Re: [ovirt-users] Permissions to Import VMs

2017-05-20 Thread Arik Hadas
On Sat, May 20, 2017 at 12:15 AM, Peter Wood  wrote:

> I did create a bug report and it was closed with the explanation that
> UserVmManager role is not assigned because I'm using the Administration
> portal... (???). What other portal do I use? Import/Export is Admin type
> operation.
>
> See here:
> https://bugzilla.redhat.com/show_bug.cgi?id=1451501
>
>
> Very simple steps to test it:
>
> - Create a local user called LocalUserA
>
> - Grant permissions to create VMs in DEV1 cluster and Import/Export VMs:
>
> LocalUserA -> [PowerUserRole] -> DEV1 (Cluster)
> LocalUserA -> [PowerUserRole] -> SAN (Storage Data Master)
> LocalUserA -> [VmImporterExporter] -> DEV1 (Cluster)
> LocalUserA -> [VmImporterExporter] -> SAN (Storage Data Master)
> LocalUserA -> [VmImporterExporter] -> SD-Export (Storage Export type)
>
> - Login to the Administration Portal as LocalUserA@internal
>
> - Create a VM, Export the VM, Import the VM
>
>   Role UserVmManager is not set for the imported VM.
>   User LocalUserA can not even boot up the VM due to insufficient
> permissions.
>
> How do I setup LocalUserA so it can import VMs and work with them?
>
>
Thanks for this information Peter.
I proposed a patch. Let's discuss it in bugzilla.


> Thank you,
>
> -- Peter
>
>
> On Tue, May 16, 2017 at 4:11 AM, Arik Hadas  wrote:
>
>>
>>
>> On Mon, May 15, 2017 at 11:36 PM, Peter Wood 
>> wrote:
>>
>>> Hi,
>>>
>>> I have a group of local users with permissions to create VMs, templates,
>>> and VMs from templates. They are allowed to work only in one of the
>>> clusters in the datacenter.
>>>
>>> Now I want one of the local users to be able to import VMs and convert
>>> them into templates and I just can't find the recipe for that.
>>>
>>> The group has these permissions:
>>>
>>> LocalUsersGroup -> [PowerUserRole] -> DEV1 (Cluster)
>>> LocalUsersGroup -> [PowerUserRole] -> SAN (Storage)
>>> LocalUsersGroup -> [TemplateCreator] -> OFFICE (Datacenter)
>>>
>>> LocalUserA is part of LocalUsersGroup and should be able to:
>>>   - Import a VM
>>>   - Convert the VM to a template for everyone to use
>>>   - Delete the VM
>>>
>>> I tried this: LocalUserA -> [VmImporterExporter] -> System
>>>
>>> LocalUserA can now import VMs and convert them to templates but it can't
>>> delete the imported VMs. For some reason [UserVmManager] role is not
>>> assigned to LocalUserA on the VMs that were imported.
>>>
>>
>> Right, that seems to be a bug. The import operation should set the user
>> that executes it with UserVmManager role on the imported VM, just like add
>> VM does for regular VM creation.
>> Could you please file a bug?
>>
>>
>>>
>>> Before I start messing around I'd appreciate somebody's else opinion on
>>> how this should be done.
>>>
>>>
>> Thank you for your time,
>>>
>>> -- Peter
>>>
>>>
>>>
>>> ___
>>> Users mailing list
>>> Users@ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>>
>>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Internet access for oVirt Nodes?

2017-05-20 Thread Matthias Leopold

Am 2017-05-16 22:01, schrieb Ryan Barry:

On Mon, May 15, 2017 at 1:09 PM, Matthias Leopold
 wrote:


thanks, i guess configuring repositories in oVirt Node can only be
achieved when using Foreman/Satellite integration, is that correct?
i've just started to use oVirt Node and i'm beginning to realize
that things are a _little_ bit different compared to a standard
linux host.


Well, yes/no. We whitelist which packages are able to be updated from
the oVirt repositories and disable the base centos repositories, but
you can easily change "enabled=0" to "enabled=1" in any of them, or
add your own repos just like you would with CentOS.

In general, I'd recommend not including updates for any packages which
are part of Node itself, but that decision is yours to make.


this brings me to another update related question:
right now oVirt Nodes in my test environment can connect to the
internet and there recently was an update available which i applied
through the engine gui, which seemed to finish successfully. i
remember wondering how i could check what actually changend, there
was eg. no kernel change IIRC. today i discovered that on both
updated hosts /tmp/imgbased.log exists and ends in an error:


Node is still an A/B image, so you'd need to reboot in order to see a
new kernel, if it's part of a new image.


subprocess.CalledProcessError: Command '['lvcreate', '--thin',
'--virtualsize', u'8506048512B', '--name',
'ovirt-node-ng-4.1.1.1-0.20170406.0', u'HostVG/pool00']' returned
non-zero exit status 5

i have to mention i manually partitioned my oVirt Node host when i
installed it from the installer ISO (because i want to use software
raid).
i used partitioning recommendations from
https://bugzilla.redhat.com/show_bug.cgi?id=1369874 [1] (doubling
size recommendations).


As long as you're thinly provisioned, this should update normally,,
though I have to say that I haven't tried software RAID.


did my oVirt Node update complete successfully?
how can i check this?
why was there an lvcreate error?


I'll try to reproduce this, but attempting the lvcreate by hand may
give some usable debugging information.


'imgbase layout' says:
ovirt-node-ng-4.1.1.1-0.20170406.0
+- ovirt-node-ng-4.1.1.1-0.20170406.0+1


If 'imgabase layout' only shows these, then it's likely that it didn't
update. Node uses LVM directly, so "lvm lvs" may show a new device,
but from the command above, I'm guessing it wasn't able to create it.
I'd suspect that it wasn't able to create it because it's the same
version, and LVM sees a duplicate LV. Can you attach your engine log
(or the yum log from the host) so we can see what it pulled?


ok, after _hours_ of debugging and reinstalling i came to the following 
conclusion (which may point to a bug):


when i install oVirt Node from the 
ovirt-node-ng-installer-ovirt-4.1-2017040614.iso, register the Node in 
my engine and check for updates the engine tells me about an available 
update. when i apply this update everything seems to be ok (and in fact 
everything _is_ ok). what happens as an "update" is that the packages 
ovirt-node-ng-image-4.1.1.1-1.el7.centos.noarch and 
ovirt-node-ng-image-update-4.1.1.1-1.el7.centos.noarch are installed and 
the postinstall script for ovirt-node-ng-image-update is executed which 
calls "imgbase update". this fails with the above mentioned lvcreate 
error because it's the same version and the volume is already there 
(like you suspected). why this useless "update" happens is beyond me, 
but because i never before saw a "real" update and i'm using this 
non-standard setup with software raid and manual partitioning i was so 
anxious that something might be wrong in my setup that i desperately 
looked for an explanation to this "error". what helped to understand was 
a "real" update from version 4.1.1 to 4.1.1.1. i hope all of this might 
be of use to somebody, i spent a lot of time, but now i'm ok...


thx
matthias
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] How to use virt-sysprep

2017-05-20 Thread Arik Hadas
On Fri, May 19, 2017 at 9:42 PM, Joel Diaz  wrote:

> Arik,
>
> After adding the snapshot repo, and updating the engine, I now see the
> seal option.
>

Great. Note that you probably need to update the hosts with the snapshot
repository as well for this operation to work.


>
> Thanks again,
>
> Joel
>
>
>
> On May 19, 2017 1:07 PM, "Arik Hadas"  wrote:
>
>>
>>
>> On Fri, May 19, 2017 at 7:22 PM, Joel Diaz  wrote:
>>
>>> I ran yum update on my three host and the engine VM so I believe an up
>>> to date on all the packages. How can I check if I am on version 4.1.2?
>>>
>>
>> You can find the engine's version in the 'About' dialog (at the top-right
>> corner of the screen of the webadmin). If you don't use the
>> 'ovirt-4.1-snapshot' repository then it makes sense that you didn't get
>> this update yet.
>>
>>
>>> I restarted the httpd and ovirt-engine service after the updates, but
>>> still don't the seal option.
>>>
>>> Thanks,
>>>
>>> On May 19, 2017 11:49 AM, "Arik Hadas"  wrote:
>>>
>>>
>>>
>>> On Fri, May 19, 2017 at 4:10 PM, Joel Diaz  wrote:
>>>
 Arik,

 Very cool. It's exactly what I was looking for.

 However, I don't see that checkbox. I've attached an image of what the
 template window looks like on my end. Maybe I'm looking in the wrong place?

>>>
>>> No , you're looking at the right place. This feature got in pretty late
>>> in the release cycle of 4.1, so it is available from 4.1.2. Maybe the
>>> version you are using is lower than that?
>>>
>>>

 Thanks for the response,

 On May 18, 2017 12:29 PM, "Arik Hadas"  wrote:

>
>
> On Thu, May 18, 2017 at 10:40 AM, Luca 'remix_tj' Lorenzetto <
> lorenzetto.l...@gmail.com> wrote:
>
>> Hello Joel,
>>
>> as far as i know, virt-sysprep has to be executed inside the VM before
>> cloning it to template. This removes some infos from the VM like udev
>> rules & ssh keys.
>>
>>
> So this has changed in 4.1. You can now choose to seal a template
> during its creation. This will take a VM, that may have not been sealed,
> create a template out of it and then invoke virt-sysprep on the template's
> disks.
>
> Joel, in the 'make template' dialog you'll see a checkbox (at the
> bottom) for 'Seal Template' that will do the trick. There is also a 'seal'
> parameter in the REST-API, of course [1].
>
> [1] https://github.com/oVirt/ovirt-engine-api-model/blob/mas
> ter/src/main/java/services/TemplatesService.java#L168
>
>
>>
>> Luca
>>
>> On Wed, May 17, 2017 at 8:53 PM, Joel Diaz 
>> wrote:
>> > Good afternoon ovirt users,
>> >
>> > I'm new to ovirt. I've created templates in the past using this
>> guide,
>> > https://github.com/rharmonson/richtech/wiki/CentOS-7-1511-Mi
>> nimal-oVirt-Template
>> > .
>> >
>> > I was going over the list of features and stumbled on to
>> virt-sysprep.
>> >
>> > http://www.ovirt.org/develop/release-management/features/vir
>> t-sysprep/
>> >
>> >  http://libguestfs.org/virt-sysprep.1.html
>> >
>> > How can I use virt-sysprep from within ovirt to create templates?
>> >
>> > Thank you for your help,
>> >
>> > Joel
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > Joel
>> >
>> >
>> > ___
>> > Users mailing list
>> > Users@ovirt.org
>> > http://lists.ovirt.org/mailman/listinfo/users
>> >
>>
>>
>>
>> --
>> "E' assurdo impiegare gli uomini di intelligenza eccellente per fare
>> calcoli che potrebbero essere affidati a chiunque se si usassero delle
>> macchine"
>> Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
>>
>> "Internet è la più grande biblioteca del mondo.
>> Ma il problema è che i libri sono tutti sparsi sul pavimento"
>> John Allen Paulos, Matematico (1945-vivente)
>>
>> Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <
>> lorenzetto.l...@gmail.com>
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>
>
>>>
>>>
>>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] oVirt Power Management with Cisco UCS C220 M4S

2017-05-20 Thread Abi Askushi
Hi All,

For anyone that might stumble on a Cisco UCS C220 M4S and wondering how to
configure power management. below are the steps to configure it, as it took
me some hours to figure it out...

1. enable IPMI on server. (Cisco has this documented)

2. at ovirt GUI, edit host -> power management, then select "ipmilan" and
add *lanplus=1* as an option. (the bold one was the tricky part)

To test from command line:
 ipmitool -I lanplus -H  -U admin -P somepass -v chassis power
status
It will give the response: "Chassis Power is on"

Alex
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] Error in attaching export storage domain

2017-05-20 Thread shubham dubey
I have a export storage domain myexport in dc0 with one vm moved to it.Now
when I am trying to
detach it and attach it to another datacenter dc1, I am getting following
error:


017-05-20 16:52:31,694+05 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(org.ovirt.thread.pool-7-thread-25) [72a6de4f] EVENT_ID:
VDS_STORAGES_CONNECTION_FAILED(188), Correlation ID: null, Call Stack:
null, Custom Event ID: -1, Message: Failed to connect Host node2dc1 to the
Storage Domains myexport.
2017-05-20 16:52:31,694+05 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.ConnectStorageServerVDSCommand]
(org.ovirt.thread.pool-7-thread-25) [72a6de4f] FINISH,
ConnectStorageServerVDSCommand, return:
{b7acd809-af92-4c6d-84c5-327550208bf1=477}, log id: 4f995793
2017-05-20 16:52:31,699+05 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(org.ovirt.thread.pool-7-thread-25) [72a6de4f] EVENT_ID:
STORAGE_DOMAIN_ERROR(996), Correlation ID: null, Call Stack: null, Custom
Event ID: -1, Message: The error message for connection
192.168.122.145:/mnt/exportsd
returned by VDSM was: Problem while trying to mount target
2017-05-20 16:52:31,701+05 ERROR
[org.ovirt.engine.core.bll.storage.connection.BaseFsStorageHelper]
(org.ovirt.thread.pool-7-thread-25) [72a6de4f] The connection with details
'192.168.122.145:/mnt/exportsd' failed because of error code '477' and
error message is: problem while trying to mount target
2017-05-20 16:52:31,706+05 ERROR
[org.ovirt.engine.core.bll.storage.connection.ConnectStorageToVdsCommand]
(org.ovirt.thread.pool-7-thread-25) [72a6de4f] Transaction rolled-back for
command
'org.ovirt.engine.core.bll.storage.connection.ConnectStorageToVdsCommand'.
2017-05-20 16:52:31,707+05 ERROR
[org.ovirt.engine.core.bll.storage.domain.AttachStorageDomainToPoolCommand]
(org.ovirt.thread.pool-7-thread-27) [96ebeffb-dffa-4bdb-bea7-ffa330f8374d]
Cannot connect storage connection server, aborting attach storage domain
operation.
2017-05-20 16:52:31,708+05 INFO
[org.ovirt.engine.core.bll.storage.domain.AttachStorageDomainToPoolCommand]
(org.ovirt.thread.pool-7-thread-27) [96ebeffb-dffa-4bdb-bea7-ffa330f8374d]
Command [id=d5ed8604-ae17-4d61-b5a2-929b36bf0e64]: Compensating
NEW_ENTITY_ID of
org.ovirt.engine.core.common.businessentities.StoragePoolIsoMap; snapshot:
StoragePoolIsoMapId:{storagePoolId='eee50640-deea-4668-8168-a9f31a8bc006',
storageId='04e2444d-990e-48b1-957b-833375ba7b3d'}.
2017-05-20 16:52:31,752+05 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(org.ovirt.thread.pool-7-thread-27) [96ebeffb-dffa-4bdb-bea7-ffa330f8374d]
EVENT_ID: USER_ATTACH_STORAGE_DOMAIN_TO_POOL_FAILED(963), Correlation ID:
96ebeffb-dffa-4bdb-bea7-ffa330f8374d, Job ID:
7538f0a0-90b6-414f-a62d-3d6a3287349a, Call Stack: null, Custom Event ID:
-1, Message: Failed to attach Storage Domain myexport to Data Center dc1.
(User: admin@internal-authz)

Thanks,
Shubham
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users