On Tue, Jan 8, 2019 at 5:31 PM Vinícius Ferrão <ferrao(a)versatushpc.com.br>
wrote:
Hello,
On 8 Jan 2019, at 11:20, Simone Tiraboschi <stirabos(a)redhat.com> wrote:
On Mon, Jan 7, 2019 at 10:43 PM Vinícius Ferrão <ferrao(a)versatushpc.com.br>
wrote:
> Simone,
>
> I have additional findings: Ansible was failing because I was defined the
> option without-password on SSH root access. So it fails with an
> authentication failure error during the deployment.
>
> After allowing root access over SSH the hosted engine deployement with
> Ansible worked.
>
> Now I will check if everything else is working fine.
>
> Maybe I need to open a bug on Bugzilla on this issue?
>
Ok, from the logs I see that you set without-password and you correctly
entered a public ssh key when requested.
But then ansible failed to authenticate to the engine VM, as root, with
that password.
So, if you are sure that the correspondent private key was available in
the right place and with the right permissions, please open a bug.
Hello Simone, just to be sure. The private key was always on my personal
computer. It was never on the oVirt Node.
For years I’ve deployed oVirt this way and it worked as expected.
So if the new behaviour demands a private key on the hypervisor this makes
the deployment different.
The purpose of the key and enabling root ssh without-password is to
enforce the security of the hosted engine, right? Not the security between
the hypervisor and hosted engine during the deployment phase. So the
setting without-password should be set at the end of hosted engine
deployment.
If this assumptions are correct I will proceed to the ticket on bugzilla.
Now the whole flow, including engine-setup on the engine VM to create the
DB and so on, is executed with ansible and this requires ansible, executed
on the first host, to be able to authenticate to the engine VM over ssh.
Currently the setup is configuring the root password and/or the root ssh
pub key on the first boot with cloud-init and so this implicitly requires
the user to enable password authentication or to configure the host to be
able to access the engine VM with an ssh key.
What you are proposing requires the setup to inject a temporary key
generated on the fly and remove it at the end or configure without-password
only after the deployment.
It makes sense to me but on my opinion it's more an RFE than a real bug.
Feel free to file it.
Thanks,
>
> Thanks,
>
> On 7 Jan 2019, at 15:22, Vinícius Ferrão <ferrao(a)versatushpc.com.br>
> wrote:
>
> Hello,
>
> On 7 Jan 2019, at 12:52, Simone Tiraboschi <stirabos(a)redhat.com> wrote:
>
>
>
> On Mon, Jan 7, 2019 at 2:03 PM Vinícius Ferrão <ferrao(a)versatushpc.com.br>
> wrote:
>
>> Hello Simone,
>>
>> Sent from my iPhone
>>
>> On 7 Jan 2019, at 07:11, Simone Tiraboschi <stirabos(a)redhat.com> wrote:
>>
>>
>>
>> On Sun, Jan 6, 2019 at 5:31 PM <ferrao(a)versatushpc.com.br> wrote:
>>
>>> Hello,
>>>
>>> I’ve a new oVirt installation using oVirt 4.2.7.1 Node and after
>>> deploying the hosted engine it does not show up on the interface even after
>>> adding the first storage.
>>>
>>> The Datacenter is up but the engine VM and the engine storage does not
>>> appear.
>>>
>>> I have the following message repeated constantly on /var/log/messages:
>>>
>>> Jan 4 20:17:30 ovirt1 journal: ovirt-ha-agent
>>> ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine.config.vm ERROR
>>> Unable to identify the OVF_STORE volume, falling back to initial vm.conf.
>>> Please ensure you already added your first data domain for regular VMs
>>>
>>> What’s wrong? Am I doing something different?
>>>
>>
>> The import of external VM is broken in 4.2.7 as for
>>
https://bugzilla.redhat.com/show_bug.cgi?id=1649615
>> It will be fixed with 4.2.8.
>>
>> In the mean time I strongly suggest to use the regular flow for
>> hosted-engine deployment (simply skip --noansible option) since only the
>> vintage deprecated flow is affected by this issue.
>>
>>
>>
>> Thanks for pointing the issue. I was unable the find this on bugzilla by
>> myself. The title isn’t helping either.
>>
>> But on other hand, I only used the legacy mode because ansible mode
>> fails.
>>
>
> Can you please attach a log of the issue?
>
>
> For sure, logs on the link:
>
http://www.if.ufrj.br/~ferrao/ovirt/issues/ansible-storage-bypass
>
> What happens is that Ansible just bypasses the storage configuration
> questions:
>
> [ INFO ] Stage: Environment packages setup
> [ INFO ] Stage: Programs detection
> [ INFO ] Stage: Environment setup
> [ INFO ] Stage: Environment customization
>
> --== STORAGE CONFIGURATION ==--
>
>
> --== HOST NETWORK CONFIGURATION ==--
>
> Please indicate a pingable gateway IP address [10.20.0.1]:
> [ INFO ] TASK [Gathering Facts]
> [ INFO ] ok: [localhost]
> [ INFO ] TASK [Detecting interface on existing management bridge]
> [ INFO ] skipping: [localhost]
> [ INFO ] TASK [Get all active network interfaces]
> [ INFO ] TASK [Filter bonds with bad naming]
> [ INFO ] TASK [Generate output list]
>
>
>
>
>>
>> I’m not sure why it fails. I can try it again, but I can ask in advance:
>> the management network is bonded, is this an issue? I think I’ve read
>> something about this on this list but I’m unsure.
>>
>
> No, but you should set bond mode 1, 2, 3, or 4.
> Teaming is not supported.
>
>
> Thanks, since I’m using 802.3ad (LACP) - mode 4, I think I’m good.
>
>
>
>>
>> Thanks,
>>
>>
>>>
>>> Additional infos:
>>>
>>> [root@ovirt1 ~]# vdsm-tool list-nets
>>> ovirtmgmt (default route)
>>> storage
>>>
>>> [root@ovirt1 ~]# ip a | grep "inet "
>>> inet 127.0.0.1/8 scope host lo
>>> inet 10.20.0.101/24 brd 10.20.0.255 scope global dynamic ovirtmgmt
>>> inet 192.168.10.1/29 brd 192.168.10.7 scope global storage
>>>
>>> [root@ovirt1 ~]# mount | grep -i nfs
>>> sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime)
>>> 10.20.0.200:/mnt/pool0/ovirt/he on /rhev/data-center/mnt/10.20.0.
>>> <
http://10.20.0.0/>200:_mnt_pool0_ovirt_he type nfs4
>>>
(rw,relatime,vers=4.1,rsize=131072,wsize=131072,namlen=255,soft,nosharecache,proto=tcp,timeo=600,retrans=6,sec=sys,clientaddr=10.20.0.101,local_lock=none,addr=10.20.0.200)
>>>
>>> [root@ovirt1 ~]# hosted-engine --check-deployed
>>> Returns nothing!
>>>
>>> [root@ovirt1 ~]# hosted-engine --check-liveliness
>>> Hosted Engine is up!
>>>
>>> [root@ovirt1 ~]# hosted-engine --vm-status
>>>
>>> --== Host 1 status ==--
>>>
>>> conf_on_shared_storage : True
>>> Status up-to-date : True
>>> Hostname : ovirt1.local.versatushpc.com.br
>>> Host ID : 1
>>> Engine status : {"health": "good",
"vm": "up",
>>> "detail": "Up"}
>>> Score : 3400
>>> stopped : False
>>> Local maintenance : False
>>> crc32 : 1736a87d
>>> local_conf_timestamp : 7836
>>> Host timestamp : 7836
>>> Extra metadata (valid at timestamp):
>>> metadata_parse_version=1
>>> metadata_feature_version=1
>>> timestamp=7836 (Fri Jan 4 20:18:10 2019)
>>> host-id=1
>>> score=3400
>>> vm_conf_refresh_time=7836 (Fri Jan 4 20:18:10 2019)
>>> conf_on_shared_storage=True
>>> maintenance=False
>>> state=EngineUp
>>> stopped=False
>>>
>>>
>>> Thanks in advance,
>>>
>>> PS: Log files are available here:
>>>
http://www.if.ufrj.br/~ferrao/ovirt/issues/he-not-showing/
>>> _______________________________________________
>>> Users mailing list -- users(a)ovirt.org
>>> To unsubscribe send an email to users-leave(a)ovirt.org
>>> Privacy Statement:
https://www.ovirt.org/site/privacy-policy/
>>> oVirt Code of Conduct:
>>>
https://www.ovirt.org/community/about/community-guidelines/
>>> List Archives:
>>>
https://lists.ovirt.org/archives/list/users@ovirt.org/message/IQHM6YQ7HVB...
>>>
>> _______________________________________________
>> Users mailing list -- users(a)ovirt.org
>> To unsubscribe send an email to users-leave(a)ovirt.org
>> Privacy Statement:
https://www.ovirt.org/site/privacy-policy/
>> oVirt Code of Conduct:
>>
https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>>
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BPJAV4AVRN5...
>>
>> _______________________________________________
> Users mailing list -- users(a)ovirt.org
> To unsubscribe send an email to users-leave(a)ovirt.org
> Privacy Statement:
https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
>
https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
>
https://lists.ovirt.org/archives/list/users@ovirt.org/message/NSOQQ5T6VLM...
>
>
>