Migrating from a self hosted engine to standalone
by redhat@intheoutback.com
Hi, I am in the process of moving our oVirt environment from a self hosted engine to a standalone engine on it's own HW. I have Googled and found a procedure for standalone > self hosted, but not the other way around.
My current situation is that I have 5 locations running oVirt 4.3 with 3 to 4 hypervisors and iSCSI storage backend, with a self hosted engine. All these locations are operational and short a downtime is acceptable if a must, losing a VM is NOT good.
I also have 1 oVirt environment 4.3 with 2 hypervisors and iSCSI backend that is my QA/Test.
All my networks are on internal networks with no outside world connections.
Most importantly, we are also looking at upgrading from 4.3 to 4.4
I have not found any straightforward way to migrate from self hosted to standalone.
My current plan is to do the following.
1) Create a new 4.4 standalone engine
2) Remove one hypervisor from the 4.3 cluster
3) Kickstart the hypervisor to RHEL 8.8 and configure ready for oVirt 4.4
4) Add the new host to the standalone engine.
5) Shutdown and export a number of VMs in the oVirt 4.3 and import them in to the new oVirt 4.4.
6) Repeat steps 2 > 5 until the everything is moved over.
Just wanting to get your expert opinions on this method or is there a much quicker easier method that will not risk the chances of losing the cluster/VMs or an extended outage.
Since we need to upgrade anyway from 4.3 to 4.4 I thought this the better method that upgrading the operational clusters.
Thanks
1 year, 2 months
Need to renew ovirt engine certificate
by Sachendra Shukla
Hi Team,
The oVirt Engine certificate is scheduled to expire on February 1, 2024.
Consequently, we need to initiate the certificate upgrade process. Could
you please share the steps and process for the certificate upgrade? I have
attached a snapshot below for your reference.
[image: image.png]
Regards,
Sachendra Shukla
Yagna iQ, Inc. and subsidiaries
HQ Address: Yagna iQ Inc. 7700 Windrose Ave, Suite G300, Plano, TX 75024,
USA 75024,
Website: https://yagnaiq.com
Contact Customer Support: support(a)yagnaiq.com
Privacy Policy: https://www.yagnaiq.com/privacy-policy/
*This communication and any attachments may contain confidential
information and/or copyright material of Yagna iQ, Inc. *
All unauthorized use, disclosure or distribution is prohibited. If you are
not the intended recipient, please notify Yagna iQ immediately by replying
to the email and destroy all copies of this communication.
This email has been scanned for all known viruses. The sender does not
accept liability for any damage inflicted by viewing the content of this
email.
1 year, 2 months
Re: [ovirt-devel] Re: oVirt 4.6 OS versions
by Guillaume Pavese
Unless someone from the community steps up to take RedHat's role, there
won't be any 4.6
On Fri, Jan 12, 2024 at 8:51 AM Diggy Mc <d03(a)bornfree.org> wrote:
>
> Isn't the oVirt 4.5 Hosted Engine built on CentOS Stream 8 ??? Stream 8
> ends in May 2024. I ask because we are still running on 4.4 and are
> thinking about holding off until oVirt 4.6 before we deploy a new oVirt
> environment.
> _______________________________________________
> Devel mailing list -- devel(a)ovirt.org
> To unsubscribe send an email to devel-leave(a)ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/devel@ovirt.org/message/MBQDZTC5K3R...
>
--
Ce message et toutes les pièces jointes (ci-après le “message”) sont
établis à l’intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur, merci de le détruire et d’en avertir
immédiatement l’expéditeur. Toute utilisation de ce message non conforme a
sa destination, toute diffusion ou toute publication, totale ou partielle,
est interdite, sauf autorisation expresse. L’internet ne permettant pas
d’assurer l’intégrité de ce message . Interactiv-group (et ses filiales)
décline(nt) toute responsabilité au titre de ce message, dans l’hypothèse
ou il aurait été modifié. IT, ES, UK.
<https://interactiv-group.com/disclaimer.html>
1 year, 2 months
oVirt 4.5.5 - Prb with qemu-kvm after upgrade
by Christophe GRENIER
Hello
I have a standalone oVirt Manager 4.5.5-1.el8 and two small clusters.
After upgrading ovir01001 in the "PreProd" cluster from AlmaLinux 8.8 to
8.9, the host was successfully activated but failed to take any VM.
centos-release-ceph-pacific.noarch 1.0-2.el8 @cs8-extras
centos-release-gluster10.noarch 1.0-1.el8s @cs8-extras-common
centos-release-nfv-common.noarch 1-3.el8 @cs8-extras
centos-release-nfv-openvswitch.noarch 1-3.el8 @cs8-extras
centos-release-opstools.noarch 1-12.el8 @cs8-extras
centos-release-ovirt45.noarch 8.9-1.el8s @cs8-extras-common
centos-release-storage-common.noarch 2-2.el8 @cs8-extras
centos-release-stream.x86_64 8.1-1.1911.0.7.el8 @cs8-extras
centos-release-virt-common.noarch 1-2.el8 @cs8-extras
vdsm.x86_64 4.50.5.1-1.el8 @centos-ovirt45
The problem has been "solved" by downgrading all qemu-* packages to the
version in AlmaLinux 8.8
ie. qemu-kvm-6.2.0-40.module_el8.9.0+3681+41cbbcc0.1.alma.1 =>
qemu-kvm-6.2.0-33.module_el8.8.0+3612+f18d2b89.alma.1.x86_64
Please find the relevent log:
- engine_when_failed.log https://pastebin.com/7MG6fYGY
- engine_when_ok.log https://pastebin.com/MegqmMbg
- vdsm_when_failed.log https://pastebin.com/ae4w0pix
- vdsm_when_ok.log https://pastebin.com/d7P0BWDN
Regards
--
,-~~-.___. ._.
/ | ' \ | |--------. Christophe GRENIER
( ) 0 | | | grenier(a)cgsecurity.org
\_/-, ,----' | | |
==== !_!-v---v--.
/ \-'~; .--------. TestDisk & PhotoRec
/ __/~| ._-""|| | Data Recovery
=( _____|_|____||________| https://www.cgsecurity.org
1 year, 2 months
Add Direct LUN to VM with Rest API
by LS CHENG
Hi
Anyone know how to add a Direct LUN to a VM o VM's?
I am trying to clone a couple of VM's fibre channel direct lun's with SAN's
snapshot technology and present those snapshots to another VM's, I would
like to do this with CLI but I cannot find any example for Fibre Channel
Disks and attach them to a VM.
Thanks!
1 year, 2 months
Configure OVN for oVirt failing - vdsm.tool.ovn_config.NetworkNotFoundError: hostname
by huw.m@twinstream.com
Hello,
When installing the self-hosted engine using rocky 9 as a host (using nightly builds), the install gets as far as running the below ansible task from ovirt-engine
- name: Configure OVN for oVirt
ansible.builtin.command: >
vdsm-tool ovn-config {{ ovn_central }} {{ ovn_tunneling_interface }} {{ ovn_host_fqdn }}
This command gets executed as vdsm-tool ovn-config 192.168.57.4 hostname.my.project.com
and fails with error
"stderr" : "Traceback (most recent call last):\n File \"/usr/lib/python3.9/site-packages/vdsm/tool/ovn_config.py\", line 117, in get_network\n return networks[net_name]\nKeyError: 'virt-1.local.hyp.twinstream.com'\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File \"/usr/bin/vdsm-tool\", line 195, in main\n return tool_command[cmd][\"command\"](*args)\n File \"/usr/lib/python3.9/site-packages/vdsm/tool/ovn_config.py\", line 63, in ovn_config\n ip_address = get_ip_addr(get_network(network_caps(), net_name))\n File \"/usr/lib/python3.9/site-packages/vdsm/tool/ovn_config.py\", line 119, in get_network\n raise NetworkNotFoundError(net_name)\nvdsm.tool.ovn_config.NetworkNotFoundError: hostname.my.project.com"
Running `vdsm-tool list-nets` on the host gives an empty list.
`ip a` gives
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:6d:16:65 brd ff:ff:ff:ff:ff:ff
altname enp0s6
altname ens6
inet 192.168.121.29/24 brd 192.168.121.255 scope global dynamic noprefixroute eth0
valid_lft 2482sec preferred_lft 2482sec
inet6 fe80::5054:ff:fe6d:1665/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:6b:f4:7b brd ff:ff:ff:ff:ff:ff
altname enp0s7
altname ens7
inet 192.168.56.151/24 brd 192.168.56.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe6b:f47b/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
link/ether 52:54:00:8f:40:45 brd ff:ff:ff:ff:ff:ff
altname enp0s8
altname ens8
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:2f:27:9d brd ff:ff:ff:ff:ff:ff
altname enp0s9
altname ens9
6: eth4: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bondstorage state UP group default qlen 1000
link/ether 52:54:00:b8:9b:d7 brd ff:ff:ff:ff:ff:ff
altname enp0s10
altname ens10
7: eth5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:c2:9a:bd brd ff:ff:ff:ff:ff:ff
altname enp0s11
altname ens11
8: eth6: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bondvm state UP group default qlen 1000
link/ether 52:54:00:ed:f7:cc brd ff:ff:ff:ff:ff:ff
altname enp0s12
altname ens12
9: eth7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:de:8a:48 brd ff:ff:ff:ff:ff:ff
altname enp0s13
altname ens13
10: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 52:54:00:8f:40:45 brd ff:ff:ff:ff:ff:ff
inet 192.168.57.4/24 brd 192.168.57.255 scope global noprefixroute bond0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe8f:4045/64 scope link
valid_lft forever preferred_lft forever
11: bondvm: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 52:54:00:ed:f7:cc brd ff:ff:ff:ff:ff:ff
inet6 fe80::5054:ff:feed:f7cc/64 scope link
valid_lft forever preferred_lft forever
12: bondstorage: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 52:54:00:b8:9b:d7 brd ff:ff:ff:ff:ff:ff
inet 192.168.59.4/24 brd 192.168.59.255 scope global noprefixroute bondstorage
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:feb8:9bd7/64 scope link
valid_lft forever preferred_lft forever
13: bondvm.20@bondvm: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 52:54:00:ed:f7:cc brd ff:ff:ff:ff:ff:ff
inet6 fe80::5054:ff:feed:f7cc/64 scope link
valid_lft forever preferred_lft forever
15: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 52:54:00:b2:5f:e2 brd ff:ff:ff:ff:ff:ff
inet 192.168.222.1/24 brd 192.168.222.255 scope global virbr0
valid_lft forever preferred_lft forever
16: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master virbr0 state UNKNOWN group default qlen 1000
link/ether fe:16:3e:34:3d:ea brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc16:3eff:fe34:3dea/64 scope link
valid_lft forever preferred_lft forever
47: ;vdsmdummy;: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 6e:27:5f:fa:e3:3a brd ff:ff:ff:ff:ff:ff
48: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 12:7c:d9:2e:cf:26 brd ff:ff:ff:ff:ff:ff
49: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether a2:35:6e:5e:4c:60 brd ff:ff:ff:ff:ff:ff
bond0 was selected as the ovirtmgmt bridge NIC. It currently only has one member interface eth2 using balance-xor. In the ovirt management console I can the see host in a down state and given the rest of the playbook ran which requires ssh connectivity between hosted-engine and host, I believe the network is generally setup correctly.
No other immediate errors I can. As vdsm-tool ovn-config expects a network to exist with value of the hostname, what is meant to be creating this on the host?
Thanks,
Huw
1 year, 2 months
VM Unknow Status
by ankit@eurus.net
One of node is got non-responsive suddenly and some VM stuck on Unknow Status, I am trying to change status but unable to login in DB.
su - postgres
psql engine
psql command not found error.
Can someone help me to get rid of it?
Thanks,
Ankit Sharma
1 year, 2 months
how to renew expired ovirt node vdsm cert manually ?
by dhanaraj.ramesh@yahoo.com
below are the steps to renew the expired vdsm cert of ovirt node
# To check CERT expired
# openssl x509 -in /etc/pki/vdsm/certs/vdsmcert.pem -noout -dates
1. Backup vdsm folder
# cd /etc/pki
# mv vdsm vdsm.orig
# mkdir vdsm ; chown vdsm:kvm vdsm
# cd vdsm
# mkdir libvirt-vnc certs keys libvirt-spice libvirt-migrate
# chown vdsm:kvm libvirt-vnc certs keys libvirt-spice libvirt-migrate
2. Regenerate cert & keys
# vdsm-tool configure --module certificates
3. Copy the cert to destination location
chmod 440 /etc/pki/vdsm/keys/vdsmkey.pem
chown root /etc/pki/vdsmcerts/*pem
chmod 644 /etc/pki/vdsmcerts/*pem
cp /etc/pki/vdsm/certs/cacert.pem /etc/pki/vdsm/libvirt-spice/ca-cert.pem
cp /etc/pki/vdsm/keys/vdsmkey.pem /etc/pki/vdsm/libvirt-spice/server-key.pem
cp /etc/pki/vdsm/certs/vdsmcert.pem /etc/pki/vdsm/libvirt-spice/server-cert.pem
cp /etc/pki/vdsm/certs/cacert.pem /etc/pki/vdsm/libvirt-vnc/ca-cert.pem
cp /etc/pki/vdsm/keys/vdsmkey.pem /etc/pki/vdsm/libvirt-vnc/server-key.pem
cp /etc/pki/vdsm/certs/vdsmcert.pem /etc/pki/vdsm/libvirt-vnc/server-cert.pem
cp -p /etc/pki/vdsm/certs/cacert.pem /etc/pki/vdsm/libvirt-migrate/ca-cert.pem
cp -p /etc/pki/vdsm/keys/vdsmkey.pem /etc/pki/vdsm/libvirt-migrate/server-key.pem
cp -p /etc/pki/vdsm/certs/vdsmcert.pem /etc/pki/vdsm/libvirt-migrate/server-cert.pem
chown root:qemu /etc/pki/vdsm/libvirt-migrate/server-key.pem
cp -p /etc/pki/vdsm.orig/keys/libvirt_password /etc/pki/vdsm/keys/
mv /etc/pki/libvirt/clientcert.pem /etc/pki/libvirt/clientcert.pem.orig
mv /etc/pki/libvirt/private/clientkey.pem /etc/pki/libvirt/private/clientkey.pem.orig
mv /etc/pki/CA/cacert.pem /etc/pki/CA/cacert.pem.orig
cp -p /etc/pki/vdsm/certs/vdsmcert.pem /etc/pki/libvirt/clientcert.pem
cp -p /etc/pki/vdsm/keys/vdsmkey.pem /etc/pki/libvirt/private/clientkey.pem
cp -p /etc/pki/vdsm/certs/cacert.pem /etc/pki/CA/cacert.pem
3. cross check the backup folder /etc/pki/vdsm.orig vs /etc/pki/vdsm
# refer to /etc/pki/vdsm.orig/*/ and set the correct owner & group permission in /etc/pki/vdsm/*/
4. restart services # Make sure both services are up
systemctl restart vdsmd libvirtd
1 year, 2 months
Updated Ovirt Engine (4.5.5) - apache/websocket certs not renewed. (self signed) - Ive manually updated apache, how to do websocket?
by morgan cox
Hi.
We have an Ovirt system, today I updated the engine to v4.5.5, the engine uses self-signed certs/CA.
After the update (and engine-setup) I checked cert expiry dates
-----
/etc/pki/ovirt-engine/ca.pem: Mar 24 15:10:29 2031 GMT
/etc/pki/ovirt-engine/certs/apache.cer: Jan 11 15:11:58 2029 GMT
/etc/pki/ovirt-engine/certs/engine.cer: May 10 11:13:51 2028 GMT
/etc/pki/ovirt-engine/qemu-ca.pem Mar 24 15:10:35 2031 GMT
/etc/pki/ovirt-engine/certs/websocket-proxy.cer Jun 11 11:13:52 2024 GMT
/etc/pki/ovirt-engine/certs/jboss.cer May 10 11:13:51 2028 GMT
/etc/pki/ovirt-engine/certs/ovirt-provider-ovn May 10 11:13:55 2028 GMT
/etc/pki/ovirt-engine/certs/ovn-ndb.cer May 10 11:13:54 2028 GMT
/etc/pki/ovirt-engine/certs/ovn-sdb.cer May 10 11:13:54 2028 GMT
/etc/pki/ovirt-engine/certs/vmconsole-proxy-helper.cer May 26 16:27:04 2027 GMT
/etc/pki/ovirt-engine/certs/vmconsole-proxy-host.cer May 26 16:27:05 2027 GMT
/etc/pki/ovirt-engine/certs/vmconsole-proxy-user.cer May 26 16:27:04 2027 GMT
---
I thought that Ovirt should auto update these when using engine-setup ?
I manually updated apache cert using info from -> https://access.redhat.com/solutions/3329431 - i.e /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name=apache --password="@PASSWORD@" --subject="${SUBJECT}"
How can I update the websocket cert also ?
Any help would be welcomed - thanks
1 year, 2 months
hosted-engine deploy skip storage configuration
by laetitia.gilet@bnf.fr
Hello,
I'm trying to install ovirt from the command line on an ovirt 4.5.5 el9 Ovirt node.
I prepared my LUN and multipath configuration and then run
hosted-engine --deploy --4
The storage configuration is skipped and I am not prompted about which storage domain type I want to use.
In the log the shows the few questions i've aswered :
QUESTION/1/CI_APPLY_OPENSCAP_PROFILE=str:no
QUESTION/1/CI_DNS=str:172.20.11.100
QUESTION/1/CI_ENABLE_FIPS=str:no
QUESTION/1/CI_INSTANCE_DOMAINNAME=str:example.fr
QUESTION/1/CI_INSTANCE_HOSTNAME=str:ovirt-prod.example.fr
QUESTION/1/CI_ROOT_PASSWORD=str:**FILTERED**
QUESTION/1/CI_ROOT_SSH_ACCESS=str:yes
QUESTION/1/CI_ROOT_SSH_PUBKEY=str:
QUESTION/1/CI_VM_ETC_HOST=str:yes
QUESTION/1/CI_VM_STATIC_NETWORKING=str:static
QUESTION/1/CLOUDINIT_VM_STATIC_IP_ADDRESS=str:172.20.82.2
QUESTION/1/DEPLOY_PROCEED=str:yes
QUESTION/1/DIALOGOVEHOSTED_NOTIF/destEmail=str:admin@example.fr
QUESTION/1/DIALOGOVEHOSTED_NOTIF/smtpPort=str:25
QUESTION/1/DIALOGOVEHOSTED_NOTIF/smtpServer=str:smtp.example.fr
QUESTION/1/DIALOGOVEHOSTED_NOTIF/sourceEmail=str:noreply-ovirt@example.fr
QUESTION/1/ENGINE_ADMIN_PASSWORD=str:**FILTERED**
QUESTION/1/OVEHOSTED_GATEWAY=str:172.20.82.1
QUESTION/1/OVEHOSTED_NETWORK_TEST=str:dns
QUESTION/1/OVEHOSTED_VMENV_OVF_ANSIBLE=str:
QUESTION/1/OVESETUP_NETWORK_FQDN_first_HE=str:kvm.example.fr
QUESTION/1/ovehosted_bridge_if=str:bond1
QUESTION/1/ovehosted_cluster_name=str:PC_Crise
QUESTION/1/ovehosted_datacenter_name=str:Ovirt-prod
QUESTION/1/ovehosted_enable_keycloak=str:no
QUESTION/1/ovehosted_vmenv_cpu=str:4
QUESTION/1/ovehosted_vmenv_mac=str:00:16:3e:71:7e:ed
QUESTION/1/ovehosted_vmenv_mem=str:16384
QUESTION/2/CI_ROOT_PASSWORD=str:**FILTERED**
QUESTION/2/ENGINE_ADMIN_PASSWORD=str:**FILTERED**
...
otopi.dialog.human dialog.__logString:204 DIALOG:SEND
2024-01-10 15:26:40,556+0100 DEBUG otopi.plugins.otopi.dialog.human dialog.__logString:204 DIALOG:SEND --== STORAGE CONFIGURATION ==--
2024-01-10 15:26:40,556+0100 DEBUG otopi.plugins.otopi.dialog.human dialog.__logString:204 DIALOG:SEND
2024-01-10 15:26:40,557+0100 DEBUG otopi.context context._executeMethod:124 Stage customization METHOD otopi.plugins.otopi.dialog.cli.Plugin._customize
2024-01-10 15:26:40,557+0100 DEBUG otopi.context context._executeMethod:134 otopi.plugins.otopi.dialog.cli.Plugin._customize condition False
2024-01-10 15:26:40,558+0100 DEBUG otopi.context context._executeMethod:124 Stage customization METHOD otopi.plugins.gr_he_common.core.titles.Plugin._storage_end
2024-01-10 15:26:40,559+0100 DEBUG otopi.context context._executeMethod:124 Stage customization METHOD otopi.plugins.gr_he_common.core.titles.Plugin._network_start
2024-01-10 15:26:40,559+0100 DEBUG otopi.plugins.otopi.dialog.human dialog.__logString:204 DIALOG:SEND
2024-01-10 15:26:40,55
My host see the LUN and multipath -ll result is OK
Can you help me to configure the vm engine storage to FC please ?
Laetitia
1 year, 2 months