Re: [ovirt-users] [ ERROR ] Execution of setup failed , message shown at the end of installation
- Original Message - From: John Joseph jjk_s...@yahoo.com To: users@ovirt.org Sent: Tuesday, May 5, 2015 12:42:42 PM Subject: [ovirt-users] [ ERROR ] Execution of setup failed , message shown at the end of installation Hi All, I did a system clean up by doing # engine-cleanup # yum remove ovirt-engine # yum install ovirt-engine # yum install ovirt-engine-setup-plugin-allinone and then did the setup again, this is my test machine (all the components I have to install here) # engine-setup gave all the parameters, but in the end I am getting this error message [ ERROR ] Execution of setup failed I have attached the log files and conf file setup, for reference. Your error is: RequestError: status: 400 reason: Bad Request detail: Permission settings on the specified path do not allow access to the storage. Verify permission settings on the specified storage path. Please check permission and ownership on /home/itsupport/images It should be owned and writable by vdsm:kvm Than try again. Now this time also when I create a Virtual Machine image, the fields are greyed out and in the bottom it says Not available when no Data Center is up Guidance and advice requested thanks Joseph John ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [ ERROR ] Execution of setup failed , message shown at the end of installation
- Original Message - From: John Joseph jjk_s...@yahoo.com To: users@ovirt.org Sent: Tuesday, May 5, 2015 2:12:46 PM Subject: Re: [ovirt-users] [ ERROR ] Execution of setup failed , message shown at the end of installation On Tuesday, 5 May 2015 3:30 PM, Simone Tiraboschi stira...@redhat.com wrote: I have attached the log files and conf file setup, for reference. Your error is: RequestError: status: 400 reason: Bad Request detail: Permission settings on the specified path do not allow access to the storage. Verify permission settings on the specified storage path. Please check permission and ownership on /home/itsupport/images It should be owned and writable by vdsm:kvm Than try again. Hi Simone, Thansk for the advice Again I did a system clean up by doing # engine-cleanup # yum remove ovirt-engine # yum install ovirt-engine # yum install ovirt-engine-setup-plugin-allinone checked for the permission in for images and exports dir [root@server itsupport]# pwd /home/itsupport [root@server itsupport]# ls -l total 8 drwxr-xr-x. 3 vdsm kvm 4096 May 5 07:54 exports drwxr-xr-x. 2 vdsm kvm 4096 May 5 07:55 images did engine-setup Selected all the parametes, but this time also I got the same error [ ERROR ] Execution of setup failed I have attached the log files and conf file setup, for reference. Now prior to the engine setup, we did cross check the owenership permissions of exports and images dir. Guidance and advice requested Thanks I saw that you got the same error: RequestError: status: 400 reason: Bad Request detail: Permission settings on the specified path do not allow access to the storage. Verify permission settings on the specified storage path. 2015-05-05 07:56:52 ERROR otopi.context context._executeMethod:161 Failed to execute stage 'Closing up': status: 400 reason: Bad Request detail: Permission settings on the specified path do not allow access to the storage. Verify permission settings on the specified storage path. The problem probably lies in not having eXecute permission for vdsm on /home/itsupport. In order for any user to traverse, not necessarily look into a directory, that user must have execute permission either via a group or via a direct permission. Please ensure that vdsm user could effectively write there before trying again. You can check it with: # sudo -u vdsm touch /home/itsupport/images/wtest Joseph John Now this time also when I create a Virtual Machine image, the fields are greyed out and in the bottom it says Not available when no Data Center is up Guidance and advice requested thanks Joseph John ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [ ERROR ] Execution of setup failed , message shown at the end of installation
On Tuesday, 5 May 2015 4:40 PM, Simone Tiraboschi stira...@redhat.com wrote: - Original Message - From: John Joseph jjk_s...@yahoo.com To: users@ovirt.org Sent: Tuesday, May 5, 2015 2:12:46 PM Subject: Re: [ovirt-users] [ ERROR ] Execution of setup failed , message shown at the end of installation I saw that you got the same error: RequestError: status: 400 reason: Bad Request detail: Permission settings on the specified path do not allow access to the storage. Verify permission settings on the specified storage path. 2015-05-05 07:56:52 ERROR otopi.context context._executeMethod:161 Failed to execute stage 'Closing up': status: 400 reason: Bad Request detail: Permission settings on the specified path do not allow access to the storage. Verify permission settings on the specified storage path. The problem probably lies in not having eXecute permission for vdsm on /home/itsupport. In order for any user to traverse, not necessarily look into a directory, that user must have execute permission either via a group or via a direct permission. Please ensure that vdsm user could effectively write there before trying again. You can check it with: # sudo -u vdsm touch /home/itsupport/images/wtest Hi Simone, Great thanks to you. I was not able to write to the dir as vdsm Now taking clue from that, I made a dir in /home named as vdsm and gave ownership as vdsm:kvm then did sudo -u vdsm mkdir /home/vdsm/images sudo -u vdsm mkdir -p /home/vdsm/exports/iso then the installation and it is SUCCESS, THANKS to you Joseph John Joseph John Now this time also when I create a Virtual Machine image, the ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] used engine-iso-uploader to upload ISO , but cant find the images
- Original Message - From: John Joseph jjk_s...@yahoo.com To: users@ovirt.org Sent: Wednesday, May 6, 2015 8:36:37 AM Subject: [ovirt-users] used engine-iso-uploader to upload ISO , but cant find the images Hi All I finished installing oVirto 3.5.2-1 on CentOS 6.6 64 bit OS and it is working and now I am slowly epxloring other feaures. I have uploaded a ISO image, and the message says that It is been uploaded as follows # engine-iso-uploader -i ISO_DOMAIN upload /root/CentOS-6.6-x86_64-Kazoo-0.iso Please provide the REST API password for the admin@internal oVirt Engine user (CTRL+D to abort): Uploading, please wait... INFO: Start uploading /root/CentOS-6.6-x86_64-Kazoo-0.iso WARNING: failed to refresh the list of files available in the ISO_DOMAIN ISO storage domain. Please refresh the list manually using the 'Refresh' button in the oVirt Webadmin console. INFO: /root/CentOS-6.6-x86_64-Kazoo-0.iso uploaded successfully Please verify that it was indeed uploaded, ls -lR /root/of/your/iso/domain When I try to referesh, I cannot see the ISO image so far, I did wait for 10 to 15 min and then refreshed also Please check/post /var/log/ovirt-engine/{engine,server}.log Best, -- Didi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt 3.5.2 cannot start windows vms
- Original Message - From: Michal Skrivanek mskri...@redhat.com To: Francesco Romani from...@redhat.com Cc: Wolfgang Bucher wolfgang.buc...@netland-mn.de, users@ovirt.org (users@ovirt.org) users@ovirt.org Sent: Tuesday, May 5, 2015 9:33:03 AM Subject: Re: [ovirt-users] ovirt 3.5.2 cannot start windows vms here are the logfiles from libvirt May 4 19:08:22 ovirt kernel: ovirtmgmt: port 2(vnet0) entered forwarding state May 4 19:08:22 ovirt kernel: ovirtmgmt: port 2(vnet0) entered forwarding state May 4 19:08:23 ovirt sanlock[638]: 2015-05-04 19:08:23+0200 5077 [638]: cmd 9 target pid 10182 not found May 4 19:08:23 ovirt systemd: Starting Virtual Machine qemu-testwin. May 4 19:08:23 ovirt systemd-machined: New machine qemu-testwin. May 4 19:08:23 ovirt systemd: Started Virtual Machine qemu-testwin. May 4 19:08:23 ovirt kvm: 1 guest now active May 4 19:08:23 ovirt kernel: ovirtmgmt: port 2(vnet0) entered disabled state May 4 19:08:23 ovirt kernel: device vnet0 left promiscuous mode May 4 19:08:23 ovirt kernel: ovirtmgmt: port 2(vnet0) entered disabled state May 4 19:08:23 ovirt kvm: 0 guests now active May 4 19:08:23 ovirt systemd-machined: Machine qemu-testwin terminated. May 4 19:08:23 ovirt libvirtd: 9183: error : qemuMonitorOpenUnix:309 : Verbindung mit Monitor-Socket gescheitert: Kein passender Prozess gefunden May 4 19:08:23 ovirt libvirtd: 9183: error : qemuProcessWaitForMonitor:2131 : Interner Fehler: Prozess während der Verbindungsaufnahme zum Monitor beendet This is the translation of the well-known 'internal error: monitor disconbected' QEMU error (not literal transaltion)! which is in turn caused by... :2015-05-04T17:08:23.274206Z qemu-kvm: -drive file=/var/run/vdsm/payload/c07772b8-6369-44cf-b554-b8dcb0e0e09b.0a41ac3e81bce0429e32b725fbf3ba5d.img,if=none,id=drive-fdc0-0-0,format=raw,serial=: could not open disk image /var/run/vdsm/payload/c07772b8-6369-44cf-b554-b8dcb0e0e09b.0a41ac3e81bce0429e32b725fbf3ba5d.img: Could not open file: Permission denied ... this error, and so the root cause seems indeed very much the same of https://bugzilla.redhat.com/show_bug.cgi?id=1213410#c7 because of this: May 4 19:08:23 ovirt libvirtd: 9183: warning : virSecuritySELinuxRestoreSecurityFileLabel:1034 : cannot lookup default selinux label for /rhev/data-center/d5e8a32f-35ed-4dec-bf9d-3c818c2780a4/66f8876c-0898-4ff2-9325-a14835f2a872/images/b329d34e-78b3-46a5-9df8-00b83c2c982a/c79a596b-5701-4afd-a5b5-d37cf412095c From the data gathered so far, it seems a selinux issue. This is from Wolfgang's issue or the bug 1213410 or is it the same thing? From Wolfgang's issue, this thread In the bug the floppy creation failed In logs attached earlier to this thread it seems the floppy was created but libvirt access failed I believe is the same root cause for bz1213410, it was just more hidden Bests, -- Francesco Romani RedHat Engineering Virtualization R D Phone: 8261328 IRC: fromani ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Edit a node image
- Original Message - Le mardi 5 mai 2015 04:17:04, vous avez écrit : - Original Message - Hi, I am testing oVirt to deploy a new virtualization infrastructure. I want to edit a node with the command edit-node. I use this command to add some HP packages to manage our ProLiant Servers and add some plugins : edit-node --install=hponcfg --install=hpssacli --install=hp-health -- install-plugin=ovirt-node-plugin-snmp --install-plugin=ovirt-node-plugin-ipmi --repo=/etc/yum.repos.d/ovirt-3.5.repo --repo=/etc/yum.repos.d/CentOS- Base.repo --repo=/etc/yum.repos.d/epel.repo --repo=/etc/yum.repos.d/HP- spp.repo ovirt-node-iso-3.5.2-edited.el6.iso I don't see my plugins or packages in my new ISO file, it seems it only add the first packages I add in the command line. Perhaps I misunderstood how using the edit-node command, must I add all packages in one --install option ? Hey Kevin, --install-plugin takes a single argument, which is a concatenated list of all the rpms you want to install, separated by ,. I.e.: --install-plugin=ovirt-node-plugin-ipmi,ovirt-node-plugin-snmp Could you give that a try? Greetings fabian Hi Fabian, I finally succeed to build an image with the two plugins. I needed to use two edit-node commands to incorporate the plugins in the ISO. Hey Kevin, great that this worked for you. Tho I wonder why edit-node did not take several plugins at once, it should. - fabian ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt 3.5.2 cannot start windows vms
Hello i have changed selinux to disabled and now it works Thanks -Ursprüngliche Nachricht- Von: Michal Skrivanek mskri...@redhat.com Gesendet: Die 5 Mai 2015 09:34 An: Francesco Romani from...@redhat.com CC: Wolfgang Bucher wolfgang.buc...@netland-mn.de; users@ovirt.org (users@ovirt.org) users@ovirt.org Betreff: Re: [ovirt-users] ovirt 3.5.2 cannot start windows vms On May 5, 2015, at 08:51 , Francesco Romani from...@redhat.com wrote: Hi, - Original Message - From: Wolfgang Bucher wolfgang.buc...@netland-mn.de To: Michal Skrivanek mskri...@redhat.com Cc: users@ovirt.org (users@ovirt.org) users@ovirt.org Sent: Monday, May 4, 2015 7:12:14 PM Subject: Re: [ovirt-users] ovirt 3.5.2 cannot start windows vms AW: [ovirt-users] ovirt 3.5.2 cannot start windows vms Hello, here are the logfiles from libvirt May 4 19:08:22 ovirt kernel: ovirtmgmt: port 2(vnet0) entered forwarding state May 4 19:08:22 ovirt kernel: ovirtmgmt: port 2(vnet0) entered forwarding state May 4 19:08:23 ovirt sanlock[638]: 2015-05-04 19:08:23+0200 5077 [638]: cmd 9 target pid 10182 not found May 4 19:08:23 ovirt systemd: Starting Virtual Machine qemu-testwin. May 4 19:08:23 ovirt systemd-machined: New machine qemu-testwin. May 4 19:08:23 ovirt systemd: Started Virtual Machine qemu-testwin. May 4 19:08:23 ovirt kvm: 1 guest now active May 4 19:08:23 ovirt kernel: ovirtmgmt: port 2(vnet0) entered disabled state May 4 19:08:23 ovirt kernel: device vnet0 left promiscuous mode May 4 19:08:23 ovirt kernel: ovirtmgmt: port 2(vnet0) entered disabled state May 4 19:08:23 ovirt kvm: 0 guests now active May 4 19:08:23 ovirt systemd-machined: Machine qemu-testwin terminated. May 4 19:08:23 ovirt libvirtd: 9183: error : qemuMonitorOpenUnix:309 : Verbindung mit Monitor-Socket gescheitert: Kein passender Prozess gefunden May 4 19:08:23 ovirt libvirtd: 9183: error : qemuProcessWaitForMonitor:2131 : Interner Fehler: Prozess während der Verbindungsaufnahme zum Monitor beendet This is the translation of the well-known 'internal error: monitor disconbected' QEMU error (not literal transaltion)! which is in turn caused by... :2015-05-04T17:08:23.274206Z qemu-kvm: -drive file=/var/run/vdsm/payload/c07772b8-6369-44cf-b554-b8dcb0e0e09b.0a41ac3e81bce0429e32b725fbf3ba5d.img,if=none,id=drive-fdc0-0-0,format=raw,serial=: could not open disk image /var/run/vdsm/payload/c07772b8-6369-44cf-b554-b8dcb0e0e09b.0a41ac3e81bce0429e32b725fbf3ba5d.img: Could not open file: Permission denied ... this error, and so the root cause seems indeed very much the same of https://bugzilla.redhat.com/show_bug.cgi?id=1213410#c7 because of this: May 4 19:08:23 ovirt libvirtd: 9183: warning : virSecuritySELinuxRestoreSecurityFileLabel:1034 : cannot lookup default selinux label for /rhev/data-center/d5e8a32f-35ed-4dec-bf9d-3c818c2780a4/66f8876c-0898-4ff2-9325-a14835f2a872/images/b329d34e-78b3-46a5-9df8-00b83c2c982a/c79a596b-5701-4afd-a5b5-d37cf412095c From the data gathered so far, it seems a selinux issue. This is from Wolfgang's issue or the bug 1213410 or is it the same thing? In the bug the floppy creation failed In logs attached earlier to this thread it seems the floppy was created but libvirt access failed Thanks, michal Bests, -- Francesco Romani RedHat Engineering Virtualization R D Phone: 8261328 IRC: fromani ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] oVirt Newsletter: April 2015 Edition
May is upon us, and the oVirt community is getting more active with API work, and spreading the word about how to deploy and use oVirt! - Software Releases - oVirt 3.5.2 went live on April 28. Check out the latest stable release today! http://lists.ovirt.org/pipermail/users/2015-April/032571.html libgovirt 0.3.3, a GObject-based library to access oVirt REST API, was released April 8. http://lists.ovirt.org/pipermail/users/2015-April/032304.html ovirt-0.01, bindings for the oVirt REST API, was released April 25. http://search.cpan.org/~heince/Ovirt-0.01/ A testing release for moVirt is now ready to check out https://github.com/matobet/movirt In the Community Two Hypervisors, One Great Collaboration http://community.redhat.com/blog/2015/04/two-hypervisors-one-great-collaboration/ Welcome to the brand-new oVirt/RHEV User Group (Malaysia) on Facebook! https://www.facebook.com/groups/ovirtUGMY/ 10 Things You Should Know About oVirt https://www.linkedin.com/pulse/10-things-you-should-know-ovirt-freddy-rolland oVirt makes a splash at Sasoconf in Argentina [En Español] http://www.itrestauracion.com.ar/?p=2031 Deep Dives and Technical Discussions How to Install RedHat Enterprise Virtualization (RHEV) 3.5 – Part 1 http://www.tecmint.com/install-redhat-virtualization-rhev/ NodeWolf provides hosted oVirt services https://nodewolf.com/hosted-ovirt.html oVirt 3.5 - Einführung und Evaluierungsergebnisse [Introduction and Evaluation Results, Auf Deutsch] http://www.slideshare.net/inovex/ovirt-35-einfhrung-und-evaluierungsergebnisse Learning oVirt http://terminalmonkey.com/2015/04/11/learning-ovirt/ How to open a console on Windows with oVirt and Spice https://12nix.wordpress.com/2015/04/17/ovirt-open-a-console-on-windows-spice/ Solving NP Hard Scheduling Problems with oVirt and OptaPlan https://youtu.be/O-n5zcNwPkM oVirt's integration with virt-v2v https://youtu.be/QSss__Nl5rU oVirt ~ Installation https://bordeltabernacle.wordpress.com/2015/04/13/ovirt-installation/ ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt 3.5.2 cannot start windows vms
On 04.05.15 17:43, Michal Skrivanek wrote: On 4 May 2015, at 16:56, Wolfgang Bucher wrote: Hello sorry but i sent the wrong logs. this one should be ok. Again it affects only windows vm's since 3.5.2 it might really be because of the bug that we always attach sysprep even when not requested. Still, the failure is weird. Ideally enable libvirt debug logs and attach those. perhaps also qemu.log Thanks, michal Thanks Wolfgang -Ursprüngliche Nachricht- Von: Wolfgang Bucher wolfgang.buc...@netland-mn.de Gesendet: Mon 4 Mai 2015 16:22 An: Michal Skrivanek mskri...@redhat.com CC: users@ovirt.org (users@ovirt.org) users@ovirt.org Betreff: Re: [ovirt-users] ovirt 3.5.2 cannot start windows vms Hello I have no sysprep in VM properties. attached vdsm.log and supervdsm.log Thanks Wolfgang -Ursprüngliche Nachricht- Von: Michal Skrivanek mskri...@redhat.com Gesendet: Mon 4 Mai 2015 16:02 An: Wolfgang Bucher wolfgang.buc...@netland-mn.de CC: Francesco Romani from...@redhat.com; users@ovirt.org (users@ovirt.org) users@ovirt.org; Shahar Havivi shav...@redhat.com Betreff: Re: [ovirt-users] ovirt 3.5.2 cannot start windows vms On 4 May 2015, at 15:32, Wolfgang Bucher wolfgang.buc...@netland-mn.de wrote: Hello i think it's not related to Bug 1213410. I can only start the vm's if i attach sysprep floppy. I tested a new host with iscsi storage all centos 7.1 and i got the same results. Starting linux vm's works without problems. Do you have any sysprep config in VM properties? Might be related to the bug Shahe is working on about always attaching sysprep It shouldn't fail though. Vdsm logs would help I don't think its related to the sysprep bug, We don't attach sysprep to non windows guests. Thanks, michal Thanks Wolfgang ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users vdsm.tar.gz ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt 3.5.2 cannot start windows vms
Hi, - Original Message - From: Wolfgang Bucher wolfgang.buc...@netland-mn.de To: Michal Skrivanek mskri...@redhat.com Cc: users@ovirt.org (users@ovirt.org) users@ovirt.org Sent: Monday, May 4, 2015 7:12:14 PM Subject: Re: [ovirt-users] ovirt 3.5.2 cannot start windows vms AW: [ovirt-users] ovirt 3.5.2 cannot start windows vms Hello, here are the logfiles from libvirt May 4 19:08:22 ovirt kernel: ovirtmgmt: port 2(vnet0) entered forwarding state May 4 19:08:22 ovirt kernel: ovirtmgmt: port 2(vnet0) entered forwarding state May 4 19:08:23 ovirt sanlock[638]: 2015-05-04 19:08:23+0200 5077 [638]: cmd 9 target pid 10182 not found May 4 19:08:23 ovirt systemd: Starting Virtual Machine qemu-testwin. May 4 19:08:23 ovirt systemd-machined: New machine qemu-testwin. May 4 19:08:23 ovirt systemd: Started Virtual Machine qemu-testwin. May 4 19:08:23 ovirt kvm: 1 guest now active May 4 19:08:23 ovirt kernel: ovirtmgmt: port 2(vnet0) entered disabled state May 4 19:08:23 ovirt kernel: device vnet0 left promiscuous mode May 4 19:08:23 ovirt kernel: ovirtmgmt: port 2(vnet0) entered disabled state May 4 19:08:23 ovirt kvm: 0 guests now active May 4 19:08:23 ovirt systemd-machined: Machine qemu-testwin terminated. May 4 19:08:23 ovirt libvirtd: 9183: error : qemuMonitorOpenUnix:309 : Verbindung mit Monitor-Socket gescheitert: Kein passender Prozess gefunden May 4 19:08:23 ovirt libvirtd: 9183: error : qemuProcessWaitForMonitor:2131 : Interner Fehler: Prozess während der Verbindungsaufnahme zum Monitor beendet This is the translation of the well-known 'internal error: monitor disconbected' QEMU error (not literal transaltion)! which is in turn caused by... :2015-05-04T17:08:23.274206Z qemu-kvm: -drive file=/var/run/vdsm/payload/c07772b8-6369-44cf-b554-b8dcb0e0e09b.0a41ac3e81bce0429e32b725fbf3ba5d.img,if=none,id=drive-fdc0-0-0,format=raw,serial=: could not open disk image /var/run/vdsm/payload/c07772b8-6369-44cf-b554-b8dcb0e0e09b.0a41ac3e81bce0429e32b725fbf3ba5d.img: Could not open file: Permission denied ... this error, and so the root cause seems indeed very much the same of https://bugzilla.redhat.com/show_bug.cgi?id=1213410#c7 because of this: May 4 19:08:23 ovirt libvirtd: 9183: warning : virSecuritySELinuxRestoreSecurityFileLabel:1034 : cannot lookup default selinux label for /rhev/data-center/d5e8a32f-35ed-4dec-bf9d-3c818c2780a4/66f8876c-0898-4ff2-9325-a14835f2a872/images/b329d34e-78b3-46a5-9df8-00b83c2c982a/c79a596b-5701-4afd-a5b5-d37cf412095c From the data gathered so far, it seems a selinux issue. Bests, -- Francesco Romani RedHat Engineering Virtualization R D Phone: 8261328 IRC: fromani ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt 3.5.2 cannot start windows vms
On May 5, 2015, at 08:51 , Francesco Romani from...@redhat.com wrote: Hi, - Original Message - From: Wolfgang Bucher wolfgang.buc...@netland-mn.de To: Michal Skrivanek mskri...@redhat.com Cc: users@ovirt.org (users@ovirt.org) users@ovirt.org Sent: Monday, May 4, 2015 7:12:14 PM Subject: Re: [ovirt-users] ovirt 3.5.2 cannot start windows vms AW: [ovirt-users] ovirt 3.5.2 cannot start windows vms Hello, here are the logfiles from libvirt May 4 19:08:22 ovirt kernel: ovirtmgmt: port 2(vnet0) entered forwarding state May 4 19:08:22 ovirt kernel: ovirtmgmt: port 2(vnet0) entered forwarding state May 4 19:08:23 ovirt sanlock[638]: 2015-05-04 19:08:23+0200 5077 [638]: cmd 9 target pid 10182 not found May 4 19:08:23 ovirt systemd: Starting Virtual Machine qemu-testwin. May 4 19:08:23 ovirt systemd-machined: New machine qemu-testwin. May 4 19:08:23 ovirt systemd: Started Virtual Machine qemu-testwin. May 4 19:08:23 ovirt kvm: 1 guest now active May 4 19:08:23 ovirt kernel: ovirtmgmt: port 2(vnet0) entered disabled state May 4 19:08:23 ovirt kernel: device vnet0 left promiscuous mode May 4 19:08:23 ovirt kernel: ovirtmgmt: port 2(vnet0) entered disabled state May 4 19:08:23 ovirt kvm: 0 guests now active May 4 19:08:23 ovirt systemd-machined: Machine qemu-testwin terminated. May 4 19:08:23 ovirt libvirtd: 9183: error : qemuMonitorOpenUnix:309 : Verbindung mit Monitor-Socket gescheitert: Kein passender Prozess gefunden May 4 19:08:23 ovirt libvirtd: 9183: error : qemuProcessWaitForMonitor:2131 : Interner Fehler: Prozess während der Verbindungsaufnahme zum Monitor beendet This is the translation of the well-known 'internal error: monitor disconbected' QEMU error (not literal transaltion)! which is in turn caused by... :2015-05-04T17:08:23.274206Z qemu-kvm: -drive file=/var/run/vdsm/payload/c07772b8-6369-44cf-b554-b8dcb0e0e09b.0a41ac3e81bce0429e32b725fbf3ba5d.img,if=none,id=drive-fdc0-0-0,format=raw,serial=: could not open disk image /var/run/vdsm/payload/c07772b8-6369-44cf-b554-b8dcb0e0e09b.0a41ac3e81bce0429e32b725fbf3ba5d.img: Could not open file: Permission denied ... this error, and so the root cause seems indeed very much the same of https://bugzilla.redhat.com/show_bug.cgi?id=1213410#c7 because of this: May 4 19:08:23 ovirt libvirtd: 9183: warning : virSecuritySELinuxRestoreSecurityFileLabel:1034 : cannot lookup default selinux label for /rhev/data-center/d5e8a32f-35ed-4dec-bf9d-3c818c2780a4/66f8876c-0898-4ff2-9325-a14835f2a872/images/b329d34e-78b3-46a5-9df8-00b83c2c982a/c79a596b-5701-4afd-a5b5-d37cf412095c From the data gathered so far, it seems a selinux issue. This is from Wolfgang's issue or the bug 1213410 or is it the same thing? In the bug the floppy creation failed In logs attached earlier to this thread it seems the floppy was created but libvirt access failed Thanks, michal Bests, -- Francesco Romani RedHat Engineering Virtualization R D Phone: 8261328 IRC: fromani ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Finished installing, when creating new VM, the fields are grayed out
Dear All, Very much new to oVirt, just finished installing Ovirt on CentOS 6.6 after login as admin, I straight went to create new VM machine, but fields to enter are all greyed(ie not able to enter the value). I have attached a screen shot for reference Guidance and advice requested Thanks Joseph John ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt 3.6 and Centos 6.x
- Original Message - From: Kapetanakis Giannis bil...@edu.physics.uoc.gr To: users@ovirt.org Sent: Tuesday, May 5, 2015 11:27:31 AM Subject: [ovirt-users] ovirt 3.6 and Centos 6.x Hi, Since 3.6 is somehow on the way, will there be support for Centos 6.x for engine and nodes? engine yes, nodes no. A 3.6 engine will be able to work with 3.5 nodes in 3.5 compatibility mode. If not is there a defined process of migrating the engine into a new el7 host (not hosted-engine setup) I've seen this http://www.ovirt.org/User:Adrian15/oVirt_engine_migration Is it still up2date? It says it's for 3.1, so it's not up2date... Sandro documented some time ago an upgrade from fedora 19 to 20, in [1]. Can't currently find something for el6-el7. You should definitely have a look at [1] if you intend to try - mainly do not forget upgrading postgresql's data. If you are looking at migration to a new machine, then I suppose that something based on backup/restore, similar to [2] but skipping the hosted-engine-specific parts, should work. Didn't try that myself. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1131828 [2] http://www.ovirt.org/Migrate_to_Hosted_Engine node migration is no problem but there is room for problems in engine migration. Indeed. Best, -- Didi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Finished installing, when creating new VM, the fields are grayed out
On 05/05/2015 10:20 AM, John Joseph wrote: Dear All, Very much new to oVirt, just finished installing Ovirt on CentOS 6.6 after login as admin, I straight went to create new VM machine, but fields to enter are all greyed(ie not able to enter the value). I have attached a screen shot for reference Guidance and advice requested Thanks Joseph John Hi, In the screenshot I can see the warning at the bottom Not available when no datacenter is up, so I think you skipped some steps ;-) Try reading this: http://www.ovirt.org/Quick_Start_Guide#Configure_Data_Centers Met vriendelijke groet, With kind regards, Jorick Astrego Netbulae Virtualization Experts Tel: 053 20 30 270 i...@netbulae.euStaalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Finished installing, when creating new VM, the fields are grayed out
- Original Message - From: John Joseph jjk_s...@yahoo.com To: users@ovirt.org Sent: Tuesday, May 5, 2015 10:56:45 AM Subject: Re: [ovirt-users] Finished installing, when creating new VM, the fields are grayed out On Tuesday, 5 May 2015 12:29 PM, Simone Tiraboschi stira...@redhat.com wrote: Thanks Did you deployed all-in-one? I see that you have no local storage at all under your local_datacenter and this is enough to prevent you datacenter to be up and so you cannot create your VMs. Could you please share you setup logs to check what happened on that local storage domain? Joseph John Thanks Jorick, Simone I did the installation by first giving yum install ovirt-engine then yum install ovirt-engine-setup-plugin-allinone then I ran engine-setup other than the default value, only changes I did was to change the default iso and images path, since I only had 50 GB of disk space in / I am sending you the conf file and log files for reference. My instance is not a production, a test machine and I can try out different options Looking forward for your advice thanks Joseph John From your attached answer file I saw that you explicitly choose to avoid all-in-one setup setting OVESETUP_AIO/configure=none:None OVESETUP_AIO/storageDomainName=none:None OVESETUP_AIO/storageDomainDir=none:None and so it didn't create a local storage for you. If you want to setup a local storage please remove them. In all-in-one setup you are using the same host for the management interface and also as an hypervisor with a local storage on that. It basically an evaluation configuration just to try it since you are loosing a lot of capabilities there. In the normal setup you have oVirt engine on one host managing other hosts as hypervisors with a shared storage for that. You can also have hosted-engine setup where the oVirt engine runs on a VM hosted by the hosts that it's going to manage ensuring HA capabilities if well configured (at least two hosts). ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Edit a node image
- Original Message - Hi, I am testing oVirt to deploy a new virtualization infrastructure. I want to edit a node with the command edit-node. I use this command to add some HP packages to manage our ProLiant Servers and add some plugins : edit-node --install=hponcfg --install=hpssacli --install=hp-health -- install-plugin=ovirt-node-plugin-snmp --install-plugin=ovirt-node-plugin-ipmi --repo=/etc/yum.repos.d/ovirt-3.5.repo --repo=/etc/yum.repos.d/CentOS- Base.repo --repo=/etc/yum.repos.d/epel.repo --repo=/etc/yum.repos.d/HP- spp.repo ovirt-node-iso-3.5.2-edited.el6.iso I don't see my plugins or packages in my new ISO file, it seems it only add the first packages I add in the command line. Perhaps I misunderstood how using the edit-node command, must I add all packages in one --install option ? Hey Kevin, --install-plugin takes a single argument, which is a concatenated list of all the rpms you want to install, separated by ,. I.e.: --install-plugin=ovirt-node-plugin-ipmi,ovirt-node-plugin-snmp Could you give that a try? Greetings fabian ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] ovirt 3.6 and Centos 6.x
Hi, Since 3.6 is somehow on the way, will there be support for Centos 6.x for engine and nodes? If not is there a defined process of migrating the engine into a new el7 host (not hosted-engine setup) I've seen this http://www.ovirt.org/User:Adrian15/oVirt_engine_migration Is it still up2date? node migration is no problem but there is room for problems in engine migration. regards, G ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Finished installing, when creating new VM, the fields are grayed out
- Original Message - From: John Joseph jjk_s...@yahoo.com To: users@ovirt.org Sent: Tuesday, May 5, 2015 10:20:23 AM Subject: [ovirt-users] Finished installing, when creating new VM, the fields are grayed out Dear All, Very much new to oVirt, just finished installing Ovirt on CentOS 6.6 after login as admin, I straight went to create new VM machine, but fields to enter are all greyed(ie not able to enter the value). I have attached a screen shot for reference Guidance and advice requested Thanks Did you deployed all-in-one? I see that you have no local storage at all under your local_datacenter and this is enough to prevent you datacenter to be up and so you cannot create your VMs. Could you please share you setup logs to check what happened on that local storage domain? Joseph John ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] AAA LDAP Authentication
I'm trying to set up the new 3.5 AAA LDAP Auth, but it's lacking some serious detail in documentation, the rest is java-programmer-oriented docs only that I can find; https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git Here's a sample config (sanitized) that I need to adapt to ovirt; *I HAVE NO control over the LDAP server. So far I've managed to figure out through search after search to use LDAPS (TLS isn't an option, thanks!) Two parts I can't figure out; setting rootDN and setting the organization filter-- members of that particular organization should have access to ovirt, and none others. vars.server = directory.ft.com # # Search user and its password. # vars.user = uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com vars.urootdn = cn=users,cn=accounts,dc=corp,dc=ft,dc=com vars.password = Ft## pool.default.serverset.single.server = ${global:vars.server} pool.default.serverset.single.port = 636 pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.rootDN = ${global:vars.urootdn} pool.default.auth.simple.password = ${global:vars.password} # enable SSL pool.default.ssl.enable = true #pool.default.ssl.insecure = false # Create keystore, import certificate chain and uncomment # if using ssl/tls. #pool.default.ssl.startTLS = true pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.server}.jks pool.default.ssl.truststore.password = changeit example config from testlink $tlCfg-authentication['method'] = 'LDAP'; /** LDAP authentication credentials */ $tlCfg-authentication['ldap_server'] = 'ldaps://directory.ft.com'; $tlCfg-authentication['ldap_port'] = '636'; $tlCfg-authentication['ldap_version'] = '3'; $tlCfg-authentication['ldap_root_dn'] = 'cn=users,cn=accounts,dc=corp,dc=ft,dc=com'; $tlCfg-authentication['ldap_bind_dn'] = 'uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com'; $tlCfg-authentication['ldap_bind_passwd'] = 'Ft##'; $tlCfg-authentication['ldap_tls'] = false; // true - use tls $tlCfg-authentication['ldap_organization'] = '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; // e.g. '(organizationname=*Traffic)' $tlCfg-authentication['ldap_uid_field'] = 'uid'; // Use 'sAMAccountName' for Active Directory ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] AAA LDAP Authentication
Hello, Resources includes sysadmin documentation[1], integrator documentation[2], overview[3], examples[4]. You did not specify what LDAP vendor it is. I can guess your directory is Active Directory, hence all you need to do is follow the QUICK START[5]. The rootDSE is determined automatically, all you need is to provide a valid user and password. What you are missing in your configuration is the include directive of the proper driver. Not sure why you use LDAPS and not LDAP with startTLS, startTLS is more flexible and should be used unless there is an issue. Alon [1] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD [2] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README.profile;hb=HEAD [3] http://www.ovirt.org/Features/AAA [4] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=tree;f=examples;hb=HEAD [5] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l6 - Original Message - From: David Smith dsm...@mypchelp.com To: users users@ovirt.org Sent: Tuesday, May 5, 2015 11:09:25 PM Subject: [ovirt-users] AAA LDAP Authentication I'm trying to set up the new 3.5 AAA LDAP Auth, but it's lacking some serious detail in documentation, the rest is java-programmer-oriented docs only that I can find; https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git Here's a sample config (sanitized) that I need to adapt to ovirt; *I HAVE NO control over the LDAP server. So far I've managed to figure out through search after search to use LDAPS (TLS isn't an option, thanks!) Two parts I can't figure out; setting rootDN and setting the organization filter-- members of that particular organization should have access to ovirt, and none others. vars.server = directory.ft.com # # Search user and its password. # vars.user = uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com vars.urootdn = cn=users,cn=accounts,dc=corp,dc=ft,dc=com vars.password = Ft## pool.default.serverset.single.server = ${global:vars.server} pool.default.serverset.single.port = 636 pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.rootDN = ${global:vars.urootdn} pool.default.auth.simple.password = ${global:vars.password} # enable SSL pool.default.ssl.enable = true #pool.default.ssl.insecure = false # Create keystore, import certificate chain and uncomment # if using ssl/tls. #pool.default.ssl.startTLS = true pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.server}.jks pool.default.ssl.truststore.password = changeit example config from testlink $tlCfg-authentication['method'] = 'LDAP'; /** LDAP authentication credentials */ $tlCfg-authentication['ldap_server'] = 'ldaps:// directory.ft.com '; $tlCfg-authentication['ldap_port'] = '636'; $tlCfg-authentication['ldap_version'] = '3'; $tlCfg-authentication['ldap_root_dn'] = 'cn=users,cn=accounts,dc=corp,dc=ft,dc=com'; $tlCfg-authentication['ldap_bind_dn'] = 'uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com'; $tlCfg-authentication['ldap_bind_passwd'] = 'Ft##'; $tlCfg-authentication['ldap_tls'] = false; // true - use tls $tlCfg-authentication['ldap_organization'] = '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; // e.g. '(organizationname=*Traffic)' $tlCfg-authentication['ldap_uid_field'] = 'uid'; // Use 'sAMAccountName' for Active Directory ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] AAA LDAP Authentication
I beginning to understand... although I cannot figure out how login works while search not. Anyway, try to add this to your profile: sequence-init.init.900-local-init-vars = local-init-vars sequence.local-init-vars.010.description = override name space sequence.local-init-vars.010.type = var-set sequence.local-init-vars.010.var-set.variable = simple_namespaceDefault sequence.local-init-vars.010.var-set.value = cn=users,cn=accounts,dc=corp,dc=ft,dc=com sequence.local-init-vars.020.description = apply filter to users sequence.local-init-vars.020.type = var-set sequence.local-init-vars.020.var-set.variable = simple_filterUserObject sequence.local-init-vars.020.var-set.value = ${seq:simple_filterUserObject}(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com) sequence.local-init-vars.030.description = apply filter to groups sequence.local-init-vars.030.type = var-set sequence.local-init-vars.030.var-set.variable = simple_filterGroupObject sequence.local-init-vars.030.var-set.value = ${seq:simple_filterGroupObject}(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com) - Original Message - From: David Smith dsm...@mypchelp.com To: Alon Bar-Lev alo...@redhat.com Cc: users users@ovirt.org Sent: Wednesday, May 6, 2015 12:17:59 AM Subject: Re: [ovirt-users] AAA LDAP Authentication I can log into ovirt, I can see the profile, it doesn't throw any errors. However, it doesn't display any users. This is because the automatic rootDN is wrong. oVirt shows Namespace: dc=corp, dc=ft, dc=com if this is the search base it actually needs to be cn=users, cn=accounts, dc=corp, dc=ft, dc=com Hence my desire to configure rootDN Then, I also want to filter based on the above (sorry the traffic part was a comment from testlink, the line should be) '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; That filter is was makes sure the results only show users in the specific group I want to give access to. Thanks, David On Tue, May 5, 2015 at 2:08 PM, Alon Bar-Lev alo...@redhat.com wrote: Hi, So your configuration is working, just you want to filter users? I do not follow what organization filter is. '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; // e.g. '(organizationname=*Traffic)' It looks to me that you want to narrow the results based on specific attribute value. But first you should confirm that all is working for you, only then we can start customize the provider to meet your special needs. Thanks, Alon. - Original Message - From: David Smith dsm...@mypchelp.com To: Alon Bar-Lev alo...@redhat.com Cc: users users@ovirt.org Sent: Wednesday, May 6, 2015 12:01:28 AM Subject: Re: [ovirt-users] AAA LDAP Authentication Hi Alon, Thanks for the quick reply. openldap works fine; I use it with testlink (as shown in the example config). We're not using active directory; Just LDAP. The example config I provided is fully inclusive of all configuration required for testlink to use LDAP, I also have jenkins and mantis configured using the same parameters (although their terminology on where to enter the parameters is varied, they use all the same information) The rootDSE is being determined automatically; however for my use it's wrong and needs to be provided manually. Again, I have no control over this. It's a company-wide configuration that won't be changed just for me. How would I be able to specify the organization filter line if I added some other include directive of whatever driver? I don't even understand what you're saying, exactly. Not all ovirt users/managers are programming experts. I use LDAPS because thats what my company supports. StartTLS is NOT supported (as I stated). Silly on their part, right? Thanks, David On Tue, May 5, 2015 at 1:18 PM, Alon Bar-Lev alo...@redhat.com wrote: Hello, Resources includes sysadmin documentation[1], integrator documentation[2], overview[3], examples[4]. You did not specify what LDAP vendor it is. I can guess your directory is Active Directory, hence all you need to do is follow the QUICK START[5]. The rootDSE is determined automatically, all you need is to provide a valid user and password. What you are missing in your configuration is the include directive of the proper driver. Not sure why you use LDAPS and not LDAP with startTLS, startTLS is more flexible and should be used unless there is an issue. Alon [1] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD [2] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README.profile;hb=HEAD [3] http://www.ovirt.org/Features/AAA [4]
Re: [ovirt-users] AAA LDAP Authentication
blank suggests that there is initialization error. please attach (do not paste) the ldap profile, extension properties and engine.log. I may need debug log as well, but lets start with this. - Original Message - From: David Smith dsm...@mypchelp.com To: Alon Bar-Lev alo...@redhat.com Cc: users users@ovirt.org Sent: Wednesday, May 6, 2015 12:49:09 AM Subject: Re: [ovirt-users] AAA LDAP Authentication I added that to the end, since there wasn't any reference on it as to where to put it; I restarted the engine and didn't notice any changes, the namespace still reads the same as before, and no users show up Note that in the field to the right of namespace it's blank, whereby with internal or our other pre-aaa ldap config it shows * and can be changed to a username as a filter, in this case it doesn't allow me to enter anything On Tue, May 5, 2015 at 2:34 PM, Alon Bar-Lev alo...@redhat.com wrote: I beginning to understand... although I cannot figure out how login works while search not. Anyway, try to add this to your profile: sequence-init.init.900-local-init-vars = local-init-vars sequence.local-init-vars.010.description = override name space sequence.local-init-vars.010.type = var-set sequence.local-init-vars.010.var-set.variable = simple_namespaceDefault sequence.local-init-vars.010.var-set.value = cn=users,cn=accounts,dc=corp,dc=ft,dc=com sequence.local-init-vars.020.description = apply filter to users sequence.local-init-vars.020.type = var-set sequence.local-init-vars.020.var-set.variable = simple_filterUserObject sequence.local-init-vars.020.var-set.value = ${seq:simple_filterUserObject}(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com) sequence.local-init-vars.030.description = apply filter to groups sequence.local-init-vars.030.type = var-set sequence.local-init-vars.030.var-set.variable = simple_filterGroupObject sequence.local-init-vars.030.var-set.value = ${seq:simple_filterGroupObject}(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com) - Original Message - From: David Smith dsm...@mypchelp.com To: Alon Bar-Lev alo...@redhat.com Cc: users users@ovirt.org Sent: Wednesday, May 6, 2015 12:17:59 AM Subject: Re: [ovirt-users] AAA LDAP Authentication I can log into ovirt, I can see the profile, it doesn't throw any errors. However, it doesn't display any users. This is because the automatic rootDN is wrong. oVirt shows Namespace: dc=corp, dc=ft, dc=com if this is the search base it actually needs to be cn=users, cn=accounts, dc=corp, dc=ft, dc=com Hence my desire to configure rootDN Then, I also want to filter based on the above (sorry the traffic part was a comment from testlink, the line should be) '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; That filter is was makes sure the results only show users in the specific group I want to give access to. Thanks, David On Tue, May 5, 2015 at 2:08 PM, Alon Bar-Lev alo...@redhat.com wrote: Hi, So your configuration is working, just you want to filter users? I do not follow what organization filter is. '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; // e.g. '(organizationname=*Traffic)' It looks to me that you want to narrow the results based on specific attribute value. But first you should confirm that all is working for you, only then we can start customize the provider to meet your special needs. Thanks, Alon. - Original Message - From: David Smith dsm...@mypchelp.com To: Alon Bar-Lev alo...@redhat.com Cc: users users@ovirt.org Sent: Wednesday, May 6, 2015 12:01:28 AM Subject: Re: [ovirt-users] AAA LDAP Authentication Hi Alon, Thanks for the quick reply. openldap works fine; I use it with testlink (as shown in the example config). We're not using active directory; Just LDAP. The example config I provided is fully inclusive of all configuration required for testlink to use LDAP, I also have jenkins and mantis configured using the same parameters (although their terminology on where to enter the parameters is varied, they use all the same information) The rootDSE is being determined automatically; however for my use it's wrong and needs to be provided manually. Again, I have no control over this. It's a company-wide configuration that won't be changed just for me. How would I be able to specify the organization filter line if I added some other include directive of whatever driver? I don't even understand what you're saying, exactly. Not all ovirt users/managers are programming experts. I use LDAPS because thats what my company supports. StartTLS is NOT supported (as I stated).
Re: [ovirt-users] AAA LDAP Authentication
Hi Alon, Thanks for the quick reply. openldap works fine; I use it with testlink (as shown in the example config). We're not using active directory; Just LDAP. The example config I provided is fully inclusive of all configuration required for testlink to use LDAP, I also have jenkins and mantis configured using the same parameters (although their terminology on where to enter the parameters is varied, they use all the same information) The rootDSE is being determined automatically; however for my use it's wrong and needs to be provided manually. Again, I have no control over this. It's a company-wide configuration that won't be changed just for me. How would I be able to specify the organization filter line if I added some other include directive of whatever driver? I don't even understand what you're saying, exactly. Not all ovirt users/managers are programming experts. I use LDAPS because thats what my company supports. StartTLS is NOT supported (as I stated). Silly on their part, right? Thanks, David On Tue, May 5, 2015 at 1:18 PM, Alon Bar-Lev alo...@redhat.com wrote: Hello, Resources includes sysadmin documentation[1], integrator documentation[2], overview[3], examples[4]. You did not specify what LDAP vendor it is. I can guess your directory is Active Directory, hence all you need to do is follow the QUICK START[5]. The rootDSE is determined automatically, all you need is to provide a valid user and password. What you are missing in your configuration is the include directive of the proper driver. Not sure why you use LDAPS and not LDAP with startTLS, startTLS is more flexible and should be used unless there is an issue. Alon [1] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD [2] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README.profile;hb=HEAD [3] http://www.ovirt.org/Features/AAA [4] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=tree;f=examples;hb=HEAD [5] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l6 - Original Message - From: David Smith dsm...@mypchelp.com To: users users@ovirt.org Sent: Tuesday, May 5, 2015 11:09:25 PM Subject: [ovirt-users] AAA LDAP Authentication I'm trying to set up the new 3.5 AAA LDAP Auth, but it's lacking some serious detail in documentation, the rest is java-programmer-oriented docs only that I can find; https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git Here's a sample config (sanitized) that I need to adapt to ovirt; *I HAVE NO control over the LDAP server. So far I've managed to figure out through search after search to use LDAPS (TLS isn't an option, thanks!) Two parts I can't figure out; setting rootDN and setting the organization filter-- members of that particular organization should have access to ovirt, and none others. vars.server = directory.ft.com # # Search user and its password. # vars.user = uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com vars.urootdn = cn=users,cn=accounts,dc=corp,dc=ft,dc=com vars.password = Ft## pool.default.serverset.single.server = ${global:vars.server} pool.default.serverset.single.port = 636 pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.rootDN = ${global:vars.urootdn} pool.default.auth.simple.password = ${global:vars.password} # enable SSL pool.default.ssl.enable = true #pool.default.ssl.insecure = false # Create keystore, import certificate chain and uncomment # if using ssl/tls. #pool.default.ssl.startTLS = true pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.server}.jks pool.default.ssl.truststore.password = changeit example config from testlink $tlCfg-authentication['method'] = 'LDAP'; /** LDAP authentication credentials */ $tlCfg-authentication['ldap_server'] = 'ldaps:// directory.ft.com '; $tlCfg-authentication['ldap_port'] = '636'; $tlCfg-authentication['ldap_version'] = '3'; $tlCfg-authentication['ldap_root_dn'] = 'cn=users,cn=accounts,dc=corp,dc=ft,dc=com'; $tlCfg-authentication['ldap_bind_dn'] = 'uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com'; $tlCfg-authentication['ldap_bind_passwd'] = 'Ft##'; $tlCfg-authentication['ldap_tls'] = false; // true - use tls $tlCfg-authentication['ldap_organization'] = '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; // e.g. '(organizationname=*Traffic)' $tlCfg-authentication['ldap_uid_field'] = 'uid'; // Use 'sAMAccountName' for Active Directory ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] AAA LDAP Authentication
Hi, So your configuration is working, just you want to filter users? I do not follow what organization filter is. '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; // e.g. '(organizationname=*Traffic)' It looks to me that you want to narrow the results based on specific attribute value. But first you should confirm that all is working for you, only then we can start customize the provider to meet your special needs. Thanks, Alon. - Original Message - From: David Smith dsm...@mypchelp.com To: Alon Bar-Lev alo...@redhat.com Cc: users users@ovirt.org Sent: Wednesday, May 6, 2015 12:01:28 AM Subject: Re: [ovirt-users] AAA LDAP Authentication Hi Alon, Thanks for the quick reply. openldap works fine; I use it with testlink (as shown in the example config). We're not using active directory; Just LDAP. The example config I provided is fully inclusive of all configuration required for testlink to use LDAP, I also have jenkins and mantis configured using the same parameters (although their terminology on where to enter the parameters is varied, they use all the same information) The rootDSE is being determined automatically; however for my use it's wrong and needs to be provided manually. Again, I have no control over this. It's a company-wide configuration that won't be changed just for me. How would I be able to specify the organization filter line if I added some other include directive of whatever driver? I don't even understand what you're saying, exactly. Not all ovirt users/managers are programming experts. I use LDAPS because thats what my company supports. StartTLS is NOT supported (as I stated). Silly on their part, right? Thanks, David On Tue, May 5, 2015 at 1:18 PM, Alon Bar-Lev alo...@redhat.com wrote: Hello, Resources includes sysadmin documentation[1], integrator documentation[2], overview[3], examples[4]. You did not specify what LDAP vendor it is. I can guess your directory is Active Directory, hence all you need to do is follow the QUICK START[5]. The rootDSE is determined automatically, all you need is to provide a valid user and password. What you are missing in your configuration is the include directive of the proper driver. Not sure why you use LDAPS and not LDAP with startTLS, startTLS is more flexible and should be used unless there is an issue. Alon [1] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD [2] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README.profile;hb=HEAD [3] http://www.ovirt.org/Features/AAA [4] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=tree;f=examples;hb=HEAD [5] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l6 - Original Message - From: David Smith dsm...@mypchelp.com To: users users@ovirt.org Sent: Tuesday, May 5, 2015 11:09:25 PM Subject: [ovirt-users] AAA LDAP Authentication I'm trying to set up the new 3.5 AAA LDAP Auth, but it's lacking some serious detail in documentation, the rest is java-programmer-oriented docs only that I can find; https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git Here's a sample config (sanitized) that I need to adapt to ovirt; *I HAVE NO control over the LDAP server. So far I've managed to figure out through search after search to use LDAPS (TLS isn't an option, thanks!) Two parts I can't figure out; setting rootDN and setting the organization filter-- members of that particular organization should have access to ovirt, and none others. vars.server = directory.ft.com # # Search user and its password. # vars.user = uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com vars.urootdn = cn=users,cn=accounts,dc=corp,dc=ft,dc=com vars.password = Ft## pool.default.serverset.single.server = ${global:vars.server} pool.default.serverset.single.port = 636 pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.rootDN = ${global:vars.urootdn} pool.default.auth.simple.password = ${global:vars.password} # enable SSL pool.default.ssl.enable = true #pool.default.ssl.insecure = false # Create keystore, import certificate chain and uncomment # if using ssl/tls. #pool.default.ssl.startTLS = true pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.server}.jks pool.default.ssl.truststore.password = changeit example config from testlink $tlCfg-authentication['method'] = 'LDAP'; /** LDAP authentication credentials */ $tlCfg-authentication['ldap_server'] = 'ldaps:// directory.ft.com '; $tlCfg-authentication['ldap_port'] = '636'; $tlCfg-authentication['ldap_version'] = '3'; $tlCfg-authentication['ldap_root_dn'] =
Re: [ovirt-users] AAA LDAP Authentication
I can log into ovirt, I can see the profile, it doesn't throw any errors. However, it doesn't display any users. This is because the automatic rootDN is wrong. oVirt shows Namespace: dc=corp, dc=ft, dc=com if this is the search base it actually needs to be cn=users, cn=accounts, dc=corp, dc=ft, dc=com Hence my desire to configure rootDN Then, I also want to filter based on the above (sorry the traffic part was a comment from testlink, the line should be) '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; That filter is was makes sure the results only show users in the specific group I want to give access to. Thanks, David On Tue, May 5, 2015 at 2:08 PM, Alon Bar-Lev alo...@redhat.com wrote: Hi, So your configuration is working, just you want to filter users? I do not follow what organization filter is. '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; // e.g. '(organizationname=*Traffic)' It looks to me that you want to narrow the results based on specific attribute value. But first you should confirm that all is working for you, only then we can start customize the provider to meet your special needs. Thanks, Alon. - Original Message - From: David Smith dsm...@mypchelp.com To: Alon Bar-Lev alo...@redhat.com Cc: users users@ovirt.org Sent: Wednesday, May 6, 2015 12:01:28 AM Subject: Re: [ovirt-users] AAA LDAP Authentication Hi Alon, Thanks for the quick reply. openldap works fine; I use it with testlink (as shown in the example config). We're not using active directory; Just LDAP. The example config I provided is fully inclusive of all configuration required for testlink to use LDAP, I also have jenkins and mantis configured using the same parameters (although their terminology on where to enter the parameters is varied, they use all the same information) The rootDSE is being determined automatically; however for my use it's wrong and needs to be provided manually. Again, I have no control over this. It's a company-wide configuration that won't be changed just for me. How would I be able to specify the organization filter line if I added some other include directive of whatever driver? I don't even understand what you're saying, exactly. Not all ovirt users/managers are programming experts. I use LDAPS because thats what my company supports. StartTLS is NOT supported (as I stated). Silly on their part, right? Thanks, David On Tue, May 5, 2015 at 1:18 PM, Alon Bar-Lev alo...@redhat.com wrote: Hello, Resources includes sysadmin documentation[1], integrator documentation[2], overview[3], examples[4]. You did not specify what LDAP vendor it is. I can guess your directory is Active Directory, hence all you need to do is follow the QUICK START[5]. The rootDSE is determined automatically, all you need is to provide a valid user and password. What you are missing in your configuration is the include directive of the proper driver. Not sure why you use LDAPS and not LDAP with startTLS, startTLS is more flexible and should be used unless there is an issue. Alon [1] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD [2] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README.profile;hb=HEAD [3] http://www.ovirt.org/Features/AAA [4] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=tree;f=examples;hb=HEAD [5] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l6 - Original Message - From: David Smith dsm...@mypchelp.com To: users users@ovirt.org Sent: Tuesday, May 5, 2015 11:09:25 PM Subject: [ovirt-users] AAA LDAP Authentication I'm trying to set up the new 3.5 AAA LDAP Auth, but it's lacking some serious detail in documentation, the rest is java-programmer-oriented docs only that I can find; https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git Here's a sample config (sanitized) that I need to adapt to ovirt; *I HAVE NO control over the LDAP server. So far I've managed to figure out through search after search to use LDAPS (TLS isn't an option, thanks!) Two parts I can't figure out; setting rootDN and setting the organization filter-- members of that particular organization should have access to ovirt, and none others. vars.server = directory.ft.com # # Search user and its password. # vars.user = uid=newproductslab,cn=users,cn=accounts,dc=corp,dc=ft,dc=com vars.urootdn = cn=users,cn=accounts,dc=corp,dc=ft,dc=com vars.password = Ft## pool.default.serverset.single.server = ${global:vars.server} pool.default.serverset.single.port = 636 pool.default.auth.simple.bindDN =
Re: [ovirt-users] AAA LDAP Authentication
I added that to the end, since there wasn't any reference on it as to where to put it; I restarted the engine and didn't notice any changes, the namespace still reads the same as before, and no users show up Note that in the field to the right of namespace it's blank, whereby with internal or our other pre-aaa ldap config it shows * and can be changed to a username as a filter, in this case it doesn't allow me to enter anything On Tue, May 5, 2015 at 2:34 PM, Alon Bar-Lev alo...@redhat.com wrote: I beginning to understand... although I cannot figure out how login works while search not. Anyway, try to add this to your profile: sequence-init.init.900-local-init-vars = local-init-vars sequence.local-init-vars.010.description = override name space sequence.local-init-vars.010.type = var-set sequence.local-init-vars.010.var-set.variable = simple_namespaceDefault sequence.local-init-vars.010.var-set.value = cn=users,cn=accounts,dc=corp,dc=ft,dc=com sequence.local-init-vars.020.description = apply filter to users sequence.local-init-vars.020.type = var-set sequence.local-init-vars.020.var-set.variable = simple_filterUserObject sequence.local-init-vars.020.var-set.value = ${seq:simple_filterUserObject}(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com) sequence.local-init-vars.030.description = apply filter to groups sequence.local-init-vars.030.type = var-set sequence.local-init-vars.030.var-set.variable = simple_filterGroupObject sequence.local-init-vars.030.var-set.value = ${seq:simple_filterGroupObject}(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com) - Original Message - From: David Smith dsm...@mypchelp.com To: Alon Bar-Lev alo...@redhat.com Cc: users users@ovirt.org Sent: Wednesday, May 6, 2015 12:17:59 AM Subject: Re: [ovirt-users] AAA LDAP Authentication I can log into ovirt, I can see the profile, it doesn't throw any errors. However, it doesn't display any users. This is because the automatic rootDN is wrong. oVirt shows Namespace: dc=corp, dc=ft, dc=com if this is the search base it actually needs to be cn=users, cn=accounts, dc=corp, dc=ft, dc=com Hence my desire to configure rootDN Then, I also want to filter based on the above (sorry the traffic part was a comment from testlink, the line should be) '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; That filter is was makes sure the results only show users in the specific group I want to give access to. Thanks, David On Tue, May 5, 2015 at 2:08 PM, Alon Bar-Lev alo...@redhat.com wrote: Hi, So your configuration is working, just you want to filter users? I do not follow what organization filter is. '(nsRoleDN=cn=newproductslab,cn=accounts,dc=corp,dc=ft,dc=com)'; // e.g. '(organizationname=*Traffic)' It looks to me that you want to narrow the results based on specific attribute value. But first you should confirm that all is working for you, only then we can start customize the provider to meet your special needs. Thanks, Alon. - Original Message - From: David Smith dsm...@mypchelp.com To: Alon Bar-Lev alo...@redhat.com Cc: users users@ovirt.org Sent: Wednesday, May 6, 2015 12:01:28 AM Subject: Re: [ovirt-users] AAA LDAP Authentication Hi Alon, Thanks for the quick reply. openldap works fine; I use it with testlink (as shown in the example config). We're not using active directory; Just LDAP. The example config I provided is fully inclusive of all configuration required for testlink to use LDAP, I also have jenkins and mantis configured using the same parameters (although their terminology on where to enter the parameters is varied, they use all the same information) The rootDSE is being determined automatically; however for my use it's wrong and needs to be provided manually. Again, I have no control over this. It's a company-wide configuration that won't be changed just for me. How would I be able to specify the organization filter line if I added some other include directive of whatever driver? I don't even understand what you're saying, exactly. Not all ovirt users/managers are programming experts. I use LDAPS because thats what my company supports. StartTLS is NOT supported (as I stated). Silly on their part, right? Thanks, David On Tue, May 5, 2015 at 1:18 PM, Alon Bar-Lev alo...@redhat.com wrote: Hello, Resources includes sysadmin documentation[1], integrator documentation[2], overview[3], examples[4]. You did not specify what LDAP vendor it is. I can guess your directory is Active Directory, hence all you need to do is follow the QUICK START[5]. The rootDSE is determined automatically, all you need is to provide a valid user and
Re: [ovirt-users] ovirt 3.6 and Centos 6.x
On 05/05/15 11:43, Yedidyah Bar David wrote: - Original Message - Hi, Since 3.6 is somehow on the way, will there be support for Centos 6.x for engine and nodes? engine yes, nodes no. A 3.6 engine will be able to work with 3.5 nodes in 3.5 compatibility mode. So a setup of el6 engine with el7 nodes in 3.6 compatibility mode will be available? Thanks for the rest info. G ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users