[ovirt-users] Re: [IMPORTANT] Upgrade to postgresql-jdbc-42.2.14-1 breaks oVirt Engine 4.4/4.5

2022-05-13 Thread Martin Perina
On Thu, May 12, 2022 at 7:39 AM Yedidyah Bar David  wrote:

> On Wed, May 11, 2022 at 10:18 PM Martin Perina  wrote:
> >
> > Hi,
> >
> > as mentioned in 4.5.0.8 announcement and Doc Text of
> https://bugzilla.redhat.com/show_bug.cgi?id=2077794 postgresql-jdbc >=
> 42.2.14 is required for ovirt-engine to work properly.
> >
> > So please remove the exclude, update postgresql-jdbc to the latest and
> restart ovirt-engine service.
>
> Perhaps we should have updated the spec file to Require: the correct
> version.
>
> This would have caused engine-setup (upgrade), if the new version was
> excluded/blocked/whatever, to fail - rather early and safely, IMO.
>

Right, unfortunately we have somehow missed that 
It should be fixed in oVirt 4.5.1:
https://github.com/oVirt/ovirt-engine/pull/373

>
> Best regards,
>
> >
> > Martin
> >
> > On Wed, May 11, 2022 at 4:52 PM Maton, Brett 
> wrote:
> >>
> >> Probably worth pointing out that if you (as I did) update to 4.5.0.8
> and exclude the postgresql-jdbc update you'll wind up with
> >>
> >> 500 - Internal Server Error
> >>
> >> When you try to login to the admin console again.
> >>
> >> On Wed, 11 May 2022 at 13:43, Martin Perina  wrote:
> >>>
> >>> Hi,
> >>>
> >>> oVirt 4.5.0.8 async release has fixed the issue with postgresql-jdbc
> drivers:
> >>>
> >>>
> https://lists.ovirt.org/archives/list/users@ovirt.org/thread/GAENJ2DPZSDCC276KM5QKUAZE5XPWTRG/
> >>>
> >>> So for oVirt 4.5.0.8 you no longer need to exclude postgresql-jdbc >=
> 42.2.14 package during installation/upgrade.
> >>>
> >>> Regards,
> >>> Martin
> >>>
> >>>
> >>> On Fri, Apr 22, 2022 at 5:35 PM Martin Perina 
> wrote:
> >>>>
> >>>> Hi,
> >>>> Unfortunately we have just found that latest release of
> postgresql-jdbc-42.2.14-1 breaks existing oVirt Engine 4.4 and 4.5
> installations running on CentOS Stream.
> >>>> The workaround is to downgrade to previous version, for example
> postgresql-jdbc-42.2.3-3 should work fine.
> >>>>
> >>>> Here are detailed instructions:
> >>>>
> >>>> 1. If you have already upgraded to postgresql-jdbc-42.2.14-1, please
> downgrade to previous version:
> >>>>
> >>>> $ dnf downgrade postgresql-jdbc
> >>>> $ systemctl restart ovirt-engine
> >>>>
> >>>> 2. If you are going to upgrade your oVirt Engine machine, please
> exclude postgresql-jdbc package from upgrades:
> >>>>
> >>>> $ dnf update -x postgresql-jdbc
> >>>>
> >>>> We have created https://bugzilla.redhat.com/2077794 to track this
> issue, but unfortunately we don't have a fix yet.
> >>>>
> >>>> Regards,
> >>>> Martin
> >>>>
> >>>> --
> >>>> Martin Perina
> >>>> Manager, Software Engineering
> >>>> Red Hat Czech s.r.o.
> >>>
> >>>
> >>>
> >>> --
> >>> Martin Perina
> >>> Manager, Software Engineering
> >>> Red Hat Czech s.r.o.
> >>> ___
> >>> Users mailing list -- users@ovirt.org
> >>> To unsubscribe send an email to users-le...@ovirt.org
> >>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> >>> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> >>> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/GVFSXYLTQKRAVAVXY5ONBN4NRI24ED55/
> >
> >
> >
> > --
> > Martin Perina
> > Manager, Software Engineering
> > Red Hat Czech s.r.o.
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/DKWQJMDQVQRLKYPQTBIPVJM4WZHY2FAY/
>
>
>
> --
> Didi
>
>

-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/KKMGGCID2BPGMCTPHZVDYNJSNNH7Q4F5/


[ovirt-users] Re: [IMPORTANT] Upgrade to postgresql-jdbc-42.2.14-1 breaks oVirt Engine 4.4/4.5

2022-05-11 Thread Martin Perina
Hi,

as mentioned in 4.5.0.8 announcement and Doc Text of
https://bugzilla.redhat.com/show_bug.cgi?id=2077794 postgresql-jdbc >=
42.2.14 is required for ovirt-engine to work properly.

So please remove the exclude, update postgresql-jdbc to the latest and
restart ovirt-engine service.

Martin

On Wed, May 11, 2022 at 4:52 PM Maton, Brett 
wrote:

> Probably worth pointing out that if you (as I did) update to 4.5.0.8 and
> exclude the postgresql-jdbc update you'll wind up with
>
> 500 - Internal Server Error
>
> When you try to login to the admin console again.
>
> On Wed, 11 May 2022 at 13:43, Martin Perina  wrote:
>
>> Hi,
>>
>> oVirt 4.5.0.8 async release has fixed the issue with postgresql-jdbc
>> drivers:
>>
>>
>> https://lists.ovirt.org/archives/list/users@ovirt.org/thread/GAENJ2DPZSDCC276KM5QKUAZE5XPWTRG/
>>
>> So for oVirt 4.5.0.8 you no longer need to exclude postgresql-jdbc >=
>> 42.2.14 package during installation/upgrade.
>>
>> Regards,
>> Martin
>>
>>
>> On Fri, Apr 22, 2022 at 5:35 PM Martin Perina  wrote:
>>
>>> Hi,
>>> Unfortunately we have just found that latest release of
>>> postgresql-jdbc-42.2.14-1 breaks existing oVirt Engine 4.4 and 4.5
>>> installations running on CentOS Stream.
>>> The workaround is to downgrade to previous version, for example
>>> postgresql-jdbc-42.2.3-3 should work fine.
>>>
>>> Here are detailed instructions:
>>>
>>> 1. If you have already upgraded to postgresql-jdbc-42.2.14-1, please
>>> downgrade to previous version:
>>>
>>> $ dnf downgrade postgresql-jdbc
>>> $ systemctl restart ovirt-engine
>>>
>>> 2. If you are going to upgrade your oVirt Engine machine, please exclude
>>> postgresql-jdbc package from upgrades:
>>>
>>> $ dnf update -x postgresql-jdbc
>>>
>>> We have created https://bugzilla.redhat.com/2077794 to track this
>>> issue, but unfortunately we don't have a fix yet.
>>>
>>> Regards,
>>> Martin
>>>
>>> --
>>> Martin Perina
>>> Manager, Software Engineering
>>> Red Hat Czech s.r.o.
>>>
>>
>>
>> --
>> Martin Perina
>> Manager, Software Engineering
>> Red Hat Czech s.r.o.
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/GVFSXYLTQKRAVAVXY5ONBN4NRI24ED55/
>>
>

-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/DKWQJMDQVQRLKYPQTBIPVJM4WZHY2FAY/


[ovirt-users] Re: [IMPORTANT] Upgrade to postgresql-jdbc-42.2.14-1 breaks oVirt Engine 4.4/4.5

2022-05-11 Thread Martin Perina
Hi,

oVirt 4.5.0.8 async release has fixed the issue with postgresql-jdbc
drivers:

https://lists.ovirt.org/archives/list/users@ovirt.org/thread/GAENJ2DPZSDCC276KM5QKUAZE5XPWTRG/

So for oVirt 4.5.0.8 you no longer need to exclude postgresql-jdbc >=
42.2.14 package during installation/upgrade.

Regards,
Martin


On Fri, Apr 22, 2022 at 5:35 PM Martin Perina  wrote:

> Hi,
> Unfortunately we have just found that latest release of
> postgresql-jdbc-42.2.14-1 breaks existing oVirt Engine 4.4 and 4.5
> installations running on CentOS Stream.
> The workaround is to downgrade to previous version, for example
> postgresql-jdbc-42.2.3-3 should work fine.
>
> Here are detailed instructions:
>
> 1. If you have already upgraded to postgresql-jdbc-42.2.14-1, please
> downgrade to previous version:
>
> $ dnf downgrade postgresql-jdbc
> $ systemctl restart ovirt-engine
>
> 2. If you are going to upgrade your oVirt Engine machine, please exclude
> postgresql-jdbc package from upgrades:
>
> $ dnf update -x postgresql-jdbc
>
> We have created https://bugzilla.redhat.com/2077794 to track this issue,
> but unfortunately we don't have a fix yet.
>
> Regards,
> Martin
>
> --
> Martin Perina
> Manager, Software Engineering
> Red Hat Czech s.r.o.
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GVFSXYLTQKRAVAVXY5ONBN4NRI24ED55/


[ovirt-users] Re: upgrade ovirt-engine 4.3 to 4.4. engine.ear problems?

2022-04-27 Thread Martin Perina
On Wed, Apr 27, 2022 at 8:52 AM Yedidyah Bar David  wrote:

> On Wed, Apr 27, 2022 at 9:31 AM Martin Perina  wrote:
> >
> > Hi Ingvar,
> > according to the logs your 4.4 installation doesn't work because you hit
> postgresql-jdbc issue:
> >
> >
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/SBCWNXLFLJBKTA3TFJARE7QCYZQ6QMMH/
>
> Thanks, Martin. Can you please clarify how you understand this, and
> more importantly, add relevant possible errors/warnings/whatever to
> the bug, so that people will find it when searching for them? Thanks.
>

It was just a guess from below error:

2022-04-26 13:52:42,220+02 ERROR [org.jboss.msc.service.fail]
(ServerService Thread Pool -- 51) MSC01: Failed to start service
jboss.deployment.subunit."engine.ear"."bll.jar".component.Backend.START:
org.jboss.msc.service.StartException in service
jboss.deployment.subunit."engine.ear"."bll.jar".component.Backend.START:
java.lang.IllegalStateException: WFLYEE0042: Failed to construct component
instance
2022-04-26 13:52:42,231+02 ERROR
[org.jboss.as.controller.management-operation] (Controller Boot Thread)
WFLYCTL0013: Operation ("deploy") failed - address: ([("deployment" =>
"engine.ear")]) - failure description: {"WFLYCTL0080: Failed services" =>
{"jboss.deployment.subunit.\"engine.ear\".\"bll.jar

and a fact that they tried to upgrade to 4.4 now when there is this
postgresql-jdbc issue.

>
> Also, while we are working on fixing this, perhaps we can temporarily
> make the engine require an older version?
>
> E.g.: https://github.com/oVirt/ovirt-engine/pull/316
>
> Didn't test it.
>

We are still investigating the issue, once we have a complete picture we
will address it


> Best regards,
> --
> Didi
>
>

-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JYYVGLDCDREJQY7COYFQKQBF2754AB2J/


[ovirt-users] Re: upgrade ovirt-engine 4.3 to 4.4. engine.ear problems?

2022-04-27 Thread Martin Perina
gine.ear")
> > 2022-04-26 13:52:42,254+02 INFO  [org.jboss.as.controller] (Controller
> Boot Thread) WFLYCTL0183: Service status report
> > 2022-04-26 13:52:42,564+02 INFO  [org.jboss.as.server] (Controller Boot
> Thread) WFLYSRV0212: Resuming server
> > 2022-04-26 13:52:42,568+02 ERROR [org.jboss.as] (Controller Boot
> Thread) WFLYSRV0026: WildFly Full 23.0.2.Final (WildFly Core 15.0.1.Final)
> started (with errors) in 24096ms - Started 1668 of 1888 services (6
> services failed or missing dependencies, 393 services are lazy, passive or
> on-demand)
> > 2022-04-26 13:52:42,574+02 INFO  [org.jboss.as] (Controller Boot
> Thread) WFLYSRV0060: Http management interface listening on
> http://127.0.0.1:8706/management
> > 2022-04-26 13:52:42,575+02 INFO  [org.jboss.as] (Controller Boot
> Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:8706
>
> I quickly skimmed through the above log snippet, and do not know why
> it fails. Some of your errors/warnings do appear in google. Did you
> try that? Not sure any I noticed are relevant to your case, though.
>
> Please note that oVirt 4.5.0 was released recently and 4.4 is EOL.
>
> Please try again with 4.5.
>
> It should be possible to upgrade via backup/restore directly from 4.3
> to 4.5, no need to go through 4.4:
>
> https://github.com/oVirt/ovirt-engine/pull/244
>
> Last but not least, thanks for a great report, including all relevant
> details right on the start.
>
> Best regards,
> --
> Didi
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/6DZLI2ATFH3GKDD2EW7V5Y5C6MW3SO5G/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/G3GBGXSUSC4N3LM6WXX772A5AO4CYUIK/


[ovirt-users] Re: Notified that Engine's certification is about to expire but no documentation to renew it

2022-04-25 Thread Martin Perina
Hi Guillaume,

to renew host certificates you need to perform following actions in
webadmin or RESTAPI:

1. Move the host to Maintenance status
2. Execute Enroll Certificates for the host
3. Watch Events on the host to see if Enroll Certificates finished
successfully
4. Execute Activate for the host

Regards,
Martin

On Mon, Apr 25, 2022 at 1:46 PM Guillaume Pavese <
guillaume.pav...@interactiv-group.com> wrote:

> Hello
>
> We are receiving the following notifications from our ovirt manager  :
>
> Message:Engine's certification is about to expire at 2022-05-03. Please
> renew the engine's certification.
> Severity:WARNING
>
>
> Effectively :
>
> # openssl x509 -in /etc/pki/ovirt-engine/certs/engine.cer -startdate
> -enddate -noout
> notBefore=Mar 30 04:48:15 2021 GMT
> notAfter=May  3 04:48:15 2022 GMT
>
>
> However I can not find any documentation on how to renew this certificate.
> The following doc only convers changing apache-ca.pem & apache.cer, and
> not engine.cer
>
> Doc oVirt :
> https://ovirt.org/documentation/administration_guide/index.html#Replacing_the_Manager_CA_Certificate
> Doc RHV :
> https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/administration_guide/index#Replacing_the_Manager_CA_Certificate
>
>
> Any help ?
>
> Guillaume Pavese
> Ingénieur Système et Réseau
> Interactiv-Group
>
> Ce message et toutes les pièces jointes (ci-après le “message”) sont
> établis à l’intention exclusive de ses destinataires et sont confidentiels.
> Si vous recevez ce message par erreur, merci de le détruire et d’en avertir
> immédiatement l’expéditeur. Toute utilisation de ce message non conforme a
> sa destination, toute diffusion ou toute publication, totale ou partielle,
> est interdite, sauf autorisation expresse. L’internet ne permettant pas
> d’assurer l’intégrité de ce message . Interactiv-group (et ses filiales)
> décline(nt) toute responsabilité au titre de ce message, dans l’hypothèse
> ou il aurait été modifié. IT, ES, UK.
> <https://interactiv-group.com/disclaimer.html>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/HWHBRHZDCHKRTMV7SK63URREVPHIZQTI/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ROJDGIDLQRMQ6E7HQINUVATYDPLR65QI/


[ovirt-users] Re: Error 500 on Hosted Engine admin portal!!!

2022-04-24 Thread Martin Perina
Hi Patrick,

Most probably you hit postgresl-jdbc version problem:

https://lists.ovirt.org/archives/list/users@ovirt.org/thread/SBCWNXLFLJBKTA3TFJARE7QCYZQ6QMMH/

Please let us know if above workaround won't help.

Thanks,
Martin


On Sat, 23 Apr 2022, 22:32 Patrick Lomakin, 
wrote:

> Hi everyone! Did the oVirt team check the 4.5 update before release? I've
> update my production latest 4.4.10 version and get Error 500 on admin page.
> Clean installation on another bare-metal node using Ovirt Node 4.5 and
> hosted-engine console setup (installing through the web installer several
> versions of Ovirt traditionally makes the connection break and disconnects
> access to the host by means of the IP address) get an error 500 after
> healthcheck. What I will do in this situation?
> Httpd log:
> [Sat Apr 23 15:54:59.826076 2022] [core:notice] [pid 1526:tid
> 140201844767040] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
> [Sat Apr 23 15:55:05.685872 2022] [proxy:error] [pid 2125:tid
> 140201102243584] (111)Connection refused: AH00957: AJP: attempt to connect
> to 127.0.0.1:8702 (127.0.0.1) failed
> [Sat Apr 23 15:55:05.685924 2022] [proxy_ajp:error] [pid 2125:tid
> 140201102243584] [client 192.168.0.14:43194] AH00896: failed to make
> connection to backend: 127.0.0.1
> [Sat Apr 23 15:55:15.831754 2022] [proxy:error] [pid 2125:tid
> 140201110636288] (111)Connection refused: AH00957: AJP: attempt to connect
> to 127.0.0.1:8702 (127.0.0.1) failed
> [Sat Apr 23 15:55:15.831811 2022] [proxy_ajp:error] [pid 2125:tid
> 140201110636288] [client 192.168.0.14:43196] AH00896: failed to make
> connection to backend: 127.0.0.1
> [Sat Apr 23 16:21:57.720678 2022] [proxy:error] [pid 7761:tid
> 140200894203648] (111)Connection refused: AH00957: AJP: attempt to connect
> to 127.0.0.1:8702 (127.0.0.1) failed
> [Sat Apr 23 16:21:57.720745 2022] [proxy_ajp:error] [pid 7761:tid
> 140200894203648] [client 192.168.0.14:43516] AH00896: failed to make
> connection to backend: 127.0.0.1
> [Sat Apr 23 16:30:57.738971 2022] [proxy:error] [pid 7761:tid
> 140200877418240] (111)Connection refused: AH00957: AJP: attempt to connect
> to 127.0.0.1:8702 (127.0.0.1) failed
> [Sat Apr 23 16:30:57.739043 2022] [proxy_ajp:error] [pid 7761:tid
> 140200877418240] [client 192.168.0.14:43640] AH00896: failed to make
> connection to backend: 127.0.0.1
> [Sat Apr 23 16:32:27.838795 2022] [proxy:error] [pid 7761:tid
> 140200978130688] (111)Connection refused: AH00957: AJP: attempt to connect
> to 127.0.0.1:8702 (127.0.0.1) failed
> [Sat Apr 23 16:32:27.838881 2022] [proxy_ajp:error] [pid 7761:tid
> 140200978130688] [client 192.168.0.14:43658] AH00896: failed to make
> connection to backend: 127.0.0.1
> [Sat Apr 23 16:37:49.357585 2022] [core:notice] [pid 1497:tid
> 139855753558336] SELinux policy enabled; httpd running as context
> system_u:system_r:httpd_t:s0
> [Sat Apr 23 16:37:49.361573 2022] [suexec:notice] [pid 1497:tid
> 139855753558336] AH01232: suEXEC mechanism enabled (wrapper:
> /usr/sbin/suexec)
> [Sat Apr 23 16:37:49.388188 2022] [so:warn] [pid 1497:tid 139855753558336]
> AH01574: module proxy_module is already loaded, skipping
> [Sat Apr 23 16:37:49.391763 2022] [lbmethod_heartbeat:notice] [pid
> 1497:tid 139855753558336] AH02282: No slotmem from mod_heartmonitor
> [Sat Apr 23 16:37:49.399281 2022] [mpm_event:notice] [pid 1497:tid
> 139855753558336] AH00489: Apache/2.4.37 (centos) OpenSSL/1.1.1k
> mod_auth_gssapi/1.6.1 mod_wsgi/4.6.4 Python/3.6 configured -- resuming
> normal operations
> [Sat Apr 23 16:37:49.399320 2022] [core:notice] [pid 1497:tid
> 139855753558336] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
> [Sat Apr 23 23:20:37.254289 2022] [proxy:error] [pid 6183:tid
> 139854109198080] (111)Connection refused: AH00957: AJP: attempt to connect
> to 127.0.0.1:8702 (127.0.0.1) failed
> [Sat Apr 23 23:20:37.254354 2022] [proxy_ajp:error] [pid 6183:tid
> 139854109198080] [client 192.168.0.13:52982] AH00896: failed to make
> connection to backend: 127.0.0.1
>
> server.log:
> 2022-04-23 16:38:20,655+03 ERROR
> [org.jboss.as.controller.management-operation] (Controller Boot Thread)
> WFLYCTL0013: Operation ("deploy") failed - address: ([("deployment" =>
> "engine.ear")]) - failure description: {"WFLYCTL0080: Failed services" =>
> {"jboss.deployment.subunit.\"engine.ear\".\"bll.jar\".component.Backend.START"
> => "java.lang.IllegalStateException: WFLYEE0042: Failed to construct
> component instance
> 2022-04-23 16:38:20,752+03 ERROR [org.jboss.as] (Controller Boot Thread)
> WFLYSRV0026: WildFly Full 24.0.1.Final (WildFly Core 16.0.1.Final) started
> (with errors) in 22155ms - Started 1670 of 1890 services (6 services failed
> or missing dependencies, 393 services are lazy, passive or on-demand)
> 2022-04-23 23:20:50,622+03 ERROR [org.jboss.msc.service.fail]
> (ServerService Thread Pool -- 47) MSC01: Failed to start service
> jboss.deployment.subunit."engine.ear"."bll.jar".component.Backend.START:
> 

[ovirt-users] Re: Deployment suddenly fails at engine check

2022-04-22 Thread Martin Perina
Hi,

Could you please check if you are not hit by the new postgresql-jdbc
package issue?

https://lists.ovirt.org/archives/list/users@ovirt.org/thread/SBCWNXLFLJBKTA3TFJARE7QCYZQ6QMMH/

Thanks,
Martin


On Fri, Apr 22, 2022 at 7:38 PM Harry O  wrote:

> Hi,
> After the new update, my deployment fails at engine check.
> What can I do to debug?
>
> [ INFO ] skipping: [localhost]
> [ INFO ] TASK [ovirt.ovirt.engine_setup : Check if Engine health page is
> up]
> [ ERROR ] fatal: [localhost -> 192.168.222.12]: FAILED! => {"attempts":
> 30, "changed": false, "connection": "close", "content":
> "Error500 - Internal Server
> Error", "content_encoding": "identity", "content_length":
> "86", "content_type": "text/html; charset=UTF-8", "date": "Fri, 22 Apr 2022
> 16:02:04 GMT", "elapsed": 0, "msg": "Status code was 500 and not [200]:
> HTTP Error 500: Internal Server Error", "redirected": false, "server":
> "Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1 mod_wsgi/4.6.4
> Python/3.6", "status": 500, "url": "
> http://localhost/ovirt-engine/services/health"}
> [ INFO ] TASK [ovirt.ovirt.engine_setup : Clean temporary files]
> [ INFO ] changed: [localhost -> 192.168.222.12]
> [ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Sync on engine machine]
> [ INFO ] changed: [localhost -> 192.168.222.12]
> [ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Set destination directory
> path]
> [ INFO ] ok: [localhost]
> [ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Create destination
> directory]
> [ INFO ] changed: [localhost]
> [ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : include_tasks]
> [ INFO ] ok: [localhost]
> [ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Find the local appliance
> image]
> [ INFO ] ok: [localhost]
> [ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Set local_vm_disk_path]
> [ INFO ] ok: [localhost]
> [ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Give the vm time to flush
> dirty buffers]
> [ INFO ] ok: [localhost]
> [ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Copy engine logs]
> [ INFO ] changed: [localhost]
> [ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Notify the user about a
> failure]
> [ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg": "There
> was a failure deploying the engine on the local engine VM. The system may
> not be provisioned according to the playbook results: please check the logs
> for the issue, fix accordingly or re-deploy from scratch.\n"}
> _______
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/MDMO5CPVXFBXJPQYIL3FFNB4FVNSCLYJ/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/2DFJKFRTU2DXOXDBUM32KLQJEXGQQ6EZ/


[ovirt-users] [IMPORTANT] Upgrade to postgresql-jdbc-42.2.14-1 breaks oVirt Engine 4.4/4.5

2022-04-22 Thread Martin Perina
Hi,
Unfortunately we have just found that latest release of
postgresql-jdbc-42.2.14-1 breaks existing oVirt Engine 4.4 and 4.5
installations running on CentOS Stream.
The workaround is to downgrade to previous version, for example
postgresql-jdbc-42.2.3-3 should work fine.

Here are detailed instructions:

1. If you have already upgraded to postgresql-jdbc-42.2.14-1, please
downgrade to previous version:

$ dnf downgrade postgresql-jdbc
$ systemctl restart ovirt-engine

2. If you are going to upgrade your oVirt Engine machine, please exclude
postgresql-jdbc package from upgrades:

$ dnf update -x postgresql-jdbc

We have created https://bugzilla.redhat.com/2077794 to track this issue,
but unfortunately we don't have a fix yet.

Regards,
Martin

-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SBCWNXLFLJBKTA3TFJARE7QCYZQ6QMMH/


[ovirt-users] Re: vdsm hook after node upgrade

2022-04-13 Thread Martin Perina
Hi,

I'm not aware of any changes regarding hooks in 4.4.9. The last significant
change has been done in 4.4.7, where VDSM hooks are no longer included in
node by default and if really needed they could be installed manually:

https://bugzilla.redhat.com/show_bug.cgi?id=1947450
https://www.ovirt.org/release/4.4.7/

So are your hosts oVirt Node based or standard EL8 based hosts (for example
CentOS Stream 8)?

Regards,
Martin


On Wed, Apr 13, 2022 at 7:58 AM Nathanaël Blanchet  wrote:

> I've opened an issue on GitHub, but is it the new official way to declare
> issues against bugzilla?
> Le 12 avr. 2022 16:16, Nir Soffer a écrit :
>
>
> On Tue, Apr 12, 2022 at 5:06 PM Nathanaël Blanchet 
> wrote:
> > I've upgraded my hosts from 4.4.9 to 4.4.10 and none of my vdsm hooks
> > are present anymore... i believed those additionnal personnal data were
> > persistent across update...
>
> If you think this is a bug, please file a vdsm bug for this:
> https://github.com/oVirt/vdsm/issues
>
> Nir
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/UN77CSHAWDL5BS5LKU6MJHCOOUTMMMZZ/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/NDKIODYGGOFFCMCJ3UGZCSIQERBXKUEP/


[ovirt-users] Re: Enroll Host Certificate

2022-03-29 Thread Martin Perina
On Tue, Mar 29, 2022 at 5:43 AM dlotarev--- via Users 
wrote:

> Hi there! I have a problem to enroll host certificate.
>

Hi,

Enroll certificate function re-enrolls certificates only hosts. If your
engine certificate is going to expire, then you need to run engine-setup to
renew engine certificate.

Regards,
Martin


> The steps that I took:
> 1) Move host to maintenance mode (all VMs transferred to another host
> including HE VM)
> 2) Enroll certificate via web interface without errors
> 3) Exit from maintenance mode (transferred all VMs back including HE VM)
> 4) Restart ovirt-engine service
>
> But my problem that after 6 hours i get message from oVirt engine notifier
> that my certificate expired soon.
> I know that my oVirt installation is old (4.1.9), but what can i do with
> that? Maybe i missed something. I didn't reboot the host after renewing the
> certificate
>
> Thank you for any advice!
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/RJYOYBINZYBMJMIZMWKP5PKMIYBWT6WL/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/E7PHLH3452ZMQHJU5FSZ5ZAEZL5RVHA5/


[ovirt-users] Re: dnf update fails with oVirt 4.4 on centos 8 stream due to ansible package conflicts.

2022-03-25 Thread Martin Perina
e-core > 2.11.0 provided by
> >>>ansible-core-2.12.2-2.el8.x86_64
> >>>  - package ansible-core-2.12.2-2.el8.x86_64
> >>>obsoletes ansible < 2.10.0 provided by
> >>>ansible-2.9.27-2.el8.noarch
> >>>  - package ansible-core-2.12.2-2.el8.x86_64
> >>>obsoletes ansible < 2.10.0 provided by
> >>>ansible-2.9.27-1.el8.noarch
> >>>  - package ansible-core-2.12.2-2.el8.x86_64
> >>>obsoletes ansible < 2.10.0 provided by
> >>>ansible-2.9.17-1.el8.noarch
> >>>  - package ansible-core-2.12.2-2.el8.x86_64
> >>>obsoletes ansible < 2.10.0 provided by
> >>>ansible-2.9.18-2.el8.noarch
> >>>  - package ansible-core-2.12.2-2.el8.x86_64
> >>>obsoletes ansible < 2.10.0 provided by
> >>>ansible-2.9.20-2.el8.noarch
> >>>  - package ansible-core-2.12.2-2.el8.x86_64
> >>>obsoletes ansible < 2.10.0 provided by
> >>>ansible-2.9.21-2.el8.noarch
> >>>  - package ansible-core-2.12.2-2.el8.x86_64
> >>>obsoletes ansible < 2.10.0 provided by
> >>>ansible-2.9.23-2.el8.noarch
> >>>  - package ansible-core-2.12.2-2.el8.x86_64
> >>>obsoletes ansible < 2.10.0 provided by
> >>>ansible-2.9.24-2.el8.noarch
> >>>  - cannot install the best update candidate for
> >>>package cockpit-ovirt-dashboard-0.15.1-1.el8.noarch
> >>>  - cannot install the best update candidate for
> >>>package ansible-2.9.27-2.el8.noarch
> >>>  - package ansible-2.9.20-1.el8.noarch is filtered
> >>>out by exclude filtering
> >>>  - package ansible-2.9.16-1.el8.noarch is filtered
> >>>out by exclude filtering
> >>>  - package ansible-2.9.19-1.el8.noarch is filtered
> >>>out by exclude filtering
> >>>  - package ansible-2.9.23-1.el8.noarch is filtered
> >>>out by exclude filtering
> >>>(try to add '--allowerasing' to command line to
> >>>replace conflicting packages or '--skip-broken' to
> >>>skip uninstallable packages or '--nobest' to use not
> >>>only best candidate packages)
> >>>
> >>>cockpit-ovirt-dashboard.noarch is at 0.15.1-1.el8,
> >>>and it looks like that conflicting ansible-core
> >>>package was added to the 8-stream repo two days ago.
> >>>That's when I first noticed the issue, but I it
> >>>might be older. When the eariler issues with the
> >>>centos 8 deprecation happened, I had swapped out the
> >>>repos on some of these hosts for the new ones, and
> >>>have since added new hosts as well, using the
> >>>updated repos. Both hosts that had been moved from
> >>>the old repos, and ones created with the new repos
> >>>are experienceing this issue.
> >>>
> >>>ansible-core is being pulled from the centos 8
> >>>stream AppStream repo, and the ansible package that
> >>>cockpit-ovirt-dashboard.noarch is trying to use as a
> >>>dependency is comming from ovirt-4.4-centos-ovirt44
> >>>
> >>>I'm tempted to blacklist ansible-core in my dnf
> >>>conf, but that seems like a hacky work-around and
> >>>not the actual fix here.
> >>>Thanks,
> >>>Dan
> >>>___
> >>>Users mailing list -- users@ovirt.org
> >>>To unsubscribe send an email to
> >>>users-le...@ovirt.org
> >>>Privacy Statement:
> >>>https://www.ovirt.org/privacy-policy.html
> >>>oVirt Code of Conduct:
> >>> https://www.ovirt.org/community/about/community-guidelines/
> >>>List
> >>> Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/3N4ZO6LXNOQNQ
> >>>    U5HHDGNOZHDSO4IBGFF/
> >>>
> >>>
> >>>  ___
> >>>  Users mailing list -- users@ovirt.org
> >>>  To unsubscribe send an email to users-le...@ovirt.org
> >>

[ovirt-users] Re: Cluster and datacenter compatibility levels

2022-02-14 Thread Martin Perina
Hi Colin,

you can take a look at below archived message if you are interested in
features bound to specific cluster level:

https://lists.ovirt.org/archives/list/de...@ovirt.org/message/QJRYA4FKX64DMIF4VPW5VU4APN3KULX5/

Regards,
Martin

On Tue, Feb 15, 2022 at 1:02 AM Colin Coe  wrote:

> Hi all
>
> I'm looking for a definitive answer on what each compatibility level means.
>
> Specifically, I'm looking for:
> - new features
> - deprecated features
> - removed features
>
> We're on 4.3 so I'm looking for the info above on 4.4, 4.5 and 4.6
>
> My main motivation is to ensure we don't lose SPICE support.
>
> We actually use RHV and I logged a case with Red Hat GSS but couldn't get
> the info I was after.
>
> Thanks
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/XFBSQGS6G4J432MQ53SHTD2K4ZCC5IC5/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/KY6XETEADPLFJBIMNLM2QP4BVFBQJI4Z/


[ovirt-users] Re: Cannot log into oVirt Manager - certificate issue

2022-02-07 Thread Martin Perina
On Mon, Feb 7, 2022 at 3:09 PM Gilboa Davara  wrote:

>
>
> On Mon, Feb 7, 2022 at 4:03 PM Martin Perina  wrote:
>
>>
>>
>> On Mon, Feb 7, 2022 at 12:33 PM Gilboa Davara  wrote:
>>
>>> Hello,
>>>
>>> On Mon, Feb 7, 2022 at 8:45 AM Yedidyah Bar David 
>>> wrote:
>>>
>>>> On Sun, Feb 6, 2022 at 5:09 PM Gilboa Davara  wrote:
>>>> >
>>>> > Unlike my predecessor, I not only lost my vmengine, I also lost the
>>>> vdsm services on all hosts.
>>>> > All seem to be hitting the same issue - read, the certs under
>>>> /etc/pki/vdsm/certs and /etc/pki/ovirt* all expired a couple of days ago.
>>>> > As such, the hosted engine cannot go into global maintenance mode,
>>>>
>>>> What do you mean by that? What happens if you 'hosted-engine
>>>> --set-maintenance --mode=global'?
>>>>
>>>
>>> Failed, stating the cluster is not in global maintenance mode.
>>> (Understandable, given two of 3 hosts were offline due to certificate
>>> issues...)
>>>
>>>
>>>
>>>>
>>>> > preventing engine-setup --offline from running.
>>>>
>>>> Actually just a few days ago I pushed a patch for:
>>>>
>>>> https://bugzilla.redhat.com/show_bug.cgi?id=1700460
>>>>
>>>> But:
>>>>
>>>> If you really have a problem that you can't set global maintenance,
>>>> using this is a risk - HA might intervene in the middle and shutdown
>>>> the VM. So either make sure global maintenance does work, or stop
>>>> all HA services on all hosts.
>>>>
>>>> > Two questions:
>>>> > 1. Is there any automated method to renew the vdsm certificates?
>>>>
>>>> You mean, without an engine?
>>>>
>>>> I think that if you have a functional engine one way or another,
>>>> you can automate this somehow, didn't check. Try checking e.g. the
>>>> python sdk examples - there might be there something you can base
>>>> on.
>>>>
>>>> > 2. Assuming the previous answer is "no", assuming I'm somewhat versed
>>>> in using openssl, how can I manually renew them?
>>>>
>>>> I'd rather not try to invent from memory how this is supposed to work,
>>>> and doing this methodically and verifying before replying is quite
>>>> an effort.
>>>>
>>>> If this is really what you want, I suggest something like:
>>>>
>>>> 1. Set up a test env with an engine and one host
>>>> 2. Backup (or use git on) /etc on both
>>>> 3. Renew the host cert from the UI
>>>> 4. Check what changed
>>>>
>>>> You should find, IMO, that the key(s) on the host didn't
>>>> change. I guess you might also find CSRs on one or both of them.
>>>> So basically it should be something like:
>>>> 1. Create a CSR on the host for the existing key (one or more,
>>>> not sure).
>>>> 2. Copy and sign this on the engine using pki-enroll-request.sh
>>>> (I think you can find examples for it scattered around, perhaps
>>>> even in the main guides)
>>>> 3. Copy back the generated certs to the host
>>>> 4. Perhaps restart one or more services there (vdsm, imageio?,
>>>> ovn, etc.)
>>>>
>>>> You can check the code in
>>>> /usr/share/ovirt-engine/ansible-runner-service-project/project
>>>> to see how it's done when initiated from the UI.
>>>>
>>>> Good luck and best regards,
>>>>
>>>
>>> I more of less found a document stating the above somewhere in the
>>> middle of the night.
>>> Tried it.
>>> Got the WebUI working again.
>>> However, for the life of me I couldn't get the hosts to work to talk to
>>> the engine. (Even though I could use openssl s_client -showcerts -connect
>>> host and got valid certs).
>>> In the end, @around ~4am, I decided to take the brute force route, clean
>>> the hosts, upgrade them to -streams, and redeploy the engine again (3'rd
>>> attempt, after sufficient amount of coffee reminded me the qemu-6.1 is
>>> broken, and needed to be downgraded before trying to deploy the HE...).
>>> Either way, when I finish importing the VMs, I'll open a RFE to add
>>> BIG-WARNING-IN-BOLD-LETTERS in the WebUI to notify the admin that the
>>> certifica

[ovirt-users] Re: Cannot log into oVirt Manager - certificate issue

2022-02-07 Thread Martin Perina
On Mon, Feb 7, 2022 at 12:33 PM Gilboa Davara  wrote:

> Hello,
>
> On Mon, Feb 7, 2022 at 8:45 AM Yedidyah Bar David  wrote:
>
>> On Sun, Feb 6, 2022 at 5:09 PM Gilboa Davara  wrote:
>> >
>> > Unlike my predecessor, I not only lost my vmengine, I also lost the
>> vdsm services on all hosts.
>> > All seem to be hitting the same issue - read, the certs under
>> /etc/pki/vdsm/certs and /etc/pki/ovirt* all expired a couple of days ago.
>> > As such, the hosted engine cannot go into global maintenance mode,
>>
>> What do you mean by that? What happens if you 'hosted-engine
>> --set-maintenance --mode=global'?
>>
>
> Failed, stating the cluster is not in global maintenance mode.
> (Understandable, given two of 3 hosts were offline due to certificate
> issues...)
>
>
>
>>
>> > preventing engine-setup --offline from running.
>>
>> Actually just a few days ago I pushed a patch for:
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=1700460
>>
>> But:
>>
>> If you really have a problem that you can't set global maintenance,
>> using this is a risk - HA might intervene in the middle and shutdown
>> the VM. So either make sure global maintenance does work, or stop
>> all HA services on all hosts.
>>
>> > Two questions:
>> > 1. Is there any automated method to renew the vdsm certificates?
>>
>> You mean, without an engine?
>>
>> I think that if you have a functional engine one way or another,
>> you can automate this somehow, didn't check. Try checking e.g. the
>> python sdk examples - there might be there something you can base
>> on.
>>
>> > 2. Assuming the previous answer is "no", assuming I'm somewhat versed
>> in using openssl, how can I manually renew them?
>>
>> I'd rather not try to invent from memory how this is supposed to work,
>> and doing this methodically and verifying before replying is quite
>> an effort.
>>
>> If this is really what you want, I suggest something like:
>>
>> 1. Set up a test env with an engine and one host
>> 2. Backup (or use git on) /etc on both
>> 3. Renew the host cert from the UI
>> 4. Check what changed
>>
>> You should find, IMO, that the key(s) on the host didn't
>> change. I guess you might also find CSRs on one or both of them.
>> So basically it should be something like:
>> 1. Create a CSR on the host for the existing key (one or more,
>> not sure).
>> 2. Copy and sign this on the engine using pki-enroll-request.sh
>> (I think you can find examples for it scattered around, perhaps
>> even in the main guides)
>> 3. Copy back the generated certs to the host
>> 4. Perhaps restart one or more services there (vdsm, imageio?,
>> ovn, etc.)
>>
>> You can check the code in
>> /usr/share/ovirt-engine/ansible-runner-service-project/project
>> to see how it's done when initiated from the UI.
>>
>> Good luck and best regards,
>>
>
> I more of less found a document stating the above somewhere in the middle
> of the night.
> Tried it.
> Got the WebUI working again.
> However, for the life of me I couldn't get the hosts to work to talk to
> the engine. (Even though I could use openssl s_client -showcerts -connect
> host and got valid certs).
> In the end, @around ~4am, I decided to take the brute force route, clean
> the hosts, upgrade them to -streams, and redeploy the engine again (3'rd
> attempt, after sufficient amount of coffee reminded me the qemu-6.1 is
> broken, and needed to be downgraded before trying to deploy the HE...).
> Either way, when I finish importing the VMs, I'll open a RFE to add
> BIG-WARNING-IN-BOLD-LETTERS in the WebUI to notify the admin that the
> certificates are about to expire.
>

We already have quite a lot of warnings/alters about certificates which are
going to expire soon:

https://lists.ovirt.org/archives/list/users@ovirt.org/message/TMJVAJMH5MKUVRTSZG2BB46QKXYI6M2D/

So what exactly are you missing here?

>
> Thanks for the help!
>
> - Gilboa
>
>
>
>> --
>> Didi
>>
>> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/CGSAB7NPWWOYON6WXIRJXPZASVWCPQJT/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/NIADZITDXMMR2IZFP4ZAEICOZESPDDFI/


[ovirt-users] Re: Ignore CPU_TYPE_UNSUPPORTED_IN_THIS_CLUSTER_VERSION ?

2022-02-02 Thread Martin Perina
On Wed, Feb 2, 2022 at 12:11 PM Richard W.M. Jones 
wrote:

> On Wed, Feb 02, 2022 at 11:07:21AM +0100, Martin Perina wrote:
> > You cannot mix AMD and Intel processors in a cluster. So if you have an
> AMD
> > based host, then you need to add it to AMD cluster only
>
> I have two VMs - one for engine and one for node.  They are both
> running on the same physical host (using KVM).
>
> > AMD EPYC support is available from 4.3 cluster level, so it should
> definitely
> > be available in the latest 4.6 CL
>
> I'm more confused here.  I'm running what I believe to be the latest
> oVirt engine (4.4.10.6-1.el8).
>
> There are no AMD CPUs offered for cluster CPU type, only Intel CPUs:
>
> Intel Nehalem Family
> Secure Intel Nehalem Family
> Intel Westmere Family
> Secure Intel Westmere Family
> Intel Sandybridge Family
>
> (that's the complete list)
>

Lucia, any ideas?

>
> Rich.
>
> --
> Richard Jones, Virtualization Group, Red Hat
> http://people.redhat.com/~rjones
> Read my programming and virtualization blog: http://rwmj.wordpress.com
> virt-p2v converts physical machines to virtual machines.  Boot with a
> live CD or over the network (PXE) and turn machines into KVM guests.
> http://libguestfs.org/virt-v2v
>
>

-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZDX2SW4WP3CWPZ7T7LUTO7MZ22Z6BABL/


[ovirt-users] Re: Ignore CPU_TYPE_UNSUPPORTED_IN_THIS_CLUSTER_VERSION ?

2022-02-02 Thread Martin Perina
You cannot mix AMD and Intel processors in a cluster. So if you have an AMD
based host, then you need to add it to AMD cluster only

AMD EPYC support is available from 4.3 cluster level, so it should
definitely be available in the latest 4.6 CL

On Wed, Feb 2, 2022 at 10:24 AM Richard W.M. Jones 
wrote:

> On Tue, Feb 01, 2022 at 08:45:51PM +0100, Martin Perina wrote:
> >
> >
> > On Tue, Feb 1, 2022 at 8:27 PM Richard W.M. Jones 
> wrote:
> >
> >
> > 2022-02-01 19:05:01,952Z ERROR
> >
>  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> >
>  (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-19)
> > [330886aa] EVENT_ID:
> CPU_TYPE_UNSUPPORTED_IN_THIS_CLUSTER_VERSION(156),
> > Host ovirt4410-host moved to Non-Operational state as host CPU type
> is not
> > supported in this cluster compatibility version or is not supported
> at all
> >
> > The host is a nested VM running on old hardware.  I don't care that
> > it's not supported - this is just for testing copying and it'll
> > literally never even need to run a VM.
> >
> > Is there a way to ignore this and continue?
> >
> >
> > Hi,
> >
> > You need to create a custom DC and a cluster with lower
> > compatibility level to be able to use older CPUs.
> >
> > You can take a look at supported CPUs for each cluster level using
> > ServerCPUList config option:
> >
> >
> https://github.com/oVirt/ovirt-engine/blob/master/packaging/dbscripts/upgrade/pre_upgrade/_config.sql#L1125
>
> OK that operation is underway.  I selected CPU type "Nehalem", that
> being an ancient Intel CPU.  The hardware is AMD and there were no AMD
> options.  I'll see if it installs anyway.
>
> > What is your hypervisor CPU?
>
> The oVirt host is a VM with an interesting choice of guest CPU now I
> look at it:
>
> processor : 0
> vendor_id : AuthenticAMD
> cpu family  : 23
> model : 49
> model name: AMD EPYC-Rome Processor
> stepping  : 0
> microcode : 0x165
> cpu MHz : 3792.872
> cache size  : 512 KB
> physical id : 0
> siblings : 1
> core id: 0
> cpu cores  : 1
> apicid   : 0
> initial apicid : 0
> fpu: yes
> fpu_exception  : yes
> cpuid level: 13
> wp : yes
> flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
> mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext fxsr_opt
> pdpe1gb rdtscp lm rep_good nopl cpuid extd_apicid tsc_known_freq pni
> pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt
> tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm cmp_legacy
> cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw topoext perfctr_core
> ssbd ibpb stibp vmmcall fsgsbase tsc_adjust bmi1 avx2 smep bmi2 rdseed adx
> smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 xsaves clzero
> xsaveerptr wbnoinvd arat umip rdpid arch_capabilities
> bugs   : sysret_ss_attrs spectre_v1 spectre_v2
> spec_store_bypass
> bogomips   : 7585.74
> TLB size   : 1024 4K pages
> clflush size   : 64
> cache_alignment: 64
> address sizes  : 40 bits physical, 48 bits virtual
> power management:
>
> --- and hypervisor CPU:
>
> processor  : 23
> vendor_id  : AuthenticAMD
> cpu family : 23
> model: 113
> model name   : AMD Ryzen 9 3900X 12-Core Processor
> stepping : 0
> microcode: 0x8701013
> cpu MHz: 2200.000
> cache size : 512 KB
> physical id: 0
> siblings : 24
> core id: 14
> cpu cores  : 12
> apicid   : 29
> initial apicid : 29
> fpu: yes
> fpu_exception  : yes
> cpuid level: 16
> wp : yes
> flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
> mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt
> pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid
> aperfmperf rapl pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe
> popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy
> abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt tce topoext
> perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb cat_l3 cdp_l3
> hw_pstate ssbd mba ibpb stibp vmmcall fsgsbase bmi1 avx2 smep bmi2 cqm
> rdt_a rdseed adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 xsaves
> cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local clzero irperf xsaveerptr
> rdpru wbnoinvd arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean
> flushbyasid decodeassists pausefilter pfthre

[ovirt-users] Re: Ignore CPU_TYPE_UNSUPPORTED_IN_THIS_CLUSTER_VERSION ?

2022-02-01 Thread Martin Perina
On Tue, Feb 1, 2022 at 8:27 PM Richard W.M. Jones  wrote:

>
> 2022-02-01 19:05:01,952Z ERROR
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-19)
> [330886aa] EVENT_ID: CPU_TYPE_UNSUPPORTED_IN_THIS_CLUSTER_VERSION(156),
> Host ovirt4410-host moved to Non-Operational state as host CPU type is not
> supported in this cluster compatibility version or is not supported at all
>
> The host is a nested VM running on old hardware.  I don't care that
> it's not supported - this is just for testing copying and it'll
> literally never even need to run a VM.
>
> Is there a way to ignore this and continue?
>

Hi,
You need to create a custom DC and a cluster with lower compatibility level
to be able to use older CPUs.
You can take a look at supported CPUs for each cluster level using
ServerCPUList config option:

https://github.com/oVirt/ovirt-engine/blob/master/packaging/dbscripts/upgrade/pre_upgrade/_config.sql#L1125

What is your hypervisor CPU?

Regards,
Martin


> Rich.
>
> --
> Richard Jones, Virtualization Group, Red Hat
> http://people.redhat.com/~rjones
> Read my programming and virtualization blog: http://rwmj.wordpress.com
> libguestfs lets you edit virtual machines.  Supports shell scripting,
> bindings from many languages.  http://libguestfs.org
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/NOLWZUDPZMEAJYMNOV75QKQ42BQRQV4B/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/LJLXTRLNBG5ER6BSHZKZRMVY26LLN5DI/


[ovirt-users] Re: how to search event not matching a user

2022-01-31 Thread Martin Perina
On Mon, Jan 31, 2022 at 2:00 PM Gianluca Cecchi 
wrote:

> Hello,
> every event in Advanced view has a field "User".
> I'm trying to compose a search in web admin of events with user different
> from myuser@internal
> It seems I'm not able to get what I want.
>
> I also tried to base attempts on an old 2019 thread (on 4.3.6) where this
> queries worked:
>
> Disks: name=engine* or name=host*
> Disks: alias=engine* or alias=host*
>
> but now on 4.4.8 gives nothing even if matched.
> Any hint and also documentation reference about the correct syntax to use
> in 4.4.x?
>

Eli, could you please take a look?

>
> Thanks,
> Gianluca
>
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/HIEPT4HR7AUP5TKBUPOVLI6IPAZIECS2/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7IYYPHQEQBBNBKZCCE47JW6UDAR7J4I7/


[ovirt-users] Re: How-to get oVirt host certificated date

2022-01-14 Thread Martin Perina
On Thu, Jan 13, 2022 at 4:53 PM Sandro Bonazzola 
wrote:

>
>
> Il giorno gio 13 gen 2022 alle ore 15:34 Konstantin Shalygin <
> k0...@k0ste.ru> ha scritto:
>
>> > It's possible to get, may be from Postgres, the host certificate date?
>> > Engine run this check sometimes, but trigger this check seems impossible
>>
>> Anybody?
>> @Sandro please help
>>
>> engine make check once per day and print to logs
>> How can we run a manual check or see info in PostgreSQL database? This is
>> required because the days until the end of the certificate's life expire,
>> waiting for the next day in order to understand the result of deploying a
>> new certificate is a strange situation
>>
>
> Maybe @Martin Perina  can assist?
>
> Hi,

host certificates are not saved anywhere in the engine database, you need
to go to the host itself to find out the expiration date. There are 2
options:

1. Directly on the host after connecting via SSH you can run below
# openssl x509 -text -noout -in /etc/pki/vdsm/certs/vdsmcert.pem | grep
-A2 Validity

2. Remotely using openssl you can run below
# openssl s_client -showcerts -connect :54321 | openssl x509
-text -noout | grep -A2 Validity


ovirt-engine performs certificate checks every day (can be configured using
engine-config option CertificationValidityCheckTimeInHours) and it checks
not only hosts certificates, but also the engine certificate and the engine
CA certificate. This check produces following records in ovirt-engine audit
log:

1. If the certificate has already expired then below audit log ALERT is
created depending on the type of certificate
- *Host ${VdsName} certification has expired at ${ExpirationDate}.
Please renew the host's certification.*
- *Engine's certification has expired at ${ExpirationDate}. Please
renew the engine's certification.*
- *Engine's CA certification has expired at ${ExpirationDate}.*

2. If the certificate is going to expire in less than 7 days, then below
audit log ALERT is created depending on the type of certificate
- *Host ${VdsName} certification is about to expire at
${ExpirationDate}. Please renew the host's certification.*
- *Engine's certification is about to expire at ${ExpirationDate}.
Please renew the engine's certification.*
- *Engine's CA certification is about to expire at ${ExpirationDate}.*

3. If the certificate is going to expire in less than 30 days, then below
audit log WARNING is created depending on the type of certificate
- *Host ${VdsName} certification is about to expire at
${ExpirationDate}. Please renew the host's certification.*
- *Engine's certification is about to expire at ${ExpirationDate}.
Please renew the engine's certification.*
- *Engine's CA certification is about to expire at ${ExpirationDate}.*

Regards,
Martin


>
>>
>>
>> Thanks,
>> k
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/3WK5CJYL3PXXCJJQKLEQCQJG5X2YA3XV/
>>
>
>
> --
>
> Sandro Bonazzola
>
> MANAGER, SOFTWARE ENGINEERING, EMEA R RHV
>
> Red Hat EMEA <https://www.redhat.com/>
>
> sbona...@redhat.com
> <https://www.redhat.com/>
>
> *Red Hat respects your work life balance. Therefore there is no need to
> answer this email out of your office hours.*
>
>
>

-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TMJVAJMH5MKUVRTSZG2BB46QKXYI6M2D/


[ovirt-users] Re: OVIRT mirrors

2022-01-03 Thread Martin Perina
Hi,

I've created CPDEVOPS-434 <https://issues.redhat.com/browse/CPDEVOPS-434>
ticket to track that issue.

Martin


On Mon, Jan 3, 2022 at 1:41 AM Andy via Users  wrote:

> Not optimal but yep the work around is working.  Thanks for the info
> On Sunday, January 2, 2022, 07:22:35 PM EST, Jillian Morgan <
> jillian.mor...@primordial.ca> wrote:
>
>
> I ran into the same problem this evening. It looks like the Let's Encrypt
> certificate for resources.ovirt.org expired early this morning. Who knows
> why their auto-renewal automation has failed. This might also be the reason
> why the main mirrorlist site (used by default in the dnf repo files) is
> failing.
>
> NON-RECOMMENDED TEMPORARY WORKAROUND: If you wish to be _unsafe_ and
> accept that their cert just expired, you can add "sslverify=0" to the
> ovirt-4.4.repo file, comment out the mirrorlist, enable the baseurl, and
> then a retry will succeed.
>
> --
> Jillian Morgan (she/her)
> Systems & Networking Specialist
> Primordial Software Group & I.T. Consultancy
> https://www.primordial.ca
>
>
> On Sun, 2 Jan 2022 at 14:19, Andy via Users  wrote:
>
> Are the OVERT mirrors down?  I am receiving the following error trying to
> update some of my systems.
>
> Errors during downloading metadata for repository 'ovirt-4.4':
>   - Status code: 500 for
> https://mirrorlist.ovirt.org/mirrorlist-ovirt-4.4-el8 (IP: 8.43.85.224)
> Error: Failed to download metadata for repo 'ovirt-4.4': Cannot prepare
> internal mirrorlist: Status code: 500 for
> https://mirrorlist.ovirt.org/mirrorlist-ovirt-4.4-el8 (IP: 8.43.85.224)
>
>
> Going to the link:
>
> https://mirrorlist.ovirt.org/mirrorlist-ovirt-4.4-el8
>
> Proxy Error The proxy server could not handle the request *GET 
> /mirrorlist-ovirt-4.4-el8
> <https://mirrorlist.ovirt.org/mirrorlist-ovirt-4.4-el8>*.
>
> Reason: *Error during SSL Handshake with remote server*
>
> thanks
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZHKFTD5TE5PO7Z7JQTKDY3VYFATAOMEV/
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/PVHEE5TPX6ZAMNINLEO6LFZ5D443PXNE/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UL6PZPDWLMOHFBCZJHJBLLCWTA3TWLHZ/


[ovirt-users] Re: oVirt and log4j vulnerability

2021-12-13 Thread Martin Perina
On Mon, Dec 13, 2021 at 2:46 PM Derek Atkins  wrote:

>
> On Mon, December 13, 2021 8:04 am, Gianluca Cecchi wrote:
> >>
> > If I understood correctly reading here:
> >
> https://blog.qualys.com/vulnerabilities-threat-research/2021/12/10/apache-log4j2-zero-day-exploited-in-the-wild-log4shell
> >
> > you are protected by the RCE if java is 1.8 and greater than 1.8.121
> > (released on 2017)
>
> Do you mean 1.8.0.121?  For example, my system has:
>
> java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64
>

If you are still on oVirt 4.3, which is using OpenJDK 1.8, then you should
have installed java-1.8.0-openjdk-1.8.0.312.b07-1.el7_9.x86_64.

If you are on oVirt 4.4, which is using OpenJDK 11, then you should have
installed java-11-openjdk-headless-11.0.13.0.8-3.el8_5.x86_64


> -derek
>
> --
>Derek Atkins 617-623-3745
>de...@ihtfp.com www.ihtfp.com
>Computer and Internet Security Consultant
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/32PPOVQZRSIMCQMPVKZAKRZITIGGZ774/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/NRHOYBOOEQV2GKHS5WZ4ZQNAFCZZQQKT/


[ovirt-users] Re: upgrade dependency issues

2021-10-26 Thread Martin Perina
Hi,

you will need to switch to CentOS Stream 8 now to finish the upgrade (or
wait for CentOS 8.5 + AV 8.5 release), which is going to include version
rhel-system-roles 1.7.3:

https://pkgs.org/download/rhel-system-roles

Regards,
Martin


On Mon, Oct 25, 2021 at 9:34 PM John Florian  wrote:

> On the engine:
>
> repo id repo name
> appstream CentOS Linux 8 - AppStream
> baseos CentOS Linux 8 - BaseOS
> doubledog doubledog on EL 8 - released
> epel Extra Packages for Enterprise Linux 8 - x86_64
> epel-modular Extra Packages for Enterprise Linux Modular 8 - x86_64
> extras CentOS Linux 8 - Extras
> local-AppStream doubledog mirror of CentOS-8 - AppStream
> local-BaseOS doubledog mirror of CentOS-8 - Base
> local-extras doubledog mirror of CentOS-8 - Extras
> ovirt-4.4 Latest oVirt 4.4 Release
> ovirt-4.4-advanced-virtualization Advanced Virtualization packages for
> x86_64
> ovirt-4.4-centos-ceph-pacific Ceph packages for x86_64
> ovirt-4.4-centos-gluster8 CentOS-8 - Gluster 8
> ovirt-4.4-centos-nfv-openvswitch CentOS-8 - NFV OpenvSwitch
> ovirt-4.4-centos-opstools CentOS-8 - OpsTools - collectd
> ovirt-4.4-centos-ovirt44 CentOS-8 - oVirt 4.4
> ovirt-4.4-copr:copr.fedorainfracloud.org:sac:gluster-ansible Copr repo
> for gluster-ansible owned by sac
> ovirt-4.4-copr:copr.fedorainfracloud.org:sbonazzo:EL8_collection Copr
> repo for EL8_collection owned by sbonazzo
> ovirt-4.4-epel Extra Packages for Enterprise Linux 8 - x86_64
> ovirt-4.4-openstack-victoria OpenStack Victoria Repository
> ovirt-4.4-virtio-win-latest virtio-win builds roughly matching what will
> be shipped in upcoming RHEL
> powertools CentOS Linux 8 - PowerTools
>
> and on one of the hosts:
>
> repo id repo name
> appstream CentOS Linux 8 - AppStream
> baseos CentOS Linux 8 - BaseOS
> dell-system-update_dependent dell-system-update_dependent
> dell-system-update_independent dell-system-update_independent
> extras CentOS Linux 8 - Extras
> local-AppStream doubledog mirror of CentOS-8 - AppStream
> local-BaseOS doubledog mirror of CentOS-8 - Base
> local-extras doubledog mirror of CentOS-8 - Extras
> ovirt-4.4 Latest oVirt 4.4 Release
> ovirt-4.4-advanced-virtualization Advanced Virtualization packages for
> x86_64
> ovirt-4.4-centos-ceph-pacific Ceph packages for x86_64
> ovirt-4.4-centos-gluster8 CentOS-8 - Gluster 8
> ovirt-4.4-centos-nfv-openvswitch CentOS-8 - NFV OpenvSwitch
> ovirt-4.4-centos-opstools CentOS-8 - OpsTools - collectd
> ovirt-4.4-centos-ovirt44 CentOS-8 - oVirt 4.4
> ovirt-4.4-copr:copr.fedorainfracloud.org:sac:gluster-ansible Copr repo
> for gluster-ansible owned by sac
> ovirt-4.4-copr:copr.fedorainfracloud.org:sbonazzo:EL8_collection Copr
> repo for EL8_collection owned by sbonazzo
> ovirt-4.4-epel Extra Packages for Enterprise Linux 8 - x86_64
> ovirt-4.4-openstack-victoria OpenStack Victoria Repository
> ovirt-4.4-virtio-win-latest virtio-win builds roughly matching what will
> be shipped in upcoming RHEL
> powertools CentOS Linux 8 - PowerTools
>
>
> The local-* repos are on-site mirrors.  I've tried disabling them just
> to rule them out, but it made no difference.
>
> John Florian
>
> On 2021-10-25 15:07, Strahil Nikolov wrote:
> > Hi,
> >
> > what is the output from:
> > 'yum repolist' ?
> >
> > Best Regards,
> > Strahil Nikolov
> >
> >
> >
> >
> >
> > В понеделник, 25 октомври 2021 г., 17:12:58 ч. Гринуич+3, John Florian <
> jflor...@doubledog.org> написа:
> >
> >
> >
> >
> >
> >
> >
> > I recently upgrade my engine to 4.4.9 following the usual engine-setup
> procedure.  Once that was done, I tried to do a dnf upgrade to get
> everything else and found:
> >
> > Error: Problem: cannot install the best update candidate for package
> ovirt-engine-metrics-1.4.3-1.el8.noarch  - nothing provides
> rhel-system-roles >= 1.7.2-1 needed by
> ovirt-engine-metrics-1.4.4-1.el8.noarch(try to add '--skip-broken' to skip
> uninstallable packages or '--nobest' to use not only best candidate
> packages)
> >
> >
> >
> > I was also trying to update my hosts thru the GUI and that was failing
> also.  I couldn't find the right log with good details as to why, so I just
> tried to dnf upgrade from the shell to see what got reported and found:
> >
> > Error:  Problem 1: cannot install the best update candidate for package
> ovirt-host-dependencies-4.4.8-1.el8.x86_64  - nothing provides
> rsyslog-openssl needed by
> ovirt-host-dependencies-4.4.9-2.el8.x86_64 Problem 2: cannot install the
> best update candidate for package
> ovirt-hosted-engine-setup-2.5.3-1.el8.noarch  - nothing provides ovirt-host
> >= 4.5.0 needed by ovirt-hosted-engine-setup-2.5.4-1.el8.noarch  - nothing
> provides vdsm-python >= 4.50 needed by
> ovirt-hosted-engine-setup-2.5.4-1.el8.noarch Problem 3: cannot install the
> best update candidate for package vdsm-4.40.80.5-1.el8.x86_64  - nothing
> provides libvirt-daemon-kvm >= 7.6.0-2 needed by
> vdsm-4.40.90.3-1.el8.x86_64 Problem 4: package
> ovirt-host-4.4.9-2.el8.x86_64 requires ovirt-host-dependencies =
> 

[ovirt-users] Re: Hosted Engine ansible runner artifacts cleanup

2021-10-06 Thread Martin Perina
On Wed, Oct 6, 2021 at 7:50 AM Yedidyah Bar David  wrote:

> On Tue, Oct 5, 2021 at 8:50 PM Erez Zarum  wrote:
> >
> > Hey,
> > No, i am talking about the ansible-runner artifacts, when the
> ovirt-engine runs a playbook (which is a task in the webui for example), it
> creates a folder in /usr/share/ovirt-engine/ansible-runner/artifacts for
> each run.
>
> Thanks for the clarification. I don't have
> /usr/share/ovirt-engine/ansible-runner/artifacts on my engine machine.
> Which version do you use? Perhaps file a bug in bugzilla and attach a
> sosreport.
>

Periodic artifact clean up has been added to ansible-runner-service 1.0.6:

https://github.com/ansible/ansible-runner-service/releases

But I highly recommend to upgrade to the latest version 1.0.7

>
> >
> > There's a config.yml in /etc/ansible-runner-service but for some reason
> it does not affect anything.
>
> What do you mean by that? Did you try changing it and saw that this
> does not affect it at all? Or a specific setting? Something else?
>
> Thanks and best regards,
> --
> Didi
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/RUTJT53TQWJD4CCMCVWXXFQHCKKSLIQN/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3LUCZOXMZWRJHZNUIE2FX4ISX7AGAYIZ/


[ovirt-users] Re: Inquiries regarding missing data in the calendar table created/inserted into the ovirt_engine_history DB.

2021-06-28 Thread Martin Perina
On Mon, Jun 28, 2021 at 7:15 AM  wrote:

> I recently discovered that the spark-line chart is not displayed in the
> dashboard of the ovirt admin page. As a result of looking up the code and
> query, the data of the calendar table in the ovirt_engine_history DB of
> ovirt-dwh was only available until 2021-01-01 00:00:00, so a query
> statement (
> https://github.com/oVirt/ovirt-engine/blob/master/frontend/webadmin/modules/frontend/src/main/resources/org/ovirt/engine/ui/frontend/server/dashboard/dao/HostDwhDAO.
> RIGHT OUTER JOIN of properties) was not getting the correct data. First,
> the existing "generate_series('2011-01-01 00:00'::timestamp, '2021-01-01
> 00:00', '1 hours')" part was temporarily modified and applied until 2051. ,
> it was confirmed that the spark-line chart was displayed normally.
>
> For this, is there a way I can directly edit the file (
> https://github.com/oVirt/ovirt-dwh/blob/master/packaging/dbscripts/upgrade/03_05_0060_updated_insert_calendar_table_values_script.sql)
> to commit or request a correction? I would like to know.
>

Hi,
You should not modify existing upgrade scripts, because:

1. They are overwritten on RPM package upgrade
2. They are not applied to the database, because we track which upgrade
scripts were already applied and perform only those new scripts which were
not yet applied during engine-setup

Could you please file a oVirt bug in https://bugzilla.redhat.com/ ?

Thanks,
Martin

___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/IDA2OUW4AYTYAAVI6WZFNC7ZLUBXYS3F/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RJDYZO54WZ7JBXWXDZWPSD5POFJ7PEQI/


[ovirt-users] Re: IPv6 Support

2021-06-28 Thread Martin Perina
On Mon, Jun 28, 2021 at 7:20 AM Ales Musil  wrote:

>
>
> On Sun, Jun 27, 2021 at 12:48 PM David White via Users 
> wrote:
>
>> Hello,
>>
>
> Hi,
>
>
>> Reading
>> https://www.ovirt.org/documentation/administration_guide/index.html#IPv6-networking-support-labels,
>> I see this tidbit:
>>
>>- Dual-stack addressing, IPv4 *and* IPv6, is not supported
>>- Switching clusters from IPv4 to IPv6 is not supported.
>>
>> If I'm understanding this correctly... does that mean I cannot run some
>> VMs with IPv4, and other VMs with IPv6, in the same cluster?
>>
>
> This applies mostly to host networking, there are cases when host
> networking dual stack works fine, the issue is that it has many quirks.
> oVirt cannot ensure that those quirks won't happen which might break your
> connection.
> In VM networks oVirt cares only for L2, with OVN it can also care for L3.
> So configuration on your VM networks is up to you.
> I can imagine that you could safely mix IPv4 and IPv6 for VM networks
> without breaking any hosts, but I did not try that personally.
>
>
>> If so, that's incredibly disappointing and frustrating.
>>
>> Is Dual-stack addressing a possible feature request?
>>
>
> You can fill RFE but I am afraid that it won't get far due to lack of
> manpower.
>

As mentioned above there are many things in dual stack which could be setup
incorrectly and thus breaking the whole oVirt. And it's almost impossible
to mention all possible corner cases into the documentation. So in general
dual stack should work, but due to above it just cannot be marked as
supported.

But if you encounter some issue when running dual stack feel free to file a
bug, so we can investigate.

>
>
>> IPv4 addresses are expensive... and I have a couple of customers who only
>> needs IPv6, so would really prefer to avoid having to pay for IPv4
>> addresses for them.
>>
>> Sent with ProtonMail <https://protonmail.com/> Secure Email.
>>
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/X2UCDQGR2ZBVHOTTJW6TSGJZ5XFDN5TZ/
>>
>
> Regards,
> Ales
>
>
> --
>
> Ales Musil
>
> Software Engineer - RHV Network
>
> Red Hat EMEA <https://www.redhat.com>
>
> amu...@redhat.comIM: amusil
> <https://red.ht/sig>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/BJLNRQSB23XKGOKZQJP75XIQPPWILFBJ/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XPEV5MOJMF4JFWWDAXY3QOMNRV6F2VGT/


[ovirt-users] Re: Requirements to put to cluster version 4.6

2021-06-08 Thread Martin Perina
On Tue, Jun 8, 2021 at 4:10 PM Gianluca Cecchi 
wrote:

> On Tue, Jun 8, 2021 at 3:53 PM Martin Perina  wrote:
>
>> Hi Gianluca,
>>
>> As mentioned in below RFE, EL 8.4 is not enough, you also need Advanced
>> Virtualization 8.4 (libvirt >= 7.0.0) and AFAIK this has not been released
>> upstream:
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=1933974
>>
>> So right now you can use 4.6 cluster level only on hosts running on
>> CentOS Stream.
>>
>> Also the error message tells you that all your Up hosts need to provide
>> EL + AV 8.4 features before you upgrade cluster level. But of course you
>> can upgrade them one by one, it's not required to put all hosts into
>> Maintenance before upgrade.
>>
>> Regards,
>> Martin
>>
>>
> OK, thanks for the note.
> Inside Doc Text of the bugzilla above there is:
> "
> New features available in compatibility 4.6 are tracked as separate bugs
> depending on this bug.
> "
> Have you the id of the bugs related to these new features provided in
> 4.4.6?
>

Relevant bugs are linked in Blocks field in Bugzilla:

*1669178* <https://bugzilla.redhat.com/show_bug.cgi?id=1669178> - [RFE] Q35
SecureBoot - Add ability to preserve variable store certificates
*1688177* <https://bugzilla.redhat.com/show_bug.cgi?id=1688177> - [RFE]
[SR-IOV] [Tech Preview RHV 4.4.6] Migration should not require downtime as
of today
*1821199* <https://bugzilla.redhat.com/show_bug.cgi?id=1821199> - HP VM
fails to migrate between identical hosts (the same cpu flags) not
supporting TSC
*1834250* <https://bugzilla.redhat.com/show_bug.cgi?id=1834250> - CPU
hotplug on UEFI VM causes VM reboot
*1892800* <https://bugzilla.redhat.com/show_bug.cgi?id=1892800> - NVDIMM:
VM hangs in wait for launch for more than 7 minutes before VM is up
*1906074* <https://bugzilla.redhat.com/show_bug.cgi?id=1906074> - [RFE]
Support disks copy between regular and managed block storage domains
*1927718* <https://bugzilla.redhat.com/show_bug.cgi?id=1927718> - [RFE]
Provide Reset option for VMs
*1936163* <https://bugzilla.redhat.com/show_bug.cgi?id=1936163> - Enable
bochs-display for UEFI guests by default
*1936164* <https://bugzilla.redhat.com/show_bug.cgi?id=1936164> - Enable
KVM Software TPM by default
*1950752* <https://bugzilla.redhat.com/show_bug.cgi?id=1950752> - [RFE][CBT]
redefine only the checkpoint that the backup is taken from and not the
entire chain



> BTW [OT]: is RHV-H 4.4.6 host image ready for cluster level 4.6 or not yet?
>

Yes, oVirt Node 4.4.6 is based CentOS Stream:

*1907833* <https://bugzilla.redhat.com/show_bug.cgi?id=1907833> - Rebase
oVirt Node on CentOS Stream 8


> Gianluca
>
>

-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QK24H4PKJQV7DLA6AYNVDPXQQEDTRMPC/


[ovirt-users] Re: Requirements to put to cluster version 4.6

2021-06-08 Thread Martin Perina
Hi Gianluca,

As mentioned in below RFE, EL 8.4 is not enough, you also need Advanced
Virtualization 8.4 (libvirt >= 7.0.0) and AFAIK this has not been released
upstream:

https://bugzilla.redhat.com/show_bug.cgi?id=1933974

So right now you can use 4.6 cluster level only on hosts running on CentOS
Stream.

Also the error message tells you that all your Up hosts need to provide EL
+ AV 8.4 features before you upgrade cluster level. But of course you can
upgrade them one by one, it's not required to put all hosts into
Maintenance before upgrade.

Regards,
Martin


On Tue, Jun 8, 2021 at 3:40 PM Gianluca Cecchi 
wrote:

> Hello,
> I updated all my 3 CentOS 4.4.5 hosts to 4.4.6.
> Or at least upgrading them from the GUI I see now they are on CentOS 8.4
> and:
> [root@ov200 ~]# rpm -qa| grep 4.4.6
> ovirt-release44-4.4.6.3-1.el8.noarch
> ovirt-host-4.4.6-1.el8.x86_64
> ovirt-host-dependencies-4.4.6-1.el8.x86_64
> [root@ov200 ~]#
>
> How to see from the webadmin GUI or from the Host Console that they are
> indeed 4.4.6?
>
> If I try to set cluster compatibility version to 4.6 I get:
>
> Error while executing action: Cannot change Cluster Compatibility Version
> to higher version when there are active Hosts with lower version.
> -Please move Host ov300, ov301, ov200 with lower version to maintenance
> first.
>
> I don't remember the need of giving downtime to get new cluster version...
>
> Or what are further requirements (and benefits) to upgrade to 4.6?
>
> Thanks,
> Gianluca
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/MKF7J6M2DC2H5YBDIDH455WAYBRBPPV6/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OFMND74PLYSNI5PY6ANBA3KHVM6DVYT5/


[ovirt-users] Re: How to create new users other than admin

2021-05-19 Thread Martin Perina
On Wed, May 19, 2021 at 2:05 PM Klaas Demter  wrote:

> Hi,
>
> I would recommend to use ansible, that way you can have your configuration
> as code.
>
>
> https://docs.ansible.com/ansible/latest/collections/ovirt/ovirt/ovirt_user_module.html#ansible-collections-ovirt-ovirt-ovirt-user-module
>

This only registers existing user provided by aaa-ldap or aaa-jdbc into
oVirt Engine, it cannot create new user.

>
> Greetings
>
> Klaas
>
>
> On 5/19/21 1:01 PM, Martin Perina wrote:
>
> Hi,
>
> ovirt-engine-extension-aaa-jdbc package is installed automatically as a
> part of oVirt Engine, so in order to use it, you need to SSH to oVirt
> Engine host/VM and execute ovirt-aaa-jdbc-tool locally:
>
>
> https://www.ovirt.org/documentation/administration_guide/index.html#sect-Administering_User_Tasks_From_the_commandline
>
> Anyway aaa-jdbc extension is useful mostl for small installations within
> organizations which don't have their users/groups provided on LDAP server.
> If your organization has LDAP server, then I suggest to use aaa-ldap
> extension:
>
>
> https://www.ovirt.org/documentation/administration_guide/index.html#Introduction_to_Directory_Servers
>
> Regards,
> Martin
>
>
> On Wed, May 19, 2021 at 12:30 PM  wrote:
>
>> Thank you Lucie,
>>
>> So if I understand correctly, we need to install the AAA JDBC tool as an
>> additional package on the server running the hosted engine?
>>
>> The link you sent me suggests that we have to run engine-setup? What
>> exactly does this mean and seems rather complicated for adding a new user.
>>
>> Anyways, I ran the command "ovirt-hosted-engine-setup" after googling a
>> bit and it prompted me to create a new VM with hosted engine. I followed
>> through by providing a FQDN from our DNS server. However, this procedure
>> failed to create the VM.
>>
>> Am I doing something wrong? Could you please elaborate what would be the
>> right steps here?
>>
>> Thank you
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PSOYTK7PWUUJPSVIKAEEUQY4D4PYJYV/
>>
>
>
> --
> Martin Perina
> Manager, Software Engineering
> Red Hat Czech s.r.o.
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/UPKFCVTLZEV3ZQ3AQ7DSMVFXF744UVGC/
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/CLHZCOPAQP3TFAYLDBS5J54DRUDVOQDI/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QBFRP4CL2TJMU5LZ5GE52QX7T7NH7IQZ/


[ovirt-users] Re: How to create new users other than admin

2021-05-19 Thread Martin Perina
Hi,

ovirt-engine-extension-aaa-jdbc package is installed automatically as a
part of oVirt Engine, so in order to use it, you need to SSH to oVirt
Engine host/VM and execute ovirt-aaa-jdbc-tool locally:

https://www.ovirt.org/documentation/administration_guide/index.html#sect-Administering_User_Tasks_From_the_commandline

Anyway aaa-jdbc extension is useful mostl for small installations within
organizations which don't have their users/groups provided on LDAP server.
If your organization has LDAP server, then I suggest to use aaa-ldap
extension:

https://www.ovirt.org/documentation/administration_guide/index.html#Introduction_to_Directory_Servers

Regards,
Martin


On Wed, May 19, 2021 at 12:30 PM  wrote:

> Thank you Lucie,
>
> So if I understand correctly, we need to install the AAA JDBC tool as an
> additional package on the server running the hosted engine?
>
> The link you sent me suggests that we have to run engine-setup? What
> exactly does this mean and seems rather complicated for adding a new user.
>
> Anyways, I ran the command "ovirt-hosted-engine-setup" after googling a
> bit and it prompted me to create a new VM with hosted engine. I followed
> through by providing a FQDN from our DNS server. However, this procedure
> failed to create the VM.
>
> Am I doing something wrong? Could you please elaborate what would be the
> right steps here?
>
> Thank you
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PSOYTK7PWUUJPSVIKAEEUQY4D4PYJYV/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UPKFCVTLZEV3ZQ3AQ7DSMVFXF744UVGC/


[ovirt-users] Re: Ovirt 4.4.6 - Automate disable of default reboot of host add

2021-05-05 Thread Martin Perina
Hi Don,

Python SDK is backward compatible, so if you upgrade it to 4.4, you can use
it for older oVirt engines from 4.0.

Martin


On Wed, 5 May 2021, 17:06 Don Dupuis,  wrote:

> Martin
>
> That was my problem. While the engine and my host had the correct version
> of sdk4, the server that I run my automation scripts from had a too old
> version.
>
> Thanks
> Don
>
> On Wed, May 5, 2021 at 4:20 AM Martin Perina  wrote:
>
>> Hi,
>>
>> unfortunately we have an issue around generating Python SDK
>> documentation, so reboot parameter is not mentioned there yet:
>>
>>
>> http://ovirt.github.io/ovirt-engine-sdk/4.4/services.m.html#ovirtsdk4.services.HostsService.add
>>
>> Below code snippet looks good, but please make sure that you are using
>> python-ovirt-engine-sdk4 >= 4.4.10, which added support for reboot
>> parameter.
>>
>> Regards,
>> Martin
>>
>>
>> On Wed, May 5, 2021 at 4:17 AM Don Dupuis  wrote:
>>
>>> Below is my Add_host routine with reboot=False and my host will still
>>> reboot on install. What am I doing wrong? It is not giving me errors.
>>>
>>> def Add_host():
>>> hosts_service = connection.system_service().hosts_service()
>>>
>>> # Add the host:
>>> host = hosts_service.add(
>>> types.Host(
>>> name='%s' % HOSTNAME,
>>> description='%s A Hypervisor' % HOSTNAME,
>>> address='%s.%s' % (HOSTNAME, DOMAINNAME),
>>> root_password='password',
>>> cluster=types.Cluster(
>>> name='%s-Locall' % HOSTNAME,
>>> ),
>>> ),
>>> reboot=False,
>>> )
>>>
>>
>>
>>> host_service = hosts_service.host_service(host.id)
>>> while True:
>>> time.sleep(5)
>>> host = host_service.get()
>>> if host.status == types.HostStatus.UP:
>>> break
>>>
>>>
>>>
>>> On Tue, May 4, 2021 at 12:15 AM Yedidyah Bar David 
>>> wrote:
>>>
>>>> On Mon, May 3, 2021 at 6:52 PM Don Dupuis  wrote:
>>>> >
>>>> > Can you tell me where the default of reboot on install is set as this
>>>> wasn't this way in 4.3? I don't see an option in engine-config for this and
>>>> I have looked through the ansible files on my engine vm.
>>>>
>>>> Not sure it's possible to change the default. Adding Dana.
>>>>
>>>> See also:
>>>>
>>>> https://bugzilla.redhat.com/show_bug.cgi?id=1853906
>>>>
>>>> Best regards,
>>>> --
>>>> Didi
>>>>
>>>> ___
>>> Users mailing list -- users@ovirt.org
>>> To unsubscribe send an email to users-le...@ovirt.org
>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>>> oVirt Code of Conduct:
>>> https://www.ovirt.org/community/about/community-guidelines/
>>> List Archives:
>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/QUBDPSF2UNVCLMY5E6DKJYFCI5VBI6KY/
>>>
>>
>>
>> --
>> Martin Perina
>> Manager, Software Engineering
>> Red Hat Czech s.r.o.
>>
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/IIGJTRD5JQAT3TKPH2VV7RXUWEVV66DB/


[ovirt-users] Re: Ovirt 4.4.6 - Automate disable of default reboot of host add

2021-05-05 Thread Martin Perina
Hi,

unfortunately we have an issue around generating Python SDK documentation,
so reboot parameter is not mentioned there yet:

http://ovirt.github.io/ovirt-engine-sdk/4.4/services.m.html#ovirtsdk4.services.HostsService.add

Below code snippet looks good, but please make sure that you are using
python-ovirt-engine-sdk4 >= 4.4.10, which added support for reboot
parameter.

Regards,
Martin


On Wed, May 5, 2021 at 4:17 AM Don Dupuis  wrote:

> Below is my Add_host routine with reboot=False and my host will still
> reboot on install. What am I doing wrong? It is not giving me errors.
>
> def Add_host():
> hosts_service = connection.system_service().hosts_service()
>
> # Add the host:
> host = hosts_service.add(
> types.Host(
> name='%s' % HOSTNAME,
> description='%s A Hypervisor' % HOSTNAME,
> address='%s.%s' % (HOSTNAME, DOMAINNAME),
> root_password='password',
> cluster=types.Cluster(
> name='%s-Locall' % HOSTNAME,
> ),
> ),
> reboot=False,
> )
>


> host_service = hosts_service.host_service(host.id)
> while True:
> time.sleep(5)
> host = host_service.get()
> if host.status == types.HostStatus.UP:
> break
>
>
>
> On Tue, May 4, 2021 at 12:15 AM Yedidyah Bar David 
> wrote:
>
>> On Mon, May 3, 2021 at 6:52 PM Don Dupuis  wrote:
>> >
>> > Can you tell me where the default of reboot on install is set as this
>> wasn't this way in 4.3? I don't see an option in engine-config for this and
>> I have looked through the ansible files on my engine vm.
>>
>> Not sure it's possible to change the default. Adding Dana.
>>
>> See also:
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=1853906
>>
>> Best regards,
>> --
>> Didi
>>
>> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/QUBDPSF2UNVCLMY5E6DKJYFCI5VBI6KY/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ERXDH3ZBC5BTQK6ZF36SH6OG24D4NRVF/


[ovirt-users] Re: How to update ovirt-sdk

2021-04-22 Thread Martin Perina
On Wed, Apr 21, 2021 at 6:51 PM Miguel Garcia 
wrote:

> The command you describe above seems to be for CentOS8 while the system we
> use is CentOS7.
>

On CentOS 7 you need to use 'yum' instead of 'dnf', but the rest is the
same.

>
> Is python3-ovirt-engie-sdk4 is supported for centos7?
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/JVBW4SYMBMJZMXIKZXONHMUZ5DDMJNH2/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JXG7GB2JR57CPFONCVXGV65KVY7I5SLS/


[ovirt-users] Re: Ansible ovirt.ovirt_vm nics

2021-04-22 Thread Martin Perina
Hi Matthew,

Could you please share with us your playbook? Which ansible version are you
using? Are you using ovirt_vm module from oVirt Ansible Collection which
contains newer versions than the ovirt_vm module included in Ansible 2.9?

https://docs.ansible.com/ansible/latest/collections/ovirt/ovirt/ovirt_vm_module.html

Thanks,
Martin


On Thu, Apr 22, 2021 at 9:28 AM matthew.st...@fujitsu.com <
matthew.st...@fujitsu.com> wrote:

> The ‘nics’ section of ovirt_vm is vague and with nearly no examples.
>
>
>
> My playbook is based upon
> https://blogs.oracle.com/scoter/ansible-with-oracle-linux-virtualization-manager-olvm
>
>
>
> I’ve made several modifications, (more default) and added a few lines,
> which I believe is supposed to assign vnic profiles to the primary vnic
> (nic1), based upon the definition of ‘vm_nic1_profile’ defined in an
> included ‘ini’ file. (the profile defaulting to blank if it is not defined
> in the ini file.)
>
>
>
> It isn’t doing its job.
>
>
>
>   nics:
>
> -   name: “nic1”
>
> profile_name: "{{ hostvars[item]['vm_nic1_profile'] | default('') }}”
>
>
>
>
>
> The playbook runs without complaint.  If I run it with option ‘-vvv’ part
> of the output lists the variables, but the ‘nics’ variable is an empty list
> (nics[])
>
>
>
> Any hints on what I’m doing wrong?   I’ve checked the forum, but it tends
> to strip leading spaces, which is bad for indent sensitive code.
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/MEZLXGSSRCRJRSMME7J3Y5XQ2AGYUWI4/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QMSHJMWEBMBHKTBL4GQJYBFOZXILSVUB/


[ovirt-users] Re: How to update ovirt-sdk

2021-04-21 Thread Martin Perina
Hi,

According to the packages below you are using Python SDK v3, which has been
deprecated in oVirt 4.0. You need to install Python SDK v4 using below:

dnf install python3-ovirt-engine-sdk4

Regards,
Martin


On Tue, Apr 20, 2021 at 5:27 PM Miguel Garcia 
wrote:

> We integrate jenkins to launch vms dynamically to run smoketest from our
> builds but now we receive the following problem:
>
> "msg": "ovirtsdk4 version 4.3.0 or higher is required for this module"
>
> I had installed following packages in CentOs7
> ovirt-engine-sdk-java.noarch  3.6.10.0-1.el7   epel
> ovirt-engine-sdk-java-javadoc.noarch  3.6.10.0-1.el7   epel
> ovirt-engine-sdk-python.noarch3.6.9.1-1.el7epel
>
> I tired to use yum upgrade but did not report more recent version from
> ovirt-sdk.
>
> How can I upgrade/install ovirt-sdk to version 4.3?
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/JHCE5VSXQI7KTCOM72DGQ4GZ4HXC34PJ/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/G6LVJC7LAE67N63ICPCBAK2IVVE4XCCA/


[ovirt-users] Re: oVirt 4.4.4 not dislaying Sign-on Screen

2021-03-11 Thread Martin Perina
Hi,

Could you please create a bug for the oVirt project on
https://bugzilla.redhat.com and attach logs from your oVirt Engine using
sos logcollector?

https://www.ovirt.org/documentation/administration_guide/#sect-The_Log_Collector_Tool

Thanks,
Martin


On Thu, Mar 11, 2021 at 11:40 PM  wrote:

> I've re-installed oVirt 4.4.4 without capital letter, I continue to get
> the same results.   Do you have any idea of where to start looking for a
> solution?  What could the error message "Internal Server Error" be coming
> from, "oVirt", "FireFox Browser" or "Apache Server".  Where do I start
> looking?  Nothing seems to be working at this point, my OS is "RHEL 8.3"
> with all security patches and fixes applied.
>
> Can you think anything or a place to start working towards a solution?
>
> Thanks
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/4VIE4ZHHHUZKBEPJH55BSU6JEUEKE6WD/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XISLCUMZK25RZYGMLC4HFKUWMA5I3IG4/


[ovirt-users] Re: How to configure Power Management Fence Protocol for Libvirtd VM ?

2021-01-23 Thread Martin Perina
st
>
> Id   Name   State
>
> --
>
> 26   3.ohost1   running
>
> 27   3.ohost2   running
>
> 28   3.ohost3   running
>
>
>
> *The ooengh1 and ooengh2 are configured for hosted-engine, and ohst1
> ohost2 ohost3 are configured for KVM server.*
>
>
>
> *Now, I want to test the Power Management service using my test env, how
> can I choose the fence protocol ?*
>
>
>
>
>
>
>
>
>
>
>
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/NKGEEQYZQU4IUP3SB6BDKEDOVHEFJ7FJ/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/73LFMPHUU47IC6BQC7MMIB2DOJPFWA6D/


[ovirt-users] Re: OVirt rest api 4.3. How do you get the job id started by the async parameter

2021-01-23 Thread Martin Perina
Hi Ori,

could you please take a look?

Thanks,
Martin

On Thu, Jan 21, 2021 at 9:52 PM  wrote:

> I am using the rest api to create a VM, because the VM is cloned from the
> template and it takes a long time, I am also passing the async parameters
> hoping to receive back a job id, which I could then query
>
> https://x/ovirt-engine/api/vms?async=true=true
>
> however I get the new VM record which is fine but then I have no way of
> knowing the job id I should query to know when it is finished. And looking
> at all jobs there is no reference back to the VM execept for the description
>
>
>   id="d17125c7-6668-4b6c-ad22-95121cb66a31">
> 
>href="/ovirt-engine/api/jobs/d17125c7-6668-4b6c-ad22-95121cb66a31/clear"
> rel="clear"/>
>href="/ovirt-engine/api/jobs/d17125c7-6668-4b6c-ad22-95121cb66a31/end"
> rel="end"/>
> 
> Creating VM DEMO-PCC-4 from Template
> MASTER-W10-20H2-CDrive in Cluster d1-c2
>  href="/ovirt-engine/api/jobs/d17125c7-6668-4b6c-ad22-95121cb66a31/steps"
> rel="steps"/>
> true
> false
> 2021-01-21T12:49:06.700-08:00
> 2021-01-21T12:48:59.453-08:00
> started
>  href="/ovirt-engine/api/users/0f2291fa-872a-11e9-b13c-00163e449339"
> id="0f2291fa-872a-11e9-b13c-00163e449339"/>
>   
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/TGZQLI55EFZOSEBNEU5CCBDZ2EDXMINQ/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SETMGF2ZNYGU6OJKJAY7WRPKTWUQGF7F/


[ovirt-users] Re: Ovirt and Vagrant

2021-01-05 Thread Martin Perina
On Tue, Jan 5, 2021 at 7:56 PM Strahil Nikolov via Users 
wrote:

> В 10:41 -0400 на 05.01.2021 (вт), Gervais de Montbrun написа:
>
> Thanks for the feedback. Are you using ansible to launch the vm from the
> template, or to provision the template once it is up?
>
> I was cloning VMs from a template, but as I'm still on oVirt 4.3 - I
> cannot use this approach with EL8 (only oVirt 4.4 can seal EL8 Templates).
> I'm now building VMs and creating snapshots, as I can easily revert back
> any changes and start new stuff.
>
>
> I think Ansible is the most popular and supported choice for managing oVirt. 
> Yet, I like the idea for Terraform.
>
>
We also have oVirt Terraform provider
https://github.com/oVirt/terraform-provider-ovirt
It doesn't yet have the coverage of oVirt Ansible Collection, so any
contribution is welcome.

>
> Best Regards,
>
> Strahil Nikolov
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/HFM6DESX7CHTCHG37PIHJBSLPT46XAOX/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7ZCNHGG3MWHW4HCBSRXI2VXPYUW6VSXN/


[ovirt-users] Re: Ovirt and Vagrant

2021-01-05 Thread Martin Perina
Hi Gervais,

Have you checked examples for the ovirt_vm module?

https://docs.ansible.com/ansible/latest/collections/ovirt/ovirt/ovirt_vm_module.html

Or if you need something more "high level" there is also vm_infra role:

https://github.com/oVirt/ovirt-ansible-collection/tree/master/roles/vm_infra

Both are provided by oVirt Ansible Collection, which is a preferred and
supported solution for automated management of oVirt installations.

Regards,
Martin


On Tue, Jan 5, 2021 at 4:06 PM Gervais de Montbrun 
wrote:

> Thanks for the feedback. Are you using ansible to launch the vm from the
> template, or to provision the template once it is up?
>
> We have 15+ developers bringing up vm's for a variety of different
> environments (like 80) for different, custom configurations of client
> environments. Vagrant is really just to stand up (suspend, destroy) the vms
> and then puppet runs on them to apply custom configuration.
>
> I noticed Terraform support. I suspect that it would be a ton of work for
> us to switch to it.
>
> Cheers,
> Gervais
>
>
>
> On Jan 5, 2021, at 12:33 AM, Strahil Nikolov via Users 
> wrote:
>
>
> I wonder what other folks are using or if someone has any suggestions to
> offer.
>
>
> I'm using Ansible do deploy some stuff from templates.
> I think that terraform is also used with oVirt, so you can give it a try.
>
> Best Regards,
> Strahil Nikolov
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/MUM7MMOZTU54HSGAEOME7PDW4FMA7QQW/
>
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/WSBBX7K6MUWA44KOR35FHFDI2PL6OM3Q/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7WK44KUE6SGUTWU7MYESZEVWGA3STOVV/


[ovirt-users] Re: Cannot upgrade cluster to v4.5 (All hosts are CentOS 8.3.2011)

2020-12-16 Thread Martin Perina
On Wed, Dec 16, 2020 at 4:59 PM Gilboa Davara  wrote:

> Thanks for the prompt reply.
> I assume I can safely ignore the "Upgrade cluster compatibility" warning
> until libvirt 6.6 gets pushed to CentOS 8.3?
>

We are working on releasing AV 8.3, hopefully it will be available soon,
but until that happen you have no way how to upgrade to CL 4.5 and you just
need to stay in 4.4

>
> - Gilboa
>
> On Wed, Dec 16, 2020 at 5:56 PM Martin Perina  wrote:
>
>>
>>
>> On Wed, Dec 16, 2020 at 2:25 PM Gilboa Davara  wrote:
>>
>>> Shani,
>>>
>>> 1. I created a new 4.5 cluster with the same CPU (Secure Intel
>>> Cascadelake Server Family) and platform type (Q35/BIOS).
>>> 2. All 3 hosts are 8.3, but report 4.4 compatibility.
>>> 3. The only reason I attempted to upgrade the cluster was simple: The
>>> cluster state kept on dropping down to "unavailable" (even though all 3
>>> hosts are up) and I was offered to upgrade the cluster to v4.5.
>>>
>>> - Gilboa
>>>
>>> On Wed, Dec 16, 2020 at 1:28 PM Shani Leviim  wrote:
>>>
>>>> Hi Gilboa,
>>>>
>>>> Here are some guidelines/checks:
>>>> - Are you able to create a 4.5 DC/cluster?
>>>> - Host can be Up in the 4.5 clusters only when it reports 4.5 level
>>>> compatibility (it's based on RHEL 8.3).
>>>>   Can you make sure that on all 3 hosts?
>>>> - You can upgrade the 4.4 clusters to 4.5 only when all
>>>> Up/NonOperational hosts are reporting 4.5 level
>>>> - You can upgrade 4.4 DC to 4.5 only when all clusters inside are on
>>>> the 4.5 level
>>>> - A 4.5 host-based on RHEL 8.3 should be fully functional in
>>>> 4.2/4.3/4.4 clusters
>>>>
>>>>
>>>>
>>>> *Regards,*
>>>>
>>>> *Shani Leviim*
>>>>
>>>>
>>>> On Wed, Dec 16, 2020 at 12:53 PM Gilboa Davara 
>>>> wrote:
>>>>
>>>>> Hello all,
>>>>>
>>>>> I'm more-or-less finished building a new ovirt over glusterfs cluster
>>>>> with 3 fairly beefy servers.
>>>>> Nodes were fully upgraded to CentOS Linux release 8.3.2011 before they
>>>>> joined the cluster.
>>>>> Looking at the cluster view in the WebUI, I get an exclamation mark
>>>>> with the following message: "Upgrade cluster compatibility level".
>>>>> When I try to upgrade the cluster, 2 of the 3 hosts go into
>>>>> maintenance and reboot, but once the procedure is complete, the cluster
>>>>> version remains the same.
>>>>> Looking at the host vdsm logs, I see that once the engine refreshes
>>>>> their capabilities, all hosts return 4.2-4.4 and not 4.5.
>>>>>
>>>>> E.g.
>>>>>  'supportedENGINEs': ['4.2', '4.3', '4.4'], 'clusterLevels': ['4.2',
>>>>> '4.3', '4.4']
>>>>> I assume I should be seeing 4.5 after the upgrade, no?
>>>>>
>>>>> AmI missing something?
>>>>>
>>>>
>> EL 8.3 is not enough, you also need Advanced Virtualization 8.3 (in
>> particular libvirt 6.6)
>>
>>>
>>>>> Thanks,
>>>>> - Gilboa
>>>>> _______
>>>>> Users mailing list -- users@ovirt.org
>>>>> To unsubscribe send an email to users-le...@ovirt.org
>>>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>>>>> oVirt Code of Conduct:
>>>>> https://www.ovirt.org/community/about/community-guidelines/
>>>>> List Archives:
>>>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/7CCUHPEGVZD3BBLBDTOCHG5J6EEG5DE2/
>>>>>
>>>> ___
>>> Users mailing list -- users@ovirt.org
>>> To unsubscribe send an email to users-le...@ovirt.org
>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>>> oVirt Code of Conduct:
>>> https://www.ovirt.org/community/about/community-guidelines/
>>> List Archives:
>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/RMZ3S64FFIOFTRBQOWVTTLCRJJA65EMJ/
>>>
>>
>>
>> --
>> Martin Perina
>> Manager, Software Engineering
>> Red Hat Czech s.r.o.
>>
>

-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/EEMTSO56TO2SX5HMTQCLYOZBBXCSAI2O/


[ovirt-users] Re: Cannot upgrade cluster to v4.5 (All hosts are CentOS 8.3.2011)

2020-12-16 Thread Martin Perina
On Wed, Dec 16, 2020 at 2:25 PM Gilboa Davara  wrote:

> Shani,
>
> 1. I created a new 4.5 cluster with the same CPU (Secure Intel Cascadelake
> Server Family) and platform type (Q35/BIOS).
> 2. All 3 hosts are 8.3, but report 4.4 compatibility.
> 3. The only reason I attempted to upgrade the cluster was simple: The
> cluster state kept on dropping down to "unavailable" (even though all 3
> hosts are up) and I was offered to upgrade the cluster to v4.5.
>
> - Gilboa
>
> On Wed, Dec 16, 2020 at 1:28 PM Shani Leviim  wrote:
>
>> Hi Gilboa,
>>
>> Here are some guidelines/checks:
>> - Are you able to create a 4.5 DC/cluster?
>> - Host can be Up in the 4.5 clusters only when it reports 4.5 level
>> compatibility (it's based on RHEL 8.3).
>>   Can you make sure that on all 3 hosts?
>> - You can upgrade the 4.4 clusters to 4.5 only when all Up/NonOperational
>> hosts are reporting 4.5 level
>> - You can upgrade 4.4 DC to 4.5 only when all clusters inside are on the
>> 4.5 level
>> - A 4.5 host-based on RHEL 8.3 should be fully functional in 4.2/4.3/4.4
>> clusters
>>
>>
>>
>> *Regards,*
>>
>> *Shani Leviim*
>>
>>
>> On Wed, Dec 16, 2020 at 12:53 PM Gilboa Davara  wrote:
>>
>>> Hello all,
>>>
>>> I'm more-or-less finished building a new ovirt over glusterfs cluster
>>> with 3 fairly beefy servers.
>>> Nodes were fully upgraded to CentOS Linux release 8.3.2011 before they
>>> joined the cluster.
>>> Looking at the cluster view in the WebUI, I get an exclamation mark with
>>> the following message: "Upgrade cluster compatibility level".
>>> When I try to upgrade the cluster, 2 of the 3 hosts go into maintenance
>>> and reboot, but once the procedure is complete, the cluster version remains
>>> the same.
>>> Looking at the host vdsm logs, I see that once the engine refreshes
>>> their capabilities, all hosts return 4.2-4.4 and not 4.5.
>>>
>>> E.g.
>>>  'supportedENGINEs': ['4.2', '4.3', '4.4'], 'clusterLevels': ['4.2',
>>> '4.3', '4.4']
>>> I assume I should be seeing 4.5 after the upgrade, no?
>>>
>>> AmI missing something?
>>>
>>
EL 8.3 is not enough, you also need Advanced Virtualization 8.3 (in
particular libvirt 6.6)

>
>>> Thanks,
>>> - Gilboa
>>> ___
>>> Users mailing list -- users@ovirt.org
>>> To unsubscribe send an email to users-le...@ovirt.org
>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>>> oVirt Code of Conduct:
>>> https://www.ovirt.org/community/about/community-guidelines/
>>> List Archives:
>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/7CCUHPEGVZD3BBLBDTOCHG5J6EEG5DE2/
>>>
>> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/RMZ3S64FFIOFTRBQOWVTTLCRJJA65EMJ/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YIYBNDNOR4RKDQFBUVKTDSIFAZBTLLK3/


[ovirt-users] Re: fence_xvm for testing

2020-12-15 Thread Martin Perina
On Tue, Dec 15, 2020 at 12:59 PM Alex K  wrote:

>
>
> On Tue, Dec 15, 2020 at 1:43 PM emesika  wrote:
>
>> The problem is that the custom fencing configuration is not defined well
>>
>> Please follow [1] and retry
>>
>> [1]
>> https://www.ovirt.org/develop/developer-guide/engine/custom-fencing.html
>>
> Yes, I followed that.
> I cannot see what I am missing:
>
> [root@manager ~]# engine-config -g CustomVdsFenceType
> CustomVdsFenceType: fence_xvm version: general
> [root@manager ~]# engine-config -g CustomFenceAgentMapping
> CustomFenceAgentMapping: fence_xvm=xvm version: general
> [root@manager ~]# engine-config -g CustomVdsFenceOptionMapping
> CustomVdsFenceOptionMapping: fence_xvm: version: general
>
>
>>
>> On Tue, Dec 15, 2020 at 12:56 PM Alex K  wrote:
>>
>>>
>>>
>>> On Tue, Dec 15, 2020 at 12:34 PM Martin Perina 
>>> wrote:
>>>
>>>>
>>>>
>>>> On Tue, Dec 15, 2020 at 11:18 AM Alex K 
>>>> wrote:
>>>>
>>>>>
>>>>>
>>>>> On Tue, Dec 15, 2020 at 11:59 AM Martin Perina 
>>>>> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> could you please provide engine.log? And also vdsm.log from a host
>>>>>> which was acting as a fence proxy?
>>>>>>
>>>>>
>>>>> At proxy host (kvm1) I see the following vdsm.log:
>>>>>
>>>>> 2020-12-15 10:13:03,933+ INFO  (jsonrpc/0) [jsonrpc.JsonRpcServer]
>>>>> RPC call Host.fenceNode failed (error 1) in 0.01 seconds (__init__:312)
>>>>> 2020-12-15 10:13:04,376+ INFO  (jsonrpc/7) [jsonrpc.JsonRpcServer]
>>>>> RPC call Host.fenceNode failed (error 1) in 0.01 seconds (__init__:312)
>>>>>
>>>>
>>>> Isn't there stdout and stderr content of fence_xvm execution a few
>>>> lines above, which should reveal the exact error? If not, then could you
>>>> please turn on debug logging using below command:
>>>>
>>>> vdsm-client Host setLogLevel level=DEBUG
>>>>
>>>> This should be executed on the host which acts as a fence proxy (if you 
>>>> have multiple hosts, then you would need to turn on debug on all, because 
>>>> the fence proxy is selected randomly).
>>>>
>>>> Once we will have vdsm.log with fence_xvm execution details, then you can 
>>>> change log level to INFO again by running:
>>>>
>>>> I had to set engine-config -s CustomFenceAgentMapping="fence_xvm=xvm"
>>> at engine, as it seems the host prepends fence_.
>>> After that I got the following at the proxy host with DEBUG enabled:
>>>
>>> 2020-12-15 10:51:57,891+ DEBUG (jsonrpc/7) [jsonrpc.JsonRpcServer]
>>> Calling 'Host.fenceNode' in bridge with {u'username': u'root', u'addr':
>>> u'225.0.0.12', u'agent': u'xvm', u'options': u'port=ovirt-node0',
>>> u'action': u'status', u'password': '', u'port': u'0'} (__init__:329)
>>> 2020-12-15 10:51:57,892+ DEBUG (jsonrpc/7) [root] /usr/bin/taskset
>>> --cpu-list 0-3 /usr/sbin/fence_xvm (cwd None) (commands:198)
>>> 2020-12-15 10:51:57,911+ INFO  (jsonrpc/7) [jsonrpc.JsonRpcServer]
>>> RPC call Host.fenceNode failed (error 1) in 0.02 seconds (__init__:312)
>>> 2020-12-15 10:51:58,339+ DEBUG (jsonrpc/5) [jsonrpc.JsonRpcServer]
>>> Calling 'Host.fenceNode' in bridge with {u'username': u'root', u'addr':
>>> u'225.0.0.12', u'agent': u'xvm', u'options': u'port=ovirt-node0',
>>> u'action': u'status', u'password': '', u'port': u'0'} (__init__:329)
>>>
>>
Yes, that's the most probable issue. Eli, do we have a way to prevent
passing default port value 0 for custom fence agent?

> 2020-12-15 10:51:58,340+ DEBUG (jsonrpc/5) [root] /usr/bin/taskset
>>> --cpu-list 0-3 /usr/sbin/fence_xvm (cwd None) (commands:198)
>>> 2020-12-15 10:51:58,356+ INFO  (jsonrpc/5) [jsonrpc.JsonRpcServer]
>>> RPC call Host.fenceNode failed (error 1) in 0.01 seconds (__init__:312
>>>
>>> while at engine at got:
>>> 2020-12-15 10:51:57,873Z INFO
>>>  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>>> (default task-5) [a4f30921-37a9-45c1-97e5-26152f844d72] EVENT_ID:
>>> FENCE_OPERATION_USING_AGENT_AND_PROXY_STARTED(9,020), Executing power
>>> management status on Host kvm0.lab.local using Proxy Host kvm1.lab.local
>>> and Fence Agent xvm:225.0.0.1

[ovirt-users] Re: fence_xvm for testing

2020-12-15 Thread Martin Perina
On Tue, Dec 15, 2020 at 11:18 AM Alex K  wrote:

>
>
> On Tue, Dec 15, 2020 at 11:59 AM Martin Perina  wrote:
>
>> Hi,
>>
>> could you please provide engine.log? And also vdsm.log from a host which
>> was acting as a fence proxy?
>>
>
> At proxy host (kvm1) I see the following vdsm.log:
>
> 2020-12-15 10:13:03,933+ INFO  (jsonrpc/0) [jsonrpc.JsonRpcServer] RPC
> call Host.fenceNode failed (error 1) in 0.01 seconds (__init__:312)
> 2020-12-15 10:13:04,376+ INFO  (jsonrpc/7) [jsonrpc.JsonRpcServer] RPC
> call Host.fenceNode failed (error 1) in 0.01 seconds (__init__:312)
>

Isn't there stdout and stderr content of fence_xvm execution a few lines
above, which should reveal the exact error? If not, then could you please
turn on debug logging using below command:

vdsm-client Host setLogLevel level=DEBUG

This should be executed on the host which acts as a fence proxy (if
you have multiple hosts, then you would need to turn on debug on all,
because the fence proxy is selected randomly).

Once we will have vdsm.log with fence_xvm execution details, then you
can change log level to INFO again by running:

vdsm-client Host setLogLevel level=INFO

Thanks,

Martin

2020-12-15 10:13:06,722+ INFO  (jsonrpc/4) [api.host] FINISH getStats
> return={'status': {'message': 'Done', 'code': 0}, 'info': {'cpuStatistics':
> {'1': {'cpuUser': '2.33', 'nodeIndex': 0, 'cpuSys': '1.13', 'cpuIdle':
> '96.54'}, '0': {'cpuUser': '1.66', 'nodeIndex': 0, 'cpuSys': '0.47',
> 'cpuIdle': '97.87'}, '3': {'cpuUser': '0.73', 'nodeIndex': 0, 'cpuSys':
> '0.60', 'cpuIdle': '98.67'}, '2': {'cpuUser': '1.20', 'nodeIndex': 0,
> 'cpuSys': '0.40', 'cpuIdle': '98.40'}}, 'numaNodeMemFree': {'0':
> {'memPercent': 14, 'memFree': '8531'}}, 'memShared': 0, 'haScore': 3400,
> 'thpState': 'always', 'ksmMergeAcrossNodes': True, 'vmCount': 0, 'memUsed':
> '8', 'storageDomains': {u'b4d25e5e-7806-464f-b2e1-4d4ab5a54dee': {'code':
> 0, 'actual': True, 'version': 5, 'acquired': True, 'delay': '0.0027973',
> 'lastCheck': '2.7', 'valid': True},
> u'dc4d507b-954f-4da6-bcc3-b4f2633d0fa1': {'code': 0, 'actual': True,
> 'version': 5, 'acquired': True, 'delay': '0.00285824', 'lastCheck': '5.7',
> 'valid': True}}, 'incomingVmMigrations': 0, 'network': {'ovirtmgmt':
> {'rxErrors': '0', 'txErrors': '0', 'speed': '1000', 'rxDropped': '149',
> 'name': 'ovirtmgmt', 'tx': '2980375', 'txDropped': '0', 'duplex':
> 'unknown', 'sampleTime': 1608027186.703727, 'rx': '27524740', 'state':
> 'up'}, 'lo': {'rxErrors': '0', 'txErrors': '0', 'speed': '1000',
> 'rxDropped': '0', 'name': 'lo', 'tx': '1085188922', 'txDropped': '0',
> 'duplex': 'unknown', 'sampleTime': 1608027186.703727, 'rx': '1085188922',
> 'state': 'up'}, 'ovs-system': {'rxErrors': '0', 'txErrors': '0', 'speed':
> '1000', 'rxDropped': '0', 'name': 'ovs-system', 'tx': '0', 'txDropped':
> '0', 'duplex': 'unknown', 'sampleTime': 1608027186.703727, 'rx': '0',
> 'state': 'down'}, ';vdsmdummy;': {'rxErrors': '0', 'txErrors': '0',
> 'speed': '1000', 'rxDropped': '0', 'name': ';vdsmdummy;', 'tx': '0',
> 'txDropped': '0', 'duplex': 'unknown', 'sampleTime': 1608027186.703727,
> 'rx': '0', 'state': 'down'}, 'br-int': {'rxErrors': '0', 'txErrors': '0',
> 'speed': '1000', 'rxDropped': '0', 'name': 'br-int', 'tx': '0',
> 'txDropped': '0', 'duplex': 'unknown', 'sampleTime': 1608027186.703727,
> 'rx': '0', 'state': 'down'}, 'eth1': {'rxErrors': '0', 'txErrors': '0',
> 'speed': '1000', 'rxDropped': '0', 'name': 'eth1', 'tx': '83685154',
> 'txDropped': '0', 'duplex': 'unknown', 'sampleTime': 1608027186.703727,
> 'rx': '300648288', 'state': 'up'}, 'eth0': {'rxErrors': '0', 'txErrors':
> '0', 'speed': '1000', 'rxDropped': '0', 'name': 'eth0', 'tx': '2980933',
> 'txDropped': '0', 'duplex': 'unknown', 'sampleTime': 1608027186.703727,
> 'rx': '28271472', 'state': 'up'}}, 'txDropped': '149', 'anonHugePages':
> '182', 'ksmPages': 100, 'elapsedTime': '5717.99', 'cpuLoad': '0.42',
> 'cpuSys': '0.63', 'diskStats': {'/var/log': {'free': '16444'},
> '/var/run/vdsm/': {'free': '4909'}, '/tmp': {'free': '16444'}},
> 'cpuUserVdsmd': '1.33', 'netConfigDirty': 'False', 'memCommitted': 0,
> 'ksmState': False, 'vmMigrating': 0, 'ksmCpu': 0, 'memAvailable': 9402,
> 'bootTime': '1608021428', 'haStats': {'active': True, 'configured': True,
> 'score': 3400, 'localMaintenance': False, 'globalMaintenance': True},
> 'momStatus': 'active', 'multipathHealth': {}, 'rxDropped': '0',
> 'outgoingVmMigrations': 0, 'swapTotal': 6015, 'swapFree': 6015,
> 'hugepages': defaultdict(, {1048576: {'resv_hugepages': 0,
> 'free_hugepages': 0, 'nr_overcommit_hugepages': 0, 'surplus_hugepages': 0,
> 'vm.free_hugepages': 0, 'nr_hugepages': 0, 'nr_hugepages_mempolicy': 0},
> 2048: {'resv_hugepages': 0, 'free_hugepages': 0, 'nr_overcommit_hugepages':
>

[ovirt-users] Re: fence_xvm for testing

2020-12-15 Thread Martin Perina
1495d75759] EVENT_ID:
>>> VDS_ALERT_FENCE_TEST_FAILED(9,001), Power Management test failed for Host
>>> kvm0.lab.local.Internal JSON-RPC error
>>> 2020-12-14 08:53:48,582Z INFO
>>>  [org.ovirt.engine.core.vdsbroker.vdsbroker.FenceVdsVDSCommand] (default
>>> task-4) [07c1d540-6d8d-419c-affb-181495d75759] FINISH, FenceVdsVDSCommand,
>>> return: FenceOperationResult:{status='ERROR', powerStatus='UNKNOWN',
>>> message='Internal JSON-RPC error'}, log id: 8607bc9
>>> 2020-12-14 08:53:48,637Z WARN
>>>  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>>> (default task-4) [07c1d540-6d8d-419c-affb-181495d75759] EVENT_ID:
>>> FENCE_OPERATION_USING_AGENT_AND_PROXY_FAILED(9,021), Execution of power
>>> management status on Host kvm0.lab.local using Proxy Host kvm1.lab.local
>>> and Fence Agent fence_xvm:225.0.0.12 failed.
>>>
>>>
>>> Any idea?
>>>
>>> Thanx,
>>> Alex
>>>
>>>
>>> ___
>>> Users mailing list -- users@ovirt.org
>>> To unsubscribe send an email to users-le...@ovirt.org
>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>>> oVirt Code of Conduct:
>>> https://www.ovirt.org/community/about/community-guidelines/
>>> List Archives:
>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/B7IHC4MYY5LJFJMEJMLRRFSTMD7IK23I/
>>>
>> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/MV3RI22LE4C57R6TUQR5BG3LVZUVWRNX/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/HMDTM5EKBU3KCA5SB7HOZEPSX7LABM4M/


[ovirt-users] Re: sshd_config AuthorizedKeysFile

2020-11-12 Thread Martin Perina
Hi,

could you please try if ssh-copy-id works with your non-standard sshd
configuration? Because last time I've checked I haven't noticed that
behavior and keys were always added to $HOME/.ssh/authorized_keys

So feel free to create a bug for that, but up until now you are the first
user using this non-standard configuration ...

Regards,
Martin

On Thu, Nov 12, 2020 at 9:00 AM Angus Clarke  wrote:

> Hello
>
> Sharing for anyone who needs it, this was carried out on OL7, they use
> ovirt 4.3
>
> In short: both the hosted-engine deployment routine and the host add to
> cluster routine distribute public ssh keys to /root/.ssh/authorized_keys
> regardless of the AuthorizedKeysFile setting in /etc/ssh/sshd_config. Both
> routines fail if AuthorizedKeysfile is not default.
>
>
> The hosted-engine setup assumes AuthorizedKeysFile to be default
> (~/.ssh/authorized_keys) and creates a public key there, instead of
> following the sshd_config directive. The setup fails on the back of this.
>
> Once I commented this out of sshd_config file (assumes default) and
> restarted sshd on the KVM host that was running the hosted-engine
> deployment, the hosted-engine setup completed successfully.
>
>
> Similarly, I could not deploy a second KVM host to the compute cluster
> until I had altered this setting on that 2nd KVM host - presumably that
> process has some similar routine that unwittingly writes keys to
> ~/.ssh/authorized_keys.
>
> HTH
> Angus
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/UMJ4Y622RALUU6QKPNREYS43BP324ODT/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SLVELKKOY5C5LWTP3FD6CI3VPRHNC226/


[ovirt-users] Re: Dependencies failure when upgrading from version 4.4.2 to 4.4.3

2020-11-11 Thread Martin Perina
Hi,

We already have https://bugzilla.redhat.com/show_bug.cgi?id=1896799 open to
track this issue. Could you please to upgrade your standalone engine using
below steps?

  # dnf update ovirt\*setup\* --nobest
  # engine-setup
  # dnf update --nobest
  # reboot

If engine upgrade is successful, could you please upgrade yours hosts from
webadmin using below steps?

1. Move the host to Maintenance
2. Execute Check for Update
3. Execute Upgrade

Manual upgrade of host using command line has been deprecated, because
manual steps are missing important parts (for example renewal of
certificates close to expiration date)

Thanks,
Martin



On Wed, Nov 11, 2020 at 7:47 PM  wrote:

> When I update the Engine and Host, many dependencies are missing, as shown
> by the host error log:
>
> Error:
>  Problem 1: package ovirt-hosted-engine-setup-2.4.6-1.el8.noarch requires
> ovirt-ansible-engine-setup >= 1.1.9, but none of the providers can be
> installed
>   - package ovirt-ansible-collection-1.2.1-1.el8.noarch obsoletes
> ovirt-ansible-engine-setup provided by
> ovirt-ansible-engine-setup-1.2.4-1.el8.noarch
>   - cannot install the best update candidate for package
> ovirt-hosted-engine-setup-2.4.6-1.el8.noarch
>   - cannot install the best update candidate for package
> ovirt-ansible-engine-setup-1.2.4-1.el8.noarch
>  Problem 2: package ovirt-host-4.4.1-4.el8.x86_64 requires
> ovirt-hosted-engine-setup, but none of the providers can be installed
>   - package ovirt-hosted-engine-setup-2.4.6-1.el8.noarch requires
> ovirt-ansible-hosted-engine-setup >= 1.0.34, but none of the providers can
> be installed
>   - package ovirt-ansible-collection-1.2.1-1.el8.noarch obsoletes
> ovirt-ansible-hosted-engine-setup provided by
> ovirt-ansible-hosted-engine-setup-1.1.8-1.el8.noarch
>   - cannot install the best update candidate for package
> ovirt-host-4.4.1-4.el8.x86_64
>   - cannot install the best update candidate for package
> ovirt-ansible-hosted-engine-setup-1.1.8-1.el8.noarch
>   - package ovirt-ansible-hosted-engine-setup-1.1.4-1.el8.noarch is
> filtered out by exclude filtering
>   - package ovirt-ansible-hosted-engine-setup-1.1.5-1.el8.noarch is
> filtered out by exclude filtering
>   - package ovirt-ansible-hosted-engine-setup-1.1.6-1.el8.noarch is
> filtered out by exclude filtering
>   - package ovirt-ansible-hosted-engine-setup-1.1.7-1.el8.noarch is
> filtered out by exclude filtering
>   - package ovirt-hosted-engine-setup-2.4.4-1.el8.noarch is filtered out
> by exclude filtering
>   - package ovirt-hosted-engine-setup-2.4.5-1.el8.noarch is filtered out
> by exclude filtering
>   - package ovirt-hosted-engine-setup-2.4.7-1.el8.noarch is filtered out
> by exclude filtering
>   - package ovirt-hosted-engine-setup-2.4.8-1.el8.noarch is filtered out
> by exclude filtering
> (try to add '--skip-broken' to skip uninstallable packages or '--nobest'
> to use not only best candidate packages)
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/W4MLIPGT7CJQVZRFRE2MPJ7VTIZAYYEH/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RHO2UEP573D2AXGQKBPI4CRZBFEX4QPZ/


[ovirt-users] Re: Engine update error from 4.4.2 to 4.4.3

2020-11-11 Thread Martin Perina
Hi,
Could you please try to upgrade from 4.4.2 to 4.4.3 using below steps:

  # dnf update ovirt\*setup\* --nobest
  # engine-setup
  # dnf update --nobest
  # reboot

Thanks,
Martin

On Wed, Nov 11, 2020 at 4:32 PM Gianluca Cecchi 
wrote:

> On Wed, Nov 11, 2020 at 4:12 PM shadow emy  wrote:
>
>> Hello
>>
>> I have updated only the engine first using bellow command and could
>> proceed with the update.
>>
>> dnf update ovirt-engine-setup ovirt-engine-setup-plugin-websocket-proxy
>> ovirt-engine-dwh-setup ovirt-engine-dwh-grafana-integration-setup
>>
>> engine-setup
>>
>>
>> "  yum update ovirt\*setup\* "   --  did not work and had the same error
>> as you
>>
>>
> Thanks for the info.
> Were you then able to run "yum update" on engine without dependency errors?
>
> Can you please add the info into the bugzilla link I provided for this,
> thanks
>
> Gianluca
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/EH4HUAO6SCZCBYF3FEAAYULFHSXU22EI/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/URVPDRH6MR25DONZQ7IFM722SSS7X2QN/


[ovirt-users] Re: Engine update error from 4.4.2 to 4.4.3

2020-11-11 Thread Martin Perina
Hi Gianluca,

could you please file a bug for that? No idea how we could miss such a
blocker :-(

Thanks,
Martin


On Wed, Nov 11, 2020 at 2:46 PM Gianluca Cecchi 
wrote:

> On Wed, Nov 11, 2020 at 2:02 PM Gilboa Davara  wrote:
> [snip]
>
>
>> $ yum update ovirt\*setup\*
>> Last metadata expiration check: 1:50:00 ago on Wed 11 Nov 2020 01:03:00
>> PM IST.
>>
>>
> ??
> Does it mean you too or what?
> Please, words are (still) free so you can use some more... ;-)
>
> Gianluca
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/P433UJQSTT3X2R7AG3SM345XY2WXE6VN/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QNUU3GVYLO47KC6GGSDV4VWJTCTRHHGU/


[ovirt-users] Re: problems installing standard Linux as nodes in 4.4

2020-10-27 Thread Martin Perina
Hi Gianluca,

happy to hear that your issue was fixed!

Just please be aware that iptables support for hosts has been deprecated
and it's completely unsupported for cluster levels 4.4 and up. So unless
you switch your cluster to firewalld, you will not be able to upgrade your
cluster to 4.4 version. You can take a look at documentation how to prepare
custom firewall rules for firewalld:

https://www.ovirt.org/documentation/administration_guide/#Configuring_Host_Firewall_Rules

Regards,
Martin


On Mon, Oct 26, 2020 at 7:22 PM Gianluca Cecchi 
wrote:

> On Thu, Oct 15, 2020 at 12:25 PM Gianluca Cecchi <
> gianluca.cec...@gmail.com> wrote:
>
>> On Thu, Oct 15, 2020 at 10:41 AM Gianluca Cecchi <
>> gianluca.cec...@gmail.com> wrote:
>>
>>>
>>>
>>> Any feedback on my latest comments?
>>> In the meantime here:
>>>
>>> https://drive.google.com/file/d/1iN37znRtCo2vgyGTH_ymLhBJfs-2pWDr/view?usp=sharing
>>> you can find inside the sosreport in tar.gz format, where I have
>>> modified some file names and context in respect of hostnames.
>>> The only file I have not put inside is the dump of the database, but I
>>> can run any query you like in case.
>>>
>>> Gianluca
>>>
>>>
>>
>> I have also tried to put debug into the engine.
>>
>>
> So after huge debugging work with Dana Elfassy and Martin Necas (thank you
> very much to both!) and coordination of Sandro we found the culprit!
>
> Inside firewall custom rules of my engine I had this (note the double
> quotes for the comment about Nagios):
>
> [root@ovmgr1 ovirt-engine]# engine-config -g IPTablesConfigSiteCustom
> IPTablesConfigSiteCustom: -A INPUT -p tcp --dport 5666 -s 10.4.5.99/32 -m
> comment --comment "Nagios NRPE daemon" -j ACCEPT version: general
> [root@ovmgr1 ovirt-engine]#
>
> So those double quotes  caused a wrong formatted json block that
> ansible-runner-service was not able to manage in the http post phase
>
> After changing with single quotes, with this command:
>
> engine-config -s IPTablesConfigSiteCustom="-A INPUT -p tcp --dport 5666 -s
> 10.4.5.99/32 -m comment --comment 'Nagios NRPE daemon' -j ACCEPT"
>
> and restarting the engine so that now I have
>
> [root@ovmgr1 ovirt-engine]# engine-config -g IPTablesConfigSiteCustom
> IPTablesConfigSiteCustom: -A INPUT -p tcp --dport 5666 -s 10.4.5.99/32 -m
> comment --comment 'Nagios NRPE daemon' -j ACCEPT version: general
> [root@ovmgr1 ovirt-engine]#
>
> I was able to add the CentOS 8.2 host.
> So mind if you have the double quotes in any engine-config key before
> upgrading from 4.3 to 4.4.
>
> What a nasty thing to detect...
> Thanks again guys for your help
>
> Gianluca
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QJI6BLUQ43N7RYGEUAPVWKXYOSKY4AVZ/


[ovirt-users] Re: problems installing standard Linux as nodes in 4.4

2020-10-10 Thread Martin Perina
On Sat, 10 Oct 2020, 01:24 Gianluca Cecchi, 
wrote:

> On Fri, Oct 9, 2020 at 7:12 PM Martin Perina  wrote:
>
>>
>>
>> Could you please share with us all logs from engine gathered by
>> logcollector? We will try to find out any clue what's wrong in your env ...
>>
>> Thanks,
>> Martin
>>
>>
> I will try to collect.
> In the mean time I've found that SSH could be in some way involved
>
> When I add the host and get the immediate failure and apparently nothing
> happens at all,  I see these two lines in /var/log/ovirt-engine/server.log
>
> 2020-10-09 18:15:09,369+02 WARN
>  [org.apache.sshd.client.session.ClientConnectionService]
> (sshd-SshClient[7cb54873]-nio2-thread-1)
> globalRequest(ClientConnectionService[ClientSessionImpl[root@ov200
> /10.4.192.32:22]])[hostkeys...@openssh.com, want-reply=false] failed
> (SshException) to process: EdDSA provider not supported
> 2020-10-09 18:15:09,699+02 WARN
>  [org.apache.sshd.client.session.ClientConnectionService]
> (sshd-SshClient[2cbceeab]-nio2-thread-1)
> globalRequest(ClientConnectionService[ClientSessionImpl[root@ov200
> /10.4.192.32:22]])[hostkeys...@openssh.com, want-reply=false] failed
> (SshException) to process: EdDSA provider not supported
>

This harmless, AFAIK EdDSA is not supported by default in OpenJDK 11 and
engine uses only ssh-rsa and ssh-rsa2 anyway


> could it be that the ssh client embedded is not able to connect to the
> CentOS 8.2 for some reason?
>

If that's the case we should see an error either in engine.log or
ansible-runner-service.log


> On host at the moment when I try to add it I see again two sessions opened
> and immediately closed (tried several times), eg in the timeframe above I
> have:
>
> Oct  9 18:15:09 ov200 systemd-logind[1237]: New session 41 of user root.
> Oct  9 18:15:09 ov200 systemd[1]: Started Session 41 of user root.
> Oct  9 18:15:09 ov200 systemd-logind[1237]: Session 41 logged out. Waiting
> for processes to exit.
> Oct  9 18:15:09 ov200 systemd-logind[1237]: Removed session 41.
> Oct  9 18:15:09 ov200 systemd-logind[1237]: New session 42 of user root.
> Oct  9 18:15:09 ov200 systemd[1]: Started Session 42 of user root.
> Oct  9 18:15:09 ov200 systemd-logind[1237]: Session 42 logged out. Waiting
> for processes to exit.
> Oct  9 18:15:09 ov200 systemd-logind[1237]: Removed session 42.
>
> anyway at sshd service level it seems it is ok om the host:
>
> journalctl -u sshd.service has
>
> Oct 09 18:15:09 ov200 sshd[13379]: Accepted password for root from
> 10.4.192.43 port 46008 ssh2
> Oct 09 18:15:09 ov200 sshd[13379]: pam_unix(sshd:session): session opened
> for user root by (uid=0)
> Oct 09 18:15:09 ov200 sshd[13379]: pam_unix(sshd:session): session closed
> for user root
> Oct 09 18:15:09 ov200 sshd[13398]: Accepted password for root from
> 10.4.192.43 port 46014 ssh2
> Oct 09 18:15:09 ov200 sshd[13398]: pam_unix(sshd:session): session opened
> for user root by (uid=0)
> Oct 09 18:15:09 ov200 sshd[13398]: pam_unix(sshd:session): session closed
> for user root
>
> On the host I have not customized anything ssh related:
>
> [root@ov200 ssh]# ps -ef|grep sshd
> root1274   1  0 Oct08 ?00:00:00 /usr/sbin/sshd -D
> -oCiphers=aes256-...@openssh.com,chacha20-poly1...@openssh.com
> ,aes256-ctr,aes256-cbc,aes128-...@openssh.com,aes128-ctr,aes128-cbc
> -oMACs=hmac-sha2-256-...@openssh.com,hmac-sha1-...@openssh.com,
> umac-128-...@openssh.com,hmac-sha2-512-...@openssh.com
> ,hmac-sha2-256,hmac-sha1,umac-...@openssh.com,hmac-sha2-512
> -oGSSAPIKexAlgorithms=gss-gex-sha1-,gss-group14-sha1-
> -oKexAlgorithms=curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
> -oHostKeyAlgorithms=rsa-sha2-256,rsa-sha2-256-cert-...@openssh.com
> ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-...@openssh.com
> ,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-...@openssh.com
> ,rsa-sha2-512,rsa-sha2-512-cert-...@openssh.com,ecdsa-sha2-nistp521,
> ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-ed25519,
> ssh-ed25519-cert-...@openssh.com,ssh-rsa,ssh-rsa-cert-...@openssh.com
> -oPubkeyAcceptedKeyTypes=rsa-sha2-256,rsa-sha2-256-cert-...@openssh.com
> ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-...@openssh.com
> ,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-...@openssh.com
> ,rsa-sha2-512,rsa-sha2-512-cert-...@openssh.com,ecdsa-sha2-nistp521,
> ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-ed25519,
> ssh-ed25519-cert-...@openssh.com,ssh-rsa,ssh-rsa-cert-...@openssh.com
> -oCASignatureAlgorithms=r

[ovirt-users] Re: problems installing standard Linux as nodes in 4.4

2020-10-09 Thread Martin Perina
On Fri, Oct 9, 2020 at 6:47 PM Gianluca Cecchi 
wrote:

>
>
> On Fri, Oct 9, 2020 at 6:29 PM Martin Perina  wrote:
>
>>
>>
>> On Fri, Oct 9, 2020 at 5:54 PM Gianluca Cecchi 
>> wrote:
>>
>>> On Fri, Oct 9, 2020 at 4:58 PM Martin Perina  wrote:
>>>
>>>> Hi Gianluca,
>>>>
>>>> could you please check selinux context of
>>>> /var/log/ovirt-engine/ansible-runner-service.log to see if you are not
>>>> affected by https://bugzilla.redhat.com/show_bug.cgi?id=1880171#c5 ?
>>>>
>>>> Thanks,
>>>> Martin
>>>>
>>>
>>> Thanks for answering.
>>> It seems ok. On the engine:
>>> [root@ovmgr1 ~]# ls -Z /var/log/ovirt-engine/ansible-runner-service.log
>>> system_u:object_r:httpd_log_t:s0
>>> /var/log/ovirt-engine/ansible-runner-service.log
>>> [root@ovmgr1 ~]#
>>>
>>> Gianluca
>>>
>>
>> OK, so could you please apply the workaround mentioned in
>> https://bugzilla.redhat.com/show_bug.cgi?id=1880171#c5 to resolve the
>> issue until oVirt 4.4.3 is released?
>>
>>
> Sorry, but isn't it already ok? The SELinux security context for the file
> is already httpd_log_t, so I don't have to apply anything.
> I also applied the more brutal workaround described in
> https://bugzilla.redhat.com/show_bug.cgi?id=1880171#c4 without any
> effect, so I'm not in this bugzilla context.
> Do I have to apply also for the directory /var/log/ovirt-engine itself,
> that currently has a context of var_log_t? I don't think so...
>

Ahh, sorry, I've misunderstood your reply, I thought you replied you are
affected.

Could you please share with us all logs from engine gathered by
logcollector? We will try to find out any clue what's wrong in your env ...

Thanks,
Martin


> Gianluca
>
>
>

-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FM4AGM2OYTXAJCBZLGYJ7MAL7J2IKGCB/


[ovirt-users] Re: problems installing standard Linux as nodes in 4.4

2020-10-09 Thread Martin Perina
On Fri, Oct 9, 2020 at 5:54 PM Gianluca Cecchi 
wrote:

> On Fri, Oct 9, 2020 at 4:58 PM Martin Perina  wrote:
>
>> Hi Gianluca,
>>
>> could you please check selinux context of
>> /var/log/ovirt-engine/ansible-runner-service.log to see if you are not
>> affected by https://bugzilla.redhat.com/show_bug.cgi?id=1880171#c5 ?
>>
>> Thanks,
>> Martin
>>
>
> Thanks for answering.
> It seems ok. On the engine:
> [root@ovmgr1 ~]# ls -Z /var/log/ovirt-engine/ansible-runner-service.log
> system_u:object_r:httpd_log_t:s0
> /var/log/ovirt-engine/ansible-runner-service.log
> [root@ovmgr1 ~]#
>
> Gianluca
>

OK, so could you please apply the workaround mentioned in
https://bugzilla.redhat.com/show_bug.cgi?id=1880171#c5 to resolve the issue
until oVirt 4.4.3 is released?


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7EKVKRO3CPQLHYI6FEC6BTAVJWNYRZZ2/


[ovirt-users] Re: problems installing standard Linux as nodes in 4.4

2020-10-09 Thread Martin Perina
Hi Gianluca,

could you please check selinux context of
/var/log/ovirt-engine/ansible-runner-service.log to see if you are not
affected by https://bugzilla.redhat.com/show_bug.cgi?id=1880171#c5 ?

Thanks,
Martin


On Fri, Oct 9, 2020 at 4:45 PM Gianluca Cecchi 
wrote:

> On Thu, Oct 8, 2020 at 5:13 PM Gianluca Cecchi 
> wrote:
>
>>
>>
>> On Thu, Oct 8, 2020 at 5:08 PM Gianluca Cecchi 
>> wrote:
>>
>>> On Thu, Oct 8, 2020 at 4:59 PM Dana Elfassy  wrote:
>>>
>>>> And also please attach the content of the file found at:
>>>> /etc/ansible-runner-service/config.yaml
>>>>
>>>> On Thu, Oct 8, 2020 at 5:55 PM Dana Elfassy 
>>>> wrote:
>>>>
>>>>> Hi Gianluca,
>>>>> Please execute the following command on your engine, save the output
>>>>> into a file and attach it:
>>>>> sudo journalctl -u ansible-runner-service
>>>>> Dana
>>>>>
>>>>>
>>> Thanks for answering, Dana.
>>>
>>>  [root@ovmgr1 ansible-runner-service]# sudo journalctl -u
>>> ansible-runner-service
>>> -- Logs begin at Tue 2020-10-06 11:12:46 CEST, end at Thu 2020-10-08
>>> 17:02:25 CEST. --
>>> -- No entries --
>>> [root@ovmgr1 ansible-runner-service]#
>>>
>>>
>>> [root@ovmgr1 ansible-runner-service]# cat
>>> /etc/ansible-runner-service/config.yaml
>>>
>>> version: 1
>>> playbooks_root_dir:
>>> '/usr/share/ovirt-engine/ansible-runner-service-project'
>>> ssh_private_key: '/etc/pki/ovirt-engine/keys/engine_id_rsa'
>>> port: 50001
>>> target_user: root
>>> log_path: '/var/log/ovirt-engine'
>>> [root@ovmgr1 ansible-runner-service]#
>>>
>>> I noticed that both on engine and on host the "ansible-runner" package
>>> is not installed. Is it correct and only ansible-runner-service package to
>>> be installed only on the engine?
>>> Also, does the "service" in the name imply that I should have any
>>> systemd or other kind of related service on engine?
>>> Finally, I have to use a proxy for dnf/yum.
>>> To be able to run "engine-setup" on engine I had to set http_proxy and
>>> https_proxy eng variables inside the shell session, because it seems that
>>> engine-setup was not able to leverage the global configuration. Could it be
>>> something similar due to the host having to use a proxy too (that I already
>>> setup in /etc/dnf/dnf.conf)? Just a guess.
>>>
>>> Gianluca
>>>
>>
>> Also, the host already existed in 4.3. I upgraded the standalone engine
>> from 4.3.10 to 4.4.2 following the guide.
>> Now to update my hosts I put a host into maintenance, removed the host
>> from the gui, reinstalled the server in CentOS 8.2 with same network
>> parameters, and then add new host with the same name/hostname as before.
>> Could it be a problem to reuse the host?
>>
>> Gianluca
>>
>
> Any other thing to check to be able to provision a node in 4.4.2 using
> plain CentOS 8.2 host?
> Thanks,
> Gianluca
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/AJN3ENCAXNCTGWD4AXGCXQQEE6KOSXDN/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FSCB3N3KZLBV2RGWEOXAJZBMBK3A2RTY/


[ovirt-users] Re: Upgrade oVirt from 4.3.10 to 4.4.2 and AD users

2020-10-06 Thread Martin Perina
Hi Gianluca,

There is a bug in the documentation. Configuration of all oVirt engine
extensions is included in 4.3 backup, these configuration files are
properly restored and upgraded during engine-setup execution:
https://bugzilla.redhat.com/show_bug.cgi?id=1814212
So further action around extension configuration is needed.

Regards,
Martin

On Tue, Oct 6, 2020 at 3:17 PM Gianluca Cecchi 
wrote:

> Hello,
> I'm upgrading a standalone engine with local database and with 3 hosts
> from oVirt 4.3.10 to 4.4.2 and I'm cross checking both oVirt and RHV
> documents.
> In my oVirt environment I have integration with AD for web admin access.
>
> Inside RHV upgrade guide docs there is this statement regarding manager
> upgrade:
> "
> Install optional extension packages if they were installed on the Red Hat
> Virtualization Manager 4.3 machine.
> # yum install ovirt-engine-extension-aaa-ldap
> ovirt-engine-extension-aaa-misc ovirt-engine-extension-logger-log4j
> NOTE
> The configuration for these package extensions must be manually reapplied
> because they are not migrated as part of the backup and restore process.
> "
>
> In my case I had ovirt-engine-extension-aaa-ldap and
> ovirt-engine-extension-aaa-misc installed on 4.3.10.
> So after "engine-backup --mode=restore " command I executed:
>
> [root@ovmgr1 ~]# yum install ovirt-engine-extension-aaa-ldap
> ovirt-engine-extension-aaa-misc
> Last metadata expiration check: 0:01:11 ago on Tue 06 Oct 2020 11:23:04 AM
> CEST.
> Dependencies resolved.
>
> ==
>  Package  ArchVersion Repository
>   Size
>
> ==
> Installing:
>  ovirt-engine-extension-aaa-ldap  noarch  1.4.1-1.el8 ovirt-4.4
>   127 k
>  ovirt-engine-extension-aaa-misc  noarch  1.1.0-1.el8 ovirt-4.4
>37 k
> Installing dependencies:
>  unboundid-ldapsdknoarch  4.0.14-2.el8
>  ovirt-4.4-centos-ovirt44  4.0 M
>
> Transaction Summary
>
> ==
> Install  3 Packages
>
> Total download size: 4.2 M
> Installed size: 4.5 M
>
> and followed the next upgrade flow steps.
> After finishing the engine upgrade with the "engine-setup" step, it seems
> actually that I can still connect to my engine with my AD accounts, so that
> I don't have to do any manual step described...
>
> Does it match any one other experience?
>
> Gianluca
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/WBQDOZM4PUWJJQ4TBRU33OSLPWVKXDLQ/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SOLX5Y4GMUZZX56UNDEAYLXQFHOSOVER/


[ovirt-users] Re: oVirt Node 4.4.2 is now generally available

2020-10-06 Thread Martin Perina
Hi Gianluca,

please see my replies inline

On Tue, Oct 6, 2020 at 11:37 AM Gianluca Cecchi 
wrote:

> On Tue, Oct 6, 2020 at 11:25 AM Martin Perina  wrote:
>
>>
>>> You say to drive a command form the engine that is a VM that runs inside
>>> the host, but ask to shutdown VMs running on host before...
>>> This is a self hosted engine composed by only one single host.
>>> Normally I would use the procedure from the engine web admin gui, one
>>> host at a time, but with single host it is not possible.
>>>
>>
>> We have said several times, that it doesn't make sense to use oVirt on a
>> single host system. So you either need to attach 2nd host to your setup
>> (preferred) or shutdown all VMS and run manual upgrade of your host OS
>>
>>
> We who
>

So I've spent the past hour deeply investigating our upstream documentation
and you are right, we don't have any clear requirements about the minimal
number of hosts in upstream oVirt documentation.
But here are the facts:

1. To be able to upgrade a host either from UI/RESTAPI or manually using
SSH, the host always needs to be in Maintenance:

https://www.ovirt.org/documentation/administration_guide/#Updating_a_host_between_minor_releases

2. To perform Reinstall or Enroll certificate of a host, the host needs to
be in Maintenance mode

https://www.ovirt.org/documentation/administration_guide/#Reinstalling_Hosts_admin

3. When host is in Maintenance mode, there are no oVirt managed VMs running
on it

https://www.ovirt.org/documentation/administration_guide/#Moving_a_host_to_maintenance_mode

4. When engine is not running (either stopped or crashed), VMs running on
hypervisor hosts are unaffected (meaning they are running independently on
engine), but they are pretty much "pinned to the host they are running on"
(for example VMs cannot be migrated or started/stopped (of course you can
stop this VM from within) without running engine)

So just using above facts here are logical conclusions:

1. Standalone engine installation with only one hypervisor host
- this means that engine runs on bare metal hosts (for example
engine.domain.com) and single hypervisor host is managed by it (for example
host1.domain.com)
- in this case scenario administrator is able to perform all
maintenance task (even though at the cost that VMs running on hypervisor
need to be stopped before switching to Maintenance mode),
  because engine is running independently on hypervisor

2. Hosted engine installation with one hypervisor hosts
- this means that engine runs as a VM (for example engine.domain.com)
inside a single hypervisor host, which is managed by it (for example
host1.domain.com)
- in this scenario maintenance of the host is very limited:
- you cannot move the host to Maintenance, because hosted engine VM
cannot be migrated outside a host
- you can perform global Maintenance and the probably manually stop
hosted engine VM, but then you don't have engine to be able to perform
maintenance tasks (for example, Upgrade, Reinstall or Enroll certificates)

But in both above use cases you cannot use the biggest oVirt advantage and
that's a shared storage among hypervisor hosts, which allows you to perform
live migration of VMs. And thanks to that feature you can perform
maintenance tasks on the host(s) without interruption in providing VM
services.

*From the above it's obvious that we need to really clearly state that in a
production environment oVirt requires to have at least 2 hypervisor hosts
for full functionality.*

In old times there was the all-in-one setup that was substituted from
> single host HCI
>

All-in-one feature has been deprecated in oVirt 3.6 and fully removed in
oVirt 4.0

> ... developers also put extra efforts to setup the wizard comprising the
> single host scenario.
>

Yes, you are right, you can initially set up oVirt with just a single host,
but it's expected that you are going to add an additional host(s) soon.

Obviously it is aimed at test bed / devel / home environments, not
> production ones.
>

Of course, for development use whatever your want, but for production you
care about your setup, because you want the services your offer to run
smoothly

> Do you want me to send you the list of bugzilla contributed by users using
> single host environments that helped Red Hat to have a better working RHV
> too?
>

It's clearly stated that at least 2 hypervisors are required for hosted
engine or standalone RHV installation:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html/planning_and_prerequisites_guide/rhv_architecture
But as I mentioned above, we have a bug in oVirt documentation, that such
an important requirement is not clearly stated. And this is not a fault of
a community, this is a fault of oVirt maintainers, that we have forgotten
to me

[ovirt-users] Re: ovirt-engine and host certification is expired in ovirt4.0

2020-10-06 Thread Martin Perina
Hi,

we have mentioned several times that it doesn't make sense to oVirt on a
single host setup. So you really need to add 2nd host to your setup, move
the 1st host to Maintenance and execute Enroll certificates.

Regards,
Martin

On Sun, Oct 4, 2020 at 5:30 PM  wrote:

> From what I observed (but it's not something I try often), if you try to
> enable maintenance on a host and have VMs on it, it will try migrating the
> VMs first, which is a copy-first, state-transfer-afterwards process. So if
> there is no migration target available or if the copying and state-transfer
> fail, the VM will simply continue to run on the original host... and the
> host will refuse to go into maintenance.
>
> It doesn't solve your problem, but the loss of service you fear shouldn't
> happen either... except sometimes oVirt seems to have bugs or the resulting
> network activity cause confusion.
>
> Ah, perhaps this is important: I've only ever tried that by setting a host
> into maintenance (typically for patch updates) via the GUI. I am far less
> convinced that VM migration would also be triggered if you use the
> 'hosted-engine --set-maintenance --mode=local' variant on the host that
> runs the HostedEngine VM. That might just make it unavailable for newly
> started VMs.
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/7D6XC4YHIKMWSCJWZC2TJFMMD27PT4LD/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QWKO2IMWKJSEMRYKMTURNZBHEERKU2WW/


[ovirt-users] Re: oVirt Node 4.4.2 is now generally available

2020-10-06 Thread Martin Perina
On Mon, Oct 5, 2020 at 3:25 PM Gianluca Cecchi 
wrote:

>
>
> On Mon, Oct 5, 2020 at 3:13 PM Dana Elfassy  wrote:
>
>> Can you shutdown the vms just for the upgrade process?
>>
>> On Mon, Oct 5, 2020 at 1:57 PM Gianluca Cecchi 
>> wrote:
>>
>>> On Mon, Oct 5, 2020 at 12:52 PM Dana Elfassy 
>>> wrote:
>>>
>>>> In order to run the playbooks you would also need the parameters that
>>>> they use - some are set on the engine side
>>>> Why can't you upgrade the host from the engine admin portal?
>>>>
>>>>
>>> Because when you upgrade a host you put it into maintenance before.
>>> And this implies no VMs in execution on it.
>>> But if you are in a single host composed environment you cannot
>>>
>>> Gianluca
>>>
>>
> we are talking about chicken-egg problem.
>
> You say to drive a command form the engine that is a VM that runs inside
> the host, but ask to shutdown VMs running on host before...
> This is a self hosted engine composed by only one single host.
> Normally I would use the procedure from the engine web admin gui, one host
> at a time, but with single host it is not possible.
>

We have said several times, that it doesn't make sense to use oVirt on a
single host system. So you either need to attach 2nd host to your setup
(preferred) or shutdown all VMS and run manual upgrade of your host OS


> Gianluca
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/3ZU43KQXYJO43CWTDDT733H4YZS4JA2U/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7EATX7RPVUOAQWKLHYOTSTRVJG4M2O6Q/


[ovirt-users] Re: ldap auth problem after upgrade from 4.4.1 to 4.4.2

2020-10-01 Thread Martin Perina
On Thu, Oct 1, 2020 at 3:18 PM Jiří Sléžka  wrote:

> Hi,
>
> On 10/1/20 2:53 PM, Martin Perina wrote:
> > Hi,
> >
> > it seems that you are affected by
> > https://bugzilla.redhat.com/show_bug.cgi?id=1880149
> > Could you please try the workaround mentioned there?
>
> bingo! Thanks a lot!
>
> It is interesting behavior as my engine has no public ipv6 address (ipv6
> is set to ignore in nm).
>
> also
>
> [root@ovirt ~]# ping6 google.com
> connect: Network is unreachable
>
> but ok, problem is solved :-)
>

Most probably your LDAP server can be resolved to both IPv4 and IPv6
addresses and we choose a random resolved address in aaa-ldap when
connecting. Enabling IPv6 by default was introduced in
https://bugzilla.redhat.com/1726189 but unfortunately we have missed this
scenario (engine IPv4, LDAP dual IPv4/IPv6) during testing ...


> Jiri
>
>
> >
> > Thanks,
> > Martin
> >
> >
> > On Thu, Oct 1, 2020 at 11:17 AM Jiří Sléžka  > <mailto:jiri.sle...@slu.cz>> wrote:
> >
> > Hi,
> >
> > I just upgraded my HE to 4.4.2 but now I cannot login using my ldap
> aaa
> > profile anymore.
> >
> > We are using Novell/NetIQ E-directory (load ballanced by haproxy,
> > probably not important...)
> >
> > In 4.4.1 I was hit by removed TLSv1 (which is the newest protocol
> > supported by our edir) from default crypto policies but I was able
> > revert it by
> >
> > update-crypto-policies --set LEGACY
> >
> > after upgrade to 4.4.2 the error is
> >
> > server_error: An error occurred while attempting to connect to server
> > ldap1.slu.cz:389 <http://ldap1.slu.cz:389>:
> > IOException(LDAPException(resultCode=91 (connect
> > error), errorMessage='An error occurred while attempting to
> establish a
> > connection to server ldap1.slu.cz/193.84.206.212:389
> > <http://ldap1.slu.cz/193.84.206.212:389>:
> > SocketException(Network is unreachable (connect failed)),
> > ldapSDKVersion=4.0.14,
> > revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))
> >
> > but our ldap server is reachable from ovirt, I tested it via (also
> ldaps
> > and startls variants are working)
> >
> > ldapsearch -H ldap://ldap1.slu.cz <http://ldap1.slu.cz> -x -D
> > cn=*,ou=**,o=su -w
> > '' -b 'o=su'
> >
> > As a workaround I tried to set plain ldap protocol in profile
> >
> > cat /etc/ovirt-engine/aaa/CRO.properties
> >
> >
> > include = 
> >
> > vars.server = ldap1.slu.cz <http://ldap1.slu.cz>
> > vars.port = 389
> > vars.user = cn=*,ou=**,o=su
> > vars.password = **
> >
> > pool.default.serverset.single.server = ${global:vars.server}
> > pool.default.serverset.single.port = ${global:vars.port}
> > pool.default.auth.simple.bindDN = ${global:vars.user}
> > pool.default.auth.simple.password = ${global:vars.password}
> >
> > pool.default.ssl.startTLS = false
> > pool.default.ssl.enable = false
> > #pool.default.ssl.protocol = TLSv1
> > #pool.default.ssl.startTLSProtocol = TLSv1
> > #pool.default.ssl.insecure = true
> >
> > sequence-init.init.100-my-edir-init-vars = my-edir-init-vars
> > sequence.my-edir-init-vars.010.description = set baseDN
> > sequence.my-edir-init-vars.010.type = var-set
> > sequence.my-edir-init-vars.010.var-set.variable = simple_baseDN
> > sequence.my-edir-init-vars.010.var-set.value = o=su
> >
> > #search.default.search-request.derefPolicy = ALWAYS
> >
> >
> > but the error is the same...
> >
> > ovirt-engine-extensions-tool aaa login-user --profile=CRO
> > --user-name=my_user
> >
> > 
> > WARNING:
> [ovirt-engine-extension-aaa-ldap.authn::SU-LDAP-authentication]
> > TLS/SSL insecure mode
> > ...
> > WARNING: [ovirt-engine-extension-aaa-ldap.authn::auth.CRO.slu.cz
> > <http://auth.CRO.slu.cz>] Cannot
> > initialize LDAP framework, deferring initialization. Error: An error
> > occurred while attempting to connect to server ldap1.slu.cz:389
> > <http://ldap1.slu.cz:389>:
> > IOException(LDAPException(resultCode=91 (connect error),
> > errorMessage='An error occurred while attempting to establish a
> > connection to server ldap1.slu.cz/193.84.206.212:389
> > <http://ldap1.slu

[ovirt-users] Re: ldap auth problem after upgrade from 4.4.1 to 4.4.2

2020-10-01 Thread Martin Perina
Hi,

it seems that you are affected by
https://bugzilla.redhat.com/show_bug.cgi?id=1880149
Could you please try the workaround mentioned there?

Thanks,
Martin


On Thu, Oct 1, 2020 at 11:17 AM Jiří Sléžka  wrote:

> Hi,
>
> I just upgraded my HE to 4.4.2 but now I cannot login using my ldap aaa
> profile anymore.
>
> We are using Novell/NetIQ E-directory (load ballanced by haproxy,
> probably not important...)
>
> In 4.4.1 I was hit by removed TLSv1 (which is the newest protocol
> supported by our edir) from default crypto policies but I was able
> revert it by
>
> update-crypto-policies --set LEGACY
>
> after upgrade to 4.4.2 the error is
>
> server_error: An error occurred while attempting to connect to server
> ldap1.slu.cz:389: IOException(LDAPException(resultCode=91 (connect
> error), errorMessage='An error occurred while attempting to establish a
> connection to server ldap1.slu.cz/193.84.206.212:389:
> SocketException(Network is unreachable (connect failed)),
> ldapSDKVersion=4.0.14, revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))
>
> but our ldap server is reachable from ovirt, I tested it via (also ldaps
> and startls variants are working)
>
> ldapsearch -H ldap://ldap1.slu.cz -x -D cn=*,ou=**,o=su -w
> '' -b 'o=su'
>
> As a workaround I tried to set plain ldap protocol in profile
>
> cat /etc/ovirt-engine/aaa/CRO.properties
>
>
> include = 
>
> vars.server = ldap1.slu.cz
> vars.port = 389
> vars.user = cn=*,ou=**,o=su
> vars.password = **
>
> pool.default.serverset.single.server = ${global:vars.server}
> pool.default.serverset.single.port = ${global:vars.port}
> pool.default.auth.simple.bindDN = ${global:vars.user}
> pool.default.auth.simple.password = ${global:vars.password}
>
> pool.default.ssl.startTLS = false
> pool.default.ssl.enable = false
> #pool.default.ssl.protocol = TLSv1
> #pool.default.ssl.startTLSProtocol = TLSv1
> #pool.default.ssl.insecure = true
>
> sequence-init.init.100-my-edir-init-vars = my-edir-init-vars
> sequence.my-edir-init-vars.010.description = set baseDN
> sequence.my-edir-init-vars.010.type = var-set
> sequence.my-edir-init-vars.010.var-set.variable = simple_baseDN
> sequence.my-edir-init-vars.010.var-set.value = o=su
>
> #search.default.search-request.derefPolicy = ALWAYS
>
>
> but the error is the same...
>
> ovirt-engine-extensions-tool aaa login-user --profile=CRO
> --user-name=my_user
>
> 
> WARNING: [ovirt-engine-extension-aaa-ldap.authn::SU-LDAP-authentication]
> TLS/SSL insecure mode
> ...
> WARNING: [ovirt-engine-extension-aaa-ldap.authn::auth.CRO.slu.cz] Cannot
> initialize LDAP framework, deferring initialization. Error: An error
> occurred while attempting to connect to server ldap1.slu.cz:389:
> IOException(LDAPException(resultCode=91 (connect error),
> errorMessage='An error occurred while attempting to establish a
> connection to server ldap1.slu.cz/193.84.206.212:389:
> SocketException(Network is unreachable (connect failed)),
> ldapSDKVersion=4.0.14, revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))
> ...
> INFO: API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS
> profile='CRO' user='my_user'
> Password:
> ...
> WARNING: [ovirt-engine-extension-aaa-ldap.authn::auth.CRO.slu.cz] Cannot
> initialize LDAP framework, deferring initialization. Error: An error
> occurred while attempting to connect to server ldap1.slu.cz:389:
> IOException(LDAPException(resultCode=91 (connect error),
> errorMessage='An error occurred while attempting to establish a
> connection to server ldap1.slu.cz/193.84.206.212:389:
> SocketException(Network is unreachable (connect failed)),
> ldapSDKVersion=4.0.14, revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))
> Oct 01, 2020 10:57:37 AM
> org.ovirt.engine.exttool.core.ExtensionsToolExecutor main
> SEVERE: An error occurred while attempting to connect to server
> ldap1.slu.cz:389:  IOException(LDAPException(resultCode=91 (connect
> error), errorMessage='An error occurred while attempting to establish a
> connection to server ldap1.slu.cz/193.84.206.212:389:
> SocketException(Network is unreachable (connect failed)),
> ldapSDKVersion=4.0.14, revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))
>
> debug with tcpdump reveals only that connection is made and there are
> only "bindRequest" and "bindResponse success" messages visible (with
> correct tcp handshake and close) and nothing more
>
> any help would be appreciated
>
> Cheers,
>
> Jiri
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https

[ovirt-users] Re: Adding host fails with Ansible host-deploy role: Internal server error.

2020-09-24 Thread Martin Perina
On Thu, Sep 24, 2020 at 11:38 AM Andrey Andrey via Users 
wrote:

> It all worked. Thank you very much.
>

Hi Andrey,
It looks like https://bugzilla.redhat.com/show_bug.cgi?id=1880171
Have you fixed the problem using the workaround mentioned in the above bug?
Or was it a different issue?

Thanks,
Martin


___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/5WUFJDPPPW5ERK2VJ3FEWY3UVXORMYLR/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/NVKG4Y7FBITI3UEQ7BNXGJAP4SA5ZW5O/


[ovirt-users] Re: Upgrade 4.3 to 4.4 node to manager communication error

2020-09-03 Thread Martin Perina
On Thu, Sep 3, 2020 at 2:56 PM Pierre pit  wrote:

> I have a communication problem between all the nodes and the manager
> following the upgrade from 4.3 to 4.4. I followed the procedure of update
> 4.3 to 4.4 everything worked correctly, according to the import export
> scripts as well as the installation setup on the new manager in 4.4, all is
> ok. Only after connection to the manager, all the nodes are in a down
> state, there is no more communication between the manager newly installed
> in 4.4 and the nodes still in production in 4.3.
>
> In the manager I have this message for all the nodes:
> ` VDSM virtdell8 command Get Host Capabilities failed: PKIX path
> validation failed: java.security.cert.CertPathValidatorException: Algorithm
> constraints check failed on signature algorithm: SHA256withRSA`
>

Hi Pierre,

Hmm, the following error is a bit misleading, but it gives a clue to me.
Could you please check the key size of your ovirt-engine CA key?

openssl x509 -text -noout -in /etc/pki/ovirt-engine/ca.pem | grep 'RSA
Public-Key'

If your key size is less than 2048 bits, then you need to change crypto
policy of your CentOS 8 to LEGACY using below steps:

1. Execute 'update-crypto-policies --set LEGACY'
2. Reboot the machine

That should mitigate the issue, but I'm really curious, this should not
happen unless your engine was installed in oVirt 3.0 era and then
continuously upgraded up to 4.4, because we have switched to 2048 bits in
2012:

https://gerrit.ovirt.org/4389

Is this your case?


Regards,
Martin


> And on the nodes:
> ` 2020-09-01 17:38:13,083+0200 ERROR (Reactor thread)
> [ProtocolDetector.SSLHandshakeDispatcher] ssl handshake: SSLError, address:
> :::XXX.XXX.XXX.XXX (sslutils:264)
>  vdsm[4400]: ERROR ssl handshake: SSLError, address:
> :::XXX.XXX.XXX.XXX`
>
> After a search on the forums I found a similar error on version 4.2 only
> the solution of comment `ssl_excludes` in the `/etc/vdsm/vdsm.conf` file
> but does not apply to my problem.
>
> I unfortunately had to backtrack because it was no longer possible to
> control ovirt and use the manager for our production. the new machine with
> the manager in 4.4 is offline while a solution is found
>
> Do you know where should I look in order to solve this problem?
>
> thank you in advance
> Pierre
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/CE34HLTRN54HVOJNK3ZCNXH66CIYFSQS/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7HGFTJMMZYUUGW2O3IMP27RKABRISTLD/


[ovirt-users] Re: ovirt4.4 and ldap auth with starttls

2020-08-07 Thread Martin Perina
Hi,

legacy ciphers and protocols are disabled on EL8 by default, for more
information please take a look at crypto-policies:

https://access.redhat.com/articles/3666211
https://access.redhat.com/articles/3642912

So in theory if you switch to LEGACY crypto-policy on ovirt-engine machine,
you could be able to use TLSv1, but we have never tested it and we highly
recommend to use only TLSv1.2 or newer.

Regards,
Martin


On Fri, Aug 7, 2020 at 2:11 PM Jiří Sléžka  wrote:

> Hello,
>
> better start new thread...
>
> it looks like tls1.0 is not supported anymore in
> ovirt-engine-extension-aaa-ldap
>
> I just migrated engine from 4.3 to 4.4 and cannot use my ldap profile
> because
>
> server_error: The connection reader was unable to successfully complete
> TLS negotiation: SSLHandshakeException(The server selected protocol
> version TLS10 is not accepted by client preferences [TLS12]),
> ldapSDKVersion=4.0.14, revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb
>
> but when I try to force tls 1.0 by setting
>
> ...
> pool.default.ssl.startTLS = true
> pool.default.ssl.startTLSProtocol = TLSv1
> ...
>
> I got
>
> server_error: The connection reader was unable to successfully complete
> TLS negotiation: SSLHandshakeException(No appropriate protocol (protocol
> is disabled or cipher suites are inappropriate)), ldapSDKVersion=4.0.14,
> revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb
>
> I can't switch to something better on server side, is it possible to
> allow weak ciphers/protocols on client side?
>
> Thanks in advance,
>
> Jiri
>
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/CBVIAEO3R4BQNJ5453O2D5NJH7FQ7YGR/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/IOMG3R7W3RTGWNEIDRYEVHSWLUGCFZMJ/


[ovirt-users] Re: Unassigned hosts

2020-08-06 Thread Martin Perina
t;>>>> Artur
>>>>>
>>>>>
>>>>>
>>>>> On Thu, Aug 6, 2020 at 8:01 AM Nardus Geldenhuys 
>>>>> wrote:
>>>>>
>>>>>> Also see this in engine:
>>>>>>
>>>>>> Aug 6, 2020, 7:37:17 AM
>>>>>> VDSM someserver command Get Host Capabilities failed: Message timeout
>>>>>> which can be caused by communication issues
>>>>>>
>>>>>> On Thu, 6 Aug 2020 at 07:09, Strahil Nikolov 
>>>>>> wrote:
>>>>>>
>>>>>>> Can you fheck for errors on the affected host. Most probably you
>>>>>>> need the vdsm logs.
>>>>>>>
>>>>>>> Best Regards,
>>>>>>> Strahil Nikolov
>>>>>>>
>>>>>>> На 6 август 2020 г. 7:40:23 GMT+03:00, Nardus Geldenhuys <
>>>>>>> nard...@gmail.com> написа:
>>>>>>> >Hi Strahil
>>>>>>> >
>>>>>>> >Hope you are well. I get the following error when I tried to confirm
>>>>>>> >reboot:
>>>>>>> >
>>>>>>> >Error while executing action: Cannot confirm 'Host has been
>>>>>>> rebooted'
>>>>>>> >Host.
>>>>>>> >Valid Host statuses are "Non operational", "Maintenance" or
>>>>>>> >"Connecting".
>>>>>>> >
>>>>>>> >And I can't put it in maintenance, only option is "restart" or
>>>>>>> "stop".
>>>>>>> >
>>>>>>> >Regards
>>>>>>> >
>>>>>>> >Nar
>>>>>>> >
>>>>>>> >On Thu, 6 Aug 2020 at 06:16, Strahil Nikolov >>>>>> >
>>>>>>> >wrote:
>>>>>>> >
>>>>>>> >> After rebooting the node, have you "marked" it that it was
>>>>>>> rebooted ?
>>>>>>> >>
>>>>>>> >> Best Regards,
>>>>>>> >> Strahil Nikolov
>>>>>>> >>
>>>>>>> >> На 5 август 2020 г. 21:29:04 GMT+03:00, Nardus Geldenhuys <
>>>>>>> >> nard...@gmail.com> написа:
>>>>>>> >> >Hi oVirt land
>>>>>>> >> >
>>>>>>> >> >Hope you are well. Got a bit of an issue, actually a big issue.
>>>>>>> We
>>>>>>> >had
>>>>>>> >> >some
>>>>>>> >> >sort of dip of some sort. All the VM's is still running, but
>>>>>>> some of
>>>>>>> >> >the
>>>>>>> >> >hosts is show "Unassigned" or "NonResponsive". So all the hosts
>>>>>>> was
>>>>>>> >> >showing
>>>>>>> >> >UP and was fine before our dip. So I did increase
>>>>>>> >vdsHeartbeatInSecond
>>>>>>> >> >to
>>>>>>> >> >240, no luck.
>>>>>>> >> >
>>>>>>> >> >I still get a timeout on the engine lock even thou I can connect
>>>>>>> to
>>>>>>> >> >that
>>>>>>> >> >host from the engine using nc to test to port 54321. I also did
>>>>>>> >restart
>>>>>>> >> >vdsmd and also rebooted the host with no luck.
>>>>>>> >> >
>>>>>>> >> > nc -v someserver 54321
>>>>>>> >> >Ncat: Version 7.50 ( https://nmap.org/ncat )
>>>>>>> >> >Ncat: Connected to 172.40.2.172:54321.
>>>>>>> >> >
>>>>>>> >> >2020-08-05 20:20:34,256+02 ERROR
>>>>>>> >>
>>>>>>>
>>>>>>> >>[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>>>>>>> >> >(EE-ManagedThreadFactory-engineScheduled-Thread-70) [] EVENT_ID:
>>>>>>> >> >VDS_BROKER_COMMAND_FAILURE(10,802), VDSM someserver command Get
>>>>>>> Host
>>>>>>> >> >Capabilities failed: Message timeout which can be caused by
>>>>>>> >> >communication
>>>>>>> >> >issues
>>>>>>> >> >
>>>>>>> >> >Any troubleshoot ideas will be gladly appreciated.
>>>>>>> >> >
>>>>>>> >> >Regards
>>>>>>> >> >
>>>>>>> >> >Nar
>>>>>>> >>
>>>>>>>
>>>>>> ___
>>>>>> Users mailing list -- users@ovirt.org
>>>>>> To unsubscribe send an email to users-le...@ovirt.org
>>>>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>>>>>> oVirt Code of Conduct:
>>>>>> https://www.ovirt.org/community/about/community-guidelines/
>>>>>> List Archives:
>>>>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/C4HB2J3MH76FI2325Z4AV4VCCEKH4M3S/
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Artur Socha
>>>>> Senior Software Engineer, RHV
>>>>> Red Hat
>>>>>
>>>>
>>>
>>> --
>>> Artur Socha
>>> Senior Software Engineer, RHV
>>> Red Hat
>>>
>>
>
> --
> Artur Socha
> Senior Software Engineer, RHV
> Red Hat
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FVUGIAOAM6FGPNJO4BHDVNNZ4JZ7ZBIA/


[ovirt-users] Re: ovirt 4.4.1.1 hci and problems with ansible 2.9.10 and/or missing python2

2020-07-17 Thread Martin Perina
I've reverified that install new host, check for upgrades, upgrade host and
enroll certificates work fine even with ansible 2.9.10 on standalone engine
installation. So there is some issue inside HCI installer, which doesn't
handle python interpreter correctly.

Gianluca, could you please create a bug for that?

Thanks,
Martin


On Fri, Jul 17, 2020 at 11:36 AM Gianluca Cecchi 
wrote:

>
>
> On Fri, Jul 17, 2020 at 11:25 AM Gianluca Cecchi <
> gianluca.cec...@gmail.com> wrote:
>
>> On Fri, Jul 17, 2020 at 11:04 AM Gianluca Cecchi <
>> gianluca.cec...@gmail.com> wrote:
>>
>>> On Fri, Jul 17, 2020 at 10:58 AM Gianluca Cecchi <
>>> gianluca.cec...@gmail.com> wrote:
>>>
>>>> On Fri, Jul 17, 2020 at 10:54 AM Martin Perina 
>>>> wrote:
>>>>
>>>>> Hi Gianluca,
>>>>>
>>>>> that's very strange error, because I'm 100% sure we are using yum
>>>>> module with Python3 in several other roles including adding host to engine
>>>>> or upgrading host and so far I haven't heard any issue with ansible 2.9.10
>>>>> and yum module.
>>>>>
>>>>> Gobinda, wouldn't enforcing python interpreter version help there?
>>>>>
>>>>>
>>>>> https://github.com/oVirt/ovirt-engine/blob/master/packaging/ansible-runner-service-project/project/roles/ovirt-host-deploy-facts/tasks/main.yml#L28
>>>>>
>>>>> Regards,
>>>>> Martin
>>>>>
>>>>>
>>>> I have a very clean install from 4.1.1.1 node ng iso anf I'm the third
>>>> to notice that with this release.
>>>> The engine deployment is going on. Not finished yet, but to have ti go
>>>> I had to modify, with the same strategy ("use: dnf" with package module and
>>>> use "package" instead of "yum" and also specifying "use: dnf") in these
>>>> files under /usr/share/ansible/roles:
>>>>
>>>> ovirt.engine-setup/tasks/engine_setup.yml
>>>> ovirt.engine-setup/tasks/install_packages.yml
>>>> ovirt.hosted_engine_setup/tasks/install_packages.yml
>>>>
>>>> ovirt.hosted_engine_setup/tasks/create_target_vm/03_hosted_engine_final_tasks.yml
>>>> ovirt.hosted_engine_setup/tasks/install_appliance.yml
>>>>
>>>> Gianluca
>>>>
>>>
>>> The installation from the iso was with all default values.
>>> The only "non standard" thing, if we want it to call this way is that
>>> before running the wizard, on the host I pre-installed the appliance
>>> package, to shorten the deploy phase hereafter.
>>> And to do it I executed, because of habit:
>>> yum install ovirt-engine-appliance
>>>
>>> instead of "dnf install...", but I think this doesn't influence ansible
>>> autodetect when using "package" module or the error about python2 when
>>> using "yum" module...
>>>
>>> Gianluca
>>>
>>
>> The engine deployment failed in the phase where it tries to add the host
>> and waits for the host to be up and if I go into the logs in
>>
>> /var/log/ovirt-hosted-engine-setup/engine-logs-2020-07-17T08:30:48Z/ovirt-engine/host-deploy/
>>
>> the file
>> ovirt-host-deploy-ansible-20200717104103-novirt2.example.net-3a710f0c.log
>> contains
>>
>> 020-07-17 10:41:17 CEST - fatal: [novirt2.example.net]: FAILED! =>
>> {"changed": false, "module_stderr": "/bin/sh: /usr/bin
>> /python2: No such file or directory\n", "module_stdout": "", "msg": "The
>> module failed to execute correctly, you probably
>> need to set the interpreter.\nSee stdout/stderr for the exact error",
>> "rc": 127}
>> 2020-07-17 10:41:17 CEST - {
>>   "status" : "OK",
>>   "msg" : "",
>>   "data" : {
>> "uuid" : "00f4c6a8-8423-4a2a-bfd5-f38c34f56ecf",
>> "counter" : 53,
>> "stdout" : "fatal: [novirt2.example.net]: FAILED! => {\"changed\":
>> false, \"module_stderr\": \"/bin/sh: /usr/bin/pytho
>> n2: No such file or directory\\n\", \"module_stdout\": \"\", \"msg\":
>> \"The module failed to execute correctly, you probab
>> ly need to set the interpreter.\\nSee stdout/stderr for the exact
>> error\", \"rc\": 127}"

[ovirt-users] Re: ovirt 4.4.1.1 hci and problems with ansible 2.9.10 and/or missing python2

2020-07-17 Thread Martin Perina
Hi Gianluca,

that's very strange error, because I'm 100% sure we are using yum module
with Python3 in several other roles including adding host to engine or
upgrading host and so far I haven't heard any issue with ansible 2.9.10 and
yum module.

Gobinda, wouldn't enforcing python interpreter version help there?

https://github.com/oVirt/ovirt-engine/blob/master/packaging/ansible-runner-service-project/project/roles/ovirt-host-deploy-facts/tasks/main.yml#L28

Regards,
Martin


On Fri, Jul 17, 2020 at 10:22 AM Gianluca Cecchi 
wrote:

> Same problem for the next stage
>
> [ INFO ] TASK [ovirt.hosted_engine_setup : Install oVirt Hosted Engine
> packages]
> [ ERROR ] fatal: [localhost]: FAILED! => {"attempts": 10, "changed":
> false, "msg": "The Python 2 yum module is needed for this module. If you
> require Python 3 support use the `dnf` Ansible module instead."}
>
> I think this is a major problem for new installations.
> How can I get back python2 to see if it works without having to go through
> all yaml files?
>
> Gianluca
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/QJ54NVDAGWXXPCT7AHEJIQYQR5IZ5IZU/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/EY6SIF3FFRQ6PVMRNH3TJJUZAXABCKCD/


[ovirt-users] Re: What permission do I need to get API access

2020-07-15 Thread Martin Perina
Hi Miguel,

So could you please share your playbook with us and the exact error you are
getting during its execution?

On Tue, Jul 14, 2020 at 4:08 PM  wrote:

> We are trying to create vm using ansible scripts. However, also tried to
> log into the API web https://master-server/ovirt-engine/api with
> authentication error messages. I think the problem is authentication method
> since we are using LDAP accounts, to access vm portal or api web URL we use
> email address too.
>

There should be no difference in usernames provided into UI or
RESTAPI/SDK/Ansible modules. The only thing which differs is how to provide
it:

1. In UI you are providing username and the select a profile (for example
username can be 'admin' and profile 'internal')
2. For RESTAPI/SDK/Ansible you are entering in the format of
username@profile (for example 'admin@internal')

Thanks,
Martin

___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/AIHD5BVBI2V4BLM7IEDRJLJZBMJQY4OY/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/HS2OQQYGBJQ3IAWCVGPLLBDWX6ACJ4TE/


[ovirt-users] Re: What permission do I need to get API access

2020-07-13 Thread Martin Perina
On Mon, Jul 13, 2020 at 4:37 PM Sandro Bonazzola 
wrote:

> +Martin Perina  can you help here?
>
> Il giorno mar 7 lug 2020 alle ore 19:30  ha
> scritto:
>
>> We use LDAP authentication to login to ovirt cluster, actually, admin and
>> another user account have to access API with no problem. My account does
>> cannot access to API despite that had SuperUser privileges than those
>> accounts that already access API.
>>
>> Every time I tried to access API I get next message:
>> Error during SSO authentication access_denied: Cannot authenticate user '
>> diagsbuil...@ralntdom.rtptgcs.com':
>> No valid profile found in credentials..
>>
>
What part of RESTAPI action are you calling? Do you get the error while
obtaining authentication token or when accessing RESTAPI URL with the token?

http://ovirt.github.io/ovirt-engine-api-model/4.4/#_authentication


>> The account does exist and permissions to enter to portal vms
>>
>
For VM portal you don't need to have administrator permissions, user
permissions are enough

>
>> What do need to do to grant access to API?
>>
>
As mentioned above it depends on the action you want to call using RESTAPI

> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/XFIRPSPCNYTACGWMYKRI275MGREPGTGX/
>>
>
>
> --
>
> Sandro Bonazzola
>
> MANAGER, SOFTWARE ENGINEERING, EMEA R RHV
>
> Red Hat EMEA <https://www.redhat.com/>
>
> sbona...@redhat.com
> <https://www.redhat.com/>
>
> *Red Hat respects your work life balance. Therefore there is no need to
> answer this email out of your office hours.
> <https://mojo.redhat.com/docs/DOC-1199578>*
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/HB36VHL4ZAEPZKS2U7YQO673EN3LSPEY/


[ovirt-users] Re: Admin portal will not load after installing updates

2020-07-10 Thread Martin Perina
On Thu, Jul 9, 2020 at 7:07 PM Strahil Nikolov via Users 
wrote:

> If you have access to the HE, can you check the rpm status (rpm -Va) for
> issues.
> Configuration files  could be changed ,  but libraries/binaries  not.
>
> What is the output of hosted-engine --vm-status ?I had a similar issue and
> it was an addon in my browser (as I used profile, the situation was the
> same on Windows and Linux :D )
>
> Best Regards,
> Strahil Nikolov
>
> На 9 юли 2020 г. 18:32:39 GMT+03:00, Michael Watters 
> написа:
> >After installing updates on our ovirt-engine running CentOS 7.8 the
> >administration portal will no longer load.  The engine.log shows an
> >error as follows.
> >
> >2020-07-09 11:26:27,094-04 ERROR
> >[org.ovirt.engine.core.bll.GetConfigurationValuesQuery] (default
> >task-2)
> >[d97ed384-f919-412b-94e2-7ec04a56ea9c] Query
> >'GetConfigurationValuesQuery' failed: null
> >2020-07-09 11:26:27,095-04 ERROR
> >[org.ovirt.engine.core.bll.GetConfigurationValuesQuery] (default
> >task-2)
> >[d97ed384-f919-412b-94e2-7ec04a56ea9c] Exception:
> >java.lang.NullPointerException
> >
> >Does anybody know what would cause this or how to fix it?
>

Hi Michael,

>From and to which oVirt version have you tried to upgrade? Have you
upgraded your oVirt engine according to the upgrade guide?

https://www.ovirt.org/documentation/upgrade_guide/

Because the above error seems to me like an issue when you haven't run
engine-setup after updating setup packages.

Regards,
Martin

> >
> >___
> >Users mailing list -- users@ovirt.org
> >To unsubscribe send an email to users-le...@ovirt.org
> >Privacy Statement: https://www.ovirt.org/privacy-policy.html
> >oVirt Code of Conduct:
> >https://www.ovirt.org/community/about/community-guidelines/
> >List Archives:
> >
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/QYGA242ZB4R4SG6ZPXJQGRQX6MJSEBV3/
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/5Y6X5OBCCDWVEYJF2FLXP4VDZWT5KVDZ/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/773Q5EFBRXRGIYRJ5OWAD75UJOIGBHIP/


[ovirt-users] Re: Some nodes periodically display as Non Responsive

2020-07-01 Thread Martin Perina
Hi Anton,

to diagnose the issue we would need to have logs from both engine and
affected host.

Regards,
Martin


On Wed, Jul 1, 2020 at 6:51 AM Anton Louw via Users  wrote:

>
>
> Hi Everybody,
>
>
>
> I am got some strange things happening. I have got two data centers, DC1
> and DC2, in DC1, some of my nodes (Not all the time and not all the nodes)
> go into a “not responding” state. I can still ping the hosts, and I can
> still access the VMs on the hosts. My Engine sits in DC2, and this does not
> happen to any of the hosts in DC2.
>
>
>
> It seems like the Engine loses connectivity to the hosts in DC1, and then
> cannot re-establish the connection.
>
>
>
> Is there anywhere I can check to get more insight into what is actually
> happening?
>
>
>
> Thanks
>
>
>
> *Anton Louw*
> *Cloud Engineer: Storage and Virtualization* at *Vox*
> --
> *T:*  087 805  | *D:* 087 805 1572
> *M:* N/A
> *E:* anton.l...@voxtelecom.co.za
> *A:* Rutherford Estate, 1 Scott Street, Waverley, Johannesburg
> www.vox.co.za
>
> [image: F] <https://www.facebook.com/voxtelecomZA>
> [image: T] <https://www.twitter.com/voxtelecom>
> [image: I] <https://www.instagram.com/voxtelecomza/>
> [image: L] <https://www.linkedin.com/company/voxtelecom>
> [image: Y] <https://www.youtube.com/user/VoxTelecom>
>
> [image: #VoxBrand]
> <https://www.vox.co.za/fibre/fibre-to-the-home/?prod=HOME>
> *Disclaimer*
>
> The contents of this email are confidential to the sender and the intended
> recipient. Unless the contents are clearly and entirely of a personal
> nature, they are subject to copyright in favour of the holding company of
> the Vox group of companies. Any recipient who receives this email in error
> should immediately report the error to the sender and permanently delete
> this email from all storage devices.
>
> This email has been scanned for viruses and malware, and may have been
> automatically archived by *Mimecast Ltd*, an innovator in Software as a
> Service (SaaS) for business. Providing a *safer* and *more useful* place
> for your human generated data. Specializing in; Security, archiving and
> compliance. To find out more Click Here
> <https://www.voxtelecom.co.za/security/mimecast/?prod=Enterprise>.
>
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/TRMWV4Q6AFHG5PIXOJGVM4LKWWI6F6XZ/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FKPLXTTV5RYWOAKQTN3USZWDXSUMMZGM/


[ovirt-users] Re: New fenceType in oVirt code for IBM OpenBMC

2020-07-01 Thread Martin Perina
On Wed, Jul 1, 2020 at 1:57 AM Vinícius Ferrão via Users 
wrote:

> Hello,
>
> After some days scratching my head I found that oVirt is probably missing
> fenceTypes for IBM’s implementation of OpenBMC in the Power Management
> section. The host machine is an OpenPOWER AC922 (ppc64le).
>
> The BMC basically is an “ipmilan” device but the ciphers must be defined
> as 3 or 17 by default:
>
> [root@h01 ~]# ipmitool -I lanplus -H 10.20.10.2 root -P 0penBmc -L
> operator -C 3 channel getciphers ipmi
> ID   IANAAuth AlgIntegrity Alg   Confidentiality Alg
> 3N/A hmac_sha1   hmac_sha1_96aes_cbc_128
> 17   N/A hmac_sha256 sha256_128  aes_cbc_128
>
> The default ipmilan connector forces the option cipher=1 which breaks the
> communication.
>

Hi,

have you tried to overwrite the default by adding cipher=3 into Options
field when adding/updating fence agent configuration for specific host?

Eli, looking at
https://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/ipmi-second-gen-interface-spec-v2-rev1-1.pdf
I'm not sure our defaults make sense, because by default we enable IPMIv2
(lanplus=1), but we set IPMIv1 cipher support (cipher=1). Or am I missing
something?

Regards,
Martin

>
> So I was reading the code and found this “fenceType” class, but I wasn't
> able to found where to define those classes. So I can create another one
> called something like openbmc to set cipher=17 by default.
>
> Another question is how bad the output is, it only returns a JSON-RPC
> generic error. But I don’t know how to suggest a fix for this.
>
> Thanks,
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/BP33DZ3AET53DGS7TAD6L765WKQIOW7B/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5PKQNM3GUAMYDU4R2PVKS5YGPJZHBOP6/


[ovirt-users] Re: How to renew an Ovirt host certificate (vdsmcert.pem) ?

2020-06-29 Thread Martin Perina
Hi,

just migrate the hosted engine VM to a different host, move the host to
Maintenance, execute Enroll Certificate and after successful finish of
enrolling new certificate you can activate the host again.

Regards,
Martin

On Mon, Jun 29, 2020 at 10:53 AM  wrote:

> Hi,
>
> I have an Ovirt host that the vdsmcert.pem expired. The problem is that
> host contains the self-hosted engine.
> How to renew the certificate without breaking the self-hosted engine ?
>
> Thanks,
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/EEHMUJMOZFXEQUEJSRHLRRYUGBGVFXO6/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VHSWC6WYQUO6AVSKWZRH23CYVMJNJOOY/


[ovirt-users] Re: How to config ovirt-engine to Https ?

2020-06-19 Thread Martin Perina
Hi,

have you used the default certificate created by engine-setup? Or have you
provided your custom HTTPS certificate as described below?

https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL.html

Anyway in both cases please make sure you are accessing oVirt engine using
the same FQDN which you have provided in engine-setup

Regards,
Martin


On Fri, Jun 19, 2020 at 6:06 AM zhou...@vip.friendtimes.net <
zhou...@vip.friendtimes.net> wrote:

> The https web access is ok,but I cant login the ovirt-engine,how
> to config a https web?
>
>
> --
> zhou...@vip.friendtimes.net
>
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/43UGIBIJ23HSADJ5XYPRH57MCYPOIFS4/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/N3KFCJ3423KK3SZUV5BZIHO5XJ4GDZ3C/


[ovirt-users] Re: Power Management on IBM AC922 Power9 (ppc64le)

2020-06-09 Thread Martin Perina
Hi Vinicius,

do you have at least one additional host in the same datacenter as your IBM
server (engine requires to have another host acting as fencing proxy)?

If yes, then please check /var/log/vdsm/vdsm.log on the other host, which
acts as a fencing proxy, to see the exact error.

Regards,
Martin


On Mon, Jun 8, 2020 at 7:15 PM Vinícius Ferrão via Users 
wrote:

> Yes… actually IBM uses pretty standard stuff. IPMI is enabled by default
> and as I said, I can use ipmitool on CLI and it’s works normally.
>
> I do have some updates, I upgraded the OpenBMC firmware and now I can use
> ipmitool like anything else with -U and -P; so I was hoping that oVirt
> would handle the Power Management with IPMI over LAN (exactly how you
> suggested) but the issue stays. JSON-RPC error. :(
>
> Now I really think this is a bug, but I would like to get some
> confirmation from the oVirt devs to raise it on bugzilla.
>
> > On 8 Jun 2020, at 14:00, bernadette.pfau--- via Users 
> wrote:
> >
> > Making a guess here -- on Dell iDRAC there is a setting for "IPMI over
> LAN".  Is there an equivalent on the IBM?
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/BYLLNDCJ2VO3RRTJXS45CNUQYF3GYR6R/
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/3ZTOY2JM3EOHYDQ5XQBPNQ3YATTTX3BE/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GZKJ4WQW7BLT45W34KU45DFQW6NN24SE/


[ovirt-users] Re: PKIX path error

2020-06-02 Thread Martin Perina
Hi,

could you please restart ovirt-engine service and share server.log and
engine.log from /var/log/ovirt-engine ?

Thanks,
Martin


On Fri, May 29, 2020 at 4:36 PM Stack Korora 
wrote:

> On 2020-05-29 08:08, Martin Perina wrote:
>
> Hi Stack,
>
> if I understand correctly your custom SSL certificates are working
> correctly and you are able to login to webadmin using admin@internal,
> right?
>
> Correct.
>
> If the problem is, that your aaa-ldap profile is not visible in the login
> dialog, then there is some issue with aaa-ldap configuration. You have
> mentioned that you used ovirt-engine-extension-aaa-ldap-setup tool to
> create you aaa-ldap profile, have you executed login and search operation
> at the end of setup tool? If so, were they successful?
>
> I did and yes they were.
>
>
> Anyway right you can use following command to debug your aaa extensions
> setup:
>
> # ovirt-engine-extensions-tool info list-extensions
>
> Using above command, could you see authn and authz instance of your
> aaa-ldap profile?
>
> I do see both authz and authn.
>
> If so, please try below tests:
>
> 1. Checking is user search is working:
>
> # ovirt-engine-extensions-tool aaa search --extension-name= AUTHZ NAME> --entity-name=
>
> It does work and it returns valid information.
>
> 2. Checking if login is working
>
> # ovirt-engine-extensions-tool aaa login-user --profile= NAME> --user-name=
>
> A result=SUCCESS on that too!
> However, I still don't see a second profile option on the web login.
>
> Thanks for responding and giving me some help!
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TZ2LJCHYYTKLG6BHJVDNB5TWZLD4TOMY/


[ovirt-users] Re: PKIX path error

2020-05-29 Thread Martin Perina
Hi Stack,

if I understand correctly your custom SSL certificates are working
correctly and you are able to login to webadmin using admin@internal, right?

If the problem is, that your aaa-ldap profile is not visible in the login
dialog, then there is some issue with aaa-ldap configuration. You have
mentioned that you used ovirt-engine-extension-aaa-ldap-setup tool to
create you aaa-ldap profile, have you executed login and search operation
at the end of setup tool? If so, were they successful?

Anyway right you can use following command to debug your aaa extensions
setup:

# ovirt-engine-extensions-tool info list-extensions

Using above command, could you see authn and authz instance of your
aaa-ldap profile?
If so, please try below tests:

1. Checking is user search is working:

# ovirt-engine-extensions-tool aaa search --extension-name= --entity-name=

2. Checking if login is working

# ovirt-engine-extensions-tool aaa login-user --profile=
--user-name=


You can find more informations in:
https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles.html
https://www.ovirt.org/develop/release-management/features/infra/extension-tester-tool.html

Regards,
Martin


On Fri, May 29, 2020 at 9:32 AM Strahil Nikolov via Users 
wrote:

> You mentioned that  your certificates were different. Did you try
> converting them to the type  used  in the example ?
>
> Best Regards,
> Strahil Nikolov
>
> На 29 май 2020 г. 1:29:51 GMT+03:00, Stack Korora 
> написа:
> >On 2020-05-28 16:07, Strahil Nikolov wrote:
> >> Can you check
> >https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL.html
> > just  in case you  missed  a  step ?
> >>
> >> Best  Regards,
> >> Strahil  Nikolov
> >
> >Greetings,
> >
> >Thanks for replying.
> >
> >I was going to argue a bit since the way my certs come are in different
> >formats so my commands are a bit different then the directions. But I
> >went through step by step. Got to the end, and the internal
> >authentication was working with the right SSL cert! My LDAP
> >authentication was missing though...it looks correct.
> >
> >So I redid all the steps for adding LDAP. At the end of the
> >ovirt-engine-extension-aaa-ldap-setup script, I can test accounts and
> >search so I know that is correct. My cert is in the right .jks file.
> >Still nothing I do shows anything but internal.
> >
> >So I scrapped the changes and started over. Round three on a fresh
> >reboot (just in case I missed a service) with the SSL certs and
> >configuring LDAP. SSL works, internal works, ldap doesn't show up as a
> >drop-down option for the profile.
> >
> >Grr...Reboot just in case I missed a service again...nope. SSL and
> >internal work, ldap still not shown in the profile. Tried a different
> >browser, same thing. Double Grr...
> >
> >Any suggestions on where I might be going wrong?
> >
> >Thanks!
> >
> >
> >
> >___
> >Users mailing list -- users@ovirt.org
> >To unsubscribe send an email to users-le...@ovirt.org
> >Privacy Statement: https://www.ovirt.org/privacy-policy.html
> >oVirt Code of Conduct:
> >https://www.ovirt.org/community/about/community-guidelines/
> >List Archives:
> >
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/A4BKWITWPNPYYVLDVRN4XOSDTN4LPNB3/
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/5ANRX472AJLRXMZBEDPF2QH5UG23GWQP/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3FFDYEN67WNWBWPVUHUB6IZEDT5GWD6U/


[ovirt-users] Re: oVirt engine / node & snmp

2020-05-12 Thread Martin Perina
On Mon, May 11, 2020 at 4:01 PM Andrei Verovski 
wrote:

> Hi,
>
> oVirt node seems to run snmp by defeult, “service snmpd status” returns
> some data.
> I’m going to connect all servers to LibreNMS, and it requires custom snmp
> options.
> What options I should keep in oVirt node default nsmp.conf? Or I may just
> fully overwrite this file with my own?
>

By default oVirt is not using SNMP neither on engine nor on hosts, if you
want to use SNMP, you need to configure it by yourself:

1. Configuring the oVirt Engine to Send SNMP Traps

https://www.ovirt.org/documentation/admin-guide/chap-Event_Notifications.html

2. Monitor oVirt or libvirt with SNMP and Zabbix

http://jensd.be/494/linux/monitor-ovirt-or-libvirt-with-snmp-and-zabbix

So feel free to use above or configure snmp.conf to whatever you need.


> Please note my oVirt node installed manually on CentOS, I don’t use node
> DVD image from oVirt project.
>
>
> with best regards
> Thanks in advance.
> Andrei
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/BBMLCEMMOKAO3DULZWVQ5VQGC7GPUDEC/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YAUWKFA4GN3HWEWWO3PX66NPWRPVNN6O/


[ovirt-users] Re: Unable to import CA certificate list

2020-05-06 Thread Martin Perina
On Wed, May 6, 2020 at 9:00 AM Sakari Poussa  wrote:

> Hi Martin,
>
> Seems that I am running the correct versions. Can you elaborate what the
> issue is/was and where is the fix? I can then dive deeper with my debugging.
>

We have changed the way how parameters are passed from engine through
ansible-runner-service to ansible-runner to eliminate parameter escaping
and still allowing parallel playbooks execution. So you also need to have
patch https://gerrit.ovirt.org/108532 included in your ovirt-engine, which
removes the additional escaping.

>
> Thanks, Sakari
>
> $ dnf info python3-ansible-runner ansible-runner-service
> Last metadata expiration check: 0:02:12 ago on Wed 06 May 2020 09:51:37 AM
> EEST.
> Installed Packages
> Name : ansible-runner-service
> Version  : 1.0.2
> Release  : 1.el8
> Architecture : noarch
> Size : 252 k
> Source   : ansible-runner-service-1.0.2-1.el8.src.rpm
> Repository   : @System
> From repo: ovirt-4.4-centos-ovirt44
> Summary  : RESTful API for ansible/ansible_runner execution
> License  : ASL 2.0
> Description  : This package provides the Ansible Runner Service source
> files. Ansible runner service exposes a REST API interface on top of the
> functionality provided by ansible and
>  : ansible_runner.
>  :
>  : The Ansible Runner Service provided in this packages is
> intended to be used as uwgsi app exposed by Nginx in a Container.
>  : Dependencies, and configuration tasks must be performed in
> the container.
>  :
>  : Ansible Runner Service listens on https://localhost:5001
> by default for playbook or ansible inventory requests. For developers
> interested in using the API, all the available
>  : endpoints are documented at https://localhost:5001/api.
>  :
>  : In addition to the API endpoints, the daemon also provides
> a /metrics endpoint for prometheus integration. A sample Grafana dashboard
> is provided within
>  : /usr/share/doc/ansible-runner-service
>
> Name : python3-ansible-runner
> Version  : 1.4.5
> Release  : 1.el8
> Architecture : noarch
> Size : 340 k
> Source   : ansible-runner-1.4.5-1.el8.src.rpm
> Repository   : @System
> From repo: ovirt-4.4-centos-ovirt44
> Summary  : A tool and python library to interface with Ansible
> URL  : https://github.com/ansible/ansible-runner
> License  : ASL 2.0
> Description  : Ansible Runner is a tool and python library that helps when
> interfacing with
>  : Ansible from other systems whether through a container
> image interface, as a
>  : standalone tool, or imported into a python project.
>
>
> On Wed, May 6, 2020 at 9:27 AM Martin Perina  wrote:
>
>> Hi,
>>
>> the issue has been fixed on master, it seems that you are using old
>> ovirt-engine and/or old ansible-runner-service. Please upgrade to latest
>> released ovirt-engine with ansible-runner-service-1.0.2 and
>> python3-ansible-runner-1.4.5
>>
>> Regards,
>> Martin
>>
>>
>> On Wed, May 6, 2020 at 6:50 AM Sakari Poussa  wrote:
>>
>>> Hi,
>>>
>>> I am using 4.4 beta4 and not able to add new hosts to the datacenter.
>>> Also "Enroll Certificate" fails.
>>>
>>> On nodes, I get the following error message:
>>>
>>> libvirtd[20399]: Unable to import CA certificate list
>>> /etc/pki/vdsm/certs/cacert.pem
>>>
>>> The root cause is the malformed cert:
>>>
>>> $ cat /etc/pki/vdsm/certs/cacert.pem
>>> -BEGIN CERTIFICATE-\nMIID XXX
>>>
>>> That, is the .pem file is just one long line with \n characters instead
>>> of real newlines. If I convert the \n to real newlines libvirtd starts but
>>> that is not the end solution since other issues surfaces.
>>>
>>> The malforming happens when the engine copies (via ansible) the CA cert
>>> to the node(s).
>>>
>>> Any ideas what is going on?
>>>
>>> Thanks, Sakari
>>>
>>>
>>>
>>>
>>> _______
>>> Users mailing list -- users@ovirt.org
>>> To unsubscribe send an email to users-le...@ovirt.org
>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>>> oVirt Code of Conduct:
>>> https://www.ovirt.org/community/about/community-guidelines/
>>> List Archives:
>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/TZ6EA3X257YGFYQTLFRILGGCQKQKTT2V/
>>>
>>
>>
>> --
>> Martin Perina
>> Manager, Software Engineering
>> Red Hat Czech s.r.o.
>>
>
>
> --
> Sakari Poussa
> 040 348 2970
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OXRUJGZCZUOIFULIFMBZDTS5DJOFJGTI/


[ovirt-users] Re: Unable to import CA certificate list

2020-05-06 Thread Martin Perina
Hi,

the issue has been fixed on master, it seems that you are using old
ovirt-engine and/or old ansible-runner-service. Please upgrade to latest
released ovirt-engine with ansible-runner-service-1.0.2 and
python3-ansible-runner-1.4.5

Regards,
Martin


On Wed, May 6, 2020 at 6:50 AM Sakari Poussa  wrote:

> Hi,
>
> I am using 4.4 beta4 and not able to add new hosts to the datacenter. Also
> "Enroll Certificate" fails.
>
> On nodes, I get the following error message:
>
> libvirtd[20399]: Unable to import CA certificate list
> /etc/pki/vdsm/certs/cacert.pem
>
> The root cause is the malformed cert:
>
> $ cat /etc/pki/vdsm/certs/cacert.pem
> -BEGIN CERTIFICATE-\nMIID XXX
>
> That, is the .pem file is just one long line with \n characters instead of
> real newlines. If I convert the \n to real newlines libvirtd starts but
> that is not the end solution since other issues surfaces.
>
> The malforming happens when the engine copies (via ansible) the CA cert to
> the node(s).
>
> Any ideas what is going on?
>
> Thanks, Sakari
>
>
>
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/TZ6EA3X257YGFYQTLFRILGGCQKQKTT2V/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/REDL7UPJOU6WAWWD3X7DJ6MYVXE5RCW2/


[ovirt-users] Re: oVirt 4.4.0 Beta release refresh is now available for testing

2020-04-09 Thread Martin Perina
es and bugs fixed.
>
> If you manage more than one oVirt instance, OKD or RDO we also recommend
> to try ManageIQ <http://manageiq.org/>.
>
> In such a case, please be sure  to take the qc2 image and not the ova
> image.
>
> Notes:
>
> - oVirt Appliance is already available for CentOS Linux 8
>
> - oVirt Node NG is already available for CentOS Linux 8
>
> Additional Resources:
>
> * Read more about the oVirt 4.4.0 release highlights:
> http://www.ovirt.org/release/4.4.0/
>
> * Get more oVirt project updates on Twitter: https://twitter.com/ovirt
>
> * Check out the latest project news on the oVirt blog:
> http://www.ovirt.org/blog/
>
>
> [1] http://www.ovirt.org/release/4.4.0/
> [2] http://resources.ovirt.org/pub/ovirt-4.4-pre/iso/
>
> --
>
> Sandro Bonazzola
>
> MANAGER, SOFTWARE ENGINEERING, EMEA R RHV
>
> Red Hat EMEA <https://www.redhat.com/>
>
> sbona...@redhat.com
> <https://www.redhat.com/>*
> <https://www.redhat.com/en/summit?sc_cid=7013a02D2QxAAK>*
> *Red Hat respects your work life balance. Therefore there is no need to
> answer this email out of your office hours.*
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/WX4RDSHWQWGHHYPT4JGRJRMTR43W6Q6X/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZMPAFVZQNPX3R33IYMCEIALQXXGF6JOJ/


[ovirt-users] Re: List VMS with ansible version 2.9 ovirt_vms_info module

2019-12-19 Thread Martin Perina
On Thu, 19 Dec 2019, 09:37 ,  wrote:

> Hi Martin
>
> thanks for your information.
>
> but when i try on one of my testlab  RHV 4.3 farm, ansible 2.9 complain
> that ovirt_vm_facts not found, detail refer to below command output
>
> based on  RHV 4.3 ansible version as below:
>
> # ansible --version
> ansible 2.9.0
>   config file = /etc/ansible/ansible.cfg
>   configured module search path = [u'/root/.ansible/plugins/modules',
> u'/usr/share/ansible/plugins/modules']
>   ansible python module location = /usr/lib/python2.7/site-packages/ansible
>   executable location = /usr/bin/ansible
>   python version = 2.7.5 (default, Jun 11 2019, 14:33:56) [GCC 4.8.5
> 20150623 (Red Hat 4.8.5-39)]
>
>
>
> # ansible-doc --list | egrep -i ovirt_vm   --> not showing ovirt_vm_facts
> module
> [WARNING]: win_template parsing did not produce documentation.
> [WARNING]: template parsing did not produce documentation.
> ovirt_vm_info Retrieve
> information about one or more oVirt/RHV virtual machines
> ovirt_vmpool  Module to
> manage VM pools in oVirt/RHV
> ovirt_vmpool_info Retrieve
> information about one or more oVirt/RHV vmpools
> ovirt_vm  Module to
> manage Virtual Machines in oVirt/RHV
> [root@rhvm100 ~]#
>
>
>  use ovirt_vms_facts module
> # cat list_vms01.yml
> - hosts: localhost
>   connection: local
>   vars_files:
> - engine_vars.yml
> - password.yml
>
>   tasks:
>   - name: Obtain SSO token
> ovirt_auth:
>   url: "{{ engine_url }}"
>   username: "{{ engine_user }}"
>   password: "{{ engine_password }}"
>   ca_file: "{{ engine_cafile | default(omit) }}"
> #  insecure: "{{ engine_insecure }}"
>
>   - name: List vms
> ovirt_vms_facts:
>

Shouldn't there be ovirt_vm_facts?

  fetch_nested: true
>   nested_attributes:
> - description
>   auth: "{{ ovirt_auth }}"
>
>   - name: set vms
> set_fact:
>vm: "{{ item.name }}: {{ item.snapshots |
> map(attribute='description') | join(',') }}"
> with_items: "{{ ovirt_vms }}"
> loop_control:
>   label: "{{ item.name }}"
> register: all_vms
>
>   - name: make a list
> set_fact: vms="{{ all_vms.results | map(attribute='ansible_facts.vm')
> | list }}"
>
>   - name: Print vms
> debug:
>   var: vms
>
>
> # ansible-playbook list_vms01.yml --syntax-check
> [WARNING]: provided hosts list is empty, only localhost is available. Note
> that the implicit localhost does not match 'all'
>
> ERROR! couldn't resolve module/action 'ovirt_vms_facts'. This often
> indicates a misspelling, missing collection, or incorrect module path.
>
> The error appears to be in '/root/rhv_ansible/list_vms01.yml': line 16,
> column 5, but may
> be elsewhere in the file depending on the exact syntax problem.
>
> The offending line appears to be:
>
>
>   - name: List vms
> ^ here
>
>
> thanks
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/TUTNDLLOMOWX6RBBOQ5CQXNI5B23Z53L/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZRUQILT5PRPVC4TPXP3772OT43OHTRYN/


[ovirt-users] Re: List VMS with ansible version 2.9 ovirt_vms_info module

2019-12-18 Thread Martin Perina
On Thu, Dec 19, 2019 at 7:22 AM  wrote:

> Hi All
>
> is someone use ansible to list guest vm and ovirt node on ansible 2.9 with
> ovirt_vms_info  ?
> i read this https://lists.ovirt.org/pipermail/users/2017-May/081956.html
> but this is for ansible 2.8 and below  with ovirt_vms_facts module.
>

ovirt_vm_facts was just recently removed to ovirt_vm_info, but their
functionality is the same. From Ansible 2.9 both modules names works, but
ovirt_vm_facts is deprecated and it should be removed in 2.12 AFAIR.

More information about the module can be found in docs:

https://docs.ansible.com/ansible/latest/modules/ovirt_vm_info_module.html#ovirt-vm-info-module


> i new to ansible, hope someone manage to provide some sample playbook to
> start list vm on ovirt
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/M54DXWXTALU6EZLGV7VRKVUZJ2DOKLEW/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RY63PM2UVIQBDF7EJSYCLPZMIPCZQ5NF/


[ovirt-users] Re: Did a change in Ansible 2.9 in the ovirt_vm_facts module break the hosted-engine-setup?

2019-12-12 Thread Martin Perina
On Thu, Dec 12, 2019 at 9:40 AM  wrote:

> This seems to be a much bigger generic issue with Ansible 2.9. Here is an
> excerpt from the release notes:
>
> "Renaming from _facts to _info
>
> Ansible 2.9 renamed a lot of modules from _facts to
> _info, because the modules do not return Ansible facts. Ansible
> facts relate to a specific host. For example, the configuration of a
> network interface, the operating system on a unix server, and the list of
> packages installed on a Windows box are all Ansible facts. The renamed
> modules return values that are not unique to the host. For example, account
> information or region data for a cloud provider. Renaming these modules
> should provide more clarity about the types of return values each set of
> modules offers."
>
> I guess that means all the oVirt playbooks need to be adapted for Ansible
> 2.9 and that evidently didn't happen or not completely.
>

We are going to adapt, but this is not a breaking change. Till Ansible 2.11
there is automatic linking between *_facts and *_info, only in 2.12 *_facts
will be removed. There is just deprecation warning about this tissue, but
no breakage.

Also please be aware that we will require Ansible 2.9 as minimum version
for oVirt 4.4.


> It would also seem to suggest that there is no automated integration
> testing before an oVirt release... which contradicts the opening clause of
> the opening phrase of the ovirt.org download page: "oVirt 4.3.7 is
> intended for production use and is available for the following platforms..."
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/ROWX54XPPIGHBDRYR6VRHVFXD4WZ4VBM/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/CLOOMXRACNETEKCH6PA6PFH2G4RCOVNU/


[ovirt-users] Re: Ansible setup host network fails on comparing sorted dictionaries

2019-11-05 Thread Martin Perina
; },
>
> "ipv6_boot_protocol": "none",
>
> "mac": {
>
> "address": "b4:96:91:3f:47:1c"
>
> },
>
> "mtu": 9000,
>
> "name": "bond28",
>
> "network": {
>
> "href":
> "/ovirt-engine/api/networks/f3ef80cf-bf3a-4fa5-aed9-7d9e7455f804",
>
> "id": "f3ef80cf-bf3a-4fa5-aed9-7d9e7455f804"
>
> },
>
> "network_labels": [],
>
> "properties": [],
>
> "speed": 100,
>
> "statistics": [],
>
> "status": "up"
>
> },
>
> "id": "abce07fa-cb7f-46f2-b967-69d1feaa4075",
>
> "invocation": {
>
> "module_args": {
>
> "bond": {
>
> "interfaces": [
>
> "p2p1",
>
> "p2p2"
>
> ],
>
> "mode": 4,
>
> "name": "bond28"
>
> },
>
> "check": true,
>
> "fetch_nested": false,
>
> "interface": null,
>
> "labels": null,
>
> "name": "ovirt-staging-hv-02.avinity.tv",
>
> "nested_attributes": [],
>
> "networks": [
>
> {
>
> "address": "172.17.28.212",
>
> "boot_protocol": "static",
>
> "id": "3e40ff7d-5384-45f1-b036-13e6f91aff56",
>
> "name": "backbone",
>
> "netmask": "255.255.255.0",
>
> "version": "v4"
>
> }
>
> ],
>
> "poll_interval": 3,
>
> "save": true,
>
> "state": "present",
>
> "sync_networks": false,
>
> "timeout": 180,
>
> "wait": true
>
> }
>
> },
>
> "item": {
>
> "bond": {
>
> "interfaces": [
>
> "p2p1",
>
> "p2p2"
>
> ],
>
> "mode": 4,
>
> "name": "bond28"
>
> },
>
> "check": true,
>
> "name": "ovirt-staging-hv-02.avinity.tv",
>
> "networks": [
>
> {
>
> "address": "172.17.28.212",
>
> "boot_protocol": "static",
>
> "name": "backbone",
>
> "netmask": "255.255.255.0",
>
> "version": "v4"
>
> }
>
> ],
>
> "save": true
>
> }
>
> }
>
> Read vars_file 'vars/engine_vars.yml'
>
> Read vars_file 'vars/secrets.yml'
>
> Read vars_file 'vars/ovirt_infra_vars.yml'
>
>
>
> Changes resulted in applying configuration exactly as intended.
>
> Not sure it this was the actual intention, but please let me know if the
> made change was as initially intended for sorted compare to work.
>
>
>
> My pipenv setup:
>
> Python 3.7
>
> ansible==2.8.6
>
> asn1crypto==1.1.0
>
> bcrypt==3.1.7
>
> cffi==1.13.1
>
> cryptography==2.8
>
> dnspython==1.16.0
>
> ipaddress==1.0.23
>
> Jinja2==2.10.3
>
> jmespath==0.9.4
>
> lxml==4.4.1
>
> MarkupSafe==1.1.1
>
> netaddr==0.7.19
>
> ovirt-engine-sdk-python==4.3.3
>
> paramiko==2.6.0
>
> passlib==1.7.1
>
> pyasn1==0.4.5
>
> pycparser==2.19
>
> pycurl==7.43.0.3
>
> PyNaCl==1.3.0
>
> PyYAML==5.1.2
>
> six==1.12.0
>
>
>
> Ansible vars and play:
>
> =
>
> host_networks:
>
>  - name: ovirt-staging-hv-02.avinity.tv
>
> check: true
>
> save: true
>
> bond:
>
>  name: bond28
>
>   mode: 4
>
>   interfaces:
>
> - p2p1
>
> - p2p2
>
> networks:
>
>   - name: backbone
>
> boot_protocol: static
>
> address: 172.17.28.212
>
> netmask: 255.255.255.0
>
> version: v4
>
> =
>
> - name: Setup host networks
>
>   ovirt_host_network:
>
> auth: "{{ ovirt_auth }}"
>
> name: "{{ item.name }}"
>
> state: "{{ item.state | default(omit) }}"
>
> check: "{{ item.check | default(omit) }}"
>
> save: "{{ item.save | default(omit) }}"
>
> bond: "{{ item.bond | default(omit) }}"
>
> networks: "{{ item.networks | default(omit) }}"
>
> labels: "{{ item.labels | default(omit) }}"
>
> interface: "{{ item.interface | default(omit) }}"
>
>   with_items:
>
> - "{{ host_networks | default([]) }}"
>
>   tags:
>
> - host_networks
>
> - networks
>
> 
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/QWOPC2TMAU565LUWAVGTAAUTJ7KNP5WX/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/DYMQA5AI7LKGHDSB6SR6OFCK6EIBAF5R/


[ovirt-users] Re: Cannot enable maintenance mode

2019-11-05 Thread Martin Perina
ttps://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/64GZQKZA7LX7KLMXZ5K2BS46AJVVAMPZ/
> ___
> Users mailing list -- mailto:users@ovirt.org To unsubscribe send an email
> to mailto:users-le...@ovirt.org Privacy Statement:
> https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/JJPEC7RDG3AUSAQAYJO4EZNKONUA3D5F/
>
>
> --
> LUKAS SVATY
> RHV QE
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/YZB2L7MK6SGQIF73QO6GGZG3VZPIBLGA/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5G7PN466PY5LDPEKFM43YIMP6BP65U5L/


[ovirt-users] Re: ovirt and jackson security

2019-10-16 Thread Martin Perina
On Wed, Oct 16, 2019 at 12:12 PM Fabrice Bacchella <
fabrice.bacche...@icloud.com> wrote:

> When I launch ovirt 4.3.6, I see in the command line of the ovirt-engine:
>
> -Djackson.deserialization.whitelist.packages=org,com,java,javax
>
> That whitelist almost everything. Isn't that dangerous ?
>

There is no other easy way how to do that, because we are using huge number
of classes, which can be serialized into JSON. This was breaking backward
compatibility way how CVE for jackson was fixed, but oVirt is not affected
by this CVE, because we use jackson directly only when storing data in
database or for internal engine - VDSM communication. So unless you have an
attacker being able to tamper data in your database or an attacker in
internal network, who is able to masquerade as proper host and return
problematic JSON back to engine, you are not affected.


> When I read this:
> https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
> I think the white list should be as small as possible.
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/GZODZPENEN2RU5LJDWXSEYKVRCFPIHOU/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/MLLQEJEVP64YRPMVVA7F3VMFGJU7KDMY/


[ovirt-users] Re: Host "install failed"

2019-10-15 Thread Martin Perina
On Tue, Oct 15, 2019 at 1:13 PM Jess Zanne Uy  wrote:

> Hi Ma'am Lucie,
>
> Please see attached of my
> ovirt-host-deploy-20191014174056-10.8.105.116-54aeb232.log.
>
>  ovirtlog1.txt
> <https://drive.google.com/file/d/1WEdBVk7c_cyb9fHbx0icFC9mvjSjscbE/view?usp=drive_web>
>
>
> Thanks,
> Jess
>

Hi,

looking at the log you can see very clear error, which is also visible in
webadmin UI in Events tab:

RuntimeError: Hardware does not support virtualization

So please make sure that kvm_intel or kvm_amd (depending on the processor
you have) is loaded to you host kernel


Regards,
M.


> On Tue, Oct 15, 2019 at 5:47 PM Lucie Leistnerova 
> wrote:
>
>> Hi Jess,
>>
>> please send the host deploy log, e.g.
>> ovirt-host-deploy-20191014174056-10.8.105.116-54aeb232.log
>>
>> Thanks.
>> On 10/15/19 10:34 AM, Jess Zanne Uy wrote:
>>
>> Hi Sir/Madaam,
>> I'm trying to search for hours now but still no luck
>> I can already access the oVirt engine web port via IP address. I'm
>> running via Virtualbox machine.
>> Configured data center, cluster. Then after adding new host. Error occur
>> "Install failed".
>> Tried to check the engine log. It says "EVENT ID: VDS
>> INSTALL_FAILED(505), Host ovirt host installation failed. Command returned
>> failure code 1 during SSH session"
>> My IP address and password is exact. And edited the /etc/host IP_ADDRESS
>> localhost.localdomain
>> My hostname is default, BTW
>> Any help what's wrong with the configuration.
>> Please see attached logs
>>  ovirtlog.txt
>> <https://drive.google.com/file/d/13PK8wgJPwlxFB08Ve6hXxYMcDpiLHkmF/view?usp=drive_web>
>>
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
>> oVirt Code of Conduct: 
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives: 
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/M26BAA6V7JRIYGAZ5WPL5K77K4GFLZ6C/
>>
>> --
>> Lucie Leistnerova
>> Senior Quality Engineer, QE Cloud, RHVM
>> Red Hat EMEA
>>
>> IRC: lleistne @ #rhev-qe
>>
>> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/I3BGQ3J57O64QMAIP2I4VBS3VP3CXCOJ/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XEPLXAILHDVXB2TWHSQ2PCR6ZE723VBO/


[ovirt-users] Re: how to put or conditions in filters in web admin gui

2019-10-02 Thread Martin Perina
On Wed, Oct 2, 2019 at 1:08 PM Gianluca Cecchi 
wrote:

> On Wed, Oct 2, 2019 at 11:15 AM Lucie Leistnerova 
> wrote:
>
>> Hi Gianluca,
>>
>> 'or' should work, please send what exact search you enter in the box.
>>
>> Thanks.
>> On 10/2/19 11:05 AM, Gianluca Cecchi wrote:
>>
>> Hello,
>> environment tin 4.3.6.
>> Suppose I'm in Web Admin GUI in Storage --> Disks and I want to get
>> displayed only the disks with "pattern1" together with the disks with
>> "string2" ("or" condition), limiting output to these two conditions, how
>> can I do it?
>> I tried some combinations without success
>>
>> BTW: also the "and" condition seems not to work
>>
>>
Hi Gianluca,

when using condition you need to use key and not just value, so below
should just work fine:

Disks: name=engine* or name=host*
Disks: alias=engine* or alias=host*

name and alias are similar (mapped to the same database field) and they are
default for disks search, so below should produce same results:

Disks: engine
Disks: name=engine*
Disks: alias=engine*

You just need to be aware that if you use key name, you need to append '*'
to search for prefix, otherwise you search for exact value.


Regards,
M.

>
> engine search
>
> https://drive.google.com/file/d/1kglcnmLMUzgIKxOvjqJt8B1uppLhqQNU/view?usp=sharing
>
> host search
>
> https://drive.google.com/file/d/1gbFTuTo2BLDUfn1D0E0aG8iX_PbQpc8T/view?usp=sharing
>
> engine or host search (empty result list)
>
> https://drive.google.com/file/d/1SHeIqYbarzxbWX9r_jzuzeGCT8SXI63q/view?usp=sharing
>
> Gianluca
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/G44G2GJID6RSXP6OKYMF4IHZ76EVVA42/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/72QNKOBZDVDQBK7D4RQIJB56V2QRRPXS/


[ovirt-users] Re: Does cluster upgrade wait for heal before proceeding to next host?

2019-08-09 Thread Martin Perina
On Thu, Aug 8, 2019 at 10:25 AM Sandro Bonazzola 
wrote:

>
>
> Il giorno mar 6 ago 2019 alle ore 23:17 Jayme  ha
> scritto:
>
>> I’m aware of the heal process but it’s unclear to me if the update
>> continues to run while the volumes are healing and resumes when they are
>> done. There doesn’t seem to be any indication in the ui (unless I’m
>> mistaken)
>>
>
> Adding @Martin Perina  , @Sahina Bose
>and @Laura Wright   on this,
> hyperconverged deployments using cluster upgrade command would probably
> need some improvement.
>

The cluster upgrade process continues to the 2nd host after the 1st host
becomes Up. If 2nd host then fails to switch to maintenance, we stop the
upgrade process to prevent breakage.
Sahina, is gluster healing process status exposed in RESTAPI? If so, does
it makes sense to wait for healing to be finished before trying to move
next host to maintenance? Or any other ideas how to improve?

>
>
>
>>
>> On Tue, Aug 6, 2019 at 6:06 PM Robert O'Kane  wrote:
>>
>>> Hello,
>>>
>>> Often(?), updates to a hypervisor that also has (provides) a Gluster
>>> brick takes the hypervisor offline (updates often require a reboot).
>>>
>>> This reboot then makes the brick "out of sync" and it has to be resync'd.
>>>
>>> I find it a "feature" than another host that is also part of a gluster
>>> domain can not be updated (rebooted) before all the bricks are updated
>>> in order to guarantee there is not data loss. It is called Quorum, or?
>>>
>>> Always let the heal process end. Then the next update can start.
>>> For me there is ALWAYS a healing time before Gluster is happy again.
>>>
>>> Cheers,
>>>
>>> Robert O'Kane
>>>
>>>
>>> Am 06.08.2019 um 16:38 schrieb Shani Leviim:
>>> > Hi Jayme,
>>> > I can't recall such a healing time.
>>> > Can you please retry and attach the engine & vdsm logs so we'll be
>>> smarter?
>>> >
>>> > *Regards,
>>> > *
>>> > *Shani Leviim
>>> > *
>>> >
>>> >
>>> > On Tue, Aug 6, 2019 at 5:24 PM Jayme >> > <mailto:jay...@gmail.com>> wrote:
>>> >
>>> > I've yet to have cluster upgrade finish updating my three host HCI
>>> > cluster.  The most recent try was today moving from oVirt 4.3.3 to
>>> > 4.3.5.5.  The first host updates normally, but when it moves on to
>>> > the second host it fails to put it in maintenance and the cluster
>>> > upgrade stops.
>>> >
>>> > I suspect this is due to that fact that after my hosts are updated
>>> > it takes 10 minutes or more for all volumes to sync/heal.  I have
>>> > 2Tb SSDs.
>>> >
>>> > Does the cluster upgrade process take heal time in to account
>>> before
>>> > attempting to place the next host in maintenance to upgrade it? Or
>>> > is there something else that may be at fault here, or perhaps a
>>> > reason why the heal process takes 10 minutes after reboot to
>>> complete?
>>> > ___
>>> > Users mailing list -- users@ovirt.org <mailto:users@ovirt.org>
>>> > To unsubscribe send an email to users-le...@ovirt.org
>>> > <mailto:users-le...@ovirt.org>
>>> > Privacy Statement: https://www.ovirt.org/site/privacy-policy/
>>> > oVirt Code of Conduct:
>>> > https://www.ovirt.org/community/about/community-guidelines/
>>> > List Archives:
>>> >
>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/5XM3QB3364ZYIPAKY4KTTOSJZMCWHUPD/
>>> >
>>> >
>>> > ___
>>> > Users mailing list -- users@ovirt.org
>>> > To unsubscribe send an email to users-le...@ovirt.org
>>> > Privacy Statement: https://www.ovirt.org/site/privacy-policy/
>>> > oVirt Code of Conduct:
>>> https://www.ovirt.org/community/about/community-guidelines/
>>> > List Archives:
>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/GBX3L23MWGMTF7Q4KGVR63RIQZFYXGWK/
>>> >
>>>
>>> --
>>> Systems Administrator
>>> Kunsthochschule für Medien Köln
>>> Peter-Welter-Platz 2
>>> 50676 Köln
>>> ___
>>>

[ovirt-users] Re: RFE: Add the ability to the engine to serve as a fencing proxy

2019-08-09 Thread Martin Perina
On Thu, Aug 8, 2019 at 8:04 PM Strahil  wrote:

> I think poison pill-based  fencing is easier  to implement but it requires
> either  Network-based  (iSCSI or NFS)  or FC-based  shared  storage.
>
> It is used  in corosync/pacemaker clusters and is easier to implement.
>

Corosync/pacemake uses completely different way how to perform fencing and
this is not applicable for oVirt.
But oVirt also uses shared storage information (we call it storage leases)
which can detect that host is still running and only connection between
enigne and host is broken. For details about VM leases please take a look:

https://ovirt.org/documentation/vmm-guide/chap-Administrative_Tasks.html#configuring-a-highly-available-virtual-machine

> Best Regards,
> Strahil Nikolov
> On Aug 8, 2019 11:29, Sandro Bonazzola  wrote:
>
>
>
> Il giorno ven 2 ago 2019 alle ore 10:50 Sandro E 
> ha scritto:
>
> Hi,
>
> i hope that this hits the right people i found  an RFE (Bug 1373957) which
> would be a realy nice feature for my company as we have to request firewall
> rules for every new host and this ends up in a lot of mess and work. Is
> there any change that this RFE gets implemented ?
>
>
You can specify custom firewalld rules, which are applied during host
installation/reinstallation:

https://ovirt.org/documentation/admin-guide/chap-Hosts.html#configuring-host-firewall-rules

So is there anything you are missing?

>
> Thanks for any help or tips
>
>
> This RFE has been filed in 2016 and didn't got much interest so far. Can
> you elaborate a bit on the user story for this?
>
>
>
>
>
> BR,
> Sandro
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/UP7NZWXZBNHM7B7MNY5NMCAUK6UBPXXD/
>
>
>
> --
>
> Sandro Bonazzola
>
> MANAGER, SOFTWARE ENGINEERING, EMEA R RHV
>
> Red Hat EMEA <https://www.redhat.com/>
>
> sbona...@redhat.com
> <https://www.redhat.com/>*Red Hat respects your work life balance.
> Therefore there is no need to answer this email out of your office hours.
> <https://mojo.redhat.com/docs/DOC-1199578>*
>
>

-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/N7BXHMFXSFMSUOEZK66POQOIU63TMCPL/


[ovirt-users] Re: Info about soft fencing mechanism

2019-06-17 Thread Martin Perina
On Fri, Jun 14, 2019 at 3:02 PM Strahil  wrote:

>
> On Jun 13, 2019 16:14, Gianluca Cecchi  wrote:
> >
> > Hello,
> > I would like to know in better detail how soft fencing works in 4.3.
> > In particular, with "soft fencing" we "only" mean vdsmd restart attempt,
> correct?
>

Yes, it just restarts vdsmd service using SSH connection. In the past we
had several cases, where VDSM was non-responsive, but VMs were running
fine, that's why we added this as the 1st step in non-responding treatment
flow.
We try to connect to host using SSH, restarts VDSM and waits if host start
communicate again. If there is an error during SSH connection or service
restart, we immediately continue to next phase of the treatment.

> Who is responsible for issuing the command? Manager or host itself?
>
> The manager should take the decision, but the actual command should be
> done by another  host.
>

The manager, this flow is started  from host monitoring if there a network
error or connection timeout ...

> > Because in case of Manager, if the host has already lost connection, how
> could the manager be able to do it?
>
> Soft fencing is ussed when ssh is available. In all other cases it doesn't
> work.
>

So if engine cannot communicate with host, we don't know the reason, so
there are several steps in non-responding treatment:

1. SSH Soft Fencing
2. Kdump detection (if it's configured for the host and we detecte host is
dumping, we can restart HA VMs on different host)
3. Power Management restart
- according to cluster fencing policy we can skip restarting host if
for exampl host is renewing its storage lease or gluster cluster is healing
- this part is executed on different host in the same cluster/data
center

If you want to know more about fencing in oVirt, please take a look at
below links:

Host fencing in oVirt - Fixing the unknown and allowing VMs to be highly
available
https://www.youtube.com/watch?v=V1JQtmdleaM

Integrating kdump into oVirt
https://www.youtube.com/watch?v=RAGV_za_Qvw

Automatic fencing in oVirt
https://www.ovirt.org/develop/developer-guide/engine/automatic-fencing.html

Fence-kdump integration in oVirt
https://www.ovirt.org/develop/release-management/features/infra/fence-kdump.html


And course feel free to ask questions

Martin

> Thanks in advance for clarifications and eventually documentation pointers
>
> oVirt DOCs need a lot of updates, but I never found a way to add or edit a
> page.
>
> Best Regards,
> Strahil Nikolov
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/OQIENJDAWQNHORWFLSUYWJKH7SS7E5JE/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SRBPLSHWUZNILFG4KJRVFO4LBB37OODF/


[ovirt-users] Re: oVirt 4.0.4 and Active Directory Kerberos SSO for Administration/User Portal. Troubleshooting

2019-05-14 Thread Martin Perina
On Mon, Oct 3, 2016 at 8:18 AM,  wrote:

>
> Hello, Martin
>
> Before I wrote: Kerberos authentication FOR WINDOWS WEB SERVERS working
> successfully from Internet Explorer & Forefox.
> Kerberos authentication NOT working with oVirt Web-Portals.
>
> I expect that the users opening the oVirt web portal in the browser did
> not enter a password, and used instead of the transparent sign-on using
> Kerberos.
> It is impossible ??
>

​It's possible and it's working fine when everything is properly set up.
But please bear in mind kerberos SSO is one of the most complicated oVirt
setup, but usually the error is on kerberos side (environment issues on the
client).

So, you are saying that using curl you are able to access API using
kerberos ticket but when you try to access the same API from the browser it
does not work, right?
I don't use IE, but you need to set following options in "about:config" URL
for Firefox to work properly with kerberos:

 network.negotiate-auth.delegation-uris = .ad.holding.com
 network.negotiate-auth.trusted-uris = .ad.holding.com

If you have those options set, what exactly happen when you try to access ​
https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api
​

​in Firefox?

Martin Perina

​

>
> 03.10.2016, 09:08, "Martin Perina" :
>
> Hi Aleksey,
>
> in your last email you wrote that everything works (at least that's my
> understanding, email pasted below). So what exactly doesn't work for you?
>
> Regards
>
> Martin Perina
>
>
> > # kinit aleksey
> >
> > Password for alek...@ad.holding.com: ***
> >
> > # klist
> >
> > Ticket cache: KEYRING:persistent:0:krb_ccache_9W86VN9
> > Default principal: alek...@ad.holding.com
> >
> > Valid starting   Expires  Service principal
> > 09/30/2016 16:50:32  10/01/2016 02:50:32  krbtgt/AD.HOLDING.COM@AD.
> HOLDING.COM
> > renew until 10/07/2016 16:50:29
> >
> >
> > # curl --negotiate -u : -X GET -H "Accept: application/xml" -k
> ​​
> https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api
> >
> > 
> > 
> >  ... output truncated ...
> > 
> >
> > It Works.
> > The browsers are configured.
> > Kerberos authentication for Windows web servers working successfully
> from Internet Explorer & Forefox
>
>
> On Mon, Oct 3, 2016 at 7:37 AM,  wrote:
>
>
> Up
>
> 30.09.2016, 18:55, "aleksey.maksi...@it-kb.ru"  >:
> > Any other ideas?
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>

--
IMPORTANT!
This message has been scanned for viruses and phishing links.
However, it is your responsibility to evaluate the links and attachments you 
choose to click.
If you are uncertain, we always try to help.
Greetings helpd...@actnet.se



--
IMPORTANT!
This message has been scanned for viruses and phishing links.
However, it is your responsibility to evaluate the links and attachments you 
choose to click.
If you are uncertain, we always try to help.
Greetings helpd...@actnet.se


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7N2X5BUW7DIAIQYYANECLNEAHHTTEYHA/


[ovirt-users] Re: oVirt 4.0.4 and Active Directory Kerberos SSO for Administration/User Portal. Troubleshooting

2019-05-14 Thread Martin Perina
Hi Aleksey,

in your last email you wrote that everything works (at least that's my
understanding, email pasted below). So what exactly doesn't work for you?

Regards

Martin Perina


> # kinit aleksey
>
> Password for alek...@ad.holding.com: ***
>
> # klist
>
> Ticket cache: KEYRING:persistent:0:krb_ccache_9W86VN9
> Default principal: alek...@ad.holding.com
>
> Valid starting   Expires  Service principal
> 09/30/2016 16:50:32  10/01/2016 02:50:32  krbtgt/AD.HOLDING.COM@AD.
HOLDING.COM
> renew until 10/07/2016 16:50:29
>
>
> # curl --negotiate -u : -X GET -H "Accept: application/xml" -k
https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api
>
> 
> 
>  ... output truncated ...
> 
>
> It Works.
> The browsers are configured.
> Kerberos authentication for Windows web servers working successfully from
Internet Explorer & Forefox


On Mon, Oct 3, 2016 at 7:37 AM,  wrote:

>
> Up
>
> 30.09.2016, 18:55, "aleksey.maksi...@it-kb.ru"  >:
> > Any other ideas?
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

--
IMPORTANT!
This message has been scanned for viruses and phishing links.
However, it is your responsibility to evaluate the links and attachments you 
choose to click.
If you are uncertain, we always try to help.
Greetings helpd...@actnet.se



--
IMPORTANT!
This message has been scanned for viruses and phishing links.
However, it is your responsibility to evaluate the links and attachments you 
choose to click.
If you are uncertain, we always try to help.
Greetings helpd...@actnet.se


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/X4HQWTZK7FWOAB32CPBMNUOWDUK7A3G2/


[ovirt-users] Re: oVirt 4.0.4 and Active Directory Kerberos SSO for Administration/User Portal. Troubleshooting

2019-05-14 Thread Martin Perina
On Tue, Oct 4, 2016 at 5:16 PM,  wrote:

> Martin, thanks for the help. It works.
>

​Glad to hear that, thanks.

Martin
​


>
> 03.10.2016, 15:01, "Martin Perina" :
> > ​Ahh, this is the issue. Above configuration is valid for oVirt 3.x, but
> in 4.0 we have quite new OAuth base SSO, so you need to use following
> configuration:
> >
> >  oauth/token-http-auth)|^/ovirt-engine/api>
> >   
> > RewriteEngine on
> > RewriteCond %{LA-U:REMOTE_USER} ^(.*)$
> > RewriteRule ^(.*)$ - [L,NS,P,E=REMOTE_USER:%1]
> > RequestHeader set X-Remote-User %{REMOTE_USER}s
> > AuthType Kerberos
> > AuthName "Kerberos Login"
> > Krb5Keytab /etc/httpd/s-oVirt-Krb.keytab
> > KrbAuthRealms AD.HOLDING.COM
> > KrbMethodK5Passwd off
> > Require valid-user
> > ErrorDocument 401 " url=/ovirt-engine/sso/login-unauthorized\"/> href=\"/ovirt-engine/sso/login-unauthorized\">Here"
> >   
> > 
> > ​
> >
> > ​Also as 4.0 is working on EL7 you may use mod_auth_gssapi/mod_session
> instead of quite old mod_auth_krb. For mod_auth_gssapi/mod_sessions you
> need to do following:
> >
> >   1. yum install mod_session mod_auth_gssapi
> >   2. Use following Apache configuration ​
> >
> > ​ oauth/token-http-auth)|^/ovirt-engine/api>
> >   
> > RewriteEngine on
> > RewriteCond %{LA-U:REMOTE_USER} ^(.*)$
> > RewriteRule ^(.*)$ - [L,NS,P,E=REMOTE_USER:%1]
> > RequestHeader set X-Remote-User %{REMOTE_USER}s
> >
> > AuthType GSSAPI
> > AuthName "Kerberos Login"
> >
> > # Modify to match installation
> > GssapiCredStore keytab:/etc/httpd/s-oVirt-Krb.keytab
> > GssapiUseSessions On
> > Session On
> > SessionCookieName ovirt_gssapi_session path=/private;httponly;secure;
> >
> > Require valid-user
> > ErrorDocument 401 " url=/ovirt-engine/sso/login-unauthorized\"/> href=\"/ovirt-engine/sso/login-unauthorized\">Here"
> >   
> > ​
>

--
IMPORTANT!
This message has been scanned for viruses and phishing links.
However, it is your responsibility to evaluate the links and attachments you 
choose to click.
If you are uncertain, we always try to help.
Greetings helpd...@actnet.se



--
IMPORTANT!
This message has been scanned for viruses and phishing links.
However, it is your responsibility to evaluate the links and attachments you 
choose to click.
If you are uncertain, we always try to help.
Greetings helpd...@actnet.se


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GIIYYLGSCVGHCHAQPJ2EYNSQCU7KRCHC/


[ovirt-users] Re: oVirt 4.0.4 and Active Directory Kerberos SSO for Administration/User Portal. Troubleshooting

2019-05-14 Thread Martin Perina
ifact.arg = X-Remote-User
>
> 
> =
> # cat /etc/ovirt-engine/extensions.d/ad.holding.com-http-mapping.
> properties
>
> ovirt.engine.extension.name = ad.holding.com-http-mapping
> ovirt.engine.extension.bindings.method = jbossmodule
> ovirt.engine.extension.binding.jbossmodule.module =
> org.ovirt.engine-extensions.aaa.misc
> ovirt.engine.extension.binding.jbossmodule.class =
> org.ovirt.engineextensions.aaa.misc.mapping.MappingExtension
> ovirt.engine.extension.provides = org.ovirt.engine.api.
> extensions.aaa.Mapping
> config.mapAuthRecord.type = regex
> config.mapAuthRecord.regex.mustMatch = true
> config.mapAuthRecord.regex.pattern = ^(?.*?)(((?@)(?<
> suffix>.*?)@.*)|(?@.*))$
> config.mapAuthRecord.regex.replacement = ${user}${at}${suffix}${realm}
>
>
> 03.10.2016, 09:56, "Martin Perina" :
>
> > ​Ahh, so kerberos SSO works fine for API, but not for portals. Could you
> please share your Apache configuration with oVirt kerberos configuration?
> Usually it's in /etc/ovirt-engine/aaa/ovirt-sso.conf
>

--
IMPORTANT!
This message has been scanned for viruses and phishing links.
However, it is your responsibility to evaluate the links and attachments you 
choose to click.
If you are uncertain, we always try to help.
Greetings helpd...@actnet.se



--
IMPORTANT!
This message has been scanned for viruses and phishing links.
However, it is your responsibility to evaluate the links and attachments you 
choose to click.
If you are uncertain, we always try to help.
Greetings helpd...@actnet.se


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QZALCIV6D3YYY5YQXJOOJMQYUGT2Q6D4/


[ovirt-users] Re: oVirt 4.0.4 and Active Directory Kerberos SSO for Administration/User Portal. Troubleshooting

2019-05-14 Thread Martin Perina
On Mon, Oct 3, 2016 at 8:52 AM,  wrote:

>  > network.negotiate-auth.delegation-uris = .ad.holding.com
>  > network.negotiate-auth.trusted-uris = .ad.holding.com
>
> Yes. Configured
>
> The URL https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api in IE and
> Firefox opens without problems and without password prompts
>
> But when opening links from start page...
>
> https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/
> userportal/?locale=en_US
> https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/webadmin/?locale=en_US
>
> ...opens a oVirt form prompting for credentials with a single profile
> "internal"
>

​Ahh, so kerberos SSO works fine for API, but not for portals. Could you
please share your Apache configuration with oVirt kerberos configuration?
Usually it's in /etc/ovirt-engine/aaa/ovirt-sso.conf

Thanks

Martin Perina
​


>
>
> 03.10.2016, 09:37, "Martin Perina" :
>
>
>
> On Mon, Oct 3, 2016 at 8:18 AM,  wrote:
>
>
> Hello, Martin
>
> Before I wrote: Kerberos authentication FOR WINDOWS WEB SERVERS working
> successfully from Internet Explorer & Forefox.
> Kerberos authentication NOT working with oVirt Web-Portals.
>
> I expect that the users opening the oVirt web portal in the browser did
> not enter a password, and used instead of the transparent sign-on using
> Kerberos.
> It is impossible ??
>
>
> ​It's possible and it's working fine when everything is properly set up.
> But please bear in mind kerberos SSO is one of the most complicated oVirt
> setup, but usually the error is on kerberos side (environment issues on the
> client).
>
> So, you are saying that using curl you are able to access API using
> kerberos ticket but when you try to access the same API from the browser it
> does not work, right?
> I don't use IE, but you need to set following options in "about:config"
> URL for Firefox to work properly with kerberos:
>
>  network.negotiate-auth.delegation-uris = .ad.holding.com
>  network.negotiate-auth.trusted-uris = .ad.holding.com
>
> If you have those options set, what exactly happen when you try to access ​
> https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api
> ​
>
> ​in Firefox?
>
> Martin Perina
>
> ​
>
>
> 03.10.2016, 09:08, "Martin Perina" :
>
> Hi Aleksey,
>
> in your last email you wrote that everything works (at least that's my
> understanding, email pasted below). So what exactly doesn't work for you?
>
> Regards
>
> Martin Perina
>
>
> > # kinit aleksey
> >
> > Password for alek...@ad.holding.com: ***
> >
> > # klist
> >
> > Ticket cache: KEYRING:persistent:0:krb_ccache_9W86VN9
> > Default principal: alek...@ad.holding.com
> >
> > Valid starting   Expires  Service principal
> > 09/30/2016 16:50:32  10/01/2016 02:50:32  krbtgt/AD.HOLDING.COM@AD.
> HOLDING.COM
> > renew until 10/07/2016 16:50:29
> >
> >
> > # curl --negotiate -u : -X GET -H "Accept: application/xml" -k
> ​​ <https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api>
> https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api
> >
> > 
> > 
> >  ... output truncated ...
> > 
> >
> > It Works.
> > The browsers are configured.
> > Kerberos authentication for Windows web servers working successfully
> from Internet Explorer & Forefox
>
>
> On Mon, Oct 3, 2016 at 7:37 AM,  wrote:
>
>
> Up
>
> 30.09.2016, 18:55, "aleksey.maksi...@it-kb.ru"  >:
> > Any other ideas?
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>

--
IMPORTANT!
This message has been scanned for viruses and phishing links.
However, it is your responsibility to evaluate the links and attachments you 
choose to click.
If you are uncertain, we always try to help.
Greetings helpd...@actnet.se



--
IMPORTANT!
This message has been scanned for viruses and phishing links.
However, it is your responsibility to evaluate the links and attachments you 
choose to click.
If you are uncertain, we always try to help.
Greetings helpd...@actnet.se


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZMDXHINKZ4VOF4YIC6BSIQYFBUZYHEDV/


[ovirt-users] Re: oVirt 4.3.1 with AD creates new user at every login

2019-03-11 Thread Martin Perina
On Sat, Mar 9, 2019 at 10:43 AM  wrote:

> > I just did a clean install of oVirt 4.3.1 (engine and nodes).
> >
> > I setup AD authentication and gave an AD group permissions needed work
> with
> > VMs. I gave them PowerUserRole on the Cluster and Storage.
> >
> > Users in the AD group can login and create VMs but after they log out and
> > log back in they don't see any of the VMs created in the previous
> session.
> >
> > I noticed that in Administration -> Users a new row is created for each
> > user every time they login. All columns for each user are the same: same
> > first and last name, same user name, authorization provider, and so on
> but
> > the behavior looks very much like they are being treated as new user
> every
> > time they login.
>

Ravi, is above the same issue as tracked in
https://bugzilla.redhat.com/show_bug.cgi?id=1672860 ?

>
>
> I have observed the same behaviour with oVirt 4.3.XY
>
> Delving deeper, in the oVirt engine 'users' table,  external_id is *not*
> being set for AD users as documented in (e.g.)
> engines/packaging/dbscripts/common_sp.sql
>
> "The external identifier is the user identifier converted to an array of
> bytes:"
>
> ovirt 4.3.0
> user@domain | f3de0b27-c2a0-463b-a2ff-d480bd88c77f |
> ece7b8c2-4983-4c1e-9a33-c28d58d40213
>
>
> And under ovirt 4.2.8 for comparison:
>
> username   |   user_id| external_id
> user@domain | 364d176e-8813-4e67-bdd0-dc10b823d23c |
> af5bbg/eTkuktBPXW4Ak5g==
>
>
> Further information on replicating the issue:
>
> 1) Configure LDAP authentication:
>
>
> https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles.html#configuring-an-external-ldap-provider
>
>
> 2) Add an LDAP group via the Administration Portal:
>
> Administration >> Users > 'Add' button, click 'Group'
> radio-button, select the relevant LDAP authorization
> select the relevant LDAP authorization provider in the
> drop-down list under 'Search', enter the LDAP group
> in the search text-box then click 'GO'.
>
> The found group should appear below.  Select the
> toggle-button to the left of the group then click
> 'Add and Close'.
>
>
> 3) Add SuperUser system permission for the LDAP group.
>
> Back under Administration >> Users, click the 'Group'
> button if groups are not already displayed.  Click on
> the LDAP group added in the previous step then click
> 'Permissions' -> 'Add System Permissions'
>
>
> 4) Log into the Administration Portal as an LDAP group member.
> Logout then log back into the Administration Portal as a
> member of the LDAP group specified above.  Login should be
> successful because that user will inherit the SuperUser
> system permission but note the following issues below:
>
> - under Administration >> Users, note that a 'User' icon
> is displayed for the LDAP user rather than an 'Admin' icon.
> This is in contrast to 4.2.8, where an Admin icon would
> be displayed.
>
>
> 5) Repeat step 4 above.
> If you logout then log back into the Administration Portal as
> the same member of the LDAP group specified above then
> check Administration >> Users, an additional user entry appears:
> same First Name, Last Name, Authorization provider, Namespace
> and E-mail.
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/PC2JLU65QED36MLLN7I5BJEPYEADKUO2/
>


-- 
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/CTX3S6ULXXJB2RMCLLRYPACPWJHJT55T/


[ovirt-users] Re: Info about firewall type and 4.3

2019-03-08 Thread Martin Perina
Hi Gianluca,

I'd like to mention FirewallD support for hosts is oVirt 4.2 feature, so it
was available to you even before upgrade to 4.3.

Anyway, if you want to switch firewall type of a cluster, then you need to
do that in following steps:

1. Change firewall type in the Edit cluster dialog
- when done all hosts in the cluster are marked and message "host
reinstallation is required" is shown

2. For all hosts in the cluster perform following operations:
a. Put host into Maintenance
b. Perform Reinstall on the host from webadmin
c. Activate the host

In the case you have used custom IPTables rules defined using
engine-config, then please take a look at blog post [1], which mentions how
to define those custom rules using FirewallD:

https://www.ovirt.org/blog/2017/12/host-deploy-customization.html

The definition of those custom rules needs to be performed even before you
start host reinstallation.

Please let us know if you have any issues during the process

Regards,
Martin


On Tue, Mar 5, 2019 at 2:10 PM Gianluca Cecchi 
wrote:

> Hello,
> I have updated a 4.2.8 environment to 4.3.1
> So far so good, I have updated cluster level and dc level from 4.2 to 4.3
>
> I notice the field "Firewall type" in my cluster and it is currently set
> to "iptables".
> My 3 hosts are CentOS 7.6 plain servers.
> My external engine is CentOS 7.6 and already with firewalld
>
> I seem to remember in the long run only firewalld supported also on hosts.
> Is this correct and in case is there an ETA/version?
> What would be the steps to pass my current hosts to firewalld in case?
>
> Currently I see:
> iptables enabled and running
> ip6tables disabled
> ebtables disabled
>
> Thanks in advance,
> Gianluca
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/D62RXQO2XYCBQVOCTMAMKQ572HKWST23/
>


-- 
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/T27S6ERY6KRUWGQSXWBQPYEHW2QHLEZA/


[ovirt-users] Re: Upgrade 4.2.8 to 4.3.1 failed: Constraint violation found in vm_interface (vmt_guid) |1

2019-03-01 Thread Martin Perina
On Fri, Mar 1, 2019 at 3:12 PM John Florian  wrote:

> I tried to upgrade my engine and was running engine-setup when:
>
> [ INFO  ] Checking the Engine database consistency
> [ ERROR ] Failed to execute stage 'Setup validation': Failed checking
> Engine database: an exception occurred while validating the Engine
> database, please check the logs for getting more info:
>   Constraint violation found in  vm_interface (vmt_guid) |1
>
> I found https://bugzilla.redhat.com/show_bug.cgi?id=1528316 but that
> looks to have been resolved already.
>

This seems like a new issue, could you please create new bug for that and
attach engine logs (especially those from /var/log/ovirt-engine/setup?

Thanks,
Martin


> How should I proceed?
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/FD5GAOK6Y5X25IJNNQ56TCQOKEXCZBKT/
>


-- 
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7SMATXVAD3PJQJRMVODBXXOMJ4HQOQOR/


[ovirt-users] Re: Fencing : SSL or not?

2019-02-22 Thread Martin Perina
On Fri, Feb 22, 2019 at 4:00 PM Nicolas Ecarnot  wrote:

> Le 22/02/2019 à 15:45, Martin Perina a écrit :
>
> If I understand that correctly, this is a request to open session to IPMI.
> If you haven't received any response, then I'd check:
>
> 1. Do you have IPMI enabled?
>
>
> Hello Martin,
>
> you hit the point.
>
> IPMI was not unable (anymore).
>
> IPMI is activated by default since years in all our hosts.
>
> But recent firmware upgrades on some of our Dell hosts, and especially on
> iDRAC firmwares led to the disabling of IPMI.
>
>
> I'm sorry for having bothered you and the audience. Sorry for this waste
> of time. Thank you Dell :-\
>

No problem, I'm glad the issue is solved.

Have a nice weekend!
Martin

>
> --
> Nicolas ECARNOT
>
>

-- 
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/PHDG6E226SDO64UQGQ3HXUPXU3KKGHDZ/


  1   2   3   4   >