Hi strahil, The current ovirt node image built by Lev includes vdsm-hook-nestedvt-4.30.46-1.el7.noarch so yes it should be available when adding the node.
On Wed, May 13, 2020 at 12:49 AM Strahil Nikolov via Users <users@ovirt.org> wrote: > On May 12, 2020 6:56:45 PM GMT+03:00, Giorgio Biacchi <gior...@di.unimi.it> > wrote: > >Il 12/05/2020 17:07, Dominik Holler ha scritto: > >> > >> > >> On Tue, May 12, 2020 at 4:25 PM Giorgio Biacchi <gior...@di.unimi.it > >> <mailto:gior...@di.unimi.it>> wrote: > >> > >> On 5/12/20 12:28 PM, Dominik Holler wrote: > >> > > >> > > >> > On Tue, May 12, 2020 at 8:49 AM Giorgio Biacchi > >> <gior...@di.unimi.it <mailto:gior...@di.unimi.it> > >> > <mailto:gior...@di.unimi.it <mailto:gior...@di.unimi.it>>> > >wrote: > >> > > >> > On 5/11/20 5:53 PM, Dominik Holler wrote: > >> > > > >> > > > >> > > On Mon, May 11, 2020 at 12:31 PM Giorgio Biacchi > >> > <gior...@di.unimi.it <mailto:gior...@di.unimi.it> > >> <mailto:gior...@di.unimi.it <mailto:gior...@di.unimi.it>> > >> > > <mailto:gior...@di.unimi.it <mailto:gior...@di.unimi.it> > >> <mailto:gior...@di.unimi.it <mailto:gior...@di.unimi.it>>>> > >wrote: > >> > > > >> > > Hi list, > >> > > I've spent a couple of days trying to understand why > >> this was > >> > > happening... > >> > > > >> > > For the installation I have a well tested > >installation > >> server > >> > with a > >> > > custom kickstart file to setup ssh keys and custom > >> hooks for > >> > infiniband > >> > > and I'm installing Ovirt Node 4.3.9 via pxe, this is > >> particularly > >> > > useful > >> > > when I have to install a bunch of blades at once.. > >In > >> the past > >> > I had no > >> > > issues and all was working like a charm until now > >when some > >> > hardware > >> > > failed and I had to replace it. > >> > > > >> > > As expected I have no issues in the node > >installation > >> > process.. the > >> > > troubles begins when I try to add the node, > >> installation fails > >> > and in > >> > > the UI I have an exclamation mark with the message > >> "Host has > >> > no default > >> > > route." but I can ping and do ssh to the host from > >the > >> > manager.. the > >> > > problem is somewhere else in the communication > >between the > >> > engine and > >> > > vdsmd preventing the engine to refresh the host > >> capabilities. > >> > > > >> > > So from the engine I tried: > >> > > > >> > > [root@manager ~]# openssl s_client -connect > >> 172.20.22.78:54321 <http://172.20.22.78:54321> > >> > <http://172.20.22.78:54321> > >> > > <http://172.20.22.78:54321> > >> > > CONNECTED(00000003) > >> > > --- > >> > > Certificate chain > >> > > 0 s:/CN=cn128.lagrange.di.unimi.it/O=VDSM > >> <http://cn128.lagrange.di.unimi.it/O=VDSM> > >> > <http://cn128.lagrange.di.unimi.it/O=VDSM> > >> > > <http://cn128.lagrange.di.unimi.it/O=VDSM> > >Certificate > >> > > i:/CN=VDSM Certificate Authority > >> > > 1 s:/CN=VDSM Certificate Authority > >> > > i:/CN=VDSM Certificate Authority > >> > > --- > >> > > > >> > > The host has still the self signed vdsm > >certificate.. > >> and on the > >> > > host in > >> > > vdsm.log I find: > >> > > > >> > > 2020-05-11 09:52:25,433+0000 ERROR (Reactor thread) > >> > > [ProtocolDetector.SSLHandshakeDispatcher] ssl > >> handshake: SSLError, > >> > > address: ::ffff:159.149.129.220 (sslutils:264) > >> > > > >> > > So I tried to enroll the certificate from the UI and > >> from the > >> > events > >> > > tab > >> > > I sow the enrolling was successful but: > >> > > > >> > > [root@manager ~]# openssl s_client -connect > >> 172.20.22.78:54321 <http://172.20.22.78:54321> > >> > <http://172.20.22.78:54321> > >> > > <http://172.20.22.78:54321> > >> > > > >> > > 140084336994192:error:140790E5:SSL > >routines:ssl23_write:ssl > >> > handshake > >> > > failure:s23_lib.c:177: > >> > > CONNECTED(00000003) > >> > > --- > >> > > no peer certificate available > >> > > --- > >> > > > >> > > there's still some issue with the certificates.. so > >on the > >> > host again: > >> > > > >> > > [root@cn128 vdsm]# find /etc/pki/vdsm/ -type f -cmin > >-10| > >> > xargs ls -l > >> > > -rw-------. 1 root kvm 1424 May 11 09:56 > >> > /etc/pki/vdsm/certs/cacert.pem > >> > > -rw-------. 1 root kvm 5108 May 11 09:57 > >> > > /etc/pki/vdsm/certs/vdsmcert.pem > >> > > -r--r-----. 1 root kvm 1704 May 11 09:56 > >> > /etc/pki/vdsm/keys/vdsmkey.pem > >> > > -rw-r--r--. 1 root root 1424 May 11 09:57 > >> > > /etc/pki/vdsm/libvirt-spice/ca-cert.pem > >> > > -rw-r--r--. 1 root root 5108 May 11 09:57 > >> > > /etc/pki/vdsm/libvirt-spice/server-cert.pem > >> > > -r--r-----. 1 root root 1704 May 11 09:56 > >> > > /etc/pki/vdsm/libvirt-spice/server-key.pem > >> > > > >> > > It seems that cacert.pem and vdsmcert.pem have wrong > >> permissions.. > >> > > let's > >> > > try to fix it.. > >> > > > >> > > [root@cn128 vdsm]# chown 36:36 > >> /etc/pki/vdsm/certs/cacert.pem > >> > > /etc/pki/vdsm/certs/vdsmcert.pem > >> > > > >> > > And now: > >> > > > >> > > [root@manager ~]# openssl s_client -connect > >> > 172.20.22.78:54321| less > >> > > CONNECTED(00000003) > >> > > --- > >> > > Certificate chain > >> > > 0 s:/O=lagrange.di.unimi.it/CN=172.20.22.78 > >> <http://lagrange.di.unimi.it/CN=172.20.22.78> > >> > <http://lagrange.di.unimi.it/CN=172.20.22.78> > >> > > <http://lagrange.di.unimi.it/CN=172.20.22.78> > >> > > > >> > > > >> > > >> > > i:/C=US/O=lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941 > ><http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941> > >> > > > <http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941> > >> > > > >> > > <http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941> > >> > > 1 > >> > > > >> > > >> > > s:/C=US/O=lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941 > ><http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941> > >> > > > <http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941> > >> > > > >> > > <http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941> > >> > > > >> > > > >> > > >> > > i:/C=US/O=lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941 > ><http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941> > >> > > > <http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941> > >> > > > >> > > <http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941> > >> > > --- > >> > > > >> > > Now I can finally refresh the host capabilities and > >> setup the host > >> > > networks.. > >> > > > >> > > In attachment all the relevant logs, I don't know if > >I've > >> > found some > >> > > bug.. this is the first time i had so many troubles > >> adding a > >> > new host.. > >> > > so I decided to share my experience with the list.. > >> > > > >> > > > >> > > Thanks for raising this. > >> > > > >> > > On adding the host there is an error about > >> vdsm-hook-nestedvt which I > >> > > cannot interprete, maybe someone else can do. > >> > > In vdsm.log I noticed a strange behavior of > >setupNetworks, > >> can you > >> > > please share the corresponding supervdsm.log, too? > >> > > > >> > > > >> > > > >> > > Cheers > >> > > -- > >> > > gb > >> > > > >> > > PGP Key: http://pgp.mit.edu/ > >> > > Primary key fingerprint: C510 0765 943E EBED A4F2 > >69D3 > >> 16CC DC90 > >> > > B9CB 0F34 > >> > > _______________________________________________ > >> > > Users mailing list -- users@ovirt.org > >> <mailto:users@ovirt.org> <mailto:users@ovirt.org > >> <mailto:users@ovirt.org>> > >> > <mailto:users@ovirt.org <mailto:users@ovirt.org> > >> <mailto:users@ovirt.org <mailto:users@ovirt.org>>> > >> > > To unsubscribe send an email to > >users-le...@ovirt.org > >> <mailto:users-le...@ovirt.org> > >> > <mailto:users-le...@ovirt.org > ><mailto:users-le...@ovirt.org>> > >> > > <mailto:users-le...@ovirt.org > >> <mailto:users-le...@ovirt.org> <mailto:users-le...@ovirt.org > >> <mailto:users-le...@ovirt.org>>> > >> > > Privacy Statement: > >> https://www.ovirt.org/privacy-policy.html > >> > > oVirt Code of Conduct: > >> > > > >https://www.ovirt.org/community/about/community-guidelines/ > >> > > List Archives: > >> > > > >> > > >> > > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/6JTU3HB4WCI27WSLGEOSLMPYFU22EX5H/ > >> > > > >> > Hi, > >> > I don't think that the missing vdsm-hook-nestedvt is a > >> problem, in our > >> > environment we have one engine but multiple clusters and > >that > >> hook is > >> > only needed on one cluster to enable nested > >virtualization. > >> > > >> > See attachment for supervdsm.log. > >> > > >> > > >> > Thanks, network config flows looked fine. > >> > > >> > Maybe > >> > https://bugzilla.redhat.com/1794485 > >> > is the root for this issue? > >> > > >> > > >> > Regards > >> > -- > >> > gb > >> > > >> > PGP Key: http://pgp.mit.edu/ > >> > Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 > >16CC DC90 > >> > B9CB 0F34 > >> > > >> > >> I removed the file > >> > > >/usr/share/ovirt-host-deploy/plugins/ovirt-host-deploy/vdsmhooks/packages.d/vdsm-hook-nestedvt.centos > >> from the engine host ( the content of the file was > >"vdsm-hook-nestedvt" > >> ) and reinstalled another host and now the installation works > >correctly. > >> > >> > >> This is a great hint. Do you have an idea where this file comes from? > > > >Yes, it was a change made by another member of our staff to automate > >the > >installation of that hook.. as far as I know this is the correct way to > > > >add additional packages during the host installation, but I still have > >no idea why the required package can not be found, even via yum install > > > >as I wrote before. > > > >So now the real question is: why can't I install vdsm-hook-nestedvt via > >yum? > > > >And even if it's now clear that this is the reason why the installation > > > >process fails I wasn't expecting such a big failure.. the hook itself > >it's not strictly necessary to have a working host.. I was expecting a > >warning more than a fail.. > > > >But at least I'm glad I've found the cause of the failure > > > >> > >> So the problem is that during the host installation > >vdsm-hook-nestedvt > >> cannot be found/downloaded from the repos and this, somehow, > >breaks the > >> installation process, the certificate enrollment and so on.. > >> > >> As a matter of fact if I try: > >> > >> [root@cn127 ~]# yum install vdsm-hook-nestedvt > >> Loaded plugins: enabled_repos_upload, fastestmirror, > >imgbased-persist, > >> package_upload, product-id, > >> : search-disabled-repos, subscription-manager, > >> vdsmupgrade, versionlock > >> This system is not registered with an entitlement server. You can > >use > >> subscription-manager to register. > >> Loading mirror speeds from cached hostfile > >> * ovirt-4.3-epel: epel.mirror.far.fi > ><http://epel.mirror.far.fi> > >> No package vdsm-hook-nestedvt available. > >> Error: Nothing to do > >> Uploading Enabled Repositories Report > >> Cannot upload enabled repos report, is this client registered? > >> > >> Thanks for the support. > >> > >> -- > >> gb > >> > >> PGP Key: http://pgp.mit.edu/ > >> Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 > >> B9CB 0F34 > >> > > Hi, > > I can see the package in 'ovirt-4.3' repo . > Do you have the repo available at the time that package is called ? > > Best Regards, > Strahil Nikolov > _______________________________________________ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/WZREWC7BDYHN4U4IXPV3IYBRSSLJZYRC/ >
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3DVCDX2RL6W275WIHJPK53UYA3EKLSCY/
