June 2018 - Users - oVirt List Archives

Non-responsive vm's due to crashed host and hosted vm liveliness check fails
by clam2718＠gmail.com 15 Jun '18

15 Jun '18

Dear Community: The local drive on a host running ovirt-node-ng-4.1.9 in a three node cluster failed. I have production JIRA and Postres running on it at the time, not in HA, just simple vm's. Storage is via NFS on a Synology NAS. Hosted Engine was on a different host, but JIRA and Postgres vm's showed nonresponsive. I tried different things but then stupidly thought that upgrading my Hosted Engine would reinitialize the vm's that were on the failed host. Update of HE seemed to go well (output below) but now my Hosted Engine, while up, fails the liveliness check and the web management console is unavailable. I cannot console into the HE from the host it is running on. Below are the results of my attempts to console into the Hosted Engine. Please help! I have search forums, lists and Google but have not been able to fix this. My coworkers and manager are anxious. --- When I try "hosted-engine --console" after setting the console password I get The engine VM is running on this host Connected to domain HostedEngine Escape character is ^] _ The prompt is non-responsive except for the escape character key combo. --- "virsh -r list" gives ID 3, Name: HostedEngine, State: running "virsh -r console HostedEngine" gives Connected to domain HostedEngine Escape character is ^] error: operation forbidden: read only access prevents virDomainOpenConsole "virsh -r vncdisplay HostedEngine" gives "0:0" and returns me to prompt --- I am SSHed into the host running my Hosted Engine from a CentOS7 minimal install with packages xorg-x11-server-Xorg, xorg-x11-xauth and xorg-x11-apps installed. The result of "grep -i X11Forwarding /etc/ssh/sshd_config" shows it set to "Yes". I SSH into the host using "ssh -Y root(a)xxx.xxx.xxx.xxx" I am logged into the CentOS7 minimal install as root. I know root is poor practice but was trying to minimize anything that could be causing an issue. --- Below are the results of my attempt to update Hosted Engine (slightly redacted to remove personal info): --== CONFIGURATION PREVIEW ==-- Default SAN wipe after delete : False Firewall manager : firewalld Update Firewall : True Host FQDN : ovengineint.xdomainx.tld Upgrade packages : True Engine database secured connection : False Engine database user name : engine Engine database name : engine Engine database host : localhost Engine database port : 5432 Engine database host name validation : False Engine installation : True PKI organization : xdomainx.tld Set up ovirt-provider-ovn : True Configure WebSocket Proxy : True DWH installation : True DWH database secured connection : False DWH database host : localhost DWH database user name : ovirt_engine_history DWH database name : ovirt_engine_history DWH database port : 5432 DWH database host name validation : False Configure Image I/O Proxy : True Configure VMConsole Proxy : True --== SUMMARY ==-- [ INFO ] Restarting httpd Web access is enabled at: http://ovengineint.xdomainx.tld:80/ovirt-engine https://ovengineint.xdomainx.tld:443/ovirt-engine Internal CA XX:XX:XX:XX... SSH fingerprint: SHA256:xxxxxxxxxx... --== END OF SUMMARY ==-- [ INFO ] Stage: Clean up Log file is located at /var/log/ovirt-engine/setup/ovirt-engine-setup-20180502165652-88pkpi.log [ INFO ] Generating answer file '/var/lib/ovirt-engine/setup/answers/20180502170149-setup.conf' [ INFO ] Stage: Pre-termination [ INFO ] Stage: Termination [ INFO ] Execution of setup completed successfully Again, thank you so very much for any suggestions! I have found many answers on this mailing list archive to be of great insight and help. Respectfully, Charles

3 11

User agent for Ovirt 4.2
by Jim Kusznir 15 Jun '18

15 Jun '18

Hi: I haven't managed to find the new / current repo/source for the ovirt guest agent for the 4.2 upgrade. All my VMs now say that they need the agent. Googles keep referring me to old / broke / non-existent repos. Where do I find the 4.2 agent (or does the 4.2 agent even exist?) Thanks! --Jim

4 5

Error UI in engine
by Spickiy Nikita 15 Jun '18

15 Jun '18

Hi, i use engine 4.2.3.8-1.el7 version. When i try opening setting Storage > Volumes > MyVolume i get error at the top of the screen. In log UI https://paste.fedoraproject.org/paste/---B4tGrLbAVYpl1TvR0sg/raw. How to fix it?

2 1

[ANN] oVirt 4.2.4 Fourth Release Candidate is now available
by Sandro Bonazzola 15 Jun '18

15 Jun '18

The oVirt Project is pleased to announce the availability of the oVirt 4.2.4 Fourth Release Candidate, as of June 14th, 2018. This update is a release candidate of the fourth in a series of stabilization updates to the 4.2 series. This is pre-release software. This pre-release should not to be used in production. This release is available now for: * Red Hat Enterprise Linux 7.5 or later * CentOS Linux (or similar) 7.5 or later This release supports Hypervisor Hosts running: * Red Hat Enterprise Linux 7.5 or later * CentOS Linux (or similar) 7.5 or later See the release notes [1] for installation / upgrade instructions and a list of new features and bugs fixed. Notes: - oVirt Appliance is available - oVirt Node is available [2] Additional Resources: * Read more about the oVirt 4.2.4 release highlights: http://www.ovirt.org/release/4.2.4/ * Get more oVirt Project updates on Twitter: https://twitter.com/ovirt * Check out the latest project news on the oVirt blog: http://www.ovirt.org/blog/ [1] http://www.ovirt.org/release/4.2.4/ [2] http://resources.ovirt.org/pub/ovirt-4.2-pre/iso/ -- SANDRO BONAZZOLA ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV Red Hat EMEA <https://www.redhat.com/> sbonazzo(a)redhat.com <https://red.ht/sig>

1 0

Re: OVA export/import
by RabidCicada 15 Jun '18

15 Jun '18

Third attempt to send to list also > Yaniv, > Most of this is obe...but I'll answer the questions. It's been resolved > as in my other email to this chain. > > > On Thu, Jun 14, 2018, 4:56 PM Yaniv Kaul <ykaul(a)redhat.com> wrote: > >> >> >> On Wed, Jun 13, 2018, 4:05 PM RabidCicada <rabidcicada(a)gmail.com> wrote: >> >>> All, >>> I recently tried to used the OVA export/import functionality. It >>> seems I misunderstood the intentions. I expected OVA export/import to >>> be reciprocal functionalities. I expected what we export as OVA to be >>> importable as OVA in ovirt. >>> >>> What I have found is the following: >>> >>> * It seems OVA export does export an OVA, though the format is not >>> spec compliant >>> >> >> Which spec? >> > I believe every version of the dmtd ovf specification. > >> >> * We use 'disk/' in the HostResource xml field instead of '/disk/' >>> for example in the ovf. >>> >> >> Who's 'we'? >> > Ovirt software/group. I was including myself in a friendly manner soas to > not sound accusatory. I know it's a group effort :). > > >> * It seems OVA import is intended specifically for VMWare OVA's? >>> >> >> That's a common case, but we can look at other OVAs. The problem is that >> the spec is quite loose. >> Y. >> > > Agreed. I know that's why it's hard to be inter-compatible. >

1 0

OVA export/import
by RabidCicada 14 Jun '18

14 Jun '18

All, I recently tried to used the OVA export/import functionality. It seems I misunderstood the intentions. I expected OVA export/import to be reciprocal functionalities. I expected what we export as OVA to be importable as OVA in ovirt. What I have found is the following: * It seems OVA export does export an OVA, though the format is not spec compliant * We use 'disk/' in the HostResource xml field instead of '/disk/' for example in the ovf. * It seems OVA import is intended specifically for VMWare OVA's? * I thought I read about export domains being deprecated, and incorrectly assumed the recently added OVA export/import was to make things better for one off import/export. Can anyone clarify the following: * Is OVA import really just VMWare OVA's? * Are we really not spec compliant with the OVA/OVF format as my example above shows? OR do I misunderstand something? * After spending my time yesterday, I recall now that the deprecation of export domain is in favor of detaching and re-attaching ANY data domain. * What is the purpose of our OVA export if we ourselves indeed cannot import our own OVA? Or can you tell me how we import our own if I'm wrong. Please feel free to overshare details :), as any context will help prevent more confusion on my part. ~Kyle

3 8

Ovirt-Hosted-Engine-Install-Purge Ansible Script Snippet
by RabidCicada 14 Jun '18

14 Jun '18

All, I put together a full purge ansible script for CentOS. I figured I'd share it here. I ran into many issues with spurious failures of installs when I would try to reinstall ovirt on CentOS after having "removed" it. I was developing an automated install of our own software along with ovirt but along the way I had to reinstall on the same box numerous times. Initially I'd get spurious failures from leftover cruft that would get in the way. I eventually found this:https://www.ovirt.org/documentation/how-to/hosted-engine/#recoving-fro… and then crafted my own ansible purge script. It uses ovirts own engine cleanup script first if it exists, then fully cleans every other thing that can affect it. Tested on CentOS, probably will work on other distros without too much trouble. Hopefully someone saves themselves some grief - name: Clean Old Install #This attempts to remove all old cruft from previous install attempts #The reason we include the ovirt packages is so that they can be reinstall #At potentially newer versions along with dependency packages block: - name: Detect existing cleanup script shell: which ovirt-hosted-engine-cleanup | cat register: ohes_cleanup - name: Debug ohes_cleanup.stdout debug: var: ohes_cleanup.stdout - name: Run Ovirt's Hosted Engine Cleanup Script shell: ovirt-hosted-engine-cleanup -q when: ohes_cleanup.stdout != "" - name: Clean old packages package: name: "{{item}}" state: absent with_items: - "*vdsm*" - "*ovirt*" - "*libvirt*" - "*cockpit*" - name: Remove old configs etc shell: "rm -rf /etc/{{item}}" args: warn: False with_items: - "/etc/*ovirt*" - "/etc/*vdsm*" - "/etc/libvirt/qemu/HostedEngine*" - "/etc/*libvirt*" - "/etc/guacamole" - "/etc/pki/vdsm" - "/etc/pki/libvirt" - "/etc/pki/CA" - "/etc/pki/keystore" - "/etc/ovirt-hosted-engine" - "/var/lib/libvirt/" - "/var/lib/vdsm/" - "/var/lib/ovirt-hosted-engine-*" - "/var/log/ovirt-hosted-engine-setup/" - "/var/cache/libvirt/" - "/etc/libvirt/nwfilter/vdsm-no-mac-spoofing.xml" - "/var/cache/tomcat/temp/*" - "/var/cache/tomcat/work/Catalina/localhost/*" - "/usr/share/tomcat/webapps/guacamole" - "/usr/share/tomcat/webapps/guacamole.war" - "/etc/guacamole/extensions/guacamole*" - name: Clean old repo files shell: "rm -rf /etc/yum.repos.d/{{item}}" args: warn: False with_items: - "ovirt*" - "virt*" - name: clean interface configs shell: "rm -rf /etc/sysconfig/network-scripts/ifcfg-ovirtmgmt" args: warn: False - name: clean network stuff shell: "{{item}}" args: warn: False with_items: - "brctl delbr ovirtmgmt | cat" - "ip link del ovirtmgmt | cat" - "ip link del dummy0 | cat" - "ip link del virbr0 | cat" - "ip link del virbr0-nic | cat" - 'ip link del \;vdsmdummy\; | cat'

1 1

LDAP logins do not work
by Michael Watters 14 Jun '18

14 Jun '18

I've ran the ovirt-engine-extension-aaa-ldap-setup command to configure LDAP authentication using Active Directory however I am unable to authenticate using valid credentials. Here is the output show while testing the login flow. [ INFO ] Executing login sequence... Login output: 2018-06-13 11:27:17,931-04 INFO ======================================================================== 2018-06-13 11:27:17,960-04 INFO ============================ Initialization ============================ 2018-06-13 11:27:17,960-04 INFO ======================================================================== 2018-06-13 11:27:17,999-04 INFO Loading extension 'example.com-authn' 2018-06-13 11:27:18,072-04 INFO Extension 'example.com-authn' loaded 2018-06-13 11:27:18,077-04 INFO Loading extension 'example.com-authz' 2018-06-13 11:27:18,089-04 INFO Extension 'example.com-authz' loaded 2018-06-13 11:27:18,090-04 INFO Initializing extension 'example.com-authn' 2018-06-13 11:27:18,091-04 INFO [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] Creating LDAP pool 'authz' 2018-06-13 11:27:19,574-04 WARNING Exception: 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 2018-06-13 11:27:19,576-04 INFO [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] Creating LDAP pool 'authn' 2018-06-13 11:27:20,668-04 INFO [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] LDAP pool 'authn' information: vendor='null' version='null' 2018-06-13 11:27:20,674-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:20,676-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:20,676-04 INFO Extension 'example.com-authn' initialized 2018-06-13 11:27:20,677-04 INFO Initializing extension 'example.com-authz' 2018-06-13 11:27:20,679-04 INFO [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Creating LDAP pool 'authz' 2018-06-13 11:27:21,270-04 WARNING Exception: 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 2018-06-13 11:27:21,273-04 INFO [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Creating LDAP pool 'gc' 2018-06-13 11:27:22,065-04 WARNING Exception: 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1 2018-06-13 11:27:22,069-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:22,072-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:22,085-04 WARNING Ignoring records from pool: 'authz' 2018-06-13 11:27:22,086-04 INFO [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Available Namespaces: [] 2018-06-13 11:27:22,087-04 INFO Extension 'example.com-authz' initialized 2018-06-13 11:27:22,088-04 INFO Start of enabled extensions list 2018-06-13 11:27:22,089-04 INFO Instance name: 'example.com-authz', Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.3.7', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpPQluAI/extensions.d/example.com-authz.properties', Initialized: 'true' 2018-06-13 11:27:22,089-04 INFO Instance name: 'example.com-authn', Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.3.7', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpPQluAI/extensions.d/example.com-authn.properties', Initialized: 'true' 2018-06-13 11:27:22,090-04 INFO End of enabled extensions list 2018-06-13 11:27:22,090-04 INFO ======================================================================== 2018-06-13 11:27:22,090-04 INFO ============================== Execution =============================== 2018-06-13 11:27:22,091-04 INFO ======================================================================== 2018-06-13 11:27:22,091-04 INFO Iteration: 0 2018-06-13 11:27:22,093-04 INFO Profile='example.com' authn='example.com-authn' authz='example.com-authz' mapping='null' 2018-06-13 11:27:22,094-04 INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='example.com' user='d861703' 2018-06-13 11:27:22,251-04 INFO API: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='example.com' result=CREDENTIALS_INCORRECT 2018-06-13 11:27:22,262-04 SEVERE Authn.Result code is: CREDENTIALS_INCORRECT [ ERROR ] Login sequence failed Does anybody know what LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839 means? Is this a TLS issue? I am quite certain the password I'm using is correct.

2 4

VM created is reachable from only oVirt node
by sweettriplek＠gmail.com 14 Jun '18

14 Jun '18

VM running with centos is not reaching to any other network other than oVirt node. I tried to apply no network filer, clean-filter while creating vNIC interfaces but no luck. Setup configurations: - oVirt Engine and Node running on different machines - OVirt running on cent OS Please help me to resolve this issue, thanks in advance.

2 2

guests crashing during live migration(NUMA config issue)
by Balg, Andreas 14 Jun '18

14 Jun '18

Hello, during updates of our physical nodes running ovirt 4.2.3 I had to live- migrate all VMs to evacuate them from the hosts. This caused roughly 10% of guests to end up crashed /shutdown after live migration. Errors in the Logs are: 2018-05-31T15:15:51.273805Z qemu-kvm: warning: All CPU(s) up to maxcpus should be described in NUMA config, ability to start up with partial NUMA mappings is obsoleted and will be removed in future 2018-05-31T15:16:54.596554Z qemu-kvm: Unknown combination of migration flags: 0 2018-05-31T15:16:54.597196Z qemu-kvm: error while loading state section id 3(ram) 2018-05-31T15:16:54.598491Z qemu-kvm: load of migration failed: Invalid argument 2018-05-31 15:16:55.010+0000: shutting down, reason=crashed is there anything I can do about this? The hardware of all nodes is 100% identical -- Andreas Balg

3 6