ovirt 4.2.7.1 fails to deploy hosted engine on GlusterFS
by hunter86_bg@yahoo.com
Hello Community,
I'm trying to deploy a hosted engine on GlusterFS which fails with the following error:
[ INFO ] TASK [Add glusterfs storage domain]
[ ERROR ] Error: Fault reason is "Operation Failed". Fault detail is "[Failed to fetch Gluster Volume List]". HTTP response code is 400.
[ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "deprecations": [{"msg": "The 'ovirt_storage_domains' module is being renamed 'ovirt_storage_domain'", "version": 2.8}], "msg": "Fault reason is \"Operation Failed\". Fault detail is \"[Failed to fetch Gluster Volume List]\". HTTP response code is 400."}
I have deployed GlusterFS via the HyperConverged Option in Cockpit and the volumes are up and running.
[root@ovirt1 ~]# gluster volume status engine
Status of volume: engine
Gluster process TCP Port RDMA Port Online Pid
------------------------------------------------------------------------------
Brick ovirt1:/gluster_bricks/engine/engine 49152 0 Y 26268
Brick ovirt2:/gluster_bricks/engine/engine 49152 0 Y 24116
Brick glarbiter:/gluster_bricks/engine/engi
ne 49152 0 Y 23526
Self-heal Daemon on localhost N/A N/A Y 31229
Self-heal Daemon on ovirt2 N/A N/A Y 27097
Self-heal Daemon on glarbiter N/A N/A Y 25888
Task Status of Volume engine
------------------------------------------------------------------------------
There are no active volume tasks
I'm using the following guide : https://ovirt.org/blog/2018/02/up-and-running-with-ovirt-4-2-and-gluster-...
And on step 4 - Storage - I have defined it as follows:
Storage Type: Gluster
Storage Connection: ovirt1.localdomain:/gluster_bricks/engine/
Mount Options: backup-volfile-servers=ovirt2.localdomain:glarbiter.localdomain
Can someone hint me where is the problem ?
3 years, 4 months
Using the web-ui VM portal through a proxy failing
by Callum Smith
Dear oVirt Gurus,
Using the oVirt user VM portal seems to not work through the squid proxy setup (configured as per the guide). The page loads and login works fine through the proxy, but the asynchronous requests just hang. I've attached a screenshot, but you can see the "api" endpoint just hanging in a web inspector:
"https://proxyfqdn/ovirt-engine/api/"
[cid:CA42E493-3AD9-45F8-B4C3-C914F059390C@well.ox.ac.uk]
This works fine when not going through the proxy.
Is there a way to force noVNC HTML as the console mode through the web-ui, or at least have it as an option if not default?
The console seems not to work when logged in with a base 'user role'.
Regards,
Callum
--
Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. callum(a)well.ox.ac.uk<mailto:callum@well.ox.ac.uk>
3 years, 4 months
sun.security.validator
by suporte@logicworks.pt
Hi,
I'm running Version 4.2.3.8-1.el7, and after reboot the engine machine no longer could login into administration portal with this error:
sun.security.validator.ValidatorException: PKIX path validation faile
java.security.cert.CertPathValidatorException: validity check failed
I'm using a self signed cert.
Any idea?
Thanks
--
Jose Ferradeira
http://www.logicworks.pt
3 years, 4 months
Ovirt cluster unstable; gluster to blame (again)
by Jim Kusznir
hi all:
Once again my production ovirt cluster is collapsing in on itself. My
servers are intermittently unavailable or degrading, customers are noticing
and calling in. This seems to be yet another gluster failure that I
haven't been able to pin down.
I posted about this a while ago, but didn't get anywhere (no replies that I
found). The problem started out as a glusterfsd process consuming large
amounts of ram (up to the point where ram and swap were exhausted and the
kernel OOM killer killed off the glusterfsd process). For reasons not
clear to me at this time, that resulted in any VMs running on that host and
that gluster volume to be paused with I/O error (the glusterfs process is
usually unharmed; why it didn't continue I/O with other servers is
confusing to me).
I have 3 servers and a total of 4 gluster volumes (engine, iso, data, and
data-hdd). The first 3 are replica 2+arb; the 4th (data-hdd) is replica
3. The first 3 are backed by an LVM partition (some thin provisioned) on
an SSD; the 4th is on a seagate hybrid disk (hdd + some internal flash for
acceleration). data-hdd is the only thing on the disk. Servers are Dell
R610 with the PERC/6i raid card, with the disks individually passed through
to the OS (no raid enabled).
The above RAM usage issue came from the data-hdd volume. Yesterday, I
cought one of the glusterfsd high ram usage before the OOM-Killer had to
run. I was able to migrate the VMs off the machine and for good measure,
reboot the entire machine (after taking this opportunity to run the
software updates that ovirt said were pending). Upon booting back up, the
necessary volume healing began. However, this time, the healing caused all
three servers to go to very, very high load averages (I saw just under 200
on one server; typically they've been 40-70) with top reporting IO Wait at
7-20%. Network for this volume is a dedicated gig network. According to
bwm-ng, initially the network bandwidth would hit 50MB/s (yes, bytes), but
tailed off to mostly in the kB/s for a while. All machines' load averages
were still 40+ and gluster volume heal data-hdd info reported 5 items
needing healing. Server's were intermittently experiencing IO issues, even
on the 3 gluster volumes that appeared largely unaffected. Even the OS
activities on the hosts itself (logging in, running commands) would often
be very delayed. The ovirt engine was seemingly randomly throwing engine
down / engine up / engine failed notifications. Responsiveness on ANY VM
was horrific most of the time, with random VMs being inaccessible.
I let the gluster heal run overnight. By morning, there were still 5 items
needing healing, all three servers were still experiencing high load, and
servers were still largely unstable.
I've noticed that all of my ovirt outages (and I've had a lot, way more
than is acceptable for a production cluster) have come from gluster. I
still have 3 VMs who's hard disk images have become corrupted by my last
gluster crash that I haven't had time to repair / rebuild yet (I believe
this crash was caused by the OOM issue previously mentioned, but I didn't
know it at the time).
Is gluster really ready for production yet? It seems so unstable to
me.... I'm looking at replacing gluster with a dedicated NFS server likely
FreeNAS. Any suggestions? What is the "right" way to do production
storage on this (3 node cluster)? Can I get this gluster volume stable
enough to get my VMs to run reliably again until I can deploy another
storage solution?
--Jim
3 years, 4 months
Roles and Permissions and Inheritance
by Brian Wilson
Is there a way to prevent Roles Assigned to Groups on Objects to only apply to where it is set?
Basically looking for a way to do what we had done in VMWare which involved using the do not propagate permission setting.
be able
Seems to me that right now there is no way to set this so if i give access to something at the top level of a DC those accesses wlll overide if i then explcitly set another role and permission on an object underneath
Lets take as a concrete example the ovirtmgmt network. I do not want users in the engine to be able to place VMs on this (but i want the Superusers to be able to still) How can i accomplish this with the way roles and permissions work with Ovirt?
thanks!
Brian
3 years, 4 months
Re: The built in group Everyone is troublesome.
by Jacob Green
Thank you for your help! This worked flawlessly and helped me
understand the engine database a little more!
On 12/04/2018 12:00 PM, Staniforth, Paul wrote:
>
> Get the id for the everyone group
> https://engine.example.com/ovirt-engine/api/groups?search=everyone
>
> Get the id for the UserRole
> https://engine.example.com/ovirt-engine/api/roles
>
> connect to the engine database
>
> e.g.
>
> psql -h localhost -U engine -d engine
>
> select * from permissions where ad_element_id='groupid';
>
> note the id of the permission, probably the last one but you can check
> by the role_id
> then delete the permission.
>
> delete from permissions where id='noted before';
>
> you should make a backup of your system before you do this.
>
>
> Regards,
>
> Paul S.
>
> ------------------------------------------------------------------------
> *From:* Staniforth, Paul
> *Sent:* 04 December 2018 17:23
> *To:* Jacob Green
> *Subject:* Re: [ovirt-users] The built in group Everyone is troublesome.
>
> Yes, that's not good you need to remove the UserRole system permission
> but they fixed it so you can't.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1366205
>
>
> I think there maybe a bug that allows you to add system permissions to
> the everyone group in 4.2, you're only supposed to be able to change
> the permissions with a dbscript.
>
>
> I'll look up my notes on how to remove the permission from the DB.
>
>
> Regards,
>
> Paul S.
>
>
> ------------------------------------------------------------------------
> *From:* Jacob Green <jgreen(a)aasteel.com>
> *Sent:* 04 December 2018 16:59
> *To:* Staniforth, Paul
> *Subject:* Re: [ovirt-users] The built in group Everyone is troublesome.
>
>
> If the picture does not come through. The following are the permisstions
>
> Group > Everyone
>
> Everyone > Role - UserRole,UserProfileEditor Object : (System)
>
>
> On 12/04/2018 10:20 AM, Staniforth, Paul wrote:
>> What are the permissions for the group everyone, in particular the system permission should be just UserProfileEditor.
>>
>> Regards,
>> Paul S.
>> ________________________________________
>> From: Jacob Green<jgreen(a)aasteel.com>
>> Sent: 04 December 2018 15:20
>> To: users
>> Subject: [ovirt-users] The built in group Everyone is troublesome.
>>
>> So all my VMs are inheriting system permissions from group
>> everyone and giving all my users access to all my VMs, in ovirt 4.2. Is
>> there a best practices guide or any recommendation on how to clear this
>> up? Clicking remove on everyone does not work because Ovirt won't allow
>> me to remove a built in account.
>>
>>
>> Thank you
>>
>> --
>> Jacob Green
>>
>> Systems Admin
>>
>> American Alloy Steel
>>
>> 713-300-5690
>> _______________________________________________
>> Users mailing list --users(a)ovirt.org
>> To unsubscribe send an email tousers-leave(a)ovirt.org
>> Privacy Statement:https://www.ovirt.org/site/privacy-policy/
>> oVirt Code of Conduct:https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:https://lists.ovirt.org/archives/list/users@ovirt.org/message/A5...
>> To view the terms under which this email is distributed, please go to:-
>> http://leedsbeckett.ac.uk/disclaimer/email/
>
> --
> Jacob Green
>
> Systems Admin
>
> American Alloy Steel
>
> 713-300-5690
> To view the terms under which this email is distributed, please go to:-
> http://leedsbeckett.ac.uk/disclaimer/email/
--
Jacob Green
Systems Admin
American Alloy Steel
713-300-5690
3 years, 5 months
migrate hosted-engine vm to another cluster?
by Douglas Duckworth
Hello
I am trying to migrate my hosted-engine VM to another cluster in the same data center. Hosts in both clusters have the same logical networks and storage. Yet migrating the VM isn't an option.
To get the hosted-engine VM on the other cluster I started the VM on host in that other cluster using "hosted-engine --vm-start."
However HostedEngine still associated with old cluster as shown attached. So I cannot live migrate the VM. Does anyone know how to resolve? With other VMs one can shut them down then using the "Edit" option. Though that will not work for HostedEngine.
Thanks,
Douglas Duckworth, MSc, LFCS
HPC System Administrator
Scientific Computing Unit<https://scu.med.cornell.edu>
Weill Cornell Medicine
1300 York Avenue
New York, NY 10065
E: doug(a)med.cornell.edu<mailto:doug@med.cornell.edu>
O: 212-746-6305
F: 212-746-8690
3 years, 5 months
Disk full
by suporte@logicworks.pt
Hi,
I have a all in one intallation with 2 glusters volumes.
The disk of one VM filled up the brick, which is a partition. That partition has 0% free disk space.
I moved the disk of that VM to the other gluster volume, the VM is working with the disk on the other gluster volume.
When I move the disk, it didn't delete it from the brick, the engine keeps complaining that there is no more disk space on that volume.
What can I do?
Is there a way to prevent this in the future?
Many thanks
José
--
Jose Ferradeira
http://www.logicworks.pt
3 years, 5 months
