[ovirt-users] [QE] Hardening Guide
Hi, while I was working on Bug 1097022 - ovirt-engine-setup: weak default passwords for PostgreSQL database users I was wondering where to write hardening tips described in comment #18. It looks like we don't have any page on oVirt wiki about hardening. Anyone interested in contributing to such page? I guess it can be created as http://www.ovirt.org/OVirt_Hardening_Guide Thoughts? -- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Upgrade to 3.4.2 failed
Hi, - Original Message - From: Demeter Tibor tdeme...@itsmart.hu To: Yedidyah Bar David d...@redhat.com Cc: users@ovirt.org Sent: Wednesday, June 18, 2014 7:37:24 PM Subject: Re: [ovirt-users] Upgrade to 3.4.2 failed Hi, Yes, I have a FreeIPA server, but it was a running virtual server on ovirt :) Yes, I know, it was a stupid idea, Not necessarily, if you can also use admin@internal for maintenance. but it's only a test system for testing ovirt capabilites. So, this vm (the freeipa) at this moment doesn't running and I cannot run without ovirt. Is ovirt down? Didn't the upgrade rollback cleanly? If not, please provide logs, it should have. If it did, you can simply 'service ovirt-engine start'. - Can I re-run this vm without ovirt? I guess you can, but it won't be easy. - If no, then how can I remove the ipaserver from ovirt configuration ? Same :-) But I do not think that the upgrade failure was caused due to ipa being down. There is something else. Did you try running the below query? Did it return anything? You run it inside psql, with: # su - postgres $ psql engine engine=# select count(*), external_id from users group by external_id having count(*)1; (All in one line, in case it's cut during mail processing) Thank in advance. Tibor - Eredeti üzenet - - Original Message - From: Demeter Tibor tdeme...@itsmart.hu To: users@ovirt.org Sent: Tuesday, June 17, 2014 3:11:54 PM Subject: [ovirt-users] Upgrade to 3.4.2 failed Hi, I just did an upgrade to my 3.4.0 box. I did a yum update and an engine-setup After the package downloading process got this: [ INFO ] Yum Verify: 14/14: ovirt-engine.noarch 0:3.4.0-1.el6 - ud [ INFO ] Stage: Misc configuration [ INFO ] Backing up database localhost:engine_20140130075536 to '/var/lib/ovirt-engine/backups/engine-20140617140129.QZGO9x.dump'. [ INFO ] Updating Engine database schema [ ERROR ] Failed to execute stage 'Misc configuration': Command '/usr/share/ovirt-engine/dbscripts/upgrade.sh' failed to execute [ INFO ] Yum Performing yum transaction rollback [ INFO ] Yum Status: Downloading Packages [ INFO ] Yum Download/Verify: ovirt-engine-3.4.0-1.el6.noarch A cut from the log file: running upgrade sql script upgrade/03_04_0720_add_host_interface_high_network_use_event.sql ... Running upgrade sql script upgrade/03_04_0730_change_group_ids.sql ... Running upgrade sql script upgrade/03_04_0740_update_user_ids.sql ... 2014-06-17 14:01:41 DEBUG otopi.plugins.ovirt_engine_setup.ovirt_engine.db.schema plugin.execute:866 execute-output: ['/usr/share/ovirt-engine/dbscripts/upgrade.sh', '-s', 'localhost', '-p', '5432', '-u', 'engine_20140130075536', '-d', 'engine_20140130075536', '-l', '/var/log/ovirt-engine/setup/ovirt-engine-setup-20140617135909-a7zbn6.log', '-g'] stderr: psql:upgrade/03_04_0740_update_user_ids.sql:41: ERROR: duplicate key value violates unique constraint pk_users CONTEXT: SQL statement UPDATE users SET user_id = temp_id PL/pgSQL function __temp_update_user_ids_03_04_0740 line 30 at SQL statement 2014-06-17 14:01:41 DEBUG otopi.context context._executeMethod:152 method exception Traceback (most recent call last): File /usr/lib/python2.6/site-packages/otopi/context.py, line 142, in _executeMethod method['method']() File /usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-setup/ovirt-engine/db/schema.py, line 345, in _miscUpgrade osetupcons.DBEnv.PGPASS_FILE File /usr/lib/python2.6/site-packages/otopi/plugin.py, line 871, in execute command=args[0], RuntimeError: Command '/usr/share/ovirt-engine/dbscripts/upgrade.sh' failed to execute 2014-06-17 14:01:41 ERROR otopi.context context._executeMethod:161 Failed to execute stage 'Misc configuration': Command '/usr/share/ovirt-engine/dbscripts/upgrade.sh' failed to execute 2014-06-17 14:01:41 DEBUG otopi.transaction transaction.abort:131 aborting 'Yum Transaction' 2014-06-17 14:01:41 INFO otopi.plugins.otopi.packagers.yumpackager yumpackager.info:92 Yum Performing yum transaction rollback 2014-06-17 14:01:41 DEBUG otopi.plugins.otopi.packagers.yumpackager yumpackager.verbose:88 Yum Building transaction 2014-06-17 14:01:42 DEBUG otopi.plugins.otopi.packagers.yumpackager yumpackager.verbose:88 Yum Transaction built 2014-06-17 14:01:42 DEBUG otopi.plugins.otopi.packagers.yumpackager yumpackager.verbose:88 Yum Transaction Summary: 2014-06-17 14:01:42 DEBUG otopi.plugins.otopi.packagers.yumpackager yumpackager.verbose:88 Yum install- ovirt-engine-3.4.0-1.el6.noarch Anybody help me? Is it possible that you use an external directory and have two users pointing at the same directory user? Does the following query return anything? select
[ovirt-users] Ip spoofing
Hi, I have setup Ovirt with glusterfs...I have some concern about the network part 1. Is there any way to restrict the Guest VM...so that it can be assign with single ip address...and in anyhow the user can not manipulate the IP address from inside the VM (that means user can not change the ip address inside the VM). Thanks, Punit ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] italian language pack ?
On Thu, Jun 12, 2014 at 4:12 PM, Einav Cohen eco...@redhat.com wrote: Hello, I plan to work on this during the next days. Possibly the end of the next week could be a good ETA (if there will be an overlap between the different paths and the total amount is not the sum of all of them...) Could this be ok for you? Could we have a follow up on next Wednesday? sounds good, Gianluca - we will follow up on next Wednesday. thanks. Update: now I'm at 12% and going ahead. Let's see at the end of today... In the mean time I see you opened BUG ID 1110577, thanks. Hope to have it inside 3.5 tree.. btw: what is the eta for 3.5 final and for 3.5 beta? Gianluca ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Ip spoofing
On Thu, Jun 19, 2014 at 04:23:18PM +0800, Punit Dambiwal wrote: Hi, I have setup Ovirt with glusterfs...I have some concern about the network part 1. Is there any way to restrict the Guest VM...so that it can be assign with single ip address...and in anyhow the user can not manipulate the IP address from inside the VM (that means user can not change the ip address inside the VM). I am afraid that oVirt does not let you do that out-of-the-box. By default, the vdsm-no-mac-spoofing filter is applied to vNICs, which indeed allows IP spoofing. This behavior can be changed by writing a vdsm hook that changes the default filterref to filterref filter='clean-traffic' parameter name='CTRL_IP_LEARNING' value='dhcp'/ /filterref If your VM is assigned with its address not via dhcp, life is more complicated, since the hook needs to have access to this address before boot. I would love to assist you in writing such a hook; please take the vmfex_dev hook as a reference. To read more about vdsm hooks, please see http://www.ovirt.org/Vdsm_Hooks . Regards, Dan. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Call for Papers Deadline on Sunday: Open World Forum
Conference: Open World Forum 2014 Information: This year's program will show you how to take back control of your digital world, including IT/IS and (personal) data, whether you are a professional or not. Stop losing control and discover how Free and Open Source software may help you be more and more independent, whether technologically, legally or financially. Date: October 30-November 1, 2014 Location: Paris, France Website: http://openworldforum.org/ Call for Papers Deadline: June 22, 2014 Call for Papers URL: http://openworldforum.org/en/cfp/ -- Brian Proffitt oVirt Community Manager Project Atomic Community Lead Open Source and Standards, Red Hat - http://community.redhat.com Phone: +1 574 383 9BKP IRC: bkp @ OFTC ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] host upgrade from ovirt manager and custom iptables rules
- Original Message - From: Jiří Sléžka jiri.sle...@slu.cz To: users@ovirt.org Sent: Wednesday, June 18, 2014 8:12:09 PM Subject: [ovirt-users] host upgrade from ovirt manager and custom iptables rules Hello all, is there any way to make custom iptables rules persistent during host upgrade? I have for example zabbix agents installed on all hosts and thus iptables rule allowing connections from our zabbix server. Sadly I have to manually restore iptables backup after host upgrade (initiated from oVirt manager). This should be achievable by defining the iptables rules you wish to use when [re]installing using the engine-config tool: thanks a lot for reply 1. Check the existing iptables rules: sudo engine-config -g IPTablesConfig this displays whole iptables template. Interesting thing is that there is a variable @CUSTOM_RULES@. Maybe custom rules could be defined this way? 2. Define the desired iptables: sudo engine-config -s IPTablesConfig=Your rules I entered... engine-config -s IPTablesConfig=-A INPUT -p tcp -m state --state NEW -m tcp -s xx.xx.xx.xx --dport 10050 -j ACCEPT ...and it looks like this overwrite entire IPTablesConfig template... 3. Verify the changes sudo engine-config -g IPTablesConfig ...because this displays only just my one line above. I have copy of default template but I have no idea how to set this variable with multi line text. I tried inserting \n but it is not converted to newlines. Any ideas? Btw. these variables are stored in database? Thanks in advance, Jiri 4. Restart the engine for changes to take effect 5. Reinstall the host and verify the iptables rule. And another question I have always wanted to ask... It looks like host upgrade is upgrading just vdsm components and no others virtualization stuff this was updatet after clicking to host upgrade Jun 18 18:21:38 Updated: iproute-2.6.32-32.el6_5.x86_64 Jun 18 18:21:59 Installed: vdsm-python-zombiereaper-4.14.7-3.el6ev.noarch Jun 18 18:21:59 Updated: vdsm-python-4.14.7-3.el6ev.x86_64 Jun 18 18:21:59 Updated: vdsm-xmlrpc-4.14.7-3.el6ev.noarch Jun 18 18:21:59 Updated: vdsm-cli-4.14.7-3.el6ev.noarch Jun 18 18:22:26 Updated: vdsm-4.14.7-3.el6ev.x86_64 Jun 18 18:22:27 Updated: 2:qemu-kvm-rhev-tools-0.12.1.2-2.415.el6_5.10.x86_64 and after that I run yum update and updated this components (honestly this one was rhev host but ovirt behave the same) Jun 18 18:26:59 Updated: selinux-policy-3.7.19-231.el6_5.3.noarch Jun 18 18:27:03 Updated: tzdata-2014d-1.el6.noarch Jun 18 18:27:10 Updated: glibc-2.12-1.132.el6_5.2.x86_64 Jun 18 18:27:22 Updated: glibc-common-2.12-1.132.el6_5.2.x86_64 Jun 18 18:27:22 Updated: audit-libs-2.2-4.el6_5.x86_64 Jun 18 18:27:22 Updated: libxml2-2.7.6-14.el6_5.1.x86_64 Jun 18 18:27:22 Updated: libcurl-7.19.7-37.el6_5.3.x86_64 Jun 18 18:27:23 Updated: 2:qemu-img-rhev-0.12.1.2-2.415.el6_5.10.x86_64 Jun 18 18:27:23 Updated: libtasn1-2.3-6.el6_5.x86_64 Jun 18 18:27:23 Updated: gnutls-2.8.5-14.el6_5.x86_64 Jun 18 18:27:25 Updated: openssl-1.0.1e-16.el6_5.14.x86_64 Jun 18 18:27:25 Updated: spice-server-0.12.4-6.el6_5.2.x86_64 Jun 18 18:27:25 Updated: gnutls-utils-2.8.5-14.el6_5.x86_64 Jun 18 18:27:25 Updated: pm-utils-1.2.5-10.el6_5.1.x86_64 Jun 18 18:27:28 Updated: libvirt-client-0.10.2-29.el6_5.9.x86_64 Jun 18 18:27:30 Updated: libvirt-0.10.2-29.el6_5.9.x86_64 Jun 18 18:27:30 Updated: libvirt-python-0.10.2-29.el6_5.9.x86_64 Jun 18 18:27:30 Updated: mom-0.4.0-1.el6ev.noarch Jun 18 18:27:30 Updated: libvirt-lock-sanlock-0.10.2-29.el6_5.9.x86_64 Jun 18 18:27:32 Updated: 2:qemu-kvm-rhev-0.12.1.2-2.415.el6_5.10.x86_64 Jun 18 18:27:32 Updated: python-rhsm-1.9.7-1.el6_5.x86_64 Jun 18 18:27:32 Updated: curl-7.19.7-37.el6_5.3.x86_64 Jun 18 18:27:33 Updated: libxml2-python-2.7.6-14.el6_5.1.x86_64 Jun 18 18:27:33 Updated: audit-libs-python-2.2-4.el6_5.x86_64 Jun 18 18:27:33 Updated: audit-2.2-4.el6_5.x86_64 Jun 18 18:27:33 Updated: mdadm-3.2.6-7.el6_5.2.x86_64 Jun 18 18:27:33 Updated: python-cpopen-1.3-2.el6_5.x86_64 Jun 18 18:28:30 Updated: selinux-policy-targeted-3.7.19-231.el6_5.3.noarch Jun 18 18:28:30 Updated: python-pthreading-0.1.3-1.el6ev.noarch I believe qemu-img-rhev, spice-server, libvirt, mom,... are important components too. Should not be upgraded as well? Thanks for clarification, Jiri ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users attachment: jiri_slezka.vcf smime.p7s Description: Elektronicky podpis S/MIME ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] italian language pack ?
Hi Gianluca, Thank you for working hard on completing the translation - it is highly appreciated! according to [1], ovirt-3.5.0 beta is planned for 2014-06-26 (which is ~1 week from now), however I am not sure if this is a build date or a release date (I assume it is a build date, as it is the same time in which we plan to branch 'ovirt-engine-3.5' out of 'master' - maybe @Sandro/Eyal can confirm that). RC Build is currently planned for 2014-07-16. GA is currently planned for 2014-08-04. I am planning to pull translations from Zanata towards the end of this month (hopefully in time for the beta, but not necessarily - maybe it will land only in the RC build eventually), and then do another pull at the end of July [probably not in time for the RC build, so may land eventually only in ovirt-3.5.1 or similar]. do you think that we will be able to have a ~70% Italian translation completion by mid/towards-the-end-of July? if so, we can work on adding Italian to the locale drop-down in the GUI now (i.e. in the upcoming days/week), however we may need to take it out of the GUI drop-down eventually if we won't meet the ~70% Italian translation completion by mid/towards-the-end-of July goal. let me know what you think. Thanks, Einav [1] http://wiki.ovirt.org/OVirt_3.5_release-management - Original Message - From: Gianluca Cecchi gianluca.cec...@gmail.com To: Einav Cohen eco...@redhat.com Cc: users users@ovirt.org Sent: Thursday, June 19, 2014 4:40:02 AM Subject: Re: [ovirt-users] italian language pack ? On Thu, Jun 12, 2014 at 4:12 PM, Einav Cohen eco...@redhat.com wrote: Hello, I plan to work on this during the next days. Possibly the end of the next week could be a good ETA (if there will be an overlap between the different paths and the total amount is not the sum of all of them...) Could this be ok for you? Could we have a follow up on next Wednesday? sounds good, Gianluca - we will follow up on next Wednesday. thanks. Update: now I'm at 12% and going ahead. Let's see at the end of today... In the mean time I see you opened BUG ID 1110577, thanks. Hope to have it inside 3.5 tree.. btw: what is the eta for 3.5 final and for 3.5 beta? Gianluca ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] italian language pack ?
On Thu, Jun 19, 2014 at 3:24 PM, Einav Cohen eco...@redhat.com wrote: do you think that we will be able to have a ~70% Italian translation completion by mid/towards-the-end-of July? if so, we can work on adding Italian to the locale drop-down in the GUI now (i.e. in the upcoming days/week), however we may need to take it out of the GUI drop-down eventually if we won't meet the ~70% Italian translation completion by mid/towards-the-end-of July goal. let me know what you think. Thanks for your trust, much appreciated too! I think I'm able to get 70% around 10th of July. It would be great to have sooner than later the dropdown and the functionality, because in some cases it is not so easy to extrapolate context in a single word or few words and give a truly correct translation (despite the section's title itself that is an initial suggestion). Having the chance to set the locale in a real environment and crosscheck the proposed translations would be great to have a consistent work done at the end... Gianluca ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] italian language pack ?
Il 19/06/2014 15:24, Einav Cohen ha scritto: Hi Gianluca, Thank you for working hard on completing the translation - it is highly appreciated! according to [1], ovirt-3.5.0 beta is planned for 2014-06-26 (which is ~1 week from now), however I am not sure if this is a build date or a release date (I assume it is a build date, as it is the same time in which we plan to branch 'ovirt-engine-3.5' out of 'master' - maybe @Sandro/Eyal can confirm that). Beta will be composed on 2014-06-26 using the last nightly snapshot available. If it won't pass basic sanity test a new build may be required but it will be highly appreciated that maintainers ensure their packages works the day before the repository composition. The branch will be created from the git hash of the build passing basic sanity test. RC Build is currently planned for 2014-07-16. GA is currently planned for 2014-08-04. I am planning to pull translations from Zanata towards the end of this month (hopefully in time for the beta, but not necessarily - maybe it will land only in the RC build eventually), and then do another pull at the end of July [probably not in time for the RC build, so may land eventually only in ovirt-3.5.1 or similar]. do you think that we will be able to have a ~70% Italian translation completion by mid/towards-the-end-of July? if so, we can work on adding Italian to the locale drop-down in the GUI now (i.e. in the upcoming days/week), however we may need to take it out of the GUI drop-down eventually if we won't meet the ~70% Italian translation completion by mid/towards-the-end-of July goal. let me know what you think. Thanks, Einav [1] http://wiki.ovirt.org/OVirt_3.5_release-management - Original Message - From: Gianluca Cecchi gianluca.cec...@gmail.com To: Einav Cohen eco...@redhat.com Cc: users users@ovirt.org Sent: Thursday, June 19, 2014 4:40:02 AM Subject: Re: [ovirt-users] italian language pack ? On Thu, Jun 12, 2014 at 4:12 PM, Einav Cohen eco...@redhat.com wrote: Hello, I plan to work on this during the next days. Possibly the end of the next week could be a good ETA (if there will be an overlap between the different paths and the total amount is not the sum of all of them...) Could this be ok for you? Could we have a follow up on next Wednesday? sounds good, Gianluca - we will follow up on next Wednesday. thanks. Update: now I'm at 12% and going ahead. Let's see at the end of today... In the mean time I see you opened BUG ID 1110577, thanks. Hope to have it inside 3.5 tree.. btw: what is the eta for 3.5 final and for 3.5 beta? Gianluca ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] VMware machines disk locked
Dear all, I already restarted the engine and the node but the status keeps on being locked. How do I connect with the postgres database and can I alter that locked status of the disks. Kind regards. 2014-06-18 8:50 GMT+02:00 Joop jvdw...@xs4all.nl: On 18-6-2014 7:30, andy.michiel...@gmail.com wrote: Hello, We are having problems with a VMware machine. In the engine I can see the status of its disks are locked. I don't know exactly what my co worker did but it's up to me to find out and fix it. So what log's should I check and what entry should I look for. Can I find out why the disks are locked via the cli ? Can I look in the database and change the status ? You should be able to see in the message pane what was done in the past and try to correlate that with the locked disks. Further if you look on the host which is the SPM you could see a dd process. Cloning disks, exporting VMs are done using dd on the SPM. Hoping the devs have some more things to check. Joop ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] tools page needs updates
Hi all, The tools page [1] lacks a lot of info such as where the tools can be downloaded/installed from, how to configure and use them, etc. I updated the image uploader section, if someone can do the same for the rest of the tools - it will be great. [1]http://www.ovirt.org/OVirt_engine_tools ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Spam Cannot attach to VM pool
Im trying to to attach to a VM in a pool and Im seeing the following in the engine.log Message: VM TIEATS_VDI-1 is down. Exit message: internal error ifname vnet0 not in key map Is there anything that I should be looking out for when using pools? 3.4.1 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Script to determine Direct LUN mapping
- Original Message - From: Citros Airv citros.a...@gmail.com To: users@ovirt.org Sent: Wednesday, June 18, 2014 5:23:42 PM Subject: [ovirt-users] Script to determine Direct LUN mapping HI, I'm writing a script to determine on which guest a Direct Lun is currently attached to. Any pointers, help, much appreciated. Not that strong in luns, but I'd use the search, but I'm not sure isLun is supported in search (by quick look at the code it isn't). From the top of my head, a quick workaround to that is to add prefix to lun disk aliases, and then use the search with alias starts with lun_***. You can fetch the vm_names from the disk and proceed from there. C ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] New oVirt Case Study: Judici
All: I am pleased to let you know that I have posted a new case study about oVirt on ovirt.org. The new study is a small government project, Judici, with a big impact: managing the court documentation for 68 of the 102 county courts in the State of Illinois. Take a look[1] and feel free to spread the word though social media. Thanks! Brian [1]http://www.ovirt.org/Judici_Case_Study -- Brian Proffitt oVirt Community Manager Project Atomic Community Lead Open Source and Standards, Red Hat - http://community.redhat.com Phone: +1 574 383 9BKP IRC: bkp @ OFTC ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] gluster rpms not found
I am running ovirt 3.4 and have gluster installed: [root@virt01a]# yum list installed |grep gluster glusterfs.x86_64 3.5.0-2.el6 @ovirt-glusterfs-epel glusterfs-api.x86_64 3.5.0-2.el6 @ovirt-glusterfs-epel glusterfs-cli.x86_64 3.5.0-2.el6 @ovirt-glusterfs-epel glusterfs-fuse.x86_64 3.5.0-2.el6 @ovirt-glusterfs-epel glusterfs-libs.x86_64 3.5.0-2.el6 @ovirt-glusterfs-epel glusterfs-rdma.x86_64 3.5.0-2.el6 @ovirt-glusterfs-epel glusterfs-server.x86_64 3.5.0-2.el6 @ovirt-glusterfs-epel However vdsm can't seem to find them: Thread-13::DEBUG::2014-06-19 16:15:57,250::caps::458::root::(_getKeyPackages) rpm package glusterfs-rdma not found Thread-13::DEBUG::2014-06-19 16:15:57,250::caps::458::root::(_getKeyPackages) rpm package glusterfs-fuse not found Thread-13::DEBUG::2014-06-19 16:15:57,251::caps::458::root::(_getKeyPackages) rpm package gluster-swift not found Thread-13::DEBUG::2014-06-19 16:15:57,252::caps::458::root::(_getKeyPackages) rpm package gluster-swift-object not found Thread-13::DEBUG::2014-06-19 16:15:57,252::caps::458::root::(_getKeyPackages) rpm package glusterfs not found Thread-13::DEBUG::2014-06-19 16:15:57,252::caps::458::root::(_getKeyPackages) rpm package gluster-swift-plugin not found Thread-13::DEBUG::2014-06-19 16:15:57,254::caps::458::root::(_getKeyPackages) rpm package gluster-swift-account not found Thread-13::DEBUG::2014-06-19 16:15:57,254::caps::458::root::(_getKeyPackages) rpm package gluster-swift-proxy not found Thread-13::DEBUG::2014-06-19 16:15:57,254::caps::458::root::(_getKeyPackages) rpm package gluster-swift-doc not found Thread-13::DEBUG::2014-06-19 16:15:57,255::caps::458::root::(_getKeyPackages) rpm package glusterfs-server not found Thread-13::DEBUG::2014-06-19 16:15:57,255::caps::458::root::(_getKeyPackages) rpm package gluster-swift-container not found Thread-13::DEBUG::2014-06-19 16:15:57,255::caps::458::root::(_getKeyPackages) rpm package glusterfs-geo-replication not found Any ideas? nathan stratton | vp technology | broadsoft, inc | +1-240-404-6580 | www.broadsoft.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Log-off SPICE client system from oVirt guest
Hello everyone! I currently have an MS Windows client running remote viewer which connects to an oVirt Linux VM using SPICE. My applicaiton is running on the VM. (Actually there are several clients each connecting to one VM at a time, with each client connecting to the first available VM every time - I have already achieved this using the oVirt REST API). What I want to do now, is have the MS Windows client (I am using remote-viewer as the SPICE client) log out automatically when the user closes the application's window in the VM. Is this possible? If not, is there a way to get the IP address of the client machine (the one running remote-viewer) from the guest so that I can notify it to log off? Best regards, George. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] oVirt Node as vm
Hello, I want to run oVirt Node as vm to learn a little bit about ovirt. But I'm facing some problems. I understand that oVirt Node maybe needs to see the vmx feature from the cpu so that kvm will work. But I can't get the oVirt Node ISO booting at all. I tried it in VirtualBox ... since it doesn't support nested virtualization I understand why it doesn't boot ... perhaps. But I tried it also on ESX and in the configuration i said that the virtualization features of the CPU should be passed through. If I boot a Live CD with that configuration see with cat /proc/cpuinfo that vmx is available. When I boot the oVirt Node ISO it just hangs after the 30 seconds count down ...I just see the background from the boot menu and it hangs the forever. Anybody else facing the same problem. Or is it just not possible to run oVirt Node as VM? Thanks for your replies. Regards ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] host upgrade from ovirt manager and custom iptables rules
- Original Message - From: Jiří Sléžka jiri.sle...@slu.cz To: Moti Asayag masa...@redhat.com Cc: users@ovirt.org Sent: Thursday, June 19, 2014 3:25:49 PM Subject: Re: [ovirt-users] host upgrade from ovirt manager and custom iptables rules - Original Message - From: Jiří Sléžka jiri.sle...@slu.cz To: users@ovirt.org Sent: Wednesday, June 18, 2014 8:12:09 PM Subject: [ovirt-users] host upgrade from ovirt manager and custom iptables rules Hello all, is there any way to make custom iptables rules persistent during host upgrade? I have for example zabbix agents installed on all hosts and thus iptables rule allowing connections from our zabbix server. Sadly I have to manually restore iptables backup after host upgrade (initiated from oVirt manager). This should be achievable by defining the iptables rules you wish to use when [re]installing using the engine-config tool: thanks a lot for reply 1. Check the existing iptables rules: sudo engine-config -g IPTablesConfig this displays whole iptables template. Interesting thing is that there is a variable @CUSTOM_RULES@. Maybe custom rules could be defined this way? Adding Alon to reply on @CUSTOM_RULES@ 2. Define the desired iptables: sudo engine-config -s IPTablesConfig=Your rules I entered... engine-config -s IPTablesConfig=-A INPUT -p tcp -m state --state NEW -m tcp -s xx.xx.xx.xx --dport 10050 -j ACCEPT ...and it looks like this overwrite entire IPTablesConfig template... 3. Verify the changes sudo engine-config -g IPTablesConfig ...because this displays only just my one line above. I have copy of default template but I have no idea how to set this variable with multi line text. I tried inserting \n but it is not converted to newlines. Any ideas? to me i worked by pasting the file content in the command line: engine-config -s IPTablesConfig= paste multi-line content Btw. these variables are stored in database? Yes, in vdc_options table: select * from vdc_options where option_name = 'IPTablesConfig'; Thanks in advance, Jiri 4. Restart the engine for changes to take effect 5. Reinstall the host and verify the iptables rule. And another question I have always wanted to ask... It looks like host upgrade is upgrading just vdsm components and no others virtualization stuff this was updatet after clicking to host upgrade Jun 18 18:21:38 Updated: iproute-2.6.32-32.el6_5.x86_64 Jun 18 18:21:59 Installed: vdsm-python-zombiereaper-4.14.7-3.el6ev.noarch Jun 18 18:21:59 Updated: vdsm-python-4.14.7-3.el6ev.x86_64 Jun 18 18:21:59 Updated: vdsm-xmlrpc-4.14.7-3.el6ev.noarch Jun 18 18:21:59 Updated: vdsm-cli-4.14.7-3.el6ev.noarch Jun 18 18:22:26 Updated: vdsm-4.14.7-3.el6ev.x86_64 Jun 18 18:22:27 Updated: 2:qemu-kvm-rhev-tools-0.12.1.2-2.415.el6_5.10.x86_64 and after that I run yum update and updated this components (honestly this one was rhev host but ovirt behave the same) Jun 18 18:26:59 Updated: selinux-policy-3.7.19-231.el6_5.3.noarch Jun 18 18:27:03 Updated: tzdata-2014d-1.el6.noarch Jun 18 18:27:10 Updated: glibc-2.12-1.132.el6_5.2.x86_64 Jun 18 18:27:22 Updated: glibc-common-2.12-1.132.el6_5.2.x86_64 Jun 18 18:27:22 Updated: audit-libs-2.2-4.el6_5.x86_64 Jun 18 18:27:22 Updated: libxml2-2.7.6-14.el6_5.1.x86_64 Jun 18 18:27:22 Updated: libcurl-7.19.7-37.el6_5.3.x86_64 Jun 18 18:27:23 Updated: 2:qemu-img-rhev-0.12.1.2-2.415.el6_5.10.x86_64 Jun 18 18:27:23 Updated: libtasn1-2.3-6.el6_5.x86_64 Jun 18 18:27:23 Updated: gnutls-2.8.5-14.el6_5.x86_64 Jun 18 18:27:25 Updated: openssl-1.0.1e-16.el6_5.14.x86_64 Jun 18 18:27:25 Updated: spice-server-0.12.4-6.el6_5.2.x86_64 Jun 18 18:27:25 Updated: gnutls-utils-2.8.5-14.el6_5.x86_64 Jun 18 18:27:25 Updated: pm-utils-1.2.5-10.el6_5.1.x86_64 Jun 18 18:27:28 Updated: libvirt-client-0.10.2-29.el6_5.9.x86_64 Jun 18 18:27:30 Updated: libvirt-0.10.2-29.el6_5.9.x86_64 Jun 18 18:27:30 Updated: libvirt-python-0.10.2-29.el6_5.9.x86_64 Jun 18 18:27:30 Updated: mom-0.4.0-1.el6ev.noarch Jun 18 18:27:30 Updated: libvirt-lock-sanlock-0.10.2-29.el6_5.9.x86_64 Jun 18 18:27:32 Updated: 2:qemu-kvm-rhev-0.12.1.2-2.415.el6_5.10.x86_64 Jun 18 18:27:32 Updated: python-rhsm-1.9.7-1.el6_5.x86_64 Jun 18 18:27:32 Updated: curl-7.19.7-37.el6_5.3.x86_64 Jun 18 18:27:33 Updated: libxml2-python-2.7.6-14.el6_5.1.x86_64 Jun 18 18:27:33 Updated: audit-libs-python-2.2-4.el6_5.x86_64 Jun 18 18:27:33 Updated: audit-2.2-4.el6_5.x86_64 Jun 18 18:27:33 Updated: mdadm-3.2.6-7.el6_5.2.x86_64 Jun 18 18:27:33 Updated: python-cpopen-1.3-2.el6_5.x86_64 Jun 18 18:28:30 Updated: selinux-policy-targeted-3.7.19-231.el6_5.3.noarch Jun 18 18:28:30 Updated: python-pthreading-0.1.3-1.el6ev.noarch I believe qemu-img-rhev, spice-server, libvirt, mom,... are important components too. Should not be upgraded as well? Thanks for clarification,
Re: [ovirt-users] host upgrade from ovirt manager and custom iptables rules
- Original Message - From: Moti Asayag masa...@redhat.com To: Jiří Sléžka jiri.sle...@slu.cz, Alon Bar-Lev abar...@redhat.com Cc: users@ovirt.org Sent: Friday, June 20, 2014 1:12:58 AM Subject: Re: [ovirt-users] host upgrade from ovirt manager and custom iptables rules - Original Message - From: Jiří Sléžka jiri.sle...@slu.cz To: Moti Asayag masa...@redhat.com Cc: users@ovirt.org Sent: Thursday, June 19, 2014 3:25:49 PM Subject: Re: [ovirt-users] host upgrade from ovirt manager and custom iptables rules - Original Message - From: Jiří Sléžka jiri.sle...@slu.cz To: users@ovirt.org Sent: Wednesday, June 18, 2014 8:12:09 PM Subject: [ovirt-users] host upgrade from ovirt manager and custom iptables rules Hello all, is there any way to make custom iptables rules persistent during host upgrade? I have for example zabbix agents installed on all hosts and thus iptables rule allowing connections from our zabbix server. Sadly I have to manually restore iptables backup after host upgrade (initiated from oVirt manager). This should be achievable by defining the iptables rules you wish to use when [re]installing using the engine-config tool: thanks a lot for reply 1. Check the existing iptables rules: sudo engine-config -g IPTablesConfig this displays whole iptables template. Interesting thing is that there is a variable @CUSTOM_RULES@. Maybe custom rules could be defined this way? Adding Alon to reply on @CUSTOM_RULES@ These are to be replaced with gluster specific or virt specific or both, see IPTablesConfigForVirt, IPTablesConfigForGluster. I must note that there is no real support for manual modification of the iptables rules, as once you change it, you do not enjoy future product updates, such as upcoming kdump fence listener daemon. However, moti, we can add another vdc config for user defined rules, it should be sufficient in most cases. 2. Define the desired iptables: sudo engine-config -s IPTablesConfig=Your rules I entered... engine-config -s IPTablesConfig=-A INPUT -p tcp -m state --state NEW -m tcp -s xx.xx.xx.xx --dport 10050 -j ACCEPT ...and it looks like this overwrite entire IPTablesConfig template... 3. Verify the changes sudo engine-config -g IPTablesConfig ...because this displays only just my one line above. I have copy of default template but I have no idea how to set this variable with multi line text. I tried inserting \n but it is not converted to newlines. Any ideas? to me i worked by pasting the file content in the command line: engine-config -s IPTablesConfig= paste multi-line content Btw. these variables are stored in database? Yes, in vdc_options table: select * from vdc_options where option_name = 'IPTablesConfig'; Thanks in advance, Jiri 4. Restart the engine for changes to take effect 5. Reinstall the host and verify the iptables rule. And another question I have always wanted to ask... It looks like host upgrade is upgrading just vdsm components and no others virtualization stuff this was updatet after clicking to host upgrade Jun 18 18:21:38 Updated: iproute-2.6.32-32.el6_5.x86_64 Jun 18 18:21:59 Installed: vdsm-python-zombiereaper-4.14.7-3.el6ev.noarch Jun 18 18:21:59 Updated: vdsm-python-4.14.7-3.el6ev.x86_64 Jun 18 18:21:59 Updated: vdsm-xmlrpc-4.14.7-3.el6ev.noarch Jun 18 18:21:59 Updated: vdsm-cli-4.14.7-3.el6ev.noarch Jun 18 18:22:26 Updated: vdsm-4.14.7-3.el6ev.x86_64 Jun 18 18:22:27 Updated: 2:qemu-kvm-rhev-tools-0.12.1.2-2.415.el6_5.10.x86_64 and after that I run yum update and updated this components (honestly this one was rhev host but ovirt behave the same) Jun 18 18:26:59 Updated: selinux-policy-3.7.19-231.el6_5.3.noarch Jun 18 18:27:03 Updated: tzdata-2014d-1.el6.noarch Jun 18 18:27:10 Updated: glibc-2.12-1.132.el6_5.2.x86_64 Jun 18 18:27:22 Updated: glibc-common-2.12-1.132.el6_5.2.x86_64 Jun 18 18:27:22 Updated: audit-libs-2.2-4.el6_5.x86_64 Jun 18 18:27:22 Updated: libxml2-2.7.6-14.el6_5.1.x86_64 Jun 18 18:27:22 Updated: libcurl-7.19.7-37.el6_5.3.x86_64 Jun 18 18:27:23 Updated: 2:qemu-img-rhev-0.12.1.2-2.415.el6_5.10.x86_64 Jun 18 18:27:23 Updated: libtasn1-2.3-6.el6_5.x86_64 Jun 18 18:27:23 Updated: gnutls-2.8.5-14.el6_5.x86_64 Jun 18 18:27:25 Updated: openssl-1.0.1e-16.el6_5.14.x86_64 Jun 18 18:27:25 Updated: spice-server-0.12.4-6.el6_5.2.x86_64 Jun 18 18:27:25 Updated: gnutls-utils-2.8.5-14.el6_5.x86_64 Jun 18 18:27:25 Updated: pm-utils-1.2.5-10.el6_5.1.x86_64 Jun 18 18:27:28 Updated: libvirt-client-0.10.2-29.el6_5.9.x86_64 Jun 18 18:27:30 Updated: libvirt-0.10.2-29.el6_5.9.x86_64 Jun 18 18:27:30 Updated: libvirt-python-0.10.2-29.el6_5.9.x86_64 Jun 18 18:27:30 Updated: mom-0.4.0-1.el6ev.noarch Jun 18
Re: [ovirt-users] gluster rpms not found
You're missing vdsm-gluster yum install vdsm-gluster On Fri, Jun 20, 2014 at 6:24 AM, Nathan Stratton nat...@robotics.net wrote: I am running ovirt 3.4 and have gluster installed: [root@virt01a]# yum list installed |grep gluster glusterfs.x86_64 3.5.0-2.el6 @ovirt-glusterfs-epel glusterfs-api.x86_64 3.5.0-2.el6 @ovirt-glusterfs-epel glusterfs-cli.x86_64 3.5.0-2.el6 @ovirt-glusterfs-epel glusterfs-fuse.x86_64 3.5.0-2.el6 @ovirt-glusterfs-epel glusterfs-libs.x86_64 3.5.0-2.el6 @ovirt-glusterfs-epel glusterfs-rdma.x86_64 3.5.0-2.el6 @ovirt-glusterfs-epel glusterfs-server.x86_64 3.5.0-2.el6 @ovirt-glusterfs-epel However vdsm can't seem to find them: Thread-13::DEBUG::2014-06-19 16:15:57,250::caps::458::root::(_getKeyPackages) rpm package glusterfs-rdma not found Thread-13::DEBUG::2014-06-19 16:15:57,250::caps::458::root::(_getKeyPackages) rpm package glusterfs-fuse not found Thread-13::DEBUG::2014-06-19 16:15:57,251::caps::458::root::(_getKeyPackages) rpm package gluster-swift not found Thread-13::DEBUG::2014-06-19 16:15:57,252::caps::458::root::(_getKeyPackages) rpm package gluster-swift-object not found Thread-13::DEBUG::2014-06-19 16:15:57,252::caps::458::root::(_getKeyPackages) rpm package glusterfs not found Thread-13::DEBUG::2014-06-19 16:15:57,252::caps::458::root::(_getKeyPackages) rpm package gluster-swift-plugin not found Thread-13::DEBUG::2014-06-19 16:15:57,254::caps::458::root::(_getKeyPackages) rpm package gluster-swift-account not found Thread-13::DEBUG::2014-06-19 16:15:57,254::caps::458::root::(_getKeyPackages) rpm package gluster-swift-proxy not found Thread-13::DEBUG::2014-06-19 16:15:57,254::caps::458::root::(_getKeyPackages) rpm package gluster-swift-doc not found Thread-13::DEBUG::2014-06-19 16:15:57,255::caps::458::root::(_getKeyPackages) rpm package glusterfs-server not found Thread-13::DEBUG::2014-06-19 16:15:57,255::caps::458::root::(_getKeyPackages) rpm package gluster-swift-container not found Thread-13::DEBUG::2014-06-19 16:15:57,255::caps::458::root::(_getKeyPackages) rpm package glusterfs-geo-replication not found Any ideas? nathan stratton | vp technology | broadsoft, inc | +1-240-404-6580 | www.broadsoft.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] host upgrade from ovirt manager and custom iptables rules
- Original Message - From: Alon Bar-Lev alo...@redhat.com To: Moti Asayag masa...@redhat.com Cc: Jiří Sléžka jiri.sle...@slu.cz, users@ovirt.org Sent: Friday, June 20, 2014 1:19:25 AM Subject: Re: [ovirt-users] host upgrade from ovirt manager and custom iptables rules - Original Message - From: Moti Asayag masa...@redhat.com To: Jiří Sléžka jiri.sle...@slu.cz, Alon Bar-Lev abar...@redhat.com Cc: users@ovirt.org Sent: Friday, June 20, 2014 1:12:58 AM Subject: Re: [ovirt-users] host upgrade from ovirt manager and custom iptables rules - Original Message - From: Jiří Sléžka jiri.sle...@slu.cz To: Moti Asayag masa...@redhat.com Cc: users@ovirt.org Sent: Thursday, June 19, 2014 3:25:49 PM Subject: Re: [ovirt-users] host upgrade from ovirt manager and custom iptables rules - Original Message - From: Jiří Sléžka jiri.sle...@slu.cz To: users@ovirt.org Sent: Wednesday, June 18, 2014 8:12:09 PM Subject: [ovirt-users] host upgrade from ovirt manager and custom iptables rules Hello all, is there any way to make custom iptables rules persistent during host upgrade? I have for example zabbix agents installed on all hosts and thus iptables rule allowing connections from our zabbix server. Sadly I have to manually restore iptables backup after host upgrade (initiated from oVirt manager). This should be achievable by defining the iptables rules you wish to use when [re]installing using the engine-config tool: thanks a lot for reply 1. Check the existing iptables rules: sudo engine-config -g IPTablesConfig this displays whole iptables template. Interesting thing is that there is a variable @CUSTOM_RULES@. Maybe custom rules could be defined this way? Adding Alon to reply on @CUSTOM_RULES@ These are to be replaced with gluster specific or virt specific or both, see IPTablesConfigForVirt, IPTablesConfigForGluster. I must note that there is no real support for manual modification of the iptables rules, as once you change it, you do not enjoy future product updates, such as upcoming kdump fence listener daemon. However, moti, we can add another vdc config for user defined rules, it should be sufficient in most cases. Sounds reasonable. Jiri, would you like to open RFE for it ? 2. Define the desired iptables: sudo engine-config -s IPTablesConfig=Your rules I entered... engine-config -s IPTablesConfig=-A INPUT -p tcp -m state --state NEW -m tcp -s xx.xx.xx.xx --dport 10050 -j ACCEPT ...and it looks like this overwrite entire IPTablesConfig template... 3. Verify the changes sudo engine-config -g IPTablesConfig ...because this displays only just my one line above. I have copy of default template but I have no idea how to set this variable with multi line text. I tried inserting \n but it is not converted to newlines. Any ideas? to me i worked by pasting the file content in the command line: engine-config -s IPTablesConfig= paste multi-line content Btw. these variables are stored in database? Yes, in vdc_options table: select * from vdc_options where option_name = 'IPTablesConfig'; Thanks in advance, Jiri 4. Restart the engine for changes to take effect 5. Reinstall the host and verify the iptables rule. And another question I have always wanted to ask... It looks like host upgrade is upgrading just vdsm components and no others virtualization stuff this was updatet after clicking to host upgrade Jun 18 18:21:38 Updated: iproute-2.6.32-32.el6_5.x86_64 Jun 18 18:21:59 Installed: vdsm-python-zombiereaper-4.14.7-3.el6ev.noarch Jun 18 18:21:59 Updated: vdsm-python-4.14.7-3.el6ev.x86_64 Jun 18 18:21:59 Updated: vdsm-xmlrpc-4.14.7-3.el6ev.noarch Jun 18 18:21:59 Updated: vdsm-cli-4.14.7-3.el6ev.noarch Jun 18 18:22:26 Updated: vdsm-4.14.7-3.el6ev.x86_64 Jun 18 18:22:27 Updated: 2:qemu-kvm-rhev-tools-0.12.1.2-2.415.el6_5.10.x86_64 and after that I run yum update and updated this components (honestly this one was rhev host but ovirt behave the same) Jun 18 18:26:59 Updated: selinux-policy-3.7.19-231.el6_5.3.noarch Jun 18 18:27:03 Updated: tzdata-2014d-1.el6.noarch Jun 18 18:27:10 Updated: glibc-2.12-1.132.el6_5.2.x86_64 Jun 18 18:27:22 Updated: glibc-common-2.12-1.132.el6_5.2.x86_64 Jun 18 18:27:22 Updated: audit-libs-2.2-4.el6_5.x86_64 Jun 18 18:27:22 Updated: libxml2-2.7.6-14.el6_5.1.x86_64 Jun 18 18:27:22 Updated: libcurl-7.19.7-37.el6_5.3.x86_64 Jun 18 18:27:23 Updated: 2:qemu-img-rhev-0.12.1.2-2.415.el6_5.10.x86_64 Jun 18 18:27:23 Updated: libtasn1-2.3-6.el6_5.x86_64 Jun 18 18:27:23 Updated: gnutls-2.8.5-14.el6_5.x86_64 Jun 18
Re: [ovirt-users] oVirt Node as vm
I have the same problem. Finally, I am not using oVirth Node ISO, I setup one step by step. And the key point is enable promiscuous mode on your ESXi vswitch, or you cann't ping double nested guest. On Fri, Jun 20, 2014 at 2:57 AM, Stefan Sahlender ssahlen...@gmx.de wrote: Hello, I want to run oVirt Node as vm to learn a little bit about ovirt. But I'm facing some problems. I understand that oVirt Node maybe needs to see the vmx feature from the cpu so that kvm will work. But I can't get the oVirt Node ISO booting at all. I tried it in VirtualBox ... since it doesn't support nested virtualization I understand why it doesn't boot ... perhaps. But I tried it also on ESX and in the configuration i said that the virtualization features of the CPU should be passed through. If I boot a Live CD with that configuration see with cat /proc/cpuinfo that vmx is available. When I boot the oVirt Node ISO it just hangs after the 30 seconds count down ...I just see the background from the boot menu and it hangs the forever. Anybody else facing the same problem. Or is it just not possible to run oVirt Node as VM? Thanks for your replies. Regards ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- Regards, John Xue ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users