Re: [ovirt-users] LDAP-based domain not working after upgrade?

2016-08-12 Thread nicolas 

El 2016-08-12 20:38, Ondra Machacek escribió:

On 08/12/2016 05:53 PM, nico...@devels.es wrote:

El 2016-08-10 14:46, Nicolás escribió:

En 10/8/2016 2:29 p. m., Alexander Wels  escribió:


On Wednesday, August 10, 2016 9:02:16 AM EDT Alexander Wels wrote:



On Wednesday, August 10, 2016 9:10:25 AM EDT nico...@devels.es

wrote:



El 2016-08-10 08:58, Ondra Machacek escribió:



> On 08/10/2016 09:37 AM, Nicolás wrote:



>> Hi,



>>



>> We're running oVirt 4.0.1.1 [1], and we're trying to grant a

permission to



>> a



>> user on a VM. Thing is when we open the 'Permissions' subtab

on that



>> VM,



>> we click on Add, the LDAP backend shows up but any value

entered into



>> the search box returns nothing, even when I know the values

exist.



>>



>> This has been working on oVirt 3.x, we actually migrated to

4.x last



>> week and didn't notice this issue.



>>



>> Additionally, there's no combobox to choose the permission to

grant?



>



> There should be combo box to choose a role.







I've attached a screenshot, seems there's not.







Its highly likely the dropdown is there, but its scrolled below

the bottom



of the dialog and thus you can't see it. I thought I made sure all

the



dialogs were working, seems like I missed one. Let me check it out

and see



what is going on.











Okay I double checked, I went to the VMs main tab, selected a VM,
then went to



the permissions sub tab. Clicked add. The dialog that popped up
looks like the



one attached, which is what I was expecting. The one you attached
appears to



be missing some styling, which is likely what caused the Role to
Assign part



to be scrolled below the bottom of the page.







Can you complete clear your cache (not shift reload, but
settings->clear



cache). If that doesn't work can you tell us the version of the
patternfly rpm



installed on your engine?







Yes, I already did that, also opened the engine on different clients
and the behavior is the same, I believe this is not a client issue.
Patternfly package is patternfly1-1.3.0-1.el7.centos.noarch




Ok, this indeed seems like a graphics problem since I am seeing this
connecting to a machine through a VNC server and the Role combobox is
moved down out of the dialog.

However, the LDAP issue persists. When I choose the 'internal' domain, 
I
can search the 'admin' user successfully, however, if I set it to be 
the

LDAP domain, any search returns nothing.

Any hints or ideas how to debug this?


Can you please enable debug log[1] and send it here?

[1]
https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/master/README#L442



Thanks. I was now able to see why it is failing:

TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (default task-13) 
[] SearchRequest: Exception: LDAPSearchException(resultCode=11 (admin 
limit exceeded), numEntries=0, numReferences=0, errorMessage='admin 
limit exceeded')


Indeed, if I run that query using the ldapsearch command I can clearly 
see it is returning an "admin limit exceeded" error.


The applied filter is: 
(&(objectClass=posixAccount)(uid=*)(|(givenName=username)(sn=username)(displayName=username)(uid=username)))


Strange thing is this hasn't been an issue on oVirt 3.6.x and we've not 
changed our LDAP configuration. Has the filter been changed in 4.x by 
default?


If so, is there a way to override the filter to make it simpler? (In our 
case we'll always seek by username, so no need to search by givenName, 
sn or displayName).


Thanks.



Thanks.







Anyhow, I see there are lots of packages to update so I'll do so
within a few days and report results.







>> All this is done with the admin@internal user, so I guess

this is not



>> a



>> self-permission issue.



>>



>> Interesting thing is that I can successfully log-in to the

user portal



>> with a LDAP based user and manage all the VMs assigned to

them.



>>



>> Just to see if there's been any configuration change, we also

run the



>> ovirt-engine-extension-aaa-ldap-setup tool, the configuration

it



>> returns



>> is pretty similar to ours, and even the test commands (Login,

Search)



>> work successfully (I can see search returning user's data

like name,



>> surname, ...). We even applied this configuration to engine

to see if



>> it



>> makes a difference but the result is the same, the search

dialog



>> returns



>> nothing and neither I can see the permission to grant.



>>



>> Any hint about this?



>



> Maybe you hit similar issue to this one[1].



>



> Can you please share engine.log, while you hit search button?







I'm also attaching the log at the time I hit the search button,

but I'm



afraid there's no entry about that.







Thanks.







> [1] https [2]://bugzilla.redhat.com/show_bug.cgi?id=1356675

[2]



>



>> Thanks



>> ___



>> Users mailing list



>> Users@ovirt.org



>>

[ovirt-users] ovirt 3.6 python sdk how to find logical network from a host nic?

2016-08-12 Thread Huan He (huhe) 
Assuming the logical network ovirtmgmt has been configured in host NIC enp6s0.

host = api.hosts.get('host-123')
host_nic = host.nics.get('enp6s0')

How to get the logical network name ovirtmgmt?

I basically need to find ovirtmgmt is configured in which NIC.

Thanks,
Huan

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] xml config file being used in ovirt different from virsh?

2016-08-12 Thread Bill Bill 
It seems like when starting the VM through the oVirt dashboard, it’s either 
overwriting or removing those values.

From: Bill Bill
Sent: Friday, August 12, 2016 3:04 PM
To: users@ovirt.org
Subject: xml config file being used in ovirt different from virsh?

I have a VM with network filtering enabled, specifically the clean-traffic 
filter.

Through virsh, I modify the configuration to reflect changes like this:

 


  

This only allows those two specified IP’s to communicate on the VM. I’ve 
defined the xml through virsh.

Now, if I start the VM directly through virsh, those rules apply and work 
correctly. I can add any other random IP from the same subnet and it does not 
work, as expected. Only the two Ip’s specified above will respond.

This unfortunately, makes the VM appear to be down from with the ovirt 
dashboard if it’s started manually through virsh.

If I edit the machine through virsh but do not start it and then go onto oVirt 
to start the VM, it seems the configuration is not loaded – does oVirt load a 
different configuration file other than /etc/libvirt/qemu/machine.xml?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] LDAP-based domain not working after upgrade?

2016-08-12 Thread Ondra Machacek 


On 08/12/2016 05:53 PM, nico...@devels.es wrote:

El 2016-08-10 14:46, Nicolás escribió:

En 10/8/2016 2:29 p. m., Alexander Wels  escribió:


On Wednesday, August 10, 2016 9:02:16 AM EDT Alexander Wels wrote:



On Wednesday, August 10, 2016 9:10:25 AM EDT nico...@devels.es

wrote:



El 2016-08-10 08:58, Ondra Machacek escribió:



> On 08/10/2016 09:37 AM, Nicolás wrote:



>> Hi,



>>



>> We're running oVirt 4.0.1.1 [1], and we're trying to grant a

permission to



>> a



>> user on a VM. Thing is when we open the 'Permissions' subtab

on that



>> VM,



>> we click on Add, the LDAP backend shows up but any value

entered into



>> the search box returns nothing, even when I know the values

exist.



>>



>> This has been working on oVirt 3.x, we actually migrated to

4.x last



>> week and didn't notice this issue.



>>



>> Additionally, there's no combobox to choose the permission to

grant?



>



> There should be combo box to choose a role.







I've attached a screenshot, seems there's not.







Its highly likely the dropdown is there, but its scrolled below

the bottom



of the dialog and thus you can't see it. I thought I made sure all

the



dialogs were working, seems like I missed one. Let me check it out

and see



what is going on.











Okay I double checked, I went to the VMs main tab, selected a VM,
then went to



the permissions sub tab. Clicked add. The dialog that popped up
looks like the



one attached, which is what I was expecting. The one you attached
appears to



be missing some styling, which is likely what caused the Role to
Assign part



to be scrolled below the bottom of the page.







Can you complete clear your cache (not shift reload, but
settings->clear



cache). If that doesn't work can you tell us the version of the
patternfly rpm



installed on your engine?







Yes, I already did that, also opened the engine on different clients
and the behavior is the same, I believe this is not a client issue.
Patternfly package is patternfly1-1.3.0-1.el7.centos.noarch




Ok, this indeed seems like a graphics problem since I am seeing this
connecting to a machine through a VNC server and the Role combobox is
moved down out of the dialog.

However, the LDAP issue persists. When I choose the 'internal' domain, I
can search the 'admin' user successfully, however, if I set it to be the
LDAP domain, any search returns nothing.

Any hints or ideas how to debug this?


Can you please enable debug log[1] and send it here?

[1] 
https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/master/README#L442




Thanks.







Anyhow, I see there are lots of packages to update so I'll do so
within a few days and report results.







>> All this is done with the admin@internal user, so I guess

this is not



>> a



>> self-permission issue.



>>



>> Interesting thing is that I can successfully log-in to the

user portal



>> with a LDAP based user and manage all the VMs assigned to

them.



>>



>> Just to see if there's been any configuration change, we also

run the



>> ovirt-engine-extension-aaa-ldap-setup tool, the configuration

it



>> returns



>> is pretty similar to ours, and even the test commands (Login,

Search)



>> work successfully (I can see search returning user's data

like name,



>> surname, ...). We even applied this configuration to engine

to see if



>> it



>> makes a difference but the result is the same, the search

dialog



>> returns



>> nothing and neither I can see the permission to grant.



>>



>> Any hint about this?



>



> Maybe you hit similar issue to this one[1].



>



> Can you please share engine.log, while you hit search button?







I'm also attaching the log at the time I hit the search button,

but I'm



afraid there's no entry about that.







Thanks.







> [1] https [2]://bugzilla.redhat.com/show_bug.cgi?id=1356675

[2]



>



>> Thanks



>> ___



>> Users mailing list



>> Users@ovirt.org



>> http [3]://lists.ovirt.org/ [3]mailman [3]/ [3]listinfo [3]/

[3]users [3]







___



Users mailing list



Users@ovirt.org



http [3]://lists.ovirt.org/ [3]mailman [3]/ [3]listinfo [3]/

[3]users [3]



___



Users mailing list



Users@ovirt.org



http [3]://lists.ovirt.org/ [3]mailman [3]/ [3]listinfo [3]/
[3]users [3]








Links:
--
[1] http://4.0.1.1
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1356675
[3] http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org

Re: [ovirt-users] oVirt 4.0.2 RC

2016-08-12 Thread Fernando Fuentes 
Thanks Sandro!

--
Fernando Fuentes
ffuen...@txweather.org
http://www.txweather.org



On Fri, Aug 12, 2016, at 06:59 AM, Sandro Bonazzola wrote:
>
>
> On Fri, Aug 12, 2016 at 4:07 AM, Fernando Fuentes
>  wrote:
>> So I went to do an update to my ovirt system and found that the RC is
>>  coming down to my production box... IE: 4.0.2
>>
>>  I did a repo list and found - centos-ovirt40-candidate
>
> please yum update ovirt-release40
> Anyway, it's safe up to now since candidate contains same versions as
> in release, 4.0.2 has been released this morning from RC without
> changes.
>
>
>
>>
>>
>> Than found that 4.0.2 its also coming down from the ovirt-4.0 repo...
>>
>>  ovirt-engine-sdk-python  noarch  3.6.8.0-1.el7
>>  centos-ovirt40-candidate  480 k
>>  ovirt-release40noarch  4.0.2-2
>>  ovirt-4.0
>>  8.3 k
>>  ovirt-vmconsole noarch  1.0.4-1.el7
>>  centos-ovirt40-candidate   29 k
>>  ovirt-vmconsole-proxy noarch  1.0.4-1.el7
>>  centos-ovirt40-candidate   17 k
>>  python-ovirt-engine-sdk4x86_64  4.0.0-0.5.a5.el7
>>  centos-ovirt40-candidate  308 k
>>
>>  Is this safe to upgrade?
>>
>>  Regards,
>>
>>  --
>>  Fernando Fuentes ffuen...@txweather.org http://www.txweather.org
>>  ___
>>  Users mailing list Users@ovirt.org
>>  http://lists.ovirt.org/mailman/listinfo/users
>
>
>
> --
> Sandro Bonazzola
> Better technology. Faster innovation. Powered by community
> collaboration.
> See how it works at redhat.com
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] xml config file being used in ovirt different from virsh?

2016-08-12 Thread Bill Bill 
I have a VM with network filtering enabled, specifically the clean-traffic 
filter.

Through virsh, I modify the configuration to reflect changes like this:

 


  

This only allows those two specified IP’s to communicate on the VM. I’ve 
defined the xml through virsh.

Now, if I start the VM directly through virsh, those rules apply and work 
correctly. I can add any other random IP from the same subnet and it does not 
work, as expected. Only the two Ip’s specified above will respond.

This unfortunately, makes the VM appear to be down from with the ovirt 
dashboard if it’s started manually through virsh.

If I edit the machine through virsh but do not start it and then go onto oVirt 
to start the VM, it seems the configuration is not loaded – does oVirt load a 
different configuration file other than /etc/libvirt/qemu/machine.xml?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Failed to activate Storage Domain vms (Data Center Default)

2016-08-12 Thread Gonzalo Faramiñan 
Hello everyone,

I'm brand new to oVirt, but anyway I'm trying to solve a problem
because of staff changes. Any help is really appreciated.

Context:
 - oVirt Engine Version: 3.1.0-3.19.el6 running on Centos 6.7
 - two nodes running Centos 6.7 connected with Gluster 3.3.1.15.el6,
replicate configured
 - six VMs with high-availability on six separated virtual disk
created into de Default volume.

The Data Center was working fine for a few years and after a
maintenance (step-by-step well done) reboot,  the Default volume lost
GBs of data. Just 23MB of replicated data remained :_(
Now the Master Storage Domain seems to be broken and we cannot get it
up and running in any way. Whatever we try, we end up facing this
message: "No valid Data Storage Domains are available in Data Center
Default (please check your storage infrastructure)."

Over this list we saw same log messages, but couldn't solve the problem.

I include what I think are the main error messages

Thanks in advance!

Webgui:

2016-Aug-12, 14:37:11

Host nodo2 cannot access one of the Storage Domains attached to it, or
the Data Center object. Setting Host state to Non-Operational.

2016-Aug-12, 14:37:11

Failed to connect Host nodo2 to Storage Pool Default

2016-Aug-12, 14:40:02

Failed to activate Storage Domain vms (Data Center Default) by admin@internal

Cluster's admin machine:
$ tail /var/log/ovirt-engine/engine.log

2016-08-12 14:12:12,285 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.BrokerCommandBase]
(QuartzScheduler_Worker-62) Vds: nodo1

2016-08-12 14:12:12,285 ERROR
[org.ovirt.engine.core.vdsbroker.VDSCommandBase]
(QuartzScheduler_Worker-62) Command ConnectStoragePoolVDS execution
failed. Exception: IRSNoMasterDomainException: IRSGenericException:
IRSErrorException: IRSNoMasterDomainException: Cannot find master
domain: 'spUUID=6c820dd3-24dc-472f-9b9b-b366da23b22f,
msdUUID=fe3dad77-6f27-40cd-8be9-b9e9cd1fb9bf'

2016-08-12 14:12:12,286 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.ConnectStoragePoolVDSCommand]
(QuartzScheduler_Worker-62) FINISH, ConnectStoragePoolVDSCommand, log
id: 125fb199

2016-08-12 14:12:12,287 ERROR
[org.ovirt.engine.core.vdsbroker.irsbroker.IrsBrokerCommand]
(QuartzScheduler_Worker-62) IrsBroker::Failed::GetStoragePoolInfoVDS

2016-08-12 14:12:12,287 ERROR
[org.ovirt.engine.core.vdsbroker.irsbroker.IrsBrokerCommand]
(QuartzScheduler_Worker-62) Exception: IRSGenericException:
IRSErrorException: IRSNoMasterDomainException: Cannot find master
domain: 'spUUID=6c820dd3-24dc-472f-9b9b-b366da23b22f,
msdUUID=fe3dad77-6f27-40cd-8be9-b9e9cd1fb9bf'

2016-08-12 14:12:12,302 WARN
[org.ovirt.engine.core.dal.job.ExecutionMessageDirector]
(QuartzScheduler_Worker-62) [3165a3b2] The message key
ReconstructMasterDomain is missing from bundles/ExecutionMessages

2016-08-12 14:12:12,350 INFO
[org.ovirt.engine.core.bll.storage.ReconstructMasterDomainCommand]
(QuartzScheduler_Worker-62) [3165a3b2] Running command:
ReconstructMasterDomainCommand internal: true. Entities affected :
ID: fe3dad77-6f27-40cd-8be9-b9e9cd1fb9bf Type: Storage

2016-08-12 14:12:12,397 INFO
[org.ovirt.engine.core.vdsbroker.irsbroker.MarkPoolInReconstructModeVDSCommand]
(QuartzScheduler_Worker-62) [3165a3b2] START,
MarkPoolInReconstructModeVDSCommand(storagePoolId =
6c820dd3-24dc-472f-9b9b-b366da23b22f, ignoreFailoverLimit = false,
compatabilityVersion = null, reconstructMarkAction = ClearCache), log
id: 40a6ee33

2016-08-12 14:12:12,397 INFO
[org.ovirt.engine.core.vdsbroker.irsbroker.IrsBrokerCommand]
(QuartzScheduler_Worker-62) [3165a3b2] clearing cache for problematic
entities in pool 6c820dd3-24dc-472f-9b9b-b366da23b22f

2016-08-12 14:12:12,398 INFO
[org.ovirt.engine.core.vdsbroker.irsbroker.MarkPoolInReconstructModeVDSCommand]
(QuartzScheduler_Worker-62) [3165a3b2] FINISH,
MarkPoolInReconstructModeVDSCommand, log id: 40a6ee33
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] General system updates policy

2016-08-12 Thread David Gossage 
Is it considered safe from an ovirt stability standpoint to apply yum
updates to the hosts and engine as centos/redhat release them?

For example the recent https://rhn.redhat.com/errata/RHSA-2016-1606.html
update for qemu.  If I run yum update and update that is their any worry
for me that it has not been tested with oVirt and so versions will break
something.  Same with kernels, libraries etc..


*David Gossage*
*Carousel Checks Inc. | System Administrator*
*Office* 708.613.2284
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] HostedEngine with HA

2016-08-12 Thread Carlos Rodrigues 
Hello,

I have one cluster with two hosts with power management correctly
configured and one virtual machine with HostedEngine over shared
storage with FiberChannel.

When i shutdown the network of host with HostedEngine VM,  it should be
possible the HostedEngine VM migrate automatically to another host?

What is the expected behaviour on this HA scenario?

Regards,

-- 
Carlos Rodrigues 

Engenheiro de Software Sénior

Eurotux Informática, S.A. | www.eurotux.com
(t) +351 253 680 300 (m) +351 911 926 110

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] IP Address Stealing

2016-08-12 Thread Bill Bill 
Cool. It looks like that works. Perhaps it would be good for oVirt to have a 
few text fields in the nic properties to enter IP addresses into which can 
match the rules being used. For example, when enabling the clean-traffic filter 
it appears the VM can only have 1 IP address, even if another IP is added 
legitimately, it still only works with the original IP address.

Something like this: http://i.imgur.com/9BUZRCN.jpg

So essentially, traffic would be blocked on that VM for any other IP space 
other than the IP’s entered into the text fields, which then edit/work with the 
netfilter rules. The idea would be to click “click to add more” would add 
another text field.



From: Edward Haas
Sent: Thursday, August 4, 2016 3:47 AM
To: Subhendu Ghosh
Cc: Bill Bill; users
Subject: Re: [ovirt-users] IP Address Stealing



On Thu, Aug 4, 2016 at 6:27 AM, Subhendu Ghosh 
> wrote:
Not built into ovirt AFAIK,  but an ebtables rule can allow you to filter out 
mac+ip combinations

Look at the anti-spoofing rules on 
ebtables.netfilter.org

It doesn't prevent the user adding it in the vm, but the infrastructure blocks 
it's usage.


From: Bill Bill >
Sent: Aug 3, 2016 22:40
To: users@ovirt.org
Subject: [ovirt-users] IP Address Stealing

Hello,

It is possible to prevent a VM from adding an IP? For example, if we provision 
a VM with one IP, if the user has root access they can simply add random IP’s 
from within the same range as sub interfaces: eth0:0 eth0:1 eth0:2 so on and so 
forth.

Subnetting is not ideal in this situation because it’s a huge waste of IP space.

In oVirt 4.0, you can choose a vnic libvirt filter from a list (at the vnic 
profile settings).
You can check the clean-traffic filter which uses multiple other more specific 
filters.
Ref: https://libvirt.org/formatnwfilter.html

Thanks,
Edy.



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Best way to create project-based virtual labs

2016-08-12 Thread Clint Smith 
Hi All,
I have gone through work of setting up ovirt and have integrated a directory 
server.  I am now reading about permissions and quotas; I'm trying to figure 
out the best mechanisms for sectioning off resources to groups of users that 
are on different projects.

I would like each member to have the ability to create Vms and templates within 
their respective project group.  It’s ok if members within the group see the 
each others Vms, however, I would like to keep team resources isolated to the 
team, if possible. I’m not sure whether to create a new host, cluster, 
datacenter, or storage domain for each team. Ovirt seems highly flexible in 
this area so I was wondering if anyone has any suggestions.

Thanks very much!
Clint

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] LDAP-based domain not working after upgrade?

2016-08-12 Thread nicolas 

El 2016-08-10 14:46, Nicolás escribió:

En 10/8/2016 2:29 p. m., Alexander Wels  escribió:


On Wednesday, August 10, 2016 9:02:16 AM EDT Alexander Wels wrote:



On Wednesday, August 10, 2016 9:10:25 AM EDT nico...@devels.es

wrote:



El 2016-08-10 08:58, Ondra Machacek escribió:



> On 08/10/2016 09:37 AM, Nicolás wrote:



>> Hi,



>>



>> We're running oVirt 4.0.1.1 [1], and we're trying to grant a

permission to



>> a



>> user on a VM. Thing is when we open the 'Permissions' subtab

on that



>> VM,



>> we click on Add, the LDAP backend shows up but any value

entered into



>> the search box returns nothing, even when I know the values

exist.



>>



>> This has been working on oVirt 3.x, we actually migrated to

4.x last



>> week and didn't notice this issue.



>>



>> Additionally, there's no combobox to choose the permission to

grant?



>



> There should be combo box to choose a role.







I've attached a screenshot, seems there's not.







Its highly likely the dropdown is there, but its scrolled below

the bottom



of the dialog and thus you can't see it. I thought I made sure all

the



dialogs were working, seems like I missed one. Let me check it out

and see



what is going on.











Okay I double checked, I went to the VMs main tab, selected a VM,
then went to



the permissions sub tab. Clicked add. The dialog that popped up
looks like the



one attached, which is what I was expecting. The one you attached
appears to



be missing some styling, which is likely what caused the Role to
Assign part



to be scrolled below the bottom of the page.







Can you complete clear your cache (not shift reload, but
settings->clear



cache). If that doesn't work can you tell us the version of the
patternfly rpm



installed on your engine?







Yes, I already did that, also opened the engine on different clients
and the behavior is the same, I believe this is not a client issue.
Patternfly package is patternfly1-1.3.0-1.el7.centos.noarch




Ok, this indeed seems like a graphics problem since I am seeing this 
connecting to a machine through a VNC server and the Role combobox is 
moved down out of the dialog.


However, the LDAP issue persists. When I choose the 'internal' domain, I 
can search the 'admin' user successfully, however, if I set it to be the 
LDAP domain, any search returns nothing.


Any hints or ideas how to debug this?

Thanks.







Anyhow, I see there are lots of packages to update so I'll do so
within a few days and report results.







>> All this is done with the admin@internal user, so I guess

this is not



>> a



>> self-permission issue.



>>



>> Interesting thing is that I can successfully log-in to the

user portal



>> with a LDAP based user and manage all the VMs assigned to

them.



>>



>> Just to see if there's been any configuration change, we also

run the



>> ovirt-engine-extension-aaa-ldap-setup tool, the configuration

it



>> returns



>> is pretty similar to ours, and even the test commands (Login,

Search)



>> work successfully (I can see search returning user's data

like name,



>> surname, ...). We even applied this configuration to engine

to see if



>> it



>> makes a difference but the result is the same, the search

dialog



>> returns



>> nothing and neither I can see the permission to grant.



>>



>> Any hint about this?



>



> Maybe you hit similar issue to this one[1].



>



> Can you please share engine.log, while you hit search button?







I'm also attaching the log at the time I hit the search button,

but I'm



afraid there's no entry about that.







Thanks.







> [1] https [2]://bugzilla.redhat.com/show_bug.cgi?id=1356675

[2]



>



>> Thanks



>> ___



>> Users mailing list



>> Users@ovirt.org



>> http [3]://lists.ovirt.org/ [3]mailman [3]/ [3]listinfo [3]/

[3]users [3]







___



Users mailing list



Users@ovirt.org



http [3]://lists.ovirt.org/ [3]mailman [3]/ [3]listinfo [3]/

[3]users [3]



___



Users mailing list



Users@ovirt.org



http [3]://lists.ovirt.org/ [3]mailman [3]/ [3]listinfo [3]/
[3]users [3]








Links:
--
[1] http://4.0.1.1
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1356675
[3] http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt updates available on host due to libvirt missing

2016-08-12 Thread Michal Skrivanek 


> On 12 Aug 2016, at 15:37, Martin Perina  wrote:
> 
> 
> 
>> On Fri, Aug 12, 2016 at 3:33 PM, Gianluca Cecchi  
>> wrote:
>>> On Fri, Aug 12, 2016 at 3:18 PM, Martin Perina  wrote:
>>> 
>>> 
>>> 
 I installed libvirt about 45 minutes ago, but in the web admin gui I 
 continue to see the icon with the tooltip "update available".. any service 
 to refresh/restart?
>>> 
>>> 
>>> ​Have you installed it using webadmin Upgrade button or manually via yum?
>>> 
>> 
>> Via yum, also because this is a test environment with only one host and self 
>> hosted engine.
> 
> ​Ahh, so unfortunately you need to wait for tomorrow, notification will be 
> cleared after next "check for upgrade​" execution​
> 
>> In this particular case, using the upgrade button, would it need to put host 
>> into maintenance even for only libvirt or not?
> 
> ​Yes, we highly recommend (and support) doing upgrades only when host is in 
> Maintenance status (no matter if you do that in webadmin or manually using 
> yum)

"Highly recommend" as in "if you don't do that, anything can happen", e.g. when 
there is a qemu-related package update all your running VMs will just crash, 
same for many others which may break various features___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt updates available on host due to libvirt missing

2016-08-12 Thread Martin Perina 
On Fri, Aug 12, 2016 at 3:33 PM, Gianluca Cecchi 
wrote:

> On Fri, Aug 12, 2016 at 3:18 PM, Martin Perina  wrote:
>
>>
>>
>>
>> I installed libvirt about 45 minutes ago, but in the web admin gui I
>>> continue to see the icon with the tooltip "update available".. any service
>>> to refresh/restart?
>>>
>>
>> ​Have you installed it using webadmin Upgrade button or manually via yum?
>>
>>
> Via yum, also because this is a test environment with only one host and
> self hosted engine.
>

​Ahh, so unfortunately you need to wait for tomorrow, notification will be
cleared after next "check for upgrade​
" execution​

In this particular case, using the upgrade button, would it need to put
> host into maintenance even for only libvirt or not?
>

​Yes, we highly recommend (and support) doing upgrades only when host is in
Maintenance status (no matter if you do that in webadmin or manually using
yum)
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt updates available on host due to libvirt missing

2016-08-12 Thread Gianluca Cecchi 
On Fri, Aug 12, 2016 at 3:18 PM, Martin Perina  wrote:

>
>
>
> I installed libvirt about 45 minutes ago, but in the web admin gui I
>> continue to see the icon with the tooltip "update available".. any service
>> to refresh/restart?
>>
>
> ​Have you installed it using webadmin Upgrade button or manually via yum?
>
>
Via yum, also because this is a test environment with only one host and
self hosted engine.
In this particular case, using the upgrade button, would it need to put
host into maintenance even for only libvirt or not?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt updates available on host due to libvirt missing

2016-08-12 Thread Martin Perina 
On Fri, Aug 12, 2016 at 3:00 PM, Gianluca Cecchi 
wrote:

> On Fri, Aug 12, 2016 at 2:41 PM, Martin Perina  wrote:
>
>> I've accidentally replied on the original email, ccing others
>>
>> On Fri, Aug 12, 2016 at 2:39 PM, Martin Perina 
>> wrote:
>>
>>> Hi,
>>>
>>> we are checking for upgrades of more packages in 4.0 than in previous
>>> version, details can be found at:
>>>
>>> https://bugzilla.redhat.com/show_bug.cgi?id=1344020
>>>
>>> And libvirt is one of those new packages.
>>>
>>> I've just found out that this is incidentally part of 4.0.2 although it
>>> was retargeted to 4.0.4 (we forgot to remove patch from 4.0.2 branch when
>>> we did several 4.0.2 rebuilds).
>>>
>>> Martin
>>>
>>>
>>>
> Not a big problem for me.
> It was just to notice that a user could be in doubt of not being correctly
> up to date.
> Probably a mark into release notes could be ok.
> After installing libvirt and dependencies what is the frequency of the
> check that should show all now is ok?
>

​By default we check for upgrades once a day, this can be changed using:

  engine-config -s HostPackagesUpdateTimeInHours=NNN

where NNN is number of hours between checks.

More details about Host upgrade manager can be found at

http://old.ovirt.org/Home/Features/UpgradeManager

​


> I installed libvirt about 45 minutes ago, but in the web admin gui I
> continue to see the icon with the tooltip "update available".. any service
> to refresh/restart?
>

​Have you installed it using webadmin Upgrade button or manually via yum?
​


>
> Gianluca
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt updates available on host due to libvirt missing

2016-08-12 Thread Gianluca Cecchi 
On Fri, Aug 12, 2016 at 2:41 PM, Martin Perina  wrote:

> I've accidentally replied on the original email, ccing others
>
> On Fri, Aug 12, 2016 at 2:39 PM, Martin Perina  wrote:
>
>> Hi,
>>
>> we are checking for upgrades of more packages in 4.0 than in previous
>> version, details can be found at:
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=1344020
>>
>> And libvirt is one of those new packages.
>>
>> I've just found out that this is incidentally part of 4.0.2 although it
>> was retargeted to 4.0.4 (we forgot to remove patch from 4.0.2 branch when
>> we did several 4.0.2 rebuilds).
>>
>> Martin
>>
>>
>>
Not a big problem for me.
It was just to notice that a user could be in doubt of not being correctly
up to date.
Probably a mark into release notes could be ok.
After installing libvirt and dependencies what is the frequency of the
check that should show all now is ok?
I installed libvirt about 45 minutes ago, but in the web admin gui I
continue to see the icon with the tooltip "update available".. any service
to refresh/restart?

Gianluca
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt updates available on host due to libvirt missing

2016-08-12 Thread Martin Perina 
I've accidentally replied on the original email, ccing others

On Fri, Aug 12, 2016 at 2:39 PM, Martin Perina  wrote:

> Hi,
>
> we are checking for upgrades of more packages in 4.0 than in previous
> version, details can be found at:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1344020
>
> And libvirt is one of those new packages.
>
> I've just found out that this is incidentally part of 4.0.2 although it
> was retargeted to 4.0.4 (we forgot to remove patch from 4.0.2 branch when
> we did several 4.0.2 rebuilds).
>
> Martin
>
>
> On Fri, Aug 12, 2016 at 12:25 PM, Gianluca Cecchi <
> gianluca.cec...@gmail.com> wrote:
>
>> Hello,
>> My self hosted engine environment was born in 3.6.0 in November with
>> CentOS 7 on host and CentOS 7 appliance.
>> I managed several updates applying 3.6.2, then 3.6.5, then 4.0.
>> Now I'm at 4.0.2 final and in web admin gui I see a message regarding
>> updates available on host (hosted_engine_1) that doesn't go away.
>> The host usually was updated through "yum update" and not from the gui
>> during updates described above.
>>
>> In events pane it seems the problem is related with libvirt package
>>
>> Host hosted_engine_1 has available updates: libvirt.
>>
>> Actually at this moment the libvirt package (that seems actually a sort
>> of meta-package) is not installed and I think has been never here.
>> Situation is:
>>
>> [root@ractor log]# rpm -qa|grep libvirt
>> libvirt-daemon-driver-network-1.2.17-13.el7_2.5.x86_64
>> libvirt-daemon-driver-interface-1.2.17-13.el7_2.5.x86_64
>> libvirt-daemon-kvm-1.2.17-13.el7_2.5.x86_64
>> libvirt-client-1.2.17-13.el7_2.5.x86_64
>> libvirt-daemon-1.2.17-13.el7_2.5.x86_64
>> libvirt-lock-sanlock-1.2.17-13.el7_2.5.x86_64
>> libvirt-daemon-driver-storage-1.2.17-13.el7_2.5.x86_64
>> libvirt-daemon-driver-qemu-1.2.17-13.el7_2.5.x86_64
>> libvirt-daemon-driver-nodedev-1.2.17-13.el7_2.5.x86_64
>> libvirt-python-1.2.17-2.el7.x86_64
>> libvirt-daemon-config-nwfilter-1.2.17-13.el7_2.5.x86_64
>> libvirt-daemon-driver-nwfilter-1.2.17-13.el7_2.5.x86_64
>> libvirt-daemon-driver-secret-1.2.17-13.el7_2.5.x86_64
>> [root@ractor log]#
>>
>> If I run "yum install libvirt" I'm proposed:
>>
>> Dependencies Resolved
>>
>> 
>> 
>>  Package  Arch  Version
>>  Repository  Size
>> 
>> 
>> Installing:
>>  libvirt  x86_641.2.17-13.el7_2.5
>>  updates119 k
>> Installing for dependencies:
>>  libvirt-daemon-config-networkx86_641.2.17-13.el7_2.5
>>  updates120 k
>>  libvirt-daemon-driver-lxcx86_641.2.17-13.el7_2.5
>>  updates747 k
>>
>> Transaction Summary
>> 
>> 
>> Install  1 Package (+2 Dependent packages)
>>
>> How to proceed?
>>
>> Thanks,
>> Gianluca
>>
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt updates available on host due to libvirt missing

2016-08-12 Thread Martin Perina 
Hi,

we are checking for upgrades of more packages in 4.0 than in previous
version, details can be found at:

https://bugzilla.redhat.com/show_bug.cgi?id=1344020

And libvirt is one of those new packages.

I've just found out that this is incidentally part of 4.0.2 although it was
retargeted to 4.0.4 (we forgot to remove patch from 4.0.2 branch when we
did several 4.0.2 rebuilds).

Martin


On Fri, Aug 12, 2016 at 12:25 PM, Gianluca Cecchi  wrote:

> Hello,
> My self hosted engine environment was born in 3.6.0 in November with
> CentOS 7 on host and CentOS 7 appliance.
> I managed several updates applying 3.6.2, then 3.6.5, then 4.0.
> Now I'm at 4.0.2 final and in web admin gui I see a message regarding
> updates available on host (hosted_engine_1) that doesn't go away.
> The host usually was updated through "yum update" and not from the gui
> during updates described above.
>
> In events pane it seems the problem is related with libvirt package
>
> Host hosted_engine_1 has available updates: libvirt.
>
> Actually at this moment the libvirt package (that seems actually a sort of
> meta-package) is not installed and I think has been never here. Situation
> is:
>
> [root@ractor log]# rpm -qa|grep libvirt
> libvirt-daemon-driver-network-1.2.17-13.el7_2.5.x86_64
> libvirt-daemon-driver-interface-1.2.17-13.el7_2.5.x86_64
> libvirt-daemon-kvm-1.2.17-13.el7_2.5.x86_64
> libvirt-client-1.2.17-13.el7_2.5.x86_64
> libvirt-daemon-1.2.17-13.el7_2.5.x86_64
> libvirt-lock-sanlock-1.2.17-13.el7_2.5.x86_64
> libvirt-daemon-driver-storage-1.2.17-13.el7_2.5.x86_64
> libvirt-daemon-driver-qemu-1.2.17-13.el7_2.5.x86_64
> libvirt-daemon-driver-nodedev-1.2.17-13.el7_2.5.x86_64
> libvirt-python-1.2.17-2.el7.x86_64
> libvirt-daemon-config-nwfilter-1.2.17-13.el7_2.5.x86_64
> libvirt-daemon-driver-nwfilter-1.2.17-13.el7_2.5.x86_64
> libvirt-daemon-driver-secret-1.2.17-13.el7_2.5.x86_64
> [root@ractor log]#
>
> If I run "yum install libvirt" I'm proposed:
>
> Dependencies Resolved
>
> 
> 
>  Package  Arch  Version
>  Repository  Size
> 
> 
> Installing:
>  libvirt  x86_641.2.17-13.el7_2.5
>  updates119 k
> Installing for dependencies:
>  libvirt-daemon-config-networkx86_641.2.17-13.el7_2.5
>  updates120 k
>  libvirt-daemon-driver-lxcx86_641.2.17-13.el7_2.5
>  updates747 k
>
> Transaction Summary
> 
> 
> Install  1 Package (+2 Dependent packages)
>
> How to proceed?
>
> Thanks,
> Gianluca
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt updates available on host due to libvirt missing

2016-08-12 Thread Gianluca Cecchi 
On Fri, Aug 12, 2016 at 2:18 PM, Michal Skrivanek 
wrote:

>
>
> >
> > Not sure why it is proposed just now and not before.
> > The -lxc package is not used by oVirt, so it will just sit there.
> > The libvirt-daemon-config-network package should be harmless, it just
> contains
> > the configuration fir libvirt's default bridge ‘virbr0'
>
> well, harmless….though for a good reason we stopped pulling in “libvirt”
> as the metapackage brings problematic deps in certain cases (iirc it was
> due to ppc64le)
> That’s why we depend on exactly just
> libvirt-daemon-config-nwfilter libvirt-daemon-kvm libvirt-lock-sanlock
> libvirt-client libvirt-python
>
> As Francesco says it’s mostly harmless, it’s just that on a truly clean
> environment “libvirt” wouldn’t be installed
>
> Thanks,
> michal
>
>
>
Ok, and indeed in my system is not installed... so the question is why
inside the web admin gui there is a complaint about libvirt missing if not
needed:
https://drive.google.com/file/d/0BwoPbcrMv8mveWNDNWpZdjIwV0U/view?usp=sharing
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt updates available on host due to libvirt missing

2016-08-12 Thread Michal Skrivanek 

> On 12 Aug 2016, at 14:10, Francesco Romani  wrote:
> 
> - Original Message -
>> From: "Sandro Bonazzola" 
>> To: "Gianluca Cecchi" , "Michal Skrivanek" 
>> , "Francesco Romani"
>> 
>> Cc: "users" 
>> Sent: Friday, August 12, 2016 2:01:54 PM
>> Subject: Re: [ovirt-users] oVirt updates available on host due to libvirt 
>> missing
>> 
>> On Fri, Aug 12, 2016 at 12:25 PM, Gianluca Cecchi >> wrote:
>> 
>>> Hello,
>>> My self hosted engine environment was born in 3.6.0 in November with
>>> CentOS 7 on host and CentOS 7 appliance.
>>> I managed several updates applying 3.6.2, then 3.6.5, then 4.0.
>>> Now I'm at 4.0.2 final and in web admin gui I see a message regarding
>>> updates available on host (hosted_engine_1) that doesn't go away.
>>> The host usually was updated through "yum update" and not from the gui
>>> during updates described above.
>>> 
>>> In events pane it seems the problem is related with libvirt package
>>> 
>>> Host hosted_engine_1 has available updates: libvirt.
>>> 
>>> Actually at this moment the libvirt package (that seems actually a sort of
>>> meta-package) is not installed and I think has been never here. Situation
>>> is:
>>> 
>>> [root@ractor log]# rpm -qa|grep libvirt
>>> libvirt-daemon-driver-network-1.2.17-13.el7_2.5.x86_64
>>> libvirt-daemon-driver-interface-1.2.17-13.el7_2.5.x86_64
>>> libvirt-daemon-kvm-1.2.17-13.el7_2.5.x86_64
>>> libvirt-client-1.2.17-13.el7_2.5.x86_64
>>> libvirt-daemon-1.2.17-13.el7_2.5.x86_64
>>> libvirt-lock-sanlock-1.2.17-13.el7_2.5.x86_64
>>> libvirt-daemon-driver-storage-1.2.17-13.el7_2.5.x86_64
>>> libvirt-daemon-driver-qemu-1.2.17-13.el7_2.5.x86_64
>>> libvirt-daemon-driver-nodedev-1.2.17-13.el7_2.5.x86_64
>>> libvirt-python-1.2.17-2.el7.x86_64
>>> libvirt-daemon-config-nwfilter-1.2.17-13.el7_2.5.x86_64
>>> libvirt-daemon-driver-nwfilter-1.2.17-13.el7_2.5.x86_64
>>> libvirt-daemon-driver-secret-1.2.17-13.el7_2.5.x86_64
>>> [root@ractor log]#
>>> 
>>> If I run "yum install libvirt" I'm proposed:
>>> 
>>> Dependencies Resolved
>>> 
>>> 
>>> 
>>> Package  Arch  Version
>>> Repository  Size
>>> 
>>> 
>>> Installing:
>>> libvirt  x86_641.2.17-13.el7_2.5
>>> updates119 k
>>> Installing for dependencies:
>>> libvirt-daemon-config-networkx86_641.2.17-13.el7_2.5
>>> updates120 k
>>> libvirt-daemon-driver-lxcx86_641.2.17-13.el7_2.5
>>> updates747 k
>>> 
>>> Transaction Summary
>>> 
>>> 
>>> Install  1 Package (+2 Dependent packages)
>>> 
>>> How to proceed?
> [...]
>> I t should be safe to install the dependencies. Adding Michal and Francesco
>> to confirm.
> 
> Not sure why it is proposed just now and not before.
> The -lxc package is not used by oVirt, so it will just sit there.
> The libvirt-daemon-config-network package should be harmless, it just contains
> the configuration fir libvirt's default bridge ‘virbr0'

well, harmless….though for a good reason we stopped pulling in “libvirt” as the 
metapackage brings problematic deps in certain cases (iirc it was due to 
ppc64le)
That’s why we depend on exactly just
libvirt-daemon-config-nwfilter libvirt-daemon-kvm libvirt-lock-sanlock 
libvirt-client libvirt-python

As Francesco says it’s mostly harmless, it’s just that on a truly clean 
environment “libvirt” wouldn’t be installed

Thanks,
michal

> 
> Bests,
> 
> -- 
> Francesco Romani
> RedHat Engineering Virtualization R & D
> Phone: 8261328
> IRC: fromani

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt updates available on host due to libvirt missing

2016-08-12 Thread Francesco Romani 
- Original Message -
> From: "Sandro Bonazzola" 
> To: "Gianluca Cecchi" , "Michal Skrivanek" 
> , "Francesco Romani"
> 
> Cc: "users" 
> Sent: Friday, August 12, 2016 2:01:54 PM
> Subject: Re: [ovirt-users] oVirt updates available on host due to libvirt 
> missing
> 
> On Fri, Aug 12, 2016 at 12:25 PM, Gianluca Cecchi  > wrote:
> 
> > Hello,
> > My self hosted engine environment was born in 3.6.0 in November with
> > CentOS 7 on host and CentOS 7 appliance.
> > I managed several updates applying 3.6.2, then 3.6.5, then 4.0.
> > Now I'm at 4.0.2 final and in web admin gui I see a message regarding
> > updates available on host (hosted_engine_1) that doesn't go away.
> > The host usually was updated through "yum update" and not from the gui
> > during updates described above.
> >
> > In events pane it seems the problem is related with libvirt package
> >
> > Host hosted_engine_1 has available updates: libvirt.
> >
> > Actually at this moment the libvirt package (that seems actually a sort of
> > meta-package) is not installed and I think has been never here. Situation
> > is:
> >
> > [root@ractor log]# rpm -qa|grep libvirt
> > libvirt-daemon-driver-network-1.2.17-13.el7_2.5.x86_64
> > libvirt-daemon-driver-interface-1.2.17-13.el7_2.5.x86_64
> > libvirt-daemon-kvm-1.2.17-13.el7_2.5.x86_64
> > libvirt-client-1.2.17-13.el7_2.5.x86_64
> > libvirt-daemon-1.2.17-13.el7_2.5.x86_64
> > libvirt-lock-sanlock-1.2.17-13.el7_2.5.x86_64
> > libvirt-daemon-driver-storage-1.2.17-13.el7_2.5.x86_64
> > libvirt-daemon-driver-qemu-1.2.17-13.el7_2.5.x86_64
> > libvirt-daemon-driver-nodedev-1.2.17-13.el7_2.5.x86_64
> > libvirt-python-1.2.17-2.el7.x86_64
> > libvirt-daemon-config-nwfilter-1.2.17-13.el7_2.5.x86_64
> > libvirt-daemon-driver-nwfilter-1.2.17-13.el7_2.5.x86_64
> > libvirt-daemon-driver-secret-1.2.17-13.el7_2.5.x86_64
> > [root@ractor log]#
> >
> > If I run "yum install libvirt" I'm proposed:
> >
> > Dependencies Resolved
> >
> > 
> > 
> >  Package  Arch  Version
> >  Repository  Size
> > 
> > 
> > Installing:
> >  libvirt  x86_641.2.17-13.el7_2.5
> >  updates119 k
> > Installing for dependencies:
> >  libvirt-daemon-config-networkx86_641.2.17-13.el7_2.5
> >  updates120 k
> >  libvirt-daemon-driver-lxcx86_641.2.17-13.el7_2.5
> >  updates747 k
> >
> > Transaction Summary
> > 
> > 
> > Install  1 Package (+2 Dependent packages)
> >
> > How to proceed?
[...]
> I t should be safe to install the dependencies. Adding Michal and Francesco
> to confirm.

Not sure why it is proposed just now and not before.
The -lxc package is not used by oVirt, so it will just sit there.
The libvirt-daemon-config-network package should be harmless, it just contains
the configuration fir libvirt's default bridge 'virbr0'

Bests,

-- 
Francesco Romani
RedHat Engineering Virtualization R & D
Phone: 8261328
IRC: fromani
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt updates available on host due to libvirt missing

2016-08-12 Thread Sandro Bonazzola 
On Fri, Aug 12, 2016 at 12:25 PM, Gianluca Cecchi  wrote:

> Hello,
> My self hosted engine environment was born in 3.6.0 in November with
> CentOS 7 on host and CentOS 7 appliance.
> I managed several updates applying 3.6.2, then 3.6.5, then 4.0.
> Now I'm at 4.0.2 final and in web admin gui I see a message regarding
> updates available on host (hosted_engine_1) that doesn't go away.
> The host usually was updated through "yum update" and not from the gui
> during updates described above.
>
> In events pane it seems the problem is related with libvirt package
>
> Host hosted_engine_1 has available updates: libvirt.
>
> Actually at this moment the libvirt package (that seems actually a sort of
> meta-package) is not installed and I think has been never here. Situation
> is:
>
> [root@ractor log]# rpm -qa|grep libvirt
> libvirt-daemon-driver-network-1.2.17-13.el7_2.5.x86_64
> libvirt-daemon-driver-interface-1.2.17-13.el7_2.5.x86_64
> libvirt-daemon-kvm-1.2.17-13.el7_2.5.x86_64
> libvirt-client-1.2.17-13.el7_2.5.x86_64
> libvirt-daemon-1.2.17-13.el7_2.5.x86_64
> libvirt-lock-sanlock-1.2.17-13.el7_2.5.x86_64
> libvirt-daemon-driver-storage-1.2.17-13.el7_2.5.x86_64
> libvirt-daemon-driver-qemu-1.2.17-13.el7_2.5.x86_64
> libvirt-daemon-driver-nodedev-1.2.17-13.el7_2.5.x86_64
> libvirt-python-1.2.17-2.el7.x86_64
> libvirt-daemon-config-nwfilter-1.2.17-13.el7_2.5.x86_64
> libvirt-daemon-driver-nwfilter-1.2.17-13.el7_2.5.x86_64
> libvirt-daemon-driver-secret-1.2.17-13.el7_2.5.x86_64
> [root@ractor log]#
>
> If I run "yum install libvirt" I'm proposed:
>
> Dependencies Resolved
>
> 
> 
>  Package  Arch  Version
>  Repository  Size
> 
> 
> Installing:
>  libvirt  x86_641.2.17-13.el7_2.5
>  updates119 k
> Installing for dependencies:
>  libvirt-daemon-config-networkx86_641.2.17-13.el7_2.5
>  updates120 k
>  libvirt-daemon-driver-lxcx86_641.2.17-13.el7_2.5
>  updates747 k
>
> Transaction Summary
> 
> 
> Install  1 Package (+2 Dependent packages)
>
> How to proceed?
>
> Thanks,
> Gianluca
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
I t should be safe to install the dependencies. Adding Michal and Francesco
to confirm.

-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt 4.0.2 RC

2016-08-12 Thread Sandro Bonazzola 
On Fri, Aug 12, 2016 at 4:07 AM, Fernando Fuentes 
wrote:

> So I went to do an update to my ovirt system and found that the RC is
> coming down to my production box... IE: 4.0.2
>
> I did a repo list and found - centos-ovirt40-candidate
>

please yum update ovirt-release40
Anyway, it's safe up to now since candidate contains same versions as in
release, 4.0.2 has been released this morning from RC without changes.




>
>
> Than found that 4.0.2 its also coming down from the ovirt-4.0 repo...
>
>  ovirt-engine-sdk-python  noarch  3.6.8.0-1.el7
>centos-ovirt40-candidate  480 k
>  ovirt-release40noarch  4.0.2-2
>  ovirt-4.0
>  8.3 k
>  ovirt-vmconsole noarch  1.0.4-1.el7
>centos-ovirt40-candidate   29 k
>  ovirt-vmconsole-proxy noarch  1.0.4-1.el7
>  centos-ovirt40-candidate   17 k
>  python-ovirt-engine-sdk4x86_64  4.0.0-0.5.a5.el7
>centos-ovirt40-candidate  308 k
>
> Is this safe to upgrade?
>
> Regards,
>
> --
> Fernando Fuentes
> ffuen...@txweather.org
> http://www.txweather.org
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>



-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] new internal SSO

2016-08-12 Thread Fabrice Bacchella 
I'm currently fighting with the new mandatory SSO system introduced in 4.0.

It's also used internally as ovirt-engine is calling himself, as shown in the 
apache log, to identity himself to himself:

[2016-08-12 11:30:24] 10.83.16.34 "ovirt.prod.exalead.com" "POST 
/ovirt-engine/sso/status HTTP/1.1" 256 401 + 163 "-" "Java/1.8.0_92"
[2016-08-12 10:55:49] 10.83.16.34 "ovirt.prod.exalead.com" "POST 
/ovirt-engine/sso/oauth/token HTTP/1.1" 237 401 + 163 "-" "Java/1.8.0_92"

But the sso will be acceded by human too:

[2016-08-12 11:29:27] 192.168.205.59 "ovirt.prod.exalead.com" "GET 
/ovirt-engine/sso/interactive-redirect-to-module HTTP/1.1" 5097 302 + - 
"https://ovirt.prod.exalead.com/ovirt-engine/; "Mozilla/5.0 (Macintosh; Intel 
Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0"


I'm using a custom apache configuration, as I need that to better integrate 
ovirt in our running SSO and PKI setup.

So under SSO I wonder which part needs to be protected using our own SSO, and 
what part can be open to any access, and the internal security of ovirt will 
manage it ?

In https://bugzilla.redhat.com/show_bug.cgi?id=1342192, it seems for me that 
^/ovirt-engine/sso/(interactive-login-negotiate|oauth/token-http-auth) needs to 
be protected. Am i right ?

In my log, I've seen access to:

/ovirt-engine/sso/status
/ovirt-engine/sso/oauth/token-info
/ovirt-engine/webadmin/sso/oauth2-callback
/ovirt-engine/webadmin/sso/login
/ovirt-engine/sso/oauth/token
/ovirt-engine/sso/oauth/authorize
/ovirt-engine/sso/interactive-redirect-to-module
/ovirt-engine/sso/interactive-login-next-auth
/ovirt-engine/sso/interactive-login-negotiate/ovirt-auth___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] oVirt updates available on host due to libvirt missing

2016-08-12 Thread Gianluca Cecchi 
Hello,
My self hosted engine environment was born in 3.6.0 in November with CentOS
7 on host and CentOS 7 appliance.
I managed several updates applying 3.6.2, then 3.6.5, then 4.0.
Now I'm at 4.0.2 final and in web admin gui I see a message regarding
updates available on host (hosted_engine_1) that doesn't go away.
The host usually was updated through "yum update" and not from the gui
during updates described above.

In events pane it seems the problem is related with libvirt package

Host hosted_engine_1 has available updates: libvirt.

Actually at this moment the libvirt package (that seems actually a sort of
meta-package) is not installed and I think has been never here. Situation
is:

[root@ractor log]# rpm -qa|grep libvirt
libvirt-daemon-driver-network-1.2.17-13.el7_2.5.x86_64
libvirt-daemon-driver-interface-1.2.17-13.el7_2.5.x86_64
libvirt-daemon-kvm-1.2.17-13.el7_2.5.x86_64
libvirt-client-1.2.17-13.el7_2.5.x86_64
libvirt-daemon-1.2.17-13.el7_2.5.x86_64
libvirt-lock-sanlock-1.2.17-13.el7_2.5.x86_64
libvirt-daemon-driver-storage-1.2.17-13.el7_2.5.x86_64
libvirt-daemon-driver-qemu-1.2.17-13.el7_2.5.x86_64
libvirt-daemon-driver-nodedev-1.2.17-13.el7_2.5.x86_64
libvirt-python-1.2.17-2.el7.x86_64
libvirt-daemon-config-nwfilter-1.2.17-13.el7_2.5.x86_64
libvirt-daemon-driver-nwfilter-1.2.17-13.el7_2.5.x86_64
libvirt-daemon-driver-secret-1.2.17-13.el7_2.5.x86_64
[root@ractor log]#

If I run "yum install libvirt" I'm proposed:

Dependencies Resolved


 Package  Arch  Version
   Repository  Size

Installing:
 libvirt  x86_641.2.17-13.el7_2.5
   updates119 k
Installing for dependencies:
 libvirt-daemon-config-networkx86_641.2.17-13.el7_2.5
   updates120 k
 libvirt-daemon-driver-lxcx86_641.2.17-13.el7_2.5
   updates747 k

Transaction Summary

Install  1 Package (+2 Dependent packages)

How to proceed?

Thanks,
Gianluca
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] [ANN] oVirt 4.0.2 Final Release is now available

2016-08-12 Thread Sandro Bonazzola 
On Fri, Aug 12, 2016 at 11:46 AM, Gianluca Cecchi  wrote:

> Hello,
> it seems 4.0.2 final is the same as RC4, at least at engine side.
> Can you confirm if any changes/updates got in between RC4 and final?
>

Confirmed, no changes between rc4 and final



>
> Thanks
>



-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] [ANN] oVirt 4.0.2 Final Release is now available

2016-08-12 Thread Gianluca Cecchi 
Hello,
it seems 4.0.2 final is the same as RC4, at least at engine side.
Can you confirm if any changes/updates got in between RC4 and final?

Thanks
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Storage for my Environment

2016-08-12 Thread Michael Cooper 

Hello Guys,

I am sorry ask a stupid question again, however I am not sure 
how to add storage to the environment that I have at the moment. I have 
4 Servers 3 of them are AMD and one Intel Core i7, on my servers I have 
2 Dell SC1435's and one HP DL385 G5


I have the Engine Running and I have added a node as well, Both of them 
are Physical servers they both have 1 tb drives, I would like to add the 
drive in the node as storage how would I accomplish that?


Thank you very much in advance,
--
*Michael Cooper*
http://www.coopfire.com
Linux/VMWare Certified Professional
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Unable to login to the WEB UI

2016-08-12 Thread Fabrice Bacchella 

> Le 11 août 2016 à 11:37, Fabrice Bacchella  a 
> écrit :
> 
> 
>> Le 11 août 2016 à 09:31, Martin Perina > > a écrit :
>> 
>> Hi Fabrice,
>> 
>> so it seems to me that ovirt-engine-rename didn't work as expected, because 
>> you have changed ENGINE_FQDN in 10-setup-protocols.conf. We don't support 
>> user updates on automatically generated files in 
>> /etc/ovirt-engine/engine.conf.d/. Please next time you'd like to change 
>> something, change it in 99-custom-???.conf file.
> 
> I roll back this change, as you said it was not enough and then the rename 
> command..
> 
>> 
>> Now how to get things working: I'm afraid it would be long and painful 
>> process, but let's try:
>> 
>> 1. Change manually ENGINE_FQDN to the new value you have used as new FQDN in 
>> ovirt-engine-rename in those files:
>> 
>> /etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf
>> /etc/ovirt-engine/imageuploader.conf.d/10-engine-setup.conf
>> /etc/ovirt-engine/isouploader.conf.d/10-engine-setup.conf
>> /etc/ovirt-engine/logcollector.conf.d/10-engine-setup.conf
>> 
>> 2. Now, let's check your custom certificates, I know you are using your 
>> custom CA, does the trustore you have set into ENGINE_HTTPS_PKI_TRUST_STORE 
>> contains all certificates which are needed to verify HTTPS certificates you 
>> have set in Apache for new FQDN? If so, then please restart your engine and 
>> try
>> 
>> Thanks
>> 
>> Martin Perina
> 
> I'm not sur the PKI part is the biggest problem. I managed to get it work 
> after a rename and using a custom truststore with all the needed CA.
> 
> My main problem is with this strange 
> User login failure: java.lang.RuntimeException: server_error: 
> org.codehaus.jackson.JsonParseException: Unexpected character ('<' (code 
> 60)): expected a valid value (number, String, array, object, 'true', 'false' 
> or 'null')
> 
> that no one seems to understand where it came from. Ravi suggest to do not 
> use custom certificate, but I think it's impossible to test this now, because 
> of the incomplete operation of the rename command. So I will but back my 
> trust store and we should focus on this message.
> 
> By the way, I'm on irc on the channel with the nick FabriceB.

Ok we finally nailed that problem with the help of Ravi Nori. Because of the 
new SSO settings, ovirt-engine made a called to itself, from within the same 
process. But it needed to go through apache to authentify itself by itself and 
was intercepted by my SSO setup. I will need to rewrite it and split URL.



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] [ANN] oVirt 4.0.2 Final Release is now available

2016-08-12 Thread Sandro Bonazzola 
The oVirt Project is pleased to announce the availability of oVirt 4.0.2,
as of August 12th, 2016.

This release is available now for:
* Fedora 23 (tech preview)
* Red Hat Enterprise Linux 7.2 or later
* CentOS Linux (or similar) 7.2 or later

This release supports Hypervisor Hosts running:
* Red Hat Enterprise Linux 7.2 or later
* CentOS Linux (or similar) 7.2 or later
* Fedora 23 (tech preview)
* oVirt Next Generation Node 4.0

Please take a look at our community page[1]
to know how to ask questions and interact with developers and users.
All issues or bugs should be reported via oVirt Bugzilla[2].

This update is the second in a series of stabilization updates to the 4.0
series.
4.0.2 brings 24 enhancements and more than 200 bugfixes, including 107 high
or urgent severity fixes, on top of oVirt 4.0 series
See the release notes [3] for installation / upgrade instructions and a
list of new features and bugs fixed.

Notes:
* A new oVirt Live ISO is available. [4]
* A new oVirt Next Generation Node will be available soon [4].
* A new oVirt Engine Appliance is already available.
* Mirrors[5] might need up to one day to synchronize.

Additional Resources:
* Read more about the oVirt 4.0.2 release highlights:
http://www.ovirt.org/release/4.0.2/
* Get more oVirt Project updates on Twitter: https://twitter.com/ovirt
* Check out the latest project news on the oVirt blog:
http://www.ovirt.org/blog/

[1] https://www.ovirt.org/community/
[2] https://bugzilla.redhat.com/enter_bug.cgi?classification=oVirt
[3] http://www.ovirt.org/release/4.0.2/
[4] http://resources.ovirt.org/pub/ovirt-4.0/iso/
[5] http://www.ovirt.org/Repository_mirrors#Current_mirrors


-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users