The Codex of Business Writing Software for Real-World Solutions 2.pptx
oVirt 4.3 highlights
1. oVirt 4.3 Highlights
Douglas Schilling Landgraf <dougsland@redhat.com>
oVirt/RHV Engineer
05/2019 - Red Hat Summit
This presentation is licensed under a Creative Commons Attribution 4.0 International License
13. 3
Hosted Engine
● Support deployment with static IPv6
● Deploy with Ansible Roles
● Iptables is not required anymore for deployments
● --restore-from-file option to restore the Manager
backup during the deployment
14. 3
oVirt Engine
● Replaced fluentd with rsyslog
● Fully support to IPV6
● Improved v2v feature
● Support to Keycloak Project/Red Hat Single Sign One
17. 3
Cinderlib - Cinder Block Storage
● Better integration with cinderlib
● Users are able to consume any storage backend supported in Cinder in order to create
virtual disks for its VMs, without the need of a full OpenStack deployment.
● Use any storage vendor supported in Cinder (over 80 storage drivers)
# engine-config -s ManagedBlockDomainSupported=true
Please select a version:
1. 4.1
2. 4.2
3. 4.3
3
# systemctl restart ovirt-engine.service
19. 3
Database and Ansible updated
● PostgreSQL 10 is now supported
● Ansible requirement now is 2.7.2+
○ python2.6 deprecated, now support python3 (host still requires python2)
20. 3
oVirt Windows Guest Tools
● Add qemufwcfg driver in windows guest tools
Prevents Windows Device Manager to display the device as unrecognized.
● Added smbus driver in windows guest tools
When a guest running Windows 2008 with Q35 bios an unknown device is listed in Device
Manager.
21. 3
Security - Transport Layer Security
● Removed support to insecure TLSv1 and TLSv1.1 and leave only most secure TLSv1.2
● Enable TLSv1.2 or higher (vdsm - engine)
$ openssl s_client -connect localhost:54321 -tls1 -CAfile /etc/pki/vdsm/certs/cacert.pem
or
$ openssl s_client -connect localhost:54321 -tls1_1 -CAfile /etc/pki/vdsm/certs/cacert.pem
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
23. 3
Security - OpenSCAP and STIGs
● Added OpenSCAP tools into oVirt-Node
“The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors with assessment,
measurement, and enforcement of security baselines.”
https://www.open-scap.org/
● oVirt Engine Appliance meet Security Technical Implementation Guides standards.
24. 3
Security - Secure Hash Algorithm
● engine-backup now support SHA256 (required by FIPS mode)
$ tar xvf /var/lib/ovirt-engine-backup/ovirt-engine-backup-20190424154138.backup
$ cat ./sha256sum
c746505ab9eee105b59e0354d226974954e4218ab9c2e455b40156e05c036927 db/engine_backup.db
8b72cffd6773a6f40cd20654a4e48bd0509bac1169e7ef05ad099aafdf6e1039 db/dwh_backup.db
00c7c19df07fad786cbfed308a9ff2ddb793ed714b9f1c6267041f1296bfa8fa files
8db64ff64f529a47b944b4dd96f2eda3f540137609e359d784210280e44085c0 version
6e7135e172b14539ad9aee8a4316a3c240ec20280fa39613d1a9513e39793870 os_version
4389da2b2c4927e7aaa457c7f1549d5b23616c96a13da1075032c52022b1b01f config
Federal Information Processing Standard (FIPS) is a computer security standard, developed by the U.S. Government and industry working group to validate the quality of cryptographic
modules.
27. 3
Dropped Functionality
● Removed support to API v3
● Dropped ovirt-engine-cli (ovirt-shell) dependency (used version 3 REST API)
● Disks scan alignment
28. 3
Upgrading your environment?
● Use engine-backup tool to create a backup before upgrades! ;-)
● Engine upgrades are incremental
● Environment must be in 4.1 datacenter/cluster before upgrading to 4.3