[ovirt-users] Re: understanding if real engine offline deployment is possible

Hi Erez, I already tried to put the 2 extra vars one after the other but it doesn't work: $hosted-engine --deploy --ansible-extra-vars=he_appliance_ova=/usr/share/ovirt-engine-appliance/ovirt-engine-appliance-4.4-20211020135049.1.el8.ova he_offline_deployment=true --config-append=/var/lib/ovirt-hosted-engine-setup/answers/answers-20220424174041.conf FATAL: Invalid option 'he_offline_deployment=true' So I tried to put the variables in tmp file as you proposed, but it failed again with same error: 2022-04-29 16:48:01,701+0100 DEBUG otopi.ovirt_hosted_engine_setup.ansible_utils ansible_utils._process_output:106 {'msg': "Failed to download metadata for repo 'ovirt-4.4-centos-ceph-pacific': Can not prepare internal mirrorlist: Curl error (6): Couldn't resolve host name for http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=s... [Could not resolve host: mirrorl ist.centos.org]", 'results': [], 'rc': 1, 'invocation': {'module_args': {'name': ['ovirt-engine'], 'state': 'present', 'allow_downgrade': False, 'autoremove': False, 'bugfix': False, 'disable_gpg_c heck': False, 'disable_plugin': [], 'disablerepo': [], 'download_only': False, 'enable_plugin': [], 'enablerepo': [], 'exclude': [], 'installroot': '/', 'install_repoquery': True, 'install_weak_dep s': True, 'security': False, 'skip_broken': False, 'update_cache': False, 'update_only': False, 'validate_certs': True, 'lock_timeout': 30, 'conf_file': None, 'disable_excludes': None, 'download_di r': None, 'list': None, 'releasever': None}}, '_ansible_no_log': False, 'changed': False, '_ansible_delegated_vars': {'ansible_host': '192.168.222.154', 'ansible_port': None, 'ansible_user': 'root' , 'ansible_connection': 'smart'}} PLease find new log file in attachment. By the way, is it mandatory for a "real" offline deployment to specify the ova archive? (I've read that on an old post) Regarding what Strahil mentioned (modify engine repo in ansible files), is it really doable? engine repo are not hardcoded in the ova? despite the fact that for the moment I can't manage to have a "real" offline deployment, I investigated why the engine can't even resolve mirrorlist.centos.org, and it's becasause the name server in resolv.conf points to the physical host from where I'm trying to do the deployment of the engine, and this physical host is not a dns server...(of course during the deployment of the engine, I've specified a real dns servers that can provide name resolution) so here I have a pb in a pb lol Thx a lot Le ven. 29 avr. 2022 à 14:20, Erez Zarum <erezzarum(a)gmail.com&gt; a écrit : > As I suspected, it hits where i mentioned, but looking again, there's no > bug whatsoever as it should skip it. > From what I see in the logs, it does not pass > "he_offline_deployment=true" as an ansible extra var. > Look at line 6551: "2022-04-24 17:40:41,613+0100 DEBUG otopi.context > context.dumpEnvironment:775 ENV > OVEHOSTED_CORE/ansibleUserExtraVars=str:'he_appliance_ova=/usr/share/ovirt-engine-appliance/ovirt-engine-appliance-4.4-20211020135049.1.el8.ova'" > From looking at the hosted-engine setup script, it does not accept > multiple "--ansible-extra-vars" arguments as it's a wrapper script that > prepares the configuration needed for ansible. > You can either try > "--ansible-extra-vars=he_appliance_ova=/usr/share/ovirt-engine-appliance/ovirt-engine-appliance-4.4-20211020135049.1.el8.ova > he_offline_deployment=true" or: > cat > /tmp/ovirt_he_ansible_extravars.yml <<EOF > he_appliance_ova: > /usr/share/ovirt-engine-appliance/ovirt-engine-appliance-4.4-20211020135049.1.el8.ova > he_offline_deployment: true > EOF > and then passing it as > --ansible-extra-vars=&quot;(a)/tmp/ovirt_he_ansible_extravars.yml&quot; > > Let me know if this works out for you. > > > On Fri, Apr 29, 2022 at 1:36 PM Vincent Kwiatkowski <vk(a)itiviti.com&gt; > wrote: > >> >> Hi, >> >> indeed, being able to manually configure the engine repo (before any >> engine repo is reached of course) would be a good thing, in case we want to >> use some internal repo not on internet (like redhat satellite repo) >> >> But if the engine deployment can really be offline (so no internet >> connection at all) with the default public repo, this can be a step done >> after the engine is deployed. >> >> having the choice could be good, but if there is really an issue on >> ansible side, like Erez mentioned, maybe first need to focus on this^^ >> >> @Erez, please find the engine deploy log file in attachment >> >> thx >> >> Le ven. 29 avr. 2022 à 10:37, Sandro Bonazzola <sbonazzo(a)redhat.com&gt; a >> écrit : >> >>> +Asaf Rachmani <arachman(a)redhat.com&gt; , +Martin Necas >>> <mnecas(a)redhat.com&gt; can you please have a look here? >>> >>> Il giorno gio 28 apr 2022 alle ore 20:18 Erez Zarum < >>> erezzarum(a)gmail.com&gt; ha scritto: >>> >>>> I believe there's a bug here: >>>> https://github.com/oVirt/ovirt-ansible-collection/blob/master/roles/engin... >>>> which besides the he_offline_deployment condition it relies >>>> on ovirt_engine_setup_perform_upgrade which is never passed to from the >>>> hosted_engine_setup role. >>>> If he can post the full log, it will be easier to understand where the >>>> issue is and why does ansible triggers yum repos. >>>> >>>> Another way to workaround it is to create a pre engine setup hook as >>>> ansible task and use it to configure the repos on the engine vm that it >>>> will use the local repos and not reach the internet at any point. >>>> >>>> >>>> >>>> On Thu, Apr 28, 2022 at 8:55 PM Strahil Nikolov via Users < >>>> users(a)ovirt.org&gt; wrote: >>>> >>>>> Theoretically everything is possible. >>>>> In this situation I can recommend you to open an issue as >>>>> he_offline_deployment=true should really mean offline. >>>>> >>>>> Currently you can modify the Ansible code on the system and modify >>>>> the repos pointing to your Satellite. >>>>> >>>>> Best Regards, >>>>> Strahil Nikolov >>>>> >>>>> On Tue, Apr 26, 2022 at 12:02, vk(a)itiviti.com >>>>> <vk(a)itiviti.com&gt; wrote: >>>>> Hi Everyone, >>>>> In my compagny, we try to deploy engine on 2 RHEL8 hosts we already >>>>> installed. >>>>> >>>>> We don't have direct internet access, so the RHEL8 hosts have been >>>>> setup using some internal EL repo (using redhat satellite) >>>>> >>>>> We have also duplicated internaly the necessary ovirt repositories, >>>>> so all ovirt packages can be installed. >>>>> >>>>> Now the blocking part is the deployment of the engine. Is it really >>>>> possible to deploy an engine without having internet connection? >>>>> >>>>> We tried several time but never succeeded. >>>>> >>>>> I tried with ansible extra var "he_offline_deployment=true", naively >>>>> thinking it will download necessary packages for the engine through the >>>>> repositories already configured on the physical hosts (like the physical >>>>> host act as proxy) >>>>> >>>>> I also tried by specifying the ova file with >>>>> he_appliance_ova=/usr/share/ovirt-engine-appliance/ovirt-engine-appliance-4.4-20211020135049.1.el8.ova >>>>> >>>>> both options have also been tried together >>>>> (--ansible-extra-vars=he_appliance_ova=/usr/share/ovirt-engine-appliance/ovirt-engine-appliance-4.4-20211020135049.1.el8.ova >>>>> --ansible-extra-vars=he_offline_deployment=true) >>>>> >>>>> But at the end, it seems the engine deployment process makes the >>>>> engine to need to reach the ovirt internet repositories, as it always >>>>> failed with: >>>>> >>>>> 2022-04-24 17:39:53,268+0100 ERROR >>>>> otopi.ovirt_hosted_engine_setup.ansible_utils >>>>> ansible_utils._process_output:110 fatal: [localhost -> 192.168.1.154]: >>>>> FAILED! => {"changed": false, "msg": "Failed to download metadata for repo >>>>> 'ovirt-4.4-centos-ceph-pacific': Cannot download repomd.xml: Cannot >>>>> download repodata/repomd.xml: All mirrors were tried", "rc": 1, "results": >>>>> []} >>>>> >>>>> FYI the pacific repo works fine when we download packages on physical >>>>> hosts. >>>>> ANother thing to know is that before being able to use our internal >>>>> repo present on our redhat satellite, a system need to install the >>>>> satellite crtificate, and register to satellite. >>>>> >>>>> it would be so nice if we can achieve a fully offline engine deploy >>>>> (which mean no internet access at all, including the engine itself), but we >>>>> start to lack of clues if it's really possible. >>>>> >>>>> Here are all the ovirt packages installed on the physical hosts: >>>>> >>>>> $rpm -qa | grep ovirt >>>>> ovirt-ansible-collection-1.6.5-1.el8.noarch >>>>> ovirt-imageio-daemon-2.3.0-1.el8.x86_64 >>>>> ovirt-host-4.4.9-2.el8.x86_64 >>>>> ovirt-engine-appliance-4.4-20211020135049.1.el8.x86_64 >>>>> ovirt-imageio-common-2.3.0-1.el8.x86_64 >>>>> python3-ovirt-engine-sdk4-4.4.15-1.el8.x86_64 >>>>> ovirt-host-dependencies-4.4.9-2.el8.x86_64 >>>>> ovirt-hosted-engine-setup-2.5.4-2.el8.noarch >>>>> ovirt-imageio-client-2.3.0-1.el8.x86_64 >>>>> ovirt-vmconsole-host-1.0.9-1.el8.noarch >>>>> ovirt-provider-ovn-driver-1.2.34-1.el8.noarch >>>>> cockpit-ovirt-dashboard-0.15.1-1.el8.noarch >>>>> python3-ovirt-setup-lib-1.3.2-1.el8.noarch >>>>> ovirt-hosted-engine-ha-2.4.9-1.el8.noarch >>>>> ovirt-vmconsole-1.0.9-1.el8.noarch >>>>> >>>>> thanks a lot in advance >>>>> _______________________________________________ >>>>> Users mailing list -- users(a)ovirt.org >>>>> To unsubscribe send an email to users-leave(a)ovirt.org >>>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html >>>>> oVirt Code of Conduct: >>>>> https://www.ovirt.org/community/about/community-guidelines/ >>>>> List Archives: >>>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/5IKRUH4A3MY... >>>>> >>>>> _______________________________________________ >>>>> Users mailing list -- users(a)ovirt.org >>>>> To unsubscribe send an email to users-leave(a)ovirt.org >>>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html >>>>> oVirt Code of Conduct: >>>>> https://www.ovirt.org/community/about/community-guidelines/ >>>>> List Archives: >>>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/OTS7PU7DMWC... >>>>> >>>> _______________________________________________ >>>> Users mailing list -- users(a)ovirt.org >>>> To unsubscribe send an email to users-leave(a)ovirt.org >>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html >>>> oVirt Code of Conduct: >>>> https://www.ovirt.org/community/about/community-guidelines/ >>>> List Archives: >>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/NTFKYX32VGD... >>>> >>> >>> >>> -- >>> >>> Sandro Bonazzola >>> >>> MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV >>> >>> Red Hat EMEA <https://www.redhat.com/> >>> >>> sbonazzo(a)redhat.com >>> <https://www.redhat.com/> >>> >>> *Red Hat respects your work life balance. Therefore there is no need to >>> answer this email out of your office hours.* >>> >>> >>> >> ______________________________ >> >> >> The information contained in or attached to this email is strictly >> confidential. If you are not the intended recipient, please notify us >> immediately by telephone and return the message to us. Email communications >> by definition contain personal information. The Itiviti group of companies >> is subject to European data protection regulations. >> >> Itiviti’s Privacy Notice is available at www.itiviti.com. Itiviti >> expects the recipient of this email to be compliant with Itiviti’s Privacy >> Notice and applicable regulations. Please advise us immediately at >> dataprotectionteam(a)Itiviti.com if you are not compliant with these. >> > ______________________________ The information contained in or attached to this email is strictly confidential. If you are not the intended recipient, please notify us immediately by telephone and return the message to us. Email communications by definition contain personal information. The Itiviti group of companies is subject to European data protection regulations. Itiviti’s Privacy Notice is available at www.itiviti.com. Itiviti expects the recipient of this email to be compliant with Itiviti’s Privacy Notice and applicable regulations. Please advise us immediately at dataprotectionteam(a)Itiviti.com if you are not compliant with these.