[ovirt-users] oVirt infra hackathon is coming! save the date [11/05/15]
Hi, I'm glad to announce that we've scheduled a date for the 1st hackathon of oVirt infra. It will be held on the 11/05/15 and you're all welcome. For more details see [1] or contact infra at in...@ovirt.org. [1] http://www.ovirt.org/Infra/Hackathons -- Eyal Edri Supervisor, RHEV CI EMEA ENG Virtualization R&D Red Hat Israel phone: +972-9-7692018 irc: eedri ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] used engine-iso-uploader to upload ISO , but cant find the images
On 06/05/15 06:36, John Joseph wrote: Hi All I finished installing oVirto 3.5.2-1 on CentOS 6.6 64 bit OS and it is working and now I am slowly epxloring other feaures. I have uploaded a ISO image, and the message says that It is been uploaded as follows # engine-iso-uploader -i ISO_DOMAIN upload /root/CentOS-6.6-x86_64-Kazoo-0.iso Please provide the REST API password for the admin@internal oVirt Engine user (CTRL+D to abort): Uploading, please wait... INFO: Start uploading /root/CentOS-6.6-x86_64-Kazoo-0.iso WARNING: failed to refresh the list of files available in the ISO_DOMAIN ISO storage domain. Please refresh the list manually using the 'Refresh' button in the oVirt Webadmin console. INFO: /root/CentOS-6.6-x86_64-Kazoo-0.iso uploaded successfully When I try to referesh, I cannot see the ISO image so far, I did wait for 10 to 15 min and then refreshed also I have attached the screen shot for reference thanks Joseph John You need to attach and activate your ISO domain. Cheers Alex ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] used engine-iso-uploader to upload ISO , but cant find the images
- Original Message -
> From: "John Joseph"
> To: users@ovirt.org
> Sent: Wednesday, May 6, 2015 8:36:37 AM
> Subject: [ovirt-users] used engine-iso-uploader to upload ISO , but
> cant find the images
>
> Hi All
> I finished installing oVirto 3.5.2-1 on CentOS 6.6 64 bit OS and it is
> working and now I am slowly epxloring other feaures.
> I have uploaded a ISO image, and the message says that It is been uploaded as
> follows
>
> # engine-iso-uploader -i ISO_DOMAIN upload
> /root/CentOS-6.6-x86_64-Kazoo-0.iso
> Please provide the REST API password for the admin@internal oVirt Engine user
> (CTRL+D to abort):
> Uploading, please wait...
> INFO: Start uploading /root/CentOS-6.6-x86_64-Kazoo-0.iso
> WARNING: failed to refresh the list of files available in the ISO_DOMAIN ISO
> storage domain. Please refresh the list manually using the 'Refresh' button
> in the oVirt Webadmin console.
> INFO: /root/CentOS-6.6-x86_64-Kazoo-0.iso uploaded successfully
Please verify that it was indeed uploaded, ls -lR /root/of/your/iso/domain
>
> When I try to referesh, I cannot see the ISO image so far, I did wait for 10
> to 15 min and then refreshed also
Please check/post /var/log/ovirt-engine/{engine,server}.log
Best,
--
Didi
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [ ERROR ] Execution of setup failed , message shown at the end of installation
On Tuesday, 5 May 2015 4:40 PM, Simone Tiraboschi wrote: - Original Message - > From: "John Joseph" > To: users@ovirt.org > Sent: Tuesday, May 5, 2015 2:12:46 PM > Subject: Re: [ovirt-users] [ ERROR ] Execution of setup failed , message > shown at the end of installation > I saw that you got the same error: RequestError: status: 400 reason: Bad Request detail: Permission settings on the specified path do not allow access to the storage. Verify permission settings on the specified storage path. 2015-05-05 07:56:52 ERROR otopi.context context._executeMethod:161 Failed to execute stage 'Closing up': status: 400 reason: Bad Request detail: Permission settings on the specified path do not allow access to the storage. Verify permission settings on the specified storage path. The problem probably lies in not having eXecute permission for vdsm on /home/itsupport. In order for any user to traverse, not necessarily look into a directory, that user must have execute permission either via a group or via a direct permission. Please ensure that vdsm user could effectively write there before trying again. You can check it with: # sudo -u vdsm touch /home/itsupport/images/wtest Hi Simone, Great thanks to you. I was not able to write to the dir as vdsm Now taking clue from that, I made a dir in /home named as vdsm and gave ownership as "vdsm:kvm" then did sudo -u vdsm mkdir /home/vdsm/images sudo -u vdsm mkdir -p /home/vdsm/exports/iso then the installation and it is SUCCESS, THANKS to you Joseph John > Joseph John> Now this time also when I create a Virtual Machine image, the ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] AAA LDAP Authentication
blank suggests that there is initialization error.
please attach (do not paste) the ldap profile, extension properties and
engine.log.
I may need debug log as well, but lets start with this.
- Original Message -
> From: "David Smith"
> To: "Alon Bar-Lev"
> Cc: "users"
> Sent: Wednesday, May 6, 2015 12:49:09 AM
> Subject: Re: [ovirt-users] AAA LDAP Authentication
>
> I added that to the end, since there wasn't any reference on it as to where
> to put it;
> I restarted the engine and didn't notice any changes, the namespace still
> reads the same as before, and no users show up
> Note that in the field to the right of namespace it's blank, whereby with
> "internal" or our other pre-aaa ldap config it shows "*" and can be changed
> to a username as a filter, in this case it doesn't allow me to enter
> anything
>
> On Tue, May 5, 2015 at 2:34 PM, Alon Bar-Lev wrote:
>
> >
> > I beginning to understand... although I cannot figure out how login works
> > while search not.
> >
> > Anyway, try to add this to your profile:
> >
> > sequence-init.init.900-local-init-vars = local-init-vars
> > sequence.local-init-vars.010.description = override name space
> > sequence.local-init-vars.010.type = var-set
> > sequence.local-init-vars.010.var-set.variable = simple_namespaceDefault
> > sequence.local-init-vars.010.var-set.value =
> > cn=users,cn=accounts,dc=corp,dc=ft,dc=com
> > sequence.local-init-vars.020.description = apply filter to users
> > sequence.local-init-vars.020.type = var-set
> > sequence.local-init-vars.020.var-set.variable = simple_filterUserObject
> > sequence.local-init-vars.020.var-set.value =
> > ${seq:simple_filterUserObject}(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)
> > sequence.local-init-vars.030.description = apply filter to groups
> > sequence.local-init-vars.030.type = var-set
> > sequence.local-init-vars.030.var-set.variable = simple_filterGroupObject
> > sequence.local-init-vars.030.var-set.value =
> > ${seq:simple_filterGroupObject}(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)
> >
> >
> > - Original Message -
> > > From: "David Smith"
> > > To: "Alon Bar-Lev"
> > > Cc: "users"
> > > Sent: Wednesday, May 6, 2015 12:17:59 AM
> > > Subject: Re: [ovirt-users] AAA LDAP Authentication
> > >
> > > I can log into ovirt, I can see the profile, it doesn't throw any errors.
> > > However, it doesn't display any users. This is because the automatic
> > rootDN
> > > is wrong.
> > > oVirt shows "Namespace: dc=corp, dc=ft, dc=com" if this is the search
> > base
> > > it actually needs to be cn=users, cn=accounts, dc=corp, dc=ft, dc=com
> > > Hence my desire to configure rootDN
> > >
> > > Then, I also want to filter based on the above (sorry the traffic part
> > was
> > > a comment from testlink, the line should be)
> > > '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)';
> > > That filter is was makes sure the results only show users in the specific
> > > group I want to give access to.
> > >
> > > Thanks,
> > > David
> > >
> > > On Tue, May 5, 2015 at 2:08 PM, Alon Bar-Lev wrote:
> > >
> > > > Hi,
> > > >
> > > > So your configuration is working, just you want to filter users?
> > > >
> > > > I do not follow what organization filter is.
> > > >
> > > > > '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; //
> > e.g.
> > > > > '(organizationname=*Traffic)'
> > > >
> > > > It looks to me that you want to narrow the results based on specific
> > > > attribute value.
> > > >
> > > > But first you should confirm that all is working for you, only then we
> > can
> > > > start customize the provider to meet your special needs.
> > > >
> > > > Thanks,
> > > > Alon.
> > > >
> > > > - Original Message -
> > > > > From: "David Smith"
> > > > > To: "Alon Bar-Lev"
> > > > > Cc: "users"
> > > > > Sent: Wednesday, May 6, 2015 12:01:28 AM
> > > > > Subject: Re: [ovirt-users] AAA LDAP Authentication
> > > > >
> > > > > Hi Alon,
> > > > >
> > > > > Thanks for the quick reply.
> > > > > openldap works fine; I use it with testlink (as shown in the example
> > > > > config). We're not using active directory; Just LDAP. The example
> > config
> > > > I
> > > > > provided is fully inclusive of all configuration required for
> > "testlink"
> > > > to
> > > > > use LDAP, I also have jenkins and mantis configured using the same
> > > > > parameters (although their terminology on where to enter the
> > parameters
> > > > is
> > > > > varied, they use all the same information)
> > > > >
> > > > > The rootDSE is being determined automatically; however for my use
> > it's
> > > > > wrong and needs to be provided manually. Again, I have no control
> > over
> > > > > this. It's a company-wide configuration that won't be changed just
> > for
> > > > me.
> > > > >
> > > > > How would I be able to specify the organization filter line if I
> > added
> > > > some
> > > > > other include directive of whatever driver? I don't even understan
Re: [ovirt-users] AAA LDAP Authentication
I added that to the end, since there wasn't any reference on it as to where
to put it;
I restarted the engine and didn't notice any changes, the namespace still
reads the same as before, and no users show up
Note that in the field to the right of namespace it's blank, whereby with
"internal" or our other pre-aaa ldap config it shows "*" and can be changed
to a username as a filter, in this case it doesn't allow me to enter
anything
On Tue, May 5, 2015 at 2:34 PM, Alon Bar-Lev wrote:
>
> I beginning to understand... although I cannot figure out how login works
> while search not.
>
> Anyway, try to add this to your profile:
>
> sequence-init.init.900-local-init-vars = local-init-vars
> sequence.local-init-vars.010.description = override name space
> sequence.local-init-vars.010.type = var-set
> sequence.local-init-vars.010.var-set.variable = simple_namespaceDefault
> sequence.local-init-vars.010.var-set.value =
> cn=users,cn=accounts,dc=corp,dc=ft,dc=com
> sequence.local-init-vars.020.description = apply filter to users
> sequence.local-init-vars.020.type = var-set
> sequence.local-init-vars.020.var-set.variable = simple_filterUserObject
> sequence.local-init-vars.020.var-set.value =
> ${seq:simple_filterUserObject}(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)
> sequence.local-init-vars.030.description = apply filter to groups
> sequence.local-init-vars.030.type = var-set
> sequence.local-init-vars.030.var-set.variable = simple_filterGroupObject
> sequence.local-init-vars.030.var-set.value =
> ${seq:simple_filterGroupObject}(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)
>
>
> - Original Message -
> > From: "David Smith"
> > To: "Alon Bar-Lev"
> > Cc: "users"
> > Sent: Wednesday, May 6, 2015 12:17:59 AM
> > Subject: Re: [ovirt-users] AAA LDAP Authentication
> >
> > I can log into ovirt, I can see the profile, it doesn't throw any errors.
> > However, it doesn't display any users. This is because the automatic
> rootDN
> > is wrong.
> > oVirt shows "Namespace: dc=corp, dc=ft, dc=com" if this is the search
> base
> > it actually needs to be cn=users, cn=accounts, dc=corp, dc=ft, dc=com
> > Hence my desire to configure rootDN
> >
> > Then, I also want to filter based on the above (sorry the traffic part
> was
> > a comment from testlink, the line should be)
> > '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)';
> > That filter is was makes sure the results only show users in the specific
> > group I want to give access to.
> >
> > Thanks,
> > David
> >
> > On Tue, May 5, 2015 at 2:08 PM, Alon Bar-Lev wrote:
> >
> > > Hi,
> > >
> > > So your configuration is working, just you want to filter users?
> > >
> > > I do not follow what organization filter is.
> > >
> > > > '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; //
> e.g.
> > > > '(organizationname=*Traffic)'
> > >
> > > It looks to me that you want to narrow the results based on specific
> > > attribute value.
> > >
> > > But first you should confirm that all is working for you, only then we
> can
> > > start customize the provider to meet your special needs.
> > >
> > > Thanks,
> > > Alon.
> > >
> > > - Original Message -
> > > > From: "David Smith"
> > > > To: "Alon Bar-Lev"
> > > > Cc: "users"
> > > > Sent: Wednesday, May 6, 2015 12:01:28 AM
> > > > Subject: Re: [ovirt-users] AAA LDAP Authentication
> > > >
> > > > Hi Alon,
> > > >
> > > > Thanks for the quick reply.
> > > > openldap works fine; I use it with testlink (as shown in the example
> > > > config). We're not using active directory; Just LDAP. The example
> config
> > > I
> > > > provided is fully inclusive of all configuration required for
> "testlink"
> > > to
> > > > use LDAP, I also have jenkins and mantis configured using the same
> > > > parameters (although their terminology on where to enter the
> parameters
> > > is
> > > > varied, they use all the same information)
> > > >
> > > > The rootDSE is being determined automatically; however for my use
> it's
> > > > wrong and needs to be provided manually. Again, I have no control
> over
> > > > this. It's a company-wide configuration that won't be changed just
> for
> > > me.
> > > >
> > > > How would I be able to specify the organization filter line if I
> added
> > > some
> > > > other include directive of whatever driver? I don't even understand
> what
> > > > you're saying, exactly. Not all ovirt users/managers are programming
> > > > experts.
> > > >
> > > > I use LDAPS because thats what my company supports. StartTLS is NOT
> > > > supported (as I stated). Silly on their part, right?
> > > >
> > > > Thanks,
> > > > David
> > > >
> > > > On Tue, May 5, 2015 at 1:18 PM, Alon Bar-Lev
> wrote:
> > > >
> > > > > Hello,
> > > > >
> > > > > Resources includes sysadmin documentation[1], integrator
> > > documentation[2],
> > > > > overview[3], examples[4].
> > > > >
> > > > > You did not specify what LDAP vendor it is.
> > > > >
> > > > > I can guess your
Re: [ovirt-users] AAA LDAP Authentication
I beginning to understand... although I cannot figure out how login works while
search not.
Anyway, try to add this to your profile:
sequence-init.init.900-local-init-vars = local-init-vars
sequence.local-init-vars.010.description = override name space
sequence.local-init-vars.010.type = var-set
sequence.local-init-vars.010.var-set.variable = simple_namespaceDefault
sequence.local-init-vars.010.var-set.value =
cn=users,cn=accounts,dc=corp,dc=ft,dc=com
sequence.local-init-vars.020.description = apply filter to users
sequence.local-init-vars.020.type = var-set
sequence.local-init-vars.020.var-set.variable = simple_filterUserObject
sequence.local-init-vars.020.var-set.value =
${seq:simple_filterUserObject}(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)
sequence.local-init-vars.030.description = apply filter to groups
sequence.local-init-vars.030.type = var-set
sequence.local-init-vars.030.var-set.variable = simple_filterGroupObject
sequence.local-init-vars.030.var-set.value =
${seq:simple_filterGroupObject}(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)
- Original Message -
> From: "David Smith"
> To: "Alon Bar-Lev"
> Cc: "users"
> Sent: Wednesday, May 6, 2015 12:17:59 AM
> Subject: Re: [ovirt-users] AAA LDAP Authentication
>
> I can log into ovirt, I can see the profile, it doesn't throw any errors.
> However, it doesn't display any users. This is because the automatic rootDN
> is wrong.
> oVirt shows "Namespace: dc=corp, dc=ft, dc=com" if this is the search base
> it actually needs to be cn=users, cn=accounts, dc=corp, dc=ft, dc=com
> Hence my desire to configure rootDN
>
> Then, I also want to filter based on the above (sorry the traffic part was
> a comment from testlink, the line should be)
> '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)';
> That filter is was makes sure the results only show users in the specific
> group I want to give access to.
>
> Thanks,
> David
>
> On Tue, May 5, 2015 at 2:08 PM, Alon Bar-Lev wrote:
>
> > Hi,
> >
> > So your configuration is working, just you want to filter users?
> >
> > I do not follow what organization filter is.
> >
> > > '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; // e.g.
> > > '(organizationname=*Traffic)'
> >
> > It looks to me that you want to narrow the results based on specific
> > attribute value.
> >
> > But first you should confirm that all is working for you, only then we can
> > start customize the provider to meet your special needs.
> >
> > Thanks,
> > Alon.
> >
> > - Original Message -
> > > From: "David Smith"
> > > To: "Alon Bar-Lev"
> > > Cc: "users"
> > > Sent: Wednesday, May 6, 2015 12:01:28 AM
> > > Subject: Re: [ovirt-users] AAA LDAP Authentication
> > >
> > > Hi Alon,
> > >
> > > Thanks for the quick reply.
> > > openldap works fine; I use it with testlink (as shown in the example
> > > config). We're not using active directory; Just LDAP. The example config
> > I
> > > provided is fully inclusive of all configuration required for "testlink"
> > to
> > > use LDAP, I also have jenkins and mantis configured using the same
> > > parameters (although their terminology on where to enter the parameters
> > is
> > > varied, they use all the same information)
> > >
> > > The rootDSE is being determined automatically; however for my use it's
> > > wrong and needs to be provided manually. Again, I have no control over
> > > this. It's a company-wide configuration that won't be changed just for
> > me.
> > >
> > > How would I be able to specify the organization filter line if I added
> > some
> > > other include directive of whatever driver? I don't even understand what
> > > you're saying, exactly. Not all ovirt users/managers are programming
> > > experts.
> > >
> > > I use LDAPS because thats what my company supports. StartTLS is NOT
> > > supported (as I stated). Silly on their part, right?
> > >
> > > Thanks,
> > > David
> > >
> > > On Tue, May 5, 2015 at 1:18 PM, Alon Bar-Lev wrote:
> > >
> > > > Hello,
> > > >
> > > > Resources includes sysadmin documentation[1], integrator
> > documentation[2],
> > > > overview[3], examples[4].
> > > >
> > > > You did not specify what LDAP vendor it is.
> > > >
> > > > I can guess your directory is Active Directory, hence all you need to
> > do
> > > > is follow the "QUICK START"[5].
> > > >
> > > > The rootDSE is determined automatically, all you need is to provide a
> > > > valid user and password.
> > > >
> > > > What you are missing in your configuration is the include directive of
> > the
> > > > proper driver.
> > > > Not sure why you use LDAPS and not LDAP with startTLS, startTLS is more
> > > > flexible and should be used unless there is an issue.
> > > >
> > > > Alon
> > > >
> > > > [1]
> > > >
> > https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD
> > > > [2]
> > > >
> > https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=READM
Re: [ovirt-users] AAA LDAP Authentication
I can log into ovirt, I can see the profile, it doesn't throw any errors. However, it doesn't display any users. This is because the automatic rootDN is wrong. oVirt shows "Namespace: dc=corp, dc=ft, dc=com" if this is the search base it actually needs to be cn=users, cn=accounts, dc=corp, dc=ft, dc=com Hence my desire to configure rootDN Then, I also want to filter based on the above (sorry the traffic part was a comment from testlink, the line should be) '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; That filter is was makes sure the results only show users in the specific group I want to give access to. Thanks, David On Tue, May 5, 2015 at 2:08 PM, Alon Bar-Lev wrote: > Hi, > > So your configuration is working, just you want to filter users? > > I do not follow what organization filter is. > > > '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; // e.g. > > '(organizationname=*Traffic)' > > It looks to me that you want to narrow the results based on specific > attribute value. > > But first you should confirm that all is working for you, only then we can > start customize the provider to meet your special needs. > > Thanks, > Alon. > > - Original Message - > > From: "David Smith" > > To: "Alon Bar-Lev" > > Cc: "users" > > Sent: Wednesday, May 6, 2015 12:01:28 AM > > Subject: Re: [ovirt-users] AAA LDAP Authentication > > > > Hi Alon, > > > > Thanks for the quick reply. > > openldap works fine; I use it with testlink (as shown in the example > > config). We're not using active directory; Just LDAP. The example config > I > > provided is fully inclusive of all configuration required for "testlink" > to > > use LDAP, I also have jenkins and mantis configured using the same > > parameters (although their terminology on where to enter the parameters > is > > varied, they use all the same information) > > > > The rootDSE is being determined automatically; however for my use it's > > wrong and needs to be provided manually. Again, I have no control over > > this. It's a company-wide configuration that won't be changed just for > me. > > > > How would I be able to specify the organization filter line if I added > some > > other include directive of whatever driver? I don't even understand what > > you're saying, exactly. Not all ovirt users/managers are programming > > experts. > > > > I use LDAPS because thats what my company supports. StartTLS is NOT > > supported (as I stated). Silly on their part, right? > > > > Thanks, > > David > > > > On Tue, May 5, 2015 at 1:18 PM, Alon Bar-Lev wrote: > > > > > Hello, > > > > > > Resources includes sysadmin documentation[1], integrator > documentation[2], > > > overview[3], examples[4]. > > > > > > You did not specify what LDAP vendor it is. > > > > > > I can guess your directory is Active Directory, hence all you need to > do > > > is follow the "QUICK START"[5]. > > > > > > The rootDSE is determined automatically, all you need is to provide a > > > valid user and password. > > > > > > What you are missing in your configuration is the include directive of > the > > > proper driver. > > > Not sure why you use LDAPS and not LDAP with startTLS, startTLS is more > > > flexible and should be used unless there is an issue. > > > > > > Alon > > > > > > [1] > > > > https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD > > > [2] > > > > https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README.profile;hb=HEAD > > > [3] http://www.ovirt.org/Features/AAA > > > [4] > > > > https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=tree;f=examples;hb=HEAD > > > [5] > > > > https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l6 > > > > > > - Original Message - > > > > From: "David Smith" > > > > To: "users" > > > > Sent: Tuesday, May 5, 2015 11:09:25 PM > > > > Subject: [ovirt-users] AAA LDAP Authentication > > > > > > > > I'm trying to set up the new 3.5 AAA LDAP Auth, but it's lacking some > > > serious > > > > detail in documentation, the rest is java-programmer-oriented docs > only > > > that > > > > I can find; > > > > > > > > > https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git > > > > > > > > Here's a sample config (sanitized) that I need to adapt to ovirt; *I > > > HAVE NO > > > > control over the LDAP server. > > > > > > > > So far I've managed to figure out through search after search to use > > > LDAPS > > > > (TLS isn't an option, thanks!) > > > > Two parts I can't figure out; setting rootDN and setting the > organization > > > > filter-- members of that particular organization should have access > to > > > > ovirt, and none others. > > > > > > > > vars.server = directory.ft.com > > > > > > > > # > > > > # Search user and its password. > > > > # > > > > vars.user = > uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com > > > > vars.urootdn = cn=users,cn=accounts,dc=
Re: [ovirt-users] AAA LDAP Authentication
Hi,
So your configuration is working, just you want to filter users?
I do not follow what organization filter is.
> '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; // e.g.
> '(organizationname=*Traffic)'
It looks to me that you want to narrow the results based on specific attribute
value.
But first you should confirm that all is working for you, only then we can
start customize the provider to meet your special needs.
Thanks,
Alon.
- Original Message -
> From: "David Smith"
> To: "Alon Bar-Lev"
> Cc: "users"
> Sent: Wednesday, May 6, 2015 12:01:28 AM
> Subject: Re: [ovirt-users] AAA LDAP Authentication
>
> Hi Alon,
>
> Thanks for the quick reply.
> openldap works fine; I use it with testlink (as shown in the example
> config). We're not using active directory; Just LDAP. The example config I
> provided is fully inclusive of all configuration required for "testlink" to
> use LDAP, I also have jenkins and mantis configured using the same
> parameters (although their terminology on where to enter the parameters is
> varied, they use all the same information)
>
> The rootDSE is being determined automatically; however for my use it's
> wrong and needs to be provided manually. Again, I have no control over
> this. It's a company-wide configuration that won't be changed just for me.
>
> How would I be able to specify the organization filter line if I added some
> other include directive of whatever driver? I don't even understand what
> you're saying, exactly. Not all ovirt users/managers are programming
> experts.
>
> I use LDAPS because thats what my company supports. StartTLS is NOT
> supported (as I stated). Silly on their part, right?
>
> Thanks,
> David
>
> On Tue, May 5, 2015 at 1:18 PM, Alon Bar-Lev wrote:
>
> > Hello,
> >
> > Resources includes sysadmin documentation[1], integrator documentation[2],
> > overview[3], examples[4].
> >
> > You did not specify what LDAP vendor it is.
> >
> > I can guess your directory is Active Directory, hence all you need to do
> > is follow the "QUICK START"[5].
> >
> > The rootDSE is determined automatically, all you need is to provide a
> > valid user and password.
> >
> > What you are missing in your configuration is the include directive of the
> > proper driver.
> > Not sure why you use LDAPS and not LDAP with startTLS, startTLS is more
> > flexible and should be used unless there is an issue.
> >
> > Alon
> >
> > [1]
> > https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD
> > [2]
> > https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README.profile;hb=HEAD
> > [3] http://www.ovirt.org/Features/AAA
> > [4]
> > https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=tree;f=examples;hb=HEAD
> > [5]
> > https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l6
> >
> > - Original Message -
> > > From: "David Smith"
> > > To: "users"
> > > Sent: Tuesday, May 5, 2015 11:09:25 PM
> > > Subject: [ovirt-users] AAA LDAP Authentication
> > >
> > > I'm trying to set up the new 3.5 AAA LDAP Auth, but it's lacking some
> > serious
> > > detail in documentation, the rest is java-programmer-oriented docs only
> > that
> > > I can find;
> > >
> > > https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git
> > >
> > > Here's a sample config (sanitized) that I need to adapt to ovirt; *I
> > HAVE NO
> > > control over the LDAP server.
> > >
> > > So far I've managed to figure out through search after search to use
> > LDAPS
> > > (TLS isn't an option, thanks!)
> > > Two parts I can't figure out; setting rootDN and setting the organization
> > > filter-- members of that particular organization should have access to
> > > ovirt, and none others.
> > >
> > > vars.server = directory.ft.com
> > >
> > > #
> > > # Search user and its password.
> > > #
> > > vars.user = uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com
> > > vars.urootdn = cn=users,cn=accounts,dc=corp,dc=ft,dc=com
> > > vars.password = Ft##
> > >
> > > pool.default.serverset.single.server = ${global:vars.server}
> > > pool.default.serverset.single.port = 636
> > > pool.default.auth.simple.bindDN = ${global:vars.user}
> > > pool.default.auth.simple.rootDN = ${global:vars.urootdn}
> > > pool.default.auth.simple.password = ${global:vars.password}
> > >
> > > # enable SSL
> > > pool.default.ssl.enable = true
> > > #pool.default.ssl.insecure = false
> > >
> > > # Create keystore, import certificate chain and uncomment
> > > # if using ssl/tls.
> > > #pool.default.ssl.startTLS = true
> > > pool.default.ssl.truststore.file =
> > > ${local:_basedir}/${global:vars.server}.jks
> > > pool.default.ssl.truststore.password = changeit
> > >
> > >
> > > example config from testlink
> > > $tlCfg->authentication['method'] = 'LDAP';
> > >
> > > /** LDAP authentication credentials */
> > > $tlCfg->authentication['ldap_server'] = 'ldaps:// dir
Re: [ovirt-users] AAA LDAP Authentication
Hi Alon,
Thanks for the quick reply.
openldap works fine; I use it with testlink (as shown in the example
config). We're not using active directory; Just LDAP. The example config I
provided is fully inclusive of all configuration required for "testlink" to
use LDAP, I also have jenkins and mantis configured using the same
parameters (although their terminology on where to enter the parameters is
varied, they use all the same information)
The rootDSE is being determined automatically; however for my use it's
wrong and needs to be provided manually. Again, I have no control over
this. It's a company-wide configuration that won't be changed just for me.
How would I be able to specify the organization filter line if I added some
other include directive of whatever driver? I don't even understand what
you're saying, exactly. Not all ovirt users/managers are programming
experts.
I use LDAPS because thats what my company supports. StartTLS is NOT
supported (as I stated). Silly on their part, right?
Thanks,
David
On Tue, May 5, 2015 at 1:18 PM, Alon Bar-Lev wrote:
> Hello,
>
> Resources includes sysadmin documentation[1], integrator documentation[2],
> overview[3], examples[4].
>
> You did not specify what LDAP vendor it is.
>
> I can guess your directory is Active Directory, hence all you need to do
> is follow the "QUICK START"[5].
>
> The rootDSE is determined automatically, all you need is to provide a
> valid user and password.
>
> What you are missing in your configuration is the include directive of the
> proper driver.
> Not sure why you use LDAPS and not LDAP with startTLS, startTLS is more
> flexible and should be used unless there is an issue.
>
> Alon
>
> [1]
> https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD
> [2]
> https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README.profile;hb=HEAD
> [3] http://www.ovirt.org/Features/AAA
> [4]
> https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=tree;f=examples;hb=HEAD
> [5]
> https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l6
>
> - Original Message -
> > From: "David Smith"
> > To: "users"
> > Sent: Tuesday, May 5, 2015 11:09:25 PM
> > Subject: [ovirt-users] AAA LDAP Authentication
> >
> > I'm trying to set up the new 3.5 AAA LDAP Auth, but it's lacking some
> serious
> > detail in documentation, the rest is java-programmer-oriented docs only
> that
> > I can find;
> >
> > https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git
> >
> > Here's a sample config (sanitized) that I need to adapt to ovirt; *I
> HAVE NO
> > control over the LDAP server.
> >
> > So far I've managed to figure out through search after search to use
> LDAPS
> > (TLS isn't an option, thanks!)
> > Two parts I can't figure out; setting rootDN and setting the organization
> > filter-- members of that particular organization should have access to
> > ovirt, and none others.
> >
> > vars.server = directory.ft.com
> >
> > #
> > # Search user and its password.
> > #
> > vars.user = uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com
> > vars.urootdn = cn=users,cn=accounts,dc=corp,dc=ft,dc=com
> > vars.password = Ft##
> >
> > pool.default.serverset.single.server = ${global:vars.server}
> > pool.default.serverset.single.port = 636
> > pool.default.auth.simple.bindDN = ${global:vars.user}
> > pool.default.auth.simple.rootDN = ${global:vars.urootdn}
> > pool.default.auth.simple.password = ${global:vars.password}
> >
> > # enable SSL
> > pool.default.ssl.enable = true
> > #pool.default.ssl.insecure = false
> >
> > # Create keystore, import certificate chain and uncomment
> > # if using ssl/tls.
> > #pool.default.ssl.startTLS = true
> > pool.default.ssl.truststore.file =
> > ${local:_basedir}/${global:vars.server}.jks
> > pool.default.ssl.truststore.password = changeit
> >
> >
> > example config from testlink
> > $tlCfg->authentication['method'] = 'LDAP';
> >
> > /** LDAP authentication credentials */
> > $tlCfg->authentication['ldap_server'] = 'ldaps:// directory.ft.com ';
> > $tlCfg->authentication['ldap_port'] = '636';
> > $tlCfg->authentication['ldap_version'] = '3';
> > $tlCfg->authentication['ldap_root_dn'] =
> > 'cn=users,cn=accounts,dc=corp,dc=ft,dc=com';
> > $tlCfg->authentication['ldap_bind_dn'] =
> > 'uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com';
> > $tlCfg->authentication['ldap_bind_passwd'] = 'Ft##';
> > $tlCfg->authentication['ldap_tls'] = false; // true -> use tls
> > $tlCfg->authentication['ldap_organization'] =
> > '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; // e.g.
> > '(organizationname=*Traffic)'
> > $tlCfg->authentication['ldap_uid_field'] = 'uid'; // Use
> 'sAMAccountName' for
> > Active Directory
> >
> > ___
> > Users mailing list
> > Users@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >
>
__
Re: [ovirt-users] AAA LDAP Authentication
Hello,
Resources includes sysadmin documentation[1], integrator documentation[2],
overview[3], examples[4].
You did not specify what LDAP vendor it is.
I can guess your directory is Active Directory, hence all you need to do is
follow the "QUICK START"[5].
The rootDSE is determined automatically, all you need is to provide a valid
user and password.
What you are missing in your configuration is the include directive of the
proper driver.
Not sure why you use LDAPS and not LDAP with startTLS, startTLS is more
flexible and should be used unless there is an issue.
Alon
[1]
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD
[2]
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README.profile;hb=HEAD
[3] http://www.ovirt.org/Features/AAA
[4]
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=tree;f=examples;hb=HEAD
[5]
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l6
- Original Message -
> From: "David Smith"
> To: "users"
> Sent: Tuesday, May 5, 2015 11:09:25 PM
> Subject: [ovirt-users] AAA LDAP Authentication
>
> I'm trying to set up the new 3.5 AAA LDAP Auth, but it's lacking some serious
> detail in documentation, the rest is java-programmer-oriented docs only that
> I can find;
>
> https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git
>
> Here's a sample config (sanitized) that I need to adapt to ovirt; *I HAVE NO
> control over the LDAP server.
>
> So far I've managed to figure out through search after search to use LDAPS
> (TLS isn't an option, thanks!)
> Two parts I can't figure out; setting rootDN and setting the organization
> filter-- members of that particular organization should have access to
> ovirt, and none others.
>
> vars.server = directory.ft.com
>
> #
> # Search user and its password.
> #
> vars.user = uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com
> vars.urootdn = cn=users,cn=accounts,dc=corp,dc=ft,dc=com
> vars.password = Ft##
>
> pool.default.serverset.single.server = ${global:vars.server}
> pool.default.serverset.single.port = 636
> pool.default.auth.simple.bindDN = ${global:vars.user}
> pool.default.auth.simple.rootDN = ${global:vars.urootdn}
> pool.default.auth.simple.password = ${global:vars.password}
>
> # enable SSL
> pool.default.ssl.enable = true
> #pool.default.ssl.insecure = false
>
> # Create keystore, import certificate chain and uncomment
> # if using ssl/tls.
> #pool.default.ssl.startTLS = true
> pool.default.ssl.truststore.file =
> ${local:_basedir}/${global:vars.server}.jks
> pool.default.ssl.truststore.password = changeit
>
>
> example config from testlink
> $tlCfg->authentication['method'] = 'LDAP';
>
> /** LDAP authentication credentials */
> $tlCfg->authentication['ldap_server'] = 'ldaps:// directory.ft.com ';
> $tlCfg->authentication['ldap_port'] = '636';
> $tlCfg->authentication['ldap_version'] = '3';
> $tlCfg->authentication['ldap_root_dn'] =
> 'cn=users,cn=accounts,dc=corp,dc=ft,dc=com';
> $tlCfg->authentication['ldap_bind_dn'] =
> 'uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com';
> $tlCfg->authentication['ldap_bind_passwd'] = 'Ft##';
> $tlCfg->authentication['ldap_tls'] = false; // true -> use tls
> $tlCfg->authentication['ldap_organization'] =
> '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; // e.g.
> '(organizationname=*Traffic)'
> $tlCfg->authentication['ldap_uid_field'] = 'uid'; // Use 'sAMAccountName' for
> Active Directory
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] AAA LDAP Authentication
I'm trying to set up the new 3.5 AAA LDAP Auth, but it's lacking some
serious detail in documentation, the rest is java-programmer-oriented docs
only that I can find;
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git
Here's a sample config (sanitized) that I need to adapt to ovirt; *I HAVE
NO control over the LDAP server.
So far I've managed to figure out through search after search to use LDAPS
(TLS isn't an option, thanks!)
Two parts I can't figure out; setting rootDN and setting the organization
filter-- members of that particular organization should have access to
ovirt, and none others.
vars.server = directory.ft.com
#
# Search user and its password.
#
vars.user = uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com
vars.urootdn = cn=users,cn=accounts,dc=corp,dc=ft,dc=com
vars.password = Ft##
pool.default.serverset.single.server = ${global:vars.server}
pool.default.serverset.single.port = 636
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.rootDN = ${global:vars.urootdn}
pool.default.auth.simple.password = ${global:vars.password}
# enable SSL
pool.default.ssl.enable = true
#pool.default.ssl.insecure = false
# Create keystore, import certificate chain and uncomment
# if using ssl/tls.
#pool.default.ssl.startTLS = true
pool.default.ssl.truststore.file =
${local:_basedir}/${global:vars.server}.jks
pool.default.ssl.truststore.password = changeit
example config from testlink
$tlCfg->authentication['method'] = 'LDAP';
/** LDAP authentication credentials */
$tlCfg->authentication['ldap_server'] = 'ldaps://directory.ft.com';
$tlCfg->authentication['ldap_port'] = '636';
$tlCfg->authentication['ldap_version'] = '3';
$tlCfg->authentication['ldap_root_dn'] =
'cn=users,cn=accounts,dc=corp,dc=ft,dc=com';
$tlCfg->authentication['ldap_bind_dn'] =
'uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com';
$tlCfg->authentication['ldap_bind_passwd'] = 'Ft##';
$tlCfg->authentication['ldap_tls'] = false; // true -> use tls
$tlCfg->authentication['ldap_organization'] =
'(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; //
e.g. '(organizationname=*Traffic)'
$tlCfg->authentication['ldap_uid_field'] = 'uid'; // Use
'sAMAccountName' for Active Directory
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] oVirt Newsletter: April 2015 Edition
May is upon us, and the oVirt community is getting more active with API work, and spreading the word about how to deploy and use oVirt! - Software Releases - oVirt 3.5.2 went live on April 28. Check out the latest stable release today! http://lists.ovirt.org/pipermail/users/2015-April/032571.html libgovirt 0.3.3, a GObject-based library to access oVirt REST API, was released April 8. http://lists.ovirt.org/pipermail/users/2015-April/032304.html ovirt-0.01, bindings for the oVirt REST API, was released April 25. http://search.cpan.org/~heince/Ovirt-0.01/ A testing release for moVirt is now ready to check out https://github.com/matobet/movirt In the Community Two Hypervisors, One Great Collaboration http://community.redhat.com/blog/2015/04/two-hypervisors-one-great-collaboration/ Welcome to the brand-new oVirt/RHEV User Group (Malaysia) on Facebook! https://www.facebook.com/groups/ovirtUGMY/ 10 Things You Should Know About oVirt https://www.linkedin.com/pulse/10-things-you-should-know-ovirt-freddy-rolland oVirt makes a splash at Sasoconf in Argentina [En Español] http://www.itrestauracion.com.ar/?p=2031 Deep Dives and Technical Discussions How to Install RedHat Enterprise Virtualization (RHEV) 3.5 – Part 1 http://www.tecmint.com/install-redhat-virtualization-rhev/ NodeWolf provides hosted oVirt services https://nodewolf.com/hosted-ovirt.html oVirt 3.5 - Einführung und Evaluierungsergebnisse ["Introduction and Evaluation Results", Auf Deutsch] http://www.slideshare.net/inovex/ovirt-35-einfhrung-und-evaluierungsergebnisse Learning oVirt http://terminalmonkey.com/2015/04/11/learning-ovirt/ How to open a console on Windows with oVirt and Spice https://12nix.wordpress.com/2015/04/17/ovirt-open-a-console-on-windows-spice/ Solving NP Hard Scheduling Problems with oVirt and OptaPlan https://youtu.be/O-n5zcNwPkM oVirt's integration with virt-v2v https://youtu.be/QSss__Nl5rU oVirt ~ Installation https://bordeltabernacle.wordpress.com/2015/04/13/ovirt-installation/ ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Edit a node image
- Original Message - > Le mardi 5 mai 2015 04:17:04, vous avez écrit : > > - Original Message - > > > > > Hi, > > > > > > I am testing oVirt to deploy a new virtualization infrastructure. I want > > > to > > > edit a node with the command edit-node. > > > I use this command to add some HP packages to manage our ProLiant Servers > > > and add some plugins : > > > > > > edit-node --install=hponcfg --install=hpssacli --install=hp-health -- > > > install-plugin=ovirt-node-plugin-snmp > > > --install-plugin=ovirt-node-plugin-ipmi > > > --repo=/etc/yum.repos.d/ovirt-3.5.repo --repo=/etc/yum.repos.d/CentOS- > > > Base.repo --repo=/etc/yum.repos.d/epel.repo --repo=/etc/yum.repos.d/HP- > > > spp.repo ovirt-node-iso-3.5.2-edited.el6.iso > > > > > > I don't see my plugins or packages in my new ISO file, it seems it only > > > add > > > the > > > first packages I add in the command line. > > > > > > Perhaps I misunderstood how using the edit-node command, must I add all > > > packages in one "--install " option ? > > > > Hey Kevin, > > > > --install-plugin takes a single argument, which is a concatenated list > > of all the rpms you want to install, separated by ",". > > > > I.e.: > > > > --install-plugin=ovirt-node-plugin-ipmi,ovirt-node-plugin-snmp > > > > Could you give that a try? > > > > Greetings > > fabian > Hi Fabian, > > I finally succeed to build an image with the two plugins. I needed to use two > edit-node commands to incorporate the plugins in the ISO. Hey Kevin, great that this worked for you. Tho I wonder why edit-node did not take several plugins at once, it should. - fabian ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt 3.5.2 cannot start windows vms
- Original Message - > From: "Michal Skrivanek" > To: "Francesco Romani" > Cc: "Wolfgang Bucher" , "users@ovirt.org > (users@ovirt.org)" > Sent: Tuesday, May 5, 2015 9:33:03 AM > Subject: Re: [ovirt-users] ovirt 3.5.2 cannot start windows vms > >> here are the logfiles from libvirt > >> May 4 19:08:22 ovirt kernel: ovirtmgmt: port 2(vnet0) entered forwarding > >> state > >> May 4 19:08:22 ovirt kernel: ovirtmgmt: port 2(vnet0) entered forwarding > >> state > >> May 4 19:08:23 ovirt sanlock[638]: 2015-05-04 19:08:23+0200 5077 [638]: > >> cmd 9 > >> target pid 10182 not found > >> May 4 19:08:23 ovirt systemd: Starting Virtual Machine qemu-testwin. > >> May 4 19:08:23 ovirt systemd-machined: New machine qemu-testwin. > >> May 4 19:08:23 ovirt systemd: Started Virtual Machine qemu-testwin. > >> May 4 19:08:23 ovirt kvm: 1 guest now active > >> May 4 19:08:23 ovirt kernel: ovirtmgmt: port 2(vnet0) entered disabled > >> state > >> May 4 19:08:23 ovirt kernel: device vnet0 left promiscuous mode > >> May 4 19:08:23 ovirt kernel: ovirtmgmt: port 2(vnet0) entered disabled > >> state > >> May 4 19:08:23 ovirt kvm: 0 guests now active > >> May 4 19:08:23 ovirt systemd-machined: Machine qemu-testwin terminated. > >> May 4 19:08:23 ovirt libvirtd: 9183: error : qemuMonitorOpenUnix:309 : > >> Verbindung mit Monitor-Socket gescheitert: Kein passender Prozess gefunden > >> May 4 19:08:23 ovirt libvirtd: 9183: error : > >> qemuProcessWaitForMonitor:2131 : > >> Interner Fehler: Prozess während der Verbindungsaufnahme zum Monitor > >> beendet > > > > This is the translation of the well-known 'internal error: monitor > > disconbected' > > QEMU error (not literal transaltion)! which is in turn caused by... > > > >> :2015-05-04T17:08:23.274206Z qemu-kvm: -drive > >> file=/var/run/vdsm/payload/c07772b8-6369-44cf-b554-b8dcb0e0e09b.0a41ac3e81bce0429e32b725fbf3ba5d.img,if=none,id=drive-fdc0-0-0,format=raw,serial=: > >> could not open disk image > >> /var/run/vdsm/payload/c07772b8-6369-44cf-b554-b8dcb0e0e09b.0a41ac3e81bce0429e32b725fbf3ba5d.img: > >> Could not open file: Permission denied > > > > ... this error, and so the root cause seems indeed very much the same of > > https://bugzilla.redhat.com/show_bug.cgi?id=1213410#c7 > > > > because of this: > > > >> May 4 19:08:23 ovirt libvirtd: 9183: warning : > >> virSecuritySELinuxRestoreSecurityFileLabel:1034 : cannot lookup default > >> selinux label for > >> /rhev/data-center/d5e8a32f-35ed-4dec-bf9d-3c818c2780a4/66f8876c-0898-4ff2-9325-a14835f2a872/images/b329d34e-78b3-46a5-9df8-00b83c2c982a/c79a596b-5701-4afd-a5b5-d37cf412095c > > > > From the data gathered so far, it seems a selinux issue. > > This is from Wolfgang's issue or the bug 1213410 or is it the same thing? From Wolfgang's issue, this thread > In the bug the floppy creation failed > In logs attached earlier to this thread it seems the floppy was created but > libvirt access failed I believe is the same root cause for bz1213410, it was just more hidden Bests, -- Francesco Romani RedHat Engineering Virtualization R & D Phone: 8261328 IRC: fromani ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt 3.5.2 cannot start windows vms
Hello i have changed selinux to disabled and now it works Thanks -Ursprüngliche Nachricht- Von: Michal Skrivanek Gesendet: Die 5 Mai 2015 09:34 An: Francesco Romani CC: Wolfgang Bucher ; users@ovirt.org (users@ovirt.org) Betreff: Re: [ovirt-users] ovirt 3.5.2 cannot start windows vms On May 5, 2015, at 08:51 , Francesco Romani wrote: > > Hi, > > - Original Message - >> From: "Wolfgang Bucher" >> To: "Michal Skrivanek" >> Cc: "users@ovirt.org (users@ovirt.org)" >> Sent: Monday, May 4, 2015 7:12:14 PM >> Subject: Re: [ovirt-users] ovirt 3.5.2 cannot start windows vms >> >> AW: [ovirt-users] ovirt 3.5.2 cannot start windows vms >> >> Hello, >> >> >> >> >> >> here are the logfiles from libvirt >> >> >> >> >> >> May 4 19:08:22 ovirt kernel: ovirtmgmt: port 2(vnet0) entered forwarding >> state >> May 4 19:08:22 ovirt kernel: ovirtmgmt: port 2(vnet0) entered forwarding >> state >> May 4 19:08:23 ovirt sanlock[638]: 2015-05-04 19:08:23+0200 5077 [638]: cmd 9 >> target pid 10182 not found >> May 4 19:08:23 ovirt systemd: Starting Virtual Machine qemu-testwin. >> May 4 19:08:23 ovirt systemd-machined: New machine qemu-testwin. >> May 4 19:08:23 ovirt systemd: Started Virtual Machine qemu-testwin. >> May 4 19:08:23 ovirt kvm: 1 guest now active >> May 4 19:08:23 ovirt kernel: ovirtmgmt: port 2(vnet0) entered disabled state >> May 4 19:08:23 ovirt kernel: device vnet0 left promiscuous mode >> May 4 19:08:23 ovirt kernel: ovirtmgmt: port 2(vnet0) entered disabled state >> May 4 19:08:23 ovirt kvm: 0 guests now active >> May 4 19:08:23 ovirt systemd-machined: Machine qemu-testwin terminated. >> May 4 19:08:23 ovirt libvirtd: 9183: error : qemuMonitorOpenUnix:309 : >> Verbindung mit Monitor-Socket gescheitert: Kein passender Prozess gefunden >> May 4 19:08:23 ovirt libvirtd: 9183: error : qemuProcessWaitForMonitor:2131 : >> Interner Fehler: Prozess während der Verbindungsaufnahme zum Monitor beendet > > This is the translation of the well-known 'internal error: monitor > disconbected' > QEMU error (not literal transaltion)! which is in turn caused by... > >> :2015-05-04T17:08:23.274206Z qemu-kvm: -drive >> file=/var/run/vdsm/payload/c07772b8-6369-44cf-b554-b8dcb0e0e09b.0a41ac3e81bce0429e32b725fbf3ba5d.img,if=none,id=drive-fdc0-0-0,format=raw,serial=: >> could not open disk image >> /var/run/vdsm/payload/c07772b8-6369-44cf-b554-b8dcb0e0e09b.0a41ac3e81bce0429e32b725fbf3ba5d.img: >> Could not open file: Permission denied > > ... this error, and so the root cause seems indeed very much the same of > https://bugzilla.redhat.com/show_bug.cgi?id=1213410#c7 > > because of this: > >> May 4 19:08:23 ovirt libvirtd: 9183: warning : >> virSecuritySELinuxRestoreSecurityFileLabel:1034 : cannot lookup default >> selinux label for >> /rhev/data-center/d5e8a32f-35ed-4dec-bf9d-3c818c2780a4/66f8876c-0898-4ff2-9325-a14835f2a872/images/b329d34e-78b3-46a5-9df8-00b83c2c982a/c79a596b-5701-4afd-a5b5-d37cf412095c > > From the data gathered so far, it seems a selinux issue. This is from Wolfgang's issue or the bug 1213410 or is it the same thing? In the bug the floppy creation failed In logs attached earlier to this thread it seems the floppy was created but libvirt access failed Thanks, michal > > > Bests, > > -- > Francesco Romani > RedHat Engineering Virtualization R & D > Phone: 8261328 > IRC: fromani ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [ ERROR ] Execution of setup failed , message shown at the end of installation
- Original Message - > From: "John Joseph" > To: users@ovirt.org > Sent: Tuesday, May 5, 2015 2:12:46 PM > Subject: Re: [ovirt-users] [ ERROR ] Execution of setup failed , message > shown at the end of installation > > > > > > > On Tuesday, 5 May 2015 3:30 PM, Simone Tiraboschi > wrote: > > > > > I have attached the log files and conf file setup, for reference. > > Your error is: > RequestError: > status: 400 > reason: Bad Request > detail: Permission settings on the specified path do not allow access to the > storage. > Verify permission settings on the specified storage path. > > Please check permission and ownership on /home/itsupport/images > It should be owned and writable by vdsm:kvm > Than try again. > > > Hi Simone, > > > Thansk for the advice > Again I did a system clean up > > by doing > > > # engine-cleanup > # yum remove ovirt-engine > # yum install ovirt-engine > # yum install ovirt-engine-setup-plugin-allinone > > checked for the permission in for images and exports dir > [root@server itsupport]# pwd > /home/itsupport > [root@server itsupport]# ls -l > total 8 > drwxr-xr-x. 3 vdsm kvm 4096 May 5 07:54 exports > drwxr-xr-x. 2 vdsm kvm 4096 May 5 07:55 images > > did "engine-setup" > Selected all the parametes, but this time also I got the same error > [ ERROR ] Execution of setup failed > > I have attached the log files and conf file setup, for reference. > > Now prior to the engine setup, we did cross check the owenership permissions > of exports and images dir. > Guidance and advice requested > Thanks I saw that you got the same error: RequestError: status: 400 reason: Bad Request detail: Permission settings on the specified path do not allow access to the storage. Verify permission settings on the specified storage path. 2015-05-05 07:56:52 ERROR otopi.context context._executeMethod:161 Failed to execute stage 'Closing up': status: 400 reason: Bad Request detail: Permission settings on the specified path do not allow access to the storage. Verify permission settings on the specified storage path. The problem probably lies in not having eXecute permission for vdsm on /home/itsupport. In order for any user to traverse, not necessarily look into a directory, that user must have execute permission either via a group or via a direct permission. Please ensure that vdsm user could effectively write there before trying again. You can check it with: # sudo -u vdsm touch /home/itsupport/images/wtest > Joseph John> Now this time also when I create a Virtual Machine image, the > fields are > > greyed out and in the bottom it says " Not available when no Data Center is > > up" > > > > Guidance and advice requested > > thanks > > > > Joseph John > > ___ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > > > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [ ERROR ] Execution of setup failed , message shown at the end of installation
- Original Message - > From: "John Joseph" > To: users@ovirt.org > Sent: Tuesday, May 5, 2015 12:42:42 PM > Subject: [ovirt-users] [ ERROR ] Execution of setup failed , message shown at > the end of installation > > Hi All, > I did a system clean up > > by doing > > > # engine-cleanup > # yum remove ovirt-engine > # yum install ovirt-engine > # yum install ovirt-engine-setup-plugin-allinone > > > and then did the setup again, this is my test machine (all the components I > have to install here) > # engine-setup > > gave all the parameters, but in the end I am getting this error message > > > [ ERROR ] Execution of setup failed > > I have attached the log files and conf file setup, for reference. Your error is: RequestError: status: 400 reason: Bad Request detail: Permission settings on the specified path do not allow access to the storage. Verify permission settings on the specified storage path. Please check permission and ownership on /home/itsupport/images It should be owned and writable by vdsm:kvm Than try again. > Now this time also when I create a Virtual Machine image, the fields are > greyed out and in the bottom it says " Not available when no Data Center is > up" > > Guidance and advice requested > thanks > > Joseph John > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt 3.6 and Centos 6.x
On 05/05/15 11:43, Yedidyah Bar David wrote: - Original Message - Hi, Since 3.6 is somehow on the way, will there be support for Centos 6.x for engine and nodes? engine yes, nodes no. A 3.6 engine will be able to work with 3.5 nodes in 3.5 compatibility mode. So a setup of el6 engine with el7 nodes in 3.6 compatibility mode will be available? Thanks for the rest info. G ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Finished installing, when creating new VM, the fields are grayed out
- Original Message - > From: "John Joseph" > To: users@ovirt.org > Sent: Tuesday, May 5, 2015 10:56:45 AM > Subject: Re: [ovirt-users] Finished installing, when creating new VM, the > fields are grayed out > > > > > > > On Tuesday, 5 May 2015 12:29 PM, Simone Tiraboschi > wrote: > > > Thanks > > Did you deployed all-in-one? > I see that you have no local storage at all under your local_datacenter and > this is enough to prevent you datacenter to be up and so you cannot create > your VMs. > Could you please share you setup logs to check what happened on that local > storage domain? > > > > Joseph John > > Thanks Jorick, Simone > I did the installation by > first giving > yum install ovirt-engine > then > yum install ovirt-engine-setup-plugin-allinone > > then I ran "engine-setup" > other than the default value, only changes I did was to change the default > iso and images path, since I only had 50 GB of disk space in "/" > I am sending you the conf file and log files for reference. > My instance is not a production, a test machine and I can try out different > options > Looking forward for your advice > thanks > Joseph John >From your attached answer file I saw that you explicitly choose to avoid >all-in-one setup setting OVESETUP_AIO/configure=none:None OVESETUP_AIO/storageDomainName=none:None OVESETUP_AIO/storageDomainDir=none:None and so it didn't create a local storage for you. If you want to setup a local storage please remove them. In all-in-one setup you are using the same host for the management interface and also as an hypervisor with a local storage on that. It basically an evaluation configuration just to try it since you are loosing a lot of capabilities there. In the normal setup you have oVirt engine on one host managing other hosts as hypervisors with a shared storage for that. You can also have hosted-engine setup where the oVirt engine runs on a VM hosted by the hosts that it's going to manage ensuring HA capabilities if well configured (at least two hosts). > > ___ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > > > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt 3.6 and Centos 6.x
- Original Message - > From: "Kapetanakis Giannis" > To: users@ovirt.org > Sent: Tuesday, May 5, 2015 11:27:31 AM > Subject: [ovirt-users] ovirt 3.6 and Centos 6.x > > Hi, > > Since 3.6 is somehow on the way, > will there be support for Centos 6.x for engine and nodes? engine yes, nodes no. A 3.6 engine will be able to work with 3.5 nodes in 3.5 compatibility mode. > > If not is there a defined process of migrating the engine into a new el7 > host (not hosted-engine setup) > I've seen this http://www.ovirt.org/User:Adrian15/oVirt_engine_migration > Is it still up2date? It says it's for 3.1, so it's not up2date... Sandro documented some time ago an upgrade from fedora 19 to 20, in [1]. Can't currently find something for el6->el7. You should definitely have a look at [1] if you intend to try - mainly do not forget upgrading postgresql's data. If you are looking at migration to a new machine, then I suppose that something based on backup/restore, similar to [2] but skipping the hosted-engine-specific parts, should work. Didn't try that myself. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1131828 [2] http://www.ovirt.org/Migrate_to_Hosted_Engine > > node migration is no problem but there is room for problems in engine > migration. Indeed. Best, -- Didi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Finished installing, when creating new VM, the fields are grayed out
On 05/05/2015 10:20 AM, John Joseph wrote: > Dear All, > > > Very much new to oVirt, just finished installing Ovirt on CentOS 6.6 > after login as admin, I straight went to create new VM machine, but fields to > enter are all greyed(ie not able to enter the value). > I have attached a screen shot for reference > > Guidance and advice requested > Thanks > > Joseph John > Hi, In the screenshot I can see the warning at the bottom "Not available when no datacenter is up", so I think you skipped some steps ;-) Try reading this: http://www.ovirt.org/Quick_Start_Guide#Configure_Data_Centers Met vriendelijke groet, With kind regards, Jorick Astrego Netbulae Virtualization Experts Tel: 053 20 30 270 i...@netbulae.euStaalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Finished installing, when creating new VM, the fields are grayed out
- Original Message - > From: "John Joseph" > To: users@ovirt.org > Sent: Tuesday, May 5, 2015 10:20:23 AM > Subject: [ovirt-users] Finished installing, when creating new VM, the fields > are grayed out > > Dear All, > > > Very much new to oVirt, just finished installing Ovirt on CentOS 6.6 > after login as admin, I straight went to create new VM machine, but fields to > enter are all greyed(ie not able to enter the value). > I have attached a screen shot for reference > > Guidance and advice requested > Thanks Did you deployed all-in-one? I see that you have no local storage at all under your local_datacenter and this is enough to prevent you datacenter to be up and so you cannot create your VMs. Could you please share you setup logs to check what happened on that local storage domain? > Joseph John > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] ovirt 3.6 and Centos 6.x
Hi, Since 3.6 is somehow on the way, will there be support for Centos 6.x for engine and nodes? If not is there a defined process of migrating the engine into a new el7 host (not hosted-engine setup) I've seen this http://www.ovirt.org/User:Adrian15/oVirt_engine_migration Is it still up2date? node migration is no problem but there is room for problems in engine migration. regards, G ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Finished installing, when creating new VM, the fields are grayed out
Dear All, Very much new to oVirt, just finished installing Ovirt on CentOS 6.6 after login as admin, I straight went to create new VM machine, but fields to enter are all greyed(ie not able to enter the value). I have attached a screen shot for reference Guidance and advice requested Thanks Joseph John ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Edit a node image
- Original Message - > Hi, > > I am testing oVirt to deploy a new virtualization infrastructure. I want to > edit a node with the command edit-node. > I use this command to add some HP packages to manage our ProLiant Servers and > add some plugins : > > edit-node --install=hponcfg --install=hpssacli --install=hp-health -- > install-plugin=ovirt-node-plugin-snmp > --install-plugin=ovirt-node-plugin-ipmi > --repo=/etc/yum.repos.d/ovirt-3.5.repo --repo=/etc/yum.repos.d/CentOS- > Base.repo --repo=/etc/yum.repos.d/epel.repo --repo=/etc/yum.repos.d/HP- > spp.repo ovirt-node-iso-3.5.2-edited.el6.iso > > I don't see my plugins or packages in my new ISO file, it seems it only add > the > first packages I add in the command line. > > Perhaps I misunderstood how using the edit-node command, must I add all > packages in one "--install " option ? Hey Kevin, --install-plugin takes a single argument, which is a concatenated list of all the rpms you want to install, separated by ",". I.e.: --install-plugin=ovirt-node-plugin-ipmi,ovirt-node-plugin-snmp Could you give that a try? Greetings fabian ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt 3.5.2 cannot start windows vms
On May 5, 2015, at 08:51 , Francesco Romani wrote: > > Hi, > > - Original Message - >> From: "Wolfgang Bucher" >> To: "Michal Skrivanek" >> Cc: "users@ovirt.org (users@ovirt.org)" >> Sent: Monday, May 4, 2015 7:12:14 PM >> Subject: Re: [ovirt-users] ovirt 3.5.2 cannot start windows vms >> >> AW: [ovirt-users] ovirt 3.5.2 cannot start windows vms >> >> Hello, >> >> >> >> >> >> here are the logfiles from libvirt >> >> >> >> >> >> May 4 19:08:22 ovirt kernel: ovirtmgmt: port 2(vnet0) entered forwarding >> state >> May 4 19:08:22 ovirt kernel: ovirtmgmt: port 2(vnet0) entered forwarding >> state >> May 4 19:08:23 ovirt sanlock[638]: 2015-05-04 19:08:23+0200 5077 [638]: cmd 9 >> target pid 10182 not found >> May 4 19:08:23 ovirt systemd: Starting Virtual Machine qemu-testwin. >> May 4 19:08:23 ovirt systemd-machined: New machine qemu-testwin. >> May 4 19:08:23 ovirt systemd: Started Virtual Machine qemu-testwin. >> May 4 19:08:23 ovirt kvm: 1 guest now active >> May 4 19:08:23 ovirt kernel: ovirtmgmt: port 2(vnet0) entered disabled state >> May 4 19:08:23 ovirt kernel: device vnet0 left promiscuous mode >> May 4 19:08:23 ovirt kernel: ovirtmgmt: port 2(vnet0) entered disabled state >> May 4 19:08:23 ovirt kvm: 0 guests now active >> May 4 19:08:23 ovirt systemd-machined: Machine qemu-testwin terminated. >> May 4 19:08:23 ovirt libvirtd: 9183: error : qemuMonitorOpenUnix:309 : >> Verbindung mit Monitor-Socket gescheitert: Kein passender Prozess gefunden >> May 4 19:08:23 ovirt libvirtd: 9183: error : qemuProcessWaitForMonitor:2131 : >> Interner Fehler: Prozess während der Verbindungsaufnahme zum Monitor beendet > > This is the translation of the well-known 'internal error: monitor > disconbected' > QEMU error (not literal transaltion)! which is in turn caused by... > >> :2015-05-04T17:08:23.274206Z qemu-kvm: -drive >> file=/var/run/vdsm/payload/c07772b8-6369-44cf-b554-b8dcb0e0e09b.0a41ac3e81bce0429e32b725fbf3ba5d.img,if=none,id=drive-fdc0-0-0,format=raw,serial=: >> could not open disk image >> /var/run/vdsm/payload/c07772b8-6369-44cf-b554-b8dcb0e0e09b.0a41ac3e81bce0429e32b725fbf3ba5d.img: >> Could not open file: Permission denied > > ... this error, and so the root cause seems indeed very much the same of > https://bugzilla.redhat.com/show_bug.cgi?id=1213410#c7 > > because of this: > >> May 4 19:08:23 ovirt libvirtd: 9183: warning : >> virSecuritySELinuxRestoreSecurityFileLabel:1034 : cannot lookup default >> selinux label for >> /rhev/data-center/d5e8a32f-35ed-4dec-bf9d-3c818c2780a4/66f8876c-0898-4ff2-9325-a14835f2a872/images/b329d34e-78b3-46a5-9df8-00b83c2c982a/c79a596b-5701-4afd-a5b5-d37cf412095c > > From the data gathered so far, it seems a selinux issue. This is from Wolfgang's issue or the bug 1213410 or is it the same thing? In the bug the floppy creation failed In logs attached earlier to this thread it seems the floppy was created but libvirt access failed Thanks, michal > > > Bests, > > -- > Francesco Romani > RedHat Engineering Virtualization R & D > Phone: 8261328 > IRC: fromani ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
