Hi Giorgio, Ovirt-node is based on being a closed system with certain predefined packages, so the system updates itself to a newer version with an updated bundle of packages.
additional packages can be installed if you enable the repositories residing at: /etc/yum.repos.d in this case /etc/yum.repos.d/ovirt-4.3.repo this should resolve what you are encountering. On Wed, May 13, 2020 at 2:18 PM Giorgio Biacchi <[email protected]> wrote: > Hi Lev, > I just used the iso you provided to reinstall the same host and now I > see vdsm-hook-nestedvt is pre installed, but this is only a workaround. > > The hook is always present, no matter what I put in > /usr/share/ovirt-host-deploy/plugins/ovirt-host-deploy/vdsmhooks/packages.d/ > > on the engine host. > > If I add, for example, vdsm-hook-macspoof in the same directory on the > engine host the installation fails again: > > 2020-05-13 10:39:32,590+0000 ERROR > otopi.plugins.otopi.packagers.yumpackager yumpackager.error:85 Yum > Cannot queue package vdsm-hook-macspoof: Package vdsm-hook-macspoof > cannot be found > 2020-05-13 10:39:32,590+0000 DEBUG otopi.context > context._executeMethod:145 method exception > Traceback (most recent call last): > File "/tmp/ovirt-CQNPURostK/pythonlib/otopi/context.py", line 132, in > _executeMethod > method['method']() > File > "/tmp/ovirt-CQNPURostK/otopi-plugins/ovirt-host-deploy/vdsmhooks/hooks.py", > > line 109, in _packages > self.packager.installUpdate(f.read().splitlines()) > File > "/tmp/ovirt-CQNPURostK/otopi-plugins/otopi/packagers/yumpackager.py", > line 305, in installUpdate > ignoreErrors=ignoreErrors > File "/tmp/ovirt-CQNPURostK/pythonlib/otopi/miniyum.py", line 884, in > installUpdate > **kwargs > File "/tmp/ovirt-CQNPURostK/pythonlib/otopi/miniyum.py", line 500, in > _queue > package=package, > RuntimeError: Package vdsm-hook-macspoof cannot be found > > On https://resources.ovirt.org/pub/ovirt-4.3/rpm/el7/noarch/ I see many > packetized hooks and I thought that adding what I need in > /usr/share/ovirt-host-deploy/plugins/ovirt-host-deploy/vdsmhooks/packages.d/ > > was the correct way to install them. Am I wrong?? > > Regards > > Il 12/05/2020 19:30, Lev Veyde ha scritto: > > Hi Giorgio, > > > > Do you have a staging test (non production) environment? > > I built a test ovirt-node-ng image that includes this package, and if > > you want you can download it from here: > > > https://jenkins.ovirt.org/job/ovirt-node-ng-image_standard-check-patch/176/artifact/check-patch.el7.x86_64/ > > > > If you do, please let us know if it resolved the issue for you, > > > > Thanks in advance, > > > > On Tue, May 12, 2020 at 6:57 PM Giorgio Biacchi <[email protected] > > <mailto:[email protected]>> wrote: > > > > Il 12/05/2020 17:07, Dominik Holler ha scritto: > > > > > > > > > On Tue, May 12, 2020 at 4:25 PM Giorgio Biacchi > > <[email protected] <mailto:[email protected]> > > > <mailto:[email protected] <mailto:[email protected]>>> wrote: > > > > > > On 5/12/20 12:28 PM, Dominik Holler wrote: > > > > > > > > > > > > On Tue, May 12, 2020 at 8:49 AM Giorgio Biacchi > > > <[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>> > > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>>> wrote: > > > > > > > > On 5/11/20 5:53 PM, Dominik Holler wrote: > > > > > > > > > > > > > > > On Mon, May 11, 2020 at 12:31 PM Giorgio Biacchi > > > > <[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>> > > > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>>>> wrote: > > > > > > > > > > Hi list, > > > > > I've spent a couple of days trying to understand > why > > > this was > > > > > happening... > > > > > > > > > > For the installation I have a well tested > > installation > > > server > > > > with a > > > > > custom kickstart file to setup ssh keys and > custom > > > hooks for > > > > infiniband > > > > > and I'm installing Ovirt Node 4.3.9 via pxe, > this is > > > particularly > > > > > useful > > > > > when I have to install a bunch of blades at > > once.. In > > > the past > > > > I had no > > > > > issues and all was working like a charm until > > now when some > > > > hardware > > > > > failed and I had to replace it. > > > > > > > > > > As expected I have no issues in the node > > installation > > > > process.. the > > > > > troubles begins when I try to add the node, > > > installation fails > > > > and in > > > > > the UI I have an exclamation mark with the > message > > > "Host has > > > > no default > > > > > route." but I can ping and do ssh to the host > > from the > > > > manager.. the > > > > > problem is somewhere else in the communication > > between the > > > > engine and > > > > > vdsmd preventing the engine to refresh the host > > > capabilities. > > > > > > > > > > So from the engine I tried: > > > > > > > > > > [root@manager ~]# openssl s_client -connect > > > 172.20.22.78:54321 <http://172.20.22.78:54321> > > <http://172.20.22.78:54321> > > > > <http://172.20.22.78:54321> > > > > > <http://172.20.22.78:54321> > > > > > CONNECTED(00000003) > > > > > --- > > > > > Certificate chain > > > > > 0 s:/CN=cn128.lagrange.di.unimi.it/O=VDSM > > <http://cn128.lagrange.di.unimi.it/O=VDSM> > > > <http://cn128.lagrange.di.unimi.it/O=VDSM> > > > > <http://cn128.lagrange.di.unimi.it/O=VDSM> > > > > > <http://cn128.lagrange.di.unimi.it/O=VDSM> > > Certificate > > > > > i:/CN=VDSM Certificate Authority > > > > > 1 s:/CN=VDSM Certificate Authority > > > > > i:/CN=VDSM Certificate Authority > > > > > --- > > > > > > > > > > The host has still the self signed vdsm > > certificate.. > > > and on the > > > > > host in > > > > > vdsm.log I find: > > > > > > > > > > 2020-05-11 09:52:25,433+0000 ERROR (Reactor > thread) > > > > > [ProtocolDetector.SSLHandshakeDispatcher] ssl > > > handshake: SSLError, > > > > > address: ::ffff:159.149.129.220 (sslutils:264) > > > > > > > > > > So I tried to enroll the certificate from the UI > and > > > from the > > > > events > > > > > tab > > > > > I sow the enrolling was successful but: > > > > > > > > > > [root@manager ~]# openssl s_client -connect > > > 172.20.22.78:54321 <http://172.20.22.78:54321> > > <http://172.20.22.78:54321> > > > > <http://172.20.22.78:54321> > > > > > <http://172.20.22.78:54321> > > > > > > > > > > 140084336994192:error:140790E5:SSL > > routines:ssl23_write:ssl > > > > handshake > > > > > failure:s23_lib.c:177: > > > > > CONNECTED(00000003) > > > > > --- > > > > > no peer certificate available > > > > > --- > > > > > > > > > > there's still some issue with the certificates.. > > so on the > > > > host again: > > > > > > > > > > [root@cn128 vdsm]# find /etc/pki/vdsm/ -type f > > -cmin -10| > > > > xargs ls -l > > > > > -rw-------. 1 root kvm 1424 May 11 09:56 > > > > /etc/pki/vdsm/certs/cacert.pem > > > > > -rw-------. 1 root kvm 5108 May 11 09:57 > > > > > /etc/pki/vdsm/certs/vdsmcert.pem > > > > > -r--r-----. 1 root kvm 1704 May 11 09:56 > > > > /etc/pki/vdsm/keys/vdsmkey.pem > > > > > -rw-r--r--. 1 root root 1424 May 11 09:57 > > > > > /etc/pki/vdsm/libvirt-spice/ca-cert.pem > > > > > -rw-r--r--. 1 root root 5108 May 11 09:57 > > > > > /etc/pki/vdsm/libvirt-spice/server-cert.pem > > > > > -r--r-----. 1 root root 1704 May 11 09:56 > > > > > /etc/pki/vdsm/libvirt-spice/server-key.pem > > > > > > > > > > It seems that cacert.pem and vdsmcert.pem have > wrong > > > permissions.. > > > > > let's > > > > > try to fix it.. > > > > > > > > > > [root@cn128 vdsm]# chown 36:36 > > > /etc/pki/vdsm/certs/cacert.pem > > > > > /etc/pki/vdsm/certs/vdsmcert.pem > > > > > > > > > > And now: > > > > > > > > > > [root@manager ~]# openssl s_client -connect > > > > 172.20.22.78:54321| less > > > > > CONNECTED(00000003) > > > > > --- > > > > > Certificate chain > > > > > 0 s:/O=lagrange.di.unimi.it/CN=172.20.22.78 > > <http://lagrange.di.unimi.it/CN=172.20.22.78> > > > <http://lagrange.di.unimi.it/CN=172.20.22.78> > > > > <http://lagrange.di.unimi.it/CN=172.20.22.78> > > > > > <http://lagrange.di.unimi.it/CN=172.20.22.78> > > > > > > > > > > > > > > > > > > > i:/C=US/O= > lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941 < > http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941> < > http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941> > > > > > > <http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941> > > > > > > > > > > <http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941> > > > > > 1 > > > > > > > > > > > > > > s:/C=US/O= > lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941 < > http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941> < > http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941> > > > > > > <http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941> > > > > > > > > > > <http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941> > > > > > > > > > > > > > > > > > > > i:/C=US/O= > lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941 < > http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941> < > http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941> > > > > > > <http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941> > > > > > > > > > > <http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941> > > > > > --- > > > > > > > > > > Now I can finally refresh the host capabilities > and > > > setup the host > > > > > networks.. > > > > > > > > > > In attachment all the relevant logs, I don't > > know if I've > > > > found some > > > > > bug.. this is the first time i had so many > troubles > > > adding a > > > > new host.. > > > > > so I decided to share my experience with the > list.. > > > > > > > > > > > > > > > Thanks for raising this. > > > > > > > > > > On adding the host there is an error about > > > vdsm-hook-nestedvt which I > > > > > cannot interprete, maybe someone else can do. > > > > > In vdsm.log I noticed a strange behavior of > > setupNetworks, > > > can you > > > > > please share the corresponding supervdsm.log, too? > > > > > > > > > > > > > > > > > > > > Cheers > > > > > -- > > > > > gb > > > > > > > > > > PGP Key: http://pgp.mit.edu/ > > > > > Primary key fingerprint: C510 0765 943E EBED > > A4F2 69D3 > > > 16CC DC90 > > > > > B9CB 0F34 > > > > > _______________________________________________ > > > > > Users mailing list -- [email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] <mailto:[email protected]>> > > <mailto:[email protected] <mailto:[email protected]> > > > <mailto:[email protected] <mailto:[email protected]>>> > > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>>> > > > > > To unsubscribe send an email to > > [email protected] <mailto:[email protected]> > > > <mailto:[email protected] <mailto:[email protected]>> > > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>>> > > > > > <mailto:[email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] <mailto:[email protected]>> > > <mailto:[email protected] <mailto:[email protected]> > > > <mailto:[email protected] <mailto:[email protected] > >>>> > > > > > Privacy Statement: > > > https://www.ovirt.org/privacy-policy.html > > > > > oVirt Code of Conduct: > > > > > > > https://www.ovirt.org/community/about/community-guidelines/ > > > > > List Archives: > > > > > > > > > > > > > > > https://lists.ovirt.org/archives/list/[email protected]/message/6JTU3HB4WCI27WSLGEOSLMPYFU22EX5H/ > > > > > > > > > Hi, > > > > I don't think that the missing vdsm-hook-nestedvt is a > > > problem, in our > > > > environment we have one engine but multiple clusters > > and that > > > hook is > > > > only needed on one cluster to enable nested > > virtualization. > > > > > > > > See attachment for supervdsm.log. > > > > > > > > > > > > Thanks, network config flows looked fine. > > > > > > > > Maybe > > > > https://bugzilla.redhat.com/1794485 > > > > is the root for this issue? > > > > > > > > > > > > Regards > > > > -- > > > > gb > > > > > > > > PGP Key: http://pgp.mit.edu/ > > > > Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 > > 16CC DC90 > > > > B9CB 0F34 > > > > > > > > > > I removed the file > > > > > > > /usr/share/ovirt-host-deploy/plugins/ovirt-host-deploy/vdsmhooks/packages.d/vdsm-hook-nestedvt.centos > > > from the engine host ( the content of the file was > > "vdsm-hook-nestedvt" > > > ) and reinstalled another host and now the installation works > > correctly. > > > > > > > > > This is a great hint. Do you have an idea where this file comes > from? > > > > Yes, it was a change made by another member of our staff to automate > > the > > installation of that hook.. as far as I know this is the correct way > to > > add additional packages during the host installation, but I still > have > > no idea why the required package can not be found, even via yum > install > > as I wrote before. > > > > So now the real question is: why can't I install vdsm-hook-nestedvt > > via yum? > > > > And even if it's now clear that this is the reason why the > installation > > process fails I wasn't expecting such a big failure.. the hook itself > > it's not strictly necessary to have a working host.. I was expecting > a > > warning more than a fail.. > > > > But at least I'm glad I've found the cause of the failure > > > > > > > > So the problem is that during the host installation > > vdsm-hook-nestedvt > > > cannot be found/downloaded from the repos and this, somehow, > > breaks the > > > installation process, the certificate enrollment and so on.. > > > > > > As a matter of fact if I try: > > > > > > [root@cn127 ~]# yum install vdsm-hook-nestedvt > > > Loaded plugins: enabled_repos_upload, fastestmirror, > > imgbased-persist, > > > package_upload, product-id, > > > : search-disabled-repos, subscription-manager, > > > vdsmupgrade, versionlock > > > This system is not registered with an entitlement server. You > > can use > > > subscription-manager to register. > > > Loading mirror speeds from cached hostfile > > > * ovirt-4.3-epel: epel.mirror.far.fi > > <http://epel.mirror.far.fi> <http://epel.mirror.far.fi> > > > No package vdsm-hook-nestedvt available. > > > Error: Nothing to do > > > Uploading Enabled Repositories Report > > > Cannot upload enabled repos report, is this client registered? > > > > > > Thanks for the support. > > > > > > -- > > > gb > > > > > > PGP Key: http://pgp.mit.edu/ > > > Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC > DC90 > > > B9CB 0F34 > > > > > > > -- > > gb > > > > PGP Key: http://pgp.mit.edu/ > > Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 > > B9CB 0F34 > > > > > > > > -- > > > > Lev Veyde > > > > Senior Software Engineer, RHCE | RHCVA | MCITP > > > > Red Hat Israel > > > > <https://www.redhat.com> > > > > [email protected] <mailto:[email protected]> | [email protected] > > <mailto:[email protected]> > > > > <https://red.ht/sig> > > TRIED. TESTED. TRUSTED. <https://redhat.com/trusted> > > -- > gb > > PGP Key: http://pgp.mit.edu/ > Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34 > _______________________________________________ > Users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/[email protected]/message/G76UO5RH7VBDNAOUD7HL5LLEGJKTKEPW/ >
_______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/XD7HQGCVW437ME4GBXSFFTCBO3GCYZPH/
