On 8/7/20 9:50 AM, Jiří Sléžka wrote:
On 8/5/20 2:07 PM, Jiří Sléžka wrote:
On 8/3/20 11:12 AM, Jiří Sléžka wrote:
Hello,
I have 4 host cluster managed with standalone engine in version 4.3 and I would like to migrate this standalone engine to 4.4 as hosted engine.
I have two new hosts which I would like to use as base for new HE cluster. (new hosts are Intel based, old ones are AMD Opteron based - new cluster will have 4.4 compatibility, old one have to stay at 4.2 compatibility level).
I red this
https://www.ovirt.org/documentation/migrating_from_a_standalone_manager_to_a...
but the question is: Can I migrate and upgrade in one step? Have anybody did that already? If it is not possible what is a suggested approach?
I just tried it. It looks like it could work at least until installation process want to login into engine. It looks like it does not use valid login name nor password.
[ INFO ] TASK [ovirt.hosted_engine_setup : Expose engine VM webui over a local port via ssh port forwarding] [ INFO ] changed: [localhost] [ INFO ] TASK [ovirt.hosted_engine_setup : Evaluate temporary bootstrap engine URL] [ INFO ] ok: [localhost] [ INFO ] The bootstrap engine is temporary accessible over https://ovirt05.net.slu.cz:6900/ovirt-engine/ [ INFO ] TASK [ovirt.hosted_engine_setup : Detect VLAN ID] [ INFO ] changed: [localhost] [ INFO ] TASK [ovirt.hosted_engine_setup : Set Engine public key as authorized key without validating the TLS/SSL certificates] [ INFO ] changed: [localhost] [ INFO ] TASK [ovirt.hosted_engine_setup : include_tasks] [ INFO ] ok: [localhost] [ INFO ] TASK [ovirt.hosted_engine_setup : Obtain SSO token using username/password credentials] [ INFO ] ok: [localhost] [ INFO ] TASK [ovirt.hosted_engine_setup : Ensure that the target datacenter is present] [ ERROR ] ovirtsdk4.AuthError: Error during SSO authentication access_denied : Cannot authenticate user 'None@N/A': No valid profile found in credentials.. [ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error during SSO authentication access_denied : Cannot authenticate user 'None@N/A': No valid profile found in credentials.."}
I tried to login to https://ovirt05.net.slu.cz:6900/ovirt-engine/ and it probably accept username admin@internal and new password entered during hosted engine deploy but then it display error "The provided authorization grant for the auth code has expired."
Maybe it is related to this bug (and custom 3rd party Apache certificate)
https://bugzilla.redhat.com/show_bug.cgi?id=1715767
in my case it looks like on engine vm in file
/etc/pki/ovirt-engine/apache-ca.pem
is original certificate from backup which is for ovirt.slu.cz fqdn. For new hosted engine I use new fqdn ovirt.net.slu.cz. Should I change ovirt.slu.cz record to point to new ip address (it have to be one from ovirtmgmt subnet) and then try restore? Documentation is not much clear in this particular subject.
well, I will answer myself
* setting fqdn is not probably important at this time, self hosted engine is prepared with modified /etc/hosts
* main problem was that I am using 3rd party certificate for long time so I didn't mention this documentation section
https://ovirt.org/documentation/administration_guide/#Replacing_the_Manager_...
especially section 14 which describe how to configure engine-backup to backup also custom CA certificate. But this part is badly formatted as described in
https://bugzilla.redhat.com/show_bug.cgi?id=1859505
relevant BZ is also https://bugzilla.redhat.com/show_bug.cgi?id=1841203 which point me to the right direction
just for record. I had to change dns record for fqdn during deploy process - after HE vm was copied to shared storage (FC in my case) and before or during " Check engine VM health" ... [ INFO ] TASK [ovirt.hosted_engine_setup : Start ovirt-ha-agent service on the host] [ INFO ] changed: [localhost] [ INFO ] TASK [ovirt.hosted_engine_setup : Exit HE maintenance mode] [ INFO ] changed: [localhost] [ INFO ] TASK [ovirt.hosted_engine_setup : Check engine VM health] [ INFO ] changed: [localhost] [ INFO ] TASK [ovirt.hosted_engine_setup : Get target engine VM address] [ INFO ] changed: [localhost] [ INFO ] TASK [ovirt.hosted_engine_setup : Reconfigure OVN central address] [ INFO ] changed: [localhost] [ INFO ] TASK [ovirt.hosted_engine_setup : include_tasks] [ INFO ] ok: [localhost] [ INFO ] TASK [ovirt.hosted_engine_setup : Obtain SSO token using username/password credentials] [ INFO ] ok: [localhost] [ INFO ] TASK [ovirt.hosted_engine_setup : Check for the local bootstrap VM] ... now I am able to login with admin@local credentials and see original vms and hosts running and accessible. There are some glitches (like our ldap aaa configuration throws server_error: The connection reader was unable to successfully complete TLS negotiation: SSLHandshakeException(The server selected protocol version TLS10 is not accepted by client preferences [TLS12]), ldapSDKVersion=4.0.14, revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb) which I believe are solvable so migrating from ovirt4.3 standalone to ovirt4.4 selfhosted in one step is possible and functional It would be nice feature have possibility to wipe and reuse old HE storage during hosted-engine --deploy process. Cheers, Jiri
Cheers,
Jiri
Cheers,
Jiri
Thanks for help
Jiri
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/YH4J7GG7WLOLUF...
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/SWKF5CF3UHVRDE...
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/VS5HXYKSAQFBFE...