On 8/7/20 9:50 AM, Jiří Sléžka wrote:
> On 8/5/20 2:07 PM, Jiří Sléžka wrote:
>> On 8/3/20 11:12 AM, Jiří Sléžka wrote:
>>> Hello,
>>>
>>> I have 4 host cluster managed with standalone engine in version 4.3 and
>>> I would like to migrate this standalone engine to 4.4 as hosted engine.
>>>
>>> I have two new hosts which I would like to use as base for new HE
>>> cluster. (new hosts are Intel based, old ones are AMD Opteron based -
>>> new cluster will have 4.4 compatibility, old one have to stay at 4.2
>>> compatibility level).
>>>
>>> I red this
>>>
>>> https://www.ovirt.org/documentation/migrating_from_a_standalone_manager_to_a_self-hosted_engine/
>>>
>>> but the question is: Can I migrate and upgrade in one step? Have anybody
>>> did that already? If it is not possible what is a suggested approach?
>>
>> I just tried it. It looks like it could work at least until installation
>> process want to login into engine. It looks like it does not use valid
>> login name nor password.
>>
>> [ INFO  ] TASK [ovirt.hosted_engine_setup : Expose engine VM webui over
>> a local port via ssh port forwarding]
>> [ INFO  ] changed: [localhost]
>> [ INFO  ] TASK [ovirt.hosted_engine_setup : Evaluate temporary bootstrap
>> engine URL]
>> [ INFO  ] ok: [localhost]
>> [ INFO  ] The bootstrap engine is temporary accessible over
>> https://ovirt05.net.slu.cz:6900/ovirt-engine/
>> [ INFO  ] TASK [ovirt.hosted_engine_setup : Detect VLAN ID]
>> [ INFO  ] changed: [localhost]
>> [ INFO  ] TASK [ovirt.hosted_engine_setup : Set Engine public key as
>> authorized key without validating the TLS/SSL certificates]
>> [ INFO  ] changed: [localhost]
>> [ INFO  ] TASK [ovirt.hosted_engine_setup : include_tasks]
>> [ INFO  ] ok: [localhost]
>> [ INFO  ] TASK [ovirt.hosted_engine_setup : Obtain SSO token using
>> username/password credentials]
>> [ INFO  ] ok: [localhost]
>> [ INFO  ] TASK [ovirt.hosted_engine_setup : Ensure that the target
>> datacenter is present]
>> [ ERROR ] ovirtsdk4.AuthError: Error during SSO authentication
>> access_denied : Cannot authenticate user 'None@N/A': No valid profile
>> found in credentials..
>> [ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg":
>> "Error during SSO authentication access_denied : Cannot authenticate
>> user 'None@N/A': No valid profile found in credentials.."}
>>
>> I tried to login to https://ovirt05.net.slu.cz:6900/ovirt-engine/ and it
>> probably accept username admin@internal and new password entered during
>> hosted engine deploy but then it display error "The provided
>> authorization grant for the auth code has expired."
>>
>> Maybe it is related to this bug (and custom 3rd party Apache certificate)
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=1715767
>>
>> in my case it looks like on engine vm in file
>>
>> /etc/pki/ovirt-engine/apache-ca.pem
>>
>> is original certificate from backup which is for ovirt.slu.cz fqdn. For
>> new hosted engine I use new fqdn ovirt.net.slu.cz. Should I change
>> ovirt.slu.cz record to point to new ip address (it have to be one from
>> ovirtmgmt subnet) and then try restore? Documentation is not much clear
>> in this particular subject.
> 
> well, I will answer myself
> 
> * setting fqdn is not probably important at this time, self hosted
> engine is prepared with modified /etc/hosts
> 
> * main problem was that I am using 3rd party certificate for long time
> so I didn't mention this documentation section
> 
> https://ovirt.org/documentation/administration_guide/#Replacing_the_Manager_CA_Certificate
> 
> especially section 14 which describe how to configure engine-backup to
> backup also custom CA certificate. But this part is badly formatted as
> described in
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1859505
> 
> relevant BZ is also https://bugzilla.redhat.com/show_bug.cgi?id=1841203
> which point me to the right direction

just for record.

I had to change dns record for fqdn during deploy process - after HE vm
was copied to shared storage (FC in my case) and before or during "
Check engine VM health"

...
[ INFO  ] TASK [ovirt.hosted_engine_setup : Start ovirt-ha-agent service
on the host]
[ INFO  ] changed: [localhost]
[ INFO  ] TASK [ovirt.hosted_engine_setup : Exit HE maintenance mode]
[ INFO  ] changed: [localhost]
[ INFO  ] TASK [ovirt.hosted_engine_setup : Check engine VM health]
[ INFO  ] changed: [localhost]
[ INFO  ] TASK [ovirt.hosted_engine_setup : Get target engine VM address]
[ INFO  ] changed: [localhost]
[ INFO  ] TASK [ovirt.hosted_engine_setup : Reconfigure OVN central address]
[ INFO  ] changed: [localhost]
[ INFO  ] TASK [ovirt.hosted_engine_setup : include_tasks]
[ INFO  ] ok: [localhost]
[ INFO  ] TASK [ovirt.hosted_engine_setup : Obtain SSO token using
username/password credentials]
[ INFO  ] ok: [localhost]
[ INFO  ] TASK [ovirt.hosted_engine_setup : Check for the local
bootstrap VM]
...

now I am able to login with admin@local credentials and see original vms
and hosts running and accessible.

There are some glitches (like our ldap aaa configuration throws
server_error: The connection reader was unable to successfully complete
TLS negotiation: SSLHandshakeException(The server selected protocol
version TLS10 is not accepted by client preferences [TLS12]),
ldapSDKVersion=4.0.14,
revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb) which I believe are
solvable

so migrating from ovirt4.3 standalone to ovirt4.4 selfhosted in one step
is possible and functional

It would be nice feature have possibility to wipe and reuse old HE
storage during hosted-engine --deploy process.

Cheers,

Jiri

> 
> Cheers,
> 
> Jiri
> 
> 
> 
>>
>> Cheers,
>>
>> Jiri
>>
>>>
>>> Thanks for help
>>>
>>> Jiri
>>>
>>>
>>> _______________________________________________
>>> Users mailing list -- users@ovirt.org
>>> To unsubscribe send an email to users-le...@ovirt.org
>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>>> oVirt Code of Conduct: 
>>> https://www.ovirt.org/community/about/community-guidelines/
>>> List Archives: 
>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/YH4J7GG7WLOLUFIADZPL6JOPDETJ23CZ/
>>>
>>
>>
>>
>> _______________________________________________
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct: 
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives: 
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/SWKF5CF3UHVRDE2NA2R3EW3S6642S2HA/
>>
> 
> 
> 
> _______________________________________________
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/VS5HXYKSAQFBFEIYGAV72M4YXL3AAJ65/
> 


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UHD4GZPB4DOQGN3IYKXJPCCKALDYU4BP/

Reply via email to