[ovirt-users] Re: CEPH - Opinions and ROI
t at my home. My home oVirt system mounts NFS to a ZFS filesystem. Nothing fancy either. Stripped mirrors ensure good read/write speed with good fault tolerance. I threw two cheap SSD's as a log drive and a cache drive (which these two SSD's made HUGE performance gains for oVirt VM's) and it's been smooth sailing since. It's trivial to manage/upgrade and FAR less over-head than Ceph. That's really just the warnings I've got for you. I'm a HUGE fan of oVirt and we've done some pretty nutty stuff with it in testing and I trust it for multiple environments where we throw some pretty heavy loads at it. I've got TONS of praise for oVirt and the whole team that backs it. It's fantastic. And I do love Ceph (and specifically CephFS) and we get incredible performance that I could gush over all day long. If you are planning on building Ceph on the cheap, plan replications in sets of three, and prepare for lots of tweaking and tuning. If you are in the position to buy, I *HIGHLY* recommend at least talking to https://softiron.com (I do not work for them, I do not get any kick-back from them, I'm just very pleased with their product). They focus on Ceph and they do it well, but they still let you tweak as needed. And since they build off of Arm processors, all the power and heat come from the drives...these things run super-cool. Loads more efficient then the home-built stuff we ran for years. I'm even a huge fan of running oVirt with a CephFS storage! I _REALLY_ wish the combo would be treated better. But most of my frustrations are many years old at this point, and we've figured out workarounds in the meantime. It's too much for me to want to mess with at home, but so long as you plan out your Ceph install and you are just prepared to be the odd-ball using CephFS+oVirt including the workarounds it's a great setup. I absolutely believe that we've gotten a HUGE return on investment into Ceph...but I'm also using it for high-speed data computations in a big cluster. The oVirt + CephFS is an add-on to the HPC + CephFS. The ROI on oVirt is also huge because we were never satisfied with other virtualization solutions and while OpenStack worked for us it was FAR more overhead than we needed or could support with a team as small as ours. So I'm a big believer that our specific use case for both is a massive ROI win. Should you decide to move forward with CephFS + oVirt and you have questions, feel free to reach out to me. No promises that your problems will be the same as mine, but I can at least share some experiences/config-settings with you. Good luck! ~Stack~ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/YSMPMBZ435SK6UHYSWHLQLG4YRO5LAQ3/
[ovirt-users] Re: LDAP setup fails on 4.4 reading PEM file
On 2020-06-11 20:55, Stack Korora wrote: > Well made one discovery. While named with an 's' in EL7, in EL8 that 's' > is missing. ovirt-engine-extensions-aaa-ldap is now > ovirt-engine-extension-aaa-ldap. > > However, even after fixing that in the properties it still gives the > same error message (just missing the 's' now). I do have the packages > installed and I do have > /usr/share/java/ovirt-engine-extension-aaa-ldap/ovirt-engine-extension-aaa-ldap.jar > (and the symlinks that point there). Still throws errors. :-( I finally cracked it. There's a bunch of small minor changes that don't allow for the config file from 4.3 to work with 4.4. Things like dropping the 's' or exchanging the '-' for '.'. Also had a heck of a time with the ugly verbosity of the output from ovirt-engine-extension-aaa-ldap tool. Not nearly as clean as it was under 4.3. But, as I said, I cracked the issue and I've got it working. Thanks to all on the list. I found a lot of good info in searching the archive. Thanks! ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/7AMQAQKPUQGI3MDGQV5KT3CN3HOBJKZZ/
[ovirt-users] Re: LDAP setup fails on 4.4 reading PEM file
On 2020-06-11 20:32, Stack Korora wrote: > [snip] >> Since I wasn't getting anywhere with this, I decided to try a few >> things. I copied the following files from a working 4.3 on RHEL 7 >> (again, this setup is CentOS8 with 4.4): >> /etc/ovirt-engine/aaa/ldap.jks >> /etc/ovirt-engine/aaa/ldap.properties >> /etc/ovirt-engine/extensions.d/ldap-authn.properties >> /etc/ovirt-engine/extensions.d/ldap-authz.properties >> >> I verified permissions were all good (including SELinux). I restarted a >> few services but wasn't getting anything at all of value telling me what >> was wrong...so I rebooted. That did the trick! Now I get an error, >> though nothing of use is turning up from the internet searches. >> >> # ovirt-engine-extensions-tool info list-extensions >> [snip] >> SEVERE: Extension 'ldap-authn.properties' load failed (ignored): Error >> loading 'ldap-authn': The module 'org.ovirt.engine-extensions.aaa.ldap' >> cannot be loaded: org.ovirt.engine-extensions.aaa.ldap >> SEVERE: Extension 'ldap-authn.properties' load failed (ignored): Error >> loading 'ldap-authz': The module 'org.ovirt.engine-extensions.aaa.ldap' >> cannot be loaded: org.ovirt.engine-extensions.aaa.ldap >> [snip] >> >> I do have these packages installed: >> ovirt-engine-extensions-aaa-ldap >> ovirt-engine-extensions-aaa-ldap-setup Well made one discovery. While named with an 's' in EL7, in EL8 that 's' is missing. ovirt-engine-extensions-aaa-ldap is now ovirt-engine-extension-aaa-ldap. However, even after fixing that in the properties it still gives the same error message (just missing the 's' now). I do have the packages installed and I do have /usr/share/java/ovirt-engine-extension-aaa-ldap/ovirt-engine-extension-aaa-ldap.jar (and the symlinks that point there). Still throws errors. :-( Thoughts? Thanks! ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/HUVCIP4KVLMPI3GBGVZTMFUNHRMHRSBW/
[ovirt-users] Re: LDAP setup fails on 4.4 reading PEM file
Bottom posted update: On 2020-06-11 17:35, Stack Korora wrote: > Greetings, > I'm having some issues getting LDAP working on CentOS 8 with oVirt 4.4. > I would appreciate some help please. > > When I run ovirt-engine-extension-aaa-ldap-setup I choose "11 - RFC-2307 > Schema (Generic)" because that's what my LDAP guy said I should do. :-) > > Next I select the default Yes for "Use DNS". > > I select 4 for "Failover between multiple hosts". > > I put in my two hosts "svr1.my.domain srv2.my.domain". > > To select the protocol I type "ldaps". > > To select the method to obtain the PEM I type "File". > > Then the "File path". A full path to the file. Not quoted. Yes, I > checked that I typed it correct. I can copy-paste into "ls" and it's > fine with the correct read permissions and everything. (I can't copy > paste into the script but that's another issue.) > > It immediately fails with: > [ ERROR ] Failed to execute stage 'Environment customization': a > byte-like object is required, not 'str' > > There is a log file, here is the snippet at the point it goes wrong. > > 2020-06-11 11:35:49,915-0500 DEBUG otopi.plugins.otopi.dialog.human > dialog.__logString:204 DIALOG:SEND File path: > 2020-06-11 11:36:24,373-0500 DEBUG otopi.plugins.otopi.dialog.human > dialog.__logString:204 DIALOG:RECEIVE > /etc/pki/ca-trust/source/anchors/Infrastructure.pem > 2020-06-11 11:36:24,375-0500 DEBUG otopi.context > context._executeMethod:145 method exception > Traceback (most recent call last): > File "/usr/lib/python3.6/site-packages/otopi/context.py", line 132, in > _executeMethod > method['method']() > File > "/usr/share/ovirt-engine-extension-aaa-ldap/setup/bin/../plugins/ovirt-engine-extension-aaa-ldap/ldap/common.py", > line 781, in _customization_late > cacert, cacertfile, insecure = self._getCACert() > File > "/usr/share/ovirt-engine-extension-aaa-ldap/setup/bin/../plugins/ovirt-engine-extension-aaa-ldap/ldap/common.py", > line 357, in _getCACert > _cacertfile.write('\n'.join(cacert) + '\n') > File "/usr/lib64/python3.6/tempfile.py", line 485, in func_wrapper > return func(*args, **kwargs) > TypeError: a bytes-like object is required, not 'str' > 2020-06-11 11:36:24,376-0500 ERROR otopi.context > context._executeMethod:154 Failed to execute stage 'Environment > customization': a bytes-like object is required, not 'str' > 2020-06-11 11:36:24,376-0500 DEBUG otopi.context > context.dumpEnvironment:765 ENVIRONMENT DUMP - BEGIN > 2020-06-11 11:36:24,376-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV BASE/error=bool:'True' > 2020-06-11 11:36:24,376-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV BASE/exceptionInfo=list:'[( 'TypeError'>, TypeError("a bytes-like object is required, not 'str'",), > )]' > 2020-06-11 11:36:24,377-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/hosts=str:'svr1.my.domain > srv2.my.domain' > 2020-06-11 11:36:24,377-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/protocol=str:'ldaps' > 2020-06-11 11:36:24,377-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/serverset=str:'failover' > 2020-06-11 11:36:24,377-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/useDNS=bool:'True' > 2020-06-11 11:36:24,378-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV > QUESTION/1/OVAAALDAP_LDAP_CACERT_FILE=str:'/etc/pki/ca-trust/source/anchors/Infrastructure.pem' > 2020-06-11 11:36:24,378-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV > QUESTION/1/OVAAALDAP_LDAP_CACERT_METHOD=str:'file' > 2020-06-11 11:36:24,378-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV > QUESTION/1/OVAAALDAP_LDAP_PROTOCOL=str:'ldaps' > 2020-06-11 11:36:24,378-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV QUESTION/1/OVAAALDAP_LDAP_SERVERSET=str:'4' > 2020-06-11 11:36:24,378-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV QUESTION/1/OVAAALDAP_LDAP_USE_DNS=str:'yes' > 2020-06-11 11:36:24,378-0500 DEBUG otopi.context > context.dumpEnvironment:775 ENV > QUESTION/2/OVAAALDAP_LDAP_SERVERSET=str:'svr1.my.domain srv2.my.domain' > 2020-06-11 11:36:24,378-0500 DEBUG otopi.context > context.dumpEnvironment:779 ENVIRONMENT DUMP - END > Since I wasn't getting anywhere with this, I decided to try a
[ovirt-users] LDAP setup fails on 4.4 reading PEM file
Greetings, I'm having some issues getting LDAP working on CentOS 8 with oVirt 4.4. I would appreciate some help please. When I run ovirt-engine-extension-aaa-ldap-setup I choose "11 - RFC-2307 Schema (Generic)" because that's what my LDAP guy said I should do. :-) Next I select the default Yes for "Use DNS". I select 4 for "Failover between multiple hosts". I put in my two hosts "svr1.my.domain srv2.my.domain". To select the protocol I type "ldaps". To select the method to obtain the PEM I type "File". Then the "File path". A full path to the file. Not quoted. Yes, I checked that I typed it correct. I can copy-paste into "ls" and it's fine with the correct read permissions and everything. (I can't copy paste into the script but that's another issue.) It immediately fails with: [ ERROR ] Failed to execute stage 'Environment customization': a byte-like object is required, not 'str' There is a log file, here is the snippet at the point it goes wrong. 2020-06-11 11:35:49,915-0500 DEBUG otopi.plugins.otopi.dialog.human dialog.__logString:204 DIALOG:SEND File path: 2020-06-11 11:36:24,373-0500 DEBUG otopi.plugins.otopi.dialog.human dialog.__logString:204 DIALOG:RECEIVE /etc/pki/ca-trust/source/anchors/Infrastructure.pem 2020-06-11 11:36:24,375-0500 DEBUG otopi.context context._executeMethod:145 method exception Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/otopi/context.py", line 132, in _executeMethod method['method']() File "/usr/share/ovirt-engine-extension-aaa-ldap/setup/bin/../plugins/ovirt-engine-extension-aaa-ldap/ldap/common.py", line 781, in _customization_late cacert, cacertfile, insecure = self._getCACert() File "/usr/share/ovirt-engine-extension-aaa-ldap/setup/bin/../plugins/ovirt-engine-extension-aaa-ldap/ldap/common.py", line 357, in _getCACert _cacertfile.write('\n'.join(cacert) + '\n') File "/usr/lib64/python3.6/tempfile.py", line 485, in func_wrapper return func(*args, **kwargs) TypeError: a bytes-like object is required, not 'str' 2020-06-11 11:36:24,376-0500 ERROR otopi.context context._executeMethod:154 Failed to execute stage 'Environment customization': a bytes-like object is required, not 'str' 2020-06-11 11:36:24,376-0500 DEBUG otopi.context context.dumpEnvironment:765 ENVIRONMENT DUMP - BEGIN 2020-06-11 11:36:24,376-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV BASE/error=bool:'True' 2020-06-11 11:36:24,376-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV BASE/exceptionInfo=list:'[(, TypeError("a bytes-like object is required, not 'str'",), )]' 2020-06-11 11:36:24,377-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/hosts=str:'svr1.my.domain srv2.my.domain' 2020-06-11 11:36:24,377-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/protocol=str:'ldaps' 2020-06-11 11:36:24,377-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/serverset=str:'failover' 2020-06-11 11:36:24,377-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/useDNS=bool:'True' 2020-06-11 11:36:24,378-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV QUESTION/1/OVAAALDAP_LDAP_CACERT_FILE=str:'/etc/pki/ca-trust/source/anchors/Infrastructure.pem' 2020-06-11 11:36:24,378-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV QUESTION/1/OVAAALDAP_LDAP_CACERT_METHOD=str:'file' 2020-06-11 11:36:24,378-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV QUESTION/1/OVAAALDAP_LDAP_PROTOCOL=str:'ldaps' 2020-06-11 11:36:24,378-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV QUESTION/1/OVAAALDAP_LDAP_SERVERSET=str:'4' 2020-06-11 11:36:24,378-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV QUESTION/1/OVAAALDAP_LDAP_USE_DNS=str:'yes' 2020-06-11 11:36:24,378-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV QUESTION/2/OVAAALDAP_LDAP_SERVERSET=str:'svr1.my.domain srv2.my.domain' 2020-06-11 11:36:24,378-0500 DEBUG otopi.context context.dumpEnvironment:779 ENVIRONMENT DUMP - END Can someone help please? Thanks! ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/MHBAPSJOFLAWFMBT4HPJAZUYB3ODL7BX/
[ovirt-users] Re: PKIX path error
On 2020-06-02 06:16, Martin Perina wrote: > Hi, > > could you please restart ovirt-engine service and share server.log and > engine.log from /var/log/ovirt-engine ? Greetings Martin, Thank you for the response. Sorry it took a while, I had a family issue come up and had to road-trip 10hours away for a few days. An update on the status, we were also struggling with an unrelated hardware problem. The new NVMe drives were giving my coworkers and myself issues on 7. My coworker tried CentOS8 just to see what happened, and it worked flawlessly. So we _just_ rebuilt the whole thing: CentOS8 + oVirt 4.4. We figured we might as well attempt to future-proof this install a little bit while it is still in the "build" stage. :-) One of my goals today is to get SSL and LDAP working on the fresh install. If I have issues, I will post back. Thank you again! ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3X2KFSZBY337N56T2YBWSHA7YDG3UXKU/
[ovirt-users] Re: Mixing OS versions
On 2020-06-01 16:31, Sandro Bonazzola wrote: > > > Il giorno lun 1 giu 2020 alle ore 17:52 Stack Korora > mailto:stackkor...@disroot.org>> ha scritto: > > Greetings, > We've been using Scientific Linux 7 quite successfully with oVirt for > years now. However, since there will not be a SL8 we are transitioning > new servers to CentOS8. I would like to add a new oVirt hypervisor > node. > > How bad of an idea is it to have a 8 system when the rest are 7 even > though the version of oVirt will be the same? > > > Please note the oVirt version can't be the same on el7 and el8 because > hosts on el8 are supported only by oVirt 4.4 and oVirt 4.4 is not > available on el7. > You can upgrade the engine to 4.4 and then add el8 hosts while still > keeping el7 hosts until you finish the upgrade. Thank you for the clarification! I appreciate it. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/KIXLZWRJDRKAND2AZSQZYW6TYB2CUHXZ/
[ovirt-users] Mixing OS versions
Greetings, We've been using Scientific Linux 7 quite successfully with oVirt for years now. However, since there will not be a SL7 we are transitioning new servers to CentOS8. I would like to add a new oVirt hypervisor node. How bad of an idea is it to have a 8 system when the rest are 7 even though the version of oVirt will be the same? Thanks! ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/KH5JK3CVNVTNUHRII2KO2VM6LAUHOBTJ/
[ovirt-users] Re: PKIX path error
On 2020-05-29 07:03, Strahil Nikolov via Users wrote: > You mentioned that your certificates were different. Did you try converting > them to the type used in the example ? Yeah. So I will walk through the steps. Since I don't have a p12 format, the directions say "proceed to Replacing the Red Hat Virtualization Manager Apache SSL Certificate". Well, that isn't right. :-) Instead I skipped to "Replacing the oVirt Engine Apache SSL Certificate" I converted mine to PEM and did step #1 and I included not just my cert but the full chain. No issues there. I replaced the PEM per #2 and #3. Then backed up per #4. Step #5 & #6 require steps from the first section I skipped above. So I did those. If I do those steps exactly, I will get SSL errors about untrusted cert. However, if I add (>> vs >) to the original (which I backed up) then all the SSL errors go away. That was with apache.key.nopass and apache.cer. The rest of the steps I followed exactly. Not sure if that helps point out what I did wrong. Thanks for replying! ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/5G27DGSCSFUJSQ7233WQ4ETH4EM32GLA/
[ovirt-users] Re: PKIX path error
On 2020-05-29 08:08, Martin Perina wrote: > Hi Stack, > > if I understand correctly your custom SSL certificates are working > correctly and you are able to login to webadmin using admin@internal, > right? Correct. > If the problem is, that your aaa-ldap profile is not visible in the > login dialog, then there is some issue with aaa-ldap configuration. > You have mentioned that you used ovirt-engine-extension-aaa-ldap-setup > tool to create you aaa-ldap profile, have you executed login and > search operation at the end of setup tool? If so, were they successful? I did and yes they were. > > Anyway right you can use following command to debug your aaa > extensions setup: > > # ovirt-engine-extensions-tool info list-extensions > > Using above command, could you see authn and authz instance of your > aaa-ldap profile? I do see both authz and authn. > If so, please try below tests: > > 1. Checking is user search is working: > > # ovirt-engine-extensions-tool aaa search --extension-name= PROFILE AUTHZ NAME> --entity-name= It does work and it returns valid information. > 2. Checking if login is working > > # ovirt-engine-extensions-tool aaa login-user --profile= NAME> --user-name= > A result=SUCCESS on that too! However, I still don't see a second profile option on the web login. Thanks for responding and giving me some help! ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/C2QPG6OPMUHW2IQJO2QDA3GB74DPWVYZ/
[ovirt-users] Re: PKIX path error
On 2020-05-28 16:07, Strahil Nikolov wrote: > Can you check > https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL.html just > in case you missed a step ? > > Best Regards, > Strahil Nikolov Greetings, Thanks for replying. I was going to argue a bit since the way my certs come are in different formats so my commands are a bit different then the directions. But I went through step by step. Got to the end, and the internal authentication was working with the right SSL cert! My LDAP authentication was missing though...it looks correct. So I redid all the steps for adding LDAP. At the end of the ovirt-engine-extension-aaa-ldap-setup script, I can test accounts and search so I know that is correct. My cert is in the right .jks file. Still nothing I do shows anything but internal. So I scrapped the changes and started over. Round three on a fresh reboot (just in case I missed a service) with the SSL certs and configuring LDAP. SSL works, internal works, ldap doesn't show up as a drop-down option for the profile. Grr...Reboot just in case I missed a service again...nope. SSL and internal work, ldap still not shown in the profile. Tried a different browser, same thing. Double Grr... Any suggestions on where I might be going wrong? Thanks! ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/A4BKWITWPNPYYVLDVRN4XOSDTN4LPNB3/
[ovirt-users] PKIX path error
Greetings, I have a running oVirt install that's been working for almost 2 years. I'm building a _completely_ new install. I mention it because it is useful for me to compare configurations when I run into issues like this one. Right now there are three physical hosts: 1x management where I run the engine and db 2x hypervisor nodes. I had it up and installed and running smooth this morning on 4.3.9.4-1.el7 on Scientific Linux 7.8 (fully patched). I copied over our 3rd party certs from the running system and restarted httpd. Perfect. SSL is running! /etc/pki/ovirt-engine/apache-ca.pem /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/keys/apache.key.nopass Next I used ovirt-engine-extension-aaa-ldap-setup to point to our ldap server. I did the login and search test and both passed on the command line! Horray! Then I went to the web interface... sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target I'm digging through logs and I don't see anything close to this error except nearly the identical message in engine.log. ERROR [org.ovirt.engine.core.aaa.servlet.SslPostLoginServlet] (default task-2) [] server_error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target I can't log in via the web at all, I only get that message (so I can't even test out the local admin). The aaa ldap configuration it generated is darn near perfectly identical (just a name change). The certs are the same. Even when I look in the keystore, the sha1 hashes are the same between the two environments! After over an hour poking at this, I'm completely stumped. Can someone please give me a pointer on what I should try next? Thanks! ~Stack~ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/YOR3ATLII3LYIBEYVOKTEE4RIYZGJR76/
[ovirt-users] Re: Multiple CephFS Monitors cause issues with oVirt
On 08/29/2018 10:44 AM, Stack Korora wrote: > On 08/29/2018 10:14 AM, Markus Stockhausen wrote: >> Hi, >> >> maybe a foolish guess: Did you try this >> >> https://www.spinics.net/lists/ceph-devel/msg30958.html >> >> Mit freundlichen Grüßen, >> >> Markus Stockhausen >> Head of Software Technology > Thanks, I thought about that but I have not tried it. I will add it to > my list to check today and will report back if it works (though I don't > see why it wouldn't). It is good to know that someone else has at least > had success with having a DNS entry for the multiple CephFS monitor hosts. A single DNS entry did not work. Red Hat's oVirt did not like mounting it even though it works fine via command line. :-/ I now have a Red Hat ticket open so we will see what happens on that front. Thanks! ~Stack~ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/4RFPEUFOIGHKA6MD2JPC72SBD6GHIZPZ/
[ovirt-users] Re: Multiple CephFS Monitors cause issues with oVirt
On 08/29/2018 10:14 AM, Markus Stockhausen wrote: > Hi, > > maybe a foolish guess: Did you try this > > https://www.spinics.net/lists/ceph-devel/msg30958.html > > Mit freundlichen Grüßen, > > Markus Stockhausen > Head of Software Technology Thanks, I thought about that but I have not tried it. I will add it to my list to check today and will report back if it works (though I don't see why it wouldn't). It is good to know that someone else has at least had success with having a DNS entry for the multiple CephFS monitor hosts. ~Stack~ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3VJO3TMKB6WVOPORFDLC6D6OFWJDQGZS/
[ovirt-users] Re: Multiple CephFS Monitors cause issues with oVirt
On 08/29/2018 09:28 AM, Nir Soffer wrote: > > > On Wed, 29 Aug 2018, 15:48 Stack Korora, <mailto:stackkor...@disroot.org>> wrote: > > Greetings, > > My setup is a complete Red Hat install. > Manager OS: RHEL 7.5 > Hypervisors OS: RHEL 7.5 > Running Red Hat CephFS (with their Ceph repos on all of the systems) > with Red Hat Virtualization (aka oVirt). > Everything is fully patched and updated as of yesterday morning. > > Yes, I have valid Red Hat support but I figured this was an odd enough > problem that the community (and the Red-Hat-ers who hang out on this > list) might have a better idea of where to start. (Although I > might open > a ticket anyway just because that is what support is for, right? :) > > Quick background: > > Your /etc/fstab when you mount a nfs should probably look > something like > this: > :/path/ /mount/point nfs 0 0 > > Just one IP is needed. Since part of the redundancy for Ceph is in the > monitors, to mount CephFS the fstab should look something like this: > > ,,:/path/ > /mount/point ceph 0 0 > > Both the Ceph community and Red Hat recommend the comma separator for > mounting multiple CephFS monitor nodes. (See section 4.2 point 3) > > https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/2/html/ceph_file_system_guide_technology_preview/mounting_and_unmounting_ceph_file_systems > > > Now to oVirt/RHV. > > When I mount my Data Domain path as a Posix file system with a path of > ":/path/" it works splendidly well (especially > after > the last Red Hat kernel update!). I've done a bunch of stuff to it and > it seems to work every time. However, I don't have the redundancy of > multiple Ceph Monitors. > > When I mount my Data Domain path as a Posix file system with a path of > ",,:/path/" > most things seem to work. But I noticed a higher rate of failures. The > only failure that I can trigger 100% of the time though is to mount a > second data import domain and attempt to copy a vm disk from the > import > into the CephFS Data domain. Then I get an error like this: > > would > VDSM ovirt01 command HSMGetAllTasksStatusesVDS failed: > low level Image copy failed: > (u'Destination volume 7c1bb510-9f35-4456-8d51-0955f788ac3e error: > ParamsList: sep , in > > /rhev/data-center/mnt/,,:_ovirt_data/70fb34ad-e66d-43e6-8412-5e020baa34df/images/23991a68-0c43-433f-b1f9-48b1533da54a',) > > Uh, oh. It seems that the commas in the mount path are causing the > problems. So I went looking through the logs for "sep , in" and > found a > bunch more hits which makes me think that this is actually the problem > message. > > I've switched back to just one IP address for the time being but I > obviously want the Ceph redundancy back. While running on just one IP, > the vm disk that refused to copy before had no problem copying. The > _only_ change I made was dropping two of the three IP's from the Data > Domain path option. > > Is this a bug, or did I do something wrong? > > > > Looks like a bug,aybe vdsm is not parsing the mount spec correctly. > > Please file vdsm bug and attach vdsm logs showing the entire flow. > > Regardless, I'm not sure how well oVirt with cephfs is tested, or > recommended. > > Adding Yaniv t9 add more info on this. > > Nir Thank you. I can file a report today. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/AJKZDJGU5TSF2HQXK3F6C6QPO5IQDWQ3/
[ovirt-users] Multiple CephFS Monitors cause issues with oVirt
Greetings, My setup is a complete Red Hat install. Manager OS: RHEL 7.5 Hypervisors OS: RHEL 7.5 Running Red Hat CephFS (with their Ceph repos on all of the systems) with Red Hat Virtualization (aka oVirt). Everything is fully patched and updated as of yesterday morning. Yes, I have valid Red Hat support but I figured this was an odd enough problem that the community (and the Red-Hat-ers who hang out on this list) might have a better idea of where to start. (Although I might open a ticket anyway just because that is what support is for, right? :) Quick background: Your /etc/fstab when you mount a nfs should probably look something like this: :/path/ /mount/point nfs 0 0 Just one IP is needed. Since part of the redundancy for Ceph is in the monitors, to mount CephFS the fstab should look something like this: ,,:/path/ /mount/point ceph 0 0 Both the Ceph community and Red Hat recommend the comma separator for mounting multiple CephFS monitor nodes. (See section 4.2 point 3) https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/2/html/ceph_file_system_guide_technology_preview/mounting_and_unmounting_ceph_file_systems Now to oVirt/RHV. When I mount my Data Domain path as a Posix file system with a path of ":/path/" it works splendidly well (especially after the last Red Hat kernel update!). I've done a bunch of stuff to it and it seems to work every time. However, I don't have the redundancy of multiple Ceph Monitors. When I mount my Data Domain path as a Posix file system with a path of ",,:/path/" most things seem to work. But I noticed a higher rate of failures. The only failure that I can trigger 100% of the time though is to mount a second data import domain and attempt to copy a vm disk from the import into the CephFS Data domain. Then I get an error like this: would VDSM ovirt01 command HSMGetAllTasksStatusesVDS failed: low level Image copy failed: (u'Destination volume 7c1bb510-9f35-4456-8d51-0955f788ac3e error: ParamsList: sep , in /rhev/data-center/mnt/,,:_ovirt_data/70fb34ad-e66d-43e6-8412-5e020baa34df/images/23991a68-0c43-433f-b1f9-48b1533da54a',) Uh, oh. It seems that the commas in the mount path are causing the problems. So I went looking through the logs for "sep , in" and found a bunch more hits which makes me think that this is actually the problem message. I've switched back to just one IP address for the time being but I obviously want the Ceph redundancy back. While running on just one IP, the vm disk that refused to copy before had no problem copying. The _only_ change I made was dropping two of the three IP's from the Data Domain path option. Is this a bug, or did I do something wrong? Does anyone have a suggestion for me to try? Thank you! ~Stack~ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/6VVKOIQIDEH5ZV5XPVO3ZTJKFZPVF2GG/
Re: [ovirt-users] Remote DB: How do you set server_version?
On 05/02/2018 03:26 PM, Jamie Lawrence wrote: > > I've been down this road. Postgres won't lie about its version for you. If > you want to do this, you have to patch the Ovirt installer[1]. I stopped > trying to use my PG cluster at some point - the relationship between the > installer and the product combined with the overly restrictive requirements > baked into the installer[2]) makes doing so an ongoing hassle. So I treat > Ovirt's PG as an black box; disappointing, considering that we are a very > heavy PG shop with a lot of expertise and automation I can't use with Ovirt. > > If nothing has changed (my notes are from a few versions ago), everything you > need to correct is in > > /usr/share/ovirt-engine/setup/ovirt_engine_setup/engine_common/constants.py > > Aside from the version, you'll also have to make the knobs for vacuuming > match those of your current installation, and I think there was another > configurable for something else I'm not remembering right now. > > Be aware that doing so is accepting an ongoing commitment to monkeying with > the installer a lot. At one time I thought doing so was the right tradeoff, > but it turns out I was wrong. > > -j > > [1] Or you could rebuild PG with a fake version. That option was unavailable > here. > [2] Not criticizing, just stating a technical fact. How folks apportion their > QA resources is their business. > Yikes! OK. Thanks for the warning. I've got better things to do with my time. I will just skip this part of exploring. :-) Thank you! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Remote DB: How do you set server_version?
Greetings, Exploring hosting my engine and ovirt_engine_history db's on my dedicated PostgreSQL server. This is a 9.5 install on a beefy box from the postgresql.org yum repos that I'm using for other SQL needs too. 9.5.12 to be exact. I set up the database just as the documentation says and I'm doing a fresh install of my engine-setup. During the install, right after I give it the details for the remote I get this error: [ ERROR ] Please set: server_version = 9.5.9 in postgresql.conf on 'None'. Its location is usually /var/lib/pgsql/data , or somewhere under /etc/postgresql* . Huh? Um. OK. $ grep ^server_version postgresql.conf server_version = 9.5.9 $ systemctl restart postgresql-9.5.service LOG: syntax error in file "/var/lib/pgsql/9.5/data/postgresql.conf" line 33, n...n ".9" FATAL: configuration file "/var/lib/pgsql/9.5/data/postgresql.conf" contains errors Well that didn't work. Let's try something else. $ grep ^server_version postgresql.conf server_version = 9.5.9 $ systemctl restart postgresql-9.5.service LOG: parameter "server_version" cannot be changed FATAL: configuration file "/var/lib/pgsql/9.5/data/postgresql.conf" contains errors Whelp. That didn't work either. I can't seem to find anything in the oVirt docs on setting this. How am I supposed to do this? Thanks! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Is it possible to recover from a failed Engine host?
On 05/02/2018 07:27 AM, Alexander Wels wrote: > On Wednesday, May 2, 2018 8:03:53 AM EDT ~Stack~ wrote: >> Greetings, >> >> I have a dev environment where it seems the hard drive on our Engine >> host kicked the bucket (Yeah, I know. Smartmon. I watch it closely on >> the systems I care about - this was a learning environment for me so I >> didn't). >> >> The Hypervisors are fine and the VM's running on the Hypervisors are >> fine...But I can't manage any of the Hypervisors. To make things a bit >> more tricky, the SQL and the backups were on the drive that died. I >> really don't have anything from that host. It's dev. I can rebuild. But >> it is also a learning environment for me so might as well use this to learn. >> >> Is it possible for me to build a new Engine host and attach it to an >> existing hypervisor environment? Better yet, would this be something I >> could do as a hosted-engine-deploy? (something I haven't experimented >> with yet.) >> >> Again, this is a play ground so if it goes horrifically wrong...oh well. >> But I would really like to try to recover it for the learning >> experience. I've been poking around in the documentation but I haven't >> seen anything that seems to address this issue directly. >> >> Thoughts? >> >> Thanks! >> ~Stack~ > > As long as the storage domain is in tact you should be able to recover > everything. And it does sound like this is the case as the VMs are still > running. Basically you just install a new engine somewhere and then do the > following: > > - Create new Data Center > - Create new Cluster > - You will need a host to add to your cluster. Add this host. > - Create a small temporary storage domain, this will allow you to bring up > the > data center which in turn will allow you to IMPORT the existing storage > domain. > - Once the DC is up, you can 'import' the existing storage domain, it will > warn you that the storage domain is still attached to another DC, but since > that engine is gone, you can ignore that. > - Once the new DC is imported you can stop/detach/remove the small temporary > storage domain, which will make the imported storage domain, the master > domain. > > Once all that is done, you can simply go to the storage domain, and 'import' > whatever VM/template you have stored on the storage domain, and it will show > up in the VM/template list. Then you add all your hosts and you should have a > running environment again. > Thank you! I will give it a try and see what happens. ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Is it possible to recover from a failed Engine host?
Greetings, I have a dev environment where it seems the hard drive on our Engine host kicked the bucket (Yeah, I know. Smartmon. I watch it closely on the systems I care about - this was a learning environment for me so I didn't). The Hypervisors are fine and the VM's running on the Hypervisors are fine...But I can't manage any of the Hypervisors. To make things a bit more tricky, the SQL and the backups were on the drive that died. I really don't have anything from that host. It's dev. I can rebuild. But it is also a learning environment for me so might as well use this to learn. Is it possible for me to build a new Engine host and attach it to an existing hypervisor environment? Better yet, would this be something I could do as a hosted-engine-deploy? (something I haven't experimented with yet.) Again, this is a play ground so if it goes horrifically wrong...oh well. But I would really like to try to recover it for the learning experience. I've been poking around in the documentation but I haven't seen anything that seems to address this issue directly. Thoughts? Thanks! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Help debugging VM import error
Thank you Roy and Benny for your assistance. I have opened the following bug ticket: https://bugzilla.redhat.com/show_bug.cgi?id=1571039 Please let me know if there is something else I can provide. And thank you for your work on oVirt! :-) ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Help debugging VM import error
On 04/23/2018 01:57 PM, Roy Golan wrote: > Please open a bug including the logs. > https://www.ovirt.org/community/get-involved/report-a-bug/ Sorry, got pulled onto another project that a coworker needed help on. I will gladly file a bug report in the morning (or later tonight if I get the chance). > Also what is the exact version you are using? 4.2.2 Thanks! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Help debugging VM import error
Greetings, After my rebuild, I have imported my VM's. Everything went smooth and all of them came back, except one. One VM gives me the error "General command validation failure." which isn't helping me when I search for the problem. The oVirt engine logs aren't much better at pointing to what the failure is (posted below). Can someone help me figure out why this VM isn't importing, please? Thanks! ~Stack~ 2018-04-23 13:31:44,313-05 INFO [org.ovirt.engine.core.bll.exportimport.ImportVmFromConfigurationCommand] (default task-72) [6793fe73-7cda-4cb5-a806-7104a05c3c1b] Lock Acquired to object 'EngineLock:{exclusiveLocks='[infra01=VM_NAME, 0b64ced5-7e4b-48cd-9d0d-24e8b905758c=VM]', sharedLocks='[0b64ced5-7e4b-48cd-9d0d-24e8b905758c=REMOTE_VM]'}' 2018-04-23 13:31:44,349-05 ERROR [org.ovirt.engine.core.bll.exportimport.ImportVmFromConfigurationCommand] (default task-72) [6793fe73-7cda-4cb5-a806-7104a05c3c1b] Error during ValidateFailure.: java.lang.NullPointerException at org.ovirt.engine.core.bll.validator.ImportValidator.validateStorageExistsForMemoryDisks(ImportValidator.java:140) [bll.jar:] at org.ovirt.engine.core.bll.exportimport.ImportVmFromConfigurationCommand.isValidDisks(ImportVmFromConfigurationCommand.java:151) [bll.jar:] at org.ovirt.engine.core.bll.exportimport.ImportVmFromConfigurationCommand.validate(ImportVmFromConfigurationCommand.java:103) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:779) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:368) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) [bll.jar:] at org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:596) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:566) [bll.jar:] at sun.reflect.GeneratedMethodAccessor914.invoke(Unknown Source) [:1.8.0_161] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_161] at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_161] at org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509) at org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:78) at org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:88) at org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:101) at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509) at org.ovirt.engine.core.bll.interceptors.CorrelationIdTrackerInterceptor.aroundInvoke(CorrelationIdTrackerInterceptor.java:13) [bll.jar:] at sun.reflect.GeneratedMethodAccessor71.invoke(Unknown Source) [:1.8.0_161] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_161] at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_161] at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptor.java:89) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43) [wildfly-ejb3-11.0.0.Final.jar:11.0.0.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) at org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45) [wildfly-ee-11.0.0.Final.jar:11.0.0.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:40) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) at org.jboss.invocation.ChainedIntercep
Re: [ovirt-users] Power management / fencing with Intel AMT
On 04/21/2018 06:03 AM, Shawn Southern wrote: > Does anyone have power management with Intel's Management Engine / AMT > working with oVirt 4.22? Sorry. I don't have any experience with Intel AMT. > I found this article @ RH, but I don't have access to read it. > https://access.redhat.com/solutions/913413 Basically it says "If you need this, open a Red Hat support case and tell us because it isn't supported yet." It does give mention to amtterm which I have no idea if it will be useful to you or not. $ yum info amtterm Available Packages Name: amtterm Arch: x86_64 Version : 1.6 Release : 1.el7 Size: 48 k Repo: epel/x86_64 Summary : Serial-over-lan (sol) client for Intel AMT URL : http://www.kraxel.org/blog/linux/amtterm/ License : GPLv2+ Description : Serial-over-lan (sol) client for Intel AMT. : Includes a terminal and a graphical (gtk) version. : Also comes with a perl script to gather informations : about and remotely control AMT managed computers. Hope this helps some. ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] libzbxovirt - zabbix module for oVirt (proof-of-concept)
On 04/19/2018 05:25 PM, Peter Hudec wrote: > Hi, > > I just wanted to share my work to get oVirt monitored by Zabbix. It > could be good start for future work. > > If interested, please see https://github.com/hudecof/libzbxovirt > > There is still a lot of work on this, so any help is welcome. Awesome! Thanks for your work. I will check it out. ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Unable to add host to cluster after network
On 04/18/2018 09:55 AM, ~Stack~ wrote: > On 04/18/2018 08:41 AM, Eitan Raviv wrote: >> Hi Stack, >> >> I read through your ordeal and I would like to post a few comments: > > Thanks I appreciate it! > >> * When I try to reproduce your scenario with the second network set to >> 'not required' before on-boarding the second host, it is processed >> and set to 'up' by the engine without any hiccups or any errors in >> the log. > > Hrm. Yeah, I think I can reproduce the failure. I've only done it once, > but I have the chance to test so just to make sue I've got the right > information I'm going to run a another test specifically for it. > I agree with you, Eitan. I did a complete rebuild and made sure my alternate network was set to 'not required' before adding the second host. I successfully added a second host. It is possible I did something else wrong in that first test. Since this is an acceptable work-around for now, I am going to finish building my hosts out so I can move forward with this project. I would still like feedback on my other questions in the original post if anyone is willing. Thanks! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Unable to add host to cluster after network
On 04/18/2018 09:55 AM, ~Stack~ wrote: > On 04/18/2018 08:41 AM, Eitan Raviv wrote: [snip] >> but on my setup it can be resolved: initially the second >> network is proclaimed missing and the host becomes non-operational, >> with its interfaces disappearing from the engine as you reported. >> But if the second network is rendered 'not-required' or even deleted >> for that matter from the engine, engine succeeds in reconnecting to >> the second host within a couple of minutes, and the host gains 'up' >> status. > > Setting the second network to 'not-required' does not seem to break my > hosts out of their infinite loop. Confirmed. Setting the second network to 'not required' did not break the loop. I hard powered off the box, let ovirt set it as down (thus breaking the loop), then powered it back on. The loop continued (at least twice anyway - takes roughly 5 minutes for a loop). > > I haven't tried deleting the second network yet. Let me try that before > I rebuild to test the first point. Confirmed. Same thing as above only this time I deleted every network but ovirtmgmt. Again, went through 2 full loops without resolving. I am going to do a fresh rebuild and test by having the second network set to 'not required' before adding a second host. ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Unable to add host to cluster after network
On 04/18/2018 08:41 AM, Eitan Raviv wrote: > Hi Stack, > > I read through your ordeal and I would like to post a few comments: Thanks I appreciate it! > * When I try to reproduce your scenario with the second network set to > 'not required' before on-boarding the second host, it is processed > and set to 'up' by the engine without any hiccups or any errors in > the log. Hrm. Yeah, I think I can reproduce the failure. I've only done it once, but I have the chance to test so just to make sue I've got the right information I'm going to run a another test specifically for it. > * On the other hand, if the network is 'required' the scenario > reproduces, Whoo! I'm not completely crazy! I'm just lucky to discover a new bug I suppose. :-) > but on my setup it can be resolved: initially the second > network is proclaimed missing and the host becomes non-operational, > with its interfaces disappearing from the engine as you reported. > But if the second network is rendered 'not-required' or even deleted > for that matter from the engine, engine succeeds in reconnecting to > the second host within a couple of minutes, and the host gains 'up' > status. Setting the second network to 'not-required' does not seem to break my hosts out of their infinite loop. I haven't tried deleting the second network yet. Let me try that before I rebuild to test the first point. Thank you for your feedback. It is much appreciated. ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Unable to add host to cluster after network
.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-39) [4f72afaa] START, SetVdsStatusVDSCommand(HostName = node2, SetVdsStatusVDSCommandParameters:{hostId='f0a3d515-8ba2-490e-8d65-54edbb52cefc', status='NonOperational', nonOperationalReason='NETWORK_UNREACHABLE', stopSpmFailureLogged='false', maintenanceReason='null'}), log id: 7459a748 Which network is unreachable? Because every single one of them is fine! Ugh! I am completely stumped as to why it works perfectly pre-additional-networks but fails every time after a network is configured. A couple of questions. 1. I assume people have added hosts _after_ they've configured multiple networks. So what am I doing wrong? Why am I unable to add a host? Again, if I don't configure that second network, it will happily add all my hosts. But what happens when I want to add a host in the future? 2. How do I break that infuriating infinite non-operational loop? I can't put it into maintenance mode, I can't delete the host, or anything else. The options are greyed out. The only solution I've found is yank the power and after it freaks out for about 30 minutes because it can't find the host, it will stop trying. But I still can't seem to remove the bad host. There has to be a way via command-line to say "stop timing out, knock that off, and delete this host!" but I'm not finding it in my searching. 3. I feel like I go through periods with oVirt where everything is running exactly the way I want then something happens (like me trying to add a host! Or thinking I can just change a host IP without the whole thing dying on me!) and it all just falls apart. I feel like I am just stumbling through most of it. I've previously gotten a lot out of the Red Hat classes and work has offered to send me to a training of my choice this year. I am really considering taking the 318 Virtualization class. I'm curious though, how close is that to what I would be working with oVirt? I'm guessing that since 4.2 recently came out, there is probably minimal chance the class will be over 4.2 but maybe it is close enough? I would love to hear feedback. Thanks! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] I broke my ovirt real good....
On 04/16/2018 10:02 AM, Alexander Wels wrote: > On Friday, April 13, 2018 6:48:31 PM EDT ~Stack~ wrote: [sni] >> It just sits there and in the log files there is the below messages >> repeating. It's like it doesn't care for the fact that this was an >> imported domain or something. >> >> Thoughts? >> >> Thanks! >> ~Stack~ >> > > Don't know too much about the VDSM side of things. But obviously its looking > for a storage domain it can't find anymore. You can try restarting VDSM > (won't > affect running VMs) and see if rescans the available storage domains and > won't > try to access it during the migration of the VMs. Other than that I don't > know. No worries. Thanks for responding. One of my hosts has gone berserk anyway so I'm just going to do a complete fresh reinstall tomorrow. The host says "Host has no default route" which is a load of bull. There's nothing wrong with the default route or network connectivity. However, oVirt puts it into non-opperational where it will sit for about 20 minutes. When it finally actually stops that process, it immediately (milliseconds later) puts it into "activating" but then complain about the default route and the whole process starts over again. There's something wrong with this install so I'm just going to take the nuke-it-from-orbit-and-start-over approach tomorrow morning. ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] I broke my ovirt real good....
On 04/13/2018 07:16 AM, Alexander Wels wrote: > On Thursday, April 12, 2018 6:26:07 PM EDT ~Stack~ wrote: >> Greetings, >> >> So I did a over-confident-admin-makes-rookie-mistake. I changed a bunch >> of things all back-to-back and thus don't actually know what broke. :-D >> >> The only two real "big" changes were: >> * Upgrade from 4.2.1 to 4.2.2 >> * change my ovirtmgmt network >> >> The update I followed the upgrade procedures and I thought it all went >> pretty well. Because I am moving it from a testing into what I hope will >> be a more heavily used environment, I changed my ovirtmgmt network from >> 192.168.100.0/24 to 192.168.101.0/24 via the web-gui. >> >> That was a touch tricker than just a change as I had to poke the >> management engine host to be reachable on both network for a while, then >> it just seemed OK. >> >> What's happening is: >> * I can no longer migrate a vm from one host to the other. >> * If I try to do a "reinstall" it dies. >> * There is some serious network lag between my hosts on a 10Gb network. >> * I've got all kinds of python2.4 failures in my vdsm and mom logs. >> >> Those are least the biggies. >> >> So while I was planning on moving this to a more active use case, right >> now - it is all still my play ground. I would REALLY hate to lose the >> VM's but everything else can go and be rebuilt. >> >> Given that I've somehow really broke this system pretty good, would it >> be more advisable to blow away and rebuild it ALL or can I simply delete >> the hypervisor hosts and rebuild them? >> >> Thoughts? >> >> Thanks! >> ~Stack~ > > As long as you don't destroy the data on your data domain you can rebuild the > engine and hosts and then import the existing data domain without too many > issues. I have destroyed my engine database many times, and I am still using > the same VMs from the same data domain. > > Here is what I do when I mess up my database to the point I have to make a > new > one: > > 1. Recreate the engine and database, so that I have basically have an empty > engine with no hosts and VMs. > 1.1 (Optional) make a new DC that is not default. and add a cluster. > 2. Add my hosts (I only have 2 so that is quick and easy). > 3. Add a throw away data domain (This is needed to get the DC up so I can > import the existing data domain). > 4. Import (NOT new, import) the existing data domain. > 5. Do to Storage->Storage Domains->VM import and import the VMs I want. > 6. Same for templates and disks if needed. > 7. After you have imported the VMs/Templates/Disks you can detach and remove > the throw away data domain and the one you imported becomes the master domain. > > Note if you want to move VMs between your play ground and more serious system > you can simply detach your data domain from the play ground, then attach it > to > the serious engine (so you have 2 engines, one play ground and one serious) > and import which VMs you want. That way you won't run into issues with > configuring networks and stuff like you experienced. > Thanks for that help. I did that and everything looks fantastic...except I can't migrate VM's. :-/ It just sits there and in the log files there is the below messages repeating. It's like it doesn't care for the fact that this was an imported domain or something. Thoughts? Thanks! ~Stack~ 2018-04-13 16:58:59,920-0500 ERROR (monitor/232975a) [storage.Monitor] Setting up monitor for 232975ad-1771-4b6b-afda-958f7b745867 failed (monitor:329) Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/vdsm/storage/monitor.py", line 326, in _setupLoop self._setupMonitor() File "/usr/lib/python2.7/site-packages/vdsm/storage/monitor.py", line 348, in _setupMonitor self._produceDomain() File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 158, in wrapper value = meth(self, *a, **kw) File "/usr/lib/python2.7/site-packages/vdsm/storage/monitor.py", line 366, in _produceDomain self.domain = sdCache.produce(self.sdUUID) File "/usr/lib/python2.7/site-packages/vdsm/storage/sdc.py", line 110, in produce domain.getRealDomain() File "/usr/lib/python2.7/site-packages/vdsm/storage/sdc.py", line 51, in getRealDomain return self._cache._realProduce(self._sdUUID) File "/usr/lib/python2.7/site-packages/vdsm/storage/sdc.py", line 134, in _realProduce domain = self._findDomain(sdUUID) File "/usr/lib/python2.7/site-packages/vdsm/storage/sdc.py", line 151, in _findDomain return findMethod(sdUUID) File
Re: [ovirt-users] I broke my ovirt real good....
On 04/13/2018 03:02 AM, Michael Mortensen (MCMR) wrote: > Hi Stack, > > Do you use FQDN? Did you perhaps hit this one > https://www.ovirt.org/blog/2016/05/modify-ifcfg-files/ ? The discussion in > this bug report may be of assistance in that case: > https://bugzilla.redhat.com/show_bug.cgi?id=1252534 That looks very interesting! I will investigate that. > If you've stored the VM disks and templates and whatnot on a network share > like NFS, you should be able to start all over and import your old (current) > storage domains and start using your templates etc. I am currently using NFS. I will see how this networking issue you pointed me to works out, then maybe rebuild. Thank you for the assistance! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] I broke my ovirt real good....
Greetings, So I did a over-confident-admin-makes-rookie-mistake. I changed a bunch of things all back-to-back and thus don't actually know what broke. :-D The only two real "big" changes were: * Upgrade from 4.2.1 to 4.2.2 * change my ovirtmgmt network The update I followed the upgrade procedures and I thought it all went pretty well. Because I am moving it from a testing into what I hope will be a more heavily used environment, I changed my ovirtmgmt network from 192.168.100.0/24 to 192.168.101.0/24 via the web-gui. That was a touch tricker than just a change as I had to poke the management engine host to be reachable on both network for a while, then it just seemed OK. What's happening is: * I can no longer migrate a vm from one host to the other. * If I try to do a "reinstall" it dies. * There is some serious network lag between my hosts on a 10Gb network. * I've got all kinds of python2.4 failures in my vdsm and mom logs. Those are least the biggies. So while I was planning on moving this to a more active use case, right now - it is all still my play ground. I would REALLY hate to lose the VM's but everything else can go and be rebuilt. Given that I've somehow really broke this system pretty good, would it be more advisable to blow away and rebuild it ALL or can I simply delete the hypervisor hosts and rebuild them? Thoughts? Thanks! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] How it is oVirt used in your Department?
On 04/09/2018 08:00 AM, Yaniv Kaul wrote: > On Sun, Apr 8, 2018 at 5:33 PM, ~Stack~ > I'm still learning how to set up something where my users can click a >> button on a webpage and get a VM spun up for a Graphical session on >> oVirt. I'm also still debating on the pros/cons for setting up oVirt >> VM's for things like JupyterNotebooks/RStudio Server/ect for the "I just >> want a web page to develop my code on and will submit to the cluster for >> the job run" crowd. > > > Few options to consider: > 1. oVirt user portal (with VM pools perhaps?) > 2. vagrant with the oVirt provider > 3. ManageIQ service portal > 4. Ansible playbooks - a simple rule could suffice for most tasks. I'm been looking at 1. I haven't considered 2 yet - Interesting thought that I will look into. I just saw 3 for the first time from Pauls post and it looks very interesting! 4 is on my potential list too. Thanks! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] How it is oVirt used in your Department?
On 04/09/2018 07:01 AM, Alexander Wels wrote: > On Sunday, April 8, 2018 10:33:50 AM EDT ~Stack~ wrote: [snip] >> Foreman is and overcomplicated buggy headache, IMO. Every time I or a >> coworker has tried to get it going it has been a massive >> time-suck-crash-and-burn. Add to it that my current security team has >> HUGE issues with Puppet (don't get me started - I like Puppet) and >> building Foreman by hand with Salt is just an awful awful awful >> experience I wouldn't wish on an enemy...just no. :-) >> DigitalRebar was looking SUPER promising, but they recently went to a >> model that MUST chat out to the Internet or it breaks itself (a complete >> no-go for me). A complete shame. >> So I'm back to Cobbler which is simple and works fantastically well, but >> doesn't really have any integrations into oVirt (that I'm aware of). I'm >> probably going to have to write something with the two API's. >> > > Have you looked at ansible? You can make some playbooks that call the REST > api > and have it deploy the VMs for you. Or if you feel like writing your own > portal you can use the Java or Python SDK to access the REST api. > I have. It is one of the tools I've considered using. Thanks! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] How it is oVirt used in your Department?
On 03/28/2018 05:31 AM, Fedele Stabile Nuovo Server wrote: > My question is mainly addressed at those of you who use oVirt not only > for creating services on virtual machines. > What is your experience and what did you made? Still consider myself an oVirt newb. Only been using it for a few months but I'm liking it so far. I don't have the hardware specs in front of me but I have a 4 node Hypervisor setup with a physical Engine host. All running on Scientific Linux 7. > Is there anyone who virtualized an HPC cluster? I'm still not convinced that virtualized HPC is a good idea for those who need compute performance. Though it is getting better than when I first heard someone say they were doing it at Supercomputing14! > What is for you the advantage on virtualizing a cluster? Um. As a 14year HPC admin, I still say none for compute. However, I am using oVirt to support a ton of my infrastructure services: Frontends, Log-ins, Scheduler, Database, LDAP, ect. I'm still learning how to set up something where my users can click a button on a webpage and get a VM spun up for a Graphical session on oVirt. I'm also still debating on the pros/cons for setting up oVirt VM's for things like JupyterNotebooks/RStudio Server/ect for the "I just want a web page to develop my code on and will submit to the cluster for the job run" crowd. It is a huge learning process for me. Most of the tools I've been using have worked great for years, but it is time to update and refresh those skills. Most of the provisioning tools I've used in the past don't work so well with oVirt. So now I'm exploring other tools. Foreman is and overcomplicated buggy headache, IMO. Every time I or a coworker has tried to get it going it has been a massive time-suck-crash-and-burn. Add to it that my current security team has HUGE issues with Puppet (don't get me started - I like Puppet) and building Foreman by hand with Salt is just an awful awful awful experience I wouldn't wish on an enemy...just no. :-) DigitalRebar was looking SUPER promising, but they recently went to a model that MUST chat out to the Internet or it breaks itself (a complete no-go for me). A complete shame. So I'm back to Cobbler which is simple and works fantastically well, but doesn't really have any integrations into oVirt (that I'm aware of). I'm probably going to have to write something with the two API's. > Or, having a class with PC or Raspberry is better to use LTSP or PiNet > or virtualize desktops? Can't say. Don't mess with Raspberry Pi's much. ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Issue with 4.2.1 RC and SSL
On 02/11/2018 02:41 AM, Yedidyah Bar David wrote: > On Sun, Feb 11, 2018 at 10:26 AM, Yaniv Kaul wrote: >> >> >> On Sun, Feb 11, 2018 at 2:43 AM, ~Stack~ wrote: [snip] >>> We decided to just start from scratch and my coworker watched and >>> confirmed every step. It works! No problems at all this time. Further >>> evidence that I goofed _something_ up the first time. >> >> >> We should really have an Ansible role that performs the conversion to >> self-signed certificates. >> That would make the conversion easier and safer. > > +1 > > Not sure "self-signed" is the correct term here. Also the internal > engine CA's cert is self-signed. > > I guess you refer to this: > > https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL/ > > I'd call it "configure-3rd-party-CA" or something like that. Greetings, Another +1 from me (obviously! :-). I also agree in that we are not doing a self-signed cert, but rather we've purchased a cert from one of the big-name-CA-vendors that is valid for our domain. "configure-3rd-party-CA" makes more sense to me. Lastly, that is the link that I used for a guide. Thanks! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Issue with 4.2.1 RC and SSL
On 02/08/2018 06:42 AM, Petr Kotas wrote: > Hi Stack, Greetings Petr > have you tried it on other linux distributions? Scientific is not > officially supported. No, but SL isn't really any different than CentOS. If anything, we've found it adheres closer to RH than CentOS does. > My guess based on your log is there are somewhere missing certificates, > maybe different path?. > You can check the paths by the documentation: > https://www.ovirt.org/develop/release-management/features/infra/pki/#vdsm > > Hope this helps. Thanks for the suggestion. It took a while but we dug into it and I *think* the problem was because I may have over-written the wrong cert file in one of my steps. I'm only about 80% certain of that, but it seems to match what we found when we were digging through the log files. We decided to just start from scratch and my coworker watched and confirmed every step. It works! No problems at all this time. Further evidence that I goofed _something_ up the first time. Thank you for the suggestion! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Issue with 4.2.1 RC and SSL
Greetings, I was having a lot of issues with 4.2 and 95% of them are in the change logs for 4.2.1. Since this is a new build, I just blew everything away and started from scratch with the RC release. The very first thing that I did after the engine-config was to set up my SSL cert. I followed the directions from here: https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL/ Logged in the first time to the web interface and everything worked! Great. Install my hosts (also completely fresh installs - Scientific Linux 7 fully updated) and none would finish the install... I can send the full host debug log if you want, however, I'm pretty sure that the problem is because of the SSL somewhere. I've cut/pasted the relevant part. Any advice/help, please? Thanks! ~Stack~ 2018-02-07 16:56:21,697-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventEnd STAGE misc METHOD otopi.plugins.ovirt_host_deploy.tune.tuned.Plugin._misc (None) 2018-02-07 16:56:21,698-0600 DEBUG otopi.context context._executeMethod:128 Stage misc METHOD otopi.plugins.ovirt_host_deploy.vdsm.vdsmid.Plugin._store_id 2018-02-07 16:56:21,698-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventStart STAGE misc METHOD otopi.plugins.ovirt_host_deploy.vdsm.vdsmid.Plugin._store_id (None) 2018-02-07 16:56:21,699-0600 DEBUG otopi.transaction transaction._prepare:61 preparing 'File transaction for '/etc/vdsm/vdsm.id'' 2018-02-07 16:56:21,699-0600 DEBUG otopi.filetransaction filetransaction.prepare:183 file '/etc/vdsm/vdsm.id' missing 2018-02-07 16:56:21,705-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventEnd STAGE misc METHOD otopi.plugins.ovirt_host_deploy.vdsm.vdsmid.Plugin._store_id (None) 2018-02-07 16:56:21,706-0600 DEBUG otopi.context context._executeMethod:128 Stage misc METHOD otopi.plugins.ovirt_host_deploy.vdsmhooks.hooks.Plugin._hooks 2018-02-07 16:56:21,706-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventStart STAGE misc METHOD otopi.plugins.ovirt_host_deploy.vdsmhooks.hooks.Plugin._hooks (None) 2018-02-07 16:56:21,707-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventEnd STAGE misc METHOD otopi.plugins.ovirt_host_deploy.vdsmhooks.hooks.Plugin._hooks (None) 2018-02-07 16:56:21,707-0600 DEBUG otopi.context context._executeMethod:128 Stage misc METHOD otopi.plugins.ovirt_host_common.vdsm.pki.Plugin._misc 2018-02-07 16:56:21,708-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND **%EventStart STAGE misc METHOD otopi.plugins.ovirt_host_common.vdsm.pki.Plugin._misc (None) 2018-02-07 16:56:21,708-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### Setting up PKI 2018-02-07 16:56:21,709-0600 DEBUG otopi.plugins.ovirt_host_common.vdsm.pki plugin.executeRaw:813 execute: ('/usr/bin/openssl', 'req', '-new', '-newkey', 'rsa:2048', '-nodes', '-subj', '/', '-keyout', '/tmp/tmpQkrIuV.tmp'), executable='None', cwd='None', env=None 2018-02-07 16:56:21,756-0600 DEBUG otopi.plugins.ovirt_host_common.vdsm.pki plugin.executeRaw:863 execute-result: ('/usr/bin/openssl', 'req', '-new', '-newkey', 'rsa:2048', '-nodes', '-subj', '/', '-keyout', '/tmp/tmpQkrIuV.tmp'), rc=0 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### Please issue VDSM certificate based on this certificate request 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ### 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND ***D:MULTI-STRING VDSM_CERTIFICATE_REQUEST --=451b80dc-996f-432e-9e4f-2b29ef6d1141=-- 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND -BEGIN CERTIFICATE REQUEST- 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND MIICRTCCAS0CAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZm 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND eYTWbHKkN+GlQnZ8C6fdk++htyFE+IHSzkhTyTSZdM0bPTdvhomTeCwzNlWBWdU+ 2018-02-07 16:56:21,757-0600 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND PrVB7j/1i
Re: [ovirt-users] noVNC console is not work
On 01/22/2018 05:48 AM, Pym wrote: > Hi: > [snip] > When I click on the Console function of the virtual machine, the new > page will always display Loading. [snip] Greetings, I ran into this today as well. Scientific Linux 7, all updated. Firewall + SELinux enabled, but engine-setup configured all of that so the ports are open. Nothing wrong with the certs that I can tell. Browser trusts them. I'm on the same network as the servers so it isn't firewall/network issues. What I see when I run 'systemctl status ovirt-websocket-proxy' it says it is proxying to *:6100. But I don't get anything more than "loading". Any thoughts on to where I should look next? Thanks! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] oVirt 2018 Survey
Greetings, FYI, your Ubuntu options are antiquated. 12.10, 13.04, 13.10 are all unsupported. 12.04 is only in extended security maintenance. I believe the options should be 12.04, 14.04, 16.04, and 17.10 (latest non-LTS). ~Stack~ On 01/16/2018 02:33 AM, Sandro Bonazzola wrote: > As we continue to develop oVirt 4.2 and future releases, the Development > and Integration teams at Red Hat would value > insights on how you are deploying the oVirt environment. Please help us > to hit the mark by completing this short survey. Survey will close on > February 1st. > > Here's the link to the survey: https://goo.gl/forms/cAKWAR8RD7rGrVhE2 > > Thanks, > -- > > SANDRO BONAZZOLA > > ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R&D > > Red Hat EMEA <https://www.redhat.com/> > > <https://red.ht/sig> > TRIED. TESTED. TRUSTED. <https://redhat.com/trusted> > > > > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] oVirt 4.2 CEPH support
On 01/08/2018 07:15 AM, Gianluca Cecchi wrote: > Probably he refers to this blog: > https://rhelblog.redhat.com/2018/01/04/red-hat-virtualization-4-2-beta-is-live/ > > with: > " > *Support for Ceph via iSCSI* – The Ceph iSCSI target has been tested and > certified as a storage domain for virtual machines. This provides more > infrastructure and deployment choices for engineers and architects. > " > > It seems a described feature that didn't get any referral in oVirt 4.2 > release notes: > https://ovirt.org/release/4.2.0/ > > But I think in general, given a version, it is not guaranteed that what > in RHEV maps with what in oVirt and viceversa. > I don't know if this one about Ceph via iSCSI is one of them. ErrrWHAA??? If Ceph support is in oVirt, I am about to be extremely excited. I'm just racked the hardware for a new oVirt install today and the Ceph gear is showing up in a few weeks. I was planning on setting up a dedicated NFS server for VM's essentially having two storage domains, but if I can just have Ceph...I would be a very happy sys admin! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Import VM's from a dead ovirt domain
On 11/04/2017 09:36 PM, Wesley Stewart wrote: > I am quite new to oVirt and only use it at home for the moment. So I > wont be of much help. That's OK. I'm quite new myself and learning a lot! > But I was able to add a new export domain, and then copy the original > contents of my old domain into this export domain, which seemed to work > fine. I just had to hit the "load" button while in the import section > of the web gui (but I am assuming you have done this already). Yeah, I did try this but I couldn't get it to show anything when I hit load. I tried copying it into just about every folder in the export domain hoping I was just putting it in the wrong spot. Never got this to work. *shrug* > I have struggled understanding why you cannot simply just point to an > oVirt VM file and import this way, or "import" an export domain that > already exists. Yeah. That's what I was hoping for at first, but maybe I just don't know how to do it right yet. Thanks for taking the time to respond! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Import VM's from a dead ovirt domain
On 11/04/2017 09:36 PM, Wesley Stewart wrote: > I am quite new to oVirt and only use it at home for the moment. So I > wont be of much help. > > But I was able to add a new export domain, and then copy the original > contents of my old domain into this export domain, which seemed to work > fine. I just had to hit the "load" button while in the import section > of the web gui (but I am assuming you have done this already). > > I have struggled understanding why you cannot simply just point to an > oVirt VM file and import this way, or "import" an export domain that > already exists. > > On Sat, Nov 4, 2017 at 3:07 PM, ~Stack~ <mailto:i.am.st...@gmail.com>> wrote: > > Greetings, > > Per my earlier adventures this week, my old domain is kaput. However, > all of the VM's were stored on a remote NFS server. I've been trying and > trying to import the VM's by copying them into the new data/export > domains, but it's not seeing them and I'm not getting much out of my > Internet searches. > > Thoughts on how I can import the old VM's into the new domain? > > Thanks! > ~Stack~ > > > > ___ > Users mailing list > Users@ovirt.org <mailto:Users@ovirt.org> > http://lists.ovirt.org/mailman/listinfo/users > <http://lists.ovirt.org/mailman/listinfo/users> > > signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Import VM's from a dead ovirt domain
On 11/04/2017 04:08 PM, Joop wrote: > On 4-11-2017 20:07, ~Stack~ wrote: >> Greetings, >> >> Per my earlier adventures this week, my old domain is kaput. However, >> all of the VM's were stored on a remote NFS server. I've been trying and >> trying to import the VM's by copying them into the new data/export >> domains, but it's not seeing them and I'm not getting much out of my >> Internet searches. >> >> Thoughts on how I can import the old VM's into the new domain? >> > Add a temporary new data domain, without a master data domain you can't > do much. After that you can import the old domain without making copies. When I was dealing with my previous issue, this method was not working. I was going to respond that this was a no-go, but thought "Well, this is now a completely fresh build...I should try it." And it worked!! So further evidence that my previous install was just completely borked. While slightly traumatic, this has been quite the educational learning experience. :-) Thank you very much for the suggestion. ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Import VM's from a dead ovirt domain
Greetings, Per my earlier adventures this week, my old domain is kaput. However, all of the VM's were stored on a remote NFS server. I've been trying and trying to import the VM's by copying them into the new data/export domains, but it's not seeing them and I'm not getting much out of my Internet searches. Thoughts on how I can import the old VM's into the new domain? Thanks! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] oVirt management has lost its SSL.
On 11/03/2017 01:17 PM, ~Stack~ wrote: > On 11/03/2017 12:48 PM, Alexander Wels wrote: >> But if all else fails you should be able to create a fresh engine, and after >> you have added a host, you should be able to import the existing storage >> domain (like you noted the VMs are still there). >> >> > Greetings, > Thanks, but I've tried that too. Even though it did delete the keystore, > I ended up with the exact same error. :-( > > I'm doing a fresh install right now. I've never done an import like this > before. I just connect the fresh install to one of my hosts and I can > import the others hosts/vms/configurations? > > Thanks! > ~Stack~ > > Bender: Are we boned? Leela: Yeah, we're boned So I built a new management host from scratch. I added one of my hosts, and immediately crashed the vm's running on that hypervisor (they all just stopped responding). I don't know why they didn't fail over, but they didn't. Oh well. At least the other hypervisor is up! So I tried following this guide to import my storage domain from the section "Disaster Recovery flows" for "Import file Storage Domain". https://www.ovirt.org/develop/release-management/features/storage/importstoragedomain/ Yeah. That didn't work. It says it can't find any other domains to import, but if I attempt to create a new one it says it can't because there are existing domains! Well, while I was poking at it the other VM's started acting up (crazy high latency and the ovirt logs were really pissed at me). So I shut off the ones that still responded, then shut down the other hypervisor. I backed up the VM's on my NFS share, and created a new directory for the data domain. Guess I'm rebuilding my environment from scratch. I just hope I can get some of the VM's to come back some how. :-/ ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] oVirt management has lost its SSL.
On 11/03/2017 12:48 PM, Alexander Wels wrote: > > AFAIC engine-setup will create the files needed. Try running engine-cleanup > and maybe it will remove everything needed and then running engine-setup > again? > > But if all else fails you should be able to create a fresh engine, and after > you have added a host, you should be able to import the existing storage > domain (like you noted the VMs are still there). > > Greetings, Thanks, but I've tried that too. Even though it did delete the keystore, I ended up with the exact same error. :-( I'm doing a fresh install right now. I've never done an import like this before. I just connect the fresh install to one of my hosts and I can import the others hosts/vms/configurations? Thanks! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] oVirt management has lost its SSL.
On 11/03/2017 12:23 PM, Alexander Wels wrote: > On Friday, November 3, 2017 1:15:27 PM EDT ~Stack~ wrote: >> Greetings, >> >> I'm seriously just grasping at straws here. I took a spare hard drive, >> tossed it in the management host, and did a fresh install. It did not >> like me trying to add it into the existing infrastructure. Tried to dump >> the DB from the old to the new, update the passwords, and pretty much >> ended up in the same place. >> >> I did check the .trustedkeystore and it has the same 1 key as my >> original back up. So that isn't the issue. >> >> Still poking at it. Would love some thoughts/feedback. >> >> Thanks! >> ~Stack~ >> > > Running engine-setup on the engine machine should re-generate the keys. Thanks for the suggestion. I've tried that. Twice. Still the same error. "Keystore was tampered with, or password was incorrect." From digging around in the logs, it looks like it is trying to access /etc/pki/ovirt-engine/.trustedstore but the password found in the ovirt configs works just fine. So I know it is not a password issue. I've been trying to figure out how that file is created so I can possibly generate a new one, but no luck so far. Thanks! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] oVirt management has lost its SSL.
Greetings, I'm seriously just grasping at straws here. I took a spare hard drive, tossed it in the management host, and did a fresh install. It did not like me trying to add it into the existing infrastructure. Tried to dump the DB from the old to the new, update the passwords, and pretty much ended up in the same place. I did check the .trustedkeystore and it has the same 1 key as my original back up. So that isn't the issue. Still poking at it. Would love some thoughts/feedback. Thanks! ~Stack~ On 11/03/2017 09:30 AM, ~Stack~ wrote: > Greetings, > > Please, I would greatly appreciate some help/feedback. I'm not sure what > else to do. > > I reverted the .trustedstore to the only backup I have, and there is one > key in it. That too gets flagged by oVirt as having been tampered with > (I'm guessing oVirt added something that isn't there any more). The > password is correct as I can verify it from the oVirt config file on the > command line. > > I'm out of ideas on fixing this. What happens to my oVirt hypervisors > and VM's if I rebuild the management engine host from scratch? > > Thanks! > ~Stack~ > On 11/02/2017 04:18 PM, ~Stack~ wrote: >> Greetings, >> >> OS: Scientific Linux 7.4 >> oVirt: 4.1 >> Everything fully updated. >> >> Everything was working great. I received my new network card today to >> upgrade my ovirt management node (physical node; not self-hosted), took >> the machine down, swapped the card, and brought it up to many many errors. >> >> Here's the basic break-down of my discoveries. >> >> 1) My /etc/pki/ovirt-engine/.trustedstore was corrupt. I had lots of >> messages in my engine.log about it being corrupt. Restored from backup, >> and oVirt engine was really peeved for not having my domain cert in it >> (tons of messages in the engine.log file)...figured out how to add my >> domain cert and it seemed OK. Which led me to... >> >> 2) My /etc/pki/ovirt-engine/keys/engine.p12 and >> /etc/pki/ovirt-engine/keys/apache.p12 are _gone_. Don't have them in my >> backups either. This results in a massive java dump when I try to start >> the engine service. >> >> 3) I noticed that I had >> /etc/pki/ovirt-engine/keys/engine.p12.201711021302 which is a time stamp >> corresponding to when I shut the node down. Then I noticed, that I was >> missing dang near EVERY file in /etc/pki/ovirt-engine but I had an >> equivalent file with the ".201711021302" extension. So a touch of bash >> and I copied all of my "*.201711021302" files with the proper >> user/group/permissions into their base name. Hooray! No more errors in >> the log files and all services start!! >> >> 4) I open my web browser and head to my management host...and I get this >> error: >> Keystore was tampered with, or password was incorrect >> >> Well...yeah. I had to fix it in step one. :-/ >> >> I'm not getting anything useful out of my Internet searching. I don't >> know what went wrong or why, but my SSL is just borked. >> >> Any suggestions? Thoughts? Ideas? >> >> Is there a way to just blow away and start over with the SSL _without_ >> destroying the VM's (which fortunately they all seem to still be >> functional!)? >> >> Any help would be greatly appreciated. >> Thanks! >> ~Stack~ >> >> > > > signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] oVirt management has lost its SSL.
Greetings, Please, I would greatly appreciate some help/feedback. I'm not sure what else to do. I reverted the .trustedstore to the only backup I have, and there is one key in it. That too gets flagged by oVirt as having been tampered with (I'm guessing oVirt added something that isn't there any more). The password is correct as I can verify it from the oVirt config file on the command line. I'm out of ideas on fixing this. What happens to my oVirt hypervisors and VM's if I rebuild the management engine host from scratch? Thanks! ~Stack~ On 11/02/2017 04:18 PM, ~Stack~ wrote: > Greetings, > > OS: Scientific Linux 7.4 > oVirt: 4.1 > Everything fully updated. > > Everything was working great. I received my new network card today to > upgrade my ovirt management node (physical node; not self-hosted), took > the machine down, swapped the card, and brought it up to many many errors. > > Here's the basic break-down of my discoveries. > > 1) My /etc/pki/ovirt-engine/.trustedstore was corrupt. I had lots of > messages in my engine.log about it being corrupt. Restored from backup, > and oVirt engine was really peeved for not having my domain cert in it > (tons of messages in the engine.log file)...figured out how to add my > domain cert and it seemed OK. Which led me to... > > 2) My /etc/pki/ovirt-engine/keys/engine.p12 and > /etc/pki/ovirt-engine/keys/apache.p12 are _gone_. Don't have them in my > backups either. This results in a massive java dump when I try to start > the engine service. > > 3) I noticed that I had > /etc/pki/ovirt-engine/keys/engine.p12.201711021302 which is a time stamp > corresponding to when I shut the node down. Then I noticed, that I was > missing dang near EVERY file in /etc/pki/ovirt-engine but I had an > equivalent file with the ".201711021302" extension. So a touch of bash > and I copied all of my "*.201711021302" files with the proper > user/group/permissions into their base name. Hooray! No more errors in > the log files and all services start!! > > 4) I open my web browser and head to my management host...and I get this > error: > Keystore was tampered with, or password was incorrect > > Well...yeah. I had to fix it in step one. :-/ > > I'm not getting anything useful out of my Internet searching. I don't > know what went wrong or why, but my SSL is just borked. > > Any suggestions? Thoughts? Ideas? > > Is there a way to just blow away and start over with the SSL _without_ > destroying the VM's (which fortunately they all seem to still be > functional!)? > > Any help would be greatly appreciated. > Thanks! > ~Stack~ > > signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] oVirt management has lost its SSL.
Greetings, OS: Scientific Linux 7.4 oVirt: 4.1 Everything fully updated. Everything was working great. I received my new network card today to upgrade my ovirt management node (physical node; not self-hosted), took the machine down, swapped the card, and brought it up to many many errors. Here's the basic break-down of my discoveries. 1) My /etc/pki/ovirt-engine/.trustedstore was corrupt. I had lots of messages in my engine.log about it being corrupt. Restored from backup, and oVirt engine was really peeved for not having my domain cert in it (tons of messages in the engine.log file)...figured out how to add my domain cert and it seemed OK. Which led me to... 2) My /etc/pki/ovirt-engine/keys/engine.p12 and /etc/pki/ovirt-engine/keys/apache.p12 are _gone_. Don't have them in my backups either. This results in a massive java dump when I try to start the engine service. 3) I noticed that I had /etc/pki/ovirt-engine/keys/engine.p12.201711021302 which is a time stamp corresponding to when I shut the node down. Then I noticed, that I was missing dang near EVERY file in /etc/pki/ovirt-engine but I had an equivalent file with the ".201711021302" extension. So a touch of bash and I copied all of my "*.201711021302" files with the proper user/group/permissions into their base name. Hooray! No more errors in the log files and all services start!! 4) I open my web browser and head to my management host...and I get this error: Keystore was tampered with, or password was incorrect Well...yeah. I had to fix it in step one. :-/ I'm not getting anything useful out of my Internet searching. I don't know what went wrong or why, but my SSL is just borked. Any suggestions? Thoughts? Ideas? Is there a way to just blow away and start over with the SSL _without_ destroying the VM's (which fortunately they all seem to still be functional!)? Any help would be greatly appreciated. Thanks! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Ovirt + Cobbler + Koan ?
Greetings, I've spent the last week trying to get Foreman to work (see SSL question 2017-10-11) but no one answers in their IRC or mailing list. So I tried cobbler instead and I had it working in just a couple of hours! I'm further along today than a week of foreman's constant problems. Hooray! Here's where I am at now, if I manually configure a VM in Ovirt I can provision it from Cobbler. Great! What I would like to do is to have an easy way from Ovirt say "Grab this cobbler profile and build me a new VM with this template". In my searches on line, I haven't found anything like that. It seems the closest I'm going to get is to use Koan. However, I've not found great information for using Koan with Ovirt. My attempts so far of installing Koan on the Ovirt Management host and trying to get it to provision have all resulted in Koan trying to build a KVM _on_ the management host; not in Ovirt. Does anyone have any good documentation for setting up Cobbler integration into Ovirt? Or at least getting Koan to work with the two? Thanks! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Help with SSL
On 10/11/2017 05:51 AM, Martin Perina wrote: > > [snip] > On Tue, Oct 10, 2017 at 11:48 PM, ~Stack~ are you able to login to oVirt webadmin successfully? If so then oVirt > side should be fine. > I am able to log into oVirt webmin successfully. Is there a reason to keep the old cert, or was it OK for me to replace /etc/pki/ovirt-engine/ca.pem with mine? > About Foreman, is it installed on the same machine as oVirt? It is on a separate machine. > If not > could you please check, that your custom CA is included either in host > wide truststore or in specific trustore for Foreman (no idea what > Foreman is using, better to ask in specific Foreman > mailing list). I will check. Thanks Martin! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Help with SSL
Greetings, OS: Scientific Linux 7.3 Ovirt: 4.1.6.2-1.el7.centos Foreman: 1.16.0-RC1 I updated my OVirt SSL cert from a self-signed to a purchased one using the directions here: https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL/ Everything seems to work from the web interface. Then I tried to add in Foreman. Thats where I get the error: Unable to save ERF56-1309 [Foreman::FingerprintException]: The remote system presented a public key signed by an unidentified certificate authority. If you are sure the remote system is authentic, go to the compute resource edit page, press the 'Test Connection' or 'Load Datacenters' button and submit. Everything I can find says that it *should* be resolved - From Red Hat, to Foreman, to even the Ovirt list! Yet there it is! Well after poking at it for a while, I realized that the cert Foreman was auto-resolving was still the /OLD/ cert! Step #2 in those ovirt directions says to break the symbolic link to /etc/pki/ovirt-engine/ca.pem. But it doesn't say what to do with that file. So I replaced it with my cert. Restarted ovirt and now Foreman resolves the correct X509 cert! (I have no idea if that broke something else.) But I still get the error in foreman. :-( I feel like I'm still missing something in the ovirt configs. Something needs to be updated/replaced in ovirt that isn't in those docs. Can anyone help me out please? I've been trying for hours and not making progress. Thanks! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Proper Network Configuration
On 10/03/2017 03:08 AM, Luca 'remix_tj' Lorenzetto wrote: > On Mon, Oct 2, 2017 at 11:49 PM, ~Stack~ wrote: >> Greetings, >> >> For various reasons I have multiple networks that I am required to work >> with. I just want to ensure that I've understood the documentation for >> setting up Ovirt correctly. >> >> - First is my BMC/ilo network. The security team wants as few entry >> points into this as possible and wants as much segregation as possible. >> >> - Second is my "management" access network. For my other machines on >> this network this means admin-SSH/rsyslog/SaltStack configuration >> management/ect. >> >> - Third is my high speed network where my NFS storage sits and >> applications that need the bandwidth do their thing. >> >> - Fourth is my "public" access. >> >> My Engine host has the "management" and "public" networks. >> My Hypervisor hosts have the "BMC/ilo", "management", and "storage" >> networks. >> >> Is there a reason why I should add "public" on the hypervisors? > > > No, you should only plug the network to oVirt but not configure any ip > on the hypervisors. > >> >> Is there a reason why I may need "BMC/ilo" or "storage" on the Engine host? > > No, you don't need. I've only management on engine host. The > hypervisors, instead have an ip on management and storage network, and > no ip on the other networks. For bmc traffic we use routed access > through a firewall that is dividing bmc network from the rest of the > world. > > Luca Thanks for the information, Luca! I appreciate it. signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Proper Network Configuration
Greetings, For various reasons I have multiple networks that I am required to work with. I just want to ensure that I've understood the documentation for setting up Ovirt correctly. - First is my BMC/ilo network. The security team wants as few entry points into this as possible and wants as much segregation as possible. - Second is my "management" access network. For my other machines on this network this means admin-SSH/rsyslog/SaltStack configuration management/ect. - Third is my high speed network where my NFS storage sits and applications that need the bandwidth do their thing. - Fourth is my "public" access. My Engine host has the "management" and "public" networks. My Hypervisor hosts have the "BMC/ilo", "management", and "storage" networks. Is there a reason why I should add "public" on the hypervisors? Is there a reason why I may need "BMC/ilo" or "storage" on the Engine host? Thanks! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Help with Power Management network
On 09/29/2017 05:31 PM, Dan Yasny wrote: > You need more than one host for power management Thanks for the help on this. Added a second host and had IMPI working in minutes. ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Help with Power Management network
On 09/30/2017 06:51 AM, Dan Yasny wrote: > The power management command is sent by the engine via a proxy host. > That means you need at least one more host to act as proxy. The engine > itself doesn't need to access the bmc network directly. Just like the > engine needs no access to the atorage network to perform storage > manipulations. > > I think in some recent versions fencing by the engine was introduced, > but I don't have a setup in front of me to verify. Ah, good to know. Thank you for clarifying! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Help with Power Management network
On 09/29/2017 05:31 PM, Dan Yasny wrote: > You need more than one host for power management > Seriously?? I didn't see anything like that in the docs...Maybe I just missed it. Also, why wouldn't it still validate? It should still be able to talk to the interface over the BMC/IPMI network. The fact that I can run the equivalent test on the command line makes it seem like it should at least be able to check via the test. Obviously, it would be silly for it to try to manage itself, but it could at least verify that the configuration is valid, right? I have more hosts that I'm going to add, I was just hoping to do those via the Foreman integration instead of manually building them. Since I'm not quite ready for that, I will just build a second host on Monday and report back. Thanks for the feedback. I would have never guess that as a possibility. :-) ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Help with Power Management network
Greetings, I hit up the IRC earlier, but only crickets. Guess no one wants to stick around late on a Friday night. :-D I'm an ovirt newb here. I've been going through the docs setting up 4.1 on Scientific Linux 7.4. For the most part everything is going well once I learn how to do it. I'm, however, stuck on power management. I have multiple networks: 192.168.1.x is my BMC/ilo network. The security team wants as few entry points into this as possible and wants as much segregation as possible. 192.168.2.x is my "management" access network. For my other machines on this network this means admin-SSH/rsyslog/SaltStack configuration management/ect. 192.168.3.x is my high speed network where my NFS storage sits and applications that need the bandwidth do their thing. 10.10.86.x is my "public" access All networks are configured on the Host network settings. Mostly confident I got it right...at least each network/IP matches the right interface. ;-) Right now I only have the engine server and one hyper-visor. On either host I can ssh into the command line and run fence_ipmilan -a 192.168.1.x -l USER -p PASS -o status -v -P" it works, all is good. However, when I try to add it in the ovirt interface I get an error. :-/ Edit Host -> Power Management: Address: 192.168.1.14 User Name: root Password: SorryCantTellYou Type: ipmilan Options: Test Test failed: Failed to run fence status-check on host '192.168.2.14'. No other host was available to serve as proxy for the operation. Yes, same host because I only have one right now. :-) Any help or guidance would be much appreciated. In the meantime I'm going back to the docs to poke at a few other things I need to figure out. :-) Thanks! ~Stack~ signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users