[ovirt-users] Re: Red Hat 8.3 install error

2021-01-24 Thread Yedidyah Bar David
On Sun, Jan 24, 2021 at 5:25 PM  wrote:
>
> I think is not the same thing.
> I'm not trying to configure the kernel.
> The problem here is, I download RH8 from the Red Hat Developer.
> In the first stage of the installation I'm able to register the subscription, 
> but the error during the packages installation, it tries to register again 
> and fails.
> So the problem is due to the Red Hat developer registration.

OK, so perhaps supply some more details? What you do, what happens,
more output/logs, etc.?

Anyway, if it's indeed a bug around Red Hat subscription/registration,
it's not related to oVirt. Perhaps open a bug in bugzilla or report in
some relevant mailing list (not sure which, sorry).

Thanks and best regards,

>
>
> ____________
> De: "Yedidyah Bar David" 
> Para: supo...@logicworks.pt
> Cc: "users" 
> Enviadas: Domingo, 24 De Janeiro de 2021 11:10:40
> Assunto: Re: [ovirt-users] Red Hat 8.3 install error
>
> On Fri, Jan 22, 2021 at 10:02 PM José Ferradeira via Users
>  wrote:
> >
> > I'm trying to install a RH 8.3 VM, but during installation always get this 
> > error:
> >
> > anaconda 33.16.3.26 exception report
> > Traceback (most recent call first):
> >   File "/usr/lib/python3.6/site-packages/dasbus/client/handler.py", line 
> > 497, in _handle_method_error
> > raise exception from None
> >   File "/usr/lib/python3.6/site-packages/dasbus/client/handler.py", line 
> > 477, in _get_method_reply
> > return self._handle_method_error(error)
> >   File "/usr/lib/python3.6/site-packages/dasbus/client/handler.py", line 
> > 447, in _call_method
>
> A quick search for this line finds me:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1912898
>
> > **kwargs,
> >
> >
> > No problem when installing Centos 8.3
> > Ovirt version Version 4.4.4.7-1.el8
> >
> > Any idea?
>
> Perhaps check if the above bug applies to your case?
> If so, you can try to work around it by installing 8.2 and then upgrade.
> Also, perhaps attach your logs to that bug, and/or comment adding
> relevant information from your case.
>
> In any case, this does not sound like an oVirt bug to me.
>
> Thanks and best regards,
> --
> Didi



-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TYRQHXQXVD2NUM4NDU7KSIUPP7MPDM3C/


[ovirt-users] Re: Red Hat 8.3 install error

2021-01-24 Thread Yedidyah Bar David
On Fri, Jan 22, 2021 at 10:02 PM José Ferradeira via Users
 wrote:
>
> I'm trying to install a RH 8.3 VM, but during installation always get this 
> error:
>
> anaconda 33.16.3.26 exception report
> Traceback (most recent call first):
>   File "/usr/lib/python3.6/site-packages/dasbus/client/handler.py", line 497, 
> in _handle_method_error
> raise exception from None
>   File "/usr/lib/python3.6/site-packages/dasbus/client/handler.py", line 477, 
> in _get_method_reply
> return self._handle_method_error(error)
>   File "/usr/lib/python3.6/site-packages/dasbus/client/handler.py", line 447, 
> in _call_method

A quick search for this line finds me:

https://bugzilla.redhat.com/show_bug.cgi?id=1912898

> **kwargs,
>
>
> No problem when installing Centos 8.3
> Ovirt version Version 4.4.4.7-1.el8
>
> Any idea?

Perhaps check if the above bug applies to your case?
If so, you can try to work around it by installing 8.2 and then upgrade.
Also, perhaps attach your logs to that bug, and/or comment adding
relevant information from your case.

In any case, this does not sound like an oVirt bug to me.

Thanks and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RSDEH6WQ7CQRPWDZZ5FWQBIYUU55VYQC/


[ovirt-users] Re: New setup - Failing to Activate storage domain on NFS shared storage

2021-01-19 Thread Yedidyah Bar David
On Mon, Jan 18, 2021 at 6:01 PM Matt Snow  wrote:
>
> Hi Didi,
> I did log clean up and am re-running ovirt-hosted-engine-cleanup && 
> ovirt-hosted-engine-setup to get you cleaner log files.
>
> searching for host_storage in vdsm.log...
> **snip**
> 2021-01-18 08:43:18,842-0700 INFO  (jsonrpc/3) [api.host] FINISH getStats 
> return={'status': {'code': 0, 'message': 'Done'}, 'info': (suppressed)} 
> from=:::192.168.222.53,39612 (api:54)
> 2021-01-18 08:43:19,963-0700 INFO  (vmrecovery) [vdsm.api] START 
> getConnectedStoragePoolsList(options=None) from=internal, 
> task_id=fb80c883-2447-4ed2-b344-aa0c0fb65809 (api:48)
> 2021-01-18 08:43:19,963-0700 INFO  (vmrecovery) [vdsm.api] FINISH 
> getConnectedStoragePoolsList return={'poollist': []} from=internal, 
> task_id=fb80c883-2447-4ed2-b344-aa0c0fb65809 (api:54)
> 2021-01-18 08:43:19,964-0700 INFO  (vmrecovery) [vds] recovery: waiting for 
> storage pool to go up (clientIF:726)
> 2021-01-18 08:43:20,441-0700 INFO  (jsonrpc/4) [vdsm.api] START 
> connectStorageServer(domType=1, 
> spUUID='----', conList=[{'password': 
> '', 'protocol_version': 'auto', 'port': '', 'iqn': '', 'connection': 
> 'stumpy:/tanker/ovirt/host_storage', 'ipv6_enabled': 'false', 'id': 
> '----', 'user': '', 'tpgt': '1'}], 
> options=None) from=:::192.168.222.53,39612, 
> flow_id=2227465c-5040-4199-b1f9-f5305b10b5e5, 
> task_id=032afa50-381a-44af-a067-d25bcc224355 (api:48)
> 2021-01-18 08:43:20,446-0700 INFO  (jsonrpc/4) 
> [storage.StorageServer.MountConnection] Creating directory 
> '/rhev/data-center/mnt/stumpy:_tanker_ovirt_host__storage' (storageServer:167)
> 2021-01-18 08:43:20,446-0700 INFO  (jsonrpc/4) [storage.fileUtils] Creating 
> directory: /rhev/data-center/mnt/stumpy:_tanker_ovirt_host__storage mode: 
> None (fileUtils:201)
> 2021-01-18 08:43:20,447-0700 INFO  (jsonrpc/4) [storage.Mount] mounting 
> stumpy:/tanker/ovirt/host_storage at 
> /rhev/data-center/mnt/stumpy:_tanker_ovirt_host__storage (mount:207)
> 2021-01-18 08:43:21,271-0700 INFO  (jsonrpc/4) [IOProcessClient] (Global) 
> Starting client (__init__:340)
> 2021-01-18 08:43:21,313-0700 INFO  (ioprocess/51124) [IOProcess] (Global) 
> Starting ioprocess (__init__:465)
> 2021-01-18 08:43:21,373-0700 INFO  (jsonrpc/4) [storage.StorageDomainCache] 
> Invalidating storage domain cache (sdc:74)
> 2021-01-18 08:43:21,373-0700 INFO  (jsonrpc/4) [vdsm.api] FINISH 
> connectStorageServer return={'statuslist': [{'id': 
> '----', 'status': 0}]} 
> from=:::192.168.222.53,39612, 
> flow_id=2227465c-5040-4199-b1f9-f5305b10b5e5, 
> task_id=032afa50-381a-44af-a067-d25bcc224355 (api:54)
> 2021-01-18 08:43:21,497-0700 INFO  (jsonrpc/5) [vdsm.api] START 
> getStorageDomainsList(spUUID='----', 
> domainClass=1, storageType='', 
> remotePath='stumpy:/tanker/ovirt/host_storage', options=None) 
> from=:::192.168.222.53,39612, 
> flow_id=2227465c-5040-4199-b1f9-f5305b10b5e5, 
> task_id=e37eb000-13da-440f-9197-07495e53ce52 (api:48)
> 2021-01-18 08:43:21,497-0700 INFO  (jsonrpc/5) [storage.StorageDomainCache] 
> Refreshing storage domain cache (resize=True) (sdc:80)
> 2021-01-18 08:43:21,498-0700 INFO  (jsonrpc/5) [storage.ISCSI] Scanning iSCSI 
> devices (iscsi:442)
> 2021-01-18 08:43:21,628-0700 INFO  (jsonrpc/5) [storage.ISCSI] Scanning iSCSI 
> devices: 0.13 seconds (utils:390)
> 2021-01-18 08:43:21,629-0700 INFO  (jsonrpc/5) [storage.HBA] Scanning FC 
> devices (hba:60)
> 2021-01-18 08:43:21,908-0700 INFO  (jsonrpc/5) [storage.HBA] Scanning FC 
> devices: 0.28 seconds (utils:390)
> 2021-01-18 08:43:21,969-0700 INFO  (jsonrpc/5) [storage.Multipath] Resizing 
> multipath devices (multipath:104)
> 2021-01-18 08:43:21,975-0700 INFO  (jsonrpc/5) [storage.Multipath] Resizing 
> multipath devices: 0.01 seconds (utils:390)
> 2021-01-18 08:43:21,975-0700 INFO  (jsonrpc/5) [storage.StorageDomainCache] 
> Refreshing storage domain cache: 0.48 seconds (utils:390)
> 2021-01-18 08:43:22,167-0700 INFO  (tmap-0/0) [IOProcessClient] 
> (stumpy:_tanker_ovirt_host__storage) Starting client (__init__:340)
> 2021-01-18 08:43:22,204-0700 INFO  (ioprocess/51144) [IOProcess] 
> (stumpy:_tanker_ovirt_host__storage) Starting ioprocess (__init__:465)
> 2021-01-18 08:43:22,208-0700 INFO  (jsonrpc/5) [vdsm.api] FINISH 
> getStorageDomainsList return={'domlist': []} 
> from=:::192.168.222.53,39612, 
> flow_id=2227465c-5040-4199-b1f9-f5305b10b5e5, 
> task_id=e37eb000-13da-440f-9197-07495e53ce52 (api:54)
> 2021-01-18 08:43:22,999-0700 INFO  (jsonrpc/7) [vdsm.api] START 
> connectStorageServer(domType=1, 
> spUUID='----', conList=[{'password': 
> '', 'protocol_version': 'auto', 'port': '', 'iqn': '', 'connection': 
> 'stumpy:/tanker/ovirt/host_storage', 'ipv6_enabled': 'false', 'id': 
> 'bc87e1a4-004e-41b4-b569-9e9413e9c027', 'user': '', 'tpgt': '1'}], 
> options=None) 

[ovirt-users] Re: Install of RHV 4.4 failing - "Host is not up, please check logs, perhaps also on the engine machine"

2021-01-19 Thread Yedidyah Bar David
On Tue, Jan 19, 2021 at 12:59 PM James Freeman  wrote:
>
> So grateful for your help here - I ran tcpdump on the host, and I saw
> the connection requests to the host from the hosted-engine on 54321/tcp,
> so I was kind of getting there on the whole vdsm thing.
>
> The install just fell over again (same issue - the 120 second timeout
> you described). Taking a step back here, I think something is wrong very
> early on in my upgrade process. My environment is:
>
> 2 x RHEL based hosts (previously RHEL 7 - to be re-installed with RHEL 8
> as per install documentation)
> NFS based storage
> Self-hosted engine
>
> I have been following the documentation here:
>
> https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/upgrade_guide/index#SHE_Upgrading_from_4-3
>
> And specifically here:
>
> https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/upgrade_guide/index#Upgrading_the_Manager_to_4-4_4-3_SHE
>
> All pre-requisite steps are done - the 4.3 engine was upgraded to the
> latest version before the backup was taken and it was shut down.
>
> Now, I note that on my RHEL 8 host (newly installed), vdsmd is not
> configured or running. The deploy script is not opening the firewall for
> the temporary manager to talk to the host on 54321, but it wouldn't
> matter if it did - even if were open up the firewall, there's no
> configured vdsmd running for it to talk to anyway.
>
> I suddenly have the feeling that I've missed an important step that
> would have configured the freshly installed RHEL 8 host for the
> hosted-engine to be installed on - but I can't see what this might be.
> I've been back and forth through the documentation but I can't see where
> vdsmd would have been configured on the host. In short (ignoring all the

This should happen automatically, does not require a manual step on your side.

> failed attempts), my commands to install on a fresh RHEL 8 host have been:
>
> dnf module reset virt
> dnf module list virt
> dnf module enable virt:8.3
> dnf distro-sync --nobest
> dnf install rhvm-appliance
> reboot
> dnf install ovirt-hosted-engine-setup

Just to make sure, perhaps try also 'dnf install ovirt-host'.
If this does carry on additional requirements, perhaps that's a bug
somewhere. But I do not think this is what is failing you.

> dnf install firewalld
> systemctl status firewalld
> systemctl enable firewalld
> systemctl start firewalld

I do not think these are needed - the deploy process should do this.
Should be harmless, though.

> systemctl status firewalld
> hosted-engine --deploy --restore-from-file=backup.bck
>
> Am I missing something fundamental, or is there another step that's not
> working where vdsmd would have been configured?

Sorry, I ignored the fact that it's an upgrade/restore. In this case,
it's expected that the restored engine will not have access to all
other hosts during deploy, until it's started on the external network.
So I suggest to ignore most errors in engine.log and check only those
related to the host you deploy on. And check host-deploy/* logs.

For a general overview of the hosted-engine deploy process, you might
want to check 'Simone Tiraboschi - Hosted Engine 4.3 Deep Dive' in:

https://www.ovirt.org/community/archived_conferences_presentations.html

I think it's still the best presentation slides we have on this.

Good luck,

>
> Many thanks
>
> James
>
> Yedidyah Bar David wrote on 19/01/2021 10:36:
> > On Tue, Jan 19, 2021 at 12:25 PM James Freeman  wrote:
> >> Thanks Didi
> >>
> >> Great pointer - I have just performed a fresh deploy - am in the
> >> hosted-engine VM, and in /var/log/ovirt-engine/engine-log, I can see the
> >> following 3 lines cycling over and over again:
> >>
> >> 2021-01-19 05:12:11,395-05 INFO
> >> [org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (SSL Stomp
> >> Reactor) [] Connecting to rhvh1.example.org/192.168.50.31
> >> 2021-01-19 05:12:11,399-05 ERROR
> >> [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring]
> >> (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-96)
> >> [] Unable to RefreshCapabilities: ConnectException: Connection refused
> >> 2021-01-19 05:12:11,401-05 ERROR
> >> [org.ovirt.engine.core.vdsbroker.vdsbroker.GetCapabilitiesAsyncVDSCommand]
> >> (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-96)
> >> [] Command 'GetCapabilitiesAsyncVDSCommand(HostName = rhvh1.example.org,
> >> VdsIdAndVdsVDSCommandParametersBase:{hostId='12057f7e-a4cf-46ec-b563-c1037ba5c62d',
> >> vds='Host[rhvh1.example.org,12057f7e-a4cf-46ec-b563-c1037ba5c62d]'})'
> >>

[ovirt-users] Re: Install of RHV 4.4 failing - "Host is not up, please check logs, perhaps also on the engine machine"

2021-01-19 Thread Yedidyah Bar David
On Tue, Jan 19, 2021 at 12:25 PM James Freeman  wrote:
>
> Thanks Didi
>
> Great pointer - I have just performed a fresh deploy - am in the
> hosted-engine VM, and in /var/log/ovirt-engine/engine-log, I can see the
> following 3 lines cycling over and over again:
>
> 2021-01-19 05:12:11,395-05 INFO
> [org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (SSL Stomp
> Reactor) [] Connecting to rhvh1.example.org/192.168.50.31
> 2021-01-19 05:12:11,399-05 ERROR
> [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring]
> (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-96)
> [] Unable to RefreshCapabilities: ConnectException: Connection refused
> 2021-01-19 05:12:11,401-05 ERROR
> [org.ovirt.engine.core.vdsbroker.vdsbroker.GetCapabilitiesAsyncVDSCommand]
> (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-96)
> [] Command 'GetCapabilitiesAsyncVDSCommand(HostName = rhvh1.example.org,
> VdsIdAndVdsVDSCommandParametersBase:{hostId='12057f7e-a4cf-46ec-b563-c1037ba5c62d',
> vds='Host[rhvh1.example.org,12057f7e-a4cf-46ec-b563-c1037ba5c62d]'})'
> execution failed: java.net.ConnectException: Connection refused
>
> I can ping 192.168.50.31 and resolve rhvh1.example.org - however I note
> that firewalld on the hypervisor host (192.168.50.31) hasn't had
> anything allowed through it yet apart from SSH and Cockpit. Is this a
> problem, or a red herring?

Generally speaking, the deploy process connects first from the engine to
the host via ssh (22), then (also) configures firewalld to allow access
to vdsm (the oVirt host-side agent, port 54321), and later the engine
normally communicates with the host via vdsm.

Whether or not all of this worked, depends on exactly how you configured
your host's firewalld beforehand.

I suggest to start by not touching it, do the deployment, then see what
it does/did (and that it worked), then decide how you are going to adapt
your policy/tooling/whatever for later deployments, assuming you want to
harden your hosts before deploying.

>
> It seems that the hosted-engine is coming up and being installed and
> configured ok. The engine health page looks ok (as validated by
> Ansible). It looks like the hosted-engine is waiting for something to
> happen on the host itself, but this never completed - which I suspect it
> never will given that it cannot connect to the host.

The deploy process runs on the host, connects to the engine, asks it to
add the host, then waits until it sees the host in the engine with status
'Up'. It indeed does not try to further diagnose failures, nor fail more
quickly - if it's 'Up' it's quick, if it's not, it will wait for a timeout
(120 times * 10 seconds = 20 minutes).

>
> Am I on the right track?

You are :-).

Good luck and best regards,

>
> Yedidyah Bar David wrote on 19/01/2021 10:06:
> > On Tue, Jan 19, 2021 at 11:44 AM  wrote:
> >> Hi all
> >>
> >> I am in the process of migrating a RHV 4.3 setup to RHV 4.4 and struggling 
> >> with the setup. I am installing on RHEL 8.3, using settings backed up from 
> >> the RHV 4.3 install (via 'hosted-engine --deploy 
> >> --restore-from-file=backup.bck').
> >>
> >> The install process always fails at the same point for me at the moment, 
> >> and I can't figure out how to get past it. As far as install progress 
> >> goes, the local hosted-engine comes up and runs on the node. I have been 
> >> able to grep for local_vm_ip in the logs, and can SSH into it with the 
> >> password I set during the setup phase.
> >>
> >> However the install playbooks always fail with:
> >> 2021-01-18 18:38:00,086-0500 ERROR otopi.plugins.gr_he_common.core.misc 
> >> misc._terminate:167 Hosted Engine deployment failed: please check the logs 
> >> for the issue, fix accordingly or re-deploy from scratch.
> >>
> >> Earlier in the logs, I note the following:
> >> 2021-01-18 18:34:51,258-0500 ERROR 
> >> otopi.ovirt_hosted_engine_setup.ansible_utils 
> >> ansible_utils._process_output:109 fatal: [localhost]: FAILED! => 
> >> {"changed": false, "msg": "Host is not up, please check logs, perhaps also 
> >> on the engine machine"}
> >> 2021-01-18 18:37:16,661-0500 ERROR 
> >> otopi.ovirt_hosted_engine_setup.ansible_utils 
> >> ansible_utils._process_output:109 fatal: [localhost]: FAILED! => 
> >> {"changed": false, "msg": "The system may not be provisioned according to 
> >> the playbook results: please check the logs for the issue, fix accordingly 
> >> or re-deploy from scratch.\n"}
> >> Traceback (most recent call last):
> >>File &

[ovirt-users] Re: Install of RHV 4.4 failing - "Host is not up, please check logs, perhaps also on the engine machine"

2021-01-19 Thread Yedidyah Bar David
On Tue, Jan 19, 2021 at 11:44 AM  wrote:
>
> Hi all
>
> I am in the process of migrating a RHV 4.3 setup to RHV 4.4 and struggling 
> with the setup. I am installing on RHEL 8.3, using settings backed up from 
> the RHV 4.3 install (via 'hosted-engine --deploy 
> --restore-from-file=backup.bck').
>
> The install process always fails at the same point for me at the moment, and 
> I can't figure out how to get past it. As far as install progress goes, the 
> local hosted-engine comes up and runs on the node. I have been able to grep 
> for local_vm_ip in the logs, and can SSH into it with the password I set 
> during the setup phase.
>
> However the install playbooks always fail with:
> 2021-01-18 18:38:00,086-0500 ERROR otopi.plugins.gr_he_common.core.misc 
> misc._terminate:167 Hosted Engine deployment failed: please check the logs 
> for the issue, fix accordingly or re-deploy from scratch.
>
> Earlier in the logs, I note the following:
> 2021-01-18 18:34:51,258-0500 ERROR 
> otopi.ovirt_hosted_engine_setup.ansible_utils 
> ansible_utils._process_output:109 fatal: [localhost]: FAILED! => {"changed": 
> false, "msg": "Host is not up, please check logs, perhaps also on the engine 
> machine"}
> 2021-01-18 18:37:16,661-0500 ERROR 
> otopi.ovirt_hosted_engine_setup.ansible_utils 
> ansible_utils._process_output:109 fatal: [localhost]: FAILED! => {"changed": 
> false, "msg": "The system may not be provisioned according to the playbook 
> results: please check the logs for the issue, fix accordingly or re-deploy 
> from scratch.\n"}
> Traceback (most recent call last):
>   File "/usr/lib/python3.6/site-packages/otopi/context.py", line 132, in 
> _executeMethod
> method['method']()
>   File 
> "/usr/share/ovirt-hosted-engine-setup/scripts/../plugins/gr-he-ansiblesetup/core/misc.py",
>  line 435, in _closeup
> raise RuntimeError(_('Failed executing ansible-playbook'))
> RuntimeError: Failed executing ansible-playbook
> 2021-01-18 18:37:18,996-0500 ERROR otopi.context context._executeMethod:154 
> Failed to execute stage 'Closing up': Failed executing ansible-playbook
> 2021-01-18 18:37:32,421-0500 ERROR 
> otopi.ovirt_hosted_engine_setup.ansible_utils 
> ansible_utils._process_output:109 fatal: [localhost]: UNREACHABLE! => 
> {"changed": false, "msg": "Failed to connect to the host via ssh: ssh: 
> connect to host rhvm.example.org port 22: No route to host", "skip_reason": 
> "Host localhost is unreachable", "unreachable": true}
>
> I find the unreachable message a bit odd, as at this stage all that has 
> happened is that the local hosted-engine has been brought up to be 
> configured, and so it is running on virbr0, not on my actual network. As a 
> result, that DNS address will never resolve, and the IP it resolves to won't 
> be up. I gave the installation script permission to modify the local 
> /etc/hosts but this hasn't improved things.
>
> I presume I'm missing something in the install process, or earlier on in the 
> logs, but I've been scanning for errors and possible clues to no avail.
>
> Any and all help greatly appreciated!

Please check/share, on the engine machine under /var/log/ovirt-engine,
or, if inaccessible, on the host, under
/var/log/ovirt-hosted-engine-setup/engine-logs-*:

engine.log

host-deploy/*

Good luck and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/CORIDDYMUPDHGBUGL4DV5IZ4T5QZPJGL/


[ovirt-users] Re: ovirt-ha-agent

2021-01-18 Thread Yedidyah Bar David
On Mon, Jan 18, 2021 at 10:29 PM penguin pages  wrote:
>
> I was avoiding reloading the OS.  This to me was like "reboot as a fix"...  
> to wipe environment out and restart, vs repair where I learn how to debug.

There is no simple and reliable way to undo 'hosted-engine --deploy'.
It's not designed for that. 'ovirt-hosted-engine-cleanup' is only a
partial solution, and if it does not work for you, an OS reinstall
should usually be quick and easy (especially if you have PXE setup,
etc.).

This is unlike 'engine-setup'. engine-setup is used also for upgrades,
so it's very important that it cleanly rolls back to a previous clean
state if it runs into a problem. In that regard, 'engine-cleanup' is
not that important as well, although we do fix bugs in it.

'hosted-engine --deploy' should always be ran on a clean and new
system anyway, so if it runs into a problem, it should not be a loss
to reinstall the OS.

>
> But after weeks... I am running out of time.

Exactly. It's a tradeoff. It's simply not worth it.

Sorry for the time you wasted. Please reinstall :-).

That said, if you run into concrete bugs that can reliably be
reproduced, including in ovirt-hosted-engine-cleanup, please report
them! Thanks.

Good luck and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XX4IXYFTNWOI5EPAE3LCYM7Y7VAIDKXX/


[ovirt-users] Re: ovirt-ha-agent

2021-01-18 Thread Yedidyah Bar David
After you removed the hosts, and before you added them again: Did you
reinstall the OS? If not, there might be some mess left behind.
I suggest to try again: Remove a host, reinstall the OS on it, then
add it back and make sure you choose "Deploy". Then give it some time
to update (should not be more than a few minutes, let's say 1 hour).
If it still does not look good, please check/share all relevant logs.
Thanks.

Best regards,

On Mon, Jan 18, 2021 at 3:14 PM Aries Ahito  wrote:
>
> i tried all to remove all the hosts. run clean self hosted engine deployment. 
> then i tried to add host again. and in hosted-engine tab. i tick drop down 
> and chose "deploy".
>
> after adding all host have active ovirt-ha-agent and have score of (3400) 
> when i tried to migrate the hosted-engine it keeps on failing. except for 
> number 8 hosts. i can now migrated from host 1 and host 8. but rest of the 
> hosts keeps failing..
>
> On Sun, Jan 17, 2021 at 4:15 PM Aries Ahito  wrote:
>>
>> 1. yes
>>
>> 2. yes it can migrate any of the hosts
>>
>> 3. yes we just tried the new ovirt 4.4. then we decided to used fiber ports 
>> and have it bonded. so we reinstalled everything from sratch.
>>
>> 4. Host 1 and the rest of the hosta was completely reinstalled from sratch.  
>> even our separate glusterfs storage we deleted the volumes bricks and redo 
>> everything. ok ill check it later thanks for your prompt response.
>>
>>
>>
>>
>> On Sun, 17 Jan 2021, 16:01 Yedidyah Bar David,  wrote:
>>>
>>> On Sun, Jan 17, 2021 at 9:41 AM Aries Ahito  
>>> wrote:
>>> >
>>> > Hi Yedidyah. yep we reinstall everything from scratch even the operating 
>>> > system we reinstalled it. so technically its a fresh install.
>>> >
>>> > after successfully setting up the hosted-engine we did add  the rest of 
>>> > the node. when i check the node status. its says ovirt agent HA N/A
>>>
>>> Let me understand:
>>>
>>> 1. You had a hosted-engine setup. You started this by deploying on one
>>> host, let's call it host1, and then added another one, let's call it
>>> host2. Right? Perhaps you had more than 2, that's not the point, for
>>> now.
>>>
>>> 2. At this point, you could migrate engine VM from host1 to host2 and
>>> back and it all worked.
>>>
>>> 3. Then you decided to reinstall. It sounds like you reinstalled the
>>> OS on host1, and then did another hosted-engine deployment there. Did
>>> you also use backup? --restore-from-file? Did you use new storage?
>>> Existing? If existing, did you clear it before reinstalling?
>>>
>>> 4. Assuming that you somehow got to a good state re host1, host2 now
>>> still points at the old hosted-engine storage domain, so does not
>>> "see" the new deployment. You should reinstall the OS there, and then
>>> add it as a host to the new engine. Make sure you mark the checkbox
>>> "hosted-engine" in "Add host" dialog.
>>>
>>> Best regards,
>>>
>>> >
>>> > On Sun, 17 Jan 2021, 15:32 Yedidyah Bar David,  wrote:
>>> >>
>>> >> On Sat, Jan 16, 2021 at 4:31 AM Ariez Ahito  
>>> >> wrote:
>>> >> >
>>> >> > last dec i installed hosted-engine seems to be working, we can migrate 
>>> >> > the engine to different host. but we need to reinstall everything 
>>> >> > because of gluster additional configuration.
>>> >> > so we did installed hosted-engine. but as per checking. we cannot 
>>> >> > migrate the engine to other hosts. and the ovirt-ha-agent and 
>>> >> > ovirt-ha-broker is status is inactive (dead) what are we missing?
>>> >>
>>> >> Please clarify what exact steps you took.
>>> >>
>>> >> Did you reinstall everything? How?
>>> >>
>>> >> Did you reinstall just one host? How?
>>> >>
>>> >> Best regards,
>>> >> --
>>> >> Didi
>>> >>
>>>
>>>
>>> --
>>> Didi
>>>
>
>
> --
> Aristotle D. Ahito
> --
>


-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/J254RBL2GZAY47HFH62KRUE6QNWJY5YT/


[ovirt-users] Re: New setup - Failing to Activate storage domain on NFS shared storage

2021-01-17 Thread Yedidyah Bar David
On Mon, Jan 18, 2021 at 8:58 AM Matt Snow  wrote:
>
> I installed ovirt node 4.4.4 as well as 4.4.5-pre and experience the same 
> problem with both versions. The issue occurs in both cockpit UI and tmux'd 
> CLI of ovirt-hosted-engine-setup. I get passed the point where the VM is 
> created and running.
> I tried to do some debugging on my own before reaching out to this list. Any 
> help is much appreciated!
>
> ovirt node hardware: NUC format Jetway w/ Intel N3160 (Braswell 4 
> cores/4threads), 8GB RAM, 64GB SSD. I understand this is underspec'd, but I 
> believe it meets the minimum requirements.
>
> NFS server:
> * Ubuntu 19.10 w/ ZFS share w/ 17TB available space.
> * NFS share settings are just 'rw=@172.16.1.0/24' but have also tried 
> 'rw,sec=sys,anon=0' and '@172.16.1.0/24,insecure'
> * The target directory is always empty and chown'd 36:36 with 0755 
> permissions.
> * I have tried using both IP and DNS names. forward and reverse DNS works 
> from ovirt host and other systems on the network.
> * The NFS share always gets mounted successfully on the ovirt node system.
> * I have tried auto and v3 NFS versions in other various combinations.
> * I have also tried setting up an NFS server on a non-ZFS backed storage 
> system that is open to any host and get the same errors as shown below.
> * I ran nfs-check.py script without issue against both NFS servers and 
> followed other verification steps listed on 
> https://www.ovirt.org/develop/troubleshooting-nfs-storage-issues.html
>
> ***Snip from ovirt-hosted-engine-setup***

Removing snippets of other logs, as I think vdsm should be enough.
Thanks for the investigation so far!

> The relevantsection from /var/log/vdsm/vdsm.log:
> ***begin snip***
> 2021-01-16 19:53:58,439-0700 INFO  (vmrecovery) [vdsm.api] START 
> getConnectedStoragePoolsList(options=None) from=internal, 
> task_id=b8b21668-189e-4b68-a7f0-c2d2ebf14546 (api:48)
> 2021-01-16 19:53:58,439-0700 INFO  (vmrecovery) [vdsm.api] FINISH 
> getConnectedStoragePoolsList return={'poollist': []} from=internal, 
> task_id=b8b21668-189e-4b68-a7f0-c2d2ebf14546 (api:54)
> 2021-01-16 19:53:58,440-0700 INFO  (vmrecovery) [vds] recovery: waiting for 
> storage pool to go up (clientIF:726)
> 2021-01-16 19:53:58,885-0700 INFO  (jsonrpc/3) [vdsm.api] START 
> connectStorageServer(domType=1, 
> spUUID='----', conList=[{'password': 
> '', 'protocol_version': 'auto', 'port': '', 'iqn': '', 'connection': 
> 'stumpy:/tanker/ovirt/host_storage', 'ipv6_enabled': 'false', 'id': 
> '3ffd1e3b-168e-4248-a2af-b28fbdf49eef', 'user': '', 'tpgt': '1'}], 
> options=None) from=:::192.168.222.53,41192, flow_id=592e278f, 
> task_id=5bd52fa3-f790-4ed3-826d-c1f51e5f2291 (api:48)

Are you sure this is the first place that deals with this issue?
Perhaps search the log earlier, e.g. for 'host_storage' (part of your
path).
Also, please check supervdsm.log (in the same log directory).

Does it manage to mount it? Write anything there?

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/HQKEEERTD7RQN7M7BIP2A3ZGOKJLXZ4L/


[ovirt-users] Re: Networking question on setting up self-hosting engine

2021-01-17 Thread Yedidyah Bar David
Hi,

On Fri, Jan 15, 2021 at 7:10 AM Kim Yuan Lee  wrote:
>
> Hi Didi,
>
> I sent this to the list, but I cc you here as I think I didn't format the 
> email correctly using the web interface :)

I didn't see your message to the list. Now adding the list back.

>
> Dear Ovirt list,
>
> I saw some failures in /var/log/ovirt-hosted-engine-setup such as:
> 1) Install oVirt Engine packages for restoring backup
> 2) Copy engine logs etc
>
> But I'm not sure what is the root cause for the setup to fail?
>
> Attached is the log file for your reference.  Could you please advise?  
> Thanks.

It seems to have failed in:

2021-01-14 19:30:59,509+0800 DEBUG ansible on_any args TASK:
ovirt.hosted_engine_setup : Install Oracle oVirt repo kwargs
is_conditional:False
2021-01-14 19:30:59,509+0800 DEBUG ansible on_any args localhostTASK:
ovirt.hosted_engine_setup : Install Oracle oVirt repo kwargs
2021-01-14 19:31:01,189+0800 INFO ansible ok {'status': 'OK',
'ansible_type': 'task', 'ansible_task': u'Install Oracle oVirt repo',
'task_duration': 1, 'ansible_host': u'localhost', 'ansible_playbook':
u'/usr/share/ovirt-hosted-engine-setup/ansible/trigger_role.yml'}
2021-01-14 19:31:01,189+0800 DEBUG ansible on_any args

kwargs
2021-01-14 19:31:01,443+0800 INFO ansible task start {'status': 'OK',
'ansible_task': u'ovirt.hosted_engine_setup : Install oVirt Engine
packages for restoring backup', 'ansible_playbook':
u'/usr/share/ovirt-hosted-engine-setup/ansible/trigger_role.yml',
'ansible_type': 'task'}
2021-01-14 19:31:01,443+0800 DEBUG ansible on_any args TASK:
ovirt.hosted_engine_setup : Install oVirt Engine packages for
restoring backup kwargs is_conditional:False
2021-01-14 19:31:01,444+0800 DEBUG ansible on_any args localhostTASK:
ovirt.hosted_engine_setup : Install oVirt Engine packages for
restoring backup kwargs
2021-01-14 19:31:18,336+0800 ERROR ansible failed {'status': 'FAILED',
'ansible_type': 'task', 'ansible_task': u'Install oVirt Engine
packages for restoring backup', 'ansible_result': u"type: \nstr: {'_ansible_no_log': False, '_ansible_delegated_vars':
{'ansible_host': u'engine.orakvm2.local'}, u'changed': False,
u'results': [u'Loaded plugins: ulninfo\\nResolving Dependencies\\n-->
Running transaction check\\n---> Package ovirt-engine.noarch
0:4.3.6.6-1.0.8.el7 will be installed\\n--> Processing De",
'task_duration': 17, 'ansible_host': u'localhost', 'ansible_playbook':
u'/usr/share/ovirt-hosted-engine-setup/ansible/trigger_role.yml'}

This is Oracle-specific code, not part of oVirt. I suggest that you
contact Oracle.

Good luck and best regards,

>
>
> Sincerely, Lee.
>
>
> On Thu, Jan 14, 2021 at 2:46 PM Yedidyah Bar David  wrote:
>>
>> Hi,
>>
>> On Wed, Jan 13, 2021 at 7:16 PM  wrote:
>> >
>> > Dear list,
>> >
>> > I have tried setting up self-hosting engine on a host with ONE Nic (Ovirt 
>> > 4.4 CentOS 8 Stream).  I followed the Quick Start Guide, and tried the 
>> > command line self-host setup, but ended up with the following error:
>> >
>> > {u'msg': u'There was a failure deploying the engine on the local engine 
>> > VM. The system may not be provisioned according to the playbook results
>> >
>> > I tried on another host with TWO NICs (Ovirt 4.3 Oracle Linux 7 Update 9). 
>> > This time I setup a bridge BR0 and disable EM1 (the first Ethernet 
>> > interface on the host), and then created Bond0 on-top of BR0.  Both Bond0 
>> > and EM2 (the second Ethernet interface on the host) were up. And then I 
>> > tried again using Ovirt-Cockpit wizard, with the Engine VM set on BR0, and 
>> > the deployment of Engine VM simply failed.  The Engine and Host are using 
>> > the same network numbers (192.168.2.0/24) and they resolved correctly.  I 
>> > read the logs in var/log/ovirt-engine/engine.log but there wasn't any 
>> > error reported.
>> >
>> > I have already tried many times for the past few days and I'm at my 
>> > wits-end.  May I know:
>> > 1) Is it possible to install Self-hosted engine with just ONE NIC?
>>
>> Generally speaking, yes.
>>
>> > 2) Any suggestion how to troubleshoot these problems? And tested network 
>> > configurations?
>>
>> Please check/share all relevant logs. If unsure, all of /var/log.
>> Specifically, /var/log/ovirt-hosted-engine-setup/* (also engine-logs
>> subdirs, if relevant) and /var/log/vdsm/* on the hosts.
>>
>> Good luck and best regards,
>> --
>> Didi
>>


-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/2MGWGQSQW7UDBYD7QL6WZVUKHMGQFDDX/


[ovirt-users] Re: Problem with Ovirt

2021-01-17 Thread Yedidyah Bar David
On Sun, Jan 17, 2021 at 10:40 AM Keith Forman via Users  wrote:
>
> Hi
> Need help with setting up Ovirt.
> engine-setup run successfully on CentOS 7, with PostgreSQL 12.

Which version? oVirt 4.4 is not supported on CentOS 7. 4.3, which was supported
on CentOS 7, is EOL.

>
> Now when running systemctl start ovirt-engine , it starts successfully, but 
> in the frontend, it says 404 Not Found.
>
> In engine.log, I see the following 2 errors:
> Error initializing: Unable to determine the correct call signature - no 
> procedure/function/signature for 'getallfrommacpools'
> and
> Error in getting DB connection, database is inaccessible: Unable to determine 
> the correct call signature - no procedure/function/signature for 
> 'checkdbconnection'
>
> Any tips as to the way forward would be much appreciated

1. Check engine-setup log.

2. Search the net for the error messages you got.

Good luck and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XKZOPUIMZNG2CBNENVZQP6ME26SBVPEY/


[ovirt-users] Re: ovirt-ha-agent

2021-01-17 Thread Yedidyah Bar David
On Sun, Jan 17, 2021 at 9:41 AM Aries Ahito  wrote:
>
> Hi Yedidyah. yep we reinstall everything from scratch even the operating 
> system we reinstalled it. so technically its a fresh install.
>
> after successfully setting up the hosted-engine we did add  the rest of the 
> node. when i check the node status. its says ovirt agent HA N/A

Let me understand:

1. You had a hosted-engine setup. You started this by deploying on one
host, let's call it host1, and then added another one, let's call it
host2. Right? Perhaps you had more than 2, that's not the point, for
now.

2. At this point, you could migrate engine VM from host1 to host2 and
back and it all worked.

3. Then you decided to reinstall. It sounds like you reinstalled the
OS on host1, and then did another hosted-engine deployment there. Did
you also use backup? --restore-from-file? Did you use new storage?
Existing? If existing, did you clear it before reinstalling?

4. Assuming that you somehow got to a good state re host1, host2 now
still points at the old hosted-engine storage domain, so does not
"see" the new deployment. You should reinstall the OS there, and then
add it as a host to the new engine. Make sure you mark the checkbox
"hosted-engine" in "Add host" dialog.

Best regards,

>
> On Sun, 17 Jan 2021, 15:32 Yedidyah Bar David,  wrote:
>>
>> On Sat, Jan 16, 2021 at 4:31 AM Ariez Ahito  wrote:
>> >
>> > last dec i installed hosted-engine seems to be working, we can migrate the 
>> > engine to different host. but we need to reinstall everything because of 
>> > gluster additional configuration.
>> > so we did installed hosted-engine. but as per checking. we cannot migrate 
>> > the engine to other hosts. and the ovirt-ha-agent and ovirt-ha-broker is 
>> > status is inactive (dead) what are we missing?
>>
>> Please clarify what exact steps you took.
>>
>> Did you reinstall everything? How?
>>
>> Did you reinstall just one host? How?
>>
>> Best regards,
>> --
>> Didi
>>


-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7QLC35LAHUHXW7H6RHRDFDJCKGKNR3AM/


[ovirt-users] Re: ovirt-ha-agent

2021-01-16 Thread Yedidyah Bar David
On Sat, Jan 16, 2021 at 4:31 AM Ariez Ahito  wrote:
>
> last dec i installed hosted-engine seems to be working, we can migrate the 
> engine to different host. but we need to reinstall everything because of 
> gluster additional configuration.
> so we did installed hosted-engine. but as per checking. we cannot migrate the 
> engine to other hosts. and the ovirt-ha-agent and ovirt-ha-broker is status 
> is inactive (dead) what are we missing?

Please clarify what exact steps you took.

Did you reinstall everything? How?

Did you reinstall just one host? How?

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/LRX64DS5VREGBWYCNGONUU3H66ONFPGE/


[ovirt-users] Re: Networking question on setting up self-hosting engine

2021-01-13 Thread Yedidyah Bar David
Hi,

On Wed, Jan 13, 2021 at 7:16 PM  wrote:
>
> Dear list,
>
> I have tried setting up self-hosting engine on a host with ONE Nic (Ovirt 4.4 
> CentOS 8 Stream).  I followed the Quick Start Guide, and tried the command 
> line self-host setup, but ended up with the following error:
>
> {u'msg': u'There was a failure deploying the engine on the local engine VM. 
> The system may not be provisioned according to the playbook results
>
> I tried on another host with TWO NICs (Ovirt 4.3 Oracle Linux 7 Update 9). 
> This time I setup a bridge BR0 and disable EM1 (the first Ethernet interface 
> on the host), and then created Bond0 on-top of BR0.  Both Bond0 and EM2 (the 
> second Ethernet interface on the host) were up. And then I tried again using 
> Ovirt-Cockpit wizard, with the Engine VM set on BR0, and the deployment of 
> Engine VM simply failed.  The Engine and Host are using the same network 
> numbers (192.168.2.0/24) and they resolved correctly.  I read the logs in 
> var/log/ovirt-engine/engine.log but there wasn't any error reported.
>
> I have already tried many times for the past few days and I'm at my wits-end. 
>  May I know:
> 1) Is it possible to install Self-hosted engine with just ONE NIC?

Generally speaking, yes.

> 2) Any suggestion how to troubleshoot these problems? And tested network 
> configurations?

Please check/share all relevant logs. If unsure, all of /var/log.
Specifically, /var/log/ovirt-hosted-engine-setup/* (also engine-logs
subdirs, if relevant) and /var/log/vdsm/* on the hosts.

Good luck and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/L36PZBSSKK4FOE3JWBPMCEMXIOXMM23F/


[ovirt-users] Re: how to fix time-drift on el8 hosts?

2021-01-10 Thread Yedidyah Bar David
On Thu, Jan 7, 2021 at 6:48 PM tfe...@swissonline.ch
 wrote:
>
> We recently had a similar discussion in the Bhyve community.
>
> The consensus was that it is not desirable to use both time sync
> mechanisms in parallel: guest-tools and chronyd (or ntpd)
>
> Now it would be good to know if oVirt-guest-agent is attempting to sync
> the VM's clock with the host clock.
>
> If so, it may be worth trying to disable chronyd/ntpd and see if the
> time sync by the guest-agent does a better job.
>
> In any case, the host's clock should be properly synchronized with the
> real world time.
>
>
> Kind regards
>
> Toni Feric
>
>
> On 07.01.21 15:43, Strahil Nikolov via Users wrote:
> > Are you sure that the problem is not in the HostedEngine ?
> >
> > Sync your host and then verify the situation on the HE
> >
> > Best Regards,
> > Strahil Nikolov
> >
> >
> >
> >
> >
> >
> > В четвъртък, 7 януари 2021 г., 11:46:09 Гринуич+2, Nathanaël Blanchet 
> >  написа:
> >
> >
> >
> >
> >
> >
> >
> > Hello,
> >
> > Engine complains about my fresh el8 ovirt 4.4.3 node host:
> >
> >
> > "Host hadriacus has time-drift of 3202 seconds while maximum configured 
> > value is 300 seconds."
> >
> > I tried to fix it with these commands:
> >
> > sudo chronyc -a makestep
> > chronyc sources
> > chronyc tracking
> >
> > ... but the host is still not synchronized.
> >
> > How should I proceed?

I think this message indicates a time difference between the host and
the engine machine, unrelated to any VM.

Perhaps check the clock on the engine machine and the host:

1. If indeed they are different, somehow fix them - that's unrelated
to oVirt - configure both to use same (local/nearby) ntp server, sync,
etc.

2. If they are close/similar, perhaps it's a bug in the engine. You
can try to restart it and see if this helps. If it indeed looks like a
bug, perhaps open one in bugzilla.

Good luck and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BE6G7CCY3U6V5LGNODWCOMNHHEN6PZDF/


[ovirt-users] Re: Restore failed. Not possible to manage storage domain 'hosted_storage'

2021-01-10 Thread Yedidyah Bar David
On Sat, Jan 9, 2021 at 7:49 PM Alexey Nikolaev
 wrote:
>
> Hi community!
>
> I have issue when trying to restore 4.3.10.4 hosted engine.
>
>
> [ ERROR ] Exception: Not possible to manage storage domain 'hosted_storage'.
> [ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg": "Not 
> possible to manage storage domain 'hosted_storage'."}
>
> This error occurs with both Glusterfs and NFS shared storage.
>
> engine setup ansible create storage domain log
> https://gist.github.com/virtio-technique/38a3678b834017f3e4cd9c03f6811e71
>
> vdsm log
> https://gist.github.com/virtio-technique/8c5ad1ce0e2f07d98d61a964744adff9
>
> hosted engine setup log
> https://gist.github.com/virtio-technique/00230b117cf8ee1b1a094c1001f424bd
>

It seems like you provided storage creds, then setup tried to do stuff
there, then:

2021-01-09 17:01:42,949+0300 DEBUG
otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:103 {u'invocation': {u'module_args':
{u'comment': None, u'warning_low_space': None, u'glusterfs': None,
u'localfs': None, u'managed_block_storage': None, u'data_center':
u'Default', u'id': None, u'iscsi': None, u'state': u'present',
u'wipe_after_delete': None, u'destroy': None, u'fcp': None,
u'description': None, u'format': None, u'nested_attributes': [],
u'host': u'node77-05.aaa.fsin.uis', u'discard_after_delete': None,
u'wait': True, u'domain_function': u'data', u'name':
u'hosted_storage', u'critical_space_action_blocker': None, u'posixfs':
None, u'poll_interval': 3, u'fetch_nested': False, u'nfs': None,
u'timeout': 180, u'backup': None}}, u'msg': u'Timeout exceed while
waiting on result state of the entity.', u'exception': u'Traceback
(most recent call last):\n  File
"/tmp/ansible_ovirt_storage_domain_payload_tgcLDH/ansible_ovirt_storage_domain_payload.zip/ansible/modules/cloud/ovirt/ovirt_storage_domain.py",
line 771, in main\n  File
"/tmp/ansible_ovirt_storage_domain_payload_tgcLDH/ansible_ovirt_storage_domain_payload.zip/ansible/modules/cloud/ovirt/ovirt_storage_domain.py",
line 635, in post_create_check\n  File
"/tmp/ansible_ovirt_storage_domain_payload_tgcLDH/ansible_ovirt_storage_domain_payload.zip/ansible/module_utils/ovirt.py",
line 364, in wait\nraise Exception("Timeout exceed while waiting
on result state of the entity.")\nException: Timeout exceed while
waiting on result state of the entity.\n', u'changed': False,
u'_ansible_no_log': False}
2021-01-09 17:01:43,050+0300 ERROR
otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:107 Exception: Timeout exceed while
waiting on result state of the entity.

and then you provided again the same creds and it failed with the
message you quoted.

I suggest to clean up this space and only then try again.

If it fails again due to "Timeout exceed", try to understand why, and fix this.

If it's simply due to stuff being slow (with no good reason or
anything you can affect), you can try making the timeout longer, by
patching create_storage_domain.yml, adding a "timeout" parameter (in
seconds), like this:

  - name: Activate storage domain
ovirt_storage_domain:
  host: "{{ he_host_name }}"
  data_center: "{{ datacenter_name }}"
  name: "{{ he_storage_domain_name }}"
  wait: true
  state: present
  auth: "{{ ovirt_auth }}"
  timeout: 3600
when: storage_domain_details.ovirt_storage_domains[0].available|int
>= required_size|int
register: otopi_storage_domain_details

In 4.3, this file is in
/usr/share/ansible/roles/ovirt.hosted_engine_setup/tasks/create_storage_domain.yml
.

In current 4.4, it's in
/usr/share/ansible/collections/ansible_collections/ovirt/ovirt/roles/hosted_engine_setup/tasks/create_storage_domain.yml
.

> Can I use a hosted engine backup file to restore the manager to a dedicated 
> server and manually delete the hosted engine domain?

Please search the list archives, e.g.:

https://www.mail-archive.com/users@ovirt.org/msg60933.html

Good luck and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/PPSBT3DFUT66JICS67KWT46HJST77LI5/


[ovirt-users] Re: Hosts are non responsive Ovirt 3.6

2021-01-06 Thread Yedidyah Bar David
On Wed, Jan 6, 2021 at 5:01 PM Gary Lloyd  wrote:
>
> I ended up cheating in the end.
> I copied vdsmcert.pem and vdsmkey.pem from the host that is still working to 
> the others and did a chown on the files.
> All the hosts are back online without downtime. I must have rebuilt that 
> server a couple of years after the other ones.

Nice hack! :-)

Please note that you take a risk here. The cert includes the hostname,
and now it's not matching the hostname that the client (the engine, in
this case, or another host, e.g. for VM migration) expects. So if some
piece of software checks this, it might fail. Personally, I wouldn't
stay in this state for long.

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OBHFI7Z7L333PFQ6CPHCWHSFVMC3YHZU/


[ovirt-users] Re: Hosts are non responsive Ovirt 3.6

2021-01-06 Thread Yedidyah Bar David
On Wed, Jan 6, 2021 at 1:17 PM Gary Lloyd  wrote:

> Hi please could someone point me in the right direction to renew ssl
> certificates for vdsm to communicate with ovirt 3.6 ?
>
> I’m aware that this version hasn’t been supported for some time, this is a
> legacy environment which we are working towards decommissioning.
>
>
>
> There seems to be a fix article for RHEV but we don’t have a subscription
> to view this information:
>
> How to update expired RHEV certificates when all RHEV hosts got
> 'Non-responsive' - Red Hat Customer Portal
> 
>
>
>
> These are what the vdsm hosts are showing:
>
> Reactor thread::ERROR::2021-01-06
> 11:04:59,505::m2cutils::337::ProtocolDetector.SSLHandshakeDispatcher::(handle_read)
> Error during handshake: sslv3 alert certificate expired
>
>
>
> I have rerun engine-setup but this only seems to have fixed one of the
> vdsm hosts and the others are non responsive.
>
> The others are in different clusters and we have some important services
> still running on these.
>

The "canonical" way is to "Reinstall" or "Enroll Certificates".

I think this will require stopping all VMs on them.

Good luck and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/V4YYXCWTHP2UJ34MNUOSMXNAMXXIHGV2/


[ovirt-users] Re: How to install and configure the monitoring portal ?

2021-01-06 Thread Yedidyah Bar David
On Wed, Jan 6, 2021 at 10:17 AM tommy  wrote:
>
> You mean that : It's recommended to inst all VDSM and ovirt engine on 
> separate server ?

Either that, or use hosted-engine.

> Just like hosted engine ? In that way, the engine is installed on vm, and the 
> vdsm is installed on vm hosts.
>
> But, my env not using hosted-engine, I use the standalone mode. Can I 
> separate the VDSM and engine on the standalone mode ?

If you want to use oVirt on a single physical machine, and not use
hosted-engine, you have to create multiple separate VMs on it (using
e.g. virt-install/virt-manager) - one for the engine, one or more
others for hosts, perhaps one for storage, etc.

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/DXATIYM37NFNLIF4TQTSUKP7NMVSYLUA/


[ovirt-users] Re: How to install and configure the monitoring portal ?

2021-01-06 Thread Yedidyah Bar David
On Wed, Jan 6, 2021 at 9:32 AM tommy  wrote:
>
> OK, I got it.
>
> But ,after I reconfig, I found that is VDSM.service status is not right.
>
> Is there any problem ?

Sorry, I have no idea.

You seem to run vdsm and engine on the same machine, right? This is
called all-in-one, and is not supported (used to be, until 3.6,
several years ago).

Generally speaking, it's likely due to one of two things that
engine-setup might have done:

1. changed some configuration

2. updated some packages

You can check its log to see what it did.

>
>
>
>
> [root@ooengh1 ~]# systemctl status vdsmd.service
> ● vdsmd.service - Virtual Desktop Server Manager
>Loaded: loaded (/usr/lib/systemd/system/vdsmd.service; enabled; vendor 
> preset: enabled)
>Active: failed (Result: start-limit) since Wed 2021-01-06 15:25:58 CST; 
> 2min 9s ago
>   Process: 10758 ExecStopPost=/usr/libexec/vdsm/vdsmd_init_common.sh 
> --post-stop (code=exited, status=0/SUCCESS)
>   Process: 10723 ExecStartPre=/usr/libexec/vdsm/vdsmd_init_common.sh 
> --pre-start (code=exited, status=1/FAILURE)
>
> Jan 06 15:25:58 ooengh1.tltd.com systemd[1]: Failed to start Virtual Desktop 
> Server Manager.
> Jan 06 15:25:58 ooengh1.tltd.com systemd[1]: Unit vdsmd.service entered 
> failed state.
> Jan 06 15:25:58 ooengh1.tltd.com systemd[1]: vdsmd.service failed.
> Jan 06 15:25:58 ooengh1.tltd.com systemd[1]: vdsmd.service holdoff time over, 
> scheduling restart.
> Jan 06 15:25:58 ooengh1.tltd.com systemd[1]: Stopped Virtual Desktop Server 
> Manager.
> Jan 06 15:25:58 ooengh1.tltd.com systemd[1]: start request repeated too 
> quickly for vdsmd.service
> Jan 06 15:25:58 ooengh1.tltd.com systemd[1]: Failed to start Virtual Desktop 
> Server Manager.
> Jan 06 15:25:58 ooengh1.tltd.com systemd[1]: Unit vdsmd.service entered 
> failed state.
> Jan 06 15:25:58 ooengh1.tltd.com systemd[1]: vdsmd.service failed.
> [root@ooengh1 ~]#
> [root@ooengh1 ~]#
> [root@ooengh1 ~]#
> [root@ooengh1 ~]# systemctl start vdsmd.service
> Job for vdsmd.service failed because the control process exited with error 
> code. See "systemctl status vdsmd.service" and "journalctl -xe" for details.
> [root@ooengh1 ~]#
> [root@ooengh1 ~]#
> [root@ooengh1 ~]#
> [root@ooengh1 ~]# journalctl -xe
> --
> -- The result is dependency.
> Jan 06 15:28:56 ooengh1.tltd.com systemd[1]: Job mom-vdsm.service/start 
> failed with result 'dependency'.
> Jan 06 15:28:56 ooengh1.tltd.com systemd[1]: Unit vdsmd.service entered 
> failed state.
> Jan 06 15:28:56 ooengh1.tltd.com systemd[1]: vdsmd.service failed.
> Jan 06 15:28:56 ooengh1.tltd.com systemd[1]: Cannot add dependency job for 
> unit libvirtd.socket, ignoring: Invalid request descriptor

Perhaps this is the problem? Did libvirtd.socket work before?
Similarly for the others below.

> Jan 06 15:28:56 ooengh1.tltd.com systemd[1]: Cannot add dependency job for 
> unit libvirtd-ro.socket, ignoring: Invalid request descriptor
> Jan 06 15:28:56 ooengh1.tltd.com systemd[1]: Cannot add dependency job for 
> unit libvirtd.socket, ignoring: Invalid request descriptor
> Jan 06 15:28:56 ooengh1.tltd.com systemd[1]: Cannot add dependency job for 
> unit libvirtd-ro.socket, ignoring: Invalid request descriptor
> Jan 06 15:28:56 ooengh1.tltd.com systemd[1]: Cannot add dependency job for 
> unit libvirtd-ro.socket, ignoring: Invalid request descriptor
> Jan 06 15:28:56 ooengh1.tltd.com systemd[1]: Cannot add dependency job for 
> unit libvirtd-admin.socket, ignoring: Invalid request descriptor
> Jan 06 15:28:56 ooengh1.tltd.com systemd[1]: Cannot add dependency job for 
> unit libvirtd.socket, ignoring: Invalid request descriptor
> Jan 06 15:28:56 ooengh1.tltd.com systemd[1]: vdsmd.service holdoff time over, 
> scheduling restart.
> Jan 06 15:28:56 ooengh1.tltd.com systemd[1]: Cannot add dependency job for 
> unit libvirtd.socket, ignoring: Unit is masked.

This is probably why it failed, but it's not clear what masked it. If
it was also masked before engine-setup, then perhaps this isn't the
reason for vdsmd's failure.

If you want, you can try 'systemctl unmask $UNIT' for one of more of
these and see if this helps.

If you suspect that this is due to updated packages, perhaps check
'dnf history' and 'dnf history info $ID' to see what changed. To
revert, you can try 'dnf history undo $ID'.

Good luck and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TOTFOYY62SDP5SAJOJ4B3JUECJEKP6KP/


[ovirt-users] Re: How to install and configure the monitoring portal ?

2021-01-05 Thread Yedidyah Bar David
On Wed, Jan 6, 2021 at 8:51 AM tommy  wrote:
>
> The version is 4.3.6, and it's not hosted engine.

It was added in 4.4, sorry.

See also recent thread on this list: [ovirt-users] oVirt 4.3 DWH with Grafana

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/NW3EK6ABKA2YRHW6J4LB26TELAHC3WEP/


[ovirt-users] Re: How to install and configure the monitoring portal ?

2021-01-05 Thread Yedidyah Bar David
On Wed, Jan 6, 2021 at 5:41 AM tommy  wrote:
>
> Hi,everyone:
>
>
>
> There’s no monitoring portal in my oVirt env.
>
>
>
> How to install and configure it in additional ?

Please provide some more details. Which version? How did you set up?
Is it an upgrade, or a new setup?

If it's a hosted-engine setup, then indeed grafana is not set up by
default. Login to the engine machine and run there:

engine-setup --reconfigure-optional-components

This was done for this bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1866780

We recently had another discussion about refining the condition. Not
sure we have a bug for tracking this. Input is most welcome!

Adding Shirly.

Best regards,

--
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/K6OH3AQPICD433YRCNFCP5AJGD2DYR25/


[ovirt-users] Re: Ovirt and Vagrant

2021-01-04 Thread Yedidyah Bar David
On Mon, Jan 4, 2021 at 8:38 PM Gervais de Montbrun
 wrote:
>
> Anyone using vagrant with oVirt 4.4?
>
> I am trying to get the vagrant plugin working with oVirt, but I am 
> experiencing issues. https://github.com/myoung34/vagrant-ovirt4/issues/120
> I wonder what other folks are using or if someone has any suggestions to 
> offer.
>
> We are trying to switch from vSphere to oVirt for internal, developer vm's at 
> my office and we have a successful workflow using vagrant-vsphere plugin. 
> Switching to oVirt should have been a simple step, but the issue I an having 
> is a blocker.
>
> I built a single hyperconverged server to test with. Everything seems to work 
> fine when I bring up vm's manually in my "cluster." Networking, console, etc 
> all work fine. Ovirt-guest-additions work fine and display the vm's ip in the 
> gui.
>
> When I try with the vagrant plugin, there seems to be a communication issue. 
> Even though I can see the vm reporting its IP address fine in the ovirt web 
> gui, it seems like the vagrant plugin is unable to do the same. The 
> maintainer of the code says that he no longer runs oVirt which is why I am 
> reaching out here to see if anyone has a suggestion or even an alternative to 
> suggest.

Adding Tomas.

I am just guessing that this is related to the migration of
functionality from ovirt-guest-agent to qemu-guest-agent.

If you want to try fixing this yourself, somehow make vagrant log all
the information it gets from oVirt. You'll most likely find the
address there, but perhaps not where it's expecting it.

Good luck and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UNVKFALUQP5KC6IOL3F3H3IE6LFJ2E5Q/


[ovirt-users] Re: ovirt 4.0 after set the host into maintenance and then "Enroll Certificates" but the install failed

2020-12-29 Thread Yedidyah Bar David
On Tue, Dec 29, 2020 at 11:10 AM momokch--- via Users  wrote:
>
> hello everyone,
> my ovirt-engine and host certification is expired, is it any method no need 
> to shutdown
> all the vm can enroll/update the certificate between engine and the host???
> i am using the ovirt 4.0
>
>
> i tried to set the host into maintenance and then "Enroll Certificates"
> from the UI
> but the engine also show install failed

Please check/share relevant logs:

From the engine machine:

/var/log/ovirt-engine/* (including subdirs)

From the host:

/var/log/vdsm/*

From both:

/var/log/messages and similar (e.g. audit etc.).

Thanks and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BLG7AVHPLP46I3PTXX2QJYWPRX322OS5/


[ovirt-users] Re: Restore failed. Cannot connect to DWH database using existing credentials.

2020-12-27 Thread Yedidyah Bar David
On Mon, Dec 28, 2020 at 12:05 AM Alexey Nikolaev
 wrote:
>
>
> 27.12.2020 13:55, Yedidyah Bar David пишет:
> > On Sun, Dec 27, 2020 at 12:17 PM Alexey Nikolaev
> >  wrote:
> >> Thx for answer!
> >>
> >> 27.12.2020 12:05, Yedidyah Bar David пишет:
> >>> On Sat, Dec 26, 2020 at 8:12 PM Николаев Алексей
> >>>  wrote:
> >>>> Hi community!
> >>>>
> >>>> I have issue when trying to restore 4.3.10.4 hosted engine.
> >>>>
> >>>> hosted-engine --deploy --restore-from-file=/opt/engine-backup.dump
> >>>> If I not use --restore-from-file I can not correctly restore my hosted 
> >>>> engine datacenter and cluster. But another DCs restored fine.
> >>> If the source engine machine has DWH DB on the engine machine,
> >>> provisioned automatically by engine-setup, then above should not fail.
> >>> If it does, it might be a bug. Please check/share relevant logs. Thanks.
> >> Link for install log
> >> https://gist.github.com/virtio-technique/bca620fbbca90e7f707f0b3b40575ee2
> > That's not enough - please check/share all files there. Thanks.
> >
> >  From the log, it seems like dwh db was not included, which probably means
> > that it was either remote (dwh on a separate machine) or you passed
> > '--scope=files --scope=db'
> > when taking the backup.
>
> Wow, the --scope=files --scope=db parameters were actually used. The
> worst thing is that the internal wiki has the correct parameter
> "--scope=all".
>
> I'll try to perform the backup again and redeploy engine. Many thanks.

Good luck!

>
> >   If latter:
> >
> > 1. Where did you find instructions to do this? This should be fixed.
>
> Well, I suspect that this link was mistakenly used
>
> https://www.ovirt.org/documentation/installing_ovirt_as_a_self-hosted_engine_using_the_command_line/#Migrating_the_self-hosted_engine_database_SHE_cli_deploy

Thanks for the report, now filed:

https://bugzilla.redhat.com/show_bug.cgi?id=1911202

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VCO75DH3USHS4SKIHS537PLCPNIBDQFC/


[ovirt-users] Re: Restore failed. Cannot connect to DWH database using existing credentials.

2020-12-27 Thread Yedidyah Bar David
On Sun, Dec 27, 2020 at 12:17 PM Alexey Nikolaev
 wrote:
>
> Thx for answer!
>
> 27.12.2020 12:05, Yedidyah Bar David пишет:
> > On Sat, Dec 26, 2020 at 8:12 PM Николаев Алексей
> >  wrote:
> >> Hi community!
> >>
> >> I have issue when trying to restore 4.3.10.4 hosted engine.
> >>
> >> hosted-engine --deploy --restore-from-file=/opt/engine-backup.dump
> >> If I not use --restore-from-file I can not correctly restore my hosted 
> >> engine datacenter and cluster. But another DCs restored fine.
> > If the source engine machine has DWH DB on the engine machine,
> > provisioned automatically by engine-setup, then above should not fail.
> > If it does, it might be a bug. Please check/share relevant logs. Thanks.
>
> Link for install log
> https://gist.github.com/virtio-technique/bca620fbbca90e7f707f0b3b40575ee2

That's not enough - please check/share all files there. Thanks.

From the log, it seems like dwh db was not included, which probably means
that it was either remote (dwh on a separate machine) or you passed
'--scope=files --scope=db'
when taking the backup. If latter:

1. Where did you find instructions to do this? This should be fixed.

2. Please try again, either without --scope, or with --scope=all, or
'--scope=files --scope=db --scope=dwhdb'.

If it's former (dwh+its db are on a separate machine), then the
documentation is not yet up-to-date - please see also:

https://bugzilla.redhat.com/show_bug.cgi?id=1874904

>
> >
> >> [ ERROR ] Failed to execute stage 'Environment setup': Cannot connect to 
> >> DWH database using existing credentials: 
> >> ovirt_engine_history@localhost:5432
> >>
> >> I know that i can fix problem by editing PostgreSQL pg_hba.conf and set 
> >> ACLs to trust.
> >> Is any way to customize hosted engine appliance to replace pg_hba.conf to 
> >> my version?
> >> Is any way to pause deploy proccess and access to hosted engine VM to edit 
> >> PostgreSQL config?
> > Yes, you can place a "enginevm_before_engine_setup" hook, it will be
> > ran before engine-setup.
> Great, but I can't find the example file in my installation
> /usr/share/ovirt-hosted-engine-setup/ansible/hooks/enginevm_before_engine_setup/enginevm_before_engine_setup.yml.example.
>
> Is there any documentation to engine setup hooks?

I am only aware of:

https://github.com/oVirt/ovirt-ansible-collection/tree/master/roles/hosted_engine_setup#make-changes-in-the-engine-vm-during-the-deployment

The code moved there recently - before that, it was in:

https://github.com/oVirt/ovirt-ansible-hosted-engine-setup

There are a few examples scattered around the net, in this mailing
list, bugzilla, etc. One I wrote myself recently is
"required_networks_fix.yml" mentioned there (and included inside
examples/).

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/IJ6Z7KDP4J47D6EQGRFPZHOWJJNL3KXI/


[ovirt-users] Re: 4.4.4 hosted engine deployment failure

2020-12-27 Thread Yedidyah Bar David
On Sat, Dec 26, 2020 at 11:10 PM Diggy Mc  wrote:
>
> While trying to deploy a 4.4.4 hosted engine via the cockpit interface, I 
> received the following error(s):
>
> [ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Obtain SSO token using 
> username/password credentials]
> [ INFO ] ok: [localhost]
> [ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Wait for the host to be up]
> [ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Notify the user about a 
> failure]
> [ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg": "Host is 
> not up, please check logs, perhaps also on the engine machine"}
> ...
> [ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Notify the user about a 
> failure]
> [ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg": "The 
> system may not be provisioned according to the playbook results: please check 
> the logs for the issue, fix accordingly or re-deploy from scratch.\n"}
>
>
> I am trying to build a new oVirt 4.4.4 environment using Oracle Linux 8.3 
> host servers.  I created /var on a separate LV from / (root).  I also 
> configured adapter bond per the docs and the same way I did with my 4.3.7 
> environment.
>
> Did I miss a configuration requirement for the OL 8.3 installation?  Where 
> can I find more details about the error(s)?

On the host, in /var/log/ovirt-hosted-engine-setup/*, including
engine-logs* subdirs.

If you can access the engine VM (which has at this stage a private IP
address, search above for "local_vm_ip"), you might want to check
there as well, in /var/log/ovirt-engine. It should be copied to an
engine-logs* dir.

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OLJ4TFRYCT76MLZICA3JQTBWMWWRZE5T/


[ovirt-users] Re: Restore failed. Cannot connect to DWH database using existing credentials.

2020-12-27 Thread Yedidyah Bar David
On Sat, Dec 26, 2020 at 8:12 PM Николаев Алексей
 wrote:
>
> Hi community!
>
> I have issue when trying to restore 4.3.10.4 hosted engine.
>
> hosted-engine --deploy --restore-from-file=/opt/engine-backup.dump
> If I not use --restore-from-file I can not correctly restore my hosted engine 
> datacenter and cluster. But another DCs restored fine.

If the source engine machine has DWH DB on the engine machine,
provisioned automatically by engine-setup, then above should not fail.
If it does, it might be a bug. Please check/share relevant logs. Thanks.

>
> [ ERROR ] Failed to execute stage 'Environment setup': Cannot connect to DWH 
> database using existing credentials: ovirt_engine_history@localhost:5432
>
> I know that i can fix problem by editing PostgreSQL pg_hba.conf and set ACLs 
> to trust.
> Is any way to customize hosted engine appliance to replace pg_hba.conf to my 
> version?
> Is any way to pause deploy proccess and access to hosted engine VM to edit 
> PostgreSQL config?

Yes, you can place a "enginevm_before_engine_setup" hook, it will be
ran before engine-setup.

Good luck and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BJDDBG3DBTOR7XX2O3I2PYHVTCB5E6SM/


[ovirt-users] Re: Cannot upgrade cluster to v4.5 (All hosts are CentOS 8.3.2011)

2020-12-23 Thread Yedidyah Bar David
On Wed, Dec 23, 2020 at 7:08 PM Gilboa Davara  wrote:
>
>
> On Wed, Dec 23, 2020 at 6:28 PM Gilboa Davara  wrote:
>>
>>
>>
>> On Wed, Dec 23, 2020 at 6:20 PM Gilboa Davara  wrote:
>>>
>>> On Tue, Dec 22, 2020 at 11:45 AM Sandro Bonazzola  
>>> wrote:



 Il giorno mer 16 dic 2020 alle ore 17:43 Gilboa Davara  
 ha scritto:
>
> On Wed, Dec 16, 2020 at 6:21 PM Martin Perina  wrote:
>>
>>
>>
>> On Wed, Dec 16, 2020 at 4:59 PM Gilboa Davara  wrote:
>>>
>>> Thanks for the prompt reply.
>>> I assume I can safely ignore the "Upgrade cluster compatibility" 
>>> warning until libvirt 6.6 gets pushed to CentOS 8.3?
>>
>>
>> We are working on releasing AV 8.3, hopefully it will be available soon, 
>> but until that happen you have no way how to upgrade to CL 4.5 and you 
>> just need to stay in 4.4
>
>
> Understood.
>
> Thanks again.
> - Gilboa
>


 Just updating that oVirt 4.4.4 released yesterday comes with Advanced 
 Virtualization 8.3 so you can now enable CL 4.5.
>>>
>>>
>>> Sadly enough, even post-full-upgrade (engine + hosts) something seems to be 
>>> broken.
>>>
>>> In the WebUI, I see all 3 hosts marked as "up".
>>> But when I run hosted-engine --vm-status (or migrate the hosted engine), 
>>> only the first (original deployed) host is available.
>>> I tried "reinstalling" (from the WebUI) the two hosts, no errors, no change.
>>> I tried upgrading the cluster again, host 2 / 3 (the "missing" hosts) 
>>> upgrade is successful; hosts1 fails (cannot migrate the hosted engine).
>>>
>>> Any idea what's broken?
>>>
>>> - Gilboa
>>>
>>
>> I'll remove the problematic hosts, re-add them, and reconfigure the 
>> network(s). Let's see if it works.
>>
>> - Gilboa
>>
>
>
> Sorry for the noise. No go.
> Cleaned up the hosts via ovirt-hosted-engine-cleanup + reboot, tried "adding" 
> them again, to no avail.
> Host marked as "up" in WebUI, network correctly configured, however, 
> hosted-engine.conf isn't being created (see log below), ovirt-ha-broker/agent 
> services cannot start and vm-status only shows one host.

Not sure which log you intended to attach (and forgot?), but please
check/share all relevant logs - it's hard to guess what the problem
is:

- Everything under /var/log/ovirt-engine, including subdirs, from the engine

- syslog/journal (/var/log/messages, 'journalctl'), /var/log/vdsm/,
/var/log/ovirt-* from the hosts (including the working host).

Also, although I do not think this is your problem, please note that
ovirt-hosted-engine-cleanup does not clean up everything. I recently
pushed a patch to it to remove a bit more [1] (should be in 4.4.4, I
think - you can get it from master-snapshot if you want), but still.
If unsure, better reinstall the OS.

[1] https://gerrit.ovirt.org/c/ovirt-hosted-engine-setup/+/112336

Thanks and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7UB7XIT6WGF4NQRKEHPS24ODILTDGQU3/


[ovirt-users] Re: Cannot ping from a nested VM

2020-12-23 Thread Yedidyah Bar David
On Wed, Dec 23, 2020 at 7:43 AM Strahil Nikolov via Users 
wrote:

> I guess that you can use a direct rule for allowing any traffic to the
> nested VM.
>
> As far as I know the nested oVirt is not working nice and it's easier to
> test with a single VM with KVM.
>
> Best Regards,
> Strahil Nikolov
> В 01:07 +0100 на 23.12.2020 (ср), wodel youchi написа:
>
> Hi,
>
> We have an HCI plateforme based upon 4.4.3 version.
> We activated the use of nested kvm and we reinstalled all the nodes to be
> able to use it.
>
> Then we created a new nested HCI on top of the physical HCI to test
> ansible deployment.
> The deployment went well until the phase which adds the two other nodes
> (the two other virtualized hypervisors), but the VM-Manager couldn't add
> them.
>
> After investigation, we found that the nested VM-Manager could not
> communicate except with it's first virtualized hypervisor.
>
> To make the nested VM-Manager capable of communicating with the outside
> world, we had to stop firewalld on the physical node of the HCI.
>
> Any ideas?
>
>
If you just want to disable any filtering from your VM networks, go to
Network -> vNIC profiles -> ovirtmgmt, Edit, under 'Network Filter' choose
"No Network Filter".

For more refined configurations, please see:

https://www.ovirt.org/documentation/administration_guide/#chap-Logical_Networks

Best regards,


>
> Regards.
>
>
> 
>  Virus-free.
> www.avast.com
> 
> <#m_7033052284971746251_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>
> ___
>
> Users mailing list --
>
> users@ovirt.org
>
>
> To unsubscribe send an email to
>
> users-le...@ovirt.org
>
>
> Privacy Statement:
>
> https://www.ovirt.org/privacy-policy.html
>
>
> oVirt Code of Conduct:
>
> https://www.ovirt.org/community/about/community-guidelines/
>
>
> List Archives:
>
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/UEJY2TK76747RFUEFFUCUVTJLPAXNU2X/
>
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/XE6Z6IBTTFI77YCVZESNLZSZYXUMPNUV/
>


-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/WH6Y5MMINQGIOICMWYZG4DUCQCTIS5LL/


[ovirt-users] Re: pgrade 4.3 to 4.4 with migration CentOS7 to CentOS8.3

2020-12-13 Thread Yedidyah Bar David
On Fri, Dec 11, 2020 at 3:34 PM Ilya Fedotov  wrote:
>
> Good day,
>
> Encountered such a problem when migrating to ovirt 4.4

Which versions, exactly?

> At
> hosted-engine --deploy --restore-from-file=backup.bck
>
> Getting, error below
>
> Upgrading engine extension configuration: 
> /etc/ovirt-engine/extensions.d/xx-.properties", "[ INFO  ] Upgrading CA", 
> "[ INFO  ]
> Creating CA: /etc/pki/ovirt-engine/qemu-ca.pem", "[ ERROR ] Failed to execute 
> stage 'Misc configuration': [Errno 17]
> File exists: '/etc/pki/ovirt-engine/ca.pem' -> 
> '/etc/pki/ovirt-engine/apache-ca.pem'", "[ INFO  ]
> DNF Performing DNF transaction rollback", "[ INFO  ] Stage: Clean up",

Please share setup log from /var/log/ovirt-engine/setup on the engine machine.

If you can't access it, you might find this on the host used for
upgrade, in /var/log/ovirt-hosted-engine-setup/engine-logs-* .

>
> At setting of initial parameters I select "No" parameter in para
>
> 'Renew engine CA on restore if needed? Please notice ' 'that if you choose 
> Yes, all hosts will have to be ' 'later manually reinstalled from the engine. 
> ' '(@VALUES@)[@DEFAULT@]
>
> Dosnt need to renew the .ca certificate, thats upgrade and dosnt need to 
> re-make connections with nodes!
>
> Even with this item, he still tries to create a new certificate.
> I found a similar question here:
> https://www.mail-archive.com/users@ovirt.org/msg61114.html

It's likely unrelated, but can't be sure without more information.

>
> Package Data:
> ovirt-hosted-engine-setup-2.4.8-1.el8.noarch
> ovirt-hosted-engine-ha-2.4.5-1.el8.noarch
> ovirt-engine-appliance-4.4-20201110154142.1.el8.x86_64

Is this our latest appliance (didn't check, sorry)? What engine is in
it (rpm -q ovirt-engine)? No need to check this if you can share the
setup log - it includes that.

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/DNRFROCTWB3SV27PT7V5SBUIRMXVWNUD/


[ovirt-users] Re: oVirt and RHEV

2020-12-12 Thread Yedidyah Bar David
On Fri, Dec 11, 2020 at 10:07 AM Sandro Bonazzola 
wrote:

>
>
> Il giorno ven 11 dic 2020 alle ore 06:28 tommy  ha
> scritto:
>
>> 1、 If oVirt can be used to manage RHEV ?
>>
> RHEV has been rebranded several years ago to RHV.
> If you already have RHV I don't see why you would want to use oVirt to
> manage it instead of using RHV-M (downstream of ovirt-engine) but from a
> technical perspective it should work just fine.
>

I am not sure what exactly the OP had in mind, but generally speaking, I'd
recommend to _not_ mix RHV and oVirt. Although they are very similar, there
are small differences that might bite you. A recent example I ran into
myself recently:

I tried to restore on oVirt 4.4 an engine-backup taken on RHV (4.3, but it
doesn't matter):

RHV uses a different version of wildfly (JBOSS), from a different location,
and it does that by including a conf file pointing at it. If you take a
backup, it includes this conf file, so it's also restored on restore. So
when you then try to start the engine this fails because it can't find
wildfly in the configured location.

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZHODOGRM5IDXUEDXLQ7RBLAEHEJ7EFU4/


[ovirt-users] Re: Deploy hosted engine from backup fails

2020-12-10 Thread Yedidyah Bar David
On Thu, Dec 10, 2020 at 11:09 AM JCampos  wrote:
>
> Command to execute backup:
> #engine-backup --mode=backup --file=backup1 --log=backup1.log
>
> Command to restore backup:
> #hosted-engine --deploy --restore-from-file=backup1
>
> Error:
> 2020-12-09 22:26:25,679+ ERROR 
> otopi.ovirt_hosted_engine_setup.ansible_utils 
> ansible_utils._process_output:107 fatal: [localhost]: FAILED! => {"changed": 
> false, "msg": "Available memory ( {'failed': False, 'changed': False, 
> 'ansible_facts': {u'max_mem': u'33211'}}MB ) is less then the minimal 
> requirement (4096MB). Be aware that 512MB is reserved for the host and cannot 
> be allocated to the engine VM."}

I didn't check details, but I think that this is a result of using
too-new ansible. You can try again with 2.9.13.

>
> Ovirt version:
> 4.3.10.4-1.el7
>
> # cat /etc/redhat-release
> CentOS Linux release 7.9.2009 (Core)
>
> Memory available:
> #free -m
>   totalusedfree  shared  buff/cache   
> available
> Mem:  64132   30478 494 145   33158   
> 32961
> Swap: 16383   0   16383
>
>
> Is there a way to ignore this check?

There should be. Assuming you use the CLI (not cockpit), you can try this:

hosted-engine --deploy
--otopi-environment=OVEHOSTED_CORE/memCheckRequirements=bool:False

or

hosted-engine --deploy
--otopi-environment=OVEHOSTED_CORE/checkRequirements=bool:False

Latter will likely skip over a few more requirements, but I didn't check which.

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3O2K7I5PZ2UVMMMF5ZZJWD6TEEHYVNFR/


[ovirt-users] Re: Error creating host certificate with SubjectAltName with -ki-enroll-request.sh

2020-12-08 Thread Yedidyah Bar David
On Tue, Dec 8, 2020 at 5:32 PM Derek Atkins  wrote:
>
>
> On Tue, December 8, 2020 10:17 am, Yedidyah Bar David wrote:
> > On Tue, Dec 8, 2020 at 5:09 PM Derek Atkins  wrote:
> >>
> [snip]
> >> Is there any chance this could be added to the --help output?
> >> An actual example would have been very useful.
> >
> > Frankly, I'd prefer people (like you) that need to use these
> > utilities manually, to search the net if they have problems,
> > than spending hours debating about how long --help should be,
> > what should be included in it and what not, what link we might
> > provide for further reference (and please note that I didn't
> > include such a link in my original reply - simply because I
> > failed to find one that seemed "most suitable"), etc. That said,
> > patches are welcome! If you think you can improve the current
> > text in a conflict-free way, which everyone will agree to, please
> > go ahead and push a patch! :-)
>
> I'll take a look at doing that.

Thanks.

>
> I did google some before asking here, but there were very few hits for
> usage of pki-enroll-request.sh -- although I admit I did not try many
> different search terms.  Most of the results were not ovirt related nor
> related to this script at all.

Of course. Many people had to struggle with SAN, together with oVirt,
when it became more common, and gradually replaced CN in Subject.

>
> > BTW: What I personally do, is to search the code and/or relevant
> > logs to see what other tools (the engine, engine-setup, in this
> > case) do, as "reference examples".
>
> That presumes having ready access to (in this case) ovirt sources -- which
> you obviously do but I do not.  As a user, I don't feel I should need to
> go refer to the sources to determine how a utility program should be
> properly used.  IMHO that's what documentation is used for.  However I
> will keep that in mind for my next issue ;)

Of course I agree, that users are not *expected* to search the sources.
But with open-source, at least they *can* :-).

And, BTW, my emphasis was on searching the logs. This is often more
helpful than searching the sources, if the logs are good.

>
> But I do understand your PoV -- for GnuCash I often reference the sources
> when answering people's questions.  However that's a case where I am (or
> was) one of the developers so I do have the sources handy.  :)

Exactly. I think it's more a matter of habit.

When I was a sysadmin, I used to search sources much less than today
(as a developer), also in cases where I am a "casual user", in projects
not closely involving my main work.

>
> Thanks again.  I am all set now!

Thanks for the report, and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5YYYPNTVMSQVQDWAOB5NRRVAKNDAUKCC/


[ovirt-users] Re: Error creating host certificate with SubjectAltName with -ki-enroll-request.sh

2020-12-08 Thread Yedidyah Bar David
On Tue, Dec 8, 2020 at 5:09 PM Derek Atkins  wrote:
>
> Hi Didi,
>
> On Tue, December 8, 2020 10:03 am, Yedidyah Bar David wrote:
> > On Tue, Dec 8, 2020 at 4:25 PM Derek Atkins  wrote:
> >>
> >> Hi,
> >>
> >> I'm running a single-host, hosted-engine Ovirt deployment, version
> >> 4.3.10
> >> (upgraded from 4.0->4.1->4.2) and it's complaining that my host cert
> >> does
> >> not have a SubjectAltName.
> >>
> >> If I try to use pki-enroll-request.sh to rebuild the host cert and
> >> follow
> >> the instructions to add a --san, I get an error:
> >>
> >> /usr/share/ovirt-engine/bin/pki-enroll-request.sh --name=host.na.me
> >> --san=host.na.me
> >
> > Please try with '--san=DNS:host.na.me'.
>
> AHA, thank you...  Thank worked.
>
> >> Using configuration from openssl.conf
> >> Check that the request matches the signature
> >> Signature ok
> >> The Subject's Distinguished Name is as follows
> >> organizationName  :PRINTABLE:'My Org Name'
> >> commonName:PRINTABLE:'host.na.me'
> >> ERROR: adding extensions in section v3_ca_san
> >> 139875647600528:error:2207507C:X509 V3
> >> routines:v2i_GENERAL_NAME_ex:missing value:v3_alt.c:531:
> >> 139875647600528:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error
> >> in
> >> extension:v3_conf.c:95:name=subjectAltName, value=host.na.me
> >> Cannot sign certificate
> >>
> >> Am I using this script incorrectly?
> >
> > You are using it well. --san argument is passed as-is to openssl's
> > 'subjectAltName', which requires a prefix to tell its type. Search the
> > net for 'openssl subjectAltName' for other examples.
>
> Is there any chance this could be added to the --help output?
> An actual example would have been very useful.

Frankly, I'd prefer people (like you) that need to use these
utilities manually, to search the net if they have problems,
than spending hours debating about how long --help should be,
what should be included in it and what not, what link we might
provide for further reference (and please note that I didn't
include such a link in my original reply - simply because I
failed to find one that seemed "most suitable"), etc. That said,
patches are welcome! If you think you can improve the current
text in a conflict-free way, which everyone will agree to, please
go ahead and push a patch! :-)

BTW: What I personally do, is to search the code and/or relevant
logs to see what other tools (the engine, engine-setup, in this
case) do, as "reference examples".

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/LBCZW3HZNGJIXZCONQJSE4IJZ7LB74FM/


[ovirt-users] Re: Error creating host certificate with SubjectAltName with -ki-enroll-request.sh

2020-12-08 Thread Yedidyah Bar David
On Tue, Dec 8, 2020 at 4:25 PM Derek Atkins  wrote:
>
> Hi,
>
> I'm running a single-host, hosted-engine Ovirt deployment, version 4.3.10
> (upgraded from 4.0->4.1->4.2) and it's complaining that my host cert does
> not have a SubjectAltName.
>
> If I try to use pki-enroll-request.sh to rebuild the host cert and follow
> the instructions to add a --san, I get an error:
>
> /usr/share/ovirt-engine/bin/pki-enroll-request.sh --name=host.na.me
> --san=host.na.me

Please try with '--san=DNS:host.na.me'.

> Using configuration from openssl.conf
> Check that the request matches the signature
> Signature ok
> The Subject's Distinguished Name is as follows
> organizationName  :PRINTABLE:'My Org Name'
> commonName:PRINTABLE:'host.na.me'
> ERROR: adding extensions in section v3_ca_san
> 139875647600528:error:2207507C:X509 V3
> routines:v2i_GENERAL_NAME_ex:missing value:v3_alt.c:531:
> 139875647600528:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in
> extension:v3_conf.c:95:name=subjectAltName, value=host.na.me
> Cannot sign certificate
>
> Am I using this script incorrectly?

You are using it well. --san argument is passed as-is to openssl's
'subjectAltName', which requires a prefix to tell its type. Search the
net for 'openssl subjectAltName' for other examples.

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TVLEO7WSZYWLNXVQTW5F2RPVL4WRFE3U/


[ovirt-users] Re: How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?

2020-12-07 Thread Yedidyah Bar David
On Sun, Dec 6, 2020 at 8:14 PM Derek Atkins  wrote:
>
> Hi again,
>
> I also noticed that ca.pem was not updated -- it's still using Sha1.

You are right - we didn't make engine-setup recreate existing certs
for this - "Renew" deals with other stuff [1]. We only change the
default for new ones [2], and wrote a procedure [3][4] for doing this
manually. At the time, this wasn't mandatory - browsers didn't reject
sha1. Perhaps now it should be.

[1] 
https://www.ovirt.org/develop/release-management/features/infra/pki-renew.html

[2] https://gerrit.ovirt.org/c/ovirt-engine/+/65927 (I see that I even
didn't open a bug for this at the time, not sure why)

[3] 
https://www.ovirt.org/documentation/upgrade_guide/#Replacing_SHA-1_Certificates_with_SHA-256_Certificates_4-2_local_db

[4] https://bugzilla.redhat.com/show_bug.cgi?id=1420577 (This is a RHV
doc bug, and the result was an update to RHV docs, which eventually
were also published as [3] above)

> I don't know if this will be an issue with remote-viewer if I wind up
> refreshing the host cert?

As I said, at the time it didn't seem to be mandatory, and docs seemed
to be enough. If you feel otherwise, please open a bug.

I think there is a difference, or at least there was, between what browsers
did/do with https certs, and what they did with CA certs.

If you had a CA cert already accepted/imported/trusted by the browser,
and then you entered a site with a cert signed by this CA, but with a
SHA1 signature, this was one separate case. Browsers started warning/
rejecting them earlier.

If you have a CA cert with a SHA1 signature, and want to import that to
a browser, that's another case. I didn't test recently (or much over time,
other than working on these bugs) with recent browsers, but I think it
took longer until they rejected (if indeed they do - not sure all of them
do).

Best regards,

>
> -derek
>
> On Sun, December 6, 2020 7:44 am, Yedidyah Bar David wrote:
> > On Sun, Dec 6, 2020 at 12:34 AM Derek Atkins  wrote:
> >>
> >> Hi,
> >>
> >> I've got a single-host hosted-engine deployment that I originally
> >> installed with 4.0 and have upgraded over the years to 4.3.10.  I and
> >> some
> >> of my users have upgraded remote-viewer and now I get an error when I
> >> try
> >> to view the console of my VMs:
> >>
> >> (remote-viewer:8252): Spice-WARNING **: 11:30:41.806:
> >> ../subprojects/spice-common/common/ssl_verify.c:477:openssl_verify:
> >> Error
> >> in server certificate verification: CA signature digest algorithm too
> >> weak
> >> (num=68:depth0:/O=/CN=)
> >>
> >> I am 99.99% sure this is because the old certs use SHA1.
> >>
> >> I reran engine-setup on the engine and it asked me if I wanted to renew
> >> the PKI, and I answered yes.  This replaced many[1] of the certificates
> >> in
> >> /etc/pki/ovirt-engine/certs on the engine, but it did not update the
> >> Host's  certificate.
> >
> > Indeed.
> >
> >>
> >> All the documentation I've seen says that to refresh this certificate I
> >> need to put the host into maintenance mode and then re-enroll..  However
> >> I
> >> cannot do that, because this is a single-host system so I cannot put the
> >> host in local mode -- there is no place to migrate the VMs (let alone
> >> the
> >> Engine VM).
> >>
> >> So  Is there a command-line way to re-enroll manually and update the
> >> host certs?
> >
> > I don't think you'll find anything like this.
> >
> > People did come up in the past with various procedure to hack pki like
> > what
> > you want, but these are, generally speaking, quite fragile - usually do
> > not
> > get updated over versions etc.
> >
> > I am pretty certain the only way to do this using "official" tools/docs
> > is:
> >
> > 1. Stop all VMs except for the engine one.
> >
> > 2. Take a backup with engine-backup.
> >
> > 3. Stop the engine VM.
> >
> > 4. Reinstall the host OS from scratch or use ovirt-hosted-engine-cleanup.
> >
> > 5. Provision the host again as a hosted-engine host, using
> > '--restore-from-file'.
> > Either using new storage for the engine, or after cleaning up the existing
> > hosted-engine storage.
> >
> > If you still want to try doing this manually, then the tool to use is
> > pki-enroll-request.sh. IIRC it's documented. You should find what
> > keys/certs
> > you want to replace, generate new keys and CSRs (or use existing keys and
> > generate CSRs, or even use existing CSRs if you find them), copy 

[ovirt-users] Re: How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?

2020-12-06 Thread Yedidyah Bar David
On Sun, Dec 6, 2020 at 7:49 PM Derek Atkins  wrote:
>
> Hi Didi,
>
> One more question:
>
> Can you verify that etc/pki/libvirt/clientcert.pem,
> etc/pki/vdsm/certs/vdsmcert.pem, and
> etc/pki/vdsm/libvirt-spice/server-cert.pem are all supposed to be same
> certificate (on the host)?  By a quick find | grep all three of these
> files appear to be the .cer certificate file?

Yes, and also vdsm/libvirt-vnc/server-cert.pem .
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SE3OYSJFQJAIQJRZ54E4Z4DCFZ6HZWEV/


[ovirt-users] Re: How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?

2020-12-06 Thread Yedidyah Bar David
On Sun, Dec 6, 2020 at 7:25 PM Derek Atkins  wrote:
>
> HI,
>
> On Sun, December 6, 2020 7:44 am, Yedidyah Bar David wrote:
> > On Sun, Dec 6, 2020 at 12:34 AM Derek Atkins  wrote:
> [snip]
> >> So  Is there a command-line way to re-enroll manually and update the
> >> host certs?
> >
> > I don't think you'll find anything like this.
> >
> > People did come up in the past with various procedure to hack pki like
> > what
> > you want, but these are, generally speaking, quite fragile - usually do
> > not
> > get updated over versions etc.
> >
> > I am pretty certain the only way to do this using "official" tools/docs
> > is:
> >
> > 1. Stop all VMs except for the engine one.
> >
> > 2. Take a backup with engine-backup.
> >
> > 3. Stop the engine VM.
> >
> > 4. Reinstall the host OS from scratch or use ovirt-hosted-engine-cleanup.
> >
> > 5. Provision the host again as a hosted-engine host, using
> > '--restore-from-file'.
> > Either using new storage for the engine, or after cleaning up the existing
> > hosted-engine storage.
>
> If I were to go this route I might as well upgrade to EL8 / 4.4 at the
> same time.  However, I would rather not do that; I consider that a very
> dangerous operation, with a generally too-high probability of failure.

I assume you'll do that anyway, some time later, no? So why not now?
I think 4.4.3 is a pretty good version.

I agree it's "dangerous" in the sense that it involves lots of rather
complex actions, some of which are hard to debug/fix if they fail.

But: You can plan and test ahead on a test machine somewhere - even
a VM, with nested-kvm. Just make sure it has no access to your host
and storage (network-wise), so that it does not try to manage/access
them.

>
> > If you still want to try doing this manually, then the tool to use is
> > pki-enroll-request.sh. IIRC it's documented. You should find what
> > keys/certs
> > you want to replace, generate new keys and CSRs (or use existing keys and
> > generate CSRs, or even use existing CSRs if you find them), copy to the
> > engine,
> > sign with pki-enroll-request.sh, then copy the generated cert to the host.
>
> Thanks.  I will look into this method.
>
> > I am
> > almost certain there is no way to tell vdsm (and other processes) to
> > reload
> > the certs, so you'll have to restart it (them) - and this usually
> > requires putting
> > the host in maintenance (and therefore stop (migrate) all VMs).
>
> I don't mind stopping the VMs in order to reboot the host if I can plan
> that.  My understanding is that because there is no place to migrate the
> hosted-engine, that implies even I stop all the other VMs, I still cannot
> put the host into maintenance mode.  Is my understanding correct?

You are right - for a single host, you should do something like this:

1. Stop all VMs except for the engine

2. Put it to global maintenance

3. Stop the engine VM ('poweroff' from inside it, or 'hosted-engine
--vm-shutdown')

4. Restart whatever services you want, or just reboot

5. Exit global maintenance

6. Engine VM should be started automatically in a few minutes. If it
does not, you
can 'hosted-engine --vm-start'. You can monitor agent.log in the meanwhile.

>
> >>  Or some other way to get all the leftover certs renewed?
> >
> > Which ones, specifically?
>
> I think I listed them all:  *.cer and vmconsole*.cer on the engine,
> and of course everything on the host itself.

engine-setup is not designed to touch hosts.

Hosts should be managed by the engine, usually.

>
> Does it matter that ca.der didn't change?  I don't know if that is a
> self-signed cert that might be problematic?

ca.der is not used by anything, you can ignore it. The private key of
the CA is in /etc/pki/ovirt-engine/private/ca.pem, and the public key
is in /etc/pki/ovirt-engine/ca.pem. That's what all tools use.

>
> >>
> >> Thanks,
> >>
> >> -derek
> >>
> >> [1] Not only did it not update the Host's cert, it did not update any of
> >> the vmconsole-proxy certs, nor the certs in /etc/pki/ovirt-vmconsole/,
> >> and
> >> obviously nothing in /etc/pki/ on the host itself.
> >
> > AFAIR no process uses these certs as such. There are only processes that
> > use
> > the ssh-format keys extracted from them, which do not include a signature
> > (sha1 or whatever).
> >
> > If you think I am wrong, and/or notice other certs that need to be
> > regenerated,
> > that's a bug - please open one. Thanks!
>
> I have not noticed anything, yet, but I have not restarted the hos

[ovirt-users] Re: Failed upgrade from SHE 4.3.10 to 4.4.3 - Host set to Non-Operational - missing networks

2020-12-06 Thread Yedidyah Bar David
On Tue, Dec 1, 2020 at 5:47 PM Roberto Nunin  wrote:
>
> We are following both oVirt upgrade guide [1] and RHV 4.4 upgrade guide [2].
>
> aps-te62-mng.corporate.it ---> host resinatlled with oVirt Node 4.4.3
> aps-te61-mng.corporate.it ---> host where previous ovirt-engine 4.3.10 VM was 
> running when backup was taken.
>
> hosted-engine --deploy  --restore-from-file= fails with 
> following errors in ovirt-hosted-engine-setup:
>
> 2020-12-01 15:53:37,534+0100 ERROR 
> otopi.ovirt_hosted_engine_setup.ansible_utils 
> ansible_utils._process_output:109 fatal: [localhost]: FAILED! => {"changed": 
> false, "msg": "The host has been set in non_operational status, please check 
> engine logs, more info can be found in the engine logs, fix accordingly and 
> re-deploy."}
> 2020-12-01 15:56:30,414+0100 ERROR 
> otopi.ovirt_hosted_engine_setup.ansible_utils 
> ansible_utils._process_output:109 fatal: [localhost]: FAILED! => {"changed": 
> false, "msg": "The system may not be provisioned according to the playbook 
> results: please check the logs for the issue, fix accordingly or re-deploy 
> from scratch.\n"}
> 2020-12-01 15:56:33,731+0100 ERROR otopi.context context._executeMethod:154 
> Failed to execute stage 'Closing up': Failed executing ansible-playbook
> 2020-12-01 15:57:08,663+0100 ERROR 
> otopi.ovirt_hosted_engine_setup.ansible_utils 
> ansible_utils._process_output:109 fatal: [localhost]: UNREACHABLE! => 
> {"changed": false, "msg": "Failed to connect to the host via ssh: ssh: 
> connect to host itte1lv51-mng.comifar.it port 22: Connection timed out", 
> "skip_reason": "Host localhost is unreachable", "unreachable": true}
> 2020-12-01 15:58:22,179+0100 ERROR otopi.plugins.gr_he_common.core.misc 
> misc._terminate:167 Hosted Engine deployment failed: please check the logs 
> for the issue, fix accordingly or re-deploy from scratch.
>
> while within the HostedEngineLocal engine.log:
>
> 2020-12-01 15:52:42,161+01 ERROR 
> [org.ovirt.engine.core.bll.SetNonOperationalVdsCommand] 
> (EE-ManagedThreadFactory-engine-Thread-96) [11f50ce0] Host 
> 'aps-te62-mng.corporate.it' is set to Non-Operational, it is missing the 
> following networks: 
> 'migration,traffic_11,traffic_202,traffic_5,traffic_555,traffic_9'

Did you notice this?

When you run deploy, it also prompts you whether to pause execution
after adding the host to the engine. Please reply 'Yes', and then,
when it waits for you to remove a lock file, connect to the engine web
admin as instructed, fix the required networks (by going to the host
and setting NICs to all required networks, then trying to activate
it), and then, after it's 'Up' (green), remove the lock file on the
host so that deploy tries to continue.

We recently changed the behavior around this, see also:

https://bugzilla.redhat.com/show_bug.cgi?id=1893385

> 2020-12-01 15:52:48,474+01 ERROR 
> [org.ovirt.engine.core.bll.SetNonOperationalVdsCommand] 
> (EE-ManagedScheduledExecutorService-engineScheduledTh
> readPool-Thread-12) [41688fc7] Host 'aps-te62-mng.corporate.it' is set to 
> Non-Operational, it is missing the following networks: 
> 'migration,traffic_11,traffic_202,traffic_5,traffic_555,traffic_9'
> 2020-12-01 15:52:53,734+01 ERROR 
> [org.ovirt.engine.core.bll.SetNonOperationalVdsCommand] 
> (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-6) 
> [5fc7257] Host 'aps-te62-mng.corporate.it' is set to Non-Operational, it is 
> missing the following networks: 
> 'migration,traffic_11,traffic_202,traffic_5,traffic_555,traffic_9'
> 2020-12-01 15:52:54,567+01 ERROR 
> [org.ovirt.engine.core.vdsbroker.monitoring.VmsMonitoring] 
> (ForkJoinPool-1-worker-13) [] Rerun VM 
> 'f9249e06-237e-412c-91e9-7b0fa0b6ec2a'. Called from VDS 
> 'aps-te62-mng.corprorate.it'
> 2020-12-01 15:52:54,676+01 ERROR 
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] 
> (EE-ManagedThreadFactory-engine-Thread-361) [] EVENT_ID: 
> VM_MIGRATION_TO_SERVER_FAILED(120), Migration failed  (VM: 
> external-HostedEngineLocal, Source: aps-te62-mng.corporate.it, Destination: 
> aps-te61-mng.corporate.it).
>
> Why is the playbook trying to migrate HostedEngineLocal from reinstalled 
> 4.4.3 oVirt node to an existing one that is still running oVirt Node 4.3.x ?

Not sure - perhaps because the new host is non-operational. I agree
this is probably not very useful behavior - perhaps you want to open a
bug about this, and attach all relevant logs.

> How can we manage this issue and proceed with the upgrade ?

See above.

>
> [1] https://www.ovirt.org/documentation/upgrade_guide/#SHE_Upgrading_from_4-3
> [2] 
> https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html/upgrade_guide/she_upgrading_from_4-3
>
>
> Thanks is advance for support.
> Best regards

Good luck and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: 

[ovirt-users] Re: How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?

2020-12-06 Thread Yedidyah Bar David
On Sun, Dec 6, 2020 at 12:34 AM Derek Atkins  wrote:
>
> Hi,
>
> I've got a single-host hosted-engine deployment that I originally
> installed with 4.0 and have upgraded over the years to 4.3.10.  I and some
> of my users have upgraded remote-viewer and now I get an error when I try
> to view the console of my VMs:
>
> (remote-viewer:8252): Spice-WARNING **: 11:30:41.806:
> ../subprojects/spice-common/common/ssl_verify.c:477:openssl_verify: Error
> in server certificate verification: CA signature digest algorithm too weak
> (num=68:depth0:/O=/CN=)
>
> I am 99.99% sure this is because the old certs use SHA1.
>
> I reran engine-setup on the engine and it asked me if I wanted to renew
> the PKI, and I answered yes.  This replaced many[1] of the certificates in
> /etc/pki/ovirt-engine/certs on the engine, but it did not update the
> Host's  certificate.

Indeed.

>
> All the documentation I've seen says that to refresh this certificate I
> need to put the host into maintenance mode and then re-enroll..  However I
> cannot do that, because this is a single-host system so I cannot put the
> host in local mode -- there is no place to migrate the VMs (let alone the
> Engine VM).
>
> So  Is there a command-line way to re-enroll manually and update the
> host certs?

I don't think you'll find anything like this.

People did come up in the past with various procedure to hack pki like what
you want, but these are, generally speaking, quite fragile - usually do not
get updated over versions etc.

I am pretty certain the only way to do this using "official" tools/docs is:

1. Stop all VMs except for the engine one.

2. Take a backup with engine-backup.

3. Stop the engine VM.

4. Reinstall the host OS from scratch or use ovirt-hosted-engine-cleanup.

5. Provision the host again as a hosted-engine host, using
'--restore-from-file'.
Either using new storage for the engine, or after cleaning up the existing
hosted-engine storage.

If you still want to try doing this manually, then the tool to use is
pki-enroll-request.sh. IIRC it's documented. You should find what keys/certs
you want to replace, generate new keys and CSRs (or use existing keys and
generate CSRs, or even use existing CSRs if you find them), copy to the engine,
sign with pki-enroll-request.sh, then copy the generated cert to the host. I am
almost certain there is no way to tell vdsm (and other processes) to reload
the certs, so you'll have to restart it (them) - and this usually
requires putting
the host in maintenance (and therefore stop (migrate) all VMs).

>  Or some other way to get all the leftover certs renewed?

Which ones, specifically?

>
> Thanks,
>
> -derek
>
> [1] Not only did it not update the Host's cert, it did not update any of
> the vmconsole-proxy certs, nor the certs in /etc/pki/ovirt-vmconsole/, and
> obviously nothing in /etc/pki/ on the host itself.

AFAIR no process uses these certs as such. There are only processes that use
the ssh-format keys extracted from them, which do not include a signature
(sha1 or whatever).

If you think I am wrong, and/or notice other certs that need to be regenerated,
that's a bug - please open one. Thanks!

Re remote-viewer/spice: You didn't say if you tried again after engine-setup
and what happened. In any case, this is unrelated to vmconsole (which is for
serial consoles, using ssh). But you might still need to regenerate the host
cert.

BTW: You can try using novnc and websocket-proxy - engine-setup does update
the cert for the latter, so this might work as-is.

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FEJUG6F74JPFAA63MEA4GWPBCUZRCF66/


[ovirt-users] Re: strange dns request since 4.4.3

2020-12-05 Thread Yedidyah Bar David
On Fri, Dec 4, 2020 at 11:22 AM Adam Xu  wrote:
>
> Hi ovirt
>
> Recently, my samba internal dns has been getting a lot of errors, like:
>
> [2020/12/02 15:24:31.484073,  1] 
> ../../source4/dns_server/dns_query.c:1141(dns_server_process_query_got_auth)
>   dns_server_process_query_got_auth: Failed to add SOA record: 
> WERR_DNS_ERROR_RCODE_FORMAT_ERROR
>
> I found that my ovirt nodes was sending a lot of strange requests, I use 
> tcpdump and got some like:
>
> tcpdump -i ovirtmgmt udp port 53
>
> 17:00:23.875038 IP ovirt1.adagene.cn.53862 > dc1.mydomain.com.domain: 35727+ 
> [1au] NS? . (40)
>
> 17:00:24.436466 IP 192.168.49.195.domain > ovirt1.mydomain.com.33625: 8887 
> FormErr-$ 0/0/1 (40)
>
> about one request in a second.
>
> And I noticed that some nodes which version is 4.4.2 did't send dns requests 
> like above. therefore no error occured.
>
> Were there any recent changes to ovirt node that caused these errors?

Any chance you can try to provide some more information?

Perhaps a tcpdump dump (something like 'tcpdump -i any -w
/root/dump1', or '-i NIC' if you know which NIC, perhaps also 'port
53' if it's just that)? From both hosts and the dns server?

Perhaps /var/log/vdsm/* and /var/log/ovirt-hosted-engine-ha/* from hosts?

Thanks and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VGUW2YD3WY37UPNURUOT3DYHNJRUVQUG/


[ovirt-users] Re: Cannot SSH into the self hosted host (going through tutorial)

2020-12-02 Thread Yedidyah Bar David
Hello,

On Tue, Nov 24, 2020 at 4:38 PM  wrote:
>
> Hello.
>
> I want to install oVirt on my PC and for this purpose I'm following the 
> tutorial which instructed me to make a VM and install there the oVirt self 
> hosted host: 
> https://www.ovirt.org/documentation/installing_ovirt_as_a_self-hosted_engine_using_the_cockpit_web_interface/#Installing_Hosts_for_RHV_SHE_cockpit_deploy
>
> I cannot SSH to this new oVirt install - I get the error "Connection refused" 
> (Even though I see something listening on port 22 by running `netstat -an`). 
> So I tried stopping `sshd`and I got the same error. Tried to do all of this 
> with `telnet 192.168.122.1 22`, I get the same error "Connection refused".
>
> Also, Yum returns "could not resolve host: https://mirrors.fedoraproject.org;
>
> I can ping the machine though from my PC.
>
> I turned off `firewalld`. `iproute -S` returns `ACCEPT` for everything.
>
> My PC is running archlinux and I installed the new VM using "Virtual Machine 
> Manager". Normally, I can easily SSH to any VM I create. Maybe someone know 
> what I'm doing wrong?
>

It's a bit hard to understand what exactly you are trying to do.

Did you read a bit about oVirt and understand its architecture? What
hosted-engine is?

You probably need to disable MAC filtering on your host. No idea how
to do that in "Virtual Machine Manager".

You have:

1. Your physical machine/host

2. A VM inside it acting as an oVirt host, with its MAC address
(assigned by the virt software on the host)

3. A vm inside that one, so-called the hosted-engine VM, with its own
MAC address (assigned by the hosted-engine deployment process).

When (3.) tries to access (1.) (either directly, or the outside world
through it), (1.) sees the traffic on the vnic of (2.), but with a MAC
address different from (2.)'s. So it might block it.

That's just a guess - I don't know archlinux's "Virtual Machine Manager".

If you are doing this for studying, and do not have a spare physical
machine for doing the hosted-engine install on, it might be better to
first try standalone (non-hosted-engine) setup. It will be more work,
and require you to learn more, but will hopefully be easier to
understand and debug if something goes wrong.

Good luck and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/CMZU3QWKZLCOOA6PHPCOXHYIXTFIRRNU/


[ovirt-users] Re: Fix corrupt self-hosted engine

2020-11-24 Thread Yedidyah Bar David
On Tue, Nov 24, 2020 at 12:38 PM Alex K  wrote:

>
>
> On Mon, Nov 23, 2020 at 10:09 AM Yedidyah Bar David 
> wrote:
>
>> On Mon, Nov 23, 2020 at 9:54 AM Alex K  wrote:
>> >
>> >
>> >
>> > On Sun, Nov 22, 2020 at 8:57 AM Yedidyah Bar David 
>> wrote:
>> >>
>> >> On Thu, Nov 19, 2020 at 9:43 PM Alex K 
>> wrote:
>> >>>
>> >>>
>> >>>
>> >>> On Thu, Nov 19, 2020 at 5:31 PM Alex K 
>> wrote:
>> >>>>
>> >>>> Hi Didi,
>> >>>>
>> >>>> On Thu, Nov 19, 2020 at 5:13 PM Yedidyah Bar David 
>> wrote:
>> >>>>>
>> >>>>> On Thu, Nov 19, 2020 at 4:37 PM Alex K 
>> wrote:
>> >>>>>>
>> >>>>>> Hi all,
>> >>>>>>
>> >>>>>> I have a corrupt self-hosted engine (with several file system
>> errors, postgres not able to start) and thus it does not give access to the
>> web UI. This happened following an unlucky split brain resolution (I am
>> running 2 nodes). The two hosts are running VMs also which I would like to
>> keep running as they are needed.
>> >>>>>>
>> >>>>>> When trying to boot into rescue mode (using
>> systemd.unit=emergency.target boot parameter) I get a cursor and nothing
>> else.
>> >>>>>
>> >>>>>
>> >>>>> This means that more than just the DB is corrupt...
>> >>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> I have backups of engine files with scope all (using the
>> engine-backup tool).
>> >>>>>> What is the best approach to try and fix the engine or redeploy.
>> >>>>>
>> >>>>>
>> >>>>> If you are careful, and know what you are doing, you can try
>> something like the following. I am not giving many details, hopefully you
>> can find on the net tutorials about how to use the things I suggest:
>> >>>>>
>> >>>>> 1. Move to global maintenance
>> >>>>>
>> >>>>> 2. Stop the current dead vm (if needed)
>> >>>>>
>> >>>>> 3. Find current vm conf, edit it to boot from a rescue iso image of
>> your preference or from net/PXE etc., and start the vm with '--vm-conf'
>> pointing to your edited file.
>> >>>>>
>> >>>>> 4. Connect a console (hosted-engine --console, or 'virsh console',
>> or use '--add-console-password' and remote viewer, if needed)
>> >>>>>
>> >>>>> 5. Clean the disk and install the OS, oVirt, etc.
>> >>>>>
>> >>>>> 6. Copy your backup into the vm and restore with engine-backup
>> >>>>>
>> >>>>> 7. Then cleanly stop the machine, exit global maint, and let HA
>> start it (or start it yourself with --vm-start).
>> >>>>>
>> >>>>> At the time, we had a bug [1] to document this. The result is [2].
>> It does not detail how to boot/reinstall os/etc., only restore (if e.g. db
>> is dead but fs is ok).
>> >>>>> For something somewhat similar to what you want, see also [3],
>> which uses guestfish. Might be useful, depending on how badly your disk is
>> corrupted.
>> >>>>
>> >>>> I went with the guestfish approach. It has fixed some fs issues and
>> now the yum etc seem fine apart from postgres.
>> >>>> I had tried previously to uninstall/install packages so I ended
>> installing them again with yum install ovirt\*setup\*.
>> >>>> Now I think I have to run engine-setup but I get the error:
>> >>>>
>> >>>>  Failed to execute stage 'Environment setup': Cannot connect to
>> Engine database using existing credentials: engine@localhost:5432
>> >>>
>> >>> Seems that I need to have psql running to be able to run
>> engine-backup --mode=restore. Are there any steps how one could manually
>> prepare pgsql for ovirt so as to attempt restoration?
>> >>
>> >>
>> >> Replying again, also to conclude this part of your episode: Generally
>> speaking, that's not needed. restore --provision-all-databases should do
>> that for you.
>> >
>> > Seems that when pgsql is down nothing can be done. You need at l

[ovirt-users] Re: Fix corrupt self-hosted engine

2020-11-23 Thread Yedidyah Bar David
On Mon, Nov 23, 2020 at 9:54 AM Alex K  wrote:
>
>
>
> On Sun, Nov 22, 2020 at 8:57 AM Yedidyah Bar David  wrote:
>>
>> On Thu, Nov 19, 2020 at 9:43 PM Alex K  wrote:
>>>
>>>
>>>
>>> On Thu, Nov 19, 2020 at 5:31 PM Alex K  wrote:
>>>>
>>>> Hi Didi,
>>>>
>>>> On Thu, Nov 19, 2020 at 5:13 PM Yedidyah Bar David  wrote:
>>>>>
>>>>> On Thu, Nov 19, 2020 at 4:37 PM Alex K  wrote:
>>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> I have a corrupt self-hosted engine (with several file system errors, 
>>>>>> postgres not able to start) and thus it does not give access to the web 
>>>>>> UI. This happened following an unlucky split brain resolution (I am 
>>>>>> running 2 nodes). The two hosts are running VMs also which I would like 
>>>>>> to keep running as they are needed.
>>>>>>
>>>>>> When trying to boot into rescue mode (using 
>>>>>> systemd.unit=emergency.target boot parameter) I get a cursor and nothing 
>>>>>> else.
>>>>>
>>>>>
>>>>> This means that more than just the DB is corrupt...
>>>>>
>>>>>>
>>>>>>
>>>>>> I have backups of engine files with scope all (using the engine-backup 
>>>>>> tool).
>>>>>> What is the best approach to try and fix the engine or redeploy.
>>>>>
>>>>>
>>>>> If you are careful, and know what you are doing, you can try something 
>>>>> like the following. I am not giving many details, hopefully you can find 
>>>>> on the net tutorials about how to use the things I suggest:
>>>>>
>>>>> 1. Move to global maintenance
>>>>>
>>>>> 2. Stop the current dead vm (if needed)
>>>>>
>>>>> 3. Find current vm conf, edit it to boot from a rescue iso image of your 
>>>>> preference or from net/PXE etc., and start the vm with '--vm-conf' 
>>>>> pointing to your edited file.
>>>>>
>>>>> 4. Connect a console (hosted-engine --console, or 'virsh console', or use 
>>>>> '--add-console-password' and remote viewer, if needed)
>>>>>
>>>>> 5. Clean the disk and install the OS, oVirt, etc.
>>>>>
>>>>> 6. Copy your backup into the vm and restore with engine-backup
>>>>>
>>>>> 7. Then cleanly stop the machine, exit global maint, and let HA start it 
>>>>> (or start it yourself with --vm-start).
>>>>>
>>>>> At the time, we had a bug [1] to document this. The result is [2]. It 
>>>>> does not detail how to boot/reinstall os/etc., only restore (if e.g. db 
>>>>> is dead but fs is ok).
>>>>> For something somewhat similar to what you want, see also [3], which uses 
>>>>> guestfish. Might be useful, depending on how badly your disk is corrupted.
>>>>
>>>> I went with the guestfish approach. It has fixed some fs issues and now 
>>>> the yum etc seem fine apart from postgres.
>>>> I had tried previously to uninstall/install packages so I ended installing 
>>>> them again with yum install ovirt\*setup\*.
>>>> Now I think I have to run engine-setup but I get the error:
>>>>
>>>>  Failed to execute stage 'Environment setup': Cannot connect to Engine 
>>>> database using existing credentials: engine@localhost:5432
>>>
>>> Seems that I need to have psql running to be able to run engine-backup 
>>> --mode=restore. Are there any steps how one could manually prepare pgsql 
>>> for ovirt so as to attempt restoration?
>>
>>
>> Replying again, also to conclude this part of your episode: Generally 
>> speaking, that's not needed. restore --provision-all-databases should do 
>> that for you.
>
> Seems that when pgsql is down nothing can be done. You need at least pgsql up 
> and running (e clean state will do) so as to be able to proceed with 
> restoration.

Do you still have logs from this? Both engine-backup's (default to
/var/log/ovirt-engine-backup/something if you do not pass --log) and
ovirt-engine-provisiondb which it runs (at
/var/log/ovirt-engine/setup).

Not sure what you mean in "a clean state will do". If you just install
PG, it is not enabled by default, so is not "up and running".

Generally speaking:

If

[ovirt-users] Re: Best and clean way to have oVirt qemu and libvirt versions on CentOS 8

2020-11-22 Thread Yedidyah Bar David
On Sun, Nov 22, 2020 at 12:41 PM Gianluca Cecchi
 wrote:
>
> Hello,
> normally with current CentOS 8.2 I get
> qemu-kvm-core-15:2.12.0-99.module_el8.2.0+524+f765f7e0.4.x86_64
> libvirt-daemon-4.5.0-42.module_el8.2.0+320+13f867d7.x86_64
>
> With oVirt 4.4 having
> qemu-kvm-core-4.2.0-29.el8.3.x86_64
> libvirt-daemon-6.0.0-25.2.el8.x86_64
>
> and in current Fedora 32 updates:
> qemu-kvm-core-4.2.1-1.fc32.x86_64.rpm
> libvirt-daemon-6.1.0-4.fc32.x86_64.rpm
>
> I see on CentOS these groups somehow related to Virtualization:
>Virtualization Host
>Virtualization Client
>Virtualization Hypervisor
>Virtualization Platform
>Virtualization Tools
>
> What could be the best and less intrusive repo to enable on plain CentOS 8.2 
> to get qemu-kvm and libvirt versions quite similar to oVirt shipped ones, or 
> fedora ones, without enabling all  the ovirt 4.4 repos?

You get them in oVirt via "advanced-virtualization-testing" [1].

I think the most official/least-intrusive way outside of oVirt is
something like:

dnf install centos-release-advanced-virtualization
dnf config-manager --set-enabled centos-advanced-virtualization-test

But can't find any "official" page saying this. Closest relevant pages
I can find are [2][3].

Please note that the repo names/IDs are different between above and
ovirt-release*. So if you install both, you have to keep that in mind
- and normally, just don't.

[1] 
https://github.com/oVirt/ovirt-release/blob/master/ovirt-el8-stream-x86_64-deps.repo.in#L87
[2] 
https://centos.pkgs.org/8/centos-extras-x86_64/centos-release-advanced-virtualization-1.0-2.el8.noarch.rpm.html
[3] 
https://www.centos.org/minutes/2020/September/centos-meeting.2020-09-09-16.02.html

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TXA7EKAOHJAEQBZEQMWVQGPBTK35AQIC/


[ovirt-users] Re: oVirt 4.3 DWH with Grafana

2020-11-21 Thread Yedidyah Bar David
On Fri, Nov 20, 2020 at 8:45 AM Vrgotic, Marko 
wrote:

> Dear oVirt,
>
>
>
> We are currently running oVirt 4.3 and upgrade/migration to 4.4 won’t be
> possible for few more months.
>
>
>
> I am looking into guidelines, how to, for setting up Grafana using
> DataWarehouse as data source.
>
>
>
> Did anyone already did this, and would be willing to share the steps?
>

AFAIU this is definitely not tested/recommended/supported, but the current
(4.4) dashboards use only 4.3 dwh compatibility views. So in theory, 4.4
grafana setup can work against your 4.3 engine/dwh without problems. So you
can try something like:

1. Install el8 on some machine
2. Install ovirt-release (4.4!)
3. Install ovirt-engine-dwh-grafana-integration-setup. I *think*, didn't
try, that it would carry with it all the dependencies it needs.
4. Run engine-setup. When prompted, only accept "Configure grafana?", and
reply "No" to everything else
5. Follow the other prompts as applicable

This should be enough.

Not sure about the commands to add SSO on the engine machine. Perhaps
better verify this first against a test engine (can be on another
el7/ovirt4.3 VM with no hosts).

But, repeating: this isn't recommended.

Did you consider upgrading only your engine, and keep your hosts 4.3 until
you can upgrade them later?

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FAIAXTXBE5UCF37UZIK46J6VBOIYRLKH/


[ovirt-users] Re: Replacing ovirt certificates issue

2020-11-21 Thread Yedidyah Bar David
On Fri, Nov 20, 2020 at 1:37 PM Alex K  wrote:

> Following the above, I was seeing that OVN provider connectivity test was
> failing due to some certificate issue and had to do the following to fix
> it:
>

Is this on the same systems of "[ovirt-users] Fix corrupt self-hosted
engine", or unrelated?


>
> names="ovirt-provider-ovn"
>
> subject="$(\
> openssl x509 \
> -in /etc/pki/ovirt-engine/certs/apache.cer \
> -noout \
> -subject | \
> sed \
> 's;subject= \(.*\);\1;'
>   )"
>
> . /usr/share/ovirt-engine/bin/engine-prolog.sh
>
> for name in $names; do
> /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh \
> --name="${name}" \
> --password=mypass \
> --subject="${subject}" \
> --keep-key \
> --san=DNS:"${ENGINE_FQDN}"
> done
>
> Having fixed the above, when trying to connect two VMs on some OVN logical
> switches it seems they are not able to reach each other.
> I had previously added such logical switched at engine by running:
>
> ovn-nbctl ls-add ovn-net0
> ovn-nbctl ls-add ovn-net1
> etc
>
> Checking the logs at the host /var/log/openvswitch/ovsdb-server.log I see:
> reconnect|WARN|unix#45: connection dropped (Connection reset by peer)
>
> Also systemctl status ovirt-provider-ovn.service at engine shows:
> /usr/lib/python2.7/site-packages/urllib3/connection.py:344:
> SubjectAltNameWarning:...
>
> I have restarted at engine both engine and ovn services:
> systemctl restart ovirt-engine
> systemctl status ovirt-provider-ovn.service
>
> I have also restarted the relevant service at each host:
> systemctl restart ovn-controller.service
>
> When running at host the following it stucks and does not give any output:
> ovn-sbctl show
>
> I see that the certificate is imported at key-store as it has the same
> fingerprint with the previous root CA:
>
> keytool -list -alias ovirt-provider-ovn -keystore
> /var/lib/ovirt-engine/external_truststore
>
> At this same cluster, I had previously changed the domain name of each
> host and engine using the rename tool.
>

After that, did ovn still work well?


> And now replaced the certificates as per previous described so as to fix
> the imageio cert issue and ovn issue.
>
> It seems that OVN is not happy with the status of certificates.
> When testing connection at engine GUI i get a prompt to trust the cert,
> and when pressing ok i get a green confirmation of successful connection.
>
> Is there anything else that can be done to fix OVN functionality?
>

No idea, adding Dominik.

Best regards,


> Thanx
> Alex
>
>
>
>
>
> On Thu, Nov 19, 2020 at 9:00 AM Alex K  wrote:
>
>> Seems that all services (imageio, ovn, web socket) are fine after
>> following the above and importing the new self signed CA certificate.
>> DId run also engine-setup as I was trying to fix the imageio cert issue,
>> though seems that that was only fixed after importing the CA cert at
>> browser and engine-setup might not be needed.
>>
>> On Wed, Nov 18, 2020 at 3:07 PM Alex K  wrote:
>>
>>> Seems I had a typo at
>>> /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf.
>>> I will repeat the test to verify that all services are functional
>>> following this process.
>>>
>>> On Wed, Nov 18, 2020 at 10:24 AM Alex K  wrote:
>>>
 Hi all,

 I am trying to replace the ovirt certificate at ovirt 4.3 following
 this:


 https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html/administration_guide/appe-red_hat_enterprise_virtualization_and_ssl

 I am doing the following:
 I have engine FQDN: manager.lab.local

 1. Create root CA private key:
 openssl genrsa -des3 -out root.key 2048

 2. Generate root certificate: (enter passphrase of root key)
 openssl req -x509 -new -nodes -key root.key -sha256 -days 3650 -out
 root.pem
 cp root.pem /tmp

 3. Create key and CSR for engine:
 openssl genrsa -out manager.lab.local.key 2048
 openssl req -new -out manager.lab.local.csr -key manager.lab.local.key

 4. Generate a certificate for engine and sign with the root CA key:

 openssl x509 -req -in manager.lab.local.csr \
 -CA root.pem \
 -CAkey root.key \
 -CAcreateserial \
 -out manager.lab.local.crt \
 -days 3650 \
 -sha256 \
 -extensions v3_req

 5. Verify the trust chain and check the certificate details:
 openssl verify -CAfile root.pem manager.lab.local.crt
 openssl x509 -text -noout -in  manager.lab.local.crt  | head -15

 6. Generate a P12 container: (with empty password)
 openssl pkcs12 -export -out /tmp/apache.p12 \
 -inkey manager.lab.local.key \
 -in manager.lab.local.crt

 8. Export key and cert:
 openssl pkcs12 -in apache.p12 -nocerts -nodes > /tmp/apache.key
 openssl pkcs12 -in apache.p12 -nokeys > /tmp/apache.cer

 From the above steps we should have the following:

 /tmp/root.pem
 

[ovirt-users] Re: Fix corrupt self-hosted engine

2020-11-21 Thread Yedidyah Bar David
On Thu, Nov 19, 2020 at 11:33 PM Alex K  wrote:

> For the records,
>
> After having fixed the major fs issues with guestfish and since the DB was
> not starting up, I removed everything from DB data dir and recreated it as
> below:
>
> rm -rf /var/opt/rh/rh-postgresql10/lib/pgsql/data/*
> /opt/rh/rh-postgresql10/root/usr/bin/postgresql-setup --initdb
> systemctl restart rh-postgresql10-postgresql.service
>

Generally speaking, this should not be needed. --provision-all-databases
should do this for you.


>
> Then proceeded with the restoration, where I requested to provision all
> missing databases:
> engine-backup --mode=restore --file=engine-backup.gz
> --provision-all-databases \
> --log=restore.log --restore-permissions
>
> Following this, ran engine-setup, as instructed from the restore
> operation.
> Gained engine web access and saw the same running VMs were shown as up
> without issues.
> I only observed one VM not able to start due to illegal volume, but that's
> another story.
>

Glad to hear that, thanks for the report!

Best regards,


>
>
> On Thu, Nov 19, 2020 at 9:42 PM Alex K  wrote:
>
>>
>>
>> On Thu, Nov 19, 2020 at 5:31 PM Alex K  wrote:
>>
>>> Hi Didi,
>>>
>>> On Thu, Nov 19, 2020 at 5:13 PM Yedidyah Bar David 
>>> wrote:
>>>
>>>> On Thu, Nov 19, 2020 at 4:37 PM Alex K  wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> I have a corrupt self-hosted engine (with several file system errors,
>>>>> postgres not able to start) and thus it does not give access to the web 
>>>>> UI.
>>>>> This happened following an unlucky split brain resolution (I am running 2
>>>>> nodes). The two hosts are running VMs also which I would like to keep
>>>>> running as they are needed.
>>>>>
>>>>> When trying to boot into rescue mode (using
>>>>> systemd.unit=emergency.target boot parameter) I get a cursor and nothing
>>>>> else.
>>>>>
>>>>
>>>> This means that more than just the DB is corrupt...
>>>>
>>>>
>>>>>
>>>>> I have backups of engine files with scope all (using the engine-backup
>>>>> tool).
>>>>> What is the best approach to try and fix the engine or redeploy.
>>>>>
>>>>
>>>> If you are careful, and know what you are doing, you can try something
>>>> like the following. I am not giving many details, hopefully you can find on
>>>> the net tutorials about how to use the things I suggest:
>>>>
>>>> 1. Move to global maintenance
>>>>
>>>> 2. Stop the current dead vm (if needed)
>>>>
>>>> 3. Find current vm conf, edit it to boot from a rescue iso image of
>>>> your preference or from net/PXE etc., and start the vm with '--vm-conf'
>>>> pointing to your edited file.
>>>>
>>>> 4. Connect a console (hosted-engine --console, or 'virsh console', or
>>>> use '--add-console-password' and remote viewer, if needed)
>>>>
>>>> 5. Clean the disk and install the OS, oVirt, etc.
>>>>
>>>> 6. Copy your backup into the vm and restore with engine-backup
>>>>
>>>> 7. Then cleanly stop the machine, exit global maint, and let HA start
>>>> it (or start it yourself with --vm-start).
>>>>
>>>> At the time, we had a bug [1] to document this. The result is [2]. It
>>>> does not detail how to boot/reinstall os/etc., only restore (if e.g. db is
>>>> dead but fs is ok).
>>>> For something somewhat similar to what you want, see also [3], which
>>>> uses guestfish. Might be useful, depending on how badly your disk is
>>>> corrupted.
>>>>
>>> I went with the guestfish approach. It has fixed some fs issues and now
>>> the yum etc seem fine apart from postgres.
>>> I had tried previously to uninstall/install packages so I ended
>>> installing them again with yum install ovirt\*setup\*.
>>> Now I think I have to run engine-setup but I get the error:
>>>
>>>  Failed to execute stage 'Environment setup': Cannot connect to Engine
>>> database using existing credentials: engine@localhost:5432
>>>
>> Seems that I need to have psql running to be able to run engine-backup
>> --mode=restore. Are there any steps how one could manually prepare pgsql
>> for ovirt so as to attempt restoration?
>>
>>>
&g

[ovirt-users] Re: Fix corrupt self-hosted engine

2020-11-19 Thread Yedidyah Bar David
On Thu, Nov 19, 2020 at 5:12 PM Yedidyah Bar David  wrote:

> On Thu, Nov 19, 2020 at 4:37 PM Alex K  wrote:
>
>> Hi all,
>>
>> I have a corrupt self-hosted engine (with several file system errors,
>> postgres not able to start) and thus it does not give access to the web UI.
>> This happened following an unlucky split brain resolution (I am running 2
>> nodes). The two hosts are running VMs also which I would like to keep
>> running as they are needed.
>>
>> When trying to boot into rescue mode (using systemd.unit=emergency.target
>> boot parameter) I get a cursor and nothing else.
>>
>
> This means that more than just the DB is corrupt...
>
>
>>
>> I have backups of engine files with scope all (using the engine-backup
>> tool).
>> What is the best approach to try and fix the engine or redeploy.
>>
>
> If you are careful, and know what you are doing, you can try something
> like the following. I am not giving many details, hopefully you can find on
> the net tutorials about how to use the things I suggest:
>
> 1. Move to global maintenance
>
> 2. Stop the current dead vm (if needed)
>
> 3. Find current vm conf, edit it to boot from a rescue iso image of your
> preference or from net/PXE etc., and start the vm with '--vm-conf' pointing
> to your edited file.
>
> 4. Connect a console (hosted-engine --console, or 'virsh console', or use
> '--add-console-password' and remote viewer, if needed)
>
> 5. Clean the disk and install the OS, oVirt, etc.
>
> 6. Copy your backup into the vm and restore with engine-backup
>
> 7. Then cleanly stop the machine, exit global maint, and let HA start it
> (or start it yourself with --vm-start).
>
> At the time, we had a bug [1] to document this. The result is [2]. It does
> not detail how to boot/reinstall os/etc., only restore (if e.g. db is dead
> but fs is ok).
> For something somewhat similar to what you want, see also [3], which uses
> guestfish. Might be useful, depending on how badly your disk is corrupted.
>
> How did you run into a split brain? There is a lock on the shared storage
> that should prevent this.
>

Also, to clarify:

The "official" answer is to deploy a new hosted-engine, on new storage,
with --restore-from-file. This IMO does not let you keep your VMs up, at
least not all of them, definitely if you don't have another host to restore
on.

Keeping the VMs up is risky if you have HA VMs, or if you
started/stopped/migrated VMs after you took your backup.

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZCCYFBSZVUY7YJ7L5Q5U3SG4CI3CPHNN/


[ovirt-users] Re: Fix corrupt self-hosted engine

2020-11-19 Thread Yedidyah Bar David
On Thu, Nov 19, 2020 at 4:37 PM Alex K  wrote:

> Hi all,
>
> I have a corrupt self-hosted engine (with several file system errors,
> postgres not able to start) and thus it does not give access to the web UI.
> This happened following an unlucky split brain resolution (I am running 2
> nodes). The two hosts are running VMs also which I would like to keep
> running as they are needed.
>
> When trying to boot into rescue mode (using systemd.unit=emergency.target
> boot parameter) I get a cursor and nothing else.
>

This means that more than just the DB is corrupt...


>
> I have backups of engine files with scope all (using the engine-backup
> tool).
> What is the best approach to try and fix the engine or redeploy.
>

If you are careful, and know what you are doing, you can try something like
the following. I am not giving many details, hopefully you can find on the
net tutorials about how to use the things I suggest:

1. Move to global maintenance

2. Stop the current dead vm (if needed)

3. Find current vm conf, edit it to boot from a rescue iso image of your
preference or from net/PXE etc., and start the vm with '--vm-conf' pointing
to your edited file.

4. Connect a console (hosted-engine --console, or 'virsh console', or use
'--add-console-password' and remote viewer, if needed)

5. Clean the disk and install the OS, oVirt, etc.

6. Copy your backup into the vm and restore with engine-backup

7. Then cleanly stop the machine, exit global maint, and let HA start it
(or start it yourself with --vm-start).

At the time, we had a bug [1] to document this. The result is [2]. It does
not detail how to boot/reinstall os/etc., only restore (if e.g. db is dead
but fs is ok).
For something somewhat similar to what you want, see also [3], which uses
guestfish. Might be useful, depending on how badly your disk is corrupted.

How did you run into a split brain? There is a lock on the shared storage
that should prevent this.

Good luck and best regards,

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1482710
[2]
https://www.ovirt.org/documentation/administration_guide/#Overwriting_a_Self-Hosted_Engine
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1569827#c4
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/2ALJN3CXYNC2UUCEI6H7HX3QU7YWUAML/


[ovirt-users] Re: Hosted Engine can't migrate

2020-11-17 Thread Yedidyah Bar David
Hi,

On Wed, Nov 18, 2020 at 8:08 AM McNamara, Bradley
 wrote:
>
> I'm new to oVirt, but not new to virtualization technologies.  I've run into 
> a wall, but the solution has gotta be simple.  I've seen other threads with 
> the same issue, but a solution is never posted.
>
> I've followed the guide perfectly.  I get  the self-hosted engine up and 
> running with no issues.  I add hosts to the cluster, but it won't let me 
> migrate the HE because of Hosted Engine HA score of "N/A" on every host 
> except the one it was initially deployed on.  The physical servers are 
> exactly the same:  same networks, storage, OS, patches, etc.  The additional 
> hosts are added thru the HE GUI and are added without issue.  Is there a 
> secret button I gotta push?
>
> What am I missing?  This is with 4.3 on CentOS 7.9.

Can other VMs migrate (who use the same storage server, so you know
it's not a storage/network issue)?

Please check/share /var/log/ovirt-hosted-engine-ha/* on all hosts, as
well as output of 'hosted-engine --vm-status' on all of them.

Good luck and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/WZBXWHRGLAWWT675ROBSDPB6W5KTRG3F/


[ovirt-users] Re: Deploy oVirt Engine fail behind proxy

2020-11-17 Thread Yedidyah Bar David
On Thu, Nov 12, 2020 at 9:32 AM Matteo Bonardi  wrote:
>
>
>
> Il giorno mer 11 nov 2020 alle ore 11:01 Yedidyah Bar David  
> ha scritto:
>>
>> On Wed, Nov 11, 2020 at 11:49 AM Matteo Bonardi  wrote:
>> >
>> > Hi Didi,
>> >
>> > > On Tue, Nov 10, 2020 at 7:18 PM Strahil Nikolov via Users
>> > > > > >
>> > > I already suggested to open a bug for this earlier in this thread.
>> >
>> > I will open a bug for that.
>>
>> Thanks.
>>
>> >
>> > > I am not sure. I talked with Sandro about this, and we agreed that a
>> > > common enterprise requirement is being able to use a local _mirror_
>> > > (e.g. Foreman), mainly for disconnected use (without an Internet
>> > > connection). A proxy is technically quite different, even if in
>> > > principle can be used for the same need.
>> > >
>> >
>> > I can understand your point, but since the deploy script already checks 
>> > that the proxy is set, I don't see why it can't pass this information to 
>> > the engine.
>>
>> Sorry, where?
>
>
> Sincerely I didn't read the code, but reading the log there are more than one 
> reference to proxy.
> For example:
>
> 2020-11-10 18:15:48,518+0100 WARNING 
> otopi.plugins.gr_he_common.network.gateway gateway._setup:88 It seems that 
> this host is configured to use a proxy, please ensure that this host will be 
> able to reach the engine VM trough that proxy or add a specific exception.

You are right. This was added for:

https://bugzilla.redhat.com/show_bug.cgi?id=1387146

The request there wasn't for full proxy support, just a warning.

> 2020-11-10 18:15:49,637+0100 DEBUG 
> otopi.ovirt_hosted_engine_setup.ansible_utils ansible_utils.run:197 
> ansible-playbook: env: {'LS_COLORS': [..], 'USER': 'root', 'PWD': '', 'HOME': 
> '', 'SSH_CLIENT': '', 'https_proxy': 'http://10.248.2.50:3128/', 
> 'http_proxy': 'http://10.248.2.50:3128/', 'no_proxy': 
> '.', 'SSH_TTY': '/dev/pts/0', 'MAIL': 
> '/var/spool/mail/root', 'SHELL': '/bin/bash', 'TERM': 'xterm', 'SHLVL': '1', 
> 'PYTHONPATH': '/usr/share/ovirt-hosted-engine-setup/scripts/..:',[..], 
> 'HE_ANSIBLE_LOG_PATH': 
> '/var/log/ovirt-hosted-engine-setup/ovirt-hosted-engine-setup-ansible-get_network_interfaces-20201110181549-tppuv6.log'}

This just logs all env vars when running ansible.

> 2020-11-10 18:17:11,505+0100 INFO 
> otopi.ovirt_hosted_engine_setup.ansible_utils 
> ansible_utils._process_output:111 TASK [ovirt.ovirt.hosted_engine_setup : 
> Check http/https proxy]

Similarly. Was added for:

https://bugzilla.redhat.com/1588720

And to further clarify. Adding full proxy support requires:

1. Some design and development work
2. Routinely testing deployment with a proxy
3. Fix new bugs as they are found

It's not clear this is worth it.

That said, patches are welcome :-). To consider including it, it
should obviously be written so that it also seamlessly works without a
proxy.

Thanks and best regards,

>
> I'm not sure at all, but the log makes me think the proxy is being checked 
> more than once.
> Of course I can be wrong.
>
>>
>> Also:
>>
>> On Wed, Nov 11, 2020 at 11:39 AM Matteo Bonardi  wrote:
>> >
>> > Thanks to all yours suggestions I, finally, complete the deploy with 
>> > success.
>> > The solution is been to edit the file 
>> > /usr/share/ansible/roles/ovirt.engine-setup/tasks/install_packages.yml 
>> > adding the proxy variable:
>>
>> Which version?
>>
>> Perhaps you had 4.4.2 and then updated to 4.4.3 before retrying, or
>> something similar?
>
>
> Before retry the deploy, I have completely cleanup the installation with:
>
> [root@ ~]# ovirt-hosted-engine-cleanup
> [root@ ~]# yum remove ovirt-*
>
> And then reinstall all:
>
> [root@ ~]# yum install 
> https://resources.ovirt.org/pub/yum-repo/ovirt-release44.rpm
> [root@ ~]# yum install ovirt-engine-appliance
> [root@ ~]# yum install ovirt-hosted-engine-setup
>
> I am a bit confused on how to check the version (it is embarrassing, but I am 
> new on ovirt and ansible).
> There is a mismatch between the version in deployment server and in engine vm.
> I have attached the rpm version of both.
> The manager web console shows 4.4.2 as version.
>
>>
>> >
>> > - name: Install oVirt Engine package
>> >   package:
>> > name: "ovirt-engine"
>> > state: present
>> >   environment:
>> > https_proxy: "http://:"
>> > http_proxy: "http://:"
>> > ftp_proxy: "http://:&quo

[ovirt-users] Re: Root Password Reset

2020-11-16 Thread Yedidyah Bar David
On Mon, Nov 16, 2020 at 12:02 PM  wrote:
>
> Also I don't have root password to servers! So I have to reset it too! If I 
> shut down nodes and if anything goes work with oVirt password, guest nodes 
> with start automatically after start or not?

Not sure what you mean exactly.

If you manage to reset admin password and login to admin ui, you can
then, per host:

1. Set to maintenance
2. Restart
3. Connect to it via the console and use whatever means for resetting
root password (search the net for this - there are many guides)

Alternatively, you can also ssh to the engine machine (assuming you
have root password there, or can reset it), and then, as root:

ssh -i /etc/pki/ovirt-engine/keys/engine_id_rsa root@$host

and then change the password, or add your public key, or whatever.

Good luck and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/LCLIM3NEYORLTSKKRNRWIOB5MHGISMKT/


[ovirt-users] Re: easy way to migrate to new engine

2020-11-16 Thread Yedidyah Bar David
On Mon, Nov 16, 2020 at 11:55 AM jb  wrote:
>
> Hello everybody!
>
> At the moment I have here a standalone engine and two nodes. Storage
> type is NFS.
>
> Now I want to setup a 3 node self hosted cluster with Glusterfs and
> import my VMs from the old engine.
>
> I know, there is a guide for migration from standalone to self-hosted
> engine, but there is so many changes (new Subnet/DNS names, different
> type of storage, new CPU type) that I would like to skip this migration
> guide.
>
> Is there a different way to migrate my VMs? Mounting my old storage and
> moving the disks to the Gluster would be nice, but I guess I can not
> just mount a storage with existing VM images.

Actually you can:

https://www.ovirt.org/documentation/administration_guide/#sect-Importing_Existing_Storage_Domains

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/4HVSY74PAVFD47PK4PHOUYXANAFQTMBJ/


[ovirt-users] Re: Root Password Reset

2020-11-16 Thread Yedidyah Bar David
On Mon, Nov 16, 2020 at 11:32 AM  wrote:
>
> Hello!
> I'm new to oVirt, one of my customers has a 2 node (cluster) of oVirt but has 
> no password access to it!
> Is there any way to reset that password?

You mean admin@internal's password? Generally, this should do:

# ovirt-aaa-jdbc-tool user password-reset admin

See also:

https://www.ovirt.org/documentation/administration_guide/#sect-Administering_User_Tasks_From_the_commandline

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/6JJE6J7YX6KOM5KGTIG4DJB2TNKDKZPF/


[ovirt-users] Re: Old and new hardware mix

2020-11-12 Thread Yedidyah Bar David
On Thu, Nov 12, 2020 at 2:00 PM  wrote:
>
> Thanks for the succinct answer.  That gives me the confidence to move forward 
> with the migration.
>
> Though another thought crossed my mind on reading your reply.  After 
> upgrading all host hardware. Can the cluster conf be edited in flight to 
> allow for the new CPU virtualisation extensions,

AFAIK it can. Didn't try this myself.

> or, would I need to create a new management host and migrate to that?

That's not needed, but depending on your needs/hardware, you might want
to keep two clusters in parallel for some time (e.g. old hardware remains
in the old cluster to be used for less important things, etc., and new
cluster for new hardware so that you can use the newer features).

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GSB4OOH44RDSYJFLFL5DOQP6NVCJVHFH/


[ovirt-users] Re: Old and new hardware mix

2020-11-12 Thread Yedidyah Bar David
On Thu, Nov 12, 2020 at 12:15 PM  wrote:
>
> Hi All,
>
> I've just joined the mailing list as my organisation needs a new 
> virtualisation solution.  VMware is prohibitively expensive for a small 
> company like ours and of all the opensource solutions, oVirt looks like the 
> best fit for our needs.
>
> Our existing virtual infrastructure is primarily made up of an old vSphere 5 
> cluster (expired license on old and out of warranty hardware) and a couple of 
> newer standalone (free) ESXi servers.  Both the cluster and the standalones 
> have shared NFS storage so I can move VMs around.
>
> I want to take a couple of older (2014ish) servers which will serve as the 
> management host and one compute node initially.  Then, I'd like to migrate 
> VMs from one vSphere host at a time to the newly created oVirt cluster and 
> convert the now empty vSphere ESXi hosts into oVirt compute nodes as I go.
>
> Firstly - Would new compute host hardware (2020) work in a (2014) based ovirt 
> cluster?

Generally speaking, yes.

>
> If so
>
> Would I be able to take advantage of the more advanced features of ovirt like 
> live migration etc.. with a mix of new and old hardware

Generally speaking - yes, if you set the cluster cpu level to be the
lowest common denominator of your existing machines. Simplest way to
do this, I think (didn't verify), is to add to your new empty cluster
first the oldest host, as I think the cluster conf is set based on the
first host.

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XWM3JBMTBGQQBP3OMBSF56HZ4DIVCRS5/


[ovirt-users] Re: sshd_config AuthorizedKeysFile

2020-11-12 Thread Yedidyah Bar David
On Thu, Nov 12, 2020 at 11:44 AM Angus Clarke  wrote:
>
> Righto
>
> For sure the ssh-copy-id is not happy either - in 20something years I've 
> never used this before, I've always just manipulated files.
>
> I did start raising a bug ... missed some field, had to click back and lost 
> all the previously inputted information - I forgot about this ...
>
>
> Overall, tracing the issue is the thing that took too long, there was some 
> message in the hosted-engine-deployment logs (one of the logs from the engine 
> VM itself) which said something like "check you ssh host keys" (sorry, I've 
> lost that information now) - it would have been useful to see it say 
> something about editing the file /root/.ssh/authorized_keys on the KVM host 
> prior to this.
>
> I didn't spend too long debugging the kvm-add-host-to-cluster issue - I 
> didn't find too much in the way of obvious errors in logs on the 2nd KVM host 
> for that either; rather - having just realised and resolved the hosted-engine 
> deployment issue - I guessed the same response to the add-kvm-host to cluster 
> issue which resolved that too.
>
> So maybe a bit of extra logging on the matter would be a great way forwards, 
> or with such few use cases (am I really the only one to manipulate 
> AuthorizedKeysFile? - wow!) then no action at all might be appropriate.

If you still have the logs, please file a bug and attach them, and
perhaps point out what you'd expect there that is missing (or just let
us look at them, and if we decide that the information there is
enough, we'll ask you, after finding the most relevant line).

Generally speaking, and assuming your only problem was in "Add host to
engine" flow (specifically also during hosted-engine deploy), you
should find these logs in the _engine_ machine, in
/var/log/ovirt-engine (and subdirs). The deploy process also tries to
copy these logs to the _host_, under
/var/log/ovirt-hosted-engine-setup, and this part was enhanced
somewhat in 4.4.3 (see https://bugzilla.redhat.com/1844965 ).

Best regards,

>
> Cheers
> Angus
>
> # ls .ssh
> ls: cannot access .ssh: No such file or directory
> # ssh-copy-id server2
>
> /usr/bin/ssh-copy-id: ERROR: failed to open ID file '/root/.pub': No such 
> file or directory
> (to install the contents of '/root/.pub' anyway, look at the -f 
> option)
>
> ________
> From: Martin Perina 
> Sent: 12 November 2020 09:43
> To: Angus Clarke 
> Cc: users@ovirt.org ; Dana Elfassy ; 
> Yedidyah Bar David 
> Subject: Re: [ovirt-users] sshd_config AuthorizedKeysFile
>
> Hi,
>
> could you please try if ssh-copy-id works with your non-standard sshd 
> configuration? Because last time I've checked I haven't noticed that behavior 
> and keys were always added to $HOME/.ssh/authorized_keys
>
> So feel free to create a bug for that, but up until now you are the first 
> user using this non-standard configuration ...
>
> Regards,
> Martin
>
> On Thu, Nov 12, 2020 at 9:00 AM Angus Clarke  wrote:
>
> Hello
>
> Sharing for anyone who needs it, this was carried out on OL7, they use ovirt 
> 4.3
>
> In short: both the hosted-engine deployment routine and the host add to 
> cluster routine distribute public ssh keys to /root/.ssh/authorized_keys 
> regardless of the AuthorizedKeysFile setting in /etc/ssh/sshd_config. Both 
> routines fail if AuthorizedKeysfile is not default.
>
>
> The hosted-engine setup assumes AuthorizedKeysFile to be default 
> (~/.ssh/authorized_keys) and creates a public key there, instead of following 
> the sshd_config directive. The setup fails on the back of this.
>
> Once I commented this out of sshd_config file (assumes default) and restarted 
> sshd on the KVM host that was running the hosted-engine deployment, the 
> hosted-engine setup completed successfully.
>
>
> Similarly, I could not deploy a second KVM host to the compute cluster until 
> I had altered this setting on that 2nd KVM host - presumably that process has 
> some similar routine that unwittingly writes keys to ~/.ssh/authorized_keys.
>
> HTH
> Angus
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/UMJ4Y622RALUU6QKPNREYS43BP324ODT/
>
>
>
> --
> Martin Perina
> Manager, Software Engineering
> Red Hat Czech s.r.o.



-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TUPSV2DNKY5Z6P4WMIBKFFSFHY5Q5IJH/


[ovirt-users] Re: sshd_config AuthorizedKeysFile

2020-11-12 Thread Yedidyah Bar David
On Thu, Nov 12, 2020 at 10:01 AM Angus Clarke  wrote:
>
> Hello
>
> Sharing for anyone who needs it, this was carried out on OL7, they use ovirt 
> 4.3
>
> In short: both the hosted-engine deployment routine and the host add to 
> cluster routine distribute public ssh keys to /root/.ssh/authorized_keys 
> regardless of the AuthorizedKeysFile setting in /etc/ssh/sshd_config. Both 
> routines fail if AuthorizedKeysfile is not default.
>
>
> The hosted-engine setup assumes AuthorizedKeysFile to be default 
> (~/.ssh/authorized_keys) and creates a public key there, instead of following 
> the sshd_config directive. The setup fails on the back of this.
>
> Once I commented this out of sshd_config file (assumes default) and restarted 
> sshd on the KVM host that was running the hosted-engine deployment, the 
> hosted-engine setup completed successfully.
>
>
> Similarly, I could not deploy a second KVM host to the compute cluster until 
> I had altered this setting on that 2nd KVM host - presumably that process has 
> some similar routine that unwittingly writes keys to ~/.ssh/authorized_keys.

Thanks for the report.

Would you like to open one or two bugs about this?

I think it's just bug, though - from searching relevant source - in the
code adding a host to the engine. This code is also used during hosted-engine
deploy.

We also have code there to add lines to this file on the appliance (engine
vm image), but I do not believe users will work so hard as to update the
image before deploy.

So one bug is probably enough. To make sure, please include there all
relevant details about how "they" (your customer?) configure their
machines - e.g. is it only during their installation (image/PXE/etc.)
or also routinely (puppet etc.)

I admit I am not sure what the expected behavior should be, though:
An admin can run sshd with a custom file. So should we also check that?

Perhaps it's enough if we allow the admin to set a custom location also
for oVirt, instead of trying to guess. And make sure that the failure
error message is clear and unique enough so that people searching the
net for it find your bug, so can find how to configure it :-)

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/NNV5RFGEV4IBGHSHTAGARWRBBJJ4HJ2D/


[ovirt-users] Re: Host NonResponsive after migration to oVirt 4.4

2020-11-11 Thread Yedidyah Bar David
On Wed, Nov 11, 2020 at 12:38 PM tfe...@swissonline.ch
 wrote:
>
> Hello Yedidyah
>
> Many thanks for clarification.
>
> If I wanted to convert my all-in-one installation to a "supported" one (on a 
> single box), would I have to migrate my engine into a self-hosted VM? What 
> would be the most common way to conform?

Basically one of two approaches, depending on your needs:

1. For production, I think most people use hyper-converged
hosted-engine (meaning, local gluster storage and engine its a
self-hosted vm). If you do not want to use gluster, some people also
reported using local NFS/iSCSI, although at least NFS used to be
considered risky (due to locking issues). Most people, though,
consider this overkill - you don't enjoy many of its features, but
it's more complex than e.g. virt-manager.

2. For learning/development/testing, I think most people use
virt-manager, or virsh (perhaps wrapped in custom scripts) or
something similar, to create separate VMs, and then use these as
machines for oVirt - can be a host (with nested-kvm) on one,
standalone engine or hosted-engine host on another, storage on another
(or on the physical machine) - depending on what you want to do.

If you feel like combining both - meaning, (2.), but using oVirt also
for the physical machine - that's just fine too.

>
>
> I was able to fix my problem by:
>
> uninstalling oVirt
> yum update
> installing oVirt 4.4.3
> installing cockpit-ovirt-dashboard (which installs vdsm etc. as dependency)
> modifying the engine-backup script (don't bail out on restore if 
> version<4.3.10)
> Restore engine from backup file
> engine-setup
> Reinstall host from oVirt UI

Seems reasonable. Thanks for the update!

Best regards,

>
>
> Many thanks
>
> Toni Feric
>
>
> On 10.11.20 14:22, Yedidyah Bar David wrote:
>
> On Tue, Nov 10, 2020 at 3:13 PM tfe...@swissonline.ch
>  wrote:
>
> Hello Ritesh
>
> Engine and host is the same. There is only one box.
>
> This is called all-in-one. Was officially supported until 3.6, and is
> unsupported, undocumented and untested these days, although people
> seem to be using it, and even more-or-less successfully.
>
> To get an overview of what you should do, if you follow the current
> documentation, you should read both engine-specific parts and
> hosts-specific parts.
>
> The vdsm daemon does not seem to exist.
>
> # systemctl status vdsmd
> Unit vdsmd.service could not be found.
>
> Should I assume that there is a component missing, which should have been 
> installed?
> I just checked the installation documentation, and was not able to spot a 
> step that could be missing.
> https://www.ovirt.org/documentation/installing_ovirt_as_a_standalone_manager_with_local_databases/#Installing_the_Red_Hat_Virtualization_Manager_SM_localDB_deploy
>
> Thanks, Toni
>
>
> On 10 Nov 2020, at 13:47, Ritesh Chikatwar  wrote:
>
> Hello,
>
> Looks like you are checking this directory in the engine. You will get this 
> in the host.
> Also check vdsm service is running or not using systemctl status vdsmd
>
> On Tue, Nov 10, 2020 at 6:09 PM tfe...@swissonline.ch  
> wrote:
>
> Hello Ritesh
>
> I can see the NIC attached to the host in the UI.
> However, I don’t have a directory /var/log/vdsm.
> I am sharing the filetree of my /var/log in the separately attached text file:
>
> Thanks, Toni
>
>
> On 10 Nov 2020, at 13:04, Ritesh Chikatwar  wrote:
>
> Hello,
>
> Can you share vdsm logs you can find at /var/log/vdsm/vdsm.log.
>
> I guess this might be a vdsm issue between an engine and host.
> also check in ui whether a nic is attached to the host after upgrade.
>
> On Tue, Nov 10, 2020 at 5:18 PM tfe...@swissonline.ch  
> wrote:
>
>  Hi
>
> I am looking for help after my oVirt upgrade failed.
>
>
> I have upgraded from ovirt 4.3 to 4.4 following the instructions here:
>
> https://www.ovirt.org/documentation/upgrade_guide/#Upgrading_from_4-3
>
> It's a single-host (standalone engine) test environment.
> I wiped CentOS 7 and reinstalled a fresh CentOS 8.
> I installed the oVirt 4.4 repo and all the necessary software packets.
>
> I used `engine-backup --mode=restore 
> --file=/tmp/ovirt-engine-pre-upgrade.backup --provision-all-databases` from a 
> backup file I created before I started the upgrade.
> After the restore, I ran `engine-setup`.
>
> I did not get any errors during any of these steps on the console.
> So the upgrade could be considered successful from that perspective.
>
> After the upgrade, I login to the ovirt admin portal, and I try to "Activate" 
> my host (was set to "Maintenance" mode before up

[ovirt-users] Re: Deploy oVirt Engine fail behind proxy

2020-11-11 Thread Yedidyah Bar David
On Wed, Nov 11, 2020 at 12:14 PM Gianluca Cecchi
 wrote:
>
> On Wed, Nov 11, 2020 at 11:05 AM Yedidyah Bar David  wrote:
>
> [snip]
>
>> > One suggestion for who will have the same problem:
>> > This file was created by the first failed run of the deploy.
>> > Without run the deploy, this file does not exists.
>> > So you have to run the deploy one time, let it fail and then edit the file.
>> > I know that it seems a stupid suggestion but i think could help someone.
>>
>> It's not stupid! :-). I think you unknowingly ran into something
>> caused by the move to ovirt-ansible-roles in 4.4.3 [1].
>>
>> Until 4.4.2, this file was in the package ovirt-ansible-engine-setup , in:
>>
>> /usr/share/ansible/roles/ovirt.engine-setup/tasks/install_packages.yml
>>
>> In 4.4.3, this file, along with many others (including hosted-engine
>> ansible code), is in ovirt-ansible-collection, in:
>>
>> /usr/share/ansible/collections/ansible_collections/ovirt/ovirt/roles/engine_setup/tasks/install_packages.yml
>
>
> Uhm...
> Can this be related in any way with my dependency problems updating engine 
> from 4.4.2 to 4.4.3, as described in the thread just opened here:
> https://lists.ovirt.org/archives/list/users@ovirt.org/thread/JEZZ5CMFM4EFKT3637BZZDBRJCQYVFRH/

I am aware of your other thread, might reply later (or I hope someone
else will do the investigation...).

I do not think it's strictly related, but not sure yet. Yours was on
the engine machine, whereas current is about a host (hosted-engine)
machine.

Thanks anyway :-),
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/M7HL4RBE3LEMZ5X5DUKSURI72UEMVHYW/


[ovirt-users] Re: Deploy oVirt Engine fail behind proxy

2020-11-11 Thread Yedidyah Bar David
On Wed, Nov 11, 2020 at 11:49 AM Matteo Bonardi  wrote:
>
> Hi Didi,
>
> > On Tue, Nov 10, 2020 at 7:18 PM Strahil Nikolov via Users
> >  >
> > I already suggested to open a bug for this earlier in this thread.
>
> I will open a bug for that.

Thanks.

>
> > I am not sure. I talked with Sandro about this, and we agreed that a
> > common enterprise requirement is being able to use a local _mirror_
> > (e.g. Foreman), mainly for disconnected use (without an Internet
> > connection). A proxy is technically quite different, even if in
> > principle can be used for the same need.
> >
>
> I can understand your point, but since the deploy script already checks that 
> the proxy is set, I don't see why it can't pass this information to the 
> engine.

Sorry, where?

Also:

On Wed, Nov 11, 2020 at 11:39 AM Matteo Bonardi  wrote:
>
> Thanks to all yours suggestions I, finally, complete the deploy with success.
> The solution is been to edit the file 
> /usr/share/ansible/roles/ovirt.engine-setup/tasks/install_packages.yml adding 
> the proxy variable:

Which version?

Perhaps you had 4.4.2 and then updated to 4.4.3 before retrying, or
something similar?

>
> - name: Install oVirt Engine package
>   package:
> name: "ovirt-engine"
> state: present
>   environment:
> https_proxy: "http://:"
> http_proxy: "http://:"
> ftp_proxy: "http://:"
>   when: ovirt_engine_setup_product_type | lower == 'ovirt'
> [..]
>
> One suggestion for who will have the same problem:
> This file was created by the first failed run of the deploy.
> Without run the deploy, this file does not exists.
> So you have to run the deploy one time, let it fail and then edit the file.
> I know that it seems a stupid suggestion but i think could help someone.

It's not stupid! :-). I think you unknowingly ran into something
caused by the move to ovirt-ansible-roles in 4.4.3 [1].

Until 4.4.2, this file was in the package ovirt-ansible-engine-setup , in:

/usr/share/ansible/roles/ovirt.engine-setup/tasks/install_packages.yml

In 4.4.3, this file, along with many others (including hosted-engine
ansible code), is in ovirt-ansible-collection, in:

/usr/share/ansible/collections/ansible_collections/ovirt/ovirt/roles/engine_setup/tasks/install_packages.yml

Can't guess, though, your exact flow - if you suspect a bug, please
check/share relevant logs (including dnf, but perhaps also ansible),
perhaps in a separate bug.

Sorry if this is confusing/messy. Feel free to comment on [1] if you
have something specific to add (it's a RHV bug, though, so if unsure,
perhaps file another bug. RHV's and oVirt's documentation are not as
aligned as their source code).

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1891749

Thanks and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/55HJDO63UT6XQPEIPPPB2GLUVMDTJXT7/


[ovirt-users] Re: Cannot restore engine from 4.3.9 to 4.4.3

2020-11-11 Thread Yedidyah Bar David
On Wed, Nov 11, 2020 at 4:34 AM tfe...@swissonline.ch
 wrote:
>
> Hi
>
> I just tried to restore my engine backup taken from release 4.3.9.4 to a 
> newer oVirt installation release 4.4.3.11.
>
> The restore process fails with a FATAL error.
>
> I was under the impression that backups from all 4.3 versions were supposed 
> to be restorable on 4.4.

This used to be true, but was changed in 4.4.3:

https://bugzilla.redhat.com/1881119 [RFE] Make engine-backup refuse to
restore a backup from a version earlier than 4.3.10

Was filed due to:

https://bugzilla.redhat.com/1820642 [cinderlib] Cinderlib DB is
missing a backup and restore option [RHV clone - 4.3.10]

>
> My installation is a single-box all-in-one (Standalone Engine installed 
> together with oVirt node).

Please upgrade first to 4.3.10.

We did this to make sure the backup included the cinderlib db, if set up.
It's not really needed if you do not use cinderlib, but I didn't
consider making this requirement optional, as the documentation
already says to upgrade to latest 4.3 first, so I assumed it's not
really needed (and we did have concrete cases in the past, where
upgrading from an older version was broken, see e.g. the discussion in
bug 1366900, especially comment 7 and comment 15).

If that's a problem, you can edit the engine-backup script, reverting
the patch linked from the first bug above. It's enough to remove the
'if 4.3/.../fi' (lines 1281-1290).

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/O7TWZTUDZHQFB4KHBU2L54ILDUQNIJMP/


[ovirt-users] Re: Deploy oVirt Engine fail behind proxy

2020-11-11 Thread Yedidyah Bar David
On Tue, Nov 10, 2020 at 7:18 PM Strahil Nikolov via Users
 wrote:
>
> the delegate_to stanza should use the variable for the HostedEngine, but I 
> think this one from the code should work:
>
> delegate_to: "{{ groups.engine[0] }}"
>
> @Sandro Bonazzola ,
> Maybe we should open a feature request for allowing the installer to deploy a 
> proxy ?

I already suggested to open a bug for this earlier in this thread.

> I think it's quite common in Enterprise environments .

I am not sure. I talked with Sandro about this, and we agreed that a
common enterprise requirement is being able to use a local _mirror_
(e.g. Foreman), mainly for disconnected use (without an Internet
connection). A proxy is technically quite different, even if in
principle can be used for the same need.

Best regards,

>
> Best Regards,
> Strahil Nikolov
>
>
>
>
>
>
> В вторник, 10 ноември 2020 г., 18:57:03 Гринуич+2, Strahil Nikolov 
>  написа:
>
>
>
>
>
> Simeon's proposal will be valid only for the deployment of the package - and 
> it should allow the deployment to pass.
>
> The example from the previous won't work as yum/dns is not using system proxy 
> -> my bad I didn't realize it earlier.
>
> I guess the task for the engine to use the proxy when installing software 
> would look like ( I haven't tested it,though):
>
>   - name: Deploy_proxy
> lineinfile:
>   line:  "proxy=http://myproxy.localdomain:3399;
>   state: "present"
>   path: "/etc/dnf/dnf.conf"
> delegate_to: localhost
>
>
>
> Best Regards,
> Strahil Nikolov
>
>
>
>
>
> В вторник, 10 ноември 2020 г., 17:59:29 Гринуич+2, Simon Coter 
>  написа:
>
>
>
>
>
> Hi Matteo,
>
> this one is the solution we’ve applied on OLVM that should also work for 
> oVirt:
>
> Before Deploying Self Hosted Engine(SHE) update the below lines in 
> /usr/share/ansible/roles/ovirt.hosted-engine-setup/hooks/enginevm_before_engine_setup/install_pre_setup_packages.yml
>
> From
> - name:Install oVirt Engine packages for restoring backup
> package:
> name: "ovirt-engine"
> state: present
> when: ovirt_engine_setup_product_type | lower == 'ovirt'
>  To
> -name: Install oVirt Engine packages for restoring backup
> package:
>  name: "ovirt-engine"
>  state: present
> environment:
>  https_proxy: 
>  http_proxy: 
> when: ovirt_engine_setup_product_type | lower == 'ovirt'
>
> In place of  add your own proxy; example: http://myproxy:3128
>
> Hope this helps.
>
> Simon
>
> > On Nov 10, 2020, at 4:45 PM, Matteo Bonardi  wrote:
> >
> > Hi Strahil,
> >
> > How can I define that task and pass it to the deploy?
> >
> > Thanks,
> > Matteo
> >
> > Il mar 10 nov 2020, 16:33 Strahil Nikolov  ha 
> > scritto:
> >> Did anyone try to define a task to deploy the variables in the 
> >> HostedEngine before the task?
> >>
> >> For example (take only the task):
> >> ---
> >> - name: Deploy proxy
> >>  hosts: localhost
> >>  tasks:
> >>  - name: Deploy_proxy
> >>blockinfile:
> >>  block:
> >>http_proxy=http://myproxy.localdomain:3399
> >>https_proxy=https://myproxy.localdomain:3340
> >>no_proxy=localhost
> >>  create: True
> >>  mode: "0444"
> >>  owner: "root"
> >>  selevel: "s0"
> >>  serole: "object_r"
> >>  setype: "bin_t"
> >>  seuser: "system_u"
> >>  state: "present"
> >>  path: "/etc/profile.d/proxy.sh"
> >>delegate_to: localhost
> >>
> >> And the result is:
> >> [root@engine ~]# echo $http_proxy
> >> http://myproxy.localdomain:3399
> >> [root@engine ~]# echo $https_proxy
> >> https://myproxy.localdomain:3340
> >> [root@engine ~]# echo $no_proxy
> >> localhost
> >>
> >>
> >> Best Regards,
> >> Strahil Nikolov
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> В вторник, 10 ноември 2020 г., 12:17:52 Гринуич+2, Gianluca Cecchi 
> >>  написа:
> >>
> >>
> >>
> >>
> >>
> >> On Tue, Nov 10, 2020 at 8:55 AM Matteo Bonardi  wrote:
>  On Tue, Nov 10, 2020 at 9:14 AM Matteo Bonardi   wrote:
> 
>  Someone recently reported on this list that setting both environment
>  variables http_proxy and https_proxy worked for them.
> >>>
> >>>
> >>
> >> yes it was me here:
> >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/D5WQSM7OZNKJQK3L5CN367W2TRVZZVHZ/
> >>
> >> But in my case it was simpler because the engine was external.
> >> With hosted engine it is indeed a problem that should be addressed I think
> >>
> >> Gianluca
> >>
> >>
> >> ___
> >> Users mailing list -- users@ovirt.org
> >> To unsubscribe send an email to users-le...@ovirt.org
> >> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> >> oVirt Code of Conduct: 
> >> https://www.ovirt.org/community/about/community-guidelines/
> >> List Archives:
> >> https://lists.ovirt.org/archives/list/users@ovirt.org/message/RJ4MQDQDJUNE67FHXI5C5SP62FO6RTLY/
> >>
> >>
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to 

[ovirt-users] Re: Host NonResponsive after migration to oVirt 4.4

2020-11-10 Thread Yedidyah Bar David
On Tue, Nov 10, 2020 at 3:13 PM tfe...@swissonline.ch
 wrote:
>
> Hello Ritesh
>
> Engine and host is the same. There is only one box.

This is called all-in-one. Was officially supported until 3.6, and is
unsupported, undocumented and untested these days, although people
seem to be using it, and even more-or-less successfully.

To get an overview of what you should do, if you follow the current
documentation, you should read both engine-specific parts and
hosts-specific parts.

> The vdsm daemon does not seem to exist.
>
> # systemctl status vdsmd
> Unit vdsmd.service could not be found.
>
> Should I assume that there is a component missing, which should have been 
> installed?
> I just checked the installation documentation, and was not able to spot a 
> step that could be missing.
> https://www.ovirt.org/documentation/installing_ovirt_as_a_standalone_manager_with_local_databases/#Installing_the_Red_Hat_Virtualization_Manager_SM_localDB_deploy
>
> Thanks, Toni
>
>
> On 10 Nov 2020, at 13:47, Ritesh Chikatwar  wrote:
>
> Hello,
>
> Looks like you are checking this directory in the engine. You will get this 
> in the host.
> Also check vdsm service is running or not using systemctl status vdsmd
>
> On Tue, Nov 10, 2020 at 6:09 PM tfe...@swissonline.ch  
> wrote:
>>
>> Hello Ritesh
>>
>> I can see the NIC attached to the host in the UI.
>> However, I don’t have a directory /var/log/vdsm.
>> I am sharing the filetree of my /var/log in the separately attached text 
>> file:
>>
>> Thanks, Toni
>>
>>
>> On 10 Nov 2020, at 13:04, Ritesh Chikatwar  wrote:
>>
>> Hello,
>>
>> Can you share vdsm logs you can find at /var/log/vdsm/vdsm.log.
>>
>> I guess this might be a vdsm issue between an engine and host.
>> also check in ui whether a nic is attached to the host after upgrade.
>>
>> On Tue, Nov 10, 2020 at 5:18 PM tfe...@swissonline.ch 
>>  wrote:
>>>
>>>  Hi
>>>
>>> I am looking for help after my oVirt upgrade failed.
>>>
>>>
>>> I have upgraded from ovirt 4.3 to 4.4 following the instructions here:
>>>
>>> https://www.ovirt.org/documentation/upgrade_guide/#Upgrading_from_4-3
>>>
>>> It's a single-host (standalone engine) test environment.
>>> I wiped CentOS 7 and reinstalled a fresh CentOS 8.
>>> I installed the oVirt 4.4 repo and all the necessary software packets.
>>>
>>> I used `engine-backup --mode=restore 
>>> --file=/tmp/ovirt-engine-pre-upgrade.backup --provision-all-databases` from 
>>> a backup file I created before I started the upgrade.
>>> After the restore, I ran `engine-setup`.
>>>
>>> I did not get any errors during any of these steps on the console.
>>> So the upgrade could be considered successful from that perspective.
>>>
>>> After the upgrade, I login to the ovirt admin portal, and I try to 
>>> "Activate" my host (was set to "Maintenance" mode before upgrade).

Please try 'Reinstall'.

This should install vdsm for you, among many other things.

Best regards,

>>> The Activation fails with error "NonResponsive" in the GUI.
>>> Under the "bell" icon, I find the Event "Host nuc1.feric.ch is non 
>>> responsive.”
>>>
>>> In /var/log/ovirt-engine/engine.log, I find the following error:
>>> ```
>>> 2020-11-09 23:12:21,080+01 ERROR 
>>> [org.ovirt.engine.core.vdsbroker.vdsbroker.GetCapabilitiesAsyncVDSCommand] 
>>> (EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-47) [] 
>>> Command 'GetCapabilitiesAsyncVDSCommand(HostName = nuc1.feric.ch, 
>>> VdsIdAndVdsVDSCommandParametersBase:{hostId='d7c30cc0-ac59-4cf3-a1e7-b9fae9db83fb',
>>>  vds=‘Host[nuc1.feric.h,d7c30cc0-ac59-4cf3-a1e7-b9fae9db83fb]'})' execution 
>>> failed: java.net.ConnectException: Connection refused
>>> ```
>>>
>>> `systemctl status ovirt-engine` shows that the engine is running.
>>> I am able to reboot the host from the oVirt GUI directly.
>>>
>>> Does anyone have an idea how to proceed?
>>>
>>> Many thanks
>>> Toni
>>> ___
>>> Users mailing list -- users@ovirt.org
>>> To unsubscribe send an email to users-le...@ovirt.org
>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>>> oVirt Code of Conduct: 
>>> https://www.ovirt.org/community/about/community-guidelines/
>>> List Archives: 
>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/QWVBKDG2Q4BJHDHXNAHIWIG3QLW5E235/
>>
>>
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/BBBWNXCC5R3TC4FZC2MHKPCBLX3Q4ZHK/



-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 

[ovirt-users] Re: Deploy oVirt Engine fail behind proxy

2020-11-10 Thread Yedidyah Bar David
On Tue, Nov 10, 2020 at 12:18 PM Gianluca Cecchi
 wrote:
>
> On Tue, Nov 10, 2020 at 8:55 AM Matteo Bonardi  wrote:
>>
>> > On Tue, Nov 10, 2020 at 9:14 AM Matteo Bonardi > > wrote:
>> >
>> > Someone recently reported on this list that setting both environment
>> > variables http_proxy and https_proxy worked for them.
>
>
> yes it was me here:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/D5WQSM7OZNKJQK3L5CN367W2TRVZZVHZ/
>
> But in my case it was simpler because the engine was external.
> With hosted engine it is indeed a problem that should be addressed I think

Thanks for the update :-)

Not sure if this is already expected to work (and was broken at some
point) or not.
Can one of you please file a bug about this?
I am not aware of another workaround, sorry.

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/D736NGNASY2RHU2KJDAQQV5HP6BUAH3W/


[ovirt-users] Re: Deploy oVirt Engine fail behind proxy

2020-11-09 Thread Yedidyah Bar David
On Tue, Nov 10, 2020 at 9:14 AM Matteo Bonardi  wrote:
>
> Hi,
>
> I am trying to deploy the ovirt engine following self-hosted engine 
> installation procedure on documentation.
> Deployment servers are behind a proxy and I have set it in environment and in 
> yum.conf before run deploy.

Someone recently reported on this list that setting both environment
variables http_proxy and https_proxy worked for them.
I didn't try this myself recently.

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FQ6WXIHDUM3GFT2UQH4BTDG2FXHEBZYB/


[ovirt-users] Re: Migrate hosted-engine to new storage domain

2020-11-03 Thread Yedidyah Bar David
On Tue, Nov 3, 2020 at 7:07 AM matthew.st...@fujitsu.com
 wrote:
>
> I’ve migrated my iSCSI storage to a new array, and the only thing remaining 
> is to migrate the hosted-engine.
>
>
>
> Any directions on how I should proceed.   I understand that I will need to 
> back-up the existing, create a new hosted-engine on the new storage, 
> specifying the backup a reference.
>
>
>
> I just would like to see a step-by-step, so I know I am doing everything, and 
> in the right order.

Generally speaking, you should follow the hosted-engine backup and
restore flows/documents.

I strongly suggest to test this first on a test machine before production.

You can take a backup without downtime.

Restore on some machine (can be a VM, with nested-kvm) that has no
access to your production storage and hosts (to make sure the restored
engine won't start managing them/competing with the production one).

See that all looks good. Then plan production...

Good luck and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/Q3PVSYH4YGGGYZNXWXDSCJ73MOINZDV7/


[ovirt-users] Re: Training Video or document or training session

2020-11-01 Thread Yedidyah Bar David
On Sat, Oct 31, 2020 at 8:08 AM Kushwaha, Tarun Kumar <
ta...@synergysystemsindia.com> wrote:

> yes we can do that
>
> https://skyvirt.tech
>

There is this page with a list of such organizations:

https://www.ovirt.org/community/user-stories/users-and-providers.html

Kushwaha, I do not see skyvirt listed there. Feel free to push a PR adding
it :-)

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZIYADSNLT3SBZCNJ7AXFOLT667JRHJ25/


[ovirt-users] Re: The Master data domain can't be activated

2020-10-29 Thread Yedidyah Bar David
Hi!

On Thu, Oct 29, 2020 at 1:23 AM Miguel Angel Costas 
wrote:

> Hi all!!
>
> I had a terrible problem with my blade and I lost the 2 nodes.


"The", as in you had only two nodes, and lost both of them?


> I have installed a new server as a node  (
> ovirt-node-iso-3.6-0.999.201608311021.el7.centos.iso)


This is a very old and long-unsupported version.
If at all possible, I recommend upgrading to 4.4, the currently-supported
version.

If you do not want to, or cannot, do the entire upgrade chain, you can
consider installing new engine+hosts and import the old storage domains. If
you do, please try this first on a test system, to see that it works as
expected.


> but for any reason the data domain don't start. It the same node version.
> The ovirt manager is 3.6.7
>
> If I create a new datacenter I can attach a lv from the same lun with the
> problem..
>
> Someone could help me.. I have been working to solve the problem fron the
> saturday..
>

Please provide more details:

1. A brief description of your architecture/topology - number of hosts,
clusters/DCs, storage, networks, etc.
2. What happened so far, as much as you can tell
3. What exactly you try to do now, at which times exactly, and what
happens, including exact times
4. All relevant logs, and make sure you can find the times you mention
above in the logs. These include:
from the engine: /var/log/ovirt-engine
from hosts: /var/log/vdsm

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/4V7BJIVZCIAQB7DZMCXYI7ABR77W6VW7/


[ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days [newbie & frustrated]

2020-10-26 Thread Yedidyah Bar David
On Mon, Oct 26, 2020 at 11:47 AM  wrote:

> Quick question, after installing Ovirt before “hosted-engine –deploy” is
> the website with http? Not https.
>

You mean the cockpit interface? On port 9090? That's not part of oVirt,
it's in every el8 machine. Should be https, by default with a self-signed
cert.


>
>
> Yours Sincerely,
>
>
>
> *Henni *
>
>
>
> *From:* Yedidyah Bar David 
> *Sent:* Sunday, 25 October 2020 16:46
> *To:* Simone Tiraboschi 
> *Cc:* i...@worldhostess.com; Edward Berger ; users <
> users@ovirt.org>
> *Subject:* [ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days
> [newbie & frustrated]
>
>
>
> On Sat, Oct 24, 2020 at 12:31 PM Simone Tiraboschi 
> wrote:
>
> Hi Henni,
>
> your issue is just here:
>
> 2020-10-16 11:20:59,445+0200 DEBUG var changed: host "localhost" var
> "hostname_resolution_output" type "" value: "{
> "changed": true,
> "cmd": "getent ahosts node01.xyz.co.za | grep STREAM",
> "delta": "0:00:00.004671",
> "end": "2020-10-16 11:20:59.179399",
> "failed": false,
> "rc": 0,
> "start": "2020-10-16 11:20:59.174728",
> "stderr": "",
> "stderr_lines": [],
> "stdout": "156.38.192.226  STREAM node01.xyz.co.za",
> "stdout_lines": [
> "156.38.192.226  STREAM node01.xyz.co.za"
> ]
> }"
>
>
>
> but then...
>
>
>
> 2020-10-16 12:15:43,079+0200 DEBUG var changed: host "localhost" var
> "he_vm_ip_addr" type " 'ansible.parsing.yaml.objects.AnsibleUnicode'>" value: ""156.38.192.226""
> 2020-10-16 12:15:43,079+0200 DEBUG var changed: host "localhost" var
> "he_vm_ip_prefix" type "" value: "29"
> ...
> 2020-10-16 12:15:43,079+0200 DEBUG var changed: host "localhost" var
> "he_cloud_init_host_name" type " 'ansible.parsing.yaml.objects.AnsibleUnicode'>" value: ""engine01""
> 2020-10-16 12:15:43,079+0200 DEBUG var changed: host "localhost" var
> "he_cloud_init_domain_name" type " 'ansible.parsing.yaml.objects.AnsibleUnicode'>" value: ""xyz.co.za""
>
> So,
>
> your host is named node01.xyz.co.za and it resolves to 156.38.192.226,
>
> then you are trying to create a VM named engine01.xyz.co.za and you are
> trying to configure it with a static set IPv4 address which is
> still 156.38.192.226.
> This is enough to explain all the subsequent networking issues.
>
>
> Please try again using two distinct IP addresses for the node and the
> engine VM.
>
>
>
> Thanks, Simone!
>
>
>
>
> ciao,
>
> Simone
>
>
>
>
>
> On Sat, Oct 24, 2020 at 8:35 AM  wrote:
>
> File 1
>
>
> /var/log/ovirt-hosted-engine-setup/ovirt-hosted-engine-setup-20201024072802-qzvr7t.log
>
>
>
> 2020-10-24 08:10:14,990+0200 ERROR otopi.plugins.gr_he_common.core.misc
> misc._terminate:167 Hosted Engine deployment failed: please check the logs
> for the issue, fix accordingly or re-deploy from scratch.
>
> 2020-10-24 08:10:14,990+0200 DEBUG otopi.plugins.otopi.dialog.human
> dialog.__logString:204 DIALOG:SEND \
>
>
>
> Yours Sincerely,
>
>
>
> *Henni *
>
>
>
> *From:* i...@worldhostess.com 
> *Sent:* Saturday, 24 October 2020 14:03
> *To:* 'Yedidyah Bar David' 
> *Cc:* 'Edward Berger' ; 'users' 
> *Subject:* [ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days
> [newbie & frustrated]
>
>
>
> Can anyone explain to me how to use the “screen -d -r” option
>
>
>
> Start the deployment script:
>
> # hosted-engine --deploy
>
> To escape the script at any time, use the Ctrl+D keyboard combination to
> abort deployment. In the event of session timeout or connection disruption,
> run screen -d -r to recover the deployment session.
>
>
>
>
>
> Yours Sincerely,
>
>
>
> *Henni *
>
>
>
> *From:* Yedidyah Bar David 
> *Sent:* Wednesday, 21 October 2020 15:04
> *To:* i...@worldhostess.com
> *Cc:* Edward Berger ; users 
> *Subject:* [ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days
> [newbie & frustrated]
>
>
>
> On Wed, Oct 21, 2020 at 4:19 AM  wrote:
>
> Did you try to ssh to the engine VM?
> ssh is disconnecting within 1 second to 30 seconds, impossible to
> perform anything.
>
>
>
> ssh to the host? Or to the engine vm?
>
>

[ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days [newbie & frustrated]

2020-10-25 Thread Yedidyah Bar David
On Sat, Oct 24, 2020 at 12:31 PM Simone Tiraboschi 
wrote:

> Hi Henni,
> your issue is just here:
> 2020-10-16 11:20:59,445+0200 DEBUG var changed: host "localhost" var
> "hostname_resolution_output" type "" value: "{
> "changed": true,
> "cmd": "getent ahosts node01.xyz.co.za | grep STREAM",
> "delta": "0:00:00.004671",
> "end": "2020-10-16 11:20:59.179399",
> "failed": false,
> "rc": 0,
> "start": "2020-10-16 11:20:59.174728",
> "stderr": "",
> "stderr_lines": [],
> "stdout": "156.38.192.226  STREAM node01.xyz.co.za",
> "stdout_lines": [
> "156.38.192.226  STREAM node01.xyz.co.za"
> ]
> }"
>
> but then...
>
> 2020-10-16 12:15:43,079+0200 DEBUG var changed: host "localhost" var
> "he_vm_ip_addr" type " 'ansible.parsing.yaml.objects.AnsibleUnicode'>" value: ""156.38.192.226""
> 2020-10-16 12:15:43,079+0200 DEBUG var changed: host "localhost" var
> "he_vm_ip_prefix" type "" value: "29"
> ...
> 2020-10-16 12:15:43,079+0200 DEBUG var changed: host "localhost" var
> "he_cloud_init_host_name" type " 'ansible.parsing.yaml.objects.AnsibleUnicode'>" value: ""engine01""
> 2020-10-16 12:15:43,079+0200 DEBUG var changed: host "localhost" var
> "he_cloud_init_domain_name" type " 'ansible.parsing.yaml.objects.AnsibleUnicode'>" value: ""xyz.co.za""
>
> So,
> your host is named node01.xyz.co.za and it resolves to 156.38.192.226,
> then you are trying to create a VM named engine01.xyz.co.za and you are
> trying to configure it with a static set IPv4 address which is
> still 156.38.192.226.
> This is enough to explain all the subsequent networking issues.
>
> Please try again using two distinct IP addresses for the node and the
> engine VM.
>

Thanks, Simone!


>
> ciao,
> Simone
>
>
> On Sat, Oct 24, 2020 at 8:35 AM  wrote:
>
>> File 1
>>
>>
>> /var/log/ovirt-hosted-engine-setup/ovirt-hosted-engine-setup-20201024072802-qzvr7t.log
>>
>>
>>
>> 2020-10-24 08:10:14,990+0200 ERROR otopi.plugins.gr_he_common.core.misc
>> misc._terminate:167 Hosted Engine deployment failed: please check the logs
>> for the issue, fix accordingly or re-deploy from scratch.
>>
>> 2020-10-24 08:10:14,990+0200 DEBUG otopi.plugins.otopi.dialog.human
>> dialog.__logString:204 DIALOG:SEND \
>>
>>
>>
>> Yours Sincerely,
>>
>>
>>
>> *Henni *
>>
>>
>>
>> *From:* i...@worldhostess.com 
>> *Sent:* Saturday, 24 October 2020 14:03
>> *To:* 'Yedidyah Bar David' 
>> *Cc:* 'Edward Berger' ; 'users' 
>> *Subject:* [ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days
>> [newbie & frustrated]
>>
>>
>>
>> Can anyone explain to me how to use the “screen -d -r” option
>>
>>
>>
>> Start the deployment script:
>>
>> # hosted-engine --deploy
>>
>> To escape the script at any time, use the Ctrl+D keyboard combination to
>> abort deployment. In the event of session timeout or connection disruption,
>> run screen -d -r to recover the deployment session.
>>
>>
>>
>>
>>
>> Yours Sincerely,
>>
>>
>>
>> *Henni *
>>
>>
>>
>> *From:* Yedidyah Bar David 
>> *Sent:* Wednesday, 21 October 2020 15:04
>> *To:* i...@worldhostess.com
>> *Cc:* Edward Berger ; users 
>> *Subject:* [ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days
>> [newbie & frustrated]
>>
>>
>>
>> On Wed, Oct 21, 2020 at 4:19 AM  wrote:
>>
>> Did you try to ssh to the engine VM?
>> ssh is disconnecting within 1 second to 30 seconds, impossible to
>> perform anything.
>>
>>
>>
>> ssh to the host? Or to the engine vm?
>>
>>
>>
>> If to the host, then you have some severe networking issues, I suggest to
>> handle this first.
>>
>>
>>
>>
>> Command line install " hosted-engine --deploy" it gets to this point (see
>> below) and disconnect and thereafter it is disconnecting ssh and http://
>> FQDN:9090
>>
>> "[ INFO  ] TASK [ovirt.hosted_engine_setup : Check engine VM health]"
>>
>> https "Certificate invalid&q

[ovirt-users] Re: Unable to connect to postgres database on oVirt engine

2020-10-25 Thread Yedidyah Bar David
On Thu, Oct 22, 2020 at 9:05 PM Strahil Nikolov 
wrote:

> Hi Didi,
>
> thanks for the info - I learned it the hard way (trial & error) and so far
> it was working.
>
> Do we have an entry about that topic in the documentation ?
>

I do not think we have very much about the engine DB or how to access it at
all, in the official documentation, because it's usually considered a bug
if users have to manually fiddle with that. And if you write your own
script to connect to the engine db and do stuff there, and it's broken in
some next upgrade, that's considered to be your own problem.

We do have lots of official documentation about the DWH database, because
accessing it directly (read-only!) is an official API (including
compatibility views per version, etc.).

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RTQDOGCBD6XW4RFKYNHCX5JRRUJEA2SI/


[ovirt-users] Re: Unable to connect to postgres database on oVirt engine

2020-10-21 Thread Yedidyah Bar David
On Wed, Oct 21, 2020 at 9:16 PM Strahil Nikolov via Users 
wrote:

> I usually run the following (HostedEngine):
>
> [root@engine ~]# su - postgres
>
> -bash-4.2$ source /opt/rh/rh-postgresql10/enable
>

This is applicable to 4.3, on el7. For 4.4 this isn't needed.
Also, IIRC this isn't the official method to activate an SCL component, but:

$ scl enable rh-postgresql10 bash

Which is a significant difference - it runs a process ('bash', in this
case, but you can run psql directly) "inside" the environment.

A somewhat more official (although IIRC still not the recommended) way is:

. scl_source enable rh-postgresql10

(Or 'source' instead of '.', although '.' is the POSIX standard).


> -bash-4.2$ psql engine
>

This works if the engine db is automatically provisioned by engine-setup
(which is the default).

engine-psql.sh works regardless of version, remote or not, etc. It's a
pretty simple script - you can
easily read it to see what it does.

Best regards,


>
>
> How did you try to access the Engine's DB ?
>
> Best Regards,
> Strahil Nikolov
>
>
>
>
>
>
>
>
> В вторник, 20 октомври 2020 г., 17:00:37 Гринуич+3,
> kushagra2agar...@gmail.com  написа:
>
>
>
>
>
> I am unable to connect to postgres database running on oVirt engine and
> while troubleshooting found below possible issue.
>
> semanage fcontext -a -t postgresql_exec_t
> /opt/rh/rh-postgresql10/root/usr/bin/psql
> ValueError: File spec /opt/rh/rh-postgresql10/root/usr/bin/psql conflicts
> with equivalency rule '/opt/rh/rh-postgresql10/root /'; Try adding
> '//usr/bin/psql' instead
>
> Can someone help to resolve this issue.
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/JPWYVOHDVRLNISNH6WMW5KAWRBWI3NZP/
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/LKCIV56ELQRI4HTGK2VPYCP35YXMJYXF/
>


-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/CER6XMTHZZD7FA7BIJR4YQV37X5UXQJP/


[ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days [newbie & frustrated]

2020-10-21 Thread Yedidyah Bar David
On Wed, Oct 21, 2020 at 4:19 AM  wrote:

> Did you try to ssh to the engine VM?
> ssh is disconnecting within 1 second to 30 seconds, impossible to
> perform anything.
>

ssh to the host? Or to the engine vm?

If to the host, then you have some severe networking issues, I suggest to
handle this first.


>
> Command line install " hosted-engine --deploy" it gets to this point (see
> below) and disconnect and thereafter it is disconnecting ssh and http://
> FQDN:9090
>
> "[ INFO  ] TASK [ovirt.hosted_engine_setup : Check engine VM health]"
>
> https "Certificate invalid"
>
> after I run " /usr/sbin/ovirt-hosted-engine-cleanup" I am able to ssh
>
> Yours Sincerely,
>
> Henni
>
> -Original Message-
> From: Yedidyah Bar David 
> Sent: Tuesday, 20 October 2020 14:05
> To: i...@worldhostess.com
> Cc: Edward Berger ; users 
> Subject: [ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days [newbie
> & frustrated]
>
> On Mon, Oct 19, 2020 at 6:00 PM  wrote:
> >
> > I used Cockpit web interface to do the install and I crashed again. I
> think it did not do the final part of the install. There are no other files
> such as "engine-side logs"
>
> Did you try to ssh to the engine VM?
>
> Do you see it running on the host?
>
> >
> > It keep disconnecting from the Cockpit
>
> Due to env issues (communication etc.)? Or oVirt-specific ones (bugs)?
>
> We do have an open bug about allowing to reconnect to cockpit in such
> cases, but it's still NEW for several years now:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1422544
>
> >
> > This is my problem for the last few weeks, it will not complete the
> install and I have no idea why.
>
> If this is your only problem, I suggest to try and work around it somehow:
>
> Either by running the browser through which you connect to cockpit in some
> machine closer (network-wise) to the host you install on (and connect to
> that machine from your laptop using means that allow reconnection, some
> remote desktop or whatever), or using the command line tool/guide, which
> you can/should run inside tmux (and thus easily reconnect if needed).
>
> Good luck and best regards,
>
> >
> > Yours Sincerely,
> >
> > Henni
> >
> >
> > -Original Message-
> > From: Yedidyah Bar David 
> > Sent: Monday, 19 October 2020 14:58
> > To: i...@worldhostess.com
> > Cc: Edward Berger ; users 
> > Subject: [ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days
> > [newbie & frustrated]
> >
> > Hi,
> >
> > On Fri, Oct 16, 2020 at 4:44 PM  wrote:
> > >
> > > Another zip file from fresh Centos & Ovirt install
> > >
> > > The following directories and files are included 1. openvswitch 2.
> > > ovirt-hosted-engine-ha 3. ovirt-hosted-engine-setup 4. ovirt-imageio
> > > 5. vdsm 6. firewalld
> > >
> > > https://drive.google.com/file/d/1QXj2eiNYseJvTVwmlDp8qwIWg64t45Sc/vi
> > > ew
> > > ?usp=sharing
> >
> > Thanks.
> >
> > It's still the same problem ("Check engine VM health" failed) and the
> zip still does not include engine-side logs (either from the engine vm
> itself or from subdirs of /var/log/ovirt-hosted-engine-setup). Please
> check/share these.
> >
> > Also, the files' timestamps are not kept, so 'ls -ltr' does not show
> them in the correct order. Is there a problem with simply using 'tar' as I
> suggested?
> >
> > Thanks and best regards,
> > --
> > Didi
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org Privacy
> > Statement: https://www.ovirt.org/privacy-policy.html
> > oVirt Code of Conduct:
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/OSV5JYVZ
> > TMAJJ7L4O4XHAIBWDL5VKZNP/
> >
>
>
> --
> Didi
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org Privacy Statement:
> https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/GNHTNCLXXXQMYMDR657QEXDCOIYGZKQ2/
>
>

-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/KZI33XJZZOQM2RPNHRVPCPTLPQF7I4RF/


[ovirt-users] Re: Unable to connect to postgres database on oVirt engine

2020-10-20 Thread Yedidyah Bar David
On Tue, Oct 20, 2020 at 5:25 PM  wrote:
>
> @Didi thanks for your response, we are trying to pull postgres db metrics 
> using collectd agent but while trying to get metrics we are getting below 
> error. We are pulling creds from file 
> '/etc/ovirt-engine/engine.conf.d/10-setup-database.conf'
>
> oVirt engine version 4.3.10
>
> Any thoughts on what else can be the issue than.
>
> Failed to connect to database engine (engine): could not connect to server: 
> Permission denied

Did you try engine-psql.sh as I suggested?

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OMNTX34KQI3M7A5PUMVL7PDES7CY3P7D/


[ovirt-users] Re: Unable to connect to postgres database on oVirt engine

2020-10-20 Thread Yedidyah Bar David
Hi,

Which version of the engine are you using?

On Tue, Oct 20, 2020 at 4:59 PM  wrote:
>
> I am unable to connect to postgres database running on oVirt engine and while 
> troubleshooting found below possible issue.

How do you try to connect?

>
> semanage fcontext -a -t postgresql_exec_t 
> /opt/rh/rh-postgresql10/root/usr/bin/psql
> ValueError: File spec /opt/rh/rh-postgresql10/root/usr/bin/psql conflicts 
> with equivalency rule '/opt/rh/rh-postgresql10/root /'; Try adding 
> '//usr/bin/psql' instead

Why do you think psql needs postgresql_exec_t type?

On my test engine, I have:

$ ls -lZ /opt/rh/rh-postgresql10/root/usr/bin/psql
-rwxr-xr-x. root root system_u:object_r:bin_t:s0
/opt/rh/rh-postgresql10/root/usr/bin/psql

and everything works well. psql is not the PG server/daemon - it's
just a user utility, it does not need access to PG data or anything
like that.

BTW, there is a utility script for running psql against the engine DB,
working in every version (since it was introduced) - e.g.:

/usr/share/ovirt-engine/dbscripts/engine-psql.sh -c 'select * from vms'

Generally speaking, you should not need to modify the DB.

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/CXWJQ6LASZOJJ2JLCDD3O22BXSAQFU2W/


[ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days [newbie & frustrated]

2020-10-20 Thread Yedidyah Bar David
On Mon, Oct 19, 2020 at 6:00 PM  wrote:
>
> I used Cockpit web interface to do the install and I crashed again. I think 
> it did not do the final part of the install. There are no other files such as 
> "engine-side logs"

Did you try to ssh to the engine VM?

Do you see it running on the host?

>
> It keep disconnecting from the Cockpit

Due to env issues (communication etc.)? Or oVirt-specific ones (bugs)?

We do have an open bug about allowing to reconnect to cockpit in such
cases, but it's still NEW for several years now:

https://bugzilla.redhat.com/show_bug.cgi?id=1422544

>
> This is my problem for the last few weeks, it will not complete the install 
> and I have no idea why.

If this is your only problem, I suggest to try and work around it somehow:

Either by running the browser through which you connect to cockpit in
some machine closer (network-wise) to the host you install on (and
connect to that machine from your laptop using means that allow
reconnection, some remote desktop or whatever), or using the command
line tool/guide, which you can/should run inside tmux (and thus easily
reconnect if needed).

Good luck and best regards,

>
> Yours Sincerely,
>
> Henni
>
>
> -Original Message-
> From: Yedidyah Bar David 
> Sent: Monday, 19 October 2020 14:58
> To: i...@worldhostess.com
> Cc: Edward Berger ; users 
> Subject: [ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days [newbie & 
> frustrated]
>
> Hi,
>
> On Fri, Oct 16, 2020 at 4:44 PM  wrote:
> >
> > Another zip file from fresh Centos & Ovirt install
> >
> > The following directories and files are included 1. openvswitch 2.
> > ovirt-hosted-engine-ha 3. ovirt-hosted-engine-setup 4. ovirt-imageio
> > 5. vdsm 6. firewalld
> >
> > https://drive.google.com/file/d/1QXj2eiNYseJvTVwmlDp8qwIWg64t45Sc/view
> > ?usp=sharing
>
> Thanks.
>
> It's still the same problem ("Check engine VM health" failed) and the zip 
> still does not include engine-side logs (either from the engine vm itself or 
> from subdirs of /var/log/ovirt-hosted-engine-setup). Please check/share these.
>
> Also, the files' timestamps are not kept, so 'ls -ltr' does not show them in 
> the correct order. Is there a problem with simply using 'tar' as I suggested?
>
> Thanks and best regards,
> --
> Didi
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: 
> https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/OSV5JYVZTMAJJ7L4O4XHAIBWDL5VKZNP/
>


-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GNHTNCLXXXQMYMDR657QEXDCOIYGZKQ2/


[ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days [newbie & frustrated]

2020-10-19 Thread Yedidyah Bar David
Hi,

On Fri, Oct 16, 2020 at 4:44 PM  wrote:
>
> Another zip file from fresh Centos & Ovirt install
>
> The following directories and files are included
> 1. openvswitch
> 2. ovirt-hosted-engine-ha
> 3. ovirt-hosted-engine-setup
> 4. ovirt-imageio
> 5. vdsm
> 6. firewalld
>
> https://drive.google.com/file/d/1QXj2eiNYseJvTVwmlDp8qwIWg64t45Sc/view?usp=sharing

Thanks.

It's still the same problem ("Check engine VM health" failed) and the zip
still does not include engine-side logs (either from the engine vm itself
or from subdirs of /var/log/ovirt-hosted-engine-setup). Please check/share
these.

Also, the files' timestamps are not kept, so 'ls -ltr' does not show them
in the correct order. Is there a problem with simply using 'tar' as I suggested?

Thanks and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OSV5JYVZTMAJJ7L4O4XHAIBWDL5VKZNP/


[ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days [newbie & frustrated]

2020-10-15 Thread Yedidyah Bar David
On Thu, Oct 15, 2020 at 2:06 PM  wrote:
>
> Sorry, did not share it with world, try now it should work
>
> https://drive.google.com/drive/folders/1XpbBqogokvkRgX0INfXVd7FtPuoL5P1m?usp=sharing

This only includes the files directly in that directory, not in sub-directories.
Can you please share all of it? To do this with zip instead of tar,
you can pass '-r'.

The current logs do not reveal more than you already shared before.

Also, in case the newest engine-logs-* directory there is empty, you can try
connecting to the engine vm (you can find its temporary IP address in the logs
by searching for 'local_vm_ip') with ssh as root and the password you supplied,
and then check there /var/log/ovirt-engine. If possible, please share
it as well.

Thanks and best regards,

>
>
> Yours Sincerely,
>
> Henni
>
>
> -Original Message-
> From: Yedidyah Bar David 
> Sent: Thursday, 15 October 2020 18:37
> To: i...@worldhostess.com
> Cc: Edward Berger ; users 
> Subject: [ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days [newbie & 
> frustrated]
>
> On Thu, Oct 15, 2020 at 1:34 PM  wrote:
> >
> > A zip file with my ovirt-hosted-engine-setup logs -- hope someone can tell 
> > me what I am doing wrong.
> >
> > https://drive.google.com/file/d/1Y6_3kV7L2W-37-sgyA5EQ_v7NHyQ5zR2/view
> > ?usp=sharing
>
> I get "Access Denied" for the above link.
>
> Best regards,
>
> >
> > Yours Sincerely,
> >
> > Henni
> >
> >
> > -Original Message-
> > From: Yedidyah Bar David 
> > Sent: Tuesday, 13 October 2020 16:42
> > To: i...@worldhostess.com
> > Cc: Edward Berger ; users 
> > Subject: [ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days
> > [newbie & frustrated]
> >
> > Please share all of /var/log/ovirt-hosted-engine-setup:
> >
> > cd /var/log/
> > tar czf ovirt-hosted-engine-setup.tar.gz ovirt-hosted-engine-setup
> >
> > Then upload ovirt-hosted-engine-setup.tar.gz to some file sharing service 
> > (e.g. dropbox, google drive etc.) and share the link.
> >
> > Thanks!
> >
> > On Tue, Oct 13, 2020 at 10:56 AM  wrote:
> > >
> > > Hope this can help. It seems it crash every time when I install.
> > --
> > Didi
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org Privacy
> > Statement: https://www.ovirt.org/privacy-policy.html
> > oVirt Code of Conduct:
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/6OQZM2KY
> > HQ622XUBYCTVZLQZ4AGLKT2R/
> >
>
>
> --
> Didi
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: 
> https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/TCVP6FE2MRENFGNAPHKE2CBZJHAKYEQ5/
>


-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5QPI5H72Y4UMRBJ2SW4A5HMPJ3X5HRE2/


[ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days [newbie & frustrated]

2020-10-15 Thread Yedidyah Bar David
On Thu, Oct 15, 2020 at 1:34 PM  wrote:
>
> A zip file with my ovirt-hosted-engine-setup logs -- hope someone can tell me 
> what I am doing wrong.
>
> https://drive.google.com/file/d/1Y6_3kV7L2W-37-sgyA5EQ_v7NHyQ5zR2/view?usp=sharing

I get "Access Denied" for the above link.

Best regards,

>
> Yours Sincerely,
>
> Henni
>
>
> -----Original Message-
> From: Yedidyah Bar David 
> Sent: Tuesday, 13 October 2020 16:42
> To: i...@worldhostess.com
> Cc: Edward Berger ; users 
> Subject: [ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days [newbie & 
> frustrated]
>
> Please share all of /var/log/ovirt-hosted-engine-setup:
>
> cd /var/log/
> tar czf ovirt-hosted-engine-setup.tar.gz ovirt-hosted-engine-setup
>
> Then upload ovirt-hosted-engine-setup.tar.gz to some file sharing service 
> (e.g. dropbox, google drive etc.) and share the link.
>
> Thanks!
>
> On Tue, Oct 13, 2020 at 10:56 AM  wrote:
> >
> > Hope this can help. It seems it crash every time when I install.
> --
> Didi
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: 
> https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/6OQZM2KYHQ622XUBYCTVZLQZ4AGLKT2R/
>


-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TCVP6FE2MRENFGNAPHKE2CBZJHAKYEQ5/


[ovirt-users] Re: oVirt 4.4.2.6-1.el8 (SHE). Grafana integration not configured. The link to the Monitoring portal is not displayed on the Manager home page.

2020-10-15 Thread Yedidyah Bar David
On Tue, Oct 13, 2020 at 5:22 PM Dmitry Kharlamov  wrote:
>
> Many thanks, Didi, Gianluca!
>
> Via Invite + usern...@ad.domain.name Everything worked out! )))
>
> Is it possible to use a file /etc/grafana/ldap.toml for configure 
> authentication in the Active Directory?

I have no idea, sorry.

I think this won't work. Grafana is not configured to use ldap
directly, but to use SSO against the engine.
If you configure the engine to use ldap, you get "indirect ldap
support" also in grafana.

If you want separate/different ldap configuration of grafana and the
engine, I think nothing prevents you from doing that - see also [1],
might be relevant/needed - but then SSO with the engine won't work
(but other SSO might work if you configure stuff so - e.g. kerberos -
didn't check grafan's support for that, though).

To do that, you'll need to configure ldap.toml as you mention, and
also set 'enabled = true', which might be overwritten on future
engine-setup runs (e.g. for ugprades), until [1] is fixed (and then
it's also still not clear what we'll do on upgrades from current to
post-[1]. Feel free to comment there if you have concrete ideas).

Best regards,

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1835177 depends on
https://bugzilla.redhat.com/show_bug.cgi?id=1835168 depends on
https://github.com/grafana/grafana/issues/17653
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/24K67VDS5PN23HEYZKY6Q445ZGKGXGYI/


[ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days [newbie & frustrated]

2020-10-14 Thread Yedidyah Bar David
On Wed, Oct 14, 2020 at 11:09 AM Yedidyah Bar David  wrote:
>
> On Tue, Oct 13, 2020 at 6:07 PM  wrote:
> >
> > I hope it is not too forward of me to only send it to you.
>
> It's not about being "too forward" or not.
>
> oVirt's support is intentionally on a public mailing list, so that:
>
> 1. Everyone can (try to) help. And many do, including people outside
> of Red Hat (which funds (almost?) all of the development). And I'll use
> this opportunity to say to all those that take a part: Thank you! :-)
>
> 2. Everyone can learn, also after the case, by searching the list archive.
>
> I think almost all large/successful open-source projects follow similar
> practices, largely for the same reasons.
>
> This does have a price - people that want to get help, do have to pick
> one of:
>
> 1. Give up on (part of) their privacy/secrecy, by revealing domain names,
> IP addresses, etc. publicly

Just one (important) note: This should not include passwords, secret keys,
etc.

I obviously recommend to verify that any logs or data you share publicly
does not include these.

If log files include them, we (usually?) consider this a bug. If you find
one, please report it. Thanks!

Best regards,

>
> 2. Reproduce all issues on a test system with random domain names and
> private IP addresses
>
> 3. Replace all occurrences of sensitive/private items in the logs they
> share
>
> 4. Find someone that agrees to help them in private, see e.g.:
>
> https://www.ovirt.org/community/user-stories/users-and-providers.html
>
> Since your specific issue is installation-related, and you still have
> no data, I think it would be reasonable to assume that it's not too hard
> for you to reproduce the issue with different names/addresses and
> share the log (meaning, pick (2.) above).
>
> Best regards,
>
> >
> > Yours Sincerely,
> >
> > Henni
> >
> >
> > -Original Message-
> > From: Yedidyah Bar David 
> > Sent: Tuesday, 13 October 2020 16:42
> > To: i...@worldhostess.com
> > Cc: Edward Berger ; users 
> > Subject: [ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days [newbie & 
> > frustrated]
> >
> > Please share all of /var/log/ovirt-hosted-engine-setup:
> >
> > cd /var/log/
> > tar czf ovirt-hosted-engine-setup.tar.gz ovirt-hosted-engine-setup
> >
> > Then upload ovirt-hosted-engine-setup.tar.gz to some file sharing service 
> > (e.g. dropbox, google drive etc.) and share the link.
> >
> > Thanks!
> >
> > On Tue, Oct 13, 2020 at 10:56 AM  wrote:
> > >
> > > Hope this can help. It seems it crash every time when I install.
> > --
> > Didi
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: 
> > https://www.ovirt.org/privacy-policy.html
> > oVirt Code of Conduct: 
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives: 
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/6OQZM2KYHQ622XUBYCTVZLQZ4AGLKT2R/
> >
>
>
> --
> Didi



-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OGHRSFIWOOIFDECBTLOEIYRHLDJY26BS/


[ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days [newbie & frustrated]

2020-10-14 Thread Yedidyah Bar David
On Tue, Oct 13, 2020 at 6:07 PM  wrote:
>
> I hope it is not too forward of me to only send it to you.

It's not about being "too forward" or not.

oVirt's support is intentionally on a public mailing list, so that:

1. Everyone can (try to) help. And many do, including people outside
of Red Hat (which funds (almost?) all of the development). And I'll use
this opportunity to say to all those that take a part: Thank you! :-)

2. Everyone can learn, also after the case, by searching the list archive.

I think almost all large/successful open-source projects follow similar
practices, largely for the same reasons.

This does have a price - people that want to get help, do have to pick
one of:

1. Give up on (part of) their privacy/secrecy, by revealing domain names,
IP addresses, etc. publicly

2. Reproduce all issues on a test system with random domain names and
private IP addresses

3. Replace all occurrences of sensitive/private items in the logs they
share

4. Find someone that agrees to help them in private, see e.g.:

https://www.ovirt.org/community/user-stories/users-and-providers.html

Since your specific issue is installation-related, and you still have
no data, I think it would be reasonable to assume that it's not too hard
for you to reproduce the issue with different names/addresses and
share the log (meaning, pick (2.) above).

Best regards,

>
> Yours Sincerely,
>
> Henni
>
>
> -Original Message-
> From: Yedidyah Bar David 
> Sent: Tuesday, 13 October 2020 16:42
> To: i...@worldhostess.com
> Cc: Edward Berger ; users 
> Subject: [ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days [newbie & 
> frustrated]
>
> Please share all of /var/log/ovirt-hosted-engine-setup:
>
> cd /var/log/
> tar czf ovirt-hosted-engine-setup.tar.gz ovirt-hosted-engine-setup
>
> Then upload ovirt-hosted-engine-setup.tar.gz to some file sharing service 
> (e.g. dropbox, google drive etc.) and share the link.
>
> Thanks!
>
> On Tue, Oct 13, 2020 at 10:56 AM  wrote:
> >
> > Hope this can help. It seems it crash every time when I install.
> --
> Didi
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: 
> https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/6OQZM2KYHQ622XUBYCTVZLQZ4AGLKT2R/
>


-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/4FRNLBM7HRFQ7HD4KRGNIGXZSPGHV6PN/


[ovirt-users] Re: oVirt 4.4.2.6-1.el8 (SHE). Grafana integration not configured. The link to the Monitoring portal is not displayed on the Manager home page.

2020-10-13 Thread Yedidyah Bar David
On Tue, Oct 13, 2020 at 3:48 PM Dmitry Kharlamov  wrote:
>
> Good afternoon, Lucie! Thanks for the info.
>
> After reinstalling engine with --reconfigure-optional-components Grafana is 
> work and link to Monitoring portal present on home page.
> SSO works the same way, but only for Internal users. Users ActiveDirectory 
> cannot enter the Monitoring Portal - "Invalid User or Password".

This is, for now, by design. You have to invite them, and then SSO
works. See also:

https://bugzilla.redhat.com/show_bug.cgi?id=1846256

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/U35P6NFZ57ZFVTQUQ54M7FIOX76WRSE4/


[ovirt-users] Re: Upgrade from ovirt-node-ng 4.4.1 to 4.4.2 fails with "Local storage domains were found on the same filesystem as / ! Please migrate the data to a new LV before upgrading, or you will

2020-10-13 Thread Yedidyah Bar David
On Tue, Oct 13, 2020 at 1:11 PM Yedidyah Bar David  wrote:
>
> On Thu, Oct 8, 2020 at 1:01 PM gantonjo-ovirt--- via Users
>  wrote:
> >
> > So, we have a cluster of 3 servers running oVirt Node 4.4.1. Now we are 
> > attempting to upgrade it to latest version, 4.4.2, but it fails as shown 
> > below. Problem is that the Storage domains listed are all located on an 
> > external iSCSI SAN. The Storage Domains were created in another cluster we 
> > had (oVirt Node 4.3 based) and detached from the old cluster and imported 
> > successfully into the new cluster through the oVirt Management interface. 
> > As I understand, oVirt itself has created the mount points under 
> > /rhev/data-center/mnt/blockSD/ for each of the iSCSI domains, and as such 
> > they are not really storaged domains on the / filesystem.
> >
> > I do believe the solution to the mentioned BugZilla bug has caused a new 
> > bug, but I may be wrong. I cannot see what we have done wrong when 
> > importing these storage domains to the cluster (well, actually, some were 
> > freshly created in this cluster, thus fully managed by oVirt 4.4 manager 
> > interface).
>
> This is likely caused by the fix for:
> https://bugzilla.redhat.com/show_bug.cgi?id=1850378 .
>
> Adding Nir.
>
> >
> > What can we do to proceed in upgrading the hosts to latest oVirt Node?
>
> Right now, without another fix? Make sure that the following command:
>
> find / -xdev -path "*/dom_md/metadata" -not -empty
>
> Returns an empty output.
>
> You might need to move the host to maintenance and then manually
> umount your SDs, or something like that.
>
> Please open a bug so that we can refine this command further.

Nir (Levy) - perhaps we should change this command to something like:

find / -xdev -path "*/dom_md/metadata" -not -empty -not -type l

>
> Thanks and best regards,
>
> >
> > Dependencies resolved.
> > =
> >  Package
> >Architecture 
> >  Version
> >   Repository
> > Size
> > =
> > Upgrading:
> >  ovirt-node-ng-image-update 
> >noarch   
> >  4.4.2-1.el8
> >   ovirt-4.4 
> >782 M
> >  replacing  ovirt-node-ng-image-update-placeholder.noarch 4.4.1.5-1.el8
> >
> > Transaction Summary
> > =
> > Upgrade  1 Package
> >
> > Total download size: 782 M
> > Is this ok [y/N]: y
> > Downloading Packages:
> > ovirt-node-ng-image-update-4.4.2-1.el8.noarch.rpm   
> > 
> > 
> >  8.6 MB/s | 782 MB  
> >01:31
> > -
> > Total   
> >   

[ovirt-users] Re: Upgrade from ovirt-node-ng 4.4.1 to 4.4.2 fails with "Local storage domains were found on the same filesystem as / ! Please migrate the data to a new LV before upgrading, or you will

2020-10-13 Thread Yedidyah Bar David
On Thu, Oct 8, 2020 at 1:01 PM gantonjo-ovirt--- via Users
 wrote:
>
> So, we have a cluster of 3 servers running oVirt Node 4.4.1. Now we are 
> attempting to upgrade it to latest version, 4.4.2, but it fails as shown 
> below. Problem is that the Storage domains listed are all located on an 
> external iSCSI SAN. The Storage Domains were created in another cluster we 
> had (oVirt Node 4.3 based) and detached from the old cluster and imported 
> successfully into the new cluster through the oVirt Management interface. As 
> I understand, oVirt itself has created the mount points under 
> /rhev/data-center/mnt/blockSD/ for each of the iSCSI domains, and as such 
> they are not really storaged domains on the / filesystem.
>
> I do believe the solution to the mentioned BugZilla bug has caused a new bug, 
> but I may be wrong. I cannot see what we have done wrong when importing these 
> storage domains to the cluster (well, actually, some were freshly created in 
> this cluster, thus fully managed by oVirt 4.4 manager interface).

This is likely caused by the fix for:
https://bugzilla.redhat.com/show_bug.cgi?id=1850378 .

Adding Nir.

>
> What can we do to proceed in upgrading the hosts to latest oVirt Node?

Right now, without another fix? Make sure that the following command:

find / -xdev -path "*/dom_md/metadata" -not -empty

Returns an empty output.

You might need to move the host to maintenance and then manually
umount your SDs, or something like that.

Please open a bug so that we can refine this command further.

Thanks and best regards,

>
> Dependencies resolved.
> =
>  Package  
>  Architecture 
>  Version  
> Repository
> Size
> =
> Upgrading:
>  ovirt-node-ng-image-update   
>  noarch   
>  4.4.2-1.el8  
> ovirt-4.4
> 782 M
>  replacing  ovirt-node-ng-image-update-placeholder.noarch 4.4.1.5-1.el8
>
> Transaction Summary
> =
> Upgrade  1 Package
>
> Total download size: 782 M
> Is this ok [y/N]: y
> Downloading Packages:
> ovirt-node-ng-image-update-4.4.2-1.el8.noarch.rpm 
>   
>   
>8.6 MB/s | 782 MB 01:31
> -
> Total 
>   
>   
>8.6 MB/s | 782 MB 01:31
> Running transaction check
> Transaction check succeeded.
> Running transaction test
> Transaction test succeeded.
> Running transaction
>   Preparing:  
>   
>   
>   
>  1/1
>   Running scriptlet: ovirt-node-ng-image-update-4.4.2-1.el8.noarch
>  

[ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days [newbie & frustrated]

2020-10-13 Thread Yedidyah Bar David
Please share all of /var/log/ovirt-hosted-engine-setup:

cd /var/log/
tar czf ovirt-hosted-engine-setup.tar.gz ovirt-hosted-engine-setup

Then upload ovirt-hosted-engine-setup.tar.gz to some file sharing
service (e.g. dropbox, google drive etc.) and share the link.

Thanks!

On Tue, Oct 13, 2020 at 10:56 AM  wrote:
>
> Hope this can help. It seems it crash every time when I install.
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/6OQZM2KYHQ622XUBYCTVZLQZ4AGLKT2R/


[ovirt-users] Re: 20+ Fresh Installs Failing in 20+ days [newbie & frustrated]

2020-10-13 Thread Yedidyah Bar David
Hi,

Please share all of /var/log/ovirt-hosted-engine-setup.

The last point in the logs you attached is in task 'Check engine VM health'.
This runs a loop of 'hosted-engine --vm-status --json' but did not
finish (yet?).

Thanks and best regards,

On Tue, Oct 13, 2020 at 5:35 AM  wrote:
>
> Hope this can help, not sure which files are best the last part of 
> “ovirt-hosted-engine-setup-ansible-bootstrap_local_vm-“
>
>
>
> 2020-10-12 15:05:40,126+0200 INFO ansible task start {'status': 'OK', 
> 'ansible_type': 'task', 'ansible_playbook': 
> '/usr/share/ovirt-hosted-engine-setup/ansible/trigger_role.yml', 
> 'ansible_task': 'ovirt.hosted_engine_setup : Generate the error message from 
> the engine events'}
>
> 2020-10-12 15:05:40,126+0200 DEBUG ansible on_any args TASK: 
> ovirt.hosted_engine_setup : Generate the error message from the engine events 
> kwargs is_conditional:False
>
> 2020-10-12 15:05:40,126+0200 DEBUG ansible on_any args localhostTASK: 
> ovirt.hosted_engine_setup : Generate the error message from the engine events 
> kwargs
>
> 2020-10-12 15:05:41,045+0200 INFO ansible skipped {'status': 'SKIPPED', 
> 'ansible_type': 'task', 'ansible_playbook': 
> '/usr/share/ovirt-hosted-engine-setup/ansible/trigger_role.yml', 
> 'ansible_task': 'Generate the error message from the engine events', 
> 'ansible_host': 'localhost'}
>
> 2020-10-12 15:05:41,045+0200 DEBUG ansible on_any args 
>  kwargs
>
> 2020-10-12 15:05:41,991+0200 INFO ansible task start {'status': 'OK', 
> 'ansible_type': 'task', 'ansible_playbook': 
> '/usr/share/ovirt-hosted-engine-setup/ansible/trigger_role.yml', 
> 'ansible_task': 'ovirt.hosted_engine_setup : Fail with error description'}
>
> 2020-10-12 15:05:41,992+0200 DEBUG ansible on_any args TASK: 
> ovirt.hosted_engine_setup : Fail with error description kwargs 
> is_conditional:False
>
> 2020-10-12 15:05:41,992+0200 DEBUG ansible on_any args localhostTASK: 
> ovirt.hosted_engine_setup : Fail with error description kwargs
>
> 2020-10-12 15:05:42,917+0200 INFO ansible skipped {'status': 'SKIPPED', 
> 'ansible_type': 'task', 'ansible_playbook': 
> '/usr/share/ovirt-hosted-engine-setup/ansible/trigger_role.yml', 
> 'ansible_task': 'Fail with error description', 'ansible_host': 'localhost'}
>
> 2020-10-12 15:05:42,917+0200 DEBUG ansible on_any args 
>  kwargs
>
> 2020-10-12 15:05:43,865+0200 INFO ansible task start {'status': 'OK', 
> 'ansible_type': 'task', 'ansible_playbook': 
> '/usr/share/ovirt-hosted-engine-setup/ansible/trigger_role.yml', 
> 'ansible_task': 'ovirt.hosted_engine_setup : Fail with generic error'}
>
> 2020-10-12 15:05:43,865+0200 DEBUG ansible on_any args TASK: 
> ovirt.hosted_engine_setup : Fail with generic error kwargs 
> is_conditional:False
>
> 2020-10-12 15:05:43,865+0200 DEBUG ansible on_any args localhostTASK: 
> ovirt.hosted_engine_setup : Fail with generic error kwargs
>
> 2020-10-12 15:05:44,780+0200 INFO ansible skipped {'status': 'SKIPPED', 
> 'ansible_type': 'task', 'ansible_playbook': 
> '/usr/share/ovirt-hosted-engine-setup/ansible/trigger_role.yml', 
> 'ansible_task': 'Fail with generic error', 'ansible_host': 'localhost'}
>
> 2020-10-12 15:05:44,781+0200 DEBUG ansible on_any args 
>  kwargs
>
> 2020-10-12 15:05:44,782+0200 INFO ansible stats {
>
> "ansible_playbook": 
> "/usr/share/ovirt-hosted-engine-setup/ansible/trigger_role.yml",
>
> "ansible_playbook_duration": "13:34 Minutes",
>
> "ansible_result": "type: \nstr: {'localhost': {'ok': 224, 
> 'failures': 0, 'unreachable': 0, 'changed': 73, 'skipped': 102, 'rescued': 0, 
> 'ignored': 1}}",
>
> "ansible_type": "finish",
>
> "status": "FAILED"
>
> }
>
> 2020-10-12 15:05:44,782+0200 INFO SUMMARY:
>
> Duration  Task Name
>
>   
>
> [ < 1 sec ] Execute just a specific set of steps
>
> [  00:01  ] Force facts gathering
>
> [  00:02  ] Install oVirt Hosted Engine packages
>
> [ < 1 sec ] System configuration validations
>
> [ < 1 sec ] Detecting interface on existing management bridge
>
> [ < 1 sec ] Generate output list
>
> [ < 1 sec ] Collect interface types
>
> [ < 1 sec ] Get list of Team devices
>
> [ < 1 sec ] Filter unsupported interface types
>
> [ < 1 sec ] Prepare getent key
>
> [ < 1 sec ] Get full hostname
>
> [ < 1 sec ] Get host address resolution
>
> [ < 1 sec ] Parse host address resolution
>
> [ < 1 sec ] Get target address from selected interface (IPv4)
>
> [ < 1 sec ] Get target address from selected interface (IPv6)
>
> [ < 1 sec ] Check for alias
>
> [ < 1 sec ] Filter resolved address list
>
> [ < 1 sec ] Get engine FQDN resolution
>
> [ < 1 sec ] Parse engine he_fqdn resolution
>
> [ < 1 sec ] Define he_cloud_init_host_name
>
> [ < 1 sec ] Get uuid
>
> [ < 1 sec ] Set he_vm_uuid
>
> [ < 1 sec ] Get uuid
>
> [ < 1 sec ] Set he_nic_uuid
>
> [ < 1 sec ] Get uuid
>
> [ < 1 sec ] Set he_cdrom_uuid
>
> [ < 1 sec ] get timezone
>

[ovirt-users] Re: Upgrade oVirt Host from 4.4.0 to 4.4.2 fails

2020-10-12 Thread Yedidyah Bar David
On Sat, Oct 3, 2020 at 1:04 AM Erez Zarum  wrote:
>
> Seems the problem, atleast part of it (because still, it doesn't get to the 
> part of creating the imgbase layer) is related to the /tmp/yum_updates file.
> /usr/share/ovirt-engine/ansible-runner-service-project/project/roles/ovirt-host-check-upgrade/tasks/main.yml
> yum check-update -q | cut -d ' ' -f1 | sed '/^$/d' >> /tmp/yum_updates
> For some reason it also lists those packages:
> gluster-ansible-cluster.src
> gluster-ansible-infra.src
> gluster-ansible-maintenance.src
> gluster-ansible-roles.src
>
> Which do not exists, those are source RPMs, so the ansible playbook for the 
> host upgrade fails.
>
> I did a quick workaround and added an "egrep -v src"
> yum check-update -q | egrep -v src | cut -d ' ' -f1 | sed '/^$/d' >> 
> /tmp/yum_updates
>
> So now the ansible-playbook doesn't fail, it does says the upgrade was 
> successful the host reboots, but it doesn't get upgraded.
>
> Also, i noticed that the playbook does make sure that the dnf cache is up to 
> date (update_cache is set to true) when first checking the ovirt-host 
> package, but it also does this for every single package in the task after, so 
> there's no need for update_cache there.

This is tracked in: https://bugzilla.redhat.com/show_bug.cgi?id=1880962

>
> As a workaround to upgrade to 4.4.2 i have to reinstall every host with oVirt 
> node 4.4.2 as it seems the upgrade process is broken.

Adding Dana.

Would you like to open a bug about this? Not sure about the exact flow
- I guess it's not strictly about having src packages but about having
packages that are not re-installable (meaning, you installed them not
from a repo, or removed the repo after installation, or they were
removed from their repo, etc.).

Thanks and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/LXPVLJWZCCZQHQ4VUPFBKDPXNVDEQOM5/


[ovirt-users] Re: ovirt broker how to modify network_test dns ip address?

2020-10-11 Thread Yedidyah Bar David
On Thu, Sep 24, 2020 at 6:11 PM wodel youchi  wrote:
>
> Hi,
>
> How to modify the ip address of the DNS server used by ovirt-broker for 
> testing?

AFAICT it simply runs 'dig' against your local machine conf - usually
/etc/resolv.conf .

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/4RNBP2DUADXNYCRIJR7HVA36BROMCSZX/


[ovirt-users] Re: Latest ManagedBlockDevice documentation

2020-10-11 Thread Yedidyah Bar David
On Wed, Sep 30, 2020 at 4:43 PM Benny Zlotnik  wrote:
>
> Not sure about this, adding +Yedidyah Bar David
>
> On Wed, Sep 30, 2020 at 3:04 PM Michael Thomas  wrote:
> >
> > I hadn't installed the necessary packages when the engine was first
> > installed.
> >
> > However, running 'engine-setup --reconfigure-optional-components'
> > doesn't work at the moment because (by design) my engine does not have a
> > network route outside of the cluster.  It fails with:
> >
> > [ INFO  ] DNF Errors during downloading metadata for repository 'AppStream':
> > - Curl error (7): Couldn't connect to server for
> > http://mirrorlist.centos.org/?release=8=x86_64=AppStream=$infra
> > [Failed to connect to mirrorlist.centos.org port 80: Network is unreachable]
> > [ ERROR ] DNF Failed to download metadata for repo 'AppStream': Cannot
> > prepare internal mirrorlist: Curl error (7): Couldn't connect to server
> > for
> > http://mirrorlist.centos.org/?release=8=x86_64=AppStream=$infra
> > [Failed to connect to mirrorlist.centos.org port 80: Network is unreachable]
> >
> >
> > I have a proxy set in the engine's /etc/dnf/dnf.conf, but it doesn't
> > seem to be obeyed when running engine-setup.  Is there another way that
> > I can get engine-setup to use a proxy?

I am not sure, it's been a long time since I tried that.

Feel free to file a bug.

You can also try setting env var 'http_proxy' for engine-setup, e.g.:

http_proxy=MY_PROXY_URL engine-setup --reconfigure-optional-components

Alternatively, you can also add '--offline' to engine-setup cmd, and then it
won't do any package management (not try to update, check for updates, etc.).

Best regards,

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1392312

> >
> > --Mike
> >
> >
> > On 9/30/20 2:19 AM, Benny Zlotnik wrote:
> > > When you ran `engine-setup` did you enable cinderlib preview (it will
> > > not be enabled by default)?
> > > It should handle the creation of the database automatically, if you
> > > didn't you can enable it by running:
> > > `engine-setup --reconfigure-optional-components`
> > >
> > >
> > > On Wed, Sep 30, 2020 at 1:58 AM Michael Thomas  wrote:
> > >>
> > >> Hi Benny,
> > >>
> > >> Thanks for the confirmation.  I've installed openstack-ussuri and ceph
> > >> Octopus.  Then I tried using these instructions, as well as the deep
> > >> dive that Eyal has posted at https://www.youtube.com/watch?v=F3JttBkjsX8.
> > >>
> > >> I've done this a couple of times, and each time the engine fails when I
> > >> try to add the new managed block storage domain.  The error on the
> > >> screen indicates that it can't connect to the cinder database.  The
> > >> error in the engine log is:
> > >>
> > >> 2020-09-29 17:02:11,859-05 WARN
> > >> [org.ovirt.engine.core.bll.storage.domain.AddManagedBlockStorageDomainCommand]
> > >> (default task-2) [d519088c-7956-4078-b5cf-156e5b3f1e59] Validation of
> > >> action 'AddManagedBlockStorageDomain' failed for user
> > >> admin@internal-authz. Reasons:
> > >> VAR__TYPE__STORAGE__DOMAIN,VAR__ACTION__ADD,ACTION_TYPE_FAILED_CINDERLIB_DATA_BASE_REQUIRED,ACTION_TYPE_FAILED_CINDERLIB_DATA_BASE_REQUIRED
> > >>
> > >> I had created the db on the engine with this command:
> > >>
> > >> su - postgres -c "psql -d template1 -c \"create database cinder owner
> > >> engine template template0 encoding 'UTF8' lc_collate 'en_US.UTF-8'
> > >> lc_ctype 'en_US.UTF-8';\""
> > >>
> > >> ...and added the following to the end of /var/lib/pgsql/data/pg_hba.conf:
> > >>
> > >>   hostcinder  engine  ::0/0   md5
> > >>   hostcinder  engine  0.0.0.0/0   md5
> > >>
> > >> Is there anywhere else I should look to find out what may have gone 
> > >> wrong?
> > >>
> > >> --Mike
> > >>
> > >> On 9/29/20 3:34 PM, Benny Zlotnik wrote:
> > >>> The feature is currently in tech preview, but it's being worked on.
> > >>> The feature page is outdated,  but I believe this is what most users
> > >>> in the mailing list were using. We held off on updating it because the
> > >>> installation instructions have been a moving target, but it is more
> > >>> stable now and I will update it soon.
> > >>>
> &

[ovirt-users] Re: Adding host fails with Ansible host-deploy role: Internal server error.

2020-09-24 Thread Yedidyah Bar David
On Thu, Sep 24, 2020 at 11:24 AM Andrey Andrey via Users
 wrote:
>
> Hello!
> Updated host engine to version 4.4.2. I am trying to add a new host and I get 
> the Host node2.kvm.test.s1.eirc installation failed error. Failed to execute 
> Ansible host-deploy role: Internal server error. Please check logs for more 
> details: /var/log/ovirt-engine/ansible-runner-service.log.
>
> Also updated Hosted Engine to version 4.4.3.3-1.el8, I get the same error.
>
> Only old entries are in the logs. New does not appear

Seems like an selinux issue.

I am pretty certain I saw another similar report recently but can't
find it right now.

Addin Martin.

Thanks and best regards,

>
> [root@admin ovirt-engine]# tail 
> /var/log/ovirt-engine/ansible-runner-service.log
> 2020-09-22 18:02:13,943 - runner_service.controllers.jobs - INFO - 127.0.0.1 
> - GET /api/v1/jobs/8e369e4c-fce4-11ea-b893-00163e4843d7/events
> 2020-09-22 18:02:13,943 - runner_service.controllers.jobs - INFO - 127.0.0.1 
> - GET /api/v1/jobs/8e3cba7a-fce4-11ea-b893-00163e4843d7/events
> 2020-09-22 18:02:13,944 - runner_service.services.jobs - DEBUG - Job events 
> for play 8e369e4c-fce4-11ea-b893-00163e4843d7: 25
> 2020-09-22 18:02:13,944 - runner_service.services.jobs - DEBUG - Job events 
> for play 8e3cba7a-fce4-11ea-b893-00163e4843d7: 25
> 2020-09-22 18:02:13,944 - runner_service.services.jobs - DEBUG - Active 
> filter is :{}
> 2020-09-22 18:02:13,944 - runner_service.services.jobs - DEBUG - Active 
> filter is :{}
> 2020-09-22 18:02:13,948 - runner_service.controllers.jobs - DEBUG - Request 
> received, content-type :None
> 2020-09-22 18:02:13,949 - runner_service.controllers.jobs - INFO - 127.0.0.1 
> - GET /api/v1/jobs/8e369e4c-fce4-11ea-b893-00163e4843d7/events
> 2020-09-22 18:02:13,949 - runner_service.services.jobs - DEBUG - Job events 
> for play 8e369e4c-fce4-11ea-b893-00163e4843d7: 25
> 2020-09-22 18:02:13,949 - runner_service.services.jobs - DEBUG - Active 
> filter is :{}
>
>
>
> In file /var/log/ovirt-engine/engine.log
>
> 2020-09-24 10:36:36,645+03 INFO  
> [org.ovirt.engine.core.bll.hostdeploy.AddVdsCommand] (default task-23) 
> [de214fcc-31fc-464c-8ac1-6e111889cd20] Running command: AddVdsCommand 
> internal: false. Entities affected :  ID: 
> 8e827912-a0ef-11ea-826c-00163e4843d7 Type: ClusterAction group CREATE_HOST 
> with role type ADMIN
> 2020-09-24 10:36:36,666+03 INFO  
> [org.ovirt.engine.core.bll.AddVdsSpmIdCommand] (default task-23) [7b77f4da] 
> Before acquiring and wait lock 
> 'EngineLock:{exclusiveLocks='[8e7c3f2a-a0ef-11ea-971b-00163e4843d7=REGISTER_VDS]',
>  sharedLocks=''}'
> 2020-09-24 10:36:36,666+03 INFO  
> [org.ovirt.engine.core.bll.AddVdsSpmIdCommand] (default task-23) [7b77f4da] 
> Lock-wait acquired to object 
> 'EngineLock:{exclusiveLocks='[8e7c3f2a-a0ef-11ea-971b-00163e4843d7=REGISTER_VDS]',
>  sharedLocks=''}'
> 2020-09-24 10:36:36,667+03 INFO  
> [org.ovirt.engine.core.bll.AddVdsSpmIdCommand] (default task-23) [7b77f4da] 
> Running command: AddVdsSpmIdCommand internal: true. Entities affected :  ID: 
> 3a5cbd19-82b7-41ce-870b-5b65184934c9 Type: VDS
> 2020-09-24 10:36:36,674+03 INFO  
> [org.ovirt.engine.core.bll.AddVdsSpmIdCommand] (default task-23) [7b77f4da] 
> Lock freed to object 
> 'EngineLock:{exclusiveLocks='[8e7c3f2a-a0ef-11ea-971b-00163e4843d7=REGISTER_VDS]',
>  sharedLocks=''}'
> 2020-09-24 10:36:36,678+03 INFO  
> [org.ovirt.engine.core.vdsbroker.RemoveVdsVDSCommand] (default task-23) 
> [7b77f4da] START, RemoveVdsVDSCommand(HostName = node2.kvm.test.s1.eirc, 
> RemoveVdsVDSCommandParameters:{hostId='3a5cbd19-82b7-41ce-870b-5b65184934c9'}),
>  log id: 7b990f6d
> 2020-09-24 10:36:36,678+03 INFO  
> [org.ovirt.engine.core.vdsbroker.RemoveVdsVDSCommand] (default task-23) 
> [7b77f4da] FINISH, RemoveVdsVDSCommand, return: , log id: 7b990f6d
> 2020-09-24 10:36:36,680+03 INFO  
> [org.ovirt.engine.core.vdsbroker.AddVdsVDSCommand] (default task-23) 
> [7b77f4da] START, AddVdsVDSCommand(HostName = node2.kvm.test.s1.eirc, 
> AddVdsVDSCommandParameters:{hostId='3a5cbd19-82b7-41ce-870b-5b65184934c9'}), 
> log id: 20f7b449
> 2020-09-24 10:36:36,682+03 INFO  
> [org.ovirt.engine.core.vdsbroker.AddVdsVDSCommand] (default task-23) 
> [7b77f4da] AddVds - entered , starting logic to add VDS 
> '3a5cbd19-82b7-41ce-870b-5b65184934c9'
> 2020-09-24 10:36:36,684+03 INFO  
> [org.ovirt.engine.core.vdsbroker.AddVdsVDSCommand] (default task-23) 
> [7b77f4da] AddVds - VDS '3a5cbd19-82b7-41ce-870b-5b65184934c9' was added, 
> will try to add it to the resource manager
> 2020-09-24 10:36:36,684+03 INFO  [org.ovirt.engine.core.vdsbroker.VdsManager] 
> (default task-23) [7b77f4da] Entered VdsManager constructor
> 2020-09-24 10:36:36,693+03 INFO  [org.ovirt.engine.core.vdsbroker.VdsManager] 
> (default task-23) [7b77f4da] Initialize vdsBroker 
> 'node2.kvm.test.s1.eirc:54321'
> 2020-09-24 10:36:36,783+03 INFO  
> [org.ovirt.engine.core.vdsbroker.ResourceManager] (default task-23) 
> [7b77f4da] VDS 

[ovirt-users] Re: Installed oVirt 4.4.2 on CentOS 8

2020-09-24 Thread Yedidyah Bar David
On Wed, Sep 23, 2020 at 5:46 PM  wrote:
>
> New oVirt basic installation on Centos 8 as a physical server. The default 
> Data center in an uninitialized state

Congratulations! :-)

>
>
>
> This is my first working installation and I have no idea what to do next.
>
>
>
> Anyone knows a step by step guide for fresh install?

Please follow one of the installation guides.

Generally speaking: Add a host, then add storage.

Good luck and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JI7U7RNBJ72GBELZATTJBTS7NPF53XMB/


[ovirt-users] Re: console breaks with signed SSL certs

2020-09-23 Thread Yedidyah Bar David
On Tue, Sep 22, 2020 at 6:46 PM Philip Brown  wrote:
>
> Chrome didnt want to talk AT ALL to ovirt with self-signed certs (Because  
> HSTS is enabled)
>
> So I installed signed wildcard certs to the engine, and the nodes, following
>
> http://187.1.81.65/ovirt-engine/docs/manual/en-US/html/Administration_Guide/appe-Red_Hat_Enterprise_Virtualization_and_SSL.html

Going to http://187.1.81.65/ovirt-engine/ shows that this is RHEV
3.6.6, and the above document is from the documentation included for
it.

Is this the machine you work with? Or you simply found it at random
and use as doc?

Anyway, 3.6.6 is very old and log unsupported.

If it's indeed your setup, I recommend to upgrade.

Even if it's not, I recommend to check latest (4.4) docs, and compare
to yours - and try to guess what also applies in 3.6.6 (I think almost
everything does, didn't check).

> and
> https://cockpit-project.org/guide/172/https.html
>
> and chrome is happy now... except that suddenly, consoles refuse to work. and 
> there are no useful errors that I see, other than
>
> "Unable to connect to the graphic server"
>
> from the remote viewer app.

If you are going to continue debugging it yourself, you should also
check relevant logs on the engine and the host.

Also, assuming you did follow latest docs (as applicable):

Please check the cert included inside console.vv. Is it (check
"Issuer") the engine-internal CA (/etc/pki/ovirt-engine/ca.pem), or
your other CA?

It should be the engine's, and (at least for me) remote-viewer accepts
it - I do not see with --debug the error you got about self-signed
cert.

If it's the "other" CA cert, then it's a bug somewhere - either in the
software or the doc.

I am not sure remote-viewer of any version has a problem with this.

If you want a client that strictly uses only CAs you explicitly
accepted (not the one inside console.vv), you can use the novnc one -
this one connects to websocket-proxy, which (with an up-to-date
procedure) uses your other CA.

>
> I see someone not too long ago had the exact same problem, in
> https://www.mail-archive.com/users@ovirt.org/msg58814.html

Sorry, I didn't notice it.

Best regards,

>
> but.. no answer was given to him?
>
> Help please
>
>
>
> --
> Philip Brown| Sr. Linux System Administrator | Medata, Inc.
> 5 Peters Canyon Rd Suite 250
> Irvine CA 92606
> Office 714.918.1310| Fax 714.918.1325
> pbr...@medata.com| www.medata.com
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/KNJGW2Z6XPK4CD5LSEPB3ILXQ5KLPQ6B/



-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YH6XILX6GFEY3O4GOBDHHMUMTKG4UNUV/


[ovirt-users] Re: in ovirt-engine all host show the status at "non-responsive"

2020-09-21 Thread Yedidyah Bar David
On Mon, Sep 21, 2020 at 11:18 AM momokch--- via Users  wrote:
>
> What you have done???
> i just regenerate the ovirt-engine cert according to the link below
> https://lists.ovirt.org/pipermail/users/2014-April/023402.html
>
>
> # cp -a /etc/pki/ovirt-engine "/etc/pki/ovirt-engine.$(date
> "+%Y%m%d")"
> # SUBJECT="$(openssl x509 -subject -noout -in 
> /etc/pki/ovirt-engine/certs/apache.cer
> | sed 's/subject= //')"
> # /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name=apache
> --password="@PASSWORD@" --subject="${SUBJECT}"
> # openssl pkcs12 -passin "pass:@PASSWORD@" -nokeys -in
> /etc/pki/ovirt-engine/keys/apache.p12 > /etc/pki/ovirt-engine/certs/apache.cer
> # openssl pkcs12 -passin "pass:@PASSWORD@" -nocerts -nodes -in
> /etc/pki/ovirt-engine/keys/apache.p12 > 
> /etc/pki/ovirt-engine/keys/apache.key.nopass
> # chmod 0600 /etc/pki/ovirt-engine/keys/apache.key.nopass
>
>
>
> What version is this? 4.0.6.3-1el7.centos
>
>  When was it set up? 15,NOV, 2016

What happens if you try to Activate them?

Please check/share /var/log/ovirt-engine/engine.log. Search there for
"nonresponsive" (case insensitive) and ' ERROR '.
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZX7MCFBBO5X2CKJWWV3QW4AVYKILGMM4/


[ovirt-users] Re: in ovirt-engine all host show the status at "non-responsive"

2020-09-21 Thread Yedidyah Bar David
On Mon, Sep 21, 2020 at 2:45 AM momokch--- via Users  wrote:
>
> hello everyone,
>
> I apologize for asking what is probably a very basic question.
> i have 4 hosts running on the ovirt-engine, but on the last week the alert 
> show all the hosts status has gone to non responsive like the following 
> statement
> Host 1 became non responsive. It has no power management configured. Please 
> check the host status, manually reboot it, and click "Confirm Host Has Been 
> Rebooted"
> all the storage, vm, cannot detect on the ovirt-engine, does anyone face this 
> before?
> and also the alert also show ""Engine's certification has expired at 
> 2020-08-18. Please renew the engine's certification""
> is it related to the hosts become non-responsive???

Might be, can't tell.

What happens if you try to Activate them?

Please check/share /var/log/ovirt-engine/engine.log. Search there for
"nonresponsive" (case insensitive) and ' ERROR '.

> i have already regenerate the ovirt-engine cert from the previous post:
> https://lists.ovirt.org/archives/list/users@ovirt.org/thread/ZI5WNU6OB6FZMQNWAG5E4J2VGNDWMABZ/

In principle you should have ran 'engine-setup', and it should have
noticed and renewed it for you.
If you do not want it to also upgrade, you can pass also '--offline'.

What you have done, though, seems ok to me.

What version is this? When was it set up?

If it's indeed 5+ years old, then probably all certs have indeed expired.

You can try to 'Reinstall' the hosts, or 'Enroll Certificates'.

This will require stopping all VMs on them.

Good luck and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/HDD4764IAR53MU2VC6XQHSEM3WRY7HQO/


[ovirt-users] Re: Upgrading self-Hosted engine from 4.3 to oVirt 4.4

2020-09-21 Thread Yedidyah Bar David
On Fri, Sep 18, 2020 at 3:50 AM Adam Xu  wrote:
>
>
> 在 2020/9/17 17:42, Yedidyah Bar David 写道:
> > On Thu, Sep 17, 2020 at 11:57 AM Adam Xu  wrote:
> >>
> >> 在 2020/9/17 16:38, Yedidyah Bar David 写道:
> >>> On Thu, Sep 17, 2020 at 11:29 AM Adam Xu  wrote:
> >>>> 在 2020/9/17 15:07, Yedidyah Bar David 写道:
> >>>>> On Thu, Sep 17, 2020 at 8:16 AM Adam Xu  wrote:
> >>>>>> 在 2020/9/16 15:53, Yedidyah Bar David 写道:
> >>>>>>> On Wed, Sep 16, 2020 at 10:46 AM Adam Xu  
> >>>>>>> wrote:
> >>>>>>>> 在 2020/9/16 15:12, Yedidyah Bar David 写道:
> >>>>>>>>> On Wed, Sep 16, 2020 at 6:10 AM Adam Xu  
> >>>>>>>>> wrote:
> >>>>>>>>>> Hi ovirt
> >>>>>>>>>>
> >>>>>>>>>> I just try to upgrade a self-Hosted engine from 4.3.10 to 4.4.1.4. 
> >>>>>>>>>>  I followed the step in the document:
> >>>>>>>>>>
> >>>>>>>>>> https://www.ovirt.org/documentation/upgrade_guide/#SHE_Upgrading_from_4-3
> >>>>>>>>>>
> >>>>>>>>>> the old 4.3 env has a FC storage as engine storage domain and I 
> >>>>>>>>>> have created a new FC storage vv for the new storage domain to be 
> >>>>>>>>>> used in the next steps.
> >>>>>>>>>>
> >>>>>>>>>> I backup the old 4.3 env and prepare a total new host to restore 
> >>>>>>>>>> the env.
> >>>>>>>>>>
> >>>>>>>>>> in charter 4.4 step 8, it said:
> >>>>>>>>>>
> >>>>>>>>>> "During the deployment you need to provide a new storage domain. 
> >>>>>>>>>> The deployment script renames the 4.3 storage domain and retains 
> >>>>>>>>>> its data."
> >>>>>>>>>>
> >>>>>>>>>> it does rename the old storage domain. but it didn't let me choose 
> >>>>>>>>>> a new storage domain during the deployment. So the new enigne just 
> >>>>>>>>>> deployed in the new host's local storage and can not move to the 
> >>>>>>>>>> FC storage domain.
> >>>>>>>>>>
> >>>>>>>>>> Can anyone tell me what the problem is?
> >>>>>>>>> What do you mean in "deployed in the new host's local storage"?
> >>>>>>>>>
> >>>>>>>>> Did deploy finish successfully?
> >>>>>>>> I think it was not finished yet.
> >>>>>>> You did 'hosted-engine --deploy --restore-from-file=something', right?
> >>>>>>>
> >>>>>>> Did this finish?
> >>>>>> not finished yet.
> >>>>>>> What are the last few lines of the output?
> >>>>>> [ INFO  ] You can now connect to
> >>>>>> https://ovirt6.ntbaobei.com:6900/ovirt-engine/ and check the status of
> >>>>>> this host and eventually remediate it, please continue only when the
> >>>>>> host is listed as 'up'
> >>>>>>
> >>>>>> [ INFO  ] TASK [ovirt.hosted_engine_setup : include_tasks]
> >>>>>>
> >>>>>> [ INFO  ] ok: [localhost]
> >>>>>> [ INFO  ] TASK [ovirt.hosted_engine_setup : Create temporary lock file]
> >>>>>> [ INFO  ] changed: [localhost]
> >>>>>>
> >>>>>> [ INFO  ] TASK [ovirt.hosted_engine_setup : Pause execution until
> >>>>>> /tmp/ansible.g2opa_y6_he_setup_lock is removed, delete it once ready to
> >>>>>> proceed]
> >>>>> Great. This means that you replied 'Yes' to 'Pause the execution
> >>>>> after adding this host to the engine?', and it's now waiting.
> >>>>>
> >>>>>> but the new host which run the self-hosted engine's status is
> >>>>>> "NonOperational" and never will be "up"
> >>>>> You seem to to imply that you expected it to become "up" by itself,
> >>>>> and 

[ovirt-users] Re: Upgrading self-Hosted engine from 4.3 to oVirt 4.4

2020-09-17 Thread Yedidyah Bar David
On Thu, Sep 17, 2020 at 11:57 AM Adam Xu  wrote:
>
>
> 在 2020/9/17 16:38, Yedidyah Bar David 写道:
> > On Thu, Sep 17, 2020 at 11:29 AM Adam Xu  wrote:
> >>
> >> 在 2020/9/17 15:07, Yedidyah Bar David 写道:
> >>> On Thu, Sep 17, 2020 at 8:16 AM Adam Xu  wrote:
> >>>> 在 2020/9/16 15:53, Yedidyah Bar David 写道:
> >>>>> On Wed, Sep 16, 2020 at 10:46 AM Adam Xu  wrote:
> >>>>>> 在 2020/9/16 15:12, Yedidyah Bar David 写道:
> >>>>>>> On Wed, Sep 16, 2020 at 6:10 AM Adam Xu  
> >>>>>>> wrote:
> >>>>>>>> Hi ovirt
> >>>>>>>>
> >>>>>>>> I just try to upgrade a self-Hosted engine from 4.3.10 to 4.4.1.4.  
> >>>>>>>> I followed the step in the document:
> >>>>>>>>
> >>>>>>>> https://www.ovirt.org/documentation/upgrade_guide/#SHE_Upgrading_from_4-3
> >>>>>>>>
> >>>>>>>> the old 4.3 env has a FC storage as engine storage domain and I have 
> >>>>>>>> created a new FC storage vv for the new storage domain to be used in 
> >>>>>>>> the next steps.
> >>>>>>>>
> >>>>>>>> I backup the old 4.3 env and prepare a total new host to restore the 
> >>>>>>>> env.
> >>>>>>>>
> >>>>>>>> in charter 4.4 step 8, it said:
> >>>>>>>>
> >>>>>>>> "During the deployment you need to provide a new storage domain. The 
> >>>>>>>> deployment script renames the 4.3 storage domain and retains its 
> >>>>>>>> data."
> >>>>>>>>
> >>>>>>>> it does rename the old storage domain. but it didn't let me choose a 
> >>>>>>>> new storage domain during the deployment. So the new enigne just 
> >>>>>>>> deployed in the new host's local storage and can not move to the FC 
> >>>>>>>> storage domain.
> >>>>>>>>
> >>>>>>>> Can anyone tell me what the problem is?
> >>>>>>> What do you mean in "deployed in the new host's local storage"?
> >>>>>>>
> >>>>>>> Did deploy finish successfully?
> >>>>>> I think it was not finished yet.
> >>>>> You did 'hosted-engine --deploy --restore-from-file=something', right?
> >>>>>
> >>>>> Did this finish?
> >>>> not finished yet.
> >>>>> What are the last few lines of the output?
> >>>> [ INFO  ] You can now connect to
> >>>> https://ovirt6.ntbaobei.com:6900/ovirt-engine/ and check the status of
> >>>> this host and eventually remediate it, please continue only when the
> >>>> host is listed as 'up'
> >>>>
> >>>> [ INFO  ] TASK [ovirt.hosted_engine_setup : include_tasks]
> >>>>
> >>>> [ INFO  ] ok: [localhost]
> >>>> [ INFO  ] TASK [ovirt.hosted_engine_setup : Create temporary lock file]
> >>>> [ INFO  ] changed: [localhost]
> >>>>
> >>>> [ INFO  ] TASK [ovirt.hosted_engine_setup : Pause execution until
> >>>> /tmp/ansible.g2opa_y6_he_setup_lock is removed, delete it once ready to
> >>>> proceed]
> >>> Great. This means that you replied 'Yes' to 'Pause the execution
> >>> after adding this host to the engine?', and it's now waiting.
> >>>
> >>>> but the new host which run the self-hosted engine's status is
> >>>> "NonOperational" and never will be "up"
> >>> You seem to to imply that you expected it to become "up" by itself,
> >>> and that you claim that this will never happen, in which you are
> >>> correct.
> >>>
> >>> But that's not the intention. The message you got is:
> >>>
> >>>   You will be able to iteratively connect to the restored engine in
> >>> order to manually review and remediate its configuration before
> >>> proceeding with the deployment:
> >>>   please ensure that all the datacenter hosts and storage domain are
> >>> listed as up or in maintenance mode before proceeding.
> >>>   This is normally not required when restoring an up to

  1   2   3   4   5   6   7   8   9   10   >