Re: [ovirt-users] Network configuration validation error
> This option relevant only for the upgrade from 3.6 to 4.0(engine had > different OS major versions), it all other cases the upgrade flow very > similar to upgrade flow of standard engine environment. > > > 1. Put hosted-engine environment to GlobalMaintenance(you can do it via > UI) > 2. Update engine packages(# yum update -y) > 3. Run engine-setup > 4. Disable GlobalMaintenance > > Could someone explain me at least what "Cluster PROD is at version 4.2 which > is not supported by this upgrade flow. Please fix it before upgrading." > means ? As far as I know 4.2 is the most recent branch available, isn't it ? I have no idea where did you get "Cluster PROD is at version 4.2 which is not supported by this upgrade flow. Please fix it before upgrading." Please do not cut output and provide exact one. IIUC you should do 'yum update ovirt\*setup\*' and then 'engine-setup' and only after it would finish successfully you would do 'yum -y update'. Maybe that's your problem? Jiri ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] After upgrading to 4.1.4 unable to start VM or migrate them
> Ok I found the ERROR: > After upgrade the schedule policy was "none", I dont know why it was moved to > none but to fix the problem I did following: > Edit Cluster->Scheduling Policy-> Select Policy: vm_evently_distributed > Now I can run/migrate the VMs. > > I think there should be a some bug in the upgrade process. Well, if you would like to help us to find the cause then we need to know more details. - what was your original version? - what was your original scheduling policy on the cluster - could you provide * /var/log/ovirt-engine/setup/ovirt-engine-setup-20170801112218-piffzl.log * /var/log/ovirt-engine/engine.log You have backup of your original engine DB in /var/lib/ovirt-engine/backups/, thus you can import this DB via psql into a temporary DB and inspect the DB for original settings. Ideally you can submit a BZ at https://bugzilla.redhat.com/enter_bug.cgi?classification=oVirt j. > Sorry, I forgot to mention the error. > This error throws every time when I try to start the VM: > > 2017-07-31 16:51:07,297+02 ERROR [org.ovirt.engine.core.bll.RunVmCommand] > (default task-239) [7848103c-98dc-45d1-b99a-4713e3b8e956] Error during > ValidateFailure.: java.lang.NullPointerException > at > org.ovirt.engine.core.bll.scheduling.SchedulingManager.canSchedule(SchedulingManager.java:526) > [bll.jar:] > at > org.ovirt.engine.core.bll.validator.RunVmValidator.canRunVm(RunVmValidator.java:157) > [bll.jar:] > at org.ovirt.engine.core.bll.RunVmCommand.validate(RunVmCommand.java:967) > [bll.jar:] > at > org.ovirt.engine.core.bll.CommandBase.internalValidate(CommandBase.java:836) > [bll.jar:] > at org.ovirt.engine.core.bll.CommandBase.validateOnly(CommandBase.java:365) > [bll.jar:] > at > org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.canRunActions(PrevalidatingMultipleActionsRunner.java:113) > [bll.jar:] > at > org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.invokeCommands(PrevalidatingMultipleActionsRunner.java:99) > [bll.jar:] > at > org.ovirt.engine.core.bll.PrevalidatingMultipleActionsRunner.execute(PrevalidatingMultipleActionsRunner.java:76) > [bll.jar:] > at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:640) > [bll.jar:] > at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:610) > [bll.jar:] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > [rt.jar:1.8.0_141] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > [rt.jar:1.8.0_141] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > [rt.jar:1.8.0_141] > at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_141] > at > org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52) > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at > org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437) > at > org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:70) > [wildfly-weld-10.1.0.Final.jar:10.1.0.Final] > at > org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:80) > [wildfly-weld-10.1.0.Final.jar:10.1.0.Final] > at > org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:93) > [wildfly-weld-10.1.0.Final.jar:10.1.0.Final] > at > org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63) > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at > org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437) > at > org.ovirt.engine.core.bll.interceptors.CorrelationIdTrackerInterceptor.aroundInvoke(CorrelationIdTrackerInterceptor.java:13) > [bll.jar:] > at sun.reflect.GeneratedMethodAccessor95.invoke(Unknown Source) [:1.8.0_141] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > [rt.jar:1.8.0_141] > at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_141] > at > org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptor.java:89) > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at org.jboss.as.ejb3.component.in > vocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43) > [wildfly-ejb3-10.1.0.Final.jar:10.1.0.Final] > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at > org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437) > at > org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:73) > [weld-core-impl-2.3.5.Final.jar:2.3.5.Final] > at >
Re: [ovirt-users] Guest Agent Running unconfined on Centos 7
- Original Message - > From: "Alan Griffiths"> To: "Ovirt Users" > Sent: Friday, February 10, 2017 4:25:28 PM > Subject: [ovirt-users] Guest Agent Running unconfined on Centos 7 > > Hi, > > I'm running ovirt-guest-agent from Centos 7 EPEL and I notice that it's > running unconfined rather than within its own domain. > > I see there is a rhev_agentd_exec_t type, which I attempted to assign to > ovirt-guest-agent.py but it still starts up as unconfined. Is there a > supported process for getting ovirt-guest into its own domain? Or a reason > why it's not possible? > > Thanks, > > Alan Hm, it seems many ovirt services run unconfined. For ovirt GA, it seems there's missing glue between systemd -> python -> GA script. Vinzenz, any idea? j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] vm display effect
Do you have SPICE console and SPICE agents installed? - Original Message - From: "qinglong dong"To: "users" Sent: Thursday, February 16, 2017 4:18:22 AM Subject: [ovirt-users] vm display effect Hi, all I have used windows vm created by ovirt for a long time. I found that the vm display effect was not very good in some cases. For example, The codes came out word by word when using some c ode browsing tools. And sometimes online video playing was not very fluent. Anyone coiuld give some advices to improve this? Thanks! ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Ovirt console ticket time threshold and password
I doubt you can have it "static" and open consoles from Admin/User Portals. You can submit a feature request but IMO this feature goes against all AAA implemented in oVirt. Anyway, what about a libvirt/vdsm hook for following? ~~~ virsh # qemu-monitor-command 10 --hmp 'set_password spice foobar keep' virsh # qemu-monitor-command 10 --hmp 'expire_password spice never' virsh # qemu-monitor-command 10 --hmp 'info spice' Server: address: 0:5908 migrated: false auth: spice compiled: 0.12.4 mouse-mode: server Channels: none ~~~ $ remote-viewer spice://${host}?port=5908 j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Ovirt console ticket time threshold and password
Without console password everybody could vnc/spice to a console port on your host. I suppose you don't want this in multi-user environment. j. - Original Message - From: "rightkicktech.gmail.com"To: "Ovirt Users Mailing List" Sent: Saturday, January 28, 2017 11:23:53 AM Subject: [ovirt-users] Ovirt console ticket time threshold and password Hi all, Is there any standard recommended way to alter the default value of 120 secs set on spice console? Also, can the password be disabled if needed? There are several hacks floating arround, but none seems clean. Thanx, Alex -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/
IMO you "owe" explanation what was wrong, so other users could learn from your mistakes and this mailing-list archive would thus be beneficial for them when searching for help ;) Anyway, that's great news! j. - Original Message - From: "aleksey maksimov" <aleksey.maksi...@it-kb.ru> To: "Jiri Belka" <jbe...@redhat.com> Cc: "users" <users@ovirt.org> Sent: Tuesday, August 16, 2016 2:59:21 PM Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/ Thank you, Jiri ! I did everything step by step and SPICE HTML5 browser client now works. 16.08.2016, 10:46, "Jiri Belka" <jbe...@redhat.com>: > So, > > I used this for my own ca test: > > OWN CA AND OWN ENGINE KEY/CRT > = > > 0> CA > > # awk '/my-/ || $1 ~ /^[^#]*_default/' /etc/pki/tls/openssl.cnf > certificate = $dir/my-ca.crt # The CA certificate > crl = $dir/my-ca.crl # The current CRL > private_key = $dir/private/my-ca.key # The private key > countryName_default = CZ > stateOrProvinceName_default = Jihomoravsky kraj > localityName_default = Brno > 0.organizationName_default = Shoot them in the head, s. r. o. > > touch /etc/pki/CA/index.txt > echo 01 > /etc/pki/CA/serial > cd /etc/pki/CA > (umask 077 ; openssl genrsa -out private/my-ca.key -des3 2048 ) > openssl req -new -x509 -key private/my-ca.key -days 365 > my-ca.crt > > 0> engine cert > > openssl genrsa -out my-engine.key 4096 > openssl req -new -out my-engine.csr -key my-engine.key > openssl ca -in my-engine.csr -out my-engine.crt > # use 'mypass' for p12 bundle export !!! > openssl pkcs12 -export -out my-engine.p12 -inkey my-engine.key -in > my-engine.crt -chain -CAfile /etc/pki/CA/my-ca.crt > > 0> existing engine keys/certs/p12 replacement > > (follow > $engine_url/ovirt-engine/docs/manual/en_US/html/Administration_Guide/appe-Red_Hat_Enterprise_Virtualization_and_SSL.html) > > rm -f /etc/pki/ovirt-engine/apache-ca.pem > cp my-engine.crt /etc/pki/ovirt-engine/apache-ca.pem > cp my-engine.p12 /etc/pki/ovirt-engine/keys/apache.p12 > openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nocerts -nodes > > /etc/pki/ovirt-engine/keys/apache.key.nopass > openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nokeys > > /etc/pki/ovirt-engine/certs/apache.cer > install -o ovirt -g ovirt -m 600 /dev/null > /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf > # 'changeit' is default java truststore pass on EL > cat > /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf << EOF > ENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts" > ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="changeit" > EOF > > 0> add custom CA into system truststore after backup > > cp /etc/pki/CA/my-ca.crt /etc/pki/ca-trust/source/anchors/CA.crt > update-ca-trust > > 0> check if system truststore knows about custom CA > > openssl x509 -in /etc/pki/ca-trust/source/anchors/CA.crt -fingerprint -sha1 > -noout > # 'changeit' is default java truststore pass on EL > keytool -list -keystore /etc/pki/java/cacerts -storepass changeit | grep "$( > openssl x509 -in /etc/pki/ca-trust/source/anchors/CA.crt -fingerprint -sha1 > -noout | sed -e '/SHA1/s/.*=//;' )" > grep -IR "$(sed -n '2p' /etc/pki/ca-trust/source/anchors/CA.crt)" > /etc/pki/ca-trust/extracted/ > > 0> engine-setup pki configuration check > > engine-setup # see if 'PKI CONFIGURATION' section passed without errors > > (doctext here https://bugzilla.redhat.com/show_bug.cgi?id=1336838) > > And this for websocket proxy: > > # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf > PROXY_PORT=6100 > SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem > SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass > CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer > SSL_ONLY=True > > You can start manually websocket proxy: > > /usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.py > --help > Usage: ovirt-websocket-proxy.py [options] start > > Options: > -h, --help show this help message and exit > -d, --debug debug mode > --pidfile=FILE pid file to use > --background Go into the background > --systemd=SYSTEMD Systemd type simple|notify > --redirect-output Redirect output of daemon > > It is also handy to do: > > openssl s_client -connect $websocketproxy_host:6100 > > j. > > - Original Message - > From: "aleksey maksimov" <aleksey.maksi...@it-kb.ru> > To: &quo
Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/
So, I used this for my own ca test: OWN CA AND OWN ENGINE KEY/CRT = 0> CA # awk '/my-/ || $1 ~ /^[^#]*_default/' /etc/pki/tls/openssl.cnf certificate = $dir/my-ca.crt# The CA certificate crl = $dir/my-ca.crl# The current CRL private_key = $dir/private/my-ca.key # The private key countryName_default = CZ stateOrProvinceName_default = Jihomoravsky kraj localityName_default= Brno 0.organizationName_default = Shoot them in the head, s. r. o. touch /etc/pki/CA/index.txt echo 01 > /etc/pki/CA/serial cd /etc/pki/CA (umask 077 ; openssl genrsa -out private/my-ca.key -des3 2048 ) openssl req -new -x509 -key private/my-ca.key -days 365 > my-ca.crt 0> engine cert openssl genrsa -out my-engine.key 4096 openssl req -new -out my-engine.csr -key my-engine.key openssl ca -in my-engine.csr -out my-engine.crt # use 'mypass' for p12 bundle export !!! openssl pkcs12 -export -out my-engine.p12 -inkey my-engine.key -in my-engine.crt -chain -CAfile /etc/pki/CA/my-ca.crt 0> existing engine keys/certs/p12 replacement (follow $engine_url/ovirt-engine/docs/manual/en_US/html/Administration_Guide/appe-Red_Hat_Enterprise_Virtualization_and_SSL.html) rm -f /etc/pki/ovirt-engine/apache-ca.pem cp my-engine.crt /etc/pki/ovirt-engine/apache-ca.pem cp my-engine.p12 /etc/pki/ovirt-engine/keys/apache.p12 openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nocerts -nodes > /etc/pki/ovirt-engine/keys/apache.key.nopass openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nokeys > /etc/pki/ovirt-engine/certs/apache.cer install -o ovirt -g ovirt -m 600 /dev/null /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf # 'changeit' is default java truststore pass on EL cat > /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf << EOF ENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts" ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="changeit" EOF 0> add custom CA into system truststore after backup cp /etc/pki/CA/my-ca.crt /etc/pki/ca-trust/source/anchors/CA.crt update-ca-trust 0> check if system truststore knows about custom CA openssl x509 -in /etc/pki/ca-trust/source/anchors/CA.crt -fingerprint -sha1 -noout # 'changeit' is default java truststore pass on EL keytool -list -keystore /etc/pki/java/cacerts -storepass changeit | grep "$( openssl x509 -in /etc/pki/ca-trust/source/anchors/CA.crt -fingerprint -sha1 -noout | sed -e '/SHA1/s/.*=//;' )" grep -IR "$(sed -n '2p' /etc/pki/ca-trust/source/anchors/CA.crt)" /etc/pki/ca-trust/extracted/ 0> engine-setup pki configuration check engine-setup # see if 'PKI CONFIGURATION' section passed without errors (doctext here https://bugzilla.redhat.com/show_bug.cgi?id=1336838) And this for websocket proxy: # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf PROXY_PORT=6100 SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer SSL_ONLY=True You can start manually websocket proxy: /usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.py --help Usage: ovirt-websocket-proxy.py [options] start Options: -h, --help show this help message and exit -d, --debugdebug mode --pidfile=FILE pid file to use --background Go into the background --systemd=SYSTEMD Systemd type simple|notify --redirect-output Redirect output of daemon It is also handy to do: openssl s_client -connect $websocketproxy_host:6100 j. - Original Message - From: "aleksey maksimov" <aleksey.maksi...@it-kb.ru> To: "Jiri Belka" <jbe...@redhat.com> Cc: "users" <users@ovirt.org> Sent: Tuesday, August 16, 2016 9:33:54 AM Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/ Jiri, I did not hide information. Tell me what the log file should show and I will show 16.08.2016, 10:29, "Jiri Belka" <jbe...@redhat.com>: > It does have logs, filenames "hide" real data. > > You should reveal logs and what each file is and > which exact commands you were executing. > > Vague statements won't help much. It does work for me, > there much be something strange in your setup but we > cannot know what without details. > > j. > > - Original Message - > From: "aleksey maksimov" <aleksey.maksi...@it-kb.ru> > To: "Jiri Belka" <jbe...@redhat.com> > Cc: "users" <users@ovirt.org> > Sent: Monday, August 15, 2016 6:18:48 PM > Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE > HTML5 browser client -> WebSocket error
Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/
It does have logs, filenames "hide" real data. You should reveal logs and what each file is and which exact commands you were executing. Vague statements won't help much. It does work for me, there much be something strange in your setup but we cannot know what without details. j. - Original Message - From: "aleksey maksimov" <aleksey.maksi...@it-kb.ru> To: "Jiri Belka" <jbe...@redhat.com> Cc: "users" <users@ovirt.org> Sent: Monday, August 15, 2016 6:18:48 PM Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/ I tried a version of Nicolás. No success :(( 1) I create full bundle cert file: # cat /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/apache-ca.pem > /etc/pki/ovirt-engine/certs/apache-with-ca.cer # openssl verify /etc/pki/ovirt-engine/certs/apache-with-ca.cer /etc/pki/ovirt-engine/certs/apache-with-ca.cer: OK 2) I changed config file: # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf PROXY_PORT=6100 SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache-with-ca.cer SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass SSL_ONLY=True FORCE_DATA_VERIFICATION=False 3) I restarted the service # service ovirt-websocket-proxy restart Problem still exists :( Any ideas how to trablshut problem? 14.08.2016, 08:59, "aleksey.maksi...@it-kb.ru" <aleksey.maksi...@it-kb.ru>: > Hi Jiri. > But your variant does not work, too > > # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf > PROXY_PORT=6100 > SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem > SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass > CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer > SSL_ONLY=True > > Some error: > WebSocket error: Can't connect to websocket on URL: > wss://ovirt.engine.fqdn:6100/eyJ...0=[object Event] > > any ideas how to trablshut problem? > > 14.08.2016, 01:53, "Jiri Belka" <jbe...@redhat.com>: >> I have different files for those variables, maybe this is the case? >> >> Review again. >> >> j. >> >> - Original Message - >> From: "aleksey maksimov" <aleksey.maksi...@it-kb.ru> >> To: "Jiri Belka" <jbe...@redhat.com> >> Cc: "users" <users@ovirt.org> >> Sent: Saturday, August 13, 2016 4:57:45 PM >> Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE >> HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: >> wss://ovirt.engine.fqdn:6100/ >> >> I changed my file >> /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf to: >> >> PROXY_PORT=6100 >> #SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/websocket-proxy.cer >> #SSL_KEY=/etc/pki/ovirt-engine/keys/websocket-proxy.key.nopass >> #CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer >> SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer >> SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass >> CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/apache-ca.pem >> SSL_ONLY=True >> >> ...and restart HostedEngine VM. >> Problem still exists. >> >> 13.08.2016, 17:52, "aleksey.maksi...@it-kb.ru" <aleksey.maksi...@it-kb.ru>: >>> It does not work for me. any ideas? >>> >>> 02.08.2016, 17:22, "Jiri Belka" <jbe...@redhat.com>: >>>> This works for me: >>>> >>>> # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf >>>> PROXY_PORT=6100 >>>> SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem >>>> SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass >>>> CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer >>>> SSL_ONLY=True >>>> >>>> - Original Message - >>>> From: "aleksey maksimov" <aleksey.maksi...@it-kb.ru> >>>> To: "users" <users@ovirt.org> >>>> Sent: Monday, August 1, 2016 12:13:38 PM >>>> Subject: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE >>>> HTML5 browser client -> WebSocket error: Can't connect to websocket on >>>> URL: wss://ovirt.engine.fqdn:6100/ >>>> >>>> Hello oVirt guru`s ! >>>> >>>> I have successfully replaced the oVirt 4 site SSL-certificate according >>>> to the instructions from "Replacing oVirt SSL Certificate" >>>> section in &
Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/
This works for me: # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf PROXY_PORT=6100 SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer SSL_ONLY=True - Original Message - From: "aleksey maksimov"To: "users" Sent: Monday, August 1, 2016 12:13:38 PM Subject: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/ Hello oVirt guru`s ! I have successfully replaced the oVirt 4 site SSL-certificate according to the instructions from "Replacing oVirt SSL Certificate" section in "oVirt Administration Guide" http://www.ovirt.org/documentation/admin-guide/administration-guide/ 3 files have been replaced: /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/keys/apache.key.nopass /etc/pki/ovirt-engine/apache-ca.pem Now the oVirt site using my certificate and everything works fine, but when I try to use SPICE HTML5 browser client in Firefox or Chrome I see a gray screen and message under the button "Toggle messages output": WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/eyJ...0=[object Event] Before replacing certificates SPICE HTML5 browser client works. Native SPICE client works fine. Tell me what to do with SPICE HTML5 browser client? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] remote-viewer on OSX
I'm not OSX user but virt-viewer works on OpenBSD fine, so it can't be difficult to make it running. You need libvirt working (just for 'remote'), spice-gtk, gtk-vnc and couple of python modules. http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/x11/virt-viewer/Makefile?rev=1.26=text/x-cvsweb-markup - Original Message - From: "Karli Sjöberg"To: "Gianluca Cecchi" Cc: "users" Sent: Wednesday, July 27, 2016 12:09:54 PM Subject: Re: [ovirt-users] remote-viewer on OSX Den 27 jul 2016 11:48 fm skrev Gianluca Cecchi : > > Hello, > I'm going to provide access to ovirt VMs to people who are using OSX > At this moment I don't have access to any OSX environment to crosscheck, but > is still that complex/intricate? As far as I know, no more work has been done on this front. /K > http://www.ovirt.org/documentation/admin-guide/virt/spice-remote-viewer-on-os-x/ > > > Thanks, > Gianluca ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ERROR [org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) [] Unable to process messages
> > Unfortunately, upgrading to 4.0.1RC didn't solve the problem. Actually, > > the error changed to 'General SSLEngine problem', but the result was the > > same, like this: > > > > 2016-07-13 09:52:22,010 INFO > > [org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (SSL Stomp > > Reactor) [] Connecting to /10.X.X.X > > 2016-07-13 09:52:22,018 ERROR > > [org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) [] > > Unable to process messages: General SSLEngine problem > > > > It's worth mentioning that we're using our own SSL certificates (not > > self-signed), and I imported the combined certificate into the > > /etc/pki/ovirt-engine/.truststore key file. Not sure if related, but > > just in case. > > > > I had to downgrade to 3.6.7. I'm attaching requested logs, if you need > > anything else don't hesitate to ask. > > > FYI I migrated my 3.6 env (engine + 1 host) to 4.0 and the host is up > and running fine on datacenter/cluster 4.0 compat level. > > FYA there's a BZ about engine certs > https://bugzilla.redhat.com/show_bug.cgi?id=1336838 Ah, I forgot to mention that I used my own CA and thus custom certificate for Apache httpd. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ERROR [org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) [] Unable to process messages
> Hi, > > Unfortunately, upgrading to 4.0.1RC didn't solve the problem. Actually, > the error changed to 'General SSLEngine problem', but the result was the > same, like this: > > 2016-07-13 09:52:22,010 INFO > [org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (SSL Stomp > Reactor) [] Connecting to /10.X.X.X > 2016-07-13 09:52:22,018 ERROR > [org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) [] > Unable to process messages: General SSLEngine problem > > It's worth mentioning that we're using our own SSL certificates (not > self-signed), and I imported the combined certificate into the > /etc/pki/ovirt-engine/.truststore key file. Not sure if related, but > just in case. > > I had to downgrade to 3.6.7. I'm attaching requested logs, if you need > anything else don't hesitate to ask. FYI I migrated my 3.6 env (engine + 1 host) to 4.0 and the host is up and running fine on datacenter/cluster 4.0 compat level. FYA there's a BZ about engine certs https://bugzilla.redhat.com/show_bug.cgi?id=1336838 j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] restore of backup fail when Migrating to ovirt-engine 4.0
> [.. cutting all bogus as it is unreadable, even with html mails..] > > On Tue, Jun 28, 2016 at 4:00 PM, Yaniv Darywrote: > > > Do you have any 3.5 clusters? You can only upgrade to 4.0, if all the > > cluster are 3.6 compatibility. > >> > >> #engine-backup --mode=restore --no-restore-permissions --provision-db > >> --provision-dwh-db --provision-reports-db --file=engine-backup.tar.gz > >> --log=engine-backup-restore.log > >> > >> Success with the restore! > >> > >> Thanks for pointing me out. What I did was just following the > >> documentation, right or wrong. > >> > >> But when I run "Engine-setup" I got stucked with > >> > >> "[ INFO ] Stage: Setup validation > >> [WARNING] Less than 16384MB of memory is available > >> [ ERROR ] Failed to execute stage 'Setup validation': Trying to upgrade > >> from unsupported versions: 3.5 > >> [ INFO ] Stage: Clean up > >> Log file is located at > >> /var/log/ovirt-engine/setup/ovirt-engine-setup-20160628120936-ix7pb8.log > >> [ INFO ] Generating answer file > >> '/var/lib/ovirt-engine/setup/answers/20160628121149-setup.conf' > >> [ INFO ] Stage: Pre-termination > >> [ INFO ] Stage: Termination > >> [ ERROR ] Execution of setup failed" > >> 3.6 EL6 migration to 4.0 EL7 works OK for me with following steps: 1. 3.6 EL6 engine (3.6 dc/clstr level) 2. 3.6 EL6 engine-backup and do backup 3. 4.0 EL7 clean install 4. 4.0 EL7 engine-backup and do restore 5. 4.0 EL7 engine-setup What are the problematic steps on other side? Do we have a problem if 3.6 EL6 engine does have dc/clstr level set to '3.5'? j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] [ovirt-cli] query snapshot in preview of a vm
I can't figure out how to do nice ovirt-shell command to query current snapshot in preview of a vm (to commit it later). This works: ~~~ list snapshots --parent-vm-name jb-w2k8r2 --kwargs "description=Active VM before the preview" --show-all | egrep "^(id|description|type)" id : 08535a3e-dc9e-42c0-b611-6fea4a0318c9 description: Active VM before the preview type : preview ~~~ But why the following does not work? ~~~ list snapshots --parent-vm-name jb-w2k8r2 --kwargs "type=preview" ~~~ It returns nothing. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Domain ordering in the user portal login form
> I have 3.6, what file should I modify in > > /etc/ovirt-engine/extensions.d/? See how it works here https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.5/html-single/Administration_Guide/index.html#sect-Directory_Users j.___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Change host using php api
> I would like to change the host of a vm using the api call. I tried it by > using the following xml but didn't work > > > > > > > compute11 > > > > > > > Could you please check it ? Check what? '...didn't work' is too broad description. Share more info. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Unable to boot from CD ROM using api
> We are using ovirt 3.5 version and trying to change the boot device to CD ROM > and boot from it using the ovirt api. I am able to change the boot order but > i am unable to boot the vm from the CDROM using api. But i am able to do the > same from the ovirt panel. The following are the steps that i follow > > 1. Shut down the vm > 2. Attach the iso image > 3. Start the vm in run once mode using api with the following xml > > " " > > Could you please check if any issues with this ? Also, I am able to view the > attached image from the ovirt panel. And output from curl/wget (whatever you use) does show what? j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ipv6 in guests not worknig
> [root@dipovirt01 ~]# cat /etc/sysctl.d/ipv6.conf > net.ipv6.conf.all.forwarding = 1 > net.ipv6.conf.default.forwarding = 1 imo the above is only needed for "routing", not bridging. any news? j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Domain ordering in the user portal login form
> From: "Cristian Mammoli"> To: "users" > Sent: Tuesday, October 27, 2015 10:20:10 AM > Subject: [ovirt-users] Domain ordering in the user portal login form > > Hi, is there a way to set the default domain in the user portal drop > down menu? > > Thanks Generally it is alphabetically sorted. But if you use recent oVirt (what is your version, quite important info) you can define "name" of this domain profile. In 3.6 check /etc/ovirt-engine/extensions.d/ dir. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Keep on loading while importing a vm
> While importing a vm from vmware in the Ovirt3.6 its keep on loading and > nothing comes up ,can someone help me in that ? Via v2v tool? If so check http://libguestfs.org/virt-v2v.1.html for contacts. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Ovirt Guest VM network | vnet to id
> I have an query regarding guest VM network name...in the host every VM > network has the name of vnet0,vnet1 etc...is there any way to change to them > from vnet to interface id ?? I understand your point but in "cloud"(-like) environments there's no use for explicit hardcoded names. You better use different approach: - use engine's restapi and query for VM network and than for its underlying hosts/netifaces - use libvirt directly I would go with the former as you already use oVirt. See http://www.ovirt.org/REST-Api or https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.5/html/Technical_Guide/chap-REST_API_Quick_Start_Example.html Have fun. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Ovirt and Shorewall
> From: "Johan Vermeulen"> To: "users" > Sent: Wednesday, October 28, 2015 4:13:49 PM > Subject: [ovirt-users] Ovirt and Shorewall > Hello All, > I'm still experimenting with Ovirt-setup. > Because Centos/Rhel7 now have Firewalld, and because I still have some > Centos6 > machines with Iptables, I was kinda hoping to use Shorewall on both. > Is there any support/documentation for this in the Ovirt-world? On RHEL 7, ovirt 3.6 puts vdsm ("hypervisor" host) firewall rules as xml file into firewalld directory. It is open-source, check engine-setup source and maybe you can propose diffs for another fw frontend support. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Problem starting up new VM created from a template.
> Hello, > > I'm having troubles with a new VM created from a template. I did run sysprep > in the windows 2008R2 machine before creating a template from it. I have > already used this template multiple times and even this time it initially > started up just fine but not a second time. > > This is what I see that is troublesome in the vdsm.log file when I try to > start up the VM. > > Thread-105499::ERROR::2015-10-28 > 10:45:31,899::vm::2344::vm.Vm::(_startUnderlyingVm) > vmId=`20dfe9dc-74c7-46c0-9708-19200de8e958`::The vm start process failed > Traceback (most recent call last): > File "/usr/share/vdsm/virt/vm.py", line 2284, in _startUnderlyingVm > self._run() > File "/usr/share/vdsm/virt/vm.py", line 3279, in _run > self.preparePaths(devices[DISK_DEVICES]) > File "/usr/share/vdsm/virt/vm.py", line 2366, in preparePaths > drive['path'] = self.cif.prepareVolumePath(drive, self.id ) > File "/usr/share/vdsm/clientIF.py", line 309, in prepareVolumePath > vmId, device, params['vmPayload']) > File "/usr/share/vdsm/clientIF.py", line 353, in > _prepareVolumePathFromPayload > return func(vmId, payload['file'], payload.get('volId')) > File "/usr/share/vdsm/supervdsm.py", line 50, in __call__ > return callMethod() > File "/usr/share/vdsm/supervdsm.py", line 48, in > **kwargs) > File "", line 2, in mkFloppyFs > File "/usr/lib64/python2.6/multiprocessing/managers.py", line 740, in > _callmethod > raise convert_to_error(kind, result) > OSError: [Errno 5] could not create floppy file: code 1, out mkfs.msdos 3.0.9 > (31 Jan 2010) > > err mkfs.msdos: unable to create > /var/run/vdsm/payload/20dfe9dc-74c7-46c0-9708-19200de8e958.b490e14021f685d85d57d325b7f66520.img > > Thread-105499::DEBUG::2015-10-28 > 10:45:31,901::vm::2799::vm.Vm::(setDownStatus) > vmId=`20dfe9dc-74c7-46c0-9708-19200de8e958`::Changed state to Down: [Errno > 5] could not create floppy file: code 1, out mkfs.msdos 3.0.9 (31 Jan 2010) > > err mkfs.msdos: unable to create > /var/run/vdsm/payload/20dfe9dc-74c7-46c0-9708-19200de8e958.b490e14021f685d85d57d325b7f66520.img > (code=1) > Thread-90::DEBUG::2015-10-28 > 10:45:32,271::libvirtconnection::143::root::(wrapper) Unknown libvirterror: > ecode: 80 edom: 20 level: 2 message: metadata not found: Requested metadata > element is not present > JsonRpc (StompReactor)::DEBUG::2015-10-28 > 10:45:34,264::stompReactor::98::Broker.StompAdapter::(handle_frame) Handling > message > JsonRpcServer::DEBUG::2015-10-28 > 10:45:34,265::__init__::530::jsonrpc.JsonRpcServer::(serve_requests) Waiting > for request > Thread-105501::DEBUG::2015-10-28 > 10:45:34,271::stompReactor::163::yajsonrpc.StompServer::(send) Sending > response Selinux or ownership on that path? j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] It is possible to use vdsClient / virsh to start VMs in the event that engine is down?
> I do not see a way to start vm's in the event that an engine is down. I see > vdsClient -s 0 destroy works to shut them down. Yes, engine is SPOF. They invented hosted engine solution which pretends to bringe HA for engine but... I have no idea why it does not use JBoss based features like clustering. > Also, is it still possible to use non-read-only virsh commands? i tried using > saslpasswd2 to create an account, but that did not seem to work. You are doing something wrong then. Auth for virsh works ok, you just have to know how libvirt works with that sasl :) # grep ^sasldb /etc/sasl2/libvirt.conf sasldb_path: /etc/libvirt/passwd.db # saslpasswd2 -c -a libvirt testovic ... # strings /etc/libvirt/passwd.db | grep ^testovic testovic j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt-shell login problems
> i'm trying to connect to the engine using ovirt-shell, but i get [SSL: > UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:590). > Here is the command i use: > ovirt-shell -c --url " https://192.168.0.101:80/ovirt-engine/api " --user > "admin@internal" -A ovirt_ca.pem > > And the debugging mode with -d doesn't provide any additional output. > The CA cert file have i grabbed using the method mentioned at [1] using wget > -O ${CA_FILE} > http://${OVIRT}/ovirt-engine/services/pki-resource?resource=ca-certificate=X509-PEM-CA Try to use /etc/pki/ovirt-engine/ca.pem from engine host. Does it work? j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] poor graphic performances with spice
> From: "Nathanaël Blanchet"> To: users@ovirt.org > Sent: Wednesday, October 28, 2015 5:06:54 PM > Subject: [ovirt-users] poor graphic performances with spice > > Hello, > > I'm studying a possibility to use ovirt as a vdi solution with centos or > fedora guests. But using spice is awfull and graphics are very slow (in > particulary videos). Qxl drivers are installed and spice-vdagent works > as expected on the guest side. > However, it is amazing to see that glxgears benchmarks are good... > I wonder how it is possible to adopt such a vdi solution when the user > experience is so bad. > I may miss something and may need recommandations of experimented vdi > users :) > Thank you for your help. It's open-source. Your diffs are welcome. All right, how do you define slow? What is your actual setup/components and their versions? j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Installation failed
> Trying to add a node to our setup, but since today I'm getting an error when > adding. It looks like starting vdsm-network failed to start, due to this > error: > Oct 26 16:46:59 hv01.ovirt.gs.cloud.lan python[27521]: DIGEST-MD5 > parse_server_challenge() > Oct 26 16:46:59 hv01.ovirt.gs.cloud.lan python[27521]: DIGEST-MD5 > ask_user_info() > Oct 26 16:46:59 hv01.ovirt.gs.cloud.lan python[27521]: DIGEST-MD5 > make_client_response() > Oct 26 16:46:59 hv01.ovirt.gs.cloud.lan python[27521]: DIGEST-MD5 client step > 3 > Oct 26 16:46:59 hv01.ovirt.gs.cloud.lan python[27521]: DIGEST-MD5 client mech > dispose > Oct 26 16:46:59 hv01.ovirt.gs.cloud.lan python[27521]: DIGEST-MD5 common mech > dispose > Oct 26 16:46:59 hv01.ovirt.gs.cloud.lan vdsm-tool[27521]: libvirt: error : no > connection driver available for qemu:///system > Oct 26 16:46:59 hv01.ovirt.gs.cloud.lan systemd[1]: vdsm-network.service: > control process exited, code=exited status=1 > Oct 26 16:46:59 hv01.ovirt.gs.cloud.lan systemd[1]: Failed to start Virtual > Desktop Server Manager network restoration. > Oct 26 16:46:59 hv01.ovirt.gs.cloud.lan systemd[1]: Unit vdsm-network.service > entered failed state. I would uninstall vsdm*, libvirt*, qemu*, remove all config remnants and install it again and re-add host into engine. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Feature request: bind mounting filesystems
> From: "Steve Kilduff"> To: users@ovirt.org > Sent: Tuesday, September 1, 2015 5:01:10 PM > Subject: [ovirt-users] Feature request: bind mounting filesystems > > Hi, > > Bind mounting paths would be a great feature. It would hopefully make storage > backends transparent and not tie us to nfs or gluster. Idea is shared > storage is available on all servers at /mnt/share, ovirt would bind mount > this source on all servers. > > Maybe this even works, but in that case I cant find documentation or > examples. You are late ;) https://bugzilla.redhat.com/show_bug.cgi?id=1257506 j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Migration from all-in-one to self hosted engine tips?
> From: "Gianluca Cecchi"> To: "users" > Sent: Tuesday, September 1, 2015 8:48:09 AM > Subject: [ovirt-users] Migration from all-in-one to self hosted engine tips? > > Hello, > considering that all-in-one could become deprecated, any tips in migrating > > from: > workstation with Fedora 20 + oVirt 3.5.3 All-In-One and local disks > > to (when 3.6 released): > same workstation with Fedora 22 + oVirt 3.6.0 Self Hosted Engine > > ? > > I already tested direct migration from Fedora 20 to Fedora 22 on another > workstation (without oVirt). Only bugs found in that case: > - default kernel after migration is not the updated one (and had a bug with > Intel ICH8 sound modules) --> update of grub2 default kernel solves it > - nvidia kernel modules don't load and no graphic environment available due > to this > --> solved booting in init 3 and making a "depmod -a" and then kernel modules > are correctly loaded > > So it would be nice to get any suggestion, that I can eventually test on a > dev environment. tl;dr all but check https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.5/html/Installation_Guide/Migrating_to_a_Self-Hosted_Environment.html i personally migrated our env to above setup based on this documentation. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Migrating old VMWare VM to oVirt?
> From: "Chris Adams"> To: users@ovirt.org > Sent: Tuesday, September 1, 2015 5:04:10 PM > Subject: [ovirt-users] Migrating old VMWare VM to oVirt? > > I have an ancient VM that I need to migrate to oVirt if possible. It is > Windows 2000 Server on VMWare ESXi 4.1 (yeah, I know, please don't > laugh). > > Is there any possiblity of making this work? Reinstalling the Windows > system (or upgrading) is just not practical at this time, and I need to > get this thing off of the old VMWare box. check v2v https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/V2V_Guide/#subsect-convert-a-esx-guest (in fact rhevm is ovirt) j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Using both shared and local storage
> No, it doesn't work as expected. I would expect to have an option to attach > to any Virtual Machine storage which is either shared or local. It does work as expected, do your homework first to know how oVirt does work. Your expectation are just your expectations. Question: How would you migrate a VM in a cluster with local storage? Wouldn't glusterfs solve the issue? It can use those SSDs... (Not expert in glusters here...). j. > For example, I have database server so I could put on shared storage and > use local, SSD disk for data. I don't care if system is on "slow" network > storage but with a lot of space and in the same time, I can use limited, > but fast SSD space for data only. > > So, is this possible or not? > > [...] > > > Currently at the company, we are testing oVirt 3.5 as a cloud platform. > > > We have 4 nodes and GlusterFS as a shared storage. > > > Every node has another SSD disk, currently not used. What we would like > > is to > > > attach that local storage to particular host, so that some virtual > > machines > > > can be on local and some on shared storage. > > > If I try to create local storage, it works, but then host is in separate > > Data > > > Center. > > > If I try to add POSIX FS to node in existing Data Center, then all other > > > hosts stop working, since they can't access that local storage (kind of > > > expected). > > > > > > So, long story short - does shared and local storage mix and how? > > > > > > Thank you very much! > > > > Works as expected, doesn't it? What do you want to exactly achieve > > with local storage? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Daily online VM backups
> From: "gregor"> To: Users@ovirt.org > Sent: Sunday, August 30, 2015 11:01:49 AM > Subject: [ovirt-users] Daily online VM backups > > Hi, > > what is the best way to make daily backups of my VM's without shutting > them down? > > I found the Backup-Restore API and other stuff but no running > tool/script which I can use. I plan to integrate it into backuppc. Or is > there any "Best practice guide for backup"? ;-) > > In the meantime I integrated engine-backup into backuppc as a pre-script. IIUC you know the technical part of the topic but you want somebody will write for you backup scripts? j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt-engine 3.5.3: Access external provider via http proxy
> From: "Carlo Rodrigues"> To: users@ovirt.org > Sent: Saturday, August 22, 2015 12:23:52 AM > Subject: [ovirt-users] ovirt-engine 3.5.3: Access external provider via http > proxy > > Hello, > > I just installed oVirt 3.5.3 in a private network with no NAT. > > Obviously oVirt can't communicate with glance.ovirt.org. > > Is there a way to use an HTTP proxy like squid to connect to the outside > world? OVESETUP_RHEVM_SUPPORT/redhatSupportProxyPort=none:None OVESETUP_RHEVM_SUPPORT/redhatSupportProxy=none:None OVESETUP_RHEVM_SUPPORT/redhatSupportProxyUser=none:None OVESETUP_RHEVM_SUPPORT/configureRedhatSupportPlugin=bool:False OVESETUP_RHEVM_SUPPORT/redhatSupportProxyPassword=none:None OVESETUP_RHEVM_SUPPORT/redhatSupportProxyEnabled=bool:False Please submit RFE BZ in bugzilla for a feature which would enable routing all tcp/ip connections out of oVirt environment itself via HTTP (or SOCKS) proxy. (Meanwhile you could hack java process and include -D option for http proxy but this would probably break all tcp/ip connections.) Thx! j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Using both shared and local storage
> From: "Damir Marković" <dam...@nordeus.eu> > To: "Jiri Belka" <jbe...@redhat.com> > Cc: users@ovirt.org > Sent: Monday, August 31, 2015 2:02:10 PM > Subject: Re: [ovirt-users] Using both shared and local storage > > Thank you for your help, Jiri! > > My expectations are based on experience with other cloud platforms and > since oVirt doesn't work like that, we simply won't use it. :-) > My post was simply for purpose to see if I am missing something, but you > confirmed that I am not. > > Once again, thank you a lot! It is similar as assigning physical network card and then doing migration of virtual VM. Before NPIV for FC, I used to assign physical FC card to LPARs (IBM PowerVM virtualization solution) but then it was not possible to move the LPAR (VM). But it was supported. If you feel strong that it should be possible to have a VM with a disk on shared storage and on local storage as well, just create a RFE in oVirt bugzilla. I could imagine only use for this, having some "old static" data on such local disk which was synced ouf of oVirt env. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Graceful shutdown on power loss
From: John Gardeniers jgardeni...@objectmastery.com To: users users@ovirt.org Sent: Friday, August 7, 2015 7:38:00 AM Subject: [ovirt-users] Graceful shutdown on power loss I'm looking into the best way to shut down our VM environment if a power outage looks like draining the UPS batteries. Is there API documentation covering this or does someone know of a article somewhere on the topic? We're currently running v3.5 engine and v3.4 hypervisors with gluster v3.4 storage. Our setup uses RHEV rather than Ovirt, in case that makes a difference. You don't say much about your setup. Does your UPS hw have network card or serial/usb? Anyway I suppose you have to cook your own solution which would get data from your UPS boxes and shutdown the VMs via restapi. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Migrate to CentOS7 on new hardware
- Original Message - From: andreas ewert andreas.ew...@cbc.de To: users@ovirt.org Sent: Friday, August 7, 2015 1:12:03 PM Subject: [ovirt-users] Migrate to CentOS7 on new hardware Hello, I want to migrate my oVirt Hypervisors to CentOS7. My strategy is to install new boxes with CentOS7 and add them to the OVirt Cluster. But I get this message in engine.log: 2015-08-07 13:01:35,388 WARN [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (DefaultQuartzScheduler_Worker-55) [5b9014cb] Correlation ID: 5b9014cb, Job ID: eddd1466-307f-400e-8d9b-b8cd67c2433c, Call Stack: null, Custom Event ID: -1, Message: Not possible to mix RHEL 6.x and 7.x hosts in one cluster. Tried adding RHEL - 7 - 1.1503.el7.centos.2.8 host to a cluster with RHEL - 6 - 6.el6.centos.12.2 hosts. I use oVirt Engine Version: 3.5.2.1-1.el6 IIRC recent version also migration between cluster but with warning message. I don't remember if it was in 3.5 or 3.6 but it's doable. There should be some button in migrate dialog which shows more options. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] iSCSI question... LUNS-Targets balnk
From: Alan Murrell li...@murrell.ca To: users@ovirt.org Sent: Thursday, August 6, 2015 7:54:06 PM Subject: [ovirt-users] iSCSI question... LUNS-Targets balnk Hello, I am hoping someone here has had experience in setting up an iSCSI target using 'targetcli'. I followed the following guide: http://www.certdepot.net/rhel7-configure-iscsi-target-initiator-persistently/. This is on my single host (with hosted engine currently running; I am using a seperate HDD for the iSCSI storage) The iSCSI initiator of my host, from it's information page in oVirt, is iqn.1994-05.com.redhat:ba4cc8b3368e, so I created an ACL with that name. Here is a result of the listing in the 'acls' directory for my IQN: --- START --- /iscsi/iqn.20...gt1/tpg1/acls ls o- acls .. [ACLs: 1] o- iqn.1994-05.com.redhat:ba4cc8b3368e .. [Mapped LUNs: 1] | o- mapped_lun0 [lun0 block/block1 (rw)] --- END --- So it appears as though my host's initiator is mapped to my LUN 0. When I go in to oVirt and add iSCSI storage, the Discover finds my target, and I can even log in successfully, however when I click on the LUNS-Targets side tab, there are no LUNs listed, so I cannot add any iSCSI storage. Any ideas on why the LUN is not showing up? Have you tried to attach LUN on anything else then oVirt? This way you could find out if it is oVirt or a general issue. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Hosted Engine on SAS storage array
From: Cristian Mammoli c.mamm...@apra.it To: users users@ovirt.org Sent: Thursday, August 6, 2015 6:19:55 PM Subject: [ovirt-users] Hosted Engine on SAS storage array I see oVirt 3.6 support HE on fibre channel, what if I have a SAS SAN? Is it supported as well? Does 'SAS storage array' means serial-attached scsi disks which are located out of your engine box? If so then it would be (from OS perspective) a DAS (direct attached storage), wouldn't it? Local storage is not helpful if you want to use multiple hosts. Or at least I'm not aware of any solution for sharing DAS. If 'SAS storage array' means some reservation via SCSI commands whic is supported by storage box, then I would say - no it's not supported. But I could be mistaken. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] automatic migration on power failure
[...] HA option on VM also works fine, but it only restarts on the same host. below is our current setup. If the host is down how could engine's HA feature start VMs on same host (the one which is down)? HA should start VMs on any other host in same cluster. Maybe you have to describe more details... j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [Reports] Virtual machine Network usage statistics
From: Lionel Caignec caig...@cines.fr To: users@ovirt.org Sent: Wednesday, July 29, 2015 8:21:19 AM Subject: [ovirt-users] [Reports] Virtual machine Network usage statistics Hi, i've recently installed ovirt-engine-report, and i've a little problem with reports about VM. All graphs from Network inteface usage for VM are empty. Is it some configuration to do to get this data? All data for cpu/memory are ok. If I could recommend you, forget about reports. I know no one who likes it. You better feed your own metrics database yourself and get some reports from it via other tool. I do not orient well in this area but there's Grafana, InfluxDB, graphite... http://grafana.org/ j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] usb redirection in native mode does not work in linked clones
From: Cristian Mammoli c.mamm...@apra.it To: users@ovirt.org Sent: Monday, July 27, 2015 5:35:45 PM Subject: [ovirt-users] usb redirection in native mode does not work in linked clones Hi, linked clones with usb redirection in native mode does not start: engine error: VM TestPoolAuto-1 is down with error. Exit message: internal error: process exited while connecting to monitor: qemu-kvm: -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2: Duplicate ID 'usb' for device . We have had this issue fixed in the past. What is version of your oVirt environment? (That means - upgrade first, test and then let's see.). j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] upgrade to ovirt 3.5.3, vm quantity wrong!!
From: CheungPaul eq2...@msn.com To: users@ovirt.org Sent: Monday, August 3, 2015 3:30:42 AM Subject: [ovirt-users] upgrade to ovirt 3.5.3, vm quantity wrong!! Dear All , last week I upgrade ovirt 3.5.0 to 3.5.3 I hope it could fix some bug, but I met this problem look: all I running is 11 vm on this host, but it shows 17, do you guys know how to fixed it? Have you tried to get number of VMs via RESTAPI for comparison? Have you tried to `ps aux | grep qemu-kvm' on the hosts and compare the number of found VM processes? j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Is there a software-way to configure power management in oVirt?
From: lof...@lofyer.org To: users@ovirt.org Sent: Friday, July 31, 2015 3:58:39 AM Subject: [ovirt-users] Is there a software-way to configure power management in oVirt? Is there a software-way to configure power management in oVirt? Not all my clients have got IPMI. There's SSH soft fencing called by default but yeah, it needs working IP/sshd on hosts. What do you want to achieve? You want to cycle virtual hosts? If so check fence-agents-rhevm-4.0.11-17.el7.x86_64 which is one of vdsm deps. If you want something else, then steal rhevm fence agent code and modify to suit your needs. FYI I submitted this BZ for soft fencing agents https://bugzilla.redhat.com/show_bug.cgi?id=1251469 j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Ubuntu guest doesn't reboot properly
From: Alan Murrell li...@murrell.ca To: users users@ovirt.org Sent: Sunday, July 26, 2015 11:34:40 AM Subject: [ovirt-users] Ubuntu guest doesn't reboot properly I have an Ubuntu 14.04 guest (actually Zentyal server). Guest additions are installed from respository (and even displays the extra info like IP address, host name, memory use) in the oVirt dash board. Whenever I either reboot the guest or shut it down, it never seems to come up properly. It shows that it is powered on and it responds to ping, but I cannot SSH in (says connection refused). The SPICE console display just shows black with some slightly coloured bars in the upper left of the screen, so I am unable to determine what stage of the boot process it is on and/or if it is even at a login screen. I have a Windows 7 guest VM that reboots with no issue. I currently do not have another Linux guest VM to test with, but I plan on installing a Debian guest, CentOS guest, as well as a vanilla Ubuntu 14.04 guest to see if it is a Linux thing, and Ubuntu thing, or just something odd with the Zentyal spin of Ubuntu. I will report on my results (it may take a bit), but I wanted to check here to see if anyone else has already troubleshot this and what the findings and conclusions were? There's ovirt guest agent log in /var/log, please check it out. Also check vdsm.log on host to see if reboot was in operation. And last thing - what version do you have of your environment? Are all using latest versions? If not, update first... j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] reinstall hosted-engine with ovirt 3.5?
IIUC what you wrote, then there is backup available inside your engine VM as the backup is usual part of upgrade. Get the backup files from old engine VM, do fresh install with ovirt engine appliance and restore DB. j. - Original Message - From: Alastair Neil ajneil.t...@gmail.com To: Jiri Belka jbe...@redhat.com Cc: Ovirt Users users@ovirt.org Sent: Friday, July 17, 2015 6:10:54 PM Subject: Re: [ovirt-users] reinstall hosted-engine with ovirt 3.5? is there a mechanism to import the appliance image into the hosted engine? I am not sure how I would do this since I have no live access to my engine DB. On 17 July 2015 at 06:56, Jiri Belka jbe...@redhat.com wrote: From: Alastair Neil ajneil.t...@gmail.com To: Ovirt Users users@ovirt.org Sent: Thursday, July 16, 2015 5:38:41 PM Subject: [ovirt-users] reinstall hosted-engine with ovirt 3.5? Due to a moment of idiocy I accidentally upgraded my hosted-engine vm to Fedora 22 and now ovirt-engine will not start, I was able to get postgesql up an running so I was able to make a backup of the engine. As far as I know Ovirt 3.5 is not supported on F22, so my options seem limited. 1, update to the 3.6 prerelease 2, reinstall the VM, if I were doing this I would use CentOS 7 my preference would be to fresh install the hosted-engine. I am guessing the way to go about this would be to shutdown the HE broker and agent daemons on all the nodes, possibly clean the metadata? and the do a hosted engine deploy as though migrating from an external engine. Can anyone comment if this is reasonable? You can give a try to ovirt engine appliance and then restore from backup ;) j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Create Template error
From: Konstantinos Christidis kochr...@ekt.gr To: users@ovirt.org Sent: Tuesday, July 14, 2015 11:26:18 PM Subject: [ovirt-users] Create Template error Hello, Clone VM or Make Template took several minutes and failed with this error Failed with error ENGINE and code 5001 Full error engone log http://ur1.ca/n4iiu oVirt / CentOS7 and local PostgreSQL. File a bug report with attached logs. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] reinstall hosted-engine with ovirt 3.5?
From: Alastair Neil ajneil.t...@gmail.com To: Ovirt Users users@ovirt.org Sent: Thursday, July 16, 2015 5:38:41 PM Subject: [ovirt-users] reinstall hosted-engine with ovirt 3.5? Due to a moment of idiocy I accidentally upgraded my hosted-engine vm to Fedora 22 and now ovirt-engine will not start, I was able to get postgesql up an running so I was able to make a backup of the engine. As far as I know Ovirt 3.5 is not supported on F22, so my options seem limited. 1, update to the 3.6 prerelease 2, reinstall the VM, if I were doing this I would use CentOS 7 my preference would be to fresh install the hosted-engine. I am guessing the way to go about this would be to shutdown the HE broker and agent daemons on all the nodes, possibly clean the metadata? and the do a hosted engine deploy as though migrating from an external engine. Can anyone comment if this is reasonable? You can give a try to ovirt engine appliance and then restore from backup ;) j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Problem with Mac Spoof Filter
From: InterNetX - Juergen Gotteswinter j...@internetx.com To: users@ovirt.org Sent: Thursday, July 16, 2015 3:21:15 PM Subject: [ovirt-users] Problem with Mac Spoof Filter Hi, seems like the Setting EnableMACAntiSpoofingFilterRules only applies to the main IP of a VM, additional IP Adresses on Alias Interfaces (eth0:x) are not included in the generated ebtables ruleset. Is there any Workaround / Setting / whatever to allow more than one IP without completly disabling this Filter? Thanks, Juergen IIUC this works with hwaddr only: virsh # nwfilter-dumpxml vdsm-no-mac-spoofing filter name='vdsm-no-mac-spoofing' chain='root' uuidcd70b235-b0f7-461e-9080-7e6d750e2c70/uuid filterref filter='no-mac-spoofing'/ filterref filter='no-arp-mac-spoofing'/ /filter virsh # nwfilter-dumpxml no-mac-spoofing filter name='no-mac-spoofing' chain='mac' priority='-800' uuidb7bbb2e5-2208-47cb-a0e6-1d0a81b5e515/uuid rule action='return' direction='out' priority='500' mac srcmacaddr='$MAC'/ /rule rule action='drop' direction='out' priority='500' mac/ /rule /filter virsh # nwfilter-dumpxml no-arp-mac-spoofing filter name='no-arp-mac-spoofing' chain='arp-mac' priority='-520' uuid454abfeb-259c-4868-bf64-de1315a97aa6/uuid rule action='return' direction='out' priority='350' arp arpsrcmacaddr='$MAC'/ /rule rule action='drop' direction='out' priority='1000'/ /filter j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Unable to shutdown, poweroff or delete a VM
From: Mark Steele mste...@telvue.com To: users@ovirt.org Sent: Thursday, July 9, 2015 1:30:11 PM Subject: [ovirt-users] Unable to shutdown, poweroff or delete a VM We are running oVirt Version 3.5.0.1-1.el6. I have a VM on one of my hosts that appears to be stuck. The VM shows running, however I am unable to successfully shutdown, powerdown, or otherwise change the status of the VM. It is not pinging. The guest OS is Ubuntu 14.04 and the ovirt agent is installed. I have attempted to stop the vm from the ovirt-shell as well and get the following errors for each command: [oVirt shell ( connected )]# action vm connect-turbo-stage-03 stop == ERROR === status: 400 reason: Bad Request detail: Unexpected exception [oVirt shell ( connected )]# remove vm connect-turbo-stage-03 == ERROR === status: 409 reason: Conflict detail: Cannot remove VM. VM is running. [oVirt shell ( connected )]# action vm connect-turbo-stage-03 detach == ERROR === status: 400 reason: Bad Request detail: User is not authorized to perform this action. Check engine.log and if relevant submit a BZ. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Can not kill vm
Hi! I find a way to fix this! /etc/init.d/vdsmd stop kill -9 libvirtd pid /etc/init.d/vdsmd start tks! stopping vdsm or libvirtd is irrelevant. maybe you should learn about `pkill' which doesn't need to specify pid :) j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Get CPU and Memory Usage for VM and Host using ovirt java sdk
1)I would like to know if there is a way to fetch the “CPU and Memory Usage for VM “ and CPU and Memory Usage for a Host in the RHEVM environment using ovirt sdk in java. I am using ovirt-engine-sdk-java-3.5.0.5.jar. Can you please provide me with the java example if possible. The cpu and memory usage of the VM in the rhevm is as highlighted in the picture below. 2) Autostart attribute for a VM in RHEVM. Earlier when I was using libvirt 0.5.1 jar in a kvm system,I found that autostart attribute [vm. getAutostart ] is provided in the libvirt java sdk. “Autostart is a Boolean value which indicates whether the network is configured to be automatically started when the host machine boots” Is there any such attribute for a VM in RHEVM,if yes is there a way to fetch the auto start value using ovirt java sdk. Have you checked http://www.ovirt.org/Java-sdk ? j.___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] vdsm lvm filter
I've got a setup with with ovirt and an equallogic iscsi. Im using the dell hit drivers. Install all good, after a reboot the storage won't come up. From the vdsm logs i can see the volume groups can't be found. in the lvm vgs command the following filter is used: [ '\''r|.*|'\'' ] . If I change the LVMCONF_TEMPLATE in /usr/share/vdsm/storage/lvm.py and add the filter [ a|^/dev/eql/ovirt.*| ], the volume group is found and storage will be attached. How is the lvm filter constructed? And how can i make sure my volume groups are found without editing /usr/share/vdsm/storage/lvm.py? A shoot from darkness...: 134 USER_DEV_LIST = filter(None, config.get(irs, lvm_dev_whitelist).split(,)) 135 136 137 def _buildFilter(devices): 138 strippeds = set(d.strip() for d in devices) 139 strippeds.discard('') # Who has put a blank here? 140 strippeds = sorted(strippeds) 141 dmPaths = [dev.replace(r'\x', r'\\x') for dev in strippeds] 142 filt = '|'.join(dmPaths) 143 if len(filt) 0: 144 filt = 'a| + filt + |', 145 146 filt = filter = [ + filt + 'r|.*|' ] 147 return filt 148 149 150 def _buildConfig(devList): 151 flt = _buildFilter(chain(devList, USER_DEV_LIST)) 152 conf = LVMCONF_TEMPLATE % flt 153 return conf.replace(\n, ) So maybe lvm_dev_whitelist option in vdsm.conf ? j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [ovirt 3.5.1] Attach sysprep floppy from the API
I would like to attach a sysprep floppy to a Windows VM. Currently, I am able to configure the sysprep custom script from the API : PUT https://HOSTNAME/api/vms/{id} vm initialization custom_script{my content}/custom_script /initialization /vm After that, when I start the VM from the Web UI in RunOnce mode, I can attach the sysprep floppy to the VM. But how can I attach the sysprep floppy and start the VM in RunOnce mode from the API ? iiuc it's payload stuff, see http://www.ovirt.org/Features/VMPayload j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] oVirt timeouts
pls, howto change oVirt timeouts for status : 1) node ( brick) is power down / up 2) volume status for node(brick) is up/down They are too long ( I'm expecting a few sec. not a lot of minutes ) If it has some spacial reason, let me know about, pls. I don't do glusterfs here but see *_options tables in the DB or engine-config -a output. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Ovirt PXE boot wierdness
I have the engine running on separate HW with eth0 being the management interface I have 2 compute nodes with eth0 being the management interface and eth1 having a vlan trunk with all of the VM networks If I install a guest from the CD image it all works fine and picks up an IP from the DHCP server. However if I switch the boot order to PXE first the gPXE DHCP request times out. Using tcpdump I can see the DHCP discovery packets get as far out as the physical trunk interfact eth1 (i.e. it gets past all of the virtual interfaces) but any other machines in that same VLAN don't see the DHCP request and neither does the DHCP server. My network settings are: Name: TestCluster External Provider: NO Network label: TC Enable VLAN tagging: 306 VM network: YES MTU: Default 1500 Under 'Setup Host Networks' Boot Protocol: DHCP Any ideas? Is it really gPXE (which is not maintained anymore) or iPXE? If the former try to download iPXE, see ipxe.org. What about iptables? j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] FYI FreeBSD on POWER8
http://adrianchadd.blogspot.cz/2015/02/freebsd-on-power8-its-alive.html ...FreeBSD now boots inside of the hypervisor environment and seems stable enough to do development on. -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? ~~ http://en.wikipedia.org/wiki/Posting_style ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Thinking loud about VM's serial console access
On Sat, 18 Oct 2014 14:39:12 -0400 (EDT) Alon Bar-Lev alo...@redhat.com wrote: Please read [1]. I am unsure about concurrent access, this should be done using ssh bridge and now low level solution. Thanks, Alon [1] http://www.ovirt.org/Features/Serial_Console How will it behave when: - VM is being snapshotted? - VM is being migrated? - VM is suspended? - VM is being (cold)rebooted? At least for last two I suppose the serial console session will be interrupted. VMWare uses extended communication to inform virtual serial port concentrator about various action of a VM, thus proxy doesn't drop serial connections. http://www.vmware.com/support/developer/vc-sdk/visdk41pubs/vsp41_usingproxy_virtual_serial_ports.pdf j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Thinking loud about VM's serial console access
On Mon, 20 Oct 2014 08:40:34 -0400 (EDT) Alon Bar-Lev alo...@redhat.com wrote: - Original Message - From: Jiri Belka jbe...@redhat.com To: Alon Bar-Lev alo...@redhat.com Cc: users@ovirt.org Sent: Monday, October 20, 2014 2:40:01 PM Subject: Re: [ovirt-users] Thinking loud about VM's serial console access On Sat, 18 Oct 2014 14:39:12 -0400 (EDT) Alon Bar-Lev alo...@redhat.com wrote: Please read [1]. I am unsure about concurrent access, this should be done using ssh bridge and now low level solution. Thanks, Alon [1] http://www.ovirt.org/Features/Serial_Console How will it behave when: - VM is being snapshotted? - VM is being migrated? - VM is suspended? - VM is being (cold)rebooted? At least for last two I suppose the serial console session will be interrupted. VMWare uses extended communication to inform virtual serial port concentrator about various action of a VM, thus proxy doesn't drop serial connections. there is no reason why the proxy cannot retry for a while and reconnect to the new instance. however this will not be provided at first nor it is that important as client can always implement reconnect at its side, and handle this just like any other network failure. OK, I'm reading this as you haven't tested it with these actions. With real serial console one doesn't need to re-plug cable to get the console... Thus I'm not interested anymore in the topic. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Thinking loud about VM's serial console access
Hi, on KVM forum VM's serial console access was raised. I'd like to make some comments, hopefully it would help to think about how we would access VM's serial consoles in oVirt. 1. encrypted access (ssh preferable) is a must 2. not to type any automatically generated password to access serial console should be possible (like for spice) i can imagine a centralized console server could be used to manage all serial console accesses. usually such console servers are access via ssh and then a connection is spawned and sysadmin's ssh session is connected to remote serial console without any action 3. not to see a interactive menu should be possible there can be serial console output parser/monitor persistently running to catch kernel outputs and alerts in console. if kernel crashes, the output is on console and thus a monitoring can catch it 4. access to VM's serial console should not require to know where a VM is running (thus to know host fqdn/IP) this is obvious, a sysadmin wants to just get serial console without manual kung-fu 5. multi-user access to one VM's serial console in some paranoid environment there must be two people working together, each controlling other. whatever. multi-user concurrency should be possible, there can be passive serial console output parser/monitor and sysadmin's interactive session Hopefully the above will contribute to implementation design. All above is possible with open source tools while using real hw serial consoles, thus it would be expected that implementation for VM's serial console would work similarly. FYI I created RFE for qemu for TLS mode for chardev socket https://bugzilla.redhat.com/show_bug.cgi?id=1154115, so there could be a way not to use ssh to host as this has been not preferred by alonbl@ for other functionality in the past :) j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Thinking loud about VM's serial console access
I have posted a ready script and a VDSM hook for this exact use case a couple of years ago. http://www.ovirt.org/Features/Serial_Console_in_CLI The actual locateVM.py script is missing from there, but it's an elementary API script that will receive a VM name, find the VM's host location and start the shell Hi, well this is no way IMHO. 1. libvirt/virsh doesn't provide concurrent access to console 2. during migration there would be probably some issue with pty device 3. looks scary to do ssh via root to host (ssh via root should be eliminated as much as possible) Avocent has been selling to enteprise customers their console servers for ages, and they also have been selling a virtual console server appliance to operate with VMWare vCenter technology. The way how they do it is that VM's IP-enabled serial devices act as clients and connect to virtual serial port concentrator over network. This way there's active session opened during migration and VSPC allows temporary disconnected IP-enabled serial devices from its clients. I think we should do similar. If this is supposed to be a standard and vendors sell applicances for this, why not to use it? There's OSS alternative to Avocent virtual serial port concentrator, but it still acts only as plain concentrator, not as full console server. Some reading: https://github.com/isnotajoke/vSPC.py http://kb.vmware.com/selfservice/microsites/search.do?language=en_UScmd=displayKCexternalId=1022303 http://www.emersonnetworkpower.com/en-US/Products/InfrastructureManagement/SerialConsoles/Pages/AvocentACSv6000VirtualAdvancedConsoleServer.aspx On Fri, Oct 17, 2014 at 11:15 AM, Jiri Belka jbe...@redhat.com wrote: Hi, on KVM forum VM's serial console access was raised. I'd like to make some comments, hopefully it would help to think about how we would access VM's serial consoles in oVirt. 1. encrypted access (ssh preferable) is a must 2. not to type any automatically generated password to access serial console should be possible (like for spice) i can imagine a centralized console server could be used to manage all serial console accesses. usually such console servers are access via ssh and then a connection is spawned and sysadmin's ssh session is connected to remote serial console without any action 3. not to see a interactive menu should be possible there can be serial console output parser/monitor persistently running to catch kernel outputs and alerts in console. if kernel crashes, the output is on console and thus a monitoring can catch it 4. access to VM's serial console should not require to know where a VM is running (thus to know host fqdn/IP) this is obvious, a sysadmin wants to just get serial console without manual kung-fu 5. multi-user access to one VM's serial console in some paranoid environment there must be two people working together, each controlling other. whatever. multi-user concurrency should be possible, there can be passive serial console output parser/monitor and sysadmin's interactive session Hopefully the above will contribute to implementation design. All above is possible with open source tools while using real hw serial consoles, thus it would be expected that implementation for VM's serial console would work similarly. FYI I created RFE for qemu for TLS mode for chardev socket https://bugzilla.redhat.com/show_bug.cgi?id=1154115, so there could be a way not to use ssh to host as this has been not preferred by alonbl@ for other functionality in the past :) ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [ovirt-devel] oVirt 3.5 test day 2 results
'...no so usable', this is joke. It's real design failure. Do not take this personally but whoever approved this did bad job. No, of course: I'm not so proud of it too. :-) A previous attempt used ssh and scp to do all automatically but it was rejected being judged not so secure. Avoiding to use ssh and scp so seams a strong requirement; if you have any better idea feel free to propose it. I will not repeat myself again in details, all setup should be done from Admin portal, same was one adds a host. Anyway, job spent time on this work is useless. I hope it will be moved to trash bin, this is ridiculous. What is obvious is that who designed this is not UNIX sysadmin oriented junkie. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [ovirt-devel] oVirt 3.5 test day 2 results
On Thu, 31 Jul 2014 08:26:20 +0200 Jiri Belka jbe...@redhat.com wrote: '...no so usable', this is joke. It's real design failure. Do not take this personally but whoever approved this did bad job. No, of course: I'm not so proud of it too. :-) A previous attempt used ssh and scp to do all automatically but it was rejected being judged not so secure. Avoiding to use ssh and scp so seams a strong requirement; if you have any better idea feel free to propose it. I will not repeat myself again in details, all setup should be done from Admin portal, same was one adds a host. Anyway, job spent time on this work is useless. I hope it will be moved to trash bin, this is ridiculous. What is obvious is that who designed this is not UNIX sysadmin oriented junkie. FYA https://bugzilla.redhat.com/show_bug.cgi?id=1116017 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] ftp.snt.utwente.nl mirror doesn't have ovirt via rsync
Hi, could anybody responsible contact owners of this mirror and ask them to make oVirt available via rsync? j. ~~~ Welcome to the ftp.snt.utwente.nl archive. This service is provided to you by: Studenten Net Twente (SNT)http://www.snt.utwente.nl/ the University of Twente http://www.utwente.nl/ This system may be used 24 hours a day, 7 days a week. All transfers are logged with your hostname and email address. If you don't like this policy, disconnect now! We are available on: http://ftp.snt.utwente.nl/ ftp://ftp.snt.utwente.nl/ rsync://ftp.snt.utwente.nl/ Sponsors: Quarantainenet BV http://www.quarantainenet.nl Byte http://www.byte.nl Murphy Software B.V. http://www.murphy.nl Virtu Secure Webservices http://www.virtu.nl Utwente Faculty of TNWhttp://www.tnw.utwente.nl Sjoerd van Groning Daan van de Linde DISCLAIMER: Neither University of Twente nor SNT are liable for any use, storage or transmission of any files stored on this archive. Since much of our archive is mirrored from other servers, we can not check all files for virusinfections. Please proceed with caution. If you have any problems or comments about this archive, please send them via e-mail to ftpcom_at_snt.utwente.nl. Please also let us know if there is something we don't have that you think we should! gentoo-x86-portage Gentoo Linux Portage tree gentoo-portage Gentoo Linux Portage tree gentoo Gentoo Linux Distribution fedora Fedora Linux Distribution mandrakeMandrake Linux Distribution mandrake-isoMandrake Linux Distribution Iso's debian Debian Linux Distribution debian-archive Debian Linux Distribution Archive debian-ipv6 Debian Linux IPv6 Distribution debian-non-US Debian Linux Non-US Distribution backports Debian Linux Distribution debian-backportsDebian Linux Distribution deepin LinuxDeepin Packages deepin-cd LinuxDeepin Release CD Images freebsd FreeBSD Distribution openbsd OpenBSD Distribution netbsd NetBSD Distribution freedos FreeDOS Distribution linux-kernelLinux Kernel Mirror slackware Slackware Linux Distribution suseSuse Linux Distribution cpanComprehensive Perl Archive Network xfree86 XFree86 apache Apache Webserver archlinux Arch Linux mirror mageia Mageia Project mirror cygwin-ftp cygwin ftp area eximExim Mailer gnu The GNU Project gnupg GNU Privacy Guard kameKAME Project usagi UniverSAl playGround for Ipv6 kde K Desktop Environment mozilla Mozilla Current Release Only mozilla-current Mozilla Current Release Only mozilla-releasesMozilla Software Releases muttMutt E-Mail Client mysql MySQL Database openoffice OpenOffice.org openoffice-extended OpenOffice.org extended data samba Samba rsync Rsync gnoppix Gnoppix ubuntu-releases ISO images of the Ubuntu releases ubuntu-archive Packages in the Ubuntu Archive tex CTAN community mirror for Tex tdf The Document Foundation xbmcMain XBMC File Repository ~~~ ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] broken mirror - ftp.nluug.nl
Hi, could anybody responsible contact owners of this mirror to repair it? same via http... j. ~~~ # rsync --progress -a -vv --exclude-from=ovirt-3.5-pre.exclude \ rsync://ftp.nluug.nl/ovirt/ovirt-3.5-pre/ ./ 21 | tail rsync: send_files failed to open /ovirt-3.5-pre/rpm/el6/repodata/ebecd4b94e21b74ab316613e1d7b691b1bbdf94458f2379a360e832ab02aa9ab-filelists.sqlite.bz2 (in ovirt): Permission denied (13) rsync: send_files failed to open /ovirt-3.5-pre/rpm/el6/repodata/f0b68ae5785cc196d864a69fd412f9ec8b8e55f5e502cebce8763f8d88efee86-primary.xml.gz (in ovirt): Permission denied (13) rsync: send_files failed to open /ovirt-3.5-pre/rpm/el6/repodata/f19a6460fde53ec087366afb6dea696d1633dc516d3474e26d47fd32ec3da34d-filelists.xml.gz (in ovirt): Permission denied (13) rsync: send_files failed to open /ovirt-3.5-pre/rpm/el6/repodata/f6a676be4d0abe84266175744759247c560f5de70cb410abefdf52ec2f60dcb9-filelists.xml.gz (in ovirt): Permission denied (13) rsync: send_files failed to open /ovirt-3.5-pre/rpm/el6/repodata/f71afa837e0bff24395d6a8ba4660613182c2d6eba648504d4f367b793bb8a6a-primary.sqlite.bz2 (in ovirt): Permission denied (13) rsync: send_files failed to open /ovirt-3.5-pre/rpm/el6/repodata/fd1d726943a4c01da84af9ba56e7abc284e9fda283d4eb959e0835f7ca29eef5-primary.sqlite.bz2 (in ovirt): Permission denied (13) sent 5418 bytes received 86056 bytes 12196.53 bytes/sec total size is 3353996928 speedup is 3.12 rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1505) [generator=3.0.6] ~~~ ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] oVirt mirror health report
Hi, oVirt mirrors are not really great, could you consider to make a health status reporting - out of sync, broken,...? This way you could remove bogus mirrors which would just make people upset. Inspiration: http://spacehopper.org/mirmon/ j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [ovirt-devel] oVirt 3.5 test day 2 results
On Wed, 30 Jul 2014 09:04:10 -0400 (EDT) Simone Tiraboschi stira...@redhat.com wrote: We choose that way to avoid to ask to the user to provide the root password of the engine host, in order to automatically copying files via SCP or executing commands over ssh on the remote host, for security reasons. I agree with you that due to that assumption this result is not so usable. '...no so usable', this is joke. It's real design failure. Do not take this personally but whoever approved this did bad job. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Using Virtio-SCSI passthough on SCSI - Devices
On Fri, 25 Apr 2014 13:40:09 + Daniel Helgenberger daniel.helgenber...@m-box.de wrote: Hello, does anyone have an idea on how to accomplish this? In my particular setup, I need a FC tape drive passed though to the vm. Note, passing throuh FC - LUNs works flawlessly. If I understood Virtio -SCSI correctly, this should be possible from libvirt's part. I can be wrong but my understanding is that dm-mpio works on block layer thus it does not support multipath for tapes/cd-devices. But I could be wrong, I got this info from an OpenBSD paper comparing SCSI multipath implementation. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] php on jboss
On Mon, 24 Mar 2014 09:23:39 -0400 (EDT) Alon Bar-Lev alo...@redhat.com wrote: You can put custom files under /usr/share/ovirt-engine/files it will be available for you at: http:///ovirt-engine/files unix-style nitpicking... hier(7): /usr This directory is usually mounted from a separate partition. It should hold only sharable, read-only data, so that it can be mounted by various machines running Linux. Of course we do not support cgi-bin but plain files... but it may address your needs. Please make sure you have your own subdirectory under files, so no conflicts. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] [RFI] GUI Changes for oVirt 4.0
On Tue, 18 Mar 2014 10:47:16 + Sven Kieske s.kie...@mittwald.de wrote: So there are to many ways you can configure the same setting. 100% agree, duplicity between the tree and main tabs is crazy. If I could wish anything, I would keep the tree but I would make it more nice and clever - one tree for physical schema, another one for virtual schema (minic tagging, creating groups for related things). Plus I would like to have right pane to show me quickly general overview about things selected in left tree (example: If I would be in a virtual folder called 'webapp' consisting of couple of related VMs, I would love to see in right pane the list of VMs, graphs about CPU usage, network usage, storage usage...; more details about the objects could be implemented in some tab inside right pane - example: default right pane would display info as written above, but details about CPU, storage would be in separate tabs...). However, bad decision would be like nightmare for ages, one likes main tabs, another one likes the tree :) j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Best practice for securing oVirt's NFS mounts
On Tue, 11 Mar 2014 10:23:19 -0700 Prakash Surya sur...@llnl.gov wrote: Hi, All the documentation I've seen states that the oVirt NFS storage should use the all_squash,anonuid=36,anongid=36 options. Obviously this isn't secure, so I'm curious how others have locked down their NFS storage? Is the best option to just limit access to these NFS exports to the IP addresses of the hypervisor nodes (and maybe the engine)? Is there a better way to go about this? Run vlans and have some active monitoring for physical ports up|down states etc... If you cannot control your environment then ask yourself if you trust your infrastructure provider at all. You can run kerberized NFS etc... but what about kerberos security? The beginning is trust towards your infrastructure. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] test day help -- console
On Wed, 12 Feb 2014 12:10:47 -0500 (EST) Greg Sheremeta gsher...@redhat.com wrote: - Original Message - From: Jiri Belka jbe...@redhat.com To: Greg Sheremeta gsher...@redhat.com Cc: users users@ovirt.org Sent: Wednesday, February 12, 2014 4:17:29 AM Subject: Re: [Users] test day help -- console On Tue, 11 Feb 2014 17:57:52 -0500 (EST) Greg Sheremeta gsher...@redhat.com wrote: I'm having a tough time getting a VM console working via VNC. I set a VM to use VNC, and I installed virt-viewer. 1. When I try to open a .vv file with virt-viewer, I get an error Cannot find guest domain /var/tmp/console.vv 2. Using a VNC client to connect to the host with the password in the .vv file just immediately disconnects it -- no error message. 3. noVNC just gives me an empty popup with a gray background. virt-viewer works ok even on my OpenBSD machine at home. First check version, if old, compile/upgrade yourself. Updating to latest spice-gtk, gtk-vnc, virt-viewer recently solved virt-viewer core dumps when I had RHEL with GNOME and qxl driver. j. What version do you have? Greg Latest today or some days ago (checking project's website) is 0.6.0. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] snapshots not shown in webadmin on 3.3.3
On Wed, 12 Feb 2014 16:41:06 -0500 (EST) Eli Mesika emes...@redhat.com wrote: - Original Message - From: Juan Pablo Lorier jplor...@gmail.com To: users users@ovirt.org Sent: Wednesday, February 12, 2014 6:37:28 PM Subject: [Users] snapshots not shown in webadmin on 3.3.3 Hi, I've updated to 3.3.3 last week and now I find that the snapshots are not shown in webadmin. I've taken some new ones to see if it was due to the migration, but though they finish correctly, they are not shown in the webadmin tab. Is there a way to list the snapshots other than the webadmin? Juan I had reproduced that in 3.4 beta 2 , can you please open a bug on that ? Thanks Eli If this is just Web UI issue than it is known for long time. But there's no clear reproducer (BZ was filled for RHEVM 3.3). This has something to do with Firefox cache. With clear FF profile snapshots are visible. But after some time when are not visible until full reload of the page. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] test day help -- console
On Tue, 11 Feb 2014 17:57:52 -0500 (EST) Greg Sheremeta gsher...@redhat.com wrote: I'm having a tough time getting a VM console working via VNC. I set a VM to use VNC, and I installed virt-viewer. 1. When I try to open a .vv file with virt-viewer, I get an error Cannot find guest domain /var/tmp/console.vv 2. Using a VNC client to connect to the host with the password in the .vv file just immediately disconnects it -- no error message. 3. noVNC just gives me an empty popup with a gray background. virt-viewer works ok even on my OpenBSD machine at home. First check version, if old, compile/upgrade yourself. Updating to latest spice-gtk, gtk-vnc, virt-viewer recently solved virt-viewer core dumps when I had RHEL with GNOME and qxl driver. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] HA and SPM host
On Tue, 11 Jun 2013 12:16:28 -0400 Marc Seward linuxuse...@gmail.com wrote: Hi all, In a 2 hypervisor setup,if host1 is fenced(host1 is also the SPM host) and it has HA VMs running on it,would these VMs be started on host2 only after host2 is elected as the SPM host? It would first try to migrate VMs and if this won't work if would fence SPM host and start HA VMs on other (now new SPM) host. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] I accidentally the whole database. Or: Can I re-import a running vm into the engine-db?
On Tue, 4 Jun 2013 03:30:42 -0400 (EDT) Omer Frenkel ofren...@redhat.com wrote: well im not sure if there is a tool that does it automatically, but you can try the following (never tried this before, but should work): on the host that run the vms: * run vdsClient 0 getAllVmStats (or vdsClient -s 0 getAllVmStats if you are using secure connection) * find in the result the vm id (first line) and the image id for each disk of the vms * find under /rhev/data-center/{dc-id}/mastersd/master/vms/{vm-d}/ the ovf file which contains the vm info * find the vm disk images on the storage domains * use ovirt-image-uploader to upload the vm to an export domain (you need to look how exactly to do this one.. :) ) * import the vm. UUIDs can be discovered from qemu-kvm process args too. jbelka ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] deduplication
On Tue, 28 May 2013 14:29:05 +0100 (WEST) supo...@logicworks.pt wrote: That's why I'm making this questions, to demystify some buzzwords around here. But if you have a strong and good technology why not create buzzwords to get into as many people as possible? without trapped them. Share a disk containing static data is a good idea, do you know from where I can start? Everything depends on your needs, design planning. Maybe then sharing disk would be better to share via NFS/iscsi. Of course if you have many VMs each of them is different you will fail. But if you have mostly homogeneous environment you can think about this approach. Sure you have to have plan for upgrading base static shared OS data, you have to have plan how to install additional software (different destination than /usr or /usr/local)... If you already have your own build host which builds for you OS packages and you have already your own plan for deployment, you have done first steps. If you depend on upgrading each machine separately from Internet, then first you should plan your environment, configuration management etc. Well, in many times people do not do any planning, they just think some good technology would save their poor design. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] deduplication
On Tue, 28 May 2013 13:00:36 +0200 Jiri Belka jbe...@redhat.com wrote: On Sat, 25 May 2013 15:02:40 +0100 (WEST) supo...@logicworks.pt wrote: is deduplication possible? If we would talk about OSS systems then Dragon Fly BSD's hammerfs or Open Indiana ZFS (FreeBSD has it too) support deduplication and such filesystems are exported as NFS (so can be used as data domain). If you would not use Linux (as they broke having /usr as separate filesystem) and you would design your unix-like VMs correctly, you can share a disk containing static data like /usr, /usr/local between VMs as a kind of deduplication without being trapped by buzzword technologies. j. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] users quota and limit ips
On Thu, 18 Apr 2013 16:15:38 +0200 Andrej Bagon andrej.ba...@arnes.si wrote: Hi all, we are wondering how can we limit a user to use IPs we give him and not others. Best is understood from an example: - we give a user a quota (with x CPU, y memory and z disk space) - a user can create one VirtualMachine with all the resources, or more VirtualMachines with smaller resources. - we want to give a user a pool of IPs. He should not use other IPs. If he uses other IP it should not be routable. Is there a solution for this problem? Normal solution: * mirror port on your switch which is forwarded to a NIDS and search for unauthoried IPs MACs pairs Software foo can to everything solution: * libvirt know nwfilter * vdsm has hooks thus combination of your own nwfilters, custom properties and vdsm hooks. Or raise a RFE so we could assing nwfilters to a VM. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] snapshots, checkpoints etc...
Probably not the best list for this question but anyway... * snapshot as it is done with 'savevm' from qemu monitor saves disk, cpu, memory state of running VM... but 1. it must be qcow2 image 2. it pauses the VM for couple of seconds is this right? * snapshots is only for block devices, are done offline * live snapshot is only for block devices, can be done online * snapshot tree with branches is not supported now am I right? So my understanding there is no way to have a photo, in qemu language _checkpoint_, in VMWare language _snapshot_ without interupting the VM. Am I right? Any comments? This topic is quite confusing while searching Internet. jbelka ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] GlusterFS 3.4
On Tue, 26 Mar 2013 12:14:54 + martin.krali...@accenture.com wrote: Hi, I have got issue with adding new host to ovirt 3.2.1 (Fedora 18) because host required GlusterFS 3.4, but there is not include in ovirt or fedora repo and version 3.4 is available only as alpha? Available is only GlusterFS 3.3.1 Error message: Failed to install Host name. Yum [u'vdsm-gluster-4.10.3-10.fc18.noarch requires glusterfs = 3.4.0']. Host OS: Fedora 18 64b Is it problem to add repo? http://download.gluster.org/pub/gluster/glusterfs/qa-releases/3.4.0alpha/Fedora/fedora-18/x86_64/ ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Ovirt Guest Tools/ spice-guest tools
On Mon, 25 Mar 2013 18:57:28 +0530 Abhi Sharma me.always.availa...@gmail.com wrote: Hello David, i am getting error during join domain in red hat enterprise virtulization 3 . i tried every thing but i am not able to resolve error. error is :- Error: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct.. Problematic domain is: tgstg49.example.com Failure while applying Kerberos configuration. Details: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct. So you want to say you have a problem to integrade your linux client into Windows AD? I use following: authconfig --disablecache --enablewinbind --enablewinbindauth \ --smbsecurity=ads --smbworkgroup=$MYDOMAIN \ --smbrealm=$MYFULLDOMAINREALM -- enablewinbindusedefaultdomain \ --winbindtemplatehomedir=/home/%D/%U \ --winbindtemplateshell=/bin/bash --enablekrb5 \ --krb5realm=$MYFULLDOMAINREALM --enablekrb5kdcdns \ --enablekrb5realmdns --enablelocauthorize --enablemkhomedir \ --enablepamaccess --updateall net ads join osName=RHEL osVer=6 -U $someuser@$MYDOMAINREALM ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] what is volume in ovirt
On Fri, 22 Mar 2013 17:33:44 +0800 (CST) bigclouds bigclo...@163.com wrote: Hi,all please explain what is volumes in ovirt, 1. especially STRIPE,DISTRIBUTED_STRIPE,REPLICATE,DISTRIBUTED_REPLICATE,DISTRIBUTE 2. bricks thanks google for glusterfs ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] openvswitch intergration status
Hi, is there a plan to integrate openvswitch, if so what's status? Basic bridging sucks, and now everything is virtual, no? :) Maybe some benefits: * decreases cost for special (legacy) enterprise switches * virtualization buzzword included * one can simulate switch in ovirt (that was my start to investigate, i wanted to have a trunk port pointing to virtualized FW and couple of vlans with guests, not possible right now in ovirt, each vlan = one iface) * there's backward compatibility - see http://packages.debian.org/sid/openvswitch-brcompat Let's be hype :D jbelka ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] Tip for oVirt marketing improvement - HA and features comparison
Hi, a Czech company running vCloud has a nice webpage with little schema of hw architecture which changes if you click on a hw item making it as failed, then it shows redundant paths to continue funcionality. It also has nice feature (even old) comparison between VMWare/Hyper-V/Xen/KVM. Check 2/3 part of http://www.master.cz/cloud-hosting/ Something like this was be nce for oVirt. jbelka ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Migrating engine-setup to otopi
On Thu, 14 Mar 2013 06:13:39 -0400 (EDT) Alex Lourie alou...@redhat.com wrote: Hi All Recent development of the otopi [1] framework allows us to migrate the engine-setup, upgrade and cleanup (and potentially other) utilities to implementation as an otopi plugin. Potential benefits of such a move are: 1. Be able to port engine to other distributions. Really? Beside this topic I see hardcoded usernames in scripts... http://gerrit.ovirt.org/#/c/12551/2/backend/manager/dbscripts/dbfunctions.sh,unified Anyway, everything what is not RPM/YUM specific and more portable is good way... jbelka ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Migrating engine-setup to otopi
On Thu, 14 Mar 2013 07:06:04 -0400 (EDT) Alex Lourie alou...@redhat.com wrote: 1. Be able to port engine to other distributions. Really? Beside this topic I see hardcoded usernames in scripts... http://gerrit.ovirt.org/#/c/12551/2/backend/manager/dbscripts/dbfunctions.sh,unified These usernames are not hard-coded. There are default values present which are kept for local installations, but with remote DB setup the user is prompted to provide a username of her/his own. Not everywhere are postgresql dirs owned by postgres, on some BSDs it is _postgresql. jbelka ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Features requests for the setup/configuration utilities - feedback requested
On Thu, 14 Mar 2013 12:12:25 +0002 Alex Lourie alou...@redhat.com wrote: Hi All As we are working on the configuration utilities (engine-setup, engine-upgrade and engine-cleanup), we would like to get as much community involvement as possible. As such, we'd like to hear the wishes of the community in regards with those tools. 1. do not think yum is everywhere, make package upgrade extensible by some subclasses (apt-get, pkg_add...) 2. usernames are not same everywhere postgres is not everywhere 3. do not make absolute symlinks, some packaging tools scream 4. do not use #!/bin/bash but #!/bin/sh, in 99,9% people are not using anything special from bash anyway jbelka ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Features requests for the setup/configuration utilities - feedback requested
I'll talk about RHEVM but it's probably related to oVirt too. As rhevm installs all deps, I'm curious why versionlock.list is populated after rhevm-setup and _not_dirrectly during installation (maybe because you would need to hardcode versions into rhevm package?). It took me tens of minutes to figure out why is upgrade working differently now, just because I did _NOT_ do rhevm-setup after clean install because I was thinking I know what files are important and was restoring them from a tarball. I think running rhevm-setup if you just want to restore is stupid. If we would know 100% which files are involved, just install, restore from backup, restore DB should be sufficient, without loosing time with rhevm-setup which just writes there and here... :) jbelka ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Features requests for the setup/configuration utilities - feedback requested
On Thu, 14 Mar 2013 14:44:48 +0002 Alex Lourie alou...@redhat.com wrote: Hi Jiri On Thu, Mar 14, 2013 at 4:30 PM, Jiri Belka jbe...@redhat.com wrote: I'll talk about RHEVM but it's probably related to oVirt too. As rhevm installs all deps, I'm curious why versionlock.list is populated after rhevm-setup and _not_dirrectly during installation (maybe because you would need to hardcode versions into rhevm package?). It took me tens of minutes to figure out why is upgrade working differently now, just because I did _NOT_ do rhevm-setup after clean install because I was thinking I know what files are important and was restoring them from a tarball. I think running rhevm-setup if you just want to restore is stupid. If we would know 100% which files are involved, just install, restore from backup, restore DB should be sufficient, without loosing time with rhevm-setup which just writes there and here... :) I don't really follow you here. What are you restoring with rhevm-setup? My previous (wrong) procedure to restore old version was: rhevm-cleanup, yum remove rhevm\*, rm -rf $dirs, yum install rhevm\*, tar xvzpf /backup.tgz, ./restore.sh for DB... which was not fully correct as I haven't known /etc/yum/plugin.d/versionlock.list is touched by rhevm-setup as well and thus yum was working very strange during next normal upgrade. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Is it possible to change the DB password for local postgresql?
On Thu, 14 Mar 2013 17:17:18 +0100 Ernest Beinrohr ernest.beinr...@axonpro.sk wrote: On 13.03.2013 11:57, Alon Bar-Lev wrote: You need to change the /etc/sysconfig/ovirt-engine password as well. ^^^ world readable, very funny. Are we back in 80ies when /etc/passwd had passwords and was world readable (and under attacks all the time)? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] oVirt support for backup/restore
On Mon, 04 Mar 2013 12:10:54 +0100 Ricky Schneberger ri...@schneberger.se wrote: Hi, How can I do if I want to schedule a daily live-snapshot of a VM for backup purpose? I have backup software inside my VMs (Netvault), but in some cases I just want to do daily snapshots and use them as backups. Live snapshot does not save memory state, IIRC. So either shutdown all VMs or do not think about this as solid backup solution. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] oVirt support for backup/restore
On Mon, 04 Mar 2013 12:52:53 +0100 Ricky Schneberger ri...@schneberger.se wrote: Live snapshot does not save memory state, IIRC. So either shutdown all VMs or do not think about this as solid backup solution. Hi, If I dont think about it as a solid solution, is it doable? Even with a manual live snapshot I will lack this memory state, right? All I want if I must restore a snapshot is to get the WM up on track in an earlier state. The snapshot like in VMWare world which saves even memory is called checkpoint in qemu-kvm world. And IIRC it is not implemented yet. Live snapshot is doable, no problem. The problem can be your design. As you know a lot of apps do not write to filesystem immediately, so snapshot backup is useless. So either shutdown/think twice or forget it. But others can have different view... Backup is thing you _must_ trust, if you design is broken, the consequences are terrific! If your goal is to have fast disaster recovery, then why not to have backup machine or some clustered solution? jbelka ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Pools and pre-started VM in 3.2
On Tue, 26 Feb 2013 16:10:00 +0100 Gianluca Cecchi gianluca.cec...@gmail.com wrote: Hello, f18 node + f18 engine, both in 3.2 final. If I create a pool, the prestarted VM field is grayed out. See: https://docs.google.com/file/d/0BwoPbcrMv8mvN3d2a0drb0szYk0/edit?usp=sharing After creation of this 5-VM pool, I can go and edit it and set 2 in prestarted field, and after several seconds 2 VM are correctly started by engine. Do I have to configure any engine parameter to be able to set prestarted VM at pool creation? Or is this the expected behavior to set only on edit? Works as design, when creating a pool you still do not know/have all VMs, so you cannot guarantee they would be prestarted. So when the pool is really created, then you edit and defined number of prestarted VMs. Am I right? jbelka ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] oVirt 3.2 and Solaris 10 guests
On Thu, 14 Feb 2013 10:49:13 -0500 Jean-Francois Saucier jsauc...@gmail.com wrote: oVirt 3.2: -netdev tap,fd=25,id=hostnet0 -device rtl8139,netdev=hostnet0,id=net0,mac=00:1a:4a:00:64:9e,bus=pci.0,addr=0x3,bootindex=3 ^^^ - realtek, really? Try e1000 which is usually much more reliable or virtio iface. I personally always had terrible experience with emulated rtl8139 by qemu-kvm, e1000 was OK. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] OS-independent ovirt-engine distribution archive
On Tue, 15 Jan 2013 08:57:16 +0100 Jiri Belka jbe...@redhat.com wrote: On Wed, 9 Jan 2013 09:43:55 -0500 (EST) Alon Bar-Lev alo...@redhat.com wrote: Hello Moran, It should be not that difficult to add jenkins job to build a package using 'make' and pack it up as tarball. What do you think? Alon Any news? Ping again :) jbelka ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] How to connect to console after another user logged out
On Sun, 3 Feb 2013 23:43:21 +0100 Gianluca Cecchi gianluca.cec...@gmail.com wrote: Hello, I have 3.2 beta and a Fedra 18 VM configured with spice access. One user connects to portal and access it, then terminates his session and closes the spice console window and log out from portal. Another user connects to portal and tries to connect to the same VM that is still powered on. It receives this message: Error: F18: Console connection denied. Another user has already accessed the console of this VM. The VM should be rebooted to allow another user to access it, or changed by an admin to not enforce reboot between users accessing its console. Check VM properties - Console - Advanced params - Disable strict user checking. jbelka ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] hierarchy map of ovirt environment
Hello, in vSphere you can have 'views' like Storage views, Network views... Example: http://i.techrepublic.com.com/blogs/sept-2010-virtualizationtips-tip4-figc.jpg This is very useful, typical scenario is when delivery manager asks sysadmins about potential impact on VMs when a scheduled update of a switch/storage box goes wrong. It's easy in vSphere, just check 'views' and you will see it. Something like this possible in oVirt? It would be nice to have it as 'map', also as 'result' of searching, something like... vms: network.name = foo and network.risk = down jbelka ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Network reconfiguration in ovirt 3.1
On Mon, 14 Jan 2013 13:36:04 +0200 Itamar Heim ih...@redhat.com wrote: On 12/27/2012 03:48 PM, Dan Kenigsberg wrote: ... http://www.ovirt.org/Features/Normalized_ovirtmgmt_Initialization I was reading about QinQ yesterday and discovered it is one of featurse that the project would like to see in oVirt. Now I'm curious, as NetworkManager has been around for couple of years and still it is not finished, why oVirt want to depend of this tool? Wouldn't be better to use libvirt networking features for portability as well and/or talk to libvirt devs to implement features which you would like to see? jbelka ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] OS-independent ovirt-engine distribution archive
On Wed, 9 Jan 2013 09:43:55 -0500 (EST) Alon Bar-Lev alo...@redhat.com wrote: Hello Moran, It should be not that difficult to add jenkins job to build a package using 'make' and pack it up as tarball. What do you think? Alon Any news? jbelka ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users