Re: oVirt 4.4.x step-by-step procedure to renew expired oVirt certificates
by Nathanaël Blanchet
Hi,
Le 17/06/2022 à 12:18, Marko Vrgotic a écrit :
>
> Dear Nathanael,
>
> Thank you very much for you reply. Regarding host expiration playbook
> you wrote – my compliments – is it safe to run on host with expired
> certificates, or its rather meant to be executed for renewal of certs
> on hosts with still valid certs?
>
both are okay, in case of a host in "up" status, it will go down during
the playbook execution, but vms will continue to run without any
downtime. Host will recover and go up once certificates will be
successfully renewed.
This is an emergency procedure, the best solution to renew a certificate
on a running host is to put the host into maintenance and renew certs
via UI.
> We have also found following script which should at least safely take
> care of the renewal of certs on host with already expired certificates
> - .
>
> https://github.com/tothf/renew_vdsm_cert/blob/main/renew_vdsm_cert.sh
>
> -----
>
> kind regards/met vriendelijke groeten
>
> Marko Vrgotic
> Sr. System Engineer @ System Administration
>
>
> ActiveVideo
>
> *o: *+31 (35) 6774131
>
> *m: +*31 (65) 5734174**
>
> *e:*m.vrgotic@activevideo.com <mailto:m.vrgotic@activevideo.com>
> *w: *www.activevideo.com <http://www.activevideo.com>
>
> ActiveVideo Networks BV. Mediacentrum 3745 Joop van den Endeplein
> 1.1217 WJ Hilversum, The Netherlands. The information contained in
> this message may be legally privileged and confidential. It is
> intended to be read only by the individual or entity to whom it is
> addressed or by their designee. If the reader of this message is not
> the intended recipient, you are on notice that any distribution of
> this message, in any form, is strictly prohibited. If you have
> received this message in error, please immediately notify the sender
> and/or ActiveVideo Networks, LLC by telephone at +1 408.931.9200 and
> delete or destroy any copy of this message.
>
> *From: *Nathanaël Blanchet <blanchet(a)abes.fr>
> *Date: *Thursday, 16 June 2022 at 14:40
> *To: *Marko Vrgotic <M.Vrgotic(a)activevideo.com>, users(a)ovirt.org
> <users(a)ovirt.org>
> *Subject: *Re: [ovirt-users] oVirt 4.4.x step-by-step procedure to
> renew expired oVirt certificates
>
> ***CAUTION: This email originated from outside of the organization. Do
> not click links or open attachments unless you recognize the sender!!!***
>
> Hello,
>
> If you refer to:
>
> 1. engine apache certificate expiration ("PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException:) to
> access to ovirt console.
> => engine-setup --offline
> 2. hosts certificate expiration?
> => https://access.redhat.com/solutions/3532921
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess....>
> I also wrote a playbook to do so there:
> https://galaxy.ansible.com/natman/ovirt_renew_certs
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgalaxy....>
> In this case, don't forget to renew certificate with UI (into
> maintenance) when host is reponding, otherwise you may enconter
> issues with console or live migration or other SSL related stuff.
>
> tested and approved.
>
> Le 16/06/2022 à 12:34, Marko Vrgotic a écrit :
>
> Dear oVirt,
>
> The oVirt SSL certificated were changed to one-year renewal and we
> have a problem now.
>
> We are running 4.4.x version with SHE on local storage cluster and
> we have four more local storage clusters.
>
> One the cluster running SHE, the engine and host certificates have
> expired. We found the procedure for renewal prior to expiration,
> but we do not have a mnual one, required once certificates have
> expired.
>
> Would you be so kind to share the manual or steps needed to fix
> our oVirt setup.
>
> Thank you in advance.
>
> -----
>
> kind regards/met vriendelijke groeten
>
> Marko Vrgotic
> Sr. System Engineer @ System Administration
>
>
> ActiveVideo
>
> *o: *+31 (35) 6774131
>
> *m: +*31 (65) 5734174
>
> *e:*m.vrgotic@activevideo.com <mailto:m.vrgotic@activevideo.com>
> *w: *www.activevideo.com <http://www.activevideo.com>
>
> ActiveVideo Networks BV. Mediacentrum 3745 Joop van den Endeplein
> 1.1217 WJ Hilversum, The Netherlands. The information contained in
> this message may be legally privileged and confidential. It is
> intended to be read only by the individual or entity to whom it is
> addressed or by their designee. If the reader of this message is
> not the intended recipient, you are on notice that any
> distribution of this message, in any form, is strictly
> prohibited. If you have received this message in error, please
> immediately notify the sender and/or ActiveVideo Networks, LLC by
> telephone at +1 408.931.9200 and delete or destroy any copy of
> this message.
>
>
>
> _______________________________________________
>
> Users mailing list --users(a)ovirt.org
>
> To unsubscribe send an email tousers-leave(a)ovirt.org
>
> Privacy Statement:https://www.ovirt.org/privacy-policy.html <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovi...>
>
> oVirt Code of Conduct:https://www.ovirt.org/community/about/community-guidelines/ <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovi...>
>
> List Archives:https://lists.ovirt.org/archives/list/users@ovirt.org/message/5L... <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.o...>
>
> --
> Nathanaël Blanchet
> Supervision réseau
> SIRE
> 227 avenue Professeur-Jean-Louis-Viala
> 34193 MONTPELLIER CEDEX 5
> Tél. 33 (0)4 67 54 84 55
> Fax 33 (0)4 67 54 84 14
> blanchet(a)abes.fr
--
Nathanaël Blanchet
Supervision réseau
SIRE
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
blanchet(a)abes.fr
2 years, 9 months
After attaching the Storage domain, the VMs are disappeared from the VM import
by aminur.rahman@iongroup.com
Hi,
We're noticing some weird issue while re-attaching the storage domain. After re-attach the storage domain, some VMs are completely missing from the VM Import. Before detaching the storage domain, all the VMs were shutdown gracefully.
I also noticed some disks are exists with no Alias under the disk import on the storage domain and I can't import those disks. Its failed to register the disk with <UNKONOWN> error.
We're using Ovirt 4.2 with multiple Dell hosts in the cluster and Compellent SAN with iSCSI volumes.
Please kindly advise if I am missing anything before detach the storage domain.
Thanks
2 years, 9 months
Delete the post :
by khznm 21
Dear Admin
Pls delete the post under the below subject line , posted on June 18,
2022, 3:51 p.m.
[ovirt-users] The he_fqdn proposed for the engine VM resolves on this host
The post is incorrect and the problem was corrected
sorry for the inconvenience caused.
regards/khznm
2 years, 9 months
The he_fqdn proposed for the engine VM resolves on this host
by khznm 21
Installing oVirt is not so easy as stated, i am struck up in FQDN resolution , i have this FQDN (vmanager.headache.com) resolve to ip 10.1.1.6 in DNS within the network,additionally i also input this entries into /etc/hosts file. while installing ( may be 8 times ) ,i am struck up with error " he_fqdn proposed for the engine VM resolves on this host " . The network is using vlan ip, the host is already installed bare metal into cisco c240-m5 with RH virtualization ver 4.4 ,its installed on IP :10.1.1.5. the problem is with installing the self hosted engine (ovirt).
the vlan are like eno2.vlan7 and eno2.vlan7.1
/etc/hosts
10.1.1.6 vmanager.headache.com vmanager
10.1.1.5 vhrh1.headache.com vhrh1
10.1.1.6 vmanager.headache.com
10.1.1.5 vhrh1.headache.com
i even tried cli install,,here also the same issue .. below are the error ..
Host name is not valid: vmanager.headache.com resolves to 10.1.1.6
Host name is not valid: vman.headache.com did not resolve into an IP address
Pls any body help here ,,,what i am doing wrong...
2 years, 9 months
Cannot log into oVirt Manager - certificate issue
by Diggy Mc
I cannot log into oVirt Manager. My browser gave me a warning that the site's certificate has expired. Then when I try to log in, I receive the following error message:
"PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed"
How can I fix this problem? In advance, thank you for your help.
hosted-engine: v4.4.8.6
hosts: oVirt Node v4.4.8.3
2 years, 9 months
Re: oVirt 4.4.x step-by-step procedure to renew expired oVirt certificates
by Nathanaël Blanchet
Hello,
If you refer to:
1. engine apache certificate expiration ("PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:) to
access to ovirt console.
=> engine-setup --offline
2. hosts certificate expiration?
=> https://access.redhat.com/solutions/3532921
I also wrote a playbook to do so there:
https://galaxy.ansible.com/natman/ovirt_renew_certs
In this case, don't forget to renew certificate with UI (into
maintenance) when host is reponding, otherwise you may enconter
issues with console or live migration or other SSL related stuff.
tested and approved.
Le 16/06/2022 à 12:34, Marko Vrgotic a écrit :
>
> Dear oVirt,
>
> The oVirt SSL certificated were changed to one-year renewal and we
> have a problem now.
>
> We are running 4.4.x version with SHE on local storage cluster and we
> have four more local storage clusters.
>
> One the cluster running SHE, the engine and host certificates have
> expired. We found the procedure for renewal prior to expiration, but
> we do not have a mnual one, required once certificates have expired.
>
> Would you be so kind to share the manual or steps needed to fix our
> oVirt setup.
>
> Thank you in advance.
>
> -----
>
> kind regards/met vriendelijke groeten
>
> Marko Vrgotic
> Sr. System Engineer @ System Administration
>
>
> ActiveVideo
>
> *o: *+31 (35) 6774131
>
> *m: +*31 (65) 5734174**
>
> *e:*m.vrgotic@activevideo.com <mailto:m.vrgotic@activevideo.com>
> *w: *www.activevideo.com <http://www.activevideo.com>
>
> ActiveVideo Networks BV. Mediacentrum 3745 Joop van den Endeplein
> 1.1217 WJ Hilversum, The Netherlands. The information contained in
> this message may be legally privileged and confidential. It is
> intended to be read only by the individual or entity to whom it is
> addressed or by their designee. If the reader of this message is not
> the intended recipient, you are on notice that any distribution of
> this message, in any form, is strictly prohibited. If you have
> received this message in error, please immediately notify the sender
> and/or ActiveVideo Networks, LLC by telephone at +1 408.931.9200 and
> delete or destroy any copy of this message.
>
>
> _______________________________________________
> Users mailing list --users(a)ovirt.org
> To unsubscribe send an email tousers-leave(a)ovirt.org
> Privacy Statement:https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:https://www.ovirt.org/community/about/community-guidelines/
> List Archives:https://lists.ovirt.org/archives/list/users@ovirt.org/message/5L...
--
Nathanaël Blanchet
Supervision réseau
SIRE
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
blanchet(a)abes.fr
2 years, 9 months
Cant fix network
by David Johnson
Good afternoon all,
Welcome to the third part of my trilogy of disaster recovery woes. Much of
my woe is self inflicted, but I have learned enough from this that I now
know how to ask the right question about the original problem that got me
here.
After reinstalling the engine from the ground up, ovirt immediately
recognized the first host (yay) whose network configuration I had manually
fixed on the host console.
I removed the host from the engine, stripped its system down to the bare
OS, then attempted to reinstall ovirt.
Apparently the original network configuration is still saved on the host,
because reinstall kicks the host off of the management network, replacing
the good configuration that I just made on the host with the bad one that
was the original cause of my heartache.
What is wrong with this configuration is that the storage network is on a
10 gbit sfp+ physical network, isolated from the 1 gbit ovirtmgt network
with RJ12 connectors. There is no way to bridge the two networks
Here is the original (bad) configuration:
[image: image.png]
Here is the corrected configuration. Note that it wont let me connect to
the network. it's frustrating because I know that the engine is not
communicating with the host, and I can map out the fix here, but I can't
save it.
[image: image.png]
It will not allow me to remove the host or switch the host to inoperable or
maintenance mode.
Please advise.
2 years, 9 months
1 Unsynced Entry
by Abe E
I am having an issue on 1 single node where it is reporting 1 unsynced entry and it is not healing by itself or by force.
In the glustershd.log it is reporting the following:
W [MSGID: 114031] [client-rpc-fops_v2.c:2620:client4_0_lookup_cbk] 0-data-client-2: remote operation failed. [{path=<gfid:a8769008-3658-400f-b3ba-c0df40e648a7>}, {gfid=a8769008-3658-400f-b3ba-c0df40e648a7}, {errno=2}, {error=No such file or directory}]
I assume if it was missing it would look to other nodes for it but I understand from this that even other nodes do not have it?
2 years, 9 months
OVIRT Package Upgrade Interrupted
by Abe E
It seems I haven't learned my lesson with upgrading via GUI.
For some reason my server crashed during use of the GUI Upgrade method and it looks like maybe it did not complete or the like.
3NodeGluster
I then noticed that I had actually upgrading a single node to the 4.5.1 Testing Version, that being said my glusterfs for this node is on 10.2 while other nodes are on 10.1.
Is there a "cleaner" way of reverting the upgrade?
I assume there are other packages that may have been upgraded that should be reverted.
2 years, 9 months
Dead agent
by Valerio Luccio
Hello all,
I have an ovirt 4.4 installation whit self-hosted engine where the agent
seems to have died. The VMs are still running, so I assume that the
engine itself is still running (is this a wrong assumption ?). Can I
restart the agent without affecting the running VMs, that is how will
restarting the agent affect the running VMs ? If I can restart the
agent, what's the correct way of doing it ?
Thanks,
--
Valerio Luccio
High Performance Computing 10 Astor Place, Room 416D
New York University New York, NY 10003
"In an open world, who needs windows or gates ?"
2 years, 9 months
