VM access to infiniband network
by Roberto Bertucci
Hi all,
i am facing a problem while trying to associate a Mellanox infiniband interface to a network and using it for VM traffic.
vdsm log shows the following message:
The bridge <bridge name> cannot use IP over InfiniBand interface <interface name> as port. Please use RoCE interface instead.
Did anybody face the same problem and solve it?
Actually ib interface is configured with an ip address and we are mounting NFS filesystems on cluster nodes through infiniband network.
2 years, 4 months
Problems with selinux after updating an ovirt node
by Giorgio Biacchi
Hi folks,
today I got a problem with vdsm and selinux after updating a host:
[root@host04 ~]# nodectl check
Status: WARN
Bootloader ... OK
Layer boot entries ... OK
Valid boot entries ... OK
Mount points ... OK
Separate /var ... OK
Discard is used ... OK
Basic storage ... OK
Initialized VG ... OK
Initialized Thin Pool ... OK
Initialized LVs ... OK
Thin storage ... OK
Checking available space in thinpool ... OK
Checking thinpool auto-extend ... OK
vdsmd ... BAD
So I run:
[root@host04 ~]# /usr/libexec/vdsm/vdsmd_init_common.sh --pre-start
vdsm: Running mkdirs
vdsm: Running configure_vdsm_logs
vdsm: Running run_init_hooks
vdsm: Running check_is_configured
lvm is configured for vdsm
Current revision of multipath.conf detected, preserving
Managed volume database is already configured
abrt is already configured for vdsm
libvirt is already configured for vdsm
sanlock is configured for vdsm
Modules sebool are not configured
Error:
One of the modules is not configured to work with VDSM.
To configure the module use the following:
'vdsm-tool configure [--module module-name]'.
If all modules are not configured try to use:
'vdsm-tool configure --force'
(The force flag will stop the module's service and start it
afterwards automatically to load the new configuration.)
vdsm: stopped during execute check_is_configured task (task returned
with error code 1).
But also runnining this gave me an error:
[root@host04 ~]# vdsm-tool configure --module sebool
Checking configuration status...
Running configure...
libsepol.context_from_record: type cloud_what_var_cache_t is not defined
libsepol.context_from_record: could not create context structure
libsepol.context_from_string: could not create context structure
libsepol.sepol_context_to_sid: could not convert
system_u:object_r:cloud_what_var_cache_t:s0 to sid
invalid context system_u:object_r:cloud_what_var_cache_t:s0
libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned
error code 255.
Traceback (most recent call last):
File "/usr/bin/vdsm-tool", line 209, in main
return tool_command[cmd]["command"](*args)
File "/usr/lib/python3.6/site-packages/vdsm/tool/__init__.py", line
40, in wrapper
func(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/vdsm/tool/configurator.py",
line 145, in configure
_configure(c)
File "/usr/lib/python3.6/site-packages/vdsm/tool/configurator.py",
line 92, in _configure
getattr(module, 'configure', lambda: None)()
File
"/usr/lib/python3.6/site-packages/vdsm/tool/configurators/sebool.py",
line 88, in configure
_setup_booleans(True)
File
"/usr/lib/python3.6/site-packages/vdsm/tool/configurators/sebool.py",
line 60, in _setup_booleans
sebool_obj.finish()
File "/usr/lib/python3.6/site-packages/seobject.py", line 340, in finish
self.commit()
File "/usr/lib/python3.6/site-packages/seobject.py", line 330, in commit
rc = semanage_commit(self.sh)
OSError: [Errno 0] Error
I managed to solve this by running:
[root@host04 ~]# semodule -i
/usr/share/selinux/packages/ovirt-vmconsole/ovirt_vmconsole.pp
[root@host04 ~]# vdsm-tool configure --module sebool
Checking configuration status...
Running configure...
Done configuring modules to VDSM.
Regards
--
gb
PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
2 years, 4 months
Unable to install on a bonded NIC
by weeglos@yahoo.com
So I'm running a fresh install of oVirt on a new Centos Stream node. Fresh install.
I installed the OS with bonded interfaces. I bonded them during the install via anaconda.
I followed the doc here: https://ovirt.org/documentation/installing_ovirt_as_a_self-hosted_engine_...
When I got to the hosted-engine --deploy step, it errored out saying, "Only Team devices are present. Teaming is unsupported."
However, I'm not teaming my network adapters at all. I'm bonding them:
[root@mustafar ~]# cat /etc/sysconfig/network-scripts/ifcfg-Bond_connection_1
BONDING_OPTS="mode=balance-rr downdelay=0 miimon=1 updelay=0"
TYPE=Bond
BONDING_MASTER=yes
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME="Bond connection 1"
UUID=[redacted]
DEVICE=bond0
ONBOOT=yes
IPADDR=192.168.5.83
PREFIX=24
GATEWAY=192.168.5.1
DNS1=192.168.5.2
DNS2=192.168.5.3
DNS3=192.168.5.4
DOMAIN=[redacted]
[root@mustafar ~]#
What gives with this?
2 years, 4 months
oVirt OVA Export -> oVirt OVA Import failure
by simon@justconnect.ie
I carried out the following procedure:
1. Exported a VM as an OVA to a 4.3 environment host.
2. SCP'd the file to a host on a 4.5.0.3 environment.
3. Selected Import VM - Virtual Appliance (OVA) - selected the Host and path - clicked Load but no VMs are listed.
This process previously worked in 4.4
Is this a known bug?
Cannot upgrade to 4.5.1 until our internal mirrors have been updated.
Regards
Simon...
2 years, 4 months
Failed to Start services ovirt-imageio
by АБИОЛА А. Э
Hello Sir,
I am new to Ovirt and I tried to deploy it 3weeks into my oracle linux with
no success.
I got the following error messages
Please how can i fix this error to successfully deploy it.
I will be glad to read from you soon.
Appreciated
AAE.
[image: image.png]
2 years, 4 months
oVirt 4.5.1 is now generally available
by Lev Veyde
oVirt 4.5.1 is now generally available
The oVirt project is excited to announce the general availability of oVirt
4.5.1, as of June, 22nd 2022.
This release unleashes an altogether more powerful and flexible open source
virtualization solution that encompasses hundreds of individual changes and
a wide range of enhancements across the engine, storage, network, user
interface, and analytics on top of oVirt 4.4.
Important notes before you install / upgrade
Some of the features included in oVirt 4.5.1 require content that is
available in RHEL 8.6 (or newer) and derivatives.
NOTE: If you’re going to install oVirt 4.5.1 on RHEL or similar, please
read Installing on RHEL or derivatives
<https://ovirt.org/download/install_on_rhel.html> first.
Documentation
Be sure to follow instructions for oVirt 4.5!
-
If you want to try oVirt as quickly as possible, follow the instructions
on the Download <https://ovirt.org/download/> page.
-
For complete installation, administration, and usage instructions, see
the oVirt Documentation <https://ovirt.org/documentation/>.
-
For upgrading from a previous version, see the oVirt Upgrade Guide
<https://ovirt.org/documentation/upgrade_guide/>.
-
For a general overview of oVirt, see About oVirt
<https://ovirt.org/community/about.html>.
What’s new in oVirt 4.5.1 Release?
This release is available now on x86_64 architecture for:
-
CentOS Stream 8
-
RHEL 8.6 and derivatives
This release supports Hypervisor Hosts on x86_64:
-
oVirt Node NG (based on CentOS Stream 8)
-
CentOS Stream 8
-
RHEL 8.6 and derivatives
This release also supports Hypervisor Hosts on x86_64 as tech preview
without secure boot:
-
CentOS Stream 9
-
RHEL 9.0 and derivatives
-
oVirt Node NG based on CentOS Stream 9
Builds are also available for ppc64le and aarch64.
Known issues:
-
On EL9 with UEFI secure boot, vdsm fails to decode DMI data due to
Bug 2081648 <https://bugzilla.redhat.com/show_bug.cgi?id=2081648> -
python-dmidecode module fails to decode DMI data
Security fixes included in oVirt 4.5.1 compared to latest oVirt 4.5.0:
-
CVE-2022-31051 <https://bugzilla.redhat.com/show_bug.cgi?id=2097414> -
ovirt-web-ui - semantic-release: Masked secrets can be disclosed if they
contain characters that are excluded from uri encoding
-
CVE-2021-3807 <https://bugzilla.redhat.com/show_bug.cgi?id=2007557> -
ovirt-web-ui - nodejs-ansi-regex: Regular expression denial of service
(ReDoS) matching ANSI escape codes
-
CVE-2021-33623 <https://bugzilla.redhat.com/show_bug.cgi?id=1966615> -
ovirt-web-ui - nodejs-trim-newlines: ReDoS in .end() method
Some of the RFEs with high user impact are listed below:
-
1782077 [RFE] More Flexible oVirt CPU Allocation Policy with
HyperThreading
-
1975596 [RFE] Enhancement of oVirt monitoring by SNMP to merge each
alert message into a single line
-
1663217 [RFE] Add oVirt VM name to the matching between Satellite’s
content host to RHV (currently only VM FQDN is used)
-
1996098 [RFE] Provide options for “Disable Spice file transfer”,
“Disable spice clipboard copy and paste”
-
2021497 [RFE] Install and configure Keycloak as a default SSO provider
for ovirt-engine
-
2078500 [RFE] Add support for parallel migration connections to the REST
API
-
1937408 [RFE] Add ability to import template from OVA in image_template
role
-
1881280 [RFE] Validate HE cluster if --restore-from-file
-
2081559 [RFE] discrepancy tool should detect preallocated cow images
that were reduced
-
1986335 [RFE] Support hosts based on CentOS Stream 9
Some of the Bugs with high user impact are listed below:
-
2043146 Expired /etc/pki/vdsm/libvirt-vnc/server-cert.pem certificate is
skipped during Enroll Certificate
-
2071468 Engine fenced host that was already reconnected and set to Up
status.
-
2078025 [Docs] Now that certificates only last 13 months, oVirt needs to
document how to renew them
-
1986732 ovirt-ha services cannot set the LocalMaintenance mode in the
storage metadata and are in a restart loop
-
2054745 Setting SD to maintenance fails and turns the SD to inactive
mode as a result
-
2057958 oVirt Node 4.5 el9 iso doesn’t boot anymore
-
2035051 removing nfs-utils cause ovirt-engine removal due to cinderlib
dep tree
-
1878724 vdsm-tool configure is failing with error “dependency job for
libvirtd.service failed”
-
2075435 Hybrid Backup - backup href has changed and causing backups to
get stuck in finalizing stage
-
2055136 virt module is not changed to the correct stream during host
upgrade
oVirt Node will be released shortly after the release will reach the CentOS
mirrors.
See the release notes for installation instructions and a list of new
features and bugs fixed.
Additional resources:
-
Read more about the oVirt 4.5.1 release highlights:
https://www.ovirt.org/release/4.5.1/
-
Get more oVirt project updates on Twitter: https://twitter.com/ovirt
-
Check out the latest project news on the oVirt blog:
https://blogs.ovirt.org/
Thanks in advance,
--
Lev Veyde
Senior Software Engineer, RHCE | RHCVA | MCITP
Red Hat Israel
<https://www.redhat.com>
lev(a)redhat.com | lveyde(a)redhat.com
<https://red.ht/sig>
TRIED. TESTED. TRUSTED. <https://redhat.com/trusted>
2 years, 4 months
Re: VMs missing following Import of Storage Domain
by Simon Scott
The .ovf files don’t exist on the Primary site for the VMs in question so they are not being replicated.
Question is why aren’t there .ovf files on any of the hosts for those Vms?
Regards
Simon…
2 years, 4 months
gluster heal success but a directory doesn't heal
by Diego Ercolani
Hello list, I have a problem derived from some hangs in ovirt during upgrade procedures, I have a gluster based self hosted engine deploy with "glen" as the gluster based hosted engine volume:
This is the situation I'm facing:
[root@ovirt-node3 master]# gluster volume heal glen info
Brick ovirt-node2.ovirt:/brickhe/glen
/3577c21e-f757-4405-97d1-0f827c9b4e22/master/tasks
Status: Connected
Number of entries: 1
Brick ovirt-node3.ovirt:/brickhe/glen
/3577c21e-f757-4405-97d1-0f827c9b4e22/master/tasks
Status: Connected
Number of entries: 1
Brick ovirt-node4.ovirt:/dati/glen <- arbiter
/3577c21e-f757-4405-97d1-0f827c9b4e22/master/tasks
Status: Connected
Number of entries: 1
so, as manual suggest, I issued a heal operation:
[root@ovirt-node3 master]# gluster volume heal glen
Launching heal operation to perform index self heal on volume glen has been successful
Use heal info commands to check status.
The Heal operation produces no results as the successive heal info report the same from wich I started.
But this is the situation in the log files:
[root@ovirt-node2 ~]# less /var/log/glusterfs/glfsheal-glen.log <- no errors
[root@ovirt-node3 ~]# less /var/log/glusterfs/glfsheal-glen.log <- inside the log I have error entries:
[2022-06-20 07:33:05.891367 +0000] W [MSGID: 114031] [client-rpc-fops_v2.c:2620:client4_0_lookup_cbk] 0-glen-client-2: remote operation failed. [{path=<gfid:44d74dba-19e8-47a3-89e8-f4a6cb37d5ec>}, {gfid=44d74dba-19e8-47a3-89e8-f4a6cb37d5ec}, {errno=2}, {error=No such file or directory}]
[root@ovirt-node4 ~]# less /var/log/glusterfs/glfsheal-glen.log <- same kind of errors
[2022-06-20 07:27:10.486822 +0000] W [MSGID: 114031] [client-rpc-fops_v2.c:2620:client4_0_lookup_cbk] 0-glen-client-1: remote operation failed. [{path=<gfid:b7b1fec5-8246-46eb-afde-ba06f52897d2>}, {gfid=b7b1fec5-8246-46eb-afde-ba06f52897d2}, {errno=2}, {error=No such file or directory}]
On the nodes the glen volume is correctly mounted and:
[root@ovirt-node2 localhost:_glen]# ls -l 3577c21e-f757-4405-97d1-0f827c9b4e22/master/tasks/
[root@ovirt-node3 localhost:_glen]# ls -l 3577c21e-f757-4405-97d1-0f827c9b4e22/master/tasks/
[root@ovirt-node4 localhost:_glen]# ls -l 3577c21e-f757-4405-97d1-0f827c9b4e22/master/tasks/
all return no files
and issuing a ls on the brick source:
[root@ovirt-node2 glen]# ls -l 3577c21e-f757-4405-97d1-0f827c9b4e22/master/tasks/
total 0
[root@ovirt-node3 glen]# ls -l 3577c21e-f757-4405-97d1-0f827c9b4e22/master/tasks/
total 0
drwxr-xr-x. 2 vdsm kvm 156 Jun 9 17:20 ccb6fd19-1b67-42b9-a032-31e12d62ed0e
[root@ovirt-node4 glen]# ls -l 3577c21e-f757-4405-97d1-0f827c9b4e22/master/tasks/
total 0
so it turn out there is some difference between bricks...
Can you please help address this issue?
Thank you
2 years, 4 months
Cannot Log Into Newly Deployed Hosted Engine
by Clint Boggio
I have a fresh installation of a 4.5.1 hosted engine and the admin password I set during the process isn't working. I reset the password for the admin user from a root shell on the HE using the
ovirt-aaa-jdbc-tool utility and still no dice. I found a log file for "keycloak" that I tailed while logging in and discovered that keycloak was denying me. I am not familiar with keycloak at all. It appears as though I enabled keycloak during the deployment.
Just a few quick answers may get me back to where I need to be:
1. How do I log into the web management portal ? Previously it was admin@internal and then the password
2. If keycloak is looking for some kind of directory server outside of the engine I don't have one, if the engine is the keycloak server what are my credentials for the HE portal ?
3. Can I re-run engine-setup and turn Keycloak off so that I have internal based authentication ?
Below is dump of my engine-setup command results:
Default SAN wipe after delete : False
Host FQDN : ovirtmgmt.mycompany.com
Firewall manager : firewalld
Update Firewall : True
Set up Cinderlib integration : False
Keycloak installation : True
Engine database host : localhost
Engine database port : 5432
Engine database secured connection : False
Engine database host name validation : False
Engine database name : engine
Engine database user name : engine
Engine installation : True
PKI organization : mycompany.com
Set up ovirt-provider-ovn : True
Grafana integration : True
Grafana database user name : ovirt_engine_history_grafana
Keycloak database host : localhost
Keycloak database port : 5432
Keycloak database secured connection : False
Keycloak database host name validation : False
Keycloak database name : ovirt_engine_keycloak
Keycloak database user name : ovirt_engine_keycloak
Configure VMConsole Proxy : True
Configure WebSocket Proxy : True
DWH installation : True
DWH database host : localhost
DWH database port : 5432
DWH database secured connection : False
DWH database host name validation : False
DWH database name : ovirt_engine_history
DWH database user name : ovirt_engine_history
Backup DWH database : True
2 years, 4 months
HCI Deployment oVirt 4.5
by Clint Boggio
Hello oVirt Team
I'm in the process of deploying a three-node oVirt hyperconverged platform and from the cockpit interface of the deployment node I keep running into the same error. The system finishes the gluster deployment phase (sometimes) and then prompts to continue with the hosted engine deployment but then fails immediately complaining about the naming convention of my network interfaces. My network interfaces are 802.3ad bonds configured during the installation process of each node using "bondx" naming convention consistent across all three nodes. Any wisdom or pointers would be appreciated.
2 years, 4 months
