Feature: Hosted engine VM management
by Roy Golan
Hi all,
Upcoming in 3.6 is enhancement for managing the hosted engine VM.
In short, we want to:
* Allow editing the Hosted engine VM, storage domain, disks, networks etc
* Have a shared configuration for the hosted engine VM
* Have a backup for the hosted engine VM configuration
please review and comment on the wiki below:
http://www.ovirt.org/Hosted_engine_VM_management
Thanks,
Roy
6 years, 4 months
Re: [ovirt-users] Large DWH Database, how to empty
by Matt .
Hi,
OK thanks! I saw that after upgrading to 4.0.5 from 4.0.4 the DB
already dropped with around 500MB directly and is now at 2GB smaller.
Does this sounds familiar to you with other settings in 4.0.5 ?
Thanks,
Matt
2017-01-08 10:45 GMT+01:00 Shirly Radco <sradco(a)redhat.com>:
> No. That will corrupt your database.
>
> Are you using the full dwh or the smaller version for the dashboards?
>
> Please set the delete thresholds to save less data and the data older then
> the time you set will be deleted.
> Add a file to /ovirt-engine-dwhd.conf.d/
> update_time_to_keep_records.conf
>
> Add these lines with the new configurations. The numbers represent the hours
> to keep the data.
>
> DWH_TABLES_KEEP_SAMPLES=24
> DWH_TABLES_KEEP_HOURLY=1440
> DWH_TABLES_KEEP_DAILY=43800
>
>
> These are the configurations for a full dwh.
>
> The smaller version configurations are:
> DWH_TABLES_KEEP_SAMPLES=24
> DWH_TABLES_KEEP_HOURLY=720
> DWH_TABLES_KEEP_DAILY=0
>
> The delete process by default at 3am every day (DWH_DELETE_JOB_HOUR=3)
>
> Best regards,
>
> Shirly Radco
>
> BI Software Engineer
> Red Hat Israel Ltd.
> 34 Jerusalem Road
> Building A, 4th floor
> Ra'anana, Israel 4350109
>
>
> On Fri, Jan 6, 2017 at 6:35 PM, Matt . <yamakasi.014(a)gmail.com> wrote:
>>
>> Hi,
>>
>> I seem to have some large database for the DWH logging and I wonder
>> how I can empty it safely.
>>
>> Can I just simply empty the database ?
>>
>> Have a good weekend!
>>
>> Cheers,
>>
>> Matt
>> _______________________________________________
>> Users mailing list
>> Users(a)ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>
>
6 years, 4 months
Re: [ovirt-users] Packet loss
by Doron Fediuck
----_com.android.email_640187878761650
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64
SGkgS3lsZSzCoApXZSBtYXkgaGF2ZSBzZWVuIHNvbWV0aGluZyBzaW1pbGFyIGluIHRoZSBwYXN0
IGJ1dCBJIHRoaW5rIHRoZXJlIHdlcmUgdmxhbnMgaW52b2x2ZWQuwqAKSXMgaXQgdGhlIHNhbWUg
Zm9yIHlvdT/CoApUb255IC8gRGFuLCBkb2VzIGl0IHJpbmcgYSBiZWxsP8Kg
----_com.android.email_640187878761650
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64
PGh0bWw+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0
L2h0bWw7IGNoYXJzZXQ9VVRGLTgiPjwvaGVhZD48Ym9keSA+PGRpdj5IaSBLeWxlLCZuYnNwOzwv
ZGl2PjxkaXY+V2UgbWF5IGhhdmUgc2VlbiBzb21ldGhpbmcgc2ltaWxhciBpbiB0aGUgcGFzdCBi
dXQgSSB0aGluayB0aGVyZSB3ZXJlIHZsYW5zIGludm9sdmVkLiZuYnNwOzwvZGl2PjxkaXY+SXMg
aXQgdGhlIHNhbWUgZm9yIHlvdT8mbmJzcDs8L2Rpdj48ZGl2PlRvbnkgLyBEYW4sIGRvZXMgaXQg
cmluZyBhIGJlbGw/Jm5ic3A7PC9kaXY+PC9ib2R5PjwvaHRtbD4=
----_com.android.email_640187878761650--
6 years, 4 months
ovirt 4.2.7.1 fails to deploy hosted engine on GlusterFS
by hunter86_bg@yahoo.com
Hello Community,
I'm trying to deploy a hosted engine on GlusterFS which fails with the following error:
[ INFO ] TASK [Add glusterfs storage domain]
[ ERROR ] Error: Fault reason is "Operation Failed". Fault detail is "[Failed to fetch Gluster Volume List]". HTTP response code is 400.
[ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "deprecations": [{"msg": "The 'ovirt_storage_domains' module is being renamed 'ovirt_storage_domain'", "version": 2.8}], "msg": "Fault reason is \"Operation Failed\". Fault detail is \"[Failed to fetch Gluster Volume List]\". HTTP response code is 400."}
I have deployed GlusterFS via the HyperConverged Option in Cockpit and the volumes are up and running.
[root@ovirt1 ~]# gluster volume status engine
Status of volume: engine
Gluster process TCP Port RDMA Port Online Pid
------------------------------------------------------------------------------
Brick ovirt1:/gluster_bricks/engine/engine 49152 0 Y 26268
Brick ovirt2:/gluster_bricks/engine/engine 49152 0 Y 24116
Brick glarbiter:/gluster_bricks/engine/engi
ne 49152 0 Y 23526
Self-heal Daemon on localhost N/A N/A Y 31229
Self-heal Daemon on ovirt2 N/A N/A Y 27097
Self-heal Daemon on glarbiter N/A N/A Y 25888
Task Status of Volume engine
------------------------------------------------------------------------------
There are no active volume tasks
I'm using the following guide : https://ovirt.org/blog/2018/02/up-and-running-with-ovirt-4-2-and-gluster-...
And on step 4 - Storage - I have defined it as follows:
Storage Type: Gluster
Storage Connection: ovirt1.localdomain:/gluster_bricks/engine/
Mount Options: backup-volfile-servers=ovirt2.localdomain:glarbiter.localdomain
Can someone hint me where is the problem ?
6 years, 4 months
Using the web-ui VM portal through a proxy failing
by Callum Smith
Dear oVirt Gurus,
Using the oVirt user VM portal seems to not work through the squid proxy setup (configured as per the guide). The page loads and login works fine through the proxy, but the asynchronous requests just hang. I've attached a screenshot, but you can see the "api" endpoint just hanging in a web inspector:
"https://proxyfqdn/ovirt-engine/api/"
[cid:CA42E493-3AD9-45F8-B4C3-C914F059390C@well.ox.ac.uk]
This works fine when not going through the proxy.
Is there a way to force noVNC HTML as the console mode through the web-ui, or at least have it as an option if not default?
The console seems not to work when logged in with a base 'user role'.
Regards,
Callum
--
Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. callum(a)well.ox.ac.uk<mailto:callum@well.ox.ac.uk>
6 years, 4 months
sun.security.validator
by suporte@logicworks.pt
Hi,
I'm running Version 4.2.3.8-1.el7, and after reboot the engine machine no longer could login into administration portal with this error:
sun.security.validator.ValidatorException: PKIX path validation faile
java.security.cert.CertPathValidatorException: validity check failed
I'm using a self signed cert.
Any idea?
Thanks
--
Jose Ferradeira
http://www.logicworks.pt
6 years, 4 months
Ovirt cluster unstable; gluster to blame (again)
by Jim Kusznir
hi all:
Once again my production ovirt cluster is collapsing in on itself. My
servers are intermittently unavailable or degrading, customers are noticing
and calling in. This seems to be yet another gluster failure that I
haven't been able to pin down.
I posted about this a while ago, but didn't get anywhere (no replies that I
found). The problem started out as a glusterfsd process consuming large
amounts of ram (up to the point where ram and swap were exhausted and the
kernel OOM killer killed off the glusterfsd process). For reasons not
clear to me at this time, that resulted in any VMs running on that host and
that gluster volume to be paused with I/O error (the glusterfs process is
usually unharmed; why it didn't continue I/O with other servers is
confusing to me).
I have 3 servers and a total of 4 gluster volumes (engine, iso, data, and
data-hdd). The first 3 are replica 2+arb; the 4th (data-hdd) is replica
3. The first 3 are backed by an LVM partition (some thin provisioned) on
an SSD; the 4th is on a seagate hybrid disk (hdd + some internal flash for
acceleration). data-hdd is the only thing on the disk. Servers are Dell
R610 with the PERC/6i raid card, with the disks individually passed through
to the OS (no raid enabled).
The above RAM usage issue came from the data-hdd volume. Yesterday, I
cought one of the glusterfsd high ram usage before the OOM-Killer had to
run. I was able to migrate the VMs off the machine and for good measure,
reboot the entire machine (after taking this opportunity to run the
software updates that ovirt said were pending). Upon booting back up, the
necessary volume healing began. However, this time, the healing caused all
three servers to go to very, very high load averages (I saw just under 200
on one server; typically they've been 40-70) with top reporting IO Wait at
7-20%. Network for this volume is a dedicated gig network. According to
bwm-ng, initially the network bandwidth would hit 50MB/s (yes, bytes), but
tailed off to mostly in the kB/s for a while. All machines' load averages
were still 40+ and gluster volume heal data-hdd info reported 5 items
needing healing. Server's were intermittently experiencing IO issues, even
on the 3 gluster volumes that appeared largely unaffected. Even the OS
activities on the hosts itself (logging in, running commands) would often
be very delayed. The ovirt engine was seemingly randomly throwing engine
down / engine up / engine failed notifications. Responsiveness on ANY VM
was horrific most of the time, with random VMs being inaccessible.
I let the gluster heal run overnight. By morning, there were still 5 items
needing healing, all three servers were still experiencing high load, and
servers were still largely unstable.
I've noticed that all of my ovirt outages (and I've had a lot, way more
than is acceptable for a production cluster) have come from gluster. I
still have 3 VMs who's hard disk images have become corrupted by my last
gluster crash that I haven't had time to repair / rebuild yet (I believe
this crash was caused by the OOM issue previously mentioned, but I didn't
know it at the time).
Is gluster really ready for production yet? It seems so unstable to
me.... I'm looking at replacing gluster with a dedicated NFS server likely
FreeNAS. Any suggestions? What is the "right" way to do production
storage on this (3 node cluster)? Can I get this gluster volume stable
enough to get my VMs to run reliably again until I can deploy another
storage solution?
--Jim
6 years, 4 months
Roles and Permissions and Inheritance
by Brian Wilson
Is there a way to prevent Roles Assigned to Groups on Objects to only apply to where it is set?
Basically looking for a way to do what we had done in VMWare which involved using the do not propagate permission setting.
be able
Seems to me that right now there is no way to set this so if i give access to something at the top level of a DC those accesses wlll overide if i then explcitly set another role and permission on an object underneath
Lets take as a concrete example the ovirtmgmt network. I do not want users in the engine to be able to place VMs on this (but i want the Superusers to be able to still) How can i accomplish this with the way roles and permissions work with Ovirt?
thanks!
Brian
6 years, 5 months
Re: The built in group Everyone is troublesome.
by Jacob Green
Thank you for your help! This worked flawlessly and helped me
understand the engine database a little more!
On 12/04/2018 12:00 PM, Staniforth, Paul wrote:
>
> Get the id for the everyone group
> https://engine.example.com/ovirt-engine/api/groups?search=everyone
>
> Get the id for the UserRole
> https://engine.example.com/ovirt-engine/api/roles
>
> connect to the engine database
>
> e.g.
>
> psql -h localhost -U engine -d engine
>
> select * from permissions where ad_element_id='groupid';
>
> note the id of the permission, probably the last one but you can check
> by the role_id
> then delete the permission.
>
> delete from permissions where id='noted before';
>
> you should make a backup of your system before you do this.
>
>
> Regards,
>
> Paul S.
>
> ------------------------------------------------------------------------
> *From:* Staniforth, Paul
> *Sent:* 04 December 2018 17:23
> *To:* Jacob Green
> *Subject:* Re: [ovirt-users] The built in group Everyone is troublesome.
>
> Yes, that's not good you need to remove the UserRole system permission
> but they fixed it so you can't.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1366205
>
>
> I think there maybe a bug that allows you to add system permissions to
> the everyone group in 4.2, you're only supposed to be able to change
> the permissions with a dbscript.
>
>
> I'll look up my notes on how to remove the permission from the DB.
>
>
> Regards,
>
> Paul S.
>
>
> ------------------------------------------------------------------------
> *From:* Jacob Green <jgreen(a)aasteel.com>
> *Sent:* 04 December 2018 16:59
> *To:* Staniforth, Paul
> *Subject:* Re: [ovirt-users] The built in group Everyone is troublesome.
>
>
> If the picture does not come through. The following are the permisstions
>
> Group > Everyone
>
> Everyone > Role - UserRole,UserProfileEditor Object : (System)
>
>
> On 12/04/2018 10:20 AM, Staniforth, Paul wrote:
>> What are the permissions for the group everyone, in particular the system permission should be just UserProfileEditor.
>>
>> Regards,
>> Paul S.
>> ________________________________________
>> From: Jacob Green<jgreen(a)aasteel.com>
>> Sent: 04 December 2018 15:20
>> To: users
>> Subject: [ovirt-users] The built in group Everyone is troublesome.
>>
>> So all my VMs are inheriting system permissions from group
>> everyone and giving all my users access to all my VMs, in ovirt 4.2. Is
>> there a best practices guide or any recommendation on how to clear this
>> up? Clicking remove on everyone does not work because Ovirt won't allow
>> me to remove a built in account.
>>
>>
>> Thank you
>>
>> --
>> Jacob Green
>>
>> Systems Admin
>>
>> American Alloy Steel
>>
>> 713-300-5690
>> _______________________________________________
>> Users mailing list --users(a)ovirt.org
>> To unsubscribe send an email tousers-leave(a)ovirt.org
>> Privacy Statement:https://www.ovirt.org/site/privacy-policy/
>> oVirt Code of Conduct:https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:https://lists.ovirt.org/archives/list/users@ovirt.org/message/A5...
>> To view the terms under which this email is distributed, please go to:-
>> http://leedsbeckett.ac.uk/disclaimer/email/
>
> --
> Jacob Green
>
> Systems Admin
>
> American Alloy Steel
>
> 713-300-5690
> To view the terms under which this email is distributed, please go to:-
> http://leedsbeckett.ac.uk/disclaimer/email/
--
Jacob Green
Systems Admin
American Alloy Steel
713-300-5690
6 years, 5 months
