[Users] General challenges w/ Ovirt 3.1

Sat Sep 29 12:21:37 UTC 2012

Hi,

On 09/29/2012 01:37 PM, Hans Lellelid wrote:
> I apologize in advance that this email is less about a specific
> problem and more a general inquiry as to the most recommended /
> likely-to-be-successful way path.

Having just gone through the process, I hope I can help a little! You 
might want to check (and add to) the Troubleshooting page where I 
documented the various hiccups I had, and how I addressed them:

http://wiki.ovirt.org/wiki/Troubleshooting

There's also "Node Troubleshooting" and "Troubleshooting NFS Storage 
Issues" which might help you: 
http://wiki.ovirt.org/wiki/Node_Troubleshooting and 
http://wiki.ovirt.org/wiki/Troubleshooting_NFS_Storage_Issues

Also Jason Brooks's "Up and running with oVirt 3.1" article is useful I 
think: 
http://blog.jebpages.com/archives/up-and-running-with-ovirt-3-1-edition/

> 2nd attempt: I re-installed the nodes as Fedora 17 boxes and
> downgraded the kernels to 3.4.6-2.  Then I connected these from the
> Engine (specifying the root pw) and watched the logs while things
> installed.  After reboot neither of the servers were reachable.
> Sitting in front of the console, I realized that networking was
> refusing to start; several errors printed to the console looked like:

When you say that they are not reachable, what do you mean? By default, 
installing F17 as a node sets the iptables settings to:

# oVirt default firewall configuration. Automatically generated by vdsm 
bootstrap script.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
# vdsm
-A INPUT -p tcp --dport 54321 -j ACCEPT
# libvirt tls
-A INPUT -p tcp --dport 16514 -j ACCEPT
# SSH
-A INPUT -p tcp --dport 22 -j ACCEPT
# guest consoles
-A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT
# migration
-A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT
# snmp
-A INPUT -p udp --dport 161 -j ACCEPT
# Reject any other input traffic
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT
--reject-with icmp-host-prohibited
COMMIT

So if you're trying to ping the nodes, you should see nothing, but ssh, 
snmp and vdsm should be available. If you have a local console access to 
the nodes, you should check the IPTables config.

I don't understand why you would lose your network connection entirely, 
though. I don't think that the network config for the nodes is changed 
by the installer.

> 3rd attempt: I re-installed the nodes with Fedora 17 and attempted to
> install VDSM manually by RPM.  Despite following the instructions to
> turn off ssl (ssl=false in /etc/vdsm/vdsm.conf), I am seeing SSL
> "unknown cert" errors from the python socket server with every attempt
> of the engine to talk to the node.

Hopefully the "Node Troubleshooting" page (or somebody else) can help 
you here, I'm afraid I can't.

> The
> Fedora-17-installed-by-engine sounds good, but there's a lot of magic
> there & it obviously completely broke my systems.  Is that where I
> should focus my efforts?  Should I ditch NFS storage and just try to
> get something working with local-only storage on the nodes?  (Shared
> storage would be a primary motivation for moving to ovirt, though.)

I would focus on this approach, and would continue to aim to use NFS 
storage. It works fine as long as you are on the 3?4?x kernels.

> I am very excited for this to work for me someday.  I think it has
> been frustrating to have such sparse (or outdated?) documentation and
> such fundamental problems/bugs/configuration challenges.  I'm using
> pretty standard (Dell) commodity servers (SATA drives, simple RAID
> setups, etc.).

The "Quick Setup Guide" was useful to me, as long as everything went 
well: http://wiki.ovirt.org/wiki/Quick_Start_Guide

Hope some of that is helpful!

Cheers,
Dave.

-- 
Dave Neary
Community Action and Impact
Open Source and Standards, Red Hat
Ph: +33 9 50 71 55 62 / Cell: +33 6 77 01 92 13