[ovirt-users] Re: Windows Server 2019 Drivers
Thanks for the reply. Sadly, using IDE doesn't work either. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/RYKBDEV63V2AYZKBYPJ6PNZPHXSOD5MY/
[ovirt-users] Data Center Compatibility version
So I updated our environment a bit ago during a scheduled down time from 4.2 to 4.3. Everything went smoothly, but it looks like I forgot to update the Data Center Compatibility (See alert message below). My question is, can I just change the Data Center compatibility to 4.3 while the environment is running without causing issues, or do i need to shutdown all my VM's and put the hosts into maintenance mode? The compatibility version for everything else is already set to 4.3. Thanks Alert Message: "Data Center compatibility version is 4.2, which is lower than latest engine version 4.3. Please upgrade your Data Center to latest version to successfully finish upgrade of your setup" ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/NJSAEYGGUZFU4ZDGT4KW2OMFEQ4ZX5G2/
[ovirt-users] ovirt-engine-extension-aaa-ldap-setup
Trying to get oVirt to use LDAP for user authentication. It seems to bind, but when I test it (Login Flow and Search) before applying the settings, I get the message below (I can confirm the credentials ARE valid). I also tried to set it up manually and still get the same result. I'm using the same information on Bugzilla and it works fine. I've seen similar threads here but without much answers. Anyone have any good links or docs I can view to get this set up? oVirt Node Version: 4.3.3.6-1.el7 API: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='mydomain.com' result=CREDENTIALS_INVALID ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/C4ZQYTRO3WVIB6Q6MC2SHGUH7CENKB4K/
[ovirt-users] Re: ovirt-engine-extension-aaa-ldap-setup
thanks for the reply. That doesn't seem to work for me either. Strange part is if apply the settings anyway and I use a wildcard "*" in ovirt when searching for users, it lists users in a specific OU only even though it's set to search DC=domain,DC=com ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/LFWJ4MGBF2RRIINHLG7LYCLJ5XACRVFE/
[ovirt-users] Re: ovirt-engine-extension-aaa-ldap-setup
I got a little further. When testing after the setup, I get a Credential Invalid error until I added what Edward previously suggested except I had to use "Person" instead of "inetOrgPerson" because my LDAP server doesn't provide uidObject as well. Line added to /etc/ovirt-engine/aaa/MYDOMAIN.com.properties: sequence.openldap-init-vars.040.var-set.value = (objectClass=Person) Once I did that and restarted the service, ovirt-engine-extensions-tool gives me the following below. Not sure why it won't pull the principle record. 2019-09-06 10:50:15,032-04 INFO 2019-09-06 10:50:15,032-04 INFO== Execution === 2019-09-06 10:50:15,032-04 INFO 2019-09-06 10:50:15,033-04 INFOIteration: 0 2019-09-06 10:50:15,033-04 INFOProfile='MYDOMAIN.com' authn='MYDOMAIN.com-authn' authz='MYDOMAIN.com' mapping='null' 2019-09-06 10:50:15,034-04 INFOAPI: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='MYDOMAIN.com' user='MYUSERNAME' Password: 2019-09-06 10:50:18,822-04 INFOAPI: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='MYDOMAIN.com' result=SUCCESS 2019-09-06 10:50:18,824-04 INFO--- Begin AuthRecord --- 2019-09-06 10:50:18,824-04 INFO--- End AuthRecord --- 2019-09-06 10:50:18,825-04 INFOAPI: -->Authz.InvokeCommands.FETCH_PRINCIPAL_RECORD principal='null' 2019-09-06 10:50:18,837-04 SEVERE Cannot locate principal 'null' ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/JEBIMC6GCCG24OWILNWJMDV6TAJTPOBZ/
[ovirt-users] Re: ovirt-engine-extension-aaa-ldap-setup
I finally got this to work so I'm posting what I did in case it may help someone else in the future. Hopefully the format of this site won't make it hard to read. - Thanks to Edward Berger who got me to the right direction and providing this link: https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/master/profiles/openldap.properties - Also Thanks to Ondra Machacek for advising to use the ovirt-engine-extensions-tool All changes are made on /etc/ovirt-engine/aaa/MYDOMAIN.com.properties - Once I added this line: sequence.openldap-init-vars.040.var-set.value = (objectClass=Person)(${seq:simple_attrsUserName}=*) - I was getting this error: -->Authz.InvokeCommands.FETCH_PRINCIPAL_RECORD principal='null' 2019-09-06 10:50:18,837-04 SEVERE Cannot locate principal 'null' - So then I changed the Principal map from "uid" to "cn" by adding this line: attrmap.map-principal-record.attr.PrincipalRecord_PRINCIPAL.map = cn - After that, it pulled the user principal name, but then when trying to add a user in the web interface, it would fail with this error: ERROR: null value in column "external_id" violates not-null constraint - So I mapped the PrincipalRecord_ID to the user mail attribute figuring that would be fine since emails are mostly unique anyway,by adding the following line: attrmap.map-principal-record.attr.PrincipalRecord_ID.map = mail My configuration: /etc/ovirt-engine/aaa/MYDOMAIN.com.properties include = vars.server = SERVERNAME.MYDOMAIN.com vars.user = ldapu...@mydomain.com vars.password = USER PASSWORD pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password} pool.default.serverset.type = single pool.default.serverset.single.server = ${global:vars.server} attrmap.map-principal-record.attr.PrincipalRecord_PRINCIPAL.map = cn attrmap.map-principal-record.attr.PrincipalRecord_ID.map = mail sequence.openldap-init-vars.010.description = set base dn sequence.openldap-init-vars.010.type = var-set sequence.openldap-init-vars.010.var-set.variable = simple_attrsBaseDN sequence.openldap-init-vars.010.var-set.value = DC=MYDOMAIN,DC=com sequence.openldap-init-vars.020.var-set.value = cn sequence.openldap-init-vars.040.var-set.value = (objectClass=Person)(${seq:simple_attrsUserName}=*) ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/H3SB6QRWEZETO6YJEDO7SMAVEMH4PPHZ/
[ovirt-users] oVirt Software after upgrade
I'm wondering why after upgrading our hosts, when viewing the host details, it's still showing the OS Description as 4.3.3.1. We are using the oVirt Node. Shouldn't the OS Description show the version we just upgraded to? I do the upgrade using the web UI. Thanks OS Version: RHEL - 7 - 6.1810.2.el7.centos OS Description: oVirt Node 4.3.3.1 <-- Kernel Version: 3.10.0 - 957.10.1.el7.x86_64 KVM Version: 2.12.0 - 18.el7_6.3.1 LIBVIRT Version: libvirt-4.5.0-10.el7_6.6 VDSM Version: vdsm-4.30.13-1.el7 SPICE Version: 0.14.0 - 6.el7_6.1 GlusterFS Version: glusterfs-5.5-1.el7 CEPH Version: librbd1-10.2.5-4.el7 Open vSwitch Version: openvswitch-2.10.1-3.el7 Kernel Features: PTI: 1, IBRS: 1, RETP: 0, SSBD: 3 VNC Encryption: Disabled ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/KFXXQE7M67FWFVG7C2KWF6WU4FRVTM6X/