Install the Engine

Install and configure the engine host.

To install Oracle Linux Virtualization Manager, you perform a fresh installation of Oracle Linux 8.8 or later (8.x) release on the host, install the ovirt-engine package, and then run the engine-setup command to configure the Manager.

Note:

You can install the Manager in a virtual machine if it's not managing that virtual machine, or in a self-hosted engine configuration. For more information, see Self-Hosted Engine Deployment. Don't configure the same host as a standalone engine and a KVM host.

You can download the installation ISO for Oracle Linux from the Oracle Software Delivery Cloud at https://edelivery.oracle.com.

Configure the engine host

Complete the following steps to configure the host for installation.

Install Oracle Linux 8.8 or later (8.x) on the host using the Minimal Install base environment.

Follow the instructions in Oracle^® Linux 8: Installing Oracle Linux.

Important:

Don't install any extra packages until after you have installed the Manager packages, because they might cause dependency issues.
(Optional) If you use a proxy server for Internet access, configure Yum with the proxy server settings. For more information, see the Oracle^® Linux: Managing Software on Oracle Linux.
Complete one of the following sets of steps:
- For ULN registered hosts or using Oracle Linux Manager
  
  Subscribe the system to the required channels and enable appstream modules.
  1. For ULN registered hosts, sign in to https://linux.oracle.com with a ULN username and password. For Oracle Linux Manager registered hosts, access the internal server URL.
  2. On the Systems tab, select the link named for the host in the list of registered machines.
  3. On the System Details page, select Manage Subscriptions.
  4. On the System Summary page, select each required channel from the list of available channels and select the right arrow to move the channel to the list of subscribed channels. Subscribe the system to the following channels:
    - ol8_x86_64_baseos_latest
    - ol8_x86_64_appstream
    - ol8_x86_64_kvm_appstream
    - ol8_x86_64_addons
    - ol8_x86_64_ovirt45
    - ol8_x86_64_ovirt45_extras
    - ol8_x86_64_gluster_appstream
    - (For VDSM) ol8_x86_64_UEKR7
  5. Select Save Subscriptions.
  6. Install the Oracle Linux Virtualization Manager Release 4.5 package. This automatically enables/disables the required repositories.
```
sudo dnf install oracle-ovirt-release-45-el8                    
```
- For Oracle Linux yum server hosts
  
  Install the Oracle Linux Virtualization Manager Release 4.5 package and enable the required repositories.
  1. Enable the ol8_baseos_latest repository.
```
sudo dnf config-manager --enable ol8_baseos_latest        
```
  2. Install the Oracle Linux Virtualization Manager Release 4.5 package, which automatically enables/disables the required repositories.
```
sudo dnf install oracle-ovirt-release-45-el8                    
```
  3. Use the dnf command to verify that the required repositories are enabled.
    1. Clear the dnf cache.
```
dnf clean all                        
```
    2. List the configured repositories and verify that the required repositories are enabled.
```
dnf repolist                 
```
      The following repositories must be enabled:
      - ol8_baseos_latest
      - ol8_appstream
      - ol8_kvm_appstream
      - ol8_addons
      - ovirt-4.5
      - ovirt-4.5-extra
      - ol8_gluster_appstream
      - (For VDSM) ol8_UEKR7
    3. If a required repository isn't enabled, use the dnf config-manager command to enable it.
```
sudo dnf config-manager --enable repository           
```
If the host runs the Unbreakable Linux Kernel (UEK):
1. Install the Extra kernel modules package.
```
sudo dnf install kernel-uek-modules-extra
```
2. Reboot the host.

Check host configuration

To ensure that the engine host is configured correctly, run the precheck script BEFORE you install the engine. You must also run the precheck script on all KVM hosts in the environment.

Note:

To run the script on several hosts simultaneously, we recommend using an Ansible playbook.

Connect to the engine host from a command line and run the precheck script:

sudo olvm-pre-check.py

A series of checks begins and you see something similar to

-----------------------------------
    OLVM 4.5.5 PRE-CHECK SCRIPT
-----------------------------------

+++ Checking oracle-ovirt-release-45                     [PASS]
+++ Checking if Host is installed                        [WARN]

    The 'ovirt-engine' package is already installed.
    DO NOT configure this Server as a KVM Host.

+++ Checking if a Minimal Installation                   [PASS]
+++ Validating the 'Minimal Install' Group               [PASS]
+++ Checking enabled repositories                        [WARN]

    Extra repositories are enabled:
    update-pcp

    Please run the command:
    dnf config-manager --set-disabled update-pcp

+++ Running 'dnf makecache'                              [PASS]
+++ Dry run 'dnf update --assumeno'                      [PASS]
+++ Checking Linux Kernel                                [PASS]
+++ Checking kernel-uek-modules-extra                    [PASS]
+++ Checking Firewalld status                            [PASS]
+++ Checking SELinux status                              [PASS]
+++ Checking FIPS status                                 [PASS]
    FIPS is disabled.
+++ If installed, check ansible version                  [PASS]
+++ If installed, check qemu-kvm version                 [PASS]
+++ If installed, check libvirt version                  [PASS]
+++ Checking Hostname/FQDN                               [PASS]

If any checks are marked WARN or FAIL, the script output provides information that can help you resolve the issues:

+++ Checking if Host is installed               [WARN]

    The 'ovirt-engine' package is already installed.
    DO NOT configure this Server as a KVM Host.

+++ Checking enabled repositories                        [WARN]

    Extra repositories are enabled:
    update-pcp

    Please run the command:
    dnf config-manager --set-disabled update-pcp

If you had warnings or failures to address, rerun the script to ensure that the system passes all configuration checks. For example:

sudo olvm-pre-check.py

-----------------------------------
    OLVM 4.5.5 PRE-CHECK SCRIPT
-----------------------------------

+++ Checking oracle-ovirt-release-45                     [PASS]
+++ Checking if Host is installed                        [PASS]
+++ Checking if a Minimal Installation                   [PASS]
+++ Validating the 'Minimal Install' Group               [PASS]
+++ Checking enabled repositories                        [PASS]
+++ Running 'dnf makecache'                              [PASS]
+++ Dry run 'dnf update --assumeno'                      [PASS]
+++ Checking Linux Kernel                                [PASS]
+++ Checking kernel-uek-modules-extra                    [PASS]
+++ Checking Firewalld status                            [PASS]
+++ Checking SELinux status                              [PASS]
+++ Checking FIPS status                                 [PASS]
    FIPS is disabled.
+++ If installed, check ansible version                  [PASS]
+++ If installed, check qemu-kvm version                 [PASS]
+++ If installed, check libvirt version                  [PASS]
+++ Checking Hostname/FQDN                               [PASS]

Install the engine

After you have successfully configured and verified the engine host, install the engine using the ovirt-engine command.

dnf install ovirt-engine

Proceed to Configure the Engine.

Configure the Engine

After you install the Oracle Linux Virtualization Manager, you run the engine-setup command (the Setup program) to configure the Manager. You're prompted to answer a series of questions whose values are used to configure the Manager. Some of these questions relate to features that are in technology preview. For more information, see Technology Preview in the Oracle Linux Virtualization Manager: Release Notes.

The Manager uses two PostgreSQL databases: one for the engine and one for the data warehouse. By default, Setup creates and configures the engine database locally on the engine host. Or, you can configure the engine host to use a manually-configured local or remote database. To use a manually-configured local or remote database, you must set it up before running engine-setup. Currently, running the engine or data warehouse database on a remote host is a technology preview feature.

To configure the Manager:

Run the engine-setup command on the host where you installed the Manager.

sudo engine-setup

The program runs through some initialization steps:

[ INFO ] Stage: Initializing
[ INFO ] Stage: Environment setup
Configuration files: /etc/ovirt-engine-setup.conf.d/10-packaging-jboss.conf, /etc/ovirt-engine-setup.conf.d/10-packaging.conf
Log file: /var/log/ovirt-engine/setup/ovirt-engine-setup-YYYYMMDDHHMMSS-snz1rn.log
[ INFO ] Stage: Environment packages setup
[ INFO ] Stage: Programs detection
[ INFO ] Stage: Environment setup (late)
[ INFO ] Stage: Environment customization

You must then answer a series of questions in the following steps to configure the Manager.

Enter Yes to configure Cinderlib integration, which is a Tech Preview feature. The default is No.
```
Configure Cinderlib integration (Currently in tech preview) (Yes, No) [No]:
```
Enter Yes to configure the Manager.
```
Configure Engine on this host (Yes, No) [Yes]:
```
If you enter No, the configuration stops. To restart, rerun the engine-setup command.
For the remaining configuration questions, provide a response or accept the default values, which are shown in square brackets after each question. To accept the default value for a question, press Enter.

Note:

Setup asks you for the fully-qualified DNS name (FQDN) of the Manager host. Although Setup tries to automatically detect the name, you must ensure the FQDN is correct.

Run hostname -f on the host where you installed the Manager to retrieve and confirm its FQDN.

For detailed information on the configuration options, see Engine Configuration Options.

Tip:

Keycloak integration is a technology preview feature for internal Single-Sign-On (SSO) provider for the Engine and it deprecates AAA. When you get to this configuration option, the default response is Yes, but because this is a preview feature, enter No.
After you have answered all the questions, Setup displays a list of the values you entered. Review the list and then press Enter to configure the Manager.

The answers are saved to a file that can be used to reconfigure the Manager using the same values. Setup also displays the location of the log file for the configuration process.
When the configuration is complete, details about how to sign in to the Administration Portal are displayed. To verify that the configuration process was successful, sign in to the Administration Portal, as described in Log in to the Administration Portal.

Engine Configuration Options

The information in the section describes the options for configuring Oracle Linux Virtualization Manager when you run the engine-setup command.

Caution:

Some configuration options are in technology preview. For more information, see Technology Preview in the Oracle Linux Virtualization Manager: Release Notes.

OVN Provider

Configuring ovirt-provider-ovn also sets the Default cluster's default network provider to ovirt-provider-ovn.
Non-Default clusters may be configured with an OVN after installation.
Configure ovirt-provider-ovn (Yes, No) [Yes]:

Install the Open Virtual Network (OVN) provider on the Manager host and add it as an external network provider. The default cluster is automatically configured to use OVN as its network provider.

OVN is an OVS (Open vSwitch) extension which lets you configure virtual networks.

Using external providers, including the OVN provider, is a technology preview feature.

WebSocket Proxy

Configure WebSocket Proxy on this machine? (Yes, No) [Yes]:

The WebSocket Proxy lets you connect to virtual machines using the noVNC or HTML 5 consoles.

For security and performance reasons, you can configure the WebSocket Proxy on a remote host.

Data Warehouse

Please note: Data Warehouse is required for the engine. 
If you choose to not configure it on this host, you have to configure 
it on a remote host, and then configure the engine on this host so that it can 
access the database of the remote Data Warehouse host.
Configure Data Warehouse on this host (Yes, No) [Yes]:

The Data Warehouse feature can run on the Manager host or on a remote host. Running Data Warehouse on a remote host reduces the load on the Manager host.

Running the Data Warehouse on a remote host is a technology preview feature.

Keycloak

* Please note * : Keycloak is now deprecating AAA/JDBC authentication module.
It is highly recommended to install Keycloak based authentication.
Configure Keycloak on this host (Yes, No) [Yes]:No

Are you really sure not to install internal Keycloak based authentication?
AAA modules are being deprecated
Configure Keycloak on this host (Yes, No) [Yes]:No

Keycloak is a technology preview feature for internal Single-Sign-On (SSO) provider for the Engine thus deprecating AAA. The Provider OVN and the Grafana Portal are also reconfigured to use Keycloak SSO.

VM Console Proxy

Configure VM Console Proxy on this host (Yes, No) [Yes]:

The VM Console Proxy lets you access virtual machine serial consoles from a command line. To use this feature, serial consoles must be enabled in the virtual machines.

Grafana

Use Engine admin password as initial Grafana admin password (Yes, No) [Yes]:

Grafana can be configured to use the Engine password to make signing in easier.

Manager DNS Name

Host fully-qualified DNS name of this server [<autodetected-host-name>]:

The fully-qualified DNS name of the Manager host. Check that the automatically detected DNS name is correct.

Automatic Firewall Configuration

Setup can automatically configure the firewall on this system.
Note: automatic configuration of the firewall may overwrite current settings.
Do you want Setup to configure the firewall? (Yes, No) [Yes]:

The following firewall managers were detected on this system: firewalld
Firewall manager to configure (firewalld): firewalld

Configure the firewall on the host to open the ports used for external communication between Oracle Linux Virtualization Manager and the components it manages.

If Setup configures the firewall, and no firewall managers are active, you're prompted to select a firewall manager from a list.

If you enter No, you must manually configure the firewall. When the Manager configuration is complete, Setup displays a list of ports that need to be opened, see for details.

Data Warehouse Database

Where is the DWH database located? (Local, Remote) [Local]:

The Data Warehouse database (the history database) can run on the Manager host or on a remote host. Running the database on a remote host reduces the load on the Manager host.

Running the database on a remote host is a technology preview feature.

Caution:

In this step you configure the name of the database, and the username and password for connecting to it. Make a note of these details.

Enter Local to connect to a local PostgreSQL server, or Remote to connect to an existing PostgreSQL server running on a remote host.

If you enter Local, you can either set up a local PostgreSQL server automatically, or to connect to an existing local PostgreSQL server.

Setup can configure the local postgresql server automatically for the DWH to run. 
This may conflict with existing applications.
Would you like Setup to automatically configure postgresql and create DWH database, 
or prefer to perform that manually? (Automatic, Manual) [Automatic]:

Enter Automatic to have Setup configure a local database server, or Manual to connect to an existing local database server. If you enter Manual, you're prompted for the details for connecting to the database:

DWH database secured connection (Yes, No) [No]:
DWH database name [ovirt_engine_history]:
DWH database user [ovirt_engine_history]:
DWH database password:

If you enter Remote to connect to an existing PostgreSQL server running on a remote host, you're prompted for the details for connecting to the database:

DWH database host [localhost]:
DWH database port [5432]:
DWH database secured connection (Yes, No) [No]:
DWH database name [ovirt_engine_history]:
DWH database user [ovirt_engine_history]:
DWH database password:

Engine Database

Where is the Engine database located? (Local, Remote) [Local]:

The Oracle Linux Virtualization Manager database (the engine database) can run on the Manager host or on a remote host. Running the database on a remote host reduces the load on the Manager host.

Running the database on a remote host is a technology preview feature.

Caution:

In this step you configure the name of the database, and the username and password for connecting to it. Make a note of these details.

Enter Local to connect to a local PostgreSQL server, or Remote to connect to an existing PostgreSQL server running on a remote host.

If you enter Local, you can choose whether to set up a local PostgreSQL server automatically, or to connect to an existing local PostgreSQL server.

Setup can configure the local postgresql server automatically for the engine to run.
This may conflict with existing applications.
Would you like Setup to automatically configure postgresql and create Engine database, 
or prefer to perform that manually? (Automatic, Manual) [Automatic]:

Engine database secured connection (Yes, No) [No]:
Engine database name [engine]:
Engine database user [engine]:
Engine database password:

If you enter Remote to connect to an existing PostgreSQL server running on a remote host, you're prompted for the details for connecting to the database:

Engine database host [localhost]:
Engine database port [5432]:
Engine database secured connection (Yes, No) [No]:
Engine database name [engine]:
Engine database user [engine]:
Engine database password:

Admin User Password

Engine admin password:
Confirm engine admin password:

Enter a password for the default administrative user (admin@internal). Make a note of the password. If you provide a weak password, you might get the following warning:

[WARNING] Password is weak: The password fails the dictionary check - it is based on a dictionary word
Use weak password? (Yes, No) [No]: Yes

Application Mode

Application mode (Both, Virt, Gluster) [Both]:

The Manager can be configured to manage virtual machines (Virt) or manage Gluster clusters (Gluster), or Both.

OVN Provider Credentials

Use default credentials (admin@internal) for ovirt-provider-ovn (Yes, No) [Yes]:
oVirt OVN provider user[admin@internal]:
oVirt OVN provider password:

If you installed the OVN provider, configure the credentials for connecting to the OVN (Open vSwitch) databases.

Using external providers, including the OVN provider, is a technology preview feature.

SAN Wipe After Delete

Default SAN wipe after delete (Yes, No) [No]:

Enter Yes to set the default value for the wipe_after_delete flag to true, which wipes the blocks of a virtual disk when it's deleted.

Using the wipe after delete functionality is a technology preview feature.

Web Server Configuration

Organization name for certificate [<autodetected-domain-based-name>]:

Provide the organization name to use for the automatically generated self-signed SSL certificate used by the Manager web server.

Setup can configure the default page of the web server to 
present the application home page. This may conflict with existing applications.
Do you wish to set the application as the default web page of the server? (Yes, No) [Yes]:

Enter Yes to make the Oracle Linux Virtualization Manager landing page the default page presented by the web server.

Setup can configure apache to use SSL using a certificate issued 
from the internal CA. Do you wish Setup to configure that, or prefer to 
perform that manually? (Automatic, Manual) [Automatic]:

Enter Automatic to generate a self-signed SSL certificate for the web server. Only use self-signed certificates for testing purposes.

Enter Manual to provide the location of the SSL certificate and private key to use the web server.

Note:

For more information, see the following My Oracle Support articles:

How to renew OLVM Hosts Certificate in OLVM Environment/Infrastructure (Doc ID 2885203.1)
VM Migration fails with Error " The server certificate /etc/pki/vdsm/libvirt-vnc/server-cert.pem has expired" (Doc ID 2959537.1)
Moving From Custom 3rd Party CA Certification to Default certification (Doc ID 2963343.1)

Data Warehouse Sampling Scale

Please choose Data Warehouse sampling scale:
(1) Basic
(2) Full
(1, 2)[1]:

Set the Data Warehouse sampling scale to either Basic or Full. If this step is skipped the Data Warehouse isn't configured to run on the Manager host.

Enter 1 for Basic, which reduces the values of DWH_TABLES_KEEP_HOURLY to 720 and DWH_TABLES_KEEP_DAILY to 0. Enter 2 for Full.

If the Manager and the Data Warehouse run on the same host, Basic is the recommended sample scale because this reduces the load on the Manager host. Full is recommended only if the Data Warehouse runs on a remote host.

The Full sampling scale is a technology preview feature.

After you run the engine-setup command to configure Oracle Linux Virtualization Manager, sign in to the Administration Portal to verify that the configuration was successful.

Prepare to Log In

We recommended that you use the latest version one of the following browsers to access the Administration Portal

Mozilla Firefox
Google Chrome
Microsoft Edge

If Oracle Linux Virtualization Manager was configured to use a self-signed SSL certificate, or an SSL certificate that's signed by a Certificate Authority (CA) that isn't trusted by the browser (for example an Intermediate CA), install the CA certificate in the browser. Consult the browser's instructions for how to import a CA certificate.

You can download the CA certificate by selecting Engine CA Certificate on the Welcome dashboard or by navigating directly to http://manager-fqdn/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA.

Usually you access the Administration Portal using the fully qualified domain name of the Manager host that you provided during installation. However, you can access the Administration Portal using an alternative host name(s). To do this, add a configuration file to the Manager as follows:

Sign in to the Manager host as root.
Create the file /etc/ovirt-engine/engine.conf.d/99-custom-sso-setup.conf with the following content:
```
SSO_ALTERNATE_ENGINE_FQDNS="alias1.example.com alias2.example.com"
```
The list of alternative host names must be separated by spaces.
Restart Oracle Linux Virtualization Manager.
```
systemctl restart ovirt-engine       
```

Go to https://manager-fqdn/ovirt-engine. The Welcome page displays.
(Optional) Change the preferred language from the dropdown list on the Welcome page.

You can view the Administration Portal in different languages. The default language is based on the locale of the web browser.
Select Administration Portal. The Login page displays.
Enter admin for the Username and the password you specified when you configured the Manager.

Note:

With Keycloak Single Sign-On (SSO) enabled (the default in Oracle Linux Virtualization Manager 4.5+), the default admin username for portal access is typically admin@ovirt.
From the Profile list, select internal and select Log In.

Note:

This step doesn't apply when Keycloak SSO is enabled, because there is no profile list.

Note:

From the Welcome dashboard, you also have the option of signing in to two other portals:

The VM Portal
The Monitoring Portal

For more information, see Access Portals in the Oracle Linux Virtualization Manager: Architecture and Planning Guide

To log out of the Administration Portal, select the person icon in the header bar and then select Sign Out. You're returned to the Login page.

Caution:

Before you add Oracle Linux KVM hosts that run a later major version than the Manager OS, on the Manager host reinstall the release RPM that matches the Manager OS to refresh the repository definitions.

On the Manager host, run:

dnf reinstall oracle-ovirt-release-45-eln
dnf clean all
dnf repolist

Proceed to add hosts only after confirming that the required repositories for Oracle Linux n are present.