Re: [ovirt-users] Not able to resume a VM which was paused because of gluster quorum issue

[Nir Soffer]

On Thu, Sep 24, 2015 at 9:06 AM, Ramesh Nachimuthu 
wrote:

>
>
> On 09/24/2015 11:28 AM, Nir Soffer wrote:
>
> On Thu, Sep 24, 2015 at 7:37 AM, Ramesh Nachimuthu < 
> rnach...@redhat.com> wrote:
>
>>
>>
>> On 09/24/2015 02:38 AM, Darrell Budic wrote:
>>
>> This is a known issue in overt 3.5.x and below. It’s been solved in the
>> upcoming ovirt 3.6.
>>
>> Related to https://bugzilla.redhat.com/show_bug.cgi?id=1172905, the fix
>> involved setting up a special cgroup for the mount, but i can’t find the
>> exact details atm.
>>
>>
>> I have vdsm 4.17.6-0.el7.centos already installed on the hosts. So I am
>> not sure above bug 1172905
>>  fixes this
>> correctly.
>>
>
> I think the root cause is the same - qemu cannot recover from glusterfs
> unmount, and the only way to resume the vm is to restart it with a fresh
> mount.
>
> The mentioned bug handle the case where stopping vdsm kills the glusterfs
> mount helper. This issue is fixed in 3.6.
>
> The issue here seems different. I suggest you open a bug so gluster guys
> can investigate this.
>
>
> Seems like I am hitting the issue reported in bz
> https://bugzilla.redhat.com/show_bug.cgi?id=1171261.
>

Indeed.

I would open an ovirt bug anyway and make it depend on the glusterfs bug.

We need a way to track this issues, and having no ovirt/rhev hides this
issue.


>
> Regards,
> Ramesh
>
>
> Nir
>
>
>
>
>>
>> Regards,
>> Ramesh
>>
>>
>>
>> On Sep 23, 2015, at 7:38 AM, Ramesh Nachimuthu 
>> wrote:
>>
>>
>>
>> On 09/22/2015 05:57 PM, Alastair Neil wrote:
>>
>> You need to set the gluster.server-quorum-ratio to 51%
>>
>>
>> I did that. But still I am facing the same issue. VM get paused when I do
>> some I/O using fio on some disks backed by gluster. I am not able to resume
>> the VM after this. Now only way is to bring down the VM and run again. It
>> runs successfully on the same host without any issue.
>>
>> Regards,
>> Ramesh
>>
>> On 22 September 2015 at 08:25, Ramesh Nachimuthu < 
>> rnach...@redhat.com> wrote:
>>
>>>
>>>
>>> On 09/22/2015 05:43 PM, Alastair Neil wrote:
>>>
>>> what are the gluster-quorum-type and gluster.server-quorum-ratio
>>>  settings on the volume?
>>>
>>>
>>> *cluster.server-quorum-type*:server
>>> *cluster.quorum-type*:auto
>>> *gluster.server-quorum-ratio is not set.*
>>>
>>> One brick process is purposefully killed  but remaining two bricks are
>>> up and running.
>>>
>>> Regards,
>>> Ramesh
>>>
>>> On 22 September 2015 at 06:24, Ramesh Nachimuthu < 
>>> rnach...@redhat.com> wrote:
>>>
 Hi,

I am not able to resume a VM which was paused because of gluster
 client quorum issue. Here is what happened in my setup.

 1. Created a gluster storage domain which is backed by gluster volume
 with replica 3.
 2. Killed one brick process. So only two bricks are running in replica
 3 setup.
 3. Created two VMs
 4. Started some IO using fio on both of the VMs
 5. After some time got the following error in gluster mount and VMs
 moved to paused state.
  " server 10.70.45.17:49217 has not responded in the last 42
 seconds, disconnecting."
   "vmstore-replicate-0: e16d1e40-2b6e-4f19-977d-e099f465dfc6:
 Failing WRITE as quorum is not met"
   more gluster mount logs at 
 http://pastebin.com/UmiUQq0F
 6. After some time gluster quorum is active and I am able to write the
 the gluster file system.
 7. When I try to resume the VM it doesn't work and I got following
 error in vdsm log.
   http://pastebin.com/aXiamY15


 Regards,
 Ramesh


 ___
 Users mailing list
 Users@ovirt.org
 
 http://lists.ovirt.org/mailman/listinfo/users


>>>
>>>
>>
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>>
>>
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Systemd-Script to put the node in "maintenance" on shutdown

[Nir Soffer]

On Fri, Sep 18, 2015 at 4:26 PM, Luca Bertoncello <
l.bertonce...@queo-group.com> wrote:

> Hi again,
>
> I'm trying to write a systemd-script (for CentOS7) in order to
> automatically put the host in "maintenance" on shutdown and to activate it
> after boot.
> I wrote a python-script that to that and it works so that I can start it
> and see the host in "maintenance" and having all VMs migrated.
>
> Unfortunately I can't call this script on shutdown/reboot and wait until
> all VMs are migrated and the host is in maintenance.
>

I don't think this will work, since you must put the host into maintenance,
and wait until all vms were migrated before you reboot the host.

All this can be done only by controlling engine, not from the host that is
going to shutdown.

If you want to trigger this from the host itself, I would write an
ovirt-shutdown tool, ask engine to put the host into maintenance, wait
until all vms migrate, and the invoke the real shutdown command.

I guess it would be more useful to run this tool not on the host you want
to reboot but on another machine.

It may be possible to somehow get systemd to use this tool instead of the
shutdown command, but I don't think it is a good idea. This will make your
host fail to shutdown if your tool is buggy.

Maybe ask on systemd mailing list about this.


>
> Here my script:
>
> [Unit]
> Description=oVirt interface for managing host
> After=remote-fs.target vdsmd.service multipathd.service libvirtd.service
> time-sync.target iscsid.service rpcbind.service supervdsmd.service
> sanlock.service vdsm-network.service
> Wants=remote-fs.target vdsmd.service multipathd.service libvirtd.service
> time-sync.target iscsid.service rpcbind.service supervdsmd.service
> sanlock.service vdsm-network.service
>
> [Service]
> Type=simple
> RemainAfterExit=yes
> ExecStart=/usr/local/bin/ovirt-maintenance.sh active
> ExecStop=/usr/local/bin/ovirt-maintenance.sh maintenance
> KillMode=none
>
> [Install]
> WantedBy=multi-user.target
>
> Could someone help me and say what I'm doing wrong?
>
> Thanks a lot
>
> Mit freundlichen Grüßen
>
> Luca Bertoncello
>
> --
> Besuchen Sie unsere Webauftritte:
>
> www.queo.bizAgentur für Markenführung und Kommunikation
> www.queoflow.comIT-Consulting und Individualsoftwareentwicklung
>
> Luca Bertoncello
> Administrator
> Telefon:+49 351 21 30 38 0
> Fax:+49 351 21 30 38 99
> E-Mail: l.bertonce...@queo-group.com
>
> queo GmbH
> Tharandter Str. 13
> 01159 Dresden
> Sitz der Gesellschaft: Dresden
> Handelsregistereintrag: Amtsgericht Dresden HRB 22352
> Geschäftsführer: Rüdiger Henke, André Pinkert
> USt-IdNr.: DE234220077
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] HA - Fencing not working when host with engine gets shutdown

[Michael Hölzl]

Anybody an idea why HA VMs do not start and fencing is not working?

Thanks,
Michael

On 09/21/2015 03:00 PM, Martin Perina wrote:
> Hi,
>
> could you please post whole engine.log (from the time which you turned off
> the host with engine VM) and also vdsm.log from both hosts?
>
> Thanks
>
> Martin Perina
>
> - Original Message -
>> From: "Michael Hölzl" 
>> To: users@ovirt.org
>> Sent: Monday, September 21, 2015 10:27:08 AM
>> Subject: [ovirt-users] HA - Fencing not working when host with engine gets   
>> shutdown
>>
>> Hi all,
>>
>> we are trying to setup an ovirt environment with two hosts, both
>> connected to a ISCSI storage device, a hosted engine and power
>> management configured over ILO. So far it seems to work fine in our
>> testing setup and starting/stopping VMs works smoothly with proper
>> scheduling between those hosts. So we wanted to test HA for the VMs now
>> and started to manually shutdown a host while there are still VMs
>> running on that machine (to simulate power failure or a kernel panic).
>> The expected outcome was that all machines were HA is enabled, are
>> booted again. This works if the machine with the failure does not have
>> the engine running. If the machine with the hosted engine VM gets
>> shutdown, the host gets in the "Not Responsive state" and all VMs end up
>> in an unkown state. However, the engine itself starts correctly on the
>> second host and it seems like it tries to fence the other host (as
>> expected) - Events which we get in the open virtualization manager:
>> 1. Host hosted_engine_2 is non responsive
>> 2. Host hosted_engine_1 from cluster Default was chosen as a proxy to
>> execute Status command on Host hosted_engine_2.
>> 3. Host hosted_engine_2 became non responsive. It has no power
>> management configured. Please check the host status, manually reboot it,
>> and click "Confirm Host Has Been Rebooted"
>> 4. Host hosted_engine_2 is not responding. It will stay in Connecting
>> state for a grace period of 124 seconds and after that an attempt to
>> fence the host will be issued.
>>
>> Event 4 is continuously coming every 3 minutes. Complete engine.log file
>> during engine boot up: http://pastebin.com/D6xS3Wfy
>> So the host detects the machine is not responding and wants to fence it.
>> But although the host has power management configured over ILO, the
>> engine thinks that it is not. As a result the second host does not get
>> fenced and VMs are not migrated to the running machine.
>> In the log files there are also a lot of time out exception. But I guess
>> that this is because the host cannot connect to the other machine.
>>
>> Did anybody face similar problems with HA? Or any clue what the problem
>> might be?
>>
>> Thanks,
>> Michael
>>
>>
>> 
>> ovirt version: 3.5.4
>> Hosted engine VM OS: Cent OS 6.5
>> Host Machines OS: Cent OS 7
>>
>> P.S. We also have to note that we had problems with the command
>> fence_ipmilan at the beginning. We were receiving the message "Unable to
>> obtain correct plug status or plug is not available," whenever the
>> command fence_ipmilan was called. However, the command fence_ilo4
>> worked. So we use a simple script for fence_ipmilan now that calls
>> fence_ilo4 and passes the arguments.
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Permission Issues

[Budur Nagaraju]

HI

I have created a user with the "user role permissions" when logged in able
to view all the vms ,by default this should not happen ,is there any
solution to resolve this ?

Thanks,
Nagaraju
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Not able to resume a VM which was paused because of gluster quorum issue

[Ramesh Nachimuthu]

On 09/24/2015 11:28 AM, Nir Soffer wrote:
On Thu, Sep 24, 2015 at 7:37 AM, Ramesh Nachimuthu 
mailto:rnach...@redhat.com>> wrote:




On 09/24/2015 02:38 AM, Darrell Budic wrote:

This is a known issue in overt 3.5.x and below. It’s been solved
in the upcoming ovirt 3.6.

Related to https://bugzilla.redhat.com/show_bug.cgi?id=1172905,
the fix involved setting up a special cgroup for the mount, but i
can’t find the exact details atm.



I have vdsm 4.17.6-0.el7.centos already installed on the hosts. So
I am not sure above bug 1172905
 fixes this
correctly.


I think the root cause is the same - qemu cannot recover from 
glusterfs unmount, and the only way to resume the vm is to restart it 
with a fresh mount.


The mentioned bug handle the case where stopping vdsm kills the 
glusterfs mount helper. This issue is fixed in 3.6.


The issue here seems different. I suggest you open a bug so gluster 
guys can investigate this.




Seems like I am hitting the issue reported in bz 
https://bugzilla.redhat.com/show_bug.cgi?id=1171261.


Regards,
Ramesh


Nir



Regards,
Ramesh





On Sep 23, 2015, at 7:38 AM, Ramesh Nachimuthu
mailto:rnach...@redhat.com>> wrote:



On 09/22/2015 05:57 PM, Alastair Neil wrote:

You need to set the gluster.server-quorum-ratio to 51%



I did that. But still I am facing the same issue. VM get paused
when I do some I/O using fio on some disks backed by gluster. I
am not able to resume the VM after this. Now only way is to
bring down the VM and run again. It runs successfully on the
same host without any issue.

Regards,
Ramesh


On 22 September 2015 at 08:25, Ramesh Nachimuthu
mailto:rnach...@redhat.com>> wrote:



On 09/22/2015 05:43 PM, Alastair Neil wrote:

what are the gluster-quorum-type
and gluster.server-quorum-ratio  settings on the volume?



*cluster.server-quorum-type*:server
*cluster.quorum-type*:auto
*gluster.server-quorum-ratio is not set.*

One brick process is purposefully killed  but remaining two
bricks are up and running.

Regards,
Ramesh


On 22 September 2015 at 06:24, Ramesh Nachimuthu
mailto:rnach...@redhat.com>> wrote:

Hi,

   I am not able to resume a VM which was paused
because of gluster client quorum issue. Here is what
happened in my setup.

1. Created a gluster storage domain which is backed by
gluster volume with replica 3.
2. Killed one brick process. So only two bricks are
running in replica 3 setup.
3. Created two VMs
4. Started some IO using fio on both of the VMs
5. After some time got the following error in gluster
mount and VMs moved to paused state.
 " server 10.70.45.17:49217
 has not responded in the
last 42 seconds, disconnecting."
  "vmstore-replicate-0:
e16d1e40-2b6e-4f19-977d-e099f465dfc6: Failing WRITE as
quorum is not met"
  more gluster mount logs at
http://pastebin.com/UmiUQq0F
6. After some time gluster quorum is active and I am
able to write the the gluster file system.
7. When I try to resume the VM it doesn't work and I
got following error in vdsm log.
http://pastebin.com/aXiamY15


Regards,
Ramesh


___
Users mailing list
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users







___
Users mailing list
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users





___
Users mailing list
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users




___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Not able to resume a VM which was paused because of gluster quorum issue

[Nir Soffer]

On Thu, Sep 24, 2015 at 7:37 AM, Ramesh Nachimuthu 
wrote:

>
>
> On 09/24/2015 02:38 AM, Darrell Budic wrote:
>
> This is a known issue in overt 3.5.x and below. It’s been solved in the
> upcoming ovirt 3.6.
>
> Related to https://bugzilla.redhat.com/show_bug.cgi?id=1172905, the fix
> involved setting up a special cgroup for the mount, but i can’t find the
> exact details atm.
>
>
> I have vdsm 4.17.6-0.el7.centos already installed on the hosts. So I am
> not sure above bug 1172905
>  fixes this
> correctly.
>

I think the root cause is the same - qemu cannot recover from glusterfs
unmount, and the only way to resume the vm is to restart it with a fresh
mount.

The mentioned bug handle the case where stopping vdsm kills the glusterfs
mount helper. This issue is fixed in 3.6.

The issue here seems different. I suggest you open a bug so gluster guys
can investigate this.

Nir




>
> Regards,
> Ramesh
>
>
>
> On Sep 23, 2015, at 7:38 AM, Ramesh Nachimuthu 
> wrote:
>
>
>
> On 09/22/2015 05:57 PM, Alastair Neil wrote:
>
> You need to set the gluster.server-quorum-ratio to 51%
>
>
> I did that. But still I am facing the same issue. VM get paused when I do
> some I/O using fio on some disks backed by gluster. I am not able to resume
> the VM after this. Now only way is to bring down the VM and run again. It
> runs successfully on the same host without any issue.
>
> Regards,
> Ramesh
>
> On 22 September 2015 at 08:25, Ramesh Nachimuthu < 
> rnach...@redhat.com> wrote:
>
>>
>>
>> On 09/22/2015 05:43 PM, Alastair Neil wrote:
>>
>> what are the gluster-quorum-type and gluster.server-quorum-ratio
>>  settings on the volume?
>>
>>
>> *cluster.server-quorum-type*:server
>> *cluster.quorum-type*:auto
>> *gluster.server-quorum-ratio is not set.*
>>
>> One brick process is purposefully killed  but remaining two bricks are up
>> and running.
>>
>> Regards,
>> Ramesh
>>
>> On 22 September 2015 at 06:24, Ramesh Nachimuthu < 
>> rnach...@redhat.com> wrote:
>>
>>> Hi,
>>>
>>>I am not able to resume a VM which was paused because of gluster
>>> client quorum issue. Here is what happened in my setup.
>>>
>>> 1. Created a gluster storage domain which is backed by gluster volume
>>> with replica 3.
>>> 2. Killed one brick process. So only two bricks are running in replica 3
>>> setup.
>>> 3. Created two VMs
>>> 4. Started some IO using fio on both of the VMs
>>> 5. After some time got the following error in gluster mount and VMs
>>> moved to paused state.
>>>  " server 10.70.45.17:49217 has not responded in the last 42
>>> seconds, disconnecting."
>>>   "vmstore-replicate-0: e16d1e40-2b6e-4f19-977d-e099f465dfc6:
>>> Failing WRITE as quorum is not met"
>>>   more gluster mount logs at http://pastebin.com/UmiUQq0F
>>> 6. After some time gluster quorum is active and I am able to write the
>>> the gluster file system.
>>> 7. When I try to resume the VM it doesn't work and I got following error
>>> in vdsm log.
>>>   http://pastebin.com/aXiamY15
>>>
>>>
>>> Regards,
>>> Ramesh
>>>
>>>
>>> ___
>>> Users mailing list
>>> Users@ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>>
>>
>>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Not able to resume a VM which was paused because of gluster quorum issue

[Nir Soffer]

The details are here:
https://gerrit.ovirt.org/#/c/40240

The link exist on the bug of course.

On Thu, Sep 24, 2015 at 12:08 AM, Darrell Budic 
wrote:

> This is a known issue in overt 3.5.x and below. It’s been solved in the
> upcoming ovirt 3.6.
>
> Related to https://bugzilla.redhat.com/show_bug.cgi?id=1172905, the fix
> involved setting up a special cgroup for the mount, but i can’t find the
> exact details atm.
>
>
> On Sep 23, 2015, at 7:38 AM, Ramesh Nachimuthu 
> wrote:
>
>
>
> On 09/22/2015 05:57 PM, Alastair Neil wrote:
>
> You need to set the gluster.server-quorum-ratio to 51%
>
>
> I did that. But still I am facing the same issue. VM get paused when I do
> some I/O using fio on some disks backed by gluster. I am not able to resume
> the VM after this. Now only way is to bring down the VM and run again. It
> runs successfully on the same host without any issue.
>
> Regards,
> Ramesh
>
> On 22 September 2015 at 08:25, Ramesh Nachimuthu 
> wrote:
>
>>
>>
>> On 09/22/2015 05:43 PM, Alastair Neil wrote:
>>
>> what are the gluster-quorum-type and gluster.server-quorum-ratio
>>  settings on the volume?
>>
>>
>> *cluster.server-quorum-type*:server
>> *cluster.quorum-type*:auto
>> *gluster.server-quorum-ratio is not set.*
>>
>> One brick process is purposefully killed  but remaining two bricks are up
>> and running.
>>
>> Regards,
>> Ramesh
>>
>> On 22 September 2015 at 06:24, Ramesh Nachimuthu < 
>> rnach...@redhat.com> wrote:
>>
>>> Hi,
>>>
>>>I am not able to resume a VM which was paused because of gluster
>>> client quorum issue. Here is what happened in my setup.
>>>
>>> 1. Created a gluster storage domain which is backed by gluster volume
>>> with replica 3.
>>> 2. Killed one brick process. So only two bricks are running in replica 3
>>> setup.
>>> 3. Created two VMs
>>> 4. Started some IO using fio on both of the VMs
>>> 5. After some time got the following error in gluster mount and VMs
>>> moved to paused state.
>>>  " server 10.70.45.17:49217 has not responded in the last 42
>>> seconds, disconnecting."
>>>   "vmstore-replicate-0: e16d1e40-2b6e-4f19-977d-e099f465dfc6:
>>> Failing WRITE as quorum is not met"
>>>   more gluster mount logs at 
>>> http://pastebin.com/UmiUQq0F
>>> 6. After some time gluster quorum is active and I am able to write the
>>> the gluster file system.
>>> 7. When I try to resume the VM it doesn't work and I got following error
>>> in vdsm log.
>>>   http://pastebin.com/aXiamY15
>>>
>>>
>>> Regards,
>>> Ramesh
>>>
>>>
>>> ___
>>> Users mailing list
>>> Users@ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>>
>>
>>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Not able to resume a VM which was paused because of gluster quorum issue

[Ramesh Nachimuthu]

On 09/24/2015 02:38 AM, Darrell Budic wrote:
This is a known issue in overt 3.5.x and below. It’s been solved in 
the upcoming ovirt 3.6.


Related to https://bugzilla.redhat.com/show_bug.cgi?id=1172905, the 
fix involved setting up a special cgroup for the mount, but i can’t 
find the exact details atm.




I have vdsm 4.17.6-0.el7.centos already installed on the hosts. So I am 
not sure above bug 1172905 
 fixes this correctly.


Regards,
Ramesh



On Sep 23, 2015, at 7:38 AM, Ramesh Nachimuthu > wrote:




On 09/22/2015 05:57 PM, Alastair Neil wrote:

You need to set the gluster.server-quorum-ratio to 51%



I did that. But still I am facing the same issue. VM get paused when 
I do some I/O using fio on some disks backed by gluster. I am not 
able to resume the VM after this. Now only way is to bring down the 
VM and run again. It runs successfully on the same host without any 
issue.


Regards,
Ramesh

On 22 September 2015 at 08:25, Ramesh Nachimuthu 
mailto:rnach...@redhat.com>> wrote:




On 09/22/2015 05:43 PM, Alastair Neil wrote:

what are the gluster-quorum-type
and gluster.server-quorum-ratio  settings on the volume?



*cluster.server-quorum-type*:server
*cluster.quorum-type*:auto
*gluster.server-quorum-ratio is not set.*

One brick process is purposefully killed but remaining two
bricks are up and running.

Regards,
Ramesh


On 22 September 2015 at 06:24, Ramesh Nachimuthu
 wrote:

Hi,

   I am not able to resume a VM which was paused because of
gluster client quorum issue. Here is what happened in my
setup.

1. Created a gluster storage domain which is backed by
gluster volume with replica 3.
2. Killed one brick process. So only two bricks are running
in replica 3 setup.
3. Created two VMs
4. Started some IO using fio on both of the VMs
5. After some time got the following error in gluster mount
and VMs moved to paused state.
 " server 10.70.45.17:49217
 has not responded in the last
42 seconds, disconnecting."
  "vmstore-replicate-0:
e16d1e40-2b6e-4f19-977d-e099f465dfc6: Failing WRITE as
quorum is not met"
  more gluster mount logs at http://pastebin.com/UmiUQq0F
6. After some time gluster quorum is active and I am able
to write the the gluster file system.
7. When I try to resume the VM it doesn't work and I got
following error in vdsm log.
http://pastebin.com/aXiamY15


Regards,
Ramesh


___
Users mailing list
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users







___
Users mailing list
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users




___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Not able to resume a VM which was paused because of gluster quorum issue

[Darrell Budic]

This is a known issue in overt 3.5.x and below. It’s been solved in the 
upcoming ovirt 3.6.

Related to https://bugzilla.redhat.com/show_bug.cgi?id=1172905, the fix 
involved setting up a special cgroup for the mount, but i can’t find the exact 
details atm.


> On Sep 23, 2015, at 7:38 AM, Ramesh Nachimuthu  wrote:
> 
> 
> 
> On 09/22/2015 05:57 PM, Alastair Neil wrote:
>> You need to set the gluster.server-quorum-ratio to 51%
>> 
> 
> I did that. But still I am facing the same issue. VM get paused when I do 
> some I/O using fio on some disks backed by gluster. I am not able to resume 
> the VM after this. Now only way is to bring down the VM and run again. It 
> runs successfully on the same host without any issue.
> 
> Regards,
> Ramesh
> 
>> On 22 September 2015 at 08:25, Ramesh Nachimuthu > > wrote:
>> 
>> 
>> On 09/22/2015 05:43 PM, Alastair Neil wrote:
>>> what are the gluster-quorum-type and gluster.server-quorum-ratio  settings 
>>> on the volume?
>>> 
>> 
>> cluster.server-quorum-type:server
>> cluster.quorum-type:auto
>> gluster.server-quorum-ratio is not set.
>> 
>> One brick process is purposefully killed  but remaining two bricks are up 
>> and running.
>> 
>> Regards,
>> Ramesh
>> 
>>> On 22 September 2015 at 06:24, Ramesh Nachimuthu < 
>>> rnach...@redhat.com 
>>> > wrote:
>>> Hi,
>>> 
>>>I am not able to resume a VM which was paused because of gluster client 
>>> quorum issue. Here is what happened in my setup. 
>>> 
>>> 1. Created a gluster storage domain which is backed by gluster volume with 
>>> replica 3. 
>>> 2. Killed one brick process. So only two bricks are running in replica 3 
>>> setup.
>>> 3. Created two VMs
>>> 4. Started some IO using fio on both of the VMs
>>> 5. After some time got the following error in gluster mount and VMs moved 
>>> to paused state.
>>>  " server 10.70.45.17:49217  has not 
>>> responded in the last 42 seconds, disconnecting."
>>>   "vmstore-replicate-0: e16d1e40-2b6e-4f19-977d-e099f465dfc6: Failing 
>>> WRITE as quorum is not met"
>>>   more gluster mount logs at  
>>> http://pastebin.com/UmiUQq0F 
>>> 
>>> 6. After some time gluster quorum is active and I am able to write the the 
>>> gluster file system.
>>> 7. When I try to resume the VM it doesn't work and I got following error in 
>>> vdsm log.
>>>   http://pastebin.com/aXiamY15 
>>> 
>>> 
>>> Regards,
>>> Ramesh
>>> 
>>> 
>>> ___
>>> Users mailing list
>>> Users@ovirt.org 
>>> http://lists.ovirt.org/mailman/listinfo/users 
>>> 
>>> 
>>> 
>> 
>> 
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Virtual appliance import question/problem

[Nir Soffer]

On Wed, Sep 23, 2015 at 9:26 PM, Maurice James 
wrote:

>
> What about the problem with the IDE drives?
>

I think ide is limited to 4 drives, not sure why you see a limit of 3
drives.

Vdsm logs showing the errors you get would be very helpful to understand
this.

Please open an ovirt bug for this, and attach vdsm logs.

But if you can use ide drives (hdX?), why not use virtio (vdX)? You can
have 16 of these.

"The second problem is that these disks are scsi and ti does not seem to
> work using the virtio-scsi selection. I tried selecting the IDE option, but
> there is a limit to the number of IDE disks that I can use."
>
>
>
> --
> *From: *"Nir Soffer" 
> *To: *"Maurice James" 
> *Cc: *"Shahar Havivi" , "users" 
> *Sent: *Wednesday, September 23, 2015 1:16:49 PM
>
> *Subject: *Re: [ovirt-users] Virtual appliance import question/problem
>
> On Wed, Sep 23, 2015 at 2:36 PM, Maurice James 
> wrote:
>
>>
>> To convert the images I used:
>> qemu-img convert 250.qcow2 -O raw 250.img -p
>>
>
> Sure this will expand the file to the full size, but why do you need raw
> image? ovirt works with qcow images.
>
>
>> oVirt will not allow me to have more than 3 IDE devices on a VM
>>
>
> What do you mean by "it does not seem to work using the virtio-scsi
> selection."?
>
>
>> Doesnt 3.6 only work on RHEL/Centos 7?
>>
>
> And Fedora 21/22.
>
>
>>
>>
>>
>> --
>> *From: *"Nir Soffer" 
>> *To: *"Maurice James" , "Shahar Havivi" <
>> shav...@redhat.com>
>> *Cc: *"users" 
>> *Sent: *Tuesday, September 22, 2015 7:37:58 PM
>> *Subject: *Re: [ovirt-users] Virtual appliance import question/problem
>>
>>
>> On Mon, Sep 21, 2015 at 7:57 PM, Maurice James 
>> wrote:
>>
>>> I have a virtual mail security appliance that I am trying to import into
>>> oVirt 3.5.4. The appliance was built for kvm. it has a total of 5 scsi
>>> disks. I can convert and copy the OS disk only because it expands its self
>>> to full size.
>>>
>>> The first problem that I have is that the disks expand to their full
>>> size when I convert the to an oVirt format
>>>
>>
>> How do you convert to ovirt format?
>>
>>
>>>
>>>
>>> OS Disk
>>> mail.qcow2 (74M) converts to main.img (294M)
>>>
>>>
>>> Storage disks
>>> 250.qcow2 (256K) converts to 250.img  (250GB)
>>> 1024.qcow2 (256K) converts to 1024.img (1TB)
>>> 2048.qcow2 (256K) converts to 2048.img (2TB)
>>> 4096.qvow2 (256K) converts to 4096.img (4TB)
>>> 8192.qcow2 (256K) converts to 8192.img (8TB)
>>>
>>>
>>>
>>> The second problem is that these disks are scsi and ti does not seem to
>>> work using the virtio-scsi selection. I tried selecting the IDE option, but
>>> there is a limit to the number of IDE disks that I can use.
>>>
>>
>> Can you provide more details about "does not seem to work"?
>>
>>
>>>
>>>
>>> Virtualbox has no issues running the appliance that was distributed in
>>> the ova format. Any help would be appreciated
>>>
>>
>> ovirt-3.6 beta supports import from ova format; maybe you like to try it?
>>
>> Nir
>>
>>
>>>
>>>
>>>
>>> ___
>>> Users mailing list
>>> Users@ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>>
>>
>>
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Virtual appliance import question/problem

[Maurice James]

What about the problem with the IDE drives? 


"The second problem is that these disks are scsi and ti does not seem to work 
using the virtio-scsi selection. I tried selecting the IDE option, but there is 
a limit to the number of IDE disks that I can use." 



- Original Message -

From: "Nir Soffer"  
To: "Maurice James"  
Cc: "Shahar Havivi" , "users"  
Sent: Wednesday, September 23, 2015 1:16:49 PM 
Subject: Re: [ovirt-users] Virtual appliance import question/problem 

On Wed, Sep 23, 2015 at 2:36 PM, Maurice James < mja...@media-node.com > wrote: 




To convert the images I used: 
qemu-img convert 250.qcow2 -O raw 250.img -p 




Sure this will expand the file to the full size, but why do you need raw image? 
ovirt works with qcow images. 



oVirt will not allow me to have more than 3 IDE devices on a VM 




What do you mean by " it does not seem to work using the virtio-scsi 
selection."? 



Doesnt 3.6 only work on RHEL/Centos 7? 




And Fedora 21/22. 








From: "Nir Soffer" < nsof...@redhat.com > 
To: "Maurice James" < mja...@media-node.com >, "Shahar Havivi" < 
shav...@redhat.com > 
Cc: "users" < users@ovirt.org > 
Sent: Tuesday, September 22, 2015 7:37:58 PM 
Subject: Re: [ovirt-users] Virtual appliance import question/problem 


On Mon, Sep 21, 2015 at 7:57 PM, Maurice James < mja...@media-node.com > wrote: 



I have a virtual mail security appliance that I am trying to import into oVirt 
3.5.4. The appliance was built for kvm. it has a total of 5 scsi disks. I can 
convert and copy the OS disk only because it expands its self to full size. 

The first problem that I have is that the disks expand to their full size when 
I convert the to an oVirt format 




How do you convert to ovirt format? 





OS Disk 
mail.qcow2 (74M) converts to main.img (294M) 


Storage disks 
250.qcow2 (256K) converts to 250.img (250GB) 
1024.qcow2 (256K) converts to 1024.img (1TB) 
2048.qcow2 (256K) converts to 2048.img (2TB) 
4096.qvow2 (256K) converts to 4096.img (4TB) 
8192.qcow2 (256K) converts to 8192.img (8TB) 



The second problem is that these disks are scsi and ti does not seem to work 
using the virtio-scsi selection. I tried selecting the IDE option, but there is 
a limit to the number of IDE disks that I can use. 




Can you provide more details about "does not seem to work"? 





Virtualbox has no issues running the appliance that was distributed in the ova 
format. Any help would be appreciated 




ovirt-3.6 beta supports import from ova format; maybe you like to try it? 

Nir 






___ 
Users mailing list 
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users 











___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Virtual appliance import question/problem

[Maurice James]

I will give it a try again 



- Original Message -

From: "Nir Soffer"  
To: "Maurice James"  
Cc: "Shahar Havivi" , "users"  
Sent: Wednesday, September 23, 2015 1:16:49 PM 
Subject: Re: [ovirt-users] Virtual appliance import question/problem 

On Wed, Sep 23, 2015 at 2:36 PM, Maurice James < mja...@media-node.com > wrote: 




To convert the images I used: 
qemu-img convert 250.qcow2 -O raw 250.img -p 




Sure this will expand the file to the full size, but why do you need raw image? 
ovirt works with qcow images. 



oVirt will not allow me to have more than 3 IDE devices on a VM 




What do you mean by " it does not seem to work using the virtio-scsi 
selection."? 



Doesnt 3.6 only work on RHEL/Centos 7? 




And Fedora 21/22. 








From: "Nir Soffer" < nsof...@redhat.com > 
To: "Maurice James" < mja...@media-node.com >, "Shahar Havivi" < 
shav...@redhat.com > 
Cc: "users" < users@ovirt.org > 
Sent: Tuesday, September 22, 2015 7:37:58 PM 
Subject: Re: [ovirt-users] Virtual appliance import question/problem 


On Mon, Sep 21, 2015 at 7:57 PM, Maurice James < mja...@media-node.com > wrote: 



I have a virtual mail security appliance that I am trying to import into oVirt 
3.5.4. The appliance was built for kvm. it has a total of 5 scsi disks. I can 
convert and copy the OS disk only because it expands its self to full size. 

The first problem that I have is that the disks expand to their full size when 
I convert the to an oVirt format 




How do you convert to ovirt format? 





OS Disk 
mail.qcow2 (74M) converts to main.img (294M) 


Storage disks 
250.qcow2 (256K) converts to 250.img (250GB) 
1024.qcow2 (256K) converts to 1024.img (1TB) 
2048.qcow2 (256K) converts to 2048.img (2TB) 
4096.qvow2 (256K) converts to 4096.img (4TB) 
8192.qcow2 (256K) converts to 8192.img (8TB) 



The second problem is that these disks are scsi and ti does not seem to work 
using the virtio-scsi selection. I tried selecting the IDE option, but there is 
a limit to the number of IDE disks that I can use. 




Can you provide more details about "does not seem to work"? 





Virtualbox has no issues running the appliance that was distributed in the ova 
format. Any help would be appreciated 




ovirt-3.6 beta supports import from ova format; maybe you like to try it? 

Nir 






___ 
Users mailing list 
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users 











___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] vmware import hangs after click load button on 3.5 rc5

[Nir Soffer]

On Wed, Sep 23, 2015 at 8:26 PM, Nir Soffer  wrote:

> On Wed, Sep 23, 2015 at 8:21 PM, Nir Soffer  wrote:
>
>> On Wed, Sep 23, 2015 at 12:40 PM, Ian Fraser 
>> wrote:
>>
>>> Hi Nir,
>>>
>>> I have changed the v2v.py file as per your request, it has now changed
>>> the behaviour. The popup window still hangs and I get the following two
>>> events:
>>>
>>> Failed to retrieve VMs information from external server
>>> vpx://username%40domain@vcenter.server
>>> /datacentre_name/hostname?no_verify=1
>>>
>>> VDSM ovirt-host-02 command failed: internal error: Invalid or not yet
>>> handled value 'emptyBackingString' for VMX entry 'ide1:0.fileName' for
>>> device type 'cdrom-image'
>>>
>>
>> Fixing the first error, we see now the real error; libvirt cannot handle
>> this vm configuration. We will ask one of the libvirt guys to look into
>> this.
>>
>
In vdsm.log, we see that one vm was parsed successfully (it failed when
geting disk info):

Thread-1076::ERROR::2015-09-23
10:18:51,778::v2v::682::root::(_add_disk_info) Error getting disk size
Traceback (most recent call last):
  File "/usr/share/vdsm/v2v.py", line 679, in _add_disk_info
vol = conn.storageVolLookupByPath(disk['alias'])
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 4308, in
storageVolLookupByPath
if ret is None:raise libvirtError('virStorageVolLookupByPath() failed',
conn=self)
libvirtError: An error occurred, but the cause is unknown

Little later, libvirt failed to return the xml for another vm:

Thread-1076::ERROR::2015-09-23
10:18:52,604::__init__::526::jsonrpc.JsonRpcServer::(_serveRequest)
Internal server error
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/yajsonrpc/__init__.py", line 521,
in _serveRequest
res = method(**params)
  File "/usr/share/vdsm/rpc/Bridge.py", line 273, in _dynamicMethod
result = fn(*methodArgs)
  File "/usr/share/vdsm/API.py", line 1436, in getExternalVMs
return v2v.get_external_vms(uri, username, password)
  File "/usr/share/vdsm/v2v.py", line 152, in get_external_vms
root = ET.fromstring(vm.XMLDesc(0))
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 478, in XMLDesc
if ret is None: raise libvirtError ('virDomainGetXMLDesc() failed',
dom=self)
libvirtError: internal error: Invalid or not yet handled value
'emptyBackingString' for VMX entry 'ide1:0.fileName' for device type
'cdrom-image'

It is possible that the failing vm was the one you want to import, but it
is also possible that the vm you want to import was fine.

The following patch improve error handling, so we are not aborting the
entire request if libvirt fail to return the domain xml for one of the vms.
https://gerrit.ovirt.org/46634/

Please test the patch and report if it works for you.

Nir


>> You may try to disable the cdrom device on that vm, which is probably
>> useless now.
>>
>>
>>>
>>> I have attached the vdsm.log to this email, should I also attach to the
>>> BZ I opened?
>>
>>
>> Yes, please attach it.
>>
>
> Hmm, this is a new issue, as the original issue is solved by the patch.
>
> Please open a new bug for the libvirt error:
>
> internal error: Invalid or not yet handled value 'emptyBackingString' for
> VMX entry 'ide1:0.fileName' for device type 'cdrom-image'
>
> Thanks,
> Nir
>
>
>>
>> (Adding back users@ovirt.org, since this thread may help others with
>> same issue.)
>>
>>
>>>
>>> Many thanks
>>>
>>> Ian
>>>
>>> From: Nir Soffer [mailto:nsof...@redhat.com]
>>> Sent: 23 September 2015 00:04
>>> To: Ian Fraser ; Shahar Havivi <
>>> shav...@redhat.com>
>>> Cc: users@ovirt.org
>>> Subject: Re: [ovirt-users] vmware import hangs after click load button
>>> on 3.5 rc5
>>>
>>> Hi Ian,
>>>
>>> Your import failed because looking up some disk failed. Unfortunately,
>>> we don't have enough information in the log abut this failure.
>>>
>>> Because of incorrect error handling, this error failed the entire
>>> request, failing your import.
>>>
>>> Patch [1] fixes the second problem. If is possible that with this patch
>>> listing the external vms will work and you will be able to import the vm,
>>> but it is also possible that the first error was significant and will fail
>>> the import later.
>>>
>>> It would be useful if you test this patch and report if it works for you.
>>>
>>> Would you open an ovirt bug for this issue, attaching the vdsm log?
>>>
>>> [1] https://gerrit.ovirt.org/46540
>>>
>>> Nir
>>>
>>> On Tue, Sep 22, 2015 at 9:09 AM, Ian Fraser 
>>> wrote:
>>> Thanks Nir,
>>>
>>> File attached.
>>>
>>> From: Nir Soffer [mailto:nsof...@redhat.com]
>>> Sent: 21 September 2015 23:16
>>> To: Ian Fraser 
>>> Cc: users@ovirt.org
>>> Subject: Re: [ovirt-users] vmware import hangs after click load button
>>> on 3.5 rc5
>>>
>>> On Tue, Sep 22, 2015 at 12:14 AM, Ian Fraser 
>>> wrote:
>>> I did get a “VDSM  command failed: local variable 'capacity'
>>> referenced before assignment” error in the events I have just noticed, does
>>> that shed any more light?
>>>
>>> This she

Re: [ovirt-users] vmware import hangs after click load button on 3.5 rc5

[Nir Soffer]

On Wed, Sep 23, 2015 at 8:21 PM, Nir Soffer  wrote:

> On Wed, Sep 23, 2015 at 12:40 PM, Ian Fraser 
> wrote:
>
>> Hi Nir,
>>
>> I have changed the v2v.py file as per your request, it has now changed
>> the behaviour. The popup window still hangs and I get the following two
>> events:
>>
>> Failed to retrieve VMs information from external server
>> vpx://username%40domain@vcenter.server
>> /datacentre_name/hostname?no_verify=1
>>
>> VDSM ovirt-host-02 command failed: internal error: Invalid or not yet
>> handled value 'emptyBackingString' for VMX entry 'ide1:0.fileName' for
>> device type 'cdrom-image'
>>
>
> Fixing the first error, we see now the real error; libvirt cannot handle
> this vm configuration. We will ask one of the libvirt guys to look into
> this.
>
> You may try to disable the cdrom device on that vm, which is probably
> useless now.
>
>
>>
>> I have attached the vdsm.log to this email, should I also attach to the
>> BZ I opened?
>
>
> Yes, please attach it.
>

Hmm, this is a new issue, as the original issue is solved by the patch.

Please open a new bug for the libvirt error:

internal error: Invalid or not yet handled value 'emptyBackingString' for
VMX entry 'ide1:0.fileName' for device type 'cdrom-image'

Thanks,
Nir


>
> (Adding back users@ovirt.org, since this thread may help others with same
> issue.)
>
>
>>
>> Many thanks
>>
>> Ian
>>
>> From: Nir Soffer [mailto:nsof...@redhat.com]
>> Sent: 23 September 2015 00:04
>> To: Ian Fraser ; Shahar Havivi > >
>> Cc: users@ovirt.org
>> Subject: Re: [ovirt-users] vmware import hangs after click load button on
>> 3.5 rc5
>>
>> Hi Ian,
>>
>> Your import failed because looking up some disk failed. Unfortunately, we
>> don't have enough information in the log abut this failure.
>>
>> Because of incorrect error handling, this error failed the entire
>> request, failing your import.
>>
>> Patch [1] fixes the second problem. If is possible that with this patch
>> listing the external vms will work and you will be able to import the vm,
>> but it is also possible that the first error was significant and will fail
>> the import later.
>>
>> It would be useful if you test this patch and report if it works for you.
>>
>> Would you open an ovirt bug for this issue, attaching the vdsm log?
>>
>> [1] https://gerrit.ovirt.org/46540
>>
>> Nir
>>
>> On Tue, Sep 22, 2015 at 9:09 AM, Ian Fraser 
>> wrote:
>> Thanks Nir,
>>
>> File attached.
>>
>> From: Nir Soffer [mailto:nsof...@redhat.com]
>> Sent: 21 September 2015 23:16
>> To: Ian Fraser 
>> Cc: users@ovirt.org
>> Subject: Re: [ovirt-users] vmware import hangs after click load button on
>> 3.5 rc5
>>
>> On Tue, Sep 22, 2015 at 12:14 AM, Ian Fraser 
>> wrote:
>> I did get a “VDSM  command failed: local variable 'capacity'
>> referenced before assignment” error in the events I have just noticed, does
>> that shed any more light?
>>
>> This shed some light. Can you share the vdsm.log containing this error?
>>
>> Look in /var/log/vdsm/vdsm.log*
>>
>> __
>> This email has been scanned by the Symantec Email Security.cloud service.
>> For more information please visit http://www.symanteccloud.com
>> __
>>
>> 
>>
>> The information in this message and any attachment is intended for the
>> addressee and is confidential. If you are not that addressee, no action
>> should be taken in reliance on the information and you should please reply
>> to this message immediately to inform us of incorrect receipt and destroy
>> this message and any attachments.
>>
>> For the purposes of internet level email security incoming and outgoing
>> emails may be read by personnel other than the named recipient or sender.
>>
>> Whilst all reasonable efforts are made, ASM (UK) Ltd cannot guarantee
>> that emails and attachments are virus free or compatible with your systems.
>> You should make your own checks and ASM (UK) Ltd does not accept liability
>> in respect of viruses or computer problems experienced.
>> Registered address: Agency Sector Management (UK) Ltd. Ashford House,
>> 41-45 Church Road, Ashford, Middlesex, TW15 2TQ
>> Registered in England No.2053849
>>
>> __
>> This email has been scanned by the Symantec Email Security.cloud service.
>> For more information please visit http://www.symanteccloud.com
>> __
>>
>>
>> __
>> This email has been scanned by the Symantec Email Security.cloud service.
>> For more information please visit http://www.symanteccloud.com
>> __
>>
>> 
>>
>> The information in this message and any attachment is intended for the
>> addre

Re: [ovirt-users] vmware import hangs after click load button on 3.5 rc5

[Nir Soffer]

On Wed, Sep 23, 2015 at 12:40 PM, Ian Fraser  wrote:

> Hi Nir,
>
> I have changed the v2v.py file as per your request, it has now changed the
> behaviour. The popup window still hangs and I get the following two events:
>
> Failed to retrieve VMs information from external server
> vpx://username%40domain@vcenter.server
> /datacentre_name/hostname?no_verify=1
>
> VDSM ovirt-host-02 command failed: internal error: Invalid or not yet
> handled value 'emptyBackingString' for VMX entry 'ide1:0.fileName' for
> device type 'cdrom-image'
>

Fixing the first error, we see now the real error; libvirt cannot handle
this vm configuration. We will ask one of the libvirt guys to look into
this.

You may try to disable the cdrom device on that vm, which is probably
useless now.


>
> I have attached the vdsm.log to this email, should I also attach to the BZ
> I opened?


Yes, please attach it.

(Adding back users@ovirt.org, since this thread may help others with same
issue.)


>
> Many thanks
>
> Ian
>
> From: Nir Soffer [mailto:nsof...@redhat.com]
> Sent: 23 September 2015 00:04
> To: Ian Fraser ; Shahar Havivi 
> Cc: users@ovirt.org
> Subject: Re: [ovirt-users] vmware import hangs after click load button on
> 3.5 rc5
>
> Hi Ian,
>
> Your import failed because looking up some disk failed. Unfortunately, we
> don't have enough information in the log abut this failure.
>
> Because of incorrect error handling, this error failed the entire request,
> failing your import.
>
> Patch [1] fixes the second problem. If is possible that with this patch
> listing the external vms will work and you will be able to import the vm,
> but it is also possible that the first error was significant and will fail
> the import later.
>
> It would be useful if you test this patch and report if it works for you.
>
> Would you open an ovirt bug for this issue, attaching the vdsm log?
>
> [1] https://gerrit.ovirt.org/46540
>
> Nir
>
> On Tue, Sep 22, 2015 at 9:09 AM, Ian Fraser  wrote:
> Thanks Nir,
>
> File attached.
>
> From: Nir Soffer [mailto:nsof...@redhat.com]
> Sent: 21 September 2015 23:16
> To: Ian Fraser 
> Cc: users@ovirt.org
> Subject: Re: [ovirt-users] vmware import hangs after click load button on
> 3.5 rc5
>
> On Tue, Sep 22, 2015 at 12:14 AM, Ian Fraser 
> wrote:
> I did get a “VDSM  command failed: local variable 'capacity'
> referenced before assignment” error in the events I have just noticed, does
> that shed any more light?
>
> This shed some light. Can you share the vdsm.log containing this error?
>
> Look in /var/log/vdsm/vdsm.log*
>
> __
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> __
>
> 
>
> The information in this message and any attachment is intended for the
> addressee and is confidential. If you are not that addressee, no action
> should be taken in reliance on the information and you should please reply
> to this message immediately to inform us of incorrect receipt and destroy
> this message and any attachments.
>
> For the purposes of internet level email security incoming and outgoing
> emails may be read by personnel other than the named recipient or sender.
>
> Whilst all reasonable efforts are made, ASM (UK) Ltd cannot guarantee that
> emails and attachments are virus free or compatible with your systems. You
> should make your own checks and ASM (UK) Ltd does not accept liability in
> respect of viruses or computer problems experienced.
> Registered address: Agency Sector Management (UK) Ltd. Ashford House,
> 41-45 Church Road, Ashford, Middlesex, TW15 2TQ
> Registered in England No.2053849
>
> __
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> __
>
>
> __
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> __
>
> 
>
> The information in this message and any attachment is intended for the
> addressee and is confidential. If you are not that addressee, no action
> should be taken in reliance on the information and you should please reply
> to this message immediately to inform us of incorrect receipt and destroy
> this message and any attachments.
>
> For the purposes of internet level email security incoming and outgoing
> emails may be read by personnel other than the named recipient or sender.
>
> Whilst all reasonable efforts are made, ASM (UK) Ltd cannot

Re: [ovirt-users] LDAP Authentication

[Alon Bar-Lev]

SuperUser is required to login user to webadmin.
Not sure what is "too long time"... within any logs nobody can help you.

- Original Message -
> From: "Budur Nagaraju" 
> To: "Ondra Machacek" 
> Cc: users@ovirt.org
> Sent: Wednesday, September 23, 2015 10:39:50 AM
> Subject: Re: [ovirt-users] LDAP Authentication
> 
> When I give "superuser" permission then able to login and its taking too long
> time to login.
> Pls suggest any thing needs to be dome ?
> 
> On Wed, Sep 23, 2015 at 1:07 PM, Ondra Machacek < omach...@redhat.com >
> wrote:
> 
> 
> 
> Should work well, strange.
> The 'warn' message you sent was unsuccessfull login to webadmin as I can see
> 'LoginAdminUserCommand', in UserPortal it's 'LoginUserCommand'.
> Please try to assign UserRole to some vm to another user in domain if it will
> work properly, if not please open bz.
> 
> 
> On 09/23/2015 09:29 AM, Budur Nagaraju wrote:
> 
> 
> 
> yeah facing issues while logging to the user portal.
> 
> On Wed, Sep 23, 2015 at 12:54 PM, Ondra Machacek < omach...@redhat.com >
> wrote:
> 
> 
> 
> With UserRole you can only login to UserPortal, not webadmin. Do you have
> this issue when you try to login to UserPortal?
> 
> 
> On 09/23/2015 09:22 AM, Budur Nagaraju wrote:
> 
> 
> 
> Provided the "user role" permissions still same issue
> 
> On Wed, Sep 23, 2015 at 12:48 PM, Ondra Machacek < omach...@redhat.com >
> wrote:
> 
> 
> 
> Hi,
> 
> your user nbud...@abc.net doesn't have appropriate permissions to login.
> First you need to login as 'admin@internal' and assign him some permissions,
> then you will be able to login.
> 
> Ondra
> 
> 
> On 09/23/2015 09:15 AM, Budur Nagaraju wrote:
> 
> 
> 
> HI All,
> 
> After rectifying this able to search the domain in the users in UI,
> but unable to login getting the below error ,
> 
> 
> 2015-09-23 12:41:47,482 WARN
> [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand]
> (ajp--127.0.0.1-8702-3) CanDoAction of action LoginAdminUser failed for user
> nbud...@abc.net . Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
> 
> Thanks,
> Nagaraju
> 
> 
> 
> 
> 
> On Wed, Sep 23, 2015 at 12:13 PM, Ondra Machacek < omach...@redhat.com >
> wrote:
> 
> 
> 
> Hi,
> 
> as Alon already said, you have trailing space in your configuration
> 
> ' my.abc.net ' <-- space at the end
> 
> Please remove this space and try again.
> 
> Ondra
> 
> 
> On 09/23/2015 05:35 AM, Budur Nagaraju wrote:
> 
> 
> 
> HI Alon,
> 
> Tried all the options but no luck ,
> 
> I have copied the logs in the pastebin below is the link , warning message is
> that unable to resolve the DNS ,let me know any help would I get .
> 
> http://pastebin.com/7qN9QnHK
> 
> Thanks,
> Nagaraju
> 
> 
> On Tue, Sep 22, 2015 at 8:44 PM, Daniel Helgenberger <
> daniel.helgenber...@m-box.de > wrote:
> 
> 
> Hello Budur,
> 
> I've done this recently. Alon, no offense, but the docs are not quite strait
> forward...
> 
> Requirements:
> - LDAP server (obviously) - called here ldap.mydomain.com
> - LDAP bind account - called here l...@mydomain.com , password 'Passw@rd'
> - At least one existing account in ladp, called u...@mydomain.com
> 
> Please note, the most common issue will be DNS.
> 
> I'll describe in short what steps need to be taken. All this needs to be done
> on your engine host. In the end this was quite easy :)
> 
> 1. Install the packages: ovirt-engine-extension-aaa-ldap and openldap-clients
> (these are only for testing your setup)
> 2. Test if ldap is working in general. (The extension uses the global catalog
> at least for AD, this was news to me):
> # ldapsearch -E pr=1024/noprompt -o ldif-wrap=no -H ldap://
> ldap.mydomain.com:3268/ -x \
> -D ' l...@mydomain.com ' -w Passw@rd -b '' '(userPrincipalName=
> u...@mydomian.com )' cn userPrincipalName
> 
> If this command does not return details of the user, do debug your ldap and
> continue once this works. Example:
> 
> # extended LDIF
> #
> # LDAPv3
> # base <> with scope subtree
> # filter: (userPrincipalName= u...@mydomain.com )
> # requesting: cn userPrincipalName
> # with pagedResults control: size=1024
> #
> 
> # Some Name, some-ou, mydomain.com
> dn: CN=Some Name,OU=some-ou,DC=mydomain,DC=com
> cn: Some Name
> userPrincipalName: u...@mydomain.com
> 
> # search result
> search: 2
> result: 0 Success
> control: 1.2.840.113556.1.4.319 false MIQXGSGSGSgEABAA=
> pagedresults: cookie=
> 
> # numResponses: 2
> # numEntries: 1
> 
> 
> 3. Copy the examples as mentioned from the readme.
> 4. You only need to modify /etc/ovirt-engine/aaa/int.m-box.de.properties;
> leave the rest as is.
> 5. There, set:
> 
> vars.domain = ldap.mydomain.com
> vars.user = ldap@${global:vars.domain}
> vars.password = Passw@rd
> 
> 6. Restart ovirt engine service
> 7. Log in as admin@einternal and add user rights and roles from the new
> provider
> 
> Hope this helps.
> 
> On 22.09.2015 16 :46, Budur Nagaraju wrote:
> > 
> > below are the three files which I have modified.
> > 
> > 
> > [root@cstlb2 extensions.d]# cat profile1-auth

Re: [ovirt-users] Virtual appliance import question/problem

[Nir Soffer]

On Wed, Sep 23, 2015 at 2:36 PM, Maurice James 
wrote:

>
> To convert the images I used:
> qemu-img convert 250.qcow2 -O raw 250.img -p
>

Sure this will expand the file to the full size, but why do you need raw
image? ovirt works with qcow images.


> oVirt will not allow me to have more than 3 IDE devices on a VM
>

What do you mean by "it does not seem to work using the virtio-scsi
selection."?


> Doesnt 3.6 only work on RHEL/Centos 7?
>

And Fedora 21/22.


>
>
> --
> *From: *"Nir Soffer" 
> *To: *"Maurice James" , "Shahar Havivi" <
> shav...@redhat.com>
> *Cc: *"users" 
> *Sent: *Tuesday, September 22, 2015 7:37:58 PM
> *Subject: *Re: [ovirt-users] Virtual appliance import question/problem
>
>
> On Mon, Sep 21, 2015 at 7:57 PM, Maurice James 
> wrote:
>
>> I have a virtual mail security appliance that I am trying to import into
>> oVirt 3.5.4. The appliance was built for kvm. it has a total of 5 scsi
>> disks. I can convert and copy the OS disk only because it expands its self
>> to full size.
>>
>> The first problem that I have is that the disks expand to their full size
>> when I convert the to an oVirt format
>>
>
> How do you convert to ovirt format?
>
>
>>
>>
>> OS Disk
>> mail.qcow2 (74M) converts to main.img (294M)
>>
>>
>> Storage disks
>> 250.qcow2 (256K) converts to 250.img  (250GB)
>> 1024.qcow2 (256K) converts to 1024.img (1TB)
>> 2048.qcow2 (256K) converts to 2048.img (2TB)
>> 4096.qvow2 (256K) converts to 4096.img (4TB)
>> 8192.qcow2 (256K) converts to 8192.img (8TB)
>>
>>
>>
>> The second problem is that these disks are scsi and ti does not seem to
>> work using the virtio-scsi selection. I tried selecting the IDE option, but
>> there is a limit to the number of IDE disks that I can use.
>>
>
> Can you provide more details about "does not seem to work"?
>
>
>>
>>
>> Virtualbox has no issues running the appliance that was distributed in
>> the ova format. Any help would be appreciated
>>
>
> ovirt-3.6 beta supports import from ova format; maybe you like to try it?
>
> Nir
>
>
>>
>>
>>
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] LDAP Authentication

[Alon Bar-Lev]

- Original Message -
> From: "Daniel Helgenberger" 
> To: "Budur Nagaraju" , "Alon Bar-Lev" 
> Cc: users@ovirt.org
> Sent: Tuesday, September 22, 2015 6:14:50 PM
> Subject: Re: [ovirt-users] LDAP Authentication
> 
> Hello Budur,
> 
> I've done this recently. Alon, no offense, but the docs are not quite strait
> forward...
> 

Patches to documentation will be most welcomed.
However, these should not assume a specific environment nor mode.

Thanks!
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Long export?

[Michael Kleinpaste]

Excellent!  Love this product!

--
*Michael Kleinpaste*
Senior Systems Administrator
SharperLending, LLC.
www.SharperLending.com
michael.kleinpa...@sharperlending.com
(509) 324-1230   Fax: (509) 324-1234

*Stay up to date on upcoming enhancements and news! Follow us on:*





On Tue, Sep 22, 2015 at 4:30 PM, Nir Soffer  wrote:

> On Tue, Sep 22, 2015 at 6:15 PM, Michael Kleinpaste <
> michael.kleinpa...@sharperlending.com> wrote:
>
>> Thanks Joop,
>>
>> It finished about 10 minutes after I posted.
>>
>
> For the next version we hope to have a progress bar for such operations,
> and a user friendly way to cancel the operation.
>
> If you think that the export is way too slow, it would may help to open an
> ovirt bug for that.
>
> Nir
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] FreeIPA

[Ondra Machacek]

great!
It depends on what guest you are using, for fedora you can install from 
epel package ovirt-guest-agent.
There are also for ubuntu[1], suse[2] and maybe other which I am not 
aware of.


For windows there is guest tools[3] since oVirt 3.5 I think.

[1] http://www.ovirt.org/Feature/GuestAgentUbuntu
[2] http://www.ovirt.org/Feature/GuestAgentOpenSUSE
[3] http://www.ovirt.org/Features/oVirt_Windows_Guest_Tools

On 09/23/2015 06:26 PM, supo...@logicworks.pt wrote:

Fantastic Ondra, nice Hawk Eye

It's working.
When I enter with a user name and click on console I get:
Could not connect to the agent on the guest, it may be unresponsive or 
not installed.

As a result, some features may not work.


What kind of agent shoul I install on the guests?

Thaks a lot


*De: *"Ondra Machacek" 
*Para: *supo...@logicworks.pt
*Cc: *users@ovirt.org
*Enviadas: *Quarta-feira, 23 De Setembro de 2015 16:39:05
*Assunto: *Re: [ovirt-users] FreeIPA

As you can see in exception you have trailing space at the end of your 
fqdn of IPA, please remove the trailing space in properties file.


it's:

'ipa.acloud.pt ' <- trailing space

and should be:

'ipa.acloud.pt'

On 09/23/2015 05:30 PM, supo...@logicworks.pt wrote:

I can ping ipa server from engine, the log:

2015-09-23 16:24:50,504 WARN
[org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service
thread 1-1)
[ovirt-engine-extension-aaa-ldap.authn::profile1-authn] Cannot
initialize LDAP framework, deferring initialization. Error: An
error occurred while attempting to resolve address 'ipa.acloud.pt
': java.net.UnknownHostException: ipa.acloud.pt : Name or service
not known
2015-09-23 16:24:50,504 DEBUG
[org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service
thread 1-1) Ignoring Exception: LDAPException(resultCode=91
(connect error), errorMessage='An error occurred while attempting
to resolve address 'ipa.acloud.pt ':
java.net.UnknownHostException: ipa.acloud.pt : Name or service not
known')
at
com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:754)
[unboundid-ldapsdk.jar:2.3.7]
at
com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:709)
[unboundid-ldapsdk.jar:2.3.7]
at
com.unboundid.ldap.sdk.LDAPConnection.(LDAPConnection.java:533)
[unboundid-ldapsdk.jar:2.3.7]
at

com.unboundid.ldap.sdk.SingleServerSet.getConnection(SingleServerSet.java:229)
[unboundid-ldapsdk.jar:2.3.7]
at
com.unboundid.ldap.sdk.ServerSet.getConnection(ServerSet.java:98)
[unboundid-ldapsdk.jar:2.3.7]
at

com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:1088)
[unboundid-ldapsdk.jar:2.3.7]
at

com.unboundid.ldap.sdk.LDAPConnectionPool.(LDAPConnectionPool.java:1026)
[unboundid-ldapsdk.jar:2.3.7]
at

com.unboundid.ldap.sdk.LDAPConnectionPool.(LDAPConnectionPool.java:913)
[unboundid-ldapsdk.jar:2.3.7]
at

org.ovirt.engineextensions.aaa.ldap.Framework.createConnectionPool(Framework.java:595)
[ovirt-engine-extension-aaa-ldap.jar:]
at
org.ovirt.engineextensions.aaa.ldap.Framework.createPool(Framework.java:632)
[ovirt-engine-extension-aaa-ldap.jar:]
at

org.ovirt.engineextensions.aaa.ldap.Framework.runSequence(Framework.java:1362)
[ovirt-engine-extension-aaa-ldap.jar:]
at
org.ovirt.engineextensions.aaa.ldap.Framework.open(Framework.java:667)
[ovirt-engine-extension-aaa-ldap.jar:]
at

org.ovirt.engineextensions.aaa.ldap.AuthnExtension.ensureFramework(AuthnExtension.java:49)
[ovirt-engine-extension-aaa-ldap.jar:]
at

org.ovirt.engineextensions.aaa.ldap.AuthnExtension.doInit(AuthnExtension.java:130)
[ovirt-engine-extension-aaa-ldap.jar:]
at

org.ovirt.engineextensions.aaa.ldap.AuthnExtension.invoke(AuthnExtension.java:66)
[ovirt-engine-extension-aaa-ldap.jar:]
at
com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:749)
[unboundid-ldapsdk.jar:2.3.7]
2015-09-23 16:24:50,514 DEBUG
[org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service
thread 1-1) open Entry
2015-09-23 16:24:50,514 DEBUG
[org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service
thread 1-1) runSequence Entry name='simple-open-pools'
2015-09-23 16:24:50,514 DEBUG
[org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service
thread 1-1) Running sequence simple-open-pools/010/pool-create
create authz pool
2015-09-23 16:24:50,515 TRACE
[org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service
thread 1-1) VARS-BEGIN
2015-09-23 16:24:50,515 TRACE
[org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service
thread 1-1) authz_enable = 1
2015-09-23 16

Re: [ovirt-users] FreeIPA

[suporte]

Fantastic Ondra, nice Hawk Eye 

It's working. 
When I enter with a user name and click on console I get: 
Could not connect to the agent on the guest, it may be unresponsive or not 
installed. 
As a result, some features may not work. 


What kind of agent shoul I install on the guests? 

Thaks a lot 

- Mensagem original -

De: "Ondra Machacek"  
Para: supo...@logicworks.pt 
Cc: users@ovirt.org 
Enviadas: Quarta-feira, 23 De Setembro de 2015 16:39:05 
Assunto: Re: [ovirt-users] FreeIPA 

As you can see in exception you have trailing space at the end of your fqdn of 
IPA, please remove the trailing space in properties file. 

it's: 

'ipa.acloud.pt ' <- trailing space 

and should be: 

'ipa.acloud.pt' 

On 09/23/2015 05:30 PM, supo...@logicworks.pt wrote: 



I can ping ipa server from engine, the log: 

2015-09-23 16:24:50,504 WARN 
[org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service thread 1-1) 
[ovirt-engine-extension-aaa-ldap.authn::profile1-authn] Cannot initialize LDAP 
framework, deferring initialization. Error: An error occurred while attempting 
to resolve address 'ipa.acloud.pt ': java.net.UnknownHostException: 
ipa.acloud.pt : Name or service not known 
2015-09-23 16:24:50,504 DEBUG 
[org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service thread 1-1) 
Ignoring Exception: LDAPException(resultCode=91 (connect error), 
errorMessage='An error occurred while attempting to resolve address 
'ipa.acloud.pt ': java.net.UnknownHostException: ipa.acloud.pt : Name or 
service not known') 
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:754) 
[unboundid-ldapsdk.jar:2.3.7] 
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:709) 
[unboundid-ldapsdk.jar:2.3.7] 
at com.unboundid.ldap.sdk.LDAPConnection.(LDAPConnection.java:533) 
[unboundid-ldapsdk.jar:2.3.7] 
at 
com.unboundid.ldap.sdk.SingleServerSet.getConnection(SingleServerSet.java:229) 
[unboundid-ldapsdk.jar:2.3.7] 
at com.unboundid.ldap.sdk.ServerSet.getConnection(ServerSet.java:98) 
[unboundid-ldapsdk.jar:2.3.7] 
at 
com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:1088)
 [unboundid-ldapsdk.jar:2.3.7] 
at 
com.unboundid.ldap.sdk.LDAPConnectionPool.(LDAPConnectionPool.java:1026) 
[unboundid-ldapsdk.jar:2.3.7] 
at 
com.unboundid.ldap.sdk.LDAPConnectionPool.(LDAPConnectionPool.java:913) 
[unboundid-ldapsdk.jar:2.3.7] 
at 
org.ovirt.engineextensions.aaa.ldap.Framework.createConnectionPool(Framework.java:595)
 [ovirt-engine-extension-aaa-ldap.jar:] 
at org.ovirt.engineextensions.aaa.ldap.Framework.createPool(Framework.java:632) 
[ovirt-engine-extension-aaa-ldap.jar:] 
at 
org.ovirt.engineextensions.aaa.ldap.Framework.runSequence(Framework.java:1362) 
[ovirt-engine-extension-aaa-ldap.jar:] 
at org.ovirt.engineextensions.aaa.ldap.Framework.open(Framework.java:667) 
[ovirt-engine-extension-aaa-ldap.jar:] 
at 
org.ovirt.engineextensions.aaa.ldap.AuthnExtension.ensureFramework(AuthnExtension.java:49)
 [ovirt-engine-extension-aaa-ldap.jar:] 
at 
org.ovirt.engineextensions.aaa.ldap.AuthnExtension.doInit(AuthnExtension.java:130)
 [ovirt-engine-extension-aaa-ldap.jar:] 
at 
org.ovirt.engineextensions.aaa.ldap.AuthnExtension.invoke(AuthnExtension.java:66)
 [ovirt-engine-extension-aaa-ldap.jar:] 
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:749) 
[unboundid-ldapsdk.jar:2.3.7] 
2015-09-23 16:24:50,514 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) open Entry 
2015-09-23 16:24:50,514 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) runSequence Entry name='simple-open-pools' 
2015-09-23 16:24:50,514 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) Running sequence simple-open-pools/010/pool-create 
create authz pool 
2015-09-23 16:24:50,515 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) VARS-BEGIN 
2015-09-23 16:24:50,515 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) authz_enable = 1 
2015-09-23 16:24:50,515 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) capability_credentialsChange = false 
2015-09-23 16:24:50,515 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) capability_resucrsiveGroupResolution = false 
2015-09-23 16:24:50,515 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) maxFilterSize = 50 
2015-09-23 16:24:50,515 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) sensitiveKeys = , password, passwordNew 
2015-09-23 16:24:50,515 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) simple_attrGroupMemberDN = member 
2015-09-23 16:24:50,516 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) simple_attrMemberOf = memberOf 
2015-09-23 16:24:50,516 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(M

Re: [ovirt-users] Password getting failed while Conversion

[Richard W.M. Jones]

On Wed, Sep 23, 2015 at 12:14:02PM -0400, Douglas Schilling Landgraf wrote:
> 
> On 09/22/2015 12:27 AM, Budur Nagaraju wrote:
> >Below is the format I have updated ,
> >but still am facing the same issues.

To: Budur Nagaraju

Please keep all your replies on the mailing list, as the mailing list
archives are there to help others who may have the same problem in
future.  If you prefer to have personal help, you can pay for a
Red Hat subscription.

Please also update to the new virt-v2v version, as described in my
previous email.  The old version is unmaintained, and may not even
work with oVirt (I don't know -- no one has tried it for about 3
years).

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] FreeIPA

[Ondra Machacek]

As you can see in exception you have trailing space at the end of your 
fqdn of IPA, please remove the trailing space in properties file.


it's:

'ipa.acloud.pt ' <- trailing space

and should be:

'ipa.acloud.pt'

On 09/23/2015 05:30 PM, supo...@logicworks.pt wrote:

I can ping ipa server from engine, the log:

2015-09-23 16:24:50,504 WARN 
[org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service 
thread 1-1) [ovirt-engine-extension-aaa-ldap.authn::profile1-authn] 
Cannot initialize LDAP framework, deferring initialization. Error: An 
error occurred while attempting to resolve address 'ipa.acloud.pt ':  
java.net.UnknownHostException: ipa.acloud.pt : Name or service not known
2015-09-23 16:24:50,504 DEBUG 
[org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service 
thread 1-1) Ignoring Exception: LDAPException(resultCode=91 (connect 
error), errorMessage='An error occurred while attempting to resolve 
address 'ipa.acloud.pt ':  java.net.UnknownHostException: 
ipa.acloud.pt : Name or service not known')
at 
com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:754) 
[unboundid-ldapsdk.jar:2.3.7]
at 
com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:709) 
[unboundid-ldapsdk.jar:2.3.7]
at 
com.unboundid.ldap.sdk.LDAPConnection.(LDAPConnection.java:533) 
[unboundid-ldapsdk.jar:2.3.7]
at 
com.unboundid.ldap.sdk.SingleServerSet.getConnection(SingleServerSet.java:229) 
[unboundid-ldapsdk.jar:2.3.7]
at 
com.unboundid.ldap.sdk.ServerSet.getConnection(ServerSet.java:98) 
[unboundid-ldapsdk.jar:2.3.7]
at 
com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:1088) 
[unboundid-ldapsdk.jar:2.3.7]
at 
com.unboundid.ldap.sdk.LDAPConnectionPool.(LDAPConnectionPool.java:1026) 
[unboundid-ldapsdk.jar:2.3.7]
at 
com.unboundid.ldap.sdk.LDAPConnectionPool.(LDAPConnectionPool.java:913) 
[unboundid-ldapsdk.jar:2.3.7]
at 
org.ovirt.engineextensions.aaa.ldap.Framework.createConnectionPool(Framework.java:595) 
[ovirt-engine-extension-aaa-ldap.jar:]
at 
org.ovirt.engineextensions.aaa.ldap.Framework.createPool(Framework.java:632) 
[ovirt-engine-extension-aaa-ldap.jar:]
at 
org.ovirt.engineextensions.aaa.ldap.Framework.runSequence(Framework.java:1362) 
[ovirt-engine-extension-aaa-ldap.jar:]
at 
org.ovirt.engineextensions.aaa.ldap.Framework.open(Framework.java:667) 
[ovirt-engine-extension-aaa-ldap.jar:]
at 
org.ovirt.engineextensions.aaa.ldap.AuthnExtension.ensureFramework(AuthnExtension.java:49) 
[ovirt-engine-extension-aaa-ldap.jar:]
at 
org.ovirt.engineextensions.aaa.ldap.AuthnExtension.doInit(AuthnExtension.java:130) 
[ovirt-engine-extension-aaa-ldap.jar:]
at 
org.ovirt.engineextensions.aaa.ldap.AuthnExtension.invoke(AuthnExtension.java:66) 
[ovirt-engine-extension-aaa-ldap.jar:]
at 
com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:749) 
[unboundid-ldapsdk.jar:2.3.7]
2015-09-23 16:24:50,514 DEBUG 
[org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 
1-1) open Entry
2015-09-23 16:24:50,514 DEBUG 
[org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 
1-1) runSequence Entry name='simple-open-pools'
2015-09-23 16:24:50,514 DEBUG 
[org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 
1-1) Running sequence simple-open-pools/010/pool-create create authz pool
2015-09-23 16:24:50,515 TRACE 
[org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 
1-1) VARS-BEGIN
2015-09-23 16:24:50,515 TRACE 
[org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 
1-1) authz_enable = 1
2015-09-23 16:24:50,515 TRACE 
[org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 
1-1) capability_credentialsChange = false
2015-09-23 16:24:50,515 TRACE 
[org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 
1-1) capability_resucrsiveGroupResolution = false
2015-09-23 16:24:50,515 TRACE 
[org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 
1-1) maxFilterSize = 50
2015-09-23 16:24:50,515 TRACE 
[org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 
1-1) sensitiveKeys = , password, passwordNew
2015-09-23 16:24:50,515 TRACE 
[org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 
1-1) simple_attrGroupMemberDN = member
2015-09-23 16:24:50,516 TRACE 
[org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 
1-1) simple_attrMemberOf = memberOf
2015-09-23 16:24:50,516 TRACE 
[org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 
1-1) simple_attrsBaseDN = defaultNamingContext
2015-09-23 16:24:50,516 TRACE 
[org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 
1-1) simple_attrsBaseDNIndex = 0
2015-09-23 16:24:50,516 TRACE 
[org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 
1-1) simple_attrsGroupRecord = ipaUniqueID, cn, description
2015-09-23 16:24:50,516 TRACE 
[or

Re: [ovirt-users] FreeIPA

[suporte]

I can ping ipa server from engine, the log: 

2015-09-23 16:24:50,504 WARN 
[org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service thread 1-1) 
[ovirt-engine-extension-aaa-ldap.authn::profile1-authn] Cannot initialize LDAP 
framework, deferring initialization. Error: An error occurred while attempting 
to resolve address 'ipa.acloud.pt ': java.net.UnknownHostException: 
ipa.acloud.pt : Name or service not known 
2015-09-23 16:24:50,504 DEBUG 
[org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service thread 1-1) 
Ignoring Exception: LDAPException(resultCode=91 (connect error), 
errorMessage='An error occurred while attempting to resolve address 
'ipa.acloud.pt ': java.net.UnknownHostException: ipa.acloud.pt : Name or 
service not known') 
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:754) 
[unboundid-ldapsdk.jar:2.3.7] 
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:709) 
[unboundid-ldapsdk.jar:2.3.7] 
at com.unboundid.ldap.sdk.LDAPConnection.(LDAPConnection.java:533) 
[unboundid-ldapsdk.jar:2.3.7] 
at 
com.unboundid.ldap.sdk.SingleServerSet.getConnection(SingleServerSet.java:229) 
[unboundid-ldapsdk.jar:2.3.7] 
at com.unboundid.ldap.sdk.ServerSet.getConnection(ServerSet.java:98) 
[unboundid-ldapsdk.jar:2.3.7] 
at 
com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:1088)
 [unboundid-ldapsdk.jar:2.3.7] 
at 
com.unboundid.ldap.sdk.LDAPConnectionPool.(LDAPConnectionPool.java:1026) 
[unboundid-ldapsdk.jar:2.3.7] 
at 
com.unboundid.ldap.sdk.LDAPConnectionPool.(LDAPConnectionPool.java:913) 
[unboundid-ldapsdk.jar:2.3.7] 
at 
org.ovirt.engineextensions.aaa.ldap.Framework.createConnectionPool(Framework.java:595)
 [ovirt-engine-extension-aaa-ldap.jar:] 
at org.ovirt.engineextensions.aaa.ldap.Framework.createPool(Framework.java:632) 
[ovirt-engine-extension-aaa-ldap.jar:] 
at 
org.ovirt.engineextensions.aaa.ldap.Framework.runSequence(Framework.java:1362) 
[ovirt-engine-extension-aaa-ldap.jar:] 
at org.ovirt.engineextensions.aaa.ldap.Framework.open(Framework.java:667) 
[ovirt-engine-extension-aaa-ldap.jar:] 
at 
org.ovirt.engineextensions.aaa.ldap.AuthnExtension.ensureFramework(AuthnExtension.java:49)
 [ovirt-engine-extension-aaa-ldap.jar:] 
at 
org.ovirt.engineextensions.aaa.ldap.AuthnExtension.doInit(AuthnExtension.java:130)
 [ovirt-engine-extension-aaa-ldap.jar:] 
at 
org.ovirt.engineextensions.aaa.ldap.AuthnExtension.invoke(AuthnExtension.java:66)
 [ovirt-engine-extension-aaa-ldap.jar:] 
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:749) 
[unboundid-ldapsdk.jar:2.3.7] 
2015-09-23 16:24:50,514 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) open Entry 
2015-09-23 16:24:50,514 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) runSequence Entry name='simple-open-pools' 
2015-09-23 16:24:50,514 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) Running sequence simple-open-pools/010/pool-create 
create authz pool 
2015-09-23 16:24:50,515 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) VARS-BEGIN 
2015-09-23 16:24:50,515 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) authz_enable = 1 
2015-09-23 16:24:50,515 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) capability_credentialsChange = false 
2015-09-23 16:24:50,515 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) capability_resucrsiveGroupResolution = false 
2015-09-23 16:24:50,515 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) maxFilterSize = 50 
2015-09-23 16:24:50,515 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) sensitiveKeys = , password, passwordNew 
2015-09-23 16:24:50,515 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) simple_attrGroupMemberDN = member 
2015-09-23 16:24:50,516 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) simple_attrMemberOf = memberOf 
2015-09-23 16:24:50,516 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) simple_attrsBaseDN = defaultNamingContext 
2015-09-23 16:24:50,516 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) simple_attrsBaseDNIndex = 0 
2015-09-23 16:24:50,516 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) simple_attrsGroupRecord = ipaUniqueID, cn, description 
2015-09-23 16:24:50,516 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) simple_attrsPrincipalRecord = ipaUniqueID, uid, 
displayName, department, givenName, sn, title, mail, krbpasswordexpiration 
2015-09-23 16:24:50,516 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] 
(MSC service thread 1-1) simple_attrsUserName = uid 
2015-09-23 16:24:50,516 TRACE [org.ovirt.engineextensions.aa

Re: [ovirt-users] VNC console behind NAT

[Michal Skrivanek]

On Sep 22, 2015, at 10:01 , Tomas Jelinek  wrote:

> 
> 
> - Original Message -
>> From: "Alan Murrell" 
>> To: "users" 
>> Cc: "Tomas Jelinek" 
>> Sent: Monday, September 21, 2015 8:00:26 PM
>> Subject: Re: [ovirt-users] VNC console behind NAT
>> 
>> Quoting "Tomas Jelinek" :
>> 
>>> Display address override would not help?
>>> http://wiki.ovirt.org/Features/Display_Address_Override
>> 
>> I wasn't aware of that feature, or at least I don't think I was :-)  I
>> must have had that enabled previously when I was able to connect via
>> VNC console through NAT via VNC console.
>> 
>> Is the VNC port that is used different for each host also?  I
>> currently only have one host, and it gives a connection on port 5902.
>> If I added a second host, would it also use 5902 or would the engine
>> assign a different VNC port to it?
> 
> the port is not really deterministic - depends on how many VMs are running 
> and to which you are connected to etc.
> Imagine you have 2 vms on the same host and connect to both of them - they 
> need to listen on different ports.

normally it's sequential on each host, so in small setup like yours you will 
get the same port on both host

you would need a full proxy. Is websocket proxy & noVNC in browser an option?

> 
>> 
>> The reason I ask is that for a multi-host setup, that could become a
>> bit of an issue if they all use the same port (using different host
>> names is not an issue).  If the same port is used for all hosts, can
>> this be overridden too?
> 
> no, I don't think so. Maybe using some vdsm hook but it is not a nice 
> solution.
> 
>> 
>> If it can't be, then I suppose one solution would be to setup a a TCP
>> proxy and forward port 5902 to it, then let it handle the connection
>> to the correct host based on the host name used.
>> 
>> I hope that makes sense?
>> 
>> Regards,
>> 
>> Alan
>> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Foreman: Add external provider (Failed with error PROVIDER_FAILURE and code 5050)

[Nathanaël Blanchet]

Hello,

I have a working foreman 1.9.1 installed with katello 2.3.
ruby193-rubygem-ovirt_provision_plugin-1.0.1-1.el7 is also installed on 
the same host.
But the issue is the same as below when testing  in "add external 
provider" from ovirt 3.5.4.

What can I do now?

Le 06/11/2014 12:31, Oved Ourfali a écrit :


- Original Message -

From: "Daniel Helgenberger" 
To: "Oved Ourfali" 
Cc: users@ovirt.org
Sent: Thursday, November 6, 2014 1:29:38 PM
Subject: Re: [ovirt-users] Foreman: Add external provider (Failed with error 
PROVIDER_FAILURE and code 5050)



On 06.11.2014 05:47, Oved Ourfali wrote:

These steps are also in the feature page

Thanks Oved for pointing to the doc; my bad. I was using the foreman
integration document [1]. Maybe the pages should be merged?


Yaniv - you planned to merge them, right? That would be a good time...



, but it would be nice if you review them to see nothing is missing.

http://www.ovirt.org/Features/AdvancedForemanIntegration

With foreman 1.6 (at least) there is no need to enable the nightly
builds any more as rb-ovirt is resolved by yum.

Lastly, I think you need to enable foreman_discovery with the foreman
installer to work and download images:

# foreman-installer --enable-foreman-plugin-discovery
--foreman-plugin-discovery-install-images=true

You have that already listed in the testing env setup; but this needs to
be put in context with installing foreman-ovirt on the foreman host.

Yaniv - please add a note there too.

Daniel - thanks for the review and the comments!

Regards,
Oved


Thanks
Oved


[1] http://www.ovirt.org/Features/ForemanIntegration


On Nov 6, 2014 12:40 AM, Daniel Helgenberger 
wrote:

Answering my own question; and maybe a very obvious cause for the
failing provider: the missiAnswering my own question; and maybe a very
obvious cause for the

failing provider: the missing provider plugin in forman!
So one needs to do:

yum install ruby193-rubygem-ovirt_provision_plugin

on the foreman host.

After that, the connection test in the engine comes up positive. Sadly,
this is not documented anywhere; only on the GitHub repo readme [1].
This is also a little bit outdated, as the rbovirt dependency is
resolved now automatically.

Also, but I am not sure, the porvider lugin needs the foreman_discovery
plugin to work:

yum install ruby193-rubygem-foreman_discovery

[1]
https://github.com/theforeman/ovirt_provision_plugin/blob/master/README.md

On 29.10.2014 00:36, Daniel Helgenberger wrote:

Hello,

did anyone actually get this working in oVirt 3.5 / EL6 - Engine? I am
trying this for two days now.

Setup:
Engine; EL6.5
Foreman; EL6.5

Foreman seems to do it's as I can use it to deploy hosts and also smart
proxies are running fine.

I have opened a BZ [1]; because this really can not work out of the box
with EL6 plain vanilla packages. I wonder if this was ever tested... ?
Java 7 used i n EL6 [4] does only support DH keys up to 1024byte. This
is known issue in Foreman [2] as longer DH keys are now used by default
in Foreman / PuppetCA.
A dirty fix confirmed working is adding default DH parameters to the
foreman cert; effectively disabling it [3].

So I got SSL working and I get beyond the authentication (entering wrong
data gets me auth errors)- however, I am still not able to add the
external provider. Pressing 'test' results in
(Failed with error PROVIDER_FAILURE and code 5050)

Sample engine.log
2014-10-28 23:49:40,860 ERROR
[org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand]
(ajp--127.0.0.1-8702-1) [6a3da4e7] Command
org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand throw
Vdc Bll exception. With error message VdcBLLException: PROVIDER_FAILURE
(Failed with error PROVIDER_FAILURE and code 5050)

I can't find any more hints in oVirt; access logs in Foreman are telling
me API queries by the engine. Did I miss a crucial step in the foreman
setup? How can I debug this issue?

I am willing to upgrade openjdk; provided this does not break my engine...

Thanks!

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1157749
[2] https://tickets.puppetlabs.com/browse/SERVER-17
[3] http://httpd.apache.org/docs/current/ssl/ssl_faq.html#javadh
[4] java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5.x86_64


--
Daniel Helgenberger
m box bewegtbild GmbH

P: +49/30/2408781-22
F: +49/30/2408781-10

ACKERSTR. 19
D-10115 BERLIN


www.m-box.de  www.monkeymen.tv

Geschäftsführer: Martin Retschitzegger / Michaela Göllner
Handeslregister: Amtsgericht Charlottenburg / HRB 112767


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


--
Nathanaël Blanchet

Supervision réseau
Pôle Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5   
Tél. 33 (0)4 67 54 84 55
Fax  33 (0)4 67 54 84 14
blanc...@abes.fr

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/use

Re: [ovirt-users] FreeIPA

[Ondra Machacek]

Try this[1] easier approach.

[1] 
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=aed09b5793e0352dc20812b4746dbd2d7898f292#l389


On 09/23/2015 03:58 PM, supo...@logicworks.pt wrote:

well, when I run
# /usr/share/ovirt-engine-jboss-as/bin/jboss-cli.sh --connect 
--timeout=3 --controller=localhost:8706 --user=admin@internal 
--commands="if (outcome != success) of 
/subsystem=logging/logger=org.ovirt.engineextensions.aaa.ldap:read-attribute(name=level),/subsystem=logging/logger=org.ovirt.engineextensions.aaa.ldap:add,end-if,/subsystem=logging/logger=org.ovirt.engineextensions.aaa.ldap:write-attribute(name=level,value=ALL)"


get this error: Duplicate argument '--command'/'--commands'.

can't see why


*De: *"Ondra Machacek" 
*Para: *supo...@logicworks.pt
*Cc: *users@ovirt.org
*Enviadas: *Quarta-feira, 23 De Setembro de 2015 12:50:46
*Assunto: *Re: [ovirt-users] FreeIPA

You don't have to do anything on IPA side, just create users/groups.

OK, nothing in the log at INFO level, initialization succeed, so can 
you please send the debug log? See here[1] how to enable.


Thank you.

[1] 
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l389


On 09/23/2015 10:48 AM, supo...@logicworks.pt wrote:


Is there anything to do on the IPA side? Or is just add users?
On the oVirt Engine, Users Tab, when click on add I can see
profile1 (profile1-aurhz) but the GO button is still in gray.
I think something is wrong with the autehtication on the IPA server.

Here is the engine log :

2015-09-23 09:37:57,927 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC
service thread 1-2) Extension 'builtin-authn-internal' initialized
2015-09-23 09:37:57,927 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC
service thread 1-2) Initializing extension 'internal'
2015-09-23 09:37:57,928 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC
service thread 1-2) Extension 'internal' initialized
2015-09-23 09:37:57,928 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC
service thread 1-2) Start of enabled extensions list
2015-09-23 09:37:57,928 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC
service thread 1-2) Instance name: 'profile1-authn', Extension
name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.0.2',
Notes: 'Display name:
ovirt-engine-extension-aaa-ldap-1.0.2-1.el7', License: 'ASL 2.0',
Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build
interface Version: '0',  File:
'/etc/ovirt-engine/extensions.d/profile1-authn.properties',
Initialized: 'true'
2015-09-23 09:37:57,929 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC
service thread 1-2) Instance name: 'profile1-authz', Extension
name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.0.2',
Notes: 'Display name:
ovirt-engine-extension-aaa-ldap-1.0.2-1.el7', License: 'ASL 2.0',
Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build
interface Version: '0',  File:
'/etc/ovirt-engine/extensions.d/profile1-authz.properties',
Initialized: 'true'
2015-09-23 09:37:57,929 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC
service thread 1-2) Instance name: 'builtin-authn-internal',
Extension name: 'Internal Authn (Built-in)', Version: 'N/A',
Notes: '', License: 'ASL 2.0', Home: 'http://www.ovirt.org',
Author 'The oVirt Project', Build interface Version: '0',  File:
'N/A', Initialized: 'true'
2015-09-23 09:37:57,930 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC
service thread 1-2) Instance name: 'internal', Extension name:
'Internal Authz (Built-in)', Version: 'N/A', Notes: '', License:
'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt
Project', Build interface Version: '0',  File: 'N/A', Initialized:
'true'
2015-09-23 09:37:57,930 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC
service thread 1-2) End of enabled extensions list
2015-09-23 09:37:58,103 INFO
[org.ovirt.engine.core.bll.tasks.AsyncTaskManager] (MSC service
thread 1-1) Initialization of AsyncTaskManager completed successfully.
2015-09-23 09:37:58,105 INFO
[org.ovirt.engine.core.vdsbroker.ResourceManager] (MSC service
thread 1-1) Start initializing ResourceManager
2015-09-23 09:37:58,217 INFO
[org.ovirt.engine.core.vdsbroker.VdsManager] (MSC service thread
1-1) Entered VdsManager constructor
2015-09-23 09:37:58,268 INFO
[org.ovirt.engine.core.vdsbroker.VdsManager] (MSC service thread
1-1) Initialize vdsBroker (192.168.6.201,54,321)
2015-09-23 09:37:58,402 INFO
[org.ovirt.engine.core.vdsbroker.ResourceManager] (M

Re: [ovirt-users] FreeIPA

[suporte]

well, when I run 
# /usr/share/ovirt-engine-jboss-as/bin/jboss-cli.sh --connect --timeout=3 
--controller=localhost:8706 --user=admin@internal --commands="if (outcome != 
success) of 
/subsystem=logging/logger=org.ovirt.engineextensions.aaa.ldap:read-attribute(name=level),/subsystem=logging/logger=org.ovirt.engineextensions.aaa.ldap:add,end-if,/subsystem=logging/logger=org.ovirt.engineextensions.aaa.ldap:write-attribute(name=level,value=ALL)"
 

get this error: Duplicate argument '--command'/'--commands'. 

can't see why 

- Mensagem original -

De: "Ondra Machacek"  
Para: supo...@logicworks.pt 
Cc: users@ovirt.org 
Enviadas: Quarta-feira, 23 De Setembro de 2015 12:50:46 
Assunto: Re: [ovirt-users] FreeIPA 

You don't have to do anything on IPA side, just create users/groups. 

OK, nothing in the log at INFO level, initialization succeed, so can you please 
send the debug log? See here[1] how to enable. 

Thank you. 

[1] 
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l389
 

On 09/23/2015 10:48 AM, supo...@logicworks.pt wrote: 




Is there anything to do on the IPA side? Or is just add users? 
On the oVirt Engine, Users Tab, when click on add I can see profile1 
(profile1-aurhz) but the GO button is still in gray. 
I think something is wrong with the autehtication on the IPA server. 

Here is the engine log : 

2015-09-23 09:37:57,927 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 
1-2) Extension 'builtin-authn-internal' initialized 
2015-09-23 09:37:57,927 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 
1-2) Initializing extension 'internal' 
2015-09-23 09:37:57,928 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 
1-2) Extension 'internal' initialized 
2015-09-23 09:37:57,928 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 
1-2) Start of enabled extensions list 
2015-09-23 09:37:57,928 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 
1-2) Instance name: 'profile1-authn', Extension name: 
'ovirt-engine-extension-aaa-ldap.authn', Version: '1.0.2', Notes: 'Display 
name: ovirt-engine-extension-aaa-ldap-1.0.2-1.el7', License: 'ASL 2.0', Home: ' 
http://www.ovirt.org ', Author 'The oVirt Project', Build interface Version: 
'0', File: '/etc/ovirt-engine/extensions.d/profile1-authn.properties', 
Initialized: 'true' 
2015-09-23 09:37:57,929 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 
1-2) Instance name: 'profile1-authz', Extension name: 
'ovirt-engine-extension-aaa-ldap.authz', Version: '1.0.2', Notes: 'Display 
name: ovirt-engine-extension-aaa-ldap-1.0.2-1.el7', License: 'ASL 2.0', Home: ' 
http://www.ovirt.org ', Author 'The oVirt Project', Build interface Version: 
'0', File: '/etc/ovirt-engine/extensions.d/profile1-authz.properties', 
Initialized: 'true' 
2015-09-23 09:37:57,929 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 
1-2) Instance name: 'builtin-authn-internal', Extension name: 'Internal Authn 
(Built-in)', Version: 'N/A', Notes: '', License: 'ASL 2.0', Home: ' 
http://www.ovirt.org ', Author 'The oVirt Project', Build interface Version: 
'0', File: 'N/A', Initialized: 'true' 
2015-09-23 09:37:57,930 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 
1-2) Instance name: 'internal', Extension name: 'Internal Authz (Built-in)', 
Version: 'N/A', Notes: '', License: 'ASL 2.0', Home: ' http://www.ovirt.org ', 
Author 'The oVirt Project', Build interface Version: '0', File: 'N/A', 
Initialized: 'true' 
2015-09-23 09:37:57,930 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 
1-2) End of enabled extensions list 
2015-09-23 09:37:58,103 INFO [org.ovirt.engine.core.bll.tasks.AsyncTaskManager] 
(MSC service thread 1-1) Initialization of AsyncTaskManager completed 
successfully. 
2015-09-23 09:37:58,105 INFO [org.ovirt.engine.core.vdsbroker.ResourceManager] 
(MSC service thread 1-1) Start initializing ResourceManager 
2015-09-23 09:37:58,217 INFO [org.ovirt.engine.core.vdsbroker.VdsManager] (MSC 
service thread 1-1) Entered VdsManager constructor 
2015-09-23 09:37:58,268 INFO [org.ovirt.engine.core.vdsbroker.VdsManager] (MSC 
service thread 1-1) Initialize vdsBroker (192.168.6.201,54,321) 
2015-09-23 09:37:58,402 INFO [org.ovirt.engine.core.vdsbroker.ResourceManager] 
(MSC service thread 1-1) VDS 0ffde0bc-c610-43ee-8ded-e8d2beb7e0f6 was added to 
the Resource Manager 
2015-09-23 09:37:58,429 INFO [org.ovirt.engine.core.vdsbroker.ResourceManager] 
(MSC service thread 1-1) Finished initializing ResourceManager 
2015-09-23 09:37:58,430 INFO [org.ovirt.engine.core.bll.OvfDataUpdater] (MSC 
service thread 1-1) Initialization of OvfDataUpdater completed successfully. 
2015-09-23 09:37:58,431 INFO 
[org.ovirt.engine.core.bll.scheduling.Schedu

Re: [ovirt-users] Problem migration VM

[Alex Crow]

On 23/09/15 14:11, Luca Bertoncello wrote:

Hi Alex


Thought so. The migration then cannot continue, obviously.

Obviously... :(


Can someone suggest me a way to call my script as FIRST script on

shutdown/reboot and to block the shutdown/reboot until my script
complete?

This will solve the problem...

Add your systemd script as a "requires" entry in the systemd script
responsible for shutting down the system?

What do you mean? Could you please explain, maybe with an example?


I've not done anything with systemd myself but it should be entirely 
possible. Ask systemd people.





Of course, I can try with a wrapper for /sbin/shutdown and /sbin/reboot,

but this is not a nice solution...

Why don't you manage this from another machine, not from the hosts? Just
have a script call the API to initiate maintenance, wait for the migration to
complete, then call the API to shut down the host?


OK, change the shutdown script on the host that NUT calls (ie *not* the 
systemd stuff) to do what I said above. That would work. You will have 
to be careful with your timing to ensure that migration can finish 
before your UPS runs out of juice though. NUT normally only starts the 
shutdown process on LOWBATT from the UPS.





Or is it really too hard to do this from the GUI? I don't understand why you
have such a hard requirement to be able to do this from the hosts - the
whole point of Ovirt is that you don't have to manage your hosts on an
individual basis!

Well, the problem is just one: if someone other Admin has to perform some works 
on the host that require a reboot, and he MUST log into a GUI to put the host 
in maintenance before the shutdown, we have a higher fail-possibility, if he 
forgot that.
And, of course, automatically shutdown cannot log into the GUI...


No, but it can have access to the API. You'd have to mess around with 
the systemd scripts to do this bit. As above, I think you'd be better 
off asking the systemd people than this list - as this is now getting 
quite offtopic for here.


Alex

--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
"Transact" is operated by Integrated Financial Arrangements plc. 29
Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608
5300. (Registered office: as above; Registered in England and Wales
under number: 3727592). Authorised and regulated by the Financial
Conduct Authority (entered on the Financial Services Register; no. 190856).

.

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Problem migration VM

[Luca Bertoncello]

Hi Alex

> Thought so. The migration then cannot continue, obviously.

Obviously... :(

> > Can someone suggest me a way to call my script as FIRST script on
> shutdown/reboot and to block the shutdown/reboot until my script
> complete?
> > This will solve the problem...
> 
> Add your systemd script as a "requires" entry in the systemd script
> responsible for shutting down the system?

What do you mean? Could you please explain, maybe with an example?

> > Of course, I can try with a wrapper for /sbin/shutdown and /sbin/reboot,
> but this is not a nice solution...
> 
> Why don't you manage this from another machine, not from the hosts? Just
> have a script call the API to initiate maintenance, wait for the migration to
> complete, then call the API to shut down the host?

Well, the problem is, that the host MUST be able to shutdown and migrate the 
VMs if for example we have a black-out...
The UPS send a signal and NUT start the shutdown.
In this case, the VMs have to migrate.

> Or is it really too hard to do this from the GUI? I don't understand why you
> have such a hard requirement to be able to do this from the hosts - the
> whole point of Ovirt is that you don't have to manage your hosts on an
> individual basis!

Well, the problem is just one: if someone other Admin has to perform some works 
on the host that require a reboot, and he MUST log into a GUI to put the host 
in maintenance before the shutdown, we have a higher fail-possibility, if he 
forgot that.
And, of course, automatically shutdown cannot log into the GUI...

So, the best solution is, that the host itself, BEFORE the shutdown begins, 
send oVirt a signal and let oVirt put the host in Maintenance, migrating all 
VMs, and THEN, proceed with the shutdown...

I think, it MUST be possible, but I can't find how...

Thanks

Mit freundlichen Grüßen

Luca Bertoncello

-- 
Besuchen Sie unsere Webauftritte:

www.queo.bizAgentur für Markenführung und Kommunikation
www.queoflow.comIT-Consulting und Individualsoftwareentwicklung

Luca Bertoncello
Administrator
Telefon:+49 351 21 30 38 0
Fax:+49 351 21 30 38 99
E-Mail: l.bertonce...@queo-group.com

queo GmbH
Tharandter Str. 13
01159 Dresden
Sitz der Gesellschaft: Dresden
Handelsregistereintrag: Amtsgericht Dresden HRB 22352
Geschäftsführer: Rüdiger Henke, André Pinkert
USt-IdNr.: DE234220077
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Problem migration VM

[Alex Crow]

On 23/09/15 13:54, Luca Bertoncello wrote:

Hi Alex


Did the host you are running the script on shut down before the
migration completed?

Apparently yes...


Thought so. The migration then cannot continue, obviously.




If you put the host in maintenance from the GUI, does it successfully
migrate off all VMs?

Yes, this happens!

Now, I think, the problem is that the system first unmount /run and then call 
my script, so that libvirt has no more possibility to successfully migrate the 
VMs...

Can someone suggest me a way to call my script as FIRST script on 
shutdown/reboot and to block the shutdown/reboot until my script complete?
This will solve the problem...


Add your systemd script as a "requires" entry in the systemd script 
responsible for shutting down the system?




Of course, I can try with a wrapper for /sbin/shutdown and /sbin/reboot, but 
this is not a nice solution...


Why don't you manage this from another machine, not from the hosts? Just 
have a script call the API to initiate maintenance, wait for the 
migration to complete, then call the API to shut down the host?


Or is it really too hard to do this from the GUI? I don't understand why 
you have such a hard requirement to be able to do this from the hosts - 
the whole point of Ovirt is that you don't have to manage your hosts on 
an individual basis!


Alex



Thanks

Mit freundlichen Grüßen

Luca Bertoncello

--
Besuchen Sie unsere Webauftritte:

www.queo.bizAgentur für Markenführung und Kommunikation
www.queoflow.comIT-Consulting und Individualsoftwareentwicklung

Luca Bertoncello
Administrator
Telefon:+49 351 21 30 38 0
Fax:+49 351 21 30 38 99
E-Mail: l.bertonce...@queo-group.com

queo GmbH
Tharandter Str. 13
01159 Dresden
Sitz der Gesellschaft: Dresden
Handelsregistereintrag: Amtsgericht Dresden HRB 22352
Geschäftsführer: Rüdiger Henke, André Pinkert
USt-IdNr.: DE234220077
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
"Transact" is operated by Integrated Financial Arrangements plc. 29
Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608
5300. (Registered office: as above; Registered in England and Wales
under number: 3727592). Authorised and regulated by the Financial
Conduct Authority (entered on the Financial Services Register; no. 190856).

.

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Problem migration VM

[Luca Bertoncello]

Hi Alex

> Did the host you are running the script on shut down before the 
> migration completed?

Apparently yes...

> If you put the host in maintenance from the GUI, does it successfully 
> migrate off all VMs?

Yes, this happens!

Now, I think, the problem is that the system first unmount /run and then call 
my script, so that libvirt has no more possibility to successfully migrate the 
VMs...

Can someone suggest me a way to call my script as FIRST script on 
shutdown/reboot and to block the shutdown/reboot until my script complete?
This will solve the problem...

Of course, I can try with a wrapper for /sbin/shutdown and /sbin/reboot, but 
this is not a nice solution...

Thanks

Mit freundlichen Grüßen

Luca Bertoncello

--
Besuchen Sie unsere Webauftritte:

www.queo.bizAgentur für Markenführung und Kommunikation
www.queoflow.comIT-Consulting und Individualsoftwareentwicklung

Luca Bertoncello
Administrator
Telefon:+49 351 21 30 38 0
Fax:+49 351 21 30 38 99
E-Mail: l.bertonce...@queo-group.com

queo GmbH
Tharandter Str. 13
01159 Dresden
Sitz der Gesellschaft: Dresden
Handelsregistereintrag: Amtsgericht Dresden HRB 22352
Geschäftsführer: Rüdiger Henke, André Pinkert
USt-IdNr.: DE234220077
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Problem migration VM

[Alex Crow]

On 23/09/15 10:30, Luca Bertoncello wrote:

Hi list!

Sorry fort the previous E-Mail... problem on my Outlook... :(
Here again...

After a "war-week" I finally got a systemd-script  to put the host in
"maintenance" when a shutdown will started.
Now the problem is, that the automatically migration of the VM does NOT
work...

I see in the Web console the host will "Preparing for maintenance" and the
VM will start the migration, then the host is in "maintenance" and a couple of
seconds later the VM will be killed on the other host...
Did the host you are running the script on shut down before the 
migration completed?


If you put the host in maintenance from the GUI, does it successfully 
migrate off all VMs?


Alex

--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
"Transact" is operated by Integrated Financial Arrangements plc. 29
Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608
5300. (Registered office: as above; Registered in England and Wales
under number: 3727592). Authorised and regulated by the Financial
Conduct Authority (entered on the Financial Services Register; no. 190856).

.

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Not able to resume a VM which was paused because of gluster quorum issue

[Ramesh Nachimuthu]

On 09/22/2015 05:57 PM, Alastair Neil wrote:

You need to set the gluster.server-quorum-ratio to 51%



I did that. But still I am facing the same issue. VM get paused when I 
do some I/O using fio on some disks backed by gluster. I am not able to 
resume the VM after this. Now only way is to bring down the VM and run 
again. It runs successfully on the same host without any issue.


Regards,
Ramesh

On 22 September 2015 at 08:25, Ramesh Nachimuthu > wrote:




On 09/22/2015 05:43 PM, Alastair Neil wrote:

what are the gluster-quorum-type and gluster.server-quorum-ratio
 settings on the volume?



*cluster.server-quorum-type*:server
*cluster.quorum-type*:auto
*gluster.server-quorum-ratio is not set.*

One brick process is purposefully killed  but remaining two bricks
are up and running.

Regards,
Ramesh


On 22 September 2015 at 06:24, Ramesh Nachimuthu
mailto:rnach...@redhat.com>> wrote:

Hi,

   I am not able to resume a VM which was paused because of
gluster client quorum issue. Here is what happened in my setup.

1. Created a gluster storage domain which is backed by
gluster volume with replica 3.
2. Killed one brick process. So only two bricks are running
in replica 3 setup.
3. Created two VMs
4. Started some IO using fio on both of the VMs
5. After some time got the following error in gluster mount
and VMs moved to paused state.
 " server 10.70.45.17:49217
 has not responded in the last 42
seconds, disconnecting."
  "vmstore-replicate-0:
e16d1e40-2b6e-4f19-977d-e099f465dfc6: Failing WRITE as quorum
is not met"
  more gluster mount logs at http://pastebin.com/UmiUQq0F
6. After some time gluster quorum is active and I am able to
write the the gluster file system.
7. When I try to resume the VM it doesn't work and I got
following error in vdsm log.
http://pastebin.com/aXiamY15


Regards,
Ramesh


___
Users mailing list
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users







___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] FreeIPA

[Ondra Machacek]

You don't have to do anything on IPA side, just create users/groups.

OK, nothing in the log at INFO level, initialization succeed, so can you 
please send the debug log? See here[1] how to enable.


Thank you.

[1] 
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l389


On 09/23/2015 10:48 AM, supo...@logicworks.pt wrote:


Is there anything to do on the IPA side? Or is just add users?
On the oVirt Engine, Users Tab, when click on add I can see profile1 
(profile1-aurhz) but the GO button is still in gray.

I think something is wrong with the autehtication on the IPA server.

Here is the engine log :

2015-09-23 09:37:57,927 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service 
thread 1-2) Extension 'builtin-authn-internal' initialized
2015-09-23 09:37:57,927 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service 
thread 1-2) Initializing extension 'internal'
2015-09-23 09:37:57,928 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service 
thread 1-2) Extension 'internal' initialized
2015-09-23 09:37:57,928 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service 
thread 1-2) Start of enabled extensions list
2015-09-23 09:37:57,928 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service 
thread 1-2) Instance name: 'profile1-authn', Extension name: 
'ovirt-engine-extension-aaa-ldap.authn', Version: '1.0.2', Notes: 
'Display name: ovirt-engine-extension-aaa-ldap-1.0.2-1.el7', License: 
'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', 
Build interface Version: '0',  File: 
'/etc/ovirt-engine/extensions.d/profile1-authn.properties', 
Initialized: 'true'
2015-09-23 09:37:57,929 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service 
thread 1-2) Instance name: 'profile1-authz', Extension name: 
'ovirt-engine-extension-aaa-ldap.authz', Version: '1.0.2', Notes: 
'Display name: ovirt-engine-extension-aaa-ldap-1.0.2-1.el7', License: 
'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', 
Build interface Version: '0',  File: 
'/etc/ovirt-engine/extensions.d/profile1-authz.properties', 
Initialized: 'true'
2015-09-23 09:37:57,929 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service 
thread 1-2) Instance name: 'builtin-authn-internal', Extension name: 
'Internal Authn (Built-in)', Version: 'N/A', Notes: '', License: 'ASL 
2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build 
interface Version: '0', File: 'N/A', Initialized: 'true'
2015-09-23 09:37:57,930 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service 
thread 1-2) Instance name: 'internal', Extension name: 'Internal Authz 
(Built-in)', Version: 'N/A', Notes: '', License: 'ASL 2.0', Home: 
'http://www.ovirt.org', Author 'The oVirt Project', Build interface 
Version: '0',  File: 'N/A', Initialized: 'true'
2015-09-23 09:37:57,930 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service 
thread 1-2) End of enabled extensions list
2015-09-23 09:37:58,103 INFO 
[org.ovirt.engine.core.bll.tasks.AsyncTaskManager] (MSC service thread 
1-1) Initialization of AsyncTaskManager completed successfully.
2015-09-23 09:37:58,105 INFO 
[org.ovirt.engine.core.vdsbroker.ResourceManager] (MSC service thread 
1-1) Start initializing ResourceManager
2015-09-23 09:37:58,217 INFO 
[org.ovirt.engine.core.vdsbroker.VdsManager] (MSC service thread 1-1) 
Entered VdsManager constructor
2015-09-23 09:37:58,268 INFO 
[org.ovirt.engine.core.vdsbroker.VdsManager] (MSC service thread 1-1) 
Initialize vdsBroker (192.168.6.201,54,321)
2015-09-23 09:37:58,402 INFO 
[org.ovirt.engine.core.vdsbroker.ResourceManager] (MSC service thread 
1-1) VDS 0ffde0bc-c610-43ee-8ded-e8d2beb7e0f6 was added to the 
Resource Manager
2015-09-23 09:37:58,429 INFO 
[org.ovirt.engine.core.vdsbroker.ResourceManager] (MSC service thread 
1-1) Finished initializing ResourceManager
2015-09-23 09:37:58,430 INFO 
[org.ovirt.engine.core.bll.OvfDataUpdater] (MSC service thread 1-1) 
Initialization of OvfDataUpdater completed successfully.
2015-09-23 09:37:58,431 INFO 
[org.ovirt.engine.core.bll.scheduling.SchedulingManager] (MSC service 
thread 1-1) Start scheduling to enable vds load balancer
2015-09-23 09:37:58,432 INFO 
[org.ovirt.engine.core.bll.scheduling.SchedulingManager] (MSC service 
thread 1-1) Finished scheduling to enable vds load balancer
2015-09-23 09:37:58,432 INFO 
[org.ovirt.engine.core.bll.scheduling.SchedulingManager] (MSC service 
thread 1-1) Start HA Reservation check
2015-09-23 09:37:58,434 INFO 
[org.ovirt.engine.core.bll.scheduling.SchedulingManager] (MSC service 
thread 1-1) Finished HA Reservation check
2015-09-23 09:37:58,440 INFO 
[org.ovirt.engine.core.bll.network.MacPoolManagerRanges] 
(org.ovirt.thread.pool-8-thread-1) Start initializing MacPoolManagerRanges
2015-09-23 09:37:58,444 INFO 
[org.ovirt.engine.core.bll.Init

Re: [ovirt-users] Virtual appliance import question/problem

[Maurice James]

To convert the images I used: 
qemu-img convert 250.qcow2 -O raw 250.img -p 


oVirt will not allow me to have more than 3 IDE devices on a VM 

Doesnt 3.6 only work on RHEL/Centos 7? 


- Original Message -

From: "Nir Soffer"  
To: "Maurice James" , "Shahar Havivi" 
 
Cc: "users"  
Sent: Tuesday, September 22, 2015 7:37:58 PM 
Subject: Re: [ovirt-users] Virtual appliance import question/problem 

On Mon, Sep 21, 2015 at 7:57 PM, Maurice James < mja...@media-node.com > wrote: 



I have a virtual mail security appliance that I am trying to import into oVirt 
3.5.4. The appliance was built for kvm. it has a total of 5 scsi disks. I can 
convert and copy the OS disk only because it expands its self to full size. 

The first problem that I have is that the disks expand to their full size when 
I convert the to an oVirt format 




How do you convert to ovirt format? 





OS Disk 
mail.qcow2 (74M) converts to main.img (294M) 


Storage disks 
250.qcow2 (256K) converts to 250.img (250GB) 
1024.qcow2 (256K) converts to 1024.img (1TB) 
2048.qcow2 (256K) converts to 2048.img (2TB) 
4096.qvow2 (256K) converts to 4096.img (4TB) 
8192.qcow2 (256K) converts to 8192.img (8TB) 



The second problem is that these disks are scsi and ti does not seem to work 
using the virtio-scsi selection. I tried selecting the IDE option, but there is 
a limit to the number of IDE disks that I can use. 




Can you provide more details about "does not seem to work"? 





Virtualbox has no issues running the appliance that was distributed in the ova 
format. Any help would be appreciated 




ovirt-3.6 beta supports import from ova format; maybe you like to try it? 

Nir 






___ 
Users mailing list 
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users 






___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Problem migration VM

[Luca Bertoncello]

Hi list!

Sorry fort the previous E-Mail... problem on my Outlook... :(
Here again...

After a "war-week" I finally got a systemd-script  to put the host in
"maintenance" when a shutdown will started.
Now the problem is, that the automatically migration of the VM does NOT
work...

I see in the Web console the host will "Preparing for maintenance" and the
VM will start the migration, then the host is in "maintenance" and a couple of
seconds later the VM will be killed on the other host...

In the Log of the engine I see:

2015-09-23 11:14:17,165 ERROR 
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] 
(org.ovirt.thread.pool-8-thread-30) [683624fe] Correlation ID: 52938d4d, Job 
ID: c0efe5b9-0bc3-4c81-9ee7-63ddf90a6afc, Call Stack: null, Custom Event ID: 
-1, Message: Mig
ration failed  while Host is in 'preparing for maintenance' state.
  Consider manual intervention: stopping/migrating Vms as Host's state will not
  turn to maintenance while VMs are still running on it.(VM: TestVM, Source: 
vmhost06, Destination: vmhost03).
2015-09-23 11:14:17,165 INFO  
[org.ovirt.engine.core.bll.InternalMigrateVmCommand] 
(org.ovirt.thread.pool-8-thread-30) [683624fe] Lock freed to object EngineLock 
[exclusiveLocks= key: aabf6e76-8387-4441-a328-6a7dc32e2b4d value: VM
, sharedLocks= ]

(see http://pastebin.com/3Ca8W3vE)
On the host I see these two errors:

libvirtEventLoop::ERROR::2015-09-23 
11:14:14,690::task::866::Storage.TaskManager.Task::(_setError) 
Task=`2670e82a-c9c7-4da6-b6f6-cff7bce25da1`::Unexpected error
Traceback (most recent call last):
  File "/usr/share/vdsm/storage/task.py", line 873, in _run
return fn(*args, **kargs)
  File "/usr/share/vdsm/logUtils.py", line 45, in wrapper
res = f(*args, **kwargs)
  File "/usr/share/vdsm/storage/hsm.py", line 3209, in inappropriateDevices
fails = supervdsm.getProxy().rmAppropriateRules(thiefId)
  File "/usr/share/vdsm/supervdsm.py", line 50, in __call__
return callMethod()
  File "/usr/share/vdsm/supervdsm.py", line 48, in 
**kwargs)
  File "", line 2, in rmAppropriateRules
  File "/usr/lib64/python2.7/multiprocessing/managers.py", line 755, in 
_callmethod
self._connect()
  File "/usr/lib64/python2.7/multiprocessing/managers.py", line 742, in _connect
conn = self._Client(self._token.address, authkey=self._authkey)
  File "/usr/lib64/python2.7/multiprocessing/connection.py", line 173, in Client
c = SocketClient(address)
  File "/usr/lib64/python2.7/multiprocessing/connection.py", line 308, in 
SocketClient
s.connect(address)
  File "/usr/lib64/python2.7/socket.py", line 224, in meth
return getattr(self._sock,name)(*args)
error: [Errno 2] No such file or directory

libvirtEventLoop::ERROR::2015-09-23 
11:14:14,696::dispatcher::79::Storage.Dispatcher::(wrapper) [Errno 2] No such 
file or directory
Traceback (most recent call last):
  File "/usr/share/vdsm/storage/dispatcher.py", line 71, in wrapper
result = ctask.prepare(func, *args, **kwargs)
  File "/usr/share/vdsm/storage/task.py", line 103, in wrapper
return m(self, *a, **kw)
  File "/usr/share/vdsm/storage/task.py", line 1179, in prepare
raise self.error
error: [Errno 2] No such file or directory
libvirtEventLoop::DEBUG::2015-09-23 
11:14:14,697::vm::2799::vm.Vm::(setDownStatus) 
vmId=`aabf6e76-8387-4441-a328-6a7dc32e2b4d`::Changed state to Down: User shut 
down from within the guest (code=7)
libvirtEventLoop::DEBUG::2015-09-23 11:14:14,698::sampling::425::vm.Vm::(stop) 
vmId=`aabf6e76-8387-4441-a328-6a7dc32e2b4d`::Stop statistics collection
Thread-891::ERROR::2015-09-23 11:14:14,704::migration::161::vm.Vm::(_recover) 
vmId=`aabf6e76-8387-4441-a328-6a7dc32e2b4d`::'NoneType' object has no attribute 
'XMLDesc'
Thread-891::WARNING::2015-09-23 
11:14:14,712::vm::1966::vm.Vm::(_set_lastStatus) 
vmId=`aabf6e76-8387-4441-a328-6a7dc32e2b4d`::trying to set state to Up when 
already Down
Thread-891::ERROR::2015-09-23 11:14:14,712::migration::260::vm.Vm::(run) 
vmId=`aabf6e76-8387-4441-a328-6a7dc32e2b4d`::Failed to migrate
Traceback (most recent call last):
  File "/usr/share/vdsm/virt/migration.py", line 231, in run
self._setupRemoteMachineParams()
  File "/usr/share/vdsm/virt/migration.py", line 132, in 
_setupRemoteMachineParams
self._machineParams['_srcDomXML'] = self._vm._dom.XMLDesc(0)
AttributeError: 'NoneType' object has no attribute 'XMLDesc'

Can someone help me finding the problem?

Thanks

Mit freundlichen Grüßen

Luca Bertoncello

-- 
Besuchen Sie unsere Webauftritte:

www.queo.bizAgentur für Markenführung und Kommunikation
www.queoflow.comIT-Consulting und Individualsoftwareentwicklung

Luca Bertoncello
Administrator
Telefon:+49 351 21 30 38 0
Fax:+49 351 21 30 38 99
E-Mail: l.bertonce...@queo-group.com

queo GmbH
Tharandter Str. 13
01159 Dresden
Sitz der Gesellschaft: Dresden
Handelsregistereintrag: Amtsgericht Dresden HRB 22352
Geschäftsführer: Rüdiger Henke, André Pinkert
USt-IdNr.: DE23422

[ovirt-users] Problem migration VM

[Luca Bertoncello]

Hi list!

After a "war-week" I finally got a systemd-script  to put the host in 
"maintenance" when a shutdown will started.
Now the problem is, that the automatically migration of the VM does NOT work...

I see in the Web console the host will "Preparing for maintenance" and the VM 
will start the migration, then the host is in "maintenance" and a couple of 
seconds later the VM will be killed on the other host...

In the Log of the engine I see 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] FreeIPA

[suporte]

Is there anything to do on the IPA side? Or is just add users? 
On the oVirt Engine, Users Tab, when click on add I can see profile1 
(profile1-aurhz) but the GO button is still in gray. 
I think something is wrong with the autehtication on the IPA server. 

Here is the engine log : 

2015-09-23 09:37:57,927 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 
1-2) Extension 'builtin-authn-internal' initialized 
2015-09-23 09:37:57,927 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 
1-2) Initializing extension 'internal' 
2015-09-23 09:37:57,928 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 
1-2) Extension 'internal' initialized 
2015-09-23 09:37:57,928 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 
1-2) Start of enabled extensions list 
2015-09-23 09:37:57,928 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 
1-2) Instance name: 'profile1-authn', Extension name: 
'ovirt-engine-extension-aaa-ldap.authn', Version: '1.0.2', Notes: 'Display 
name: ovirt-engine-extension-aaa-ldap-1.0.2-1.el7', License: 'ASL 2.0', Home: 
'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: 
'0', File: '/etc/ovirt-engine/extensions.d/profile1-authn.properties', 
Initialized: 'true' 
2015-09-23 09:37:57,929 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 
1-2) Instance name: 'profile1-authz', Extension name: 
'ovirt-engine-extension-aaa-ldap.authz', Version: '1.0.2', Notes: 'Display 
name: ovirt-engine-extension-aaa-ldap-1.0.2-1.el7', License: 'ASL 2.0', Home: 
'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: 
'0', File: '/etc/ovirt-engine/extensions.d/profile1-authz.properties', 
Initialized: 'true' 
2015-09-23 09:37:57,929 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 
1-2) Instance name: 'builtin-authn-internal', Extension name: 'Internal Authn 
(Built-in)', Version: 'N/A', Notes: '', License: 'ASL 2.0', Home: 
'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: 
'0', File: 'N/A', Initialized: 'true' 
2015-09-23 09:37:57,930 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 
1-2) Instance name: 'internal', Extension name: 'Internal Authz (Built-in)', 
Version: 'N/A', Notes: '', License: 'ASL 2.0', Home: 'http://www.ovirt.org', 
Author 'The oVirt Project', Build interface Version: '0', File: 'N/A', 
Initialized: 'true' 
2015-09-23 09:37:57,930 INFO 
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 
1-2) End of enabled extensions list 
2015-09-23 09:37:58,103 INFO [org.ovirt.engine.core.bll.tasks.AsyncTaskManager] 
(MSC service thread 1-1) Initialization of AsyncTaskManager completed 
successfully. 
2015-09-23 09:37:58,105 INFO [org.ovirt.engine.core.vdsbroker.ResourceManager] 
(MSC service thread 1-1) Start initializing ResourceManager 
2015-09-23 09:37:58,217 INFO [org.ovirt.engine.core.vdsbroker.VdsManager] (MSC 
service thread 1-1) Entered VdsManager constructor 
2015-09-23 09:37:58,268 INFO [org.ovirt.engine.core.vdsbroker.VdsManager] (MSC 
service thread 1-1) Initialize vdsBroker (192.168.6.201,54,321) 
2015-09-23 09:37:58,402 INFO [org.ovirt.engine.core.vdsbroker.ResourceManager] 
(MSC service thread 1-1) VDS 0ffde0bc-c610-43ee-8ded-e8d2beb7e0f6 was added to 
the Resource Manager 
2015-09-23 09:37:58,429 INFO [org.ovirt.engine.core.vdsbroker.ResourceManager] 
(MSC service thread 1-1) Finished initializing ResourceManager 
2015-09-23 09:37:58,430 INFO [org.ovirt.engine.core.bll.OvfDataUpdater] (MSC 
service thread 1-1) Initialization of OvfDataUpdater completed successfully. 
2015-09-23 09:37:58,431 INFO 
[org.ovirt.engine.core.bll.scheduling.SchedulingManager] (MSC service thread 
1-1) Start scheduling to enable vds load balancer 
2015-09-23 09:37:58,432 INFO 
[org.ovirt.engine.core.bll.scheduling.SchedulingManager] (MSC service thread 
1-1) Finished scheduling to enable vds load balancer 
2015-09-23 09:37:58,432 INFO 
[org.ovirt.engine.core.bll.scheduling.SchedulingManager] (MSC service thread 
1-1) Start HA Reservation check 
2015-09-23 09:37:58,434 INFO 
[org.ovirt.engine.core.bll.scheduling.SchedulingManager] (MSC service thread 
1-1) Finished HA Reservation check 
2015-09-23 09:37:58,440 INFO 
[org.ovirt.engine.core.bll.network.MacPoolManagerRanges] 
(org.ovirt.thread.pool-8-thread-1) Start initializing MacPoolManagerRanges 
2015-09-23 09:37:58,444 INFO 
[org.ovirt.engine.core.bll.InitBackendServicesOnStartupBean] (MSC service 
thread 1-1) Init VM custom properties utilities 
2015-09-23 09:37:58,444 INFO 
[org.ovirt.engine.core.bll.InitBackendServicesOnStartupBean] (MSC service 
thread 1-1) Init device custom properties utilities 
2015-09-23 09:37:58,453 INFO 
[org.ovirt.engine.core.bll.scheduling.SchedulingManager] (MSC service thread 
1

Re: [ovirt-users] vmware import hangs after click load button on 3.5 rc5

[Ian Fraser]

Hi Nir,

I have created  a BZ (https://bugzilla.redhat.com/show_bug.cgi?id=1265556) for 
this and attached the vdsm.log.

Let me know if I should do anything else.

Thanks

Ian

From: Ian Fraser
Sent: 22 September 2015 07:09
To: 'Nir Soffer' 
Cc: users@ovirt.org
Subject: RE: [ovirt-users] vmware import hangs after click load button on 3.5 
rc5

Thanks Nir,

File attached.

From: Nir Soffer [mailto:nsof...@redhat.com]
Sent: 21 September 2015 23:16
To: Ian Fraser 
Cc: users@ovirt.org
Subject: Re: [ovirt-users] vmware import hangs after click load button on 3.5 
rc5

On Tue, Sep 22, 2015 at 12:14 AM, Ian Fraser  wrote:
I did get a “VDSM  command failed: local variable 'capacity' 
referenced before assignment” error in the events I have just noticed, does 
that shed any more light?

This shed some light. Can you share the vdsm.log containing this error?

Look in /var/log/vdsm/vdsm.log*

__
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
__



The information in this message and any attachment is intended for the 
addressee and is confidential. If you are not that addressee, no action should 
be taken in reliance on the information and you should please reply to this 
message immediately to inform us of incorrect receipt and destroy this message 
and any attachments.

For the purposes of internet level email security incoming and outgoing emails 
may be read by personnel other than the named recipient or sender.

Whilst all reasonable efforts are made, ASM (UK) Ltd cannot guarantee that 
emails and attachments are virus free or compatible with your systems. You 
should make your own checks and ASM (UK) Ltd does not accept liability in 
respect of viruses or computer problems experienced.
Registered address: Agency Sector Management (UK) Ltd. Ashford House, 41-45 
Church Road, Ashford, Middlesex, TW15 2TQ
Registered in England No.2053849

__
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
__
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] LDAP Authentication

[Budur Nagaraju]

When I give "superuser" permission  then able to login and its taking too
long time to login.
Pls suggest any thing needs to be dome ?

On Wed, Sep 23, 2015 at 1:07 PM, Ondra Machacek  wrote:

> Should work well, strange.
> The 'warn' message you sent was unsuccessfull login to webadmin as I can
> see 'LoginAdminUserCommand', in UserPortal it's 'LoginUserCommand'.
> Please try to assign UserRole to some vm to another user in domain if it
> will work properly, if not please open bz.
>
>
> On 09/23/2015 09:29 AM, Budur Nagaraju wrote:
>
> yeah  facing issues while logging to the user portal.
>
> On Wed, Sep 23, 2015 at 12:54 PM, Ondra Machacek 
> wrote:
>
>> With UserRole you can only login to UserPortal, not webadmin. Do you have
>> this issue when you try to login to UserPortal?
>>
>>
>> On 09/23/2015 09:22 AM, Budur Nagaraju wrote:
>>
>> Provided the "user role" permissions  still same issue
>>
>> On Wed, Sep 23, 2015 at 12:48 PM, Ondra Machacek < 
>> omach...@redhat.com> wrote:
>>
>>> Hi,
>>>
>>> your user nbud...@abc.net doesn't have appropriate permissions to login.
>>> First you need to login as 'admin@internal' and assign him some
>>> permissions, then you will be able to login.
>>>
>>> Ondra
>>>
>>>
>>> On 09/23/2015 09:15 AM, Budur Nagaraju wrote:
>>>
>>> HI All,
>>>
>>> After rectifying this  able to search the domain in the users in UI,
>>> but unable to login getting the below error ,
>>>
>>>
>>> 2015-09-23 12:41:47,482 WARN
>>> [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand]
>>> (ajp--127.0.0.1-8702-3) CanDoAction of action LoginAdminUser failed for
>>> user nbud...@abc.net. Reasons:
>>> USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
>>>
>>> Thanks,
>>> Nagaraju
>>>
>>>
>>>
>>>
>>>
>>> On Wed, Sep 23, 2015 at 12:13 PM, Ondra Machacek < 
>>> omach...@redhat.com> wrote:
>>>
 Hi,

 as Alon already said, you have trailing space in your configuration

 'my.abc.net ' <-- space at the end

 Please remove this space and try again.

 Ondra


 On 09/23/2015 05:35 AM, Budur Nagaraju wrote:

 HI Alon,

 Tried all the options but no luck ,

 I have copied the logs in the pastebin  below is the link , warning
 message is that unable to resolve the DNS ,let me know any help would I get
 .

 http://pastebin.com/7qN9QnHK

 Thanks,
 Nagaraju


 On Tue, Sep 22, 2015 at 8:44 PM, Daniel Helgenberger <
 daniel.helgenber...@m-box.de> wrote:

> Hello Budur,
>
> I've done this recently. Alon, no offense, but the docs are not quite
> strait forward...
>
> Requirements:
>  - LDAP server (obviously) - called here ldap.mydomain.com
>  - LDAP bind account - called here 
> l...@mydomain.com, password 'Passw@rd'
>  - At least one existing account in ladp, called 
> u...@mydomain.com
>
> Please note, the most common issue will be DNS.
>
> I'll describe in short what steps need to be taken. All this needs to
> be done on your engine host. In the end this was quite easy :)
>
> 1. Install the packages: ovirt-engine-extension-aaa-ldap and
> openldap-clients (these are only for testing your setup)
> 2. Test if ldap is working in general. (The extension uses the global
> catalog at least for AD, this was news to me):
>   # ldapsearch -E pr=1024/noprompt -o ldif-wrap=no -H ldap://
> ldap.mydomain.com:3268/ -x \
>   -D ' l...@mydomain.com' -w Passw@rd -b ''
> '(userPrincipalName=u...@mydomian.com)' cn userPrincipalName
>
>   If this command does not return details of the user, do debug your
> ldap and continue once this works. Example:
>
> # extended LDIF
> #
> # LDAPv3
> # base <> with scope subtree
> # filter: (userPrincipalName= u...@mydomain.com)
> # requesting: cn userPrincipalName
> # with pagedResults control: size=1024
> #
>
> # Some Name, some-ou, mydomain.com
> dn: CN=Some Name,OU=some-ou,DC=mydomain,DC=com
> cn: Some Name
> userPrincipalName: u...@mydomain.com
>
> # search result
> search: 2
> result: 0 Success
> control: 1.2.840.113556.1.4.319 false MIQXGSGSGSgEABAA=
> pagedresults: cookie=
>
> # numResponses: 2
> # numEntries: 1
>
>
> 3. Copy the examples as mentioned from the readme.
> 4. You only need to modify
> /etc/ovirt-engine/aaa/int.m-box.de.properties; leave the rest as is.
> 5. There, set:
>
>   vars.domain = ldap.mydomain.com
>   vars.user = ldap@${global:vars.domain}
>   vars.password = Passw@rd
>
> 6. Restart ovirt engine service
> 7. Log in as admin@einternal and add user rights and roles from the
> new provider
>
> Hope this helps.
>
> On 22.09.2015 16 <22.09.2015%2016>:46, Budur Nagaraju wrote:
> >
> > below are the three files which I have modified.
> >
> >
> > [root

Re: [ovirt-users] LDAP Authentication

[Ondra Machacek]

Should work well, strange.
The 'warn' message you sent was unsuccessfull login to webadmin as I can 
see 'LoginAdminUserCommand', in UserPortal it's 'LoginUserCommand'.
Please try to assign UserRole to some vm to another user in domain if it 
will work properly, if not please open bz.


On 09/23/2015 09:29 AM, Budur Nagaraju wrote:

yeah  facing issues while logging to the user portal.

On Wed, Sep 23, 2015 at 12:54 PM, Ondra Machacek > wrote:


With UserRole you can only login to UserPortal, not webadmin. Do
you have this issue when you try to login to UserPortal?


On 09/23/2015 09:22 AM, Budur Nagaraju wrote:

Provided the "user role" permissions still same issue

On Wed, Sep 23, 2015 at 12:48 PM, Ondra Machacek
mailto:omach...@redhat.com>> wrote:

Hi,

your user nbud...@abc.net  doesn't
have appropriate permissions to login.
First you need to login as 'admin@internal' and assign him
some permissions, then you will be able to login.

Ondra


On 09/23/2015 09:15 AM, Budur Nagaraju wrote:

HI All,

After rectifying this  able to search the domain in the
users in UI,
but unable to login getting the below error ,


2015-09-23 12:41:47,482 WARN
[org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand]
(ajp--127.0.0.1-8702-3) CanDoAction of action LoginAdminUser
failed for user nbud...@abc.net .
Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION

Thanks,
Nagaraju





On Wed, Sep 23, 2015 at 12:13 PM, Ondra Machacek
mailto:omach...@redhat.com>> wrote:

Hi,

as Alon already said, you have trailing space in your
configuration

'my.abc.net  ' <-- space at the end

Please remove this space and try again.

Ondra


On 09/23/2015 05:35 AM, Budur Nagaraju wrote:

HI Alon,

Tried all the options but no luck ,

I have copied the logs in the pastebin  below is the
link , warning message is that unable to resolve the
DNS ,let me know any help would I get .

http://pastebin.com/7qN9QnHK

Thanks,
Nagaraju


On Tue, Sep 22, 2015 at 8:44 PM, Daniel Helgenberger
mailto:daniel.helgenber...@m-box.de>> wrote:

Hello Budur,

I've done this recently. Alon, no offense, but the
docs are not quite strait forward...

Requirements:
 - LDAP server (obviously) - called here
ldap.mydomain.com 
 - LDAP bind account - called here
l...@mydomain.com ,
password 'Passw@rd'
 - At least one existing account in ladp, called
u...@mydomain.com 

Please note, the most common issue will be DNS.

I'll describe in short what steps need to be taken.
All this needs to be done on your engine host. In
the end this was quite easy :)

1. Install the packages:
ovirt-engine-extension-aaa-ldap and
openldap-clients (these are only for testing your
setup)
2. Test if ldap is working in general. (The
extension uses the global catalog at least for AD,
this was news to me):
  # ldapsearch -E pr=1024/noprompt -o ldif-wrap=no
-H ldap://ldap.mydomain.com:3268/
 -x \
  -D 'l...@mydomain.com
' -w Passw@rd -b ''
'(userPrincipalName=u...@mydomian.com
)' cn userPrincipalName

  If this command does not return details of the
user, do debug your ldap and continue once this
works. Example:

# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (userPrincipalName=u...@mydomain.com
)
# requesting: cn userPrincipalName
# with pagedResults control: size=1024
#

# Some Name, some-ou, mydomain.com

dn: CN=Some Name,OU=some-ou,DC=mydomain,DC=com
cn: Some Name
userPrincipalName: u...@mydomain.com


# search result
search: 2
result: 0 Success
control: 1.2.840.113556.1.4.319 

Re: [ovirt-users] LDAP Authentication

[Budur Nagaraju]

yeah  facing issues while logging to the user portal.

On Wed, Sep 23, 2015 at 12:54 PM, Ondra Machacek 
wrote:

> With UserRole you can only login to UserPortal, not webadmin. Do you have
> this issue when you try to login to UserPortal?
>
>
> On 09/23/2015 09:22 AM, Budur Nagaraju wrote:
>
> Provided the "user role" permissions  still same issue
>
> On Wed, Sep 23, 2015 at 12:48 PM, Ondra Machacek 
> wrote:
>
>> Hi,
>>
>> your user nbud...@abc.net doesn't have appropriate permissions to login.
>> First you need to login as 'admin@internal' and assign him some
>> permissions, then you will be able to login.
>>
>> Ondra
>>
>>
>> On 09/23/2015 09:15 AM, Budur Nagaraju wrote:
>>
>> HI All,
>>
>> After rectifying this  able to search the domain in the users in UI,
>> but unable to login getting the below error ,
>>
>>
>> 2015-09-23 12:41:47,482 WARN
>> [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand]
>> (ajp--127.0.0.1-8702-3) CanDoAction of action LoginAdminUser failed for
>> user nbud...@abc.net. Reasons:
>> USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
>>
>> Thanks,
>> Nagaraju
>>
>>
>>
>>
>>
>> On Wed, Sep 23, 2015 at 12:13 PM, Ondra Machacek < 
>> omach...@redhat.com> wrote:
>>
>>> Hi,
>>>
>>> as Alon already said, you have trailing space in your configuration
>>>
>>> 'my.abc.net ' <-- space at the end
>>>
>>> Please remove this space and try again.
>>>
>>> Ondra
>>>
>>>
>>> On 09/23/2015 05:35 AM, Budur Nagaraju wrote:
>>>
>>> HI Alon,
>>>
>>> Tried all the options but no luck ,
>>>
>>> I have copied the logs in the pastebin  below is the link , warning
>>> message is that unable to resolve the DNS ,let me know any help would I get
>>> .
>>>
>>> http://pastebin.com/7qN9QnHK
>>>
>>> Thanks,
>>> Nagaraju
>>>
>>>
>>> On Tue, Sep 22, 2015 at 8:44 PM, Daniel Helgenberger <
>>> daniel.helgenber...@m-box.de> wrote:
>>>
 Hello Budur,

 I've done this recently. Alon, no offense, but the docs are not quite
 strait forward...

 Requirements:
  - LDAP server (obviously) - called here ldap.mydomain.com
  - LDAP bind account - called here l...@mydomain.com, password
 'Passw@rd'
  - At least one existing account in ladp, called 
 u...@mydomain.com

 Please note, the most common issue will be DNS.

 I'll describe in short what steps need to be taken. All this needs to
 be done on your engine host. In the end this was quite easy :)

 1. Install the packages: ovirt-engine-extension-aaa-ldap and
 openldap-clients (these are only for testing your setup)
 2. Test if ldap is working in general. (The extension uses the global
 catalog at least for AD, this was news to me):
   # ldapsearch -E pr=1024/noprompt -o ldif-wrap=no -H ldap://
 ldap.mydomain.com:3268/ -x \
   -D ' l...@mydomain.com' -w Passw@rd -b ''
 '(userPrincipalName= u...@mydomian.com)' cn
 userPrincipalName

   If this command does not return details of the user, do debug your
 ldap and continue once this works. Example:

 # extended LDIF
 #
 # LDAPv3
 # base <> with scope subtree
 # filter: (userPrincipalName= u...@mydomain.com)
 # requesting: cn userPrincipalName
 # with pagedResults control: size=1024
 #

 # Some Name, some-ou, mydomain.com
 dn: CN=Some Name,OU=some-ou,DC=mydomain,DC=com
 cn: Some Name
 userPrincipalName: u...@mydomain.com

 # search result
 search: 2
 result: 0 Success
 control: 1.2.840.113556.1.4.319 false MIQXGSGSGSgEABAA=
 pagedresults: cookie=

 # numResponses: 2
 # numEntries: 1


 3. Copy the examples as mentioned from the readme.
 4. You only need to modify
 /etc/ovirt-engine/aaa/int.m-box.de.properties; leave the rest as is.
 5. There, set:

   vars.domain = ldap.mydomain.com
   vars.user = ldap@${global:vars.domain}
   vars.password = Passw@rd

 6. Restart ovirt engine service
 7. Log in as admin@einternal and add user rights and roles from the
 new provider

 Hope this helps.

 On 22.09.2015 16 <22.09.2015%2016>:46, Budur Nagaraju wrote:
 >
 > below are the three files which I have modified.
 >
 >
 > [root@cstlb2 extensions.d]# cat profile1-authn.properties
 > ovirt.engine.extension.name  =
 cloudspin-authn
 > ovirt.engine.extension.bindings.method = jbossmodule
 > ovirt.engine.extension.binding.jbossmodule.module =
 > org.ovirt.engine-extensions.aaa.ldap
 > ovirt.engine.extension.binding.jbossmodule.class =
 > org.ovirt.engineextensions.aaa.ldap.AuthnExtension
 > ovirt.engine.extension.provides =
 org.ovirt.engine.api.extensions.aaa.Authn
 > ovirt.engine.aaa.authn.profile.name <
 http://ovirt.engine.aaa.authn.profile.name>
 > = cloudspin
 > ovirt.engine.aaa.authn.authz.plugin = cloudspin-auth
 > config.profile.file.1 = /etc/ovirt-engine/aaa/ldap

Re: [ovirt-users] LDAP Authentication

[Ondra Machacek]

With UserRole you can only login to UserPortal, not webadmin. Do you 
have this issue when you try to login to UserPortal?


On 09/23/2015 09:22 AM, Budur Nagaraju wrote:

Provided the "user role" permissions  still same issue

On Wed, Sep 23, 2015 at 12:48 PM, Ondra Machacek > wrote:


Hi,

your user nbud...@abc.net  doesn't have
appropriate permissions to login.
First you need to login as 'admin@internal' and assign him some
permissions, then you will be able to login.

Ondra


On 09/23/2015 09:15 AM, Budur Nagaraju wrote:

HI All,

After rectifying this  able to search the domain in the users in UI,
but unable to login getting the below error ,


2015-09-23 12:41:47,482 WARN
[org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand]
(ajp--127.0.0.1-8702-3) CanDoAction of action LoginAdminUser
failed for user nbud...@abc.net .
Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION

Thanks,
Nagaraju





On Wed, Sep 23, 2015 at 12:13 PM, Ondra Machacek
mailto:omach...@redhat.com>> wrote:

Hi,

as Alon already said, you have trailing space in your
configuration

'my.abc.net  ' <-- space at the end

Please remove this space and try again.

Ondra


On 09/23/2015 05:35 AM, Budur Nagaraju wrote:

HI Alon,

Tried all the options but no luck ,

I have copied the logs in the pastebin  below is the link ,
warning message is that unable to resolve the DNS ,let me
know any help would I get .

http://pastebin.com/7qN9QnHK

Thanks,
Nagaraju


On Tue, Sep 22, 2015 at 8:44 PM, Daniel Helgenberger
mailto:daniel.helgenber...@m-box.de>> wrote:

Hello Budur,

I've done this recently. Alon, no offense, but the docs
are not quite strait forward...

Requirements:
 - LDAP server (obviously) - called here
ldap.mydomain.com 
 - LDAP bind account - called here l...@mydomain.com
, password 'Passw@rd'
 - At least one existing account in ladp, called
u...@mydomain.com 

Please note, the most common issue will be DNS.

I'll describe in short what steps need to be taken. All
this needs to be done on your engine host. In the end
this was quite easy :)

1. Install the packages: ovirt-engine-extension-aaa-ldap
and openldap-clients (these are only for testing your setup)
2. Test if ldap is working in general. (The extension
uses the global catalog at least for AD, this was news
to me):
  # ldapsearch -E pr=1024/noprompt -o ldif-wrap=no -H
ldap://ldap.mydomain.com:3268/
 -x \
  -D 'l...@mydomain.com '
-w Passw@rd -b '' '(userPrincipalName=u...@mydomian.com
)' cn userPrincipalName

  If this command does not return details of the user,
do debug your ldap and continue once this works. Example:

# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (userPrincipalName=u...@mydomain.com
)
# requesting: cn userPrincipalName
# with pagedResults control: size=1024
#

# Some Name, some-ou, mydomain.com 
dn: CN=Some Name,OU=some-ou,DC=mydomain,DC=com
cn: Some Name
userPrincipalName: u...@mydomain.com


# search result
search: 2
result: 0 Success
control: 1.2.840.113556.1.4.319 false MIQXGSGSGSgEABAA=
pagedresults: cookie=

# numResponses: 2
# numEntries: 1


3. Copy the examples as mentioned from the readme.
4. You only need to modify
/etc/ovirt-engine/aaa/int.m-box.de.properties; leave the
rest as is.
5. There, set:

  vars.domain = ldap.mydomain.com 
  vars.user = ldap@${global:vars.domain}
  vars.password = Passw@rd

6. Restart ovirt engine service
7. Log in as admin@einternal and add user rights and
roles from the new provider

Hope this helps.

On 22.09.2015 16 :46, Budur
Nagaraju wrote:
>
> below are the three files which I have modified.
>
>
> [root@cstlb2 extensions.d]# cat profile1-authn.prope

Re: [ovirt-users] LDAP Authentication

[Budur Nagaraju]

Provided the "user role" permissions  still same issue

On Wed, Sep 23, 2015 at 12:48 PM, Ondra Machacek 
wrote:

> Hi,
>
> your user nbud...@abc.net doesn't have appropriate permissions to login.
> First you need to login as 'admin@internal' and assign him some
> permissions, then you will be able to login.
>
> Ondra
>
>
> On 09/23/2015 09:15 AM, Budur Nagaraju wrote:
>
> HI All,
>
> After rectifying this  able to search the domain in the users in UI,
> but unable to login getting the below error ,
>
>
> 2015-09-23 12:41:47,482 WARN
> [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand]
> (ajp--127.0.0.1-8702-3) CanDoAction of action LoginAdminUser failed for
> user nbud...@abc.net. Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
>
> Thanks,
> Nagaraju
>
>
>
>
>
> On Wed, Sep 23, 2015 at 12:13 PM, Ondra Machacek 
> wrote:
>
>> Hi,
>>
>> as Alon already said, you have trailing space in your configuration
>>
>> 'my.abc.net ' <-- space at the end
>>
>> Please remove this space and try again.
>>
>> Ondra
>>
>>
>> On 09/23/2015 05:35 AM, Budur Nagaraju wrote:
>>
>> HI Alon,
>>
>> Tried all the options but no luck ,
>>
>> I have copied the logs in the pastebin  below is the link , warning
>> message is that unable to resolve the DNS ,let me know any help would I get
>> .
>>
>> http://pastebin.com/7qN9QnHK
>>
>> Thanks,
>> Nagaraju
>>
>>
>> On Tue, Sep 22, 2015 at 8:44 PM, Daniel Helgenberger <
>> daniel.helgenber...@m-box.de> wrote:
>>
>>> Hello Budur,
>>>
>>> I've done this recently. Alon, no offense, but the docs are not quite
>>> strait forward...
>>>
>>> Requirements:
>>>  - LDAP server (obviously) - called here ldap.mydomain.com
>>>  - LDAP bind account - called here l...@mydomain.com,
>>> password 'Passw@rd'
>>>  - At least one existing account in ladp, called u...@mydomain.com
>>>
>>> Please note, the most common issue will be DNS.
>>>
>>> I'll describe in short what steps need to be taken. All this needs to be
>>> done on your engine host. In the end this was quite easy :)
>>>
>>> 1. Install the packages: ovirt-engine-extension-aaa-ldap and
>>> openldap-clients (these are only for testing your setup)
>>> 2. Test if ldap is working in general. (The extension uses the global
>>> catalog at least for AD, this was news to me):
>>>   # ldapsearch -E pr=1024/noprompt -o ldif-wrap=no -H ldap://
>>> ldap.mydomain.com:3268/ -x \
>>>   -D 'l...@mydomain.com' -w Passw@rd -b ''  '(userPrincipalName=
>>> u...@mydomian.com)' cn userPrincipalName
>>>
>>>   If this command does not return details of the user, do debug your
>>> ldap and continue once this works. Example:
>>>
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <> with scope subtree
>>> # filter: (userPrincipalName= u...@mydomain.com)
>>> # requesting: cn userPrincipalName
>>> # with pagedResults control: size=1024
>>> #
>>>
>>> # Some Name, some-ou, mydomain.com
>>> dn: CN=Some Name,OU=some-ou,DC=mydomain,DC=com
>>> cn: Some Name
>>> userPrincipalName: u...@mydomain.com
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>> control: 1.2.840.113556.1.4.319 false MIQXGSGSGSgEABAA=
>>> pagedresults: cookie=
>>>
>>> # numResponses: 2
>>> # numEntries: 1
>>>
>>>
>>> 3. Copy the examples as mentioned from the readme.
>>> 4. You only need to modify
>>> /etc/ovirt-engine/aaa/int.m-box.de.properties; leave the rest as is.
>>> 5. There, set:
>>>
>>>   vars.domain = ldap.mydomain.com
>>>   vars.user = ldap@${global:vars.domain}
>>>   vars.password = Passw@rd
>>>
>>> 6. Restart ovirt engine service
>>> 7. Log in as admin@einternal and add user rights and roles from the new
>>> provider
>>>
>>> Hope this helps.
>>>
>>> On 22.09.2015 16 <22.09.2015%2016>:46, Budur Nagaraju wrote:
>>> >
>>> > below are the three files which I have modified.
>>> >
>>> >
>>> > [root@cstlb2 extensions.d]# cat profile1-authn.properties
>>> > ovirt.engine.extension.name  =
>>> cloudspin-authn
>>> > ovirt.engine.extension.bindings.method = jbossmodule
>>> > ovirt.engine.extension.binding.jbossmodule.module =
>>> > org.ovirt.engine-extensions.aaa.ldap
>>> > ovirt.engine.extension.binding.jbossmodule.class =
>>> > org.ovirt.engineextensions.aaa.ldap.AuthnExtension
>>> > ovirt.engine.extension.provides =
>>> org.ovirt.engine.api.extensions.aaa.Authn
>>> > ovirt.engine.aaa.authn.profile.name <
>>> http://ovirt.engine.aaa.authn.profile.name>
>>> > = cloudspin
>>> > ovirt.engine.aaa.authn.authz.plugin = cloudspin-auth
>>> > config.profile.file.1 = /etc/ovirt-engine/aaa/ldap1.properties
>>> >
>>> >
>>> > [root@cstlb2 extensions.d]# ls
>>> > profile1-authn.properties  profile1-authz.properties
>>> > [root@cstlb2 extensions.d]# cat profile1-authz.properties
>>> > ovirt.engine.extension.name  =
>>> cloudspin-authz
>>> > ovirt.engine.extension.bindings.method = jbossmodule
>>> > ovirt.engine.extension.binding.jbossmodule.module =
>>> > org.ovirt.engine-extensions.aaa.ldap
>>> > ovirt.engine.extension.binding.jbossmodule.

Re: [ovirt-users] LDAP Authentication

[Ondra Machacek]

Hi,

your user nbud...@abc.net doesn't have appropriate permissions to login.
First you need to login as 'admin@internal' and assign him some 
permissions, then you will be able to login.


Ondra

On 09/23/2015 09:15 AM, Budur Nagaraju wrote:

HI All,

After rectifying this  able to search the domain in the users in UI,
but unable to login getting the below error ,


2015-09-23 12:41:47,482 WARN 
[org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] 
(ajp--127.0.0.1-8702-3) CanDoAction of action LoginAdminUser failed 
for user nbud...@abc.net . Reasons: 
USER_NOT_AUTHORIZED_TO_PERFORM_ACTION


Thanks,
Nagaraju





On Wed, Sep 23, 2015 at 12:13 PM, Ondra Machacek > wrote:


Hi,

as Alon already said, you have trailing space in your configuration

'my.abc.net  ' <-- space at the end

Please remove this space and try again.

Ondra


On 09/23/2015 05:35 AM, Budur Nagaraju wrote:

HI Alon,

Tried all the options but no luck ,

I have copied the logs in the pastebin  below is the link ,
warning message is that unable to resolve the DNS ,let me know
any help would I get .

http://pastebin.com/7qN9QnHK

Thanks,
Nagaraju


On Tue, Sep 22, 2015 at 8:44 PM, Daniel Helgenberger
mailto:daniel.helgenber...@m-box.de>> wrote:

Hello Budur,

I've done this recently. Alon, no offense, but the docs are
not quite strait forward...

Requirements:
 - LDAP server (obviously) - called here ldap.mydomain.com

 - LDAP bind account - called here l...@mydomain.com
, password 'Passw@rd'
 - At least one existing account in ladp, called
u...@mydomain.com 

Please note, the most common issue will be DNS.

I'll describe in short what steps need to be taken. All this
needs to be done on your engine host. In the end this was
quite easy :)

1. Install the packages: ovirt-engine-extension-aaa-ldap and
openldap-clients (these are only for testing your setup)
2. Test if ldap is working in general. (The extension uses
the global catalog at least for AD, this was news to me):
  # ldapsearch -E pr=1024/noprompt -o ldif-wrap=no -H
ldap://ldap.mydomain.com:3268/
 -x \
  -D 'l...@mydomain.com ' -w
Passw@rd -b ''  '(userPrincipalName=u...@mydomian.com
)' cn userPrincipalName

  If this command does not return details of the user, do
debug your ldap and continue once this works. Example:

# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (userPrincipalName=u...@mydomain.com
)
# requesting: cn userPrincipalName
# with pagedResults control: size=1024
#

# Some Name, some-ou, mydomain.com 
dn: CN=Some Name,OU=some-ou,DC=mydomain,DC=com
cn: Some Name
userPrincipalName: u...@mydomain.com 

# search result
search: 2
result: 0 Success
control: 1.2.840.113556.1.4.319 false MIQXGSGSGSgEABAA=
pagedresults: cookie=

# numResponses: 2
# numEntries: 1


3. Copy the examples as mentioned from the readme.
4. You only need to modify
/etc/ovirt-engine/aaa/int.m-box.de.properties; leave the rest
as is.
5. There, set:

  vars.domain = ldap.mydomain.com 
  vars.user = ldap@${global:vars.domain}
  vars.password = Passw@rd

6. Restart ovirt engine service
7. Log in as admin@einternal and add user rights and roles
from the new provider

Hope this helps.

On 22.09.2015 16 :46, Budur Nagaraju wrote:
>
> below are the three files which I have modified.
>
>
> [root@cstlb2 extensions.d]# cat profile1-authn.properties
> ovirt.engine.extension.name

 = cloudspin-authn
> ovirt.engine.extension.bindings.method = jbossmodule
> ovirt.engine.extension.binding.jbossmodule.module =
> org.ovirt.engine-extensions.aaa.ldap
> ovirt.engine.extension.binding.jbossmodule.class =
> org.ovirt.engineextensions.aaa.ldap.AuthnExtension
> ovirt.engine.extension.provides =
org.ovirt.engine.api.extensions.aaa.Authn
> ovirt.engine.aaa.authn.profile.name


> = cloudspin
> ovirt.engine.aaa.authn.authz.plugin = cloudspin

Re: [ovirt-users] LDAP Authentication

[Budur Nagaraju]

HI All,

After rectifying this  able to search the domain in the users in UI,
but unable to login getting the below error ,


2015-09-23 12:41:47,482 WARN
[org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand]
(ajp--127.0.0.1-8702-3) CanDoAction of action LoginAdminUser failed for
user nbud...@abc.net. Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION

Thanks,
Nagaraju





On Wed, Sep 23, 2015 at 12:13 PM, Ondra Machacek 
wrote:

> Hi,
>
> as Alon already said, you have trailing space in your configuration
>
> 'my.abc.net ' <-- space at the end
>
> Please remove this space and try again.
>
> Ondra
>
>
> On 09/23/2015 05:35 AM, Budur Nagaraju wrote:
>
> HI Alon,
>
> Tried all the options but no luck ,
>
> I have copied the logs in the pastebin  below is the link , warning
> message is that unable to resolve the DNS ,let me know any help would I get
> .
>
> http://pastebin.com/7qN9QnHK
>
> Thanks,
> Nagaraju
>
>
> On Tue, Sep 22, 2015 at 8:44 PM, Daniel Helgenberger <
> daniel.helgenber...@m-box.de> wrote:
>
>> Hello Budur,
>>
>> I've done this recently. Alon, no offense, but the docs are not quite
>> strait forward...
>>
>> Requirements:
>>  - LDAP server (obviously) - called here ldap.mydomain.com
>>  - LDAP bind account - called here l...@mydomain.com,
>> password 'Passw@rd'
>>  - At least one existing account in ladp, called 
>> u...@mydomain.com
>>
>> Please note, the most common issue will be DNS.
>>
>> I'll describe in short what steps need to be taken. All this needs to be
>> done on your engine host. In the end this was quite easy :)
>>
>> 1. Install the packages: ovirt-engine-extension-aaa-ldap and
>> openldap-clients (these are only for testing your setup)
>> 2. Test if ldap is working in general. (The extension uses the global
>> catalog at least for AD, this was news to me):
>>   # ldapsearch -E pr=1024/noprompt -o ldif-wrap=no -H ldap://
>> ldap.mydomain.com:3268/ -x \
>>   -D 'l...@mydomain.com' -w Passw@rd -b ''  '(userPrincipalName=
>> u...@mydomian.com)' cn userPrincipalName
>>
>>   If this command does not return details of the user, do debug your ldap
>> and continue once this works. Example:
>>
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <> with scope subtree
>> # filter: (userPrincipalName=u...@mydomain.com)
>> # requesting: cn userPrincipalName
>> # with pagedResults control: size=1024
>> #
>>
>> # Some Name, some-ou, mydomain.com
>> dn: CN=Some Name,OU=some-ou,DC=mydomain,DC=com
>> cn: Some Name
>> userPrincipalName: u...@mydomain.com
>>
>> # search result
>> search: 2
>> result: 0 Success
>> control: 1.2.840.113556.1.4.319 false MIQXGSGSGSgEABAA=
>> pagedresults: cookie=
>>
>> # numResponses: 2
>> # numEntries: 1
>>
>>
>> 3. Copy the examples as mentioned from the readme.
>> 4. You only need to modify /etc/ovirt-engine/aaa/int.m-box.de.properties;
>> leave the rest as is.
>> 5. There, set:
>>
>>   vars.domain = ldap.mydomain.com
>>   vars.user = ldap@${global:vars.domain}
>>   vars.password = Passw@rd
>>
>> 6. Restart ovirt engine service
>> 7. Log in as admin@einternal and add user rights and roles from the new
>> provider
>>
>> Hope this helps.
>>
>> On 22.09.2015 16:46, Budur Nagaraju wrote:
>> >
>> > below are the three files which I have modified.
>> >
>> >
>> > [root@cstlb2 extensions.d]# cat profile1-authn.properties
>> > ovirt.engine.extension.name < 
>> http://ovirt.engine.extension.name> = cloudspin-authn
>> > ovirt.engine.extension.bindings.method = jbossmodule
>> > ovirt.engine.extension.binding.jbossmodule.module =
>> > org.ovirt.engine-extensions.aaa.ldap
>> > ovirt.engine.extension.binding.jbossmodule.class =
>> > org.ovirt.engineextensions.aaa.ldap.AuthnExtension
>> > ovirt.engine.extension.provides =
>> org.ovirt.engine.api.extensions.aaa.Authn
>> > ovirt.engine.aaa.authn.profile.name <
>> http://ovirt.engine.aaa.authn.profile.name>
>> > = cloudspin
>> > ovirt.engine.aaa.authn.authz.plugin = cloudspin-auth
>> > config.profile.file.1 = /etc/ovirt-engine/aaa/ldap1.properties
>> >
>> >
>> > [root@cstlb2 extensions.d]# ls
>> > profile1-authn.properties  profile1-authz.properties
>> > [root@cstlb2 extensions.d]# cat profile1-authz.properties
>> > ovirt.engine.extension.name < 
>> http://ovirt.engine.extension.name> = cloudspin-authz
>> > ovirt.engine.extension.bindings.method = jbossmodule
>> > ovirt.engine.extension.binding.jbossmodule.module =
>> > org.ovirt.engine-extensions.aaa.ldap
>> > ovirt.engine.extension.binding.jbossmodule.class =
>> > org.ovirt.engineextensions.aaa.ldap.AuthzExtension
>> > ovirt.engine.extension.provides =
>> org.ovirt.engine.api.extensions.aaa.Authz
>> > config.profile.file.1 = /etc/ovirt-engine/aaa/ldap1.properties
>> > [root@cstlb2 extensions.d]#
>> >
>> >
>> >
>> > [root@cstlb2 aaa]# pwd
>> > /etc/ovirt-engine/aaa
>> > [root@cstlb2 aaa]# ls
>> > ldap1.properties
>> > [root@cstlb2 aaa]# cat ldap1.properties
>> > #
>> > # Select one
>> > #
>> > include = 
>> > #includ