[ovirt-users] Re: migrating standalone engine to selfhosted and upgrade from 4.3 to 4.4 in one step

[Yedidyah Bar David]

On Fri, Aug 7, 2020 at 1:37 PM Jiří Sléžka  wrote:
>
> On 8/7/20 9:50 AM, Jiří Sléžka wrote:
> > On 8/5/20 2:07 PM, Jiří Sléžka wrote:
> >> On 8/3/20 11:12 AM, Jiří Sléžka wrote:
> >>> Hello,
> >>>
> >>> I have 4 host cluster managed with standalone engine in version 4.3 and
> >>> I would like to migrate this standalone engine to 4.4 as hosted engine.
> >>>
> >>> I have two new hosts which I would like to use as base for new HE
> >>> cluster. (new hosts are Intel based, old ones are AMD Opteron based -
> >>> new cluster will have 4.4 compatibility, old one have to stay at 4.2
> >>> compatibility level).
> >>>
> >>> I red this
> >>>
> >>> https://www.ovirt.org/documentation/migrating_from_a_standalone_manager_to_a_self-hosted_engine/
> >>>
> >>> but the question is: Can I migrate and upgrade in one step? Have anybody
> >>> did that already? If it is not possible what is a suggested approach?
> >>
> >> I just tried it. It looks like it could work at least until installation
> >> process want to login into engine. It looks like it does not use valid
> >> login name nor password.
> >>
> >> [ INFO  ] TASK [ovirt.hosted_engine_setup : Expose engine VM webui over
> >> a local port via ssh port forwarding]
> >> [ INFO  ] changed: [localhost]
> >> [ INFO  ] TASK [ovirt.hosted_engine_setup : Evaluate temporary bootstrap
> >> engine URL]
> >> [ INFO  ] ok: [localhost]
> >> [ INFO  ] The bootstrap engine is temporary accessible over
> >> https://ovirt05.net.slu.cz:6900/ovirt-engine/
> >> [ INFO  ] TASK [ovirt.hosted_engine_setup : Detect VLAN ID]
> >> [ INFO  ] changed: [localhost]
> >> [ INFO  ] TASK [ovirt.hosted_engine_setup : Set Engine public key as
> >> authorized key without validating the TLS/SSL certificates]
> >> [ INFO  ] changed: [localhost]
> >> [ INFO  ] TASK [ovirt.hosted_engine_setup : include_tasks]
> >> [ INFO  ] ok: [localhost]
> >> [ INFO  ] TASK [ovirt.hosted_engine_setup : Obtain SSO token using
> >> username/password credentials]
> >> [ INFO  ] ok: [localhost]
> >> [ INFO  ] TASK [ovirt.hosted_engine_setup : Ensure that the target
> >> datacenter is present]
> >> [ ERROR ] ovirtsdk4.AuthError: Error during SSO authentication
> >> access_denied : Cannot authenticate user 'None@N/A': No valid profile
> >> found in credentials..
> >> [ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg":
> >> "Error during SSO authentication access_denied : Cannot authenticate
> >> user 'None@N/A': No valid profile found in credentials.."}
> >>
> >> I tried to login to https://ovirt05.net.slu.cz:6900/ovirt-engine/ and it
> >> probably accept username admin@internal and new password entered during
> >> hosted engine deploy but then it display error "The provided
> >> authorization grant for the auth code has expired."
> >>
> >> Maybe it is related to this bug (and custom 3rd party Apache certificate)
> >>
> >> https://bugzilla.redhat.com/show_bug.cgi?id=1715767
> >>
> >> in my case it looks like on engine vm in file
> >>
> >> /etc/pki/ovirt-engine/apache-ca.pem
> >>
> >> is original certificate from backup which is for ovirt.slu.cz fqdn. For
> >> new hosted engine I use new fqdn ovirt.net.slu.cz. Should I change
> >> ovirt.slu.cz record to point to new ip address (it have to be one from
> >> ovirtmgmt subnet) and then try restore? Documentation is not much clear
> >> in this particular subject.
> >
> > well, I will answer myself
> >
> > * setting fqdn is not probably important at this time, self hosted
> > engine is prepared with modified /etc/hosts

Not sure what exactly you mean - but ok. We should probably write some
general section about engine's fqdn, name resolution, etc., what should
use which name during which point of an upgrade, etc.

Can you please clarify your exact situation/flow, in this case? Perhaps
as a first draft of such a section :-) ?

> >
> > * main problem was that I am using 3rd party certificate for long time
> > so I didn't mention this documentation section
> >
> > https://ovirt.org/documentation/administration_guide/#Replacing_the_Manager_CA_Certificate
> >
> > especially section 14 which describe how to configure engine-backup to
> > backup also custom CA certificate. But this part is badly formatted as
> > described in
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=1859505

Yes, sorry for that.

> >
> > relevant BZ is also https://bugzilla.redhat.com/show_bug.cgi?id=1841203
> > which point me to the right direction
>
> just for record.
>
> I had to change dns record for fqdn during deploy process - after HE vm
> was copied to shared storage (FC in my case) and before or during "
> Check engine VM health"

Can you please clarify?

>
> ...
> [ INFO  ] TASK [ovirt.hosted_engine_setup : Start ovirt-ha-agent service
> on the host]
> [ INFO  ] changed: [localhost]
> [ INFO  ] TASK [ovirt.hosted_engine_setup : Exit HE maintenance mode]
> [ INFO  ] changed: [localhost]
> [ INFO  ] TASK [ovirt.hosted_engine_setup : Check engine VM health]
> [ INFO  ] changed: [localhost]
> [ INF

[ovirt-users] Re: hosted-engine upgrade from 4.3 to 4.4 fails with "Cannot edit VM."

[thomas]

If the defalt blank template from a fresh install had enabled 
high-availability, that would be a bug.
But if someone had set this on their blank template, I can see how that would 
cause such an issue and I can just imagine the drama behind finding it... It 
seems common enough to code for it!
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/IS7FMYBTC4KTIECXEI3C7EOGXLCTQULM/

[ovirt-users] Re: It is possible to export a vm bigger as 5 TB?

[miguel . garcia]

I got the same result from an export domain.

I'm trying to get this as a backup procedure.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BWCA2E2FAFAGHHLLA2HF2SE5XBKAKHS3/

[ovirt-users] Re: OVA export creates empty and unusable images

[thomas]

> On Tue, Aug 4, 2020 at 7:37 PM  
> This is good, you should not use export domain at this point. We have better
> replacement (see my other mail).
> 
I agree that one way should be enough, but it needs to work and ideally improve 
on usability generation on generation.
> 
> I think you already found that OVA are not what you think they are.
> They work for exporting
> VMs from the same hypervisor and back, unless you have a tool that
> know how to convert
> OVA from one hypervisor to another like virt-v2v.
I am used to deal with VMs very much like LEGO bricks. I have moved them 
between hardware and hypervisors ever since Mendel Rosenblum & friends managed 
to trick the 80486SL into running a hypervisor with the system management mode 
intended by Intel only to make DOS not eat batteries on luggable hardware. 
Windows systems have made huge improvements, moving p2v, v2v, p2p, even v2p, 
Linux requires some precautions and constraints I have learned to observe.

The the more sensible (not as polite...) question is to ask: Should I actually 
move these VMs? And you're right, that I should better not, use infrastructure 
as code etc. but that leads right to containers rather than VMs. I've used 
OpenVZ in production for more than a decade for that and even nested them with 
Docker to get both scale-in and scale-out benefits and less friction between 
ops and devs. But as your very own Roy Goland blogged in January '19, every 
cloud needs an anchor, contro place or service VMs, for which oVirt is just 
right... but also the outer-most loop, where infra as code delivers the lowest 
benefits.

Still the lab infra I support as a side job is so small, and my coding has 
become so rusty (wrote a Linux emulator for a distributed µ-kernel as part of 
my thesis when Linus still didn't know that task state segments are too klunky 
for task switching), that I'd just prefer to use an appliance now, but which I 
know to have proper REST/Python APIs in case it grows into something bigger.

That doesn't change that any hypervisor should just support the elemental 
save/store/export/import operations in addition to 
start/stop/suspend/clone/migrate etc. VMware, XenServer, VirtualBox each 
probably aren't just minor players compared to oVirt/RHV and when you want to 
gain market share, bi-directional interoperability can lower barriers... even 
if they are a tad costly to maintain. In any case I currently blame the others 
for not understanding the OVAs QEMU is producing, at least until I can prove 
that wrong.
> 
> 
> True, ease of use is important. But if you are going to do this a
> lost, scripting the
> operation is important, and oVirt has a very powerful API/SDK.
> 
> 
> What you say is basically that having a backup is useful :-)
Yes, when you promise your team that things will be easier and better with 
oVirt, it's nice when you can avoid them losing everything.
> 
> How are you going to use the OVA on a bare metal machine?
Not the typical emergency use case actually, even if I have done v2p on 
occasion.
More typical would be that I'd just put (actually have) a VirtualBox on a 
normal Docker/Kubernetes compute node and just have that run a control 
plane/service VM that I had exported to cover this near disaster scenario of a 
failed cluster.

Actually again for LEGO spirit and flexibility I was going to put oVirt, 
VirtualBox and Docker on our big GPU ML compute nodes and then put policies in 
place to control how and if workloads would ever migrate there, because each 
would be blind to one another.

Alas, while Docker and VirtualBox get along fine, oVirt doesn't like to play 
with any of the other two, let alone both.
> 
> Why do you need the desktop hypervisor? I would like to hear more
> about this use case.
Nothing magic, really just that developers sometimes like to build prototypes 
on their corporate Windows mobile workstations to work on them at home or even 
demo them to customers. VirtualBox isn't too bad but VMware workstation can 
make it very easy to just build an infrastructure out of LEGO VMs with a 
network included. Far less sophisticated than OVN and oVirt, but *everybody* 
can use it pretty much out of the box. Bare KVM is just not the same experience 
and I was actually very sad to notice, that VirtualBox and oVirt refuse to 
co-exist on a single host, even if both use KVM underneath! I got VirtualBox 
and VMware on my Windows machines without issues, and it's only HyperV that is 
getting increasingly exclusive, after a while when I could even run all three 
on a single machine. Not that anyone *should* do that, but then for type 2 
hypervisors there is no (technical) reason not to play well and I don't want 
politics on *my* machines.

And don't get me started on wanting to use nesting for the real LEGO experience!
> 
> And if you need one, why not use something based on KVM (like
> virt-manager) so disks
> from oVirt can work without any change? This will make it easy to move
> from oVit to 

[ovirt-users] Re: hosted-engine upgrade from 4.3 to 4.4 fails with "Cannot edit VM."

[Strahil Nikolov via Users]

You can access it after subscribing at developers.redhat.com .

The article claims that you have to disable   HA on the blank template, yet 
this doesn't sound me familiar.

Best Regards,
Strahil Nikolov

На 10 август 2020 г. 17:55:05 GMT+03:00, d...@sekretev.ru написа:
>Hi!
>hosted-engine --deploy --restore-from-file=ovirt_engine_full.arch
>fails with 
>[ ERROR ] ovirtsdk4.Error: Fault reason is "Operation Failed". Fault
>detail is "[Cannot edit VM. A VM running the engine ("hosted engine")
>cannot be set to highly available as it has its own HA mechanism.]".
>HTTP response code is 409.
>[ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg":
>"Fault reason is \"Operation Failed\". Fault detail is \"[Cannot edit
>VM. A VM running the engine (\"hosted engine\") cannot be set to highly
>available as it has its own HA mechanism.]\". HTTP response code is
>409."}
>[ ERROR ] Failed to execute stage 'Closing up': Failed executing
>ansible-playbook
>Can anybody help with this error? May be someone has access to this
>page https://access.redhat.com/solutions/5303571?
>___
>Users mailing list -- users@ovirt.org
>To unsubscribe send an email to users-le...@ovirt.org
>Privacy Statement: https://www.ovirt.org/privacy-policy.html
>oVirt Code of Conduct:
>https://www.ovirt.org/community/about/community-guidelines/
>List Archives:
>https://lists.ovirt.org/archives/list/users@ovirt.org/message/5KWSZMBBQKCSUM6LH7VMLA3JVXURAGVC/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/KYH6KIJX4BZUCHYLCZH6KXXK56BVBHHH/

[ovirt-users] Re: hosted-engine upgrade from 4.3 to 4.4 fails with "Cannot edit VM."

[d]

The solution is "Edit the Blank template and disable High Availability, then 
attempt to upgrade again."
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/F7VNA367IRYEHES2PF54ONJCVXO3NURM/

[ovirt-users] hosted-engine upgrade from 4.3 to 4.4 fails with "Cannot edit VM."

[d]

Hi!
hosted-engine --deploy --restore-from-file=ovirt_engine_full.arch
fails with 
[ ERROR ] ovirtsdk4.Error: Fault reason is "Operation Failed". Fault detail is 
"[Cannot edit VM. A VM running the engine ("hosted engine") cannot be set to 
highly available as it has its own HA mechanism.]". HTTP response code is 409.
[ ERROR ] fatal: [localhost]: FAILED! => {"changed": false, "msg": "Fault 
reason is \"Operation Failed\". Fault detail is \"[Cannot edit VM. A VM running 
the engine (\"hosted engine\") cannot be set to highly available as it has its 
own HA mechanism.]\". HTTP response code is 409."}
[ ERROR ] Failed to execute stage 'Closing up': Failed executing 
ansible-playbook
Can anybody help with this error? May be someone has access to this page 
https://access.redhat.com/solutions/5303571?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5KWSZMBBQKCSUM6LH7VMLA3JVXURAGVC/

[ovirt-users] Re: oVirt Hyperconverged question

[Benedetto Vassallo]

 Thank you very much.
I am planning to run a 3-nodes glusterfs cluster + 3-nodes compute  
only that will be permanently running.

Best regards.

Def. Quota tho...@hoberg.net:

I have done that, even added five nodes that contribute a separate  
Gluster file system using dispersed (erasure codes, more efficient)  
mode.


But in another cluster with such a 3-node-HCI base, I had a lot (3  
or 4) of compute nodes, that were actually dual-boot or just shut  
off when not used: Even used the GUI to do that properly.


This caused strange issues as I shut down all three compute-only  
nodes: Gluster reported loss of quorum, and essentially the entire  
HCI lost storage, even if these compute nodes didn't add bricks to  
the Gluster at all. In fact the compute nodes probably shouldn't  
have even participated in the Gluster, since they were only clients,  
but the Cockpit wizard added them anyway.


I believe this is because HCI is designed to support adding extra  
nodes in sets of three e.g. for a 9-node setup, which should be  
really nice with 7+2 disperse encoding.


I didn't dare reproduce the situation intentionally, but if you  
should come across this, perhaps you can document and report it. If  
the (most of) extra nodes are permanently running, you don't need to  
worry.


In terms of regaining control, you mostly have to make sure you turn  
the missing nodes back on, oVirt can be astonishingly resilient. If  
you then remove the nodes prior to shutdown, the quorum issue goes  
away.

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:  
https://www.ovirt.org/community/about/community-guidelines/List  
Archives:  
https://lists.ovirt.org/archives/list/users@ovirt.org/message/A4EDM3RYVIYXZ5QAJO4VOYKQUDWYDA4P/

 --
Benedetto Vassallo
Responsabile U.O. Sviluppo e manutenzione dei sistemi
Sistema Informativo di Ateneo
Università degli studi di Palermo

Phone: +3909123860056
Fax: +3909123860880
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/T4FADKGTK2ZTBXYRLAV6JJXI7CXQIK25/

[ovirt-users] How to diable dhcp in ovirt network

[Adam Xu]

Hi everyone

Recently, when I install okd on ovirt. The installation process was 
failed because the vm automatically acquired an IP address from DHCP 
before the installer assigned it.
Our DHCP is enabled by a layer 3 switch, I tried to diable dhcp using 
network filter. but there is no entry related to blocking the DHCP 
feature.  Is there any way for ovirt to disable DHCP?


--
Adam Xu

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/EEKZHUOYW5KTKLBEHWVCSHNOMXCXVAVD/

[ovirt-users] PATCH method not allowed in imageio

[Łukasz Kołaciński]

Hello,
Thank you for previous answers. I don't have problems with checkpoints anymore.

I am trying to send PATCH request to imageio but it seems like I don't have 
write access. In the documentation I saw that it must be a RAW format. I think 
I am missing something else.

OPTIONS Request:
{
"features": [
"extents"
],
"max_readers": 8,
"max_writers": 8
}
Allow: OPTIONS,GET

PATCH Request:
You are not allowed to access this resource: Ticket 
485493df-b07a-495c-8aa3-824aad45b4ab forbids write

I created transfer using java sdk:
ImageTransfer imageTransfer = 
connection.getImageTransfersSvc().addForDisk().imageTransfer(
imageTransfer()
.direction(direction)
.disk(disk)
.backup(backup)
.inactivityTimeout(120)
.format(DiskFormat.RAW))
.send().imageTransfer();

It's similar to python examples.


Best Regards

Łukasz Kołaciński

Junior Java Developer

e-mail: l.kolacin...@storware.eu





[STORWARE]

ul. Leszno 8/44
01-192 Warszawa
www.storware.eu 

[facebook]

[twitter]

[linkedin]

[Storware_Stopka_09]



Storware Spółka z o.o. nr wpisu do ewidencji KRS dla M.St. Warszawa 000510131 , 
NIP 5213672602. Wiadomość ta jest przeznaczona jedynie dla osoby lub podmiotu, 
który jest jej adresatem i może zawierać poufne i/lub uprzywilejowane 
informacje. Zakazane jest jakiekolwiek przeglądanie, przesyłanie, 
rozpowszechnianie lub inne wykorzystanie tych informacji lub podjęcie 
jakichkolwiek działań odnośnie tych informacji przez osoby lub podmioty inne 
niż zamierzony adresat. Jeżeli Państwo otrzymali przez pomyłkę tę informację 
prosimy o poinformowanie o tym nadawcy i usunięcie tej wiadomości z wszelkich 
komputerów. This message is intended only for the person or entity to which it 
is addressed and may contain confidential and/or privileged material. Any 
review, retransmission, dissemination or other use of, or taking of any action 
in reliance upon, this information by persons or entities other than the 
intended recipient is prohibited. If you have received this message in error, 
please contact the sender and remove the material from all of your computer 
systems.

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/B5F3GMGDN4H7YVVBP55YPVSGJHM4EQYI/

[ovirt-users] Deep dive - oVirt metrics with DWH and Grafana

[Sandro Bonazzola]

The oVirt project is pleased to invite you to ShirlyRadco's  deep dive
session on oVirt metrics with DWH and Grafana in tomorrow, August 10th
2020, premiere on YouTube at
https://www.youtube.com/watch?v=8_JMIlJJ8yc&feature=youtu.be

Regards,
-- 

Sandro Bonazzola

MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV

Red Hat EMEA 

sbona...@redhat.com


*Red Hat respects your work life balance. Therefore there is no need to
answer this email out of your office hours.*
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/HGKUVOUGMFGTETC3NKAOXGTBV2TJEQZ6/

[ovirt-users] ovirt4.4.1 engine Deployment failure

[xilazz]

Hello, everyone
I am using these versions for my test :
- ovirt-engine-appliance-4.4-20200723102445.1.el8.x86_64.rpm
- ovirt-node-ng-installer-4.4.1-2020072310.el8.iso
But I'm always prompted when I'm hosting a cubide-engine deploy :The error was: 
error while evaluating conditional 
((otopi_host_net.ansible_facts.otopi_host_net | length == 0)).The specific 
hints are:fatal: [localhost]: FAILED! => {"msg": "The conditional check 
'(otopi_host_net.ansible_facts.otopi_host_net | length == 0)' failed. The error 
was: error while evaluating conditional 
((otopi_host_net.ansible_facts.otopi_host_net | length == 0)): 'list object' 
has no attribute 'ansible_facts'\n\nThe error appears to be in 
'/usr/share/ansible/roles/ovirt.hosted_engine_setup/tasks/filter_team_devices.yml':
 line 29, column 13, but may\nbe elsewhere in the file depending on the exact 
syntax problem.\n\nThe offending line appears to be:\n\n- debug: 
var=otopi_host_net\n^ here\n\nThere appears to be both 'k=v' 
shorthand syntax and YAML in this task. Only one syntax may be used.\n"}
[ ERROR ] Failed to execute stage 'Environment customization': Failed executing 
ansible-playbook
The test machine node has four network CARDS, but I haven't configured the 
team. I don't know why, it has been suffering for several days.I don't know if 
you've ever been in a situation like this, other than installing a lower 
version.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ASHEIGQTLEN6VMC2FZJ2HYPMT3G7443K/