Error when deploy Ovirt4.4 Hosted Engine
by staybox@gmail.com
Hello, I get error, need help.
[ ERROR ] fatal: [localhost]: FAILED! => {"msg": "The conditional check 'not ipv6_deployment|bool and route_rules_ipv4.stdout | from_json | selectattr('priority', 'equalto', 100) | selectattr('dst', 'equalto', virbr_cidr_ipv4 | ipaddr('address') ) | list | length == 0' failed. The error was: error while evaluating conditional (not ipv6_deployment|bool and route_rules_ipv4.stdout | from_json | selectattr('priority', 'equalto', 100) | selectattr('dst', 'equalto', virbr_cidr_ipv4 | ipaddr('address') ) | list | length == 0): 'dict object' has no attribute 'dst'\n\nThe error appears to be in '/usr/share/ansible/collections/ansible_collections/ovirt/ovirt/roles/hosted_engine_setup/tasks/bootstrap_local_vm/01_prepare_routing_rules.yml': line 81, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n changed_when: true\n - name: Add IPv4 inbound route rules\n ^ here\n"}
3 months
How to list all snapshots?
by jorgevisentini@gmail.com
Hello everyone!
First, I would like to thank everyone involved in this wonderful project. I leave here my sincere thanks!
Does anyone know if it is possible to list all snapshots automatically? It can be by ansible, python, shell... any way that helps to list them all without having to enter Domain by Domain.
Thank you all!
3 months
snapshot solution: Existing snapshots that were taken after this one will be erased.
by dhanaraj.ramesh@yahoo.com
Hi Team,
when I want to commit the older snapshots I'm getting warning stating " Existing snapshots that were taken after this one will be erased.". is there any way we can retain the latest snapshots as is in the chain?
I knew cloning and template export options are there to secure that latest snapshot data but these are will consume additional space in storage and take time.
3 months, 3 weeks
Restart oVirt-Engine
by Jeremey Wise
How ,without reboot of hosting system, do I restart the oVirt engine?
# I tried below but do not seem to effect the virtual machine
[root@thor iso]# systemctl restart ov
ovirt-ha-agent.service ovirt-imageio.service
ovn-controller.service ovs-delete-transient-ports.service
ovirt-ha-broker.service ovirt-vmconsole-host-sshd.service
ovsdb-server.service ovs-vswitchd.service
[root@thor iso]#
# You cannot restart the VM " HostedEngine " as it responses:
Error while executing action:
HostedEngine:
- Cannot restart VM. This VM is not managed by the engine.
Reason is I had to do some work on a node. Reboot it.. it is back up..
network is all fine.. Cockpit working fine... and gluster fine.. But
oVirt-Engine refuses to accept the node is up.
--
p <jeremey.wise(a)gmail.com>enguinpages
4 months, 1 week
Unable to access ovirt Admin Screen from ovirt Host
by louisb@ameritech.net
I've reinstalled ovirt 4.4 on my server remotely via cockpit terminal. I'm able to access the ovirt admin screen remotely from the laptop that I used for the install. However, using the same URL I'm unable to gain access to the admin screen.
Following the instruction in the documentation I've modified the file: /etc/ovirt-engine/engine.conf.d/99-custom-sso-setup.conf, to reflect the DNS name and I enter in the IP address. But I'm still unable to access the screen from the server console.
What else needs to change in order to gain access from the server console?
Thanks
5 months, 2 weeks
SPM and Task error ...
by Enrico
Hi all,
my ovirt cluster has got 3 Hypervisors runnig Centos 7.5.1804 vdsm is
4.20.39.1-1.el7,
ovirt engine is 4.2.4.5-1.el7, the storage systems are HP MSA P2000 and
2050 (fibre channel).
I need to stop one of the hypervisors for maintenance but this system is
the storage pool manager.
For this reason I decided to manually activate SPM in one of the other
nodes but this operation is not
successful.
In the ovirt engine (engine.log) the error is this:
2019-07-25 12:39:16,744+02 INFO
[org.ovirt.engine.core.bll.storage.pool.ForceSelectSPMCommand] (default
task-30) [7c374384-f884-4dc9-87d0-7af27dce706b] Running command:
ForceSelectSPMCommand internal: false. Entities affected : ID:
81c9bd3c-ae0a-467f-bf7f-63ab30cd8d9e Type: VDSAction group
MANIPULATE_HOST with role type ADMIN
2019-07-25 12:39:16,745+02 INFO
[org.ovirt.engine.core.vdsbroker.irsbroker.SpmStopOnIrsVDSCommand]
(default task-30) [7c374384-f884-4dc9-87d0-7af27dce706b] START,
SpmStopOnIrsVDSCommand(
SpmStopOnIrsVDSCommandParameters:{storagePoolId='18d57688-6ed4-43b8-bd7c-0665b55950b7',
ignoreFailoverLimit='false'}), log id: 37bf4639
2019-07-25 12:39:16,747+02 INFO
[org.ovirt.engine.core.vdsbroker.irsbroker.ResetIrsVDSCommand] (default
task-30) [7c374384-f884-4dc9-87d0-7af27dce706b] START,
ResetIrsVDSCommand(
ResetIrsVDSCommandParameters:{storagePoolId='18d57688-6ed4-43b8-bd7c-0665b55950b7',
ignoreFailoverLimit='false',
vdsId='751f3e99-b95e-4c31-bc38-77f5661a0bdc',
ignoreStopFailed='false'}), log id: 2522686f
2019-07-25 12:39:16,749+02 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.SpmStopVDSCommand] (default
task-30) [7c374384-f884-4dc9-87d0-7af27dce706b] START,
SpmStopVDSCommand(HostName = infn-vm05.management,
SpmStopVDSCommandParameters:{hostId='751f3e99-b95e-4c31-bc38-77f5661a0bdc',
storagePoolId='18d57688-6ed4-43b8-bd7c-0665b55950b7'}), log id: 1810fd8b
2019-07-25 12:39:16,758+02 *ERROR*
[org.ovirt.engine.core.vdsbroker.vdsbroker.SpmStopVDSCommand] (default
task-30) [7c374384-f884-4dc9-87d0-7af27dce706b] SpmStopVDSCommand::Not
stopping SPM on vds 'infn-vm05.management', pool id
'18d57688-6ed4-43b8-bd7c-0665b55950b7' as there are uncleared tasks
'Task 'fdcf4d1b-82fe-49a6-b233-323ebe568f8e', status 'running''
2019-07-25 12:39:16,758+02 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.SpmStopVDSCommand] (default
task-30) [7c374384-f884-4dc9-87d0-7af27dce706b] FINISH,
SpmStopVDSCommand, log id: 1810fd8b
2019-07-25 12:39:16,758+02 INFO
[org.ovirt.engine.core.vdsbroker.irsbroker.ResetIrsVDSCommand] (default
task-30) [7c374384-f884-4dc9-87d0-7af27dce706b] FINISH,
ResetIrsVDSCommand, log id: 2522686f
2019-07-25 12:39:16,758+02 INFO
[org.ovirt.engine.core.vdsbroker.irsbroker.SpmStopOnIrsVDSCommand]
(default task-30) [7c374384-f884-4dc9-87d0-7af27dce706b] FINISH,
SpmStopOnIrsVDSCommand, log id: 37bf4639
2019-07-25 12:39:16,760+02 *ERROR*
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-30) [7c374384-f884-4dc9-87d0-7af27dce706b] EVENT_ID:
USER_FORCE_SELECTED_SPM_STOP_FAILED(4,096), Failed to force select
infn-vm07.management as the SPM due to a failure to stop the current SPM.
while in the hypervisor (SPM) vdsm.log:
2019-07-25 12:39:16,744+02 INFO
[org.ovirt.engine.core.bll.storage.pool.ForceSelectSPMCommand] (default
task-30) [7c374384-f884-4dc9-87d0-7af27dce706b] Running command:
ForceSelectSPMCommand internal: false. Entities affected : ID:
81c9bd3c-ae0a-467f-bf7f-63ab30cd8d9e Type: VDSAction group
MANIPULATE_HOST with role type ADMIN
2019-07-25 12:39:16,745+02 INFO
[org.ovirt.engine.core.vdsbroker.irsbroker.SpmStopOnIrsVDSCommand]
(default task-30) [7c374384-f884-4dc9-87d0-7af27dce706b] START,
SpmStopOnIrsVDSCommand(
SpmStopOnIrsVDSCommandParameters:{storagePoolId='18d57688-6ed4-43b8-bd7c-0665b55950b7',
ignoreFailoverLimit='false'}), log id: 37bf4639
2019-07-25 12:39:16,747+02 INFO
[org.ovirt.engine.core.vdsbroker.irsbroker.ResetIrsVDSCommand] (default
task-30) [7c374384-f884-4dc9-87d0-7af27dce706b] START,
ResetIrsVDSCommand(
ResetIrsVDSCommandParameters:{storagePoolId='18d57688-6ed4-43b8-bd7c-0665b55950b7',
ignoreFailoverLimit='false',
vdsId='751f3e99-b95e-4c31-bc38-77f5661a0bdc',
ignoreStopFailed='false'}), log id: 2522686f
2019-07-25 12:39:16,749+02 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.SpmStopVDSCommand] (default
task-30) [7c374384-f884-4dc9-87d0-7af27dce706b] START,
SpmStopVDSCommand(HostName = infn-vm05.management,
SpmStopVDSCommandParameters:{hostId='751f3e99-b95e-4c31-bc38-77f5661a0bdc',
storagePoolId='18d57688-6ed4-43b8-bd7c-0665b55950b7'}), log id: 1810fd8b
2019-07-25 12:39:16,758+02 *ERROR*
[org.ovirt.engine.core.vdsbroker.vdsbroker.SpmStopVDSCommand] (default
task-30) [7c374384-f884-4dc9-87d0-7af27dce706b] SpmStopVDSCommand::Not
stopping SPM on vds 'infn-vm05.management', pool id
'18d57688-6ed4-43b8-bd7c-0665b55950b7' as there are uncleared tasks
'Task 'fdcf4d1b-82fe-49a6-b233-323ebe568f8e', status 'running''
2019-07-25 12:39:16,758+02 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.SpmStopVDSCommand] (default
task-30) [7c374384-f884-4dc9-87d0-7af27dce706b] FINISH,
SpmStopVDSCommand, log id: 1810fd8b
2019-07-25 12:39:16,758+02 INFO
[org.ovirt.engine.core.vdsbroker.irsbroker.ResetIrsVDSCommand] (default
task-30) [7c374384-f884-4dc9-87d0-7af27dce706b] FINISH,
ResetIrsVDSCommand, log id: 2522686f
2019-07-25 12:39:16,758+02 INFO
[org.ovirt.engine.core.vdsbroker.irsbroker.SpmStopOnIrsVDSCommand]
(default task-30) [7c374384-f884-4dc9-87d0-7af27dce706b] FINISH,
SpmStopOnIrsVDSCommand, log id: 37bf4639
2019-07-25 12:39:16,760+02 *ERROR*
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-30) [7c374384-f884-4dc9-87d0-7af27dce706b] EVENT_ID:
USER_FORCE_SELECTED_SPM_STOP_FAILED(4,096), Failed to force select
infn-vm07.management as the SPM due to a failure to stop the current SPM.
2019-07-25 12:39:18,660+02 INFO
[org.ovirt.engine.core.bll.tasks.SPMAsyncTask]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) [] Task id
'fdcf4d1b-82fe-49a6-b233-323ebe568f8e' has passed pre-polling period
time and should be polled. Pre-polling period is 60000 millis.
2019-07-25 12:39:18,660+02 INFO
[org.ovirt.engine.core.bll.tasks.SPMAsyncTask]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) [] Task id
'fdcf4d1b-82fe-49a6-b233-323ebe568f8e' has passed pre-polling period
time and should be polled. Pre-polling period is 60000 millis.
2019-07-25 12:39:18,750+02 INFO
[org.ovirt.engine.core.bll.tasks.SPMAsyncTask]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) [] Task id
'fdcf4d1b-82fe-49a6-b233-323ebe568f8e' has passed pre-polling period
time and should be polled. Pre-polling period is 60000 millis.
2019-07-25 12:39:18,750+02 *ERROR*
[org.ovirt.engine.core.bll.tasks.SPMAsyncTask]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) []
BaseAsyncTask::logEndTaskFailure: Task
'fdcf4d1b-82fe-49a6-b233-323ebe568f8e' (Parent Command 'Unknown',
Parameters Type
'org.ovirt.engine.core.common.asynctasks.AsyncTaskParameters') ended
with failure:
2019-07-25 12:39:18,750+02 INFO
[org.ovirt.engine.core.bll.tasks.SPMAsyncTask]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) []
SPMAsyncTask::ClearAsyncTask: Attempting to clear task
'fdcf4d1b-82fe-49a6-b233-323ebe568f8e'
2019-07-25 12:39:18,751+02 INFO
[org.ovirt.engine.core.vdsbroker.irsbroker.SPMClearTaskVDSCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) [] START,
SPMClearTaskVDSCommand(
SPMTaskGuidBaseVDSCommandParameters:{storagePoolId='18d57688-6ed4-43b8-bd7c-0665b55950b7',
ignoreFailoverLimit='false',
taskId='fdcf4d1b-82fe-49a6-b233-323ebe568f8e'}), log id: 34ae2b2f
2019-07-25 12:39:18,752+02 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.HSMClearTaskVDSCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) [] START,
HSMClearTaskVDSCommand(HostName = infn-vm05.management,
HSMTaskGuidBaseVDSCommandParameters:{hostId='751f3e99-b95e-4c31-bc38-77f5661a0bdc',
taskId='fdcf4d1b-82fe-49a6-b233-323ebe568f8e'}), log id: d3a78ad
2019-07-25 12:39:18,757+02 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.HSMClearTaskVDSCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) [] FINISH,
HSMClearTaskVDSCommand, log id: d3a78ad
2019-07-25 12:39:18,757+02 INFO
[org.ovirt.engine.core.vdsbroker.irsbroker.SPMClearTaskVDSCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) [] FINISH,
SPMClearTaskVDSCommand, log id: 34ae2b2f
2019-07-25 12:39:18,757+02 INFO
[org.ovirt.engine.core.bll.tasks.SPMAsyncTask]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) []
SPMAsyncTask::ClearAsyncTask: At time of attempt to clear task
'fdcf4d1b-82fe-49a6-b233-323ebe568f8e' the response code was
'TaskStateError' and message was 'Operation is not allowed in this task
state: ("can't clean in state running",)'. Task will not be cleaned
2019-07-25 12:39:18,757+02 INFO
[org.ovirt.engine.core.bll.tasks.SPMAsyncTask]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) []
BaseAsyncTask::onTaskEndSuccess: Task
'fdcf4d1b-82fe-49a6-b233-323ebe568f8e' (Parent Command 'Unknown',
Parameters Type
'org.ovirt.engine.core.common.asynctasks.AsyncTaskParameters') ended
successfully.
2019-07-25 12:39:18,757+02 INFO
[org.ovirt.engine.core.bll.tasks.SPMAsyncTask]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) []
SPMAsyncTask::ClearAsyncTask: Attempting to clear task
'fdcf4d1b-82fe-49a6-b233-323ebe568f8e'
2019-07-25 12:39:18,758+02 INFO
[org.ovirt.engine.core.vdsbroker.irsbroker.SPMClearTaskVDSCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) [] START,
SPMClearTaskVDSCommand(
SPMTaskGuidBaseVDSCommandParameters:{storagePoolId='18d57688-6ed4-43b8-bd7c-0665b55950b7',
ignoreFailoverLimit='false',
taskId='fdcf4d1b-82fe-49a6-b233-323ebe568f8e'}), log id: 42de0c2b
2019-07-25 12:39:18,759+02 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.HSMClearTaskVDSCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) [] START,
HSMClearTaskVDSCommand(HostName = infn-vm05.management,
HSMTaskGuidBaseVDSCommandParameters:{hostId='751f3e99-b95e-4c31-bc38-77f5661a0bdc',
taskId='fdcf4d1b-82fe-49a6-b233-323ebe568f8e'}), log id: 4895c79c
2019-07-25 12:39:18,764+02 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.HSMClearTaskVDSCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) [] FINISH,
HSMClearTaskVDSCommand, log id: 4895c79c
2019-07-25 12:39:18,764+02 INFO
[org.ovirt.engine.core.vdsbroker.irsbroker.SPMClearTaskVDSCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) [] FINISH,
SPMClearTaskVDSCommand, log id: 42de0c2b
2019-07-25 12:39:18,764+02 INFO
[org.ovirt.engine.core.bll.tasks.SPMAsyncTask]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) []
SPMAsyncTask::ClearAsyncTask: At time of attempt to clear task
'fdcf4d1b-82fe-49a6-b233-323ebe568f8e' the response code was
'TaskStateError' and message was 'Operation is not allowed in this task
state: ("can't clean in state running",)'. Task will not be cleaned
2019-07-25 12:39:18,764+02 INFO
[org.ovirt.engine.core.bll.tasks.SPMAsyncTask]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) [] Task id
'fdcf4d1b-82fe-49a6-b233-323ebe568f8e' has passed pre-polling period
time and should be polled. Pre-polling period is 60000 millis.
2019-07-25 12:39:18,764+02 INFO
[org.ovirt.engine.core.bll.tasks.AsyncTaskManager]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) [] Cleaning zombie
tasks: Clearing async task 'Unknown' that started at 'Fri May 03
14:48:50 CEST 2019'
2019-07-25 12:39:18,764+02 INFO
[org.ovirt.engine.core.bll.tasks.SPMAsyncTask]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) []
SPMAsyncTask::ClearAsyncTask: Attempting to clear task
'fdcf4d1b-82fe-49a6-b233-323ebe568f8e'
2019-07-25 12:39:18,765+02 INFO
[org.ovirt.engine.core.vdsbroker.irsbroker.SPMClearTaskVDSCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) [] START,
SPMClearTaskVDSCommand(
SPMTaskGuidBaseVDSCommandParameters:{storagePoolId='18d57688-6ed4-43b8-bd7c-0665b55950b7',
ignoreFailoverLimit='false',
taskId='fdcf4d1b-82fe-49a6-b233-323ebe568f8e'}), log id: da77af2
2019-07-25 12:39:18,766+02 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.HSMClearTaskVDSCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) [] START,
HSMClearTaskVDSCommand(HostName = infn-vm05.management,
HSMTaskGuidBaseVDSCommandParameters:{hostId='751f3e99-b95e-4c31-bc38-77f5661a0bdc',
taskId='fdcf4d1b-82fe-49a6-b233-323ebe568f8e'}), log id: 530694fb
2019-07-25 12:39:18,771+02 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.HSMClearTaskVDSCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) [] FINISH,
HSMClearTaskVDSCommand, log id: 530694fb
2019-07-25 12:39:18,771+02 INFO
[org.ovirt.engine.core.vdsbroker.irsbroker.SPMClearTaskVDSCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) [] FINISH,
SPMClearTaskVDSCommand, log id: da77af2
2019-07-25 12:39:18,771+02 INFO
[org.ovirt.engine.core.bll.tasks.SPMAsyncTask]
(EE-ManagedThreadFactory-engineScheduled-Thread-67) []
SPMAsyncTask::ClearAsyncTask: At time of attempt to clear task
'fdcf4d1b-82fe-49a6-b233-323ebe568f8e' the response code was
'TaskStateError' and message was 'Operation is not allowed in this task
state: ("can't clean in state running",)'. Task will not be cleaned
there is some relation between this error and a task that has remained
hanging, from SPM server:
# vdsm-client Task getInfo taskID=fdcf4d1b-82fe-49a6-b233-323ebe568f8e
{
"verb": "prepareMerge",
"id": "fdcf4d1b-82fe-49a6-b233-323ebe568f8e"
}
# vdsm-client Task getStatus taskID=fdcf4d1b-82fe-49a6-b233-323ebe568f8e
{
"message": "running job 1 of 1",
"code": 0,
"taskID": "fdcf4d1b-82fe-49a6-b233-323ebe568f8e",
"taskResult": "",
"taskState": "running"
}
How can I solve this problem ?
Thanks a lot for your help !!
Best Regards
Enrico
--
_______________________________________________________________________
Enrico Becchetti Servizio di Calcolo e Reti
Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY)
Phone:+39 075 5852777 Mail: Enrico.Becchetti<at>pg.infn.it
_______________________________________________________________________
6 months
oVirt networks
by Enrico Becchetti
Dear all,
Ineed your help to understand how to configure the network of a new
oVirt cluster.
Mynew system will have a 4.3 engine thatruns in a virtual machine, andsome
Dell R7525 AMD EPYC hypervisors, eachholding two 4-port PCI network cards.
These servers will have node-ovirt image again in version 4.3.
As for the network, there are two HPE Aruba 2540G, non-stackable, with
24 1Gbs ports
and 2 10Gbs uplinks to the star center.
This is a simplified scheme:
My goal is to make the most of the server's 8 ethernet interfaces to have
both reliability and maximum possible throughput.
This cluster will have two virtual networks, one forovirt management and
one for
the traffic of individual virtual machines.
With that said here's what my idea is. I would like to have two links
aggregated by 4Gbs,
one for ovrtmgt and the other for vmnet.
With the ovirt web interface I can createan active-passive "Mode 1"
bond, but this
won'tallow me to go beyond 1Gbs. Alternatively I could create a "Mode 4"
bond
802.3ad but unfortunately the switches are not stacked and therefore not
even
this solution applies.
This is an example with active passive configuration:
Can you tell me if ovirt can generate//nested bonds? Or do you have
other solutions ?
Thanks a lot !
Best Regards
Enrico
--
_______________________________________________________________________
Enrico Becchetti Servizio di Calcolo e Reti
Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY)
Phone:+39 075 5852777 Skype:enrico_becchetti
Mail: Enrico.Becchetti<at>pg.infn.it
Pagina web personale: https://www.pg.infn.it/home/enrico-becchetti/
______________________________________________________________________
8 months, 3 weeks
boot from cdrom & error code 0005
by edp@maddalena.it
Hi.
I have created a new storage domain (data domain, storage type nfs) to use it to upload iso images.
I have so uploaded a new iso and then attach the iso to a new vm.
But when I try to boot the vm I obtain this error:
booting from dvd/cd...
boot failed: could not read from cdrom (code 0005)
no bootable device
The iso file has been uploaded with success in the data storage domain and so the vm lets my attach the iso to the vm in the boot settings.
Can you help me?
Thank you
9 months
VM Migration Failed
by KSNull Zero
Running oVirt 4.4.5
VM cannot migrate between hosts.
vdsm.log contains the following error:
libvirt.libvirtError: operation failed: Failed to connect to remote libvirt URI qemu+tls://ovhost01.local/system: authentication failed: Failed to verify peer's certificate
Certificates on hosts was renewed some time ago. How this issue can be fixed ?
Thank you.
10 months, 2 weeks
How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?
by Derek Atkins
Hi,
I've got a single-host hosted-engine deployment that I originally
installed with 4.0 and have upgraded over the years to 4.3.10. I and some
of my users have upgraded remote-viewer and now I get an error when I try
to view the console of my VMs:
(remote-viewer:8252): Spice-WARNING **: 11:30:41.806:
../subprojects/spice-common/common/ssl_verify.c:477:openssl_verify: Error
in server certificate verification: CA signature digest algorithm too weak
(num=68:depth0:/O=<My Org Name>/CN=<Host's Name>)
I am 99.99% sure this is because the old certs use SHA1.
I reran engine-setup on the engine and it asked me if I wanted to renew
the PKI, and I answered yes. This replaced many[1] of the certificates in
/etc/pki/ovirt-engine/certs on the engine, but it did not update the
Host's certificate.
All the documentation I've seen says that to refresh this certificate I
need to put the host into maintenance mode and then re-enroll.. However I
cannot do that, because this is a single-host system so I cannot put the
host in local mode -- there is no place to migrate the VMs (let alone the
Engine VM).
So.... Is there a command-line way to re-enroll manually and update the
host certs? Or some other way to get all the leftover certs renewed?
Thanks,
-derek
[1] Not only did it not update the Host's cert, it did not update any of
the vmconsole-proxy certs, nor the certs in /etc/pki/ovirt-vmconsole/, and
obviously nothing in /etc/pki/ on the host itself.
--
Derek Atkins 617-623-3745
derek(a)ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
10 months, 4 weeks
4.5.4 with Ceph only storage
by Maurice Burrows
Hey ... A long story short ... I have an existing Red Hat Virt / Gluster hyperconverged solution that I am moving away from.
I have an existing Ceph cluster that I primarily use for OpenStack and a small requirement for S3 via RGW.
I'm planning to build a new oVirt 4.5.4 cluster on RHEL9 using Ceph for all storage requirements. I've read many online articles on oVirt and Ceph, and they all seem to use the Ceph iSCSI gateway, which is now in maintenance, so I'm not real keen to commit to iSCSI.
So my question is, IS there any reason I cannot use CephFS for both hosted-engine and as a data storage domain?
I'm currently running Ceph Pacific FWIW.
Cheers
11 months
i can't access console with noVNC or VNC client(console.vv)
by z84614242@163.com
i installed the ovirt 4.5 engine on centos stream 9 and add a ovirt node(ovirt node 4.5 iso) to this engine. i am going to run my vm on this node. i follow the instruction to create the data center, the cluster, the storage domain, upload the image. everything is fine. and after i create a vm with ubuntu image attach, i found that i can't visit the console. when i using the noVNC, it says "Something went wrong, connection is closed", when i visit vnc with virt-viewver, is says "Failed to complete handshake Error in the pull function". i try to change the console type to Bochs one and it appear the same. i change to QXL mode and the vm can't start any more. i check the log, it says "unsupported configuration: domain configuration does not support video model 'qxl'".
so now i can't visit my vm by anyway. i deploy the engine follow the official instruction and keep mostly option default but why still have this issue. why the noVNC says "Something went wrong" instead of telling me what is actually wrong
1 year
Oracle Virtualization Manager 4.5 anyone?
by Thomas Hoberg
Redhat's decision to shut down RHV caught Oracle pretty unprepared, I'd guess, who had just shut down their own vSphere clone in favor of a RHV clone a couple of years ago.
Oracle is even less vocal about their "Oracle Virtualization" strategy, they don't even seem to have a proper naming convention or branding.
But they have been pushing out OV releases without a publicly announced EOL almost a year behind Redhat for the last years.
And after a 4.4 release in September 22, a few days ago on December 12th actually a release 4.5 was made public.
I've operated oVirt 4.3 with significant quality issues for some years and failed to make oVirt 4.4 work with any degree of acceptable stability but Oracle's variant of 4.4 proved to be rather better than 4.3 on CentOS7 with no noticable bugs, especially in the Hyperconverged setup that I am using with GlusterFS.
I assumed that this was because Oracle based their 4.4 in fact on RHV 4.4 and not oVirt, but since they're not telling, who knows?
One issue with 4.4 was that Oracle is pushing their UE-Kernel and that created immediate issues e.g. with VDO missing modules for UEK and other stuff, but that was solved easily enough by using the RHEL kernel.
With 4.5 Oracle obviously can't use RHV 4.5 as a base, because there is no such thing with RHV declared EOL and according to Oracle their 4.5 is based on oVirt 4.5.4, which made the quality of that release somewhat questionable, but perhaps they have spent the year that has passed since productively killing bugs... only to be caught by surprise again, I presume, by an oVirt release 4.5.5 on December 1st, that no one saw coming!
Long story slightly shorter, I've been testing Oracle's 4.5 variant a bit and it's not without issues.
But much worse, Oracle's variant of oVirt seems to be entirely without any community that I could find.
Now oVirt has been a somewhat secret society for years, but compared to what's going on with Oracle this forum is teaming with life!
So did I just not look around enough? Is there a secret lair where all those OV users are hiding?
Anyhow, here is what I've tested so far and where I'd love to have some feedback:
1. Setting up a three node HCI cluster from scratch using OL8.9 and OV 4.5
Since I don't have extra physical hardware for a 3 node HCI I'm using VMware workstation 17.5 on a Workstation running Windows 2022, a test platform that has been working for all kinds of virtualization tests from VMware ESXi, via Xcp-ng and ovirt.
Created three VMs with OL8.9 minimal and then installed OV 4.5. I used the UEK default kernels and then had an issue when Ansible is trying to create the (local) management engine: the VM simply could not reach the Oracle repo servers to install the packages inside the ME. Since that VM is entirely under the control of Ansible and no console access of any type is possible in that installation phase, I couldn't do diagnostics.
But with 4.4 I used to have similar issues and there switching back to the Redhat kernel for the ME (and the hosts) resolved them.
But with 4.5 it seems that UEK has become a baked-in dependency: the OV team doesn't even seem to do any testing with the Redhat kernel any more. Or not with the HCI setup, which has become deprecated somewhere in oVirt 4.4... Or not with the Cockpit wizard, which might be in a totally untested state, or....
Doing the same install on OL 8.9 with OV 4.4, however, did work just fine and I was even able to update to 4.5 afterwards, which was a nice surprise...
...that I could not repeat on my physical test farm using three Atoms. There switching to the UEK kernel on the hosts caused issues, hosts were becoming unresponsive, file systems inaccessible, even if they were perfectly fine at the Gluster CLI level and in the end the ME VM simply would not longer start. Switching back to the Redhat kernel resolved things there.
In short, switching between the Redhat kernel and UEK, which should be 100% transparent to all things userland including hypervisors, doesn't work.
But my attempts to go with a clean install of 4.5 on a Redhat kernel or UEK is also facing issues. So far the only thing that has worked was a single node HCI install using UEK and OV 4.5 and upgrading to OV 4.5 on a virtualized triple node OV 4.4 HCI cluster.
Anyone else out there trying these things?
I was mostly determined to move to Proxmox VE, but Oracle's OV 4.5 seemed to be handing a bit of a life-line to oVirt and the base architecture is just much more powerful (or less manual) than Proxmox, which doesn't have a management engine.
1 year
Changing disk QoS causes segfault with IO-Threads enabled (oVirt 4.3.0.4-1.el7)
by jloh@squiz.net
We recently upgraded to 4.3.0 and have found that when changing disk QoS settings on VMs whilst IO-Threads is enabled causes them to segfault and the VM to reboot. We've been able to replicate this across several VMs. VMs with IO-Threads disabled/turned off do not segfault when changing the QoS.
Mar 1 11:49:06 srvXX kernel: IO iothread1[30468]: segfault at fffffffffffffff8 ip 0000557649f2bd24 sp 00007f80de832f60 error 5 in qemu-kvm[5576498dd000+a03000]
Mar 1 11:49:06 srvXX abrt-hook-ccpp: invalid number 'iothread1'
Mar 1 11:49:11 srvXX libvirtd: 2019-03-01 00:49:11.116+0000: 13365: error : qemuMonitorIORead:609 : Unable to read from monitor: Connection reset by peer
Happy to supply some more logs to someone if they'll help but just wondering whether anyone else has experienced this or knows of a current fix other than turning io-threads off.
Cheers.
1 year
Deploy oVirt Engine fail behind proxy
by Matteo Bonardi
Hi,
I am trying to deploy the ovirt engine following self-hosted engine installation procedure on documentation.
Deployment servers are behind a proxy and I have set it in environment and in yum.conf before run deploy.
Deploy fails because ovirt engine vm cannot resolve AppStream repository url:
[ INFO ] TASK [ovirt.engine-setup : Install oVirt Engine package]
[ ERROR ] fatal: [localhost -> ovirt-manager.mydomain]: FAILED! => {"changed": false, "msg": "Failed to download metadata for repo 'AppStream': Cannot prepare internal mirrorlist: Curl error (6): Couldn't resolve host name for http://mirrorlist.centos.org/?release=8&arch=x86_64&repo=AppStream&infra=... [Could not resolve host: mirrorlist.centos.org]", "rc": 1, "results": []}
[ ERROR ] Failed to execute stage 'Closing up': Failed executing ansible-playbook
[ INFO ] Stage: Clean up
[ INFO ] Cleaning temporary resources
[ INFO ] TASK [ovirt.hosted_engine_setup : Execute just a specific set of steps]
[ INFO ] ok: [localhost]
[ INFO ] TASK [ovirt.hosted_engine_setup : Force facts gathering]
[ INFO ] ok: [localhost]
[ INFO ] TASK [ovirt.hosted_engine_setup : Fetch logs from the engine VM]
[ INFO ] ok: [localhost]
[ INFO ] TASK [ovirt.hosted_engine_setup : Set destination directory path]
[ INFO ] ok: [localhost]
[ INFO ] TASK [ovirt.hosted_engine_setup : Create destination directory]
[ INFO ] changed: [localhost]
[ INFO ] TASK [ovirt.hosted_engine_setup : include_tasks]
[ INFO ] ok: [localhost]
[ INFO ] TASK [ovirt.hosted_engine_setup : Find the local appliance image]
[ INFO ] ok: [localhost]
[ INFO ] TASK [ovirt.hosted_engine_setup : Set local_vm_disk_path]
[ INFO ] skipping: [localhost]
[ INFO ] TASK [ovirt.hosted_engine_setup : Give the vm time to flush dirty buffers]
[ INFO ] ok: [localhost]
[ INFO ] TASK [ovirt.hosted_engine_setup : Copy engine logs]
[ INFO ] TASK [ovirt.hosted_engine_setup : include_tasks]
[ INFO ] ok: [localhost]
[ INFO ] TASK [ovirt.hosted_engine_setup : Remove local vm dir]
[ INFO ] ok: [localhost]
[ INFO ] TASK [ovirt.hosted_engine_setup : Remove temporary entry in /etc/hosts for the local VM]
[ INFO ] changed: [localhost]
[ INFO ] TASK [ovirt.hosted_engine_setup : Clean local storage pools]
[ INFO ] ok: [localhost]
[ INFO ] TASK [ovirt.hosted_engine_setup : Destroy local storage-pool {{ he_local_vm_dir | basename }}]
[ INFO ] TASK [ovirt.hosted_engine_setup : Undefine local storage-pool {{ he_local_vm_dir | basename }}]
[ INFO ] TASK [ovirt.hosted_engine_setup : Destroy local storage-pool {{ local_vm_disk_path.split('/')[5] }}]
[ INFO ] TASK [ovirt.hosted_engine_setup : Undefine local storage-pool {{ local_vm_disk_path.split('/')[5] }}]
[ INFO ] Generating answer file '/var/lib/ovirt-hosted-engine-setup/answers/answers-20201109165237.conf'
[ INFO ] Stage: Pre-termination
[ INFO ] Stage: Termination
[ ERROR ] Hosted Engine deployment failed: please check the logs for the issue, fix accordingly or re-deploy from scratch.
Log file is located at /var/log/ovirt-hosted-engine-setup/ovirt-hosted-engine-setup-20201109164244-b3e8sd.log
How I can set proxy for the engine vm?
Ovirt version:
[root@myhost ~]# rpm -qa | grep ovirt-engine-appliance
ovirt-engine-appliance-4.4-20200916125954.1.el8.x86_64
[root@myhost ~]# rpm -qa | grep ovirt-hosted-engine-setup
ovirt-hosted-engine-setup-2.4.6-1.el8.noarch
OS version:
[root@myhost ~]# cat /etc/centos-release
CentOS Linux release 8.2.2004 (Core)
[root@myhost ~]# uname -a
Linux myhost.mydomain 4.18.0-193.28.1.el8_2.x86_64 #1 SMP Thu Oct 22 00:20:22 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Thanks for the help.
Regards,
Matteo
1 year, 2 months
ovirt-45-upstream GPG Key Error
by Matthew J Black
Hi All,
We just picked up a GPG Key error when running `dnf install ovirt-engine-appliance` in preparation of a fresh oVirt v4.5.5 install on RL v9.3:
~~~
oVirt upstream for CentOS Stream 9 - oVirt 4.5 79 kB/s | 1.6 kB 00:00
Importing GPG key 0x24901D0C:
Userid : "oVirt <infra(a)ovirt.org>"
Fingerprint: 3C98 E81D B93D EA6D 54DE 690E 44E4 75CB 2490 1D0C
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-oVirt-4.5
Is this ok [y/N]: y
Key imported successfully
Import of key(s) didn't help, wrong key(s)?
Public key for ovirt-engine-appliance-4.5-20231201120201.1.el9.x86_64.rpm is not installed. Failing package is: ovirt-engine-appliance-4.5-20231201120201.1.el9.x86_64
GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oVirt-4.5
~~~
An error? An issue with the repo definition? Can it safely be ignored (normally I'd say "No" but its from the oVirt Tam's own repo...)? Is the fingerprint above the correct one (and for that matter, where is the GPG Key's Fingerprint recorded on the oVirt Website so that we can check compliance ourselves)?
Anyway, thought I'd let people know (further details can be provide upon request)
Cheers
Dulux-Oz
1 year, 2 months
The oVirt Counter
by Sandro Bonazzola
Hi, for those who remember the Linux Counter project, if you'd like other
to know you're using oVirt and know some details about your deployment,
here's a way to count you in:
https://ovirt.org/community/ovirt-counter.html
Enjoy!
--
Sandro Bonazzola
MANAGER, SOFTWARE ENGINEERING, EMEA R&D PERFORMANCE & SCALE
Red Hat EMEA <https://www.redhat.com/>
sbonazzo(a)redhat.com
<https://www.redhat.com/>
*Red Hat respects your work life balance. Therefore there is no need to
answer this email out of your office hours.*
1 year, 3 months
Internal pentest result : Ovirt-engine authentication bypass
by Jirka Simon
Hello ovirt comunity.
We had an internal pentest here and one finding is
*Ovirt-engine authentication bypass.*
Ovirt-engine, as deployed on ovirtm.XXX.XXX.cz, contains an
authentication bypass. It is
possible to directly call the CreateUserSessionCommand using runAction
exposed by /ovirt-
engine/webadmin/GenericApiGWTService.
*This action explicitly enables everyone to call it:*
```/
@Override
protected boolean isUserAuthorizedToRunAction() {
return true;
}
/```
The behavior of this call differs based on the
ENGINE_SSO_ENABLE_EXTERNAL_SSO configuration
option:
```
/boolean externalSsoEnabled =
EngineLocalConfig.getInstance().getBoolean("ENGINE_SSO_ENABLE_EXTERNAL_SSO");
DbUser dbUser = externalSsoEnabled ?
dbUserDao.getByUsernameAndDomain(params.getPrincipalName(), authzName) :
dbUserDao.getByExternalId(authzName, params.getPrincipalId());/
```
If this option is enabled, usernames are used to locate users. If it's
disabled, the externalId
(which seems to be a randomly generated GUID) is used to locate users.
If the specified user exists, a session is returned for the user. If the
specified user doesn't exist,
the user is created in the system. However, the user doesn't get
assigned any group membership
or rights, therefore the session creation fails because of the missing
Login right.
The attempt to modify the users table can be seen in the SQL error
message when attempting to
use a null value for the username (as the endpoint uses GWT, the payload
is mostly unreadable):
```
/POST /ovirt-engine/webadmin/GenericApiGWTService HTTP/1.1
Host: ovirtm.xxx.xxx.cz
14
Final Report: Results of penetration testing (internal, external, Wi-Fi)
21 December 2023
Cookie: JSESSIONID=wsp3WAo63LZGHfpB__stEt4lZ7z_zZycpzIprNlT.ovirtm45;
Content-Type: text/x-gwt-rpc; charset=utf-8
X-GWT-Module-Base: https://ovirtm.xxx.xx.cz/ovirt-engine/webadmin
X-GWT-Permutation: D7ECB5EF5E29205D18271CC08183A28D
Ovirt-Xsrf-Token:
4D87D03B631F8506FC668AA4C3FE3F443D723A9F379FDBB8B0D6DA0668650375
Content-Length: 869
7|0|23|https://ovirtm.xxx.xxx.cz/ovirt-
engine/webadmin|0D1B4DEE9D1424E18C443F1CD1C11574|org.ovirt.engine.ui.frontend.gwtservices.GenericApiGWT
Service|runAction|org.ovirt.engine.core.common.action.ActionType/2930387551|org.ovirt.engine.core.commo
n.action.ActionParametersBase/2903049429|org.ovirt.engine.core.common.action.CreateUserSessionParameter
s/2744166832|appScope|email|firstName|java.util.ArrayList/4159755760|lastName|namespace|principalId|adm
in|internal|sourceIp|ssoScope|ssoToken|org.ovirt.engine.core.common.action.ActionParametersBase$EndProc
edure/1568822488|java.util.Collections$EmptyMap/4174664486|org.ovirt.engine.core.common.businessentitie
s.VDSStatus/1938301532|org.ovirt.engine.core.compat.TransactionScopeOption/1475850853|1|2|3|4|2|5|6|5|2
01|7|0|8|9|10|11|0|12|13|14|0|16|17|18|19|0|5|0|0|0|0|20|1|0|11|0|0|0|0|0|0|21|0|-
4|22|0|1|0|1|23|2|0|0|0|
HTTP/1.1 200 OK
Date: Fri, 15 Dec 2023 09:42:35 GMT
Server: Apache/2.4.37 (CentOS Stream) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1
Expires: Thu, 14 Dec 2023 09:42:35 GMT
Cache-Control: no-cache, no-store, must-revalidate
Set-Cookie: locale=cs_CZ; path=/; secure; HttpOnly; Max-Age=2147483647;
Expires=Wed, 02-Jan-2092
12:56:42 GMT
X-XSS-PROTECTION: 1; MODE=BLOCK
Pragma: no-cache
X-FRAME-OPTIONS: SAMEORIGIN
Content-Disposition: attachment
X-CONTENT-TYPE-OPTIONS: NOSNIFF
Content-Length: 1794
Content-Type: application/json;charset=utf-8
Correlation-Id: 664c1c1f-9a75-4e14-94d7-aba12c5442f5
Connection: close
//OK[0,5,4,8,3,1,2,474,7,6,1,0,2,0,2,5,1,0,4,3,1,2,0,2,1,1,["org.ovirt.engine.core.common.action.Action
ReturnValue/4163585948","java.util.ArrayList/4159755760","java.lang.String/2004016611","ENGINE","","org
.ovirt.engine.core.common.errors.EngineFault/2377218566","org.ovirt.engine.core.common.errors.EngineErr
or/2640515959","ERROR: null value in column \"username\" violates
not-null constraint\n Detail:
Failing row contains (6dad5e2f-7c95-4547-8f08-6936494c91b6, firstName,
lastName, internal-authz, null,
, email, , f, principalId, 2023-12-14 17:51:04.757747+01, 2023-12-15
10:42:35.125994+01, namespace,
firstName(a)internal-authz).\n Where: SQL statement \"UPDATE users\n SET
department \u003D
v_department,\n domain \u003D v_domain,\n email \u003D v_email,\n name
\u003D
v_name,\n note \u003D v_note,\n surname \u003D v_surname,\n username \u003D
v_username,\n external_id \u003D v_external_id,\n namespace \u003D
v_namespace,\n
_update_date \u003D CURRENT_TIMESTAMP\n WHERE external_id \u003D
v_external_id\n AND domain
\u003D v_domain\"\nPL/pgSQL function updateuserimpl(character
varying,character varying,character
varying,character varying,character varying,character
varying,uuid,character varying,text,character
varying) line 5 at SQL statement\nSQL statement \"SELECT
UpdateUserImpl(\n v_department,\n
v_domain,\n v_email,\n v_name,\n v_note,\n v_surname,\n v_user_id,\n
v_username,\n v_external_id,\n v_namespace)\"\nPL/pgSQL function
updateuser(character
varying,character varying,character varying,character varying,character
varying,character
varying,uuid,character varying,boolean,text,character varying) line 3 at
PERFORM"],0,7]/
```
Fortunately, in our deplyoment the ENGINE_SSO_ENABLE_EXTERNAL_SSO
configuration was
set to false, so to create a session for the admin it would be necessary
to know the admin's user
externalId. However, as this is not the default configuration, it is
possible that a later
reinstallation could change the value. Still, it was possible to create
users in the system without
any authentication.
What is the best way to report this security issue?
Thank you
Jirka
1 year, 3 months
can hosted engine deploy use local repository mirrors instead of internet ones?
by iucounu@gmail.com
Hi,
hosted-engine --deploy is failing as it is trying to connect to mirrorlist.centos.org:
[ INFO ] TASK [ovirt.ovirt.engine_setup : Install required packages for oVirt Engine deployment]
[ INFO ] ok: [localhost]
[ INFO ] TASK [ovirt.ovirt.engine_setup : Install oVirt Engine package]
[ ERROR ] fatal: [localhost -> 192.168.1.187]: FAILED! => {"changed": false, "msg": "Failed to download metadata for repo 'centos-ceph-pacific': Cannot prepare internal mirrorlist: Curl error (7): Couldn't connect to server for http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=storage-c... [Failed to connect to mirrorlist.centos.org port 80: Connection refused]", "rc": 1, "results": []}
Opening up access to the internet is a bureaucratic procedure for us, as would be for adding all the URLs to the proxy. We have a lot of repos mirrored locally - is it possible to get hosted-engine to use the local ones? Is there a list? I had a search for files that might contain these repos in various places, but to no avail.
Thanks for any help!
Cam
1 year, 3 months
Nested Virtualization in AMD Ryzen
by LS CHENG
Hi all
I am running OLVM 4.5, this is a test setup which was running in my old
workstation with Intel CPU and is nested virtualization (with VMWare
Workstation), the host was running Windows 7 x64, I moved to AMD Ryzen
7950X3D a couple of days ago which runs Windows 11 x64 with 128GB memory
then moved OLVM VM's from the old workstation to this new workstation.
The problem I face now is the KVM hosts shows this error
*Host kvm1 moved to Non-Operational state as host CPU type is not supported
in this cluster compatibility version or is not supported at all*
I modified /etc/modprobe.d/kvm.conf and changed
options kvm_amd nested=0
to
options kvm_amd nested=1
reboot the kvm host but still getting same error, I verified the
modification and seems good
[root@kvm1 ~]# cat /sys/module/kvm_amd/parameters/nested
1
In Windows 11 I have hyper-v off and Memory Integrity is also off.
Am I missing any additional steps?
Thanks
1 year, 3 months
Upgrade from oVirt 4.5.4 to oVirt 4.5.5 - nothing provides selinux-policy >= 38.1.27-1.el9
by Devin A. Bougie
Hi, All. We're having trouble updating our 4.5.4 cluster to 4.5.5. We're running a self-hosted engine on fully updated AlmaLinux 9 hosts, and get the following errors when trying to upgrade to 4.5.5.
Any suggestions would be greatly appreciated.
Many thanks,
Devin
------
[root@lnxvirt01 ~]# dnf clean all
157 files removed
[root@lnxvirt01 ~]# dnf update
CLASSE Packages - x86_64 36 MB/s | 569 kB 00:00
CentOS-9-stream - Ceph Pacific 839 kB/s | 557 kB 00:00
CentOS-9-stream - Gluster 10 240 kB/s | 56 kB 00:00
CentOS-9 - RabbitMQ 38 354 kB/s | 104 kB 00:00
CentOS Stream 9 - NFV OpenvSwitch 923 kB/s | 154 kB 00:00
CentOS-9 - OpenStack yoga 5.7 MB/s | 3.0 MB 00:00
CentOS Stream 9 - OpsTools - collectd 228 kB/s | 51 kB 00:00
CentOS Stream 9 - oVirt 4.5 6.2 MB/s | 1.0 MB 00:00
oVirt upstream for CentOS Stream 9 - oVirt 4.5 1.0 kB/s | 7.5 kB 00:07
AlmaLinux 9 - AppStream 87 MB/s | 7.7 MB 00:00
AlmaLinux 9 - BaseOS 72 MB/s | 2.4 MB 00:00
AlmaLinux 9 - BaseOS - Debug 9.9 MB/s | 1.9 MB 00:00
AlmaLinux 9 - CRB 67 MB/s | 2.3 MB 00:00
AlmaLinux 9 - Extras 1.5 MB/s | 17 kB 00:00
AlmaLinux 9 - HighAvailability 29 MB/s | 434 kB 00:00
AlmaLinux 9 - NFV 56 MB/s | 1.0 MB 00:00
AlmaLinux 9 - Plus 2.5 MB/s | 22 kB 00:00
AlmaLinux 9 - ResilientStorage 30 MB/s | 446 kB 00:00
AlmaLinux 9 - RT 53 MB/s | 1.0 MB 00:00
AlmaLinux 9 - SAP 874 kB/s | 9.7 kB 00:00
AlmaLinux 9 - SAPHANA 1.3 MB/s | 13 kB 00:00
Error:
Problem 1: cannot install the best update candidate for package ovirt-vmconsole-1.0.9-1.el9.noarch
- nothing provides selinux-policy >= 38.1.27-1.el9 needed by ovirt-vmconsole-1.0.9-3.el9.noarch from centos-ovirt45
- nothing provides selinux-policy-base >= 38.1.27-1.el9 needed by ovirt-vmconsole-1.0.9-3.el9.noarch from centos-ovirt45
Problem 2: package ovirt-vmconsole-host-1.0.9-3.el9.noarch from centos-ovirt45 requires ovirt-vmconsole = 1.0.9-3.el9, but none of the providers can be installed
- cannot install the best update candidate for package ovirt-vmconsole-host-1.0.9-1.el9.noarch
- nothing provides selinux-policy >= 38.1.27-1.el9 needed by ovirt-vmconsole-1.0.9-3.el9.noarch from centos-ovirt45
- nothing provides selinux-policy-base >= 38.1.27-1.el9 needed by ovirt-vmconsole-1.0.9-3.el9.noarch from centos-ovirt45
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
------
1 year, 3 months
Major screwup and now I can't bring anything up
by John Florian
I have a small home oVirt 4.5 deployment that was struggling a bit and I think I've only made things worse. I was seeing some SSL errors in various places but couldn't find any evidence of an expired cert though maybe I overlooked something. At present, it looks like the most immediate problem is that the engine.log is showing SyncNetworkProviderCommand fails saying EngineException: (Failed with error Unsupported or unrecognized SSL message and code 5050). For now, I'm only concerning myself to one Host that had been running VMs until I tried restarting everything from a power off. I take it that the sync failure prevents this Host from becoming active.
I had successfully been using this setup for many years. I do have my own web cert on the engine signed by my CA. While I was getting this same "code 5050" error before with things like ovirt-imageio (what prompted my initial digging), now I'm afraid I've only made things more complex. See, I was running FreeIPA on a pair of VMs. In the past, this pair of VMs would auto-start once the oVirt Engine and Hosts were going and I had no issue. But now I wonder to what extent OSCP being unreachable might affect the SSL errors.
What's the best/easiest/safest way out of this mess? Should I just wipe ovirt-engine of all the non-rpm provided files in /etc/pki/ovirt-engine/ and redo the engine-setup? I'm afraid of making things worse before I begin attempting that.
1 year, 3 months
Re: [ovirt-devel] Foreman needs a release of ovirt-engine-sdk-ruby
by Guillaume Pavese
We were just starting to depend on this workflow...
On Fri, Jan 26, 2024 at 2:02 PM Ewoud Kohl van Wijngaarden <
ewoud+ovirt(a)kohlvanwijngaarden.nl> wrote:
> Hello everyone,
>
> Foreman is a bit late in updating Ruby to a newer version. Looking ahead
> we're aiming at Ruby 3.1+ but ovirt-engine-sdk-ruby doesn't compile on
> it.
>
> https://github.com/oVirt/ovirt-engine-sdk-ruby/pull/3 was merged in
> September 2022 and a request to release it was opened a year ago:
> https://github.com/oVirt/ovirt-engine-sdk-ruby/issues/4
>
> The Foreman community is currently discussing dropping oVirt support:
> https://community.theforeman.org/t/proposal-to-drop-support-for-ovirt/36324
>
> Is there anyone who can still perform this release, or should we proceed
> with removal?
>
> Regards,
> Ewoud Kohl van Wijngaarden
> _______________________________________________
> Devel mailing list -- devel(a)ovirt.org
> To unsubscribe send an email to devel-leave(a)ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/devel@ovirt.org/message/ESA4LFSQ5JP...
>
--
Ce message et toutes les pièces jointes (ci-après le “message”) sont
établis à l’intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur, merci de le détruire et d’en avertir
immédiatement l’expéditeur. Toute utilisation de ce message non conforme a
sa destination, toute diffusion ou toute publication, totale ou partielle,
est interdite, sauf autorisation expresse. L’internet ne permettant pas
d’assurer l’intégrité de ce message . Interactiv-group (et ses filiales)
décline(nt) toute responsabilité au titre de ce message, dans l’hypothèse
ou il aurait été modifié. IT, ES, UK.
<https://interactiv-group.com/disclaimer.html>
1 year, 3 months
Cannot remove Snapshot. The VM is during a backup operation.
by and@missme.ro
Hello!
Running ovirt Version 4.5.5-1.el8
I had an issue with the iscsi server during the backup and I have two VMs that cannot be backed up anymore by Veeam.
In the ovirt event log i have the following errors:
Snapshot 'Auto-generated for Backup VM' creation for VM 'dns-a' has been completed.
VDSM ovirt1-02 command StartNbdServerVDS failed: Bitmap does not exist: "{'reason': 'Bitmap does not exist in /rhev/data-center/mnt/blockSD/b2fa3469-a380-4180-a89a-43d65085d1b9/images/6a4de98a-b544-4df8-beb1-e560fd61c0e6/cdb26b8b-c447-48de-affa-d7f778aebac7', 'bitmap': '12d2fb20-74da-4e63-b240-f1a42210760c'}"
Transfer was stopped by system. Reason: failed to create a signed image ticket.
Image Download with disk dns-a_Disk1 was initiated by veeam@internal-authz
Image Download with disk dns-a_Disk1 was cancelled.
The error on the Veeam backup proxy:
dns-a: Unable to create image transfer: Reason: 'Operation Failed', Detail: '[]'
When trying to delete the snapshot from the administration interface I receive the following error in the web interface (and nothing gets logged in the event log)
Cannot remove Snapshot. The VM is during a backup operation.
How should I go about fixing this issue?
1 year, 3 months
HE Storage Domain Path Config Setting - Where?
by Matthew J Black
Hey Guys,
Quick Q: In which file (on a Hosted-Engine or Hosted-Engine Host) is the configuration for the path to a Storage Domain kept - in particular, the "hosted-engine" Storage Domain?
I've got something "funny" going on: the logs (as far as I can see) are reporting that 2 of my 3 HE-Hosts can't connect to the HE Storage Domain (but don't explain why), and the OVE GUI is reporting an "odd" (ie incorrect; non-existent) path to the HE Storage Domain.
Via CLI I have confirmed that all three HE Hosts *can* reach (ie have the correct "findmnt" mappings) to the HE Storage Domain's actual file location, and I can't locate the "ghost" HE Storage Domain path or its config setting anywhere - so I don't even know if that's the issue, but I'd like to eliminate it from my trouble-shooting process.
Anyway, if someone could get back to me, please, I'd really appreciate it.
Cheers
Dulux-Oz
1 year, 3 months
Geo-replication configuration problem
by Ismet Sonmez
Hello,
Newly installed node version 4.5.5
2 clusters and three nodes each
every time I try to replicate the geo in cluster 1 it gives an error
3 errors like this:
VDSM node4 command UpdateGlusterGeoRepKeysVDS failed: Internal JSON-RPC error:
{'cause': 'Attempting to call function: GlusterVolume.geoRepKeysUpdate bound method of object <vdsm.gluster.apiwrapper.GlusterVolume at address 0x7f1524534f28>> with arguments: (\'root\',
\'command="/usr/libexec/glusterfs/gsyncd" ssh-rsa AAAAB3N****
\'command="tar ${SSH_ORIGINAL_COMMAND#* }" ssh-rsa AAAA****
\'command="/usr/libexec/glusterfs/gsyncd" ssh-rsa AAAAB3****
\'command="tar ${SSH_ORIGINAL_COMMAND#* }" ssh-rsa AAAA***
\'command="/usr/libexec/glusterfs/gsyncd" ssh-rsa AAAA*******
\'command="tar ${SSH_ORIGINAL_COMMAND#* }" ssh-rsa AAAA****
]) error: bytes-like object required, not \'str\' }
I understand that when creating the rsa key, or sending it to the node.
How can I solve it?
1 year, 3 months
Forbid hosts/nodes from assembling a soft-raid that was created inside a VM
by Vladislav Solovei
When I create a soft-raid (md-raid) inside a virtual machine (yes, sometimes it's necessary to do this to get a disk inside the VM with a capacity of more than 8TB), the host/node detects this array and assembles it automatically. I tried adding the parameter 'raid=noautodetect' to the kernel boot parameters, but it doesn't help. Is it possible to prevent hosts from doing this? :)
1 year, 3 months
Low confirmed free space on gluster volume
by Jonas
Hello list
I am regularly getting the following error on a Gluster volume hosted on
a three node hyperconverged oVirt-Cluster:
Warning! Low confirmed free space on gluster volume tier1-owncloud-users-01
This volume is configured with 3TiB (2.5TIB used) and is used as the
name implies to store data of an ownCloud instance. It is not used as a
storage domain in oVirt. I don't really want to resize the volume just
to make the warning go away. While clicking through the oVirt web
interface i found the configuration "Warning Low Confirmed Space
Indicator" in the advanced parameters of the storage domains but did not
find any similar setting in the configuration of the gluster volumes. Do
you know of way to configure this setting for a gluster volume which is
not used as a storage domain?
Thank you
Jonas
1 year, 3 months
Change Hosted Engine VM MAC address
by Sergei Panchenko
Good morning, colleagues!
Due some network issues I need to change HostedEngine VM MAC address.
The additional diffeculty is unaccessebility of the HE Web-interface via the network (the cause of - those network issues -)).
Is there any way to change the HE vNIC's MAC using command line (on the host where HE VM works or on the HE VM)?
Thanks in advance, Sergei.
1 year, 3 months
Need help again, new issue with VM import
by Michaal R
I have a VM that's a little over 4TB in size that won't import for whatever reason. I've tried changing the export from the streaming disk format to a flat vmdk,thinking that might be it, but it didn't work. I've gone through the OVF and don't see anything that stands out. Same for the logs, I see where it's having issues importing the 4TB drive from the VM, but I can't decipher the error messages well enough to know how to fix it. The drives had chkdsk run on them before they were exported, and the VM was cleanly shut down, so I don't understand what the issue is. Not even sure at this point how to run a filesystem repair on the vmdk, in case the export corrupted something. And I can't export it directly from ESXi either, for some reason. Each attempt fails with an unspecified error.
Below is a snip from the import log where it's reading the drives. It has one of the first errors:
[ 2.492229] scsi host0: Virtio SCSI HBA
[ 2.501365] scsi 0:0:0:0: Direct-Access QEMU QEMU HARDDISK 2.5+ PQ: 0 ANSI: 5
[ 2.504080] scsi 0:0:1:0: Direct-Access QEMU QEMU HARDDISK 2.5+ PQ: 0 ANSI: 5
[ 2.506035] scsi 0:0:2:0: Direct-Access QEMU QEMU HARDDISK 2.5+ PQ: 0 ANSI: 5
[ 2.540737] sd 0:0:0:0: Power-on or device reset occurred
[ 2.540790] sd 0:0:1:0: Power-on or device reset occurred
[ 2.540899] sd 0:0:2:0: Power-on or device reset occurred
[ 2.541130] sd 0:0:0:0: [sda] 8589934592 512-byte logical blocks: (4.40 TB/4.00 TiB)
[ 2.541168] sd 0:0:2:0: [sdc] 8388608 512-byte logical blocks: (4.29 GB/4.00 GiB)
[ 2.541319] sd 0:0:2:0: [sdc] Write Protect is off
[ 2.541391] sd 0:0:0:0: [sda] Write Protect is off
[ 2.541592] sd 0:0:2:0: [sdc] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[ 2.542019] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[ 2.544060] sd 0:0:2:0: [sdc] Attached SCSI disk
[ 2.545294] sd 0:0:1:0: [sdb] 251658240 512-byte logical blocks: (129 GB/120 GiB)
[ 2.545437] sd 0:0:1:0: [sdb] Write Protect is off
[ 2.545966] sd 0:0:1:0: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[ 2.551250] sdb: sdb1 sdb2
[ 2.556698] sd 0:0:1:0qemu-nbd: Disconnect client, due to: Failed to send reply: reading from file failed: Invalid argument
: [sdb] Attached SCSI disk
qemu-nbd: Disconnect client, due to: Failed to send reply: reading from file failed: Invalid argument
qemu-nbd: Disconnect client, due to: Failed to send reply: reading from file failed: Invalid argument
[ 2.618883] sd 0:0:0:0: [sda] tag#157 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[ 2.618890] sd 0:0:0:0: [sda] tag#157 Sense Key : Aborted Command [current]
[ 2.618892] sd 0:0:0:0: [sda] tag#157 Add. Sense: I/O process terminated
[ 2.618894] sd 0:0:0:0: [sda] tag#157 CDB: Read(16) 88 00 00 00 00 01 ff ff ff f8 00 00 00 08 00 00
[ 2.618897] I/O error, dev sda, sector 8589934584 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
supermin: intern[ 2.618902] Buffer I/O error on dev sda, logical block 1073741823, async page read
al insmod virtio[ 2.618927] Alternate GPT is invalid, using primary GPT.
The rest of the log is peppered with Buffer I/O error entries on /dev/sda (the 4TB vmdk).
Could someone please help? I think I've been looking at these logs and trying to fix the drive for so long I've gone logic blind and can't see the answer right in front of my eyes.
Here's a link to the logs pulled from the host: https://www.dropbox.com/scl/fi/570t279s0k3pfgafuvv01/felicity-import-1.18...
1 year, 3 months
Re: [External] : Re: can hosted engine deploy use local repository mirrors instead of internet ones?
by iucounu@gmail.com
Hi Marcos,
>
> The dnsmasq service running on the KVM host manages the IP assignment during the first
> deployment phase.
> How did you deploy your KVM host? Which configurations have you done on it before running
> the hosted-engine --deploy?
> Also, what is your full hosted-engine deployment command?
>
I deployed the KVM hosts using the guide at:
https://www.ovirt.org/documentation/installing_ovirt_as_a_self-hosted_eng...
(section 4.2 Installing Enterprise Linux Hosts)
and
https://www.ovirt.org/download/install_on_rhel.html
Most of the ovirt packages were installed from the installation of the ovirt-engine-appliance. The KVM hosts are using EL 9.3. I've tried on two different EL hosts: one with the standard ovirt-45 repos, and the other had the nightly builds enabled. I observed the same issues on both. I haven't changed any specific settings, such as networking or storage.
The full command to deploy the engine VM was done via:
hosted-engine --deploy --4
I have just setup glusterfs just as a temporary storage option now (yet to run the deploy again), though I'm not sure how to get ovirt to use it. As mentioned I don't know whether this or the networking is causing it to fail.
In case it is important, I notice that virtnetworkd.socket systemd unit gets killed during the deployment, and has to be restarted otherwise the deployment fails prematurely. It also masks all the libvirtd systemd units as part of the cleanup, and these have to manually unmasked and several need manually restarting (virtnetword.socket, virtqemud.socket and virtstoraged.sock) before the deployment is run again or the deploy will fail on trying to communicate with these.
Thanks very much for the help, let me know if any further information needed.
Cam
>
> -----Original Message-----
> From: iucounu(a)gmail.com <iucounu(a)gmail.com>
> Sent: Tuesday, January 23, 2024 12:49 PM
> To: users(a)ovirt.org
> Subject: [ovirt-users] Re: [External] : Re: can hosted engine deploy use local repository
> mirrors instead of internet ones?
>
> Thanks very for the reply Marcos. I tried another deployment, just to see if "wait
> for the host to be up" would time out, and I saw a couple of errors in the log:
>
> From the ovirt-hosted-engine-setup-ansible-final_clean log, it mentions that the VM IP is
> undefined:
>
> 2024-01-23 12:50:19,554+0000 DEBUG otopi.ovirt_hosted_engine_setup.ansible_utils
> ansible_utils._process_output:109 {'msg': "The task includes an option with
> an undefined variable. The error was: 'local_vm_ip' is undefined.
> 'local_vm_ip' is undefined\n\nThe error appears to be in
> '/usr/share/ansible/collections/ansible_collections/ovirt/ovirt/roles/hosted_engine_setup/tasks/sync_on_engine_machine.yml':
> line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax
> problem.\n\nThe offending line appears to be:\n\n---\n- name: Set the name for add_host\n
> ^ here\n", '_ansible_no_log': False}
>
> In the ovirt-hosted-engine-setuplog, it mentions not being able to get the storage pool:
>
>
> 2024-01-23 12:50:35,787+0000 DEBUG otopi.ovirt_hosted_engine_setup.ansible_utils
> ansible_utils._process_output:109 {'changed': True, 'stdout': '',
> 'stderr': "error: failed to get pool 'localvmvy8whst5'\nerror:
> Storage pool not found: no storage pool with matching name
> 'localvmvy8whst5'", 'rc': 1, 'cmd': ['virsh',
> '-c', 'qemu:///system?authfile=/etc/ovirt-hosted-engine/virsh_auth.conf',
> 'pool-destroy', 'localvmvy8whst5'], 'start': '2024-01-23
> 12:50:35.558666', 'end': '2024-01-23 12:50:35.611808',
> 'delta': '0:00:00.053142', 'msg': 'non-zero return code',
> 'invocation': {'module_args': {'_raw_params': 'virsh -c
> qemu:///system?authfile=/etc/ovirt-hosted-engine/virsh_auth.conf pool-destroy
> localvmvy8whst5', '_uses_shell': False, 'stdin_add_newline': True,
> 'strip_empty_ends': True, 'argv': None, 'chdir': None,
> 'executable': None, 'creates': None, 'removes': None,
> 'stdin': None}}, 'stdout_lines': [], 'stderr_lines': ["error:
> failed to get pool 'localvmvy8whst5'", "error: Storage pool not fou
> nd: no storage pool with matching name 'localvmvy8whst5'"],
> '_ansible_no_log': None}
>
> I set the IP to the one I have assigned in DNS, but when I attach to the console of the VM
> (which is still running, though the disk image has been deleted) via virsh, it shows me a
> completely different IP: In hosted-engine --deploy, I set a 10.0.0.x address, however, it
> shows a 192.168.1.x address on the VM. Do I need to set this somewhere else, e.g., with
> '--ansible-extra-vars=he_ipv4_subnet_prefix='?
>
> As for the storage pool, is that for later VM deployment? The deploy script did not ask me
> for a storage location. If I need to specify this, where do I do this?
>
> Thanks again for any help,
>
> Kind regards,
>
> Cam
>
> PS: is there a simple way to have the answers saved so I don't have to keep running
> through all the questions every time I try a deployment
> _______________________________________________
> Users mailing list -- users(a)ovirt.org
> To unsubscribe send an email to users-leave(a)ovirt.org Privacy Statement:
> https://urldefense.com/v3/__https://www.ovirt.org/privacy-policy.html__;!...
> oVirt Code of Conduct:
> https://urldefense.com/v3/__https://www.ovirt.org/community/about/communi...
> List Archives:
> https://urldefense.com/v3/__https://lists.ovirt.org/archives/list/users@o...
1 year, 3 months
Re: [External] : Re: can hosted engine deploy use local repository mirrors instead of internet ones?
by iucounu@gmail.com
Thanks very for the reply Marcos. I tried another deployment, just to see if "wait for the host to be up" would time out, and I saw a couple of errors in the log:
From the ovirt-hosted-engine-setup-ansible-final_clean log, it mentions that the VM IP is undefined:
2024-01-23 12:50:19,554+0000 DEBUG otopi.ovirt_hosted_engine_setup.ansible_utils ansible_utils._process_output:109 {'msg': "The task includes an option with an undefined variable. The error was: 'local_vm_ip' is undefined. 'local_vm_ip' is undefined\n\nThe error appears to be in '/usr/share/ansible/collections/ansible_collections/ovirt/ovirt/roles/hosted_engine_setup/tasks/sync_on_engine_machine.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Set the name for add_host\n ^ here\n", '_ansible_no_log': False}
In the ovirt-hosted-engine-setuplog, it mentions not being able to get the storage pool:
2024-01-23 12:50:35,787+0000 DEBUG otopi.ovirt_hosted_engine_setup.ansible_utils ansible_utils._process_output:109 {'changed': True, 'stdout': '', 'stderr': "error: failed to get pool 'localvmvy8whst5'\nerror: Storage pool not found: no storage pool with matching name 'localvmvy8whst5'", 'rc': 1, 'cmd': ['virsh', '-c', 'qemu:///system?authfile=/etc/ovirt-hosted-engine/virsh_auth.conf', 'pool-destroy', 'localvmvy8whst5'], 'start': '2024-01-23 12:50:35.558666', 'end': '2024-01-23 12:50:35.611808', 'delta': '0:00:00.053142', 'msg': 'non-zero return code', 'invocation': {'module_args': {'_raw_params': 'virsh -c qemu:///system?authfile=/etc/ovirt-hosted-engine/virsh_auth.conf pool-destroy localvmvy8whst5', '_uses_shell': False, 'stdin_add_newline': True, 'strip_empty_ends': True, 'argv': None, 'chdir': None, 'executable': None, 'creates': None, 'removes': None, 'stdin': None}}, 'stdout_lines': [], 'stderr_lines': ["error: failed to get pool 'localvmvy8whst5'", "error: Storage pool not fou
nd: no storage pool with matching name 'localvmvy8whst5'"], '_ansible_no_log': None}
I set the IP to the one I have assigned in DNS, but when I attach to the console of the VM (which is still running, though the disk image has been deleted) via virsh, it shows me a completely different IP: In hosted-engine --deploy, I set a 10.0.0.x address, however, it shows a 192.168.1.x address on the VM. Do I need to set this somewhere else, e.g., with '--ansible-extra-vars=he_ipv4_subnet_prefix='?
As for the storage pool, is that for later VM deployment? The deploy script did not ask me for a storage location. If I need to specify this, where do I do this?
Thanks again for any help,
Kind regards,
Cam
PS: is there a simple way to have the answers saved so I don't have to keep running through all the questions every time I try a deployment
1 year, 3 months
Apple Mac Pro 2013 install hangs with oVirt Node installer 4.5 but ok with 4.3.10
by john@alwayson.net.au
This hardware (6 Core Xeon E5-1650v2) successfully runs Fedora 39 and oVirt 4.3.10 (CentOS 7) but freezes immediately when attempting to boot from either of the latest node installer ISOs:
ovirt-node-ng-installer-latest-el8.iso
ovirt-node-ng-installer-latest-el9.iso
I suspect it will require tweaks to the kernel parameters which will need to be made to the ISO installer image prior to booting.
Any suggestions would be appreciated.
Thanks
1 year, 3 months
Upgrade host from 4.5.4 to 4.5.5 failed
by Jacob M. Nielsen
Upgrade host from Ovirt manager - Result Install Failed
Here log
2024-01-23 23:08:38 CET - TASK [ovirt-host-upgrade : Upgrade packages] ***********************************
2024-01-23 23:11:47 CET - {
"uuid" : "a7ac6634-4644-4416-a818-183b42b3c925",
"counter" : 191,
"stdout" : "",
"start_line" : 186,
"end_line" : 186,
"runner_ident" : "0b7adac9-6ff4-4934-a9c1-ad0785877978",
"event" : "runner_on_failed",
"pid" : 135486,
"created" : "2024-01-23T22:11:45.029493",
"parent_uuid" : "000c2930-20d1-ae10-b6a7-000000000042",
"event_data" : {
"playbook" : "ovirt-host-upgrade.yml",
"playbook_uuid" : "89cebab6-f73e-4a2f-bb30-b8de7e04367a",
"play" : "all",
"play_uuid" : "000c2930-20d1-ae10-b6a7-000000000002",
"play_pattern" : "all",
"task" : "Upgrade packages",
"task_uuid" : "000c2930-20d1-ae10-b6a7-000000000042",
"task_action" : "ansible.builtin.yum",
"task_args" : "",
"task_path" : "/usr/share/ovirt-engine/ansible-runner-service-project/project/roles/ovirt-host-upgrade/tasks/main.yml:69",
"role" : "ovirt-host-upgrade",
"host" : "10.63.0.6",
"remote_addr" : "10.63.0.6",
"res" : {
"results" : [ {
"failed" : true,
"msg" : "Failed to validate GPG signature for ovirt-node-ng-image-update-4.5.5-1.el8.noarch: Public key for ovirt-node-ng-image-update-4.5.5-1.el8.noarch.rpm is not installed",
"invocation" : {
"module_args" : {
Tried to just do the yum update on the host
Got this result
Tried to upgrade host from Ovirt manager , and got InstallFailed
2024-01-23 23:08:38 CET - TASK [ovirt-host-upgrade : Upgrade packages] ***********************************
2024-01-23 23:11:47 CET - {
"uuid" : "a7ac6634-4644-4416-a818-183b42b3c925",
"counter" : 191,
"stdout" : "",
"start_line" : 186,
"end_line" : 186,
"runner_ident" : "0b7adac9-6ff4-4934-a9c1-ad0785877978",
"event" : "runner_on_failed",
"pid" : 135486,
"created" : "2024-01-23T22:11:45.029493",
"parent_uuid" : "000c2930-20d1-ae10-b6a7-000000000042",
"event_data" : {
"playbook" : "ovirt-host-upgrade.yml",
"playbook_uuid" : "89cebab6-f73e-4a2f-bb30-b8de7e04367a",
"play" : "all",
"play_uuid" : "000c2930-20d1-ae10-b6a7-000000000002",
"play_pattern" : "all",
"task" : "Upgrade packages",
"task_uuid" : "000c2930-20d1-ae10-b6a7-000000000042",
"task_action" : "ansible.builtin.yum",
"task_args" : "",
"task_path" : "/usr/share/ovirt-engine/ansible-runner-service-project/project/roles/ovirt-host-upgrade/tasks/main.yml:69",
"role" : "ovirt-host-upgrade",
"host" : "10.63.0.6",
"remote_addr" : "10.63.0.6",
"res" : {
"results" : [ {
"failed" : true,
"msg" : "Failed to validate GPG signature for ovirt-node-ng-image-update-4.5.5-1.el8.noarch: Public key for ovirt-node-ng-image-update-4.5.5-1.el8.noarch.rpm is not installed",
"invocation" : {
"module_args" : {
Tried to make the yum update
Last metadata expiration check: 0:55:29 ago on 2024-01-23T22:43:18 CET.
Dependencies resolved.
===========================================================================================================================================
Package Architecture Version Repository Size
===========================================================================================================================================
Installing:
ovirt-node-ng-image-update noarch 4.5.5-1.el8 ovirt-45-upstream 1.3 G
replacing ovirt-node-ng-image-update-placeholder.noarch 4.5.4-1.el8
Transaction Summary
===========================================================================================================================================
Install 1 Package
Total download size: 1.3 G
Is this ok [y/N]: y
Downloading Packages:
ovirt-node-ng-image-update-4.5.5-1.el8.noarch.rpm 7.3 MB/s | 1.3 GB 02:59
-------------------------------------------------------------------------------------------------------------------------------------------
Total 7.2 MB/s | 1.3 GB 03:02
oVirt upstream for CentOS Stream 8 - oVirt 4.5 2.8 MB/s | 2.9 kB 00:00
Importing GPG key 0xFE590CB7:
Userid : "oVirt <infra(a)ovirt.org>"
Fingerprint: 31A5 D783 7FAD 7CB2 86CD 3469 AB8C 4F9D FE59 0CB7
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-oVirt-4.5
Is this ok [y/N]: y
Key imported successfully
Import of key(s) didn't help, wrong key(s)?
Public key for ovirt-node-ng-image-update-4.5.5-1.el8.noarch.rpm is not installed. Failing package is: ovirt-node-ng-image-update-4.5.5-1.el8.noarch
GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oVirt-4.5
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'yum clean packages'.
Error: GPG check FAILED
Anyone seen this and found a solution ??
1 year, 3 months
oVirt nodes with local storage
by Wild Star
On the weekend I upgraded my self-hosted oVirt engine to 4.56. All went well with that!
I also spotted that there was an update for all my 4.54 nodes, but something has changed with the repo overnight because none of my nodes see updates anymore, though the update remains available here … https://resources.ovirt.org/pub/ovirt-4.5/iso/ovirt-node-ng-installer/.
Yesterday, I attempted to update just one of my nodes and ran into this snag… “Local storage domains were found on the same filesystem as / ! Please migrate the data to a new LV before upgrading, or you will lose the VMs”.
I’ve always stored my VMs in a separate /DATA directory off the root filesystem, and shared the local storage using NFS. I know it’s not ideal, but with good frequent regular backups, it has served me well for many years.
A Google search revealed, that others have also had similar local storage issues, and suggestions on ways to mitigate the issue, including the oVirt documentation found here… https://www.ovirt.org/documentation/upgrade_guide/index.html#Upgrading_hy..., is not my preferred fix.
In the past node updates with my local storage were not a problem and were easy peasy! From some of the discussions I saw at Red Hat, I have deduced (maybe wrongly) that there was an issue that necessitated a fix, which introduced a required check for local storage during the upgrade process.
I probably should move all the local storage off the oVirt nodes, but at this time, that is easier said than done.
I’m posting here only to see if there are perhaps other ideas or perspectives I may not have thought of and should consider with my local storage.
Thank you all in advance, much appreciated, and of course, thank you all for supporting oVirt!
1 year, 4 months
Odd behavior after upgrade to 4.5
by Seann G. Clark
All,
I just recently upgraded from 4.3 to 4.5, and while most of the upgrade went smoothly and I didn't see any major issues, I have noticed a few things that are causing problems.
The one piece that I had to sneak in to make the install successful, is push my CA and intermediate CA certs into the engine after it came up the first time, but before it fully installed, otherwise it would fail restoring the backup. This is to address using a custom Apache cert for the hosted engine, instead of the default self-signed CA.
The biggest issue is with keycloak. To make the upgrade succeed I had to skip keycloak installation, after doing some digging related to this error:
"Failed to execute stage 'Misc configuration': 'OVESETUP_OVN/ovirtProviderOvnSecret'" I don't actively use OVN in my environment right now, and I think it is all pretty much in the default install state.
This is the same error I get when I loop back to install keycloak now that the engine is up. This is what is in the logs for the last few lines preceding the error and failure event:
2024-01-19 19:09:32,602+0000 DEBUG otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn plugin.execute:921 execute-output: ('ovn-sbctl', 'set-connection', 'pssl:6642:[::]') stdout:
2024-01-19 19:09:32,602+0000 DEBUG otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn plugin.execute:926 execute-output: ('ovn-sbctl', 'set-connection', 'pssl:6642:[::]') stderr:
2024-01-19 19:09:32,626+0000 DEBUG otopi.context context._executeMethod:127 Stage misc METHOD otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn.Plugin._misc_configure_ovn_timeout
2024-01-19 19:09:32,627+0000 INFO otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn ovirtproviderovn._misc_configure_ovn_timeout:1076 Updating OVN timeout configuration
2024-01-19 19:09:32,628+0000 DEBUG otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn plugin.executeRaw:813 execute: ('ovn-sbctl', 'set', 'connection', '.', 'inactivity_probe=60000'), executable='None', cwd='None', env=None
2024-01-19 19:09:32,652+0000 DEBUG otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn plugin.executeRaw:863 execute-result: ('ovn-sbctl', 'set', 'connection', '.', 'inactivity_probe=60000'), rc=0
2024-01-19 19:09:32,653+0000 DEBUG otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn plugin.execute:921 execute-output: ('ovn-sbctl', 'set', 'connection', '.', 'inactivity_probe=60000') stdout:
2024-01-19 19:09:32,653+0000 DEBUG otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn plugin.execute:926 execute-output: ('ovn-sbctl', 'set', 'connection', '.', 'inactivity_probe=60000') stderr:
2024-01-19 19:09:32,677+0000 DEBUG otopi.context context._executeMethod:127 Stage misc METHOD otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn.Plugin._misc_configure_provider
2024-01-19 19:09:32,678+0000 DEBUG otopi.context context._executeMethod:145 method exception
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/otopi/context.py", line 132, in _executeMethod
method['method']()
File "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/network/ovirtproviderovn.py", line 1113, in _misc_configure_provider
self._configure_ovirt_provider_ovn()
File "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/network/ovirtproviderovn.py", line 796, in _configure_ovirt_provider_ovn
content = self._create_config_content()
File "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/network/ovirtproviderovn.py", line 761, in _create_config_content
OvnEnv.OVIRT_PROVIDER_OVN_SECRET
KeyError: 'OVESETUP_OVN/ovirtProviderOvnSecret'
2024-01-19 19:09:32,682+0000 ERROR otopi.context context._executeMethod:154 Failed to execute stage 'Misc configuration': 'OVESETUP_OVN/ovirtProviderOvnSecret'
2024-01-19 19:09:32,683+0000 DEBUG otopi.transaction transaction.abort:124 aborting 'DNF Transaction'
I have spent a fair amount of time researching this but haven't found a specific root cause, or solution on this issue.
Thank you in advance,
Seann
1 year, 4 months
Cannot update oVirt Node
by Gianluca Amato
Hello,
I am trying to update my oVirt installation to 4.5.5, but while I had no
problems upgrading the self-hosted ovirt-engine, I am not able to upgrade
any node (running oVirt Node NG 4.5.4 or older). I just click Upgrade in
the oVirt Manager, and I get a bunch of events telling me that everything
was OK and the upgrade succeeded, but in reality nothing happened on the
nodes: the result of "nodectl info" before and after the upgrade process
is exactly the same.
I gave a look to the engine.log and to the relevant ovirt-host-mgmt-ansible
log in the ovirt-engine VM, but I cannot find the problem. Do any of you
have any ideas ? I am attaching some relevant files.
Note that the upgrade consistently fails in the same way on other nodes,
which have other versions of oVirt Node NG (always in the 4.5 family).
Thanks for your help
--gianluca
1 year, 4 months
hosted-engine --deploy: No module named 'he_ansible'
by iucounu@gmail.com
Hi,
I'm trying to install hosted engine on a server (4.5.5-1.el9) and it reports 'No module named 'he_ansible'. I have what could an he_ansible module under /usr/share/ovirt-hosted-engine-setup:
/usr/share/ovirt-hosted-engine-setup/he_ansible
/usr/share/ovirt-hosted-engine-setup/he_ansible/__pycache__
/usr/share/ovirt-hosted-engine-setup/he_ansible/ansible.cfg
/usr/share/ovirt-hosted-engine-setup/he_ansible/callback_plugins
/usr/share/ovirt-hosted-engine-setup/he_ansible/constants.py
/usr/share/ovirt-hosted-engine-setup/he_ansible/trigger_role.yml
/usr/share/ovirt-hosted-engine-setup/he_ansible/__pycache__/constants.cpython-39.opt-1.pyc
/usr/share/ovirt-hosted-engine-setup/he_ansible/__pycache__/constants.cpython-39.pyc
/usr/share/ovirt-hosted-engine-setup/he_ansible/callback_plugins/1_otopi_json.py
/usr/share/ovirt-hosted-engine-setup/he_ansible/callback_plugins/2_ovirt_logger.py
Is there a missing include/path somewhere?
Thanks for any help.
Full error:
bash# hosted-engine --deploy
<string>:1: DeprecationWarning: distro.linux_distribution() is deprecated. It should only be used as a compatibility shim with Python's platform.linux_distribution(). Please use distro.id(), distro.version() and distro.name() instead.
<string>:1: DeprecationWarning: distro.linux_distribution() is deprecated. It should only be used as a compatibility shim with Python's platform.linux_distribution(). Please use distro.id(), distro.version() and distro.name() instead.
***L:ERROR Internal error: No module named 'he_ansible'
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/otopi/main.py", line 141, in execute
self.context.loadPlugins()
File "/usr/lib/python3.9/site-packages/otopi/context.py", line 803, in loadPlugins
self._loadPluginGroups(plugindir, needgroups, loadedgroups)
File "/usr/lib/python3.9/site-packages/otopi/context.py", line 112, in _loadPluginGroups
self._loadPlugins(path, path, groupname)
File "/usr/lib/python3.9/site-packages/otopi/context.py", line 69, in _loadPlugins
self._loadPlugins(base, d, groupname)
File "/usr/lib/python3.9/site-packages/otopi/context.py", line 95, in _loadPlugins
util.loadModule(
File "/usr/lib/python3.9/site-packages/otopi/util.py", line 110, in loadModule
spec.loader.exec_module(module)
File "<frozen importlib._bootstrap_external>", line 850, in exec_module
File "<frozen importlib._bootstrap>", line 228, in _call_with_frames_removed
File "/usr/share/ovirt-hosted-engine-setup/scripts/../plugins/gr-he-ansiblesetup/core/__init__.py", line 25, in <module>
from . import misc
File "/usr/share/ovirt-hosted-engine-setup/scripts/../plugins/gr-he-ansiblesetup/core/misc.py", line 34, in <module>
from ovirt_hosted_engine_setup import ansible_utils
File "/usr/lib/python3.9/site-packages/ovirt_hosted_engine_setup/ansible_utils.py", line 33, in <module>
from he_ansible.constants import AnsibleCallback
ModuleNotFoundError: No module named 'he_ansible'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/otopi/__main__.py", line 88, in main
installer.execute()
File "/usr/lib/python3.9/site-packages/otopi/main.py", line 143, in execute
util.raiseExceptionInformation(
File "/usr/lib/python3.9/site-packages/otopi/util.py", line 85, in raiseExceptionInformation
raise info[1].with_traceback(info[2])
File "/usr/lib/python3.9/site-packages/otopi/main.py", line 141, in execute
self.context.loadPlugins()
File "/usr/lib/python3.9/site-packages/otopi/context.py", line 803, in loadPlugins
self._loadPluginGroups(plugindir, needgroups, loadedgroups)
File "/usr/lib/python3.9/site-packages/otopi/context.py", line 112, in _loadPluginGroups
self._loadPlugins(path, path, groupname)
File "/usr/lib/python3.9/site-packages/otopi/context.py", line 69, in _loadPlugins
self._loadPlugins(base, d, groupname)
File "/usr/lib/python3.9/site-packages/otopi/context.py", line 95, in _loadPlugins
util.loadModule(
File "/usr/lib/python3.9/site-packages/otopi/util.py", line 110, in loadModule
spec.loader.exec_module(module)
File "<frozen importlib._bootstrap_external>", line 850, in exec_module
File "<frozen importlib._bootstrap>", line 228, in _call_with_frames_removed
File "/usr/share/ovirt-hosted-engine-setup/scripts/../plugins/gr-he-ansiblesetup/core/__init__.py", line 25, in <module>
from . import misc
File "/usr/share/ovirt-hosted-engine-setup/scripts/../plugins/gr-he-ansiblesetup/core/misc.py", line 34, in <module>
from ovirt_hosted_engine_setup import ansible_utils
File "/usr/lib/python3.9/site-packages/ovirt_hosted_engine_setup/ansible_utils.py", line 33, in <module>
from he_ansible.constants import AnsibleCallback
otopi.main.PluginLoadException: No module named 'he_ansible'
root@lonovirt1 /u/cmcl bash#
1 year, 4 months
virt-viewer - lost partialy connectivity
by paf1@email.cz
Hello,
after update centos9-stream to latest packages with ovirt 4.5.5 I lost VMs
console connectivity .
For html5 option I lost all ( can't connect anyway )
For virt-viewer option only partially, can view output screen, but keyboard
has no input ( sometimes accept enter )
I tried to reinstall ovirt-vmconsole-host-1.0.9-3.el9.noarch and ovirt-
vmconsole-1.0.9-3.el9.noarch , but with no success, the same situation with
reinstall virt-viewer 11.0 locally ( ubuntu 23.04 last updates ).
This stopped my VMs deploying :( .
Exists any fix or workaround about this issue ??
thx. a lot
regs.
Pavel
1 year, 4 months
Re: [EXT]Re: Re: [SOLVED] Re: Re: How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?
by Strahil Nikolov
Actually , the vdsmd trick is needed only to fool the engine that the host has failed (you need to disable the fencing or prevent it somehow - like changing the ipmi user's password).The engine itself uses ssh to distribute the new certificate to the host.
Best Regards,Strahil Nikolov
On Wed, Jan 17, 2024 at 18:07, Michael Douglass<mikedoug(a)certida.com> wrote: Ah, the steps I list here work for non-single node environments as well. The problem with vdsm-tool doing the certificate renewal in that setup is that the certificate needs to be signed by the engine host and not the local host. Apologies if this causes any confusion for single-node users.
From: Strahil Nikolov <hunter86_bg(a)yahoo.com>
Sent: Saturday, January 13, 2024 6:57 PM
To: Michael Douglass <mikedoug(a)certida.com>; mikedoug--- via Users <users(a)ovirt.org>
Subject: [EXT]Re: [ovirt-users] Re: [SOLVED] Re: Re: How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment? CAUTION: Be careful of links - This email originated from outside of Certida.Hi,
Recently I found another way to renew the certificates on a one-node self-hosted environment.The trick is to stop vdsmd and wait till the engine shows the system unresponsive. Then you can trigger a certificate renewal and just power on vdsmd again.
Best Regards,Strahil Nikolov
On Sun, Jan 14, 2024 at 2:54, mikedoug--- via Users<users(a)ovirt.org> wrote:This is the only place we found the answer we needed concerning how to sign a host key from the engine! Saved our bacon!
The only tweak I would make is that there were a few more destinations at the end to copy the files into, and instead of rebooting the host we found that just restarting vdsmd and libvirtd got everything working without any existing VMs having to stop. Here's a complete update of what you have above intermingling some extra bits for anyone who has to do this in the future.
If the certs on your oVirt host expire, it can be a PITA to figure out how to fix it. It's actually simple, but takes a LOT of manual work.
Make sure every part of every script makes sense as I made some modifications as I documented it! I do not warrant that I didn't make a mistake somewhere. :)
########### On the ENGINE HOST ###########
## Check the CA Cert on the ENGINE
openssl x509 -in /etc/pki/ovirt-engine/ca.pem -noout -dates
## If it is expired, then on the ENGINE, rebuild the CA Cert with this in a script:
## NOTE: these are steps from another post I didn't need to do them -- could be dangerous...
```
set -x ## Make the script echo everything out, so if it fails you know where
set -e ## Make the script STOP on any error
set my_date="$(date +"%Y%m%d%H%M%S")"
# Backup the existing CA files
/bin/cp -p /etc/pki/ovirt-engine/private/ca.pem /etc/pki/ovirt-engine/private/ca.pem.$my_date
/bin/cp -p /etc/pki/ovirt-engine/ca.pem{,.$my_date}
/bin/mv /etc/pki/ovirt-engine/certs/ca.der{,.$my_date}
# Sign the key
openssl x509 -signkey /etc/pki/ovirt-engine/private/ca.pem -in /etc/pki/ovirt-engine/ca.pem -out /etc/pki/ovirt-engine/ca.pem.new -days 3650 -sha256
openssl x509 -in /etc/pki/ovirt-engine/ca.pem.new -text > /etc/pki/ovirt-engine/ca.pem.new.full
# Put the files into place
/bin/mv -f /etc/pki/ovirt-engine/ca.pem.new.full /etc/pki/ovirt-engine/ca.pem
/bin/cp -p /etc/pki/ovirt-engine/ca.pem.new /etc/pki/ovirt-engine/certs/ca.der
```
Now you need to copy the new CA file over to the host:
Source: ENGINE `/etc/pki/ovirt-engine/ca.pem`
Dest: HOST `/tmp/new-ca.pem`
########### On the oVirt Host ###########
# Create a CSR using the information from the existing certificate and the existing key:
openssl x509 -x509toreq -in /etc/pki/libvirt/clientcert.pem -out /tmp/HOST.csr -signkey /etc/pki/libvirt/private/clientkey.pem
Now you need to copy the new CA file over to the host:
Source: HOST `/tmp/HOST.csr`
Dest: ENGINE `/etc/pki/ovirt-engine/requests/full.hostname.com.req`
########### On the ENGINE HOST ###########
# Now sign it:
/usr/share/ovirt-engine/bin/pki-enroll-request.sh --name=full.hostname.com
# NB -- adding --san results in an error: --san=host.na.me (So no Subject Alternate Names)
Now you need to copy the new Certificate file over to the host:
Source: ENGINE /etc/pki/ovirt-engine/certs/full.hostname.com.cer
Dest: HOST /tmp/new-cert.pem
########### On the oVirt Host ###########
Run this script to put the cert and CA in place. Note if you don't put a ca into
/tmp/new-ca.pem it skips that step.
```
set -x
set -e
set my_date="$(date +"%Y%m%d%H%M%S")"
for x in /etc/pki/libvirt/clientcert.pem /etc/pki/vdsm/certs/vdsmcert.pem /etc/pki/vdsm/libvirt-migrate/server-cert.pem /etc/pki/vdsm/libvirt-spice/server-cert.pem /etc/pki/vdsm/libvirt-vnc/server-cert.pem; do
/bin/mv -n $x ${x}.${mydate}
/bin/cp /tmp/new-cert.pem ${x}
chmod 644 ${x}
chown root:kvm ${x}
done
if -f /tmp/new-ca.pem; then
for x in /etc/pki/vdsm/libvirt-migrate/ca-cert.pem /etc/pki/vdsm/certs/cacert.pem /etc/pki/vdsm/libvirt-vnc/ca-cert.pem /etc/pki/vdsm/libvirt-spice/ca-cert.pem /etc/pki/CA/cacert.pem; do
/bin/mv -n $x ${x}.${mydate}
/bin/cp /tmp/new-ca.pem ${x}
chmod 644 ${x}
chown root:kvm ${x}
done
fi
```
Now you're ready to restart two vital services -- some people say "reboot the host" -- but we found that unecessary. Running this restart was safe for us and didn't cause any running VMs to crash or reboot -- they kept going without issue. Once we did this, waited a few minutes, the host came back up on the engine and everything was happy. Specifically a VM we were unable to get running was a click away from full functionality again!
# Restart the two services affected by the key/cert changes
systemctl restart vdsmd libvirtd
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/2EBSBWXFCEA...
1 year, 4 months
gluster on iSCSI devices in ovirt environment
by paf1@email.cz
hello dears,
can anybody explain me HOWTO realize 2 nodes + aribiter gluster from
two (three) locations on block iSCSI devices ?
Something like this:
gluster volume create TEST replica 3 arbiter 1 <location-one-host1 -
iSCSI target > <location-two-host2 - iSCSI target> <
location-three-host3 - /dev/sda5 e.g. > - ALL applied on multinode
ovirt cluster
thx a lot for any help
regs.
Pa.
1 year, 4 months
NVIDIA vGPU driver for Ovirt 4.5.4
by michael.a.silveira3.ctr@us.navy.mil
Hello,
Does anyone know which, if any, NVIDIA GRID driver supports Ovirt 4.5.4 on Ovirt-node (kernel 4.18.0-408.el8.x86_64)? I've recently upgraded to Ovirt 4.5 and can't find a NVIDIA GRID driver that will connect to my Tesla v100 on the new kernel. nvidia-smi returns the following no matter what driver I install:
NVIDIA-SMI has failed because it couldn't communicate with the NVIDIA driver. Make sure that the latest NVIDIA driver is installed and running.
1 year, 4 months
Cannot restart ovirt after massive failure.
by Gilboa Davara
Hello all,
During the night, one of my (smaller) setups, a single node self hosted
engine (localhost NFS) crashed due to what-looks-like a massive disk
failure (Software RAID6, with 10 drives + spare).
After a reboot, I let the RAID resync with a fresh drive) and went on to
start oVirt.
However, no such luck.
Two issues:
1. ovirt-ha-broker fails due to broken hosted engine state (log attached).
2. ovirt-ha-agent fails due to network test (tcp) even though both
remote-host and DNS servers are active. (log attached).
Two questions:
1. Can I somehow force the agent to disable the network liveliness test?
2. Can I somehow force the broker to rebuild / fix the hosted engine state?
- Gilboa
1 year, 4 months
Cannot open Vm Console
by Vittorio
I got few Vm on my ovirte nodes, but i cant acess to console.
When i downloaded it, the error is the following :
"Failed to complete haandshake Errore in the pull function."
1 year, 4 months
VDSM Command DetachStorageDomainVDS Failed
by Matthew J Black
Hi All,
So after having an oVirt cluster crash (no data loss (at this stage), thankfully) and rebuilding from scratch, I'm trying to import the old Storage Domains. I've been successful with three (automatically "detaching" from the old, now non-existent hosts) but one is giving me the following error from the hosted-engine GUI:
~~~
VDSM command DetachStorageDomainVDS failed: Cannot acquire host id: ('e311ddf1-7f2c-49ef-a618-050d9a2b947f', SanlockException(19, 'Sanlock lockspace add failure', 'No such device'))
~~~
I am going to assume ("make an ass out for you and me") that I can run the required command from the cli with a "-force" flag (I hope), so my Q is: What is the command, because I can't seem to find it in any doco (most probably because I'm old and my eyes are feeble :-) ).
Any help gratefully appreciated - FTR: that particular Storage Domain have a bunch of VM Images on it which I'd rather import/recover than have to create from scratch.
Cheers
Dulux-Oz
1 year, 4 months
Deployment Error: Host is not up - Looking For Some Advice/Pointers
by Matthew J Black
Hi All,
So, on a fresh install on RL v9.3, we're getting a `Host is not up, please check logs, perhaps also on the engine machine` error.
This comes up right after the 20min timeout (the 120sec * 10 one).
No, the hosted-engine is not deployed (ie hosted-engine --check-deployed).
Obviously I need to check the logs, but which ones in particular (the hosted-engine-setup logs, obviously, but which other ones), where are they if the hosted-engine is not running, and, in an effort to narrow down the volume of info to a more manageable level, what should I be looking for?
Thanks in advance
1 year, 4 months
Please, Please Help - New oVirt Install/Deployment Failing - "Host is not up..."
by Matthew J Black
Hi Everyone,
Could someone please help me - I've been trying to do an install of oVirt for *weeks* (including false starts and self-inflicted wounds/errors) and it is still not working.
My setup:
- oVirt v4.5.3
- A brand new fresh vanilla install of RockyLinux 8.6 - all working AOK
- 2*NICs in a bond (802.3ad) with a couple of sub-Interfaces/VLANs - all working AOK
- All relevant IPv4 Address in DNS with Reverse Lookups - all working AOK
- All relevant IPv4 Address in "/etc/hosts" file - all working AOK
- IPv6 (using "method=auto" in the interface config file) enabled on the relevant sub-Interface/VLAN - I'm not using IPv6 on the network, only IPv4, but I'm trying to cover all the bases.
- All relevant Ports (as per the oVirt documentation) set up on the firewall
- ie firewall-cmd --add-service={{ libvirt-tls | ovirt-imageio | ovirt-vmconsole | vdsm }}
- All the relevant Repositories installed (ie RockyLinux BaseOS, AppStream, & PowerTools, and the EPEL, plus the ones from the oVirt documentation)
I have followed the oVirt documentation (including the special RHEL-instructions and RockyLinux-instructions) to the letter - no deviations, no special settings, exactly as they are written.
All the dnf installs, etc, went off without a hitch, including the "dnf install centos-release-ovirt45", "dnf install ovirt-engine-appliance", and "dnf install ovirt-hosted-engine-setup" - no errors anywhere.
Here is the results of a "dnf repolist":
- appstream Rocky Linux 8 - AppStream
- baseos Rocky Linux 8 - BaseOS
- centos-ceph-pacific CentOS-8-stream - Ceph Pacific
- centos-gluster10 CentOS-8-stream - Gluster 10
- centos-nfv-openvswitch CentOS-8 - NFV OpenvSwitch
- centos-opstools CentOS-OpsTools - collectd
- centos-ovirt45 CentOS Stream 8 - oVirt 4.5
- cs8-extras CentOS Stream 8 - Extras
- cs8-extras-common CentOS Stream 8 - Extras common packages
- epel Extra Packages for Enterprise Linux 8 - x86_64
- epel-modular Extra Packages for Enterprise Linux Modular 8 - x86_64
- ovirt-45-centos-stream-openstack-yoga CentOS Stream 8 - oVirt 4.5 - OpenStack Yoga Repository
- ovirt-45-upstream oVirt upstream for CentOS Stream 8 - oVirt 4.5
- powertools Rocky Linux 8 - PowerTools
So I kicked-off the oVirt deployment with: "hosted-engine --deploy --4 --ansible-extra-vars=he_offline_deployment=true".
I used "--ansible-extra-vars=he_offline_deployment=true" because without that flag I was getting "DNF timout" issues (see my previous post `Local (Deployment) VM Can't Reach "centos-ceph-pacific" Repo`).
I answer the defaults to all of questions the script asked, or entered the deployment-relevant answers where appropriate. In doing this I double-checked every answer before hitting <Enter>. Everything progressed smoothly until the deployment reached the "Wait for the host to be up" task... which then hung for more than 30 minutes before failing.
From the ovirt-hosted-engine-setup... log file:
- 2022-10-20 17:54:26,285+1100 ERROR otopi.ovirt_hosted_engine_setup.ansible_utils ansible_utils._process_output:113 fatal: [localhost]: FAILED! => {"changed": false, "msg": "Host is not up, please check logs, perhaps also on the engine machine"}
I checked the following log files and found all of the relevant ERROR lines, then checked several 10s of proceeding and succeeding lines trying to determine what was going wrong, but I could not determine anything.
- ovirt-hosted-engine-setup...
- ovirt-hosted-engine-setup-ansible-bootstrap_local_vm...
- ovirt-hosted-engine-setup-ansible-final_clean... - not really relevant, I believe
I can include the log files (or the relevant parts of the log files) if people want - but that are very large: several 100 kilobytes each.
I also googled "oVirt Host is not up" and found several entries, but after reading them all the most relevant seems to be a thread from these mailing list: `Install of RHV 4.4 failing - "Host is not up, please check logs, perhaps also on the engine machine"` - but this seems to be talking about an upgrade and I didn't gleam anything useful from it - I could, of course, be wrong about that.
So my questions are:
- Where else should I be looking (ie other log files, etc, and possible where to find them)?
- Does anyone have any idea why this isn't working?
- Does anyone have a work-around (including a completely manual process to get things working - I don't mind working in the CLI with virsh, etc)?
- What am I doing wrong?
Please, I'm really stumped with this, and I really do need help.
Cheers
Dulux-Oz
1 year, 4 months
ovirt node ng 4.5.5 fresh install fails
by Levi Wilbert
I'm attempting to update our oVirt cluster to 4.5.5 from 4.5.4, running oVirt Node NG on the hosts.
When I tried updating a host through the oVirt Manager GUI, after the host reboots, it fails to start up and goes into emergency recovery mode:
[ 4.534872] localhost systemd[1]: Reached target Local File Systems.
[ 4.535119] localhost systemd[1]: Reached target System Initialization.
[ 4.535343] localhost systemd[1]: Reached target Basic System.
[ 4.536759] localhost systemd[1]: Started Hardware RNG Entropy Gatherer Daemon.
[ 4.541801] localhost rngd[1512]: Disabling 7: PKCS11 Entropy generator (pkcs11)
[ 4.541801] localhost rngd[1512]: Disabling 5: NIST Network Entropy Beacon (nist)
[ 4.541801] localhost rngd[1512]: Disabling 9: Qrypt quantum entropy beacon (qrypt)
[ 4.541801] localhost rngd[1512]: Initializing available sources
[ 4.542073] localhost rngd[1512]: [hwrng ]: Initialization Failed
[ 4.542073] localhost rngd[1512]: [rdrand]: Enabling RDSEED rng support
[ 4.542073] localhost rngd[1512]: [rdrand]: Initialized
[ 4.542073] localhost rngd[1512]: [jitter]: JITTER timeout set to 5 sec
[ 4.582381] localhost rngd[1512]: [jitter]: Initializing AES buffer
[ 8.309063] localhost rngd[1512]: [jitter]: Enabling JITTER rng support
[ 8.309063] localhost rngd[1512]: [jitter]: Initialized
[ 133.884355] localhost dracut-initqueue[1095]: Warning: dracut-initqueue: timeout, still waiting for following initqueue hooks:
[ 133.885349] localhost dracut-initqueue[1095]: Warning: /lib/dracut/hooks/initqueue/finished/devexists-\x2fdev\x2fdisk\x2fby-id\x2fmd-uuid-3f47cad8:fecb96ea:0ea37615:4e5dec4e.sh: "[ -e "/dev/disk/by-id/md-uuid-3f47cad8:fecb96ea:0ea37615:4e5dec4e" ]"
[ 133.886485] localhost dracut-initqueue[1095]: Warning: /lib/dracut/hooks/initqueue/finished/devexists-\x2fdev\x2fdisk\x2fby-id\x2fmd-uuid-d446b801:d515c112:116ff07f:9ae52466.sh: "[ -e "/dev/disk/by-id/md-uuid-d446b801:d515c112:116ff07f:9ae52466" ]"
[ 133.887619] localhost dracut-initqueue[1095]: Warning: /lib/dracut/hooks/initqueue/finished/devexists-\x2fdev\x2fonn\x2fovirt-node-ng-4.5.5-0.20231130.0+1.sh: "if ! grep -q After=remote-fs-pre.target /run/systemd/generator/systemd-cryptsetup(a)*.service 2>/dev/null; then
[ 133.887619] localhost dracut-initqueue[1095]: [ -e "/dev/onn/ovirt-node-ng-4.5.5-0.20231130.0+1" ]
[ 133.887619] localhost dracut-initqueue[1095]: fi"
[ 133.888667] localhost dracut-initqueue[1095]: Warning: /lib/dracut/hooks/initqueue/finished/devexists-\x2fdev\x2fonn\x2fswap.sh: "[ -e "/dev/onn/swap" ]"
[ 133.890050] localhost dracut-initqueue[1095]: Warning: dracut-initqueue: starting timeout scripts
[ 133.969228] localhost dracut-initqueue[7366]: Scanning devices md126p2 for LVM logical volumes onn/ovirt-node-ng-4.5.5-0.20231130.0+1
[ 133.969228] localhost dracut-initqueue[7366]: onn/swap
[ 134.001560] localhost dracut-initqueue[7366]: onn/ovirt-node-ng-4.5.5-0.20231130.0+1 thin
[ 134.001560] localhost dracut-initqueue[7366]: onn/swap linear
[ 134.014259] localhost dracut-initqueue[7381]: /etc/lvm/profile/imgbased-pool.profile: stat failed: No such file or directory
[ 134.532608] localhost dracut-initqueue[7381]: Check of pool onn/pool00 failed (status:64). Manual repair required!
I then attempted installing the oVirt Node NG 4.5.5 iso to a USB stick and tried installing that way, however, after going through the GUI and setting up storage, network, hostname, etc, the install fails shortly after clicking "Begin".
22:11:32,671 WARNING org.fedoraproject.Anaconda.Modules.Storage:INFO:blivet:executing action: [468] destroy device lvmthinlv onn-var_log_audit (id 216)
22:11:32,672 WARNING org.fedoraproject.Anaconda.Modules.Storage:DEBUG:blivet: LVMLogicalVolumeDevice.destroy: onn-var_log_audit ; status: False ;
22:11:32,673 WARNING org.fedoraproject.Anaconda.Modules.Storage:DEBUG:blivet: LVMLogicalVolumeDevice.teardown: onn-var_log_audit ; status: False ; controllable: False ;
22:11:32,674 WARNING org.fedoraproject.Anaconda.Modules.Storage:DEBUG:blivet: LVMVolumeGroupDevice.setup_parents: name: onn ; orig: True ;
22:11:32,674 WARNING org.fedoraproject.Anaconda.Modules.Storage:DEBUG:blivet: PartitionDevice.setup: Volume0_0p2 ; orig: True ; status: True ; controllable: True ;
22:11:32,675 WARNING org.fedoraproject.Anaconda.Modules.Storage:DEBUG:blivet: LVMPhysicalVolume.setup: device: /dev/md/Volume0_0p2 ; type: lvmpv ; status: False ;
22:11:32,676 WARNING org.fedoraproject.Anaconda.Modules.Storage:DEBUG:blivet: LVMLogicalVolumeDevice._destroy: onn-var_log_audit ; status: False ;
22:11:32,676 WARNING org.fedoraproject.Anaconda.Modules.Storage:INFO:program:Running [97] lvm lvremove --yes onn/var_log_audit --config= log {level=7 file=/tmp/lvm.log syslog=0} --devices=/dev/md/Volume0_0p2 ...
22:11:33,104 ERR rsyslogd:imjournal: open() failed for path: '/var/lib/rsyslog/imjournal.state.tmp': Operation not permitted [v8.2310.0-3.el9 try https://www.rsyslog.com/e/2433 ]
22:11:33,105 ERR rsyslogd:imjournal: open() failed for path: '/var/lib/rsyslog/imjournal.state.tmp': Operation not permitted [v8.2310.0-3.el9 try https://www.rsyslog.com/e/2433 ]
22:11:33,105 ERR rsyslogd:imjournal: open() failed for path: '/var/lib/rsyslog/imjournal.state.tmp': Operation not permitted [v8.2310.0-3.el9 try https://www.rsyslog.com/e/2433 ]
22:11:33,106 ERR rsyslogd:imjournal: open() failed for path: '/var/lib/rsyslog/imjournal.state.tmp': Operation not permitted [v8.2310.0-3.el9 try https://www.rsyslog.com/e/2433 ]
22:11:33,106 ERR rsyslogd:imjournal: open() failed for path: '/var/lib/rsyslog/imjournal.state.tmp': Operation not permitted [v8.2310.0-3.el9 try https://www.rsyslog.com/e/2433 ]
22:11:33,107 ERR rsyslogd:imjournal: open() failed for path: '/var/lib/rsyslog/imjournal.state.tmp': Operation not permitted [v8.2310.0-3.el9 try https://www.rsyslog.com/e/2433 ]
22:11:33,309 WARNING org.fedoraproject.Anaconda.Modules.Storage:INFO:program:stdout[97]:
22:11:33,310 WARNING org.fedoraproject.Anaconda.Modules.Storage:INFO:program:stderr[97]: /etc/lvm/profile/imgbased-pool.profile: stat failed: No such file or directory
22:11:33,310 WARNING org.fedoraproject.Anaconda.Modules.Storage: Check of pool onn/pool00 failed (status:64). Manual repair required!
I'm wondering if it has to do with installing oVirt node on a RAID mirror?
1 year, 4 months
