vm backup, vprotect, user permissions
by Peter Hudec
Hi,
I would like to ask about thepermission for ht e vPortect to backup the VMs.
We have got 4 hypervisors in 1 DC for production and use admin account for backup.
Recently we added 3 more hypervisors for TEST/DEV. These new hypervisors are in separate DC.
As the vProtect got licence only for 4 hosts, we would like to create new user for taking backup only for the production DC.
We added vprotect user.
Add the DatacenterAdmin toe that users only for production DC, but this do not works, the problems are
- the vprotect user see all hosts ;(
- the backup are not able to finish, seems that some permission is still missing
Does anyone let me help with such a setup?
regards
Peter
2 years, 5 months
Problems with selinux after updating an ovirt node
by Giorgio Biacchi
Hi folks,
today I got a problem with vdsm and selinux after updating a host:
[root@host04 ~]# nodectl check
Status: WARN
Bootloader ... OK
Layer boot entries ... OK
Valid boot entries ... OK
Mount points ... OK
Separate /var ... OK
Discard is used ... OK
Basic storage ... OK
Initialized VG ... OK
Initialized Thin Pool ... OK
Initialized LVs ... OK
Thin storage ... OK
Checking available space in thinpool ... OK
Checking thinpool auto-extend ... OK
vdsmd ... BAD
So I run:
[root@host04 ~]# /usr/libexec/vdsm/vdsmd_init_common.sh --pre-start
vdsm: Running mkdirs
vdsm: Running configure_vdsm_logs
vdsm: Running run_init_hooks
vdsm: Running check_is_configured
lvm is configured for vdsm
Current revision of multipath.conf detected, preserving
Managed volume database is already configured
abrt is already configured for vdsm
libvirt is already configured for vdsm
sanlock is configured for vdsm
Modules sebool are not configured
Error:
One of the modules is not configured to work with VDSM.
To configure the module use the following:
'vdsm-tool configure [--module module-name]'.
If all modules are not configured try to use:
'vdsm-tool configure --force'
(The force flag will stop the module's service and start it
afterwards automatically to load the new configuration.)
vdsm: stopped during execute check_is_configured task (task returned
with error code 1).
But also runnining this gave me an error:
[root@host04 ~]# vdsm-tool configure --module sebool
Checking configuration status...
Running configure...
libsepol.context_from_record: type cloud_what_var_cache_t is not defined
libsepol.context_from_record: could not create context structure
libsepol.context_from_string: could not create context structure
libsepol.sepol_context_to_sid: could not convert
system_u:object_r:cloud_what_var_cache_t:s0 to sid
invalid context system_u:object_r:cloud_what_var_cache_t:s0
libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned
error code 255.
Traceback (most recent call last):
File "/usr/bin/vdsm-tool", line 209, in main
return tool_command[cmd]["command"](*args)
File "/usr/lib/python3.6/site-packages/vdsm/tool/__init__.py", line
40, in wrapper
func(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/vdsm/tool/configurator.py",
line 145, in configure
_configure(c)
File "/usr/lib/python3.6/site-packages/vdsm/tool/configurator.py",
line 92, in _configure
getattr(module, 'configure', lambda: None)()
File
"/usr/lib/python3.6/site-packages/vdsm/tool/configurators/sebool.py",
line 88, in configure
_setup_booleans(True)
File
"/usr/lib/python3.6/site-packages/vdsm/tool/configurators/sebool.py",
line 60, in _setup_booleans
sebool_obj.finish()
File "/usr/lib/python3.6/site-packages/seobject.py", line 340, in finish
self.commit()
File "/usr/lib/python3.6/site-packages/seobject.py", line 330, in commit
rc = semanage_commit(self.sh)
OSError: [Errno 0] Error
I managed to solve this by running:
[root@host04 ~]# semodule -i
/usr/share/selinux/packages/ovirt-vmconsole/ovirt_vmconsole.pp
[root@host04 ~]# vdsm-tool configure --module sebool
Checking configuration status...
Running configure...
Done configuring modules to VDSM.
Regards
--
gb
PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
2 years, 5 months
ONN upgrade failing due to /var/cache/dnf filling up
by nroach44@nroach44.id.au
I'm just wondering if anyone else has seen this, and if it's worth logging a case?
I've found that this seems to manifest itself as "Stop service" will succeed in the log, and them some time later the upgrade will fail. rm -rfv /var/cache/dnf* will resolve it.
Cheers,
Nathaniel.
2 years, 5 months
Unable to install on a bonded NIC
by weeglos@yahoo.com
So I'm running a fresh install of oVirt on a new Centos Stream node. Fresh install.
I installed the OS with bonded interfaces. I bonded them during the install via anaconda.
I followed the doc here: https://ovirt.org/documentation/installing_ovirt_as_a_self-hosted_engine_...
When I got to the hosted-engine --deploy step, it errored out saying, "Only Team devices are present. Teaming is unsupported."
However, I'm not teaming my network adapters at all. I'm bonding them:
[root@mustafar ~]# cat /etc/sysconfig/network-scripts/ifcfg-Bond_connection_1
BONDING_OPTS="mode=balance-rr downdelay=0 miimon=1 updelay=0"
TYPE=Bond
BONDING_MASTER=yes
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME="Bond connection 1"
UUID=[redacted]
DEVICE=bond0
ONBOOT=yes
IPADDR=192.168.5.83
PREFIX=24
GATEWAY=192.168.5.1
DNS1=192.168.5.2
DNS2=192.168.5.3
DNS3=192.168.5.4
DOMAIN=[redacted]
[root@mustafar ~]#
What gives with this?
2 years, 5 months
Live Migration FAIL
by m.rohweder@itm-h.de
Hi,
on my setup the live migration looks greate but,
all sytems finnished migration tasks and running on other Host, but most of them (random instances not every time the same) going into hung (100%cpu insode VM an no response), that only reset can fix.
and i cannot find annything.
Greetings
Michael
2 years, 5 months
Invalid username or password
by less foobar
I've installed a fresh ovirt. The default engine user doesn't work for me.
* I've tried changing the password with:
```
ovirt-aaa-jdbc-tool user password-reset admin --password-valid-to="2035-12-31 12:00:00Z"
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
Password:
Reenter password:
updating user admin...
user updated successfully
```
* I've tried unblocking the admin user:
```
ovirt-aaa-jdbc-tool user unlock admin
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
updating user admin...
user updated successfully
```
* I've tried `admin`, `admin@internal` and `root@localhost`
* Here is my admin details:
```
ovirt-aaa-jdbc-tool user show admin
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
-- User admin(bca1d04a-cc83-4ab6-8233-602ab66df6d9) --
Namespace: *
Name: admin
ID: bca1d04a-cc83-4ab6-8233-602ab66df6d9
Display Name:
Email: root@localhost
First Name: admin
Last Name:
Department:
Title:
Description:
Account Disabled: false
Account Locked: false
Account Unlocked At: 2022-07-04 17:16:50Z
Account Valid From: 2022-06-28 21:27:59Z
Account Valid To: 2222-06-28 21:27:59Z
Account Without Password: false
Last successful Login At: 1970-01-01 00:00:00Z
Last unsuccessful Login At: 1970-01-01 00:00:00Z
Password Valid To: 2035-12-31 12:00:00Z
```
* above the keycloak sign-in page I see ovirt-internal this is why I'm assuming I'm on the right page. No matter where I click on `Administration Porta`, `VM Portal` or in the upper right corner I land on that page. This is why I'm assuming it is the internal login page and my "default" admin account should work.
* If I try the `Monitoring Portal` I can login without any issues.
2 years, 5 months
oVirt OVA Export -> oVirt OVA Import failure
by simon@justconnect.ie
I carried out the following procedure:
1. Exported a VM as an OVA to a 4.3 environment host.
2. SCP'd the file to a host on a 4.5.0.3 environment.
3. Selected Import VM - Virtual Appliance (OVA) - selected the Host and path - clicked Load but no VMs are listed.
This process previously worked in 4.4
Is this a known bug?
Cannot upgrade to 4.5.1 until our internal mirrors have been updated.
Regards
Simon...
2 years, 5 months
How to move VM between datacenter?
by msjang@kisti.re.kr
Hi ALL.
I run two data centers:
DC1 with storage type as shared,
DC2 with storage type as local.
I want to move a VM in DC1 to DC2 and vice versa. No Live migration needs.
I attached NFS storage to DC2, but It does not shown on DC1. Can I add the same NFS storage to DC1 with different name and same export path?
Sincerey yours.
Minseok Jang.
2 years, 5 months
How to create image repo like default one? I want to serve custom images to users.
by msjang@kisti.re.kr
Hi, All.
I want to proviode image repo like default one (ovirt-image-repository) to serve custom image to users.
My quesions are:
1) How can I create a repo with image type?
It looks like openstack glance service, but I have no experience to install it as a standalone.
2) How can I add new storage domain with image type?
There are no image type on Storage > Storage Domain > New Domain in oVirt 4.5.
I've got lots of help from this mailing list.
Thank you.
Minseok Jang
2 years, 5 months
