Error creating host certificate with SubjectAltName with -ki-enroll-request.sh
by Derek Atkins
Hi,
I'm running a single-host, hosted-engine Ovirt deployment, version 4.3.10
(upgraded from 4.0->4.1->4.2) and it's complaining that my host cert does
not have a SubjectAltName.
If I try to use pki-enroll-request.sh to rebuild the host cert and follow
the instructions to add a --san, I get an error:
/usr/share/ovirt-engine/bin/pki-enroll-request.sh --name=host.na.me
--san=host.na.me
Using configuration from openssl.conf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
organizationName :PRINTABLE:'My Org Name'
commonName :PRINTABLE:'host.na.me'
ERROR: adding extensions in section v3_ca_san
139875647600528:error:2207507C:X509 V3
routines:v2i_GENERAL_NAME_ex:missing value:v3_alt.c:531:
139875647600528:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in
extension:v3_conf.c:95:name=subjectAltName, value=host.na.me
Cannot sign certificate
Am I using this script incorrectly?
Thanks,
-derek
--
Derek Atkins 617-623-3745
derek(a)ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
3 years, 11 months
Re: Another illegal disk snapshot problem!
by Christopher Cox
On 12/8/20 5:30 AM, Magnus Isaksson wrote:
> Hi
>
> We have the same issue as you, and we are also using vProtect.
> I have no solution, but I'm very interested in how to address this.
>
> Some VM:s we do have managed to remove the illegal snapshots after changing
> storage for the VM:s disks, but we have 3-4 VM:s that will not want to remove
> the illegal snapshot.
> As for us, this issue has escalated the last couple of months.
>
> Is it only us who have these issues or does people not take backup of their
> VM:s? Feels like more people should have these issues.
We backup our oVirt VMs just like we backup physical hosts.
With that said, it's a backup system I wrote some 12 years ago.
We're in the process of moving from oVirt to VMware and our home grown backup
system has made moving very very easy. I've migrated several VMs across.
There's more than one way to skin a cat. Snapshots don't buy you much with
regards to integral integrity. They aren't (and never will be) application
logic aware (for example). And at the virtual disk level, it obviously becomes
even more of "black box".
(I'm mainly answering the question do "people not take backup of their VMs?")
3 years, 11 months
difference between CPU server and client family
by jb
Hello,
is there a big difference between *Secure Intel Skylake Server Family*
CPUs and *Secure Intel Skylake Client Family* CPUs.
I ask because I use a Intel Xeon E-2246G in our servers and when I
install the cluster, the client cpu model was automatically selected.
I'm not sure now if it makes a different, when I change the cluster cpu
type to the server model and if this is possible with this cpu.
Best regards
Jonathan
3 years, 11 months
unable to edit vm properties created from pool
by mhumaj@gmail.com
Hi all,
Is there any way how to edit cpu/memory/boot and stuff like that once the VM has been created by the pool? All option when trying to edit VM are greyed out. We are unable to edit any option for vm in pool.
(oVirt Open Virtualization Manager, Software Version:4.4.3.12-1.el8)
Thanks
3 years, 11 months
what difference between enterprise Linux hosts and oVirt Nodes ?
by tommy
Enterprise Linux hosts (Enterprise Linux hosts) and oVirt Nodes (image-based
hypervisors) are the two supported types of host. Hosts use Kernel-based
Virtual Machine (KVM) technology and provide resources used to run virtual
machines.
But what difference between the Enterprise Linux Hosts and oVirt Nodes ?
Please give me some explain in details,thanks!
3 years, 11 months
Failed upgrade from SHE 4.3.10 to 4.4.3 - Host set to Non-Operational - missing networks
by Roberto Nunin
We are following both oVirt upgrade guide [1] and RHV 4.4 upgrade guide [2].
aps-te62-mng.corporate.it ---> host resinatlled with oVirt Node 4.4.3
aps-te61-mng.corporate.it ---> host where previous ovirt-engine 4.3.10 VM
was running when backup was taken.
hosted-engine --deploy --restore-from-file=<path to file> fails with
following errors in ovirt-hosted-engine-setup:
2020-12-01 15:53:37,534+0100 ERROR
otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:109 fatal: [localhost]: FAILED! =>
{"changed": false, "msg": "The host has been set in non_operational status,
please check engine logs, more info can be found in the engine logs, fix
accordingly and re-deploy."}
2020-12-01 15:56:30,414+0100 ERROR
otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:109 fatal: [localhost]: FAILED! =>
{"changed": false, "msg": "The system may not be provisioned according to
the playbook results: please check the logs for the issue, fix accordingly
or re-deploy from scratch.\n"}
2020-12-01 15:56:33,731+0100 ERROR otopi.context context._executeMethod:154
Failed to execute stage 'Closing up': Failed executing ansible-playbook
2020-12-01 15:57:08,663+0100 ERROR
otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:109 fatal: [localhost]: UNREACHABLE! =>
{"changed": false, "msg": "Failed to connect to the host via ssh: ssh:
connect to host itte1lv51-mng.comifar.it port 22: Connection timed out",
"skip_reason": "Host localhost is unreachable", "unreachable": true}
2020-12-01 15:58:22,179+0100 ERROR otopi.plugins.gr_he_common.core.misc
misc._terminate:167 Hosted Engine deployment failed: please check the logs
for the issue, fix accordingly or re-deploy from scratch.
while within the HostedEngineLocal engine.log:
2020-12-01 15:52:42,161+01 ERROR
[org.ovirt.engine.core.bll.SetNonOperationalVdsCommand]
(EE-ManagedThreadFactory-engine-Thread-96) [11f50ce0] Host '
aps-te62-mng.corporate.it' is set to Non-Operational, it is missing the
following networks:
'migration,traffic_11,traffic_202,traffic_5,traffic_555,traffic_9'
2020-12-01 15:52:48,474+01 ERROR
[org.ovirt.engine.core.bll.SetNonOperationalVdsCommand]
(EE-ManagedScheduledExecutorService-engineScheduledTh
readPool-Thread-12) [41688fc7] Host 'aps-te62-mng.corporate.it' is set to
Non-Operational, it is missing the following networks:
'migration,traffic_11,traffic_202,traffic_5,traffic_555,traffic_9'
2020-12-01 15:52:53,734+01 ERROR
[org.ovirt.engine.core.bll.SetNonOperationalVdsCommand]
(EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-6)
[5fc7257] Host 'aps-te62-mng.corporate.it' is set to Non-Operational, it is
missing the following networks:
'migration,traffic_11,traffic_202,traffic_5,traffic_555,traffic_9'
2020-12-01 15:52:54,567+01 ERROR
[org.ovirt.engine.core.vdsbroker.monitoring.VmsMonitoring]
(ForkJoinPool-1-worker-13) [] Rerun VM
'f9249e06-237e-412c-91e9-7b0fa0b6ec2a'. Called from VDS '
aps-te62-mng.corprorate.it'
2020-12-01 15:52:54,676+01 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(EE-ManagedThreadFactory-engine-Thread-361) [] EVENT_ID:
VM_MIGRATION_TO_SERVER_FAILED(120), Migration failed (VM:
external-HostedEngineLocal, Source: aps-te62-mng.corporate.it, Destination:
aps-te61-mng.corporate.it).
Why is the playbook trying to migrate HostedEngineLocal from reinstalled
4.4.3 oVirt node to an existing one that is still running oVirt Node 4.3.x ?
How can we manage this issue and proceed with the upgrade ?
[1]
https://www.ovirt.org/documentation/upgrade_guide/#SHE_Upgrading_from_4-3
[2]
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/...
Thanks is advance for support.
Best regards
--
Roberto Nunin
3 years, 11 months
strange dns request since 4.4.3
by Adam Xu
Hi ovirt
Recently, my samba internal dns has been getting a lot of errors, like:
[2020/12/02 15:24:31.484073, 1]
../../source4/dns_server/dns_query.c:1141(dns_server_process_query_got_auth)
dns_server_process_query_got_auth: Failed to add SOA record:
WERR_DNS_ERROR_RCODE_FORMAT_ERROR
I found that my ovirt nodes was sending a lot of strange requests, I use
tcpdump and got some like:
tcpdump -i ovirtmgmt udp port 53
17:00:23.875038 IP ovirt1.adagene.cn.53862 > dc1.mydomain.com.domain:
35727+ [1au] NS? . (40)
17:00:24.436466 IP 192.168.49.195.domain > ovirt1.mydomain.com.33625:
8887 FormErr-$ 0/0/1 (40)
about one request in a second.
And I noticed that some nodes which version is 4.4.2 did't send dns
requests like above. therefore no error occured.
Were there any recent changes to ovirt node that caused these errors?
3 years, 11 months
