Confusion about storage domain ISO. How do I provision VMs?
Hello there, I'm a bit confused about provisioning VMs (with Ansible). At first I wanted to setup a VM manually over the web UI, just to see how it works. I was not able to upload ISO files with cloud images to a data domain but I was able to upload to ISO domain. However I read that ISO domains are deprecated (see https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/htm...). So what is the workflow/process of provisioning VMs from cloud images with cloud init? Where do I store my ISOs? Kind regards skrzetuski
Hello, I'll do my best to help you with that but first let's look closely into your situation. Specifically I have two questions: 1) What exactly was the issue when you tried to upload the ISO to data domain? I've just tried that on oVirt 4.3.7 and has no problem with it. 2) Can you double check that you've got the right cloud image? As far as I know cloud images are usually provided in QCOW2 format, like here: https://cloud.centos.org/centos/7/images/ Do you *need* to use ISO files at all? Best regards Jan On Thu, Jan 2, 2020 at 10:36 PM <m.skrzetuski@gmail.com> wrote:
Hello there,
I'm a bit confused about provisioning VMs (with Ansible).
At first I wanted to setup a VM manually over the web UI, just to see how it works. I was not able to upload ISO files with cloud images to a data domain but I was able to upload to ISO domain. However I read that ISO domains are deprecated (see https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/htm... ).
So what is the workflow/process of provisioning VMs from cloud images with cloud init? Where do I store my ISOs?
Kind regards skrzetuski _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/WIE75WTDKH52P5...
-- Jan Zmeskal Quality Engineer, RHV Core System Red Hat <https://www.redhat.com> <https://www.redhat.com>
Hello Jan, 1) When I upload something the UI shows "Paused by System" and nothing gets uploaded. [image: Screenshot 2020-01-03 at 16.54.37.png] 2) Yes, you are right. I can use qcow2 images. However I get same results with them. Kind regards Skrzetuski On Fri, 3 Jan 2020 at 10:32, Jan Zmeskal <jzmeskal@redhat.com> wrote:
Hello,
I'll do my best to help you with that but first let's look closely into your situation. Specifically I have two questions:
1) What exactly was the issue when you tried to upload the ISO to data domain? I've just tried that on oVirt 4.3.7 and has no problem with it. 2) Can you double check that you've got the right cloud image? As far as I know cloud images are usually provided in QCOW2 format, like here: https://cloud.centos.org/centos/7/images/ Do you *need* to use ISO files at all?
Best regards Jan
On Thu, Jan 2, 2020 at 10:36 PM <m.skrzetuski@gmail.com> wrote:
Hello there,
I'm a bit confused about provisioning VMs (with Ansible).
At first I wanted to setup a VM manually over the web UI, just to see how it works. I was not able to upload ISO files with cloud images to a data domain but I was able to upload to ISO domain. However I read that ISO domains are deprecated (see https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/htm... ).
So what is the workflow/process of provisioning VMs from cloud images with cloud init? Where do I store my ISOs?
Kind regards skrzetuski _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/WIE75WTDKH52P5...
--
Jan Zmeskal
Quality Engineer, RHV Core System
This is what I see in /var/log/ovirt-imageio-daemon/daemon.log. 020-01-03 16:54:03,176 INFO (Thread-1) [http] OPEN client=local 2020-01-03 16:54:03,178 INFO (Thread-1) [tickets] [local] ADD ticket={u'uuid': u'f1baa082-393a-47af-8165-09b0cc9913eb', u'ops': [u'write'], u'url': u'file:///rhev/data-center/mnt/_vmisos/d9a3e101-7cfe-446f-8ae8-13fac321ae2c/images/0217c498-9aa9-45f4-9964-6edce9e2817f/d8e80353-f409-4cd1-80fc-9546b3fd09fe', u'sparse': True, u'timeout': 300, u'transfer_id': u'5984405b-da3b-4ae4-99e9-ccec1556f213', u'size': 942407680} 2020-01-03 16:54:03,179 INFO (Thread-1) [http] CLOSE client=local [connection=0.002770/1, dispatch=0.000466/1]
I found exceptions in /var/log/ovirt-engine/engine.log so it's about SSL again (really annoying). Might be the error from https://access.redhat.com/solutions/2592941. 2020-01-03 17:34:30,067+01 ERROR [org.ovirt.engine.core.bll.storage.disk.image.TransferDiskImageCommand] (EE-ManagedThreadFactory-engineScheduled-Thread-77) [712bf33b-5c37-489e-bb52-b34f743975af] Failed to add image ticket to ovirt-imageio-proxy: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) [jsse.jar:1.8.0_232] at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946) [jsse.jar:1.8.0_232] at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316) [jsse.jar:1.8.0_232] at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) [jsse.jar:1.8.0_232] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639) [jsse.jar:1.8.0_232] at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) [jsse.jar:1.8.0_232] at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) [jsse.jar:1.8.0_232] at sun.security.ssl.Handshaker.process_record(Handshaker.java:965) [jsse.jar:1.8.0_232] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064) [jsse.jar:1.8.0_232] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367) [jsse.jar:1.8.0_232] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395) [jsse.jar:1.8.0_232] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379) [jsse.jar:1.8.0_232] at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) [rt.jar:1.8.0_232] at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) [rt.jar:1.8.0_232] at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1340) [rt.jar:1.8.0_232] at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1315) [rt.jar:1.8.0_232] at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:264) [rt.jar:1.8.0_232] at org.ovirt.engine.core.bll.storage.disk.image.TransferDiskImageCommand.addImageTicketToProxy(TransferDiskImageCommand.java:1059) [bll.jar:] at org.ovirt.engine.core.bll.storage.disk.image.TransferDiskImageCommand.startImageTransferSession(TransferDiskImageCommand.java:982) [bll.jar:] at org.ovirt.engine.core.bll.storage.disk.image.TransferDiskImageCommand.handleImageIsReadyForTransfer(TransferDiskImageCommand.java:581) [bll.jar:] at org.ovirt.engine.core.bll.storage.disk.image.TransferDiskImageCommand.handleInitializing(TransferDiskImageCommand.java:552) [bll.jar:] at org.ovirt.engine.core.bll.storage.disk.image.TransferDiskImageCommand.executeStateHandler(TransferDiskImageCommand.java:478) [bll.jar:] at org.ovirt.engine.core.bll.storage.disk.image.TransferDiskImageCommand.proceedCommandExecution(TransferDiskImageCommand.java:465) [bll.jar:] at org.ovirt.engine.core.bll.storage.disk.image.TransferImageCommandCallback.doPolling(TransferImageCommandCallback.java:21) [bll.jar:] at org.ovirt.engine.core.bll.tasks.CommandCallbacksPoller.invokeCallbackMethodsImpl(CommandCallbacksPoller.java:175) [bll.jar:] at org.ovirt.engine.core.bll.tasks.CommandCallbacksPoller.invokeCallbackMethods(CommandCallbacksPoller.java:109) [bll.jar:] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [rt.jar:1.8.0_232] at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) [rt.jar:1.8.0_232] at org.glassfish.enterprise.concurrent.internal.ManagedScheduledThreadPoolExecutor$ManagedScheduledFutureTask.access$201(ManagedScheduledThreadPoolExecutor.java:383) [javax.enterprise.concurrent-1.0.jar:] at org.glassfish.enterprise.concurrent.internal.ManagedScheduledThreadPoolExecutor$ManagedScheduledFutureTask.run(ManagedScheduledThreadPoolExecutor.java:534) [javax.enterprise.concurrent-1.0.jar:] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [rt.jar:1.8.0_232] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [rt.jar:1.8.0_232] at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_232] at org.glassfish.enterprise.concurrent.ManagedThreadFactoryImpl$ManagedThread.run(ManagedThreadFactoryImpl.java:250) [javax.enterprise.concurrent-1.0.jar:] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) [rt.jar:1.8.0_232] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) [rt.jar:1.8.0_232] at sun.security.validator.Validator.validate(Validator.java:262) [rt.jar:1.8.0_232] at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330) [jsse.jar:1.8.0_232] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237) [jsse.jar:1.8.0_232] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132) [jsse.jar:1.8.0_232] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621) [jsse.jar:1.8.0_232] ... 29 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) [rt.jar:1.8.0_232] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) [rt.jar:1.8.0_232] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) [rt.jar:1.8.0_232] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) [rt.jar:1.8.0_232] ... 35 more
/etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf seems to have correctly configured ssl certs. ssl_key_file = /etc/pki/ovirt-engine/keys/apache.key.nopass ssl_cert_file = /etc/pki/ovirt-engine/certs/apache.cer
Also, nice read @ https://bugzilla.redhat.com/show_bug.cgi?id=1385617 but doesn't help. I can't solve the issue. I use alternate FQDN and my own ssl certs but imageio proxy/image upload seems to be broken because of that.
Now I find errors about subject alternative DNS names in the engine log. My SSL certificate is generated for a DNS that is configured as alternate FQDN. How do I use SSL certificates with that? 2020-01-03 15:11:05,672+01 INFO [org.ovirt.engine.core.uutils.config.ShellLikeConfd] (ServerService Thread Pool -- 53) [] Value of property 'CINDERLIB_DB_PASSWORD' is '***'. ...skipping... at org.ovirt.engine.core.bll.storage.disk.image.TransferDiskImageCommand.handleInitializing(TransferDiskImageCommand.java:552) [bll.jar:] at org.ovirt.engine.core.bll.storage.disk.image.TransferDiskImageCommand.executeStateHandler(TransferDiskImageCommand.java:478) [bll.jar:] at org.ovirt.engine.core.bll.storage.disk.image.TransferDiskImageCommand.proceedCommandExecution(TransferDiskImageCommand.java:465) [bll.jar:] at org.ovirt.engine.core.bll.storage.disk.image.TransferImageCommandCallback.doPolling(TransferImageCommandCallback.java:21) [bll.jar:] at org.ovirt.engine.core.bll.tasks.CommandCallbacksPoller.invokeCallbackMethodsImpl(CommandCallbacksPoller.java:175) [bll.jar:] at org.ovirt.engine.core.bll.tasks.CommandCallbacksPoller.invokeCallbackMethods(CommandCallbacksPoller.java:109) [bll.jar:] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [rt.jar:1.8.0_232] at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) [rt.jar:1.8.0_232] at org.glassfish.enterprise.concurrent.internal.ManagedScheduledThreadPoolExecutor$ManagedScheduledFutureTask.access$201(ManagedScheduledThreadPoolExecutor.java:383) [javax.enterprise.concurrent-1.0.jar:] at org.glassfish.enterprise.concurrent.internal.ManagedScheduledThreadPoolExecutor$ManagedScheduledFutureTask.run(ManagedScheduledThreadPoolExecutor.java:534) [javax.enterprise.concurrent-1.0.jar:] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [rt.jar:1.8.0_232] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [rt.jar:1.8.0_232] at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_232] at org.glassfish.enterprise.concurrent.ManagedThreadFactoryImpl$ManagedThread.run(ManagedThreadFactoryImpl.java:250) [javax.enterprise.concurrent-1.0.jar:] Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching delirium.home found. at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:214) [rt.jar:1.8.0_232] at sun.security.util.HostnameChecker.match(HostnameChecker.java:96) [rt.jar:1.8.0_232] at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:462) [jsse.jar:1.8.0_232] at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:442) [jsse.jar:1.8.0_232] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:209) [jsse.jar:1.8.0_232] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132) [jsse.jar:1.8.0_232] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621) [jsse.jar:1.8.0_232] ... 29 more
Solved after ridiculous research effort by finding https://access.redhat.com/solutions/3607351. I'd switch to Proxmox days ago if I wasn't such a Redhat and CentOS fanboy.
Hi, I'm glad you could figure it out in the end. It's true that the message "Paused by System" isn't super useful when trying to figure out what's wrong. It would definitely be worth to submit a bug requesting more descriptive error message. Since you already have an environment that reproduces the issue, would you please consider reporting the bug here <https://bugzilla.redhat.com/enter_bug.cgi?product=ovirt-engine>? Thank you for reaching out to the mailing list and sharing the solution! Jan On Sat, Jan 4, 2020 at 11:10 PM <m.skrzetuski@gmail.com> wrote:
Solved after ridiculous research effort by finding https://access.redhat.com/solutions/3607351. I'd switch to Proxmox days ago if I wasn't such a Redhat and CentOS fanboy. _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/NGKPM2W3ILNZ7R...
-- Jan Zmeskal Quality Engineer, RHV Core System Red Hat <https://www.redhat.com> <https://www.redhat.com>
participants (3)
-
Jan Zmeskal -
m.skrzetuski@gmail.com -
Maciej Skrzetuski