Separating VM network
by d.gengenbach@patagona.de
We would like to separate our VM traffic completely from our host/storage network. As far as I can see, there is no definitive guide to achieve this by using VLANs/separate VM networks/subnetting.
In our current setup:
- the storage traffic happens in a separate VLAN (configured directly on the switch) on separate NICs on both hosts/storages in the 192.168.179.0/24 subnet
- all other infrastructure (oVirt hosts, gateway, DHCP, DNS, VM thinclients, switches, ...) are in the 192.168.178.0/24 subnet
We now want to separate the oVirt hosts/engine completely from the other infrastructure, eg. the VMs and thinclients.
I am not experienced in networking and would be very thankful for all hints/tipps!
Thanks in advance,
David
6 years, 7 months
Migrate datacenter with hosts and VM managed from engine no1 to engine no2
by Punaatua PK
Hello,
we have the current setup.
=> 1 datacenter on site A with 1 cluster which is compose of 3 hosts and a self-hosted engine
=> 1 datacenter on site B (let's call this TATA) with 1 cluster compose of 3 hosts which is using glusterfs. This datacenter is managed by the self-hosted engine on site A
We want to create on site B another datacenter with 1 cluster and another self-hosted engine
then disengage datacenter TATA from self-hosted engine on site A.
after that, we want to import all the ressource on the self-hosted engine on site B
Is it possible to do this without loosing VM on glusterfs ?
Off course VM will be shutdown during the operation.
I mean, when a host is added on a new datacenter, ovirt will install package if necessary. Is there any way that ovirt manager erase actual configuration ?
Is it safe to do this operation ?
6 years, 7 months
Ansible upgrade procedures?
by Jayme
Is it possible to update oVirt HCI environment automatically with ansible?
If so are there any specific instructions or details on the process?
Thanks!
6 years, 7 months
Windows VM always growing
by Thomas Fecke
Hey Guys,
we use, for our Windows VMs, "thin Provision".
The Problem:
the Disk always grow but if I delete Files in Windows the actual Disk size stays the same.
Any way to get the "real" Windows Size back again? Some VMs got an Actual Size from about 100 GB - but Windows just got 25 GB
Thanks in advanced
Thomas
6 years, 7 months
Engine trying to activate already activated hosts, causing serious instability...
by Jason P. Thomas
I've got a 4 node cluster running oVirt 4.2.7. 3 hosts are
hyperconverged with glusterfs. Engine is running on one of the gluster
volumes. Since yesterday, the cluster is completely unstable and will
not reliably run VMs including the Engine. A notification will pop up
in the WebUI stating "Finished invoking activate on host ovirt1" while
the task list indicates "Activating host ovirt1". When this task
ultimately fails, the node in question goes NonOperational. All our VMs
have been down since 3pm yesterday, so help is greatly appreciated.
Sincerely,
Jason
6 years, 7 months
LDAP Bind failing because of SSLHandshakeException after Virtualization Manager was rebooted
by wbhegedus@gmail.com
After moving and rebooting our Red Hat Virtualization Manager box to another node in our cluster, we are unable to make LDAP login work using StartTLS. No networking or configuration changes were made, but the logs indicate that the TLS negotiation is failing with our Active Directory domain controllers now. Specifically:
"2018-11-13 10:33:12,500-05 WARN [org.ovirt.engineextensions.aaa.ldap.Framework] (ServerService Thread Pool -- 49) [] Exception: The connection reader was unable to successfully complete TLS negotiation: SSLHandshakeException(sun.security.validator.ValidatorException: No trusted certificate found), ldapSDKVersion=4.0.5, revision=b28fb50058dfe2864171df2448ad2ad2b4c2ad58"
I have tried everything I can think of. I removed and reimported the certificate for the domain controller in the Java Keystore. I deleted the profile entirely and recreated it. I tried using the full certificate chain and I tried using single certificates from the chain, and all combinations together.
For now, we have it working by specifying "pool.default.ssl.insecure = true" in the .properties file, but I'd prefer to have this working again using StartTLS. Is there something I am missing? I want to make sure that I'm not overlooking something before submitting any sort of bug report.
Any help is appreciated. Thanks!
PS - this is what the properties file looks like:
[root@rhvm ~]# cat /etc/ovirt-engine/aaa/liberty.edu.properties
include = <ad.properties>
vars.domain = liberty.edu
vars.user = cn=PREADER,ou=Service Accounts,ou=IS,OU=FSA,dc=University,dc=liberty,dc=edu
vars.password = <redacted>
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
pool.default.serverset.type = srvrecord
pool.default.serverset.srvrecord.domain = ${global:vars.domain}
pool.default.ssl.startTLS = true
pool.default.ssl.truststore.file = ${local:_basedir}/liberty.edu.jks
6 years, 7 months
Replicated storage gets erased when added to new environment.
by Jacob Green
So I was testing with two Identical ovirt environments running the
latest 4.2 environment. I have iscsi storage set up at Site A, and I
have that same storage replicated to Side B, before I get into learning
disaster recovery I wanted to see what importing the replicated storage
would look like. However when I import it I get the follow, and the vms
are wiped from the replicated storage I presented with iscsi.
So is this possible with iscsi? Is there another way to go about doing this?
My iscsi solution is freenas.
--
Jacob Green
Systems Admin
American Alloy Steel
713-300-5690
6 years, 7 months
huge page in ovirt 4.2.7
by Fabrice Bacchella
I'm trying to understand huge page in oVirt, I'm quite sure to understand it well.
I have an host with 128GiB. I have configured reserved huge page:
cat /proc/cmdline
... hugepagesz=1GB hugepages=120
$ grep -r . /sys/kernel/mm/hugepages
/sys/kernel/mm/hugepages/hugepages-1048576kB/nr_overcommit_hugepages:0
/sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages:120
/sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages_mempolicy:120
/sys/kernel/mm/hugepages/hugepages-1048576kB/surplus_hugepages:0
/sys/kernel/mm/hugepages/hugepages-1048576kB/resv_hugepages:0
/sys/kernel/mm/hugepages/hugepages-1048576kB/free_hugepages:120
/sys/kernel/mm/hugepages/hugepages-2048kB/nr_overcommit_hugepages:0
/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages:0
/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages_mempolicy:0
/sys/kernel/mm/hugepages/hugepages-2048kB/surplus_hugepages:0
/sys/kernel/mm/hugepages/hugepages-2048kB/resv_hugepages:0
/sys/kernel/mm/hugepages/hugepages-2048kB/free_hugepages:0
I have a big VM running on it:
<custom_properties>
<custom_property>
<name>hugepages</name>
<value>64</value>
</custom_property>
</custom_properties>
<memory>68719476736</memory>, aka 65536 MiB
<memory_policy>
<guaranteed>34359738368</guaranteed>, aka 32768 MiB
<max>68719476736</max>
</memory_policy>
And it keep failing when I want to start it:
/var/log/ovirt-engine/engine.log:2018-11-14 12:56:06,937+01 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-66) [13c13a2c-f973-4ba2-b8bd-260e5b35a047] EVENT_ID: USER_FAILED_RUN_VM(54), Failed to run VM XXX due to a failed validation: [Cannot run VM. There is no host that satisfies current scheduling constraints. See below for details:, The host XXX did not satisfy internal filter HugePages because there are not enough free huge pages to run the VM.]
The huge page fs is mounted:
$ findmnt
| |-/dev/hugepages1G hugetlbfs hugetlbfs rw,relatime,pagesize=1G
| `-/dev/hugepages hugetlbfs hugetlbfs rw,relatime
What am I missing ?
6 years, 7 months
Networking - interface and security questions
by davidk@riavera.com
Hello,
I'm trying to setup a new ovirt install and have run into some general issues that I hope someone can help with.
I'm somewhat new to ovirt (but not virtualization).
First off, I've been doing lots of reading and I can't seem to find what the generally accepted method is for firewalling access between networks and VMs is in ovirt? I see references to network filters, but no obvious ways to set ports or modify the configuration beyond a set list of general good-practice policies (no arp spoofing, etc).
What do people use in a production environment? Trunk out to an external firewall and do the filtering there? Run iptables or some rules locally in each VM? Or just run pfSense or other firewall software as another VM and manage it there?
And lastly, I'm trying to setup a new interface using the external ovn provider but am having problems.
I can define the external provider network just fine (not connected to physical network), but can't seem to actually use it.
When I create a new VM and assign the new network to an associated interface, the VM fails to start.
The error I get is:
"VM testvm is down with error. Exit message: Cannot get interface MTU on 'br-int': No such device."
Am I missing something obvious here?
I'm running oVirt 4.2.7 with the latest oVirt Node on a few hosts (also 4.2.7).
All my configuration has been via the web interface so far.
Sincerely,
6 years, 7 months
