Re: [Users] Ovirt engine.log show WARN before login to web administration portal
- Original Message - > From: "Mohsen Saeedi" > To: "Roy Golan" > Cc: users@ovirt.org > Sent: Sunday, September 2, 2012 4:28:03 PM > Subject: Re: [Users] Ovirt engine.log show WARN before login to web > administration portal > > I attached the logs (engine.log, engine.log.1) The UI is fetching configuration values from the backend to complete the rendering and I see several seconds passes between each GetConfigurationValue query so it could be that javascript performance is slow or the TCP round-trip between UI and backend is long. > > > > Roy Golan wrote on Sun, 2 Sep 2012 07:49:38 -0400 > (EDT): > > - Original Message - > > From: "Mohsen Saeedi" To: "Itamar Heim" > Cc: users@ovirt.org Sent: Sunday, September 2, > 2012 2:24:21 PM > Subject: Re: [Users] Ovirt engine.log show WARN before login to web > administration portal > > > Now i'm using internal authentication. no directory server is used. > I have just one admin@internal user. but in the most time, it's very > slow to login. I have 3 Ovirt server but i have this problem on one > of them. > Thanks to understand if its a slow login or the UI takes time to load > (browser/client issue?) we have to start with > /var/log/engine/engine.log. can you attach it? > > Itamar Heim wrote on Sun, 02 Sep 2012 14:21:03 > +0300: > > On 09/02/2012 01:42 PM, Mohsen Saeedi wrote: > > > Hi > I installed Ovirt3.1 and when i'm trying to login to administration > portal i see the below error continuously in the engine.log: > > 2012-09-02 15:07:24,836 WARN > [org.ovirt.engine.core.bll.GetConfigurationValueQuery] > (ajp--0.0.0.0-8009-11) calling GetConfigurationValueQuery > (SearchResultsLimit) with null version, using default general for > version > 2012-09-02 15:07:25,043 WARN > [org.ovirt.engine.core.bll.GetConfigurationValueQuery] > (ajp--0.0.0.0-8009-17) calling GetConfigurationValueQuery > (SearchResultsLimit) with null version, using default general for > version > 2012-09-02 15:07:25,249 WARN > [org.ovirt.engine.core.bll.GetConfigurationValueQuery] > (ajp--0.0.0.0-8009-7) calling GetConfigurationValueQuery > (SearchResultsLimit) with null version, using default general for > version > 2012-09-02 15:07:25,455 WARN > [org.ovirt.engine.core.bll.GetConfigurationValueQuery] > (ajp--0.0.0.0-8009-16) calling GetConfigurationValueQuery > (SearchResultsLimit) with null version, using default general for > version > 2012-09-02 15:07:25,656 WARN > [org.ovirt.engine.core.bll.GetConfigurationValueQuery] > (ajp--0.0.0.0-8009-15) calling GetConfigurationValueQuery > (SearchResultsLimit) with null version, using default general for > version > 2012-09-02 15:07:25,862 WARN > [org.ovirt.engine.core.bll.GetConfigurationValueQuery] > (ajp--0.0.0.0-8009-14) calling GetConfigurationValueQuery > (SearchResultsLimit) with null version, using default general for > version > 2012-09-02 15:07:26,062 WARN > [org.ovirt.engine.core.bll.GetConfigurationValueQuery] > (ajp--0.0.0.0-8009-13) calling GetConfigurationValueQuery > (SearchResultsLimit) with null version, using default general for > version > > I search on the google and i found the bug was reported to redhat > bugzilla.I thin it should be fixed on Ovirt 3.1 . finally the login > process take longer than 5 minutes or i'm not able to login!! > Thanks. > ___ > Users mailing list Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users these warning are > mostly harmless. > which type of authentication provider are you using? > > > ___ > Users mailing list Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Can't add NFS domain
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
(so you've switched discussing on the list. Ok. Let's go this way)
Il 04/09/2012 07:45, Changsen Xu ha scritto:
> [...] I just got vdsm compiled and installed on fresh FC17 (installed
> with live cd), used your 3.4.9 FC16 kernel. Yes, now, engine can add
> it as host, great. But engine still can't add NFS domain. Any idea
> what is happening?
To correctly troubleshoot your issues, please, ensure you're following
_all_ the steps suggested here:
http://wiki.ovirt.org/wiki/Troubleshooting_NFS_Storage_Issues
In particular:
1 - confirm your node are running the 3.4 kernel (uname -a), as
installing the new kernel is not enough. Such kernel _must_ be running;
2 - confirm that your NFS server is configured:
- to default to NFSv3 (refer to above wiki page);
- with a correct export (refer to above wiki page). Please pay attention
to the need of having, on the NFS server, a USER with UID 36. Best if
related username is "vdsm";
3 - confirm that your FC17-nodes can "see" the exported mounts from the
NFS server by running, on the nodes:
# showmount -e
When all of above steps are confirmed, you can start troubleshooting
file-permission issues. In detail:
4 - from the FC17-node, manually mount the NFS share with something like:
# mount -t nfs :
(in my case: mount -t nfs 10.0.49.14:/storage/NFS /tmp/test_nfs)
and then try to:
- write a file in /tmp/test_nfs:
# touch /tmp/test_nfs/test_file.txt
and rightafter check, on the NFS server, its ownership/permission. As
said in the wiki page, the test_file.txt should be owned by "UID 36" user
and should have 755 file-permission
5 - when the all of this is (succesfully) completed, you can retry adding
the NFS ISO-domain from the Engine.
BTW: if a previous addition attempt failed, in my case I needed to
manually remove, on the NFS server, the file/directory structure that
previous attempts generated.
HTH
Bye,
DV
P.S.: please, let's stick discussing on the list.
- --
Damiano Verzulli
e-mail: dami...@verzulli.it
- ---
possible?ok:while(!possible){open_mindedness++}
- ---
"Technical people tend to fall into two categories: Specialists
and Generalists. The Specialist learns more and more about a
narrower and narrower field, until he eventually, in the limit,
knows everything about nothing. The Generalist learns less and
less about a wider and wider field, until eventually he knows
nothing about everything." - William Stucke - AfrISPA
http://elists.isoc.org/mailman/private/pubsoft/2007-December/001935.html
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAlBFnVkACgkQcwT9fsMT4SwmhACfeWD0UQkgxuap3Ao9/D8Xn/Qk
DYYAnRVlo/goqOflOhxImMM2QYFhGJ9e
=zuCR
-END PGP SIGNATURE-
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Can't add NFS domain
Damiano,
Thanks a lot for your answer. I just got vdsm compiled and installed
on fresh FC17 (installed with live cd), used your 3.4.9 FC16 kernel.
Yes, now, engine can add it as host, great. But engine still can't
add NFS domain. Any idea what is happening?
Regards,
--
John Xu
On Mon, 2012-09-03 at 23:52 +0200, Damiano Verzulli wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Il 03/09/2012 05:47, Changsen Xu ha scritto:
> > Damiano,
> >
> > How did you install the kernel-3.4.9-2.fc16.x86_64.rpm ?
>
> with:
>
> rpm -ivh kernel-3.4.9-2.fc16.x86_64.rpm
>
> on the node. Actually my node was a Fedora 17 installed as such and
> not the ovirt-iso-image (BTW: I thought you were working on an FC17, not
> on a ovirt-node-image, sorry!).
>
>
> > Installed it on the node iso from ovirt.org ? Those iso are read
> > only, even if I "mount -o remount,rw /", I still can't persist the
> > kernel files, system complained out of space.
>
> Sorry. As I said, I worked on standard FC17.
>
>
> > Or did you install on fresh/empty Fedora Core ?
>
> exactly
>
> > Then how did you install the vdsm?
>
> by following this guide:
>
> http://wiki.ovirt.org/wiki/OVirt_3.1_release_notes#Fedora_Host
>
> In detail, starting with a "running" fedora:
>
> # yum localinstall http://ovirt.org/releases/ovirt-release-fedora.noarch.rpm
>
> Afterwards, right after installing the Engine (on a different host, in my
> case), simply adding the "ovirt FC17 node" as a new node from the
> web-interface of the "engine", the "adding process" will take care of the
> setup of all the software components.
>
> So, in the end, it will be the engine that will connect to the node and
> launch, on the node, the setup (yum install) of all the required RPMs
> (...that are provided by the repository provided by the initial
> ovirt-release-fedora.noarch.rpm.
>
> HTH.
>
>
> > I just can't find any detailed guide on internet.
>
> Ovirt is a great project, really. But unfortunatly it lacks documentations.
>
> Bye,
> DV
>
> - --
> Damiano Verzulli
> e-mail: dami...@verzulli.it
> - ---
> possible?ok:while(!possible){open_mindedness++}
> - ---
> "Technical people tend to fall into two categories: Specialists
> and Generalists. The Specialist learns more and more about a
> narrower and narrower field, until he eventually, in the limit,
> knows everything about nothing. The Generalist learns less and
> less about a wider and wider field, until eventually he knows
> nothing about everything." - William Stucke - AfrISPA
> http://elists.isoc.org/mailman/private/pubsoft/2007-December/001935.html
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAlBFJoQACgkQcwT9fsMT4SzRogCfYtYJwB+eyCC5LbNUV4ltOu2W
> Ye4AnRPA36VdnuGc3JZ6jjk4WfCGwlHd
> =Eiip
> -END PGP SIGNATURE-
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] can't add domain with rhevm-manage-domains
- Original Message - > From: "Scotto Alberto" > To: "Oved Ourfalli" > Cc: users@ovirt.org > Sent: Monday, September 3, 2012 4:21:27 PM > Subject: Re: [Users] can't add domain with rhevm-manage-domains > > Oved, > Thank you for your try! > > > The query you pasted below shows "DOMAIN.LOCAL". > That was just an example. The command I ran was correct (FPT.LOCAL) > > The issue seems solved. This morning I tried logging in with my > domain user and it succeeded. > Then a colleague of mine stopped again the reverse zone for the AD > server, and now I can't login again, even after reactivating the > zone.. > I suppose there must be some cache delay... :S If you'll use openjdk 1.7 this problem will not surface. out of curiosity, what is the output of java -version? > > > > > Alberto Scotto > > Blue Reply > Via Cardinal Massaia, 83 > 10147 - Torino - ITALY > phone: +39 011 29100 > al.sco...@reply.it > www.reply.it > > -Original Message- > From: Oved Ourfalli [mailto:ov...@redhat.com] > Sent: domenica 2 settembre 2012 15:53 > To: Scotto Alberto > Cc: users@ovirt.org > Subject: Re: [Users] can't add domain with rhevm-manage-domains > > Hey, > > What's the name of your domain? > The query you pasted below shows "DOMAIN.LOCAL". > However, in the log I see: > "Failed authenticating user: f35191a to domain fpt.local". > > Did some reading, and looks like this error happens when the kerberos > ticket is requested to the wrong REALM. > > What version are you working with? > Is there anything else in the logs besides what you have put in > pastebin? > > Oved > > - Original Message - > > From: "Scotto Alberto" > > To: users@ovirt.org > > Sent: Friday, August 31, 2012 6:45:15 PM > > Subject: Re: [Users] can't add domain with rhevm-manage-domains > > > > > > > > > > > > Ok, now it works. > > > > > > > > Thanks to tcpdump/wireshark I could undesrstand that: > > > > - Rhevm-manage-domains sends DNS queries asking for PTR of RHEV-H > > and > > another redundant domain server, so I > > > > - The LDAP query it sends is > > (&(sAMAccountType=805306368)(userPrincipalName= > > fptadmin02@DOMAIN.LOCAL) ) but the account “fptadmin02” I was using > > had a different userPrincipalName > > > > > > > > So here is how I solved: > > > > - adding the missing PTRs in the reverse zone of the DNS server > > > > - logging in with another username that has a correct > > userPrincipalName > > > > > > > > Anyhow, after restarting jbossas, still I can’t log in the console > > with a domain username. > > > > From wireshark I see it doesn’t even send an LDAP query; it breaks > > at > > KRB5 packets with “error_code: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (7)” > > > > > > > > Here are the logs from rhevm.log > > > > http://pastebin.com/kZqn3kzz > > > > > > > > > > > > > > > > > > > > > > > > Alberto Scotto > > > > Blue > > Via Cardinal Massaia, 83 > > 10147 - Torino - ITALY > > phone: +39 011 29100 > > al.sco...@reply.it > > www.reply.it > > > > > > > > From: users-boun...@ovirt.org [mailto:users-boun...@ovirt.org] On > > Behalf Of Scotto Alberto > > Sent: venerdì 31 agosto 2012 11:35 > > To: users@ovirt.org > > Subject: [Users] can't add domain with rhevm-manage-domains > > > > > > > > > > Hi all, > > > > I’m trying to add a domain (active directory), but I can’t get it > > to > > work. > > > > > > > > The command I execute is: > > > > rhevm-manage-domains -action=add -domain='FPT.LOCAL' > > -user='fptadmin' > > –interactive > > > > > > > > Attached you can find: > > > > - Output of the command > > > > - Logs from > > /var/log/rhevm/rhevm-manage-domains/rhevm-manage-domains.log > > > > > > > > > > > > I found a RHEV KB saying: > > > > > > > > For Error: LDAP query Failed , make sure the Active Directory > > server > > and the RHEVM server have the correct PTR records in the DNS > > reverse > > lookup zone file > > > > > > > > And another one says: > > > > It's required to create PTR entry into DNS for the following: > > > > · Name Server (NS) - Start of Authority (SOA) > > Example: WIN-TL8JB8JAG8.ad.mydomain.com. > > > > · Active Directory Name > > Example: ad.mydomain.com. > > > > · RHEVM machine > > Example: rhevm.ad.mydomain.com. > > > > We are fulfilling this requirement, as nslookup of these 3 > > machines’ > > IP work. > > > > > > > > Additional info. > > > > > > > > These commands work (if you need I can paste the full output): > > > > #dig SRV _kerberos._tcp.FPT.LOCAL #dig SRV _kerberos._udp.FPT.LOCAL > > #dig SRV _ldap._tcp.FPT.LOCAL > > > > > > > > # kinit fptadmin02@FPT.LOCAL > > > > # klist > > > > Ticket cache: FILE:/tmp/krb5cc_0 > > > > Default principal: fptadmin02@FPT.LOCAL > > > > > > > > Valid starting Expires Service principal > > > > 08/30/12 15:55:46 08/31/12 01:55:51 krbtgt/FPT.LOCAL@FPT.LOCAL > > > > renew until 09/06/12 15:55:46 > > > > > > > > > > > > Thank you very much in advance > > > > > > > > Alberto Scotto > > > > Blue > > Via Cardinal Massaia, 83 > > 10147 - Torino - ITALY > > phone:
Re: [Users] oVirt ISO domain
- Original Message - > From: "xrx" > To: "users" > Sent: Monday, September 3, 2012 4:03:45 PM > Subject: [Users] oVirt ISO domain > > One of the things that surprised me about oVirt/RHEV's design is the > awful handling of ISO/vfd images files. One would expect to just > point > to an available ISO SMB/NFS share, and have the ISOs in it used. > > Instead, there's an horrible requirement of needing an empty NFS > directory with the right permissions. If that's not unnecessary > enough, > forcing the user to log into the command line of an otherwise > entirely > graphical application, and then mount another NFS/SMB/block source or > something to get the ISO, and then type the rhevm/engine-iso-uploader > command to upload the image files, possibly to the same machine if > the > installer configured an ISO domain locally. > > It's completely unnecessary. The design should be changed such that > the > node could attempt mounting any given NFS/SMB share read-only for the > ISO domain (and, even better, have the UI support SMB browsing). > Presumably vdsm would have permission to at least read files in a > mounted directory. This way, one can easily share a directory using > windows/nautilus and have it used by oVirt; or use a graphical SFTP > application to copy ISOs to the manager's NFS share. Been discussed many times on list/irc. The plan is to move export and iso domains to flat NFS directories and remove the need for all the storage domain metadata. Patches always welcome. > > Any thoughts? > > > -xrx > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] oVirt ISO domain
One of the things that surprised me about oVirt/RHEV's design is the awful handling of ISO/vfd images files. One would expect to just point to an available ISO SMB/NFS share, and have the ISOs in it used. Instead, there's an horrible requirement of needing an empty NFS directory with the right permissions. If that's not unnecessary enough, forcing the user to log into the command line of an otherwise entirely graphical application, and then mount another NFS/SMB/block source or something to get the ISO, and then type the rhevm/engine-iso-uploader command to upload the image files, possibly to the same machine if the installer configured an ISO domain locally. It's completely unnecessary. The design should be changed such that the node could attempt mounting any given NFS/SMB share read-only for the ISO domain (and, even better, have the UI support SMB browsing). Presumably vdsm would have permission to at least read files in a mounted directory. This way, one can easily share a directory using windows/nautilus and have it used by oVirt; or use a graphical SFTP application to copy ISOs to the manager's NFS share. Any thoughts? -xrx ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] engine-cleanup and then engine-setup - Failed to enable SELinux boolean
Another failure occur when handling HTTPD Handling HTTPD... [ ERROR ] Failed to enable SELinux boolean I found the related line in log: 2012-09-03 22:18:23::DEBUG::setup_sequences::59::root:: running _configureSelinuxBoolean 2012-09-03 22:18:23::DEBUG::engine-setup::672::root:: Enable httpd_can_network_connect boolean 2012-09-03 22:18:23::DEBUG::common_utils::309::root:: Executing command --> '/usr/sbin/setsebool -P httpd_can_network_connect 1' 2012-09-03 22:18:44::DEBUG::common_utils::335::root:: output = 2012-09-03 22:18:44::DEBUG::common_utils::336::root:: stderr = libsepol.sepol_context_from_string: malformed context "(/.*)?" (Invalid argument). libsepol.sepol_context_from_string: could not construct context from string (Invalid argument). libsemanage.fcontext_parse: invalid security context "(/.*)?" (/etc/selinux/targeted/modules/tmp//file_contexts.local: 6) /virt/iso (/.*)? system_u:object_r:public_content_rw_t:s0 (Invalid argument). libsemanage.fcontext_parse: could not parse file context record (Invalid argument). libsemanage.dbase_file_cache: could not cache file database (Invalid argument). libsemanage.enter_ro: could not enter read-only section (Invalid argument). Could not change policy booleans 2012-09-03 22:18:44::DEBUG::common_utils::337::root:: retcode = 255 2012-09-03 22:18:44::DEBUG::setup_sequences::62::root:: Traceback (most recent call last): File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 60, in run function() File "/usr/bin/engine-setup", line 674, in _configureSelinuxBoolean out, rc = utils.execCmd(cmd, None, True, output_messages.ERR_FAILED_UPDATING_SELINUX_BOOLEAN) File "/usr/share/ovirt-engine/scripts/common_utils.py", line 340, in execCmd raise Exception(msg) Exception: Failed to enable SELinux boolean Any help? is it a bug? Tim Hildred wrote on Sun, 2 Sep 2012 19:30:39 -0400 (EDT): Hey Mohsen; Did you check /etc/sysconfig/selinux to ensure that "SELINUX=enforcing"? If you set it with setenforce, it would have reverted to whatever is in that file on any reboots. At least that was my problem when I got that error. Tim Hildred, RHCE Content Author II - Engineering Content Services, Red Hat, Inc. Brisbane, Australia Email: thild...@redhat.com Internal: 8588287 Mobile: +61 4 666 25242 IRC: thildred - Original Message - From: "Mohsen Saeedi" To: users@ovirt.org Sent: Monday, September 3, 2012 6:59:47 AM Subject: [Users] engine-cleanup and then engine-setup - Failed to enable SELinux boolean Hi i'm usign Ovirt 3.1 on the Centos 6.3 x64. I use engine-cleanup and then use engine-setup again. everything was ok but i got the SELinux error at the end of configuration: Proceed with the configuration listed above? (yes|no): yes Installing: AIO: Validating CPU Compatibility... [ DONE ] Configuring oVirt-engine... [ DONE ] Creating CA... [ DONE ] Editing JBoss Configuration... [ DONE ] Setting Database Configuration... [ DONE ] Setting Database Security... [ DONE ] Creating Database... [ DONE ] Updating the Default Data Center Storage Type... [ DONE ] Editing oVirt Engine Configuration... [ DONE ] Editing Postgresql Configuration... [ DONE ] Configuring the Default ISO Domain... [ DONE ] Configuring Firewall (iptables)... [ DONE ] Starting JBoss Service... [ DONE ] Handling HTTPD... [ ERROR ] Failed to enable SELinux boolean Please check log file /var/log/ovirt-engine/engine-setup_2012_09_03_01_17_41.log for more information I Attached the log file. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] engine-cleanup and then engine-setup - Failed to enable SELinux boolean
I think the error occur with this line: # Set selinux configuration nfsutils.setSELinuxContextForDir(controller.CONF["NFS_MP"], nfsutils.SELINUX_RW_LABEL) /*Tim Hildred */ wrote on Sun, 2 Sep 2012 19:30:39 -0400 (EDT): Hey Mohsen; Did you check /etc/sysconfig/selinux to ensure that "SELINUX=enforcing"? If you set it with setenforce, it would have reverted to whatever is in that file on any reboots. At least that was my problem when I got that error. Tim Hildred, RHCE Content Author II - Engineering Content Services, Red Hat, Inc. Brisbane, Australia Email: thild...@redhat.com Internal: 8588287 Mobile: +61 4 666 25242 IRC: thildred - Original Message - From: "Mohsen Saeedi" To: users@ovirt.org Sent: Monday, September 3, 2012 6:59:47 AM Subject: [Users] engine-cleanup and then engine-setup - Failed to enable SELinux boolean Hi i'm usign Ovirt 3.1 on the Centos 6.3 x64. I use engine-cleanup and then use engine-setup again. everything was ok but i got the SELinux error at the end of configuration: Proceed with the configuration listed above? (yes|no): yes Installing: AIO: Validating CPU Compatibility... [ DONE ] Configuring oVirt-engine... [ DONE ] Creating CA... [ DONE ] Editing JBoss Configuration... [ DONE ] Setting Database Configuration... [ DONE ] Setting Database Security... [ DONE ] Creating Database... [ DONE ] Updating the Default Data Center Storage Type... [ DONE ] Editing oVirt Engine Configuration... [ DONE ] Editing Postgresql Configuration... [ DONE ] Configuring the Default ISO Domain... [ DONE ] Configuring Firewall (iptables)... [ DONE ] Starting JBoss Service... [ DONE ] Handling HTTPD... [ ERROR ] Failed to enable SELinux boolean Please check log file /var/log/ovirt-engine/engine-setup_2012_09_03_01_17_41.log for more information I Attached the log file. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] oVirt 3.1 HTTP Status 404 - /api/
Hi, I'm new to oVirt and testing packages from dreyou an a CentOS 6.3 installation. What I have installed: # rpm -qa|grep ovirt ovirt-engine-sdk-3.1.0.6-1.el6.noarch ovirt-image-uploader-3.1.0-21.el6.noarch ovirt-engine-notification-service-3.1.0-3.21.el6.noarch ovirt-engine-genericapi-3.1.0-3.21.el6.noarch ovirt-engine-3.1.0-3.21.el6.noarch ovirt-log-collector-3.1.0-21.el6.noarch ovirt-engine-cli-3.1.0.7-1.el6.noarch ovirt-engine-jbossas711-1-0.x86_64 ovirt-engine-dbscripts-3.1.0-3.21.el6.noarch ovirt-engine-config-3.1.0-3.21.el6.noarch ovirt-engine-setup-3.1.0-3.21.el6.noarch ovirt-engine-restapi-3.1.0-3.21.el6.noarch ovirt-engine-backend-3.1.0-3.21.el6.noarch ovirt-iso-uploader-3.1.0-21.el6.noarch ovirt-engine-webadmin-portal-3.1.0-3.21.el6.noarch ovirt-engine-tools-common-3.1.0-3.21.el6.noarch ovirt-engine-userportal-3.1.0-3.21.el6.noarch Admin and user web interdace are working. However if I try to call the api, I get an http 404 error. I can see the request in the apache ssl_access log but not in ovirt-engine server.log. Does anybody have an idea? Bye Tobias -- Mail: tob...@vdkrone.de Info: http://tobias.vdkrone.de signature.asc Description: OpenPGP digital signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] engine-cleanup and then engine-setup - Failed to enable SELinux boolean
engine-setup show the new error with selinux. when it run semanage command. i use /virt/iso as ISO Domain. I think it generate a bad pattern for add new context.below is some part of log: 2012-09-03 20:37:21::DEBUG::engine-setup::1535::root:: creating directory /virt/iso 2012-09-03 20:37:21::DEBUG::nfsutils::17::root:: adding path /virt/iso to /etc/exports 2012-09-03 20:37:21::DEBUG::nfsutils::36::root:: setting selinux context for /virt/iso 2012-09-03 20:37:21::DEBUG::common_utils::309::root:: Executing command --> '/usr/sbin/semanage fcontext -a -t public_content_rw_t /virt/iso(/.*)?' 2012-09-03 20:37:22::DEBUG::common_utils::335::root:: output = 2012-09-03 20:37:22::DEBUG::common_utils::336::root:: stderr = libsepol.sepol_context_from_string: malformed context "(/.*)?" (Invalid argument). libsepol.sepol_context_from_string: could not construct context from string (Invalid argument). libsemanage.fcontext_parse: invalid security context "(/.*)?" (/etc/selinux/targeted/modules/tmp//file_contexts.local: 6) /virt/iso(/.*)?system_u:object_r:public_content_rw_t:s0 (Invalid argument). libsemanage.fcontext_parse: could not parse file context record (Invalid argument). libsemanage.dbase_file_cache: could not cache file database (Invalid argument). libsemanage.enter_ro: could not enter read-only section (Invalid argument). /usr/sbin/semanage: Could not check if file context for /virt/iso(/.*)? is defined 2012-09-03 20:37:22::DEBUG::common_utils::337::root:: retcode = 1 2012-09-03 20:37:22::ERROR::engine-setup::1566::root:: Traceback (most recent call last): File "/usr/bin/engine-setup", line 1544, in _configNfsShare nfsutils.setSELinuxContextForDir(controller.CONF["NFS_MP"], nfsutils.SELINUX_RW_LABEL) File "/usr/share/ovirt-engine/scripts/nfsutils.py", line 43, in setSELinuxContextForDir utils.execCmd(cmd, None, True, output_messages.ERR_SET_SELINUX_NFS_SHARE) File "/usr/share/ovirt-engine/scripts/common_utils.py", line 340, in execCmd raise Exception(msg) Exception: Failed to set SELINUX policy for NFS share 2012-09-03 20:37:22::DEBUG::setup_sequences::62::root:: Traceback (most recent call last): File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 60, in run function() File "/usr/bin/engine-setup", line 1567, in _configNfsShare raise Exception(output_messages.ERR_FAILED_CFG_NFS_SHARE) Exception: Failed to configure NFS share on this host 2012-09-03 20:37:22::DEBUG::engine-setup::1733::root:: *** The following params were used as user input: 2012-09-03 20:37:22::DEBUG::engine-setup::1738::root:: override-httpd-config: yes 2012-09-03 20:37:22::DEBUG::engine-setup::1738::root:: http-port: 80 2012-09-03 20:37:22::DEBUG::engine-setup::1738::root:: https-port: 443 2012-09-03 20:37:22::DEBUG::engine-setup::1738::root:: mac-range: 00:1A:4A:DB:B2:00-00:1A:4A:DB:B2:FF 2012-09-03 20:37:22::DEBUG::engine-setup::1738::root:: host-fqdn: virt.tcgolestan.ir 2012-09-03 20:37:22::DEBUG::engine-setup::1738::root:: auth-pass: 2012-09-03 20:37:22::DEBUG::engine-setup::1738::root:: org-name: TCGolestan 2012-09-03 20:37:22::DEBUG::engine-setup::1738::root:: default-dc-type: NFS 2012-09-03 20:37:22::DEBUG::engine-setup::1738::root:: db-remote-install: local 2012-09-03 20:37:22::DEBUG::engine-setup::1738::root:: db-host: localhost 2012-09-03 20:37:22::DEBUG::engine-setup::1738::root:: db-local-pass: 2012-09-03 20:37:22::DEBUG::engine-setup::1738::root:: nfs-mp: /virt/iso 2012-09-03 20:37:22::DEBUG::engine-setup::1738::root:: iso-domain-name: ISO 2012-09-03 20:37:22::DEBUG::engine-setup::1738::root:: config-nfs: yes 2012-09-03 20:37:22::DEBUG::engine-setup::1738::root:: override-iptables: no 2012-09-03 20:37:22::DEBUG::engine-setup::1738::root:: config-allinone: yes 2012-09-03 20:37:22::DEBUG::engine-setup::1738::root:: storage-path: /virt/VMs 2012-09-03 20:37:22::DEBUG::engine-setup::1738::root:: superuser-pass: 2012-09-03 20:37:22::ERROR::engine-setup::2367::root:: Traceback (most recent call last): File "/usr/bin/engine-setup", line 2361, in main(confFile) File "/usr/bin/engine-setup", line 2150, in main runSequences() File "/usr/bin/engine-setup", line 2096, in runSequences controller.runAllSequences() File "/usr/share/ovirt-engine/scripts/setup_controller.py", line 54, in runAllSequences sequence.run() File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 154, in run step.run() File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 60, in run function() File "/usr/bin/engine-setup", line 1567, in _configNfsShare raise Exception(output_messages.ERR_FAILED_CFG_NFS_SHARE) Exception: Failed to configure NFS share on this host /*Tim Hildred */ wrote on Sun, 2 Sep 2012 19:30:39 -0400 (EDT): Hey Mohsen; Did you check /etc/sysconfig/selinux to ensure that "SELINUX=enforcing"? If you set it with setenforce, it would have reverted to whatever is in
Re: [Users] can't add domain with rhevm-manage-domains
Oved, Thank you for your try! > The query you pasted below shows "DOMAIN.LOCAL". That was just an example. The command I ran was correct (FPT.LOCAL) The issue seems solved. This morning I tried logging in with my domain user and it succeeded. Then a colleague of mine stopped again the reverse zone for the AD server, and now I can't login again, even after reactivating the zone.. I suppose there must be some cache delay... :S Alberto Scotto Blue Reply Via Cardinal Massaia, 83 10147 - Torino - ITALY phone: +39 011 29100 al.sco...@reply.it www.reply.it -Original Message- From: Oved Ourfalli [mailto:ov...@redhat.com] Sent: domenica 2 settembre 2012 15:53 To: Scotto Alberto Cc: users@ovirt.org Subject: Re: [Users] can't add domain with rhevm-manage-domains Hey, What's the name of your domain? The query you pasted below shows "DOMAIN.LOCAL". However, in the log I see: "Failed authenticating user: f35191a to domain fpt.local". Did some reading, and looks like this error happens when the kerberos ticket is requested to the wrong REALM. What version are you working with? Is there anything else in the logs besides what you have put in pastebin? Oved - Original Message - > From: "Scotto Alberto" > To: users@ovirt.org > Sent: Friday, August 31, 2012 6:45:15 PM > Subject: Re: [Users] can't add domain with rhevm-manage-domains > > > > > > Ok, now it works. > > > > Thanks to tcpdump/wireshark I could undesrstand that: > > - Rhevm-manage-domains sends DNS queries asking for PTR of RHEV-H and > another redundant domain server, so I > > - The LDAP query it sends is > (&(sAMAccountType=805306368)(userPrincipalName= > fptadmin02@DOMAIN.LOCAL) ) but the account “fptadmin02” I was using > had a different userPrincipalName > > > > So here is how I solved: > > - adding the missing PTRs in the reverse zone of the DNS server > > - logging in with another username that has a correct > userPrincipalName > > > > Anyhow, after restarting jbossas, still I can’t log in the console > with a domain username. > > From wireshark I see it doesn’t even send an LDAP query; it breaks at > KRB5 packets with “error_code: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (7)” > > > > Here are the logs from rhevm.log > > http://pastebin.com/kZqn3kzz > > > > > > > > > > > > Alberto Scotto > > Blue > Via Cardinal Massaia, 83 > 10147 - Torino - ITALY > phone: +39 011 29100 > al.sco...@reply.it > www.reply.it > > > > From: users-boun...@ovirt.org [mailto:users-boun...@ovirt.org] On > Behalf Of Scotto Alberto > Sent: venerdì 31 agosto 2012 11:35 > To: users@ovirt.org > Subject: [Users] can't add domain with rhevm-manage-domains > > > > > Hi all, > > I’m trying to add a domain (active directory), but I can’t get it to > work. > > > > The command I execute is: > > rhevm-manage-domains -action=add -domain='FPT.LOCAL' -user='fptadmin' > –interactive > > > > Attached you can find: > > - Output of the command > > - Logs from > /var/log/rhevm/rhevm-manage-domains/rhevm-manage-domains.log > > > > > > I found a RHEV KB saying: > > > > For Error: LDAP query Failed , make sure the Active Directory server > and the RHEVM server have the correct PTR records in the DNS reverse > lookup zone file > > > > And another one says: > > It's required to create PTR entry into DNS for the following: > > · Name Server (NS) - Start of Authority (SOA) > Example: WIN-TL8JB8JAG8.ad.mydomain.com. > > · Active Directory Name > Example: ad.mydomain.com. > > · RHEVM machine > Example: rhevm.ad.mydomain.com. > > We are fulfilling this requirement, as nslookup of these 3 machines’ > IP work. > > > > Additional info. > > > > These commands work (if you need I can paste the full output): > > #dig SRV _kerberos._tcp.FPT.LOCAL #dig SRV _kerberos._udp.FPT.LOCAL > #dig SRV _ldap._tcp.FPT.LOCAL > > > > # kinit fptadmin02@FPT.LOCAL > > # klist > > Ticket cache: FILE:/tmp/krb5cc_0 > > Default principal: fptadmin02@FPT.LOCAL > > > > Valid starting Expires Service principal > > 08/30/12 15:55:46 08/31/12 01:55:51 krbtgt/FPT.LOCAL@FPT.LOCAL > > renew until 09/06/12 15:55:46 > > > > > > Thank you very much in advance > > > > Alberto Scotto > > Blue > Via Cardinal Massaia, 83 > 10147 - Torino - ITALY > phone: +39 011 29100 > al.sco...@reply.it > www.reply.it > > > > > > > > -- > The information transmitted is intended for the person or entity to > which it is addressed and may contain confidential and/or privileged > material. Any review, retransmission, dissemination or other use of, > or taking of any action in reliance upon, this information by persons > or entities other than the intended recipient is prohibited. > If you received this in error, please contact the sender and delete > the material from any computer. > > > -- > The information transmitted is intended for the person or entity to > which it is addressed and may contain confidential and/or privileged > material. Any review, retransmission, dissemination or other use of, > or taking of any action in reliance upon, this in
Re: [Users] ovirt 3.1
engine-config --help 1. Passwords: password can be set in interacetive mode ie: ### engine-config -s PasswordEntry=interactive On 09/03/2012 03:51 PM, jeni00_1 jjj wrote: > > I’m sorry, but I can’t enter the administration portal. Setting the > password and login nothing happens after. Please, help me to solve > this problem. Thank you. > oVirt 3.1 > Fedora 17 > > > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users -- Dafna Ron ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Can't add NFS domain
2 sep 2012 kl. 10.25 skrev Damiano Verzulli:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Il 02/09/2012 09:14, Itamar Heim ha scritto:
[...] I also tried to install a fresh FC17 as host, but I lack
detailed instructions to install vdsm on it.
Any help? John Xu
http://wiki.ovirt.org/wiki/Troubleshooting_NFS_Storage_Issues
especially this part: NFS Storage Domain Failure on Fedora 17
I had exactly the very same issue and... spent several days figuring how
to solve it, based also on "Troubleshooting NFS..." above.
The critical information that page above is lacking, is that kernel 3.4.*
is _not_ available, for FC17, in ready-made RPM. So this command:
# rpm -qa | grep kernel-3.4
will _NOT_ produce output, and searching the web for "kernel-3.4" FC17
RPMs will get you to plenty of "rt" kernel that, being real-time
oriented, I wonder if are suitable for our virtualization goals (or not...).
In the end, I saw that kernel-3.4 is correctly packaged and delivered
with FC16 updates and yesterday I (succesfully) installed:
kernel-3.4.9-2.fc16.x86_64.rpm [1]
Afterwards, the NFS/ISO domain was immediately added, with no problems
(NFS server is a FreeNas box). Some minor issue relates to UID/GID
mapping, but these are easily solvable, thanks to mentioned web-page
(Troubleshooting NFS...)
I have _NOT_ a clear idea about the impact of such a setup:
- - a (current, updated) FC17 setup;
- - kernel-3.4.9 and related (quite old) kvm kernel module;
- - (very new) virtualization-preview repository enabled [2] (I need
v-motion between VMs), hence:
- libvirt 0.9.13
- qemu 1.2
- qemu-kvm 1.2
...but I will investigate in the upcoming days (BTW: I'm having very poor
NFS and network performance, but these could be caused by my hardware setup).
Just chipping in about your NFS performance. Since you said the it´s a FreeNAS
box, I´m guessing you´re using ZFS. In that case the best way to speed up NFS
is to add a powerful Separate LOG device (ZIL SLOG), or "zfs set sync=disable
poolname/fsname" but that is dangerous and will cause data loss in case of
network or power failure. Make sure to properly partition the SLOG aligned to
4k or 1MiB(-b 2048) and use the "gnop"-trick when adding it to the pool so that
the SLOG vdev gets ashift set to 12 for optimal performance. We are using a OCZ
Deneva 2 240GB MLC as SLOG in a FreeBSD ZFS pool(FreeNAS is FreeBSD base with a
Web GUI on top), seeing the SLOG at 80% busy doing 2Gb/s, and response time is
slim to none.
So, in the end, I can finally correctly power-up my first VM and access
its console via VNC (on my Ubuntu notebook, spice-client is not
available, and I want to spend my efforts in "core" ovirt-issues, insted
of compiling firefox addons). I can see the network-setup of a CentOS
test-vm starting but... nothing else. I'm starting, right now,
investigating those other issues.
Should you need further info, don't hesitate to ask.
HTH.
DV
[1]
http://fedora.mirror.garr.it/mirrors/fedora/linux/updates/16/x86_64/kernel-3.4.9-2.fc16.x86_64.rpm
[2] http://fedorapeople.org/groups/virt/virt-preview/fedora-17/x86_64/
- --
Damiano Verzulli
e-mail: dami...@verzulli.it
- ---
possible?ok:while(!possible){open_mindedness++}
- ---
"Technical people tend to fall into two categories: Specialists
and Generalists. The Specialist learns more and more about a
narrower and narrower field, until he eventually, in the limit,
knows everything about nothing. The Generalist learns less and
less about a wider and wider field, until eventually he knows
nothing about everything." - William Stucke - AfrISPA
http://elists.isoc.org/mailman/private/pubsoft/2007-December/001935.html
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAlBDF+IACgkQcwT9fsMT4SwbeQCgiJzAQYO0aj/zS22gmkX10kxY
i/QAn3s14LDXLGXgGwwl+XxA9Wq6qIKm
=/e3j
-END PGP SIGNATURE-
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Med Vänliga Hälsningar
---
Karli Sjöberg
Swedish University of Agricultural Sciences
Box 7079 (Visiting Address Kronåsvägen 8)
S-750 07 Uppsala, Sweden
Phone: +46-(0)18-67 15 66
karli.sjob...@slu.se
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
[Users] guest agent service don't start after migration
node fedora17 # uname -a Linux kvm04 3.4.6-4.fc17.x86_64 #1 SMP Thu Jul 26 18:51:58 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux # rpm -q vdsm vdsm-4.10.0-7.fc17.x86_64 # rpm -q libvirt libvirt-0.9.11.4-3.fc17.x86_64 # rpm -q qemu-kvm qemu-kvm-1.0.1-1.fc17.x86_64 guest win8r2 service starting as LocalSystem Traceback (most recent call last): File "win32serviceutil.pyc", line 806, in SvcRun File "OVirtGuestService.pyc", line 55, in SvcDoRun File "GuestAgentWin32.pyc", line 377, in __init__ File "OVirtAgentLogic.pyc", line 55, in __init__ File "VirtIoChannel.pyc", line 25, in __init__ File "WinFile.pyc", line 30, in __init__ error: (2, 'CreateFile', '\xcd\xe5 \xf3\xe4\xe0\xe5\xf2\xf1\xff \xed\xe0\xe9\xf2\xe8 \xf3\xea\xe0\xe7\xe0\xed\xed\xfb\xe9 \xf4\xe0\xe9\xeb.') -- ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
