Douglas Landgraf, profile picture
Uploaded byDouglas Landgraf
PDF, PPTX4,456 views

oVirt 4.3 highlights

The presentation highlights version 4.3 of oVirt, emphasizing improvements in Python 3 support, enhanced Windows guest tools, and tightened security measures such as the removal of insecure TLS protocols. Key features include updated integrations with Cinder for block storage, better VM management dashboards, and the introduction of new deployment options such as support for IPv6. The presentation also notes deprecated functionalities along with guidelines for upgrading environments safely.

Embed presentation

Download as PDF, PPTX
oVirt 4.3 Highlights Douglas Schilling Landgraf <dougsland@redhat.com> oVirt/RHV Engineer 05/2019 - Red Hat Summit This presentation is licensed under a Creative Commons Attribution 4.0 International License
3 Quick recap about oVirt What is oVirt ? Why oVirt?
3 Quick recap about oVirt
3 Quick recap about oVirt Which platforms are supported?
3 Quick recap about oVirt
3 Quick recap about oVirt
3 Quick recap about oVirt Also available a Hypervisor ISO, oVirt Node
4 Highlights from 4.3
3 General: Python3 - improved support ● engine-setup ● otopi ● ovirt-engine-lib ● ovirt-host-deploy ● ovirt-log-collector ● ovirt-engine-dwh
3 VM Portal - New dashboard and forms
3 VM Portal - New dashboard and forms
3 Added new CPU Type
3 Hosted Engine ● Support deployment with static IPv6 ● Deploy with Ansible Roles ● Iptables is not required anymore for deployments ● --restore-from-file option to restore the Manager backup during the deployment
3 oVirt Engine ● Replaced fluentd with rsyslog ● Fully support to IPV6 ● Improved v2v feature ● Support to Keycloak Project/Red Hat Single Sign One
3 oVirt Engine - Update the Cluster
3 OpenStack 14 certified
3 Cinderlib - Cinder Block Storage ● Better integration with cinderlib ● Users are able to consume any storage backend supported in Cinder in order to create virtual disks for its VMs, without the need of a full OpenStack deployment. ● Use any storage vendor supported in Cinder (over 80 storage drivers) # engine-config -s ManagedBlockDomainSupported=true Please select a version: 1. 4.1 2. 4.2 3. 4.3 3 # systemctl restart ovirt-engine.service
3 Cinderlib - Cinder Block Storage
3 Database and Ansible updated ● PostgreSQL 10 is now supported ● Ansible requirement now is 2.7.2+ ○ python2.6 deprecated, now support python3 (host still requires python2)
3 oVirt Windows Guest Tools ● Add qemufwcfg driver in windows guest tools Prevents Windows Device Manager to display the device as unrecognized. ● Added smbus driver in windows guest tools When a guest running Windows 2008 with Q35 bios an unknown device is listed in Device Manager.
3 Security - Transport Layer Security ● Removed support to insecure TLSv1 and TLSv1.1 and leave only most secure TLSv1.2 ● Enable TLSv1.2 or higher (vdsm - engine) $ openssl s_client -connect localhost:54321 -tls1 -CAfile /etc/pki/vdsm/certs/cacert.pem or $ openssl s_client -connect localhost:54321 -tls1_1 -CAfile /etc/pki/vdsm/certs/cacert.pem CONNECTED(00000003) write:errno=104 --- no peer certificate available
3 Security - Transport Layer Security $ openssl s_client -connect localhost.localdomain:54321 -tls1_2 -CAfile /etc/pki/vdsm/certs/cacert.pem CONNECTED(00000003) …. --- Server certificate -----BEGIN CERTIFICATE----- MIIEUDCCAzigAwIBAgICEA0wDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCVVMx FDASBgNVBAoMC2xvY2FsZG9tYWluMSEwHwYDVQQDDBhlbmdpbmUubG9jYWxkb21h aW4uOTMxNjcwHhcNMTkwNDIxMTYxNTIwWhcNMjQwNDIwMTYxNTIwWjAyMRQwEgYD …..
3 Security - OpenSCAP and STIGs ● Added OpenSCAP tools into oVirt-Node “The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors with assessment, measurement, and enforcement of security baselines.” https://www.open-scap.org/ ● oVirt Engine Appliance meet Security Technical Implementation Guides standards.
3 Security - Secure Hash Algorithm ● engine-backup now support SHA256 (required by FIPS mode) $ tar xvf /var/lib/ovirt-engine-backup/ovirt-engine-backup-20190424154138.backup $ cat ./sha256sum c746505ab9eee105b59e0354d226974954e4218ab9c2e455b40156e05c036927 db/engine_backup.db 8b72cffd6773a6f40cd20654a4e48bd0509bac1169e7ef05ad099aafdf6e1039 db/dwh_backup.db 00c7c19df07fad786cbfed308a9ff2ddb793ed714b9f1c6267041f1296bfa8fa files 8db64ff64f529a47b944b4dd96f2eda3f540137609e359d784210280e44085c0 version 6e7135e172b14539ad9aee8a4316a3c240ec20280fa39613d1a9513e39793870 os_version 4389da2b2c4927e7aaa457c7f1549d5b23616c96a13da1075032c52022b1b01f config Federal Information Processing Standard (FIPS) is a computer security standard, developed by the U.S. Government and industry working group to validate the quality of cryptographic modules.
3 Dropped Functionality ● Dropped 3.6 and 4.0 datacenter/cluster level
3 Dropped Functionality ● Dropped Conroe and Penryn CPU Types from Compatibility Version 4.3
3 Dropped Functionality ● Removed support to API v3 ● Dropped ovirt-engine-cli (ovirt-shell) dependency (used version 3 REST API) ● Disks scan alignment
3 Upgrading your environment? ● Use engine-backup tool to create a backup before upgrades! ;-) ● Engine upgrades are incremental ● Environment must be in 4.1 datacenter/cluster before upgrading to 4.3
Thank you! https://ovirt.org/ users@ovirt.org dougsland@redhat.com https://www.meetup.com/Boston-oVirt-Community/ @ovirt @dougsland This presentation is licensed under a Creative Commons Attribution 4.0 International License

More Related Content

PDF
Introduction to oVirt
byAll Things Open
 
PDF
Virtualization Management The oVirt Way (August Penguin 2015)
byAllon Mureinik
 
PDF
oVirt – open your virtual datacenter
byBergamo Linux Users Group
 
PDF
oVirt Introduction
byRoozbeh Shafiee
 
PDF
Kvm forum 2013 - future integration points for oVirt storage
bySean Cohen
 
ODP
Managing ceph through_oVirt_using_Cinder
byMaor Lipchuk
 
PDF
oVirt 3.5 Storage Features Overview
byAllon Mureinik
 
ODP
Gluster ovirt integration_gluster_meetup_pune_2015
byRamesh Nachimuthu
 
Introduction to oVirt
byAll Things Open
 
Virtualization Management The oVirt Way (August Penguin 2015)
byAllon Mureinik
 
oVirt – open your virtual datacenter
byBergamo Linux Users Group
 
oVirt Introduction
byRoozbeh Shafiee
 
Kvm forum 2013 - future integration points for oVirt storage
bySean Cohen
 
Managing ceph through_oVirt_using_Cinder
byMaor Lipchuk
 
oVirt 3.5 Storage Features Overview
byAllon Mureinik
 
Gluster ovirt integration_gluster_meetup_pune_2015
byRamesh Nachimuthu
 

What's hot

ODP
Disaster Recovery in oVirt
byMaor Lipchuk
 
ODP
oVirt and OpenStack
byDave Neary
 
PPTX
VIO on Cisco UCS and Network
byYousef Morcos
 
ODP
Storage best practices
byMaor Lipchuk
 
PDF
OpenNebulaConf 2016 - OpenNebula 5.0 Highlights and Beyond by Ruben S. Monter...
byOpenNebula Project
 
PDF
Running FreeRTOS on Digilent Zybo board
byVincent Claes
 
PDF
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
byLinuxCon ContainerCon CloudOpen China
 
PPTX
Integrating a custom AXI IP Core in Vivado for Xilinx Zynq FPGA based embedde...
byVincent Claes
 
PDF
Percepio Tracealyzer for FreeRTOS on MiniZED
byVincent Claes
 
PDF
Libvirt/KVM Driver Update (Kilo)
byStephen Gordon
 
PPTX
Networking in the cloud
byCliff Chao-kuan Lu
 
PDF
OpenNebulaConf 2016 - VTastic: Akamai Innovations for Distributed System Test...
byOpenNebula Project
 
PDF
Containers for the Enterprise: Delivering OpenShift on OpenStack for Performa...
byStephen Gordon
 
PDF
UEFI HTTP/HTTPS Boot
byLinuxCon ContainerCon CloudOpen China
 
PDF
Mi-Cloud Deployment Scenarios - Nazarudin Wijee
byOpenNebula Project
 
PPTX
Cloud Computing Security
byAnshul Patel
 
PDF
Practical CNI
byLinuxCon ContainerCon CloudOpen China
 
PPTX
OpenNebula Networking - Rubén S. Montero
byOpenNebula Project
 
PDF
OpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. Montero
byOpenNebula Project
 
PDF
Docker Internet Money Gateway
byMathieu Buffenoir
 
Disaster Recovery in oVirt
byMaor Lipchuk
 
oVirt and OpenStack
byDave Neary
 
VIO on Cisco UCS and Network
byYousef Morcos
 
Storage best practices
byMaor Lipchuk
 
OpenNebulaConf 2016 - OpenNebula 5.0 Highlights and Beyond by Ruben S. Monter...
byOpenNebula Project
 
Running FreeRTOS on Digilent Zybo board
byVincent Claes
 
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
byLinuxCon ContainerCon CloudOpen China
 
Integrating a custom AXI IP Core in Vivado for Xilinx Zynq FPGA based embedde...
byVincent Claes
 
Percepio Tracealyzer for FreeRTOS on MiniZED
byVincent Claes
 
Libvirt/KVM Driver Update (Kilo)
byStephen Gordon
 
Networking in the cloud
byCliff Chao-kuan Lu
 
OpenNebulaConf 2016 - VTastic: Akamai Innovations for Distributed System Test...
byOpenNebula Project
 
Containers for the Enterprise: Delivering OpenShift on OpenStack for Performa...
byStephen Gordon
 
UEFI HTTP/HTTPS Boot
byLinuxCon ContainerCon CloudOpen China
 
Mi-Cloud Deployment Scenarios - Nazarudin Wijee
byOpenNebula Project
 
Cloud Computing Security
byAnshul Patel
 
Practical CNI
byLinuxCon ContainerCon CloudOpen China
 
OpenNebula Networking - Rubén S. Montero
byOpenNebula Project
 
OpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. Montero
byOpenNebula Project
 
Docker Internet Money Gateway
byMathieu Buffenoir
 

Similar to oVirt 4.3 highlights

PDF
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...
byThe Linux Foundation
 
PPTX
Windows Server «10»: Что нового в виртуализации
byВиталий Стародубцев
 
PPTX
OpenStack and Windows
byAlessandro Pilotti
 
PDF
Community Update at OpenStack Summit Boston
bySage Weil
 
PDF
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
byShawn Wells
 
PDF
XPDS14: Xen 4.5 Roadmap - Konrad Wilk, Oracle
byThe Linux Foundation
 
PPTX
Windows Server "10": что нового в виртуализации
byВиталий Стародубцев
 
PDF
Ceph, Now and Later: Our Plan for Open Unified Cloud Storage
bySage Weil
 
PDF
OSDC 2014: Christopher Kunz - Software defined networking in an open-source c...
byNETWAYS
 
PPTX
OpenStack Summit 2013 Hong Kong - OpenStack and Windows
byAlessandro Pilotti
 
PDF
Hyper-V support for OpenStack Grizzly
byKamesh Pemmaraju
 
PDF
What's new in Luminous and Beyond
bySage Weil
 
PDF
Xen in Linux 3.x (or PVOPS)
byThe Linux Foundation
 
PDF
2011-11-03 Intelligence Community Cloud Users Group
byShawn Wells
 
PDF
ITCamp 2013 - Tudor Damian - Running Linux on Microsoft Private and Public Cl...
byITCamp
 
PDF
RHEL roadmap
byRamesh Kumar
 
PDF
2008-01-22 Red Hat (Security) Roadmap Presentation
byShawn Wells
 
PDF
OpenStack - JobShop @Iași, 2016
byAlexandru Coman
 
PDF
DOST: Ceph in a security critical OpenStack cloud
byDanny Al-Gaaf
 
PPTX
LFCOLLAB15: Xen 4.5 and Beyond
byThe Linux Foundation
 
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...
byThe Linux Foundation
 
Windows Server «10»: Что нового в виртуализации
byВиталий Стародубцев
 
OpenStack and Windows
byAlessandro Pilotti
 
Community Update at OpenStack Summit Boston
bySage Weil
 
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
byShawn Wells
 
XPDS14: Xen 4.5 Roadmap - Konrad Wilk, Oracle
byThe Linux Foundation
 
Windows Server "10": что нового в виртуализации
byВиталий Стародубцев
 
Ceph, Now and Later: Our Plan for Open Unified Cloud Storage
bySage Weil
 
OSDC 2014: Christopher Kunz - Software defined networking in an open-source c...
byNETWAYS
 
OpenStack Summit 2013 Hong Kong - OpenStack and Windows
byAlessandro Pilotti
 
Hyper-V support for OpenStack Grizzly
byKamesh Pemmaraju
 
What's new in Luminous and Beyond
bySage Weil
 
Xen in Linux 3.x (or PVOPS)
byThe Linux Foundation
 
2011-11-03 Intelligence Community Cloud Users Group
byShawn Wells
 
ITCamp 2013 - Tudor Damian - Running Linux on Microsoft Private and Public Cl...
byITCamp
 
RHEL roadmap
byRamesh Kumar
 
2008-01-22 Red Hat (Security) Roadmap Presentation
byShawn Wells
 
OpenStack - JobShop @Iași, 2016
byAlexandru Coman
 
DOST: Ceph in a security critical OpenStack cloud
byDanny Al-Gaaf
 
LFCOLLAB15: Xen 4.5 and Beyond
byThe Linux Foundation
 

Recently uploaded

PDF
final.pdf
byomarbishtawi04
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PDF
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
PDF
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
final.pdf
byomarbishtawi04
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 

oVirt 4.3 highlights

  • 1.
    oVirt 4.3 Highlights DouglasSchilling Landgraf <dougsland@redhat.com> oVirt/RHV Engineer 05/2019 - Red Hat Summit This presentation is licensed under a Creative Commons Attribution 4.0 International License
  • 2.
    3 Quick recap aboutoVirt What is oVirt ? Why oVirt?
  • 3.
  • 4.
    3 Quick recap aboutoVirt Which platforms are supported?
  • 5.
  • 6.
  • 7.
    3 Quick recap aboutoVirt Also available a Hypervisor ISO, oVirt Node
  • 8.
  • 9.
    3 General: Python3 -improved support ● engine-setup ● otopi ● ovirt-engine-lib ● ovirt-host-deploy ● ovirt-log-collector ● ovirt-engine-dwh
  • 10.
    3 VM Portal -New dashboard and forms
  • 11.
    3 VM Portal -New dashboard and forms
  • 12.
  • 13.
    3 Hosted Engine ● Supportdeployment with static IPv6 ● Deploy with Ansible Roles ● Iptables is not required anymore for deployments ● --restore-from-file option to restore the Manager backup during the deployment
  • 14.
    3 oVirt Engine ● Replacedfluentd with rsyslog ● Fully support to IPV6 ● Improved v2v feature ● Support to Keycloak Project/Red Hat Single Sign One
  • 15.
    3 oVirt Engine -Update the Cluster
  • 16.
  • 17.
    3 Cinderlib - CinderBlock Storage ● Better integration with cinderlib ● Users are able to consume any storage backend supported in Cinder in order to create virtual disks for its VMs, without the need of a full OpenStack deployment. ● Use any storage vendor supported in Cinder (over 80 storage drivers) # engine-config -s ManagedBlockDomainSupported=true Please select a version: 1. 4.1 2. 4.2 3. 4.3 3 # systemctl restart ovirt-engine.service
  • 18.
    3 Cinderlib - CinderBlock Storage
  • 19.
    3 Database and Ansibleupdated ● PostgreSQL 10 is now supported ● Ansible requirement now is 2.7.2+ ○ python2.6 deprecated, now support python3 (host still requires python2)
  • 20.
    3 oVirt Windows GuestTools ● Add qemufwcfg driver in windows guest tools Prevents Windows Device Manager to display the device as unrecognized. ● Added smbus driver in windows guest tools When a guest running Windows 2008 with Q35 bios an unknown device is listed in Device Manager.
  • 21.
    3 Security - TransportLayer Security ● Removed support to insecure TLSv1 and TLSv1.1 and leave only most secure TLSv1.2 ● Enable TLSv1.2 or higher (vdsm - engine) $ openssl s_client -connect localhost:54321 -tls1 -CAfile /etc/pki/vdsm/certs/cacert.pem or $ openssl s_client -connect localhost:54321 -tls1_1 -CAfile /etc/pki/vdsm/certs/cacert.pem CONNECTED(00000003) write:errno=104 --- no peer certificate available
  • 22.
    3 Security - TransportLayer Security $ openssl s_client -connect localhost.localdomain:54321 -tls1_2 -CAfile /etc/pki/vdsm/certs/cacert.pem CONNECTED(00000003) …. --- Server certificate -----BEGIN CERTIFICATE----- MIIEUDCCAzigAwIBAgICEA0wDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCVVMx FDASBgNVBAoMC2xvY2FsZG9tYWluMSEwHwYDVQQDDBhlbmdpbmUubG9jYWxkb21h aW4uOTMxNjcwHhcNMTkwNDIxMTYxNTIwWhcNMjQwNDIwMTYxNTIwWjAyMRQwEgYD …..
  • 23.
    3 Security - OpenSCAPand STIGs ● Added OpenSCAP tools into oVirt-Node “The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors with assessment, measurement, and enforcement of security baselines.” https://www.open-scap.org/ ● oVirt Engine Appliance meet Security Technical Implementation Guides standards.
  • 24.
    3 Security - SecureHash Algorithm ● engine-backup now support SHA256 (required by FIPS mode) $ tar xvf /var/lib/ovirt-engine-backup/ovirt-engine-backup-20190424154138.backup $ cat ./sha256sum c746505ab9eee105b59e0354d226974954e4218ab9c2e455b40156e05c036927 db/engine_backup.db 8b72cffd6773a6f40cd20654a4e48bd0509bac1169e7ef05ad099aafdf6e1039 db/dwh_backup.db 00c7c19df07fad786cbfed308a9ff2ddb793ed714b9f1c6267041f1296bfa8fa files 8db64ff64f529a47b944b4dd96f2eda3f540137609e359d784210280e44085c0 version 6e7135e172b14539ad9aee8a4316a3c240ec20280fa39613d1a9513e39793870 os_version 4389da2b2c4927e7aaa457c7f1549d5b23616c96a13da1075032c52022b1b01f config Federal Information Processing Standard (FIPS) is a computer security standard, developed by the U.S. Government and industry working group to validate the quality of cryptographic modules.
  • 25.
    3 Dropped Functionality ● Dropped3.6 and 4.0 datacenter/cluster level
  • 26.
    3 Dropped Functionality ● DroppedConroe and Penryn CPU Types from Compatibility Version 4.3
  • 27.
    3 Dropped Functionality ● Removedsupport to API v3 ● Dropped ovirt-engine-cli (ovirt-shell) dependency (used version 3 REST API) ● Disks scan alignment
  • 28.
    3 Upgrading your environment? ●Use engine-backup tool to create a backup before upgrades! ;-) ● Engine upgrades are incremental ● Environment must be in 4.1 datacenter/cluster before upgrading to 4.3
  • 29.
    Thank you! https://ovirt.org/ users@ovirt.org dougsland@redhat.com https://www.meetup.com/Boston-oVirt-Community/ @ovirt@dougsland This presentation is licensed under a Creative Commons Attribution 4.0 International License