ovirt-engine manager, certificate issue
by david
hello
I have a problem to log in to ovirt-engine manager in my browser
the warning message in the browser display me this text:
PKIX path validation failed: java.security.cert.CertPathValidatorException:
validity check failed
to solve this problem I am offered to run engine-setup
and here is a question: the engine-setup will have no impact to the
hosts(hypervisors) working?
ovirt version 4.4.4.7-1.el8
thanks
2 years, 11 months
Issue with oVirt 4.5 and Data Warehouse installed on a Separate Machine
by Igor Davidoff
Hello,
i have an issue with 'engine-seup' step on DWH (separate server) aufter upgrade from 4.4.10 to 4.5.
It looks like the ovirt-engine-setup are looking for rpm-package 'ovirt-engine' instead of 'ovirt-engine-dwh'.
the reporting error is:
"
--== END OF CONFIGURATION ==--
[ INFO ] Stage: Setup validation
[ ERROR ] Failed to execute stage 'Setup validation': Command '/usr/bin/rpm' failed to execute
[ INFO ] Stage: Clean up
Log file is located at /var/log/ovirt-engine/setup/ovirt-engine-setup-20220502100751-fqwb07.log
[WARNING] Remote engine was not configured to be able to access DWH, please check the logs.
[ INFO ] Generating answer file '/var/lib/ovirt-engine/setup/answers/20220502101130-setup.conf'
[ INFO ] Stage: Pre-termination
[ INFO ] Stage: Termination
[ ERROR ] Execution of setup failed
"
in Setup log i found:
"
2022-05-02 10:11:30,000+0000 DEBUG otopi.context context._executeMethod:127 Stage validation METHOD otopi.plugins.ovirt_engine_setup.ovirt_engine_common.distro-rpm.packages.Plugin._validation
2022-05-02 10:11:30,001+0000 DEBUG otopi.plugins.ovirt_engine_setup.ovirt_engine_common.distro-rpm.packages plugin.executeRaw:813 execute: ('/usr/bin/rpm', '-q', '--queryformat=%{version}-%{release}', 'ovirt-engine'), executable='None', cwd='None', env=None
2022-05-02 10:11:30,013+0000 DEBUG otopi.plugins.ovirt_engine_setup.ovirt_engine_common.distro-rpm.packages plugin.executeRaw:863 execute-result: ('/usr/bin/rpm', '-q', '--queryformat=%{version}-%{release}', 'ovirt-engine'), rc=1
2022-05-02 10:11:30,013+0000 DEBUG otopi.plugins.ovirt_engine_setup.ovirt_engine_common.distro-rpm.packages plugin.execute:921 execute-output: ('/usr/bin/rpm', '-q', '--queryformat=%{version}-%{release}', 'ovirt-engine') stdout:
package ovirt-engine is not installed
2022-05-02 10:11:30,013+0000 DEBUG otopi.plugins.ovirt_engine_setup.ovirt_engine_common.distro-rpm.packages plugin.execute:926 execute-output: ('/usr/bin/rpm', '-q', '--queryformat=%{version}-%{release}', 'ovirt-engine') stderr:
2022-05-02 10:11:30,013+0000 DEBUG otopi.context context._executeMethod:145 method exception
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/otopi/context.py", line 132, in _executeMethod
method['method']()
File "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine-common/distro-rpm/packages.py", line 463, in _validation
oenginecons.Const.ENGINE_PACKAGE_NAME,
File "/usr/lib/python3.6/site-packages/otopi/plugin.py", line 931, in execute
command=args[0],
RuntimeError: Command '/usr/bin/rpm' failed to execute
2022-05-02 10:11:30,015+0000 ERROR otopi.context context._executeMethod:154 Failed to execute stage 'Setup validation': Command '/usr/bin/rpm' failed to execute
"
usually the upgrade of minor versions in 4.4 was just:
# yum update ovirt\*setup\*
# engine-setup
# yum update
as it did not work, i tried the fresh installation of centos8 stream and recovery of DWH Database and configuration:
# engine-backup --mode=restore --file=backup.bck --provision-all-databases
-> no luck
the last idea was fresh installation centos8 stream + fresh installation of ovirt-engine-dwh 4.5 (without recovery)
-> the same error.
the engine side works fine.
i compared the current setup logs with the installation and all the minor upgrades of ovirt-engine-dwh before 4.5
and only found the rpm-validation for the package 'ovirt-engine-dwh':
"
2022-02-08 16:11:29,846+0000 DEBUG otopi.plugins.ovirt_engine_setup.ovirt_engine_common.distro-rpm.packages plugin.executeRaw:813 execute: ('/usr/bin/rpm', '-q', 'ovirt-engine-dwh'), executable='None', cwd='None', env=None
2022-02-08 16:11:29,877+0000 DEBUG otopi.plugins.ovirt_engine_setup.ovirt_engine_common.distro-rpm.packages plugin.executeRaw:863 execute-result: ('/usr/bin/rpm', '-q', 'ovirt-engine-dwh'), rc=0
2022-02-08 16:11:29,878+0000 DEBUG otopi.plugins.ovirt_engine_setup.ovirt_engine_common.distro-rpm.packages plugin.execute:921 execute-output: ('/usr/bin/rpm', '-q', 'ovirt-engine-dwh') stdout:
ovirt-engine-dwh-4.4.10-1.el8.noarch
2022-02-08 16:11:29,878+0000 DEBUG otopi.plugins.ovirt_engine_setup.ovirt_engine_common.distro-rpm.packages plugin.execute:926 execute-output: ('/usr/bin/rpm', '-q', 'ovirt-engine-dwh') stderr:
2022-02-08 16:11:29,878+0000 DEBUG otopi.transaction transaction.commit:152 committing 'DWH Engine database Transaction'
"
It looks like engine-setup knows it is the DWH-Server, but is trying to validate the wrong rpm package.
Any Ideas, how to work around this.
Thank you!
2 years, 11 months
Import KVM VMs on individual iSCSI luns
by spierce@cts1.com
Greetings,
Is it possible with oVirt to import existing VMs where the underlying storage is on raw iSCSI luns and to keep them on those luns?
The historical scenario is that we have Virtual farms in multiple sites managed by an ancient Orchestration tool that does not support modern OS's as the hypervisor.
- In each site, there are clusters of hypervisors/Hosts that have visibility to the same iSCSI luns.
- Each VM has it's own set of iscsi luns that are totally dedicated to that VM
- Each VM is using LVM to manage the disk
- Each Host has LVM filtering configured to NOT manage the VM's iscsi luns
- The VMs can be live migrated from any Hypervisor within the cluster to any other Hypervisor in that same cluster
We are attempting to bring this existing environment into oVirt without replacing the storage model.
Is there any documentation that will serve as a guide for this scenario?
In a lab environment, we have successfully
- Added 2 hypervisors (hosts) and oVirt can see their VMs as external-ovtest1 and external-ovtest2
- Removed the LVM filtering on the hosts
- Created a storage domain that is able to see the iscsi luns, but we have not yet done the 'add' of each lun
Is it possible to import these luns as raw block devices without LVM being layered on top of them?
Is it required to actually import the luns into a storage domain, or can the VM's still be imported if all luns are visible on all hosts in the cluster?
In the grand scheme of things, are we trying to do something that is not possible with oVirt?
If it is possible, we would greatly appreciate tips, pointers, links to docs etc that will help us migrate this environment to oVirt.
Thanks in Advance
- S
2 years, 12 months
Upgrade from 4.2 directly to 4.5
by Vinícius Ferrão
Hello, I would like to know if I can do an oVirt upgrade directly from 4.2 to 4.5.
I don’t have a free host to upgrade the oVirt Node, so I was hoping that would be possible to fire up a new engine (with restore-backup) on the old oVirt Nodes and later on upgrade the hosts.
Is this possible?
Thank you.
3 years
VM access to infiniband network
by Roberto Bertucci
Hi all,
i am facing a problem while trying to associate a Mellanox infiniband interface to a network and using it for VM traffic.
vdsm log shows the following message:
The bridge <bridge name> cannot use IP over InfiniBand interface <interface name> as port. Please use RoCE interface instead.
Did anybody face the same problem and solve it?
Actually ib interface is configured with an ip address and we are mounting NFS filesystems on cluster nodes through infiniband network.
3 years
Problems with selinux after updating an ovirt node
by Giorgio Biacchi
Hi folks,
today I got a problem with vdsm and selinux after updating a host:
[root@host04 ~]# nodectl check
Status: WARN
Bootloader ... OK
Layer boot entries ... OK
Valid boot entries ... OK
Mount points ... OK
Separate /var ... OK
Discard is used ... OK
Basic storage ... OK
Initialized VG ... OK
Initialized Thin Pool ... OK
Initialized LVs ... OK
Thin storage ... OK
Checking available space in thinpool ... OK
Checking thinpool auto-extend ... OK
vdsmd ... BAD
So I run:
[root@host04 ~]# /usr/libexec/vdsm/vdsmd_init_common.sh --pre-start
vdsm: Running mkdirs
vdsm: Running configure_vdsm_logs
vdsm: Running run_init_hooks
vdsm: Running check_is_configured
lvm is configured for vdsm
Current revision of multipath.conf detected, preserving
Managed volume database is already configured
abrt is already configured for vdsm
libvirt is already configured for vdsm
sanlock is configured for vdsm
Modules sebool are not configured
Error:
One of the modules is not configured to work with VDSM.
To configure the module use the following:
'vdsm-tool configure [--module module-name]'.
If all modules are not configured try to use:
'vdsm-tool configure --force'
(The force flag will stop the module's service and start it
afterwards automatically to load the new configuration.)
vdsm: stopped during execute check_is_configured task (task returned
with error code 1).
But also runnining this gave me an error:
[root@host04 ~]# vdsm-tool configure --module sebool
Checking configuration status...
Running configure...
libsepol.context_from_record: type cloud_what_var_cache_t is not defined
libsepol.context_from_record: could not create context structure
libsepol.context_from_string: could not create context structure
libsepol.sepol_context_to_sid: could not convert
system_u:object_r:cloud_what_var_cache_t:s0 to sid
invalid context system_u:object_r:cloud_what_var_cache_t:s0
libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned
error code 255.
Traceback (most recent call last):
File "/usr/bin/vdsm-tool", line 209, in main
return tool_command[cmd]["command"](*args)
File "/usr/lib/python3.6/site-packages/vdsm/tool/__init__.py", line
40, in wrapper
func(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/vdsm/tool/configurator.py",
line 145, in configure
_configure(c)
File "/usr/lib/python3.6/site-packages/vdsm/tool/configurator.py",
line 92, in _configure
getattr(module, 'configure', lambda: None)()
File
"/usr/lib/python3.6/site-packages/vdsm/tool/configurators/sebool.py",
line 88, in configure
_setup_booleans(True)
File
"/usr/lib/python3.6/site-packages/vdsm/tool/configurators/sebool.py",
line 60, in _setup_booleans
sebool_obj.finish()
File "/usr/lib/python3.6/site-packages/seobject.py", line 340, in finish
self.commit()
File "/usr/lib/python3.6/site-packages/seobject.py", line 330, in commit
rc = semanage_commit(self.sh)
OSError: [Errno 0] Error
I managed to solve this by running:
[root@host04 ~]# semodule -i
/usr/share/selinux/packages/ovirt-vmconsole/ovirt_vmconsole.pp
[root@host04 ~]# vdsm-tool configure --module sebool
Checking configuration status...
Running configure...
Done configuring modules to VDSM.
Regards
--
gb
PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
3 years
Unable to install on a bonded NIC
by weeglos@yahoo.com
So I'm running a fresh install of oVirt on a new Centos Stream node. Fresh install.
I installed the OS with bonded interfaces. I bonded them during the install via anaconda.
I followed the doc here: https://ovirt.org/documentation/installing_ovirt_as_a_self-hosted_engine_...
When I got to the hosted-engine --deploy step, it errored out saying, "Only Team devices are present. Teaming is unsupported."
However, I'm not teaming my network adapters at all. I'm bonding them:
[root@mustafar ~]# cat /etc/sysconfig/network-scripts/ifcfg-Bond_connection_1
BONDING_OPTS="mode=balance-rr downdelay=0 miimon=1 updelay=0"
TYPE=Bond
BONDING_MASTER=yes
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME="Bond connection 1"
UUID=[redacted]
DEVICE=bond0
ONBOOT=yes
IPADDR=192.168.5.83
PREFIX=24
GATEWAY=192.168.5.1
DNS1=192.168.5.2
DNS2=192.168.5.3
DNS3=192.168.5.4
DOMAIN=[redacted]
[root@mustafar ~]#
What gives with this?
3 years
oVirt OVA Export -> oVirt OVA Import failure
by simon@justconnect.ie
I carried out the following procedure:
1. Exported a VM as an OVA to a 4.3 environment host.
2. SCP'd the file to a host on a 4.5.0.3 environment.
3. Selected Import VM - Virtual Appliance (OVA) - selected the Host and path - clicked Load but no VMs are listed.
This process previously worked in 4.4
Is this a known bug?
Cannot upgrade to 4.5.1 until our internal mirrors have been updated.
Regards
Simon...
3 years
Failed to Start services ovirt-imageio
by АБИОЛА А. Э
Hello Sir,
I am new to Ovirt and I tried to deploy it 3weeks into my oracle linux with
no success.
I got the following error messages
Please how can i fix this error to successfully deploy it.
I will be glad to read from you soon.
Appreciated
AAE.
[image: image.png]
3 years
oVirt 4.5.1 is now generally available
by Lev Veyde
oVirt 4.5.1 is now generally available
The oVirt project is excited to announce the general availability of oVirt
4.5.1, as of June, 22nd 2022.
This release unleashes an altogether more powerful and flexible open source
virtualization solution that encompasses hundreds of individual changes and
a wide range of enhancements across the engine, storage, network, user
interface, and analytics on top of oVirt 4.4.
Important notes before you install / upgrade
Some of the features included in oVirt 4.5.1 require content that is
available in RHEL 8.6 (or newer) and derivatives.
NOTE: If you’re going to install oVirt 4.5.1 on RHEL or similar, please
read Installing on RHEL or derivatives
<https://ovirt.org/download/install_on_rhel.html> first.
Documentation
Be sure to follow instructions for oVirt 4.5!
-
If you want to try oVirt as quickly as possible, follow the instructions
on the Download <https://ovirt.org/download/> page.
-
For complete installation, administration, and usage instructions, see
the oVirt Documentation <https://ovirt.org/documentation/>.
-
For upgrading from a previous version, see the oVirt Upgrade Guide
<https://ovirt.org/documentation/upgrade_guide/>.
-
For a general overview of oVirt, see About oVirt
<https://ovirt.org/community/about.html>.
What’s new in oVirt 4.5.1 Release?
This release is available now on x86_64 architecture for:
-
CentOS Stream 8
-
RHEL 8.6 and derivatives
This release supports Hypervisor Hosts on x86_64:
-
oVirt Node NG (based on CentOS Stream 8)
-
CentOS Stream 8
-
RHEL 8.6 and derivatives
This release also supports Hypervisor Hosts on x86_64 as tech preview
without secure boot:
-
CentOS Stream 9
-
RHEL 9.0 and derivatives
-
oVirt Node NG based on CentOS Stream 9
Builds are also available for ppc64le and aarch64.
Known issues:
-
On EL9 with UEFI secure boot, vdsm fails to decode DMI data due to
Bug 2081648 <https://bugzilla.redhat.com/show_bug.cgi?id=2081648> -
python-dmidecode module fails to decode DMI data
Security fixes included in oVirt 4.5.1 compared to latest oVirt 4.5.0:
-
CVE-2022-31051 <https://bugzilla.redhat.com/show_bug.cgi?id=2097414> -
ovirt-web-ui - semantic-release: Masked secrets can be disclosed if they
contain characters that are excluded from uri encoding
-
CVE-2021-3807 <https://bugzilla.redhat.com/show_bug.cgi?id=2007557> -
ovirt-web-ui - nodejs-ansi-regex: Regular expression denial of service
(ReDoS) matching ANSI escape codes
-
CVE-2021-33623 <https://bugzilla.redhat.com/show_bug.cgi?id=1966615> -
ovirt-web-ui - nodejs-trim-newlines: ReDoS in .end() method
Some of the RFEs with high user impact are listed below:
-
1782077 [RFE] More Flexible oVirt CPU Allocation Policy with
HyperThreading
-
1975596 [RFE] Enhancement of oVirt monitoring by SNMP to merge each
alert message into a single line
-
1663217 [RFE] Add oVirt VM name to the matching between Satellite’s
content host to RHV (currently only VM FQDN is used)
-
1996098 [RFE] Provide options for “Disable Spice file transfer”,
“Disable spice clipboard copy and paste”
-
2021497 [RFE] Install and configure Keycloak as a default SSO provider
for ovirt-engine
-
2078500 [RFE] Add support for parallel migration connections to the REST
API
-
1937408 [RFE] Add ability to import template from OVA in image_template
role
-
1881280 [RFE] Validate HE cluster if --restore-from-file
-
2081559 [RFE] discrepancy tool should detect preallocated cow images
that were reduced
-
1986335 [RFE] Support hosts based on CentOS Stream 9
Some of the Bugs with high user impact are listed below:
-
2043146 Expired /etc/pki/vdsm/libvirt-vnc/server-cert.pem certificate is
skipped during Enroll Certificate
-
2071468 Engine fenced host that was already reconnected and set to Up
status.
-
2078025 [Docs] Now that certificates only last 13 months, oVirt needs to
document how to renew them
-
1986732 ovirt-ha services cannot set the LocalMaintenance mode in the
storage metadata and are in a restart loop
-
2054745 Setting SD to maintenance fails and turns the SD to inactive
mode as a result
-
2057958 oVirt Node 4.5 el9 iso doesn’t boot anymore
-
2035051 removing nfs-utils cause ovirt-engine removal due to cinderlib
dep tree
-
1878724 vdsm-tool configure is failing with error “dependency job for
libvirtd.service failed”
-
2075435 Hybrid Backup - backup href has changed and causing backups to
get stuck in finalizing stage
-
2055136 virt module is not changed to the correct stream during host
upgrade
oVirt Node will be released shortly after the release will reach the CentOS
mirrors.
See the release notes for installation instructions and a list of new
features and bugs fixed.
Additional resources:
-
Read more about the oVirt 4.5.1 release highlights:
https://www.ovirt.org/release/4.5.1/
-
Get more oVirt project updates on Twitter: https://twitter.com/ovirt
-
Check out the latest project news on the oVirt blog:
https://blogs.ovirt.org/
Thanks in advance,
--
Lev Veyde
Senior Software Engineer, RHCE | RHCVA | MCITP
Red Hat Israel
<https://www.redhat.com>
lev(a)redhat.com | lveyde(a)redhat.com
<https://red.ht/sig>
TRIED. TESTED. TRUSTED. <https://redhat.com/trusted>
3 years
