cannot add amd and intel cpu type hosts in the same cluster
by kishorekumar.goli@gmail.com
Hi Team,
We have hosts with intel and amd cpu types.
We would like to know if there is a possibility to use both cpu types in the same cluster in ovirt.
cpu types: AMD EPYC, Intel Haswell Family.
BRs
Kishore
2 years, 11 months
fetch engine's version
by Diggy Mc
Is there a command I can run on the engine to retrieve the engine's version number?
I ask because I am writing a bash script to automatically backup the engine database via the 'engine-backup' command and would like to include the engine's current version number with the backup.
A response is greatly appreciated.
2 years, 11 months
Veeam Backup ova importing
by bulentsenguler@gmail.com
Hi all,
I have wanted to try veeam backup solution for ovirt and I tried to import ova but I failed. the message was
"VDSM rhvh01.test.local command Get Host Statistics failed: Internal JSON-RPC error: {'reason': "'str' object has no attribute 'decode'"}" that I recived every thirty seconds. I stuck in this stuation.
2 years, 11 months
Re: remote-viewer VNC mode issue
by Patrick Hibbs
Hello,
Apperently, VNC with TLS enabled is the default. At the very
least I don't remember ever enabling it.
Attempting to disable it as a quick test, by altering
/etc/libvirt/qemu.conf and setting vlc_tls=0 fixes it. So I guess, I'll
need to disable it at the cluster level for a permanent fix. (And then
reinstall the hosts....)
After seeing the previous reply, I figured that the "direct
connection to the VM host" meant the VNC connection would be using TLS.
SPICE "Just Works(TM)" with TLS enabled, but for VNC it requires a TLS
cert to be installed on the ovirt host servers. And of course, the
default is the internal engine CA. With no easy way to override it.
(I.e. The new cert config won't survive a host reinstall / upgrade.)
Which defeats the entire purpose of having a third party CA for end-
user connections. I guess we'll have to disable this method of VM
console access for now, and rely on noVNC until the cert issue gets
fixed.
I'm not sure that the user mailing list is the place for
feature requests, but just in case and to avoid criticizing without
offering a solution, I would love some mechanism in the web interface
to upload a new third party CA cert for the hosts to use with end-user
requests. (VNC, image io proxy, cockpit, etc.) The internal engine CA
could even be used to secure those cert updates. (As the engine itself
could prompt the hosts to install the new cert via VDSM or something.
Even better that method wouldn't require a host reinstall to finish.)
That would simplify managment and renewal of the certs. As the
operation could be delegated / restricted to users with a specific
permission, (like with the VM permissions), and prevent us from needing
to manually configure things in a text file. (The engine host could use
this also.)
Thanks for the suggestions everyone.
-Patrick Hibbs
On Wed, 2021-12-15 at 00:05 +0000, Staniforth, Paul wrote:
> Hi Patrick,
>
> The ovirt-vmconsole is a for emulated serial connections (via a ssh
> tunnel).
>
> The VNC ports are the same range as spice5900 - 6923.
>
> Do you have encryption enabled for VNC?
>
>
> Regards,
> Paul S.
> From: Patrick Hibbs <hibbsncc1701(a)gmail.com>
> Sent: 14 December 2021 22:53
> To: Staniforth, Paul <P.Staniforth(a)leedsbeckett.ac.uk>
> Cc: oVirt Users Mailing List <users(a)ovirt.org>
> Subject: Re: [ovirt-users] Re: remote-viewer VNC mode issue
>
> Caution External Mail: Do not click any links or open any attachments
> unless you trust the sender and know that the content is safe.
> Hello,
>
> Well a quick check of the hosts say that they have ovirt-vmconsole
> enabled on their firewall, but there doesn't seem to be any logs for
> the vmconsoles on them. Running wireshark on one of the end-user
> machines shows that the host does send packets back and forth but
> then the end-user machine TCP resets the connection. (I assume due to
> the credential failure.) So it doesn't seem to be a firewall issue.
>
> Is there anything I can do to get some more logs from the vmconsoles
> on the Host?
>
> Thanks.
>
> -Patrick Hibbs
>
> On Tue, 2021-12-14 at 12:56 +0000, Staniforth, Paul wrote:
> > Hello Patrick,
> > with noVNC the connection is made via the
> > websocket-poxy service (probably on the engine server).
> > The remote-viewer connects directly from the client machine to the
> > virtual host the VM is running on. Maybe check the network/firewall
> > between the client and the host, also the OTP expires after 120
> > seconds.
> >
> >
> > Regards,
> >
> > Paul S.
> > From: Strahil Nikolov via Users <users(a)ovirt.org>
> > Sent: 14 December 2021 12:12
> > To: hibbsncc1701(a)gmail.com <hibbsncc1701(a)gmail.com>; oVirt Users
> > Mailing List <users(a)ovirt.org>
> > Subject: [ovirt-users] Re: remote-viewer VNC mode issue
> >
> > Caution External Mail: Do not click any links or open any
> > attachments unless you trust the sender and know that the content
> > is safe.
> > The most common problem is the CA of oVirt not trusted in the web
> > browser of the client.
> >
> >
> > Best Regards,
> > Strahil Nikolov
> >
> > > On Sun, Dec 12, 2021 at 0:00, Patrick Hibbs
> > > <hibbsncc1701(a)gmail.com> wrote:
> > > Hello,
> > >
> > > As oVirt unfortuately now requires VNC for the VM consoles,
> > > I've been attempting to get VNC mode working on my end user
> > > clients.
> > >
> > > The noVNC browser client works just fine, but for some reason
> > > the default download to remote-viewer fails on the same hosts.
> > >
> > > All the end-user gets is a quick flash of the remote-viewer
> > > window on
> > > their screen.
> > >
> > > Running remote-viewer in debug mode I get this:
> > >
> > > ---log snip---
> > >
> > > $ remote-viewer -v --debug Downloads/console.vv
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.906: Opening
> > > display
> > > to Downloads/console.vv
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.906: Guest
> > > (null) has
> > > a vnc display
> > > Guest (null) has a vnc display
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.952: Spice
> > > foreign
> > > menu updated
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.952: After open
> > > connection callback fd=-1
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.952: Opening
> > > connection to display at Downloads/console.vv
> > > Opening connection to display at Downloads/console.vv
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.953: fullscreen
> > > display 0: 0
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.953: notebook
> > > show
> > > status 0x560a419d2280
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.032: notebook
> > > show
> > > status 0x560a419d2280
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.032: Insert
> > > display 0
> > > 0x560a423fa1e0
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.032: notebook
> > > show
> > > status 0x560a419d2280
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.052: Allocated
> > > 1024x740
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.052: Child
> > > allocate
> > > 1024x640
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.053: Got VNC
> > > credential request for 1 credential(s)
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.067: Not
> > > removing
> > > main window 0 0x560a4195d910
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.067:
> > > Disconnected
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.067: close
> > > vnc=0x560a419fc220
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.068: notebook
> > > show
> > > status 0x560a419d2280
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.068: Guest
> > > (null)
> > > display has disconnected, shutting down
> > > Guest (null) display has disconnected, shutting down
> > >
> > > ---log snip---
> > >
> > > It seems to be failing a credential request, but I'm not sure
> > > why. The
> > > engine logs only show the VM console ticket being created, but
> > > does not
> > > show any connection attempts unless noVNC is used.
> > >
> > > ---log snip---
> > >
> > > 2021-12-11 16:48:23,402-05 INFO
> > > [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-16)
> > > [68b90cfe] Running command: SetVmTicketCommand internal: false.
> > > Entities affected : ID: bb05ab12-91e5-4ab6-92b1-b911ed78f64f
> > > Type:
> > > VMAction group CONNECT_TO_VM with role type USER
> > > 2021-12-11 16:48:23,414-05 INFO
> > > [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand]
> > > (default task-16) [68b90cfe] START,
> > > SetVmTicketVDSCommand(HostName = --
> > > REDACTED--, SetVmTicketVDSCommandParameters:{hostId='1fdd841b-
> > > 477f-
> > > 4d13-9935-7908924dd5a1', vmId='bb05ab12-91e5-4ab6-92b1-
> > > b911ed78f64f',
> > > protocol='VNC', ticket='ocziPsEOF4km', validTime='120',
> > > userName='--
> > > REDACTED--@--REDACTED--', userId='e83ab2b3-c464-49a4-a0ab-
> > > 4e62e8131304', disconnectAction='LOCK_SCREEN'}), log id: f6dccdd
> > > 2021-12-11 16:48:23,435-05 INFO
> > > [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand]
> > > (default task-16) [68b90cfe] FINISH, SetVmTicketVDSCommand,
> > > return: ,
> > > log id: f6dccdd
> > > 2021-12-11 16:48:23,461-05 INFO
> > > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDire
> > > ctor]
> > > (default task-16) [68b90cfe] EVENT_ID: VM_SET_TICKET(164), User --
> > > REDACTED--@--REDACTED--@--REDACTED-- initiated console session
> > > for VM
> > > Test
> > > #
> > >
> > > ---log snip---
> > >
> > > What else can I do to troubleshoot this?
> > >
> > > - Patrick Hibbs
> > >
> > > _______________________________________________
> > > Users mailing list -- users(a)ovirt.org
> > > To unsubscribe send an email to users-leave(a)ovirt.org
> > > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > > oVirt Code of Conduct:
> > > https://www.ovirt.org/community/about/community-guidelines/
> > > List Archives:
> > >
> >
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/Q5ENXJJU5V7...
> > To view the terms under which this email is distributed, please go
> > to:-
> > https://leedsbeckett.ac.uk/disclaimer/email
>
>
> To view the terms under which this email is distributed, please go
> to:-
> https://leedsbeckett.ac.uk/disclaimer/email
2 years, 11 months
Is vulnerable log4j package necessary in my ovirt repo?
by Henry lol
Hello,
I found that the vulnerable log4j-2.13.0-1 package is in oVirt
repository, but not installed even after the oVirt setup.
So, I want to remove that package from my private oVirt repository if
it's not necessary.
but I'm not sure what will happen by doing so. Is there any side effects?
2 years, 11 months
After update nodectl reports host as degraded
by Giorgio Biacchi
Hi all,
I've got this minor issue a couple of times so far after updating Ovirt
node hosts from the UI.
The update is done corrctly but after the final reboot I have to login
via ssh and manually fix the issue with these commands:
[root@host01 ~]# semodule -i
/usr/share/selinux/packages/ovirt-vmconsole/ovirt_vmconsole.pp
[root@host01 ~]# vdsm-tool configure
[root@host01 ~]# systemctl restart vdsmd
I have the same behavior on all my hosts running Ovirt Node. There's a
way to fix it properly?
Thanks
--
gb
PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
2 years, 11 months
snapshot create fails - files not owned by vdsm:kvm
by tpike@psc.edu
I've got an issue with one of my oVirt 4.3.10.4 clusters. OS is Centos 7.7, storage is glusterfs. Whenever I try to create a snapshot of any of my VMs, I get an (eventual) error:
VDSM track04.yard.psc.edu command HSMGetAllTasksStatusesVDS failed: Could not acquire resource. Probably resource factory threw an exception.: ()
After a bit of investigation, I believe that the root cause is that the snapshot file created is not owned by vdsm:kvm. Looking at the directories in glusterfs, I see that some of the disk images are owned by root:root, some are owned by qemu:qemu. In fact, if we watch the directory for the VM, we can actually see that the files are owned by vdsm:kvm when they are created, then get changed to qemu:qemu, then eventually get changed to being owned by root:root. This is entirely repeatable. Needless to say, oVirt can't read the disk images when they are owned by root, so that explains why the snapshot is failing. The question, then, is why the ownership is getting changed out from under the creation process. Checking the gluster volume info shows:
Volume Name: engine
Type: Replicate
Volume ID: 00951055-74b5-463a-84c0-59fa03be7478
Status: Started
Snapshot Count: 0
Number of Bricks: 1 x 3 = 3
Transport-type: tcp
Bricks:
Brick1: 10.200.0.131:/gluster_bricks/engine/engine
Brick2: 10.200.0.134:/gluster_bricks/engine/engine
Brick3: 10.200.0.135:/gluster_bricks/engine/engine
Options Reconfigured:
performance.client-io-threads: off
nfs.disable: on
transport.address-family: inet
performance.quick-read: off
performance.read-ahead: off
performance.io-cache: off
performance.low-prio-threads: 32
network.remote-dio: off
cluster.eager-lock: enable
cluster.quorum-type: auto
cluster.server-quorum-type: server
cluster.data-self-heal-algorithm: full
cluster.locking-scheme: granular
cluster.shd-max-threads: 8
cluster.shd-wait-qlength: 10000
features.shard: on
user.cifs: off
storage.owner-uid: 36
storage.owner-gid: 36
network.ping-timeout: 30
performance.strict-o-direct: on
cluster.granular-entry-heal: enable
I see that the owner UID and GID are correct (vdsm:kvm). Note that snapshots worked at one point in the past - I see that there are snapshot images from a year ago. Any ideas where to look to correct this? Thanks!
Tod Pike
2 years, 11 months
