Re: [ovirt-users] iSCSI interface to GlusterFS cluster

[Jorick Astrego]

On 04/12/2015 05:24 PM, Bill Dossett wrote:
>
> Hi,
>
>  
>
> Not sure if this can be done using ovirt engine or if I have to do
> this more at the GlusterFS command level.
>
>  
>
> I have set up a Gluster enabled Cluster with a Volume which is working
> fine…. I can mount it using the filesystem thype glusterfs. 
>
>
> While I am going to test this with Ovirt and VMs eventually.  I am
> currently exploring using the cluster as an iSCSI target and if that
> is possible to configure thru ovirt or if I now need to work more at
> the Gluster command level and don’t get to use the nice UI to
> configure this.
>
>  
>
> Any pointers to what I should read next about this would be appreiciated.
>
>  
>
> Thanks
>
>  
>
> *Bill Dossett*
>
> Systems Architect
>
> *Tech Central – Global Engineering Services*
>
>  
>
> *T* +1 303 440 3523
>
> *M* +44 (0)777 590 8612
>
> bill.doss...@pb.com 
>
> pitneybowes.com 
>
>
> *Pitney Bowes*
>
> 4750 Walnut Street | Boulder, Colorado, 80301 | USA
>
>  
>
>  
>
>
No oVirt doesn't support using the GlusterFS cluster as iSCSI target as
it supports glusterfs native. So you won't get any GUI support from ovirt..

There has been some work done on using GlusterFS in their own community
http://blog.gluster.org/2013/12/libgfapi-and-the-linux-target-driver/ .

But it appears to have stalled a bit
https://forge.gluster.org/gfapi-module-for-linux-target-driver-

Head over to the glusterfs mailinglist for more info.





Met vriendelijke groet, With kind regards,

Jorick Astrego

Netbulae Virtualization Experts 



Tel: 053 20 30 270  i...@netbulae.euStaalsteden 4-3A
KvK 08198180
Fax: 053 20 30 271  www.netbulae.eu 7547 TA Enschede
BTW NL821234584B01



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Ovirt, conexion noVnc and spice problem

[Tomas Jelinek]

what problem do you still have? Still the "noVnc, error: WebUtil reference is 
not defined"? If yes, I'd say the 
novnc.noarch (or the spice-html5.noarch for SPICE) is not installed on your 
server (really, it has to be on the engine machine, not client).

Otherwise I'd say it is because the ca.crt is not imported properly to your 
browser. Just please navigate your client web browser to http:///ca.crt and import it.

Tomas 

- Original Message -
> From: "Marcelo Vera" 
> To: "Tomas Jelinek" 
> Cc: users@ovirt.org
> Sent: Thursday, April 9, 2015 8:16:20 PM
> Subject: Re: [ovirt-users] Ovirt, conexion noVnc and spice problem
> 
> Hi, how are you?
> Thanks for your help, and verified the four points you provided me, and
> point 2 is the one that is causing problems, the WebSocket-Proxy is
> configured, it was set up at the time of installation, and is also running,
> supposedly on port 6100 but when netstat do not find it.
> 
> run, yum install oVirt-engine-websocket-proxy, and turned to install.
> but equally I still have the problem of the WebSocket connection.
> 
> Not if I'm setting wrong or I'm skipping some step.
> 
> Greetings to all
> 
> 
> 2015-04-09 3:16 GMT-04:00 Tomas Jelinek :
> 
> > Hi,
> >
> > please verify the following things:
> > 1: you have the websocket proxy running
> > 2: the "WebSocketProxy" property from engine config points to the running
> > instance of the websocket proxy (it is set using the engine-config)
> > 3: you have the ca.crt of your engine properly imported to your browser (
> > http://engine-addr/ca.crt)
> > 4: the novnc.noarch and the spice-html5.noarch packages are installed on
> > your engine machine
> >
> > Tomas
> >
> > - Original Message -
> > > From: "Marcelo Vera" 
> > > To: users@ovirt.org
> > > Sent: Tuesday, April 7, 2015 5:01:28 PM
> > > Subject: [ovirt-users] Ovirt, conexion noVnc and spice problem
> > >
> > >
> > >
> > > Good morning, thank you for accepting me into this group.
> > > I'm from Paraguay and I am not very good with English, thankfully there
> > is
> > > google translator.
> > > I am new to this, and now have problems with oVirt.
> > > The problem is I can not access the console of the virtual machine in
> > noVnc
> > > mode, or using spice.
> > >
> > > noVnc, error: WebUtil reference is not defined
> > > spice, WebSocket error: Can not connect to websocket on URL ...
> > >
> > > from and I appreciate your help.
> > >
> > > I checked my browser supports websocket and html5
> > >
> > > ___
> > > Users mailing list
> > > Users@ovirt.org
> > > http://lists.ovirt.org/mailman/listinfo/users
> > >
> >
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] ovirt 3.1 to 3.2 up-gradation problem

[smiling dream]

Thanks everyone for your kind cooperation . I have resolved it by
synchronizing server time with  ntp .

Regards

suvro

On Sun, Apr 12, 2015 at 9:19 PM, Yaniv Dary  wrote:

>  logs?
>
> On 04/01/2015 02:24 PM, smiling dream wrote:
>
> after upgradation ovirt engine 3.1 to 3.2 all of my vdsm node goes to
> non responding.
> Error message showing
> This host is in non responding state. Try to Activate it; If the
> problem persists, switch Host to Maintenance mode and try to reinstall
> it.
>
> I have tried to reinstall multiple times but still no success .
>
> Please help .
>
> Regards
>
> Suvro
> ___
> Users mailing listUsers@ovirt.orghttp://lists.ovirt.org/mailman/listinfo/users
>
>
> --
> Yaniv Dary
> Technical Product Manager
> Red Hat Israel Ltd.
> 34 Jerusalem Road
> Building A, 4th floor
> Ra'anana, Israel 4350109
>
> Tel : +972 (9) 7692306
>   8272306
> Email: yd...@redhat.com
> IRC : ydary
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Caused by: java.lang.IllegalStateException: Insufficient amount of free MACs.

[Punit Dambiwal]

Hi Itamar,

Still not...it's a bug in the Ovirt 3.5.1

https://bugzilla.redhat.com/show_bug.cgi?id=1208416
https://gerrit.ovirt.org/#/c/39484/

Hope this can be resolved in 3.5.2...but it seems they will resolve it in
3.6...

Thanks,
Punit


On Sun, Apr 12, 2015 at 7:08 PM, Itamar Heim  wrote:

> On 04/02/2015 07:02 AM, Punit Dambiwal wrote:
>
>> Hi All,
>>
>> Still i am facing the same issue...
>>
>> Thanks,
>> Punit
>>
>> On Tue, Feb 24, 2015 at 11:58 AM, Punit Dambiwal > > wrote:
>>
>> Hi Martin,
>>
>> Did you restart your engine prior to these operations?
>> Yes...and i restarted after the modifications...
>>
>> Isn't possible, that you have it configured with some much smaller
>> range and forgot to restart prior to using new range?
>> No.I configured with big range at first and after that there was
>> no modifications..
>>
>> Also can you give me version of your system?
>> I am using the ovirt 3.5.1.1
>>
>> Thanks,
>> punit
>>
>> On Wed, Feb 18, 2015 at 11:36 PM, Martin Mucha > > wrote:
>>
>> Hi,
>>
>> so the syntax of MAC addresses ranges is ok, log confirmed that
>> I was looking at the right place. I tried to do some tests with
>> pool repeatedly depleting all MAC addresses in random order and
>> then putting all of them back, and everytime I got back to empty
>> pool, so it seems that pool itself does not leak. I'll try to
>> find potential problem, but I'll ask first one more question
>> Martin (the other one) suggested. Did you restart your engine
>> prior to these operations? Isn't possible, that you have it
>> configured with some much smaller range and forgot to restart
>> prior to using new range? Also can you give me version of your
>> system? Newer versions do set ranges differently than via
>> engine-config (also without need to restart).
>>
>> M.
>>
>> - Original Message -
>>  > Hi Martin,
>>  >
>>  > I am using the below mac address pool ranges :-
>> http://ur1.ca/jqudg
>>  >
>>  > Engine Log :- http://ur1.ca/jquep
>>  >
>>  > I have created almost 8 OS templates and every template has 2
>> NIC...and for
>>  > the same i have added the mac address poolthe total mac
>> address should
>>  > be 4072 and i have used in my system is about 1580 mac
>> addressbut now
>>  > when i create new VM it failed with the error "Insufficient
>> amount of free
>>  > MACs"
>>  >
>>  > Thanks,
>>  > Punit
>>  >
>>  >
>>  >
>>  >
>>  > On Tue, Feb 17, 2015 at 7:29 PM, Martin Mucha
>> mailto:mmu...@redhat.com>> wrote:
>>  >
>>  > > Hi,
>>  > >
>>  > > I'm able to track down responsible code using provided
>> error message. I'm
>>  > > not sure what "deploy the VM with Template" is, but I
>> suspect you've
>>  > > imported VM from template. When that happens, for each
>> interface without
>>  > > MAC address is new obtained, or for each of them, when
>> "importing as new".
>>  > > I did not see (so far) anything bad in code. Can you
>> provide me with some
>>  > > details I can verify or work with? Details about that VM
>> (number of it's
>>  > > nics or anything else you think it can be important),
>> defined MAC address
>>  > > range, who else is using this MAC address range, etc.
>>  > >
>>  > > Mar.
>>  > >
>>  > > - Original Message -
>>  > > > Hi,
>>  > > >
>>  > > > I am facing this strange issue if i deploy the VM with
>> Template...
>>  > > >
>>  > > > Caused by: java.lang.IllegalStateException: Insufficient
>> amount of free
>>  > > MACs.
>>  > > >
>>  > > > Actually i have almost 2000 Mac address free in our
>> environment but VM
>>  > > > creation failed with this error :-
>>  > > >
>>  > > > Thanks,
>>  > > > Punit
>>  > > >
>>  > > > ___
>>  > > > Users mailing list
>>  > > > Users@ovirt.org 
>>  > > > http://lists.ovirt.org/mailman/listinfo/users
>>  > > >
>>  > >
>>  >
>>
>>
>>
>>
>>
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
> was this resolved?
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] iSCSI interface to GlusterFS cluster

[Bill Dossett]

Hi,

Not sure if this can be done using ovirt engine or if I have to do this more at 
the GlusterFS command level.

I have set up a Gluster enabled Cluster with a Volume which is working fine 
I can mount it using the filesystem thype glusterfs.

While I am going to test this with Ovirt and VMs eventually.  I am currently 
exploring using the cluster as an iSCSI target and if that is possible to 
configure thru ovirt or if I now need to work more at the Gluster command level 
and don't get to use the nice UI to configure this.

Any pointers to what I should read next about this would be appreiciated.

Thanks

Bill Dossett
Systems Architect

Tech Central - Global Engineering Services

T +1 303 440 3523
M +44 (0)777 590 8612
bill.doss...@pb.com
pitneybowes.com

Pitney Bowes
4750 Walnut Street | Boulder, Colorado, 80301 | USA




In Engineering?
Raise a ticket via Remedy Anywhere 
[HERE]
 takes less than a minute

CloudForms User Guide available 
[HERE]






___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] ovirt 3.1 to 3.2 up-gradation problem

[Yaniv Dary]

logs?

On 04/01/2015 02:24 PM, smiling dream wrote:

after upgradation ovirt engine 3.1 to 3.2 all of my vdsm node goes to
non responding.
Error message showing
This host is in non responding state. Try to Activate it; If the
problem persists, switch Host to Maintenance mode and try to reinstall
it.

I have tried to reinstall multiple times but still no success .

Please help .

Regards

Suvro
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


--
Yaniv Dary
Technical Product Manager
Red Hat Israel Ltd.
34 Jerusalem Road
Building A, 4th floor
Ra'anana, Israel 4350109

Tel : +972 (9) 7692306
  8272306
Email: yd...@redhat.com
IRC : ydary

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Cannot add Posix Storage

[Itamar Heim]

On 04/03/2015 12:31 PM, shimano wrote:

Hi guys,

I think I found the source of problem. The oVirt's documentation says:

Any POSIX compliant filesystem used as a storage domain in oVirt *MUST*
support sparse files and direct I/O.

MooseFS is based on FUSE drivers so it doesn't support direct_io.

My question now is - Can I disable require of direct_io in oVirt? If not
in any option, maybe by little changes in source code?
Why would I do that and why I'm not afraid about I/O performance?
Because I use MooseFS via NFS now and it works perfect, so that's why I
think that Direct I/O is not necessary!



the direct_io requirement is about robustness, not performance. it is 
meant to prevent data corruption in various cases




2015-04-02 9:47 GMT+02:00 shimano mailto:shim...@go2.pl>>:

Hi everyone...

I have a little strange situation... I'm trying to add Posix
Compliant FS Storage Domain based on MooseFS. As You can read below,
oVirt is mounting it correctly but it cannot make a Storage Domain.
Anybody could help?



// Quick investigation

Is /posix mounted?

 root@host008:/tmp mount |grep fuse
 root@host008:/tmp

Nope.
Add Storage Domain via Web Panel with parameters:

 Name: MooseFS
 Domain Function / Storage Type: Data / POSIX Compliant FS
 Use Host: HOST008
 Path: mfsmount
 VFS Type: fuse
 Mount Options:
mfsmaster=mfsmaster,mfsport=9421,mfssubfolder=/posix,_netdev

Debug logs from task:

 JsonRpc (StompReactor)::DEBUG::2015-04-02
08:52:58,231::stompReactor::98::Broker.StompAdapter::(handle_frame)
Handling message 
 JsonRpcServer::DEBUG::2015-04-02
08:52:58,232::__init__::506::jsonrpc.JsonRpcServer::(serve_requests)
Waiting for request
 Thread-549209::DEBUG::2015-04-02
08:52:58,232::__init__::469::jsonrpc.JsonRpcServer::(_serveRequest)
Calling 'StoragePool.connectStorageServer' in bridge with
{'connectionParams': [{'password': '', 'id':
'----', 'connection': 'mfsmount',
'mnt_options':
'mfsmaster=mfsmaster,mfsport=9421,mfssubfolder=/posix,_netdev',
'user': '', 'tpgt': '1', 'vfs_type': 'fuse', 'iqn': '', 'port':
''}], 'storagepoolID': '----',
'domainType': 6}
 Thread-549209::DEBUG::2015-04-02
08:52:58,234::task::595::Storage.TaskManager.Task::(_updateState)
Task=`9bb09583-d8f7-4189-b9ab-81b925f8fc13`::moving from state init
-> state preparing
 Thread-549209::INFO::2015-04-02
08:52:58,234::logUtils::44::dispatcher::(wrapper) Run and protect:
connectStorageServer(domType=6,
spUUID='----', conList=[{'iqn': '',
'port': '', 'connection': 'mfsmount', 'mnt_options':
'mfsmaster=mfsmaster,mfsport=9421,mfssubfolder=/posix,_netdev',
'user': '', 'tpgt': '1', 'vfs_type': 'fuse', 'password': '**',
'id': '----'}], options=None)
 Thread-549209::DEBUG::2015-04-02
08:52:58,237::fileUtils::142::Storage.fileUtils::(createdir)
Creating directory: /rhev/data-center/mnt/mfsmount
 Thread-549209::WARNING::2015-04-02
08:52:58,237::fileUtils::149::Storage.fileUtils::(createdir) Dir
/rhev/data-center/mnt/mfsmount already exists
 Thread-549209::DEBUG::2015-04-02
08:52:58,238::mount::227::Storage.Misc.excCmd::(_runcmd)
/usr/bin/sudo -n /bin/mount -t fuse -o
mfsmaster=mfsmaster,mfsport=9421,mfssubfolder=/posix,_netdev
mfsmount /rhev/data-center/mnt/mfsmount (cwd None)
 JsonRpc (StompReactor)::DEBUG::2015-04-02
08:52:58,271::stompReactor::98::Broker.StompAdapter::(handle_frame)
Handling message 
 JsonRpcServer::DEBUG::2015-04-02
08:52:58,273::__init__::506::jsonrpc.JsonRpcServer::(serve_requests)
Waiting for request
 Thread-549210::DEBUG::2015-04-02
08:52:58,276::stompReactor::163::yajsonrpc.StompServer::(send)
Sending response
 JsonRpc (StompReactor)::DEBUG::2015-04-02
08:52:58,279::stompReactor::98::Broker.StompAdapter::(handle_frame)
Handling message 
 JsonRpcServer::DEBUG::2015-04-02
08:52:58,280::__init__::506::jsonrpc.JsonRpcServer::(serve_requests)
Waiting for request
 Thread-549211::DEBUG::2015-04-02
08:52:58,282::stompReactor::163::yajsonrpc.StompServer::(send)
Sending response
 Thread-549209::ERROR::2015-04-02
08:52:58,523::hsm::2424::Storage.HSM::(connectStorageServer) Could
not connect to storageServer
 Traceback (most recent call last):
 File "/usr/share/vdsm/storage/hsm.py", line 2421, in
connectStorageServer
 conObj.connect()
 File "/usr/share/vdsm/storage/storageServer.py", line 222, in
connect
 self.getMountObj().getRecord().fs_file)
 File "/usr/share/vdsm/storage/mount.py", line 278, in getRecord
 (self.fs_spec, sel

Re: [ovirt-users] Issue with vdsm on EL6 nodes

[Alon Bar-Lev]

- Original Message -
> From: "ybronhei" 
> To: "Alon Bar-Lev" , "Dan Kenigsberg" 
> Cc: users@ovirt.org, "Oved Ourfalli" , de...@ovirt.org
> Sent: Sunday, April 12, 2015 1:56:18 PM
> Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes
> 
> On 04/12/2015 12:17 PM, ybronhei wrote:
> > On 04/07/2015 04:45 PM, Alon Bar-Lev wrote:
> >>
> >>
> >> - Original Message -
> >>> From: "knarra" 
> >>> To: "Alon Bar-Lev" 
> >>> Cc: users@ovirt.org
> >>> Sent: Tuesday, April 7, 2015 3:39:58 PM
> >>> Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes
> >>>
> >>> On 04/07/2015 05:58 PM, Alon Bar-Lev wrote:
> 
>  - Original Message -
> > From: "knarra" 
> > To: "Alon Bar-Lev" 
> > Cc: users@ovirt.org
> > Sent: Tuesday, April 7, 2015 3:25:07 PM
> > Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes
> >
> > On 04/07/2015 05:50 PM, Alon Bar-Lev wrote:
> >> - Original Message -
> >>> From: "knarra" 
> >>> To: users@ovirt.org
> >>> Sent: Tuesday, April 7, 2015 3:15:12 PM
> >>> Subject: [ovirt-users] Issue with vdsm on EL6 nodes
> >>>
> >> 
> >>
> >>> SSLError: [Errno 1] _ssl.c:1390: error:1409442E:SSL
> >>> routines:SSL3_READ_BYTES:tlsv1 alert protocol version
> >>>
> >>> Can some one help me to resolve this issue.
> >> your openssl is patched to disable ssv3, and engine is trying to
> >> communicate using sslv3.
> >>
> >> please upgrade engine to latest z-stream, it should be resolved.
> > Hi Alon,
> >
> >I checked the following value in my database and my engine
> > is using
> > TLSv1 and not sslv3 to comminucate. I am on 3.6 master branch.
> >
> > engine=# select option_name,option_value from vdc_options where
> > option_name = 'VdsmSSLProtocol';
> >   option_name   | option_value
> > -+--
> > VdsmSSLProtocol | TLSv1
> > (1 row)
>  hmmm and you say you get this when you use vdsClient, so maybe
>  it tries
>  to connect using sslv3.
> 
>  is engine working proberly?
> >>> yes, engine works fine, i have few other nodes where i have the same
> >>> vdsm version added to same engine and i do not hit this issue there. I
> >>> am just wondering how is this happening.
> >>>
> >>
> >> compare openssl version.
> >>
> >> yaniv, please fix the vdsClient to use TLSv1
> >>
> > should it use v1 always (forcefully)? we can do that, but currently it
> > chooses the highest version both parties are able to use
> >
> >
> Vdsm uses ssl.PROTOCOL_SSLv23 which chooses the right tls version in
> python 2.7. In el6 we have python 2.6 which picks sslv2 or sslv3 when
> using ssl.PROTOCOL_SSLv23 (the highest version both sides support) -
> 
> ovirt 3.6 (vdsm 4.17 and above) doesn't support el6 anymore therefore
> current 3.6 code works as expected in el7\fedora>20.
> 
> If we want to fix vdsm 4.16.x (ovirt 3.5 package) to use explicitly
> ssl.PROTOCOL_TLSv1 we can do so - but it will be ovirt-3.5 branch only
> 
> do we want that? if so we need bug for 3.5

as far as I understand the ssl.PROTOCOL_SSLv23 will also use TLSv1, the problem 
is at client side not at server side.

Alon
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Issue with vdsm on EL6 nodes

[ybronhei]

On 04/12/2015 12:17 PM, ybronhei wrote:

On 04/07/2015 04:45 PM, Alon Bar-Lev wrote:



- Original Message -

From: "knarra" 
To: "Alon Bar-Lev" 
Cc: users@ovirt.org
Sent: Tuesday, April 7, 2015 3:39:58 PM
Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes

On 04/07/2015 05:58 PM, Alon Bar-Lev wrote:


- Original Message -

From: "knarra" 
To: "Alon Bar-Lev" 
Cc: users@ovirt.org
Sent: Tuesday, April 7, 2015 3:25:07 PM
Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes

On 04/07/2015 05:50 PM, Alon Bar-Lev wrote:

- Original Message -

From: "knarra" 
To: users@ovirt.org
Sent: Tuesday, April 7, 2015 3:15:12 PM
Subject: [ovirt-users] Issue with vdsm on EL6 nodes





SSLError: [Errno 1] _ssl.c:1390: error:1409442E:SSL
routines:SSL3_READ_BYTES:tlsv1 alert protocol version

Can some one help me to resolve this issue.

your openssl is patched to disable ssv3, and engine is trying to
communicate using sslv3.

please upgrade engine to latest z-stream, it should be resolved.

Hi Alon,

   I checked the following value in my database and my engine
is using
TLSv1 and not sslv3 to comminucate. I am on 3.6 master branch.

engine=# select option_name,option_value from vdc_options where
option_name = 'VdsmSSLProtocol';
  option_name   | option_value
-+--
VdsmSSLProtocol | TLSv1
(1 row)

hmmm and you say you get this when you use vdsClient, so maybe
it tries
to connect using sslv3.

is engine working proberly?

yes, engine works fine, i have few other nodes where i have the same
vdsm version added to same engine and i do not hit this issue there. I
am just wondering how is this happening.



compare openssl version.

yaniv, please fix the vdsClient to use TLSv1


should it use v1 always (forcefully)? we can do that, but currently it
chooses the highest version both parties are able to use


Vdsm uses ssl.PROTOCOL_SSLv23 which chooses the right tls version in 
python 2.7. In el6 we have python 2.6 which picks sslv2 or sslv3 when 
using ssl.PROTOCOL_SSLv23 (the highest version both sides support) -


ovirt 3.6 (vdsm 4.17 and above) doesn't support el6 anymore therefore 
current 3.6 code works as expected in el7\fedora>20.


If we want to fix vdsm 4.16.x (ovirt 3.5 package) to use explicitly 
ssl.PROTOCOL_TLSv1 we can do so - but it will be ovirt-3.5 branch only


do we want that? if so we need bug for 3.5

--
Yaniv Bronhaim.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Issue with vdsm on EL6 nodes

[Alon Bar-Lev]

- Original Message -
> From: "ybronhei" 
> To: "Alon Bar-Lev" 
> Cc: "knarra" , users@ovirt.org, "Dima Kuznetsov" 
> 
> Sent: Sunday, April 12, 2015 12:17:03 PM
> Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes
> 
> On 04/07/2015 04:45 PM, Alon Bar-Lev wrote:
> >
> >
> > - Original Message -
> >> From: "knarra" 
> >> To: "Alon Bar-Lev" 
> >> Cc: users@ovirt.org
> >> Sent: Tuesday, April 7, 2015 3:39:58 PM
> >> Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes
> >>
> >> On 04/07/2015 05:58 PM, Alon Bar-Lev wrote:
> >>>
> >>> - Original Message -
>  From: "knarra" 
>  To: "Alon Bar-Lev" 
>  Cc: users@ovirt.org
>  Sent: Tuesday, April 7, 2015 3:25:07 PM
>  Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes
> 
>  On 04/07/2015 05:50 PM, Alon Bar-Lev wrote:
> > - Original Message -
> >> From: "knarra" 
> >> To: users@ovirt.org
> >> Sent: Tuesday, April 7, 2015 3:15:12 PM
> >> Subject: [ovirt-users] Issue with vdsm on EL6 nodes
> >>
> > 
> >
> >> SSLError: [Errno 1] _ssl.c:1390: error:1409442E:SSL
> >> routines:SSL3_READ_BYTES:tlsv1 alert protocol version
> >>
> >> Can some one help me to resolve this issue.
> > your openssl is patched to disable ssv3, and engine is trying to
> > communicate using sslv3.
> >
> > please upgrade engine to latest z-stream, it should be resolved.
>  Hi Alon,
> 
> I checked the following value in my database and my engine is
> using
>  TLSv1 and not sslv3 to comminucate. I am on 3.6 master branch.
> 
>  engine=# select option_name,option_value from vdc_options where
>  option_name = 'VdsmSSLProtocol';
>    option_name   | option_value
>  -+--
>  VdsmSSLProtocol | TLSv1
>  (1 row)
> >>> hmmm and you say you get this when you use vdsClient, so maybe it
> >>> tries
> >>> to connect using sslv3.
> >>>
> >>> is engine working proberly?
> >> yes, engine works fine, i have few other nodes where i have the same
> >> vdsm version added to same engine and i do not hit this issue there. I
> >> am just wondering how is this happening.
> >>
> >
> > compare openssl version.
> >
> > yaniv, please fix the vdsClient to use TLSv1
> >
> should it use v1 always (forcefully)? we can do that, but currently it
> chooses the highest version both parties are able to use

it looks like it uses SSLv3 per this report.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Issue with vdsm on EL6 nodes

[ybronhei]

On 04/07/2015 04:45 PM, Alon Bar-Lev wrote:



- Original Message -

From: "knarra" 
To: "Alon Bar-Lev" 
Cc: users@ovirt.org
Sent: Tuesday, April 7, 2015 3:39:58 PM
Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes

On 04/07/2015 05:58 PM, Alon Bar-Lev wrote:


- Original Message -

From: "knarra" 
To: "Alon Bar-Lev" 
Cc: users@ovirt.org
Sent: Tuesday, April 7, 2015 3:25:07 PM
Subject: Re: [ovirt-users] Issue with vdsm on EL6 nodes

On 04/07/2015 05:50 PM, Alon Bar-Lev wrote:

- Original Message -

From: "knarra" 
To: users@ovirt.org
Sent: Tuesday, April 7, 2015 3:15:12 PM
Subject: [ovirt-users] Issue with vdsm on EL6 nodes





SSLError: [Errno 1] _ssl.c:1390: error:1409442E:SSL
routines:SSL3_READ_BYTES:tlsv1 alert protocol version

Can some one help me to resolve this issue.

your openssl is patched to disable ssv3, and engine is trying to
communicate using sslv3.

please upgrade engine to latest z-stream, it should be resolved.

Hi Alon,

   I checked the following value in my database and my engine is using
TLSv1 and not sslv3 to comminucate. I am on 3.6 master branch.

engine=# select option_name,option_value from vdc_options where
option_name = 'VdsmSSLProtocol';
  option_name   | option_value
-+--
VdsmSSLProtocol | TLSv1
(1 row)

hmmm and you say you get this when you use vdsClient, so maybe it tries
to connect using sslv3.

is engine working proberly?

yes, engine works fine, i have few other nodes where i have the same
vdsm version added to same engine and i do not hit this issue there. I
am just wondering how is this happening.



compare openssl version.

yaniv, please fix the vdsClient to use TLSv1

should it use v1 always (forcefully)? we can do that, but currently it 
chooses the highest version both parties are able to use



--
Yaniv Bronhaim.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users