address: :::159.149.129.220 (sslutils:264)
> >
> >     So I tried to enroll the certificate from the UI and from the
> events
> >     tab
> >     I sow the enrolling was successful but:
> >
> >     [root@manager ~]# openssl s_client -connect 172.20.22.78:54321
> <http://172.20.22.78:54321>
> >     <http://172.20.22.78:54321>
> >
> >     140084336994192:error:140790E5:SSL routines:ssl23_write:ssl
> handshake
> >     failure:s23_lib.c:177:
> >     CONNECTED(0003)
> >     ---
> >     no peer certificate available
> >     ---
> >
> >     there's still some issue with the certificates.. so on the
> host again:
> >
> >     [root@cn128 vdsm]# find /etc/pki/vdsm/ -type f -cmin -10|
> xargs ls -l
> >     -rw---. 1 root kvm  1424 May 11 09:56
> /etc/pki/vdsm/certs/cacert.pem
> >     -rw---. 1 root kvm  5108 May 11 09:57
> >     /etc/pki/vdsm/certs/vdsmcert.pem
> >     -r--r-. 1 root kvm  1704 May 11 09:56
> /etc/pki/vdsm/keys/vdsmkey.pem
> >     -rw-r--r--. 1 root root 1424 May 11 09:57
> >     /etc/pki/vdsm/libvirt-spice/ca-cert.pem
> >     -rw-r--r--. 1 root root 5108 May 11 09:57
> >     /etc/pki/vdsm/libvirt-spice/server-cert.pem
> >     -r--r-. 1 root root 1704 May 11 09:56
> >     /etc/pki/vdsm/libvirt-spice/server-key.pem
> >
> >     It seems that cacert.pem and vdsmcert.pem have wrong permissions..
> >     let's
> >     try to fix it..
> >
> >     [root@cn128 vdsm]# chown 36:36 /etc/pki/vdsm/certs/cacert.pem
> >     /etc/pki/vdsm/certs/vdsmcert.pem
> >
> >     And now:
> >
> >     [root@manager ~]# openssl s_client -connect
> 172.20.22.78:54321| less
> >     CONNECTED(0003)
> >     ---
> >     Certificate chai

[ovirt-users] Re: Can't add freshly installed node.. host has no default route

2020-05-12 Thread Giorgio Biacchi

Il 12/05/2020 17:07, Dominik Holler ha scritto:



On Tue, May 12, 2020 at 4:25 PM Giorgio Biacchi <mailto:gior...@di.unimi.it>> wrote:


On 5/12/20 12:28 PM, Dominik Holler wrote:
 >
 >
 > On Tue, May 12, 2020 at 8:49 AM Giorgio Biacchi
mailto:gior...@di.unimi.it>
 > <mailto:gior...@di.unimi.it <mailto:gior...@di.unimi.it>>> wrote:
 >
 >     On 5/11/20 5:53 PM, Dominik Holler wrote:
 >     >
 >     >
 >     > On Mon, May 11, 2020 at 12:31 PM Giorgio Biacchi
 >     mailto:gior...@di.unimi.it>
<mailto:gior...@di.unimi.it <mailto:gior...@di.unimi.it>>
 >     > <mailto:gior...@di.unimi.it <mailto:gior...@di.unimi.it>
<mailto:gior...@di.unimi.it <mailto:gior...@di.unimi.it>>>> wrote:
 >     >
 >     >     Hi list,
 >     >     I've spent a couple of days trying to understand why
this was
 >     >     happening...
 >     >
 >     >     For the installation I have a well tested installation
server
 >     with a
 >     >     custom kickstart file to setup ssh keys and custom
hooks for
 >     infiniband
 >     >     and I'm installing Ovirt Node 4.3.9 via pxe, this is
particularly
 >     >     useful
 >     >     when I have to install a bunch of blades at once.. In
the past
 >     I had no
 >     >     issues and all was working like a charm until now when some
 >     hardware
 >     >     failed and I had to replace it.
 >     >
 >     >     As expected I have no issues in the node installation
 >     process.. the
 >     >     troubles begins when I try to add the node,
installation fails
 >     and in
 >     >     the UI I have an exclamation mark with the message
"Host has
 >     no default
 >     >     route." but I can ping and do ssh to the host from the
 >     manager.. the
 >     >     problem is somewhere else in the communication between the
 >     engine and
 >     >     vdsmd preventing the engine to refresh the host
capabilities.
 >     >
 >     >     So from the engine I tried:
 >     >
 >     >     [root@manager ~]# openssl s_client -connect
172.20.22.78:54321 <http://172.20.22.78:54321>
 >     <http://172.20.22.78:54321>
 >     >     <http://172.20.22.78:54321>
 >     >     CONNECTED(0003)
 >     >     ---
 >     >     Certificate chain
 >     >       0 s:/CN=cn128.lagrange.di.unimi.it/O=VDSM
<http://cn128.lagrange.di.unimi.it/O=VDSM>
 >     <http://cn128.lagrange.di.unimi.it/O=VDSM>
 >     >     <http://cn128.lagrange.di.unimi.it/O=VDSM> Certificate
 >     >         i:/CN=VDSM Certificate Authority
 >     >       1 s:/CN=VDSM Certificate Authority
 >     >         i:/CN=VDSM Certificate Authority
 >     >     ---
 >     >
 >     >     The host has still the self signed vdsm certificate..
and on the
 >     >     host in
 >     >     vdsm.log I find:
 >     >
 >     >     2020-05-11 09:52:25,433+ ERROR (Reactor thread)
 >     >     [ProtocolDetector.SSLHandshakeDispatcher] ssl
handshake: SSLError,
 >     >     address: :::159.149.129.220 (sslutils:264)
 >     >
 >     >     So I tried to enroll the certificate from the UI and
from the
 >     events
 >     >     tab
 >     >     I sow the enrolling was successful but:
 >     >
 >     >     [root@manager ~]# openssl s_client -connect
172.20.22.78:54321 <http://172.20.22.78:54321>
 >     <http://172.20.22.78:54321>
 >     >     <http://172.20.22.78:54321>
 >     >
 >     >     140084336994192:error:140790E5:SSL routines:ssl23_write:ssl
 >     handshake
 >     >     failure:s23_lib.c:177:
 >     >     CONNECTED(0003)
 >     >     ---
 >     >     no peer certificate available
 >     >     ---
 >     >
 >     >     there's still some issue with the certificates.. so on the
 >     host again:
 >     >
 >     >     [root@cn128 vdsm]# find /etc/pki/vdsm/ -type f -cmin -10|
 >     xargs ls -l
 >     >     -rw---. 1 root kvm  1424 May 11 09:56
 >     /etc/pki/vdsm/certs/cacert.pem
 >     >     -rw---. 1 root kvm  5108 May 11 09:57
 >     >     /etc/pki/vdsm/certs/vdsmcert.pem
 &

[ovirt-users] Re: Can't add freshly installed node.. host has no default route

2020-05-13 Thread Giorgio Biacchi

Hi Lev,
I just used the iso you provided to reinstall the same host and now I 
see vdsm-hook-nestedvt is pre installed, but this is only a workaround.


The hook is always present, no matter what I put in 
/usr/share/ovirt-host-deploy/plugins/ovirt-host-deploy/vdsmhooks/packages.d/ 
on the engine host.


If I add, for example, vdsm-hook-macspoof in the same directory on the 
engine host the installation fails again:


2020-05-13 10:39:32,590+ ERROR 
otopi.plugins.otopi.packagers.yumpackager yumpackager.error:85 Yum 
Cannot queue package vdsm-hook-macspoof: Package vdsm-hook-macspoof 
cannot be found
2020-05-13 10:39:32,590+ DEBUG otopi.context 
context._executeMethod:145 method exception

Traceback (most recent call last):
  File "/tmp/ovirt-CQNPURostK/pythonlib/otopi/context.py", line 132, in 
_executeMethod

method['method']()
  File 
"/tmp/ovirt-CQNPURostK/otopi-plugins/ovirt-host-deploy/vdsmhooks/hooks.py", 
line 109, in _packages

self.packager.installUpdate(f.read().splitlines())
  File 
"/tmp/ovirt-CQNPURostK/otopi-plugins/otopi/packagers/yumpackager.py", 
line 305, in installUpdate

ignoreErrors=ignoreErrors
  File "/tmp/ovirt-CQNPURostK/pythonlib/otopi/miniyum.py", line 884, in 
installUpdate

**kwargs
  File "/tmp/ovirt-CQNPURostK/pythonlib/otopi/miniyum.py", line 500, in 
_queue

package=package,
RuntimeError: Package vdsm-hook-macspoof cannot be found

On https://resources.ovirt.org/pub/ovirt-4.3/rpm/el7/noarch/ I see many 
packetized hooks and I thought that adding what I need in 
/usr/share/ovirt-host-deploy/plugins/ovirt-host-deploy/vdsmhooks/packages.d/ 
was the correct way to install them. Am I wrong??


Regards

Il 12/05/2020 19:30, Lev Veyde ha scritto:

Hi Giorgio,

Do you have a staging test (non production) environment?
I built a test ovirt-node-ng image that includes this package, and if 
you want you can download it from here:

https://jenkins.ovirt.org/job/ovirt-node-ng-image_standard-check-patch/176/artifact/check-patch.el7.x86_64/

If you do, please let us know if it resolved the issue for you,

Thanks in advance,

On Tue, May 12, 2020 at 6:57 PM Giorgio Biacchi <mailto:gior...@di.unimi.it>> wrote:


Il 12/05/2020 17:07, Dominik Holler ha scritto:
     >
 >
 > On Tue, May 12, 2020 at 4:25 PM Giorgio Biacchi
mailto:gior...@di.unimi.it>
 > <mailto:gior...@di.unimi.it <mailto:gior...@di.unimi.it>>> wrote:
 >
 >     On 5/12/20 12:28 PM, Dominik Holler wrote:
 >      >
 >      >
 >      > On Tue, May 12, 2020 at 8:49 AM Giorgio Biacchi
 >     mailto:gior...@di.unimi.it>
<mailto:gior...@di.unimi.it <mailto:gior...@di.unimi.it>>
 >      > <mailto:gior...@di.unimi.it <mailto:gior...@di.unimi.it>
<mailto:gior...@di.unimi.it <mailto:gior...@di.unimi.it>>>> wrote:
     >      >
 >      >     On 5/11/20 5:53 PM, Dominik Holler wrote:
 >      >     >
 >      >     >
 >      >     > On Mon, May 11, 2020 at 12:31 PM Giorgio Biacchi
 >      >     mailto:gior...@di.unimi.it>
<mailto:gior...@di.unimi.it <mailto:gior...@di.unimi.it>>
 >     <mailto:gior...@di.unimi.it <mailto:gior...@di.unimi.it>
<mailto:gior...@di.unimi.it <mailto:gior...@di.unimi.it>>>
 >      >     > <mailto:gior...@di.unimi.it
<mailto:gior...@di.unimi.it> <mailto:gior...@di.unimi.it
<mailto:gior...@di.unimi.it>>
 >     <mailto:gior...@di.unimi.it <mailto:gior...@di.unimi.it>
<mailto:gior...@di.unimi.it <mailto:gior...@di.unimi.it>>>>> wrote:
 >      >     >
 >      >     >     Hi list,
 >      >     >     I've spent a couple of days trying to understand why
 >     this was
 >      >     >     happening...
 >      >     >
 >      >     >     For the installation I have a well tested
installation
 >     server
 >      >     with a
 >      >     >     custom kickstart file to setup ssh keys and custom
 >     hooks for
 >      >     infiniband
 >      >     >     and I'm installing Ovirt Node 4.3.9 via pxe, this is
 >     particularly
 >      >     >     useful
 >      >     >     when I have to install a bunch of blades at
once.. In
 >     the past
 >      >     I had no
 >      >     >     issues and all was working like a charm until
now when some
 >      >     hardware
 >      >     >     failed and I had to replace it.
 >      >     >
 >      >     >     As expected I have no issues in the node
installatio

[ovirt-users] Re: Can't add freshly installed node.. host has no default route

2020-05-13 Thread Giorgio Biacchi

Hi,
im my case that repo *is* enabled.. but I'm still unable to install the 
hooks I need..


Today I installed back a 4.3.9 ovirt node..

[root@cn128 ~]# yum repolist enabled
Loaded plugins: enabled_repos_upload, fastestmirror, imgbased-persist, 
package_upload, product-id, search-disabled-repos, subscription-manager, 
vdsmupgrade, versionlock
This system is not registered with an entitlement server. You can use 
subscription-manager to register.

Loading mirror speeds from cached hostfile
 * ovirt-4.3-epel: epel.mirror.far.fi
repo id   repo name 


status
centos-sclo-rh-release/x86_64 CentOS-7 - 
SCLo rh 
 6,509+6,509
ovirt-4.3/7   Latest 
oVirt 4.3 Release 
 2,831+2,807
ovirt-4.3-centos-gluster6/x86_64  CentOS-7 - 
Gluster 6 
 232+232
ovirt-4.3-centos-opstools/x86_64  CentOS-7 - 
OpsTools - release 
 1,069+1,069
ovirt-4.3-centos-ovirt43/x86_64   CentOS-7 - 
oVirt 4.3 
 484+484
ovirt-4.3-centos-qemu-ev/x86_64   CentOS-7 - 
QEMU EV 
   63+63
ovirt-4.3-epel/x86_64 Extra 
Packages for Enterprise Linux 7 - x86_64 
13,264+13,264
ovirt-4.3-virtio-win-latest   virtio-win 
builds roughly matching what will be shipped in upcoming RHEL 
   49+49
sac-gluster-ansible/x86_64Copr repo 
for gluster-ansible owned by sac 
16+16

repolist: 24,517
Uploading Enabled Repositories Report
Cannot upload enabled repos report, is this client registered?

but if I search or try to install the hooks I need either via yum or 
customizing the packages I want on the engine host they cannot be found..


[root@cn128 ~]# yum search vdsm-hook
Loaded plugins: enabled_repos_upload, fastestmirror, imgbased-persist, 
package_upload, product-id, search-disabled-repos, subscription-manager, 
vdsmupgrade, versionlock
This system is not registered with an entitlement server. You can use 
subscription-manager to register.

Loading mirror speeds from cached hostfile
 * ovirt-4.3-epel: epel.mirror.far.fi
= 
N/S matched: vdsm-hook 
=
vdsm-hook-ethtool-options.noarch : Allow setting custom ethtool options 
for vdsm controlled nics

vdsm-hook-fcoe.noarch : Hook to enable FCoE support
vdsm-hook-openstacknet.noarch : OpenStack Network vNICs support for VDSM
vdsm-hook-vhostmd.noarch : VDSM hook set for interaction with vhostmd
vdsm-hook-vmfex-dev.noarch : VM-FEX vNIC support for VDSM

  Name and summary matches only, use "search all" for everything.
Uploading Enabled Repositories Report
Cannot upload enabled repos report, is this client registered?

So I can't install vdsm-hook-nestedvt or vdsm-hook-macspoof.

Am I missing something??

Regards

Il 13/05/2020 16:09, Nir Levy ha scritto:

Hi Giorgio,

Ovirt-node is based on being a closed system with certain predefined 
packages,
so the system updates itself to a newer version with an updated bundle 
of packages.


additional packages can be installed if you enable the repositories 
residing at:

/etc/yum.repos.d in this case /etc/yum.repos.d/ovirt-4.3.repo
this should resolve what you are encountering.





On Wed, May 13, 2020 at 2:18 PM Giorgio Biacchi <mailto:gior...@di.unimi.it>> wrote:


Hi Lev,
I just used the iso you provided to reinstall the same host and now I
see vdsm-hook-nestedvt is pre installed, but this is only a workaround.

The hook is always present, no matter what I put in
/usr/share/ovirt-host-deploy/plugins/ovirt-host-deploy/vdsmhooks/packages.d/

on the engine host.

If I add, for example, vdsm-hook-macspoof in the same directory on the
engine host the installation fails again:

2020-05-13 10:39:32,590+ ERROR
otopi.plugins.otopi.packagers.yumpackager yumpackager.error:85 Yum
Cannot queue package vdsm-hook-macspoof: Package vdsm-hook-macspoof
cannot be found
2020-05-13 10:39:32,590+ DEBUG otopi.context
context._executeMethod:145 method exception
Traceback (most recent call last):
    File "/tmp/ovirt-CQNPURostK/pythonlib/otopi/context.py", line
132, in
_executeMethod
      method['method']()
    File
"/tmp/ovirt-CQNPURostK/otopi-plugins/ovirt-host-deploy/vdsmhooks/hooks.py",

line 109, in _packages
      self.packager.installUpdate(f.read().splitlines())
    File
"/tmp/ovirt-CQNPURostK/otopi-plugins/o

[ovirt-users] VM with illegal snapshots

2020-10-09 Thread Giorgio Biacchi
Hi,
due to a bug in our Ovirt integrated backup system now we have some VMs
with snapshots in illegal state.

It seems that there's an inconsistency between the db and the real
status of images on disk.

Let me show an example:

engine=# select
image_guid,parentid,imagestatus,vm_snapshot_id,volume_type,volume_format,active
from images where image_group_id='e34f77cb-54d5-40d0-b539-e0a5fd512d2d';
  image_guid  |   parentid  |
imagestatus |vm_snapshot_id| volume_type |
volume_format | active
--+--+-+--+-+---+
 a107b6c4-842e-4b40-9215-c965431a0c0f |
---- |   4 |
d19d6ca3-1989-4c67-8ee7-c0c43b3e6d74 |   2 | 4 | f
 a4c86a68-9123-454c-b417-1b15038a4bf2 |
a107b6c4-842e-4b40-9215-c965431a0c0f |   1 |
e7a405ee-8fd4-4733-ae9c-5252bf07c9d3 |   2 | 4 | f
 f6a61f2e-26bd-4b63-97c6-d66913ce48c5 |
a4c86a68-9123-454c-b417-1b15038a4bf2 |   1 |
9d0958b9-4995-4e11-a027-a32d4bac52e4 |   2 | 4 | t
(3 rows)


[root@host02 ~]#  lvs -o+lv_tags |grep e34f77cb-54d5-40d0-b539-e0a5fd512d2d
  a107b6c4-842e-4b40-9215-c965431a0c0f
459011cf-ebb6-46ff-831d-8ccfafd82c8a -wi---  149.50g
IU_e34f77cb-54d5-40d0-b539-e0a5fd512d2d,MD_68,PU_----
  f6a61f2e-26bd-4b63-97c6-d66913ce48c5
459011cf-ebb6-46ff-831d-8ccfafd82c8a -wi---   10.00g
IU_e34f77cb-54d5-40d0-b539-e0a5fd512d2d,MD_348,PU_a107b6c4-842e-4b40-9215-c965431a0c0f

so image guid a4c86a68-9123-454c-b417-1b15038a4bf2 is not present on
disk, i think that the image was correctly merged but not removed from
the database.

Any suggestion on how to fix the database to reflect the real situation
on disk??

TIA
-- 
gb

PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OF4NTAC6BPGRP4YJZRWBXQCNBWLERL72/


[ovirt-users] Re: VM with illegal snapshots

2020-11-09 Thread Giorgio Biacchi
I'm going to take a backup ad reinstall my VMs..

Regards

On 10/9/20 11:47 AM, Giorgio Biacchi wrote:
> Hi,
> due to a bug in our Ovirt integrated backup system now we have some VMs
> with snapshots in illegal state.
> 
> It seems that there's an inconsistency between the db and the real
> status of images on disk.
> 
> Let me show an example:
> 
> engine=# select
> image_guid,parentid,imagestatus,vm_snapshot_id,volume_type,volume_format,active
> from images where image_group_id='e34f77cb-54d5-40d0-b539-e0a5fd512d2d';
>   image_guid  |   parentid  |
> imagestatus |vm_snapshot_id| volume_type |
> volume_format | active
> --+--+-+--+-+---+
>  a107b6c4-842e-4b40-9215-c965431a0c0f |
> ---- |   4 |
> d19d6ca3-1989-4c67-8ee7-c0c43b3e6d74 |   2 | 4 | f
>  a4c86a68-9123-454c-b417-1b15038a4bf2 |
> a107b6c4-842e-4b40-9215-c965431a0c0f |   1 |
> e7a405ee-8fd4-4733-ae9c-5252bf07c9d3 |   2 | 4 | f
>  f6a61f2e-26bd-4b63-97c6-d66913ce48c5 |
> a4c86a68-9123-454c-b417-1b15038a4bf2 |   1 |
> 9d0958b9-4995-4e11-a027-a32d4bac52e4 |   2 | 4 | t
> (3 rows)
> 
> 
> [root@host02 ~]#  lvs -o+lv_tags |grep e34f77cb-54d5-40d0-b539-e0a5fd512d2d
>   a107b6c4-842e-4b40-9215-c965431a0c0f
> 459011cf-ebb6-46ff-831d-8ccfafd82c8a -wi---  149.50g
> IU_e34f77cb-54d5-40d0-b539-e0a5fd512d2d,MD_68,PU_----
>   f6a61f2e-26bd-4b63-97c6-d66913ce48c5
> 459011cf-ebb6-46ff-831d-8ccfafd82c8a -wi---   10.00g
> IU_e34f77cb-54d5-40d0-b539-e0a5fd512d2d,MD_348,PU_a107b6c4-842e-4b40-9215-c965431a0c0f
> 
> so image guid a4c86a68-9123-454c-b417-1b15038a4bf2 is not present on
> disk, i think that the image was correctly merged but not removed from
> the database.
> 
> Any suggestion on how to fix the database to reflect the real situation
> on disk??
> 
> TIA
> 

-- 
gb

PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YPEK3S6P6WQEWTR3GXBQX5THYWCPJ3CE/


[ovirt-users] Re: Update Package Conflict

2021-03-10 Thread Giorgio Biacchi

Il 3/10/21 3:56 PM, penguin pages ha scritto:


Fresh install of minimal CentOS8

Then deploy:
- EPEL
- Add ovirt repo https://resources.ovirt.org/pub/yum-repo/ovirt-release44.rpm

Install all nodes:
 - cockpit-ovirt-dashboard
 - gluster-ansible-roles
 - vdsm-gluster
 - ovirt-host
 - ovirt-ansible-roles
 - ovirt-ansible-infra

Install on "first node of cluster"
- ovirt-engine-appliance



Now each node is stuck with same package conflict error: (and this blocks GUI 
"upgrades")

[root@medusa ~]# yum update
Last metadata expiration check: 0:55:35 ago on Wed 10 Mar 2021 08:14:22 AM EST.
Error:
  Problem 1: package ovirt-host-4.4.1-4.el8.x86_64 requires cockpit-dashboard, 
but none of the providers can be installed
   - package cockpit-bridge-238.1-1.el8.x86_64 conflicts with cockpit-dashboard 
< 233 provided by cockpit-dashboard-217-1.el8.noarch
   - cannot install the best update candidate for package 
ovirt-host-4.4.1-4.el8.x86_64
   - cannot install the best update candidate for package 
cockpit-bridge-217-1.el8.x86_64
  Problem 2: problem with installed package ovirt-host-4.4.1-4.el8.x86_64
   - package ovirt-host-4.4.1-4.el8.x86_64 requires cockpit-dashboard, but none 
of the providers can be installed
   - package cockpit-system-238.1-1.el8.noarch obsoletes cockpit-dashboard 
provided by cockpit-dashboard-217-1.el8.noarch
   - cannot install the best update candidate for package 
cockpit-dashboard-217-1.el8.noarch
  Problem 3: package ovirt-hosted-engine-setup-2.4.9-1.el8.noarch requires 
ovirt-host >= 4.4.0, but none of the providers can be installed
   - package ovirt-host-4.4.1-4.el8.x86_64 requires cockpit-dashboard, but none 
of the providers can be installed
   - package ovirt-host-4.4.1-1.el8.x86_64 requires cockpit-dashboard, but none 
of the providers can be installed
   - package ovirt-host-4.4.1-2.el8.x86_64 requires cockpit-dashboard, but none 
of the providers can be installed
   - package ovirt-host-4.4.1-3.el8.x86_64 requires cockpit-dashboard, but none 
of the providers can be installed
   - package cockpit-system-238.1-1.el8.noarch obsoletes cockpit-dashboard 
provided by cockpit-dashboard-217-1.el8.noarch
   - cannot install the best update candidate for package 
ovirt-hosted-engine-setup-2.4.9-1.el8.noarch
   - cannot install the best update candidate for package 
cockpit-system-217-1.el8.noarch
(try to add '--allowerasing' to command line to replace conflicting packages or 
'--skip-broken' to skip uninstallable packages or '--nobest' to use not only 
best candidate packages)
[root@medusa ~]# yum update --allowerasing
Last metadata expiration check: 0:55:56 ago on Wed 10 Mar 2021 08:14:22 AM EST.
Dependencies resolved.
=
  Package 
Architecture Version
 Repository
Size
=
Upgrading:
  cockpit-bridge  x86_64
   238.1-1.el8  
   baseos   535 k
  cockpit-system  noarch
   238.1-1.el8  
   baseos   3.4 M
  replacing  cockpit-dashboard.noarch 217-1.el8
Removing dependent packages:
  cockpit-ovirt-dashboard noarch
   0.14.17-1.el8
   @ovirt-4.416 M
  ovirt-host  x86_64
   4.4.1-4.el8  
   @ovirt-4.411 k
  ovirt-hosted-engine-setup   noarch
   2.4.9-1.el8  
   @ovirt-4.4   1.3 M

Transaction Summary
=
Upgrade  2 Packages
Remove   3 Packages



##