ovirt hosted engine restore backup fails: remot host identifaction changed
by jeroen.gui@telenet.be
I have a backup file from our ovirt hosted engine. When I try to run "hosted-engine --deploy --restore-from-file=backup.bck" on the same machine with a fresh install of ovirt node 4.3 I get this error after some minutes:
[ ERROR ] fatal: [localhost -> ovirt.*mydomain.com*]: FAILED! => {"changed": false, "elapsed": 185, "msg": "timed out waiting for ping module test success: Failed to connect to the host via ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\r\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\r\nIt is also possible that a host key has just been changed.\r\nThe fingerprint for the ECDSA key sent by the remote host is\nSHA256:aer7BMZyKHhfzMXX4pzVULHN7OwSSNDrCuOyvdmG8sQ.\r\nPlease contact your system administrator.\r\nAdd correct host key in /dev/null to get rid of this message.\r\nOffending ED25519 key in /var/lib/sss/pubconf/known_hosts:6\r\nPassword authentication is disabled to avoid man-in-the-middle attacks.\r\nKeyboard-interactive authentication is disabled to
avoid man-in-the-middle attacks.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password)."}
I can't find anything in the docs about this problem. I already removed all the entries in /var/lib/sss/pubconf/known_hosts on my ovirt host machine. But that didn't change anything. Is their something wrong with the backup. At the moment I have 2 other hosts running my VM's but no ovirt manager.
2 years
Failed to start service jboss.deployment.subunit."engine.ear"."webadmin.war".STRUCTURE Ovirt 4.4.10 Self-hosted engine
by wthomas85@gmail.com
I'm trying to deploy a new ovirt 4.4.10 self-hosted engine. Whenever I try to access the server via a web browser I get 404 - Not Found. In /var/log/ovirt-engine/server.log I see Failed to start service jboss.deployment.subunit."engine.ear"."webadmin.war".STRUCTURE due to a java.io.FileNotFoundException for /var/lib/ovirt-engine/jboss_runtime/tmp/vfs/deployment/deployment38ca8fb55a7d2674/gwt-servlet.jar-ab669e949f887030/gwt-servlet.jar. Inside /var/lib/ovirt-engine/jboss_runtime/tmp/vfs/deployment/deployment38ca8fb55a7d2674/, I do not have the gwt-servlet.jar-ab669e949f887030 dir. I can create it and copy gwt-servlet.jar to it and set the proper ownership and permissions, but then I am not sure how to restart jboss. I am not sure what is happening that would prevent the gwt-servlet.jar dir from being created inside the /var/lib/ovirt-engine/jboss_runtime/tmp/vfs/deployment/ dir. I can see bll.jar, 4 branding.jar dirs, docs.jar, enginesso.jar, scheduler.jar, services.jar, vdsbroker.ja
r, and welcome.jar dirs inside /var/lib/ovirt-engine/jboss_runtime/tmp/vfs/deployment/deployment38ca8fb55a7d2674 but no gwt-servlet.jar dir unless I make it myself.
2 years
Python Unsupported Version Detection (ovirt Manager 4.4.10)
by michael.li@hactlsolutions.com
Hi,
We have installed oVirt manger in Centos stream 8 and running the security scanning by Tenable Nessus ID 148367
When I try to remove the python3.6. It will remove many dependency package related ovirt.
How can I fixed this vulnerability as below?
Python Unsupported Version Detection
Plugin Output:
The following Python installation is unsupported :
Path : /
Port : 35357
Installed version : 3.6.8
Latest version : 3.10
Support dates : 2021-12-23 (end of life)
Regards,
Michael Li
2 years
Network filters in oVirt : zero-trust, IP and port filtering
by ravi k
Good people of the community,
Hope you are all doing well. We are exploring the network filters in oVirt to check if we can implement a zero-trust model at the network level. The intention is to have a filter which takes two parameters, IP and PORT. After that there will be a 'deny all' rule. We realized that none of the default network filters offer such a functionality and the only option is to write a custom filter.
Why don't we have such a filter in libvirt and thereby in oVirt? Someone would've already thought about such a use case. So I was thinking maybe network filters aren't meant to be used for implementing such functionalities like zero-trust?
Also what are some practical use cases of the default filters that are provided? I was able to understand and use the clean-traffic and clean-traffic-gateway.
Regards,
ravi
2 years