[ANN] oVirt Node 4.5.0.1 Async update
by Sandro Bonazzola
oVirt Node 4.5.0.1 Async update
On April 26th 2022 the oVirt project released an async update of oVirt Node
(4.5.0.1) delivering important impact security fixes, several bug fixes and
enhancements.
The update is already available on resources.ovirt.org and should land on
oVirt mirrors within 24 hours.
Security fixes included in oVirt Node NG 4.5.0 Async1 compared to latest
oVirt 4.5.0 GA:
-
CVE-2022-1015 <https://bugzilla.redhat.com/show_bug.cgi?id=2065323> -
important - kernel: arbitrary code execution in
linux/net/netfilter/nf_tables_api.c
-
CVE-2022-0435 <https://bugzilla.redhat.com/show_bug.cgi?id=2048738> -
important - kernel: remote stack overflow via kernel panic on systems using
TIPC may lead to DoS
-
CVE-2022-25636 <https://bugzilla.redhat.com/show_bug.cgi?id=2056830> -
important - kernel: heap out of bounds write in nf_dup_netdev.c
-
CVE-2021-4028 <https://bugzilla.redhat.com/show_bug.cgi?id=2027201> -
important - kernel: use-after-free in RDMA listen()
-
CVE-2022-1016 <https://bugzilla.redhat.com/show_bug.cgi?id=2066614> -
moderate - kernel: uninitialized registers on stack in nft_do_chain can
cause kernel pointer leakage to UM
oVirt Node has been updated, including:
-
Ansible Core 2.12.3:
https://github.com/ansible/ansible/blob/stable-2.12/changelogs/CHANGELOG-...
-
CentOS Stream 8 latest updates
-
Full list of changes compared to oVirt Node 4.5.0 GA:
4.5.0 GA
4.5.0 Async #1
ansible-core 2.12.2-2.el8
2.12.3-1.el8
binutils 2.30-113.el8
2.30-114.el8
fribidi 1.0.4-8.el8
1.0.4-9.el8
ipa-client 4.9.8-2.module_el8.6.0+1054+cdb51b28
4.9.8-6.module_el8.6.0+1104+ba556574
ipa-client-common 4.9.8-2.module_el8.6.0+1054+cdb51b28
4.9.8-6.module_el8.6.0+1104+ba556574
ipa-common 4.9.8-2.module_el8.6.0+1054+cdb51b28
4.9.8-6.module_el8.6.0+1104+ba556574
ipa-selinux 4.9.8-2.module_el8.6.0+1054+cdb51b28
4.9.8-6.module_el8.6.0+1104+ba556574
ipxe-roms-qemu 20181214-8.git133f4c47.el8
20181214-9.git133f4c47.el8
kernel 4.18.0-373.el8
4.18.0-383.el8
kernel-core 4.18.0-373.el8
4.18.0-383.el8
kernel-modules 4.18.0-373.el8
4.18.0-383.el8
kernel-tools 4.18.0-373.el8
4.18.0-383.el8
kernel-tools-libs 4.18.0-373.el8
4.18.0-383.el8
krb5-libs 1.18.2-14.el8
1.18.2-17.el8
krb5-workstation 1.18.2-14.el8
1.18.2-17.el8
libestr 0.1.10-1.el8
0.1.10-3.el8
libkadm5 1.18.2-14.el8
1.18.2-17.el8
nmstate 1.2.1-1.el8
1.3.0-0.alpha.20220407.el8
nmstate-plugin-ovsdb 1.2.1-1.el8
1.3.0-0.alpha.20220407.el8
openvswitch2.15 2.15.0-81.el8s
2.15.0-88.el8s
openvswitch2.15-ipsec 2.15.0-81.el8s
2.15.0-88.el8s
ovirt-node-ng-image-update-placeholder 4.5.0-4.el8
4.5.0.1-1.el8
ovirt-release-host-node 4.5.0-4.el8
4.5.0.1-1.el8
python3-ipaclient 4.9.8-2.module_el8.6.0+1054+cdb51b28
4.9.8-6.module_el8.6.0+1104+ba556574
python3-ipalib 4.9.8-2.module_el8.6.0+1054+cdb51b28
4.9.8-6.module_el8.6.0+1104+ba556574
python3-libnmstate 1.2.1-1.el8
1.3.0-0.alpha.20220407.el8
python3-openvswitch2.15 2.15.0-81.el8s
2.15.0-88.el8s
python3-perf 4.18.0-373.el8
4.18.0-383.el8
python3-sanlock 3.8.4-1.el8
3.8.4-3.el8
rsyslog 8.2102.0-7.el8
8.2102.0-9.el8
rsyslog-elasticsearch 8.2102.0-7.el8
8.2102.0-9.el8
rsyslog-mmjsonparse 8.2102.0-7.el8
8.2102.0-9.el8
rsyslog-mmnormalize 8.2102.0-7.el8
8.2102.0-9.el8
rsyslog-openssl 8.2102.0-7.el8
8.2102.0-9.el8
sanlock 3.8.4-1.el8
3.8.4-3.el8
sanlock-lib 3.8.4-1.el8
3.8.4-3.el8
virt-install 3.2.0-3.el8
3.2.0-4.el8
virt-manager-common 3.2.0-3.el8
3.2.0-4.el8
virt-what 1.18-13.el8
1.18-14.el8
Additional resources:
-
Read more about the oVirt 4.5.0 release highlights:
https://www.ovirt.org/release/4.5.0/
-
Get more oVirt project updates on Twitter: https://twitter.com/ovirt
-
Check out the latest project news on the oVirt blog:
https://blogs.ovirt.org/
--
Sandro Bonazzola
MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV
Red Hat EMEA <https://www.redhat.com/>
sbonazzo(a)redhat.com
<https://www.redhat.com/>
*Red Hat respects your work life balance. Therefore there is no need to
answer this email out of your office hours.*
2 years, 11 months
AMD Ryzen 5600G unsupported?
by Gilboa Davara
Hello all,
I'm building adding a Ryzen 5 5600G workstation to an existing AMD
Threadripper cluster (The existing machine use the 3960X CPU) and the
cluster rejects the new host as it fails to recognize the host CPU as
either "Secure AMD Epyc" or "AMD Epyc".
All hosts are using a fully updated CentOS 8 Streams.
I assume the 5XXX family has yet to be supported by oVirt.
Can I somehow force oVirt / HE to recognize the new host?
- Gilboa
2 years, 12 months
Error 500 on Hosted Engine admin portal!!!
by Patrick Lomakin
Hi everyone! Did the oVirt team check the 4.5 update before release? I've update my production latest 4.4.10 version and get Error 500 on admin page. Clean installation on another bare-metal node using Ovirt Node 4.5 and hosted-engine console setup (installing through the web installer several versions of Ovirt traditionally makes the connection break and disconnects access to the host by means of the IP address) get an error 500 after healthcheck. What I will do in this situation?
Httpd log:
[Sat Apr 23 15:54:59.826076 2022] [core:notice] [pid 1526:tid 140201844767040] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Sat Apr 23 15:55:05.685872 2022] [proxy:error] [pid 2125:tid 140201102243584] (111)Connection refused: AH00957: AJP: attempt to connect to 127.0.0.1:8702 (127.0.0.1) failed
[Sat Apr 23 15:55:05.685924 2022] [proxy_ajp:error] [pid 2125:tid 140201102243584] [client 192.168.0.14:43194] AH00896: failed to make connection to backend: 127.0.0.1
[Sat Apr 23 15:55:15.831754 2022] [proxy:error] [pid 2125:tid 140201110636288] (111)Connection refused: AH00957: AJP: attempt to connect to 127.0.0.1:8702 (127.0.0.1) failed
[Sat Apr 23 15:55:15.831811 2022] [proxy_ajp:error] [pid 2125:tid 140201110636288] [client 192.168.0.14:43196] AH00896: failed to make connection to backend: 127.0.0.1
[Sat Apr 23 16:21:57.720678 2022] [proxy:error] [pid 7761:tid 140200894203648] (111)Connection refused: AH00957: AJP: attempt to connect to 127.0.0.1:8702 (127.0.0.1) failed
[Sat Apr 23 16:21:57.720745 2022] [proxy_ajp:error] [pid 7761:tid 140200894203648] [client 192.168.0.14:43516] AH00896: failed to make connection to backend: 127.0.0.1
[Sat Apr 23 16:30:57.738971 2022] [proxy:error] [pid 7761:tid 140200877418240] (111)Connection refused: AH00957: AJP: attempt to connect to 127.0.0.1:8702 (127.0.0.1) failed
[Sat Apr 23 16:30:57.739043 2022] [proxy_ajp:error] [pid 7761:tid 140200877418240] [client 192.168.0.14:43640] AH00896: failed to make connection to backend: 127.0.0.1
[Sat Apr 23 16:32:27.838795 2022] [proxy:error] [pid 7761:tid 140200978130688] (111)Connection refused: AH00957: AJP: attempt to connect to 127.0.0.1:8702 (127.0.0.1) failed
[Sat Apr 23 16:32:27.838881 2022] [proxy_ajp:error] [pid 7761:tid 140200978130688] [client 192.168.0.14:43658] AH00896: failed to make connection to backend: 127.0.0.1
[Sat Apr 23 16:37:49.357585 2022] [core:notice] [pid 1497:tid 139855753558336] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Sat Apr 23 16:37:49.361573 2022] [suexec:notice] [pid 1497:tid 139855753558336] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sat Apr 23 16:37:49.388188 2022] [so:warn] [pid 1497:tid 139855753558336] AH01574: module proxy_module is already loaded, skipping
[Sat Apr 23 16:37:49.391763 2022] [lbmethod_heartbeat:notice] [pid 1497:tid 139855753558336] AH02282: No slotmem from mod_heartmonitor
[Sat Apr 23 16:37:49.399281 2022] [mpm_event:notice] [pid 1497:tid 139855753558336] AH00489: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1 mod_wsgi/4.6.4 Python/3.6 configured -- resuming normal operations
[Sat Apr 23 16:37:49.399320 2022] [core:notice] [pid 1497:tid 139855753558336] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Sat Apr 23 23:20:37.254289 2022] [proxy:error] [pid 6183:tid 139854109198080] (111)Connection refused: AH00957: AJP: attempt to connect to 127.0.0.1:8702 (127.0.0.1) failed
[Sat Apr 23 23:20:37.254354 2022] [proxy_ajp:error] [pid 6183:tid 139854109198080] [client 192.168.0.13:52982] AH00896: failed to make connection to backend: 127.0.0.1
server.log:
2022-04-23 16:38:20,655+03 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("deploy") failed - address: ([("deployment" => "engine.ear")]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.deployment.subunit.\"engine.ear\".\"bll.jar\".component.Backend.START" => "java.lang.IllegalStateException: WFLYEE0042: Failed to construct component instance
2022-04-23 16:38:20,752+03 ERROR [org.jboss.as] (Controller Boot Thread) WFLYSRV0026: WildFly Full 24.0.1.Final (WildFly Core 16.0.1.Final) started (with errors) in 22155ms - Started 1670 of 1890 services (6 services failed or missing dependencies, 393 services are lazy, passive or on-demand)
2022-04-23 23:20:50,622+03 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 47) MSC000001: Failed to start service jboss.deployment.subunit."engine.ear"."bll.jar".component.Backend.START: org.jboss.msc.service.StartException in service jboss.deployment.subunit."engine.ear"."bll.jar".component.Backend.START: java.lang.IllegalStateException: WFLYEE0042: Failed to construct component instance
2022-04-23 23:20:50,630+03 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("deploy") failed - address: ([("deployment" => "engine.ear")]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.deployment.subunit.\"engine.ear\".\"bll.jar\".component.Backend.START" => "java.lang.IllegalStateException: WFLYEE0042: Failed to construct component instance
2022-04-23 23:20:50,706+03 ERROR [org.jboss.as] (Controller Boot Thread) WFLYSRV0026: WildFly Full 24.0.1.Final (WildFly Core 16.0.1.Final) started (with errors) in 15267ms - Started 1670 of 1890 services (6 services failed or missing dependencies, 393 services are lazy, passive or on-demand)
2 years, 12 months
Cannot remove geo-replication session
by simon@justconnect.ie
On CentOS 8 - 4.4.5
I removed a geo-replication session from a volume from the command line but ovirt manager 'volume' is still showing the geo-replication session.
I cannot remove this session as it says it doesn't exist (which is correct).
Geo Rep session deletion failed: rc=30800 out=() err=['Geo-replication session between data01 and bdtovirthci01-strg::pgs_data01 does not exist_']
2 years, 12 months
Windows VMs randomly wont boot after compatibility change
by David Sekne
Hello,
I have noticed that some of our Windows VM's (2012 - 2022) randomly won't
boot when reboot is initiated from guest OS. As far as I can tell this
started happening after we raised the cluster compatibility from 4.4 to 4.5
(it's 4.6 now). To fix it a VM needs to be stopped and started.
We are running oVirt 4.4.10.
I cannot really see much from the logs if grepping for a specific VM that
had these issues.
Example VM ID is: daf33e97-a76f-4b82-b4f2-20fa4891c88b
Im attaching logs:
- Initial hypervisor where VM was running on (reboot is initiated at
4:06:38 AM): vdsm-1.log
- Second hypervisor where VM was started after it was stopped and started
back (this was done 7:45:43 AM): vdsm-2.log
- Engine log: engine.log
Has someone noticed any similar issues and can provide some feedback / help?
Regards,
David
2 years, 12 months
How to configure oVirt for OKD 4.10
by marcellus major
Recently,
I watched a video made by Gal Zadman detailing how to install OKD on oVirt
Is there any documentation detailing how Gal configured the oVirt
environment prior to installation
of OKD?
Thanks
2 years, 12 months
oVirt Node 4.5 - Installing gluster single node stops immediately
by Patrick Lomakin
Hi guys! I've tried to deploy ovirt single node with gluster via GUI but have a problem immediately. A log file that shows after installation was empty. But in journalctl I found that:
Apr 23 20:06:45 host1 cockpit-ws[22948]: ERROR! couldn't resolve module/action 'vdo'. This often indicates a misspelling, missing collection, or incorrect module path.
Apr 23 20:06:45 host1 cockpit-ws[22948]: The error appears to be in '/etc/ansible/roles/gluster.infra/roles/backend_setup/tasks/vdo_create.yml': line 53, column 3, but may
Apr 23 20:06:45 host1 cockpit-ws[22948]: be elsewhere in the file depending on the exact syntax problem.
Apr 23 20:06:45 host1 cockpit-ws[22948]: The offending line appears to be:
Apr 23 20:06:45 host1 cockpit-ws[22948]: - name: Create VDO with specified size
Apr 23 20:06:45 host1 cockpit-ws[22948]: ^ here
2 years, 12 months
Command line management and ansible error
by fs3000@pm.me
Hello guys,
So i read in the documentation that managing VMs is not done with ovirt-shell anymore, ansible should be used instead. Ansible can manage VMs via modules, connecting to the Manager VM. However, how can i start the Manager VM itself, if it stopped? (it just happened to me) Catch 22 problem :)
Anyway, i tried using the ovirt_vm_info modulei in ansible, but it resulted in an error, because the web interface is running with a self signed certificate, configured by the engine setup:
"
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ovirtsdk4.Error: Error while sending HTTP request: (60, 'SSL certificate problem: self signed certificate in certificate chain')
fatal: [192.168.0.200]: FAILED! => {"changed": false, "msg": "Error while sending HTTP request: (60, 'SSL certificate problem: self signed certificate in certificate chain')"}
"
I know this is a curl error. In the shell, the option -k or --insecure can be used. How to use that option in the ansible module?
Thanks in advance for any pointers on this!
2 years, 12 months
ovirt 4.5.0 - template Issue
by Winfried de Heiden
Hi all,
For some reason, I am not able to create or import tempates. Creating a
template from an existing VM (using the UI) will result in the ui.log:
2022-04-22 10:45:30,273+02 ERROR
[org.ovirt.engine.ui.frontend.server.gwt.OvirtRemoteLoggingService]
(default task-13) [] Permutation name: 1EBF700FBD4B5CDF0BCDABD7F03C4FA9
2022-04-22 10:45:30,273+02 ERROR
[org.ovirt.engine.ui.frontend.server.gwt.OvirtRemoteLoggingService]
(default task-13) [] Uncaught exception:
com.google.gwt.core.client.JavaScriptException: (TypeError) : Cannot
read properties of undefined (reading 'a')
Trying to import a template will result in ui.log:
2022-04-22 12:17:02,383+02 ERROR
[org.ovirt.engine.ui.frontend.server.gwt.OvirtRemoteLoggingService]
(default task-20) [] Permutation name: 45A889347BD114EA48B9B9409FF70ADC
2022-04-22 12:17:02,383+02 ERROR
[org.ovirt.engine.ui.frontend.server.gwt.OvirtRemoteLoggingService]
(default task-20) [] Uncaught exception:
com.google.gwt.core.client.JavaScriptException: (TypeError) : e is null
New bug? Anyone?
Winfried
2 years, 12 months
Re: engine.rar
by Sandro Bonazzola
Il giorno ven 22 apr 2022 alle ore 11:54 Nazeem Durgahee <
nazeem.durgahee(a)harelmallac.com> ha scritto:
> Hi Sandro,
>
>
>
> This what I am getting while trying to upgrade.
>
>
>
> Complete!
>
> [root@fscdrs-ovirt-001 ~]# dnf install -y centos-release-ovirt45
>
> Last metadata expiration check: 0:02:50 ago on Fri 22 Apr 2022 01:51:06 PM
> +04.
>
> No match for argument: centos-release-ovirt45
>
> Error: Unable to find a match: centos-release-ovirt45
>
I assume you are on Oracle Linux for hosts as well, not using oVirt Node,
right?
In such case, you need Oracle Linux 8.6 Beta as a first step.
I never used Oracle Linux but I guess it means enabling this beta repo
https://yum.oracle.com/repo/OracleLinux/OL8/beta/x86_64/
Perhaps @Simon Coter <simon.coter(a)oracle.com> , @Marcos Sungaila
<marcos.sungaila(a)oracle.com> or someone else from Oracle can assist you
with this.
Then, you'll need to follow https://ovirt.org/download/install_on_rhel.html
for adding CentOS Stream extras repositories before trying to install
centos-release-ovirt45.
Perhaps you or someone else using Oracle Linux can help updating
https://ovirt.org/download/install_on_rhel.html for the Oracle Linux case
once you succeed installing there?
>
>
> *From:* Sandro Bonazzola <sbonazzo(a)redhat.com>
> *Sent:* Thursday, April 21, 2022 12:17 PM
> *To:* Nazeem Durgahee <nazeem.durgahee(a)harelmallac.com>
> *Cc:* Veeroo Dowlut <Veeroo.Dowlut(a)harelmallac.com>; Govind Mooroogen <
> govind.mooroogen(a)harelmallac.com>; users(a)ovirt.org
> *Subject:* Re: [ovirt-users] engine.rar
>
>
>
>
>
>
>
> Il giorno gio 21 apr 2022 alle ore 10:13 Nazeem Durgahee <
> nazeem.durgahee(a)harelmallac.com> ha scritto:
>
>
> HI,
>
> We have ovirt 4.4.10 running on oracle linux 8 but we are having issues
> with netbackup whereby it is not removing the snapshot after VM backup.
>
> Kindly find attached engine log.
>
>
>
> Can you please upgrade to 4.5.0 and try to reproduce?
>
> More info:
>
> * https://blogs.ovirt.org/2022/04/ovirt-4-5-0-is-now-generally-available/
>
> * https://blogs.ovirt.org/2022/04/ovirt-4-4-end-of-life/
>
>
>
> --
>
> *Sandro Bonazzola*
>
> MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV
>
> Red Hat EMEA <https://www.redhat.com/>
>
> sbonazzo(a)redhat.com
>
> <https://www.redhat.com/>
>
> *Red Hat respects your work life balance. Therefore there is no need to
> answer this email out of your office hours.*
>
>
>
--
Sandro Bonazzola
MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV
Red Hat EMEA <https://www.redhat.com/>
sbonazzo(a)redhat.com
<https://www.redhat.com/>
*Red Hat respects your work life balance. Therefore there is no need to
answer this email out of your office hours.*
2 years, 12 months
