[ovirt-users] User is not authorized, ldap OK, but no user VM
version 3.5.2-1.el6 using ldap authz; this piece is working OK, and verified OK. I use the Everyone user to provide default permissions; that includes PowerUserRole for the data center, a bunch of usertemplatebasedVMs, some VnicProfileUser, DiskProfileUser, etc. I add a new user in LDAP; and verify LDAP credentials work (ie, log in to another system that uses the same ldap server) LDAP confirmed working for *other* ovirt users-- not an LDAP issue as far as I can tell. I do *not* specifically add each LDAP user to oVirt, they're added to groups in LDAP, so if they have the right group, they should be able to authenticate to oVirt and use the system without me adding each user individually. In any case the narrowed down problem is this: If the user doesn't have permissions (UserRole, etc) for *any* VMs, instead of logging in and getting a blank VM list, they get User is not authorized to perform this action. If I add that specific user to a test placeholder VM, they can log in. Once they have a VM created, I can erase their user-specific permissions to that initial test VM and everything works as expected. They are able to log in, create VMs, etc. If I remove all permissions for VMs from a user, they get this error. Expected behavior: User without any permissions to any VMs should simply get a blank VM list on login. That way they can create a VM and go from there. Thanks for any help/suggestions, David ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] User is not authorized, ldap OK, but no user VM
Correct, each user has their own VMs. Only a few share VMs (those permissions are assigned manually) The issue is that when they have 0 VMs assigned to them, the system throws the login error that they're not authorized, at least until I add a placeholder VM so they can log in and set themselves up. On Tue, Jun 30, 2015 at 3:09 PM, Donny Davis do...@cloudspin.me wrote: You are looking for this to look like its multi tenant? I setup CloudSpin to do exactly that. Each user can only see their own VMS. Do I have your question correct? Donny D On Jun 30, 2015 5:27 PM, David Smith dsm...@mypchelp.com wrote: version 3.5.2-1.el6 using ldap authz; this piece is working OK, and verified OK. I use the Everyone user to provide default permissions; that includes PowerUserRole for the data center, a bunch of usertemplatebasedVMs, some VnicProfileUser, DiskProfileUser, etc. I add a new user in LDAP; and verify LDAP credentials work (ie, log in to another system that uses the same ldap server) LDAP confirmed working for *other* ovirt users-- not an LDAP issue as far as I can tell. I do *not* specifically add each LDAP user to oVirt, they're added to groups in LDAP, so if they have the right group, they should be able to authenticate to oVirt and use the system without me adding each user individually. In any case the narrowed down problem is this: If the user doesn't have permissions (UserRole, etc) for *any* VMs, instead of logging in and getting a blank VM list, they get User is not authorized to perform this action. If I add that specific user to a test placeholder VM, they can log in. Once they have a VM created, I can erase their user-specific permissions to that initial test VM and everything works as expected. They are able to log in, create VMs, etc. If I remove all permissions for VMs from a user, they get this error. Expected behavior: User without any permissions to any VMs should simply get a blank VM list on login. That way they can create a VM and go from there. Thanks for any help/suggestions, David ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Gotchas restoring ovirt engine on centos, backup was on FC19
Had to switch to centos because FC is no longer supported (3.5.0 max) Gotchas: 1) dealing with the database restore was a pita, i found that from several failed attempts setup had created extra engine databases. I had to use engine-clean to wipe as much as possible, then manually delete all the engine-* and engine databases, then do engine-setup to create a new database, grep the config for the db password, engine-clean to wipe everything (removes all data but leaves empty database) then do a restore using the password from the grep step. 2) http SSL was bad; FC used a different SSL config from centos, and this seemed to be reproduced by engine-setup causing failures during setup. The http error was around SSLPassPhraseDialog, in FC: SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog in centos: LoadModule ssl_module modules/mod_ssl.so SSLPassPhraseDialog builtin This caused engine-setup to fail and http not to start. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Directly connect NIC or other cards to VM?
Great, thanks for the update. That'll certainly keep me moving forward in that direction. I think at this time I can wait a while for it to be official. Thanks, David On Mon, Feb 16, 2015 at 3:36 AM, Martin Polednik mpoled...@redhat.com wrote: - Original Message - From: Lior Vernia lver...@redhat.com To: David Smith dsm...@mypchelp.com Cc: users users@ovirt.org, Martin Polednik mpole...@redhat.com Sent: Monday, February 16, 2015 9:15:41 AM Subject: Re: [ovirt-users] Directly connect NIC or other cards to VM? Hi David, On 13/02/15 01:28, David Smith wrote: Is there a way to directly connect a specific device (ie, NIC) to a particular VM? I've figured out how to map a specific network interface to a VM, thats one step, but in the end I may need direct access to the PCI device itself. I think this 3.6 feature might do exactly what you want: http://www.ovirt.org/Features/hostdev_passthrough It's gonna be a while before 3.6 is out, but once the feature is merged it'll be available if you install the nightly snapshot. CCing Martin Polednik, the feature owner. Hello, just on the status of the feature (as it's exactly what you require - direct pci device attachment) - the host side is hopefully ~week away from being ready, the UI side will take longer though - if you wanted, you could probably run nightly and spawn the VM yourself and treat is as external VM. CCing Martin Betak, who is the one to blame for the UI :) You also need RHEL 7 (ideal support will be in 7.1) and I suggest reading the chapter on IOMMU groups, as you might need to block (detach from host) other devices than the nic in order to get it passed through. Second to that, for network interfaces mapped to a particular VM, is there a way for the VM to be able to properly detect physical link state of that interface? Right now that's a 'configurable option' inside network interface settings on the VM in the manager (ie, plugged, not plugged, and link state up /down) If I'm not mistaken, once you have direct access to the PCI device you'll be able to query for its actual state using e.g. ethtool. Thanks, David ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] AAA LDAP Authentication
I'm trying to set up the new 3.5 AAA LDAP Auth, but it's lacking some
serious detail in documentation, the rest is java-programmer-oriented docs
only that I can find;
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git
Here's a sample config (sanitized) that I need to adapt to ovirt; *I HAVE
NO control over the LDAP server.
So far I've managed to figure out through search after search to use LDAPS
(TLS isn't an option, thanks!)
Two parts I can't figure out; setting rootDN and setting the organization
filter-- members of that particular organization should have access to
ovirt, and none others.
vars.server = directory.ft.com
#
# Search user and its password.
#
vars.user = uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com
vars.urootdn = cn=users,cn=accounts,dc=corp,dc=ft,dc=com
vars.password = Ft##
pool.default.serverset.single.server = ${global:vars.server}
pool.default.serverset.single.port = 636
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.rootDN = ${global:vars.urootdn}
pool.default.auth.simple.password = ${global:vars.password}
# enable SSL
pool.default.ssl.enable = true
#pool.default.ssl.insecure = false
# Create keystore, import certificate chain and uncomment
# if using ssl/tls.
#pool.default.ssl.startTLS = true
pool.default.ssl.truststore.file =
${local:_basedir}/${global:vars.server}.jks
pool.default.ssl.truststore.password = changeit
example config from testlink
$tlCfg-authentication['method'] = 'LDAP';
/** LDAP authentication credentials */
$tlCfg-authentication['ldap_server'] = 'ldaps://directory.ft.com';
$tlCfg-authentication['ldap_port'] = '636';
$tlCfg-authentication['ldap_version'] = '3';
$tlCfg-authentication['ldap_root_dn'] =
'cn=users,cn=accounts,dc=corp,dc=ft,dc=com';
$tlCfg-authentication['ldap_bind_dn'] =
'uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com';
$tlCfg-authentication['ldap_bind_passwd'] = 'Ft##';
$tlCfg-authentication['ldap_tls'] = false; // true - use tls
$tlCfg-authentication['ldap_organization'] =
'(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; //
e.g. '(organizationname=*Traffic)'
$tlCfg-authentication['ldap_uid_field'] = 'uid'; // Use
'sAMAccountName' for Active Directory
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] AAA LDAP Authentication
Hi Alon,
Thanks for the quick reply.
openldap works fine; I use it with testlink (as shown in the example
config). We're not using active directory; Just LDAP. The example config I
provided is fully inclusive of all configuration required for testlink to
use LDAP, I also have jenkins and mantis configured using the same
parameters (although their terminology on where to enter the parameters is
varied, they use all the same information)
The rootDSE is being determined automatically; however for my use it's
wrong and needs to be provided manually. Again, I have no control over
this. It's a company-wide configuration that won't be changed just for me.
How would I be able to specify the organization filter line if I added some
other include directive of whatever driver? I don't even understand what
you're saying, exactly. Not all ovirt users/managers are programming
experts.
I use LDAPS because thats what my company supports. StartTLS is NOT
supported (as I stated). Silly on their part, right?
Thanks,
David
On Tue, May 5, 2015 at 1:18 PM, Alon Bar-Lev alo...@redhat.com wrote:
Hello,
Resources includes sysadmin documentation[1], integrator documentation[2],
overview[3], examples[4].
You did not specify what LDAP vendor it is.
I can guess your directory is Active Directory, hence all you need to do
is follow the QUICK START[5].
The rootDSE is determined automatically, all you need is to provide a
valid user and password.
What you are missing in your configuration is the include directive of the
proper driver.
Not sure why you use LDAPS and not LDAP with startTLS, startTLS is more
flexible and should be used unless there is an issue.
Alon
[1]
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD
[2]
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README.profile;hb=HEAD
[3] http://www.ovirt.org/Features/AAA
[4]
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=tree;f=examples;hb=HEAD
[5]
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l6
- Original Message -
From: David Smith dsm...@mypchelp.com
To: users users@ovirt.org
Sent: Tuesday, May 5, 2015 11:09:25 PM
Subject: [ovirt-users] AAA LDAP Authentication
I'm trying to set up the new 3.5 AAA LDAP Auth, but it's lacking some
serious
detail in documentation, the rest is java-programmer-oriented docs only
that
I can find;
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git
Here's a sample config (sanitized) that I need to adapt to ovirt; *I
HAVE NO
control over the LDAP server.
So far I've managed to figure out through search after search to use
LDAPS
(TLS isn't an option, thanks!)
Two parts I can't figure out; setting rootDN and setting the organization
filter-- members of that particular organization should have access to
ovirt, and none others.
vars.server = directory.ft.com
#
# Search user and its password.
#
vars.user = uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com
vars.urootdn = cn=users,cn=accounts,dc=corp,dc=ft,dc=com
vars.password = Ft##
pool.default.serverset.single.server = ${global:vars.server}
pool.default.serverset.single.port = 636
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.rootDN = ${global:vars.urootdn}
pool.default.auth.simple.password = ${global:vars.password}
# enable SSL
pool.default.ssl.enable = true
#pool.default.ssl.insecure = false
# Create keystore, import certificate chain and uncomment
# if using ssl/tls.
#pool.default.ssl.startTLS = true
pool.default.ssl.truststore.file =
${local:_basedir}/${global:vars.server}.jks
pool.default.ssl.truststore.password = changeit
example config from testlink
$tlCfg-authentication['method'] = 'LDAP';
/** LDAP authentication credentials */
$tlCfg-authentication['ldap_server'] = 'ldaps:// directory.ft.com ';
$tlCfg-authentication['ldap_port'] = '636';
$tlCfg-authentication['ldap_version'] = '3';
$tlCfg-authentication['ldap_root_dn'] =
'cn=users,cn=accounts,dc=corp,dc=ft,dc=com';
$tlCfg-authentication['ldap_bind_dn'] =
'uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com';
$tlCfg-authentication['ldap_bind_passwd'] = 'Ft##';
$tlCfg-authentication['ldap_tls'] = false; // true - use tls
$tlCfg-authentication['ldap_organization'] =
'(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; // e.g.
'(organizationname=*Traffic)'
$tlCfg-authentication['ldap_uid_field'] = 'uid'; // Use
'sAMAccountName' for
Active Directory
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] AAA LDAP Authentication
I can log into ovirt, I can see the profile, it doesn't throw any errors.
However, it doesn't display any users. This is because the automatic rootDN
is wrong.
oVirt shows Namespace: dc=corp, dc=ft, dc=com if this is the search base
it actually needs to be cn=users, cn=accounts, dc=corp, dc=ft, dc=com
Hence my desire to configure rootDN
Then, I also want to filter based on the above (sorry the traffic part was
a comment from testlink, the line should be)
'(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)';
That filter is was makes sure the results only show users in the specific
group I want to give access to.
Thanks,
David
On Tue, May 5, 2015 at 2:08 PM, Alon Bar-Lev alo...@redhat.com wrote:
Hi,
So your configuration is working, just you want to filter users?
I do not follow what organization filter is.
'(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; // e.g.
'(organizationname=*Traffic)'
It looks to me that you want to narrow the results based on specific
attribute value.
But first you should confirm that all is working for you, only then we can
start customize the provider to meet your special needs.
Thanks,
Alon.
- Original Message -
From: David Smith dsm...@mypchelp.com
To: Alon Bar-Lev alo...@redhat.com
Cc: users users@ovirt.org
Sent: Wednesday, May 6, 2015 12:01:28 AM
Subject: Re: [ovirt-users] AAA LDAP Authentication
Hi Alon,
Thanks for the quick reply.
openldap works fine; I use it with testlink (as shown in the example
config). We're not using active directory; Just LDAP. The example config
I
provided is fully inclusive of all configuration required for testlink
to
use LDAP, I also have jenkins and mantis configured using the same
parameters (although their terminology on where to enter the parameters
is
varied, they use all the same information)
The rootDSE is being determined automatically; however for my use it's
wrong and needs to be provided manually. Again, I have no control over
this. It's a company-wide configuration that won't be changed just for
me.
How would I be able to specify the organization filter line if I added
some
other include directive of whatever driver? I don't even understand what
you're saying, exactly. Not all ovirt users/managers are programming
experts.
I use LDAPS because thats what my company supports. StartTLS is NOT
supported (as I stated). Silly on their part, right?
Thanks,
David
On Tue, May 5, 2015 at 1:18 PM, Alon Bar-Lev alo...@redhat.com wrote:
Hello,
Resources includes sysadmin documentation[1], integrator
documentation[2],
overview[3], examples[4].
You did not specify what LDAP vendor it is.
I can guess your directory is Active Directory, hence all you need to
do
is follow the QUICK START[5].
The rootDSE is determined automatically, all you need is to provide a
valid user and password.
What you are missing in your configuration is the include directive of
the
proper driver.
Not sure why you use LDAPS and not LDAP with startTLS, startTLS is more
flexible and should be used unless there is an issue.
Alon
[1]
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD
[2]
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README.profile;hb=HEAD
[3] http://www.ovirt.org/Features/AAA
[4]
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=tree;f=examples;hb=HEAD
[5]
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l6
- Original Message -
From: David Smith dsm...@mypchelp.com
To: users users@ovirt.org
Sent: Tuesday, May 5, 2015 11:09:25 PM
Subject: [ovirt-users] AAA LDAP Authentication
I'm trying to set up the new 3.5 AAA LDAP Auth, but it's lacking some
serious
detail in documentation, the rest is java-programmer-oriented docs
only
that
I can find;
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git
Here's a sample config (sanitized) that I need to adapt to ovirt; *I
HAVE NO
control over the LDAP server.
So far I've managed to figure out through search after search to use
LDAPS
(TLS isn't an option, thanks!)
Two parts I can't figure out; setting rootDN and setting the
organization
filter-- members of that particular organization should have access
to
ovirt, and none others.
vars.server = directory.ft.com
#
# Search user and its password.
#
vars.user =
uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com
vars.urootdn = cn=users,cn=accounts,dc=corp,dc=ft,dc=com
vars.password = Ft##
pool.default.serverset.single.server = ${global:vars.server}
pool.default.serverset.single.port = 636
pool.default.auth.simple.bindDN
Re: [ovirt-users] AAA LDAP Authentication
I added that to the end, since there wasn't any reference on it as to where
to put it;
I restarted the engine and didn't notice any changes, the namespace still
reads the same as before, and no users show up
Note that in the field to the right of namespace it's blank, whereby with
internal or our other pre-aaa ldap config it shows * and can be changed
to a username as a filter, in this case it doesn't allow me to enter
anything
On Tue, May 5, 2015 at 2:34 PM, Alon Bar-Lev alo...@redhat.com wrote:
I beginning to understand... although I cannot figure out how login works
while search not.
Anyway, try to add this to your profile:
sequence-init.init.900-local-init-vars = local-init-vars
sequence.local-init-vars.010.description = override name space
sequence.local-init-vars.010.type = var-set
sequence.local-init-vars.010.var-set.variable = simple_namespaceDefault
sequence.local-init-vars.010.var-set.value =
cn=users,cn=accounts,dc=corp,dc=ft,dc=com
sequence.local-init-vars.020.description = apply filter to users
sequence.local-init-vars.020.type = var-set
sequence.local-init-vars.020.var-set.variable = simple_filterUserObject
sequence.local-init-vars.020.var-set.value =
${seq:simple_filterUserObject}(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)
sequence.local-init-vars.030.description = apply filter to groups
sequence.local-init-vars.030.type = var-set
sequence.local-init-vars.030.var-set.variable = simple_filterGroupObject
sequence.local-init-vars.030.var-set.value =
${seq:simple_filterGroupObject}(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)
- Original Message -
From: David Smith dsm...@mypchelp.com
To: Alon Bar-Lev alo...@redhat.com
Cc: users users@ovirt.org
Sent: Wednesday, May 6, 2015 12:17:59 AM
Subject: Re: [ovirt-users] AAA LDAP Authentication
I can log into ovirt, I can see the profile, it doesn't throw any errors.
However, it doesn't display any users. This is because the automatic
rootDN
is wrong.
oVirt shows Namespace: dc=corp, dc=ft, dc=com if this is the search
base
it actually needs to be cn=users, cn=accounts, dc=corp, dc=ft, dc=com
Hence my desire to configure rootDN
Then, I also want to filter based on the above (sorry the traffic part
was
a comment from testlink, the line should be)
'(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)';
That filter is was makes sure the results only show users in the specific
group I want to give access to.
Thanks,
David
On Tue, May 5, 2015 at 2:08 PM, Alon Bar-Lev alo...@redhat.com wrote:
Hi,
So your configuration is working, just you want to filter users?
I do not follow what organization filter is.
'(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; //
e.g.
'(organizationname=*Traffic)'
It looks to me that you want to narrow the results based on specific
attribute value.
But first you should confirm that all is working for you, only then we
can
start customize the provider to meet your special needs.
Thanks,
Alon.
- Original Message -
From: David Smith dsm...@mypchelp.com
To: Alon Bar-Lev alo...@redhat.com
Cc: users users@ovirt.org
Sent: Wednesday, May 6, 2015 12:01:28 AM
Subject: Re: [ovirt-users] AAA LDAP Authentication
Hi Alon,
Thanks for the quick reply.
openldap works fine; I use it with testlink (as shown in the example
config). We're not using active directory; Just LDAP. The example
config
I
provided is fully inclusive of all configuration required for
testlink
to
use LDAP, I also have jenkins and mantis configured using the same
parameters (although their terminology on where to enter the
parameters
is
varied, they use all the same information)
The rootDSE is being determined automatically; however for my use
it's
wrong and needs to be provided manually. Again, I have no control
over
this. It's a company-wide configuration that won't be changed just
for
me.
How would I be able to specify the organization filter line if I
added
some
other include directive of whatever driver? I don't even understand
what
you're saying, exactly. Not all ovirt users/managers are programming
experts.
I use LDAPS because thats what my company supports. StartTLS is NOT
supported (as I stated). Silly on their part, right?
Thanks,
David
On Tue, May 5, 2015 at 1:18 PM, Alon Bar-Lev alo...@redhat.com
wrote:
Hello,
Resources includes sysadmin documentation[1], integrator
documentation[2],
overview[3], examples[4].
You did not specify what LDAP vendor it is.
I can guess your directory is Active Directory, hence all you need
to
do
is follow the QUICK START[5].
The rootDSE is determined automatically, all you need is to
provide a
valid user
Re: [ovirt-users] oVirt 3.5 -- Domain questions
welp there weren't any responses, but i was able to figure it out anyway. For the master and secondary domain issue; it's as easy as moving all the VMs you want off the master, then detaching it, the second domain becomes the new master automatically. For the Cluster A to B move; I shut down all the VMs, created a temporary secondary data domain (with no data), then was able to put the master into maintenance mode, detach it, and the temporary secondary data domain became the new master. I then attached Cluster A's old master domain to Cluster B, and was able to bring up all the VMs immediately. This whole process took less than an hour, mostly because I spent time poking at stuff, but realistically took just 15 mins. I also learned a lot about moving VMs to a new NFS, first step being copy all the templates and for thin clients their referenced disks to the new NFS, then shut down the VMs and move their disks. All real easy through the UI. On Fri, Apr 17, 2015 at 10:00 AM, David Smith dsm...@mypchelp.com wrote: FWIW I've done lots of goog searches and came up with a lot of old info, so I thought I'd ask here for the latest before going down the wrong path. Two issues here; running 3.5 First issue; On one domain, I have a master and secondary data domain. Eventually I want to move everything from the master to secondary, and promote the secondary data domain to master, and retire the current master. Whats the best process for this? Second issue; I have two clusters, for now we'll call them A and B Cluster A has a master data domain that I want to effectively shut down (turn all VMs off, shut down the domain) --- can I then reattach that domain as a secondary to Cluster B and reactivate the VMs? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] oVirt 3.5 -- Domain questions
FWIW I've done lots of goog searches and came up with a lot of old info, so I thought I'd ask here for the latest before going down the wrong path. Two issues here; running 3.5 First issue; On one domain, I have a master and secondary data domain. Eventually I want to move everything from the master to secondary, and promote the secondary data domain to master, and retire the current master. Whats the best process for this? Second issue; I have two clusters, for now we'll call them A and B Cluster A has a master data domain that I want to effectively shut down (turn all VMs off, shut down the domain) --- can I then reattach that domain as a secondary to Cluster B and reactivate the VMs? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Directly connect NIC or other cards to VM?
Is there a way to directly connect a specific device (ie, NIC) to a particular VM? I've figured out how to map a specific network interface to a VM, thats one step, but in the end I may need direct access to the PCI device itself. Second to that, for network interfaces mapped to a particular VM, is there a way for the VM to be able to properly detect physical link state of that interface? Right now that's a 'configurable option' inside network interface settings on the VM in the manager (ie, plugged, not plugged, and link state up /down) Thanks, David ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Directly connect NIC or other cards to VM?
I do physical layer testing of ethernet switches. I want to virtualize the test servers for scalability, reliability, and a VM solution allows easy change of system configuration. The bottom line is that testing often requires opening the network port in promiscuous mode to sniff traffic, many tests need to be able to use ethtool to view network properties (speed, duplex, link state, etc) and to set properties (auto-neg, forced speed, duplex, link state, etc). We use TOE cards which also allow offloading data from the CPU to the card allowing higher throughput, some tests we use this to send ~1Gbps traffic and monitor the data rate. So there are multiple scenarios, the main one being the ability to see and set physical layer properties, the other being able to offload traffic for maximum throughput. The latter can possibly be accomplished through OS layer drivers on the hypervisor but the former requires better driver access than what i currently see in the VM. On Fri, Feb 13, 2015 at 7:25 AM, Martin PavlĂk mpav...@redhat.com wrote: Hi David, maybe if you gave us a little bit more of the big picture we can find some way. What is the the reason for the actions you take? What are you trying to achieve? Martin On 13 Feb 2015, at 15:09, Dan Yasny dya...@gmail.com wrote: Still easy enough to do with vdsm-hooks -- Dan On Thu, Feb 12, 2015 at 6:28 PM, David Smith dsm...@mypchelp.com wrote: Is there a way to directly connect a specific device (ie, NIC) to a particular VM? I've figured out how to map a specific network interface to a VM, thats one step, but in the end I may need direct access to the PCI device itself. Second to that, for network interfaces mapped to a particular VM, is there a way for the VM to be able to properly detect physical link state of that interface? Right now that's a 'configurable option' inside network interface settings on the VM in the manager (ie, plugged, not plugged, and link state up /down) Thanks, David ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] help, manager hard drive died (3.3.4)
Hey Bob, Get this.. So this process worked great for one of the nfs servers, however, we had two nfs servers. One was a primary data center (master) and the other non-master. When I try to import the non-master data directory with the metadata file edit method, it imports but then shows no VMs/templates/etc available for import. On the other hand, when i activate the master data center nfs filesystem, i can see VMs that were stored on the non-master NFS, if I try to import them, it blows an error, the files aren't there, and I look at the log on the hv manager and I see the folder that it's looking for which is on the non-master NFS. Right now I'm trying to copy the folders over from the non-master nfs to the imported master data (now export domain) to see if I can import those VMs. I wonder if there's a better way to import VMs from a non-master domain. On Thu, May 22, 2014 at 12:17 PM, Bob Doolittle b...@doolittle.us.comwrote: On 05/22/2014 03:08 PM, David Smith wrote: I meant ovirt-engine (i was calling it the manager) also i'll need to reinstall version 3.3.4, whats the best path for that w/restore? One thing, if all else fails, is to convert your Export Domain to a Data Domain with a few edits to the metadata. Then install a fresh engine and import your old VMs. Personally, I'd install the same version as you had previously, then make sure you can attach your new Export domain (old Data domain), then upgrade. Some guides for conversion are in this thread: http://lists.ovirt.org/pipermail/users/2012-October/010258.html http://lists.ovirt.org/pipermail/users/2012-November/010273.html Note that's from a while ago. I am not sure it still works exactly the same. Make sure to backup your metadata file first. I did something a bit similar earlier today, by editing the metadata on an Export domain to remove information about the previously-attached Data Center. -Bob On Thu, May 22, 2014 at 11:58 AM, David Smith dsm...@mypchelp.comwrote: So the ovirt manager hard disk died, 3.3.4 version, i can't get it to spin up to get any data off. I have an old copy of the manager database which was living on the manager machine. What is the best procedure for restoring my ovirt setup? I've not been able to import the data store, only export and iso in the past. Thanks in advance, David ___ Users mailing listUsers@ovirt.orghttp://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] help, manager hard drive died (3.3.4)
Hey Bob, Yea my method worked. I was able to copy the non-master data center VM data into the images folder on the master data center (now export domain) and import everything. This would have been tragic if there wasn't the hard disk space, would have required lots of big data shuffling. I've split the data center model so now we have two clusters with two masters, and will avoid using a non-master data center entirely due to this issue. The good news is it looks like we didn't lose any data. On Fri, May 23, 2014 at 3:56 AM, Bob Doolittle b...@doolittle.us.com wrote: If you read the whole thread I referenced it says the conversion only works for Master. It does not say how to handle non-Master. Good luck. -Bob On May 23, 2014 2:48 AM, David Smith dsm...@mypchelp.com wrote: Hey Bob, Get this.. So this process worked great for one of the nfs servers, however, we had two nfs servers. One was a primary data center (master) and the other non-master. When I try to import the non-master data directory with the metadata file edit method, it imports but then shows no VMs/templates/etc available for import. On the other hand, when i activate the master data center nfs filesystem, i can see VMs that were stored on the non-master NFS, if I try to import them, it blows an error, the files aren't there, and I look at the log on the hv manager and I see the folder that it's looking for which is on the non-master NFS. Right now I'm trying to copy the folders over from the non-master nfs to the imported master data (now export domain) to see if I can import those VMs. I wonder if there's a better way to import VMs from a non-master domain. On Thu, May 22, 2014 at 12:17 PM, Bob Doolittle b...@doolittle.us.comwrote: On 05/22/2014 03:08 PM, David Smith wrote: I meant ovirt-engine (i was calling it the manager) also i'll need to reinstall version 3.3.4, whats the best path for that w/restore? One thing, if all else fails, is to convert your Export Domain to a Data Domain with a few edits to the metadata. Then install a fresh engine and import your old VMs. Personally, I'd install the same version as you had previously, then make sure you can attach your new Export domain (old Data domain), then upgrade. Some guides for conversion are in this thread: http://lists.ovirt.org/pipermail/users/2012-October/010258.html http://lists.ovirt.org/pipermail/users/2012-November/010273.html Note that's from a while ago. I am not sure it still works exactly the same. Make sure to backup your metadata file first. I did something a bit similar earlier today, by editing the metadata on an Export domain to remove information about the previously-attached Data Center. -Bob On Thu, May 22, 2014 at 11:58 AM, David Smith dsm...@mypchelp.comwrote: So the ovirt manager hard disk died, 3.3.4 version, i can't get it to spin up to get any data off. I have an old copy of the manager database which was living on the manager machine. What is the best procedure for restoring my ovirt setup? I've not been able to import the data store, only export and iso in the past. Thanks in advance, David ___ Users mailing listUsers@ovirt.orghttp://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] help, manager hard drive died (3.3.4)
So the ovirt manager hard disk died, 3.3.4 version, i can't get it to spin up to get any data off. I have an old copy of the manager database which was living on the manager machine. What is the best procedure for restoring my ovirt setup? I've not been able to import the data store, only export and iso in the past. Thanks in advance, David ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] help, manager hard drive died (3.3.4)
I meant ovirt-engine (i was calling it the manager) also i'll need to reinstall version 3.3.4, whats the best path for that w/restore? On Thu, May 22, 2014 at 11:58 AM, David Smith dsm...@mypchelp.com wrote: So the ovirt manager hard disk died, 3.3.4 version, i can't get it to spin up to get any data off. I have an old copy of the manager database which was living on the manager machine. What is the best procedure for restoring my ovirt setup? I've not been able to import the data store, only export and iso in the past. Thanks in advance, David ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] help, manager hard drive died (3.3.4)
Thanks Bob, I had already gone through this path once early in my ovirt lifetime and didn't get it working, I was able to make it happen this time. Thanks. I was hoping for some other method, but this will work, it's going to be slow-going to get everything online this way since we have to re-import everything which essentially copies it all. And with only 1 export domain allowed at a time, and 3 nfs machines, i'm going to have to do them in sequence.. urgghhh On Thu, May 22, 2014 at 12:17 PM, Bob Doolittle b...@doolittle.us.comwrote: On 05/22/2014 03:08 PM, David Smith wrote: I meant ovirt-engine (i was calling it the manager) also i'll need to reinstall version 3.3.4, whats the best path for that w/restore? One thing, if all else fails, is to convert your Export Domain to a Data Domain with a few edits to the metadata. Then install a fresh engine and import your old VMs. Personally, I'd install the same version as you had previously, then make sure you can attach your new Export domain (old Data domain), then upgrade. Some guides for conversion are in this thread: http://lists.ovirt.org/pipermail/users/2012-October/010258.html http://lists.ovirt.org/pipermail/users/2012-November/010273.html Note that's from a while ago. I am not sure it still works exactly the same. Make sure to backup your metadata file first. I did something a bit similar earlier today, by editing the metadata on an Export domain to remove information about the previously-attached Data Center. -Bob On Thu, May 22, 2014 at 11:58 AM, David Smith dsm...@mypchelp.comwrote: So the ovirt manager hard disk died, 3.3.4 version, i can't get it to spin up to get any data off. I have an old copy of the manager database which was living on the manager machine. What is the best procedure for restoring my ovirt setup? I've not been able to import the data store, only export and iso in the past. Thanks in advance, David ___ Users mailing listUsers@ovirt.orghttp://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [Users] Instructions to add a remote controlled power strip not in the native list?
Hi Marek, Thanks for the info. Whats the official channel? On Wed, Apr 16, 2014 at 1:57 AM, Marek Grac mg...@redhat.com wrote: On 04/14/2014 06:31 PM, David Smith wrote: Wow really? You can't take work from outside your QA group despite having confirmation of it working from a QA Professional who implemented it and is currently using all the changes in his own lab? If this is an absolute must, I'm sure I can arrange to give someone external access to one of these devices, but it won't be without *additional* significant effort on my part. Let me know what I can do to help resolve this. For upstream it is not a problem but for RHEL accepting it will mean that we will support this for X years (X 10) for every customer. I'm developer, so I'm not the one who decides what should be included - please use the official channel, so it will be read by right people. m, ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [Users] Instructions to add a remote controlled power strip not in the native list?
Wow really? You can't take work from outside your QA group despite having confirmation of it working from a QA Professional who implemented it and is currently using all the changes in his own lab? If this is an absolute must, I'm sure I can arrange to give someone external access to one of these devices, but it won't be without *additional* significant effort on my part. Let me know what I can do to help resolve this. David On Tue, Apr 8, 2014 at 10:10 AM, Marek Grac mg...@redhat.com wrote: On 04/08/2014 05:17 PM, Itamar Heim wrote: we still can't distinguish at feature level by hypervisor support. so adding this to engine will fail for any .el6 distro, until/if this is added to rhel 6.6, etc. [internal] Support for Raritan will not be added to rhel6.6/rhel7 until our QA will have access to this device for testing (or partner will test it for us). We do not have such criteria for upstream. m, Eli [Bug 519731] Fencing Agent for Raritan devices Inbox x bugzi...@redhat.com 5:32 AM (3 hours ago) to me https://bugzilla.redhat.com/show_bug.cgi?id=519731 --- Comment #23 from Marek Grac mg...@redhat.com --- Support for Raritan is now part of upstream release - 4.0.8 On Mon, Feb 17, 2014 at 5:43 AM, Itamar Heim ih...@redhat.com wrote: On 02/17/2014 03:31 PM, Marek Grac wrote: On 02/17/2014 09:45 AM, Eli Mesika wrote: - Original Message - From: Yedidyah Bar David d...@redhat.com To: Itamar Heim ih...@redhat.com Cc: users@ovirt.org Sent: Sunday, February 16, 2014 2:58:35 PM Subject: Re: [Users] Instructions to add a remote controlled power strip not in the native list? - Original Message - From: Itamar Heim ih...@redhat.com To: David Smith dsm...@mypchelp.com, users@ovirt.org Sent: Saturday, February 15, 2014 2:57:00 AM Subject: Re: [Users] Instructions to add a remote controlled power strip not in the native list? On 02/14/2014 07:37 PM, David Smith wrote: We use Raritan / Dominion PX remote power blocks, is there a way to easily add support for these? CCing Marek on that in case that he had something to add from the fence-agents view since it may be already supported implicitly (like drac7 that is using actually ipmilan) No, Raritan are not supported yet (rhbz#519731) so david, if you can try to push the raritan support to fence-agents, the ovirt side is usually just a config change. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [Users] Instructions to add a remote controlled power strip not in the native list?
Here they are Eli; option_value='apc:secure=secure,port=ipport,slot=port;apc_snmp:port=port;bladecenter:secure=secure,port=ipport,slot=port;cisco_ucs:secure=ssl,slot=port;drac5:secure=secure,slot=port;eps:slot=port;ilo:secure=ssl,port=ipport;ipmilan:;ilo2:secure=ssl,port=ipport;ilo3:;ilo4:;rsa:secure=secure,port=ipport;rsb:;wti:secure=secure,port=ipport,slot=port;raritan:slot=port' option_value='apc,apc_snmp,bladecenter,cisco_ucs,drac5,eps,ilo,ilo2,ilo3,ilo4,ipmilan,rsa,rsb,wti,raritan' On Tue, Apr 8, 2014 at 6:48 AM, Eli Mesika emes...@redhat.com wrote: - Original Message - From: David Smith dsm...@mypchelp.com To: Itamar Heim ih...@redhat.com Cc: Marek Grac mg...@redhat.com, Eli Mesika emes...@redhat.com, users users@ovirt.org Sent: Monday, April 7, 2014 7:24:35 PM Subject: Re: [Users] Instructions to add a remote controlled power strip not in the native list? Hi Itamar, Looks like the Raritan support has been added to upstream release in fence-agents, hopefully we can get this into oVirt next. Good news :-) Can you please share the final changes you had made to the DB vdc_config entries to get this work? Thanks Eli [Bug 519731] Fencing Agent for Raritan devices Inbox x bugzi...@redhat.com 5:32 AM (3 hours ago) to me https://bugzilla.redhat.com/show_bug.cgi?id=519731 --- Comment #23 from Marek Grac mg...@redhat.com --- Support for Raritan is now part of upstream release - 4.0.8 On Mon, Feb 17, 2014 at 5:43 AM, Itamar Heim ih...@redhat.com wrote: On 02/17/2014 03:31 PM, Marek Grac wrote: On 02/17/2014 09:45 AM, Eli Mesika wrote: - Original Message - From: Yedidyah Bar David d...@redhat.com To: Itamar Heim ih...@redhat.com Cc: users@ovirt.org Sent: Sunday, February 16, 2014 2:58:35 PM Subject: Re: [Users] Instructions to add a remote controlled power strip not in the native list? - Original Message - From: Itamar Heim ih...@redhat.com To: David Smith dsm...@mypchelp.com, users@ovirt.org Sent: Saturday, February 15, 2014 2:57:00 AM Subject: Re: [Users] Instructions to add a remote controlled power strip not in the native list? On 02/14/2014 07:37 PM, David Smith wrote: We use Raritan / Dominion PX remote power blocks, is there a way to easily add support for these? CCing Marek on that in case that he had something to add from the fence-agents view since it may be already supported implicitly (like drac7 that is using actually ipmilan) No, Raritan are not supported yet (rhbz#519731) so david, if you can try to push the raritan support to fence-agents, the ovirt side is usually just a config change. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Instructions to add a remote controlled power strip not in the native list?
Hi Itamar, Looks like the Raritan support has been added to upstream release in fence-agents, hopefully we can get this into oVirt next. [Bug 519731] Fencing Agent for Raritan devices Inbox x bugzi...@redhat.com 5:32 AM (3 hours ago) to me https://bugzilla.redhat.com/show_bug.cgi?id=519731 --- Comment #23 from Marek Grac mg...@redhat.com --- Support for Raritan is now part of upstream release - 4.0.8 On Mon, Feb 17, 2014 at 5:43 AM, Itamar Heim ih...@redhat.com wrote: On 02/17/2014 03:31 PM, Marek Grac wrote: On 02/17/2014 09:45 AM, Eli Mesika wrote: - Original Message - From: Yedidyah Bar David d...@redhat.com To: Itamar Heim ih...@redhat.com Cc: users@ovirt.org Sent: Sunday, February 16, 2014 2:58:35 PM Subject: Re: [Users] Instructions to add a remote controlled power strip not in the native list? - Original Message - From: Itamar Heim ih...@redhat.com To: David Smith dsm...@mypchelp.com, users@ovirt.org Sent: Saturday, February 15, 2014 2:57:00 AM Subject: Re: [Users] Instructions to add a remote controlled power strip not in the native list? On 02/14/2014 07:37 PM, David Smith wrote: We use Raritan / Dominion PX remote power blocks, is there a way to easily add support for these? CCing Marek on that in case that he had something to add from the fence-agents view since it may be already supported implicitly (like drac7 that is using actually ipmilan) No, Raritan are not supported yet (rhbz#519731) so david, if you can try to push the raritan support to fence-agents, the ovirt side is usually just a config change. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Instructions to add a remote controlled power strip not in the native list?
Ok, well I hope the latest submission I sent in to the fence-agents group gets approved and can get added in sooner than later. In any case, I've got everything up and running now :-) On Wed, Mar 26, 2014 at 1:34 AM, Marek Grac mg...@redhat.com wrote: On 03/25/2014 07:37 PM, David Smith wrote: Unfortunately it looks like fencing.py is where the legacy --option was translated to --action. I believe ovirt calls fencing.py as a proxy to execute fence_raritan? The version of fence-agents I pulled from git has the backwards compatibility removed; https://lists.fedorahosted.org/pipermail/cluster-commits/ 2013-February/003090.html So if I added support for it in fence_raritan I'm not sure it would work (I can try) but also the fence-agents guys probably wouldn't take the submission to have it added to future code. Those legacy options where completely removed from v4.0 - there is an another branch v3.9.x which is based on new code but with all legacy options, it is possible that it will be one day ported to RHEL6 but it is not a priority right now. m, ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Instructions to add a remote controlled power strip not in the native list?
Hehe. Apparently not, unless I pulled an old copy of fence-agents somehow direct from git? I used the master branch too. On Tue, Mar 25, 2014 at 2:46 AM, Eli Mesika emes...@redhat.com wrote: - Original Message - From: David Smith dsm...@mypchelp.com To: Eli Mesika emes...@redhat.com Cc: Marek Grac mg...@redhat.com, users users@ovirt.org, Yedidyah Bar David d...@redhat.com Sent: Tuesday, March 25, 2014 3:04:53 AM Subject: Re: [Users] Instructions to add a remote controlled power strip not in the native list? All right, serious progress. Thanks to all for your nudges in the right direction. I've managed to get my ovirt to recognize and use the agent. I have a new problem however I get this message when the fence_raritan agent is run: Ignoring unknown option 'option=status' fence So it appears that my fence_raritan agent is being sent --option instead of --action Since the default behavior is reboot (fence_raritan expects --action= not --option=) the systems reboot every time a status request is sent :( hehe Related:? https://bugzilla.redhat.com/show_bug.cgi?id=987446 I'm not using concurrent Not related So the question is, does anyone here know what the best course of action to resolve this issue is? My host machines are running centos 6.5. Is this problem within a fencing package, ovirt, or other? AFAIK this is related to http://gerrit.ovirt.org/#/c/24343/ which changed --option to --action danken ? I tried to set option=action in the engine database, but it appears theres probably only a few (3?) mappings possible there, unless I'm wrong and there are more? This is what I've changed for now, using 3.3 cluster; UPDATE vdc_options SET option_value='apc:secure=secure,port=ipport,slot=port;apc_snmp:port=port;bladecenter:secure=secure,port=ipport,slot=port;cisco_ucs:secure=ssl,slot=port;drac5:secure=secure,slot=port;eps:slot=port;ilo:secure=ssl,port=ipport;ipmilan:;ilo2:secure=ssl,port=ipport;ilo3:;ilo4:;rsa:secure=secure,port=ipport;rsb:;wti:secure=secure,port=ipport,slot=port;raritan:slot=port,port=ipport;' where option_id=389; UPDATE vdc_options SET option_value='apc,apc_snmp,bladecenter,cisco_ucs,drac5,eps,ilo,ilo2,ilo3,ilo4,ipmilan,rsa,rsb,wti,raritan' where option_id=395; On Mon, Mar 24, 2014 at 2:07 PM, Eli Mesika emes...@redhat.com wrote: - Original Message - From: David Smith dsm...@mypchelp.com To: Eli Mesika emes...@redhat.com Cc: Marek Grac mg...@redhat.com, users users@ovirt.org, Yedidyah Bar David d...@redhat.com Sent: Friday, March 21, 2014 4:33:17 PM Subject: Re: [Users] Instructions to add a remote controlled power strip not in the native list? Hey guys, I submitted an initial agent for raritan to the fence-agents group, however I have a feeling after experimenting with the ipmilan agent that my agent won't work with oVirt; Can you please elaborate on that ? what will not work and why this is related to the ipmilan card ? Is the command set for each agent determined by the oVirt database itself, in other words, when I add the agent the abilities are then added? Please see http://www.ovirt.org/Custom_Fencing for the exact set of fields in database involved in that. If you are implementing raritan PM agent , you should have fence_raritan in /usr/sbin of the host that is selected as a proxy for the fencing operation, you should also make sure that this script has similar permissions as other scripts bundled with the fence-agents RPM For example the agent I submitted only has support for connectivity settings and power on/off/reboot as well as some delays. Also currently it requires that the port be specified as a path ie /system1/outlet1 Will this work as an outlet path? You can try to put that in the options field in the UI for the PM agent definition , i.e port=/system1/outlet1 Minimum commands required to work? Not sure I go you here , please elaborate/explain Thanks ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Instructions to add a remote controlled power strip not in the native list?
oh I see, since I have the latest fence, that's where option is now missing, got it.. just a minor tweak to api.py ;) On Tue, Mar 25, 2014 at 8:25 AM, David Smith dsm...@mypchelp.com wrote: Hehe. Apparently not, unless I pulled an old copy of fence-agents somehow direct from git? I used the master branch too. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Instructions to add a remote controlled power strip not in the native list?
Eli, I changed the line in API.py and ran py_compile to obtain API.pyc and pyo files, copied them to all hypervisors, and I'm still getting option=status.. Did I miss something else? Thread-199071::DEBUG::2014-03-25 10:28:10,587::API::1110::vds::(fenceNode) fenceNode(addr=10.105.128.25,port=,agent=raritan,user=admin,passwd=,action=s tatus,secure=,options=port=/system1/outlet6) Thread-199071::DEBUG::2014-03-25 10:28:13,104::API::1136::vds::(fenceNode) rc 0 in agent=fence_raritan ipaddr=10.105.128.25 login=admin option=status passwd= port=/system1/outlet6 out Success: Rebooted err Parse error: Ignoring unknown option 'option=status' Looks like in the first command the option was indeed changed to action=status but the return status showed option=status was used? On Tue, Mar 25, 2014 at 2:46 AM, Eli Mesika emes...@redhat.com wrote: - Original Message - From: David Smith dsm...@mypchelp.com To: Eli Mesika emes...@redhat.com Cc: Marek Grac mg...@redhat.com, users users@ovirt.org, Yedidyah Bar David d...@redhat.com Sent: Tuesday, March 25, 2014 3:04:53 AM Subject: Re: [Users] Instructions to add a remote controlled power strip not in the native list? All right, serious progress. Thanks to all for your nudges in the right direction. I've managed to get my ovirt to recognize and use the agent. I have a new problem however I get this message when the fence_raritan agent is run: Ignoring unknown option 'option=status' fence So it appears that my fence_raritan agent is being sent --option instead of --action Since the default behavior is reboot (fence_raritan expects --action= not --option=) the systems reboot every time a status request is sent :( hehe Related:? https://bugzilla.redhat.com/show_bug.cgi?id=987446 I'm not using concurrent Not related So the question is, does anyone here know what the best course of action to resolve this issue is? My host machines are running centos 6.5. Is this problem within a fencing package, ovirt, or other? AFAIK this is related to http://gerrit.ovirt.org/#/c/24343/ which changed --option to --action danken ? I tried to set option=action in the engine database, but it appears theres probably only a few (3?) mappings possible there, unless I'm wrong and there are more? This is what I've changed for now, using 3.3 cluster; UPDATE vdc_options SET option_value='apc:secure=secure,port=ipport,slot=port;apc_snmp:port=port;bladecenter:secure=secure,port=ipport,slot=port;cisco_ucs:secure=ssl,slot=port;drac5:secure=secure,slot=port;eps:slot=port;ilo:secure=ssl,port=ipport;ipmilan:;ilo2:secure=ssl,port=ipport;ilo3:;ilo4:;rsa:secure=secure,port=ipport;rsb:;wti:secure=secure,port=ipport,slot=port;raritan:slot=port,port=ipport;' where option_id=389; UPDATE vdc_options SET option_value='apc,apc_snmp,bladecenter,cisco_ucs,drac5,eps,ilo,ilo2,ilo3,ilo4,ipmilan,rsa,rsb,wti,raritan' where option_id=395; On Mon, Mar 24, 2014 at 2:07 PM, Eli Mesika emes...@redhat.com wrote: - Original Message - From: David Smith dsm...@mypchelp.com To: Eli Mesika emes...@redhat.com Cc: Marek Grac mg...@redhat.com, users users@ovirt.org, Yedidyah Bar David d...@redhat.com Sent: Friday, March 21, 2014 4:33:17 PM Subject: Re: [Users] Instructions to add a remote controlled power strip not in the native list? Hey guys, I submitted an initial agent for raritan to the fence-agents group, however I have a feeling after experimenting with the ipmilan agent that my agent won't work with oVirt; Can you please elaborate on that ? what will not work and why this is related to the ipmilan card ? Is the command set for each agent determined by the oVirt database itself, in other words, when I add the agent the abilities are then added? Please see http://www.ovirt.org/Custom_Fencing for the exact set of fields in database involved in that. If you are implementing raritan PM agent , you should have fence_raritan in /usr/sbin of the host that is selected as a proxy for the fencing operation, you should also make sure that this script has similar permissions as other scripts bundled with the fence-agents RPM For example the agent I submitted only has support for connectivity settings and power on/off/reboot as well as some delays. Also currently it requires that the port be specified as a path ie /system1/outlet1 Will this work as an outlet path? You can try to put that in the options field in the UI for the PM agent definition , i.e port=/system1/outlet1 Minimum commands required to work? Not sure I go you here , please elaborate/explain Thanks ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Instructions to add a remote controlled power strip not in the native list?
Yes, they don't have support for raritan. I'm working on getting the fence-agents guys to accept my new code, however, I'm also testing it by getting it working into oVirt 3.3 (since that's what I've got installed and working) Thanks! On Tue, Mar 25, 2014 at 10:28 AM, Dan Kenigsberg dan...@redhat.com wrote: On Tue, Mar 25, 2014 at 09:00:42AM -0700, David Smith wrote: oh I see, since I have the latest fence, that's where option is now missing, got it.. just a minor tweak to api.py ;) On Tue, Mar 25, 2014 at 8:25 AM, David Smith dsm...@mypchelp.com wrote: Hehe. Apparently not, unless I pulled an old copy of fence-agents somehow direct from git? I used the master branch too. Is there any reason for you not to use the pre-packaged fence-agents? I am not very happy about intoducing non-necessary changes to old stable branches like ovirt-3.3. To do this, I'd need a BZ opened, explaining why this is actually a good thing. Regards, Dan. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Instructions to add a remote controlled power strip not in the native list?
I created fence_raritan. Unfortunately it looks like fencing.py is where the legacy --option was translated to --action. I believe ovirt calls fencing.py as a proxy to execute fence_raritan? The version of fence-agents I pulled from git has the backwards compatibility removed; https://lists.fedorahosted.org/pipermail/cluster-commits/2013-February/003090.html So if I added support for it in fence_raritan I'm not sure it would work (I can try) but also the fence-agents guys probably wouldn't take the submission to have it added to future code. I edited API.py as in http://gerrit.ovirt.org/#/c/26075/ and re-compiled API.py to pyc and pyo files and copied to all my hosts, yet I'm still getting an error, so I'm wondering if that change is incomplete or I missed some other step to make this actually work. It's really a bummer especially since the default behavior with no action is reboot ;) *Thread-199071::DEBUG::2014-03-25 10:28:10,587::API::1110::vds::(fenceNode) fenceNode(addr=10.105.128.25,port=,agent=raritan,user=admin,passwd=,action=status,secure=,options=port=/system1/outlet6)* *Thread-199071::DEBUG::2014-03-25 10:28:13,104::API::1136::vds::(fenceNode) rc 0 in agent=fence_raritan* *ipaddr=10.105.128.25* *login=admin* *option=status* *passwd=* *port=/system1/outlet6 out Success: Rebooted* * err Parse error: Ignoring unknown option 'option=status'* On Tue, Mar 25, 2014 at 6:28 AM, Dan Kenigsberg dan...@redhat.com wrote: On Tue, Mar 25, 2014 at 05:46:58AM -0400, Eli Mesika wrote: AFAIK this is related to http://gerrit.ovirt.org/#/c/24343/ which changed --option to --action danken ? I smells very much related. Where is fence_raritan comming from? Could you have the el6 version of it support the legacy --option name? If not, we could consider taking http://gerrit.ovirt.org/#/c/26075/. Dan. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Instructions to add a remote controlled power strip not in the native list?
Crap, didn't realize I just had to restart vdsm for the new API.py to take effect. Anyway I edited fencing.py and added back the compatibility code, and its all working for now. I'm going to work on touch up changes on fence_raritan so that we can get it submitted into the next release hopefully, all of these other hacks will become moot at that time. On Tue, Mar 25, 2014 at 2:08 PM, Dan Kenigsberg dan...@redhat.com wrote: On Tue, Mar 25, 2014 at 11:37:13AM -0700, David Smith wrote: I created fence_raritan. Unfortunately it looks like fencing.py is where the legacy --option was translated to --action. I believe ovirt calls fencing.py as a proxy to execute fence_raritan? The version of fence-agents I pulled from git has the backwards compatibility removed; https://lists.fedorahosted.org/pipermail/cluster-commits/2013-February/003090.html So if I added support for it in fence_raritan I'm not sure it would work (I can try) but also the fence-agents guys probably wouldn't take the submission to have it added to future code. Indeed - I do not expect upstream fence-agents to accept the legacy option. However, you could backport your own code to el6, and create a fence-agents-raritan rpm from it. I edited API.py as in http://gerrit.ovirt.org/#/c/26075/ and re-compiled API.py to pyc and pyo files and copied to all my hosts, yet I'm still getting an error, so I'm wondering if that change is incomplete or I missed some other step to make this actually work. It's really a bummer especially since the default behavior with no action is reboot ;) I suppose that you have missed something. My don't you place API.py under /usr/share/vdsm ? And make sure you restart vdsmd, to make the new code take effect? *Thread-199071::DEBUG::2014-03-25 10:28:10,587::API::1110::vds::(fenceNode) fenceNode(addr=10.105.128.25,port=,agent=raritan,user=admin,passwd=,action=status,secure=,options=port=/system1/outlet6)* *Thread-199071::DEBUG::2014-03-25 10:28:13,104::API::1136::vds::(fenceNode) rc 0 in agent=fence_raritan* *ipaddr=10.105.128.25* *login=admin* *option=status* *passwd=* *port=/system1/outlet6 out Success: Rebooted* * err Parse error: Ignoring unknown option 'option=status'* On Tue, Mar 25, 2014 at 6:28 AM, Dan Kenigsberg dan...@redhat.com wrote: On Tue, Mar 25, 2014 at 05:46:58AM -0400, Eli Mesika wrote: AFAIK this is related to http://gerrit.ovirt.org/#/c/24343/ which changed --option to --action danken ? I smells very much related. Where is fence_raritan comming from? Could you have the el6 version of it support the legacy --option name? If not, we could consider taking http://gerrit.ovirt.org/#/c/26075/. Dan. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Instructions to add a remote controlled power strip not in the native list?
All right, serious progress. Thanks to all for your nudges in the right direction. I've managed to get my ovirt to recognize and use the agent. I have a new problem however I get this message when the fence_raritan agent is run: Ignoring unknown option 'option=status' fence So it appears that my fence_raritan agent is being sent --option instead of --action Since the default behavior is reboot (fence_raritan expects --action= not --option=) the systems reboot every time a status request is sent :( hehe Related:? https://bugzilla.redhat.com/show_bug.cgi?id=987446 I'm not using concurrent So the question is, does anyone here know what the best course of action to resolve this issue is? My host machines are running centos 6.5. Is this problem within a fencing package, ovirt, or other? I tried to set option=action in the engine database, but it appears theres probably only a few (3?) mappings possible there, unless I'm wrong and there are more? This is what I've changed for now, using 3.3 cluster; UPDATE vdc_options SET option_value='apc:secure=secure,port=ipport,slot=port;apc_snmp:port=port;bladecenter:secure=secure,port=ipport,slot=port;cisco_ucs:secure=ssl,slot=port;drac5:secure=secure,slot=port;eps:slot=port;ilo:secure=ssl,port=ipport;ipmilan:;ilo2:secure=ssl,port=ipport;ilo3:;ilo4:;rsa:secure=secure,port=ipport;rsb:;wti:secure=secure,port=ipport,slot=port;raritan:slot=port,port=ipport;' where option_id=389; UPDATE vdc_options SET option_value='apc,apc_snmp,bladecenter,cisco_ucs,drac5,eps,ilo,ilo2,ilo3,ilo4,ipmilan,rsa,rsb,wti,raritan' where option_id=395; On Mon, Mar 24, 2014 at 2:07 PM, Eli Mesika emes...@redhat.com wrote: - Original Message - From: David Smith dsm...@mypchelp.com To: Eli Mesika emes...@redhat.com Cc: Marek Grac mg...@redhat.com, users users@ovirt.org, Yedidyah Bar David d...@redhat.com Sent: Friday, March 21, 2014 4:33:17 PM Subject: Re: [Users] Instructions to add a remote controlled power strip not in the native list? Hey guys, I submitted an initial agent for raritan to the fence-agents group, however I have a feeling after experimenting with the ipmilan agent that my agent won't work with oVirt; Can you please elaborate on that ? what will not work and why this is related to the ipmilan card ? Is the command set for each agent determined by the oVirt database itself, in other words, when I add the agent the abilities are then added? Please see http://www.ovirt.org/Custom_Fencing for the exact set of fields in database involved in that. If you are implementing raritan PM agent , you should have fence_raritan in /usr/sbin of the host that is selected as a proxy for the fencing operation, you should also make sure that this script has similar permissions as other scripts bundled with the fence-agents RPM For example the agent I submitted only has support for connectivity settings and power on/off/reboot as well as some delays. Also currently it requires that the port be specified as a path ie /system1/outlet1 Will this work as an outlet path? You can try to put that in the options field in the UI for the PM agent definition , i.e port=/system1/outlet1 Minimum commands required to work? Not sure I go you here , please elaborate/explain Thanks ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] proper way to move nfs data storage domain?
oops, replying to all. this is more or less what i did, i had to mess with the metadata file inbetween, remove a line, and edit the hostname and optionally the share name. On Thu, Mar 20, 2014 at 3:33 PM, Trey Dockendorf treyd...@gmail.com wrote: I believe for the iso/exports domain you can export them from the UI Storage tab once they are detached from the data center, then import them from new server. Haven't tested this thoroughly, but before my system was production I had to shift storage domains around due to host renaming. - Trey On Thu, Mar 20, 2014 at 2:51 PM, David Smith dsm...@mypchelp.com wrote: apparently only the data domain path can be edited at this point.. different procedure for iso/exports? On Thu, Mar 20, 2014 at 12:49 PM, David Smith dsm...@mypchelp.com wrote: nevermind, it appears i've figured this out; shut down all VMs put the export and iso storage into maintenance mode put data domain into maintenance mode paths can be edited, in the system - storage tab reenable everything On Thu, Mar 20, 2014 at 12:21 PM, David Smith dsm...@mypchelp.com wrote: Two examples; 1) I need to move the nfs data domain to a new server, whats the best way? 2) I think this applies the same as above, if I need to rename the nfs server hostname, whats the best way? I managed to export/import the export and iso domains and have them up and running on the new server, however, since you can't import a data domain, i'm wondering whats the best method for this. thanks ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Instructions to add a remote controlled power strip not in the native list?
Hey guys, I submitted an initial agent for raritan to the fence-agents group, however I have a feeling after experimenting with the ipmilan agent that my agent won't work with oVirt; Is the command set for each agent determined by the oVirt database itself, in other words, when I add the agent the abilities are then added? For example the agent I submitted only has support for connectivity settings and power on/off/reboot as well as some delays. Also currently it requires that the port be specified as a path ie /system1/outlet1 Will this work as an outlet path? Minimum commands required to work? Thanks ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] proper way to move nfs data storage domain?
Two examples; 1) I need to move the nfs data domain to a new server, whats the best way? 2) I think this applies the same as above, if I need to rename the nfs server hostname, whats the best way? I managed to export/import the export and iso domains and have them up and running on the new server, however, since you can't import a data domain, i'm wondering whats the best method for this. thanks ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] proper way to move nfs data storage domain?
nevermind, it appears i've figured this out; shut down all VMs put the export and iso storage into maintenance mode put data domain into maintenance mode paths can be edited, in the system - storage tab reenable everything On Thu, Mar 20, 2014 at 12:21 PM, David Smith dsm...@mypchelp.com wrote: Two examples; 1) I need to move the nfs data domain to a new server, whats the best way? 2) I think this applies the same as above, if I need to rename the nfs server hostname, whats the best way? I managed to export/import the export and iso domains and have them up and running on the new server, however, since you can't import a data domain, i'm wondering whats the best method for this. thanks ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] proper way to move nfs data storage domain?
apparently only the data domain path can be edited at this point.. different procedure for iso/exports? On Thu, Mar 20, 2014 at 12:49 PM, David Smith dsm...@mypchelp.com wrote: nevermind, it appears i've figured this out; shut down all VMs put the export and iso storage into maintenance mode put data domain into maintenance mode paths can be edited, in the system - storage tab reenable everything On Thu, Mar 20, 2014 at 12:21 PM, David Smith dsm...@mypchelp.com wrote: Two examples; 1) I need to move the nfs data domain to a new server, whats the best way? 2) I think this applies the same as above, if I need to rename the nfs server hostname, whats the best way? I managed to export/import the export and iso domains and have them up and running on the new server, however, since you can't import a data domain, i'm wondering whats the best method for this. thanks ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Instructions to add a remote controlled power strip not in the native list?
Hi again Didi, Thanks for your help, I'll do some digging. Also, the below line made me chuckle. Last time I was on IRC, there were crickets for an entire 8 hour day, not a single response, just a lot of signin/off. ;) Dave On Mon, Mar 17, 2014 at 8:53 AM, Yedidyah Bar David d...@redhat.com wrote: You can also ask on irc for faster help. Best regards, -- Didi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Instructions to add a remote controlled power strip not in the native list?
Hi Marek, that link requires a redhat login.. On Fri, Mar 14, 2014 at 2:56 AM, Marek Grac mg...@redhat.com wrote: On 03/14/2014 10:39 AM, Itamar Heim wrote: On 03/13/2014 07:03 PM, David Smith wrote: hey can someone provide these mysterious instructions or at least point me towards the direction of where this magical list of supported fence-agents units is so I can try to figure it out myself? Perhaps you are looking for this: https://access.redhat.com/site/articles/28601 m, ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Instructions to add a remote controlled power strip not in the native list?
i assumme this is in a database somewhere, you're making assumptions of my
knowledge span of ovirt and the location of these things.
thanks for the help anyway, i'm looking forward to getting this working,
hopefully there's a little more step by step insight somewhere from eli.
On Fri, Mar 14, 2014 at 2:39 AM, Itamar Heim ih...@redhat.com wrote:
On 03/13/2014 07:03 PM, David Smith wrote:
hey can someone provide these mysterious instructions or at least point
me towards the direction of where this magical list of supported
fence-agents units is so I can try to figure it out myself?
that would be eli, already asked for in my previous reply.
until he replies, you can look at the vdc_options table at these values
(they are not available out of the box via the config utility, as they
would be overridden at upgrade):
VdsFenceType
upgrade/pre_upgrade/_config.sql:select fn_db_update_config_value('
VdsFenceType','apc,apc_snmp,bladecenter,cisco_ucs,drac5,
drac7,eps,hpblade,ilo,ilo2,ilo3,ilo4,ipmilan,rsa,rsb,wti','3.4');
VdsFenceOptionMapping
upgrade/pre_upgrade/_config.sql:select fn_db_update_config_value('
VdsFenceOptionMapping','apc:secure=secure,port=ipport,
slot=port;apc_snmp:port=port;bladecenter:secure=secure,
port=ipport,slot=port;cisco_ucs:secure=ssl,slot=port;
drac5:secure=secure,slot=port;drac7:;eps:slot=port;hpblade:
port=port;ilo:secure=ssl,port=ipport;ipmilan:;ilo2:secure=
ssl,port=ipport;ilo3:;ilo4:;rsa:secure=secure,port=ipport;
rsb:;wti:secure=secure,port=ipport,slot=port','3.4');
VdsFenceOptionTypes
upgrade/pre_upgrade/_config.sql:select fn_db_add_config_value('
VdsFenceOptionTypes','secure=bool,port=int,slot=int','general');
On Wed, Mar 12, 2014 at 12:18 AM, Itamar Heim ih...@redhat.com
mailto:ih...@redhat.com wrote:
On 03/11/2014 11:43 PM, David Smith wrote:
I modified, tested, and added via git (also submitted note in
rhbz#519731) support for at least basic power on/off of the
raritan
devices I have (model DPXS12-20)
Now that I have a working fence agent for myself, is it possible
to tell
me how I can make the config change on my engine to add the
support for
the fence agent I created?
yes, you can change the config of the engine to add it - eli can
give more details (hopefully to be wikified later).
one caveat is i don't think we accommodated yet for customizing it,
so it may be overridden when you upgrade the engine.
(Eli, maybe consider changing to osinfo.d/ like format allowing both
our own config and user configs side by side)
to add this by default to engine, we'd need this to be in a released
version of fence-agents.
Thanks.
On Mon, Feb 17, 2014 at 5:43 AM, Itamar Heim ih...@redhat.com
mailto:ih...@redhat.com
mailto:ih...@redhat.com mailto:ih...@redhat.com wrote:
On 02/17/2014 03:31 PM, Marek Grac wrote:
On 02/17/2014 09:45 AM, Eli Mesika wrote:
- Original Message -
From: Yedidyah Bar David d...@redhat.com
mailto:d...@redhat.com
mailto:d...@redhat.com mailto:d...@redhat.com
To: Itamar Heim ih...@redhat.com
mailto:ih...@redhat.com
mailto:ih...@redhat.com
mailto:ih...@redhat.com
Cc: users@ovirt.org mailto:users@ovirt.org
mailto:users@ovirt.org mailto:users@ovirt.org
Sent: Sunday, February 16, 2014 2:58:35 PM
Subject: Re: [Users] Instructions to add a remote
controlled power
strip not in the native list?
- Original Message -
From: Itamar Heim ih...@redhat.com
mailto:ih...@redhat.com
mailto:ih...@redhat.com
mailto:ih...@redhat.com
To: David Smith dsm...@mypchelp.com
mailto:dsm...@mypchelp.com
mailto:dsm...@mypchelp.com
mailto:dsm...@mypchelp.com, users@ovirt.org
mailto:users@ovirt.org
mailto:users@ovirt.org
mailto:users@ovirt.org
Sent: Saturday, February 15, 2014 2:57:00 AM
Subject: Re: [Users] Instructions to add a
remote
controlled power
strip
not in the native list?
On 02/14/2014 07:37 PM, David Smith wrote:
We use Raritan / Dominion PX remote power
blocks, is there a way to
easily add support
Re: [Users] Instructions to add a remote controlled power strip not in the native list?
hey can someone provide these mysterious instructions or at least point me towards the direction of where this magical list of supported fence-agents units is so I can try to figure it out myself? On Wed, Mar 12, 2014 at 12:18 AM, Itamar Heim ih...@redhat.com wrote: On 03/11/2014 11:43 PM, David Smith wrote: I modified, tested, and added via git (also submitted note in rhbz#519731) support for at least basic power on/off of the raritan devices I have (model DPXS12-20) Now that I have a working fence agent for myself, is it possible to tell me how I can make the config change on my engine to add the support for the fence agent I created? yes, you can change the config of the engine to add it - eli can give more details (hopefully to be wikified later). one caveat is i don't think we accommodated yet for customizing it, so it may be overridden when you upgrade the engine. (Eli, maybe consider changing to osinfo.d/ like format allowing both our own config and user configs side by side) to add this by default to engine, we'd need this to be in a released version of fence-agents. Thanks. On Mon, Feb 17, 2014 at 5:43 AM, Itamar Heim ih...@redhat.com mailto:ih...@redhat.com wrote: On 02/17/2014 03:31 PM, Marek Grac wrote: On 02/17/2014 09:45 AM, Eli Mesika wrote: - Original Message - From: Yedidyah Bar David d...@redhat.com mailto:d...@redhat.com To: Itamar Heim ih...@redhat.com mailto:ih...@redhat.com Cc: users@ovirt.org mailto:users@ovirt.org Sent: Sunday, February 16, 2014 2:58:35 PM Subject: Re: [Users] Instructions to add a remote controlled power strip not in the native list? - Original Message - From: Itamar Heim ih...@redhat.com mailto:ih...@redhat.com To: David Smith dsm...@mypchelp.com mailto:dsm...@mypchelp.com, users@ovirt.org mailto:users@ovirt.org Sent: Saturday, February 15, 2014 2:57:00 AM Subject: Re: [Users] Instructions to add a remote controlled power strip not in the native list? On 02/14/2014 07:37 PM, David Smith wrote: We use Raritan / Dominion PX remote power blocks, is there a way to easily add support for these? CCing Marek on that in case that he had something to add from the fence-agents view since it may be already supported implicitly (like drac7 that is using actually ipmilan) No, Raritan are not supported yet (rhbz#519731) so david, if you can try to push the raritan support to fence-agents, the ovirt side is usually just a config change. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Instructions to add a remote controlled power strip not in the native list?
I modified, tested, and added via git (also submitted note in rhbz#519731) support for at least basic power on/off of the raritan devices I have (model DPXS12-20) Now that I have a working fence agent for myself, is it possible to tell me how I can make the config change on my engine to add the support for the fence agent I created? Thanks. On Mon, Feb 17, 2014 at 5:43 AM, Itamar Heim ih...@redhat.com wrote: On 02/17/2014 03:31 PM, Marek Grac wrote: On 02/17/2014 09:45 AM, Eli Mesika wrote: - Original Message - From: Yedidyah Bar David d...@redhat.com To: Itamar Heim ih...@redhat.com Cc: users@ovirt.org Sent: Sunday, February 16, 2014 2:58:35 PM Subject: Re: [Users] Instructions to add a remote controlled power strip not in the native list? - Original Message - From: Itamar Heim ih...@redhat.com To: David Smith dsm...@mypchelp.com, users@ovirt.org Sent: Saturday, February 15, 2014 2:57:00 AM Subject: Re: [Users] Instructions to add a remote controlled power strip not in the native list? On 02/14/2014 07:37 PM, David Smith wrote: We use Raritan / Dominion PX remote power blocks, is there a way to easily add support for these? CCing Marek on that in case that he had something to add from the fence-agents view since it may be already supported implicitly (like drac7 that is using actually ipmilan) No, Raritan are not supported yet (rhbz#519731) so david, if you can try to push the raritan support to fence-agents, the ovirt side is usually just a config change. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] Help required: Selinux disable for ovirt iso image
I apologize if this comes off a little brusque, but there's really a lot of random information out there right now, to the point where i've seen it confuse not only myself but other new installers. Based on the problems I still have, I have a suggestion, and I also need some help. Again, some of this may come off as a bit of a TLDR Rant but if ovirt is to become popular, I believe my experience as a hardware engineer, software/hardware QA director/manager/engineer, may be valuable to this project. Two things keep me from getting this system working for me in a useful manner: #1, and the most important blocker: Disabling or fixing selinux, using ovirt-node-iso-3.0.3-1.1.vdsm.fc19.iso. #2, getting raritan pdu support For issue #1: I've had a lot of people say disable selinux or fix selinux all over this user list and in recent replies. This really isn't fully helpful information. Even stating edit the /etc/selinux/config or use the kernel boot command selinux=0 or read some other doc on the internet. These all apply to full fledged releases, not to the ovirt iso image. The main issue is that SSHD is not being allowed through selinux by default on this image. The right thing to do would be to fix the image and re-release it, and DELETE the broken one that is currently available. However a simple doc explaining how to persist the selinux disable or fix the SSHD problem with selinux would be the easiest solution. Others ran me down the path of edit the selinux file and persist it which didn't work, but gave no productive help on how to make it permanent. Equally I've been told to edit the grub config and add selinux=0 to the kernel, however after attempting this, adding it manually at the grub boot causes the system not to boot, and I haven't found the *right* grub.cfg file to edit and persist to keep the changes. For issue #2: I've hacked up some of the fence-agents scripts and am in the process of attempting to figure out how to compile/set up my own local copy to verify the raritan changes. Ideally the fence-agents folks would add a generic support portion, which I may actually do myself as well, allowing *any* PDU with at least the usual login/password/command/logout sequence to be used. So you see, I'm not totally useless, I'm helping here. Next suggestions: A) Compatibility list B) Cleanup of old project crap For A) For each release, I suggest there be a spreadsheet or simple document that shows which ovirt ISO images are compatible with which manager versions. There could be a wiki where people can add references to bug #s that have been found and links to their solutions. Right now there are ancient docs all over google searches that send people down paths of days of turmoil to no avail. For B) When iso images or other releases are superseded because of blocking, non-operable bugs, they should either be resolved and re-released or a clear path to making them function be documented. Once a re-release is done, the old images should be wiped out or moved to a clearly marked deprecated folder. Thats my 100 cents worth, I really do appreciate the work and effort that goes into this project, it appears to be a wonderful one, I hope to make good use of it, but the initial learning curve is a real deal breaker I'm sure for many others, especially not those willing and able to spend the time hacking at it like I have for the past week. Thanks! ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Help required: Selinux disable for ovirt iso image
side note ,reinstalling the nodes to resolve the selinux issue really isn't a great proposition, its time consuming, an after-the-fact method of editing the grub line and adding selinux=0 or enforcing=0 whichever it may be would be ideal. On Wed, Feb 19, 2014 at 11:05 AM, David Smith dsm...@mypchelp.com wrote: I apologize if this comes off a little brusque, but there's really a lot of random information out there right now, to the point where i've seen it confuse not only myself but other new installers. Based on the problems I still have, I have a suggestion, and I also need some help. Again, some of this may come off as a bit of a TLDR Rant but if ovirt is to become popular, I believe my experience as a hardware engineer, software/hardware QA director/manager/engineer, may be valuable to this project. Two things keep me from getting this system working for me in a useful manner: #1, and the most important blocker: Disabling or fixing selinux, using ovirt-node-iso-3.0.3-1.1.vdsm.fc19.iso. #2, getting raritan pdu support For issue #1: I've had a lot of people say disable selinux or fix selinux all over this user list and in recent replies. This really isn't fully helpful information. Even stating edit the /etc/selinux/config or use the kernel boot command selinux=0 or read some other doc on the internet. These all apply to full fledged releases, not to the ovirt iso image. The main issue is that SSHD is not being allowed through selinux by default on this image. The right thing to do would be to fix the image and re-release it, and DELETE the broken one that is currently available. However a simple doc explaining how to persist the selinux disable or fix the SSHD problem with selinux would be the easiest solution. Others ran me down the path of edit the selinux file and persist it which didn't work, but gave no productive help on how to make it permanent. Equally I've been told to edit the grub config and add selinux=0 to the kernel, however after attempting this, adding it manually at the grub boot causes the system not to boot, and I haven't found the *right* grub.cfg file to edit and persist to keep the changes. For issue #2: I've hacked up some of the fence-agents scripts and am in the process of attempting to figure out how to compile/set up my own local copy to verify the raritan changes. Ideally the fence-agents folks would add a generic support portion, which I may actually do myself as well, allowing *any* PDU with at least the usual login/password/command/logout sequence to be used. So you see, I'm not totally useless, I'm helping here. Next suggestions: A) Compatibility list B) Cleanup of old project crap For A) For each release, I suggest there be a spreadsheet or simple document that shows which ovirt ISO images are compatible with which manager versions. There could be a wiki where people can add references to bug #s that have been found and links to their solutions. Right now there are ancient docs all over google searches that send people down paths of days of turmoil to no avail. For B) When iso images or other releases are superseded because of blocking, non-operable bugs, they should either be resolved and re-released or a clear path to making them function be documented. Once a re-release is done, the old images should be wiped out or moved to a clearly marked deprecated folder. Thats my 100 cents worth, I really do appreciate the work and effort that goes into this project, it appears to be a wonderful one, I hope to make good use of it, but the initial learning curve is a real deal breaker I'm sure for many others, especially not those willing and able to spend the time hacking at it like I have for the past week. Thanks! ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Help required: Selinux disable for ovirt iso image
I managed to dig,dig dig and have finally resolved issue #1 without reinstall steps 1. put host in maintenance mode 2, log in to host and: 2a. mount -o,rw,remount /run/initramfs/live 2b. edit /run/initramfs/live/grub2/grub.cfg and add selinux=0 to the end of the kernel line (starts with linux /vmlinuz0 2c. reboot the host 3. log in and try getenforce - selinux says disabled. 4. I tried to Activate the host and the manager returned non-operational, so I had to remove and re-add the host. Manager version: 3.3.3-2.fc19 and iso ovirt-node-iso-3.0.3-1.1.vdsm.fc19.iso On Wed, Feb 19, 2014 at 12:14 PM, David Smith dsm...@mypchelp.com wrote: side note ,reinstalling the nodes to resolve the selinux issue really isn't a great proposition, its time consuming, an after-the-fact method of editing the grub line and adding selinux=0 or enforcing=0 whichever it may be would be ideal. On Wed, Feb 19, 2014 at 11:05 AM, David Smith dsm...@mypchelp.com wrote: I apologize if this comes off a little brusque, but there's really a lot of random information out there right now, to the point where i've seen it confuse not only myself but other new installers. Based on the problems I still have, I have a suggestion, and I also need some help. Again, some of this may come off as a bit of a TLDR Rant but if ovirt is to become popular, I believe my experience as a hardware engineer, software/hardware QA director/manager/engineer, may be valuable to this project. Two things keep me from getting this system working for me in a useful manner: #1, and the most important blocker: Disabling or fixing selinux, using ovirt-node-iso-3.0.3-1.1.vdsm.fc19.iso. #2, getting raritan pdu support For issue #1: I've had a lot of people say disable selinux or fix selinux all over this user list and in recent replies. This really isn't fully helpful information. Even stating edit the /etc/selinux/config or use the kernel boot command selinux=0 or read some other doc on the internet. These all apply to full fledged releases, not to the ovirt iso image. The main issue is that SSHD is not being allowed through selinux by default on this image. The right thing to do would be to fix the image and re-release it, and DELETE the broken one that is currently available. However a simple doc explaining how to persist the selinux disable or fix the SSHD problem with selinux would be the easiest solution. Others ran me down the path of edit the selinux file and persist it which didn't work, but gave no productive help on how to make it permanent. Equally I've been told to edit the grub config and add selinux=0 to the kernel, however after attempting this, adding it manually at the grub boot causes the system not to boot, and I haven't found the *right* grub.cfg file to edit and persist to keep the changes. For issue #2: I've hacked up some of the fence-agents scripts and am in the process of attempting to figure out how to compile/set up my own local copy to verify the raritan changes. Ideally the fence-agents folks would add a generic support portion, which I may actually do myself as well, allowing *any* PDU with at least the usual login/password/command/logout sequence to be used. So you see, I'm not totally useless, I'm helping here. Next suggestions: A) Compatibility list B) Cleanup of old project crap For A) For each release, I suggest there be a spreadsheet or simple document that shows which ovirt ISO images are compatible with which manager versions. There could be a wiki where people can add references to bug #s that have been found and links to their solutions. Right now there are ancient docs all over google searches that send people down paths of days of turmoil to no avail. For B) When iso images or other releases are superseded because of blocking, non-operable bugs, they should either be resolved and re-released or a clear path to making them function be documented. Once a re-release is done, the old images should be wiped out or moved to a clearly marked deprecated folder. Thats my 100 cents worth, I really do appreciate the work and effort that goes into this project, it appears to be a wonderful one, I hope to make good use of it, but the initial learning curve is a real deal breaker I'm sure for many others, especially not those willing and able to spend the time hacking at it like I have for the past week. Thanks! ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Help required: Selinux disable for ovirt iso image
ahh spoke too soon, now after disabling selinux, vdsm isn't loading.. host shows up, but can't assign any VMs.. On Wed, Feb 19, 2014 at 1:16 PM, David Smith dsm...@mypchelp.com wrote: I managed to dig,dig dig and have finally resolved issue #1 without reinstall steps 1. put host in maintenance mode 2, log in to host and: 2a. mount -o,rw,remount /run/initramfs/live 2b. edit /run/initramfs/live/grub2/grub.cfg and add selinux=0 to the end of the kernel line (starts with linux /vmlinuz0 2c. reboot the host 3. log in and try getenforce - selinux says disabled. 4. I tried to Activate the host and the manager returned non-operational, so I had to remove and re-add the host. Manager version: 3.3.3-2.fc19 and iso ovirt-node-iso-3.0.3-1.1.vdsm.fc19.iso On Wed, Feb 19, 2014 at 12:14 PM, David Smith dsm...@mypchelp.com wrote: side note ,reinstalling the nodes to resolve the selinux issue really isn't a great proposition, its time consuming, an after-the-fact method of editing the grub line and adding selinux=0 or enforcing=0 whichever it may be would be ideal. On Wed, Feb 19, 2014 at 11:05 AM, David Smith dsm...@mypchelp.comwrote: I apologize if this comes off a little brusque, but there's really a lot of random information out there right now, to the point where i've seen it confuse not only myself but other new installers. Based on the problems I still have, I have a suggestion, and I also need some help. Again, some of this may come off as a bit of a TLDR Rant but if ovirt is to become popular, I believe my experience as a hardware engineer, software/hardware QA director/manager/engineer, may be valuable to this project. Two things keep me from getting this system working for me in a useful manner: #1, and the most important blocker: Disabling or fixing selinux, using ovirt-node-iso-3.0.3-1.1.vdsm.fc19.iso. #2, getting raritan pdu support For issue #1: I've had a lot of people say disable selinux or fix selinux all over this user list and in recent replies. This really isn't fully helpful information. Even stating edit the /etc/selinux/config or use the kernel boot command selinux=0 or read some other doc on the internet. These all apply to full fledged releases, not to the ovirt iso image. The main issue is that SSHD is not being allowed through selinux by default on this image. The right thing to do would be to fix the image and re-release it, and DELETE the broken one that is currently available. However a simple doc explaining how to persist the selinux disable or fix the SSHD problem with selinux would be the easiest solution. Others ran me down the path of edit the selinux file and persist it which didn't work, but gave no productive help on how to make it permanent. Equally I've been told to edit the grub config and add selinux=0 to the kernel, however after attempting this, adding it manually at the grub boot causes the system not to boot, and I haven't found the *right* grub.cfg file to edit and persist to keep the changes. For issue #2: I've hacked up some of the fence-agents scripts and am in the process of attempting to figure out how to compile/set up my own local copy to verify the raritan changes. Ideally the fence-agents folks would add a generic support portion, which I may actually do myself as well, allowing *any* PDU with at least the usual login/password/command/logout sequence to be used. So you see, I'm not totally useless, I'm helping here. Next suggestions: A) Compatibility list B) Cleanup of old project crap For A) For each release, I suggest there be a spreadsheet or simple document that shows which ovirt ISO images are compatible with which manager versions. There could be a wiki where people can add references to bug #s that have been found and links to their solutions. Right now there are ancient docs all over google searches that send people down paths of days of turmoil to no avail. For B) When iso images or other releases are superseded because of blocking, non-operable bugs, they should either be resolved and re-released or a clear path to making them function be documented. Once a re-release is done, the old images should be wiped out or moved to a clearly marked deprecated folder. Thats my 100 cents worth, I really do appreciate the work and effort that goes into this project, it appears to be a wonderful one, I hope to make good use of it, but the initial learning curve is a real deal breaker I'm sure for many others, especially not those willing and able to spend the time hacking at it like I have for the past week. Thanks! ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] Instructions to add a remote controlled power strip not in the native list?
We use Raritan / Dominion PX remote power blocks, is there a way to easily add support for these? On a feature request side, seems like adding support for generic wouldn't be too hard; just ask for what the login/password prompts look like, what the main prompt is, and the command sequence to turn on and off a port as well as logout. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] persisting selinux nightmare
I'm using the ovirt iso image and can't seem to get selinux to persist off no matter what i do. With selinux enforcing, SSHD isnt working, can't install or use the hosts. With it disabled, all seems to work, but after reboot, boom its enforcing again. I even edited /etc/selinux/config and changed it to permissive, then used persist config to persist the file. I reboot, I see the file is still changed, but selinux is back into enforcing mode (getenforce) what gives? I'm using this iso image, is this the latest one? It seems really hard to navigate the various old links in docs and such to find the most up to date isos. ovirt-node-iso-3.0.3-1.1.vdsm.fc19.iso ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] persisting selinux nightmare
heh, all the directories here, alpha, beta, nightly, stable, all have the same image file versions? http://resources.ovirt.org/releases/node-base/ On Fri, Feb 14, 2014 at 12:19 PM, David Smith dsm...@mypchelp.com wrote: I'm using the ovirt iso image and can't seem to get selinux to persist off no matter what i do. With selinux enforcing, SSHD isnt working, can't install or use the hosts. With it disabled, all seems to work, but after reboot, boom its enforcing again. I even edited /etc/selinux/config and changed it to permissive, then used persist config to persist the file. I reboot, I see the file is still changed, but selinux is back into enforcing mode (getenforce) what gives? I'm using this iso image, is this the latest one? It seems really hard to navigate the various old links in docs and such to find the most up to date isos. ovirt-node-iso-3.0.3-1.1.vdsm.fc19.iso ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
