[ovirt-users] Proper way to change and persist vdsm configuration options

Alon Bar-Lev alonbl at redhat.com
Thu Aug 21 16:05:28 EDT 2014



----- Original Message -----
> From: "Trey Dockendorf" <treydock at gmail.com>
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: "ybronhei" <ybronhei at redhat.com>, "users" <users at ovirt.org>, "Fabian Deutsch" <fabiand at redhat.com>, "Dan
> Kenigsberg" <danken at redhat.com>, "Itamar Heim" <iheim at redhat.com>, "Douglas Landgraf" <dougsland at redhat.com>, "Oved
> Ourfali" <ovedo at redhat.com>
> Sent: Thursday, August 21, 2014 10:55:28 PM
> Subject: Re: [ovirt-users] Proper way to change and persist vdsm configuration options
> 
> Is there a method that works in EL6?
> 
> $ openssl x509 -in /etc/pki/ovirt-engine/certs/engine.cer -noout
> -pubkey | ssh-keygen -i -m PKCS8 -f /dev/stdin
> ssh-keygen: illegal option -- m
> 
> $ openssl x509 -in /etc/pki/ovirt-engine/certs/engine.cer -noout
> -pubkey | ssh-keygen -i -f /dev/stdin
> buffer_get_string_ret: bad string length 813826338
> key_from_blob: can't read key type
> decode blob failed.
> 
> I achieved somewhat similar result by doing the following, though
> likely is a security issue having something like Facter read from
> /etc/pki/ovirt-engine/keys
> 
> $  ssh-keygen -y -f /etc/pki/ovirt-engine/keys/engine_id_rsa
> ssh-rsa <PUBKEY>

this is one option that use private key and unsupported artifact...

better:

openssl pkcs12 -in /etc/pki/ovirt-engine/keys/engine.p12 -nocerts -passin pass:mypass -nodes 2> /dev/null | ssh-keygen -y -f /dev/stdin

I hope el6 will have newer openssh with support for the PKCS8 format.

> 
> Thanks,
> - Trey
> 
> On Thu, Aug 21, 2014 at 1:44 PM, Alon Bar-Lev <alonbl at redhat.com> wrote:
> >
> >
> > ----- Original Message -----
> >> From: "Trey Dockendorf" <treydock at gmail.com>
> >> To: "Alon Bar-Lev" <alonbl at redhat.com>
> >> Cc: "ybronhei" <ybronhei at redhat.com>, "users" <users at ovirt.org>, "Fabian
> >> Deutsch" <fabiand at redhat.com>, "Dan
> >> Kenigsberg" <danken at redhat.com>, "Itamar Heim" <iheim at redhat.com>,
> >> "Douglas Landgraf" <dougsland at redhat.com>, "Oved
> >> Ourfali" <ovedo at redhat.com>
> >> Sent: Thursday, August 21, 2014 9:41:03 PM
> >> Subject: Re: [ovirt-users] Proper way to change and persist vdsm
> >> configuration options
> >>
> >> Sorry, I meant the SSH public key.  Is that a file or in the database?
> >>  I did a "grep" for the public key downloaded via the
> >> command=get-ssh-trust and found no files in /etc/ or
> >> /var/lib/ovirt-engine that matched.
> >
> > openssl x509 -in /etc/pki/ovirt-engine/certs/engine.cer -noout -pubkey |
> > ssh-keygen -i -m PKCS8 -f /dev/stdin
> >
> >>
> >> - Trey
> >>
> >> On Thu, Aug 21, 2014 at 11:33 AM, Alon Bar-Lev <alonbl at redhat.com> wrote:
> >> >
> >> >
> >> > ----- Original Message -----
> >> >> From: "Trey Dockendorf" <treydock at gmail.com>
> >> >> To: "Alon Bar-Lev" <alonbl at redhat.com>
> >> >> Cc: "ybronhei" <ybronhei at redhat.com>, "users" <users at ovirt.org>,
> >> >> "Fabian
> >> >> Deutsch" <fabiand at redhat.com>, "Dan
> >> >> Kenigsberg" <danken at redhat.com>, "Itamar Heim" <iheim at redhat.com>,
> >> >> "Douglas Landgraf" <dougsland at redhat.com>, "Oved
> >> >> Ourfali" <ovedo at redhat.com>
> >> >> Sent: Thursday, August 21, 2014 7:15:56 PM
> >> >> Subject: Re: [ovirt-users] Proper way to change and persist vdsm
> >> >> configuration options
> >> >>
> >> >> I likely won't automate this yet, as a lot of what's coming in 3.5
> >> >> seems to obsolete many things I was doing previously via Puppet.  In
> >> >> particular the Foreman integration and the ability to add custom
> >> >> iptables rules to engine-config.  Previous posts on the list made is
> >> >> seem like modifying "IPTables" could potentially make upgrades less
> >> >> reliable.
> >> >>
> >> >> Created a gist of a working series of commands based on Alon's example
> >> >> using the Host Deploy Protocol [1].
> >> >>
> >> >> https://gist.github.com/treydock/570a776b5c160bca7c9c
> >> >>
> >> >> Curious , where is the public key used by the ovirt-engine stored?
> >> >> The one that is available using command=get-ssh-trust.  Is there a way
> >> >> to query it from the engine?  I'm thinking if it would be possible to
> >> >> create a custom Facter face that stores the value of that public key
> >> >> so easier to re-use and access for deployment.
> >> >
> >> > /etc/pki/ovirt-engine/certs/engine.cer
> >> >
> >> >>
> >> >> Thanks,
> >> >> - Trey
> >> >>
> >> >> [1] - http://www.ovirt.org/Features/HostDeployProtocol
> >> >>
> >> >> On Tue, Aug 5, 2014 at 11:32 PM, Alon Bar-Lev <alonbl at redhat.com>
> >> >> wrote:
> >> >> >
> >> >> >
> >> >> > ----- Original Message -----
> >> >> >> From: "Trey Dockendorf" <treydock at gmail.com>
> >> >> >> To: "Alon Bar-Lev" <alonbl at redhat.com>
> >> >> >> Cc: "ybronhei" <ybronhei at redhat.com>, "users" <users at ovirt.org>,
> >> >> >> "Fabian
> >> >> >> Deutsch" <fabiand at redhat.com>, "Dan
> >> >> >> Kenigsberg" <danken at redhat.com>, "Itamar Heim" <iheim at redhat.com>,
> >> >> >> "Douglas Landgraf" <dougsland at redhat.com>, "Oved
> >> >> >> Ourfali" <ovedo at redhat.com>
> >> >> >> Sent: Tuesday, August 5, 2014 11:27:45 PM
> >> >> >> Subject: Re: [ovirt-users] Proper way to change and persist vdsm
> >> >> >> configuration options
> >> >> >>
> >> >> >> Thanks for clarifying, makes sense now.
> >> >> >>
> >> >> >> The public key trust needed for registration, is that the same key
> >> >> >> that would be used when adding host via UI?
> >> >> >
> >> >> > yes.
> >> >> >
> >> >> > you can download it via:
> >> >> > $ curl
> >> >> > 'http://engine/ovirt-engine/services/pki-resource?resource=engine-certificate&format=OPENSSH-PUBKEY'
> >> >> > $ curl
> >> >> > 'http://engine/ovirt-engine/services/host-register?version=1&command=get-ssh-trust'
> >> >> >
> >> >> > probably better to use https and verify CA certificate fingerprint if
> >> >> > you
> >> >> > do that from host.
> >> >> >
> >> >> >> Any examples of how to use the HostDeployProtocol [1]?  I like the
> >> >> >> idea of using registration but haven't the slightest idea how to
> >> >> >> implement what's described in the docs [1].  I do recall seeing an
> >> >> >> article posted (searching email and can't find) that had a nice
> >> >> >> walk-through of how to use the oVirt API using browser tools.  I'm
> >> >> >> unsure if this HostDeployProtocol would be done that way or via some
> >> >> >> other method.
> >> >> >
> >> >> > there are two apis, the formal rest-api that is exposed by the engine
> >> >> > and
> >> >> > can be accessed using any rest api tool or ovirt-engine-cli,
> >> >> > ovirt-engine-sdk-java, ovirt-engine-sdk-python wrappers. I sent you a
> >> >> > minimal example in previous message.
> >> >> >
> >> >> > and the host-deploy protocol[1], which should have been exposed in
> >> >> > the
> >> >> > rest-api, but for some reason I cannot understand it was not included
> >> >> > in
> >> >> > the public interface of the engine.
> >> >> >
> >> >> > the advantage of using the rest-api is that you can achieve full
> >> >> > cycle
> >> >> > using the protocol, the add host cycle is what you seek.
> >> >> >
> >> >> > the host-deploy protocol just register the host, but the sysadmin
> >> >> > needs
> >> >> > to
> >> >> > approve the host via the ui (or via the rest api) before it is
> >> >> > usable.
> >> >> >
> >> >> >>
> >> >> >> Thanks,
> >> >> >> - Trey
> >> >> >>
> >> >> >>
> >> >> >> [1] http://www.ovirt.org/Features/HostDeployProtocol
> >> >> >>
> >> >> >> On Tue, Aug 5, 2014 at 3:01 PM, Alon Bar-Lev <alonbl at redhat.com>
> >> >> >> wrote:
> >> >> >> >
> >> >> >> >
> >> >> >> > ----- Original Message -----
> >> >> >> >> From: "Trey Dockendorf" <treydock at gmail.com>
> >> >> >> >> To: "Alon Bar-Lev" <alonbl at redhat.com>
> >> >> >> >> Cc: "ybronhei" <ybronhei at redhat.com>, "users" <users at ovirt.org>,
> >> >> >> >> "Fabian
> >> >> >> >> Deutsch" <fabiand at redhat.com>, "Dan
> >> >> >> >> Kenigsberg" <danken at redhat.com>, "Itamar Heim"
> >> >> >> >> <iheim at redhat.com>,
> >> >> >> >> "Douglas Landgraf" <dougsland at redhat.com>, "Oved
> >> >> >> >> Ourfali" <ovedo at redhat.com>
> >> >> >> >> Sent: Tuesday, August 5, 2014 10:45:12 PM
> >> >> >> >> Subject: Re: [ovirt-users] Proper way to change and persist vdsm
> >> >> >> >> configuration options
> >> >> >> >>
> >> >> >> >> Excellent, so installing 'ovirt-host-deploy' on each node then
> >> >> >> >> configuring the /etc/ovirt-host-deploy.conf.d files seems very
> >> >> >> >> automate-able, will see how it works in practice.
> >> >> >> >
> >> >> >> > you do not need to install the ovirt-host-deploy, just create the
> >> >> >> > files.
> >> >> >> >
> >> >> >> >> Regarding the actual host registration and getting the host added
> >> >> >> >> to
> >> >> >> >> ovirt-engine, are there other methods besides the API and the
> >> >> >> >> sdk?
> >> >> >> >> Would it be possible to configure the necessary
> >> >> >> >> ovirt-host-deploy.conf.d files then execute "ovirt-host-deploy"?
> >> >> >> >> I
> >> >> >> >> notice that running 'ovirt-host-deploy' wants to make whatever
> >> >> >> >> host
> >> >> >> >> executes it a ovir hypervisor but haven't yet run it all the way
> >> >> >> >> through as no server to test with at this time.  There seems to
> >> >> >> >> be
> >> >> >> >> no
> >> >> >> >> "--help" or similar command line argument.
> >> >> >> >
> >> >> >> > you should not run host-deploy directly, but via the engine's
> >> >> >> > process,
> >> >> >> > either registration or add host as I replied previously.
> >> >> >> >
> >> >> >> > when base system is ready, you issue add host via api of engine or
> >> >> >> > via
> >> >> >> > ui,
> >> >> >> > the other alternative is to register the host host the host-deploy
> >> >> >> > protocol, and approve the host via api of engine or via ui.
> >> >> >> >
> >> >> >> >> I'm sure this will all be more clear once I attempt the steps and
> >> >> >> >> run
> >> >> >> >> through the motions.  Will try to find a system to test on so I'm
> >> >> >> >> ready once our new servers arrive.
> >> >> >> >>
> >> >> >> >> Thanks,
> >> >> >> >> - Trey
> >> >> >> >>
> >> >> >> >> On Tue, Aug 5, 2014 at 2:23 PM, Alon Bar-Lev <alonbl at redhat.com>
> >> >> >> >> wrote:
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > ----- Original Message -----
> >> >> >> >> >> From: "Trey Dockendorf" <treydock at gmail.com>
> >> >> >> >> >> To: "Alon Bar-Lev" <alonbl at redhat.com>
> >> >> >> >> >> Cc: "ybronhei" <ybronhei at redhat.com>, "users"
> >> >> >> >> >> <users at ovirt.org>,
> >> >> >> >> >> "Fabian
> >> >> >> >> >> Deutsch" <fabiand at redhat.com>, "Dan
> >> >> >> >> >> Kenigsberg" <danken at redhat.com>, "Itamar Heim"
> >> >> >> >> >> <iheim at redhat.com>,
> >> >> >> >> >> "Douglas Landgraf" <dougsland at redhat.com>
> >> >> >> >> >> Sent: Tuesday, August 5, 2014 10:01:14 PM
> >> >> >> >> >> Subject: Re: [ovirt-users] Proper way to change and persist
> >> >> >> >> >> vdsm
> >> >> >> >> >> configuration options
> >> >> >> >> >>
> >> >> >> >> >> Ah, thank you for the input!  Just so I'm not spending time
> >> >> >> >> >> implementing the wrong changes, let me confirm I understand
> >> >> >> >> >> your
> >> >> >> >> >> comments.
> >> >> >> >> >>
> >> >> >> >> >> 1) Deploy host with Foreman
> >> >> >> >> >> 2) Apply Puppet catalog including ovirt Puppet module
> >> >> >> >> >> 3) Initiate host-deploy via rest API
> >> >> >> >> >>
> >> >> >> >> >> In the ovirt module the following takes place:
> >> >> >> >> >>
> >> >> >> >> >> 2a) Add yum repos
> >> >> >> >> >> 2b) Manage  /etc/ovirt-host-deploy.conf.d/40-xxx.conf
> >> >> >> >> >>
> >> >> >> >> >
> >> >> >> >> > you can have any # of files with any prefix :))
> >> >> >> >> >
> >> >> >> >> >> For #2b I have a few questions
> >> >> >> >> >>
> >> >> >> >> >> * The name of the ".conf" file is simply for sorting and
> >> >> >> >> >> labeling/organization, it has not functional impact on what
> >> >> >> >> >> those
> >> >> >> >> >> overrides apply to?
> >> >> >> >> >
> >> >> >> >> > right.
> >> >> >> >> >
> >> >> >> >> >> * That file is managed on the ovirt-engine server, not the
> >> >> >> >> >> actual
> >> >> >> >> >> nodes?
> >> >> >> >> >
> >> >> >> >> > currently on the host, in future we will provide a method to
> >> >> >> >> > add
> >> >> >> >> > this
> >> >> >> >> > to
> >> >> >> >> > engine database[1]
> >> >> >> >> >
> >> >> >> >> > [1] http://gerrit.ovirt.org/#/c/27064/
> >> >> >> >> >
> >> >> >> >> >> * Is there any way to apply overrides to specific hosts?  For
> >> >> >> >> >> example
> >> >> >> >> >> if I have some hosts that require a config and others that
> >> >> >> >> >> don't,
> >> >> >> >> >> how
> >> >> >> >> >> would I separate those *.conf files?  This is more theoretical
> >> >> >> >> >> as
> >> >> >> >> >> right now my setup is common across all nodes.
> >> >> >> >> >
> >> >> >> >> > the poppet module can put whatever required on each host.
> >> >> >> >> >
> >> >> >> >> >> For #3...the implementation of API calls from within Puppet is
> >> >> >> >> >> a
> >> >> >> >> >> challenge and one I can't tackle yet, but definitely will make
> >> >> >> >> >> it
> >> >> >> >> >> a
> >> >> >> >> >> goal for the future.  In the mean time, what's the "manual"
> >> >> >> >> >> way
> >> >> >> >> >> to
> >> >> >> >> >> initiate host-deploy?  Is there a CLI command that would have
> >> >> >> >> >> the
> >> >> >> >> >> same
> >> >> >> >> >> result as an API call or is the recommended way to perform the
> >> >> >> >> >> API
> >> >> >> >> >> call manually (ie curl)?
> >> >> >> >> >
> >> >> >> >> > well, you can register host using the following protocol[1],
> >> >> >> >> > but
> >> >> >> >> > it
> >> >> >> >> > is
> >> >> >> >> > difficult to do this securely, what you actually need is to
> >> >> >> >> > establish
> >> >> >> >> > ssh
> >> >> >> >> > trust for root with engine key then register.
> >> >> >> >> >
> >> >> >> >> > you can also use the register command using curl by something
> >> >> >> >> > like
> >> >> >> >> > (I
> >> >> >> >> > have
> >> >> >> >> > not checked):
> >> >> >> >> > https://admin%40internal:password@engine/ovirt-engine/api/hosts
> >> >> >> >> > ---
> >> >> >> >> > <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
> >> >> >> >> > <host>
> >> >> >> >> >   <name>host1</name>
> >> >> >> >> >   <address>dns</address>
> >> >> >> >> >   <ssh>
> >> >> >> >> >     <authentication_method>publickey</authentication_method>
> >> >> >> >> >   </ssh>
> >> >> >> >> >   <cluster id="cluster-uuid"/>
> >> >> >> >> > </host>
> >> >> >> >> > ---
> >> >> >> >> >
> >> >> >> >> > you can also use the ovirt-engine-sdk-python package:
> >> >> >> >> > ---
> >> >> >> >> >         import ovirtsdk.api
> >> >> >> >> >         import ovirtsdk.xml
> >> >> >> >> >
> >> >> >> >> >         sdk = ovirtsdk.api.API(
> >> >> >> >> >             url='https://host/ovirt-engine/api',
> >> >> >> >> >             username='admin at internal',
> >> >> >> >> >             password='password',
> >> >> >> >> >             insecure=True,
> >> >> >> >> >         )
> >> >> >> >> >         sdk.hosts.add(
> >> >> >> >> >             ovirtsdk.xml.params.Host(
> >> >> >> >> >                 name='host1',
> >> >> >> >> >                 address='host1',
> >> >> >> >> >                 cluster=engine_api.clusters.get(
> >> >> >> >> >                     'cluster'
> >> >> >> >> >                 ),
> >> >> >> >> >                 ssh=self._ovirtsdk_xml.params.SSH(
> >> >> >> >> >                     authentication_method='publickey',
> >> >> >> >> >                 ),
> >> >> >> >> >             )
> >> >> >> >> >         )
> >> >> >> >> > ---
> >> >> >> >> >
> >> >> >> >> > [1] http://www.ovirt.org/Features/HostDeployProtocol
> >> >> >> >> >
> >> >> >> >> >>
> >> >> >> >> >> Thanks!
> >> >> >> >> >> - Trey
> >> >> >> >> >>
> >> >> >> >> >> On Tue, Aug 5, 2014 at 1:45 PM, Alon Bar-Lev
> >> >> >> >> >> <alonbl at redhat.com>
> >> >> >> >> >> wrote:
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > ----- Original Message -----
> >> >> >> >> >> >> From: "Trey Dockendorf" <treydock at gmail.com>
> >> >> >> >> >> >> To: "ybronhei" <ybronhei at redhat.com>
> >> >> >> >> >> >> Cc: "users" <users at ovirt.org>, "Fabian Deutsch"
> >> >> >> >> >> >> <fabiand at redhat.com>,
> >> >> >> >> >> >> "Dan
> >> >> >> >> >> >> Kenigsberg" <danken at redhat.com>, "Itamar
> >> >> >> >> >> >> Heim" <iheim at redhat.com>, "Douglas Landgraf"
> >> >> >> >> >> >> <dougsland at redhat.com>,
> >> >> >> >> >> >> "Alon
> >> >> >> >> >> >> Bar-Lev" <alonbl at redhat.com>
> >> >> >> >> >> >> Sent: Tuesday, August 5, 2014 9:36:24 PM
> >> >> >> >> >> >> Subject: Re: [ovirt-users] Proper way to change and persist
> >> >> >> >> >> >> vdsm
> >> >> >> >> >> >> configuration options
> >> >> >> >> >> >>
> >> >> >> >> >> >> On Tue, Aug 5, 2014 at 12:32 PM, ybronhei
> >> >> >> >> >> >> <ybronhei at redhat.com>
> >> >> >> >> >> >> wrote:
> >> >> >> >> >> >> > Hey,
> >> >> >> >> >> >> >
> >> >> >> >> >> >> > Just noticed something that I forgot about..
> >> >> >> >> >> >> > before filing new BZ, see in ovirt-host-deploy
> >> >> >> >> >> >> > README.environment
> >> >> >> >> >> >> > [1]
> >> >> >> >> >> >> > the
> >> >> >> >> >> >> > section:
> >> >> >> >> >> >> > VDSM/configOverride(bool) [True]
> >> >> >> >> >> >> >     Override vdsm configuration file.
> >> >> >> >> >> >> >
> >> >> >> >> >> >> > changing it to false will keep your vdsm.conf file as is
> >> >> >> >> >> >> > after
> >> >> >> >> >> >> > deploying
> >> >> >> >> >> >> > the
> >> >> >> >> >> >> > host again (what happens after node upgrade)
> >> >> >> >> >> >> >
> >> >> >> >> >> >> > [1]
> >> >> >> >> >> >> > https://github.com/oVirt/ovirt-host-deploy/blob/master/README.environment
> >> >> >> >> >> >> >
> >> >> >> >> >> >> > please check if that what you meant..
> >> >> >> >> >> >> >
> >> >> >> >> >> >> > Thanks,
> >> >> >> >> >> >> > Yaniv Bronhaim.
> >> >> >> >> >> >> >
> >> >> >> >> >> >>
> >> >> >> >> >> >> I was unaware of that package.  I will check that out as
> >> >> >> >> >> >> that
> >> >> >> >> >> >> seems
> >> >> >> >> >> >> to
> >> >> >> >> >> >> be what I am looking for.
> >> >> >> >> >> >>
> >> >> >> >> >> >> I have not filed this in BZ and will hold off pending
> >> >> >> >> >> >> ovirt-host-deploy.  If you feel a BZ is still necessary
> >> >> >> >> >> >> then
> >> >> >> >> >> >> please
> >> >> >> >> >> >> do
> >> >> >> >> >> >> file one and I would be happy to provide input if it would
> >> >> >> >> >> >> help.
> >> >> >> >> >> >>
> >> >> >> >> >> >> Right now this is my workflow.
> >> >> >> >> >> >>
> >> >> >> >> >> >> 1. Foreman provisions bare-metal server with CentOS 6.5
> >> >> >> >> >> >> 2. Once provisioned and system rebooted Puppet applies
> >> >> >> >> >> >> puppet-ovirt
> >> >> >> >> >> >> [1] module that adds the necessary yum repos
> >> >> >> >> >> >
> >> >> >> >> >> > and should stop here..
> >> >> >> >> >> >
> >> >> >> >> >> >> , and installs packages.
> >> >> >> >> >> >> Part of my Puppet deployment is basic things like sudo
> >> >> >> >> >> >> management
> >> >> >> >> >> >> (vdsm's sudo is account for), sssd configuration, and other
> >> >> >> >> >> >> aspects
> >> >> >> >> >> >> that are needed by every system in my infrastructure.  Part
> >> >> >> >> >> >> of
> >> >> >> >> >> >> the
> >> >> >> >> >> >> ovirt::node Puppet class is managing vdsm.conf, and in my
> >> >> >> >> >> >> case
> >> >> >> >> >> >> that
> >> >> >> >> >> >> means ensuring iSER is enabled for iSCSI over IB.
> >> >> >> >> >> >
> >> >> >> >> >> > you can create a file
> >> >> >> >> >> > /etc/ovirt-host-deploy.conf.d/40-xxx.conf
> >> >> >> >> >> > ---
> >> >> >> >> >> > VDSM_CONFIG/section/key=str:content
> >> >> >> >> >> > ---
> >> >> >> >> >> >
> >> >> >> >> >> > this will create a proper vdsm.conf when host-deploy is
> >> >> >> >> >> > initiated.
> >> >> >> >> >> >
> >> >> >> >> >> > you should now use the rest api to initiate host-deploy.
> >> >> >> >> >> >
> >> >> >> >> >> >> 3. Once host is online and has had the full Puppet catalog
> >> >> >> >> >> >> applied I
> >> >> >> >> >> >> log into ovirt-engine web interface and add those host
> >> >> >> >> >> >> (pulling
> >> >> >> >> >> >> it's
> >> >> >> >> >> >> data via the Foreman provider).
> >> >> >> >> >> >
> >> >> >> >> >> > right, but you should let this process install packages and
> >> >> >> >> >> > manage
> >> >> >> >> >> > configuration.
> >> >> >> >> >> >
> >> >> >> >> >> >> What I've noticed is that after step #3, after a host is
> >> >> >> >> >> >> added
> >> >> >> >> >> >> by
> >> >> >> >> >> >> ovirt-engine, the vdsm.conf file is reset to default and I
> >> >> >> >> >> >> have
> >> >> >> >> >> >> to
> >> >> >> >> >> >> reapply Puppet before it can be used as the one of my Data
> >> >> >> >> >> >> Storage
> >> >> >> >> >> >> Domains requires iSER (not available over TCP).
> >> >> >> >> >> >
> >> >> >> >> >> > right, see above.
> >> >> >> >> >> >
> >> >> >> >> >> >> What would be the workflow using ovirt-host-deploy?  Thus
> >> >> >> >> >> >> far
> >> >> >> >> >> >> I've
> >> >> >> >> >> >> had
> >> >> >> >> >> >> to piece together my workflow based on the documentation
> >> >> >> >> >> >> and
> >> >> >> >> >> >> filling
> >> >> >> >> >> >> in blanks where possible since I do require customizations
> >> >> >> >> >> >> to
> >> >> >> >> >> >> vdsm.conf and the documented workflow of adding a host via
> >> >> >> >> >> >> web
> >> >> >> >> >> >> UI
> >> >> >> >> >> >> does
> >> >> >> >> >> >> not allow for such customization.
> >> >> >> >> >> >>
> >> >> >> >> >> >> Thanks,
> >> >> >> >> >> >> - Trey
> >> >> >> >> >> >>
> >> >> >> >> >> >> [1] - https://github.com/treydock/puppet-ovirt (README not
> >> >> >> >> >> >> fully
> >> >> >> >> >> >> updated as still working out how to use Puppet with oVirt)
> >> >> >> >> >> >>
> >> >> >> >> >> >> >
> >> >> >> >> >> >> > On 08/05/2014 08:12 AM, Trey Dockendorf wrote:
> >> >> >> >> >> >> >>
> >> >> >> >> >> >> >> I'll file BZ.  As far as I can recall this has been an
> >> >> >> >> >> >> >> issue
> >> >> >> >> >> >> >> since
> >> >> >> >> >> >> >> 3.3.x
> >> >> >> >> >> >> >> as
> >> >> >> >> >> >> >> I have been using Puppet to modify values and have had
> >> >> >> >> >> >> >> to
> >> >> >> >> >> >> >> rerun
> >> >> >> >> >> >> >> Puppet
> >> >> >> >> >> >> >> after installing a node via GUI and when performing
> >> >> >> >> >> >> >> update
> >> >> >> >> >> >> >> from
> >> >> >> >> >> >> >> GUI.
> >> >> >> >> >> >> >> Given
> >> >> >> >> >> >> >> that it has occurred when VDSM version didn't change on
> >> >> >> >> >> >> >> the
> >> >> >> >> >> >> >> node
> >> >> >> >> >> >> >> it
> >> >> >> >> >> >> >> seems
> >> >> >> >> >> >> >> likely to be something being done by Python code that
> >> >> >> >> >> >> >> bootstraps
> >> >> >> >> >> >> >> a
> >> >> >> >> >> >> >> node
> >> >> >> >> >> >> >> and
> >> >> >> >> >> >> >> performs the other tasks.  I won't have any systems
> >> >> >> >> >> >> >> available
> >> >> >> >> >> >> >> to
> >> >> >> >> >> >> >> test
> >> >> >> >> >> >> >> with
> >> >> >> >> >> >> >> for a few days.  New hardware specifically for our oVirt
> >> >> >> >> >> >> >> deployment
> >> >> >> >> >> >> >> is
> >> >> >> >> >> >> >> on
> >> >> >> >> >> >> >> order so should be able to more thoroughly debug and
> >> >> >> >> >> >> >> capture
> >> >> >> >> >> >> >> logs
> >> >> >> >> >> >> >> at
> >> >> >> >> >> >> >> that
> >> >> >> >> >> >> >> time.
> >> >> >> >> >> >> >>
> >> >> >> >> >> >> >> Would using vdsm-reg be a better solution for adding new
> >> >> >> >> >> >> >> nodes?
> >> >> >> >> >> >> >> I
> >> >> >> >> >> >> >> only
> >> >> >> >> >> >> >> tried using vdsm-reg once and it went very poorly...lots
> >> >> >> >> >> >> >> of
> >> >> >> >> >> >> >> missing
> >> >> >> >> >> >> >> dependencies not pulled in from yum install I had to
> >> >> >> >> >> >> >> install
> >> >> >> >> >> >> >> manually
> >> >> >> >> >> >> >> via
> >> >> >> >> >> >> >> yum.  Then the node was auto added to newest cluster
> >> >> >> >> >> >> >> with
> >> >> >> >> >> >> >> no
> >> >> >> >> >> >> >> ability
> >> >> >> >> >> >> >> to
> >> >> >> >> >> >> >> change the cluster.  Be happy to debug that too if
> >> >> >> >> >> >> >> there's
> >> >> >> >> >> >> >> some
> >> >> >> >> >> >> >> docs
> >> >> >> >> >> >> >> that
> >> >> >> >> >> >> >> outline the expected behavior.
> >> >> >> >> >> >> >>
> >> >> >> >> >> >> >> Using vdsm-reg or something similar seems like a better
> >> >> >> >> >> >> >> fit
> >> >> >> >> >> >> >> for
> >> >> >> >> >> >> >> puppet
> >> >> >> >> >> >> >> deployed nodes, as opposed to requiring GUI steps to add
> >> >> >> >> >> >> >> the
> >> >> >> >> >> >> >> node.
> >> >> >> >> >> >> >>
> >> >> >> >> >> >> >> Thanks
> >> >> >> >> >> >> >> - Trey
> >> >> >> >> >> >> >> On Aug 4, 2014 5:53 AM, "ybronhei" <ybronhei at redhat.com>
> >> >> >> >> >> >> >> wrote:
> >> >> >> >> >> >> >>
> >> >> >> >> >> >> >>> On 07/31/2014 01:28 AM, Trey Dockendorf wrote:
> >> >> >> >> >> >> >>>
> >> >> >> >> >> >> >>>> I'm running ovirt nodes that are stock CentOS 6.5
> >> >> >> >> >> >> >>>> systems
> >> >> >> >> >> >> >>>> with
> >> >> >> >> >> >> >>>> VDSM
> >> >> >> >> >> >> >>>> installed.  I am using iSER to do iSCSI over RDMA and
> >> >> >> >> >> >> >>>> to
> >> >> >> >> >> >> >>>> make
> >> >> >> >> >> >> >>>> that
> >> >> >> >> >> >> >>>> work I have to modify /etc/vdsm/vdsm.conf to include
> >> >> >> >> >> >> >>>> the
> >> >> >> >> >> >> >>>> following:
> >> >> >> >> >> >> >>>>
> >> >> >> >> >> >> >>>> [irs]
> >> >> >> >> >> >> >>>> iscsi_default_ifaces = iser,default
> >> >> >> >> >> >> >>>>
> >> >> >> >> >> >> >>>> I've noticed that any time I upgrade a node from the
> >> >> >> >> >> >> >>>> engine
> >> >> >> >> >> >> >>>> web
> >> >> >> >> >> >> >>>> interface that changes to vdsm.conf are wiped out.  I
> >> >> >> >> >> >> >>>> don't
> >> >> >> >> >> >> >>>> know
> >> >> >> >> >> >> >>>> if
> >> >> >> >> >> >> >>>> this is being done by the configuration code or by the
> >> >> >> >> >> >> >>>> vdsm
> >> >> >> >> >> >> >>>> package.
> >> >> >> >> >> >> >>>> Is there a more reliable way to ensure changes to
> >> >> >> >> >> >> >>>> vdsm.conf
> >> >> >> >> >> >> >>>> are
> >> >> >> >> >> >> >>>> NOT
> >> >> >> >> >> >> >>>> removed automatically?
> >> >> >> >> >> >> >>>>
> >> >> >> >> >> >> >>>
> >> >> >> >> >> >> >>> Hey,
> >> >> >> >> >> >> >>>
> >> >> >> >> >> >> >>> vdsm.conf shouldn't wiped out and shouldn't changed at
> >> >> >> >> >> >> >>> all
> >> >> >> >> >> >> >>> during
> >> >> >> >> >> >> >>> upgrade.
> >> >> >> >> >> >> >>> other related conf files (such as libvirtd.conf) might
> >> >> >> >> >> >> >>> be
> >> >> >> >> >> >> >>> overrided
> >> >> >> >> >> >> >>> to
> >> >> >> >> >> >> >>> keep
> >> >> >> >> >> >> >>> defaults configurations for vdsm. but vdsm.conf should
> >> >> >> >> >> >> >>> persist
> >> >> >> >> >> >> >>> with
> >> >> >> >> >> >> >>> user's
> >> >> >> >> >> >> >>> modification. from my check, regular yum upgrade
> >> >> >> >> >> >> >>> doesn't
> >> >> >> >> >> >> >>> touch
> >> >> >> >> >> >> >>> vdsm.conf
> >> >> >> >> >> >> >>>
> >> >> >> >> >> >> >>> Douglas can you verify that with node upgrade? might be
> >> >> >> >> >> >> >>> specific
> >> >> >> >> >> >> >>> to
> >> >> >> >> >> >> >>> that
> >> >> >> >> >> >> >>> flow..
> >> >> >> >> >> >> >>>
> >> >> >> >> >> >> >>> Trey, can file a bugzilla on that and describe your
> >> >> >> >> >> >> >>> steps
> >> >> >> >> >> >> >>> there?
> >> >> >> >> >> >> >>>
> >> >> >> >> >> >> >>> Thanks
> >> >> >> >> >> >> >>>
> >> >> >> >> >> >> >>> Yaniv Bronhaim,
> >> >> >> >> >> >> >>>
> >> >> >> >> >> >> >>>>
> >> >> >> >> >> >> >>>> Thanks,
> >> >> >> >> >> >> >>>> - Trey
> >> >> >> >> >> >> >>>> _______________________________________________
> >> >> >> >> >> >> >>>> Users mailing list
> >> >> >> >> >> >> >>>> Users at ovirt.org
> >> >> >> >> >> >> >>>> http://lists.ovirt.org/mailman/listinfo/users
> >> >> >> >> >> >> >>>>
> >> >> >> >> >> >> >>>>
> >> >> >> >> >> >> >>>
> >> >> >> >> >> >> >>> --
> >> >> >> >> >> >> >>> Yaniv Bronhaim.
> >> >> >> >> >> >> >>>
> >> >> >> >> >> >> >>
> >> >> >> >> >> >> >
> >> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> 


More information about the Users mailing list