[ovirt-users] Re: Odd question: changing network MTU

2021-04-12 Thread Chris Adams
Once upon a time, Nir Soffer  said:
> On Mon, Apr 12, 2021 at 9:05 PM Chris Adams  wrote:
> > What happens if I change the MTU of an active iSCSI network in oVirt?  I
> > could just go manually change it on each node's iSCSI interfaces, but
> > I'm not sure if oVirt might change it back.
> 
> oVirt will not modify your setting, the only thing we set on the nodes are
> node.startup and node.session.xxx:

Well, it wouldn't be the iSCSI part that I'd worry about, but the
network part.  The MTU is set on the networks in oVirt that are used for
iSCSI, not in the iSCSI part of the config.

I actually didn't even realize you could set an MTU in the iSCSI config,
I see it just defaults to 0 (I assume to get interface/path MTU - didn't
see any documentation about the iface.mtu setting).  I might look at
that as a method.

> If this works and can be useful to others, we can think how to make this more
> generic, maybe adding some configuration that will be applied to all nodes.

Heh, this is such a corner case, I wouldn't really wish doing this on
anyone. :)

> > Also, I'm not sure what
> > would happen to open iSCSI TCP connections (would they reduce
> > gracefully).
> 
> Your vms are running on top of multipath, so even if the iscsi
> connection was broken and recovered, the vm is protected from
> the short outage.

Hmm, true.

What I'm considering right now is not changing anything in oVirt, just
rolling through the systems, setting them to maintenance mode to be
extra safe, manually changing the interface MTUs, and re-activating
them (just need to see if oVirt and/or NetworkManager changes it back
when just going back to active).
-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/462TI22WS4KSMUZKI3OWXTG4E3N4OWO3/


[ovirt-users] Odd question: changing network MTU

2021-04-12 Thread Chris Adams
I have an oVirt 4.3 cluster, running in one location.  I have to move it
to another location.  I've got a couple of 1G links between the sites,
and that's enough bandwidth for this (at least temporarily), but... I
have my iSCSI networks defined with a MTU of 9000, and it turns out the
site-to-site links only allow 1500 (and these links are going away after
this is done, so I don't think either carrier would be interested in
changing things to support larger).

Because of that, the storage won't connect up.  I tried going "under the
hood" and setting a firewalld rule to force the MSS to a smaller value,
but that didn't seem to get it.

What happens if I change the MTU of an active iSCSI network in oVirt?  I
could just go manually change it on each node's iSCSI interfaces, but
I'm not sure if oVirt might change it back.  Also, I'm not sure what
would happen to open iSCSI TCP connections (would they reduce
gracefully).

Any other suggestions/tips/etc.?  I'd like to make this as transparent
as possible, so was hoping to live-migrate VMs and storage.
-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BFIMBYOJ65ARUKBLHVFOF4N2PFNGGPCR/


[ovirt-users] Re: Small SAN suggestions?

2021-02-17 Thread Chris Adams
Once upon a time, matthew.st...@fujitsu.com  said:
> Disks + Linux + iSCSI target   (Need I say more)

So I've done that before (set that up on spare hardware for a dev
cluster).  It works, but... not necessarily the level of reliability I'd
like.  I'd be back to a single point of failure for the whole cluster,
which is not so good.
-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/J3DO2YZABMFTQVMZAVUBSACLMZXEORJN/


[ovirt-users] Small SAN suggestions?

2021-02-17 Thread Chris Adams
I have an oVirt cluster with a significantly oversized SAN for storage
(iSCSI, have 30TB storage but am only using about 2.5TB).  I'm looking
for a more appropriately-sized setup.  Any suggestions?

This is currently a Dell EqualLogic array - it doesn't look like they
really even have a smallish VM-storage (at least that isn't VMware)
product these days.  Looking at our stats, we're doing more write than
read ops (outside of when backups run), typically under 150 write ops
per second.

I'm not looking at replacing servers right now, so not looking at
hyperconverged.

Just interested in what hardware people are using these days for a setup
this size.  Thanks.
-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RYDDMSBYKLNNZ5NUTXMC2UDD4CBMWJ3X/


[ovirt-users] Windows 10 on older CPUs

2021-01-29 Thread Chris Adams
I have an oVirt cluster running 4.3.10 on older hardware with a cluster
CPU type of Intel Nehalem.  I needed to install a Windows 10 (latest
release) VM, which oVirt rejected because of the CPU model.  I remember
there being issues with certain versions of Windows and this CPU model
under oVirt (I don't do Windows very often and had forgotten).

I instead told oVirt I was installing Windows 8 (which it accepted), and
then installed - it installed and appears to be working just fine.  I
don't know if Microsoft changed whatever used to break or what... I
remember the problem before not even getting through install, so it
seems to be okay.

Any issues I should be worried about?
-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/MSMHLELIC2AXPQY6EBSBRLWPI2E5KJCA/


[ovirt-users] Re: Found a host rebooting - ways to watch?

2020-11-20 Thread Chris Adams
Once upon a time, Strahil Nikolov  said:
> I would recommend you to check this one: 
> https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html/administration_guide/chap-event_notifications

Thanks, that's exactly what I needed!
-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/Q43C35EK7RGSK4V5N34XYPC4N4LBXH7J/


[ovirt-users] Found a host rebooting - ways to watch?

2020-11-17 Thread Chris Adams
I just noticed that one of my oVirt physical hosts has been rebooting
due to an apparent hardware voltage fault.  It's a Dell, and I've got
their tools installed and am monitoring status, but the issue clears
itself.  It has apparently been doing this for a bit now, and we didn't
catch it because (a) there weren't any VMs on it (probably were the
first time but they were restarted elsewhere fast enough that it wasn't
noticed) and (b) it reboots fast enough that at most it pops up in our
monitoring system for one pass and then clears so our NOC either didn't
see it or assumed it was okay since it cleared.

oVirt has been logging alerts when it happens, but seeing that requires
someone to log in and check the logs (and we've got a bunch of different
systems to manage, including multiple oVirt clusters, so nobody is doing
that on a regular basis).  We monitor most things with SNMP and/or CLI
checks (we have PRTG, Nagios, and LibreNMS for various different
things).

What are people doing to monitor the health of their oVirt systems?  Is
it possible to get alerts emailed to admins?  Is there any SNMP support
in oVirt to allow external systems to monitor its health?  This setup is
on 4.3.10 if that matters.

-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/APZCECDMZDOGFBMXKAPSDJJENUSEOEOJ/


[ovirt-users] Semi off-topic: invalid SPF record for ovirt.org

2020-08-05 Thread Chris Adams
Not sure where to send this (so sending to the list); the ovirt.org SPF
record is invalid:

$ dig ovirt.org txt +short
"v=spf1 a:mail.ovirt.org a:gerrit.ovirt.org 66.187.233.88 ~all"

The bare IP address needs to be "ip4:66.187.233.88" instead.
-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/32K4RPOXMNJYGCWEWJNH7F57E2X23G46/


[ovirt-users] Re: teaming vs bonding

2020-06-10 Thread Chris Adams
Once upon a time, Louis Bohm  said:
> Unless I have learned wrong all these years Teaming is the Windows term for 
> Linux Bonding.

Linux has two methods (or maybe, at least two methods?) to support
ethernet link aggregation: the original bonding and the newer team
modules.  The primary difference is that bonding is done entirely in the
kernel, while team management is in userspace.  The team setup is more
flexible and IIRC easier to programatically monitor.

-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JCZULPVDELIDG6E2XVPN5GWNDFYHGL3P/


[ovirt-users] Get OAuth token locally without password?

2020-04-14 Thread Chris Adams
I'm working on a cron job to run on the engine to do some tasks via the
API.  Is there a way I can get an API OAuth token created without
actually storing a password?

For example, some script that can be run to directly create a session in
the database and return the token.  Obviously this _can_ be done, it's a
matter of knowing the right bits to do (so basically wondering if that
has already been written).

I only have internal users, so no external authentication store
available.
-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OWQH2JZ72H4XXOURHOYQH3HGQRDSDKPH/


[ovirt-users] Re: EqualLogic SAN controller switchover

2020-02-27 Thread Chris Adams
Once upon a time, Strahil Nikolov  said:
> Do you have  an idea  how long will it take  ?

No, it has been years and years since I had to do a switchover on an
EqualLogic (they mostly just run).  I know I've read of others using
EqualLogic's for oVirt, so I'm hoping for someone who's experienced a
switchover...

> Keep in mind that in case  the domain is declared  unavailable  (reached  a  
> threshold , which I doesn't know)  ,  all VMs using it will be paused and 
> oVirt  will try to recover them once the storage is back available.

Right - with the hosted engine on the SAN, I am also curious how that is
impacted (how will the engine HA tooling handle a pause).
-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/F44KYWA6SPMFURZWRMEEPM6YWYAGYG7Z/


[ovirt-users] EqualLogic SAN controller switchover

2020-02-27 Thread Chris Adams
How well does oVirt handle an EqualLogic SAN controller switchover
event?  IIRC that can result in a short iSCSI "pause" (can't remember
how long it takes) - I'm not sure what oVirt's threshold before VMs
(including the hosted engine) get paused for storage timeouts.

I've got a small setup where the active SAN controller's battery has
gone bad, so I need to switch to the other controller, and I'm trying to
figure out the impact - do I need to shut all VMs (including the engine)
down first, will they just briefly pause and then continue, etc.
-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OJNP5T4ZL57KRJG7D2W2FE7EJ3JA2KI7/


[ovirt-users] Re: Power Management - drac5

2020-02-03 Thread Chris Adams
For my DRAC6 servers (R610s for me), I use power management type ipmilan
and add lanplus=1 to the options, which works for me.

Once upon a time, eev...@digitaldatatechs.com  
said:
> I have the same issue on Dell R710's. Power management is optional and I 
> don't use it. It doesn't affect it either way. I am connected to APC Smart 
> UPS 3000. It will not find the apc either. 
> Any other opinions would be welcome. He's right, no documentation about this 
> issue.
> 
> Eric Evans
> Digital Data Services LLC.
> 304.660.9080
> 
> 
> -Original Message-
> From: Robert Webb  
> Sent: Monday, February 03, 2020 12:47 PM
> To: users 
> Subject: [ovirt-users] Power Management - drac5
> 
> I have 3 Dell R410's with iDrac6 Enterprise capability. I am trying to get 
> power management set up but the test will not pass and I am not finding the 
> docs very helpful.
> 
> I have put in the IP, user name, password, and drac5 as the type. I have 
> tested both with and without secure checked and always get, "Test failed: 
> Internal JSON-RPC error".
> 
> idrac log shows:
> 
> 2020 Feb 3 17:41:22   os[19772]   root closing session from 192.168.1.12  
> 2020 Feb 3 17:41:17   os[19746]   root login from 192.168.1.12
> 
> Can someone please guide me in the right direction?
> 
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: 
> https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/RKFEK2ORWOODCFHYTA6WILQ7MIO2VPI2/
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/AQMP3NIFJNBGETM7FZLNVUF3B6P56ZHA/

-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/Q6GAFCJ3QUKM3F4G76BPKDXOSXIS4ZVQ/


[ovirt-users] Re: [ANN] oVirt 4.3.8 is now generally available

2020-01-30 Thread Chris Adams
Once upon a time, Sandro Bonazzola  said:
> I would recommend to use the engine for upgrading the hosts. It can use the
> cluster upgrade ansible role (
> https://github.com/oVirt/ovirt-ansible-cluster-upgrade/blob/master/README.md)
> and save you some time.

I guess this is the same ansible as used when clicking the "Upgrade"
button on the cluster in the web UI... that doesn't seem to work for
clusters with a hosted engine.  It appears it won't migrate the engine
to another host, so it won't upgrade the host with the engine.

-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3DG3W775NUHCEJ2D67XZUTWOGDGBQD53/


[ovirt-users] Re: ISO Upload

2020-01-16 Thread Chris Adams
Once upon a time, Nir Soffer  said:
> On Tue, Jan 7, 2020 at 4:02 PM Chris Adams  wrote:
> > Once upon a time, m.skrzetu...@gmail.com  said:
> > > I'd give up on the ISO domain. I started like you and then read the docs
> > which said that ISO domain is deprecated.
> > > I'd upload all files to a data domain.
> >
> > Note that that only works if your data domain is NFS... iSCSI data
> > domains will let you upload ISOs, but connecting them to a VM fails.
> 
> ISO on iSCSI/FC domains works fine for starting a VM from ISO, which is the
> main use case.

Okay - it didn't the last time I tried it (I just got errors).  Thanks.

-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RYBXPVDMLCRSRJHMRACANOJT6RPMV4AD/


[ovirt-users] Re: ISO Upload

2020-01-07 Thread Chris Adams
Once upon a time, m.skrzetu...@gmail.com  said:
> I'd give up on the ISO domain. I started like you and then read the docs 
> which said that ISO domain is deprecated.
> I'd upload all files to a data domain.

Note that that only works if your data domain is NFS... iSCSI data
domains will let you upload ISOs, but connecting them to a VM fails.
-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ND4OHFK6IH6BWOHGTDTRLJM54ZAST34Q/


[ovirt-users] Sigh... still vdsmd memory leak

2019-12-03 Thread Chris Adams
I've seen vdsmd leak memory (RSS increasing) for a while, and never
gotten anywhere with diagnosing it.  I upgraded a small setup (2 hosts
with hosted engine and iSCSI SAN) last week to 4.3.7 plus latest CentOS
7.7 updates, and I am still seeing this.

Currently, there are only 3 active VMs, plus the engine, all running on
one of the two node (which is also the SPM), and vdsmd on that node is
up to 450M RSS (6 days after upgrading), which is up almost 100M in the
last 24 hours.  On the other node, vdsmd RSS has not changed in the last
24 hours (83M).  I have a script watching the RSS on the growing node,
and it's a pretty steady increase:

   07:59:59.735  452080  +28
   08:00:03.361  452104  +24
   08:00:04.852  452112  +8
   08:00:21.088  452116  +4
   08:00:25.456  452120  +4
   08:00:25.753  452124  +4
   08:00:34.219  452132  +8
   08:00:35.866  452136  +4
   08:00:44.360  452140  +4
   08:00:51.213  452144  +4
   08:00:57.046  452152  +8
   08:00:59.855  452160  +8
   08:01:01.461  452164  +4
   08:01:04.615  452168  +4
   08:01:10.544  452172  +4
   08:01:11.003  452180  +8
   08:01:13.826  452184  +4
   08:01:14.737  452188  +4
   08:01:15.002  452192  +4
   08:01:21.350  452196  +4
   08:01:29.870  452200  +4
   08:01:34.995  452208  +8

This is a problem I have in multiple oVirt setups - don't know if it is
just something about how I installed or what, but I'd really like to
work on getting this figured out and fixed.

-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/AJA3MHI3V7SQEEAASDUTID3P7HV3CQPU/


[ovirt-users] Re: Clean up engine database?

2019-10-14 Thread Chris Adams
Once upon a time, Lucie Leistnerova  said:
> Ah, you are right. dwh-vacuum was added in 4.2.

Just for interest, I tried this on my 4.3.6 dev setup, and it just
gives:

[root@engine ~]# dwh-vacuum 
/usr/bin/dwh-vacuum: line 47: vacuumdb: command not found

Looks like it needs the SCL enablement that engine-vacuum has.
-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YBLTIQOLNVDFWSVPEAXWQWZ5SHED7C3P/


[ovirt-users] Re: New Certificate -> Image-IO-Proxy Errors

2019-10-14 Thread Chris Adams
Once upon a time, Markus Schaufler  said:
> I've changed the cert to an official cert using the howto at 
> https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL.html

Based on that page and trial & error, I use the following Ansible
playbook to deploy a Let's Encrypt cert to an oVirt engine.  I'm
managing certs from a central VM that uses DNS auth rather than web, and
my ansible-playbook call sets certpath to $RENEWED_LINEAGE.


# Configure oVirt for a third-party cert and deploy a Let's Encrypt cert

- hosts: all

  handlers:
  - name: restart httpd
service:
  name: httpd.service
  state: restarted

  - name: update java trust
command: /usr/bin/update-ca-trust

  - name: restart ovirt engine service
service:
  name: ovirt-engine.service
  state: restarted

  - name: restart ovirt websocket proxy
service:
  name: ovirt-websocket-proxy.service
  state: restarted

  - name: restart ovirt imageio proxy
service:
  name: ovirt-imageio-proxy.service
  state: restarted

  - name: restart ovirt ovn provider
service:
  name: ovirt-provider-ovn.service
  state: restarted

  tasks:
  
  # Configure various oVirt things to use our installed cert rather than
  # the engine-CA-signed cert
  - name: configure ovirt trust
copy:
  content: 
"ENGINE_HTTPS_PKI_TRUST_STORE=\"/etc/pki/java/cacerts\"\nENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD=\"\"\n"
  dest: /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf
notify:
- restart ovirt engine service

  - name: configure ovirt websocket proxy
copy:
  content: 
"SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer\nSSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass\n"
  dest: /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/99-custom-cert.conf
notify:
- restart ovirt websocket proxy

  - name: configure ovirt imageio proxy key
replace:
  path: /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf
  backup: yes
  regexp: '^(ssl_key_file = 
/etc/pki/ovirt-engine/keys/)imageio-proxy.key.nopass'
  replace: '\1apache.key.nopass'
notify:
- restart ovirt imageio proxy

  - name: configure ovirt imageio proxy cert
replace:
  path: /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf
  regexp: '^(ssl_cert_file = /etc/pki/ovirt-engine/certs/)imageio-proxy.cer'
  replace: '\1apache.cer'
notify:
- restart ovirt imageio proxy

  - name: configure ovirt ovn provider CA
copy:
  content: "[OVIRT]\novirt-ca-file=/etc/pki/tls/certs/ca-bundle.crt\n"
  dest: /etc/ovirt-provider-ovn/conf.d/99-system-ca.conf
notify:
- restart ovirt ovn provider

  
  # Install updated CA/cert/key
  - name: add lets-encrypt ca to java trust
copy:
  src: "{{ certpath }}/chain.pem"
  dest: /etc/pki/ca-trust/source/anchors/letsencrypt-ca.pem
notify:
- update java trust
- restart ovirt engine service

  - name: update ovirt engine ca chain
copy:
  src: "{{ certpath }}/chain.pem"
  dest: /etc/pki/ovirt-engine/apache-ca.pem
  backup: yes
notify:
- restart httpd
- restart ovirt engine service

  - name: update ovirt engine key
copy:
  src: "{{ certpath }}/privkey.pem"
  dest: /etc/pki/ovirt-engine/keys/apache.key.nopass
  backup: yes
  mode: 0440
  group: ovirt
notify:
- restart httpd
- restart ovirt websocket proxy
- restart ovirt imageio proxy

  - name: update ovirt engine cert
copy:
  src: "{{ certpath }}/cert.pem"
  dest: /etc/pki/ovirt-engine/certs/apache.cer
  backup: yes
notify:
- restart httpd
- restart ovirt websocket proxy
- restart ovirt imageio proxy

  - name: find old ansible backups
find:
  age: '91d'
  paths: /etc/pki/ovirt-engine
  recurse: yes
  patterns:
  - apache-ca.pem.[1-9]*~
  - apache.key.nopass.[1-9]*~
  - apache.cer.[1-9]*~
register: backups

  - name: delete backups
file:
  path: '{{ item.path }}'
  state: absent
loop: '{{ backups.files|flatten(levels=1) }}'



-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/KR6SX7XU3RA3KM7AKOWEL2SX76WPV3JG/


[ovirt-users] Re: Clean up engine database?

2019-10-14 Thread Chris Adams
Once upon a time, Lucie Leistnerova  said:
> you can use engine tools: engine-vacuum and dwh-vacuum.
> It can do full vacuum with -f option and also it runs with
> engine-setup when you choose it.

engine-vacuum doesn't appear to touch the DWB DB, and I don't have a
dwh-vacuum (on 4.1).  After reading a RHBZ, the issue was the various
*_samples_* tables, so I did:


systemctl stop ovirt-engine-dwhd.service

. /etc/ovirt-engine-dwh/ovirt-engine-dwhd.conf.d/10-setup-database.conf
PGPASSWORD="$DWH_DB_PASSWORD" psql \
-h "$DWH_DB_HOST" \
-p "$DWH_DB_PORT" \
-U "$DWH_DB_USER" \
-d "$DWH_DB_DATABASE" \
<<'EOF'
vacuum full host_interface_samples_history;
vacuum full vm_disk_samples_history;
vacuum full vm_disks_usage_samples_history;
vacuum full vm_interface_samples_history;
vacuum full vm_samples_history;
EOF

systemctl start ovirt-engine-dwhd.service
####

That reduced my Postgres DB size from 15G to 1.4G.

-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QBBWM2TSQUGPTZHQ5LCWHJUHI37HKC46/


[ovirt-users] Clean up engine database?

2019-10-11 Thread Chris Adams
On my oVirt 4.1.9 cluster, the hosted engine filled up its disk last
night (it was deployed from the engine appliance image and had a 20G
root and 5G swap).  I gained a little space by trimming down swap, but I
need to clean it up.

It looks like the problem is the Postgres database - /var/lib/pgsql/data
is using 16G.  Is there some cleanup I can do (and then some way to keep
it from happening again)?

Also, is there a way to extend the hosted engine disk?  It's on iSCSI
storage, and the LUN has free space.
-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/NEJTMZRXCQ5JDK5BE3RBZX5KOI4KB4QP/


[ovirt-users] Re: Problem with cloud-init (metrics install)

2019-08-12 Thread Chris Adams
I'm using ovirt-engine 4.3.5.5-1.el7.  I installed the Metrics Store
using this guide and its CentOS settings:

https://ovirt.org/documentation/metrics-install-guide/Installing_Metrics_Store.html

I tried to set a static IP on the created master0 VM per the guide by
setting the network settings under the Initial Run tab of the VM
settings, but they are not applied.  If I start the VM with Run Once and
the network settings, they are applied, but if I shut it down and go
back to a regular run, the VM reverts back to DHCP.

Once upon a time, Dominik Holler  said:
> On Sun, Aug 11, 2019 at 3:42 PM Liran Rotenberg  wrote:
> 
> > Hi again,
> > Adding +Dominik Holler
> >
> 
> Thanks for the heads up.
> 
> 
> > If you deployed the static configuration to the VM using cloud-init
> > you might be hitting this bug:
> > https://bugzilla.redhat.com/show_bug.cgi?id=1593010
> >
> > Let me know if this is the case. If not, please elaborate on the steps
> > you did to this VM.
> >
> >
> Which version of ovirt-engine do you use?
> Which cloud image do you use?
> Which network setting is not applied as you expect?
> 
> 
> > Regards,
> > Liran.
> >
> >
> >
> > On Thu, Aug 8, 2019 at 8:32 PM Chris Adams  wrote:
> > >
> > > How do you keep it from reverting back to DHCP on the next reboot?
> > >
> > > Once upon a time, Jayme  said:
> > > > I found this a bit confusing myself.  I ended up having to do it
> > manually
> > > > by logging in to the VM and changing the IP afterward.
> > > >
> > > > On Thu, Aug 8, 2019 at 11:21 AM Chris Adams  wrote:
> > > >
> > > > > I'm following this guide:
> > > > >
> > > > >
> > > > >
> > https://ovirt.org/documentation/metrics-install-guide/Installing_Metrics_Store.html
> > > > >
> > > > > Specifically, the step "Setup virtual machine static IP and Mac
> > > > > address".  The deploy does a bunch of stuff automatically, so the
> > first
> > > > > opportunity I have to do anything is after the VM is already booted.
> > > > >
> > > > > It seems that having a DHCP server, with matching reverse/forward DNS
> > > > > entries for each IP, is a requirement, and that there's not a way to
> > set
> > > > > the metrics store VM to a static IP (despite having to have a DNS
> > entry
> > > > > pointing to an IP).
> > > > >
> > > > > Once upon a time, Liran Rotenberg  said:
> > > > > > Hi Chris,
> > > > > > Run Once option is different from normal run.
> > > > > > For cloud-init you shall need the pre-requirement:
> > > > > > A sealed VM, for example if you wish to create a template:
> > > > > >
> > > > >
> > https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html/virtual_machine_management_guide/chap-templates#Sealing_Virtual_Machines_in_Preparation_for_Deployment_as_Templates
> > > > > > Cloud-init service should be installed and enabled on the VM (make
> > > > > > sure before sealing the VM).
> > > > > > Run will consume the cloud-init configuration only if it is the
> > VM's
> > > > > first run.
> > > > > >
> > > > > > Regards,
> > > > > > Liran.
> > > > > >
> > > > > > On Thu, Aug 8, 2019 at 4:07 PM Chris Adams 
> > wrote:
> > > > > > >
> > > > > > > I am trying to set up the oVirt Metrics Store, which uses
> > cloud-init
> > > > > for
> > > > > > > network settings, so I set the info under the "Initial Run" tab.
> > > > > > > However, it doesn't seem to actually apply the network settings
> > unless
> > > > > I
> > > > > > > "run once" and enable clout-init there.
> > > > > > >
> > > > > > > I haven't used cloud-init before (been on my to-do list to check
> > out) -
> > > > > > > am I missing something?
> > > > > > >
> > > > > > > --
> > > > > > > Chris Adams 
> > > > > > > ___
> > > > > > > Users mailing list -- users@ovirt.org
> > > > > > > To unsubscribe send an email to users-le...@ovirt.org
> > 

[ovirt-users] Re: Problem with cloud-init (metrics install)

2019-08-08 Thread Chris Adams
How do you keep it from reverting back to DHCP on the next reboot?

Once upon a time, Jayme  said:
> I found this a bit confusing myself.  I ended up having to do it manually
> by logging in to the VM and changing the IP afterward.
> 
> On Thu, Aug 8, 2019 at 11:21 AM Chris Adams  wrote:
> 
> > I'm following this guide:
> >
> >
> > https://ovirt.org/documentation/metrics-install-guide/Installing_Metrics_Store.html
> >
> > Specifically, the step "Setup virtual machine static IP and Mac
> > address".  The deploy does a bunch of stuff automatically, so the first
> > opportunity I have to do anything is after the VM is already booted.
> >
> > It seems that having a DHCP server, with matching reverse/forward DNS
> > entries for each IP, is a requirement, and that there's not a way to set
> > the metrics store VM to a static IP (despite having to have a DNS entry
> > pointing to an IP).
> >
> > Once upon a time, Liran Rotenberg  said:
> > > Hi Chris,
> > > Run Once option is different from normal run.
> > > For cloud-init you shall need the pre-requirement:
> > > A sealed VM, for example if you wish to create a template:
> > >
> > https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html/virtual_machine_management_guide/chap-templates#Sealing_Virtual_Machines_in_Preparation_for_Deployment_as_Templates
> > > Cloud-init service should be installed and enabled on the VM (make
> > > sure before sealing the VM).
> > > Run will consume the cloud-init configuration only if it is the VM's
> > first run.
> > >
> > > Regards,
> > > Liran.
> > >
> > > On Thu, Aug 8, 2019 at 4:07 PM Chris Adams  wrote:
> > > >
> > > > I am trying to set up the oVirt Metrics Store, which uses cloud-init
> > for
> > > > network settings, so I set the info under the "Initial Run" tab.
> > > > However, it doesn't seem to actually apply the network settings unless
> > I
> > > > "run once" and enable clout-init there.
> > > >
> > > > I haven't used cloud-init before (been on my to-do list to check out) -
> > > > am I missing something?
> > > >
> > > > --
> > > > Chris Adams 
> > > > ___
> > > > Users mailing list -- users@ovirt.org
> > > > To unsubscribe send an email to users-le...@ovirt.org
> > > > Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> > > > oVirt Code of Conduct:
> > https://www.ovirt.org/community/about/community-guidelines/
> > > > List Archives:
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/UKBKKLQQBFDNSVEIKETOD5GQPVVX2LBT/
> > > ___
> > > Users mailing list -- users@ovirt.org
> > > To unsubscribe send an email to users-le...@ovirt.org
> > > Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> > > oVirt Code of Conduct:
> > https://www.ovirt.org/community/about/community-guidelines/
> > > List Archives:
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/TAATB64XMPFMBV3TGO6BZOQ3RNGX7Q6A/
> >
> > --
> > Chris Adams 
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> > oVirt Code of Conduct:
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/PKZJG2AXVMWDXIT4R65DQ2BJI3OZF3OQ/
> >

> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/UDRDSQQ4NJRN36WTKEKAJLQLOMK6B5FG/


-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/HDNTABMK42QW27BBX7FNEISEPF7YEWCH/


[ovirt-users] Re: Problem with cloud-init (metrics install)

2019-08-08 Thread Chris Adams
I'm following this guide:

https://ovirt.org/documentation/metrics-install-guide/Installing_Metrics_Store.html

Specifically, the step "Setup virtual machine static IP and Mac
address".  The deploy does a bunch of stuff automatically, so the first
opportunity I have to do anything is after the VM is already booted.

It seems that having a DHCP server, with matching reverse/forward DNS
entries for each IP, is a requirement, and that there's not a way to set
the metrics store VM to a static IP (despite having to have a DNS entry
pointing to an IP).

Once upon a time, Liran Rotenberg  said:
> Hi Chris,
> Run Once option is different from normal run.
> For cloud-init you shall need the pre-requirement:
> A sealed VM, for example if you wish to create a template:
> https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html/virtual_machine_management_guide/chap-templates#Sealing_Virtual_Machines_in_Preparation_for_Deployment_as_Templates
> Cloud-init service should be installed and enabled on the VM (make
> sure before sealing the VM).
> Run will consume the cloud-init configuration only if it is the VM's first 
> run.
> 
> Regards,
> Liran.
> 
> On Thu, Aug 8, 2019 at 4:07 PM Chris Adams  wrote:
> >
> > I am trying to set up the oVirt Metrics Store, which uses cloud-init for
> > network settings, so I set the info under the "Initial Run" tab.
> > However, it doesn't seem to actually apply the network settings unless I
> > "run once" and enable clout-init there.
> >
> > I haven't used cloud-init before (been on my to-do list to check out) -
> > am I missing something?
> >
> > --
> > Chris Adams 
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> > oVirt Code of Conduct: 
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives: 
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/UKBKKLQQBFDNSVEIKETOD5GQPVVX2LBT/
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/TAATB64XMPFMBV3TGO6BZOQ3RNGX7Q6A/

-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/PKZJG2AXVMWDXIT4R65DQ2BJI3OZF3OQ/


[ovirt-users] Problem with cloud-init (metrics install)

2019-08-08 Thread Chris Adams
I am trying to set up the oVirt Metrics Store, which uses cloud-init for
network settings, so I set the info under the "Initial Run" tab.
However, it doesn't seem to actually apply the network settings unless I
"run once" and enable clout-init there.

I haven't used cloud-init before (been on my to-do list to check out) -
am I missing something?

-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UKBKKLQQBFDNSVEIKETOD5GQPVVX2LBT/


[ovirt-users] Re: Use public-signed SSL certs?

2019-08-02 Thread Chris Adams
Once upon a time, Dominik Holler  said:
> Would
> ovirt-ca-file=/etc/pki/tls/certs/ca-bundle.crt
> work for you?

Yes, that looks like it works correctly.

Still chasing issues with a 3rd-party cert down... now it seems like
there may be an SSL issue between ovirt-provider-ovn and ovsdb-server
(seeing SSL and protocol errors in ovsdb-server-nb.log that weren't
there before changing the cert).

Also, I updated the engine from 4.3.4 to 4.3.5 and it overwrote the
necessary changes in ovirt-imageio-proxy's config.

-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SME7XGJLCJ5YTMFQ2OBJKFT53WODEQOI/


[ovirt-users] Re: Use public-signed SSL certs?

2019-08-01 Thread Chris Adams
I figured it out.  When ovirt-provider-ovn attempts to connect back to
the engine via HTTPS, it tells the python requests module to use the
specified CA cert file... but that won't work with most 3rd-party certs
because they have an intermediate cert as well.  It appears that the
requests module tries to validate both certs.

Creating /etc/ovirt-provider-ovn/conf.d/99-custom-cert.conf that just
has:

[OVIRT]
ovirt-ca-file=

tells the module to use the regular system CA cert file(s), which works.
This should probably be added to the oVirt doc for using a 3rd-party
cert.

Once upon a time, Chris Adams  said:
> Circling back to an old email...
> 
> Once upon a time, Yedidyah Bar David  said:
> > On Wed, Jan 30, 2019 at 10:28 PM Chris Adams  wrote:
> > > However, while digging, I also noticed that now the engine is not
> > > communicating with ovirt-provider-ovn, possibly due to a similar issue?
> > > It is having the reverse problem; it rejects the engine's cert.
> > 
> > Didn't try this yet, adding Dominik.
> 
> Was anybody able to look at this?  I had to use my dev hardware for
> something else for a bit, so re-installed with 4.3.5 yesterday.  The
> imageio SSL cert issue looks good, but I still can't figure out the
> ovirt-provider-ovn CA usage.
> 
> My little bit of digging seems to show that the engine connects to the
> provider and is using an SSL client cert, and that cert is signed by
> something... but I'm not sure what.  I think the provider side is trying
> to validate with the following setting from
> /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
> 
> [OVIRT]
> ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem
> 
> Following the general "3rd-party SSL", that is now the Let's Encrypt CA.
> I tried changing it to point to the original self-signed oVirt CA (same
> directory, just "ca.pem"), but that didn't work either.
> 
> Any suggestions?

-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/AG3IN73YZ2WLBLNCA2V42LE5V72XQ6Y6/


[ovirt-users] Re: Use public-signed SSL certs?

2019-07-31 Thread Chris Adams
Circling back to an old email...

Once upon a time, Yedidyah Bar David  said:
> On Wed, Jan 30, 2019 at 10:28 PM Chris Adams  wrote:
> > However, while digging, I also noticed that now the engine is not
> > communicating with ovirt-provider-ovn, possibly due to a similar issue?
> > It is having the reverse problem; it rejects the engine's cert.
> 
> Didn't try this yet, adding Dominik.

Was anybody able to look at this?  I had to use my dev hardware for
something else for a bit, so re-installed with 4.3.5 yesterday.  The
imageio SSL cert issue looks good, but I still can't figure out the
ovirt-provider-ovn CA usage.

My little bit of digging seems to show that the engine connects to the
provider and is using an SSL client cert, and that cert is signed by
something... but I'm not sure what.  I think the provider side is trying
to validate with the following setting from
/etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf

[OVIRT]
ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem

Following the general "3rd-party SSL", that is now the Let's Encrypt CA.
I tried changing it to point to the original self-signed oVirt CA (same
directory, just "ca.pem"), but that didn't work either.

Any suggestions?
-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VBM4JSHX2IC2DLEZJB2O3FBPRILPU3HV/


[ovirt-users] Re: Dell OMSA on oVirt node

2019-03-21 Thread Chris Adams
Once upon a time, Leo David  said:
> Hello everyone,
> I would really like to have installed Dell OMSA on my dell nodes so I can
> benefit of lots of administration features. Does anyone managed to have it
> installed ?

oVirt Node has the regular CentOS yum repos disabled, but Dell's OMSA
expects them (and possibly some things from EPEL? can't remember).  You
can try "yum --enablerepo={base,updates} install srvadmin-all".

I'm not sure how oVirt Node might handle the additional packages, what
will happen on oVirt upgrades, etc. though.  From what I understand,
installing additional software on Node isn't really supported.  You
might be better off installing "regular" CentOS and then oVirt, without
using the Node method.

-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/552ZFZQDXXXDGDTXNORTX7T6HMSWDTDZ/


[ovirt-users] Re: oVirt Performance (Horrific)

2019-03-14 Thread Chris Adams
Once upon a time, Karli Sjöberg  said:
> Lastly network, are you sure you activated jumbo frames, all the way
> from the storage to the hosts? That makes a huge difference on 10 Gb
> ethernet.

BTW: just wanted to mention a good way to check that you are really
getting jumbo frames is to use "ss" to see the MSS on the established
TCP sessions.  For example, if you are using iSCSI:

# ss -ti dport = :iscsi-target
State  Recv-Q Send-Q Local Address:Port Peer Address:Port   
 
ESTAB  0  0  10.21.0.201:60180
10.21.0.21:iscsi-target 
 cubic wscale:5,2 rto:201 rtt:0.737/0.563 ato:40 mss:8948 cwnd:10 
ssthresh:16 bytes_acked:1263988453 bytes_received:734634344892 
segs_out:55848414 segs_in:90177540 send 971.3Mbps lastsnd:1570 lastrcv:1568 
lastack:1568 pacing_rate 1941.6Mbps retrans:0/55 rcv_rtt:2.875 rcv_space:587020
ESTAB  0  0  10.21.0.201:55098
10.21.0.20:iscsi-target 
 cubic wscale:5,2 rto:201 rtt:0.443/0.119 ato:40 mss:8948 cwnd:19 
ssthresh:18 bytes_acked:256605372465 bytes_received:3117834587228 
segs_out:286956736 segs_in:442234458 send 3070.2Mbps lastsnd:1445 lastrcv:1444 
lastack:1444 pacing_rate 6138.7Mbps retrans:0/9 reordering:5 rcv_rtt:6.75 
rcv_space:459048

NFS is a little different (since it doesn't use a single fixed port),
but you can use "ss -ti dst [NFS server IP]" instead.
-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/6MYFGVGXADMAUADC3SOCUO4A3ZWZRRTG/


[ovirt-users] Re: Changing DNS servers

2019-01-31 Thread Chris Adams
Once upon a time, Luca 'remix_tj' Lorenzetto  said:
> did you checked under the network configuration of ovirtmgmt on each
> host? Here there are directives for setting ip, dns and gateway.
> Since you're reporting a file from vdsm, that configuration can be
> changed through the manager ui.

On a 4.2 cluster, I see a tab for DNS configuration, but on this 4.1
cluster, I don't see any DNS config in the web UI.
-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/WPVDF2MMJF5F6SDJG3FH7M7K3MV3VOAA/


[ovirt-users] Changing DNS servers

2019-01-31 Thread Chris Adams
I am trying to change the DNS servers on the hosts on a 4.1 cluster.  It
appears that oVirt has "learned" them somewhere.  They are in
/etc/sysconfig/network-scripts/ifcfg-ovirtmgmt (and of course
/etc/resolv.conf), but that file gets rewritten on a reboot (so if I
change it they just change back).  I can't find anything in the web UI
to set/change DNS, but obviously they're stored somewhere.

I see /var/lib/vdsm/persistence/netconf./nets/ovirtmgmt has
the config; is it safe to directly edit that file?

-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3XV6UP6EIHBP25DXVY2Y4MLB2LG2VOMT/


[ovirt-users] Re: Use public-signed SSL certs?

2019-01-30 Thread Chris Adams
Digging a little deeper... if I add the Let's Encrypt CA to
/etc/pki/ovirt-engine/.truststore, imageio-proxy works (I can
successfully upload an ISO), so I guess the issue is that imageio-proxy
uses the same cert for web and engine communication and the engine
wasn't happy with the public-CA-signed cert.

So, rather than point part of the engine at a separate trust store (as
the docs recommend), maybe just add the public CA to the engine's
existing trust store?

However, while digging, I also noticed that now the engine is not
communicating with ovirt-provider-ovn, possibly due to a similar issue?
It is having the reverse problem; it rejects the engine's cert.

This is all on 4.2.8 BTW.
-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FC6FNKINSVQFA7FDO2D6FBSHP2U5D7WI/


[ovirt-users] Re: Use public-signed SSL certs?

2019-01-30 Thread Chris Adams
Once upon a time, Yedidyah Bar David  said:
> On Tue, Jan 29, 2019 at 6:05 PM Chris Adams  wrote:
> > I installed an SSL cert from a public CA (Let's Encrypt) on my engine,
> > following this:
> >
> > https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2/html/administration_guide/appe-red_hat_enterprise_virtualization_and_ssl#Replacing_the_Manager_CA_Certificate
> >
> > That gets the regular web UI working, but I can't upload an ISO.  I
> > assume that I need to do something with the imageio-proxy service on the
> > engine, but not sure what... I tried replacing imageio-proxy.cer and
> > imageio-proxy.key.nopass, but that didn't work.
> 
> Did you restart the imageio-proxy?
> 
> What didn't work? What happened?

I did restart the service.  When I then try to upload an ISO image, I
get "Paused by System" and this in engine.log:


2019-01-30 08:12:15,871-06 ERROR 
[org.ovirt.engine.core.bll.storage.disk.image.TransferDiskImageCommand] 
(EE-ManagedThreadFactory-engineScheduled-Thread-52) 
[0052c7ad-38d7-429d-be3a-eb0e496d5ee8] Failed to add image ticket to 
ovirt-imageio-proxy: javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) 
[jsse.jar:1.8.0_191]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946) 
[jsse.jar:1.8.0_191]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316) 
[jsse.jar:1.8.0_191]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) 
[jsse.jar:1.8.0_191]
at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639) 
[jsse.jar:1.8.0_191]
at 
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) 
[jsse.jar:1.8.0_191]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) 
[jsse.jar:1.8.0_191]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965) 
[jsse.jar:1.8.0_191]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064) 
[jsse.jar:1.8.0_191]
at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367) 
[jsse.jar:1.8.0_191]
at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395) 
[jsse.jar:1.8.0_191]
at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379) 
[jsse.jar:1.8.0_191]
at 
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) 
[rt.jar:1.8.0_191]
at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
 [rt.jar:1.8.0_191]
at 
sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1334)
 [rt.jar:1.8.0_191]
at 
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1309)
 [rt.jar:1.8.0_191]
at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:259)
 [rt.jar:1.8.0_191]
at 
org.ovirt.engine.core.bll.storage.disk.image.TransferImageCommand.addImageTicketToProxy(TransferImageCommand.java:654)
 [bll.jar:]
at 
org.ovirt.engine.core.bll.storage.disk.image.TransferImageCommand.startImageTransferSession(TransferImageCommand.java:579)
 [bll.jar:]
at 
org.ovirt.engine.core.bll.storage.disk.image.TransferImageCommand.handleImageIsReadyForTransfer(TransferImageCommand.java:261)
 [bll.jar:]
at 
org.ovirt.engine.core.bll.storage.disk.image.TransferImageCommand.handleInitializing(TransferImageCommand.java:232)
 [bll.jar:]
at 
org.ovirt.engine.core.bll.storage.disk.image.TransferImageCommand.executeStateHandler(TransferImageCommand.java:167)
 [bll.jar:]
at 
org.ovirt.engine.core.bll.storage.disk.image.TransferImageCommand.proceedCommandExecution(TransferImageCommand.java:154)
 [bll.jar:]
at 
org.ovirt.engine.core.bll.storage.disk.image.TransferImageCommandCallback.doPolling(TransferImageCommandCallback.java:21)
 [bll.jar:]
at 
org.ovirt.engine.core.bll.tasks.CommandCallbacksPoller.invokeCallbackMethodsImpl(CommandCallbacksPoller.java:146)
 [bll.jar:]
at 
org.ovirt.engine.core.bll.tasks.CommandCallbacksPoller.invokeCallbackMethods(CommandCallbacksPoller.java:107)
 [bll.jar:]
at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) 
[rt.jar:1.8.0_191]
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) 
[rt.jar:1.8.0_191]
at 
org.glassfish.enterprise.concurrent.internal.ManagedScheduledThreadPoolExecutor$ManagedScheduledFutureTask.access$201(Man

[ovirt-users] Re: Use public-signed SSL certs?

2019-01-29 Thread Chris Adams
Once upon a time, John Florian  said:
> Just to follow up on this Chris, I have my puppet drop my CA cert in
> /etc/pki/ca-trust/source/anchors/, my self-signed cert
> in/etc/pki/ovirt-engine/certs/ and my key in 
> /etc/pki/ovirt-engine/keys.  I also manage
> /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf to have:
> 
> ENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts"
> ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD=""
> 
> I believe this gives me everything you seek.

That works to get the core engine UI using a new cert (that and a little
more are in the Red Hat URL in my original message).  It doesn't handle
the imageio-proxy however.
-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SPQLME4PMHRXM6LCVSX4V5GNZLFOIF4W/


[ovirt-users] Re: Use public-signed SSL certs?

2019-01-29 Thread Chris Adams
Once upon a time, John Florian  said:
> On 1/29/19 1:30 PM, Chris Adams wrote:
> >Can that be run non-interactively to do whatever is needed?
> >I'm using a Let's Encrypt cert, which needs to have a 100% automated
> >deployment.
> 
> Yes, I believe so.  Look at the whole biz with the "answers" file
> and the --config-append=file option.  You should already have a
> generated answers file laying around from when you ran engine-setup
> before.  See /var/lib/ovirt-engine/setup/answers IIRC.

Hmm, that won't work - it looks like you can't run engine-setup on a
hosted engine unless you first set hosted-engine HA to global
maintenance.

Is running engine-setup necessary to install/update certificates, or
maybe is there a simpler way?
-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OLWCGI5DFDPGZMACRH4CLEAA57MM6KDF/


[ovirt-users] Re: Use public-signed SSL certs?

2019-01-29 Thread Chris Adams
I had not.  Can that be run non-interactively to do whatever is needed?
I'm using a Let's Encrypt cert, which needs to have a 100% automated
deployment.

Once upon a time, Staniforth, Paul  said:
> Did you try running engine-setup ?
> 
> Regards,
>   Paul S.
> ____
> From: Chris Adams 
> Sent: 29 January 2019 15:51
> To: users@ovirt.org
> Subject: [ovirt-users] Use public-signed SSL certs?
> 
> I installed an SSL cert from a public CA (Let's Encrypt) on my engine,
> following this:
> 
> https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2/html/administration_guide/appe-red_hat_enterprise_virtualization_and_ssl#Replacing_the_Manager_CA_Certificate
> 
> That gets the regular web UI working, but I can't upload an ISO.  I
> assume that I need to do something with the imageio-proxy service on the
> engine, but not sure what... I tried replacing imageio-proxy.cer and
> imageio-proxy.key.nopass, but that didn't work.
> 
> I'm trying to avoid ever needing to install a special CA cert in
> browsers.
> --
> Chris Adams 
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/NZBGRCKW6WA4WISTCRDJIFUCMNIKJ2CG/
> To view the terms under which this email is distributed, please go to:-
> http://leedsbeckett.ac.uk/disclaimer/email/

-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/MO64G3S2MXF5HA54E5PSHNDAZU2OPIYL/


[ovirt-users] Use public-signed SSL certs?

2019-01-29 Thread Chris Adams
I installed an SSL cert from a public CA (Let's Encrypt) on my engine,
following this:

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2/html/administration_guide/appe-red_hat_enterprise_virtualization_and_ssl#Replacing_the_Manager_CA_Certificate

That gets the regular web UI working, but I can't upload an ISO.  I
assume that I need to do something with the imageio-proxy service on the
engine, but not sure what... I tried replacing imageio-proxy.cer and
imageio-proxy.key.nopass, but that didn't work.

I'm trying to avoid ever needing to install a special CA cert in
browsers.
-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/NZBGRCKW6WA4WISTCRDJIFUCMNIKJ2CG/


[ovirt-users] Re: Bad libvirt-spice certificate - regenerate?

2018-10-04 Thread Chris Adams
Is there a way to force the libvirt-spice certificates to be renewed now
(since they are invalid and keeping me from connecting to VM consoles)?

Once upon a time, Staniforth, Paul  said:
> Hello Chris,
>engine-setup should renew the certificates, the event 
> notifier can send warnings about expired or expiring certificates.
> 
> Regards,
>  Paul S.
> ____
> From: Chris Adams 
> Sent: 02 October 2018 15:04
> To: users@ovirt.org
> Subject: [ovirt-users] Bad libvirt-spice certificate - regenerate?
> 
> I have an oVirt 4.1 cluster that was initially installed with 3.5 in
> 2014.  The SSL certificates on the physical hosts in
> /etc/pki/vdsm/libvirt-spice have a problem - the "not before" date is
> invalid (it doesn't include a time zone), and so I can't connect to VM
> consoles from a client with OpenSSL 1.1.0i (up to date Fedora 27).
> 
> How can I regenerate these certificates?
> 
> Also, I noticed they expire next year - is that expiration handled
> automatically?
> 
> --
> Chris Adams 
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/3EMV5VLZMMT7MGQKDZKYQUQXN3FARG4D/
> To view the terms under which this email is distributed, please go to:-
> http://disclaimer.leedsbeckett.ac.uk/disclaimer/disclaimer.html

-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/WDGV3QIRKEE4IGSWMTRVXIQUGDKPTLZQ/


[ovirt-users] Bad libvirt-spice certificate - regenerate?

2018-10-02 Thread Chris Adams
I have an oVirt 4.1 cluster that was initially installed with 3.5 in
2014.  The SSL certificates on the physical hosts in
/etc/pki/vdsm/libvirt-spice have a problem - the "not before" date is
invalid (it doesn't include a time zone), and so I can't connect to VM
consoles from a client with OpenSSL 1.1.0i (up to date Fedora 27).

How can I regenerate these certificates?

Also, I noticed they expire next year - is that expiration handled
automatically?

-- 
Chris Adams 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3EMV5VLZMMT7MGQKDZKYQUQXN3FARG4D/


[ovirt-users] Re: VM interface bonding (LACP)

2018-05-14 Thread Chris Adams
Once upon a time, Doug Ingham <dou...@gmail.com> said:
>  Correct!
> 
>  | Single 1Gbit virtual interface
>  |
> VM  Host  Switch stack
>|
>|--- 4x 1Gbit interfaces bonded over LACP
> 
> The traffic for all of the VMs is distributed across the host's 4 bonded
> links, however each VM is limited to the 1Gbit of its own virtual
> interface. In the case of my proxy, all web traffic is routed through it,
> so its single Gbit interface has become a bottleneck.

It was my understanding that the virtual interface showing up as 1 gig
was just a reporting thing (something has to be put in the speed field).
I don't think the virtual interface is actually limited to 1 gig, the
server will just pass packets as fast as it can.

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org


[ovirt-users] Sizing hardware for hyperconverged with Gluster?

2018-03-19 Thread Chris Adams
I have a reasonable feel for how to size hardware for an oVirt cluster
with external storage (our current setups all use iSCSI to talk to a
SAN).  I'm looking at a hyperconverged oVirt+Gluster setup; are there
guides for figuring out the additional Gluster resource requirements?  I
assume I need to allow for additional CPU and RAM, I just don't know how
to size it (based on I/O I guess?).

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Network and disk inactive after 4.2.1 upgrade

2018-02-26 Thread Chris Adams
Once upon a time, Arsène Gschwind <arsene.gschw...@unibas.ch> said:
> After upgrading from 4.1.9 to 4.2.1 I had the same problem.
> Had to reactivate network and disk on all VMs.

Do you use the hosted engine?  If so, how did you fix it?
-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] Network and disk inactive after 4.2.1 upgrade

2018-02-13 Thread Chris Adams
I upgraded my dev cluster from 4.2.0 to 4.2.1 yesterday, and I noticed
that all my VMs show the network interfaces unplugged and disks inactive
(despite the VMs being up and running just fine).  This includes the
hosted engine.

I had not rebooted VMs after upgrading, so I tried powering one off and
on; it would not start until I manually activated the disk.

I haven't seen a problem like this before (although it usually means
that I did something wrong :) ) - what should I look at?
-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] Memory leaks in ovirt-ha-agent, vdsmd

2018-02-06 Thread Chris Adams
I regularly see memory leaks in ovirt-ha-agent and vdsmd.  For example,
I have a two-node 4.2.0 test setup with a hosted engine on iSCSI.  Right
now, vdsmd on one node is using 7.8G RAM, and ovirt-ha-agent is using
1.1G on each node.

I've had this kind of problem with 4.1 production systems as well; it
just seems to be a recurring issue.  I have to periodically go through
and restart these services on the nodes.  Occasionally I see sanlock use
up a bunch of RAM as well.

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Warning - MacOS SSH Terminal / oVirt Engine Errors

2017-12-29 Thread Chris Adams
Once upon a time, andreil1 <andre...@starlett.lv> said:
> Hi !
> 
> I would like to warn all who try to use engine-setup via MacOS X SSH terminal.
> It throws a lot of errors and fails (seems to relate to differently named 
> UTF8 locales). 
> From Linux PC everything is fine.
> 
> 
> 
> [root@node00 ~]# engine-setup 
> [ ERROR ] Yum unknown locale: UTF-8
> [ ERROR ] Yum unknown locale: UTF-8

Is it really setting the locale ($LANG) to UTF-8?  If so, that's wrong;
UTF-8 is a character encoding, not a locale.  A proper locale would be
something like en_US.utf8.

You should be able to override it after login by setting it, like:

# export LANG=en_US.utf8

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Minor issue upgrading to 4.2

2017-12-25 Thread Chris Adams
Once upon a time, Misak Khachatryan <kmi...@gmail.com> said:
> It seems me too in the same situation, my cluster shows firewall type
> as iptables, and my firewalld status is on hosts:

Do you know if you had firewalld installed before upgrading?  You should
be able to tell by checking your /var/log/yum.log.

I suspect that the issue is that oVirt pulls in firewalld, and the
firewalld RPM sets itself to run by default, plus it happens to be
started after iptables (and so blows away iptables rules).

See if this fixes it for you:

# systemctl stop firewalld.service
# systemctl disable firewalld.service
# systemctl restart iptables.service

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Minor issue upgrading to 4.2

2017-12-24 Thread Chris Adams
My cluster shows iptables as the firewall type in the web UI, and
firewall_type is 0 in the database.

Once upon a time, Yaniv Kaul <yk...@redhat.com> said:
> Sounds like https://bugzilla.redhat.com/show_bug.cgi?id=1511013 - can you
> confirm?
> Y.
> 
> On Sat, Dec 23, 2017 at 1:56 AM, Chris Adams <c...@cmadams.net> wrote:
> 
> > I upgraded a CentOS 7 oVirt 4.1.7 (initially installed as 3.5 if it
> > matters) test oVirt cluster to 4.2.0, and ran into one minor issue.  The
> > update installed firewalld on the host, which was set to start on boot.
> > This replaced the iptables rules with a blank firewalld setup that only
> > allowed SSH, which kept the host from working.
> >
> > Stopping and disabling firewalld, then reloading iptables, got the host
> > back working.
> >
> > In a quick search, I didn't see anything noting that firewalld was now
> > required, and it didn't seem to be configured correctly if oVirt was
> > trying to use it.
> >
> > --
> > Chris Adams <c...@cmadams.net>
> > ___
> > Users mailing list
> > Users@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >

> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users


-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] Minor issue upgrading to 4.2

2017-12-22 Thread Chris Adams
I upgraded a CentOS 7 oVirt 4.1.7 (initially installed as 3.5 if it
matters) test oVirt cluster to 4.2.0, and ran into one minor issue.  The
update installed firewalld on the host, which was set to start on boot.
This replaced the iptables rules with a blank firewalld setup that only
allowed SSH, which kept the host from working.

Stopping and disabling firewalld, then reloading iptables, got the host
back working.

In a quick search, I didn't see anything noting that firewalld was now
required, and it didn't seem to be configured correctly if oVirt was
trying to use it.

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Question about cold start

2017-10-04 Thread Chris Adams
Once upon a time, Martin Sivak <msi...@redhat.com> said:
> Can you please describe your use-case there to make sure we do not
> forget and to make it obvious there is a need for this feature?

Thanks, added.

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Question about cold start

2017-10-04 Thread Chris Adams
Once upon a time, Charles Kozler <ckozler...@gmail.com> said:
> I believe you would accomplish this by setting a VM to be highly available
> (like the engine). Then engine makes sure this VM is up on at least one
> node through lease agreements (IIRC). In either case, I think this is what
> you want

That keeps VMs up as long as the cluster is up, but does not bring them
back if the whole cluster goes down (unless there's some other setting
I'm missing).
-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] Question about cold start

2017-10-04 Thread Chris Adams
I have an oVirt cluster that was hard shutdown last night (fire is bad,
and firemen killed the generators for their safety).  When it came back
up, it did not start any VMs other than the hosted engine.

Is that expected?  I know this is not a normal use case, but is there a
way to set VMs to start on cluster boot?

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] Different link speeds in LACP LAG?

2017-09-13 Thread Chris Adams
I have a small oVirt setup for one customer, with two servers each
connected to a two-switch stack with 1G links.  Now the customer would
like to upgrade the server links to 10G.  My question is this: can I add
a 10G NIC and do this with minimal "fuss" by just adding the 10G links
to the same LAG, then removing the 1G links?  I would have the host in
maintenance mode no matter what.

I haven't checked the switch to see if it'll support that yet, figured
I'd start on the oVirt side.

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] Replacing engine SSL cert

2017-09-09 Thread Chris Adams
I'm writing a script to install a new SSL key/cert pair (from Let's
Encrypt) for the engine web UI on oVirt 4.1.  I'm looking at this, but
it's a little confusing.

https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL/

It sounds like steps 1 and 3 are referring to the CA-supplied
intermediate cert(s), not the actual issue cert for the server.  Is that
right?

Does anything actually use the PCKS12 format file referred to in step 4?
I don't normally see that format from regular CAs; they usually provide
cert+intermediate(s) in PEM format.

With Apache 2.4, it is normal to just put the cert+intermediate(s) chain
in one file and configure Apache with SSLCertificateFile.  You aren't
supposed to put the CA-supplied cert in the SSLCACertificateFile like
oVirt appears to do; that's intended to be used for validating client
certs, not the intermediate(s) for the server cert.

It really just looks like the cert+intermediate(s) should go in
/etc/pki/ovirt-engine/certs/apache.cer, the corresponding key put in
/etc/pki/ovirt-engine/keys/apache.key.nopass, and then Apache needs to
be restarted.  Since oVirt doesn't use the engine web UI cert for
anything internally (right?), do any of the other steps on the above
page matter?

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Software RAID on oVirt Node

2017-08-04 Thread Chris Adams
Once upon a time, Vinícius Ferrão <fer...@if.ufrj.br> said:
> On typical deployment scenarios of oVirt which is the recommended RAID 
> technologies for oVirt Node installation? Should I use controller based RAID 
> or mdadm can be used instead? Is this recommended?
> 
> I’m asking this because other vendors requires hardware RAID, even those 100% 
> based on CentOS, like XenServer. There’s not even a way to install it with 
> mdadm (Software Raid).

I use Linux software RAID under oVirt just fine.  I'm not using oVirt
Node though (I just installed CentOS and then installed oVirt).  Note
that I have an iSCSI SAN for VM storage - things might be different if
you are planning to use the local disks for VMs (local storage or
Gluster).

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] Add disk image from node command line?

2017-07-12 Thread Chris Adams
I have a qcow2 disk image sitting on the local filesystem of one node.
Is there a way to copy this image to oVirt (into an iSCSI storage
domain) without copying it to my desktop and uploading through the web
UI?

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Seamless SAN HA failovers with oVirt?

2017-06-06 Thread Chris Adams
Once upon a time, Juan Pablo <pablo.localh...@gmail.com> said:
> Chris, if you have active-active with multipath: you upgrade one system,
> reboot it, check it came active again, then upgrade the other.

Yes, but that's still not how a TrueNAS (and most other low- to
mid-range SANs) works, so is not relevant.  The TrueNAS only has a
single active node talking to the hard drives at a time, because having
two nodes talking to the same storage at the same time is a hard problem
to solve (typically requires custom hardware with active cache coherency
and such).

You can (and should) use multipath between servers and a TrueNAS, and
that protects against NIC, cable, and switch failures, but does not help
with a controller failure/reboot/upgrade.  Multipath is also used to
provide better bandwidth sharing between links than ethernet LAGs.

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Seamless SAN HA failovers with oVirt?

2017-06-06 Thread Chris Adams
Once upon a time, Juan Pablo <pablo.localh...@gmail.com> said:
> Im saying you can do it with multipath and not rely on truenas/freenas.
> with an active/active configuration on the virt side...instead of
> active/passive on the storage side.

But there's still only one active system (the active TrueNAS node)
connected to the hard drives, and the only way to upgrade is to reboot
it.  Multipath doesn't bypass that.

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Seamless SAN HA failovers with oVirt?

2017-06-06 Thread Chris Adams
Once upon a time, Juan Pablo <pablo.localh...@gmail.com> said:
> I think its not related to something on the trueNAS side. if you are using
> iscsi multipath you should be using round-robin

TrueNAS HA is active/standby, so multipath has nothing to do with
rebooting/upgrading a TrueNAS.

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Seamless SAN HA failovers with oVirt?

2017-06-06 Thread Chris Adams
Once upon a time, Sven Achtelik <sven.achte...@eps.aero> said:
> I was failing over by rebooting one of the TrueNas nodes and this took some 
> time for the other node to take over. I was thinking about asking the TN guys 
> if there is a command or procedure to speed up the failover.

That's the way TrueNAS failover works; there is no "graceful" failover,
you just reboot the active node.

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] LACP Bonding issue

2017-04-20 Thread Chris Adams
Sorry about the message with nothing new...

Once upon a time, Bryan Sockel <bryan.soc...@altn.com> said:
> We checked the port groups, and servers are cabled correctly.
> 
> After server is rebooted, em1 is the only interface passing traffic.
> Other 3 nics sitting idle.  We can down each port on the switch and
> confirm it is down on the server.
> 
> I am pretty sure it is related to the bridge that was created to pass
> vm-host-altn traffic when the appliance was first installed.

Well, I don't have any problem with that setup on multiple oVirt
clusters (including a bunch of R610 servers), so I don't think that's
it.

I configure oVirt for "custom" bonding options; I use:

  mode=802.3ad lacp_rate=1 xmit_hash_policy=layer2+3

Is it possible to move the wires around temporarily, so different server
ports are connected to different switch ports?  It would be interested
to see if the "solo" behavior stayed with the port or the wire.

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] LACP Bonding issue

2017-04-20 Thread Chris Adams
Once upon a time, Bryan Sockel <bryan.soc...@altn.com> said:
> We checked the port groups, and servers are cabled correctly.
> 
> After server is rebooted, em1 is the only interface passing traffic.
> Other 3 nics sitting idle.  We can down each port on the switch and
> confirm it is down on the server.
> 
> 
> I am pretty sure it is related to the bridge that was created to pass
> vm-host-altn traffic when the appliance was first installed.
> 
> 
> 
> ---- Original message 
> From: Chris Adams <c...@cmadams.net> 
> Date: 4/20/17 5:40 PM (GMT-06:00) 
> To: users@ovirt.org 
> Subject: Re: [ovirt-users] LACP Bonding issue 
> 
>   _  
> 
> >From : Chris Adams [c...@cmadams.net]
> To : users@ovirt.org [users@ovirt.org]
> Date : Thursday, April 20 2017 17:40:25
> Once upon a time, Bryan Sockel  said:
> > It seems that is some disconnect between my network bridge, the bond
> and my 
> > interfaces.  I would like to some how get my bond to use all 4
> interfaces.  
> > On reboot, it always seems to reset consistently to EM1.
> 
> Are you sure the switch side is all the same LACP group?  Sounds like
> one port may accidentally be in a separate group, and that happens to be
> em1.
> 
> You might try swapping wires between em1 and another port and reboot and
> see which ports come up - if all but the port with the wire formerly in
> em1 come up, it points to the switch config.
> 
> -- 
> Chris Adams 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] LACP Bonding issue

2017-04-20 Thread Chris Adams
Once upon a time, Bryan Sockel <bryan.soc...@altn.com> said:
> It seems that is some disconnect between my network bridge, the bond and my 
> interfaces.  I would like to some how get my bond to use all 4 interfaces.  
> On reboot, it always seems to reset consistently to EM1.

Are you sure the switch side is all the same LACP group?  Sounds like
one port may accidentally be in a separate group, and that happens to be
em1.

You might try swapping wires between em1 and another port and reboot and
see which ports come up - if all but the port with the wire formerly in
em1 come up, it points to the switch config.

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Storage latency message

2017-04-18 Thread Chris Adams
Once upon a time, Nir Soffer <nsof...@redhat.com> said:
> Ovirt is reading 4k from the metadata special volume every 10 secods. If
> the read takes more than 5 seconds, you will see this warning in engine
> event log.
> 
> Maybe your storage or the host was overloaded at that time (e.g. vm backup)?

I don't see any evidence that the storage was having any problem.  The
times the message gets logged are not at any high-load times either
(either scheduled backups or just high demand).

I wrote a perl script to replicate the check, and I ran it on a node in
maintenance mode (so no other traffic on the node).  My script opens a
block device with O_DIRECT, reads the first 4K, and closes it, reporting
the time.  I do see some latency jumps with that check, but not on the
raw block device, just the LV.

By that I mean I'm running it on two devices: the multipath device that
is the PV and the metadata LV.  The multipath device latency is pretty
stable, running around 0.3 to 0.5ms.  The LV latency is higher (just a
little normally) but has a higher variability and spikes to 50-125ms (at
the same time that reading the multipath device took under 0.5ms).

Seems like this might be a problem somewhere in the Linux logical volume
layer, not the block or network layer (or with the network/storage
itself).
-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Storage latency message

2017-04-13 Thread Chris Adams
Once upon a time, Yaniv Kaul <yk...@redhat.com> said:
> On Tue, Apr 11, 2017 at 3:57 PM, Chris Adams <c...@cmadams.net> wrote:
> > I've been getting an occasional message like:
> >
> > Storage domain hosted_storage experienced a high latency of
> > 5.26121 seconds from host node3.
> >
> > I'm not sure what is causing them though.  I look at my storage
> > (EqualLogic iSCSI SAN) and storage network switches and don't see any
> > issues.
> >
> > When the above message was logged, node3 was not hosting the engine
> > (doesn't even have engine HA installed), nor was it the SPM, so why
> > would it have even been accessing the hosted_storage domain?
> >
> 
> All hosts are monitoring their access to all storage domains in the data
> center.

Okay.  Is there any more information about what this message actually
means though?  Is it read latency, write latency, a particular VM, etc.?

I can't find any issue at the network or SAN level, nor any load events
that correlate with the times oVirt logs the latency messages.

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] After 3.5->3.6 upgrade, OVF update error every hour

2017-04-06 Thread Chris Adams
That version of vdsm doesn't seem to be in the ovirt-3.6 repos - where
would I get it?

My plan is to continue upgrading to 4.0 and then 4.1.  Does that version
(or newer) come from 4.0+?  If so, is it safe to upgrade to 4.0 with the
older vdsm, or should I update vdsm first (to eliminate this error)?

Thanks.


Once upon a time, Pavel Gashev <p...@acronis.com> said:
> Chris,
> 
> Make sure you have vdsm >= 4.17.35 installed.
> 
> -Original Message-
> From: <users-boun...@ovirt.org> on behalf of Chris Adams <c...@cmadams.net>
> Date: Thursday, 6 April 2017 at 16:29
> To: "users@ovirt.org" <users@ovirt.org>
> Subject: [ovirt-users] After 3.5->3.6 upgrade, OVF update error every hour
> 
> After upgrading an oVirt cluster from 3.5 to 3.6, I am getting the
> following error every hour:
> 
> Failed to update OVF disks ce8647c6-f936-4633-8a7b-e7dcb45d8ebb, OVF
> data isn't updated on those OVF stores (Data Center Middle-Earth,
> Storage Domain equallogic).
> 
> Looking in the vdsm log on the SPM node, it looks like the problem is
> that an attempt was made to lvextend an LV to 2m, but the LV is already
> 128m, so the extend failed (not needed).  I've attached the log entries
> for that task.
> 
> Any suggestions, ideas how to fix, etc.?
> 
> -- 
> Chris Adams <c...@cmadams.net>
> 
> 

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] After 3.5->3.6 upgrade, OVF update error every hour

2017-04-06 Thread Chris Adams
After upgrading an oVirt cluster from 3.5 to 3.6, I am getting the
following error every hour:

Failed to update OVF disks ce8647c6-f936-4633-8a7b-e7dcb45d8ebb, OVF
data isn't updated on those OVF stores (Data Center Middle-Earth,
Storage Domain equallogic).

Looking in the vdsm log on the SPM node, it looks like the problem is
that an attempt was made to lvextend an LV to 2m, but the LV is already
128m, so the extend failed (not needed).  I've attached the log entries
for that task.

Any suggestions, ideas how to fix, etc.?

-- 
Chris Adams <c...@cmadams.net>
Thread-735868::DEBUG::2017-04-06 
08:12:26,651::task::595::Storage.TaskManager.Task::(_updateState) 
Task=`c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac`::moving from state init -> state 
preparing
Thread-735868::DEBUG::2017-04-06 
08:12:26,673::task::752::Storage.TaskManager.Task::(_save) 
Task=`c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac`::_save: orig 
/rhev/data-center/0002-0002-0002-0002-0336/mastersd/master/tasks/c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac
 temp 
/rhev/data-center/0002-0002-0002-0002-0336/mastersd/master/tasks/c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac.temp
Thread-735868::DEBUG::2017-04-06 
08:12:26,678::taskManager::78::Storage.TaskManager::(scheduleJob) scheduled job 
downloadImageFromStream for task c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac 
Thread-735868::DEBUG::2017-04-06 
08:12:26,678::task::1183::Storage.TaskManager.Task::(prepare) 
Task=`c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac`::Prepare: 1 jobs exist, move to 
acquiring
Thread-735868::DEBUG::2017-04-06 
08:12:26,679::task::595::Storage.TaskManager.Task::(_updateState) 
Task=`c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac`::moving from state preparing -> 
state acquiring
Thread-735868::DEBUG::2017-04-06 
08:12:26,680::task::752::Storage.TaskManager.Task::(_save) 
Task=`c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac`::_save: orig 
/rhev/data-center/0002-0002-0002-0002-0336/mastersd/master/tasks/c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac
 temp 
/rhev/data-center/0002-0002-0002-0002-0336/mastersd/master/tasks/c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac.temp
Thread-735868::DEBUG::2017-04-06 
08:12:26,686::task::595::Storage.TaskManager.Task::(_updateState) 
Task=`c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac`::moving from state acquiring -> 
state queued
Thread-735868::DEBUG::2017-04-06 
08:12:26,686::task::752::Storage.TaskManager.Task::(_save) 
Task=`c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac`::_save: orig 
/rhev/data-center/0002-0002-0002-0002-0336/mastersd/master/tasks/c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac
 temp 
/rhev/data-center/0002-0002-0002-0002-0336/mastersd/master/tasks/c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac.temp
Thread-735868::DEBUG::2017-04-06 
08:12:26,693::taskManager::56::Storage.TaskManager::(_queueTask) queuing task: 
c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac
c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac::DEBUG::2017-04-06 
08:12:26,693::threadPool::194::Storage.ThreadPool.WorkerThread::(_processNextTask)
 Task: c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac running: > with: None
c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac::DEBUG::2017-04-06 
08:12:26,693::task::1200::Storage.TaskManager.Task::(commit) 
Task=`c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac`::committing task: 
c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac
c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac::DEBUG::2017-04-06 
08:12:26,694::task::595::Storage.TaskManager.Task::(_updateState) 
Task=`c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac`::moving from state queued -> state 
running
Thread-735868::DEBUG::2017-04-06 
08:12:26,694::taskManager::64::Storage.TaskManager::(_queueTask) task queued: 
c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac
Thread-735868::DEBUG::2017-04-06 
08:12:26,694::task::1188::Storage.TaskManager.Task::(prepare) 
Task=`c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac`::returning
Thread-735868::DEBUG::2017-04-06 
08:12:26,694::task::993::Storage.TaskManager.Task::(_decref) 
Task=`c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac`::ref 1 aborting False
c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac::DEBUG::2017-04-06 
08:12:26,695::task::752::Storage.TaskManager.Task::(_save) 
Task=`c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac`::_save: orig 
/rhev/data-center/0002-0002-0002-0002-0336/mastersd/master/tasks/c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac
 temp 
/rhev/data-center/0002-0002-0002-0002-0336/mastersd/master/tasks/c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac.temp
c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac::DEBUG::2017-04-06 
08:12:26,701::task::905::Storage.TaskManager.Task::(_runJobs) 
Task=`c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac`::Task.run: running job 0: 
downloadImageFromStream: > (args: ({'length': 1136640, 
'fileObj': }, , '2c2e3b6c-7161-45c5-ae80-3639ab565961', 
'ce8647c6-f936-4633-8a7b-e7dcb45d8ebb', '96be6a82-ab6a-4e38-b184-6dc65e57847c') 
kwargs: {})
c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac::DEBUG::2017-04-06 
08:12:26,702::task::329::Storage.TaskManager.Task::(run) 
Task=`c08b90ca-32dd-4c88-9f5c-7b2be5bf66ac`::Job.run: running 
downloadImageFromStream: >

Re: [ovirt-users] iscsi data domain when engine is down

2017-03-13 Thread Chris Adams
It's easy enough to verify; just SSH in to the physical machine running
the hosted engine and look.  You can see the qemu command line, follow
the links to the block device, then look at the LVM physical volume and
see that it is a multipath device.

Once upon a time, Marcin Kruk <askifyoun...@gmail.com> said:
> Are you 1000% sure? Because during startup vmsd the comman iscsiadm
>   is executed, In my opinion vmsd should rely on
> /var/lib/iscsi settings.
> 
> 2017-03-12 15:02 GMT+01:00 Chris Adams <c...@cmadams.net>:
> 
> > Once upon a time, Marcin Kruk <askifyoun...@gmail.com> said:
> > > OK, but what your script do, only add paths by the iscsiadm command, but
> > > the question is if hosted-engine can see it.
> > > I do not know how to add an extra path, for example, when I congirured
> > > hosted-engine during installation there was only one path in the target,
> > > but now there are four. So how can I verify how many paths are now, and
> > how
> > > eventually change it.
> >
> > oVirt access iSCSI storage through multipath devices, so adding a path
> > to the multipath device will work.  Adding an additional path with
> > iscsiadm causes multipathd to recognize it; you can verify that with
> > "multipath -ll".
> > --
> > Chris Adams <c...@cmadams.net>
> > ___
> > Users mailing list
> > Users@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >

> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users


-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] iscsi data domain when engine is down

2017-03-12 Thread Chris Adams
Once upon a time, Marcin Kruk <askifyoun...@gmail.com> said:
> OK, but what your script do, only add paths by the iscsiadm command, but
> the question is if hosted-engine can see it.
> I do not know how to add an extra path, for example, when I congirured
> hosted-engine during installation there was only one path in the target,
> but now there are four. So how can I verify how many paths are now, and how
> eventually change it.

oVirt access iSCSI storage through multipath devices, so adding a path
to the multipath device will work.  Adding an additional path with
iscsiadm causes multipathd to recognize it; you can verify that with
"multipath -ll".
-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] iscsi data domain when engine is down

2017-03-11 Thread Chris Adams
Once upon a time, Devin A. Bougie <devin.bou...@cornell.edu> said:
> On Mar 11, 2017, at 10:59 AM, Chris Adams <c...@cmadams.net> wrote:
> > Hosted engine runs fine on iSCSI since oVirt 3.5.  It needs a separate
> > target from VM storage, but then that access is managed by the hosted
> > engine HA system.
> 
> Thanks so much, Chris.  It sounds like that is exactly what I was missing.  
> 
> It would be great to know how to add multiple paths to the hosted engine's 
> iSCSI target, but hopefully I can figure that out once I have things up and 
> running.

oVirt doesn't currently support adding paths to an existing storage
domain; they all have to be selected when the domain is created.  Since
the hosted engine setup doesn't support that, there's no way to add
additional paths after the fact.  I think adding paths to a regular
storage domain is something that is being looked at (believe I read that
on the list), so maybe if that gets added, support for adding to the
hosted engine domain will be added as well.

I have a script that gets run out of cron periodically that looks at
sessions and configured paths and tries to add them if necessary.  I
manually created the config for the additional paths with iscsiadm.  It
works, although I'm not sure that the hosted engine HA is really "happy"
with what I did. :)

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] iscsi data domain when engine is down

2017-03-11 Thread Chris Adams
Once upon a time, Devin A. Bougie <devin.bou...@cornell.edu> said:
> Thanks for replying, Juan.  I was under the impression that the hosted engine 
> would run on an iSCSI data domain, based on 
> http://www.ovirt.org/develop/release-management/features/engine/self-hosted-engine-iscsi-support/
>  and the fact that "hosted-engine --deploy" does give you the option to 
> choose iscsi storage (but only one path, as far as I can tell).

Hosted engine runs fine on iSCSI since oVirt 3.5.  It needs a separate
target from VM storage, but then that access is managed by the hosted
engine HA system.

If all the engine hosts are shut down together, it will take a bit after
boot for the HA system to converge and try to bring the engine back
online (including logging in to the engine iSCSI LUN).  You can force
this on one host by running "hosted-engine --vm-start".

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] 3.5->3.6 did not import hosted engine storage domain

2017-03-07 Thread Chris Adams
Once upon a time, Chris Adams <c...@cmadams.net> said:
> However, now I'm back into the catch-22 of 3.6.7+hosted engine: the
> cluster compatibility level can't be raised while there's a running VM,
> and that includes the hosted engine.

I'm still stuck on this - anybody have any solution?  Because of this, I
can't upgrade my cluster.
-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] 3.5->3.6 did not import hosted engine storage domain

2017-03-01 Thread Chris Adams
Once upon a time, Simone Tiraboschi <stira...@redhat.com> said:
> On Wed, Mar 1, 2017 at 5:04 PM, Chris Adams <c...@cmadams.net> wrote:
> > I first tried setting the policy, but got "Error while executing action:
> > The set cluster compatibility version does not allow mixed major host OS
> > versions. Can not start the cluster upgrade."; I guess this is because
> > my hosts are CentOS 7 and the engine is CentOS 6?
> 
> This is not an issue, are you sure that all the hosts are el7 based?

Yes, there are only two hosts (dev/test setup), both freshly installed
with CentOS 7.3 plus all current updates.
-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] 3.5->3.6 did not import hosted engine storage domain

2017-03-01 Thread Chris Adams
Once upon a time, Simone Tiraboschi <stira...@redhat.com> said:
> On Wed, Mar 1, 2017 at 3:19 PM, Chris Adams <c...@cmadams.net> wrote:
> > However, now I'm back into the catch-22 of 3.6.7+hosted engine: the
> > cluster compatibility level can't be raised while there's a running VM,
> > and that includes the hosted engine.
> 
> Please see this one:
> https://bugzilla.redhat.com/show_bug.cgi?id=1364557
> 
> Simply define 'InClusterUpgrade' scheduling policy on the HE VM cluster

I first tried setting the policy, but got "Error while executing action:
The set cluster compatibility version does not allow mixed major host OS
versions. Can not start the cluster upgrade."; I guess this is because
my hosts are CentOS 7 and the engine is CentOS 6?

I tried changing the engine config to skip that check from comment 10
step 3, but got:
- Can not start cluster upgrade mode, see below for details:
- VM HostedEngine with id 4a035efd-a041-4e46-84db-01cf79400913 is
  configured to be not migratable.

I did the SQL update from comment 1, and then I could set the policy.

However, I still can't change the cluster compatibility version.
-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] 3.5->3.6 did not import hosted engine storage domain

2017-03-01 Thread Chris Adams
Once upon a time, Simone Tiraboschi <stira...@redhat.com> said:
> > I recreated a 3.5 setup and upgraded the engine to 3.6 - that should
> > have been enough to import the hosted engine storage domain, right?
> 
> Did you also raised the cluster compatibility level to 3.6 on the engine?

No (I didn't realize this didn't happen until that was changed).

However, now I'm back into the catch-22 of 3.6.7+hosted engine: the
cluster compatibility level can't be raised while there's a running VM,
and that includes the hosted engine.
-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] Cluster compatibility version and major upgrades

2017-02-28 Thread Chris Adams
Hello again, still working on my upgrade from 3.5...

I'm trying to understand the cluster compatibility version setting and
how that applies to major upgrades.  Do I have to always raise the
compatibility version when I do a major upgrade?  In other words, when I
upgrade from 3.5 to 3.6, do I need to raise it to 3.6 before I upgrade
to 4.0 (and then again raise it 4.0 before upgrading to 4.1)?

It looks like the 3.6->4.0 EL6->EL7 migration requires the cluster
compatibility level to be at 3.6 (if I'm reading things right).

It appears that when I upgrade to 3.6, I will have to stop all running
VMs to raise the compatibility version (and I found an open bug about
whether that's possible with the hosted engine).  It sounds like with
4.0, the VMs can be flagged for compatibility and I can reboot them
individually.  I have over 80 VMs, many behind a load balancer (for HA
and load sharing), but taking them all down will obviously still
interrupt service for a while.

Is there a safe way around that?

I saw someone mention they partitioned their servers and made a new
cluster (with the new version), and migrated VMs from cluster to
cluster.  Can I do live migrations in that case?  How do I get the
hosted engine from one cluster to another (especially with starting at
3.5)?

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] 3.5->3.6 did not import hosted engine storage domain

2017-02-27 Thread Chris Adams
Once upon a time, Simone Tiraboschi <stira...@redhat.com> said:
> Can you please attach your engine.log ?

Sorry, I was rolling back to 3.5 snapshots to test my 3.6 procedure
(trying to make sure I didn't just screw up), made a mistake, and
started over.

Now however, I can't do anything, because jpackage.org has really
screwed up their DNS - registered to 3 nameservers, two of which only
exist as glue records (not in authoritative DNS), and all three point to
the same IP (which is not responding).

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] 3.5->3.6 did not import hosted engine storage domain

2017-02-24 Thread Chris Adams
So, on to my next upgrade issue (sorry for all the questions and thanks
for everybody's help)...  I upgraded my test cluster from 3.5 to 3.6
(latest version of each, all on CentOS 7 except the engine on CentOS 6).
Now I'm working on the next step, upgrading to 4.0 and migrating the HE
to the appliance.

When I went from 3.5 to 3.6, I ended up with an fhanswers.conf in the
shared storage that only contained "None"; I fixed that based on some
mailing list messages (but just mentioning it in case it could be
related).

My problem is that the hosted engine storage domain did not get imported
into the engine DB, so I can't proceed with "hosted-engine
--upgrade-appliance".  I didn't see any errors, so I'm not sure how that
happened.  I'm also not sure how to fix that.

Suggestions?
-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Recognize HE iSCSI volume size change

2017-02-24 Thread Chris Adams
Once upon a time, Nir Soffer <nsof...@redhat.com> said:
> I think the complete flow on 3.5 can work like this:
> 
> 1. stop ovirt-engine, so it will not try to restart vdsm on any host
> 2. stop vdsm on all hosts
> 3. rescan scsi bus, resizing luns on all hosts
> 4. pvresize the pv from one on the host
> 5. start vdsm on all hosts
> 6. start ovirt-engine
> 
> This will allow resize while the storage is online and vms are running.

Thanks!

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Recognize HE iSCSI volume size change

2017-02-24 Thread Chris Adams
I did see that page, but... I can't get there from here.  I can't get
upgraded from 3.5 until I get past this problem, and on 3.5, the hosted
engine storage domain isn't included in the normal UI at all.

I think I did get this working though; both servers had kernel messages
that they saw the LUN resize, but they didn't actually change the block
device size to reflect that.  After rebooting each server (separately),
lsblk showed the new size on both, and a manual pvresize on both shows
the increased VG size.

On to testing 3.6 upgrade again!


Once upon a time, Adam Litke <ali...@redhat.com> said:
> Hi Chris.  We added this feature to newer versions of oVirt (see the
> feature page[1]).  The easiest way to work around this problem might be to
> add an additional LUN to this domain if you are able to do it.  If not, it
> looks like you would need to manually reconnect the host to the domain, to
> a pvresize to the new size.  I am not sure if any engine DB updates will
> also be required.  Nir and Fred worked on this feature and might be able to
> assist you further.
> 
> 
> [1]
> https://www.ovirt.org/develop/release-management/features/storage/lun-resize/
> 
> On Fri, Feb 24, 2017 at 9:00 AM, Chris Adams <c...@cmadams.net> wrote:
> 
> > I'm testing upgrading an oVirt 3.5 setup, and I have run into a problem
> > when going from 3.5 to 3.6 on a physical machine configured for the
> > hosted engine.  I upgraded the engine itself okay, but when I upgraded
> > the first physical machine, it cannot be re-activated; it gets an error
> > connecting to the storage domain.
> >
> > Checking the logs, it looks like it is looping trying to create a new LV
> > in the HE VG.  I assume this is for moving the HE config to the shared
> > storage?  It is failing because it is trying to create a 1G LV, but the
> > VG only has 512M free space.
> >
> > I extended the iSCSI volume, but there doesn't appear to be anyway to
> > get the HE nodes to recognize this; they both still see the original
> > size, no matter what I try.  Is there a way to get them to see the
> > larger PV, so the new LV(s) can be created?
> >
> > --
> > Chris Adams <c...@cmadams.net>
> > ___
> > Users mailing list
> > Users@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >
> 
> 
> 
> -- 
> Adam Litke

> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users


-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] Recognize HE iSCSI volume size change

2017-02-24 Thread Chris Adams
I'm testing upgrading an oVirt 3.5 setup, and I have run into a problem
when going from 3.5 to 3.6 on a physical machine configured for the
hosted engine.  I upgraded the engine itself okay, but when I upgraded
the first physical machine, it cannot be re-activated; it gets an error
connecting to the storage domain.

Checking the logs, it looks like it is looping trying to create a new LV
in the HE VG.  I assume this is for moving the HE config to the shared
storage?  It is failing because it is trying to create a 1G LV, but the
VG only has 512M free space.

I extended the iSCSI volume, but there doesn't appear to be anyway to
get the HE nodes to recognize this; they both still see the original
size, no matter what I try.  Is there a way to get them to see the
larger PV, so the new LV(s) can be created?

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Attaching ISO to hosted engine for OS upgrade

2017-02-23 Thread Chris Adams
Once upon a time, Simone Tiraboschi <stira...@redhat.com> said:
> On Wed, Feb 22, 2017 at 8:04 PM, Chris Adams <c...@cmadams.net> wrote:
> > Also, is it normally recommended to upgrade one major release at a time?
> 
> For the engine it's not just recommended, it's mandatory!

Ahh, I didn't realize that.  I don't think I saw that in the
documentation (but maybe I just missed it?).

Thanks.
-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Attaching ISO to hosted engine for OS upgrade

2017-02-22 Thread Chris Adams
Once upon a time, Simone Tiraboschi <stira...@redhat.com> said:
> Then ee have a specific helper utility for 3.6/el6 -> 4.0/el7:
> https://www.ovirt.org/develop/release-management/features/hosted-engine-migration-to-4-0/

Ahh, that looks better.  I was looking at this:

https://www.ovirt.org/documentation/migration-engine-36-to-40/

which just kind of glosses over how to upgrade the OS. :)

I do usually use my custom CentOS install (rather than the appliance);
is there a way to do that?

Also, is it normally recommended to upgrade one major release at a time?
In other words, aside from the engine CentOS6->7 step, would upgrading
from 3.5 to 4.1 need to go through 3.6 and 4.0 along the way?
-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] Attaching ISO to hosted engine for OS upgrade

2017-02-22 Thread Chris Adams
I'm working on upgrading an oVirt 3.5 setup.  The physical hosts are
running CentOS 7, but the hosted engine is CentOS 6.  The upgrade notes
are "back up the engine, upgrade/reinstall the OS, then restore", but I
can't see how to actually install CentOS 7 on the engine.

Am I supposed to re-run "hosted-engine --deploy"?  Wouldn't that try to
re-register the physical hosts, or can I interrupt it to restore the
backup?

Or, is there a way to just attach an install ISO to the engine VM and
boot from that?
-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Optimizations for VoIP VM

2017-01-04 Thread Chris Adams
Once upon a time, Yaniv Dary <yd...@redhat.com> said:
> Can you please describe the application network requirements?
> Does it relay on low latency? Pass-through or SR-IOV could help with
> reducing that.

For VoIP, latency can be an issue, but the amount of latency from adding
VM networking overhead isn't a big deal (because other network latency
will have a larger impact).  10ms isn't really a problem for VoIP for
example.

The bigger network concern for VoIP is jitter; for that, the only
solution is to not over-provision hardware CPUs or total network
bandwidth.

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] [HEADS UP] CentOS 7.3 is rolling out, need qemu-kvm-ev 2.6

2016-12-12 Thread Chris Adams
Once upon a time, Sandro Bonazzola <sbona...@redhat.com> said:
> In terms of ovirt repositories, qemu-kvm-ev 2.6 is available right now in
> ovirt-master-snapshot-static, ovirt-4.0-snapshot-static, and ovirt-4.0-pre
> (contains 4.0.6 RC4 rpms going to be announced in a few minutes.)

Will qemu-kvm-ev 2.6 be added to any of the oVirt repos for prior
versions (such as 3.5 or 3.6)?
-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.phx.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Import from OVA with encrypted root

2016-11-09 Thread Chris Adams
Once upon a time, Tomáš Golembiovský <tgole...@redhat.com> said:
> unfortunately virt-v2v cannot import VMs with encrypted root file
> system. Moreover import of Debian/Ubuntu/Mint guests is not yet
> supported by oVirt either. For that you would need development version
> of virt-v2v. There are no packages for RHEL/CentOS yet. There should be
> packages in Fedora rawhide if you feel brave enough to setup such host
> in oVirt (Note: I'm not suggesting you or anyone should do that).

So, I went the manual route.  I made a new VM of appropriate size, with
a non-thin-provisioned IDE disk, and booted it from a rescue CD.  I
extracted the vmdk from the ova file, used qemu-img to convert it to
raw, and used netcat to dump it over the network into the VM and onto
the disk.

That of course doesn't do any of the things that should be done to
"convert" a VM, but (at least in this case), it appears to have worked
"good enough" (the VM boots and gets on the network).

Still amused that somebody thinks distributing an image with encrypted
filesystems, and the key for that encryption in the initrd, does
anything to "secure" their image.  Sigh...
-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] Import from OVA with encrypted root

2016-11-08 Thread Chris Adams
I'm trying to import an appliance image from a vendor.  It is based on
Debian.  For some added level of "security" I guess, the vendor disk
image has the root filesystem encrypted (and then the key is in the
initrd - I know that's no real added security, but... whatever).

Trying to import this VM into oVirt fails because it can't find/mount
the root filesystem.

Is there any way around this?

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Migrating self hosted engine from iSCSI to NFS ?

2016-09-30 Thread Chris Adams
Once upon a time, Simone Tiraboschi <stira...@redhat.com> said:
> On Thu, Sep 29, 2016 at 6:35 PM, Chris Adams <c...@cmadams.net> wrote:
> > If so, could I connect the new iSCSI storage to a host, shutdown the
> > engine, "dd" the engine over, start up the new location in single-user
> > mode, and make the DB change?
> >
> > Basically, just wondering if I could skip the full install and jump
> > right to an installed system.
> 
> With 3.5 you probably can do just that.
> Then you have to edit /etc/ovirt-hosted-engine/hosted-engine.conf on all of
> your hosts to point to the new storage device.

Okay, thanks.

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Migrating self hosted engine from iSCSI to NFS ?

2016-09-29 Thread Chris Adams
Once upon a time, Simone Tiraboschi <stira...@redhat.com> said:
> The issue is that the engine DB backup you are going to restore already
> contains a reference to the previous hosted-engine storage domain and to
> the previous hosted-engine VM and so on and so the auto-import procedure to
> have the engine VM looking up for its own infrastructure will not trigger.
> You have to manually remove them form the DB you restored.

Okay, that makes sense.  I see this from you:

https://gerrit.ovirt.org/#/c/64966/

Should that work okay with a 3.5 database?  I'm familiar with SQL, so if
it needs some tweaks, I can handle that (just looking really to see if
that's the right general idea).

If so, could I connect the new iSCSI storage to a host, shutdown the
engine, "dd" the engine over, start up the new location in single-user
mode, and make the DB change?

Basically, just wondering if I could skip the full install and jump
right to an installed system.

Thanks for your help.
-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Migrating self hosted engine from iSCSI to NFS ?

2016-09-29 Thread Chris Adams
Once upon a time, Simone Tiraboschi <stira...@redhat.com> said:
> unfortunately moving an existing hosted-engine env from one storage kind to
> another (without manually touching the engine DB) is currently not
> supported. Please see:
> http://lists.ovirt.org/pipermail/users/2016-July/041526.html

I'm digging through this now, as I need to move my oVirt 3.5 setup from
one storage array to another (both iSCSI), including the hosted engine.

Reading this:

https://bugzilla.redhat.com/show_bug.cgi?id=1240466#c21

it sounds like that's not currently possible (at least with 3.5).  Is
that correct?  I was planning to follow this process:

https://www.ovirt.org/documentation/admin-guide/hosted-engine-backup-and-restore/

which says "point to the new shared storage" - will that not work?

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] LVM2 Thinprovisioned

2016-08-11 Thread Chris Adams
Once upon a time, Fernando Frediani <fernando.fredi...@upx.com.br> said:
> I use LVM2 and Thinprovisioned LVs to put Filesystems and it works
> with no issues. It's just a question of handling it correctly to
> tell it how to create each storage chunk that way. The same way
> those LVs can be used to run VMs as they are in traditional LVM.
> 
> Not sure what you mean by cote Linux not supporting it.

To do that with multiple access, you have to be running in clustered LVM
mode, and thin provisioning is not supported with CLVM.
-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] LVM2 Thinprovisioned

2016-08-11 Thread Chris Adams
Once upon a time, Fernando Frediani <fernando.fredi...@upx.com.br> said:
> Thanks for the answer anyway. Hopefully at least LVM2
> Thinprovisioning comes up anytime soon.

This has nothing to do with oVirt; it is something the core Linux LVM
code does not support.  Last time I looked, nobody was working on it
upstream.

You can still thin-provision VMs in oVirt, there's just not a way to
release space if a VM image shrinks significantly.
-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Multipath iSCSI with several IPs

2016-08-04 Thread Chris Adams
Once upon a time, James Michels <karma.sometimes.hu...@gmail.com> said:
> I guess you mean the 'iSCSI multipath' sub-tab under the 'Datacenters' tab.
> There you can assign one or more networks to a iSCSI backend. In my opinion
> you cannot have more than one interface within the same network segment to
> do multipath, as you would have connectivity issues (not sure if ovirt
> restricts creating two overlapping networks)

The way I did it on a test 3.6 cluster was to create two networks in
oVirt, "storage1" and "storage2".  I assigned both networks to the
hosts, connected to different NICs, and gave each an IP (in the iSCSI
subnet).  Then I could set up the iSCSI multipath in the oVirt data
center.  This seems weird/wrong, and I'm not sure oVirt actually
configured both NICs in multipath.

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Multipath iSCSI with several IPs

2016-08-04 Thread Chris Adams
Once upon a time, Yaniv Kaul <yk...@redhat.com> said:
> BTW, having two IPs on a single subnet is not a great idea - it usually
> mean you have a SPOF somewhere (the switch perhaps?).

Two NICs on the server, two NICs on the iSCSI target, each with an IP
per NIC, and connected to two switches in between (either stacked or
trunked).  No SPOF.

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Multipath iSCSI with several IPs

2016-08-04 Thread Chris Adams
Once upon a time, James Michels <karma.sometimes.hu...@gmail.com> said:
> Correct me if I'm wrong but I think Dan meant target's IPs. So if you have
> a SAN backend with two IP addresses, you first discover LUNs from first IP
> address, then discover LUNs from the second IP address, and so on... once
> you have them all, you just check them and click on "OK" so the same target
> is added with several IP addresses. You don't need to have one IP address
> per oVirt server.

Well, to do iSCSI multipath right, you should also have multiple
interfaces on each client server, each with its own IP.  I'm not sure
how you do that with oVirt.

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Multipath iSCSI with several IPs

2016-08-04 Thread Chris Adams
Once upon a time, Dan Yasny <dya...@gmail.com> said:
> Normally you
> 1. enter the IP
> 2. click discover
> 3. login to whatever was found
> 4. enter another IP instead of the first
> 5. goto 2

How do you give the oVirt server two IPs (in the same subnet) though?

-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Restart VMs after failure

2016-05-06 Thread Chris Adams
Once upon a time, Nir Soffer <nsof...@redhat.com> said:
> On Fri, May 6, 2016 at 4:01 PM, Chris Adams <c...@cmadams.net> wrote:
> > One of my oVirt clusters, running 3.6.5, lost power last night (power
> > failure plus bad UPS batteries - batteries on order!).  When power came
> > back, the storage and nodes came back, and then the hosted engine
> > started, but nothing else happened (no other VMs started).
> >
> > I expected that VMs that were running when the power failed would have
> > been restarted once the engine came back up.  Is there a way to make
> > that happen?
> 
> Yes, I think you need to define them as HA vm. Adding Michal to add more
> info about this.

The domains are all marked as HA.
-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] Restart VMs after failure

2016-05-06 Thread Chris Adams
One of my oVirt clusters, running 3.6.5, lost power last night (power
failure plus bad UPS batteries - batteries on order!).  When power came
back, the storage and nodes came back, and then the hosted engine
started, but nothing else happened (no other VMs started).

I expected that VMs that were running when the power failed would have
been restarted once the engine came back up.  Is there a way to make
that happen?
-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] [ANN] oVirt 3.6.5 Final Release is now available

2016-04-26 Thread Chris Adams
Once upon a time, Sven Kieske <svenkie...@gmail.com> said:
> On 26.04.2016 16:22, Gianluca Cecchi wrote:
> > as the
> > reported mirror site missed that too (3.6.4 released on late March) and is
> > not aligned since more than one month now...
> maybe it's time to setup some automatic mirror health checking service?
> 
> how do other repositories like centos or fedora handle such issues?

Fedora uses mirrormanager:

https://fedoraproject.org/wiki/Infrastructure/MirrorManager

but somebody has to manage the server side of that (mirror admin web
access and such).
-- 
Chris Adams <c...@cmadams.net>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


  1   2   >