Re: [ovirt-users] Tracebacks in vdsm.log file

[knarra]

On 10/03/2016 11:02 PM, Nir Soffer wrote:

On Fri, Sep 30, 2016 at 3:58 PM, knarra  wrote:

Hi,

 I see below trace back in my vdsm.log. Can some one help me understand
why these are logged?


is free, finding out if anyone is waiting for it.
Thread-557::DEBUG::2016-09-30
18:20:25,064::resourceManager::661::Storage.ResourceManager::(releaseResource)
No one is waiting for resource 'Storage.upgrade_57ee3a08-004b-02
7b-0395-01d6', Clearing records.
Thread-557::ERROR::2016-09-30
18:20:25,064::utils::375::Storage.StoragePool::(wrapper) Unhandled exception
Traceback (most recent call last):
   File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 372, in
wrapper
 return f(*a, **kw)
   File "/usr/lib/python2.7/site-packages/vdsm/concurrent.py", line 177, in
run
 return func(*args, **kwargs)
   File "/usr/lib/python2.7/site-packages/vdsm/storage/securable.py", line
78, in wrapper
 return method(self, *args, **kwargs)
   File "/usr/share/vdsm/storage/sp.py", line 207, in _upgradePoolDomain
 self._finalizePoolUpgradeIfNeeded()
   File "/usr/lib/python2.7/site-packages/vdsm/storage/securable.py", line
76, in wrapper
 raise SecureError("Secured object is not in safe state")
SecureError: Secured object is not in safe state

This means that the when an domain upgrade thread has finished, the spm
was stopped.

I'm seeing these errors from time to time on my development host using
master. I don't think you should worry about them.

Can you file a bug about this? we should clean this sometimes.

Nir


Thank you for the reply Nir. I have filed a bug, 
https://bugzilla.redhat.com/show_bug.cgi?id=1381418


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] 4.0 - 2nd node fails on deploy

[Jason Jeffrey]

Hi,

 

Another problem has appeared, after rebooting the primary the VM will not start.

 

Appears the symlink is broken between gluster mount ref and vdsm 

 

>From broker.log

 

Thread-169::ERROR::2016-10-04 
22:44:16,189::storage_broker::138::ovirt_hosted_engine_ha.broker.storage_broker.StorageBroker::(get_raw_stats_for_service_type)
 Failed to read metadata from 
/rhev/data-center/mnt/glusterSD/dcastor01:engine/bbb70623-194a-46d2-a164-76a4876ecaaf/ha_agent/hosted-engine.metadata

 

[root@dcasrv01 ovirt-hosted-engine-ha]# ls -al 
/rhev/data-center/mnt/glusterSD/dcastor01\:engine/bbb70623-194a-46d2-a164-76a4876ecaaf/ha_agent/

total 9

drwxrwx---. 2 vdsm kvm 4096 Oct  3 17:27 .

drwxr-xr-x. 5 vdsm kvm 4096 Oct  3 17:17 ..

lrwxrwxrwx. 1 vdsm kvm  132 Oct  3 17:27 hosted-engine.lockspace -> 
/var/run/vdsm/storage/bbb70623-194a-46d2-a164-76a4876ecaaf/23d81b73-bcb7-4742-abde-128522f43d78/11d6a3e1-1817-429d-b2e0-9051a3cf41a4

lrwxrwxrwx. 1 vdsm kvm  132 Oct  3 17:27 hosted-engine.metadata -> 
/var/run/vdsm/storage/bbb70623-194a-46d2-a164-76a4876ecaaf/fd44dbf9-473a-496a-9996-c8abe3278390/cee9440c-4eb8-453b-bc04-c47e6f9cbc93


 

[root@dcasrv01 /]# ls -al 
/var/run/vdsm/storage/bbb70623-194a-46d2-a164-76a4876ecaaf/

ls: cannot access /var/run/vdsm/storage/bbb70623-194a-46d2-a164-76a4876ecaaf/: 
No such file or directory   

 

Though file appears to be there 

 

Gluster is setup as xpool/engine 

 

[root@dcasrv01 fd44dbf9-473a-496a-9996-c8abe3278390]# pwd

/xpool/engine/brick/bbb70623-194a-46d2-a164-76a4876ecaaf/images/fd44dbf9-473a-496a-9996-c8abe3278390

[root@dcasrv01 fd44dbf9-473a-496a-9996-c8abe3278390]# ls -al

total 2060

drwxr-xr-x. 2 vdsm kvm4096 Oct  3 17:17 .

drwxr-xr-x. 6 vdsm kvm4096 Oct  3 17:17 ..

-rw-rw. 2 vdsm kvm 1028096 Oct  3 20:48 cee9440c-4eb8-453b-bc04-c47e6f9cbc93

-rw-rw. 2 vdsm kvm 1048576 Oct  3 17:17 
cee9440c-4eb8-453b-bc04-c47e6f9cbc93.lease

-rw-r--r--. 2 vdsm kvm 283 Oct  3 17:17 
cee9440c-4eb8-453b-bc04-c47e6f9cbc93.meta   

 

 

[root@dcasrv01 fd44dbf9-473a-496a-9996-c8abe3278390]# gluster volume info

 

Volume Name: data

Type: Replicate

Volume ID: 54fbcafc-fed9-4bce-92ec-fa36cdcacbd4

Status: Started

Number of Bricks: 1 x (2 + 1) = 3

Transport-type: tcp

Bricks:

Brick1: dcastor01:/xpool/data/brick

Brick2: dcastor03:/xpool/data/brick

Brick3: dcastor02:/xpool/data/bricky (arbiter)

Options Reconfigured:

performance.readdir-ahead: on

performance.quick-read: off

performance.read-ahead: off

performance.io-cache: off

performance.stat-prefetch: off

cluster.eager-lock: enable

network.remote-dio: enable

cluster.quorum-type: auto

cluster.server-quorum-type: server

storage.owner-uid: 36

storage.owner-gid: 36

 

Volume Name: engine

Type: Replicate

Volume ID: dd4c692d-03aa-4fc6-9011-a8dad48dad96

Status: Started

Number of Bricks: 1 x (2 + 1) = 3

Transport-type: tcp

Bricks:

Brick1: dcastor01:/xpool/engine/brick

Brick2: dcastor02:/xpool/engine/brick

Brick3: dcastor03:/xpool/engine/brick (arbiter)

Options Reconfigured:

performance.readdir-ahead: on

performance.quick-read: off

performance.read-ahead: off

performance.io-cache: off

performance.stat-prefetch: off

cluster.eager-lock: enable

network.remote-dio: enable

cluster.quorum-type: auto

cluster.server-quorum-type: server

storage.owner-uid: 36

storage.owner-gid: 36

 

Volume Name: export

Type: Replicate

Volume ID: 23f14730-d264-4cc2-af60-196b943ecaf3

Status: Started

Number of Bricks: 1 x (2 + 1) = 3

Transport-type: tcp

Bricks:

Brick1: dcastor02:/xpool/export/brick

Brick2: dcastor03:/xpool/export/brick

Brick3: dcastor01:/xpool/export/brick (arbiter)

Options Reconfigured:

performance.readdir-ahead: on

storage.owner-uid: 36

storage.owner-gid: 36

 

Volume Name: iso

Type: Replicate

Volume ID: b2d3d7e2-9919-400b-8368-a0443d48e82a

Status: Started

Number of Bricks: 1 x (2 + 1) = 3

Transport-type: tcp

Bricks:

Brick1: dcastor01:/xpool/iso/brick

Brick2: dcastor02:/xpool/iso/brick

Brick3: dcastor03:/xpool/iso/brick (arbiter)

Options Reconfigured:

performance.readdir-ahead: on

storage.owner-uid: 36

storage.owner-gid: 36   

 

 

[root@dcasrv01 fd44dbf9-473a-496a-9996-c8abe3278390]# gluster volume status

Status of volume: data

Gluster process TCP Port  RDMA Port  Online  Pid

--

Brick dcastor01:/xpool/data/brick   49153 0  Y   3076

Brick dcastor03:/xpool/data/brick   49153 0  Y   3019

Brick dcastor02:/xpool/data/bricky  49153 0  Y   3857

NFS Server on localhost 2049  0  Y   3097

Self-heal Daemon on localhost   N/A   N/AY   3088

NFS Server on dcastor03 2049  0  Y   3039

Self-heal Daemon on dcastor03   N/A   N/AY   

Re: [ovirt-users] High CPU Usage caused by migration thread on Node

[jaumotte, styve]

Hi all,

I think I found the solution on yesterday. The host which causes the CPU 
problems is in a cluster
where the KSM option is activate. Someone here must have check it.

I disable KSM on the cluster, disable NUMA and CPU pass through in the vm 
parameters, and no more high CPU usage by migration thread. Hope this solution 
can help someone else !

Styve

Réponse ou transfert de la part de Styve JAUMOTTE
De : Doron Fediuck [mailto:dfedi...@redhat.com]
Envoyé : dimanche 25 septembre 2016 08:27
À : jaumotte, styve
Cc : users@ovirt.org; Martin Sivák
Objet : Re: [ovirt-users] High CPU Usage caused by migration thread on Node



On Wed, Sep 21, 2016 at 12:28 PM, jaumotte, styve 
> wrote:
Hi,

We’ve got a problem with a critical machine which running Oracle Database and 
if someone can help us it would be very nice.

Our VM is running rhel 6.5 and is configuring with 16 cores (2 virtual socket 
with 8 virtual cores) and 240Gb.

This virtual machine is running perfectly on the first host R620 : two cpu 
E5-2695 v2 - 12 cores on each cpu -  and 384Gb of memory.

We wan’t to move this virtual machine on a new server, Transtec with two  
E5-2650 v3 – 10 cores on each cpu – and 256Gb of memory. We have encountered 
high cpu usage on this host.

Both servers are running centOS 7.2 and ovirt 3.6. We have already identified 
that on the node, many « migrate/N » are causing high cpu usage.

We have tried few options :

-   Pass-Through Host CPU

-   Configure NUMA : numa node count = 2, numa pinning
The first day the machine was running, everything is ok and migrate threads 
disapeared, but on the second day, high cpu and migration thread were back. 
Oracle services are being restarted everyday for cold backup but not the 
virtual machines.

I don’t know if looking in the Numa options is a good idea and I don’t why the 
everything is running ok on the R620 (perhaps the available memory)

Thank you for your advices.

Styve



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Hi Styve,
Pass-Through Host CPU is irrelevant unless you have a specific CPU flag you 
need to utilize.
So I suggest you refrain from using it.
As for NUMA, it works well as long as it's not interleaving. Here as well you  
should use it only
if you understand how it should be used. Otherwise the safe option for you is 
vCPU pinning.
Can you please check your logs to see who is creating these threads and share 
it?

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] global vs local maintenance with single host

[Gianluca Cecchi]

On Sun, Sep 4, 2016 at 10:54 AM, Yedidyah Bar David  wrote:

> On Sat, Sep 3, 2016 at 1:18 PM, Gianluca Cecchi
>  wrote:
> > Hello,
> > how do the two modes apply in case of single host?
> > During an upgrade phase, after having upgraded the self hosted engine and
> > leaving global maintenance and having checked all is ok, what is the
> correct
> > mode then to put host if I want finally to update it too?
>
> The docs say to put hosts to maintenance from the engine before upgrading
> them.
>
> This is (also) so that VMs on them are migrated away to other hosts.
>
> With a single host, you have no other hosts to migrate VMs to.
>
> So you should do something like this:
>
> 1. Set global maintenance (because you are going to take down the
> engine and its vm)
> 2. Shutdown all other VMs
> 3. Shutdown engine vm from itself
> At this point, you should be able to simply stop HA services. But it
> might be cleaner to first set local maintenance. Not sure but perhaps
> this might be required for vdsm. So:
> 4. Set local maintenance
> 5. Stop HA services. If setting local maintenance didn't work, perhaps
> better stop also vdsm services. This stop should obviously happen
> automatically by yum/rpm, but perhaps better do this manually to see
> that it worked.
> 6. yum (or dnf) update stuff.
> 7. Start HA services
> 8. Check status. I think you'll see that both local and global maint
> are still set.
> 9. Set maintenance to none
> 10. Check status again - I think that after some time HA will decide
> to start engine vm and should succeed.
> 11. Start all other VMs.
>
> Didn't try this myself.
>
> Best,
> --
> Didi
>

I tested on one of the 2 environments.
It seems it worked.
But I update the kernel on host without restarting it. I would try that
with the other one.
Some notes:

8. Check status. I think you'll see that both local and global maint
are still set.

Actually even if I'm on global maintenance and then I set local
maintenance, it seems I "loose" the global maintenance state...

I see this output, without the line with Global Maintenance and exclamation
marks:

[root@ractor ~]# hosted-engine --vm-status
/usr/lib/python2.7/site-packages/ovirt_hosted_engine_ha/lib/storage_backends.py:15:
DeprecationWarning: vdscli uses xmlrpc. since ovirt 3.6 xmlrpc is
deprecated, please use vdsm.jsonrpcvdscli
  import vdsm.vdscli


--== Host 1 status ==--

Status up-to-date  : False
Hostname   : ractor.mydomain
Host ID: 1
Engine status  : unknown stale-data
Score  : 0
stopped: False
Local maintenance  : True
crc32  : d616dde1
Host timestamp : 3304360
Extra metadata (valid at timestamp):
metadata_parse_version=1
metadata_feature_version=1
timestamp=3304360 (Mon Oct  3 22:27:07 2016)
host-id=1
score=0
maintenance=True
state=LocalMaintenance
stopped=False
[root@ractor ~]#


I'm able to exit maintenance, connect to engine and start the other VMs.
Now I have to try considering also the restart of the hypervisor host, due
to new kernel package install.

Gianluca
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] global vs local maintenance with single host

[Gervais de Montbrun]

Hi Gianluca,

I forgot to mention that you need to ensure that systemd knows that the new 
file exists. You should likely run `systemctl daemon-reload` after 
creating/modifying your custom systemd files. You can see that the After 
directive is combined from both files. Check it out by running `systemctl show 
vdsmd.service | grep After`

It makes sense to make further changes to ensure that NFS stops last, but I 
haven't looked into that yet.
:-)

Cheers,
Gervais



> On Oct 3, 2016, at 7:22 AM, Gianluca Cecchi  wrote:
> 
> 
> Il 28/Set/2016 21:09, "Gervais de Montbrun"  > ha scritto:
> >
> > Hi Gianluca,
> >
> > Instead of editing the system's built in systemd configuration, you can do 
> > the following...
> >
> > Create a file called /etc/systemd/system/ovirt-ha-broker.service
> >
> >> # My custom ovirt-ha-broker.service config that ensures NFS starts before 
> >> ovirt-ha-broker.service
> >> # thanks Gervais for this tip!  :-)
> >>
> >> .include /usr/lib/systemd/system/ovirt-ha-broker.service
> >>
> >> [Unit]
> >> After=nfs-server.service
> >
> >
> > Then disable and enable ovirt-ha-broker.service (systemctl disable 
> > ovirt-ha-broker.service ; systemctl enable ovirt-ha-broker.service) and you 
> > should see that it is using your customized systemd unit definition. You 
> > can see that systemd is using your file by running systemctl status 
> > ovirt-ha-broker.service. You'll see something like "Loaded: loaded 
> > (/etc/systemd/system/ovirt-ha-broker.service;" in the output.
> >
> > Your file will survive updates and therefore always wait for nfs to start 
> > prior to starting. You can do the same for your other customizations.
> >
> > Cheers,
> > Gervais
> >
> >
> >
> >> On Sep 28, 2016, at 1:31 PM, Gianluca Cecchi  >> > wrote:
> >>
> >> On Sun, Sep 4, 2016 at 10:54 AM, Yedidyah Bar David  >> > wrote:
> >>>
> >>> On Sat, Sep 3, 2016 at 1:18 PM, Gianluca Cecchi
> >>> > wrote:
> >>> > Hello,
> >>> > how do the two modes apply in case of single host?
> >>> > During an upgrade phase, after having upgraded the self hosted engine 
> >>> > and
> >>> > leaving global maintenance and having checked all is ok, what is the 
> >>> > correct
> >>> > mode then to put host if I want finally to update it too?
> >>>
> >>> The docs say to put hosts to maintenance from the engine before upgrading 
> >>> them.
> >>>
> >>> This is (also) so that VMs on them are migrated away to other hosts.
> >>>
> >>> With a single host, you have no other hosts to migrate VMs to.
> >>>
> >>> So you should do something like this:
> >>>
> >>> 1. Set global maintenance (because you are going to take down the
> >>> engine and its vm)
> >>> 2. Shutdown all other VMs
> >>> 3. Shutdown engine vm from itself
> >>> At this point, you should be able to simply stop HA services. But it
> >>> might be cleaner to first set local maintenance. Not sure but perhaps
> >>> this might be required for vdsm. So:
> >>> 4. Set local maintenance
> >>> 5. Stop HA services. If setting local maintenance didn't work, perhaps
> >>> better stop also vdsm services. This stop should obviously happen
> >>> automatically by yum/rpm, but perhaps better do this manually to see
> >>> that it worked.
> >>> 6. yum (or dnf) update stuff.
> >>> 7. Start HA services
> >>> 8. Check status. I think you'll see that both local and global maint
> >>> are still set.
> >>> 9. Set maintenance to none
> >>> 10. Check status again - I think that after some time HA will decide
> >>> to start engine vm and should succeed.
> >>> 11. Start all other VMs.
> >>>
> >>> Didn't try this myself.
> >>>
> >>> Best,
> >>> --
> >>> Didi
> >>
> >>
> >> Hello Didi,
> >> I would like to leverage the update I have to do on 2 small different lab 
> >> environments to crosscheck the steps suggested.
> >> They are both single host environments with self hosted engine.
> >> One is 4.0.2 and the other is 4.0.3. Both on CentoS 7.2
> >> I plan to migrate to the just released 4.0.4
> >>
> >> One note: in both environments the storage is NFS and is provided by the 
> >> host itself, so a corner case (for all hosted_storage domain, main data 
> >> domain and iso storage domain).
> >> I customized the init scripts, basically for start phase of the server and 
> >> to keep in count of the NFS service, but probably something has to be done 
> >> for stop too?
> >>
> >> 1) In /usr/lib/systemd/system/ovirt-ha-broker.service
> >>
> >> added in section [Unit]
> >>
> >> After=nfs-server.service
> >>
> >> The file is overwritten at update so one has to keep in mind this
> >>
> >> 2) also in vdsmd.service changed 
> >> from:
> >> After=multipathd.service libvirtd.service iscsid.service rpcbind.service \
> >>   supervdsmd.service sanlock.service vdsm-network.service
> 

Re: [ovirt-users] Tracebacks in vdsm.log file

[Nir Soffer]

On Fri, Sep 30, 2016 at 3:58 PM, knarra  wrote:
> Hi,
>
> I see below trace back in my vdsm.log. Can some one help me understand
> why these are logged?
>
>
> is free, finding out if anyone is waiting for it.
> Thread-557::DEBUG::2016-09-30
> 18:20:25,064::resourceManager::661::Storage.ResourceManager::(releaseResource)
> No one is waiting for resource 'Storage.upgrade_57ee3a08-004b-02
> 7b-0395-01d6', Clearing records.
> Thread-557::ERROR::2016-09-30
> 18:20:25,064::utils::375::Storage.StoragePool::(wrapper) Unhandled exception
> Traceback (most recent call last):
>   File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 372, in
> wrapper
> return f(*a, **kw)
>   File "/usr/lib/python2.7/site-packages/vdsm/concurrent.py", line 177, in
> run
> return func(*args, **kwargs)
>   File "/usr/lib/python2.7/site-packages/vdsm/storage/securable.py", line
> 78, in wrapper
> return method(self, *args, **kwargs)
>   File "/usr/share/vdsm/storage/sp.py", line 207, in _upgradePoolDomain
> self._finalizePoolUpgradeIfNeeded()
>   File "/usr/lib/python2.7/site-packages/vdsm/storage/securable.py", line
> 76, in wrapper
> raise SecureError("Secured object is not in safe state")
> SecureError: Secured object is not in safe state

This means that the when an domain upgrade thread has finished, the spm
was stopped.

I'm seeing these errors from time to time on my development host using
master. I don't think you should worry about them.

Can you file a bug about this? we should clean this sometimes.

Nir
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Unable to find OVF_STORE after recovery / upgrade

[Sam Cappello]

Hi,
so i was running a 3.4 hosted engine two node setup on centos 6, had 
some disk issues so i tried to upgrade to centos 7 and follow the path 
3.4 > 3.5 > 3.6 > 4.0.  i screwed up dig time somewhere between 3.6 and 
4.0, so i wiped the drives, installed a fresh 4.0.3, then created the 
database and restored the 3.6 engine backup before running engine-setup 
as per the docs.   things seemed to work, but i have the the following 
issues / symptoms:

- ovirt-ha-agent running 100% CPU on both nodes
- messages in the UI that the Hosted Engine storage Domain isn't active 
and Failed to import the Hosted Engine Storage Domain

- hosted engine is not visible in the UI
and the following repeating in the agent.log:

MainThread::INFO::2016-10-03 
12:38:27,718::hosted_engine::461::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(start_monitoring) 
Current state EngineUp (score: 3400)
MainThread::INFO::2016-10-03 
12:38:27,720::hosted_engine::466::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(start_monitoring) 
Best remote host vmhost1.oracool.net (id: 1, score: 3400)
MainThread::INFO::2016-10-03 
12:38:37,979::states::421::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(consume) 
Engine vm running on localhost
MainThread::INFO::2016-10-03 
12:38:37,985::hosted_engine::612::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(_initialize_vdsm) 
Initializing VDSM
MainThread::INFO::2016-10-03 
12:38:45,645::hosted_engine::639::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(_initialize_storage_images) 
Connecting the storage
MainThread::INFO::2016-10-03 
12:38:45,647::storage_server::219::ovirt_hosted_engine_ha.lib.storage_server.StorageServer::(connect_storage_server) 
Connecting storage server
MainThread::INFO::2016-10-03 
12:39:00,543::storage_server::226::ovirt_hosted_engine_ha.lib.storage_server.StorageServer::(connect_storage_server) 
Connecting storage server
MainThread::INFO::2016-10-03 
12:39:00,562::storage_server::233::ovirt_hosted_engine_ha.lib.storage_server.StorageServer::(connect_storage_server) 
Refreshing the storage domain
MainThread::INFO::2016-10-03 
12:39:01,235::hosted_engine::666::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(_initialize_storage_images) 
Preparing images
MainThread::INFO::2016-10-03 
12:39:01,236::image::126::ovirt_hosted_engine_ha.lib.image.Image::(prepare_images) 
Preparing images
MainThread::INFO::2016-10-03 
12:39:09,295::hosted_engine::669::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine::(_initialize_storage_images) 
Reloading vm.conf from the shared storage domain
MainThread::INFO::2016-10-03 
12:39:09,296::config::206::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine.config::(refresh_local_conf_file) 
Trying to get a fresher copy of vm configuration from the OVF_STORE
MainThread::WARNING::2016-10-03 
12:39:16,928::ovf_store::107::ovirt_hosted_engine_ha.lib.ovf.ovf_store.OVFStore::(scan) 
Unable to find OVF_STORE
MainThread::ERROR::2016-10-03 
12:39:16,934::config::235::ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine.config::(refresh_local_conf_file) 
Unable to get vm.conf from OVF_STORE, falling back to initial vm.conf


I have searched a bit and not really found a solution, and have come to 
the conclusion that i have made a mess of things, and am wondering if 
the best solution is to export the VMs, and reinstall everything then 
import them back?

i am using remote  NFS storage.
if i try and add the hosted engine storage domain it says it is already 
registered.
i have also upgraded and am now running oVirt Engine Version: 
4.0.4.4-1.el7.centos
hosts were installed using ovirt-node.  currently at 
3.10.0-327.28.3.el7.x86_64
if a fresh install is best, any advice / pointer to doc that explains 
best way to do this?
i have not moved my most important server over to this cluster yet so i 
can take some downtime to reinstall.

thanks!
sam


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Add extra dnsname for certificate on engine

[Matt .]

Hi guys,


When the engine lives under engine.sub.sub.sub.domain.tld is it
possible to add an extra alt hostname to it so we can add a
certificate for engine.domain.tld ?

I hope someone can point this out.

Cheers,

Matt
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Slow first opening web portal when the ovirt-engine.service is restarted

[aleksey . maksimov]

Thank you, Sandro

03.10.2016, 15:48, "Sandro Bonazzola" :

>> But now the question arises, in what cases can be a helpful 
>> ovirt-warmup.service 
>> (https://github.com/geertj/ravstack/blob/master/share/ovirt-warmup.service) ?
>
> No idea, I guess ravstack developer wanted to ensure ovirt-engine was 
> responding before continuing the boot sequence.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Slow first opening web portal when the ovirt-engine.service is restarted

[Sandro Bonazzola]

On Mon, Oct 3, 2016 at 12:17 PM,  wrote:

> Wow. I have installed and enabled the service on Hosted Engine VM:
>
> # yum -y install haveged
> # service haveged start
> # systemctl enable haveged.service
> # service haveged status
>
> Redirecting to /bin/systemctl status  haveged.service
> ● haveged.service - Entropy Daemon based on the HAVEGE algorithm
>Loaded: loaded (/usr/lib/systemd/system/haveged.service; enabled;
> vendor preset: disabled)
>Active: active (running) since Mon 2016-10-03 12:56:24 MSK; 2min 12s ago
>  Docs: man:haveged(8)
>http://www.issihosts.com/haveged/
>  Main PID: 5304 (haveged)
>CGroup: /system.slice/haveged.service
>└─5304 /usr/sbin/haveged -w 1024 -v 1 --Foreground
>
> Oct 03 12:56:24 KOM-AD01-OVIRT1 systemd[1]: Started Entropy Daemon based
> on the HAVEGE algorithm.
> Oct 03 12:56:24 KOM-AD01-OVIRT1 systemd[1]: Starting Entropy Daemon based
> on the HAVEGE algorithm...
> Oct 03 12:56:24 KOM-AD01-OVIRT1 haveged[5304]: haveged: ver: 1.9.1; arch:
> x86; vend: GenuineIntel; build: (gcc 4.8.2 ITV); collect: 128K
> Oct 03 12:56:24 KOM-AD01-OVIRT1 haveged[5304]: haveged: cpu: (L4 VC);
> data: 32K (L2 L4 V); inst: 32K (L2 L4 V); idx: 21/40; sz: 32709/60538
> Oct 03 12:56:24 KOM-AD01-OVIRT1 haveged[5304]: haveged: tot tests(BA8):
> A:1/1 B:1/1 continuous tests(B):  last entropy estimate 8.00013
> Oct 03 12:56:24 KOM-AD01-OVIRT1 haveged[5304]: haveged: fills: 0,
> generated: 0
>
>
> And now after restarting the ovirt-engine.service, first open the web
> portal pages is instantaneous!
> It works.
> Thank you.
>
> But now the question arises, in what cases can be a helpful
> ovirt-warmup.service (https://github.com/geertj/
> ravstack/blob/master/share/ovirt-warmup.service) ?
>

No idea, I guess ravstack developer wanted to ensure ovirt-engine was
responding before continuing the boot sequence.



>
> 03.10.2016, 12:32, "Sandro Bonazzola" :
> > This looks like not enough entropy on the host / guest running
> ovirt-engine.
> > If you're on Hosted Engine I suggest to install haveged (in EPEL repo)
> and run it to ensure enough entropy is available for the VM.
> > Adding Simone.
>



-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt 4.0.4 and Active Directory Kerberos SSO for Administration/User Portal. Troubleshooting

[Martin Perina]

Hi,

please take a look at inline comments:

On Mon, Oct 3, 2016 at 9:15 AM,  wrote:

> Yes. Of course. Here are my configs.
>
> 
> =
> # cat /etc/ovirt-engine/aaa/ovirt-sso.conf
>
> ​​
> 
> RewriteEngine on
> RewriteCond %{LA-U:REMOTE_USER} ^(.*)$
> RewriteRule ^(.*)$ - [L,NS,P,E=REMOTE_USER:%1]
> RequestHeader set X-Remote-User %{REMOTE_USER}s
> AuthType Kerberos
> AuthName "Kerberos Login"
> Krb5Keytab /etc/httpd/s-oVirt-Krb.keytab
> KrbAuthRealms AD.HOLDING.COM
> #KrbMethodNegotiate on
> #KrbMethodK5Passwd on
> KrbMethodK5Passwd off
> Require valid-user
> 
>

​Ahh, this is the issue. Above configuration is valid for oVirt 3.x, but in
4.0 we have quite new OAuth base SSO, so you need to use following
configuration:


  
RewriteEngine on
RewriteCond %{LA-U:REMOTE_USER} ^(.*)$
RewriteRule ^(.*)$ - [L,NS,P,E=REMOTE_USER:%1]
RequestHeader set X-Remote-User %{REMOTE_USER}s
AuthType Kerberos
AuthName "Kerberos Login"
Krb5Keytab /etc/httpd/s-oVirt-Krb.keytab
KrbAuthRealms AD.HOLDING.COM
KrbMethodK5Passwd off
Require valid-user
ErrorDocument 401 "Here"
  

​

​Also as 4.0 is working on EL7 you may use mod_auth_gssapi/mod_session
instead of quite old mod_auth_krb. For mod_auth_gssapi/mod_sessions you
need to do following:

  1. yum install mod_session mod_auth_gssapi
  2. Use following Apache configuration ​


​
  
RewriteEngine on
RewriteCond %{LA-U:REMOTE_USER} ^(.*)$
RewriteRule ^(.*)$ - [L,NS,P,E=REMOTE_USER:%1]
RequestHeader set X-Remote-User %{REMOTE_USER}s

AuthType GSSAPI
AuthName "Kerberos Login"

# Modify to match installation
GssapiCredStore keytab:/etc/httpd/s-oVirt-Krb.keytab
GssapiUseSessions On
Session On
SessionCookieName ovirt_gssapi_session path=/private;httponly;secure;

Require valid-user
ErrorDocument 401 "Here"
  
​

​


>
> # ls -la /etc/httpd/conf.d/ovirt-*
>
> -rw-r--r--. 1 root root 33 Jul 26 16:42 /etc/httpd/conf.d/ovirt-
> engine-root-redirect.conf
> lrwxrwxrwx. 1 root root 36 Sep 30 00:06 /etc/httpd/conf.d/ovirt-sso.conf
> -> /etc/ovirt-engine/aaa/ovirt-sso.conf
>
>
> 
> =
> # cat /etc/ovirt-engine/aaa/ad.holding.com.properties
>
> include = 
> vars.domain = ad.holding.com
> pool.default.auth.simple.bindDN = s-oVirt-LS@${global:vars.domain}
> pool.default.auth.simple.password = Passw0rd
> pool.default.dc-resolve.enable = false
> search.default.dc-resolve.enable = false
> search.ad-resolve-upn.search-request.baseDN = DC=ad,DC=holding,DC=com
> pool.default.serverset.type = failover
> pool.default.serverset.failover.00.server = kom-dc01.${global:vars.domain}
> pool.default.serverset.failover.01.server = kom-dc02.${global:vars.domain}
> pool.default.serverset.failover.port = 636
> pool.default.serverset.failover.domain = ${global:vars.domain}
> pool.default.ssl.enable = true
> pool.default.ssl.protocol = TLSv1.2
> pool.default.ssl.truststore.file = ${local:_basedir}/${global:
> vars.domain}.jks
> pool.default.ssl.truststore.password = changeit
>


> =
> # cat /etc/ovirt-engine/extensions.d/ad.holding.com-authz.properties
>
> ovirt.engine.extension.name = ad.holding.com-authz
> ovirt.engine.extension.bindings.method = jbossmodule
> ovirt.engine.extension.binding.jbossmodule.module =
> org.ovirt.engine-extensions.aaa.ldap
> ovirt.engine.extension.binding.jbossmodule.class =
> org.ovirt.engineextensions.aaa.ldap.AuthzExtension
> ovirt.engine.extension.provides = org.ovirt.engine.api.
> extensions.aaa.Authz
> config.profile.file.1 = ../aaa/ad.holding.com.properties
>
> 
> =
> # cat /etc/ovirt-engine/extensions.d/ad.holding.com-http-authn.properties
>
> ovirt.engine.extension.name = ad.holding.com-http-authn
> ovirt.engine.extension.bindings.method = jbossmodule
> ovirt.engine.extension.binding.jbossmodule.module =
> org.ovirt.engine-extensions.aaa.misc
> ovirt.engine.extension.binding.jbossmodule.class =
> org.ovirt.engineextensions.aaa.misc.http.AuthnExtension
> ovirt.engine.extension.provides = org.ovirt.engine.api.
> extensions.aaa.Authn
> ovirt.engine.aaa.authn.profile.name = ad.holding.com-http
> ovirt.engine.aaa.authn.authz.plugin = ad.holding.com-authz
> ovirt.engine.aaa.authn.mapping.plugin = ad.holding.com-http-mapping
> config.artifact.name = HEADER
> config.artifact.arg = X-Remote-User
>
> 
> =
> # cat /etc/ovirt-engine/extensions.d/ad.holding.com-http-mapping.
> properties
>
> ovirt.engine.extension.name = ad.holding.com-http-mapping
> 

Re: [ovirt-users] Slow first opening web portal when the ovirt-engine.service is restarted

[Simone Tiraboschi]

On Mon, Oct 3, 2016 at 12:17 PM,  wrote:

> Wow. I have installed and enabled the service on Hosted Engine VM:
>
> # yum -y install haveged
> # service haveged start
> # systemctl enable haveged.service
> # service haveged status
>
> Redirecting to /bin/systemctl status  haveged.service
> ● haveged.service - Entropy Daemon based on the HAVEGE algorithm
>Loaded: loaded (/usr/lib/systemd/system/haveged.service; enabled;
> vendor preset: disabled)
>Active: active (running) since Mon 2016-10-03 12:56:24 MSK; 2min 12s ago
>  Docs: man:haveged(8)
>http://www.issihosts.com/haveged/
>  Main PID: 5304 (haveged)
>CGroup: /system.slice/haveged.service
>└─5304 /usr/sbin/haveged -w 1024 -v 1 --Foreground
>
> Oct 03 12:56:24 KOM-AD01-OVIRT1 systemd[1]: Started Entropy Daemon based
> on the HAVEGE algorithm.
> Oct 03 12:56:24 KOM-AD01-OVIRT1 systemd[1]: Starting Entropy Daemon based
> on the HAVEGE algorithm...
> Oct 03 12:56:24 KOM-AD01-OVIRT1 haveged[5304]: haveged: ver: 1.9.1; arch:
> x86; vend: GenuineIntel; build: (gcc 4.8.2 ITV); collect: 128K
> Oct 03 12:56:24 KOM-AD01-OVIRT1 haveged[5304]: haveged: cpu: (L4 VC);
> data: 32K (L2 L4 V); inst: 32K (L2 L4 V); idx: 21/40; sz: 32709/60538
> Oct 03 12:56:24 KOM-AD01-OVIRT1 haveged[5304]: haveged: tot tests(BA8):
> A:1/1 B:1/1 continuous tests(B):  last entropy estimate 8.00013
> Oct 03 12:56:24 KOM-AD01-OVIRT1 haveged[5304]: haveged: fills: 0,
> generated: 0
>
>
> And now after restarting the ovirt-engine.service, first open the web
> portal pages is instantaneous!
> It works.
> Thank you.
>

Yes, the issue was the lack of entropy.
haveged on a VM works but the quality of its entropy is still debated.
A better solution is to use the paravirtualized VirtIO RNG device.

We already have it on the first boot; we are working to ensure it's always
there also after the engine imported the engine VM:
https://gerrit.ovirt.org/#/c/62334/


>
> But now the question arises, in what cases can be a helpful
> ovirt-warmup.service (https://github.com/geertj/
> ravstack/blob/master/share/ovirt-warmup.service) ?
>
> 03.10.2016, 12:32, "Sandro Bonazzola" :
> > This looks like not enough entropy on the host / guest running
> ovirt-engine.
> > If you're on Hosted Engine I suggest to install haveged (in EPEL repo)
> and run it to ensure enough entropy is available for the VM.
> > Adding Simone.
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] global vs local maintenance with single host

[Gianluca Cecchi]

Il 28/Set/2016 21:09, "Gervais de Montbrun"  ha
scritto:
>
> Hi Gianluca,
>
> Instead of editing the system's built in systemd configuration, you can
do the following...
>
> Create a file called /etc/systemd/system/ovirt-ha-broker.service
>
>> # My custom ovirt-ha-broker.service config that ensures NFS starts
before ovirt-ha-broker.service
>> # thanks Gervais for this tip!  :-)
>>
>> .include /usr/lib/systemd/system/ovirt-ha-broker.service
>>
>> [Unit]
>> After=nfs-server.service
>
>
> Then disable and enable ovirt-ha-broker.service (systemctl disable
ovirt-ha-broker.service ; systemctl enable ovirt-ha-broker.service) and you
should see that it is using your customized systemd unit definition. You
can see that systemd is using your file by running systemctl status
ovirt-ha-broker.service. You'll see something like "Loaded: loaded
(/etc/systemd/system/ovirt-ha-broker.service;" in the output.
>
> Your file will survive updates and therefore always wait for nfs to start
prior to starting. You can do the same for your other customizations.
>
> Cheers,
> Gervais
>
>
>
>> On Sep 28, 2016, at 1:31 PM, Gianluca Cecchi 
wrote:
>>
>> On Sun, Sep 4, 2016 at 10:54 AM, Yedidyah Bar David 
wrote:
>>>
>>> On Sat, Sep 3, 2016 at 1:18 PM, Gianluca Cecchi
>>>  wrote:
>>> > Hello,
>>> > how do the two modes apply in case of single host?
>>> > During an upgrade phase, after having upgraded the self hosted engine
and
>>> > leaving global maintenance and having checked all is ok, what is the
correct
>>> > mode then to put host if I want finally to update it too?
>>>
>>> The docs say to put hosts to maintenance from the engine before
upgrading them.
>>>
>>> This is (also) so that VMs on them are migrated away to other hosts.
>>>
>>> With a single host, you have no other hosts to migrate VMs to.
>>>
>>> So you should do something like this:
>>>
>>> 1. Set global maintenance (because you are going to take down the
>>> engine and its vm)
>>> 2. Shutdown all other VMs
>>> 3. Shutdown engine vm from itself
>>> At this point, you should be able to simply stop HA services. But it
>>> might be cleaner to first set local maintenance. Not sure but perhaps
>>> this might be required for vdsm. So:
>>> 4. Set local maintenance
>>> 5. Stop HA services. If setting local maintenance didn't work, perhaps
>>> better stop also vdsm services. This stop should obviously happen
>>> automatically by yum/rpm, but perhaps better do this manually to see
>>> that it worked.
>>> 6. yum (or dnf) update stuff.
>>> 7. Start HA services
>>> 8. Check status. I think you'll see that both local and global maint
>>> are still set.
>>> 9. Set maintenance to none
>>> 10. Check status again - I think that after some time HA will decide
>>> to start engine vm and should succeed.
>>> 11. Start all other VMs.
>>>
>>> Didn't try this myself.
>>>
>>> Best,
>>> --
>>> Didi
>>
>>
>> Hello Didi,
>> I would like to leverage the update I have to do on 2 small different
lab environments to crosscheck the steps suggested.
>> They are both single host environments with self hosted engine.
>> One is 4.0.2 and the other is 4.0.3. Both on CentoS 7.2
>> I plan to migrate to the just released 4.0.4
>>
>> One note: in both environments the storage is NFS and is provided by the
host itself, so a corner case (for all hosted_storage domain, main data
domain and iso storage domain).
>> I customized the init scripts, basically for start phase of the server
and to keep in count of the NFS service, but probably something has to be
done for stop too?
>>
>> 1) In /usr/lib/systemd/system/ovirt-ha-broker.service
>>
>> added in section [Unit]
>>
>> After=nfs-server.service
>>
>> The file is overwritten at update so one has to keep in mind this
>>
>> 2) also in vdsmd.service changed
>> from:
>> After=multipathd.service libvirtd.service iscsid.service rpcbind.service
\
>>   supervdsmd.service sanlock.service vdsm-network.service
>>
>> to:
>> After=multipathd.service libvirtd.service iscsid.service rpcbind.service
\
>>   supervdsmd.service sanlock.service vdsm-network.service \
>>   nfs-server.service
>>
>> Do you think any order setup I have to put in place related to NFS
service and oVirt services stop?
>>
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>
>

Nice! I'm going to try and see.
Any particular dependency I should add for shutdown order due to the fact
that my host is also the NFS server providing data stores?
Do I need to set up nfs stop only after a particular ovirt related service?
Thanks,
Gianluca
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Slow first opening web portal when the ovirt-engine.service is restarted

[aleksey . maksimov]

Wow. I have installed and enabled the service on Hosted Engine VM:

# yum -y install haveged
# service haveged start
# systemctl enable haveged.service
# service haveged status

Redirecting to /bin/systemctl status  haveged.service
● haveged.service - Entropy Daemon based on the HAVEGE algorithm
   Loaded: loaded (/usr/lib/systemd/system/haveged.service; enabled; vendor 
preset: disabled)
   Active: active (running) since Mon 2016-10-03 12:56:24 MSK; 2min 12s ago
 Docs: man:haveged(8)
   http://www.issihosts.com/haveged/
 Main PID: 5304 (haveged)
   CGroup: /system.slice/haveged.service
   └─5304 /usr/sbin/haveged -w 1024 -v 1 --Foreground

Oct 03 12:56:24 KOM-AD01-OVIRT1 systemd[1]: Started Entropy Daemon based on the 
HAVEGE algorithm.
Oct 03 12:56:24 KOM-AD01-OVIRT1 systemd[1]: Starting Entropy Daemon based on 
the HAVEGE algorithm...
Oct 03 12:56:24 KOM-AD01-OVIRT1 haveged[5304]: haveged: ver: 1.9.1; arch: x86; 
vend: GenuineIntel; build: (gcc 4.8.2 ITV); collect: 128K
Oct 03 12:56:24 KOM-AD01-OVIRT1 haveged[5304]: haveged: cpu: (L4 VC); data: 32K 
(L2 L4 V); inst: 32K (L2 L4 V); idx: 21/40; sz: 32709/60538
Oct 03 12:56:24 KOM-AD01-OVIRT1 haveged[5304]: haveged: tot tests(BA8): A:1/1 
B:1/1 continuous tests(B):  last entropy estimate 8.00013
Oct 03 12:56:24 KOM-AD01-OVIRT1 haveged[5304]: haveged: fills: 0, generated: 0


And now after restarting the ovirt-engine.service, first open the web portal 
pages is instantaneous!
It works.
Thank you.

But now the question arises, in what cases can be a helpful 
ovirt-warmup.service 
(https://github.com/geertj/ravstack/blob/master/share/ovirt-warmup.service) ?

03.10.2016, 12:32, "Sandro Bonazzola" :
> This looks like not enough entropy on the host / guest running ovirt-engine.
> If you're on Hosted Engine I suggest to install haveged (in EPEL repo) and 
> run it to ensure enough entropy is available for the VM.
> Adding Simone.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Slow first opening web portal when the ovirt-engine.service is restarted

[Sandro Bonazzola]

On Mon, Oct 3, 2016 at 8:35 AM,  wrote:

> Hello oVirt guru`s !
>
> oVirt Engine Version: 4.0.4.4-1.el7.centos
>
> After restarting the ovirt-engine.service, the web login page is available
> after a few seconds. That's good.
> But when trying the first login, the portal web page open for 2-3 minutes
>

This looks like not enough entropy on the host / guest running ovirt-engine.
If you're on Hosted Engine I suggest to install haveged (in EPEL repo) and
run it to ensure enough entropy is available for the VM.
Adding Simone.



>
> All subsequent logins are fast.
>
> The question is: Why is the delay in the opening pages of the first call?
>
> Do I understand correctly that this feature of JBoss web application?
> Need some warming up of the web application?
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>



-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Tracebacks in vdsm.log file

[knarra]

Hi All,

vdsm version i am using is vdsm-4.18.13-1.el7ev.x86_64. I am trying 
to upgrade a RHV-H node from UI when i saw the following trace back in 
the vdsm log.


Thanks
kasturi

On 09/30/2016 06:28 PM, knarra wrote:

Hi,

I see below trace back in my vdsm.log. Can some one help me 
understand why these are logged?



is free, finding out if anyone is waiting for it.
Thread-557::DEBUG::2016-09-30 
18:20:25,064::resourceManager::661::Storage.ResourceManager::(releaseResource) 
No one is waiting for resource 'Storage.upgrade_57ee3a08-004b-02

7b-0395-01d6', Clearing records.
Thread-557::ERROR::2016-09-30 
18:20:25,064::utils::375::Storage.StoragePool::(wrapper) Unhandled 
exception

Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 372, in 
wrapper

return f(*a, **kw)
  File "/usr/lib/python2.7/site-packages/vdsm/concurrent.py", line 
177, in run

return func(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/vdsm/storage/securable.py", 
line 78, in wrapper

return method(self, *args, **kwargs)
  File "/usr/share/vdsm/storage/sp.py", line 207, in _upgradePoolDomain
self._finalizePoolUpgradeIfNeeded()
  File "/usr/lib/python2.7/site-packages/vdsm/storage/securable.py", 
line 76, in wrapper

raise SecureError("Secured object is not in safe state")
SecureError: Secured object is not in safe state
b38e7a14-f880-4259-a7dd-3994bae2dbc2::DEBUG::2016-09-30 
18:20:25,065::__init__::398::IOProcessClient::(_startCommunication) 
Communication thread for client ioprocess-7 started
ioprocess communication (22325)::INFO::2016-09-30 
18:20:25,067::__init__::447::IOProcess::(_processLogs) Starting ioprocess
ioprocess communication (22325)::INFO::2016-09-30 
18:20:25,067::__init__::447::IOProcess::(_processLogs) Starting ioprocess


Thanks

kasturi

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] ETL Service fails

[Sandro Bonazzola]

Adding some relevant people

On Sat, Oct 1, 2016 at 6:24 AM, Andy  wrote:

> Hello,
> I just upgraded to OVIRT 4.04 on the hosted appliance and for some reason
> I no longer see the DHW metrics on the dashboard. I receive a lot of
> errors, obviously, stating "ETL Service has encountered an error, Please
> consult the service log. The research that I have been able to come up with
> appears to be with a FK or a user that no longer exists in the database,
> however the attached logs have zero reference to these errors.
>
> Any help would be appreciated.
>
> Thanks Andy
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>


-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] VM pauses/hangs after migration

[Davide Ferrari]

2016-09-30 15:35 GMT+02:00 Michal Skrivanek :

>
>
> that is a very low level error really pointing at HW issues. It may or may
> not be detected by memtest…but I would give it a try
>
>
I left memtest86 running for 2 days and no error detected :(


> The only difference that this host (vmhost01) has is that it was the first
> host installed in my self-hosted engine installation. But I have already
> reinstalled it from GUI and menawhile I've upgraded to 4.0.4 from 4.0.3.
>
>
> does it happen only for the big 96GB VM? The others which you said are
> working, are they all small?
> Might be worth trying other system stability tests, playing with
> safer/slower settings in BIOS, use lower CPU cluster, etc
>
>
Yep, it happens only for the 96GB VM. Other VMs with fewer RAM (16GB for
example) can be created on or migrated to that host flawlessly. I'll try to
play a little with BIOS settings but otherwise I'll have the HW replaced. I
was only trying to rule out possible oVirt SW problems due to that host
being the first I deployed (from CLI) when I installed the cluster.

Thanks!

-- 
Davide Ferrari
Senior Systems Engineer
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] 4.0 - 2nd node fails on deploy

[Simone Tiraboschi]

On Mon, Oct 3, 2016 at 12:45 AM, Jason Jeffrey  wrote:

> Hi,
>
>
>
> I am trying to build a x3 HC cluster, with a self hosted engine using
> gluster.
>
>
>
> I have successful built the 1st node,  however when I attempt to run
> hosted-engine –deploy on node 2, I get the following error
>
>
>
> [WARNING] A configuration file must be supplied to deploy Hosted Engine on
> an additional host.
>
> [ ERROR ] 'version' is not stored in the HE configuration image
>
> [ ERROR ] Unable to get the answer file from the shared storage
>
> [ ERROR ] Failed to execute stage 'Environment customization': Unable to
> get the answer file from the shared storage
>
> [ INFO  ] Stage: Clean up
>
> [ INFO  ] Generating answer file '/var/lib/ovirt-hosted-engine-
> setup/answers/answers-20161002232505.conf'
>
> [ INFO  ] Stage: Pre-termination
>
> [ INFO  ] Stage: Termination
>
> [ ERROR ] Hosted Engine deployment failed
>
>
>
> Looking at the failure in the log file..
>

Can you please attach hosted-engine-setup logs from the first host?


>
>
> 2016-10-02 23:25:05 WARNING otopi.plugins.gr_he_common.core.remote_answerfile
> remote_answerfile._customization:151 A configuration
>
> file must be supplied to deploy Hosted Engine on an additional host.
>
> 2016-10-02 23:25:05 DEBUG otopi.plugins.gr_he_common.core.remote_answerfile
> remote_answerfile._fetch_answer_file:61 _fetch_answer_f
>
> ile
>
> 2016-10-02 23:25:05 DEBUG otopi.plugins.gr_he_common.core.remote_answerfile
> remote_answerfile._fetch_answer_file:69 fetching from:
>
> /rhev/data-center/mnt/glusterSD/dcastor02:engine/0a021563-91b5-4f49-9c6b-
> fff45e85a025/images/f055216c-02f9-4cd1-a22c-d6b56a0a8e9b/7
>
> 8cb2527-a2e2-489a-9fad-465a72221b37
>
> 2016-10-02 23:25:05 DEBUG otopi.plugins.gr_he_common.core.remote_answerfile
> heconflib._dd_pipe_tar:69 executing: 'sudo -u vdsm dd i
>
> f=/rhev/data-center/mnt/glusterSD/dcastor02:engine/
> 0a021563-91b5-4f49-9c6b-fff45e85a025/images/f055216c-
> 02f9-4cd1-a22c-d6b56a0a8e9b
>
> /78cb2527-a2e2-489a-9fad-465a72221b37 bs=4k'
>
> 2016-10-02 23:25:05 DEBUG otopi.plugins.gr_he_common.core.remote_answerfile
> heconflib._dd_pipe_tar:70 executing: 'tar -tvf -'
>
> 2016-10-02 23:25:05 DEBUG otopi.plugins.gr_he_common.core.remote_answerfile
> heconflib._dd_pipe_tar:88 stdout:
>
> 2016-10-02 23:25:05 DEBUG otopi.plugins.gr_he_common.core.remote_answerfile
> heconflib._dd_pipe_tar:89 stderr:
>
> 2016-10-02 23:25:05 ERROR otopi.plugins.gr_he_common.core.remote_answerfile
> heconflib.validateConfImage:111 'version' is not stored
>
> in the HE configuration image
>
> 2016-10-02 23:25:05 ERROR otopi.plugins.gr_he_common.core.remote_answerfile
> remote_answerfile._fetch_answer_file:73 Unable to get t
>
> he answer file from the shared storage
>
>
>
> Looking at the detected gluster path - /rhev/data-center/mnt/
> glusterSD/dcastor02:engine/0a021563-91b5-4f49-9c6b-
> fff45e85a025/images/f055216c-02f9-4cd1-a22c-d6b56a0a8e9b/
>
>
>
> [root@dcasrv02 ~]# ls -al /rhev/data-center/mnt/
> glusterSD/dcastor02:engine/0a021563-91b5-4f49-9c6b-
> fff45e85a025/images/f055216c-02f9-4cd1-a22c-d6b56a0a8e9b/
>
> total 1049609
>
> drwxr-xr-x. 2 vdsm kvm   4096 Oct  2 04:46 .
>
> drwxr-xr-x. 6 vdsm kvm   4096 Oct  2 04:46 ..
>
> -rw-rw. 1 vdsm kvm 1073741824 Oct  2 04:46 78cb2527-a2e2-489a-9fad-
> 465a72221b37
>
> -rw-rw. 1 vdsm kvm1048576 Oct  2 04:46 78cb2527-a2e2-489a-9fad-
> 465a72221b37.lease
>
> -rw-r--r--. 1 vdsm kvm294 Oct  2 04:46 
> 78cb2527-a2e2-489a-9fad-465a72221b37.meta
>
>
>
>
> 78cb2527-a2e2-489a-9fad-465a72221b37 is  a 1 GB file, is this the engine
> VM ?
>
>
>
> Copying the answers file form primary (/etc/ovirt-hosted-engine/answers.conf
> ) to  node 2 and rerunning produces the same error : (
>
> (hosted-engine --deploy  --config-append=/root/answers.conf )
>
>
>
> Also tried on node 3, same issues
>
>
>
> Happy to provide logs and other debugs
>
>
>
> Thanks
>
>
>
> Jason
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] the 'ISO_DOMAIN' storage space always smaller than 1G

[Sandro Bonazzola]

On Thu, Sep 29, 2016 at 8:16 AM, 转圈圈 <313922...@qq.com> wrote:

> hello:
> Ovirt-engine-4.0.2.6 is installed.
> but the 'ISO_DOMAIN' storage space always smaller than 1G.
> the status always 'Unattached'.
> That's why?
>

You have not attached the ISO domain to a datacenter.
Please see
http://www.ovirt.org/documentation/quickstart/quickstart-guide/#attach-an-iso-domain



> Thank you !
>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>


-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com



330AF182@B592FE2F.D5B1EC57
Description: Binary data
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Slow first opening web portal when the ovirt-engine.service is restarted

[aleksey . maksimov]

Any thoughts on this? 

I found the systemd service example for a warm start:
https://github.com/geertj/ravstack/blob/master/share/ovirt-warmup.service

This is a good solution?


03.10.2016, 09:35, "aleksey.maksi...@it-kb.ru" :
> Hello oVirt guru`s !
>
> oVirt Engine Version: 4.0.4.4-1.el7.centos
>
> After restarting the ovirt-engine.service, the web login page is available 
> after a few seconds. That's good.
> But when trying the first login, the portal web page open for 2-3 minutes
>
> All subsequent logins are fast.
>
> The question is: Why is the delay in the opening pages of the first call?
>
> Do I understand correctly that this feature of JBoss web application?
> Need some warming up of the web application?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt 4.0.4 and Active Directory Kerberos SSO for Administration/User Portal. Troubleshooting

[aleksey . maksimov]

Yes. Of course. Here are my configs.

=
# cat /etc/ovirt-engine/aaa/ovirt-sso.conf


RewriteEngine on
RewriteCond %{LA-U:REMOTE_USER} ^(.*)$
RewriteRule ^(.*)$ - [L,NS,P,E=REMOTE_USER:%1]
RequestHeader set X-Remote-User %{REMOTE_USER}s
AuthType Kerberos
AuthName "Kerberos Login"
Krb5Keytab /etc/httpd/s-oVirt-Krb.keytab
KrbAuthRealms AD.HOLDING.COM
#KrbMethodNegotiate on
#KrbMethodK5Passwd on
KrbMethodK5Passwd off
Require valid-user



# ls -la /etc/httpd/conf.d/ovirt-*

-rw-r--r--. 1 root root 33 Jul 26 16:42 
/etc/httpd/conf.d/ovirt-engine-root-redirect.conf
lrwxrwxrwx. 1 root root 36 Sep 30 00:06 /etc/httpd/conf.d/ovirt-sso.conf -> 
/etc/ovirt-engine/aaa/ovirt-sso.conf


=
# cat /etc/ovirt-engine/aaa/ad.holding.com.properties

include = 
vars.domain = ad.holding.com
pool.default.auth.simple.bindDN = s-oVirt-LS@${global:vars.domain}
pool.default.auth.simple.password = Passw0rd
pool.default.dc-resolve.enable = false
search.default.dc-resolve.enable = false
search.ad-resolve-upn.search-request.baseDN = DC=ad,DC=holding,DC=com
pool.default.serverset.type = failover
pool.default.serverset.failover.00.server = kom-dc01.${global:vars.domain}
pool.default.serverset.failover.01.server = kom-dc02.${global:vars.domain}
pool.default.serverset.failover.port = 636
pool.default.serverset.failover.domain = ${global:vars.domain}
pool.default.ssl.enable = true
pool.default.ssl.protocol = TLSv1.2
pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.domain}.jks
pool.default.ssl.truststore.password = changeit

=
# cat /etc/ovirt-engine/extensions.d/ad.holding.com-authz.properties

ovirt.engine.extension.name = ad.holding.com-authz
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module = 
org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class = 
org.ovirt.engineextensions.aaa.ldap.AuthzExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 = ../aaa/ad.holding.com.properties

=
# cat /etc/ovirt-engine/extensions.d/ad.holding.com-http-authn.properties

ovirt.engine.extension.name = ad.holding.com-http-authn
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module = 
org.ovirt.engine-extensions.aaa.misc
ovirt.engine.extension.binding.jbossmodule.class = 
org.ovirt.engineextensions.aaa.misc.http.AuthnExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
ovirt.engine.aaa.authn.profile.name = ad.holding.com-http
ovirt.engine.aaa.authn.authz.plugin = ad.holding.com-authz
ovirt.engine.aaa.authn.mapping.plugin = ad.holding.com-http-mapping
config.artifact.name = HEADER
config.artifact.arg = X-Remote-User

=
# cat /etc/ovirt-engine/extensions.d/ad.holding.com-http-mapping.properties

ovirt.engine.extension.name = ad.holding.com-http-mapping
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module = 
org.ovirt.engine-extensions.aaa.misc
ovirt.engine.extension.binding.jbossmodule.class = 
org.ovirt.engineextensions.aaa.misc.mapping.MappingExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Mapping
config.mapAuthRecord.type = regex
config.mapAuthRecord.regex.mustMatch = true
config.mapAuthRecord.regex.pattern = 
^(?.*?)(((?@)(?.*?)@.*)|(?@.*))$
config.mapAuthRecord.regex.replacement = ${user}${at}${suffix}${realm}


03.10.2016, 09:56, "Martin Perina" :

> ​Ahh, so kerberos SSO works fine for API, but not for portals. Could you 
> please share your Apache configuration with oVirt kerberos configuration? 
> Usually it's in /etc/ovirt-engine/aaa/ovirt-sso.conf
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt 4.0.4 and Active Directory Kerberos SSO for Administration/User Portal. Troubleshooting

[Martin Perina]

On Mon, Oct 3, 2016 at 8:52 AM,  wrote:

>  > network.negotiate-auth.delegation-uris = .ad.holding.com
>  > network.negotiate-auth.trusted-uris = .ad.holding.com
>
> Yes. Configured
>
> The URL https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api in IE and
> Firefox opens without problems and without password prompts
>
> But when opening links from start page...
>
> https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/
> userportal/?locale=en_US
> https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/webadmin/?locale=en_US
>
> ...opens a oVirt form prompting for credentials with a single profile
> "internal"
>

​Ahh, so kerberos SSO works fine for API, but not for portals. Could you
please share your Apache configuration with oVirt kerberos configuration?
Usually it's in /etc/ovirt-engine/aaa/ovirt-sso.conf

Thanks

Martin Perina
​


>
>
> 03.10.2016, 09:37, "Martin Perina" :
>
>
>
> On Mon, Oct 3, 2016 at 8:18 AM,  wrote:
>
>
> Hello, Martin
>
> Before I wrote: Kerberos authentication FOR WINDOWS WEB SERVERS working
> successfully from Internet Explorer & Forefox.
> Kerberos authentication NOT working with oVirt Web-Portals.
>
> I expect that the users opening the oVirt web portal in the browser did
> not enter a password, and used instead of the transparent sign-on using
> Kerberos.
> It is impossible ??
>
>
> ​It's possible and it's working fine when everything is properly set up.
> But please bear in mind kerberos SSO is one of the most complicated oVirt
> setup, but usually the error is on kerberos side (environment issues on the
> client).
>
> So, you are saying that using curl you are able to access API using
> kerberos ticket but when you try to access the same API from the browser it
> does not work, right?
> I don't use IE, but you need to set following options in "about:config"
> URL for Firefox to work properly with kerberos:
>
>  network.negotiate-auth.delegation-uris = .ad.holding.com
>  network.negotiate-auth.trusted-uris = .ad.holding.com
>
> If you have those options set, what exactly happen when you try to access ​
> https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api
> ​
>
> ​in Firefox?
>
> Martin Perina
>
> ​
>
>
> 03.10.2016, 09:08, "Martin Perina" :
>
> Hi Aleksey,
>
> in your last email you wrote that everything works (at least that's my
> understanding, email pasted below). So what exactly doesn't work for you?
>
> Regards
>
> Martin Perina
>
>
> > # kinit aleksey
> >
> > Password for alek...@ad.holding.com: ***
> >
> > # klist
> >
> > Ticket cache: KEYRING:persistent:0:krb_ccache_9W86VN9
> > Default principal: alek...@ad.holding.com
> >
> > Valid starting   Expires  Service principal
> > 09/30/2016 16:50:32  10/01/2016 02:50:32  krbtgt/AD.HOLDING.COM@AD.
> HOLDING.COM
> > renew until 10/07/2016 16:50:29
> >
> >
> > # curl --negotiate -u : -X GET -H "Accept: application/xml" -k
> ​​ 
> https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api
> >
> > 
> > 
> >  ... output truncated ...
> > 
> >
> > It Works.
> > The browsers are configured.
> > Kerberos authentication for Windows web servers working successfully
> from Internet Explorer & Forefox
>
>
> On Mon, Oct 3, 2016 at 7:37 AM,  wrote:
>
>
> Up
>
> 30.09.2016, 18:55, "aleksey.maksi...@it-kb.ru"  >:
> > Any other ideas?
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt 4.0.4 and Active Directory Kerberos SSO for Administration/User Portal. Troubleshooting

[aleksey . maksimov]

 > network.negotiate-auth.delegation-uris = .ad.holding.com > network.negotiate-auth.trusted-uris = .ad.holding.com Yes. Configured The URL https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api in IE and Firefox opens without problems and without password prompts But when opening links from start page... https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/userportal/?locale=en_UShttps://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/webadmin/?locale=en_US ...opens a oVirt form prompting for credentials with a single profile "internal"  03.10.2016, 09:37, "Martin Perina" :  On Mon, Oct 3, 2016 at 8:18 AM,  wrote: Hello, Martin Before I wrote: Kerberos authentication FOR WINDOWS WEB SERVERS working successfully from Internet Explorer & Forefox.Kerberos authentication NOT working with oVirt Web-Portals. I expect that the users opening the oVirt web portal in the browser did not enter a password, and used instead of the transparent sign-on using Kerberos.It is impossible ?? ​It's possible and it's working fine when everything is properly set up. But please bear in mind kerberos SSO is one of the most complicated oVirt setup, but usually the error is on kerberos side (environment issues on the client). So, you are saying that using curl you are able to access API using kerberos ticket but when you try to access the same API from the browser it does not work, right?I don't use IE, but you need to set following options in "about:config" URL for Firefox to work properly with kerberos: network.negotiate-auth.delegation-uris = .ad.holding.com network.negotiate-auth.trusted-uris = .ad.holding.com If you have those options set, what exactly happen when you try to access ​https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api​ ​in Firefox? Martin Perina​ 03.10.2016, 09:08, "Martin Perina" :Hi Aleksey,in your last email you wrote that everything works (at least that's my understanding, email pasted below). So what exactly doesn't work for you?RegardsMartin Perina> # kinit aleksey>> Password for alek...@ad.holding.com: ***>> # klist>> Ticket cache: KEYRING:persistent:0:krb_ccache_9W86VN9> Default principal: alek...@ad.holding.com>> Valid starting       Expires              Service principal> 09/30/2016 16:50:32  10/01/2016 02:50:32  krbtgt/ad.holding@ad.holding.com>         renew until 10/07/2016 16:50:29>>> # curl --negotiate -u : -X GET -H "Accept: application/xml" -k​​https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api>> > >  ... output truncated ...> >> It Works.> The browsers are configured.> Kerberos authentication for Windows web servers working successfully from Internet Explorer & Forefox  On Mon, Oct 3, 2016 at 7:37 AM,  wrote: Up30.09.2016, 18:55, "aleksey.maksi...@it-kb.ru" :> Any other ideas?___Users mailing listUsers@ovirt.orghttp://lists.ovirt.org/mailman/listinfo/users___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt 4.0.4 and Active Directory Kerberos SSO for Administration/User Portal. Troubleshooting

[Martin Perina]

On Mon, Oct 3, 2016 at 8:18 AM,  wrote:

>
> Hello, Martin
>
> Before I wrote: Kerberos authentication FOR WINDOWS WEB SERVERS working
> successfully from Internet Explorer & Forefox.
> Kerberos authentication NOT working with oVirt Web-Portals.
>
> I expect that the users opening the oVirt web portal in the browser did
> not enter a password, and used instead of the transparent sign-on using
> Kerberos.
> It is impossible ??
>

​It's possible and it's working fine when everything is properly set up.
But please bear in mind kerberos SSO is one of the most complicated oVirt
setup, but usually the error is on kerberos side (environment issues on the
client).

So, you are saying that using curl you are able to access API using
kerberos ticket but when you try to access the same API from the browser it
does not work, right?
I don't use IE, but you need to set following options in "about:config" URL
for Firefox to work properly with kerberos:

 network.negotiate-auth.delegation-uris = .ad.holding.com
 network.negotiate-auth.trusted-uris = .ad.holding.com

If you have those options set, what exactly happen when you try to access ​
https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api
​

​in Firefox?

Martin Perina

​

>
> 03.10.2016, 09:08, "Martin Perina" :
>
> Hi Aleksey,
>
> in your last email you wrote that everything works (at least that's my
> understanding, email pasted below). So what exactly doesn't work for you?
>
> Regards
>
> Martin Perina
>
>
> > # kinit aleksey
> >
> > Password for alek...@ad.holding.com: ***
> >
> > # klist
> >
> > Ticket cache: KEYRING:persistent:0:krb_ccache_9W86VN9
> > Default principal: alek...@ad.holding.com
> >
> > Valid starting   Expires  Service principal
> > 09/30/2016 16:50:32  10/01/2016 02:50:32  krbtgt/AD.HOLDING.COM@AD.
> HOLDING.COM
> > renew until 10/07/2016 16:50:29
> >
> >
> > # curl --negotiate -u : -X GET -H "Accept: application/xml" -k
> ​​
> https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api
> >
> > 
> > 
> >  ... output truncated ...
> > 
> >
> > It Works.
> > The browsers are configured.
> > Kerberos authentication for Windows web servers working successfully
> from Internet Explorer & Forefox
>
>
> On Mon, Oct 3, 2016 at 7:37 AM,  wrote:
>
>
> Up
>
> 30.09.2016, 18:55, "aleksey.maksi...@it-kb.ru"  >:
> > Any other ideas?
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Slow first opening web portal when the ovirt-engine.service is restarted

[aleksey . maksimov]

Hello oVirt guru`s !

oVirt Engine Version: 4.0.4.4-1.el7.centos

After restarting the ovirt-engine.service, the web login page is available 
after a few seconds. That's good.
But when trying the first login, the portal web page open for 2-3 minutes

All subsequent logins are fast.

The question is: Why is the delay in the opening pages of the first call?

Do I understand correctly that this feature of JBoss web application?
Need some warming up of the web application?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt 4.0.4 and Active Directory Kerberos SSO for Administration/User Portal. Troubleshooting

[aleksey . maksimov]

 Hello, Martin Before I wrote: Kerberos authentication FOR WINDOWS WEB SERVERS working successfully from Internet Explorer & Forefox.Kerberos authentication NOT working with oVirt Web-Portals. I expect that the users opening the oVirt web portal in the browser did not enter a password, and used instead of the transparent sign-on using Kerberos.It is impossible ?? 03.10.2016, 09:08, "Martin Perina" :Hi Aleksey,in your last email you wrote that everything works (at least that's my understanding, email pasted below). So what exactly doesn't work for you?RegardsMartin Perina> # kinit aleksey>> Password for alek...@ad.holding.com: ***>> # klist>> Ticket cache: KEYRING:persistent:0:krb_ccache_9W86VN9> Default principal: alek...@ad.holding.com>> Valid starting       Expires              Service principal> 09/30/2016 16:50:32  10/01/2016 02:50:32  krbtgt/ad.holding@ad.holding.com>         renew until 10/07/2016 16:50:29>>> # curl --negotiate -u : -X GET -H "Accept: application/xml" -k https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api>> > >  ... output truncated ...> >> It Works.> The browsers are configured.> Kerberos authentication for Windows web servers working successfully from Internet Explorer & Forefox  On Mon, Oct 3, 2016 at 7:37 AM,  wrote: Up30.09.2016, 18:55, "aleksey.maksi...@it-kb.ru" :> Any other ideas?___Users mailing listUsers@ovirt.orghttp://lists.ovirt.org/mailman/listinfo/users___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt 4.0.4 and Active Directory Kerberos SSO for Administration/User Portal. Troubleshooting

[Martin Perina]

Hi Aleksey,

in your last email you wrote that everything works (at least that's my
understanding, email pasted below). So what exactly doesn't work for you?

Regards

Martin Perina


> # kinit aleksey
>
> Password for alek...@ad.holding.com: ***
>
> # klist
>
> Ticket cache: KEYRING:persistent:0:krb_ccache_9W86VN9
> Default principal: alek...@ad.holding.com
>
> Valid starting   Expires  Service principal
> 09/30/2016 16:50:32  10/01/2016 02:50:32  krbtgt/AD.HOLDING.COM@AD.
HOLDING.COM
> renew until 10/07/2016 16:50:29
>
>
> # curl --negotiate -u : -X GET -H "Accept: application/xml" -k
https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api
>
> 
> 
>  ... output truncated ...
> 
>
> It Works.
> The browsers are configured.
> Kerberos authentication for Windows web servers working successfully from
Internet Explorer & Forefox


On Mon, Oct 3, 2016 at 7:37 AM,  wrote:

>
> Up
>
> 30.09.2016, 18:55, "aleksey.maksi...@it-kb.ru"  >:
> > Any other ideas?
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users