December 2021 - Users - oVirt List Archives

Fresh install, dnf update dependency errors
by mediocre.slacker＠protonmail.com 20 Dec '21

20 Dec '21

CentOS Stream 8 fresh install. The logs show other repos, but I've tried this just installing CentOS Stream 8, updating, then installing the ovirt repo only. Then, after installing ovirt-hosted-engine-setup, dependencies become broken and dnf update produces the following error: [slacker@host1 ~]$ sudo dnf check-update Last metadata expiration check: 0:15:33 ago on Tue 07 Dec 2021 06:27:14 PM EST. epel-next-release.noarch 8-13.el8 epel epel-release.noarch 8-13.el8 epel epel-release.noarch 8-13.el8 ovirt-4.4-epel libzstd.x86_64 1.4.5-6.el8 ovirt-4.4-openstack-victoria ovirt-host.x86_64 4.4.9-2.el8 ovirt-4.4 ovirt-host-dependencies.x86_64 4.4.9-2.el8 ovirt-4.4 ovirt-release44.noarch 4.4.9.1-1.el8 ovirt-4.4 python3-pyparsing.noarch 2.4.6-1.el8 ovirt-4.4-openstack-victoria python3-pyyaml.x86_64 5.1.2-3.el8 ovirt-4.4-copr:copr.fedorainfracloud.org:sbonazzo:EL8_collection python3-six.noarch 1.15.0-2.el8 ovirt-4.4-openstack-victoria [slacker@host1 ~]$ sudo dnf update Last metadata expiration check: 0:15:56 ago on Tue 07 Dec 2021 06:27:14 PM EST. Error: Problem 1: package rsyslog-openssl-8.2102.0-5.el8.x86_64 requires rsyslog = 8.2102.0-5.el8, but none of the providers can be installed - cannot install both rsyslog-8.2102.0-5.el8.x86_64 and rsyslog-8.2102.0-6.el8.x86_64 - package ovirt-host-dependencies-4.4.9-2.el8.x86_64 requires rsyslog-openssl, but none of the providers can be installed - cannot install the best update candidate for package rsyslog-8.2102.0-6.el8.x86_64 - cannot install the best update candidate for package ovirt-host-dependencies-4.4.8-1.el8.x86_64 Problem 2: package rsyslog-mmnormalize-8.2102.0-6.el8.x86_64 requires rsyslog = 8.2102.0-6.el8, but none of the providers can be installed - cannot install both rsyslog-8.2102.0-5.el8.x86_64 and rsyslog-8.2102.0-6.el8.x86_64 - cannot install both rsyslog-8.2102.0-6.el8.x86_64 and rsyslog-8.2102.0-5.el8.x86_64 - package rsyslog-openssl-8.2102.0-5.el8.x86_64 requires rsyslog = 8.2102.0-5.el8, but none of the providers can be installed - package ovirt-host-dependencies-4.4.9-2.el8.x86_64 requires rsyslog-openssl, but none of the providers can be installed - package ovirt-host-4.4.9-2.el8.x86_64 requires ovirt-host-dependencies = 4.4.9-2.el8, but none of the providers can be installed - cannot install the best update candidate for package rsyslog-mmnormalize-8.2102.0-6.el8.x86_64 - cannot install the best update candidate for package ovirt-host-4.4.8-1.el8.x86_64 (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

2 1

Checksum errors
by tony.stivers＠gmail.com 20 Dec '21

20 Dec '21

[ INFO ] TASK [ovirt.ovirt.engine_setup : Update all packages] [ ERROR ] fatal: [localhost -> 192.168.1.115]: FAILED! => {"changed": false, "msg": "Failed to download packages: Cannot download noarch/ovirt-engine-setup-plugin-imageio-4.4.9.5-1.el8.noarch.rpm: All mirrors were tried", "results": []} $ sudo dnf download ovirt-engine-setup-plugin-imageio Last metadata expiration check: 0:17:07 ago on Mon 06 Dec 2021 02:45:32 PM EST. [MIRROR] ovirt-engine-setup-plugin-imageio-4.4.9.5-1.el8.noarch.rpm: Downloading successful, but checksum doesn't match. Calculated: 341e4863db246fd0f55fac65f7c464391ca92abacb69726a58c9ca99d8a81695(sha256) Expected: 001ace75d82bedc5c80a9203ea888cb385d1661d37b06e1f3b8a368c504bd0fe(sha256) [MIRROR] ovirt-engine-setup-plugin-imageio-4.4.9.5-1.el8.noarch.rpm: Downloading successful, but checksum doesn't match. Calculated: 341e4863db246fd0f55fac65f7c464391ca92abacb69726a58c9ca99d8a81695(sha256) Expected: 001ace75d82bedc5c80a9203ea888cb385d1661d37b06e1f3b8a368c504bd0fe(sha256) [MIRROR] ovirt-engine-setup-plugin-imageio-4.4.9.5-1.el8.noarch.rpm: Downloading successful, but checksum doesn't match. Calculated: 341e4863db246fd0f55fac65f7c464391ca92abacb69726a58c9ca99d8a81695(sha256) Expected: 001ace75d82bedc5c80a9203ea888cb385d1661d37b06e1f3b8a368c504bd0fe(sha256) ovirt-engine-setup-plugin-imageio-4.4.9.5-1.el8.noarch.rpm 33 kB/s | 27 kB 00:00

2 1

cannot add amd and intel cpu type hosts in the same cluster
by kishorekumar.goli＠gmail.com 20 Dec '21

20 Dec '21

Hi Team, We have hosts with intel and amd cpu types. We would like to know if there is a possibility to use both cpu types in the same cluster in ovirt. cpu types: AMD EPYC, Intel Haswell Family. BRs Kishore

2 2

Upgrading Cluster Compatibility Level with Self Hosted HE
by Nur Imam Febrianto 20 Dec '21

20 Dec '21

Hi, Any idea how the appropriate step for upgrading cluster compatibility level ? We have two nodes that already up to date (already do yum upgrade manually and make sure its up to date), whenever we try to use Upgrade function in cluster, nothing changes. Thanks before. Regards, Nur Imam Febrianto Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows

1 0

fetch engine's version
by Diggy Mc 19 Dec '21

19 Dec '21

Is there a command I can run on the engine to retrieve the engine's version number? I ask because I am writing a bash script to automatically backup the engine database via the 'engine-backup' command and would like to include the engine's current version number with the backup. A response is greatly appreciated.

2 3

Veeam Backup ova importing
by bulentsenguler＠gmail.com 19 Dec '21

19 Dec '21

Hi all, I have wanted to try veeam backup solution for ovirt and I tried to import ova but I failed. the message was "VDSM rhvh01.test.local command Get Host Statistics failed: Internal JSON-RPC error: {'reason': "'str' object has no attribute 'decode'"}" that I recived every thirty seconds. I stuck in this stuation.

2 1

Re: remote-viewer VNC mode issue
by Patrick Hibbs 17 Dec '21

17 Dec '21

Hello, Apperently, VNC with TLS enabled is the default. At the very least I don't remember ever enabling it. Attempting to disable it as a quick test, by altering /etc/libvirt/qemu.conf and setting vlc_tls=0 fixes it. So I guess, I'll need to disable it at the cluster level for a permanent fix. (And then reinstall the hosts....) After seeing the previous reply, I figured that the "direct connection to the VM host" meant the VNC connection would be using TLS. SPICE "Just Works(TM)" with TLS enabled, but for VNC it requires a TLS cert to be installed on the ovirt host servers. And of course, the default is the internal engine CA. With no easy way to override it. (I.e. The new cert config won't survive a host reinstall / upgrade.) Which defeats the entire purpose of having a third party CA for end- user connections. I guess we'll have to disable this method of VM console access for now, and rely on noVNC until the cert issue gets fixed. I'm not sure that the user mailing list is the place for feature requests, but just in case and to avoid criticizing without offering a solution, I would love some mechanism in the web interface to upload a new third party CA cert for the hosts to use with end-user requests. (VNC, image io proxy, cockpit, etc.) The internal engine CA could even be used to secure those cert updates. (As the engine itself could prompt the hosts to install the new cert via VDSM or something. Even better that method wouldn't require a host reinstall to finish.) That would simplify managment and renewal of the certs. As the operation could be delegated / restricted to users with a specific permission, (like with the VM permissions), and prevent us from needing to manually configure things in a text file. (The engine host could use this also.) Thanks for the suggestions everyone. -Patrick Hibbs On Wed, 2021-12-15 at 00:05 +0000, Staniforth, Paul wrote: > Hi Patrick, > > The ovirt-vmconsole is a for emulated serial connections (via a ssh > tunnel). > > The VNC ports are the same range as spice5900 - 6923. > > Do you have encryption enabled for VNC? > > > Regards, > Paul S. > From: Patrick Hibbs <hibbsncc1701(a)gmail.com> > Sent: 14 December 2021 22:53 > To: Staniforth, Paul <P.Staniforth(a)leedsbeckett.ac.uk> > Cc: oVirt Users Mailing List <users(a)ovirt.org> > Subject: Re: [ovirt-users] Re: remote-viewer VNC mode issue > > Caution External Mail: Do not click any links or open any attachments > unless you trust the sender and know that the content is safe. > Hello, > > Well a quick check of the hosts say that they have ovirt-vmconsole > enabled on their firewall, but there doesn't seem to be any logs for > the vmconsoles on them. Running wireshark on one of the end-user > machines shows that the host does send packets back and forth but > then the end-user machine TCP resets the connection. (I assume due to > the credential failure.) So it doesn't seem to be a firewall issue. > > Is there anything I can do to get some more logs from the vmconsoles > on the Host? > > Thanks. > > -Patrick Hibbs > > On Tue, 2021-12-14 at 12:56 +0000, Staniforth, Paul wrote: > > Hello Patrick, > > with noVNC the connection is made via the > > websocket-poxy service (probably on the engine server). > > The remote-viewer connects directly from the client machine to the > > virtual host the VM is running on. Maybe check the network/firewall > > between the client and the host, also the OTP expires after 120 > > seconds. > > > > > > Regards, > > > > Paul S. > > From: Strahil Nikolov via Users <users(a)ovirt.org> > > Sent: 14 December 2021 12:12 > > To: hibbsncc1701(a)gmail.com <hibbsncc1701(a)gmail.com>; oVirt Users > > Mailing List <users(a)ovirt.org> > > Subject: [ovirt-users] Re: remote-viewer VNC mode issue > > > > Caution External Mail: Do not click any links or open any > > attachments unless you trust the sender and know that the content > > is safe. > > The most common problem is the CA of oVirt not trusted in the web > > browser of the client. > > > > > > Best Regards, > > Strahil Nikolov > > > > > On Sun, Dec 12, 2021 at 0:00, Patrick Hibbs > > > <hibbsncc1701(a)gmail.com> wrote: > > > Hello, > > > > > > As oVirt unfortuately now requires VNC for the VM consoles, > > > I've been attempting to get VNC mode working on my end user > > > clients. > > > > > > The noVNC browser client works just fine, but for some reason > > > the default download to remote-viewer fails on the same hosts. > > > > > > All the end-user gets is a quick flash of the remote-viewer > > > window on > > > their screen. > > > > > > Running remote-viewer in debug mode I get this: > > > > > > ---log snip--- > > > > > > $ remote-viewer -v --debug Downloads/console.vv > > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.906: Opening > > > display > > > to Downloads/console.vv > > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.906: Guest > > > (null) has > > > a vnc display > > > Guest (null) has a vnc display > > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.952: Spice > > > foreign > > > menu updated > > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.952: After open > > > connection callback fd=-1 > > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.952: Opening > > > connection to display at Downloads/console.vv > > > Opening connection to display at Downloads/console.vv > > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.953: fullscreen > > > display 0: 0 > > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:35.953: notebook > > > show > > > status 0x560a419d2280 > > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.032: notebook > > > show > > > status 0x560a419d2280 > > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.032: Insert > > > display 0 > > > 0x560a423fa1e0 > > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.032: notebook > > > show > > > status 0x560a419d2280 > > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.052: Allocated > > > 1024x740 > > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.052: Child > > > allocate > > > 1024x640 > > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.053: Got VNC > > > credential request for 1 credential(s) > > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.067: Not > > > removing > > > main window 0 0x560a4195d910 > > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.067: > > > Disconnected > > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.067: close > > > vnc=0x560a419fc220 > > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.068: notebook > > > show > > > status 0x560a419d2280 > > > (remote-viewer:4056): virt-viewer-DEBUG: 16:35:36.068: Guest > > > (null) > > > display has disconnected, shutting down > > > Guest (null) display has disconnected, shutting down > > > > > > ---log snip--- > > > > > > It seems to be failing a credential request, but I'm not sure > > > why. The > > > engine logs only show the VM console ticket being created, but > > > does not > > > show any connection attempts unless noVNC is used. > > > > > > ---log snip--- > > > > > > 2021-12-11 16:48:23,402-05 INFO > > > [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-16) > > > [68b90cfe] Running command: SetVmTicketCommand internal: false. > > > Entities affected : ID: bb05ab12-91e5-4ab6-92b1-b911ed78f64f > > > Type: > > > VMAction group CONNECT_TO_VM with role type USER > > > 2021-12-11 16:48:23,414-05 INFO > > > [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] > > > (default task-16) [68b90cfe] START, > > > SetVmTicketVDSCommand(HostName = -- > > > REDACTED--, SetVmTicketVDSCommandParameters:{hostId='1fdd841b- > > > 477f- > > > 4d13-9935-7908924dd5a1', vmId='bb05ab12-91e5-4ab6-92b1- > > > b911ed78f64f', > > > protocol='VNC', ticket='ocziPsEOF4km', validTime='120', > > > userName='-- > > > REDACTED--@--REDACTED--', userId='e83ab2b3-c464-49a4-a0ab- > > > 4e62e8131304', disconnectAction='LOCK_SCREEN'}), log id: f6dccdd > > > 2021-12-11 16:48:23,435-05 INFO > > > [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] > > > (default task-16) [68b90cfe] FINISH, SetVmTicketVDSCommand, > > > return: , > > > log id: f6dccdd > > > 2021-12-11 16:48:23,461-05 INFO > > > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDire > > > ctor] > > > (default task-16) [68b90cfe] EVENT_ID: VM_SET_TICKET(164), User -- > > > REDACTED--@--REDACTED--@--REDACTED-- initiated console session > > > for VM > > > Test > > > # > > > > > > ---log snip--- > > > > > > What else can I do to troubleshoot this? > > > > > > - Patrick Hibbs > > > > > > _______________________________________________ > > > Users mailing list -- users(a)ovirt.org > > > To unsubscribe send an email to users-leave(a)ovirt.org > > > Privacy Statement: https://www.ovirt.org/privacy-policy.html > > > oVirt Code of Conduct: > > > https://www.ovirt.org/community/about/community-guidelines/ > > > List Archives: > > > > > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/Q5ENXJJU5V7LJ… > > To view the terms under which this email is distributed, please go > > to:- > > https://leedsbeckett.ac.uk/disclaimer/email > > > To view the terms under which this email is distributed, please go > to:- > https://leedsbeckett.ac.uk/disclaimer/email

1 0

There is no 'admin' in users table
by jihwahn1018＠naver.com 17 Dec '21

17 Dec '21

Hi, i have trouble in 'ovirt-engine-extension-aaa-jdbc' I'm following 'III. Configuration of a new custom aaa-jdbc profile' part in README.admin (https://github.com/jihwahn1018/ovirt-engine-extension-aaa-jdbc/blob/master/…) when i try to login the webadmin page, i can't login becauser there is no 'admin' in custom database. how can i solve it? Thanks, Jihwan

2 2

Is vulnerable log4j package necessary in my ovirt repo?
by Henry lol 16 Dec '21

16 Dec '21

Hello, I found that the vulnerable log4j-2.13.0-1 package is in oVirt repository, but not installed even after the oVirt setup. So, I want to remove that package from my private oVirt repository if it's not necessary. but I'm not sure what will happen by doing so. Is there any side effects?

2 1

Questions about VDSM communication protocol
by Henry lol 16 Dec '21

16 Dec '21

Hello, 1. I know vdsm communication adopted rpc over "stomp" and i'm wondering if it's due to use of the message broker or any other purpose. 2. according to https://www.ovirt.org/develop/release-management/features/infra/jsonrpc.html, vdsm has the final plan to completely separate msg broker. Is it still valid and under development? 3. if so, why is vdsm trying to use msg broker? because it seems enough even without msg broker. thanks,

3 7