oVirt Blog

oVirt 4.4.0 Release is now generally available

  The oVirt Project is excited to announce the general availability of the oVirt 4.4.0 Release, as of May 20th, 2020 This release unleashes an altogether more powerful and flexible open source virtualization solution that encompasses hundreds of individual changes and a wide range of enhancements across the engine, storage, network, user interface, and analytics, as compared to oVirt 4.3. Important notes before you install / upgrade Some of the features included in the oVirt 4.4.0 release require content that will be available in CentOS Linux 8.2 but cannot be tested on RHEL 8.2 yet due to some incompatibility in […]

oVirt and Fedora

If you have followed the oVirt project for a few releases you already know oVirt has struggled to keep the pace with the fast innovation cycles Fedora Project is following.  Back in September 2019 CentOS project launched CentOS Stream as a rolling preview of future RHEL kernels and features, providing an upstream development platform for ecosystem developers that sits between Fedora and RHEL. Since then the oVirt project tried to keep the software working on Fedora, CenOS Stream, and RHEL/CentOS but it became quickly evident the project lacked resources to keep the project running on three platforms. Further, our user […]

Collect oVirt metrics and logs to your existing Elasticsearch

The oVirt metrics store is based on OpenShift OKD with logging stack – Elasticsearch and Kibana. If you already have an existing Elasticsearch setup you should be able to collect the metrics and logs collected by Collectd and Rsyslog on the hosts to it.

oVirt conference 2019 report

  oVirt conference 2019 is the 4th event organized in Italy by the oVirt Italia community, founded by Stefano Stagnaro with the help of Gianluca Cecchi, Simone Tiraboschi, and Sandro Bonazzola. The event was organized with the help of Extraordy, a Red Hat partner that delivers official Red Hat training in Italy. The conference has been sponsored and hosted by Oracle thanks to Simon Coter, Director of Product Management for Oracle Linux and Virtualization. The conference You can see the recordings of the morning sessions here:  Stefano introduced the conference and Simon Coter set expectations on the event neutrality […]

oVirt and CentOS Stream

Progress cannot be made without change. As technologists, we recognize this every day. Most of the time, these changes are iterative: progressive additions of features to projects like oVirt. Sometimes those changes are small, and sometimes not. And that’s, of course, just talking about our project. But one of the biggest strengths of our community’s software is that we are not alone, and because of that, changes to other projects have ripple effects that can affect our own, even in positive ways. This week, our collaborators in the CentOS Project have announced a change in the way their software is […]

Top 7 things to look forward to at oVirt Conference

oVirt Conference in Rome is around the corner and it’s time to plan for it. Here are the top 7 reasons why you should attend this outstanding open source infrastructure event: Discover all the new features of the last stable oVirt 4.3 release directly from Principal Software Engineers. Hear about what’s coming next in the community and the roadmap for the upcoming 4.4 release. Build your skills and expertise with Red Hat learning paths and certifications. Have a glimpse of the major advantages offered by Oracle Linux Virtualization Manager and Red Hat Virtualization commercial solutions based on oVirt code. Get […]

Security group support in OVN external networks

In this post I will introduce and showcase how security groups can be used to enable certain scenarios.
Security groups allow fine-grained access control to – and from – the oVirt VMs attached to external OVN networks.
The Networking API v2 defines security groups as a white list of rules – the user specifies in it which traffic is allowed. That means, that when the rule list is empty, neither incoming nor outgoing traffic is allowed (from the VMs perspective).
A demo recording of the security group feature can be found below.
.
 
[…]

Federate oVirt engine authentication to OpenID Connect infrastructure

In this post I will introduce how to integrate OIDC with oVirt engine using Keycloak and LDAP user federation. Prerequisites: I assume you have already setup the 389ds directory server, but the solution is very similar for any other LDAP provider. As OIDC is not integrated into oVirt directly, we use Apache to do the OIDC authentication for us. The mod_auth_openidc module nicely covers all needed functionality. Overview Integrate with external OpenID Connect Identity Provider (IDP) to provide Single Sign-On (SSO) across products that use the IDP for authenticating users. We currently have oVirt SSO for providing unified authentication across […]

oVirt and OKD

This is a series of posts to demonstrate how to install OKD 3.11 on oVirt and what you can do with it. Part I – How to install OKD 3.11 on oVirt How to install OKD 3.11 on oVirt (4.2 and up) Installing OKD or Kubernetes on oVirt has many advantages, and it’s also gotten a lot easier these days. Admins and users who want to take container platform management for a spin, on oVirt, will be encouraged by this. Few of the advantages are: Virtualizing the control plane for Kubernetes – provide HA/backup/affinity capabilities to the controllers and allowing […]

oVirt SAML with keyloak using 389ds user federation

In this post I will introduce how simple it is to integrate SAML with oVirt using Keycloak and LDAP user federation.

Prerequisites: I assume you have already setup the 389ds directory server, but the solution is very similar for any other LDAP provider.
As SAML is not integrated into oVirt directly, we use Apache to do the SAML authentication for us. The mod_auth_mellon module nicely covers all needed functionality.

mod_auth_mellon configuration
First we need to configure oVirt’s apache. SSH to the oVirt engine and create a directory where we’ll store all SAML related certificates.

ssh root@engine
yum […]