[ovirt-users] Re: VM Disk extend not reflected in VM oS

2022-02-25 Thread Derek Atkins
Hi,

On Fri, February 25, 2022 9:10 am, si...@justconnect.ie wrote:
> CentOS 7 - VirtIO_SCSI
> Disk is pre-allocated and is the OS disk.

Did you try rebooting?

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7CMYRNDPJ26ZBC4HQPX4NBRSXV4PAZEF/


[ovirt-users] Re: Gluster Performance issues

2022-02-23 Thread Derek Atkins
Have you verified that you're actually getting 10Gbps between the hosts?

-derek

On Wed, February 23, 2022 9:02 am, Alex Morrison wrote:
> Hello Derek,
>
> We have a 10Gig connection dedicated to the storage network, nothing else
> is on that switch.
>
> On Wed, Feb 23, 2022 at 9:49 AM Derek Atkins  wrote:
>
>> Hi,
>>
>> Another question which I don't see answered:   What is the underlying
>> connectivity between the Gluster hosts?
>>
>> -derek
>>
>> On Wed, February 23, 2022 8:39 am, Alex Morrison wrote:
>> > Hello Sunil,
>> >
>> > [root@ovirt1 ~]# gluster --version
>> > glusterfs 8.6
>> >
>> > same on all hosts
>> >
>> > On Wed, Feb 23, 2022 at 5:24 AM Sunil Kumar Heggodu Gopala Acharya <
>> > shegg...@redhat.com> wrote:
>> >
>> >> Hi,
>> >>
>> >> Which version of gluster is in use?
>> >>
>> >> Regards,
>> >>
>> >> Sunil kumar Acharya
>> >>
>> >> Red Hat
>> >>
>> >> <https://www.redhat.com>
>> >>
>> >> T: +91-8067935170
>> >> <http://redhatemailsignature-marketing.itos.redhat.com/>
>> >>
>> >> <https://red.ht/sig>
>> >> TRIED. TESTED. TRUSTED. <https://redhat.com/trusted>
>> >>
>> >>
>> >>
>> >> On Wed, Feb 23, 2022 at 2:17 PM Alex Morrison
>> 
>> >> wrote:
>> >>
>> >>> Hello All,
>> >>>
>> >>> We have 3 servers with a raid 50 array each, we are having extreme
>> >>> performance issues with our gluster, writes on gluster seem to take
>> at
>> >>> least 3 times longer than on the raid directly. Can this be
>> improved?
>> >>> I've
>> >>> read through several other performance issues threads but have been
>> >>> unable
>> >>> to make any improvements
>> >>>
>> >>> "gluster volume info" and "gluster volume profile vmstore info" is
>> >>> below
>> >>>
>> >>>
>> >>>
>> =
>> >>>
>> >>> -Inside Gluster - test took 35+ hours:
>> >>> [root@ovirt1 1801ed24-5b55-4431-9813-496143367f66]# bonnie++ -d . -s
>> >>> 600G -n 0 -m TEST -f -b -u root
>> >>> Using uid:0, gid:0.
>> >>> Writing intelligently...done
>> >>> Rewriting...done
>> >>> Reading intelligently...done
>> >>> start 'em...done...done...done...done...done...
>> >>> Version  1.98   --Sequential Output-- --Sequential
>> Input-
>> >>> --Random-
>> >>> -Per Chr- --Block-- -Rewrite- -Per Chr-
>> --Block--
>> >>> --Seeks--
>> >>> Name:Size etc/sec %CP  /sec %CP  /sec %CP  /sec %CP  /sec
>> %CP
>> >>>  /sec %CP
>> >>> TEST   600G   35.7m  17 5824k   7112m
>> 13
>> >>> 182.7   6
>> >>> Latency5466ms   12754ms  3499ms
>> >>>  1589ms
>> >>>
>> >>>
>> >>>
>> 1.98,1.98,TEST,1,1644359706,600G,,8192,5,,,36598,17,5824,7,,,114950,13,182.7,6,,,5466ms,12754ms,,3499ms,1589ms,,
>> >>>
>> >>>
>> >>>
>> =
>> >>>
>> >>> -Outside Gluster - test took 18 minutes:
>> >>> [root@ovirt1 1801ed24-5b55-4431-9813-496143367f66]# bonnie++ -d . -s
>> >>> 600G -n 0 -m TEST -f -b -u root
>> >>> Using uid:0, gid:0.
>> >>> Writing intelligently...done
>> >>> Rewriting...done
>> >>> Reading intelligently...done
>> >>> start 'em...done...done...done...done...done...
>> >>> Version  1.98   --Sequential Output-- --Sequential
>> Input-
>> >>> --Random-
>> >>> -Per Chr- --Block-- -Rewrite- -Per Chr-
>> --Block--
>> >>> --Seeks--
>> >>> Name:Size etc/sec %CP  /sec %CP  /sec %CP  /sec %CP  /sec
>> %CP
>> >>>  /sec %CP
>> >>> TEST 

[ovirt-users] Re: Gluster Performance issues

2022-02-23 Thread Derek Atkins
 262144b+  524288b+
>>> 1048576b+
>>>  No. of Reads:911
>>> 40269
>>> No. of Writes:520
>>> 50757
>>>
>>>  %-latency   Avg-latency   Min-Latency   Max-Latency   No. of calls
>>>   Fop
>>>  -   ---   ---   ---   
>>>  
>>>   0.00   0.00 us   0.00 us   0.00 us   7629
>>>  FORGET
>>>   0.00   0.00 us   0.00 us   0.00 us 228577
>>> RELEASE
>>>   0.00   0.00 us   0.00 us   0.00 us  41524
>>>  RELEASEDIR
>>>   0.00 374.22 us 219.35 us 574.87 us 96
>>>  LINK
>>>   0.001712.22 us 164.90 us   22337.79 us 41
>>> DISCARD
>>>   0.002840.25 us 245.24 us   46839.63 us 26
>>> RMDIR
>>>   0.003660.92 us 229.86 us   86252.56 us 35
>>> FALLOCATE
>>>   0.00 876.48 us 297.53 us   16685.63 us188
>>>  RENAME
>>>   0.006660.10 us 379.21 us   52962.79 us 34
>>> MKDIR
>>>   0.00 957.48 us  80.36 us  218059.88 us355
>>> REMOVEXATTR
>>>   0.001234.85 us  76.50 us  322955.27 us355
>>>  SETXATTR
>>>   0.002326.62 us  84.07 us  250041.25 us196
>>>  STAT
>>>   0.009660.45 us 289.50 us  295106.01 us 87
>>>  TRUNCATE
>>>   0.00 486.10 us  24.12 us  869966.79 us   5260
>>>LK
>>>   0.00 453.69 us  18.32 us  426653.18 us   8135
>>> READDIR
>>>   0.001832.38 us 296.61 us  261299.81 us   5050
>>>  CREATE
>>>   0.00 386.77 us   1.31 us 1300836.12 us  41524
>>> OPENDIR
>>>   0.00 712.06 us  29.85 us 1441115.02 us  34874
>>>  READDIRP
>>>   0.011469.51 us 231.67 us  440065.71 us  22845
>>> MKNOD
>>>   0.01   44229.36 us  75.58 us 1803963.42 us871
>>> FTRUNCATE
>>>   0.01   84433.20 us 149.47 us 3614869.24 us   1001
>>> SETATTR
>>>   0.02 418.11 us  13.39 us 3515000.81 us 243820
>>> FLUSH
>>>   0.031108.47 us  14.77 us 1658743.41 us 130647
>>>  GETXATTR
>>>   0.03 562.86 us  26.74 us 5043949.33 us 297799
>>>  STATFS
>>>   0.03 845.50 us  48.16 us 1998938.03 us 223680
>>>  OPEN
>>>   0.052236.13 us  56.08 us 5295998.22 us 120682
>>> XATTROP
>>>   0.16 890.82 us  43.51 us 3653292.88 us1012585
>>> FSTAT
>>>   0.342974.20 us  12.92 us 7782497.74 us 642555
>>> ENTRYLK
>>>   0.47  135831.21 us  70.35 us 11033867.90 us  19800
>>>  UNLINK
>>>   0.57 954.05 us  21.50 us 4553393.38 us3414605
>>>  LOOKUP
>>>   1.79   14461.54 us  13.45 us 32841452.98 us 702915
>>> INODELK
>>>   5.148014.78 us  40.70 us 5439109.56 us3644063
>>>  READ
>>>   5.37 443.04 us  11.53 us 32863652.53 us   68909131
>>>  FINODELK
>>>  22.311780.31 us  33.59 us 11318712.62 us   71235991
>>>  FXATTROP
>>>  22.831571.16 us  74.86 us 32615055.19 us   82622840
>>>   WRITE
>>>  40.842762.75 us  52.77 us 8859115.35 us   84039509
>>> FSYNC
>>>   0.00   0.00 us   0.00 us   0.00 us  95492
>>>  UPCALL
>>>
>>> Duration: 484169 seconds
>>>Data Read: 167149718723 bytes
>>> Data Written: 1177141649872 bytes
>>>
>>> Interval 43 Stats:
>>>Block Size:  1b+ 256b+
>>> 512b+
>>>  No. of Reads:0 6
>>> 4
>>> No. of Writes:   12 4
>>>   252
>>>
>>>Block Size:   1024b+2048b+
>>>  4096b+
>>>  No. of Reads:0 0
>>>  5668
>>> No. of Writes:  10034
>>>  147357
>>>
>>>Block Size:   8192b+   16384b+
>>> 32768b+
>>>  No. of Reads: 1178   783
>>>  1215
>>> No. of Writes:86014 17318
>>>  8687
>>>
>>>Block Size:  65536b+  131072b+
>>>  No. of Reads:  264  4109
>>> No. of Writes: 8617 36317
>>>  %-latency   Avg-latency   Min-Latency   Max-Latency   No. of calls
>>>   Fop
>>>  -   ---   ---   ---   
>>>  
>>>   0.00   0.00 us   0.00 us   0.00 us 16
>>>  FORGET
>>>   0.00   0.00 us   0.00 us   0.00 us665
>>> RELEASE
>>>   0.00   0.00 us   0.00 us   0.00 us 52
>>>  RELEASEDIR
>>>   0.00 866.18 us 849.57 us 882.78 us  2
>>>  TRUNCATE
>>>   0.001016.14 us 868.35 us1182.48 us  4
>>>  RENAME
>>>   0.00 455.65 us  41.13 us1679.37 us 20
>>> READDIR
>>>   0.00 373.33 us 173.54 us 538.40 us 28
>>>  UNLINK
>>>   0.00 722.01 us 635.91 us 853.71 us 16
>>>  CREATE
>>>   0.00 335.52 us  38.15 us1381.97 us 54
>>>  READDIRP
>>>   0.00   39218.92 us 214.34 us   78223.50 us  2
>>>  STAT
>>>   0.001730.77 us   2.59 us   84964.69 us 52
>>> OPENDIR
>>>   0.001304.96 us 393.64 us   29724.09 us 80
>>> MKNOD
>>>   0.01 422.75 us  22.85 us  134336.60 us635
>>> FLUSH
>>>   0.01 699.21 us  37.54 us  137813.64 us732
>>>  STATFS
>>>   0.01 468.63 us  23.71 us  260961.83 us   1141
>>> ENTRYLK
>>>   0.042041.83 us  69.80 us  163743.98 us649
>>>  OPEN
>>>   0.081253.65 us  72.52 us  290508.15 us   2354
>>> FSTAT
>>>   0.096913.19 us  69.01 us  212479.24 us472
>>> XATTROP
>>>   0.133558.26 us  32.70 us  195896.10 us   1317
>>> INODELK
>>>   0.139793.37 us  36.11 us  212755.58 us499
>>>  GETXATTR
>>>   0.341615.15 us  55.42 us  711310.28 us   7797
>>>  LOOKUP
>>>   4.92   13025.92 us  59.83 us 1061585.06 us  13884
>>>  READ
>>>   5.26 955.95 us  16.81 us 1069148.49 us 202174
>>>  FINODELK
>>>  23.282809.44 us 137.21 us 1134076.13 us 304713
>>> WRITE
>>>  26.464124.05 us  43.30 us 1142167.27 us 235954
>>>  FXATTROP
>>>  39.235195.62 us  65.47 us 1250469.35 us 277632
>>> FSYNC
>>>   0.00   0.00 us   0.00 us   0.00 us365
>>>  UPCALL
>>>
>>> Duration: 1132 seconds
>>>Data Read: 668951066 bytes
>>> Data Written: 7495356076 bytes
>>> ___
>>> Users mailing list -- users@ovirt.org
>>> To unsubscribe send an email to users-le...@ovirt.org
>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>>> oVirt Code of Conduct:
>>> https://www.ovirt.org/community/about/community-guidelines/
>>> List Archives:
>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/G3G5HNX3P2Z5E5KWH43KYWX7AP3H5JO7/
>>>
>>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/NKMZYE6EC3IVLFN7YHB3YFHQJIOT4SF2/
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ADAGLM43M2ARUXQS727BHZZPVYJI2XMX/


[ovirt-users] Re: RHGS and RHV closing down: could you please put that on the home page?

2022-02-04 Thread Derek Atkins
Hmm.
So if Gluster is being deprecated, what is it being replaced with?
Also, Nir did ask if this also applies to ovirt -- would be interesting to
see the response to that question.
-derek

On Fri, February 4, 2022 10:05 am, Thomas Hoberg wrote:
> I just read this message:
> https://bugzilla.redhat.com/show_bug.cgi?id=2016359
>
> I am shocked but not surprised. And very, very sad.
>
> But I believe this decision needs to be communicated more prominently, as
> people should not get aboard a project already axed.
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/RMWAAOUJXYPGWCEAHAESV6IHQWIF3CTI/
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/4EQM34RRASBQITSHFONIGQJAMVEZVPXQ/


[ovirt-users] Re: oVirt and log4j vulnerability

2021-12-13 Thread Derek Atkins

On Mon, December 13, 2021 8:04 am, Gianluca Cecchi wrote:
>>
> If I understood correctly reading here:
> https://blog.qualys.com/vulnerabilities-threat-research/2021/12/10/apache-log4j2-zero-day-exploited-in-the-wild-log4shell
>
> you are protected by the RCE if java is 1.8 and greater than 1.8.121
> (released on 2017)

Do you mean 1.8.0.121?  For example, my system has:

java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/32PPOVQZRSIMCQMPVKZAKRZITIGGZ774/


[ovirt-users] Re: Help installing oVirt on single machine, without cockpit

2021-12-08 Thread Derek Atkins
HI,

On Wed, December 8, 2021 1:16 am, cameronsplaze...@gmail.com wrote:
> I'm trying to install both the oVirt engine (so I have the API), and
> hypervisor on the same machine. I'm hoping I don't need cockpit, and I can
> write some custom scripts to manage oVirt through the API. I tried a
> couple ways, and both were blocked:
>
> # on CentOS 9 stream, installing oVirt engine:

I presume you mean CentOS *8* stream??

> On a fresh CentOS install, tried following the directions
> [here](https://www.ovirt.org/documentation/installing_ovirt_as_a_standalone_manager_with_local_databases/#Installing_RHEL_for_RHVM_SM_localDB_deploy).
> They failed at step 3.2, when adding the modules (missing groups or
> modules). Tried skipping it, but step 3.3.2 failed when running `dnf
> install ovirt-engine`, package couldn't be found. The closest package I
> see is `ovirt-hosted-engine-setup-2.5.4-1.el9.noarch`. Is that what I
> want?

These are the wrong instructions.  This is how to set up the engine on its
own machine; you need to set up the *host* with hosted-engine.  Try
looking at
https://www.ovirt.org/documentation/installing_ovirt_as_a_self-hosted_engine_using_the_command_line/index.html

So following the correct instructions, you will eventually need to install
the engine setup RPM and then run:

hosted-engine --deploy

That will set up the host with the hosted-engine VM.  Then you'll need to
get into that VM and set up the engine within the engine VM.

> # On oVirt node, installing engine:
> Couldn't get the networking working, even though I added it during the
> install process. Also tried wired connection, and no luck. Blocked early
> on, but read this was SUPER minimal anyway, so maybe this wasn't the right
> path.

ALWAYS USE WIRED NETWORKING for services.

> I'm just trying to have a working API, along side the hypervisor to run
> vm's, both on the same machine. I'm down to go a third way too, if anyone
> has any ideas. Thanks!

I'm not sure what you're trying to do here.  If you just want API support,
you could just script virtsh (over ssh if necessary).  I wouldn't install
ovirt just to get API support for VMs; it's way overkill for that.  In my
mind, the role of ovirt is to provide web-based access (management and
console) to VMs for a team of distributed users without requiring shell
access to the host system.

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UDVILQY2T65MXHG4UW4B6B242L2LVZRQ/


[ovirt-users] Re: Change host IP on VM

2021-11-09 Thread Derek Atkins
When I did it, I set the SpiceProxyDefault Engine configuration option.
(Use engine-config -s SpiceProxyDefault=http://public-ip:port)

-derek

On Tue, November 9, 2021 7:04 am, Staniforth, Paul wrote:
>
> Hello,
>you could create a separate display network or install a spice
> proxy.
>
> Regards,
>
> Paul S.
> 
> From: sekevgeni...@gmail.com 
> Sent: 09 November 2021 11:43
> To: users@ovirt.org 
> Subject: [ovirt-users] Change host IP on VM
>
> Caution External Mail: Do not click any links or open any attachments
> unless you trust the sender and know that the content is safe.
>
> Hi, can you please help me?
> I deployed ovirt on an AWS instance, created a vm but during generation
> .vv the file, an private IP is put in the host field instead of an public
> one, which is why the remote-viewer does not connect to the vm. If I
> change the host from an private IP to an public one, then everything
> works. Where and how can I change this field ?
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement:
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.org%2Fprivacy-policy.htmldata=04%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7C1c65d72e33db43c5a2e408d9a37656ee%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637720551649833690%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=53XdLNrDyMGXsp3HVnRJOnUZp8VF9%2BKU32%2Bjv0pgJXQ%3Dreserved=0
> oVirt Code of Conduct:
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.org%2Fcommunity%2Fabout%2Fcommunity-guidelines%2Fdata=04%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7C1c65d72e33db43c5a2e408d9a37656ee%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637720551649833690%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=R8u2yemIxzxTwQnwmIs736kVnM9YrmX9INeWNUtj7lk%3Dreserved=0
> List Archives:
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.ovirt.org%2Farchives%2Flist%2Fusers%40ovirt.org%2Fmessage%2FGXH32TYV5UW34YGHXFMK7OEMPQY6UVSX%2Fdata=04%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7C1c65d72e33db43c5a2e408d9a37656ee%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637720551649833690%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=qdQGLVTyFb5TSSdWSyeBdfFvO9hkQfccFEwPVJyjeFs%3Dreserved=0
> To view the terms under which this email is distributed, please go to:-
> https://leedsbeckett.ac.uk/disclaimer/email
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/O6FI5TTDF7L6LR3NWERWPYXGATHKUYG7/
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JTEPY52UNY4XFRYEWUYKXX52G3HREC5O/


[ovirt-users] Re: IPv6 Support

2021-06-27 Thread Derek Atkins

I have dual stack VMs in my deployment and it works fine.
I suspect this is talking about the engine and host infrastructure.

-derek
Sent using my mobile device. Please excuse any typos.
On June 27, 2021 6:47:59 AM David White via Users  wrote:

Hello,
Reading 
https://www.ovirt.org/documentation/administration_guide/index.html#IPv6-networking-support-labels, 
I see this tidbit:

Dual-stack addressing, IPv4 and IPv6, is not supported
Switching clusters from IPv4 to IPv6 is not supported.
If I'm understanding this correctly... does that mean I cannot run some VMs 
with IPv4, and other VMs with IPv6, in the same cluster?

If so, that's incredibly disappointing and frustrating.

Is Dual-stack addressing a possible feature request?
IPv4 addresses are expensive... and I have a couple of customers who only 
needs IPv6, so would really prefer to avoid having to pay for IPv4 
addresses for them.



Sent with ProtonMail Secure Email.


___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FV227ZTU23ETBCXSPJITWHASFPECFW6U/


[ovirt-users] Re: Import to VMware

2021-05-21 Thread Derek Atkins
A quick google search yielded
https://blog.ktz.me/migrate-qcow2-images-from-kvm-to-vmware/

-derek

On Fri, May 21, 2021 10:34 am, Darin Schmidt wrote:
> Correct, because in the xml it's saying the format is a link to a we
> address that technically doesn't exist.
>
> So perhaps I just need to find a way to convert the disk to vmdk then
>
> On Fri, May 21, 2021, 10:22 AM Derek Atkins  wrote:
>
>> HI,
>>
>> On Fri, May 21, 2021 9:57 am, Darin Schmidt wrote:
>> > Ok then, could there be something wrong with my ova backup because the
>> ovf
>> > is only 19kb and the other "file" is 3.8G? When I try to untar the ovf
>> it
>> > says it doesn't look like a tar file.
>>
>> The 3.8G file is your disk image.  The OVF file is XML.
>> The error seems to be that vmware does not recognize the disk type.
>> The xml being 19k doesn't seem wrong at all (although it does sound a
>> little big).
>>
>> -derek
>>
>> > On Fri, May 21, 2021, 9:06 AM Vojtech Juranek 
>> wrote:
>> >
>> >> On Friday, 21 May 2021 13:50:15 CEST Darin Schmidt wrote:
>> >> > I believe you are partially right? Originally it was an OVA file. I
>> >> > uncompressed the file which gave me another file and the vm.ovf.
>> The
>> >> OVF
>> >> > file appears to be only an xml file? Or are you saying I can also
>> >> > uncompressed the ovf file as well like I did the OVA?
>> >>
>> >> yes, OVA is tar archive of OVF directory (see e.g. [1]) and OVF is
>> again
>> >> tar
>> >> archive of one XML descriptor and VM disks, so you should be able to
>> get
>> >> the
>> >> VM disk this way
>> >>
>> >> [1] https://fileinfo.com/extension/ova
>> >>
>> >> >
>> >> > On Fri, May 21, 2021, 2:39 AM Vojtech Juranek 
>> >> wrote:
>> >> > > On Thursday, 20 May 2021 22:58:22 CEST Darin Schmidt wrote:
>> >> > > > Hello,
>> >> > > >
>> >> > > > Ive exported an OVA of a server we had made on OVIRT and Im
>> trying
>> >> to
>> >> > >
>> >> > > import
>> >> > >
>> >> > > > it to VMware. Its complaining that the ovf:format is incorrect.
>> >> > > >
>> >> > > > ovf:format="http://www.gnome.org/~markmc/qcow-image-format.html;
>> >> > > >
>> >> > > > That link doesnt resolve to anywhere because it appears its now
>> >> > > > http://people.gnome.org/~markmc/qcow-image-format.html
>> >> > > >
>> >> > > > But I dont know whats supposed to go there nor have I been able
>> to
>> >> > > > locate
>> >> > > > anything to help solve this issue. All I really need is access
>> to
>> >> the
>> >> > >
>> >> > > files
>> >> > >
>> >> > > > in the, what I assume is, vdmk file that comes along with the
>> ovf
>> >> file,
>> >> > > > which mine is called: 154b3d77-d340-4d24-a448-66265c5fb613
>> >> > > >
>> >> > > > So if anything, is there a way to open this vm disk so I can
>> gain
>> >> access
>> >> > >
>> >> > > to
>> >> > >
>> >> > > > the files?
>> >> > >
>> >> > > OVF file is just a tar archive with disks and XML descriptor. So
>> >> untar
>> >> the
>> >> > > OVF
>> >> > > file should work.
>> >> > >
>> >> > > > Thanks
>> >> > > > ___
>> >> > > > Users mailing list -- users@ovirt.org
>> >> > > > To unsubscribe send an email to users-le...@ovirt.org
>> >> > > > Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> >> > > > oVirt Code of Conduct:
>> >> > > > https://www.ovirt.org/community/about/community-guidelines/
>> List
>> >> > >
>> >> > > Archives:
>> >> > >
>> >> > >
>> >>
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/3YAA7Z3SLLDX
>> >> > > 4
>> >> > >
>> >> > > > GBW6EXPGNOII3OGRYJF/
>> >>
>> >>
>> > ___
>> > Users mailing list -- users@ovirt.org
>> > To unsubscribe send an email to users-le...@ovirt.org
>> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> > oVirt Code of Conduct:
>> > https://www.ovirt.org/community/about/community-guidelines/
>> > List Archives:
>> >
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/HPGLXQNVYG33VQKH3KEIMTN2WDTXIHZ6/
>> >
>>
>>
>> --
>>Derek Atkins 617-623-3745
>>de...@ihtfp.com www.ihtfp.com
>>Computer and Internet Security Consultant
>>
>>
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/U2WTDQ7UOBVTMQFIK5ZIKH32SPMNJNEX/


[ovirt-users] Re: Import to VMware

2021-05-21 Thread Derek Atkins
HI,

On Fri, May 21, 2021 9:57 am, Darin Schmidt wrote:
> Ok then, could there be something wrong with my ova backup because the ovf
> is only 19kb and the other "file" is 3.8G? When I try to untar the ovf it
> says it doesn't look like a tar file.

The 3.8G file is your disk image.  The OVF file is XML.
The error seems to be that vmware does not recognize the disk type.
The xml being 19k doesn't seem wrong at all (although it does sound a
little big).

-derek

> On Fri, May 21, 2021, 9:06 AM Vojtech Juranek  wrote:
>
>> On Friday, 21 May 2021 13:50:15 CEST Darin Schmidt wrote:
>> > I believe you are partially right? Originally it was an OVA file. I
>> > uncompressed the file which gave me another file and the vm.ovf. The
>> OVF
>> > file appears to be only an xml file? Or are you saying I can also
>> > uncompressed the ovf file as well like I did the OVA?
>>
>> yes, OVA is tar archive of OVF directory (see e.g. [1]) and OVF is again
>> tar
>> archive of one XML descriptor and VM disks, so you should be able to get
>> the
>> VM disk this way
>>
>> [1] https://fileinfo.com/extension/ova
>>
>> >
>> > On Fri, May 21, 2021, 2:39 AM Vojtech Juranek 
>> wrote:
>> > > On Thursday, 20 May 2021 22:58:22 CEST Darin Schmidt wrote:
>> > > > Hello,
>> > > >
>> > > > Ive exported an OVA of a server we had made on OVIRT and Im trying
>> to
>> > >
>> > > import
>> > >
>> > > > it to VMware. Its complaining that the ovf:format is incorrect.
>> > > >
>> > > > ovf:format="http://www.gnome.org/~markmc/qcow-image-format.html;
>> > > >
>> > > > That link doesnt resolve to anywhere because it appears its now
>> > > > http://people.gnome.org/~markmc/qcow-image-format.html
>> > > >
>> > > > But I dont know whats supposed to go there nor have I been able to
>> > > > locate
>> > > > anything to help solve this issue. All I really need is access to
>> the
>> > >
>> > > files
>> > >
>> > > > in the, what I assume is, vdmk file that comes along with the ovf
>> file,
>> > > > which mine is called: 154b3d77-d340-4d24-a448-66265c5fb613
>> > > >
>> > > > So if anything, is there a way to open this vm disk so I can gain
>> access
>> > >
>> > > to
>> > >
>> > > > the files?
>> > >
>> > > OVF file is just a tar archive with disks and XML descriptor. So
>> untar
>> the
>> > > OVF
>> > > file should work.
>> > >
>> > > > Thanks
>> > > > ___
>> > > > Users mailing list -- users@ovirt.org
>> > > > To unsubscribe send an email to users-le...@ovirt.org
>> > > > Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> > > > oVirt Code of Conduct:
>> > > > https://www.ovirt.org/community/about/community-guidelines/ List
>> > >
>> > > Archives:
>> > >
>> > >
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/3YAA7Z3SLLDX
>> > > 4
>> > >
>> > > > GBW6EXPGNOII3OGRYJF/
>>
>>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/HPGLXQNVYG33VQKH3KEIMTN2WDTXIHZ6/
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TPA5P6MENWKO6GWO5E4K2KBGJ66TFNR6/


[ovirt-users] Re: Import to VMware

2021-05-21 Thread Derek Atkins
Does VMware accept the QCOW format?  Don't you need to convert it to VMDK?

-derek

On Fri, May 21, 2021 7:50 am, Darin Schmidt wrote:
> I believe you are partially right? Originally it was an OVA file. I
> uncompressed the file which gave me another file and the vm.ovf. The OVF
> file appears to be only an xml file? Or are you saying I can also
> uncompressed the ovf file as well like I did the OVA?
>
> On Fri, May 21, 2021, 2:39 AM Vojtech Juranek  wrote:
>
>> On Thursday, 20 May 2021 22:58:22 CEST Darin Schmidt wrote:
>> > Hello,
>> >
>> > Ive exported an OVA of a server we had made on OVIRT and Im trying to
>> import
>> > it to VMware. Its complaining that the ovf:format is incorrect.
>>
>> > ovf:format="http://www.gnome.org/~markmc/qcow-image-format.html;
>> >
>> > That link doesnt resolve to anywhere because it appears its now
>> > http://people.gnome.org/~markmc/qcow-image-format.html
>>
>> > But I dont know whats supposed to go there nor have I been able to
>> locate
>> > anything to help solve this issue. All I really need is access to the
>> files
>> > in the, what I assume is, vdmk file that comes along with the ovf
>> file,
>> > which mine is called: 154b3d77-d340-4d24-a448-66265c5fb613
>>
>> > So if anything, is there a way to open this vm disk so I can gain
>> access
>> to
>> > the files?
>>
>> OVF file is just a tar archive with disks and XML descriptor. So untar
>> the
>> OVF
>> file should work.
>>
>> > Thanks
>> > ___
>> > Users mailing list -- users@ovirt.org
>> > To unsubscribe send an email to users-le...@ovirt.org
>> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> > oVirt Code of Conduct:
>> > https://www.ovirt.org/community/about/community-guidelines/ List
>> Archives:
>> >
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/3YAA7Z3SLLDX4
>> > GBW6EXPGNOII3OGRYJF/
>>
>>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/OOSIUVB2E655BBT4WL4GWST3FUCHGJ5E/
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/2ZVZJAEEWNETG57QUF5RVXOUYOQ2DU2Y/


[ovirt-users] Re: Issue upgrading from 4.3 (Centos 7) to 4.4 (Centos 8)

2021-05-07 Thread Derek Atkins
HI,

On Fri, May 7, 2021 2:55 am, Gianluca Cecchi wrote:
> On Fri, May 7, 2021 at 2:39 AM Derek Atkins  wrote:
> [snip]
>
>>
>> *THIS* truly answers my underlying question(s).  I was concerned that
>> the
>> engine would be like the node, but this assures me it is not, it's just
>> a
>> "faster" way to build the engine VM, but it turns into (effectively) a
>> standard CentOS+Engine VM post-install...  Which SHOULD be good enough
>> for
>> what I want to do!  (I have the engine running a few extra services, and
>> wanted to make sure I could continue to do so).
>>
>>
> OK.
> But in the mid term the problem will impact you anyway.
> What to do after 31/12/2021 with this system, as no new updates from
> CentOS
> repos?

Umm, according to
https://www.zdnet.com/article/red-hat-resets-centos-linux-and-users-are-angry/
which links back to
https://access.redhat.com/support/policy/updates/errata/#Life_Cycle_Dates
which claims CentOS 7 will retain support through 2024-06-30.

I think your 2021-12-31 date refers to EL8, not EL7.

>
> I think in the next months it would be nice to have at least a CentOS -->
> CentOS Stream migration path for the Hosted Engine VM or for an external
> engine that are now based on CentOS

There is no "stream" for EL7.

> Or to confirm that the standard path described at
> https://centos.org/centos-stream/ works also for CentOS systems where
> oVirt
> repos are configured and active and engine packages installed.
> Currently it says:
> dnf swap centos-linux-repos centos-stream-repos
> dnf distro-sync
>
> Gianluca

-derek
-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/AUOVOBQJGKX5267DXKMZWHL6WYLW3A5M/


[ovirt-users] Re: Issue upgrading from 4.3 (Centos 7) to 4.4 (Centos 8)

2021-05-06 Thread Derek Atkins
Didi,

[snip]

Thank you for all the details (which I cut from the reply).  It's all
useful information, and as you noticed, I've not had to install the engine
in a while.  Moreover

> And, BTW, the appliance is not like ovirt-node - once you install it, it's
> just a plain normal CentOS machine - you upgrade stuff using 'dnf update'
> and 'engine-setup', etc.

*THIS* truly answers my underlying question(s).  I was concerned that the
engine would be like the node, but this assures me it is not, it's just a
"faster" way to build the engine VM, but it turns into (effectively) a
standard CentOS+Engine VM post-install...  Which SHOULD be good enough for
what I want to do!  (I have the engine running a few extra services, and
wanted to make sure I could continue to do so).

FWIW, I have a few extra services running on my host, too, but I think I
would change that if I ever added additional hardware (currently running
single-host).

Thank you again for humoring me and answering my questions, even the ones
I didn't explicitly ask!

> Best regards,

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RZU5ZILC3LDLSIF7VLM3XPN77UDCN33K/


[ovirt-users] Re: Issue upgrading from 4.3 (Centos 7) to 4.4 (Centos 8)

2021-05-05 Thread Derek Atkins
Hi,

On Wed, May 5, 2021 9:24 am, Yedidyah Bar David wrote:
> On Wed, May 5, 2021 at 4:20 PM Derek Atkins  wrote:
>>
>> Hi,
>>
>> On Wed, May 5, 2021 1:40 am, Yedidyah Bar David wrote:
>> >
>> >> And how about engine storage domain? I have a new NFS mount ready but
>> it
>> >> did not ask me about which storage domain to use. Will it ask in
>> later
>> >> stage?
>> >
>> > Yes, storage is handled (also asked about) in a later stage, after the
>> > engine is up and the host added to it.. This is a change from <= 4.2,
>> > and was done so that we can use the engine (and vdsm) for this,
>> > instead of duplicating their functionality in the deploy code.
>>
>> Color me confused... How does this work?
>
> Please review:
> https://www.ovirt.org/images/Hosted-Engine-4.3-deep-dive.pdf

Thanks.  However nowhere in those slides does it talk about when one would
install the Engine VM base OS.  So my questions (quoted below) still
apply.

>> If I'm installing CentOS and then the Engine into the Hosted-Engine VM,
>> don't I need a storage domain for that OS defined in order for me to
>> install the OS into the VM?  This sounds like a bootstrapping problem?
>>
>> Or do I install into some temporary storage and then once the Engine +
>> VDSM are up and running I can assign the permanent storage and it will
>> save/copy the temporary storage over to the permanent storage?   But in
>> the latter case, that would imply the ability to move the hosted-engine
>> storage domain from one place to another?
>>
>> Or does 4.4 remove the ability to install the hosted-engine into a
>> CentOS
>> OS and instead one must always use a Hosted Engine appliance?
>>
>> NB: I installed back at 4.0 and have been upgrading ever since, so I've
>> never had to re-install the engine from scratch; I know I will need to
>> do
>> that if I ever decide to upgrade from 4.3.10 to 4.4 (which, frankly, I
>> am
>> not looking forward to doing any time soon).
>>
>> > Good luck and best regards,
>

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/HXIWJQQ4KBPEE5JZ4O54DG3J6OQEIWG4/


[ovirt-users] Re: Issue upgrading from 4.3 (Centos 7) to 4.4 (Centos 8)

2021-05-05 Thread Derek Atkins
Hi,

On Wed, May 5, 2021 1:40 am, Yedidyah Bar David wrote:
>
>> And how about engine storage domain? I have a new NFS mount ready but it
>> did not ask me about which storage domain to use. Will it ask in later
>> stage?
>
> Yes, storage is handled (also asked about) in a later stage, after the
> engine is up and the host added to it.. This is a change from <= 4.2,
> and was done so that we can use the engine (and vdsm) for this,
> instead of duplicating their functionality in the deploy code.

Color me confused... How does this work?

If I'm installing CentOS and then the Engine into the Hosted-Engine VM,
don't I need a storage domain for that OS defined in order for me to
install the OS into the VM?  This sounds like a bootstrapping problem?

Or do I install into some temporary storage and then once the Engine +
VDSM are up and running I can assign the permanent storage and it will
save/copy the temporary storage over to the permanent storage?   But in
the latter case, that would imply the ability to move the hosted-engine
storage domain from one place to another?

Or does 4.4 remove the ability to install the hosted-engine into a CentOS
OS and instead one must always use a Hosted Engine appliance?

NB: I installed back at 4.0 and have been upgrading ever since, so I've
never had to re-install the engine from scratch; I know I will need to do
that if I ever decide to upgrade from 4.3.10 to 4.4 (which, frankly, I am
not looking forward to doing any time soon).

> Good luck and best regards,

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/I4OTGXBR3NH236F7LJJ4FBO4MC5SJ3D3/


[ovirt-users] Re: OvirtEngine Fails (any ideas?)

2021-03-15 Thread Derek Atkins
I'm sure more knowledgeable people will reply, but from me:
what does "systemctl status -l ovirt-imageio" give you?
It should give a bit more log data about the failure.

Is there any log data about the startup?  Anything in
/var/log/ovirt-imageio-daemon/daemon.log?  Anything happen if you try to
start it manually?

-derek


On Mon, March 15, 2021 12:56 pm, Jason Alexander Hazen Valliant-Saunders
wrote:
> Failed to start oVirt ImageIO Daemon.
> CODE_FILE ../src/core/job.c
> CODE_FUNC job_log_done_status_message
> CODE_LINE 933
> INVOCATION_ID 4c19d99e2caf48a39b4d3c79b290c214
> JOB_RESULT failed
> JOB_TYPE start
> MESSAGE_ID be02cf6855d2428ba40df7e9d022f03d
> PRIORITY 3
> SYSLOG_FACILITY 3
> SYSLOG_IDENTIFIER systemd
> UNIT ovirt-imageio.service
> _BOOT_ID 4bd6b8dcfcc04655bb96228bbc07e371
> _CAP_EFFECTIVE 3f
> _CMDLINE /usr/lib/systemd/systemd --switched-root --system --deserialize
> 17
> _COMM systemd
> _EXE /usr/lib/systemd/systemd
> _GID 0
> _HOSTNAME ovirt1.altignus.com
> _MACHINE_ID 0d2ee365ebc64b03982bae07fe190e25
> _PID 1
> _SELINUX_CONTEXT system_u:system_r:init_t:s0
> _SOURCE_REALTIME_TIMESTAMP 1615827351504037
> _SYSTEMD_CGROUP /init.scope
> _SYSTEMD_SLICE -.slice
> _SYSTEMD_UNIT init.scope
> _TRANSPORT journal
> _UID 0
> __CURSOR
> s=896394b4edaf41349024e42366d9e760;i=3393;b=4bd6b8dcfcc04655bb96228bbc07e371;m=30ad6a7e;t=5bd961f4e04b9;x=b3fe6e1de39c7ab8
> __MONOTONIC_TIMESTAMP 816671358
> __REALTIME_TIMESTAMP 1615827351504057
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/DNB73ZMUB5DIMV7UK74MTFYTE7SGZ5J7/
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/HX4TCAOLFIDKVCVPSXMH2CHBU6JLNX3Z/


[ovirt-users] Re: move ovirt 4.3.9 to RHEL 8

2021-01-29 Thread Derek Atkins
Ummm.. I realize it's been a while but aren't you supposed to install 
ovirt-engine-setup and not ovirt-engine?


-derek
Sent using my mobile device. Please excuse any typos.
On January 29, 2021 8:29:00 PM Paul Dyer  wrote:
thanks Gianluca for the well thought out response.   I started over and 
tried to install RHEL 8 with ovirt 4.4.   I ran into a few problems, which 
may be related.   First was that the module javapackages-tools could not be 
found.


# yum module enable javapackages-tools
Updating Subscription Management repositories.
Last metadata expiration check: 0:17:45 ago on Fri 29 Jan 2021 07:02:20 PM CST.
Error: Problems in request:
missing groups or modules: javapackages-tools

Then, the install of ovirt-engine relies on apache-commons-compress, but no 
version could pass module filtering.


[root@r8-bacchus yum.repos.d]# yum install ovirt-engine
Updating Subscription Management repositories.
Last metadata expiration check: 0:12:16 ago on Fri 29 Jan 2021 07:02:20 PM CST.
Error:
Problem: package ovirt-engine-4.4.4.7-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed

- cannot install the best candidate for the job
- package 
apache-commons-compress-1.20-1.module+el8.2.1+6727+059d025f.noarch is 
filtered out by modular filtering
- package 
apache-commons-compress-1.20-3.module+el8.2.1+7436+4afdca1f.noarch is 
filtered out by modular filtering
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to 
use not only best candidate packages)


[root@r8-bacchus yum.repos.d]# yum install ovirt-engine --nobest
Updating Subscription Management repositories.
Last metadata expiration check: 0:14:26 ago on Fri 29 Jan 2021 07:02:20 PM CST.
Error:
Problem: conflicting requests
- package ovirt-engine-4.4.0.3-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.1-1.el8.noarch requires apache-commons-compress, 
but none of the providers can be installed
- package ovirt-engine-4.4.1.1-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.1.10-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.1.2-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.1.3-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.1.4-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.1.5-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.1.6-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.1.7-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.1.8-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.2.6-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.3.10-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.3.11-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.3.12-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.3.3-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.3.4-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.3.5-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.3.6-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.3.7-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.3.8-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.3.9-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.4-1.el8.noarch requires apache-commons-compress, 
but none of the providers can be installed
- package ovirt-engine-4.4.4.1-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.4.2-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.4.3-1.el8.noarch requires 
apache-commons-compress, but none of the providers can be installed
- package ovirt-engine-4.4.4.4-1.el8.noarch requires 

[ovirt-users] Geographically-distrbuted Ovirt Cluster?

2021-01-25 Thread Derek Atkins
Hi,

Right now I run a 1-server hyperconverged hosted-engine deployment.  Other
than requiring systemwide downtime to perform host maintenance, it has
worked fairly well for me over the past few years.  However, after a
couple power and upstream-network outages, there have been questions about
the ability to "distribute the load", so to speak.  Considering what our
workload is (main git repo, wiki, email list + archives, etc), it can't
easily be distributed by a periodic resync and DNS round robin like a
static web site.

To solve this distribution problem I was wondering if there might be some
way to deploy a handful of physical servers in different geographic
locations that work together to create an HE environment for guest VMs?

My initial fear would be that it would require dedicated 1Gb (or higher)
between the sites to move data?  Let's say we do NOT have that level of
connectivity.

I saw something about geographic replication in Gluster?  But that would
seem to be more about replicating a local cluster to a remote cluster?

I suspect the answer is: no, a cluster must all be physically co-located. 
But I figured I would ask the experts.

Thanks all for your insights.

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GRWSTAQ7O63KLLJMS54465INSXGBUMO6/


[ovirt-users] Re: Gluster Hyperconverged fails with single disk partitioned

2021-01-20 Thread Derek Atkins

Ovirt is expecting an LVM volume, not a raw partition.

-derek
Sent using my mobile device. Please excuse any typos.
On January 20, 2021 7:13:45 PM Shantur Rathore  wrote:

Hi,

I am trying to setup a single host Self-Hosted hyperconverged setup with 
GlusterFS.
I have a custom partitioning where I provide 100G for oVirt and its 
partitions and rest 800G to a physical partition (/dev/sda4).


When I try to create gluster deployment with the wizard, it fails

TASK [gluster.infra/roles/backend_setup : Create volume groups] 

failed: [ovirt-macpro-16.lab.ced.bskyb.com] (item={'key': 
'gluster_vg_sda4', 'value': [{'vgname': 'gluster_vg_sda4', 'pvname': 
'/dev/sda4'}]}) => {"ansible_loop_var": "item", "changed": false, "err": "  
Device /dev/sda4 excluded by a filter.\n", "item": {"key": 
"gluster_vg_sda4", "value": [{"pvname": "/dev/sda4", "vgname": 
"gluster_vg_sda4"}]}, "msg": "Creating physical volume '/dev/sda4' failed", 
"rc": 5}


I checked and /etc/lvm/lvm.conf filter doesn't allow /dev/sda4. It only 
allows PV for onn VG.
Once I manually allow /dev/sda4 to lvm filter, it works fine and gluster 
deployment completes.


Fdisk :

# fdisk -l /dev/sda
Disk /dev/sda: 931.9 GiB, 100081440 bytes, 1954210120 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: FE209000-85B5-489A-8A86-4CF0C91B2E7D

Device StartEndSectors   Size Type
/dev/sda1   204812308471228800   600M EFI System
/dev/sda2123084833279992097152 1G Linux filesystem
/dev/sda33328000  213043199  209715200   100G Linux LVM
/dev/sda4  213043200 1954209791 1741166592 830.3G Linux filesystem

LVS

# lvs
LV VG  Attr   LSize  Pool  Origin   
Data%  Meta%  Move Log Cpy%Sync Convert
home   onn Vwi-aotz-- 10.00g pool0  
0.11

ovirt-node-ng-4.4.4-0.20201221.0   onn Vwi---tz-k 10.00g pool0 root
ovirt-node-ng-4.4.4-0.20201221.0+1 onn Vwi-aotz-- 10.00g pool0 
ovirt-node-ng-4.4.4-0.20201221.0 25.26
pool0  onn twi-aotz-- 95.89g
2.95   14.39

root   onn Vri---tz-k 10.00g pool0
swap   onn -wi-ao  4.00g
tmponn Vwi-aotz-- 10.00g pool0  
0.12
varonn Vwi-aotz-- 20.00g pool0  
0.92
var_crash  onn Vwi-aotz-- 10.00g pool0  
0.11
var_logonn Vwi-aotz-- 10.00g pool0  
0.13
var_log_audit  onn Vwi-aotz--  4.00g pool0  
0.27




# grep filter /etc/lvm/lvm.conf
filter = 
["a|^/dev/disk/by-id/lvm-pv-uuid-QrvErF-eaS9-PxbI-wCBV-3OxJ-V600-NG7raZ$|", 
"r|.*|"]


Am I doing something which oVirt isn't expecting?
Is there anyway to provide tell gluster deployment to add it to lvm config.

Thanks,
Shantur
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BP7BQWG3O7IFRLU4W6ZNV4J6PHR4DUZF/


___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/NJY2DTWIAE6COJ4CXCRLEEL4WH452MK2/


[ovirt-users] Re: CentOS 8 is dead

2020-12-08 Thread Derek Atkins
Hmm.
I appear to be having Slack issues.
Even though I am logged into my slack and have it running, when I click
this link I get a "sign in to your workspace" -- and I can't get to this
channel.
Maybe it's not public and is limited somehow?
Or maybe Slack doesn't like me?
-derek

On Tue, December 8, 2020 4:21 pm, Strahil Nikolov wrote:
> Actually,
>
> you are not the only one thinking about it.
> You can check a lot of users (including me) are joining the following
> slack channel: https://app.slack.com/client/T0YKGK200/D01H5BZ85LG
>
> Best Regards,
> Strahil Nikolov
>
> В 16:01 -0500 на 08.12.2020 (вт), Derek Atkins написа:
>> On Tue, December 8, 2020 3:49 pm, Christopher Cox wrote:
>> > On 12/8/20 2:20 PM, Michael Watters wrote:
>> > > This was one of my fears regarding the IBM acquisition.  I guess
>> > > we
>> > > can't complain too much, it's not like anybody *pays* for
>> > > CentOS.  :)
>> >
>> > Yes, but this greatly limits oVirt use to temporal dev labs only.
>> >
>> > Maybe oVirt should look into what it would take to one of the long
>> > term
>> > Devian
>> > based distros
>>
>> So... stupid question, but...   What would it take for a group of
>> interested individuals to "take over" the current CentOS-as-RHEL-
>> rebuild
>> processes currently in place?  I honestly have no idea how much
>> person-hour effort it it is to maintain CentOS, or what other
>> resources
>> (build machines / infrastructure) are required?
>>
>> > ...snippity
>>
>> -derek
>> --
>>Derek Atkins 617-623-3745
>>de...@ihtfp.com www.ihtfp.com
>>Computer and Internet Security Consultant
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/IVROYZSBEM3GSWGON452YKOF7U5HXNTY/
>
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GYOQ4DA4BE2VVR2W22ERF7BAH6UWB5EY/


[ovirt-users] Re: CentOS 8 is dead

2020-12-08 Thread Derek Atkins

On Tue, December 8, 2020 3:49 pm, Christopher Cox wrote:
> On 12/8/20 2:20 PM, Michael Watters wrote:
>> This was one of my fears regarding the IBM acquisition.  I guess we
>> can't complain too much, it's not like anybody *pays* for CentOS.  :)
>
> Yes, but this greatly limits oVirt use to temporal dev labs only.
>
> Maybe oVirt should look into what it would take to one of the long term
> Devian
> based distros

So... stupid question, but...   What would it take for a group of
interested individuals to "take over" the current CentOS-as-RHEL-rebuild
processes currently in place?  I honestly have no idea how much
person-hour effort it it is to maintain CentOS, or what other resources
(build machines / infrastructure) are required?

> ...snippity

-derek
-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/IVROYZSBEM3GSWGON452YKOF7U5HXNTY/


[ovirt-users] Re: Error creating host certificate with SubjectAltName with -ki-enroll-request.sh

2020-12-08 Thread Derek Atkins

On Tue, December 8, 2020 10:17 am, Yedidyah Bar David wrote:
> On Tue, Dec 8, 2020 at 5:09 PM Derek Atkins  wrote:
>>
[snip]
>> Is there any chance this could be added to the --help output?
>> An actual example would have been very useful.
>
> Frankly, I'd prefer people (like you) that need to use these
> utilities manually, to search the net if they have problems,
> than spending hours debating about how long --help should be,
> what should be included in it and what not, what link we might
> provide for further reference (and please note that I didn't
> include such a link in my original reply - simply because I
> failed to find one that seemed "most suitable"), etc. That said,
> patches are welcome! If you think you can improve the current
> text in a conflict-free way, which everyone will agree to, please
> go ahead and push a patch! :-)

I'll take a look at doing that.

I did google some before asking here, but there were very few hits for
usage of pki-enroll-request.sh -- although I admit I did not try many
different search terms.  Most of the results were not ovirt related nor
related to this script at all.

> BTW: What I personally do, is to search the code and/or relevant
> logs to see what other tools (the engine, engine-setup, in this
> case) do, as "reference examples".

That presumes having ready access to (in this case) ovirt sources -- which
you obviously do but I do not.  As a user, I don't feel I should need to
go refer to the sources to determine how a utility program should be
properly used.  IMHO that's what documentation is used for.  However I
will keep that in mind for my next issue ;)

But I do understand your PoV -- for GnuCash I often reference the sources
when answering people's questions.  However that's a case where I am (or
was) one of the developers so I do have the sources handy.  :)

Thanks again.  I am all set now!

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/AK42QT53KEZ4BXSCXX6K4VXDVRBRGN3R/


[ovirt-users] Re: Error creating host certificate with SubjectAltName with -ki-enroll-request.sh

2020-12-08 Thread Derek Atkins
Hi Didi,

On Tue, December 8, 2020 10:03 am, Yedidyah Bar David wrote:
> On Tue, Dec 8, 2020 at 4:25 PM Derek Atkins  wrote:
>>
>> Hi,
>>
>> I'm running a single-host, hosted-engine Ovirt deployment, version
>> 4.3.10
>> (upgraded from 4.0->4.1->4.2) and it's complaining that my host cert
>> does
>> not have a SubjectAltName.
>>
>> If I try to use pki-enroll-request.sh to rebuild the host cert and
>> follow
>> the instructions to add a --san, I get an error:
>>
>> /usr/share/ovirt-engine/bin/pki-enroll-request.sh --name=host.na.me
>> --san=host.na.me
>
> Please try with '--san=DNS:host.na.me'.

AHA, thank you...  Thank worked.

>> Using configuration from openssl.conf
>> Check that the request matches the signature
>> Signature ok
>> The Subject's Distinguished Name is as follows
>> organizationName  :PRINTABLE:'My Org Name'
>> commonName:PRINTABLE:'host.na.me'
>> ERROR: adding extensions in section v3_ca_san
>> 139875647600528:error:2207507C:X509 V3
>> routines:v2i_GENERAL_NAME_ex:missing value:v3_alt.c:531:
>> 139875647600528:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error
>> in
>> extension:v3_conf.c:95:name=subjectAltName, value=host.na.me
>> Cannot sign certificate
>>
>> Am I using this script incorrectly?
>
> You are using it well. --san argument is passed as-is to openssl's
> 'subjectAltName', which requires a prefix to tell its type. Search the
> net for 'openssl subjectAltName' for other examples.

Is there any chance this could be added to the --help output?
An actual example would have been very useful.

Thanks again!

> Best regards,
> --
> Didi

-derek


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UU4NAMQXEGUDLYG2WJJILTJZ3QRYVCRA/


[ovirt-users] [SOLVED] Re: Re: How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?

2020-12-08 Thread Derek Atkins
Hi,

On Mon, December 7, 2020 4:02 pm, Derek Atkins wrote:
> Hi Michal,
>
> On Mon, December 7, 2020 11:43 am, Michal Skrivanek wrote:
>>
[snip]
> And for the record, after putting the new certificates into place by
> hand,
> just restarting a VM was sufficient to get Spice to pull in the new
> cert(s).  So, technically, it LOOKS like I don't have to reboot the whole
> system (although I plan to do that tonight) -- I could just shutdown and
> re-run each VM.
>
>> HTH,
>> michal
>
> Thank you for all your support and everything you do for this project,
> Michal.  We very much appreciate it!

For the record, I rebooted the host last night and once everything came
back, the new certs were all in place and everything was happy Except
for the fact that my host cert does not have a SAN (SubjectAltName) so the
engine is *still* complaining about it.  See my other email about that.



FYI, here are the commands I used to refresh everything (modulo restarting
everything):

set my_date="$(date +"%Y%m%d%H%M%S")"

##  On the ENGINE, rebuild the CA Cert:

cp -p /etc/pki/ovirt-engine/private/ca.pem
/etc/pki/ovirt-engine/private/ca.pem.$my_date
cp -p /etc/pki/ovirt-engine/ca.pem{,.$my_date}
openssl x509 -signkey /etc/pki/ovirt-engine/private/ca.pem -in
/etc/pki/ovirt-engine/ca.pem -out /etc/pki/ovirt-engine/ca.pem.new -days
3650 -sha256
openssl x509 -in /etc/pki/ovirt-engine/ca.pem.new -text >
/etc/pki/ovirt-engine/ca.pem.new.full
mv /etc/pki/ovirt-engine/ca.pem.new.full /etc/pki/ovirt-engine/ca.pem
mv /etc/pki/ovirt-engine/certs/ca.der{,.$my_date}
cp -p /etc/pki/ovirt-engine/ca.pem.new /etc/pki/ovirt-engine/certs/ca.der


#  On ovirt host, create a CSR:
#   openssl x509 -x509toreq -in /etc/pki/libvirt/clientcert.pem -out
/tmp/HOST.csr -signkey /etc/pki/libvirt/private/clientkey.pem
mv /etc/pki/ovirt-engine/certs/host.na.me.cer{,.$my_date}
mv /etc/pki/ovirt-engine/requests/host.na.me.req{,.$my_date}

# copy new CSR into place on the engine:
#/etc/pki/ovirt-engine/requests/host.na.me.req
#  and sign it:
/usr/share/ovirt-engine/bin/pki-enroll-request.sh --name=host.na.me

#  NB -- adding --san results in an error: --san=host.na.me


# copy new Host cert from /etc/pki/ovirt-engine/certs/host.na.me.cer
#to host:new_cert
#   and copy CA cert to host:cacert.pem
# ON OVIRT Host:
mv /etc/pki/libvirt/clientcert.pem{,.$my_date}
mv /etc/pki/vdsm/certs/vdsmcert.pem{,.$my_date}
mv /etc/pki/vdsm/libvirt-spice/server-cert.pem{,.$my_date}
cp -p new_cert /etc/pki/libvirt/clientcert.pem
cp -p new_cert /etc/pki/vdsm/certs/vdsmcert.pem
cp -p new_cert /etc/pki/vdsm/libvirt-spice/server-cert.pem
chown root:kvm /etc/pki/libvirt/clientcert.pem
/etc/pki/vdsm/certs/vdsmcert.pem
/etc/pki/vdsm/libvirt-spice/server-cert.pem
#
# Copy new CA cert into place on Host:
mv /etc/pki/CA/cacert.pem{,$my_date}
cp -p cacert.pem /etc/pki/CA/cacert.pem
chgrp kvm /etc/pki/CA/cacert.pem
mv /etc/pki/vdsm/certs/cacert.pem{,.$my_date}
mv /etc/pki/vdsm/libvirt-spice/ca-cert.pem{,.$my_date}
mv /etc/pki/ovirt-engine/ca.pem{,.$my_date}
cp -p /etc/pki/CA/cacert.pem /etc/pki/vdsm/certs/cacert.pem
cp -p /etc/pki/CA/cacert.pem /etc/pki/vdsm/libvirt-spice/ca-cert.pem
cp -p /etc/pki/CA/cacert.pem /etc/pki/ovirt-engine/ca.pem


At this point I shut down all VMs, rebooted the host, and restarted all
the VMs and everything came back happy (except for the lack of the
SubjectAltName).


Also note that you will need to remove the trusted cert from your
browser(s) and re-add the new CA cert -- otherwise you will get a browser
error complaining about the change in certificate from the same Issuer and
with the same Serial#.

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XJ6CE262KXWE3X5CGX55YXYCUFFVYRM6/


[ovirt-users] Error creating host certificate with SubjectAltName with -ki-enroll-request.sh

2020-12-08 Thread Derek Atkins
Hi,

I'm running a single-host, hosted-engine Ovirt deployment, version 4.3.10
(upgraded from 4.0->4.1->4.2) and it's complaining that my host cert does
not have a SubjectAltName.

If I try to use pki-enroll-request.sh to rebuild the host cert and follow
the instructions to add a --san, I get an error:

/usr/share/ovirt-engine/bin/pki-enroll-request.sh --name=host.na.me
--san=host.na.me
Using configuration from openssl.conf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
organizationName  :PRINTABLE:'My Org Name'
commonName:PRINTABLE:'host.na.me'
ERROR: adding extensions in section v3_ca_san
139875647600528:error:2207507C:X509 V3
routines:v2i_GENERAL_NAME_ex:missing value:v3_alt.c:531:
139875647600528:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in
extension:v3_conf.c:95:name=subjectAltName, value=host.na.me
Cannot sign certificate

Am I using this script incorrectly?

Thanks,

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JRNYDRPFACRQK6FU3YN6XMJ276N3HJYQ/


[ovirt-users] Re: How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?

2020-12-07 Thread Derek Atkins
Hi Michal,

On Mon, December 7, 2020 11:43 am, Michal Skrivanek wrote:
>
>
>> On 7 Dec 2020, at 15:35, Gianluca Cecchi 
>> wrote:
>>
>> On Mon, Dec 7, 2020 at 2:22 PM Derek Atkins > <mailto:de...@ihtfp.com>> wrote:
>> [snip]
>>
>> The main advantages of ovirt over virt-manager is the access-control and
>> remote-access capabilities.  Specifically, I have several users which
>> have
>> different access to different VMs and their consoles.  Without providing
>> ssh access to the host, I wasn't sure how to provide that access in a
>> clean way via virt-manager.
[snip]
>> +1 here.
>> And I think developers should put more attention in single host
>> environments than lastly done.
>
> well, the truth is it is a corner case. I’m not saying it shouldn’t work
> but as Didi said a single host management was never the main goal. We’ve
> built oVirt around shared storage and DC scalability, that it sort of
> happens to work with single host is….nice, but it’s really not that
> typical. There are better options for desktop-like virtualization in OSS
> world, there’s virt-manager, there’s VM management in cockpit UI,
> gnome-boxes.

As of several years ago, I don't think any of these options worked with
multiple, distributed (remote) users with different capabilities on the
same VM Host.  Has that changed?

>> Derek explained very well what could be many common situations to have a
>> single host environment and the reason not to use virt-manager and such.
>> At time there was the all-in-one and then it was deprecated/abandoned in
>> favour of single host deployment.
>
> yes. but it was never meant to be a real thing in a first place, it was
> created just for demo purposes so it can run on a single laptop.
>
>> Now due to perhaps ansible playbook or new logic in host upgrades it
>> seems to see more and more messages about single host not supported.
>
> it’s not intentional, just not tested enough so it keeps breaking. we
> really can’t test every use case in automation.

I think there are enough users who want this configuration (or, gasp, are
actually using this configuration) that it might warrant a little more
testing.  Yes, we understand that there will be times that we need to shut
down VMs and reboot the system, and those times can be scheduled (like
I've done).  However, that WOULD require a little more support, to at
least have a recipe that works on a single-host hosted-engine solution.

For host cert renewal, that recipe didn't really exist.

[snip]
> I don’t think it would take too much attention, TBH. We’re still dealing
> with 4.4 and el8 complications (it’s still fairly early since GA of a
> major release)

Of course.  (Personally, I think it should have been called 5.0 instead of
4.4, as it requires a full re-install to migrate from 4.3).

> What would make sense, I think, is to identify the actual
> issues/complications and do them differently, like indeed a special local
> playbooks or whatnot, or “special” hacks. And then document on oVirt wiki.
> But otherwise I do not really see them supportable - the amount of work to
> e.g. re-enroll certs on a running host is just too much to do properly,
> and everyone has a different level of “risk” they accept.

Exactly.  Some tested playbook recipes that allows a single-host
hosted-engine deployment to perform these operations is really what I'm
asking for.  Yes, I know it will require rebooting.  But reboot is much
less risky that re-install!

And for the record, after putting the new certificates into place by hand,
just restarting a VM was sufficient to get Spice to pull in the new
cert(s).  So, technically, it LOOKS like I don't have to reboot the whole
system (although I plan to do that tonight) -- I could just shutdown and
re-run each VM.

> HTH,
> michal

Thank you for all your support and everything you do for this project,
Michal.  We very much appreciate it!

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/4NVDF5RRX54H5ZP57VIBP4ULECNQF4FJ/


[ovirt-users] Re: How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?

2020-12-07 Thread Derek Atkins
Hi Didi,

Sorry for the multiple emails yesterday.  I'm going to respond to all of
your responses in this one.

On Mon, December 7, 2020 3:31 am, Yedidyah Bar David wrote:
> On Sun, Dec 6, 2020 at 8:14 PM Derek Atkins  wrote:
>>
>> Hi again,
>>
>> I also noticed that ca.pem was not updated -- it's still using Sha1.
>
> You are right - we didn't make engine-setup recreate existing certs
> for this - "Renew" deals with other stuff [1]. We only change the
> default for new ones [2], and wrote a procedure [3][4] for doing this
> manually. At the time, this wasn't mandatory - browsers didn't reject
> sha1. Perhaps now it should be.

I should point out that it's not the browsers that are rejecting SHA1, but
it is remote-viewer that is.  My Fedora-33 firefox connected to my
Sha1-using Ovirt HTTPS just fine, without any complaints.  Granted, as I
note later, these certs were already imported and accepted in firefox
years ago, so that could be why there was not complaints.

However, the console.vv file sent to remote-viewer includes the CA cert --
but I'm not sure if it's complaining about that or the host cert that gets
sent during the connection; I can't tell from the output.  I know it's the
CA cert that's sent in the .vv file, but I'm not 100% sure which
particular source is being used, and I'm not sure which cert is considered
"bad" by the viewer.

[snip]
>> I don't know if this will be an issue with remote-viewer if I wind up
>> refreshing the host cert?
>
> As I said, at the time it didn't seem to be mandatory, and docs seemed
> to be enough. If you feel otherwise, please open a bug.

I already refreshed the CA cert, so unfortunately I wont be able to test
this for sure.  I know that refreshing the CA cert on the engine alone is
not sufficient -- the console.vv file still has the old one, even after an
engine restart.

> I think there is a difference, or at least there was, between what
> browsers
> did/do with https certs, and what they did with CA certs.

Probably true, but firefox was not complaining with the Sha1 certs.

> If you had a CA cert already accepted/imported/trusted by the browser,
> and then you entered a site with a cert signed by this CA, but with a
> SHA1 signature, this was one separate case. Browsers started warning/
> rejecting them earlier.

I think I had already accepted the site cert which is probably why it
wasn't complaining about it being SHA1.

> If you have a CA cert with a SHA1 signature, and want to import that to
> a browser, that's another case. I didn't test recently (or much over time,
> other than working on these bugs) with recent browsers, but I think it
> took longer until they rejected (if indeed they do - not sure all of them
> do).

Indeed.  I already had both the SHA1 CA cert and the SHA1 host cert
accepted in my Firefox trust before I upgraded, so perhaps that's why I
didn't see any issues in F33.  I removed both and re-imported the (new) CA
cert.

>> One more question:
>>
>> Can you verify that etc/pki/libvirt/clientcert.pem,
>> etc/pki/vdsm/certs/vdsmcert.pem, and
>> etc/pki/vdsm/libvirt-spice/server-cert.pem are all supposed to be same
>> certificate (on the host)?  By a quick find | grep all three of these
>> files appear to be the .cer certificate file?
>
> Yes, and also vdsm/libvirt-vnc/server-cert.pem .

I don't see this directly in /etc/pki on the host?  All I see is:
# ls -l /etc/pki/vdsm/
total 8
drwxr-xr-x. 2 vdsm kvm 4096 Dec  6 17:16 certs
drwxr-xr-x. 2 vdsm kvm   80 Jun  7  2020 keys
drwxr-xr-x. 2 vdsm kvm 4096 Dec  6 17:18 libvirt-spice

And /etc/pki/vdsm does not exist on the engine.  Indeed:

# find /etc/pki -name server-cert.pem
/etc/pki/vdsm/libvirt-spice/server-cert.pem


>> Does it matter that ca.der didn't change?  I don't know if that is a
>> self-signed cert that might be problematic?
>
> ca.der is not used by anything, you can ignore it. The private key of
> the CA is in /etc/pki/ovirt-engine/private/ca.pem, and the public key
> is in /etc/pki/ovirt-engine/ca.pem. That's what all tools use.

Actually, I verified that ca.der *IS* used -- that's what gets sent out if
you access
http://your-manager-fqdn/ovirt-engine/services/pki-resource?resource=ca-certificate=X509-PEM-CA
-- so I had to update that in order to make the new cert available.



> Generally speaking, the project considers the "standard" use case to be a
> setup of at least two hosts, and at least one host "extra" (in terms of
> capacity), so that if a host fails, you can still keep everything up. In
> that regard, a single-host setup is considered a kind of "corner case",
> meant mainly for testing/development, not production. Is there such a big
> advantage in using oVirt for a single host, compared to virt-manager?

The main advantages 

[ovirt-users] Re: How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?

2020-12-06 Thread Derek Atkins
Hi again,

I also noticed that ca.pem was not updated -- it's still using Sha1.
I don't know if this will be an issue with remote-viewer if I wind up
refreshing the host cert?

-derek

On Sun, December 6, 2020 7:44 am, Yedidyah Bar David wrote:
> On Sun, Dec 6, 2020 at 12:34 AM Derek Atkins  wrote:
>>
>> Hi,
>>
>> I've got a single-host hosted-engine deployment that I originally
>> installed with 4.0 and have upgraded over the years to 4.3.10.  I and
>> some
>> of my users have upgraded remote-viewer and now I get an error when I
>> try
>> to view the console of my VMs:
>>
>> (remote-viewer:8252): Spice-WARNING **: 11:30:41.806:
>> ../subprojects/spice-common/common/ssl_verify.c:477:openssl_verify:
>> Error
>> in server certificate verification: CA signature digest algorithm too
>> weak
>> (num=68:depth0:/O=/CN=)
>>
>> I am 99.99% sure this is because the old certs use SHA1.
>>
>> I reran engine-setup on the engine and it asked me if I wanted to renew
>> the PKI, and I answered yes.  This replaced many[1] of the certificates
>> in
>> /etc/pki/ovirt-engine/certs on the engine, but it did not update the
>> Host's  certificate.
>
> Indeed.
>
>>
>> All the documentation I've seen says that to refresh this certificate I
>> need to put the host into maintenance mode and then re-enroll..  However
>> I
>> cannot do that, because this is a single-host system so I cannot put the
>> host in local mode -- there is no place to migrate the VMs (let alone
>> the
>> Engine VM).
>>
>> So  Is there a command-line way to re-enroll manually and update the
>> host certs?
>
> I don't think you'll find anything like this.
>
> People did come up in the past with various procedure to hack pki like
> what
> you want, but these are, generally speaking, quite fragile - usually do
> not
> get updated over versions etc.
>
> I am pretty certain the only way to do this using "official" tools/docs
> is:
>
> 1. Stop all VMs except for the engine one.
>
> 2. Take a backup with engine-backup.
>
> 3. Stop the engine VM.
>
> 4. Reinstall the host OS from scratch or use ovirt-hosted-engine-cleanup.
>
> 5. Provision the host again as a hosted-engine host, using
> '--restore-from-file'.
> Either using new storage for the engine, or after cleaning up the existing
> hosted-engine storage.
>
> If you still want to try doing this manually, then the tool to use is
> pki-enroll-request.sh. IIRC it's documented. You should find what
> keys/certs
> you want to replace, generate new keys and CSRs (or use existing keys and
> generate CSRs, or even use existing CSRs if you find them), copy to the
> engine,
> sign with pki-enroll-request.sh, then copy the generated cert to the host.
> I am
> almost certain there is no way to tell vdsm (and other processes) to
> reload
> the certs, so you'll have to restart it (them) - and this usually
> requires putting
> the host in maintenance (and therefore stop (migrate) all VMs).
>
>>  Or some other way to get all the leftover certs renewed?
>
> Which ones, specifically?
>
>>
>> Thanks,
>>
>> -derek
>>
>> [1] Not only did it not update the Host's cert, it did not update any of
>> the vmconsole-proxy certs, nor the certs in /etc/pki/ovirt-vmconsole/,
>> and
>> obviously nothing in /etc/pki/ on the host itself.
>
> AFAIR no process uses these certs as such. There are only processes that
> use
> the ssh-format keys extracted from them, which do not include a signature
> (sha1 or whatever).
>
> If you think I am wrong, and/or notice other certs that need to be
> regenerated,
> that's a bug - please open one. Thanks!
>
> Re remote-viewer/spice: You didn't say if you tried again after
> engine-setup
> and what happened. In any case, this is unrelated to vmconsole (which is
> for
> serial consoles, using ssh). But you might still need to regenerate the
> host
> cert.
>
> BTW: You can try using novnc and websocket-proxy - engine-setup does
> update
> the cert for the latter, so this might work as-is.
>
> Best regards,
> --
> Didi
>
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UY44RUFT5MWMZ57Q4A4JWEOVPRSLBGTG/


[ovirt-users] Re: How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?

2020-12-06 Thread Derek Atkins
Hi Didi,

One more question:

Can you verify that etc/pki/libvirt/clientcert.pem,
etc/pki/vdsm/certs/vdsmcert.pem, and
etc/pki/vdsm/libvirt-spice/server-cert.pem are all supposed to be same
certificate (on the host)?  By a quick find | grep all three of these
files appear to be the .cer certificate file?

-derek

On Sun, December 6, 2020 12:25 pm, Derek Atkins wrote:
> HI,
>
> On Sun, December 6, 2020 7:44 am, Yedidyah Bar David wrote:
>> On Sun, Dec 6, 2020 at 12:34 AM Derek Atkins  wrote:
> [snip]
>>> So  Is there a command-line way to re-enroll manually and update
>>> the
>>> host certs?
>>
>> I don't think you'll find anything like this.
>>
>> People did come up in the past with various procedure to hack pki like
>> what
>> you want, but these are, generally speaking, quite fragile - usually do
>> not
>> get updated over versions etc.
>>
>> I am pretty certain the only way to do this using "official" tools/docs
>> is:
>>
>> 1. Stop all VMs except for the engine one.
>>
>> 2. Take a backup with engine-backup.
>>
>> 3. Stop the engine VM.
>>
>> 4. Reinstall the host OS from scratch or use
>> ovirt-hosted-engine-cleanup.
>>
>> 5. Provision the host again as a hosted-engine host, using
>> '--restore-from-file'.
>> Either using new storage for the engine, or after cleaning up the
>> existing
>> hosted-engine storage.
>
> If I were to go this route I might as well upgrade to EL8 / 4.4 at the
> same time.  However, I would rather not do that; I consider that a very
> dangerous operation, with a generally too-high probability of failure.
>
>> If you still want to try doing this manually, then the tool to use is
>> pki-enroll-request.sh. IIRC it's documented. You should find what
>> keys/certs
>> you want to replace, generate new keys and CSRs (or use existing keys
>> and
>> generate CSRs, or even use existing CSRs if you find them), copy to the
>> engine,
>> sign with pki-enroll-request.sh, then copy the generated cert to the
>> host.
>
> Thanks.  I will look into this method.
>
>> I am
>> almost certain there is no way to tell vdsm (and other processes) to
>> reload
>> the certs, so you'll have to restart it (them) - and this usually
>> requires putting
>> the host in maintenance (and therefore stop (migrate) all VMs).
>
> I don't mind stopping the VMs in order to reboot the host if I can plan
> that.  My understanding is that because there is no place to migrate the
> hosted-engine, that implies even I stop all the other VMs, I still cannot
> put the host into maintenance mode.  Is my understanding correct?
>
>>>  Or some other way to get all the leftover certs renewed?
>>
>> Which ones, specifically?
>
> I think I listed them all:  *.cer and vmconsole*.cer on the engine,
> and of course everything on the host itself.
>
> Does it matter that ca.der didn't change?  I don't know if that is a
> self-signed cert that might be problematic?
>
>>>
>>> Thanks,
>>>
>>> -derek
>>>
>>> [1] Not only did it not update the Host's cert, it did not update any
>>> of
>>> the vmconsole-proxy certs, nor the certs in /etc/pki/ovirt-vmconsole/,
>>> and
>>> obviously nothing in /etc/pki/ on the host itself.
>>
>> AFAIR no process uses these certs as such. There are only processes that
>> use
>> the ssh-format keys extracted from them, which do not include a
>> signature
>> (sha1 or whatever).
>>
>> If you think I am wrong, and/or notice other certs that need to be
>> regenerated,
>> that's a bug - please open one. Thanks!
>
> I have not noticed anything, yet, but I have not restarted the host or
> vdsm since I re-ran engine-setup.
>
>> Re remote-viewer/spice: You didn't say if you tried again after
>> engine-setup
>> and what happened. In any case, this is unrelated to vmconsole (which is
>> for
>> serial consoles, using ssh). But you might still need to regenerate the
>> host
>> cert.
>
> Sorry, I thought I did.  Yes, I did try re-running remote-viewer after
> running engine-setup.  There was no change in the console.vv file (except
> of course for the password and sso-token), so yes, it failed in the same
> way.
>
> Note, however, that I did not restart vdsm or the host after running
> engine-setup.
>
>> BTW: You can try using novnc and websocket-proxy - engine-setup does
>> update
>> the cert for the latter, so this might work as-is.
>
> Yes, that does work indeed, so as a short-term solu

[ovirt-users] Re: How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?

2020-12-06 Thread Derek Atkins
HI,

On Sun, December 6, 2020 7:44 am, Yedidyah Bar David wrote:
> On Sun, Dec 6, 2020 at 12:34 AM Derek Atkins  wrote:
[snip]
>> So  Is there a command-line way to re-enroll manually and update the
>> host certs?
>
> I don't think you'll find anything like this.
>
> People did come up in the past with various procedure to hack pki like
> what
> you want, but these are, generally speaking, quite fragile - usually do
> not
> get updated over versions etc.
>
> I am pretty certain the only way to do this using "official" tools/docs
> is:
>
> 1. Stop all VMs except for the engine one.
>
> 2. Take a backup with engine-backup.
>
> 3. Stop the engine VM.
>
> 4. Reinstall the host OS from scratch or use ovirt-hosted-engine-cleanup.
>
> 5. Provision the host again as a hosted-engine host, using
> '--restore-from-file'.
> Either using new storage for the engine, or after cleaning up the existing
> hosted-engine storage.

If I were to go this route I might as well upgrade to EL8 / 4.4 at the
same time.  However, I would rather not do that; I consider that a very
dangerous operation, with a generally too-high probability of failure.

> If you still want to try doing this manually, then the tool to use is
> pki-enroll-request.sh. IIRC it's documented. You should find what
> keys/certs
> you want to replace, generate new keys and CSRs (or use existing keys and
> generate CSRs, or even use existing CSRs if you find them), copy to the
> engine,
> sign with pki-enroll-request.sh, then copy the generated cert to the host.

Thanks.  I will look into this method.

> I am
> almost certain there is no way to tell vdsm (and other processes) to
> reload
> the certs, so you'll have to restart it (them) - and this usually
> requires putting
> the host in maintenance (and therefore stop (migrate) all VMs).

I don't mind stopping the VMs in order to reboot the host if I can plan
that.  My understanding is that because there is no place to migrate the
hosted-engine, that implies even I stop all the other VMs, I still cannot
put the host into maintenance mode.  Is my understanding correct?

>>  Or some other way to get all the leftover certs renewed?
>
> Which ones, specifically?

I think I listed them all:  *.cer and vmconsole*.cer on the engine,
and of course everything on the host itself.

Does it matter that ca.der didn't change?  I don't know if that is a
self-signed cert that might be problematic?

>>
>> Thanks,
>>
>> -derek
>>
>> [1] Not only did it not update the Host's cert, it did not update any of
>> the vmconsole-proxy certs, nor the certs in /etc/pki/ovirt-vmconsole/,
>> and
>> obviously nothing in /etc/pki/ on the host itself.
>
> AFAIR no process uses these certs as such. There are only processes that
> use
> the ssh-format keys extracted from them, which do not include a signature
> (sha1 or whatever).
>
> If you think I am wrong, and/or notice other certs that need to be
> regenerated,
> that's a bug - please open one. Thanks!

I have not noticed anything, yet, but I have not restarted the host or
vdsm since I re-ran engine-setup.

> Re remote-viewer/spice: You didn't say if you tried again after
> engine-setup
> and what happened. In any case, this is unrelated to vmconsole (which is
> for
> serial consoles, using ssh). But you might still need to regenerate the
> host
> cert.

Sorry, I thought I did.  Yes, I did try re-running remote-viewer after
running engine-setup.  There was no change in the console.vv file (except
of course for the password and sso-token), so yes, it failed in the same
way.

Note, however, that I did not restart vdsm or the host after running
engine-setup.

> BTW: You can try using novnc and websocket-proxy - engine-setup does
> update
> the cert for the latter, so this might work as-is.

Yes, that does work indeed, so as a short-term solution that can work for
me.  I'll ask my colleague on a Mac if that works for him.

But it would be nice to get remote-viewer working, IMHO, which would
require a way to renew / refresh the host cert -- which of course would be
nice to do without having to re-install!

Thanks!!!

> Best regards,
> --
> Didi

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/4AGI6SIPIP6JRU4SYLTXL5YGP5VPL462/


[ovirt-users] How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?

2020-12-05 Thread Derek Atkins
Hi,

I've got a single-host hosted-engine deployment that I originally
installed with 4.0 and have upgraded over the years to 4.3.10.  I and some
of my users have upgraded remote-viewer and now I get an error when I try
to view the console of my VMs:

(remote-viewer:8252): Spice-WARNING **: 11:30:41.806:
../subprojects/spice-common/common/ssl_verify.c:477:openssl_verify: Error
in server certificate verification: CA signature digest algorithm too weak
(num=68:depth0:/O=/CN=)

I am 99.99% sure this is because the old certs use SHA1.

I reran engine-setup on the engine and it asked me if I wanted to renew
the PKI, and I answered yes.  This replaced many[1] of the certificates in
/etc/pki/ovirt-engine/certs on the engine, but it did not update the
Host's  certificate.

All the documentation I've seen says that to refresh this certificate I
need to put the host into maintenance mode and then re-enroll..  However I
cannot do that, because this is a single-host system so I cannot put the
host in local mode -- there is no place to migrate the VMs (let alone the
Engine VM).

So  Is there a command-line way to re-enroll manually and update the
host certs?  Or some other way to get all the leftover certs renewed?

Thanks,

-derek

[1] Not only did it not update the Host's cert, it did not update any of
the vmconsole-proxy certs, nor the certs in /etc/pki/ovirt-vmconsole/, and
obviously nothing in /etc/pki/ on the host itself.


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JEW5WIRD67WMF6TVG7367ZMSHX2KYGGV/


[ovirt-users] Re: Single Node HCI upgrade procedure from CentOS7/oVirt 4.3 to CentOS8/oVirt 4.4?

2020-11-11 Thread Derek Atkins
There are plenty of other reasons to be running a single-host
Hyperconverged  deployment, in production.  One of them is financial. 
Another is for small-scale production systems that don't have the space,
finances, or other resources to run a 3-node system.  Considering it a
"toy" doesn't mean it isn't (or shouldn't be) a supported deployment.

Having a tested upgrade path from EL 7.x/Ovirt 4.3.x to EL 8 / Ovirt 4.4
running on a single system would be extremely useful in those situations.

I do realize that any upgrade of a single-host system is rife with the
dangers of a failed upgrade, and it requires downtime either way.  However
I feel an in-place (yum/dnf) path is "safer" than a "reinstall from
scratch" path.  So having a well-documented path would be ideal.

Thanks!

-derek

PS: While I am LOOKING at expanding my 1-node system to 3, I don't see
that happening any time soon.  And even then, I would need to migrate my
NFS storage to something more distributed like Gluster.  So I suspect I
would need to reinstall the self-hosted engine regardless to change its
storage, and then I can migrate all existing VMs from NFS to Gluster.

On Sat, September 26, 2020 9:00 am, tho...@hoberg.net wrote:
> I can hear you saying: "You did understand that single node HCI is just a
> toy, right?"
>
> For me the primary use of a single node HCI is adding some disaster
> resilience in small server edge type scenarios, where a three node HCI
> provides the fault tolerance: 3+1 with a bit of distance, warm or even
> cold stand-by, potentially manual switch and reduced workload in case
> disaster strikes.
>
> Of course, another 3nHCI would be better, but who gets that type of
> budget, right?
>
> What I am trying say: If you want oVirt to gain market share, try to give
> HCI more love. And while you're at it, try to make expanding from 1nHCI to
> 3nHCI (and higher counts) a standard operational procedure to allow
> expanding a disaster stand-by into a production setup, while the original
> 3nHCI is being rebuilt.
>
> For me low-budget HCI is where oVirt has its biggest competitive advantage
> against vSan and Nutanix, so please don't treat the HCI/gluster variant
> like an unwanted child any more.
>
> In the mean-time OVA imports (from 4.3.10 exports) on my 4.4.2 1nHCI fail
> again, which I'll report separately.
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/QI3Z45SRJD72ZJIX6HZCVC7DVVSZCKUW/
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5MMU7TOS2776IV72H75WMJTZCF7TAHDU/


[ovirt-users] Re: VM AutoStart

2020-09-30 Thread Derek Atkins
I did.  years ago.  When 4.0 was current.

Some of the work to implement that went into 4.4, where it will recover
state on a crash (i.e., if you have VMs marked as auto-start and you have
a power outage, it will restart them).  However, I believe there is no
order to it, and it will only start VMs that were running when the system
went down.  That doesn't help me; I have a single-host ovirt system and
whenever I do routine maintenance I cleanly shut down the VMs, and I want
them to come back up when ovirt does.

There is, I believe, more going into later versions.  I think there are
still at least one or two open RFEs on auto-starting VMs.

But I still use the script because I need complete fault recovery on my
system, and I need ordering of restarts (need my DNS server to come up
before other things, for example).

If you do need to make fixes for python3, please feel free to send them my
way!

-derek

On Wed, September 30, 2020 4:14 pm, Jeremey Wise wrote:
> 
>
> Ya.. that is a lot easier.
>
> Someone should put this in as a feature request.  I don't want HA (and
> have
> errors on getting that to work)  I just want VMs to boot on initial
> cluster
> start.
>
> this was standard in libvirt :)   I am trying to convert to oVirt ways...
>
> On Wed, Sep 30, 2020 at 4:10 PM Derek Atkins  wrote:
>
>> HI,
>>
>> On Wed, September 30, 2020 3:50 pm, Jeremey Wise wrote:
>> > As the three servers are Centos8 minimal installs. + oVirt HCI wizard
>> to
>> > keep them lean and mean... a couple questions
>>
>> Note that you run this on the Engine VM, not on a host.
>>
>> > 1) which version of python would I need for this (note in script about
>> > python 2 but isn't that deprecated?)
>> > [root@thor /]# yum install python
>> > Last metadata expiration check: 2:29:38 ago on Wed 30 Sep 2020
>> 01:18:32
>> PM
>> > EDT.
>> > No match for argument: python
>> > There are following alternatives for "python": python2, python36,
>> python38
>> > Error: Unable to find a match: python
>>
>> I am still running 4.3, so "python" is 2.7.
>> I have not tested with python3..
>>
>> > 2)  When you have three nodes.. one is set to host the ovirt-engine
>> > active,
>> > and another as backup.  If this is added to rc.local.   Of the two
>> nodes
>> > hosting HA for oVirt-engine.. node which boots first will host (or so
>> it
>> > seems). I think if I add this to both those hosts .. it will not
>> create
>> > issues.  Any thoughts?
>>
>> Don't run it on a host, run it from within the Engine VM.
>>
>> The host(s) will figure out by themselves that they need to start the
>> engine if one isn't running.  Then when the engine starts the script
>> will
>> run and start the VMs.
>>
>> -derek
>>
>> >
>> > On Wed, Sep 30, 2020 at 3:23 PM Derek Atkins  wrote:
>> >
>> >> I run it out of rc.local:
>> >>
>> >> /usr/local/sbin/start_vms.py > /var/log/start_vms 2>&1 &
>> >>
>> >> The script is smart enough to wait for the engine to be fully active.
>> >>
>> >> -derek
>> >>
>> >> On Wed, September 30, 2020 3:11 pm, Jeremey Wise wrote:
>> >> > i would like to eventually go ansible route..  and was starting
>> down
>> >> that
>> >> > path but this is fabulous.
>> >> >
>> >> > I will modify and post how it went.
>> >> >
>> >> > One question:  How /where do you set this saved new and delicious
>> >> script
>> >> > so
>> >> > once oVirt-engine comes up... it runs?
>> >> >
>> >> > Thanks
>> >> >
>> >> > On Wed, Sep 30, 2020 at 2:42 PM Derek Atkins 
>> wrote:
>> >> >
>> >> >> Hi,
>> >> >>
>> >> >> I had a script based around ovirt-shell which I re-wrote as a
>> script
>> >> >> around the Python SDK4 which I run on my engine during the startup
>> >> >> sequence.  The script will wait for the engine to come up and
>> ensure
>> >> the
>> >> >> storage domains are up before it tries to start the VMs.  Then it
>> >> will
>> >> >> go
>> >> >> ahead and start the VMs in the specified order with specified
>> delay
>> >> >> and/or
>> >> >> wait-for-up signal between them.
>&

[ovirt-users] Re: VM AutoStart

2020-09-30 Thread Derek Atkins
HI,

On Wed, September 30, 2020 3:50 pm, Jeremey Wise wrote:
> As the three servers are Centos8 minimal installs. + oVirt HCI wizard to
> keep them lean and mean... a couple questions

Note that you run this on the Engine VM, not on a host.

> 1) which version of python would I need for this (note in script about
> python 2 but isn't that deprecated?)
> [root@thor /]# yum install python
> Last metadata expiration check: 2:29:38 ago on Wed 30 Sep 2020 01:18:32 PM
> EDT.
> No match for argument: python
> There are following alternatives for "python": python2, python36, python38
> Error: Unable to find a match: python

I am still running 4.3, so "python" is 2.7.
I have not tested with python3..

> 2)  When you have three nodes.. one is set to host the ovirt-engine
> active,
> and another as backup.  If this is added to rc.local.   Of the two nodes
> hosting HA for oVirt-engine.. node which boots first will host (or so it
> seems). I think if I add this to both those hosts .. it will not create
> issues.  Any thoughts?

Don't run it on a host, run it from within the Engine VM.

The host(s) will figure out by themselves that they need to start the
engine if one isn't running.  Then when the engine starts the script will
run and start the VMs.

-derek

>
> On Wed, Sep 30, 2020 at 3:23 PM Derek Atkins  wrote:
>
>> I run it out of rc.local:
>>
>> /usr/local/sbin/start_vms.py > /var/log/start_vms 2>&1 &
>>
>> The script is smart enough to wait for the engine to be fully active.
>>
>> -derek
>>
>> On Wed, September 30, 2020 3:11 pm, Jeremey Wise wrote:
>> > i would like to eventually go ansible route..  and was starting down
>> that
>> > path but this is fabulous.
>> >
>> > I will modify and post how it went.
>> >
>> > One question:  How /where do you set this saved new and delicious
>> script
>> > so
>> > once oVirt-engine comes up... it runs?
>> >
>> > Thanks
>> >
>> > On Wed, Sep 30, 2020 at 2:42 PM Derek Atkins  wrote:
>> >
>> >> Hi,
>> >>
>> >> I had a script based around ovirt-shell which I re-wrote as a script
>> >> around the Python SDK4 which I run on my engine during the startup
>> >> sequence.  The script will wait for the engine to come up and ensure
>> the
>> >> storage domains are up before it tries to start the VMs.  Then it
>> will
>> >> go
>> >> ahead and start the VMs in the specified order with specified delay
>> >> and/or
>> >> wait-for-up signal between them.
>> >>
>> >> You can find my scripts at https://www.ihtfp.org/ovirt/
>> >>
>> >> Or you can go the ansible route :)
>> >>
>> >> Enjoy!
>> >>
>> >> -derek
>> >>
>> >> On Wed, September 30, 2020 11:21 am, Jeremey Wise wrote:
>> >> > When I have to shut down cluster... ups runs out etc..  I need a
>> >> sequence
>> >> > set of just a small number of VMs to "autostart"
>> >> >
>> >> > Normally I just use DNS FQND to connect to oVirt engine but as two
>> of
>> >> my
>> >> > VMs  are a DNS HA cluster..  as well as NTP / SMTP /DHCP etc...  I
>> >> need
>> >> > those two infrastructure VMs to be auto boot.
>> >> >
>> >> > I looked at HA settings for those VMs but it seems to be watching
>> for
>> >> > pause
>> >> > /resume.. but it does not imply or state auto start on clean first
>> >> boot.
>> >> >
>> >> > Options?
>> >> >
>> >> >
>> >> > --
>> >> > p enguinpages
>> >> > ___
>> >> > Users mailing list -- users@ovirt.org
>> >> > To unsubscribe send an email to users-le...@ovirt.org
>> >> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> >> > oVirt Code of Conduct:
>> >> > https://www.ovirt.org/community/about/community-guidelines/
>> >> > List Archives:
>> >> >
>> >>
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/VAYHFFSANCBRN44ABBTXIYEAR3ZFCP6N/
>> >> >
>> >>
>> >>
>> >> --
>> >>Derek Atkins 617-623-3745
>> >>de...@ihtfp.com www.ihtfp.com
>> >>Computer and Internet Security Consultant
>> >>
>> >>
>> >
>> > --
>> > jeremey.w...@gmail.com
>> >
>>
>>
>> --
>>Derek Atkins 617-623-3745
>>de...@ihtfp.com www.ihtfp.com
>>Computer and Internet Security Consultant
>>
>>
>
> --
> jeremey.w...@gmail.com
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BAMLT6SIDJ63L2GVPLEGZEUXAI7QLB33/


[ovirt-users] Re: VM AutoStart

2020-09-30 Thread Derek Atkins
I run it out of rc.local:

/usr/local/sbin/start_vms.py > /var/log/start_vms 2>&1 &

The script is smart enough to wait for the engine to be fully active.

-derek

On Wed, September 30, 2020 3:11 pm, Jeremey Wise wrote:
> i would like to eventually go ansible route..  and was starting down that
> path but this is fabulous.
>
> I will modify and post how it went.
>
> One question:  How /where do you set this saved new and delicious script
> so
> once oVirt-engine comes up... it runs?
>
> Thanks
>
> On Wed, Sep 30, 2020 at 2:42 PM Derek Atkins  wrote:
>
>> Hi,
>>
>> I had a script based around ovirt-shell which I re-wrote as a script
>> around the Python SDK4 which I run on my engine during the startup
>> sequence.  The script will wait for the engine to come up and ensure the
>> storage domains are up before it tries to start the VMs.  Then it will
>> go
>> ahead and start the VMs in the specified order with specified delay
>> and/or
>> wait-for-up signal between them.
>>
>> You can find my scripts at https://www.ihtfp.org/ovirt/
>>
>> Or you can go the ansible route :)
>>
>> Enjoy!
>>
>> -derek
>>
>> On Wed, September 30, 2020 11:21 am, Jeremey Wise wrote:
>> > When I have to shut down cluster... ups runs out etc..  I need a
>> sequence
>> > set of just a small number of VMs to "autostart"
>> >
>> > Normally I just use DNS FQND to connect to oVirt engine but as two of
>> my
>> > VMs  are a DNS HA cluster..  as well as NTP / SMTP /DHCP etc...  I
>> need
>> > those two infrastructure VMs to be auto boot.
>> >
>> > I looked at HA settings for those VMs but it seems to be watching for
>> > pause
>> > /resume.. but it does not imply or state auto start on clean first
>> boot.
>> >
>> > Options?
>> >
>> >
>> > --
>> > p enguinpages
>> > ___
>> > Users mailing list -- users@ovirt.org
>> > To unsubscribe send an email to users-le...@ovirt.org
>> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> > oVirt Code of Conduct:
>> > https://www.ovirt.org/community/about/community-guidelines/
>> > List Archives:
>> >
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/VAYHFFSANCBRN44ABBTXIYEAR3ZFCP6N/
>> >
>>
>>
>> --
>>Derek Atkins 617-623-3745
>>de...@ihtfp.com www.ihtfp.com
>>Computer and Internet Security Consultant
>>
>>
>
> --
> jeremey.w...@gmail.com
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FPIQXRONES2HEZTAK437GQTGPOAYGILT/


[ovirt-users] Re: VM AutoStart

2020-09-30 Thread Derek Atkins
Hi,

I had a script based around ovirt-shell which I re-wrote as a script
around the Python SDK4 which I run on my engine during the startup
sequence.  The script will wait for the engine to come up and ensure the
storage domains are up before it tries to start the VMs.  Then it will go
ahead and start the VMs in the specified order with specified delay and/or
wait-for-up signal between them.

You can find my scripts at https://www.ihtfp.org/ovirt/

Or you can go the ansible route :)

Enjoy!

-derek

On Wed, September 30, 2020 11:21 am, Jeremey Wise wrote:
> When I have to shut down cluster... ups runs out etc..  I need a sequence
> set of just a small number of VMs to "autostart"
>
> Normally I just use DNS FQND to connect to oVirt engine but as two of my
> VMs  are a DNS HA cluster..  as well as NTP / SMTP /DHCP etc...  I need
> those two infrastructure VMs to be auto boot.
>
> I looked at HA settings for those VMs but it seems to be watching for
> pause
> /resume.. but it does not imply or state auto start on clean first boot.
>
> Options?
>
>
> --
> p enguinpages
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/VAYHFFSANCBRN44ABBTXIYEAR3ZFCP6N/
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/NWZVOBMIUWXADBIEG5OJH4ARVXNI3CDD/


[ovirt-users] Re: invalid spf record for ovirt.org

2020-07-22 Thread Derek Atkins
Hi,

The current SPF record reads:
  v=spf1 a:mail.ovirt.org a:gerrit.ovirt.org 66.187.233.88 ~all

As pointed out, this is invalid.  It requires an "ip4:" in there, so it
SHOULD read:

  v=spf1 a:mail.ovirt.org a:gerrit.ovirt.org ip4:66.187.233.88 ~all


Arguably it should also include a /32, but I don't think that's required.

I'm not sure to whom this bug should be reported.

-derek

On Wed, July 22, 2020 8:49 am, Jorick Astrego wrote:
> Hi,
>
> During routine maintenance on our mailserver I noticed the following in
> the log:
>
> [22/Jul/2020 14:33:33] Error when parsing SPF TXT record for domain:
> ovirt.org, envelope-from=users-boun...@ovirt.org, message: Invalid
> character found near "" in "66.187.233.88"
>
> A check on MXtoolbox also gives an invalid systax error:
>
> v=spf1 a:mail.ovirt.org a:gerrit.ovirt.org 66.187.233.88 ~all
>
> PrefixTypeValue   PrefixDesc  Description Error
>
>   v   spf1
>   The SPF record version
> + a   mail.ovirt.org  PassMatch if IP has a DNS 'A' 
> record in
> given domain.
> + a   gerrit.ovirt.orgPassMatch if IP has a DNS 
> 'A' record in
> given domain.
> + 66.187.233.88
>   PassUnknown Unknown mechanisms are not allowed
> ~ all
>   SoftFailAlways matches. It goes at the end of your record.
>
>
>   TestResult
> 
> <https://mxtoolbox.com/problem/spf/spf-syntax-check?page=prob_spf=spf:ovirt.org=1=0=1>
>   SPF Syntax CheckInvalid syntax found
>
>
>
>
>
> Met vriendelijke groet, With kind regards,
>
> Jorick Astrego
>
> Netbulae Virtualization Experts
>
> 
>
>   Tel: 053 20 30 270  i...@netbulae.euStaalsteden 4-3A
> KvK 08198180
>   Fax: 053 20 30 271  www.netbulae.eu 7547 TA Enschede
> BTW
> NL821234584B01
>
> 
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/I4MDC4WBOOHE4TYDW4OL5SRGV7S44BIH/
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/K6IBOAYHFNBMZ6ZHVR64EIIO7NZGOVDU/


[ovirt-users] Re: EXTERNAL - Re: Update to Ovirt 4.3.10-4-1 causes XFS issue

2020-06-17 Thread Derek Atkins
Hi,

Chaz Vidal  writes:

> Thank you for the response!
>
> I tried to do another upgrade again on the ovirt manager and can
> confirm that it is now in the supposedly fixed version of the kernel.
>
> However, when I try to update the hosts using the prescribed gui style
> method they do report back as no updates available.
>
> Should I force an update on the kernel on the hosts or is this not advised?

There shouldn't be a need.  Are you sure the hosts are running the old
kernel?  The hosts should just update via "yum update", although I admit
I don't know what the "update" function from the UI does under the
covers.  I have a single-host hyperconverged system so I have to update
manually..

You can check if there is anything to do by logging into the host and
running: "yum check-update"; it shouldn't list anything.

> Thanks
> Chaz

-derek
-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/S2SI6EO3VV7FW3IJTDKX7VUPXLXOQ4B2/


[ovirt-users] Re: Update to Ovirt 4.3.10-4-1 causes XFS issue

2020-06-16 Thread Derek Atkins
Hi,

"Chaz Vidal"  writes:

> Hi All
> I think I have come across this bug:
>
> https://access.redhat.com/solutions/5075561
>
> Updating Ovirt to 4.3.10 shows that the kernel installed on the hosts
> is the version that has the issue:
>
> 3.10.0-1127.8.2.el7.x86_64
>
> The RedHat article suggests updating to kernel-3.10.0-1127.10.1.el7
> but running engine-upgrade-check now shows no updates available from
> my engine manager.
>
> Is this something I can fix myself or would the updated kernel be available?
>
> Appreciate the advice as new to Ovirt. Normally I would point the
> hosts to the new kernel but I think it should be updated through Ovirt
> manager, correct?

On the engine my update method is the following:

engine-setup
yum upgrade
engine-setup
reboot

So basically run engine-setup which will update the Ovirt packages, then
you can "yum upgrade" to upgrade the base system, then re-run
engine-setup just to be sure nothing broke.  Then you can reboot into
the new kernel.

The reason I do this is that engine-setup wont upgrade the full OS
(including kernel) -- it will only update the ovirt packages.

Hope this helps,

> Thanks!
> Chaz

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JLYO3LZG6QYKEEWDTF5ZSOWU7JXP3CZQ/


[ovirt-users] Re: AutoStart VMs (was Re: Re: oVirt 4.4.0 Release is now generally available)

2020-05-29 Thread Derek Atkins
Hi,

Strahil Nikolov  writes:

> Hi Derek,
>
> I also don't like Python (and I prefer Salt instead of Ansible), but
> Ansible is the wiser option /personal opinion/ .
> My reasons  - API change , so your  code will eventually will die.
> With Ansible - a lot of people use it and there is a high chance that
> some updates the Ansible module that will do the job even after the
> API changes.

Thank you for your input.  Turns out it's probably not an issue right
now anyways because my understanding is that there is no "live" upgrade
path from 4.3/7.x to 4.4/8.x.  My understanding is that the only upgrade
path is a re-install.  If that's the case, then I suspect it will be a
VERY long time until I upgrade, because I'm on a single-host production
system so can't stage a reinstall the same way I can stage a "yum upgrade".

> Also,  Ansible is declarative ,  while  python will need more  effort.

I guess only time will tell ;)

There wasn't a significant learning curve to python (as I've already had
experience with it, and most of what I needed to do was already in the
SDK examples).  Ansible is a tool I have never even looked at, let alone
tried to use it, so I suspect it would take me more than a couple hours
to get it working.

> Best  Regards,
> Strahil Nikolov

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/Y5ZOZHNN4ERKPAGZ3QN5D7RY3ZC4XQPG/


[ovirt-users] Re: AutoStart VMs (was Re: Re: oVirt 4.4.0 Release is now generally available)

2020-05-27 Thread Derek Atkins
Hi,

On Wed, May 27, 2020 5:38 pm, Gianluca Cecchi wrote:
[snip]
> But you hated Python, didn't you? ;-)

I do.  Can't stand it.  Doesn't mean I can't read it and/or write it, but
I have to hold my nose doing it.  Syntactic white space?  Eww.  But Python
is already installed and used and, apparently, supported..  And when I
looked at the examples I found that 90% of what I needed to do was already
implemented, so it turned out to be much easier than expected.

> I downloaded your files, even if I'm far from knowing python

It's pretty much a direct translation of my bash script around
ovirt-shell.  It does have one feature that the old code didn't, which is
the ability to wait for ovirt to declare that a vm is actually "up".

> try the ansible playbook that gives you more flexibility in my opinion

I've never even installed ansible, let alone tried to use it.  I don't
need flexibility, I need the job to get done.  But I'll take a look when I
get the chance.  Thanks!

> Gianluca

-derek

PS: you (meaning whomever is "in charge" is welcome to add my script(s) to
the examples repo if you feel other people would benefit from seeing it
there.

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/J6JJBY37J4N2KGVFL5V3EHCXUONQWBLR/


[ovirt-users] Re: AutoStart VMs (was Re: Re: oVirt 4.4.0 Release is now generally available)

2020-05-27 Thread Derek Atkins
Eh, no point in creating a repo for that, so I just put them on the web:

https://www.ihtfp.org/ovirt/

-derek

On Wed, May 27, 2020 11:05 am, Staniforth, Paul wrote:
>
> Thanks Derek,
> GitHub or GitLab probably.
>
> Regards,
> Paul S.
> ____
> From: Derek Atkins 
> Sent: 27 May 2020 15:50
> To: Gianluca Cecchi 
> Cc: tho...@hoberg.net ; users 
> Subject: [ovirt-users] AutoStart VMs (was Re: Re: oVirt 4.4.0 Release is
> now generally available)
>
> Caution External Mail: Do not click any links or open any attachments
> unless you trust the sender and know that the content is safe.
>
> Hi,
>
> (Sorry if you get this twice -- looks like it didn't like the python
>  script in there so I'm resending without the code)
>
> Gianluca Cecchi  writes:
>
>> Hi Derek,
>> today I played around with Ansible to accomplish, I think, what you
>> currently
>> do in oVirt shell.
>> It was the occasion to learn, as always, something new: as "blocks" in
>> Ansible
>> dont' support looping, a workaround to get that.
>> Furthermore I have a single host environment where it can turn usefull
>> too...
> [snip]
>
> I found the time to work on this using the Python SDK.  Took me longer
> than I wanted but I think I've got something working now.  I just
> haven't done a FULL test, yet, but a runtime time on the online system
> works (I commented out the start call).
>
> I still have two files, a vm_list.py which is a config file that
> contains the list of VMs, in order, and then the main program itself
> (start_vms.py) which is based on several of the examples available in
> github.
>
> Unfortunately I can't seem to send the script in email because it's
> getting blocked by the redhat server -- so I have no idea the best way
> to share it.
>
> -derek
>
> --
>Derek Atkins 617-623-3745
>de...@ihtfp.com
> https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ihtfp.com%2Fdata=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7C481a5446434f4870d2af08d8024ebc14%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637261884477418381sdata=91YXNjtMwqPp%2BYzfXDfWRaas2hwrWl55AHoW89yq4E8%3Dreserved=0
>Computer and Internet Security Consultant
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement:
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.org%2Fprivacy-policy.htmldata=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7C481a5446434f4870d2af08d8024ebc14%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637261884477418381sdata=zWJOVIR%2BpaBxBoYYXxc6eNw%2B5lc2%2BdYrBF8VUCxCUAI%3Dreserved=0
> oVirt Code of Conduct:
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.org%2Fcommunity%2Fabout%2Fcommunity-guidelines%2Fdata=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7C481a5446434f4870d2af08d8024ebc14%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637261884477418381sdata=HgU9l5h4kCDZ7%2BiZ3DrXgYeRFzmB8fUiRs8BRrXs%2BTY%3Dreserved=0
> List Archives:
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.ovirt.org%2Farchives%2Flist%2Fusers%40ovirt.org%2Fmessage%2FX7KLBANUBJCMASFONU2SZQH5Z3HJU2SI%2Fdata=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7C481a5446434f4870d2af08d8024ebc14%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637261884477418381sdata=XtCL1PEnD3VeqtTSSClvIkovqJRklwisxK%2FZD9HnLRI%3Dreserved=0
> To view the terms under which this email is distributed, please go to:-
> http://leedsbeckett.ac.uk/disclaimer/email/
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/2SWGNCELQXAQ6RB6KPQ3RR62G63OLKAS/


[ovirt-users] AutoStart VMs (was Re: Re: oVirt 4.4.0 Release is now generally available)

2020-05-27 Thread Derek Atkins
Hi,

(Sorry if you get this twice -- looks like it didn't like the python
 script in there so I'm resending without the code)

Gianluca Cecchi  writes:

> Hi Derek,
> today I played around with Ansible to accomplish, I think, what you currently
> do in oVirt shell.
> It was the occasion to learn, as always, something new: as "blocks" in Ansible
> dont' support looping, a workaround to get that.
> Furthermore I have a single host environment where it can turn usefull too...
[snip]

I found the time to work on this using the Python SDK.  Took me longer
than I wanted but I think I've got something working now.  I just
haven't done a FULL test, yet, but a runtime time on the online system
works (I commented out the start call).

I still have two files, a vm_list.py which is a config file that
contains the list of VMs, in order, and then the main program itself
(start_vms.py) which is based on several of the examples available in
github.

Unfortunately I can't seem to send the script in email because it's
getting blocked by the redhat server -- so I have no idea the best way
to share it.

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/X7KLBANUBJCMASFONU2SZQH5Z3HJU2SI/


[ovirt-users] Re: oVirt 4.4.0 Release is now generally available

2020-05-22 Thread Derek Atkins
Hi,

Strahil Nikolov  writes:

> Actually,
> You can use Ansible and 'uri' module to communicate wwith the engine
> via the API. Most probably the 'uri' module was written in python -
> but you don't have to deal with python code - just ansible.
> Also, it's worth checking the ansible Ovirt modules , as they are kept
> up to date evwn when the API endpoint changes.
>
> I think it won't be too hard to get a list of the VMs and then create
> some logic how to order them for the 'ignition'.

I took a much closer look at the examples yesterday and there are 2 of
the 3 things I need already there:

1) test_connection.py -- make sure the engine is up
2) [ get list of total and attached storage domains ]
3) start_vm.pl -- start a VM (by name, it looks like)

So really it's only #2 that is missing.  There is a show_summary.py in
there, but that doesn't give me *all* the code I need to piece together
(but I suspect it's close to what I need as I was calling the 'summary'
ovirt-shell api to get the info I needed before).  I suspect I just need
to pull apart the api.summary.storage_domains class to figure out what I
need.  Clearly there is a 'total', so I just need to figure out 'up',
and it looks like I might be able to rewrite my script.  Python... EWW.

FTR: I don't think I need to check that the datacenter status is up; I
added that in not really understanding the changes between 4.1 and 4.3.
The issue is that the storage domain status isn't initialized to 'down'
when the engine first comes up so my script was testing that and seeing
all domains up when they really weren't.

> Best Regards,
> Strahil Nikolov

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/CHFRKNZLNHNJOGSEHOX5QAIMBYUYD3VZ/


[ovirt-users] Re: oVirt 4.4.0 Release is now generally available

2020-05-21 Thread Derek Atkins
Nir,

Nir Soffer  writes:

> Why not open RFE to add the feature you need?

I did -- about 3-4 years ago.  SOME of them have been implemented, some
have been partially implemented, but I am still waiting for ovirt to
support the full VM startup functionality that I had in vmware-server
from like 2007 (or earlier).

Part of the issue here is that I suspect most ovirt users have multiple
hosts and therefore rarely have to worry about how host-system
maintenance affects the VMs, and probably live in data centers with
redundant power supplies, UPSes, and backup generators.

I, on the other hand, I've got a single system so when I need to
perform any maintenance I need to take down everything, or if I have a
power outage that outlasts my UPS, or...  I want the VMs to come back up
automatically -- and in a particular order (e.g., I need my DNS and KDC
servers to come up before others).

I filed these RFEs during the 4.0 days, which is when I first started
using ovirt and put it into deployment.

> You can use the python SDK to do anything supported by oVirt API.
> Did you look here?
> https://github.com/oVirt/ovirt-engine-sdk/tree/master/sdk/examples

I have looked there, but I stopped reading after seeing "python".  ;)
Frankly I detest python.  I think it's an abomination.  There are so
many other, better languages out there and I don't understand why so
many people like it (and worse, force it down everyone else's throats).
But I'll step off my soap-box (and get off my lawn!)  lol.

Honestly, I already spent the time to build a tool to do what I need.  I
even had to update the tool going from 4.1 to 4.3 because some startup
assumptions changed.  I really don't want to spend the time again, time
I frankly don't have right now, to re-implement what I've already got.
It's easier for me to just stay put on 4.3.x.

Yes, I realize that in about 2 years or so I will need to do so.  I'll
worry about that then.

Of course, since the (partial?) functionality is only in 4.4, I really
have no way to test it to make sure it does what I need, so see what I'm
missing.  I don't have a testbed to play with it, just my one system.

Thanks,

-derek
-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/X7LYSJ6M2YUUKSRT3H4A5RR4MUOTNYOS/


[ovirt-users] Re: oVirt 4.4.0 Release is now generally available

2020-05-20 Thread Derek Atkins
Hi,

On Wed, May 20, 2020 3:06 pm, Gianluca Cecchi wrote:

> In the mean time, just to better understand your environment, you say that
> you are in a single host environment.
> Can you detail where does your engine live? Is it a server outside the
> host
> or are you in a Self Hosted Engine configuration?

Self-hosted engine.

> And what are the kind of your storage domains, are they NFS served by the
> server itself or by Gluster on the host or external hosts or what?

NFS served by the host itself.

Both Host and Engine are CentOS-based systems with ovirt installed on top
of it.  Currently running 4.3.8; I plan to upgrade to 4.3.10 (and 7.8)
once it goes GA.

The start_vms.sh script is, of course, run on the engine, and runs with a
user with appropriate privs to start VMs.

Thanks!

> Gianluca

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/G6E2M52VW4QZQM46SRCKSW4UXZHH5K7P/


[ovirt-users] Re: oVirt 4.4.0 Release is now generally available

2020-05-20 Thread Derek Atkins
Hi,

On Wed, May 20, 2020 12:28 pm, Gianluca Cecchi wrote:
> Il Mer 20 Mag 2020, 18:15 Derek Atkins  ha scritto:
>
> [snip]
>
> I am happy to share my startup script if someone else wants to port it to
>> work with 4.4.  :-)
>>
>> -derek
>>
>
> Interesting. yes, please.
> We could try to convert to python or through ansible and/or leverage
> already existing roles/modules.
>
> Gianluca

Sure,

I cannot attach the script because it will get blocked by the mailer, so
I'll just copy-and-paste it below (which of course means that it'll be
line-wrapped, which might break it but you'll at least see what it's
doing).

The script does have some embedded assumptions about my system (like the
number of storage domains to look for).

It's broken into two parts, the script itself (start_vms.sh) and a
sysconfig script that says what VMs to start.  I run start_vms.sh from
/etc/rc.d/rc.local:

/usr/local/sbin/start_vms.sh > /var/log/start_vms 2>&1 &



The /etc/sysconfig/vm_list file looks like:

default_timeout=10

# Ordered list of VMs
declare -a vm_list=(
first-vm
second-vm
)

# Timeout override (otherwise use default_timeout)
declare -A vm_timeout=(
[first-vm]=30
)




The start_vms.sh script itself:

#!/bin/bash

[ -f /etc/sysconfig/vm_list ] || exit 0
. /etc/sysconfig/vm_list

echo -n "Starting at "
date

# Wait for the engine to respond
while [ `ovirt-shell -I -c -F -T 50 -E ping 2>/dev/null | grep -c success`
!= 1 ]
do
echo "Not ready... Sleeping..."
sleep 60
done

# Now wait for the storage domain to appear active
echo -n "Engine up.  Searching for disks at " ; date

# The 4.3.x engine keeps stale data, so let's wait for it to update
# to the correct state before we start looking for storage domains
sleep 60

total_disks=`ovirt-shell -I -c -E summary | grep storage_domains-total |
sed -e 's/.*: //'`
# subtract one because we know we're not using the image-repository
total_disks=`expr $total_disks - 1`
active_disks=`ovirt-shell -I -c -E summary | grep storage_domains-active |
sed -e 's/.*: //'`
while [ $active_disks -lt $total_disks ]
do
echo "Storage Domains not active yet.  Only found
$active_disks/$total_disks.  Waiting..."
sleep 60
active_disks=`ovirt-shell -I -c -E summary | grep
storage_domains-active | sed -e 's/.*: //'`
done

# Now wait for the data center to show up
echo -n "All storage mounted.  Waiting for datacenter to be up at "
date

while [ `ovirt-shell -I -c -E 'show datacenter Default' | grep
status-state | sed -e 's/.*: //'` != 'up' ]
do
echo "Not ready... Sleeping..."
sleep 60
done

# Now start all of the VMs in the requested order.
echo -n "Datacenter up.  Starting VMs at "; date

for vm in "${vm_list[@]}"
do
  timeout=${vm_timeout[$vm]:-$default_timeout}
  ovirt-shell -I -c -E "action vm $vm start"
  sleep "$timeout"
done



Enjoy!

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/O3TENJOBFUZN6PYI3OR5TK3S5YJJJ6WH/


[ovirt-users] Re: oVirt 4.4.0 Release is now generally available

2020-05-20 Thread Derek Atkins

On Wed, May 20, 2020 11:19 am, Sandro Bonazzola wrote:
> Il giorno mer 20 mag 2020 alle ore 16:33  ha scritto:
>
>> My enthusiasm for CentOS8 is limited.
>> My enthusiasm for a hard migration even more so.
>> So how much time do I have before 4.3 becomes inoperable?
>>
>
> oVirt 4.3.10 is approaching GA and we expect 4.3.11 to be released too
> before declaring 4.3 at the end of life.
> After that, 4.3 should keep working till CentOS 7 or any other repo on the
> system will break it with some incompatible change.
> I totally understand system administrators' point of view and how
> difficult
> it is to find a good maintenance window for a busy production
> environment, ensuring backups are recent enough, check new requirements
> matching, give it a try on a test environment if it's available and so on.
> That said, I would really encourage starting to plan a maintenance window
> for upgrading to 4.4 as soon as practical.
> It will be easier to help with upgrade from 4.3 at this time than 2 years
> from now when 4.3 can be broken (or new hardware replacement will be
> missing drivers on CentOS 7) and there won't be any additional release for
> fixing upgrade incompatibilities.

I can't speak to other people, but the lack of "ovirt-shell" for 4.4 is a
deal-breaker for me to upgrade at this time, and probably for the
forseeable future.  I've been working on migrating my mail server for 3
years now and still haven't finished that; migrating ovirt to a new
platform that requires new startup support??  Haha.

Granted, I suspect SOME of the reasons I have this script might be
implemented in 4.4 (e.g. auto-start of VMs).  However, my understanding of
the auto-start feature is that it's really an auto-restart -- it will
restart a VM that was running if the datacenter crashes, but if I shut it
down manually and then "reboot" the cluster, those VMs wont come back
automatically.  As I am on a single-host system, I need it to start from a
clean shutdown and bring up all the VMs in addition to dealing with
power-outage reboots.

I work from the "if it aint broke, don't fix it" camp.  So I think I'm
going to stick with 4.3 until I can't anymore.

I am happy to share my startup script if someone else wants to port it to
work with 4.4.  :-)

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/NHIGVCJOWLGUB4LJOKXNTFUJRNVYA5RB/


[ovirt-users] Re: Ovirt API and CLI

2020-02-28 Thread Derek Atkins
Hi,

It took me about 5 seconds to google for "ovirt sdk4" and the first link
is:  https://github.com/oVirt/ovirt-engine-sdk/tree/master/sdk

NB: I am not an ovirt dev (nor am I a python programmer, although I do
play one on TV sometimes ;-).

-derek

On Fri, February 28, 2020 1:12 pm, Eugène Ngontang wrote:
> Yes I know ovirt-shell.
>
> But if the Interface (API) is well exposed, we could ourself code add-hoc
> client to interact with, as we know how it's defined and structured.
>
> Please do you have useful links about those SDK4 and others API/CLI
> related
> stuff?
>
> Regards,
> Eugène NG
>
> Le ven. 28 févr. 2020 à 16:50, Derek Atkins  a écrit :
>
>> Yes.  The devs call it "SDK4", which has been around for a few releases
>> now.
>> The CLI, however, uses SDK3, which was removed from Ovirt 4.4.
>> Search for "ovirt-shell".
>>
>> -derek
>>
>> On Fri, February 28, 2020 10:47 am, Eugène Ngontang wrote:
>> > @Derek,
>> >
>> > You're talking about a client the should up-port, but before having a
>> > client, my question is is there a documented API (server) to interact
>> with
>> > through that client?
>> >
>> > Eugene NG
>> >
>> > Le jeu. 27 févr. 2020 à 14:57, Derek Atkins  a écrit
>> :
>> >
>> >> Eugene,
>> >>
>> >> On Thu, February 27, 2020 4:53 am, Eugène Ngontang wrote:
>> >> > Yes Ansible ovirt_vms module is useful, I use it for
>> >> > provisioning/deployment, but once my VM created, I'd like to
>> >> > administrate/interact with them, I don't think I should write
>> >> playbooks
>> >> > for
>> >> > that.
>> >> >
>> >> > But I'll find a solution.
>> >>
>> >> I am in a similar boat as you.  I wrote some management scripts
>> around
>> >> ovirt-shell when I first started using ovirt (4.0), in order to mimic
>> >> some
>> >> vmware-server features that I needed.  I run a single-host
>> hosted-engine
>> >> environment, so when the system boots up (e.g. from a power failure)
>> I
>> >> wanted all my VMs to auto-start, and to start in the correct order.
>> I
>> >> can't use the ovirt power management utilities because it's only a
>> >> single
>> >> host.  So I wrote a relatively small script around ovirt-shell that
>> >> would
>> >> do the following:
>> >>
>> >> 1) Wait for the engine to respond
>> >> 2) Wait for the storage to come online
>> >> 3) Start my VMs, with appropriate order and delay between
>> >>(e.g., ensure my DNS server and KDC come up before other VMs)
>> >>
>> >> I know that SOME of these features are now in Ovirt (and I think they
>> >> are
>> >> even in 4.4), but my understanding is that they only return the
>> system
>> >> to
>> >> previous state and wont auto-start a VM that was cleanly shut down.
>> >> Also
>> >> the ordering is, IIUC, somewhat course (low/medium/high).
>> >>
>> >> At this point I plan to delay my deployment of 4.4 or beyond because
>> >> what
>> >> I have in 4.3 is working (still), and frankly I have no interest in
>> >> learning Ansible or Python just to replace what should be a
>> relatively
>> >> simple script.
>> >>
>> >> I honestly find it very sad that the developers wont up-port
>> >> ovirt-client
>> >> to SDK4.  If SDK4 is "so good" vs SDK3 then I don't see why it would
>> be
>> >> hard to do that.  And if it IS that hard to do, then how do they
>> expect
>> >> us
>> >> to use it?
>> >>
>> >> Maybe I will find some time to play with OV4.4 on a test system in
>> order
>> >> to play with the auto-start features.   In my copious amounts of free
>> >> time.  :(
>> >>
>> >> Thanks,
>> >>
>> >> -derek
>> >>
>> >> --
>> >>Derek Atkins 617-623-3745
>> >>de...@ihtfp.com www.ihtfp.com
>> >>Computer and Internet Security Consultant
>> >>
>> >>
>> >
>> > --
>> > LesCDN <http://lescdn.com>
>> > engont...@lescdn.com
>> > 
>> > *Aux hommes il faut un chef, et au*
>> >
>> > * chef il faut des hommes!L'habit ne fait pas le moine, mais lorsqu'on
>> te
>> > voit on te juge!*
>> >
>>
>>
>> --
>>Derek Atkins 617-623-3745
>>de...@ihtfp.com www.ihtfp.com
>>Computer and Internet Security Consultant
>>
>>
>
> --
> LesCDN <http://lescdn.com>
> engont...@lescdn.com
> 
> *Aux hommes il faut un chef, et au*
>
> * chef il faut des hommes!L'habit ne fait pas le moine, mais lorsqu'on te
> voit on te juge!*
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/AHCCQP2G4WTY6NMRTDSTYYC5CB6VZK6K/


[ovirt-users] Re: Ovirt API and CLI

2020-02-28 Thread Derek Atkins
Yes.  The devs call it "SDK4", which has been around for a few releases now.
The CLI, however, uses SDK3, which was removed from Ovirt 4.4.
Search for "ovirt-shell".

-derek

On Fri, February 28, 2020 10:47 am, Eugène Ngontang wrote:
> @Derek,
>
> You're talking about a client the should up-port, but before having a
> client, my question is is there a documented API (server) to interact with
> through that client?
>
> Eugene NG
>
> Le jeu. 27 févr. 2020 à 14:57, Derek Atkins  a écrit :
>
>> Eugene,
>>
>> On Thu, February 27, 2020 4:53 am, Eugène Ngontang wrote:
>> > Yes Ansible ovirt_vms module is useful, I use it for
>> > provisioning/deployment, but once my VM created, I'd like to
>> > administrate/interact with them, I don't think I should write
>> playbooks
>> > for
>> > that.
>> >
>> > But I'll find a solution.
>>
>> I am in a similar boat as you.  I wrote some management scripts around
>> ovirt-shell when I first started using ovirt (4.0), in order to mimic
>> some
>> vmware-server features that I needed.  I run a single-host hosted-engine
>> environment, so when the system boots up (e.g. from a power failure) I
>> wanted all my VMs to auto-start, and to start in the correct order.  I
>> can't use the ovirt power management utilities because it's only a
>> single
>> host.  So I wrote a relatively small script around ovirt-shell that
>> would
>> do the following:
>>
>> 1) Wait for the engine to respond
>> 2) Wait for the storage to come online
>> 3) Start my VMs, with appropriate order and delay between
>>(e.g., ensure my DNS server and KDC come up before other VMs)
>>
>> I know that SOME of these features are now in Ovirt (and I think they
>> are
>> even in 4.4), but my understanding is that they only return the system
>> to
>> previous state and wont auto-start a VM that was cleanly shut down.
>> Also
>> the ordering is, IIUC, somewhat course (low/medium/high).
>>
>> At this point I plan to delay my deployment of 4.4 or beyond because
>> what
>> I have in 4.3 is working (still), and frankly I have no interest in
>> learning Ansible or Python just to replace what should be a relatively
>> simple script.
>>
>> I honestly find it very sad that the developers wont up-port
>> ovirt-client
>> to SDK4.  If SDK4 is "so good" vs SDK3 then I don't see why it would be
>> hard to do that.  And if it IS that hard to do, then how do they expect
>> us
>> to use it?
>>
>> Maybe I will find some time to play with OV4.4 on a test system in order
>> to play with the auto-start features.   In my copious amounts of free
>> time.  :(
>>
>> Thanks,
>>
>> -derek
>>
>> --
>>Derek Atkins 617-623-3745
>>de...@ihtfp.com www.ihtfp.com
>>Computer and Internet Security Consultant
>>
>>
>
> --
> LesCDN <http://lescdn.com>
> engont...@lescdn.com
> 
> *Aux hommes il faut un chef, et au*
>
> * chef il faut des hommes!L'habit ne fait pas le moine, mais lorsqu'on te
> voit on te juge!*
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/F3F7KHR7OOUDQSKZEQX5553MAUKMLFAV/


[ovirt-users] Re: Ovirt API and CLI

2020-02-27 Thread Derek Atkins
Eugene,

On Thu, February 27, 2020 4:53 am, Eugène Ngontang wrote:
> Yes Ansible ovirt_vms module is useful, I use it for
> provisioning/deployment, but once my VM created, I'd like to
> administrate/interact with them, I don't think I should write playbooks
> for
> that.
>
> But I'll find a solution.

I am in a similar boat as you.  I wrote some management scripts around
ovirt-shell when I first started using ovirt (4.0), in order to mimic some
vmware-server features that I needed.  I run a single-host hosted-engine
environment, so when the system boots up (e.g. from a power failure) I
wanted all my VMs to auto-start, and to start in the correct order.  I
can't use the ovirt power management utilities because it's only a single
host.  So I wrote a relatively small script around ovirt-shell that would
do the following:

1) Wait for the engine to respond
2) Wait for the storage to come online
3) Start my VMs, with appropriate order and delay between
   (e.g., ensure my DNS server and KDC come up before other VMs)

I know that SOME of these features are now in Ovirt (and I think they are
even in 4.4), but my understanding is that they only return the system to
previous state and wont auto-start a VM that was cleanly shut down.  Also
the ordering is, IIUC, somewhat course (low/medium/high).

At this point I plan to delay my deployment of 4.4 or beyond because what
I have in 4.3 is working (still), and frankly I have no interest in
learning Ansible or Python just to replace what should be a relatively
simple script.

I honestly find it very sad that the developers wont up-port ovirt-client
to SDK4.  If SDK4 is "so good" vs SDK3 then I don't see why it would be
hard to do that.  And if it IS that hard to do, then how do they expect us
to use it?

Maybe I will find some time to play with OV4.4 on a test system in order
to play with the auto-start features.   In my copious amounts of free
time.  :(

Thanks,

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/NAZWFWDINJIOVD4X57LUH26RVDQ2SVHK/


[ovirt-users] Re: Can't install virtio-win with EL7.7/Ovirt-4.3.8 -- rpm error

2020-02-19 Thread Derek Atkins
Thanks for the repair!
-d

Dominic Coulombe  writes:

> Confirmed as working.
>
> Thanks.
>
> On Thu, Feb 13, 2020 at 5:00 AM Cole Robinson  wrote:
>
> Thanks for the cc Gal. Latest published virtio-win RPMs, 0.1.173-7, are
> back to using xz compression now. Seems like the new compression got
> picked up automatically by building on Fedora 31.
>
> Thanks,
> Cole
>
> On 2/9/20 3:20 AM, Gal Zaidman wrote:
> > Forwarding this to virtio-win developers and packagers.
> > Notice that virtio-win is a package in Fedora/Centos/RHEL and it is not
> > an "ovirt/RHV" package so ovirt doesn't package it.
> >
> > On Sun, Feb 9, 2020 at 4:59 AM  > <mailto:eshwa...@gmail.com>> wrote:
> >
> >     Same problem.  Looks like the virtio rpm is now built with the new
> >     compression method, but rpm for EL7 hasn't been updated to support
> it.
> >     ___
> >     Users mailing list -- users@ovirt.org <mailto:users@ovirt.org>
> >     To unsubscribe send an email to users-le...@ovirt.org
> >     <mailto:users-le...@ovirt.org>
> >     Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> >     oVirt Code of Conduct:
> >     https://www.ovirt.org/community/about/community-guidelines/
> >     List Archives:
> >     
> 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/5Q4AQYIVCAQY6JWFTNJWOHNXZPQD4IEI/
> >
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/EUBGCDBSILOEAMS3XFQ43IZVE3OHYPNB/
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/IWD3OBHCZQ24SX4RPRKJTZ5XKMGAK5FA/
>

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/HQP7TR3G5DNKXF6MOVI55AQXZG3CMZD6/


[ovirt-users] Can't install virtio-win with EL7.7/Ovirt-4.3.8 -- rpm error

2020-02-06 Thread Derek Atkins
Hi,

I was trying to install the virtio-win package, but it gives an error:

ERROR You need to update rpm to handle:
rpmlib(PayloadIsZstd) <= 5.4.18-1 is needed by virtio-win-0.1.173-6.noarch

Is this a known problem with current 4.3.x and EL7.7?

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OR47UVYR6DWQX6NFTGUFU5JOVJVFOWDO/


[ovirt-users] Re: Websocket-proxy not working after upgrade to 4.3

2020-02-05 Thread Derek Atkins
Hi,

nico...@devels.es writes:

> A little bit more info on it. I debugged the requests with Chrome and
> seems that the webservice call is made with https://engine:6100
> (literally), instead of https://:6100.
>
> A snapshot is included in this mail.
>
> I don't know why is it trying to connect to this address, seems like a
> missed step on the upgrade process? (we upgraded 4.1 -> 4.2 -> 4.3).
>
> How can I fix this problem?

Did you set your webproxy URL in your engine configuration?  E.g.:
engine-config -s SpiceProxyDefault=http://:6100

-derek
-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UOH4IRE3OR2QV3RDAXBYBTXIJGM53VBH/


[ovirt-users] Re: [ANN] oVirt 4.3.8 is now generally available

2020-01-30 Thread Derek Atkins
Hi,

On Thu, January 30, 2020 10:38 am, Sandro Bonazzola wrote:

>> Quick question.  My engine is currently running 4.3.6.  My host is still
>> at 4.1.x.  I was planning (this weekend) to just yum upgrade the host
>> system to bring it up to 4.3.x.
>>
>> Is it okay for the host to be at 4.3.8 while the engine is still at
>> 4.3.6?  Or must I upgrade the engine to 4.3.8 first?
>>
>
> I would recommend to upgrade engine first, but host upgrade should work
> fine being engine already at 4.3.

Good to know.  I'll see if I can find the time to upgrade the engine first.

> I would recommend to use the engine for upgrading the hosts. It can use
> the
> cluster upgrade ansible role (
> https://github.com/oVirt/ovirt-ansible-cluster-upgrade/blob/master/README.md)
> and save you some time.

Can't do that -- this is a single-host self-hosted system, so there is no
where to migrate the engine.  So everything needs to be done manually.  At
least that is my understanding.  And since this is a production system I'd
rather spend more time and have it work than trying something and having
it fail mid-way.  As I'm already planning significant downtime to move the
machines to a new location and re-rack them, the additional time to "yum
upgrade" shouldn't be a problem.  :)

-derek
-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TEMY6MLPUGIAL7E36CE3L2AAY7ACCVNE/


[ovirt-users] Re: [ANN] oVirt 4.3.8 is now generally available

2020-01-30 Thread Derek Atkins
Hi,

Sandro Bonazzola  writes:

> The oVirt Project is pleased to announce the general availability of oVirt
> 4.3.8 as of January 27th, 2020.

First, congrats on the release.

Quick question.  My engine is currently running 4.3.6.  My host is still
at 4.1.x.  I was planning (this weekend) to just yum upgrade the host
system to bring it up to 4.3.x.

Is it okay for the host to be at 4.3.8 while the engine is still at
4.3.6?  Or must I upgrade the engine to 4.3.8 first?

Thanks,

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/KSQISM2VIMCPK6E2KC5BLPYMN6IES7QE/


[ovirt-users] Re: oVirt on a Single Server

2020-01-21 Thread Derek Atkins
You can set up a localhost NFS server to serve out the local storage.
Just ensure you have enough RAM so you don't hit the potential NFS
dead-locking problem.  I've been running in this configuration for several
years.  I've got 256GB RAM on the host.  Works great for me.

-derek

On Tue, January 21, 2020 3:05 am, Joseph Goldman wrote:
> I dont think a bare-metal engine can be a compute node as well.
>
> On 2020-01-21 6:46 PM, Tony Brian Albers wrote:
>> On Tue, 2020-01-21 at 07:35 +, webma...@hotmail.com wrote:
>>> Hello,
>>>
>>> I can't seem to install the self-hosted engine onto local storage. It
>>> gives me glustefs, iscsi, fc, and nfs as the available options. I'm
>>> using this in a home-lab scenario, and don't have budget/etc. for
>>> building out a dedicated NAS for it, or setting up multiple nodes. I
>>> like the look of oVirt, and wanted to try it with a couple disposable
>>> vm's (plex, and a docker instance I break often). My current best-
>>> thought for how to make it work is to setup NFS on the server, and
>>> then point the self-hosted engine at the (local) NFS share. Is there
>>> a better way to do this that I might be overlooking?*
>>>
>>> *Factoring that I don't have the funds to build out a proper storage
>>> environment, yet.
>>>
>>> (and if anyone asks, I did search for a solution to this, but didn't
>>> find anything super helpful. Mostly I found 5+ year old articles on a
>>> similar but different scenario).
>>>
>> Well, if you can live with a regular engine(not self-hosted), this
>> works:
>>
>> https://www.ovirt.org/documentation/install-guide/chap-Installing_oVirt.html
>>
>>
>> HTH
>>
>> /tony
>>
>>
>>
>>
>>
>>
>>
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/NT2D5DZWGFOM3MEZZNQ4K3QERITKGN2Y/
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/VB3INTSWVRKGAZWAQKPKUHNHWIJCQU3S/
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/STTLMFU3KUJMSR4AOV3PMUAFX23QW7AU/


[ovirt-users] What to do with old ovirt yum repos, and why are they kept around?

2019-10-28 Thread Derek Atkins
Hi,

I just upgraded my engine from 4.1.9 to 4.2.8 to 4.3.x yesterday.  One
issue I hit along the way was a complaint about repos being listed more
than once:

Repository virtio-win-stable is listed more than once in the configuration
Repository centos-sclo-rh-release is listed more than once in the configuration

I also received errors like:

http://mirror.centos.org/centos/7/storage/x86_64/gluster-3.8/repodata/repomd.xml:
 [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.

Even after I did a yum erase on ovirt-release40 (and ovirt-release41) I
noticed that the 4.0 and 4.1 yum repositories (and dependencies)
configurations were left in /etc/yum.repos.d/.   Is there a reason these
files are not removed when the associated release packages are removed?

Thanks,

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TBSFHBNMJKULFN3PG6XRHPUFP3HQZ6SI/


[ovirt-users] Problem upgrading from 4.1.9 to 4.2.8 -- vmconsole SElinux issue

2019-10-28 Thread Derek Atkins
Hi,

I spent yesterday trying to upgrade my self-hosted, single-host, ovirt
engine from EL7.4/OV4.1.9 to EL7.7/OV4.3.x with a step at EL7.6/OV4.2.8.
Unfortunately that first step was extremely problematic.  Specifically,
I kept hitting an issue where the installation ofovirt-vmconsole would
error out with a "non-fatal POSTUN scriptlet failure", which of course
is considered fatal:

2019-10-27 10:42:18,436-0400 DEBUG otopi.plugins.otopi.packagers.yumpackager yum
packager.verbose:76 Yum Done: ovirt-vmconsole
2019-10-27 10:42:18,504-0400 ERROR otopi.plugins.otopi.packagers.yumpackager yum
packager.error:85 Yum Non-fatal POSTUN scriptlet failure in rpm package ovirt-vm
console-1.0.4-1.el7.centos.noarch
2019-10-27 10:42:18,505-0400 DEBUG otopi.plugins.otopi.packagers.yumpackager yum
packager.verbose:76 Yum Done: ovirt-vmconsole-1.0.4-1.el7.centos.noarch
2019-10-27 10:42:18,605-0400 DEBUG otopi.plugins.otopi.packagers.yumpackager yum
packager.verbose:76 Yum Script sink: D:   --- h# 747 ovirt-vmconsole-1.0.4-1
.el7.centos.noarch

This appears to be https://bugzilla.redhat.com/show_bug.cgi?id=1665197
which is closed as being fixed in 4.3.1, but that *STILL* doesn't help
when trying to upgrade the engine from 4.1. to 4.2.  It should have been
fixed for 4.2.8 (or push a 4.2.9 with the fix).

After googling around, I was able to work around this bug by moving
semodule out of the way:

mv /usr/sbin/semodule{,-bak}
ln -fs /bin/true /usr/sbin/semodule

and then running the update (I reverted after the update).  I don't
*like* this solution, but it got it working.  I'll note that I have
SELinux set to "enforcing", and I started with EL7.2/OV4.0 and have
upgraded a few times.

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UX35CRE62PC5RDNZULLGNRJDR4TXIXTP/


[ovirt-users] Re: [ANN] oVirt 4.3.6 is now generally available

2019-10-01 Thread Derek Atkins
jvdw...@xs4all.nl writes:

>> Yes, it's still available. It will be dropped in 4.4.
>
> OK, good to know, time to polish up my ansible or start writing api scripts.
>
> Now that 4.4 popped up, how is that going?
> I looked a bit at the Gerrit yesterday and right now and see that el8
> builds are being done now, great work!

Yeah.  I've got a startup script that I use to start all my VMs (see
below).  I'll need to figure out how to migrate that script to SDK4.
It really sucks that there's no SDK4 version of ovirt-shell.  I suspect
my script will expand by an order of magnitude, and everyone who has
written a script around ovirt-shell will have to duplicate effort.

I know there is a feature for the engine to autostart VMs (which I
believe will be in 4.4), but AFAIK it doesn't do ordering.  I need at
least one specific VM to start up before everything else.

Thanks,

-derek

#!/bin/bash

[ -f /etc/sysconfig/vm_list ] || exit 0
. /etc/sysconfig/vm_list

echo -n "Starting at "
date

# Wait for the engine to respond
while [ `ovirt-shell -I -c -F -T 50 -E ping 2>/dev/null | grep -c success` != 1 
]
do
echo "Not ready... Sleeping..."
sleep 60
done

# Now wait for the storage domain to appear active
echo -n "Engine up.  Searching for disks at "
date
total_disks=`ovirt-shell -I -c -E summary | grep storage_domains-total | sed -e 
's/.*: //'`
# subtract one because we know we're not using the image-repository
total_disks=`expr $total_disks - 1`
active_disks=`ovirt-shell -I -c -E summary | grep storage_domains-active | sed 
-e 's/.*: //'`
while [ $active_disks -lt $total_disks ]
do
echo "Storage Domains not active yet.  Only found 
$active_disks/$total_disks.  Waiting..."
sleep 60
active_disks=`ovirt-shell -I -c -E summary | grep storage_domains-active | 
sed -e 's/.*: //'`
done

# Now start all of the VMs in the requested order.
echo -n "All storage mounted.  Starting VMs at "
date
for vm in "${vm_list[@]}"
do
  timeout=${vm_timeout[$vm]:-$default_timeout}
  ovirt-shell -I -c -E "action vm $vm start"
  sleep "$timeout"
done

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/NS4VMN66G6K3WH2ROGSEBTQDEAMZB5DQ/


[ovirt-users] Re: [ANN] oVirt 4.3.6 is now generally available

2019-09-27 Thread Derek Atkins

On Fri, September 27, 2019 11:46 am, Sandro Bonazzola wrote:
[nsip]
>> I'm curious what the steps should be going from 4.1.9 / EL7.4 to 4.3.x /
>> EL7.7?  I am pretty sure I need some steps along the way (I doubt I can
>> jump directly from 4.1.9 -> 4.3.x and 7.4 -> 7.7, right).
>>
>> So should I jump from 7.4/4.1.9 to 7.6/4.2.8 and then from there to
>> 7.7/4.3.6?
>>
>
> 4.1 cluster level is still supported by 4.3 engine.
> So you can upgrade the engine from 7.4/4.1.9 to 7.6/4.2.8 and then to
> 7.7/4.3.6 while on the host side you can go straight to 4.3.6/7.7.
> Once done, please update cluster level to 4.3.

Excellent, I can do that.  I just need to ensure that the cluster settings
fully upgraded from 4.0 to 4.1.

One final question:  I know that ovirt-shell is deprecated, but is it
still available in 4.3.x?

Thanks for all your support!

-derek
-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FDURRMTSB2IGUGIQPQHRXQCJT7PGDDEB/


[ovirt-users] Re: [ANN] oVirt 4.3.6 is now generally available

2019-09-27 Thread Derek Atkins
HI,

On Fri, September 27, 2019 7:23 am, Sandro Bonazzola wrote:
> Il giorno ven 27 set 2019 alle ore 12:55 Derek Atkins  ha
> scritto:
>
>> >
>> > Please use the engine to upgrade hosts, there's a command in webadmin
>> > interface for that.
>>
>> I didn't think you could do this in a single-host hosted-engine system?
>> In such a deployment the engine has nowhere to migrate to, so it
>> requires
>> shutting down the whole "data center" in order to upgrade the host.  I
>> didn't think that could be done via the engine?
>>
>> Personally, I still need to upgrade from 4.1.9 / CentOS 7.4!
>>
>
> Single host self hosted engine will require more work.
> You'll need to put the host in global maintenance, turn off the engine,
> yum
> upgrade the host and reboot.
> Then get out of global maintenance and engine VM should get back up and
> running in a few minutes.

Yeah, this is how I've done it in the past.

I'm curious what the steps should be going from 4.1.9 / EL7.4 to 4.3.x /
EL7.7?  I am pretty sure I need some steps along the way (I doubt I can
jump directly from 4.1.9 -> 4.3.x and 7.4 -> 7.7, right).

So should I jump from 7.4/4.1.9 to 7.6/4.2.8 and then from there to
7.7/4.3.6?

Thanks,

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RCQYRXCAH3BX5VIXFASDI432UNIXVEJ4/


[ovirt-users] Re: [ANN] oVirt 4.3.6 is now generally available

2019-09-27 Thread Derek Atkins

On Fri, September 27, 2019 6:41 am, Sandro Bonazzola wrote:
[snip]
>> hosts
>> 6) put into maintenance
>> 7) simply yum update that will update CentOS packages + oVirt ones (vdsm
>> and such..)
>>
>
> Please use the engine to upgrade hosts, there's a command in webadmin
> interface for that.

I didn't think you could do this in a single-host hosted-engine system?
In such a deployment the engine has nowhere to migrate to, so it requires
shutting down the whole "data center" in order to upgrade the host.  I
didn't think that could be done via the engine?

Personally, I still need to upgrade from 4.1.9 / CentOS 7.4!

> It's *a bit* outdated, but still valid:
> https://ovirt.org/documentation/upgrade-guide/upgrade-guide.html

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/A6MYNHANZ3IN5WDACOTFMK7ZHNCW7D6R/


[ovirt-users] Re: Changing ISO domains

2019-09-17 Thread Derek Atkins
If you push down a level or two you'll see your .iso files.
I just scp them directly in.
-derek


On Tue, September 17, 2019 10:52 am, Mark Steele wrote:
> Additional information:
>
> The directory for the domain appear to have been created properly so I am
> not clear on why the upload from the ovirt engine is failing:
> drwxr-xr-x. 3 36 36  88 Sep 17 10:40 .
> drwxr-xr-x. 5 36 36 126 Oct 17  2018 ..
> drwxr-xr-x. 4 36 36  46 Sep 17 10:40 bdd2a547-dde9-4248-b2de-ae67063da8e4
> -rwxr-xr-x. 1 36 36   0 Sep 17 10:50 __DIRECT_IO_TEST__
> [root@phl-tevestore-01 iso-store]#
>
> ***
> *Mark Steele*
> CIO / VP Technical Operations | TelVue Corporation
> TelVue - We Share Your Vision
> 16000 Horizon Way, Suite 100 | Mt. Laurel, NJ 08054
> 800.885.8886 x128 | mste...@telvue.com | http://www.telvue.com
> twitter: http://twitter.com/telvue | facebook:
> https://www.facebook.com/telvue
>
>
> On Tue, Sep 17, 2019 at 10:46 AM Mark Steele  wrote:
>
>> I was not using the uploader - I have the new domain active and attached
>> now.
>>
>> I am attempting to upload the iso using the following command:
>>
>> engine-iso-uploader --iso-domain=phl-iso-03 upload
>> ./windows-server-2012.iso
>>
>> Unfortunately I keep getting this error:
>>
>> Uploading, please wait...
>> ERROR: mount.nfs: Connection timed out
>>
>>
>>
>> ***
>> *Mark Steele*
>> CIO / VP Technical Operations | TelVue Corporation
>> TelVue - We Share Your Vision
>> 16000 Horizon Way, Suite 100 | Mt. Laurel, NJ 08054
>> 800.885.8886 x128 | mste...@telvue.com | http://www.telvue.com
>> twitter: http://twitter.com/telvue | facebook:
>> https://www.facebook.com/telvue
>>
>>
>> On Tue, Sep 17, 2019 at 10:39 AM Staniforth, Paul <
>> p.stanifo...@leedsbeckett.ac.uk> wrote:
>>
>>> Did you have the correct ownership/permissions ?
>>>
>>> Regards,
>>> Paul S.
>>>
>>> 
>>> From: Derek Atkins 
>>> Sent: 17 September 2019 15:06
>>> To: Mark Steele
>>> Cc: users
>>> Subject: [ovirt-users] Re: Changing ISO domains
>>>
>>> On Tue, September 17, 2019 9:58 am, Mark Steele wrote:
>>> > I think I see the issue now - the ISO domain is attached properly -
>>> > however
>>> > I was simply copying ISO files into that directory - I think I have
>>> to
>>> use
>>> > a tool to upload the ISO's - is that correct?
>>>
>>> At least in 4.1.9, oVirt re-scans the ISO domain for new files, so you
>>> should be able to scp your .iso file directly into the domain and have
>>> it
>>> appear in the engine after some re-scan period.  I.e., at least
>>> historically there was no hard-and-fast requirement to upload an ISO
>>> image
>>> through an ovirt interface.
>>>
>>> That may have changed in 4.2 and/or 4.3, but I hope not.
>>>
>>> -derek
>>>
>>> --
>>>Derek Atkins 617-623-3745
>>>de...@ihtfp.com
>>> https://eur02.safelinks.protection.outlook.com/?url=www.ihtfp.comdata=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7Ca9b9c1e1b4a84c01fc2308d73b78abab%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637043261770242199sdata=sjTxgTWmn2nhmsuPMaTtUg3nEKcSFhDpRnqQf9PFbF0%3Dreserved=0
>>>Computer and Internet Security Consultant
>>> ___
>>> Users mailing list -- users@ovirt.org
>>> To unsubscribe send an email to users-le...@ovirt.org
>>> Privacy Statement:
>>> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.org%2Fsite%2Fprivacy-policy%2Fdata=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7Ca9b9c1e1b4a84c01fc2308d73b78abab%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637043261770242199sdata=T6kCaN%2Foox64IhYOAtROtjTPYRd9yrhFKAIj%2F12caAk%3Dreserved=0
>>> oVirt Code of Conduct:
>>> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.org%2Fcommunity%2Fabout%2Fcommunity-guidelines%2Fdata=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7Ca9b9c1e1b4a84c01fc2308d73b78abab%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637043261770252196sdata=Svqw%2FGZS%2Bg6DEp9TlVdpbgijdpUsEWuQAmZry61Q3mw%3Dreserved=0
>>> List Archives:
>>> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.ovirt.org%2Farchives%2Flist%2Fusers%40ovirt.org%2Fmessage%2FMDR7NCR4HLIYRRFRUITKE2NFL2YLHZKS%2Fdata=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7Ca9b9c1e1b4a84c01fc2308d73b78abab%7Cd79a81124fb

[ovirt-users] Re: Changing ISO domains

2019-09-17 Thread Derek Atkins
On Tue, September 17, 2019 9:58 am, Mark Steele wrote:
> I think I see the issue now - the ISO domain is attached properly -
> however
> I was simply copying ISO files into that directory - I think I have to use
> a tool to upload the ISO's - is that correct?

At least in 4.1.9, oVirt re-scans the ISO domain for new files, so you
should be able to scp your .iso file directly into the domain and have it
appear in the engine after some re-scan period.  I.e., at least
historically there was no hard-and-fast requirement to upload an ISO image
through an ovirt interface.

That may have changed in 4.2 and/or 4.3, but I hope not.

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/MDR7NCR4HLIYRRFRUITKE2NFL2YLHZKS/


[ovirt-users] Re: Adding VLANs to a single-host, self-hosted-engine oVirt deployment?

2019-08-16 Thread Derek Atkins
Hi,

On Fri, August 16, 2019 1:49 pm, Vincent Royer wrote:
> Definitely upgrade to 4.3.5, do this first.  If you can afford to just
> image it and start over, do that.

Does 4.3 still support ovirt-shell?

I cannot re-image, I need to upgrade.  That only means I need to do it in
two steps, 4.1 -> 4.2 -> 4.3.

> As long as your switch ports are configured correctly, adding vlans is
> simple. I don't put anything in maintenance to do it.

I have a bonded NIC (2x1Gbps); I presume I just need to tell the switch
that this is a vlan trunk?

> Just go to networks -> New
>
> [image: image.png]
>
> Check the "enable VLAN tagging" and enter your vlan.  You don't really
> need
> to change anything else.

Do I need to edit ovirtmgmt and enable vlan tagging too?

> [image: image.png]
>
> Now you have a logical network and a Vnic profile for this vlan:
>
> [image: image.png]
>
> [image: image.png]
>
>
> Now you need to tell Ovirt what physical NIC you want this to operate on.
> Go to your host and select "Setup Host Networks"
>
> Drag the new network onto the NIC or bond you want to use:

So there's nothing special I need to set up on the host?  I just need to
add the new virtual networks to the existing bond/interface?

>
>
> [image: image.png]
>
> [image: image.png]
>
>
>
> You can click the pencil and have this interface get an IP address if you
> want, but, you don't need to - your vms will get IPs. So you can leave
> this
> all alone in here:

This would be a host address on the VLAN?   If so, I agree -- I don't
think most VLANs will need that.

> [image: image.png]
>
> Now when you are creating a VM, you can attach this Vnic profile.  You
> could also add the Vnic to an existing VM.
>
> [image: image.png]
>
> And that's it.  If you have the VM configured to DHCP, and you have a dhcp
> server listening on that Vlan, it will work.  If your VM doesn't get an
> IP,
> check your router's DHCP logs to see if it hears anything from the Mac
> address of your VM's nic.  If you also have a DNS resolver that adds DHCP
> entries, and your VM has a hostname configured in cloud-init, you'll even
> be able to resolve the FQDN to your VM immediately.

Yeah, pretty much all VMs are DHCP.

Thanks.  I'll try this out.  I still have at least 1-2 months before I can
even entertain migrating, and it could be as long as 3-4 months.  So I
have time to think and plan.

> Hope this helps!

Indeed.  Major open question right now is ovirt-shell ;)

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/F4MS7MKSFPZMUT7QLTT7LLNTS5FU5I4E/


[ovirt-users] Adding VLANs to a single-host, self-hosted-engine oVirt deployment?

2019-08-16 Thread Derek Atkins
HI,

I've got a single oVirt host running a self-contained hosted-engine
deployment.  When I set it up I did not use VLANs in my network.  I am in
the process of moving my equipment, and in part of this move I would like
to introduce VLANs into my network infrastructure.  The documentation
seems to imply that to add virtual networks and/or VLANs to a host that I
need to put it into maintenance mode, configure it in the engine, and then
resync the network.  However, I don't think I can do that with a
single-host environment.  If I put the host into local maint mode, it will
try to offload all my VMs, including the engine, which obviously it cannot
do because there is no other host to migrate them to.
So what's the approach to add VLANs in this situation?

I should add that this system started at 4.0, and I'm still only running
4.1 (although I do plan to upgrade to 4.2 as part of this move).  I'm
hesitant to upgrade further because of the impending removal of SDK-3 -- I
am depending on a script that uses ovirt-shell which I keep being told is
going away.  If ovirt-shell is still in 4.3 then I might consider
upgrading to that as well.  :)

Thanks.

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3KR6PJE2XHNISXCJXG3GNADXEHWHWEXI/


[ovirt-users] Re: no network interface

2019-08-01 Thread Derek Atkins
HI,

Are you installing this as a node, or are you using CentOS and then
hosted-engine --deploy?

-derek

On Thu, August 1, 2019 2:59 pm, A S wrote:
> Hi. I had ovirt running with a VM but it suddenly broke. I wiped it all
> and did a reinstall but now I am not able to connect my host to the
> network. the host is always saying status='unassigned'. in the network
> page where I would drag and drop a connection, there is no interface to
> connect to. its this page
> https://ovirt.org/images/wiki/SetupNetworksNew.png?1478101462
> but there is nothing in the interfaces column on the left
> Can anyone point me in the right direction to fix this? Thanks
> I have only one machine with the engine and host on it.
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/DFXV5N6MHDYGTROLBVCXNK6ILM5ASEIH/
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TA5O4NGAC5PRI6WBLWD6YJ3SI2FMTPCD/


[ovirt-users] Re: major network changes

2019-07-25 Thread Derek Atkins
Hi,

carl langlois  writes:

> Strahil, not sure what to put for the --cacert.
>
> Yes Derek your are right at one point the port 8702 stop listening.
>
> tcp6       0      0 127.0.0.1:8702          :::*                    LISTEN    
>  1607/ovirt-engine   

Can you try running 'lsof' to figure out what application has that port
open?  Then you can figure out why it's dying.

> After some time the line above disappear. I am trying to figure why this port
> is being close after some time when  the engine is running on the host on the
> 248.x network. On the 236.x network this port is kept alive all the time.
> If you have any hint on why this port is closing do not hesitate because i am
> starting to be out of ideas. :-)
>
> Thanks & Regards
>
> Carl

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/PH5NE5FKZXSQKTDCBVJLAQHYTJ2VZWH5/


[ovirt-users] Re: major network changes

2019-07-24 Thread Derek Atkins
Hi,

carl langlois  writes:

> If i try to access http://ovengine/ovirt-engine/services/health
> i always get "Service Unavailable" in the browser and each time i it reload in
> the browser i get in the error_log
>
>  [proxy_ajp:error] [pid 1868] [client 10.8.1.76:63512] AH00896: failed to make
> connection to backend: 127.0.0.1
> [Tue Jul 23 14:04:10.074023 2019] [proxy:error] [pid 1416] (111)Connection
> refused: AH00957: AJP: attempt to connect to 127.0.0.1:8702 (127.0.0.1) failed

Sounds like a service isn't running on port 8702.

> Thanks & Regards
>
> Carl

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QMW4OB7AIVE2YYU2OYIGZPVW5F4VTLLK/


[ovirt-users] Re: major network changes

2019-07-23 Thread Derek Atkins
 > >> >>> >>
>> > >> >>> >> Also if i try to do ovs-vsctl list . The list command
>> require
>> a Table name. Not sure what table to use?
>> > >> >>> >>
>> > >> >>> >> Regards
>> > >> >>> >> Carl
>> > >> >>> >>
>> > >> >>> >>
>> > >> >>> >>
>> > >> >>> >> On Wed, Jul 17, 2019 at 4:21 AM Miguel Duarte de Mora
>> Barroso <
>> mdbarr...@redhat.com> wrote:
>> > >> >>> >>>
>> > >> >>> >>> On Tue, Jul 16, 2019 at 8:48 PM carl langlois <
>> crl.langl...@gmail.com> wrote:
>> > >> >>> >>> >
>> > >> >>> >>> > Hi
>> > >> >>> >>> >
>> > >> >>> >>> > We are in a process of changing our network connection.
>> Our
>> current network is using 10.8.256.x and we will change to 10.16.248.x.
>> We
>> have a HA ovirt cluster (around 10 nodes) currently configure on the
>> 10.8.256.x. So my question is is it possible to relocate the ovirt
>> cluster
>> to the 10.16.248.x.  We have tried to move everything to the new network
>> without success. All the node seem to boot up properly, our gluster
>> storage
>> also work properly.
>> > >> >>> >>> > When we try to start the hosted-engine it goes up but
>> fail
>> the liveliness check. We have notice in the
>> /var/log/openvswitch/ovn-controller.log that he is triying to connect to
>> the hold ip address of the hosted-engine vm.
>> > >> >>> >>> > 019-07-16T18:41:29.483Z|01992|reconnect|INFO|ssl:
>> 10.8.236.244:6642: waiting 8 seconds before reconnect
>> > >> >>> >>> > 2019-07-16T18:41:37.489Z|01993|reconnect|INFO|ssl:
>> 10.8.236.244:6642: connecting...
>> > >> >>> >>> > 2019-07-16T18:41:45.497Z|01994|reconnect|INFO|ssl:
>> 10.8.236.244:6642: connection attempt timed out
>> > >> >>> >>> >
>> > >> >>> >>> > So my question is were is the 10.8.236.244 come from.
>> > >> >>> >>>
>> > >> >>> >>> Looks like the ovn controllers were not updated during the
>> network change.
>> > >> >>> >>>
>> > >> >>> >>> The wrong IP is configured within openvswitch, you can see
>> it
>> in the
>> > >> >>> >>> (offending) nodes through "ovs-vsctl list . ". It'll be a
>> key
>> in the
>> > >> >>> >>> 'external_ids' column called 'ovn-remote' .
>> > >> >>> >>>
>> > >> >>> >>> This is not the solution, but a work-around; you could try
>> to
>> > >> >>> >>> configure the ovn controllers via:
>> > >> >>> >>> vdsm-tool ovn-config  > management network>
>> > >> >>> >>>
>> > >> >>> >>> Despite the provided work-around, I really think the hosted
>> engine
>> > >> >>> >>> should have triggered the ansible role that in turn
>> triggers
>> this
>> > >> >>> >>> reconfiguration.
>> > >> >>> >>>
>> > >> >>> >>> Would you open a bug with this information ?
>> > >> >>> >>>
>> > >> >>> >>>
>> > >> >>> >>> >
>> > >> >>> >>> > The routing table for one of our host look like this
>> > >> >>> >>> >
>> > >> >>> >>> > estination Gateway Genmask Flags
>> Metric
>> RefUse Iface
>> > >> >>> >>> > default gateway 0.0.0.0 UG0
>>   00 ovirtmgmt
>> > >> >>> >>> > 10.16.248.0 0.0.0.0 255.255.255.0   U 0
>>   00 ovirtmgmt
>> > >> >>> >>> > link-local  0.0.0.0 255.255.0.0 U
>> 1002
>>  00 eno1
>> > >> >>> >>> > link-local  0.0.0.0 255.255.0.0 U
>> 1003
>>  00 eno2
>> > >> >>> >>> > link-local  0.0.0.0 255.255.0.0 U
>> 1025
>>  00 ovirtmgmt
>> > >> >>> >>> >
>> > >> >>> >>> > Any help would be really appreciated.
>> > >> >>> >>> >
>> > >> >>> >>> > Regards
>> > >> >>> >>> > Carl
>> > >> >>> >>> >
>> > >> >>> >>> >
>> > >> >>> >>> >
>> > >> >>> >>> >
>> > >> >>> >>> > ___
>> > >> >>> >>> > Users mailing list -- users@ovirt.org
>> > >> >>> >>> > To unsubscribe send an email to users-le...@ovirt.org
>> > >> >>> >>> > Privacy Statement:
>> https://www.ovirt.org/site/privacy-policy/
>> > >> >>> >>> > oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> > >> >>> >>> > List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/DBQUWEPPDK2JDFU4HOGNURK7AB3FDINC/
>>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/UB72PHIP2FO3EC3M3NRKDGOL6SA3MAE5/
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/N4F3Q6CVPZWBMGLHDMVCZHMYN5KLDM4E/


[ovirt-users] Re: assign vm traffic to a physical NIC and Storage traffic to another NIC

2019-07-18 Thread Derek Atkins
Hi,

"Erick Perez"  writes:

> Hi,
> fresh install 
> I have created a network called "storage" and another called "vms" and
> both have vlan 102 tag. Only the "vms" network have the check on "vm
> network".

Why are you using the same VLAN on both networks?  That's probably not a
good idea.

> then on Compute---Hosts---hvm001---setup_host_network 
> physical nic enp3s0f0 has ovirtmgmt and vms networks defined
> physical nic enp3s0f1 has storage network defined
>
> Question is how do I tell ovirt that I want the STORAGE traffic to use
> enp3s0f1 ?
> I am using NFS data domains and I cannot find a place to tell the
> network/physical nic my NFS traffic should use.

I think that is going to be via IP-based routing of your NFS traffic
using the IP range on your 'storage' network.  You DO have different
network blocks on your different lans/vlans, right?

> thanks,

-derek
-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SMRSVKBWAOKO2AYWXILMFMY6OYEYMZB6/


[ovirt-users] Re: Virtual office, how?

2019-05-20 Thread Derek Atkins
Hi,

andres.b@gmail.com writes:

> I'm trying to be able to create different virtual LANs, where, for
> example, I have 2 groups of pcs
>
> A and B belongs to network N1
> C and D belongs to network N2
>
> N1 and N2 with his own public IP. For example
> A: Local ip: 192.168.122.100
>
> B: Local ip: 192.168.122.101
>
> C: Local ip: 192.168.122.102
>
> D: Local ip: 192.168.122.103

You've got a few problems here.

First, if you have two networks, N1, and N2, you probably DO NOT want
the same IP Network (192.168.122) on both N1 and N2.  So for your
sanity, if A and B are on N1 and C and D are on N2, you might want to
use:

A: 192.168.10.100
B: 192.168.10.101

C: 192.168.20.100
D: 192.168.20.101

> Where A and B has the same public ip, and C and D has the same public ip.

I'm confused by this.  What do you mean "has the same public ip"?  None
of the IPs here are public, they are all RFC1918 (private network) IPs.
Do you mean that you've got a router, somewhere, that have a reverse NAT
that will translate externally from some public addresses to these
private addresses?

Also, you will need that reverse NAT to be smart about how it routes.
Specifically, once you have an active connection to A or B, it will need
to ensure that the connection continues to the same (A or B) target.

> Now, I want that A can ssh on B, but not on C or D. The same goes for
> C, where C can access to D via ssh but not to A or B

I'm not sure I understand what this means.  What do you mean by "A can
ssh on B"?  This is probably a language issue.  I think you mean that A
and B can ssh to each other but can't reach C or D, and C and D can ssh
to each other but can't reach A or B.

If you renumber as above then you can do that by not routing between
192.168.10.0/24 and 192.168.20.0/24.   However in your original
configuration where all four hosts are on the same 192.168.122.0/24
network, there is no way (at the network level) to prevent A and B from
talking with C and D.

> I'm not sure if OVS solve this problem or not, or if this is not possible.
>
> Is this possible? How?

You can do this with OVS, or even with basic networking, but you will
need to create actual separate networks.

Good Luck,

-derek
-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/LQVJAXSTSU3UXJHAAUXSN2FY2FBHNG47/


[ovirt-users] Re: oVirt Open Source Backup solution?

2019-05-16 Thread Derek Atkins
Jorick Astrego  writes:

> Maybe split it in 2 disks? One OS and one APP/DATA? You can then backup 
> only one. 
>  
> I prefer to do this anyway as I then can just redeploy the OS and attach 
> the second disk to get things back up and running. 

Are you suggesting that /etc and /var should go onto their own disks?
There is lots of configuration in /etc (which is usually in the root
disk) that needs to be backed up.

Also, different apps store configuration and data in different places,
so saying "just put it on a second disk" can be hard.

Sure, it works fine for /home -- but mysql?  imapd?  ...

-derek
-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/WCKEURYZBKGWW5HFECF7OMLBCONFXRKZ/


[ovirt-users] Re: deprecating export domain?

2019-05-15 Thread Derek Atkins
Hi,

"Andreas Elvers"  writes:

> Maybe I overlooked the information, but in recent RHVE 4.3 docs the
> information how to use the export storage domain have been removed and
> there is no alternative to do so, but to detach a data domain and
> attach it somewhere else. But how can I move my VMs one by one to a
> new storage domain on a different datacenter without completely
> detaching the original storage domain?

I was under the impression that you just needed a regular (second) data
domain in lieu of the (deprecated) export domain.  So you attach a new
data domain, then migrate the VM over to it, then you can detach the
data domain and attach it to another datacenter.

> I don't want to bring down all of my VMs on the old storage domain for
> import. I want to export and import them one by one. When all VMs are
> moved to the new data center only then I want to decommission
> the old data center.
>
> What is the rationale to deprecate the export storage and already
> remove documentation when there seems to be no alternative available?

IANAD, but I believe the rationale was that there was no need for a
"special case" domain.

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BYRVO6MDVVLLT6TIPFDYZMRGNDDMC7FA/


[ovirt-users] Re: oVirt Open Source Backup solution?

2019-05-14 Thread Derek Atkins
Strahil Nikolov  writes:

> In such case ,
> you use the same approach for the VM in whole - lock + snapshot on oVirt +
> unlock.
> This way you keep OS + app backup in one place , which has it's own Pluses and
> Minuses.

Sure  But the minus being it requires SIGNIFICANTLY more space.
I've got over a dozen VMs, all running the same (pretty much) OS.
If I based up the VM Snaphot there would be 12x space usage for OS
files that I don't need to backup because I can recreate those from the
initial repositories.  Of course, this is at the expense of more time to
restore from the backup.

YMMV.

> Best Regards,
> Strahil Nikolov

-derek
-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/X3VEPWIQVOM5PCFPL56PZN4RRKBNYXBV/


[ovirt-users] Re: oVirt Open Source Backup solution?

2019-05-14 Thread Derek Atkins
Hi,

I am sorry I was unclear.  Of course the long operation happens with the
DB unlocked.

Once the LVM snapshot is created (from within the locked environment), the
lock is of course released and the backup proceeds from a db-unlocked
environment.

I apologize for my lack of clarity with "and then I backup off the
snapshot" not making that clear.

-derek

On Tue, May 14, 2019 6:20 am, Strahil wrote:
> Derek,
>
> That's risky.
> Just read lock the DB, create the lvm snapshot and release the lock.
> Otherwise you risk a transaction to be  interrupted.
>
> Best Regards,
> Strahil NikolovOn May 13, 2019 16:47, Derek Atkins 
> wrote:
>>
>> Strahil  writes:
>>
>> > Another option is to create a snapshot, backup the snapahot and merge
>> > the disks (delete the snapshot actually).
>> > Sadly that option doesn't work with Databases, as you might inyerrupt
>> > a transaction and leave the DB in inconsistent state.
>>
>> Yet another reason to do it from inside the VM.
>>
>> What I do (on systems that have a running database) is to run a "flush"
>> operation to sync the database to disk, and then from within the flush
>> operation I create an LVM snapshot, and then I backup off the snapshot.
>> If I'm not running a database, then I just create the snapshot directly.
>>
>> > Best Regards,
>> > Strahil Nikolov
>>
>> -derek
>> --
>>    Derek Atkins 617-623-3745
>>    de...@ihtfp.com www.ihtfp.com
>>    Computer and Internet Security Consultant
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/JS6YVB3S33VYLPEQTUE3UJVZOBBO5W7H/
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3LQMSRLUHRBXNLGUHAIHZNEES7WWDHMJ/


[ovirt-users] Re: New to OVirt

2019-05-13 Thread Derek Atkins
Hi,

When I installed oVirt (on CentOS 7.2 using 4.0.x in October 2016) I
used the following sets of instructions:

https://access.redhat.com/documentation/en/red-hat-virtualization/4.0/paged/self-hosted-engine-guide/chapter-2-deploying-self-hosted-engine
http://www.ovirt.org/documentation/how-to/hosted-engine/#fresh-install

I did take a few trials to get it right.

I made sure I had CentOS fully installed, set up my local file systems,
NFS (for storage domains), permissions, networking, etc.  Then I
installed and did the hosted-engine --deploy

Then in the hosted engine VM I also installed CentOS manually and
installed the hosted engine itself.

It did take me a while to get it all right.  I did need to run
hosted-engine-cleanup.sh at least once.  :)

But it's been very solid for almost 3 years now.  I'm due for another
upgrade soon.

-derek

Slobodan Stevanovic  writes:

> I am currently at the point that I am thinking on giving up and start playing
> more with Proxmox.
>
> Do you guys have any suggestion on what instructions I should use? I just want
> to setup something to get a better idea on how everything works before I go to
> more advance things.
>
> Currently, downloading Ovirt Node from 
> https://www.ovirt.org/download/node.html and running Cockpit does not work
> form me.   
>
> On Friday, May 10, 2019, 7:54:39 PM PDT,  wrote:
>
> I'm glad to hear i'm in the minority!  I had the worst luck with struggling to
> get it loaded, then once it was loaded, I ran great, until it didn't, and have
> to wait and wait for it to load while the host rebooted and trying to figure
> out why it wasn't coming up just drove me crazy.  Although I ran it on 3 nodes
> so I had to track down where it migrated too.
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/P4VQHNED55IT55QRBW5WVEF5LSYZCLS5/
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/XE6RJ7ZEGZQM2YREIYXZO63YYD2GOHVX/
>

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/PEUEBQAGOO323ODAMF4KSPYILAUUDAP3/


[ovirt-users] Re: oVirt Open Source Backup solution?

2019-05-13 Thread Derek Atkins
Strahil  writes:

> Another option is to create a snapshot, backup the snapahot and merge
> the disks (delete the snapshot actually).
> Sadly that option doesn't work with Databases, as you might inyerrupt
> a transaction and leave the DB in inconsistent state.

Yet another reason to do it from inside the VM.

What I do (on systems that have a running database) is to run a "flush"
operation to sync the database to disk, and then from within the flush
operation I create an LVM snapshot, and then I backup off the snapshot.
If I'm not running a database, then I just create the snapshot directly.

> Best Regards,
> Strahil Nikolov

-derek
-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JS6YVB3S33VYLPEQTUE3UJVZOBBO5W7H/


[ovirt-users] Re: New to OVirt

2019-05-10 Thread Derek Atkins
The only issue I've had is that it can take 15 minutes before the HE 
starts...  And I have to ensure the host is taken out of maintenance mode 
manually.  Beyond that, it has recovered from many updates, reboots, and 
power hits without intervention.



-derek
Sent using my mobile device. Please excuse any typos.
On May 10, 2019 9:16:02 PM Dmitry Filonov  wrote:
I have used both hosted and standalone engine and can tell that so far I 
had more issues with hosted engine than with standalone one.
Not like huge issues, but something like you put host in to global HA 
maintenance, then update hosted engine, reboot and... and it doesn't start.

Not a big deal, but for a new user it might be a bit confusing.
So am with Michael, if you just starting using oVirt then it's better to 
have standalone engine et first. And then migrate it over into hosted 
environment when you are comfortable to do so.


Fil


--
Dmitry Filonov
Linux Administrator
SBGrid Core | Harvard Medical School
250 Longwood Ave, SGM-114
Boston, MA 02115


On Fri, May 10, 2019 at 9:00 PM Vincent Royer  wrote:
Disagree, I've had some pretty significant meltdowns and if you cant access 
hosted engine, go have drink and try again... It comes up.  It's ability to 
self-repair and find a scrap of a host to run on is pretty impressive.



On Fri, May 10, 2019, 2:18 PM Derek Atkins  wrote:
I've been running hosted engine on a single host for a few years now with
no issue.  I did redo my initial install several times but its been fine
ever since. I started at 4.0.x and have gone through multiple OS and ovirt
upgrades with few issues.

-derek
Sent using my mobile device. Please excuse any typos.
On May 10, 2019 4:47:12 PM mich...@wanderingmad.com wrote:


Honestly?  don't do hosted engine deployment first.  If you're just getting
started with ovirt, you're going to waste weeks on getting hosted engine
running, and then I guarantee once it's running, it's not going to come up
when you need it most.  Just load your single host, and then load the
engine on a separate VM/Machine to manage it.  I have the engine running on
a separate machine so just in case there is a host issue, you can still
access the engine to fix it.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7TAEQR6SZKQM2YBPCKBAEYFWF432QGAA/



___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TRJGHLOBJB2GQPW32FAXKSE6DWSUO5H5/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/I6AR5C276BXNNRZTBMU65ES5NGCON7J7/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/PSXWMLPKDZBMYQS4HAT7WVCAB3GLZUJF/


___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/MQZS7XR4OEDDPMKKA3HCHXNEW5LTXCBN/


[ovirt-users] Re: New to OVirt

2019-05-10 Thread Derek Atkins
I've been running hosted engine on a single host for a few years now with 
no issue.  I did redo my initial install several times but its been fine 
ever since. I started at 4.0.x and have gone through multiple OS and ovirt 
upgrades with few issues.


-derek
Sent using my mobile device. Please excuse any typos.
On May 10, 2019 4:47:12 PM mich...@wanderingmad.com wrote:

Honestly?  don't do hosted engine deployment first.  If you're just getting 
started with ovirt, you're going to waste weeks on getting hosted engine 
running, and then I guarantee once it's running, it's not going to come up 
when you need it most.  Just load your single host, and then load the 
engine on a separate VM/Machine to manage it.  I have the engine running on 
a separate machine so just in case there is a host issue, you can still 
access the engine to fix it.

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7TAEQR6SZKQM2YBPCKBAEYFWF432QGAA/



___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TRJGHLOBJB2GQPW32FAXKSE6DWSUO5H5/


[ovirt-users] Re: oVirt Open Source Backup solution?

2019-05-10 Thread Derek Atkins
Hi,

Michael Blanchard  writes:

> If you haven't seen my other posts, I'm not a very experienced Linux admin, so
> I'm trying to make it as easy as possible to run and maintain.  It's hard
> enough for me to not break ovirt in crazy ways

This has nothing to do with ovirt.

You could use rdiff-backup on any running machine, be it virtual or bare
metal.  It's just a way to use a combination of diff and rsync to backup
machines.  Indeed, I was using it with my vmware-based systems and, when
I migrated them to ovirt, the backups just continued working.

> Get Outlook for Android

-derek
-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/CBMHSCOBQ3MQHK2CFK6KYGBD2TSSOYAA/


[ovirt-users] Re: oVirt Open Source Backup solution?

2019-05-09 Thread Derek Atkins
mich...@wanderingmad.com writes:

> Is there a good low to no-cost solution to backup oVirt and the
> virtual machines?  I've been unabel to find something that will do a
> direct VM backup instead of a backup agent installed on VM

I just use rdiff-backup inside my VMs.

-derek
-- 
       Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/Z52SMCGN2SYDB2I2QLBYM5TZZL6HYPX7/


[ovirt-users] Re: How to replace vMware infrastructure with oVirt

2019-01-25 Thread Derek Atkins
Hi,

"Mannish Kumar"  writes:

> Hi,
>
> I have two Esxi hosts managed by VMware vCenter Server. I want to
> create a similar infrastructure with oVirt. I know that oVirt is
> similar to VMware vCenter Server but not sure what to replace the Esxi
> hosts with in oVirt Environment.
>
> I am looking to build oVirt with Self-Hosted Engine.It would be great
> help if someone could help me to build this.

I migrated from the old vmware-server to oVirt a few years ago.  I
exported my VMs as OVA and then imported them into oVirt.  Some of them
imported immediately, some took several hours.  But this was all with
oVirt 4.0 and older versions of virt-v2v, so some of my issues may have
been fixed.

I would recommend you build a new oVirt infra first, migrate your VMs,
and then, if you want, you can repurpose your existing hardware for
additional nodes.

-derek
-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7KRVXC6O75VD56E7LYZD6GMS2M2OIIHL/


[ovirt-users] Re: Centos7.6

2018-12-06 Thread Derek Atkins
Sandro Bonazzola  writes:

> oVirt 4.2.7 is already compatible with CentOS 7.6.
> I think that right now it's the best time to upgrade both oVirt and CentOS.

Is it safe to upgrade straight from 4.1.9 on 7.4 to 4.2.7 on 7.6?

-derek
-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/M5BKGNLWKKU2WXDIVGNNDBODUJXVRUTI/


[ovirt-users] Re: RAID L1/L5/L10 + NFS Loopback Benchmarks

2018-11-28 Thread Derek Atkins
Simone Tiraboschi  writes:

> On Wed, Nov 21, 2018 at 10:08 AM Andrei Verovski  wrote:
>
> Hi !
>
> Deadlock of NFS loopback happens with 3.10 stock kernel from CentOS 7.6
> only or also with 4.x mainline ?
>
> I use 4.x mainline on my nodes.
>
> AFAIK is still an open issue.
>

FWIW, I've been running with an NFS loopback and have never, in 3+
years, had an issue.  On the other hand, I am very over-provisioned and
under-subscribed on RAM, so it probably never really gets into a
situation where it has to swap.

-derek
-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JDWIDN2YE7TL5IU4G3TCB2CVFMQU7AUE/


[ovirt-users] Re: Managing multiple oVirt installs?

2018-09-03 Thread Derek Atkins
Configure a single FreeIPA domain for all deployments?  And maybe use 
oauth? (not sure if ovirt supports the latter, and it's unclear if the 
former works for your environment).  But that's the only option I can think 
of to support multiple engines.


-derek
Sent using my mobile device. Please excuse any typos.
On September 3, 2018 10:10:23 AM "femi adegoke"  
wrote:



Lets say you have 10 clients & each client has a 3 node oVirt install.
I would prefer to not login into 10 different HE portals.

How can I log in once & manage all 10 instances of oVirt?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/A5COP2VHEFIMEY2RLKZRC6W3EIJO66Q6/



___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OF646S7W3BVFISXEMX6CYCO24VXYDMBR/


[ovirt-users] Re: ovirt selfhost error

2018-08-28 Thread Derek Atkins
Hi,

mustafa.taha.m...@gmail.com writes:

> when i use hosted-engine --vm-status
>
> this will appear 
[snip]

Did you actually install and configure the hosted-engine VM?

-derek
-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
   Member, MIT Student Information Processing Board  (SIPB)
   URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH
   warl...@mit.eduPGP key available
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/AFEIXOFOQVZ3GMY6A6Z7RLBWKMMQDEXZ/


[ovirt-users] Re: oVirt: single host install

2018-06-05 Thread Derek Atkins
Hi,

Sahina Bose  writes:

> I'm running loopback NFS and I've not encountered any issues.  I've been
> running this way since 2016-10-22.  I did not understand Gluster enough
> and wasn't sure how I could make a "replica 1" -- everything seemed to
> imply you *NEEDED* 3 gluster hosts.  So I went with what I knew -- NFS.
>
> We did add support for single node gluster volume in 4.2 - see 
> https://www.ovirt.org/documentation/gluster-hyperconverged/chap-Single_node_hyperconverged/

Good to know, and thank you for the link.  I started with 4.0, which
explains why I did not go this route.  I've upgraded along the way, but
the upgrades wont let me easily change out the underlying storage
mechanisms without fully reinstalling the HE.

Still, next time I do a system refresh I'll definitely consider this.

Thanks,

-derek

-- 
   Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
   Member, MIT Student Information Processing Board  (SIPB)
   URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH
   warl...@mit.eduPGP key available
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/DMFFYTGWYBOHNDIT3VVJRM3BBXTB6AFX/


[ovirt-users] Re: oVirt: single host install

2018-05-25 Thread Derek Atkins
Hi,

Justin Zygmont <jzygm...@proofpoint.com> writes:

>> This is true -- I have to bring everything down when I want to upgrade the 
>> system, especially the host itself.  So I don't upgrade as often as I might 
>> if I had multiple hosts where I could migrate.
>>
>> How can you do it without a second host and importing with a temporary 
>> storage domain?
>
>>I just shut everything down.  So long as it's planned my users can >handle a 
>>30-60 minute outage.  And this is only when I update the >host.
>>I can update the Engine on its own, and often will update my VMs 
>>>simultaneously to minimize downtime.  But I'm okay with some >downtime.
>
> I see, so you just did an in place update of engine I guess, what if
> you want to update the node as well, and install a new HE?  You'd lose
> the locally stored NFS domains.  Or what if the engine update stuffs
> up, there'd be no way to access the admin portal right?

Yes, log into engine and run:

  yum update 'ovirt-*-setup'

Then engine-setup.

As for the host, I'm not using Node.  It's just a regular CentOS system
with the ovirt host software installed.  I update it the normal way
you'd update any other CentOS system: yum update

I don't understand what you mean by "install a new HE"?  If this is a
single-host system, what do you mean by installing a new hosted engine?
If you're asking about starting with one host and adding a second host,
then that returns back to the previous statement that you'd have to
migrate HE to a new (Gluster-based) storage system.  If you stayed with
NFS, then you "master host" could never go down or your HE would also go
down (because its [NFS-based] storage would go away).

You're right that if the Engine update breaks somehow then the admin
portal would go away -- but I'm never updating systems through the
portal.  It's always via SSH (or worst case local console on the host).

If the engine update breaks so much that even ssh wont work, then I'm
definitely in trouble.  That's what backups are for!  :)

-derek

-- 
   Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
   Member, MIT Student Information Processing Board  (SIPB)
   URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH
   warl...@mit.eduPGP key available
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org


[ovirt-users] Re: Using remote viewer outside lan

2018-05-23 Thread Derek Atkins
Hi,

Aziz <azizgst...@gmail.com> writes:

> Hi all,
>
> I am able to access my VMs from LAN using remote Viewer, however this is not
> working from outside LAN, my setup is as follow: 
>
> 1. Controller in a separate HW machine
> 2. Host in a server 
>
> When checking the console.vv file, I see that it includes the local IP address
> of the host + port 5900. Is there a way to force ovirt to generate a
> console.vv file with public IP port when the user tries to connect from
> Internet and another file with lan IP when the user tries to connect from LAN.
>
> Any hint on how to set this feature up ?

I don't think you can set up a different IP based on the connection
source. What I would recommend is setting up a web proxy on your ovirt
host and then tell it to always use the proxy.  Specifically, always use
the public IP address.

Of course, this assumes you can reach the public IP from inside your
network.  If you can't, then you might have a bigger issue.

> Best regards

-derek
-- 
   Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
   Member, MIT Student Information Processing Board  (SIPB)
   URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH
   warl...@mit.eduPGP key available
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org


[ovirt-users] Re: oVirt: single host install

2018-05-23 Thread Derek Atkins
Hi,

Justin Zygmont <jzygm...@proofpoint.com> writes:

> -Original Message-
> From: Derek Atkins [mailto:warl...@mit.edu] 
> Sent: Monday, May 21, 2018 8:33 AM
> To: Simone Tiraboschi <stira...@redhat.com>
> Cc: users <users@ovirt.org>; ov...@fateknollogee.com
> Subject: [ovirt-users] Re: oVirt: single host install
>
> Hi,
>
> Simone Tiraboschi <stira...@redhat.com> writes:
>
>> On Mon, May 21, 2018 at 7:49 AM, <ov...@fateknollogee.com> wrote:
>>
>> Use case: small sites with a minimum number of vm's.
>>
>> Is there such a thing as a single host install?
>>
>> In the past we had the all-in-one mode but we deprecated it.
>> Now the suggested mode is hosted-engine since you could expand it 
>> adding other hosts in the future.
>>  
>
> Sounds like "local storage" is useless then?

IMHO, yes.  When I installed (4.0) you could not use it for
hosted-engine storage.  Don't know if that changed, but what's the point
of using different storage methods?  I already had to set up a local NFS
(pr theoretically Gluster) for HE -- so might as well re-use that for my
main storage too!

> I am running in this configuration and have had little problem.  I migrated 
> from an old vmware-server platform, and, modulo a few hiccups along the way 
> and a few false starts as I was installing ovirt, it's been pretty stable for 
> me!
>
> Did you use NFS for all storage domains?  

Yes.

Both HE and Main Data storage domains are backed by SSD.
My ISO domain is backed by spinning rust.

>> Is it valid for production use?
>>
>> With a single host the upgrades will become more intrusive: without 
>> the capability to migrate your VMs on other hosts at upgrade time, you 
>> will be required to bring down everything.
>>  
>
> This is true -- I have to bring everything down when I want to upgrade the 
> system, especially the host itself.  So I don't upgrade as often as I might 
> if I had multiple hosts where I could migrate.
>
> How can you do it without a second host and importing with a temporary 
> storage domain?

I just shut everything down.  So long as it's planned my users can
handle a 30-60 minute outage.  And this is only when I update the host.
I can update the Engine on its own, and often will update my VMs
simultaneously to minimize downtime.  But I'm okay with some downtime.

-derek

PS: I don't know what mailer you used, but I had a very hard time
differentiating your responses from mine.  Hopefully I did not miss one
of your questions.
-- 
   Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
   Member, MIT Student Information Processing Board  (SIPB)
   URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH
   warl...@mit.eduPGP key available
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org


[ovirt-users] Re: oVirt: single host install

2018-05-21 Thread Derek Atkins
Hi,

Simone Tiraboschi <stira...@redhat.com> writes:

> On Mon, May 21, 2018 at 7:49 AM, <ov...@fateknollogee.com> wrote:
>
> Use case: small sites with a minimum number of vm's.
>
> Is there such a thing as a single host install?
>
> In the past we had the all-in-one mode but we deprecated it.
> Now the suggested mode is hosted-engine since you could expand it adding other
> hosts in the future.
>  

I am running in this configuration and have had little problem.  I
migrated from an old vmware-server platform, and, modulo a few hiccups
along the way and a few false starts as I was installing ovirt, it's
been pretty stable for me!

> Is it valid for production use?
>
> With a single host the upgrades will become more intrusive: without the
> capability to migrate your VMs on other hosts at upgrade time, you will be
> required to bring down everything.
>  

This is true -- I have to bring everything down when I want to upgrade
the system, especially the host itself.  So I don't upgrade as often as
I might if I had multiple hosts where I could migrate.

> What kind of storage?
>
> NFS in loopback could be problematic, I'd suggest gluster in replica 1 or
> iSCSI.

I'm running loopback NFS and I've not encountered any issues.  I've been
running this way since 2016-10-22.  I did not understand Gluster enough
and wasn't sure how I could make a "replica 1" -- everything seemed to
imply you *NEEDED* 3 gluster hosts.  So I went with what I knew -- NFS.

This might be problematic if I move forward to a multi-host platform as
I'll have to "migrate" my storage -- specifically for hosted-engine --
which IIRC requires a re-install (or some other drastic measure).

-derek

-- 
   Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
   Member, MIT Student Information Processing Board  (SIPB)
   URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH
   warl...@mit.eduPGP key available
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org


Re: [ovirt-users] How to setup users to see a subset of VMs in oVirt

2018-03-06 Thread Derek Atkins
Hi,

Jean Pickard <ggkkr...@gmail.com> writes:

> Hello,
> I need to create user accounts in oVirt that can only manage a specific set of
> VMs and I don't want them to see any other ones.
> example:
> User1 can only see VM1, VM2, VM3, VM4
> User2 can only see VM5, VM6, VM7
> Admin can see all of them.
> How do I accomplish this?

Just set the permissions on the VMs.
It works quite well.

> Thank you,
>
> Payman Vazinkhoo

-derek
-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Power off VM from VM portal

2018-03-06 Thread Derek Atkins
Hi,

Alexandr Krivulya <shur...@shurik.kiev.ua> writes:

> Hi,
>
> is there any way to power off VM from VM portal (4.2.1.7)? I can't
> find "power off" button, just "shutdown".

I don't know about 4.2, but in 4.1 and 4.0 there is a right-click
context menu that gives you access to the Power Off feature.  If that
doesn't work (ISTR disucssion about removing that context menu), then
there must be a different way to access it now.

-derek
-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] OVS not running / logwatch error after upgrade from 4.0.6 to 4.1.8

2018-01-21 Thread Derek Atkins
Hi,

I tried creating the directory but then it complained about missing log
files.

I think I'm just going to block out the logwatch file.

It's annoying that the default config bleats out.

Thanks for the feedback.

-derek

Darrell Budic <bu...@onholyground.com> writes:

> OVS is an optional tech preview in 4.1.x, you don’t need it. It is annoying
> about the logwatch errors though…
>
> I think I created the directory to avoid the errors, I forgot exactly what it
> was, sorry.
>
> ------
> From: Derek Atkins <de...@ihtfp.com>
> Subject: [ovirt-users] OVS not running / logwatch error after upgrade from
> 4.0.6 to 4.1.8
> Date: January 19, 2018 at 10:44:56 AM CST
> To: users
>
> Hi,
> I recently upgraded my 1-host ovirt deployment from 4.0.6 to 4.1.8.
> Since then, the host has been reporting a cron.daily error:
>
> /etc/cron.daily/logrotate:
>
> logrotate_script: line 4: cd: /var/run/openvswitch: No such file or
> directory
>
> This isn't surprising, since:
>
> # systemctl status openvswitch
> ● openvswitch.service - Open vSwitch
>   Loaded: loaded (/usr/lib/systemd/system/openvswitch.service; disabled;
> vendor preset: disabled)
>   Active: inactive (dead)
>
> The host was just upgraded by "yum update".
> Was there anything special that needed to happen after the update?
> Do I *NEED* OVS running?
> The VMs all seem to be behaving properly.
>
> Thanks,
>
> -derek
>
> --
>   Derek Atkins 617-623-3745
>   de...@ihtfp.com www.ihtfp.com
>   Computer and Internet Security Consultant
>
> _______
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] OVS not running / logwatch error after upgrade from 4.0.6 to 4.1.8

2018-01-19 Thread Derek Atkins

It is /var/run/openvswitch
However it will need to be recreated on every reboot.

-derek
Sent using my mobile device. Please excuse any typos.



On January 19, 2018 3:54:44 PM Darrell Budic <bu...@onholyground.com> wrote:

OVS is an optional tech preview in 4.1.x, you don’t need it. It is annoying 
about the logwatch errors though…


I think I created the directory to avoid the errors, I forgot exactly what 
it was, sorry.



From: Derek Atkins <de...@ihtfp.com>
Subject: [ovirt-users] OVS not running / logwatch error after upgrade from 
4.0.6 to 4.1.8

Date: January 19, 2018 at 10:44:56 AM CST
To: users

Hi,
I recently upgraded my 1-host ovirt deployment from 4.0.6 to 4.1.8.
Since then, the host has been reporting a cron.daily error:

/etc/cron.daily/logrotate:

logrotate_script: line 4: cd: /var/run/openvswitch: No such file or directory

This isn't surprising, since:

# systemctl status openvswitch
● openvswitch.service - Open vSwitch
  Loaded: loaded (/usr/lib/systemd/system/openvswitch.service; disabled;
vendor preset: disabled)
  Active: inactive (dead)

The host was just upgraded by "yum update".
Was there anything special that needed to happen after the update?
Do I *NEED* OVS running?
The VMs all seem to be behaving properly.

Thanks,

-derek

--
  Derek Atkins 617-623-3745
  de...@ihtfp.com www.ihtfp.com
  Computer and Internet Security Consultant

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] OVS not running / logwatch error after upgrade from 4.0.6 to 4.1.8

2018-01-19 Thread Derek Atkins
Hi,
I recently upgraded my 1-host ovirt deployment from 4.0.6 to 4.1.8.
Since then, the host has been reporting a cron.daily error:

/etc/cron.daily/logrotate:

logrotate_script: line 4: cd: /var/run/openvswitch: No such file or directory

This isn't surprising, since:

# systemctl status openvswitch
● openvswitch.service - Open vSwitch
   Loaded: loaded (/usr/lib/systemd/system/openvswitch.service; disabled;
vendor preset: disabled)
   Active: inactive (dead)

The host was just upgraded by "yum update".
Was there anything special that needed to happen after the update?
Do I *NEED* OVS running?
The VMs all seem to be behaving properly.

Thanks,

-derek

-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] 4.1.8: Run Once does not allow me to choose a CD Image to attach

2018-01-17 Thread Derek Atkins
Hi,

On Wed, January 17, 2018 11:13 am, Pavel Novotny wrote:
>
> On 16.1.2018 21:05, Derek Atkins wrote:
>> Hi,
>>
>> I upgraded from 4.0.6 to 4.1.8.  I had created a VM in 4.0.6 but had
>> never started it nor had I ever run it before I upgraded.  I then
>> upgraded to 4.1.8 (which went very smoothly), but then I tried to use
>> the Run Once function to boot up and attach an ISO Image.  However when
>> I select Run Once, then Boot Options, the "Attach CD" option is
>> unchecked and wont let me select it like I could in 4.0.6.  If I try to
>> select the checkbox I see the popup flash but the box remains unchecked.
>
> Hi Derek,
>
> this reminds me UX bug https://bugzilla.redhat.com/1516311
> It has been filed for 4.2, but it affects also 4.1.x.
> It happens when the browser window width is less than approx. 1200 px,
> if it is your case.

Interesting.  Yes, xwininfo reports a geometry of 1105x883 for my browser
window.

What an interesting bug.  Why would it assume it's a mobile view?  and
even if it IS a mobile view, why disable the functionality?

At least the Edit dialog still works, but it's still annoying.

I've added myself to that bug.

Thanks,

> -Pavel

-derek

>>
>> Is this a bug/regression in 4.1.8?
>>
>> I did clear my browser cache thinking that might be it, but no, that
>> didn't help.
>>
>> The only thing I could do was Edit the VM, go to Boot options, select it
>> there (which I could do) and then choose the ISO.  THEN I could run it
>> with the CD attached.
>>
>> Thanks,
>>
>> -derek
>
>


-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] 4.1.8: Run Once does not allow me to choose a CD Image to attach

2018-01-16 Thread Derek Atkins
Hi,

I upgraded from 4.0.6 to 4.1.8.  I had created a VM in 4.0.6 but had
never started it nor had I ever run it before I upgraded.  I then
upgraded to 4.1.8 (which went very smoothly), but then I tried to use
the Run Once function to boot up and attach an ISO Image.  However when
I select Run Once, then Boot Options, the "Attach CD" option is
unchecked and wont let me select it like I could in 4.0.6.  If I try to
select the checkbox I see the popup flash but the box remains unchecked.

Is this a bug/regression in 4.1.8?

I did clear my browser cache thinking that might be it, but no, that
didn't help.

The only thing I could do was Edit the VM, go to Boot options, select it
there (which I could do) and then choose the ISO.  THEN I could run it
with the CD attached.

Thanks,

-derek
-- 
   Derek Atkins 617-623-3745
   de...@ihtfp.com www.ihtfp.com
   Computer and Internet Security Consultant
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


  1   2   3   >