oVirt 4.4.3 - some hosts in unassigned state - Get Host Capabilities failed: PKIX path building failed
by Roberto Nunin
Hi all
We have an (old) installation with two DC in two different locations.
Hosts where hosted engine is running are regularly reported UP (DC 1)
Host into the other DC (connected by WAN lines) are reported as Unassigned
(DC 2)
Connection between DC is working.
In events we can find lot of errors like:
VDSM itmilu0xx-mng.example.com command Get Host Capabilities failed: PKIX
path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
We are NOT using a thirdy party SSL certificate.
In engine.log these are recurring errors:
2021-11-16 10:28:49,370+01 ERROR
[org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) []
Unable to process messages PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
2021-11-16 10:28:49,372+01 ERROR
[org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring]
(EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-100)
[] Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException:
VDSNetworkException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
Thanks in advance for any suggestion
Roberto Nunin
3 years, 1 month
Import from Vcenter failed with qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
by roanne.philip@voxtelecom.co.za
Hi I have ovirt HE Ver 4.4.7 with hosts on 4.3.10
I am trying to migrate vm's from vmware to ovirt but it fails.
weirdly small vm imports successful and the larger ones fails
have anyone experienced this issue
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
[ 2140.296725] sd 2:0:0:0: [sda] FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s
[ 2140.298168] sd 2:0:0:0: [sda] Sense Key : Aborted Command [current]
[ 2140.299204] sd 2:0:0:0: [sda] Add. Sense: I/O process terminated
[ 2140.300183] sd 2:0:0:0: [sda] CDB: Read(10) 28 00 0a cc 9a 78 00 00 08 00
[ 2140.301291] blk_update_request: I/O error, dev sda, sector 181181048
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
[ 2140.411642] sd 2:0:0:0: [sda] FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s
[ 2140.413110] sd 2:0:0:0: [sda] Sense Key : Aborted Command [current]
[ 2140.414207] sd 2:0:0:0: [sda] Add. Sense: I/O process terminated
[ 2140.415198] sd 2:0:0:0: [sda] CDB: Read(10) 28 00 0a cc 9a 78 00 00 08 00
[ 2140.416326] blk_update_request: I/O error, dev sda, sector 181181048
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
[ 2140.547845] sd 2:0:0:0: [sda] FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s
[ 2140.549289] sd 2:0:0:0: [sda] Sense Key : Aborted Command [current]
[ 2140.550324] sd 2:0:0:0: [sda] Add. Sense: I/O process terminated
[ 2140.551296] sd 2:0:0:0: [sda] CDB: Read(10) 28 00 0a cc 9a 60 00 00 08 00
[ 2140.552397] blk_update_request: I/O error, dev sda, sector 181181024
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
[ 2140.671078] sd 2:0:0:0: [sda] FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s
[ 2140.672537] sd 2:0:0:0: [sda] Sense Key : Aborted Command [current]
[ 2140.673581] sd 2:0:0:0: [sda] Add. Sense: I/O process terminated
[ 2140.674575] sd 2:0:0:0: [sda] CDB: Read(10) 28 00 0a cc 9a 60 00 00 08 00
[ 2140.675681] blk_update_request: I/O error, dev sda, sector 181181024
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
qemu-kvm: curl: The requested URL returned error: 401 Unauthorized
3 years, 1 month
How to renew vmconsole-proxy* certificates
by capelle@labri.fr
Hi,
Since a few weeks, we are not able to connect to the vmconsole proxy:
$ ssh -t -p 2222 ovirt-vmconsole@ovirt
ovirt-vmconsole@ovirt: Permission denied (publickey).
Last successful login record: Mar 29 11:31:32
First login failure record: Mar 31 17:28:51
We tracked the issue to the following log in /var/log/ovirt-engine/engine.log:
ERROR [org.ovirt.engine.core.services.VMConsoleProxyServlet] (default task-11) [] Error validating ticket: : sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Indeed, certificate /etc/pki/ovirt-engine/certs/vmconsole-proxy-helper.cer and others did expire:
--
# grep 'Not After' /etc/pki/ovirt-engine/certs/vmconsole-proxy-*
/etc/pki/ovirt-engine/certs/vmconsole-proxy-helper.cer: Not After : Mar 31 13:18:44 2021 GMT
/etc/pki/ovirt-engine/certs/vmconsole-proxy-host.cer: Not After : Mar 31 13:18:44 2021 GMT
/etc/pki/ovirt-engine/certs/vmconsole-proxy-user.cer: Not After : Mar 31 13:18:44 2021 GMT
--
But we did not manage to found how to renew them. Any advice ?
--
Benoît
3 years, 1 month
Re: [PKI help] Renew vmconsole-proxy-helper.cer
by Richard Chan
running engine-setup should give you the
opportunity to update expired or expiring certificates.
>
> If you don't want to upgrade your system you can run it with the --offline
> option.
>
>
Thank you!
Richard Chan
3 years, 1 month
Cannot to update hosts, nothing provides libvirt-daemon-kvm >= 7.6.0-2 needed by vdsm-4.40.90.4-1.el8.x86_64
by Alexandr Mikhailov
Hi! Last time i has updated my host running ovirt 4.4 in september. Everything was normally.
After now in november i trying to update via UI but fave error that update failed. Checking over "dnf update" shows me that error in not resolved dependencies, and main is:
nothing provides libvirt-daemon-kvm >= 7.6.0-2 needed by vdsm-4.40.90.3-1.el8.x86_64
nothing provides libvirt-daemon-kvm >= 7.6.0-2 needed by vdsm-4.40.90.4-1.el8.x86_64
Hosts running Centos 8.4. I already try to use one with stream - same trouble. My opinion this is problem with libvirt-daemon-kvm package in centos repo. Maybe i mistakes. Please help.
3 years, 1 month
[PKI help] ovirt-vmconsole-proxy-keys HTTP Error 403
by Richard Chan
When checking SSH keys ovirt-vmconsole-proxy-keys is having the following
errors
ovirt-vmconsole[1583190]: 2021-11-18 17:21:42,503+0800
ovirt-vmconsole-list: ERROR main:265 Error: HTTP Error 403: Forbidden
ovirt-vmconsole-proxy-keys[1583186]: ERROR Key list execution failed rc=1
My Wildfly/vmconsole keystore may be bogus/expired:
2021-11-18 17:21:42,502+08 ERROR
[org.ovirt.engine.core.services.VMConsoleProxyServlet] (default task-269)
[] Error validating ticket: : sun.security.provider.ce
rtpath.SunCertPathBuilderException: unable to find valid certification path
to requested target
How can I troubleshoot this?
1. What keystore/truststore is Wildfly/ovirt-engine using?
2. Does vmconsole -> Wildfly present a client certificate - mutual TLS?
Where does it get this certificate/keypair from?
TIA
--
Richard Chan
3 years, 1 month
Creating VMs from templates with their own disks
by notify.sina@gmail.com
Hi All
Im very stumped on how to create VMs from templates I've made, but having them installed with their own disks.
Please can some one guide me on how to do this?
I have Ovirt running, with local storage hypervisors.
Anytime I try to use a template, the vm is created and booted with the template's disk.
I would especially appreciate how to do this with ansible.
Im trying to automate CentOS and Ubuntu VMs.
3 years, 1 month
ILLEGAL volume delete via vdsm-client
by francesco@shellrent.com
Hi all,
I'm trying to delete via vdsm-client toolan illegal volume that is not listed in the engine database. The volume ID is 5cb3fe58-3e01-4d32-bc7c-5907a4f858a8:
[root@ovirthost ~]# vdsm-tool dump-volume-chains e25db7d0-060a-4046-94b5-235f38097cd8
Images volume chains (base volume first)
image: 4d79c1da-34f0-44e3-8b92-c4bcb8524d83
Error: more than one volume pointing to the same parent volume e.g: (_BLANK_UUID<-a), (a<-b), (a<-c)
Unordered volumes and children:
- 00000000-0000-0000-0000-000000000000 <- 5aad30c7-96f0-433d-95c8-2317e5f80045
status: OK, voltype: INTERNAL, format: COW, legality: LEGAL, type: SPARSE, capacity: 214748364800, truesize: 165493616640
- 5aad30c7-96f0-433d-95c8-2317e5f80045 <- 5cb3fe58-3e01-4d32-bc7c-5907a4f858a8
status: OK, voltype: LEAF, format: COW, legality: ILLEGAL, type: SPARSE, capacity: 214748364800, truesize: 8759619584
- 5aad30c7-96f0-433d-95c8-2317e5f80045 <- 674e85d8-519a-461f-9dd6-aca44798e088
status: OK, voltype: LEAF, format: COW, legality: LEGAL, type: SPARSE, capacity: 214748364800, truesize: 200704
With the command vdsm-client Volume getInfo I can retrieve the info about the volume 5cb3fe58-3e01-4d32-bc7c-5907a4f858a8:
vdsm-client Volume getInfo storagepoolID=c0e7a0c5-8048-4f30-af08-cbd17d797e3b volumeID=5cb3fe58-3e01-4d32-bc7c-5907a4f858a8 storagedomainID=e25db7d0-060a-4046-94b5-235f38097cd8 imageID=4d79c1da-34f0-44e3-8b92-c4bcb8524d83
{
"apparentsize": "8759676160",
"capacity": "214748364800",
"children": [],
"ctime": "1634958924",
"description": "",
"disktype": "DATA",
"domain": "e25db7d0-060a-4046-94b5-235f38097cd8",
"format": "COW",
"generation": 0,
"image": "4d79c1da-34f0-44e3-8b92-c4bcb8524d83",
"lease": {
"offset": 0,
"owners": [],
"path": "/rhev/data-center/mnt/ovirthost.com:_data/e25db7d0-060a-4046-94b5-235f38097cd8/images/4d79c1da-34f0-44e3-8b92-c4bcb8524d83/5cb3fe58-3e01-4d32-bc7c-5907a4f858a8.lease",
"version": null
},
"legality": "ILLEGAL",
"mtime": "0",
"parent": "5aad30c7-96f0-433d-95c8-2317e5f80045",
"pool": "",
"status": "ILLEGAL",
"truesize": "8759619584",
"type": "SPARSE",
"uuid": "5cb3fe58-3e01-4d32-bc7c-5907a4f858a8",
"voltype": "LEAF"
}
I can't remove it due to the following error:
vdsm-client Volume delete storagepoolID=c0e7a0c5-8048-4f30-af08-cbd17d797e3b volumeID=5cb3fe58-3e01-4d32-bc7c-5907a4f858a8 storagedomainID=e25db7d0-060a-4046-94b5-235f38097cd8 imageID=4d79c1da-34f0-44e3-8b92-c4bcb8524d83 force=true
vdsm-client: Command Volume.delete with args {'storagepoolID': 'c0e7a0c5-8048-4f30-af08-cbd17d797e3b', 'volumeID': '5cb3fe58-3e01-4d32-bc7c-5907a4f858a8', 'storagedomainID': 'e25db7d0-060a-4046-94b5-235f38097cd8', 'imageID': '4d79c1da-34f0-44e3-8b92-c4bcb8524d83', 'force': 'true'} failed:
(code=309, message=Unknown pool id, pool not connected: ('c0e7a0c5-8048-4f30-af08-cbd17d797e3b',))
I'm performing the operation directly on the SPM. I searched for a while but I didn't find anything usefull. Any tips or doc that I missed?
3 years, 1 month
