Hi strahil,

The current ovirt node image built by Lev includes
vdsm-hook-nestedvt-4.30.46-1.el7.noarch
so yes it should be available when adding the node.


On Wed, May 13, 2020 at 12:49 AM Strahil Nikolov via Users <users@ovirt.org> wrote:
On May 12, 2020 6:56:45 PM GMT+03:00, Giorgio Biacchi <giorgio@di.unimi.it> wrote:
>Il 12/05/2020 17:07, Dominik Holler ha scritto:
>>
>>
>> On Tue, May 12, 2020 at 4:25 PM Giorgio Biacchi <giorgio@di.unimi.it
>> <mailto:giorgio@di.unimi.it>> wrote:
>>
>>     On 5/12/20 12:28 PM, Dominik Holler wrote:
>>      >
>>      >
>>      > On Tue, May 12, 2020 at 8:49 AM Giorgio Biacchi
>>     <giorgio@di.unimi.it <mailto:giorgio@di.unimi.it>
>>      > <mailto:giorgio@di.unimi.it <mailto:giorgio@di.unimi.it>>>
>wrote:
>>      >
>>      >     On 5/11/20 5:53 PM, Dominik Holler wrote:
>>      >     >
>>      >     >
>>      >     > On Mon, May 11, 2020 at 12:31 PM Giorgio Biacchi
>>      >     <giorgio@di.unimi.it <mailto:giorgio@di.unimi.it>
>>     <mailto:giorgio@di.unimi.it <mailto:giorgio@di.unimi.it>>
>>      >     > <mailto:giorgio@di.unimi.it <mailto:giorgio@di.unimi.it>
>>     <mailto:giorgio@di.unimi.it <mailto:giorgio@di.unimi.it>>>>
>wrote:
>>      >     >
>>      >     >     Hi list,
>>      >     >     I've spent a couple of days trying to understand why
>>     this was
>>      >     >     happening...
>>      >     >
>>      >     >     For the installation I have a well tested
>installation
>>     server
>>      >     with a
>>      >     >     custom kickstart file to setup ssh keys and custom
>>     hooks for
>>      >     infiniband
>>      >     >     and I'm installing Ovirt Node 4.3.9 via pxe, this is
>>     particularly
>>      >     >     useful
>>      >     >     when I have to install a bunch of blades at once..
>In
>>     the past
>>      >     I had no
>>      >     >     issues and all was working like a charm until now
>when some
>>      >     hardware
>>      >     >     failed and I had to replace it.
>>      >     >
>>      >     >     As expected I have no issues in the node
>installation
>>      >     process.. the
>>      >     >     troubles begins when I try to add the node,
>>     installation fails
>>      >     and in
>>      >     >     the UI I have an exclamation mark with the message
>>     "Host has
>>      >     no default
>>      >     >     route." but I can ping and do ssh to the host from
>the
>>      >     manager.. the
>>      >     >     problem is somewhere else in the communication
>between the
>>      >     engine and
>>      >     >     vdsmd preventing the engine to refresh the host
>>     capabilities.
>>      >     >
>>      >     >     So from the engine I tried:
>>      >     >
>>      >     >     [root@manager ~]# openssl s_client -connect
>>     172.20.22.78:54321 <http://172.20.22.78:54321>
>>      >     <http://172.20.22.78:54321>
>>      >     >     <http://172.20.22.78:54321>
>>      >     >     CONNECTED(00000003)
>>      >     >     ---
>>      >     >     Certificate chain
>>      >     >       0 s:/CN=cn128.lagrange.di.unimi.it/O=VDSM
>>     <http://cn128.lagrange.di.unimi.it/O=VDSM>
>>      >     <http://cn128.lagrange.di.unimi.it/O=VDSM>
>>      >     >     <http://cn128.lagrange.di.unimi.it/O=VDSM>
>Certificate
>>      >     >         i:/CN=VDSM Certificate Authority
>>      >     >       1 s:/CN=VDSM Certificate Authority
>>      >     >         i:/CN=VDSM Certificate Authority
>>      >     >     ---
>>      >     >
>>      >     >     The host has still the self signed vdsm
>certificate..
>>     and on the
>>      >     >     host in
>>      >     >     vdsm.log I find:
>>      >     >
>>      >     >     2020-05-11 09:52:25,433+0000 ERROR (Reactor thread)
>>      >     >     [ProtocolDetector.SSLHandshakeDispatcher] ssl
>>     handshake: SSLError,
>>      >     >     address: ::ffff:159.149.129.220 (sslutils:264)
>>      >     >
>>      >     >     So I tried to enroll the certificate from the UI and
>>     from the
>>      >     events
>>      >     >     tab
>>      >     >     I sow the enrolling was successful but:
>>      >     >
>>      >     >     [root@manager ~]# openssl s_client -connect
>>     172.20.22.78:54321 <http://172.20.22.78:54321>
>>      >     <http://172.20.22.78:54321>
>>      >     >     <http://172.20.22.78:54321>
>>      >     >
>>      >     >     140084336994192:error:140790E5:SSL
>routines:ssl23_write:ssl
>>      >     handshake
>>      >     >     failure:s23_lib.c:177:
>>      >     >     CONNECTED(00000003)
>>      >     >     ---
>>      >     >     no peer certificate available
>>      >     >     ---
>>      >     >
>>      >     >     there's still some issue with the certificates.. so
>on the
>>      >     host again:
>>      >     >
>>      >     >     [root@cn128 vdsm]# find /etc/pki/vdsm/ -type f -cmin
>-10|
>>      >     xargs ls -l
>>      >     >     -rw-------. 1 root kvm  1424 May 11 09:56
>>      >     /etc/pki/vdsm/certs/cacert.pem
>>      >     >     -rw-------. 1 root kvm  5108 May 11 09:57
>>      >     >     /etc/pki/vdsm/certs/vdsmcert.pem
>>      >     >     -r--r-----. 1 root kvm  1704 May 11 09:56
>>      >     /etc/pki/vdsm/keys/vdsmkey.pem
>>      >     >     -rw-r--r--. 1 root root 1424 May 11 09:57
>>      >     >     /etc/pki/vdsm/libvirt-spice/ca-cert.pem
>>      >     >     -rw-r--r--. 1 root root 5108 May 11 09:57
>>      >     >     /etc/pki/vdsm/libvirt-spice/server-cert.pem
>>      >     >     -r--r-----. 1 root root 1704 May 11 09:56
>>      >     >     /etc/pki/vdsm/libvirt-spice/server-key.pem
>>      >     >
>>      >     >     It seems that cacert.pem and vdsmcert.pem have wrong
>>     permissions..
>>      >     >     let's
>>      >     >     try to fix it..
>>      >     >
>>      >     >     [root@cn128 vdsm]# chown 36:36
>>     /etc/pki/vdsm/certs/cacert.pem
>>      >     >     /etc/pki/vdsm/certs/vdsmcert.pem
>>      >     >
>>      >     >     And now:
>>      >     >
>>      >     >     [root@manager ~]# openssl s_client -connect
>>      >     172.20.22.78:54321| less
>>      >     >     CONNECTED(00000003)
>>      >     >     ---
>>      >     >     Certificate chain
>>      >     >       0 s:/O=lagrange.di.unimi.it/CN=172.20.22.78
>>     <http://lagrange.di.unimi.it/CN=172.20.22.78>
>>      >     <http://lagrange.di.unimi.it/CN=172.20.22.78>
>>      >     >     <http://lagrange.di.unimi.it/CN=172.20.22.78>
>>      >     >
>>      >     >
>>      >   
>>     
>  i:/C=US/O=lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941
><http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941>
>>      >   
> <http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941>
>>      >     >   
>>     
> <http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941>
>>      >     >       1
>>      >     >
>>      >   
>>     
>  s:/C=US/O=lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941
><http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941>
>>      >   
> <http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941>
>>      >     >   
>>     
> <http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941>
>>      >     >
>>      >     >
>>      >   
>>     
>  i:/C=US/O=lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941
><http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941>
>>      >   
> <http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941>
>>      >     >   
>>     
> <http://lagrange.di.unimi.it/CN=cn305.lagrange.di.unimi.it.35941>
>>      >     >     ---
>>      >     >
>>      >     >     Now I can finally refresh the host capabilities and
>>     setup the host
>>      >     >     networks..
>>      >     >
>>      >     >     In attachment all the relevant logs, I don't know if
>I've
>>      >     found some
>>      >     >     bug.. this is the first time i had so many troubles
>>     adding a
>>      >     new host..
>>      >     >     so I decided to share my experience with the list..
>>      >     >
>>      >     >
>>      >     > Thanks for raising this.
>>      >     >
>>      >     > On adding the host there is an error about
>>     vdsm-hook-nestedvt which I
>>      >     > cannot interprete, maybe someone else can do.
>>      >     > In vdsm.log I noticed a strange behavior of
>setupNetworks,
>>     can you
>>      >     > please share the corresponding supervdsm.log, too?
>>      >     >
>>      >     >
>>      >     >
>>      >     >     Cheers
>>      >     >     --
>>      >     >     gb
>>      >     >
>>      >     >     PGP Key: http://pgp.mit.edu/
>>      >     >     Primary key fingerprint: C510 0765 943E EBED A4F2
>69D3
>>     16CC DC90
>>      >     >     B9CB 0F34
>>      >     >     _______________________________________________
>>      >     >     Users mailing list -- users@ovirt.org
>>     <mailto:users@ovirt.org> <mailto:users@ovirt.org
>>     <mailto:users@ovirt.org>>
>>      >     <mailto:users@ovirt.org <mailto:users@ovirt.org>
>>     <mailto:users@ovirt.org <mailto:users@ovirt.org>>>
>>      >     >     To unsubscribe send an email to
>users-leave@ovirt.org
>>     <mailto:users-leave@ovirt.org>
>>      >     <mailto:users-leave@ovirt.org
><mailto:users-leave@ovirt.org>>
>>      >     >     <mailto:users-leave@ovirt.org
>>     <mailto:users-leave@ovirt.org> <mailto:users-leave@ovirt.org
>>     <mailto:users-leave@ovirt.org>>>
>>      >     >     Privacy Statement:
>>     https://www.ovirt.org/privacy-policy.html
>>      >     >     oVirt Code of Conduct:
>>      >     >
>https://www.ovirt.org/community/about/community-guidelines/
>>      >     >     List Archives:
>>      >     >
>>      >
>>   
>https://lists.ovirt.org/archives/list/users@ovirt.org/message/6JTU3HB4WCI27WSLGEOSLMPYFU22EX5H/
>>      >     >
>>      >     Hi,
>>      >     I don't think that the missing vdsm-hook-nestedvt is a
>>     problem, in our
>>      >     environment we have one engine but multiple clusters and
>that
>>     hook is
>>      >     only needed on one cluster to enable nested
>virtualization.
>>      >
>>      >     See attachment for supervdsm.log.
>>      >
>>      >
>>      > Thanks, network config flows looked fine.
>>      >
>>      > Maybe
>>      > https://bugzilla.redhat.com/1794485
>>      > is the root for this issue?
>>      >
>>      >
>>      >     Regards
>>      >     --
>>      >     gb
>>      >
>>      >     PGP Key: http://pgp.mit.edu/
>>      >     Primary key fingerprint: C510 0765 943E EBED A4F2 69D3
>16CC DC90
>>      >     B9CB 0F34
>>      >
>>
>>     I removed the file
>>   
>/usr/share/ovirt-host-deploy/plugins/ovirt-host-deploy/vdsmhooks/packages.d/vdsm-hook-nestedvt.centos
>>     from the engine host ( the content of the file was
>"vdsm-hook-nestedvt"
>>     ) and reinstalled another host and now the installation works
>correctly.
>>
>>
>> This is a great hint. Do you have an idea where this file comes from?
>
>Yes, it was a change made by another member of our staff to automate
>the
>installation of that hook.. as far as I know this is the correct way to
>
>add additional packages during the host installation, but I still have
>no idea why the required package can not be found, even via yum install
>
>as I wrote before.
>
>So now the real question is: why can't I install vdsm-hook-nestedvt via
>yum?
>
>And even if it's now clear that this is the reason why the installation
>
>process fails I wasn't expecting such a big failure.. the hook itself
>it's not strictly necessary to have a working host.. I was expecting a
>warning more than a fail..
>
>But at least I'm glad I've found the cause of the failure
>
>>
>>     So the problem is that during the host installation
>vdsm-hook-nestedvt
>>     cannot be found/downloaded from the repos and this, somehow,
>breaks the
>>     installation process, the certificate enrollment and so on..
>>
>>     As a matter of fact if I try:
>>
>>     [root@cn127 ~]# yum install vdsm-hook-nestedvt
>>     Loaded plugins: enabled_repos_upload, fastestmirror,
>imgbased-persist,
>>     package_upload, product-id,
>>                    : search-disabled-repos, subscription-manager,
>>     vdsmupgrade, versionlock
>>     This system is not registered with an entitlement server. You can
>use
>>     subscription-manager to register.
>>     Loading mirror speeds from cached hostfile
>>       * ovirt-4.3-epel: epel.mirror.far.fi
><http://epel.mirror.far.fi>
>>     No package vdsm-hook-nestedvt available.
>>     Error: Nothing to do
>>     Uploading Enabled Repositories Report
>>     Cannot upload enabled repos report, is this client registered?
>>
>>     Thanks for the support.
>>
>>     --
>>     gb
>>
>>     PGP Key: http://pgp.mit.edu/
>>     Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90
>>     B9CB 0F34
>>

Hi,

I can see the package in 'ovirt-4.3' repo .
Do you have the repo available at the time that package  is called ?

Best Regards,
Strahil Nikolov
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/WZREWC7BDYHN4U4IXPV3IYBRSSLJZYRC/