Re: [ovirt-users] gluster setup in ovirt

2016-10-27 Thread Sahina Bose
On Thu, Oct 27, 2016 at 4:28 AM, Thing  wrote:

> Hi,
>
> I have 3 machines imported into ovirt 4.0.4 just to do storage.  I have no
> storage setup.  I am a bit confused, can I add new storage from scratch via
> ovirt? ie picking mount points (I have /gv1 so set on each) or do I create
> the gluster replicated setup manually on each of the three nodes first? and
> import "ready made"?
>

You can setup gluster volume from scratch via oVirt
Once you add 3 nodes to the cluster - create bricks using the Storage
Devices sub-tab under each host. This will provision and mount the brick
from an unused raw block device on host.
Once the brick directories are mounted - use the New volume dialog to
create the volume



>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] messed up gluster attempt

2016-10-27 Thread Sahina Bose
On Fri, Oct 28, 2016 at 8:14 AM, Thing  wrote:

> Hi,
>
> So was was trying to make a 3 way mirror and it reported failed.  Now I
> get these messages,
>
> On glusterp1,
>
> =
> [root@glusterp1 ~]# gluster peer status
> Number of Peers: 1
>
> Hostname: 192.168.1.32
> Uuid: ef780f56-267f-4a6d-8412-4f1bb31fd3ac
> State: Peer in Cluster (Connected)
> [root@glusterp1 ~]# gluster peer probe glusterp3.graywitch.co.nz
> peer probe: failed: glusterp3.graywitch.co.nz is either already part of
> another cluster or having volumes configured
> [root@glusterp1 ~]# gluster volume info
> No volumes present
> [root@glusterp1 ~]#
> =
>
> on glusterp2,
>
> =
> [root@glusterp2 ~]# systemctl status glusterd.service
> ● glusterd.service - GlusterFS, a clustered file-system server
>Loaded: loaded (/usr/lib/systemd/system/glusterd.service; disabled;
> vendor preset: disabled)
>Active: active (running) since Fri 2016-10-28 15:22:34 NZDT; 5min ago
>  Main PID: 16779 (glusterd)
>CGroup: /system.slice/glusterd.service
>└─16779 /usr/sbin/glusterd -p /var/run/glusterd.pid --log-level
> INFO
>
> Oct 28 15:22:32 glusterp2.graywitch.co.nz systemd[1]: Starting GlusterFS,
> a clustered file-system server...
> Oct 28 15:22:34 glusterp2.graywitch.co.nz systemd[1]: Started GlusterFS,
> a clustered file-system server.
> [root@glusterp2 ~]# gluster volume info
> No volumes present
> [root@glusterp2 ~]# gluster peer status
> Number of Peers: 2
>
> Hostname: 192.168.1.33
> Uuid: 0fde5a5b-6254-4931-b704-40a88d4e89ce
> State: Sent and Received peer request (Connected)
>
> Hostname: 192.168.1.31
> Uuid: a29a93ee-e03a-46b0-a168-4d5e224d5f02
> State: Peer in Cluster (Connected)
> [root@glusterp2 ~]#
> ==
>
> on glusterp3,
>
> ==
> [root@glusterp3 glusterd]# systemctl status glusterd.service
> ● glusterd.service - GlusterFS, a clustered file-system server
>Loaded: loaded (/usr/lib/systemd/system/glusterd.service; disabled;
> vendor preset: disabled)
>Active: active (running) since Fri 2016-10-28 15:26:40 NZDT; 1min 16s
> ago
>  Main PID: 7033 (glusterd)
>CGroup: /system.slice/glusterd.service
>└─7033 /usr/sbin/glusterd -p /var/run/glusterd.pid --log-level
> INFO
>
> Oct 28 15:26:37 glusterp3.graywitch.co.nz systemd[1]: Starting GlusterFS,
> a clustered file-system server...
> Oct 28 15:26:40 glusterp3.graywitch.co.nz systemd[1]: Started GlusterFS,
> a clustered file-system server.
> [root@glusterp3 glusterd]# gluster volume info
> No volumes present
> [root@glusterp3 glusterd]# gluster peer probe glusterp1.graywitch.co.nz
> peer probe: failed: glusterp1.graywitch.co.nz is either already part of
> another cluster or having volumes configured
> [root@glusterp3 glusterd]# gluster volume info
> No volumes present
> [root@glusterp3 glusterd]# gluster peer status
> Number of Peers: 1
>
> Hostname: glusterp2.graywitch.co.nz
> Uuid: ef780f56-267f-4a6d-8412-4f1bb31fd3ac
> State: Sent and Received peer request (Connected)
> [root@glusterp3 glusterd]#
> ===
>
> How do I clean this mess up?
>

I'm assuming you don't have any data in these volumes - in which case you
can clean up the entire setup and start over again:
On all three nodes, stop glusterd service (systemctl stop glusterd), remove
the contents under /var/lib/glusterd/vols and /var/lib/glusterd/peers and
restart glusterd.

You can then create your cluster again. If you're reusing brick directories
from previous run, make sure to clean up those as well


>
> thanks
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] messed up gluster attempt

2016-10-27 Thread Thing
Hi,

So was was trying to make a 3 way mirror and it reported failed.  Now I get
these messages,

On glusterp1,

=
[root@glusterp1 ~]# gluster peer status
Number of Peers: 1

Hostname: 192.168.1.32
Uuid: ef780f56-267f-4a6d-8412-4f1bb31fd3ac
State: Peer in Cluster (Connected)
[root@glusterp1 ~]# gluster peer probe glusterp3.graywitch.co.nz
peer probe: failed: glusterp3.graywitch.co.nz is either already part of
another cluster or having volumes configured
[root@glusterp1 ~]# gluster volume info
No volumes present
[root@glusterp1 ~]#
=

on glusterp2,

=
[root@glusterp2 ~]# systemctl status glusterd.service
● glusterd.service - GlusterFS, a clustered file-system server
   Loaded: loaded (/usr/lib/systemd/system/glusterd.service; disabled;
vendor preset: disabled)
   Active: active (running) since Fri 2016-10-28 15:22:34 NZDT; 5min ago
 Main PID: 16779 (glusterd)
   CGroup: /system.slice/glusterd.service
   └─16779 /usr/sbin/glusterd -p /var/run/glusterd.pid --log-level
INFO

Oct 28 15:22:32 glusterp2.graywitch.co.nz systemd[1]: Starting GlusterFS, a
clustered file-system server...
Oct 28 15:22:34 glusterp2.graywitch.co.nz systemd[1]: Started GlusterFS, a
clustered file-system server.
[root@glusterp2 ~]# gluster volume info
No volumes present
[root@glusterp2 ~]# gluster peer status
Number of Peers: 2

Hostname: 192.168.1.33
Uuid: 0fde5a5b-6254-4931-b704-40a88d4e89ce
State: Sent and Received peer request (Connected)

Hostname: 192.168.1.31
Uuid: a29a93ee-e03a-46b0-a168-4d5e224d5f02
State: Peer in Cluster (Connected)
[root@glusterp2 ~]#
==

on glusterp3,

==
[root@glusterp3 glusterd]# systemctl status glusterd.service
● glusterd.service - GlusterFS, a clustered file-system server
   Loaded: loaded (/usr/lib/systemd/system/glusterd.service; disabled;
vendor preset: disabled)
   Active: active (running) since Fri 2016-10-28 15:26:40 NZDT; 1min 16s ago
 Main PID: 7033 (glusterd)
   CGroup: /system.slice/glusterd.service
   └─7033 /usr/sbin/glusterd -p /var/run/glusterd.pid --log-level
INFO

Oct 28 15:26:37 glusterp3.graywitch.co.nz systemd[1]: Starting GlusterFS, a
clustered file-system server...
Oct 28 15:26:40 glusterp3.graywitch.co.nz systemd[1]: Started GlusterFS, a
clustered file-system server.
[root@glusterp3 glusterd]# gluster volume info
No volumes present
[root@glusterp3 glusterd]# gluster peer probe glusterp1.graywitch.co.nz
peer probe: failed: glusterp1.graywitch.co.nz is either already part of
another cluster or having volumes configured
[root@glusterp3 glusterd]# gluster volume info
No volumes present
[root@glusterp3 glusterd]# gluster peer status
Number of Peers: 1

Hostname: glusterp2.graywitch.co.nz
Uuid: ef780f56-267f-4a6d-8412-4f1bb31fd3ac
State: Sent and Received peer request (Connected)
[root@glusterp3 glusterd]#
===

How do I clean this mess up?

thanks
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] gluster how to setup a volume across 3 nodes via ovirt

2016-10-27 Thread Thing
Hi,

I have 3 gluster nodes running,

==
[root@glusterp1 ~]# gluster peer status
Number of Peers: 2

Hostname: 192.168.1.33
Uuid: 0fde5a5b-6254-4931-b704-40a88d4e89ce
State: Peer in Cluster (Connected)

Hostname: 192.168.1.32
Uuid: ef780f56-267f-4a6d-8412-4f1bb31fd3ac
State: Peer in Cluster (Connected)
==

I have a 900gb partition on each of the three nodes ready to go, formatted
xfs.   However when I go into host---> storage devices it says gv_1-lvgv1
is already in use and "create brick" is greyed out.

So how do I get "create brick" un-greyed?

The partition isnt mounted, just setup and xfs'd ready for use.

Or am I better to set it up via the CLI on glusterp1?  I assume I can then
import it into ovirt for use?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] power management configuration.

2016-10-27 Thread Thing
So far from reading it appears this only applies to "proper" servers? ie
without a iLo card there is nothiing to do?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] host gaga and ovirt cannt control it.

2016-10-27 Thread Thing
Hi,  after 2 hours of repeatedly rebooting glusterp2 (8 odd times) and the
ovirt server itself twice after the second reboot of the ovirt server I
managed to get glusterp2 into maintenance mode and re-install it, which
cleared the issue. I still dont know why it failed, nor why it took so
long to right.  :(

Power management isnt working, so fixing this is my next job. Hopefully
making it go will be documented and straightforward.


On 27 October 2016 at 16:53, Ramesh Nachimuthu  wrote:

> Can you explain state of your setup now. May be a screen shot of the
> 'Hosts' tab and logs from /var/log/ovirt-engine/engine.log should help us
> to understand the situation there.
>
> Regards,
> Ramesh
>
>
>
>
> - Original Message -
> > From: "Thing" 
> > To: "users" 
> > Sent: Thursday, October 27, 2016 9:03:22 AM
> > Subject: [ovirt-users] host gaga and ovirt cannt control it.
> >
> > Ok, I have struggled with this for 2 hours now, glusterp2 and the ovirt
> > server are basically not talking at all. I have rebooted both, I dont
> know
> > how many times. Reading via google there seems to be no fix for this bar
> a
> > manual hack of the ovirt server's database to delete the host glusterp2?
> or
> > it it re-install from scratch time?
> >
> > If I have to re-install from scratch, is it best to go back a version of
> > ovirt say to 3.6?
> >
> > ___
> > Users mailing list
> > Users@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Upgrading oVirt 3.6 with existing HTTPS certificate signed by custom CA to oVirt 4

2016-10-27 Thread Kenneth Bingham
That makes sense, but it is also disappointing to realize that oVirt
Manager will only trust certificates that itself has issued, and that there
is no support for Manager to trust VDSM server certificates issued by
another authority.

If I understand you correctly, then the *only* way to install a VDSM host
certificate is by registering with Manager at which time a certificate is
automatically issued and installed by Manager's built-in certificate
authority.


On Thu, Oct 27, 2016 at 3:27 PM Ravi Nori  wrote:

Since you replace ca.pem you need to replace the private key of ca.pem

Please copy the private key of  /etc/pki/ovirt-engine/ca.pem to
/etc/pki/ovirt-engine/private/ca.pem and let me know if everything works

On Thu, Oct 27, 2016 at 2:47 PM, Kenneth Bingham  wrote:


Thanks Ravi, that's helpful and I appreciate the precision and attention to
detail. I performed similar steps to install a custom certificate for the
oVirt Manager GUI. But what about configuring ovirt-engine to trust a
certificate issued by the same CA and presented by the VDSM host? On the
hypervisor host, I used the existing private key to generate the CSR,
issued the server certificate, and installed in three locations before
bouncing vdsmd.

On the hypervisor Host server (not the Manager/engine server):
/etc/pki/vdsm/certs/vdsmcert.pem
/etc/pki/vdsm/libvirt-spice/server-cert.pem
/etc/pki/libvirt/clientcert.pem

Now, that host is "non responsive" in Manager because ovirt-engine does not
trust the new certificate even though I already performed all of the steps
that you describe above except that I installed the issuer's CA certificate
as the trusted entity. I've documented all of the steps I took in this Gist
.



On Thu, Oct 27, 2016 at 2:12 PM Ravi Nori  wrote:

Here is a complete set of instructions that works for me

You can skip the first few steps of generating the certificate.

Ravi


Generate a self-signed certificate using openssl
==
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout
privateKey.key -out certificate.pem

Convert a PEM certificate file and a private key to PKCS#12 (.p12)
=
openssl pkcs12 -export -out certificate.p12 -inkey privateKey.key -in
certificate.pem

Extract the key from the bundle
=
openssl pkcs12 -in  certificate.p12 -nocerts -nodes > apache.key.nopass

Extract the certificate from the bundle
==
openssl pkcs12 -in certificate.p12 -nokeys > apache.cer

Create a new Keystore for testing
==
keytool -keystore clientkeystore -genkey -alias client

Convert .pem to .der

openssl x509 -outform der -in certificate.pem -out certificate.der

Import certificates to keystore
===
keytool -import -alias apache -keystore ./clientkeystore -file
./certificate.der

Create Custom conf for ovirt
==
vi /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf

Set location of truststore and its password
=
ENGINE_HTTPS_PKI_TRUST_STORE="/home/rnori/Downloads/Cert/clientkeystore"
ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="123456"

Copy the custom certificates
==
rm /etc/pki/ovirt-engine/apache-ca.pem
cp certificate.pem /etc/pki/ovirt-engine/apache-ca.pem
cp certificate.p12 /etc/pki/ovirt-engine/keys/apache.p12
cp apache.cer /etc/pki/ovirt-engine/certs/apache.cer
cp apache.key.nopass /etc/pki/ovirt-engine/keys/apache.key.nopass

Restart engine and httpd
===
service httpd restart
service ovirt-engine restart

On Thu, Oct 27, 2016 at 5:30 AM, Nicolas Ecarnot 
wrote:

Le 27/10/2016 à 00:14, Kenneth Bingham a écrit :

I did install a server certificate from a private CA on the engine
server for the oVirt 4 Manager GUI, but haven't figured out how to
configure engine to trust the same CA which also issued the server
certificate presented by vdsm. This is important for us because this is
the same server certificate presented by the host when using the console
(e.g. websocket console falls silently if the user agent doesn't trust
the console server's certificate).


Hello,

Maybe related bug : on an oVirt 4, I followed the same procedure below to
install a custom CA, with *SUCCESS*.

Today, I had to reinstall one of the hosts, and it is failing with :
"CA certificate and CA private key do not match" :

http://pastebin.com/9JS05JtJ

Which certificate did we (Kenneth and I) did we mis-used?
What did we do wrong?

Regards,

Nicolas ECARNOT



On Wed, Oct 26, 2016, 16:58 Beckman, Daniel
mailto:daniel.beck...@ingramcontent.com>> wrote:

We have oVirt 3.6.7 and I am preparing to upgrade to 4.0.4 release.
I read the release notes (https://www.ovirt.org/release/4.0.4/) and
noted comment #4 under “Install / Upgrade from previous version”:

__ __

/If you 

Re: [ovirt-users] Upgrading oVirt 3.6 with existing HTTPS certificate signed by custom CA to oVirt 4

2016-10-27 Thread Ravi Nori
Since you replace ca.pem you need to replace the private key of ca.pem

Please copy the private key of  /etc/pki/ovirt-engine/ca.pem to
/etc/pki/ovirt-engine/private/ca.pem and let me know if everything works

On Thu, Oct 27, 2016 at 2:47 PM, Kenneth Bingham  wrote:

>
> Thanks Ravi, that's helpful and I appreciate the precision and attention
> to detail. I performed similar steps to install a custom certificate for
> the oVirt Manager GUI. But what about configuring ovirt-engine to trust a
> certificate issued by the same CA and presented by the VDSM host? On the
> hypervisor host, I used the existing private key to generate the CSR,
> issued the server certificate, and installed in three locations before
> bouncing vdsmd.
>
> On the hypervisor Host server (not the Manager/engine server):
> /etc/pki/vdsm/certs/vdsmcert.pem
> /etc/pki/vdsm/libvirt-spice/server-cert.pem
> /etc/pki/libvirt/clientcert.pem
>
> Now, that host is "non responsive" in Manager because ovirt-engine does
> not trust the new certificate even though I already performed all of the
> steps that you describe above except that I installed the issuer's CA
> certificate as the trusted entity. I've documented all of the steps I took in
> this Gist
> .
>
>
>
> On Thu, Oct 27, 2016 at 2:12 PM Ravi Nori  wrote:
>
>> Here is a complete set of instructions that works for me
>>
>> You can skip the first few steps of generating the certificate.
>>
>> Ravi
>>
>>
>> Generate a self-signed certificate using openssl
>> ==
>> openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout
>> privateKey.key -out certificate.pem
>>
>> Convert a PEM certificate file and a private key to PKCS#12 (.p12)
>> =
>> openssl pkcs12 -export -out certificate.p12 -inkey privateKey.key -in
>> certificate.pem
>>
>> Extract the key from the bundle
>> =
>> openssl pkcs12 -in  certificate.p12 -nocerts -nodes > apache.key.nopass
>>
>> Extract the certificate from the bundle
>> ==
>> openssl pkcs12 -in certificate.p12 -nokeys > apache.cer
>>
>> Create a new Keystore for testing
>> ==
>> keytool -keystore clientkeystore -genkey -alias client
>>
>> Convert .pem to .der
>> 
>> openssl x509 -outform der -in certificate.pem -out certificate.der
>>
>> Import certificates to keystore
>> ===
>> keytool -import -alias apache -keystore ./clientkeystore -file
>> ./certificate.der
>>
>> Create Custom conf for ovirt
>> ==
>> vi /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf
>>
>> Set location of truststore and its password
>> =
>> ENGINE_HTTPS_PKI_TRUST_STORE="/home/rnori/Downloads/Cert/clientkeystore"
>> ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="123456"
>>
>> Copy the custom certificates
>> ==
>> rm /etc/pki/ovirt-engine/apache-ca.pem
>> cp certificate.pem /etc/pki/ovirt-engine/apache-ca.pem
>> cp certificate.p12 /etc/pki/ovirt-engine/keys/apache.p12
>> cp apache.cer /etc/pki/ovirt-engine/certs/apache.cer
>> cp apache.key.nopass /etc/pki/ovirt-engine/keys/apache.key.nopass
>>
>> Restart engine and httpd
>> ===
>> service httpd restart
>> service ovirt-engine restart
>>
>> On Thu, Oct 27, 2016 at 5:30 AM, Nicolas Ecarnot 
>> wrote:
>>
>> Le 27/10/2016 à 00:14, Kenneth Bingham a écrit :
>>
>> I did install a server certificate from a private CA on the engine
>> server for the oVirt 4 Manager GUI, but haven't figured out how to
>> configure engine to trust the same CA which also issued the server
>> certificate presented by vdsm. This is important for us because this is
>> the same server certificate presented by the host when using the console
>> (e.g. websocket console falls silently if the user agent doesn't trust
>> the console server's certificate).
>>
>>
>> Hello,
>>
>> Maybe related bug : on an oVirt 4, I followed the same procedure below to
>> install a custom CA, with *SUCCESS*.
>>
>> Today, I had to reinstall one of the hosts, and it is failing with :
>> "CA certificate and CA private key do not match" :
>>
>> http://pastebin.com/9JS05JtJ
>>
>> Which certificate did we (Kenneth and I) did we mis-used?
>> What did we do wrong?
>>
>> Regards,
>>
>> Nicolas ECARNOT
>>
>>
>>
>> On Wed, Oct 26, 2016, 16:58 Beckman, Daniel
>> > > wrote:
>>
>> We have oVirt 3.6.7 and I am preparing to upgrade to 4.0.4 release.
>> I read the release notes (https://www.ovirt.org/release/4.0.4/) and
>> noted comment #4 under “Install / Upgrade from previous version”:
>>
>> __ __
>>
>> /If you are using HTTPS certificate signed by custom certificate
>> authority, please take a look at https://bugzilla.redhat.com/1336838
>> for steps which need to be done after migration to 4

Re: [ovirt-users] fakevdsm templates per datacenter

2016-10-27 Thread joost
I might have mixed up some items here, please ignore my previous email 
and thank you for the info on setting the option to let ovirt use 
hostnames

I think i have been looking at the screen for too long.
thanks!

Roy Golan schreef op 2016-10-27 14:23:

On 27 October 2016 at 10:42,  wrote:


Hi All, i have two ovirt / fakevdsm questions.

I am using fakevdsm to test my ovirt 4.0.5 engine.
I have a somewhat awkward setup where i have a relatively large
amount of dcs. 



I cannot get nfs master domain to work from the api.
The api code is solid and is used on a ovirt-engine 3.5 production
cluster.


 
 I am not sure this is an ovirt of fakevdsm issue. When i manually 
add

the nfs storage domain it does get created whic


e="margin:0px 0px 0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex"> My real aim would be to run 500
dcs with 2 hosts and a

br>

Youd have to have a host per DC, cause every DC has an SPM. You meant
cluster or Im missing something.
 


Links:
--
[1] https://gerrit.ovirt.org/65804
[2] mailto:Users@ovirt.org
[3] mailto:jo...@familiealbers.nl


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Upgrading oVirt 3.6 with existing HTTPS certificate signed by custom CA to oVirt 4

2016-10-27 Thread Kenneth Bingham
Thanks Ravi, that's helpful and I appreciate the precision and attention to
detail. I performed similar steps to install a custom certificate for the
oVirt Manager GUI. But what about configuring ovirt-engine to trust a
certificate issued by the same CA and presented by the VDSM host? On the
hypervisor host, I used the existing private key to generate the CSR,
issued the server certificate, and installed in three locations before
bouncing vdsmd.

On the hypervisor Host server (not the Manager/engine server):
/etc/pki/vdsm/certs/vdsmcert.pem
/etc/pki/vdsm/libvirt-spice/server-cert.pem
/etc/pki/libvirt/clientcert.pem

Now, that host is "non responsive" in Manager because ovirt-engine does not
trust the new certificate even though I already performed all of the steps
that you describe above except that I installed the issuer's CA certificate
as the trusted entity. I've documented all of the steps I took in this Gist
.



On Thu, Oct 27, 2016 at 2:12 PM Ravi Nori  wrote:

> Here is a complete set of instructions that works for me
>
> You can skip the first few steps of generating the certificate.
>
> Ravi
>
>
> Generate a self-signed certificate using openssl
> ==
> openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout
> privateKey.key -out certificate.pem
>
> Convert a PEM certificate file and a private key to PKCS#12 (.p12)
> =
> openssl pkcs12 -export -out certificate.p12 -inkey privateKey.key -in
> certificate.pem
>
> Extract the key from the bundle
> =
> openssl pkcs12 -in  certificate.p12 -nocerts -nodes > apache.key.nopass
>
> Extract the certificate from the bundle
> ==
> openssl pkcs12 -in certificate.p12 -nokeys > apache.cer
>
> Create a new Keystore for testing
> ==
> keytool -keystore clientkeystore -genkey -alias client
>
> Convert .pem to .der
> 
> openssl x509 -outform der -in certificate.pem -out certificate.der
>
> Import certificates to keystore
> ===
> keytool -import -alias apache -keystore ./clientkeystore -file
> ./certificate.der
>
> Create Custom conf for ovirt
> ==
> vi /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf
>
> Set location of truststore and its password
> =
> ENGINE_HTTPS_PKI_TRUST_STORE="/home/rnori/Downloads/Cert/clientkeystore"
> ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="123456"
>
> Copy the custom certificates
> ==
> rm /etc/pki/ovirt-engine/apache-ca.pem
> cp certificate.pem /etc/pki/ovirt-engine/apache-ca.pem
> cp certificate.p12 /etc/pki/ovirt-engine/keys/apache.p12
> cp apache.cer /etc/pki/ovirt-engine/certs/apache.cer
> cp apache.key.nopass /etc/pki/ovirt-engine/keys/apache.key.nopass
>
> Restart engine and httpd
> ===
> service httpd restart
> service ovirt-engine restart
>
> On Thu, Oct 27, 2016 at 5:30 AM, Nicolas Ecarnot 
> wrote:
>
> Le 27/10/2016 à 00:14, Kenneth Bingham a écrit :
>
> I did install a server certificate from a private CA on the engine
> server for the oVirt 4 Manager GUI, but haven't figured out how to
> configure engine to trust the same CA which also issued the server
> certificate presented by vdsm. This is important for us because this is
> the same server certificate presented by the host when using the console
> (e.g. websocket console falls silently if the user agent doesn't trust
> the console server's certificate).
>
>
> Hello,
>
> Maybe related bug : on an oVirt 4, I followed the same procedure below to
> install a custom CA, with *SUCCESS*.
>
> Today, I had to reinstall one of the hosts, and it is failing with :
> "CA certificate and CA private key do not match" :
>
> http://pastebin.com/9JS05JtJ
>
> Which certificate did we (Kenneth and I) did we mis-used?
> What did we do wrong?
>
> Regards,
>
> Nicolas ECARNOT
>
>
>
> On Wed, Oct 26, 2016, 16:58 Beckman, Daniel
>  > wrote:
>
> We have oVirt 3.6.7 and I am preparing to upgrade to 4.0.4 release.
> I read the release notes (https://www.ovirt.org/release/4.0.4/) and
> noted comment #4 under “Install / Upgrade from previous version”:
>
> __ __
>
> /If you are using HTTPS certificate signed by custom certificate
> authority, please take a look at https://bugzilla.redhat.com/1336838
> for steps which need to be done after migration to 4.0. Also please
> consult https://bugzilla.redhat.com/1313379 how to setup this custom
> CA for use with virt-viewer clients./
>
> /__ __/
>
> So I referred to the first bugzilla
> (https://bugzilla.redhat.com/show_bug.cgi?id=1336838), where it
> states as follows:
>
> __ __
>
> If customer wants to use custom HTTPS certificate signed by
> different CA, then he has to per

Re: [ovirt-users] Upgrading oVirt 3.6 with existing HTTPS certificate signed by custom CA to oVirt 4

2016-10-27 Thread Ravi Nori
Here is a complete set of instructions that works for me

You can skip the first few steps of generating the certificate.

Ravi


Generate a self-signed certificate using openssl
==
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout
privateKey.key -out certificate.pem

Convert a PEM certificate file and a private key to PKCS#12 (.p12)
=
openssl pkcs12 -export -out certificate.p12 -inkey privateKey.key -in
certificate.pem

Extract the key from the bundle
=
openssl pkcs12 -in  certificate.p12 -nocerts -nodes > apache.key.nopass

Extract the certificate from the bundle
==
openssl pkcs12 -in certificate.p12 -nokeys > apache.cer

Create a new Keystore for testing
==
keytool -keystore clientkeystore -genkey -alias client

Convert .pem to .der

openssl x509 -outform der -in certificate.pem -out certificate.der

Import certificates to keystore
===
keytool -import -alias apache -keystore ./clientkeystore -file
./certificate.der

Create Custom conf for ovirt
==
vi /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf

Set location of truststore and its password
=
ENGINE_HTTPS_PKI_TRUST_STORE="/home/rnori/Downloads/Cert/clientkeystore"
ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="123456"

Copy the custom certificates
==
rm /etc/pki/ovirt-engine/apache-ca.pem
cp certificate.pem /etc/pki/ovirt-engine/apache-ca.pem
cp certificate.p12 /etc/pki/ovirt-engine/keys/apache.p12
cp apache.cer /etc/pki/ovirt-engine/certs/apache.cer
cp apache.key.nopass /etc/pki/ovirt-engine/keys/apache.key.nopass

Restart engine and httpd
===
service httpd restart
service ovirt-engine restart

On Thu, Oct 27, 2016 at 5:30 AM, Nicolas Ecarnot 
wrote:

> Le 27/10/2016 à 00:14, Kenneth Bingham a écrit :
>
>> I did install a server certificate from a private CA on the engine
>> server for the oVirt 4 Manager GUI, but haven't figured out how to
>> configure engine to trust the same CA which also issued the server
>> certificate presented by vdsm. This is important for us because this is
>> the same server certificate presented by the host when using the console
>> (e.g. websocket console falls silently if the user agent doesn't trust
>> the console server's certificate).
>>
>
> Hello,
>
> Maybe related bug : on an oVirt 4, I followed the same procedure below to
> install a custom CA, with *SUCCESS*.
>
> Today, I had to reinstall one of the hosts, and it is failing with :
> "CA certificate and CA private key do not match" :
>
> http://pastebin.com/9JS05JtJ
>
> Which certificate did we (Kenneth and I) did we mis-used?
> What did we do wrong?
>
> Regards,
>
> Nicolas ECARNOT
>
>
>>
>> On Wed, Oct 26, 2016, 16:58 Beckman, Daniel
>> > > wrote:
>>
>> We have oVirt 3.6.7 and I am preparing to upgrade to 4.0.4 release.
>> I read the release notes (https://www.ovirt.org/release/4.0.4/) and
>> noted comment #4 under “Install / Upgrade from previous version”:
>>
>> __ __
>>
>> /If you are using HTTPS certificate signed by custom certificate
>> authority, please take a look at https://bugzilla.redhat.com/1336838
>> for steps which need to be done after migration to 4.0. Also please
>> consult https://bugzilla.redhat.com/1313379 how to setup this custom
>> CA for use with virt-viewer clients./
>>
>> /__ __/
>>
>> So I referred to the first bugzilla
>> (https://bugzilla.redhat.com/show_bug.cgi?id=1336838), where it
>> states as follows:
>>
>> __ __
>>
>> If customer wants to use custom HTTPS certificate signed by
>> different CA, then he has to perform following steps: 
>>
>> __ __
>>
>> 1. Install custom CA (that signed HTTPS certificate) into host wide
>> trustore (more info can be found in update-ca-trust man page) 
>>
>> __ __
>>
>> 2. Configure HTTPS certificate in Apache (this step is same as in
>> previous versions) 
>>
>> __ __
>>
>> 3. Create new configuration file (for example
>> /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf) with
>> following content: 
>>
>> ENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts"
>> ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="" 
>>
>> __ __
>>
>> 4. Restart ovirt-engine service
>>
>> __ __
>>
>> I find it humorous that step # 1 suggests reading the “man page”
>> which is only slightly better than suggesting to “google” it. 
>>
>> __ __
>>
>> Has anyone using a custom CA for their HTTPS certificate
>> successfully upgraded to oVirt 4? If so could you share your
>> detailed steps? Or can anyone point me to an actual example of this
>> procedure? I’m a little nervous about the upgrade if you c

[ovirt-users] First steps with ovirt, what can I expect?

2016-10-27 Thread Ben De Luca
Hi,
   I am building my first ovirt system and I am wondering about the state
of my system. I think it should be different than what it is right now. If
any one has advice, opinions or thought I am open to hearing. Sorry If I
have some of the terminology wrong).

I am try to building a 3 node cluster, with nfs3 storage on top of
centos 7.2 system.

I have 3 identical nodes, and one machine providing dns for the 3
nodes. I have configured names for the nodes and for the engine

I installed centos-release-ovirt40 (which has resolved to
centos-release-ovirt40-1.0-1.el7.centos.noarch)

Using the appliance I found at
http://resources.ovirt.org/pub/ovirt-4.0/rpm/el7/noarch/ovirt-engine-appliance-4.0-20160928.1.el7.centos.noarch.rpm
I ran hosted-engine --deploy . it completed without error.

 What has me confused is I can only reach the management engine
(ping/web console) on the host that I ran hosted-engine --deploy. The other
nodes can not  reach it.

I feel like I should be able to connect to it from every where so I can
add the other nodes, as I have never done this before I dont know what
state it should be at the moment. Is there another step I need to take to
make it visible on the rest of the network?

-Ben
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] HostedEngine Storage

2016-10-27 Thread David Gossage
On Thu, Oct 27, 2016 at 10:05 AM, Bryan Sockel 
wrote:

> Hi,
>
> We currently have our HostedEngine VM running on a gluster Replica 3
> storage domain.  Is there a way to modify the mount options in oVirt to
> specify the Backup-Volfile servers?
>
>
I think all steps needed may be found in this thread from August.  Or at
least point you in right direction to test.

http://lists.ovirt.org/pipermail/users/2016-August/042164.html

I myself have not gotten around to trying yet as I just haven't had time to
bring my testing cluster back up.



> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] HostedEngine Storage

2016-10-27 Thread Bryan Sockel
Hi,

We currently have our HostedEngine VM running on a gluster Replica 3 storage 
domain.  Is there a way to modify the mount options in oVirt to specify the 
Backup-Volfile servers?  ___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] [ANN] oVirt 4.0.5 Fourth Release Candidate is now available

2016-10-27 Thread Sandro Bonazzola
On Thu, Oct 27, 2016 at 4:11 PM, Maton, Brett 
wrote:

> I just tried a yum update and got a key error, has it changed or is this a
> problem?:
>
> warning: 
> /var/cache/yum/x86_64/7/ovirt-4.0-pre/packages/mom-0.5.8-1.el7.centos.noarch.rpm:
> Header V3 RSA/SHA1 Signature, key ID 1efa001d: NOKEY
> Public key for mom-0.5.8-1.el7.centos.noarch.rpm is not installed
> mom-0.5.8-1.el7.centos.noarch.rpm
> | 124 kB  00:00:00
> Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-ovirt-4.0
>
>
> The GPG keys listed for the "oVirt 4.0 Pre-Release" repository are already
> installed but they are not correct for this package.
> Check that the correct key URLs are configured for this repository.
>

mom build comes from a copr build[1], so it should be the key used to sign
the copr build.

[1]
https://copr.fedorainfracloud.org/coprs/msivak/mom-for-ovirt/build/468892/

Adding Martin.


>
>
> On 27 October 2016 at 14:12, Sandro Bonazzola  wrote:
>
>>
>> The oVirt Project is pleased to announce the availability of oVirt 4.0.5
>> fourth release candidate for testing, as of October 27th, 2016.
>>
>> This release is available now for:
>> * Fedora 23 (tech preview)
>> * Red Hat Enterprise Linux 7.2 or later
>> * CentOS Linux (or similar) 7.2 or later
>>
>> This release supports Hypervisor Hosts running:
>> * Red Hat Enterprise Linux 7.2 or later
>> * CentOS Linux (or similar) 7.2 or later
>> * Fedora 23 (tech preview)
>> * oVirt Next Generation Node 4.0
>>
>> This is pre-release software. Please take a look at our community page[1]
>> to know how to ask questions and interact with developers and users.
>> All issues or bugs should be reported via oVirt Bugzilla[2].
>> This pre-release should not to be used in production.
>>
>> This update is the fourth release candidate of the fifth in a series of
>> stabilization updates to the 4.0 series.
>> 4.0.5 brings 13 enhancements and 83 bugfixes, including 37 high or urgent
>> severity fixes, on top of oVirt 4.0 series
>> See the release notes [3] for installation / upgrade instructions and a
>> list of new features and bugs fixed.
>>
>> Notes:
>> * A new oVirt Live ISO is available. [4]
>> * A new oVirt Next Generation Node will be available soon [4]
>> * A new oVirt Engine Appliance is available for Red Hat Enterprise Linux
>> and CentOS Linux (or similar)
>> * Mirrors[5] might need up to one day to synchronize.
>>
>> Additional Resources:
>> * Read more about the oVirt 4.0.5 release highlights:http://www.ovirt.or
>> g/release/4.0.5/
>> * Get more oVirt Project updates on Twitter: https://twitter.com/ovirt
>> * Check out the latest project news on the oVirt blog:
>> http://www.ovirt.org/blog/
>>
>> [1] https://www.ovirt.org/community/
>> [2] https://bugzilla.redhat.com/enter_bug.cgi?classification=oVirt
>> [3] http://www.ovirt.org/release/4.0.5/
>> [4] http://resources.ovirt.org/pub/ovirt-4.0-pre/iso/
>> [5] http://www.ovirt.org/Repository_mirrors#Current_mirrors
>>
>>
>> --
>> Sandro Bonazzola
>> Better technology. Faster innovation. Powered by community collaboration.
>> See how it works at redhat.com
>>
>>
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>


-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] [ANN] oVirt 4.0.5 Fourth Release Candidate is now available

2016-10-27 Thread Maton, Brett
I just tried a yum update and got a key error, has it changed or is this a
problem?:

warning:
/var/cache/yum/x86_64/7/ovirt-4.0-pre/packages/mom-0.5.8-1.el7.centos.noarch.rpm:
Header V3 RSA/SHA1 Signature, key ID 1efa001d: NOKEY
Public key for mom-0.5.8-1.el7.centos.noarch.rpm is not installed
mom-0.5.8-1.el7.centos.noarch.rpm
| 124 kB  00:00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-ovirt-4.0


The GPG keys listed for the "oVirt 4.0 Pre-Release" repository are already
installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.


On 27 October 2016 at 14:12, Sandro Bonazzola  wrote:

>
> The oVirt Project is pleased to announce the availability of oVirt 4.0.5
> fourth release candidate for testing, as of October 27th, 2016.
>
> This release is available now for:
> * Fedora 23 (tech preview)
> * Red Hat Enterprise Linux 7.2 or later
> * CentOS Linux (or similar) 7.2 or later
>
> This release supports Hypervisor Hosts running:
> * Red Hat Enterprise Linux 7.2 or later
> * CentOS Linux (or similar) 7.2 or later
> * Fedora 23 (tech preview)
> * oVirt Next Generation Node 4.0
>
> This is pre-release software. Please take a look at our community page[1]
> to know how to ask questions and interact with developers and users.
> All issues or bugs should be reported via oVirt Bugzilla[2].
> This pre-release should not to be used in production.
>
> This update is the fourth release candidate of the fifth in a series of
> stabilization updates to the 4.0 series.
> 4.0.5 brings 13 enhancements and 83 bugfixes, including 37 high or urgent
> severity fixes, on top of oVirt 4.0 series
> See the release notes [3] for installation / upgrade instructions and a
> list of new features and bugs fixed.
>
> Notes:
> * A new oVirt Live ISO is available. [4]
> * A new oVirt Next Generation Node will be available soon [4]
> * A new oVirt Engine Appliance is available for Red Hat Enterprise Linux
> and CentOS Linux (or similar)
> * Mirrors[5] might need up to one day to synchronize.
>
> Additional Resources:
> * Read more about the oVirt 4.0.5 release highlights:http://www.ovirt.
> org/release/4.0.5/
> * Get more oVirt Project updates on Twitter: https://twitter.com/ovirt
> * Check out the latest project news on the oVirt blog:
> http://www.ovirt.org/blog/
>
> [1] https://www.ovirt.org/community/
> [2] https://bugzilla.redhat.com/enter_bug.cgi?classification=oVirt
> [3] http://www.ovirt.org/release/4.0.5/
> [4] http://resources.ovirt.org/pub/ovirt-4.0-pre/iso/
> [5] http://www.ovirt.org/Repository_mirrors#Current_mirrors
>
>
> --
> Sandro Bonazzola
> Better technology. Faster innovation. Powered by community collaboration.
> See how it works at redhat.com
>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Local storage & shared in same cluster

2016-10-27 Thread Gianluca Cecchi
On Thu, Oct 27, 2016 at 1:58 PM, Sebastian Greco 
wrote:

> Ohh thx for the answer :) That's why the running VMs on that particular
> storage would only run on that host. One can do that in other hypervisors
> like vsphere or hyper-v. It would be a nice thing to have in rhv too imho.
>
>
>
Asked many times...
Latest relevant thread just before 4.0 release with some technical details
here:

http://lists.ovirt.org/pipermail/users/2016-May/039772.html
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Hosted Engine CPU usage always shows 100%

2016-10-27 Thread Simone Tiraboschi
On Thu, Oct 27, 2016 at 3:33 PM, knarra  wrote:

> On 10/27/2016 06:42 PM, Simone Tiraboschi wrote:
>
>
>
> On Thu, Oct 27, 2016 at 2:56 PM, knarra  wrote:
>
>> Hi Simone,
>>
>> I see that this patch is merged upstream. I have installed latest
>> master. But i still see that HostedEngine CPU shows 100%. Is there
>> something i am missing here?
>>
>
> So maybe it's an unrelated bug.
> Do you see the same behavior if you directly check the CPU on the VM with
> top?
>
>
>> Thanks
>> kasturi
>>
> Hi simone,
>
> I directly checked it on my machine and i see that the CPU utilization
> is very less .
>
> top - 13:33:12 up 32 min,  1 user,  load average: 0.69, 0.66, 0.57
> Tasks: 150 total,   1 running, 149 sleeping,   0 stopped,   0 zombie
> %Cpu(s):  8.3 us,  9.0 sy,  0.0 ni, 82.5 id,  0.0 wa,  0.0 hi,  0.2 si,
> 0.0 st
>

OK, can you please file a bug?

>
>
> Thanks
> kasturi
>
>
>> On 10/19/2016 10:33 PM, Simone Tiraboschi wrote:
>>
>>
>>
>> On Wed, Oct 19, 2016 at 3:13 PM, knarra  wrote:
>>
>>> On 10/19/2016 06:43 PM, knarra wrote:
>>>
 Hi,

 I have latest ovirt master and i see that Hosted Engine CPU is
 always shown 100%. But the actual usage in the system is very less.  Is
 this a known issue or a bug ?


>> https://bugzilla.redhat.com/show_bug.cgi?id=1381899 should strongly
>> reduce it.
>> Kasturi, can you please try https://gerrit.ovirt.org/#/c/65230/ ?
>>
>>
>>
>>
>>> Thanks

 kasturi

 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users

>>>
>>> Attaching the screenshot for the same.
>>>
>>>
>>> ___
>>> Users mailing list
>>> Users@ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>>
>>
>>
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Hosted Engine CPU usage always shows 100%

2016-10-27 Thread knarra

On 10/27/2016 06:42 PM, Simone Tiraboschi wrote:



On Thu, Oct 27, 2016 at 2:56 PM, knarra > wrote:


Hi Simone,

I see that this patch is merged upstream. I have installed
latest master. But i still see that HostedEngine CPU shows 100%.
Is there something i am missing here?


So maybe it's an unrelated bug.
Do you see the same behavior if you directly check the CPU on the VM 
with top?



Thanks
kasturi


Hi simone,

I directly checked it on my machine and i see that the CPU 
utilization is very less .


top - 13:33:12 up 32 min,  1 user,  load average: 0.69, 0.66, 0.57
Tasks: 150 total,   1 running, 149 sleeping,   0 stopped,   0 zombie
%Cpu(s):  8.3 us,  9.0 sy,  0.0 ni, 82.5 id,  0.0 wa,  0.0 hi,  0.2 si,  
0.0 st


Thanks
kasturi



On 10/19/2016 10:33 PM, Simone Tiraboschi wrote:



On Wed, Oct 19, 2016 at 3:13 PM, knarra mailto:kna...@redhat.com>> wrote:

On 10/19/2016 06:43 PM, knarra wrote:

Hi,

I have latest ovirt master and i see that Hosted
Engine CPU is always shown 100%. But the actual usage in
the system is very less.  Is this a known issue or a bug ?


https://bugzilla.redhat.com/show_bug.cgi?id=1381899
 should
strongly reduce it.
Kasturi, can you please try https://gerrit.ovirt.org/#/c/65230/
 ?



Thanks

kasturi

___
Users mailing list
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users



Attaching the screenshot for the same.


___
Users mailing list
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users








___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] fakevdsm templates per datacenter

2016-10-27 Thread joost

Hi Roy,
thank you kindly for your response.
what i am trying to do is this.

1) Create a dc 'DC0-aws2'
2) Create a cluster 'CLUSTER0-aws2'
3) Add Host1 'PCB1-0-aws2'
4) Add Host2 'PCB2-0-aws2'
5) Create NFS Storage 'DC0-aws2-NFS'
6) Attach to DC 'DC0-aws2'



My issues are with step 5 and 6 but for reference some insights to what 
i am doing in case i am making mistakes in earlier steps.
Please be aware that when doing steps 5 and 6 in the ovirt web ui it 
seems to work which is somewhat strange i recon.


also note i see tons of the following log lines containing
Command 'ProcessOvfUpdateForStorageDomain'

i removed some to make the logs less verbose.


1) Create DC


self.api.datacenters.add(params.DataCenter(name='DC0-aws2',local=False,version=self.version))

1) Create Cluster
self.api.clusters.add(params.Cluster(
name='CLUSTER0-aws2',
cpu=params.CPU(id=self.cpu_type),

data_center=self.api.datacenters.get('DC0-aws2'),

version=self.version,
gluster_service = False,
threads_as_cores = True,
tunnel_migration = False,
trusted_service = False,
ha_reservation = False,
error_handling = 
params.ErrorHandling(on_error='do_not_migrate')

)):

3 Add Host1
spmParams = params.SPM(priority=7)
self.api.hosts.add(params.Host(
name='PCB1-0-aws2',
address='PCB1-0-aws2',

cluster=self.api.clusters.get('CLUSTER0-aws2'),

root_password='test',
spm = spmParams
)):


4 Add Host2
spmParams = params.SPM(priority=-1)
self.api.hosts.add(params.Host(
name='PCB2-0-aws2',
address='PCB2-0-aws2',

cluster=self.api.clusters.get('CLUSTER0-aws2'),

root_password='test',
spm = spmParams
)):

5 create nfs storage

myDC = self.api.datacenters.get(name='DC0-aws2')
myHOST = self.api.hosts.get(name='PCB1-0-aws2')
storageParams = params.Storage(address='PCB1-0-aws2', path="/data", 
type_="nfs",vfs_type='nfs' )
storageDomainParams = 
params.StorageDomain(name='DC0-aws2-NFS',data_center=myDC,storage_format='v3',type_='data', 
host=myHOST,storage=storageParams)# type_='data', storage_format="v3", 
storage=s)


sd = self.api.storagedomains.add(storageDomainParams)

6 attach nfs storage

self.api.datacenters.get(name='DC0-aws2').storagedomains.add(self.api.storagedomains.get(name='DC0-aws2-NFS'))



The last steps fails but it might be more is not done properly.

Logs below from step 1 to step 6


2016-10-27 13:15:55,759 INFO  
[org.ovirt.engine.core.bll.SerialChildCommandsExecutionCallback] 
(DefaultQuartzScheduler7) [d2d316c] Command 
'ProcessOvfUpdateForStorageDomain' (id: 
'b6600ea7-f75d-4726-bea6-5d73d980cbeb') waiting on child command id: 
'1990eaf9-c7c4-438d-a9be-2d4201cbdd34' type:'UploadStream' to complete
2016-10-27 13:15:55,761 INFO  
[org.ovirt.engine.core.bll.SerialChildCommandsExecutionCallback] 
(DefaultQuartzScheduler7) [49a0464] Command 
'ProcessOvfUpdateForStorageDomain' (id: 
'e9a99687-cb73-4481-959f-948f0a55449a') waiting on child command id: 
'840e7689-359c-49ea-aae5-76efa085daac' type:'UploadStream' to complete
2016-10-27 13:16:04,452 INFO  
[org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-113) 
[] User admin@internal successfully logged in with scopes: ovirt-app-api 
ovirt-ext=token-info:authz-search 
ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate
2016-10-27 13:16:04,473 INFO  
[org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default 
task-112) [46539124] Running command: CreateUserSessionCommand internal: 
false.
2016-10-27 13:16:04,603 INFO  
[org.ovirt.engine.core.bll.storage.pool.AddEmptyStoragePoolCommand] 
(default task-116) [356903d7] Running command: 
AddEmptyStoragePoolCommand internal: false. Entities affected :  ID: 
aaa0----123456789aaa Type: SystemAction group 
CREATE_STORAGE_POOL with role type ADMIN,  ID: 
580f14ab-03b0-0347-0279-01cf Type: MacPoolAction group 
CONFIGURE_MAC_POOL with role type ADMIN
2016-10-27 13:16:04,613 INFO  
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] 
(default task-116) [356903d7] Correlation ID: 356903d7, Call Stack: 
null, Custom Event ID: -1, Message: Data Center DC0-aws2, Compatibility 
Version 4.0 and Quota Type DISABLED was added by admin@internal-authz
2016-10-27 13:16:05,697 INFO  
[org.ovirt.engine.core.bll.AddClusterCommand] (default task-118) 
[527f31d

Re: [ovirt-users] Hosted Engine CPU usage always shows 100%

2016-10-27 Thread Simone Tiraboschi
On Thu, Oct 27, 2016 at 2:56 PM, knarra  wrote:

> Hi Simone,
>
> I see that this patch is merged upstream. I have installed latest
> master. But i still see that HostedEngine CPU shows 100%. Is there
> something i am missing here?
>

So maybe it's an unrelated bug.
Do you see the same behavior if you directly check the CPU on the VM with
top?


> Thanks
> kasturi
>
> On 10/19/2016 10:33 PM, Simone Tiraboschi wrote:
>
>
>
> On Wed, Oct 19, 2016 at 3:13 PM, knarra  wrote:
>
>> On 10/19/2016 06:43 PM, knarra wrote:
>>
>>> Hi,
>>>
>>> I have latest ovirt master and i see that Hosted Engine CPU is
>>> always shown 100%. But the actual usage in the system is very less.  Is
>>> this a known issue or a bug ?
>>>
>>>
> https://bugzilla.redhat.com/show_bug.cgi?id=1381899 should strongly
> reduce it.
> Kasturi, can you please try https://gerrit.ovirt.org/#/c/65230/ ?
>
>
>
>
>> Thanks
>>>
>>> kasturi
>>>
>>> ___
>>> Users mailing list
>>> Users@ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>
>> Attaching the screenshot for the same.
>>
>>
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] [ANN] oVirt 4.0.5 Fourth Release Candidate is now available

2016-10-27 Thread Sandro Bonazzola
The oVirt Project is pleased to announce the availability of oVirt 4.0.5
fourth release candidate for testing, as of October 27th, 2016.

This release is available now for:
* Fedora 23 (tech preview)
* Red Hat Enterprise Linux 7.2 or later
* CentOS Linux (or similar) 7.2 or later

This release supports Hypervisor Hosts running:
* Red Hat Enterprise Linux 7.2 or later
* CentOS Linux (or similar) 7.2 or later
* Fedora 23 (tech preview)
* oVirt Next Generation Node 4.0

This is pre-release software. Please take a look at our community page[1]
to know how to ask questions and interact with developers and users.
All issues or bugs should be reported via oVirt Bugzilla[2].
This pre-release should not to be used in production.

This update is the fourth release candidate of the fifth in a series of
stabilization updates to the 4.0 series.
4.0.5 brings 13 enhancements and 83 bugfixes, including 37 high or urgent
severity fixes, on top of oVirt 4.0 series
See the release notes [3] for installation / upgrade instructions and a
list of new features and bugs fixed.

Notes:
* A new oVirt Live ISO is available. [4]
* A new oVirt Next Generation Node will be available soon [4]
* A new oVirt Engine Appliance is available for Red Hat Enterprise Linux
and CentOS Linux (or similar)
* Mirrors[5] might need up to one day to synchronize.

Additional Resources:
* Read more about the oVirt 4.0.5 release highlights:
http://www.ovirt.org/release/4.0.5/
* Get more oVirt Project updates on Twitter: https://twitter.com/ovirt
* Check out the latest project news on the oVirt blog:
http://www.ovirt.org/blog/

[1] https://www.ovirt.org/community/
[2] https://bugzilla.redhat.com/enter_bug.cgi?classification=oVirt
[3] http://www.ovirt.org/release/4.0.5/
[4] http://resources.ovirt.org/pub/ovirt-4.0-pre/iso/
[5] http://www.ovirt.org/Repository_mirrors#Current_mirrors


-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Hosted Engine CPU usage always shows 100%

2016-10-27 Thread knarra

Hi Simone,

I see that this patch is merged upstream. I have installed latest 
master. But i still see that HostedEngine CPU shows 100%. Is there 
something i am missing here?


Thanks
kasturi
On 10/19/2016 10:33 PM, Simone Tiraboschi wrote:



On Wed, Oct 19, 2016 at 3:13 PM, knarra > wrote:


On 10/19/2016 06:43 PM, knarra wrote:

Hi,

I have latest ovirt master and i see that Hosted Engine
CPU is always shown 100%. But the actual usage in the system
is very less.  Is this a known issue or a bug ?


https://bugzilla.redhat.com/show_bug.cgi?id=1381899 should strongly 
reduce it.

Kasturi, can you please try https://gerrit.ovirt.org/#/c/65230/ ?



Thanks

kasturi

___
Users mailing list
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users



Attaching the screenshot for the same.


___
Users mailing list
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users





___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] Cannot Migrate Hosted Engine

2016-10-27 Thread knarra

Hi,

I have installed latest upstream master on RHEL7.2. When i try to 
put a host in maintenance which runs HE vm i see that vm does not get 
migrated to another host and host is stuck in "preparing for maintenace" 
state. I see the following errors in the vdsm.log . Can you please help 
me understand why this error is seen?


1.
   2016-10-27 16:40:22,742 ERROR (Thread-3293) [virt.vm]
   (vmId='21e0e248-19bf-47b3-b72f-6a3740d9ff43') Hook script execution
   failed: internal error: Child process (LC_ALL=C PAT
2.
   H=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
   /etc/libvirt/hooks/qemu HostedEngine migrate begin -) unexpected
   exit status 1: Traceback (most recent call last):
3.
  File "/usr/libexec/vdsm/vm_migrate_hook.py", line 51, in main
4.
   _process_domxml(tree)
5.
  File "/usr/libexec/vdsm/vm_migrate_hook.py", line 80, in
   _process_domxml
6.
   _set_graphics(devices, target_vm_conf)
7.
  File "/usr/libexec/vdsm/vm_migrate_hook.py", line 156, in
   _set_graphics
8.
   target_display_network, target_display_ip =
   _vmconf_display(target_vm_conf)
9.
  File "/usr/libexec/vdsm/vm_migrate_hook.py", line 177, in
   _vmconf_display
10.
   raise VmMigrationHookError('VM conf graphics not detected')
11.
   VmMigrationHookError: VM conf graphics not detected
12.
   Traceback (most recent call last):
13.
  File "/usr/libexec/vdsm/vm_migrate_hook.py", line 201, in 
14.
   main(*sys.argv[1:])
15.
  File "/usr/libexec/vdsm/vm_migrate_hook.py", line 51, in main
16.
   _process_domxml(tree)
17.
  File "/usr/libexec/vdsm/vm_migrate_hoo (migration:261)
18.
   2016-10-27 16:40:22,757 ERROR (Thread-3293) [virt.vm]
   (vmId='21e0e248-19bf-47b3-b72f-6a3740d9ff43') Failed to migrate
   (migration:390)
19.
   Traceback (most recent call last):
20.
  File "/usr/share/vdsm/virt/migration.py", line 372, in run
21.
   self._startUnderlyingMigration(time.time())
22.
  File "/usr/share/vdsm/virt/migration.py", line 447, in
   _startUnderlyingMigration
23.
   self._perform_with_downtime_thread(duri, muri)
24.
  File "/usr/share/vdsm/virt/migration.py", line 498, in
   _perform_with_downtime_thread
25.
   self._perform_migration(duri, muri)
26.
  File "/usr/share/vdsm/virt/migration.py", line 485, in
   _perform_migration
27.
   self._vm._dom.migrateToURI3(duri, params, flags)
28.
  File "/usr/lib/python2.7/site-packages/vdsm/virt/virdomain.py",
   line 69, in f
29.
ret = attr(*args, **kwargs)
30.
  File
   "/usr/lib/python2.7/site-packages/vdsm/libvirtconnection.py", line
   123, in wrapper
31.
ret = f(*args, **kwargs)
32.
  File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 899,
   in wrapper
33.
   return func(inst, *args, **kwargs)
34.
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1836,
   in migrateToURI3
35.
   :
36.
if ret == -1: raise libvirtError ('virDomainMigrateToURI3()
   failed', dom=self)
37.
   libvirtError: Hook script execution failed: internal error: Child
   process (LC_ALL=C
   PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
   /etc/libvirt/hooks/qemu HostedEngine migrate begin -) unexpected
   exit status 1: Traceback (most recent call last):
38.
  File "/usr/libexec/vdsm/vm_migrate_hook.py", line 51, in main
39.
   _process_domxml(tree)
40.
  File "/usr/libexec/vdsm/vm_migrate_hook.py", line 80, in
   _process_domxml
41.
   _set_graphics(devices, target_vm_conf)
42.
  File "/usr/libexec/vdsm/vm_migrate_hook.py", line 156, in
   _set_graphics
43.
   target_display_network, target_display_ip =
   _vmconf_display(target_vm_conf)
44.
  File "/usr/libexec/vdsm/vm_migrate_hook.py", line 177, in
   _vmconf_display
45.
   raise VmMigrationHookError('VM conf graphics not detected')
46.
   VmMigrationHookError: VM conf graphics not detected
47.
   Traceback (most recent call last):
48.
  File "/usr/libexec/vdsm/vm_migrate_hook.py", line 201, in 
49.
   main(*sys.argv[1:])
50.
  File "/usr/libexec/vdsm/vm_migrate_hook.py", line 51, in main
51.
   _process_domxml(tree)
52.
  File "/usr/libexec/vdsm/vm_migrate_hoo

Thanks

kasturi.

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Local storage & shared in same cluster

2016-10-27 Thread Elad Ben Aharon
By design, host local storage is accessible from the host itself only and
that's why it cannot be used in shared storage Data Centres.

On Thu, Oct 27, 2016 at 9:59 AM, Sebastian Greco 
wrote:

> Hi,
>
> Is there a technical reason for not being able to use the local host
> storage if that host is already in a cluster with shared storage?
>
> For instance, if a user has a server with with a lot of storage and he
> wants to use that storage for non HA VMs that will only run over that host
> while, that host is also part of a cluster running VMs in a shared storage.
>
> If there's no technical reason/limitation behind this and this is a design
> choice, do you consider this to be in a roadmap?
>
> Thanks!
>
> Sebastián Greco
> IT Consultant
> Cloud Computing - Red Hat - VMware - Zimbra
> www.essiprojects.com
> *www.essiprojects.co.uk *
>
> Pl. Prim, 4-5 Pral 2a · T:+34 977 221 182 · M: +34 619 985 161 F: +34 977
> 230 170 · 43001 Tarragona Spain
> 120 Pall Mall · T:+44 207 101 0778 · F: +44 843 538 3112 · SW1Y 5ED
> *London* UK
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] fakevdsm templates per datacenter

2016-10-27 Thread Roy Golan
On 27 October 2016 at 10:42,  wrote:

> Hi All, i have two ovirt / fakevdsm questions.
>
> I am using fakevdsm to test my ovirt 4.0.5 engine.
> I have a somewhat awkward setup where i have a relatively large amount of
> dc's.

I cannot get nfs master domain to work from the api.
> The api code is solid and is used on a ovirt-engine 3.5 production cluster.
>
>

> When creating the nfs storage domain i have no issues (it is created as id
> (0-0 more zeros here..) but when i try to attach it to a dc it
> fails.
>

please share the logs


> I am not sure this is an ovirt of fakevdsm issue. When i manually add the
> nfs storage domain it does get created which is somewhat worrying.
>

Manually?


> My real aim would be to run 500 dc's with 2 hosts and around 5 vms.
>
>
You'd have to have a host per DC, cause every DC has an SPM. You meant
cluster or I'm missing something.


> Not being able to use the nfs storage master domain is one of the issues.
>
> To work around this i decided to try and create 1000 dcs with a single
> host using local storage.
> Allthough this works it looks like the hosts and vms within the dc's are
> actually not having their own storage pool.
>
> In our prod environment we run at a much lower scale serveral dc's with
> shared gluster storage (shared between the two hosts in the cluster)
> This is considered per dc its own storage pool.
>
> In my tests when reaching dc,cluster, host 249 things fail, this is likely
> because of the value of 'maxnumberofhostsinstoragepool'. I would expect
> this to be bound to the dcs and not the overall server.
>
> In short i expect each dc to be able to run 249 hosts as each dc is its
> own storage pool?
>
> I'm not sure I understand the question. However, the limitation is soft
and can be overridden.


> Similarly when i look at the ovirt ui some hosts actually show they are
> running the total amount of running vms.
>

Yes, when running with vdsm fake you must set this config value as well

```bash

sudo -i -u postgreexport ENGINE_DB=dbname
psql $ENGINE_DB -c "UPDATE vdc_options set option_value = 'true' WHERE
option_name = 'UseHostNameIdentifier';"

 ```

I've sent a patch to gerrit for that  https://gerrit.ovirt.org/65804


> Again i am not sure if i am correct in assuming each dc is its own storage
> pool.
>
> Correct. DC = Storage Pool

>
> Finally.
> As this setup is somewhat awkward i would like to tweak the diverse flags
> in ovirt engine to be more relaxed about obtaining data from the hosts and
> storage domains.
>
> I believe ovirt engine now checks every 3 seconds the host but i am
> guessing i can live with every 60 seconds for example, the same would apply
> for the storage part. what i am not sure about though is if there is a
> golden ratio between these config items.
> I.e. there is vdsRefreshRate, if i set this to 60 instead of 3 do i need
> to also change the vdsTimeout value which is set to 180 by default?
>
> Change the VdsRefreshRate to 20s - but bare in mind that we have a
limitation when starting up a VM - its status will show as up only after
the next 20s interval
Please report with your finding on the above tweak


> sorru for the lenght of this message.
> the most critical items are.
> Should i worry about not being eable to create an nfs master domain or is
> this a fakevdsm thing
> Why are my dcs, for someone reason related to the main storage pool or am
> i right in thinking a dc + cluster +host with local storage, is its own
> storage pool?
>
> Thanks you so much.
>
>
>
>
>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Local storage & shared in same cluster

2016-10-27 Thread Sebastian Greco
Ohh thx for the answer :) That's why the running VMs on that particular
storage would only run on that host. One can do that in other hypervisors
like vsphere or hyper-v. It would be a nice thing to have in rhv too imho.


On Thu, Oct 27, 2016 at 12:44 PM, Elad Ben Aharon 
wrote:

> By design, host local storage is accessible from the host itself only and
> that's why it cannot be used in shared storage Data Centres.
>
> On Thu, Oct 27, 2016 at 9:59 AM, Sebastian Greco 
> wrote:
>
>> Hi,
>>
>> Is there a technical reason for not being able to use the local host
>> storage if that host is already in a cluster with shared storage?
>>
>> For instance, if a user has a server with with a lot of storage and he
>> wants to use that storage for non HA VMs that will only run over that host
>> while, that host is also part of a cluster running VMs in a shared storage.
>>
>> If there's no technical reason/limitation behind this and this is a
>> design choice, do you consider this to be in a roadmap?
>>
>> Thanks!
>>
>> Sebastián Greco
>> IT Consultant
>> Cloud Computing - Red Hat - VMware - Zimbra
>> www.essiprojects.com
>> *www.essiprojects.co.uk *
>>
>> Pl. Prim, 4-5 Pral 2a · T:+34 977 221 182 · M: +34 619 985 161 F: +34
>> 977 230 170 · 43001 Tarragona Spain
>> 120 Pall Mall · T:+44 207 101 0778 · F: +44 843 538 3112 · SW1Y 5ED
>> *London* UK
>>
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt engine and primary DNS

2016-10-27 Thread Gianluca Cecchi
On Thu, Oct 27, 2016 at 12:32 PM, Jonas Israelsson <
jonas.israels...@elementary.se> wrote:

> I could indeed, the issue I saw yesterday is resolved already. I was
> merely thinking we might have a potential single point of failure here.
> While the primary nameserver was offline the machine (where the
> ovirt-engine is running) itself had no problem doing name-resolution, still
> oVirt-ui was acting rather unpleasant.
> And since my changes to resolv.conf only had an impact after restarting
> the engine I thought there are some internals, such as a cache causing this
> problem.
>

It was only a suggestion, I didn't try myself with ovirt-engine.
But if you have a test system, you can simulate running something like this
on your engine server

change resolv.conf while engine is running

silently drop connections to primary dns server with
iptables -I OUTPUT -d your_primary_dns_ip -j DROP
(at the end of tests you delete the rule checking the line number of the
inserted line (it should be 1 because of "-I" option above) with
iptables -L -n --line-numbers
and then
iptables -D OUTPUT 1
or in general
iptables -D OUTPUT N
if line is not 1 but N
)

you can then monitor calls to dns with tcpdump, something like
tcpdump -nn dst port 53

HIH debugging,
Gianluca
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt engine and primary DNS

2016-10-27 Thread Jonas Israelsson


Can you try if these settings inside /etc/resolv.conf can make oVirt 
engine web uo work better?


options rotate
options timeout:1
options attempts:1

Please note that nslookup and dig commands seem not to go through 
these settings if you change them.
But if you use eg ping command you can see they work as expected (at 
least the rotate one).


I could indeed, the issue I saw yesterday is resolved already. I was 
merely thinking we might have a potential single point of failure here.
While the primary nameserver was offline the machine (where the 
ovirt-engine is running) itself had no problem doing name-resolution, 
still oVirt-ui was acting rather unpleasant.
And since my changes to resolv.conf only had an impact after restarting 
the engine I thought there are some internals, such as a cache causing 
this problem.


I can't say for sure if this was due to long delays, but some operations 
in the UI, I was waiting for several minutes before cancelling. And I 
believe that is more than enough time for the OS to try a second 
nameserver.


But this could by all mean have something to do with my 
infrastructure/setup. So let me do some more digging, and if I'm wrong, 
my apologies for the noise.


Brgds,
Jonas
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt engine and primary DNS

2016-10-27 Thread Gianluca Cecchi
On Thu, Oct 27, 2016 at 11:42 AM, Jonas Israelsson <
jonas.israels...@elementary.se> wrote:

>
> Well it's not like the machine (nor oVirt) doesn’t have a working DNS. My
> point is, I'm under the impression it only uses one (the first) from
> resolv.conf and ignores the rest.
>
> Rgds,
> Jonas
>
>
>
Can you try if these settings inside /etc/resolv.conf can make oVirt engine
web uo work better?

options rotate
options timeout:1
options attempts:1

Please note that nslookup and dig commands seem not to go through these
settings if you change them.
But if you use eg ping command you can see they work as expected (at least
the rotate one).
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt 3.6 Migrated from Legacy AD Authentication - Previously Used AD Users Can't Log In

2016-10-27 Thread Ondra Machacek

Unfortunatelly no, we decided to use UPN instead of SAM account name,
because SAM account name is limit IIRC to 15 characters, while UPN is
not limited.

On 10/26/2016 08:58 PM, Beckman, Daniel wrote:

That’s it! Some background: within our IT department most of us have a regular 
user account and an administrative account. For the later account type, the UPN 
and SAM account name happen to be the same (e.g. jdoead...@example.com) whereas 
for regular users UPN is something like john@example..com.  When I used the 
UPN name (e.g. john.doe) the login worked fine.

We can work with that. But is there a way to change it to using SAM account 
name?

Thanks,
Daniel

On 10/26/16, 12:58 PM, "Ondra Machacek"  wrote:

On 10/26/2016 06:31 PM, Beckman, Daniel wrote:
> I have been updating our oVirt 3.6 (3.6.7.5-1) environment in
> preparation for upgrading to oVirt 4.
>
>
>
> We had been using the legacy AD connection (via engine-manage-domains),
> and since that’s no longer available in oVirt 4, this was a priorty. (I
> put this off as long as I could – I found the new method a step back in
> ease of use.)
>
>
>
> So following the documentation I setup
> ‘ovirt-engine-extension-aaa-ldap’, connecting to the same Active
> Directory forest. It seemed to work; I was able to look up users. But
> none of the existing AD users that we had been using in oVirt were able
> to log in to the admin or user portal, using the new extension. The
> error is “General command validation failure.”. (Whereas if you enter a
> wrong password, you get the expected wrong password error.)* *Here’s
> what /var/log/ovirt-engine/engine.log shows for “myuser”:
>
> {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class
> 
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class
> 
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0,
> Extkey[name=EXTENSION_LICENSE;type=class
> 
java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL
> 2.0, Extkey[name=EXTENSION_NOTES;type=class
> 
java.lang.String;uuid=EXTENSION_NOTES[2da5ad7e-185a-4584-aaff-97f66978e4ea];]=Display
> name: ovirt-engine-extension-aaa-ldap-1.1.4-1.el7,
> Extkey[name=EXTENSION_HOME_URL;type=class
> 
java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=http://www.ovirt.org,
> Extkey[name=EXTENSION_LOCALE;type=class
> 
java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US,
> Extkey[name=EXTENSION_NAME;type=class
> 
java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=ovirt-engine-extension-aaa-ldap.authz,
> Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class
> 
java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0,
> Extkey[name=EXTENSION_CONFIGURATION;type=class
> 
java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***,
> Extkey[name=EXTENSION_AUTHOR;type=class
> 
java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The
> oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class
> 
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=50,
> Extkey[name=EXTENSION_INSTANCE_NAME;type=class
> 
java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=ingramcontent.com,
> Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class
> 
java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0,
> Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface
> 
java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[],
> Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class
> 
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*,
> Extkey[name=EXTENSION_VERSION;type=class
> 
java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=1.1.4,
> Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface
> 
java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[DC=ingramcontent,DC=com],
> Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface
> 
org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.ovirt-engine-extension-aaa-ldap.authz.ingramcontent.com),
> Extkey[name=EXTENSION_PROVIDES;type=interface
> 
java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91]

Re: [ovirt-users] oVirt engine and primary DNS

2016-10-27 Thread Simone Tiraboschi
On Thu, Oct 27, 2016 at 11:42 AM, Jonas Israelsson <
jonas.israels...@elementary.se> wrote:

>
>
> On 27/10/16 11:34, Simone Tiraboschi wrote:
>
>
>
> On Thu, Oct 27, 2016 at 10:17 AM, Jonas Israelsson <
> jonas.israels...@elementary.se> wrote:
>
>> Greetings.
>>
>> We are under the impression if the machine that runs the oVirt-engine
>> looses it's primary nameserver, the oVirt web-ui becomes more or less
>> unresponsive.
>>
>> By primary I mean the nameserver at the top of resolv.conf
>>
>> In 3.x it was a disaster, 4.0 is far better, but for instance trying to
>> import storage domains just gives you a spinning wheel when it's searching
>> for nfs-domains to display.
>>
>> By reorder the nameservers in resolv.conf we got it working yesterday
>> during our 3.6 ---> 4.0 migration.
>>
>> Could someone confirm this, please ?
>>
>>
> Yes, in order to correctly work, oVirt requires a working DNS also for
> reverse resolution.
>
> Well it's not like the machine (nor oVirt) doesn’t have a working DNS. My
> point is, I'm under the impression it only uses one (the first) from
> resolv.conf and ignores the rest.
>
>
Not really, the default behavior is:

(The algorithm used is to try a name server, and if the query times out,
try the next, until out of name servers, then repeat trying all the name
servers until a maximum number of retries are made.)
From:
https://linux.die.net/man/5/resolver

That's why you see delays if the first DNS entry is not correctly working.


> Rgds,
> Jonas
>
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] disk image uploading

2016-10-27 Thread Amit Aviram
On Thu, Oct 27, 2016 at 12:22 PM, Chris Cowley 
wrote:

> Simple question:
>
> Is there a better way of uploading a disk to a storage domain than through
> my browser?
>

Soon​ you will be able to do that using the REST API or JDK if that fits
your needs better. What difficulties did you find while uploading through
the browser btw?



>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt engine and primary DNS

2016-10-27 Thread Jonas Israelsson



On 27/10/16 11:34, Simone Tiraboschi wrote:



On Thu, Oct 27, 2016 at 10:17 AM, Jonas Israelsson 
> wrote:


Greetings.

We are under the impression if the machine that runs the
oVirt-engine looses it's primary nameserver, the oVirt web-ui
becomes more or less unresponsive.

By primary I mean the nameserver at the top of resolv.conf

In 3.x it was a disaster, 4.0 is far better, but for instance
trying to import storage domains just gives you a spinning wheel
when it's searching for nfs-domains to display.

By reorder the nameservers in resolv.conf we got it working
yesterday during our 3.6 ---> 4.0 migration.

Could someone confirm this, please ?


Yes, in order to correctly work, oVirt requires a working DNS also for 
reverse resolution.
Well it's not like the machine (nor oVirt) doesn’t have a working DNS. 
My point is, I'm under the impression it only uses one (the first) from 
resolv.conf and ignores the rest.


Rgds,
Jonas


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Hosted-Engine-HA-Simulation-Error

2016-10-27 Thread Simone Tiraboschi
On Wed, Oct 26, 2016 at 3:48 PM, Anzar Sainudeen 
wrote:

> Dear Yanir,
>
>
>
> Thank you for your fast reply.
>
> My current ovirt node version is 4.0.3. Please let me know the next which
> version release will resolve the error ‘The host hosted_engine_2 did not
> satisfy internal filter HA because it is not a Hosted Engine host..”
>
>
>
> Second Issues(vm not available)
>
> I have setup hosted-engine setup in first host1 successfully and on the
> second host we use # hosted-engine --deploy --config-append=answers.conf
>
> My shared storage type is FC and select the same location chose for the
> host-2 install the vm sucessfull.
>
> But in the engine àunder-àhost , the second hosted-engine vm is not
> visbilbe.
>

Just a point here: you are going to have a single engine VM, it could run
on hosted_engine_1 or on hosted_engine_2 but just on one of them at a time.
The ovirt-ha-agent daemons, running on all the involved hosted-engine
hosts, are in charge to identify which is the best host to run the engine
VM on.


>
>
> I will attached some screen short, please support and advise we are in
> wright path….to complete our R&D
>
>
>
>
> *Anzar SainudeenDatacenter **Infrastructure*
> * Incharge**IT Infrastructure Division*
>
> *Tel: +971 6 7431333 Ext: 1303 <%2B971%206%207431333%20Ext%3A%201303>Mob:
> +971 55 8633699 <%2B971%2055%208633699> *
>
> *Email:  an...@it.thumbay.com  Web: www.thumbay.com
> *
>
> [image: Description:
> https://docs.google.com/uc?export=download&id=0ByrcJpYbMetaVExqQzBrVldnVkU&revid=0ByrcJpYbMetaYWNlWlJuc2hCdGZiR0swM25wdzhwODBBeXk0PQ]
>
> *DUBAI I SHARJAH I AJMAN I UMM AL QUWAIN I RAS AL KHAIMAH I FUJAIRAH I
> INDIA*
>
>
>
> Disclaimer: This message contains confidential information and is intended
> only for the individual named. If you are not the named addressee, you are
> hereby notified that disclosing, copying, distributing or taking any action
> in reliance on the contents of this e-mail is strictly prohibited. Please
> notify the sender immediately by e-mail if you have received this e-mail by
> mistake, and delete this material. Thumbay Group accepts no liability for
> errors or omissions in the contents of this message, which arise as a
> result of e-mail transmission.
>
>
>
>
>
>
>
>
>
>
>
> *From:* Yanir Quinn [mailto:yqu...@redhat.com]
> *Sent:* Wednesday, October 26, 2016 3:50 PM
> *To:* Anzar Sainudeen
> *Cc:* users
> *Subject:* Re: [ovirt-users] Hosted-Engine-HA-Simulation-Error
>
>
>
> Hi Anzar ,
>
> There is a bug for this misleading second log message :
> https://bugzilla.redhat.com/show_bug.cgi?id=1314377
> which is being handled for the next version.
>
> since the second host is not available as a virtual machine a proper
> message should reflect that instead of the current one you get now.
>
> Thanks
>
> Yanir Quinn
>
>
>
> On Wed, Oct 26, 2016 at 2:32 PM, Anzar Sainudeen 
> wrote:
>
> Dear Team,
>
>
>
> I am getting the below error during the hosted-Engine HA testing.
>
>
>
> Error while executing action:
>
> 1. HostedEngine:
>
>- Cannot migrate VM. There is no host that satisfies current
>scheduling constraints. See below for details:
>- The host hosted_engine_1 did not satisfy internal filter Migration
>because it currently hosts the VM..
>- The host hosted_engine_2 did not satisfy internal filter HA because
>it is not a Hosted Engine host..
>
>
>
> 2. Second is hosted_engine_2 is not available as a virtual machine.
>
>
>
>
>
>
>
>
>
>
>
>
>
> *Anzar SainudeenDatacenter Infrastructure InchargeIT Infrastructure
> DivisionTel: +971 6 7431333 Ext: 1303
> <%2B971%206%207431333%20Ext%3A%201303>Mob: +971 55 8633699
> <%2B971%2055%208633699> *
>
> *Email:  an...@it.thumbay.com  Web: www.thumbay.com
> *
>
> [image: Description:
> https://docs.google.com/uc?export=download&id=0ByrcJpYbMetaVExqQzBrVldnVkU&revid=0ByrcJpYbMetaYWNlWlJuc2hCdGZiR0swM25wdzhwODBBeXk0PQ]
>
> *DUBAI I SHARJAH I AJMAN I UMM AL QUWAIN I RAS AL KHAIMAH I FUJAIRAH I
> INDIA*
>
>
>
> Disclaimer: This message contains confidential information and is intended
> only for the individual named. If you are not the named addressee, you are
> hereby notified that disclosing, copying, distributing or taking any action
> in reliance on the contents of this e-mail is strictly prohibited. Please
> notify the sender immediately by e-mail if you have received this e-mail by
> mistake, and delete this material. Thumbay Group accepts no liability for
> errors or omissions in the contents of this message, which arise as a
> result of e-mail transmission.
>
>
>
>
>
>
>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovir

Re: [ovirt-users] Uncaught exception occurred. Cannot read property 'f' of null

2016-10-27 Thread Ramesh Nachimuthu



On 10/27/2016 02:56 PM, Jorick Astrego wrote:




On 10/20/2016 03:14 PM, Alexander Wels wrote:

On Thursday, October 20, 2016 9:20:23 AM EDT Jorick Astrego wrote:

On 10/18/2016 03:59 PM, Michal Skrivanek wrote:

On 18 Oct 2016, at 15:56, Alexander Wels  wrote:

On Tuesday, October 18, 2016 3:44:31 PM EDT Jorick Astrego wrote:

Hi,

We have ovirt connected to our freeipa domain. Things work fine

generally, but once in a while I get the following error pop up in the

ui:

 Uncaught exception occurred. Please try reloading the page. Details:
 Exception caught: Exception caught: (TypeError) __gwt$exception:
 : Cannot read property 'f' of null
 Please have your administrator check the UI logs

Could you install the symbol maps assocaited with the obfuscated code so
we
can get a readable stack trace. To install the symbol maps please run the
following command on the machine running the engine (or VM if it is HE).

yum install ovirt-engine-webadmin-portal-debuginfo

Please restart the ovirt-engine process with

systemctl restart ovirt-engine

after you have installed the symbol maps. Then next time you see the
message in the UI, the stack trace in the log should be readable and we
can help you better determine what is causing the problem.

right, that’s likely even easier than what I just wrote;-)


The log that goes with it:

2016-10-17 16:31:32,578 ERROR
[org.ovirt.engine.ui.frontend.server.gwt.OvirtRemoteLoggingService]
(default task-21) [] Permutation name: 430985F23DFC1C8BE1C7FDD91EDAA785
2016-10-17 16:31:32,578 ERROR
[org.ovirt.engine.ui.frontend.server.gwt.OvirtRemoteLoggingService]
(default task-21) [] Uncaught exception: :
com.google.gwt.event.shared.UmbrellaException: Exception caught:
Exception caught: (TypeError)

   __gwt$exception: : Cannot read property 'f' of null
   
  at


Unknown.ps(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985F
23DF C1C8BE1C7FDD91EDAA785.cache.html@3837) at
Unknown.xs(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985F
23DF C1C8BE1C7FDD91EDAA785.cache.html@41) at
Unknown.C3(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985F
23DF C1C8BE1C7FDD91EDAA785.cache.html@19) at
Unknown.F3(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985F
23DF C1C8BE1C7FDD91EDAA785.cache.html@19) at
Unknown.P2(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985F
23DF C1C8BE1C7FDD91EDAA785.cache.html@117) at
Unknown.hwf(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
F23D FC1C8BE1C7FDD91EDAA785.cache.html@41) at
Unknown.twf(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
F23D FC1C8BE1C7FDD91EDAA785.cache.html@162) at
Unknown.xwf(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
F23D FC1C8BE1C7FDD91EDAA785.cache.html@14293) at
Unknown.KVe(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
F23D FC1C8BE1C7FDD91EDAA785.cache.html@1172) at
Unknown.yUe(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
F23D FC1C8BE1C7FDD91EDAA785.cache.html@33) at
Unknown.viy(@53)at Unknown.Piy(@18587) at
Unknown.zOr(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
F23D FC1C8BE1C7FDD91EDAA785.cache.html@189) at
Unknown.$to(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
F23D FC1C8BE1C7FDD91EDAA785.cache.html@311) at
Unknown.VBo(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
F23D FC1C8BE1C7FDD91EDAA785.cache.html@2599) at
Unknown.mCo(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
F23D FC1C8BE1C7FDD91EDAA785.cache.html@8942) at
Unknown.qRn(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
F23D FC1C8BE1C7FDD91EDAA785.cache.html@116) at
Unknown.tRn(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
F23D FC1C8BE1C7FDD91EDAA785.cache.html@568) at
Unknown.kVn(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
F23D FC1C8BE1C7FDD91EDAA785.cache.html@74) at
Unknown.nVn(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
F23D FC1C8BE1C7FDD91EDAA785.cache.html@25943) at
Unknown.cUn(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
F23D FC1C8BE1C7FDD91EDAA785.cache.html@150) at
Unknown.fUn(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
F23D FC1C8BE1C7FDD91EDAA785.cache.html@24587) at
Unknown.KJe(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
F23D FC1C8BE1C7FDD91EDAA785.cache.html@21125) at
Unknown.Izk(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
F23D FC1C8BE1C7FDD91EDAA785.cache.html@10384) at
Unknown.P3(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985F
23DF C1C8BE1C7FDD91EDAA785.cache.html@137) at
Unknown.g4(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985F
23DF C1C8BE1C7FDD91EDAA785.cache.html@8271) at
Unknown.(https://ovirttest.netbulae.test/ovirt-engine/webadmi
n/43 0985F23DFC1C8BE1C7FDD91EDAA785.cache.html@65) at
Unknown._t(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985F
23DF C1C8BE1C7FDD91EDAA785.cache.html@29)

Re: [ovirt-users] oVirt engine and primary DNS

2016-10-27 Thread Simone Tiraboschi
On Thu, Oct 27, 2016 at 10:17 AM, Jonas Israelsson <
jonas.israels...@elementary.se> wrote:

> Greetings.
>
> We are under the impression if the machine that runs the oVirt-engine
> looses it's primary nameserver, the oVirt web-ui becomes more or less
> unresponsive.
>
> By primary I mean the nameserver at the top of resolv.conf
>
> In 3.x it was a disaster, 4.0 is far better, but for instance trying to
> import storage domains just gives you a spinning wheel when it's searching
> for nfs-domains to display.
>
> By reorder the nameservers in resolv.conf we got it working yesterday
> during our 3.6 ---> 4.0 migration.
>
> Could someone confirm this, please ?
>
>
Yes, in order to correctly work, oVirt requires a working DNS also for
reverse resolution.


> Brgds,
>
> Jonas
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Upgrading oVirt 3.6 with existing HTTPS certificate signed by custom CA to oVirt 4

2016-10-27 Thread Nicolas Ecarnot

Le 27/10/2016 à 00:14, Kenneth Bingham a écrit :

I did install a server certificate from a private CA on the engine
server for the oVirt 4 Manager GUI, but haven't figured out how to
configure engine to trust the same CA which also issued the server
certificate presented by vdsm. This is important for us because this is
the same server certificate presented by the host when using the console
(e.g. websocket console falls silently if the user agent doesn't trust
the console server's certificate).


Hello,

Maybe related bug : on an oVirt 4, I followed the same procedure below 
to install a custom CA, with *SUCCESS*.


Today, I had to reinstall one of the hosts, and it is failing with :
"CA certificate and CA private key do not match" :

http://pastebin.com/9JS05JtJ

Which certificate did we (Kenneth and I) did we mis-used?
What did we do wrong?

Regards,

Nicolas ECARNOT




On Wed, Oct 26, 2016, 16:58 Beckman, Daniel
mailto:daniel.beck...@ingramcontent.com>> wrote:

We have oVirt 3.6.7 and I am preparing to upgrade to 4.0.4 release.
I read the release notes (https://www.ovirt.org/release/4.0.4/) and
noted comment #4 under “Install / Upgrade from previous version”:

__ __

/If you are using HTTPS certificate signed by custom certificate
authority, please take a look at https://bugzilla.redhat.com/1336838
for steps which need to be done after migration to 4.0. Also please
consult https://bugzilla.redhat.com/1313379 how to setup this custom
CA for use with virt-viewer clients./

/__ __/

So I referred to the first bugzilla
(https://bugzilla.redhat.com/show_bug.cgi?id=1336838), where it
states as follows:

__ __

If customer wants to use custom HTTPS certificate signed by
different CA, then he has to perform following steps: 

__ __

1. Install custom CA (that signed HTTPS certificate) into host wide
trustore (more info can be found in update-ca-trust man page) 

__ __

2. Configure HTTPS certificate in Apache (this step is same as in
previous versions) 

__ __

3. Create new configuration file (for example
/etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf) with
following content: 

ENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts"
ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="" 

__ __

4. Restart ovirt-engine service

__ __

I find it humorous that step # 1 suggests reading the “man page”
which is only slightly better than suggesting to “google” it. 

__ __

Has anyone using a custom CA for their HTTPS certificate
successfully upgraded to oVirt 4? If so could you share your
detailed steps? Or can anyone point me to an actual example of this
procedure? I’m a little nervous about the upgrade if you can’t
already tell. 

__ __

Thanks,

Daniel

___
Users mailing list
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users




--
Nicolas ECARNOT
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Uncaught exception occurred. Cannot read property 'f' of null

2016-10-27 Thread Jorick Astrego


On 10/20/2016 03:14 PM, Alexander Wels wrote:
> On Thursday, October 20, 2016 9:20:23 AM EDT Jorick Astrego wrote:
>> On 10/18/2016 03:59 PM, Michal Skrivanek wrote:
 On 18 Oct 2016, at 15:56, Alexander Wels  wrote:

 On Tuesday, October 18, 2016 3:44:31 PM EDT Jorick Astrego wrote:
> Hi,
>
> We have ovirt connected to our freeipa domain. Things work fine
>
> generally, but once in a while I get the following error pop up in the
> ui:
>  Uncaught exception occurred. Please try reloading the page. Details:
>  Exception caught: Exception caught: (TypeError) __gwt$exception:
>  : Cannot read property 'f' of null
>  Please have your administrator check the UI logs
 Could you install the symbol maps assocaited with the obfuscated code so
 we
 can get a readable stack trace. To install the symbol maps please run the
 following command on the machine running the engine (or VM if it is HE).

 yum install ovirt-engine-webadmin-portal-debuginfo

 Please restart the ovirt-engine process with

 systemctl restart ovirt-engine

 after you have installed the symbol maps. Then next time you see the
 message in the UI, the stack trace in the log should be readable and we
 can help you better determine what is causing the problem.
>>> right, that’s likely even easier than what I just wrote;-)
>>>
> The log that goes with it:
>
> 2016-10-17 16:31:32,578 ERROR
> [org.ovirt.engine.ui.frontend.server.gwt.OvirtRemoteLoggingService]
> (default task-21) [] Permutation name: 430985F23DFC1C8BE1C7FDD91EDAA785
> 2016-10-17 16:31:32,578 ERROR
> [org.ovirt.engine.ui.frontend.server.gwt.OvirtRemoteLoggingService]
> (default task-21) [] Uncaught exception: :
> com.google.gwt.event.shared.UmbrellaException: Exception caught:
> Exception caught: (TypeError)
>
>__gwt$exception: : Cannot read property 'f' of null
>
>   at
>
> Unknown.ps(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985F
> 23DF C1C8BE1C7FDD91EDAA785.cache.html@3837) at
> Unknown.xs(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985F
> 23DF C1C8BE1C7FDD91EDAA785.cache.html@41) at
> Unknown.C3(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985F
> 23DF C1C8BE1C7FDD91EDAA785.cache.html@19) at
> Unknown.F3(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985F
> 23DF C1C8BE1C7FDD91EDAA785.cache.html@19) at
> Unknown.P2(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985F
> 23DF C1C8BE1C7FDD91EDAA785.cache.html@117) at
> Unknown.hwf(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
> F23D FC1C8BE1C7FDD91EDAA785.cache.html@41) at
> Unknown.twf(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
> F23D FC1C8BE1C7FDD91EDAA785.cache.html@162) at
> Unknown.xwf(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
> F23D FC1C8BE1C7FDD91EDAA785.cache.html@14293) at
> Unknown.KVe(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
> F23D FC1C8BE1C7FDD91EDAA785.cache.html@1172) at
> Unknown.yUe(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
> F23D FC1C8BE1C7FDD91EDAA785.cache.html@33) at
> Unknown.viy(@53)at Unknown.Piy(@18587) at
> Unknown.zOr(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
> F23D FC1C8BE1C7FDD91EDAA785.cache.html@189) at
> Unknown.$to(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
> F23D FC1C8BE1C7FDD91EDAA785.cache.html@311) at
> Unknown.VBo(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
> F23D FC1C8BE1C7FDD91EDAA785.cache.html@2599) at
> Unknown.mCo(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
> F23D FC1C8BE1C7FDD91EDAA785.cache.html@8942) at
> Unknown.qRn(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
> F23D FC1C8BE1C7FDD91EDAA785.cache.html@116) at
> Unknown.tRn(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
> F23D FC1C8BE1C7FDD91EDAA785.cache.html@568) at
> Unknown.kVn(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
> F23D FC1C8BE1C7FDD91EDAA785.cache.html@74) at
> Unknown.nVn(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
> F23D FC1C8BE1C7FDD91EDAA785.cache.html@25943) at
> Unknown.cUn(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
> F23D FC1C8BE1C7FDD91EDAA785.cache.html@150) at
> Unknown.fUn(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
> F23D FC1C8BE1C7FDD91EDAA785.cache.html@24587) at
> Unknown.KJe(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
> F23D FC1C8BE1C7FDD91EDAA785.cache.html@21125) at
> Unknown.Izk(https://ovirttest.netbulae.test/ovirt-engine/webadmin/430985
> F23D FC1C8BE1C7FDD91EDAA785.cache.html@10384) at
> Unknown.P3(https://ov

[ovirt-users] disk image uploading

2016-10-27 Thread Chris Cowley
Simple question:

Is there a better way of uploading a disk to a storage domain than through
my browser?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] oVirt engine and primary DNS

2016-10-27 Thread Jonas Israelsson

Greetings.

We are under the impression if the machine that runs the oVirt-engine 
looses it's primary nameserver, the oVirt web-ui becomes more or less 
unresponsive.


By primary I mean the nameserver at the top of resolv.conf

In 3.x it was a disaster, 4.0 is far better, but for instance trying to 
import storage domains just gives you a spinning wheel when it's 
searching for nfs-domains to display.


By reorder the nameservers in resolv.conf we got it working yesterday 
during our 3.6 ---> 4.0 migration.


Could someone confirm this, please ?

Brgds,

Jonas

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] Local storage & shared in same cluster

2016-10-27 Thread Sebastian Greco
Hi,

Is there a technical reason for not being able to use the local host
storage if that host is already in a cluster with shared storage?

For instance, if a user has a server with with a lot of storage and he
wants to use that storage for non HA VMs that will only run over that host
while, that host is also part of a cluster running VMs in a shared storage.

If there's no technical reason/limitation behind this and this is a design
choice, do you consider this to be in a roadmap?

Thanks!

Sebastián Greco
IT Consultant
Cloud Computing - Red Hat - VMware - Zimbra
www.essiprojects.com
*www.essiprojects.co.uk *

Pl. Prim, 4-5 Pral 2a · T:+34 977 221 182 · M: +34 619 985 161 F: +34 977
230 170 · 43001 Tarragona Spain
120 Pall Mall · T:+44 207 101 0778 · F: +44 843 538 3112 · SW1Y 5ED *London*
 UK
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Hosted-Engine-HA-Simulation-Error

2016-10-27 Thread Yanir Quinn
As Martin said , check the status of the second host as the error message
might be lacking in some information (not an error - just insufficient info
for the time being)

Thanks Martin.

Regards
Yanir

On Wed, Oct 26, 2016 at 5:00 PM, Martin Sivak  wrote:

> Hi Anzar,
>
> the "is not a hosted engine host" part usually means the hosted engine
> score of that host is zero. You can check the score in the General subtab
> for the host.
>
> The reason for the score being zero might be that the engine hasn't
> noticed the deployment yet or something failed on the host. You can check
> that by logging into any hosted engine host and issuing hosted-engine
> --vm-status command. That will tell you details about the status of all
> hosts.
>
> --
> Martin Sivak
> SLA / oVirt
>
>
> On Wed, Oct 26, 2016 at 3:48 PM, Anzar Sainudeen 
> wrote:
>
>> Dear Yanir,
>>
>>
>>
>> Thank you for your fast reply.
>>
>> My current ovirt node version is 4.0.3. Please let me know the next which
>> version release will resolve the error ‘The host hosted_engine_2 did not
>> satisfy internal filter HA because it is not a Hosted Engine host..”
>>
>>
>>
>> Second Issues(vm not available)
>>
>> I have setup hosted-engine setup in first host1 successfully and on the
>> second host we use # hosted-engine --deploy --config-append=answers.conf
>>
>> My shared storage type is FC and select the same location chose for the
>> host-2 install the vm sucessfull.
>>
>> But in the engine àunder-àhost , the second hosted-engine vm is not
>> visbilbe.
>>
>>
>>
>> I will attached some screen short, please support and advise we are in
>> wright path….to complete our R&D
>>
>>
>>
>>
>> *Anzar SainudeenDatacenter **Infrastructure*
>> * Incharge**IT Infrastructure Division*
>>
>> *Tel: +971 6 7431333 Ext: 1303 <%2B971%206%207431333%20Ext%3A%201303>Mob:
>> +971 55 8633699 <%2B971%2055%208633699> *
>>
>> *Email:  an...@it.thumbay.com  Web: www.thumbay.com
>> *
>>
>> [image: Description:
>> https://docs.google.com/uc?export=download&id=0ByrcJpYbMetaVExqQzBrVldnVkU&revid=0ByrcJpYbMetaYWNlWlJuc2hCdGZiR0swM25wdzhwODBBeXk0PQ]
>>
>> *DUBAI I SHARJAH I AJMAN I UMM AL QUWAIN I RAS AL KHAIMAH I FUJAIRAH I
>> INDIA*
>>
>>
>>
>> Disclaimer: This message contains confidential information and is
>> intended only for the individual named. If you are not the named addressee,
>> you are hereby notified that disclosing, copying, distributing or taking
>> any action in reliance on the contents of this e-mail is strictly
>> prohibited. Please notify the sender immediately by e-mail if you have
>> received this e-mail by mistake, and delete this material. Thumbay Group
>> accepts no liability for errors or omissions in the contents of this
>> message, which arise as a result of e-mail transmission.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *From:* Yanir Quinn [mailto:yqu...@redhat.com]
>> *Sent:* Wednesday, October 26, 2016 3:50 PM
>> *To:* Anzar Sainudeen
>> *Cc:* users
>> *Subject:* Re: [ovirt-users] Hosted-Engine-HA-Simulation-Error
>>
>>
>>
>> Hi Anzar ,
>>
>> There is a bug for this misleading second log message :
>> https://bugzilla.redhat.com/show_bug.cgi?id=1314377
>> which is being handled for the next version.
>>
>> since the second host is not available as a virtual machine a proper
>> message should reflect that instead of the current one you get now.
>>
>> Thanks
>>
>> Yanir Quinn
>>
>>
>>
>> On Wed, Oct 26, 2016 at 2:32 PM, Anzar Sainudeen 
>> wrote:
>>
>> Dear Team,
>>
>>
>>
>> I am getting the below error during the hosted-Engine HA testing.
>>
>>
>>
>> Error while executing action:
>>
>> 1. HostedEngine:
>>
>>- Cannot migrate VM. There is no host that satisfies current
>>scheduling constraints. See below for details:
>>- The host hosted_engine_1 did not satisfy internal filter Migration
>>because it currently hosts the VM..
>>- The host hosted_engine_2 did not satisfy internal filter HA because
>>it is not a Hosted Engine host..
>>
>>
>>
>> 2. Second is hosted_engine_2 is not available as a virtual machine.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *Anzar SainudeenDatacenter Infrastructure InchargeIT Infrastructure
>> DivisionTel: +971 6 7431333 Ext: 1303
>> <%2B971%206%207431333%20Ext%3A%201303>Mob: +971 55 8633699
>> <%2B971%2055%208633699> *
>>
>> *Email:  an...@it.thumbay.com  Web: www.thumbay.com
>> *
>>
>> [image: Description:
>> https://docs.google.com/uc?export=download&id=0ByrcJpYbMetaVExqQzBrVldnVkU&revid=0ByrcJpYbMetaYWNlWlJuc2hCdGZiR0swM25wdzhwODBBeXk0PQ]
>>
>> *DUBAI I SHARJAH I AJMAN I UMM AL QUWAIN I RAS AL KHAIMAH I FUJAIRAH I
>> INDIA*
>>
>>
>>
>> Disclaimer: This message contains confidential information and is
>> intended only for the individual named. If you are not the named addressee,
>> you are hereby notified that disclosing, copying, distributing or taking
>> any action in reliance on the contents of this e-mail is strictly
>> prohibited. Please notify the sender immediatel

[ovirt-users] fakevdsm templates per datacenter

2016-10-27 Thread joost

Hi All, i have two ovirt / fakevdsm questions.

I am using fakevdsm to test my ovirt 4.0.5 engine.
I have a somewhat awkward setup where i have a relatively large amount 
of dc's.

I cannot get nfs master domain to work from the api.
The api code is solid and is used on a ovirt-engine 3.5 production 
cluster.


When creating the nfs storage domain i have no issues (it is created as 
id (0-0 more zeros here..) but when i try to attach it to a 
dc it fails.
I am not sure this is an ovirt of fakevdsm issue. When i manually add 
the nfs storage domain it does get created which is somewhat worrying.

My real aim would be to run 500 dc's with 2 hosts and around 5 vms.

Not being able to use the nfs storage master domain is one of the 
issues.


To work around this i decided to try and create 1000 dcs with a single 
host using local storage.
Allthough this works it looks like the hosts and vms within the dc's 
are actually not having their own storage pool.


In our prod environment we run at a much lower scale serveral dc's with 
shared gluster storage (shared between the two hosts in the cluster)

This is considered per dc its own storage pool.

In my tests when reaching dc,cluster, host 249 things fail, this is 
likely because of the value of 'maxnumberofhostsinstoragepool'. I would 
expect this to be bound to the dcs and not the overall server.


In short i expect each dc to be able to run 249 hosts as each dc is its 
own storage pool?


Similarly when i look at the ovirt ui some hosts actually show they are 
running the total amount of running vms.


Again i am not sure if i am correct in assuming each dc is its own 
storage pool.



Finally.
As this setup is somewhat awkward i would like to tweak the diverse 
flags in ovirt engine to be more relaxed about obtaining data from the 
hosts and storage domains.


I believe ovirt engine now checks every 3 seconds the host but i am 
guessing i can live with every 60 seconds for example, the same would 
apply for the storage part. what i am not sure about though is if there 
is a golden ratio between these config items.
I.e. there is vdsRefreshRate, if i set this to 60 instead of 3 do i 
need to also change the vdsTimeout value which is set to 180 by default?


sorru for the lenght of this message.
the most critical items are.
Should i worry about not being eable to create an nfs master domain or 
is this a fakevdsm thing
Why are my dcs, for someone reason related to the main storage pool or 
am i right in thinking a dc + cluster +host with local storage, is its 
own storage pool?


Thanks you so much.






___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users