[ovirt-users] GlusterFS Distributed Replicate HA with KeepAlived

[Punit Dambiwal]

Hi,

I have 4 node GlusterFS Distributed Replicate volume...the same 4 host node
i am using for compute purposenow i want to make it HAso if any
host goes down .VM will not pause and it will migrate to another
available node...

1. Can any one have any document or reference to do this with keepalived...
2. I have one more node as spare...so if any host goes down and can not
come up again because of any HW failure...i can add it...but i didn't find
any way to add these bricks to volume...??

Thanks,
Punit
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Ovirt SSL Question

[Punit Dambiwal]

Hi Alon,

Thanks a ton for your help...I will try this and let you know if face any
problem.

Thanks,
Punit


On Fri, Aug 15, 2014 at 1:16 PM, Alon Bar-Lev  wrote:

>
>
> - Original Message -
> > From: "Punit Dambiwal" 
> > To: "Alon Bar-Lev" 
> > Cc: users@ovirt.org, aha...@redhat.com, "Sven Kieske" <
> s.kie...@mittwald.de>, "Dan Kenigsberg" ,
> > "Michal Skrivanek" , "Antoni Segura
> Puimedon" , "Frantisek Kobzik"
> > , "Itamar Heim" , "sabose" <
> sab...@redhat.com>, barum...@redhat.com, "Simone
> > Tiraboschi" 
> > Sent: Friday, August 15, 2014 6:05:14 AM
> > Subject: Re: [ovirt-users] Ovirt SSL Question
> >
> > Hi Alon,
> >
> > Thanks understandthat means no need to enroll certificate from the
> > internal...just generate the CSR from standalone websocket proxy server
> and
> > receive the 3rd party SSL and install that SSL on the websocket proxy
> > server and then Create /etc/ovirt-engine/ovirt-
> > websocket-proxy.conf.d/20-pki.conf and override the SSL_CERTIFICATE and
> > SSL_KEY with 3rd party certificate chain and matching key. ???
>
> yes.
>
> > Also one more questionas i don't want to use the ovirt default
> > websocket proxy as it doesn't fit to our requirementwe are using
> > websockify on the separate standalone serverit seems i need to do the
> > same as we can do for the websocket...m i right ??
>
> you should do this only on the active proxy.
>
> >
> > Thanks For your help Alon...
> >
> > Thanks,
> > Punit
> >
> >
> > On Fri, Aug 15, 2014 at 10:19 AM, Alon Bar-Lev 
> wrote:
> >
> > >
> > >
> > > - Original Message -
> > > > From: "Punit Dambiwal" 
> > > > To: "Alon Bar-Lev" 
> > > > Cc: users@ovirt.org, aha...@redhat.com, "Sven Kieske" <
> > > s.kie...@mittwald.de>, "Dan Kenigsberg" ,
> > > > "Michal Skrivanek" , "Antoni Segura
> > > Puimedon" , "Frantisek Kobzik"
> > > > , "Itamar Heim" , "sabose" <
> > > sab...@redhat.com>, barum...@redhat.com, "Simone
> > > > Tiraboschi" 
> > > > Sent: Friday, August 15, 2014 4:56:36 AM
> > > > Subject: Re: [ovirt-users] Ovirt SSL Question
> > > >
> > > > Hi Alon,
> > > >
> > > > Thanks...that means even we use the standalone websocket proxy or
> > > > standalone websockify...do i need to do the same process :-
> > > >
> > > >
> > >
> http://www.ovirt.org/Features/noVNC_console#Setup_Websocket_Proxy_on_a_Separate_Machine
> > > >
> > > > On the engine, generate a certificate and key. substitute 
> with the
> > > > DNS name of the host. Substitute ,  to suite
> your
> > > > environment (i.e. the values must match values in the certificate
> > > authority
> > > > of your engine).
> > > >
> > > > /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh
> > > > --name=websocket-proxy-standalone --password=mypass
> > > > --subject="/C=/O=/CN="
> > > >
> > > > Copy /etc/pki/ovirt-engine/keys/websocket-proxy-standalone.p12 and
> > > > /etc/pki/ovirt-engine/certs/engine.cer from the engine to the proxy
> > > machine
> > > > at /etc/pki/ovirt-websocket-proxy
> > > > At websocket-proxy machine
> > > >
> > > > Install ovirt-engine-websocket-proxy package.
> > > >
> > > > Extract keys:
> > > >
> > > > cd /etc/pki/ovirt-websocket-proxy
> > > > openssl pkcs12 -in websocket-proxy-standalone.p12 -nokeys -out
> > > > websocket-proxy-standalone.cer
> > > > openssl pkcs12 -in websocket-proxy-standalone.p12 -nocerts -nodes
> -out
> > > > websocket-proxy-standalone.key
> > > > chown ovirt:ovirt *
> > > > chmod 0600 *
> > > >
> > > > And then Create
> > > /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/20-pki.conf
> > > > and override the SSL_CERTIFICATE and SSL_KEY with 3rd party
> certificate
> > > > chain and matching key. ??
> > >
> > > you wanted to use a certificate from 3rd party certificate authority,
> you
> > > do not need to enroll a certificate from the internal certificate
> > > authority.
> > >
> > > >
> > > >
> > > >
> > > > On Fri, Aug 15, 2014 at 9:51 AM, Alon Bar-Lev 
> wrote:
> > > >
> > > > >
> > > > >
> > > > > - Original Message -
> > > > > > From: "Punit Dambiwal" 
> > > > > > To: "Alon Bar-Lev" 
> > > > > > Cc: users@ovirt.org, aha...@redhat.com, "Sven Kieske" <
> > > > > s.kie...@mittwald.de>, "Dan Kenigsberg" ,
> > > > > > "Michal Skrivanek" , "Antoni Segura
> > > > > Puimedon" , "Frantisek Kobzik"
> > > > > > , "Itamar Heim" ,
> "sabose" <
> > > > > sab...@redhat.com>, barum...@redhat.com, "Simone
> > > > > > Tiraboschi" 
> > > > > > Sent: Friday, August 15, 2014 4:48:13 AM
> > > > > > Subject: Re: [ovirt-users] Ovirt SSL Question
> > > > > >
> > > > > > Hi Alon,
> > > > > >
> > > > > > Thanks...but still the same questionfor which FQDN i need to
> > > purchase
> > > > > > the SSL (Ovirt engine FQDN or standalone websocket proxy FQDN) ??
> > > > >
> > > > > this is standard https, the browser expects the name of the remote
> > > host,
> > > > > which is the websocket proxy host.
> > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Fri, Aug 15, 2014 at 9:46 AM, Alon Bar-Lev  >
> > > wrote:
> >

Re: [ovirt-users] Ovirt SSL Question

[Alon Bar-Lev]

- Original Message -
> From: "Punit Dambiwal" 
> To: "Alon Bar-Lev" 
> Cc: users@ovirt.org, aha...@redhat.com, "Sven Kieske" , 
> "Dan Kenigsberg" ,
> "Michal Skrivanek" , "Antoni Segura Puimedon" 
> , "Frantisek Kobzik"
> , "Itamar Heim" , "sabose" 
> , barum...@redhat.com, "Simone
> Tiraboschi" 
> Sent: Friday, August 15, 2014 6:05:14 AM
> Subject: Re: [ovirt-users] Ovirt SSL Question
> 
> Hi Alon,
> 
> Thanks understandthat means no need to enroll certificate from the
> internal...just generate the CSR from standalone websocket proxy server and
> receive the 3rd party SSL and install that SSL on the websocket proxy
> server and then Create /etc/ovirt-engine/ovirt-
> websocket-proxy.conf.d/20-pki.conf and override the SSL_CERTIFICATE and
> SSL_KEY with 3rd party certificate chain and matching key. ???

yes.

> Also one more questionas i don't want to use the ovirt default
> websocket proxy as it doesn't fit to our requirementwe are using
> websockify on the separate standalone serverit seems i need to do the
> same as we can do for the websocket...m i right ??

you should do this only on the active proxy.

> 
> Thanks For your help Alon...
> 
> Thanks,
> Punit
> 
> 
> On Fri, Aug 15, 2014 at 10:19 AM, Alon Bar-Lev  wrote:
> 
> >
> >
> > - Original Message -
> > > From: "Punit Dambiwal" 
> > > To: "Alon Bar-Lev" 
> > > Cc: users@ovirt.org, aha...@redhat.com, "Sven Kieske" <
> > s.kie...@mittwald.de>, "Dan Kenigsberg" ,
> > > "Michal Skrivanek" , "Antoni Segura
> > Puimedon" , "Frantisek Kobzik"
> > > , "Itamar Heim" , "sabose" <
> > sab...@redhat.com>, barum...@redhat.com, "Simone
> > > Tiraboschi" 
> > > Sent: Friday, August 15, 2014 4:56:36 AM
> > > Subject: Re: [ovirt-users] Ovirt SSL Question
> > >
> > > Hi Alon,
> > >
> > > Thanks...that means even we use the standalone websocket proxy or
> > > standalone websockify...do i need to do the same process :-
> > >
> > >
> > http://www.ovirt.org/Features/noVNC_console#Setup_Websocket_Proxy_on_a_Separate_Machine
> > >
> > > On the engine, generate a certificate and key. substitute  with the
> > > DNS name of the host. Substitute ,  to suite your
> > > environment (i.e. the values must match values in the certificate
> > authority
> > > of your engine).
> > >
> > > /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh
> > > --name=websocket-proxy-standalone --password=mypass
> > > --subject="/C=/O=/CN="
> > >
> > > Copy /etc/pki/ovirt-engine/keys/websocket-proxy-standalone.p12 and
> > > /etc/pki/ovirt-engine/certs/engine.cer from the engine to the proxy
> > machine
> > > at /etc/pki/ovirt-websocket-proxy
> > > At websocket-proxy machine
> > >
> > > Install ovirt-engine-websocket-proxy package.
> > >
> > > Extract keys:
> > >
> > > cd /etc/pki/ovirt-websocket-proxy
> > > openssl pkcs12 -in websocket-proxy-standalone.p12 -nokeys -out
> > > websocket-proxy-standalone.cer
> > > openssl pkcs12 -in websocket-proxy-standalone.p12 -nocerts -nodes -out
> > > websocket-proxy-standalone.key
> > > chown ovirt:ovirt *
> > > chmod 0600 *
> > >
> > > And then Create
> > /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/20-pki.conf
> > > and override the SSL_CERTIFICATE and SSL_KEY with 3rd party certificate
> > > chain and matching key. ??
> >
> > you wanted to use a certificate from 3rd party certificate authority, you
> > do not need to enroll a certificate from the internal certificate
> > authority.
> >
> > >
> > >
> > >
> > > On Fri, Aug 15, 2014 at 9:51 AM, Alon Bar-Lev  wrote:
> > >
> > > >
> > > >
> > > > - Original Message -
> > > > > From: "Punit Dambiwal" 
> > > > > To: "Alon Bar-Lev" 
> > > > > Cc: users@ovirt.org, aha...@redhat.com, "Sven Kieske" <
> > > > s.kie...@mittwald.de>, "Dan Kenigsberg" ,
> > > > > "Michal Skrivanek" , "Antoni Segura
> > > > Puimedon" , "Frantisek Kobzik"
> > > > > , "Itamar Heim" , "sabose" <
> > > > sab...@redhat.com>, barum...@redhat.com, "Simone
> > > > > Tiraboschi" 
> > > > > Sent: Friday, August 15, 2014 4:48:13 AM
> > > > > Subject: Re: [ovirt-users] Ovirt SSL Question
> > > > >
> > > > > Hi Alon,
> > > > >
> > > > > Thanks...but still the same questionfor which FQDN i need to
> > purchase
> > > > > the SSL (Ovirt engine FQDN or standalone websocket proxy FQDN) ??
> > > >
> > > > this is standard https, the browser expects the name of the remote
> > host,
> > > > which is the websocket proxy host.
> > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Fri, Aug 15, 2014 at 9:46 AM, Alon Bar-Lev 
> > wrote:
> > > > >
> > > > > >
> > > > > >
> > > > > > - Original Message -
> > > > > > > From: "Punit Dambiwal" 
> > > > > > > To: "Alon Bar-Lev" 
> > > > > > > Cc: users@ovirt.org, aha...@redhat.com, "Sven Kieske" <
> > > > > > s.kie...@mittwald.de>, "Dan Kenigsberg" ,
> > > > > > > "Michal Skrivanek" , "Antoni Segura
> > > > > > Puimedon" , "Frantisek Kobzik"
> > > > > > > , "Itamar Heim" ,
> > "sabose" <
> > > > > > sab...@redhat.com>, barum...@redhat.com, "Simone
> > > > > > > T

Re: [ovirt-users] Ovirt SSL Question

[Punit Dambiwal]

Hi Alon,

Thanks understandthat means no need to enroll certificate from the
internal...just generate the CSR from standalone websocket proxy server and
receive the 3rd party SSL and install that SSL on the websocket proxy
server and then Create /etc/ovirt-engine/ovirt-
websocket-proxy.conf.d/20-pki.conf and override the SSL_CERTIFICATE and
SSL_KEY with 3rd party certificate chain and matching key. ???

Also one more questionas i don't want to use the ovirt default
websocket proxy as it doesn't fit to our requirementwe are using
websockify on the separate standalone serverit seems i need to do the
same as we can do for the websocket...m i right ??

Thanks For your help Alon...

Thanks,
Punit


On Fri, Aug 15, 2014 at 10:19 AM, Alon Bar-Lev  wrote:

>
>
> - Original Message -
> > From: "Punit Dambiwal" 
> > To: "Alon Bar-Lev" 
> > Cc: users@ovirt.org, aha...@redhat.com, "Sven Kieske" <
> s.kie...@mittwald.de>, "Dan Kenigsberg" ,
> > "Michal Skrivanek" , "Antoni Segura
> Puimedon" , "Frantisek Kobzik"
> > , "Itamar Heim" , "sabose" <
> sab...@redhat.com>, barum...@redhat.com, "Simone
> > Tiraboschi" 
> > Sent: Friday, August 15, 2014 4:56:36 AM
> > Subject: Re: [ovirt-users] Ovirt SSL Question
> >
> > Hi Alon,
> >
> > Thanks...that means even we use the standalone websocket proxy or
> > standalone websockify...do i need to do the same process :-
> >
> >
> http://www.ovirt.org/Features/noVNC_console#Setup_Websocket_Proxy_on_a_Separate_Machine
> >
> > On the engine, generate a certificate and key. substitute  with the
> > DNS name of the host. Substitute ,  to suite your
> > environment (i.e. the values must match values in the certificate
> authority
> > of your engine).
> >
> > /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh
> > --name=websocket-proxy-standalone --password=mypass
> > --subject="/C=/O=/CN="
> >
> > Copy /etc/pki/ovirt-engine/keys/websocket-proxy-standalone.p12 and
> > /etc/pki/ovirt-engine/certs/engine.cer from the engine to the proxy
> machine
> > at /etc/pki/ovirt-websocket-proxy
> > At websocket-proxy machine
> >
> > Install ovirt-engine-websocket-proxy package.
> >
> > Extract keys:
> >
> > cd /etc/pki/ovirt-websocket-proxy
> > openssl pkcs12 -in websocket-proxy-standalone.p12 -nokeys -out
> > websocket-proxy-standalone.cer
> > openssl pkcs12 -in websocket-proxy-standalone.p12 -nocerts -nodes -out
> > websocket-proxy-standalone.key
> > chown ovirt:ovirt *
> > chmod 0600 *
> >
> > And then Create
> /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/20-pki.conf
> > and override the SSL_CERTIFICATE and SSL_KEY with 3rd party certificate
> > chain and matching key. ??
>
> you wanted to use a certificate from 3rd party certificate authority, you
> do not need to enroll a certificate from the internal certificate authority.
>
> >
> >
> >
> > On Fri, Aug 15, 2014 at 9:51 AM, Alon Bar-Lev  wrote:
> >
> > >
> > >
> > > - Original Message -
> > > > From: "Punit Dambiwal" 
> > > > To: "Alon Bar-Lev" 
> > > > Cc: users@ovirt.org, aha...@redhat.com, "Sven Kieske" <
> > > s.kie...@mittwald.de>, "Dan Kenigsberg" ,
> > > > "Michal Skrivanek" , "Antoni Segura
> > > Puimedon" , "Frantisek Kobzik"
> > > > , "Itamar Heim" , "sabose" <
> > > sab...@redhat.com>, barum...@redhat.com, "Simone
> > > > Tiraboschi" 
> > > > Sent: Friday, August 15, 2014 4:48:13 AM
> > > > Subject: Re: [ovirt-users] Ovirt SSL Question
> > > >
> > > > Hi Alon,
> > > >
> > > > Thanks...but still the same questionfor which FQDN i need to
> purchase
> > > > the SSL (Ovirt engine FQDN or standalone websocket proxy FQDN) ??
> > >
> > > this is standard https, the browser expects the name of the remote
> host,
> > > which is the websocket proxy host.
> > >
> > > >
> > > >
> > > >
> > > >
> > > > On Fri, Aug 15, 2014 at 9:46 AM, Alon Bar-Lev 
> wrote:
> > > >
> > > > >
> > > > >
> > > > > - Original Message -
> > > > > > From: "Punit Dambiwal" 
> > > > > > To: "Alon Bar-Lev" 
> > > > > > Cc: users@ovirt.org, aha...@redhat.com, "Sven Kieske" <
> > > > > s.kie...@mittwald.de>, "Dan Kenigsberg" ,
> > > > > > "Michal Skrivanek" , "Antoni Segura
> > > > > Puimedon" , "Frantisek Kobzik"
> > > > > > , "Itamar Heim" ,
> "sabose" <
> > > > > sab...@redhat.com>, barum...@redhat.com, "Simone
> > > > > > Tiraboschi" 
> > > > > > Sent: Friday, August 15, 2014 4:43:31 AM
> > > > > > Subject: Re: [ovirt-users] Ovirt SSL Question
> > > > > >
> > > > > > Hi Alon,
> > > > > >
> > > > > > Thanks for your reply...but i didn't find 20-pki.conf file in my
> > > > > > ovirt-engine server
> > > > > >
> > > > > > I am using websocket proxy as standaloneand fetch the vm
> console
> > > with
> > > > > > the help of API...and then it will display to the browser with
> our
> > > portal
> > > > > > url...
> > > > >
> > > > > this is conf.d structure, files are sorted by name, last wins.
> > > > > so instead of overriding files you can add your own.
> > > > >
> > > > > >
> > > > > > Thanks,
> > > > > > Punit
> > > > > >
> 

Re: [ovirt-users] Ovirt SSL Question

[Alon Bar-Lev]

- Original Message -
> From: "Punit Dambiwal" 
> To: "Alon Bar-Lev" 
> Cc: users@ovirt.org, aha...@redhat.com, "Sven Kieske" , 
> "Dan Kenigsberg" ,
> "Michal Skrivanek" , "Antoni Segura Puimedon" 
> , "Frantisek Kobzik"
> , "Itamar Heim" , "sabose" 
> , barum...@redhat.com, "Simone
> Tiraboschi" 
> Sent: Friday, August 15, 2014 4:56:36 AM
> Subject: Re: [ovirt-users] Ovirt SSL Question
> 
> Hi Alon,
> 
> Thanks...that means even we use the standalone websocket proxy or
> standalone websockify...do i need to do the same process :-
> 
> http://www.ovirt.org/Features/noVNC_console#Setup_Websocket_Proxy_on_a_Separate_Machine
> 
> On the engine, generate a certificate and key. substitute  with the
> DNS name of the host. Substitute ,  to suite your
> environment (i.e. the values must match values in the certificate authority
> of your engine).
> 
> /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh
> --name=websocket-proxy-standalone --password=mypass
> --subject="/C=/O=/CN="
> 
> Copy /etc/pki/ovirt-engine/keys/websocket-proxy-standalone.p12 and
> /etc/pki/ovirt-engine/certs/engine.cer from the engine to the proxy machine
> at /etc/pki/ovirt-websocket-proxy
> At websocket-proxy machine
> 
> Install ovirt-engine-websocket-proxy package.
> 
> Extract keys:
> 
> cd /etc/pki/ovirt-websocket-proxy
> openssl pkcs12 -in websocket-proxy-standalone.p12 -nokeys -out
> websocket-proxy-standalone.cer
> openssl pkcs12 -in websocket-proxy-standalone.p12 -nocerts -nodes -out
> websocket-proxy-standalone.key
> chown ovirt:ovirt *
> chmod 0600 *
> 
> And then Create /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/20-pki.conf
> and override the SSL_CERTIFICATE and SSL_KEY with 3rd party certificate
> chain and matching key. ??

you wanted to use a certificate from 3rd party certificate authority, you do 
not need to enroll a certificate from the internal certificate authority.

> 
> 
> 
> On Fri, Aug 15, 2014 at 9:51 AM, Alon Bar-Lev  wrote:
> 
> >
> >
> > - Original Message -
> > > From: "Punit Dambiwal" 
> > > To: "Alon Bar-Lev" 
> > > Cc: users@ovirt.org, aha...@redhat.com, "Sven Kieske" <
> > s.kie...@mittwald.de>, "Dan Kenigsberg" ,
> > > "Michal Skrivanek" , "Antoni Segura
> > Puimedon" , "Frantisek Kobzik"
> > > , "Itamar Heim" , "sabose" <
> > sab...@redhat.com>, barum...@redhat.com, "Simone
> > > Tiraboschi" 
> > > Sent: Friday, August 15, 2014 4:48:13 AM
> > > Subject: Re: [ovirt-users] Ovirt SSL Question
> > >
> > > Hi Alon,
> > >
> > > Thanks...but still the same questionfor which FQDN i need to purchase
> > > the SSL (Ovirt engine FQDN or standalone websocket proxy FQDN) ??
> >
> > this is standard https, the browser expects the name of the remote host,
> > which is the websocket proxy host.
> >
> > >
> > >
> > >
> > >
> > > On Fri, Aug 15, 2014 at 9:46 AM, Alon Bar-Lev  wrote:
> > >
> > > >
> > > >
> > > > - Original Message -
> > > > > From: "Punit Dambiwal" 
> > > > > To: "Alon Bar-Lev" 
> > > > > Cc: users@ovirt.org, aha...@redhat.com, "Sven Kieske" <
> > > > s.kie...@mittwald.de>, "Dan Kenigsberg" ,
> > > > > "Michal Skrivanek" , "Antoni Segura
> > > > Puimedon" , "Frantisek Kobzik"
> > > > > , "Itamar Heim" , "sabose" <
> > > > sab...@redhat.com>, barum...@redhat.com, "Simone
> > > > > Tiraboschi" 
> > > > > Sent: Friday, August 15, 2014 4:43:31 AM
> > > > > Subject: Re: [ovirt-users] Ovirt SSL Question
> > > > >
> > > > > Hi Alon,
> > > > >
> > > > > Thanks for your reply...but i didn't find 20-pki.conf file in my
> > > > > ovirt-engine server
> > > > >
> > > > > I am using websocket proxy as standaloneand fetch the vm console
> > with
> > > > > the help of API...and then it will display to the browser with our
> > portal
> > > > > url...
> > > >
> > > > this is conf.d structure, files are sorted by name, last wins.
> > > > so instead of overriding files you can add your own.
> > > >
> > > > >
> > > > > Thanks,
> > > > > Punit
> > > > >
> > > > >
> > > > > On Thu, Aug 14, 2014 at 11:13 PM, Alon Bar-Lev 
> > > > wrote:
> > > > >
> > > > > >
> > > > > >
> > > > > > - Original Message -
> > > > > > > From: "Punit Dambiwal" 
> > > > > > > To: users@ovirt.org, aha...@redhat.com, "Sven Kieske" <
> > > > > > s.kie...@mittwald.de>, "Dan Kenigsberg" ,
> > > > > > > "Michal Skrivanek" , "Antoni Segura
> > > > > > Puimedon" , "Frantisek Kobzik"
> > > > > > > , "Itamar Heim" ,
> > "sabose" <
> > > > > > sab...@redhat.com>, barum...@redhat.com, "Simone
> > > > > > > Tiraboschi" 
> > > > > > > Sent: Thursday, August 14, 2014 12:37:01 PM
> > > > > > > Subject: Re: [ovirt-users] Ovirt SSL Question
> > > > > > >
> > > > > > > Hi All,
> > > > > > >
> > > > > > > Is there any one can help me to solve this issue..
> > > > > > >
> > > > > > > Thanks,
> > > > > > > Punit
> > > > > > >
> > > > > > >
> > > > > > > On Wed, Aug 13, 2014 at 9:53 AM, Punit Dambiwal <
> > hypu...@gmail.com
> > > > >
> > > > > > wrote:
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Hi All,
> > > > > > 

Re: [ovirt-users] Ovirt SSL Question

[Punit Dambiwal]

Hi Alon,

Thanks...that means even we use the standalone websocket proxy or
standalone websockify...do i need to do the same process :-

http://www.ovirt.org/Features/noVNC_console#Setup_Websocket_Proxy_on_a_Separate_Machine

On the engine, generate a certificate and key. substitute  with the
DNS name of the host. Substitute ,  to suite your
environment (i.e. the values must match values in the certificate authority
of your engine).

/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh
--name=websocket-proxy-standalone --password=mypass
--subject="/C=/O=/CN="

Copy /etc/pki/ovirt-engine/keys/websocket-proxy-standalone.p12 and
/etc/pki/ovirt-engine/certs/engine.cer from the engine to the proxy machine
at /etc/pki/ovirt-websocket-proxy
At websocket-proxy machine

Install ovirt-engine-websocket-proxy package.

Extract keys:

cd /etc/pki/ovirt-websocket-proxy
openssl pkcs12 -in websocket-proxy-standalone.p12 -nokeys -out
websocket-proxy-standalone.cer
openssl pkcs12 -in websocket-proxy-standalone.p12 -nocerts -nodes -out
websocket-proxy-standalone.key
chown ovirt:ovirt *
chmod 0600 *

And then Create /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/20-pki.conf
and override the SSL_CERTIFICATE and SSL_KEY with 3rd party certificate
chain and matching key. ??



On Fri, Aug 15, 2014 at 9:51 AM, Alon Bar-Lev  wrote:

>
>
> - Original Message -
> > From: "Punit Dambiwal" 
> > To: "Alon Bar-Lev" 
> > Cc: users@ovirt.org, aha...@redhat.com, "Sven Kieske" <
> s.kie...@mittwald.de>, "Dan Kenigsberg" ,
> > "Michal Skrivanek" , "Antoni Segura
> Puimedon" , "Frantisek Kobzik"
> > , "Itamar Heim" , "sabose" <
> sab...@redhat.com>, barum...@redhat.com, "Simone
> > Tiraboschi" 
> > Sent: Friday, August 15, 2014 4:48:13 AM
> > Subject: Re: [ovirt-users] Ovirt SSL Question
> >
> > Hi Alon,
> >
> > Thanks...but still the same questionfor which FQDN i need to purchase
> > the SSL (Ovirt engine FQDN or standalone websocket proxy FQDN) ??
>
> this is standard https, the browser expects the name of the remote host,
> which is the websocket proxy host.
>
> >
> >
> >
> >
> > On Fri, Aug 15, 2014 at 9:46 AM, Alon Bar-Lev  wrote:
> >
> > >
> > >
> > > - Original Message -
> > > > From: "Punit Dambiwal" 
> > > > To: "Alon Bar-Lev" 
> > > > Cc: users@ovirt.org, aha...@redhat.com, "Sven Kieske" <
> > > s.kie...@mittwald.de>, "Dan Kenigsberg" ,
> > > > "Michal Skrivanek" , "Antoni Segura
> > > Puimedon" , "Frantisek Kobzik"
> > > > , "Itamar Heim" , "sabose" <
> > > sab...@redhat.com>, barum...@redhat.com, "Simone
> > > > Tiraboschi" 
> > > > Sent: Friday, August 15, 2014 4:43:31 AM
> > > > Subject: Re: [ovirt-users] Ovirt SSL Question
> > > >
> > > > Hi Alon,
> > > >
> > > > Thanks for your reply...but i didn't find 20-pki.conf file in my
> > > > ovirt-engine server
> > > >
> > > > I am using websocket proxy as standaloneand fetch the vm console
> with
> > > > the help of API...and then it will display to the browser with our
> portal
> > > > url...
> > >
> > > this is conf.d structure, files are sorted by name, last wins.
> > > so instead of overriding files you can add your own.
> > >
> > > >
> > > > Thanks,
> > > > Punit
> > > >
> > > >
> > > > On Thu, Aug 14, 2014 at 11:13 PM, Alon Bar-Lev 
> > > wrote:
> > > >
> > > > >
> > > > >
> > > > > - Original Message -
> > > > > > From: "Punit Dambiwal" 
> > > > > > To: users@ovirt.org, aha...@redhat.com, "Sven Kieske" <
> > > > > s.kie...@mittwald.de>, "Dan Kenigsberg" ,
> > > > > > "Michal Skrivanek" , "Antoni Segura
> > > > > Puimedon" , "Frantisek Kobzik"
> > > > > > , "Itamar Heim" ,
> "sabose" <
> > > > > sab...@redhat.com>, barum...@redhat.com, "Simone
> > > > > > Tiraboschi" 
> > > > > > Sent: Thursday, August 14, 2014 12:37:01 PM
> > > > > > Subject: Re: [ovirt-users] Ovirt SSL Question
> > > > > >
> > > > > > Hi All,
> > > > > >
> > > > > > Is there any one can help me to solve this issue..
> > > > > >
> > > > > > Thanks,
> > > > > > Punit
> > > > > >
> > > > > >
> > > > > > On Wed, Aug 13, 2014 at 9:53 AM, Punit Dambiwal <
> hypu...@gmail.com
> > > >
> > > > > wrote:
> > > > > >
> > > > > >
> > > > > >
> > > > > > Hi All,
> > > > > >
> > > > > > I have one question regarding the SSL settings in Ovirtlet me
> > > > > explain my
> > > > > > environment first :-
> > > > > >
> > > > > > 1. Ovirt engine :- mgmt.3linux.com
> > > > > > 2. Standalone websocket proxy :- web-proxy.3linux.com
> > > > > > 3. Our Own Portal :- portal.3linux.com
> > > > > >
> > > > > > We have the above architecture...we fetch the VM console from the
> > > > > websocket
> > > > > > proxy to our own portal through APIbecause still we are using
> > > > > selfsigned
> > > > > > certificate...we need to trust the certificate every
> time,whenever we
> > > > > open
> > > > > > the VM console... (https://< web-proxy.3linux.com >:)
> > > > > >
> > > > > > When we initiate the VM console through our own web portal the
> url (
> > > > > >
> > > > >
> > >
> https://portal.3linux.com/

Re: [ovirt-users] Ovirt SSL Question

[Alon Bar-Lev]

- Original Message -
> From: "Punit Dambiwal" 
> To: "Alon Bar-Lev" 
> Cc: users@ovirt.org, aha...@redhat.com, "Sven Kieske" , 
> "Dan Kenigsberg" ,
> "Michal Skrivanek" , "Antoni Segura Puimedon" 
> , "Frantisek Kobzik"
> , "Itamar Heim" , "sabose" 
> , barum...@redhat.com, "Simone
> Tiraboschi" 
> Sent: Friday, August 15, 2014 4:48:13 AM
> Subject: Re: [ovirt-users] Ovirt SSL Question
> 
> Hi Alon,
> 
> Thanks...but still the same questionfor which FQDN i need to purchase
> the SSL (Ovirt engine FQDN or standalone websocket proxy FQDN) ??

this is standard https, the browser expects the name of the remote host, which 
is the websocket proxy host.

> 
> 
> 
> 
> On Fri, Aug 15, 2014 at 9:46 AM, Alon Bar-Lev  wrote:
> 
> >
> >
> > - Original Message -
> > > From: "Punit Dambiwal" 
> > > To: "Alon Bar-Lev" 
> > > Cc: users@ovirt.org, aha...@redhat.com, "Sven Kieske" <
> > s.kie...@mittwald.de>, "Dan Kenigsberg" ,
> > > "Michal Skrivanek" , "Antoni Segura
> > Puimedon" , "Frantisek Kobzik"
> > > , "Itamar Heim" , "sabose" <
> > sab...@redhat.com>, barum...@redhat.com, "Simone
> > > Tiraboschi" 
> > > Sent: Friday, August 15, 2014 4:43:31 AM
> > > Subject: Re: [ovirt-users] Ovirt SSL Question
> > >
> > > Hi Alon,
> > >
> > > Thanks for your reply...but i didn't find 20-pki.conf file in my
> > > ovirt-engine server
> > >
> > > I am using websocket proxy as standaloneand fetch the vm console with
> > > the help of API...and then it will display to the browser with our portal
> > > url...
> >
> > this is conf.d structure, files are sorted by name, last wins.
> > so instead of overriding files you can add your own.
> >
> > >
> > > Thanks,
> > > Punit
> > >
> > >
> > > On Thu, Aug 14, 2014 at 11:13 PM, Alon Bar-Lev 
> > wrote:
> > >
> > > >
> > > >
> > > > - Original Message -
> > > > > From: "Punit Dambiwal" 
> > > > > To: users@ovirt.org, aha...@redhat.com, "Sven Kieske" <
> > > > s.kie...@mittwald.de>, "Dan Kenigsberg" ,
> > > > > "Michal Skrivanek" , "Antoni Segura
> > > > Puimedon" , "Frantisek Kobzik"
> > > > > , "Itamar Heim" , "sabose" <
> > > > sab...@redhat.com>, barum...@redhat.com, "Simone
> > > > > Tiraboschi" 
> > > > > Sent: Thursday, August 14, 2014 12:37:01 PM
> > > > > Subject: Re: [ovirt-users] Ovirt SSL Question
> > > > >
> > > > > Hi All,
> > > > >
> > > > > Is there any one can help me to solve this issue..
> > > > >
> > > > > Thanks,
> > > > > Punit
> > > > >
> > > > >
> > > > > On Wed, Aug 13, 2014 at 9:53 AM, Punit Dambiwal < hypu...@gmail.com
> > >
> > > > wrote:
> > > > >
> > > > >
> > > > >
> > > > > Hi All,
> > > > >
> > > > > I have one question regarding the SSL settings in Ovirtlet me
> > > > explain my
> > > > > environment first :-
> > > > >
> > > > > 1. Ovirt engine :- mgmt.3linux.com
> > > > > 2. Standalone websocket proxy :- web-proxy.3linux.com
> > > > > 3. Our Own Portal :- portal.3linux.com
> > > > >
> > > > > We have the above architecture...we fetch the VM console from the
> > > > websocket
> > > > > proxy to our own portal through APIbecause still we are using
> > > > selfsigned
> > > > > certificate...we need to trust the certificate every time,whenever we
> > > > open
> > > > > the VM console... (https://< web-proxy.3linux.com >:)
> > > > >
> > > > > When we initiate the VM console through our own web portal the url (
> > > > >
> > > >
> > https://portal.3linux.com/content/ovirt/noVNC/vm-console.php?id=6e0caf73-ae7d-493e-a51d-ecc32f507f00
> > > > > ),if we accept the SSL certificate with https://<
> > web-proxy.3linux.com
> > > > > >: then it will open as expected but if we didn't accept
> > the
> > > > > certificate manually...then it through failed to connect:1006
> > error...
> > > > >
> > > > > We don't want that every time end user will accept the certificate
> > > > > manually...as our link to open VM console is different then
> > webproxy
> > > > >
> > > > > Now we want to replace the self signed certificate with valid
> > SSLcan
> > > > any
> > > > > one tell me where we need to put the certificates and how to
> > generate the
> > > > > CSR for them and how many SSL we need to purchase to make this thing
> > > > > workable without accepting the certificate everytime
> > > >
> > > > Create /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/20-pki.conf and
> > > > override the SSL_CERTIFICATE and SSL_KEY with 3rd party certificate
> > chain
> > > > and matching key.
> > > >
> > > > You can create the request in any tool you like, what we need is the
> > > > certificate and key.
> > > >
> > > > Regards,
> > > > Alon
> > > >
> > >
> >
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Ovirt SSL Question

[Punit Dambiwal]

Hi Alon,

Thanks...but still the same questionfor which FQDN i need to purchase
the SSL (Ovirt engine FQDN or standalone websocket proxy FQDN) ??




On Fri, Aug 15, 2014 at 9:46 AM, Alon Bar-Lev  wrote:

>
>
> - Original Message -
> > From: "Punit Dambiwal" 
> > To: "Alon Bar-Lev" 
> > Cc: users@ovirt.org, aha...@redhat.com, "Sven Kieske" <
> s.kie...@mittwald.de>, "Dan Kenigsberg" ,
> > "Michal Skrivanek" , "Antoni Segura
> Puimedon" , "Frantisek Kobzik"
> > , "Itamar Heim" , "sabose" <
> sab...@redhat.com>, barum...@redhat.com, "Simone
> > Tiraboschi" 
> > Sent: Friday, August 15, 2014 4:43:31 AM
> > Subject: Re: [ovirt-users] Ovirt SSL Question
> >
> > Hi Alon,
> >
> > Thanks for your reply...but i didn't find 20-pki.conf file in my
> > ovirt-engine server
> >
> > I am using websocket proxy as standaloneand fetch the vm console with
> > the help of API...and then it will display to the browser with our portal
> > url...
>
> this is conf.d structure, files are sorted by name, last wins.
> so instead of overriding files you can add your own.
>
> >
> > Thanks,
> > Punit
> >
> >
> > On Thu, Aug 14, 2014 at 11:13 PM, Alon Bar-Lev 
> wrote:
> >
> > >
> > >
> > > - Original Message -
> > > > From: "Punit Dambiwal" 
> > > > To: users@ovirt.org, aha...@redhat.com, "Sven Kieske" <
> > > s.kie...@mittwald.de>, "Dan Kenigsberg" ,
> > > > "Michal Skrivanek" , "Antoni Segura
> > > Puimedon" , "Frantisek Kobzik"
> > > > , "Itamar Heim" , "sabose" <
> > > sab...@redhat.com>, barum...@redhat.com, "Simone
> > > > Tiraboschi" 
> > > > Sent: Thursday, August 14, 2014 12:37:01 PM
> > > > Subject: Re: [ovirt-users] Ovirt SSL Question
> > > >
> > > > Hi All,
> > > >
> > > > Is there any one can help me to solve this issue..
> > > >
> > > > Thanks,
> > > > Punit
> > > >
> > > >
> > > > On Wed, Aug 13, 2014 at 9:53 AM, Punit Dambiwal < hypu...@gmail.com
> >
> > > wrote:
> > > >
> > > >
> > > >
> > > > Hi All,
> > > >
> > > > I have one question regarding the SSL settings in Ovirtlet me
> > > explain my
> > > > environment first :-
> > > >
> > > > 1. Ovirt engine :- mgmt.3linux.com
> > > > 2. Standalone websocket proxy :- web-proxy.3linux.com
> > > > 3. Our Own Portal :- portal.3linux.com
> > > >
> > > > We have the above architecture...we fetch the VM console from the
> > > websocket
> > > > proxy to our own portal through APIbecause still we are using
> > > selfsigned
> > > > certificate...we need to trust the certificate every time,whenever we
> > > open
> > > > the VM console... (https://< web-proxy.3linux.com >:)
> > > >
> > > > When we initiate the VM console through our own web portal the url (
> > > >
> > >
> https://portal.3linux.com/content/ovirt/noVNC/vm-console.php?id=6e0caf73-ae7d-493e-a51d-ecc32f507f00
> > > > ),if we accept the SSL certificate with https://<
> web-proxy.3linux.com
> > > > >: then it will open as expected but if we didn't accept
> the
> > > > certificate manually...then it through failed to connect:1006
> error...
> > > >
> > > > We don't want that every time end user will accept the certificate
> > > > manually...as our link to open VM console is different then
> webproxy
> > > >
> > > > Now we want to replace the self signed certificate with valid
> SSLcan
> > > any
> > > > one tell me where we need to put the certificates and how to
> generate the
> > > > CSR for them and how many SSL we need to purchase to make this thing
> > > > workable without accepting the certificate everytime
> > >
> > > Create /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/20-pki.conf and
> > > override the SSL_CERTIFICATE and SSL_KEY with 3rd party certificate
> chain
> > > and matching key.
> > >
> > > You can create the request in any tool you like, what we need is the
> > > certificate and key.
> > >
> > > Regards,
> > > Alon
> > >
> >
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Ovirt SSL Question

[Alon Bar-Lev]

- Original Message -
> From: "Punit Dambiwal" 
> To: "Alon Bar-Lev" 
> Cc: users@ovirt.org, aha...@redhat.com, "Sven Kieske" , 
> "Dan Kenigsberg" ,
> "Michal Skrivanek" , "Antoni Segura Puimedon" 
> , "Frantisek Kobzik"
> , "Itamar Heim" , "sabose" 
> , barum...@redhat.com, "Simone
> Tiraboschi" 
> Sent: Friday, August 15, 2014 4:43:31 AM
> Subject: Re: [ovirt-users] Ovirt SSL Question
> 
> Hi Alon,
> 
> Thanks for your reply...but i didn't find 20-pki.conf file in my
> ovirt-engine server
> 
> I am using websocket proxy as standaloneand fetch the vm console with
> the help of API...and then it will display to the browser with our portal
> url...

this is conf.d structure, files are sorted by name, last wins.
so instead of overriding files you can add your own.

> 
> Thanks,
> Punit
> 
> 
> On Thu, Aug 14, 2014 at 11:13 PM, Alon Bar-Lev  wrote:
> 
> >
> >
> > - Original Message -
> > > From: "Punit Dambiwal" 
> > > To: users@ovirt.org, aha...@redhat.com, "Sven Kieske" <
> > s.kie...@mittwald.de>, "Dan Kenigsberg" ,
> > > "Michal Skrivanek" , "Antoni Segura
> > Puimedon" , "Frantisek Kobzik"
> > > , "Itamar Heim" , "sabose" <
> > sab...@redhat.com>, barum...@redhat.com, "Simone
> > > Tiraboschi" 
> > > Sent: Thursday, August 14, 2014 12:37:01 PM
> > > Subject: Re: [ovirt-users] Ovirt SSL Question
> > >
> > > Hi All,
> > >
> > > Is there any one can help me to solve this issue..
> > >
> > > Thanks,
> > > Punit
> > >
> > >
> > > On Wed, Aug 13, 2014 at 9:53 AM, Punit Dambiwal < hypu...@gmail.com >
> > wrote:
> > >
> > >
> > >
> > > Hi All,
> > >
> > > I have one question regarding the SSL settings in Ovirtlet me
> > explain my
> > > environment first :-
> > >
> > > 1. Ovirt engine :- mgmt.3linux.com
> > > 2. Standalone websocket proxy :- web-proxy.3linux.com
> > > 3. Our Own Portal :- portal.3linux.com
> > >
> > > We have the above architecture...we fetch the VM console from the
> > websocket
> > > proxy to our own portal through APIbecause still we are using
> > selfsigned
> > > certificate...we need to trust the certificate every time,whenever we
> > open
> > > the VM console... (https://< web-proxy.3linux.com >:)
> > >
> > > When we initiate the VM console through our own web portal the url (
> > >
> > https://portal.3linux.com/content/ovirt/noVNC/vm-console.php?id=6e0caf73-ae7d-493e-a51d-ecc32f507f00
> > > ),if we accept the SSL certificate with https://< web-proxy.3linux.com
> > > >: then it will open as expected but if we didn't accept the
> > > certificate manually...then it through failed to connect:1006 error...
> > >
> > > We don't want that every time end user will accept the certificate
> > > manually...as our link to open VM console is different then webproxy
> > >
> > > Now we want to replace the self signed certificate with valid SSLcan
> > any
> > > one tell me where we need to put the certificates and how to generate the
> > > CSR for them and how many SSL we need to purchase to make this thing
> > > workable without accepting the certificate everytime
> >
> > Create /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/20-pki.conf and
> > override the SSL_CERTIFICATE and SSL_KEY with 3rd party certificate chain
> > and matching key.
> >
> > You can create the request in any tool you like, what we need is the
> > certificate and key.
> >
> > Regards,
> > Alon
> >
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Ovirt SSL Question

[Punit Dambiwal]

Hi Alon,

Thanks for your reply...but i didn't find 20-pki.conf file in my
ovirt-engine server

I am using websocket proxy as standaloneand fetch the vm console with
the help of API...and then it will display to the browser with our portal
url...

Thanks,
Punit


On Thu, Aug 14, 2014 at 11:13 PM, Alon Bar-Lev  wrote:

>
>
> - Original Message -
> > From: "Punit Dambiwal" 
> > To: users@ovirt.org, aha...@redhat.com, "Sven Kieske" <
> s.kie...@mittwald.de>, "Dan Kenigsberg" ,
> > "Michal Skrivanek" , "Antoni Segura
> Puimedon" , "Frantisek Kobzik"
> > , "Itamar Heim" , "sabose" <
> sab...@redhat.com>, barum...@redhat.com, "Simone
> > Tiraboschi" 
> > Sent: Thursday, August 14, 2014 12:37:01 PM
> > Subject: Re: [ovirt-users] Ovirt SSL Question
> >
> > Hi All,
> >
> > Is there any one can help me to solve this issue..
> >
> > Thanks,
> > Punit
> >
> >
> > On Wed, Aug 13, 2014 at 9:53 AM, Punit Dambiwal < hypu...@gmail.com >
> wrote:
> >
> >
> >
> > Hi All,
> >
> > I have one question regarding the SSL settings in Ovirtlet me
> explain my
> > environment first :-
> >
> > 1. Ovirt engine :- mgmt.3linux.com
> > 2. Standalone websocket proxy :- web-proxy.3linux.com
> > 3. Our Own Portal :- portal.3linux.com
> >
> > We have the above architecture...we fetch the VM console from the
> websocket
> > proxy to our own portal through APIbecause still we are using
> selfsigned
> > certificate...we need to trust the certificate every time,whenever we
> open
> > the VM console... (https://< web-proxy.3linux.com >:)
> >
> > When we initiate the VM console through our own web portal the url (
> >
> https://portal.3linux.com/content/ovirt/noVNC/vm-console.php?id=6e0caf73-ae7d-493e-a51d-ecc32f507f00
> > ),if we accept the SSL certificate with https://< web-proxy.3linux.com
> > >: then it will open as expected but if we didn't accept the
> > certificate manually...then it through failed to connect:1006 error...
> >
> > We don't want that every time end user will accept the certificate
> > manually...as our link to open VM console is different then webproxy
> >
> > Now we want to replace the self signed certificate with valid SSLcan
> any
> > one tell me where we need to put the certificates and how to generate the
> > CSR for them and how many SSL we need to purchase to make this thing
> > workable without accepting the certificate everytime
>
> Create /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/20-pki.conf and
> override the SSL_CERTIFICATE and SSL_KEY with 3rd party certificate chain
> and matching key.
>
> You can create the request in any tool you like, what we need is the
> certificate and key.
>
> Regards,
> Alon
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Some questions

[Maor Lipchuk]

It depends on the supportedENGINEs which getVdsCaps will return.
Generally, VDSM for 3.x should keep supporting its 3.x previous minor versions.

Regards,
Maor

- Original Message -
From: "David cano bailen" 
To: "Maor Lipchuk" 
Sent: Thursday, August 14, 2014 6:02:17 PM
Subject: Re: [ovirt-users] Some questions

hi,

my concern is that we have some critical MV. If the node enters into non
-operational state after upgrading the engine. Will be machines up?

I've been searching and upgrading should be progressive, 3.0 to 3.1, 3.1 to
3.2 
I guess if the nodes VDSM update to the latest version, and later I'll update
the engine version by version nodes wouldnt enter on non-operational state
and not suffer any court in MV. Am I right?

Thank you very much for your help


2014-08-14 11:10 GMT+02:00 Maor Lipchuk :

> Hi David,
>
> See my answers inline
>
> Regards,
> Maor
>
>
> - Original Message -
> > From: "David cano bailen" 
> > To: users@ovirt.org
> > Sent: Wednesday, August 13, 2014 2:04:10 PM
> > Subject: [ovirt-users] Some questions
> >
> > Hi, i installed Engine 3.0 and Node Ovirt 2.6, but it seems very
> unestable.
> > Sometimes machines doesnt starts, nodes doesnt vinculate or UI doesnt
> work
> > fine. I have only 2 nodes and storage its on the same physical machine
> than
> > engine.
> >
> > -¿Does Node Ovirt 3.4 work with Engine 3.0?
> Engine 3.0 should support backward compatibility for ovirt 3.4. You can
> verify that on the node be executing the following command : "vdsClient -s
> 0 getVdsCaps" (-s for secure),
> There, you should see a supportedENGINEs list.
> > -¿Its necessary shutdown Nodes to do engine upgrade?
> no, but take in consideration that after upgrade, those hosts might get
> into non-operational state, in case VDSM version should be upgraded also.
> > -¿Are there any problem having the same physical machine for engine and
> > storage? ¿what are advantages have on diferents machines?
> There is no limitation of doing that,
> it's simply a question of the architecture you want to support.
> Separating the engine from the Storage server, might be useful to make it
> more high available.
> >
> > Thank you
> >
> >
> > ___
> > Users mailing list
> > Users@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Detecting already existing VM on the attached LUN.

[Maor Lipchuk]

This feature is supported for Storage Domains which were upgraded/created on 
Data Center 3.5,
so if your previous Storage Domain has been removed while it was on Data Center 
of 3.4, it should not work.

Regards,
Maor

- Original Message -
From: "Sven Kieske" 
To: "santosh" , "Maor Lipchuk" 
Cc: users@ovirt.org
Sent: Thursday, August 14, 2014 6:05:55 PM
Subject: Re: [ovirt-users] Detecting already existing VM on the attached LUN.

Keep in mind 3.5 is not offically released
and still has some bugs.

Am 14.08.2014 16:03, schrieb santosh:
> Thanks Maor.
> 
> I am currently using 3.4.
> 
> The link provides exactly what I am looking for.
> 
> Thanks, Santosh.


-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Migration failed due to Error: Fatal error during migration

[Landauer, Manfred]

Hi all

When we try to migrate a VM on oVirt "Engine Version: 3.4.3-1.el6" form host A 
to host B we'll get this Errormessage: "Migration failed due to Error: Fatal 
error during migration".

It looks like, this occurs only when thin provisioned HDD's  attached to the 
VM. VM's with preallocated HDD's attached, migrate without a problem.

Hope someone can help us to solve this issue.

Best regards
Manfred



vdsm.log
Description: vdsm.log
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Ovirt SSL Question

[Alon Bar-Lev]

- Original Message -
> From: "Punit Dambiwal" 
> To: users@ovirt.org, aha...@redhat.com, "Sven Kieske" , 
> "Dan Kenigsberg" ,
> "Michal Skrivanek" , "Antoni Segura Puimedon" 
> , "Frantisek Kobzik"
> , "Itamar Heim" , "sabose" 
> , barum...@redhat.com, "Simone
> Tiraboschi" 
> Sent: Thursday, August 14, 2014 12:37:01 PM
> Subject: Re: [ovirt-users] Ovirt SSL Question
> 
> Hi All,
> 
> Is there any one can help me to solve this issue..
> 
> Thanks,
> Punit
> 
> 
> On Wed, Aug 13, 2014 at 9:53 AM, Punit Dambiwal < hypu...@gmail.com > wrote:
> 
> 
> 
> Hi All,
> 
> I have one question regarding the SSL settings in Ovirtlet me explain my
> environment first :-
> 
> 1. Ovirt engine :- mgmt.3linux.com
> 2. Standalone websocket proxy :- web-proxy.3linux.com
> 3. Our Own Portal :- portal.3linux.com
> 
> We have the above architecture...we fetch the VM console from the websocket
> proxy to our own portal through APIbecause still we are using selfsigned
> certificate...we need to trust the certificate every time,whenever we open
> the VM console... (https://< web-proxy.3linux.com >:)
> 
> When we initiate the VM console through our own web portal the url (
> https://portal.3linux.com/content/ovirt/noVNC/vm-console.php?id=6e0caf73-ae7d-493e-a51d-ecc32f507f00
> ),if we accept the SSL certificate with https://< web-proxy.3linux.com
> >: then it will open as expected but if we didn't accept the
> certificate manually...then it through failed to connect:1006 error...
> 
> We don't want that every time end user will accept the certificate
> manually...as our link to open VM console is different then webproxy
> 
> Now we want to replace the self signed certificate with valid SSLcan any
> one tell me where we need to put the certificates and how to generate the
> CSR for them and how many SSL we need to purchase to make this thing
> workable without accepting the certificate everytime

Create /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/20-pki.conf and override 
the SSL_CERTIFICATE and SSL_KEY with 3rd party certificate chain and matching 
key.

You can create the request in any tool you like, what we need is the 
certificate and key.

Regards,
Alon
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Detecting already existing VM on the attached LUN.

[Sven Kieske]

Keep in mind 3.5 is not offically released
and still has some bugs.

Am 14.08.2014 16:03, schrieb santosh:
> Thanks Maor.
> 
> I am currently using 3.4.
> 
> The link provides exactly what I am looking for.
> 
> Thanks, Santosh.


-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Ovirt and virt-manager interoperability

[Michal Skrivanek]

On Aug 13, 2014, at 21:54 , Rob  wrote:

> I have a few servers with virt-manager installed (originally testbeds) and 
> was wondering if it is possible to have both oVirt and virt-manager installed 
> at the same time without conflict. I have no experience with oVirt due to 
> concern over this issue.

well, it does work. ovirt changes the credentials which you'd have to use in 
virt-manager (or play a bit with /etc/libvirt/auth.conf to allow libvirt access 
with other credentials too)
and then as long as you don't touch the ovirt vms you should be fine:)

Thanks,
michal

> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Detecting already existing VM on the attached LUN.

[santosh]

Thanks Maor.

I am currently using 3.4.

The link provides exactly what I am looking for.

Thanks, Santosh.


On 08/14/2014 05:15 AM, Maor Lipchuk wrote:

Hi Santosh,

Which oVirt version are you using?
If you were using oVirt 3.5 then you might use the Import Storage Domain 
feature to do that. (see [1])

[1] 
http://www.ovirt.org/Features/ImportStorageDomain#Work_flow_for_Import_block_Storage_Domain_-_UI_flow

Regards,
Maor

- Original Message -
From: "santosh" 
To: users@ovirt.org
Sent: Wednesday, August 13, 2014 11:46:16 PM
Subject: [ovirt-users] Detecting already existing VM on the attached LUN.

Hi,

I had a LUN(say L1) from NetApp storage array attached to RHEV iSCSI
Storage Domain.  I had couple of VMs on this storage domain.
I had destroyed this storage domain when LUN became inaccessible for
some reasons. Then I created new Storage Doamin with different LUN(say L2)
and created couple of more VMs on it. Now first LUN (L1) is available.

In this scenario, I have following two questions -

1)Can I attach L1 directly?
2)If I can, will I be able to access VMs present on L1?

Thanks, Santosh.



***Legal Disclaimer***
"This communication may contain confidential and privileged material for the
sole use of the intended recipient. Any unauthorized review, use or distribution
by others is strictly prohibited. If you have received the message by mistake,
please advise the sender by reply email and delete the message. Thank you."
**
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users





***Legal Disclaimer***
"This communication may contain confidential and privileged material for the
sole use of the intended recipient. Any unauthorized review, use or distribution
by others is strictly prohibited. If you have received the message by mistake,
please advise the sender by reply email and delete the message. Thank you."
**
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] ovirt3.5 - deep dive - OVF on any domain + import existing data domain

[Liron Aravot]

Updated link:
https://www.youtube.com/watch?v=71EuTct0wfc

- Original Message -
> From: "Barak Azulay" 
> To: "Liron Aravot" , mlipc...@redhat.com, "Allon 
> Mureinik" ,
> users@ovirt.org, de...@ovirt.org
> Sent: Tuesday, August 12, 2014 5:44:53 PM
> Subject: ovirt3.5 - deep dive - OVF on any domain + import existing data 
> domain
> 
> The following meeting has been modified:
> 
> Subject: ovirt3.5 - deep dive - OVF on any domain + import existing data
> domain
> Organizer: "Barak Azulay" 
> 
> Time: Thursday, August 14, 2014, 5:00:00 PM - 5:45:00 PM GMT +02:00 Jerusalem
>  
> Invitees: lara...@redhat.com; mlipc...@redhat.com; amure...@redhat.com;
> users@ovirt.org; de...@ovirt.org
> 
> 
> *~*~*~*~*~*~*~*~*~*
> 
> Hangout link:
> https://plus.google.com/events/c7rkldonq80g14c9e3ob8as2kq8
> 
> Session description:
> The OVF on any domain feature introduces a change on the way the vm ovfs are
> being stored/backed up in oVirt. Currently all the ovfs are being stored on
> the master domain and are being updated asynchronously on a time basis by
> the OvfAutoUpdater, This feature purpose is to store the OVFs on all wanted
> domains to provide better recovery abillity, reduce the use of master_fs and
> the master domain and add capabillities to oVirt that will be used further
> on.
> 
> The import data storage domain feature makes use of the OVF on any domain
> feature to import existing storage domain in order to be able to recover
> after the loss of the oVirt Engine's database and be able to move storage
> domain with vms/templates between setups.
> 
> The talk will cover those two featuers and will provide deep dive into it's
> use and implementation.
> 
> Wiki pages:
> http://www.ovirt.org/Feature/OvfOnAnyDomain
> 
> http://www.ovirt.org/Features/ImportStorageDomain
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] WG: libvirtError: Unable to read from monitor: Connection reset by peer

[Landauer, Manfred]

Hi all

We found the mistake, we forgot to copy vmlinuz and initrd.img to the ovirt 
server.

Best regards
Manfred

Von: users-boun...@ovirt.org [mailto:users-boun...@ovirt.org] Im Auftrag von 
Landauer, Manfred
Gesendet: Donnerstag, 14. August 2014 14:30
An: users@ovirt.org
Betreff: [ovirt-users] libvirtError: Unable to read from monitor: Connection 
reset by peer

Hi all

We are trying to set up our CentOS 6.5 server using kickstart. After setting up 
a new VM in oVirt "oVirt Engine Version: 3.4.3-1.el6" and launching the VM with 
run once default settings there is no problem. But when we try to launch the VM 
with following Linux Boot Options the operation stopped with an error (see 
attached log-file).
In our test-lab everything works fine with same hard- and software.

Linux Boot Options:
kernel path: iso://vmlinuz
initrd path: iso://initrd.img
kernel params: ks=https:///kickstart/.cfg ip=xxx.xxx.xxx.xxx 
netmask= xxx.xxx.xxx.xxx gateway= xxx.xxx.xxx.xxx dns= xxx.xxx.xxx.xxx 
noverifyssl


Hopefully you have any idea how to correct this error.

Best regards
Manfred



vdsm.log
Description: vdsm.log
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Self-hosted engine won't start

[Jiri Moskovcak]

Hi John,
after a deeper look I realized that you're probably facing [1]. The 
patch is ready and I will also backport it to 3.4 branch.


--Jirka

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1093638

On 07/29/2014 11:41 PM, John Gardeniers wrote:

Hi Jiri,

Sorry, I can't supply the log because the hosts have been recycled but
I'm sure it would have contained exactly the same information that you
already have from host2. It's a classic deadlock situation that should
never be allowed to happen. A simple and time proven solution was in my
original post.

The reason for recycling the hosts is that I discovered yesterday that
although the engine was still running it could not be accessed in any
way. Upon further finding that there was no way to get it restarted I
decided to abandon the whole idea of self-hosting until such time as I
see an indication that it's production ready.

regards,
John


On 29/07/14 22:52, Jiri Moskovcak wrote:

Hi John,
thanks for the logs. Seems like the engine is running on host2 and it
decides that it doesn't have the best score and shuts the engine down
and then neither of them want's to start the vm until you restart the
host2. Unfortunately the logs doesn't contain the part from host1 from
2014-07-24 09:XX which I'd like to investigate because it might
contain the information why host1 refused to start the vm when host2
killed it.

Regards,
Jirka

On 07/28/2014 02:57 AM, John Gardeniers wrote:

Hi Jira,

Version: ovirt-hosted-engine-ha-1.1.5-1.el6.noarch

Attached are the logs. Thanks for looking.

Regards,
John


On 25/07/14 17:47, Jiri Moskovcak wrote:

On 07/24/2014 11:37 PM, John Gardeniers wrote:

Hi Jiri,

Perhaps you can tell me how to determine the exact version of
ovirt-hosted-engine-ha.


Centos/RHEL/Fedora: rpm -q ovirt-hosted-engine-ha


As for the logs, I am not going to attach 60MB
of logs to an email,


- there are other ways to share the logs


nor can I see any imaginagle reason for you wanting
to see them all, as the bulk is historical. I have already included
the
*relevant* sections. However, if you think there may be some other
section that may help you feel free to be more explicit about what you
are looking for. Right now I fail to understand what you might hope to
see in logs from several weeks ago that you can't get from the last
day
or so.



It's a standard way, people tend to think that they know what is a
relevant part of a log, but in many cases they fail. Asking for the
whole logs has proven to be faster than trying to find the relevant
part through the user. And you're right, I don't need the logs from
last week, just logs since the last start of the services when you
observed the problem.

Regards,
Jirka


regards,
John


On 24/07/14 19:10, Jiri Moskovcak wrote:

Hi, please provide the the exact versions of ovirt-hosted-engine-ha
and all logs from /var/log/ovirt-hosted-engine-ha/

Thank you,
Jirka

On 07/24/2014 01:29 AM, John Gardeniers wrote:

Hi All,

I have created a lab with 2 hypervisors and a self-hosted engine.
Today
I followed the upgrade instructions as described in
http://www.ovirt.org/Hosted_Engine_Howto and rebooted the engine. I
didn't really do an upgrade but simply wanted to test what would
happen
when the engine was rebooted.

When the engine didn't restart I re-ran hosted-engine
--set-maintenance=none and restarted the vdsm, ovirt-ha-agent and
ovirt-ha-broker services on both nodes. 15 minutes later it still
hadn't
restarted, so I then tried rebooting both hypervisers. After an hour
there was still no sign of the engine starting. The agent logs don't
help me much. The following bits are repeated over and over.

ovirt1 (192.168.19.20):

MainThread::INFO::2014-07-24
09:18:40,272::brokerlink::108::ovirt_hosted_engine_ha.lib.brokerlink.BrokerLink::(notify)



Trying: notify time=1406157520.27 type=state_transition
detail=EngineDown-EngineDown hostname='ovirt1.om.net'
MainThread::INFO::2014-07-24
09:18:40,272::brokerlink::117::ovirt_hosted_engine_ha.lib.brokerlink.BrokerLink::(notify)



Success, was notification of state_transition
(EngineDown-EngineDown)
sent? ignored
MainThread::INFO::2014-07-24
09:18:40,594::hosted_engine::327::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(start_monitoring)



Current state EngineDown (score: 2400)
MainThread::INFO::2014-07-24
09:18:40,594::hosted_engine::332::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(start_monitoring)



Best remote host 192.168.19.21 (id: 2, score: 2400)

ovirt2 (192.168.19.21):

MainThread::INFO::2014-07-24
09:18:04,005::brokerlink::108::ovirt_hosted_engine_ha.lib.brokerlink.BrokerLink::(notify)



Trying: notify time=1406157484.01 type=state_transition
detail=EngineDown-EngineDown hostname='ovirt2.om.net'
MainThread::INFO::2014-07-24
09:18:04,006::brokerlink::117::ovirt_hosted_engine_ha.lib.brokerlink.BrokerLink::(notify)



Success, was notification of state_transition
(EngineDown-EngineDown)
sent? ignored
MainThread::INFO::2014-07-24
09:18:04,

[ovirt-users] libvirtError: Unable to read from monitor: Connection reset by peer

[Landauer, Manfred]

Hi all

We are trying to set up our CentOS 6.5 server using kickstart. After setting up 
a new VM in oVirt "oVirt Engine Version: 3.4.3-1.el6" and launching the VM with 
run once default settings there is no problem. But when we try to launch the VM 
with following Linux Boot Options the operation stopped with an error (see 
attached log-file).
In our test-lab everything works fine with same hard- and software.

Linux Boot Options:
kernel path: iso://vmlinuz
initrd path: iso://initrd.img
kernel params: ks=https:///kickstart/.cfg ip=xxx.xxx.xxx.xxx 
netmask= xxx.xxx.xxx.xxx gateway= xxx.xxx.xxx.xxx dns= xxx.xxx.xxx.xxx 
noverifyssl


Hopefully you have any idea how to correct this error.

Best regards
Manfred



vdsm.log
Description: vdsm.log
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Request for help - AcquireHostIDFailure

[Maor Lipchuk]

I found this thread in the mailing archive: 
https://www.mail-archive.com/users@ovirt.org/msg18899.html
Maybe it's worth to try that.

1. Create the file name /var/lib/glusterd/groups/virt
2. And paste all the contents from this location to this file :-
https://raw.githubusercontent.com/gluster/glusterfs/master/extras/group-virt.example
3. service glusterd restart
4. service vdsmd restart


Regards,
Maor

- Original Message -
From: "Chris @ VeeroTech.net" 
To: "Maor Lipchuk" 
Cc: users@ovirt.org
Sent: Thursday, August 14, 2014 1:36:10 PM
Subject: RE: [ovirt-users] Request for help - AcquireHostIDFailure

Thank you Maor, unfortunately, this has not helped, the same error occurred.

Chris


-Original Message-
From: Maor Lipchuk [mailto:mlipc...@redhat.com] 
Sent: Thursday, August 14, 2014 5:20 AM
To: Chris @ VeeroTech.net
Cc: users@ovirt.org
Subject: Re: [ovirt-users] Request for help - AcquireHostIDFailure

Hi Chris,

Can you please try to restart sanlock on your ovirt nodes and attach and 
activate the storage domain again.
Please tell me if that helps.

Regards,
Maor




- Original Message -
> From: "Chris @ VeeroTech.net" 
> To: users@ovirt.org
> Sent: Thursday, August 14, 2014 2:17:20 AM
> Subject: [ovirt-users] Request for help - AcquireHostIDFailure
> 
> 
> 
> I am having issues when trying to add a Gluster storage disk in Ovirt. The
> volume (ralgv01) is up and active without issues. It is set up as a
> distributed replicated, with four drives dedicated to it, two servers, two
> drives per server. When trying to activate the storage path, I receive the
> AcquireHostIDFailure. Here is what the engine.log is listing:
> 
> 
> 
> 2014-08-14 01:59:21,445 ERROR
> [org.ovirt.engine.core.vdsbroker.vdsbroker.CreateStoragePoolVDSCommand]
> (ajp--127.0.0.1-8702-2) [1d83200a] Command
> CreateStoragePoolVDSCommand(HostName = u6.domain.net, HostId =
> e047c7f6-ed59-4690-b01f-2bb4384acf76,
> storagePoolId=b2b275e8-3aca-425c-b6f8-400c1a6e4ab4, storagePoolName=Raleigh,
> masterDomainId=2b14ee81-fff0-4ae2-b620-c7403486ff66,
> domainsIdList=[2b14ee81-fff0-4ae2-b620-c7403486ff66], masterVersion=10)
> execution failed. Exception: VDSErrorException: VDSGenericException:
> VDSErrorException: Failed to CreateStoragePoolVDS, error = Cannot acquire
> host id: (u'2b14ee81-fff0-4ae2-b620-c7403486ff66', SanlockException(22,
> 'Sanlock lockspace add failure', 'Invalid argument')), code = 661
> 
> 
> 
> Is there something that I am missing causing this error? Server is running
> latest CentOS6. Any help is appreciated.
> 
> 
> 
> Chris
> 
> 
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Ovirt SSL Question

[Sahina Bose]

On 08/14/2014 03:07 PM, Punit Dambiwal wrote:

Hi All,

Is there any one can help me to solve this issue..



Look for details at http://www.ovirt.org/Features/PKI 
(User--SSL-->apache--AJP-->ovirt-engine), that may help you.




Thanks,
Punit


On Wed, Aug 13, 2014 at 9:53 AM, Punit Dambiwal > wrote:


Hi All,

I have one question regarding the SSL settings in Ovirtlet me
explain my environment first :-

1. Ovirt engine :- mgmt.3linux.com 
2. Standalone websocket proxy :- web-proxy.3linux.com

3. Our Own Portal :- portal.3linux.com 

We have the above architecture...we fetch the VM console from the
websocket proxy to our own portal through APIbecause still we
are using selfsigned certificate...we need to trust the
certificate every time,whenever we open the VM console...
(https://http://web-proxy.3linux.com>>:)

When we initiate the VM console through our own web portal the url
 
(https://portal.3linux.com/content/ovirt/noVNC/vm-console.php?id=6e0caf73-ae7d-493e-a51d-ecc32f507f00),if
we accept the SSL certificate with https://http://web-proxy.3linux.com>>: then it will open as
expected but if we didn't accept the certificate manually...then
it through failed to connect:1006 error...

We don't want that every time end user will accept the certificate
manually...as our link to open VM console is different then
webproxy

Now we want to replace the self signed certificate with valid
SSLcan any one tell me where we need to put the certificates
and how to generate the CSR for them and how many SSL we need to
purchase to make this thing workable without accepting the
certificate everytime

Thanks,
Punit




___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Request for help - AcquireHostIDFailure

[Chris @ VeeroTech.net]

Thank you Maor, unfortunately, this has not helped, the same error occurred.

Chris


-Original Message-
From: Maor Lipchuk [mailto:mlipc...@redhat.com] 
Sent: Thursday, August 14, 2014 5:20 AM
To: Chris @ VeeroTech.net
Cc: users@ovirt.org
Subject: Re: [ovirt-users] Request for help - AcquireHostIDFailure

Hi Chris,

Can you please try to restart sanlock on your ovirt nodes and attach and 
activate the storage domain again.
Please tell me if that helps.

Regards,
Maor




- Original Message -
> From: "Chris @ VeeroTech.net" 
> To: users@ovirt.org
> Sent: Thursday, August 14, 2014 2:17:20 AM
> Subject: [ovirt-users] Request for help - AcquireHostIDFailure
> 
> 
> 
> I am having issues when trying to add a Gluster storage disk in Ovirt. The
> volume (ralgv01) is up and active without issues. It is set up as a
> distributed replicated, with four drives dedicated to it, two servers, two
> drives per server. When trying to activate the storage path, I receive the
> AcquireHostIDFailure. Here is what the engine.log is listing:
> 
> 
> 
> 2014-08-14 01:59:21,445 ERROR
> [org.ovirt.engine.core.vdsbroker.vdsbroker.CreateStoragePoolVDSCommand]
> (ajp--127.0.0.1-8702-2) [1d83200a] Command
> CreateStoragePoolVDSCommand(HostName = u6.domain.net, HostId =
> e047c7f6-ed59-4690-b01f-2bb4384acf76,
> storagePoolId=b2b275e8-3aca-425c-b6f8-400c1a6e4ab4, storagePoolName=Raleigh,
> masterDomainId=2b14ee81-fff0-4ae2-b620-c7403486ff66,
> domainsIdList=[2b14ee81-fff0-4ae2-b620-c7403486ff66], masterVersion=10)
> execution failed. Exception: VDSErrorException: VDSGenericException:
> VDSErrorException: Failed to CreateStoragePoolVDS, error = Cannot acquire
> host id: (u'2b14ee81-fff0-4ae2-b620-c7403486ff66', SanlockException(22,
> 'Sanlock lockspace add failure', 'Invalid argument')), code = 661
> 
> 
> 
> Is there something that I am missing causing this error? Server is running
> latest CentOS6. Any help is appreciated.
> 
> 
> 
> Chris
> 
> 
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] activation of iso domain

[Darren Hart]

Hi,

Was wondering if anyone has any ideas about what might be preventing my iso 
domain from attaching to my data centre ? The iso domain was working correctly 
prior to a system restart but is now kicking up an error when I try to attach 
it :

2014-08-14 15:31:31,236 INFO  
[org.ovirt.engine.core.bll.storage.AddStorageServerConnectionCommand] 
(ajp--127.0.0.1-8702-11) [716c8fa1] Lock Acquired to object EngineLock 
[exclusiveLocks= key: 
biochemvm.otago.ac.nz:/Volumes/BiochemXsan/scratch/linux_iso value: 
STORAGE_CONNECTION
, sharedLocks= ]
2014-08-14 15:31:31,242 INFO  
[org.ovirt.engine.core.bll.storage.AddStorageServerConnectionCommand] 
(ajp--127.0.0.1-8702-11) [716c8fa1] Running command: 
AddStorageServerConnectionCommand internal: false. Entities affected :  ID: 
aaa0----123456789aaa Type: System
2014-08-14 15:31:31,243 INFO  
[org.ovirt.engine.core.vdsbroker.vdsbroker.ConnectStorageServerVDSCommand] 
(ajp--127.0.0.1-8702-11) [716c8fa1] START, 
ConnectStorageServerVDSCommand(HostName = hosted_engine, HostId = 
072d95a1-411d-4ee5-bb51-42633f8d5f42, storagePoolId = 
----, storageType = NFS, connectionList = [{ 
id: null, connection: 
biochemvm.otago.ac.nz:/Volumes/BiochemXsan/scratch/linux_iso, iqn: null, 
vfsType: null, mountOptions: null, nfsVersion: null, nfsRetrans: null, 
nfsTimeo: null };]), log id: 26cb4958
2014-08-14 15:31:31,594 INFO  
[org.ovirt.engine.core.vdsbroker.vdsbroker.ConnectStorageServerVDSCommand] 
(ajp--127.0.0.1-8702-11) [716c8fa1] FINISH, ConnectStorageServerVDSCommand, 
return: {----=469}, log id: 26cb4958
2014-08-14 15:31:31,596 INFO  
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] 
(ajp--127.0.0.1-8702-11) [716c8fa1] Correlation ID: null, Call Stack: null, 
Custom Event ID: -1, Message: The error message for connection 
biochemvm.otago.ac.nz:/Volumes/BiochemXsan/scratch/linux_iso returned by VDSM 
was: Permission settings on the specified path do not allow access to the 
storage.
Verify permission settings on the specified storage path.
2014-08-14 15:31:31,597 ERROR 
[org.ovirt.engine.core.bll.storage.NFSStorageHelper] (ajp--127.0.0.1-8702-11) 
[716c8fa1] The connection with details 
biochemvm.otago.ac.nz:/Volumes/BiochemXsan/scratch/linux_iso failed because of 
error code 469 and error message is: permission settings on the specified path 
do not allow access to the storage.
verify permission settings on the specified storage path.
2014-08-14 15:31:31,599 ERROR 
[org.ovirt.engine.core.bll.storage.AddStorageServerConnectionCommand] 
(ajp--127.0.0.1-8702-11) [716c8fa1] Transaction rolled-back for command: 
org.ovirt.engine.core.bll.storage.AddStorageServerConnectionCommand.
2014-08-14 15:31:31,604 INFO  
[org.ovirt.engine.core.bll.storage.AddStorageServerConnectionCommand] 
(ajp--127.0.0.1-8702-11) [716c8fa1] Lock freed to object EngineLock 
[exclusiveLocks= key: 
biochemvm.otago.ac.nz:/Volumes/BiochemXsan/scratch/linux_iso value: 
STORAGE_CONNECTION
, sharedLocks= ]

I’m running a hosted engine install and the NFS export for the iso domain is 
also the single host in the cluster. I have tried deleting the iso domain and 
using an NFS share on a different server to create a new one but it fails with 
the same error message. The NFS export has been tested good in both cases, and 
can be mounted from the hosted engine VM directly if I SSH in and mount. The 
directory has 36:36 permissions and the vdsm user has rw ability with the share 
manually mounted in the hosted-engine vm.

On the hosted-engine box I have also downloaded the nfs testing python script 
and run it against the currently configured nfs share and it returns a OK 
result.

Executing NFS tests..
Removing vdsmTest file..
Status of tests [OK]
Disconnecting from NFS Server..
Done!

I’m a bit stumped as it was working great prior to the restart so not sure what 
might have changed in the process. Selinux is disabled on both the servers I’ve 
attempted to use as NFS shares for the domain.

The data domains are working and one of these is an NFS share to the same 
server as the iso domain.

Anyone have any avenues they can steer me down to where the problem may lie or 
am I missing something obvious ?

Thanks,

Darren Hart | IT Manager | Department of Biochemistry | University of Otago
T - +6434794965 | M - +6421991638
Darren Hart | IT Manager | Department of Biochemistry | University of Otago
T - +6434794965 | M - +6421991638
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] [ovirt-devel] Urgent BUG: renaming of template fails

[Sven Kieske]

Here is some log output to help track this down (from engine.log):

2014-08-14 10:28:35,528 WARN
[org.ovirt.engine.core.dal.job.ExecutionMessageDirector]
(ajp--127.0.0.1-8702-22) [399284fd] The message key UpdateVmTemplate is
missing from bundles/ExecutionMessages
2014-08-14 10:28:35,554 WARN
[org.ovirt.engine.core.bll.UpdateVmTemplateCommand]
(ajp--127.0.0.1-8702-22) [399284fd] CanDoAction of action
UpdateVmTemplate failed. Reasons:VAR__ACTION__UPDATE,VAR__TYPE__VM_TEMP
LATE,ACTION_TYPE_FAILED_NAME_ALREADY_USED
2014-08-14 10:28:35,568 ERROR
[org.ovirt.engine.api.restapi.resource.AbstractBackendResource]
(ajp--127.0.0.1-8702-22) Operation Failed: [Cannot edit Template. The
Template name is already in use, please choose
a unique name and try again.]



-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] hostusb hook - VM device errors in Windows VM

[Dan Kenigsberg]

Maybe Gal has a clue.

On Fri, Jul 25, 2014 at 04:34:14PM -0400, Steve Dainard wrote:
> Any other ideas here? Is there a specific driver I should load instead of
> the Windows default one?
> 
> Thanks,
> Steve
> 
> 
> On Tue, Jul 22, 2014 at 10:23 AM, Steve Dainard 
> wrote:
> 
> > I just saw the "your device can perform faster" warning again in Windows
> > and decided to check it out.
> >
> > Should the USB device be showing under an Intel controller? Is the RH
> > controller only for spice?
> >
> >
> > ​
> >
> >
> > On Tue, Jul 22, 2014 at 10:12 AM, Dan Kenigsberg 
> > wrote:
> >
> >> On Tue, Jul 22, 2014 at 03:50:59PM +0200, Michal Skrivanek wrote:
> >> >
> >> > On Jul 22, 2014, at 15:49 , Steve Dainard 
> >> wrote:
> >> >
> >> > > Hi Michal,
> >> > >
> >> > > How can I generate libvirt xml from rhevm?
> >> >
> >> > "virsh -r dumpxml " on the host
> >>
> >> Or dig into vdsm.log (in case the VM is no longer there)
> >>
> >
> >


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Urgent BUG: renaming of template fails

[Sven Kieske]

Hi,

this is my test setup:

DC1 with local storage, some templates, e.g. "template1"
DC2 with local storage, some templates, e.g. "template2"

what I want to do:

rename "template2" to "template1" in DC 2

actual results:

[Cannot edit Template. The Template name is already in use, please
choose a unique name and try again.]

This fails via GUI and via REST api (GUI blocks the form, you
can't click "ok").

expected results:
Template Names should at the very least just be unique for
one DC, and not for the whole engine.

Strictly speaking even this is not needed as engine uses
UUIDs to identify templates, but I agree that it might
be handier for end users to just allow a template name
once per datacenter.

This occurs on ovirt-engine 3.3.3-2.el6
but I fear this is still present in current 3.5 RC
and even master.

So please, can somebody confirm this bug so I can
open a BZ for this?

Thanks.

PS: the storage architecture type should not
matter, I just added it for completeness sake.

-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] search engine on ovirt.org

[Jorick Astrego]

Hi,

What kind of search software do you use for ovirt.org?

I was looking for "All in One" info but didn't find the page I was 
looking for 
(http://www.ovirt.org/index.php?search=all+in+one&fulltext=Search). 
DuckDuckgo brought me to


http://www.ovirt.org/Feature/AllInOne



   All in One

   *Name*: All in One
   *Modules*: engine,node
   *Target version*: 3.1
   *Status*: Released
   *Last updated*: 2014-03-10 by Oschreib


 Summary

   "All in One" means configuring VDSM on the same host where
   oVirt-engine is installed, so that VMs can be hosted on the same
   machine.

In the text there is clearly All in One mentioned so I wonder why the 
search engine doesn't give me that page. Searching "allinone" does give 
me the correct page.


It does explain why it's sometimes hard to find the information your 
looking for unless you know what you're looking for.



Kind regards,

Jorick Astrego
Netbulae B.V.


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Ovirt SSL Question

[Punit Dambiwal]

Hi All,

Is there any one can help me to solve this issue..

Thanks,
Punit


On Wed, Aug 13, 2014 at 9:53 AM, Punit Dambiwal  wrote:

> Hi All,
>
> I have one question regarding the SSL settings in Ovirtlet me explain
> my environment first :-
>
> 1. Ovirt engine :- mgmt.3linux.com
> 2. Standalone websocket proxy :- web-proxy.3linux.com
> 3. Our Own Portal :- portal.3linux.com
>
> We have the above architecture...we fetch the VM console from the
> websocket proxy to our own portal through APIbecause still we are using
> selfsigned certificate...we need to trust the certificate every
> time,whenever we open the VM console... (https:// >:)
>
> When we initiate the VM console through our own web portal the url  (
> https://portal.3linux.com/content/ovirt/noVNC/vm-console.php?id=6e0caf73-ae7d-493e-a51d-ecc32f507f00),if
> we accept the SSL certificate with https://:
> then it will open as expected but if we didn't accept the certificate
> manually...then it through failed to connect:1006 error...
>
> We don't want that every time end user will accept the certificate
> manually...as our link to open VM console is different then webproxy
>
> Now we want to replace the self signed certificate with valid SSLcan
> any one tell me where we need to put the certificates and how to generate
> the CSR for them and how many SSL we need to purchase to make this thing
> workable without accepting the certificate everytime
>
> Thanks,
> Punit
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Request for help - AcquireHostIDFailure

[Maor Lipchuk]

Hi Chris,

Can you please try to restart sanlock on your ovirt nodes and attach and 
activate the storage domain again.
Please tell me if that helps.

Regards,
Maor




- Original Message -
> From: "Chris @ VeeroTech.net" 
> To: users@ovirt.org
> Sent: Thursday, August 14, 2014 2:17:20 AM
> Subject: [ovirt-users] Request for help - AcquireHostIDFailure
> 
> 
> 
> I am having issues when trying to add a Gluster storage disk in Ovirt. The
> volume (ralgv01) is up and active without issues. It is set up as a
> distributed replicated, with four drives dedicated to it, two servers, two
> drives per server. When trying to activate the storage path, I receive the
> AcquireHostIDFailure. Here is what the engine.log is listing:
> 
> 
> 
> 2014-08-14 01:59:21,445 ERROR
> [org.ovirt.engine.core.vdsbroker.vdsbroker.CreateStoragePoolVDSCommand]
> (ajp--127.0.0.1-8702-2) [1d83200a] Command
> CreateStoragePoolVDSCommand(HostName = u6.domain.net, HostId =
> e047c7f6-ed59-4690-b01f-2bb4384acf76,
> storagePoolId=b2b275e8-3aca-425c-b6f8-400c1a6e4ab4, storagePoolName=Raleigh,
> masterDomainId=2b14ee81-fff0-4ae2-b620-c7403486ff66,
> domainsIdList=[2b14ee81-fff0-4ae2-b620-c7403486ff66], masterVersion=10)
> execution failed. Exception: VDSErrorException: VDSGenericException:
> VDSErrorException: Failed to CreateStoragePoolVDS, error = Cannot acquire
> host id: (u'2b14ee81-fff0-4ae2-b620-c7403486ff66', SanlockException(22,
> 'Sanlock lockspace add failure', 'Invalid argument')), code = 661
> 
> 
> 
> Is there something that I am missing causing this error? Server is running
> latest CentOS6. Any help is appreciated.
> 
> 
> 
> Chris
> 
> 
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Detecting already existing VM on the attached LUN.

[Maor Lipchuk]

Hi Santosh,

Which oVirt version are you using?
If you were using oVirt 3.5 then you might use the Import Storage Domain 
feature to do that. (see [1])

[1] 
http://www.ovirt.org/Features/ImportStorageDomain#Work_flow_for_Import_block_Storage_Domain_-_UI_flow

Regards,
Maor

- Original Message -
From: "santosh" 
To: users@ovirt.org
Sent: Wednesday, August 13, 2014 11:46:16 PM
Subject: [ovirt-users] Detecting already existing VM on the attached LUN.

Hi,

I had a LUN(say L1) from NetApp storage array attached to RHEV iSCSI 
Storage Domain.  I had couple of VMs on this storage domain.
I had destroyed this storage domain when LUN became inaccessible for 
some reasons. Then I created new Storage Doamin with different LUN(say L2)
and created couple of more VMs on it. Now first LUN (L1) is available.

In this scenario, I have following two questions -

1)Can I attach L1 directly?
2)If I can, will I be able to access VMs present on L1?

Thanks, Santosh.



***Legal Disclaimer***
"This communication may contain confidential and privileged material for the
sole use of the intended recipient. Any unauthorized review, use or distribution
by others is strictly prohibited. If you have received the message by mistake,
please advise the sender by reply email and delete the message. Thank you."
**
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Some questions

[Maor Lipchuk]

Hi David,

See my answers inline

Regards,
Maor


- Original Message -
> From: "David cano bailen" 
> To: users@ovirt.org
> Sent: Wednesday, August 13, 2014 2:04:10 PM
> Subject: [ovirt-users] Some questions
> 
> Hi, i installed Engine 3.0 and Node Ovirt 2.6, but it seems very unestable.
> Sometimes machines doesnt starts, nodes doesnt vinculate or UI doesnt work
> fine. I have only 2 nodes and storage its on the same physical machine than
> engine.
> 
> -¿Does Node Ovirt 3.4 work with Engine 3.0?
Engine 3.0 should support backward compatibility for ovirt 3.4. You can verify 
that on the node be executing the following command : "vdsClient -s 0 
getVdsCaps" (-s for secure),
There, you should see a supportedENGINEs list.
> -¿Its necessary shutdown Nodes to do engine upgrade?
no, but take in consideration that after upgrade, those hosts might get into 
non-operational state, in case VDSM version should be upgraded also.
> -¿Are there any problem having the same physical machine for engine and
> storage? ¿what are advantages have on diferents machines?
There is no limitation of doing that,
it's simply a question of the architecture you want to support.
Separating the engine from the Storage server, might be useful to make it more 
high available.
> 
> Thank you
> 
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users