Re: [ovirt-users] oVirt 3.5.1 user permissions

2015-01-29 Thread Gianluca Cecchi
Il 29/gen/2015 15:13 Yaniv Dary yd...@redhat.com ha scritto:

 WebAdmin is for admin and has permissions to see anything in the system.
 For power users please use the power user portal

Power user portal doesn't exist any more or did I miss anything?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] dwh not receiving any data

2015-01-29 Thread David van zeebroeck
hi
we are running ovirt 3.5.1 and we are trying to setup the dwh part
install and setup appears to run fine but when starting the service we see
following error in the log file :

2015-01-29 16:06:26|ETL Service Started
Exception in component tJDBCOutput_5
org.postgresql.util.PSQLException: ERROR: insert or update on table
vm_samples_history violates foreign key constraint
vm_samples_history_current_user_id_fkey
  Detail: Key (current_user_id)=(ab932902-cead-4435-a2b6-8b88576feab6) is
not present in table users_details_history.
at
org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2062)
at
org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1795)
at
org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:257)
at
org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:479)
at
org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(AbstractJdbc2Statement.java:367)
at
org.postgresql.jdbc2.AbstractJdbc2Statement.executeUpdate(AbstractJdbc2Statement.java:321)
at
ovirt_engine_dwh.statisticssync_3_5.StatisticsSync.tJDBCInput_10Process(StatisticsSync.java:10482)
at
ovirt_engine_dwh.statisticssync_3_5.StatisticsSync$6.run(StatisticsSync.java:17437)
Exception in component tJDBCOutput_6
org.postgresql.util.PSQLException: ERROR: current transaction is aborted,
commands ignored until end of transaction block
at
org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2062)
at
org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1795)
at
org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:257)
at
org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:479)
at
org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(AbstractJdbc2Statement.java:367)
at
org.postgresql.jdbc2.AbstractJdbc2Statement.executeUpdate(AbstractJdbc2Statement.java:321)
at
ovirt_engine_dwh.statisticssync_3_5.StatisticsSync.tJDBCInput_12Process(StatisticsSync.java:12689)
at
ovirt_engine_dwh.statisticssync_3_5.StatisticsSync$7.run(StatisticsSync.java:17483)
Exception in component tJDBCOutput_7
org.postgresql.util.PSQLException: ERROR: current transaction is aborted,
commands ignored until end of transaction block
at
org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2062)
at
org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1795)
at
org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:257)
at
org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:479)
at
org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(AbstractJdbc2Statement.java:367)
at
org.postgresql.jdbc2.AbstractJdbc2Statement.executeUpdate(AbstractJdbc2Statement.java:321)
at
ovirt_engine_dwh.statisticssync_3_5.StatisticsSync.tJDBCInput_18Process(StatisticsSync.java:14806)
at
ovirt_engine_dwh.statisticssync_3_5.StatisticsSync$8.run(StatisticsSync.java:17529)
Exception in component tJDBCOutput_4
org.postgresql.util.PSQLException: ERROR: current transaction is aborted,
commands ignored until end of transaction block
at
org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2062)
at
org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1795)
at
org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:257)
at
org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:479)
at
org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(AbstractJdbc2Statement.java:367)
at
org.postgresql.jdbc2.AbstractJdbc2Statement.executeUpdate(AbstractJdbc2Statement.java:321)
at
ovirt_engine_dwh.statisticssync_3_5.StatisticsSync.tJDBCInput_8Process(StatisticsSync.java:7788)
at
ovirt_engine_dwh.statisticssync_3_5.StatisticsSync$5.run(StatisticsSync.java:17391)
2015-01-29
16:07:04|kGEf8p|YhA1NE|VVdF7H|OVIRT_ENGINE_DWH|StatisticsSync|Default|6|Java
Exception|tJDBCOutput_7|org.postgresql.util.PSQLException:ERROR: current
transaction is aborted, commands ignored until end of transaction block|1
2015-01-29
16:07:04|kGEf8p|YhA1NE|VVdF7H|OVIRT_ENGINE_DWH|StatisticsSync|Default|6|Java
Exception|tJDBCOutput_5|org.postgresql.util.PSQLException:ERROR: insert or
update on table vm_samples_history violates foreign key constraint
vm_samples_history_current_user_id_fkey
  Detail: Key (current_user_id)=(ab932902-cead-4435-a2b6-8b88576feab6) is
not present in table users_details_history.|1
2015-01-29
16:07:04|kGEf8p|YhA1NE|VVdF7H|OVIRT_ENGINE_DWH|StatisticsSync|Default|6|Java
Exception|tJDBCOutput_6|org.postgresql.util.PSQLException:ERROR: current
transaction is aborted, 

Re: [ovirt-users] AAA

2015-01-29 Thread Alon Bar-Lev


- Original Message -
 From: Koen Vanoppen vanoppen.k...@gmail.com
 To: Ondra Machacek omach...@redhat.com, users@ovirt.org
 Sent: Thursday, January 29, 2015 3:46:09 PM
 Subject: Re: [ovirt-users] AAA
 
 I saw that when I pressed the send button. If I do that i again get the
 following:
 
 2015-01-29 14:28:35,891 WARN
 [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread
 1-1) [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot
 initialize LDAP framework, deferring initialization. Error: An error
 occurred while attempting to query DNS in order to retrieve SRV records with
 name '_ldap._ tcp.ldap.mydomain.com ': javax.naming.NameNotFoundException:
 DNS name not found [response code 3]; remaining name '_ldap._
 tcp.ldap.mydomain.com '
 2015-01-29 14:28:35,924 WARN
 [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service thread
 1-1) [ovirt-engine-extension-aaa-ldap.authn::BRU_AIR-authn] Cannot
 initialize LDAP framework, deferring initialization. Error: An error
 occurred while attempting to query DNS in order to retrieve SRV records with
 name '_ldap._ tcp.ldap.mydomain.com ': javax.naming.NameNotFoundException:
 DNS name not found [response code 3]; remaining name '_ldap._
 tcp.ldap.mydomain.com '
 
 And yes I replayed mydomain with the correct one... :-)

Hi Koen,

I keep asking you... please provide the following so we can help:

1. your real domain name that you are using, I guess mydomain.com is not the 
correct one and also ldap.mydomain.com is not the active directory domain name, 
please determine what is the active directory domain name, you can do this via 
the domains and site manager.

2. the command and full output of dig using:

$ dig @srvdc03.domain SRV _ldap._tcp.domain
$ dig @srvdc03.domain SRV _gc._tcp.domain

these srv records MUST exist within active directory DNS, otherwise the active 
directory itself will not work, your task is to find what domain is in your 
environment and what server runs valid DNS.

3. open the dns manager within active directory, expand the _tcp branch, and 
attach screen shoot of what you see.

Thanks,
Alon.

 
 2015-01-29 14:40 GMT+01:00 Ondra Machacek  omach...@redhat.com  :
 
 
 
 
 On 01/29/2015 02:18 PM, Koen Vanoppen wrote:
 
 
 OK... Now I have this one :-)
 WARN [org.ovirt.engineextensions. aaa.ldap.AuthnExtension] (MSC service
 thread 1-2) [ovirt-engine-extension-aaa- ldap.authn::BRU_AIR-authn]
 Cannot initialize LDAP framework, deferring initialization. Error:
 Invalid DNS pseudo-URL(s):
 
 uncomment vars.dns
 
 
 
 
 Changed the properties file to this:
 
 include = ad.properties
 
 #
 # Active directory domain name.
 #
 vars.domain = ldap.mydomain.com  http://ldap.mydomain.com  (this one
 resolves to and gives ping back, front end of the pool)
 
 #
 # Search user and its password.
 #
 vars.user = juniper-ad...@mydomain.com mailto: juniper-admin@ mydomain.com 
 vars.password = *
 
 #
 # Optional DNS servers, if enterprise
 # DNS server cannot resolve the domain srvrecord.
 #
 #vars.dns = dns://srvdc03.my.domain dns://srvdc04.my.domain (these
 resolve and give a ping back)
 
 pool.default.serverset.type = srvrecord
 #pool.default.serverset. single.server = ${global:vars.server}
 pool.default.serverset. srvrecord.domain = ${global:vars.domain}
 pool.default.auth.simple. bindDN = ${global:vars.user}
 pool.default.auth.simple. password = ${global:vars.password}
 
 # Uncomment if using custom DNS
 pool.default.serverset. srvrecord.jndi-properties. java.naming.provider.url =
 ${global:vars.dns}
 pool.default.socketfactory. resolver.uRL = ${global:vars.dns}
 
 
 Thanks for your effort!
 
 
 2015-01-29 13:50 GMT+01:00 Alon Bar-Lev  alo...@redhat.com
 mailto: alo...@redhat.com :
 
 
 
 - Original Message -
  From: Koen Vanoppen  vanoppen.k...@gmail.com mailto:
  vanoppen.koen@gmail. com 
  To: Alon Bar-Lev  alo...@redhat.com mailto: alo...@redhat.com 
  Cc:users@ovirt.org mailto: users@ovirt.org 
  Sent: Thursday, January 29, 2015 2:41:52 PM
  Subject: Re: [ovirt-users] AAA
  
  Yes We have:
  
  [root@ovirtmgmt01prod ~]# dig @ srvdc03.mydomain.com 
  http://srvdc03.mydomain.com  SRV _gc._
  tcp.mydomain.com  http://tcp.mydomain.com 
  
  ;  DiG 9.8.2rc1-RedHat-9.8.2-0.23. rc1.el6_5.1  @
  srvdc03.mydomain.com  http://srvdc03.mydomain.com 
  SRV _gc._ tcp.mydomain.com  http://tcp.mydomain.com 
  ; (1 server found)
  ;; global options: +cmd
  ;; Got answer:
  ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 33340
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
  
  ;; QUESTION SECTION:
  ;_gc._ tcp.mydomain.com  http://tcp.mydomain.com . IN SRV
 
 this ^^^ means that you do not have srv record. are you sure you
 replace mydomain.com  http://mydomain.com  with your actual active
 directory domain name?
 have you tried to look into your dns manager for this information as
 well?
 
  
  ;; AUTHORITY SECTION:
  mydomain.com  http://mydomain.com . 3600 IN SOA
 

Re: [ovirt-users] oVirt 3.5.1 user permissions

2015-01-29 Thread Oved Ourfali

On Jan 29, 2015 7:00 PM, Gianluca Cecchi gianluca.cec...@gmail.com wrote:


 Il 29/gen/2015 15:13 "Yaniv Dary" yd...@redhat.com ha scritto:
 
  WebAdmin is for admin and has permissions to see anything in the system.
  For power users please use the power user portal

 Power user portal doesn't exist any more or did I miss anything?
We have the webadmin and the user portal. If you have permissions like power user role, then when you login to the user portal you have access to a different view which is the power user portal. 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt 3.5.1 user permissions

2015-01-29 Thread Ondra Machacek
If you add for example 'UserRole' on VM, then your user should login to 
UserPortal without any problem and see his VM.


On 01/29/2015 09:58 AM, Nikolai Bochev wrote:

Ok, but if i don't add System permissions to a user with UserRole
they cannot login at all ?

On Thu, Jan 29, 2015 at 10:56 AM, Ondra Machacek omach...@redhat.com
mailto:omach...@redhat.com wrote:



On 01/29/2015 09:35 AM, Nikolai Bochev wrote:

Hello,

I've been running ovirt hosted engine for around a month already
without
any major interruptions. Last week i tied it to freeipa, to be
able to
give permissions to other people, but so far no success because
of the
following problem :

All users can see all VM's. I tried clearing all permission
entries (
leaving the admin only ) and the re-adding and it didn't help at
all.

I am attaching a few screenshots to better describe :



The problem is that you are assigning system permissions.
If you assign system permissions you have permission to whole system.

If you want to assign a permission to user on a specific vm(or object),
you have to select the object, then click 'permissions' subtab, then
click 'add', then find your user and choose the role for him.




​
Most of the vm's have no permissions attached to them, but they are
still visible to everyone that logs from the userpanel
What am i doing wrong ?

Regards,


_
Users mailing list
Users@ovirt.org mailto:Users@ovirt.org
http://lists.ovirt.org/__mailman/listinfo/users
http://lists.ovirt.org/mailman/listinfo/users



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] Unable to reactivate host after reboot due to failed Gluster probe

2015-01-29 Thread Jan Siml

Hello,

we have a strange behavior within an oVirt cluster. Version is 3.5.1, 
engine is running on EL6 machine and hosts are using EL7 as operating 
system. The cluster uses a GlusterFS backed storage domain amongst 
others. Three of four hosts are peers in the Gluster cluster (3 bricks, 
3 replica).


When all hosts are restarted (maybe due to power outage), engine can't 
activate them again, because Gluster probe fails. The message given in 
UI is:


Gluster command [gluster peer node-03] failed on server node-03.

Checking Gluster peer and volume status on each host confirms that 
Gluster peers are known to each other and volume is up.


node-03:~ $ gluster peer status
Number of Peers: 2

Hostname: node-02
Uuid: 3fc36f55-d3a2-4efc-b2f0-31f83ed709d9
State: Peer in Cluster (Connected)

Hostname: node-01
Uuid: 18027b35-971b-4b21-bb3d-df252b4dd525
State: Peer in Cluster (Connected)

node-03:~ $ gluster volume status
Status of volume: glusterfs-1
Gluster process PortOnline  Pid
--
Brick node-01:/export/glusterfs/brick   49152   Y   12409
Brick node-02:/export/glusterfs/brick   49153   Y   9978
Brick node-03:/export/glusterfs/brick   49152   Y   10001
Self-heal Daemon on localhost   N/A Y   10003
Self-heal Daemon on node-01 N/A Y   11590
Self-heal Daemon on node-02 N/A Y   9988

Task Status of Volume glusterfs-1
--
There are no active volume tasks

Storage domain in oVirt UI is fine (active and green) and usable. But 
neither Gluster volume nor any brick is visible in UI.


If I try the command which is shown in UI it returns:

root@node-03:~ $ gluster peer probe node-03
peer probe: success. Probe on localhost not needed

root@node-03:~ $ gluster --mode=script peer probe node-03 --xml
?xml version=1.0 encoding=UTF-8 standalone=yes?
cliOutput
  opRet0/opRet
  opErrno1/opErrno
  opErrstr(null)/opErrstr
  outputProbe on localhost not needed/output
/cliOutput

Is this maybe just an engine side parsing error?

--
Kind regards

Jan Siml
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Disable/Hide domain on UserPortal

2015-01-29 Thread Alon Bar-Lev

In 3.5 you can no longer login using that convention.

- Original Message -
 From: Kevin ke...@tweaktux.com
 To: users@ovirt.org
 Sent: Wednesday, January 28, 2015 10:54:40 PM
 Subject: [ovirt-users] Disable/Hide domain on UserPortal
 
 Is there a way to disable/hide the Domain drop-down on the UserPortal?
 
 You can login with User name: username@domain
 So I don't want so show the domains!
 
 Cheers,
 
 Kevin
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] Disable/Hide domain on UserPortal

2015-01-29 Thread Kevin
Is there a way to disable/hide the Domain drop-down on the UserPortal?

You can login with User name: username@domain 
So I don't want so show the domains!

Cheers,

Kevin

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt 3.5.1 user permissions

2015-01-29 Thread Ondra Machacek



On 01/29/2015 09:35 AM, Nikolai Bochev wrote:

Hello,

I've been running ovirt hosted engine for around a month already without
any major interruptions. Last week i tied it to freeipa, to be able to
give permissions to other people, but so far no success because of the
following problem :

All users can see all VM's. I tried clearing all permission entries (
leaving the admin only ) and the re-adding and it didn't help at all.

I am attaching a few screenshots to better describe :




The problem is that you are assigning system permissions.
If you assign system permissions you have permission to whole system.

If you want to assign a permission to user on a specific vm(or object),
you have to select the object, then click 'permissions' subtab, then 
click 'add', then find your user and choose the role for him.






​
Most of the vm's have no permissions attached to them, but they are
still visible to everyone that logs from the userpanel
What am i doing wrong ?

Regards,


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt 3.5.1 user permissions

2015-01-29 Thread Nikolai Bochev
Ok, but if i don't add System permissions to a user with UserRole they
cannot login at all ?

On Thu, Jan 29, 2015 at 10:56 AM, Ondra Machacek omach...@redhat.com
wrote:



 On 01/29/2015 09:35 AM, Nikolai Bochev wrote:

 Hello,

 I've been running ovirt hosted engine for around a month already without
 any major interruptions. Last week i tied it to freeipa, to be able to
 give permissions to other people, but so far no success because of the
 following problem :

 All users can see all VM's. I tried clearing all permission entries (
 leaving the admin only ) and the re-adding and it didn't help at all.

 I am attaching a few screenshots to better describe :



 The problem is that you are assigning system permissions.
 If you assign system permissions you have permission to whole system.

 If you want to assign a permission to user on a specific vm(or object),
 you have to select the object, then click 'permissions' subtab, then click
 'add', then find your user and choose the role for him.




 ​
 Most of the vm's have no permissions attached to them, but they are
 still visible to everyone that logs from the userpanel
 What am i doing wrong ?

 Regards,


 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] AAA

2015-01-29 Thread Koen Vanoppen
Can somebody help me setting up AAA for ovirt 3.5.1?

I'm getting this now:

2015-01-29 11:35:36,889 WARN
[org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread
1-1) [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot
initialize LDAP framework, deferring initialization. Error: An error
occurred while attempting to query DNS in order to retrieve SRV records
with name '_gc._tcp.brussels.airport':  javax.naming.NameNotFoundException:
DNS name not found [response code 3]; remaining name
'_gc._tcp.brussels.airport'

my 3 configs:
*BRU_AIR-authn.properties*
ovirt.engine.extension.name = BRU_AIR-authn
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engineextensions.aaa.ldap.AuthnExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
ovirt.engine.aaa.authn.profile.name = BRU-AIR
ovirt.engine.aaa.authn.authz.plugin = BRU_AIR-authz
config.profile.file.1 = /etc/ovirt-engine/aaa/BRU_AIR.properties

*BRU_AIR-authz.properties*
ovirt.engine.extension.name = BRU_AIR-authz
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engineextensions.aaa.ldap.AuthzExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 = /etc/ovirt-engine/aaa/BRU_AIR.properties

*BRU_AIR.properties*
include = ad.properties

#
# Active directory domain name.
#
vars.domain = mydomain.com

#
# Search user and its password.
#
vars.user = admin@${global:vars.domain}
vars.password = ***

#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
vars.dns = dns://dc01.mydomain.com

pool.default.serverset.type = srvrecord
pool.default.serverset.srvrecord.domain = ${global:vars.domain}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password

In the GUI for adding user I get this:

An error occurred while attempting to query DNS in order to retrieve SRV
records with name '_gc__tcp_brussels_airport':
javax_naming_NameNotFoundException: DNS name not found [response code 3];
remaining name '_gc__tcp_brussels_airport'

Any ideas? I ran out...

Kind regards,

Koen
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] [Users] A mobile monitoring application for oVirt

2015-01-29 Thread Tomas Jelinek


- Original Message -
 From: Gianluca Cecchi gianluca.cec...@gmail.com
 To: Tomas Jelinek tjeli...@redhat.com
 Cc: Martin Betak mbe...@redhat.com, users users@ovirt.org
 Sent: Thursday, January 29, 2015 11:39:34 AM
 Subject: Re: [ovirt-users] [Users] A mobile monitoring application for oVirt
 
 On Thu, Jan 29, 2015 at 11:18 AM, Tomas Jelinek tjeli...@redhat.com wrote:
 
 
 
  Hi Gianluca,
 
  the link to APK is not correct anymore, it was a very old version
  containing quite nasty bugs and the development moved.
  It is now much more stable but not yet officially released. But if you are
  willing to test it, it would be great! Attaching the debug apk file you can
  install on your phone.
  It should work, but if not I can make you a signed apk...
 
 
 Thanks.
 OK, in the mean time I installed it on my Samsung S2 that comes with
 KitKat Beanstalk 4.4.4
 It's myself built, see here
 https://plus.google.com/105661760401324958761/posts/7b7tmu2shVj
 ;-)
 
 This evening I'm going to try with my home based all-in-one 3.5.1 oVirt
 environment.

cool! can't wait for results :)

 Some preliminary questions:
 - is the application suitable for tablets too? I would like t test it on a
 Samsung Note Pro too (stock 4.4.2)

yes, it should work properly

 - can I connect to multiple environments (so define for example multiple
 configurations)?

no, not now. You have to be be connected to only one.

 - does it require dns resolving engine hostname, or will it work with ip
 based configurations?

it works both with IP and hostname - you just need to have the correct address 
filled :) Don't forget to add both the protocol and the actual path to api, 
e.g.:
https://192.168.122.12:443/ovirt-engine/api
and for username don't forget to add also the domain, e.g.
admin@internal

Than you can have problems with the SSL certificates - you have to either 
import your cert to the phone or just select disable https in the movirt 
settings - for home setup it is enough ;)
Also, please note that if you are connecting with admin@internal (or any other 
user with admin permissions), select the Admin Privilege in the settings - 
than you will be able to use the search queries and such.
If you decide to unselect it, you have to make sure that VMs are actually 
visible to the user from which you are connecting. And also, the search queries 
will not be available for you - it is a limitation of oVirt's REST API.

uau, I'm so excited that someone from the community is going to test it!

Tomas

 
 Gianluca
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Unable to reactivate host after reboot due to failed Gluster probe

2015-01-29 Thread Jan Siml

Hello,

finally I got the nodes online. What helps was probing the not needed 
peer node-04 (no brick) from one of the other cluster nodes. When the 
node becames a Gluster peer, I am able to activate any oVirt node which 
serves bricks.


Therefore I assume, the error message which the UI returns comes from 
node-04:


root@node-04:~ $ gluster peer probe node-01
peer probe: failed: Probe returned with unknown errno 107

root@node-03:~ $ gluster peer status
Number of Peers: 2

Hostname: node-01
Uuid: 18027b35-971b-4b21-bb3d-df252b4dd525
State: Peer in Cluster (Connected)

Hostname: node-02
Uuid: 3fc36f55-d3a2-4efc-b2f0-31f83ed709d9
State: Peer in Cluster (Connected)

root@node-03:~ $ gluster peer probe node-04
peer probe: success.

root@node-03:~ $ gluster peer status
Number of Peers: 3

Hostname: node-01
Uuid: 18027b35-971b-4b21-bb3d-df252b4dd525
State: Peer in Cluster (Connected)

Hostname: node-02
Uuid: 3fc36f55-d3a2-4efc-b2f0-31f83ed709d9
State: Peer in Cluster (Connected)

Hostname: node-04
Uuid: 9cdefc68-d710-4346-93b1-76b5307e258b
State: Peer in Cluster (Connected)

This (oVirt's behavior) seems to be reproducible.

On 01/29/2015 11:10 AM, Jan Siml wrote:

Hello,

when looking into engine.log, I can see, that gluster probe returned
errno 107. But I can't figure out why:

2015-01-29 10:40:03,546 ERROR
[org.ovirt.engine.core.bll.InitVdsOnUpCommand]
(DefaultQuartzScheduler_Worker-59) [5977aac5] Could not peer probe the
gluster server node-03. Error: VdcBLLException: org.ovirt.eng
ine.core.vdsbroker.vdsbroker.VDSErrorException: VDSGenericException:
VDSErrorException: Failed to AddGlusterServerVDS, error = Add host failed
error: Probe returned with unknown errno 107

Just for the record: We use the /etc/hosts method because of missing
possibility to choose the network interface for Gluster. The three
Gluster peer hosts have modified /etc/hosts files with addresses binded
to a different interface than the ovirtmgmt addresses.

Example:

root@node-03:~ $ cat /etc/hosts
192.168.200.195  node-01
192.168.200.196  node-02
192.168.200.198  node-03

The /etc/hosts file on engine host isn't modified.


On 01/29/2015 10:39 AM, Jan Siml wrote:

Hello,

we have a strange behavior within an oVirt cluster. Version is 3.5.1,
engine is running on EL6 machine and hosts are using EL7 as operating
system. The cluster uses a GlusterFS backed storage domain amongst
others. Three of four hosts are peers in the Gluster cluster (3 bricks,
3 replica).

When all hosts are restarted (maybe due to power outage), engine can't
activate them again, because Gluster probe fails. The message given in
UI is:

Gluster command [gluster peer node-03] failed on server node-03.

Checking Gluster peer and volume status on each host confirms that
Gluster peers are known to each other and volume is up.

node-03:~ $ gluster peer status
Number of Peers: 2

Hostname: node-02
Uuid: 3fc36f55-d3a2-4efc-b2f0-31f83ed709d9
State: Peer in Cluster (Connected)

Hostname: node-01
Uuid: 18027b35-971b-4b21-bb3d-df252b4dd525
State: Peer in Cluster (Connected)

node-03:~ $ gluster volume status
Status of volume: glusterfs-1
Gluster processPortOnlinePid
--


Brick node-01:/export/glusterfs/brick   49152Y12409
Brick node-02:/export/glusterfs/brick49153Y9978
Brick node-03:/export/glusterfs/brick49152Y10001
Self-heal Daemon on localhostN/AY10003
Self-heal Daemon on node-01N/AY11590
Self-heal Daemon on node-02N/AY9988

Task Status of Volume glusterfs-1
--


There are no active volume tasks

Storage domain in oVirt UI is fine (active and green) and usable. But
neither Gluster volume nor any brick is visible in UI.

If I try the command which is shown in UI it returns:

root@node-03:~ $ gluster peer probe node-03
peer probe: success. Probe on localhost not needed

root@node-03:~ $ gluster --mode=script peer probe node-03 --xml
?xml version=1.0 encoding=UTF-8 standalone=yes?
cliOutput
   opRet0/opRet
   opErrno1/opErrno
   opErrstr(null)/opErrstr
   outputProbe on localhost not needed/output
/cliOutput

Is this maybe just an engine side parsing error?





--
Kind regards

Jan Siml
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] [Users] A mobile monitoring application for oVirt

2015-01-29 Thread Tomas Jelinek


- Original Message -
 From: Karli Sjöberg karli.sjob...@slu.se
 To: Gianluca Cecchi gianluca.cec...@gmail.com
 Cc: users users@ovirt.org
 Sent: Thursday, January 29, 2015 11:45:02 AM
 Subject: Re: [ovirt-users] [Users] A mobile monitoring application for oVirt
 
 On Wed, 2015-01-28 at 19:07 +0100, Gianluca Cecchi wrote:
  
  Il 03/apr/2014 16:37 Martin Betak mbe...@redhat.com ha scritto:
  
   This is still under heavy development, but first usable version can
  be found at [1]
  
  [Snip]
  
   feature requests and general feedback are very welcome. You can file
  any issues directly at [2].
  
  [Snip]
  
   [1] https://github.com/matobet/moVirt/blob/master/moVirt/moVirt.apk
   [2] https://github.com/matobet/moVirt/issues
  
  
  Hello
  Are the above links yet the right ones to use for apk download/install
  and issue tracking in case I want to test movirt?
  Thanks
  Gianluca
  
  plain text document attachment (ATT1)
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
 
 BTW, just curious, what about Lollipop? Does it work with the same app
 or must it be specifically built for the new version?

It should, but no one have tested it so far. Do you have a device with 
Lollipop? It would be so awesome if you could test it!

 
 /K
 
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] [Users] A mobile monitoring application for oVirt

2015-01-29 Thread Karli Sjöberg
On Thu, 2015-01-29 at 11:07 +, Karli Sjöberg wrote:
 On Thu, 2015-01-29 at 06:01 -0500, Tomas Jelinek wrote:
  
  - Original Message -
   From: Karli Sjöberg karli.sjob...@slu.se
   To: Gianluca Cecchi gianluca.cec...@gmail.com
   Cc: users users@ovirt.org
   Sent: Thursday, January 29, 2015 11:45:02 AM
   Subject: Re: [ovirt-users] [Users] A mobile monitoring application for 
   oVirt
   
   On Wed, 2015-01-28 at 19:07 +0100, Gianluca Cecchi wrote:

Il 03/apr/2014 16:37 Martin Betak mbe...@redhat.com ha scritto:

 This is still under heavy development, but first usable version can
be found at [1]

[Snip]

 feature requests and general feedback are very welcome. You can file
any issues directly at [2].

[Snip]

 [1] https://github.com/matobet/moVirt/blob/master/moVirt/moVirt.apk
 [2] https://github.com/matobet/moVirt/issues


Hello
Are the above links yet the right ones to use for apk download/install
and issue tracking in case I want to test movirt?
Thanks
Gianluca

plain text document attachment (ATT1)
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
   
   BTW, just curious, what about Lollipop? Does it work with the same app
   or must it be specifically built for the new version?
  
  It should, but no one have tested it so far. Do you have a device with 
  Lollipop? It would be so awesome if you could test it!
 
 Yup, sure thing:) I´ll report back once I´ve tested.

No, I spoke too soon, 'the attachment was removed'. Can you upload it
somewhere and paste the link?

/K

 
 /K
 
  
   
   /K
   
   
   ___
   Users mailing list
   Users@ovirt.org
   http://lists.ovirt.org/mailman/listinfo/users
   
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] AAA

2015-01-29 Thread Ondra Machacek


On 01/29/2015 12:30 PM, Koen Vanoppen wrote:

No, I don't. and I wouldn't know how he got to this name...


Well, then you have to, if you want to use 'pool.default.serverset.type 
= srvrecord'.


It just need to know where your global catalog is running, since it's 
needed for new provider.


It searches for global catalog like this:
dig @${vars.dns} -t SRV _gc._tcp.${vars.domain}

So you need to have this SRV record in DNS, if you want to use srvrecord 
serverset type. Or you don't have to if you use single server type.




Thanks for the reply!

2015-01-29 11:53 GMT+01:00 Ondra Machacek omach...@redhat.com
mailto:omach...@redhat.com:

On 01/29/2015 11:41 AM, Koen Vanoppen wrote:

Can somebody help me setting up AAA for ovirt 3.5.1?

I'm getting this now:

2015-01-29 11:35:36,889 WARN
[org.ovirt.engineextensions.__aaa.ldap.AuthzExtension] (MSC
service thread
1-1) [ovirt-engine-extension-aaa-__ldap.authz::BRU_AIR-authz] Cannot
initialize LDAP framework, deferring initialization. Error: An error
occurred while attempting to query DNS in order to retrieve SRV
records
with name '_gc._tcp.brussels.airport':
javax.naming.__NameNotFoundException: DNS name not found
[response code
3]; remaining name '_gc._tcp.brussels.airport'


Do you have this '_gc._tcp.brussels.airport' SRV record in DNS ?


my 3 configs:
_*BRU_AIR-authn.properties*_
ovirt.engine.extension.name http://ovirt.engine.extension.name
http://ovirt.engine.__extension.name
http://ovirt.engine.extension.name =
BRU_AIR-authn
ovirt.engine.extension.__bindings.method = jbossmodule
ovirt.engine.extension.__binding.jbossmodule.module =
org.ovirt.engine-extensions.__aaa.ldap
ovirt.engine.extension.__binding.jbossmodule.class =
org.ovirt.engineextensions.__aaa.ldap.AuthnExtension
ovirt.engine.extension.__provides =
org.ovirt.engine.api.__extensions.aaa.Authn
ovirt.engine.aaa.authn.__profile.name
http://ovirt.engine.aaa.authn.profile.name
http://ovirt.engine.aaa.__authn.profile.name
http://ovirt.engine.aaa.authn.profile.name = BRU-AIR
ovirt.engine.aaa.authn.authz.__plugin = BRU_AIR-authz
config.profile.file.1 = /etc/ovirt-engine/aaa/BRU_AIR.__properties

_*BRU_AIR-authz.properties*_
ovirt.engine.extension.name http://ovirt.engine.extension.name
http://ovirt.engine.__extension.name
http://ovirt.engine.extension.name =
BRU_AIR-authz
ovirt.engine.extension.__bindings.method = jbossmodule
ovirt.engine.extension.__binding.jbossmodule.module =
org.ovirt.engine-extensions.__aaa.ldap
ovirt.engine.extension.__binding.jbossmodule.class =
org.ovirt.engineextensions.__aaa.ldap.AuthzExtension
ovirt.engine.extension.__provides =
org.ovirt.engine.api.__extensions.aaa.Authz
config.profile.file.1 = /etc/ovirt-engine/aaa/BRU_AIR.__properties

_*BRU_AIR.properties*_
include = ad.properties

#
# Active directory domain name.
#
vars.domain = mydomain.com http://mydomain.com
http://mydomain.com

#
# Search user and its password.
#
vars.user = admin@${global:vars.domain}
vars.password = ***

#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
vars.dns = dns://dc01.mydomain.com http://dc01.mydomain.com
http://dc01.mydomain.com

pool.default.serverset.type = srvrecord
pool.default.serverset.__srvrecord.domain = ${global:vars.domain}
pool.default.auth.simple.__bindDN = ${global:vars.user}
pool.default.auth.simple.__password = ${global:vars.password

In the GUI for adding user I get this:

An error occurred while attempting to query DNS in order to
retrieve SRV
records with name '_gc__tcp_brussels_airport':
javax_naming___NameNotFoundException: DNS name not found
[response code
3]; remaining name '_gc__tcp_brussels_airport'

Any ideas? I ran out...

Kind regards,

Koen


_
Users mailing list
Users@ovirt.org mailto:Users@ovirt.org
http://lists.ovirt.org/__mailman/listinfo/users
http://lists.ovirt.org/mailman/listinfo/users



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] AAA

2015-01-29 Thread Koen Vanoppen
No, I don't. and I wouldn't know how he got to this name...

Thanks for the reply!

2015-01-29 11:53 GMT+01:00 Ondra Machacek omach...@redhat.com:

 On 01/29/2015 11:41 AM, Koen Vanoppen wrote:

 Can somebody help me setting up AAA for ovirt 3.5.1?

 I'm getting this now:

 2015-01-29 11:35:36,889 WARN
 [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread
 1-1) [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot
 initialize LDAP framework, deferring initialization. Error: An error
 occurred while attempting to query DNS in order to retrieve SRV records
 with name '_gc._tcp.brussels.airport':
 javax.naming.NameNotFoundException: DNS name not found [response code
 3]; remaining name '_gc._tcp.brussels.airport'


 Do you have this '_gc._tcp.brussels.airport' SRV record in DNS ?


 my 3 configs:
 _*BRU_AIR-authn.properties*_
 ovirt.engine.extension.name http://ovirt.engine.extension.name =
 BRU_AIR-authn
 ovirt.engine.extension.bindings.method = jbossmodule
 ovirt.engine.extension.binding.jbossmodule.module =
 org.ovirt.engine-extensions.aaa.ldap
 ovirt.engine.extension.binding.jbossmodule.class =
 org.ovirt.engineextensions.aaa.ldap.AuthnExtension
 ovirt.engine.extension.provides = org.ovirt.engine.api.
 extensions.aaa.Authn
 ovirt.engine.aaa.authn.profile.name
 http://ovirt.engine.aaa.authn.profile.name = BRU-AIR
 ovirt.engine.aaa.authn.authz.plugin = BRU_AIR-authz
 config.profile.file.1 = /etc/ovirt-engine/aaa/BRU_AIR.properties

 _*BRU_AIR-authz.properties*_
 ovirt.engine.extension.name http://ovirt.engine.extension.name =
 BRU_AIR-authz
 ovirt.engine.extension.bindings.method = jbossmodule
 ovirt.engine.extension.binding.jbossmodule.module =
 org.ovirt.engine-extensions.aaa.ldap
 ovirt.engine.extension.binding.jbossmodule.class =
 org.ovirt.engineextensions.aaa.ldap.AuthzExtension
 ovirt.engine.extension.provides = org.ovirt.engine.api.
 extensions.aaa.Authz
 config.profile.file.1 = /etc/ovirt-engine/aaa/BRU_AIR.properties

 _*BRU_AIR.properties*_
 include = ad.properties

 #
 # Active directory domain name.
 #
 vars.domain = mydomain.com http://mydomain.com

 #
 # Search user and its password.
 #
 vars.user = admin@${global:vars.domain}
 vars.password = ***

 #
 # Optional DNS servers, if enterprise
 # DNS server cannot resolve the domain srvrecord.
 #
 vars.dns = dns://dc01.mydomain.com http://dc01.mydomain.com

 pool.default.serverset.type = srvrecord
 pool.default.serverset.srvrecord.domain = ${global:vars.domain}
 pool.default.auth.simple.bindDN = ${global:vars.user}
 pool.default.auth.simple.password = ${global:vars.password

 In the GUI for adding user I get this:

 An error occurred while attempting to query DNS in order to retrieve SRV
 records with name '_gc__tcp_brussels_airport':
 javax_naming_NameNotFoundException: DNS name not found [response code
 3]; remaining name '_gc__tcp_brussels_airport'

 Any ideas? I ran out...

 Kind regards,

 Koen


 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] oVirt Node 3.5 status

2015-01-29 Thread Douglas Schilling Landgraf

Hi,

If you are looking for oVirt Node 3.5, we will deliver the official ISO 
as soon as the package which resolves the below bugzilla is available in 
CentOS repo. The current version of nss-softokn package is affecting the 
build of iso.


nss-softokn prevents dracut from building the initrd
https://bugzilla.redhat.com/show_bug.cgi?id=1182297

--
Cheers
Douglas
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] [Users] A mobile monitoring application for oVirt

2015-01-29 Thread Karli Sjöberg
On Thu, 2015-01-29 at 06:01 -0500, Tomas Jelinek wrote:
 
 - Original Message -
  From: Karli Sjöberg karli.sjob...@slu.se
  To: Gianluca Cecchi gianluca.cec...@gmail.com
  Cc: users users@ovirt.org
  Sent: Thursday, January 29, 2015 11:45:02 AM
  Subject: Re: [ovirt-users] [Users] A mobile monitoring application for oVirt
  
  On Wed, 2015-01-28 at 19:07 +0100, Gianluca Cecchi wrote:
   
   Il 03/apr/2014 16:37 Martin Betak mbe...@redhat.com ha scritto:
   
This is still under heavy development, but first usable version can
   be found at [1]
   
   [Snip]
   
feature requests and general feedback are very welcome. You can file
   any issues directly at [2].
   
   [Snip]
   
[1] https://github.com/matobet/moVirt/blob/master/moVirt/moVirt.apk
[2] https://github.com/matobet/moVirt/issues
   
   
   Hello
   Are the above links yet the right ones to use for apk download/install
   and issue tracking in case I want to test movirt?
   Thanks
   Gianluca
   
   plain text document attachment (ATT1)
   ___
   Users mailing list
   Users@ovirt.org
   http://lists.ovirt.org/mailman/listinfo/users
  
  BTW, just curious, what about Lollipop? Does it work with the same app
  or must it be specifically built for the new version?
 
 It should, but no one have tested it so far. Do you have a device with 
 Lollipop? It would be so awesome if you could test it!

Yup, sure thing:) I´ll report back once I´ve tested.

/K

 
  
  /K
  
  
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
  

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] [Users] A mobile monitoring application for oVirt

2015-01-29 Thread Gianluca Cecchi
On Thu, Jan 29, 2015 at 11:18 AM, Tomas Jelinek tjeli...@redhat.com wrote:



 Hi Gianluca,

 the link to APK is not correct anymore, it was a very old version
 containing quite nasty bugs and the development moved.
 It is now much more stable but not yet officially released. But if you are
 willing to test it, it would be great! Attaching the debug apk file you can
 install on your phone.
 It should work, but if not I can make you a signed apk...


Thanks.
OK, in the mean time I installed it on my Samsung S2 that comes with
KitKat Beanstalk 4.4.4
It's myself built, see here
https://plus.google.com/105661760401324958761/posts/7b7tmu2shVj
;-)

This evening I'm going to try with my home based all-in-one 3.5.1 oVirt
environment.
Some preliminary questions:
- is the application suitable for tablets too? I would like t test it on a
Samsung Note Pro too (stock 4.4.2)
- can I connect to multiple environments (so define for example multiple
configurations)?
- does it require dns resolving engine hostname, or will it work with ip
based configurations?

Gianluca
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] [Users] A mobile monitoring application for oVirt

2015-01-29 Thread Karli Sjöberg
On Wed, 2015-01-28 at 19:07 +0100, Gianluca Cecchi wrote:
 
 Il 03/apr/2014 16:37 Martin Betak mbe...@redhat.com ha scritto:
 
  This is still under heavy development, but first usable version can
 be found at [1]
 
 [Snip]
 
  feature requests and general feedback are very welcome. You can file
 any issues directly at [2].
 
 [Snip]
 
  [1] https://github.com/matobet/moVirt/blob/master/moVirt/moVirt.apk
  [2] https://github.com/matobet/moVirt/issues
 
 
 Hello
 Are the above links yet the right ones to use for apk download/install
 and issue tracking in case I want to test movirt?
 Thanks
 Gianluca
 
 plain text document attachment (ATT1)
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users

BTW, just curious, what about Lollipop? Does it work with the same app
or must it be specifically built for the new version?

/K


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] [Users] A mobile monitoring application for oVirt

2015-01-29 Thread Tomas Jelinek


- Original Message -
 From: Gianluca Cecchi gianluca.cec...@gmail.com
 To: Karli Sjöberg karli.sjob...@slu.se
 Cc: Tomas Jelinek tjeli...@redhat.com, Sphoorti Joglekar 
 sphoorti.jogle...@gmail.com, users
 users@ovirt.org
 Sent: Thursday, January 29, 2015 12:19:24 PM
 Subject: Re: [ovirt-users] [Users] A mobile monitoring application for oVirt
 
 On Thu, Jan 29, 2015 at 12:11 PM, Karli Sjöberg karli.sjob...@slu.se
 wrote:
 
 
 
  No, I spoke too soon, 'the attachment was removed'. Can you upload it
  somewhere and paste the link?
 
 
 
 If it's ok for Tomas and Sphoorti I can set a gdrive link for the apk
 Gianluca

Seen your mail too late - I have just uploaded it to github: [1]. There is a 
link now from the main github page [2]

Tomas

[1]: 
https://github.com/matobet/moVirt/blob/master/moVirt/moVirt-debug.apk?raw=true
[2]: https://github.com/matobet/moVirt

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Unable to reactivate host after reboot due to failed Gluster probe

2015-01-29 Thread Jan Siml

Hello,

when looking into engine.log, I can see, that gluster probe returned 
errno 107. But I can't figure out why:


2015-01-29 10:40:03,546 ERROR 
[org.ovirt.engine.core.bll.InitVdsOnUpCommand] 
(DefaultQuartzScheduler_Worker-59) [5977aac5] Could not peer probe the 
gluster server node-03. Error: VdcBLLException: org.ovirt.eng
ine.core.vdsbroker.vdsbroker.VDSErrorException: VDSGenericException: 
VDSErrorException: Failed to AddGlusterServerVDS, error = Add host failed

error: Probe returned with unknown errno 107

Just for the record: We use the /etc/hosts method because of missing 
possibility to choose the network interface for Gluster. The three 
Gluster peer hosts have modified /etc/hosts files with addresses binded 
to a different interface than the ovirtmgmt addresses.


Example:

root@node-03:~ $ cat /etc/hosts
192.168.200.195  node-01
192.168.200.196  node-02
192.168.200.198  node-03

The /etc/hosts file on engine host isn't modified.


On 01/29/2015 10:39 AM, Jan Siml wrote:

Hello,

we have a strange behavior within an oVirt cluster. Version is 3.5.1,
engine is running on EL6 machine and hosts are using EL7 as operating
system. The cluster uses a GlusterFS backed storage domain amongst
others. Three of four hosts are peers in the Gluster cluster (3 bricks,
3 replica).

When all hosts are restarted (maybe due to power outage), engine can't
activate them again, because Gluster probe fails. The message given in
UI is:

Gluster command [gluster peer node-03] failed on server node-03.

Checking Gluster peer and volume status on each host confirms that
Gluster peers are known to each other and volume is up.

node-03:~ $ gluster peer status
Number of Peers: 2

Hostname: node-02
Uuid: 3fc36f55-d3a2-4efc-b2f0-31f83ed709d9
State: Peer in Cluster (Connected)

Hostname: node-01
Uuid: 18027b35-971b-4b21-bb3d-df252b4dd525
State: Peer in Cluster (Connected)

node-03:~ $ gluster volume status
Status of volume: glusterfs-1
Gluster processPortOnlinePid
--

Brick node-01:/export/glusterfs/brick   49152Y12409
Brick node-02:/export/glusterfs/brick49153Y9978
Brick node-03:/export/glusterfs/brick49152Y10001
Self-heal Daemon on localhostN/AY10003
Self-heal Daemon on node-01N/AY11590
Self-heal Daemon on node-02N/AY9988

Task Status of Volume glusterfs-1
--

There are no active volume tasks

Storage domain in oVirt UI is fine (active and green) and usable. But
neither Gluster volume nor any brick is visible in UI.

If I try the command which is shown in UI it returns:

root@node-03:~ $ gluster peer probe node-03
peer probe: success. Probe on localhost not needed

root@node-03:~ $ gluster --mode=script peer probe node-03 --xml
?xml version=1.0 encoding=UTF-8 standalone=yes?
cliOutput
   opRet0/opRet
   opErrno1/opErrno
   opErrstr(null)/opErrstr
   outputProbe on localhost not needed/output
/cliOutput

Is this maybe just an engine side parsing error?



--
Kind regards

Jan Siml
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] AAA

2015-01-29 Thread Ondra Machacek

On 01/29/2015 11:41 AM, Koen Vanoppen wrote:

Can somebody help me setting up AAA for ovirt 3.5.1?

I'm getting this now:

2015-01-29 11:35:36,889 WARN
[org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread
1-1) [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot
initialize LDAP framework, deferring initialization. Error: An error
occurred while attempting to query DNS in order to retrieve SRV records
with name '_gc._tcp.brussels.airport':
javax.naming.NameNotFoundException: DNS name not found [response code
3]; remaining name '_gc._tcp.brussels.airport'


Do you have this '_gc._tcp.brussels.airport' SRV record in DNS ?



my 3 configs:
_*BRU_AIR-authn.properties*_
ovirt.engine.extension.name http://ovirt.engine.extension.name =
BRU_AIR-authn
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engineextensions.aaa.ldap.AuthnExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
ovirt.engine.aaa.authn.profile.name
http://ovirt.engine.aaa.authn.profile.name = BRU-AIR
ovirt.engine.aaa.authn.authz.plugin = BRU_AIR-authz
config.profile.file.1 = /etc/ovirt-engine/aaa/BRU_AIR.properties

_*BRU_AIR-authz.properties*_
ovirt.engine.extension.name http://ovirt.engine.extension.name =
BRU_AIR-authz
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engineextensions.aaa.ldap.AuthzExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 = /etc/ovirt-engine/aaa/BRU_AIR.properties

_*BRU_AIR.properties*_
include = ad.properties

#
# Active directory domain name.
#
vars.domain = mydomain.com http://mydomain.com

#
# Search user and its password.
#
vars.user = admin@${global:vars.domain}
vars.password = ***

#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
vars.dns = dns://dc01.mydomain.com http://dc01.mydomain.com

pool.default.serverset.type = srvrecord
pool.default.serverset.srvrecord.domain = ${global:vars.domain}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password

In the GUI for adding user I get this:

An error occurred while attempting to query DNS in order to retrieve SRV
records with name '_gc__tcp_brussels_airport':
javax_naming_NameNotFoundException: DNS name not found [response code
3]; remaining name '_gc__tcp_brussels_airport'

Any ideas? I ran out...

Kind regards,

Koen


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] AAA

2015-01-29 Thread Koen Vanoppen
Big thanks for your help, but still the same:

#
# Active directory domain name.
#
vars.domain = mydomain.com

#
# Search user and its password.
#
vars.user = admin@${global:vars.domain}
vars.password = *

#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
vars.dns = dns://srvdc03.${global:vars.domain}
dns://srvdc04.${global:vars.domain}

pool.default.serverset.type = srvrecord
pool.default.serverset.srvrecord.domain = ${global:vars.domain}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}

# Uncomment if using custom DNS
pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url =
${global:vars.dns}
pool.default.socketfactory.resolver.uRL = ${global:vars.dns}



 [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot initialize
LDAP framework, deferring initialization. Error: No DNS SRV records were
found with record name '_gc._tcp.brussels.airport'.

And I can't put '_gc._tcp.mydomain.com in the dns... Isn't there another
way it just resolves the dns servers I gave him?


2015-01-29 13:02 GMT+01:00 Alon Bar-Lev alo...@redhat.com:



 - Original Message -
  From: Ondra Machacek omach...@redhat.com
  To: Koen Vanoppen vanoppen.k...@gmail.com, users@ovirt.org
  Sent: Thursday, January 29, 2015 1:49:00 PM
  Subject: Re: [ovirt-users] AAA
 
 
  On 01/29/2015 12:30 PM, Koen Vanoppen wrote:
   No, I don't. and I wouldn't know how he got to this name...
 
  Well, then you have to, if you want to use 'pool.default.serverset.type
  = srvrecord'.
 
  It just need to know where your global catalog is running, since it's
  needed for new provider.
 
  It searches for global catalog like this:
  dig @${vars.dns} -t SRV _gc._tcp.${vars.domain}
 
  So you need to have this SRV record in DNS, if you want to use srvrecord
  serverset type. Or you don't have to if you use single server type.

 active directory will not work without access to global catalog.
 please set one or more of the domain controllers as dns server, for
 example:

 vars.dns = dns://dc1.${global:vars.domain} dns://dc2.${global:vars.domain}

 please also uncomment/add these lines to make vars.dns effective.

 pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url
 = ${global:vars.dns}
 pool.default.socketfactory.resolver.uRL = ${global:vars.dns}

 Thanks!

 
  
   Thanks for the reply!
  
   2015-01-29 11:53 GMT+01:00 Ondra Machacek omach...@redhat.com
   mailto:omach...@redhat.com:
  
   On 01/29/2015 11:41 AM, Koen Vanoppen wrote:
  
   Can somebody help me setting up AAA for ovirt 3.5.1?
  
   I'm getting this now:
  
   2015-01-29 11:35:36,889 WARN
   [org.ovirt.engineextensions.__aaa.ldap.AuthzExtension] (MSC
   service thread
   1-1) [ovirt-engine-extension-aaa-__ldap.authz::BRU_AIR-authz]
   Cannot
   initialize LDAP framework, deferring initialization. Error: An
   error
   occurred while attempting to query DNS in order to retrieve SRV
   records
   with name '_gc._tcp.brussels.airport':
   javax.naming.__NameNotFoundException: DNS name not found
   [response code
   3]; remaining name '_gc._tcp.brussels.airport'
  
  
   Do you have this '_gc._tcp.brussels.airport' SRV record in DNS ?
  
  
   my 3 configs:
   _*BRU_AIR-authn.properties*_
   ovirt.engine.extension.name 
 http://ovirt.engine.extension.name
   http://ovirt.engine.__extension.name
   http://ovirt.engine.extension.name =
   BRU_AIR-authn
   ovirt.engine.extension.__bindings.method = jbossmodule
   ovirt.engine.extension.__binding.jbossmodule.module =
   org.ovirt.engine-extensions.__aaa.ldap
   ovirt.engine.extension.__binding.jbossmodule.class =
   org.ovirt.engineextensions.__aaa.ldap.AuthnExtension
   ovirt.engine.extension.__provides =
   org.ovirt.engine.api.__extensions.aaa.Authn
   ovirt.engine.aaa.authn.__profile.name
   http://ovirt.engine.aaa.authn.profile.name
   http://ovirt.engine.aaa.__authn.profile.name
   http://ovirt.engine.aaa.authn.profile.name = BRU-AIR
   ovirt.engine.aaa.authn.authz.__plugin = BRU_AIR-authz
   config.profile.file.1 =
 /etc/ovirt-engine/aaa/BRU_AIR.__properties
  
   _*BRU_AIR-authz.properties*_
   ovirt.engine.extension.name 
 http://ovirt.engine.extension.name
   http://ovirt.engine.__extension.name
   http://ovirt.engine.extension.name =
   BRU_AIR-authz
   ovirt.engine.extension.__bindings.method = jbossmodule
   ovirt.engine.extension.__binding.jbossmodule.module =
   org.ovirt.engine-extensions.__aaa.ldap
   ovirt.engine.extension.__binding.jbossmodule.class =
   org.ovirt.engineextensions.__aaa.ldap.AuthzExtension
   

Re: [ovirt-users] [POLL] FOSDEM Social Event Date

2015-01-29 Thread Sven Kieske
Hi,

just a short notice that I will attend FOSDEM too.
I don't know yet if I make it to the social event, see you
at the ovirt sessions!

-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH  Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Network setup for load balance

2015-01-29 Thread Martin Pavlík
Hi Carlos,

you figured it yourself, the fastest/easiest way will be to deploy ovirt again. 
This time set the bonding manually before deployment and tie the management to 
the bond you create.

You did not mention what bond mode you want to use, please note that not all 
bond modes are supported for VM networks. You’ve mentioned that you are after 
load balancing, in this case you can use  mode=2(balance-xor), or 
mode=4(802.3ad) however mode 4 requires switch side support/configuration.

HTH

Martin Pavlik

 On 28 Jan 2015, at 15:16, Carlos Ibrahim Arias car...@braimtec.com wrote:
 
 Hello,
 
 I'm writing after a few weeks of trying to deploy the installation I had in 
 mind without success. I'm a newbie using orvit and my problem may sound odd 
 to some but I haven't been able to find a solution yet... I've searched all 
 the Web.
 
 I have a server with two NICs (em1 and em2) and I want to bond them for load 
 balancing. I installed oVirt 3.5.1 using the hosted-engine option with CentOS 
 7 on the hosted-engine and the host, and gluster on the host for the domain 
 storage. Everything was fine during the installation and the system seems to 
 work properly. ovirtmgmt is linked to em1. 
 
 The problem is that  now I can't bond em1 and em2 using the web GUI. I set up 
 the bonding manually, it works but vdsmd is not starting afterwards.
 
 Should I have done the bond before installing oVirt? Is there any workaround 
 to bond my NICs so that oVirt can use them for load balance? Shall I use 
 other network setup for load balance (VLANs..)?
 
 Thanks in advanced,
 -- 
 Carlos Ibrahim Arias
 Consultor  Ingeniero en Informática
 Braimtec - Smart IT
 E: car...@braimtec.com mailto:car...@braimtec.com
 M: +34 600 457 497
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] AAA

2015-01-29 Thread Koen Vanoppen
OK... Now I have this one :-)
WARN  [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service
thread 1-2) [ovirt-engine-extension-aaa-ldap.authn::BRU_AIR-authn] Cannot
initialize LDAP framework, deferring initialization. Error: Invalid DNS
pseudo-URL(s):

Changed the properties file to this:

include = ad.properties

#
# Active directory domain name.
#
vars.domain = ldap.mydomain.com (this one resolves to and gives ping back,
front end of the pool)

#
# Search user and its password.
#
vars.user = juniper-ad...@mydomain.com
vars.password = *

#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
#vars.dns = dns://srvdc03.my.domain dns://srvdc04.my.domain (these resolve
and give a ping back)

pool.default.serverset.type = srvrecord
#pool.default.serverset.single.server = ${global:vars.server}
pool.default.serverset.srvrecord.domain = ${global:vars.domain}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}

# Uncomment if using custom DNS
pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url =
${global:vars.dns}
pool.default.socketfactory.resolver.uRL = ${global:vars.dns}


Thanks for your effort!


2015-01-29 13:50 GMT+01:00 Alon Bar-Lev alo...@redhat.com:



 - Original Message -
  From: Koen Vanoppen vanoppen.k...@gmail.com
  To: Alon Bar-Lev alo...@redhat.com
  Cc: users@ovirt.org
  Sent: Thursday, January 29, 2015 2:41:52 PM
  Subject: Re: [ovirt-users] AAA
 
  Yes We have:
 
  [root@ovirtmgmt01prod ~]# dig @srvdc03.mydomain.com SRV  _gc._
  tcp.mydomain.com
 
  ;  DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1  @
 srvdc03.mydomain.com
  SRV _gc._tcp.mydomain.com
  ; (1 server found)
  ;; global options: +cmd
  ;; Got answer:
  ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 33340
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
 
  ;; QUESTION SECTION:
  ;_gc._tcp.mydomain.com. IN  SRV

 this ^^^ means that you do not have srv record. are you sure you
 replace mydomain.com with your actual active directory domain name?
 have you tried to look into your dns manager for this information as well?

 
  ;; AUTHORITY SECTION:
  mydomain.com.   3600IN  SOA srvdc03.mydomain.com.
  hostmaster.airport. 1398582 900 600 86400 3600
 
  ;; Query time: 12 msec
  ;; SERVER: 10.110.3.123#53(10.110.3.123)
  ;; WHEN: Thu Jan 29 13:40:41 2015
  ;; MSG SIZE  rcvd: 98
 
 
 
  2015-01-29 13:33 GMT+01:00 Alon Bar-Lev alo...@redhat.com:
 
  
  
   - Original Message -
From: Koen Vanoppen vanoppen.k...@gmail.com
To: Alon Bar-Lev alo...@redhat.com, users@ovirt.org
Sent: Thursday, January 29, 2015 2:19:32 PM
Subject: Re: [ovirt-users] AAA
   
Big thanks for your help, but still the same:
   
#
# Active directory domain name.
#
vars.domain = mydomain.com
   
#
# Search user and its password.
#
vars.user = admin@${global:vars.domain}
vars.password = *
   
#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
vars.dns = dns://srvdc03.${global:vars.domain}
dns://srvdc04.${global:vars.domain}
   
pool.default.serverset.type = srvrecord
pool.default.serverset.srvrecord.domain = ${global:vars.domain}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
   
# Uncomment if using custom DNS
   
  
 pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url =
${global:vars.dns}
pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
   
   
   
 [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot
 initialize
LDAP framework, deferring initialization. Error: No DNS SRV records
 were
found with record name '_gc._tcp.brussels.airport'.
   
And I can't put '_gc._tcp.mydomain.com in the dns... Isn't there
 another
way it just resolves the dns servers I gave him?
   
  
   Microsoft Domain controller must have gc service entry within DNS to
 work
   properly.
   1. Are you sure you have Microsoft DNS installed on
 srvdc03.mydomain.com ?
   2. Can you please execute:
   $ dig @srvdc03.mydomain.com SRV _gc._tcp.mydomain.com
   3. Can you please open the DNS manager within your domain and search
 for
   srv records? Maybe you have DNS installed only on few servers, using
 the
   DNS manager you can also see which.
  
   
2015-01-29 13:02 GMT+01:00 Alon Bar-Lev alo...@redhat.com:
   


 - Original Message -
  From: Ondra Machacek omach...@redhat.com
  To: Koen Vanoppen vanoppen.k...@gmail.com, users@ovirt.org
  Sent: Thursday, January 29, 2015 1:49:00 PM
  Subject: Re: [ovirt-users] AAA
 
 
  On 01/29/2015 12:30 PM, Koen Vanoppen wrote:
   No, I don't. and I wouldn't know how he got to this name...
 
  Well, then you have to, if you want to use
 

Re: [ovirt-users] AAA

2015-01-29 Thread Koen Vanoppen
Can't I use domain service? I'm getting a bit gr... :-). We already
used LDAP login for ovirt before the AAA with the engine-manage-domains.
And this worked.
[root@ovirtmgmt01prod aaa]# engine-manage-domains validateDomain my.domain
is valid.
The configured user for domain my.domain is juniper-admin@BRUSSELS.AIRPORT

Manage Domains completed successfully


2015-01-29 14:18 GMT+01:00 Koen Vanoppen vanoppen.k...@gmail.com:

 OK... Now I have this one :-)
 WARN  [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service
 thread 1-2) [ovirt-engine-extension-aaa-ldap.authn::BRU_AIR-authn] Cannot
 initialize LDAP framework, deferring initialization. Error: Invalid DNS
 pseudo-URL(s):

 Changed the properties file to this:

 include = ad.properties

 #
 # Active directory domain name.
 #
 vars.domain = ldap.mydomain.com (this one resolves to and gives ping
 back, front end of the pool)

 #
 # Search user and its password.
 #
 vars.user = juniper-ad...@mydomain.com
 vars.password = *

 #
 # Optional DNS servers, if enterprise
 # DNS server cannot resolve the domain srvrecord.
 #
 #vars.dns = dns://srvdc03.my.domain dns://srvdc04.my.domain (these resolve
 and give a ping back)

 pool.default.serverset.type = srvrecord
 #pool.default.serverset.single.server = ${global:vars.server}
 pool.default.serverset.srvrecord.domain = ${global:vars.domain}
 pool.default.auth.simple.bindDN = ${global:vars.user}
 pool.default.auth.simple.password = ${global:vars.password}

 # Uncomment if using custom DNS
 pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url
 = ${global:vars.dns}
 pool.default.socketfactory.resolver.uRL = ${global:vars.dns}


 Thanks for your effort!


 2015-01-29 13:50 GMT+01:00 Alon Bar-Lev alo...@redhat.com:



 - Original Message -
  From: Koen Vanoppen vanoppen.k...@gmail.com
  To: Alon Bar-Lev alo...@redhat.com
  Cc: users@ovirt.org
  Sent: Thursday, January 29, 2015 2:41:52 PM
  Subject: Re: [ovirt-users] AAA
 
  Yes We have:
 
  [root@ovirtmgmt01prod ~]# dig @srvdc03.mydomain.com SRV  _gc._
  tcp.mydomain.com
 
  ;  DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1  @
 srvdc03.mydomain.com
  SRV _gc._tcp.mydomain.com
  ; (1 server found)
  ;; global options: +cmd
  ;; Got answer:
  ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 33340
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
 
  ;; QUESTION SECTION:
  ;_gc._tcp.mydomain.com. IN  SRV

 this ^^^ means that you do not have srv record. are you sure you
 replace mydomain.com with your actual active directory domain name?
 have you tried to look into your dns manager for this information as well?

 
  ;; AUTHORITY SECTION:
  mydomain.com.   3600IN  SOA srvdc03.mydomain.com.
  hostmaster.airport. 1398582 900 600 86400 3600
 
  ;; Query time: 12 msec
  ;; SERVER: 10.110.3.123#53(10.110.3.123)
  ;; WHEN: Thu Jan 29 13:40:41 2015
  ;; MSG SIZE  rcvd: 98
 
 
 
  2015-01-29 13:33 GMT+01:00 Alon Bar-Lev alo...@redhat.com:
 
  
  
   - Original Message -
From: Koen Vanoppen vanoppen.k...@gmail.com
To: Alon Bar-Lev alo...@redhat.com, users@ovirt.org
Sent: Thursday, January 29, 2015 2:19:32 PM
Subject: Re: [ovirt-users] AAA
   
Big thanks for your help, but still the same:
   
#
# Active directory domain name.
#
vars.domain = mydomain.com
   
#
# Search user and its password.
#
vars.user = admin@${global:vars.domain}
vars.password = *
   
#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
vars.dns = dns://srvdc03.${global:vars.domain}
dns://srvdc04.${global:vars.domain}
   
pool.default.serverset.type = srvrecord
pool.default.serverset.srvrecord.domain = ${global:vars.domain}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
   
# Uncomment if using custom DNS
   
  
 pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url =
${global:vars.dns}
pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
   
   
   
 [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot
 initialize
LDAP framework, deferring initialization. Error: No DNS SRV records
 were
found with record name '_gc._tcp.brussels.airport'.
   
And I can't put '_gc._tcp.mydomain.com in the dns... Isn't there
 another
way it just resolves the dns servers I gave him?
   
  
   Microsoft Domain controller must have gc service entry within DNS to
 work
   properly.
   1. Are you sure you have Microsoft DNS installed on
 srvdc03.mydomain.com ?
   2. Can you please execute:
   $ dig @srvdc03.mydomain.com SRV _gc._tcp.mydomain.com
   3. Can you please open the DNS manager within your domain and search
 for
   srv records? Maybe you have DNS installed only on few servers, using
 the
   DNS manager you can also see which.
  
   
2015-01-29 13:02 GMT+01:00 

Re: [ovirt-users] [Users] A mobile monitoring application for oVirt

2015-01-29 Thread Gianluca Cecchi
On Thu, Jan 29, 2015 at 12:11 PM, Karli Sjöberg karli.sjob...@slu.se
wrote:



 No, I spoke too soon, 'the attachment was removed'. Can you upload it
 somewhere and paste the link?



If it's ok for Tomas and Sphoorti I can set a gdrive link for the apk
Gianluca
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] AAA

2015-01-29 Thread Alon Bar-Lev


- Original Message -
 From: Koen Vanoppen vanoppen.k...@gmail.com
 To: Alon Bar-Lev alo...@redhat.com, users@ovirt.org
 Sent: Thursday, January 29, 2015 2:19:32 PM
 Subject: Re: [ovirt-users] AAA
 
 Big thanks for your help, but still the same:
 
 #
 # Active directory domain name.
 #
 vars.domain = mydomain.com
 
 #
 # Search user and its password.
 #
 vars.user = admin@${global:vars.domain}
 vars.password = *
 
 #
 # Optional DNS servers, if enterprise
 # DNS server cannot resolve the domain srvrecord.
 #
 vars.dns = dns://srvdc03.${global:vars.domain}
 dns://srvdc04.${global:vars.domain}
 
 pool.default.serverset.type = srvrecord
 pool.default.serverset.srvrecord.domain = ${global:vars.domain}
 pool.default.auth.simple.bindDN = ${global:vars.user}
 pool.default.auth.simple.password = ${global:vars.password}
 
 # Uncomment if using custom DNS
 pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url =
 ${global:vars.dns}
 pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
 
 
 
  [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot initialize
 LDAP framework, deferring initialization. Error: No DNS SRV records were
 found with record name '_gc._tcp.brussels.airport'.
 
 And I can't put '_gc._tcp.mydomain.com in the dns... Isn't there another
 way it just resolves the dns servers I gave him?
 

Microsoft Domain controller must have gc service entry within DNS to work 
properly.
1. Are you sure you have Microsoft DNS installed on srvdc03.mydomain.com ?
2. Can you please execute:
$ dig @srvdc03.mydomain.com SRV _gc._tcp.mydomain.com
3. Can you please open the DNS manager within your domain and search for srv 
records? Maybe you have DNS installed only on few servers, using the DNS 
manager you can also see which.

 
 2015-01-29 13:02 GMT+01:00 Alon Bar-Lev alo...@redhat.com:
 
 
 
  - Original Message -
   From: Ondra Machacek omach...@redhat.com
   To: Koen Vanoppen vanoppen.k...@gmail.com, users@ovirt.org
   Sent: Thursday, January 29, 2015 1:49:00 PM
   Subject: Re: [ovirt-users] AAA
  
  
   On 01/29/2015 12:30 PM, Koen Vanoppen wrote:
No, I don't. and I wouldn't know how he got to this name...
  
   Well, then you have to, if you want to use 'pool.default.serverset.type
   = srvrecord'.
  
   It just need to know where your global catalog is running, since it's
   needed for new provider.
  
   It searches for global catalog like this:
   dig @${vars.dns} -t SRV _gc._tcp.${vars.domain}
  
   So you need to have this SRV record in DNS, if you want to use srvrecord
   serverset type. Or you don't have to if you use single server type.
 
  active directory will not work without access to global catalog.
  please set one or more of the domain controllers as dns server, for
  example:
 
  vars.dns = dns://dc1.${global:vars.domain} dns://dc2.${global:vars.domain}
 
  please also uncomment/add these lines to make vars.dns effective.
 
  pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url
  = ${global:vars.dns}
  pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
 
  Thanks!
 
  
   
Thanks for the reply!
   
2015-01-29 11:53 GMT+01:00 Ondra Machacek omach...@redhat.com
mailto:omach...@redhat.com:
   
On 01/29/2015 11:41 AM, Koen Vanoppen wrote:
   
Can somebody help me setting up AAA for ovirt 3.5.1?
   
I'm getting this now:
   
2015-01-29 11:35:36,889 WARN
[org.ovirt.engineextensions.__aaa.ldap.AuthzExtension] (MSC
service thread
1-1) [ovirt-engine-extension-aaa-__ldap.authz::BRU_AIR-authz]
Cannot
initialize LDAP framework, deferring initialization. Error: An
error
occurred while attempting to query DNS in order to retrieve SRV
records
with name '_gc._tcp.brussels.airport':
javax.naming.__NameNotFoundException: DNS name not found
[response code
3]; remaining name '_gc._tcp.brussels.airport'
   
   
Do you have this '_gc._tcp.brussels.airport' SRV record in DNS ?
   
   
my 3 configs:
_*BRU_AIR-authn.properties*_
ovirt.engine.extension.name 
  http://ovirt.engine.extension.name
http://ovirt.engine.__extension.name
http://ovirt.engine.extension.name =
BRU_AIR-authn
ovirt.engine.extension.__bindings.method = jbossmodule
ovirt.engine.extension.__binding.jbossmodule.module =
org.ovirt.engine-extensions.__aaa.ldap
ovirt.engine.extension.__binding.jbossmodule.class =
org.ovirt.engineextensions.__aaa.ldap.AuthnExtension
ovirt.engine.extension.__provides =
org.ovirt.engine.api.__extensions.aaa.Authn
ovirt.engine.aaa.authn.__profile.name
http://ovirt.engine.aaa.authn.profile.name
http://ovirt.engine.aaa.__authn.profile.name

Re: [ovirt-users] oVirt 3.5.1 user permissions

2015-01-29 Thread Donny Davis
You are assigning permissions at too high of a level.

Set the following permissions for users to be able to only see what they create 

Add a new set of permissions in the config menu


Login to system
Create instance
Attach to storage domains

Then assign that permission at the datacenter level, or even better the cluster 
level

And add permissions as needed

I will get you some screen shots when I get home



On Jan 29, 2015 7:13 AM, Yaniv Dary yd...@redhat.com wrote:

 WebAdmin is for admin and has permissions to see anything in the system.
 For power users please use the power user portal.

 On 01/29/2015 10:35 AM, Nikolai Bochev wrote:
  Hello,
 
  I've been running ovirt hosted engine for around a month already 
  without any major interruptions. Last week i tied it to freeipa, to be 
  able to give permissions to other people, but so far no success 
  because of the following problem :
 
  All users can see all VM's. I tried clearing all permission entries ( 
  leaving the admin only ) and the re-adding and it didn't help at all.
 
  I am attaching a few screenshots to better describe :
 
 
 
 
 
  ​
  Most of the vm's have no permissions attached to them, but they are 
  still visible to everyone that logs from the userpanel
  What am i doing wrong ?
 
  Regards,
 
 
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users

 -- 
 Yaniv Dary
 Red Hat Israel Ltd.
 34 Jerusalem Road
 Building A, 4th floor
 Ra'anana, Israel 4350109

 Tel : +972 (9) 7692306
 8272306
 Email: yd...@redhat.com
 IRC : ydary

 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt 3.5.1 user permissions

2015-01-29 Thread Donny Davis
Setting that login permission at the system level is why they can see 
everything even if they can't control it. Copy the user permission role and 
remove all the permissions except login to system (the last box under login) 
create instance, and attach to storage domains. 

Then add it to the datacenter permission set 

On Jan 29, 2015 2:02 AM, Ondra Machacek omach...@redhat.com wrote:

 If you add for example 'UserRole' on VM, then your user should login to 
 UserPortal without any problem and see his VM.

 On 01/29/2015 09:58 AM, Nikolai Bochev wrote:
  Ok, but if i don't add System permissions to a user with UserRole
  they cannot login at all ?
 
  On Thu, Jan 29, 2015 at 10:56 AM, Ondra Machacek omach...@redhat.com
  mailto:omach...@redhat.com wrote:
 
 
 
  On 01/29/2015 09:35 AM, Nikolai Bochev wrote:
 
  Hello,
 
  I've been running ovirt hosted engine for around a month already
  without
  any major interruptions. Last week i tied it to freeipa, to be
  able to
  give permissions to other people, but so far no success because
  of the
  following problem :
 
  All users can see all VM's. I tried clearing all permission
  entries (
  leaving the admin only ) and the re-adding and it didn't help at
  all.
 
  I am attaching a few screenshots to better describe :
 
 
 
  The problem is that you are assigning system permissions.
  If you assign system permissions you have permission to whole system.
 
  If you want to assign a permission to user on a specific vm(or object),
  you have to select the object, then click 'permissions' subtab, then
  click 'add', then find your user and choose the role for him.
 
 
 
 
  ​
  Most of the vm's have no permissions attached to them, but they are
  still visible to everyone that logs from the userpanel
  What am i doing wrong ?
 
  Regards,
 
 
  _
  Users mailing list
  Users@ovirt.org mailto:Users@ovirt.org
  http://lists.ovirt.org/__mailman/listinfo/users
  http://lists.ovirt.org/mailman/listinfo/users
 
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] AAA

2015-01-29 Thread Alon Bar-Lev


- Original Message -
 From: Koen Vanoppen vanoppen.k...@gmail.com
 To: Alon Bar-Lev alo...@redhat.com
 Cc: users@ovirt.org
 Sent: Thursday, January 29, 2015 2:41:52 PM
 Subject: Re: [ovirt-users] AAA
 
 Yes We have:
 
 [root@ovirtmgmt01prod ~]# dig @srvdc03.mydomain.com SRV  _gc._
 tcp.mydomain.com
 
 ;  DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1  @srvdc03.mydomain.com
 SRV _gc._tcp.mydomain.com
 ; (1 server found)
 ;; global options: +cmd
 ;; Got answer:
 ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 33340
 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
 
 ;; QUESTION SECTION:
 ;_gc._tcp.mydomain.com. IN  SRV

this ^^^ means that you do not have srv record. are you sure you replace 
mydomain.com with your actual active directory domain name?
have you tried to look into your dns manager for this information as well?

 
 ;; AUTHORITY SECTION:
 mydomain.com.   3600IN  SOA srvdc03.mydomain.com.
 hostmaster.airport. 1398582 900 600 86400 3600
 
 ;; Query time: 12 msec
 ;; SERVER: 10.110.3.123#53(10.110.3.123)
 ;; WHEN: Thu Jan 29 13:40:41 2015
 ;; MSG SIZE  rcvd: 98
 
 
 
 2015-01-29 13:33 GMT+01:00 Alon Bar-Lev alo...@redhat.com:
 
 
 
  - Original Message -
   From: Koen Vanoppen vanoppen.k...@gmail.com
   To: Alon Bar-Lev alo...@redhat.com, users@ovirt.org
   Sent: Thursday, January 29, 2015 2:19:32 PM
   Subject: Re: [ovirt-users] AAA
  
   Big thanks for your help, but still the same:
  
   #
   # Active directory domain name.
   #
   vars.domain = mydomain.com
  
   #
   # Search user and its password.
   #
   vars.user = admin@${global:vars.domain}
   vars.password = *
  
   #
   # Optional DNS servers, if enterprise
   # DNS server cannot resolve the domain srvrecord.
   #
   vars.dns = dns://srvdc03.${global:vars.domain}
   dns://srvdc04.${global:vars.domain}
  
   pool.default.serverset.type = srvrecord
   pool.default.serverset.srvrecord.domain = ${global:vars.domain}
   pool.default.auth.simple.bindDN = ${global:vars.user}
   pool.default.auth.simple.password = ${global:vars.password}
  
   # Uncomment if using custom DNS
  
  pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url =
   ${global:vars.dns}
   pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
  
  
  
[ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot initialize
   LDAP framework, deferring initialization. Error: No DNS SRV records were
   found with record name '_gc._tcp.brussels.airport'.
  
   And I can't put '_gc._tcp.mydomain.com in the dns... Isn't there another
   way it just resolves the dns servers I gave him?
  
 
  Microsoft Domain controller must have gc service entry within DNS to work
  properly.
  1. Are you sure you have Microsoft DNS installed on srvdc03.mydomain.com ?
  2. Can you please execute:
  $ dig @srvdc03.mydomain.com SRV _gc._tcp.mydomain.com
  3. Can you please open the DNS manager within your domain and search for
  srv records? Maybe you have DNS installed only on few servers, using the
  DNS manager you can also see which.
 
  
   2015-01-29 13:02 GMT+01:00 Alon Bar-Lev alo...@redhat.com:
  
   
   
- Original Message -
 From: Ondra Machacek omach...@redhat.com
 To: Koen Vanoppen vanoppen.k...@gmail.com, users@ovirt.org
 Sent: Thursday, January 29, 2015 1:49:00 PM
 Subject: Re: [ovirt-users] AAA


 On 01/29/2015 12:30 PM, Koen Vanoppen wrote:
  No, I don't. and I wouldn't know how he got to this name...

 Well, then you have to, if you want to use
  'pool.default.serverset.type
 = srvrecord'.

 It just need to know where your global catalog is running, since it's
 needed for new provider.

 It searches for global catalog like this:
 dig @${vars.dns} -t SRV _gc._tcp.${vars.domain}

 So you need to have this SRV record in DNS, if you want to use
  srvrecord
 serverset type. Or you don't have to if you use single server type.
   
active directory will not work without access to global catalog.
please set one or more of the domain controllers as dns server, for
example:
   
vars.dns = dns://dc1.${global:vars.domain}
  dns://dc2.${global:vars.domain}
   
please also uncomment/add these lines to make vars.dns effective.
   
   
  pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url
= ${global:vars.dns}
pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
   
Thanks!
   

 
  Thanks for the reply!
 
  2015-01-29 11:53 GMT+01:00 Ondra Machacek omach...@redhat.com
  mailto:omach...@redhat.com:
 
  On 01/29/2015 11:41 AM, Koen Vanoppen wrote:
 
  Can somebody help me setting up AAA for ovirt 3.5.1?
 
  I'm getting this now:
 
  2015-01-29 11:35:36,889 WARN
  [org.ovirt.engineextensions.__aaa.ldap.AuthzExtension] (MSC
  service thread
   

Re: [ovirt-users] [Users] A mobile monitoring application for oVirt

2015-01-29 Thread Tomas Jelinek


- Original Message -
 From: Karli Sjöberg karli.sjob...@slu.se
 To: Tomas Jelinek tjeli...@redhat.com
 Cc: Gianluca Cecchi gianluca.cec...@gmail.com, Sphoorti Joglekar 
 sphoorti.jogle...@gmail.com, users
 users@ovirt.org
 Sent: Thursday, January 29, 2015 12:48:59 PM
 Subject: Re: [ovirt-users] [Users] A mobile monitoring application for oVirt
 
 On Thu, 2015-01-29 at 06:28 -0500, Tomas Jelinek wrote:
  
  - Original Message -
   From: Gianluca Cecchi gianluca.cec...@gmail.com
   To: Karli Sjöberg karli.sjob...@slu.se
   Cc: Tomas Jelinek tjeli...@redhat.com, Sphoorti Joglekar
   sphoorti.jogle...@gmail.com, users
   users@ovirt.org
   Sent: Thursday, January 29, 2015 12:19:24 PM
   Subject: Re: [ovirt-users] [Users] A mobile monitoring application for
   oVirt
   
   On Thu, Jan 29, 2015 at 12:11 PM, Karli Sjöberg karli.sjob...@slu.se
   wrote:
   
   
   
No, I spoke too soon, 'the attachment was removed'. Can you upload it
somewhere and paste the link?
   
   
   
   If it's ok for Tomas and Sphoorti I can set a gdrive link for the apk
   Gianluca
  
  Seen your mail too late - I have just uploaded it to github: [1]. There is
  a link now from the main github page [2]
  
  Tomas
  
  [1]:
  https://github.com/matobet/moVirt/blob/master/moVirt/moVirt-debug.apk?raw=true
  [2]: https://github.com/matobet/moVirt
  
 
 Cool as fsck!:) Worked like a charm on my Nexus 4 and going to install
 it on my Nexus 7 tonight as well. Shame no SPICE but keep it up guys,
 that was great!

Cool, thanx for the review! :)

 
 /K
 
 
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] [Users] A mobile monitoring application for oVirt

2015-01-29 Thread Sphoorti Joglekar
Hello folks!
I am an OPW intern working on this project with Tomas.

I work on Android Lollipop to test movirt and it works fine.

Looking forward to your views on movirt.

Best Regards,
Sphoorti

On Thu, Jan 29, 2015, 4:37 PM Karli Sjöberg karli.sjob...@slu.se wrote:

 On Thu, 2015-01-29 at 06:01 -0500, Tomas Jelinek wrote:
 
  - Original Message -
   From: Karli Sjöberg karli.sjob...@slu.se
   To: Gianluca Cecchi gianluca.cec...@gmail.com
   Cc: users users@ovirt.org
   Sent: Thursday, January 29, 2015 11:45:02 AM
   Subject: Re: [ovirt-users] [Users] A mobile monitoring application for
 oVirt
  
   On Wed, 2015-01-28 at 19:07 +0100, Gianluca Cecchi wrote:
   
Il 03/apr/2014 16:37 Martin Betak mbe...@redhat.com ha scritto:
   
 This is still under heavy development, but first usable version can
be found at [1]
   
[Snip]
   
 feature requests and general feedback are very welcome. You can
 file
any issues directly at [2].
   
[Snip]
   
 [1] https://github.com/matobet/moVirt/blob/master/moVirt/
 moVirt.apk
 [2] https://github.com/matobet/moVirt/issues
   
   
Hello
Are the above links yet the right ones to use for apk
 download/install
and issue tracking in case I want to test movirt?
Thanks
Gianluca
   
plain text document attachment (ATT1)
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
  
   BTW, just curious, what about Lollipop? Does it work with the same app
   or must it be specifically built for the new version?
 
  It should, but no one have tested it so far. Do you have a device with
 Lollipop? It would be so awesome if you could test it!

 Yup, sure thing:) I´ll report back once I´ve tested.

 /K

 
  
   /K
  
  
   ___
   Users mailing list
   Users@ovirt.org
   http://lists.ovirt.org/mailman/listinfo/users
  


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] AAA

2015-01-29 Thread Donny Davis
Use /etc/hosts and add this to your .properties

pool.default.socketfactory.type = java

On Jan 29, 2015 5:50 AM, Alon Bar-Lev wrote: - Original Message 
-   From: Koen Vanoppen   To: Alon Bar-Lev   Cc: users@ovirt.org 
  Sent: Thursday, January 29, 2015 2:41:52 PM   Subject: Re: [ovirt-users] 
AAA Yes We have: [root@ovirtmgmt01prod ~]# dig 
@srvdc03.mydomain.com SRV  _gc._   tcp.mydomain.com ;  DiG 
9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1  @srvdc03.mydomain.com   SRV 
_gc._tcp.mydomain.com   ; (1 server found)   ;; global options: +cmd   ;; 
Got answer:   ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 33340   
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 
;; QUESTION SECTION:   ;_gc._tcp.mydomain.com. IN  SRV   this ^^^ 
means that you do not have srv record. are you sure you replace mydomain.com 
with your actual active directory domain name?  have you tried to look into 
your dns manager for this information as well?  ;; AUTHORITY SECTION: 
  mydomain.com.   3600    IN  SOA srvdc03.mydomain.com.   
hostmaster.airport. 1398582 900 600 86400 3600 ;; Query time: 12 msec  
 ;; SERVER: 10.110.3.123#53(10.110.3.123)   ;; WHEN: Thu Jan 29 13:40:41 
2015   ;; MSG SIZE  rcvd: 98 2015-01-29 13:33 GMT+01:00 Alon 
Bar-Lev :- Original Message - From: 
Koen Vanoppen To: Alon Bar-Lev , users@ovirt.org Sent: 
Thursday, January 29, 2015 2:19:32 PM Subject: Re: [ovirt-users] AAA  
   Big thanks for your help, but still the same: #  
   # Active directory domain name. # vars.domain = 
mydomain.com # # Search user and its password. 
# vars.user = admin@${global:vars.domain} vars.password = * 
# # Optional DNS servers, if enterprise # DNS 
server cannot resolve the domain srvrecord. # vars.dns = 
dns://srvdc03.${global:vars.domain} dns://srvdc04.${global:vars.domain} 
pool.default.serverset.type = srvrecord 
pool.default.serverset.srvrecord.domain = ${global:vars.domain} 
pool.default.auth.simple.bindDN = ${global:vars.user} 
pool.default.auth.simple.password = ${global:vars.password} # 
Uncomment if using custom DNS
pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url =   
  ${global:vars.dns} pool.default.socketfactory.resolver.uRL = 
${global:vars.dns}  
[ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot initialize
 LDAP framework, deferring initialization. Error: No DNS SRV records were   
  found with record name '_gc._tcp.brussels.airport'. And I 
can't put '_gc._tcp.mydomain.com in the dns... Isn't there another way 
it just resolves the dns servers I gave him?   Microsoft 
Domain controller must have gc service entry within DNS to workproperly. 
   1. Are you sure you have Microsoft DNS installed on srvdc03.mydomain.com 
?2. Can you please execute:$ dig @srvdc03.mydomain.com SRV 
_gc._tcp.mydomain.com3. Can you please open the DNS manager within your 
domain and search forsrv records? Maybe you have DNS installed only on 
few servers, using theDNS manager you can also see which.
2015-01-29 13:02 GMT+01:00 Alon Bar-Lev :
- Original Message -   From: Ondra Machacek 
  To: Koen Vanoppen , users@ovirt.org   Sent: Thursday, January 
29, 2015 1:49:00 PM   Subject: Re: [ovirt-users] AAA 
  On 01/29/2015 12:30 PM, Koen Vanoppen wrote:
No, I don't. and I wouldn't know how he got to this name...   
  Well, then you have to, if you want to use
'pool.default.serverset.type   = srvrecord'. 
It just need to know where your global catalog is running, since it's  
 needed for new provider. It searches for global 
catalog like this:   dig @${vars.dns} -t SRV _gc._tcp.${vars.domain} 
So you need to have this SRV record in DNS, if you want 
to usesrvrecord   serverset type. Or you don't have to if you 
use single server type.   active directory will not work 
without access to global catalog.  please set one or more of the 
domain controllers as dns server, for  example:   
vars.dns = dns://dc1.${global:vars.domain}
dns://dc2.${global:vars.domain}   please also uncomment/add 
these lines to make vars.dns effective.  
pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url
  = ${global:vars.dns}  pool.default.socketfactory.resolver.uRL = 
${global:vars.dns}   Thanks! 
 Thanks for the reply!   2015-01-29 
11:53 GMT+01:00 Ondra Machacek   :   
On 01/29/2015 11:41 AM, Koen Vanoppen wrote:  
 Can somebody help me setting up AAA for ovirt 3.5.1?  
 I'm getting this now:  

Re: [ovirt-users] AAA

2015-01-29 Thread Koen Vanoppen
I saw that when I pressed the send button. If I do that i again get the
following:

2015-01-29 14:28:35,891 WARN
[org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread
1-1) [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot
initialize LDAP framework, deferring initialization. Error: An error
occurred while attempting to query DNS in order to retrieve SRV records
with name '_ldap._tcp.ldap.mydomain.com':
javax.naming.NameNotFoundException: DNS name not found [response code 3];
remaining name '_ldap._tcp.ldap.mydomain.com'
2015-01-29 14:28:35,924 WARN
[org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service thread
1-1) [ovirt-engine-extension-aaa-ldap.authn::BRU_AIR-authn] Cannot
initialize LDAP framework, deferring initialization. Error: An error
occurred while attempting to query DNS in order to retrieve SRV records
with name '_ldap._tcp.ldap.mydomain.com':
javax.naming.NameNotFoundException: DNS name not found [response code 3];
remaining name '_ldap._tcp.ldap.mydomain.com'

And yes I replayed mydomain with the correct one... :-)

2015-01-29 14:40 GMT+01:00 Ondra Machacek omach...@redhat.com:



 On 01/29/2015 02:18 PM, Koen Vanoppen wrote:

 OK... Now I have this one :-)
 WARN  [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service
 thread 1-2) [ovirt-engine-extension-aaa-ldap.authn::BRU_AIR-authn]
 Cannot initialize LDAP framework, deferring initialization. Error:
 Invalid DNS pseudo-URL(s):


 uncomment vars.dns


 Changed the properties file to this:

 include = ad.properties

 #
 # Active directory domain name.
 #
 vars.domain = ldap.mydomain.com http://ldap.mydomain.com (this one
 resolves to and gives ping back, front end of the pool)

 #
 # Search user and its password.
 #
 vars.user = juniper-ad...@mydomain.com mailto:juniper-ad...@mydomain.com
 
 vars.password = *

 #
 # Optional DNS servers, if enterprise
 # DNS server cannot resolve the domain srvrecord.
 #
 #vars.dns = dns://srvdc03.my.domain dns://srvdc04.my.domain (these
 resolve and give a ping back)

 pool.default.serverset.type = srvrecord
 #pool.default.serverset.single.server = ${global:vars.server}
 pool.default.serverset.srvrecord.domain = ${global:vars.domain}
 pool.default.auth.simple.bindDN = ${global:vars.user}
 pool.default.auth.simple.password = ${global:vars.password}

 # Uncomment if using custom DNS
 pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url
 =
 ${global:vars.dns}
 pool.default.socketfactory.resolver.uRL = ${global:vars.dns}


 Thanks for your effort!


 2015-01-29 13:50 GMT+01:00 Alon Bar-Lev alo...@redhat.com
 mailto:alo...@redhat.com:



 - Original Message -
  From: Koen Vanoppen vanoppen.k...@gmail.com mailto:
 vanoppen.k...@gmail.com
  To: Alon Bar-Lev alo...@redhat.com mailto:alo...@redhat.com
  Cc:users@ovirt.org mailto:users@ovirt.org
  Sent: Thursday, January 29, 2015 2:41:52 PM
  Subject: Re: [ovirt-users] AAA
 
  Yes We have:
 
  [root@ovirtmgmt01prod ~]# dig @srvdc03.mydomain.com 
 http://srvdc03.mydomain.com SRV  _gc._
 tcp.mydomain.com http://tcp.mydomain.com
 
  ;  DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1  @
 srvdc03.mydomain.com http://srvdc03.mydomain.com
  SRV _gc._tcp.mydomain.com http://tcp.mydomain.com
  ; (1 server found)
  ;; global options: +cmd
  ;; Got answer:
  ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 33340
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1,
 ADDITIONAL: 0
 
  ;; QUESTION SECTION:
  ;_gc._tcp.mydomain.com http://tcp.mydomain.com. IN  SRV

 this ^^^ means that you do not have srv record. are you sure you
 replace mydomain.com http://mydomain.com with your actual active
 directory domain name?
 have you tried to look into your dns manager for this information as
 well?

  
   ;; AUTHORITY SECTION:
   mydomain.com http://mydomain.com.   3600IN  SOA
 srvdc03.mydomain.com http://srvdc03.mydomain.com.
   hostmaster.airport. 1398582 900 600 86400 3600
  
   ;; Query time: 12 msec
   ;; SERVER: 10.110.3.123#53(10.110.3.123)
   ;; WHEN: Thu Jan 29 13:40:41 2015
   ;; MSG SIZE  rcvd: 98
  
  
  
   2015-01-29 13:33 GMT+01:00 Alon Bar-Lev alo...@redhat.com
 mailto:alo...@redhat.com:
  
   
   
- Original Message -
 From: Koen Vanoppen vanoppen.k...@gmail.com
 mailto:vanoppen.k...@gmail.com
 To: Alon Bar-Lev alo...@redhat.com
 mailto:alo...@redhat.com, users@ovirt.org mailto:users@ovirt.org
 Sent: Thursday, January 29, 2015 2:19:32 PM
 Subject: Re: [ovirt-users] AAA

 Big thanks for your help, but still the same:

 #
 # Active directory domain name.
 #
 vars.domain = mydomain.com http://mydomain.com

 #
 # Search user and its password.
 #
 

Re: [ovirt-users] Unable to reactivate host after reboot due to failed Gluster probe

2015-01-29 Thread Shubhendu Tripathi

On 01/29/2015 04:26 PM, Jan Siml wrote:

Hello,

finally I got the nodes online. What helps was probing the not needed 
peer node-04 (no brick) from one of the other cluster nodes. When the 
node becames a Gluster peer, I am able to activate any oVirt node 
which serves bricks.


Therefore I assume, the error message which the UI returns comes from 
node-04:


Yes, this could be an issue as all other successful cases, the value for 
opErrno is retruned as 0 and opErrStr is blank.

I feel this scenario is treated as an error engine side.



root@node-04:~ $ gluster peer probe node-01
peer probe: failed: Probe returned with unknown errno 107

root@node-03:~ $ gluster peer status
Number of Peers: 2

Hostname: node-01
Uuid: 18027b35-971b-4b21-bb3d-df252b4dd525
State: Peer in Cluster (Connected)

Hostname: node-02
Uuid: 3fc36f55-d3a2-4efc-b2f0-31f83ed709d9
State: Peer in Cluster (Connected)

root@node-03:~ $ gluster peer probe node-04
peer probe: success.

root@node-03:~ $ gluster peer status
Number of Peers: 3

Hostname: node-01
Uuid: 18027b35-971b-4b21-bb3d-df252b4dd525
State: Peer in Cluster (Connected)

Hostname: node-02
Uuid: 3fc36f55-d3a2-4efc-b2f0-31f83ed709d9
State: Peer in Cluster (Connected)

Hostname: node-04
Uuid: 9cdefc68-d710-4346-93b1-76b5307e258b
State: Peer in Cluster (Connected)

This (oVirt's behavior) seems to be reproducible.

On 01/29/2015 11:10 AM, Jan Siml wrote:

Hello,

when looking into engine.log, I can see, that gluster probe returned
errno 107. But I can't figure out why:

2015-01-29 10:40:03,546 ERROR
[org.ovirt.engine.core.bll.InitVdsOnUpCommand]
(DefaultQuartzScheduler_Worker-59) [5977aac5] Could not peer probe the
gluster server node-03. Error: VdcBLLException: org.ovirt.eng
ine.core.vdsbroker.vdsbroker.VDSErrorException: VDSGenericException:
VDSErrorException: Failed to AddGlusterServerVDS, error = Add host 
failed

error: Probe returned with unknown errno 107

Just for the record: We use the /etc/hosts method because of missing
possibility to choose the network interface for Gluster. The three
Gluster peer hosts have modified /etc/hosts files with addresses binded
to a different interface than the ovirtmgmt addresses.

Example:

root@node-03:~ $ cat /etc/hosts
192.168.200.195  node-01
192.168.200.196  node-02
192.168.200.198  node-03

The /etc/hosts file on engine host isn't modified.


On 01/29/2015 10:39 AM, Jan Siml wrote:

Hello,

we have a strange behavior within an oVirt cluster. Version is 3.5.1,
engine is running on EL6 machine and hosts are using EL7 as operating
system. The cluster uses a GlusterFS backed storage domain amongst
others. Three of four hosts are peers in the Gluster cluster (3 bricks,
3 replica).

When all hosts are restarted (maybe due to power outage), engine can't
activate them again, because Gluster probe fails. The message given in
UI is:

Gluster command [gluster peer node-03] failed on server node-03.

Checking Gluster peer and volume status on each host confirms that
Gluster peers are known to each other and volume is up.

node-03:~ $ gluster peer status
Number of Peers: 2

Hostname: node-02
Uuid: 3fc36f55-d3a2-4efc-b2f0-31f83ed709d9
State: Peer in Cluster (Connected)

Hostname: node-01
Uuid: 18027b35-971b-4b21-bb3d-df252b4dd525
State: Peer in Cluster (Connected)

node-03:~ $ gluster volume status
Status of volume: glusterfs-1
Gluster processPortOnlinePid
-- 




Brick node-01:/export/glusterfs/brick   49152Y 12409
Brick node-02:/export/glusterfs/brick49153Y 9978
Brick node-03:/export/glusterfs/brick49152Y 10001
Self-heal Daemon on localhostN/AY10003
Self-heal Daemon on node-01N/AY11590
Self-heal Daemon on node-02N/AY9988

Task Status of Volume glusterfs-1
-- 




There are no active volume tasks

Storage domain in oVirt UI is fine (active and green) and usable. But
neither Gluster volume nor any brick is visible in UI.

If I try the command which is shown in UI it returns:

root@node-03:~ $ gluster peer probe node-03
peer probe: success. Probe on localhost not needed

root@node-03:~ $ gluster --mode=script peer probe node-03 --xml
?xml version=1.0 encoding=UTF-8 standalone=yes?
cliOutput
   opRet0/opRet
   opErrno1/opErrno
   opErrstr(null)/opErrstr
   outputProbe on localhost not needed/output
/cliOutput

Is this maybe just an engine side parsing error?







___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] AAA

2015-01-29 Thread Alon Bar-Lev


- Original Message -
 From: Ondra Machacek omach...@redhat.com
 To: Koen Vanoppen vanoppen.k...@gmail.com, users@ovirt.org
 Sent: Thursday, January 29, 2015 1:49:00 PM
 Subject: Re: [ovirt-users] AAA
 
 
 On 01/29/2015 12:30 PM, Koen Vanoppen wrote:
  No, I don't. and I wouldn't know how he got to this name...
 
 Well, then you have to, if you want to use 'pool.default.serverset.type
 = srvrecord'.
 
 It just need to know where your global catalog is running, since it's
 needed for new provider.
 
 It searches for global catalog like this:
 dig @${vars.dns} -t SRV _gc._tcp.${vars.domain}
 
 So you need to have this SRV record in DNS, if you want to use srvrecord
 serverset type. Or you don't have to if you use single server type.

active directory will not work without access to global catalog.
please set one or more of the domain controllers as dns server, for example:

vars.dns = dns://dc1.${global:vars.domain} dns://dc2.${global:vars.domain}

please also uncomment/add these lines to make vars.dns effective.

pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url = 
${global:vars.dns}
pool.default.socketfactory.resolver.uRL = ${global:vars.dns}

Thanks!

 
 
  Thanks for the reply!
 
  2015-01-29 11:53 GMT+01:00 Ondra Machacek omach...@redhat.com
  mailto:omach...@redhat.com:
 
  On 01/29/2015 11:41 AM, Koen Vanoppen wrote:
 
  Can somebody help me setting up AAA for ovirt 3.5.1?
 
  I'm getting this now:
 
  2015-01-29 11:35:36,889 WARN
  [org.ovirt.engineextensions.__aaa.ldap.AuthzExtension] (MSC
  service thread
  1-1) [ovirt-engine-extension-aaa-__ldap.authz::BRU_AIR-authz]
  Cannot
  initialize LDAP framework, deferring initialization. Error: An
  error
  occurred while attempting to query DNS in order to retrieve SRV
  records
  with name '_gc._tcp.brussels.airport':
  javax.naming.__NameNotFoundException: DNS name not found
  [response code
  3]; remaining name '_gc._tcp.brussels.airport'
 
 
  Do you have this '_gc._tcp.brussels.airport' SRV record in DNS ?
 
 
  my 3 configs:
  _*BRU_AIR-authn.properties*_
  ovirt.engine.extension.name http://ovirt.engine.extension.name
  http://ovirt.engine.__extension.name
  http://ovirt.engine.extension.name =
  BRU_AIR-authn
  ovirt.engine.extension.__bindings.method = jbossmodule
  ovirt.engine.extension.__binding.jbossmodule.module =
  org.ovirt.engine-extensions.__aaa.ldap
  ovirt.engine.extension.__binding.jbossmodule.class =
  org.ovirt.engineextensions.__aaa.ldap.AuthnExtension
  ovirt.engine.extension.__provides =
  org.ovirt.engine.api.__extensions.aaa.Authn
  ovirt.engine.aaa.authn.__profile.name
  http://ovirt.engine.aaa.authn.profile.name
  http://ovirt.engine.aaa.__authn.profile.name
  http://ovirt.engine.aaa.authn.profile.name = BRU-AIR
  ovirt.engine.aaa.authn.authz.__plugin = BRU_AIR-authz
  config.profile.file.1 = /etc/ovirt-engine/aaa/BRU_AIR.__properties
 
  _*BRU_AIR-authz.properties*_
  ovirt.engine.extension.name http://ovirt.engine.extension.name
  http://ovirt.engine.__extension.name
  http://ovirt.engine.extension.name =
  BRU_AIR-authz
  ovirt.engine.extension.__bindings.method = jbossmodule
  ovirt.engine.extension.__binding.jbossmodule.module =
  org.ovirt.engine-extensions.__aaa.ldap
  ovirt.engine.extension.__binding.jbossmodule.class =
  org.ovirt.engineextensions.__aaa.ldap.AuthzExtension
  ovirt.engine.extension.__provides =
  org.ovirt.engine.api.__extensions.aaa.Authz
  config.profile.file.1 = /etc/ovirt-engine/aaa/BRU_AIR.__properties
 
  _*BRU_AIR.properties*_
  include = ad.properties
 
  #
  # Active directory domain name.
  #
  vars.domain = mydomain.com http://mydomain.com
  http://mydomain.com
 
  #
  # Search user and its password.
  #
  vars.user = admin@${global:vars.domain}
  vars.password = ***
 
  #
  # Optional DNS servers, if enterprise
  # DNS server cannot resolve the domain srvrecord.
  #
  vars.dns = dns://dc01.mydomain.com http://dc01.mydomain.com
  http://dc01.mydomain.com
 
  pool.default.serverset.type = srvrecord
  pool.default.serverset.__srvrecord.domain = ${global:vars.domain}
  pool.default.auth.simple.__bindDN = ${global:vars.user}
  pool.default.auth.simple.__password = ${global:vars.password
 
  In the GUI for adding user I get this:
 
  An error occurred while attempting to query DNS in order to
  retrieve SRV
  records with name '_gc__tcp_brussels_airport':
  

Re: [ovirt-users] AAA

2015-01-29 Thread Koen Vanoppen
Yes We have:

[root@ovirtmgmt01prod ~]# dig @srvdc03.mydomain.com SRV  _gc._
tcp.mydomain.com

;  DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1  @srvdc03.mydomain.com
SRV _gc._tcp.mydomain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 33340
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;_gc._tcp.mydomain.com. IN  SRV

;; AUTHORITY SECTION:
mydomain.com.   3600IN  SOA srvdc03.mydomain.com.
hostmaster.airport. 1398582 900 600 86400 3600

;; Query time: 12 msec
;; SERVER: 10.110.3.123#53(10.110.3.123)
;; WHEN: Thu Jan 29 13:40:41 2015
;; MSG SIZE  rcvd: 98



2015-01-29 13:33 GMT+01:00 Alon Bar-Lev alo...@redhat.com:



 - Original Message -
  From: Koen Vanoppen vanoppen.k...@gmail.com
  To: Alon Bar-Lev alo...@redhat.com, users@ovirt.org
  Sent: Thursday, January 29, 2015 2:19:32 PM
  Subject: Re: [ovirt-users] AAA
 
  Big thanks for your help, but still the same:
 
  #
  # Active directory domain name.
  #
  vars.domain = mydomain.com
 
  #
  # Search user and its password.
  #
  vars.user = admin@${global:vars.domain}
  vars.password = *
 
  #
  # Optional DNS servers, if enterprise
  # DNS server cannot resolve the domain srvrecord.
  #
  vars.dns = dns://srvdc03.${global:vars.domain}
  dns://srvdc04.${global:vars.domain}
 
  pool.default.serverset.type = srvrecord
  pool.default.serverset.srvrecord.domain = ${global:vars.domain}
  pool.default.auth.simple.bindDN = ${global:vars.user}
  pool.default.auth.simple.password = ${global:vars.password}
 
  # Uncomment if using custom DNS
 
 pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url =
  ${global:vars.dns}
  pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
 
 
 
   [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot initialize
  LDAP framework, deferring initialization. Error: No DNS SRV records were
  found with record name '_gc._tcp.brussels.airport'.
 
  And I can't put '_gc._tcp.mydomain.com in the dns... Isn't there another
  way it just resolves the dns servers I gave him?
 

 Microsoft Domain controller must have gc service entry within DNS to work
 properly.
 1. Are you sure you have Microsoft DNS installed on srvdc03.mydomain.com ?
 2. Can you please execute:
 $ dig @srvdc03.mydomain.com SRV _gc._tcp.mydomain.com
 3. Can you please open the DNS manager within your domain and search for
 srv records? Maybe you have DNS installed only on few servers, using the
 DNS manager you can also see which.

 
  2015-01-29 13:02 GMT+01:00 Alon Bar-Lev alo...@redhat.com:
 
  
  
   - Original Message -
From: Ondra Machacek omach...@redhat.com
To: Koen Vanoppen vanoppen.k...@gmail.com, users@ovirt.org
Sent: Thursday, January 29, 2015 1:49:00 PM
Subject: Re: [ovirt-users] AAA
   
   
On 01/29/2015 12:30 PM, Koen Vanoppen wrote:
 No, I don't. and I wouldn't know how he got to this name...
   
Well, then you have to, if you want to use
 'pool.default.serverset.type
= srvrecord'.
   
It just need to know where your global catalog is running, since it's
needed for new provider.
   
It searches for global catalog like this:
dig @${vars.dns} -t SRV _gc._tcp.${vars.domain}
   
So you need to have this SRV record in DNS, if you want to use
 srvrecord
serverset type. Or you don't have to if you use single server type.
  
   active directory will not work without access to global catalog.
   please set one or more of the domain controllers as dns server, for
   example:
  
   vars.dns = dns://dc1.${global:vars.domain}
 dns://dc2.${global:vars.domain}
  
   please also uncomment/add these lines to make vars.dns effective.
  
  
 pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url
   = ${global:vars.dns}
   pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
  
   Thanks!
  
   

 Thanks for the reply!

 2015-01-29 11:53 GMT+01:00 Ondra Machacek omach...@redhat.com
 mailto:omach...@redhat.com:

 On 01/29/2015 11:41 AM, Koen Vanoppen wrote:

 Can somebody help me setting up AAA for ovirt 3.5.1?

 I'm getting this now:

 2015-01-29 11:35:36,889 WARN
 [org.ovirt.engineextensions.__aaa.ldap.AuthzExtension] (MSC
 service thread
 1-1)
 [ovirt-engine-extension-aaa-__ldap.authz::BRU_AIR-authz]
 Cannot
 initialize LDAP framework, deferring initialization.
 Error: An
 error
 occurred while attempting to query DNS in order to
 retrieve SRV
 records
 with name '_gc._tcp.brussels.airport':
 javax.naming.__NameNotFoundException: DNS name not found
 [response code
 3]; remaining name '_gc._tcp.brussels.airport'


 Do you have this '_gc._tcp.brussels.airport' SRV record in DNS
 ?

Re: [ovirt-users] AAA

2015-01-29 Thread Ondra Machacek



On 01/29/2015 02:18 PM, Koen Vanoppen wrote:

OK... Now I have this one :-)
WARN  [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service
thread 1-2) [ovirt-engine-extension-aaa-ldap.authn::BRU_AIR-authn]
Cannot initialize LDAP framework, deferring initialization. Error:
Invalid DNS pseudo-URL(s):


uncomment vars.dns



Changed the properties file to this:

include = ad.properties

#
# Active directory domain name.
#
vars.domain = ldap.mydomain.com http://ldap.mydomain.com (this one
resolves to and gives ping back, front end of the pool)

#
# Search user and its password.
#
vars.user = juniper-ad...@mydomain.com mailto:juniper-ad...@mydomain.com
vars.password = *

#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
#vars.dns = dns://srvdc03.my.domain dns://srvdc04.my.domain (these
resolve and give a ping back)

pool.default.serverset.type = srvrecord
#pool.default.serverset.single.server = ${global:vars.server}
pool.default.serverset.srvrecord.domain = ${global:vars.domain}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}

# Uncomment if using custom DNS
pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url =
${global:vars.dns}
pool.default.socketfactory.resolver.uRL = ${global:vars.dns}


Thanks for your effort!


2015-01-29 13:50 GMT+01:00 Alon Bar-Lev alo...@redhat.com
mailto:alo...@redhat.com:



- Original Message -
 From: Koen Vanoppen vanoppen.k...@gmail.com 
mailto:vanoppen.k...@gmail.com
 To: Alon Bar-Lev alo...@redhat.com mailto:alo...@redhat.com
 Cc:users@ovirt.org mailto:users@ovirt.org
 Sent: Thursday, January 29, 2015 2:41:52 PM
 Subject: Re: [ovirt-users] AAA

 Yes We have:

 [root@ovirtmgmt01prod ~]# dig @srvdc03.mydomain.com 
http://srvdc03.mydomain.com SRV  _gc._
tcp.mydomain.com http://tcp.mydomain.com

 ;  DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1  @srvdc03.mydomain.com 
http://srvdc03.mydomain.com
 SRV _gc._tcp.mydomain.com http://tcp.mydomain.com
 ; (1 server found)
 ;; global options: +cmd
 ;; Got answer:
 ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 33340
 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

 ;; QUESTION SECTION:
 ;_gc._tcp.mydomain.com http://tcp.mydomain.com. IN  SRV

this ^^^ means that you do not have srv record. are you sure you
replace mydomain.com http://mydomain.com with your actual active
directory domain name?
have you tried to look into your dns manager for this information as
well?

 
  ;; AUTHORITY SECTION:
  mydomain.com http://mydomain.com.   3600IN  SOA
srvdc03.mydomain.com http://srvdc03.mydomain.com.
  hostmaster.airport. 1398582 900 600 86400 3600
 
  ;; Query time: 12 msec
  ;; SERVER: 10.110.3.123#53(10.110.3.123)
  ;; WHEN: Thu Jan 29 13:40:41 2015
  ;; MSG SIZE  rcvd: 98
 
 
 
  2015-01-29 13:33 GMT+01:00 Alon Bar-Lev alo...@redhat.com
mailto:alo...@redhat.com:
 
  
  
   - Original Message -
From: Koen Vanoppen vanoppen.k...@gmail.com
mailto:vanoppen.k...@gmail.com
To: Alon Bar-Lev alo...@redhat.com
mailto:alo...@redhat.com, users@ovirt.org mailto:users@ovirt.org
Sent: Thursday, January 29, 2015 2:19:32 PM
Subject: Re: [ovirt-users] AAA
   
Big thanks for your help, but still the same:
   
#
# Active directory domain name.
#
vars.domain = mydomain.com http://mydomain.com
   
#
# Search user and its password.
#
vars.user = admin@${global:vars.domain}
vars.password = *
   
#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
vars.dns = dns://srvdc03.${global:vars.domain}
dns://srvdc04.${global:vars.domain}
   
pool.default.serverset.type = srvrecord
pool.default.serverset.srvrecord.domain = ${global:vars.domain}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
   
# Uncomment if using custom DNS
   
  
pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url
=
${global:vars.dns}
pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
   
   
   
 [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz]
Cannot initialize
LDAP framework, deferring initialization. Error: No DNS SRV
records were
found with record name '_gc._tcp.brussels.airport'.
   
And I can't put '_gc._tcp.mydomain.com
http://tcp.mydomain.com in the dns... Isn't there another
way it just resolves the dns servers I gave him?
   
  
   

Re: [ovirt-users] AAA

2015-01-29 Thread Ondra Machacek

It's same situation as before, but now you are missing ldap SRV record.

With same steps you used to add _gc SRV record add also _ldap SRV 
record. But it's strange that you don't already have them.


On 01/29/2015 02:46 PM, Koen Vanoppen wrote:

I saw that when I pressed the send button. If I do that i again get the
following:

2015-01-29 14:28:35,891 WARN
[org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread
1-1) [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot
initialize LDAP framework, deferring initialization. Error: An error
occurred while attempting to query DNS in order to retrieve SRV records
with name '_ldap._tcp.ldap.mydomain.com
http://tcp.ldap.mydomain.com':  javax.naming.NameNotFoundException:
DNS name not found [response code 3]; remaining name
'_ldap._tcp.ldap.mydomain.com http://tcp.ldap.mydomain.com'
2015-01-29 14:28:35,924 WARN
[org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service thread
1-1) [ovirt-engine-extension-aaa-ldap.authn::BRU_AIR-authn] Cannot
initialize LDAP framework, deferring initialization. Error: An error
occurred while attempting to query DNS in order to retrieve SRV records
with name '_ldap._tcp.ldap.mydomain.com
http://tcp.ldap.mydomain.com':  javax.naming.NameNotFoundException:
DNS name not found [response code 3]; remaining name
'_ldap._tcp.ldap.mydomain.com http://tcp.ldap.mydomain.com'

And yes I replayed mydomain with the correct one... :-)

2015-01-29 14:40 GMT+01:00 Ondra Machacek omach...@redhat.com
mailto:omach...@redhat.com:



On 01/29/2015 02:18 PM, Koen Vanoppen wrote:

OK... Now I have this one :-)
WARN  [org.ovirt.engineextensions.__aaa.ldap.AuthnExtension]
(MSC service
thread 1-2) [ovirt-engine-extension-aaa-__ldap.authn::BRU_AIR-authn]
Cannot initialize LDAP framework, deferring initialization. Error:
Invalid DNS pseudo-URL(s):


uncomment vars.dns


Changed the properties file to this:

include = ad.properties

#
# Active directory domain name.
#
vars.domain = ldap.mydomain.com http://ldap.mydomain.com
http://ldap.mydomain.com (this one
resolves to and gives ping back, front end of the pool)

#
# Search user and its password.
#
vars.user = juniper-ad...@mydomain.com
mailto:juniper-ad...@mydomain.com
mailto:juniper-admin@__mydomain.com
mailto:juniper-ad...@mydomain.com
vars.password = *

#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
#vars.dns = dns://srvdc03.my.domain dns://srvdc04.my.domain (these
resolve and give a ping back)

pool.default.serverset.type = srvrecord
#pool.default.serverset.__single.server = ${global:vars.server}
pool.default.serverset.__srvrecord.domain = ${global:vars.domain}
pool.default.auth.simple.__bindDN = ${global:vars.user}
pool.default.auth.simple.__password = ${global:vars.password}

# Uncomment if using custom DNS

pool.default.serverset.__srvrecord.jndi-properties.__java.naming.provider.url
=
${global:vars.dns}
pool.default.socketfactory.__resolver.uRL = ${global:vars.dns}


Thanks for your effort!


2015-01-29 13:50 GMT+01:00 Alon Bar-Lev alo...@redhat.com
mailto:alo...@redhat.com
mailto:alo...@redhat.com mailto:alo...@redhat.com:



 - Original Message -
  From: Koen Vanoppen vanoppen.k...@gmail.com
mailto:vanoppen.k...@gmail.com
mailto:vanoppen.koen@gmail.__com mailto:vanoppen.k...@gmail.com
  To: Alon Bar-Lev alo...@redhat.com
mailto:alo...@redhat.com mailto:alo...@redhat.com
mailto:alo...@redhat.com
  Cc:users@ovirt.org mailto:cc%3aus...@ovirt.org
mailto:users@ovirt.org mailto:users@ovirt.org
  Sent: Thursday, January 29, 2015 2:41:52 PM
  Subject: Re: [ovirt-users] AAA
 
  Yes We have:
 
  [root@ovirtmgmt01prod ~]# dig @srvdc03.mydomain.com
http://srvdc03.mydomain.com http://srvdc03.mydomain.com SRV
_gc._
 tcp.mydomain.com http://tcp.mydomain.com
http://tcp.mydomain.com
 
  ;  DiG 9.8.2rc1-RedHat-9.8.2-0.23.__rc1.el6_5.1 
@srvdc03.mydomain.com http://srvdc03.mydomain.com
http://srvdc03.mydomain.com
  SRV _gc._tcp.mydomain.com http://tcp.mydomain.com
http://tcp.mydomain.com
  ; (1 server found)
  ;; global options: +cmd
  ;; Got answer:
  ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 33340
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1,
ADDITIONAL: 0
 
  ;; QUESTION SECTION:
  ;_gc._tcp.mydomain.com 

Re: [ovirt-users] AAA

2015-01-29 Thread Alon Bar-Lev


- Original Message -
 From: Koen Vanoppen vanoppen.k...@gmail.com
 To: Ondra Machacek omach...@redhat.com
 Cc: users@ovirt.org
 Sent: Thursday, January 29, 2015 4:11:40 PM
 Subject: Re: [ovirt-users] AAA
 
 FOUND IT!!
 
 include = ad.properties
 
 #
 # Active directory domain name.
 #
 #vars.domain = ldap.mydomain.com
 vars.server = ldap.mydomain.com
 
 #
 # Search user and its password.
 #
 vars.user = juniper-ad...@mydomain.com
 vars.password = **
 
 #
 # Optional DNS servers, if enterprise
 # DNS server cannot resolve the domain srvrecord.
 #
 vars.dns = dns:// srvdc03.mydomain.com dns:// srvdc04.mydomain.com
 
 #pool.default.serverset.type = srvrecord

as I wrote several times, not using srvrecord for active directory will result 
in non working configuration. we need to find the root cause of your problem.

 pool.default.serverset.single.server = ${global:vars.server}
 pool.default.serverset.srvrecord.domain = ${global:vars.domain}
 pool.default.auth.simple.bindDN = ${global:vars.user}
 pool.default.auth.simple.password = ${global:vars.password}
 
 # Uncomment if using custom DNS
 pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url =
 ${global:vars.dns}
 pool.default.socketfactory.resolver.uRL = ${global:vars.dns
 
 
 
 BIG THANKS MAN!
 
 2015-01-29 15:00 GMT+01:00 Ondra Machacek  omach...@redhat.com  :
 
 
 
 
 On 01/29/2015 02:54 PM, Koen Vanoppen wrote:
 
 
 I just don't understand. Why did engine-manage-domains previously DID
 work, no problems what so ever and now I have this...
 
 Because manage-domains didn't use global catalog. And probabaly the reason
 you don't have _ldap SRV record is that you didn't have them never and you
 just used '--ldapServers' parameter, that's why manage-domains worked with
 your domain.
 
 Now you are using DNS, not static configuration of ldap servers.
 
 
 
 
 2015-01-29 14:48 GMT+01:00 Ondra Machacek  omach...@redhat.com
 mailto: omach...@redhat.com :
 
 It's same situation as before, but now you are missing ldap SRV record.
 
 With same steps you used to add _gc SRV record add also _ldap SRV
 record. But it's strange that you don't already have them.
 
 On 01/29/2015 02:46 PM, Koen Vanoppen wrote:
 
 I saw that when I pressed the send button. If I do that i again
 get the
 following:
 
 2015-01-29 14:28:35,891 WARN
 [org.ovirt.engineextensions.__ aaa.ldap.AuthzExtension] (MSC
 service thread
 1-1) [ovirt-engine-extension-aaa-__ ldap.authz::BRU_AIR-authz] Cannot
 initialize LDAP framework, deferring initialization. Error: An error
 occurred while attempting to query DNS in order to retrieve SRV
 records
 with name '_ldap._ tcp.ldap.mydomain.com
  http://tcp.ldap.mydomain.com 
  http://tcp.ldap.mydomain.com  __':
 javax.naming.__ NameNotFoundException:
 DNS name not found [response code 3]; remaining name
 '_ldap._ tcp.ldap.mydomain.com  http://tcp.ldap.mydomain.com 
  http://tcp.ldap.mydomain.com  __'
 2015-01-29 14:28:35,924 WARN
 [org.ovirt.engineextensions.__ aaa.ldap.AuthnExtension] (MSC
 service thread
 1-1) [ovirt-engine-extension-aaa-__ ldap.authn::BRU_AIR-authn] Cannot
 initialize LDAP framework, deferring initialization. Error: An error
 occurred while attempting to query DNS in order to retrieve SRV
 records
 with name '_ldap._ tcp.ldap.mydomain.com
  http://tcp.ldap.mydomain.com 
  http://tcp.ldap.mydomain.com  __':
 javax.naming.__ NameNotFoundException:
 DNS name not found [response code 3]; remaining name
 '_ldap._ tcp.ldap.mydomain.com  http://tcp.ldap.mydomain.com 
  http://tcp.ldap.mydomain.com  __'
 
 And yes I replayed mydomain with the correct one... :-)
 
 2015-01-29 14:40 GMT+01:00 Ondra Machacek  omach...@redhat.com
 mailto: omach...@redhat.com 
 mailto: omach...@redhat.com mailto: omach...@redhat.com  :
 
 
 
 On 01/29/2015 02:18 PM, Koen Vanoppen wrote:
 
 OK... Now I have this one :-)
 WARN
 [org.ovirt.engineextensions.__ __aaa.ldap.AuthnExtension]
 (MSC service
 thread 1-2)
 [ovirt-engine-extension-aaa-__ __ldap.authn::BRU_AIR-authn]
 Cannot initialize LDAP framework, deferring
 initialization. Error:
 Invalid DNS pseudo-URL(s):
 
 
 uncomment vars.dns
 
 
 Changed the properties file to this:
 
 include = ad.properties
 
 #
 # Active directory domain name.
 #
 vars.domain = ldap.mydomain.com
  http://ldap.mydomain.com   http://ldap.mydomain.com 
  http://ldap.mydomain.com  (this one
 resolves to and gives ping back, front end of the pool)
 
 #
 # Search user and its password.
 #
 vars.user = juniper-ad...@mydomain.com
 mailto: juniper-admin@ mydomain.com 
 mailto: juniper-admin@ __ mydoma in.com
 mailto: juniper-admin@ mydomain.com 
 mailto: juniper-admin@
 mailto: juniper-admin@ __ mydom a__in.com  http://mydomain.com 
 mailto: juniper-admin@ __ mydoma in.com
 mailto: juniper-admin@ mydomain.com 
 vars.password = *
 
 #
 # Optional DNS servers, if enterprise
 # DNS server cannot resolve the domain srvrecord.
 #
 #vars.dns = dns://srvdc03.my.domain
 dns://srvdc04.my.domain 

Re: [ovirt-users] [Users] A mobile monitoring application for oVirt

2015-01-29 Thread Gianluca Cecchi
hello,
using the ip address with disable https works to see events and such, but
if I click on vm line (both if VM is powered on or off) movirt terminates.
I only use admin@internal, giving him power user role access to the vm; in
fact I can connect to it from user portal with admin@internal)
If I download the certificate and then try to use https I get this error
message when starting movirt and selecting load button:
https://drive.google.com/file/d/0BwoPbcrMv8mvX2ZKUVdRUW5OLUU/view?usp=sharing

any special thing to do with certificate?

Gianluca
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt 3.5.1 user permissions

2015-01-29 Thread Gianluca Cecchi
On Thu, Jan 29, 2015 at 6:13 PM, Oved Ourfali oourf...@redhat.com wrote:


 On Jan 29, 2015 7:00 PM, Gianluca Cecchi gianluca.cec...@gmail.com
 wrote:
 
 
  Il 29/gen/2015 15:13 Yaniv Dary yd...@redhat.com ha scritto:
  
   WebAdmin is for admin and has permissions to see anything in the
 system.
   For power users please use the power user portal
 
  Power user portal doesn't exist any more or did I miss anything?

 We have the webadmin and the user portal. If you have permissions like
 power user role, then when you login to the user portal you have access to
 a different view which is the power user portal.

BTW: I'm not the one who openend the thread

In fact. Power user portal was used in RHEV 2.2 time..
If I give power user role to a vm for a user, than when the user (included
admin@internal) open user portal, he can see the vm and work with it...

Gianluca
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] AAA

2015-01-29 Thread Koen Vanoppen
I just don't understand. Why did engine-manage-domains previously DID work,
no problems what so ever and now I have this...

2015-01-29 14:48 GMT+01:00 Ondra Machacek omach...@redhat.com:

 It's same situation as before, but now you are missing ldap SRV record.

 With same steps you used to add _gc SRV record add also _ldap SRV record.
 But it's strange that you don't already have them.

 On 01/29/2015 02:46 PM, Koen Vanoppen wrote:

 I saw that when I pressed the send button. If I do that i again get the
 following:

 2015-01-29 14:28:35,891 WARN
 [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread
 1-1) [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot
 initialize LDAP framework, deferring initialization. Error: An error
 occurred while attempting to query DNS in order to retrieve SRV records
 with name '_ldap._tcp.ldap.mydomain.com
 http://tcp.ldap.mydomain.com':  javax.naming.NameNotFoundException:
 DNS name not found [response code 3]; remaining name
 '_ldap._tcp.ldap.mydomain.com http://tcp.ldap.mydomain.com'
 2015-01-29 14:28:35,924 WARN
 [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service thread
 1-1) [ovirt-engine-extension-aaa-ldap.authn::BRU_AIR-authn] Cannot
 initialize LDAP framework, deferring initialization. Error: An error
 occurred while attempting to query DNS in order to retrieve SRV records
 with name '_ldap._tcp.ldap.mydomain.com
 http://tcp.ldap.mydomain.com':  javax.naming.NameNotFoundException:
 DNS name not found [response code 3]; remaining name
 '_ldap._tcp.ldap.mydomain.com http://tcp.ldap.mydomain.com'

 And yes I replayed mydomain with the correct one... :-)

 2015-01-29 14:40 GMT+01:00 Ondra Machacek omach...@redhat.com
 mailto:omach...@redhat.com:



 On 01/29/2015 02:18 PM, Koen Vanoppen wrote:

 OK... Now I have this one :-)
 WARN  [org.ovirt.engineextensions.__aaa.ldap.AuthnExtension]
 (MSC service
 thread 1-2) [ovirt-engine-extension-aaa-__
 ldap.authn::BRU_AIR-authn]
 Cannot initialize LDAP framework, deferring initialization. Error:
 Invalid DNS pseudo-URL(s):


 uncomment vars.dns


 Changed the properties file to this:

 include = ad.properties

 #
 # Active directory domain name.
 #
 vars.domain = ldap.mydomain.com http://ldap.mydomain.com
 http://ldap.mydomain.com (this one
 resolves to and gives ping back, front end of the pool)

 #
 # Search user and its password.
 #
 vars.user = juniper-ad...@mydomain.com
 mailto:juniper-ad...@mydomain.com
 mailto:juniper-admin@__mydomain.com
 mailto:juniper-ad...@mydomain.com
 vars.password = *

 #
 # Optional DNS servers, if enterprise
 # DNS server cannot resolve the domain srvrecord.
 #
 #vars.dns = dns://srvdc03.my.domain dns://srvdc04.my.domain (these
 resolve and give a ping back)

 pool.default.serverset.type = srvrecord
 #pool.default.serverset.__single.server = ${global:vars.server}
 pool.default.serverset.__srvrecord.domain = ${global:vars.domain}
 pool.default.auth.simple.__bindDN = ${global:vars.user}
 pool.default.auth.simple.__password = ${global:vars.password}

 # Uncomment if using custom DNS
 pool.default.serverset.__srvrecord.jndi-properties.__
 java.naming.provider.url
 =
 ${global:vars.dns}
 pool.default.socketfactory.__resolver.uRL = ${global:vars.dns}


 Thanks for your effort!


 2015-01-29 13:50 GMT+01:00 Alon Bar-Lev alo...@redhat.com
 mailto:alo...@redhat.com
 mailto:alo...@redhat.com mailto:alo...@redhat.com:



  - Original Message -
   From: Koen Vanoppen vanoppen.k...@gmail.com
 mailto:vanoppen.k...@gmail.com
 mailto:vanoppen.koen@gmail.__com mailto:vanoppen.k...@gmail.com
 
   To: Alon Bar-Lev alo...@redhat.com
 mailto:alo...@redhat.com mailto:alo...@redhat.com
 mailto:alo...@redhat.com
   Cc:users@ovirt.org mailto:cc%3aus...@ovirt.org
 mailto:users@ovirt.org mailto:users@ovirt.org
   Sent: Thursday, January 29, 2015 2:41:52 PM
   Subject: Re: [ovirt-users] AAA
  
   Yes We have:
  
   [root@ovirtmgmt01prod ~]# dig @srvdc03.mydomain.com
 http://srvdc03.mydomain.com http://srvdc03.mydomain.com SRV
 _gc._
  tcp.mydomain.com http://tcp.mydomain.com
 http://tcp.mydomain.com
  
   ;  DiG 9.8.2rc1-RedHat-9.8.2-0.23.__rc1.el6_5.1 
 @srvdc03.mydomain.com http://srvdc03.mydomain.com

 http://srvdc03.mydomain.com
   SRV _gc._tcp.mydomain.com http://tcp.mydomain.com
 http://tcp.mydomain.com
   ; (1 server found)
   ;; global options: 

Re: [ovirt-users] AAA

2015-01-29 Thread Ondra Machacek



On 01/29/2015 02:54 PM, Koen Vanoppen wrote:

I just don't understand. Why did engine-manage-domains previously DID
work, no problems what so ever and now I have this...


Because manage-domains didn't use global catalog. And probabaly the 
reason you don't have _ldap SRV record is that you didn't have them 
never and you just used '--ldapServers' parameter, that's why 
manage-domains worked with your domain.


Now you are using DNS, not static configuration of ldap servers.



2015-01-29 14:48 GMT+01:00 Ondra Machacek omach...@redhat.com
mailto:omach...@redhat.com:

It's same situation as before, but now you are missing ldap SRV record.

With same steps you used to add _gc SRV record add also _ldap SRV
record. But it's strange that you don't already have them.

On 01/29/2015 02:46 PM, Koen Vanoppen wrote:

I saw that when I pressed the send button. If I do that i again
get the
following:

2015-01-29 14:28:35,891 WARN
[org.ovirt.engineextensions.__aaa.ldap.AuthzExtension] (MSC
service thread
1-1) [ovirt-engine-extension-aaa-__ldap.authz::BRU_AIR-authz] Cannot
initialize LDAP framework, deferring initialization. Error: An error
occurred while attempting to query DNS in order to retrieve SRV
records
with name '_ldap._tcp.ldap.mydomain.com
http://tcp.ldap.mydomain.com
http://tcp.ldap.mydomain.com__':
javax.naming.__NameNotFoundException:
DNS name not found [response code 3]; remaining name
'_ldap._tcp.ldap.mydomain.com http://tcp.ldap.mydomain.com
http://tcp.ldap.mydomain.com__'
2015-01-29 14:28:35,924 WARN
[org.ovirt.engineextensions.__aaa.ldap.AuthnExtension] (MSC
service thread
1-1) [ovirt-engine-extension-aaa-__ldap.authn::BRU_AIR-authn] Cannot
initialize LDAP framework, deferring initialization. Error: An error
occurred while attempting to query DNS in order to retrieve SRV
records
with name '_ldap._tcp.ldap.mydomain.com
http://tcp.ldap.mydomain.com
http://tcp.ldap.mydomain.com__':
javax.naming.__NameNotFoundException:
DNS name not found [response code 3]; remaining name
'_ldap._tcp.ldap.mydomain.com http://tcp.ldap.mydomain.com
http://tcp.ldap.mydomain.com__'

And yes I replayed mydomain with the correct one... :-)

2015-01-29 14:40 GMT+01:00 Ondra Machacek omach...@redhat.com
mailto:omach...@redhat.com
mailto:omach...@redhat.com mailto:omach...@redhat.com:



 On 01/29/2015 02:18 PM, Koen Vanoppen wrote:

 OK... Now I have this one :-)
 WARN
[org.ovirt.engineextensions.aaa.ldap.AuthnExtension]
 (MSC service
 thread 1-2)
[ovirt-engine-extension-aaa-ldap.authn::BRU_AIR-authn]
 Cannot initialize LDAP framework, deferring
initialization. Error:
 Invalid DNS pseudo-URL(s):


 uncomment vars.dns


 Changed the properties file to this:

 include = ad.properties

 #
 # Active directory domain name.
 #
 vars.domain = ldap.mydomain.com
http://ldap.mydomain.com http://ldap.mydomain.com
 http://ldap.mydomain.com (this one
 resolves to and gives ping back, front end of the pool)

 #
 # Search user and its password.
 #
 vars.user = juniper-ad...@mydomain.com
mailto:juniper-ad...@mydomain.com
 mailto:juniper-admin@__mydomain.com
mailto:juniper-ad...@mydomain.com
 mailto:juniper-admin@
mailto:juniper-admin@__mydoma__in.com http://mydomain.com
 mailto:juniper-admin@__mydomain.com
mailto:juniper-ad...@mydomain.com
 vars.password = *

 #
 # Optional DNS servers, if enterprise
 # DNS server cannot resolve the domain srvrecord.
 #
 #vars.dns = dns://srvdc03.my.domain
dns://srvdc04.my.domain (these
 resolve and give a ping back)

 pool.default.serverset.type = srvrecord
 #pool.default.serverset.single.server =
${global:vars.server}
 pool.default.serverset.srvrecord.domain =
${global:vars.domain}
 pool.default.auth.simple.bindDN = ${global:vars.user}
 pool.default.auth.simple.password =
${global:vars.password}

 # Uncomment if using custom DNS


pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url
 =
 ${global:vars.dns}
 pool.default.socketfactory.resolver.uRL =
   

Re: [ovirt-users] AAA

2015-01-29 Thread Koen Vanoppen
FOUND IT!!

include = ad.properties

#
# Active directory domain name.
#
#vars.domain = ldap.mydomain.com
vars.server = ldap.mydomain.com

#
# Search user and its password.
#
vars.user = juniper-ad...@mydomain.com
vars.password = **

#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
vars.dns = dns://srvdc03.mydomain.com dns://srvdc04.mydomain.com

#pool.default.serverset.type = srvrecord
pool.default.serverset.single.server = ${global:vars.server}
pool.default.serverset.srvrecord.domain = ${global:vars.domain}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}

# Uncomment if using custom DNS
pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url =
${global:vars.dns}
pool.default.socketfactory.resolver.uRL = ${global:vars.dns



BIG THANKS MAN!

2015-01-29 15:00 GMT+01:00 Ondra Machacek omach...@redhat.com:



 On 01/29/2015 02:54 PM, Koen Vanoppen wrote:

 I just don't understand. Why did engine-manage-domains previously DID
 work, no problems what so ever and now I have this...


 Because manage-domains didn't use global catalog. And probabaly the reason
 you don't have _ldap SRV record is that you didn't have them never and you
 just used '--ldapServers' parameter, that's why manage-domains worked with
 your domain.

 Now you are using DNS, not static configuration of ldap servers.


 2015-01-29 14:48 GMT+01:00 Ondra Machacek omach...@redhat.com
 mailto:omach...@redhat.com:

 It's same situation as before, but now you are missing ldap SRV
 record.

 With same steps you used to add _gc SRV record add also _ldap SRV
 record. But it's strange that you don't already have them.

 On 01/29/2015 02:46 PM, Koen Vanoppen wrote:

 I saw that when I pressed the send button. If I do that i again
 get the
 following:

 2015-01-29 14:28:35,891 WARN
 [org.ovirt.engineextensions.__aaa.ldap.AuthzExtension] (MSC
 service thread
 1-1) [ovirt-engine-extension-aaa-__ldap.authz::BRU_AIR-authz]
 Cannot
 initialize LDAP framework, deferring initialization. Error: An
 error
 occurred while attempting to query DNS in order to retrieve SRV
 records
 with name '_ldap._tcp.ldap.mydomain.com
 http://tcp.ldap.mydomain.com
 http://tcp.ldap.mydomain.com__':
 javax.naming.__NameNotFoundException:
 DNS name not found [response code 3]; remaining name
 '_ldap._tcp.ldap.mydomain.com http://tcp.ldap.mydomain.com
 http://tcp.ldap.mydomain.com__'
 2015-01-29 14:28:35,924 WARN
 [org.ovirt.engineextensions.__aaa.ldap.AuthnExtension] (MSC
 service thread
 1-1) [ovirt-engine-extension-aaa-__ldap.authn::BRU_AIR-authn]
 Cannot
 initialize LDAP framework, deferring initialization. Error: An
 error
 occurred while attempting to query DNS in order to retrieve SRV
 records
 with name '_ldap._tcp.ldap.mydomain.com
 http://tcp.ldap.mydomain.com
 http://tcp.ldap.mydomain.com__':
 javax.naming.__NameNotFoundException:
 DNS name not found [response code 3]; remaining name
 '_ldap._tcp.ldap.mydomain.com http://tcp.ldap.mydomain.com
 http://tcp.ldap.mydomain.com__'

 And yes I replayed mydomain with the correct one... :-)

 2015-01-29 14:40 GMT+01:00 Ondra Machacek omach...@redhat.com
 mailto:omach...@redhat.com
 mailto:omach...@redhat.com mailto:omach...@redhat.com:



  On 01/29/2015 02:18 PM, Koen Vanoppen wrote:

  OK... Now I have this one :-)
  WARN
 [org.ovirt.engineextensions.aaa.ldap.AuthnExtension]
  (MSC service
  thread 1-2)
 [ovirt-engine-extension-aaa-ldap.authn::BRU_AIR-authn]
  Cannot initialize LDAP framework, deferring
 initialization. Error:
  Invalid DNS pseudo-URL(s):


  uncomment vars.dns


  Changed the properties file to this:

  include = ad.properties

  #
  # Active directory domain name.
  #
  vars.domain = ldap.mydomain.com
 http://ldap.mydomain.com http://ldap.mydomain.com
  http://ldap.mydomain.com (this one
  resolves to and gives ping back, front end of the pool)

  #
  # Search user and its password.
  #
  vars.user = juniper-ad...@mydomain.com
 mailto:juniper-ad...@mydomain.com
  mailto:juniper-admin@__mydomain.com
 mailto:juniper-ad...@mydomain.com
  mailto:juniper-admin@
 mailto:juniper-admin@__mydoma__in.com http://mydomain.com
  mailto:juniper-admin@__mydomain.com

Re: [ovirt-users] oVirt 3.5.1 user permissions

2015-01-29 Thread Yaniv Dary

WebAdmin is for admin and has permissions to see anything in the system.
For power users please use the power user portal.


On 01/29/2015 10:35 AM, Nikolai Bochev wrote:

Hello,

I've been running ovirt hosted engine for around a month already 
without any major interruptions. Last week i tied it to freeipa, to be 
able to give permissions to other people, but so far no success 
because of the following problem :


All users can see all VM's. I tried clearing all permission entries ( 
leaving the admin only ) and the re-adding and it didn't help at all.


I am attaching a few screenshots to better describe :





​
Most of the vm's have no permissions attached to them, but they are 
still visible to everyone that logs from the userpanel

What am i doing wrong ?

Regards,


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


--
Yaniv Dary
Red Hat Israel Ltd.
34 Jerusalem Road
Building A, 4th floor
Ra'anana, Israel 4350109

Tel : +972 (9) 7692306
8272306
Email: yd...@redhat.com
IRC : ydary

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] [Users] A mobile monitoring application for oVirt

2015-01-29 Thread Sphoorti Joglekar
Hello,

Could you share the IP address URL you used? Also is the Admin Privilege
check box checked or unchecked?

Best Regards,
Sphoorti
On Jan 29, 2015 11:59 PM, Gianluca Cecchi gianluca.cec...@gmail.com
wrote:


 hello,
 using the ip address with disable https works to see events and such,
 but if I click on vm line (both if VM is powered on or off) movirt
 terminates.
 I only use admin@internal, giving him power user role access to the vm;
 in fact I can connect to it from user portal with admin@internal)
 If I download the certificate and then try to use https I get this error
 message when starting movirt and selecting load button:

 https://drive.google.com/file/d/0BwoPbcrMv8mvX2ZKUVdRUW5OLUU/view?usp=sharing

 any special thing to do with certificate?

 Gianluca


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt 3.5.1 user permissions

2015-01-29 Thread Oved Ourfali

On Jan 29, 2015 8:32 PM, Gianluca Cecchi gianluca.cec...@gmail.com wrote:

 On Thu, Jan 29, 2015 at 6:13 PM, Oved Ourfali oourf...@redhat.com wrote:


 On Jan 29, 2015 7:00 PM, Gianluca Cecchi gianluca.cec...@gmail.com wrote:
 
 
  Il 29/gen/2015 15:13 "Yaniv Dary" yd...@redhat.com ha scritto:
  
   WebAdmin is for admin and has permissions to see anything in the system.
   For power users please use the power user portal
 
  Power user portal doesn't exist any more or did I miss anything?

 We have the webadmin and the user portal. If you have permissions like power user role, then when you login to the user portal you have access to a different view which is the power user portal.

 BTW: I'm not the one who openend the thread

 In fact. Power user portal was used in RHEV 2.2 time..
 If I give power user role to a vm for a user, than when the user (included admin@internal) open user portal, he can see the vm and work with it...

But power user role on the DC for example, should give you permissions to access the power user portal, in which you can create VMs
 Gianluca

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] [Users] A mobile monitoring application for oVirt

2015-01-29 Thread Gianluca Cecchi
Il 29/Gen/2015 19:50 Sphoorti Joglekar sphoorti.jogle...@gmail.com ha
scritto:

 Hello,

 Could you share the IP address URL you used? Also is the Admin Privilege
check box checked or unchecked?

The same happens with my Samsung note pro and 4.4.2 .
Probably it is needed to have the engine hostname in DNS ?
In that case I can setup one of the VM with bind and configure my
Smartphone and ttablet to me the ip of that VM as DNS server...
The lan is a local lan so I can't share its ip address
Gianluca
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] New user intro some questions

2015-01-29 Thread George Skorup

Hello oVirt Users Community,

I've been working with Red Hat and RHEL and clones for about 11 years, 
though I do still consider myself amateur mostly because I'm more of a 
networking guy. :) One-man IT department so I get very little time to 
tinker.


I'm evaluating oVirt (because the boss said no to VMware) and will 
likely begin implementation soon to virtualize our datacenter. So I have 
a SuperMicro Twin2 (4 nodes) system and a cheap managed L2+ switch to 
use for now. Dual 6-core Xeon's and 24GB per node. The two on-board 
82574L's are bonded 802.3ad, no issues there (so far). I currently have 
two 1TB WD RE4 SATA drives configured as RAID1 using the Intel RAID BIOS 
in each node. I understand this is software RAID. That's all working 
fine and I did this so that if a drive dies then I can still boot the 
machine(s). I have a 500MB partition formatted as ext4 for /boot. A 48GB 
ext4 for the root. 24GB for swap. And finally the rest (800-something 
GB) is LVM and XFS for Gluster.


I've been following Jason Brooks' Up and Running with oVirt guides 
(which are great, BTW!). I have the cluster up and running with CentOS 7 
and oVirt 3.5, hosted-engine on CentOS 6.6 and CTDB to host a virtual IP 
for the engine NFS mount. There are a couple test VMs running along with 
the engine on various nodes. I found it interesting that I was able to 
upload a ripped ISO of Win 2k3 Enterprise (not SP2) and was able to 
successfully boot it, after which I promptly installed SP2 and oVirt 
guest tools. I do very little with Windows, but there's always that one 
remaining customer that needs IIS and we're not about to buy a new 
Windows Server 2012 license just for them.


So anyway, I'm having a problem with node reboots. They simply will not 
shut down and reboot cleanly. Instead, it looks like they hang after all 
processes are shut down, or at least attempted to be shut down. Then 
after a couple minutes, the hardware watchdog resets the system. I've 
came to the conclusion that sanlock and/or wdmd is causing the hangup. 
I'm guessing an active but non-responsive NFS mount is the culprit, 
possibly the ISO domain NFS mount which is on the engine? I've tried 
manually shutting down all oVirt, VDSM, etc. processes, unmounting all 
NFS shares, but it seems sanlock still has a hold on something in 
/rhev/.. I've Google'd a bit and have come across posts about this as 
well. Any tips here?


Then I experienced something else odd yesterday. I did a yum update for 
the glibc vulnerability stuff. Gluster was updated as well which really 
threw a wrench into things because I wasn't paying attention and quorum 
broke, etc. I got that fixed. Rebooted all nodes (which is when I found 
the sanlock/watchdog problem). Nodes 2, 3 and 4 came back up, but node1 
did not. I logged into the IPKVM console and found that it had no 
network configuration. All /etc/sysconfig/network-scripts/ifcfg-* files 
were gone. I was able to manually reconfigure the physical interfaces, 
set the bonding back up and add the ovirtmgmt bridge. But then the 
engine reported the host as non-operational due to '..does not comply 
with cluster default networks... ovirtmgmt missing' which I was able to 
resolve by reconfiguring the host's network config within the engine GUI 
and all is now well. I'm just curious how/why the ifcfg files were wiped 
out? I haven't touched the network config on any hosts since running 
hosted-engine --deploy.


Please forgive my ignorance and point me to the correct place if these 
issues have been discussed and/or resolved already.


And overall I'm very much liking oVirt, especially as a viable and 
cost-effective alternative to vSphere.


Thanks,
George
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users