Re: [Users] Problems when trying to delete a snapshot
please attach full engine and vdsm log from SPM machine. also, did the task finished ? please run tree command for /rhev/data-center/. - Original Message - > From: "Ricky Schneberger" > To: users@ovirt.org > Sent: Friday, December 14, 2012 3:16:58 PM > Subject: [Users] Problems when trying to delete a snapshot > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > I was trying to delete a snapshot from one of my VM and everything > started fine. > > The disk image is a thin provisioned 100GB disk with 8GB data. > I just hade one snapshot and it was that one I started to delete. > After more than two hours I look in the folder with that VMs disk > images > and found out that there was i new created file with a size of around > 650GB and it was still growing. > > - -rw-rw. 1 vdsm kvm 8789950464 14 dec 12.23 > 8ede8e53-1323-442b-84f2-3c94114c64cf > - -rw-r--r--. 1 vdsm kvm 681499951104 14 dec 14.10 > 8ede8e53-1323-442b-84f2-3c94114c64cf_MERGE > - -rw-r--r--. 1 vdsm kvm 272 14 dec 12.24 > 8ede8e53-1323-442b-84f2-3c94114c64cf.meta > - -rw-rw. 1 vdsm kvm 107382439936 6 jun 2012 > b4a43421-728b-4204-a389-607221d945b7 > - -rw-r--r--. 1 vdsm kvm 282 14 dec 12.24 > b4a43421-728b-4204-a389-607221d945b7.meta > > Any idea what is happening? > > Regards > - -- > Ricky > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with undefined - http://www.enigmail.net/ > > iEYEARECAAYFAlDLJsoACgkQOap81biMC2Nu+ACfTnCbl9BqIvQmp0zO4pYxlNDv > qw4AoIZAR2Zg2RQNKOYf4YEVOSqVQZIV > =MUYs > -END PGP SIGNATURE- > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] migration & missing cert - 3.2 alpha
On 12/15/2012 5:47 PM, Alon Bar-Lev wrote: - Original Message - From: "Jeff Bailey" To: "Alon Bar-Lev" Cc: users@ovirt.org Sent: Sunday, December 16, 2012 12:39:48 AM Subject: Re: [Users] migration & missing cert - 3.2 alpha On 12/15/2012 1:49 PM, Alon Bar-Lev wrote: - Original Message - From: "Jeff Bailey" To: users@ovirt.org Sent: Saturday, December 15, 2012 6:28:20 PM Subject: [Users] migration & missing cert - 3.2 alpha Hi, I have an F18 Beta + oVirt 3.2 alpha setup with two hosts. When I try to migrate from one host to the other I get 2012-12-15 15:18:51.381+: 1541: error : virNetTLSContextCheckCertFile:113 : Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file or directory in libvirtd.log on the source host. Is that actually where the cert should be and I should try to track down why it's not there or should it be somewhere else? If it should be somewhere else where would that be configured? The default location for the client certificates seems to be /etc/pki/libvirt which doesn't exist so even with a cacert it still probably wouldn't work. Could this be related to the missing spice certificates (I manually made the symbolic links for those). Thanks, Jeff This is interesting... What do you have in both machines at /etc/libvirt/libvirtd.conf in ca_file, cert_file, key_file? In /etc/libvirt/libvirtd.conf on both hosts: ca_file="/etc/pki/vdsm/certs/cacert.pem" cert_file="/etc/pki/vdsm/certs/vdsmcert.pem" key_file="/etc/pki/vdsm/keys/vdsmkey.pem" It looks like it pulled libvirt-0.10.2.2-1.fc18.x86_64 from the F18 updates-testing repository. Maybe that's the problem. I'll try to install a clean F18 beta with the updates-testing repo disabled. OK... although it seems like libvirtd somehow ignores its own settings :) Yes, it seems that way. I don't know exactly when these certificates are used. Is it just for libvirt to libvirt communication like when doing a migration? Does vdsm communicate locally without using TLS? I'm just wondering if it's something special about migration that's not using the right certificate path or is libvirt using the wrong path for everything and the only thing it affects is migration. Anyway, a clean F18 install with libvirt-0.10.2.1-3.fc18.x86_64 behaves the same way. As as far as I seen these variables set to /etc/pki/vdsm/*, I did not duplicate these files to libvirtd. I would like to understand why the default libvirt setting are in effect. Regards, Alon ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Single Sign On (Kerberos) to the user portal
On 12/16/2012 01:30 AM, Alon Bar-Lev wrote: - Original Message - From: "Sigbjorn Lie" To: "Alon Bar-Lev" Cc: users@ovirt.org Sent: Sunday, December 16, 2012 2:22:37 AM Subject: Re: [Users] Single Sign On (Kerberos) to the user portal On 12/15/2012 07:50 PM, Alon Bar-Lev wrote: - Original Message - From: "Sigbjorn Lie" To: users@ovirt.org Sent: Saturday, December 15, 2012 6:25:22 PM Subject: [Users] Single Sign On (Kerberos) to the user portal Hi, Is it possible to do Single Sign On to the user portal using Kerberos? We have deployed FreeIPA where all our workstations are authenticating. We are already using SSO w/kerberos for web servers, and it would be handy if we could use SSO w/kerberos to authenticate to the User Portal too. Hi, Not right now... we need some more work to make it happen. Can you help in this? Alon I think I will struggle with the programming side. However I can be of assistance testing it out. I believe most of the work will already be done if there exists a similar module for jboss such as the "mod_auth_kerb" for Apache. Has there been any work done at all with implementing SSO in the user portal so far? What I would like to do is to support external authentication in ovirt, so that it will take the user name out of the ajp protocol ?remote_user field, which maps into the HttpServletRequest.getUserPrincipal() at J2EE side. Then use mod_auth_kerb to authenticate the user as I guess you would already have... Yes we use mod_auth_kerb with Apache today. It works well. I do not think I will be of much use with the programming, sorry. Is there any ongoing work to get this implemented? Regards, Siggi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Single Sign On (Kerberos) to the user portal
- Original Message - > From: "Sigbjorn Lie" > To: "Alon Bar-Lev" > Cc: users@ovirt.org > Sent: Sunday, December 16, 2012 2:22:37 AM > Subject: Re: [Users] Single Sign On (Kerberos) to the user portal > > On 12/15/2012 07:50 PM, Alon Bar-Lev wrote: > > > > - Original Message - > >> From: "Sigbjorn Lie" > >> To: users@ovirt.org > >> Sent: Saturday, December 15, 2012 6:25:22 PM > >> Subject: [Users] Single Sign On (Kerberos) to the user portal > >> > >> Hi, > >> > >> Is it possible to do Single Sign On to the user portal using > >> Kerberos? > >> > >> We have deployed FreeIPA where all our workstations are > >> authenticating. > >> We are already using SSO w/kerberos for web servers, and it would > >> be > >> handy if we could use SSO w/kerberos to authenticate to the User > >> Portal too. > > Hi, > > > > Not right now... we need some more work to make it happen. > > Can you help in this? > > > > Alon > > I think I will struggle with the programming side. However I can be > of > assistance testing it out. > > I believe most of the work will already be done if there exists a > similar module for jboss such as the "mod_auth_kerb" for Apache. > > Has there been any work done at all with implementing SSO in the user > portal so far? What I would like to do is to support external authentication in ovirt, so that it will take the user name out of the ajp protocol ?remote_user field, which maps into the HttpServletRequest.getUserPrincipal() at J2EE side. Then use mod_auth_kerb to authenticate the user as I guess you would already have... Regards, Alon Bar-Lev. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Single Sign On (Kerberos) to the user portal
On 12/15/2012 07:50 PM, Alon Bar-Lev wrote: - Original Message - From: "Sigbjorn Lie" To: users@ovirt.org Sent: Saturday, December 15, 2012 6:25:22 PM Subject: [Users] Single Sign On (Kerberos) to the user portal Hi, Is it possible to do Single Sign On to the user portal using Kerberos? We have deployed FreeIPA where all our workstations are authenticating. We are already using SSO w/kerberos for web servers, and it would be handy if we could use SSO w/kerberos to authenticate to the User Portal too. Hi, Not right now... we need some more work to make it happen. Can you help in this? Alon I think I will struggle with the programming side. However I can be of assistance testing it out. I believe most of the work will already be done if there exists a similar module for jboss such as the "mod_auth_kerb" for Apache. Has there been any work done at all with implementing SSO in the user portal so far? Regards, Siggi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] migration & missing cert - 3.2 alpha
- Original Message - > From: "Jeff Bailey" > To: "Alon Bar-Lev" > Cc: users@ovirt.org > Sent: Sunday, December 16, 2012 12:39:48 AM > Subject: Re: [Users] migration & missing cert - 3.2 alpha > > > On 12/15/2012 1:49 PM, Alon Bar-Lev wrote: > > > > - Original Message - > >> From: "Jeff Bailey" > >> To: users@ovirt.org > >> Sent: Saturday, December 15, 2012 6:28:20 PM > >> Subject: [Users] migration & missing cert - 3.2 alpha > >> > >> Hi, > >> > >> I have an F18 Beta + oVirt 3.2 alpha setup with two hosts. When I > >> try > >> to migrate from one host to the other I get > >> > >> 2012-12-15 15:18:51.381+: 1541: error : > >> virNetTLSContextCheckCertFile:113 : > >> Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file > >> or > >> directory > >> > >> in libvirtd.log on the source host. Is that actually where the > >> cert > >> should be and I should try to track down why it's not there or > >> should > >> it > >> be somewhere else? If it should be somewhere else where would > >> that > >> be > >> configured? The default location for the client certificates > >> seems > >> to > >> be /etc/pki/libvirt which doesn't exist so even with a cacert it > >> still > >> probably wouldn't work. Could this be related to the missing > >> spice > >> certificates (I manually made the symbolic links for those). > >> > >> Thanks, > >> Jeff > > This is interesting... > > > > What do you have in both machines at /etc/libvirt/libvirtd.conf in > > ca_file, cert_file, key_file? > > In /etc/libvirt/libvirtd.conf on both hosts: > > ca_file="/etc/pki/vdsm/certs/cacert.pem" > cert_file="/etc/pki/vdsm/certs/vdsmcert.pem" > key_file="/etc/pki/vdsm/keys/vdsmkey.pem" > > It looks like it pulled libvirt-0.10.2.2-1.fc18.x86_64 from the F18 > updates-testing repository. Maybe that's the problem. I'll try to > install a clean F18 beta with the updates-testing repo disabled. OK... although it seems like libvirtd somehow ignores its own settings :) > > As as far as I seen these variables set to /etc/pki/vdsm/*, I did > > not duplicate these files to libvirtd. > > > > I would like to understand why the default libvirt setting are in > > effect. > > > > Regards, > > Alon > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] migration & missing cert - 3.2 alpha
On 12/15/2012 1:49 PM, Alon Bar-Lev wrote: - Original Message - From: "Jeff Bailey" To: users@ovirt.org Sent: Saturday, December 15, 2012 6:28:20 PM Subject: [Users] migration & missing cert - 3.2 alpha Hi, I have an F18 Beta + oVirt 3.2 alpha setup with two hosts. When I try to migrate from one host to the other I get 2012-12-15 15:18:51.381+: 1541: error : virNetTLSContextCheckCertFile:113 : Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file or directory in libvirtd.log on the source host. Is that actually where the cert should be and I should try to track down why it's not there or should it be somewhere else? If it should be somewhere else where would that be configured? The default location for the client certificates seems to be /etc/pki/libvirt which doesn't exist so even with a cacert it still probably wouldn't work. Could this be related to the missing spice certificates (I manually made the symbolic links for those). Thanks, Jeff This is interesting... What do you have in both machines at /etc/libvirt/libvirtd.conf in ca_file, cert_file, key_file? In /etc/libvirt/libvirtd.conf on both hosts: ca_file="/etc/pki/vdsm/certs/cacert.pem" cert_file="/etc/pki/vdsm/certs/vdsmcert.pem" key_file="/etc/pki/vdsm/keys/vdsmkey.pem" It looks like it pulled libvirt-0.10.2.2-1.fc18.x86_64 from the F18 updates-testing repository. Maybe that's the problem. I'll try to install a clean F18 beta with the updates-testing repo disabled. As as far as I seen these variables set to /etc/pki/vdsm/*, I did not duplicate these files to libvirtd. I would like to understand why the default libvirt setting are in effect. Regards, Alon ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Single Sign On (Kerberos) to the user portal
- Original Message - > From: "Sigbjorn Lie" > To: users@ovirt.org > Sent: Saturday, December 15, 2012 6:25:22 PM > Subject: [Users] Single Sign On (Kerberos) to the user portal > > Hi, > > Is it possible to do Single Sign On to the user portal using > Kerberos? > > We have deployed FreeIPA where all our workstations are > authenticating. > We are already using SSO w/kerberos for web servers, and it would be > handy if we could use SSO w/kerberos to authenticate to the User > Portal too. Hi, Not right now... we need some more work to make it happen. Can you help in this? Alon ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] migration & missing cert - 3.2 alpha
- Original Message - > From: "Jeff Bailey" > To: users@ovirt.org > Sent: Saturday, December 15, 2012 6:28:20 PM > Subject: [Users] migration & missing cert - 3.2 alpha > > Hi, > > I have an F18 Beta + oVirt 3.2 alpha setup with two hosts. When I > try > to migrate from one host to the other I get > > 2012-12-15 15:18:51.381+: 1541: error : > virNetTLSContextCheckCertFile:113 : > Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file or > directory > > in libvirtd.log on the source host. Is that actually where the cert > should be and I should try to track down why it's not there or should > it > be somewhere else? If it should be somewhere else where would that > be > configured? The default location for the client certificates seems > to > be /etc/pki/libvirt which doesn't exist so even with a cacert it > still > probably wouldn't work. Could this be related to the missing spice > certificates (I manually made the symbolic links for those). > > Thanks, >Jeff This is interesting... What do you have in both machines at /etc/libvirt/libvirtd.conf in ca_file, cert_file, key_file? As as far as I seen these variables set to /etc/pki/vdsm/*, I did not duplicate these files to libvirtd. I would like to understand why the default libvirt setting are in effect. Regards, Alon ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] migration & missing cert - 3.2 alpha
Hi, I have an F18 Beta + oVirt 3.2 alpha setup with two hosts. When I try to migrate from one host to the other I get 2012-12-15 15:18:51.381+: 1541: error : virNetTLSContextCheckCertFile:113 : Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file or directory in libvirtd.log on the source host. Is that actually where the cert should be and I should try to track down why it's not there or should it be somewhere else? If it should be somewhere else where would that be configured? The default location for the client certificates seems to be /etc/pki/libvirt which doesn't exist so even with a cacert it still probably wouldn't work. Could this be related to the missing spice certificates (I manually made the symbolic links for those). Thanks, Jeff ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] Single Sign On (Kerberos) to the user portal
Hi, Is it possible to do Single Sign On to the user portal using Kerberos? We have deployed FreeIPA where all our workstations are authenticating. We are already using SSO w/kerberos for web servers, and it would be handy if we could use SSO w/kerberos to authenticate to the User Portal too. Regards, Siggi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users