Re: oVirt 4.4.x step-by-step procedure to renew expired oVirt certificates
by Nathanaël Blanchet
Hello,
If you refer to:
1. engine apache certificate expiration ("PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:) to
access to ovirt console.
=> engine-setup --offline
2. hosts certificate expiration?
=> https://access.redhat.com/solutions/3532921
I also wrote a playbook to do so there:
https://galaxy.ansible.com/natman/ovirt_renew_certs
In this case, don't forget to renew certificate with UI (into
maintenance) when host is reponding, otherwise you may enconter
issues with console or live migration or other SSL related stuff.
tested and approved.
Le 16/06/2022 à 12:34, Marko Vrgotic a écrit :
>
> Dear oVirt,
>
> The oVirt SSL certificated were changed to one-year renewal and we
> have a problem now.
>
> We are running 4.4.x version with SHE on local storage cluster and we
> have four more local storage clusters.
>
> One the cluster running SHE, the engine and host certificates have
> expired. We found the procedure for renewal prior to expiration, but
> we do not have a mnual one, required once certificates have expired.
>
> Would you be so kind to share the manual or steps needed to fix our
> oVirt setup.
>
> Thank you in advance.
>
> -----
>
> kind regards/met vriendelijke groeten
>
> Marko Vrgotic
> Sr. System Engineer @ System Administration
>
>
> ActiveVideo
>
> *o: *+31 (35) 6774131
>
> *m: +*31 (65) 5734174**
>
> *e:*m.vrgotic@activevideo.com <mailto:m.vrgotic@activevideo.com>
> *w: *www.activevideo.com <http://www.activevideo.com>
>
> ActiveVideo Networks BV. Mediacentrum 3745 Joop van den Endeplein
> 1.1217 WJ Hilversum, The Netherlands. The information contained in
> this message may be legally privileged and confidential. It is
> intended to be read only by the individual or entity to whom it is
> addressed or by their designee. If the reader of this message is not
> the intended recipient, you are on notice that any distribution of
> this message, in any form, is strictly prohibited. If you have
> received this message in error, please immediately notify the sender
> and/or ActiveVideo Networks, LLC by telephone at +1 408.931.9200 and
> delete or destroy any copy of this message.
>
>
> _______________________________________________
> Users mailing list --users(a)ovirt.org
> To unsubscribe send an email tousers-leave(a)ovirt.org
> Privacy Statement:https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:https://www.ovirt.org/community/about/community-guidelines/
> List Archives:https://lists.ovirt.org/archives/list/users@ovirt.org/message/5L...
--
Nathanaël Blanchet
Supervision réseau
SIRE
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
blanchet(a)abes.fr
2 years, 5 months
Cant fix network
by David Johnson
Good afternoon all,
Welcome to the third part of my trilogy of disaster recovery woes. Much of
my woe is self inflicted, but I have learned enough from this that I now
know how to ask the right question about the original problem that got me
here.
After reinstalling the engine from the ground up, ovirt immediately
recognized the first host (yay) whose network configuration I had manually
fixed on the host console.
I removed the host from the engine, stripped its system down to the bare
OS, then attempted to reinstall ovirt.
Apparently the original network configuration is still saved on the host,
because reinstall kicks the host off of the management network, replacing
the good configuration that I just made on the host with the bad one that
was the original cause of my heartache.
What is wrong with this configuration is that the storage network is on a
10 gbit sfp+ physical network, isolated from the 1 gbit ovirtmgt network
with RJ12 connectors. There is no way to bridge the two networks
Here is the original (bad) configuration:
[image: image.png]
Here is the corrected configuration. Note that it wont let me connect to
the network. it's frustrating because I know that the engine is not
communicating with the host, and I can map out the fix here, but I can't
save it.
[image: image.png]
It will not allow me to remove the host or switch the host to inoperable or
maintenance mode.
Please advise.
2 years, 5 months
1 Unsynced Entry
by Abe E
I am having an issue on 1 single node where it is reporting 1 unsynced entry and it is not healing by itself or by force.
In the glustershd.log it is reporting the following:
W [MSGID: 114031] [client-rpc-fops_v2.c:2620:client4_0_lookup_cbk] 0-data-client-2: remote operation failed. [{path=<gfid:a8769008-3658-400f-b3ba-c0df40e648a7>}, {gfid=a8769008-3658-400f-b3ba-c0df40e648a7}, {errno=2}, {error=No such file or directory}]
I assume if it was missing it would look to other nodes for it but I understand from this that even other nodes do not have it?
2 years, 5 months
OVIRT Package Upgrade Interrupted
by Abe E
It seems I haven't learned my lesson with upgrading via GUI.
For some reason my server crashed during use of the GUI Upgrade method and it looks like maybe it did not complete or the like.
3NodeGluster
I then noticed that I had actually upgrading a single node to the 4.5.1 Testing Version, that being said my glusterfs for this node is on 10.2 while other nodes are on 10.1.
Is there a "cleaner" way of reverting the upgrade?
I assume there are other packages that may have been upgraded that should be reverted.
2 years, 5 months
Dead agent
by Valerio Luccio
Hello all,
I have an ovirt 4.4 installation whit self-hosted engine where the agent
seems to have died. The VMs are still running, so I assume that the
engine itself is still running (is this a wrong assumption ?). Can I
restart the agent without affecting the running VMs, that is how will
restarting the agent affect the running VMs ? If I can restart the
agent, what's the correct way of doing it ?
Thanks,
--
Valerio Luccio
High Performance Computing 10 Astor Place, Room 416D
New York University New York, NY 10003
"In an open world, who needs windows or gates ?"
2 years, 5 months
oVirt 4.4.x step-by-step procedure to renew expired oVirt certificates
by Marko Vrgotic
Dear oVirt,
The oVirt SSL certificated were changed to one-year renewal and we have a problem now.
We are running 4.4.x version with SHE on local storage cluster and we have four more local storage clusters.
One the cluster running SHE, the engine and host certificates have expired. We found the procedure for renewal prior to expiration, but we do not have a mnual one, required once certificates have expired.
Would you be so kind to share the manual or steps needed to fix our oVirt setup.
Thank you in advance.
-----
kind regards/met vriendelijke groeten
Marko Vrgotic
Sr. System Engineer @ System Administration
ActiveVideo
o: +31 (35) 6774131
m: +31 (65) 5734174
e: m.vrgotic(a)activevideo.com<mailto:m.vrgotic@activevideo.com>
w: www.activevideo.com<http://www.activevideo.com>
ActiveVideo Networks BV. Mediacentrum 3745 Joop van den Endeplein 1.1217 WJ Hilversum, The Netherlands. The information contained in this message may be legally privileged and confidential. It is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. If you have received this message in error, please immediately notify the sender and/or ActiveVideo Networks, LLC by telephone at +1 408.931.9200 and delete or destroy any copy of this message.
2 years, 5 months
libvirtd: dependencies is missing or not an array
by jb
Hello everybody,
in the Protocols from node cockpit, I get some times a day this error:
internal error: dependencies is missing or not an array
CODE_FILE ../src/util/virjson.c
CODE_FUNC virJSONValueObjectGetStringArray
CODE_LINE 1324
LIBVIRT_CODE 1
LIBVIRT_DOMAIN 0
LIBVIRT_SOURCE util.error
PRIORITY 3
SYSLOG_FACILITY 24
_BOOT_ID 0d6bdd9755d44dac8afe2207f6d69f8d
_CAP_EFFECTIVE 1ffffffffff
_CMDLINE /usr/sbin/libvirtd
_COMM libvirtd
_EXE /usr/sbin/libvirtd
_GID 0
_HOSTNAME onode1.example.org
_MACHINE_ID 977a6d184c604d42ad81ac03904ccba7
_PID 2505
_SELINUX_CONTEXT system_u:system_r:virtd_t:s0-s0:c0.c1023
_SOURCE_REALTIME_TIMESTAMP 1655362628796631
_SYSTEMD_CGROUP /system.slice/libvirtd.service
_SYSTEMD_INVOCATION_ID f7685b24f045456aac53ce1673f143c7
_SYSTEMD_SLICE system.slice
_SYSTEMD_UNIT libvirtd.service
_TRANSPORT journal
Is this something I have to worry about it?
2 years, 5 months
oVirt 4.5 linux guest vm with host device added to it fails to start
by Don Dupuis
Hello
I have a RHEL 8.6 based hypervisor with a Mellanox ConnectX-5 IB card
installed with SRIOV enabled. The host device I am assigning is
pci_0000_af_00_2. The card is working as I can talk to other infiniband
interfaces on other servers. Below is the output of lspci.
3b:00.0 Ethernet controller: Mellanox Technologies MT27800 Family
[ConnectX-5]
3b:00.1 Ethernet controller: Mellanox Technologies MT27800 Family
[ConnectX-5]
af:00.0 Infiniband controller: Mellanox Technologies MT27800 Family
[ConnectX-5]
af:00.1 Infiniband controller: Mellanox Technologies MT27800 Family
[ConnectX-5 Virtual Function]
af:00.2 Infiniband controller: Mellanox Technologies MT27800 Family
[ConnectX-5 Virtual Function]
af:00.3 Infiniband controller: Mellanox Technologies MT27800 Family
[ConnectX-5 Virtual Function]
af:00.4 Infiniband controller: Mellanox Technologies MT27800 Family
[ConnectX-5 Virtual Function]
The linux vm is configured as Q35 Chipset with UEFI, 16 cpus, numa enabled,
and cpu pinning enabled. OS is RHEL 7.9. As soon as I start the vm, I get
an immediate error message stating "Cannot run VM. There is no host that
satisfies current scheduling constraints. See below for details:, The host
rvsh002 did not satisfy internal filter HostDevice because some of the
required host devices are unavailable." If I remove the host device from
the vm config, then it starts and runs fine. This setup was working just
fine on RHEL8.4 and oVirt 4.4.7 using the proper driver for RHEL 8.4.
Here is the engine.log after I press the run button.
2022-06-10 11:22:10,506-05 INFO [org.ovirt.engine.core.bll.RunVmCommand]
(default task-1) [81144b66-e5f9-474e-a922-e2ce49cdc8ca] Lock Acquired to
object
'EngineLock:{exclusiveLocks='[de54b903-7204-4966-95a3-05f64ed17f68=VM]',
sharedLocks=''}'
2022-06-10 11:22:10,520-05 INFO
[org.ovirt.engine.core.vdsbroker.IsVmDuringInitiatingVDSCommand] (default
task-1) [81144b66-e5f9-474e-a922-e2ce49cdc8ca] START,
IsVmDuringInitiatingVDSCommand(
IsVmDuringInitiatingVDSCommandParameters:{vmId='de54b903-7204-4966-95a3-05f64ed17f68'}),
log id: 6faf22a5
2022-06-10 11:22:10,520-05 INFO
[org.ovirt.engine.core.vdsbroker.IsVmDuringInitiatingVDSCommand] (default
task-1) [81144b66-e5f9-474e-a922-e2ce49cdc8ca] FINISH,
IsVmDuringInitiatingVDSCommand, return: false, log id: 6faf22a5
2022-06-10 11:22:10,560-05 INFO
[org.ovirt.engine.core.bll.scheduling.SchedulingManager] (default task-1)
[] Candidate host 'rvsh002' ('f68352c2-6ddc-44ae-a19b-9262e92327f8') was
filtered out by 'VAR__FILTERTYPE__INTERNAL' filter 'HostDevice'
(correlation id: null)
2022-06-10 11:22:10,569-05 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-1) [] EVENT_ID: USER_FAILED_RUN_VM(54), Failed to run VM
ws006 due to a failed validation: [Cannot run VM. There is no host that
satisfies current scheduling constraints. See below for details:, The host
rvsh002 did not satisfy internal filter HostDevice because some of the
required host devices are unavailable.] (User: admin@internal-authz).
2022-06-10 11:22:10,569-05 WARN [org.ovirt.engine.core.bll.RunVmCommand]
(default task-1) [] Validation of action 'RunVm' failed for user
admin@internal-authz. Reasons:
VAR__ACTION__RUN,VAR__TYPE__VM,SCHEDULING_ALL_HOSTS_FILTERED_OUT,VAR__FILTERTYPE__INTERNAL,$hostName
rvsh002,$filterName
HostDevice,VAR__DETAIL__HOST_DEVICE_UNAVAILABLE,SCHEDULING_HOST_FILTERED_REASON_WITH_DETAIL
2022-06-10 11:22:10,570-0
There was nothing in the vdsm.log on the hypervisor related to this issue
that I could see after hitting the run button.
Thanks
Don
2 years, 5 months
dnf update fails on ovirt node 4.5.0-2022052513
by pat@patfruth.com
I have freshly install ovirt node 4.5 from the iso download here;
https://resources.ovirt.org/pub/ovirt-4.5/iso/ovirt-node-ng-installer/4.5...
The installation appears to have been successful.
Now, when I attempt apply the latest updates with 'dnf update', I get an error
[MIRROR] ovirt-node-ng-image-update-4.5.1-0.1.el8.noarch.rpm: Interrupted by header callback: Server reports Content-Length: 1180431893 but expected size is: 1180857942
Here is the entire output of the dnf update command;
Last metadata expiration check: 0:47:08 ago on Mon 13 Jun 2022 10:55:35 PM MDT.
Dependencies resolved.
=======================================================================================================================================================================
Package Architecture Version Repository Size
=======================================================================================================================================================================
Installing:
ovirt-node-ng-image-update noarch 4.5.1-0.1.el8 ovirt-45-upstream-testing 1.1 G
replacing ovirt-node-ng-image-update-placeholder.noarch 4.5.0.3-1.el8
Transaction Summary
=======================================================================================================================================================================
Install 1 Package
Total download size: 1.1 G
Is this ok [y/N]: y
Downloading Packages:
[MIRROR] ovirt-node-ng-image-update-4.5.1-0.1.el8.noarch.rpm: Interrupted by header callback: Server reports Content-Length: 1180431893 but expected size is: 1180857942
[MIRROR] ovirt-node-ng-image-update-4.5.1-0.1.el8.noarch.rpm: Interrupted by header callback: Server reports Content-Length: 1180431893 but expected size is: 1180857942
[MIRROR] ovirt-node-ng-image-update-4.5.1-0.1.el8.noarch.rpm: Interrupted by header callback: Server reports Content-Length: 1180431893 but expected size is: 1180857942
[MIRROR] ovirt-node-ng-image-update-4.5.1-0.1.el8.noarch.rpm: Interrupted by header callback: Server reports Content-Length: 1180431893 but expected size is: 1180857942
[MIRROR] ovirt-node-ng-image-update-4.5.1-0.1.el8.noarch.rpm: Interrupted by header callback: Server reports Content-Length: 1180431893 but expected size is: 1180857942
[MIRROR] ovirt-node-ng-image-update-4.5.1-0.1.el8.noarch.rpm: Interrupted by header callback: Server reports Content-Length: 1180431893 but expected size is: 1180857942
[MIRROR] ovirt-node-ng-image-update-4.5.1-0.1.el8.noarch.rpm: Interrupted by header callback: Server reports Content-Length: 1180431893 but expected size is: 1180857942
[MIRROR] ovirt-node-ng-image-update-4.5.1-0.1.el8.noarch.rpm: Interrupted by header callback: Server reports Content-Length: 1180431893 but expected size is: 1180857942
[MIRROR] ovirt-node-ng-image-update-4.5.1-0.1.el8.noarch.rpm: Interrupted by header callback: Server reports Content-Length: 1180431893 but expected size is: 1180857942
[MIRROR] ovirt-node-ng-image-update-4.5.1-0.1.el8.noarch.rpm: Interrupted by header callback: Server reports Content-Length: 1180431893 but expected size is: 1180857942
[MIRROR] ovirt-node-ng-image-update-4.5.1-0.1.el8.noarch.rpm: Interrupted by header callback: Server reports Content-Length: 1180431893 but expected size is: 1180857942
[MIRROR] ovirt-node-ng-image-update-4.5.1-0.1.el8.noarch.rpm: Interrupted by header callback: Server reports Content-Length: 1180431893 but expected size is: 1180857942
[FAILED] ovirt-node-ng-image-update-4.5.1-0.1.el8.noarch.rpm: No more mirrors to try - All mirrors were already tried without success
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: Error downloading packages:
ovirt-node-ng-image-update-4.5.1-0.1.el8.noarch: Cannot download, all mirrors were already tried without success
How can I fix this error, and get the latest updates for 4.5 installed?
2 years, 5 months
