[ovirt-users] Additional routes on Interface

2018-12-05 Thread Sandro Emma 
Hi,

we are running a RHV 4.1 installation which is working fine except one issue:

We have a Network which is only used for fencing(power Management via ilo), 
each host has an interface with this network and a custom ip, for this to work 
we need a few custom routes.
At the moment we add the new routes via a plain route file under 
/etc/sysconfig/network-scripts/, but the engine flags this interface then as 
out-of-sync.

How can we persist those changes across reboots and still be able to add new 
devices via the UI ? 

This looked promising but isnt working: 
https://ovirt.org/develop/release-management/features/network/networkreloaded/ 

Thanks for any Help :) 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SQSRMKM4OTZOVBO4VBMKZWT7YQCO5A76/

[ovirt-users] Re: The built in group Everyone is troublesome.

2018-12-05 Thread Jacob Green 
Thank you for your help! This worked flawlessly and helped me 
understand the engine database a little more!



On 12/04/2018 12:00 PM, Staniforth, Paul wrote:


Get the id for the everyone group
https://engine.example.com/ovirt-engine/api/groups?search=everyone

Get the id for the UserRole
https://engine.example.com/ovirt-engine/api/roles

connect to the engine database

 e.g.

psql -h localhost -U engine -d engine

select * from permissions where ad_element_id='groupid';

note the id of the permission, probably the last one but you can check 
by the role_id

then delete the permission.

delete  from permissions where id='noted before';

you should make a backup of your system before you do this.


Regards,

Paul S.


*From:* Staniforth, Paul
*Sent:* 04 December 2018 17:23
*To:* Jacob Green
*Subject:* Re: [ovirt-users] The built in group Everyone is troublesome.

Yes, that's not good you need to remove the UserRole system permission 
but they fixed it so you can't.


https://bugzilla.redhat.com/show_bug.cgi?id=1366205


I think there maybe a bug that allows you to add system permissions to 
the everyone group in 4.2, you're only supposed to be able to change 
the permissions with a dbscript.



I'll look up my notes on how to remove the permission from the DB.


Regards,

Paul S.



*From:* Jacob Green 
*Sent:* 04 December 2018 16:59
*To:* Staniforth, Paul
*Subject:* Re: [ovirt-users] The built in group Everyone is troublesome.


If the picture does not come through. The following are the permisstions

Group > Everyone

Everyone > Role - UserRole,UserProfileEditor Object : (System)


On 12/04/2018 10:20 AM, Staniforth, Paul wrote:

What are the permissions for the group everyone, in particular the system 
permission should be just UserProfileEditor.

Regards,
  Paul S.

From: Jacob Green
Sent: 04 December 2018 15:20
To: users
Subject: [ovirt-users] The built in group Everyone is troublesome.

  So all my VMs are inheriting system permissions from group
everyone and giving all my users access to all my VMs, in ovirt 4.2. Is
there a best practices guide or any recommendation on how to clear this
up? Clicking remove on everyone does not work because Ovirt won't allow
me to remove a built in account.


Thank you

--
Jacob Green

Systems Admin

American Alloy Steel

713-300-5690
___
Users mailing list --users@ovirt.org
To unsubscribe send an email tousers-le...@ovirt.org
Privacy Statement:https://www.ovirt.org/site/privacy-policy/
oVirt Code of 
Conduct:https://www.ovirt.org/community/about/community-guidelines/
List 
Archives:https://lists.ovirt.org/archives/list/users@ovirt.org/message/A5MW7PLHH5YGBVA7WSRZ24NO2IBY4ICD/
To view the terms under which this email is distributed, please go to:-
http://leedsbeckett.ac.uk/disclaimer/email/


--
Jacob Green

Systems Admin

American Alloy Steel

713-300-5690
To view the terms under which this email is distributed, please go to:-
http://leedsbeckett.ac.uk/disclaimer/email/ 


--
Jacob Green

Systems Admin

American Alloy Steel

713-300-5690

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RLMS4KBHX6MPFN52JNYI2SSNCUFEUK22/

[ovirt-users] Re: Help - "No Default Route show in Ovirt Engine"

2018-12-05 Thread Brad Riemann 
> After create data center,cluster try install the host in ovirt engine it show 
> the error
> "Hosts has no Default Route" but both the Engine and Ovirt node ping. At same
> time try Register Ovirt Node to Ovirt engine It shows "Please provide valid 
> oVirt
> engine fully qualified domain name (FQDN) and port (443 by default)" but i am 
> use
> hpervisor.eipl.com with port 443
Check the host, does the ovirtmgmt bridge have the management ip or does one of 
the physical interfaces? I used to see this when i was trying to automate the 
setup of the host, for some reason the ovirtmgmt bridge never setup correct out 
of the box and thus never took the management ip which is why it thinks there 
is no default route.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TAJG6BIQMFJZQMUQ7R6UAKLXOQTFPYO7/

[ovirt-users] Re: oVirt node LDAP auth

2018-12-05 Thread Wesley Stewart 
Yeah, I run an AD environment and oVirt at home (Because why not?)

Run ovirt-engine-extension-aaa-ldap-setup  from the terminal.  Pretty
straightforward!

On Wed, Dec 5, 2018 at 9:33 AM Николаев Алексей <
alexeynikolaev.p...@yandex.ru> wrote:

> Hi, community!
>
> What is best way for LDAP auth on oVirt Node?
>
> Is it possible to use realmd to integarate with domain?
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/RHMSCULZUUXMBTQYCQI7Z6A5F2RPWNI3/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UMCBBH22G427DLRBY2OWZCXN5SPBQJH5/

[ovirt-users] oVirt node LDAP auth

2018-12-05 Thread Николаев Алексей 
Hi, community! What is best way for LDAP auth on oVirt Node? Is it possible to use realmd to integarate with domain?___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RHMSCULZUUXMBTQYCQI7Z6A5F2RPWNI3/

[ovirt-users] Re: The built in group Everyone is troublesome.

2018-12-05 Thread Staniforth, Paul 
What are the permissions for the group everyone, in particular the system 
permission should be just UserProfileEditor.

Regards,
 Paul S.

From: Jacob Green 
Sent: 04 December 2018 15:20
To: users
Subject: [ovirt-users] The built in group Everyone is troublesome.

 So all my VMs are inheriting system permissions from group
everyone and giving all my users access to all my VMs, in ovirt 4.2. Is
there a best practices guide or any recommendation on how to clear this
up? Clicking remove on everyone does not work because Ovirt won't allow
me to remove a built in account.


Thank you

--
Jacob Green

Systems Admin

American Alloy Steel

713-300-5690
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/A5MW7PLHH5YGBVA7WSRZ24NO2IBY4ICD/
To view the terms under which this email is distributed, please go to:-
http://leedsbeckett.ac.uk/disclaimer/email/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QHPD7HWXSOOEWAQUJIRVJZZBLXH74XGI/

[ovirt-users] Help - "No Default Route show in Ovirt Engine"

2018-12-05 Thread aru_barani 
After create data center,cluster try install the host in ovirt engine it show 
the error "Hosts has no Default Route" but both the Engine and Ovirt node ping. 
At same time try Register Ovirt Node to Ovirt engine It shows "Please provide 
valid oVirt engine fully qualified domain name (FQDN) and port (443 by 
default)" but i am use hpervisor.eipl.com with port 443  
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XZO7YLJVFDUUOKPLFL2ESQ2RQTMLBKWF/

[ovirt-users] Re: The built in group Everyone is troublesome.

2018-12-05 Thread Donny Davis 
Are you are trying to accomplish a multi-tenant like experience? One where
users only see the VM's that they have provisioned?


On Tue, Dec 4, 2018 at 10:21 AM Jacob Green  wrote:

>  So all my VMs are inheriting system permissions from group
> everyone and giving all my users access to all my VMs, in ovirt 4.2. Is
> there a best practices guide or any recommendation on how to clear this
> up? Clicking remove on everyone does not work because Ovirt won't allow
> me to remove a built in account.
>
>
> Thank you
>
> --
> Jacob Green
>
> Systems Admin
>
> American Alloy Steel
>
> 713-300-5690
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/A5MW7PLHH5YGBVA7WSRZ24NO2IBY4ICD/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZNRHUG5PGODH466NK3F6M6AVW47YOG25/

[ovirt-users] Re: Host's network configuration differs from DC

2018-12-05 Thread Ales Musil 
On Thu, Nov 29, 2018 at 5:28 PM  wrote:

> We are unable to setup host network because of some out-of-sync error.
>

If you hover over the network that is out-of-sync, you will be able to see
what exactly is causing it.

You can sync the networks by going into Host -> Network Interfaces and
there just click Sync All Networks.

Hopefully this helps.

___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/G6P4CLQCRBUUAZAPMK2Q7P7AIOEVV75M/
>


-- 

ALES MUSIL
Associate Software Engineer - rhv network

Red Hat EMEA 


amu...@redhat.com   IM: amusil

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5NT5XVMJWF5G64VZLEWUFSKCMMNHMWWP/

[ovirt-users] Re: Cloud-init reset network configuration to default dhcp after reboot and regular run

2018-12-05 Thread Eitan Raviv 
After further investigation I would like to share one more important piece
of information that explains the "reset" behaviour of the network
configuration:

When a VM is started in 'Run once' mode, the initialization parameters
supplied for that run are always passed by engine to cloud-init in the
guest for application.

But if a VM is started in 'Run' mode, the initialization parameters are
passed to cloud-init on the guest only if this is the first run (be it
'Run' or 'Run once'). On every consecutive run in 'Run' mode no parameters
are passed to the guest, and therefore (as I quoted from the cloud-init
documentation earlier in this thread) cloud-init falls back to DHCP
configuration on the guest.

This is not an overlooked occurrence on engine's behalf but rather the
designated behaviour.
When this behaviour was introduced into engine the reasoning was that after
the initial configuration of the VM, there is no reason to resend the
configuration on every 'Run' but only on 'Run once'. That's because 'Run
once' may be used for out-of the ordinary instantiations of the VM.

Due to the behaviour of the current cloud-init package, this causes an
unexpected side effect that should be dealt with by disabling cloud-init in
one of the methods I described earlier in this thread.

HTH

On Wed, Nov 28, 2018 at 10:12 AM Eitan Raviv  wrote:

> On Wed, Nov 28, 2018 at 7:29 AM Mike Lykov  wrote:
> >
> > 27.11.2018 16:15, Eitan Raviv пишет:
> > > According to cloud-init 0.7.9 documentation cloud-init is configured
> > > to run by default on each boot [1] and to render the user-selected
> > > network configuration on first boot [2]. Also, in absence of a data
> > > source to configure the network, it will fall back to configuring DHCP
> > > on eth0 [2].
> > >
> > > As you noted, if you run a VM once, and then in the next regular run
> > > the cloud-init flag is not selected in the VM configuration in engine,
> > > there is no data-source and cloud-init falls back to dhcp as
> > > documented.
> >
> > Thanks for the explanation. What intended use of this subsystem/feature
> > are supposed to?
> >
> > My setup is not in cloud, it's local and use static IP adresses for VM.
> > I do not want to configure each VM network in console by hand.
> > I create VM from template (template have installed cloud-init package),
> > configure cloud-init hostname/eth0 network in engine, and as "custom
> > script" (at the same moment) I set a "touch
> > /etc/cloud/cloud-init.disabled" ?
>
> Either that or add custom script to disable just cloud-init network
> re-config as you did manually.
> Please consult the documentation for the custom script syntax and format
> (e.g. search for 'runcmd' in
> https://cloudinit.readthedocs.io/en/0.7.9/topics/examples.html)
>
> > Then I "Run once" a VM, stop it, and run as usual without data source
> > and fallback.
> > Or I name network interface not "eth0" and therefore without need for
> > custom script?
>
> I did not test the outcome of assigning the static IP to another NIC.
> Just sharing a thought...
>
> >
> >
> > > The 'marker' file you refer to are also documented as follows:
> > >
> > > * disabling cloud-init altogether [1] with: touch
> /etc/cloud/cloud-init.disabled
> > > * preventing cloud-init from configuring the network [2] with: echo
> > > ‘network: {config: disabled}‘ >> /etc/cloud/cloud.cfg
> > > whichever scenario is used to run a VM, this can be accomplished by
> > > adding the above commands to the custom_script that cloud-init runs at
> > > the last stage of its operation [3].
> > >
> > > There is possibly a third 'hack' that would not require any marker
> file:
> > > * assign your static IP to a NIC not named 'eth0'
> > > I have not tested it myself but it looks like a corollary of [2]
> > >
> > > HTH
> > >
> > > [1]
> https://cloudinit.readthedocs.io/en/0.7.9/topics/boot.html#generator
> > > [2] https://cloudinit.readthedocs.io/en/0.7.9/topics/boot.html#local
> > > [3] https://cloudinit.readthedocs.io/en/0.7.9/topics/boot.html#final
> > >
> > > On Wed, Nov 21, 2018 at 10:51 AM Mike Lykov  wrote:
> > >>
> > >> 20.11.2018 15:30, Mike Lykov пишет:
> > >>
> > >>> "cloud-init used to use a "marker" file that it created on initial
> > >>> execution. If that "marker" file existed it would not rerun on
> reboot. "
> > >>> - are it not working  in ovirt/this cloud-init version ?
> > >>
> > >> new restart:
> > >>
> > >> --
> > >> 2018-11-21 12:40:53,314 - main.py[DEBUG]: Checking to see if files
> that
> > >> we need already exist from a previous run that would allow us to stop
> early.
> > >> 2018-11-21 12:40:53,315 - main.py[DEBUG]: Execution continuing, no
> > >> previous run detected that would allow us to stop early.
> > >> -
> > >>
> > >> which files it try to find ?
> > >>
> > >> --
> > >> Mike
> > >>
> > >> ___
> > >> Users mailing list -- users@ovirt.org
> > >> To unsubscribe send an email to users-le...@ovirt.org
> > >>