Obtain SSO token using username/password credentials] fails Error during SSO authentication access_denied : Cannot authenticate user Invalid user credentials.
by antonio.riggio@mail.com
can anyone tell how I can fix this I have not been able to install ovirt. Im using the same password when I login to ovirt too. thanks
INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Obtain SSO token using username/password credentials]
[ ERROR ] ovirtsdk4.AuthError: Error during SSO authentication access_denied : Cannot authenticate user Invalid user credentials.
[ ERROR ] fatal: [localhost]: FAILED! => {"attempts": 50, "changed": false, "msg": "Error during SSO authentication access_denied : Cannot authenticate user Invalid user credentials."}
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Sync on engine machine]
[ INFO ] changed: [localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Fetch logs from the engine VM]
[ INFO ] ok: [localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Set destination directory path]
[ INFO ] ok: [localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Create destination directory]
[ INFO ] changed: [localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : include_tasks]
[ INFO ] ok: [localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Find the local appliance image]
[ INFO ] ok: [localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Set local_vm_disk_path]
[ INFO ] ok: [localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Give the vm time to flush dirty buffers]
[ INFO ] ok: [localhost -> localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Copy engine logs]
[ INFO ] changed: [localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Change ownership of copied engine logs]
[ INFO ] changed: [localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : include_tasks]
[ INFO ] ok: [localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Remove local vm dir]
[ INFO ] changed: [localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Remove temporary entry in /etc/hosts for the local VM]
[ INFO ] changed: [localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : include_tasks]
[ INFO ] ok: [localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Destroy local storage-pool localvmxfo24vb0]
[ INFO ] changed: [localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Undefine local storage-pool localvmxfo24vb0]
[ INFO ] changed: [localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Destroy local storage-pool 9df88328-fb97-4230-a679-a9ab4cc59562]
[ INFO ] changed: [localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Undefine local storage-pool 9df88328-fb97-4230-a679-a9ab4cc59562]
[ INFO ] changed: [localhost]
[ INFO ] TASK [ovirt.ovirt.hosted_engine_setup : Notify the user about a failure]
[ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg": "The system may not be provisioned according to the playbook results: please check the logs for the issue, fix accordingly or re-deploy from scratch.\n"}
1 year, 5 months
oVirt Host EL9 with UEFI Secure Boot
by Jorge Visentini
Hi there!
Is this information still valid?
To use Enterprise Linux 9 on virtualization hosts, the UEFI Secure Boot
option must be disabled due to *Bug 2081648 - dmidecode module fails to
decode DMI data <https://bugzilla.redhat.com/show_bug.cgi?id=2081648>*.
I read that it was fixed in *python-dmidecode-3.12.3-1.el9* but we still
use *python-3.11*.
Is this bug only for hosted-engine or for standalone too?
BR.
--
Att,
Jorge Visentini
+55 55 98432-9868
1 year, 5 months
Processors compatibility matrix oVirt
by Jorge Visentini
Do you have any documentation or compatibility matrix between oVirt and
processors?
How can I know if a processor is compatible?
I ask because in the *lscpu* command I see 2 sockets, but in the *engine* I
only see 1 socket.
BR.
--
Att,
Jorge Visentini
+55 55 98432-9868
1 year, 5 months
ovirt with rocky linux kvm
by cynthiaberbery@outlook.com
Hello,
after installing multiple machines as rocky linux, Ovirt was chosen to be used to manage this infra.
But adding these machines as "hosts" on ovirt always give:
Error while executing action: Cannot add Host. Connecting to host via SSH has failed, verify that the host is reachable (IP address, routable address etc.) You may refer to the engine.log file for further details.
Is rocky kvm supported on ovirt 4.3.10.4-1.el7?
Do you have any contact with a supporting company/team for ovirt to check their support plan?
1 year, 5 months
How to re-enroll a host with an active workload whose certificate expired
by David Johnson
Good evening all,
I have a three host installation with a separate dedicated bare metal
system for the engine, running Ovirt 4.5.2.4-1.el8.
This afternoon, the engine lost communication with one of the hosts. The
engine log says the certificate is expired.
The official solution appears to be to put the host into maintenance mode
then re-enroll it.
Unfortunately, because the certificate is expired, the engine cannot switch
to maintenance mode or control the VM's to shut them down.
Error while executing action: Cannot switch Host to Maintenance mode.
Host still has running VMs on it and is in Non Responsive state.
See log excerpt below
What is the correct way to update/reinstate a certificate in a running
cluster when the engine does not acknowledge the host is operational due to
an expired certificate?
Thank you.
*David Johnson*
Log excerpt:
2023-07-20 16:27:46,904-05 INFO
[org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (SSL Stomp Reactor)
[] Connecting to /192.168.2.18
2023-07-20 16:27:46,904-05 INFO
[org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (SSL Stomp Reactor)
[] *Connected to /192.168.2.18:54321 <http://192.168.2.18:54321>*
2023-07-20 16:27:46,912-05 ERROR
[org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) [] *Unable
to process messages Received fatal alert: certificate_expired*
2023-07-20 16:27:46,914-05 ERROR
[org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring]
(EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-52) []
Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException:
VDSNetworkException: Received fatal alert: certificate_expired
2023-07-20 16:27:47,356-05 ERROR
[org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring]
(EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-34) []
Unable to RefreshCapabilities: ClientConnectionException: SSL session is
invalid
2023-07-20 16:27:47,356-05 WARN
[org.ovirt.engine.core.bll.lock.InMemoryLockManager]
(EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-34) []
Trying to release exclusive lock which does not exist, lock key:
'f69d35b2-7666-4ac6-8645-2f119cf2ce1cVDS_INIT'
2023-07-20 16:27:47,356-05 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.GetCapabilitiesAsyncVDSCommand]
(EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-34) []
Command
'org.ovirt.engine.core.vdsbroker.vdsbroker.GetCapabilitiesAsyncVDSCommand'
return value
'org.ovirt.engine.core.vdsbroker.vdsbroker.VDSInfoReturn@7d03f4f0'
2023-07-20 16:27:47,356-05 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.GetCapabilitiesAsyncVDSCommand]
(EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-34) []
HostName = ovirt-host-03
2023-07-20 16:27:47,356-05 ERROR
[org.ovirt.engine.core.vdsbroker.vdsbroker.GetCapabilitiesAsyncVDSCommand]
(EE-ManagedScheduledExecutorService-engineScheduledThreadPool-Thread-34) []
Command 'GetCapabilitiesAsyncVDSCommand(HostName = ovirt-host-03,
VdsIdAndVdsVDSCommandParametersBase:{hostId='f69d35b2-7666-4ac6-8645-2f119cf2ce1c',
vds='Host[ovirt-host-03,f69d35b2-7666-4ac6-8645-2f119cf2ce1c]'})' execution
failed: org.ovirt.vdsm.jsonrpc.client.ClientConnectionException: *SSL
session is invalid*
1 year, 5 months
First time user/setup
by jmred88@gmail.com
Could someone explain to me the proper documentation I should be using for a standalone setup? I have one host with local storage/resources and would like that to both host and manage my VMs but I keep getting into the weeds with which documentation to follow.
1 year, 5 months
ovirt node 4.5 is not working on esxi8 on my lab
by poper@windowslive.com
Hello there,
May I ask why I have installed ovirt node 4.5 latest from iso on my esxi8 after I logged in to the web interface to manage this host I cannot find menu virtualization but when I tested on 4.4.6 everything is work. Do you have any idea?
Thanks.
1 year, 5 months
Commit or release history
by Jorge Visentini
Hi.
I'm following the release of the 4.5.5 isos and I see that new isos are
coming out almost every day.
Is there any place where I can keep track of the changes that were made
from one iso to another? Is it open for us to follow?
Cheers!
--
Att,
Jorge Visentini
+55 55 98432-9868
1 year, 5 months
python sdk4 ovirt 4.5.5.0 master
by Jorge Visentini
Hi.
I am testing oVirt 4.5.5-0.master.20230712143502.git07e865d650.el8.
I missed the python scripts to download and upload discs and images... Will
it still be possible to use them or should I consider using Ansible?
BR.
--
Att,
Jorge Visentini
+55 55 98432-9868
1 year, 5 months
oVirt 4.4. Engine Deployment: Problems with Gluster Storage Domain
by Thyen, Niko
Hi everybody!
I am having a hard time getting oVirt 4.4 to work. We want to update our
4.3 Cluster and i am trying to set up a fresh 4.4 Cluster (and restore
the backup later on) in order to update to 4.5. It fails at the end of
the engine deloyment, when the Gluster Storage Domain should be added.
I installed oVirt Node 4.4.10 on an old PC and made the following
modifications to the engine deployment process:
- altered defaults in
/usr/share/ansible/collections/ansible_collections/ovirt/ovirt/roles/hosted_engine_setup/defaults/main.yml:
- "he_pause_before_engine_setup: true" (in this pause before engine
setup, i ssh into the engine and exclude the package postgresql-jdbc
from update, which otherwise breaks the deployment [1])
- "he_remove_appliance_rpm: false" (to avoid the large download every
single try, i tried a lot)
- "he_force_ip4: true" (to avoid problems with IPv6, see below)
- in
/usr/share/ansible/collections/ansible_collections/ovirt/ovirt/roles/hosted_engine_setup/tasks/fetch_host_ip.yml
i added after "- name: Get host address resolution:" the following lines
(to avoid a problem with an "invalid" IPv6-Adress, which otherwise
breaks the deployment [2]):
- name: Get host IP addresses
ansible.builtin.command: hostname -I
register: hostname_addresses_output
changed_when: true
Most times, i started deployment via shell but tried via webinterface of
the node as well. It fails at the task "Add glusterfs storage domain"
with the following message:
"[ ERROR ] ovirtsdk4.Error: Fault reason is "Operation Failed". Fault
detail is "[Failed to fetch Gluster Volume List]". HTTP response code is
400." (See also [3])
When the setup asks for storage, i tried different answers
(gluster.local:/volume, gluster.local:/path/to/brick/volume,
192.168.8.51:/volume ...), no mount options.
I added firewall rules for glusterfs at node and engine. Even tried
disabling the firewall. No firewall on the gluster servers running. On
the Node, i also tested setting SELinux to permissive.
Recorded the traffic at different interfaces ("ovirtmgmt" and "virbr0"
on the node and "eth0" on the engine) and i can see the node and the
gluster server talking: Node gets the volume with options (which are,
btw, compliant to the docs, "storage.owner-gid: 36" "storage.owner-uid:
36" etc) but thats it, no further packets to mount the volume.
I noticed some ARP packets as well, the node asks the IP from the engine
(the configured static IP, which is not yet active). And the engine
sends a dns request for the gluster server to the node (via interface
virbr0), but doesnt connect to the gluster server. At least, thats what
i can see, most of the traffic is TLS, which i couldnt decrypt yet. I
appreciate any hint where to find the right keys.
Anyway, i can ssh from the engine to the gluster server and mount the
gluster volume manually on the node (mount -t glusterfs
gluster.local:/volume /local/path), so there seem no connectivity
issues.
Since the engine deployment log is around 30MB i attached a log summary
with findings i found relevant. I'll provide more logs if needed.
I really wanna put this huge timesink to an end. Can anyone help me or
point me in the right direction?
Many thanks in advance :)
Regards,
Niko
[1] This was the error message i got:
"[ ERROR ] fatal: [localhost -> 192.168.222.195]: FAILED! =>
{"attempts": 30, "changed": false, "connection": "close", "content":
"Error500 - Internal Server Error", "content_encoding": "identity",
"content_length": "86", "content_type": "text/html; charset=UTF-8",
"date": "Wed, 17 May 2023 22:42:27 GMT", "elapsed": 0, "msg": "Status
code was 500 and not [200]: HTTP Error 500: Internal Server Error",
"redirected": false, "server": "Apache/2.4.37 (centos) OpenSSL/1.1.1k
mod_auth_gssapi/1.6.1 mod_wsgi/4.6.4 Python/3.6", "status": 500, "url":
"http://localhost/ovirt-engine/services/health"}"
[2] This was the error message i got:
"VDSM ovirt.martinwi.local command HostSetupNetworksVDS failed: Internal
JSON-RPC error: {'reason': "Invalid IP address:
'fe80::ea3f:67ff:fe7f:a029%ovirtmgmt' does not appear to be an IPv4 or
IPv6 address"}"
[3]
/var/log/ovirt-hosted-engine-setup/ovirt-hosted-engine-setup-20230718140628-rryscj.log:
2023-07-18 16:32:35,877+0200 DEBUG
otopi.ovirt_hosted_engine_setup.ansible_utils
ansible_utils._process_output:106 {'msg': 'Fault reason is "Operation
Failed". Fault detail is "[Failed to fetch Gluster Volume List]". HTTP
response code is 400.', 'exception': 'Traceback (most recent call
last):\n File
"/tmp/ansible_ovirt_storage_domain_payload_b4ofbzxa/ansible_ovirt_storage_domain_payload.zip/ansible_collections/ovirt/ovirt/plugins/modules/ovirt_storage_domain.py",
line 804, in main\n File
"/tmp/ansible_ovirt_storage_domain_payload_b4ofbzxa/ansible_ovirt_storage_domain_payload.zip/ansible_collections/ovirt/ovirt/plugins/module_utils/ovirt.py",
line 674, in create\n **kwargs\n File
"/usr/lib64/python3.6/site-packages/ovirtsdk4/services.py", line 26258,
in add\n return self._internal_add(storage_domain, headers, query,
wait)\n File "/usr/lib64/python3.6/site-packages/ovirtsdk4/service.py",
line 232, in _internal_add\n return future.wait() if wait else
future\n File
"/usr/lib64/python3.6/site-packages/ovirtsdk4/service.py", line 55, in
wait\n return self._code(response)\n File
"/usr/lib64/python3.6/site-packages/ovirtsdk4/service.py", line 229, in
callback\n self._check_fault(response)\n File
"/usr/lib64/python3.6/site-packages/ovirtsdk4/service.py", line 132, in
_check_fault\n self._raise_error(response, body)\n File
"/usr/lib64/python3.6/site-packages/ovirtsdk4/service.py", line 118, in
_raise_error\n raise error\novirtsdk4.Error: Fault reason is
"Operation Failed". Fault detail is "[Failed to fetch Gluster Volume
List]". HTTP response code is 400.\n', 'invocation': {'module_args':
{'state': 'unattached', 'name': 'hosted_storage', 'host':
'ovirt.martinwi.local', 'data_center': 'Default', 'wait': True,
'glusterfs': {'address': 'gluster1.martinwi.local', 'path': '/gv3',
'mount_options': ''}, 'timeout': 180, 'poll_interval': 3,
'fetch_nested': False, 'nested_attributes': [], 'domain_function':
'data', 'id': None, 'description': None, 'comment': None, 'localfs':
None, 'nfs': None, 'iscsi': None, 'managed_block_storage': None,
'posixfs': None, 'fcp': None, 'wipe_after_delete': None, 'backup': None,
'critical_space_action_blocker': None, 'warning_low_space': None,
'destroy': None, 'format': None, 'discard_after_delete': None}},
'_ansible_no_log': False, 'changed': False}
1 year, 5 months
