Re: [ovirt-users] oVirt 3.6 AAA LDAP cannot not log in when end of UPN is different from domain base

2016-03-27 Thread Karli Sjöberg

> On 26 Mar 2016, at 21:32, Ondra Machacek  wrote:
> 
> On 03/26/2016 02:09 PM, Karli Sjöberg wrote:
>> 
>>> On 26 Mar 2016, at 13:49, Karli Sjöberg >> > wrote:
>>> 
>>> 
 On 26 Mar 2016, at 11:35, Ondra Machacek > wrote:
 
 For me it's working completelly fine:
 
 ...
 config.mapUser.type = regex
 config.mapUser.regex.pattern = ^(?[^@]*)$
 config.mapUser.regex.replacement = ${user}@DOMAINX.com
 
 config.mapUser.regex.mustMatch = false
 ...
 
 $ ovirt-engine-extensions-tool aaa login-user
 --password=pass:password --user-name=user@DOMAINY --profile=ad
 
 INFOAPI: -->Mapping.InvokeCommands.MAP_USER profile='ad'
 user='user@DOMAINY'
 INFOAPI: <--Mapping.InvokeCommands.MAP_USER profile='ad'
 user='user@DOMAINY'
 
 $ ovirt-engine-extensions-tool aaa login-user
 --password=pass:password --user-name=user --profile=ad
 
 INFOAPI: -->Mapping.InvokeCommands.MAP_USER profile='ad' user='user'
 INFOAPI: <--Mapping.InvokeCommands.MAP_USER profile='ad'
 user='u...@domainx.com '
 
 As you can see it's correctly mapped.
 
 Please check once again the regex is correct, if it still won't work,
 please send log output again.
>>> 
>>> /etc/ovirt-engine/extensions.d/mapping-suffix.properties:
>>> ovirt.engine.extension.name = mapping-suffix
>>> ovirt.engine.extension.bindings.method = jbossmodule
>>> ovirt.engine.extension.binding.jbossmodule.module =
>>> org.ovirt.engine-extensions.aaa.misc
>>> ovirt.engine.extension.binding.jbossmodule.class
>>> = org.ovirt.engineextensions.aaa.misc.mapping.MappingExtension
>>> ovirt.engine.extension.provides =
>>> org.ovirt.engine.api.extensions.aaa.Mapping
>>> config.mapUser.type = regex
>>> config.mapUser.regex.pattern = ^(?[^@]*)$
>>> config.mapUser.regex.replacement = ${user}@foo.bar
>>> config.mapUser.regex.mustMatch = false
>>> 
>>> # ovirt-engine-extensions-tool --log-level=FINEST aaa login-user
>>> --profile=baz.foo.bar-new --user-name=u...@baz.foo.bar
>>> 
>>> # grep Mapping.InvokeCommands.MAP_USER login.log
>>> 2016-03-26 13:27:40 INFOAPI: -->Mapping.InvokeCommands.MAP_USER
>>> user='u...@baz.foo.bar '
>>> 2016-03-26 13:27:40 INFOAPI: <--Mapping.InvokeCommands.MAP_USER
>>> user='u...@baz.foo.bar '
>>> 
>>> And here is the log:
>>> https://dropoff.slu.se/index.php/s/SK9T8vOUO7yB3PM/download
>>> 
>>> /K
>> 
>> Eureka! I changed ‘vars.user’ in ‘baz.foo.bar-new.properties’ from one
>> with suffix ‘@baz.foo.bar’ to mine that has a ‘@foo.bar’ ending and now
>> it works, for some reason. Very strange, but anyway... How do I go about
>> changing from UPN to samAccountName, if I´d want that instead?
> 
> Well, we support only UPN, because sam support only 15characters in username.

OK, thank you. From here comes the really daunting part, which is to go through 
all the VMs, check their permissions, add same user(s) from the new provider 
and delete the old. Probably going to start a new thread for doing that with 
Python, but I´ll cross that bridge when I get to it, this was only a virtual 
test environment for going from 3.4 to 3.6.

/K

> 
>> 
>> /K
>> 
>>> 
 
 On 03/26/2016 10:07 AM, Karli Sjöberg wrote:
> What the heck, my message disappeares! Trying again.
> 
> Ok, so it's mapping now but the only thing working is:
> config.mapUser.regex.pattern = u...@baz.foo.bar
> 
> config.mapUser.regex.replacement = u...@foo.bar 
> 
> And that isn't very useful. Please advice!
> 
> /K
> 
> On 03/25/2016 12:26 AM, Karli Sjöberg wrote:
>> 
>> Den 25 mars 2016 12:10 fm skrev Karli Sjöberg > >:
>> >
>> >
>> > Den 24 mars 2016 11:26 em skrev Ondra Machacek
>> >:
>> > >
>> > > On 03/24/2016 11:14 PM, Karli Sjöberg wrote:
>> > > >
>> > > > Den 24 mars 2016 7:26 em skrev Ondra Machacek
>> >:
>> > > >  >
>> > > >  > On 03/24/2016 06:16 PM, Karli Sjöberg wrote:
>> > > >  > > Hi!
>> > > >  > >
>> > > >  > >
>> > > >  > > Starting new thread instead of jacking someone else´s.
>> > > >  > >
>> > > >  > >
>> > > >  > > Managed to migrate from old 'engine-manage-domains' auth to
>> > > > aaa-ldap using:
>> > > >  > >
>> > > >  > > #| ovirt-engine-kerbldap-migration-tool --domain
>> baz.foo.bar
>> --cacert
>> > > >  > > /tmp/ca.crt --apply
>> > > >  > > |
>> > > >  > >
>> > > >  > >
>> > > >  > > All OK, no errors, but cannot 

Re: [ovirt-users] bug in disks QOS

2016-03-27 Thread Roy Golan
On Fri, Mar 25, 2016 at 12:22 PM, Fabrice Bacchella <
fabrice.bacche...@orange.fr> wrote:

> I attached a image disk to a VM , but set it using the wrong disk profile,
> I powered off the VM, and then tried to change it on the GUI.
>
> The operation in the GUI is ok.
>
> Need more of the log if you don't see the profiles changing. Please share
a bigger w or the whole log.



But nothing is done.
>
> And in the log I get:
> 2016-03-25 10:12:10,467 INFO
> [org.ovirt.engine.core.bll.UpdateVmDiskCommand] (default task-26) [2f3b7d9]
> Lock Acquired to object 'EngineLock:{exclusiveLocks='null',
> sharedLocks='[a32e1043-a5a5-4e4c-8436-f7b7a4ff644c= ACTION_TYPE_FAILED_VM_IS_LOCKED>]'}'
> 2016-03-25 10:12:10,608 INFO
> [org.ovirt.engine.core.bll.UpdateVmDiskCommand] (default task-26) [2f3b7d9]
> Running command: UpdateVmDiskCommand internal: false. Entities affected :
> ID: 55d2be6b-7a78-4712-82be-b725b7812db8 Type: DiskAction group
> EDIT_DISK_PROPERTIES with role type USER
> 2016-03-25 10:12:10,794 INFO
> [org.ovirt.engine.core.bll.UpdateVmDiskCommand] (default task-26) [2f3b7d9]
> Lock freed to object 'EngineLock:{exclusiveLocks='null',
> sharedLocks='[a32e1043-a5a5-4e4c-8436-f7b7a4ff644c= ACTION_TYPE_FAILED_VM_IS_LOCKED>]'}'
> 2016-03-25 10:12:10,808 INFO
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (default task-26) [2f3b7d9] Correlation ID: 2f3b7d9, Call Stack: null,
> Custom Event ID: -1, Message: VM test test_Disk3 disk was updated by
> FA4@apachesso.
>
>
> It says "with role type USER" but I'm logged as a super admin
>
>
I know its confusing a bit.

The RoleType is an indirect property of an action, in that case
UpdateVmDisk. Every action has an ActionGroup, and each Action has a
RoleType, and this is used to allow/prevent or display behaviour.

So looking at VdcActionType.java and ActionGroup.java, you can see the
declaration.

VdcActionType.java

UpdateVmDisk(34, ActionGroup.CONFIGURE_VM_STORAGE, false,
QuotaDependency.STORAGE),

ActionGroup.java

CONFIGURE_VM_STORAGE(10, RoleType.USER, true, ApplicationMode.VirtOnly),




The set up is totally new, on dedicated centos 7.2, running
> 3.6.3.4-1.el7.centos.
>
>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] ovirt - unsupported GFS config ??

2016-03-27 Thread Sahina Bose

Stripe is not supported.

What you need to do instead is turn on sharding for the volume.

So:

gluster volume create 12HP12-S2R3A1P2 replica 3 arbiter 1 
1hp1:/STORAGES/P2/GFS 1hp2:/STORAGES/P2/GFS 
kvmarbiter:/STORAGES/P2-1/GFS  force


gluster volume set 12HP12-S2R3A1P2 features.shard on
gluster volume set 12HP12-S2R3A1P2 features.shard-block-size 512MB

If you want to utilize the additional nodes as well, you can change this 
to a distributed replicate volume - instead of the volume creation in 
step above , use below


gluster volume create 12HP12-S2R3A1P2 replica 3 arbiter 1 
1hp1:/STORAGES/P2/GFS 1hp2:/STORAGES/P2/GFS 
kvmarbiter:/STORAGES/P2-1/GFS 2hp1:/STORAGES/P2/GFS 
2hp2:/STORAGES/P2/GFS  kvmarbiter:/STORAGES/P2-2/GFS  force



On 03/24/2016 07:49 PM, p...@email.cz wrote:

Hello,
I tried create stripe 2 replica 3 arbiter1 gluster volume for testing.
So , glusterFS such type from commandline was successfull, but domain 
creation looks to be unsupported. with oVirt message "Error while 
executing action AddGlusterFsStorageDomain: Storage Domain target is 
unsupported".

Cam U tell me if is it  error or really unsuported ??

exam:
gluster volume create 12HP12-S2R3A1P2 stripe 2 replica 3 arbiter 1 
1hp1:/STORAGES/P2/GFS 1hp2:/STORAGES/P2/GFS 
kvmarbiter:/STORAGES/P2-1/GFS 2hp1:/STORAGES/P2/GFS 
2hp2:/STORAGES/P2/GFS  kvmarbiter:/STORAGES/P2-2/GFS  force



RHEL 7-2.1511
vdsm - vdsm-4.17.23-1.el7
gluster - glusterfs-3.7.9-1.el7
ovirt - 3.5.6.2-1

regs.Pavel


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] VM get stuck randomly

2016-03-27 Thread Christophe TREFOIS
Hi Nir,

Here is another one, this time with strace of children and gdb dump.

Interestingly, this time, the qemu seems stuck 0%, vs 100% for other cases.

The files for strace are attached. The gdb + core dump is found here (too big):

https://dl.dropboxusercontent.com/u/63261/gdb-core.tar.gz




If it helps, most machines get stuck on the host hosting the self-hosted 
engine, which runs a local 1-node glusterfs.

Thank you for your help,

—
Christophe

Dr Christophe Trefois, Dipl.-Ing.
Technical Specialist / Post-Doc

UNIVERSITÉ DU LUXEMBOURG

LUXEMBOURG CENTRE FOR SYSTEMS BIOMEDICINE
Campus Belval | House of Biomedicine
6, avenue du Swing
L-4367 Belvaux
T: +352 46 66 44 6124
F: +352 46 66 44 6949
http://www.uni.lu/lcsb




This message is confidential and may contain privileged information.
It is intended for the named recipient only.
If you receive it in error please notify me and permanently delete the original 
message and any copies.




> On 25 Mar 2016, at 11:53, Nir Soffer  wrote:
>
> gdb --pid  --batch --eval-command='thread apply all bt'



trace-stuck.tar.gz
Description: trace-stuck.tar.gz
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] VM get stuck randomly

2016-03-27 Thread Christophe TREFOIS
FILE QUARANTINED

Microsoft Forefront Protection for Exchange Server removed a file since it was 
found to be infected.
File name: "winmail.dat"
Malware name: "ExceedinglyNested"
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt Browser Not Optimal

2016-03-27 Thread Andrew Pease
Please disregard, it was a DNS issue. FQDN wasn't resolving. Fixing that
fixed the issue.

I apologize.

On Sat, Mar 26, 2016 at 8:51 AM, Andrew Pease  wrote:

> I know this has been mentioned several times, but I'm unable to find a
> solution.
>
> On my Mac, I've tried Firefox, Chrome, Safari
> On Linux, I've tried Iceweasel and Firefox
> On Windows, I've tried Edge
>
> All of these state that the browser is not optimal and things either never
> render, or in the case of FF, render after about 2-3 minutes per click.
> Beyond the occasional break in speed, the browsers are completely
> inoperational.
>
> I'm at the end of the "oVirt Installation" in the oVirt Quick Start Guide (
> https://www.ovirt.org/documentation/quickstart/quickstart-guide/).
> There's a lot of mention around Spice, but I think that's something further
> down the road after I can interact with the Engine portal.
>
> Any help would be appreciated on figuring out what secret handshake is
> needed to get a usable browser
>
> oVirt Engine:
> Version 3.6.3.4-1.el7.centos
> CentOS 7.2
>
> Thanks in advance.
>



-- 

- Andrew D. Pease
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] How to connect a VM with a port = -1

2016-03-27 Thread zhangjian

hi, Romani


Thank for your help.

> Does this happen consistently or just sporadically? Which version of 
packages are you using?


This issue happen consistently.

VDSM Packages:
vdsm-xmlrpc-4.16.36-1.el6ev.noarch
vdsm-python-4.16.36-1.el6ev.noarch
vdsm-jsonrpc-4.16.36-1.el6ev.noarch
vdsm-python-zombiereaper-4.16.36-1.el6ev.noarch
vdsm-yajsonrpc-4.16.36-1.el6ev.noarch
vdsm-cli-4.16.36-1.el6ev.noarch
vdsm-4.16.36-1.el6ev.x86_64



Regards
kenn


在 2016年03月25日 15:48, Francesco Romani 写道:




*From: *"zhangjian" 
*To: *users@ovirt.org
*Sent: *Friday, March 25, 2016 5:13:28 AM
*Subject: *[ovirt-users]  How to connect a VM with a port = -1

Hi guys,


I created a VM in ovirt, and I found it a port = -1, How can I
connect to it using like remote-viewer.

--
console.vv

[virt-viewer]
type=spice
host=XXX.XXX.XXX.XXX
port=-1
password=J4xu1swd59A5
# Password is valid for 120 seconds.
delete-this-file=1
fullscreen=0
title=test:%d
toggle-fullscreen=shift+f11
...
...
...
--

I usually use the following command to connect to my VM when it
has a positive value。
remote-viewer spice://XXX.XXX.XXX.XXX:590X


Hi,

-1 is what Engine sends to trigger auto allocation of spice ports from 
libvirt on the virtualization Host.
Once the VM is booted, Vdsm should report the port allocated by 
libvirt to Engine.


Does this happen consistently or just sporadically? Which version of 
packages are you using?



Bests,

--
Francesco Romani
RedHat Engineering Virtualization R & D
Phone: 8261328
IRC: fromani




___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users