4.3.10 cannot start VMs because of an error with USB
by Pascal D
I am still running 4.3.10 and suddenly I get this error everytime I restart a VM, any Vm on any host (I have 13 hosts in 2 different clusters)
VM FLEETGEN-PCC-001 is down with error. Exit message: XML error: there is no hub at port 1 in USB address bus: 0 port: 1.1.
Any idea what could be different. Template hasn't changed
2 years, 4 months
Import KVM VMs on individual iSCSI luns
by spierce@cts1.com
Greetings,
Is it possible with oVirt to import existing VMs where the underlying storage is on raw iSCSI luns and to keep them on those luns?
The historical scenario is that we have Virtual farms in multiple sites managed by an ancient Orchestration tool that does not support modern OS's as the hypervisor.
- In each site, there are clusters of hypervisors/Hosts that have visibility to the same iSCSI luns.
- Each VM has it's own set of iscsi luns that are totally dedicated to that VM
- Each VM is using LVM to manage the disk
- Each Host has LVM filtering configured to NOT manage the VM's iscsi luns
- The VMs can be live migrated from any Hypervisor within the cluster to any other Hypervisor in that same cluster
We are attempting to bring this existing environment into oVirt without replacing the storage model.
Is there any documentation that will serve as a guide for this scenario?
In a lab environment, we have successfully
- Added 2 hypervisors (hosts) and oVirt can see their VMs as external-ovtest1 and external-ovtest2
- Removed the LVM filtering on the hosts
- Created a storage domain that is able to see the iscsi luns, but we have not yet done the 'add' of each lun
Is it possible to import these luns as raw block devices without LVM being layered on top of them?
Is it required to actually import the luns into a storage domain, or can the VM's still be imported if all luns are visible on all hosts in the cluster?
In the grand scheme of things, are we trying to do something that is not possible with oVirt?
If it is possible, we would greatly appreciate tips, pointers, links to docs etc that will help us migrate this environment to oVirt.
Thanks in Advance
- S
2 years, 4 months
Q: Instaling Ovirt Engine 4.4.10 on Clean CentOS 8 Stream
by Andrei Verovski
Hi,
Since I run into a lot of problems upgrading 4.4.7 to 4.4.10, is it OK to install clean
CentOS-Stream-8-x86_64-20220712-dvd1.iso
and restore from backup?
4.4.10 release long before Stream 20220712, may I run again into similar problems, or I need to use earlier snapshot of Stream 8 ?
I use dedicated engine PC, not hosted engine.
Thanks in advance for any suggestion(s)
Andrei
2 years, 4 months
Keycloak - the default OpenID/SSO provider for oVirt Engine
by Artur Socha
Hi,
With Ovirt 4.5.1 release [1], the Keycloak based authentication is enabled
by default for fresh/new installations.
Here [2] you can find some usage scenarios describing when/how it is
enabled.
In short - if you just want to login to oVirt Admin / VM / Monitoring
portal, please use 'admin@ovirt' user and the password provided during
engine-setup.
There is ongoing work to make it more explicit [3] and it will be addressed
soon.
For Rest API access, the full user with profile name is required as
username: admin@ovirt@internalsso
Here is a sample 'curl' illustrating the flow:
$ curl -k -H "Accept: application/json" '
https://ENGINE_FQDN/ovirt-engine/sso/oauth/token?grant_type=password&user...
'
And the token response:
{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJEdS10MlVQd0JaZ0gtRU1JUkRTRHFxNFZIOUhZbnc4Nkk5QUlGOERxZ1l3In0.eyJleHAiOjE2NTcyMTY5MzAsImlhdCI6MTY1NzE5OTY1MCwianRpIjoiNTAwOWVkMmItMjc3ZS00YjVmLWEwOTItMjI4MDhkMWFhMWJjIiwiaXNzIjoiaHR0cHM6Ly9kZXYzLmRvbS9vdmlydC1lbmdpbmUtYXV0aC9yZWFsbXMvb3ZpcnQtaW50ZXJuYWwiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiMjczMTlkODMtYjdkYy00MzU2LTllMmQtYjJmNzg5NWI3YjczIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoib3ZpcnQtZW5naW5lLWludGVybmFsIiwic2Vzc2lvbl9zdGF0ZSI6IjNmODM5NjY2LTQyNzUtNDRhNC1hNDRhLTM3Njc5MzgxNDRiOCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cHM6Ly9kZXYzLmRvbSJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiZGVmYXVsdC1yb2xlcy1vdmlydC1pbnRlcm5hbCIsIm9mZmxpbmVfYWNjZXNzIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6Im92aXJ0LWV4dD10b2tlbi1pbmZvOnB1YmxpYy1hdXRoei1zZWFyY2ggb3ZpcnQtYXBwLWFwaSBvdmlydC1leHQ9dG9rZW46cGFzc3dvcmQtYWNjZXNzIG92aXJ0LWV4dD10b2tlbi1pbmZvOmF1dGh6LXNlYXJjaCBvdmlydC1leHQ9dG9rZW4taW5mbzp2YWxpZGF0ZSBlbWFpbCBwcm9maWxlIiwic2lkIjoiM2Y4Mzk2NjYtNDI3NS00NGE0LWE0NGEtMzc2NzkzODE0NGI4IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cHMiOlsiL292aXJ0LWFkbWluaXN0cmF0b3IiXSwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW5Ab3ZpcnQiLCJlbWFpbCI6ImFkbWluQGxvY2FsaG9zdCJ9.Ov2IJ-ghtXSB6eb7osWZgT_yeb4prBgVzUU9vAY_VMoDr-ie5bMYBUyinYvNHWpBbYaFGNjg6bC7PHz3-s5H1rxXN1wH13wtIlO4obUbPt8wEb58Slrr42kXBoLLLDrXE3Af9LlabtNjJ0z-a5reSUZmOdVYiJl9sEF4YwG9177mwUSJz7VLQAI1hKN1pg6Ox1sJj2fBwdBqjIiRXsw-KBwoMQx9JmuMk9wCr5-gI5f8I-9Vqizb8Lf5ZJ4SMf35Wy3R8dwQeXXau_7t5zDe9wO9wnc9RfOMCuDCc359-oLDFmtrahgrMjmDx5YrQHol6jC43S_7gQ_2IPLE_TlqiQ","scope":"ovirt-app-api
ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search
ovirt-ext=token-info:validate
ovirt-ext=token:password-access","exp":"9223372036854775807","token_type":"bearer"}%
Now lets use access token to authenticate and fetch hosts:
$ curl -k -H "Accept: application/json" -H "Authorization: Bearer
eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJEdS10MlVQd0JaZ0gtRU1JUkRTRHFxNFZIOUhZbnc4Nkk5QUlGOERxZ1l3In0.eyJleHAiOjE2NTcyMTY5MzAsImlhdCI6MTY1NzE5OTY1MCwianRpIjoiNTAwOWVkMmItMjc3ZS00YjVmLWEwOTItMjI4MDhkMWFhMWJjIiwiaXNzIjoiaHR0cHM6Ly9kZXYzLmRvbS9vdmlydC1lbmdpbmUtYXV0aC9yZWFsbXMvb3ZpcnQtaW50ZXJuYWwiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiMjczMTlkODMtYjdkYy00MzU2LTllMmQtYjJmNzg5NWI3YjczIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoib3ZpcnQtZW5naW5lLWludGVybmFsIiwic2Vzc2lvbl9zdGF0ZSI6IjNmODM5NjY2LTQyNzUtNDRhNC1hNDRhLTM3Njc5MzgxNDRiOCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cHM6Ly9kZXYzLmRvbSJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiZGVmYXVsdC1yb2xlcy1vdmlydC1pbnRlcm5hbCIsIm9mZmxpbmVfYWNjZXNzIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6Im92aXJ0LWV4dD10b2tlbi1pbmZvOnB1YmxpYy1hdXRoei1zZWFyY2ggb3ZpcnQtYXBwLWFwaSBvdmlydC1leHQ9dG9rZW46cGFzc3dvcmQtYWNjZXNzIG92aXJ0LWV4dD10b2tlbi1pbmZvOmF1dGh6LXNlYXJjaCBvdmlydC1leHQ9dG9rZW4taW5mbzp2YWxpZGF0ZSBlbWFpbCBwcm9maWxlIiwic2lkIjoiM2Y4Mzk2NjYtNDI3NS00NGE0LWE0NGEtMzc2NzkzODE0NGI4IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cHMiOlsiL292aXJ0LWFkbWluaXN0cmF0b3IiXSwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW5Ab3ZpcnQiLCJlbWFpbCI6ImFkbWluQGxvY2FsaG9zdCJ9.Ov2IJ-ghtXSB6eb7osWZgT_yeb4prBgVzUU9vAY_VMoDr-ie5bMYBUyinYvNHWpBbYaFGNjg6bC7PHz3-s5H1rxXN1wH13wtIlO4obUbPt8wEb58Slrr42kXBoLLLDrXE3Af9LlabtNjJ0z-a5reSUZmOdVYiJl9sEF4YwG9177mwUSJz7VLQAI1hKN1pg6Ox1sJj2fBwdBqjIiRXsw-KBwoMQx9JmuMk9wCr5-gI5f8I-9Vqizb8Lf5ZJ4SMf35Wy3R8dwQeXXau_7t5zDe9wO9wnc9RfOMCuDCc359-oLDFmtrahgrMjmDx5YrQHol6jC43S_7gQ_2IPLE_TlqiQ"
'https://ENGINE_FQDN/ovirt-engine/api/hosts'
In order to change default Keycloak configuration or set up any additional
identity providers you need to access the Keycloak Administration Panel (
https://YOUR_ENGINE_FQDN/ovirt-engine-auth/admin).
By default, on a fresh installation, you can login using 'admin' and the
password provided during engine-setup.
Keycloak allows to easily use all the features that were previously
supported by oVirt in-house authentication implementation plus many more
almost for free - multi factor authentication, 3rd party identity
providers (ie. github, google, facebook etc.) just to name a few.
For more information please see the Keycloak's documentation [4].
[1] https://www.ovirt.org/release/4.5.1/#keycloak-sso-setup-for-ovirt-engine
[2]
https://github.com/oVirt/ovirt-engine-keycloak/blob/master/keycloak_usage.md
[3] https://bugzilla.redhat.com/show_bug.cgi?id=2101474
[4] https://www.keycloak.org/archive/documentation-15.0.html
Please, let us know if you have any questions/concerns.
Last, but not least, any contributions or bug reports are more than
welcomed!
thanks!
Artur
--
Artur Socha
Senior Software Engineer, RHV
Red Hat
2 years, 4 months
Q: oVirt 4.4.7 -> 4.4.10 Upgrade Woes
by Andrei Verovski
Hi,
I’m running dedicated oVirt Engine (separate PC, not hosted engine) and trying to upgrade 4.4.7 -> 4.4.10.
Quite cumbersome process, since CentOS 8.x was switched to Stream.
OK, then, DNF upgrade went successfully, and after sudo dnf install https://resources.ovirt.org/pub/yum-repo/ovirt-release44.rpm and engine-upgrade I run setup.
Here are the problems.
For whatever reason pki keys get auto-deleted during upgrade:
[WARNING] Unable to ensure permissions on /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
[ ERROR ] Failed to execute stage 'Misc configuration': [Errno 2] No such file or directory: '/etc/pki/ovirt-engine/keys/ovn-sdb.key.nopass'
[ ERROR ] Failed to execute stage 'Misc configuration': [Errno 2] No such file or directory: '/etc/pki/ovirt-engine/keys/ovn-ndb.key.nopass’
Restored these keys from backup (entire “keys” directory).
Still no luck.
[WARNING] Unable to ensure permissions on /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
[ INFO ] Upgrading CA
[ INFO ] Renewing engine certificate
[ ERROR ] Failed to execute stage 'Misc configuration': Command '/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh' failed to execute
No matter if I choose renew keys or not, this failure still present.
Logs attached (its quite big).
How to solve this problem?
Thanks in advance.
2 years, 4 months
Reminder: oVirt Survey Summer 2022
by Sandro Bonazzola
Reminder: oVirt Survey Summer 2022
As we continue to develop oVirt 4.5, the oVirt community would value
insights on your experience with the oVirt project.
If you haven't already done, please help us to hit the mark by completing
this short survey: https://forms.gle/2LxoDKb7njEQwr4f7 .
The survey will close in two weeks on July 29th 2022.
Please note the answers to this survey will be publicly accessible.
This survey is under oVirt Privacy Policy available at
https://ovirt.org/privacy-policy.html .
--
Sandro Bonazzola
MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV
Red Hat EMEA <https://www.redhat.com/>
sbonazzo(a)redhat.com
<https://www.redhat.com/>
*Red Hat respects your work life balance. Therefore there is no need to
answer this email out of your office hours.*
2 years, 4 months
Upgrade from 4.2 directly to 4.5
by Vinícius Ferrão
Hello, I would like to know if I can do an oVirt upgrade directly from 4.2 to 4.5.
I don’t have a free host to upgrade the oVirt Node, so I was hoping that would be possible to fire up a new engine (with restore-backup) on the old oVirt Nodes and later on upgrade the hosts.
Is this possible?
Thank you.
2 years, 4 months
gluster service on the cluster is unchecked on hci cluster
by Jiří Sléžka
Hi,
I would like to change CPU Type in my oVirt 4.4.10 HCI cluster (based on
3 glusterfs/virt hosts). When I try to I got this error
Error while executing action: Cannot disable gluster service on the
cluster as it contains volumes.
As I remember I had Gluster Service enabled on this cluster but now both
(Enable Virt Services and Enable Gluster Service) checkboxes are grayed
out and Gluster Service is unchecked.
Also Storage / Volumes displays my volumes... well, displays one brick
on particular host in unknown state (? mark) which is new situation. As
I can see from command line all bricks are online, no healing in
progress, all looks good...
I am not sure if the second issue is relevant to first one so main
question is how can I (re)enable gluster service in my cluster?
Thanks in advance,
Jiri
2 years, 4 months
VM access to infiniband network
by Roberto Bertucci
Hi all,
i am facing a problem while trying to associate a Mellanox infiniband interface to a network and using it for VM traffic.
vdsm log shows the following message:
The bridge <bridge name> cannot use IP over InfiniBand interface <interface name> as port. Please use RoCE interface instead.
Did anybody face the same problem and solve it?
Actually ib interface is configured with an ip address and we are mounting NFS filesystems on cluster nodes through infiniband network.
2 years, 4 months
