[ovirt-users] Re: OVN Geneve tunnels not been established

[Dumitru Ceara]

On 9/30/20 3:41 PM, Konstantinos Betsis wrote:
> From the configuration I can see only three nodes.
> "Encap":{
> #dc01-node02
> "da8fb1dc-f832-4d62-a01d-2e5aef018c8d":{"ip":"10.137.156.56","chassis_name":"be3abcc9-7358-4040-a37b-8d8a782f239c","options":["map",[["csum","true"]]],"type":"geneve"},
> #dc01-node01
> "4808bd8f-7e46-4f29-9a96-046bb580f0c5":{"ip":"10.137.156.55","chassis_name":"95ccb04a-3a08-4a62-8bc0-b8a7a42956f8","options":["map",[["csum","true"]]],"type":"geneve"},
> #dc02-node01
> "f20b33ae-5a6b-456c-b9cb-2e4d8b54d8be":{"ip":"192.168.121.164","chassis_name":"c4b23834-aec7-4bf8-8be7-aa94a50a6144","options":["map",[["csum","true"]]],"type":"geneve"}}
> 
> So I don't understand why the dc01-node02 tries to establish a tunnel
> with itself.
> 
> Is there a way for ovn to refresh according to Ovirt network database as
> to not affect VM networks?
> 
> On Wed, Sep 30, 2020 at 2:33 PM Konstantinos Betsis  > wrote:
> 
> Sure
> 
> I've attached it for easier reference.
> 
> On Wed, Sep 30, 2020 at 2:21 PM Dominik Holler  > wrote:
> 
> 
> 
> On Wed, Sep 30, 2020 at 1:16 PM Konstantinos Betsis
> mailto:k.bet...@gmail.com>> wrote:
> 
> Hi Dominik
> 
> The DC01-node02 was formatted and reinstalled and then
> attached to ovirt environment.
> Unfortunately we exhibit the same issue.
> The new DC01-node02 tries to establish geneve tunnels to his
> own IP. 
> 
> [root@dc01-node02 ~]# ovs-vsctl show
> eff2663e-cb10-41b0-93ba-605bb5c7bd78
>     Bridge br-int
>         fail_mode: secure
>         Port "ovn-95ccb0-0"
>             Interface "ovn-95ccb0-0"
>                 type: geneve
>                 options: {csum="true", key=flow,
> remote_ip="dc01-node01_IP"}
>         Port "ovn-be3abc-0"
>             Interface "ovn-be3abc-0"
>                 type: geneve
>                 options: {csum="true", key=flow,
> remote_ip="dc01-node02_IP"}
>         Port "ovn-c4b238-0"
>             Interface "ovn-c4b238-0"
>                 type: geneve
>                 options: {csum="true", key=flow,
> remote_ip="dc02-node01_IP"}
>         Port br-int
>             Interface br-int
>                 type: internal
>     ovs_version: "2.11.0"
> 
> 
> Is there a way to fix this on the Ovirt engine since this is
> where the information resides?
> Something is broken there.
> 
> 
> I suspect that there is an inconsistency in the OVN SB DB.
> Is there a way to share your /var/lib/openvswitch/ovnsb_db.db
> with us?
>  
> 

Hi Konstantinos,

One of the things I noticed in the SB DB you attached is that two of the
chassis records have the same hostname:

$ ovn-sbctl list chassis | grep ams03-hypersec02
hostname: ams03-hypersec02
hostname: ams03-hypersec02

This shouldn't be a major issue but shows a potential misconfiguration
on the nodes. Could you please double check the hostname configuration
of the nodes?

Would it also be possible to attach the openvswitch conf.db from the
three nodes? It should be in /var/lib/openvswitch/conf.db

Thanks,
Dumitru
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/433YGGU6XUXVX7A7JYCMOSHAJ5VW4SUW/

[ovirt-users] Re: OVN Geneve tunnels not been established

[Dumitru Ceara]

On 10/1/20 8:59 AM, Dumitru Ceara wrote:
> On 9/30/20 3:41 PM, Konstantinos Betsis wrote:
>> From the configuration I can see only three nodes.
>> "Encap":{
>> #dc01-node02
>> "da8fb1dc-f832-4d62-a01d-2e5aef018c8d":{"ip":"10.137.156.56","chassis_name":"be3abcc9-7358-4040-a37b-8d8a782f239c","options":["map",[["csum","true"]]],"type":"geneve"},
>> #dc01-node01
>> "4808bd8f-7e46-4f29-9a96-046bb580f0c5":{"ip":"10.137.156.55","chassis_name":"95ccb04a-3a08-4a62-8bc0-b8a7a42956f8","options":["map",[["csum","true"]]],"type":"geneve"},
>> #dc02-node01
>> "f20b33ae-5a6b-456c-b9cb-2e4d8b54d8be":{"ip":"192.168.121.164","chassis_name":"c4b23834-aec7-4bf8-8be7-aa94a50a6144","options":["map",[["csum","true"]]],"type":"geneve"}}
>>
>> So I don't understand why the dc01-node02 tries to establish a tunnel
>> with itself.
>>
>> Is there a way for ovn to refresh according to Ovirt network database as
>> to not affect VM networks?
>>
>> On Wed, Sep 30, 2020 at 2:33 PM Konstantinos Betsis > > wrote:
>>
>> Sure
>>
>> I've attached it for easier reference.
>>
>> On Wed, Sep 30, 2020 at 2:21 PM Dominik Holler > > wrote:
>>
>>
>>
>> On Wed, Sep 30, 2020 at 1:16 PM Konstantinos Betsis
>> mailto:k.bet...@gmail.com>> wrote:
>>
>> Hi Dominik
>>
>> The DC01-node02 was formatted and reinstalled and then
>> attached to ovirt environment.
>> Unfortunately we exhibit the same issue.
>> The new DC01-node02 tries to establish geneve tunnels to his
>> own IP. 
>>
>> [root@dc01-node02 ~]# ovs-vsctl show
>> eff2663e-cb10-41b0-93ba-605bb5c7bd78
>>     Bridge br-int
>>         fail_mode: secure
>>         Port "ovn-95ccb0-0"
>>             Interface "ovn-95ccb0-0"
>>                 type: geneve
>>                 options: {csum="true", key=flow,
>> remote_ip="dc01-node01_IP"}
>>         Port "ovn-be3abc-0"
>>             Interface "ovn-be3abc-0"
>>                 type: geneve
>>                 options: {csum="true", key=flow,
>> remote_ip="dc01-node02_IP"}
>>         Port "ovn-c4b238-0"
>>             Interface "ovn-c4b238-0"
>>                 type: geneve
>>                 options: {csum="true", key=flow,
>> remote_ip="dc02-node01_IP"}
>>         Port br-int
>>             Interface br-int
>>                 type: internal
>>     ovs_version: "2.11.0"
>>
>>
>> Is there a way to fix this on the Ovirt engine since this is
>> where the information resides?
>> Something is broken there.
>>
>>
>> I suspect that there is an inconsistency in the OVN SB DB.
>> Is there a way to share your /var/lib/openvswitch/ovnsb_db.db
>> with us?
>>  
>>
> 
> Hi Konstantinos,
> 
> One of the things I noticed in the SB DB you attached is that two of the
> chassis records have the same hostname:
> 
> $ ovn-sbctl list chassis | grep ams03-hypersec02
> hostname: ams03-hypersec02
> hostname: ams03-hypersec02
> 
> This shouldn't be a major issue but shows a potential misconfiguration
> on the nodes. Could you please double check the hostname configuration
> of the nodes?
> 
> Would it also be possible to attach the openvswitch conf.db from the
> three nodes? It should be in /var/lib/openvswitch/conf.db
> 

Also, it might help pinpoint the issue if we have the ovn-controller
logs from the OVN nodes. They should be in
/var/log/openvswitch/ovn-controller.log

Thanks again,
Dumitru
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/CMVG2VJF3NCJWU54JRJU5KXGWEAEX7HQ/

[ovirt-users] Re: java.lang.reflect.UndeclaredThrowableException - oVirt engine UI

[Artur Socha]

Hi Jeremey,
Could you please post some relevant piece of :

1) HE VM
/var/log/ovirt-engine/engine.log
Plus:
# dnf list --installed | grep ovirt-engine

2) Host with HE VM
/var/log/ovirt-hosted-engine-ha/{agent.log,broker.log}
/var/log/vdsm/vdsm.log
Plus:
$  dnf list --installed | egrep "(vdsm|ovirt-engine-appliance)"

The issue you found in BugZilla seems to be quite old and was fixed in
version 4.1x.

Artur


On Wed, Sep 30, 2020 at 4:36 PM Jeremey Wise  wrote:

> I tried to post on website but .. it did not seem to work... so sorry if
> this is double posting.
>
> oVirt login this AM. accepted username and password but got java error.
>
> Restarted oVirt engine
> ##
>
> hosted-engine --set-maintenance --mode=global
>
> hosted-engine --vm-shutdown
>
> hosted-engine --vm-status
>
> #make sure that the status is shutdown before restarting
>
> hosted-engine --vm-start
>
> hosted-engine --vm-status
>
> #make sure the status is health before leaving maintenance mode
>
> hosted-engine --set-maintenance --mode=none
> ##
> [root@thor ~]# hosted-engine --vm-status
>
>
> --== Host thor.penguinpages.local (id: 1) status ==--
>
> Host ID: 1
> Host timestamp : 65342
> Score  : 3400
> Engine status  : {"vm": "down", "health": "bad",
> "detail": "unknown", "reason": "vm not running on this host"}
> Hostname   : thor.penguinpages.local
> Local maintenance  : False
> stopped: False
> crc32  : 824c29fd
> conf_on_shared_storage : True
> local_conf_timestamp   : 65342
> Status up-to-date  : True
> Extra metadata (valid at timestamp):
> metadata_parse_version=1
> metadata_feature_version=1
> timestamp=65342 (Wed Sep 30 08:11:45 2020)
> host-id=1
> score=3400
> vm_conf_refresh_time=65342 (Wed Sep 30 08:11:45 2020)
> conf_on_shared_storage=True
> maintenance=False
> state=EngineDown
> stopped=False
>
>
> --== Host medusa.penguinpages.local (id: 3) status ==--
>
> Host ID: 3
> Host timestamp : 87556
> Score  : 3400
> Engine status  : {"vm": "up", "health": "good",
> "detail": "Up"}
> Hostname   : medusa.penguinpages.local
> Local maintenance  : False
> stopped: False
> crc32  : 63296a70
> conf_on_shared_storage : True
> local_conf_timestamp   : 87556
> Status up-to-date  : True
> Extra metadata (valid at timestamp):
> metadata_parse_version=1
> metadata_feature_version=1
> timestamp=87556 (Wed Sep 30 08:11:39 2020)
> host-id=3
> score=3400
> vm_conf_refresh_time=87556 (Wed Sep 30 08:11:39 2020)
> conf_on_shared_storage=True
> maintenance=False
> state=EngineUp
> stopped=False
> [root@thor ~]# yum update -y
> Last metadata expiration check: 0:31:17 ago on Wed 30 Sep 2020 09:17:03 AM
> EDT.
> Dependencies resolved.
> Nothing to do.
> Complete!
> [root@thor ~]#
>
>
> Gogled around ..  just found this thread.
> ##
> https://bugzilla.redhat.com/show_bug.cgi?id=1378045
>
>
> # pgadmin connect to ovirte01.penguinpages.com as engine to db engine
> select mac_addr from  vm_interface
> "00:16:3e:57:0d:47"
> "56:6f:86:41:00:01"
> "56:6f:86:41:00:00"
> "56:6f:86:41:00:02"
> "56:6f:86:41:00:03"
> "56:6f:86:41:00:04"
> "56:6f:86:41:00:05"
> "56:6f:86:41:00:15"
>
> "56:6f:86:41:00:16"
> "56:6f:86:41:00:17"
> "56:6f:86:41:00:18"
> "56:6f:86:41:00:19"
>
>
> # Note one field is "null"
>
> Question:
> 1) is this bad?
> 2) How do I fix?
> 3) Any idea on root cause?
>
> --
> p enguinpages
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/DJZ6RCDN6UB4VTACKZN6YVISKQGLCWPH/
>


-- 
Artur Socha
Senior Software Engineer, RHV
Red Hat
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/PA56NRXMCMUMJGQ3QJHIIA2JU2GEDK7V/

[ovirt-users] ldap auth problem after upgrade from 4.4.1 to 4.4.2

[Jiří Sléžka]

Hi,

I just upgraded my HE to 4.4.2 but now I cannot login using my ldap aaa
profile anymore.

We are using Novell/NetIQ E-directory (load ballanced by haproxy,
probably not important...)

In 4.4.1 I was hit by removed TLSv1 (which is the newest protocol
supported by our edir) from default crypto policies but I was able
revert it by

update-crypto-policies --set LEGACY

after upgrade to 4.4.2 the error is

server_error: An error occurred while attempting to connect to server
ldap1.slu.cz:389: IOException(LDAPException(resultCode=91 (connect
error), errorMessage='An error occurred while attempting to establish a
connection to server ldap1.slu.cz/193.84.206.212:389:
SocketException(Network is unreachable (connect failed)),
ldapSDKVersion=4.0.14, revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))

but our ldap server is reachable from ovirt, I tested it via (also ldaps
and startls variants are working)

ldapsearch -H ldap://ldap1.slu.cz -x -D cn=*,ou=**,o=su -w
'' -b 'o=su'

As a workaround I tried to set plain ldap protocol in profile

cat /etc/ovirt-engine/aaa/CRO.properties


include = 

vars.server = ldap1.slu.cz
vars.port = 389
vars.user = cn=*,ou=**,o=su
vars.password = **

pool.default.serverset.single.server = ${global:vars.server}
pool.default.serverset.single.port = ${global:vars.port}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}

pool.default.ssl.startTLS = false
pool.default.ssl.enable = false
#pool.default.ssl.protocol = TLSv1
#pool.default.ssl.startTLSProtocol = TLSv1
#pool.default.ssl.insecure = true

sequence-init.init.100-my-edir-init-vars = my-edir-init-vars
sequence.my-edir-init-vars.010.description = set baseDN
sequence.my-edir-init-vars.010.type = var-set
sequence.my-edir-init-vars.010.var-set.variable = simple_baseDN
sequence.my-edir-init-vars.010.var-set.value = o=su

#search.default.search-request.derefPolicy = ALWAYS


but the error is the same...

ovirt-engine-extensions-tool aaa login-user --profile=CRO
--user-name=my_user


WARNING: [ovirt-engine-extension-aaa-ldap.authn::SU-LDAP-authentication]
TLS/SSL insecure mode
...
WARNING: [ovirt-engine-extension-aaa-ldap.authn::auth.CRO.slu.cz] Cannot
initialize LDAP framework, deferring initialization. Error: An error
occurred while attempting to connect to server ldap1.slu.cz:389:
IOException(LDAPException(resultCode=91 (connect error),
errorMessage='An error occurred while attempting to establish a
connection to server ldap1.slu.cz/193.84.206.212:389:
SocketException(Network is unreachable (connect failed)),
ldapSDKVersion=4.0.14, revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))
...
INFO: API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS
profile='CRO' user='my_user'
Password:
...
WARNING: [ovirt-engine-extension-aaa-ldap.authn::auth.CRO.slu.cz] Cannot
initialize LDAP framework, deferring initialization. Error: An error
occurred while attempting to connect to server ldap1.slu.cz:389:
IOException(LDAPException(resultCode=91 (connect error),
errorMessage='An error occurred while attempting to establish a
connection to server ldap1.slu.cz/193.84.206.212:389:
SocketException(Network is unreachable (connect failed)),
ldapSDKVersion=4.0.14, revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))
Oct 01, 2020 10:57:37 AM
org.ovirt.engine.exttool.core.ExtensionsToolExecutor main
SEVERE: An error occurred while attempting to connect to server
ldap1.slu.cz:389:  IOException(LDAPException(resultCode=91 (connect
error), errorMessage='An error occurred while attempting to establish a
connection to server ldap1.slu.cz/193.84.206.212:389:
SocketException(Network is unreachable (connect failed)),
ldapSDKVersion=4.0.14, revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))

debug with tcpdump reveals only that connection is made and there are
only "bindRequest" and "bindResponse success" messages visible (with
correct tcp handshake and close) and nothing more

any help would be appreciated

Cheers,

Jiri



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/M4MFGXGJ33R5DFX66HHGENOROHGOTF2D/

[ovirt-users] Re: Problem with Cluster-wise BIOS Settings in oVirt 4.4

[thomas]

Que yo sepa, no existe alternativa al reinstalarlo... La maquina de 
manejamiento hereda su configuracion del cluster y en este caso, cuando lo 
tengas cambiado, le falta la hardware virtualizada para arrancar, y como no 
tienes  GUI tampoco lo puedes cambiar... ¡No eres el primero quien haya caido 
en esa trampa! A mí me lo occurió igual...

I had the same issue and I find it much to easy to fall into.

In my case since because on 4.4 the cluster default is on Q35, some of my older 
FX440 based VMs failed to work, because Ethernet devices got renamed on Q35 
"hardware". So I went to change the default config on the cluster to not 
enforce the Q35 base and then ran into the new management engine failing to 
start, because that didn't like the FX440 base hardware it inherited from the 
cluster, even if it had been running as a Q35 machine after installation and 
should perhaps have retained that.

Since oVirt seems to re-synthesize virtual machine hardware on every startup, 
the rules on how the machines are re-constituted perhaps need to be better 
described and controlled, especially in these migration scenarios.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/PPDKVDVBALNHZT5MVFMOLDCDBLFBIYZM/

[ovirt-users] Re: java.lang.reflect.UndeclaredThrowableException - oVirt engine UI

[penguin pages]

Sorry.. this was a duplicate post..  I added this via web browser...  waited 5 
min... it did not show.. so I assumed it failed to post..  so sent again via 
email

https://lists.ovirt.org/archives/list/users@ovirt.org/thread/45KKF5TN5PRQ3R7MDOWIQTSYZXZRVDIZ/

Fixed
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FIPQKLTF7AK2GX2S3F46CJQHBRUFLFVC/

[ovirt-users] Re: CEPH - Opinions and ROI

[penguin pages]

These are all storage rich servers.   

Drives:
USB 3 64GB Boot / OS
512GB SSD (Gluster HCI:  volumes "engine", "data" , "vmstore" "iso" I added 
last one to .. well to learn if I could extend with LVM ;)
1TB SSD: (VDO+Gluster Manual build due to brick and fqdn issues in oVirt,  It 
did import once it was created so that is good.. )
1TB SSD/NVMe: (?? CEPH ??

Goal is I can learn technology and play.. but have several independent volumes 
where I can move important systems to / from / backup so if my playing around 
messes things up.. I have a fall back.

I would try RedHat Container Storage.. but It is a home lab so my budget is all 
used up on hardware and so CentOS.  I am hoping oVirt had a similar setup 
process like " yum install -y gluster-ansible-roles "  but for CEPH.

This video implies something of that ilk exists..  
https://www.youtube.com/watch?v=wIw7RjHPhzsbut  jumps right into 
setup.. and fails to mention "how did you get that plugin in cockpit"... and is 
their an "oVirt" version.


___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5BOD7NGNWF6QVEX2SMUFKXHYNKZITQR4/

[ovirt-users] Re: ldap auth problem after upgrade from 4.4.1 to 4.4.2

[Martin Perina]

Hi,

it seems that you are affected by
https://bugzilla.redhat.com/show_bug.cgi?id=1880149
Could you please try the workaround mentioned there?

Thanks,
Martin


On Thu, Oct 1, 2020 at 11:17 AM Jiří Sléžka  wrote:

> Hi,
>
> I just upgraded my HE to 4.4.2 but now I cannot login using my ldap aaa
> profile anymore.
>
> We are using Novell/NetIQ E-directory (load ballanced by haproxy,
> probably not important...)
>
> In 4.4.1 I was hit by removed TLSv1 (which is the newest protocol
> supported by our edir) from default crypto policies but I was able
> revert it by
>
> update-crypto-policies --set LEGACY
>
> after upgrade to 4.4.2 the error is
>
> server_error: An error occurred while attempting to connect to server
> ldap1.slu.cz:389: IOException(LDAPException(resultCode=91 (connect
> error), errorMessage='An error occurred while attempting to establish a
> connection to server ldap1.slu.cz/193.84.206.212:389:
> SocketException(Network is unreachable (connect failed)),
> ldapSDKVersion=4.0.14, revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))
>
> but our ldap server is reachable from ovirt, I tested it via (also ldaps
> and startls variants are working)
>
> ldapsearch -H ldap://ldap1.slu.cz -x -D cn=*,ou=**,o=su -w
> '' -b 'o=su'
>
> As a workaround I tried to set plain ldap protocol in profile
>
> cat /etc/ovirt-engine/aaa/CRO.properties
>
>
> include = 
>
> vars.server = ldap1.slu.cz
> vars.port = 389
> vars.user = cn=*,ou=**,o=su
> vars.password = **
>
> pool.default.serverset.single.server = ${global:vars.server}
> pool.default.serverset.single.port = ${global:vars.port}
> pool.default.auth.simple.bindDN = ${global:vars.user}
> pool.default.auth.simple.password = ${global:vars.password}
>
> pool.default.ssl.startTLS = false
> pool.default.ssl.enable = false
> #pool.default.ssl.protocol = TLSv1
> #pool.default.ssl.startTLSProtocol = TLSv1
> #pool.default.ssl.insecure = true
>
> sequence-init.init.100-my-edir-init-vars = my-edir-init-vars
> sequence.my-edir-init-vars.010.description = set baseDN
> sequence.my-edir-init-vars.010.type = var-set
> sequence.my-edir-init-vars.010.var-set.variable = simple_baseDN
> sequence.my-edir-init-vars.010.var-set.value = o=su
>
> #search.default.search-request.derefPolicy = ALWAYS
>
>
> but the error is the same...
>
> ovirt-engine-extensions-tool aaa login-user --profile=CRO
> --user-name=my_user
>
> 
> WARNING: [ovirt-engine-extension-aaa-ldap.authn::SU-LDAP-authentication]
> TLS/SSL insecure mode
> ...
> WARNING: [ovirt-engine-extension-aaa-ldap.authn::auth.CRO.slu.cz] Cannot
> initialize LDAP framework, deferring initialization. Error: An error
> occurred while attempting to connect to server ldap1.slu.cz:389:
> IOException(LDAPException(resultCode=91 (connect error),
> errorMessage='An error occurred while attempting to establish a
> connection to server ldap1.slu.cz/193.84.206.212:389:
> SocketException(Network is unreachable (connect failed)),
> ldapSDKVersion=4.0.14, revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))
> ...
> INFO: API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS
> profile='CRO' user='my_user'
> Password:
> ...
> WARNING: [ovirt-engine-extension-aaa-ldap.authn::auth.CRO.slu.cz] Cannot
> initialize LDAP framework, deferring initialization. Error: An error
> occurred while attempting to connect to server ldap1.slu.cz:389:
> IOException(LDAPException(resultCode=91 (connect error),
> errorMessage='An error occurred while attempting to establish a
> connection to server ldap1.slu.cz/193.84.206.212:389:
> SocketException(Network is unreachable (connect failed)),
> ldapSDKVersion=4.0.14, revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))
> Oct 01, 2020 10:57:37 AM
> org.ovirt.engine.exttool.core.ExtensionsToolExecutor main
> SEVERE: An error occurred while attempting to connect to server
> ldap1.slu.cz:389:  IOException(LDAPException(resultCode=91 (connect
> error), errorMessage='An error occurred while attempting to establish a
> connection to server ldap1.slu.cz/193.84.206.212:389:
> SocketException(Network is unreachable (connect failed)),
> ldapSDKVersion=4.0.14, revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))
>
> debug with tcpdump reveals only that connection is made and there are
> only "bindRequest" and "bindResponse success" messages visible (with
> correct tcp handshake and close) and nothing more
>
> any help would be appreciated
>
> Cheers,
>
> Jiri
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/M4MFGXGJ33R5DFX66HHGENOROHGOTF2D/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mail

[ovirt-users] ovirt-node-4.4.2 grub is not reading new grub.cfg at boot

[Mike Lindsay]

Hey Folks,

I've got a bit of a strange one here. I downloaded and installed
ovirt-node-ng-installer-4.4.2-2020091810.el8.iso today on an old dev
laptop and to get it to install I needed to add acpi=off to the kernel
boot param to get the installing to work (known issue with my old
laptop). After installation it was still booting with acpi=off, no
biggie (seen that happen with Centos 5,6,7 before on occasion) right,
just change the line in /etc/defaults/grub and run grub2-mkconfig (ran
for both efi and legacy for good measure even knowing EFI isn't used)
and reboot...done this hundreds of times without any problems.

But this time after rebooting if I hit 'e' to look at the kernel
params on boot, acpi=off is still there. Basically any changes to
/etc/default/grub are being ignored or over-ridden but I'll be damned
if I can't find where.

I know I'm missing something simple here, I do this all the time but
to be honest this is the first Centos 8 based install I've had time to
play with. Any suggestions would be greatly appreciated.

The drive layout is a bit weird but had no issues running fedora or
centos in the past. boot drive is a mSATA (/dev/sdb) and there is a
SSD data drive at /dev/sda...having sda installed or removed makes no
difference and /boot is mounted where it should /dev/sdb1very
strange

Cheers,
Mike

[root@ovirt-node01 ~]# cat /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX='crashkernel=auto resume=/dev/mapper/onn-swap
rd.lvm.lv=onn/ovirt-node-ng-4.4.2-0.20200918.0+1 rd.lvm.lv=onn/swap
noapic rhgb quiet'
GRUB_DISABLE_RECOVERY="true"
GRUB_ENABLE_BLSCFG=true
GRUB_DISABLE_OS_PROBER='true'



[root@ovirt-node01 ~]# cat /boot/grub2/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub2-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
set pager=1

if [ -f ${config_directory}/grubenv ]; then
  load_env -f ${config_directory}/grubenv
elif [ -s $prefix/grubenv ]; then
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="${saved_entry}"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
  fi
}

function load_video {
  if [ x$feature_all_video_module = xy ]; then
insmod all_video
  else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
  fi
}

terminal_output console
if [ x$feature_timeout_style = xy ] ; then
  set timeout_style=menu
  set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
  set timeout=5
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/00_tuned ###
set tuned_params=""
set tuned_initrd=""
### END /etc/grub.d/00_tuned ###

### BEGIN /etc/grub.d/01_users ###
if [ -f ${prefix}/user.cfg ]; then
  source ${prefix}/user.cfg
  if [ -n "${GRUB2_PASSWORD}" ]; then
set superusers="root"
export superusers
password_pbkdf2 root ${GRUB2_PASSWORD}
  fi
fi
### END /etc/grub.d/01_users ###

### BEGIN /etc/grub.d/08_fallback_counting ###
insmod increment
# Check if boot_counter exists and boot_success=0 to activate this behaviour.
if [ -n "${boot_counter}" -a "${boot_success}" = "0" ]; then
  # if countdown has ended, choose to boot rollback deployment,
  # i.e. default=1 on OSTree-based systems.
  if  [ "${boot_counter}" = "0" -o "${boot_counter}" = "-1" ]; then
set default=1
set boot_counter=-1
  # otherwise decrement boot_counter
  else
decrement boot_counter
  fi
  save_env boot_counter
fi
### END /etc/grub.d/08_fallback_counting ###

### BEGIN /etc/grub.d/10_linux ###
insmod part_msdos
insmod ext2
set root='hd1,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd1,msdos1
--hint-efi=hd1,msdos1 --hint-baremetal=ahci1,msdos1
b6557c59-e11f-471b-8cb1-70c47b0b4b29
else
  search --no-floppy --fs-uuid --set=root b6557c59-e11f-471b-8cb1-70c47b0b4b29
fi
insmod part_msdos
insmod ext2
set boot='hd1,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=boot --hint-bios=hd1,msdos1
--hint-efi=hd1,msdos1 --hint-baremetal=ahci1,msdos1
b6557c59-e11f-471b-8cb1-70c47b0b4b29
else
  search --no-floppy --fs-uuid --set=boot b6557c59-e11f-471b-8cb1-70c47b0b4b29
fi

# This section was generated by a script. Do not modify the generated
file - a

[ovirt-users] Re: ldap auth problem after upgrade from 4.4.1 to 4.4.2

[Jiří Sléžka]

Hi,

On 10/1/20 2:53 PM, Martin Perina wrote:
> Hi,
> 
> it seems that you are affected by
> https://bugzilla.redhat.com/show_bug.cgi?id=1880149
> Could you please try the workaround mentioned there?

bingo! Thanks a lot!

It is interesting behavior as my engine has no public ipv6 address (ipv6
is set to ignore in nm).

also

[root@ovirt ~]# ping6 google.com
connect: Network is unreachable

but ok, problem is solved :-)

Jiri


> 
> Thanks,
> Martin
> 
> 
> On Thu, Oct 1, 2020 at 11:17 AM Jiří Sléžka  > wrote:
> 
> Hi,
> 
> I just upgraded my HE to 4.4.2 but now I cannot login using my ldap aaa
> profile anymore.
> 
> We are using Novell/NetIQ E-directory (load ballanced by haproxy,
> probably not important...)
> 
> In 4.4.1 I was hit by removed TLSv1 (which is the newest protocol
> supported by our edir) from default crypto policies but I was able
> revert it by
> 
> update-crypto-policies --set LEGACY
> 
> after upgrade to 4.4.2 the error is
> 
> server_error: An error occurred while attempting to connect to server
> ldap1.slu.cz:389 :
> IOException(LDAPException(resultCode=91 (connect
> error), errorMessage='An error occurred while attempting to establish a
> connection to server ldap1.slu.cz/193.84.206.212:389
> :
> SocketException(Network is unreachable (connect failed)),
> ldapSDKVersion=4.0.14,
> revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))
> 
> but our ldap server is reachable from ovirt, I tested it via (also ldaps
> and startls variants are working)
> 
> ldapsearch -H ldap://ldap1.slu.cz  -x -D
> cn=*,ou=**,o=su -w
> '' -b 'o=su'
> 
> As a workaround I tried to set plain ldap protocol in profile
> 
> cat /etc/ovirt-engine/aaa/CRO.properties
> 
> 
> include = 
> 
> vars.server = ldap1.slu.cz 
> vars.port = 389
> vars.user = cn=*,ou=**,o=su
> vars.password = **
> 
> pool.default.serverset.single.server = ${global:vars.server}
> pool.default.serverset.single.port = ${global:vars.port}
> pool.default.auth.simple.bindDN = ${global:vars.user}
> pool.default.auth.simple.password = ${global:vars.password}
> 
> pool.default.ssl.startTLS = false
> pool.default.ssl.enable = false
> #pool.default.ssl.protocol = TLSv1
> #pool.default.ssl.startTLSProtocol = TLSv1
> #pool.default.ssl.insecure = true
> 
> sequence-init.init.100-my-edir-init-vars = my-edir-init-vars
> sequence.my-edir-init-vars.010.description = set baseDN
> sequence.my-edir-init-vars.010.type = var-set
> sequence.my-edir-init-vars.010.var-set.variable = simple_baseDN
> sequence.my-edir-init-vars.010.var-set.value = o=su
> 
> #search.default.search-request.derefPolicy = ALWAYS
> 
> 
> but the error is the same...
> 
> ovirt-engine-extensions-tool aaa login-user --profile=CRO
> --user-name=my_user
> 
> 
> WARNING: [ovirt-engine-extension-aaa-ldap.authn::SU-LDAP-authentication]
> TLS/SSL insecure mode
> ...
> WARNING: [ovirt-engine-extension-aaa-ldap.authn::auth.CRO.slu.cz
> ] Cannot
> initialize LDAP framework, deferring initialization. Error: An error
> occurred while attempting to connect to server ldap1.slu.cz:389
> :
> IOException(LDAPException(resultCode=91 (connect error),
> errorMessage='An error occurred while attempting to establish a
> connection to server ldap1.slu.cz/193.84.206.212:389
> :
> SocketException(Network is unreachable (connect failed)),
> ldapSDKVersion=4.0.14,
> revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))
> ...
> INFO: API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS
> profile='CRO' user='my_user'
> Password:
> ...
> WARNING: [ovirt-engine-extension-aaa-ldap.authn::auth.CRO.slu.cz
> ] Cannot
> initialize LDAP framework, deferring initialization. Error: An error
> occurred while attempting to connect to server ldap1.slu.cz:389
> :
> IOException(LDAPException(resultCode=91 (connect error),
> errorMessage='An error occurred while attempting to establish a
> connection to server ldap1.slu.cz/193.84.206.212:389
> :
> SocketException(Network is unreachable (connect failed)),
> ldapSDKVersion=4.0.14,
> revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))
> Oct 01, 2020 10:57:37 AM
> org.ovirt.engine.exttool.core.ExtensionsToolExecutor main
> SEVERE: An error occurred while attempting to connect to server
> ldap1.slu.cz:389 : 
> IOException(LDAPException(resultCode=91 (connect
> error), err

[ovirt-users] Re: ovirt-node-4.4.2 grub is not reading new grub.cfg at boot

[Amit Bawer]

On Thu, Oct 1, 2020 at 4:12 PM Mike Lindsay  wrote:

> Hey Folks,
>
> I've got a bit of a strange one here. I downloaded and installed
> ovirt-node-ng-installer-4.4.2-2020091810.el8.iso today on an old dev
> laptop and to get it to install I needed to add acpi=off to the kernel
> boot param to get the installing to work (known issue with my old
> laptop). After installation it was still booting with acpi=off, no
> biggie (seen that happen with Centos 5,6,7 before on occasion) right,
> just change the line in /etc/defaults/grub and run grub2-mkconfig (ran
> for both efi and legacy for good measure even knowing EFI isn't used)
> and reboot...done this hundreds of times without any problems.
>
> But this time after rebooting if I hit 'e' to look at the kernel
> params on boot, acpi=off is still there. Basically any changes to
> /etc/default/grub are being ignored or over-ridden but I'll be damned
> if I can't find where.
>

According to RHEL information [1] you should be using "grubby" to update
grub parameters,
in your case:

# *grubby --args=acpi=off --update-kernel=ALL*

more acpi=off info in [2]

[1]
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/managing_monitoring_and_updating_the_kernel/configuring-kernel-command-line-parameters_managing-monitoring-and-updating-the-kernel
[2]
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/high_availability_add-on_reference/s1-acpi-ca


> I know I'm missing something simple here, I do this all the time but
> to be honest this is the first Centos 8 based install I've had time to
> play with. Any suggestions would be greatly appreciated.
>
> The drive layout is a bit weird but had no issues running fedora or
> centos in the past. boot drive is a mSATA (/dev/sdb) and there is a
> SSD data drive at /dev/sda...having sda installed or removed makes no
> difference and /boot is mounted where it should /dev/sdb1very
> strange
>
> Cheers,
> Mike
>
> [root@ovirt-node01 ~]# cat /etc/default/grub
> GRUB_TIMEOUT=5
> GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
> GRUB_DEFAULT=saved
> GRUB_DISABLE_SUBMENU=true
> GRUB_TERMINAL_OUTPUT="console"
> GRUB_CMDLINE_LINUX='crashkernel=auto resume=/dev/mapper/onn-swap
> rd.lvm.lv=onn/ovirt-node-ng-4.4.2-0.20200918.0+1 rd.lvm.lv=onn/swap
> noapic rhgb quiet'
> GRUB_DISABLE_RECOVERY="true"
> GRUB_ENABLE_BLSCFG=true
> GRUB_DISABLE_OS_PROBER='true'
>
>
>
> [root@ovirt-node01 ~]# cat /boot/grub2/grub.cfg
> #
> # DO NOT EDIT THIS FILE
> #
> # It is automatically generated by grub2-mkconfig using templates
> # from /etc/grub.d and settings from /etc/default/grub
> #
>
> ### BEGIN /etc/grub.d/00_header ###
> set pager=1
>
> if [ -f ${config_directory}/grubenv ]; then
>   load_env -f ${config_directory}/grubenv
> elif [ -s $prefix/grubenv ]; then
>   load_env
> fi
> if [ "${next_entry}" ] ; then
>set default="${next_entry}"
>set next_entry=
>save_env next_entry
>set boot_once=true
> else
>set default="${saved_entry}"
> fi
>
> if [ x"${feature_menuentry_id}" = xy ]; then
>   menuentry_id_option="--id"
> else
>   menuentry_id_option=""
> fi
>
> export menuentry_id_option
>
> if [ "${prev_saved_entry}" ]; then
>   set saved_entry="${prev_saved_entry}"
>   save_env saved_entry
>   set prev_saved_entry=
>   save_env prev_saved_entry
>   set boot_once=true
> fi
>
> function savedefault {
>   if [ -z "${boot_once}" ]; then
> saved_entry="${chosen}"
> save_env saved_entry
>   fi
> }
>
> function load_video {
>   if [ x$feature_all_video_module = xy ]; then
> insmod all_video
>   else
> insmod efi_gop
> insmod efi_uga
> insmod ieee1275_fb
> insmod vbe
> insmod vga
> insmod video_bochs
> insmod video_cirrus
>   fi
> }
>
> terminal_output console
> if [ x$feature_timeout_style = xy ] ; then
>   set timeout_style=menu
>   set timeout=5
> # Fallback normal timeout code in case the timeout_style feature is
> # unavailable.
> else
>   set timeout=5
> fi
> ### END /etc/grub.d/00_header ###
>
> ### BEGIN /etc/grub.d/00_tuned ###
> set tuned_params=""
> set tuned_initrd=""
> ### END /etc/grub.d/00_tuned ###
>
> ### BEGIN /etc/grub.d/01_users ###
> if [ -f ${prefix}/user.cfg ]; then
>   source ${prefix}/user.cfg
>   if [ -n "${GRUB2_PASSWORD}" ]; then
> set superusers="root"
> export superusers
> password_pbkdf2 root ${GRUB2_PASSWORD}
>   fi
> fi
> ### END /etc/grub.d/01_users ###
>
> ### BEGIN /etc/grub.d/08_fallback_counting ###
> insmod increment
> # Check if boot_counter exists and boot_success=0 to activate this
> behaviour.
> if [ -n "${boot_counter}" -a "${boot_success}" = "0" ]; then
>   # if countdown has ended, choose to boot rollback deployment,
>   # i.e. default=1 on OSTree-based systems.
>   if  [ "${boot_counter}" = "0" -o "${boot_counter}" = "-1" ]; then
> set default=1
> set boot_counter=-1
>   # otherwise decrement boot_counter
>   else
> decrement boot_counter
>   fi
>   save_env boot_

[ovirt-users] Re: Is it possible to change scheduler optimization settings of cluster using ansible or some other automation way

[kushagra2agarwal]

@strahil Nikolov.. ovirt_cluster module don't seems to have flag to change 
scheduler optimisation settings. Can you please double check
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VPCBA5SJSNLUSTWQTEZLYDT5IBNXH3KC/

[ovirt-users] Re: ovirt-node-4.4.2 grub is not reading new grub.cfg at boot

[Mike Lindsay]

Wow, that's annoying...6 hours I spent trying to figure out what was
different with the Centos/RHEL 8 grub.cfg configuration and nothing
popped up about grubby ;p

Thanks very much for that, it's making for an interesting read.

Cheers,
Mike

On Thu, 1 Oct 2020 at 10:10, Amit Bawer  wrote:
>
>
>
> On Thu, Oct 1, 2020 at 4:12 PM Mike Lindsay  wrote:
>>
>> Hey Folks,
>>
>> I've got a bit of a strange one here. I downloaded and installed
>> ovirt-node-ng-installer-4.4.2-2020091810.el8.iso today on an old dev
>> laptop and to get it to install I needed to add acpi=off to the kernel
>> boot param to get the installing to work (known issue with my old
>> laptop). After installation it was still booting with acpi=off, no
>> biggie (seen that happen with Centos 5,6,7 before on occasion) right,
>> just change the line in /etc/defaults/grub and run grub2-mkconfig (ran
>> for both efi and legacy for good measure even knowing EFI isn't used)
>> and reboot...done this hundreds of times without any problems.
>>
>> But this time after rebooting if I hit 'e' to look at the kernel
>> params on boot, acpi=off is still there. Basically any changes to
>> /etc/default/grub are being ignored or over-ridden but I'll be damned
>> if I can't find where.
>
>
> According to RHEL information [1] you should be using "grubby" to update grub 
> parameters,
> in your case:
>
> # grubby --args=acpi=off --update-kernel=ALL
>
> more acpi=off info in [2]
>
> [1] 
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/managing_monitoring_and_updating_the_kernel/configuring-kernel-command-line-parameters_managing-monitoring-and-updating-the-kernel
> [2] 
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/high_availability_add-on_reference/s1-acpi-ca
>
>>
>> I know I'm missing something simple here, I do this all the time but
>> to be honest this is the first Centos 8 based install I've had time to
>> play with. Any suggestions would be greatly appreciated.
>>
>> The drive layout is a bit weird but had no issues running fedora or
>> centos in the past. boot drive is a mSATA (/dev/sdb) and there is a
>> SSD data drive at /dev/sda...having sda installed or removed makes no
>> difference and /boot is mounted where it should /dev/sdb1very
>> strange
>>
>> Cheers,
>> Mike
>>
>> [root@ovirt-node01 ~]# cat /etc/default/grub
>> GRUB_TIMEOUT=5
>> GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
>> GRUB_DEFAULT=saved
>> GRUB_DISABLE_SUBMENU=true
>> GRUB_TERMINAL_OUTPUT="console"
>> GRUB_CMDLINE_LINUX='crashkernel=auto resume=/dev/mapper/onn-swap
>> rd.lvm.lv=onn/ovirt-node-ng-4.4.2-0.20200918.0+1 rd.lvm.lv=onn/swap
>> noapic rhgb quiet'
>> GRUB_DISABLE_RECOVERY="true"
>> GRUB_ENABLE_BLSCFG=true
>> GRUB_DISABLE_OS_PROBER='true'
>>
>>
>>
>> [root@ovirt-node01 ~]# cat /boot/grub2/grub.cfg
>> #
>> # DO NOT EDIT THIS FILE
>> #
>> # It is automatically generated by grub2-mkconfig using templates
>> # from /etc/grub.d and settings from /etc/default/grub
>> #
>>
>> ### BEGIN /etc/grub.d/00_header ###
>> set pager=1
>>
>> if [ -f ${config_directory}/grubenv ]; then
>>   load_env -f ${config_directory}/grubenv
>> elif [ -s $prefix/grubenv ]; then
>>   load_env
>> fi
>> if [ "${next_entry}" ] ; then
>>set default="${next_entry}"
>>set next_entry=
>>save_env next_entry
>>set boot_once=true
>> else
>>set default="${saved_entry}"
>> fi
>>
>> if [ x"${feature_menuentry_id}" = xy ]; then
>>   menuentry_id_option="--id"
>> else
>>   menuentry_id_option=""
>> fi
>>
>> export menuentry_id_option
>>
>> if [ "${prev_saved_entry}" ]; then
>>   set saved_entry="${prev_saved_entry}"
>>   save_env saved_entry
>>   set prev_saved_entry=
>>   save_env prev_saved_entry
>>   set boot_once=true
>> fi
>>
>> function savedefault {
>>   if [ -z "${boot_once}" ]; then
>> saved_entry="${chosen}"
>> save_env saved_entry
>>   fi
>> }
>>
>> function load_video {
>>   if [ x$feature_all_video_module = xy ]; then
>> insmod all_video
>>   else
>> insmod efi_gop
>> insmod efi_uga
>> insmod ieee1275_fb
>> insmod vbe
>> insmod vga
>> insmod video_bochs
>> insmod video_cirrus
>>   fi
>> }
>>
>> terminal_output console
>> if [ x$feature_timeout_style = xy ] ; then
>>   set timeout_style=menu
>>   set timeout=5
>> # Fallback normal timeout code in case the timeout_style feature is
>> # unavailable.
>> else
>>   set timeout=5
>> fi
>> ### END /etc/grub.d/00_header ###
>>
>> ### BEGIN /etc/grub.d/00_tuned ###
>> set tuned_params=""
>> set tuned_initrd=""
>> ### END /etc/grub.d/00_tuned ###
>>
>> ### BEGIN /etc/grub.d/01_users ###
>> if [ -f ${prefix}/user.cfg ]; then
>>   source ${prefix}/user.cfg
>>   if [ -n "${GRUB2_PASSWORD}" ]; then
>> set superusers="root"
>> export superusers
>> password_pbkdf2 root ${GRUB2_PASSWORD}
>>   fi
>> fi
>> ### END /etc/grub.d/01_users ###
>>
>> ### BEGIN /etc/grub.d/08_fallback_counting ###
>> insmod increment
>> # Check if

[ovirt-users] Re: Power on VM - CLI / API

[Strahil Nikolov via Users]

---
- name: Example
  hosts: localhost
  connection: local
  vars:
    ovirt_auth:
      username: 'admin@internal'
      password: 'pass'
      url: 'https://engine.localdomain/ovirt-engine/api'
      insecure: True
      ca_file: '/root/ansible/engine.ca'
 
  - name: Power on {{ outer_item }} after snapshot restore
    ovirt_vm:
      auth: "{{ ovirt_auth }}"
      state: running
      name: "{{ item }}"
    loop:
     - VM1
     - VM2

Yeah, you have to fix the tabulations (both Ansible and Python are pain in the 
*** )

Best Regards,
Strahil Nikolov







В сряда, 30 септември 2020 г., 21:01:26 Гринуич+3, Jeremey Wise 
 написа: 






Can anyone post link.  (with examples.. as most documentation for oVirt lacks 
this)..  where I can power on a VM via CLI or API.

As of now I cannot login to oVirt-Engine.  No errors when I restart it..  
https://lists.ovirt.org/archives/list/users@ovirt.org/thread/45KKF5TN5PRQ3R7MDOWIQTSYZXZRVDIZ/

BUt... I need to get VMs booted.

I tried to follow:
http://ovirt.github.io/ovirt-engine-api-model/master/
and my server's API web portal
https://ovirte01.penguinpages.local/ovirt-engine/apidoc/#/documents/003_common_concepts

And.. even get POSTMAN (real newbie at that tool but ran into how to add 
exported .pem key from portal to session issues)


# failed CLI example:   Power on VM "ns01"
###  DRAFT :: 2020-09-30

# Get key from oVirt engine and import.  Ex: from ovirte01  into server 'thor

curl -k 
'https://ovirte01.penguinpages.local/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA'
 -o ovirt01_ca.pem

sudo cp ovirt01_ca.pem /etc/pki/ca-trust/source/anchors

sudo update-ca-trust extract

 

openssl s_client -connect ovirte01.penguinpages.local:443 -showcerts < /dev/null

 

# Use key during GET list of VMs  

??  

 curl -X POST https://ovirte01.penguinpages.local/post -H 
/ovirt-engine/api/vms/ns01/start HTTP/1.1 


#

I just need to power on VM


-- 
penguinpages
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UN4AHVRITGBFUJBYATZA2DTUEIJEX6GL/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/V5XQ5LTSLAKLXRUATQOY4PHSFVC3LVQB/

[ovirt-users] Re: VM AutoStart

[Strahil Nikolov via Users]

As I mentioned, I would use systemd service to start the ansible play (or a 
script running it).

Best Regards,
Strahil Nikolov






В сряда, 30 септември 2020 г., 22:15:17 Гринуич+3, Jeremey Wise 
 написа: 





i would like to eventually go ansible route..  and was starting down that 
path but this is fabulous.

I will modify and post how it went.

One question:  How /where do you set this saved new and delicious script so 
once oVirt-engine comes up... it runs?

Thanks

On Wed, Sep 30, 2020 at 2:42 PM Derek Atkins  wrote:
> Hi,
> 
> I had a script based around ovirt-shell which I re-wrote as a script
> around the Python SDK4 which I run on my engine during the startup
> sequence.  The script will wait for the engine to come up and ensure the
> storage domains are up before it tries to start the VMs.  Then it will go
> ahead and start the VMs in the specified order with specified delay and/or
> wait-for-up signal between them.
> 
> You can find my scripts at https://www.ihtfp.org/ovirt/
> 
> Or you can go the ansible route :)
> 
> Enjoy!
> 
> -derek
> 
> On Wed, September 30, 2020 11:21 am, Jeremey Wise wrote:
>> When I have to shut down cluster... ups runs out etc..  I need a sequence
>> set of just a small number of VMs to "autostart"
>>
>> Normally I just use DNS FQND to connect to oVirt engine but as two of my
>> VMs  are a DNS HA cluster..  as well as NTP / SMTP /DHCP etc...  I need
>> those two infrastructure VMs to be auto boot.
>>
>> I looked at HA settings for those VMs but it seems to be watching for
>> pause
>> /resume.. but it does not imply or state auto start on clean first boot.
>>
>> Options?
>>
>>
>> --
>> p enguinpages
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/VAYHFFSANCBRN44ABBTXIYEAR3ZFCP6N/
>>
> 
> 
> -- 
>        Derek Atkins                 617-623-3745
>        de...@ihtfp.com             www.ihtfp.com
>        Computer and Internet Security Consultant
> 
> 
> 


-- 
jeremey.w...@gmail.com
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XGHXJVGACPIPIZB77KSXRFBF7S6VFEI3/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RSWMEE3BLR4JR5AYPYV3PAWN2LJIF6VR/

[ovirt-users] Re: VM AutoStart

[Strahil Nikolov via Users]

In EL 8 , there is no 'default' python. You can use both.

My choice would be ansible because APIs change , but also ansible modules are 
updated. If you create your own script , you will have to take care about the 
updates, while with ansible - you just update the relevan packages :)

Best Regards,
Strahil Nikolov






В сряда, 30 септември 2020 г., 22:55:40 Гринуич+3, Jeremey Wise 
 написа: 






As the three servers are Centos8 minimal installs. + oVirt HCI wizard to keep 
them lean and mean... a couple questions

1) which version of python would I need for this (note in script about python 2 
but isn't that deprecated?)
[root@thor /]# yum install python
Last metadata expiration check: 2:29:38 ago on Wed 30 Sep 2020 01:18:32 PM EDT.
No match for argument: python
There are following alternatives for "python": python2, python36, python38
Error: Unable to find a match: python

2)  When you have three nodes.. one is set to host the ovirt-engine active, and 
another as backup.  If this is added to rc.local.   Of the two nodes hosting HA 
for oVirt-engine.. node which boots first will host (or so it seems). I think 
if I add this to both those hosts .. it will not create issues.  Any thoughts?



On Wed, Sep 30, 2020 at 3:23 PM Derek Atkins  wrote:
> I run it out of rc.local:
> 
> /usr/local/sbin/start_vms.py > /var/log/start_vms 2>&1 &
> 
> The script is smart enough to wait for the engine to be fully active.
> 
> -derek
> 
> On Wed, September 30, 2020 3:11 pm, Jeremey Wise wrote:
>> i would like to eventually go ansible route..  and was starting down that
>> path but this is fabulous.
>>
>> I will modify and post how it went.
>>
>> One question:  How /where do you set this saved new and delicious script
>> so
>> once oVirt-engine comes up... it runs?
>>
>> Thanks
>>
>> On Wed, Sep 30, 2020 at 2:42 PM Derek Atkins  wrote:
>>
>>> Hi,
>>>
>>> I had a script based around ovirt-shell which I re-wrote as a script
>>> around the Python SDK4 which I run on my engine during the startup
>>> sequence.  The script will wait for the engine to come up and ensure the
>>> storage domains are up before it tries to start the VMs.  Then it will
>>> go
>>> ahead and start the VMs in the specified order with specified delay
>>> and/or
>>> wait-for-up signal between them.
>>>
>>> You can find my scripts at https://www.ihtfp.org/ovirt/
>>>
>>> Or you can go the ansible route :)
>>>
>>> Enjoy!
>>>
>>> -derek
>>>
>>> On Wed, September 30, 2020 11:21 am, Jeremey Wise wrote:
>>> > When I have to shut down cluster... ups runs out etc..  I need a
>>> sequence
>>> > set of just a small number of VMs to "autostart"
>>> >
>>> > Normally I just use DNS FQND to connect to oVirt engine but as two of
>>> my
>>> > VMs  are a DNS HA cluster..  as well as NTP / SMTP /DHCP etc...  I
>>> need
>>> > those two infrastructure VMs to be auto boot.
>>> >
>>> > I looked at HA settings for those VMs but it seems to be watching for
>>> > pause
>>> > /resume.. but it does not imply or state auto start on clean first
>>> boot.
>>> >
>>> > Options?
>>> >
>>> >
>>> > --
>>> > p enguinpages
>>> > ___
>>> > Users mailing list -- users@ovirt.org
>>> > To unsubscribe send an email to users-le...@ovirt.org
>>> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
>>> > oVirt Code of Conduct:
>>> > https://www.ovirt.org/community/about/community-guidelines/
>>> > List Archives:
>>> >
>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/VAYHFFSANCBRN44ABBTXIYEAR3ZFCP6N/
>>> >
>>>
>>>
>>> --
>>>        Derek Atkins                 617-623-3745
>>>        de...@ihtfp.com             www.ihtfp.com
>>>        Computer and Internet Security Consultant
> 
>>>
>>>
>>
>> --
>> jeremey.w...@gmail.com
>>
> 
> 
> -- 
>        Derek Atkins                 617-623-3745
>        de...@ihtfp.com             www.ihtfp.com
>        Computer and Internet Security Consultant
> 
> 


-- 
jeremey.w...@gmail.com
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RDGSTXC5NEQD2NVRZHG4JP24EQDBRPSM/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YFFCVSDS5JOTDV567FOJGLEODUAM5R4B/

[ovirt-users] Re: CEPH - Opinions and ROI

[Strahil Nikolov via Users]

CEPH requires at least 4 nodes to be "good".
I know that Gluster is not the "favourite child" for most vendors, yet it is 
still optimal for HCI.

You can check 
https://www.ovirt.org/develop/release-management/features/storage/cinder-integration.html
 for cinder integration.

Best Regards,
Strahil Nikolov






В четвъртък, 1 октомври 2020 г., 07:36:24 Гринуич+3, Jeremey Wise 
 написа: 






I have for many years used gluster because..well.  3 nodes.. and so long as I 
can pull a drive out.. I can get my data.. and with three copies.. I have much 
higher chance of getting it.

Downsides to gluster: Slower (its my home..meh... and I have SSD to avoid MTBF 
issues ) and with VDO.. and thin provisioning.. not had issue.

BUT  gluster seems to be falling out of favor.  Especially as I move 
towards OCP.

So..  CEPH.  I have one SSD in each of the three servers.  so I have some space 
to play.

I googled around.. and find no clean deployment notes and guides on CEPH + 
oVirt.

Comments or ideas..

-- 
penguinpages.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UTKROHYPKJOXJKAJPRL37IETMELMXCPD/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GLVKY6ATXLZNXCFRE6HGRBCXYLPVPU7K/

[ovirt-users] Re: ovirt-node-4.4.2 grub is not reading new grub.cfg at boot

[Strahil Nikolov via Users]

Either use 'grub2-editenv' or 'grub2-editenv - unset kernelopts' + 
'grub2-mkconfig -o /boot/grub2/grub.cfg'

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/managing_monitoring_and_updating_the_kernel/configuring-kernel-command-line-parameters_managing-monitoring-and-updating-the-kernel
 

https://access.redhat.com/solutions/3710121

Best Regards,
Strahil Nikolov





В четвъртък, 1 октомври 2020 г., 16:12:52 Гринуич+3, Mike Lindsay 
 написа: 





Hey Folks,

I've got a bit of a strange one here. I downloaded and installed
ovirt-node-ng-installer-4.4.2-2020091810.el8.iso today on an old dev
laptop and to get it to install I needed to add acpi=off to the kernel
boot param to get the installing to work (known issue with my old
laptop). After installation it was still booting with acpi=off, no
biggie (seen that happen with Centos 5,6,7 before on occasion) right,
just change the line in /etc/defaults/grub and run grub2-mkconfig (ran
for both efi and legacy for good measure even knowing EFI isn't used)
and reboot...done this hundreds of times without any problems.

But this time after rebooting if I hit 'e' to look at the kernel
params on boot, acpi=off is still there. Basically any changes to
/etc/default/grub are being ignored or over-ridden but I'll be damned
if I can't find where.

I know I'm missing something simple here, I do this all the time but
to be honest this is the first Centos 8 based install I've had time to
play with. Any suggestions would be greatly appreciated.

The drive layout is a bit weird but had no issues running fedora or
centos in the past. boot drive is a mSATA (/dev/sdb) and there is a
SSD data drive at /dev/sda...having sda installed or removed makes no
difference and /boot is mounted where it should /dev/sdb1very
strange

Cheers,
Mike

[root@ovirt-node01 ~]# cat /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX='crashkernel=auto resume=/dev/mapper/onn-swap
rd.lvm.lv=onn/ovirt-node-ng-4.4.2-0.20200918.0+1 rd.lvm.lv=onn/swap
noapic rhgb quiet'
GRUB_DISABLE_RECOVERY="true"
GRUB_ENABLE_BLSCFG=true
GRUB_DISABLE_OS_PROBER='true'



[root@ovirt-node01 ~]# cat /boot/grub2/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub2-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
set pager=1

if [ -f ${config_directory}/grubenv ]; then
  load_env -f ${config_directory}/grubenv
elif [ -s $prefix/grubenv ]; then
  load_env
fi
if [ "${next_entry}" ] ; then
  set default="${next_entry}"
  set next_entry=
  save_env next_entry
  set boot_once=true
else
  set default="${saved_entry}"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
    saved_entry="${chosen}"
    save_env saved_entry
  fi
}

function load_video {
  if [ x$feature_all_video_module = xy ]; then
    insmod all_video
  else
    insmod efi_gop
    insmod efi_uga
    insmod ieee1275_fb
    insmod vbe
    insmod vga
    insmod video_bochs
    insmod video_cirrus
  fi
}

terminal_output console
if [ x$feature_timeout_style = xy ] ; then
  set timeout_style=menu
  set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
  set timeout=5
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/00_tuned ###
set tuned_params=""
set tuned_initrd=""
### END /etc/grub.d/00_tuned ###

### BEGIN /etc/grub.d/01_users ###
if [ -f ${prefix}/user.cfg ]; then
  source ${prefix}/user.cfg
  if [ -n "${GRUB2_PASSWORD}" ]; then
    set superusers="root"
    export superusers
    password_pbkdf2 root ${GRUB2_PASSWORD}
  fi
fi
### END /etc/grub.d/01_users ###

### BEGIN /etc/grub.d/08_fallback_counting ###
insmod increment
# Check if boot_counter exists and boot_success=0 to activate this behaviour.
if [ -n "${boot_counter}" -a "${boot_success}" = "0" ]; then
  # if countdown has ended, choose to boot rollback deployment,
  # i.e. default=1 on OSTree-based systems.
  if  [ "${boot_counter}" = "0" -o "${boot_counter}" = "-1" ]; then
    set default=1
    set boot_counter=-1
  # otherwise decrement boot_counter
  else
    decrement boot_counter
  fi
  save_env boot_counter
fi
### END /etc/grub.d/08_fallback_counting ###

### BEGIN /etc/grub.d/10_linux ###
insmod part_msdos
insmod ext2
set root='hd1,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd1,msdos1
--hint-efi=hd1,msdos1 --hint-baremetal=ahci1,msdos1
b6557c59-e11f-471b-8cb1-70c47b0b4b29
else
  search --no-floppy --f

[ovirt-users] Re: Is it possible to change scheduler optimization settings of cluster using ansible or some other automation way

[Strahil Nikolov via Users]

Based on 
'https://docs.ansible.com/ansible/latest/collections/ovirt/ovirt/ovirt_cluster_module.html'
 there is option 'scheduling_policy' & 'scheduling_policy_properties' .

Maybe that was recently introduced.

Best Regards,
Strahil Nikolov






В четвъртък, 1 октомври 2020 г., 17:24:25 Гринуич+3, kushagra2agar...@gmail.com 
 написа: 





@strahil Nikolov.. ovirt_cluster module don't seems to have flag to change 
scheduler optimisation settings. Can you please double check

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VPCBA5SJSNLUSTWQTEZLYDT5IBNXH3KC/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QTHYDMHBOR45L3IW2XEAOYS2XLA7RDDH/

[ovirt-users] Re: OVN Geneve tunnels not been established

[Konstantinos Betsis]

Hi Dimitru

I've seen that as well.
I've deleted the dc01-node2 (ams03-hypersec02) from ovirt.
I've also issued ovs-vsctl emer-reset.

But ovn-sbctl list chassis still depicts the node twice.
The ovs-sbctl show still depicts 3 geneve tunnels from dc01-node2

How, can we fix this?

On Thu, Oct 1, 2020 at 9:59 AM Dumitru Ceara  wrote:

> On 9/30/20 3:41 PM, Konstantinos Betsis wrote:
> > From the configuration I can see only three nodes.
> > "Encap":{
> > #dc01-node02
> >
> "da8fb1dc-f832-4d62-a01d-2e5aef018c8d":{"ip":"10.137.156.56","chassis_name":"be3abcc9-7358-4040-a37b-8d8a782f239c","options":["map",[["csum","true"]]],"type":"geneve"},
> > #dc01-node01
> >
> "4808bd8f-7e46-4f29-9a96-046bb580f0c5":{"ip":"10.137.156.55","chassis_name":"95ccb04a-3a08-4a62-8bc0-b8a7a42956f8","options":["map",[["csum","true"]]],"type":"geneve"},
> > #dc02-node01
> >
> "f20b33ae-5a6b-456c-b9cb-2e4d8b54d8be":{"ip":"192.168.121.164","chassis_name":"c4b23834-aec7-4bf8-8be7-aa94a50a6144","options":["map",[["csum","true"]]],"type":"geneve"}}
> >
> > So I don't understand why the dc01-node02 tries to establish a tunnel
> > with itself.
> >
> > Is there a way for ovn to refresh according to Ovirt network database as
> > to not affect VM networks?
> >
> > On Wed, Sep 30, 2020 at 2:33 PM Konstantinos Betsis  > > wrote:
> >
> > Sure
> >
> > I've attached it for easier reference.
> >
> > On Wed, Sep 30, 2020 at 2:21 PM Dominik Holler  > > wrote:
> >
> >
> >
> > On Wed, Sep 30, 2020 at 1:16 PM Konstantinos Betsis
> > mailto:k.bet...@gmail.com>> wrote:
> >
> > Hi Dominik
> >
> > The DC01-node02 was formatted and reinstalled and then
> > attached to ovirt environment.
> > Unfortunately we exhibit the same issue.
> > The new DC01-node02 tries to establish geneve tunnels to his
> > own IP.
> >
> > [root@dc01-node02 ~]# ovs-vsctl show
> > eff2663e-cb10-41b0-93ba-605bb5c7bd78
> > Bridge br-int
> > fail_mode: secure
> > Port "ovn-95ccb0-0"
> > Interface "ovn-95ccb0-0"
> > type: geneve
> > options: {csum="true", key=flow,
> > remote_ip="dc01-node01_IP"}
> > Port "ovn-be3abc-0"
> > Interface "ovn-be3abc-0"
> > type: geneve
> > options: {csum="true", key=flow,
> > remote_ip="dc01-node02_IP"}
> > Port "ovn-c4b238-0"
> > Interface "ovn-c4b238-0"
> > type: geneve
> > options: {csum="true", key=flow,
> > remote_ip="dc02-node01_IP"}
> > Port br-int
> > Interface br-int
> > type: internal
> > ovs_version: "2.11.0"
> >
> >
> > Is there a way to fix this on the Ovirt engine since this is
> > where the information resides?
> > Something is broken there.
> >
> >
> > I suspect that there is an inconsistency in the OVN SB DB.
> > Is there a way to share your /var/lib/openvswitch/ovnsb_db.db
> > with us?
> >
> >
>
> Hi Konstantinos,
>
> One of the things I noticed in the SB DB you attached is that two of the
> chassis records have the same hostname:
>
> $ ovn-sbctl list chassis | grep ams03-hypersec02
> hostname: ams03-hypersec02
> hostname: ams03-hypersec02
>
> This shouldn't be a major issue but shows a potential misconfiguration
> on the nodes. Could you please double check the hostname configuration
> of the nodes?
>
> Would it also be possible to attach the openvswitch conf.db from the
> three nodes? It should be in /var/lib/openvswitch/conf.db
>
> Thanks,
> Dumitru
>
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FQLPZ67LSGRAJ5LC6INRZG2YM64BJFYC/

[ovirt-users] Re: Is it possible to change scheduler optimization settings of cluster using ansible or some other automation way

[kushagra2agarwal]

@strahil Nikolov - The scheduling_policy' & 'scheduling_policy_properties 
options are not allowing to change 'scheduler optimisation' parameter setting, 
may be i am missing something while trying with these options. 

If okay, can you please double check once.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BELSTPSYUJRNM5DRAOJJ7P7P2PWFDAXU/

[ovirt-users] Re: Is it possible to change scheduler optimization settings of cluster using ansible or some other automation way

[kushagra2agarwal]

@strahil Nikolov  'scheduling_policy' & 'scheduling_policy_properties' options 
in oVirt_Cluster module are not allowing to change scheduler optimisation 
settings. 

If okay can you please double check once.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XX6GCULNXWA5QICGEGEE37QPEAEZEPF5/

[ovirt-users] Re: VM AutoStart

[Gianluca Cecchi]

On Wed, Sep 30, 2020 at 9:14 PM Jeremey Wise  wrote:

> i would like to eventually go ansible route..  and was starting down that
> path but this is fabulous.
>
> I will modify and post how it went.
>
> One question:  How /where do you set this saved new and delicious script
> so once oVirt-engine comes up... it runs?
>
> Thanks
>
>
This was the original thread where Derek discussed about VM autostart:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/2SWGNCELQXAQ6RB6KPQ3RR62G63OLKAS/

And this was my answer regarding the possible Ansible route:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/46MHN2NYGIBP736RICI2EOYQERD7Z27N/

HIH,
Gianluca
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/USJDFFO4U2X5WFQRFKQUMXSXHOOED2ZM/

[ovirt-users] Re: CEPH - Opinions and ROI

[penguin pages]

Thanks for response.

Seems a bit too far into "bleeding edge" .. such that I should kick tires 
virtually vs commuting plugins to oVirt +Gluster where upgrades and other 
issues may happen.   Seems like Alpha stage of  (no thin provisioning, issues 
with deleting volumes, no export / import .. which is a big one for me). 

Do we have a direction where / if it will be more of a first class citizen in 
oVirt?  4.?? 

Maybe others in community have it and it is working for them.  
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/J2NL5C2INUZPQEWIMSQPJIR6STKGQ3IR/

[ovirt-users] Re: OVN Geneve tunnels not been established

[Konstantinos Betsis]

Regarding the ovn-controller logs

2020-10-01T15:51:03.156Z|14143|main|INFO|OVNSB commit failed, force
recompute next time.
2020-10-01T15:51:03.220Z|14144|main|INFO|OVNSB commit failed, force
recompute next time.
2020-10-01T15:51:03.284Z|14145|main|INFO|OVNSB commit failed, force
recompute next time.
2020-10-01T15:51:03.347Z|14146|main|INFO|OVNSB commit failed, force
recompute next time.
2020-10-01T15:51:03.411Z|14147|main|INFO|OVNSB commit failed, force
recompute next time.
2020-10-01T15:51:03.474Z|14148|main|INFO|OVNSB commit failed, force
recompute next time.
2020-10-01T15:51:03.538Z|14149|main|INFO|OVNSB commit failed, force
recompute next time.
2020-10-01T15:51:03.601Z|14150|main|INFO|OVNSB commit failed, force
recompute next time.
2020-10-01T15:51:03.664Z|14151|main|INFO|OVNSB commit failed, force
recompute next time.
2020-10-01T15:51:03.727Z|14152|main|INFO|OVNSB commit failed, force
recompute next time.
2020-10-01T15:51:08.792Z|14153|main|INFO|OVNSB commit failed, force
recompute next time.
2020-10-01T15:51:08.855Z|14154|main|INFO|OVNSB commit failed, force
recompute next time.
2020-10-01T15:51:08.919Z|14155|main|INFO|OVNSB commit failed, force
recompute next time.
2020-10-01T15:51:08.982Z|14156|main|INFO|OVNSB commit failed, force
recompute next time.
2020-10-01T15:51:09.046Z|14157|main|INFO|OVNSB commit failed, force
recompute next time.
2020-10-01T15:51:09.109Z|14158|main|INFO|OVNSB commit failed, force
recompute next time.
2020-10-01T15:51:09.173Z|14159|main|INFO|OVNSB commit failed, force
recompute next time.
2020-10-01T15:51:09.236Z|14160|main|INFO|OVNSB commit failed, force
recompute next time.
2020-10-01T15:51:09.299Z|14161|main|INFO|OVNSB commit failed, force
recompute next time.


I don't think we can see anything more from these.



On Thu, Oct 1, 2020 at 6:12 PM Konstantinos Betsis 
wrote:

> Hi Dimitru
>
> I've seen that as well.
> I've deleted the dc01-node2 (ams03-hypersec02) from ovirt.
> I've also issued ovs-vsctl emer-reset.
>
> But ovn-sbctl list chassis still depicts the node twice.
> The ovs-sbctl show still depicts 3 geneve tunnels from dc01-node2
>
> How, can we fix this?
>
> On Thu, Oct 1, 2020 at 9:59 AM Dumitru Ceara  wrote:
>
>> On 9/30/20 3:41 PM, Konstantinos Betsis wrote:
>> > From the configuration I can see only three nodes.
>> > "Encap":{
>> > #dc01-node02
>> >
>> "da8fb1dc-f832-4d62-a01d-2e5aef018c8d":{"ip":"10.137.156.56","chassis_name":"be3abcc9-7358-4040-a37b-8d8a782f239c","options":["map",[["csum","true"]]],"type":"geneve"},
>> > #dc01-node01
>> >
>> "4808bd8f-7e46-4f29-9a96-046bb580f0c5":{"ip":"10.137.156.55","chassis_name":"95ccb04a-3a08-4a62-8bc0-b8a7a42956f8","options":["map",[["csum","true"]]],"type":"geneve"},
>> > #dc02-node01
>> >
>> "f20b33ae-5a6b-456c-b9cb-2e4d8b54d8be":{"ip":"192.168.121.164","chassis_name":"c4b23834-aec7-4bf8-8be7-aa94a50a6144","options":["map",[["csum","true"]]],"type":"geneve"}}
>> >
>> > So I don't understand why the dc01-node02 tries to establish a tunnel
>> > with itself.
>> >
>> > Is there a way for ovn to refresh according to Ovirt network database as
>> > to not affect VM networks?
>> >
>> > On Wed, Sep 30, 2020 at 2:33 PM Konstantinos Betsis > > > wrote:
>> >
>> > Sure
>> >
>> > I've attached it for easier reference.
>> >
>> > On Wed, Sep 30, 2020 at 2:21 PM Dominik Holler > > > wrote:
>> >
>> >
>> >
>> > On Wed, Sep 30, 2020 at 1:16 PM Konstantinos Betsis
>> > mailto:k.bet...@gmail.com>> wrote:
>> >
>> > Hi Dominik
>> >
>> > The DC01-node02 was formatted and reinstalled and then
>> > attached to ovirt environment.
>> > Unfortunately we exhibit the same issue.
>> > The new DC01-node02 tries to establish geneve tunnels to his
>> > own IP.
>> >
>> > [root@dc01-node02 ~]# ovs-vsctl show
>> > eff2663e-cb10-41b0-93ba-605bb5c7bd78
>> > Bridge br-int
>> > fail_mode: secure
>> > Port "ovn-95ccb0-0"
>> > Interface "ovn-95ccb0-0"
>> > type: geneve
>> > options: {csum="true", key=flow,
>> > remote_ip="dc01-node01_IP"}
>> > Port "ovn-be3abc-0"
>> > Interface "ovn-be3abc-0"
>> > type: geneve
>> > options: {csum="true", key=flow,
>> > remote_ip="dc01-node02_IP"}
>> > Port "ovn-c4b238-0"
>> > Interface "ovn-c4b238-0"
>> > type: geneve
>> > options: {csum="true", key=flow,
>> > remote_ip="dc02-node01_IP"}
>> > Port br-int
>> > Interface br-int
>> >   

[ovirt-users] Re: CEPH - Opinions and ROI

[Philip Brown]

ceph through an iscsi gateway is very.. very.. slow.



- Original Message -
From: "Matthew Stier" 
To: "Jeremey Wise" , "users" 
Sent: Wednesday, September 30, 2020 10:03:34 PM
Subject: [ovirt-users] Re: CEPH - Opinions and ROI

If you can’t go direct, how about round about, with an iSCSI gateway. 



From: Jeremey Wise  
Sent: Wednesday, September 30, 2020 11:33 PM 
To: users  
Subject: [ovirt-users] CEPH - Opinions and ROI 







I have for many years used gluster because..well. 3 nodes.. and so long as I 
can pull a drive out.. I can get my data.. and with three copies.. I have much 
higher chance of getting it. 





Downsides to gluster: Slower (its my home..meh... and I have SSD to avoid MTBF 
issues ) and with VDO.. and thin provisioning.. not had issue. 





BUT gluster seems to be falling out of favor. Especially as I move towards 
OCP. 





So.. CEPH. I have one SSD in each of the three servers. so I have some space to 
play. 





I googled around.. and find no clean deployment notes and guides on CEPH + 
oVirt. 





Comments or ideas.. 





-- 


[ mailto:jeremey.w...@gmail.com | p ] enguinpages. 

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/S4V6NKC62LW42S7UU27KEYRBVB6NFSIS/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/WX6NC2V5LZXPIKCMAISXTIRWEGXLKRHY/

[ovirt-users] Re: CEPH - Opinions and ROI

[Kushwaha, Tarun Kumar]

hi
i am running production with oVirt Ceph HCI last 1 year

https://skyvirt.tech is running over it

i can share how to setup

On Thu, 1 Oct 2020, 21:31 Philip Brown,  wrote:

> ceph through an iscsi gateway is very.. very.. slow.
>
>
>
> - Original Message -
> From: "Matthew Stier" 
> To: "Jeremey Wise" , "users" 
> Sent: Wednesday, September 30, 2020 10:03:34 PM
> Subject: [ovirt-users] Re: CEPH - Opinions and ROI
>
> If you can’t go direct, how about round about, with an iSCSI gateway.
>
>
>
> From: Jeremey Wise 
> Sent: Wednesday, September 30, 2020 11:33 PM
> To: users 
> Subject: [ovirt-users] CEPH - Opinions and ROI
>
>
>
>
>
>
>
> I have for many years used gluster because..well. 3 nodes.. and so long as
> I can pull a drive out.. I can get my data.. and with three copies.. I have
> much higher chance of getting it.
>
>
>
>
>
> Downsides to gluster: Slower (its my home..meh... and I have SSD to avoid
> MTBF issues ) and with VDO.. and thin provisioning.. not had issue.
>
>
>
>
>
> BUT gluster seems to be falling out of favor. Especially as I move
> towards OCP.
>
>
>
>
>
> So.. CEPH. I have one SSD in each of the three servers. so I have some
> space to play.
>
>
>
>
>
> I googled around.. and find no clean deployment notes and guides on CEPH +
> oVirt.
>
>
>
>
>
> Comments or ideas..
>
>
>
>
>
> --
>
>
> [ mailto:jeremey.w...@gmail.com | p ] enguinpages.
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/S4V6NKC62LW42S7UU27KEYRBVB6NFSIS/
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/WX6NC2V5LZXPIKCMAISXTIRWEGXLKRHY/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/B37PZQXQKW6IDVSEWFV5D2OLQOU5P75X/

[ovirt-users] [ANN] oVirt 4.4.3 Third Release Candidate is now available for testing

[Lev Veyde]

oVirt 4.4.3 Third Release Candidate is now available for testing

The oVirt Project is pleased to announce the availability of oVirt 4.4.3
Third Release Candidate for testing, as of October 1st, 2020.

This update is the third in a series of stabilization updates to the 4.4
series.
How to prevent hosts entering emergency mode after upgrade from oVirt 4.4.1

Note: Upgrading from 4.4.2 GA should not require re-doing these steps, if
already performed while upgrading from 4.4.1 to 4.4.2 GA. These are only
required to be done once.

Due to Bug 1837864  -
Host enter emergency mode after upgrading to latest build

If you have your root file system on a multipath device on your hosts you
should be aware that after upgrading from 4.4.1 to 4.4.3 you may get your
host entering emergency mode.

In order to prevent this be sure to upgrade oVirt Engine first, then on
your hosts:

   1.

   Remove the current lvm filter while still on 4.4.1, or in emergency mode
   (if rebooted).
   2.

   Reboot.
   3.

   Upgrade to 4.4.3 (redeploy in case of already being on 4.4.3).
   4.

   Run vdsm-tool config-lvm-filter to confirm there is a new filter in
   place.
   5.

   Only if not using oVirt Node:
   - run "dracut --force --add multipath” to rebuild initramfs with the
   correct filter configuration
   6.

   Reboot.

Documentation

   -

   If you want to try oVirt as quickly as possible, follow the instructions
   on the Download  page.
   -

   For complete installation, administration, and usage instructions, see
   the oVirt Documentation .
   -

   For upgrading from a previous version, see the oVirt Upgrade Guide
   .
   -

   For a general overview of oVirt, see About oVirt
   .

Important notes before you try it

Please note this is a pre-release build.

The oVirt Project makes no guarantees as to its suitability or usefulness.

This pre-release must not be used in production.
Installation instructions

For installation instructions and additional information please refer to:

https://ovirt.org/documentation/

This release is available now on x86_64 architecture for:

* Red Hat Enterprise Linux 8.2 or newer

* CentOS Linux (or similar) 8.2 or newer

This release supports Hypervisor Hosts on x86_64 and ppc64le architectures
for:

* Red Hat Enterprise Linux 8.2 or newer

* CentOS Linux (or similar) 8.2 or newer

* oVirt Node 4.4 based on CentOS Linux 8.2 (available for x86_64 only)

See the release notes [1] for installation instructions and a list of new
features and bugs fixed.

Notes:

- oVirt Appliance is already available for CentOS Linux 8

- oVirt Node NG is already available for CentOS Linux 8

Additional Resources:

* Read more about the oVirt 4.4.3 release highlights:
http://www.ovirt.org/release/4.4.3/

* Get more oVirt project updates on Twitter: https://twitter.com/ovirt

* Check out the latest project news on the oVirt blog:
http://www.ovirt.org/blog/


[1] http://www.ovirt.org/release/4.4.3/

[2] http://resources.ovirt.org/pub/ovirt-4.4-pre/iso/

-- 

Lev Veyde

Senior Software Engineer, RHCE | RHCVA | MCITP

Red Hat Israel



l...@redhat.com | lve...@redhat.com

TRIED. TESTED. TRUSTED. 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/B3BADFS535RN6EKKEGJHDMA2IJVZB3XJ/

[ovirt-users] Re: CEPH - Opinions and ROI

[Erick Perez - Quadrian Enterprises]

@kushwaha jumping into this thread I am also interested in your setup.

Thanks.
Erick


On Thu, Oct 1, 2020 at 11:14 AM Kushwaha, Tarun Kumar <
ta...@synergysystemsindia.com> wrote:

> hi
> i am running production with oVirt Ceph HCI last 1 year
>
> https://skyvirt.tech is running over it
>
> i can share how to setup
>
> On Thu, 1 Oct 2020, 21:31 Philip Brown,  wrote:
>
>> ceph through an iscsi gateway is very.. very.. slow.
>>
>>
>>
>> - Original Message -
>> From: "Matthew Stier" 
>> To: "Jeremey Wise" , "users" 
>> Sent: Wednesday, September 30, 2020 10:03:34 PM
>> Subject: [ovirt-users] Re: CEPH - Opinions and ROI
>>
>> If you can’t go direct, how about round about, with an iSCSI gateway.
>>
>>
>>
>> From: Jeremey Wise 
>> Sent: Wednesday, September 30, 2020 11:33 PM
>> To: users 
>> Subject: [ovirt-users] CEPH - Opinions and ROI
>>
>>
>>
>>
>>
>>
>>
>> I have for many years used gluster because..well. 3 nodes.. and so long
>> as I can pull a drive out.. I can get my data.. and with three copies.. I
>> have much higher chance of getting it.
>>
>>
>>
>>
>>
>> Downsides to gluster: Slower (its my home..meh... and I have SSD to avoid
>> MTBF issues ) and with VDO.. and thin provisioning.. not had issue.
>>
>>
>>
>>
>>
>> BUT gluster seems to be falling out of favor. Especially as I move
>> towards OCP.
>>
>>
>>
>>
>>
>> So.. CEPH. I have one SSD in each of the three servers. so I have some
>> space to play.
>>
>>
>>
>>
>>
>> I googled around.. and find no clean deployment notes and guides on CEPH
>> + oVirt.
>>
>>
>>
>>
>>
>> Comments or ideas..
>>
>>
>>
>>
>>
>> --
>>
>>
>> [ mailto:jeremey.w...@gmail.com | p ] enguinpages.
>>
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/S4V6NKC62LW42S7UU27KEYRBVB6NFSIS/
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/WX6NC2V5LZXPIKCMAISXTIRWEGXLKRHY/
>>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/B37PZQXQKW6IDVSEWFV5D2OLQOU5P75X/
>


-- 

-
Erick Perez
Quadrian Enterprises S.A. - Panama, Republica de Panama
Skype chat: eaperezh
WhatsApp IM: +507-6675-5083
-
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/T7WLJSUL7XCPBYUK4NIKBEWJVETTQE3J/

[ovirt-users] Re: CEPH - Opinions and ROI

[Stack Korora]

On 2020-10-01 04:33, Jeremey Wise wrote:
>
> I have for many years used gluster because..well.  3 nodes.. and so
> long as I can pull a drive out.. I can get my data.. and with three
> copies.. I have much higher chance of getting it.
>
> Downsides to gluster: Slower (its my home..meh... and I have SSD to
> avoid MTBF issues ) and with VDO.. and thin provisioning.. not had issue.
>
> BUT  gluster seems to be falling out of favor.  Especially as I
> move towards OCP.
>
> So..  CEPH.  I have one SSD in each of the three servers.  so I have
> some space to play.
>
> I googled around.. and find no clean deployment notes and guides on
> CEPH + oVirt.
>

Greetings,

First, the legalese...the below is all personal view/experiences...I am
not speaking on my employers behalf on any of it, I just happen to have
most of the experience from my work for them...yadda yadda yadda...blah
blah blah...and so on and so forth. This is all just me and my
thoughts/opinions. :-D

*sigh* It sucks we are in a world where that garbage has to be said when
talking about work-related experiencesAnyway...



We've been running CephFS since Firefly in 2014. Yeah, I know. We were
crazy, but the risk of data loss vs speed was within threshold of what
we were trying to do.

Fast-forward six years and we've got two CephFS clusters as primary
storage for High Performance Clusters where we very much care about
performance AND the risk of data loss. We've also got two deployments of
oVirt with CephFS as the filesystem. In other words, I've got some
experience with this setup and we are /very/ happy with it. :-)

I'm so happy with it, that it is easier/faster for me to list the bad
than to list the good.

1. Red Hat (our OS to satisfy the "enterprise" check-box for the
audit-heads) and I have gone round and round multiple times over the
years. In short, don't expect excellent support out of oVirt for Ceph.
Want to use Ceph via iSCSI or Cinder? Whooo boy do I have some horror
stories for you! One of the many reasons we prefer CephFS. But say that
to them and you get blank looks until they've escalated the ticket
sufficiently high up the chain, and even then it's not reassuring...

However, if you pass CephFS to oVirt as NFS it works...but you don't get
the high-availability nor high-performance aspect of scaling your
metadata nodes when coming from oVirt. You _SHOULD_ scale your metadata
nodes (as with everything in Ceph, scaling in three's is best), but
oVirt won't let you mount "cephmds01,cephmds02,cephmds03". It will
gladly tell you that it works, but the moment you start a VM on it oVirt
freaks out and it has since I reported it years ago (I recently
confirmed this again on 4.4 with CentOS8). But if you just mount
"cephmds01" and then hack around on your IP routes in your switch to
handle the distribution of the data, it's fine. Honestly, even if you
just mount a single host and you /know/ that and you _plan_
upgrades/fails/ect around that, it's still fine. It just really sucks
that RH pushes Ceph and claims it's a valued FS, but then doesn't really
support anything but their cloud variations of Ceph and if you step out
of their very narrow definitions you get a *shrug*.
Sigh...anyway...digressing from that as this isn't the time/place for my
rants. :-D

Point being, if you are going RH don't expect to use any of their helper
scripts or minimal install builds or anything like that. Minimal OS
install, add CephFS drivers, then install oVirt (or...I forget what they
call it..) and configure Ceph like you would NFS. Should be fine
afterwards. But I've rarely found significant differences between the
community version of oVirt and the RH version (when comparing
same/similar versions) including the support for Ceph.

2. We get incredible performance out of Ceph, but it does require
tuning. Ceph crushes the pre-packaged vendors we ran tests against. But
part of the reason is because it is flexible enough that we can swap out
the bits that we need to scale - and we can do that FAR cheaper than the
pre-packaged solutions allow. Yes, in three's for the servers. Three
metadata's, three monitors (we double those two services on the same
servers), and storage in blocks of three. If your SSD's are fast enough,
1 SSD per every two spinning disks is a great ratio. And rebuild times
across the cluster are only as fast as your back-plane so you should
have a dedicated back-plane network in addition to your primary network.
Everyone wants their primary network fast, but your backplane should be
equally fast if not faster (and no, don't add just one "fast" network -
it should be two). So you are going to need to plan and tweak your
install. Just throwing parts at Ceph and expecting it to work will get
you mixed results at best.

3. I'd never run it at my home. My home oVirt system mounts NFS to a ZFS
filesystem. Nothing fancy either. Stripped mirrors ensure good
read/write speed with good fault tolerance. I threw two cheap SSD's as a
log drive and a ca

[ovirt-users] Re: ldap auth problem after upgrade from 4.4.1 to 4.4.2

[Martin Perina]

On Thu, Oct 1, 2020 at 3:18 PM Jiří Sléžka  wrote:

> Hi,
>
> On 10/1/20 2:53 PM, Martin Perina wrote:
> > Hi,
> >
> > it seems that you are affected by
> > https://bugzilla.redhat.com/show_bug.cgi?id=1880149
> > Could you please try the workaround mentioned there?
>
> bingo! Thanks a lot!
>
> It is interesting behavior as my engine has no public ipv6 address (ipv6
> is set to ignore in nm).
>
> also
>
> [root@ovirt ~]# ping6 google.com
> connect: Network is unreachable
>
> but ok, problem is solved :-)
>

Most probably your LDAP server can be resolved to both IPv4 and IPv6
addresses and we choose a random resolved address in aaa-ldap when
connecting. Enabling IPv6 by default was introduced in
https://bugzilla.redhat.com/1726189 but unfortunately we have missed this
scenario (engine IPv4, LDAP dual IPv4/IPv6) during testing ...


> Jiri
>
>
> >
> > Thanks,
> > Martin
> >
> >
> > On Thu, Oct 1, 2020 at 11:17 AM Jiří Sléžka  > > wrote:
> >
> > Hi,
> >
> > I just upgraded my HE to 4.4.2 but now I cannot login using my ldap
> aaa
> > profile anymore.
> >
> > We are using Novell/NetIQ E-directory (load ballanced by haproxy,
> > probably not important...)
> >
> > In 4.4.1 I was hit by removed TLSv1 (which is the newest protocol
> > supported by our edir) from default crypto policies but I was able
> > revert it by
> >
> > update-crypto-policies --set LEGACY
> >
> > after upgrade to 4.4.2 the error is
> >
> > server_error: An error occurred while attempting to connect to server
> > ldap1.slu.cz:389 :
> > IOException(LDAPException(resultCode=91 (connect
> > error), errorMessage='An error occurred while attempting to
> establish a
> > connection to server ldap1.slu.cz/193.84.206.212:389
> > :
> > SocketException(Network is unreachable (connect failed)),
> > ldapSDKVersion=4.0.14,
> > revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))
> >
> > but our ldap server is reachable from ovirt, I tested it via (also
> ldaps
> > and startls variants are working)
> >
> > ldapsearch -H ldap://ldap1.slu.cz  -x -D
> > cn=*,ou=**,o=su -w
> > '' -b 'o=su'
> >
> > As a workaround I tried to set plain ldap protocol in profile
> >
> > cat /etc/ovirt-engine/aaa/CRO.properties
> >
> >
> > include = 
> >
> > vars.server = ldap1.slu.cz 
> > vars.port = 389
> > vars.user = cn=*,ou=**,o=su
> > vars.password = **
> >
> > pool.default.serverset.single.server = ${global:vars.server}
> > pool.default.serverset.single.port = ${global:vars.port}
> > pool.default.auth.simple.bindDN = ${global:vars.user}
> > pool.default.auth.simple.password = ${global:vars.password}
> >
> > pool.default.ssl.startTLS = false
> > pool.default.ssl.enable = false
> > #pool.default.ssl.protocol = TLSv1
> > #pool.default.ssl.startTLSProtocol = TLSv1
> > #pool.default.ssl.insecure = true
> >
> > sequence-init.init.100-my-edir-init-vars = my-edir-init-vars
> > sequence.my-edir-init-vars.010.description = set baseDN
> > sequence.my-edir-init-vars.010.type = var-set
> > sequence.my-edir-init-vars.010.var-set.variable = simple_baseDN
> > sequence.my-edir-init-vars.010.var-set.value = o=su
> >
> > #search.default.search-request.derefPolicy = ALWAYS
> >
> >
> > but the error is the same...
> >
> > ovirt-engine-extensions-tool aaa login-user --profile=CRO
> > --user-name=my_user
> >
> > 
> > WARNING:
> [ovirt-engine-extension-aaa-ldap.authn::SU-LDAP-authentication]
> > TLS/SSL insecure mode
> > ...
> > WARNING: [ovirt-engine-extension-aaa-ldap.authn::auth.CRO.slu.cz
> > ] Cannot
> > initialize LDAP framework, deferring initialization. Error: An error
> > occurred while attempting to connect to server ldap1.slu.cz:389
> > :
> > IOException(LDAPException(resultCode=91 (connect error),
> > errorMessage='An error occurred while attempting to establish a
> > connection to server ldap1.slu.cz/193.84.206.212:389
> > :
> > SocketException(Network is unreachable (connect failed)),
> > ldapSDKVersion=4.0.14,
> > revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))
> > ...
> > INFO: API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS
> > profile='CRO' user='my_user'
> > Password:
> > ...
> > WARNING: [ovirt-engine-extension-aaa-ldap.authn::auth.CRO.slu.cz
> > ] Cannot
> > initialize LDAP framework, deferring initialization. Error: An error
> > occurred while attempting to connect to server ldap1.slu.cz:389
> > :
> > IOException(LDAPException(resultCode=91 (connect error),
> >

[ovirt-users] Connection failed

[info]

Messages related to the failure might be found in the journal "journalctl -u
cockpit" 

 

This is the output

 

node01.xxx.co.za cockpit-tls[8249]: cockpit-tls: gnutls_handshake failed: A
TLS fatal alert has been received.

 

Any suggestion will be appreciated as I struggle for days to get oVirt to
work and I can see it is still a long way for me to get an operational
solution.

 

Henni 

 

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XGVNMZHJOXD6X3TDLNYHOIXN5X5UQPYU/