[ovirt-users] Re: What is this error message from?

2020-02-18 Thread Jeremy Tourville 
I don't recall running any convert operations on the host and certainly not on 
the time/date listed.  *If* I ran any conversions were run, they were run from 
a laptop and then I moved the converted disk to this host.  I definitely didn't 
make any volume changes.  Is this image conversion part of the template 
process?  I have been creating quite a few templates lately.  I have noted that 
several of them failed and I had to rerun the process.  Is this some sort of 
process that just keeps trying over and over because it thinks it failed?  
That's the only theory I can come up with.


From: Kevin Wolf 
Sent: Tuesday, February 18, 2020 3:01 AM
To: Nir Soffer 
Cc: jeremy_tourvi...@hotmail.com ; users 
; Krutika Dhananjay 
Subject: Re: [ovirt-users] What is this error message from?

Am 17.02.2020 um 16:16 hat Nir Soffer geschrieben:
> On Mon, Feb 17, 2020, 16:53  wrote:
>
> > I have seen this error message repeatedly when reviewing events.
> >
> > VDSM vmh.cyber-range.lan command HSMGetAllTasksStatusesVDS failed: low
> > level Image copy failed: ("Command ['/usr/bin/qemu-img', 'convert', '-p',
> > '-t', 'none', '-T', 'none', '-f', 'raw',
> > u'/rhev/data-center/mnt/glusterSD/storage.cyber-range.lan:_vmstore/dd69364b-2c02-4165-bc4b-2f2a3b7fc10d/images/c651575f-75a0-492e-959e-8cfee6b6a7b5/9b5601fe-9627-4a8a-8a98-4959f68fb137',
> > '-O', 'qcow2', '-o', 'compat=1.1',
> > u'/rhev/data-center/mnt/glusterSD/storage.cyber-range.lan:_vmstore/dd69364b-2c02-4165-bc4b-2f2a3b7fc10d/images/6a2ce11a-deec-41e0-a726-9de6ba6d4ddd/6d738c08-0f8c-4a10-95cd-eeaa2d638db5']
> > failed with rc=1 out='' err=bytearray(b'qemu-img: error while reading
> > sector 24117243: No such file or directory\\n')",)
> >
>
> Looks like copying image failed with ENOENT while reading
> offset 12348028416 (11.49 GiB).
>
> I never seen such failure, typically after opening a file read will never
> fail with such error, but in gluster this may be possible.
>
> Please share vdsm log showingn this error, it may add useful info.
>
> Also glusterfs client logs from
> /var/log/glusterfs*/*storage.cyber-range.lan*.log
>
> Kevin, Krutika, do you have an idea about this error?

This is a weird one. Not only that reading shouldn't be looking up any
filename, but also that it's not at offset 0, but suddenly somewhere in
the middle of the image file.

I think it's pretty safe to say that this error doesn't come from QEMU,
but from the kernel. Did you (or some software) change anything about
the volume in the background while the convert operation was running?

Kevin

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/THXY23PVOWNCEQ7QUWNQGHSLMZLMLRW5/

[ovirt-users] Re: Move Self Hosted Engine to Standalone

2020-02-18 Thread Jeremy Tourville 
OK, that worked perfectly, thanks!  I was able to run the restore and then run 
engine-setup.  How do I remove the old self-hosted engine  properly?


From: Staniforth, Paul 
Sent: Tuesday, February 18, 2020 3:57 AM
To: Jeremy Tourville ; Robert Webb 
; users@ovirt.org 
Subject: Re: [ovirt-users] Re: Move Self Hosted Engine to Standalone



Hi Jeremy,
   I think you must have run the engine-setup before the 
restore, the restore is designed to restore to a clean install or the previous 
install with the same credentials. If you delete the postgresql config you can 
then install with your postgres credentials.

e.g.
systemctl stop rh-postgresql10-postgresql.service
rm -rf /var/opt/rh/rh-postgresql10/lib/pgsql/data/*

regards,
Paul S.

From: Jeremy Tourville 
Sent: 18 February 2020 02:26
To: Robert Webb ; users@ovirt.org 
Subject: [ovirt-users] Re: Move Self Hosted Engine to Standalone


Caution External Mail: Do not click any links or open any attachments unless 
you trust the sender and know that the content is safe.

I did get a little further.

First I ran engine-cleanup on my new engine where I will be running the restore 
operation. (I had previously run the engine-setup script on this machine)

Then I ran this-

[root@engine ~]# engine-backup --mode=restore 
--file=ovirt-engine-backup-20200217125040.backup 
--log=ovirt-engine-backup-20200217125040.log --provision-db --provision-dwh-db 
--restore-permissions
Start of engine-backup with mode 'restore'
scope: all
archive file: ovirt-engine-backup-20200217125040.backup
log file: ovirt-engine-backup-20200217125040.log
Preparing to restore:
- Unpacking file 'ovirt-engine-backup-20200217125040.backup'
Restoring:
- Files
Provisioning PostgreSQL users/databases:
- user 'engine', database 'engine'
FATAL: Existing database 'engine' or user 'engine' found and temporary ones 
created - Please clean up everything and try again

Time to research further for that FATAL error message.  Isn't that the purpose 
of engine-cleanup though?  Why the conflict?


From: Robert Webb 
Sent: Monday, February 17, 2020 1:42 PM
To: Jeremy Tourville ; users@ovirt.org 

Subject: Re: [ovirt-users] Move Self Hosted Engine to Standalone

Try looking at the RHEV info here and go to section 6.2.2 and see if that helps.

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.0/html/self-hosted_engine_guide/sect-restoring_she_bkup<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess.redhat.com%2Fdocumentation%2Fen-us%2Fred_hat_virtualization%2F4.0%2Fhtml%2Fself-hosted_engine_guide%2Fsect-restoring_she_bkup=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7Ccd79555b8ae944903bfb08d7b439437e%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637176030350726202=8wwf7tq7U3bPg43KkObrKdkd8Plr3qt5VdhgkJxyUKs%3D=0>


From: Jeremy Tourville 
Sent: Monday, February 17, 2020 2:26 PM
To: Robert Webb; users@ovirt.org
Subject: Re: [ovirt-users] Move Self Hosted Engine to Standalone

OK, I was able to get the backup completed.  I am a little confused on how to 
do the restore though.  
https://www.ovirt.org/documentation/self-hosted/chap-Backing_up_and_Restoring_an_EL-Based_Self-Hosted_Environment.html<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.org%2Fdocumentation%2Fself-hosted%2Fchap-Backing_up_and_Restoring_an_EL-Based_Self-Hosted_Environment.html=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7Ccd79555b8ae944903bfb08d7b439437e%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637176030350726202=m7M4G8R74x21WFDKT%2BGaKISRX01Ua9A749vsQRVROw4%3D=0>

Is this link even applicable?  My environment is a single node, not EL based.  
Anyhow, here is what I have so far-

[root@engine glusterfs]# engine-backup
Start of engine-backup with mode 'backup'
scope: all
archive file: 
/var/lib/ovirt-engine-backup/ovirt-engine-backup-20200217125040.backup
log file: /var/log/ovirt-engine-backup/ovirt-engine-backup-20200217125040.log
Backing up:
Notifying engine
- Files
- Engine database 'engine'
- DWH database 'ovirt_engine_history'
Packing into file 
'/var/lib/ovirt-engine-backup/ovirt-engine-backup-20200217125040.backup'
Notifying engine
Done.
[root@engine glusterfs]#

I moved the backup file to my new engine.
How do I perform the restore?

The directions say:

# engine-backup --mode=restore --file=file_name --log=log_file_name 
--provision-db --provision-dwh-db --restore-permissions

What is the file name and log_file name?  Do I need to do something to unpack 
my backup file?


From: Robert Webb 
Sent: Monday, February 17, 2020 9:13 AM
To: jeremy_tourvi...@hotmail.com ; 
users@ovirt.org 
Subject: RE: [ovirt-users] Move Self Hosted Engine to Standalone

Can you take a backup  of the original, build the new one, then do a restore?

> -Original Mess

[ovirt-users] Re: Move Self Hosted Engine to Standalone

2020-02-17 Thread Jeremy Tourville 
I did get a little further.

First I ran engine-cleanup on my new engine where I will be running the restore 
operation. (I had previously run the engine-setup script on this machine)

Then I ran this-

[root@engine ~]# engine-backup --mode=restore 
--file=ovirt-engine-backup-20200217125040.backup 
--log=ovirt-engine-backup-20200217125040.log --provision-db --provision-dwh-db 
--restore-permissions
Start of engine-backup with mode 'restore'
scope: all
archive file: ovirt-engine-backup-20200217125040.backup
log file: ovirt-engine-backup-20200217125040.log
Preparing to restore:
- Unpacking file 'ovirt-engine-backup-20200217125040.backup'
Restoring:
- Files
Provisioning PostgreSQL users/databases:
- user 'engine', database 'engine'
FATAL: Existing database 'engine' or user 'engine' found and temporary ones 
created - Please clean up everything and try again

Time to research further for that FATAL error message.  Isn't that the purpose 
of engine-cleanup though?  Why the conflict?


From: Robert Webb 
Sent: Monday, February 17, 2020 1:42 PM
To: Jeremy Tourville ; users@ovirt.org 

Subject: Re: [ovirt-users] Move Self Hosted Engine to Standalone

Try looking at the RHEV info here and go to section 6.2.2 and see if that helps.

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.0/html/self-hosted_engine_guide/sect-restoring_she_bkup


From: Jeremy Tourville 
Sent: Monday, February 17, 2020 2:26 PM
To: Robert Webb; users@ovirt.org
Subject: Re: [ovirt-users] Move Self Hosted Engine to Standalone

OK, I was able to get the backup completed.  I am a little confused on how to 
do the restore though.  
https://www.ovirt.org/documentation/self-hosted/chap-Backing_up_and_Restoring_an_EL-Based_Self-Hosted_Environment.html

Is this link even applicable?  My environment is a single node, not EL based.  
Anyhow, here is what I have so far-

[root@engine glusterfs]# engine-backup
Start of engine-backup with mode 'backup'
scope: all
archive file: 
/var/lib/ovirt-engine-backup/ovirt-engine-backup-20200217125040.backup
log file: /var/log/ovirt-engine-backup/ovirt-engine-backup-20200217125040.log
Backing up:
Notifying engine
- Files
- Engine database 'engine'
- DWH database 'ovirt_engine_history'
Packing into file 
'/var/lib/ovirt-engine-backup/ovirt-engine-backup-20200217125040.backup'
Notifying engine
Done.
[root@engine glusterfs]#

I moved the backup file to my new engine.
How do I perform the restore?

The directions say:

# engine-backup --mode=restore --file=file_name --log=log_file_name 
--provision-db --provision-dwh-db --restore-permissions

What is the file name and log_file name?  Do I need to do something to unpack 
my backup file?


From: Robert Webb 
Sent: Monday, February 17, 2020 9:13 AM
To: jeremy_tourvi...@hotmail.com ; 
users@ovirt.org 
Subject: RE: [ovirt-users] Move Self Hosted Engine to Standalone

Can you take a backup  of the original, build the new one, then do a restore?

> -Original Message-
> From: jeremy_tourvi...@hotmail.com 
> Sent: Monday, February 17, 2020 10:11 AM
> To: users@ovirt.org
> Subject: [ovirt-users] Move Self Hosted Engine to Standalone
>
> I have a single oVirt host running a self-hosted engine.  I'd like to move the
> engine off the host and run it on a standalone server. I am running Software
> Version:4.3.6.6-1.el7  Can anyone tell me what the procedure is for that?
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org Privacy Statement:
> https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/C7IRADM7HZW
> RAD6Y6F76T5CS4ABQ3Y3R/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7PGV6CWD4G3VIIEQ2XBICZ2IQDJGI253/

[ovirt-users] Re: Move Self Hosted Engine to Standalone

2020-02-17 Thread Jeremy Tourville 
OK, I was able to get the backup completed.  I am a little confused on how to 
do the restore though.  
https://www.ovirt.org/documentation/self-hosted/chap-Backing_up_and_Restoring_an_EL-Based_Self-Hosted_Environment.html

Is this link even applicable?  My environment is a single node, not EL based.  
Anyhow, here is what I have so far-

[root@engine glusterfs]# engine-backup
Start of engine-backup with mode 'backup'
scope: all
archive file: 
/var/lib/ovirt-engine-backup/ovirt-engine-backup-20200217125040.backup
log file: /var/log/ovirt-engine-backup/ovirt-engine-backup-20200217125040.log
Backing up:
Notifying engine
- Files
- Engine database 'engine'
- DWH database 'ovirt_engine_history'
Packing into file 
'/var/lib/ovirt-engine-backup/ovirt-engine-backup-20200217125040.backup'
Notifying engine
Done.
[root@engine glusterfs]#

I moved the backup file to my new engine.
How do I perform the restore?

The directions say:

# engine-backup --mode=restore --file=file_name --log=log_file_name 
--provision-db --provision-dwh-db --restore-permissions

What is the file name and log_file name?  Do I need to do something to unpack 
my backup file?


From: Robert Webb 
Sent: Monday, February 17, 2020 9:13 AM
To: jeremy_tourvi...@hotmail.com ; 
users@ovirt.org 
Subject: RE: [ovirt-users] Move Self Hosted Engine to Standalone

Can you take a backup  of the original, build the new one, then do a restore?

> -Original Message-
> From: jeremy_tourvi...@hotmail.com 
> Sent: Monday, February 17, 2020 10:11 AM
> To: users@ovirt.org
> Subject: [ovirt-users] Move Self Hosted Engine to Standalone
>
> I have a single oVirt host running a self-hosted engine.  I'd like to move the
> engine off the host and run it on a standalone server. I am running Software
> Version:4.3.6.6-1.el7  Can anyone tell me what the procedure is for that?
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org Privacy Statement:
> https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/C7IRADM7HZW
> RAD6Y6F76T5CS4ABQ3Y3R/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XD4M7U55BJAU7PXQMG37NAX34OP22O6B/

[ovirt-users] Re: Ansible oVirt.image-template role

2019-05-10 Thread Jeremy Tourville 
My run setup.yml is as follows:

---
 - hosts: ovirt-engine
   roles:
   - ovirt.image-template

The playbook and vars are same as the blog except for hostname(s), password(s), 
etc.  I've changed those where needed to fit my environment.


From: Ondra Machacek 
Sent: Thursday, May 9, 2019 2:12 AM
To: Jeremy Tourville; users@ovirt.org
Subject: Re: [ovirt-users] Ansible oVirt.image-template role

Can you share what you have in runsetup.yml. According to log, there is
  run only 'gather facts' task and nothing more.

On 09/05/2019 03:41, Jeremy Tourville wrote:
> I am trying to run an Ansible playbook that doesn't appear to run
> correctly.  I have followed the example from this blog -
> https://evaryont.me/blog/2018/09/getting-started-with-vagrant-and-ovirt-from-scratch.html
>
> The playbook finishes with an ok status but the template never gets
> built in Ovirt.
> I have taken logs from three locations hoping to spot the error:
>
>   * [root@ansible ansible]#ansible-playbook - runsetup.yml
>   * [root@ansible ansible]# less /var/log/ansible.log
>   * [root@engine ~]# tail -f /var/log/messages (while the playbook is
> being run.
>
> The server Ansible is my control node and Engine is my managed host.
> Can anyone help me interpret the attached logs in an effort to further
> troubleshoot?  Thanks!
>
>
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PYBFA3TU2P3STKEOE3L6RUDIF245CYA/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/DA6OLMU5ESRJSB637OAZ7VUGSEAKUCC4/

[ovirt-users] Ansible oVirt.image-template role

2019-05-08 Thread Jeremy Tourville 
I am trying to run an Ansible playbook that doesn't appear to run correctly.  I 
have followed the example from this blog - 
https://evaryont.me/blog/2018/09/getting-started-with-vagrant-and-ovirt-from-scratch.html

The playbook finishes with an ok status but the template never gets built in 
Ovirt.
I have taken logs from three locations hoping to spot the error:

  *   [root@ansible ansible]#ansible-playbook - runsetup.yml
  *   [root@ansible ansible]# less /var/log/ansible.log
  *   [root@engine ~]# tail -f /var/log/messages (while the playbook is being 
run.

The server Ansible is my control node and Engine is my managed host.
Can anyone help me interpret the attached logs in an effort to further 
troubleshoot?  Thanks!




Ansible Error.rtf
Description: Ansible Error.rtf
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PYBFA3TU2P3STKEOE3L6RUDIF245CYA/

[ovirt-users] Re: Vagrant Plugin

2019-03-30 Thread Jeremy Tourville 
Thanks for your reply Luca,
I confirmed the cluster name, it is "Default".  I even tried to run the script 
again and I made sure the D in default was upper case because linux is case 
sensitive.  It still fails in the same way as before.


[cid:c5758639-8ce0-46d1-ad0b-900af9cc138e]

From: Luca 'remix_tj' Lorenzetto 
Sent: Saturday, March 30, 2019 3:34 AM
To: Jeremy Tourville
Subject: Re: [ovirt-users] Vagrant Plugin




Il ven 29 mar 2019, 19:12 Jeremy Tourville 
mailto:jeremy_tourvi...@hotmail.com>> ha scritto:
I am having some trouble getting the Ovirt Vagrant plugin working.  I was able 
to get Vagrant installed and could even run the example scenario listed in the 
blog. https://www.ovirt.org/blog/2017/02/using-oVirt-vagrant.html

My real issue is getting a vm generated by the SecGen project 
https://github.com/SecGen/SecGen  to come up.  If I use the VirtualBox provider 
everything works as expected and I can launch the vm with vagrant up.  If I try 
to run using Ovirt provider it fails.

I had originally posted this over in Google groups /  Vagrant forums and it was 
suggested to take it to Ovirt.  Hopefully, somebody here has some insights.

The process fails quickly with the following output.  Can anyone give some 
suggestions on how to fix the issue?  I have also included a copy of my 
vagrantfile below. Thanks in advance for your assistance!

***Output***

Bringing machine 'escalation' up with 'ovirt4' provider...
==> escalation: Creating VM with the following settings...
==> escalation:  -- Name:  SecGen-default-scenario-escalation
==> escalation:  -- Cluster:   default
==> escalation:  -- Template:  debian_stretch_server_291118
==> escalation:  -- Console Type:  spice
==> escalation:  -- Memory:
==> escalation:   Memory:  512 MB
==> escalation:   Maximum: 512 MB
==> escalation:   Guaranteed:  512 MB
==> escalation:  -- Cpu:
==> escalation:   Cores:   1
==> escalation:   Sockets: 1
==> escalation:   Threads: 1
==> escalation:  -- Cloud-Init:false
==> escalation: An error occured. Recovering..
==> escalation: VM is not created. Please run `vagrant up` first.
/home/secgenadmin/.vagrant.d/gems/2.4.4/gems/ovirt-engine-sdk-4.0.12/lib/ovirtsdk4/service.rb:52:in
 `raise_error': Fault reason is "Operation Failed". Fault detail is "Entity not 
found: Cluster: name=default". HTTP response code is 404.

Hello Jeremy,

Looks like you have no cluster called default in your setup. Edit your vagrant 
file accordingly to your setup.

Luca
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/WHPTHB6I4I2CLLOJGNVO7UAA7JAOGWTC/

[ovirt-users] Vagrant Plugin

2019-03-29 Thread Jeremy Tourville 
I am having some trouble getting the Ovirt Vagrant plugin working.  I was able 
to get Vagrant installed and could even run the example scenario listed in the 
blog. https://www.ovirt.org/blog/2017/02/using-oVirt-vagrant.html

My real issue is getting a vm generated by the SecGen project 
https://github.com/SecGen/SecGen  to come up.  If I use the VirtualBox provider 
everything works as expected and I can launch the vm with vagrant up.  If I try 
to run using Ovirt provider it fails.

I had originally posted this over in Google groups /  Vagrant forums and it was 
suggested to take it to Ovirt.  Hopefully, somebody here has some insights.

The process fails quickly with the following output.  Can anyone give some 
suggestions on how to fix the issue?  I have also included a copy of my 
vagrantfile below. Thanks in advance for your assistance!

***Output***

Bringing machine 'escalation' up with 'ovirt4' provider...
==> escalation: Creating VM with the following settings...
==> escalation:  -- Name:  SecGen-default-scenario-escalation
==> escalation:  -- Cluster:   default
==> escalation:  -- Template:  debian_stretch_server_291118
==> escalation:  -- Console Type:  spice
==> escalation:  -- Memory:
==> escalation:   Memory:  512 MB
==> escalation:   Maximum: 512 MB
==> escalation:   Guaranteed:  512 MB
==> escalation:  -- Cpu:
==> escalation:   Cores:   1
==> escalation:   Sockets: 1
==> escalation:   Threads: 1
==> escalation:  -- Cloud-Init:false
==> escalation: An error occured. Recovering..
==> escalation: VM is not created. Please run `vagrant up` first.
/home/secgenadmin/.vagrant.d/gems/2.4.4/gems/ovirt-engine-sdk-4.0.12/lib/ovirtsdk4/service.rb:52:in
 `raise_error': Fault reason is "Operation Failed". Fault detail is "Entity not 
found: Cluster: name=default". HTTP response code is 404. (OvirtSDK4::Error)
from 
/home/secgenadmin/.vagrant.d/gems/2.4.4/gems/ovirt-engine-sdk-4.0.12/lib/ovirtsdk4/service.rb:67:in
 `check_fault'
from 
/home/secgenadmin/.vagrant.d/gems/2.4.4/gems/ovirt-engine-sdk-4.0.12/lib/ovirtsdk4/services.rb:35570:in
 `add'
from 
/home/secgenadmin/.vagrant.d/gems/2.4.4/gems/vagrant-ovirt4-1.2.2/lib/vagrant-ovirt4/action/create_vm.rb:67:in
 `call'
from 
/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/lib/vagrant/action/warden.rb:50:in
 `call'
from 
/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/lib/vagrant/action/builtin/before_trigger.rb:23:in
 `call'
from 
/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/lib/vagrant/action/warden.rb:50:in
 `call'
from 
/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/lib/vagrant/action/builtin/after_trigger.rb:26:in
 `call'
from 
/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/lib/vagrant/action/warden.rb:50:in
 `call'
from 
/home/secgenadmin/.vagrant.d/gems/2.4.4/gems/vagrant-ovirt4-1.2.2/lib/vagrant-ovirt4/action/set_name_of_domain.rb:17:in
 `call'
from 
/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/lib/vagrant/action/warden.rb:50:in
 `call'
from 
/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/lib/vagrant/action/builtin/before_trigger.rb:23:in
 `call'
from 
/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/lib/vagrant/action/warden.rb:50:in
 `call'
from 
/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/lib/vagrant/action/warden.rb:121:in
 `block in finalize_action'
from 
/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/lib/vagrant/action/warden.rb:50:in
 `call'
from 
/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/lib/vagrant/action/builder.rb:116:in
 `call'
from 
/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/lib/vagrant/action/runner.rb:102:in
 `block in run'
from 
/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/lib/vagrant/util/busy.rb:19:in
 `busy'
from 
/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/lib/vagrant/action/runner.rb:102:in
 `run'
from 
/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/lib/vagrant/action/builtin/call.rb:53:in
 `call'
from 
/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/lib/vagrant/action/warden.rb:50:in
 `call'
from 
/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/lib/vagrant/action/builtin/before_trigger.rb:23:in
 `call'
from 
/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/lib/vagrant/action/warden.rb:50:in
 `call'
from 
/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/lib/vagrant/action/builtin/after_trigger.rb:26:in
 `call'
from 
/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/lib/vagrant/action/warden.rb:50:in
 `call'
from 
/home/secgenadmin/.vagrant.d/gems/2.4.4/gems/vagrant-ovirt4-1.2.2/lib/vagrant-ovirt4/action/connect_ovirt.rb:31:in
 `call'
from 
/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/lib/vagrant/action/warden.rb:50:in
 `call'
from

[ovirt-users] Engine login fails after previously working.

2018-11-15 Thread Jeremy Tourville 
I recently completed setup for 389 DS and 
ovirt-engine-extension-aaa-ldap-setup.  I was able to complete the script run 
without errors and could perform both login and search functions without issue. 
 Initially after setup I was able to login.

After getting all this to work I had rebooted the 389 DS server.  I tried to 
login as the super user I created earlier.  I am getting the message "Unable to 
login.  Verify your login information or contact the system administrator."

 This issue only seemed to happen after the reboot, prior to that it had been 
working.  Any thoughts on troubleshooting?  Thanks in advance.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/MXGDGXQDC6EFNFNKW2HZWJNHT6KPDU3F/

[ovirt-users] Single Node oVirt and Gluster Hyperconverged

2018-11-15 Thread Jeremy Tourville 
I have a question about this specific prerequisite-


  *   You must have at least 2 interfaces on the host, so that the frontend and 
backend traffic can be separated out. Having only one network will cause the 
engine monitoring, client traffic, gluster I/O traffic to all run together and 
interfere each other. To segregate the backend network, the gluster cluster is 
formed using the backend network addresses, and the nodes are added to the 
engine using the frontend network address.

>>>You must have at least 2 interfaces on the host, so that the frontend and 
>>>backend traffic can be separated out.>>>This part is very clear to me.  You 
>>>need at least 2 NICs.

>>>Having only one network will cause the engine monitoring, client traffic, 
>>>gluster I/O traffic to all run together and interfere each other.  To 
>>>segregate the backend network, the gluster cluster is formed using the 
>>>backend network addresses, and the nodes are added to the engine using the 
>>>frontend network address.>>>  Ok, so you definitely need two IPs.  What is 
>>>not clear to me is, do you need to have the IPs in different subnets or can 
>>>they be in the same subnet?

For reference, I was able to set this up with two IPs in the same subnet and it 
does seem to work.  However, I have noted some slowness issues while connecting 
storage domains  during startup and frequently get messages about needing to 
restart the HA agent.  Usually it seems after I try to restart services I can 
get the system to recognize the engine storage domain and start the engine.  I 
wonder if my problem is the fact that both my front and backend IPs are in the 
same subnet?  Thanks for your advice.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5VTB2E4XMDUFGMCIY7TMJ52US44TWCQ4/

[ovirt-users] Re: ovirt-engine-extension-aaa-ldap-setup failed

2018-11-14 Thread Jeremy Tourville 
Yes, I found out my original problem stemmed from the fact that I had not 
created a normal user account after my initial 389 DS setup.  Once I created 
the normal user account I logged into the engine as the internal admin user.  I 
assigned the normal user account the super user role.  I logged out as internal 
admin and logged in as the new user / super user using the newly created 
profile.  So at least for the AAA setup everything seems to work ok.  I created 
some additional users in 389 DS and I can view them from the engine.

Thank you for your help!

From: Ondra Machacek 
Sent: Wednesday, November 14, 2018 8:54 AM
To: Jeremy Tourville; users@ovirt.org
Subject: Re: [ovirt-users] Re: ovirt-engine-extension-aaa-ldap-setup failed

You need to create some users in 'dc=cyber-range,dc=lan', you can switch
to it in 389ds GUI console  and there create some users, and use those
users in aaa-ldap-setup and also in oVirt engine gui.

On 11/9/18 10:24 AM, Jeremy Tourville wrote:
> An update, I was able to complete the setup.  It says it was successful but I 
> still can't login using the engine web interface.  I selected the newly 
> created profile using the dropdown arrow and entered my admin user and 
> password.  I get an error "Unable to login.  Verify your login information or 
> contact the system administrator."
>
> I attached my log showing the setup completion.
>
> ____
> From: Jeremy Tourville 
> Sent: Monday, November 5, 2018 2:58 PM
> To: Ondra Machacek
> Cc: users@ovirt.org
> Subject: Re: [ovirt-users] Re: ovirt-engine-extension-aaa-ldap-setup failed
>
>>>> Can you try to run that on command line[1], or can you double check that 
>>>> such user exists?
>
> Here is the result of the command:
> [root@ldap ~]# ldapsearch -x -H ldap://ldap.cyber-range.lan -b 
> 'dc=cyber-range,dc=lan' -D 
> 'uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot' -W 
> uid=admin
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base  with scope subtree
> # filter: uid=admin
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 1
>
> Basically, I did not create any users except for the ones that were "created" 
> during the setup-ds-admin.pl script run. 
> https://www.unixmen.com/install-and-configure-ldap-server-in-centos-7/
> I ran the script just like the article did to include names, I did however 
> change the server and domain names to match mine.  I didn't create any users 
> using the GUI or ldapmodify after the initial setup.  Do I need to create a 
> user with the needed bind privileges or is my problem somewhere else?
>
> 
> From: Ondra Machacek 
> Sent: Monday, November 5, 2018 4:15 AM
> To: Jeremy Tourville; Donny Davis
> Cc: users@ovirt.org
> Subject: Re: [ovirt-users] Re: ovirt-engine-extension-aaa-ldap-setup failed
>
> Looking at logs you may see:
>
> 2018-10-31 16:48:09,331-05 FINEPerforming SearchRequest
> 'SearchRequest(baseDN='dc=cyber-range,dc=lan', scope=SUB, deref=NEVER,
> sizeLimit=0, timeLimit=0,
> filter='&(objectClass=organizationalPerson)(uid=*)(uid=admin)',
> attrs={nsuniqueid, uid, cn, displayName, department, givenName, sn,
> title, mail})' request on server 'ldap.cyber-range.lan'
> 2018-10-31 16:48:09,333-05 FINESearchResult:
> SearchResult(resultCode=0 (success), messageID=3, entriesReturned=0,
> referencesReturned=0)
>
> So the AAA is trying to search user uid=admin in namespace
> dc=cyber-range,dc=lan. But the 389ds return nothing. Can you try to run
> that on command line[1], or can you double check that such user exists?
>
> Seems like admin which you use in vars.user, from namespace
> o=NetscapeRoot, can't search in namespace dc=cyber-range,dc=lan.
>
> Try to use as vars.use user from namespace dc=cyber-range,dc=lan.
>
> [1] ldapsearch -x -H ldap://ldap.cyber-range.lan -b
> 'dc=cyber-range,dc=lan' -D
> 'uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot' -W
> uid=admin
>
> On 11/2/18 2:01 PM, Jeremy Tourville wrote:
>> I have been trying to find the setting to confirm that.
>>
>> On Nov 2, 2018 7:43 AM, Donny Davis  wrote:
>> Is binding allowed in your 389ds instance?
>>
>>
>> On Fri, Nov 2, 2018, 8:11 AM Jeremy Tourville 
>> mailto:jeremy_tourvi...@hotmail.com> wrote:
>> The backend is 389 DS, no this is not Govt related.  This will be used as a 
>> training platform for my local ISSA chapter.  This is a new 389 DS server.  
>> I followed the instructions at 
>> https://www.unixmen.com/install-and-configure-ldap-server-in-centos-7/
>> The server is

[ovirt-users] Re: ovirt-engine-extension-aaa-ldap-setup failed

2018-11-06 Thread Jeremy Tourville 
>>>Can you try to run that on command line[1], or can you double check that 
>>>such user exists?

Here is the result of the command:
[root@ldap ~]# ldapsearch -x -H ldap://ldap.cyber-range.lan -b 
'dc=cyber-range,dc=lan' -D 
'uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot' -W uid=admin
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base  with scope subtree
# filter: uid=admin
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

Basically, I did not create any users except for the ones that were "created" 
during the setup-ds-admin.pl script run. 
https://www.unixmen.com/install-and-configure-ldap-server-in-centos-7/
I ran the script just like the article did to include names, I did however 
change the server and domain names to match mine.  I didn't create any users 
using the GUI or ldapmodify after the initial setup.  Do I need to create a 
user with the needed bind privileges or is my problem somewhere else?


From: Ondra Machacek 
Sent: Monday, November 5, 2018 4:15 AM
To: Jeremy Tourville; Donny Davis
Cc: users@ovirt.org
Subject: Re: [ovirt-users] Re: ovirt-engine-extension-aaa-ldap-setup failed

Looking at logs you may see:

2018-10-31 16:48:09,331-05 FINEPerforming SearchRequest
'SearchRequest(baseDN='dc=cyber-range,dc=lan', scope=SUB, deref=NEVER,
sizeLimit=0, timeLimit=0,
filter='&(objectClass=organizationalPerson)(uid=*)(uid=admin)',
attrs={nsuniqueid, uid, cn, displayName, department, givenName, sn,
title, mail})' request on server 'ldap.cyber-range.lan'
2018-10-31 16:48:09,333-05 FINESearchResult:
SearchResult(resultCode=0 (success), messageID=3, entriesReturned=0,
referencesReturned=0)

So the AAA is trying to search user uid=admin in namespace
dc=cyber-range,dc=lan. But the 389ds return nothing. Can you try to run
that on command line[1], or can you double check that such user exists?

Seems like admin which you use in vars.user, from namespace
o=NetscapeRoot, can't search in namespace dc=cyber-range,dc=lan.

Try to use as vars.use user from namespace dc=cyber-range,dc=lan.

[1] ldapsearch -x -H ldap://ldap.cyber-range.lan -b
'dc=cyber-range,dc=lan' -D
'uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot' -W
uid=admin

On 11/2/18 2:01 PM, Jeremy Tourville wrote:
> I have been trying to find the setting to confirm that.
>
> On Nov 2, 2018 7:43 AM, Donny Davis  wrote:
> Is binding allowed in your 389ds instance?
>
>
> On Fri, Nov 2, 2018, 8:11 AM Jeremy Tourville 
> mailto:jeremy_tourvi...@hotmail.com> wrote:
> The backend is 389 DS, no this is not Govt related.  This will be used as a 
> training platform for my local ISSA chapter.  This is a new 389 DS server.  I 
> followed the instructions at 
> https://www.unixmen.com/install-and-configure-ldap-server-in-centos-7/
> The server is "stock" with the exceptions of the settings for startTLS and 
> adding certificates, etc (basically, whatever is needed to integrate with the 
> Ovirt Engine.)
> I am using my Admin account to perform the bind.  What I don't understand is 
> why everything else in the aaa setup script works except the login sequence.  
> It would seem like my certificates are correct, correct use of the admin DN, 
> etc.  The funny part is I can login to the server using the admin account and 
> password yet the same admin account and password fail when using the aaa 
> setup script.  But, that is why I am using the expert knowledge on the list!  
> Maybe I have overlooked a simple prerequisite setting needed for setup 
> somewhere?
>
> I'll wait for someone to chime in on possible reasons to get this message:
> SEVERE  Authn.Result code is: CREDENTIALS_INVALID
> [ ERROR ] Login sequence failed
>
> __
> Users mailing list -- users@ovirt.org<mailto:users@ovirt.org>
> To unsubscribe send an email to 
> users-le...@ovirt.org<mailto:users-le...@ovirt.org>
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/TGT7ASCWSUTU6TDT2HIBLBCRL2CEF3G6/
>
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/JN4AMQUNTFGL2NDUWNDG2AZTF7YIQPN6/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statem

[ovirt-users] Re: ovirt-engine-extension-aaa-ldap-setup failed

2018-11-03 Thread Jeremy Tourville 
I have been trying to find the setting to confirm that.

On Nov 2, 2018 7:43 AM, Donny Davis  wrote:
Is binding allowed in your 389ds instance?


On Fri, Nov 2, 2018, 8:11 AM Jeremy Tourville 
mailto:jeremy_tourvi...@hotmail.com> wrote:
The backend is 389 DS, no this is not Govt related.  This will be used as a 
training platform for my local ISSA chapter.  This is a new 389 DS server.  I 
followed the instructions at 
https://www.unixmen.com/install-and-configure-ldap-server-in-centos-7/
The server is "stock" with the exceptions of the settings for startTLS and 
adding certificates, etc (basically, whatever is needed to integrate with the 
Ovirt Engine.)
I am using my Admin account to perform the bind.  What I don't understand is 
why everything else in the aaa setup script works except the login sequence.  
It would seem like my certificates are correct, correct use of the admin DN, 
etc.  The funny part is I can login to the server using the admin account and 
password yet the same admin account and password fail when using the aaa setup 
script.  But, that is why I am using the expert knowledge on the list!  Maybe I 
have overlooked a simple prerequisite setting needed for setup somewhere?

I'll wait for someone to chime in on possible reasons to get this message:
SEVERE  Authn.Result code is: CREDENTIALS_INVALID
[ ERROR ] Login sequence failed

__
Users mailing list -- users@ovirt.org<mailto:users@ovirt.org>
To unsubscribe send an email to 
users-le...@ovirt.org<mailto:users-le...@ovirt.org>
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TGT7ASCWSUTU6TDT2HIBLBCRL2CEF3G6/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JN4AMQUNTFGL2NDUWNDG2AZTF7YIQPN6/

[ovirt-users] Re: ovirt-engine-extension-aaa-ldap-setup failed

2018-11-02 Thread Jeremy Tourville 
The backend is 389 DS, no this is not Govt related.  This will be used as a 
training platform for my local ISSA chapter.  This is a new 389 DS server.  I 
followed the instructions at 
https://www.unixmen.com/install-and-configure-ldap-server-in-centos-7/
The server is "stock" with the exceptions of the settings for startTLS and 
adding certificates, etc (basically, whatever is needed to integrate with the 
Ovirt Engine.)
I am using my Admin account to perform the bind.  What I don't understand is 
why everything else in the aaa setup script works except the login sequence.  
It would seem like my certificates are correct, correct use of the admin DN, 
etc.  The funny part is I can login to the server using the admin account and 
password yet the same admin account and password fail when using the aaa setup 
script.  But, that is why I am using the expert knowledge on the list!  Maybe I 
have overlooked a simple prerequisite setting needed for setup somewhere?

I'll wait for someone to chime in on possible reasons to get this message:
SEVERE  Authn.Result code is: CREDENTIALS_INVALID
[ ERROR ] Login sequence failed

__
Users mailing list -- users@ovirt.org
To unsubscribe send an email to 
users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TGT7ASCWSUTU6TDT2HIBLBCRL2CEF3G6/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/L44JXLWDDD6WIJTPUKAEQNHDWCPURI7C/

[ovirt-users] Re: ovirt-engine-extension-aaa-ldap-setup failed

2018-10-31 Thread Jeremy Tourville 


From: Jeremy Tourville 
Sent: Thursday, October 25, 2018 7:33 AM
To: Ondra Machacek
Subject: Re: [ovirt-users] ovirt-engine-extension-aaa-ldap-setup failed

I ran the command again after completing the setup wizard as you directed and 
the results are still the same.  Here's the last few lines. I have also 
attached a complete log file for reference.

2018-10-25 07:09:00,679-05 FINEST  VARS-END
2018-10-25 07:09:00,679-05 FINErunSequence Return name='authn'
2018-10-25 07:09:00,680-05 FINEdoAuthenticateCredentials Return 
{Extkey[name=AAA_AUTHN_RESULT;type=class 
java.lang.Integer;uuid=AAA_AUTHN_RESULT[af9771dc-a0bb-417d-a700-277616aedd85];]=12}
2018-10-25 07:09:00,680-05 FINEST  Invoke Output BEGIN
2018-10-25 07:09:00,680-05 FINEST  
{Extkey[name=EXTENSION_INVOKE_RESULT;type=class 
java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=0,
 Extkey[name=AAA_AUTHN_RESULT;type=class 
java.lang.Integer;uuid=AAA_AUTHN_RESULT[af9771dc-a0bb-417d-a700-277616aedd85];]=12}
2018-10-25 07:09:00,680-05 FINEST  Invoke Output END
2018-10-25 07:09:00,680-05 INFOAPI: 
<--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='ldap.cyber-range.lan' 
result=CREDENTIALS_INVALID
2018-10-25 07:09:00,684-05 SEVERE  Authn.Result code is: CREDENTIALS_INVALID
2018-10-25 07:09:00,684-05 FINEException:
java.lang.RuntimeException: Authn.Result code is: CREDENTIALS_INVALID
at 
org.ovirt.engine.exttool.aaa.AAAServiceImpl$Action.lambda$static$3(AAAServiceImpl.java:188)
at 
org.ovirt.engine.exttool.aaa.AAAServiceImpl$Action.execute(AAAServiceImpl.java:417)
at 
org.ovirt.engine.exttool.aaa.AAAServiceImpl.run(AAAServiceImpl.java:686)
at 
org.ovirt.engine.exttool.core.ExtensionsToolExecutor.main(ExtensionsToolExecutor.java:120)
at org.jboss.modules.Module.run(Module.java:352)
at org.jboss.modules.Module.run(Module.java:320)
at org.jboss.modules.Main.main(Main.java:593)

2018-10-25 07:09:00,685-05 FINEExiting with status '1'




From: Ondra Machacek 
Sent: Thursday, October 25, 2018 2:28 AM
To: Jeremy Tourville; users@ovirt.org
Subject: Re: [ovirt-users] ovirt-engine-extension-aaa-ldap-setup failed



On 10/24/18 1:00 AM, Jeremy Tourville wrote:
> I am having trouble completing the AAA extension setup.  It fails at the end 
> when testing the login flow, if I test the search that part works.
> I can confirm that I am able to login to my system using the admin account so 
> there is not a password issue.
>
> I have listed my results below to include log level=finest.  I have also 
> attached a log.  Sugeestions on troubleshooting are appreciated. I am not 
> sure where to start.  Thanks!
>
>Please provide credentials to test login flow:
>Enter user name: admin
>Enter user password:
> [ INFO  ] Executing login sequence...
>Login output:
>2018-10-23 16:43:46,432-05 INFO
> ===   
>  
> =
>2018-10-23 16:43:46,452-05 INFO 
> Initia
> lization 
>2018-10-23 16:43:46,452-05 INFO
> ===   
>  
> =
>2018-10-23 16:43:46,565-05 INFOLoading extension 
> 'ldap.cyber-range 
>.lan-authn'
>2018-10-23 16:43:46,668-05 INFOExtension 
> 'ldap.cyber-range.lan-aut 
>hn' loaded
>2018-10-23 16:43:46,672-05 INFOLoading extension 
> 'ldap.cyber-range 
>.lan'
>2018-10-23 16:43:46,681-05 INFOExtension 
> 'ldap.cyber-range.lan' lo 
>aded
>2018-10-23 16:43:46,682-05 INFOInitializing extension 
> 'ldap.cyber-  
>   range.lan-authn'
>2018-10-23 16:43:46,682-05 INFO
> [ovirt-engine-extension-aaa-ldap.au   
>  thn::ldap.cyber-range.lan-authn] 
> Creating LDAP pool 'authz'
>2018-10-23 16:43:47,236-05 INFO
> [ovirt-eng

[ovirt-users] Hosted Engine - Unable to connect after deployment.

2018-09-23 Thread Jeremy Tourville 
I have a new installation of ovirt hyperconverged single node using glusterfs.  
I was able to run gdeploy and then use the web interface to run the self hosted 
engine setup.  Ovirt node is running 4.2.5.1.  If I go to localhost>ovirt 
machines tab from my node I see a message in the upper right corner saying 
"ovirt login in progress" with spinning icon after putting in the credentials.  
After a minute or less I am redirected to -
https://engine.cyber-range.lan/ovirt-engine/web-ui/authorizedRedirect.jsp?redirectUrl=https://172.30.50.3:9090/machines/__hash__token=TOKEN
where the web page says- "the connection has timed out."
"The server at engine.cyber-range.lan is taking too long to respond."  I also 
notice I no longer have the option to choose VNC or console because the web 
page keeps on attempting to reconnect.  When I tried to connect using a console 
with virt-viewer it errored out on me.  (I didn't make note of the message)

Virtualization>hosted engine tab reports that my hosted engine is up.  This is 
further confirmed by CLI  #hosted-engine --check-liveliness.  On occasion 
though, CLI reports HE is not up.  If I try to ssh to HE sometimes I can 
connect, but it is VERY slow to do so.  Once I connect it often appears to 
freeze or be very slow to enter any input commands to the HE.  HE is 
effectively useless.

I get frequent log messages in the console- "ovirt-ha-agent 
ovirt_hosted_engine_ha.agent.hosted_engine.HostedEngine ERROR Engine VM has bad 
health status, timeout in 300 seconds"

This is a new setup, so I haven't lost anything if I need to start over.  What 
do you suggest?  Is there an easy way to recover or should I reinstall HE?  
Thanks for your advice!
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/MDDQLLRFSVQZ6A2AWEI2H663VCV2MARR/

[ovirt-users] gdeploy fails for unsupported disk (script problem)

2018-09-19 Thread Jeremy Tourville 
It seems as though there is a problem with the grafton sanity check script.  It 
took me a moment to spot the error below.  Note the inconsistencies in the host 
names.

changed: [obe.cyber-range.lan] (this is the correct piece of info)
ping: ovir-be.cyber-range.lan (the ping portion changed the host name somehow)

I'm not quite strong enough with scripting to fix it.  Can anyone take a look 
at it?

[root@vmh ~]# gdeploy -c gdeploy.conf -vv
ansible-playbook 2.6.2
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', 
u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 2.7.5 (default, Jul 13 2018, 13:06:57) [GCC 4.8.5 20150623 
(Red Hat 4.8.5-28)]
Using /etc/ansible/ansible.cfg as config file

PLAYBOOK: run-script.yml 
***
1 plays in /tmp/tmpubmQdM/run-script.yml

PLAY [gluster_servers] 
*
META: ran handlers

TASK [Run a shell script] 
**
task path: /tmp/tmpubmQdM/run-script.yml:7
changed: [obe.cyber-range.lan] => 
(item=/usr/share/gdeploy/scripts/grafton-sanity-check.sh -d /dev/sda -h 
ovir-be.cyber-range.lan) => {"changed": true, "failed_when_result": false, 
"item": "/usr/share/gdeploy/scripts/grafton-sanity-check.sh -d /dev/sda -h 
ovir-be.cyber-range.lan", "rc": 0, "stderr": "Shared connection to 
obe.cyber-range.lan closed.\r\n", "stderr_lines": ["Shared connection to 
obe.cyber-range.lan closed."], "stdout": "ping: ovir-be.cyber-range.lan: Name 
or service not known\r\nping failed unable to reach 
ovir-be.cyber-range.lan\r\nUsage: grep [OPTION]... PATTERN [FILE]...\r\nTry 
'grep --help' for more information.\r\n", "stdout_lines": ["ping: 
ovir-be.cyber-range.lan: Name or service not known", "ping failed unable to 
reach ovir-be.cyber-range.lan", "Usage: grep [OPTION]... PATTERN [FILE]...", 
"Try 'grep --help' for more information."]}
META: ran handlers
META: ran handlers

PLAY RECAP 
*
obe.cyber-range.lan: ok=1changed=1unreachable=0failed=0

Error: Unsupported disk type!
Only ['raid10', 'raid5', 'raid6', 'jbod'] are supported

BTW, this is directly related to my previous post: 
https://lists.ovirt.org/archives/list/users@ovirt.org/thread/IPSNXA3GHYFU63J5IGQEOVJVPZ42YPCF/#IPSNXA3GHYFU63J5IGQEOVJVPZ42YPCF
 .  I did change some parameters since then.  I made sure I blacklisted my 
multipath device and dont have GPT label in the MBR.  This is the most recent 
results of my efforts.  Closer but not done quite yet  
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/LB56DSQISDHA5MYWPRVRCKFCBZIUFOJN/

[ovirt-users] Single Hyperconverged Node Gluster Config

2018-09-16 Thread Jeremy Tourville 
Hello,
I am trying to setup a single hyperconverged node.  The disks that I will be 
using for the creation of my engine and all VMs are on a RAID 5.  This volume 
is using hardware raid with an LSI controller (LSI 9361-4i).  I am unsure of 
the appropriate values to use for the Gluster config.  Here is the info about 
my environment.

[root@vmh ~]# mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime,seclabel)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
devtmpfs on /dev type devtmpfs 
(rw,nosuid,seclabel,size=65713924k,nr_inodes=16428481,mode=755)
securityfs on /sys/kernel/security type securityfs 
(rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,seclabel)
devpts on /dev/pts type devpts 
(rw,nosuid,noexec,relatime,seclabel,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,seclabel,mode=755)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,seclabel,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup 
(rw,nosuid,nodev,noexec,relatime,seclabel,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
cgroup on /sys/fs/cgroup/freezer type cgroup 
(rw,nosuid,nodev,noexec,relatime,seclabel,freezer)
cgroup on /sys/fs/cgroup/pids type cgroup 
(rw,nosuid,nodev,noexec,relatime,seclabel,pids)
cgroup on /sys/fs/cgroup/cpuset type cgroup 
(rw,nosuid,nodev,noexec,relatime,seclabel,cpuset)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup 
(rw,nosuid,nodev,noexec,relatime,seclabel,cpuacct,cpu)
cgroup on /sys/fs/cgroup/blkio type cgroup 
(rw,nosuid,nodev,noexec,relatime,seclabel,blkio)
cgroup on /sys/fs/cgroup/hugetlb type cgroup 
(rw,nosuid,nodev,noexec,relatime,seclabel,hugetlb)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup 
(rw,nosuid,nodev,noexec,relatime,seclabel,net_prio,net_cls)
cgroup on /sys/fs/cgroup/devices type cgroup 
(rw,nosuid,nodev,noexec,relatime,seclabel,devices)
cgroup on /sys/fs/cgroup/perf_event type cgroup 
(rw,nosuid,nodev,noexec,relatime,seclabel,perf_event)
cgroup on /sys/fs/cgroup/memory type cgroup 
(rw,nosuid,nodev,noexec,relatime,seclabel,memory)
configfs on /sys/kernel/config type configfs (rw,relatime)
/dev/mapper/onn_vmh-ovirt--node--ng--4.2.5.1--0.20180821.0+1 on / type ext4 
(rw,relatime,seclabel,discard,stripe=16,data=ordered)
selinuxfs on /sys/fs/selinux type selinuxfs (rw,relatime)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs 
(rw,relatime,fd=22,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=43386)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
mqueue on /dev/mqueue type mqueue (rw,relatime,seclabel)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,seclabel)
hugetlbfs on /dev/hugepages1G type hugetlbfs (rw,relatime,seclabel,pagesize=1G)
/dev/mapper/onn_vmh-tmp on /tmp type ext4 
(rw,relatime,seclabel,discard,stripe=16,data=ordered)
/dev/mapper/onn_vmh-home on /home type ext4 
(rw,relatime,seclabel,discard,stripe=16,data=ordered)
/dev/sdb1 on /boot type ext4 (rw,relatime,seclabel,data=ordered)
/dev/mapper/onn_vmh-var on /var type ext4 
(rw,relatime,seclabel,discard,stripe=16,data=ordered)
/dev/mapper/onn_vmh-var_log on /var/log type ext4 
(rw,relatime,seclabel,discard,stripe=16,data=ordered)
/dev/mapper/onn_vmh-var_crash on /var/crash type ext4 
(rw,relatime,seclabel,discard,stripe=16,data=ordered)
/dev/mapper/onn_vmh-var_log_audit on /var/log/audit type ext4 
(rw,relatime,seclabel,discard,stripe=16,data=ordered)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime)
/dev/mapper/3600605b00a2faca222fb4da81ac9bdb1p1 on /data type ext4 
(rw,relatime,seclabel,discard,stripe=64,data=ordered)
tmpfs on /run/user/0 type tmpfs 
(rw,nosuid,nodev,relatime,seclabel,size=13149252k,mode=700)

[root@vmh ~]# blkid
/dev/sda1: UUID="ce130131-c457-46a0-b6de-e50cc89a6da3" TYPE="ext4" 
PARTUUID="5fff73ae-70d4-4697-a307-5f68a4c00f4c"
/dev/sdb1: UUID="47422043-e5d0-4541-86ff-193f61a779b0" TYPE="ext4"
/dev/sdb2: UUID="2f2cf71b-b68e-985a-6433-ed1889595df0" 
UUID_SUB="a3e32abe-109c-b436-7712-6c9d9f1d57c9" 
LABEL="vmh.cyber-range.lan:pv00" TYPE="linux_raid_member"
/dev/sdc1: UUID="2f2cf71b-b68e-985a-6433-ed1889595df0" 
UUID_SUB="7132acc1-e210-f645-5df2-e1a1eff7f836" 
LABEL="vmh.cyber-range.lan:pv00" TYPE="linux_raid_member"
/dev/md127: UUID="utB9xu-zva6-j5Ci-3E49-uDya-g2AJ-MQu5Rd" TYPE="LVM2_member"
/dev/mapper/onn_vmh-ovirt--node--ng--4.2.5.1--0.20180821.0+1: 
UUID="8656ff1e-d217-4088-b353-6d2b9f602ce3" TYPE="ext4"
/dev/mapper/onn_vmh-swap: UUID="57a165d1-116e-4e64-a694-2618ffa3a79e" 
TYPE="swap"
/dev/mapper/3600605b00a2faca222fb4da81ac9bdb1p1: 
UUID="ce130131-c457-46a0-b6de-e50cc89a6da3" TYPE="ext4" 
PARTUUID="dac9e1fc-b0d7-43da-b52c-66bb059d8137"
/dev/mapper/onn_vmh-root: UUID="7cc65568-d408-43ab-a793-b6c110d7ba98" 
TYPE="ext4"
/dev/mapper/onn_vmh-home: UUID="c7e344d0-f401-4504-b52e-9b5c6023c10e" 
TYPE="ext4"
/dev/mapper/onn_vmh-tmp: UUID="3323e010-0dab-4166-b15d-d739a09b4c03" TYPE="ext4"

[ovirt-users] Hosted Engine, Node, Local Storage, All in One

2018-08-30 Thread Jeremy Tourville 
Can anyone tell me if this can be done?  I have read various articles and I'm 
not sure.
http://blog.domb.net/?p=2141
https://www.ovirt.org/develop/release-management/features/integration/allinone/

According to my google search results the ovirt article date is within the last 
year approximately but I says deprecated after version 3.6 yet the 1st article 
makes it seem it can be done.  I know this goes against standard practice but 
there is a reason I'm trying to do it.   If it is possible, can anyone point me 
to a guide or give me an overview of the steps needed?  Thank you for your help!

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/36S4WDBYRY2TZ3OIBE4DDMRLNQFHDMUB/

[ovirt-users] Hosted Engine setup issues

2018-08-21 Thread Jeremy Tourville 
If I try to setup hosted engine with the option to use Ansible it eventually 
fails on me.  See 
https://lists.ovirt.org/archives/list/users@ovirt.org/thread/LPK7OGFALSQFAN4UMEIHOION4BS2HJLN/

However if I run hosted-engine --deploy --noansible the setup does complete.  
There is further trouble though,  it seems the networks are not being 
configured properly.  If I browse to Compute>Hosts>Hostname and click on the 
Setup Host Networks button I am presented with a new window that contains an 
unassigned logical network of "oivrtmgmt"   On the left side pane there are two 
columns for Interfaces and Assigned Logical Networks.  Both of those columns 
are completely empty.  I think if I understand correctly the interfaces column 
should at least have some info in it.

[cid:bb1f29b4-888c-410a-9b47-7589f866539a]

So my best guess is that for some unknown reason (at least to me) the Engine 
doesn't '"know how to get setup properly"  either with or without Ansible.  
That's about as well as I can describe it.  I hope it makes sense  Anyone 
have ideas on what is going wrong here?  Thanksfor any troubleshooting advice 
you can provide!

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FSZFFTZFQK7AAQXQ5ATF3E4YRODPUCYW/

[ovirt-users] Hosted Engine Setup Issues on Ovirt Node 4.2.5.1

2018-08-20 Thread Jeremy Tourville 
If I try to setup hosted engine with the option to use Ansible it eventually 
fails on me.  See 
https://lists.ovirt.org/archives/list/users@ovirt.org/thread/LPK7OGFALSQFAN4UMEIHOION4BS2HJLN/

However if I run hosted-engine --deploy --noansible the setup does complete.  
There is further trouble though,  it seems the networks are not being 
configured properly.  If I browse to Compute>Hosts>Hostname and click on the 
Setup Host Networks button I am presented with a new window that contains an 
unassigned logical network of "oivrtmgmt"   On the left side pane there are two 
columns for Interfaces and Assigned Logical Networks.  Both of those columns 
are completely empty.  I think if I understand correctly the interfaces column 
should at least have some info in it.

[cid:2a4d1038-bdf0-4d1e-be64-e8a23c1c88d9]

So my best guess is that for some unknown reason (at least to me) the Engine 
doesn't '"know how to get setup properly"  either with or without Ansible.  
That's about as well as I can describe it.  I hope it makes sense  Anyone 
have ideas on what is going wrong here?  Thanksfor any troubleshooting advice 
you can provide!
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/H6Z3LYCOT56UI5PCSCOOKDVCG3WO2QRA/

Re: [ovirt-users] Spice Client Connection Issues Using aSpice

2018-02-21 Thread Jeremy Tourville 
Hello everyone,

I can confirm that spice is working for me when I launch it using the .vv file. 
 I have virt viewer installed on my Windows pc and it works without issue.  I 
can also launch spice when I use movirt without any issues.  I examined the 
contents of the .vv file to see what the certificate looks like.   I can 
confirm that the certficate in the .vv file is the same as the file I 
downloaded in step 1 of my directions.


I reviewed the PKI reference 
(https://www.ovirt.org/develop/release-management/features/infra/pki/)  
<https://www.ovirt.org/develop/release-management/features/infra/pki/>

for a second time and I see the same certificate located in different locations.


For example, all these locations contain the same certificate-

  *   <https://ovirtengine.lan/ovirt-en> 
https://ovirtengine.lan/ovirt-engine/services/pki-resource?resource=ca-certificate=X509-PEM-CA
  *   /etc/pki/vdsm/certs/cacert.pem
  *   /etc/pki/vdsm/libvirt-spice/ca-cert.pem
  *   /etc/pki/CA/cacert.pem

This is the certificate I am using to configure my aSpice client.

Can someone answer the question from my original post?  The PKI reference says 
for version 3.2 and 3.3.  Is the documentation still correct for version 4.2?


At this point I am trying to find out where the problems exists - ie.

#1 Is my client not configured correctly?

#2 Am I using the wrong cert?  (I think I am using the correct cert based on 
the research I listed above)

#3 Does my client need to be able to send a pasword?  (based on the contents of 
the .vv file, I'd have to guess yes)

Also my xml file for the VM in question contains this:

 
Please note:  I did not perform any hand configuration of the xml file, it was 
all done by the system using the UI.
#4 Can I configure a file on the system to turn off ticketing and passwords and 
see if that makes a difference, if so, what file?

#5  Can someone explain this error?

140400191081600:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert 
internal error:s3_pkt.c:1493:SSL alert number 80
((null):27595): Spice-Warning **:reds_stream.c:379:reds_stream_ssl_accept: 
SSL_accept failed, error=1

What I know about it is this:
According to RFC 2246, the alert number 80 represents an "internal error".  
Here is the description from the RFC
internal_error: An internal error unrelated to the peer or the correctness of 
the protocol makes it impossible to continue (such as a memory allocation 
failure). This message is always fatal.

#6 Could this error be related to any of #1 through #4 above?

Thanks!



From: Karli Sjöberg <ka...@inparadise.se>
Sent: Tuesday, February 20, 2018 2:56 AM
To: Tomas Jelinek; Jeremy Tourville
Cc: users@ovirt.org
Subject: Re: [ovirt-users] Spice Client Connection Issues Using aSpice

On Tue, 2018-02-20 at 08:59 +0100, Tomas Jelinek wrote:
>
>
> On Mon, Feb 19, 2018 at 7:10 PM, Jeremy Tourville <Jeremy_Tourville@h
> otmail.com> wrote:
> > Hi Tomas,
> > To answer your question, yes I am really trying to use aSpice.
> >
> > I appreciate your suggestion.  I'm not sure if it meets my
> > objective.  Maybe our goals are different?  It seems to me that
> > movirt is built around portable management of the ovirt
> > environment.  I am attempting to provide a VDI type experience for
> > running a vm.  My goal is to run a lab environment with 30
> > chromebooks loaded with a spice clent.  The spice client would of
> > course connect to the 30 vms running Kali and each session would be
> > independent of each other.
> >
>
> yes, it looks like a different use case
>
> > I did  a little further testing with a different client.  (spice
> > plugin for chrome).  When I attempted to connect using that client
> > I got a slightly different error message.  The message still seemed
> > to be of the same nature- i.e.: there is a problem with SSL
> > protocol and communication.
> >
> > Are you suggesting that movirt can help set up the proper
> > certficates and config the vms to use spice?  Thanks!
> >
>
> moVirt has been developed for quite some time and works pretty well,
> this is why I recommended it. But anyway, you have a different use
> case.
>
> What I think the issue is, is that oVirt can have different CAs set
> for console communication and for API. And I think you are trying to
> configure aSPICE to use the one for API.
>
> What moVirt does to make sure it is using the correct CA to put into
> the aSPICE is that it downloads the .vv file of the VM (e.g. you can
> just connect to console using webadmin and save the .vv file
> somewhere), parse it and use the CA= part from it as a certificate.
> This one is guaranteed to be the correct one.
>
> For more details about what else it takes from the .vv file you can
>

Re: [ovirt-users] Spice Client Connection Issues Using aSpice

2018-02-19 Thread Jeremy Tourville 
Hi Tomas,

To answer your question, yes I am really trying to use aSpice.


I appreciate your suggestion.  I'm not sure if it meets my objective.  Maybe 
our goals are different?  It seems to me that movirt is built around portable 
management of the ovirt environment.  I am attempting to provide a VDI type 
experience for running a vm.  My goal is to run a lab environment with 30 
chromebooks loaded with a spice clent.  The spice client would of course 
connect to the 30 vms running Kali and each session would be independent of 
each other.


I did  a little further testing with a different client.  (spice plugin for 
chrome).  When I attempted to connect using that client I got a slightly 
different error message.  The message still seemed to be of the same nature- 
i.e.: there is a problem with SSL protocol and communication.


Are you suggesting that movirt can help set up the proper certficates and 
config the vms to use spice?  Thanks!



From: Tomas Jelinek <tjeli...@redhat.com>
Sent: Monday, February 19, 2018 4:19 AM
To: Jeremy Tourville
Cc: users@ovirt.org
Subject: Re: [ovirt-users] Spice Client Connection Issues Using aSpice



On Sun, Feb 18, 2018 at 5:32 PM, Jeremy Tourville 
<jeremy_tourvi...@hotmail.com<mailto:jeremy_tourvi...@hotmail.com>> wrote:

Hello,

I am having trouble connecting to my guest vm (Kali Linux) which is running 
spice. My engine is running version: 4.2.1.7-1.el7.centos.

I am using oVirt Node as my host running version: 4.2.1.1.


I have taken the following steps to try and get everything running properly.

  1.  Download the root CA certificate 
https://ovirtengine.lan/ovirt-engine/services/pki-resource?resource=ca-certificate=X509-PEM-CA
  2.  Edit the vm and define the graphical console entries.  Video type is set 
to QXL, Graphics protocol is spice, USB support is enabled.
  3.  Install the guest agent in Debian per the instructions here - 
https://www.ovirt.org/documentation/how-to/guest-agent/install-the-guest-agent-in-debian/
  It is my understanding that installing the guest agent will also install the 
virt IO device drivers.
  4.  Install the spice-vdagent per the instructions here - 
https://www.ovirt.org/documentation/how-to/guest-agent/install-the-spice-guest-agent/
  5.   On the aSpice client I have imported the CA certficate from step 1 
above.  I defined the connection using the IP of my Node and TLS port 5901.

are you really using aSPICE client (e.g. the android SPICE client?). If yes, 
maybe you want to try to open it using moVirt 
(https://play.google.com/store/apps/details?id=org.ovirt.mobile.movirt=en) 
which delegates the console to aSPICE but configures everything including the 
certificates on it. Should be much simpler than configuring it by hand..


To troubleshoot my connection issues I confirmed the port being used to listen.
virsh # domdisplay Kali
spice://172.30.42.12?tls-port=5901<http://172.30.42.12?tls-port=5901>

I see the following when attempting to connect.
tail -f /var/log/libvirt/qemu/Kali.log

140400191081600:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert 
internal error:s3_pkt.c:1493:SSL alert number 80
((null):27595): Spice-Warning **: reds_stream.c:379:reds_stream_ssl_accept: 
SSL_accept failed, error=1

I came across some documentation that states in the caveat section "Certificate 
of spice SSL should be separate certificate."
https://www.ovirt.org/develop/release-management/features/infra/pki/

Is this still the case for version 4?  The document references version 3.2 and 
3.3.  If so, how do I generate a new certificate for use with spice?  Please 
let me know if you require further info to troubleshoot, I am happy to provide 
it.  Many thanks in advance.
<https://www.ovirt.org/develop/release-management/features/infra/pki/>









___
Users mailing list
Users@ovirt.org<mailto:Users@ovirt.org>
http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Spice Client Connection Issues Using aSpice

2018-02-18 Thread Jeremy Tourville 
Hello,

I am having trouble connecting to my guest vm (Kali Linux) which is running 
spice. My engine is running version: 4.2.1.7-1.el7.centos.

I am using oVirt Node as my host running version: 4.2.1.1.


I have taken the following steps to try and get everything running properly.

  1.  Download the root CA certificate 
https://ovirtengine.lan/ovirt-engine/services/pki-resource?resource=ca-certificate=X509-PEM-CA
  2.  Edit the vm and define the graphical console entries.  Video type is set 
to QXL, Graphics protocol is spice, USB support is enabled.
  3.  Install the guest agent in Debian per the instructions here - 
https://www.ovirt.org/documentation/how-to/guest-agent/install-the-guest-agent-in-debian/
  It is my understanding that installing the guest agent will also install the 
virt IO device drivers.
  4.  Install the spice-vdagent per the instructions here - 
https://www.ovirt.org/documentation/how-to/guest-agent/install-the-spice-guest-agent/
  5.   On the aSpice client I have imported the CA certficate from step 1 
above.  I defined the connection using the IP of my Node and TLS port 5901.

To troubleshoot my connection issues I confirmed the port being used to listen.
virsh # domdisplay Kali
spice://172.30.42.12?tls-port=5901

I see the following when attempting to connect.
tail -f /var/log/libvirt/qemu/Kali.log

140400191081600:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert 
internal error:s3_pkt.c:1493:SSL alert number 80
((null):27595): Spice-Warning **: reds_stream.c:379:reds_stream_ssl_accept: 
SSL_accept failed, error=1

I came across some documentation that states in the caveat section "Certificate 
of spice SSL should be separate certificate."
https://www.ovirt.org/develop/release-management/features/infra/pki/

Is this still the case for version 4?  The document references version 3.2 and 
3.3.  If so, how do I generate a new certificate for use with spice?  Please 
let me know if you require further info to troubleshoot, I am happy to provide 
it.  Many thanks in advance.









___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Hossted Engine Setup Fails - Failed to execute stage 'Misc configuration': [Errno 1] Operation not permitted:

2017-12-02 Thread Jeremy Tourville 
The full on-screen message is:

Failed to execute stage 'Misc configuration': [Errno 1] Operation not 
permitted: 
'/var/run/vdsm/storage/a3964421-dc4a-45d9-ac24-3ce4e5972d1e/50178ece-273e-47fe-8083-be10923c0c74'
Hosted Engine deployment failed: this system is not reliable, please check the 
issue,fix and redeploy

I have tried deploying the self hosted engine using both the UI as well as CLI 
(even though not recommended) to see if there was any difference.  There was 
not, both methods fail with the same error message.

I was able however, to deploy the engine on a separate host and complete my 
setup.  This proved to me that there was nothing wrong with my NFS storage 
setup AFAIK.


It is my goal to have an all in one setup so the self hosted method would be my 
preferred solution.  I have attached a log for review:

https://pastebin.com/CfZzAm4P




Many thanks in advance for your assistance!








[https://pastebin.com/i/facebook.png]

2017-12-02 14:33:39 DEBUG otopi.context context.dumpEnvironment:760 ENVIRONMENT 
- Pastebin.com
pastebin.com


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users