[ovirt-users] Re: migrating standalone engine to selfhosted and upgrade from 4.3 to 4.4 in one step

On 8/5/20 2:07 PM, Jiří Sléžka wrote: > On 8/3/20 11:12 AM, Jiří Sléžka wrote: >> Hello, >> >> I have 4 host cluster managed with standalone engine in version 4.3 and >> I would like to migrate this standalone engine to 4.4 as hosted engine. >> >> I have two new hosts which I would like to use as base for new HE >> cluster. (new hosts are Intel based, old ones are AMD Opteron based - >> new cluster will have 4.4 compatibility, old one have to stay at 4.2 >> compatibility level). >> >> I red this >> >> https://www.ovirt.org/documentation/migrating_from_a_standalone_manager_t... >> >> but the question is: Can I migrate and upgrade in one step? Have anybody >> did that already? If it is not possible what is a suggested approach? > > I just tried it. It looks like it could work at least until installation > process want to login into engine. It looks like it does not use valid > login name nor password. > > [ INFO ] TASK [ovirt.hosted_engine_setup : Expose engine VM webui over > a local port via ssh port forwarding] > [ INFO ] changed: [localhost] > [ INFO ] TASK [ovirt.hosted_engine_setup : Evaluate temporary bootstrap > engine URL] > [ INFO ] ok: [localhost] > [ INFO ] The bootstrap engine is temporary accessible over > https://ovirt05.net.slu.cz:6900/ovirt-engine/ > [ INFO ] TASK [ovirt.hosted_engine_setup : Detect VLAN ID] > [ INFO ] changed: [localhost] > [ INFO ] TASK [ovirt.hosted_engine_setup : Set Engine public key as > authorized key without validating the TLS/SSL certificates] > [ INFO ] changed: [localhost] > [ INFO ] TASK [ovirt.hosted_engine_setup : include_tasks] > [ INFO ] ok: [localhost] > [ INFO ] TASK [ovirt.hosted_engine_setup : Obtain SSO token using > username/password credentials] > [ INFO ] ok: [localhost] > [ INFO ] TASK [ovirt.hosted_engine_setup : Ensure that the target > datacenter is present] > [ ERROR ] ovirtsdk4.AuthError: Error during SSO authentication > access_denied : Cannot authenticate user 'None@N/A': No valid profile > found in credentials.. > [ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg": > "Error during SSO authentication access_denied : Cannot authenticate > user 'None@N/A': No valid profile found in credentials.."} > > I tried to login to https://ovirt05.net.slu.cz:6900/ovirt-engine/ and it > probably accept username admin@internal and new password entered during > hosted engine deploy but then it display error "The provided > authorization grant for the auth code has expired." > > Maybe it is related to this bug (and custom 3rd party Apache certificate) > > https://bugzilla.redhat.com/show_bug.cgi?id=1715767 > > in my case it looks like on engine vm in file > > /etc/pki/ovirt-engine/apache-ca.pem > > is original certificate from backup which is for ovirt.slu.cz fqdn. For > new hosted engine I use new fqdn ovirt.net.slu.cz. Should I change > ovirt.slu.cz record to point to new ip address (it have to be one from > ovirtmgmt subnet) and then try restore? Documentation is not much clear > in this particular subject. well, I will answer myself * setting fqdn is not probably important at this time, self hosted engine is prepared with modified /etc/hosts * main problem was that I am using 3rd party certificate for long time so I didn't mention this documentation section https://ovirt.org/documentation/administration_guide/#Replacing_the_Manag... especially section 14 which describe how to configure engine-backup to backup also custom CA certificate. But this part is badly formatted as described in https://bugzilla.redhat.com/show_bug.cgi?id=1859505 relevant BZ is also https://bugzilla.redhat.com/show_bug.cgi?id=1841203 which point me to the right direction

Cheers, Jiri > > Cheers, > > Jiri > >> >> Thanks for help >> >> Jiri >> >> >> _______________________________________________ >> Users mailing list -- users(a)ovirt.org >> To unsubscribe send an email to users-leave(a)ovirt.org >> Privacy Statement: https://www.ovirt.org/privacy-policy.html >> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ >> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/YH4J7GG7WLO... >> > > > > _______________________________________________ > Users mailing list -- users(a)ovirt.org > To unsubscribe send an email to users-leave(a)ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ > List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/SWKF5CF3UHV... > _______________________________________________ Users mailing list -- users(a)ovirt.org To unsubscribe send an email to users-leave(a)ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/VS5HXYKSAQF...