[ovirt-users] Re: Urgent: Assistance Needed - oVirt Host Unresponsive
HI Nathanaël, Please share the pdf. It may help us. Thanks, Sachendra On Sat, Feb 17, 2024 at 3:12 AM Nathanaël Blanchet wrote: > Please check the validity of your host certificate: > openssl x509 -noout -enddate -in /etc/pki/vdsm/certs/vdsmcert.pem > > The initial solution is there if you have a redhat subscription: > https://access.redhat.com/solutions/3532921 > Follow step by step, this saved my production two years ago. > If you don't have any subscription, I can share you a pdf tutorial. > (I don't know if it is regular to share a solution that need a > subsciption). > > If you are interested in a more automated way, I packaged the above > workaround into an ansible role: > https://galaxy.ansible.com/natman/ovirt_renew_certs > > You will be able to chose the validity length of the new certificate > greater than one year.Once you recovered your host, you may migrate the > running vms, put the concerned host into maintenance and finally re- > enroll the certificate with the regular way. > Good luck, if I managed to do it, you will definitely get success. > > > Le vendredi 16 février 2024 à 23:47 +0530, Sachendra Shukla a écrit : > > Hi all, > > > > The "Installation Enroll Certificates" option is disabled, which is > > preventing us from renewing through the web UI. Kindly suggest an > > alternative solution. > > > > This is crucial for me, so please assist me if you have any > > solutions. > > > > Thanks, > > Sachendra > > following > > > > On Fri, Feb 16, 2024 at 7:44 PM Sachendra Shukla > > wrote: > > > HI Team, > > > > > > I am writing to inform you about an issue we are currently facing > > > with our oVirt host. Unfortunately, the host has become > > > unresponsive, and our attempts to place it in maintenance mode have > > > been unsuccessful. Additionally, when checking the VDSM status, we > > > encountered an error. > > > > > > Here is a snapshot for your reference: > > > > > > image.png > > > VDSM error - > > > > > > image.png > > > -- > > > Regards, > > > Sachendra Shukla > > > > > > Yagna iQ, Inc. and subsidiaries > > > HQ Address: Yagna iQ Inc. 7700 Windrose Ave, Suite G300, Plano, TX > > > 75024, USA 75024, > > > Website: https://yagnaiq.com > > > Contact Customer Support: supp...@yagnaiq.com > > > Privacy Policy: https://www.yagnaiq.com/privacy-policy/ > > > This communication and any attachments may contain confidential > > > information and/or copyright material of Yagna iQ, Inc. > > > All unauthorized use, disclosure or distribution is prohibited. If > > > you are not the intended recipient, please notify Yagna iQ > > > immediately by replying to the email and destroy all copies of this > > > communication. > > > > > > This email has been scanned for all known viruses. The sender does > > > not accept liability for any damage inflicted by viewing the > > > content of this email. > > > > > > > > > -- > > Regards, > > Sachendra Shukla > > > > Yagna iQ, Inc. and subsidiaries > > HQ Address: Yagna iQ Inc. 7700 Windrose Ave, Suite G300, Plano, TX > > 75024, USA 75024, > > Website: https://yagnaiq.com > > Contact Customer Support: supp...@yagnaiq.com > > Privacy Policy: https://www.yagnaiq.com/privacy-policy/ > > This communication and any attachments may contain confidential > > information and/or copyright material of Yagna iQ, Inc. > > All unauthorized use, disclosure or distribution is prohibited. If > > you are not the intended recipient, please notify Yagna iQ > > immediately by replying to the email and destroy all copies of this > > communication. > > > > This email has been scanned for all known viruses. The sender does > > not accept liability for any damage inflicted by viewing the content > > of this email. > > > > ___ > > Users mailing list -- users@ovirt.org > > To unsubscribe send an email to users-le...@ovirt.org > > Privacy Statement: https://www.ovirt.org/privacy-policy.html > > oVirt Code of Conduct: > > https://www.ovirt.org/community/about/community-guidelines/ > > List Archives: > > > https://lists.ovirt.org/archives/list/users@ovirt.org/message/F54UKBZDXPMQFOCE3HRFJOR5MMDFHRSZ/ > > -- > Nathanaël Blanchet > > Administrateur Systèmes et Réseaux > Service Informatique et REseau (SIRE) > Département des systèmes d'information > 227 avenue Professeur-Jean-Louis-Viala > 34193 MONTPELLIER CEDEX 5 > Tél. 33 (0)4 67 54 84 55 > Fax 33 (0)4 67 54 84 14 > blanc...@abes.fr > -- Regards, Sachendra Shukla Yagna iQ, Inc. and subsidiaries HQ Address: Yagna iQ Inc. 7700 Windrose Ave, Suite G300, Plano, TX 75024, USA 75024, Website: https://yagnaiq.com Contact Customer Support: supp...@yagnaiq.com Privacy Policy: https://www.yagnaiq.com/privacy-policy/ *This communication and any attachments may contain confidential information and/or copyright material of Yagna iQ, Inc. * All unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify Yagna iQ immediately by replying to the
[ovirt-users] CentOS Stream 8 EOL: May 31, 2024
It has been announced that End-of-Life for CentOS Stream 8 is May 31st, 2024. See announcement: https://blog.centos.org/2023/04/end-dates-are-coming-for-centos-stream-8-and-centos-linux-7/ What does this mean for the future of the hosted-engine which is still based on CentOS Stream 8 ??? My personal vote for the next OS flavor/version for both the hosted-engine and oVirt Node is Rocky Linux 9. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3LA6WMSFDTO5KJ2SRMDVSNT2R3WAJINV/
[ovirt-users] Re: Urgent: Assistance Needed - oVirt Host Unresponsive
Please check the validity of your host certificate: openssl x509 -noout -enddate -in /etc/pki/vdsm/certs/vdsmcert.pem The initial solution is there if you have a redhat subscription: https://access.redhat.com/solutions/3532921 Follow step by step, this saved my production two years ago. If you don't have any subscription, I can share you a pdf tutorial. (I don't know if it is regular to share a solution that need a subsciption). If you are interested in a more automated way, I packaged the above workaround into an ansible role: https://galaxy.ansible.com/natman/ovirt_renew_certs You will be able to chose the validity length of the new certificate greater than one year.Once you recovered your host, you may migrate the running vms, put the concerned host into maintenance and finally re- enroll the certificate with the regular way. Good luck, if I managed to do it, you will definitely get success. Le vendredi 16 février 2024 à 23:47 +0530, Sachendra Shukla a écrit : > Hi all, > > The "Installation Enroll Certificates" option is disabled, which is > preventing us from renewing through the web UI. Kindly suggest an > alternative solution. > > This is crucial for me, so please assist me if you have any > solutions. > > Thanks, > Sachendra > following > > On Fri, Feb 16, 2024 at 7:44 PM Sachendra Shukla > wrote: > > HI Team, > > > > I am writing to inform you about an issue we are currently facing > > with our oVirt host. Unfortunately, the host has become > > unresponsive, and our attempts to place it in maintenance mode have > > been unsuccessful. Additionally, when checking the VDSM status, we > > encountered an error. > > > > Here is a snapshot for your reference: > > > > image.png > > VDSM error - > > > > image.png > > -- > > Regards, > > Sachendra Shukla > > > > Yagna iQ, Inc. and subsidiaries > > HQ Address: Yagna iQ Inc. 7700 Windrose Ave, Suite G300, Plano, TX > > 75024, USA 75024, > > Website: https://yagnaiq.com > > Contact Customer Support: supp...@yagnaiq.com > > Privacy Policy: https://www.yagnaiq.com/privacy-policy/ > > This communication and any attachments may contain confidential > > information and/or copyright material of Yagna iQ, Inc. > > All unauthorized use, disclosure or distribution is prohibited. If > > you are not the intended recipient, please notify Yagna iQ > > immediately by replying to the email and destroy all copies of this > > communication. > > > > This email has been scanned for all known viruses. The sender does > > not accept liability for any damage inflicted by viewing the > > content of this email. > > > > > -- > Regards, > Sachendra Shukla > > Yagna iQ, Inc. and subsidiaries > HQ Address: Yagna iQ Inc. 7700 Windrose Ave, Suite G300, Plano, TX > 75024, USA 75024, > Website: https://yagnaiq.com > Contact Customer Support: supp...@yagnaiq.com > Privacy Policy: https://www.yagnaiq.com/privacy-policy/ > This communication and any attachments may contain confidential > information and/or copyright material of Yagna iQ, Inc. > All unauthorized use, disclosure or distribution is prohibited. If > you are not the intended recipient, please notify Yagna iQ > immediately by replying to the email and destroy all copies of this > communication. > > This email has been scanned for all known viruses. The sender does > not accept liability for any damage inflicted by viewing the content > of this email. > > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/F54UKBZDXPMQFOCE3HRFJOR5MMDFHRSZ/ -- Nathanaël Blanchet Administrateur Systèmes et Réseaux Service Informatique et REseau (SIRE) Département des systèmes d'information 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanc...@abes.fr ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/KZYHZB3QMBLJQ5UVCYTOQCXK7ZQBRFBJ/
[ovirt-users] Re: Urgent: Assistance Needed - oVirt Host Unresponsive
Hi, > On Feb 16, 2024, at 21:17, Sachendra Shukla > wrote: > > The "Installation Enroll Certificates" option is disabled, which is > preventing us from renewing through the web UI. Kindly suggest an alternative > solution. > > This is crucial for me, so please assist me if you have any solutions. The cert enrollment feature is available, when you put host in maintenance mode [1] [1] https://www.ovirt.org/documentation/administration_guide/index.html#chap-Renewing_certificates_RHV_backup_restore k ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/V3IWRFBEITUEQBCP2W6RG7GBS4FCECZS/
[ovirt-users] Re: Urgent: Assistance Needed - oVirt Host Unresponsive
Hello, It seems that your host ssl certificates validity has expired (about 400 days). The impact is only related to the host<=>engine communication. If you run engine > 4.5, you should easlily renew your host certificate through webUI following: Installation -> Enroll Certificates. Don't worry about any running vms, they won't be interrupted at the hypervisor level. Once the certificates have been renewed, activate your hosts and voila. Le vendredi 16 février 2024 à 19:44 +0530, Sachendra Shukla a écrit : > HI Team, > > I am writing to inform you about an issue we are currently facing > with our oVirt host. Unfortunately, the host has become unresponsive, > and our attempts to place it in maintenance mode have been > unsuccessful. Additionally, when checking the VDSM status, we > encountered an error. > > Here is a snapshot for your reference: > > image.png > VDSM error - > > image.png > -- > Regards, > Sachendra Shukla > > Yagna iQ, Inc. and subsidiaries > HQ Address: Yagna iQ Inc. 7700 Windrose Ave, Suite G300, Plano, TX > 75024, USA 75024, > Website: https://yagnaiq.com > Contact Customer Support: supp...@yagnaiq.com > Privacy Policy: https://www.yagnaiq.com/privacy-policy/ > This communication and any attachments may contain confidential > information and/or copyright material of Yagna iQ, Inc. > All unauthorized use, disclosure or distribution is prohibited. If > you are not the intended recipient, please notify Yagna iQ > immediately by replying to the email and destroy all copies of this > communication. > > This email has been scanned for all known viruses. The sender does > not accept liability for any damage inflicted by viewing the content > of this email. > > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/CIKSWDCYW5BDPEWAMF25R7GIW7D7KJBD/ -- Nathanaël Blanchet Administrateur Systèmes et Réseaux Service Informatique et REseau (SIRE) Département des systèmes d'information 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanc...@abes.fr ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/CBNRYXWMQRXPWZSLLECJSPZQJKZERNZX/
[ovirt-users] NMState verification error when setting up a bonding interface
Hello fellow oVirt Users. I am trying to setup a bond interface on my host, but for whatever reason I am unable to do so trough the host network configuration. Actually I do know the issue, and it’s a bit bizarre as I don’t know what causes it. If you take a look at the following snippet of my supervdsm.log file, you will see that the NMstate verification fails due to a difference between the current config and the desired config. The thing is I have not made any of the additional configuration options. I literally installed the OS, installed the oVirt host and tried to setup a network bond. Has anyone experienced this? Does anyone know how to fix this? ``` Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/vdsm/supervdsm_server.py", line 80, in wrapper res = func(*args, **kwargs) File "/usr/lib/python3.6/site-packages/vdsm/network/api.py", line 193, in setupNetworks _setup_networks(networks, bondings, options) File "/usr/lib/python3.6/site-packages/vdsm/network/api.py", line 217, in _setup_networks netswitch.configurator.setup(networks, bondings, options, in_rollback) File "/usr/lib/python3.6/site-packages/vdsm/network/netswitch/configurator.py", line 53, in setup _setup_nmstate(networks, bondings, options, in_rollback) File "/usr/lib/python3.6/site-packages/vdsm/network/netswitch/configurator.py", line 76, in _setup_nmstate nmstate.setup(desired_state, verify_change=not in_rollback) File "/usr/lib/python3.6/site-packages/vdsm/network/nmstate/api.py", line 29, in setup state_apply(desired_state, verify_change=verify_change) File "/usr/lib/python3.6/site-packages/libnmstate/netapplier.py", line 140, in apply plugins, net_state, verify_change, save_to_disk, verify_retry File "/usr/lib/python3.6/site-packages/libnmstate/netapplier.py", line 190, in _apply_ifaces_state _verify_change(plugins, net_state) File "/usr/lib/python3.6/site-packages/libnmstate/netapplier.py", line 197, in _verify_change net_state.verify(current_state) File "/usr/lib/python3.6/site-packages/libnmstate/net_state.py", line 119, in verify self._ifaces.verify(current_state.get(Interface.KEY)) File "/usr/lib/python3.6/site-packages/libnmstate/ifaces/ifaces.py", line 805, in verify cur_iface.state_for_verify(), libnmstate.error.NmstateVerificationError: desired === --- name: ovirtmgmt type: linux-bridge state: up bridge: options: stp: enabled: false port: - name: bond0 vlan: {} ipv4: enabled: true address: - ip: 10.10.120.1 prefix-length: 16 dhcp: false ipv6: enabled: false mtu: 1500 current === --- name: ovirtmgmt type: linux-bridge state: up accept-all-mac-addresses: false bridge: options: group-addr: 01:80:C2:00:00:00 group-forward-mask: 0 hash-max: 4096 mac-ageing-time: 300 multicast-last-member-count: 2 multicast-last-member-interval: 100 multicast-querier: false multicast-querier-interval: 25500 multicast-query-interval: 12500 multicast-query-response-interval: 1000 multicast-query-use-ifaddr: false multicast-router: 1 multicast-snooping: true multicast-startup-query-count: 2 multicast-startup-query-interval: 3125 stp: enabled: false forward-delay: 15 hello-time: 2 max-age: 20 priority: 32768 port: [] ethtool: feature: highdma: true rx-gro: true tx-generic-segmentation: true tx-tcp-segmentation: true tx-vlan-hw-insert: true ipv4: enabled: true address: - ip: 10.10.120.1 prefix-length: 16 dhcp: false ipv6: enabled: false lldp: enabled: false mac-address: AC:16:2D:BD:03:D0 mtu: 1500 wait-ip: any difference == --- desired +++ current @@ -2,13 +2,38 @@ name: ovirtmgmt type: linux-bridge state: up +accept-all-mac-addresses: false bridge: options: +group-addr: 01:80:C2:00:00:00 +group-forward-mask: 0 +hash-max: 4096 +mac-ageing-time: 300 +multicast-last-member-count: 2 +multicast-last-member-interval: 100 +multicast-querier: false +multicast-querier-interval: 25500 +multicast-query-interval: 12500 +multicast-query-response-interval: 1000 +multicast-query-use-ifaddr: false +multicast-router: 1 +multicast-snooping: true +multicast-startup-query-count: 2 +multicast-startup-query-interval: 3125 stp: enabled: false - port: - - name: bond0 -vlan: {} + forward-delay: 15 + hello-time: 2 + max-age: 20 + priority: 32768 + port: [] +ethtool: + feature: +highdma: true +rx-gro: true +tx-generic-segmentation: true +tx-tcp-segmentation: true +tx-vlan-hw-insert: true ipv4: enabled: true address: @@ -17,4 +42,8 @@ dhcp: false ipv6: enabled: false +lldp: + enabled: false +mac-address: AC:16:2D:BD:03:D0 mtu: 1500 +wait-ip: any ``` ___ Users mailing list -- users@ovirt.org To unsubscribe
[ovirt-users] mirrorlist.ovirt.org Repository is not working
Hi, This morning(14Feb2024) noticed that, ovirt repositories are not accessible. Status code: 503 for https://mirrorlist.ovirt.org/mirrorlist-ovirt-4.5-el9 (IP: 8.43.85.224) Hopefully, you are in process of fixing that issue. Regards, Raghavendra M ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/EKUBXFVI5PP6YVI2TTKBB2O6BFGLIMR4/
[ovirt-users] virt-v2v cannot authenticate with oVirt engine API with OAuth2
I've been reading through archives but not able to find what i need. Essentially what I'm trying to do is migrate a larger number of VMs from our OVM environment to a new OLVM setup. In an effort to reduce lots of replication and copying of the disk image (export, convert, copy over, import etc.) I found this article which shows a pretty slick way to do it in one shot https://blogs.oracle.com/scoter/post/how-to-migrate-oracle-vm-to-oracle-linux-kvm The main command behind it all is the virt-v2v that makes it possible. It looks something like this: virt-v2v -i libvirtxml vm-test1.xml -o rhv-upload -oc https:///ovirt-engine/api -os -op /tmp/ovirt-admin-password -of raw -oo rhv-cluster=Default -oo rhv-cafile=/root/ca.pem The problem I'm having is I cannot authenticate with my new OLVM server at the ovirt-engine/api URL. Since user/password is depricated and you must use OAuth 2.0 with a token I'm stuck. I have OLVM 4.5.4-1.0.27.el8 and from what I've read in oVirt 4.5 (not sure what version it started) they use keycloak oAuth 2.0 and the older ovirt-aaa-jdbc-tool is now deprecated. In doing some testing I found I can use curl and authenticate against the ovirt-engine/api and get a token like this: OVIRT_ENGINE_URL="https:///ovirt-engine" USERNAME="admin@ovirt@internalsso" PASSWORD="" CLUSTER_NAME="Default" TOKEN=$(curl -k -X POST -H "Accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=password =$USERNAME=$PASSWORD=ovirt-app-api" $OVIRT_ENGINE_URL/sso/oauth/token | jq -r '.access_token') I was then able to query the API to validate my token works curl -k -H "Accept: application/json" -H "Authorization: Bearer $TOKEN" "$OVIRT_ENGINE_URL/api/clusters?search=name=$CLUSTER_NAME" The problem is virt-v2v does not support posting any form information or the token to authenticate. Best I can tell the -oc option is strictly the URL and if you want a username in there it's in the form of https://@. So even if I wrote a script and used curl to authenticate and get a token I still can't find a way to make virt-v2v use it. So I'm stuck how do I get virt-v2v working? Is there a way to re-enable the deprecated user/pass method of accessing the ovirt-engine/api ? or as a last resort a way to get virt-v2v supporting the token? Thanks for any insight Malcolm ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/BKWE64URGUV5RRUYOFUZ4IKQDIV2YLNQ/
[ovirt-users] change iscsi auth on hosted engine storage domain
Hello oVirt community, I have hosted engine on iSCSI storage without any authentication, I would like to change it. Is there any way how to do it without redeploy hosted engine ? Thank you for any help. Jirka ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/O7IKF53Q6I2SLJPG55K5XW2OE7I4VRZD/
[ovirt-users] Re: Ovirt 4.4.10 - Admin account locked after password change
Perhaps you have some kind of script that periodically logs into oVirt to perform some task and you didn't change that password to the new one? If so, it will block the account after a few attempts. Each time we change the password, we have to update a fair amount of scripts that perform maintenance tasks. If we don't do so in a short period of time, the authentication attempts make the account block again. El 2024-02-16 02:42, Andy Lau escribió: Hello All Recently, I reset the password for the admin account through ovirt-aaa-jdbc-tool. The password changed properly but the admin account will be locked automatically after few hours later. From the engine log, the admin@internal seems login periodically from ovirt engine itself. If I fallback the password with the original one, all working fine. Do anyone has the solution? Screen capture from the engine log: https://polyuit-my.sharepoint.com/:i:/g/personal/tflau_polyu_edu_hk/Edqp2lsKkBlJi0dQBo05L_EBX7SJy-yaC92pABc2wyHE6w?e=DQyppL ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/P4QKBI6JYMNNF3KHMLK4OG3MD2LO5JMW/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/2EAHDN3TR2XDYCYDNXZMPAL3XZRNUXQJ/