Re: [ovirt-users] Help understanding Gluster in oVirt
I have setup an environment with 8 glustefs nodes in distributed+replicated mode. Instead of CTDB, I'm using keepalived. It works pretty well. On 02/04/2015 04:14 PM, Donny Davis wrote: I have two nodes running the hosted engine and gluster setup for replicate between them. Mounting to localhost seems to be working so far. I have live migrated the engine, pulled the plug on a running node, and rebooted each node to ensure it all works properly. I have had few issues with this setup. I didn’t like ctdb because it adds another layer of complexity that is unnecessary for MY setup. Node1 gluster drive on sdb Node2 gluster drive on sdb Both replicate and are the same make and model drive. ovirt-ha running on both for hosted-engine This setup is for hosted engine only, my actual storage for VM’s and what not do not run in this fashion. Hope This helps Donny D *From:*users-boun...@ovirt.org [mailto:users-boun...@ovirt.org] *On Behalf Of *Groten, Ryan *Sent:* Wednesday, February 4, 2015 10:11 AM *To:* Sahina Bose; users@ovirt.org *Subject:* Re: [ovirt-users] Help understanding Gluster in oVirt Nope in fact I followed the guide and found CTDB works quite well. I am just trying to figure out the benefit because that would be another component to consider in the architecture. *From:*Sahina Bose [mailto:sab...@redhat.com] *Sent:* Tuesday, February 03, 2015 4:09 AM *To:* Groten, Ryan; users@ovirt.org mailto:users@ovirt.org *Subject:* Re: [ovirt-users] Help understanding Gluster in oVirt On 01/28/2015 08:59 AM, Groten, Ryan wrote: I was planning on making a Gluster Data domain to test, and found some great information on this page: http://community.redhat.com/blog/2014/05/ovirt-3-4-glusterized/ The article the author uses the CTDB service for VIP failover. Is it possible/recommended to not do this, and just create a gluster volume on all the hosts in a cluster, then create the Gluster data domain as localhost:gluster_vol? Theoretically, it should work - if you make sure that you have a replica 3 gluster volume spread across 3 nodes, and these 3 nodes are your compute nodes as well - you should be fine without CTDB setup for failover and mounting as localhost. But I've not tried this to recommend it. Maybe if others have tried it, they can chime in? Btw, is there any reason you do not want to set up CTDB? Thanks, Ryan ThTh ___ Users mailing list Users@ovirt.org mailto:Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Free Ovirt Powered Cloud
Hey Donny, Great work! I registered myself and I'm using your environment. I can help you, just tell me how. On 12/15/2014 02:24 PM, Donny Davis wrote: Hi guys, I'm providing a free public cloud solution entirely based on vanilla oVirt called cloudspin.me http://cloudspin.me It runs on IPv6, and I am looking for people to use the system, host services and report back to me with their results. Data I am looking for Connection Speed - Is it comparable to other services User experience - Are there any changes recommended Does it work for you - What does, and does not work for you. I am trying to get funding to keep this a free resource for everyone to use. (not from here:) I am completely open to any and all suggestions, and or help with things. I am a one man show at the moment. If anyone has any questions please email me back Donny D ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Enabling GlusterFS in production
Hi friends! I have just upgraded from 3.2 to 3.4 and it was very nice. Everything ok! Now I want to enable Gluster Service to my cluster in production. I think follow this steps: * Install manually vdsm-gluster * Restart supervdsm and vdsmd * Enable Gluster Service in my Cluster. Could it cause any problem or downtime? Thanks. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] Logs using syslog
Hi all! Is there a way to log engine messages to a syslog? I searched for 'syslog' in /etc/ovirt-engine/*, but not results. Thanks ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] 'Drive' object has no attribute 'format'
Hi Nir, thanks for responding. That's what you asked me. vdms: [root@gauss vdsm]# rpm -qa | grep vdsm vdsm-xmlrpc-4.10.3-0.36.23.el6.noarch vdsm-cli-4.10.3-0.36.23.el6.noarch vdsm-python-4.10.3-0.36.23.el6.x86_64 vdsm-4.10.3-0.36.23.el6.x86_64 vdsm-hook-qos-4.10.3-0.36.23.el6.noarch vdsm-hook-nestedvt-4.10.3-0.36.23.el6.noarch vdsm-hook-hostusb-4.10.3-0.36.23.el6.noarch engine: [eduardo@ovirt-dir ~]$ rpm -qa|grep ovirt ovirt-engine-tools-3.2.2-1.1.43.el6.noarch ovirt-engine-backend-3.2.2-1.1.43.el6.noarch ovirt-engine-dwh-3.2.0-1.el6.noarch ovirt-engine-reports-3.2.0-2.el6.noarch ovirt-log-collector-3.2.0-1.el6.noarch ovirt-engine-cli-3.3.0.4-1.el6.noarch ovirt-host-deploy-1.1.0-0.0.master.el6.noarch ovirt-engine-dbscripts-3.2.2-1.1.43.el6.noarch ovirt-engine-genericapi-3.2.2-1.1.43.el6.noarch ovirt-iso-uploader-3.2.0-1.el6.noarch ovirt-engine-setup-3.2.2-1.1.43.el6.noarch ovirt-host-deploy-java-1.1.0-0.0.master.el6.noarch ovirt-engine-userportal-3.2.2-1.1.43.el6.noarch ovirt-engine-webadmin-portal-3.2.2-1.1.43.el6.noarch ovirt-engine-sdk-python-3.3.0.6-1.el6.noarch ovirt-engine-jbossas711-1-0.x86_64 ovirt-engine-restapi-3.2.2-1.1.43.el6.noarch ovirt-engine-3.2.2-1.1.43.el6.noarch ovirt-image-uploader-3.2.0-1.el6.noarch ovirt-release-el6-10-1.noarch Follows the logs on my dropbox: https://www.dropbox.com/sh/cp93cqzs7ow4zp2/XRDsr_D1L3/ovirt On 02/08/2014 08:02 PM, Nir Soffer wrote: - Original Message - From: Eduardo Ramos edua...@freedominterface.org To: users users@ovirt.org Sent: Friday, February 7, 2014 2:35:03 PM Subject: [Users] 'Drive' object has no attribute 'format' Hi all! I'm getting this strange message on my vdsm.log Thread-187887::ERROR::2014-02-07 10:31:13,246::sampling::355::vm.Vm::(collect) vmId=`226fb21b-ce7e-45ec-8e6e-75b987374ead`::Stats function failed: AdvancedStatsFunction _highWrite at 0x2d328f0 Traceback (most recent call last): File /usr/share/vdsm/sampling.py, line 351, in collect statsFunction() File /usr/share/vdsm/sampling.py, line 226, in __call__ retValue = self._function(*args, **kwargs) File /usr/share/vdsm/vm.py, line 528, in _highWrite self._vm.extendDrivesIfNeeded() File /usr/share/vdsm/vm.py, line 2285, in extendDrivesIfNeeded if not drive.blockDev or drive.format != 'cow': AttributeError: 'Drive' object has no attribute 'format' Anyone know what could be happening? Hi Eduardo, I'm afraid you have a vm with an invalid drive, created without the required format attribute. We have seen this issue when upgrading from old versions, or when migrating vms. See https://bugzilla.redhat.com/show_bug.cgi?id=1055437 Can you add more information that will help debug this issue? - ovirt-engine/vdsm versions - logs: engine.log, vdsm.log - what was the trigger of this error (e.g. started when migrating vm?) If you think your case is not relevant to bug 1055437, please open a new bug. Thanks, Nir ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] I can't remove VM
Hi all! I'm having trouble on removing virtual machines. My environment run on a ISCSI domain storage. When I try remove, the SPM logs: # Start vdsm SPM log # Thread-6019517::INFO::2014-02-03 09:58:09,293::logUtils::41::dispatcher::(wrapper) Run and protect: deleteImage(sdUUID='c332da29-ba9f-4c94-8fa9-346bb8e04e2a', spUUID='9dbc7bb1-c460-4202-8f10-862d2ed3ed9a', imgUUID='57ba1906-2035-4503-acbc-5f6f077f75cc', postZero='false', force='false') Thread-6019517::INFO::2014-02-03 09:58:09,293::blockSD::816::Storage.StorageDomain::(validate) sdUUID=c332da29-ba9f-4c94-8fa9-346bb8e04e2a Thread-6019517::ERROR::2014-02-03 09:58:10,061::task::833::TaskManager.Task::(_setError) Task=`8cbf9978-ed51-488a-af52-a3db030e44ff`::Unexpected error Traceback (most recent call last): File /usr/share/vdsm/storage/task.py, line 840, in _run return fn(*args, **kargs) File /usr/share/vdsm/logUtils.py, line 42, in wrapper res = f(*args, **kwargs) File /usr/share/vdsm/storage/hsm.py, line 1429, in deleteImage allVols = dom.getAllVolumes() File /usr/share/vdsm/storage/blockSD.py, line 972, in getAllVolumes return getAllVolumes(self.sdUUID) File /usr/share/vdsm/storage/blockSD.py, line 172, in getAllVolumes vImg not in res[vPar]['imgs']): KeyError: '63650a24-7e83-4c0a-851d-0ce9869a294d' Thread-6019517::INFO::2014-02-03 09:58:10,063::task::1134::TaskManager.Task::(prepare) Task=`8cbf9978-ed51-488a-af52-a3db030e44ff`::aborting: Task is aborted: u'63650a24-7e83-4c0a-851d-0ce9869a294d' - code 100 Thread-6019517::ERROR::2014-02-03 09:58:10,066::dispatcher::70::Storage.Dispatcher.Protect::(run) '63650a24-7e83-4c0a-851d-0ce9869a294d' Traceback (most recent call last): File /usr/share/vdsm/storage/dispatcher.py, line 62, in run result = ctask.prepare(self.func, *args, **kwargs) File /usr/share/vdsm/storage/task.py, line 1142, in prepare raise self.error KeyError: '63650a24-7e83-4c0a-851d-0ce9869a294d' Thread-6019518::INFO::2014-02-03 09:58:10,087::logUtils::41::dispatcher::(wrapper) Run and protect: getSpmStatus(spUUID='9dbc7bb1-c460-4202-8f10-862d2ed3ed9a', options=None) Thread-6019518::INFO::2014-02-03 09:58:10,088::logUtils::44::dispatcher::(wrapper) Run and protect: getSpmStatus, Return response: {'spm_st': {'spmId': 14, 'spmStatus': 'SPM', 'spmLver': 64}} Thread-6019519::INFO::2014-02-03 09:58:10,100::logUtils::41::dispatcher::(wrapper) Run and protect: getAllTasksStatuses(spUUID=None, options=None) Thread-6019519::INFO::2014-02-03 09:58:10,101::logUtils::44::dispatcher::(wrapper) Run and protect: getAllTasksStatuses, Return response: {'allTasksStatus': {}} Thread-6019520::INFO::2014-02-03 09:58:10,109::logUtils::41::dispatcher::(wrapper) Run and protect: spmStop(spUUID='9dbc7bb1-c460-4202-8f10-862d2ed3ed9a', options=None) Thread-6019520::INFO::2014-02-03 09:58:10,681::clusterlock::121::SafeLease::(release) Releasing cluster lock for domain c332da29-ba9f-4c94-8fa9-346bb8e04e2a Thread-6019521::INFO::2014-02-03 09:58:11,054::logUtils::41::dispatcher::(wrapper) Run and protect: repoStats(options=None) Thread-6019521::INFO::2014-02-03 09:58:11,054::logUtils::44::dispatcher::(wrapper) Run and protect: repoStats, Return response: {u'51eb6183-157d-4015-ae0f-1c7ffb1731c0': {'delay': '0.00799298286438', 'lastCheck': '5.3', 'code': 0, 'valid': True}, u'c332da29-ba9f-4c94-8fa9-346bb8e04e2a': {'delay': '0.0197920799255', 'lastCheck': '4.9', 'code': 0, 'valid': True}, u'0e0be898-6e04-4469-bb32-91f3cf8146d1': {'delay': '0.00803208351135', 'lastCheck': '5.3', 'code': 0, 'valid': True}} Thread-6019520::INFO::2014-02-03 09:58:11,732::logUtils::44::dispatcher::(wrapper) Run and protect: spmStop, Return response: None Thread-6019523::INFO::2014-02-03 09:58:11,835::logUtils::41::dispatcher::(wrapper) Run and protect: getAllTasksStatuses(spUUID=None, options=None) Thread-6019523::INFO::2014-02-03 09:58:11,835::logUtils::44::dispatcher::(wrapper) Run and protect: getAllTasksStatuses, Return response: {'allTasksStatus': {}} Thread-6019524::INFO::2014-02-03 09:58:11,844::logUtils::41::dispatcher::(wrapper) Run and protect: spmStop(spUUID='9dbc7bb1-c460-4202-8f10-862d2ed3ed9a', options=None) Thread-6019524::ERROR::2014-02-03 09:58:11,846::task::833::TaskManager.Task::(_setError) Task=`00df5ff7-bbf4-4a0e-b60b-1b06dcaa7683`::Unexpected error Traceback (most recent call last): File /usr/share/vdsm/storage/task.py, line 840, in _run return fn(*args, **kargs) File /usr/share/vdsm/logUtils.py, line 42, in wrapper res = f(*args, **kwargs) File /usr/share/vdsm/storage/hsm.py, line 601, in spmStop pool.stopSpm() File /usr/share/vdsm/storage/securable.py, line 66, in wrapper raise SecureError() SecureError Thread-6019524::INFO::2014-02-03 09:58:11,855::task::1134::TaskManager.Task::(prepare) Task=`00df5ff7-bbf4-4a0e-b60b-1b06dcaa7683`::aborting: Task is aborted: u'' - code 100 Thread-6019524::ERROR::2014-02-03
Re: [Users] Resizing the iscsi data domain
Hi! I've done this with success. I put my domain in maintenance, used pvresize and after activated again. Try this. On 11/18/2013 07:58 PM, Pavel Zhukov wrote: On Monday, November 18, 2013 05:10:19 PM Juan Pablo Lorier wrote: Hi, I've resized the lun I'm using for data domain. I've changed the lun, rescaned the target with iscsiadm and reloaded multipath to get the new size. The thins is that though all the hosts sees the new size, ovirt doesn't. Do I need to run something to update the engine db? I'm running ovirt 3.2 Regards, ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users Hi Juan, Resizing of the LUN is not supported yet. You can extend SD with additional LUN instead (Map new LUN - SD - Edit - check new LUN). You can try to re-elect SPM for now. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Host USB
Hi my friend! On the host, you can run 'lsusb' command. It will return you some like this: Bus 002 Device 004: ID 413c:2106 Dell Computer Corp. Dell QuietKey Keyboard You just add '0x' in the begining of ids. On 10/11/2013 01:17 PM, emi...@gmail.com wrote: Hi, I would like to implement the USB pass through from a host to a VM. I don't know how to configure the hook that allow me to do this. Could you give me some guidance with this? I''ve readed this: http://www.ovirt.org/VDSM-Hooks/hostusb But I don't know where is located the VM XML that it's mentioned there. Regards! ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Host USB
Emitor, You won't put it into a XML. You will configure it in ovirt webadmin. First you have to install hostusb hook on the host machine. Then editing your virtual machine, go to the 'Custom Properties' tab. There, select 'hostusb' and in the right textbox, put the id. Example: 0x1234:0xbeef. You can define several ids, putting '' between them: 0x1234:0xbeef0x:0xabaa. http://imagebin.org/273393 I hope it is what you want. On 10/11/2013 01:56 PM, emi...@gmail.com wrote: Thanks for your answer Eduardo, but i don't know which is the file where i have to put the '0x', I mean the XML file that describes the VM. Where is it located? Regards! 2013/10/11 Eduardo Ramos edua...@freedominterface.org mailto:edua...@freedominterface.org Hi my friend! On the host, you can run 'lsusb' command. It will return you some like this: Bus 002 Device 004: ID 413c:2106 Dell Computer Corp. Dell QuietKey Keyboard You just add '0x' in the begining of ids. On 10/11/2013 01:17 PM, emi...@gmail.com mailto:emi...@gmail.com wrote: Hi, I would like to implement the USB pass through from a host to a VM. I don't know how to configure the hook that allow me to do this. Could you give me some guidance with this? I''ve readed this: http://www.ovirt.org/VDSM-Hooks/hostusb But I don't know where is located the VM XML that it's mentioned there. Regards! ___ Users mailing list Users@ovirt.org mailto:Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- *Emiliano Tortorella* +598 98941176 emi...@gmail.com mailto:emi...@gmail.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Host USB
Oh well, there is one missing step: I had to run this command on engine to define 'hostusb' as a custom property: sudo engine-config -s UserDefinedVMProperties='hostusb=[\w:]+' You can check out using: sudo engine-config -g UserDefinedVMProperties I have to write about it so as to not forget. Now I think it is enough. Regards! On 10/11/2013 02:59 PM, emi...@gmail.com wrote: I've installed the hook on both host that belong to the cluster where the VM is but I don't get the option to configure. I've also pinned the vm to a host but I get the same options as in any other vm from the cluster. There is something that I'm not doing? Regards! 2013/10/11 Eduardo Ramos edua...@freedominterface.org mailto:edua...@freedominterface.org You're welcome! On 10/11/2013 02:13 PM, emi...@gmail.com mailto:emi...@gmail.com wrote: Oh! great! i though that was by modifying the xml by hand. Thanks! 2013/10/11 Eduardo Ramos edua...@freedominterface.org mailto:edua...@freedominterface.org Emitor, You won't put it into a XML. You will configure it in ovirt webadmin. First you have to install hostusb hook on the host machine. Then editing your virtual machine, go to the 'Custom Properties' tab. There, select 'hostusb' and in the right textbox, put the id. Example: 0x1234:0xbeef. You can define several ids, putting '' between them: 0x1234:0xbeef0x:0xabaa. http://imagebin.org/273393 I hope it is what you want. On 10/11/2013 01:56 PM, emi...@gmail.com mailto:emi...@gmail.com wrote: Thanks for your answer Eduardo, but i don't know which is the file where i have to put the '0x', I mean the XML file that describes the VM. Where is it located? Regards! 2013/10/11 Eduardo Ramos edua...@freedominterface.org mailto:edua...@freedominterface.org Hi my friend! On the host, you can run 'lsusb' command. It will return you some like this: Bus 002 Device 004: ID 413c:2106 Dell Computer Corp. Dell QuietKey Keyboard You just add '0x' in the begining of ids. On 10/11/2013 01:17 PM, emi...@gmail.com mailto:emi...@gmail.com wrote: Hi, I would like to implement the USB pass through from a host to a VM. I don't know how to configure the hook that allow me to do this. Could you give me some guidance with this? I''ve readed this: http://www.ovirt.org/VDSM-Hooks/hostusb But I don't know where is located the VM XML that it's mentioned there. Regards! ___ Users mailing list Users@ovirt.org mailto:Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- *Emiliano Tortorella* +598 98941176 tel:%2B598%2098941176 emi...@gmail.com mailto:emi...@gmail.com -- *Emiliano Tortorella* +598 98941176 tel:%2B598%2098941176 emi...@gmail.com mailto:emi...@gmail.com -- *Emiliano Tortorella* +598 98941176 tel:%2B598%2098941176 emi...@gmail.com mailto:emi...@gmail.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] Can't delete snapshot
Hi friends! I'm trying delete a snapshot but webadmin returns me: Failed to complete Snapshot bla deletion on VM piromba.dem.inpe.br. In vdsm.log of SPM, I got: Oct 10 16:24:10 newton kernel: end_request: I/O error, dev dm-24, sector 2147483632 Oct 10 16:24:10 newton kernel: end_request: I/O error, dev dm-24, sector 0 Oct 10 16:24:11 newton kernel: end_request: I/O error, dev dm-24, sector 2147483520 Oct 10 16:24:11 newton kernel: end_request: I/O error, dev dm-24, sector 2147483632 Oct 10 16:24:11 newton kernel: end_request: I/O error, dev dm-24, sector 0 Oct 10 16:24:11 newton kernel: end_request: I/O error, dev dm-24, sector 2147483520 Oct 10 16:24:11 newton kernel: end_request: I/O error, dev dm-24, sector 2147483632 Oct 10 16:24:11 newton kernel: end_request: I/O error, dev dm-24, sector 0 Oct 10 16:24:12 newton vdsm TaskManager.Task ERROR Task=`767206b3-87e9-4686-b06c-6fba24bdb677`::Unexpected error#012Traceback (most recent call last):#012 File /usr/share/vdsm/storage/task.py, line 861, in _run#012return fn(*args, **kargs)#012 File /usr/share/vdsm/storage/task.py, line 320, in run#012return self.cmd(*self.argslist, **self.argsdict)#012 File /usr/share/vdsm/storage/securable.py, line 63, in wrapper#012 return f(self, *args, **kwargs)#012 File /usr/share/vdsm/storage/sp.py, line 1786, in mergeSnapshots#012 image.Image(repoPath).merge(sdUUID, vmUUID, imgUUID, ancestor, successor, postZero)#012 File /usr/share/vdsm/storage/image.py, line 1084, in merge#012allVols = sdDom.getAllVolumes()#012 File /usr/share/vdsm/storage/blockSD.py, line 869, in getAllVolumes#012 return getAllVolumes(self.sdUUID)#012 File /usr/share/vdsm/storage/blockSD.py, line 168, in getAllVolumes#012 and vImg not in res[vPar]['imgs']:#012KeyError: '63650a24-7e83-4c0a-851d-0ce9869a294d' [root@newton ~]# ls -l /dev/mapper/ total 0 lrwxrwxrwx. 1 root root 8 Oct 8 17:34 1IET_00010001 - ../dm-24 Anyone knows what is this device? Thanks. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] Metadata broken
Hi all! I'm getting this message on SPM vdsmd.log: MetaDataSealIsBroken: Meta Data seal is broken (checksum mismatch): 'cksum = 7a7df999bca1c1ac3878433a55d4ce2e2fda671a, computed_cksum = 464c1a075cffe3881375d24242ad490e70a3d8f1' Anyone could help me solve it? Thanks. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Metadata broken
Hi! I solved it using: vgchange --deltag MDT__SHA_CKSUM=7a7df999bca1c1ac3878433a55d4ce2e2fda671a c332da29-ba9f-4c94-8fa9-346bb8e04e2 vgchange --addtag MDT__SHA_CKSUM=464c1a075cffe3881375d24242ad490e70a3d8f1 On 10/04/2013 09:42 AM, Eduardo Ramos wrote: Hi all! I'm getting this message on SPM vdsmd.log: MetaDataSealIsBroken: Meta Data seal is broken (checksum mismatch): 'cksum = 7a7df999bca1c1ac3878433a55d4ce2e2fda671a, computed_cksum = 464c1a075cffe3881375d24242ad490e70a3d8f1' Anyone could help me solve it? Thanks. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] vdsm Domain monitor error
Hi all! I'm getting a strange error in on my SPM: Message from syslogd@darwin at Sep 24 11:19:58 ... ?11vdsm Storage.DomainMonitorThread ERROR Error while collecting domain 0226b818-59a6-41bc-8590-91f520aa7859 monitoring information#012Traceback (most recent call last):#012 File /usr/share/vdsm/storage/domainMonitor.py, line 182, in _monitorDomain#012self.domain = sdCache.produce(self.sdUUID)#012 File /usr/share/vdsm/storage/sdc.py, line 97, in produce#012 domain.getRealDomain()#012 File /usr/share/vdsm/storage/sdc.py, line 52, in getRealDomain#012return self._cache._realProduce(self._sdUUID)#012 File /usr/share/vdsm/storage/sdc.py, line 121, in _realProduce#012 domain = self._findDomain(sdUUID)#012 File /usr/share/vdsm/storage/sdc.py, line 152, in _findDomain#012 raise se.StorageDomainDoesNotExist(sdUUID)#012StorageDomainDoesNotExist: Storage domain does not exist: (u'0226b818-59a6-41bc-8590-91f520aa7859',) I also can not remove disks. When I try,immediatly appears on the 'Events' log of webadmin: *Data Center is being initialized, please wait for initialization to complete.* *User eduardo.ramos failed to initiate removing of disk 012.167_teste_InfoDoc_Disk1 from domain VMs.* Could someone help me? Thanks ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] vdsm Domain monitor error
This storage domains don't exist anymore. There is an entry in postgres with: Domain VMExport was forcibly removed by admin@internal It was a NFS Export domain. Is there any chance it is causing problem with iscsi data domain operations? Now I can create disks and VMs, but I can't remove them. I tried export a VM, and the engine.log returned me this: 2013-09-24 14:03:05,180 ERROR [org.ovirt.engine.core.vdsbroker.vdsbroker.BrokerCommandBase] (pool-3-thread-33) [547e3abf] Failed in MoveImageGroupVDS method 2013-09-24 14:03:05,182 ERROR [org.ovirt.engine.core.vdsbroker.vdsbroker.BrokerCommandBase] (pool-3-thread-33) [547e3abf] Error code MoveImageError and error message IRSGenericException: IRSErrorException: Failed to MoveImageGroupVDS, error = Error moving image: ('spUUID=9dbc7bb1-c460-4202-8f10-862d2ed3ed9a, srcDomUUID=c332da29-ba9f-4c94-8fa9-346bb8e04e2a, dstDomUUID=51eb6183-157d-4015-ae0f-1c7ffb1731c0, imgUUID=483d8af2-beb2-45cc-b73e-4597e31a6fc0, vmUUID=, op=1, force=false, postZero=false force=false',) 2013-09-24 14:03:05,184 ERROR [org.ovirt.engine.core.vdsbroker.irsbroker.IrsBrokerCommand] (pool-3-thread-33) [547e3abf] IrsBroker::Failed::MoveImageGroupVDS due to: IRSErrorException: IRSGenericException: IRSErrorException: Failed to MoveImageGroupVDS, error = Error moving image: ('spUUID=9dbc7bb1-c460-4202-8f10-862d2ed3ed9a, srcDomUUID=c332da29-ba9f-4c94-8fa9-346bb8e04e2a, dstDomUUID=51eb6183-157d-4015-ae0f-1c7ffb1731c0, imgUUID=483d8af2-beb2-45cc-b73e-4597e31a6fc0, vmUUID=, op=1, force=false, postZero=false force=false',) On 09/24/2013 01:09 PM, Dafna Ron wrote: vdsm cannot find your storage. check your storage and network connection to it. On 09/24/2013 03:31 PM, Eduardo Ramos wrote: Hi all! I'm getting a strange error in on my SPM: Message from syslogd@darwin at Sep 24 11:19:58 ... �11vdsm Storage.DomainMonitorThread ERROR Error while collecting domain 0226b818-59a6-41bc-8590-91f520aa7859 monitoring information#012Traceback (most recent call last):#012 File /usr/share/vdsm/storage/domainMonitor.py, line 182, in _monitorDomain#012 self.domain = sdCache.produce(self.sdUUID)#012 File /usr/share/vdsm/storage/sdc.py, line 97, in produce#012 domain.getRealDomain()#012 File /usr/share/vdsm/storage/sdc.py, line 52, in getRealDomain#012 return self._cache._realProduce(self._sdUUID)#012 File /usr/share/vdsm/storage/sdc.py, line 121, in _realProduce#012 domain = self._findDomain(sdUUID)#012 File /usr/share/vdsm/storage/sdc.py, line 152, in _findDomain#012 raise se.StorageDomainDoesNotExist(sdUUID)#012StorageDomainDoesNotExist: Storage domain does not exist: (u'0226b818-59a6-41bc-8590-91f520aa7859',) I also can not remove disks. When I try,immediatly appears on the 'Events' log of webadmin: *Data Center is being initialized, please wait for initialization to complete.* *User eduardo.ramos failed to initiate removing of disk 012.167_teste_InfoDoc_Disk1 from domain VMs.* Could someone help me? Thanks ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] vdsm Domain monitor error
I think I found it, but I don't know how to remove: /sbin/lvm vgs --config devices { preferred_names = [\^/dev/mapper/\] ignore_suspended_devices=1 write_cache_state=0 disable_after_error_count=3 filter = [ \a%36000eb396eb9c0540033|3600508b1001c80dabd7195030a341559%\, \r%.*%\ ] } global { locking_type=1 prioritise_write_locks=1 wait_for_locks=1 } backup { retain_min = 50 retain_days = 0 } --noheadings --units b --nosuffix --separator '|' -o tags In the return, there it is: MDT_POOL_DOMAINS=*0226b818-59a6-41bc-8590-91f520aa7859:Active*44c332da29-ba9f-4c94-8fa9-346bb8e04e2a:Active4451eb6183-157d-4015-ae0f-1c7ffb1731c0:Active440e0be898-6e04-4469-bb32-91f3cf8146d1:Active,MDT__SHA_CKSUM=0ccf56122a8384461c8da7b0eda19e9bdcbd23bf Any idea to remove it? On 09/24/2013 02:14 PM, Eduardo Ramos wrote: This storage domains don't exist anymore. There is an entry in postgres with: Domain VMExport was forcibly removed by admin@internal It was a NFS Export domain. Is there any chance it is causing problem with iscsi data domain operations? Now I can create disks and VMs, but I can't remove them. I tried export a VM, and the engine.log returned me this: 2013-09-24 14:03:05,180 ERROR [org.ovirt.engine.core.vdsbroker.vdsbroker.BrokerCommandBase] (pool-3-thread-33) [547e3abf] Failed in MoveImageGroupVDS method 2013-09-24 14:03:05,182 ERROR [org.ovirt.engine.core.vdsbroker.vdsbroker.BrokerCommandBase] (pool-3-thread-33) [547e3abf] Error code MoveImageError and error message IRSGenericException: IRSErrorException: Failed to MoveImageGroupVDS, error = Error moving image: ('spUUID=9dbc7bb1-c460-4202-8f10-862d2ed3ed9a, srcDomUUID=c332da29-ba9f-4c94-8fa9-346bb8e04e2a, dstDomUUID=51eb6183-157d-4015-ae0f-1c7ffb1731c0, imgUUID=483d8af2-beb2-45cc-b73e-4597e31a6fc0, vmUUID=, op=1, force=false, postZero=false force=false',) 2013-09-24 14:03:05,184 ERROR [org.ovirt.engine.core.vdsbroker.irsbroker.IrsBrokerCommand] (pool-3-thread-33) [547e3abf] IrsBroker::Failed::MoveImageGroupVDS due to: IRSErrorException: IRSGenericException: IRSErrorException: Failed to MoveImageGroupVDS, error = Error moving image: ('spUUID=9dbc7bb1-c460-4202-8f10-862d2ed3ed9a, srcDomUUID=c332da29-ba9f-4c94-8fa9-346bb8e04e2a, dstDomUUID=51eb6183-157d-4015-ae0f-1c7ffb1731c0, imgUUID=483d8af2-beb2-45cc-b73e-4597e31a6fc0, vmUUID=, op=1, force=false, postZero=false force=false',) On 09/24/2013 01:09 PM, Dafna Ron wrote: vdsm cannot find your storage. check your storage and network connection to it. On 09/24/2013 03:31 PM, Eduardo Ramos wrote: Hi all! I'm getting a strange error in on my SPM: Message from syslogd@darwin at Sep 24 11:19:58 ... �11vdsm Storage.DomainMonitorThread ERROR Error while collecting domain 0226b818-59a6-41bc-8590-91f520aa7859 monitoring information#012Traceback (most recent call last):#012 File /usr/share/vdsm/storage/domainMonitor.py, line 182, in _monitorDomain#012 self.domain = sdCache.produce(self.sdUUID)#012 File /usr/share/vdsm/storage/sdc.py, line 97, in produce#012 domain.getRealDomain()#012 File /usr/share/vdsm/storage/sdc.py, line 52, in getRealDomain#012 return self._cache._realProduce(self._sdUUID)#012 File /usr/share/vdsm/storage/sdc.py, line 121, in _realProduce#012 domain = self._findDomain(sdUUID)#012 File /usr/share/vdsm/storage/sdc.py, line 152, in _findDomain#012 raise se.StorageDomainDoesNotExist(sdUUID)#012StorageDomainDoesNotExist: Storage domain does not exist: (u'0226b818-59a6-41bc-8590-91f520aa7859',) I also can not remove disks. When I try,immediatly appears on the 'Events' log of webadmin: *Data Center is being initialized, please wait for initialization to complete.* *User eduardo.ramos failed to initiate removing of disk 012.167_teste_InfoDoc_Disk1 from domain VMs.* Could someone help me? Thanks ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] Resize VM disk
Hi friends! Is there a way to resize vm disks? Thanks. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] invalid vgs
Good day! The 'select' returns 0 registers. Without 'where' clause, it returns the three domains that I have. When I tried remove a disk, it failed. Follow the logs of engine and spm: ENGINE http://pastebin.com/aFMvC5tN SPM http://pastebin.com/KQ9mtn53 Thanks for helping me. On 08/08/2013 09:52 AM, Maor Lipchuk wrote: Hi Eduardo SPM log with the engine log could be good enough, I will appreciate if you can please attach them. What does SELECT * FROM storage_domains where id = '0226b818-59a6-41bc-8590-91f520aa7859' gives you? Regards, Maor On 08/06/2013 05:58 PM, Eduardo Ramos wrote: Hi Maor, I have 16 machines as hosts and 1 as engine. It's a lot of log to send. Looking at my messages log of SPM, I see this each 10 seconds: Aug 6 11:52:06 darwin vdsm Storage.LVM WARNING lvm vgs failed: 5 [] [' Volume group 0226b818-59a6-41bc-8590-91f520aa7859 not found'] Aug 6 11:52:06 darwin vdsm Storage.StoragePool WARNING Could not get full domain information, it is probably unavailable#012Traceback (most recent call last):#012 File /usr/share/vdsm/storage/sp.py, line 1368, in getInfo#012dom = sdCache.produce(item)#012 File /usr/share/vdsm/storage/sdc.py, line 93, in produce#012dom = self._findDomain(sdUUID)#012 File /usr/share/vdsm/storage/sdc.py, line 118, in _findDomain#012 raise se.StorageDomainDoesNotExist(sdUUID)#012StorageDomainDoesNotExist: Storage domain does not exist: (u'0226b818-59a6-41bc-8590-91f520aa7859',) But I actually don't have any 0226b818-59a6-41bc-8590-91f520aa7859 storage domain. Doing a 'grep' in a database dump, I found this UUID in the log related with a export storage domain, that was removed one year ago! So, from where SPM is getting this UUID and why it's trying to get information from it? Thanks. On 07/30/2013 04:25 AM, Maor Lipchuk wrote: Hi Eduardo, Can u please also add the engine log and the full VDSM log (if you have other hosts then please add their vdsm.log as well) Thanks. Maor On 07/29/2013 11:10 PM, Eduardo Ramos wrote: Hi all! My SPM has logging such a strange message on vdsm.log. I tries to get information from a VG that doesn't exist. In fact, I don't know where it got the id 0226b818-59a6-41bc-8590-91f520aa7859. The log of vdsm can be read here: http://pastebin.com/mZcSLzxi Could anybody help me? Thanks. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] invalid vgs
Hi Maor, I have 16 machines as hosts and 1 as engine. It's a lot of log to send. Looking at my messages log of SPM, I see this each 10 seconds: Aug 6 11:52:06 darwin vdsm Storage.LVM WARNING lvm vgs failed: 5 [] [' Volume group 0226b818-59a6-41bc-8590-91f520aa7859 not found'] Aug 6 11:52:06 darwin vdsm Storage.StoragePool WARNING Could not get full domain information, it is probably unavailable#012Traceback (most recent call last):#012 File /usr/share/vdsm/storage/sp.py, line 1368, in getInfo#012dom = sdCache.produce(item)#012 File /usr/share/vdsm/storage/sdc.py, line 93, in produce#012dom = self._findDomain(sdUUID)#012 File /usr/share/vdsm/storage/sdc.py, line 118, in _findDomain#012 raise se.StorageDomainDoesNotExist(sdUUID)#012StorageDomainDoesNotExist: Storage domain does not exist: (u'0226b818-59a6-41bc-8590-91f520aa7859',) But I actually don't have any 0226b818-59a6-41bc-8590-91f520aa7859 storage domain. Doing a 'grep' in a database dump, I found this UUID in the log related with a export storage domain, that was removed one year ago! So, from where SPM is getting this UUID and why it's trying to get information from it? Thanks. On 07/30/2013 04:25 AM, Maor Lipchuk wrote: Hi Eduardo, Can u please also add the engine log and the full VDSM log (if you have other hosts then please add their vdsm.log as well) Thanks. Maor On 07/29/2013 11:10 PM, Eduardo Ramos wrote: Hi all! My SPM has logging such a strange message on vdsm.log. I tries to get information from a VG that doesn't exist. In fact, I don't know where it got the id 0226b818-59a6-41bc-8590-91f520aa7859. The log of vdsm can be read here: http://pastebin.com/mZcSLzxi Could anybody help me? Thanks. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] invalid vgs
Hi all! My SPM has logging such a strange message on vdsm.log. I tries to get information from a VG that doesn't exist. In fact, I don't know where it got the id 0226b818-59a6-41bc-8590-91f520aa7859. The log of vdsm can be read here: http://pastebin.com/mZcSLzxi Could anybody help me? Thanks. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] which file system for shared disk?
Hi Piotr! I've used OCFS2 out of oVirt, so I can't tell you specifically about VM environment, but I suggest you use OCFS2 in place of GFS2. It is simpler to implement, so less components to configure and it care about fencing for you. On 07/10/2013 08:15 AM, Piotr Szubiakowski wrote: Hi, we are developing an application where would be great if multiple host could have access to the same disk. I think that we can use features like shared disk or direct LUN to attach the same storage to multiple VM's. However to provide concurrent access to the resource, there should be a cluster file system used. The most popular open source cluster file systems are GFS2 and OCFS2. So my questions are: 1) Does anyone have share disk between VM's in oVirt? What fs did You used? 2) Is it possible to use GFS2 on VM's that are running on oVirt? Does anyone have run fencing mechanism with ovirt/libvirt? Many thanks, Piotr ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users attachment: eduardo.vcf___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Resize storage domain
Hi folks! I got succeed, but the sequence was a bit different: 1. Shutdown all VMs 2. Manually connect iscsi on the SPM host 3. Run pvresize on the LUN 4. Put the domain in maintenance 5. Activate the domains Using the suggested sequence, when I set domain in maintenance, even SPM lost connection with volumes, returning Input/Output error. Well, very thanks for helping me. On 06/03/2013 03:54 PM, Ayal Baron wrote: - Original Message - Tal, Thanks for responding, I'll try that sequence. But, what about the vgresize? There is no such command, only pvresize (which does what you need). It will do this by itself? I saw that there are some logical volumes... Thanks again. De : Tal Nisan tni...@redhat.com Enviado : domingo, 26 de maio de 2013 06:25 Para : Eduardo Ramos edua...@freedominterface.org Assunto : Re: [Users] Resize storage domain On 05/22/2013 11:04 PM, Eduardo Ramos wrote: Hi all! I have an iscsi domain based on a HP Lefthand cluster. Using HP tool, I resized the iscsi volume without problem. On the SPM host, with fdisk -l /dev/sdb, I saw the new size, ok. But now, How do I do ovirt engine see the new size? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users Hi Eduardo, In case you have more than one host: 1. Put the domain in maintenance 2. Manually connect iscsi on the SPM host 3. Run pvresize on the LUN 4. Activate the domains In case you have only 1 host just run pvresize on the disk. Tal. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] Resize storage domain
Hi all! I have an iscsi domain based on a HP Lefthand cluster. Using HP tool, I resized the iscsi volume without problem. On the SPM host, with fdisk -l /dev/sdb, I saw the new size, ok. But now, How do I do ovirt engine see the new size? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] DNS reverse configuration
Hi Roy! In fact engine-config -a works fine. It shows me the db config content. By the way, that engine is running ok as well. I just can't get engine connected to my samba4. Watching postgresql log file, whenever I use engine-manage-domains or engine-config, the following messages are appended: LOG: connection received: host=localhost port=1 LOG: connection authorized: user=engine database=engine LOG: unexpected EOF on client connection But engine-config works fine. I'm using CentOS 6.3 and using yum there are not update for postgresql or jdbc to update. The same with ovirt-engine. I'm really not understanding why it doesn't works. On 04/07/2013 05:57 AM, Roy Golan wrote: On 04/04/2013 09:45 PM, Eduardo Ramos wrote: Hi all! I'm trying to connect my ovirt-engine in a samba4 server. Samba4 is ActiveDirectory complaint. But when I use engine-manage-domains, it returns me a strange message: [root@ovirt-dir eduardo]# engine-manage-domains -action=add -domain=gsr.inpe.br -provider=activeDirectory -user=Administrator -interactive Enter password: Error: Authentication Failed. Error in DNS configuration. Please verify the oVirt Engine host has a valid reverse DNS (PTR) record.. Problematic domain is: getconnection: driver class name=org.postgresql.xa.pgxadatasourcegetconnection: url=jdbc:postgresql://localhost:5432/enginegetconnection: considering encrypted passord. it looks like engine-config have problems opening a db connection. The DNS reported error is a bug and is shown due to the connection error. you should get that same error if you'll use $ engine.config -a you have some problem connecting to the localhost postgres instance using the password entered during setup probably. is your postgresql instance up the engine is able to connect to the db? engine-config is getting the password from the same source where the engine does. also, a PTR record is no longer needed since openjdk 7 due to a change in the impl of the krb5 module. secdomain=encryptdbpasswordexecute: beginning execution of action action_get.fetching key=domainname ver=general Failure while applying Kerberos configuration. Details: Authentication Failed. Error in DNS configuration. Please verify the oVirt Engine host has a valid reverse DNS (PTR) record. Using host command, I got the following results: [root@ovirt-dir eduardo]# host ovirt-dir.gsr.inpe.br ovirt-dir.gsr.inpe.br has address 150.163.80.125 [root@ovirt-dir eduardo]# host 150.163.80.125 125.80.163.150.in-addr.arpa domain name pointer ovirt-dir.gsr.inpe.br. [root@ovirt-dir eduardo]# host -t srv _kerberos._tcp.gsr.inpe.br _kerberos._tcp.gsr.inpe.br has SRV record 1 0 88 samba4.gsr.inpe.br. [root@ovirt-dir eduardo]# host samba4.gsr.inpe.br samba4.gsr.inpe.br has address 150.163.73.109 [root@ovirt-dir eduardo]# host 150.163.73.109 109.73.163.150.in-addr.arpa domain name pointer samba4.gsr.inpe.br. As you can see, it is everything ok. No DNS problem. Someone have any idea? Thanks. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] DNS reverse configuration
Even though ovirt-engine did not tried connect to samba4, I used another user. The issue is that engine-manage-domains said not found PTR entry, although host/nslookup/dig command say the opposite. Is there any detail? On 04/04/2013 05:36 PM, Gianluca Cecchi wrote: On Thu, Apr 4, 2013 at 8:48 PM, Chris Noffsinger wrote: I have successfully gotten samba4 to work with ovirt but I could not use the Administrator user. I had to create another admin user to. Get it to work. Chris Noffsinger It is intended to be so and I think it is the right thing to separate respective roles. I had to do the same with FreeIPA. Gianluca ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] DNS reverse configuration
Hi all! I'm trying to connect my ovirt-engine in a samba4 server. Samba4 is ActiveDirectory complaint. But when I use engine-manage-domains, it returns me a strange message: [root@ovirt-dir eduardo]# engine-manage-domains -action=add -domain=gsr.inpe.br -provider=activeDirectory -user=Administrator -interactive Enter password: Error: Authentication Failed. Error in DNS configuration. Please verify the oVirt Engine host has a valid reverse DNS (PTR) record.. Problematic domain is: getconnection: driver class name=org.postgresql.xa.pgxadatasourcegetconnection: url=jdbc:postgresql://localhost:5432/enginegetconnection: considering encrypted passord. secdomain=encryptdbpasswordexecute: beginning execution of action action_get.fetching key=domainname ver=general Failure while applying Kerberos configuration. Details: Authentication Failed. Error in DNS configuration. Please verify the oVirt Engine host has a valid reverse DNS (PTR) record. Using host command, I got the following results: [root@ovirt-dir eduardo]# host ovirt-dir.gsr.inpe.br ovirt-dir.gsr.inpe.br has address 150.163.80.125 [root@ovirt-dir eduardo]# host 150.163.80.125 125.80.163.150.in-addr.arpa domain name pointer ovirt-dir.gsr.inpe.br. [root@ovirt-dir eduardo]# host -t srv _kerberos._tcp.gsr.inpe.br _kerberos._tcp.gsr.inpe.br has SRV record 1 0 88 samba4.gsr.inpe.br. [root@ovirt-dir eduardo]# host samba4.gsr.inpe.br samba4.gsr.inpe.br has address 150.163.73.109 [root@ovirt-dir eduardo]# host 150.163.73.109 109.73.163.150.in-addr.arpa domain name pointer samba4.gsr.inpe.br. As you can see, it is everything ok. No DNS problem. Someone have any idea? Thanks. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] ovirt kerberos/ldap
Hi! Is there any chance to use ldap simple authentication? What schema should I have? On 02/26/2013 04:58 PM, Eduardo Ramos wrote: Yair, I'm using admin/admin because it's my principal on kerberos. In fact, the checksum error was because I didn't have admin/admin principal created yet. Using kadmin.local I did: kadmin.local: addprinc admin/admin So I tried the same: # engine-manage-domains -action=add -domain=gsr.inpe.br -provider=ipa -user=admin/admin -interactive And it returned on the screen um trace of java: General error has occured[LDAP: error code 80 - SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Unknown error)] javax.naming.NamingException: [LDAP: error code 80 - SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Unknown error)] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3076) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2780) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694) at com.sun.jndi.ldap.LdapCtx.init(LdapCtx.java:306) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) at javax.naming.InitialContext.init(InitialContext.java:240) at javax.naming.InitialContext.init(InitialContext.java:214) at javax.naming.directory.InitialDirContext.init(InitialDirContext.java:99) at org.ovirt.engine.core.utils.kerberos.JndiAction.run(JndiAction.java:78) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:357) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.promptSuccessfulAuthentication(KerberosConfigCheck.java:183) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.validateKerberosInstallation(KerberosConfigCheck.java:159) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.checkInstallation(KerberosConfigCheck.java:144) at org.ovirt.engine.core.utils.kerberos.ManageDomains.checkKerberosConfiguration(ManageDomains.java:637) at org.ovirt.engine.core.utils.kerberos.ManageDomains.testConfiguration(ManageDomains.java:787) at org.ovirt.engine.core.utils.kerberos.ManageDomains.addDomain(ManageDomains.java:454) at org.ovirt.engine.core.utils.kerberos.ManageDomains.runCommand(ManageDomains.java:249) at org.ovirt.engine.core.utils.kerberos.ManageDomains.main(ManageDomains.java:174) Failure while testing domain gsr.inpe.br. Details: No user information was found for user The engine-manage-domain.log has: [2013-02-26 16:55:49,736 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): gsr.inpe.br 2013-02-26 16:55:49,740 DEBUG [org.ovirt.engine.core.utils.kerberos.KrbConfCreator] loaded template kr5.conf file krb5.conf.template 2013-02-26 16:55:49,744 DEBUG [org.ovirt.engine.core.utils.kerberos.KrbConfCreator] setting default_tkt_enctypes 2013-02-26 16:55:49,772 DEBUG [org.ovirt.engine.core.utils.kerberos.KrbConfCreator] setting realms 2013-02-26 16:55:49,773 DEBUG [org.ovirt.engine.core.utils.kerberos.KrbConfCreator] setting domain realm 2013-02-26 16:55:49,774 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): gsr.inpe.br 2013-02-26 16:55:49,774 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: gsr.inpe.br 2013-02-26 16:55:49,827 DEBUG [org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck] Check authentication finished successfully And /var/log/messages on the ldap/kerberos server has: Feb 26 16:49:53 ldap krb5kdc[1446]: AS_REQ (1 etypes {23}) 150.163.73.211: ISSUE: authtime 1361908193, etypes {rep=23 tkt=16 ses=23}, admin/ad...@gsr.inpe.br for krbtgt/gsr.inpe...@gsr.inpe.br Feb 26 16:49:53 ldap krb5kdc[1446]: TGS_REQ (6 etypes {3 1 23 16 17 18}) 150.163.73.211: ISSUE: authtime 1361908193, etypes {rep=23 tkt=16 ses=1}, admin/ad...@gsr.inpe.br for ldap/ldap.gsr.inpe...@gsr.inpe.br Thanks for response. On 02/26/2013 04:35 PM, Yair Zaslavsky wrote: - Original Message - From: Eduardo Ramosedua...@freedominterface.org To:users@ovirt.org Sent: Tuesday, February 26, 2013 9:26:42 PM Subject: Re: [Users] ovirt kerberos/ldap Any one has faced that? On 02/21/2013 10:59 AM, Yair Zaslavsky
Re: [Users] ovirt kerberos/ldap
Any one has faced that? On 02/21/2013 10:59 AM, Yair Zaslavsky wrote: Path to ovirt krb5.conf file - /etc/ovirt-engine/krb5.conf - Original Message - From: Eduardo Ramos edua...@freedominterface.org To: Yaniv Kaul yk...@redhat.com Cc: yzasl...@redhat.com, users@ovirt.org Sent: Thursday, February 21, 2013 3:43:04 PM Subject: Re: [Users] ovirt kerberos/ldap I got new step! I added arcfour-hmac-md5:normal into supported_enctypes and permitted_enctypes directives in kdc.conf. Then I changed password of my principal using the following: change_password -e arcfour-hmac-md5:normal admin/adimin Now, it's ok, but now I got another error that I didn't understand as follows: # engine-manage-domains -action=add -domain=gsr.inpe.br -user=admin/admin -interactive -provider=IPA Enter password: Error: exception message: Checksum failed Failure while testing domain gsr.inpe.br. Details: Kerberos error. Please check log for further details. The log of kdc says: Feb 21 10:36:45 ldap krb5kdc[5386]: AS_REQ (1 etypes {23}) 150.163.73.78: ISSUE: authtime 1361453805, etypes {rep=23 tkt=16 ses=23}, admin/ad...@gsr.inpe.br for krbtgt/gsr.inpe...@gsr.inpe.br And the engine-manage-domains.log says: 2013-02-21 10:36:46,722 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): gsr.inpe.br 2013-02-21 10:36:46,745 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): gsr.inpe.br 2013-02-21 10:36:46,745 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: gsr.inpe.br 2013-02-21 10:36:46,819 ERROR [org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck] Error: exception message: Checksum failed 2013-02-21 10:36:46,822 ERROR [org.ovirt.engine.core.utils.kerberos.ManageDomains] Failure while testing domain gsr.inpe.br. Details: Kerberos error. Please check log for further details. On 02/21/2013 08:55 AM, Yaniv Kaul wrote: On 21/02/13 13:24, Eduardo Ramos wrote: Morning! That's my log entry. PCAP attached. Feb 21 08:12:57 ldap krb5kdc[4314]: AS_REQ (1 etypes {23}) 150.163.73.78: BAD_ENCRYPTION_TYPE: admin/ad...@gsr.inpe.br for krbtgt/gsr.inpe...@gsr.inpe.br, KDC has no support for encryption type You are using rc4_hmac, which is the right encryption protocol usually. One can disable it (using 'permitted_enctypes' directive). My /etc/krb5.conf This is not the krb5.conf file oVirt is using. Please search your system for oVirt's krb5.conf (sorry, don't have it from the top of my head). In any case, I'd check the IPA configuration. Y. [libdefaults] default_realm = GSR.INPE.BR allow_weak_crypto = yes default_tkt_enctypes = rc4-hmac des-cbc-md5 default_tgs_enctypes = rc4-hmac des-cbc-md5 [realms] GSR.INPE.BR = { master_kdc = GSR.INPE.BR kdc = kerberos.gsr.inpe.br default_domain = gsr.inpe.br } [domain_realm] .gsr.inpe.br = GSR.INPE.BR gsr.inpe.br = GSR.INPE.BR [logging] kdc = SYSLOG:INFO Is it sufice? On 02/21/2013 06:48 AM, Yair Zaslavsky wrote: Please provide info also on the IPA server you are using (use rpm -qa for that) - Original Message - From: Yaniv Kaul yk...@redhat.com To: Eduardo Ramos edua...@freedominterface.org Cc: users@ovirt.org Sent: Thursday, February 21, 2013 11:14:41 AM Subject: Re: [Users] ovirt kerberos/ldap - Original Message - Hi all! I'm trying to link a ldap/kerberos to my ovirt without success. I'm stuck with this: oVirt engine: # engine-manage-domains -action=add -domain=gsr.inpe.br -user=admin/admin -interactive -provider=IPA Enter password: Error: exception message: KDC has no support for encryption type (14) - BAD_ENCRYPTION_TYPE Please snoop the connection between the engine and the IPA server. Port 88, full packets ('-s 1500' on tcpdump), into file ('-w /tmp/kerb.pcap' ). Y. Failure while testing domain gsr.inpe.br. Details: Kerberos error. Please check log for further details. kdc log: Feb 20 18:02:55 ldap krb5kdc[4314]: AS_REQ (1 etypes {23}) 150.163.73.78: BAD_ENCRYPTION_TYPE: admin/ad...@gsr.inpe.br for krbtgt/gsr.inpe...@gsr.inpe.br, KDC has no support for encryption type Any sugestion? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] ovirt kerberos/ldap
Yair, I'm using admin/admin because it's my principal on kerberos. In fact, the checksum error was because I didn't have admin/admin principal created yet. Using kadmin.local I did: kadmin.local: addprinc admin/admin So I tried the same: # engine-manage-domains -action=add -domain=gsr.inpe.br -provider=ipa -user=admin/admin -interactive And it returned on the screen um trace of java: General error has occured[LDAP: error code 80 - SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Unknown error)] javax.naming.NamingException: [LDAP: error code 80 - SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Unknown error)] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3076) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2780) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694) at com.sun.jndi.ldap.LdapCtx.init(LdapCtx.java:306) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) at javax.naming.InitialContext.init(InitialContext.java:240) at javax.naming.InitialContext.init(InitialContext.java:214) at javax.naming.directory.InitialDirContext.init(InitialDirContext.java:99) at org.ovirt.engine.core.utils.kerberos.JndiAction.run(JndiAction.java:78) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:357) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.promptSuccessfulAuthentication(KerberosConfigCheck.java:183) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.validateKerberosInstallation(KerberosConfigCheck.java:159) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.checkInstallation(KerberosConfigCheck.java:144) at org.ovirt.engine.core.utils.kerberos.ManageDomains.checkKerberosConfiguration(ManageDomains.java:637) at org.ovirt.engine.core.utils.kerberos.ManageDomains.testConfiguration(ManageDomains.java:787) at org.ovirt.engine.core.utils.kerberos.ManageDomains.addDomain(ManageDomains.java:454) at org.ovirt.engine.core.utils.kerberos.ManageDomains.runCommand(ManageDomains.java:249) at org.ovirt.engine.core.utils.kerberos.ManageDomains.main(ManageDomains.java:174) Failure while testing domain gsr.inpe.br. Details: No user information was found for user The engine-manage-domain.log has: [2013-02-26 16:55:49,736 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): gsr.inpe.br 2013-02-26 16:55:49,740 DEBUG [org.ovirt.engine.core.utils.kerberos.KrbConfCreator] loaded template kr5.conf file krb5.conf.template 2013-02-26 16:55:49,744 DEBUG [org.ovirt.engine.core.utils.kerberos.KrbConfCreator] setting default_tkt_enctypes 2013-02-26 16:55:49,772 DEBUG [org.ovirt.engine.core.utils.kerberos.KrbConfCreator] setting realms 2013-02-26 16:55:49,773 DEBUG [org.ovirt.engine.core.utils.kerberos.KrbConfCreator] setting domain realm 2013-02-26 16:55:49,774 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): gsr.inpe.br 2013-02-26 16:55:49,774 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: gsr.inpe.br 2013-02-26 16:55:49,827 DEBUG [org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck] Check authentication finished successfully And /var/log/messages on the ldap/kerberos server has: Feb 26 16:49:53 ldap krb5kdc[1446]: AS_REQ (1 etypes {23}) 150.163.73.211: ISSUE: authtime 1361908193, etypes {rep=23 tkt=16 ses=23}, admin/ad...@gsr.inpe.br for krbtgt/gsr.inpe...@gsr.inpe.br Feb 26 16:49:53 ldap krb5kdc[1446]: TGS_REQ (6 etypes {3 1 23 16 17 18}) 150.163.73.211: ISSUE: authtime 1361908193, etypes {rep=23 tkt=16 ses=1}, admin/ad...@gsr.inpe.br for ldap/ldap.gsr.inpe...@gsr.inpe.br Thanks for response. On 02/26/2013 04:35 PM, Yair Zaslavsky wrote: - Original Message - From: Eduardo Ramos edua...@freedominterface.org To: users@ovirt.org Sent: Tuesday, February 26, 2013 9:26:42 PM Subject: Re: [Users] ovirt kerberos/ldap Any one has faced that? On 02/21/2013 10:59 AM, Yair Zaslavsky wrote: Path to ovirt krb5.conf file - /etc/ovirt-engine/krb5.conf - Original Message - From: Eduardo Ramos edua
Re: [Users] ovirt kerberos/ldap
Morning! That's my log entry. PCAP attached. Feb 21 08:12:57 ldap krb5kdc[4314]: AS_REQ (1 etypes {23}) 150.163.73.78: BAD_ENCRYPTION_TYPE: admin/ad...@gsr.inpe.br for krbtgt/gsr.inpe...@gsr.inpe.br, KDC has no support for encryption type My /etc/krb5.conf [libdefaults] default_realm = GSR.INPE.BR allow_weak_crypto = yes default_tkt_enctypes = rc4-hmac des-cbc-md5 default_tgs_enctypes = rc4-hmac des-cbc-md5 [realms] GSR.INPE.BR = { master_kdc = GSR.INPE.BR kdc = kerberos.gsr.inpe.br default_domain = gsr.inpe.br } [domain_realm] .gsr.inpe.br = GSR.INPE.BR gsr.inpe.br = GSR.INPE.BR [logging] kdc = SYSLOG:INFO Is it sufice? On 02/21/2013 06:48 AM, Yair Zaslavsky wrote: Please provide info also on the IPA server you are using (use rpm -qa for that) - Original Message - From: Yaniv Kaul yk...@redhat.com To: Eduardo Ramos edua...@freedominterface.org Cc: users@ovirt.org Sent: Thursday, February 21, 2013 11:14:41 AM Subject: Re: [Users] ovirt kerberos/ldap - Original Message - Hi all! I'm trying to link a ldap/kerberos to my ovirt without success. I'm stuck with this: oVirt engine: # engine-manage-domains -action=add -domain=gsr.inpe.br -user=admin/admin -interactive -provider=IPA Enter password: Error: exception message: KDC has no support for encryption type (14) - BAD_ENCRYPTION_TYPE Please snoop the connection between the engine and the IPA server. Port 88, full packets ('-s 1500' on tcpdump), into file ('-w /tmp/kerb.pcap' ). Y. Failure while testing domain gsr.inpe.br. Details: Kerberos error. Please check log for further details. kdc log: Feb 20 18:02:55 ldap krb5kdc[4314]: AS_REQ (1 etypes {23}) 150.163.73.78: BAD_ENCRYPTION_TYPE: admin/ad...@gsr.inpe.br for krbtgt/gsr.inpe...@gsr.inpe.br, KDC has no support for encryption type Any sugestion? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users kerb.pcap Description: Binary data libssh2-1.2.2-11.el6_3.x86_64 setup-2.8.14-16.el6.noarch libxml2-2.7.6-8.el6_3.4.x86_64 basesystem-10.0-4.el6.noarch libtalloc-2.0.1-1.1.el6.x86_64 ca-certificates-2010.63-3.el6_1.5.noarch libtdb-1.2.1-3.el6.x86_64 libcollection-0.6.0-9.el6.x86_64 nss-softokn-freebl-3.12.9-11.el6.x86_64 libldb-0.9.10-23.el6.x86_64 perl-version-0.77-127.el6.x86_64 bash-4.1.2-9.el6_2.x86_64 perl-Pod-Simple-3.13-127.el6.x86_64 libcap-2.16-5.5.el6.x86_64 perl-5.10.1-127.el6.x86_64 info-4.13a-8.el6.x86_64 perl-XML-SAX-0.96-7.el6.noarch chkconfig-1.3.49.3-2.el6.x86_64 perl-Compress-Raw-Zlib-2.020-127.el6.x86_64 libacl-2.2.49-6.el6.x86_64 perl-URI-1.40-2.el6.noarch audit-libs-2.2-2.el6.x86_64 perl-Compress-Zlib-2.020-127.el6.x86_64 db4-4.7.25-17.el6.x86_64 perl-Digest-SHA1-2.12-2.el6.x86_64 readline-6.0-4.el6.x86_64 perl-Convert-ASN1-0.22-1.el6.noarch libselinux-2.0.94-5.3.el6.x86_64 perl-HTML-Parser-3.64-2.el6.x86_64 glib2-2.22.5-7.el6.x86_64 perl-Net-SSLeay-1.35-9.el6.x86_64 shadow-utils-4.1.4.2-13.el6.x86_64 perl-GSSAPI-0.26-5.el6.x86_64 perl-Text-Iconv-1.7-6.el6.x86_64 libstdc++-4.4.6-4.el6.x86_64 libpath_utils-0.2.1-9.el6.x86_64 file-libs-5.04-13.el6.x86_64 perl-libwww-perl-5.833-2.el6.noarch libtool-ltdl-2.2.6-15.5.el6.x86_64 xz-libs-4.999.9-0.3.beta.20091007git.el6.x86_64 make-3.81-20.el6.x86_64 lua-5.1.4-4.1.el6.x86_64 libref_array-0.1.1-9.el6.x86_64 iproute-2.6.32-20.el6.x86_64 c-ares-1.7.0-6.el6.x86_64 elfutils-libelf-0.152-1.el6.x86_64 sssd-1.8.0-32.el6.x86_64 perl-LDAP-0.40-1.el6.noarch libtirpc-0.2.1-5.el6.x86_64 vim-common-7.2.411-1.8.el6.x86_64 pcre-7.8-4.el6.x86_64 vim-enhanced-7.2.411-1.8.el6.x86_64 findutils-4.4.2-6.el6.x86_64 gpg-pubkey-0608b895-4bd22942 libselinux-utils-2.0.94-5.3.el6.x86_64 apr-1.3.9-5.el6_2.x86_64 bzip2-1.0.5-7.el6_0.x86_64 apr-util-ldap-1.3.9-3.el6_0.1.x86_64 pth-2.0.7-9.3.el6.x86_64 httpd-2.2.15-15.el6.centos.1.x86_64 expat-2.0.1-11.el6_2.x86_64 php-cli-5.3.3-14.el6_3.x86_64 dbus-glib-0.86-5.el6.x86_64 lighttpd-1.4.31-1.el6.x86_64 iptables-ipv6-1.4.7-5.1.el6_2.x86_64 upstart-0.6.5-12.el6.x86_64 xinetd-2.3.14-35.el6_3.x86_64 nss-softokn-3.12.9-11.el6.x86_64 krb5-appl-clients-1.0.1-7.el6_2.1.x86_64 libusb-0.1.12-23.el6.x86_64 xz-4.999.9-0.3.beta.20091007git.el6.x86_64 grubby-7.0.15-3.el6.x86_64 man-1.6f-30.el6.x86_64 libutempter-1.1.5-4.1.el6.x86_64 strace-4.5.19-1.11.el6_3.2.x86_64 tar-1.23-7.el6.x86_64 nmap-5.51-2.el6.x86_64 krb5-libs-1.9-33.el6_3.3.x86_64 e2fsprogs-libs-1.41.12-12.el6.x86_64 krb5-appl-servers-1.0.1-7.el6_2.1.x86_64 pinentry-0.7.6-6.el6.x86_64 krb5-workstation-1.9-33.el6_3.3.x86_64 m4-1.4.13-5.el6.x86_64 diffutils-2.8.1-28.el6.x86_64 libedit-2.11-4.20080712cvs.1.el6.x86_64 groff-1.18.1.4-21.el6.x86_64 coreutils-libs-8.4-19.el6.x86_64 cracklib-2.8.16-4.el6.x86_64 coreutils-8.4-19.el6.x86_64 hwdata-0.233-7.8.el6.noarch
Re: [Users] ovirt kerberos/ldap
I got new step! I added arcfour-hmac-md5:normal into supported_enctypes and permitted_enctypes directives in kdc.conf. Then I changed password of my principal using the following: change_password -e arcfour-hmac-md5:normal admin/adimin Now, it's ok, but now I got another error that I didn't understand as follows: # engine-manage-domains -action=add -domain=gsr.inpe.br -user=admin/admin -interactive -provider=IPA Enter password: Error: exception message: Checksum failed Failure while testing domain gsr.inpe.br. Details: Kerberos error. Please check log for further details. The log of kdc says: Feb 21 10:36:45 ldap krb5kdc[5386]: AS_REQ (1 etypes {23}) 150.163.73.78: ISSUE: authtime 1361453805, etypes {rep=23 tkt=16 ses=23}, admin/ad...@gsr.inpe.br for krbtgt/gsr.inpe...@gsr.inpe.br And the engine-manage-domains.log says: 2013-02-21 10:36:46,722 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): gsr.inpe.br 2013-02-21 10:36:46,745 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): gsr.inpe.br 2013-02-21 10:36:46,745 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: gsr.inpe.br 2013-02-21 10:36:46,819 ERROR [org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck] Error: exception message: Checksum failed 2013-02-21 10:36:46,822 ERROR [org.ovirt.engine.core.utils.kerberos.ManageDomains] Failure while testing domain gsr.inpe.br. Details: Kerberos error. Please check log for further details. On 02/21/2013 08:55 AM, Yaniv Kaul wrote: On 21/02/13 13:24, Eduardo Ramos wrote: Morning! That's my log entry. PCAP attached. Feb 21 08:12:57 ldap krb5kdc[4314]: AS_REQ (1 etypes {23}) 150.163.73.78: BAD_ENCRYPTION_TYPE: admin/ad...@gsr.inpe.br for krbtgt/gsr.inpe...@gsr.inpe.br, KDC has no support for encryption type You are using rc4_hmac, which is the right encryption protocol usually. One can disable it (using 'permitted_enctypes' directive). My /etc/krb5.conf This is not the krb5.conf file oVirt is using. Please search your system for oVirt's krb5.conf (sorry, don't have it from the top of my head). In any case, I'd check the IPA configuration. Y. [libdefaults] default_realm = GSR.INPE.BR allow_weak_crypto = yes default_tkt_enctypes = rc4-hmac des-cbc-md5 default_tgs_enctypes = rc4-hmac des-cbc-md5 [realms] GSR.INPE.BR = { master_kdc = GSR.INPE.BR kdc = kerberos.gsr.inpe.br default_domain = gsr.inpe.br } [domain_realm] .gsr.inpe.br = GSR.INPE.BR gsr.inpe.br = GSR.INPE.BR [logging] kdc = SYSLOG:INFO Is it sufice? On 02/21/2013 06:48 AM, Yair Zaslavsky wrote: Please provide info also on the IPA server you are using (use rpm -qa for that) - Original Message - From: Yaniv Kaul yk...@redhat.com To: Eduardo Ramos edua...@freedominterface.org Cc: users@ovirt.org Sent: Thursday, February 21, 2013 11:14:41 AM Subject: Re: [Users] ovirt kerberos/ldap - Original Message - Hi all! I'm trying to link a ldap/kerberos to my ovirt without success. I'm stuck with this: oVirt engine: # engine-manage-domains -action=add -domain=gsr.inpe.br -user=admin/admin -interactive -provider=IPA Enter password: Error: exception message: KDC has no support for encryption type (14) - BAD_ENCRYPTION_TYPE Please snoop the connection between the engine and the IPA server. Port 88, full packets ('-s 1500' on tcpdump), into file ('-w /tmp/kerb.pcap' ). Y. Failure while testing domain gsr.inpe.br. Details: Kerberos error. Please check log for further details. kdc log: Feb 20 18:02:55 ldap krb5kdc[4314]: AS_REQ (1 etypes {23}) 150.163.73.78: BAD_ENCRYPTION_TYPE: admin/ad...@gsr.inpe.br for krbtgt/gsr.inpe...@gsr.inpe.br, KDC has no support for encryption type Any sugestion? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] ovirt 3.2 host network interfaces
Hi all! Today I installed the new oVirt 3.2 on CentOS 6.3 using www.dreyou.org repository and I liked so much. But, I'm having problems setting networks into physical interfaces of the hosts. On my production environment oVirt 3.1, I have several networks in my eth1 interface, but in the new one, I can't do the same. When I add a network to eth1, no other can be added to. The webadmin says me: No valid operation for network2 and eth1. How can I add several networks to the same eth? Thanks. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] ovirt kerberos/ldap
Hi all! I'm trying to link a ldap/kerberos to my ovirt without success. I'm stuck with this: oVirt engine: # engine-manage-domains -action=add -domain=gsr.inpe.br -user=admin/admin -interactive -provider=IPA Enter password: Error: exception message: KDC has no support for encryption type (14) - BAD_ENCRYPTION_TYPE Failure while testing domain gsr.inpe.br. Details: Kerberos error. Please check log for further details. kdc log: Feb 20 18:02:55 ldap krb5kdc[4314]: AS_REQ (1 etypes {23}) 150.163.73.78: BAD_ENCRYPTION_TYPE: admin/ad...@gsr.inpe.br for krbtgt/gsr.inpe...@gsr.inpe.br, KDC has no support for encryption type Any sugestion? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users