February 2024 - Users - oVirt List Archives

Storage Domain Not synchronized, To synchronize them, please move them to maintenance and then activate.
by Arup Jyoti Thakuria 09 Sep '24

09 Sep '24

Dear All, In our Ovirt Engine Infrastructure, recently we have received an alert for one of our "Storage Domain" The alert is as mentioned below---- =================================== Storage domains with IDs [fb34e5b7-e850-4d66-ab47-3011d2000338] could not be synchronized. To synchronize them, please move them to maintenance and then activate. ========================================================== What is the consequence of this alert, if we ignore this what can happen to the infra, are we going to face any issue with the VMs, currently this infra is under production

2 1

oVirt networks
by Enrico Becchetti 28 Aug '24

28 Aug '24

Dear all, Ineed your help to understand how to configure the network of a new oVirt cluster. Mynew system will have a 4.3 engine thatruns in a virtual machine, andsome Dell R7525 AMD EPYC hypervisors, eachholding two 4-port PCI network cards. These servers will have node-ovirt image again in version 4.3. As for the network, there are two HPE Aruba 2540G, non-stackable, with 24 1Gbs ports and 2 10Gbs uplinks to the star center. This is a simplified scheme: My goal is to make the most of the server's 8 ethernet interfaces to have both reliability and maximum possible throughput. This cluster will have two virtual networks, one forovirt management and one for the traffic of individual virtual machines. With that said here's what my idea is. I would like to have two links aggregated by 4Gbs, one for ovrtmgt and the other for vmnet. With the ovirt web interface I can createan active-passive "Mode 1" bond, but this won'tallow me to go beyond 1Gbs. Alternatively I could create a "Mode 4" bond 802.3ad but unfortunately the switches are not stacked and therefore not even this solution applies. This is an example with active passive configuration: Can you tell me if ovirt can generate//nested bonds? Or do you have other solutions ? Thanks a lot ! Best Regards Enrico -- _______________________________________________________________________ Enrico Becchetti Servizio di Calcolo e Reti Istituto Nazionale di Fisica Nucleare - Sezione di Perugia Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY) Phone:+39 075 5852777 Skype:enrico_becchetti Mail: Enrico.Becchetti<at>pg.infn.it Pagina web personale: https://www.pg.infn.it/home/enrico-becchetti/ ______________________________________________________________________

5 6

boot from cdrom & error code 0005
by edp＠maddalena.it 21 Aug '24

21 Aug '24

Hi. I have created a new storage domain (data domain, storage type nfs) to use it to upload iso images. I have so uploaded a new iso and then attach the iso to a new vm. But when I try to boot the vm I obtain this error: booting from dvd/cd... boot failed: could not read from cdrom (code 0005) no bootable device The iso file has been uploaded with success in the data storage domain and so the vm lets my attach the iso to the vm in the boot settings. Can you help me? Thank you

4 6

VM Migration Failed
by KSNull Zero 10 Jul '24

10 Jul '24

Running oVirt 4.4.5 VM cannot migrate between hosts. vdsm.log contains the following error: libvirt.libvirtError: operation failed: Failed to connect to remote libvirt URI qemu+tls://ovhost01.local/system: authentication failed: Failed to verify peer's certificate Certificates on hosts was renewed some time ago. How this issue can be fixed ? Thank you.

4 6

How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?
by Derek Atkins 28 Jun '24

28 Jun '24

Hi, I've got a single-host hosted-engine deployment that I originally installed with 4.0 and have upgraded over the years to 4.3.10. I and some of my users have upgraded remote-viewer and now I get an error when I try to view the console of my VMs: (remote-viewer:8252): Spice-WARNING **: 11:30:41.806: ../subprojects/spice-common/common/ssl_verify.c:477:openssl_verify: Error in server certificate verification: CA signature digest algorithm too weak (num=68:depth0:/O=<My Org Name>/CN=<Host's Name>) I am 99.99% sure this is because the old certs use SHA1. I reran engine-setup on the engine and it asked me if I wanted to renew the PKI, and I answered yes. This replaced many[1] of the certificates in /etc/pki/ovirt-engine/certs on the engine, but it did not update the Host's certificate. All the documentation I've seen says that to refresh this certificate I need to put the host into maintenance mode and then re-enroll.. However I cannot do that, because this is a single-host system so I cannot put the host in local mode -- there is no place to migrate the VMs (let alone the Engine VM). So.... Is there a command-line way to re-enroll manually and update the host certs? Or some other way to get all the leftover certs renewed? Thanks, -derek [1] Not only did it not update the Host's cert, it did not update any of the vmconsole-proxy certs, nor the certs in /etc/pki/ovirt-vmconsole/, and obviously nothing in /etc/pki/ on the host itself. -- Derek Atkins 617-623-3745 derek(a)ihtfp.com www.ihtfp.com Computer and Internet Security Consultant

8 16

4.5.4 with Ceph only storage
by Maurice Burrows 25 Jun '24

25 Jun '24

Hey ... A long story short ... I have an existing Red Hat Virt / Gluster hyperconverged solution that I am moving away from. I have an existing Ceph cluster that I primarily use for OpenStack and a small requirement for S3 via RGW. I'm planning to build a new oVirt 4.5.4 cluster on RHEL9 using Ceph for all storage requirements. I've read many online articles on oVirt and Ceph, and they all seem to use the Ceph iSCSI gateway, which is now in maintenance, so I'm not real keen to commit to iSCSI. So my question is, IS there any reason I cannot use CephFS for both hosted-engine and as a data storage domain? I'm currently running Ceph Pacific FWIW. Cheers

5 10

i can't access console with noVNC or VNC client(console.vv)
by z84614242＠163.com 14 May '24

14 May '24

i installed the ovirt 4.5 engine on centos stream 9 and add a ovirt node(ovirt node 4.5 iso) to this engine. i am going to run my vm on this node. i follow the instruction to create the data center, the cluster, the storage domain, upload the image. everything is fine. and after i create a vm with ubuntu image attach, i found that i can't visit the console. when i using the noVNC, it says "Something went wrong, connection is closed", when i visit vnc with virt-viewver, is says "Failed to complete handshake Error in the pull function". i try to change the console type to Bochs one and it appear the same. i change to QXL mode and the vm can't start any more. i check the log, it says "unsupported configuration: domain configuration does not support video model 'qxl'". so now i can't visit my vm by anyway. i deploy the engine follow the official instruction and keep mostly option default but why still have this issue. why the noVNC says "Something went wrong" instead of telling me what is actually wrong

2 1

Oracle Virtualization Manager 4.5 anyone?
by Thomas Hoberg 29 Apr '24

29 Apr '24

Redhat's decision to shut down RHV caught Oracle pretty unprepared, I'd guess, who had just shut down their own vSphere clone in favor of a RHV clone a couple of years ago. Oracle is even less vocal about their "Oracle Virtualization" strategy, they don't even seem to have a proper naming convention or branding. But they have been pushing out OV releases without a publicly announced EOL almost a year behind Redhat for the last years. And after a 4.4 release in September 22, a few days ago on December 12th actually a release 4.5 was made public. I've operated oVirt 4.3 with significant quality issues for some years and failed to make oVirt 4.4 work with any degree of acceptable stability but Oracle's variant of 4.4 proved to be rather better than 4.3 on CentOS7 with no noticable bugs, especially in the Hyperconverged setup that I am using with GlusterFS. I assumed that this was because Oracle based their 4.4 in fact on RHV 4.4 and not oVirt, but since they're not telling, who knows? One issue with 4.4 was that Oracle is pushing their UE-Kernel and that created immediate issues e.g. with VDO missing modules for UEK and other stuff, but that was solved easily enough by using the RHEL kernel. With 4.5 Oracle obviously can't use RHV 4.5 as a base, because there is no such thing with RHV declared EOL and according to Oracle their 4.5 is based on oVirt 4.5.4, which made the quality of that release somewhat questionable, but perhaps they have spent the year that has passed since productively killing bugs... only to be caught by surprise again, I presume, by an oVirt release 4.5.5 on December 1st, that no one saw coming! Long story slightly shorter, I've been testing Oracle's 4.5 variant a bit and it's not without issues. But much worse, Oracle's variant of oVirt seems to be entirely without any community that I could find. Now oVirt has been a somewhat secret society for years, but compared to what's going on with Oracle this forum is teaming with life! So did I just not look around enough? Is there a secret lair where all those OV users are hiding? Anyhow, here is what I've tested so far and where I'd love to have some feedback: 1. Setting up a three node HCI cluster from scratch using OL8.9 and OV 4.5 Since I don't have extra physical hardware for a 3 node HCI I'm using VMware workstation 17.5 on a Workstation running Windows 2022, a test platform that has been working for all kinds of virtualization tests from VMware ESXi, via Xcp-ng and ovirt. Created three VMs with OL8.9 minimal and then installed OV 4.5. I used the UEK default kernels and then had an issue when Ansible is trying to create the (local) management engine: the VM simply could not reach the Oracle repo servers to install the packages inside the ME. Since that VM is entirely under the control of Ansible and no console access of any type is possible in that installation phase, I couldn't do diagnostics. But with 4.4 I used to have similar issues and there switching back to the Redhat kernel for the ME (and the hosts) resolved them. But with 4.5 it seems that UEK has become a baked-in dependency: the OV team doesn't even seem to do any testing with the Redhat kernel any more. Or not with the HCI setup, which has become deprecated somewhere in oVirt 4.4... Or not with the Cockpit wizard, which might be in a totally untested state, or.... Doing the same install on OL 8.9 with OV 4.4, however, did work just fine and I was even able to update to 4.5 afterwards, which was a nice surprise... ...that I could not repeat on my physical test farm using three Atoms. There switching to the UEK kernel on the hosts caused issues, hosts were becoming unresponsive, file systems inaccessible, even if they were perfectly fine at the Gluster CLI level and in the end the ME VM simply would not longer start. Switching back to the Redhat kernel resolved things there. In short, switching between the Redhat kernel and UEK, which should be 100% transparent to all things userland including hypervisors, doesn't work. But my attempts to go with a clean install of 4.5 on a Redhat kernel or UEK is also facing issues. So far the only thing that has worked was a single node HCI install using UEK and OV 4.5 and upgrading to OV 4.5 on a virtualized triple node OV 4.4 HCI cluster. Anyone else out there trying these things? I was mostly determined to move to Proxmox VE, but Oracle's OV 4.5 seemed to be handing a bit of a life-line to oVirt and the base architecture is just much more powerful (or less manual) than Proxmox, which doesn't have a management engine.

8 12

Changing disk QoS causes segfault with IO-Threads enabled (oVirt 4.3.0.4-1.el7)
by jloh＠squiz.net 23 Apr '24

23 Apr '24

We recently upgraded to 4.3.0 and have found that when changing disk QoS settings on VMs whilst IO-Threads is enabled causes them to segfault and the VM to reboot. We've been able to replicate this across several VMs. VMs with IO-Threads disabled/turned off do not segfault when changing the QoS. Mar 1 11:49:06 srvXX kernel: IO iothread1[30468]: segfault at fffffffffffffff8 ip 0000557649f2bd24 sp 00007f80de832f60 error 5 in qemu-kvm[5576498dd000+a03000] Mar 1 11:49:06 srvXX abrt-hook-ccpp: invalid number 'iothread1' Mar 1 11:49:11 srvXX libvirtd: 2019-03-01 00:49:11.116+0000: 13365: error : qemuMonitorIORead:609 : Unable to read from monitor: Connection reset by peer Happy to supply some more logs to someone if they'll help but just wondering whether anyone else has experienced this or knows of a current fix other than turning io-threads off. Cheers.

4 3

virt-v2v cannot authenticate with oVirt engine API with OAuth2
by malcolm.strydom＠pacxa.com 22 Mar '24

22 Mar '24

I've been reading through archives but not able to find what i need. Essentially what I'm trying to do is migrate a larger number of VMs from our OVM environment to a new OLVM setup. In an effort to reduce lots of replication and copying of the disk image (export, convert, copy over, import etc.) I found this article which shows a pretty slick way to do it in one shot https://blogs.oracle.com/scoter/post/how-to-migrate-oracle-vm-to-oracle-lin… The main command behind it all is the virt-v2v that makes it possible. It looks something like this: virt-v2v -i libvirtxml vm-test1.xml -o rhv-upload -oc https://<OLVM-server>/ovirt-engine/api -os <my storage> -op /tmp/ovirt-admin-password -of raw -oo rhv-cluster=Default -oo rhv-cafile=/root/ca.pem The problem I'm having is I cannot authenticate with my new OLVM server at the ovirt-engine/api URL. Since user/password is depricated and you must use OAuth 2.0 with a token I'm stuck. I have OLVM 4.5.4-1.0.27.el8 and from what I've read in oVirt 4.5 (not sure what version it started) they use keycloak oAuth 2.0 and the older ovirt-aaa-jdbc-tool is now deprecated. In doing some testing I found I can use curl and authenticate against the ovirt-engine/api and get a token like this: OVIRT_ENGINE_URL="https://<myolvm1>/ovirt-engine" USERNAME="admin@ovirt@internalsso" PASSWORD="<mypassword>" CLUSTER_NAME="Default" TOKEN=$(curl -k -X POST -H "Accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=password &username=$USERNAME&password=$PASSWORD&scope=ovirt-app-api" $OVIRT_ENGINE_URL/sso/oauth/token | jq -r '.access_token') I was then able to query the API to validate my token works curl -k -H "Accept: application/json" -H "Authorization: Bearer $TOKEN" "$OVIRT_ENGINE_URL/api/clusters?search=name=$CLUSTER_NAME" The problem is virt-v2v does not support posting any form information or the token to authenticate. Best I can tell the -oc option is strictly the URL and if you want a username in there it's in the form of https://<name>@<server>. So even if I wrote a script and used curl to authenticate and get a token I still can't find a way to make virt-v2v use it. So I'm stuck how do I get virt-v2v working? Is there a way to re-enable the deprecated user/pass method of accessing the ovirt-engine/api ? or as a last resort a way to get virt-v2v supporting the token? Thanks for any insight Malcolm

3 5