Securing virtual machines
by David Johnson
Greetings all,
Is there a good guide for securing the ovirt system (hosts, controller,
VM's) via hardware based 2 level authentication, such as Yubikeys?
Thank you in advance.
*David Johnson*
3 years, 5 months
Grafana Engine
by Jorge Visentini
Hi all!!
Is it possible to disable the Grafana server on Engine?
I would like to use Granafa in other server.
Até.
--
Att,
Jorge Visentini
+55 55 98432-9868
3 years, 5 months
TPM 2.0 Support in Ovirt
by bob.franzke@mdaemon.com
Need to deploy a VM of a Windows 11 guest. Windows 11 requires TPM 2.0 support for it to be able to install. Does Ovirt support TPM devices somehow and if so how do I present the VM with a TPM device that can be detected by the Windows 11 setup installer? Thanks in advance for any help here.
3 years, 5 months
Re: Installing Windows 4.4.9/Change CD
by Nir Soffer
On Thu, Oct 21, 2021 at 7:11 PM Matt Schuler <mschuler(a)bsgtech.com> wrote:
>
> Just wondering if it is possible to install windows on the 4.4.9? (I am running 4.4.9 and node 4.4.8, I don’t node is built yet for .9)
>
>
>
> The issue I am having is changing CDs, when I try to change it get the following error: (Both ISOs are uploaded though the GUI on block storage, iSCSI)
...
> ERROR FINISH changeCD error=Failed to change disk image
>
> Traceback (most recent call last):
>
> File "/usr/lib/python3.6/site-packages/vdsm/virt/vm.py", line 5005, in _update_disk_device
>
> disk_xml, libvirt.VIR_DOMAIN_DEVICE_MODIFY_FORCE)
>
> File "/usr/lib/python3.6/site-packages/vdsm/virt/virdomain.py", line 101, in f
>
> ret = attr(*args, **kwargs)
>
> File "/usr/lib/python3.6/site-packages/vdsm/common/libvirtconnection.py", line 131, in wrapper
>
> ret = f(*args, **kwargs)
>
> File "/usr/lib/python3.6/site-packages/vdsm/common/function.py", line 94, in wrapper
>
> return func(inst, *args, **kwargs)
>
> File "/usr/lib64/python3.6/site-packages/libvirt.py", line 3237, in updateDeviceFlags
>
> raise libvirtError('virDomainUpdateDeviceFlags() failed')
>
> libvirt.libvirtError: internal error: unable to execute QEMU command 'blockdev-add': 'file' driver requires '/rhev/data-center/mnt/blockSD/XX/images/XX/XX' to be a regular file
This is https://bugzilla.redhat.com/1990268
It is fixed in:
$ git describe 6094e672781f593767dc313ebd53d23334511f5a
v4.40.90.1-7-g6094e6727
You need to upgrade vdsm.
The only workaround for now is to use a file based storage domain
(e.g. NFS) for the ISO
images.
When the issue is fixed, you can copy the ISO disks to another storage
domain, and remove
the file based domain.
Nir
3 years, 6 months
Installing Windows 4.4.9/Change CD
by Matt Schuler
Just wondering if it is possible to install windows on the 4.4.9? (I am running 4.4.9 and node 4.4.8, I don't node is built yet for .9)
The issue I am having is changing CDs, when I try to change it get the following error: (Both ISOs are uploaded though the GUI on block storage, iSCSI)
GUI:
Error while executing action Change CD: Failed to perform "Change CD" operation, CD might be still in use by the VM.
Please try to manually detach the CD from withing the VM:
1. Log in to the VM
2 For Linux VMs, un-mount the CD using umount command;
For Windows VMs, right click on the CD drive and click 'Eject';
LOG:
ERROR FINISH changeCD error=Failed to change disk image
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/vdsm/virt/vm.py", line 5005, in _update_disk_device
disk_xml, libvirt.VIR_DOMAIN_DEVICE_MODIFY_FORCE)
File "/usr/lib/python3.6/site-packages/vdsm/virt/virdomain.py", line 101, in f
ret = attr(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/vdsm/common/libvirtconnection.py", line 131, in wrapper
ret = f(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/vdsm/common/function.py", line 94, in wrapper
return func(inst, *args, **kwargs)
File "/usr/lib64/python3.6/site-packages/libvirt.py", line 3237, in updateDeviceFlags
raise libvirtError('virDomainUpdateDeviceFlags() failed')
libvirt.libvirtError: internal error: unable to execute QEMU command 'blockdev-add': 'file' driver requires '/rhev/data-center/mnt/blockSD/XX/images/XX/XX' to be a regular file
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/vdsm/common/api.py", line 124, in method
ret = func(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/vdsm/API.py", line 153, in changeCD
return self.vm.changeCD(driveSpec)
File "<decorator-gen-281>", line 2, in changeCD
File "/usr/lib/python3.6/site-packages/vdsm/common/api.py", line 101, in method
return func(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/vdsm/virt/vm.py", line 4768, in changeCD
self._change_cd(blockdev, drive_spec, iface, force=force)
File "/usr/lib/python3.6/site-packages/vdsm/virt/vm.py", line 5049, in _change_cd
self._update_disk_device(disk_xml, force=force)
File "/usr/lib/python3.6/site-packages/vdsm/virt/vm.py", line 5008, in _update_disk_device
raise exception.ChangeDiskFailed()#012vdsm.common.exception.ChangeDiskFailed: Failed to change disk image
I feel like I have see a couple bugs on this, but now I can't find them...
Thank you!
3 years, 6 months
install python package ovirt_imageio for Ovirt 4.3
by Grace Chen
I want to use python script running from a host to automate the remote kvm
manager's vm backup. Our ovirt version is 4.3. I have installed
ovirt-imageio-daemon
on the host
I tried to yum install ovirt-imageio-client (we use yum), it couldn't find
the package.
error message:
Loaded plugins: ulninfo, vdsmupgrade, versionlock
ovirt-4.3
| 3.0 kB 00:00:00
ovirt-4.3-extra
| 3.0 kB 00:00:00
ovirt-master-snapshot
| 3.0 kB 00:00:00
ovirt-master-snapshot-static
| 3.0 kB 00:00:00
No package ovirt-imageio-client available.
I tried to copy folder ovirt_imageio from ovirt-imageio to my python
library directory, it could not compile the c file "ioutil.c"
Can anybody help me install the python package? Am I installing on the
correct place, do I need to use the python script only on the host that
installed the kvm manager?
3 years, 6 months
oVirt 4.4.8 Hyperconverged deploy failed
by dvx.mellin@gmail.com
Hi everyone,
I'm trying to deploy a hyperconverged ovirt cluster, but the the wizard in cockpit failed at the first step with the error "FQDN is not reachable".
The goal is to have 3 nodes, with hosted engine on gluster FS.
Here is the relevant information :
- CentOS 8.4
- ovirt 4.4.8
- 2 network interfaces (1 for storage, 1 for production)
The packages installed : cockpit-ovirt-dashboard, vdsm-gluster, ovirt-host, ovirt-engine-appliance, gluster-ansible-roles
# rpm -qa | grep ovirt
ovirt-imageio-client-2.2.0-1.el8.x86_64
ovirt-host-dependencies-4.4.8-1.el8.x86_64
ovirt-vmconsole-1.0.9-1.el8.noarch
python3-ovirt-setup-lib-1.3.2-1.el8.noarch
ovirt-provider-ovn-driver-1.2.34-1.el8.noarch
ovirt-host-4.4.8-1.el8.x86_64
ovirt-vmconsole-host-1.0.9-1.el8.noarch
ovirt-imageio-daemon-2.2.0-1.el8.x86_64
ovirt-hosted-engine-ha-2.4.8-1.el8.noarch
ovirt-hosted-engine-setup-2.5.3-1.el8.noarch
ovirt-engine-appliance-4.4-20210826223909.1.el8.x86_64
cockpit-ovirt-dashboard-0.15.1-1.el8.noarch
python3-ovirt-engine-sdk4-4.4.15-1.el8.x86_64
ovirt-ansible-collection-1.6.2-1.el8.noarch
ovirt-imageio-common-2.2.0-1.el8.x86_64
I didn't use the ovirt44-release package because we have to use our local repo. So we have cloned all necessary repo.
Every package installation was passed without any issues.
The /etc/hosts contains every FQDN/IP for the storage network (which is not exposed to the public), and the DNS server is reachable to respond to public FQDN.
Passwordless connection is installed and works perfectly with sotrage and production FQDN.
If you need more information, please tell me.
Thanks in advance for your help.
Regards
3 years, 6 months
Hosted Engine Deployment failure
by Raj P
Hi, I ma tryinf to deploy hosted engine and keeps on failing with following errors.
Am new to oVirt and unabe to figure out what the issues is?
any help would be very much appreciated.
[ INFO ] TASK [ovirt.ovirt.engine_setup : Install oVirt Engine package]
[ ERROR ] fatal: [localhost -> 192.168.222.214]: FAILED! => {"changed": false, "msg": "Failed to download metadata for repo 'ovirt-4.4-centos-gluster8': repomd.xml parser error: Parse error at line: 68 (xmlParseStartTag: invalid element name\n)", "rc": 1, "results": []}
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Sync on engine machine]
[ INFO ] changed: [localhost -> 192.168.222.214]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Set destination directory path]
[ INFO ] ok: [localhost -> localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Create destination directory]
[ INFO ] changed: [localhost -> localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : include_tasks]
[ INFO ] ok: [localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Find the local appliance image]
[ INFO ] ok: [localhost -> localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Set local_vm_disk_path]
[ INFO ] ok: [localhost -> localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Give the vm time to flush dirty buffers]
[ INFO ] ok: [localhost -> localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Copy engine logs]
[ INFO ] changed: [localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Notify the user about a failure]
[ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg": "There was a failure deploying the engine on the local engine VM. The system may not be provisioned according to the playbook results: please check the logs for the issue, fix accordingly or re-deploy from scratch.\n"}
3 years, 6 months
[ANN] oVirt 4.4.9 is now generally available
by Sandro Bonazzola
oVirt 4.4.9 is now generally available
The oVirt project is excited to announce the general availability of oVirt
4.4.9 , as of October 20th, 2021.
This release unleashes an altogether more powerful and flexible open source
virtualization solution that encompasses hundreds of individual changes and
a wide range of enhancements across the engine, storage, network, user
interface, and analytics, as compared to oVirt 4.3.
Important! Known issues
Please note qemu-kvm, shipped outside oVirt, is affected by BZ#1999141
<https://bugzilla.redhat.com/show_bug.cgi?id=1999141> - migration fails
with: "qemu-kvm: get_pci_config_device: Bad config data: i=0x9a read: 3
device: 2 cmask: ff wmask: 0 w1cmask:0"
It has been detected to wait for a fix before building oVirt Node update as
it includes qemu-kvm.
If you haven’t updated to qemu-kvm 6 yet please don’t update it.
Upgraded systems will NOT be able to migrate VMs anywhere else, not even
once the issue is fixed.
Important notes before you install / upgrade
Please note that oVirt 4.4 only supports clusters and data centers with
compatibility version 4.2 and above. If clusters or data centers are
running with an older compatibility version, you need to upgrade them to at
least 4.2 (4.3 is recommended).
Please note that in RHEL 8 / CentOS 8 several devices that worked on EL7
are no longer supported.
For example, the megaraid_sas driver is removed. If you use Enterprise
Linux 8 hosts you can try to provide the necessary drivers for the
deprecated hardware using the DUD method (See the users’ mailing list
thread on this at
https://lists.ovirt.org/archives/list/users@ovirt.org/thread/NDSVUZSESOXE...
)
Documentation
-
If you want to try oVirt as quickly as possible, follow the instructions
on the Download <https://ovirt.org/download/> page.
-
For complete installation, administration, and usage instructions, see
the oVirt Documentation <https://ovirt.org/documentation/>.
-
For upgrading from a previous version, see the oVirt Upgrade Guide
<https://ovirt.org/documentation/upgrade_guide/>.
-
For a general overview of oVirt, see About oVirt
<https://ovirt.org/community/about.html>.
What’s new in oVirt 4.4.9 Release?
This update is the ninth in a series of stabilization updates to the 4.4
series.
This release is available now on x86_64 architecture for:
-
Red Hat Enterprise Linux 8.4
-
CentOS Linux (or similar) 8.4
-
CentOS Stream 8
This release supports Hypervisor Hosts on x86_64 and ppc64le architectures
for:
-
Red Hat Enterprise Linux 8.4
-
CentOS Linux (or similar) 8.4
-
oVirt Node NG (based on CentOS Stream 8)
-
CentOS Stream 8
Some of the RFEs with high user impact are listed below:
-
Bug 1999563 <https://bugzilla.redhat.com/show_bug.cgi?id=1999563> -
[RFE] Add a unique number to each panel in Grafana
Some of the Bugs with high user impact are listed below:
-
Bug 2002178 <https://bugzilla.redhat.com/show_bug.cgi?id=2002178> -
Deploying ovirt HCI fail due to glusterfs-selinux package missing
-
Bug 1928704 <https://bugzilla.redhat.com/show_bug.cgi?id=1928704> - Host
deploy events does not have proper correlation-id
-
Bug 1980315 <https://bugzilla.redhat.com/show_bug.cgi?id=1980315> -
Configure Grafana in hosted-engine setup by default
-
Bug 2001465 <https://bugzilla.redhat.com/show_bug.cgi?id=2001465> -
Missing obsoletes for java bindings removal
-
Bug 2003441 <https://bugzilla.redhat.com/show_bug.cgi?id=2003441> - dnf
rollback is broken
-
Bug 1985973 <https://bugzilla.redhat.com/show_bug.cgi?id=1985973> -
Remove the abort snapshot behavior
-
Bug 2008850 <https://bugzilla.redhat.com/show_bug.cgi?id=2008850> -
Repositories: Replace the usage of community modules with command invocation
-
Bug 1964522 <https://bugzilla.redhat.com/show_bug.cgi?id=1964522> -
Allow both automatic detection of IP version available as well as manual
configuration
-
Bug 2010658 <https://bugzilla.redhat.com/show_bug.cgi?id=2010658> - AAA
LDAP extension is querying DNS with ANY request
-
Bug 2015121 <https://bugzilla.redhat.com/show_bug.cgi?id=2015121> - VM
with thin disk on block storage pause during backup
-
Bug 2002284 <https://bugzilla.redhat.com/show_bug.cgi?id=2002284> -
Replacing calling of specific gluster module with direct command execution
in cluster_upgrade role
-
Bug 1990268 <https://bugzilla.redhat.com/show_bug.cgi?id=1990268> - No
ability to change iso with virtio drivers when installing a virtual machine
with windows
-
Bug 1870563 <https://bugzilla.redhat.com/show_bug.cgi?id=1870563> -
Ovirt Node 4.4.1 says kickstart insufficient on disk formatting
-
Bug 1845271 <https://bugzilla.redhat.com/show_bug.cgi?id=1845271> -
Better documentation for host ssh requirements
-
Bug 1993575 <https://bugzilla.redhat.com/show_bug.cgi?id=1993575> -
Missing documentation: HOWTO recover from a corrupted hosted engine meta
data file
oVirt Appliance has been updated, including:
-
oVirt 4.4.9: https://www.ovirt.org/release/4.4.9/
-
CentOS Stream 8 latest updates
See the release notes [1] for installation instructions and a list of new
features and bugs fixed.
Notes:
-
oVirt Appliance is already available for CentOS Stream 8
-
oVirt Node NG will be available shortly, as it’s currently waiting for a
fix of BZ#1999141 <https://bugzilla.redhat.com/show_bug.cgi?id=1999141>
Additional resources:
-
Read more about the oVirt 4.4.9 release highlights:
https://www.ovirt.org/release/4.4.9/
-
Get more oVirt project updates on Twitter: https://twitter.com/ovirt
-
Check out the latest project news on the oVirt blog:
https://blogs.ovirt.org/
[1] https://www.ovirt.org/release/4.4.9/
--
Sandro Bonazzola
MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV
Red Hat EMEA <https://www.redhat.com/>
sbonazzo(a)redhat.com
<https://www.redhat.com/>
*Red Hat respects your work life balance. Therefore there is no need to
answer this email out of your office hours.*
3 years, 6 months
