Re: [ovirt-users] iSCSI Multipathing -> host inactive
Currently, your host is connected through a single initiator, the 'Default' interface (Iface Name: default), to 2 targets: tgta and tgtb (Target: iqn.2005-10.org.freenas.ctl:tgta and Target: iqn.2005-10.org.freenas.ctl:tgtb). Hence, each LUN is exposed from the storage server via 2 paths. Since the connection to the storage is done via the 'Default' interface and not via the 2 iSCSI networks you've configured, currently, the iSCSI bond is not operational. For the iSCSI bond to be operational, you'll have to do the following: - Create 2 networks in RHEVM under the relevant cluster (not sure if you've already did it) - iSCSI1 and iSCSI2 . Configure both networks to be non-required networks for the cluster (should be also non-VM networks). - Attach the networks to the host's 2 interfaces using hosts Setup-networks. - Create a new iSCSI bond / modify the bond you've created and pick the 2 newly created networks along with all storage targets. Make sure that the Default network is not part of the bond (usually, the Default network is the management one - 'ovirtmgmt'). - Put the host in maintenance and re-activate it so the iSCSI sessions will be refreshed with the new connection specifications. Please let me know if it works for you. Elad On Tue, Aug 16, 2016 at 9:26 AM, Uwe Laverenz wrote: > Hi, > > Am 15.08.2016 um 16:53 schrieb Elad Ben Aharon: > > Is the iSCSI domain that supposed to be connected through the bond the >> current master domain? >> > > No, it isn't. An NFS share is the master domain. > > > Also, can you please provide the output of 'iscsiadm -m session -P3' ? >> > > Yes, of course (meanwhile I have switched to 2 targets, 1 per portal). > This is _without_ iSCSI-Bond: > > [root@ovh01 ~]# iscsiadm -m session -P3 > iSCSI Transport Class version 2.0-870 > version 6.2.0.873-33.2 > Target: iqn.2005-10.org.freenas.ctl:tgta (non-flash) > Current Portal: 10.0.131.121:3260,257 > Persistent Portal: 10.0.131.121:3260,257 > ** > Interface: > ** > Iface Name: default > Iface Transport: tcp > Iface Initiatorname: iqn.1994-05.com.redhat:cda91b279ac5 > Iface IPaddress: 10.0.131.122 > Iface HWaddress: > Iface Netdev: > SID: 34 > iSCSI Connection State: LOGGED IN > iSCSI Session State: LOGGED_IN > Internal iscsid Session State: NO CHANGE > * > Timeouts: > * > Recovery Timeout: 5 > Target Reset Timeout: 30 > LUN Reset Timeout: 30 > Abort Timeout: 15 > * > CHAP: > * > username: > password: > username_in: > password_in: > > Negotiated iSCSI params: > > HeaderDigest: None > DataDigest: None > MaxRecvDataSegmentLength: 262144 > MaxXmitDataSegmentLength: 131072 > FirstBurstLength: 131072 > MaxBurstLength: 16776192 > ImmediateData: Yes > InitialR2T: Yes > MaxOutstandingR2T: 1 > > Attached SCSI devices: > > Host Number: 44 State: running > scsi44 Channel 00 Id 0 Lun: 0 > Attached scsi disk sdf State: running > scsi44 Channel 00 Id 0 Lun: 1 > Attached scsi disk sdg State: running > scsi44 Channel 00 Id 0 Lun: 2 > Attached scsi disk sdh State: running > scsi44 Channel 00 Id 0 Lun: 3 > Attached scsi disk sdi State: running > Target: iqn.2005-10.org.freenas.ctl:tgtb (non-flash) > Current Portal: 10.0.132.121:3260,258 > Persistent Portal: 10.0.132.121:3260,258 > ** > Interface: > ** > Iface Name: default > Iface Transport: tcp > Iface Initiatorname: iqn.1994-05.com.redhat:cda91b279ac5 > Iface IPaddress: 10.0.132.122 > Iface HWaddress: > Iface Netdev: > SID: 35 > iSCSI Connection State: LOGGED IN > iSCSI Session State: LOGGED_IN > Internal iscsid Session State: NO CHANGE > * > Timeouts: > * > Recovery Timeout: 5 > Target Reset Timeout: 30 >
Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/
It does have logs, filenames "hide" real data. You should reveal logs and what each file is and which exact commands you were executing. Vague statements won't help much. It does work for me, there much be something strange in your setup but we cannot know what without details. j. - Original Message - From: "aleksey maksimov" To: "Jiri Belka" Cc: "users" Sent: Monday, August 15, 2016 6:18:48 PM Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/ I tried a version of Nicolás. No success :(( 1) I create full bundle cert file: # cat /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/apache-ca.pem > /etc/pki/ovirt-engine/certs/apache-with-ca.cer # openssl verify /etc/pki/ovirt-engine/certs/apache-with-ca.cer /etc/pki/ovirt-engine/certs/apache-with-ca.cer: OK 2) I changed config file: # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf PROXY_PORT=6100 SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache-with-ca.cer SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass SSL_ONLY=True FORCE_DATA_VERIFICATION=False 3) I restarted the service # service ovirt-websocket-proxy restart Problem still exists :( Any ideas how to trablshut problem? 14.08.2016, 08:59, "aleksey.maksi...@it-kb.ru" : > Hi Jiri. > But your variant does not work, too > > # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf > PROXY_PORT=6100 > SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem > SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass > CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer > SSL_ONLY=True > > Some error: > WebSocket error: Can't connect to websocket on URL: > wss://ovirt.engine.fqdn:6100/eyJ...0=[object Event] > > any ideas how to trablshut problem? > > 14.08.2016, 01:53, "Jiri Belka" : >> I have different files for those variables, maybe this is the case? >> >> Review again. >> >> j. >> >> - Original Message - >> From: "aleksey maksimov" >> To: "Jiri Belka" >> Cc: "users" >> Sent: Saturday, August 13, 2016 4:57:45 PM >> Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE >> HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: >> wss://ovirt.engine.fqdn:6100/ >> >> I changed my file >> /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf to: >> >> PROXY_PORT=6100 >> #SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/websocket-proxy.cer >> #SSL_KEY=/etc/pki/ovirt-engine/keys/websocket-proxy.key.nopass >> #CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer >> SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer >> SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass >> CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/apache-ca.pem >> SSL_ONLY=True >> >> ...and restart HostedEngine VM. >> Problem still exists. >> >> 13.08.2016, 17:52, "aleksey.maksi...@it-kb.ru" : >>> It does not work for me. any ideas? >>> >>> 02.08.2016, 17:22, "Jiri Belka" : This works for me: # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf PROXY_PORT=6100 SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer SSL_ONLY=True - Original Message - From: "aleksey maksimov" To: "users" Sent: Monday, August 1, 2016 12:13:38 PM Subject: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/ Hello oVirt guru`s ! I have successfully replaced the oVirt 4 site SSL-certificate according to the instructions from "Replacing oVirt SSL Certificate" section in "oVirt Administration Guide" http://www.ovirt.org/documentation/admin-guide/administration-guide/ 3 files have been replaced: /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/keys/apache.key.nopass /etc/pki/ovirt-engine/apache-ca.pem Now the oVirt site using my certificate and everything works fine, but when I try to use SPICE HTML5 browser client in Firefox or Chrome I see a gray screen and message under the button "Toggle messages output": WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/eyJ...0=[object Event] Before replacing certificates SPICE HTML5 browser client works. Native SPICE client works fine. Tell me what to do with SPICE HTML5 browser client? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users __
Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/
Jiri, I did not hide information. Tell me what the log file should show and I will show 16.08.2016, 10:29, "Jiri Belka" : > It does have logs, filenames "hide" real data. > > You should reveal logs and what each file is and > which exact commands you were executing. > > Vague statements won't help much. It does work for me, > there much be something strange in your setup but we > cannot know what without details. > > j. > > - Original Message - > From: "aleksey maksimov" > To: "Jiri Belka" > Cc: "users" > Sent: Monday, August 15, 2016 6:18:48 PM > Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE > HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: > wss://ovirt.engine.fqdn:6100/ > > I tried a version of Nicolás. > No success :(( > > 1) I create full bundle cert file: > > # cat /etc/pki/ovirt-engine/certs/apache.cer > /etc/pki/ovirt-engine/apache-ca.pem > > /etc/pki/ovirt-engine/certs/apache-with-ca.cer > # openssl verify /etc/pki/ovirt-engine/certs/apache-with-ca.cer > > /etc/pki/ovirt-engine/certs/apache-with-ca.cer: OK > > 2) I changed config file: > > # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf > > PROXY_PORT=6100 > SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache-with-ca.cer > SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass > SSL_ONLY=True > FORCE_DATA_VERIFICATION=False > > 3) I restarted the service > > # service ovirt-websocket-proxy restart > > Problem still exists :( > Any ideas how to trablshut problem? > > 14.08.2016, 08:59, "aleksey.maksi...@it-kb.ru" : >> Hi Jiri. >> But your variant does not work, too >> >> # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf >> PROXY_PORT=6100 >> SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem >> SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass >> CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer >> SSL_ONLY=True >> >> Some error: >> WebSocket error: Can't connect to websocket on URL: >> wss://ovirt.engine.fqdn:6100/eyJ...0=[object Event] >> >> any ideas how to trablshut problem? >> >> 14.08.2016, 01:53, "Jiri Belka" : >>> I have different files for those variables, maybe this is the case? >>> >>> Review again. >>> >>> j. >>> >>> - Original Message - >>> From: "aleksey maksimov" >>> To: "Jiri Belka" >>> Cc: "users" >>> Sent: Saturday, August 13, 2016 4:57:45 PM >>> Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE >>> HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: >>> wss://ovirt.engine.fqdn:6100/ >>> >>> I changed my file >>> /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf to: >>> >>> PROXY_PORT=6100 >>> #SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/websocket-proxy.cer >>> #SSL_KEY=/etc/pki/ovirt-engine/keys/websocket-proxy.key.nopass >>> #CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer >>> SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer >>> SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass >>> CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/apache-ca.pem >>> SSL_ONLY=True >>> >>> ...and restart HostedEngine VM. >>> Problem still exists. >>> >>> 13.08.2016, 17:52, "aleksey.maksi...@it-kb.ru" >>> : It does not work for me. any ideas? 02.08.2016, 17:22, "Jiri Belka" : > This works for me: > > # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf > PROXY_PORT=6100 > SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem > SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass > CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer > SSL_ONLY=True > > - Original Message - > From: "aleksey maksimov" > To: "users" > Sent: Monday, August 1, 2016 12:13:38 PM > Subject: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE > HTML5 browser client -> WebSocket error: Can't connect to websocket on > URL: wss://ovirt.engine.fqdn:6100/ > > Hello oVirt guru`s ! > > I have successfully replaced the oVirt 4 site SSL-certificate > according to the instructions from "Replacing oVirt SSL Certificate" > section in "oVirt Administration Guide" > http://www.ovirt.org/documentation/admin-guide/administration-guide/ > > 3 files have been replaced: > > /etc/pki/ovirt-engine/certs/apache.cer > /etc/pki/ovirt-engine/keys/apache.key.nopass > /etc/pki/ovirt-engine/apache-ca.pem > > Now the oVirt site using my certificate and everything works fine, > but when I try to use SPICE HTML5 browser client in Firefox or Chrome I > see a gray screen and message under the button "Toggle messages output": > > WebSocket error: Can't connect to websocket on URL: > wss://ovirt.engine.fqdn:6100/eyJ...0=[object Event] >>>
Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/
So, I used this for my own ca test: OWN CA AND OWN ENGINE KEY/CRT = 0> CA # awk '/my-/ || $1 ~ /^[^#]*_default/' /etc/pki/tls/openssl.cnf certificate = $dir/my-ca.crt# The CA certificate crl = $dir/my-ca.crl# The current CRL private_key = $dir/private/my-ca.key # The private key countryName_default = CZ stateOrProvinceName_default = Jihomoravsky kraj localityName_default= Brno 0.organizationName_default = Shoot them in the head, s. r. o. touch /etc/pki/CA/index.txt echo 01 > /etc/pki/CA/serial cd /etc/pki/CA (umask 077 ; openssl genrsa -out private/my-ca.key -des3 2048 ) openssl req -new -x509 -key private/my-ca.key -days 365 > my-ca.crt 0> engine cert openssl genrsa -out my-engine.key 4096 openssl req -new -out my-engine.csr -key my-engine.key openssl ca -in my-engine.csr -out my-engine.crt # use 'mypass' for p12 bundle export !!! openssl pkcs12 -export -out my-engine.p12 -inkey my-engine.key -in my-engine.crt -chain -CAfile /etc/pki/CA/my-ca.crt 0> existing engine keys/certs/p12 replacement (follow $engine_url/ovirt-engine/docs/manual/en_US/html/Administration_Guide/appe-Red_Hat_Enterprise_Virtualization_and_SSL.html) rm -f /etc/pki/ovirt-engine/apache-ca.pem cp my-engine.crt /etc/pki/ovirt-engine/apache-ca.pem cp my-engine.p12 /etc/pki/ovirt-engine/keys/apache.p12 openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nocerts -nodes > /etc/pki/ovirt-engine/keys/apache.key.nopass openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nokeys > /etc/pki/ovirt-engine/certs/apache.cer install -o ovirt -g ovirt -m 600 /dev/null /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf # 'changeit' is default java truststore pass on EL cat > /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf << EOF ENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts" ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="changeit" EOF 0> add custom CA into system truststore after backup cp /etc/pki/CA/my-ca.crt /etc/pki/ca-trust/source/anchors/CA.crt update-ca-trust 0> check if system truststore knows about custom CA openssl x509 -in /etc/pki/ca-trust/source/anchors/CA.crt -fingerprint -sha1 -noout # 'changeit' is default java truststore pass on EL keytool -list -keystore /etc/pki/java/cacerts -storepass changeit | grep "$( openssl x509 -in /etc/pki/ca-trust/source/anchors/CA.crt -fingerprint -sha1 -noout | sed -e '/SHA1/s/.*=//;' )" grep -IR "$(sed -n '2p' /etc/pki/ca-trust/source/anchors/CA.crt)" /etc/pki/ca-trust/extracted/ 0> engine-setup pki configuration check engine-setup # see if 'PKI CONFIGURATION' section passed without errors (doctext here https://bugzilla.redhat.com/show_bug.cgi?id=1336838) And this for websocket proxy: # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf PROXY_PORT=6100 SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer SSL_ONLY=True You can start manually websocket proxy: /usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.py --help Usage: ovirt-websocket-proxy.py [options] start Options: -h, --help show this help message and exit -d, --debugdebug mode --pidfile=FILE pid file to use --background Go into the background --systemd=SYSTEMD Systemd type simple|notify --redirect-output Redirect output of daemon It is also handy to do: openssl s_client -connect $websocketproxy_host:6100 j. - Original Message - From: "aleksey maksimov" To: "Jiri Belka" Cc: "users" Sent: Tuesday, August 16, 2016 9:33:54 AM Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/ Jiri, I did not hide information. Tell me what the log file should show and I will show 16.08.2016, 10:29, "Jiri Belka" : > It does have logs, filenames "hide" real data. > > You should reveal logs and what each file is and > which exact commands you were executing. > > Vague statements won't help much. It does work for me, > there much be something strange in your setup but we > cannot know what without details. > > j. > > - Original Message - > From: "aleksey maksimov" > To: "Jiri Belka" > Cc: "users" > Sent: Monday, August 15, 2016 6:18:48 PM > Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE > HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: > wss://ovirt.engine.fqdn:6100/ > > I tried a version of Nicolás. > No success :(( > > 1) I create full bundle cert file: > > # cat /etc/pki/ovirt-engine/certs/apache.cer > /etc/pki/ovirt-engine/apache-ca.pem > > /etc/pki/ovirt-engine/certs/apache-with-ca.cer > # openssl verify /etc/pki/ovirt-engine/certs/apache-with-ca.cer > > /etc/pki/ovirt-engine/certs/apache-with-c
Re: [ovirt-users] iSCSI Multipathing -> host inactive
Hi, Am 16.08.2016 um 09:26 schrieb Elad Ben Aharon: Currently, your host is connected through a single initiator, the 'Default' interface (Iface Name: default), to 2 targets: tgta and tgtb I see what you mean, but the "Iface Name" is somewhat irritating here, it does not mean that the wrong interface (ovirtmgmt) is used. If you have a look at "Iface IPaddress" for both you can see that the correct, dedicated interfaces are used: Iface IPaddress: 10.0.131.122 (iSCSIA network) Iface IPaddress: 10.0.132.122 (iSCSIB network) (Target: iqn.2005-10.org.freenas.ctl:tgta and Target: iqn.2005-10.org.freenas.ctl:tgtb). Hence, each LUN is exposed from the storage server via 2 paths. Since the connection to the storage is done via the 'Default' interface and not via the 2 iSCSI networks you've configured, currently, the iSCSI bond is not operational. Please see above. The storage servers iSCSI-addresses aren't even reachable from the ovirtmgmt net, they are in completely isolated networks. For the iSCSI bond to be operational, you'll have to do the following: - Create 2 networks in RHEVM under the relevant cluster (not sure if you've already did it) - iSCSI1 and iSCSI2 . Configure both networks to be non-required networks for the cluster (should be also non-VM networks). - Attach the networks to the host's 2 interfaces using hosts Setup-networks. - Create a new iSCSI bond / modify the bond you've created and pick the 2 newly created networks along with all storage targets. Make sure that the Default network is not part of the bond (usually, the Default network is the management one - 'ovirtmgmt'). - Put the host in maintenance and re-activate it so the iSCSI sessions will be refreshed with the new connection specifications. This is exactly what I did, expect that I had to add the iSCSI-storage first, otherwise the "iSCSI Multipathing" tab does not appear in the data center section. I configured an iSCSI-Bond and the problem seems to be that it leads to conflicting iSCSI-settings on the host. The host uses the very same interface twice only with different "IFace Name": iSCSIA: Iface Name: default Iface Transport: tcp Iface Initiatorname: iqn.1994-05.com.redhat:cda91b279ac5 Iface IPaddress: 10.0.131.122 Iface Name: enp9s0f0 Iface Transport: tcp Iface Initiatorname: iqn.1994-05.com.redhat:cda91b279ac5 Iface IPaddress: 10.0.131.122 iSCSIB: Iface Name: default Iface Transport: tcp Iface Initiatorname: iqn.1994-05.com.redhat:cda91b279ac5 Iface IPaddress: 10.0.132.122 Iface Name: enp9s0f1 Iface Transport: tcp Iface Initiatorname: iqn.1994-05.com.redhat:cda91b279ac5 Iface IPaddress: 10.0.132.122 I guess this is the reason why the host has problems to attach the storage domain, it toggles all storage domains on and off all the time. Thank you, Uwe ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] iSCSI Multipathing -> host inactive
Please be sure that ovirtmgmt is not part of the iSCSI bond. It does seem to have a conflict between default and enp9s0f0 / enp9s0f1. Try to put the host in maintenance and then delete the iscsi nodes using 'iscsiadm -m node -o delete'. Then activate the host. Thanks, Elad ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] qos problem in ovirt python sdk
+yzaspitsk, danken yzaspitsk isn't an empty network qos means unlimited? Anyhow, you can meanwhile, simply create a new network qos that is unlimited, and update profile1 to point to it. On 16 August 2016 at 04:52, like...@cs2c.com.cn wrote: > Hello, > > I'm using ovirt3.6.7, and i want to use QoS function by restapi. But i > fount i can't update the qos to unlimited. > For example, i assigned a qos named qos1 to a vnic profile named > vprofile1, then i want to set the qos of vprofile1 to unlimited, > so i set the qos to None in sdk when update vnic profile, but after update > the vnic profile still has qos named qos1. > > So, how should i do if i want to set qos of a vnic profile to unlimited? > > Look forward to your help! > Thanks > > -- > like...@cs2c.com.cn > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] oVirt 4 + Foreman
Hi, has anybody been able to configure Foreman with oVirt 4 ? When trying to add Foreman as an external provider and test the login it always return : Failed to communicate with the external provider, see log for additional details. On the Foreman side i get an SSO failed in the log, the user and password entered are correct. Running version: oVirt Engine Version: 4.0.2.6-1.el7.centos Foreman Version 1.12.1 Please find the log extract attached. Thanks for any help/hint. Regards, Arsène 2016-08-16 11:49:16 [app] [I] Started GET "/api/v2" for 10.0.10.10 at 2016-08-16 11:49:16 +0200 2016-08-16 11:49:16 [app] [I] Processing by Api::V2::HomeController#index as JSON 2016-08-16 11:49:16 [app] [I] Parameters: {"apiv"=>"v2", "home"=>{}} 2016-08-16 11:49:16 [app] [W] SSO failed 2016-08-16 11:49:16 [app] [I] Rendered api/v2/errors/unauthorized.json.rabl within api/v2/layouts/error_layout (0.7ms) 2016-08-16 11:49:16 [app] [I] Filter chain halted as :authorize rendered or redirected 2016-08-16 11:49:16 [app] [I] Completed 401 Unauthorized in 7ms (Views: 1.7ms | ActiveRecord: 0.4ms) 2016-08-16 11:49:16,555 INFO [org.ovirt.engine.core.bll.provider.ImportProviderCertificateCommand] (default task-54) [6ebc2789] Running command: ImportProviderCertificateCommand internal: false. Entities affected : ID: aaa0----123456789aaa Type: SystemAction group CREATE_STORAGE_POOL with role type ADMIN 2016-08-16 11:49:16,561 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-54) [6ebc2789] Correlation ID: 6ebc2789, Call Stack: null, Custom Event ID: -1, Message: Certificate for provider spfy-dep was imported. (User: admin@internal-authz) 2016-08-16 11:49:16,623 INFO [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default task-55) [5957d23b] Running command: TestProviderConnectivityCommand internal: false. Entities affected : ID: aaa0----123456789aaa Type: SystemAction group CREATE_STORAGE_POOL with role type ADMIN 2016-08-16 11:49:16,892 ERROR [org.ovirt.engine.core.bll.host.provider.foreman.ForemanHostProviderProxy] (default task-55) [5957d23b] Exception is Server returned HTTP response code: 401 for URL: https://spfy-dep.host.sapify.ch:443/api/v2 2016-08-16 11:49:16,894 ERROR [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default task-55) [5957d23b] Command 'org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand' failed: EngineException: Server returned HTTP response code: 401 for URL: https://spfy-dep.host.sapify.ch:443/api/v2 (Failed with error PROVIDER_FAILURE and code 5050) 2016-08-16 11:49:17,933 INFO [org.ovirt.engine.core.vdsbroker.gluster.GlusterTasksListVDSCommand] (DefaultQuartzScheduler3) [54983ac1] START, GlusterTasksListVDSCommand(HostName = spfy-hw02, VdsIdVDSCommandParametersBase:{runAsync='true', hostId='d36d9aff-a953-466b-bdf7-70ba4f63e180'}), log id: 2f34cd01 2016-08-16 11:49:18,096 INFO [org.ovirt.engine.core.vdsbroker.gluster.GlusterTasksListVDSCommand] (DefaultQuartzScheduler3) [54983ac1] FINISH, GlusterTasksListVDSCommand, return: [], log id: 2f34cd01 2016-08-16 11:49:19,122 INFO [org.ovirt.engine.core.vdsbroker.monitoring.VmsStatisticsFetcher] (DefaultQuartzScheduler10) [a6e01a6] Fetched 1 VMs from VDS 'e84a42c6-322f-43e2-b52a-4faf41953ba7' ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] oVirt 4.0 and multipath.conf for HPE 3PAR. What do you advise?
Nir Soffer, thank you very much for your explanation. Trick with "# VDSM PRIVATE" works great. 14.08.2016, 14:22, "Nir Soffer" : > On Sat, Aug 13, 2016 at 4:03 PM, wrote: >> Hello, oVirt guru's ! >> >> I installed oVirt 4.0 on several servers HP ProLiant DL360 G5 with >> QLogic/Emulex 4G dual-port HBAs. >> These servers have multipath connection to the storage system HP 3PAR 7200. >> >> Before installing oVirt to servers I set up the configuration file >> /etc/multipath.conf according to the vendor recommendations from document >> "HPE 3PAR Red Hat Enterprise Linux and Oracle Linux Implementation Guide >> (emr_na-c04448818-9.pdf)" >> >> https://blog.it-kb.ru/2016/06/12/configuring-device-mapper-multipathing-dm-multipat-mpio-in-centos-linux-7-2-with-emulex-and-qlogic-fc-hba-connecting-over-san-storage-hp-3par-7200-3par-os-3-2-2/ >> >> Before installing oVirt my multipath.conf was the: >> >> ---> start of /etc/multipath.conf <- >> >> defaults { >> polling_interval 10 > > This will cause delays in path checking, better use the default from vdsm conf > >> user_friendly_names no >> find_multipaths yes > > This ensures that devices with single path will not be detected by ovirt, > unless > the device is listed in the "multipaths" section. This means you will have to > update multipath.conf manually on all hosts each time you want to add > a new device. > It is recommended to keep the default from vdsm.conf > >> } >> blacklist { >> devnode "^cciss\/c[0-9]d[0-9]*" > > Not sure why you need this, but this seems harmless > >> } >> multipaths { >> multipath { >> wwid 360002ac00016cec9 >> alias 3par-vv2 >> } >> multipath { >> wwid 360002ac00017cec9 >> alias 3par-vv1 >> } >> } >> devices { >> device { >> vendor "3PARdata" >> product "VV" >> path_grouping_policy group_by_prio >> path_selector "round-robin 0" >> path_checker tur >> features "0" >> hardware_handler "1 alua" >> prio alua >> failback immediate >> rr_weight uniform >> no_path_retry 18 > > This means 18 retries, and with polling internal of 10 seconds, 180 second > timeout when all paths has become faulty. This will cause long timeouts in > various vdsm operations, leading to timeouts on engine side, and also > increase the chance of a host becoming non-operational because of delay > in storage monitoring. > > It is recommended to use small number of retries, like 4, to avoid long delays > in vdsm. > >> rr_min_io_rq 1 >> detect_prio yes >> } >> } >> ---> end of /etc/multipath.conf <- >> >> But after installing oVirt file multipath.conf has changed to: >> >> ---> start of /etc/multipath.conf <- >> defaults { >> polling_interval 5 >> no_path_retry fail > > You can change this to small number like 4, to match other configuration. > >> user_friendly_names no >> flush_on_last_del yes >> fast_io_fail_tmo 5 >> dev_loss_tmo 30 >> max_fds 4096 > > You should keep these values, unless the storage vendor has > a good reason to change them. > >> } >> devices { >> device { >> all_devs yes >> no_path_retry fail > > I would change this to: > > no_path_retry 4 > >> } >> } >> ---> end of /etc/multipath.conf <- >> >> Now I'm not sure that this configuration is optimal. What do you advise? > > 1. Add your changes to the file created by vdsm > 2. Update no_path_retry to small number (e.g 4) > 3. Add "# VDSM PRIVATE" to the second line - the first 2 lines should be: > > # VDSM REVISION 1.2 > # VDSM PRIVATE > > With the "# VDSM PRIVATE" tag, vdsm will never overwrite multipath.conf. > You need to update this file on all hosts manually. > > 4. Copy multipath.conf to all hosts > 5. Reload multipathd on all hosts: > > systemctl reload multipathd > > Nir ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] oVirt-shell command to move a disk
Hi, any news on the subject? How do other users move many disks between storage domains? I believe not many people use quotas though.. On 13. 07. 2016 13:38, Juan Hernández wrote: On 07/13/2016 10:30 AM, Jure Kranjc wrote: On 01. 12. 2014 14:40, Nicolas Ecarnot wrote: Le 01/12/2014 13:23, Juan Hernández a écrit : On 12/01/2014 12:51 PM, Michael Pasternak wrote: not sure what sdk version 3.4.4 is, but according to log, latest official for 3.4 is 3.4.1.1-1 (make you have it installed) There are two issues here. First is that the "move" disk operation on the top level collection isn't correctly documented in the RSDL metadata. As a result the Python SDK and the CLI don't support this operation. You can however use the same operation in the context of the VM: # action disk {disk:id} move --vm-identifier {vm:id} --storage_domain-name={storagedomain:name} Please open a bug requesting a fix for this. Done! https://bugzilla.redhat.com/show_bug.cgi?id=1169376 The other issue is that the 3.4 version doesn't support specifying disks by alias, only by id. This has been fixed in 3.5. So, all in all, at the moment you will need a command like this: # action disk c6aab66a-b551-4cc5-8628-efe9622c0dce move --vm-identifier myvm --storage_domain-name mysd Your workaround is working : thank you. Hi, i know this is an old thread but i need to move a bunch of disks from one storage domain to another. I am unable to move disks with ovirt-shell as it seems it does not support moving disks when quota enabled and enforced on datacenter. Is that correct? Any help appreciated. ovirt shell action disk 689ce8fe-0d40-47e1-a933-7bae5ed0812b move --storage_domain-name NLSAS_PRIM status: 400 reason: Bad Request detail: Cannot move Virtual Machine Disk. Quota is not valid. I can move disks normally via webadmin. Using ovirt-engine-cli-3.6.2.0-1.fc23.noarch, ovirt-engine-3.5.6.2-1.el6.noarch Doron, Roy, internally the API uses the "MoveDisks" command to move the disks, and that action is marked as "QuotaDependency.STORAGE". Is that correct? Can you take a look? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] HostedEngine with HA
On Sun, 2016-08-14 at 14:22 +0300, Roy Golan wrote: > > > On 12 August 2016 at 20:23, Carlos Rodrigues > wrote: > > Hello, > > > > I have one cluster with two hosts with power management correctly > > configured and one virtual machine with HostedEngine over shared > > storage with FiberChannel. > > > > When i shutdown the network of host with HostedEngine VM, it > > should be > > possible the HostedEngine VM migrate automatically to another host? > > > migrate on which network? > > > What is the expected behaviour on this HA scenario? > > After a few minutes your vm will be shutdown by the High Availability > agent, as it can't see network, and started on another host. I'm testing this scenario and after shutdown network, it should be expected that agent shutdown ha and started on another host, but after couple minutes nothing happens and on host with network we getting the following messages: Aug 16 11:44:08 ied-blade11.install.eurotux.local ovirt-ha-agent[2779]: ovirt-ha-agent ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine.config ERROR Unable to get vm.conf from OVF_STORE, falling back to initial vm.conf I think the HA agent its trying to get vm configuration but some how it can't get vm.conf to start VM. Regards, Carlos Rodrigues > > > > Regards, > > > > -- > > Carlos Rodrigues > > > > Engenheiro de Software Sénior > > > > Eurotux Informática, S.A. | www.eurotux.com > > (t) +351 253 680 300 (m) +351 911 926 110 > > > > ___ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > > -- Carlos Rodrigues Engenheiro de Software Sénior Eurotux Informática, S.A. | www.eurotux.com (t) +351 253 680 300 (m) +351 911 926 110 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/
Thank you, Jiri ! I did everything step by step and SPICE HTML5 browser client now works. 16.08.2016, 10:46, "Jiri Belka" : > So, > > I used this for my own ca test: > > OWN CA AND OWN ENGINE KEY/CRT > = > > 0> CA > > # awk '/my-/ || $1 ~ /^[^#]*_default/' /etc/pki/tls/openssl.cnf > certificate = $dir/my-ca.crt # The CA certificate > crl = $dir/my-ca.crl # The current CRL > private_key = $dir/private/my-ca.key # The private key > countryName_default = CZ > stateOrProvinceName_default = Jihomoravsky kraj > localityName_default = Brno > 0.organizationName_default = Shoot them in the head, s. r. o. > > touch /etc/pki/CA/index.txt > echo 01 > /etc/pki/CA/serial > cd /etc/pki/CA > (umask 077 ; openssl genrsa -out private/my-ca.key -des3 2048 ) > openssl req -new -x509 -key private/my-ca.key -days 365 > my-ca.crt > > 0> engine cert > > openssl genrsa -out my-engine.key 4096 > openssl req -new -out my-engine.csr -key my-engine.key > openssl ca -in my-engine.csr -out my-engine.crt > # use 'mypass' for p12 bundle export !!! > openssl pkcs12 -export -out my-engine.p12 -inkey my-engine.key -in > my-engine.crt -chain -CAfile /etc/pki/CA/my-ca.crt > > 0> existing engine keys/certs/p12 replacement > > (follow > $engine_url/ovirt-engine/docs/manual/en_US/html/Administration_Guide/appe-Red_Hat_Enterprise_Virtualization_and_SSL.html) > > rm -f /etc/pki/ovirt-engine/apache-ca.pem > cp my-engine.crt /etc/pki/ovirt-engine/apache-ca.pem > cp my-engine.p12 /etc/pki/ovirt-engine/keys/apache.p12 > openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nocerts -nodes > > /etc/pki/ovirt-engine/keys/apache.key.nopass > openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nokeys > > /etc/pki/ovirt-engine/certs/apache.cer > install -o ovirt -g ovirt -m 600 /dev/null > /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf > # 'changeit' is default java truststore pass on EL > cat > /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf << EOF > ENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts" > ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="changeit" > EOF > > 0> add custom CA into system truststore after backup > > cp /etc/pki/CA/my-ca.crt /etc/pki/ca-trust/source/anchors/CA.crt > update-ca-trust > > 0> check if system truststore knows about custom CA > > openssl x509 -in /etc/pki/ca-trust/source/anchors/CA.crt -fingerprint -sha1 > -noout > # 'changeit' is default java truststore pass on EL > keytool -list -keystore /etc/pki/java/cacerts -storepass changeit | grep "$( > openssl x509 -in /etc/pki/ca-trust/source/anchors/CA.crt -fingerprint -sha1 > -noout | sed -e '/SHA1/s/.*=//;' )" > grep -IR "$(sed -n '2p' /etc/pki/ca-trust/source/anchors/CA.crt)" > /etc/pki/ca-trust/extracted/ > > 0> engine-setup pki configuration check > > engine-setup # see if 'PKI CONFIGURATION' section passed without errors > > (doctext here https://bugzilla.redhat.com/show_bug.cgi?id=1336838) > > And this for websocket proxy: > > # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf > PROXY_PORT=6100 > SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem > SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass > CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer > SSL_ONLY=True > > You can start manually websocket proxy: > > /usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.py > --help > Usage: ovirt-websocket-proxy.py [options] start > > Options: > -h, --help show this help message and exit > -d, --debug debug mode > --pidfile=FILE pid file to use > --background Go into the background > --systemd=SYSTEMD Systemd type simple|notify > --redirect-output Redirect output of daemon > > It is also handy to do: > > openssl s_client -connect $websocketproxy_host:6100 > > j. > > - Original Message - > From: "aleksey maksimov" > To: "Jiri Belka" > Cc: "users" > Sent: Tuesday, August 16, 2016 9:33:54 AM > Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE > HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: > wss://ovirt.engine.fqdn:6100/ > > Jiri, I did not hide information. Tell me what the log file should show and I > will show > > 16.08.2016, 10:29, "Jiri Belka" : >> It does have logs, filenames "hide" real data. >> >> You should reveal logs and what each file is and >> which exact commands you were executing. >> >> Vague statements won't help much. It does work for me, >> there much be something strange in your setup but we >> cannot know what without details. >> >> j. >> >> - Original Message - >> From: "aleksey maksimov" >> To: "Jiri Belka" >> Cc: "users" >> Sent: Monday, August 15, 2016 6:18:48 PM >> Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE >> HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: >> wss://ovirt.engine.fqdn:6100/ >> >> I tried a version of Nicolás. >> No success :(( >> >> 1) I create full bundl
Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/
IMO you "owe" explanation what was wrong, so other users could learn from your mistakes and this mailing-list archive would thus be beneficial for them when searching for help ;) Anyway, that's great news! j. - Original Message - From: "aleksey maksimov" To: "Jiri Belka" Cc: "users" Sent: Tuesday, August 16, 2016 2:59:21 PM Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/ Thank you, Jiri ! I did everything step by step and SPICE HTML5 browser client now works. 16.08.2016, 10:46, "Jiri Belka" : > So, > > I used this for my own ca test: > > OWN CA AND OWN ENGINE KEY/CRT > = > > 0> CA > > # awk '/my-/ || $1 ~ /^[^#]*_default/' /etc/pki/tls/openssl.cnf > certificate = $dir/my-ca.crt # The CA certificate > crl = $dir/my-ca.crl # The current CRL > private_key = $dir/private/my-ca.key # The private key > countryName_default = CZ > stateOrProvinceName_default = Jihomoravsky kraj > localityName_default = Brno > 0.organizationName_default = Shoot them in the head, s. r. o. > > touch /etc/pki/CA/index.txt > echo 01 > /etc/pki/CA/serial > cd /etc/pki/CA > (umask 077 ; openssl genrsa -out private/my-ca.key -des3 2048 ) > openssl req -new -x509 -key private/my-ca.key -days 365 > my-ca.crt > > 0> engine cert > > openssl genrsa -out my-engine.key 4096 > openssl req -new -out my-engine.csr -key my-engine.key > openssl ca -in my-engine.csr -out my-engine.crt > # use 'mypass' for p12 bundle export !!! > openssl pkcs12 -export -out my-engine.p12 -inkey my-engine.key -in > my-engine.crt -chain -CAfile /etc/pki/CA/my-ca.crt > > 0> existing engine keys/certs/p12 replacement > > (follow > $engine_url/ovirt-engine/docs/manual/en_US/html/Administration_Guide/appe-Red_Hat_Enterprise_Virtualization_and_SSL.html) > > rm -f /etc/pki/ovirt-engine/apache-ca.pem > cp my-engine.crt /etc/pki/ovirt-engine/apache-ca.pem > cp my-engine.p12 /etc/pki/ovirt-engine/keys/apache.p12 > openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nocerts -nodes > > /etc/pki/ovirt-engine/keys/apache.key.nopass > openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nokeys > > /etc/pki/ovirt-engine/certs/apache.cer > install -o ovirt -g ovirt -m 600 /dev/null > /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf > # 'changeit' is default java truststore pass on EL > cat > /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf << EOF > ENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts" > ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="changeit" > EOF > > 0> add custom CA into system truststore after backup > > cp /etc/pki/CA/my-ca.crt /etc/pki/ca-trust/source/anchors/CA.crt > update-ca-trust > > 0> check if system truststore knows about custom CA > > openssl x509 -in /etc/pki/ca-trust/source/anchors/CA.crt -fingerprint -sha1 > -noout > # 'changeit' is default java truststore pass on EL > keytool -list -keystore /etc/pki/java/cacerts -storepass changeit | grep "$( > openssl x509 -in /etc/pki/ca-trust/source/anchors/CA.crt -fingerprint -sha1 > -noout | sed -e '/SHA1/s/.*=//;' )" > grep -IR "$(sed -n '2p' /etc/pki/ca-trust/source/anchors/CA.crt)" > /etc/pki/ca-trust/extracted/ > > 0> engine-setup pki configuration check > > engine-setup # see if 'PKI CONFIGURATION' section passed without errors > > (doctext here https://bugzilla.redhat.com/show_bug.cgi?id=1336838) > > And this for websocket proxy: > > # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf > PROXY_PORT=6100 > SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem > SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass > CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer > SSL_ONLY=True > > You can start manually websocket proxy: > > /usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.py > --help > Usage: ovirt-websocket-proxy.py [options] start > > Options: > -h, --help show this help message and exit > -d, --debug debug mode > --pidfile=FILE pid file to use > --background Go into the background > --systemd=SYSTEMD Systemd type simple|notify > --redirect-output Redirect output of daemon > > It is also handy to do: > > openssl s_client -connect $websocketproxy_host:6100 > > j. > > - Original Message - > From: "aleksey maksimov" > To: "Jiri Belka" > Cc: "users" > Sent: Tuesday, August 16, 2016 9:33:54 AM > Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE > HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: > wss://ovirt.engine.fqdn:6100/ > > Jiri, I did not hide information. Tell me what the log file should show and I > will show > > 16.08.2016, 10:29, "Jiri Belka" : >> It does have logs, filenames "hide" real data. >> >> You should reveal logs and what each file is and >> which exact commands you were executing. >> >> Vague statements won't help much. It does work for me, >> there
Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/
Oh yeah :) I mistakenly used a root certificate from a local CA for /etc/pki/ovirt-engine/apache-ca.pem. Now I understood, and it works. Thanks again. 16.08.2016, 16:15, "Jiri Belka" : > IMO you "owe" explanation what was wrong, so other users > could learn from your mistakes and this mailing-list archive > would thus be beneficial for them when searching for help ;) > > Anyway, that's great news! > > j. > > - Original Message - > From: "aleksey maksimov" > To: "Jiri Belka" > Cc: "users" > Sent: Tuesday, August 16, 2016 2:59:21 PM > Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE > HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: > wss://ovirt.engine.fqdn:6100/ > > Thank you, Jiri ! > I did everything step by step and SPICE HTML5 browser client now works. > > 16.08.2016, 10:46, "Jiri Belka" : >> So, >> >> I used this for my own ca test: >> >> OWN CA AND OWN ENGINE KEY/CRT >> = >> >> 0> CA >> >> # awk '/my-/ || $1 ~ /^[^#]*_default/' /etc/pki/tls/openssl.cnf >> certificate = $dir/my-ca.crt # The CA certificate >> crl = $dir/my-ca.crl # The current CRL >> private_key = $dir/private/my-ca.key # The private key >> countryName_default = CZ >> stateOrProvinceName_default = Jihomoravsky kraj >> localityName_default = Brno >> 0.organizationName_default = Shoot them in the head, s. r. o. >> >> touch /etc/pki/CA/index.txt >> echo 01 > /etc/pki/CA/serial >> cd /etc/pki/CA >> (umask 077 ; openssl genrsa -out private/my-ca.key -des3 2048 ) >> openssl req -new -x509 -key private/my-ca.key -days 365 > my-ca.crt >> >> 0> engine cert >> >> openssl genrsa -out my-engine.key 4096 >> openssl req -new -out my-engine.csr -key my-engine.key >> openssl ca -in my-engine.csr -out my-engine.crt >> # use 'mypass' for p12 bundle export !!! >> openssl pkcs12 -export -out my-engine.p12 -inkey my-engine.key -in >> my-engine.crt -chain -CAfile /etc/pki/CA/my-ca.crt >> >> 0> existing engine keys/certs/p12 replacement >> >> (follow >> $engine_url/ovirt-engine/docs/manual/en_US/html/Administration_Guide/appe-Red_Hat_Enterprise_Virtualization_and_SSL.html) >> >> rm -f /etc/pki/ovirt-engine/apache-ca.pem >> cp my-engine.crt /etc/pki/ovirt-engine/apache-ca.pem >> cp my-engine.p12 /etc/pki/ovirt-engine/keys/apache.p12 >> openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nocerts -nodes > >> /etc/pki/ovirt-engine/keys/apache.key.nopass >> openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nokeys > >> /etc/pki/ovirt-engine/certs/apache.cer >> install -o ovirt -g ovirt -m 600 /dev/null >> /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf >> # 'changeit' is default java truststore pass on EL >> cat > /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf << EOF >> ENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts" >> ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="changeit" >> EOF >> >> 0> add custom CA into system truststore after backup >> >> cp /etc/pki/CA/my-ca.crt /etc/pki/ca-trust/source/anchors/CA.crt >> update-ca-trust >> >> 0> check if system truststore knows about custom CA >> >> openssl x509 -in /etc/pki/ca-trust/source/anchors/CA.crt -fingerprint -sha1 >> -noout >> # 'changeit' is default java truststore pass on EL >> keytool -list -keystore /etc/pki/java/cacerts -storepass changeit | grep >> "$( openssl x509 -in /etc/pki/ca-trust/source/anchors/CA.crt -fingerprint >> -sha1 -noout | sed -e '/SHA1/s/.*=//;' )" >> grep -IR "$(sed -n '2p' /etc/pki/ca-trust/source/anchors/CA.crt)" >> /etc/pki/ca-trust/extracted/ >> >> 0> engine-setup pki configuration check >> >> engine-setup # see if 'PKI CONFIGURATION' section passed without errors >> >> (doctext here https://bugzilla.redhat.com/show_bug.cgi?id=1336838) >> >> And this for websocket proxy: >> >> # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf >> PROXY_PORT=6100 >> SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem >> SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass >> CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer >> SSL_ONLY=True >> >> You can start manually websocket proxy: >> >> >> /usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.py >> --help >> Usage: ovirt-websocket-proxy.py [options] start >> >> Options: >> -h, --help show this help message and exit >> -d, --debug debug mode >> --pidfile=FILE pid file to use >> --background Go into the background >> --systemd=SYSTEMD Systemd type simple|notify >> --redirect-output Redirect output of daemon >> >> It is also handy to do: >> >> openssl s_client -connect $websocketproxy_host:6100 >> >> j. >> >> - Original Message - >> From: "aleksey maksimov" >> To: "Jiri Belka" >> Cc: "users" >> Sent: Tuesday, August 16, 2016 9:33:54 AM >> Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE >> HTML5 browser client -> WebSocket error: Can't conn
Re: [ovirt-users] iSCSI Multipathing -> host inactive
Hi Elad, Am 16.08.2016 um 10:52 schrieb Elad Ben Aharon: Please be sure that ovirtmgmt is not part of the iSCSI bond. Yes, I made sure it is not part of the bond. It does seem to have a conflict between default and enp9s0f0/ enp9s0f1. Try to put the host in maintenance and then delete the iscsi nodes using 'iscsiadm -m node -o delete'. Then activate the host. I tried that, I managed to get the iSCSI interface clean, no "default" anymore. But that didn't solve the problem of the host becoming "inactive". Not even the NFS domains would come up. As soon as I remove the iSCSI-bond, the host becomes responsive again and I can activate all storage domains. Removing the bond also brings the duplicated "Iface Name" back (but this time causes no problems). ... I wonder if there is a basic misunderstanding on my side: wouldn't it be necessary that all targets are reachable from all interfaces that are configured into the bond to make it work? But this would either mean two interfaces in the same network or routing between the iSCSI networks. Thanks, Uwe ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] qos problem in ovirt python sdk
On 08/16/2016 03:52 AM, like...@cs2c.com.cn wrote: > Hello, > > I'm using ovirt3.6.7, and i want to use QoS function by restapi. But i > fount i can't update the qos to unlimited. > For example, i assigned a qos named qos1 to a vnic profile named > vprofile1, then i want to set the qos of vprofile1 to unlimited, > so i set the qos to None in sdk when update vnic profile, but after > update the vnic profile still has qos named qos1. > > So, how should i do if i want to set qos of a vnic profile to unlimited? > > Look forward to your help! > Thanks > This is a general issue with the way the API works: we don't have different methods for updating or replacing completely the representation of an object, we use PUT for everything. This means that we have to assume that when you send a request without an attribute what you mean is that you want to preserve it. For example, when you send something like this: PUT /ovirt-engine/api/vnicprofiles/123 We have to assume that you want to preserve the attributes, as otherwise we would just remove all of them. A side effect of this is that there is no way to express that what you want to do is remove the QoS. The workaround for that is to create an unlimited QoS (manually or via the API) and then update the VNIC profile to use that instead of the previous one. For example: ---8<--- # Find the data center: dc = api.datacenters.get(name='mydc') # Find the "unlimited" QoS, or create it if it doesn't exit # yet: unlimited = dc.qoss.get(name='unlimitednetwork') if unlimited is None: unlimited = dc.qoss.add( params.QoS( name='unlimitednetwork', type_='network', ) ) # Find the VNIC profile: profile = api.vnicprofiles.get(name='myprofile') # Change the VNIC profile to use the unlimited QoS: profile.set_qos( params.QoS(id=unlimited.get_id()) ) profile.update() --->8--- -- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] oVirt 4 + Foreman
On 08/16/2016 11:58 AM, Arsène Gschwind wrote: > Hi, > > has anybody been able to configure Foreman with oVirt 4 ? When trying to > add Foreman as an external provider and test the login it always return > : Failed to communicate with the external provider, see log for > additional details. > > On the Foreman side i get an SSO failed in the log, the user and > password entered are correct. > > Running version: > > oVirt Engine Version: 4.0.2.6-1.el7.centos > Foreman Version 1.12.1 > > Please find the log extract attached. > Thanks for any help/hint. > > Regards, > Arsène > There are two important differences in version 4 of oVirt 1. The URL is now only /ovirt-engine/api (it used to accept /api and /ovirt-engine/api). 2. There are two versions of the API now, v3, compatible with oVirt 3, and v4, new and incompatible. Foreman only supports v3. So, I'd suggest you try to use "https://.../ovirt-engine/api/v3"; in the URL. Does that work? If it doesn't, can you provide more details? Log files? -- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] edit gluster storage domain
So I've run into an issue where I add "-obackup-volfile-servers=10.4.16.19:10.4.16.12" to the storage domain object and click ok. Then I get an error that says "Failed to connect Host hv5.domain.com to the Storage Domains SANB". Am I getting the mount option correct? Any thoughts on what I'm doing wrong here? On 08/11/2016 12:38 PM, Nir Soffer wrote: > On Thu, Aug 11, 2016 at 9:22 PM, Edward Clay wrote: >> Hello, I need to edit a glusterfs storage domain to add the mount >> option " backupvolfile-server=SERVER" So when the primary servers IP is >> not accessible the remaining servers will be used to retrieve data >> stored on the gluster volume. Right now when I try to edit the storage >> domain the mount options box is grayed out and not editable. I recently >> had to take all vms down so I put the HV in maintenance mode and the >> edit options wasn't present. >> >> >> I need to understand if this is the correct option to make a glusterfs >> volume fault tolerant? > Yes. > >> Also I need to understand how to make this edit in the ovirt web >> interface or other method. > You need to put the storage domain in maintenance mode, and then > you can edit the gluster mount options. > > This requires either shutting down all the vms using this storage, or > if you cannot afford any downtime, you can live-migrate the disks to > another storage domain, edit gluster options, and live-migrate the disks > back. > > Nir -- Best regards, Edward Clay Systems Administrator UK2 Group - US Operations Phone: 1-800-222-2165 FAX: 435-755-3449 E-mail: edward.c...@uk2group.com Believe in Better Hosting http://www.westhost.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] edit gluster storage domain
On Tue, Aug 16, 2016 at 7:28 PM, Edward Clay wrote: > So I've run into an issue where I add > "-obackup-volfile-servers=10.4.16.19:10.4.16.12" -o is added by vdsm on the host, try: backup-volfile-servers=10.4.16.19:10.4.16.12 > to the storage domain > object and click ok. Then I get an error that says "Failed to connect > Host hv5.domain.com to the Storage Domains SANB". Am I getting the > mount option correct? Any thoughts on what I'm doing wrong here? > > > On 08/11/2016 12:38 PM, Nir Soffer wrote: >> On Thu, Aug 11, 2016 at 9:22 PM, Edward Clay >> wrote: >>> Hello, I need to edit a glusterfs storage domain to add the mount >>> option " backupvolfile-server=SERVER" So when the primary servers IP is >>> not accessible the remaining servers will be used to retrieve data >>> stored on the gluster volume. Right now when I try to edit the storage >>> domain the mount options box is grayed out and not editable. I recently >>> had to take all vms down so I put the HV in maintenance mode and the >>> edit options wasn't present. >>> >>> >>> I need to understand if this is the correct option to make a glusterfs >>> volume fault tolerant? >> Yes. >> >>> Also I need to understand how to make this edit in the ovirt web >>> interface or other method. >> You need to put the storage domain in maintenance mode, and then >> you can edit the gluster mount options. >> >> This requires either shutting down all the vms using this storage, or >> if you cannot afford any downtime, you can live-migrate the disks to >> another storage domain, edit gluster options, and live-migrate the disks >> back. >> >> Nir > > -- > Best regards, > Edward Clay > Systems Administrator > UK2 Group - US Operations > Phone: 1-800-222-2165 > FAX: 435-755-3449 > E-mail: edward.c...@uk2group.com > > Believe in Better Hosting > http://www.westhost.com > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] edit gluster storage domain
Thank. That did it. On 08/16/2016 10:44 AM, Nir Soffer wrote: > On Tue, Aug 16, 2016 at 7:28 PM, Edward Clay wrote: >> So I've run into an issue where I add >> "-obackup-volfile-servers=10.4.16.19:10.4.16.12" > -o is added by vdsm on the host, try: > > backup-volfile-servers=10.4.16.19:10.4.16.12 > >> to the storage domain >> object and click ok. Then I get an error that says "Failed to connect >> Host hv5.domain.com to the Storage Domains SANB". Am I getting the >> mount option correct? Any thoughts on what I'm doing wrong here? >> >> >> On 08/11/2016 12:38 PM, Nir Soffer wrote: >>> On Thu, Aug 11, 2016 at 9:22 PM, Edward Clay >>> wrote: Hello, I need to edit a glusterfs storage domain to add the mount option " backupvolfile-server=SERVER" So when the primary servers IP is not accessible the remaining servers will be used to retrieve data stored on the gluster volume. Right now when I try to edit the storage domain the mount options box is grayed out and not editable. I recently had to take all vms down so I put the HV in maintenance mode and the edit options wasn't present. I need to understand if this is the correct option to make a glusterfs volume fault tolerant? >>> Yes. >>> Also I need to understand how to make this edit in the ovirt web interface or other method. >>> You need to put the storage domain in maintenance mode, and then >>> you can edit the gluster mount options. >>> >>> This requires either shutting down all the vms using this storage, or >>> if you cannot afford any downtime, you can live-migrate the disks to >>> another storage domain, edit gluster options, and live-migrate the disks >>> back. >>> >>> Nir >> -- >> Best regards, >> Edward Clay >> Systems Administrator >> UK2 Group - US Operations >> Phone: 1-800-222-2165 >> FAX: 435-755-3449 >> E-mail: edward.c...@uk2group.com >> >> Believe in Better Hosting >> http://www.westhost.com >> -- Best regards, Edward Clay Systems Administrator UK2 Group - US Operations Phone: 1-800-222-2165 FAX: 435-755-3449 E-mail: edward.c...@uk2group.com Believe in Better Hosting http://www.westhost.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Gluster replication on 1Gb interfaces
Hi all. I understand using 10Gb interfaces when using Gluster is advised for helping with data replication specially in situations where a node went down for a while and need to re-sync data. However can anyone tell if using one 1Gb interface dedicated for it in hosts with 1.8 TB of Raw storage would be still Ok or can it cause severe impact on performance ? What are the chances of a 1Gb nice being saturated during normal operation ? Thanks Fernando ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Gluster replication on 1Gb interfaces
We experienced severe performance degridation with a 5TB volume with 500GB of data on it. So much so that we went ahead and upgraded to 10GbE. Our setup was 1Gbe interface for all gluster communication and client access. We experience no performance hits when since switching to 10Gbe. On 08/16/2016 11:25 AM, Fernando Frediani wrote: > Hi all. > > I understand using 10Gb interfaces when using Gluster is advised for > helping with data replication specially in situations where a node > went down for a while and need to re-sync data. > > However can anyone tell if using one 1Gb interface dedicated for it in > hosts with 1.8 TB of Raw storage would be still Ok or can it cause > severe impact on performance ? What are the chances of a 1Gb nice > being saturated during normal operation ? > > Thanks > Fernando > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users -- Best regards, Edward Clay Systems Administrator UK2 Group - US Operations Phone: 1-800-222-2165 FAX: 435-755-3449 E-mail: edward.c...@uk2group.com Believe in Better Hosting http://www.westhost.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt 3.6 python sdk how to find logical network from a host nic?
Hi Juan, Thanks! It works. One more question, do you know how to do ³save network configuration² in the api? I did the following Params.Action(force=1, check_connectivity=1, host_nics=host_nics) but the gui says the network configuration is not saved. I can¹t find any relevant params in the Action. Thanks, Huan On 8/13/16, 5:09 AM, "Juan Hernández" wrote: >On 08/13/2016 12:17 AM, Huan He (huhe) wrote: >> Assuming the logical network ovirtmgmt has been configured in host NIC >> enp6s0. >> >> host = api.hosts.get(Œhost-123¹) >> host_nic = host.nics.get(Œenp6s0¹) >> >> How to get the logical network name ovirtmgmt? >> >> I basically need to find ovirtmgmt is configured in which NIC. >> >> Thanks, >> Huan >> > >To do this first you need to find the identifier of the "ovirtmgmt" >network of the relevant cluster (the same network name can be used in >multiple clusters) and then iterate the network attachments to find >which network interfaces are connected to that network. Something like >this: > >---8<--- ># Find the host: >host_name = 'myhost' >host = api.hosts.get(name=host_name) > ># Find the identifier of the cluster that the host belongs to: >cluster_id = host.get_cluster().get_id() > ># Find the networks available in the cluster, and locate the one ># ones with the name we are looking for: >network_name = 'ovirtmgmt' >network_ids = [] >networks = api.clusters.get(id=cluster_id).networks.list() >for network in networks: >if network.get_name() == network_name: >network_ids.append(network.get_id()) > ># Find the network interface of the host that has the network attached: >nic_ids = [] >network_attachments = host.networkattachments.list() >for network_attachment in network_attachments: >if network_attachment.get_network().get_id() in network_ids: >nic_ids.append(network_attachment.get_host_nic().get_id()) > ># Print the details of the nics: >for nic_id in nic_ids: >nic = host.nics.get(id=nic_id) >print(nic.get_name()) >--->8--- > >-- >Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta >3ºD, 28016 Madrid, Spain >Inscrita en el Reg. Mercantil de Madrid C.I.F. B82657941 - Red Hat S.L. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt 3.6 python sdk how to find logical network from a host nic?
On 08/16/2016 08:20 PM, Huan He (huhe) wrote: > Hi Juan, > > Thanks! It works. > > One more question, do you know how to do ³save network configuration² in > the api? I did the following > > Params.Action(force=1, check_connectivity=1, host_nics=host_nics) > > but the gui says the network configuration is not saved. I can¹t find any > relevant params in the Action. > > Thanks, > Huan > Saving the network configuration is a different action: host.commitnetconfig() > > On 8/13/16, 5:09 AM, "Juan Hernández" wrote: > >> On 08/13/2016 12:17 AM, Huan He (huhe) wrote: >>> Assuming the logical network ovirtmgmt has been configured in host NIC >>> enp6s0. >>> >>> host = api.hosts.get(Œhost-123¹) >>> host_nic = host.nics.get(Œenp6s0¹) >>> >>> How to get the logical network name ovirtmgmt? >>> >>> I basically need to find ovirtmgmt is configured in which NIC. >>> >>> Thanks, >>> Huan >>> >> >> To do this first you need to find the identifier of the "ovirtmgmt" >> network of the relevant cluster (the same network name can be used in >> multiple clusters) and then iterate the network attachments to find >> which network interfaces are connected to that network. Something like >> this: >> >> ---8<--- >> # Find the host: >> host_name = 'myhost' >> host = api.hosts.get(name=host_name) >> >> # Find the identifier of the cluster that the host belongs to: >> cluster_id = host.get_cluster().get_id() >> >> # Find the networks available in the cluster, and locate the one >> # ones with the name we are looking for: >> network_name = 'ovirtmgmt' >> network_ids = [] >> networks = api.clusters.get(id=cluster_id).networks.list() >> for network in networks: >>if network.get_name() == network_name: >>network_ids.append(network.get_id()) >> >> # Find the network interface of the host that has the network attached: >> nic_ids = [] >> network_attachments = host.networkattachments.list() >> for network_attachment in network_attachments: >>if network_attachment.get_network().get_id() in network_ids: >>nic_ids.append(network_attachment.get_host_nic().get_id()) >> >> # Print the details of the nics: >> for nic_id in nic_ids: >>nic = host.nics.get(id=nic_id) >>print(nic.get_name()) >> --->8--- >> >> -- >> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta >> 3ºD, 28016 Madrid, Spain >> Inscrita en el Reg. Mercantil de Madrid C.I.F. B82657941 - Red Hat S.L. > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > -- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] oVirt Reports
Yaniv, Thanks for the reply. Didi, Dully noted! Thank you all for the reply. I got it all fixed. Regards, -- Fernando Fuentes ffuen...@txweather.org http://www.txweather.org On Tue, Aug 16, 2016, at 12:56 AM, Yaniv Dary wrote: > This looks like a DWH, not a reports issue. Are you sure you only > install reports remotely? > > Yaniv Dary Technical Product Manager Red Hat Israel Ltd. 34 Jerusalem > Road Building A, 4th floor Ra'anana, Israel 4350109 Tel : +972 (9) > 7692306 8272306 Email: yd...@redhat.com IRC : ydary > > On Tue, Aug 16, 2016 at 8:48 AM, Yedidyah Bar David > wrote: >> On Tue, Aug 16, 2016 at 12:09 AM, Fernando Fuentes >> wrote: >> > David, >> >> (Actually it's "Yedidyah" or "Didi", "Bar David" is my surname) >> >> >> > >> > After an attempt to run this remote setup something went really >> > wrong >> > and my dwh went fubar on my ovirt 4.0 >> > >> > I got: >> > >> > 2016-08-15 16:03:34|ETL Service Started >> > ovirtEngineDbDriverClass|org.postgresql.Driver >> > ovirtEngineHistoryDbJdbcConnection|jdbc:postgresql://localhost:54- >> > 32/ovirt_engine_history?sslfactory=org.postgresql.ssl.NonValidati- >> > ngFactory >> > hoursToKeepDaily|43800 >> > hoursToKeepHourly|1440 >> > ovirtEngineDbPassword|** >> > runDeleteTime|3 >> > ovirtEngineDbJdbcConnection|jdbc:postgresql://localhost:5432/engi- >> > ne?sslfactory=org.postgresql.ssl.NonValidatingFactory >> > runInterleave|20 >> > limitRows|limit 1000 >> > ovirtEngineHistoryDbUser|ovirt_engine_history >> > ovirtEngineDbUser|engine >> > deleteIncrement|10 >> > timeBetweenErrorEvents|30 >> > hoursToKeepSamples|24 >> > deleteMultiplier|1000 >> > lastErrorSent|2011-07-03 12:46:47.00 >> > etlVersion|4.0.2 >> > dwhAggregationDebug|false >> > dwhUuid|759f3eb5-5072-4c28-9686-a363eb956077 >> > ovirtEngineHistoryDbDriverClass|org.postgresql.Driver >> > ovirtEngineHistoryDbPassword|** >> > Exception in component tJDBCInput_2 >> > org.postgresql.util.PSQLException: ERROR: relation >> > "history_configuration" does not exist >> > Position: 65 >> > at >> > org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResp- >> > onse(QueryExecutorImpl.java:2157) >> > at >> > org.postgresql.core.v3.QueryExecutorImpl.processResults(Q- >> > ueryExecutorImpl.java:1886) >> > at >> > org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExe- >> > cutorImpl.java:255) >> > at >> > org.postgresql.jdbc2.AbstractJdbc2Statement.execute(Abstr- >> > actJdbc2Statement.java:555) >> > at >> > org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFl- >> > ags(AbstractJdbc2Statement.java:403) >> > at >> > org.postgresql.jdbc2.AbstractJdbc2Statement.executeQuery(- >> > AbstractJdbc2Statement.java:283) >> > at >> > ovirt_engine_dwh.minimalversioncheck_4_0.MinimalVersionCh- >> > eck.tJDBCInput_2Process(MinimalVersionCheck.java:1574) >> > at >> > ovirt_engine_dwh.minimalversioncheck_4_0.MinimalVersionCh- >> > eck.tJDBCInput_1Process(MinimalVersionCheck.java:1229) >> > at >> > ovirt_engine_dwh.minimalversioncheck_4_0.MinimalVersionCh- >> > eck.tJDBCConnection_2Process(MinimalVersionCheck.java:782) >> > at >> > ovirt_engine_dwh.minimalversioncheck_4_0.MinimalVersionCh- >> > eck.tJDBCConnection_1Process(MinimalVersionCheck.java:657) >> > at >> > ovirt_engine_dwh.minimalversioncheck_4_0.MinimalVersionCh- >> > eck.runJobInTOS(MinimalVersionCheck.java:3089) >> > at >> > ovirt_engine_dwh.minimalversioncheck_4_0.MinimalVersionCh- >> > eck.runJob(MinimalVersionCheck.java:2853) >> > at >> > ovirt_engine_dwh.historyetl_4_0.HistoryETL.tRunJob_2Proce- >> > ss(HistoryETL.java:8009) >> > at >> > ovirt_engine_dwh.historyetl_4_0.HistoryETL$3.run(HistoryE- >> > TL.java:11520) >> > 2016-08-15 >> > 16:03:34|NAl0ai|349e7f|349e7f|OVIRT_ENGINE_DWH|MinimalVersionChec- >> > k|Default|6|Java >> > Exception|tJDBCInput_2|org.postgresql.util.PSQLException:ERROR: >> > relation >> > "history_configuration" does not exist >> > Position: 65|1 >> > Exception in component tRunJob_2 >> > java.lang.RuntimeException: Child job running failed >> > at >> > ovirt_engine_dwh.historyetl_4_0.HistoryETL.tRunJob_2Proce- >> > ss(HistoryETL.java:8032) >> > at >> > ovirt_engine_dwh.historyetl_4_0.HistoryETL$3.run(HistoryE- >> > TL.java:11520) >> > 2016-08-15 >> > 16:03:34|349e7f|349e7f|349e7f|OVIRT_ENGINE_DWH|HistoryETL|Default- >> > |6|Java >> > Exception|tRunJob_2|java.lang.RuntimeException:Child job running >> > failed|1 >> > 2016-08-15 16:03:34|ETL Service Stopped >> > >> > Can you please help? >> >> Pl
[ovirt-users] Upgrade hosts/nodes from engine
Hi Guys, Quick question, I have my nodes on a bond-bridge-privateVlan setup, and my engine on a bond-bridge-publicVlan setup for remote monitoring. Understandably, the nodes are complaining that they are failing updates. (They're on a private vlan, and only configured with IP's in that vlan, the public vlan doesn't have IP's set on the hosts so they can pass it to VMs). Is there a way to have the engine do the updates on the node using its internet connection, like a proxy? For security reasons I like to have the nodes not publicly accessible, as we see hundreds if not thousands of ssh attempts, and root would probably be the most attacked account. Thanks, Hanson ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] hosted-engine deploy error terminal state
On Tue, Aug 16, 2016 at 5:34 PM, Maxence Sartiaux wrote: > Hello, > > I try to deploy a hosted-engine (4.0.2) on my cluster from a existing > engine, Please provide more details about what you are trying to do. It seems like you already have an engine. Can't tell if it's a hosted engine or not. Is it? It seems like the host you are trying to deploy is/was already managed by your engine. Is it? Generally speaking, we do not allow "converting" an engine to a hosted engine nor doing 'hosted-engine --deploy' on a host already managed by the/an engine. For the former, please check [1]. For the latter, you should first remove the host from the engine. [1] is very old, and some details are different today, but the principles remain. I recommend trying this first on an isolated test env before doing on production. BTW, the above does not explain your failure. Your specific failure is: 2016-08-16 15:22:10 INFO otopi.plugins.gr_he_setup.engine.add_host engineapi.get_engine_api:51 Connecting to the Engine 2016-08-16 15:22:10 DEBUG otopi.plugins.gr_he_setup.engine.add_host add_host._closeup:513 Getting the list of available clusters via engine's APIs 2016-08-16 15:37:10 DEBUG otopi.context context._executeMethod:142 method exception Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/otopi/context.py", line 132, in _executeMethod method['method']() File "/usr/share/ovirt-hosted-engine-setup/scripts/../plugins/gr-he-setup/engine/add_host.py", line 554, in _closeup net_info = CachingNetInfo(vds_info.capabilities(conn)) File "/usr/lib/python2.7/site-packages/ovirt_hosted_engine_setup/vds_info.py", line 31, in capabilities result = conn.getVdsCapabilities() File "/usr/lib/python2.7/site-packages/vdsm/jsonrpcvdscli.py", line 153, in _callMethod raise JsonRpcNoResponseError(method) JsonRpcNoResponseError: [-32605] No response for JSON-RPC Host.getCapabilities request. To me it seems like 'hosted-engine --deploy' managed to connect to the engine (not sure which, existing or one created in new hosted-engine vm) but fails to get the list of clusters, probably because the engine fails to connect to one or more hosts. Can't see that in the attached engine.log btw - either it's from the wrong machine, or wrong time/timezone, something like that. [1] http://www.ovirt.org/develop/developer-guide/engine/migrate-to-hosted-engine/ Best, > > Everything works fine until i start the last step, my engine is up, > cluster state ok, hosts state up ect ... > > When it come to the last step "Continue setup - oVirt-Engine > installation is ready and ovirt-engine service is up" > > It get stuck on "Connecting to the Engine" and finally crash with > > [ ERROR ] Failed to execute stage 'Closing up': [-32605] No response > for JSON-RPC Host.getCapabilities request. > [ INFO ] Stage: Clean up > [ ERROR ] Failed to execute stage 'Clean up': [-32605] No response for > JSON-RPC Host.stopMonitoringDomain request. > [ INFO ] Generating answer file '/var/lib/ovirt-hosted-engine- > setup/answers/answers-20160816155211.conf' > [ INFO ] Stage: Pre-termination > [ INFO ] Stage: Termination > [ ERROR ] Hosted Engine deployment failed: this system is not reliable, > please check the issue,fix and redeploy > Log file is located at /var/log/ovirt-hosted-engine- > setup/ovirt-hosted-engine-setup-20160816144914-xykpcl.log > Exception in thread Client hypervisor1:54321: > Traceback (most recent call last): > File "/usr/lib64/python2.7/threading.py", line 811, in > __bootstrap_inner > self.run() > File "/usr/lib64/python2.7/threading.py", line 764, in run > self.__target(*self.__args, **self.__kwargs) > File "/usr/lib/python2.7/site-packages/yajsonrpc/betterAsyncore.py", > line 216, in process_requests > count=1, > File "/usr/lib64/python2.7/asyncore.py", line 220, in loop > poll_fun(timeout, map) > File "/usr/lib64/python2.7/asyncore.py", line 201, in poll2 > readwrite(obj, flags) > TypeError: 'NoneType' object is not callable > > hosted-engine-deploy and engine log are in attachements > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > -- Didi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users