Re: Still having NFS issues. (Permissions)
by Robert Webb
So I did some testing and and removed the "all_squash,anonuid=36,anongid=36", set all the image directories to 0755, added libvirt to the kvm group, then rebooted.
After doing so, sanlock had no access to the directories and neither did libvert. Leaving everything else alone, I changed the the perms to 0760, sanlock no longer complained, but libvirtd still complained about file permissions.
Next test was to the change file perms to 770 and I got the same error with libvertd.
I have not done any linux work for quite a while so please correct me, but if I do a "ps aux | grep libvirt" I see the libvritd process running as root. Does the libvirt user get invoked only when a script is running? If the daemon is only running as root, then would it not be trying to access storage as root at this point?
This is my ps list:
root 2898 0.1 0.0 1553860 28580 ? Ssl 14:45 0:01 /usr/sbin/libvirtd -listen
Here is what I see in the audit log:
type=VIRT_CONTROL msg=audit(1576336098.295:451): pid=2898 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm op=start reason=booted vm="HostedEngine" uuid=70679ece-fbe9-4402-b9b0-34bbee9b6e69 vm-pid=-1 exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=failed
4 years, 11 months
Re: Unable to attach ISO domain to Datacenter
by Strahil
What is the output of 'ls -lZ /usr/bin/ionice' ?
Here is mine :
-rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/ionice
Best Regards,
Strahil NikolovOn Dec 13, 2019 16:58, Ivan Apolonio <ivan(a)apolonio.com.br> wrote:
>
> Hello.
>
> I tried to reinstall my whole environment using oficial oVirt ISO image and the same problem occurs. I also tried to give full access to vdsm user in sudoers file and the results are exactly the same. This is the error on showed on oVirt Manager:
>
> VDSM command AttachStorageDomainVDS failed: Cannot obtain lock: u"id=e65b4f0f-faa1-4cdc-9d2a-ab4fccfec0b0, rc=1, out=[], err=['setsid: failed to execute /usr/bin/ionice: Permission denied']"
>
> In other hand, the node server's vdsm.log file shows no errors.
>
> The engine.log still shows the same errors as my previous posts with logs. I don't know what else can I do.
>
> Please help.
> Thanks,
> Ivan
> _______________________________________________
> Users mailing list -- users(a)ovirt.org
> To unsubscribe send an email to users-leave(a)ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/J6ZI7A7QTDZ...
4 years, 11 months
Unable to attach ISO domain to Datacenter
by Ivan de Gusmão Apolonio
I'm having trouble to create a storage ISO Domain and attach it to a Datacenter. It just give me this error message:
Error while executing action Attach Storage Domain: Could not obtain lock
Also the oVirt's Engine log files show this error message: "setsid: failed to execute /usr/bin/ionice: Permission denied", but I was unable to identify what exactly it's trying to do to get this permission denied.
2019-11-14 16:46:07,779-03 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engine-Thread-7388) [86161370-2aaa-4eff-9aab-c184bdf5bb98] EVENT_ID: IRS_BROKER_COMMAND_FAILURE(10,803), VDSM command AttachStorageDomainVDS failed: Cannot obtain lock: u"id=e6b34c42-0ca6-41f4-be3e-3c9b2af1747b, rc=1, out=[], err=['setsid: failed to execute /usr/bin/ionice: Permission denied']"
This behavior just happens on ISO Domains, while Data Domains works fine. I have read oVirt documentation and searched everywhere but I was unable to find the solution for this issue.
I'm using CentOS 7 with last update of all packages (oVirt version 4.3.6.7). Please help!
Thanks,
Ivan de Gusmão Apolonio
4 years, 11 months
How to run oVirt on CentOS 8 (or 8.1 or Stream)
by Nate Revo
I have a system that requires the 4x kernel to run and wanted to run oVirt
on top of CentOS. Seems as I'm looking around, rhel/centos 8 support for
ovirt is slated for v 4.4. What's the progress with running on Centos 8+
and how do I run ovirt on Centos 8, now.
Thanks in advance,
-Nate Revo
P.S. Will code for pizza
--
Nathan Revo, RHCE
OpenShift Specialist Solutions Architect
Red Hat NorthWest Strategic <https://www.redhat.com/>
nrevo(a)redhat.com
M: 801-885-8182
<https://www.redhat.com/>
4 years, 11 months
ovirt vdsm and networking
by kim.kargaard@noroff.no
Hi,
We are running CentOS and ovirt 4.3.4. We currently have four nodes and have set up the networks as follows:
ovirtmanagmeent network - set up as a tagged vlan with a static IP
SAN network - set up as a tagged vlan with a static IP
student network - set up as a tagged vlan
fw network - set up as a tagged vlan
The ovirtmanagement and SAN networks were configured on the CentOS boxes during after installing CentOS and before adding the nodes as hosts. The student network and the fw network were configured through the ovirt admin panel. However, because of this, the student network is not assigned a static IP on the nodes and serves the VM's using the DHCP on the firewall. The ovirt management network is set as the display network and every time I try to change that to the student network, ovirt admin panel tells me that I can't because there is no IP address assigned to the student network vlan. I tried using ip addr add to add a static IP on the one CentOS node, but this does not get picked up by ovirt and of course ovirt controls the actual vlan files on the CentOS box through VDSM, so any changes I make there will likely just be overwritten.
So, my question is, should I stop VDSM, add the IP to the vlan files on the CentOS nodes and then restart VDSM or is there a proper way of solving this? I need the Display Network to be set to the student network.
Thank you for any help.
Kim
4 years, 11 months
oVirt 4.4.0 Alpha release is now available for testing
by Sandro Bonazzola
oVirt 4.4.0 Alpha release is now available for testing
The oVirt Project is excited to announce the availability of the alpha
release of oVirt 4.4.0 for testing, as of December 13th, 2019
This release unleashes an altogether more powerful and flexible open source
virtualization solution that encompasses hundreds of individual changes and
a wide range of enhancements across the engine, storage, network, user
interface, and analytics on top of oVirt 4.3.
Important notes before you try it
Please note this is an Alpha release.
The oVirt Project makes no guarantees as to its suitability or usefulness.
This pre-release must not to be used in production, and it is not feature
complete.
In particular, please note that upgrades from 4.3 and future upgrades from
this alpha to the final 4.4 release from this version are not supported.
Some of the features included in oVirt 4.4.0 Alpha require content that
will be available in CentOS Linux 8.1 which is currently being built from
Red Hat Enterprise Linux 8.1.
If you want to have a better experience you can test oVirt 4.4.0 Alpha on
Red Hat Enterprise Linux 8.1.
Known Issues
-
After installation open the Default cluster and hit “Save”, for any
other new Cluster using CPU autodetection the dialog needs to be explicitly
saved after the detection happens, after first host is added. (bug
https://bugzilla.redhat.com/1770697)
-
Migrate, Cluster Upgrade, Export VM buttons cannot be clicked. Fixed in
ovirt-engine-ui-extensions-1.0.11
Installation instructions
For the engine: either use appliance or:
- Install CentOS Linux 7.7 minimal from
http://centos.mirror.garr.it/centos/7.7.1908/isos/x86_64/CentOS-7-x86_64-...
- yum install
https://resources.ovirt.org/pub/yum-repo/ovirt-release44-pre.rpm
- yum update (reboot if needed)
- yum install ovirt-engine
- engine-setup
For the nodes:
Either use oVirt Node ISO or:
- Install CentOS Linux 8.0 from
http://centos.mirror.garr.it/centos/8.0.1905/isos/x86_64/CentOS-8-x86_64-...
; select minimal installation
- yum config-manager --set-enabled PowerTools
- yum install
https://resources.ovirt.org/pub/yum-repo/ovirt-release44-pre.rpm
- yum update (reboot if needed)
- Attach the host to engine and let it be deployed.
What’s new in oVirt 4.4.0 Alpha?
-
Hypervisors based on CentOS Linux 8 (rebuilt from award winning RHEL8),
for both oVirt Node and standalone CentOS Linux hosts
-
Easier network management and configuration flexibility with
NetworkManager
-
VMs based on a more modern Q35 chipset with legacy seabios and UEFI
firmware
-
Support for direct passthrough of local host disks to VMs
-
Live migration improvements for High Performance guests.
-
New Windows Guest tools installer based on WiX framework now moved to
VirtioWin project
-
Dropped support for cluster level prior to 4.2
-
Dropped SDK3 support
-
4K disks support
-
Exporting a VM to a data domain
-
Editing of floating disks
-
Integrating ansible-runner into engine, which allows a more detailed
monitoring of playbooks executed from engine
-
Adding/reinstalling hosts are now completely based on Ansible
-
The OpenStack Neutron Agent cannot be configured by oVirt anymore, it
should be configured by TripleO instead
This release is available now on x86_64 architecture for:
* Red Hat Enterprise Linux 7.7 or later (but < 8.0)
* CentOS Linux (or similar) 7.7 or later (but < 8.0)
This release supports Hypervisor Hosts on x86_64 and ppc64le architectures
for:
* Red Hat Enterprise Linux 8.0 or later
* CentOS Linux (or similar) 8.0 or later
* oVirt Node 4.4 based on CentOS Linux 8.0 (available for x86_64 only)
See the release notes [1] for installation instructions and a list of new
features and bugs fixed.
If you manage more than one oVirt instance, OKD or RDO we also recommend to
try ManageIQ <http://manageiq.org/>.
In such a case, please be sure to take the qc2 image and not the ova image.
Notes:
- oVirt Appliance is already available for CentOS Linux 8
- oVirt Node NG is already available for CentOS Linux 8
Additional Resources:
* Read more about the oVirt 4.4.0 release highlights:
http://www.ovirt.org/release/4.4.0/
* Get more oVirt project updates on Twitter: https://twitter.com/ovirt
* Check out the latest project news on the oVirt blog:
http://www.ovirt.org/blog/
[1] http://www.ovirt.org/release/4.4.0/
[2] http://resources.ovirt.org/pub/ovirt-4.4-pre/iso/
--
Sandro Bonazzola
MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV
Red Hat EMEA <https://www.redhat.com/>
sbonazzo(a)redhat.com
<https://www.redhat.com/>*Red Hat respects your work life balance.
Therefore there is no need to answer this email out of your office hours.*
4 years, 11 months
Re: Ovirt OVN help needed
by Strahil
Hi Dominik,
Thanks for the reply.
Sadly the openstack module is missing on the engine and I have to figure it out.
Can't I just undeploy the ovn and then redeploy it back ?
Best Regards,
Strahil NikolovOn Dec 12, 2019 09:32, Dominik Holler <dholler(a)redhat.com> wrote:
>
> The cleanest way to clean up is to remove all entities on the OpenStack Network API on ovirt-provider-ovn, e.g. by something like
> https://gist.github.com/dominikholler/19bcdc5f14f42ab5f069086fd2ff5e37#fi...
> This should work, if not, please report a bug.
>
> To bypass the ovirt-provider-ovn, which is not recommended and might end in an inconsistent state, you could use ovn-nbctl .
>
>
>
> On Thu, Dec 12, 2019 at 3:33 AM Strahil Nikolov <hunter86_bg(a)yahoo.com> wrote:
>>
>> Hi Community,
>>
>> can someone hint me how to get rid of some ports? I just want to 'reset' my ovn setup.
>>
>> Here is what I have so far:
>>
>> [root@ovirt1 openvswitch]# ovs-vsctl list interface
>> _uuid : be89c214-10e4-4a97-a9eb-1b82bc433a24
>> admin_state : up
>> bfd : {}
>> bfd_status : {}
>> cfm_fault : []
>> cfm_fault_status : []
>> cfm_flap_count : []
>> cfm_health : []
>> cfm_mpid : []
>> cfm_remote_mpids : []
>> cfm_remote_opstate : []
>> duplex : []
>> error : []
>> external_ids : {}
>> ifindex : 35
>> ingress_policing_burst: 0
>> ingress_policing_rate: 0
>> lacp_current : []
>> link_resets : 0
>> link_speed : []
>> link_state : up
>> lldp : {}
>> mac : []
>> mac_in_use : "7a:7d:1d:a7:43:1d"
>> mtu : []
>> mtu_request : []
>> name : "ovn-25cc77-0"
>> ofport : 6
>> ofport_request : []
>> options : {csum="true", key=flow, remote_ip="192.168.1.64"}
>> other_config : {}
>> statistics : {rx_bytes=0, rx_packets=0, tx_bytes=0, tx_packets=0}
>> status : {tunnel_egress_iface=ovirtmgmt, tunnel_egress_iface_carrier=up}
>> type : geneve
>>
>> _uuid : ec6a6688-e5d6-4346-ac47-ece1b8379440
>> admin_state : down
>> bfd : {}
>> bfd_status : {}
>> cfm_fault : []
>> cfm_fault_status : []
>> cfm_flap_count : []
>> cfm_health : []
>> cfm_mpid : []
>> cfm_remote_mpids : []
>> cfm_remote_opstate : []
>> duplex : []
>> error : []
>> external_ids : {}
>> ifindex : 13
>> ingress_policing_burst: 0
>> ingress_policing_rate: 0
>> lacp_current : []
>> link_resets : 0
>> link_speed : []
>> link_state : down
>> lldp : {}
>> mac : []
>> mac_in_use : "66:36:dd:63:dc:48"
>> mtu : 1500
>> mtu_request : []
>> name : br-int
>> ofport : 65534
>> ofport_request : []
>> options : {}
>> other_config : {}
>> statistics : {collisions=0, rx_bytes=0, rx_crc_err=0, rx_dropped=0, rx_errors=0, rx_frame_err=0, rx_over_err=0, rx_packets=0, tx_bytes=0, tx_dropped=0, tx_errors=0, tx_packets=0}
>> status : {driver_name=openvswitch}
>> type : internal
>>
>> _uuid : 1e511b4d-f7c2-499f-bd8c-07236e7bb7af
>> admin_state : up
>> bfd : {}
>> bfd_status : {}
>> cfm_fault : []
>> cfm_fault_status : []
>> cfm_flap_count : []
>> cfm_health : []
>> cfm_mpid : []
>> cfm_remote_mpids : []
>> cfm_remote_opstate : []
>> duplex : []
>> error : []
>> external_ids : {}
>> ifindex : 35
>> ingress_policing_burst: 0
>> ingress_policing_rate: 0
>> lacp_current : []
>> link_resets : 0
>> link_speed : []
>> link_state : up
>> lldp : {}
>> mac : []
>> mac_in_use : "1a:85:d1:d9:e2:a5"
>> mtu : []
>> mtu_request : []
>> name : "ovn-566849-0"
>> ofport : 5
>> ofport_request : []
>> options : {csum="true", key=flow, remote_ip="192.168.1.41"}
>> other_config : {}
>> statistics : {rx_bytes=0, rx_packets=0, tx_bytes=0, tx_packets=0}
>> status : {tunnel_egress_iface=ovirtmgmt, tunnel_egress_iface_carrier=up}
>> type : geneve
>>
>>
>> When I try to remove a port - it never ends (just hanging):
>>
>> [root@ovirt1 openvswitch]# ovs-vsctl --dry-run del-port br-int ovn-25cc77-0
>> In journal I see only this:
>> дек 12 04:13:57 ovirt1.localdomain ovs-vsctl[22030]: ovs|00001|vsctl|INFO|Called as ovs-vsctl --dry-run del-port br-int ovn-25cc77-0
>>
>> The stranger part to me is the log output:
>>
>> [root@ovirt1 openvswitch]# grep ovn-25cc77-0 /var/log/openvswitch/*.log
>> /var/log/openvswitch/ovs-vswitchd.log:2019-12-12T01:26:28.642Z|00032|bridge|INFO|bridge br-int: added interface ovn-25cc77-0 on port 14
>> /var/log/openvswitch/ovs-vswitchd.log:2019-12-12T01:45:15.646Z|00113|bridge|INFO|bridge br-int: deleted interface ovn-25cc77-0 on port 14
>> /var/log/openvswitch/ovs-vswitchd.log:2019-12-12T01:45:15.861Z|00116|bridge|INFO|bridge br-int: added interface ovn-25cc77-0 on port 2
>> /var/log/openvswitch/ovs-vswitchd.log:2019-12-12T01:50:36.678Z|00118|bridge|INFO|bridge br-int: deleted interface ovn-25cc77-0 on port 2
>> /var/log/openvswitch/ovs-vswitchd.log:2019-12-12T01:52:31.180Z|00121|bridge|INFO|bridge br-int: added interface ovn-25cc77-0 on port 3
>> /var/log/openvswitch/ovs-vswitchd.log:2019-12-12T01:55:09.734Z|00125|bridge|INFO|bridge br-int: deleted interface ovn-25cc77-0 on port 3
>> /var/log/openvswitch/ovs-vswitchd.log:2019-12-12T01:58:15.138Z|00127|bridge|INFO|bridge br-int: added interface ovn-25cc77-0 on port 6
>>
>> I'm also attaching the verbose output of the dryrun.
>>
>> Thanks in advance.
>>
>> Best Regards,
>> Strahil Nikolov
>> _______________________________________________
>> Users mailing list -- users(a)ovirt.org
>> To unsubscribe send an email to users-leave(a)ovirt.org
>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
>> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
>> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/IG7YJPINVAF...
4 years, 11 months
Re: Still having NFS issues. (Permissions)
by Strahil
Why do you use 'all_squash' ?
all_squashMap all uids and gids to the anonymous user. Useful for NFS-exported public FTP directories, news spool directories, etc. The opposite option is no_all_squash, which is the default setting.
Best Regards,
Strahil NikolovOn Dec 10, 2019 07:46, Tony Brian Albers <tba(a)kb.dk> wrote:
>
> On Mon, 2019-12-09 at 18:43 +0000, Robert Webb wrote:
> > To add, the 757 permission does not need to be on the .lease or the
> > .meta files.
> >
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/KZF6RCSRW2Q...
>
> Good morning,
>
> Check SELinux just in case.
>
> Here's my config:
>
> NFS server:
> /etc/exports:
> /data/ovirt
> *(rw,sync,no_subtree_check,all_squash,anonuid=36,anongid=36)
>
> Folder:
> [root@kst001 ~]# ls -ld /data/ovirt
> drwxr-xr-x 3 vdsm kvm 76 Jun 1 2017 /data/ovirt
>
> Subfolders:
> [root@kst001 ~]# ls -l /data/ovirt/*
> -rwxr-xr-x 1 vdsm kvm 0 Dec 10 06:38 /data/ovirt/__DIRECT_IO_TEST__
>
> /data/ovirt/a597d0aa-bf22-47a3-a8a3-e5cecf3e20e0:
> total 4
> drwxr-xr-x 2 vdsm kvm 117 Jun 1 2017 dom_md
> drwxr-xr-x 56 vdsm kvm 4096 Dec 2 14:51 images
> drwxr-xr-x 4 vdsm kvm 42 Jun 1 2017 master
> [root@kst001 ~]#
>
>
> The user:
> [root@kst001 ~]# id vdsm
> uid=36(vdsm) gid=36(kvm) groups=36(kvm)
> [root@kst001 ~]#
>
> And output from 'mount' on a host:
> kst001:/data/ovirt on /rhev/data-center/mnt/kst001:_data_ovirt type nfs
> (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,soft,nolock,
> nosharecache,proto=tcp,timeo=600,retrans=6,sec=sys,mountaddr=<nfs-
> server-
> ip>,mountvers=3,mountport=20048,mountproto=udp,local_lock=all,addr=<nfs
> -server-ip>)
>
>
> HTH
>
> /tony
> _______________________________________________
> Users mailing list -- users(a)ovirt.org
> To unsubscribe send an email to users-leave(a)ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/T6S32XNRB6S...
4 years, 11 months
