I'm writing a script to install a new SSL key/cert pair (from Let's
Encrypt) for the engine web UI on oVirt 4.1. I'm looking at this, but
it's a little confusing.
It sounds like steps 1 and 3 are referring to the CA-supplied
intermediate cert(s), not the actual issue cert for the server. Is that
Does anything actually use the PCKS12 format file referred to in step 4?
I don't normally see that format from regular CAs; they usually provide
cert+intermediate(s) in PEM format.
With Apache 2.4, it is normal to just put the cert+intermediate(s) chain
in one file and configure Apache with SSLCertificateFile. You aren't
supposed to put the CA-supplied cert in the SSLCACertificateFile like
oVirt appears to do; that's intended to be used for validating client
certs, not the intermediate(s) for the server cert.
It really just looks like the cert+intermediate(s) should go in
/etc/pki/ovirt-engine/certs/apache.cer, the corresponding key put in
/etc/pki/ovirt-engine/keys/apache.key.nopass, and then Apache needs to
be restarted. Since oVirt doesn't use the engine web UI cert for
anything internally (right?), do any of the other steps on the above
Chris Adams <cma(a)cmadams.net>
I'm trying to configure a Centos 7 machine to serve as a host, but I'm not
successful. I already get the message "Host Host1 moved to Non-Operational
state as host CPU type is not supported in this cluster compatibility
version or is not supported at all".
Here the commands that I used to configure the host:
$ sudo yum install
$ sudo yum install vdsm
$ sudo yum install centos-release-ovirt41
$ sudo systemctl disable firewalld
$ sudo systemctl disable NetworkManager
$ sudo vim /etc/selinux/config
$ sudo vim /etc/hosts
10.142.0.3 ovirthost-1.c.sharp-quest-137201.internal ovirthost-1 # Added
10.142.0.2 ovirtengine-1.c.sharp-quest-137201.internal ovirtengine-1
Arthur Rodrigues Stilben
We have an ovirt cluster hyperconverged with hosted engine on 3 full
replicated node . This cluster have 2 gluster volume:
- data: volume for the Data (Master) Domain (For vm)
- engine: volume fro the hosted_storage Domain (for hosted engine)
We have this problem: "engine" gluster volume have always unsynced elements
and we cant' fix the problem, on command line we have tried to use the
"heal" command but elements remain always unsynced ....
Below the heal command "status":
[root@node01 ~]# gluster volume heal engine info
Number of entries: 12
Number of entries: 12
Number of entries: 0
running the "gluster volume heal engine" don't solve the problem...
Some extra info:
We have recently changed the gluster from: 2 (full repliacated) + 1 arbiter
to 3 full replicated cluster but i don't know this is the problem...
The "data" volume is good and healty and have no unsynced entry.
Ovirt refuse to put the node02 and node01 in "maintenance mode" and
complains about "unsynced elements"
How can I fix this?
I've playing with ovirt self hosted engine setup and I even use it to
production for several VM. The setup I have is 3 server with gluster
storage in replica 2+1 (1 arbiter).
The data storage domain where VMs are stored is mounted with gluster
through ovirt. The performance I get for the VMs is very low and I was
thinking to switch and mount the same storage through NFS instead of
The only think I am hesitant is how can I ensure high availability of the
storage when I loose one server? I was thinking to have at /etc/hosts sth
then use nfsmount as the server name when adding this domain through ovirt
Are there any other more elegant solutions? What do you do for such cases?
Note: gluster has the back-vol-file option which provides a lean way to
have redundancy on the mount point and I am using this when mounting with
Has anyone used the Geo Replication to facilitate Backups/DR? I'm looking
to validate my thoughts since Geo Replication is a function in oVirt now.
I'm considering this instead of the snap, clone, export, backup, delete
clone, delete snap method.
Senior Systems Administrator
(509) 324-1230 Fax: (509) 324-1234