[ovirt-users] VM Networking not working
I asked this on the IRC channel but I thought I'd ask here too. I have set up a 3 node hosted-engine ovirt cluster. On each host I have bonded 2 10Gb ports that I use for Storage, and 2 10Gb ports that I intend to use for VM traffic. However when I created my first VM and added a VLAN tagged network to it, the VM can't access any external network. I can see the bond, and the bridge on the host. If I give the bridge an IP on the host it can access the network. Also none of the network information is populated in the ovirt engine web ui for the VM. All the Guest Agent Data is blank. Am I missing something? Please let me know what logs will be helpful to troubleshoot. Thanks, Chris ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Can't perform search after setting up an Active Directory
On 05/26/2016 05:28 PM, Alexis HAUSER wrote: This is really weird : If I manually run : dig _ldap._tcp.my_forst_name.com SRV ^_ldap I can see the 4 AD servers in ANSWER, AUTHORITY and ADDITIONAL SECTION If I use : pool.default.serverset.srvrecord.service = ldaps In the logs I see this : "An error occurred while attempting to query DNS in order to retrieve SRV records with name '_ldaps._tcp.my_forest_name.com':" ^_ldaps The same happens with : dig @any_of_the_4_AD_server _ldap._tcp.my_forest_name.com SRV ^_ldap So why dig can resolve it but not ovirt ? you use '_ldaps._tcp' in ovirt not '_ldap._tcp' as in dig. And '_ldaps' is what's missing in your DNS. If I understand correctly, you misunderstood meaning of 'vars.dns' variable. This variables says what DNS server(s) should be used to send DNS queries, instead of the default one from /etc/resolv.conf. So if you specify: vars.dns = dns://ad_server.mydomain.com then aaa-ldap do following: $ dig @ad_server.mydomain.com _ldap._tcp.'pool.default.serverset.srvrecord.domain' SRV if you remove 'vars.dns' varibale then aaa-ldap does following: $ dig _ldap._tcp.'pool.default.serverset.srvrecord.domain' SRV so default DNS servers are used. Interesting, now I understand better... In config files no. The correct approach is configure DNS properly. Because SRV record provides you port on which that service operates. So I would suggest you either create new SRV record named 'ldaps' with port 636(in your AD DNS), or use startTLS with port 389. "ldaps" is also a kind of conventional "microsoft SRV record" like _ldaps_tcp ? Unfortunatelly using '_ldaps._tcp' is not any standart. But that's what usually people do if they can't use startTLS. With startTLS I didn't have any success (and I don't really get why) : "2016-05-26 17:23:36,535 WARN [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (ajp-/127.0.0.1:8702-6) [] [ovirt-engine-extension-aaa-ldap.authn::AD2-authn] Cannot initialize LDAP framework, deferring initialization. Error: : LdapErr: DSID-0C090CF0, comment: Error initializing SSL/TLS, data 0, vece" "{Extkey[name=EXTENSION_INVOKE_MESSAGE;type=class java.lang.String;uuid=EXTENSION_INVOKE_MESSAGE[b7b053de-dc73-4bf7-9d26-b8bdb72f5893];]=: LdapErr: DSID-0C090CF0, comment: Error initializing SSL/TLS, data 0, vece, Extkey[name=EXTENSION_INVOKE_RESULT;type=class java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2}" This message doesn't say much. Can you please send full Java exception stack trace? Don't forget to also remove lines: pool.default.ssl.enable = true pool.default.serverset.srvrecord.service = ldaps ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Hosted-Engine storage migration
Hi, I would like to migrate Hosted Engin VM from a NFS storage domain to another NFS one. I have tried to move data and to update HostedEngine.conf and vm.conf but with no success. Is there a procedure to perform this operation ? Thanks ! Regards, Lionel BEARD Ce message et toutes les pi?ces jointes (ci-apr?s le "message") sont ?tablis ? l'intention exclusive de ses destinataires et sont confidentiels. Si vous recevez ce message par erreur ou s'il ne vous est pas destin?, merci de le d?truire ainsi que toute copie de votre syst?me et d'en avertir imm?diatement l'exp?diteur. Toute lecture non autoris?e, toute utilisation de ce message qui n'est pas conforme ? sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer l'int?grit? de ce message ?lectronique susceptible d'alt?ration, l'exp?diteur (et ses filiales) d?cline(nt) toute responsabilit? au titre de ce message dans l'hypoth?se o? il aurait ?t? modifi? ou falsifi?. This message and any attachments (the "message") is intended solely for the intended recipient(s) and is confidential. If you receive this message in error, or are not the intended recipient(s), please delete it and any copies from your systems and immediately notify the sender. Any unauthorized view, use that does not comply with its purpose, dissemination or disclosure, either whole or partial, is prohibited. Since the internet cannot guarantee the integrity of this message which may not be reliable, the sender (and its subsidiaries) shall not be liable for the message if modified or falsified. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] failing update ovirt-engine on centos 7
Il 26/Mag/2016 12:50, "Yedidyah Bar David"ha scritto: > > On Thu, May 26, 2016 at 1:21 PM, Pavel Gashev wrote: > > I had an issue with updating to 3.6.6. There were errors during engine-setup: > > > > [ ERROR ] Yum Non-fatal POSTUN scriptlet failure in rpm package ovirt-vmconsole-1.0.0-1.el7.centos.noarch > > > > [ ERROR ] Yum Transaction close failed: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/otopi/miniyum.py", line 778, in endTransaction self.processTransaction() File "/usr/lib/python2.7/site-packages/otopi/miniyum.py", line 1064, in processTransaction _('One or more elements within Yum transaction failed') RuntimeError: One or more elements within Yum transaction failed > > > > ovirt-vmconsole has the following uninstall script: > > postuninstall scriptlet (using /bin/sh): > > if [ "$1" -ge "1" ]; then > > semodule -i "/usr/share/selinux/packages/ovirt-vmconsole/ovirt_vmconsole.pp" > > fi > > > > In other words you can't update if you have SELINUX disabled. > > > > The workaround is the following: > > ln -fs /bin/true /usr/sbin/semodule > > Thanks for the report. Adding Francesco. > Please open a bz on ovirt-vmconsole. > > > > > > On 26/05/16 08:43, "users-boun...@ovirt.org on behalf of Yedidyah Bar David" wrote: > > > >>On Wed, May 25, 2016 at 9:11 PM, Fabrice Bacchella > >> wrote: > >>> > >>> Le 25 mai 2016 à 17:25, Kapetanakis Giannis a > >>> écrit : > >>> > >>> On 25/05/16 17:59, Fabrice Bacchella wrote: > >>> > >>> I have an dedicated machin to run ovirt-engine (not hosted). It's an up to > >>> date centos 7.2.1511 > >>> > >>> I installed ovirt 3.6.6 a few weeks ago (May 10 17:56:44 tells me yum.log) > >>> > >>> Now, I'm trying a full yum update and getting : > >>> # yum update > >>> > >>> > >>> Error: Package: ovirt-engine-tools-3.6.5.3-1.el7.centos.noarch (@ovirt-3.6) > >>>Requires: ovirt-engine-tools-backup = 3.6.5.3-1.el7.centos > >>>Removing: ovirt-engine-tools-backup-3.6.5.3-1.el7.centos.noarch > >>> (@ovirt-3.6) > >>>ovirt-engine-tools-backup = 3.6.5.3-1.el7.centos > >>>Updated By: ovirt-engine-tools-backup-3.6.6.2-1.el7.centos.noarch > >>> (ovirt-3.6) > >>>ovirt-engine-tools-backup = 3.6.6.2-1.el7.centos > >>> > >>> > >>> > >>> Follow 3.6.6 release notes to update: > >>> https://www.ovirt.org/release/3.6.6/ > >>> > >>> > >>> yum install http://resources.ovirt.org/pub/yum-repo/ovirt-release36.rpm > >>> yum update ovirt\*setup\* > >>> and then run > >>> engine-setup to update the rest of the packages. > >>> > >>> > >>> I have seen this doc. > >>> > >>> It updates a few components and what about the others ? The readme talk > >>> about running engine-setup, but not that it will updates other packages. I > >>> thought that ovirt-engine is for engine setup, not upgrading. > >> > >>Right. > >> > >>After engine-setup finishes, you should 'yum update' to update the rest. > >> > >>And BTW, this specific issue about tools-backup was fixed in [1]. So a > >>future 'yum update' should not emit this error - although the update > >>sequence is still the same - add repos, update setup packages, engine-setup, > >>update the rest. > >> > >>[1] https://bugzilla.redhat.com/show_bug.cgi?id=1321249 > >>-- > >>Didi > >>___ > >>Users mailing list > >>Users@ovirt.org > >>http://lists.ovirt.org/mailman/listinfo/users > > > > > > -- > Didi > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] moVirt 1.4 RC1 (Android client for oVirt)
- Original Message - > > > On Wed, May 25, 2016 at 6:32 PM, Michal Skrivanek < mskri...@redhat.com > > wrote: > > > > > On 25 May 2016, at 13:50, Tomas Jelinek < tjeli...@redhat.com > wrote: > > > > Hey All, > > > > the first RC of moVirt 1.4 has been released! > > > > It can be downloaded only using direct link[1] - the play store will be > > upgraded after considered stable. > > > > The most important feature of this release was to enhance the dashboard so > > it will look similar to the one coming to oVirt 4.0. > > Screenshot attached. > > > > Other changes: > > - Added new dashboard functionality (virtual/physical consumption, > > clickable cpu/memory consumption) > > - Better UI (dashboard, adding/editing triggers) > > - Better sorting in lists > > - Memory units are now displayed correctly > > - Fixed crashing bugs when looking at hosted engine > > > > Would you like to help/contribute? > > Sure, for example you can: > > - give feedback on the new dashboard (the one from the attachment) > > Looks great! Thanks for the feedback everyone. > > > > I guess the two lists in portrait mode are truncated all the time, it would > probably make more sense to show only one column and switch hosts/vms via > real/virtual toggle > > Or show the top 5 VMs and below it, the top 5 hosts. This way the text isn't > cut: I think we should show only one list (hosts/vms) depending on the state of the view (physical/virtual), which I think will make more sense from UI perspective. > > Most utilized VMs: > abc-vm 107% > def-vm 105% > this-and-that-vm 44% > > Most utilized hosts: > this-host 27% > that-host 30% > > ... > > > > > > > - download RC [1], test it and report bugs > > Small nitpick - the color of the warning icon should not be yellow if there > are no warnings. > Y. Yes this would be better for warnings and error events. > > > > - patches are also welcome :) > > > > have a nice day, > > Tomas > > > > [1]: > > https://github.com/matobet/moVirt/blob/master/moVirt/moVirt-release.apk?raw=true > > ___ The link to the APK has been updated to RC2 (units were changed to display by IEC standard - KiB, MiB, etc.) > > Users mailing list I will start working on the changes mentioned. Filip > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] iSCSI storage maintenance
Hi, I have a simple oVirt setup, with one storage server and a couple of hypervisors, running some 50 VMs. The storage server uses ZFS zvols, exported over iSCSI with SCST. Now I want to do some maintenance on the storage, specificly I want to update SCST to a new version. I expect that the normal procedure for this would be: - shutdown all VMs - put storage domain into maintenance - perform maintenance - get everything back online Now I know I can also take the following ugly shortcut: - stop SCST daemon - see all VMs go to Paused - perform maintenance - restart SCST - resume all VMs or wait for them to resume themselves The win being of course, that nothing has to be restarted/rebooted. Extremely small scale testing (one running VM on a 20 GB test domain) indicates, that this works like a charm. The VM resumes without a problem and doesn't log anything storage related. My question is: what are the risks involved in the shortcut scenario? I understand that there are IOPS that never reach the disk, so they have to be queued somewhere (inside Qemu I presume). What happens if this happens with 50 VMs at once? Best regards, Martijn. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Can't perform search after setting up an Active Directory
This is really weird : If I manually run : dig _ldap._tcp.my_forst_name.com SRV I can see the 4 AD servers in ANSWER, AUTHORITY and ADDITIONAL SECTION If I use : pool.default.serverset.srvrecord.service = ldaps In the logs I see this : "An error occurred while attempting to query DNS in order to retrieve SRV records with name '_ldaps._tcp.my_forest_name.com':" The same happens with : dig @any_of_the_4_AD_server _ldap._tcp.my_forest_name.com SRV So why dig can resolve it but not ovirt ? >If I understand correctly, you misunderstood meaning of 'vars.dns' variable. >This variables says what DNS server(s) should be used to send DNS >queries, instead of the >default one from /etc/resolv.conf. >So if you specify: > vars.dns = dns://ad_server.mydomain.com >then aaa-ldap do following: > $ dig @ad_server.mydomain.com >_ldap._tcp.'pool.default.serverset.srvrecord.domain' SRV >if you remove 'vars.dns' varibale then aaa-ldap does following: > $ dig _ldap._tcp.'pool.default.serverset.srvrecord.domain' SRV >so default DNS servers are used. Interesting, now I understand better... >In config files no. The correct approach is configure DNS properly. >Because SRV record >provides you port on which that service operates. So I would suggest you >either create new SRV record named 'ldaps' with port 636(in your AD >DNS), or use startTLS with port 389. "ldaps" is also a kind of conventional "microsoft SRV record" like _ldaps_tcp ? With startTLS I didn't have any success (and I don't really get why) : "2016-05-26 17:23:36,535 WARN [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (ajp-/127.0.0.1:8702-6) [] [ovirt-engine-extension-aaa-ldap.authn::AD2-authn] Cannot initialize LDAP framework, deferring initialization. Error: : LdapErr: DSID-0C090CF0, comment: Error initializing SSL/TLS, data 0, vece" "{Extkey[name=EXTENSION_INVOKE_MESSAGE;type=class java.lang.String;uuid=EXTENSION_INVOKE_MESSAGE[b7b053de-dc73-4bf7-9d26-b8bdb72f5893];]=: LdapErr: DSID-0C090CF0, comment: Error initializing SSL/TLS, data 0, vece, Extkey[name=EXTENSION_INVOKE_RESULT;type=class java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2}" ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Can't perform search after setting up an Active Directory
On 05/26/2016 03:35 PM, Alexis HAUSER wrote: So it means that aaa-ldap then tries to do following: LDAPTLS_CACERT=/somewhere/myca.pem ldapsearch -H ldaps://mydomain.com:389 -x -D 'CN=Something,DC=myserver,DC=come' -w 'mypaswd' -b 'CN=users,DC=something,DC=com' Which won't work, because you do ldaps on 389 port. (I guess it don't work, unless you changed default AD configuration) What you need to do is to specify a port for ldaps service. It's ussually done as I said before. Yes that's true, it would work only with 636, not 389. Yes, I understood that, and I said before, when I set "pool.default.serverset.srvrecord.service = ldaps", the parameter "vars.dns" is ignored by ovirt... When I use "vars.dns = dns://ad_server.mydomain.com", restart ovirt-engine, attempt to login and then check the logs, I see in the logs it is still trying to use "_ldaps._tcp.university.mydomain.com" instead... It really totally ignore the vars.dns parameter ! If I understand correctly, you misunderstood meaning of 'vars.dns' variable. This variables says what DNS server(s) should be used to send DNS queries, instead of the default one from /etc/resolv.conf. So if you specify: vars.dns = dns://ad_server.mydomain.com then aaa-ldap do following: $ dig @ad_server.mydomain.com _ldap._tcp.'pool.default.serverset.srvrecord.domain' SRV if you remove 'vars.dns' varibale then aaa-ldap does following: $ dig _ldap._tcp.'pool.default.serverset.srvrecord.domain' SRV so default DNS servers are used. Now if use only "vars.dns = dns://ad_server.mydomain.com", and disable (comment) "pool.default.serverset.srvrecord.service = ldaps", in the logs, I see the right DNS used (ad_server.mydomain.com), but as you said, on the wrong port. If I specify the port with "vars.dns = dns://ad_server.mydomain.com:636", I still see in the log it's trying to use port 389. Which mean the port number is totally ignore in "vars.dns" parameter. To get more info how the DNSSRVRecordServerSet works you can read this: https://docs.ldap.com/ldap-sdk/docs/javadoc/com/unboundid/ldap/sdk/DNSSRVRecordServerSet.html Interesting, but here _ldap_tcp is not used. And I'm not a java delopper, I won't know how to do with these classes etc... It seems to confirm what I said : this DNS entry doesn't seem to exist. Yes, and it should, or you need to change _ldap._tcp.university.mydomain.com SRV record to point on 636, or configure 389 port to accept ldaps. That's just my guess. So does it mean there is no way to specify to ovirt config files that I want to use another DNS on 636 port ? In config files no. The correct approach is configure DNS properly. Because SRV record provides you port on which that service operates. So I would suggest you either create new SRV record named 'ldaps' with port 636(in your AD DNS), or use startTLS with port 389. Configurations looks OK, so you hit some bug, can you please opent a bz for it? Thanks. Ok, no problem, I'll do that. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] SELinux and oVirt
Hi Michal, I re-installed the OS and then oVirt on that node, with SELinux enabled, and that has resolved the issue. Thanks for your help. Cheers, Cam On Wed, May 25, 2016 at 7:24 PM, Michal Skrivanekwrote: > > > On 25 May 2016, at 19:29, Cam Mac wrote: > > Hi Michal, > > Ran restorecon -r on '/' (and restarted vdsmd and other services): it is > still getting selinux errors. I'd like to keep selinux running, especially > as it is officially supported > > > Yeah. Hm, dunno why it didn't work, perhaps the config is not set up > correctly. I thought redeploy would fix it but I don't really know the > deployment code so maybe I'm wrong > > (and works on the other node), so I guess the best option is to reinstall > the OS and then install ovirt again perhaps. > > > That's the most easy way out, yes:) > > Thanks, > michal > > > Thanks, > > Campbell > > On Wed, May 25, 2016 at 6:15 PM, Michal Skrivanek > wrote: > >> >> >> On 25 May 2016, at 19:12, Cam Mac wrote: >> >> I'll try that - presumably on the paths it is complaining about, and the >> qemu binarys? >> >> >> It shouldn't hurt on /, it should only help:) >> And if it complains e.g. on attached nfs, the i suppose you need to run >> it there too >> >> >> >> On Wed, May 25, 2016 at 4:59 PM, Michal Skrivanek < >> michal.skriva...@redhat.com> wrote: >> >>> >>> On 25 May 2016, at 17:35, Cam Mac wrote: >>> >>> Hi Michal, >>> >>> I chose the 'reinstall node' option from the GUI menu, which appeared to >>> go ok, however, I still cannot create or migrate a VM on that node. I can >>> see selinux 'denied' messages relating to qemu-kvm, e.g.: >>> >>> type=AVC msg=audit(1464189232.136:251): avc: denied { read } for >>> pid=4019 comm="qemu-kvm" name="65ab-b33a-483a-af46-76f7305e2ae5" >>> dev="sda2" ino=35401 scontext=system_ >>> u:system_r:svirt_t:s0:c720,c927 >>> tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file >>> >>> There are a number of errors in the vdsm log but I assume that relates >>> to selinux blocking it. So perhaps I need to remove all the ovirt packages >>> manually, or perhaps re-install the OS as well? I guess either of those >>> options involves complications with certificates and WWIDs for the attached >>> SAN. >>> >>> Or could I somehow generate selinux labels? >>> >>> >>> yeah, I think it didn’t happen. I though we do relabelling as part of >>> deploy >>> How about running "restorecon -r” now? >>> >>> >>> These nodes + engine are not yet production, though I'd prefer to fix >>> than restart entirely from scratch. >>> >>> Thanks for any help. >>> >>> regards, >>> >>> Campbell >>> >>> >>> On Wed, May 11, 2016 at 3:13 PM, Cam Mac wrote: >>> Ah, ok that makes sense. For the node, is it enough to use the 'reinstall node' option from the GUI, or is it better to reinstall the OS and then deploy it again? Thanks, Cam On Wed, May 11, 2016 at 2:40 PM, Michal Skrivanek < michal.skriva...@redhat.com> wrote: > > On 11 May 2016, at 15:24, Cam Mac wrote: > > Thanks Michal, if reinstalling the engine, (which also had SELinux > disabled at install), would the best way be to backup the engine and then > restore just the ovirt config? > > > for engine..well, VM security is not related to that, those are > running on hypervisors, not the engine. So for any functionality/security > it’s irrelevant what SELinux state it’s in > I’m not sure if relabeling with restorecon is not enough (it sould > work also on nodes, but as I said, it’s likely more safe to reinstall just > to be really really sure:) > Simone, am I right about the restorecon for engine? > > > Cheers, > > Cam > > On Wed, May 11, 2016 at 2:14 PM, Michal Skrivanek < > michal.skriva...@redhat.com> wrote: > >> >> > On 11 May 2016, at 15:02, Cam Mac wrote: >> > >> > Hi, >> > >> > In the oVirt guide, it says that "SELinux is being used by default >> on oVirt Node", but then goes on to say that if you have problems you >> should set it to permissive mode. I have had a few things fail due to >> being >> blocked by SELinux on a node I later enabled SELinux on, as it was off at >> install time. The other node which has had SELinux on from the start and >> so >> far has not had any oVirt operations blocked. I am guessing that the >> oVirt >> install process creates the necessary rules to allow vdsm to run under >> SELinux. So if you want to set SELinux to enforcing after installation, >> is >> there a script to do this, or is it better to just reinstall the node or >> engine, rather than trying to work out the individual exceptions? >> >> For oVirt node it’s easier to reinstall it, it doesn’t persist
Re: [ovirt-users] Changing Cluster CPU Type in a single Host with Hosted Engine environment
On 26/05/16 13:01 +, Ralf Braendli wrote: Hi Thanks a lot for you help. Just to be sure. The Database would be the Datebase on the HostedEngine right ? Right. After this operation should it work directly or is a restart required ? You should most likely restart the machine (to avoid hitting cached values). And for the Bug report this should be done here https://bugzilla.redhat.com/enter_bug.cgi?classification=oVirt ? Yes (ovirt-engine, virt team). Best Regards Ralf Brändli Am 26.05.2016 um 14:42 schrieb Martin Polednik: On 26/05/16 07:12 +, Ralf Braendli wrote: Hi I have the Problem that I selected the wrong CPU Type throw the setup process. Is it posible to change it without an new installation ? Hi! I'm afraid this may not be possible using "regular" approach. You could do this by directly changing the cpu type in database, but this is not supported operation. Just an example what would I do in this case (but proceed carefully before changing anything in the DB): $ su - postgres -c "psql -t engine -c \"SELECT split_part(trim(regexp_split_to_table(option_value, ';')), ':', 2) FROM vdc_options WHERE option_name = 'ServerCPUList' AND version = '3.5';\"" gives you a nice list of supported cpu names (the database name must be exact, so it's better to paste from that list. Intel Conroe Family Intel Penryn Family Intel Nehalem Family Intel Westmere Family Intel SandyBridge Family Intel Haswell-noTSX Family Intel Haswell Family Intel Broadwell-noTSX Family Intel Broadwell Family AMD Opteron G1 AMD Opteron G2 AMD Opteron G3 AMD Opteron G4 AMD Opteron G5 IBM POWER8 Then you can update the cluster directly: $ su - postgres -c "psql -t engine -c \"UPDATE cluster SET cpu_name = 'YOUR CPU NAME' WHERE name = 'YOUR CLUSTER NAME';\"" ('YOUR CPU NAME' and 'YOUR CLUSTER NAME' must of course correspond to the cpu name from the list above and the name of the cluster respectively) Also, could you open a bug on this? I think we should be able to do change the CPU type without all this. Thanks, mpolednik We have a single Host with a Hosted Engine installed. With this installation I can’t put the Host into Maintenance Mode because the Hosted Engine will run on this Host. The Version we us is 3.5.5-1 Best Regards Ralf Brändli ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Changing Cluster CPU Type in a single Host with Hosted Engine environment
Hi Thanks a lot for you help. Just to be sure. The Database would be the Datebase on the HostedEngine right ? After this operation should it work directly or is a restart required ? And for the Bug report this should be done here https://bugzilla.redhat.com/enter_bug.cgi?classification=oVirt ? Best Regards Ralf Brändli > Am 26.05.2016 um 14:42 schrieb Martin Polednik: > > On 26/05/16 07:12 +, Ralf Braendli wrote: >> Hi >> >> I have the Problem that I selected the wrong CPU Type throw the setup >> process. >> Is it posible to change it without an new installation ? > > Hi! > > I'm afraid this may not be possible using "regular" approach. You > could do this by directly changing the cpu type in database, but this > is not supported operation. > > Just an example what would I do in this case (but proceed carefully > before changing anything in the DB): > > $ su - postgres -c "psql -t engine -c \"SELECT > split_part(trim(regexp_split_to_table(option_value, ';')), ':', 2) > FROM vdc_options WHERE option_name = 'ServerCPUList' AND version = > '3.5';\"" > > gives you a nice list of supported cpu names (the database name must > be exact, so it's better to paste from that list. > > Intel Conroe Family > Intel Penryn Family > Intel Nehalem Family > Intel Westmere Family > Intel SandyBridge Family > Intel Haswell-noTSX Family > Intel Haswell Family > Intel Broadwell-noTSX Family > Intel Broadwell Family > AMD Opteron G1 > AMD Opteron G2 > AMD Opteron G3 > AMD Opteron G4 > AMD Opteron G5 > IBM POWER8 > > Then you can update the cluster directly: > > $ su - postgres -c "psql -t engine -c \"UPDATE cluster SET cpu_name = > 'YOUR CPU NAME' WHERE name = 'YOUR CLUSTER NAME';\"" > > ('YOUR CPU NAME' and 'YOUR CLUSTER NAME' must of course correspond to > the cpu name from the list above and the name of the cluster > respectively) > > Also, could you open a bug on this? I think we should be able to do > change the CPU type without all this. > > Thanks, > mpolednik > >> We have a single Host with a Hosted Engine installed. >> With this installation I can’t put the Host into Maintenance Mode because >> the Hosted Engine will run on this Host. >> >> The Version we us is 3.5.5-1 >> >> Best Regards >> >> Ralf Brändli >> ___ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Changing Cluster CPU Type in a single Host with Hosted Engine environment
On 26/05/16 07:12 +, Ralf Braendli wrote: Hi I have the Problem that I selected the wrong CPU Type throw the setup process. Is it posible to change it without an new installation ? Hi! I'm afraid this may not be possible using "regular" approach. You could do this by directly changing the cpu type in database, but this is not supported operation. Just an example what would I do in this case (but proceed carefully before changing anything in the DB): $ su - postgres -c "psql -t engine -c \"SELECT split_part(trim(regexp_split_to_table(option_value, ';')), ':', 2) FROM vdc_options WHERE option_name = 'ServerCPUList' AND version = '3.5';\"" gives you a nice list of supported cpu names (the database name must be exact, so it's better to paste from that list. Intel Conroe Family Intel Penryn Family Intel Nehalem Family Intel Westmere Family Intel SandyBridge Family Intel Haswell-noTSX Family Intel Haswell Family Intel Broadwell-noTSX Family Intel Broadwell Family AMD Opteron G1 AMD Opteron G2 AMD Opteron G3 AMD Opteron G4 AMD Opteron G5 IBM POWER8 Then you can update the cluster directly: $ su - postgres -c "psql -t engine -c \"UPDATE cluster SET cpu_name = 'YOUR CPU NAME' WHERE name = 'YOUR CLUSTER NAME';\"" ('YOUR CPU NAME' and 'YOUR CLUSTER NAME' must of course correspond to the cpu name from the list above and the name of the cluster respectively) Also, could you open a bug on this? I think we should be able to do change the CPU type without all this. Thanks, mpolednik We have a single Host with a Hosted Engine installed. With this installation I can’t put the Host into Maintenance Mode because the Hosted Engine will run on this Host. The Version we us is 3.5.5-1 Best Regards Ralf Brändli ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Can't perform search after setting up an Active Directory
On 05/26/2016 11:56 AM, Alexis HAUSER wrote: Where should I add this ? in /etc/hosts ? Somewhere in the ovirt config ? On the DNS server I'm using ? On DNS you are using, usually on AD DNS. Well actually this DNS name doesn't exist and seem to be only an unspecified variable in ovirt...I have no reason to create a DNS entry for it. If you run: $ dig @one_of_the_adservers.com _ldaps._tcp.mydomain.com SRV you will get something like this: ;; ANSWER SECTION: _ldap._tcp.mydomain.com 600 IN SRV 0 100 389 server1.mydomain.com. _ldap._tcp.mydomain.com. 600 IN SRV 0 100 389 server2.mydomain.com. So it means that aaa-ldap then tries to do following: LDAPTLS_CACERT=/somewhere/myca.pem ldapsearch -H ldaps://mydomain.com:389 -x -D 'CN=Something,DC=myserver,DC=come' -w 'mypaswd' -b 'CN=users,DC=something,DC=com' Which won't work, because you do ldaps on 389 port. (I guess it don't work, unless you changed default AD configuration) What you need to do is to specify a port for ldaps service. It's ussually done as I said before. To get more info how the DNSSRVRecordServerSet works you can read this: https://docs.ldap.com/ldap-sdk/docs/javadoc/com/unboundid/ldap/sdk/DNSSRVRecordServerSet.html I think you missed my previous mail (with the error logs with different parameters for DNS) :) Actually, it's using ldaps yes. It doesnt solve my issue but I don't know where this DNS server comes from, I think it doesn't exist... In AD startTLS usually works by default, strange. Why you disable it? Here we're using ldaps I tried to configure it by adding vars.dns = dns://one_of_the_adservers.com and the same with ":636" at the end, but none of them works, it's still trying to reach this weird address with underlines : _ldaps._tcp.university.mydomain.com This error means, that you don't have SRV record for '_ldaps._tcp.university.mydomain.com'. You need to create first, before changing aaa-ldap configuration. You can check if it's resolvable, by running following command: $ dig @one_of_the_adservers.com _ldaps._tcp.university.mydomain.com SRV dig @one_of_the_adservers.com _ldaps._tcp.university.mydomain.com SRV ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> @one_of_the_adservers.com _ldaps._tcp.university.mydomain.com SRV ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29630 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;_ldaps._tcp.university.mydomain.com. INSRV ;; AUTHORITY SECTION: university.mydomain.com. 3600 IN SOA one_of_the_adservers.com. another_server.com. 36174 900 600 86400 3600 ;; Query time: 5 msec ;; SERVER: X.X.X.X#53(X.X.X.X) ;; WHEN: Thu May 26 11:36:43 2016 ;; MSG SIZE rcvd: 134 It seems to confirm what I said : this DNS entry doesn't seem to exist. Yes, and it should, or you need to change _ldap._tcp.university.mydomain.com SRV record to point on 636, or configure 389 port to accept ldaps. That's just my guess. Actually that's what I said : only .properties file are detected. The problem is about the namespaces : when LDAP.properties file and AD.properties file are activated, the >>namespace suggested in the web interface in the user tab, when choosing AD, is the DN of the LDAP...Which seems to be a bugNamespaces of everything are mixed...And if I >>select internal and then select again AD, a new namespace appears : * (from internal). This a weird behavior, right ? Yes, that's weird, but I guess it's misconfigured. Doesn't your names of extensions conflict? I think that you combine values(names) 'ovirt.engine.extension.name' for both AD and OpenLDAP. It should differ. Can you post those configurations? Actually I don't have any ovirt.engine.extension.name parameter in the aaa/.properties If you mean the authn and authz files, here they are (is that single line with ovirt-engine/ at the end of the first (AD) authz a normal thing...?) : No it's not, 'ovirt-engine/' shouldn't be there. AD : ovirt.engine.extension.name = AD-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = ../aaa/AD.properties ovirt-engine/ ovirt.engine.extension.name = AD-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = AD ovirt.engine.aaa.authn.authz.plugin = AD-authz config.profile.file.1 =
Re: [ovirt-users] failing update ovirt-engine on centos 7
On Thu, May 26, 2016 at 1:21 PM, Pavel Gashevwrote: > I had an issue with updating to 3.6.6. There were errors during engine-setup: > > [ ERROR ] Yum Non-fatal POSTUN scriptlet failure in rpm package > ovirt-vmconsole-1.0.0-1.el7.centos.noarch > > [ ERROR ] Yum Transaction close failed: Traceback (most recent call last): > File "/usr/lib/python2.7/site-packages/otopi/miniyum.py", line 778, in > endTransaction self.processTransaction() File > "/usr/lib/python2.7/site-packages/otopi/miniyum.py", line 1064, in > processTransaction _('One or more elements within Yum transaction > failed') RuntimeError: One or more elements within Yum transaction failed > > ovirt-vmconsole has the following uninstall script: > postuninstall scriptlet (using /bin/sh): > if [ "$1" -ge "1" ]; then > semodule -i > "/usr/share/selinux/packages/ovirt-vmconsole/ovirt_vmconsole.pp" > fi > > In other words you can't update if you have SELINUX disabled. > > The workaround is the following: > ln -fs /bin/true /usr/sbin/semodule Thanks for the report. Adding Francesco. > > > On 26/05/16 08:43, "users-boun...@ovirt.org on behalf of Yedidyah Bar David" > wrote: > >>On Wed, May 25, 2016 at 9:11 PM, Fabrice Bacchella >> wrote: >>> >>> Le 25 mai 2016 à 17:25, Kapetanakis Giannis a >>> écrit : >>> >>> On 25/05/16 17:59, Fabrice Bacchella wrote: >>> >>> I have an dedicated machin to run ovirt-engine (not hosted). It's an up to >>> date centos 7.2.1511 >>> >>> I installed ovirt 3.6.6 a few weeks ago (May 10 17:56:44 tells me yum.log) >>> >>> Now, I'm trying a full yum update and getting : >>> # yum update >>> >>> >>> Error: Package: ovirt-engine-tools-3.6.5.3-1.el7.centos.noarch (@ovirt-3.6) >>>Requires: ovirt-engine-tools-backup = 3.6.5.3-1.el7.centos >>>Removing: ovirt-engine-tools-backup-3.6.5.3-1.el7.centos.noarch >>> (@ovirt-3.6) >>>ovirt-engine-tools-backup = 3.6.5.3-1.el7.centos >>>Updated By: ovirt-engine-tools-backup-3.6.6.2-1.el7.centos.noarch >>> (ovirt-3.6) >>>ovirt-engine-tools-backup = 3.6.6.2-1.el7.centos >>> >>> >>> >>> Follow 3.6.6 release notes to update: >>> https://www.ovirt.org/release/3.6.6/ >>> >>> >>> yum install http://resources.ovirt.org/pub/yum-repo/ovirt-release36.rpm >>> yum update ovirt\*setup\* >>> and then run >>> engine-setup to update the rest of the packages. >>> >>> >>> I have seen this doc. >>> >>> It updates a few components and what about the others ? The readme talk >>> about running engine-setup, but not that it will updates other packages. I >>> thought that ovirt-engine is for engine setup, not upgrading. >> >>Right. >> >>After engine-setup finishes, you should 'yum update' to update the rest. >> >>And BTW, this specific issue about tools-backup was fixed in [1]. So a >>future 'yum update' should not emit this error - although the update >>sequence is still the same - add repos, update setup packages, engine-setup, >>update the rest. >> >>[1] https://bugzilla.redhat.com/show_bug.cgi?id=1321249 >>-- >>Didi >>___ >>Users mailing list >>Users@ovirt.org >>http://lists.ovirt.org/mailman/listinfo/users > -- Didi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] failing update ovirt-engine on centos 7
I had an issue with updating to 3.6.6. There were errors during engine-setup: [ ERROR ] Yum Non-fatal POSTUN scriptlet failure in rpm package ovirt-vmconsole-1.0.0-1.el7.centos.noarch [ ERROR ] Yum Transaction close failed: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/otopi/miniyum.py", line 778, in endTransaction self.processTransaction() File "/usr/lib/python2.7/site-packages/otopi/miniyum.py", line 1064, in processTransaction _('One or more elements within Yum transaction failed') RuntimeError: One or more elements within Yum transaction failed ovirt-vmconsole has the following uninstall script: postuninstall scriptlet (using /bin/sh): if [ "$1" -ge "1" ]; then semodule -i "/usr/share/selinux/packages/ovirt-vmconsole/ovirt_vmconsole.pp" fi In other words you can't update if you have SELINUX disabled. The workaround is the following: ln -fs /bin/true /usr/sbin/semodule On 26/05/16 08:43, "users-boun...@ovirt.org on behalf of Yedidyah Bar David"wrote: >On Wed, May 25, 2016 at 9:11 PM, Fabrice Bacchella > wrote: >> >> Le 25 mai 2016 à 17:25, Kapetanakis Giannis a >> écrit : >> >> On 25/05/16 17:59, Fabrice Bacchella wrote: >> >> I have an dedicated machin to run ovirt-engine (not hosted). It's an up to >> date centos 7.2.1511 >> >> I installed ovirt 3.6.6 a few weeks ago (May 10 17:56:44 tells me yum.log) >> >> Now, I'm trying a full yum update and getting : >> # yum update >> >> >> Error: Package: ovirt-engine-tools-3.6.5.3-1.el7.centos.noarch (@ovirt-3.6) >>Requires: ovirt-engine-tools-backup = 3.6.5.3-1.el7.centos >>Removing: ovirt-engine-tools-backup-3.6.5.3-1.el7.centos.noarch >> (@ovirt-3.6) >>ovirt-engine-tools-backup = 3.6.5.3-1.el7.centos >>Updated By: ovirt-engine-tools-backup-3.6.6.2-1.el7.centos.noarch >> (ovirt-3.6) >>ovirt-engine-tools-backup = 3.6.6.2-1.el7.centos >> >> >> >> Follow 3.6.6 release notes to update: >> https://www.ovirt.org/release/3.6.6/ >> >> >> yum install http://resources.ovirt.org/pub/yum-repo/ovirt-release36.rpm >> yum update ovirt\*setup\* >> and then run >> engine-setup to update the rest of the packages. >> >> >> I have seen this doc. >> >> It updates a few components and what about the others ? The readme talk >> about running engine-setup, but not that it will updates other packages. I >> thought that ovirt-engine is for engine setup, not upgrading. > >Right. > >After engine-setup finishes, you should 'yum update' to update the rest. > >And BTW, this specific issue about tools-backup was fixed in [1]. So a >future 'yum update' should not emit this error - although the update >sequence is still the same - add repos, update setup packages, engine-setup, >update the rest. > >[1] https://bugzilla.redhat.com/show_bug.cgi?id=1321249 >-- >Didi >___ >Users mailing list >Users@ovirt.org >http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Can't perform search after setting up an Active Directory
>> Where should I add this ? in /etc/hosts ? Somewhere in the ovirt config ? On >> the DNS server I'm using ? >On DNS you are using, usually on AD DNS. Well actually this DNS name doesn't exist and seem to be only an unspecified variable in ovirt...I have no reason to create a DNS entry for it. I think you missed my previous mail (with the error logs with different parameters for DNS) :) >> Actually, it's using ldaps yes. It doesnt solve my issue but I don't know >> where this DNS server comes from, I think it doesn't exist... >In AD startTLS usually works by default, strange. Why you disable it? Here we're using ldaps > > I tried to configure it by adding vars.dns = dns://one_of_the_adservers.com > and the same with ":636" at the end, but none of them works, it's still > trying to reach this weird address with underlines : > _ldaps._tcp.university.mydomain.com >This error means, that you don't have SRV record for >'_ldaps._tcp.university.mydomain.com'. You need to create first, before >changing aaa-ldap configuration. >You can check if it's resolvable, by running following command: > $ dig @one_of_the_adservers.com _ldaps._tcp.university.mydomain.com SRV dig @one_of_the_adservers.com _ldaps._tcp.university.mydomain.com SRV ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> @one_of_the_adservers.com _ldaps._tcp.university.mydomain.com SRV ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29630 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;_ldaps._tcp.university.mydomain.com. INSRV ;; AUTHORITY SECTION: university.mydomain.com. 3600 IN SOA one_of_the_adservers.com. another_server.com. 36174 900 600 86400 3600 ;; Query time: 5 msec ;; SERVER: X.X.X.X#53(X.X.X.X) ;; WHEN: Thu May 26 11:36:43 2016 ;; MSG SIZE rcvd: 134 It seems to confirm what I said : this DNS entry doesn't seem to exist. >> Actually that's what I said : only .properties file are detected. The >> problem is about the namespaces : when LDAP.properties file and >> AD.properties file are activated, the >>namespace suggested in the web >> interface in the user tab, when choosing AD, is the DN of the LDAP...Which >> seems to be a bugNamespaces of everything are mixed...And if I >>select >> internal and then select again AD, a new namespace appears : * (from >> internal). >> This a weird behavior, right ? >> >Yes, that's weird, but I guess it's misconfigured. Doesn't your names of >extensions conflict? >I think that you combine values(names) 'ovirt.engine.extension.name' for >both AD and OpenLDAP. It should differ. Can you post those configurations? Actually I don't have any ovirt.engine.extension.name parameter in the aaa/.properties If you mean the authn and authz files, here they are (is that single line with ovirt-engine/ at the end of the first (AD) authz a normal thing...?) : AD : ovirt.engine.extension.name = AD-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = ../aaa/AD.properties ovirt-engine/ ovirt.engine.extension.name = AD-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = AD ovirt.engine.aaa.authn.authz.plugin = AD-authz config.profile.file.1 = ../aaa/AD.properties LDAP : ovirt.engine.extension.name = public-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = ../aaa/public.properties ovirt.engine.extension.name = public-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = public ovirt.engine.aaa.authn.authz.plugin = public-authz config.profile.file.1 = ../aaa/public.properties ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Can't perform search after setting up an Active Directory
On 05/26/2016 10:11 AM, Alexis HAUSER wrote: You use 389 with SSL? I guess you wrongly specified it. But, if you want to use SSL and you have it on 636, then you should create new SRV dns records for example: _ldaps._tcp.university.mydomain.com ... 636 Where should I add this ? in /etc/hosts ? Somewhere in the ovirt config ? On the DNS server I'm using ? On DNS you are using, usually on AD DNS. and then change: pool.default.serverset.srvrecord.service=ldaps But I guess you wanted to use startTLS with 389, which you can enable by adding: pool.default.ssl.startTLS=true and remove line: pool.default.ssl.enable=true Does it solve your issue? Actually, it's using ldaps yes. It doesnt solve my issue but I don't know where this DNS server comes from, I think it doesn't exist... In AD startTLS usually works by default, strange. Why you disable it? I tried to configure it by adding vars.dns = dns://one_of_the_adservers.com and the same with ":636" at the end, but none of them works, it's still trying to reach this weird address with underlines : _ldaps._tcp.university.mydomain.com "2016-05-26 09:54:52,872 WARN [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (ajp-/127.0.0.1:8702-7) [] [ovirt-engine-extension-aaa-ldap.authn::AD-authn] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to query DNS in order to retrieve SRV records with name '_ldaps._tcp.university.mydomain.com': javax.naming.NameNotFoundException: DNS name not found [response code 3]; remaining name '_ldaps._tcp.campus.enst-bretagne.fr'" This error means, that you don't have SRV record for '_ldaps._tcp.university.mydomain.com'. You need to create first, before changing aaa-ldap configuration. You can check if it's resolvable, by running following command: $ dig @one_of_the_adservers.com _ldaps._tcp.university.mydomain.com SRV I meant I had to disable the LDAP (openLDAP) profile, renaming the file with .save so ovirt doesn't detect them. If both profiles are activated, ovirt-web interface propose >>me the DN of the LDAP into AD (in namespace field)... Is that a bug or normal behavior ? Hmm, that's strange, because only files with *.properties suffix should be detected and used. So yes please open bz that also other suffixes are loaded. Actually that's what I said : only .properties file are detected. The problem is about the namespaces : when LDAP.properties file and AD.properties file are activated, the namespace suggested in the web interface in the user tab, when choosing AD, is the DN of the LDAP...Which seems to be a bugNamespaces of everything are mixed...And if I select internal and then select again AD, a new namespace appears : * (from internal). This a weird behavior, right ? Yes, that's weird, but I guess it's misconfigured. Doesn't your names of extensions conflict? I think that you combine values(names) 'ovirt.engine.extension.name' for both AD and OpenLDAP. It should differ. Can you post those configurations? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Can't perform search after setting up an Active Directory
>Please don't port 636 for DNS server, 636 is only for LDAPS protocol: >vars.dns = dns://one.of.adservers.com Ok, but as I explained, even without using 636, the result is the same. When using the option "pool.default.serverset.srvrecord.service = ldaps" and "dns://one.of.adservers.com" I get the following error (it still trying to point to the wrong adress) "{Extkey[name=EXTENSION_INVOKE_MESSAGE;type=class java.lang.String;uuid=EXTENSION_INVOKE_MESSAGE[b7b053de-dc73-4bf7-9d26-b8bdb72f5893];]=An error occurred while attempting to query DNS in order to retrieve SRV records with name 'ldaps._tcp.university.mydomain.com': javax.naming.NameNotFoundException: DNS name not found [response code 3]; remaining name 'ldaps._tcp.university.mydomain.com', Extkey[name=EXTENSION_INVOKE_RESULT;type=class java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2}" when disabling (commenting the line) "pool.default.serverset.srvrecord.service = ldaps" I get the following error : "{Extkey[name=EXTENSION_INVOKE_MESSAGE;type=class java.lang.String;uuid=EXTENSION_INVOKE_MESSAGE[b7b053de-dc73-4bf7-9d26-b8bdb72f5893];]=An error occurred while attempting to connect to server one.of.adservers.com:389: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='Unable to verify an attempt to to establish a secure connection to 'one.of.adservers.com:389' because an unexpected error was encountered during validation processing: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated') caused by LDAPException(resultCode=91 (connect error), errorMessage='Unable to verify an attempt to to establish a secure connection to 'one.of.adservers.com:389' because an unexpected error was encountered during validation processing: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated')LDAPException(resultCode=91 (connect error), errorMessage='Unable to verify an attempt to to establish a secure connection to 'one.of.adservers.com:389' because an unexpected error was encountered during validation processing: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated') caused by javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated, Extkey[name=EXTENSION_INVOKE_RESULT;type=class java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2}" So I think I need a way to combine both of them, but using the right dns, what option can do that ? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Fwd: Struggling to get the network work
On Wed, May 25, 2016 at 2:28 PM, Anantha Raghava < rag...@exzatechconsulting.com> wrote: > > Hi, > > Just to add on the previous mail, the vNIC is added over a Physical NIC > that does not have any IP address, but enabled and connected. > > -- > > Thanks & Regards, > > > Anantha Raghava > Forwarded Message > Subject: Struggling to get the network work > Date: Wed, 25 May 2016 15:41:06 +0530 > From: Anantha Raghava> > Reply-To: rag...@exzatechconsulting.com > Organization: eXza Technology Consulting & Services > To: users > > > Hi, > > I have a peculiar problem with oVirt 3.6. Any VM connected to ovrtmgmt is > working absolutely fine, bu the VMs (Windows Guests) in different VLANs say > 10, 32, 34, 40, 48 & 69 are not able to even ping their respective > gateways. In other words, network packets are not coming out of the VMs at > all. > > 1. Our infrastructure consists of Lenovo Flex Chassis with 3 Lenovo x240 > Compute nodes. All nodes are up and running and VMs are also created and > guest OS installed. > 2. Chassis switch has a trunk port that carries all VLAN traffic. > 3. I have created logical networks and added VLAN tags (10, 32, 24, 40, 48 > & 69). > 4. I have attached the vNIC to each host and assigned static IP in > respective VLANs. For example in VLAN 32, the vNIC is assigned with > 172.20.101.70, subnet: 255.255.255.192, Gateway: 172.20.101.65 > 5. VMs are mapped with respective vNIC and assigned IPs in respective > VLAN. For Example, VM in VLAN 32 has 172.20.101.79 as IP, 255.255.255.192 > as subnet and 172.20.101.65 as gateway. > > Now, VM is able to ping vNIC in VLAN 32, but neither VM is able to ping > the gateway nor hosts are able to ping vNIC or the VM. > > We even attempted with replacing a trunk port with access port, but same > issue continues. > > What could have gone wrong? Any thing missing on oVirt configuration? > > A quick help is highly appreciated. > > -- > > > -- > > Thanks & Regards, > > > Anantha Raghava > > > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > > Only a guess: On the VM OS, do not define any VLAN on its vnics. Each VM that is assigned to a vlan network on the host will have its traffic tagged only when traffic will go out of the network to the 'world'. So the VM is not aware that the traffic will be tagged when passing through the host. If this is not the case, please share the screenshots of what you configured for one of the networks (including the vnic) and on the VM. Thanks, Edy. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Can't perform search after setting up an Active Directory
On Thu, May 26, 2016 at 10:11 AM, Alexis HAUSER < alexis.hau...@telecom-bretagne.eu> wrote: > >You use 389 with SSL? I guess you wrongly specified it. > >But, if you want to use SSL and you have it on 636, then you should > >create new SRV dns > >records for example: _ldaps._tcp.university.mydomain.com ... 636 > > Where should I add this ? in /etc/hosts ? Somewhere in the ovirt config ? > On the DNS server I'm using ? > > >and then change: > > pool.default.serverset.srvrecord.service=ldaps > >But I guess you wanted to use startTLS with 389, which you can enable by > >adding: > > pool.default.ssl.startTLS=true > >and remove line: > > pool.default.ssl.enable=true > >Does it solve your issue? > > Actually, it's using ldaps yes. It doesnt solve my issue but I don't know > where this DNS server comes from, I think it doesn't exist... > > I tried to configure it by adding vars.dns = dns:// > one_of_the_adservers.com and the same with ":636" at the end, but none of > them works, it's still trying to reach this weird address with underlines : > _ldaps._tcp.university.mydomain.com Please don't port 636 for DNS server, 636 is only for LDAPS protocol: vars.dns = dns://one.of.adservers.com > > > "2016-05-26 09:54:52,872 WARN > [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (ajp-/127.0.0.1:8702-7) > [] [ovirt-engine-extension-aaa-ldap.authn::AD-authn] Cannot initialize LDAP > framework, deferring initialization. Error: An error occurred while > attempting to query DNS in order to retrieve SRV records with name '_ldaps._ > tcp.university.mydomain.com': javax.naming.NameNotFoundException: DNS > name not found [response code 3]; remaining name '_ldaps._ > tcp.campus.enst-bretagne.fr'" > > >> I meant I had to disable the LDAP (openLDAP) profile, renaming the file > with .save so ovirt doesn't detect them. If both profiles are activated, > ovirt-web interface propose >>me the DN of the LDAP into AD (in namespace > field)... Is that a bug or normal behavior ? > >> > >Hmm, that's strange, because only files with *.properties suffix should > >be detected and used. So yes please open bz that also other suffixes are > >loaded. > > Actually that's what I said : only .properties file are detected. The > problem is about the namespaces : when LDAP.properties file and > AD.properties file are activated, the namespace suggested in the web > interface in the user tab, when choosing AD, is the DN of the LDAP...Which > seems to be a bugNamespaces of everything are mixed...And if I select > internal and then select again AD, a new namespace appears : * (from > internal). > This a weird behavior, right ? > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Can't perform search after setting up an Active Directory
On Thu, May 26, 2016 at 10:11 AM, Alexis HAUSER < alexis.hau...@telecom-bretagne.eu> wrote: > >You use 389 with SSL? I guess you wrongly specified it. > >But, if you want to use SSL and you have it on 636, then you should > >create new SRV dns > >records for example: _ldaps._tcp.university.mydomain.com ... 636 > > Where should I add this ? in /etc/hosts ? Somewhere in the ovirt config ? > On the DNS server I'm using ? > > >and then change: > > pool.default.serverset.srvrecord.service=ldaps > >But I guess you wanted to use startTLS with 389, which you can enable by > >adding: > > pool.default.ssl.startTLS=true > >and remove line: > > pool.default.ssl.enable=true > >Does it solve your issue? > > Actually, it's using ldaps yes. It doesnt solve my issue but I don't know > where this DNS server comes from, I think it doesn't exist... > > I tried to configure it by adding vars.dns = dns:// > one_of_the_adservers.com and the same with ":636" at the end, but none of > them works, it's still trying to reach this weird address with underlines : > _ldaps._tcp.university.mydomain.com > > "2016-05-26 09:54:52,872 WARN > [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (ajp-/127.0.0.1:8702-7) > [] [ovirt-engine-extension-aaa-ldap.authn::AD-authn] Cannot initialize LDAP > framework, deferring initialization. Error: An error occurred while > attempting to query DNS in order to retrieve SRV records with name '_ldaps._ > tcp.university.mydomain.com': javax.naming.NameNotFoundException: DNS > name not found [response code 3]; remaining name '_ldaps._ > tcp.campus.enst-bretagne.fr'" > > >> I meant I had to disable the LDAP (openLDAP) profile, renaming the file > with .save so ovirt doesn't detect them. If both profiles are activated, > ovirt-web interface propose >>me the DN of the LDAP into AD (in namespace > field)... Is that a bug or normal behavior ? > >> > >Hmm, that's strange, because only files with *.properties suffix should > >be detected and used. So yes please open bz that also other suffixes are > >loaded. > > Actually that's what I said : only .properties file are detected. The > problem is about the namespaces : when LDAP.properties file and > AD.properties file are activated, the namespace suggested in the web > interface in the user tab, when choosing AD, is the DN of the LDAP...Which > seems to be a bugNamespaces of everything are mixed...And if I select > internal and then select again AD, a new namespace appears : * (from > internal). > This a weird behavior, right ? > If I understand correctly, you have only one AD server/domain, right? If so, what do you want to use profile LDAP.properties for? > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Can't perform search after setting up an Active Directory
>You use 389 with SSL? I guess you wrongly specified it. >But, if you want to use SSL and you have it on 636, then you should >create new SRV dns >records for example: _ldaps._tcp.university.mydomain.com ... 636 Where should I add this ? in /etc/hosts ? Somewhere in the ovirt config ? On the DNS server I'm using ? >and then change: > pool.default.serverset.srvrecord.service=ldaps >But I guess you wanted to use startTLS with 389, which you can enable by >adding: > pool.default.ssl.startTLS=true >and remove line: > pool.default.ssl.enable=true >Does it solve your issue? Actually, it's using ldaps yes. It doesnt solve my issue but I don't know where this DNS server comes from, I think it doesn't exist... I tried to configure it by adding vars.dns = dns://one_of_the_adservers.com and the same with ":636" at the end, but none of them works, it's still trying to reach this weird address with underlines : _ldaps._tcp.university.mydomain.com "2016-05-26 09:54:52,872 WARN [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (ajp-/127.0.0.1:8702-7) [] [ovirt-engine-extension-aaa-ldap.authn::AD-authn] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to query DNS in order to retrieve SRV records with name '_ldaps._tcp.university.mydomain.com': javax.naming.NameNotFoundException: DNS name not found [response code 3]; remaining name '_ldaps._tcp.campus.enst-bretagne.fr'" >> I meant I had to disable the LDAP (openLDAP) profile, renaming the file with >> .save so ovirt doesn't detect them. If both profiles are activated, >> ovirt-web interface propose >>me the DN of the LDAP into AD (in namespace >> field)... Is that a bug or normal behavior ? >> >Hmm, that's strange, because only files with *.properties suffix should >be detected and used. So yes please open bz that also other suffixes are >loaded. Actually that's what I said : only .properties file are detected. The problem is about the namespaces : when LDAP.properties file and AD.properties file are activated, the namespace suggested in the web interface in the user tab, when choosing AD, is the DN of the LDAP...Which seems to be a bugNamespaces of everything are mixed...And if I select internal and then select again AD, a new namespace appears : * (from internal). This a weird behavior, right ? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Network problem with bonding and Windows guests
On Wed, May 25, 2016 at 2:10 PM, Maxence Sartiauxwrote: > Yep work good ! > > Adding > > ETHTOOL_OPTIONS='-K iface lro off' > > to the slave interfaces config file did the job :) > > Thank you ! > > On Wed, 2016-05-25 at 10:37 +0100, Alex Crow wrote: > > On 25/05/16 10:28, Maxence Sartiaux wrote: > > Hello, > > I've a problem, all my ovirt hosts are linked with a bonding mode 4 > (802.3ad LACP) 2x10Gbps > Eveything is okay with unix guest but with Windows guest, i can ping but > internet browsing is impossible (sometime i have a part of the page, very > rare case) > > If i remove the bonding and bridge one interface, windows work good. > > I've tried with windows 7 and windows 10, guest additions are installed > VirtIO / rtl3189 tested, same problem > > My bonding opts : mode=4 lacp_rate=1 miimon=100 > Interface MTU 9000 > > Bonding mode 2 also tested > > > On the hosts, try setting LRO off on the members of your bond, see if it > makes a difference > > eg, > > ethtool -K ens3f0 lro off > ethtool -K ens3f1 lro off > > Alex > > > -- > This message is intended only for the addressee and may contain > confidential information. Unless you are that person, you may not > disclose its contents or use it in any way and are requested to delete > the message along with any attachments and notify us immediately. > This email is not intended to, nor should it be taken to, constitute advice. > The information provided is correct to our knowledge & belief and must not > be used as a substitute for obtaining tax, regulatory, investment, legal or > any other appropriate advice. > > "Transact" is operated by Integrated Financial Arrangements Ltd. > 29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300. > (Registered office: as above; Registered in England and Wales under > number: 3727592). Authorised and regulated by the Financial Conduct > Authority (entered on the Financial Services Register; no. 190856). > > > ___ > Users mailing listUsers@ovirt.orghttp://lists.ovirt.org/mailman/listinfo/users > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > > There was such a bug with the bonding driver not dropping the LRO when bind to a bridge. Thanks, Edy. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] On 3.6.6, tried doing a live VM storage migration... didn't work
I know of at least one live Disk Migration issue with Multi Disk VMs. https://bugzilla.redhat.com/show_bug.cgi?id=1319400 Might be totally different but I must admit that this feature had several ups and downs the last years. Markus Am 26.05.2016 3:50 vorm. schrieb Christopher Cox: In our old 3.4 ovirt, I know I've migrated storage on live VMs and everything seemed to work. However on 3.6.6, I tried this and I saw the warning about moving storage on a live VM (it wasn't doing much of anything) and I went ahead and migrated the storage from one storage domain to another. But when it was through, even though the VM was still alive, when I tried to write to a virtual disk that was part of the move, it paused the VM saying there wasn't enough storage. I could unpause the VM, but in a few seconds, with things writing to the virtual disk, again it was paused with the same out of space message. Vdsm logs showed the enospc return code... so it made sense, it's just that the VM shows plenty of storage there. Once I rebooted the VM, everything went back to normal. So is moving storage for a live VM not supported? I guess we got lucky in our 3.4 system (?) ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. Ãber das Internet versandte E-Mails können unter fremden Namen erstellt oder manipuliert werden. Deshalb ist diese als E-Mail verschickte Nachricht keine rechtsverbindliche Willenserklärung. Collogia Unternehmensberatung AG Ubierring 11 D-50678 Köln Vorstand: Kadir Akin Dr. Michael Höhnerbach Vorsitzender des Aufsichtsrates: Hans Kristian Langva Registergericht: Amtsgericht Köln Registernummer: HRB 52 497 This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. e-mails sent over the internet may have been written under a wrong name or been manipulated. That is why this message sent as an e-mail is not a legally binding declaration of intention. Collogia Unternehmensberatung AG Ubierring 11 D-50678 Köln executive board: Kadir Akin Dr. Michael Höhnerbach President of the supervisory board: Hans Kristian Langva Registry office: district court Cologne Register number: HRB 52 497 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Changing Cluster CPU Type in a single Host with Hosted Engine environment
Hi I have the Problem that I selected the wrong CPU Type throw the setup process. Is it posible to change it without an new installation ? We have a single Host with a Hosted Engine installed. With this installation I can’t put the Host into Maintenance Mode because the Hosted Engine will run on this Host. The Version we us is 3.5.5-1 Best Regards Ralf Brändli ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Could not connect to the optimizer service
On Wed, May 25, 2016 at 7:17 PM, Martin Sivakwrote: > Hi, > > > The connection to optimizer is being done by client's browser and not the > > engine... > > I used a private network which was not accessible from the browser. > > That is exactly the case. Glad to see you were able to fix it. > Perhaps worth adding a one-liner to the oVirt website mentioning this. Y. > -- > Martin Sivak > SLA / oVirt > > > On Wed, May 25, 2016 at 5:38 PM, Kapetanakis Giannis > wrote: > > On 25/05/16 14:32, Kapetanakis Giannis wrote: > >> > >> On 25/05/16 14:28, Kapetanakis Giannis wrote: > >>> > >>> Hi, > >>> > >>> I've just setup optimizer service following > >>> > >>> > http://www.ovirt.org/develop/release-management/features/sla/optaplanner/ > >>> and > >>> https://github.com/oVirt/ovirt-optimizer > >>> > >>> I can access optimizer's interface and get the the solution result from > >>> both http and https. > >>> I can access it from both my pc and from ovirt-engine host with a > browser > >>> at url > >>> ovirt-optimizer/result/Cluster_ID > >>> > >>> However in ovirt-engine interface I see > >>> Status: Could not connect to the optimizer service [status code: 0] > >>> > >>> Also I see no connection attempt from ovirt-engine to optimizer (with > >>> logging on optimizer's firewall). > >>> > >>> Engine is loading the conf: > >>> 2016-05-25 13:54:40,395 INFO > >>> [org.ovirt.engine.ui.frontend.server.gwt.plugin.PluginDataManager] > (default > >>> task-20) [] Reading UI plugin configuration > >>> '/etc/ovirt-engine/ui-plugins/ovirt-optimizer-config.json' > >>> > >>> /etc/ovirt-engine/ui-plugins/ovirt-optimizer-config.json: > >>> "config": { "baseurl": > >>> "https://optimizer.example.com/ovirt-optimizer/result/; > >>> > >>> tried also > >>> "config": { "baseurl": > >>> "http://optimizer.example.com/ovirt-optimizer/result/; > >>> incase there was a problem with optimizer's certificate. > >>> > >>> Any ideas? How can I debug why the engine is not doing any attempt to > get > >>> optimizer's result? > >>> > >>> best regards, > >>> > >>> Giannis > >>> > >> > >> Forgot to mention versions: > >> > >> optimizer is Centos 7 ovirt-optimizer-jboss-0.9.1-2.el7.centos.noarch > >> engine is Centos 6 ovirt-engine-3.6.6.2-1.el6.noarch, > >> ovirt-optimizer-ui-0.9.1-2.el6.noarch > >> > >> G > > > > > > I think I figured this out. > > The connection to optimizer is being done by client's browser and not the > > engine... > > I used a private network which was not accessible from the browser. > > > > > > G > > ___ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] moVirt 1.4 RC1 (Android client for oVirt)
On Wed, May 25, 2016 at 6:32 PM, Michal Skrivanekwrote: > > > On 25 May 2016, at 13:50, Tomas Jelinek wrote: > > > > Hey All, > > > > the first RC of moVirt 1.4 has been released! > > > > It can be downloaded only using direct link[1] - the play store will be > upgraded after considered stable. > > > > The most important feature of this release was to enhance the dashboard > so it will look similar to the one coming to oVirt 4.0. > > Screenshot attached. > > > > Other changes: > > - Added new dashboard functionality (virtual/physical consumption, > clickable cpu/memory consumption) > > - Better UI (dashboard, adding/editing triggers) > > - Better sorting in lists > > - Memory units are now displayed correctly > > - Fixed crashing bugs when looking at hosted engine > > > > Would you like to help/contribute? > > Sure, for example you can: > > - give feedback on the new dashboard (the one from the attachment) > Looks great! > > I guess the two lists in portrait mode are truncated all the time, it > would probably make more sense to show only one column and switch hosts/vms > via real/virtual toggle > Or show the top 5 VMs and below it, the top 5 hosts. This way the text isn't cut: Most utilized VMs: abc-vm 107% def-vm 105% this-and-that-vm 44% Most utilized hosts: this-host 27% that-host 30% ... > > > - download RC [1], test it and report bugs > Small nitpick - the color of the warning icon should not be yellow if there are no warnings. Y. > > - patches are also welcome :) > > > > have a nice day, > > Tomas > > > > [1]: > https://github.com/matobet/moVirt/blob/master/moVirt/moVirt-release.apk?raw=true > ___ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Maintenance on the Mailing-Lists
On Thu, May 26, 2016 at 8:26 AM, Marc Dequènes (Duck)wrote: > Quack, > > I'm working in the OSAS team and arrived recently. Yoroshiku onegai > shimasu. > > With the oVirt infra team we're working on the Mailing-Lists. In the > past there was SPF problems leading to mails being classified as SPAM, > especially affecting GMail users. A workaround was made, but it's not > nice and history of this time was mostly lost. > > I'm then going to make some changes which I believe would work, but just > in case I'm sending this message to the main Mailing-Lists so you can > check your SPAM box and break my head on #ovirt@freenode if it fails :-). > Note that we are on #ovirt@oftc :-) > > Regards. > > > ___ > Infra mailing list > in...@ovirt.org > http://lists.ovirt.org/mailman/listinfo/infra > > -- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] One RHEV Virtual Machine does not Automatically Resume following Compellent SAN Controller Failover
On Mon, Nov 23, 2015 at 9:37 PM, Duckworth, Douglas Cwrote: > Hello -- > > Not sure if y'all can help with this issue we've been seeing with RHEV... > > On 11/13/2015, during Code Upgrade of Compellent SAN at our Disaster > Recovery Site, we Failed Over to Secondary SAN Controller. Most Virtual > Machines in our DR Cluster Resumed automatically after Pausing except VM > "BADVM" on Host "BADHOST." > > In Engine.log you can see that BADVM was sent into "VM_PAUSED_EIO" state > at 10:47:57: > > "VM BADVM has paused due to storage I/O problem." > > On this Red Hat Enterprise Virtualization Hypervisor 6.6 > (20150512.0.el6ev) Host, two other VMs paused but then automatically > resumed without System Administrator intervention... > > In our DR Cluster, 22 VMs also resumed automatically... > > None of these Guest VMs are engaged in high I/O as these are DR site VMs > not currently doing anything. > > We sent this information to Dell. Their response: > > "The root cause may reside within your virtualization solution, not the > parent OS (RHEV-Hypervisor disc) or Storage (Dell Compellent.)" > > We are doing this Failover again on Sunday November 29th so we would > like to know how to mitigate this issue, given we have to manually > resume paused VMs that don't resume automatically. > > Before we initiated SAN Controller Failover, all iSCSI paths to Targets > were present on Host tulhv2p03. > > VM logs on Host show in /var/log/libvirt/qemu/badhost.log that Storage > error was reported: > > block I/O error in device 'drive-virtio-disk0': Input/output error (5) > block I/O error in device 'drive-virtio-disk0': Input/output error (5) > block I/O error in device 'drive-virtio-disk0': Input/output error (5) > block I/O error in device 'drive-virtio-disk0': Input/output error (5) > > All disks used by this Guest VM are provided by single Storage Domain > COM_3TB4_DR with serial "270." In syslog we do see that all paths for > that Storage Domain Failed: > > Nov 13 16:47:40 multipathd: 36000d310005caf000270: remaining > active paths: 0 > > Though these recovered later: > > Nov 13 16:59:17 multipathd: 36000d310005caf000270: sdbg - > tur checker reports path is up > Nov 13 16:59:17 multipathd: 36000d310005caf000270: remaining > active paths: 8 > > Does anyone have an idea of why the VM would fail to automatically > resume if the iSCSI paths used by its Storage Domain recovered? > Look at the vdsm.log for events which libvirt emits and the actions that vdsm takes on them. One of the actions would be to unpause the VM AFAIR. If you didn't see this then QEMU/libvirt failed to propagatate the new state change or it might be deeper down the stack. If there are events there then share the vdsm logs. > > Thanks > Doug > > -- > Thanks > > Douglas Charles Duckworth > Unix Administrator > Tulane University > Technology Services > 1555 Poydras Ave > NOLA -- 70112 > > E: du...@tulane.edu > O: 504-988-9341 > F: 504-988-8505 > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Maintenance on the Mailing-Lists
Quack, I'm working in the OSAS team and arrived recently. Yoroshiku onegai shimasu. With the oVirt infra team we're working on the Mailing-Lists. In the past there was SPF problems leading to mails being classified as SPAM, especially affecting GMail users. A workaround was made, but it's not nice and history of this time was mostly lost. I'm then going to make some changes which I believe would work, but just in case I'm sending this message to the main Mailing-Lists so you can check your SPAM box and break my head on #ovirt@freenode if it fails :-). Regards. signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] One RHEV Virtual Machine does not Automatically Resume following Compellent SAN Controller Failover
What DR solution are you using? Yaniv Dary Technical Product Manager Red Hat Israel Ltd. 34 Jerusalem Road Building A, 4th floor Ra'anana, Israel 4350109 Tel : +972 (9) 7692306 8272306 Email: yd...@redhat.com IRC : ydary On Wed, Nov 25, 2015 at 1:15 PM, Simone Tiraboschiwrote: > Adding Nir who knows it far better than me. > > > On Mon, Nov 23, 2015 at 8:37 PM, Duckworth, Douglas C > wrote: > >> Hello -- >> >> Not sure if y'all can help with this issue we've been seeing with RHEV... >> >> On 11/13/2015, during Code Upgrade of Compellent SAN at our Disaster >> Recovery Site, we Failed Over to Secondary SAN Controller. Most Virtual >> Machines in our DR Cluster Resumed automatically after Pausing except VM >> "BADVM" on Host "BADHOST." >> >> In Engine.log you can see that BADVM was sent into "VM_PAUSED_EIO" state >> at 10:47:57: >> >> "VM BADVM has paused due to storage I/O problem." >> >> On this Red Hat Enterprise Virtualization Hypervisor 6.6 >> (20150512.0.el6ev) Host, two other VMs paused but then automatically >> resumed without System Administrator intervention... >> >> In our DR Cluster, 22 VMs also resumed automatically... >> >> None of these Guest VMs are engaged in high I/O as these are DR site VMs >> not currently doing anything. >> >> We sent this information to Dell. Their response: >> >> "The root cause may reside within your virtualization solution, not the >> parent OS (RHEV-Hypervisor disc) or Storage (Dell Compellent.)" >> >> We are doing this Failover again on Sunday November 29th so we would >> like to know how to mitigate this issue, given we have to manually >> resume paused VMs that don't resume automatically. >> >> Before we initiated SAN Controller Failover, all iSCSI paths to Targets >> were present on Host tulhv2p03. >> >> VM logs on Host show in /var/log/libvirt/qemu/badhost.log that Storage >> error was reported: >> >> block I/O error in device 'drive-virtio-disk0': Input/output error (5) >> block I/O error in device 'drive-virtio-disk0': Input/output error (5) >> block I/O error in device 'drive-virtio-disk0': Input/output error (5) >> block I/O error in device 'drive-virtio-disk0': Input/output error (5) >> >> All disks used by this Guest VM are provided by single Storage Domain >> COM_3TB4_DR with serial "270." In syslog we do see that all paths for >> that Storage Domain Failed: >> >> Nov 13 16:47:40 multipathd: 36000d310005caf000270: remaining >> active paths: 0 >> >> Though these recovered later: >> >> Nov 13 16:59:17 multipathd: 36000d310005caf000270: sdbg - >> tur checker reports path is up >> Nov 13 16:59:17 multipathd: 36000d310005caf000270: remaining >> active paths: 8 >> >> Does anyone have an idea of why the VM would fail to automatically >> resume if the iSCSI paths used by its Storage Domain recovered? >> >> Thanks >> Doug >> >> -- >> Thanks >> >> Douglas Charles Duckworth >> Unix Administrator >> Tulane University >> Technology Services >> 1555 Poydras Ave >> NOLA -- 70112 >> >> E: du...@tulane.edu >> O: 504-988-9341 >> F: 504-988-8505 >> ___ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >> > > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users