[ovirt-users] VMs unknown state and ovirt node Non Responsive
Juan Hernández
jhernand at redhat.com
Mon Jan 26 09:25:57 UTC 2015
On 01/23/2015 08:42 PM, Grzegorz Szypa wrote:
> Thanks.
>
> It was resolve problem, but question,but the question is whether the
> problem is resolved JAVA or rather fall off ??
>
> Regards,
> Grzegorz Szypa
>
The actual problem is that there is no way to tell the oVirt engine to
use a protocol other than SSLv3 to communicate with hosts. That has been
fixed in version 3.5:
http://gerrit.ovirt.org/34917
Given that this is an important security issue I'd expect to see it
fixed in 3.4.z as well. While/if that doesn't happen then your only
alternative to fix properly the issue is to upgrade to 3.5 and then make
sure that the VdsmSSLProtocol configuration parameter is set to TLSv1.
> 2015-01-23 9:46 GMT+01:00 Juan Hernández <jhernand at redhat.com
> <mailto:jhernand at redhat.com>>:
>
> On 01/23/2015 05:20 AM, Grzegorz Szypa wrote:
> > Hi.
> >
> > I have a simillar problem like in this link:
> > https://access.redhat.com/discussions/1326793
> > https://bugzilla.redhat.com/show_bug.cgi?id=1165269
> >
> > Similar, becouse I worked it out with the VM uknown status, but I
> still
> > have problem with host (node). It is all in one installaltion,
> therefore
> > i dont have to remove host and add again (it is only one host
> portal and
> > node on the same host), because there are still connected to the VMs.
> >
> > It is ovirt 3.4.4 release in latest updates on Centos 6.6 (Centos 6.5
> > Final).
> >
> > Can I do smoethings or can I upgrade to ovirt 3.5 release (safely
> > without losing anything) if this helps.
> >
> > If anyone would like to help me remotely (for charity), I would be
> > grateful :)
> >
> > --
> > G.Sz.
>
> If your problem is related to that link, then you should have tried to
> downgrade the JDK, and it should have worked. To double check you can
> check the
> /usr/lib/jvm/java-1.7.0-openjdk-*/jre/lib/security/java.security file.
> It may contain this line, at the very end:
>
> jdk.tls.disabledAlgorithms=SSLv3
>
> That is because of the recent security problems with SSLv3. If you need
> to solve your problem urgently and you are sure that you won't be
> affected by those security problems then you can just comment out this
> line and restart the engine.
>
> Remember to undo this change once you upgrade to 3.5.
>
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
More information about the Users
mailing list