[ovirt-users] Change IP Address of Ovirt Engine

2015-08-19 Thread Phil Gersekowski 
We have an operational ovirt cluster where all nodes on 1 IP Network, 
and the oVirt Engine is on another IP Network and are wanting to change 
IP Address of the host of the ovirt engine so that it is on the same 
network as the nodes that are managed.


I have not been able to find a definative answer, but since I are NOT 
changing the name of the ovirt engine host, from what I have read it 
seems that all I will need to do is alter the IP Address in the DNS of 
the hostname for the ovirt engine host (apart from plumbing and address 
on the new network into the ovrit engine host of course).


Is this correct, or is there some configuration file on either the 
engine host or the nodes that needs to be updated to reflect the new IP 
Address of the engine host ?





--
Regards,
Phil Gersekowski
IT Director
http://www.aspedia.net  | ph...@aspedia.net 



Aspedia  Phone: *1800 677 656*
Mobile: *0447 546 890*
Suite 1, 1 Clunies Ross Court, Eight Mile Plains QLD 4113 | Map 
 




This message and any files transmitted with it are confidential and 
should be read only by those persons to whom it is addressed. It may 
contain sensitive and private proprietary or legally privileged 
information. No confidentiality or privilege is waived or lost by any 
mistransmission. If you are not the intended recipient, please 
immediately delete this message and notify the sender Aspedia Australia 
Pty Ltd. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the 
intended recipient. Unless otherwise expressly stated by an authorised 
representative of Aspedia Australia Pty Ltd, any views, opinions and 
other information expressed in this message and any attachments are 
solely those of the sender and do not constitute formal views or 
opinions of our company. *Please consider the environment before printing*.


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Servers Hang at 100% CPU On Migration

2015-08-19 Thread Chris Jones - BookIt . com Systems Administrator 

oVirt Node - 3.5 - 0.999.201504280931.el7.centos

When migrating servers using an iSCSI storage domain, about 75% of the 
time they will become unresponsive and stuck at 100% CPU after 
migration. This does not happen with direct LUNs, however.


What causes this? How do I stop it from happening?

Thanks

--
This email was Virus checked by UTM 9. For issues please contact the Windows 
Systems Admin.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Servers Hang at 100% CPU On Migration

2015-08-19 Thread Chris Jones - BookIt . com Systems Administrator 
I forgot to mention that the vm have to be forcefully restarted when 
this happens.


On 08/19/2015 02:15 PM, Chris Jones - BookIt.com Systems Administrator 
wrote:

oVirt Node - 3.5 - 0.999.201504280931.el7.centos

When migrating servers using an iSCSI storage domain, about 75% of the
time they will become unresponsive and stuck at 100% CPU after
migration. This does not happen with direct LUNs, however.

What causes this? How do I stop it from happening?

Thanks


--
This email was Virus checked by UTM 9. For issues please contact the Windows 
Systems Admin.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] vlan-tagging on non-tagged network

2015-08-19 Thread Sven Kieske 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



On 19/08/15 12:55, Juan Pablo Lorier wrote:
> 
> Hi,
> 
> My two cents is that shouldn’t be doing mac spoofing protection as
> a default. There are several use cases where you may use virtual
> nics defined withing the guest and this feature is going to create
> problems to users that may not know that there’s a mac spoofing
> protection withing ovirt. Think of keeaplived vmac option, openvpn
> and any tap adapter you need to create. If you need to protect
> against spoofing attacks, you should use the hook or more powerful
> tools and in any case, you must be aware that you used this kind of
> protection. Regards,


I disagree:

This violates the "secure by default" design pattern.

The default should be secure, furthermore, it was so in every ovirt
release before, so it would be a sudden change.

if you need such advanced network setups in your guests you should be
able to search the documentation.

- -- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +495772 293100
F: +495772 29
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhaus
en
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad
Oeynhausen
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJV1HUjAAoJEMby9TMDAbQR0yEP/0it0Mh2p3EeBUG32uprxGcb
BC0D6QIGIBBLaZutrXSsOYLOlwK+QMTYDneo7S8wbHMLnTgig2fgByF8EJ0f2hg8
ELRsDhGKaKPyGPevJ3i1VUg1A43sBVSAedFAdcpTQjtZKImrOROgu2uquwkeBsju
9+Lwp5nRa64vxeZkyc93Bof3K1LP0L0FV9y3WwoGVd7UdZ2hw+k/4tyVeTRBWybS
phiEPWY9zmfCGOsztfs2LfmVMXtHjgCKpqySlpKuMVFwN0w6jMXst7tK18OU+B1i
2hp0MY79jZQqTW/gc0RK7lQVZjZjphVeyQv9yKIfEA0y8DD2H7XgzfS860Htx+ng
JTRt+iI4VYVaxUtRr3oxPBPoUVG4y4MmtQYUtnG8m5aY9pgrYjeCQIeoyZS5AWxA
Y7gHJpdlBPFNxRdOYI1KNk2RvSxRuzZZ6AgP7gOJXHTylqo0DdIF5xI+vtGteyyX
xaeikGSo0Dcq+FYgwA/qfDRCTXl0TWobvVYcJLch71jJtqZKbcw8TNCbZs8pLJvD
bRM1hy2rLCXD51ieTo/r8uFhE6OuHjUTbRbrBqNlOVMRyCIZuYE0t0Ct5rGTH37t
TVge3Je4o+xF40TdbTA6I29Erl50oZZW+qZg/E2S36bQL7qV55+qvfzTvU64wK9i
pBqXJP7nAFV8vCCrxctX
=qWrQ
-END PGP SIGNATURE-
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Testing Ovirt 3.6 Beta 2

2015-08-19 Thread Sandro Bonazzola 
On Tue, Aug 18, 2015 at 9:37 PM, wodel youchi 
wrote:

> Hi,
>
> I just did.
>
> Thanks you for all your efforts.
>

Bug has been fixed, you can test the fix using an rpm from one of these
links:
http://jenkins.ovirt.org/job/ovirt-hosted-engine-ha_master_create-rpms-fc22-x86_64_merged/11/
http://jenkins.ovirt.org/job/ovirt-hosted-engine-ha_master_create-rpms-el7-x86_64_merged/46/




>
> Regards
>
> 2015-08-18 7:47 GMT+01:00 Sandro Bonazzola :
>
>>
>>
>> On Mon, Aug 17, 2015 at 5:47 PM, wodel youchi 
>> wrote:
>>
>>> Hi,
>>>
>>> I updated this package ovirt-engine-extension-aaa-jdbc to the latest one
>>> available, and the engine's installation terminated successfully.
>>>
>>> this time I disabled selinux and firewalling on hypervisor and on the VM
>>> engine.
>>>
>>> 1 - Still no trace of the VM engine on webui even after adding storage
>>> domain
>>> 2 - the ovirt-ha-agent crashes with this message :
>>> ovirt-ha-agent ovirt_hosted_engine_ha.agent.agent.Agent ERROR Error: '
>>> 'StorageServer' object has no attribute '_self'' - trying to restart
>>> agent
>>>
>>
>>
>> Thanks for reporting, had you opened a bug about it?
>>
>>
>>>
>>> 2015-08-17 0:19 GMT+01:00 wodel youchi :
>>>
 Hi folks,

 Two days ago I redid a test with the second beta, and I had the same
 problem with the VM engine not present on the webui.

 I cleaned up everything and I redid the test today, this I couldn't
 terminate the engine's installation, I had this error after the creation of
 the database

 /usr/share/ovirt-engine-extension-aaa-jdbc/dbscripts/schema.sh option
 non permise -- e

 the script does not accept -e option

 Regards.

 2015-08-06 18:42 GMT+01:00 Alexander Wels :

> On Thursday, August 06, 2015 06:04:44 PM wodel youchi wrote:
> > Hi,
> >
> > A new test with Centos7 as host and Centos7 as VM-engine.
> >
> > The same problem, no VM-engine on Webgui.
> >
> > - I can create and start VMs
> > - I could import my export domain and old data domain
> >
> > There is another problem with host edition, I can't get pass these
> two
> > parameters when I edit a host:
> > - host groups
> > - compute resources
> >
>
> That is a known bug [1], which should be fixed once [2] is merged.
>
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1250547
> [2] https://gerrit.ovirt.org/#/c/44498/
>
> > I don't know what they mean, they are blank, and if I change the
> host's
> > configuration, the two parameters become red, and I don't know what
> to fill
> > in.
> >
> > Regards
> >
> > 2015-08-04 10:54 GMT+01:00 Simone Tiraboschi :
> > > On Tue, Aug 4, 2015 at 11:25 AM, wodel youchi <
> wodel.you...@gmail.com>
> > >
> > > wrote:
> > > > Hi again,
> > > >
> > > > Yes I mean the hosted-egnine VM
> > > >
> > > > I added the first storage domain (NFS4), I even added the ISO
> domain,
> > > > but
> > > > still no vm-engine shown on webui.
> > >
> > > Could you please attach your engine logs on bug # 1222010
> > >
> > > thanks,
> > > Simone
> > >
> > > > Regards.
> > > >
> > > > 2015-08-04 8:19 GMT+01:00 Simone Tiraboschi  >:
> > > >> On Tue, Aug 4, 2015 at 1:28 AM, wodel youchi <
> wodel.you...@gmail.com>
> > > >>
> > > >> wrote:
> > > >> > Hi,
> > > >> >
> > > >> > I redid the installation with Fc22 for the host and the VM
> engine, I
> > > >> > still
> > > >>
> > > >> Did you mean hosted-engine?
> > > >>
> > > >> > have the same problems
> > > >> > - No VM engine on the webui
> > > >>
> > > >> If so there is an open bug on that:
> > > >> https://bugzilla.redhat.com/show_bug.cgi?id=1222010
> > > >> Adding the first normal (non HE) storage domain is enough to
> solve it:
> > > >> when you add the first data domain the datacenter comes up and
> the
> > > >> engine-VM got shown.
> > > >>
> > > >> > - Cannot start a created VM, DB error
> > > >> >
> > > >> > Then I tested with Fc22 for th host and Centos7 for the VM
> engine
> > > >> > - Still no VM engine on webui
> > > >> > - But this time no DB error and the created VM did start.
> > > >> >
> > > >> > Regards.
> > > >> >
> > > >> > 2015-08-03 14:40 GMT+01:00 Sandro Bonazzola <
> sbona...@redhat.com>:
> > > >> >> No, no specific known issue.
> > > >> >>
> > > >> >> On Sat, Aug 1, 2015 at 8:57 PM, Maor Lipchuk <
> mlipc...@redhat.com>
> > > >> >>
> > > >> >> wrote:
> > > >> >>> Sandro, Eyal,
> > > >> >>> Is there any known issue of this specific build?
> > > >> >>>
> > > >> >>> Regards,
> > > >> >>> Maor
> > > >> >>>
> > > >> >>> - Original Message -
> > > >> >>> From: "wodel youchi" 
> > > >> >>> To: "Maor Lipchuk" 
>>>

Re: [ovirt-users] vlan-tagging on non-tagged network

2015-08-19 Thread Juan Pablo Lorier 

Hi,

My two cents is that shouldn’t be doing mac spoofing protection as a default. 
There are several use cases where you may use virtual nics defined withing the 
guest and this feature is going to create problems to users that may not know 
that there’s a mac spoofing protection withing ovirt.
Think of keeaplived vmac option, openvpn and any tap adapter you need to create.
If you need to protect against spoofing attacks, you should use the hook or 
more powerful tools and in any case, you must be aware that you used this kind 
of protection.
Regards,
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] openstack Icehouse EOL

2015-08-19 Thread Yaniv Dary 
Juno was tested with 3.5 as well.
No info on 3.6 at this point.

Yaniv Dary
Technical Product Manager
Red Hat Israel Ltd.
34 Jerusalem Road
Building A, 4th floor
Ra'anana, Israel 4350109

Tel : +972 (9) 7692306
8272306
Email: yd...@redhat.com
IRC : ydary


On Wed, Aug 19, 2015 at 12:32 PM, Jorick Astrego 
wrote:

> Hi,
>
> I've noticed openstack Icehouse is EOL, what is the next recommended
> compatible openstack release for Neutron integration for 3.5?
>
> And for 3.6?
>
>
>
> Met vriendelijke groet, With kind regards,
>
> Jorick Astrego
>
> *Netbulae Virtualization Experts *
> --
> Tel: 053 20 30 270 i...@netbulae.eu Staalsteden 4-3A KvK 08198180 Fax:
> 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
> --
>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] openstack Icehouse EOL

2015-08-19 Thread Jorick Astrego 
Hi,

I've noticed openstack Icehouse is EOL, what is the next recommended
compatible openstack release for Neutron integration for 3.5?

And for 3.6?



Met vriendelijke groet, With kind regards,

Jorick Astrego

Netbulae Virtualization Experts 



Tel: 053 20 30 270  i...@netbulae.euStaalsteden 4-3A
KvK 08198180
Fax: 053 20 30 271  www.netbulae.eu 7547 TA Enschede
BTW NL821234584B01



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] vlan-tagging on non-tagged network

2015-08-19 Thread Felix Pepinghege 

Hi Dan,

On 08/19/2015 10:03 AM, Dan Kenigsberg wrote:

This disable mac spoofing protection for all VMs; even those which are
less trust-worthy. A finer grained approach is to install
vdsm-hook-macspoof


Thanks for pointing that out! I didn't know that this VM-specific 
solution exist.


Regards,
Felix
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] vlan-tagging on non-tagged network

2015-08-19 Thread Dan Kenigsberg 
On Tue, Aug 18, 2015 at 12:32:47PM +0200, Felix Pepinghege wrote:
> Sorry for flooding the mailing list, but I have some new insights in why
> these things I described happen. So just in case someone stumbles over it in
> the future, I like to elaborate.
> 
> The problem is my specific use-case, that is, the VM being an openVPN
> server. By default, ovirt expects exactly one mac address per VM. As one
> vnet device is created for every VM that implies only one mac address per
> vnet device. The ebtables rules that I ran into enforce that. They prevent
> the VM from spoofing other mac addresses, for obvious security reasons.
> This lead to the filtering of all packages of my VPN clients, as their mac
> addresses differed from the VM's.
> 
> That much for the reasons, now some additional words to the solution. Just
> flushing the ebtables table is not a persistent solution, as ovirt creates
> the rules every time a new vnet device is created. This happens on every
> reboot and every migration of the VM. Interesstingly, the filters are
> resistant to turning off the ebtables service with
> '# systemctl stop ebtables'.
> Although the service claims to be inactive, filtering takes place,
> nevertheless.
> I currently fail to find the website that pointed me to it, but the
> persistent solution is to disable the MAC anti spoofing filter. Here's how
> it goes:
> On the engine, do
> # engine-config -s EnableMACAntiSpoofingFilterRules=false
> # systemctl restart ovirt-engine
> After that, the ebtables rules are no longer applied to newly created vnets.
> (Filters for existing vnets are not removed, though)

This disable mac spoofing protection for all VMs; even those which are
less trust-worthy. A finer grained approach is to install
vdsm-hook-macspoof

engine-config -s 
"UserDefinedVMProperties=macspoof=(true|false);another_property=regexp"

define a vnic profile with macspoof=true, and assign it to your VPN VM.

http://www.ovirt.org/Vdsm_Hooks#Installing_a_hook
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Ovirt/Gluster

2015-08-19 Thread Ravishankar N 



On 08/18/2015 04:22 PM, Ramesh Nachimuthu wrote:

+ Ravi from gluster.

Regards,
Ramesh

- Original Message -
From: "Sander Hoentjen" 
To: users@ovirt.org
Sent: Tuesday, August 18, 2015 3:30:35 PM
Subject: [ovirt-users] Ovirt/Gluster

Hi,

We are looking for some easy to manage self contained VM hosting. Ovirt
with GlusterFS seems to fit that bill perfectly. I installed it and then
starting kicking the tires. First results looked promising, but now I
can get a VM to pause indefinitely fairly easy:

My setup is 3 hosts that are in a Virt and Gluster cluster. Gluster is
setup as replica-3. The gluster export is used as the storage domain for
the VM's.


Hi,

What version of gluster and ovirt are you using?



Now when I start the VM all is good, performance is good enough so we
are happy. I then start bonnie++ to generate some load. I have a VM
running on host 1, host 2 is SPM and all 3 VM's are seeing some network
traffic courtesy of gluster.

Now, for fun, suddenly the network on host3 goes bad (iptables -I OUTPUT
-m statistic --mode random --probability 0.75 -j REJECT).
Some time later I see the guest has a small "hickup", I'm guessing that
is when gluster decides host 3 is not allowed to play anymore. No big
deal anyway.
After a while 25% of packages just isn't good enough for Ovirt anymore,
so the host will be fenced.


I'm not sure what fencing means w.r.t ovirt and what it actually fences. 
As far is gluster is concerned, since only one node is blocked, the VM 
image should still be accessible by the VM running on host1.

After a reboot *sometimes* the VM will be
paused, and even after the gluster self-heal is complete it can not be
unpaused, has to be restarted.


Could you provide the gluster mount (fuse?) logs and the brick logs of 
all 3 nodes when the VM is paused? That should give us some clue.


Regards,
Ravi


Is there anything I can do to prevent the VM from being paused?

Regards,
Sander

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users