[ovirt-users] Ovirt 4.0 and EL 7.4
Jorick Astrego
jorick at netbulae.eu
Tue Oct 10 17:41:25 UTC 2017
Hi,
I've redeployed a node with 7.3 to fix this issue but got the same
errors with ovirt 4.0.
MainThread::DEBUG::2017-10-10
18:30:30,945::upgrade::90::upgrade::(apply_upgrade) Running upgrade
upgrade-unified-persistence
MainThread::DEBUG::2017-10-10
18:30:30,951::libvirtconnection::160::root::(get) trying to connect
libvirt
MainThread::ERROR::2017-10-10
18:30:41,125::upgrade::94::upgrade::(apply_upgrade) Failed to run
upgrade-unified-persistence
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/vdsm/tool/upgrade.py",
line 92, in apply_upgrade
upgrade.run(ns, args)
File
"/usr/lib/python2.7/site-packages/vdsm/tool/unified_persistence.py",
line 195, in run
run()
File
"/usr/lib/python2.7/site-packages/vdsm/tool/unified_persistence.py",
line 46, in run
networks, bondings = _getNetInfo()
File
"/usr/lib/python2.7/site-packages/vdsm/tool/unified_persistence.py",
line 132, in _getNetInfo
netinfo = NetInfo(netswitch.netinfo())
File
"/usr/lib/python2.7/site-packages/vdsm/network/netswitch.py", line
298, in netinfo
_netinfo = netinfo_get(compatibility=compatibility)
File
"/usr/lib/python2.7/site-packages/vdsm/network/netinfo/cache.py",
line 109, in get
return _get(vdsmnets)
File
"/usr/lib/python2.7/site-packages/vdsm/network/netinfo/cache.py",
line 70, in _get
libvirt_nets = libvirt.networks()
File "/usr/lib/python2.7/site-packages/vdsm/network/libvirt.py",
line 113, in networks
conn = libvirtconnection.get()
File
"/usr/lib/python2.7/site-packages/vdsm/libvirtconnection.py", line
163, in get
password)
File
"/usr/lib/python2.7/site-packages/vdsm/libvirtconnection.py", line
99, in open_connection
return utils.retry(libvirtOpen, timeout=10, sleep=0.2)
File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 547,
in retry
return func()
File "/usr/lib64/python2.7/site-packages/libvirt.py", line 105,
in openAuth
if ret is None:raise libvirtError('virConnectOpenAuth() failed')
libvirtError: authentication failed: authentication failed
Oct 10 19:35:55 host1 sasldblistusers2: _sasldb_getkeyhandle has failed
Oct 10 19:36:20 host1 libvirtd: 2017-10-10 17:36:20.002+0000: 13660:
error : virNetSASLSessionListMechanisms:390 : internal error: cannot
list SASL mechanisms -4 (SASL(-4): no mechanism available: Internal
Error -4 in server.c near line 1757)
Oct 10 19:36:20 host1 libvirtd: 2017-10-10 17:36:20.002+0000: 13660:
error : remoteDispatchAuthSaslInit:3411 : authentication failed:
authentication failed
Oct 10 19:36:20 host1 libvirtd: 2017-10-10 17:36:20.002+0000: 13650:
error : virNetSocketReadWire:1808 : End of file while reading data:
Input/output error
Oct 10 19:36:20 host1 vdsm-tool: libvirt: XML-RPC error :
authentication failed: authentication failed
Oct 10 19:36:20 host1 systemd: vdsm-network.service: control process
exited, code=exited status=1
Oct 10 19:36:20 host1 systemd: Failed to start Virtual Desktop
Server Manager network restoration.
Oct 10 19:36:20 host1 systemd: Dependency failed for Virtual Desktop
Server Manager.
Oct 10 19:36:20 host1 systemd: Dependency failed for MOM instance
configured for VDSM purposes.
Oct 10 19:36:20 host1 systemd: Job mom-vdsm.service/start failed
with result 'dependency'.
Oct 10 19:36:20 host1 systemd: Job vdsmd.service/start failed with
result 'dependency'.
Oct 10 19:36:20 host1 systemd: Unit vdsm-network.service entered
failed state.
Oct 10 19:36:20 host1 systemd: vdsm-network.service failed.
cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
cat /etc/libvirt/passwd.db
cat: /etc/libvirt/passwd.db: No such file or directory
vdsm-4.18.21-1.el7.centos.x86_64
vdsm-api-4.18.21-1.el7.centos.noarch
vdsm-xmlrpc-4.18.21-1.el7.centos.noarch
vdsm-hook-vmfex-dev-4.18.21-1.el7.centos.noarch
vdsm-cli-4.18.21-1.el7.centos.noarch
vdsm-python-4.18.21-1.el7.centos.noarch
vdsm-yajsonrpc-4.18.21-1.el7.centos.noarch
vdsm-infra-4.18.21-1.el7.centos.noarch
vdsm-jsonrpc-4.18.21-1.el7.centos.noarch
libvirt-daemon-driver-storage-scsi-3.2.0-1.el7.x86_64
libvirt-daemon-driver-storage-rbd-3.2.0-1.el7.x86_64
libvirt-daemon-driver-nodedev-3.2.0-1.el7.x86_64
libvirt-client-3.2.0-1.el7.x86_64
libvirt-python-2.0.0-2.el7.x86_64
libvirt-daemon-driver-network-3.2.0-1.el7.x86_64
libvirt-daemon-driver-storage-mpath-3.2.0-1.el7.x86_64
libvirt-daemon-driver-storage-iscsi-3.2.0-1.el7.x86_64
libvirt-daemon-driver-storage-logical-3.2.0-1.el7.x86_64
libvirt-daemon-driver-storage-3.2.0-1.el7.x86_64
libvirt-daemon-driver-secret-3.2.0-1.el7.x86_64
libvirt-daemon-driver-interface-3.2.0-1.el7.x86_64
libvirt-daemon-kvm-3.2.0-1.el7.x86_64
libvirt-libs-3.2.0-1.el7.x86_64
libvirt-daemon-driver-storage-core-3.2.0-1.el7.x86_64
libvirt-daemon-driver-qemu-3.2.0-1.el7.x86_64
libvirt-daemon-config-nwfilter-3.2.0-1.el7.x86_64
libvirt-daemon-driver-storage-disk-3.2.0-1.el7.x86_64
libvirt-daemon-driver-storage-gluster-3.2.0-1.el7.x86_64
libvirt-lock-sanlock-3.2.0-1.el7.x86_64
libvirt-daemon-3.2.0-1.el7.x86_64
libvirt-daemon-driver-nwfilter-3.2.0-1.el7.x86_64
ovirt-imageio-common-0.4.0-1.el7.noarch
ovirt-release40-4.0.6-2.el7.centos.noarch
ovirt-vmconsole-1.0.4-1.el7.centos.noarch
ovirt-imageio-daemon-0.4.0-1.el7.noarch
ovirt-vmconsole-host-1.0.4-1.el7.centos.noarch
Also tried with "mech_list: digest-md5"
cat /etc/sasl2/libvirt.conf |grep mech_list
#mech_list: gssapi
mech_list: digest-md5
#mech_list: scram-sha-1
#mech_list: scram-sha-1 gssapi
On 10/05/2017 01:26 PM, Pavel Gashev wrote:
> Full /etc/sasl2/libvirt.conf:
> mech_list: digest-md5
> sasldb_path: /etc/libvirt/passwd.db
>
> Also note that VDSM has to be patched to work on 7.4 with no issues. oVirt 3.6 and 4.1 have required fixes, but oVirt 4.0 doesn’t.
>
> On 04/10/2017, 18:44, "users-bounces at ovirt.org on behalf of Alan Griffiths" <users-bounces at ovirt.org on behalf of apgriffiths79 at gmail.com> wrote:
>
> That didn't seem to make any difference.
>
> I can make it work by disabling authentication
>
> auth_unix_rw="none" in /etc/libvirt/libvirtd.conf
>
> On 4 October 2017 at 15:05, VONDRA Alain <AVONDRA at unicef.fr> wrote:
> > Hi,
> > Did you modify your /etc/sasl2/libvirt.conf, because the update has modify the way to authenticate from md5 to gssapi.
> >
> > If not just change this line :
> > mech_list: gssapi
> > to
> > mech_list: digest-md5
> >
> > And restart services
> >
> > As mentioned in the libvirt.conf file :
> >
> > # NB, previously DIGEST-MD5 was set as the default mechanism for
> > # libvirt. Per RFC 6331 this is vulnerable to many serious security
> > # flaws and should no longer be used. Thus GSSAPI is now the default.
> > #
> > # To use GSSAPI requires that a libvirtd service principal is
> > # added to the Kerberos server for each host running libvirtd.
> > # This principal needs to be exported to the keytab file listed below
> >
> > Alain
> >
> >
> >
> > Alain VONDRA
> >
> > Chargé d'Exploitation et de Sécurité des Systèmes d'Information
> > Direction Administrative et Financière
> > +33 1 44 39 77 76
> >
> > UNICEF France
> > 3 rue Duguay Trouin 75006
> > PARIS
> > www.unicef.fr
> > -----Message d'origine-----
> > De : users-bounces at ovirt.org [mailto:users-bounces at ovirt.org] De la part de Alan Griffiths
> > Envoyé : mercredi 4 octobre 2017 15:50
> > À : Ovirt Users <users at ovirt.org>
> > Objet : [ovirt-users] Ovirt 4.0 and EL 7.4
> >
> > Hi,
> >
> > Is 4.0 supported/known to work on CentOS 7.4?
> >
> > I've just tried to upgrade one of the hosts in my lab from 7.3 to 7.4 and now vdsm-network fails to start with
> >
> > vdsm-tool: libvirt: XML-RPC error : authentication failed: authentication failed
> >
> > To even get this far I had to exclude gluster packages as 7.4 introduces 3.8 but ovirt 4.0 repo is still on 3.7.
> >
> > So, more generally. If I'm on ovirt 4.0, gluster 3.7 and EL 7.3. What is the best ordering for getting to ovirt 4.1 and EL 7.4?
> >
> > Thanks,
> >
> > Alan
> > _______________________________________________
> > Users mailing list
> > Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
Met vriendelijke groet, With kind regards,
Jorick Astrego
Netbulae Virtualization Experts
----------------
Tel: 053 20 30 270 info at netbulae.eu Staalsteden 4-3A KvK 08198180
Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
----------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20171010/e3c6dd20/attachment.html>
More information about the Users
mailing list