Engine login fails after previously working.
by Jeremy Tourville
I recently completed setup for 389 DS and ovirt-engine-extension-aaa-ldap-setup. I was able to complete the script run without errors and could perform both login and search functions without issue. Initially after setup I was able to login.
After getting all this to work I had rebooted the 389 DS server. I tried to login as the super user I created earlier. I am getting the message "Unable to login. Verify your login information or contact the system administrator."
This issue only seemed to happen after the reboot, prior to that it had been working. Any thoughts on troubleshooting? Thanks in advance.
6 years
VM import using wrong/slower interface. help/question.
by Jacob Green
Currently I have a host that has multiple network connections. 1
bonded 20Gigabit connect and a couple of 1 gig Ethernet connections.
Then my export storage domain is on a storage device on a vlan we can
call vlan B.
Today I was exporting a VM from one environment to another, and after I
reattached the export domain and started importing I noticed an even
message for one of my hosts, it looked like the following.
"Host A has network interface which exceeded the defined threshhold
[95%] (eno3: transmit rate [8%], receive rate [98%])" So when I take a
look at that hosts interfaces in the OVIRTENGINE gui I can confirm that
it is exceeding 900Mbits on that interface.
The problem/question is this.
I have the migration network set as well as the ovirtmgmt network on the
20Gigabit interface. The only network profile attached to ENO 3 is
VLAN-B and only VM traffic on that profile. So why is it using that eno3
interface instead of the ovirtmgmt interface on the 20Gigabit interface
to import the VM?
So I do have at least one theory, the storage solution is also on VLAN B
the same VLAN that eno3 rides on, but I am of the understanding that
Ovirt should be instructing the host to use the migration network, which
in my case is also my ovirtmgmt network on the 20Gigabit interface. It
matters because my storage is also on a 20Gigabit bond and these imports
would be a lot faster if it was using the correct network to the host to
import the VM.
I hope my question is clear enough, I would provide screenshots but the
ovirt-users mailing lists scrubs those.
Basically can I instruct or force ovirt to import VMs over my 20Gigabit
interface instead of the slower 1Gig interface that is hooked up.
Thank you.
--
Jacob Green
Systems Admin
6 years
corrupted hosted engine
by Jarosław Prokopowski
Hi,
It looks like after host restart my hosted engine VM is not accessible any
more.
The storage is glusterfs. The gluster volume is healthy.
The VM status is:
{"reason": "failed liveliness check", "health": "bad", "vm": "up",
"detail": "Up"}
hosted-engine --console
The engine VM is running on this host
Connected to domain HostedEngine
Escape character is ^]
error: internal error: cannot find character device <null>
I tried to boot it from cdrom by changing vm.conf file and I'm not sure if
the syntax is correct:
1. I removed bootOrder:1 from the index:0 device
devices={index:0,iface:virtio,format:raw,address:{type:pci,slot:0x07,bus:0x00,domain:0x0000,function:0x0},volumeID:8d823e33-4260-4004-a468-cf477d7b1f5b,imageID:41342181-5c8f-4544-878b-44fdaa40dddc,readonly:false,domainID:beb954e7-61b7-4437-bd21-4b268e1a26e5,deviceId:41342181-5c8f-4544-878b-44fdaa40dddc,poolID:00000000-0000-0000-0000-000000000000,device:disk,shared:exclusive,propagateErrors:off,type:disk}
2. in index:2 device I addedd bootOrder:1 and path to the iso image:
devices={index:2,iface:ide,shared:false,readonly:true,bootOrder:1,deviceId:8c3179ac-b322-4f5c-9449-c52e3665e0ae,address:{controller:0,target:0,unit:0,bus:1,type:drive},device:cdrom,path:/opt/iso/CentOS-7-x86_64-DVD-1804.iso,type:disk}
The outcome is the same - no console connection.
Now I also get:
hosted-engine --vm-start
Command VM.getStats with args {'vmID':
'1e3aa9cf-8708-40a0-bc86-1127df01047a'} failed:
(code=1, message=Virtual machine does not exist: {'vmId':
u'1e3aa9cf-8708-40a0-bc86-1127df01047a'})
Unfortunately I do not have any backup. Is there a way to redeploy hosted
engine and import current configuration or any other way to fix it?
6 years
Metrics Store installation - ansible playbook "deploy_cluster" - docker_image_availability
by Markus Schaufler
Hi,
trying to install the metrics store following the updated install guide https://www.ovirt.org/documentation/metrics-install-guide/Setting_Up_Open...
Prerequisites and Network Check playbook run through; when executing
ANSIBLE_LOG_PATH=/tmp/ansible.log ansible-playbook -vvv -e @/root/vars.yaml -i /root/ansible-inventory-origin-39-aio playbooks/deploy_cluster.yml
#################################
CHECK [memory_availability : localhost] *******************************************************************************************************************************
fatal: [localhost]: FAILED! => {
"changed": false,
"checks": {
"disk_availability": {},
"docker_image_availability": {
"failed": true,
"failures": [
[
"OpenShiftCheckException",
"One or more required container images are not available:\n cockpit/kubernetes:latest,\n openshift/origin-deployer:v3.9.0,\n openshift/origin-docker-registry:v3.9.0,\n openshift/origin-haproxy-router:v3.9.0,\n openshift/origin-pod:v3.9.0\nChecked with: skopeo inspect [--tls-verify=false] [--creds=<user>:<pass>] docker://<registry>/<image>\nDefault registries searched: docker.io\nFailed connecting to: docker.io\n"
]
],
"msg": "One or more required container images are not available:\n cockpit/kubernetes:latest,\n openshift/origin-deployer:v3.9.0,\n openshift/origin-docker-registry:v3.9.0,\n openshift/origin-haproxy-router:v3.9.0,\n openshift/origin-pod:v3.9.0\nChecked with: skopeo inspect [--tls-verify=false] [--creds=<user>:<pass>] docker://<registry>/<image>\nDefault registries searched: docker.io\nFailed connecting to: docker.io\n"
},
"docker_storage": {},
"memory_availability": {},
"package_availability": {
"changed": false,
"invocation": {
"module_args": {
"packages": [
"PyYAML",
"bash-completion",
"bind",
"ceph-common",
"cockpit-bridge",
"cockpit-docker",
"cockpit-system",
"cockpit-ws",
"dnsmasq",
"docker",
"etcd",
"firewalld",
"flannel",
"glusterfs-fuse",
"httpd-tools",
"iptables",
"iptables-services",
"iscsi-initiator-utils",
"libselinux-python",
"nfs-utils",
"ntp",
"openssl",
"origin",
"origin-clients",
"origin-master",
"origin-node",
"origin-sdn-ovs",
"pyparted",
"python-httplib2",
"yum-utils"
]
}
}
},
"package_version": {
"changed": false,
"invocation": {
"module_args": {
"package_list": [
{
"check_multi": false,
"name": "openvswitch",
"version": [
"2.6",
"2.7",
"2.8",
"2.9"
]
},
{
"check_multi": false,
"name": "origin",
"version": "3.9"
},
{
"check_multi": false,
"name": "origin-master",
"version": "3.9"
},
{
"check_multi": false,
"name": "origin-node",
"version": "3.9"
}
],
"package_mgr": "yum"
}
}
}
},
"msg": "One or more checks failed",
"playbook_context": "install"
}
NO MORE HOSTS LEFT ****************************************************************************************************************************************************
to retry, use: --limit @/usr/share/ansible/openshift-ansible/playbooks/deploy_cluster.retry
PLAY RECAP ************************************************************************************************************************************************************
localhost : ok=53 changed=0 unreachable=0 failed=1
INSTALLER STATUS ******************************************************************************************************************************************************
Initialization : Complete (0:00:16)
Health Check : In Progress (0:00:44)
This phase can be restarted by running: playbooks/openshift-checks/pre-install.yml
Failure summary:
1. Hosts: localhost
Play: OpenShift Health Checks
Task: Run health checks (install) - EL
Message: One or more checks failed
Details: check "docker_image_availability":
One or more required container images are not available:
cockpit/kubernetes:latest,
openshift/origin-deployer:v3.9.0,
openshift/origin-docker-registry:v3.9.0,
openshift/origin-haproxy-router:v3.9.0,
openshift/origin-pod:v3.9.0
Checked with: skopeo inspect [--tls-verify=false] [--creds=<user>:<pass>] docker://<registry>/<image>
Default registries searched: docker.io
Failed connecting to: docker.io
The execution of "playbooks/deploy_cluster.yml" includes checks designed to fail early if the requirements of the playbook are not met. One or more of these checks failed. To disregard these results,explicitly disable checks by setting an Ansible variable:
openshift_disable_check=docker_image_availability
Failing check names are shown in the failure details above. Some checks may be configurable by variables if your requirements are different from the defaults; consult check documentation.
Variables can be set in the inventory or passed on the command line using the -e flag to ansible-playbook.
############################################
I'm using a proxy server - might that cause this problem? If so - where in the different (sub)playbooks would I have to set the environment variable?
Thanks for any hint on this!
6 years
How to force a QoS IO limit update to all disks
by Florian Schmid
Hi,
oVirt version: 4.2.5.1
I have a strange problem with IO limiting.
I have a storage domain for our dev environment and I have set the default Disk Profile to a QoS rule with IO limit enabled.
This rule is working so far, but when I change the QoS rule of this default Disk Profile to a different IO limit, all the disks have still the old limit active.
Only when I edit the disk and click OK without changing anything, I see also in Events, that the new IO limit is set.
This behavior would cause me a lot of work, because we have several 100s of disks and I can't edit all, only to have new QoS active.
Is there another way to do this bulk change of disk IO limit?
What data do you need to have a look on?
EDIT:
I saw now, that the QoS policy is automated updated on some VMs and there only on some disks, but not on all. Is there a rate limit active or so?
BR Florian Schmid
6 years
nested item with ovirt_vm_facts ansible module
by Nathanaël Blanchet
I try to get a list for all vms :
"vm_name : description : id "
A simple loop works:
- debug:
msg: "{{ ovirt_vms | map(attribute='snapshots') | list }}"
register: snapshotid2
tags: snapshots2
- debug:
msg: "{{ ovirt_vms | map(attribute='name') | list }}"
register: name2
tags: snapshots2
- set_fact:
toto: "{{ name2.msg[item] }} : {{
snapshotid2.msg[0][0].description }} : {{ snapshotid2.msg[0][0].id }} "
with_item:
- 0
- 1
register: all_snapshots2
tags: snapshots2
- debug:
var: all_snapshots2
tags: snapshots2
Now I want insert a second loop with "with_nested" like so:
- set_fact:
toto: "{{ name2.msg[item.1] }} : {{
snapshotid2.msg[0].item.0.description }} : {{
snapshotid2.msg[0].item.0.id }} "
with_nested:
- [ '0', '1']
- [ '1', '0']
but I always have this error: "The error was: 'list object' has no
attribute u'0'"
How can I do such a thing?
--
Nathanaël Blanchet
Supervision réseau
Pôle Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
blanchet(a)abes.fr
6 years
Ovirt and Foreman integration failure to provision
by 0pk0de@riseup.net
Hello,
I am trying to integrate ovirt and foreman, foreman is able to create VMs but fails to provision them correctly (image/template based). The IP address does not get set to the correct one, cloud-init doesnt run either since the password is not correct after booting.
My questions are the following:
1. how does the normal provisioning setup looks like (using image/template)? I assumed it would just provision it depending on my puppet classes after booting, is this incorrect?
2. What does foreman *need* from ovirt? does it need a template that for example already has puppet installed? I assumed this was not the case...
3. How is it possible to initially "seed" the vm with the puppet master details when not using cloud-init (which seems optional), what magic can make this happen behind the scenes? is it something like libguestfs? Can I just use a cloud glance image like "centos 7 generic cloud v1805" and import that as a template and then create a host on foreman using this template? and then it should provision it?
6 years
Ovirt-engine Domain integration to SAMBA4.7 AD domain controller
by aru_barani@yahoo.com
1.I have one samba4 AD domain controller[samba4dc.eipl.com]
2. I get PEM.code from default smb file from domain controller
3. when i try the following command to check user "ovirt-engine-extensions-tool aaa login-user --profile=eipl.com --user-name=administrator"
it show me the following error "SEVERE Cannot resolve principal 'administrator(a)eipl.com'" so please give me any idea about this
6 years
Single Node oVirt and Gluster Hyperconverged
by Jeremy Tourville
I have a question about this specific prerequisite-
* You must have at least 2 interfaces on the host, so that the frontend and backend traffic can be separated out. Having only one network will cause the engine monitoring, client traffic, gluster I/O traffic to all run together and interfere each other. To segregate the backend network, the gluster cluster is formed using the backend network addresses, and the nodes are added to the engine using the frontend network address.
>>>You must have at least 2 interfaces on the host, so that the frontend and backend traffic can be separated out.>>>This part is very clear to me. You need at least 2 NICs.
>>>Having only one network will cause the engine monitoring, client traffic, gluster I/O traffic to all run together and interfere each other. To segregate the backend network, the gluster cluster is formed using the backend network addresses, and the nodes are added to the engine using the frontend network address.>>> Ok, so you definitely need two IPs. What is not clear to me is, do you need to have the IPs in different subnets or can they be in the same subnet?
For reference, I was able to set this up with two IPs in the same subnet and it does seem to work. However, I have noted some slowness issues while connecting storage domains during startup and frequently get messages about needing to restart the HA agent. Usually it seems after I try to restart services I can get the system to recognize the engine storage domain and start the engine. I wonder if my problem is the fact that both my front and backend IPs are in the same subnet? Thanks for your advice.
6 years
Re: ovirt-engine-extension-aaa-ldap-setup failed
by Jeremy Tourville
The backend is 389 DS, no this is not Govt related. This will be used as a training platform for my local ISSA chapter. This is a new 389 DS server. I followed the instructions at https://www.unixmen.com/install-and-configure-ldap-server-in-centos-7/
The server is "stock" with the exceptions of the settings for startTLS and adding certificates, etc (basically, whatever is needed to integrate with the Ovirt Engine.)
I am using my Admin account to perform the bind. What I don't understand is why everything else in the aaa setup script works except the login sequence. It would seem like my certificates are correct, correct use of the admin DN, etc. The funny part is I can login to the server using the admin account and password yet the same admin account and password fail when using the aaa setup script. But, that is why I am using the expert knowledge on the list! Maybe I have overlooked a simple prerequisite setting needed for setup somewhere?
I'll wait for someone to chime in on possible reasons to get this message:
SEVERE Authn.Result code is: CREDENTIALS_INVALID
[ ERROR ] Login sequence failed
______________________________________________
Users mailing list -- users(a)ovirt.org<mailto:users@ovirt.org>
To unsubscribe send an email to users-leave(a)ovirt.org<mailto:users-leave@ovirt.org>
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/TGT7ASCWSUT...
6 years
