oVirt 4.2 Self-hosted engine deployment fails at the end - "failed liveliness check"
by Aleksander Maricq
I successfully deployed an oVirt 4.2 self-hosted engine setup just over 6
months ago, and recently tried to re-install to modify hostnames on the
engine and hypervisor. After I cleaned up and re-ran hosted-engine
--deploy my install failed right at the end (TASK [Wait for the engine to
come up on the target VM]) with the following error:
ERROR otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:98 fatal
and the following engine vm status:
Engine status: {"reason": "failed liveliness check", "health": "bad", "vm":
"up", "detail": "Up"}
I opted to do a clean re-install of CentOS 7.5 and try again, but I keep
running into the same error (see the attached logs).
Some details that may or may not be helpful:
- I'm reusing old mount points without formatting such as /home and my
previous NFS-exported storage domain LVMs. The root partition, swap,
/boot, and the engine destination LVMs were all re-formatted during the
CentOS 7.5 install or prior to attempted oVirt install.
- I'm reusing the MAC address from the previous attempt (so that it picks
up the static entry I put on my router).
- I currently only have entries in /etc/hosts to map FQDNs to IPs, but the
install fails the same way whether or not I tell the process to populate
the engine VM's hosts file.
- Prior to my re-install of CentOS 7.5 I tried, and was able, to log into
the engine appliance. I saw the hosted engine VM was listed as "down", and
there was some temporary VM (leftover from the install process?) that I
couldn't do anything to.
Thanks in advance for your help!
6 years, 4 months
remote-viewer Spice Problem on MacOS
by hpeyerl@plusline.net
Hi all,
we are currently experiencing a weird problem with oVirt and the spice console on MacOS:
Occasionally when our Mac Users are connecting to a Spice Console of any oVirt VM it opens the usual window but just displays the message: "Connected to graphic server". When a Linux user now connects to it and closes the connection the Mac user can also connect again normally.
I have tried https://www.spice-space.org/osx-client.html and https://rizvir.com/articles/ovirt-mac-console/ with exactly the same behaviour. The Issue appears on several different MacOS Versions and we believe it started after our upgrade to oVirt 4.2.
MacOS Version: 10.13.5
oVirt Version: 4.2.3.8-1.el7
Any help or suggestion is greatly appreciated.
Best regards,
Hendrik
6 years, 4 months
LDAP login extension
by Mariusz Kozakowski
Hello,
We managed to setup oVirt Engine with your help, now we're facing other issue.
I'm trying to configure AD auth for web portal, but unfortunately I got error during ovirt-engine-extension-aaa-ldap-setup:
2018-06-27 09:06:21,926+02 INFO ========================================================================
2018-06-27 09:06:21,926+02 INFO ============================== Execution ===============================
2018-06-27 09:06:21,926+02 INFO ========================================================================
2018-06-27 09:06:21,927+02 INFO Iteration: 0
2018-06-27 09:06:21,928+02 INFO Profile='ad' authn='ad-authn' authz='ad-authz' mapping='null'
2018-06-27 09:06:21,928+02 INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='ad' user='username'
2018-06-27 09:06:21,945+02 INFO API: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='ad' result=SUCCESS
2018-06-27 09:06:21,948+02 INFO --- Begin AuthRecord ---
2018-06-27 09:06:21,949+02 INFO AAA_AUTHN_AUTH_RECORD_PRINCIPAL: username
2018-06-27 09:06:21,949+02 INFO --- End AuthRecord ---
2018-06-27 09:06:21,950+02 INFO API: -->Authz.InvokeCommands.FETCH_PRINCIPAL_RECORD principal='username'
2018-06-27 09:06:21,952+02 WARNING Ignoring records from pool: 'gc'
2018-06-27 09:06:21,953+02 SEVERE Cannot resolve principal 'username'
Do you have any idea what's the issue and what we're missing? As it looks like credentials are correct - passing wrong username gives fail earlier, so issue is somewhere after authentication.
--
Best regards/Pozdrawiam/MfG
Mariusz Kozakowski
Site Reliability Engineer
Dansk Supermarked Group
Baltic Business Park
ul. 1 Maja 38-39
71-627 Szczecin
dansksupermarked.com
6 years, 4 months
oVirt Authentication and Authorization
by Hari Prasanth Loganathan
Hi Team,
We have three components in our setup
1) Our Script (application using python)
2) Ovirt
3) LDAP (Also integrated to oVirt)
1) Our Python application is authenticating to LDAP and it creates a token
for our application
2) For accessing the API's in oVIrt, I need to contact to the oVirt API
which authenticates and creates a token for it
3) then I need to maintain the token of my application with its mapping to
the ovirt tokenId in my application.
When I want to hit any oVirt API, First I perform the token check in my
application (using my application token) then I need to perform the ovirt
token check in oVirt.
1)
* I would like to know Is there a way to skip the authentication and
authorization in oVIrt? *
2)* Or Is it possible to point the authentication check for oVirt (to my
application / to some URL which I configure) which always return true and
allow for all oVirt API's?*
*I did some analysis and verified the oVirt code in github, Identified that
it is going via a fliter in web.xml which points to the class, Is it
possible to tune this? *
<filter>
<filter-name>RestApiSessionValidationFilter</filter-name>
<filter-class>org.ovirt.engine.core.aaa.filters.RestApiSessionValidationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>RestApiSessionValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>SessionValidationFilter</filter-name>
<filter-class>org.ovirt.engine.core.aaa.filters.SessionValidationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SessionValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>SsoRestApiAuthFilter</filter-name>
<filter-class>org.ovirt.engine.core.aaa.filters.SsoRestApiAuthFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SsoRestApiAuthFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>SsoRestApiNegotiationFilter</filter-name>
<filter-class>org.ovirt.engine.core.aaa.filters.SsoRestApiNegotiationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SsoRestApiNegotiationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
If my query is not clear, please let me know.
Thanks,
Hari
6 years, 4 months
Fresh 4.2 install: engine-setup skipping NFS share step
by davemintz64@gmail.com
Any idea why the install script is not asking me if I want to set up the local ISO nfs share? I thought it might be because I am using the entire disk, but I tried creating a separate partition/mount for ti and it still didn't work.
This is what I see:
--== APACHE CONFIGURATION ==--
Setup can configure the default page of the web server to present the application home page. This may conflict with existing applications.
Do you wish to set the application as the default page of the web server? (Yes, No) [Yes]:
Setup can configure apache to use SSL using a certificate issued from the internal CA.
Do you wish Setup to configure that, or prefer to perform that manually? (Automatic, Manual) [Automatic]:
--== SYSTEM CONFIGURATION ==--
[The NFS questions should be here but it is blank]
--== MISC CONFIGURATION ==--
Please choose Data Warehouse sampling scale:
(1) Basic
(2) Full
Thanks in advance.
Dave
6 years, 4 months
ovirt-guest-agent-common version and repo
by Gianluca Cecchi
Hello,
on CentOS 7.x VM with epel enabled it seems that latest package
is ovirt-guest-agent-common-1.0.14-1.el7.noarch and from its changelog it
seems far from being up 2 date and released before 4.2.0 release...
* Thu Nov 02 2017 Tomáš Golembiovský <tgolembi(a)redhat.com> - 1.0.14-1
- Bump to version 1.0.14
- Changed link to upstream sources
Am I doing something wrong with it and its repo or is it not so important
component even after upgrading to oVirt 4.2.x?
Thanks,
Gianluca
6 years, 4 months
Ovirt and L2 Gateway
by carlgrundholm@gmail.com
I have install ovirt 4.2.3 and everything seems to be working fine: I can create virtual (Geneve overlay) networks for communication between virtual machines via the external provider ovirt-provider-ovn by using the OWS switch on the cluster. Live migrations and everything else within the virtual environment works perfectly :-)
For connections from virtual machines to physical VLAN's in a switch, I can also create a logical network which is created using the external provider ovirt-provider-ovn by specifying a connection to a physical VLAN network created as a separate data center network. This method requires that all ovirt-nodes (hosts) in the cluster have access to the physical network though.
What I am looking for is a way to implement a L2 Gateway such that (not all) ovirt nodes (hosts) need to have direct access to the physical network. What I am looking for is a way where virtual machines can communicate with the L2 Gateway via virtual (Geneve overlay) networks. On the L2 Gateway the virtual network shall then be bridged to the physical VLAN on a dedicated network interface. My goal is that the virtual network and the physical network becomes one big broadcast domain.
This concept has been described by different people on the Internet such as these articles:
- https://weiti.org/ovn/2018/01/03/ovn-l2-breakout-options
- https://wiki.openstack.org/wiki/Neutron/L2-GW
How can I accomplish something similar in an ovirt-environment?
Thanks in advance,
Carl Grundholm
6 years, 4 months
Hosted engine Deploy failed
by Lakhwinder Rai
i have error while installing hosted engine.
if anybody have solution for this,please help i stuck here from two days.
[ INFO ] TASK [Wait for the host to be up]
[ ERROR ] fatal: [localhost]: FAILED! => {"ansible_facts": {"ovirt_hosts": []}, "attempts": 120, "changed": false}
[ INFO ] TASK [include_tasks]
[ INFO ] ok: [localhost]
[ INFO ] TASK [Remove local vm dir]
[ INFO ] changed: [localhost]
[ INFO ] TASK [Notify the user about a failure]
[ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg": "The system may not be provisioned according to the playbook results: please check the logs for the issue, fix accordingly or re-deploy from scratch.\n"}
thanks
6 years, 4 months
oVirt HCI point-to-point interconnection
by Stefano Zappa
Good morning,
I would like to kindly ask you a question about the feasibility of defining a point-to-point interconnection between three ovirt nodes.
Initially with the idea of optimizing the direct communications between the nodes and especially the gluster communications, and so it would seem quite easy, then evaluating a more complex configuration, assuming to create an overlay L2 network on the three L3 point-to-point, using techniques like geneve, of which at the moment I have no mastery.
If the direct routing of three nodes to interconnect the public network with the private overlay network was not easily doable, we could leave the private overlay network isolated from the outside world and connect the VM hosted engine directly to the two networks with two adapters.
This layout with direct interconnection of the nodes without switches and a shared L2 overlay network between the nodes may in future be contemplated in future releases of your HCI solution?
Thank you for your attention, have a nice day!
Stefano Zappa.
[cid:609f1f14-f74e-489f-b86d-08647efc6d1c]
Stefano Zappa
IT Specialist CAE - TT-3
Industrie Saleri Italo S.p.A.
Phone: +39 0308250480
Fax: +39 0308250466
This message contains confidential information and is intended only for users(a)ovirt.org, infra(a)ovirt.org, devel(a)ovirt.org. If you are not users(a)ovirt.org, infra(a)ovirt.org, devel(a)ovirt.org you should not disseminate, distribute or copy this e-mail. Please notify Stefano.Zappa(a)saleri.it immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Stefano Zappa therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
PRIVACY INFORMATION ART. 13 EU REG. 2016/679
We inform you that the personal data contained in the present and subsequent electronic communications will be processed in compliance with the EU Regulation 2016/679, for the purpose of and only for the time necessary to allow the sender to carry out the activities connected to the existing commercial relationships.
The provision of personal data is not mandatory. However, failure to provide them determines the impossibility of achieving the aforementioned purpose.
With regard to these data, is allowed the exercise of the rights set out in art. 13 and from the articles from 15 to 22 of EU Regulation 2016/679 and in particular the right to request the access to, updating, rectification and erasure of your personal data, as well as the right to object to processing and to lodge a complaint with the Supervisory Authority, by sending an e-mail to privacy(a)saleri.it.
Data Controller of your personal data is Industrie Saleri Italo S.p.a., with registered office in via Ruca, 406 - 25065 Lumezzane (BS).
6 years, 4 months
