Re: [Users] Certificates and PKI seem to be broken after yum update
How exactly did you upgrade? Usually yum upgrade will not touch ovirt-engine packages as it is in yum version lock. >From which version to which version have you upgraded? Have you run engine-upgrade utility? If you did not, please run it. If you did, please attach logs from /var/log/ovirt-engine/ovirt-engine-upgrade* Thanks! - Original Message - > From: "Chris Smith" > To: Users@ovirt.org > Sent: Sunday, April 7, 2013 5:09:46 AM > Subject: [Users] Certificates and PKI seem to be broken after yum update > > I have lost the ability to manage the hosts or VM's using ovirt > engine web interface after performing yum update on the ovirt-engine > host, and on one Fedora 17 host. The data center is offline, and I > can't place the hosts into maintenance mode. I don't think that there > are any actions I can perform in the web interface at all. > > From the logs it seems that PKI is broken between the engine and the hosts. > > I am wondering how I can restore or re-generate all of the > certificates and get the hosts communicating with the ovirt-engine > again so that I can bring the data center back online. > > I found this page which deals with changing the engine hostname, and > thus re-creating the certificates and keystore on the ovirt-engine > node, and was wondering if this could help. Could I follow this > process but keep the same hostname for the ovirt-engine node? > > http://wiki.ovirt.org/How_to_change_engine_host_name > > Currently I have 3 VM's running on two hosts. The VM's are up, but I > can't do anything with them in ovirt-engine. > > > Here's the latest activity from engine.log from the ovirt-engine node: > > 2013-04-06 21:58:47,472 ERROR > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] > (QuartzScheduler_Worker-61) Failed to > decryptjava.io.FileNotFoundException: /etc/pki/ovirt-engine/.keystore > (Permission denied) > 2013-04-06 21:58:47,478 ERROR > [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] > (QuartzScheduler_Worker-62) Can't load keystore from file > "/etc/pki/ovirt-engine/.keystore".: java.io.FileNotFoundException: > /etc/pki/ovirt-engine/.keystore (Permission denied) > at java.io.FileInputStream.open(Native Method) > [rt.jar:1.7.0_09-icedtea] > at java.io.FileInputStream.(FileInputStream.java:138) > [rt.jar:1.7.0_09-icedtea] > at > > org.ovirt.engine.core.engineencryptutils.EncryptionUtils.getKeyStore(EncryptionUtils.java:214) > [engine-encryptutils.jar:] > at > > org.ovirt.engine.core.engineencryptutils.EncryptionUtils.decrypt(EncryptionUtils.java:139) > [engine-encryptutils.jar:] > at > > org.ovirt.engine.core.dao.VdsStaticDAODbFacadeImpl.decryptPassword(VdsStaticDAODbFacadeImpl.java:139) > [engine-dal.jar:] > at > > org.ovirt.engine.core.dao.VdsDAODbFacadeImpl$VdsRowMapper.mapRow(VdsDAODbFacadeImpl.java:253) > [engine-dal.jar:] > at > > org.ovirt.engine.core.dao.VdsDAODbFacadeImpl$VdsRowMapper.mapRow(VdsDAODbFacadeImpl.java:169) > [engine-dal.jar:] > at > > org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:92) > [spring-jdbc-2.5.6.SEC02.jar:2.5.6.SEC02] > at > > org.springframework.jdbc.core.JdbcTemplate$1.doInPreparedStatement(JdbcTemplate.java:653) > [spring-jdbc-2.5.6.SEC02.jar:2.5.6.SEC02] > at > > org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:591) > [spring-jdbc-2.5.6.SEC02.jar:2.5.6.SEC02] > at > > org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:641) > [spring-jdbc-2.5.6.SEC02.jar:2.5.6.SEC02] > at > > org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:670) > [spring-jdbc-2.5.6.SEC02.jar:2.5.6.SEC02] > at > > org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:702) > [spring-jdbc-2.5.6.SEC02.jar:2.5.6.SEC02] > at > > org.ovirt.engine.core.dal.dbbroker.PostgresDbEngineDialect$PostgresSimpleJdbcCall.executeCallInternal(PostgresDbEngineDialect.java:155) > [engine-dal.jar:] > at > > org.ovirt.engine.core.dal.dbbroker.PostgresDbEngineDialect$PostgresSimpleJdbcCall.doExecute(PostgresDbEngineDialect.java:121) > [engine-dal.jar:] > at > > org.springframework.jdbc.core.simple.SimpleJdbcCall.execute(SimpleJdbcCall.java:164) > [spring-jdbc-2.5.6.SEC02.jar:2.5.6.SEC02] > at > > org.ovirt.engine.core.dal.dbbroker.SimpleJdbcCallsHandler.executeImpl(SimpleJdbcCallsHandler.java:124) > [engine-dal.jar:] > at > > org.ovirt.engine.core.dal.dbbroker.SimpleJdbcCallsHandler.executeReadAndReturnMap(SimpleJdbcCallsHandler.java:75) > [engine-dal.jar:] > at > > org.ovirt.engine.core.dal.dbbroker.SimpleJdbcCallsHandler.executeReadList(SimpleJdbcCallsHandler.java:66) > [engine-dal.jar:] > at > > org.ovirt.e
Re: [Users] SPM is always contending - resolved
Which type of storage domain was in your engine? NFS? iSCSI? or other types? Andy Singleton: Problem resolved. The clue was obviously in the engine.log (FSCK error) but I couldn't see what was needing an fsck or why this would prevent the storage of every vm from being mounted. I still dont understand the whole of the ovirt storage mechanism. More information was in the node vdsm.log - It pointed here. /dev/mapper/9ed5a2fe--ae4c--433f--a15f--2c710ed5156f-master One fsck later problem resolved. Thanks Andy ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- --- 舒明 Shu Ming Open Virtualization Engineerning; CSTL, IBM Corp. Tel: 86-10-82451626 Tieline: 9051626 E-mail: shum...@cn.ibm.com or shum...@linux.vnet.ibm.com Address: 3/F Ring Building, ZhongGuanCun Software Park, Haidian District, Beijing 100193, PRC ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] Certificates and PKI seem to be broken after yum update
I have lost the ability to manage the hosts or VM's using ovirt engine web interface after performing yum update on the ovirt-engine host, and on one Fedora 17 host. The data center is offline, and I can't place the hosts into maintenance mode. I don't think that there are any actions I can perform in the web interface at all. >From the logs it seems that PKI is broken between the engine and the hosts. I am wondering how I can restore or re-generate all of the certificates and get the hosts communicating with the ovirt-engine again so that I can bring the data center back online. I found this page which deals with changing the engine hostname, and thus re-creating the certificates and keystore on the ovirt-engine node, and was wondering if this could help. Could I follow this process but keep the same hostname for the ovirt-engine node? http://wiki.ovirt.org/How_to_change_engine_host_name Currently I have 3 VM's running on two hosts. The VM's are up, but I can't do anything with them in ovirt-engine. Here's the latest activity from engine.log from the ovirt-engine node: 2013-04-06 21:58:47,472 ERROR [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] (QuartzScheduler_Worker-61) Failed to decryptjava.io.FileNotFoundException: /etc/pki/ovirt-engine/.keystore (Permission denied) 2013-04-06 21:58:47,478 ERROR [org.ovirt.engine.core.engineencryptutils.EncryptionUtils] (QuartzScheduler_Worker-62) Can't load keystore from file "/etc/pki/ovirt-engine/.keystore".: java.io.FileNotFoundException: /etc/pki/ovirt-engine/.keystore (Permission denied) at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_09-icedtea] at java.io.FileInputStream.(FileInputStream.java:138) [rt.jar:1.7.0_09-icedtea] at org.ovirt.engine.core.engineencryptutils.EncryptionUtils.getKeyStore(EncryptionUtils.java:214) [engine-encryptutils.jar:] at org.ovirt.engine.core.engineencryptutils.EncryptionUtils.decrypt(EncryptionUtils.java:139) [engine-encryptutils.jar:] at org.ovirt.engine.core.dao.VdsStaticDAODbFacadeImpl.decryptPassword(VdsStaticDAODbFacadeImpl.java:139) [engine-dal.jar:] at org.ovirt.engine.core.dao.VdsDAODbFacadeImpl$VdsRowMapper.mapRow(VdsDAODbFacadeImpl.java:253) [engine-dal.jar:] at org.ovirt.engine.core.dao.VdsDAODbFacadeImpl$VdsRowMapper.mapRow(VdsDAODbFacadeImpl.java:169) [engine-dal.jar:] at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:92) [spring-jdbc-2.5.6.SEC02.jar:2.5.6.SEC02] at org.springframework.jdbc.core.JdbcTemplate$1.doInPreparedStatement(JdbcTemplate.java:653) [spring-jdbc-2.5.6.SEC02.jar:2.5.6.SEC02] at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:591) [spring-jdbc-2.5.6.SEC02.jar:2.5.6.SEC02] at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:641) [spring-jdbc-2.5.6.SEC02.jar:2.5.6.SEC02] at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:670) [spring-jdbc-2.5.6.SEC02.jar:2.5.6.SEC02] at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:702) [spring-jdbc-2.5.6.SEC02.jar:2.5.6.SEC02] at org.ovirt.engine.core.dal.dbbroker.PostgresDbEngineDialect$PostgresSimpleJdbcCall.executeCallInternal(PostgresDbEngineDialect.java:155) [engine-dal.jar:] at org.ovirt.engine.core.dal.dbbroker.PostgresDbEngineDialect$PostgresSimpleJdbcCall.doExecute(PostgresDbEngineDialect.java:121) [engine-dal.jar:] at org.springframework.jdbc.core.simple.SimpleJdbcCall.execute(SimpleJdbcCall.java:164) [spring-jdbc-2.5.6.SEC02.jar:2.5.6.SEC02] at org.ovirt.engine.core.dal.dbbroker.SimpleJdbcCallsHandler.executeImpl(SimpleJdbcCallsHandler.java:124) [engine-dal.jar:] at org.ovirt.engine.core.dal.dbbroker.SimpleJdbcCallsHandler.executeReadAndReturnMap(SimpleJdbcCallsHandler.java:75) [engine-dal.jar:] at org.ovirt.engine.core.dal.dbbroker.SimpleJdbcCallsHandler.executeReadList(SimpleJdbcCallsHandler.java:66) [engine-dal.jar:] at org.ovirt.engine.core.dal.dbbroker.SimpleJdbcCallsHandler.executeRead(SimpleJdbcCallsHandler.java:58) [engine-dal.jar:] at org.ovirt.engine.core.dao.VdsDAODbFacadeImpl.get(VdsDAODbFacadeImpl.java:36) [engine-dal.jar:] at org.ovirt.engine.core.dao.VdsDAODbFacadeImpl.get(VdsDAODbFacadeImpl.java:31) [engine-dal.jar:] at org.ovirt.engine.core.vdsbroker.VdsManager$1.runInTransaction(VdsManager.java:219) [engine-vdsbroker.jar:] at org.ovirt.engine.core.utils.transaction.TransactionSupport.executeInSuppressed(TransactionSupport.java:168) [engine-utils.jar:] at org.ovirt.engine.core.utils.transaction.TransactionSupport.executeInScope(TransactionSupport.java:107) [engine-utils.jar:] at org.ovirt.engine.core.vdsbroker.VdsManager.OnTimer(VdsManager.java:215) [engine-vdsbroker.jar:] at sun.reflect.GeneratedMethodAccessor13.invoke(Unknown Source)
Re: [Users] User Portal
On 04/05/2013 02:31 PM, René Koch (ovido) wrote: On Tue, 2013-04-02 at 01:27 +0300, Itamar Heim wrote: On 03/22/2013 04:55 PM, René Koch (ovido) wrote: Hi, If you login with PowerUser permission you have 2 tabs (Basic and Extended) where Basic is the UserPortal and Extended the PowerUserPortal. So you can switch between these 2 views. Btw, in RHEV (3.0 and 3.1) I see a (for me) strange behaviour and haven't tested if this is the same in oVirt. When installing RHEV a "Default" datacenter is created and everyone has permission on template "blank". As long as I don't remove permissions on "blank" template user with role "UserRole" start in PowerUserPortal (Extended view) instead of UserPortal (Basic view) - without permission on template "blank" they can't switch between these 2 views/portals (which is the expected situation - users with UserPortal permission shouldn't be aware of the PowerUserPortal). Is this bug or intended? Regards, René On Fri, 2013-03-22 at 15:40 +0100, Gianluca Cecchi wrote: On Fri, Mar 22, 2013 at 3:31 PM, Itamar Heim wrote: On 03/20/2013 03:26 PM, Gianluca Cecchi wrote: BTW: RHEVM 3.1 portals (User Portal and Power User Portal) have been consolidated in the unique oVirt 3.2.x User Portal? Are they going to be consolidated in RHEVM 3.2 too? what do you mean by "consolidated"? (in any case, there is no difference between ovirt and rhev on this) Sorry I misunderstood. Both normal and power users access the User Portal at https://server.example.com/UserPortal but if a user has RHEVMPowerUser role (in RHEVM 3.1) or probably the system related role named "PowerUserRole" (in oVirt) what he/she gets is the Power User Portal and not the "normal" User Portal, correct? Gianluca ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users i believe a bug, would appreciate if you can test on latest 3.3 nightly. I'll try it with 3.3 nightly and will let you know. Can I virtualize an oVirt 3.3 hypervisor on an oVirt 3.2 host based on CentOS 6.4 (does RHEL 6.4/CentOS 6.4 support nested KVM or do I have to use Fedora 18?) as I'm short with hardware at the moment? if you want to run real VMs, you need nested virt, which means fedora. if you only wnat to test, you can use virtual hosts with fake vms ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] SPM is always contending - resolved
Problem resolved. The clue was obviously in the engine.log (FSCK error) but I couldn't see what was needing an fsck or why this would prevent the storage of every vm from being mounted. I still dont understand the whole of the ovirt storage mechanism. More information was in the node vdsm.log - It pointed here. /dev/mapper/9ed5a2fe--ae4c--433f--a15f--2c710ed5156f-master One fsck later problem resolved. Thanks Andy ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users