[ovirt-users] simple-sso w. kerberos iplanet ldap - login slow and unreliable (ovirt 3.5.1.1)
I have configured the simple-sso with kerberos. I can successfully login most of the time, but often the login fails and I am dropped at the portal login window and prompted for the internal account username and password. Host is FC 20. Also, adding users in the GMU-authz o=gmu.edu namespace is agonisingly slow returning from the directory lookup. I can see from the apache logs that the kerberos authentication is successful, but in the engine logs I see many errors: 2015-04-09 13:39:28,493 ERROR [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter] (ajp--127.0.0.1-8702-11) Cannot obtain profile for user aneil2 and eventually: 2015-04-09 13:39:28,342 ERROR [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter] (ajp--127.0.0.1-8702-5) Cannot obtain profile for user aneil2 {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Extkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL 2.0, Extkey[name=EXTENSION_NOTES;type=class java.lang.String;uuid=EXTENSION_NOTES[2da5ad7e-185a-4584-aaff-97f66978e4ea];]=Display name: ovirt-engine-extension-aaa-ldap-1.0.2-1.fc20, Extkey[name=EXTENSION_HOME_URL;type=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]= http://www.ovirt.org, Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=ovirt-engine-extension-aaa-ldap.authz, Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EXTENSION_CONFIGURATION;type=class java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=50, Extkey[name=EXTENSION_INSTANCE_NAME;type=class java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=GMU-authz, Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0, Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[], Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*, Extkey[name=EXTENSION_VERSION;type=class java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=1.0.2, Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[o= gmu.edu], Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.ovirt-engine-extension-aaa-ldap.authz.GMU-authz), Extkey[name=EXTENSION_PROVIDES;type=interface java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz], Extkey[name=EXTENSION_CONFIGURATION_FILE;type=class java.lang.String;uuid=EXTENSION_CONFIGURATION_FILE[4fb0ffd3-983c-4f3f-98ff-9660bd67af6a];]=/etc/ovirt-engine/extensions.d/GMU-authz.properties}, Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3, Extkey[name=EXTENSION_INVOKE_COMMAND;type=class org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df], Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=aneil2}} {Extkey[name=EXTENSION_INVOKE_RESULT;type=class java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2, Extkey[name=EXTENSION_INVOKE_MESSAGE;type=class
Re: [ovirt-users] qlnic errors -
On 08/04/15 16:32, Matt Wells wrote: Running on the 3.5 node (even setup one blade as a RHEL + VDSM) and we continue to get the same errors. you should not run the ovirt-node images in production setups. stick with EL6 or EL7 as host platform. I'm pretty sure that's where your performance problem stems from. HTH -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt-guest-agent outdated?
On 04/09/2015 10:12 AM, Sandro Bonazzola wrote: Il 09/04/2015 10:03, Vinzenz Feenstra ha scritto: On 04/09/2015 09:55 AM, Jorick Astrego wrote: On 04/09/2015 08:56 AM, Vinzenz Feenstra wrote: On 04/08/2015 04:34 PM, Jorick Astrego wrote: Hi, Hi, Testing 3.5.2rc3, I see AVC denied messages for the ovrit-guest agent (installed through cloud-init). type=AVC msg=audit(1428510418.333:142): avc: denied { read } for pid=1113 comm=ovirt-guest-age name=online dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file type=AVC msg=audit(1428510418.333:142): avc: denied { open } for pid=1113 comm=ovirt-guest-age name=online dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file type=SYSCALL msg=audit(1428510418.333:142): arch=c03e syscall=2 success=yes exit=6 a0=7f8a655612b8 a1=8 a2=2803ff a3=0 items=0 ppid=1 pid=1113 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm=ovirt-guest-age exe=/usr/bin/python subj=system_u:system_r:rhev_agentd_t:s0 key=(null) And when I check the rpm I see: rpm -qa|grep ovirt ovirt-release-el6-10.0.1-3.noarch ovirt-guest-agent-1.0.8-1.el6.noarch Well the latest guest agent is always available on epel for el5/6/7 and for fedora in the fedora repos I am not sure why it's not available in the public ovirt repositories, however that was somehow always a problem with ovirt releases, but I recommend anyway to use epel for the ovirt guest agent due to the fact that I am releasing the guest agent always to epel and it will get updated from there. Please also note that the repo location has changed. ovirt-3.5 for el6 is now here: http://resources.ovirt.org/pub/ovirt-3.5/rpm/el6/ However what I don't know, is how the 3.3.3 repository got installed for you, I am not sure that this was done by the bare 'cloud-init', that might be specific to your cloud init configuration. Well that can't be specific. I completely wipe the test environment every couple weeks and just provisioned a completely fresh ovirt 3.5.2rc3 install. Normally I don't use cloud-init as we have foreman, but I was testing it. The only thing I did was, create new VM and checked the cloud-init/sysprep checkbox. The rest oVirt did automatically. What I think is happening is that the CentOS 6.5 image in the ovirt-image-repository glance provider is outdated. I used this as template for quick testing. Does anyone know who maintains these images? Sandro, do you by any chance know who does? Nobody maintains actively the images in the glance repository. I raised the issue a while ago[1] and proposed as get involved task to provide updated images[2] for the glance repository. Once new images will be available, Oved can upload them into the glance repository. [1] http://lists.ovirt.org/pipermail/devel/2015-April/010193.html [2] http://lists.ovirt.org/pipermail/devel/2015-April/010199.html Ok, I will schedule some time to update them as I had been planning to get involved some more ;-) Will upload somewhere next week. Met vriendelijke groet, With kind regards, Jorick Astrego Netbulae Virtualization Experts Tel: 053 20 30 270 i...@netbulae.euStaalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] PXE boot issue
On 09/04/15 10:31, Brandon Merjil wrote: But my question is still why does this work with libvirt/kvm and ovirt fails. libvirt/kvm is not doing run once, it is using the defaults provided by the host which is PXE first HD second. I guess you are running into the ipxe boot loop problem: http://ipxe.org/howto/chainloading#breaking_the_infinite_loop this still seems to be a foreman problem to me, because it's the dhcp/pxe server who handles what gets booted. I know for sure cobbler can handle this, maybe it's a bug in how foreman dhcp/pxe selects the local boot device in ovirt vms? HTH -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] simple-sso w. kerberos iplanet ldap - login slow and unreliable (ovirt 3.5.1.1)
Hi, Just for me to understand... sometime it works and sometime it does not work with same user aneil2? From the log I can see that you probably have Basic Authorization Headers enabled, are you sure you do not type user/password in the browser credentials dialog? can you please add KrbMethodK5Passwd off to the apache configuration to make sure it is not prompted? To clear this, if you use firefox go to History-Clear Recent and select only Active Logins. What I see is that aneil2 cannot be located, and fallback to Basic Authorization Headers is probably performed, and in these the aneil2 is specified without @profile suffix (as expected) and it fails. Alon - Original Message - From: Alastair Neil ajneil.t...@gmail.com To: Ovirt Users users@ovirt.org Sent: Thursday, April 9, 2015 9:46:09 PM Subject: [ovirt-users] simple-sso w. kerberos iplanet ldap - login slow and unreliable (ovirt 3.5.1.1) I have configured the simple-sso with kerberos. I can successfully login most of the time, but often the login fails and I am dropped at the portal login window and prompted for the internal account username and password. Host is FC 20. Also, adding users in the GMU-authz o= gmu.edu namespace is agonisingly slow returning from the directory lookup. I can see from the apache logs that the kerberos authentication is successful, but in the engine logs I see many errors: 2015-04-09 13:39:28,493 ERROR [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter] (ajp--127.0.0.1-8702-11) Cannot obtain profile for user aneil2 and eventually: 2015-04-09 13:39:28,342 ERROR [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter] (ajp--127.0.0.1-8702-5) Cannot obtain profile for user aneil2 {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Extkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL 2.0, Extkey[name=EXTENSION_NOTES;type=class java.lang.String;uuid=EXTENSION_NOTES[2da5ad7e-185a-4584-aaff-97f66978e4ea];]=Display name: ovirt-engine-extension-aaa-ldap-1.0.2-1.fc20, Extkey[name=EXTENSION_HOME_URL;type=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]= http://www.ovirt.org , Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=ovirt-engine-extension-aaa-ldap.authz, Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EXTENSION_CONFIGURATION;type=class java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=50, Extkey[name=EXTENSION_INSTANCE_NAME;type=class java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=GMU-authz, Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0, Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[], Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*, Extkey[name=EXTENSION_VERSION;type=class java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=1.0.2, Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[o= gmu.edu ], Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.ovirt-engine-extension-aaa-ldap.authz.GMU-authz), Extkey[name=EXTENSION_PROVIDES;type=interface java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz], Extkey[name=EXTENSION_CONFIGURATION_FILE;type=class
Re: [ovirt-users] ovirt-guest-agent outdated?
On 04/09/2015 09:55 AM, Jorick Astrego wrote: On 04/09/2015 08:56 AM, Vinzenz Feenstra wrote: On 04/08/2015 04:34 PM, Jorick Astrego wrote: Hi, Hi, Testing 3.5.2rc3, I see AVC denied messages for the ovrit-guest agent (installed through cloud-init). type=AVC msg=audit(1428510418.333:142): avc: denied { read } for pid=1113 comm=ovirt-guest-age name=online dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file type=AVC msg=audit(1428510418.333:142): avc: denied { open } for pid=1113 comm=ovirt-guest-age name=online dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file type=SYSCALL msg=audit(1428510418.333:142): arch=c03e syscall=2 success=yes exit=6 a0=7f8a655612b8 a1=8 a2=2803ff a3=0 items=0 ppid=1 pid=1113 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm=ovirt-guest-age exe=/usr/bin/python subj=system_u:system_r:rhev_agentd_t:s0 key=(null) And when I check the rpm I see: rpm -qa|grep ovirt ovirt-release-el6-10.0.1-3.noarch ovirt-guest-agent-1.0.8-1.el6.noarch Well the latest guest agent is always available on epel for el5/6/7 and for fedora in the fedora repos I am not sure why it's not available in the public ovirt repositories, however that was somehow always a problem with ovirt releases, but I recommend anyway to use epel for the ovirt guest agent due to the fact that I am releasing the guest agent always to epel and it will get updated from there. Please also note that the repo location has changed. ovirt-3.5 for el6 is now here: http://resources.ovirt.org/pub/ovirt-3.5/rpm/el6/ However what I don't know, is how the 3.3.3 repository got installed for you, I am not sure that this was done by the bare 'cloud-init', that might be specific to your cloud init configuration. Well that can't be specific. I completely wipe the test environment every couple weeks and just provisioned a completely fresh ovirt 3.5.2rc3 install. Normally I don't use cloud-init as we have foreman, but I was testing it. The only thing I did was, create new VM and checked the cloud-init/sysprep checkbox. The rest oVirt did automatically. What I think is happening is that the CentOS 6.5 image in the ovirt-image-repository glance provider is outdated. I used this as template for quick testing. Does anyone know who maintains these images? Sandro, do you by any chance know who does? Met vriendelijke groet, With kind regards, Jorick Astrego* Netbulae Virtualization Experts * Tel: 053 20 30 270 i...@netbulae.euStaalsteden 4-3AKvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA EnschedeBTW NL821234584B01 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- Regards, Vinzenz Feenstra | Senior Software Engineer RedHat Engineering Virtualization R D Phone: +420 532 294 625 IRC: vfeenstr or evilissimo Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Fwd: Spice console without rebooting the VM
On Út, 2015-04-07 at 09:06 -0300, Marcelo Donato wrote: Hi everyone! Connecting to a VM in oVirt 3.5 shows Console connection denied. Another user has already accessed the console of this VM. When user tries to make a console connection to a virtual machine, the following error message is received: Console connection denied. Another user has already accessed the console of this VM. The VM should be rebooted to allow another user to access it, or changed by an admin to not enforce reboot between users accessing its console. Is it possible for multiple people to access the same Spice console without rebooting the VM? Check Disable strict user checking in Console Options tab of VM options. David -- Ao encaminhar esta mensagem, por favor: 1. Apague o meu e-mail e o meu nome. 2. Apague também os endereços dos amigos antes de reenviar 3. Use Cco ou Bcc para enviar mensagens! Dificulte a disseminação de vírus e spam. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] install IOPS limits
Hello, How it is possible to instal restrictions for everyone VM IOPS restrictions? I have read the documentation, how it can be made? http://www.ovirt.org/Features/blkio-support From the documentation: Engine Core DB qos: added limit fields to qos table: max_throughput max_read_throughput max_write_throughput max_iops max_read_iops max_write_iops Thanks, Roman Drovalev___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] PXE boot issue
Hello, I am testing provisioning from foreman 1.8.0 to ovirt 3.5 with both on CentOS 7.1503 and have run into an issue after the system has been deployed to ovirt. When the guest system reboots after the kickstart completes it loads the PXE menu from a the same tftp server which tries to start localboot 0. It then tries to boot based on the order that ovirt had set for the guest, which is PXE first and HD second. The message I'm seeing is Booting from local disk... No more network devices No bootable device If I change the guest boot options to only the virtual HD the guest boots up without an issue. I have also done a provision to a plain libvirt/kvm server and had no issue after the reboot. Same foreman server and tftp server with PXE menu localboot 0 option were used. Any ideas what I might be running into here, and any additional information needed. Thanks. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Storage domain not in pool issue
On 09/04/15 14:16 +, VONDRA Alain wrote: Hi, What do you about my last email, do you have a non destructive option to solve my problem ? The approach I suggest would leave the original data on the broken storage domain so it's non-destructive. That's really all I am able to offer as a path forward. I think we've given others ample time to respond. -- Adam Litke ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Fwd: Spice console without rebooting the VM
Thanks David. Resolved. 2015-04-09 5:49 GMT-03:00 David Jaša dj...@redhat.com: On Út, 2015-04-07 at 09:06 -0300, Marcelo Donato wrote: Hi everyone! Connecting to a VM in oVirt 3.5 shows Console connection denied. Another user has already accessed the console of this VM. When user tries to make a console connection to a virtual machine, the following error message is received: Console connection denied. Another user has already accessed the console of this VM. The VM should be rebooted to allow another user to access it, or changed by an admin to not enforce reboot between users accessing its console. Is it possible for multiple people to access the same Spice console without rebooting the VM? Check Disable strict user checking in Console Options tab of VM options. David -- Ao encaminhar esta mensagem, por favor: 1. Apague o meu e-mail e o meu nome. 2. Apague também os endereços dos amigos antes de reenviar 3. Use Cco ou Bcc para enviar mensagens! Dificulte a disseminação de vírus e spam. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- Ao encaminhar esta mensagem, por favor: 1. Apague o meu e-mail e o meu nome. 2. Apague também os endereços dos amigos antes de reenviar 3. Use Cco ou Bcc para enviar mensagens! Dificulte a disseminação de vírus e spam. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt-guest-agent outdated?
Il 09/04/2015 10:17, Jorick Astrego ha scritto: On 04/09/2015 10:12 AM, Sandro Bonazzola wrote: Il 09/04/2015 10:03, Vinzenz Feenstra ha scritto: On 04/09/2015 09:55 AM, Jorick Astrego wrote: On 04/09/2015 08:56 AM, Vinzenz Feenstra wrote: On 04/08/2015 04:34 PM, Jorick Astrego wrote: Hi, Hi, Testing 3.5.2rc3, I see AVC denied messages for the ovrit-guest agent (installed through cloud-init). type=AVC msg=audit(1428510418.333:142): avc: denied { read } for pid=1113 comm=ovirt-guest-age name=online dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file type=AVC msg=audit(1428510418.333:142): avc: denied { open } for pid=1113 comm=ovirt-guest-age name=online dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file type=SYSCALL msg=audit(1428510418.333:142): arch=c03e syscall=2 success=yes exit=6 a0=7f8a655612b8 a1=8 a2=2803ff a3=0 items=0 ppid=1 pid=1113 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm=ovirt-guest-age exe=/usr/bin/python subj=system_u:system_r:rhev_agentd_t:s0 key=(null) And when I check the rpm I see: rpm -qa|grep ovirt ovirt-release-el6-10.0.1-3.noarch ovirt-guest-agent-1.0.8-1.el6.noarch Well the latest guest agent is always available on epel for el5/6/7 and for fedora in the fedora repos I am not sure why it's not available in the public ovirt repositories, however that was somehow always a problem with ovirt releases, but I recommend anyway to use epel for the ovirt guest agent due to the fact that I am releasing the guest agent always to epel and it will get updated from there. Please also note that the repo location has changed. ovirt-3.5 for el6 is now here: http://resources.ovirt.org/pub/ovirt-3.5/rpm/el6/ However what I don't know, is how the 3.3.3 repository got installed for you, I am not sure that this was done by the bare 'cloud-init', that might be specific to your cloud init configuration. Well that can't be specific. I completely wipe the test environment every couple weeks and just provisioned a completely fresh ovirt 3.5.2rc3 install. Normally I don't use cloud-init as we have foreman, but I was testing it. The only thing I did was, create new VM and checked the cloud-init/sysprep checkbox. The rest oVirt did automatically. What I think is happening is that the CentOS 6.5 image in the ovirt-image-repository glance provider is outdated. I used this as template for quick testing. Does anyone know who maintains these images? Sandro, do you by any chance know who does? Nobody maintains actively the images in the glance repository. I raised the issue a while ago[1] and proposed as get involved task to provide updated images[2] for the glance repository. Once new images will be available, Oved can upload them into the glance repository. [1] http://lists.ovirt.org/pipermail/devel/2015-April/010193.html [2] http://lists.ovirt.org/pipermail/devel/2015-April/010199.html Ok, I will schedule some time to update them as I had been planning to get involved some more ;-) Will upload somewhere next week. Great :-) ** Met vriendelijke groet, With kind regards, Jorick Astrego* Netbulae Virtualization Experts * -- Tel: 053 20 30 270i...@netbulae.euStaalsteden 4-3AKvK 08198180 Fax: 053 20 30 271www.netbulae.eu 7547 TA EnschedeBTW NL821234584B01 -- ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Can I somehow disable vdsms restore_nets ?
I use quite a lot of my own config and vdsm restores his version of /etc/sysconfig/network-scripts/ifcfg-* on each start. Can the restore_nets be disabled somehow? -- Ernest Beinrohr, AXON PRO Ing http://www.beinrohr.sk/ing.php, RHCE http://www.beinrohr.sk/rhce.php, RHCVA http://www.beinrohr.sk/rhce.php, LPIC http://www.beinrohr.sk/lpic.php, VCA http://www.beinrohr.sk/vca.php, +421-2-62410360 +421-903-482603 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] PXE boot issue
On Apr 9, 2015, at 10:49 , Brandon Merjil bmer...@ken-ohki.org wrote: I looked at that as well but ovirt is using gPXE, and I my situation there is no loop. it just stops after trying once. Is there an api reference for the run once option. I'd like to have some thing to point to if I start asking the foreman group about this. I believe Sven is right; RunOnce is not relevant if you speak about reboot within the guest OS. I suppose that's the case. It is the same QEMU process then and the only difference might be in PXE bootrom, possibly a gPXE bug. On Apr 9, 2015 17:44, Sven Kieske s.kie...@mittwald.de wrote: On 09/04/15 10:31, Brandon Merjil wrote: But my question is still why does this work with libvirt/kvm and ovirt fails. libvirt/kvm is not doing run once, it is using the defaults provided by the host which is PXE first HD second. I guess you are running into the ipxe boot loop problem: http://ipxe.org/howto/chainloading#breaking_the_infinite_loop this still seems to be a foreman problem to me, because it's the dhcp/pxe server who handles what gets booted. I know for sure cobbler can handle this, maybe it's a bug in how foreman dhcp/pxe selects the local boot device in ovirt vms? HTH -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] PXE boot issue
I'm doing the provision from foreman and not ovirt. So when you provision from Foreman you cannot do a run once as it is calling the api side of ovirt. There is also the fact that when this is done on just libvirt/kvm it works correctly with the boot order that is PXE first then HD second after the system has been provisioned. On Apr 9, 2015 16:38, Michal Skrivanek michal.skriva...@redhat.com wrote: On Apr 9, 2015, at 08:38 , Brandon Merjil bmer...@ken-ohki.org wrote: Hello, I am testing provisioning from foreman 1.8.0 to ovirt 3.5 with both on CentOS 7.1503 and have run into an issue after the system has been deployed to ovirt. When the guest system reboots after the kickstart completes it loads the PXE menu from a the same tftp server which tries to start localboot 0. It then tries to boot based on the order that ovirt had set for the guest, which is PXE first and HD second. The message I'm seeing is Booting from local disk... No more network devices No bootable device If I change the guest boot options to only the virtual HD the guest boots up without an issue. I have also done a provision to a plain libvirt/kvm server and had no issue after the reboot. Same foreman server and tftp server with PXE menu localboot 0 option were used. Any ideas what I might be running into here, and any additional information needed. The boot order is fixed in VM configuration. For initial config/install it would be recommended to use Run Once with changed boot order Thanks, michal Thanks. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] PXE boot issue
I looked at that as well but ovirt is using gPXE, and I my situation there is no loop. it just stops after trying once. Is there an api reference for the run once option. I'd like to have some thing to point to if I start asking the foreman group about this. On Apr 9, 2015 17:44, Sven Kieske s.kie...@mittwald.de wrote: On 09/04/15 10:31, Brandon Merjil wrote: But my question is still why does this work with libvirt/kvm and ovirt fails. libvirt/kvm is not doing run once, it is using the defaults provided by the host which is PXE first HD second. I guess you are running into the ipxe boot loop problem: http://ipxe.org/howto/chainloading#breaking_the_infinite_loop this still seems to be a foreman problem to me, because it's the dhcp/pxe server who handles what gets booted. I know for sure cobbler can handle this, maybe it's a bug in how foreman dhcp/pxe selects the local boot device in ovirt vms? HTH -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Storage domain not in pool issue
Hi, What do you about my last email, do you have a non destructive option to solve my problem ? Thanks Alain Alain VONDRA Chargé d'exploitation des Systèmes d'Information Direction Administrative et Financière +33 1 44 39 77 76 UNICEF France 3 rue Duguay Trouin 75006 PARIS www.unicef.fr -Message d'origine- De : users-boun...@ovirt.org [mailto:users-boun...@ovirt.org] De la part de VONDRA Alain Envoyé : mercredi 8 avril 2015 16:26 À : Adam Litke Cc : users@ovirt.org Objet : Re: [ovirt-users] Storage domain not in pool issue Hi Adam, Thank you to take your precious time to my problem. First of all, I want to precise that I don't want to recreate new VMs, but to recover them in the 2 Storage domains, I don't have any backups of them. So I don't just want to re-active the domains, I'd prefer a non destructive solution. Regards Alain Alain VONDRA Chargé d'exploitation des Systèmes d'Information Direction Administrative et Financière +33 1 44 39 77 76 UNICEF France 3 rue Duguay Trouin 75006 PARIS www.unicef.fr -Message d'origine- De : Adam Litke [mailto:ali...@redhat.com] Envoyé : mercredi 8 avril 2015 16:05 À : VONDRA Alain Cc : users@ovirt.org Objet : Re: [ovirt-users] Storage domain not in pool issue On 08/04/15 09:48 +, VONDRA Alain wrote: Hi, Is there any news ?? I there anybody who can help me ? This long silence get me more and more worried. I saw that Federico Simoncelli is working on a new feature StoragePool Metadata Removal, but I don't have any advice from him or anybody else. I'd be really happy to know if somebody works on this kind of problem, I guess that I'm not the only one with this issue, and potentially this can be a disaster bug that could be a bad thing for the reputation of the oVirt platform. Don't forget that my Data Center is out of order since March 13th, and this is not trustable for a production environment. Let me know what you think about it ? Hi, Yesterday I tried to reproduce your situation with a local oVirt setup I have. I then tried to manually alter the metadata to force detach the storage domain from the old pool. My steps involved the use of the vgchange command to remove and add VG tags to the volume group that holds the storage domain. Unfortunately I was not successful in reviving the domain. I'm trying to find some help for you since I think I have reached my limit for this situation. How familiar are you with LVM? If you can activate the VG for your storage domain and then activate all of its LVs, you may be able to scrape the disks off of the storage using the qemu-img command. If you place those disks on an export domain then you could import them into your working storage domain and use them to recreate new VMs. This is a clunky and labor intensive solution but could work if we are unable to revive the domain in its entirety. Let me know if you'd like to pursue this approach. -- Adam Litke ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] install IOPS limits
On 04/09/2015 10:31 AM, Roman Nikolayevich Drovalev wrote: Hello, How it is possible to instal restrictions for everyone VM IOPS restrictions? I have read the documentation, how it can be made? 1. under your Data-Center- QoS subtab create a new one with the desired iops 2. go to one of your storage - disk profile subtab, and now edit the profile with the name of your storage domain. 3. pick the newly created QoS from stage 1. now the all the disks under this storage domain have this profile. a restart of the VM from the engine is required. http://www.ovirt.org/Features/blkio-support From the documentation: *Engine Core * *DB * qos: added limit fields to qos table: max_throughput max_read_throughput max_write_throughput max_iops max_read_iops max_write_iops Thanks, Roman Drovalev ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Fedora 21 Hosted Engine Install
Il 08/04/2015 05:55, Mikola Rose ha scritto: What is the correct repo for the hosted engine setup? I have installed; yum localinstall http://resources.ovirt.org/pub/yum-repo/ovirt-release35.rpm but when I go to install it yum can not find it… I must be missing something here... There's no support for Engine on Fedora 21 and thus no support for Hosted Engine on F21. There's a planned feature to get oVirt working on F22 for oVirt 3.6 but for now, latest Fedora supported version is F20. Loaded plugins: langpacks Installed Packages libgovirt.x86_64 0.3.2-1.fc21 @fedora ovirt-release35.noarch 002-1 @/ovirt-release35 Available Packages libgovirt.i686 0.3.2-1.fc21 fedora libgovirt-devel.i686 0.3.2-1.fc21 fedora libgovirt-devel.x86_64 0.3.2-1.fc21 fedora mingw32-libgovirt.noarch 0.3.2-1.fc21 updates mingw32-libgovirt-static.noarch 0.3.2-1.fc21 updates mingw64-libgovirt.noarch 0.3.2-1.fc21 updates mingw64-libgovirt-static.noarch 0.3.2-1.fc21 updates ovirt-engine-cli.noarch 3.5.0.5-1.fc21 updates ovirt-engine-sdk-java.noarch 3.5.1.0-1.fc21 updates ovirt-engine-sdk-java-javadoc.noarch 3.5.1.0-1.fc21 updates ovirt-engine-sdk-python.noarch 3.5.1.0-1.fc21 updates ovirt-guest-agent-common.noarch 1.0.10.2-1.fc21 fedora ovirt-guest-agent-gdm-plugin.noarch 1.0.10.2-1.fc21 fedora ovirt-guest-agent-kdm-plugin.x86_64 1.0.10.2-1.fc21 fedora ovirt-guest-agent-pam-module.i686 1.0.10.2-1.fc21 fedora ovirt-guest-agent-pam-module.x86_64 1.0.10.2-1.fc21 fedora ovirt-node.x86_64 3.0.0-11.0.fc21 fedora ovirt-node-plugin-cim.x86_64 3.0.0-11.0.fc21 fedora ovirt-node-plugin-igor-slave.noarch 3.0.0-11.0.fc21 fedora ovirt-node-plugin-puppet.noarch 3.0.0-11.0.fc21 fedora ovirt-node-plugin-snmp.noarch 3.0.0-11.0.fc21 fedora ovirt-node-recipe.noarch 3.0.0-11.0.fc21 fedora ovirt-node-selinux.noarch 3.0.0-11.0.fc21 fedora ovirt-node-tools.noarch 3.0.0-11.0.fc21 fedora ovirt-release35-snapshot.noarch
Re: [ovirt-users] PXE boot issue
On Thu, 9 Apr 2015, Michal Skrivanek wrote: On Apr 9, 2015, at 10:49 , Brandon Merjil bmer...@ken-ohki.org wrote: I looked at that as well but ovirt is using gPXE, and I my situation there is no loop. it just stops after trying once. Is there an api reference for the run once option. I'd like to have some thing to point to if I start asking the foreman group about this. I believe Sven is right; RunOnce is not relevant if you speak about reboot within the guest OS. I suppose that's the case. It is the same QEMU process then and the only difference might be in PXE bootrom, possibly a gPXE bug. We're still running oVirt Engine 3.5.0 on Fedora 19, but I recently upgraded our hypervisor nodes to CentOS 7 (and then 7.1). I've had no end of trouble with the boot rom images available for CentOS 7.1 nodes. There are two sets of files and one set of symlinks: * /usr/share/qemu-kvm/rhel6-*.rom - actual files - installed by qemu-kvm-rhev package - the default images used by oVirt-installed qemu-kvm * /usr/share/ipxe/*.rom - actual files - installed by ipxe-roms-qemu package * /usr/share/qemu-kvm/pxe-*.rom - symlinks pointing to ../ipxe/*rom images - installed by qemu-kvm-rhev package I'll note that the qemu-kvm-rhev package is provided by the oVirt team; it's not part of the stock CentOS repository. In our environment, the rhel6-*.rom images won't accept responses from our DHCP server (dhcpd on CentOS 6), while the iPXE images fail when loading the 64-bit installation kernels for very new distributions: CentOS 7.1, Ubuntu 1410 and 1404, and Debian sid. In the end, I punted. I extracted the iPXE images from the Fedora 20 ipxe-roms-qemu and tasked cfengine with pushing them into place: 10222000.rom - /usr/share/qemu-kvm/rhel6-pcnet.rom 10ec8029.rom - /usr/share/qemu-kvm/rhel6-ne2k_pci.rom 10ec8139.rom - /usr/share/qemu-kvm/rhel6-rtl8139.rom 1af41000.rom - /usr/share/qemu-kvm/rhel6-virtio.rom 8086100e.rom - /usr/share/qemu-kvm/rhel6-e1000.rom That's the only solution that works for me. NOTE: The ROM images must be the same on all your hypervisor nodes; if they aren't, live migrations will fail. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt-guest-agent outdated?
Il 09/04/2015 10:03, Vinzenz Feenstra ha scritto: On 04/09/2015 09:55 AM, Jorick Astrego wrote: On 04/09/2015 08:56 AM, Vinzenz Feenstra wrote: On 04/08/2015 04:34 PM, Jorick Astrego wrote: Hi, Hi, Testing 3.5.2rc3, I see AVC denied messages for the ovrit-guest agent (installed through cloud-init). type=AVC msg=audit(1428510418.333:142): avc: denied { read } for pid=1113 comm=ovirt-guest-age name=online dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file type=AVC msg=audit(1428510418.333:142): avc: denied { open } for pid=1113 comm=ovirt-guest-age name=online dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file type=SYSCALL msg=audit(1428510418.333:142): arch=c03e syscall=2 success=yes exit=6 a0=7f8a655612b8 a1=8 a2=2803ff a3=0 items=0 ppid=1 pid=1113 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm=ovirt-guest-age exe=/usr/bin/python subj=system_u:system_r:rhev_agentd_t:s0 key=(null) And when I check the rpm I see: rpm -qa|grep ovirt ovirt-release-el6-10.0.1-3.noarch ovirt-guest-agent-1.0.8-1.el6.noarch Well the latest guest agent is always available on epel for el5/6/7 and for fedora in the fedora repos I am not sure why it's not available in the public ovirt repositories, however that was somehow always a problem with ovirt releases, but I recommend anyway to use epel for the ovirt guest agent due to the fact that I am releasing the guest agent always to epel and it will get updated from there. Please also note that the repo location has changed. ovirt-3.5 for el6 is now here: http://resources.ovirt.org/pub/ovirt-3.5/rpm/el6/ However what I don't know, is how the 3.3.3 repository got installed for you, I am not sure that this was done by the bare 'cloud-init', that might be specific to your cloud init configuration. Well that can't be specific. I completely wipe the test environment every couple weeks and just provisioned a completely fresh ovirt 3.5.2rc3 install. Normally I don't use cloud-init as we have foreman, but I was testing it. The only thing I did was, create new VM and checked the cloud-init/sysprep checkbox. The rest oVirt did automatically. What I think is happening is that the CentOS 6.5 image in the ovirt-image-repository glance provider is outdated. I used this as template for quick testing. Does anyone know who maintains these images? Sandro, do you by any chance know who does? Nobody maintains actively the images in the glance repository. I raised the issue a while ago[1] and proposed as get involved task to provide updated images[2] for the glance repository. Once new images will be available, Oved can upload them into the glance repository. [1] http://lists.ovirt.org/pipermail/devel/2015-April/010193.html [2] http://lists.ovirt.org/pipermail/devel/2015-April/010199.html Met vriendelijke groet, With kind regards, Jorick Astrego* Netbulae Virtualization Experts * -- Tel: 053 20 30 270 i...@netbulae.euStaalsteden 4-3AKvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA EnschedeBTW NL821234584B01 -- ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- Regards, Vinzenz Feenstra | Senior Software Engineer RedHat Engineering Virtualization R D Phone: +420 532 294 625 IRC: vfeenstr or evilissimo Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com -- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] FW: gluster and multipath
Fumble fingered accidental send... From: Bill Dossett Sent: 09 April 2015 11:33 To: users@ovirt.org Subject: gluster and multipath Hi, Just got very confused trying to add create an additional brick on my gluster node (I had created one yesterday and all was fine0 I had already created a partition on my /dev/sdb called sdb1 But when I tried mkfs.xfs (I am using xfs as that was in the example I was following - if LVM or something else would be better I am open to suggestions!) It said /dev/sdb1 no such file or directory - which confused me as this worked yesterday. I deleted the partition recreated it and tried and then it said that the device was busy. It appears that multipathd is the culprit... but what I am struggling with is why it worked yesterday?? I may have created the partition before I pushed the gluster install to it from the ovirt-engine? And does that install multipathd and it is now grabbing my devices? It is the only thing I can think of. And if that is the case - I guess I have to blacklist these devices in multipath.conf while I create the partitions? And reboot and then remove the blacklist and reboot - seems a bit clunky, is there a better way to add partitions and bricks? Or I am just in a vortex wormhole of misunderstanding and grasping at stars to try and pull myself out ? Thankyou for any advice - especially as this may not be so ovirt or a question, but it's what I am working on. Bill Dossett Systems Architect Tech Central - Global Engineering Services T +1 303 440 3523 M +44 (0)777 590 8612 bill.doss...@pb.commailto:bill.doss...@pb.com pitneybowes.comhttp://pitneybowes.com/ Pitney Bowes 4750 Walnut Street | Boulder, Colorado, 80301 | USA In Engineering? Raise a ticket via Remedy Anywhere [HEREapplewebdata://5D25CA10-0BA9-4233-9DDF-69951F87F8AB/teamsite.inside.pb.com/sites/TCPPM/GES/Lists/Create%20Incident/newIncident.aspx] takes less than a minute CloudForms User Guide available [HEREhttps://dl.dropboxusercontent.com/u/6219441/ManageIQ%20-%20User%20Manual%20PB%20v5.pdf] ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt-guest-agent outdated?
On 04/08/2015 04:34 PM, Jorick Astrego wrote: Hi, Hi, Testing 3.5.2rc3, I see AVC denied messages for the ovrit-guest agent (installed through cloud-init). type=AVC msg=audit(1428510418.333:142): avc: denied { read } for pid=1113 comm=ovirt-guest-age name=online dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file type=AVC msg=audit(1428510418.333:142): avc: denied { open } for pid=1113 comm=ovirt-guest-age name=online dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file type=SYSCALL msg=audit(1428510418.333:142): arch=c03e syscall=2 success=yes exit=6 a0=7f8a655612b8 a1=8 a2=2803ff a3=0 items=0 ppid=1 pid=1113 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm=ovirt-guest-age exe=/usr/bin/python subj=system_u:system_r:rhev_agentd_t:s0 key=(null) And when I check the rpm I see: rpm -qa|grep ovirt ovirt-release-el6-10.0.1-3.noarch ovirt-guest-agent-1.0.8-1.el6.noarch Well the latest guest agent is always available on epel for el5/6/7 and for fedora in the fedora repos I am not sure why it's not available in the public ovirt repositories, however that was somehow always a problem with ovirt releases, but I recommend anyway to use epel for the ovirt guest agent due to the fact that I am releasing the guest agent always to epel and it will get updated from there. Please also note that the repo location has changed. ovirt-3.5 for el6 is now here: http://resources.ovirt.org/pub/ovirt-3.5/rpm/el6/ However what I don't know, is how the 3.3.3 repository got installed for you, I am not sure that this was done by the bare 'cloud-init', that might be specific to your cloud init configuration. Then I checked the cloud-init installed /etc/yum.repos.d/el6-ovirt.repo and see version 3.3.3 is active. Shouldn't this be updated to 3.5.* [ovirt-stable] name=Older Stable builds of the oVirt project baseurl=http://ovirt.org/releases/stable/rpm/EL/$releasever/ enabled=1 skip_if_unavailable=1 gpgcheck=0 [ovirt-3.3.3] name=oVirt 3.3.3 release baseurl=http://resources.ovirt.org/releases/3.3.3/rpm/EL/$releasever/ enabled=1 skip_if_unavailable=1 gpgcheck=0 [ovirt-updates-testing] name=Test Updates builds of the oVirt project baseurl=http://ovirt.org/releases/updates-testing/rpm/EL/$releasever/ enabled=0 skip_if_unavailable=1 gpgcheck=0 [ovirt-beta] name=Beta builds of the oVirt project baseurl=http://ovirt.org/releases/beta/rpm/EL/$releasever/ enabled=0 skip_if_unavailable=1 gpgcheck=0 [ovirt-nightly] name=Nightly builds of the oVirt project baseurl=http://ovirt.org/releases/nightly/rpm/EL/$releasever/ enabled=0 skip_if_unavailable=1 gpgcheck=0 [ovirt-3.4.0-alpha] name=3.4.0 alpha testing repo for the oVirt project baseurl=http://ovirt.org/releases/3.4.0-alpha/rpm/EL/$releasever/ enabled=0 skip_if_unavailable=1 gpgcheck=0 [ovirt-3.4.0-prerelease] name=Pre release builds of the oVirt 3.4 project baseurl=http://resources.ovirt.org/releases/3.4.0_pre/rpm/EL/$releasever/ enabled=0 skip_if_unavailable=1 gpgcheck=0 Met vriendelijke groet, With kind regards, Jorick Astrego* Netbulae Virtualization Experts * Tel: 053 20 30 270 i...@netbulae.euStaalsteden 4-3AKvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA EnschedeBTW NL821234584B01 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- Regards, Vinzenz Feenstra | Senior Software Engineer RedHat Engineering Virtualization R D Phone: +420 532 294 625 IRC: vfeenstr or evilissimo Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] PXE boot issue
On 09/04/15 10:30, Brandon Merjil wrote: But my question is still why does this work with libvirt/kvm and ovirt fails. libvirt/kvm is not doing run once, it is using the defaults provided by the host which is PXE first HD second. Please keep the topic on the list, so the whole community can benefit. Well this could have been caused by multiple things: First: I assume you also do the libvirt install via foreman. if this is the case we have 2 possibilities here: 1. foreman does a different pxe boot for plain libvirt than for ovirt. 2. the generated libvirt xml differs between ovirt and plain libvirt. You could try to check number 2. by doing: virsh -r dumpxml $YOURVMNAME and compare that HTH -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] about testing scenario
- Original Message - From: Leandro Roggerone lrogger...@directvla.com.ar To: users@ovirt.org Sent: Sunday, April 5, 2015 3:33:11 AM Subject: [ovirt-users] about testing scenario Hello , Everyone; My name is Leandro. I have been reading about virtualization features and Its benefits so Im thinking about deploying a virtualized IP core enviroment. Main services I will need to run are , dns , dhcp, radius , and openvpn. Note that normally, ovirt requires a working dhcp/dns service on the lan, or static configuration (ip addresses and /etc/hosts files). Since I have never installed ovirt , I would like to deploy a testing/learning scenario using two i5 with 6gb ram memory laptops. My idea is to run the ovirt engine in one machine and at least 3 virtual centos hosts in the other while I wait for the real servers. I have no plan of deploying any network storage. Some questions come to my mind: For the engine: Is there any recommended iso/distro with the ovirt package or should I use a machine with fedora/centos already installed ? Most users use fedora or centos. You can also try the engine appliance [1]. Adding Fabian because the link there to jenkins builds is broken, not sure where else to download it from. [1] http://www.ovirt.org/Feature/oVirtAppliance For the node. Is there any recommended iso/distro? Either a fat node with fedora or centos, or ovirt-node. If you want to see what people are actually using, you can have a look at the results [2] of the recent survey we had... [2] https://www.mail-archive.com/users@ovirt.org/msg25032.html Where should I keep the iso file of the virtualized OS. (ex centos / routerOS.) In the ISO domain. Is it possible to deploy virtualized environment without network storage? I would like to run everything locally. It is, but you'll not have high-availability. My services requieres very fast i/o processing from the hard disk, My consern is that since I have 1gb network interface, the process can experience some delay or timeouts waiting data from the network. That is why I would like to keep the storage locally. It makes sense, but in practice, if that's really important, you should benchmark your actual application - reading, over the network, data cached in the server's RAM, might be faster than having to seek a local disk to find it. Best, -- Didi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] gluster and multipath
Hi, Just got very confused trying to add create an additional brick on my gluster node (I had created one yesterday and all was fine0 I had already created a partition on my /dev/sdb called sdb1 But when I tried mkfs.xfs (I am using xfs as that was in the example I was following - if LVM or something else would be better I am open to suggestions!) It said /dev/sdb1 no such file or directory - which confused me as this worked yesterday. I deleted the partition recreated it and tried and then it said that the device was busy. It appears that multipathd is the culprit... but what I am struggling with is why it worked yesterday?? I may have created the partition before I pushed the gluster install to it from the ovirt-engine? And does that install multi Bill Dossett Systems Architect Tech Central - Global Engineering Services T +1 303 440 3523 M +44 (0)777 590 8612 bill.doss...@pb.commailto:bill.doss...@pb.com pitneybowes.comhttp://pitneybowes.com/ Pitney Bowes 4750 Walnut Street | Boulder, Colorado, 80301 | USA In Engineering? Raise a ticket via Remedy Anywhere [HEREapplewebdata://5D25CA10-0BA9-4233-9DDF-69951F87F8AB/teamsite.inside.pb.com/sites/TCPPM/GES/Lists/Create%20Incident/newIncident.aspx] takes less than a minute CloudForms User Guide available [HEREhttps://dl.dropboxusercontent.com/u/6219441/ManageIQ%20-%20User%20Manual%20PB%20v5.pdf] ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt-guest-agent outdated?
On 04/09/2015 08:56 AM, Vinzenz Feenstra wrote: On 04/08/2015 04:34 PM, Jorick Astrego wrote: Hi, Hi, Testing 3.5.2rc3, I see AVC denied messages for the ovrit-guest agent (installed through cloud-init). type=AVC msg=audit(1428510418.333:142): avc: denied { read } for pid=1113 comm=ovirt-guest-age name=online dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file type=AVC msg=audit(1428510418.333:142): avc: denied { open } for pid=1113 comm=ovirt-guest-age name=online dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file type=SYSCALL msg=audit(1428510418.333:142): arch=c03e syscall=2 success=yes exit=6 a0=7f8a655612b8 a1=8 a2=2803ff a3=0 items=0 ppid=1 pid=1113 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm=ovirt-guest-age exe=/usr/bin/python subj=system_u:system_r:rhev_agentd_t:s0 key=(null) And when I check the rpm I see: rpm -qa|grep ovirt ovirt-release-el6-10.0.1-3.noarch ovirt-guest-agent-1.0.8-1.el6.noarch Well the latest guest agent is always available on epel for el5/6/7 and for fedora in the fedora repos I am not sure why it's not available in the public ovirt repositories, however that was somehow always a problem with ovirt releases, but I recommend anyway to use epel for the ovirt guest agent due to the fact that I am releasing the guest agent always to epel and it will get updated from there. Please also note that the repo location has changed. ovirt-3.5 for el6 is now here: http://resources.ovirt.org/pub/ovirt-3.5/rpm/el6/ However what I don't know, is how the 3.3.3 repository got installed for you, I am not sure that this was done by the bare 'cloud-init', that might be specific to your cloud init configuration. Well that can't be specific. I completely wipe the test environment every couple weeks and just provisioned a completely fresh ovirt 3.5.2rc3 install. Normally I don't use cloud-init as we have foreman, but I was testing it. The only thing I did was, create new VM and checked the cloud-init/sysprep checkbox. The rest oVirt did automatically. What I think is happening is that the CentOS 6.5 image in the ovirt-image-repository glance provider is outdated. I used this as template for quick testing. Does anyone know who maintains these images? Met vriendelijke groet, With kind regards, Jorick Astrego Netbulae Virtualization Experts Tel: 053 20 30 270 i...@netbulae.euStaalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] PXE boot issue
But my question is still why does this work with libvirt/kvm and ovirt fails. libvirt/kvm is not doing run once, it is using the defaults provided by the host which is PXE first HD second. On Apr 9, 2015 17:21, Sven Kieske s.kie...@mittwald.de wrote: On 09/04/15 10:03, Brandon Merjil wrote: I'm doing the provision from foreman and not ovirt. So when you provision from Foreman you cannot do a run once as it is calling the api side of ovirt. this is not true! the run once functionality can be called via api. but I don't know if foreman supports this, but this would be a question for the foreman community. -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] PXE boot issue
On Apr 9, 2015, at 08:38 , Brandon Merjil bmer...@ken-ohki.org wrote: Hello, I am testing provisioning from foreman 1.8.0 to ovirt 3.5 with both on CentOS 7.1503 and have run into an issue after the system has been deployed to ovirt. When the guest system reboots after the kickstart completes it loads the PXE menu from a the same tftp server which tries to start localboot 0. It then tries to boot based on the order that ovirt had set for the guest, which is PXE first and HD second. The message I'm seeing is Booting from local disk... No more network devices No bootable device If I change the guest boot options to only the virtual HD the guest boots up without an issue. I have also done a provision to a plain libvirt/kvm server and had no issue after the reboot. Same foreman server and tftp server with PXE menu localboot 0 option were used. Any ideas what I might be running into here, and any additional information needed. The boot order is fixed in VM configuration. For initial config/install it would be recommended to use Run Once with changed boot order Thanks, michal Thanks. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Cancel a running task | Zombie Task
On Thu, 9 Apr 2015, Punit Dambiwal wrote: I have checked and found two tasks running from last 14 hours and there is no option to kill it... Inline image 1 from the SPM host :- [root@cpu11 ~]# vdsClient -s 0 getAllTasksStatuses {'status': {'message': 'OK', 'code': 0}, 'allTasksStatus': {}} [root@cpu11 ~]# Please let me know how i can kill those processes... There may be a officially blessed method for killing zombie tasks, but my experience is that all you can do is delete them from the database. On the ovirt-engine server, get a psql shell, e.g., psql -d engine -U postgres Data about running tasks are stored in the job table. You might find this query interesting: select * from job order by start_time desc; Grab the job_id for the task you want to delete, then use the DeleteJob procedure, e.g., select DeleteJob('8424f7a9-2a4c-4567-b528-45bbc1c2534f'); Give the web GUI a minute or so to catch up with you. The tasks should be gone. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Ovirt, conexion noVnc and spice problem
Hi, please verify the following things: 1: you have the websocket proxy running 2: the WebSocketProxy property from engine config points to the running instance of the websocket proxy (it is set using the engine-config) 3: you have the ca.crt of your engine properly imported to your browser (http://engine-addr/ca.crt) 4: the novnc.noarch and the spice-html5.noarch packages are installed on your engine machine Tomas - Original Message - From: Marcelo Vera cheloxtr...@gmail.com To: users@ovirt.org Sent: Tuesday, April 7, 2015 5:01:28 PM Subject: [ovirt-users] Ovirt, conexion noVnc and spice problem Good morning, thank you for accepting me into this group. I'm from Paraguay and I am not very good with English, thankfully there is google translator. I am new to this, and now have problems with oVirt. The problem is I can not access the console of the virtual machine in noVnc mode, or using spice. noVnc, error: WebUtil reference is not defined spice, WebSocket error: Can not connect to websocket on URL ... from and I appreciate your help. I checked my browser supports websocket and html5 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] PXE boot issue
On 09/04/15 10:03, Brandon Merjil wrote: I'm doing the provision from foreman and not ovirt. So when you provision from Foreman you cannot do a run once as it is calling the api side of ovirt. this is not true! the run once functionality can be called via api. but I don't know if foreman supports this, but this would be a question for the foreman community. -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users