Dedicated Migration Network
by Clint Boggio
Good Day All;
I am in the process of assembling a new oVirt cluster and I am wondering if there is any benefit to having a dedicated set of nics solely dedicated to VM migration. If so, would those nics (bonded) be on their own vlan and subnet or would they share a subnet with gluster storage or the management network ? Right now i'm planning on the following architecture.
1. Management = 10G X2 Bond per hypervisor host (10.66.0.0/24)
2. Gluster/iSCSI Storage = 10G X2 Bond per hypervisor host (10.244.0.0/24)
3. VM Production Network(s) = 10G X2 Bond per hypervisor host (No IP Range)
4. ?? Possible Dedicated VM Migration
Thank you very much as any input would be greatly appreciated
2 years, 5 months
"Retrieval of iSCSI targets failed" during hosted engine deployment on oVirt node 4.5
by pat@patfruth.com
I have freshly installed ovirt node 4.5 from the iso download here;
https://resources.ovirt.org/pub/ovirt-4.5/iso/ovirt-node-ng-installer/4.5...
output from 'rpm -qa | grep ovirt' shows
ovirt-hosted-engine-setup-2.6.3-1.el8.noarch
ovirt-imageio-daemon-2.4.3-1.el8.x86_64
python38-ovirt-engine-sdk4-4.5.1-1.el8.x86_64
ovirt-imageio-common-2.4.3-1.el8.x86_64
ovirt-node-ng-image-update-placeholder-4.5.0.3-1.el8.noarch
ovirt-openvswitch-2.15-3.el8.noarch
python38-ovirt-imageio-client-2.4.3-1.el8.x86_64
ovirt-openvswitch-ipsec-2.15-3.el8.noarch
ovirt-openvswitch-ovn-common-2.15-3.el8.noarch
ovirt-openvswitch-ovn-host-2.15-3.el8.noarch
centos-release-ovirt45-8.7-1.el8s.noarch
ovirt-provider-ovn-driver-1.2.36-1.el8.noarch
ovirt-host-dependencies-4.5.0-3.el8.x86_64
ovirt-release-host-node-4.5.0.3-1.el8.x86_64
ovirt-ansible-collection-2.0.3-1.el8.noarch
ovirt-vmconsole-1.0.9-1.el8.noarch
python3-ovirt-engine-sdk4-4.5.1-1.el8.x86_64
ovirt-node-ng-nodectl-4.4.2-1.el8.noarch
ovirt-openvswitch-ovn-2.15-3.el8.noarch
ovirt-hosted-engine-ha-2.5.0-1.el8.noarch
ovirt-host-4.5.0-3.el8.x86_64
ovirt-engine-appliance-4.5-20220511122240.1.el8.x86_64
ovirt-vmconsole-host-1.0.9-1.el8.noarch
ovirt-python-openvswitch-2.15-3.el8.noarch
python38-ovirt-imageio-common-2.4.3-1.el8.x86_64
python3-ovirt-node-ng-nodectl-4.4.2-1.el8.noarch
cockpit-ovirt-dashboard-0.16.0-1.el8.noarch
python3-ovirt-setup-lib-1.3.3-1.el8.noarch
ovirt-imageio-client-2.4.3-1.el8.x86_64
During the hosted engine deployment process, I get thru Step 3 ( the "Prepare VM" step) successfully.
On Step 4 (Storage Settings), I set;
- Storage type = iSCSI
- Portal IP address = my ISCSI target's ip address
- Accept the default Portal port number, which is already set to 3260
- Leave username & password blank (as I have no CHAP configured on the ISCSI target system)
When I click the "Retrieve Target List" button there is a brief pause, followed by red error message which says "Retrieval of iSCSI targets failed"
Upon reviewing the files in /var/log/ovirt-hosted-engine-setup on the ovirt node, I find a new log file named ovirt-hosted-engine-setup-ansible-iscsi_discover-20220614084053-in517x.log
The message near the end of the log file are as follows;
------ snip ------
.....
2022-06-14 08:41:03,510-0600 INFO ansible task start {'status': 'OK', 'ansible_type': 'task', 'ansible_playbook': '/usr/share/ovirt-hosted-engine-setup/ansible/trigger_role.yml', 'ansible_task': 'ovirt.ovirt.hosted_engine_setup : iSCSI discover'}
2022-06-14 08:41:03,511-0600 DEBUG ansible on_any args TASK: ovirt.ovirt.hosted_engine_setup : iSCSI discover kwargs is_conditional:False
2022-06-14 08:41:03,511-0600 DEBUG ansible on_any args localhost TASK: ovirt.ovirt.hosted_engine_setup : iSCSI discover kwargs
2022-06-14 08:41:06,430-0600 DEBUG var changed: host "localhost" var "ansible_play_hosts" type "<class 'list'>" value: "[]"
2022-06-14 08:41:06,430-0600 DEBUG var changed: host "localhost" var "ansible_play_batch" type "<class 'list'>" value: "[]"
2022-06-14 08:41:06,430-0600 DEBUG var changed: host "localhost" var "play_hosts" type "<class 'list'>" value: "[]"
2022-06-14 08:41:06,431-0600 ERROR ansible failed {
"ansible_host": "localhost",
"ansible_playbook": "/usr/share/ovirt-hosted-engine-setup/ansible/trigger_role.yml",
"ansible_result": {
"_ansible_no_log": false,
"changed": false,
"exception": "Traceback (most recent call last):\n File \"/tmp/ansible_ovirt_host_payload_ky4zlp1s/ansible_ovirt_host_payload.zip/ansible_collections/ovirt/ovirt/plugins/modules/ovirt_host.py\", line 638, in main\nTypeError: int() argument must be a string, a bytes-like object or a number, not 'NoneType'\n",
"invocation": {
"module_args": {
"activate": true,
"address": null,
"check_upgrade": true,
"cluster": null,
"comment": null,
"enroll_certificate": false,
"fetch_nested": false,
"force": false,
"hosted_engine": null,
"id": null,
"iscsi": {
"address": "192.168.1.2",
"password": "",
"port": null,
"username": ""
},
"kdump_integration": null,
"kernel_params": null,
"name": "ovirt-node01.internal.net",
"nested_attributes": [],
"override_display": null,
"override_iptables": null,
"password": null,
"poll_interval": 3,
"power_management_enabled": null,
"public_key": false,
"reboot_after_installation": null,
"reboot_after_upgrade": true,
"spm_priority": null,
"ssh_port": null,
"state": "iscsidiscover",
"timeout": 600,
"vgpu_placement": null,
"wait": true
}
},
"msg": "int() argument must be a string, a bytes-like object or a number, not 'NoneType'"
},
"ansible_task": "iSCSI discover",
"ansible_type": "task",
"status": "FAILED",
"task_duration": 3
}
2022-06-14 08:41:06,431-0600 DEBUG ansible on_any args <ansible.executor.task_result.TaskResult object at 0x7f9c76744370> kwargs ignore_errors:None
2022-06-14 08:41:06,432-0600 INFO ansible stats {
"ansible_playbook": "/usr/share/ovirt-hosted-engine-setup/ansible/trigger_role.yml",
"ansible_playbook_duration": "00:11 Minutes",
"ansible_result": "type: <class 'dict'>\nstr: {'localhost': {'ok': 5, 'failures': 1, 'unreachable': 0, 'changed': 0, 'skipped': 0, 'rescued': 0, 'ignored': 0}}",
"ansible_type": "finish",
"status": "FAILED"
}
2022-06-14 08:41:06,432-0600 INFO SUMMARY:
Duration Task Name
-------- --------
[ < 1 sec ] Execute just a specific set of steps
[ 00:01 ] Force facts gathering
[ 00:03 ] Obtain SSO token using username/password credentials
[ 00:03 ] Fetch host facts
[ FAILED ] iSCSI discover
2022-06-14 08:41:06,432-0600 DEBUG ansible on_any args <ansible.executor.stats.AggregateStats object at 0x7f9c793444c0> kwargs
------ snip ------
The error suggest that the iSCSI portal port number (which is defaulted to 3260 in the UI) is not being properly passed into the python module ovirt/ovirt/plugins/modules/ovirt_host.py
Looking at the code at line 638 of ovirt_host.py, found here;
https://github.com/oVirt/ovirt-ansible-collection/blob/2.0.3-1/plugins/mo...
I see;
.....
elif state == 'iscsidiscover':
host_id = get_id_by_name(hosts_service, module.params['name'])
iscsi_param = module.params['iscsi']
iscsi_targets = hosts_service.service(host_id).discover_iscsi(
iscsi=otypes.IscsiDetails(
port=int(iscsi_param.get('port', 3260)), <---- line 638
username=iscsi_param.get('username'),
password=iscsi_param.get('password'),
address=iscsi_param.get('address'),
portal=iscsi_param.get('portal'),
),
)
ret = {
'changed': False,
'id': host_id,
'iscsi_targets': [iscsi.target for iscsi in iscsi_targets],
'iscsi_targets_struct': [get_dict_of_struct(
struct=iscsi,
connection=connection,
fetch_nested=module.params.get('fetch_nested'),
attributes=module.params.get('nested_attributes'),
) for iscsi in iscsi_targets],
}
.....
I'm not a Python expert, so I can't tell if this logic is correct or not.
Looking at Git history on this code, it looks like the last time a change was made effecting ISCSI was in May of 2021;
https://github.com/oVirt/ovirt-ansible-collection/commit/1c4c18d844a69b82...
By Martin Necas - https://github.com/mnecas
I gotta believe I'm not the first one to try setting up oVirt 4.5 hosted engine with ISCSI storage.
Is anyone else out there using ISCSI storage with oVirt 4.5.0.3 yet?
How did you get it working?
2 years, 5 months
Issue adding host to ovirt 4.4 cluster
by David Johnson
Good morning all,
I am attempting to add a host to my ovirt 4.4 cluster. The installation of
the first host went smoothly, but the installation of the second host
stalled.
Currently, the second host is in Installing state, but doing nothing. The
installation failed due to a failure to register the host certificate.
I cannot change the state of the host or retry the installation to capture
logs.
Warnings from the host that are visible on the ovirt console are:
- Power Management is not configured for this Host. Enable Power
Management
- Host has no default route.
- The host CPU does not match the Cluster CPU Type and is running in a
degraded mode. It is missing the following CPU flags: vmx,
model_Cascadelake-Server-noTSX. Please update the host CPU microcode or
change the Cluster CPU Type.
The error message generated at the last attempt to install the host from
the ovirt console is:
- Failed to enroll certificate for host ovirt-host-04 (User:
admin@internal-authz).
Please advise
2 years, 5 months
Re: oVirt 4.4.x step-by-step procedure to renew expired oVirt certificates
by Nathanaël Blanchet
Hi,
Le 17/06/2022 à 12:18, Marko Vrgotic a écrit :
>
> Dear Nathanael,
>
> Thank you very much for you reply. Regarding host expiration playbook
> you wrote – my compliments – is it safe to run on host with expired
> certificates, or its rather meant to be executed for renewal of certs
> on hosts with still valid certs?
>
both are okay, in case of a host in "up" status, it will go down during
the playbook execution, but vms will continue to run without any
downtime. Host will recover and go up once certificates will be
successfully renewed.
This is an emergency procedure, the best solution to renew a certificate
on a running host is to put the host into maintenance and renew certs
via UI.
> We have also found following script which should at least safely take
> care of the renewal of certs on host with already expired certificates
> - .
>
> https://github.com/tothf/renew_vdsm_cert/blob/main/renew_vdsm_cert.sh
>
> -----
>
> kind regards/met vriendelijke groeten
>
> Marko Vrgotic
> Sr. System Engineer @ System Administration
>
>
> ActiveVideo
>
> *o: *+31 (35) 6774131
>
> *m: +*31 (65) 5734174**
>
> *e:*m.vrgotic@activevideo.com <mailto:m.vrgotic@activevideo.com>
> *w: *www.activevideo.com <http://www.activevideo.com>
>
> ActiveVideo Networks BV. Mediacentrum 3745 Joop van den Endeplein
> 1.1217 WJ Hilversum, The Netherlands. The information contained in
> this message may be legally privileged and confidential. It is
> intended to be read only by the individual or entity to whom it is
> addressed or by their designee. If the reader of this message is not
> the intended recipient, you are on notice that any distribution of
> this message, in any form, is strictly prohibited. If you have
> received this message in error, please immediately notify the sender
> and/or ActiveVideo Networks, LLC by telephone at +1 408.931.9200 and
> delete or destroy any copy of this message.
>
> *From: *Nathanaël Blanchet <blanchet(a)abes.fr>
> *Date: *Thursday, 16 June 2022 at 14:40
> *To: *Marko Vrgotic <M.Vrgotic(a)activevideo.com>, users(a)ovirt.org
> <users(a)ovirt.org>
> *Subject: *Re: [ovirt-users] oVirt 4.4.x step-by-step procedure to
> renew expired oVirt certificates
>
> ***CAUTION: This email originated from outside of the organization. Do
> not click links or open attachments unless you recognize the sender!!!***
>
> Hello,
>
> If you refer to:
>
> 1. engine apache certificate expiration ("PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException:) to
> access to ovirt console.
> => engine-setup --offline
> 2. hosts certificate expiration?
> => https://access.redhat.com/solutions/3532921
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess....>
> I also wrote a playbook to do so there:
> https://galaxy.ansible.com/natman/ovirt_renew_certs
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgalaxy....>
> In this case, don't forget to renew certificate with UI (into
> maintenance) when host is reponding, otherwise you may enconter
> issues with console or live migration or other SSL related stuff.
>
> tested and approved.
>
> Le 16/06/2022 à 12:34, Marko Vrgotic a écrit :
>
> Dear oVirt,
>
> The oVirt SSL certificated were changed to one-year renewal and we
> have a problem now.
>
> We are running 4.4.x version with SHE on local storage cluster and
> we have four more local storage clusters.
>
> One the cluster running SHE, the engine and host certificates have
> expired. We found the procedure for renewal prior to expiration,
> but we do not have a mnual one, required once certificates have
> expired.
>
> Would you be so kind to share the manual or steps needed to fix
> our oVirt setup.
>
> Thank you in advance.
>
> -----
>
> kind regards/met vriendelijke groeten
>
> Marko Vrgotic
> Sr. System Engineer @ System Administration
>
>
> ActiveVideo
>
> *o: *+31 (35) 6774131
>
> *m: +*31 (65) 5734174
>
> *e:*m.vrgotic@activevideo.com <mailto:m.vrgotic@activevideo.com>
> *w: *www.activevideo.com <http://www.activevideo.com>
>
> ActiveVideo Networks BV. Mediacentrum 3745 Joop van den Endeplein
> 1.1217 WJ Hilversum, The Netherlands. The information contained in
> this message may be legally privileged and confidential. It is
> intended to be read only by the individual or entity to whom it is
> addressed or by their designee. If the reader of this message is
> not the intended recipient, you are on notice that any
> distribution of this message, in any form, is strictly
> prohibited. If you have received this message in error, please
> immediately notify the sender and/or ActiveVideo Networks, LLC by
> telephone at +1 408.931.9200 and delete or destroy any copy of
> this message.
>
>
>
> _______________________________________________
>
> Users mailing list --users(a)ovirt.org
>
> To unsubscribe send an email tousers-leave(a)ovirt.org
>
> Privacy Statement:https://www.ovirt.org/privacy-policy.html <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovi...>
>
> oVirt Code of Conduct:https://www.ovirt.org/community/about/community-guidelines/ <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovi...>
>
> List Archives:https://lists.ovirt.org/archives/list/users@ovirt.org/message/5L... <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.o...>
>
> --
> Nathanaël Blanchet
> Supervision réseau
> SIRE
> 227 avenue Professeur-Jean-Louis-Viala
> 34193 MONTPELLIER CEDEX 5
> Tél. 33 (0)4 67 54 84 55
> Fax 33 (0)4 67 54 84 14
> blanchet(a)abes.fr
--
Nathanaël Blanchet
Supervision réseau
SIRE
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
blanchet(a)abes.fr
2 years, 5 months
After attaching the Storage domain, the VMs are disappeared from the VM import
by aminur.rahman@iongroup.com
Hi,
We're noticing some weird issue while re-attaching the storage domain. After re-attach the storage domain, some VMs are completely missing from the VM Import. Before detaching the storage domain, all the VMs were shutdown gracefully.
I also noticed some disks are exists with no Alias under the disk import on the storage domain and I can't import those disks. Its failed to register the disk with <UNKONOWN> error.
We're using Ovirt 4.2 with multiple Dell hosts in the cluster and Compellent SAN with iSCSI volumes.
Please kindly advise if I am missing anything before detach the storage domain.
Thanks
2 years, 5 months
Delete the post :
by khznm 21
Dear Admin
Pls delete the post under the below subject line , posted on June 18,
2022, 3:51 p.m.
[ovirt-users] The he_fqdn proposed for the engine VM resolves on this host
The post is incorrect and the problem was corrected
sorry for the inconvenience caused.
regards/khznm
2 years, 5 months
The he_fqdn proposed for the engine VM resolves on this host
by khznm 21
Installing oVirt is not so easy as stated, i am struck up in FQDN resolution , i have this FQDN (vmanager.headache.com) resolve to ip 10.1.1.6 in DNS within the network,additionally i also input this entries into /etc/hosts file. while installing ( may be 8 times ) ,i am struck up with error " he_fqdn proposed for the engine VM resolves on this host " . The network is using vlan ip, the host is already installed bare metal into cisco c240-m5 with RH virtualization ver 4.4 ,its installed on IP :10.1.1.5. the problem is with installing the self hosted engine (ovirt).
the vlan are like eno2.vlan7 and eno2.vlan7.1
/etc/hosts
10.1.1.6 vmanager.headache.com vmanager
10.1.1.5 vhrh1.headache.com vhrh1
10.1.1.6 vmanager.headache.com
10.1.1.5 vhrh1.headache.com
i even tried cli install,,here also the same issue .. below are the error ..
Host name is not valid: vmanager.headache.com resolves to 10.1.1.6
Host name is not valid: vman.headache.com did not resolve into an IP address
Pls any body help here ,,,what i am doing wrong...
2 years, 5 months
Cannot log into oVirt Manager - certificate issue
by Diggy Mc
I cannot log into oVirt Manager. My browser gave me a warning that the site's certificate has expired. Then when I try to log in, I receive the following error message:
"PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed"
How can I fix this problem? In advance, thank you for your help.
hosted-engine: v4.4.8.6
hosts: oVirt Node v4.4.8.3
2 years, 5 months
