Add static route to ovirt nodes
by Michael Thomas
I'm running ovirt 4.4.2 on CentOS 8.2. My ovirt nodes have two network
addresses, ovirtmgmt and a second used for normal routed traffic to the
cluster and WAN.
After the ovirt nodes were set up, I found that I needed to add an extra
static route to the cluster interface to allow the hosts to see my ceph
storage nodes (to make the rbd images visible to the VMs):
10.9.0.0/16 via 10.13.0.1
I can add this route using three different methods:
1) ip route add 10.9.0.0/16 via 10.13.0.1
2) nmcli conn modify enp65s0f0 ipv4.routes "10.9.0.0/16 10.13.0.1"
nmcli conn down enp65s0f0
nmcli conn up enp65s0f0
3) vi /etc/sysconfig/network-scripts/route-enp65s0f0
ifdown enp65s0f0
ifup enp65s0f0
However, when I reboot the host, the static route goes away. Methods 2
and 3 have always given me a persistent static route on other EL8 hosts,
but not on my ovirt nodes.
What is the correct way to add a persistent static route on an ovirt host?
--Mike
3 years, 5 months
CentOS 8 streams: Hosted engine deploy failed.
by Gilboa Davara
Hello all,
I'm trying to redeploy one of the HE/Gluster clusters after a botched
upgrade to Stream + simultaneous 2 x UPS failure that killed the previous
setup.
Post crash, the 3 nodes were cleaned up
(manually + ovirt-hosted-engine-cleanup) and upgraded to Streams + reboot.
I've made 3 attempts to deploy the HE, all failed with the same error.
As far as I can see, everything works up until the final deployment, there
the host fails to access the HE static address.
Note: All machines have a static IP, resolved via local hosts file.
Please advise (log attached).
- Gilboa
3 years, 5 months
oVirt 4.4.3 - some hosts in unassigned state - Get Host Capabilities failed: PKIX path building failed
by Roberto Nunin
Hi all
We have an (old) installation with two DC in two different locations.
Hosts where hosted engine is running are regularly reported UP (DC 1)
Host into the other DC (connected by WAN lines) are reported as Unassigned
(DC 2)
Connection between DC is working.
In events we can find lot of errors like:
VDSM itmilu0xx-mng.example.com command Get Host Capabilities failed: PKIX
path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
We are NOT using a thirdy party SSL certificate.
In engine.log these are recurring errors:
2021-11-16 10:28:49,370+01 ERROR
[org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) []
Unable to process messages PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
2021-11-16 10:28:49,372+01 ERROR
[org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring]
(EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-100)
[] Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException:
VDSNetworkException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
Thanks in advance for any suggestion
Roberto Nunin
3 years, 5 months
Import from Vcenter failed with qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
by roanne.philip@voxtelecom.co.za
Hi I have ovirt HE Ver 4.4.7 with hosts on 4.3.10
I am trying to migrate vm's from vmware to ovirt but it fails.
weirdly small vm imports successful and the larger ones fails
have anyone experienced this issue
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
[ 2140.296725] sd 2:0:0:0: [sda] FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s
[ 2140.298168] sd 2:0:0:0: [sda] Sense Key : Aborted Command [current]
[ 2140.299204] sd 2:0:0:0: [sda] Add. Sense: I/O process terminated
[ 2140.300183] sd 2:0:0:0: [sda] CDB: Read(10) 28 00 0a cc 9a 78 00 00 08 00
[ 2140.301291] blk_update_request: I/O error, dev sda, sector 181181048
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
[ 2140.411642] sd 2:0:0:0: [sda] FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s
[ 2140.413110] sd 2:0:0:0: [sda] Sense Key : Aborted Command [current]
[ 2140.414207] sd 2:0:0:0: [sda] Add. Sense: I/O process terminated
[ 2140.415198] sd 2:0:0:0: [sda] CDB: Read(10) 28 00 0a cc 9a 78 00 00 08 00
[ 2140.416326] blk_update_request: I/O error, dev sda, sector 181181048
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
[ 2140.547845] sd 2:0:0:0: [sda] FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s
[ 2140.549289] sd 2:0:0:0: [sda] Sense Key : Aborted Command [current]
[ 2140.550324] sd 2:0:0:0: [sda] Add. Sense: I/O process terminated
[ 2140.551296] sd 2:0:0:0: [sda] CDB: Read(10) 28 00 0a cc 9a 60 00 00 08 00
[ 2140.552397] blk_update_request: I/O error, dev sda, sector 181181024
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
[ 2140.671078] sd 2:0:0:0: [sda] FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s
[ 2140.672537] sd 2:0:0:0: [sda] Sense Key : Aborted Command [current]
[ 2140.673581] sd 2:0:0:0: [sda] Add. Sense: I/O process terminated
[ 2140.674575] sd 2:0:0:0: [sda] CDB: Read(10) 28 00 0a cc 9a 60 00 00 08 00
[ 2140.675681] blk_update_request: I/O error, dev sda, sector 181181024
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
3 years, 5 months
How to renew vmconsole-proxy* certificates
by capelle@labri.fr
Hi,
Since a few weeks, we are not able to connect to the vmconsole proxy:
$ ssh -t -p 2222 ovirt-vmconsole@ovirt
ovirt-vmconsole@ovirt: Permission denied (publickey).
Last successful login record: Mar 29 11:31:32
First login failure record: Mar 31 17:28:51
We tracked the issue to the following log in /var/log/ovirt-engine/engine.log:
ERROR [org.ovirt.engine.core.services.VMConsoleProxyServlet] (default task-11) [] Error validating ticket: : sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Indeed, certificate /etc/pki/ovirt-engine/certs/vmconsole-proxy-helper.cer and others did expire:
--
# grep 'Not After' /etc/pki/ovirt-engine/certs/vmconsole-proxy-*
/etc/pki/ovirt-engine/certs/vmconsole-proxy-helper.cer: Not After : Mar 31 13:18:44 2021 GMT
/etc/pki/ovirt-engine/certs/vmconsole-proxy-host.cer: Not After : Mar 31 13:18:44 2021 GMT
/etc/pki/ovirt-engine/certs/vmconsole-proxy-user.cer: Not After : Mar 31 13:18:44 2021 GMT
--
But we did not manage to found how to renew them. Any advice ?
--
Benoît
3 years, 5 months
Re: [PKI help] Renew vmconsole-proxy-helper.cer
by Richard Chan
running engine-setup should give you the
opportunity to update expired or expiring certificates.
>
> If you don't want to upgrade your system you can run it with the --offline
> option.
>
>
Thank you!
Richard Chan
3 years, 5 months
Cannot to update hosts, nothing provides libvirt-daemon-kvm >= 7.6.0-2 needed by vdsm-4.40.90.4-1.el8.x86_64
by Alexandr Mikhailov
Hi! Last time i has updated my host running ovirt 4.4 in september. Everything was normally.
After now in november i trying to update via UI but fave error that update failed. Checking over "dnf update" shows me that error in not resolved dependencies, and main is:
nothing provides libvirt-daemon-kvm >= 7.6.0-2 needed by vdsm-4.40.90.3-1.el8.x86_64
nothing provides libvirt-daemon-kvm >= 7.6.0-2 needed by vdsm-4.40.90.4-1.el8.x86_64
Hosts running Centos 8.4. I already try to use one with stream - same trouble. My opinion this is problem with libvirt-daemon-kvm package in centos repo. Maybe i mistakes. Please help.
3 years, 5 months
[PKI help] ovirt-vmconsole-proxy-keys HTTP Error 403
by Richard Chan
When checking SSH keys ovirt-vmconsole-proxy-keys is having the following
errors
ovirt-vmconsole[1583190]: 2021-11-18 17:21:42,503+0800
ovirt-vmconsole-list: ERROR main:265 Error: HTTP Error 403: Forbidden
ovirt-vmconsole-proxy-keys[1583186]: ERROR Key list execution failed rc=1
My Wildfly/vmconsole keystore may be bogus/expired:
2021-11-18 17:21:42,502+08 ERROR
[org.ovirt.engine.core.services.VMConsoleProxyServlet] (default task-269)
[] Error validating ticket: : sun.security.provider.ce
rtpath.SunCertPathBuilderException: unable to find valid certification path
to requested target
How can I troubleshoot this?
1. What keystore/truststore is Wildfly/ovirt-engine using?
2. Does vmconsole -> Wildfly present a client certificate - mutual TLS?
Where does it get this certificate/keypair from?
TIA
--
Richard Chan
3 years, 5 months
