[ovirt-users] VMs unknown state and ovirt node Non Responsive

Juan Hernández jhernand at redhat.com
Mon Jan 26 09:25:57 UTC 2015


On 01/23/2015 08:42 PM, Grzegorz Szypa wrote:
> Thanks.
> 
> It was resolve problem, but question,but the question is whether the
> problem is resolved JAVA or rather fall off ??
> 
> Regards,
> Grzegorz Szypa
> 

The actual problem is that there is no way to tell the oVirt engine to
use a protocol other than SSLv3 to communicate with hosts. That has been
fixed in version 3.5:

  http://gerrit.ovirt.org/34917

Given that this is an important security issue I'd expect to see it
fixed in 3.4.z as well. While/if that doesn't happen then your only
alternative to fix properly the issue is to upgrade to 3.5 and then make
sure that the VdsmSSLProtocol configuration parameter is set to TLSv1.

> 2015-01-23 9:46 GMT+01:00 Juan Hernández <jhernand at redhat.com
> <mailto:jhernand at redhat.com>>:
> 
>     On 01/23/2015 05:20 AM, Grzegorz Szypa wrote:
>     > Hi.
>     >
>     > I have a simillar problem like in this link:
>     > https://access.redhat.com/discussions/1326793
>     > https://bugzilla.redhat.com/show_bug.cgi?id=1165269
>     >
>     > Similar, becouse I worked it out with the VM uknown status, but I
>     still
>     > have problem with host (node). It is all in one installaltion,
>     therefore
>     > i dont have to remove host and add again (it is only one host
>     portal and
>     > node on the same host), because there are still connected to the VMs.
>     >
>     > It is ovirt 3.4.4 release in latest updates on Centos 6.6 (Centos 6.5
>     > Final).
>     >
>     > Can I do smoethings or can I upgrade to ovirt 3.5 release (safely
>     > without losing anything) if this helps.
>     >
>     > If anyone would like to help me remotely (for charity), I would be
>     > grateful :)
>     >
>     > --
>     > G.Sz.
> 
>     If your problem is related to that link, then you should have tried to
>     downgrade the JDK, and it should have worked. To double check you can
>     check the
>     /usr/lib/jvm/java-1.7.0-openjdk-*/jre/lib/security/java.security file.
>     It may contain this line, at the very end:
> 
>       jdk.tls.disabledAlgorithms=SSLv3
> 
>     That is because of the recent security problems with SSLv3. If you need
>     to solve your problem urgently and you are sure that you won't be
>     affected by those security problems then you can just comment out this
>     line and restart the engine.
> 
>     Remember to undo this change once you upgrade to 3.5.
> 
-- 
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.



More information about the Users mailing list