[Users] ovirt 3.1 engine install fails - fedora 17 with selinux disabled

2012-08-10 Thread David Elliott 
Hi

Thanks to all for the great work getting 3.1 out the door,  3.0 is working
well for us and looking forward to playing with all the new features.

At the moment, am having a small problem during initial engine setup where
it fails if selinux is configured as disabled - is this intended
behaviour? 

- selinux disabled 
- reports nfs domain setup as failed 

[root@ovirt-m-2 ~]# engine-setup
--answer-file=ovirt-answers.ovirt-m-2.shazamteam.com

-- snip-

Configuring the Default ISO Domain... [ ERROR ]

-- snip

[root@ovirt-m-2 ~]# engine-cleanup

- After setting CONFIG_NFS=no, in the answer file; it gives an explicit
error about selinux during the HTTPD phase (OVERRIDE_HTTPD_CONFIG=yes)

[root@ovirt-m-2 ~]# engine-setup
--answer-file=ovirt-answers.ovirt-m-2.shazamteam.com

-- snip  

Handling HTTPD... [ ERROR ]
Failed to enable SELinux boolean

-- snip -

- set selinux to permissive and reboot
- install succeeds (OVERRIDE_HTTPD_CONFIG=yes, CONFIG_NFS=yes)

Cheers,
Dave





__
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
__
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] ovirt 3.1 engine install fails - fedora 17 with selinux disabled

2012-08-10 Thread David Elliott 
Hi

That occurred to me as well, but kernel is 3.3.4-5.fc17.x86_64

I've tried this a few times now - and the behaviour is consistent

- fails with selinux disabled 
- either at the nfs iso domain phase , or if configured without nfs iso - at
the httpd step

- succeeds with selinux permissive - with both nfs iso domain  and httpd
configured


Cheers,
Dave


-Original Message-
From: Johan Kragsterman [mailto:johan.kragster...@capvert.se] 
Sent: 10 August 2012 16:25
To: Nicholas Kesick
Cc: David Elliott; oVirt Mailing List
Subject: Re: [Users] ovirt 3.1 engine install fails - fedora 17 with selinux
disabled

Hi!

That 3.5 kernel issue is, what I have understood, more related to nfs as
storage domain, not the problem Davis is refering to.

Rgrds Johan

-users-boun...@ovirt.org skrev: -
Till: David Elliott david.elli...@shazamteam.com, oVirt Mailing List
users@ovirt.org
Från: Nicholas Kesick 
Sänt av: users-boun...@ovirt.org
Datum: 2012.08.10 16:51
Ärende: Re: [Users] ovirt 3.1 engine install fails - fedora 17 with selinux
disabled

   
David,
Are you using the 3.5.0 kernel? There is currently an issue related to NFS
which is preventing oVirt 3.1 from working correctly. if you are using
3.5.0, try using an older kernel and see if that works until an updated
kernel is pushed.

- Nick

 From: david.elli...@shazamteam.com
 To: users@ovirt.org
 Date: Fri, 10 Aug 2012 15:40:49 +0100
 Subject: [Users] ovirt 3.1 engine install fails - fedora 17 with selinux
disabled
 
 Hi
 
 Thanks to all for the great work getting 3.1 out the door,  3.0 is working
 well for us and looking forward to playing with all the new features.
 
 At the moment, am having a small problem during initial engine setup where
 it fails if selinux is configured as disabled - is this intended
 behaviour? 
 
 - selinux disabled 
 - reports nfs domain setup as failed 
 
 [root@ovirt-m-2 ~]# engine-setup
 --answer-file=ovirt-answers.ovirt-m-2.shazamteam.com
 
 -- snip-
 
 Configuring the Default ISO Domain... [ ERROR ]
 
 -- snip
 
 [root@ovirt-m-2 ~]# engine-cleanup
 
 - After setting CONFIG_NFS=no, in the answer file; it gives an explicit
 error about selinux during the HTTPD phase (OVERRIDE_HTTPD_CONFIG=yes)
 
 [root@ovirt-m-2 ~]# engine-setup
 --answer-file=ovirt-answers.ovirt-m-2.shazamteam.com
 
 -- snip  
 
 Handling HTTPD... [ ERROR ]
 Failed to enable SELinux boolean
 
 -- snip -
 
 - set selinux to permissive and reboot
 - install succeeds (OVERRIDE_HTTPD_CONFIG=yes, CONFIG_NFS=yes)
 
 Cheers,
 Dave
 
 
 
 
 
 __
 This email has been scanned by the Symantec Email Security.cloud service.
 For more information please visit http://www.symanteccloud.com
 __
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

__
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
__


__
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
__
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[Users] Ovirt Node - tls VM Migration Fails

2012-03-29 Thread David Elliott 
Hi

I'm ovirt node using the latest ovirt-node-iso-2.3.0-1.0.fc16.iso, and
having a problem with live migration

After fresh install of node 
/etc/libvirt/libvirtd.conf
listen_tls = 0
listen_tcp = 1
# tcp and tls ports are defaults
# tls_port = 16514
#tcp_port = 16509


[root@ovirt-h-6 ~]# netstat -ant |grep -E 16514|16509
tcp0  0 0.0.0.0:16509   0.0.0.0:*
LISTEN

iptables is set to accept ALL

When migration is attempted - it then tries and fails to use tls 

2012-03-28 18:33:15.566+: 1622: error : doPeer2PeerMigrate:2129 :
operation failed: Failed to connect to remote libvirt URI
qemu+tls://192.168.192.230/system

- manually configuring a registered/running node with listen_tls = 1,
migration will then succeed

- editing the live-cd and setting listen_tls=1 , a fresh install then has
some problems
libvirtd fails  to start on install due to a certificate error (which am
guessing is installed as part of the node registration process with the
engine)
Cannot read CA Certifcate /etc/pki/CA/cacert.pem

This also causes the setting of hostname/network details to fail during the
automated installation; so this seems the wrong way to go

I'm not sure if the problem here is live migration shouldn't be using tls;
or that the node registration process should set listen_tls=1 l; but isn't

Any assistance appreciated

Cheers,
Dave 













__
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
__
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users