Re: [Users] Adding LDAP server directly with its FQDN.
- Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: users@ovirt.org Sent: Sunday, July 1, 2012 7:57:25 AM Subject: Re: [Users] Adding LDAP server directly with its FQDN. On 06/29/2012 11:14 PM, snmis...@linux.vnet.ibm.com wrote: Hi, Is there a way to directly add an LDAP server to ovirt? Currently I run engine-manage-domains with -domain=domain-name. This finds all the ldap servers in the domain. Can I skip this and just add the one I want? I have the fqdn of the ldap server. Regards Sharad Mishra IBM Hi Sharad, Currently - no such way. Bare in mind you need to provide also the user ID. In addition - it may be that not all DS providers hold information on the users in the same way, and we perform some normalization in order to store them at DB in the same format. However, I guess we can run this Guid encoding code at engine-manage-domains, and then, it will be possible to add the user (if you provide the baseDN FQDN) to the system. Feel free to suggest a patch ;) In addition, an idea that popped to my head - let's say you want to add 100 users this way - will you provide for every one of them the baseDN? Maybe we should be able to configure a fefault base DN per domain? Hey, We do have an entry in vdc_options called LdapServers. It is a per-domain configuration, just like the other LDAP related configuration options. When looking for LDAP servers, the engine uses the ones in this configuration. If empty, it goes to the DNS. Currently the engine-manage-domains utility doesn't set this option, but if you would like to work with one LDAP server for testing purposes, or as a workaround, then you can set it manually: domain:1ldapserver1, domain2:ldapserver2 Note that it only supports one LDAP server per domain. Oved ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] canot disable ssl on database
On 29/06/12 15:09, Umarzuki Mochlis wrote: 2012/6/29 Itamar Heim ih...@redhat.com: On 06/29/2012 06:59 AM, Umarzuki Mochlis wrote: 2012/6/29 Doron Fediuckdfedi...@redhat.com: Looks like your db is down. Please try service postgresql status If it's not running, start it. apparently starting postgres service was failed also, perhaps there's a package missing? is this a known issue on fedora 16? please use fedora 17 for 3.1. and its postgresql my bad but it seemed that postgresql failed to start anyway. would upgrading to fedora 17 solve this? [root@ovirt01 ~]# service postgresql status Redirecting to /bin/systemctl status postgresql.service postgresql.service - PostgreSQL database server Loaded: loaded (/lib/systemd/system/postgresql.service; disabled) Active: failed since Fri, 29 Jun 2012 20:05:25 +0800; 6s ago Process: 4265 ExecStartPre=/usr/bin/postgresql-check-db-dir ${PGDATA} (code=exited, status=1/FAILURE) CGroup: name=systemd:/system/postgresql.service Hi Umarzuki, These are 2 separate issues; 1. You have a problem in your DB installation. 2. As Itamar suggested, oVirt 3.1 should be installed in Fedora 17, and not 16. Unsure if the upgrade process will fix your DB installation error, so I suggest you start a clean environment if possible. ie- get a new Fedora 17 setup, and install oVirt 3.1 on it. -- /d Air conditioned environment - Do NOT open Windows! ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Adding LDAP server directly with its FQDN.
- Original Message - From: Oved Ourfalli ov...@redhat.com To: Yair Zaslavsky yzasl...@redhat.com, Sharad Mishra snmis...@linux.vnet.ibm.com Cc: users@ovirt.org Sent: Sunday, July 1, 2012 2:50:53 AM Subject: Re: [Users] Adding LDAP server directly with its FQDN. - Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: users@ovirt.org Sent: Sunday, July 1, 2012 7:57:25 AM Subject: Re: [Users] Adding LDAP server directly with its FQDN. On 06/29/2012 11:14 PM, snmis...@linux.vnet.ibm.com wrote: Hi, Is there a way to directly add an LDAP server to ovirt? Currently I run engine-manage-domains with -domain=domain-name. This finds all the ldap servers in the domain. Can I skip this and just add the one I want? I have the fqdn of the ldap server. Regards Sharad Mishra IBM Hi Sharad, Currently - no such way. Bare in mind you need to provide also the user ID. In addition - it may be that not all DS providers hold information on the users in the same way, and we perform some normalization in order to store them at DB in the same format. However, I guess we can run this Guid encoding code at engine-manage-domains, and then, it will be possible to add the user (if you provide the baseDN FQDN) to the system. Feel free to suggest a patch ;) In addition, an idea that popped to my head - let's say you want to add 100 users this way - will you provide for every one of them the baseDN? Maybe we should be able to configure a fefault base DN per domain? Hey, We do have an entry in vdc_options called LdapServers. It is a per-domain configuration, just like the other LDAP related configuration options. When looking for LDAP servers, the engine uses the ones in this configuration. If empty, it goes to the DNS. Currently the engine-manage-domains utility doesn't set this option, but if you would like to work with one LDAP server for testing purposes, or as a workaround, then you can set it manually: domain:1ldapserver1, domain2:ldapserver2 Would that mean that we can skip all the DNS SRV records? Note that it only supports one LDAP server per domain. Oved ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Adding LDAP server directly with its FQDN.
- Original Message - From: Andrew Cathrow acath...@redhat.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org Sent: Sunday, July 1, 2012 2:46:32 PM Subject: Re: [Users] Adding LDAP server directly with its FQDN. - Original Message - From: Oved Ourfalli ov...@redhat.com To: Yair Zaslavsky yzasl...@redhat.com, Sharad Mishra snmis...@linux.vnet.ibm.com Cc: users@ovirt.org Sent: Sunday, July 1, 2012 2:50:53 AM Subject: Re: [Users] Adding LDAP server directly with its FQDN. - Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: users@ovirt.org Sent: Sunday, July 1, 2012 7:57:25 AM Subject: Re: [Users] Adding LDAP server directly with its FQDN. On 06/29/2012 11:14 PM, snmis...@linux.vnet.ibm.com wrote: Hi, Is there a way to directly add an LDAP server to ovirt? Currently I run engine-manage-domains with -domain=domain-name. This finds all the ldap servers in the domain. Can I skip this and just add the one I want? I have the fqdn of the ldap server. Regards Sharad Mishra IBM Hi Sharad, Currently - no such way. Bare in mind you need to provide also the user ID. In addition - it may be that not all DS providers hold information on the users in the same way, and we perform some normalization in order to store them at DB in the same format. However, I guess we can run this Guid encoding code at engine-manage-domains, and then, it will be possible to add the user (if you provide the baseDN FQDN) to the system. Feel free to suggest a patch ;) In addition, an idea that popped to my head - let's say you want to add 100 users this way - will you provide for every one of them the baseDN? Maybe we should be able to configure a fefault base DN per domain? Hey, We do have an entry in vdc_options called LdapServers. It is a per-domain configuration, just like the other LDAP related configuration options. When looking for LDAP servers, the engine uses the ones in this configuration. If empty, it goes to the DNS. Currently the engine-manage-domains utility doesn't set this option, but if you would like to work with one LDAP server for testing purposes, or as a workaround, then you can set it manually: domain:1ldapserver1, domain2:ldapserver2 Would that mean that we can skip all the DNS SRV records? Not the kerberos ones, only the LDAP ones. And, it also currently supports only one LDAP server per domain (this entry was originally used in order to specify that the LDAP server is localhost. Instead of just writing an entry specifying whether the LDAP server is local or not, we did a more general configuration). It is no longer in use for that purpose, but the config entry is still there. Note that it only supports one LDAP server per domain. Oved ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] OpenLDAP for authentication
Hi everyone, i just started to use oVirt and i tried to get it work with my OpenLDAP/Kerberos setup. After a lot of searching for the error message i finally stumbled over an e-mail on this list that OpenLDAP is not yet supported [1]. As advised i opened a RFE bug [2] :). Is there any developer documentation how the access to the directory is supposed to work? Maybe one of my humble co-workers with more Java skills then me can contribute something. Best wishes, Matthias [1] http://lists.ovirt.org/pipermail/users/2012-February/000678.html [2] https://bugzilla.redhat.com/show_bug.cgi?id=836839 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] DEBUG loglevel for engine-manage-domains?
Hi everyone, how is the right way to get engine-manage-domains more verbose? I found a log4j.xml in utils.jar but my configuration seems not to work still only INFO and ERROR in /var/log/engine/engine-manage-domains/engine-manage-domains.log. I'am running Fedora 17 with ovirt 3.1 [1]. Best wishes, Matthias ovirt-iso-uploader-3.1.0-0.git1841d9.fc17.noarch ovirt-engine-webadmin-portal-3.1.0-0.1.20120620git6ef9f8.fc17.noarch ovirt-engine-notification-service-3.1.0-0.1.20120620git6ef9f8.fc17.noarch ovirt-image-uploader-3.1.0-0.git9c42c8.fc17.noarch ovirt-engine-setup-3.1.0-0.1.20120620git6ef9f8.fc17.noarch ovirt-engine-config-3.1.0-0.1.20120620git6ef9f8.fc17.noarch ovirt-engine-backend-3.1.0-0.1.20120620git6ef9f8.fc17.noarch ovirt-log-collector-3.1.0-0.fc17.noarch ovirt-engine-restapi-3.1.0-0.1.20120620git6ef9f8.fc17.noarch ovirt-engine-genericapi-3.1.0-0.1.20120620git6ef9f8.fc17.noarch ovirt-engine-3.1.0-0.1.20120620git6ef9f8.fc17.noarch ovirt-engine-sdk-3.1.0.2-gita89f4e.fc17.noarch ovirt-engine-userportal-3.1.0-0.1.20120620git6ef9f8.fc17.noarch ovirt-engine-dbscripts-3.1.0-0.1.20120620git6ef9f8.fc17.noarch ovirt-engine-tools-common-3.1.0-0.1.20120620git6ef9f8.fc17.noarch ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] I am tiring to manually create the RPM but getting the following errors.
On 06/29/2012 02:50 PM, Robert Middleswarth wrote: On 06/29/2012 05:44 AM, Juan Hernandez wrote: On 06/29/2012 04:52 AM, Robert Middleswarth wrote: Note I am attempting to build on CentOS after applying http://www1.dreyou.org/ovirt/ engine patch. I have tiried with both master and engine_3.1 branch but I am pretty certain that it is a missing depend in my build environment? Any hints? # Hibernate validator module: ln -s /usr/share/java/hibernate-validator.jar /root/centos_engine_3.1/rpmbuild/BUILDROOT/ovirt-engine-3.1.0-3.el6.x86_64/usr/share/ovirt-engine/modules/org/hibernate/validator/main/. ln -s /usr/share/java/jtype.jar /root/centos_engine_3.1/rpmbuild/BUILDROOT/ovirt-engine-3.1.0-3.el6.x86_64/usr/share/ovirt-engine/modules/org/hibernate/validator/main/. *** Deploying service # Install the files: install -m 644 packaging/fedora/engine-service.xml /root/centos_engine_3.1/rpmbuild/BUILDROOT/ovirt-engine-3.1.0-3.el6.x86_64/etc/ovirt-engine install -m 644 packaging/fedora/engine-service-logging.properties /root/centos_engine_3.1/rpmbuild/BUILDROOT/ovirt-engine-3.1.0-3.el6.x86_64/etc/ovirt-engine install -m 644 packaging/fedora/engine-service-users.properties /root/centos_engine_3.1/rpmbuild/BUILDROOT/ovirt-engine-3.1.0-3.el6.x86_64/etc/ovirt-engine install -m 644 packaging/fedora/engine-service.sysconfig /root/centos_engine_3.1/rpmbuild/BUILDROOT/ovirt-engine-3.1.0-3.el6.x86_64/etc/sysconfig/ovirt-engine install -m 644 packaging/fedora/engine-service.limits /root/centos_engine_3.1/rpmbuild/BUILDROOT/ovirt-engine-3.1.0-3.el6.x86_64/etc/security/limits.d/10-ovirt-engine.conf install -m 755 packaging/fedora/engine-service.py /root/centos_engine_3.1/rpmbuild/BUILDROOT/ovirt-engine-3.1.0-3.el6.x86_64/usr/share/ovirt-engine/scripts install -m 755 packaging/fedora/engine-service.systemv /root/centos_engine_3.1/rpmbuild/BUILDROOT/ovirt-engine-3.1.0-3.el6.x86_64/etc/rc.d/init.d/ovirt-engine make[1]: Leaving directory `/root/centos_engine_3.1/rpmbuild/BUILD/ovirt-engine-3.1.0' + install -d -m 755 /root/centos_engine_3.1/rpmbuild/BUILDROOT/ovirt-engine-3.1.0-3.el6.x86_64/usr/share/java/ovirt-engine + install -d -m 755 /root/centos_engine_3.1/rpmbuild/BUILDROOT/ovirt-engine-3.1.0-3.el6.x86_64/usr/share/maven2/poms + install -d -m 755 /root/centos_engine_3.1/rpmbuild/BUILDROOT/ovirt-engine-3.1.0-3.el6.x86_64/usr/share/javadoc/ovirt-engine + read module_path artifact_id + pom_file=./pom.xml + jar_file=./target/parent-3.1.0.jar + install -p -m 644 ./pom.xml /root/centos_engine_3.1/rpmbuild/BUILDROOT/ovirt-engine-3.1.0-3.el6.x86_64/usr/share/maven2/poms/JPP.ovirt-engine-parent.pom + '[' -f ./target/parent-3.1.0.jar ']' + %add_maven_depmap JPP.ovirt-engine-parent.pom /var/tmp/rpm-tmp.hkOAWN: line 58: fg: no job control error: Bad exit status from /var/tmp/rpm-tmp.hkOAWN (%install) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.hkOAWN (%install) make: *** [rpm] Error 1 Can you share the temp file where you get that error? I is /var/tmp/rpm-tmp.hkOAWN in your latests message, but will be different if you repeat the build. I had already shutdown the VM so the tmp folder was cleared. I am running the build again and going to grab a full log and that file and fpaste them. But the build process is taking me 12 hours to do so it will be a day or two before I can reply. Thanks Robert I rerun the build process and paste bin both the full Log ( http://fpaste.org/22oU/ ) and the temp file ( http://fpaste.org/g7v6/ ). Any help on what I am missing would be great. Thanks Robert ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] canot disable ssl on database
2012/7/1 Doron Fediuck dfedi...@redhat.com: Unsure if the upgrade process will fix your DB installation error, so I suggest you start a clean environment if possible. ie- get a new Fedora 17 setup, and install oVirt 3.1 on it. is it possible for me to just: - purge ovirt and all installed dependencies - upgrade fedora 16 - 17 - install ovirt 3.1? -- Regards, Umarzuki Mochlis http://debmal.my ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] canot disable ssl on database
On 07/02/2012 07:27 AM, Umarzuki Mochlis wrote: 2012/7/1 Doron Fediuck dfedi...@redhat.com: Unsure if the upgrade process will fix your DB installation error, so I suggest you start a clean environment if possible. ie- get a new Fedora 17 setup, and install oVirt 3.1 on it. is it possible for me to just: - purge ovirt and all installed dependencies - upgrade fedora 16 - 17 - install ovirt 3.1? yes. run engine-cleanup script to help the purging... ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] OpenLDAP for authentication
On 07/02/2012 01:07 AM, Matthias Schmitz wrote: Hi everyone, i just started to use oVirt and i tried to get it work with my OpenLDAP/Kerberos setup. After a lot of searching for the error message i finally stumbled over an e-mail on this list that OpenLDAP is not yet supported [1]. As advised i opened a RFE bug [2] :). Is there any developer documentation how the access to the directory is supposed to work? Maybe one of my humble co-workers with more Java skills then me can contribute something. Best wishes, Matthias Hi Matthias, Indeed, we have no support for OpenLDAP at this stage. You can see we have an enum at code defining the providers we support - LdapProviderType.java located at - modules/utils/src/main/java/org/ovirt/engine/core/ldap/LdapProviderType.java You can follow the instructions on the following wiki - http://www.ovirt.org/wiki/DomainInfrastructure To start adding OpenLdap support. I will be more than glad to assist you Cheers, Yair [1] http://lists.ovirt.org/pipermail/users/2012-February/000678.html [2] https://bugzilla.redhat.com/show_bug.cgi?id=836839 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users