Technical Notes for Red Hat Virtualization 4.0 and Associated Packages
Chapter 1. RHEA-2016:1743 Red Hat Virtualization Manager 4.0 GA Enhancement (ovirt-engine)
Previously, when the Manager tried to prestart a virtual machine from a virtual machine pool, it was possible that a user could try to run the same virtual machine at the same time. In this case, the User Portal displayed an 'Internal error' message. This issue was fixed and now it is not possible for a user to run the same virtual machine that is being prestarted by the Manager.
Previously, live merge tasks which completed displayed as running in the Manager. The task will now be presented as completed in the Manager, and will be removed from the appropriate database.
This update fixes a race condition that exists during automatic startup of prestarted virtual machines in virtual machine pools and manual operations of virtual machines in the pool. The condition caused virtual machines to lose its disks while being returned to the virtual machine pool.
This release adds the ability to register unregistered floating disks through the GUI. Previously, because floating disks are not part of any virtual machine or template, the user could only register floating disks from the REST API, not from the GUI. Now there is a subtab in the GUI called "Import Disk" which allows the user to register a floating disk into the setup. Storage domains also support a functionality called "Scan Disks", which scans the storage domain for unregistered floating disks that are not reflected in the setup. This can be helpful for managing disks from external storage domains.
Previously during VDSM restart, the host would still respond to queries over JSON-RPC protocol from the Manager, which could result in the Manager reporting the incorrect virtual machine state. This could cause a highly available virtual machine to restart despite it already running. This has been fixed and the API calls are blocked during the VDSM service startup.
Previously, it was only possible to remove a base template if there was no template sub-version based upon it. This update allows the removal of a base template, even if there are template sub-versions based upon it. The sub-version with lowest version number becomes the next base template for all other sub-versions. Version numbers are not affected meaning that the version number of the base template no longer needs to be 1.
Red Hat Virtualization Manager runs on Red Hat Enterprise Linux 7 with Red Hat JBoss Enterprise Application Platform 7.0.
Previously, when a virtual machine was added to an existing virtual machine pool via the REST API the virtual machines did not get the correct initialized parameters using sysprep or cloud-init. Now, this has been corrected and the virtual machines will get the correct initialized parameters using sysprep or cloud-init.
With this update, a new configuration variable, ovirt.engine.aaa.authn.default.profile, has been added to the authn configuration file. Setting this variable ensures that the profile drop-down menu on the login page defaults to the selected profile. To configure this feature, add ovirt.engine.aaa.authn.default.profile to the authn configuration file for a selected profile and set the value to true then restart the ovirt-engine service. If the ovirt.engine.aaa.authn.default.profile variable is not defined in the authn configuration file the drop-down menu defaults to internal.
A virtual machine can now override the cluster compatibility version, meaning that within a cluster with a 4.0 compatibility level, there can be virtual machines with 3.6 compatibility, retaining the configuration and behavior of 3.6. That is 4.0 features are not applied to them.
Previously, only the first page of results was displayed when searching for all virtual machine templates in the system. This issue has been fixed and now it is possible to see the whole list, page by page.
This update disables the 'Select as SPM' option in the Manager for Red Hat Gluster Storage (RHGS) nodes because selecting a RHGS host as SPM is meaningless since it doesn't provide a virtualization service.
With this enhancement, support for SNMP v3 traps was added. RHV-M is now able to provide SNMP v2c and v3 traps. New SNMP related options which can be set along with the default values can be found at: /usr/share/ovirt-engine/services/ovirt-engine-notifier/ovirt-engine-notifier.conf.
Previously an exclamation mark appeared next to Windows guests showing "New guest tools are available" even after upgrading guest tools to latest version. This works correctly now, and after upgrading the tools the warning disappears.
Cloud-init/Sysprep only runs on the first run of the virtual machine. If the virual machine is already running, then any changes to Cloud-init/Sysprep will not re-initialize the virtual machine with the new Cloud-init/Sysprep settings. Only running via Run-Once and explicitly selecting Cloud-Init/Sysprep will re-initialize the virtual machine.
This update improves the error message written to the log when an OVF from the export domain cannot be parsed. The error message now attempts to pinpoint the problem.
Previously, new tuned profiles that were introduced in Red Hat Enterprise Linux 7 for Red Hat Gluster Storage was not available in the Red Hat Gluster Storage Console. As a consequence, users were unable to set the tuned profile from console. With this update, users can select cluster specific profiles using console.
Red Hat Virtualization always puts the Manager's CA into the .vv file. If a custom HTTPS certificate signed by a custom CA is used in Apache, then users won't be able to use the foreign menu of remote-viewer. Follow the instructions in https://bugzilla.redhat.com/show_bug.cgi?id=1336838 to make the Manager aware that a custom CA is used. In this case the Manager will not place the CA into the .vv file and consequently the remote-viewer will trust the CAs trusted by the client system. If the client system trusts this particular CA, the foreign menu will work properly.
Cloud-Init and Sysprep settings can now be modified using REST APIs.
This update filters the "latest" version of a template from the New Virtual Machine dialog window, to prevent it from displaying for clone provisioning virtual machines.
This release improves the memory consumption of Internet Explorer 11.
With this enhancement, the Disk Tab in the Administration Portal now displays the template version next to the template name. It is now easier for users to check the template version the disk belongs to.
This update fixes the message logging when failing to prestart a pool virtual machine. The log message will now print the reason for the failure, and it has been raised from an INFO to a WARN log message. The log message now contains the ID of the failed virtual machine.
This update enables the Permissions sub-tab of the Virtual Machines main tab to show both the direct and the inherited permissions.
Previously, in the User Portal, all roles were displayed. With this enhancement, only the roles that can be assigned are listed to avoid confusion.
With this update, the Verify Credentials field in the Import Virtual Machines window and the Add/Edit Provider windows has been renamed to SSL Verification. This is clarify that the field should be used for SSL verification.
You can now use the REST API to assign affinity labels to hosts and virtual machines. A virtual machine can be scheduled on a host as long as the host has all the affinity labels the virtual machine has. It is also supported if the host has additional affinity labels that the virtual machine does not have.
With this update, Red Hat Virtualization can now handle FCoE block storage. Depending on the FCoE card on the hosts, special configuration may be needed as described in https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Storage_Administration_Guide/fcoe-config.html To configure FCoE block storage, run engine-config -s UserDefinedNetworkCustomProperties='fcoe=^((enable|dcb|auto_vlan)=(yes|no),?)*$' on the Red Hat Virtualization Manager then restart the Manager. Ensure that the required host has vdsm-hook-fcoe installed then enable FCoE on a NIC. To enable FCoE on a NIC, attach a network then set the FCoE network custom property to enable=yes[,dcb=yes][,auto_vlan=yes].
This update enables you to configure multiple NICs on a Red Hat Virtualization host to enable you to reach multiple networks at the same time.
Virtual machines from a stateful virtual machine pool are now always started in stateful mode. The state of the virtual machine is preserved even when the virtual machine is passed to a different user.
This is to help avoid the problem of MAC collision in the user's LAN. Such a problem could appear immediately or later, when two active NICs with the same problematic MAC could appear in the user's LAN, one on the imported virtual machine, and another one on any other network appliance that isn't managed by the this Red Hat Virtualization instance.
Previously, an auto-generated snapshot was created during live storage migration and had to be manually removed afterwards. With this release, the auto-generated snapshot is automatically deleted after live storage migration.
With this update, the network filter has been enhanced to allow the administrator the ability to manage the network packet traffic to and from virtual machines. The required filter can now be specified on the vNIC profile via the web interface or the REST API. If no filter is specified and the 'EnableMACAntiSpoofingFilterRules' is enabled via engine-config tool the vNIC profile will use 'Enable MAC Anti Spoofing' as the default filter
With the update, the order in which MAC addresses are obtained from the MAC address pool has been altered. Previously, the leftmost available MAC address was returned from the MAC address pool when requested. This caused issues in certain environments when MAC addresses returned to MAC address pool were immediately queried from the MAC address pool by another process and confused some devices on the network as a device now has the MAC address that had been recently used by a different device. Now, the MAC address pool remembers that last returned MAC address for each address in its MAC address range and will return the first available MAC address following the most recently returned. If there is no further addresses left in the range the search starts from the beginning of the range. If there are multiple MAC address ranges with available MAC addresses they take turns in serving incoming requests in the same way available MAC addresses are selected.
Previously, Red Hat Virtualization only allowed hostdev passthrough of USB and PCI devices. With this update, administrators can connect FibreChannel tape devices to guest systems using hostdev passthrough.
With this update, the ability to import Red Hat Enterprise Linux KVM guest images managed by libvirt directly to Red Hat Virtualization has been added. To import KVM virtual machines from libvirt the libvirt uri, username and password are required. For the libvirt uri using QEMU and TCP is qemu+tcp://[USER]@[HOST]/system. QEMU and ssh is also supported but requires that the VDSM user is enabled and public/private keys must be generated for the VDSM user and exhanged with the libvirt server.
The Spice plug-in is not supported in Red Hat Virtualization 4.0. The 'Native' spice connection should be used as a replacement. If 'Plugin' is set as the default for Spice connections by user (via engine-config), it is automatically switched to 'Native' by calling engine-setup during upgrade.
With this update, when logging into the Administration Portal, the browser password setting is used so users do not need to re-enter their user name and password. Note: For Google Chrome, the Manager CA needs to be imported first. Use the following steps: 1. Open Chrome Settings > Show advanced settings > HTTPS/SSL > Manage certificates. 2. Click the Authorities tab and click import. 3. Select the Manager CA, click ok, and check all boxes in the Edit trust settings in the subsequent dialog. 4. Restart your browser and now Google Chrome will prompt you to save passwords.
When creating a new virtual machine, if you enable Cloud-Init or Sysprep, the host name is automatically set to the virtual machine name provided. Previously, a user had to manually set the host name. Changing or deleting the host name is still allowed if required.
With this update, OpenStack Platform 8 has been certified as a supported external network provider for Red Hat Virtualization 4.0. Install hosts with OpenStack Platform 8's Neutron agent, either manually or via packstack, then add OpenStack Platform 8's Neutron service as an external network provider then add hosts to the Red Hat Virtualization 4.0 data center.
This update ensures that only supported volume types are displayed when managing volumes in the Manager.
With this release, the user's browser setting for saving user names and passwords will be used for the User Portal login screen.
With this update, the ability to trigger activity inside of a virtual guest during live migration has been added. Examples of events that can be used as a trigger are before migration, after migration, before hibernation, or after hibernation. The hooks configuration base directory is located in the /etc/ovirt-guest-agent/hooks.d directory on Linux systems and in Red Hat Virtualization Agent directory on Windows systems. Each event has a corresponding subdirectory and all files or symlinks in that directory will be executed. The executing user on Linux systems is 'ovirtagent'. If the script needs root permissions, the elevation must be executed by the creator of the hook script. The executing user on Windows systems is the System Service user.
With this release, users can use engine-config to set whether console windows open in full screen by default. The value can be set independently for the Administration Portal, Basic User Portal, and Extended User Portal. Consoles retrieved via REST share settings with the Administration Portal. The default can be set via engine-config by setting FullScreenWebadminDefault, FullScreenUserportalBasicDefault, and FullScreenUserportalExtendedDefault options.
This release adds support for fencing of ilo3 and ilo4 via SSH.
Previously, when the number of logical volumes in a storage domain reached the recommended maximum it was logged and a message was shown in the events pane. Now, a user can register to the event notifier and receive an email when the number of logical volumes in a storage domain reached the recommended maximum.
With this update, a regular file system has been added for /etc on Red Hat Virtualization Hosts. This allows better alignment with Red Hat Enterprise Linux hosts and means the same set of tools can be used for both Red Hat Virtualization Hosts and Red Hat Enterprise Linux hosts.
When creating a virtual machine from a template, the user is able to choose the format of the disks: either RAW or QCOW2. The Allocation Policy section is now hidden. If the Template Provisioning is Thin, the format of the disks will be marked as QCOW2 and the user won't be able to change it. If the Template Provisioning is Clone, the user will be able to select either QCOW2 or RAW.
This update provides support for the Q35-based machine type supported by QEMU, it is an alternative to older i440fx chipset. Compared to i440fx, Q35 allows for better support of PCI-e passthrough as it has a proper PCI-e bus. One of the differences is also that the Q35 does not use IDE cdrom, but prefers SATA bus. The reason for that is the lack of IDE.  http://wiki.qemu.org/Features/Q35
The Import Virtual Machine(s) window contains a tooltip question mark (?) next to the Data Center field when importing a VMWare source. When hovered over, the tooltip explains that folders can also be added to the Data Center field in the format <folder>/<Datacenter>.
Chapter 2. RHBA-2017:0542 Red Hat Virtualization Manager 4.0.7
This bug fixes several issues with insufficient synchronization when accessing MAC pools.
Red Hat OpenStack Platform 10 is now a certified external network provider for Red Hat Virtualization.
A bug was discovered in the sysprep templates for 64-bit platforms where some parts were improperly marked as "for 32-bit platform" and thus ignored by Windows. This has now been fixed.
This release adds support for specifying the initial size through the API when creating a thin provisioned disk on block storage.
With this update, the issue where an incorrect calculation meant that virtual machines with an unsupported number of vCPUs attempted to start and failed has been fixed. The maximum number of allowed vCPUs per virtual machine formula was adjusted to take into account the limitation of APIC ID. For more information see https://software.intel.com/en-us/articles/intel-64-architecture-processor-topology-enumeration
With this update, an exception displayed in certain cases when editing virtual machine pools has been fixed.
Previously, when restoring a backup of a self-hosted engine on a different environment, for disaster recovery purposes, administrators were sometimes required to remove the previous self-hosted engine's storage domain and virtual machine. This was accomplished from within the engine's database, which is a risk-prone procedure. In this release, a new CLI option enables administrators to remove the previous self-hosted engine's storage domain and virtual machine directly from the backup of the engine, during the restore procedure.
Self-hosted engine always uses an SPM ID of 1 during installation of the first self-hosted engine host, without checking database settings. This release adds options to change the database during the restore process. For disaster recovery, the --he-remove-hosts option has been added so that all hosts with SPM_ID=1 are updated and a different SPM ID assigned. For bare metal to self-hosted engine migration, a new engine-migrate-he.py script is provided. This script should be called before migration, and supplied with the Manager REST API login/password/endpoint and path to CA certificate. Hosts in the selected data center with SPM_ID=1 will be put into Maintenance mode, so they can accept the new ID safely. Migration can then continue as usual, using the --he-remove-hosts option.
Previously, restoring a self-hosted engine backup failed if the self-hosted engine storage domain contained disks associated to virtual machines other than the self-hosted engine one. This has now been fixed.
Previously, attempting to drag icons from elements that were not drag-and-drop enabled caused an exception to be thrown due to a missing empty check on a string pulled from the drag event data. An error would be displayed to the user, requiring a page refresh to clear it. Now, the string pulled from the drag event data is checked for nullness/emptiness, so the exception and error are avoided.
Previously, there were frequent KeyError tracebacks in the vdsm.log after CPU hotplug. Now, these errors are no longer produced by VDSM after CPU hotplug.
Previously, attaching a live storage domain after restoring the database caused sanlock to kill the self-hosted engine virtual machine. This has now been fixed.
Previously, the 'VM evenly distributed' policy was not properly taking the pending virtual machines (scheduled, but not yet started) into account. Each scheduling run saw the same situation and selected the same host for the virtual machine it was scheduling. Now, the policy also counts pending virtual machines, so proper balancing is applied.
This release introduces a 'force' flag, which can be used to update a storage server connection regardless of the associated storage domain status (allowing updates even when the storage domain is not in Maintenance mode). For example: PUT /ovirt-engine/api/storageconnections/123;force=true
Previously, some OVF files that did not contain the VM Name tag caused a runtime error when importing. This update ensures that a default name is provided to the virtual machine by its OVA name.
This update fixes an issue where engine-setup would not run over a restored database if the backup was taken from a hosted-engine environment that was not in global maintenance mode.
This update adds a connection pool to reuse existing connections for communication between the Manager and the SSO module. By default, a connection pool is created on the Manager to communicate with the SSO module. The size of this pool is defined by the ENGINE_SSO_SERVICE_CLIENT_POOL_SIZE option (default size is 10 connections). Similarly, a connection pool is created on the SSO side to communicate with the Manager. The size of this pool is defined by the SSO_CALLBACK_CLIENT_POOL_SIZE option (default size is 10 connections). If needed, these options can be customized by creating the /etc/ovirt-engine/engine.conf.d/99-custom-connection-pool.conf file with the following (where N and M are the new sizes): ENGINE_SSO_SERVICE_CLIENT_POOL_SIZE=N SSO_CALLBACK_CLIENT_POOL_SIZE=M
Previously, the Manager tried to negotiate the highest available version of TLS when connecting to VDSM. However, due to certain limitations the Manager tried to negotiate TLSv1.0 as the highest version. Now, the limitations have been removed and the Manager is able to negotiate TLSv1.1 and TLSv1.2 when they are available on VDSM. Removing these limitations also enables providing only newer TLS versions in future VDSM versions.
Previously, restoring a self-hosted engine backup failed if the self-hosted engine host had running non-self-hosted engine VMs. This has now been fixed.