Administration Guide

not

protocol://[host]:[port]
# neutron security-group-list
# vi /etc/sysconfig/network-scripts/ifcfg-rhevm
...
BOOTPROTO=none	
IPADDR=10.x.x.x
PREFIX=24
...
# service network restart
# ifconfig rhevm
# systemctl restart network.service
# ip addr show rhevm
# vi /etc/sysconfig/network
HOSTNAME=NEW_FQDN
# hostnamectl set-hostname NEW_FQDN
forward_delay=1500 
gc_timer=3765 
group_addr=1:80:c2:0:0:0 
group_fwd_mask=0x0 
hash_elasticity=4 
hash_max=512
hello_time=200 
hello_timer=70 
max_age=2000 
multicast_last_member_count=2 
multicast_last_member_interval=100 
multicast_membership_interval=26000 
multicast_querier=0 
multicast_querier_interval=25500 
multicast_query_interval=13000 
multicast_query_response_interval=1000 
multicast_query_use_ifaddr=0 
multicast_router=1 
multicast_snooping=1 
multicast_startup_query_count=2 
multicast_startup_query_interval=3125
mode=4 xmit_hash_policy=layer2+3
mode=1 arp_interval=1 arp_ip_target=192.168.0.2
mode=1 primary=eth0
engine-config -s FenceKdumpDestinationAddress=A.B.C.D
# service ovirt-fence-kdump-listener restart
# engine-config -g OPTION
# engine-config -s OPTION=value
# service ovirt-engine restart
# yum install nfs-utils
# chkconfig --add rpcbind
# chkconfig --add nfs
# chkconfig rpcbind on
# chkconfig nfs on
# service rpcbind start
# service nfs start

# mkdir -p /exports/data
# mkdir -p /exports/export
/exports/data *(rw)
/exports/export *(rw)
# exportfs -r
# service nfs reload
# groupadd kvm -g 36
# useradd vdsm -u 36 -g 36
# chown -R 36:36 /exports/data
# chown -R 36:36 /exports/export
# chmod 0755 /exports/data
# chmod 0755 /exports/export
# mkdir -p /data/images
# chown 36:36 /data /data/images
# chmod 0755 /data /data/images
# yum install -y scsi-target-utils
<target iqn.YEAR-MONTH.com.EXAMPLE:SERVER.targetX>
          backing-store /PATH/TO/DEVICE1 # Becomes LUN 1
          backing-store /PATH/TO/DEVICE2 # Becomes LUN 2
          backing-store /PATH/TO/DEVICE3 # Becomes LUN 3
</target>
# service tgtd start
# chkconfig tgtd on
# iptables -I INPUT 6 -p tcp --dport 3260 -j ACCEPT
# service iptables save
# engine-iso-uploader --iso-domain=ISODomain upload RHEL6.iso
# gluster volume set VOLUME_NAME group virt
# gluster volume info VOLUME_NAME
LogicalNetworkName: false

# yum install watchdog
watchdog-device = /dev/watchdog
# service watchdog start
# chkconfig watchdog on
# lspci | grep watchdog -i
# echo c > /proc/sysrq-trigger
# kill -9 `pgrep watchdog`
# yum install spice-xpi
# rpm -q virt-viewer
virt-viewer-0.5.2-18.el6_4.2.x86_64
# yum install virt-viewer
https://your-manager-fqdn/ovirt-engine/services/files/spice/virt-viewer-x86.msi
https://your-manager-fqdn/ovirt-engine/services/files/spice/virt-viewer-x64.msi
# subscription-manager repos --enable=rhel-6-server-rhev-agent-rpms
# subscription-manager repos --enable=rhel-7-server-rh-common-rpms
# yum install rhevm-guest-agent-common
# service ovirt-guest-agent start
# chkconfig ovirt-guest-agent on
# systemctl start ovirt-guest-agent.service
# systemctl enable ovirt-guest-agent.service
D:\RHEV-toolsSetup.exe ISSILENTMODE ISNOREBOOT
# yum update rhevm-guest-agent-common
# service ovirt-guest-agent restart
# systemctl restart ovirt-guest-agent.service
# yum update -y rhev-guest-tools-iso*

engine-iso-uploader --iso-domain=[ISODomain] upload /usr/share/rhev-guest-tools-iso/rhev-tools-setup.iso

# subscription-manager register
# subscription-manager list --available
# subscription-manager attach --pool=pool_id
# subscription-manager repos --disable=*
# subscription-manager repos --enable=repository
# yum update
# yum install xorg-x11-drv-qxl
# cp /etc/X11/xorg.conf /etc/X11/xorg.conf.$$.backup
Section 	"Device"
Identifier	"Videocard0"
Driver		"qxl"
Endsection

# /sbin/lsusb -v | grep 'QEMU USB Tablet'
# cp /etc/X11/xorg.conf /etc/X11/xorg.conf.$$.backup
Section "ServerLayout"
Identifier     "single head configuration"
Screen      0  "Screen0" 0 0
InputDevice    "Keyboard0" "CoreKeyboard"
InputDevice    "Tablet" "SendCoreEvents"
InputDevice    "Mouse" "CorePointer"
EndSection

Section "InputDevice"
Identifier  "Mouse"
Driver      "void"
#Option      "Device" "/dev/input/mice"
#Option      "Emulate3Buttons" "yes"
EndSection

Section "InputDevice"
Identifier  "Tablet"
Driver      "evdev"
Option      "Device" "/dev/input/event2"
Option "CorePointer" "true"
EndSection

# service ntpd start

# chkconfig ntpd on

$ cat /proc/cpuinfo | grep constant_tsc

term Red Hat Enterprise Linux Server (2.6.18-159.el5)
        root (hd0,0)
	kernel /vmlinuz-2.6.18-159.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet processor.max_cstate=1
/use pmtimer

# touch /.unconfigured
# rm -rf /etc/ssh/ssh_host_*
# rm -rf /etc/udev/rules.d/70-*
# poweroff
# rm -rf /etc/ssh/ssh_host_*
# sys-unconfig
# Windows7(11, OsType.Windows, false),false
os.windows_7.id.value = 11
os.windows_7.name.value = Windows 7
os.windows_7.derivedFrom.value = windows_xp
os.windows_7.sysprepPath.value = ${ENGINE_USR}/conf/sysprep/sysprep.w7
os.windows_7.productKey.value =
os.windows_7.devices.audio.value = ich6
os.windows_7.devices.diskInterfaces.value.3.3 = IDE, VirtIO_SCSI, VirtIO
os.windows_7.devices.diskInterfaces.value.3.4 = IDE, VirtIO_SCSI, VirtIO
os.windows_7.devices.diskInterfaces.value.3.5 = IDE, VirtIO_SCSI, VirtIO
os.windows_7.isTimezoneTypeInteger.value = false

# subscription-manager repos --enable=rhel-6-server-rh-common-rpms
# yum install cloud-init
protocol://[host]:[port]
# engine-config --set SANWipeDelete=true

# service ovirt-engine restart

# engine-config --set KeystoneAuthUrl=http://[address to the endpoint]:35357/v2.0
# engine-config --set OnlyRequiredNetworksMandatoryForVdsSelection=true
# service ovirt-engine restart
# engine-upgrade-check
# engine-upgrade-check
VERB: queue package rhevm-setup for update
VERB: package rhevm-setup queued
VERB: Building transaction
VERB: Empty transaction
VERB: Transaction Summary:
No upgrade
# engine-upgrade-check
VERB: queue package rhevm-setup for update
VERB: package rhevm-setup queued
VERB: Building transaction
VERB: Transaction built
VERB: Transaction Summary:
VERB:     updated    - rhevm-lib-3.3.2-0.50.el6ev.noarch
VERB:     update     - rhevm-lib-3.4.0-0.13.el6ev.noarch
VERB:     updated    - rhevm-setup-3.3.2-0.50.el6ev.noarch
VERB:     update     - rhevm-setup-3.4.0-0.13.el6ev.noarch
VERB:     install    - rhevm-setup-base-3.4.0-0.13.el6ev.noarch
VERB:     install    - rhevm-setup-plugin-ovirt-engine-3.4.0-0.13.el6ev.noarch
VERB:     updated    - rhevm-setup-plugins-3.3.1-1.el6ev.noarch
VERB:     update     - rhevm-setup-plugins-3.4.0-0.5.el6ev.noarch
Upgrade available

Upgrade available
# yum update rhevm-setup
# engine-setup
# subscription-manager repos --enable=rhel-6-server-rhevh-rpms
# yum update rhev-hypervisor6
# yum update
# rhn-channel --add --channel=rhel-x86_64-server-6-rhevm-3.5
# subscription-manager repos --enable=rhel-6-server-rhevm-3.5-rpms
# yum update
# yum update rhevm-setup
# engine-setup
# rhn-channel --remove --channel=rhel-x86_64-server-6-rhevm-3.4
# subscription-manager repos --disable=rhel-6-server-rhevm-3.4-rpms
# rhn-channel --add --channel=rhel-x86_64-server-6-rhevm-3.4
# subscription-manager repos --enable=rhel-6-server-rhevm-3.4-rpms
# yum update
# yum update rhevm-setup
# engine-setup
# rhn-channel --remove --channel=rhel-x86_64-server-6-rhevm-3.3
# subscription-manager repos --disable=rhel-6-server-rhevm-3.3-rpms
Error: IPA was found to be installed on this machine. Red Hat Enterprise Virtualization Manager 3.3 does not support installing IPA on the same machine. Please remove ipa packages before you continue.
# subscription-manager repos --enable=rhel-6-server-rhevm-3.3-rpms
# rhn-channel --add --channel=rhel-x86_64-server-6-rhevm-3.3
# yum update
# yum update rhevm-setup
# engine-setup
[ INFO  ] Stage: Initializing

          Welcome to the RHEV 3.3.0 upgrade.
          Please read the following knowledge article for known issues and
          updated instructions before proceeding with the upgrade.
          RHEV 3.3.0 Upgrade Guide: Tips, Considerations and Roll-back Issues
              https://access.redhat.com/articles/408623
          Would you like to continue with the upgrade? (Yes, No) [Yes]:
# subscription-manager repos --disable=rhel-6-server-rhevm-3.2-rpms
# rhn-channel --remove --channel=rhel-x86_64-server-6-rhevm-3.2
# subscription-manager repos --enable=rhel-6-server-rhevm-3.2-rpms
# rhn-channel --add --channel=rhel-x86_64-server-6-rhevm-3.2
# subscription-manager repos --disable=rhel-6-server-rhevm-3.1-rpms
# rhn-channel --remove --channel=rhel-6-server-rhevm-3.1
# yum update
# yum update rhevm-setup
# rhevm-upgrade
Loaded plugins: product-id, rhnplugin
Info: RHEV Manager 3.1 to 3.2 upgrade detected
Checking pre-upgrade conditions...(This may take several minutes)
Error: IPA was found to be installed on this machine. Red Hat Enterprise Virtualization Manager 3.2 does not support installing IPA on the same machine. Please remove ipa packages before you continue.
# subscription-manager list
# subscription-manager repos --enable=rhel-6-server-rhevm-3.1-rpms
# subscription-manager repos --disable=rhel-6-server-rhevm-3-rpms
# subscription-manager repos --disable=jb-eap-5-for-rhel-6-server-rpms
# rhn-channel --remove --channel=rhel-6-server-rhevm-3
# rhn-channel --remove --channel=jbappplatform-5-x86_64-server-6-rpm
# yum update
# yum update rhevm-setup
# rhevm-upgrade
Loaded plugins: product-id, rhnplugin
Info: RHEV Manager 3.0 to 3.1 upgrade detected
Checking pre-upgrade conditions...(This may take several minutes)
Error: IPA was found to be installed on this machine. Red Hat Enterprise Virtualization Manager 3.1 does not support installing IPA on the same machine. Please remove ipa packages before you continue.
 Warning: the following packages will be removed if you proceed with the upgrade:

    * objectweb-asm

 Would you like to proceed? (yes|no):
# engine-backup --mode=backup
# engine-backup --mode=restore
# engine-backup --scope=all --mode=backup --log=file name --file=file name
# engine-backup --scope=files --mode=backup --log=file name --file=file name
# engine-backup --scope=db --mode=backup --log=file name --file=file name
# yum install postgesql-server
# service postgresql initdb
# service postgresql start
# chkconfig postgresql on
# su postgres
$ psql
postgres=# create role engine with login encrypted password 'password';
postgres=# create role ovirt_engine_reports with login encrypted password 'password';
postgres=# create role ovirt_engine_history with login encrypted password 'password';
postgres=# create database database_name owner engine template template0 encoding 'UTF8' lc_collate 'en_US.UTF-8' lc_ctype 'en_US.UTF-8';
postgres=# create database database_name owner ovirt_engine_reports template template0 encoding 'UTF8' lc_collate 'en_US.UTF-8' lc_ctype 'en_US.UTF-8';
postgres=# create database database_name owner ovirt_engine_history template template0 encoding 'UTF8' lc_collate 'en_US.UTF-8' lc_ctype 'en_US.UTF-8';
postgres=# \q
$ exit
host    database_name    user_name    0.0.0.0/0  md5
host    database_name    user_name    ::0/0      md5
host    database_name    user_name    X.X.X.X/32   md5
listen_addresses='*'
# iptables -I INPUT 5 -p tcp -s Manager_IP_Address --dport 5432 -j ACCEPT
# service iptables save
# service postgresql restart
# engine-backup --mode=restore --file=file_name --log=log_file_name --change-db-credentials --db-host=database_location --db-name=database_name --db-user=engine --db-password
engine-backup --mode=restore --file=file_name --log=log_file_name --change-db-credentials --db-host=database_location --db-name=database_name --db-user=engine --db-password --change-reports-db-credentials --reports-db-host=database_location --reports-db-name=database_name --reports-db-user=ovirt_engine_reports --reports-db-password --change-dwh-db-credentials --dwh-db-host=database_location --dwh-db-name=database_name --dwh-db-user=ovirt_engine_history --dwh-db-password

# engine-backup --mode=restore --scope=files --file=file_name --log=log_file_name
# engine-backup --mode=restore --scope=db --file=file_name --log=log_file_name --change-db-credentials --db-host=database_location --db-name=database_name --db-user=engine --db-password
# engine-backup --mode=restore --scope=reportsdb --file=file_name --log=log_file_name --change-reports-db-credentials --reports-db-host=database_location --reports-db-name=database_name --reports-db-user=ovirt_engine_reports --reports-db-password
# engine-backup --mode=restore --scope=dwhdb --file=file_name --log=log_file_name --change-dwh-db-credentials --dwh-db-host=database_location --dwh-db-name=database_name --dwh-db-user=ovirt_engine_history --dwh-db-password
You should now run engine-setup.
Done.
# engine-setup
# engine-cleanup
# engine-backup --mode=restore --file=file_name --log=log_file_name
# engine-backup --mode=restore --scope=files --file=file_name --log=log_file_name
# engine-backup --mode=restore --scope=db --file=file_name --log=log_file_name
# engine-backup --mode=restore --scope=reportsdb --file=file_name --log=log_file_name
# engine-backup --mode=restore --scope=dwhdb --file=file_name --log=log_file_name
You should now run engine-setup.
Done.
# engine-setup
# engine-cleanup
# su postgres
$ psql
postgres=# alter role user_name encrypted password 'new_password';
# engine-backup --mode=restore --file=file_name --log=log_file_name --change-db-credentials --db-host=database_location --db-name=database_name --db-user=engine --db-password
engine-backup --mode=restore --file=file_name --log=log_file_name --change-db-credentials --db-host=database_location --db-name=database_name --db-user=engine --db-password --change-reports-db-credentials --reports-db-host=database_location --reports-db-name=database_name --reports-db-user=ovirt_engine_reports --reports-db-password --change-dwh-db-credentials --dwh-db-host=database_location --dwh-db-name=database_name --dwh-db-user=ovirt_engine_history --dwh-db-password

# engine-backup --mode=restore --scope=files --file=file_name --log=log_file_name
# engine-backup --mode=restore --scope=db --file=file_name --log=log_file_name --change-db-credentials --db-host=database_location --db-name=database_name --db-user=engine --db-password
# engine-backup --mode=restore --scope=reportsdb --file=file_name --log=log_file_name --change-reports-db-credentials --reports-db-host=database_location --reports-db-name=database_name --reports-db-user=ovirt_engine_reports --reports-db-password
# engine-backup --mode=restore --scope=dwhdb --file=file_name --log=log_file_name --change-dwh-db-credentials --dwh-db-host=database_location --dwh-db-name=database_name --dwh-db-user=ovirt_engine_history --dwh-db-password
You should now run engine-setup.
Done.
# engine-setup
# yum install postgresql-server
# service postgresql initdb
# service postgresql start
# chkconfig postgresql on
# su - postgres
$ psql
postgres=# create role user_name with login encrypted password 'password';
postgres=# create database database_name owner user_name template template0 encoding 'UTF8' lc_collate 'en_US.UTF-8' lc_ctype 'en_US.UTF-8';

host    database_name    user_name    X.X.X.X/32   md5
listen_addresses='*'
# iptables -I INPUT 5 -p tcp --dport 5432 -j ACCEPT
# service iptables save
# service postgresql restart
# service ovirt-engine stop
# su - postgres -c 'pg_dump -F c engine -f /tmp/engine.dump'
# scp /tmp/engine.dump root@new.database.server.com:/tmp/engine.dump
# su - postgres -c 'pg_restore -d engine /tmp/engine.dump'
# service ovirt-engine start
# yum install postgresql-server
# service postgresql initdb
# service postgresql start
# chkconfig postgresql on
# su - postgres
$ psql
postgres=# create role user_name with login encrypted password 'password';
postgres=# create database database_name owner user_name template template0 encoding 'UTF8' lc_collate 'en_US.UTF-8' lc_ctype 'en_US.UTF-8';

host    database_name    user_name    X.X.X.X/32   md5
listen_addresses='*'
# iptables -I INPUT 5 -p tcp --dport 5432 -j ACCEPT
# service iptables save
# service postgresql restart
# service ovirt-engine-dwhd stop
# su - postgres -c 'pg_dump -F c ovirt_engine_history -f /tmp/ovirt_engine_history.dump'
# scp /tmp/ovirt_engine_history.dump root@new.database.server.com:/tmp/ovirt_engine_history.dump
# su - postgres -c 'pg_restore -d ovirt_engine_history /tmp/ovirt_engine_history.dump'
# service ovirt-engine-dwhd start
# yum install postgresql-server
# service postgresql initdb
# service postgresql start
# chkconfig postgresql on
# su - postgres
$ psql
postgres=# create role user_name with login encrypted password 'password';
postgres=# create database database_name owner user_name template template0 encoding 'UTF8' lc_collate 'en_US.UTF-8' lc_ctype 'en_US.UTF-8';

host    database_name    user_name    X.X.X.X/32   md5
listen_addresses='*'
# iptables -I INPUT 5 -p tcp --dport 5432 -j ACCEPT
# service iptables save
# service postgresql restart
# service ovirt-engine-reportsd stop
# su - postgres -c 'pg_dump -F c ovirt_engine_reports -f /tmp/ovirt_engine_reports.dump'
# scp /tmp/ovirt_engine_reports.dump root@new.database.server.com:/tmp/ovirt_engine_reports.dump
# su - postgres -c 'pg_restore -d ovirt_engine_reports /tmp/ovirt_engine_reports.dump'
# engine-setup
POST /api/vms/11111111-1111-1111-1111-111111111111/snapshots/ HTTP/1.1
Accept: application/xml
Content-type: application/xml

<snapshot>
    <description>BACKUP</description>
</snapshot>
GET /api/vms/11111111-1111-1111-1111-111111111111/snapshots/11111111-1111-1111-1111-111111111111 HTTP/1.1
Accept: application/xml
Content-type: application/xml
GET /api/vms/11111111-1111-1111-1111-111111111111/snapshots/11111111-1111-1111-1111-111111111111/disks HTTP/1.1
Accept: application/xml
Content-type: application/xml
POST /api/vms/22222222-2222-2222-2222-222222222222/disks/ HTTP/1.1
Accept: application/xml
Content-type: application/xml

<disk id="11111111-1111-1111-1111-111111111111">
    <snapshot id="11111111-1111-1111-1111-111111111111"/>
    <active>true</active>
</disk>

DELETE /api/vms/22222222-2222-2222-2222-222222222222/disks/11111111-1111-1111-1111-111111111111 HTTP/1.1
Accept: application/xml
Content-type: application/xml

<action>
    <detach>true</detach>
</action>

DELETE /api/vms/11111111-1111-1111-1111-111111111111/snapshots/11111111-1111-1111-1111-111111111111 HTTP/1.1
Accept: application/xml
Content-type: application/xml
POST /api/vms/22222222-2222-2222-2222-222222222222/disks/ HTTP/1.1
Accept: application/xml
Content-type: application/xml

<disk id="11111111-1111-1111-1111-111111111111">
</disk>

DELETE /api/vms/22222222-2222-2222-2222-222222222222/disks/11111111-1111-1111-1111-111111111111 HTTP/1.1
Accept: application/xml
Content-type: application/xml

<action>
    <detach>true</detach>
</action>

POST /api/vms/ HTTP/1.1
Accept: application/xml
Content-type: application/xml

<vm>
    <cluster>
        <name>cluster_name</name>
    </cluster>
    <name>NAME</name>
    ...
</vm>
POST /api/vms/33333333-3333-3333-3333-333333333333/disks/ HTTP/1.1
Accept: application/xml
Content-type: application/xml

<disk id="11111111-1111-1111-1111-111111111111">
</disk>

# yum install ovirt-engine-extension-aaa-ldap
# cp -r /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/. /etc/ovirt-engine
#  vi /etc/ovirt-engine/aaa/profile1.properties
#
# Select one
#
include = <openldap.properties>
#include = <389ds.properties>
#include = <rhds.properties>
#include = <ipa.properties>
#include = <iplanet.properties>
#include = <rfc2307.properties>

#
# Server
#
vars.server = ldap1.company.com

#
# Search user and its password.
#
vars.user = uid=search,cn=users,cn=accounts,dc=company,dc=com
vars.password = 123456

pool.default.serverset.single.server = ${global:vars.server}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}

# Create keystore, import certificate chain and uncomment
# if using tls.
pool.default.ssl.startTLS = true
pool.default.ssl.truststore.file = /full/path/to/myrootca.jks
pool.default.ssl.truststore.password = changeit
# vi /etc/ovirt-engine/extensions.d/profile1-authn.properties
ovirt.engine.extension.name = profile1-authn
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
ovirt.engine.aaa.authn.profile.name = profile1
ovirt.engine.aaa.authn.authz.plugin = profile1-authz
config.profile.file.1 = ../aaa/profile1.properties
# vi /etc/ovirt-engine/extensions.d/profile1-authz.properties
ovirt.engine.extension.name = profile1-authz
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 = ../aaa/profile1.properties
# chown ovirt:ovirt /etc/ovirt-engine/aaa/profile1.properties
# chmod 600 /etc/ovirt-engine/aaa/profile1.properties
# service ovirt-engine restart
# kadmin
kadmin> addprinc -randkey HTTP/fqdn-of-rhevm@REALM.COM
kadmin> ktadd -k /tmp/http.keytab HTTP/fqdn-of-rhevm@REALM.COM
kadmin> quit
# scp /tmp/http.keytab root@rhevm.example.com:/etc/httpd
# chown apache /etc/httpd/http.keytab
# chmod 400 /etc/httpd/http.keytab
# yum install ovirt-engine-extension-aaa-misc ovirt-engine-extension-aaa-ldap mod_auth_kerb
# cp -r /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple-sso/. /etc/ovirt-engine
# ln -s /etc/ovirt-engine/aaa/ovirt-sso.conf /etc/httpd/conf.d
# vi /etc/ovirt-engine/aaa/ovirt-sso.conf
<LocationMatch ^(/ovirt-engine/(webadmin|userportal|api)|/api)>
    RewriteEngine on
    RewriteCond %{LA-U:REMOTE_USER} ^(.*)$
    RewriteRule ^(.*)$ - [L,P,E=REMOTE_USER:%1]
    RequestHeader set X-Remote-User %{REMOTE_USER}s

    AuthType Kerberos
    AuthName "Kerberos Login"
    Krb5Keytab /etc/httpd/http.keytab
    KrbAuthRealms REALM.COM
    Require valid-user
</LocationMatch>
#  vi /etc/ovirt-engine/aaa/profile1.properties
#
# Select one
#
include = <openldap.properties>
#include = <389ds.properties>
#include = <rhds.properties>
#include = <ipa.properties>
#include = <iplanet.properties>
#include = <rfc2307.properties>

#
# Server
#
vars.server = ldap1.company.com

#
# Search user and its password.
#
vars.user = uid=search,cn=users,cn=accounts,dc=company,dc=com
vars.password = 123456

pool.default.serverset.single.server = ${global:vars.server}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}

# Create keystore, import certificate chain and uncomment
# if using ssl/tls.
pool.default.ssl.startTLS = true
pool.default.ssl.truststore.file = /full/path/to/myrootca.jks
pool.default.ssl.truststore.password = changeit
# vi /etc/ovirt-engine/extensions.d/profile1-http-authn.properties
ovirt.engine.extension.name = profile1-authn
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
ovirt.engine.aaa.authn.profile.name = profile1-http
ovirt.engine.aaa.authn.authz.plugin = profile1-authz
ovirt.engine.aaa.authn.mapping.plugin = http-mapping
config.artifact.name = HEADER
config.artifact.arg = X-Remote-User
#  vi /etc/ovirt-engine/extensions.d/profile1-authz.properties
ovirt.engine.extension.name = profile1-authz
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 = ../aaa/profile1.properties
# chown ovirt:ovirt /etc/ovirt-engine/aaa/profile1.properties
# chmod 600 /etc/ovirt-engine/aaa/profile1.properties
# service httpd restart
# service ovirt-engine restart
# engine-config -s AdminPassword=interactive
# service ovirt-engine restart
# chkconfig --add ovirt-engine-notifier
# chkconfig ovirt-engine-notifier on
# service ovirt-engine-notifier restart
# touch /etc/ovirt-engine/notifier/notifier.conf.d/20-snmp.conf
SNMP_MANAGERS="manager1.example.com manager2.example.com:162"
SNMP_COMMUNITY=public
SNMP_OID=1.3.6.1.4.1.2312.13.1.1

FILTER="include:*(snmp:) ${FILTER}"
FILTER="include:AUDIT_LOG_MSG(snmp:) ${FILTER}"
FILTER="exclude:AUDIT_LOG_MSG include:*(snmp:) ${FILTER}"
FILTER="exclude:*"

# service ovirt-engine-notifier start
# chkconfig ovirt-engine-notifier on
# /usr/share/ovirt-engine/setup/bin/ovirt-engine-rename
# /usr/share/ovirt-engine/setup/bin/ovirt-engine-rename
During execution engine service will be stopped (OK, Cancel) [OK]:
New fully qualified server name:[new name]
engine-manage-domains ACTION [options]
# engine-manage-domains --help
# engine-manage-domains list
Domain: directory.demo.redhat.com
    User name: admin@DIRECTORY.DEMO.REDHAT.COM
    This domain is a remote domain.
# engine-manage-domains add --domain=directory.demo.redhat.com --provider=IPA --user=admin
loaded template kr5.conf file
setting default_tkt_enctypes
setting realms
setting domain realm
success
User guid is: 80b71bae-98a1-11e0-8f20-525400866c73
Successfully added domain directory.demo.redhat.com. oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart).

# engine-manage-domains -action=edit -domain=directory.demo.redhat.com -user=admin -interactive
loaded template kr5.conf file
setting default_tkt_enctypes
setting realms
setting domain realmo
success
User guide is: 80b71bae-98a1-11e0-8f20-525400866c73
Successfully edited domain directory.demo.redhat.com. oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart).

# engine-manage-domains validate
User guide is: 80b71bae-98a1-11e0-8f20-525400866c73
Domain directory.demo.redhat.com is valid.

# engine-manage-domains delete --domain=directory.demo.redhat.com
WARNING: Domain directory.demo.redhat.com is the last domain in the configuration. After deleting it you will have to either add another domain, or to use the internal admin user in order to login.
Successfully deleted domain directory.demo.redhat.com. Please remove all users and groups of this domain using the Administration portal or the API.

# engine-config --help
# engine-config --list
# engine-config --all
# engine-config --get [KEY_NAME]
# engine-config --set [KEY_NAME]=[KEY_VALUE] --cver=[VERSION]
# service ovirt-engine restart
# engine-config -s AdminPassword=interactive
# service ovirt-engine restart
|-- images
|   |-- [Image Group UUID]
|        |--- [Image UUID (this is the disk image)]
|        |--- [Image UUID (this is the disk image)].meta
|-- master
|   |---vms
|       |--- [UUID]
|             |--- [UUID].ovf

engine-image-uploader [options] list
engine-image-uploader [options] upload [file].[file]...[file]
# engine-image-uploader list
Please provide the REST API password for the admin@internal oVirt Engine user (CTRL+D to abort):
Export Storage Domain Name | Datacenter  | Export Domain Status
myexportdom               | Myowndc 　  | active
# engine-image-uploader -e myexportdom upload myrhel6.ovf
Please provide the REST API password for the admin@internal oVirt Engine user (CTRL+D to abort):
# service ovirt-engine restart
engine-log-collector [options] list [all, clusters, datacenters]
engine-log-collector [options] collect
# engine-log-collector
INFO: Gathering oVirt Engine information...
INFO: Gathering PostgreSQL the oVirt Engine database and log files from localhost...
Please provide REST API password for the admin@internal oVirt Engine user (CTRL+D to abort):
About to collect information from 3 hypervisors. Continue? (Y/n):
INFO: Gathering information from selected hypervisors...
INFO: collecting information from 192.168.122.250
INFO: collecting information from 192.168.122.251
INFO: collecting information from 192.168.122.252
INFO: finished collecting information from 192.168.122.250
INFO: finished collecting information from 192.168.122.251
INFO: finished collecting information from 192.168.122.252
Creating compressed archive...
INFO Log files have been collected and placed in /tmp/logcollector/sosreport-rhn-account-20110804121320-ce2a.tar.xz.
The MD5 for this file is 6d741b78925998caff29020df2b2ce2a and its size is 26.7M
engine-iso-uploader [options] list
engine-iso-uploader [options] upload [file].[file]...[file]
# engine-iso-uploader --nfs-server=storage.demo.redhat.com:/iso/path upload RHEL6.0.iso
# engine-iso-uploader list
Please provide the REST API password for the admin@internal oVirt Engine user (CTRL+D to abort):
ISO Storage Domain Name   | Datacenter          | ISO Domain Status
ISODomain                 | Default             | active
# engine-iso-uploader --iso-domain=[ISODomain] upload [RHEL6.iso]
Please provide the REST API password for the admin@internal oVirt Engine user (CTRL+D to abort):
# engine-iso-uploader --iso-domain=[ISODomain] upload /usr/share/virtio-win/virtio-win.iso /usr/share/virtio-win/virtio-win_x86.vfd /usr/share/virtio-win/virtio-win_amd64.vfd /usr/share/rhev-guest-tools-iso/rhev-tools-setup.iso
#  remote-viewer --spice-debug

# remote-viewer --spice-debug /path/to/console.vv
debug-helper.exe remote-viewer.exe --spice-controller

# semanage port -a -t syslogd_port_t -p udp 514
$template TmplAuth, "/var/log/%fromhost%/secure" 
$template TmplMsg, "/var/log/%fromhost%/messages" 

$RuleSet remote
authpriv.*   ?TmplAuth
*.info,mail.none;authpriv.none,cron.none   ?TmplMsg
$RuleSet RSYSLOG_DefaultRuleset
$InputUDPServerBindRuleset remote

#$ModLoad imudp
#$UDPServerRun 514
# service rsyslog restart
# yum install squid
http_access deny CONNECT !SSL_ports
http_access deny CONNECT !Safe_ports
# service squid restart
# iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
# service iptables save
# engine-config -s SpiceProxyDefault=someProxy
# service ovirt-engine restart
protocol://[host]:[port]
$ ssh root@[IP of Manager]
# engine-config -s SpiceProxyDefault=""
# service ovirt-engine restart
# openssl x509 -in /etc/pki/ovirt-engine/ca.pem -noout -subject

subject= /C=US/O=Example Inc./CN=engine.example.com.81108

/C=US/O=Example Inc./CN=proxy.example.com
# openssl req -newkey rsa:2048 -subj '/C=US/O=Example Inc./CN=proxy.example.com' -nodes -keyout proxy.key -out proxy.req

# scp proxy.req engine.example.com:/etc/pki/ovirt-engine/requests/.

# /usr/share/ovirt-engine/bin/pki-enroll-request.sh --name=proxy --days=3650 --subject='/C=US/O=Example Inc./CN=proxy.example.com'

# scp engine.example.com:/etc/pki/ovirt-engine/certs/proxy.cer .

# ls -l proxy.key proxy.cer

# yum install squid

# cp proxy.key proxy.cer /etc/squid/.

# chgrp squid /etc/squid/proxy.*
# chmod 640 /etc/squid/proxy.*

# scp engine.example.com:/etc/pki/ovirt-engine/ca.pem /etc/squid/.

# chgrp squid /etc/squid/ca.pem
# chmod 640 /etc/squid/ca.pem

# yum install policycoreutils-python
# semanage port -m -p tcp -t http_cache_port_t 443

https_port 443 key=/etc/squid/proxy.key cert=/etc/squid/proxy.cer ssl-bump defaultsite=engine.example.com
cache_peer engine.example.com parent 443 0 no-query originserver ssl sslcafile=/etc/squid/ca.pem name=engine
cache_peer_access engine allow all
ssl_bump allow all
http_access allow all

# service squid restart

https://proxy.example.com/UserPortal/org.ovirt.engine.ui.userportal.UserPortal/UserPortal.html
# psql -U postgres -c "CREATE ROLE [user name] WITH LOGIN ENCRYPTED PASSWORD '[password]';" -d ovirt_engine_history
# psql -U postgres -c "GRANT CONNECT ON DATABASE ovirt_engine_history TO [user name];"
# psql -U postgres -c "GRANT USAGE ON SCHEMA public TO [user name];" ovirt_engine_history
# psql -U postgres -c "SELECT 'GRANT SELECT ON ' || relname || ' TO [user name];' FROM pg_class JOIN pg_namespace ON pg_namespace.oid = pg_class.relnamespace WHERE nspname = 'public' AND relkind IN ('r', 'v');" --pset=tuples_only=on  ovirt_engine_history > grant.sql
# psql -U postgres -f grant.sql ovirt_engine_history
# rm grant.sql
# psql -U [user name] ovirt_engine_history

 select history_datetime as DateTime, cpu_usage_percent as CPU, memory_usage_percent as Memory
    from host_configuration, host_samples_history
    where host_configuration.host_id = host_samples_history.host_id
    and host_name = 'example.labname.abc.company.com'
    and host_configuration.history_id in (select max(a.history_id)
    						from host_configuration as a
    						where host_configuration.host_id = a.host_id)
    and history_datetime >= '2011-07-01 18:45'
    and history_datetime <= '2011-07-31 21:45'

    select extract(hour from history_datetime) as Hour, avg(cpu_usage_percent) as CPU, avg(memory_usage_percent) as Memory
    from host_hourly_history
    where history_datetime >= '2011-07-01' and history_datetime < '2011-07-31'
    group by extract(hour from history_datetime)
    order by extract(hour from history_datetime)

	SELECT vm_name
  FROM vm_configuration
		inner join latest_tag_relations_history on (vm_configuration.vm_id = latest_tag_relations_history.entity_id)
			inner join latest_tag_details on (latest_tag_details.tag_id = latest_tag_relations_history.parent_id)
 WHERE getpathinnames(latest_tag_details.history_id) like '/root/tlv%'

SELECT 	vm_name, vm_type, operating_system
  FROM 	vm_configuration
		inner join enum_translator as vm_type_value on (vm_type_value.enum_type = 'VM_TYPE' and vm_configuration.vm_type = vm_type_value.enum_key)
		inner join enum_translator as os_value on (os_value.enum_type = 'OS_TYPE' and vm_configuration.operating_system = os_value.enum_key)

# engine-config -g UserDefinedVMProperties
# engine-config -g UserDefinedVMProperties
UserDefinedVMProperties:  version: 3.0
UserDefinedVMProperties:  version: 3.1
UserDefinedVMProperties:  version: 3.2
UserDefinedVMProperties:  version: 3.3
UserDefinedVMProperties : memory=^[0-9]+$ version: 3.2
# engine-config -s UserDefinedVMProperties='memory=^[0-9]+$;smartcard=^(true|false)$' --cver=3.2
# engine-config -g UserDefinedVMProperties
UserDefinedVMProperties:  version: 3.0
UserDefinedVMProperties:  version: 3.1
UserDefinedVMProperties:  version: 3.2
UserDefinedVMProperties:  version: 3.3
UserDefinedVMProperties : memory=^[0-9]+$;smartcard=^(true|false)$ version: 3.2
# service ovirt-engine restart
# engine-config -g CustomDeviceProperties
# engine-config -g CustomDeviceProperties
CustomDeviceProperties:  version: 3.0
CustomDeviceProperties:  version: 3.1
CustomDeviceProperties:  version: 3.2
CustomDeviceProperties:  version: 3.3
# engine-config -s CustomDeviceProperties="{type=interface;prop={speed=^([0-9]{1,5})$;duplex=^(full|half)$}}" --cver=3.3
# engine-config -g CustomDeviceProperties
UserDefinedVMProperties:  version: 3.0
UserDefinedVMProperties:  version: 3.1
UserDefinedVMProperties:  version: 3.2
UserDefinedVMProperties : {type=interface;prop={speed=^([0-9]{1,5})$;duplex=^(full|half)$}} version: 3.3
# service ovirt-engine restart
#!/usr/bin/python

import os
import sys

if os.environ.has_key('key1'):
	sys.stderr.write('key1 value was : %s\n' % os.environ['key1'])
else:
    sys.exit(0)

vdsm ALL=(ALL) NOPASSWD: /bin/chown
retcode = subprocess.call( ["/usr/bin/sudo", "/bin/chown", "root", "/my_file"] )
numaset=^(interleave|strict|preferred):[\^]?\d+(-\d+)?(,[\^]?\d+(-\d+)?)*$
#!/usr/bin/python

import os
import sys
import hooking
import traceback

'''
numa hook
=========
add numa support for domain xml:

<numatune>
    <memory mode="strict" nodeset="1-4,^3" />
</numatune>

memory=interleave|strict|preferred

numaset="1" (use one NUMA node)
numaset="1-4" (use 1-4 NUMA nodes)
numaset="^3" (don't use NUMA node 3)
numaset="1-4,^3,6" (or combinations)

syntax:
    numa=strict:1-4
'''

if os.environ.has_key('numa'):
    try:
        mode, nodeset = os.environ['numa'].split(':')

        domxml = hooking.read_domxml()

        domain = domxml.getElementsByTagName('domain')[0]
        numas = domxml.getElementsByTagName('numatune')

        if not len(numas) > 0:
            numatune = domxml.createElement('numatune')
            domain.appendChild(numatune)

            memory = domxml.createElement('memory')
            memory.setAttribute('mode', mode)
            memory.setAttribute('nodeset', nodeset)
            numatune.appendChild(memory)

            hooking.write_domxml(domxml)
        else:
            sys.stderr.write('numa: numa already exists in domain xml')
            sys.exit(2)
    except:
        sys.stderr.write('numa: [unexpected error]: %s\n' % traceback.format_exc())
        sys.exit(2)

// Access plug-in API using 'parent' due to this code being evaluated within the context of an iframe element.
// As 'parent.pluginApi' is subject to Same-Origin Policy, this will only work when WebAdmin HTML page and plug-in
// host page are served from same origin. WebAdmin HTML page and plug-in host page will always be on same origin
// when using UI plug-in infrastructure support to serve plug-in resource files.
var api = parent.pluginApi('MyPlugin');

// Runtime configuration object associated with the plug-in (or an empty object).
var config = api.configObject();

// Register event handler function(s) for later invocation by UI plug-in infrastructure.
api.register({
	    // UiInit event handler function.
		UiInit: function() {
				// Handle UiInit event.
					window.alert('Favorite music band is ' + config.band);
					    }
});

// Notify UI plug-in infrastructure to proceed with plug-in initialization.
api.ready();

{
    "name": "HelloWorld",
    "url": "/ovirt-engine/webadmin/plugin/HelloWorld/start.html",
    "resourcePath": "hello-files"
}

<!DOCTYPE html><html><head>
<script>
    var api = parent.pluginApi('HelloWorld');
    api.register({
	UiInit: function() { window.alert('Hello world'); }
    });
    api.ready();
</script>
</head><body></body></html>

# yum install redhat-support-plugin-rhev
# rm /etc/pki/ovirt-engine/apache-ca.pem
mv YOUR-3RD-PARTY-CERT.pem /etc/pki/ovirt-engine/apache-ca.pem
# openssl pkcs12 -in  /etc/pki/ovirt-engine/keys/apache.p12 -nocerts -nodes > /etc/pki/ovirt-engine/keys/apache.key.nopass
# openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nokeys > /etc/pki/ovirt-engine/certs/apache.cer
# service httpd restart
$ keytool -importcert -noprompt -trustcacerts -alias myrootca -file /tmp/myrootca.pem -keystore /etc/ovirt-engine/aaa/myrootca.jks -storepass changeit
# Create keystore, import certificate chain and uncomment
pool.default.ssl.startTLS = true
pool.default.ssl.truststore.file = ${local:_basedir}/myrootca.jks
pool.default.ssl.truststore.password = changeit
# Create keystore, import certificate chain and uncomment
pool.default.serverset.single.port = 636
pool.default.ssl.enable = true
pool.default.ssl.truststore.file = ${local:_basedir}/myrootca.jks
pool.default.ssl.truststore.password = changeit

Operating System Family	Browser	Portal Access	Supported SPICE Client?
Red Hat Enterprise Linux	Mozilla Firefox 38	Administration Portal and User Portal	Yes
Windows	Internet Explorer 9 or later	Administration Portal	Yes
	Internet Explorer 8 or later	User Portal	Yes

Role	Privileges	Notes
UserRole	Can access and use virtual machines and pools.	Can log in to the User Portal, use assigned virtual machines and pools, view virtual machine state and details.
PowerUserRole	Can create and manage virtual machines and templates.	Apply this role to a user for the whole environment with the Configure window, or for specific data centers or clusters. For example, if a PowerUserRole is applied on a data center level, the PowerUser can create virtual machines and templates in the data center.
UserVmManager	System administrator of a virtual machine.	Can manage virtual machines and create and use snapshots. A user who creates a virtual machine in the User Portal is automatically assigned the UserVmManager role on the machine.

Role	Privileges	Notes
UserTemplateBasedVm	Limited privileges to only use Templates.	Can use templates to create virtual machines.
DiskOperator	Virtual disk user.	Can use, view and edit virtual disks. Inherits permissions to use the virtual machine to which the virtual disk is attached.
VmCreator	Can create virtual machines in the User Portal.	This role is not applied to a specific virtual machine; apply this role to a user for the whole environment with the Configure window. Alternatively apply this role for specific data centers or clusters. When applying this role to a cluster, you must also apply the DiskCreator role on an entire data center, or on specific storage domains.
TemplateCreator	Can create, edit, manage and remove virtual machine templates within assigned resources.	This role is not applied to a specific template; apply this role to a user for the whole environment with the Configure window. Alternatively apply this role for specific data centers, clusters, or storage domains.
DiskCreator	Can create, edit, manage and remove virtual machine disks within assigned clusters or data centers.	This role is not applied to a specific virtual disk; apply this role to a user for the whole environment with the Configure window. Alternatively apply this role for specific data centers or storage domains.
TemplateOwner	Can edit and delete the template, assign and manage user permissions for the template.	This role is automatically assigned to the user who creates a template. Other users who do not have TemplateOwner permissions on a template cannot view or use the template.
NetworkUser	Logical network and network interface user for virtual machine and template.	Can attach or detach network interfaces from specific logical networks.

Role	Privileges	Notes
SuperUser	System Administrator of the Red Hat Enterprise Virtualization environment.	Has full permissions across all objects and levels, can manage all objects across all data centers.
ClusterAdmin	Cluster Administrator.	Possesses administrative permissions for all objects underneath a specific cluster.
DataCenterAdmin	Data Center Administrator.	Possesses administrative permissions for all objects underneath a specific data center except for storage.

Role	Privileges	Notes
TemplateAdmin	Administrator of a virtual machine template.	Can create, delete, and configure the storage domains and network details of templates, and move templates between domains.
StorageAdmin	Storage Administrator.	Can create, delete, configure, and manage an assigned storage domain.
HostAdmin	Host Administrator.	Can attach, remove, configure, and manage a specific host.
NetworkAdmin	Network Administrator.	Can configure and manage the network of a particular data center or cluster. A network administrator of a data center or cluster inherits network permissions for virtual pools within the cluster.
VmPoolAdmin	System Administrator of a virtual pool.	Can create, delete, and configure a virtual pool; assign and remove virtual pool users; and perform basic operations on a virtual machine in the pool.
GlusterAdmin	Gluster Storage Administrator.	Can create, delete, configure, and manage Gluster storage volumes.

Field Name	Description
Name	The name of the cluster policy. This is the name used to refer to the cluster policy in the Red Hat Enterprise Virtualization Manager.
Description	A description of the cluster policy. This field is recommended but not mandatory.
Filter Modules	A set of filters for controlling the hosts on which a virtual machine in a cluster can run. Enabling a filter will filter out hosts that do not meet the conditions specified by that filter, as outlined below: `PinToHost`: Hosts other than the host to which the virtual machine is pinned. `CPU-Level`: Hosts that do not meet the CPU topology of the virtual machine. `CPU`: Hosts with fewer CPUs than the number assigned to the virtual machine. `Memory`: Hosts that do not have sufficient memory to run the virtual machine. `VmAffinityGroups`: Hosts that do not meet the conditions specified for a virtual machine that is a member of an affinity group. For example, that virtual machines in an affinity group must run on the same host or on separate hosts. `HA`: Forces the hosted engine virtual machine to only run on hosts with a positive high availability score. `Network`: Hosts on which networks required by the network interface controller of a virtual machine are not installed, or on which the cluster's display network is not installed.
Weights Modules	A set of weightings for controlling the relative priority of factors considered when determining the hosts in a cluster on which a virtual machine can run. `OptimalForHaReservation`: Weights hosts in accordance with their high availability score. `None`: Weights hosts in accordance with the even distribution module. `OptimalForEvenGuestDistribution`: Weights hosts in accordance with the number of virtual machines running on those hosts. `VmAffinityGroups`: Weights hosts in accordance with the affinity groups defined for virtual machines. This weight module determines how likely virtual machines in an affinity group are to run on the same host or on separate hosts in accordance with the parameters of that affinity group. `OptimalForPowerSaving`: Weights hosts in accordance with their CPU usage, giving priority to hosts with higher CPU usage. `OptimalForEvenDistribution`: Weights hosts in accordance with their CPU usage, giving priority to hosts with lower CPU usage. `HA`: Weights hosts in accordance with their high availability score.
Load Balancer	This drop-down menu allows you to select a load balancing module to apply. Load balancing modules determine the logic used to migrate virtual machines from hosts experiencing high usage to hosts experiencing lower usage.
Properties	This drop-down menu allows you to add or remove properties for load balancing modules, and is only available when you have selected a load balancing module for the cluster policy. No properties are defined by default, and the properties that are available are specific to the load balancing module that is selected. Use the + and - buttons to add or remove additional properties to or from the load balancing module.

Field Name	Description
Data Center	The data center to which the Network QoS policy is to be added. This field is configured automatically according to the selected data center.
Name	A name to represent the network QoS policy within the Manager.
Inbound	The settings to be applied to inbound traffic. Select or clear the Inbound check box to enable or disable these settings. Average: The average speed of inbound traffic. Peak: The speed of inbound traffic during peak times. Burst: The speed of inbound traffic during bursts.
Outbound	The settings to be applied to outbound traffic. Select or clear the Outbound check box to enable or disable these settings. Average: The average speed of outbound traffic. Peak: The speed of outbound traffic during peak times. Burst: The speed of outbound traffic during bursts.

Field	Description/Action
Name	The name of the data center. This text field has a 40-character limit and must be a unique name with any combination of uppercase and lowercase letters, numbers, hyphens, and underscores.
Description	The description of the data center. This field is recommended but not mandatory.
Type	The storage type. Choose one of the following: Shared Local The type of data domain dictates the type of the data center and cannot be changed after creation without significant disruption. Multiple types of storage domains (iSCSI, NFS, FC, POSIX, and Gluster) can be added to the same data center, though local and shared domains cannot be mixed.
Compatibility Version	The version of Red Hat Enterprise Virtualization. Choose one of the following: 3.0 3.1 3.2 3.3 3.4 3.5 After upgrading the Red Hat Enterprise Virtualization Manager, the hosts, clusters and data centers may still be in the earlier version. Ensure that you have upgraded all the hosts, then the clusters, before you upgrade the Compatibility Level of the data center.
Quota Mode	Quota is a resource limitation tool provided with Red Hat Enterprise Virtualization. Choose one of: Disabled: Select if you do not want to implement Quota Audit: Select if you want to edit the Quota settings Enforced: Select to implement Quota

Role	Privileges	Notes
DataCenterAdmin	Data Center Administrator	Can use, create, delete, manage all physical and virtual resources within a specific data center except for storage, including clusters, hosts, templates and virtual machines.
NetworkAdmin	Network Administrator	Can configure and manage the network of a particular data center. A network administrator of a data center inherits network permissions for virtual machines within the data center as well.

Field	Description/Action
Data Center	The data center that will contain the cluster. The data center must be created before adding a cluster.
Name	The name of the cluster. This text field has a 40-character limit and must be a unique name with any combination of uppercase and lowercase letters, numbers, hyphens, and underscores.
Description / Comment	The description of the cluster or additional notes. These fields are recommended but not mandatory.
CPU Type	The CPU type of the cluster. Choose one of: Intel Conroe Family Intel Penryn Family Intel Nehalem Family Intel Westmere Family Intel SandyBridge Family Intel Haswell AMD Opteron G1 AMD Opteron G2 AMD Opteron G3 AMD Opteron G4 AMD Opteron G5 IBM POWER8 All hosts in a cluster must run either Intel, AMD, or IBM POWER8 CPU type; this cannot be changed after creation without significant disruption. The CPU type should be set to the oldest CPU model in the cluster. Only features present in all models can be used. For both Intel and AMD CPU types, the listed CPU models are in logical order from the oldest to the newest.
Compatibility Version	The version of Red Hat Enterprise Virtualization. Choose one of: 3.0 3.1 3.2 3.3 3.4 3.5 You will not be able to select a version older than the version specified for the data center.
CPU Architecture	The CPU architecture of the cluster. Choose one of: undefined x86_64 ppc64 This field only appears if a CPU Type is not specified.
Enable Virt Service	If this radio button is selected, hosts in this cluster will be used to run virtual machines.
Enable Gluster Service	If this radio button is selected, hosts in this cluster will be used as Red Hat Gluster Storage Server nodes, and not for running virtual machines. You cannot add a Red Hat Enterprise Virtualization Hypervisor host to a cluster with this option enabled.
Import existing gluster configuration	This check box is only available if the Enable Gluster Service radio button is selected. This option allows you to import an existing Gluster-enabled cluster and all its attached hosts to Red Hat Enterprise Virtualization Manager. The following options are required for each host in the cluster that is being imported: Address: Enter the IP or fully qualified domain name of the Gluster host server. Fingerprint: Red Hat Enterprise Virtualization Manager fetches the host's fingerprint, to ensure you are connecting with the correct host. Root Password: Enter the root password required for communicating with the host.
Enable to set VM maintenance reason	If this check box is selected, an optional reason field will appear when a virtual machine in the cluster is shut down from the Manager. This allows you to provide an explanation for the maintenance, which will appear in the logs and when the virtual machine is powered on again.
Required Random Number Generator sources:	If one of the following check boxes is selected, all hosts in the cluster must have that device available. This enables passthrough of entropy from the random number generator device to virtual machines. /dev/random source - The Linux-provided random number generator. /dev/hwrng source - An external hardware generator. Note that this feature is only supported on hosts running Red Hat Enterprise Linux 6.6 and later or Red Hat Enterprise Linux 7.0 and later.

Field	Description/Action
Memory Optimization	None - Disable memory overcommit: Disables memory page sharing. For Server Load - Allow scheduling of 150% of physical memory: Sets the memory page sharing threshold to 150% of the system memory on each host. For Desktop Load - Allow scheduling of 200% of physical memory: Sets the memory page sharing threshold to 200% of the system memory on each host.
CPU Threads	Selecting the Count Threads As Cores check box allows hosts to run virtual machines with a total number of processor cores greater than the number of cores in the host. The exposed host threads would be treated as cores which can be utilized by virtual machines. For example, a 24-core system with 2 threads per core (48 threads total) can run virtual machines with up to 48 cores each, and the algorithms to calculate host CPU load would compare load against twice as many potential utilized cores.
Memory Balloon	Selecting the Enable Memory Balloon Optimization check box enables memory overcommitment on virtual machines running on the hosts in this cluster. When this option is set, the Memory Overcommit Manager (MoM) will start ballooning where and when possible, with a limitation of the guaranteed memory size of every virtual machine. To have a balloon running, the virtual machine needs to have a balloon device with relevant drivers. Each virtual machine in cluster level 3.2 and higher includes a balloon device, unless specifically removed. Each host in this cluster receives a balloon policy update when its status changes to `Up`. If necessary, you can manually update the balloon policy on a host without having to change the status. See Section 5.2.5, “Updating the MoM Policy on Hosts in a Cluster”. It is important to understand that in some scenarios ballooning may collide with KSM. In such cases MoM will try to adjust the balloon size to minimize collisions. Additionally, in some scenarios ballooning may cause sub-optimal performance for a virtual machine. Administrators are advised to use ballooning optimization with caution.
KSM control	Selecting the Enable KSM check box enables MoM to run Kernel Same-page Merging (KSM) when necessary and when it can yield a memory saving benefit that outweighs its CPU cost.

State	Description
Non Operational	Non-operational hosts can be communicated with by the Manager, but have an incorrect configuration, for example a missing logical network. If a host becomes non-operational, the migration of virtual machines depends on the cluster resilience policy.
Non Responsive	Non-responsive hosts cannot be communicated with by the Manager. If a host becomes non-responsive, all virtual machines with high availability are restarted on a different host in the cluster.

Field	Description/Action
Migrate Virtual Machines	Migrates all virtual machines in order of their defined priority.
Migrate only Highly Available Virtual Machines	Migrates only highly available virtual machines to prevent overloading other hosts.
Do Not Migrate Virtual Machines	Prevents virtual machines from being migrated.

Field	Description/Action
Select Policy	Select a policy from the drop-down list. none: Set the policy value to none to have no load or power sharing between hosts. This is the default mode. evenly_distributed: Distributes the CPU processing load evenly across all hosts in the cluster. Additional virtual machines attached to a host will not start if that host has reached the defined Maximum Service Level. power_saving: Distributes the CPU processing load across a subset of available hosts to reduce power consumption on underutilized hosts. Hosts with a CPU load below the low utilization value for longer than the defined time interval will migrate all virtual machines to other hosts so that it can be powered down. Additional virtual machines attached to a host will not start if that host has reached the defined high utilization value. vm_evenly_distributed: Distributes virtual machines evenly between hosts based on a count of the virtual machines. The cluster is considered unbalanced if any host is running more virtual machines than the HighVmCount and there is at least one host with a virtual machine count that falls outside of the MigrationThreshold.
Properties	The following properties appear depending on the selected policy, and can be edited if necessary: HighVmCount: Sets the maximum number of virtual machines that can run on each host. Exceeding this limit qualifies the host as overloaded. The default value is 10. MigrationThreshold: Defines a buffer before virtual machines are migrated from the host. It is the maximum inclusive difference in virtual machine count between the most highly-utilized host and the least-utilized host. The cluster is balanced when every host in the cluster has a virtual machine count that falls inside the migration threshold. The default value is 5. SpmVmGrace: Defines the number of slots for virtual machines to be reserved on SPM hosts. The SPM host will have a lower load than other hosts, so this variable defines how many fewer virtual machines than other hosts it can run. The default value is 5. CpuOverCommitDurationMinutes: Sets the time (in minutes) that a host can run a CPU load outside of the defined utilization values before the cluster policy takes action. The defined time interval protects against temporary spikes in CPU load activating cluster policies and instigating unnecessary virtual machine migration. Maximum two characters. The default value is 2. HighUtilization: Expressed as a percentage. If the host runs with CPU usage at or above the high utilization value for the defined time interval, the Red Hat Enterprise Virtualization Manager migrates virtual machines to other hosts in the cluster until the host's CPU load is below the maximum service threshold. The default value is 80. LowUtilization: Expressed as a percentage. If the host runs with CPU usage below the low utilization value for the defined time interval, the Red Hat Enterprise Virtualization Manager will migrate virtual machines to other hosts in the cluster. The Manager will power down the original host machine, and restart it again when load balancing requires or there are not enough free hosts in the cluster. The default value is 20. ScaleDown: Reduces the impact of the HA Reservation weight function, by dividing a host's score by the specified amount. This is an optional property that can be added to any policy, including none. HostsInReserve: Specifies a number of hosts to keep running even though there are no running virtual machines on them. This is an optional property that can be added to the power_saving policy. EnableAutomaticHostPowerManagement: Enables automatic power management for all hosts in the cluster. This is an optional property that can be added to the power_saving policy. The default value is true.
Scheduler Optimization	Optimize scheduling for host weighing/ordering. Optimize for Utilization: Includes weight modules in scheduling to allow best selection. Optimize for Speed: Skips host weighting in cases where there are more than ten pending requests.
Enable Trusted Service	Enable integration with an OpenAttestation server. Before this can be enabled, use the `engine-config` tool to enter the OpenAttestation server's details.
Enable HA Reservation	Enable the Manager to monitor cluster capacity for highly available virtual machines. The Manager ensures that appropriate capacity exists within a cluster for virtual machines designated as highly available to migrate in the event that their existing host fails unexpectedly.
Provide custom serial number policy	This check box allows you to specify a serial number policy for the virtual machines in the cluster. Select one of the following options: Host ID: Sets the host's UUID as the virtual machine's serial number. Vm ID: Sets the virtual machine's UUID as its serial number. Custom serial number: Allows you to specify a custom serial number.

Field	Description/Action
Define SPICE Proxy for Cluster	Select this check box to enable overriding the SPICE proxy defined in global configuration. This feature is useful in a case where the user (who is, for example, connecting via the User Portal) is outside of the network where the hypervisors reside.
Overridden SPICE proxy address	The proxy by which the SPICE client will connect to virtual machines. The address must be in the following format: protocol://[host]:[port]

Name	Memory	vCPUs
Tiny	512 MB	1
Small	2 GB	1
Medium	4 GB	2
Large	8 GB	2
XLarge	16 GB	4

Bonding Scenario	Result
NIC + NIC	The Create New Bond window is displayed, and you can configure a new bond device. If the network interfaces carry incompatible logical networks, the bonding operation fails until you detach incompatible logical networks from the devices forming your new bond.
NIC + Bond	The NIC is added to the bond device. Logical networks carried by the NIC and the bond are all added to the resultant bond device if they are compatible. If the bond devices carry incompatible logical networks, the bonding operation fails until you detach incompatible logical networks from the devices forming your new bond.
Bond + Bond	If the bond devices are not attached to logical networks, or are attached to compatible logical networks, a new bond device is created. It contains all of the network interfaces, and carries all logical networks, of the component bond devices. The Create New Bond window is displayed, allowing you to configure your new bond. If the bond devices carry incompatible logical networks, the bonding operation fails until you detach incompatible logical networks from the devices forming your new bond.

Term	Definition
Brick	A brick is the GlusterFS basic unit of storage, represented by an export directory on a server in the trusted storage pool. A Brick is expressed by combining a server with an export directory in the following format: `SERVER:EXPORT` For example: `myhostname:/exports/myexportdir/`
Block Storage	Block special files or block devices correspond to devices through which the system moves data in the form of blocks. These device nodes often represent addressable devices such as hard disks, CD-ROM drives, or memory-regions. Red Hat Gluster Storage supports XFS file system with extended attributes.
Cluster	A trusted pool of linked computers, working together closely thus in many respects forming a single computer. In Red Hat Gluster Storage terminology a cluster is called a trusted storage pool.
Client	The machine that mounts the volume (this may also be a server).
Distributed File System	A file system that allows multiple clients to concurrently access data spread across multiple servers/bricks in a trusted storage pool. Data sharing among multiple locations is fundamental to all distributed file systems.
Geo-Replication	Geo-replication provides a continuous, asynchronous, and incremental replication service from site to another over Local Area Networks (LAN), Wide Area Network (WAN), and across the Internet.
glusterd	The Gluster management daemon that needs to run on all servers in the trusted storage pool.
Metadata	Metadata is data providing information about one or more other pieces of data.
N-way Replication	Local synchronous data replication typically deployed across campus or Amazon Web Services Availability Zones.
Namespace	Namespace is an abstract container or environment created to hold a logical grouping of unique identifiers or symbols. Each Red Hat Gluster Storage trusted storage pool exposes a single namespace as a POSIX mount point that contains every file in the trusted storage pool.
POSIX	Portable Operating System Interface (for Unix) is the name of a family of related standards specified by the IEEE to define the application programming interface (API), along with shell and utilities interfaces for software compatible with variants of the UNIX operating system. Red Hat Gluster Storage exports a fully POSIX compatible file system.
RAID	Redundant Array of Inexpensive Disks (RAID) is a technology that provides increased storage reliability through redundancy, combining multiple low-cost, less-reliable disk drives components into a logical unit where all drives in the array are interdependent.
RRDNS	Round Robin Domain Name Service (RRDNS) is a method to distribute load across application servers. RRDNS is implemented by creating multiple A records with the same name and different IP addresses in the zone file of a DNS server.
Server	The machine (virtual or bare-metal) which hosts the actual file system in which data will be stored.
Scale-Up Storage	Increases the capacity of the storage device, but only in a single dimension. An example might be adding additional disk capacity to a single computer in a trusted storage pool.
Scale-Out Storage	Increases the capability of a storage device in multiple dimensions. For example adding a server to a trusted storage pool increases CPU, disk capacity, and throughput for the trusted storage pool.
Subvolume	A subvolume is a brick after being processed by at least one translator.
Translator	A translator connects to one or more subvolumes, does something with them, and offers a subvolume connection.
Trusted Storage Pool	A storage pool is a trusted network of storage servers. When you start the first server, the storage pool consists of that server alone.
User Space	Applications running in user space do not directly interact with hardware, instead using the kernel to moderate access. User Space applications are generally more portable than applications in kernel space. Gluster is a user space application.
Virtual File System (VFS)	VFS is a kernel software layer that handles all system calls related to the standard Linux file system. It provides a common interface to several kinds of file systems.
Volume File	The volume file is a configuration file used by GlusterFS process. The volume file will usually be located at: `/var/lib/glusterd/vols/VOLNAME`.
Volume	A volume is a logical collection of bricks. Most of the Gluster management operations happen on the volume.

Operating System	Architecture	SPICE option support
Red Hat Enterprise Linux 3	32-bit, 64-bit	Yes
Red Hat Enterprise Linux 4	32-bit, 64-bit	Yes
Red Hat Enterprise Linux 5	32-bit, 64-bit	Yes
Red Hat Enterprise Linux 6	32-bit, 64-bit	Yes
Red Hat Enterprise Linux 7	64-bit	Yes
SUSE Linux Enterprise Server 10 (select Other Linux for the guest type in the user interface)	32-bit, 64-bit	No
SUSE Linux Enterprise Server 11 (SPICE drivers (QXL) are not supplied by Red Hat. However, the distribution's vendor may provide SPICE drivers as part of their distribution.)	32-bit, 64-bit	No
Ubuntu 12.04 (Precise Pangolin LTS)	32-bit, 64-bit	Yes
Ubuntu 12.10 (Quantal Quetzal)	32-bit, 64-bit	Yes
Ubuntu 13.04 (Raring Ringtail)	32-bit, 64-bit	No
Ubuntu 13.10 (Saucy Salamander)	32-bit, 64-bit	Yes
Windows XP Service Pack 3 and newer	32-bit	Yes
Windows 7	32-bit, 64-bit	Yes
Windows 8	32-bit, 64-bit	Yes
Windows 8.1	32-bit, 64-bit	Yes
Windows Server 2003 Service Pack 2 and newer	32-bit, 64-bit	Yes
Windows Server 2003 R2	32-bit, 64-bit	Yes
Windows Server 2008	32-bit, 64-bit	Yes
Windows Server 2008 R2	64-bit	Yes
Windows Server 2012	64-bit	Yes
Windows Server 2012 R2	64-bit	No

Field	Description/Action
Enable fencing	Enables fencing on the cluster. Fencing is enabled by default, but can be disabled if required; for example, if temporary network issues are occurring or expected, administrators can disable fencing until diagnostics or maintenance activities are completed. Note that if fencing is disabled, highly available virtual machines running on non-responsive hosts will not be restarted elsewhere.
Skip fencing if host has live lease on storage	If this check box is selected, any hosts in the cluster that are Non Responsive and still connected to storage will not be fenced.
Skip fencing on cluster connectivity issues	If this check box is selected, fencing will be temporarily disabled if the percentage of hosts in the cluster that are experiencing connectivity issues is greater than or equal to the defined Threshold. The Threshold value is selected from the drop-down list; available values are 25, 50, 75, and 100.

Field	Description
Use a common password	Tick this check box to use the same password for all hosts belonging to the cluster. Enter the password in the Password field, then click the Apply button to set the password on all hosts.
Name	Enter the name of the host.
Hostname/IP	This field is automatically populated with the fully qualified domain name or IP of the host you provided in the New Cluster window.
Root Password	Enter a password in this field to use a different root password for each host. This field overrides the common password provided for all hosts in the cluster.
Fingerprint	The host fingerprint is displayed to ensure you are connecting with the correct host. This field is automatically populated with the fingerprint of the host you provided in the New Cluster window.

Field	Description/Action
Assign	Assigns the logical network to all hosts in the cluster.
Required	A Network marked "required" must remain operational in order for the hosts associated with it to function properly. If a required network ceases to function, any hosts associated with it become non-operational.
VM Network	A logical network marked "VM Network" carries network traffic relevant to the virtual machine network.
Display Network	A logical network marked "Display Network" carries network traffic relevant to SPICE and to the virtual network controller.
Migration Network	A logical network marked "Migration Network" carries virtual machine and storage migration traffic.

Role	Privileges	Notes
ClusterAdmin	Cluster Administrator	Can use, create, delete, manage all physical and virtual resources in a specific cluster, including hosts, templates and virtual machines. Can configure network properties within the cluster such as designating display networks, or marking a network as required or non-required. However, a ClusterAdmin does not have permissions to attach or detach networks from a cluster, to do so NetworkAdmin permissions are required.
NetworkAdmin	Network Administrator	Can configure and manage the network of a particular cluster. A network administrator of a cluster inherits network permissions for virtual machines within the cluster as well.

Field Name	Description
Name	The name of the logical network. This text field has a 15-character limit and must be a unique name with any combination of uppercase and lowercase letters, numbers, hyphens, and underscores.
Description	The description of the logical network. This text field has a 40-character limit.
Comment	A field for adding plain text, human-readable comments regarding the logical network.
Create on external provider	Allows you to create the logical network to an OpenStack Networking instance that has been added to the Manager as an external provider. External Provider - Allows you to select the external provider on which the logical network will be created.
Enable VLAN tagging	VLAN tagging is a security feature that gives all network traffic carried on the logical network a special characteristic. VLAN-tagged traffic cannot be read by interfaces that do not also have that characteristic. Use of VLANs on logical networks also allows a single network interface to be associated with multiple, differently VLAN-tagged logical networks. Enter a numeric value in the text entry field if VLAN tagging is enabled.
VM Network	Select this option if only virtual machines use this network. If the network is used for traffic that does not involve virtual machines, such as storage communications, do not select this check box.
MTU	Choose either Default, which sets the maximum transmission unit (MTU) to the value given in the parenthesis (), or Custom to set a custom MTU for the logical network. You can use this to match the MTU supported by your new logical network to the MTU supported by the hardware it interfaces with. Enter a numeric value in the text entry field if Custom is selected.
Network Label	Allows you to specify a new label for the network or select from existing labels already attached to host network interfaces. If you select an existing label, the logical network will be automatically assigned to all host network interfaces with that label.

Field Name	Description
Network	A drop-down menu of the available networks to apply the vNIC profile.
Name	The name of the vNIC profile. This must be a unique name with any combination of uppercase and lowercase letters, numbers, hyphens, and underscores between 1 and 50 characters.
Description	The description of the vNIC profile. This field is recommended but not mandatory.
QoS	A drop-down menu of the available Network Quality of Service policies to apply to the vNIC profile. QoS policies regulate inbound and outbound network traffic of the vNIC.
Port Mirroring	A check box to toggle port mirroring. Port mirroring copies layer 3 network traffic on the logical network to a virtual interface on a virtual machine. It it not selected by default.
Device Custom Properties	A drop-down menu to select available custom properties to apply to the vNIC profile. Use the + and - buttons to add and remove properties respectively.
Allow all users to use this Profile	A check box to toggle the availability of the profile to all users in the environment. It is selected by default.

Role	Privileges	Notes
NetworkAdmin	Network Administrator for data center, cluster, host, virtual machine, or template. The user who creates a network is automatically assigned NetworkAdmin permissions on the created network.	Can configure and manage the network of a particular data center, cluster, host, virtual machine, or template. A network administrator of a data center or cluster inherits network permissions for virtual pools within the cluster. To configure port mirroring on a virtual machine network, apply the NetworkAdmin role on the network and the UserVmManager role on the virtual machine.
NetworkUser	Logical network and network interface user for virtual machine and template.	Can attach or detach network interfaces from specific logical networks.

Field Name	Description
Data Center	The data center to which the host belongs. Red Hat Enterprise Virtualization Hypervisor hosts cannot be added to Gluster-enabled clusters.
Host Cluster	The cluster to which the host belongs.
Use Foreman Hosts Providers	Select or clear this check box to view or hide options for adding hosts provided by Foreman hosts providers. The following options are also available: Discovered Hosts Discovered Hosts - A drop-down list that is populated with the name of Foreman hosts discovered by the engine. Host Groups -A drop-down list of host groups available. Compute Resources - A drop-down list of hypervisors to provide compute resources. Provisioned Hosts Providers Hosts - A drop-down list that is populated with the name of hosts provided by the selected external provider. The entries in this list are filtered in accordance with any search queries that have been input in the Provider search filter. Provider search filter - A text field that allows you to search for hosts provided by the selected external provider. This option is provider-specific; see provider documentation for details on forming search queries for specific providers. Leave this field blank to view all available hosts.
Name	The name of the cluster. This text field has a 40-character limit and must be a unique name with any combination of uppercase and lowercase letters, numbers, hyphens, and underscores.
Comment	A field for adding plain text, human-readable comments regarding the host.
Address	The IP address, or resolvable hostname of the host.
Password	The password of the host's root user. This can only be given when you add the host; it cannot be edited afterwards.
SSH PublicKey	Copy the contents in the text box to the `/root/.known_hosts` file on the host to use the Manager's ssh key instead of using a password to authenticate with the host.
Automatically configure host firewall	When adding a new host, the Manager can open the required ports on the host's firewall. This is enabled by default. This is an Advanced Parameter.
Use JSON protocol	This is enabled by default. This is an Advanced Parameter.
SSH Fingerprint	You can fetch the host's SSH fingerprint, and compare it with the fingerprint you expect the host to return, ensuring that they match. This is an Advanced Parameter.

Field Name	Description
Kdump integration	Prevents the host from fencing while performing a kernel crash dump, so that the crash dump is not interrupted. Kdump is available by default on new Red Hat Enterprise Linux 6.6 and 7.1 hosts and Hypervisors. If kdump is available on the host, but its configuration is not valid (the kdump service cannot be started), enabling Kdump integration will cause the host (re)installation to fail. If this is the case, see Section 7.7.4, “fence_kdump Advanced Configuration”.
Primary/ Secondary	Prior to Red Hat Enterprise Virtualization 3.2, a host with power management configured only recognized one fencing agent. Fencing agents configured on version 3.1 and earlier, and single agents, are treated as primary agents. The secondary option is valid when a second agent is defined.
Concurrent	Valid when there are two fencing agents, for example for dual power hosts in which each power switch has two agents connected to the same power switch. If this check box is selected, both fencing agents are used concurrently when a host is fenced. This means that both fencing agents have to respond to the Stop command for the host to be stopped; if one agent responds to the Start command, the host will go up. If this check box is not selected, the fencing agents are used sequentially. This means that to stop or start a host, the primary agent is used first, and if it fails, the secondary agent is used.
Address	The address to access your host's power management device. Either a resolvable hostname or an IP address.
User Name	User account with which to access the power management device. You can set up a user on the device, or use the default user.
Password	Password for the user accessing the power management device.
Type	The type of power management device in your host. Choose one of the following: apc - APC MasterSwitch network power switch. Not for use with APC 5.x power switch devices. apc_snmp - Use with APC 5.x power switch devices. bladecenter - IBM Bladecenter Remote Supervisor Adapter. cisco_ucs - Cisco Unified Computing System. drac5 - Dell Remote Access Controller for Dell computers. drac7 - Dell Remote Access Controller for Dell computers. eps - ePowerSwitch 8M+ network power switch. hpblade - HP BladeSystem. ilo, ilo2, ilo3, ilo4 - HP Integrated Lights-Out. ipmilan - Intelligent Platform Management Interface and Sun Integrated Lights Out Management devices. rsa - IBM Remote Supervisor Adapter. rsb - Fujitsu-Siemens RSB management interface. wti - WTI Network Power Switch.
Port	The port number used by the power management device to communicate with the host.
Options	Power management device specific options. Enter these as 'key=value' or 'key'. See the documentation of your host's power management device for the options available. For Red Hat Enterprise Linux 7 hosts, if you are using cisco_ucs as the power management device, you also need to append `ssl_insecure=1` to the Options field.
Secure	Select this check box to allow the power management device to connect securely to the host. This can be done via ssh, ssl, or other authentication protocols depending on and supported by the power management agent.
Source	Specifies whether the host will search within its cluster or data center for a fencing proxy. Use the Up and Down buttons to change the sequence in which the resources are used.
Disable policy control of power management	Power management is controlled by the Cluster Policy of the host's cluster. If power management is enabled and the defined low utilization value is reached, the Manager will power down the host machine, and restart it again when load balancing requires or there are not enough free hosts in the cluster. Select this check box to disable policy control.

Variable	Description	Default	Note
LISTENER_ADDRESS	Defines the IP address to receive fence_kdump messages on.	0.0.0.0	If the value of this parameter is changed, it must match the value of `FenceKdumpDestinationAddress` in `engine-config`.
LISTENER_PORT	Defines the port to receive fence_kdump messages on.	7410	If the value of this parameter is changed, it must match the value of `FenceKdumpDestinationPort` in `engine-config`.
HEARTBEAT_INTERVAL	Defines the interval in seconds of the listener's heartbeat updates.	30	If the value of this parameter is changed, it must be half the size or smaller than the value of `FenceKdumpListenerTimeout` in `engine-config`.
SESSION_SYNC_INTERVAL	Defines the interval in seconds to synchronize the listener's host kdumping sessions in memory to the database.	5	If the value of this parameter is changed, it must be half the size or smaller than the value of `KdumpStartedTimeout` in `engine-config`.
REOPEN_DB_CONNECTION_INTERVAL	Defines the interval in seconds to reopen the database connection which was previously unavailable.	30	-
KDUMP_FINISHED_TIMEOUT	Defines the maximum timeout in seconds after the last received message from kdumping hosts after which the host kdump flow is marked as FINISHED.	60	If the value of this parameter is changed, it must be double the size or higher than the value of `FenceKdumpMessageInterval` in `engine-config`.

Administration Guide

Administration Tasks in Red Hat Enterprise Virtualization

Red Hat Enterprise Virtualization Documentation Team

Legal Notice

⁠Chapter 1. Introduction

⁠1.1. Red Hat Enterprise Virtualization Architecture

⁠1.2. Red Hat Enterprise Virtualization System Components

⁠1.3. Red Hat Enterprise Virtualization Resources

⁠1.4. Red Hat Enterprise Virtualization API Support Statement

⁠1.5. Administering and Maintaining the Red Hat Enterprise Virtualization Environment

⁠Chapter 2. Using the Administration Portal

⁠2.1. Browser and Client Requirements

⁠2.2. Graphical User Interface Elements

⁠2.3. Tree Mode and Flat Mode

⁠2.4. Using the Guide Me Facility

⁠2.5. Performing Searches in Red Hat Enterprise Virtualization

⁠2.6. Saving a Query String as a Bookmark

⁠2.7. The Configure Window

⁠2.7.1. Roles

⁠2.7.1.1. Creating a New Role

⁠2.7.1.2. Editing or Copying a Role

⁠2.7.1.3. User Role and Authorization Examples

⁠2.7.2. System Permissions

⁠2.7.2.1. User Properties

⁠2.7.2.2. User and Administrator Roles

⁠2.7.2.3. User Roles Explained

⁠2.7.2.4. Administrator Roles Explained

⁠2.7.3. Cluster Policies

⁠2.7.3.1. Creating a Cluster Policy

⁠2.7.3.2. Explanation of Settings in the New Cluster Policy and Edit Cluster Policy Window

⁠2.7.4. Instance Types

⁠2.7.4.1. Creating Instance Types

⁠2.7.4.2. Editing Instance Types

⁠2.7.4.3. Removing Instance Types

⁠Part I. Administering the Resources

⁠Chapter 3. Quality of Service

⁠3.1. Storage Quality of Service

⁠3.1.1. Creating a Storage Quality of Service Entry

⁠3.1.2. Removing a Storage Quality of Service Entry

⁠3.2. Network Quality of Service

⁠3.2.1. Creating a Network Quality of Service Entry

⁠3.2.2. Settings in the New Network QoS and Edit Network QoS Windows Explained

⁠3.2.3. Removing a Network Quality of Service Entry

⁠3.3. CPU Quality of Service

⁠3.3.1. Creating a CPU Quality of Service Entry

⁠3.3.2. Removing a CPU Quality of Service Entry

⁠Chapter 4. Data Centers

⁠4.1. Introduction to Data Centers

⁠4.2. The Storage Pool Manager

⁠4.3. SPM Priority

⁠4.4. Using the Events Tab to Identify Problem Objects in Data Centers

⁠4.5. Data Center Tasks

⁠4.5.1. Creating a New Data Center

⁠4.5.2. Explanation of Settings in the New Data Center and Edit Data Center Windows

⁠4.5.3. Editing a Resource

⁠4.5.4. Creating a New Logical Network in a Data Center or Cluster

⁠4.5.5. Removing a Logical Network

⁠4.5.6. Re-Initializing a Data Center: Recovery Procedure

⁠4.5.7. Removing a Data Center

⁠4.5.8. Force Removing a Data Center

⁠4.5.9. Changing the Data Center Compatibility Version

⁠4.6. Data Centers and Storage Domains

⁠4.6.1. Attaching an Existing Data Domain to a Data Center

⁠4.6.2. Attaching an Existing ISO domain to a Data Center

⁠4.6.3. Attaching an Existing Export Domain to a Data Center

⁠4.6.4. Detaching a Storage Domain from a Data Center

⁠4.6.5. Activating a Storage Domain from Maintenance Mode

⁠4.7. Data Centers and Permissions

⁠4.7.1. Managing System Permissions for a Data Center

⁠4.7.2. Data Center Administrator Roles Explained

⁠4.7.3. Assigning an Administrator or User Role to a Resource

⁠4.7.4. Removing an Administrator or User Role from a Resource

⁠Chapter 5. Clusters

⁠5.1. Introduction to Clusters

⁠5.2. Cluster Tasks

⁠5.2.1. Creating a New Cluster

⁠5.2.2. Explanation of Settings and Controls in the New Cluster and Edit Cluster Windows

⁠5.2.2.1. General Cluster Settings Explained

⁠5.2.2.2. Optimization Settings Explained

⁠5.2.2.3. Resilience Policy Settings Explained

Variable	Description	Default	Note
FenceKdumpDestinationAddress	Defines the hostname(s) or IP address(es) to send fence_kdump messages to. If empty, the Manager's FQDN is used.	Empty string (Manager FQDN is used)	If the value of this parameter is changed, it must match the value of `LISTENER_ADDRESS` in the fence_kdump listener configuration file, and all hosts with Kdump integration enabled must be reinstalled.
FenceKdumpDestinationPort	Defines the port to send fence_kdump messages to.	7410	If the value of this parameter is changed, it must match the value of `LISTENER_PORT` in the fence_kdump listener configuration file, and all hosts with Kdump integration enabled must be reinstalled.
FenceKdumpMessageInterval	Defines the interval in seconds between messages sent by fence_kdump.	5	If the value of this parameter is changed, it must be half the size or smaller than the value of `KDUMP_FINISHED_TIMEOUT` in the fence_kdump listener configuration file, and all hosts with Kdump integration enabled must be reinstalled.
FenceKdumpListenerTimeout	Defines the maximum timeout in seconds since the last heartbeat to consider the fence_kdump listener alive.	90	If the value of this parameter is changed, it must be double the size or higher than the value of `HEARTBEAT_INTERVAL` in the fence_kdump listener configuration file.
KdumpStartedTimeout	Defines the maximum timeout in seconds to wait until the first message from the kdumping host is received (to detect that host kdump flow has started).	30	If the value of this parameter is changed, it must be double the size or higher than the value of `SESSION_SYNC_INTERVAL` in the fence_kdump listener configuration file, and `FenceKdumpMessageInterval`.

Role	Privileges	Notes
StorageAdmin	Storage Administrator	Can create, delete, configure and manage a specific storage domain.
GlusterAdmin	Gluster Storage Administrator	Can create, delete, configure and manage Gluster storage volumes.

Field Name	Description
Volume Type	Displays the type of volume. This field cannot be changed; it was set when you created the volume.
Server	The server where the bricks are hosted.
Brick Directory	The brick directory or mountpoint.

Parameter	Number	Note
Virtualized CPUs	160	Per virtual machine running on a Red Hat Enterprise Linux 6 host.
Virtualized CPUs	240	Per virtual machine running on a Red Hat Enterprise Linux 7 host.
Virtualized RAM	4000 GB	For a 64 bit virtual machine.
Virtualized RAM	4GB	Per 32 bit virtual machine. Note, the virtual machine may not register the entire 4 GB. The amount of RAM that the virtual machine recognizes is limited by its operating system.
Virtualized storage devices	8	Per virtual machine.
Virtualized network interface controllers	8	Per virtual machine.
Virtualized PCI devices	32	Per virtual machine.

Field Name	Description
Cluster	The name of the host cluster to which the virtual machine is attached. Virtual machines are hosted on any physical machine in that cluster in accordance with policy rules.
Based on Template	The template on which the virtual machine can be based. This field is set to `Blank` by default, which allows you to create a virtual machine on which an operating system has not yet been installed.
Template Sub Version	The version of the template on which the virtual machine can be based. This field is set to the most recent version for the given template by default. If no versions other than the base template are available, this field is set to `base template` by default. Each version is marked by a number in brackets that indicates the relative order of the versions, with higher numbers indicating more recent versions.
Operating System	The operating system. Valid values include a range of Red Hat Enterprise Linux and Windows variants.
Instance Type	The instance type on which the virtual machine's hardware configuration can be based. This field is set to Custom by default, which means the virtual machine is not connected to an instance type. The other options available from this drop down menu are Large, Medium, Small, Tiny, XLarge, and any custom instance types that the Administrator has created. Other settings that have a chain link icon next to them are pre-filled by the selected instance type. If one of these values is changed, the virtual machine will be detached from the instance type and the chain icon will appear broken. However, if the changed setting is restored to its original value, the virtual machine will be reattached to the instance type and the links in the chain icon will rejoin.
Optimized for	The type of system for which the virtual machine is to be optimized. There are two options: Server, and Desktop; by default, the field is set to Server. Virtual machines optimized to act as servers have no sound card, use a cloned disk image, and are not stateless. In contrast, virtual machines optimized to act as desktop machines do have a sound card, use an image (thin allocation), and are stateless.
Name	The name of the virtual machine. Names must not contain any spaces, and must contain at least one character from A-Z or 0-9. The maximum length of a virtual machine name is 255 characters.
Description	A meaningful description of the new virtual machine.
Comment	A field for adding plain text human-readable comments regarding the virtual machine.
Stateless	Select this check box to run the virtual machine in stateless mode. This mode is used primarily for desktop VMs. Running a stateless desktop or server creates a new COW layer on the VM hard disk image where new and changed data is stored. Shutting down the stateless VM deletes the new COW layer, which returns the VM to its original state. Stateless VMs are useful when creating machines that need to be used for a short time, or by temporary staff.
Start in Pause Mode	Select this check box to always start the virtual machine in pause mode. This option is suitable for VMs which require a long time to establish a SPICE connection; for example, VMs in remote locations.
Delete Protection	Select this check box to make it impossible to delete the virtual machine. It is only possible to delete the virtual machine if this check box is not selected.

Field Name	Description
Memory Size	The amount of memory assigned to the virtual machine. When allocating memory, consider the processing and storage needs of the applications that are intended to run on the virtual machine. Maximum guest memory is constrained by the selected guest architecture and the cluster compatibility level.
Total Virtual CPUs	The processing power allocated to the virtual machine as CPU Cores. Do not assign more cores to a virtual machine than are present on the physical host.
Cores per Virtual Socket	The number of cores assigned to each virtual socket.
Virtual Sockets	The number of CPU sockets for the virtual machine. Do not assign more sockets to a virtual machine than are present on the physical host.
Time Zone	This option sets the time zone offset of the guest hardware clock. For Windows, this should correspond to the time zone set in the guest. Most default Linux installations expect the hardware clock to be GMT+00:00.
Provide custom serial number policy	This checkbox allows you to specify a serial number for the virtual machine. Select either: Host ID: Sets the host's UUID as the virtual machine's serial number. Vm ID: Sets the virtual machine's UUID as its serial number. Custom serial number: Allows you to specify a custom serial number.

Field Name	Operating System	Description
Use Cloud-Init/Sysprep	Linux, Windows	This check box toggles whether Cloud-Init or Sysprep will be used to initialize the virtual machine.
VM Hostname	Linux, Windows	The host name of the virtual machine.
Domain	Windows	The Active Directory domain to which the virtual machine belongs.
Organization Name	Windows	The name of the organization to which the virtual machine belongs. This option corresponds to the text field for setting the organization name displayed when a machine running Windows is started for the first time.
Active Directory OU	Windows	The organizational unit in the Active Directory domain to which the virtual machine belongs.
Configure Time Zone	Linux, Windows	The time zone for the virtual machine. Select this check box and select a time zone from the Time Zone list.
Admin Password	Windows	The administrative user password for the virtual machine. Click the disclosure arrow to display the settings for this option. Use already configured password: This check box is automatically selected after you specify an initial administrative user password. You must clear this check box to enable the Admin Password and Verify Admin Password fields and specify a new password. Admin Password: The administrative user password for the virtual machine. Enter the password in this text field and the Verify Admin Password text field to verify the password.
Authentication	Linux	The authentication details for the virtual machine. Click the disclosure arrow to display the settings for this option. Use already configured password: This check box is automatically selected after you specify an initial root password. You must clear this check box to enable the Password and Verify Password fields and specify a new password. Password: The root password for the virtual machine. Enter the password in this text field and the Verify Password text field to verify the password. SSH Authorized Keys: SSH keys to be added to the authorized keys file of the virtual machine. You can specify multiple SSH keys by entering each SSH key on a new line. Regenerate SSH Keys: Regenerates SSH keys for the virtual machine.
Custom Locale	Windows	Custom locale options for the virtual machine. Locales must be in a format such as `en-US`. Click the disclosure arrow to display the settings for this option. Input Locale: The locale for user input. UI Language: The language used for user interface elements such as buttons and menus. System Locale: The locale for the overall system. User Locale: The locale for users.
Networks	Linux	Network-related settings for the virtual machine. Click the disclosure arrow to display the settings for this option. DNS Servers: The DNS servers to be used by the virtual machine. DNS Search Domains: The DNS search domains to be used by the virtual machine. Network: Configures network interfaces for the virtual machine. Select this check box and click + or - to add or remove network interfaces to or from the virtual machine. When you click +, a set of fields becomes visible that can specify whether to use DHCP, and configure an IP address, netmask, and gateway, and specify whether the network interface will start on boot.
Custom Script	Linux	Custom scripts that will be run on the virtual machine when it starts. The scripts entered in this field are custom YAML sections that are added to those produced by the Manager, and allow you to automate tasks such as creating users and files, configuring yum repositories and running commands. For more information on the format of scripts that can be entered in this field, see the Custom Script documentation.
Sysprep	Windows	A custom Sysprep definition. The definition must be in the format of a complete unattended installation answer file. You can copy and paste the default answer files in the `/usr/share/ovirt-engine/conf/sysprep/` directory on the machine on which the Red Hat Enterprise Virtualization Manager is installed and alter the fields as required.

Field Name	Description
Protocol	Defines which display protocol to use. SPICE is the recommended protocol for Linux and Windows virtual machines. Optionally, select VNC for Linux virtual machines. A VNC client is required to connect to a virtual machine using the VNC protocol.
VNC Keyboard Layout	Defines the keyboard layout for the virtual machine. This option is only available when using the VNC protocol.
USB Support	Defines whether USB devices can be used on the virtual machine. This option is only available for virtual machines using the SPICE protocol. Select either: Disabled - Does not allow USB redirection from the client machine to the virtual machine. Legacy - Enables the SPICE USB redirection policy used in Red Hat Enterprise Virtualization 3.0. This option can only be used on Windows virtual machines, and will not be supported in future versions of Red Hat Enterprise Virtualization. Native - Enables native KVM/SPICE USB redirection for Linux and Windows virtual machines. Virtual machines do not require any in-guest agents or drivers for native USB. This option can only be used if the virtual machine's cluster compatibility version is set to 3.1 or higher.
Monitors	The number of monitors for the virtual machine. This option is only available for virtual desktops using the SPICE display protocol. You can choose 1, 2 or 4. Note that multiple monitors are not supported for Windows 8 and Windows Server 2012 virtual machines.
Smartcard Enabled	Smart cards are an external hardware security feature, most commonly seen in credit cards, but also used by many businesses as authentication tokens. Smart cards can be used to protect Red Hat Enterprise Virtualization virtual machines. Tick or untick the check box to activate and deactivate Smart card authentication for individual virtual machines.
Disable strict user checking	Click the Advanced Parameters arrow and select the check box to use this option. With this option selected, the virtual machine does not need to be rebooted when a different user connects to it. By default, strict checking is enabled so that only one user can connect to the console of a virtual machine. No other user is able to open a console to the same virtual machine until it has been rebooted. The exception is that a `SuperUser` can connect at any time and replace a existing connection. When a `SuperUser` has connected, no normal user can connect again until the virtual machine is rebooted. Disable strict checking with caution, because you can expose the previous user's session to the new user.
Soundcard Enabled	A sound card device is not necessary for all virtual machine use cases. If it is for yours, enable a sound card here.
VirtIO Console Device Enabled	The VirtIO console device is a console over VirtIO transport for communication between the host user space and guest user space. It has two parts: device emulation in QEMU that presents a virtio-pci device to the guest, and a guest driver that presents a character device interface to user space applications. Tick the check box to attach a VirtIO console device to your virtual machine.
Enable SPICE clipboard copy and paste	Defines whether a user is able to copy and paste content from an external host into the virtual machine's SPICE console. This option is only available for virtual machines using the SPICE protocol. This check box is selected by default.

Field Name	Description
Start Running On	Defines the preferred host on which the virtual machine is to run. Select either: Any Host in Cluster - The virtual machine can start and run on any available host in the cluster. Specific - The virtual machine will start running on a particular host in the cluster. However, the Manager or an administrator can migrate the virtual machine to a different host in the cluster depending on the migration and high-availability settings of the virtual machine. Select the specific host from the drop-down list of available hosts.
Migration Options	Defines options to run and migrate the virtual machine. If the options here are not used, the virtual machine will run or migrate according to its cluster's policy. Allow manual and automatic migration - The virtual machine can be automatically migrated from one host to another in accordance with the status of the environment, or manually by an administrator. Allow manual migration only - The virtual machine can only be migrated from one host to another manually by an administrator. Do not allow migration - The virtual machine cannot be migrated, either automatically or manually. The Use custom migration downtime check box allows you to specify the maximum number of milliseconds the virtual machine can be down during live migration. Configure different maximum downtimes for each virtual machine according to its workload and SLA requirements. The VDSM default value is 0. The Pass-Through Host CPU check box allows virtual machines to take advantage of the features of the physical CPU of the host on which they are situated. This option can only be enabled when Do not allow migration is selected.
Configure NUMA	Defines options for virtual NUMA nodes. These options are only available if the virtual machine's host has at least two NUMA nodes. NUMA Node Count allows you to specify the number of virtual NUMA nodes to assign to the virtual machine. If the Tune Mode is Preferred, this value must be set to `1`. Tune Mode defines the method used to allocate memory. Choose one of the following from the drop-down list: Strict: Memory allocation will fail if the memory cannot be allocated on the target node. Preferred: Memory is allocated from a single preferred node. If sufficient memory is not available, memory can be allocated from other nodes. Interleave: Memory is allocated across nodes in a round-robin algorithm. The NUMA Pinning button opens the NUMA Topology window. This window shows the host's total CPUs, memory, and NUMA nodes, and the virtual machine's virtual NUMA nodes. Pin virtual NUMA nodes to host NUMA nodes by clicking and dragging each vNUMA from the box on the right to a NUMA node on the left.

Field Name	Description
Highly Available	Select this check box if the virtual machine is to be highly available. For example, in cases of host maintenance, all virtual machines are automatically live migrated to another host. If the host crashed and is in a non-responsive state, only virtual machines with high availability are restarted on another host. If the host is manually shut down by the system administrator, the virtual machine is not automatically live migrated to another host. Note that this option is unavailable if the Migration Options setting in the Hosts tab is set to either Allow manual migration only or Do not allow migration. For a virtual machine to be highly available, it must be possible for the Manager to migrate the virtual machine to other available hosts as necessary.
Priority for Run/Migration queue	Sets the priority level for the virtual machine to be migrated or restarted on another host.
Watchdog	Allows users to attach a watchdog card to a virtual machine. A watchdog is a timer that is used to automatically detect and recover from failures. Once set, a watchdog timer continually counts down to zero while the system is in operation, and is periodically restarted by the system to prevent it from reaching zero. If the timer reaches zero, it signifies that the system has been unable to reset the timer and is therefore experiencing a failure. Corrective actions are then taken to address the failure. This functionality is especially useful for servers that demand high availability. Watchdog Model: The model of watchdog card to assign to the virtual machine. At current, the only supported model is i6300esb. Watchdog Action: The action to take if the watchdog timer reaches zero. The following actions are available: none - No action is taken. However, the watchdog event is recorded in the audit log. reset - The virtual machine is reset and the Manager is notified of the reset action. poweroff - The virtual machine is immediately shut down. dump - A dump is performed and the virtual machine is paused. pause - The virtual machine is paused, and can be resumed by users.