[ovirt-users] Re: Best way to update dns config of ovirt node
On Tue, 25 Sep 2018 08:19:55 +0300 Edward Haas wrote: > On Mon, Sep 17, 2018 at 11:50 AM, Gianluca Cecchi > wrote: > > > On Sun, Sep 16, 2018 at 7:56 AM Edward Haas wrote: > > > [...] > [...] > [...] > [...] > [...] > [...] > [...] > [...] > [...] > >>> > >>> Thanks for your answer Edward. > >>> What do you mean with "network attachment window"? > >>> a) Network > Networks, then select ovirtmgmt line and edit, putting DNS > >>> info (that is empty right now) > >>> or > >>> b) Compute > Hosts, then select host1 line, click on host1 name, then > >>> Network Interfaces and Setup Host Networks. then edit ovirtmgmt > DNS > >>> Configuration (that is empty right now) > >>> or what? > >>> > >> > >> I meant (b). Option (a) is there to apply the same DNS entries over all > >> hosts for that specific network. > >> I do not see a problem of using both. > >> > > > > OK. > > What is it expected to happen if for example I have 4 active nodes and use > > a)? > > Possibly all of them loosing ovirtmgmt connection with possibly dangerous > > effects? > > > > I consider touching the management network always as a risk, but it should > work if you do not have VM/s on it. > I do not recall if changing the DNS on the Network immediately causes > setup-network commands to be sent to all hosts. > Changing the DNS on the Network does immediately causes setup-network commands to be sent to all hosts, after a big warning is shown in web UI. > > > > > > [...] > > > > The strange thing is that apparently it made what you say (from a files > > content point of view) but there is no match if you go into configuration > > inside web admin gui pages, neither at cluster level, nor at host level. > > This was what seemed strange to me. > > Please notice that these hosts were installed in 4.1.x and then update > > several times up to 4.2.6. > > So it could be the case of some sort of bug in previous versions and not > > if I plain install right now in 4.2.6 (not tested) > > > > > > > >> Upgraded systems (hosts have been added before DNS configuration was > >> available) will have it empty and you will need to explicitly set it. > >> > > It is not my case. > > > > We will have to check this then. We may have changed the policy on this > issue due to other complaints. > (An argument that we should not enforce DNS entries if not explicitly > requested sounds valid to me) > > It is possible to overwrite the DNS per host. This will be reported as 'out-of-sync'. You can explicitly mark the DNS setting of a host as synchronized to the network. > > > > > > > [...] > [...] > [...] > >> The DNS entry are supposed to be applied immediately through ifcfg, > >> rebooting is an precaution to make sure it has been correctly persisted. > >> And if the management network is not serving VM/s, then no VM evacuation > >> is needed. > >> > > > > If host is not reachable through ovirtmgmt doesn't fencing take place? And > > so indirect consequence a move of the VMs it had in charge? > > > > Correct, but as far as I know it is not immediate. There is a grace period > in which Engine (and VDSM) attempts to confirm connectivity. > VDSM will also (try to) revert back to the previous working configuration > in a "revert" action. > It may also be a matter of the level of "defence" needed. As mentioned, > there is a risk in touching the management network and your mentioned steps > are a way to reduce the risks. > But lets get another opinion on this, I may be wrong here. > Maybe I did not get the point here. Except a scenario of adding a host with FQDN instead of IP address to host engine, I am not aware of a scenario to make the host unreachable for engine by changing the DNS on the hosts. > > > > [...] > [...] > [...] > > > > This is a Red Hat case number, not a bugzilla entry. Because I had the > > same kind of problems on oVirt based environments and RHV based ones that > > are present. > > So for RHV I opened a case. > > As a consequence of the case, it was created this solution that I have not > > tested yet: > > https://access.redhat.com/solutions/3613731 > > > > Please note that it requires RH account, but in my opinion should be of > > public domain or similar information put inside oVirt documentation pages. > > It could happen having to change DNS and it can be useful to know the > > recommended workflow for that > > > [...] > [...] > [...] > [...] > > Note also my comments regarding environment installed in 4.1 and then > > updated to 4.2 > > > > Thanks > > Gianluca > > ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives:
[ovirt-users] Re: Best way to update dns config of ovirt node
On Mon, Sep 17, 2018 at 11:50 AM, Gianluca Cecchi wrote: > On Sun, Sep 16, 2018 at 7:56 AM Edward Haas wrote: > >> >> >> On Fri, Sep 14, 2018 at 9:43 AM, Gianluca Cecchi < >> gianluca.cec...@gmail.com> wrote: >> >>> On Thu, Sep 13, 2018 at 7:53 AM Edward Haas wrote: >>> On Mon, Sep 10, 2018 at 5:53 PM, Gianluca Cecchi < gianluca.cec...@gmail.com> wrote: > Hello, > supposing to have ovirt-ng node 4.2.6 and that ovirtmgmt config > regarding DNS servers has to be updated, what is the correct way to > proceed? > DNS should be editable from the network attachment window. >>> >>> Thanks for your answer Edward. >>> What do you mean with "network attachment window"? >>> a) Network > Networks, then select ovirtmgmt line and edit, putting DNS >>> info (that is empty right now) >>> or >>> b) Compute > Hosts, then select host1 line, click on host1 name, then >>> Network Interfaces and Setup Host Networks. then edit ovirtmgmt > DNS >>> Configuration (that is empty right now) >>> or what? >>> >> >> I meant (b). Option (a) is there to apply the same DNS entries over all >> hosts for that specific network. >> I do not see a problem of using both. >> > > OK. > What is it expected to happen if for example I have 4 active nodes and use > a)? > Possibly all of them loosing ovirtmgmt connection with possibly dangerous > effects? > I consider touching the management network always as a risk, but it should work if you do not have VM/s on it. I do not recall if changing the DNS on the Network immediately causes setup-network commands to be sent to all hosts. > > >> If you add a new host, Engine will read the existing DNS entries from the >> host and persist them. (you will see them in the setup-networks window (b)). >> > > The strange thing is that apparently it made what you say (from a files > content point of view) but there is no match if you go into configuration > inside web admin gui pages, neither at cluster level, nor at host level. > This was what seemed strange to me. > Please notice that these hosts were installed in 4.1.x and then update > several times up to 4.2.6. > So it could be the case of some sort of bug in previous versions and not > if I plain install right now in 4.2.6 (not tested) > > > >> Upgraded systems (hosts have been added before DNS configuration was >> available) will have it empty and you will need to explicitly set it. >> > It is not my case. > We will have to check this then. We may have changed the policy on this issue due to other complaints. (An argument that we should not enforce DNS entries if not explicitly requested sounds valid to me) > > > >>> The values are added through ifcfg, therefore its logic of adding it to resolv.conf is used. >>> >>> I have also opened a case for another environment where I'm using RHV-H >>> hosts, that should be quite similar to ovirt-node-ng >>> In that environment one of the original M$ based dns server was changed >>> (that was the one I had as primary) creating some latency problems. >>> Using setup host networks generated big problems, especially if doing on >>> the host where hosted engine was running. >>> I verified that a safe way to modify DNS config is: >>> - evacuate VMs from host >>> - put host into maintenance >>> - change dns settings in setup host networks >>> - reboot the host >>> - activate the host >>> >>> I do not see a reason to pass all these steps unless we have a bug. >> The DNS entry are supposed to be applied immediately through ifcfg, >> rebooting is an precaution to make sure it has been correctly persisted. >> And if the management network is not serving VM/s, then no VM evacuation >> is needed. >> > > If host is not reachable through ovirtmgmt doesn't fencing take place? And > so indirect consequence a move of the VMs it had in charge? > Correct, but as far as I know it is not immediate. There is a grace period in which Engine (and VDSM) attempts to confirm connectivity. VDSM will also (try to) revert back to the previous working configuration in a "revert" action. It may also be a matter of the level of "defence" needed. As mentioned, there is a risk in touching the management network and your mentioned steps are a way to reduce the risks. But lets get another opinion on this, I may be wrong here. > >> I guess the risk here is the management network editing, which is >> sensitive (Engine looses connectivity and unexpected behaviour may occur). >> If there is a problem with this scenario, I would consider it a bug. >> >> >>> This way the "persistent" files are initially updated and then at the >>> reboot the ifcfg and resolv.conf files are correctly updated >>> If you are interested my case is 02179117 >>> >> >> I could not find such a BZ. >> > > This is a Red Hat case number, not a bugzilla entry. Because I had the > same kind of problems on oVirt based environments and RHV based ones that > are present. > So for RHV I opened a case. > As a
[ovirt-users] Re: Best way to update dns config of ovirt node
On Sun, Sep 16, 2018 at 7:56 AM Edward Haas wrote: > > > On Fri, Sep 14, 2018 at 9:43 AM, Gianluca Cecchi < > gianluca.cec...@gmail.com> wrote: > >> On Thu, Sep 13, 2018 at 7:53 AM Edward Haas wrote: >> >>> >>> >>> On Mon, Sep 10, 2018 at 5:53 PM, Gianluca Cecchi < >>> gianluca.cec...@gmail.com> wrote: >>> Hello, supposing to have ovirt-ng node 4.2.6 and that ovirtmgmt config regarding DNS servers has to be updated, what is the correct way to proceed? >>> >>> DNS should be editable from the network attachment window. >>> >> >> Thanks for your answer Edward. >> What do you mean with "network attachment window"? >> a) Network > Networks, then select ovirtmgmt line and edit, putting DNS >> info (that is empty right now) >> or >> b) Compute > Hosts, then select host1 line, click on host1 name, then >> Network Interfaces and Setup Host Networks. then edit ovirtmgmt > DNS >> Configuration (that is empty right now) >> or what? >> > > I meant (b). Option (a) is there to apply the same DNS entries over all > hosts for that specific network. > I do not see a problem of using both. > OK. What is it expected to happen if for example I have 4 active nodes and use a)? Possibly all of them loosing ovirtmgmt connection with possibly dangerous effects? > If you add a new host, Engine will read the existing DNS entries from the > host and persist them. (you will see them in the setup-networks window (b)). > The strange thing is that apparently it made what you say (from a files content point of view) but there is no match if you go into configuration inside web admin gui pages, neither at cluster level, nor at host level. This was what seemed strange to me. Please notice that these hosts were installed in 4.1.x and then update several times up to 4.2.6. So it could be the case of some sort of bug in previous versions and not if I plain install right now in 4.2.6 (not tested) > Upgraded systems (hosts have been added before DNS configuration was > available) will have it empty and you will need to explicitly set it. > It is not my case. >> >>> The values are added through ifcfg, therefore its logic of adding it to >>> resolv.conf is used. >>> >> >> I have also opened a case for another environment where I'm using RHV-H >> hosts, that should be quite similar to ovirt-node-ng >> In that environment one of the original M$ based dns server was changed >> (that was the one I had as primary) creating some latency problems. >> Using setup host networks generated big problems, especially if doing on >> the host where hosted engine was running. >> I verified that a safe way to modify DNS config is: >> - evacuate VMs from host >> - put host into maintenance >> - change dns settings in setup host networks >> - reboot the host >> - activate the host >> >> I do not see a reason to pass all these steps unless we have a bug. > The DNS entry are supposed to be applied immediately through ifcfg, > rebooting is an precaution to make sure it has been correctly persisted. > And if the management network is not serving VM/s, then no VM evacuation > is needed. > If host is not reachable through ovirtmgmt doesn't fencing take place? And so indirect consequence a move of the VMs it had in charge? > > I guess the risk here is the management network editing, which is > sensitive (Engine looses connectivity and unexpected behaviour may occur). > If there is a problem with this scenario, I would consider it a bug. > > >> This way the "persistent" files are initially updated and then at the >> reboot the ifcfg and resolv.conf files are correctly updated >> If you are interested my case is 02179117 >> > > I could not find such a BZ. > This is a Red Hat case number, not a bugzilla entry. Because I had the same kind of problems on oVirt based environments and RHV based ones that are present. So for RHV I opened a case. As a consequence of the case, it was created this solution that I have not tested yet: https://access.redhat.com/solutions/3613731 Please note that it requires RH account, but in my opinion should be of public domain or similar information put inside oVirt documentation pages. It could happen having to change DNS and it can be useful to know the recommended workflow for that > >> As far as I remember, when adding a host (that reports the nameservers), > the DNS entries learned are added to the Engine config and used when > sending the first setup-networks to VDSM. > But there were several iterations of this flow, perhaps it changed (will > check). > > >> Note also my comments regarding environment installed in 4.1 and then updated to 4.2 Thanks Gianluca ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives:
[ovirt-users] Re: Best way to update dns config of ovirt node
On Fri, Sep 14, 2018 at 9:43 AM, Gianluca Cecchi wrote: > On Thu, Sep 13, 2018 at 7:53 AM Edward Haas wrote: > >> >> >> On Mon, Sep 10, 2018 at 5:53 PM, Gianluca Cecchi < >> gianluca.cec...@gmail.com> wrote: >> >>> Hello, >>> supposing to have ovirt-ng node 4.2.6 and that ovirtmgmt config >>> regarding DNS servers has to be updated, what is the correct way to proceed? >>> >> >> DNS should be editable from the network attachment window. >> > > Thanks for your answer Edward. > What do you mean with "network attachment window"? > a) Network > Networks, then select ovirtmgmt line and edit, putting DNS > info (that is empty right now) > or > b) Compute > Hosts, then select host1 line, click on host1 name, then > Network Interfaces and Setup Host Networks. then edit ovirtmgmt > DNS > Configuration (that is empty right now) > or what? > I meant (b). Option (a) is there to apply the same DNS entries over all hosts for that specific network. I do not see a problem of using both. If you add a new host, Engine will read the existing DNS entries from the host and persist them. (you will see them in the setup-networks window (b)). Upgraded systems (hosts have been added before DNS configuration was available) will have it empty and you will need to explicitly set it. > In my case they are both empty, but when I installed hosts I configured > them > > >> They are applied only for the network which "owns" the default-route for >> that host. >> > > This is typically ovirtmgmt network, as in my case, I think. > Yes, but one can change the management network (which owns the default-route). > > >> The values are added through ifcfg, therefore its logic of adding it to >> resolv.conf is used. >> > > I have also opened a case for another environment where I'm using RHV-H > hosts, that should be quite similar to ovirt-node-ng > In that environment one of the original M$ based dns server was changed > (that was the one I had as primary) creating some latency problems. > Using setup host networks generated big problems, especially if doing on > the host where hosted engine was running. > I verified that a safe way to modify DNS config is: > - evacuate VMs from host > - put host into maintenance > - change dns settings in setup host networks > - reboot the host > - activate the host > > I do not see a reason to pass all these steps unless we have a bug. The DNS entry are supposed to be applied immediately through ifcfg, rebooting is an precaution to make sure it has been correctly persisted. And if the management network is not serving VM/s, then no VM evacuation is needed. I guess the risk here is the management network editing, which is sensitive (Engine looses connectivity and unexpected behaviour may occur). If there is a problem with this scenario, I would consider it a bug. > This way the "persistent" files are initially updated and then at the > reboot the ifcfg and resolv.conf files are correctly updated > If you are interested my case is 02179117 > I could not find such a BZ. > > Also in that environment the config pages (hosts and logical network of > cluster) had empty DNS entries > > I have not understood if the hosts in "setup host network" (and also > ovirtmgmt logical network) having empty DNS config is a bug or it's me not > understanding the workflow when adding a host to the oVirt environment. > As far as I remember, when adding a host (that reports the nameservers), the DNS entries learned are added to the Engine config and used when sending the first setup-networks to VDSM. But there were several iterations of this flow, perhaps it changed (will check). > Gianluca > ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/GJEHHDCZCVOLDI54YXI2YKEGBKCBIO6U/
[ovirt-users] Re: Best way to update dns config of ovirt node
On Thu, Sep 13, 2018 at 7:53 AM Edward Haas wrote: > > > On Mon, Sep 10, 2018 at 5:53 PM, Gianluca Cecchi < > gianluca.cec...@gmail.com> wrote: > >> Hello, >> supposing to have ovirt-ng node 4.2.6 and that ovirtmgmt config regarding >> DNS servers has to be updated, what is the correct way to proceed? >> > > DNS should be editable from the network attachment window. > Thanks for your answer Edward. What do you mean with "network attachment window"? a) Network > Networks, then select ovirtmgmt line and edit, putting DNS info (that is empty right now) or b) Compute > Hosts, then select host1 line, click on host1 name, then Network Interfaces and Setup Host Networks. then edit ovirtmgmt > DNS Configuration (that is empty right now) or what? In my case they are both empty, but when I installed hosts I configured them > They are applied only for the network which "owns" the default-route for > that host. > This is typically ovirtmgmt network, as in my case, I think. > The values are added through ifcfg, therefore its logic of adding it to > resolv.conf is used. > I have also opened a case for another environment where I'm using RHV-H hosts, that should be quite similar to ovirt-node-ng In that environment one of the original M$ based dns server was changed (that was the one I had as primary) creating some latency problems. Using setup host networks generated big problems, especially if doing on the host where hosted engine was running. I verified that a safe way to modify DNS config is: - evacuate VMs from host - put host into maintenance - change dns settings in setup host networks - reboot the host - activate the host This way the "persistent" files are initially updated and then at the reboot the ifcfg and resolv.conf files are correctly updated If you are interested my case is 02179117 Also in that environment the config pages (hosts and logical network of cluster) had empty DNS entries I have not understood if the hosts in "setup host network" (and also ovirtmgmt logical network) having empty DNS config is a bug or it's me not understanding the workflow when adding a host to the oVirt environment. Gianluca ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/OOW6CSGLH2BWESKCYJNJTUYGOOB3O2HI/
[ovirt-users] Re: Best way to update dns config of ovirt node
On Mon, Sep 10, 2018 at 5:53 PM, Gianluca Cecchi wrote: > Hello, > supposing to have ovirt-ng node 4.2.6 and that ovirtmgmt config regarding > DNS servers has to be updated, what is the correct way to proceed? > DNS should be editable from the network attachment window. They are applied only for the network which "owns" the default-route for that host. The values are added through ifcfg, therefore its logic of adding it to resolv.conf is used. > Thanks, > Gianluca > > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: https://www.ovirt.org/community/about/community- > guidelines/ > List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/ > message/KAYTA6Y34ONCP3YVXL6ST6NZY7WE32CW/ > > ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/PZQYHNJCEO5BSQPQL2OY7QRVGWND25X4/
