November 2018 - Users - oVirt List Archives

Separating VM network
by d.gengenbach＠patagona.de 14 Nov '18

14 Nov '18

We would like to separate our VM traffic completely from our host/storage network. As far as I can see, there is no definitive guide to achieve this by using VLANs/separate VM networks/subnetting. In our current setup: - the storage traffic happens in a separate VLAN (configured directly on the switch) on separate NICs on both hosts/storages in the 192.168.179.0/24 subnet - all other infrastructure (oVirt hosts, gateway, DHCP, DNS, VM thinclients, switches, ...) are in the 192.168.178.0/24 subnet We now want to separate the oVirt hosts/engine completely from the other infrastructure, eg. the VMs and thinclients. I am not experienced in networking and would be very thankful for all hints/tipps! Thanks in advance, David

2 3

Migrate datacenter with hosts and VM managed from engine no1 to engine no2
by Punaatua PK 14 Nov '18

14 Nov '18

Hello, we have the current setup. => 1 datacenter on site A with 1 cluster which is compose of 3 hosts and a self-hosted engine => 1 datacenter on site B (let's call this TATA) with 1 cluster compose of 3 hosts which is using glusterfs. This datacenter is managed by the self-hosted engine on site A We want to create on site B another datacenter with 1 cluster and another self-hosted engine then disengage datacenter TATA from self-hosted engine on site A. after that, we want to import all the ressource on the self-hosted engine on site B Is it possible to do this without loosing VM on glusterfs ? Off course VM will be shutdown during the operation. I mean, when a host is added on a new datacenter, ovirt will install package if necessary. Is there any way that ovirt manager erase actual configuration ? Is it safe to do this operation ?

2 2

Ansible upgrade procedures?
by Jayme 14 Nov '18

14 Nov '18

Is it possible to update oVirt HCI environment automatically with ansible? If so are there any specific instructions or details on the process? Thanks!

2 4

FW: [ovrit-users] Anyone with Fiber Channel oVirt Storage Experience?
by Karli Sjöberg 14 Nov '18

14 Nov '18

2 1

Windows VM always growing
by Thomas Fecke 14 Nov '18

14 Nov '18

Hey Guys, we use, for our Windows VMs, "thin Provision". The Problem: the Disk always grow but if I delete Files in Windows the actual Disk size stays the same. Any way to get the "real" Windows Size back again? Some VMs got an Actual Size from about 100 GB - but Windows just got 25 GB Thanks in advanced Thomas

1 0

Engine trying to activate already activated hosts, causing serious instability...
by Jason P. Thomas 14 Nov '18

14 Nov '18

I've got a 4 node cluster running oVirt 4.2.7. 3 hosts are hyperconverged with glusterfs. Engine is running on one of the gluster volumes. Since yesterday, the cluster is completely unstable and will not reliably run VMs including the Engine. A notification will pop up in the WebUI stating "Finished invoking activate on host ovirt1" while the task list indicates "Activating host ovirt1". When this task ultimately fails, the node in question goes NonOperational. All our VMs have been down since 3pm yesterday, so help is greatly appreciated. Sincerely, Jason

2 3

LDAP Bind failing because of SSLHandshakeException after Virtualization Manager was rebooted
by wbhegedus＠gmail.com 14 Nov '18

14 Nov '18

After moving and rebooting our Red Hat Virtualization Manager box to another node in our cluster, we are unable to make LDAP login work using StartTLS. No networking or configuration changes were made, but the logs indicate that the TLS negotiation is failing with our Active Directory domain controllers now. Specifically: "2018-11-13 10:33:12,500-05 WARN [org.ovirt.engineextensions.aaa.ldap.Framework] (ServerService Thread Pool -- 49) [] Exception: The connection reader was unable to successfully complete TLS negotiation: SSLHandshakeException(sun.security.validator.ValidatorException: No trusted certificate found), ldapSDKVersion=4.0.5, revision=b28fb50058dfe2864171df2448ad2ad2b4c2ad58" I have tried everything I can think of. I removed and reimported the certificate for the domain controller in the Java Keystore. I deleted the profile entirely and recreated it. I tried using the full certificate chain and I tried using single certificates from the chain, and all combinations together. For now, we have it working by specifying "pool.default.ssl.insecure = true" in the .properties file, but I'd prefer to have this working again using StartTLS. Is there something I am missing? I want to make sure that I'm not overlooking something before submitting any sort of bug report. Any help is appreciated. Thanks! PS - this is what the properties file looks like: [root@rhvm ~]# cat /etc/ovirt-engine/aaa/liberty.edu.properties include = <ad.properties> vars.domain = liberty.edu vars.user = cn=PREADER,ou=Service Accounts,ou=IS,OU=FSA,dc=University,dc=liberty,dc=edu vars.password = <redacted> pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password} pool.default.serverset.type = srvrecord pool.default.serverset.srvrecord.domain = ${global:vars.domain} pool.default.ssl.startTLS = true pool.default.ssl.truststore.file = ${local:_basedir}/liberty.edu.jks

3 2

Replicated storage gets erased when added to new environment.
by Jacob Green 14 Nov '18

14 Nov '18

So I was testing with two Identical ovirt environments running the latest 4.2 environment. I have iscsi storage set up at Site A, and I have that same storage replicated to Side B, before I get into learning disaster recovery I wanted to see what importing the replicated storage would look like. However when I import it I get the follow, and the vms are wiped from the replicated storage I presented with iscsi. So is this possible with iscsi? Is there another way to go about doing this? My iscsi solution is freenas. -- Jacob Green Systems Admin American Alloy Steel 713-300-5690

2 7

huge page in ovirt 4.2.7
by Fabrice Bacchella 14 Nov '18

14 Nov '18

I'm trying to understand huge page in oVirt, I'm quite sure to understand it well. I have an host with 128GiB. I have configured reserved huge page: cat /proc/cmdline ... hugepagesz=1GB hugepages=120 $ grep -r . /sys/kernel/mm/hugepages /sys/kernel/mm/hugepages/hugepages-1048576kB/nr_overcommit_hugepages:0 /sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages:120 /sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages_mempolicy:120 /sys/kernel/mm/hugepages/hugepages-1048576kB/surplus_hugepages:0 /sys/kernel/mm/hugepages/hugepages-1048576kB/resv_hugepages:0 /sys/kernel/mm/hugepages/hugepages-1048576kB/free_hugepages:120 /sys/kernel/mm/hugepages/hugepages-2048kB/nr_overcommit_hugepages:0 /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages:0 /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages_mempolicy:0 /sys/kernel/mm/hugepages/hugepages-2048kB/surplus_hugepages:0 /sys/kernel/mm/hugepages/hugepages-2048kB/resv_hugepages:0 /sys/kernel/mm/hugepages/hugepages-2048kB/free_hugepages:0 I have a big VM running on it: <custom_properties> <custom_property> <name>hugepages</name> <value>64</value> </custom_property> </custom_properties> <memory>68719476736</memory>, aka 65536 MiB <memory_policy> <guaranteed>34359738368</guaranteed>, aka 32768 MiB <max>68719476736</max> </memory_policy> And it keep failing when I want to start it: /var/log/ovirt-engine/engine.log:2018-11-14 12:56:06,937+01 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-66) [13c13a2c-f973-4ba2-b8bd-260e5b35a047] EVENT_ID: USER_FAILED_RUN_VM(54), Failed to run VM XXX due to a failed validation: [Cannot run VM. There is no host that satisfies current scheduling constraints. See below for details:, The host XXX did not satisfy internal filter HugePages because there are not enough free huge pages to run the VM.] The huge page fs is mounted: $ findmnt | |-/dev/hugepages1G hugetlbfs hugetlbfs rw,relatime,pagesize=1G | `-/dev/hugepages hugetlbfs hugetlbfs rw,relatime What am I missing ?

1 0

Networking - interface and security questions
by davidk＠riavera.com 14 Nov '18

14 Nov '18

Hello, I'm trying to setup a new ovirt install and have run into some general issues that I hope someone can help with. I'm somewhat new to ovirt (but not virtualization). First off, I've been doing lots of reading and I can't seem to find what the generally accepted method is for firewalling access between networks and VMs is in ovirt? I see references to network filters, but no obvious ways to set ports or modify the configuration beyond a set list of general good-practice policies (no arp spoofing, etc). What do people use in a production environment? Trunk out to an external firewall and do the filtering there? Run iptables or some rules locally in each VM? Or just run pfSense or other firewall software as another VM and manage it there? And lastly, I'm trying to setup a new interface using the external ovn provider but am having problems. I can define the external provider network just fine (not connected to physical network), but can't seem to actually use it. When I create a new VM and assign the new network to an associated interface, the VM fails to start. The error I get is: "VM testvm is down with error. Exit message: Cannot get interface MTU on 'br-int': No such device." Am I missing something obvious here? I'm running oVirt 4.2.7 with the latest oVirt Node on a few hosts (also 4.2.7). All my configuration has been via the web interface so far. Sincerely,

2 1