Description of problem: ovirt-hosted-engine-setup requires virt-viewer and this requires a lot of libraries on the graphical side making also Node larger than it could be. virt-viewer is required since hosted-engine commands provides also this option: --console Open the configured console using remote-viewer on localhost which basically acts as a wrapper over virt-viewer (either spice or vnc). We can just remove the --console option since the user can simply use remote-viewer from his host instead of exporting the X server session and use virt-viewer locally on the hosted-engine host. Or we can rewrite the --console option to open a text console over the serial console available since 3.6.
I'm for just removing the option.
I thought we already provide a serial console? Is that not the case?
We just print something like: connect to the serial console using the following command: socat UNIX-CONNECT:/var/run/ovirt-vmconsole-console/{vmuuid}.sock,user=ovirt-vmconsole at setup time. But hosted-engine --console can be called at any time (if the engine VM is running locally) and it's still using virt-viewer.
(In reply to Simone Tiraboschi from comment #3) > We just print something like: > connect to the serial console using the following command: > socat > UNIX-CONNECT:/var/run/ovirt-vmconsole-console/{vmuuid}.sock,user=ovirt- > vmconsole > at setup time. > > But hosted-engine --console can be called at any time (if the engine VM is > running locally) and it's still using virt-viewer. I'm more inclined in replacing to serial console, since ssh is disabled on the appliance and you will need a way to connect to enable it.
I do not think that it is a good idea to remove the option completely. The users will struggle to connect to the VM, but we may just print instruction how to connect if the --console is used?
What about: 1. Check if remote-viewer is found. 2. If it is, run it, otherwise print some nice message. 3. Have two versions of the appliance - one without remote-viewer, another with remote-viewer and a full desktop environment. Last point might be preferable by users who are less comfortable with the command line.
Sorry, meant "Node". But same logic applies also to the engine appliance.
(In reply to Yedidyah Bar David from comment #6) > What about: > > 1. Check if remote-viewer is found. > > 2. If it is, run it, otherwise print some nice message. > > 3. Have two versions of the appliance - one without remote-viewer, another > with remote-viewer and a full desktop environment. This is not optimal - requires more testing, shipping, etc. > > Last point might be preferable by users who are less comfortable with the > command line. Yes, but it's unlikely they have desktop environment on the same host they install the engine. Not impossible, but not likely enough to keeping this option.
postponing to 4.1 since it won't be just an option removal.
I do not agree about removing the option (in the doc text, for now). If we drop (3.) from comment 6, we can still do 1 and 2. And also add --serial-console if we feel like it. If we decide to go all the way serial, might as well drop the VGA console altogether. I a previous job I did this to all my VMs, as at the time I noticed I get around 5% less cpu usage for an idle machine (but perhaps kvm/qemu got better in this since then).
If we don't do this for 4.0, how will we remove it in 4.1? We can't have features disappear on users on NGN upgrade.
On the technical side doing it for 4.0 is pretty simple.
I would do it for 4.0 via serial console due to the effect on NGN. Moving back and we will disucss in next scrub.
Bug tickets must have version flags set prior to targeting them to a release. Please ask maintainer to set the correct version flags and only then set the target milestone.
Several questions from QA side: 1)Would option removal disable current ability to connect to HE-VM remotely e.g. "/usr/bin/remote-viewer vnc://Host-HE1.example.com:5900"? 2)Would it still possible to change the password for console connections to HE-VM using console-change-password? There are several reasons to be able to connect using console connection to HE-VM, e.g. not being able to connect to engine over ssh (appliance, lost connectivity to engine over the network bridges etc.) and of course during the deployment of HE-VM.
I mean for if the "hosted-engine --add-console-password=`<password>" option is to remain in tact or won't be available any more?
So there will be no more remote-viewer and all connections to HE-VM would be established over serial-console? Can someone provide documentation for the featured functionality? How would security provided for such serial-console connections for customers who connect to their hosts over ssh?
My initial request was just dropping the option to connect with LOCAL remote-viewer - since: 1. It carries quite a big list of deps, prolonging installation. 2. No one uses it. It has nothing to do with dropping the ability to connect with a remote remote-viewer to it.
(In reply to Nikolai Sednev from comment #15) > Several questions from QA side: > 1)Would option removal disable current ability to connect to HE-VM remotely > e.g. "/usr/bin/remote-viewer vnc://Host-HE1.example.com:5900"? no > 2)Would it still possible to change the password for console connections to > HE-VM using console-change-password? yes
Moving to 4.1 to align with Bug 1343882.
*** Bug 1343882 has been marked as a duplicate of this bug. ***
I'm steel seeing the: --console Open the configured console using virsh on localhost On these components: qemu-kvm-rhev-2.3.0-31.el7_2.21.x86_64 ovirt-setup-lib-1.0.2-1.el7ev.noarch ovirt-hosted-engine-ha-2.0.4-1.el7ev.noarch rhev-release-4.0.4-5-001.noarch ovirt-vmconsole-host-1.0.4-1.el7ev.noarch ovirt-hosted-engine-setup-2.0.2.2-2.el7ev.noarch rhevm-appliance-20160922.0-1.el7ev.noarch mom-0.5.6-1.el7ev.noarch ovirt-imageio-common-0.3.0-0.el7ev.noarch ovirt-vmconsole-1.0.4-1.el7ev.noarch sanlock-3.2.4-3.el7_2.x86_64 libvirt-client-1.2.17-13.el7_2.5.x86_64 vdsm-4.18.13-1.el7ev.x86_64 ovirt-host-deploy-1.5.2-1.el7ev.noarch ovirt-engine-sdk-python-3.6.9.1-1.el7ev.noarch ovirt-imageio-daemon-0.4.0-0.el7ev.noarch Linux version 3.10.0-327.41.1.el7.x86_64 (mockbuild.eng.bos.redhat.com) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) ) #1 SMP Fri Sep 16 05:33:12 EDT 2016 Linux 3.10.0-327.41.1.el7.x86_64 #1 SMP Fri Sep 16 05:33:12 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux Red Hat Enterprise Linux Server release 7.2 (Maipo) Shouldn't this option be removed?
(In reply to Nikolai Sednev from comment #22) > I'm steel seeing the: > --console > Open the configured console using virsh on localhost Why? That's OK - that allows to open the text based console. Did you try it? Did you check that the virt-viewer dep is gone? (the appliance should be smaller now, btw!) > On these components: > qemu-kvm-rhev-2.3.0-31.el7_2.21.x86_64 > ovirt-setup-lib-1.0.2-1.el7ev.noarch > ovirt-hosted-engine-ha-2.0.4-1.el7ev.noarch > rhev-release-4.0.4-5-001.noarch > ovirt-vmconsole-host-1.0.4-1.el7ev.noarch > ovirt-hosted-engine-setup-2.0.2.2-2.el7ev.noarch > rhevm-appliance-20160922.0-1.el7ev.noarch > mom-0.5.6-1.el7ev.noarch > ovirt-imageio-common-0.3.0-0.el7ev.noarch > ovirt-vmconsole-1.0.4-1.el7ev.noarch > sanlock-3.2.4-3.el7_2.x86_64 > libvirt-client-1.2.17-13.el7_2.5.x86_64 > vdsm-4.18.13-1.el7ev.x86_64 > ovirt-host-deploy-1.5.2-1.el7ev.noarch > ovirt-engine-sdk-python-3.6.9.1-1.el7ev.noarch > ovirt-imageio-daemon-0.4.0-0.el7ev.noarch > Linux version 3.10.0-327.41.1.el7.x86_64 > (mockbuild.eng.bos.redhat.com) (gcc version 4.8.5 20150623 > (Red Hat 4.8.5-4) (GCC) ) #1 SMP Fri Sep 16 05:33:12 EDT 2016 > Linux 3.10.0-327.41.1.el7.x86_64 #1 SMP Fri Sep 16 05:33:12 EDT 2016 x86_64 > x86_64 x86_64 GNU/Linux > Red Hat Enterprise Linux Server release 7.2 (Maipo) > > Shouldn't this option be removed?
(In reply to Yaniv Kaul from comment #23) > (In reply to Nikolai Sednev from comment #22) > > I'm steel seeing the: > > --console > > Open the configured console using virsh on localhost > > Why? That's OK - that allows to open the text based console. > Did you try it? No, I didn't tried it, only asked for if its not required any more, then why left? > > Did you check that the virt-viewer dep is gone? (the appliance should be > smaller now, btw!) Yes, virt-viewer dependency is not longer a must and its gone for good now. I did not tested appliance size changes. > > > On these components: > > qemu-kvm-rhev-2.3.0-31.el7_2.21.x86_64 > > ovirt-setup-lib-1.0.2-1.el7ev.noarch > > ovirt-hosted-engine-ha-2.0.4-1.el7ev.noarch > > rhev-release-4.0.4-5-001.noarch > > ovirt-vmconsole-host-1.0.4-1.el7ev.noarch > > ovirt-hosted-engine-setup-2.0.2.2-2.el7ev.noarch > > rhevm-appliance-20160922.0-1.el7ev.noarch > > mom-0.5.6-1.el7ev.noarch > > ovirt-imageio-common-0.3.0-0.el7ev.noarch > > ovirt-vmconsole-1.0.4-1.el7ev.noarch > > sanlock-3.2.4-3.el7_2.x86_64 > > libvirt-client-1.2.17-13.el7_2.5.x86_64 > > vdsm-4.18.13-1.el7ev.x86_64 > > ovirt-host-deploy-1.5.2-1.el7ev.noarch > > ovirt-engine-sdk-python-3.6.9.1-1.el7ev.noarch > > ovirt-imageio-daemon-0.4.0-0.el7ev.noarch > > Linux version 3.10.0-327.41.1.el7.x86_64 > > (mockbuild.eng.bos.redhat.com) (gcc version 4.8.5 20150623 > > (Red Hat 4.8.5-4) (GCC) ) #1 SMP Fri Sep 16 05:33:12 EDT 2016 > > Linux 3.10.0-327.41.1.el7.x86_64 #1 SMP Fri Sep 16 05:33:12 EDT 2016 x86_64 > > x86_64 x86_64 GNU/Linux > > Red Hat Enterprise Linux Server release 7.2 (Maipo) > > > > Shouldn't this option be removed? The virt-viewer has been removed from hosted-engine-setup dependency. yum deplist expect ovirt-hosted-engine-setup.noarch | grep virt-viewer* shows nothing and virt-viewer has not been installed on both of my hosts. Works for me on these components on hosts: qemu-kvm-rhev-2.3.0-31.el7_2.21.x86_64 rhevm-appliance-20160922.0-1.el7ev.noarch rhev-release-4.0.4-5-001.noarch ovirt-setup-lib-1.0.2-1.el7ev.noarch ovirt-hosted-engine-ha-2.0.4-1.el7ev.noarch mom-0.5.6-1.el7ev.noarch ovirt-imageio-common-0.3.0-0.el7ev.noarch ovirt-host-deploy-1.5.2-1.el7ev.noarch ovirt-engine-sdk-python-3.6.9.1-1.el7ev.noarch ovirt-vmconsole-1.0.4-1.el7ev.noarch ovirt-vmconsole-host-1.0.4-1.el7ev.noarch ovirt-hosted-engine-setup-2.0.2.2-2.el7ev.noarch sanlock-3.2.4-3.el7_2.x86_64 libvirt-client-1.2.17-13.el7_2.5.x86_64 vdsm-4.18.13-1.el7ev.x86_64 ovirt-imageio-daemon-0.4.0-0.el7ev.noarch Linux version 3.10.0-327.41.1.el7.x86_64 (mockbuild.eng.bos.redhat.com) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) ) #1 SMP Fri Sep 16 05:33:12 EDT 2016 Linux 3.10.0-327.41.1.el7.x86_64 #1 SMP Fri Sep 16 05:33:12 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux Red Hat Enterprise Linux Server release 7.2 (Maipo) On engine: ovirt-engine-vmconsole-proxy-helper-4.0.4.4-0.1.el7ev.noarch ovirt-engine-4.0.4.4-0.1.el7ev.noarch ovirt-engine-sdk-python-3.6.9.1-1.el7ev.noarch ovirt-engine-dwh-setup-4.0.2-1.el7ev.noarch ovirt-image-uploader-4.0.1-1.el7ev.noarch ovirt-host-deploy-1.5.2-1.el7ev.noarch ovirt-imageio-proxy-setup-0.4.0-0.el7ev.noarch ovirt-engine-extension-aaa-jdbc-1.1.0-1.el7ev.noarch ovirt-engine-restapi-4.0.4.4-0.1.el7ev.noarch ovirt-engine-backend-4.0.4.4-0.1.el7ev.noarch ovirt-engine-cli-3.6.8.1-1.el7ev.noarch ovirt-vmconsole-1.0.4-1.el7ev.noarch ovirt-setup-lib-1.0.2-1.el7ev.noarch ovirt-engine-setup-plugin-ovirt-engine-4.0.4.4-0.1.el7ev.noarch ovirt-engine-webadmin-portal-4.0.4.4-0.1.el7ev.noarch ovirt-engine-lib-4.0.4.4-0.1.el7ev.noarch ovirt-log-collector-4.0.1-1.el7ev.noarch ovirt-engine-setup-base-4.0.4.4-0.1.el7ev.noarch ovirt-imageio-proxy-0.4.0-0.el7ev.noarch ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.0.4.4-0.1.el7ev.noarch ovirt-engine-dashboard-1.0.4-1.el7ev.x86_64 ovirt-imageio-common-0.3.0-0.el7ev.noarch ovirt-iso-uploader-4.0.1-1.el7ev.noarch ovirt-engine-setup-plugin-ovirt-engine-common-4.0.4.4-0.1.el7ev.noarch ovirt-engine-websocket-proxy-4.0.4.4-0.1.el7ev.noarch ovirt-engine-tools-4.0.4.4-0.1.el7ev.noarch ovirt-engine-dbscripts-4.0.4.4-0.1.el7ev.noarch ovirt-vmconsole-proxy-1.0.4-1.el7ev.noarch ovirt-engine-tools-backup-4.0.4.4-0.1.el7ev.noarch ovirt-engine-extensions-api-impl-4.0.4.4-0.1.el7ev.noarch ovirt-engine-setup-4.0.4.4-0.1.el7ev.noarch ovirt-engine-userportal-4.0.4.4-0.1.el7ev.noarch ovirt-engine-dwh-4.0.2-1.el7ev.noarch python-ovirt-engine-sdk4-4.0.1-1.el7ev.x86_64 ovirt-host-deploy-java-1.5.2-1.el7ev.noarch ovirt-engine-setup-plugin-websocket-proxy-4.0.4.4-0.1.el7ev.noarch rhevm-spice-client-x86-msi-4.0-3.el7ev.noarch rhevm-spice-client-x64-msi-4.0-3.el7ev.noarch rhev-guest-tools-iso-4.0-5.el7ev.noarch rhevm-4.0.4.4-0.1.el7ev.noarch rhevm-branding-rhev-4.0.0-5.el7ev.noarch rhevm-guest-agent-common-1.0.12-3.el7ev.noarch rhevm-doc-4.0.4-1.el7ev.noarch rhevm-dependencies-4.0.0-1.el7ev.noarch rhevm-setup-plugins-4.0.0.2-1.el7ev.noarch rhev-release-4.0.4-5-001.noarch Linux version 3.10.0-327.41.1.el7.x86_64 (mockbuild.eng.bos.redhat.com) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) ) #1 SMP Fri Sep 16 05:33:12 EDT 2016 Linux 3.10.0-327.41.1.el7.x86_64 #1 SMP Fri Sep 16 05:33:12 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux Red Hat Enterprise Linux Server release 7.2 (Maipo)
(In reply to Nikolai Sednev from comment #24) > > > I'm steel seeing the: > > > --console > > > Open the configured console using virsh on localhost > > > > Why? That's OK - that allows to open the text based console. > > Did you try it? > No, I didn't tried it, only asked for if its not required any more, then why > left? Since the user could still require to open a direct console to the engine VM; in the past it was with remote viewer for a VGA console on the localhost but this require the graphical stack with a lot of dependencies. Now it uses virsh over a serial console. > > Did you check that the virt-viewer dep is gone? (the appliance should be > > smaller now, btw!) > Yes, virt-viewer dependency is not longer a must and its gone for good now. > I did not tested appliance size changes. You are not going to see any appliance size change since remote viewer wasn't required inside the engine appliance but on the host.
Do we have any documentation on virsh over a serial console usage?
(In reply to Nikolai Sednev from comment #26) > Do we have any documentation on virsh over a serial console usage? http://libvirt.org/sources/virshcmdref/html/sect-console.html
(In reply to Simone Tiraboschi from comment #27) > (In reply to Nikolai Sednev from comment #26) > > Do we have any documentation on virsh over a serial console usage? > > http://libvirt.org/sources/virshcmdref/html/sect-console.html 2.8. console Connect the virtual serial console for the guest Usage console Options Needs to be written Availability Available from libvirt 0.2.0 onwards Platform or Hypervisor specific notes None yet Examples Needs to be written Example in context Needs to be written See also Needs to be written The documentation is not full and I can't get how customer should use this option from current documentation.
No, sorry, the user will simply run hosted-engine --console as it was supposed to in the past, no command line changes here. The difference is that in the past we were wrapping remote-viewer while now we are wrapping virsh console but the user is not supposed to directly use virsh for that.
(In reply to Simone Tiraboschi from comment #29) > No, sorry, the user will simply run > hosted-engine --console > as it was supposed to in the past, no command line changes here. > > The difference is that in the past we were wrapping remote-viewer while now > we are wrapping virsh console but the user is not supposed to directly use > virsh for that. I've just checked the functionality on a new freshly deployed hosted-engine and its working as expected: # hosted-engine --console /usr/share/vdsm/vdsClient.py:33: DeprecationWarning: vdscli uses xmlrpc. since ovirt 3.6 xmlrpc is deprecated, please use vdsm.jsonrpcvdscli from vdsm import utils, vdscli, constants The engine VM is running on this host Connected to domain HostedEngine Escape character is ^] Red Hat Enterprise Linux Server 7.2 (Maipo) Kernel 3.10.0-327.36.1.el7.x86_64 on an x86_64 login: root Password: Login incorrect nsednev-he-1 login: root Password: Last failed login: Mon Sep 26 08:21:25 EDT 2016 on hvc0 There was 1 failed login attempt since the last successful login. #