Re: Help With CPU Type
by Jorge Visentini
Hi.
If you do this right, you will need downtime because the VM's processor
model will change, even though the VM's processor is only showing the
family.
Another thing that can happen is that you change the family and the host
becomes non-operational in the cluster, so you would have to test that at
least. But you can roll back to the original cluster family.
I have done this in the past and as far as I remember, the only thing that
causes a warning on the VM is that it is running on a different cluster,
that's all.
Please correct me if I'm wrong.
Cheers!
Em qui., 23 de jan. de 2025 às 02:13, Daniel Martins via Users <
users(a)ovirt.org> escreveu:
> Hi There,
>
>
>
> Please may you assist me with the below?
>
>
>
> I need to remove an oVirt host within a cluster that is using CPU Type
> Intel Westmere IBRS SSBD Family. Once the host is removed i need to change
> the CPU type to Intel Broadwell which the remaining hosts Use.
>
>
>
> So my question is will there need to be down time on the Virtual machines
> to change this?
>
>
>
> Regards,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Users mailing list -- users(a)ovirt.org
> To unsubscribe send an email to users-leave(a)ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/IEJW5M6KUHW...
>
--
Att,
Jorge Visentini
+55 55 98432-9868
1 week, 2 days
oVirt does not get keycloak groups
by Christian Fischer
Hi everyone.
I have setup a oVirt Installation with Keycloak for a PoC-Evaluation
but i'm actually struggling with Keycloak Groups sync to oVirt.
I Added Active Directory Users and also a Group Mapper for LDAP Groups
-> in Keycloak i see all Users and also that they belong to Groups but
the Group-Membership is not populated to oVirt back. As a result i
can't grant Permissions groupwise - only per user.
For the initial group-sync i ticked the Option "Drop non-existing
groups during sync" which also deleted the ovirt-administrator group.
Maybe this is the main Problem here. I created this group again and
unchecked this option but it still does not sync the groups.
What do you recommend? Purge the system and do a clean install or is
there another easy fix out there?
Thanks,
have a nice weekend.
Greetings
Christian
1 week, 2 days
Questions and Suggestions for oVirt
by Daniel Gurgel
With the new leadership of the project, most users who admire and support oVirt would like to know the roadmap and future plans.
From my perspective, I understand that Red Hat discontinued its support purely for financial reasons. Therefore, this is probably one of the key areas where oVirt needs to strengthen. Wouldn't it be worth seeking support and collaboration with Veeam and Oracle, given its "OLVM"? Especially considering that, after the VMware/Broadcom licensing changes, Oracle has been aggressively offering OLVM to customers as a migration alternative.
A positive development was Veeam Backup & Replication recently adding support for OLVM. This has increased interest in the solution, but there are still limitations, such as migration/backup/restore between different hypervisors (interestingly, this feature is available for Proxmox/KVM, which uses similar technology).
These are some of the main questions from customers:
1. When will it be updated to Enterprise Linux 9 or 10?
2. What support will be available for new technologies?
3. How about a change in the Engine/Manager, allowing VMs to be managed even when the Engine is unavailable!
(Sorry, but this is one of oVirt's biggest bottlenecks, and inevitably, comparisons with VMware/VCenter arise.)
4. Support for VM migration between Datacenters should also be carefully considered.
**Note**: The oVirt website needs to be more user-friendly for general users. I also suggest a fundraising campaign—I would be happy to contribute, and I believe the entire user base would as well!
1 week, 3 days
Re: [EXT]Re: Re: [SOLVED] Re: Re: How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?
by Cosmin Cioranu
I have checked the solution and it works, apart from the console feature
of the virtual machine.
In my case, once a got control over the host, migrated all the vms and
then Maintenance and then Enroll Certificate.
So: an updated version
```
set -x ## Make the script echo everything out, so if it fails you
know where
set -e ## Make the script STOP on any error
set my_date="$(date +"%Y%m%d%H%M%S")"
# Backup the existing CA files
/bin/cp -p /etc/pki/ovirt-engine/private/ca.pem
/etc/pki/ovirt-engine/private/ca.pem.$my_date
/bin/cp -p /etc/pki/ovirt-engine/ca.pem{,.$my_date}
/bin/mv /etc/pki/ovirt-engine/certs/ca.der{,.$my_date}
# Sign the key
openssl x509 -signkey /etc/pki/ovirt-engine/private/ca.pem -in
/etc/pki/ovirt-engine/ca.pem -out /etc/pki/ovirt-engine/ca.pem.new
-days 3650 -sha256
openssl x509 -in /etc/pki/ovirt-engine/ca.pem.new -text >
/etc/pki/ovirt-engine/ca.pem.new.full
# Put the files into place
/bin/mv -f /etc/pki/ovirt-engine/ca.pem.new.full
/etc/pki/ovirt-engine/ca.pem
/bin/cp -p /etc/pki/ovirt-engine/ca.pem.new
/etc/pki/ovirt-engine/certs/ca.der
```
Now you need to copy the new CA file over to the host:
Source: ENGINE `/etc/pki/ovirt-engine/ca.pem`
Dest: HOST `/tmp/new-ca.pem`
########### On the oVirt Host ###########
# Create a CSR using the information from the existing certificate
and the existing key:
openssl x509 -x509toreq -in /etc/pki/libvirt/clientcert.pem -out
/tmp/HOST.csr -signkey /etc/pki/libvirt/private/clientkey.pem
Now you need to copy the new CA file over to the host:
Source: HOST `/tmp/HOST.csr`
Dest: ENGINE `/etc/pki/ovirt-engine/requests/full.hostname.com.req`
########### On the ENGINE HOST ###########
# Now sign it:
/usr/share/ovirt-engine/bin/pki-enroll-request.sh
--name=full.hostname.com
# NB -- adding --san results in an error: --san=host.na.me (So no
Subject Alternate
Names)
Now you need to copy the new Certificate file over to the host:
Source: ENGINE /etc/pki/ovirt-engine/certs/full.hostname.com.cer
Dest: HOST /tmp/new-cert.pem
########### On the oVirt Host ########### (see bellow the written
script)
#!/bin/bash
#set -x
set -e
mydate="$(date +"%Y%m%d%H%M%S")"
echo "[.] reference ${mydate}"
for x in /tmp/new-ca.pem /tmp/new-cert.pem ; do
echo -n "[.] checking $x"
if [ ! -e "$x" ]; then
echo "[not found]"
exit
else
echo "[found]"
fi
done
for x in /etc/pki/libvirt/clientcert.pem
/etc/pki/vdsm/certs/vdsmcert.pem
/etc/pki/vdsm/libvirt-migrate/server-cert.pem
/etc/pki/vdsm/libvirt-spice/server-cert.pem
/etc/pki/vdsm/libvirt-vnc/server-cert.pem; do
echo -n "copying $x to ${x}.${mydate}"
/bin/mv -n $x ${x}.${mydate}
echo "[done]";
echo -n "[.] copying /tmp/new-cert.pem to $x"
/bin/cp /tmp/new-cert.pem ${x}
echo "[done]"
echo -n "[.] setting permissions to $x 644 root:kvm"
chmod 644 ${x}
chown root:kvm ${x}
echo "[done]"
done
for x in /etc/pki/vdsm/libvirt-migrate/ca-cert.pem
/etc/pki/vdsm/certs/cacert.pem /etc/pki/vdsm/libvirt-vnc/ca-cert.pem
/etc/pki/vdsm/libvirt-spice/ca-cert.pem /etc/pki/CA/cacert.pem; do
echo -n "copying $x to ${x}.${mydate}"
/bin/mv -n $x ${x}.${mydate}
echo "[done]"
echo -n "[.] copying /tmp/new-ca.pem to $x"
/bin/cp /tmp/new-ca.pem ${x}
echo "[done]";
echo -n "[.] setting permissions to $x 644 root:kvm"
chmod 644 ${x}
chown root:kvm ${x}
echo "[done]"
done
for x in /etc/pki/vdsm/keys/vdsmkey.pem; do
echo -n "copying $x to ${x}.${mydate}"
/bin/mv -n $x ${x}.${mydate}
echo "[done]"
echo -n "[.] copying /etc/pki/libvirt/private/clientkey.pem to $x"
/bin/cp /etc/pki/libvirt/private/clientkey.pem ${x}
echo "[done]";
echo -n "[.] setting permissions to $x 644 root:kvm"
chmod 644 ${x}
chown root:kvm ${x}
echo "[done]"
done
echo "[.] Checks "
openssl x509 -in /etc/pki/libvirt/clientcert.pem -noout -dates
openssl x509 -in /etc/pki/vdsm/certs/cacert.pem -noout -dates
openssl x509 -in /etc/pki/vdsm/certs/vdsmcert.pem -noout -dates
openssl x509 -in /etc/pki/vdsm/libvirt-migrate/ca-cert.pem -noout -dates
openssl x509 -in /etc/pki/vdsm/libvirt-migrate/client-cert.pem -noout -dates
openssl x509 -in /etc/pki/vdsm/libvirt-migrate/server-cert.pem -noout -dates
openssl x509 -in /etc/pki/vdsm/libvirt-spice/ca-cert.pem -noout -dates
openssl x509 -in /etc/pki/vdsm/libvirt-spice/server-cert.pem -noout -dates
````
Note: I whould backup the entire pki folder on both node and engine.
1 week, 4 days
VM hangs when expanding direct LUN
by John Mortensen
Hi,
We have multible oVirt clusters (based on CentOS 9 Stream) with several nodes (based on the 4.5 el9 node image) in each and a great number of virtual machines (mainly RHEL 8).
The problem we encounter is random, it happens sometimes and other times not.
Backend storage consists of SAN attached IBM Storwize V7000.
Problem is when we expand a LUN on the storage system and wishes to expand it in oVirt for use in the VM, sometimes this process hangs the VM completely, it shows as running in oVirt GUI, it cannot be paused/shutdown from the GUI - only way to shut it down is to login to the node running the VM and from virsh run a destroy command.
Anyone else encountered this problem?
/John
1 week, 5 days
snapshot solution: Existing snapshots that were taken after this one will be erased.
by dhanaraj.ramesh@yahoo.com
Hi Team,
when I want to commit the older snapshots I'm getting warning stating " Existing snapshots that were taken after this one will be erased.". is there any way we can retain the latest snapshots as is in the chain?
I knew cloning and template export options are there to secure that latest snapshot data but these are will consume additional space in storage and take time.
1 week, 5 days
oVirh Host Update Problem
by Vladislav Solovei
Freshly installed using nightly build, freshly installed OS :)
OS: AlmaLinux 9.5
Can't update the system (and can't reinstall the Host)
Repository copr:copr.fedorainfracloud.org:ovirt:ovirt-master-snapshot is listed more than once in the configuration
Last metadata expiration check: 0:22:12 ago on Fri 24 Jan 2025 11:41:49 EET.
Error:
Problem: package rdo-ovn-host-2:22.12-2.el9s.noarch from ovirt-master-centos-stream-openstack-yoga-testing requires rdo-ovn = 2:22.12-2.el9s, but none of the providers can be installed
- cannot install the best update candidate for package ovn22.09-host-22.09.0-31.el9s.x86_64
- package rdo-ovn-2:22.12-2.el9s.noarch from ovirt-master-centos-stream-openstack-yoga-testing is filtered out by exclude filtering
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
[ovirt-master-centos-stream-openstack-yoga-testing]
name=CentOS Stream 9 - OpenStack Yoga Repository - testing
baseurl=https://buildlogs.centos.org/9-stream/cloud/$basearch/openstack-y...
gpgcheck=0
enabled=1
exclude=
openstack-ansible-core
python3-rdo-openvswitch
rdo-network-scripts-openvswitch
rdo-openvswitch
rdo-ovn
rdo-ovn-central
How can this problem be resolved?
Should the rdo-ovn package, which is a dependency of rdo-ovn-host-2:22.12-2, be filtered out?
2 weeks, 3 days
Re: [External] : Re: Unable to migrate vm with 4 (500g) disks from vmware to ovirt.
by dushyantk.sun@gmail.com
Currently linux vm which i am trying to migrate has 4 (500GB) disk. All disks on same datastore. It is iscsi datastore.
Do we have any configuration where we can enabled verbose mode while migration is going on to see what is happening as currently unable to identify failure.
Also is there any limitation if vms with multiple disk is not possible to migrate?
2 weeks, 3 days
