Fresh install, dnf update dependency errors
by mediocre.slacker@protonmail.com
CentOS Stream 8 fresh install. The logs show other repos, but I've tried this just installing CentOS Stream 8, updating, then installing the ovirt repo only. Then, after installing ovirt-hosted-engine-setup, dependencies become broken and dnf update produces the following error:
[slacker@host1 ~]$ sudo dnf check-update
Last metadata expiration check: 0:15:33 ago on Tue 07 Dec 2021 06:27:14 PM EST.
epel-next-release.noarch 8-13.el8 epel
epel-release.noarch 8-13.el8 epel
epel-release.noarch 8-13.el8 ovirt-4.4-epel
libzstd.x86_64 1.4.5-6.el8 ovirt-4.4-openstack-victoria
ovirt-host.x86_64 4.4.9-2.el8 ovirt-4.4
ovirt-host-dependencies.x86_64 4.4.9-2.el8 ovirt-4.4
ovirt-release44.noarch 4.4.9.1-1.el8 ovirt-4.4
python3-pyparsing.noarch 2.4.6-1.el8 ovirt-4.4-openstack-victoria
python3-pyyaml.x86_64 5.1.2-3.el8 ovirt-4.4-copr:copr.fedorainfracloud.org:sbonazzo:EL8_collection
python3-six.noarch 1.15.0-2.el8 ovirt-4.4-openstack-victoria
[slacker@host1 ~]$ sudo dnf update
Last metadata expiration check: 0:15:56 ago on Tue 07 Dec 2021 06:27:14 PM EST.
Error:
Problem 1: package rsyslog-openssl-8.2102.0-5.el8.x86_64 requires rsyslog = 8.2102.0-5.el8, but none of the providers can be installed
- cannot install both rsyslog-8.2102.0-5.el8.x86_64 and rsyslog-8.2102.0-6.el8.x86_64
- package ovirt-host-dependencies-4.4.9-2.el8.x86_64 requires rsyslog-openssl, but none of the providers can be installed
- cannot install the best update candidate for package rsyslog-8.2102.0-6.el8.x86_64
- cannot install the best update candidate for package ovirt-host-dependencies-4.4.8-1.el8.x86_64
Problem 2: package rsyslog-mmnormalize-8.2102.0-6.el8.x86_64 requires rsyslog = 8.2102.0-6.el8, but none of the providers can be installed
- cannot install both rsyslog-8.2102.0-5.el8.x86_64 and rsyslog-8.2102.0-6.el8.x86_64
- cannot install both rsyslog-8.2102.0-6.el8.x86_64 and rsyslog-8.2102.0-5.el8.x86_64
- package rsyslog-openssl-8.2102.0-5.el8.x86_64 requires rsyslog = 8.2102.0-5.el8, but none of the providers can be installed
- package ovirt-host-dependencies-4.4.9-2.el8.x86_64 requires rsyslog-openssl, but none of the providers can be installed
- package ovirt-host-4.4.9-2.el8.x86_64 requires ovirt-host-dependencies = 4.4.9-2.el8, but none of the providers can be installed
- cannot install the best update candidate for package rsyslog-mmnormalize-8.2102.0-6.el8.x86_64
- cannot install the best update candidate for package ovirt-host-4.4.8-1.el8.x86_64
(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
3 years, 4 months
Checksum errors
by tony.stivers@gmail.com
[ INFO ] TASK [ovirt.ovirt.engine_setup : Update all packages]
[ ERROR ] fatal: [localhost -> 192.168.1.115]: FAILED! => {"changed": false, "msg": "Failed to download packages: Cannot download noarch/ovirt-engine-setup-plugin-imageio-4.4.9.5-1.el8.noarch.rpm: All mirrors were tried", "results": []}
$ sudo dnf download ovirt-engine-setup-plugin-imageio
Last metadata expiration check: 0:17:07 ago on Mon 06 Dec 2021 02:45:32 PM EST.
[MIRROR] ovirt-engine-setup-plugin-imageio-4.4.9.5-1.el8.noarch.rpm: Downloading successful, but checksum doesn't match. Calculated: 341e4863db246fd0f55fac65f7c464391ca92abacb69726a58c9ca99d8a81695(sha256) Expected: 001ace75d82bedc5c80a9203ea888cb385d1661d37b06e1f3b8a368c504bd0fe(sha256)
[MIRROR] ovirt-engine-setup-plugin-imageio-4.4.9.5-1.el8.noarch.rpm: Downloading successful, but checksum doesn't match. Calculated: 341e4863db246fd0f55fac65f7c464391ca92abacb69726a58c9ca99d8a81695(sha256) Expected: 001ace75d82bedc5c80a9203ea888cb385d1661d37b06e1f3b8a368c504bd0fe(sha256)
[MIRROR] ovirt-engine-setup-plugin-imageio-4.4.9.5-1.el8.noarch.rpm: Downloading successful, but checksum doesn't match. Calculated: 341e4863db246fd0f55fac65f7c464391ca92abacb69726a58c9ca99d8a81695(sha256) Expected: 001ace75d82bedc5c80a9203ea888cb385d1661d37b06e1f3b8a368c504bd0fe(sha256)
ovirt-engine-setup-plugin-imageio-4.4.9.5-1.el8.noarch.rpm 33 kB/s | 27 kB 00:00
3 years, 4 months
cannot add amd and intel cpu type hosts in the same cluster
by kishorekumar.goli@gmail.com
Hi Team,
We have hosts with intel and amd cpu types.
We would like to know if there is a possibility to use both cpu types in the same cluster in ovirt.
cpu types: AMD EPYC, Intel Haswell Family.
BRs
Kishore
3 years, 4 months
fetch engine's version
by Diggy Mc
Is there a command I can run on the engine to retrieve the engine's version number?
I ask because I am writing a bash script to automatically backup the engine database via the 'engine-backup' command and would like to include the engine's current version number with the backup.
A response is greatly appreciated.
3 years, 4 months
Veeam Backup ova importing
by bulentsenguler@gmail.com
Hi all,
I have wanted to try veeam backup solution for ovirt and I tried to import ova but I failed. the message was
"VDSM rhvh01.test.local command Get Host Statistics failed: Internal JSON-RPC error: {'reason': "'str' object has no attribute 'decode'"}" that I recived every thirty seconds. I stuck in this stuation.
3 years, 4 months
Re: remote-viewer VNC mode issue
by Patrick Hibbs
Hello,
Apperently, VNC with TLS enabled is the default. At the very
least I don't remember ever enabling it.
Attempting to disable it as a quick test, by altering
/etc/libvirt/qemu.conf and setting vlc_tls=0 fixes it. So I guess, I'll
need to disable it at the cluster level for a permanent fix. (And then
reinstall the hosts....)
After seeing the previous reply, I figured that the "direct
connection to the VM host" meant the VNC connection would be using TLS.
SPICE "Just Works(TM)" with TLS enabled, but for VNC it requires a TLS
cert to be installed on the ovirt host servers. And of course, the
default is the internal engine CA. With no easy way to override it.
(I.e. The new cert config won't survive a host reinstall / upgrade.)
Which defeats the entire purpose of having a third party CA for end-
user connections. I guess we'll have to disable this method of VM
console access for now, and rely on noVNC until the cert issue gets
fixed.
I'm not sure that the user mailing list is the place for
feature requests, but just in case and to avoid criticizing without
offering a solution, I would love some mechanism in the web interface
to upload a new third party CA cert for the hosts to use with end-user
requests. (VNC, image io proxy, cockpit, etc.) The internal engine CA
could even be used to secure those cert updates. (As the engine itself
could prompt the hosts to install the new cert via VDSM or something.
Even better that method wouldn't require a host reinstall to finish.)
That would simplify managment and renewal of the certs. As the
operation could be delegated / restricted to users with a specific
permission, (like with the VM permissions), and prevent us from needing
to manually configure things in a text file. (The engine host could use
this also.)
Thanks for the suggestions everyone.
-Patrick Hibbs
On Wed, 2021-12-15 at 00:05 +0000, Staniforth, Paul wrote:
> Hi Patrick,
>
> The ovirt-vmconsole is a for emulated serial connections (via a ssh
> tunnel).
>
> The VNC ports are the same range as spice5900 - 6923.
>
> Do you have encryption enabled for VNC?
>
>
> Regards,
> Paul S.
> From: Patrick Hibbs <hibbsncc1701(a)gmail.com>
> Sent: 14 December 2021 22:53
> To: Staniforth, Paul <P.Staniforth(a)leedsbeckett.ac.uk>
> Cc: oVirt Users Mailing List <users(a)ovirt.org>
> Subject: Re: [ovirt-users] Re: remote-viewer VNC mode issue
>
> Caution External Mail: Do not click any links or open any attachments
> unless you trust the sender and know that the content is safe.
> Hello,
>
> Well a quick check of the hosts say that they have ovirt-vmconsole
> enabled on their firewall, but there doesn't seem to be any logs for
> the vmconsoles on them. Running wireshark on one of the end-user
> machines shows that the host does send packets back and forth but
> then the end-user machine TCP resets the connection. (I assume due to
> the credential failure.) So it doesn't seem to be a firewall issue.
>
> Is there anything I can do to get some more logs from the vmconsoles
> on the Host?
>
> Thanks.
>
> -Patrick Hibbs
>
> On Tue, 2021-12-14 at 12:56 +0000, Staniforth, Paul wrote:
> > Hello Patrick,
> > with noVNC the connection is made via the
> > websocket-poxy service (probably on the engine server).
> > The remote-viewer connects directly from the client machine to the
> > virtual host the VM is running on. Maybe check the network/firewall
> > between the client and the host, also the OTP expires after 120
> > seconds.
> >
> >
> > Regards,
> >
> > Paul S.
> > From: Strahil Nikolov via Users <users(a)ovirt.org>
> > Sent: 14 December 2021 12:12
> > To: hibbsncc1701(a)gmail.com <hibbsncc1701(a)gmail.com>; oVirt Users
> > Mailing List <users(a)ovirt.org>
> > Subject: [ovirt-users] Re: remote-viewer VNC mode issue
> >
> > Caution External Mail: Do not click any links or open any
> > attachments unless you trust the sender and know that the content
> > is safe.
> > The most common problem is the CA of oVirt not trusted in the web
> > browser of the client.
> >
> >
> > Best Regards,
> > Strahil Nikolov
> >
> > > On Sun, Dec 12, 2021 at 0:00, Patrick Hibbs
> > > <hibbsncc1701(a)gmail.com> wrote:
> > > Hello,
> > >
> > > As oVirt unfortuately now requires VNC for the VM consoles,
> > > I've been attempting to get VNC mode working on my end user
> > > clients.
> > >
> > > The noVNC browser client works just fine, but for some reason
> > > the default download to remote-viewer fails on the same hosts.
> > >
> > > All the end-user gets is a quick flash of the remote-viewer
> > > window on
> > > their screen.
> > >
> > > Running remote-viewer in debug mode I get this:
> > >
> > > ---log snip---
> > >
> > > $ remote-viewer -v --debug Downloads/console.vv
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.906: Opening
> > > display
> > > to Downloads/console.vv
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.906: Guest
> > > (null) has
> > > a vnc display
> > > Guest (null) has a vnc display
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.952: Spice
> > > foreign
> > > menu updated
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.952: After open
> > > connection callback fd=-1
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.952: Opening
> > > connection to display at Downloads/console.vv
> > > Opening connection to display at Downloads/console.vv
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.953: fullscreen
> > > display 0: 0
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.953: notebook
> > > show
> > > status 0x560a419d2280
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.032: notebook
> > > show
> > > status 0x560a419d2280
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.032: Insert
> > > display 0
> > > 0x560a423fa1e0
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.032: notebook
> > > show
> > > status 0x560a419d2280
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.052: Allocated
> > > 1024x740
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.052: Child
> > > allocate
> > > 1024x640
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.053: Got VNC
> > > credential request for 1 credential(s)
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.067: Not
> > > removing
> > > main window 0 0x560a4195d910
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.067:
> > > Disconnected
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.067: close
> > > vnc=0x560a419fc220
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.068: notebook
> > > show
> > > status 0x560a419d2280
> > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.068: Guest
> > > (null)
> > > display has disconnected, shutting down
> > > Guest (null) display has disconnected, shutting down
> > >
> > > ---log snip---
> > >
> > > It seems to be failing a credential request, but I'm not sure
> > > why. The
> > > engine logs only show the VM console ticket being created, but
> > > does not
> > > show any connection attempts unless noVNC is used.
> > >
> > > ---log snip---
> > >
> > > 2021-12-11 16:48:23,402-05 INFO
> > > [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-16)
> > > [68b90cfe] Running command: SetVmTicketCommand internal: false.
> > > Entities affected : ID: bb05ab12-91e5-4ab6-92b1-b911ed78f64f
> > > Type:
> > > VMAction group CONNECT_TO_VM with role type USER
> > > 2021-12-11 16:48:23,414-05 INFO
> > > [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand]
> > > (default task-16) [68b90cfe] START,
> > > SetVmTicketVDSCommand(HostName = --
> > > REDACTED--, SetVmTicketVDSCommandParameters:{hostId='1fdd841b-
> > > 477f-
> > > 4d13-9935-7908924dd5a1', vmId='bb05ab12-91e5-4ab6-92b1-
> > > b911ed78f64f',
> > > protocol='VNC', ticket='ocziPsEOF4km', validTime='120',
> > > userName='--
> > > REDACTED--@--REDACTED--', userId='e83ab2b3-c464-49a4-a0ab-
> > > 4e62e8131304', disconnectAction='LOCK_SCREEN'}), log id: f6dccdd
> > > 2021-12-11 16:48:23,435-05 INFO
> > > [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand]
> > > (default task-16) [68b90cfe] FINISH, SetVmTicketVDSCommand,
> > > return: ,
> > > log id: f6dccdd
> > > 2021-12-11 16:48:23,461-05 INFO
> > > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDire
> > > ctor]
> > > (default task-16) [68b90cfe] EVENT_ID: VM_SET_TICKET(164), User --
> > > REDACTED--@--REDACTED--@--REDACTED-- initiated console session
> > > for VM
> > > Test
> > > #
> > >
> > > ---log snip---
> > >
> > > What else can I do to troubleshoot this?
> > >
> > > - Patrick Hibbs
> > >
> > > _______________________________________________
> > > Users mailing list -- users(a)ovirt.org
> > > To unsubscribe send an email to users-leave(a)ovirt.org
> > > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > > oVirt Code of Conduct:
> > > https://www.ovirt.org/community/about/community-guidelines/
> > > List Archives:
> > >
> >
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/Q5ENXJJU5V7...
> > To view the terms under which this email is distributed, please go
> > to:-
> > https://leedsbeckett.ac.uk/disclaimer/email
>
>
> To view the terms under which this email is distributed, please go
> to:-
> https://leedsbeckett.ac.uk/disclaimer/email
3 years, 4 months
Is vulnerable log4j package necessary in my ovirt repo?
by Henry lol
Hello,
I found that the vulnerable log4j-2.13.0-1 package is in oVirt
repository, but not installed even after the oVirt setup.
So, I want to remove that package from my private oVirt repository if
it's not necessary.
but I'm not sure what will happen by doing so. Is there any side effects?
3 years, 4 months
