Re: [ovirt-users] connecting to windows 10 vm with tdp
Maybe this can help http://www.ovirt.org/documentation/internal/guest-agent/understanding-guest-agents-and-other-tools/ - Original Message - From: "Yair Zaslavsky" <yzaslav...@aconex.com> To: "Zeev Mindali" <ze...@chippc.com> Cc: users@ovirt.org Sent: Monday, 18 April, 2016 4:42:17 PM Subject: Re: [ovirt-users] connecting to windows 10 vm with tdp Out of curiosity, did you try to use spice? I assume your VM is running windows OS, based on the mentioning of RDP? - Original Message - From: "Zeev Mindali" <ze...@chippc.com> To: users@ovirt.org Sent: Monday, 18 April, 2016 3:54:28 PM Subject: [ovirt-users] connecting to windows 10 vm with tdp Dear all, I have ovirt 3.6 on centos 7.2. I would like to connect with rdp to my vm , but I didn't found how I can enable this option, it's allways in gray Thanks for the help Zeev Mindali Windows & Mobile Developer Chip PC, 5 Nahum Hat St. Haifa Israel 3508504 Tel +972-4-8501121 Fax +972-4-8501088 Cell +972-52-4043142 Email ze...@chippc.com Web www.chippc.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] connecting to windows 10 vm with tdp
Out of curiosity, did you try to use spice? I assume your VM is running windows OS, based on the mentioning of RDP? - Original Message - From: "Zeev Mindali"To: users@ovirt.org Sent: Monday, 18 April, 2016 3:54:28 PM Subject: [ovirt-users] connecting to windows 10 vm with tdp Dear all, I have ovirt 3.6 on centos 7.2. I would like to connect with rdp to my vm , but I didn't found how I can enable this option, it's allways in gray Thanks for the help Zeev Mindali Windows & Mobile Developer Chip PC, 5 Nahum Hat St. Haifa Israel 3508504 Tel +972-4-8501121 Fax +972-4-8501088 Cell +972-52-4043142 Email ze...@chippc.com Web www.chippc.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Educational use case question
- Original Message - From: "Alex Crow"To: users@ovirt.org Sent: Thursday, 14 April, 2016 3:15:44 PM Subject: Re: [ovirt-users] Educational use case question This certainly works. Console can be reached via a browser plugin or Virt-Viewer (available for Windows). Self-hosted engine is the way to go, and is production-ready, especially if you want to add more nodes later. On 14/04/16 03:33, Michael Hall wrote: > Yes but what about the student sitting on the Windows machine in the > lab who wants to install and interact with her VM via it's GUI ... > like is possible in Virtual Machine Manager on RHEL/CentOS 7 ... > except she'd be doing it remotely via an in-browser console ... like > Digital Ocean do for example. I dont think digital ocean is the correct analogy. As a digital ocean user, I have console in which I can create vms, right? But who installed the virtualization software for that? If you're thinking of a digital ocean, the analogy should be a provider that exposes ovirt web admin/user portal as management console to its customers. > -- This message is intended only for the addressee and may contain confidential information. Unless you are that person, you may not disclose its contents or use it in any way and are requested to delete the message along with any attachments and notify us immediately. This email is not intended to, nor should it be taken to, constitute advice. The information provided is correct to our knowledge & belief and must not be used as a substitute for obtaining tax, regulatory, investment, legal or any other appropriate advice. "Transact" is operated by Integrated Financial Arrangements Ltd. 29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300. (Registered office: as above; Registered in England and Wales under number: 3727592). Authorised and regulated by the Financial Conduct Authority (entered on the Financial Services Register; no. 190856). ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Educational use case question
Be advised that after installation is done, you can manage VMs using the ovirt webadmin. - Original Message - From: "Michael Hall"To: users@ovirt.org Sent: Thursday, 14 April, 2016 12:19:28 PM Subject: Re: [ovirt-users] Educational use case question Thanks Julian, I'm in Mildura in VIC. I was hoping for a "pure" web-based client console solution, not something like the VMware desktop client. Anyway, I'm not going to get too hung up on this. Even if we go VMware because it "just works" and everyone's happy with it, we'll still do plenty of CentOS/Fedora. There is also a case to be made that our students are much more likely to encounter VMware in a corporate environment that KVM. And Windows. And iPads. Yawn. Thanks On Thu, Apr 14, 2016 at 11:22 AM, Julian De Marchi < jul...@jdcomputers.com.au > wrote: Hey Michael, > I am teaching IT subjects in TAFE (a kind of post-secondary technical > college) in Australia. Great news for this tech to be in tafe. I remember my time at Logan tafe got me into linux. We are currently looking for a virtualisation platform that will allow students to install and manage VMs via web interface. VMware is being proposed but I am trying to get KVM and the RedHat ecosystem in the lab as much as possible. I have reasonable experience with running virt manager on CentOS 7, but oVirt is new. I have it installed and running OK but am not sure how to proceed with configuration. I basically want to run a single physical server which will be the KVM host, the ISO and data store, and the home of oVirt engine ... in other words a complete oVirt-managed KVM virtualisation platform running on one physical machine (32GB RAM). It will only ever need to run a handful of VMs with little or no real data or load. Is this possible/feasible? If possible/feasible, where should oVirt engine go ... on the host itself, or into a VM guest? If it was me, I would do the engine install on the metal host itself. Will be a lot easier for you, as long as you _know_ you will not be adding more metal nodes to the oVirt setup. I would also be looking into the "VM Pool" feature for your student. This will give you a pool of VMs which after use can be reset to a default configuration. The web interface is what is making oVirt an attractive option at this stage, as students will be working from Windows clients on a corporate network. Do VM GUI display well in the browser? I have no experience using oVirt from Windows, but if there is a splice client available I see no reason why it shouldn't work. If you're local to QLD, I am more then happy to help in person. --julian ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Educational use case question
As far as I remember, oVirt does come with an all in one configuration , but looks like it was deprecated at 3.6, So can you try out the self hosted engine? https://www.ovirt.org/develop/release-management/features/engine/self-hosted-engine/ - Original Message - From: "Michael Hall"To: users@ovirt.org Sent: Thursday, 14 April, 2016 11:10:03 AM Subject: [ovirt-users] Educational use case question Hi I am teaching IT subjects in TAFE (a kind of post-secondary technical college) in Australia. We are currently looking for a virtualisation platform that will allow students to install and manage VMs via web interface. VMware is being proposed but I am trying to get KVM and the RedHat ecosystem in the lab as much as possible. I have reasonable experience with running virt manager on CentOS 7, but oVirt is new. I have it installed and running OK but am not sure how to proceed with configuration. I basically want to run a single physical server which will be the KVM host, the ISO and data store, and the home of oVirt engine ... in other words a complete oVirt-managed KVM virtualisation platform running on one physical machine (32GB RAM). It will only ever need to run a handful of VMs with little or no real data or load. Is this possible/feasible? If possible/feasible, where should oVirt engine go ... on the host itself, or into a VM guest? The web interface is what is making oVirt an attractive option at this stage, as students will be working from Windows clients on a corporate network. Do VM GUI display well in the browser? Thanks for any advice Mike Hall ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] delete hang task
When I worked on Ovirt (a year ago) there was a tool that did it, please look for some cleaner tool or something like that. In addition, last itme I touched the code I was strongly against such a solution, are you sure that the task is not running on VDSM side? CC'ing some relevant people. - Original Message - From: "Nathanaël Blanchet"To: users@ovirt.org Sent: Friday, February 19, 2016 12:51:06 AM Subject: Re: [ovirt-users] delete hang task Hello, I met the same issue, so I worked a little bit for you :) On the engine : * QUERY : -q PGPASSWORD=X /usr/share/ovirt-engine/setup/dbutils/unlock_entity.sh -q -t snapshot -u engine 296c010e-3c1d-4008-84b3-5cd39cff6aa1 | 525a4dda-dbbb-4872-a5f1-8ac2aed48392 * REMOVE PGPASSWORD=X /usr/share/ovirt-engine/setup/dbutils/unlock_entity.sh -t snapshot -u engine 525a4dda-dbbb-4872-a5f1-8ac2aed48392 Ref : http://lists.ovirt.org/pipermail/users/2015-November/035686.html Le 18/02/2016 14:25, p...@email.cz a écrit : Hello, I'm testing oVirt 3.6 for failover and have total issue. Snapshot VM will hang on ZFS filesystem. But the main questionis is : how can I cancel any unfinished tasks in ovirt ??? I didn't find any "normal" solution, except deleting record from ovirt DB manually any idea ? - no one is missing this functionality ??? regs. Pa. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- Nathanaël Blanchet Supervision réseau Pôle Infrastrutures Informatiques 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanc...@abes.fr ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt live + user/groups/roles management
- Original Message - From: "Sandro Bonazzola" <sbona...@redhat.com> To: "Yair Zaslavsky" <yzaslav...@aconex.com> Cc: "Doron Fediuck" <dfedi...@redhat.com>, "users" <users@ovirt.org>, "Yaniv Kaul" <yk...@redhat.com>, "Lev Veyde" <lve...@redhat.com> Sent: Wednesday, December 16, 2015 1:48:54 AM Subject: Re: [ovirt-users] ovirt live + user/groups/roles management On Tue, Dec 15, 2015 at 12:36 AM, Yair Zaslavsky < yzaslav...@aconex.com > wrote: From: "Doron Fediuck" < dfedi...@redhat.com > To: "Yair Zaslavsky" < yzaslav...@aconex.com > Cc: "users" < users@ovirt.org >, "Yaniv Kaul" < yk...@redhat.com >, "Lev Veyde" < lve...@redhat.com >, "Sandro Bonazzola" < sbona...@redhat.com > Sent: Tuesday, December 15, 2015 10:16:27 AM Subject: Re: [ovirt-users] ovirt live + user/groups/roles management On Dec 11, 2015 03:39, "Yair Zaslavsky" < yzaslav...@aconex.com > wrote: > > Hi all, Hello Yair. > I am interested in installing oVirt live , I am currently not interested to > spawn actual VMs, but rather interested to check roles/groups/users > management : > > a. Is there a built in JDBC support for users/groups management, or do I need > to configure freeIPA/openLdap as my external provider? > oVirt live is running in memory as a live CD. Anything you do will be gone once the machine power off. So you may want to decide if this is right for you. To the point there's a new AAA framework which allows you to use jdbc extension: http://www.ovirt.org/Features/AAA > b. If I do not wish to run VMs at the moment, do I need to have nested > virtualization configured? No. This is running in memory but not in a VM. I figured that much by now, i wanted to refresh my memory how the users/roles/groups thing works I am perfectly well with the fact everything will be wiped out when i turn the machine off. This means that if I want to configure AAA, i should do that every time i start the machine (of course create my own live cd ). The installation of ovirt live looks nice, good job on that, however I did encounter an error at installation , I am attaching logs I tried to install it on a VM that i created with VirtualBox looks like the engine wasn't yet ready when the host-deploy part started trying to connect to it. Is this a known issue or would you like me to a file a bug? In addition, are new RFEs accepted to ovirt-live? after the installation and thoughts about AAA I have some ideas. > > > Cheers, > Yair Zaslavsky > Senior SW Engineer, Aconex > > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > -- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] ovirt live + user/groups/roles management
Hi all, I am interested in installing oVirt live , I am currently not interested to spawn actual VMs, but rather interested to check roles/groups/users management : a. Is there a built in JDBC support for users/groups management, or do I need to configure freeIPA/openLdap as my external provider? b. If I do not wish to run VMs at the moment, do I need to have nested virtualization configured? Cheers, Yair Zaslavsky Senior SW Engineer, Aconex ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Ovirt Engine Clear All tasks
- Original Message - From: Donny Davis do...@cloudspin.me To: users users@ovirt.org Sent: Saturday, January 3, 2015 12:00:43 AM Subject: [ovirt-users] Ovirt Engine Clear All tasks I tried to migrate disks from one storage domain to another, and it is taking an unreasonable amount of time to complete. The disks have been migrating for 6 hours, and is bringing my system to it's knees. I have used the taskcleaner utility when the engine was stopped, and when I start the engine, it starts trying to migrate the disks again. How can I fix this I wonder if the command_entities table in the DB included any entries. In addition, I wonder what was the status of tasks at SPM at that time. Thanks -- Donny Davis CloudSpin.me ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] templates and freeipa
- Original Message - From: Jim Kinney jim.kin...@gmail.com To: users@ovirt.org Sent: Friday, October 31, 2014 8:55:46 PM Subject: [ovirt-users] templates and freeipa Ovirt 3.5 is running well for me and I have freeIPA controlling access to the user portal. I would like to provide templates of various linux setups that all have freeipa for user authentication in the VM for my developers to be able to create a new VM from and then log in using their freeIPA access and sudo control. I'm wanting to group developers by project and use freeIPA to set sudo commands as needed (group A get oracle, group B get postgresql, etc). Wanting to maximize developer ability while minimizing my clean up time :-) They will be able to delete VMs they create. It's possible to do a kickstart deploy with freeIPA registration but a template from that will be a problem as it will have the same keys for all VMs. Is there a post-creation scripting process I can attach to in ovirt or should I look at a default root user and script that personalizes the new VM? טYou mean something like the vdsm hooks? Bare in mind that the create verb in VDSM is more about running a VM. the creation of its metadata is done at engine. -- -- James P. Kinney III Every time you stop a school, you will have to build a jail. What you gain at one end you lose at the other. It's like feeding a dog on his own tail. It won't fatten the dog. - Speech 11/23/1900 Mark Twain *http://heretothereideas.blogspot.com/ http://heretothereideas.blogspot.com/* ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Debug Environment for RHEVM
- Original Message - From: Vered Volansky ve...@redhat.com To: Chao Xie xiec.f...@cn.fujitsu.com Cc: users@ovirt.org Sent: Monday, December 22, 2014 8:26:56 AM Subject: Re: [ovirt-users] Debug Environment for RHEVM Hi, It's not that you can't debug RHEV at all, it's just that the instructions in the link you cited is will not work as is. The packaging, hierarchy and even file names are different. Regards, Vered It is possible to open the remote debug port for RHEV-M. The (not so ) tricky part will be to get the exact code-base as of the version (i.e - find the proper git tag). In addition, are you sure you want to debug RHEVM and not oVirt? Cheers, Yair - Original Message - From: Chao Xie xiec.f...@cn.fujitsu.com To: users@ovirt.org Sent: Monday, December 22, 2014 3:55:13 AM Subject: [ovirt-users] Debug Environment for RHEVM HI, I found there is a debug environment for oVirt: http://wiki.ovirt.org/OVirt_Engine_Development_Environment Is it also useful for RHEVM source code? Best Regards, Xie ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] How can I add usernames in ovirt? i.e., is admin account
- Original Message - From: Sandvik Agustin agustinsand...@gmail.com To: users@ovirt.org Sent: Monday, January 5, 2015 8:47:30 PM Subject: Re: [ovirt-users] How can I add usernames in ovirt? i.e.,is admin account Hi, Thanks guys for the quick reply and I really appreciate it, I'll look upon your suggestions right now. By the way, I forgot to mention that I'm using oVirt Engine Version: 3.5.0.1-1.el6. Thanks Again, I'll update you guys about my progress. That should work (i.e - as long as you use version 3.5.x, we had the ability to add users at the past as well, but it would be better to use the path Alon suggested). Regarding FreeIPA - depends on the amount of machines you have to spare, it is possible to set the FreeIPA server on a different machine (i.e, not have engine and FreeIPA co-hosted). But as suggested before , 389ds works just fine. Cheers, Yair Thanks Again. On Tue, Jan 6, 2015 at 2:39 AM, Donny Davis do...@cloudspin.me wrote: Ensure you don't try to install freeipa to the manager machine, there will be conflicts. 389ds works and is really easy to setup Regards DonnyOn Jan 5, 2015 11:36 AM, Donny Davis do...@cloudspin.me wrote: I did a write up on AAA LDAP. https://cloudspin.me/ovirt-simple-ldap-aaa/ Hope its helpful DonnyOn Jan 5, 2015 11:26 AM, Alon Bar-Lev alo...@redhat.com wrote: Hello, For now you need to use somekind of LDAP with ovirt-engine-extension-ldap[1][2] package. In future we will support database based repository. Until someone from infra will have the time to publish the latest version of the package, please download it directly from here[3], please note that until engine-3.5.1 is out you will need to specify full path in config.profile.file.1 variable at authn and authz extension configuration. Regards, Alon [1] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD [2] http://www.ovirt.org/Features/AAA [3] http://jenkins.ovirt.org/job/ovirt-engine-extension-aaa-ldap_any_create-rpms_manual/6/ - Original Message - From: Sandvik Agustin agustinsand...@gmail.com To: users@ovirt.org Sent: Monday, January 5, 2015 8:14:27 PM Subject: [ovirt-users] How can I add usernames in ovirt? i.e., is admin account Hi guys, Good day, I just want to know if how can I add usernames in ovirt? i.e., is admin account is already exist and I want to create another account i.e., users or clients account. TIA ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
We will also need log of the generic ldap extensin, can you please provide it? Thanks! - Original Message - From: Juan Jose jj197...@gmail.com To: Alon Bar-Lev alo...@redhat.com Cc: Ondra Machacek omach...@redhat.com, Yair Zaslavsky yzasl...@redhat.com, users@ovirt.org Sent: Friday, December 5, 2014 1:10:06 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue Hello Alon, I have deleted Legacy domain with engine-manage-domain, and I have changed configuration to absolute file name as you can see: /etc/ovirt-engine/extensions.d/siee-local-authn.properties: ovirt.engine.extension.name = siee-local-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = siee ovirt.engine.aaa.authn.authz.plugin = siee-local-authz config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties /etc/ovirt-engine/extensions.d/siee-local-authz.properties: ovirt.engine.extension.name = siee-local-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties I had configured relative file name because the example /usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/extensions.d/domain1-authz.properties has a relative file name. I have done the same: delete engine.log, restart ovirt-engine and try log in and the same error is showed, General command validation failure. Attach engine.log file. Thanks, Juanjo. On Fri, Dec 5, 2014 at 9:52 AM, Alon Bar-Lev alo...@redhat.com wrote: Hi! You have the following errors: 2014-12-05 09:32:31,778 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-5) Loading extension 'siee-local-authn' 2014-12-05 09:32:31,819 ERROR [org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager] (MSC service thread 1-5) Could not load extension based on configuration file '/etc/ovirt-engine/extensions.d/siee-local-authn.properties'. Please check the configuration file is valid. Exception message is: Error loading extension 'siee-local-authn': /aaa/siee.properties (No such file or directory) 2014-12-05 09:32:31,823 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-5) Loading extension 'siee-local-authz' 2014-12-05 09:32:31,824 ERROR [org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager] (MSC service thread 1-5) Could not load extension based on configuration file '/etc/ovirt-engine/extensions.d/siee-local-authz.properties'. Please check the configuration file is valid. Exception message is: Error loading extension 'siee-local-authz': /aaa/siee.properties (No such file or directory) Per my last message, you should provide absolute file names if you use 3.5.0. Please see inline comments bellow. Also, you are trying to authenticate with the legacy provider: 2014-12-05 09:33:04,871 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server Can you please use engine-manage-domains to remove the legacy (old) domain, so we reduce confusion? Thanks! - Original Message - From: Juan Jose jj197...@gmail.com To: Alon Bar-Lev alo...@redhat.com Cc: Ondra Machacek omach...@redhat.com, Yair Zaslavsky yzasl...@redhat.com, users@ovirt.org Sent: Friday, December 5, 2014 10:43:01 AM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue Hello Alon, I have done what you have said. My new configuration files are: /etc/ovirt-engine/extensions.d/siee-local-authn.properties: ovirt.engine.extension.name = siee-local-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = siee ovirt.engine.aaa.authn.authz.plugin = siee-local-authz config.profile.file.1 = aaa/siee.properties should be: /etc/ovirt-engine
Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
- Original Message - From: Juan Jose jj197...@gmail.com To: Yair Zaslavsky yzasl...@redhat.com, Ondra Machacek omach...@redhat.com, alo...@redhat.com, users@ovirt.org Sent: Wednesday, November 26, 2014 1:01:37 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue Hello everybody, I will try to configure ovirt-engine-extension-aaa-ldap package as Alon says. +1 please do. By other side, I have executed the command kinit and the response is: kinit: Client not found in Kerberos database while getting initial credentials I am sure you did tht, but just to be on the safe side - did u perform kinit principal@REALM? My /etc/krb5.conf files is (adserver.siee.local is my AD server based in Samba 4), I have modified this file to exchange EXAMPLE.COM by siee.local and adserver.siee.local: /etc/krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = SIEE.LOCAL dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] SIEE.LOCAL = { kdc = adserver.siee.local admin_server = adserver.siee.local } [domain_realm] .siee.local = SIEE.LOCAL siee.local = SIEE.LOCAL My /etc/ovirt-engine/krb5.conf: [libdefaults] default_realm = SIEE.LOCAL dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = no default_tkt_enctypes = arcfour-hmac-md5 udp_preference_limit = 1 #realms #domain_realm This last file is the same that I had before my upgrade to oVirt 3.5. Many thanks again, Juanjo. On Wed, Nov 26, 2014 at 5:37 AM, Yair Zaslavsky yzasl...@redhat.com wrote: - Original Message - From: Juan Jose jj197...@gmail.com To: Ondra Machacek omach...@redhat.com, Yair Zaslavsky yzasl...@redhat.com, alo...@redhat.com, users@ovirt.org Sent: Tuesday, November 25, 2014 6:09:18 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue Hello again, Yes the password is correct, I can login in a Windows machine to my domain siee.local with the user Juanjo. Moreover I have chanbged this user password to simpler one and the result is the same. I have logged in administration portal with internal admin user and I try to navigate through the domain to find user to assign some user in a VM but nothing is showed as you can see in the attached screen image and any error is faced in administration portal, but the /var/log/ovirt-engine/engine.log show this: 2014-11-25 17:02:05,355 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 17:02:05,356 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 17:02:05,357 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 17:02:05,359 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-5) Failed to run command LdapSearchUserByQueryCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-25 17:02:05,402 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 17:02:05,404 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 17:02:05,406 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 17:02:05,408 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-5) Failed to run command LdapSearchGroupsByQueryCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. every time I click Go button. Moreover I haven't changed anything from my Samba4 AD and it is working handling my siee.local domain. This error is showed since oVirt 3.5 upgrade. Many thanks in advance, Juanjo
Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
- Original Message - From: Juan Jose jj197...@gmail.com To: Ondra Machacek omach...@redhat.com, Yair Zaslavsky yzasl...@redhat.com, alo...@redhat.com, users@ovirt.org Sent: Tuesday, November 25, 2014 6:09:18 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue Hello again, Yes the password is correct, I can login in a Windows machine to my domain siee.local with the user Juanjo. Moreover I have chanbged this user password to simpler one and the result is the same. I have logged in administration portal with internal admin user and I try to navigate through the domain to find user to assign some user in a VM but nothing is showed as you can see in the attached screen image and any error is faced in administration portal, but the /var/log/ovirt-engine/engine.log show this: 2014-11-25 17:02:05,355 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 17:02:05,356 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 17:02:05,357 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 17:02:05,359 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-5) Failed to run command LdapSearchUserByQueryCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. 2014-11-25 17:02:05,402 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was invalid (24) 2014-11-25 17:02:05,404 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username and password. 2014-11-25 17:02:05,406 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server 2014-11-25 17:02:05,408 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-5) Failed to run command LdapSearchGroupsByQueryCommand. Domain is siee.local. User is juanjo@SIEE.LOCAL. every time I click Go button. Moreover I haven't changed anything from my Samba4 AD and it is working handling my siee.local domain. This error is showed since oVirt 3.5 upgrade. Many thanks in advance, Juanjo. As Alon suggested, you can try the next provider for 3.5 However, until you do so, can you use kinit in order to perform kerberos authentication with the problematic user? Cheers, Yair On Tue, Nov 25, 2014 at 2:29 PM, Ondra Machacek omach...@redhat.com wrote: Also, can you please try to search within this domain, not only login to it? Does it fail or works good? (in webadmin go to users tab and click add, select your domain and search for users). - Original Message - From: Alon Bar-Lev alo...@redhat.com To: Juan Jose jj197...@gmail.com Cc: Ondra Machacek omach...@redhat.com, Yair Zaslavsky yzasl...@redhat.com, users@ovirt.org Sent: Tuesday, November 25, 2014 1:49:20 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue 2014-11-25 12:54:10,687 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-5) Failed ldap search server ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to Authentication Failed. Please verify the username and password.. We should not try the next server - Original Message - From: Juan Jose jj197...@gmail.com To: Ondra Machacek omach...@redhat.com, alo...@redhat.com, Yair Zaslavsky yzasl...@redhat.com, users@ovirt.org Sent: Tuesday, November 25, 2014 2:29:26 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue Hello Ondra and everybody, It works with my other user: engine-manage-domains add --domain=siee.local --provider=ad --user=juanjo --add-permissions Enter password: Successfully added domain siee.local. oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart). Manage Domains completed successfully But after restarted ovirt-engine if I try to loging with juanjo in the administrator portal and I
Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA
- Original Message - From: Ondra Machacek omach...@redhat.com To: Yair Zaslavsky yzasl...@redhat.com Cc: cameron christensen cameron.christen...@uk2group.com, Alon Bar-Lev alo...@redhat.com, users@ovirt.org Sent: Thursday, November 20, 2014 6:09:53 PM Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA Hi, just tried it too. I was not successfull to reproduce, but the problem is that the domain part of LDAPSecurityAuthentication is uppercase as Cameron wrote. In 3.4 it is OK when it's upper case - everything works OK, but in 3.5 it's not. I checked differences and something like this would be enough, Yair? diff --git a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExte index f5ab28d..ccaf04a 100644 --- a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java +++ b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java @@ -240,7 +240,7 @@ public class EngineExtensionsManager extends ExtensionsManager { ) ); } -if (nameValue[0].equals(domain)) { +if (nameValue[0].equalsIgnoreCase(domain)) { result = nameValue[1]; break; } Ondra Looks fine, but please email me in private a testing environment where I can check that. Thanks! P.S: Another option worth trying is simply remove and add the domain, but hey, if you're already in 3.5, and removed the domain, why not use he generic ldap provider? - Original Message - From: Alon Bar-Lev alonbl at redhat.com To: Cameron Christensen cameron.christensen at uk2group.com, Yair Zaslavsky yzaslavs at redhat.com Cc: users at ovirt.org Sent: Monday, November 17, 2014 11:48:15 PM Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA - Original Message - From: Cameron Christensen cameron.christensen at uk2group.com To: Alon Bar-Lev alonbl at redhat.com Cc: users at ovirt.org Sent: Monday, November 17, 2014 11:43:34 PM Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA On Mon, 2014-11-17 at 14:39 -0500, Alon Bar-Lev wrote: - Original Message - From: Cameron Christensen cameron.christensen at uk2group.com To: users at ovirt.org Sent: Friday, November 14, 2014 5:39:54 PM Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA Hello, I upgraded to ovirt 3.5.0 and can no longer authenticate to IPA. Starting up ovrit-engine the extension manager fails to properly load the service that handles Kerberos/LDAP. This is probably a bug, can you please execute the following and paste result: # PGPASSWORD=@PASSWORD@ psql -U engine -d engine -c select * from vdc_options where option_name='LDAPSecurityAuthentication' option_id |option_name | option_value| version ---++---+- 165 | LDAPSecurityAuthentication | example.org:GSSAPI | general I replaced my domain name with 'example.org' I thought it will be empty... and it contains valid value. Yair? No, this is fine actually. Any I truly suggest you try out the new provider... Much easier to resolve any issue, current and future, including easier to debug. Alon ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] LDAP
- Original Message - From: Koen Vanoppen vanoppen.k...@gmail.com To: users@ovirt.org Sent: Thursday, November 20, 2014 10:51:06 AM Subject: [ovirt-users] LDAP Hello everybody, We updated our ovirt to 3.5, but now we see some errors concerning LDAP. I already searched oonline for a guide for the AAA config, but can't seem to find something... Does anybody already has a clear how-to for the AAA config? This is the error we get sometimes in our engine.log (we are still able to login with ldap btw): 2014-11-20 06:42:06,539 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-32) Failed ldap search server ldap://***.brussels.airport:*** using user @BRUSSELS.AIRPORT due to : [LDAP: error code 34 - 208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0]; remaining name ''. We should try the next server Kind regards, Koen So i understand this is not 100% right? Can you share more on the upgrade? Are you working with openldap? Have you upgraded anything else? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA
- Original Message - From: Alon Bar-Lev alo...@redhat.com To: Cameron Christensen cameron.christen...@uk2group.com, Yair Zaslavsky yzasl...@redhat.com Cc: users@ovirt.org Sent: Monday, November 17, 2014 11:48:15 PM Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA - Original Message - From: Cameron Christensen cameron.christen...@uk2group.com To: Alon Bar-Lev alo...@redhat.com Cc: users@ovirt.org Sent: Monday, November 17, 2014 11:43:34 PM Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA On Mon, 2014-11-17 at 14:39 -0500, Alon Bar-Lev wrote: - Original Message - From: Cameron Christensen cameron.christen...@uk2group.com To: users@ovirt.org Sent: Friday, November 14, 2014 5:39:54 PM Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA Hello, I upgraded to ovirt 3.5.0 and can no longer authenticate to IPA. Starting up ovrit-engine the extension manager fails to properly load the service that handles Kerberos/LDAP. This is probably a bug, can you please execute the following and paste result: # PGPASSWORD=@PASSWORD@ psql -U engine -d engine -c select * from vdc_options where option_name='LDAPSecurityAuthentication' option_id |option_name | option_value| version ---++---+- 165 | LDAPSecurityAuthentication | example.org:GSSAPI | general I replaced my domain name with 'example.org' I thought it will be empty... and it contains valid value. Yair? No, this is fine actually. Any I truly suggest you try out the new provider... Much easier to resolve any issue, current and future, including easier to debug. Alon ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA
- Original Message - From: Cameron Christensen cameron.christen...@uk2group.com To: Alon Bar-Lev alo...@redhat.com Cc: Yair Zaslavsky yzasl...@redhat.com, users@ovirt.org Sent: Tuesday, November 18, 2014 6:21:18 PM Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA On Mon, 2014-11-17 at 16:48 -0500, Alon Bar-Lev wrote: - Original Message - From: Cameron Christensen cameron.christen...@uk2group.com To: Alon Bar-Lev alo...@redhat.com Cc: users@ovirt.org Sent: Monday, November 17, 2014 11:43:34 PM Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA On Mon, 2014-11-17 at 14:39 -0500, Alon Bar-Lev wrote: - Original Message - From: Cameron Christensen cameron.christen...@uk2group.com To: users@ovirt.org Sent: Friday, November 14, 2014 5:39:54 PM Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA Hello, I upgraded to ovirt 3.5.0 and can no longer authenticate to IPA. Starting up ovrit-engine the extension manager fails to properly load the service that handles Kerberos/LDAP. This is probably a bug, can you please execute the following and paste result: # PGPASSWORD=@PASSWORD@ psql -U engine -d engine -c select * from vdc_options where option_name='LDAPSecurityAuthentication' option_id |option_name | option_value| version ---++---+- 165 | LDAPSecurityAuthentication | example.org:GSSAPI | general I replaced my domain name with 'example.org' I thought it will be empty... and it contains valid value. Yair? Looking through the vdc_options table I noticed that many of the LDAP* and Ad* settings use two different spellings for the Kerberos/LDAP domain. One in all upper case letters, EXAMPLE.ORG and one in all lower case, example.org. (I'm guessing this is to handle either spelling of the domain?) I updated LDAPSecurityAuthentication and set the option_value to use both the upper case and lower case domain name, 'EXAMPLE.ORG:GSSAPI,example.org:GSSAPI'. select * from vdc_options where option_name = 'LDAPSecurityAuthentication'; option_id |option_name |option_value | version ---++-+- 165 | LDAPSecurityAuthentication | EXAMPLE.ORG:GSSAPI,example.org:GSSAPI | general Just so we can continue to investigate - if u would like to get your ldap and kerberos SRV records , to which domain will you send them in your setup? dig SRV _ldap._tcp.EXAMPLE.ORG or dig SRV _ldap._tcp.example.org? same goes to _kerberos._tcp.example.org and _kerberos._tcp.EXAMPLE.ORG Cheers, Yair Using both domain names I am able to authenticate, authorize and pull account information from the IPA server once again. Thanks for pointing me at the right location. Cameron ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] webhook
- Original Message - From: Vojtech Szocs vsz...@redhat.com To: Yair Zaslavsky yzasl...@redhat.com Cc: Barak Azulay bazu...@redhat.com, Oved Ourfali ov...@redhat.com, users@ovirt.org Sent: Friday, November 7, 2014 5:16:48 PM Subject: Re: [ovirt-users] webhook - Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Vojtech Szocs vsz...@redhat.com Cc: Barak Azulay bazu...@redhat.com, Oved Ourfali ov...@redhat.com, users@ovirt.org Sent: Thursday, November 6, 2014 2:59:53 PM Subject: Re: [ovirt-users] webhook - Original Message - From: Vojtech Szocs vsz...@redhat.com To: Barak Azulay bazu...@redhat.com Cc: Oved Ourfali ov...@redhat.com, users@ovirt.org Sent: Thursday, November 6, 2014 3:38:56 PM Subject: Re: [ovirt-users] webhook - Original Message - From: Barak Azulay bazu...@redhat.com To: Vojtech Szocs vsz...@redhat.com Cc: Einav Cohen eco...@redhat.com, Oved Ourfali ov...@redhat.com, users@ovirt.org Sent: Tuesday, November 4, 2014 5:15:35 PM Subject: Re: [ovirt-users] webhook - Original Message - From: Vojtech Szocs vsz...@redhat.com To: Einav Cohen eco...@redhat.com Cc: Oved Ourfali ov...@redhat.com, users@ovirt.org Sent: Tuesday, November 4, 2014 2:12:05 PM Subject: Re: [ovirt-users] webhook - Original Message - From: Einav Cohen eco...@redhat.com To: Vojtech Szocs vsz...@redhat.com Cc: Oved Ourfali ov...@redhat.com, users@ovirt.org Sent: Friday, October 31, 2014 8:01:34 PM Subject: Re: [ovirt-users] webhook - Original Message - From: Vojtech Szocs vsz...@redhat.com Sent: Friday, October 31, 2014 11:51:53 AM Hi, if I get this correctly, you'd like to be notified when certain event happens (VM created/deleted/etc.) and react upon that. I see multiple possible approaches here: 0, improve Engine extension API (refer to Alon Bar-Lev for details) - if extensions can be packaged as JARs and these JARs could include web fragments [1] it would mean the possibility to deploy custom servlets onto existing Engine instance (in context of webapp that processes extensions) - your custom Java servlet could query REST interface (or be notified once something happens, but AFAIK we don't have that implemented yet) and do whatever logic is needed - once I asked Alon about ^^ but never got response from him - IMHO this would be a nice way to deploy custom Java code on Engine [1] https://blogs.oracle.com/swchan/entry/servlet_3_0_web_fragment 1, improve UI plugin API - add VirtualMachineDataLoaded event fired upon each refresh of VM data in UI table (generalization - {Entity}DataLoaded) - this is similar to existing {Entity}SelectionChange events relying on changes in the UI table is a bad idea: (1) potentially missing events: the UI displays paginated data; if my VMs are sorted by name, and I have 1000 VMs in my setup, and I just added a VM named z, it will be added to the last page which is not displayed right now, so I wouldn't even be aware that something was added. (2) potentially creating fake events: changes in the displayed data in the UI can occur due to change in the Search query; if I have 50 VMs in my setup, and I initially had the Vms: search query, and now I change it to VMs: name = a*, which results in displaying only 10 VMs, this may falsely hint on removal of 40 VMs from the system. Agreed, that was a bad idea :) UI data is constrained by things like search query, pagination, sorting etc. Scratch my previous idea. As mentioned before, notification of relevant events occuring in system should be the way to go. Either Engine will provide mechanism to notify other systems (i.e. email notifier) or other system will poll/listen-to changes in Engine (i.e. via REST API). Idea for consideration, if every change to oVirt system would be sent to some event bus, we could easily implement different notification mechanisms (like websocket in addition to email), and web apps living in Engine EAR context could also register to that event bus (imagine WebAdmin servlet that listens for changes and pushes them to clients). This can/should be done through the notification service, currently it supports email snmp traps ... but it could be extended (very easily) Cool, maybe something we could
Re: [ovirt-users] User management
- Original Message - From: Koen Vanoppen vanoppen.k...@gmail.com To: users@ovirt.org Sent: Friday, November 7, 2014 1:01:13 PM Subject: [ovirt-users] User management Dear all, I have a question concerning the creation of VM's. Is there a way to see which user (Ldap login) created wich VM? Can we somehow query this trough the API? Well, at first I thought this should be done by browsing the permissions collection in REST-API, but then I realized that we can get this info from the events for example - YOUR_URL:/api/events then you will see something like - Vm my-vm-13 was created by a...@acme.com Cheers, Yair Kind regards, Koen ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] how to 'reset' a failed install?
- Original Message - From: Robert Story rst...@tislabs.com To: users@ovirt.org Sent: Saturday, November 8, 2014 3:09:02 AM Subject: [ovirt-users] how to 'reset' a failed install? I've been doing lots of unsuccessful 3.5 hosted-engine installs in my lab, where it's easy for me to re-install the OS if I need to start over. Now I need to try an install in a remote datacenter where I won't be able to re-install the OS. So I was wondering if there is a way to 'reset' a failed install so that another install can be attempted... My thoughts so far are: - stop vdsm, supervdsm, and libvirt - use etckeeper to reset everything under /etc - delete old log files - delete hosted_engine storage domain on storage (if install got that far) - restart vdsm, supervdsm, and libvirt What am I missing? Maybe some remnants in /var (hmm, probably the vdsm persistent config)? Anything else? The VDSM log to be erased? Out of curiosity, do you want to automate this process? CC'ing Alon and Sandro who can probably give more meaningful advice than me. Cheers, Yair Robert -- Senior Software Engineer @ Parsons ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] webhook
it would be to implement the infrastructure for that. If the latter: this will catch actions that were performed either via the GUI or outside the GUI; in this case, it would probably be better to use an Engine extension API (solution 0 above) rather than a UI plugin, since it will be more reliable, will be active even when the GUI is not in use, etc. It was meant simply as polling Engine via oVirtJS / REST API. But then again, any UI plugin-based solution has the drawback that web GUI must be active (open) in order for plugin to be active. The disadvantage of 1, and 2, is that WebAdmin GUI must be open. In any case, if you'd like to explore the possibility of doing this via UI plugin, I'm here to help. Vojtech - Original Message - From: Oved Ourfali ov...@redhat.com To: Yair Zaslavsky yzasl...@redhat.com Cc: Koen Vanoppen vanoppen.k...@gmail.com, users@ovirt.org, Vojtech Szocs vsz...@redhat.com Sent: Thursday, October 30, 2014 2:10:12 PM Subject: Re: [ovirt-users] webhook Hi CC-ing also Vojtech, the father of the UI plugins. Anyway, the only way to accomplish that via UI plugins at the moment is via adding a new action menu item, that in the background deleted the VM, and reports to Foreman. I would be nice to have a hook for different UI action items, but it isn't available at the moment. There are plenty code samples for UI plugins, most of them available at: http://www.ovirt.org/Features/UIPlugins I must say that I'm not sure webhooks are the right approach for that, as I guess it is relevant only in environments in which one doesn't use the API/CLI/SDK but.. it will be a cool feature! Regards, Oved - Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Koen Vanoppen vanoppen.k...@gmail.com Cc: Oved Ourfali ov...@redhat.com, users@ovirt.org Sent: Thursday, October 30, 2014 1:44:38 PM Subject: Re: [ovirt-users] webhook Oved - can we implement something like this using ui-plugins? - Original Message - From: Koen Vanoppen vanoppen.k...@gmail.com To: users@ovirt.org Sent: Monday, October 27, 2014 4:06:40 PM Subject: [ovirt-users] webhook Hi all, Just a quick question. Is it possible to set a webhook on the removal and creation of a new vm? So we can send to foreman a delete action when the VM is deleted... Kind regards, Koen ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Cancelling a running task
- Original Message - From: Liron Aravot lara...@redhat.com To: Eli Mesika emes...@redhat.com Cc: users@ovirt.org Sent: Wednesday, November 5, 2014 2:51:37 PM Subject: Re: [ovirt-users] Cancelling a running task - Original Message - From: Eli Mesika emes...@redhat.com To: Daniel Lang daniel.l...@redi.com Cc: users@ovirt.org Sent: Wednesday, November 5, 2014 2:23:00 PM Subject: Re: [ovirt-users] Cancelling a running task - Original Message - From: Daniel Lang daniel.l...@redi.com To: users@ovirt.org users@ovirt.org Sent: Tuesday, November 4, 2014 6:24:48 PM Subject: [ovirt-users] Cancelling a running task I am creating a VM and the copy from template operation has gone haywire causing significant performance issues on the host server. I’d like to cancel the copying image action (it’s been running ~3hours on a 3GB disk image copy) but I cannot find anything in the web UI to cancel a task. Is there a command line tool to cancel the running task? login to your SPM host and run the following vdsClient -s 0 getAllTasksStatuses You can than use stopTask TaskID stop async task and then clearTask TaskID clear async task I suggest to only stop the task/tasks and let the ovirt engine to perform the clearance of the tasks. +1 - I agree with Liron. Let AsyncTaskManager handle the task clearing - it will also remove relevant entries from db. Ravi, what do you think? The oVirt version is 3.4 and vdsm version 4.14. Thanks for any advice or links to documentation/man pages. Daniel Lang © Copyright 2014 REDI Global Technologies LLC (“REDI”), member FINRA, SIPC. All rights reserved. The information contained in and accompanying this communication may be confidential, subject to legal privilege, or otherwise protected from disclosure, and is intended solely for the use of the intended recipient(s). If you are not the intended recipient of this communication, please delete and destroy all copies in your possession, notify the sender that you have received this communication in error, and note that any review or dissemination of, or the taking of any action in reliance on, this communication is expressly prohibited. E-mail messages may contain computer viruses or other defects, may not be accurately replicated on other systems, or may be intercepted, deleted or interfered with without the knowledge of the sender or the intended recipient. REDI makes no warranties in relation to these matters. Please note that REDI reserves the right to intercept, monitor, and retain e-mail messages to and from its systems as permitted by applicable law. If you are not comfortable with the risks associated with e-mail messages, you may decide not to use e-mail to communicate with REDI. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [ovirt-devel] [RFC] oVirt mobile client
- Original Message - From: Greg Sheremeta gsher...@redhat.com To: users users@ovirt.org, de...@ovirt.org Sent: Friday, October 31, 2014 3:49:11 AM Subject: [ovirt-devel] [RFC] oVirt mobile client Hi, The focus of our OPW internship program starting in December will be mobile and/or lightweight engine clients -- hopefully integrating the new ovirt.js project. +100 Sorry for the ignorant question - does this mean the technology will be web based or native? (i.e - java on top of android, Swift/Objective-C on top of IOS) I see that there are some already existing mobile clients for oVirt. I'm trying to grasp what we have and what the needs are. moVirt: https://github.com/matobet/moVirt (mbetak) This appears to be more of a lightweight webadmin. No console access, but I believe it's planned as part of OPW. (?) I spoke with mbetak about this a few months ago. When you speak of console, you mean to actually view the VM using spice? sounds very interesting. If I recall, Alon levy (a former red hatter) worked on some spice implementation for html5 or something like that. Anyway, back in TLV I also had some ideas around that. Do you have some IRC meetings or something that I can join? Cheers, Yair nomad: http://www.ovirt.org/Project_Proposal_-_Nomad and https://github.com/Vizuri/ovirt-nomad Looks dead -- last commit 3 years ago. Anyone know more about this one? That's all I see on the first few pages of google. When I think of a mobile client for oVirt, I think the most useful part would be the user portal -- simple operations for start, stop, and the ability to view the console of vms. moVirt mentions it wants to support some basic management operations, though. I think it would be difficult to do complex management in a mobile client. (I'm biased towards huge screens, though.) I'd like to see an official subproject started that coordinates our mobile efforts. Is this possible? What would it take to start it? What would people like to see in such an app? Greg Sheremeta Red Hat, Inc. Sr. Software Engineer, RHEV Cell: 919-807-1086 gsher...@redhat.com ___ Devel mailing list de...@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [ovirt-devel] [RFC] oVirt mobile client
- Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Greg Sheremeta gsher...@redhat.com Cc: users users@ovirt.org, de...@ovirt.org Sent: Friday, October 31, 2014 8:03:58 AM Subject: Re: [ovirt-users] [ovirt-devel] [RFC] oVirt mobile client - Original Message - From: Greg Sheremeta gsher...@redhat.com To: users users@ovirt.org, de...@ovirt.org Sent: Friday, October 31, 2014 3:49:11 AM Subject: [ovirt-devel] [RFC] oVirt mobile client Hi, The focus of our OPW internship program starting in December will be mobile and/or lightweight engine clients -- hopefully integrating the new ovirt.js project. +100 Sorry for the ignorant question - does this mean the technology will be web based or native? (i.e - java on top of android, Swift/Objective-C on top of IOS) I see that there are some already existing mobile clients for oVirt. I'm trying to grasp what we have and what the needs are. moVirt: https://github.com/matobet/moVirt (mbetak) This appears to be more of a lightweight webadmin. No console access, but I believe it's planned as part of OPW. (?) I spoke with mbetak about this a few months ago. When you speak of console, you mean to actually view the VM using spice? sounds very interesting. If I recall, Alon levy (a former red hatter) worked on some spice implementation for html5 or something like that. Anyway, back in TLV I also had some ideas around that. Do you have some IRC meetings or something that I can join? Cheers, Yair nomad: http://www.ovirt.org/Project_Proposal_-_Nomad and https://github.com/Vizuri/ovirt-nomad Looks dead -- last commit 3 years ago. Anyone know more about this one? That's all I see on the first few pages of google. When I think of a mobile client for oVirt, I think the most useful part would be the user portal -- simple operations for start, stop, and the ability to view the console of vms. moVirt mentions it wants to support some basic management operations, though. I think it would be difficult to do complex management in a mobile client. (I'm biased towards huge screens, though.) Sorry, I was very excited about the news, so I forgot to answer the rest. I agree about user portal - sounds good to begin with. Another idea I had in the past is to have an app (push-based) that will push events to a special client. We will have a push sever that will get notifications from the event notifier, and this server will push the events to registered clients. I'd like to see an official subproject started that coordinates our mobile efforts. Is this possible? What would it take to start it? What do you mean is that possible? technically sounds feasible to me (well, we'll need to figure out about the console, but an mgmt app without the console, why not?) ) What would people like to see in such an app? Greg Sheremeta Red Hat, Inc. Sr. Software Engineer, RHEV Cell: 919-807-1086 gsher...@redhat.com ___ Devel mailing list de...@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [ovirt-devel] [RFC] oVirt mobile client
- Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Greg Sheremeta gsher...@redhat.com Cc: users users@ovirt.org, de...@ovirt.org Sent: Friday, October 31, 2014 12:16:33 PM Subject: Re: [ovirt-users] [ovirt-devel] [RFC] oVirt mobile client - Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Greg Sheremeta gsher...@redhat.com Cc: users users@ovirt.org, de...@ovirt.org Sent: Friday, October 31, 2014 8:03:58 AM Subject: Re: [ovirt-users] [ovirt-devel] [RFC] oVirt mobile client - Original Message - From: Greg Sheremeta gsher...@redhat.com To: users users@ovirt.org, de...@ovirt.org Sent: Friday, October 31, 2014 3:49:11 AM Subject: [ovirt-devel] [RFC] oVirt mobile client Hi, The focus of our OPW internship program starting in December will be mobile and/or lightweight engine clients -- hopefully integrating the new ovirt.js project. +100 Sorry for the ignorant question - does this mean the technology will be web based or native? (i.e - java on top of android, Swift/Objective-C on top of IOS) I see that there are some already existing mobile clients for oVirt. I'm trying to grasp what we have and what the needs are. moVirt: https://github.com/matobet/moVirt (mbetak) This appears to be more of a lightweight webadmin. No console access, but I believe it's planned as part of OPW. (?) I spoke with mbetak about this a few months ago. When you speak of console, you mean to actually view the VM using spice? sounds very interesting. If I recall, Alon levy (a former red hatter) worked on some spice implementation for html5 or something like that. Anyway, back in TLV I also had some ideas around that. Do you have some IRC meetings or something that I can join? Cheers, Yair nomad: http://www.ovirt.org/Project_Proposal_-_Nomad and https://github.com/Vizuri/ovirt-nomad Looks dead -- last commit 3 years ago. Anyone know more about this one? That's all I see on the first few pages of google. When I think of a mobile client for oVirt, I think the most useful part would be the user portal -- simple operations for start, stop, and the ability to view the console of vms. moVirt mentions it wants to support some basic management operations, though. I think it would be difficult to do complex management in a mobile client. (I'm biased towards huge screens, though.) Sorry, I was very excited about the news, so I forgot to answer the rest. I agree about user portal - sounds good to begin with. Another idea I had in the past is to have an app (push-based) that will push events to a special client. We will have a push sever that will get notifications from the event notifier, and this server will push the events to registered clients. I'd like to see an official subproject started that coordinates our mobile efforts. Is this possible? What would it take to start it? What do you mean is that possible? technically sounds feasible to me (well, we'll need to figure out about the console, but an mgmt app without the console, why not?) ) What would people like to see in such an app? Regarding console - I guess this link has to do with how to display a web page in native app (I asked a mobile developer friend of mine) - http://developer.android.com/reference/android/webkit/WebView.html And this ovirt page can help with spice client for html5 ? http://www.ovirt.org/Features/SpiceHTML5 Cheers, Yair Greg Sheremeta Red Hat, Inc. Sr. Software Engineer, RHEV Cell: 919-807-1086 gsher...@redhat.com ___ Devel mailing list de...@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] webhook
- Original Message - From: Einav Cohen eco...@redhat.com To: Vojtech Szocs vsz...@redhat.com Cc: Oved Ourfali ov...@redhat.com, users@ovirt.org Sent: Friday, October 31, 2014 9:01:34 PM Subject: Re: [ovirt-users] webhook - Original Message - From: Vojtech Szocs vsz...@redhat.com Sent: Friday, October 31, 2014 11:51:53 AM Hi, if I get this correctly, you'd like to be notified when certain event happens (VM created/deleted/etc.) and react upon that. I see multiple possible approaches here: 0, improve Engine extension API (refer to Alon Bar-Lev for details) - if extensions can be packaged as JARs and these JARs could include web fragments [1] it would mean the possibility to deploy custom servlets onto existing Engine instance (in context of webapp that processes extensions) - your custom Java servlet could query REST interface (or be notified once something happens, but AFAIK we don't have that implemented yet) and do whatever logic is needed - once I asked Alon about ^^ but never got response from him - IMHO this would be a nice way to deploy custom Java code on Engine Please allow me to step in as someone who worked on the extensions API as well, There are more missing bits here. You are referring to the webapp side, but this is not enough. We have also the engine side which has to become more pluggable. In addition, we will probably need to handle all kinds of issues that rise from our singletons at engine - class loading might be an issue here, no? You don't want the X-ton (doubleton, tripleton, etc..) phenomena in your setup - you don't want for example X instances of AsyncTaskManager. I think that in general we should strive to turn engine into way more pluggable/modular than it is now, imagine an engine microkernel (for those of you who did not hear the term microkernel, I am referring you to jboss architecture) - we should have a thin microkernel and the rest of the code should be pluggable, using the extension API (and perhaps web fragments as well). What do you think? [1] https://blogs.oracle.com/swchan/entry/servlet_3_0_web_fragment 1, improve UI plugin API - add VirtualMachineDataLoaded event fired upon each refresh of VM data in UI table (generalization - {Entity}DataLoaded) - this is similar to existing {Entity}SelectionChange events relying on changes in the UI table is a bad idea: (1) potentially missing events: the UI displays paginated data; if my VMs are sorted by name, and I have 1000 VMs in my setup, and I just added a VM named z, it will be added to the last page which is not displayed right now, so I wouldn't even be aware that something was added. (2) potentially creating fake events: changes in the displayed data in the UI can occur due to change in the Search query; if I have 50 VMs in my setup, and I initially had the Vms: search query, and now I change it to VMs: name = a*, which results in displaying only 10 VMs, this may falsely hint on removal of 40 VMs from the system. 2, write UI plugin that uses oVirtJS to periodically check VM events not sure if this is referring to VM-related events in the code (e.g. hooking to the click on OK within the New VM / Remove VM dialog, or hooking to the Success callback of the action response, or something similar), or to the VM-related Events (i.e. the ones that are displayed in the GUI within the Events main-tab / bottom section). If the former: can be done, I assume, though not sure how complex it would be to implement the infrastructure for that. If the latter: this will catch actions that were performed either via the GUI or outside the GUI; in this case, it would probably be better to use an Engine extension API (solution 0 above) rather than a UI plugin, since it will be more reliable, will be active even when the GUI is not in use, etc. The disadvantage of 1, and 2, is that WebAdmin GUI must be open. In any case, if you'd like to explore the possibility of doing this via UI plugin, I'm here to help. Vojtech - Original Message - From: Oved Ourfali ov...@redhat.com To: Yair Zaslavsky yzasl...@redhat.com Cc: Koen Vanoppen vanoppen.k...@gmail.com, users@ovirt.org, Vojtech Szocs vsz...@redhat.com Sent: Thursday, October 30, 2014 2:10:12 PM Subject: Re: [ovirt-users] webhook Hi CC-ing also Vojtech, the father of the UI plugins. Anyway, the only way to accomplish that via UI plugins at the moment is via adding a new action menu item, that in the background deleted the VM, and reports to Foreman. I would be nice to have a hook for different UI action items, but it isn't available at the moment. There are plenty code samples for UI plugins, most of them available at: http://www.ovirt.org/Features/UIPlugins I must say that I'm not sure webhooks are the right
Re: [ovirt-users] webhook
Oved - can we implement something like this using ui-plugins? - Original Message - From: Koen Vanoppen vanoppen.k...@gmail.com To: users@ovirt.org Sent: Monday, October 27, 2014 4:06:40 PM Subject: [ovirt-users] webhook Hi all, Just a quick question. Is it possible to set a webhook on the removal and creation of a new vm? So we can send to foreman a delete action when the VM is deleted... Kind regards, Koen ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] webhook
- Original Message - From: Barak Azulay bazu...@redhat.com To: Omer Frenkel ofren...@redhat.com, vanoppen koen vanoppen.k...@gmail.com, Mooli Tayer mta...@redhat.com Cc: Oved Ourfali ov...@redhat.com, users@ovirt.org Sent: Thursday, October 30, 2014 11:10:55 PM Subject: Re: [ovirt-users] webhook - Original Message - From: Barak Azulay bazu...@redhat.com To: Omer Frenkel ofren...@redhat.com, vanoppen koen vanoppen.k...@gmail.com Cc: Oved Ourfali ov...@redhat.com, users@ovirt.org Sent: Thursday, October 30, 2014 10:55:56 PM Subject: Re: [ovirt-users] webhook - Original Message - From: Omer Frenkel ofren...@redhat.com To: Oved Ourfali ov...@redhat.com, Yair Zaslavsky yzasl...@redhat.com Cc: users@ovirt.org Sent: Thursday, October 30, 2014 3:54:37 PM Subject: Re: [ovirt-users] webhook can't the event-notifications be used? notify some email on delete operation (not sure there is a notification for this today..) and hook on the email to run the script? I agree that notification sounds like the best option, Although I would use the SNMP traps for that. If you already have a SNMP monitoring system you can catch the trap there and do your foreman magic. I assume the relevant notification is USER_REMOVE_VM_FINISHED(113) Mooli / Omer please approve . +1 From what I saw this is the relevant event. Which has the textual represenation of VM ${VmName} was successfully removed - Original Message - From: Oved Ourfali ov...@redhat.com To: Yair Zaslavsky yzasl...@redhat.com Cc: users@ovirt.org Sent: Thursday, October 30, 2014 3:10:12 PM Subject: Re: [ovirt-users] webhook Hi CC-ing also Vojtech, the father of the UI plugins. Anyway, the only way to accomplish that via UI plugins at the moment is via adding a new action menu item, that in the background deleted the VM, and reports to Foreman. I would be nice to have a hook for different UI action items, but it isn't available at the moment. There are plenty code samples for UI plugins, most of them available at: http://www.ovirt.org/Features/UIPlugins I must say that I'm not sure webhooks are the right approach for that, as I guess it is relevant only in environments in which one doesn't use the API/CLI/SDK but.. it will be a cool feature! Regards, Oved - Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Koen Vanoppen vanoppen.k...@gmail.com Cc: Oved Ourfali ov...@redhat.com, users@ovirt.org Sent: Thursday, October 30, 2014 1:44:38 PM Subject: Re: [ovirt-users] webhook Oved - can we implement something like this using ui-plugins? - Original Message - From: Koen Vanoppen vanoppen.k...@gmail.com To: users@ovirt.org Sent: Monday, October 27, 2014 4:06:40 PM Subject: [ovirt-users] webhook Hi all, Just a quick question. Is it possible to set a webhook on the removal and creation of a new vm? So we can send to foreman a delete action when the VM is deleted... Kind regards, Koen ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Live snapshot failed but still there ??
- Original Message - From: Punit Dambiwal hypu...@gmail.com To: users@ovirt.org Sent: Wednesday, October 29, 2014 4:59:12 AM Subject: [ovirt-users] Live snapshot failed but still there ?? Hi, I try to create the live snapshot it failed because of the VM filesystem inconsistency but in the engine dashboard it shows it created ?? Screen shots attached Can you attach relevant engine.log and server.log? Thanks, Punit ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [Fwd: options for root and password]
- Original Message - From: Alon Bar-Lev alo...@redhat.com To: Sven Kieske s.kie...@mittwald.de Cc: users@ovirt.org Sent: Tuesday, October 21, 2014 10:49:02 AM Subject: Re: [ovirt-users] [Fwd: options for root and password] - Original Message - From: Sven Kieske s.kie...@mittwald.de To: users@ovirt.org Sent: Tuesday, October 21, 2014 10:40:39 AM Subject: Re: [ovirt-users] [Fwd: options for root and password] On 21/10/14 09:21, Sven Kieske wrote: I don't know if this is still valid, I don't find any options regarding public/private keys in ovirt 3.3. but I would be very interested in this topic to tighten security. It just turns out this already works in ovirt 3.3.2 maybe even earlier, but I would like to know if the point about host key validation on the mentioned wiki page is still true, as I think this would be cve-worthy. When host is added its ssh fingerprint is recorded in database, and is enforced from this point on. Only at Edit Host dialog it can be modified. You can also pre-fetch the fingerprint before adding the host at Add Host dialog in order to confirm that it is the correct host, it will add this fingerprint to database and enforce it when adding the host too. CC'ing Yaniv Bronheim who was the feature owner for ssh fingerprint usage during host addition. I guess Yaniv can confirm exactly which version it was added. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt presentation template -- google docs format?
- Original Message - From: Lior Vernia lver...@redhat.com To: Greg Sheremeta gsher...@redhat.com Cc: Dave Neary dne...@redhat.com, users users@ovirt.org Sent: Wednesday, October 15, 2014 2:51:16 AM Subject: Re: [ovirt-users] ovirt presentation template -- google docs format? Speaking of which, may I hijack this thread in order to ask why we don't have a slideshow template that looks like a slideshow template? With non-white background, colors in general, some graphics/patterns, thought-out bullet design, etc.? +1 here, you're more UI oriented person than I am , Lior , but now that you raised it, it suddenly popped into me as well - I would also like to see some improvement in that area. Thanks for the initiative! Yair This template just doesn't look like it means business. Not business as in the money-making way, business as in talking about a serious project with a serious brand. But maybe that's just me... On 14/10/14 16:06, Greg Sheremeta wrote: Anyone have a Google Docs format of this? [1] Alternatively, I can make one if someone can find me that logo. I can't find a high-res logo anywhere. [1] http://www.ovirt.org/File:OVirt-Template.odp Thanks, Greg Greg Sheremeta Red Hat, Inc. Sr. Software Engineer, RHEV Cell: 919-807-1086 gsher...@redhat.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] How to mapping LDAP users in AAA
- Original Message - From: lofyer lof...@gmail.com To: users users@ovirt.org Sent: Tuesday, October 14, 2014 5:10:56 AM Subject: [ovirt-users] How to mapping LDAP users in AAA I've got a LDAP server without kerberos and I am trying to intergrate its users to oVirt-3.5 with AAA. == Which ldap server is that, what vendor? /etc/ovirt-engine/aaa/example.properties: include = openldap.properties vars.user = cn=directory manager vars.password = mypassword vars.server = example.com #pool.default.ssl.startTLS = false #pool.default.ssl.truststore.file = /etc/ldap_tls/ca_cert.pem #pool.default.ssl.truststore.password = admin pool.default.serverset.single.server = ${global:vars.server} pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password} == This is my basic ldap infomation: ou=Groups | + cn=UserGroup1 | + cn=UserGroup2 ou=UserGroup1 | + cn=user1 | + cn=user2 ou=UserGroup2 | + cn=user3 | + cn=user4 == Now I can see example.com in web portal but I cannot list users in UG1 or UG2. I find that I could map DN, ID NAME, DISPLAY in the config file. What should I add in the config file then? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] oVirt 3.4 + Ipa Server
- Original Message - From: Alon Bar-Lev alo...@redhat.com To: Marcelo Donato don...@din.uem.br Cc: users@ovirt.org Sent: Thursday, October 9, 2014 8:30:47 PM Subject: Re: [ovirt-users] oVirt 3.4 + Ipa Server Can't help you with this one, but be aware that these kind of issues are all solved in 3.5 in which we do not mix kerberos and ldap. - Original Message - From: Marcelo Donato don...@din.uem.br To: users@ovirt.org Sent: Thursday, October 9, 2014 8:25:34 PM Subject: [ovirt-users] oVirt 3.4 + Ipa Server Hello, I've problems for utilization IPA Server with oVirt. Below is the error log and corresponding access, commands and log entries. Thanks for helping me. * Ipa Server - 10.30.0.25 LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch Distributor ID: CentOS Description: CentOS release 6.5 (Final) Release: 6.5 Codename: Final # rpm -qa | grep ipa ipa-server-3.0.0-37.el6.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch ipa-python-3.0.0-37.el6.x86_64 ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-admintools-3.0.0-37.el6.x86_64 ipa-server-selinux-3.0.0-37.el6.x86_64 ipa-client-3.0.0-37.el6.x86_64 # dig _kerberos._ tcp.din.uem.br Shouldn't this be dig SRV _kerberos._ tcp.din.uem.br ? ; DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 _kerberos._ tcp.din.uem.br ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 34293 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;_kerberos._ tcp.din.uem.br . IN A ;; AUTHORITY SECTION: din.uem.br . 3600 IN SOA ns1.din.uem.br . root.din.uem.br . 2014100841 1800 900 60480 3600 ;; Query time: 1 msec ;; SERVER: 186.233.152.33#53(186.233.152.33) ;; WHEN: Thu Oct 9 14:19:05 2014 ;; MSG SIZE rcvd: 88 # dig _ldap._ tcp.din.uem.br ; DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 _ldap._ tcp.din.uem.br ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 21167 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;_ldap._ tcp.din.uem.br . IN A ;; AUTHORITY SECTION: din.uem.br . 3600 IN SOA ns1.din.uem.br . root.din.uem.br . 2014100841 1800 900 60480 3600 ;; Query time: 1 msec ;; SERVER: 186.233.152.33#53(186.233.152.33) ;; WHEN: Thu Oct 9 14:20:16 2014 ;; MSG SIZE rcvd: 84 /var/log/dirsrv/slapd-DIN-UEM-BR/access - conn=3 op=210 SRCH base=dc=din,dc=uem,dc=br scope=2 filter=((|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName= ad...@din.uem.br )) attrs=krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias krbUPEnabled k conn=3 op=210 RESULT err=0 tag=101 nentries=1 etime=0 conn=3 op=211 SRCH base=cn= DIN.UEM.BR ,cn=kerberos,dc=din,dc=uem,dc=br scope=0 filter=(objectClass=krbticketpolicyaux) attrs=krbMaxTicketLife krbMaxRenewableAge krbTicketFlags conn=3 op=211 RESULT err=0 tag=101 nentries=1 etime=0 conn=3 op=212 SRCH base=dc=din,dc=uem,dc=br scope=2 filter=((|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/ din.uem...@din.uem.br )(krbPrincipalName=krbtgt/DIN.UEM conn=3 op=212 RESULT err=0 tag=101 nentries=1 etime=0 conn=3 op=213 SRCH base=cn=global_policy,cn= DIN.UEM.BR ,cn=kerberos,dc=din,dc=uem,dc=br scope=0 filter=(objectClass=*) attrs=krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure krbPwdF conn=3 op=213 RESULT err=0 tag=101 nentries=1 etime=0 conn=50 fd=66 slot=66 connection from 10.30.0.23 to 10.30.0.25 conn=50 op=-1 fd=66 closed error 34 (Numerical result out of range) - B2 /var/log/ovirt-engine/engine-manage-domains.log - 2014-10-09 11:23:05,901 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file /usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.conf. 2014-10-09 11:23:05,903 INFO [org.ovirt.engine.core.utils.LocalConfig] The file /etc/ovirt-engine/engine.conf doesn't exist or isn't readable. Will return an empty set of properties. 2014-10-09 11:23:05,904 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file /etc/ovirt-engine/engine.conf.d/10-setup-database.conf. 2014-10-09 11:23:05,905 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file /etc/ovirt-engine/engine.conf.d/10-setup-jboss.conf. 2014-10-09 11:23:05,906 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded file /etc/ovirt-engine/engine.conf.d/10-setup-pki.conf. 2014-10-09 11:23:05,907 INFO
Re: [ovirt-users] oVirt 3.4 + Ipa Server
- Original Message - From: Marcelo Donato don...@din.uem.br To: Yair Zaslavsky yzasl...@redhat.com Cc: Alon Bar-Lev alo...@redhat.com, users@ovirt.org Sent: Friday, October 10, 2014 3:20:57 PM Subject: Re: [ovirt-users] oVirt 3.4 + Ipa Server Below is result. # dig SRV _kerberos._ tcp.din.uem.br ; DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 SRV _kerberos._ tcp.din.uem.br ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 55207 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;_kerberos._. IN SRV ;; AUTHORITY SECTION: . 10668 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2014101000 1800 900 604800 86400 The resutlt is invalid - I have tried it myself with an unexisting DNS entry - got the same. You probably have some issue with your IPA setup, I'm afraid. The result should contain answer section ; ANSWER SECTION: _kerberos._tcp.yair.test. 600 IN SRV 0 100 88 machine1.yair.test. _kerberos._tcp.yair.test. 600 IN SRV 0 100 88 machine2.yair.test. Notice the number 88 - that's the default port number for kerberos. ;; Query time: 1 msec ;; SERVER: 10.30.0.15#53(10.30.0.15) ;; WHEN: Fri Oct 10 09:15:56 2014 ;; MSG SIZE rcvd: 104 ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 9293 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;tcp.din.uem.br. IN SRV ;; AUTHORITY SECTION: din.uem.br. 3468 IN SOA ns2.din.uem.br. analistas.din.uem.br. 2014032613 1800 900 60480 3600 ;; Query time: 0 msec ;; SERVER: 10.30.0.15#53(10.30.0.15) ;; WHEN: Fri Oct 10 09:15:56 2014 ;; MSG SIZE rcvd: 82 -- Ao encaminhar esta mensagem, por favor: 1. Apague o meu e-mail e o meu nome. 2. Apague também os endereços dos amigos antes de reenviar 3. Use Cco ou Bcc para enviar mensagens! Dificulte a disseminação de vírus e spam. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] New Feature: engine NIC health check
- Original Message - From: Martin Mucha mmu...@redhat.com To: engine-de...@ovirt.org, users@ovirt.org Sent: Wednesday, October 8, 2014 2:33:06 PM Subject: [ovirt-users] New Feature: engine NIC health check Hi, here's link for new feature, related to monitoring engine's NIC, trying to detect failure on engine itself and it that case block fencing. http://www.ovirt.org/Features/engine_NIC_health_check thanks for every input, namely for one addressing some of opened issues. M. I was curious on how you perform the health check, so I read the feature page - good to learn more Java :) Regarding open issues - a. Yes, IMHO the scanning interval should be configured via engine-config - do you see a reason why not to do that? Maybe we should set a minimal interval value and enforSce it? b. Same for the no faiures since.. interval c. I dont like the name of the table you're suggesting. Please consider an alternative. Also you may want to consider having a view that returns you the static infomration of the nic + the stats part (dynamic part? maybe just nic_state ? ) Why would u like to purge old data and not just hold a record per nic and update per each interval? in this case, no purging is required. Maybe for DWH you will want some info on the history of the status of the nics... but I'm not sure if this is relevant for now. d. If you go with my view suggestion, you might consider displaying the state at REST-API Yair ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Getting Started with oVirt
Hi Saloni, Welcome to oVirt :) Several answers to get you started - First of all, check out the project homepage - http://www.ovirt.org/Home Look at the download page - http://www.ovirt.org/Download For development (including how to get the code) - look here - http://www.ovirt.org/Develop And also subscribe to de...@ovirt.org mailing list You can also find many useful youtube videos that were created by my colleagues, for example this one, a lecture held by one of the manintainers - https://www.youtube.com/watch?v=O6LAQxBzf6g You can also find us on IRC - irc.oftc.net , #ovirt (for example,my nick there is yzaslavs) - feel free to drop by and ask questions I hope all this helps, Yair - Original Message - From: Saloni Baweja salonibawej...@gmail.com To: users@ovirt.org Sent: Friday, October 3, 2014 6:14:10 PM Subject: [ovirt-users] Getting Started with oVirt I am an aspirant for OPW and found oVirt interesting. But, I don't know much about virtualized networks, storage etc and am just a beginner. It would be great if I get guidance about how to start understanding about oVirt, what exactly is oVirt. How can I get acquainted with oVirt and understand its code, working ( as a mere beginner ) so that I can start contributing towards this ? -- Build your own dreams, or someone else will hire you to build theirs. ;) Saloni Baweja Blog: salonibaweja10.wordpress.com/ ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt-engine admin GUI
- Original Message - From: Eli Mesika emes...@redhat.com To: Simon Barrett simon.barr...@tradingscreen.com Cc: users@ovirt.org Sent: Tuesday, September 30, 2014 5:31:00 PM Subject: Re: [ovirt-users] ovirt-engine admin GUI - Original Message - From: Simon Barrett simon.barr...@tradingscreen.com To: users@ovirt.org Sent: Tuesday, September 30, 2014 3:37:37 PM Subject: [ovirt-users] ovirt-engine admin GUI Is there a way to configure the “pause” button to prompt with a confirmation dialog box in the same way that the “shutdown” button does (Are you sure you want to Shut down the following Virtual Machines?) . VM’s with large amounts of memory in use take a while to pause so could be out of action for a while if pause was clicked by mistake. I looked through the engine-config options but couldn’t see anything. IMHO, I think the word configure is somewhat misleading, hence I would not expect this to be at engine-config, this should probably be pure UI stuff. Seems like it is not supported in 3.5 , you can open a RFE on oVirt https://bugzilla.redhat.com/enter_bug.cgi?product=oVirt +1 Thanks, Simon ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] error to add domain in rhevm
- Original Message - From: linisha m linish...@cms.com To: users@ovirt.org Sent: Thursday, September 18, 2014 3:08:20 PM Subject: [ovirt-users] error to add domain in rhevm Sir I can’t add domain using the command rhevm-manage-domains. The command that I executed is rhevm-manage-domains –action=add –domain=example.com –user=rhevadmin –provider=IPA –interactive. The error is Failed to find example.com domain, client not find un Kerberos database. Can u please tell me the solution for this problem as far as possible. Thanks Linisha M Hi Linisha, can you please first state what versio nof ovirt you're using? Second, looks like for some reason your example.com domain cannot be found. can you please try and dig _ldap._tcp.example.com and dig _kerberos._tcp.example.com and provide us the results? Many thanks, Yair DISCLAIMER: The information contained in this communication, including any attachments (‘email’) is privileged, confidential or otherwise protected by disclosure and is intended only for the individuals or entities named above and any others who have been specifically authorized to receive it. Any unauthorized dissemination, copying or use of the contents of this email is strictly prohibited and may be in violation of law. If you are not the intended recipient, please do not read, copy and use or disclose to others the contents of this communication. Please notify the sender that you have received this e-mail in error by replying to this e-mail copying to i...@cms.com and thereafter please delete the e-mail from your system. Nothing contained in this disclaimer shall be construed in any way to grant permission to transmit confidential information via CMS Group’s e-mail system or as a waiver of any confidentiality or privilege. CMS Info Systems Pvt. Ltd. (including its group companies) shall not be liable for the improper or incomplete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. You will appreciate that e-mail transmission cannot be guaranteed to be secure or error-free as its contents are susceptible to loss, damage, interception, destruction, etc. Before opening any attachments please check them for viruses and defects. Please note that any views or opinions presented in this email are those of the author and do not necessarily represent those of CMS Info Systems Pvt. Ltd. (including its group companies). ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [RFI] oVirt 3.6 Planning
Switch our providers (i.e - neutron) to extapi based extensions. - Original Message - From: Itamar Heim ih...@redhat.com To: users@ovirt.org Sent: Friday, September 12, 2014 3:22:41 PM Subject: [ovirt-users] [RFI] oVirt 3.6 Planning With oVirt 3.5 nearing GA, time to ask for what do you want to see in oVirt 3.6? Thanks, Itamar ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Engine Hardware Crash
Just to make sure, this means that when it comes to file system , etc.. you also have your storage resources available, right? You lost the engine with the db, am I correct ? I'm CCing someone that might have the exact answer for that. - Original Message - From: Maurice James mja...@media-node.com To: users users@ovirt.org Sent: Wednesday, September 10, 2014 3:46:35 PM Subject: [ovirt-users] Engine Hardware Crash I just recently had the hardware that acts as the engine crash. I have a blinking amber light on the server. I have servers on the remaining hosts. How do I, or can I use vdsm to interact with the VMs that are still present on those hosts without the engine? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] adding machine to openldap + kerberos with a keytab
- Original Message - From: William Law w...@stanford.edu To: users users@ovirt.org Sent: Thursday, September 11, 2014 1:53:04 AM Subject: [ovirt-users] adding machine to openldap + kerberos with a keytab Hi, When I try to use engine-manage-domains it seems to expect an account to sign in with. Is there any way to use a key tab? It seems like it does all this under the surface eventually; I'd just like to do it up front. Even a pointer to manual adding instructions would be very helpful. Thanks, Will Hi Will, No way to perform this with manage domains at the moment. Not sure if we will invest in this, as in oVirt 3.5 we introduce a pluggable architecture for AAA, based on extensions + configuration files managed-domains should be used to support existing setups that will undergo upgrade to 3.5 (or of course, will remain in their current versions). ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] adding machine to openldap + kerberos with a keytab
- Original Message - From: William Law w...@stanford.edu To: Yair Zaslavsky yzasl...@redhat.com Cc: users users@ovirt.org Sent: Thursday, September 11, 2014 2:11:08 AM Subject: Re: [ovirt-users] adding machine to openldap + kerberos with a keytab OK, thanks. Is there a way to perform it without manage-domains currently or in 3.5? in 3.5 - you can add new authn (authentication) and authz (authorization) providers by using configuration files. Regards, Will On Sep 10, 2014, at 4:07 PM, Yair Zaslavsky yzasl...@redhat.com wrote: - Original Message - From: William Law w...@stanford.edu To: users users@ovirt.org Sent: Thursday, September 11, 2014 1:53:04 AM Subject: [ovirt-users] adding machine to openldap + kerberos with a keytab Hi, When I try to use engine-manage-domains it seems to expect an account to sign in with. Is there any way to use a key tab? It seems like it does all this under the surface eventually; I'd just like to do it up front. Even a pointer to manual adding instructions would be very helpful. Thanks, Will Hi Will, No way to perform this with manage domains at the moment. Not sure if we will invest in this, as in oVirt 3.5 we introduce a pluggable architecture for AAA, based on extensions + configuration files managed-domains should be used to support existing setups that will undergo upgrade to 3.5 (or of course, will remain in their current versions). ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Ovirt and Fedora 20
- Original Message - From: Jamie Bohr jamieb...@gmail.com To: Users@ovirt.org Sent: Wednesday, August 27, 2014 5:59:07 AM Subject: [ovirt-users] Ovirt and Fedora 20 I followed the instructions on http://www.ovirt.org/Quick_Start_Guide#Install_oVirt_Engine_.28Fedora_.2F_Red_Hat_Enterprise_Linux_.2F_CentOS.29 for installing ovirt on a Fedora 20 instance. I expanded jboss-as-web-7.0.2.Final into /opt/jboss-as-web-7.0.2.Final and ran engine-setup --jboss-home=/opt/jboss-as-web-7.0.2.Final. Can you please elaborate why this is the jboss version you're using and where did you download from? AFAIK this is not the correct jboss version that should be used, but jboss-as-7.1.1 Thanks, Yair Everything appeared fine however the web interface will not start, the following appear in the console.log file: Could not load Logmanager org.jboss.logmanager I looked for that error in reference to ovirt but did not find anything relevant, hoping someone on this list can point me in the right direction. Sorry if this was double posted, it was not in my sent item and it was late yesterday when I thought I sent it. -- Jamie Bohr ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Ovirt and Fedora 20
- Original Message - From: Jamie Bohr jamieb...@gmail.com To: Users@ovirt.org Sent: Wednesday, August 27, 2014 6:15:48 AM Subject: Re: [ovirt-users] Ovirt and Fedora 20 I had an error of Failed to parse configuration of which https://bugzilla.redhat.com/show_bug.cgi?id=1062318 indicated to download http://download.jboss.org/jbossas/7.1/jboss-as-7.1.1.Final/jboss-as-7.1.1.Final.zip Hi Jamie, Your setup indicates you're trying to setup to some other version, and not jboss-as-7.1.1 As you wrote , you ran - engine-setup --jboss-home=/opt/jboss-as-web-7.0.2.Final Therefore I suggest to try and install the correct jboss version and run setup again. I hope this helps, Yair . On Tue, Aug 26, 2014 at 9:59 PM, Jamie Bohr jamieb...@gmail.com wrote: I followed the instructions on http://www.ovirt.org/Quick_Start_Guide#Install_oVirt_Engine_.28Fedora_.2F_Red_Hat_Enterprise_Linux_.2F_CentOS.29 for installing ovirt on a Fedora 20 instance. I expanded jboss-as-web-7.0.2.Final into /opt/jboss-as-web-7.0.2.Final and ran engine-setup --jboss-home=/opt/jboss-as-web-7.0.2.Final. Everything appeared fine however the web interface will not start, the following appear in the console.log file: Could not load Logmanager org.jboss.logmanager I looked for that error in reference to ovirt but did not find anything relevant, hoping someone on this list can point me in the right direction. Sorry if this was double posted, it was not in my sent item and it was late yesterday when I thought I sent it. -- Jamie Bohr -- Jamie Bohr ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] HELP - Storage Domains dot not active anymore.
- Original Message - From: Fagner Patricio fagner.patri...@gmail.com To: users users@ovirt.org Sent: Monday, August 25, 2014 5:04:17 PM Subject: [ovirt-users] HELP - Storage Domains dot not active anymore. Hello everybody, i have a big trouble here. After a reboot in my ovirt datacenter two of three storage domain do not active anymore. I have very important VM in there. What can i do, please help me. Whats log I search for a clue what is going on? You should search engine.log and vdsm.log Is it possible you send us the logs to help you out? Thanks, Yair The storage domains are fedora 20 machines with tgtd service on it. -- Fagner Patrício João Pessoa - PB Brasil ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] HELP - Storage Domains dot not active anymore.
- Original Message - From: Fagner Patricio fagner.patri...@gmail.com To: users users@ovirt.org Sent: Monday, August 25, 2014 5:29:50 PM Subject: Re: [ovirt-users] HELP - Storage Domains dot not active anymore. Here my logs vdms.log https://mega.co.nz/#!8EJRWSLC!AhYjR0_jplgjl4alK_L8LaRdoofH3bslAS4slUZilkE engine.log https://mega.co.nz/#!1dwQ1RqB!9jHMdwM-6hxYoWavioFjEzvoO39MdSQnw1axuVDw9Ig Thanks for any help. From a quick glance I can see you had some connectivity issues with your vdsm host? this is probably the reboot you refer to. After that I see at engine log the following - OneVGReturnForXmlRpc [mStatus=StatusForXmlRpc [mCode=506, mMessage=Volume Group does not exist: ('vg_uuid: 7OKSEI-SprM-3NlZ-dl5y-4vTp-2mFd-zrcPY7',)]] Looks like you have an issue with one of your VGs? CC'ing someone who might be more of a help 2014-08-25 11:06 GMT-03:00 Yair Zaslavsky yzasl...@redhat.com: - Original Message - From: Fagner Patricio fagner.patri...@gmail.com To: users users@ovirt.org Sent: Monday, August 25, 2014 5:04:17 PM Subject: [ovirt-users] HELP - Storage Domains dot not active anymore. Hello everybody, i have a big trouble here. After a reboot in my ovirt datacenter two of three storage domain do not active anymore. I have very important VM in there. What can i do, please help me. Whats log I search for a clue what is going on? You should search engine.log and vdsm.log Is it possible you send us the logs to help you out? Thanks, Yair The storage domains are fedora 20 machines with tgtd service on it. -- Fagner Patrício João Pessoa - PB Brasil ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- Fagner Patrício João Pessoa - PB Brasil ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt with 389 server inactive groups
- Original Message - From: Paul Robert Marino prmari...@gmail.com To: Yair Zaslavsky yzasl...@redhat.com Cc: Itamar Heim ih...@redhat.com, users@ovirt.org Sent: Sunday, August 17, 2014 4:33:30 PM Subject: Re: [ovirt-users] ovirt with 389 server inactive groups here are the results of the queries you asked for group_ids | groups ---+- - ----,----,----,----,----,---- | core.ux.medi a.cbs.net/groups/sysadmin,domain here/groups/pmarino,domain here/groups/pd managers,domain here/groups/qa managers,domain here/groups/accounting managers,domain here/directory administrat ors (1 row) engine=# select id, name from ad_groups; id | name --+--- eee0----123456789eee | Everyone 2a8a8401-fc9e-11e3-8742-861538ea406a | domain here/Groups/sysadmin (2 rows) It does look that there is something wrong in the association of users to their group IDS. Just to make sure I'm not missing anything - Did you first add the goup, and then added users (that belong to a group) either by adding users, or by adding a permission? Yair On Wed, Aug 13, 2014 at 10:49 PM, Yair Zaslavsky yzasl...@redhat.com wrote: - Original Message - From: Paul Robert Marino prmari...@gmail.com To: Yair Zaslavsky yzasl...@redhat.com Cc: Itamar Heim ih...@redhat.com, users@ovirt.org Sent: Wednesday, August 13, 2014 11:47:40 PM Subject: Re: [ovirt-users] ovirt with 389 server inactive groups Ok so before I open a bug ticket I want to confirm I'm not doing any thing wrong here. I upgraded to 3.4 now it says Active:false on LDAP groups. Again I tried to add the sysadmin group from the directory server and set the power user and super user roles on the group it shows up as domain name/Groups/sysadmin I adder the permisions by clicking on the configure link on the top of the screen and set them in the System Permissions tab Sounds good so far. I assume also you see the permissiosn in the permissions sub tab when you click the group. I added a user (pmarino) to the system which shows in the Directory Group tab shows sysadmingroups domian name among others however it only shows in the Permissions tab the permissions inherited by Everyone it does not show any permissions inherited by the sysadmin group. This is not good - I mean, should have worked. just to prove it didnt work I logged out and attempted to log back in as the user (pmarino) it wouldn't let me log in I logged back in as the internal admin user then I added the SuperUser permissions directly to the pmarino account and logged back out again. Now when I logged in as pmarino it gave me the access I expected. Can I please ask you to provide some database info ? It will be awesome if you can provide the following SQL queries results - select group_ids, groups from users where username ilike '%pmarino%'; In addition, please perform - select id, name from ad_groups; Thanks for your help. P.S - As far as I understand the two bugs mentioend by Itamar (I mean, the solution to the bugs) should have fixed your issue as well. Here is the relevant portion of the engine log 2014-08-13 16:00:38,801 INFO [org.ovirt.engine.core.bll.AddGroupCommand] (ajp-/127.0.0.1:8702-5) [1e7fa420] Running command: AddGroupCommand internal: false. Entities affected : ID: aaa0----123456789aaa Type: System 2014-08-13 16:00:38,813 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp-/127.0.0.1:8702-5) [1e7fa420] Correlation ID: 1e7fa420, Call Stack: null, Custom Event ID: -1, Message: User 'domain name/Groups/sysadmin' was added successfully to the system. 2014-08-13 16:09:01,352 INFO [org.ovirt.engine.core.bll.AddSystemPermissionCommand] (org.ovirt.thread.pool-4-thread-24) [75cab17c] Running command: AddSystemPermissionCommand internal: false. Entities affected : ID: aaa0----123456789aaa Type: System, ID: aaa0----123456789aaa Type: System 2014-08-13 16:09
Re: [ovirt-users] ovirt with 389 server inactive groups
- Original Message - From: Paul Robert Marino prmari...@gmail.com To: Yair Zaslavsky yzasl...@redhat.com Cc: users@ovirt.org Sent: Sunday, August 17, 2014 6:32:15 PM Subject: Re: [ovirt-users] ovirt with 389 server inactive groups I think we now have enough for a proper ticket. I will create one latter today. also since I have RHEV support for my production instances I will also create a matching case with Red Hat. Thank you very much for your help here! Please add a link to this mailing list thread when you open the ticket. Many thanks, Yair On Sun, Aug 17, 2014 at 11:27 AM, Paul Robert Marino prmari...@gmail.com wrote: Ok I dug in a little further it looks like them memberof plugin in 389 server is making them lowercase which from an LDAP and or Posix perspective is not a problem but this seems to be the root cause of the issue of the difference. while this behavior is strange it is not invalid because DN's are case insensitive. The easiest way to fix this is to change the query of the group from the ad_groups table to an ilike. The potential problem here is it conflicts with SAM in windows where group names are case sensitive. This is definitely a conflict in design between AD and LDAP's core design. Interestingly I can add roles to the group and there is no problem it sets it correctly so somewhere else in the code an ilike is being uses to query the groups table. On Sun, Aug 17, 2014 at 11:05 AM, Paul Robert Marino prmari...@gmail.com wrote: I found why the group_ids field is wrong If you look at the ad_groups table then mane for the group is domain here/Groups/sysadmin however if you look at the groups field in the users table it says domain here/groups/sysadmin I tried updating the name field in the ad_groups table to match domain here/groups/sysadmin then removed and added a user now the if for that group in the group_ids field is being set correctly. This is at least a usable workaround for now. now we need to find the root cause. On Sun, Aug 17, 2014 at 10:39 AM, Paul Robert Marino prmari...@gmail.com wrote: confirmed that does seem to be the cause I updated the group_ids field of a user to the appropriate Id's from ad_groups and it fixed that user. in answer to your question Did you first add the goup, and then added users (that belong to a group) either by adding users, or by adding a permission? Ive tried it ever different way I can think of the results are always the same. On Sun, Aug 17, 2014 at 9:46 AM, Yair Zaslavsky yzasl...@redhat.com wrote: - Original Message - From: Paul Robert Marino prmari...@gmail.com To: Yair Zaslavsky yzasl...@redhat.com Cc: Itamar Heim ih...@redhat.com, users@ovirt.org Sent: Sunday, August 17, 2014 4:33:30 PM Subject: Re: [ovirt-users] ovirt with 389 server inactive groups here are the results of the queries you asked for group_ids | groups ---+- - ----,----,----,----,----,---- | domain here/groups/sysadmin,domain here/groups/pmarino,domain here/groups/pd managers,domain here/groups/qa managers,domain here/groups/accounting managers,domain here/directory administrat ors (1 row) engine=# select id, name from ad_groups; id | name --+--- eee0----123456789eee | Everyone 2a8a8401-fc9e-11e3-8742-861538ea406a | domain here/Groups/sysadmin (2 rows) It does look that there is something wrong in the association of users to their group IDS. Just to make sure I'm not missing anything - Did you first add the goup, and then added users (that belong to a group) either by adding users, or by adding a permission? Yair On Wed, Aug 13, 2014 at 10:49 PM, Yair Zaslavsky yzasl...@redhat.com wrote: - Original Message - From: Paul Robert Marino prmari...@gmail.com To: Yair Zaslavsky yzasl...@redhat.com Cc: Itamar Heim ih...@redhat.com, users@ovirt.org Sent: Wednesday, August 13, 2014 11:47:40 PM Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
Re: [ovirt-users] ovirt with 389 server inactive groups
- Original Message - From: Paul Robert Marino prmari...@gmail.com To: Yair Zaslavsky yzasl...@redhat.com Cc: Itamar Heim ih...@redhat.com, users@ovirt.org Sent: Wednesday, August 13, 2014 11:47:40 PM Subject: Re: [ovirt-users] ovirt with 389 server inactive groups Ok so before I open a bug ticket I want to confirm I'm not doing any thing wrong here. I upgraded to 3.4 now it says Active:false on LDAP groups. Again I tried to add the sysadmin group from the directory server and set the power user and super user roles on the group it shows up as domain name/Groups/sysadmin I adder the permisions by clicking on the configure link on the top of the screen and set them in the System Permissions tab Sounds good so far. I assume also you see the permissiosn in the permissions sub tab when you click the group. I added a user (pmarino) to the system which shows in the Directory Group tab shows sysadmingroups domian name among others however it only shows in the Permissions tab the permissions inherited by Everyone it does not show any permissions inherited by the sysadmin group. This is not good - I mean, should have worked. just to prove it didnt work I logged out and attempted to log back in as the user (pmarino) it wouldn't let me log in I logged back in as the internal admin user then I added the SuperUser permissions directly to the pmarino account and logged back out again. Now when I logged in as pmarino it gave me the access I expected. Can I please ask you to provide some database info ? It will be awesome if you can provide the following SQL queries results - select group_ids, groups from users where username ilike '%pmarino%'; In addition, please perform - select id, name from ad_groups; Thanks for your help. P.S - As far as I understand the two bugs mentioend by Itamar (I mean, the solution to the bugs) should have fixed your issue as well. Here is the relevant portion of the engine log 2014-08-13 16:00:38,801 INFO [org.ovirt.engine.core.bll.AddGroupCommand] (ajp-/127.0.0.1:8702-5) [1e7fa420] Running command: AddGroupCommand internal: false. Entities affected : ID: aaa0----123456789aaa Type: System 2014-08-13 16:00:38,813 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp-/127.0.0.1:8702-5) [1e7fa420] Correlation ID: 1e7fa420, Call Stack: null, Custom Event ID: -1, Message: User 'domain name/Groups/sysadmin' was added successfully to the system. 2014-08-13 16:09:01,352 INFO [org.ovirt.engine.core.bll.AddSystemPermissionCommand] (org.ovirt.thread.pool-4-thread-24) [75cab17c] Running command: AddSystemPermissionCommand internal: false. Entities affected : ID: aaa0----123456789aaa Type: System, ID: aaa0----123456789aaa Type: System 2014-08-13 16:09:01,371 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (org.ovirt.thread.pool-4-thread-24) [75cab17c] Correlation ID: 75cab17c, Call Stack: null, Custom Event ID: -1, Message: User/Group domain name/Groups/sysadmin was granted permission for Role SuperUser on System by admin. 2014-08-13 16:10:40,963 INFO [org.ovirt.engine.core.bll.AddSystemPermissionCommand] (org.ovirt.thread.pool-4-thread-26) [b42abcb] Running command: AddSystemPermissionCommand internal: false. Entities affected : ID: aaa0----123456789aaa Type: System, ID: aaa0----123456789aaa Type: System 2014-08-13 16:10:40,979 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (org.ovirt.thread.pool-4-thread-26) [b42abcb] Correlation ID: b42abcb, Call Stack: null, Custom Event ID: -1, Message: User/Group domain name/Groups/sysadmin was granted permission for Role PowerUserRole on System by admin. 2014-08-13 16:20:53,891 INFO [org.ovirt.engine.core.bll.AddUserCommand] (ajp-/127.0.0.1:8702-4) [58e00be1] Running command: AddUserCommand internal: false. Entities affected : ID: aaa0----123456789aaa Type: System 2014-08-13 16:20:53,919 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp-/127.0.0.1:8702-4) [58e00be1] Correlation ID: 58e00be1, Call Stack: null, Custom Event ID: -1, Message: User 'pmarino' was added successfully to the system. 2014-08-13 16:35:52,202 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp-/127.0.0.1:8702-10) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User pmarino failed to log in. 2014-08-13 16:35:52,202 WARN [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp-/127.0.0.1:8702-10) CanDoAction of action LoginAdminUser failed. Reasons:USER_NOT_AUTHORIZED_TO_PERFORM_ACTION 2014-08-13 16:39:48,048 INFO [org.ovirt.engine.core.bll.AddSystemPermissionCommand] (org.ovirt.thread.pool-4-thread-31) [5ba3c874] Running command: AddSystemPermissionCommand internal: false. Entities affected : ID
Re: [ovirt-users] ovirt with 389 server inactive groups
- Original Message - From: Alon Bar-Lev alo...@redhat.com To: Maurice James mja...@media-node.com Cc: users@ovirt.org Sent: Saturday, August 9, 2014 9:33:16 AM Subject: Re: [ovirt-users] ovirt with 389 server inactive groups - Original Message - From: Maurice James mja...@media-node.com To: Alon Bar-Lev alo...@redhat.com Cc: Itamar Heim ih...@redhat.com, users@ovirt.org Sent: Saturday, August 9, 2014 3:47:04 AM Subject: Re: [ovirt-users] ovirt with 389 server inactive groups Does this still require the use of kerberos? Will 389-ds work on its own? In 3.5 we introduced pure ldap support[1], obsoleting the kerberos/ldap mix. It will be great to receive feedback[2]. 389ds is not supported directly, I think it is similar to IPA as it uses 389. Maybe I should rename the profile of ipa to 389 if it works properly. Sorry for the very late response, I was on PTO - Prior to 3.5 - 389ds was supported via the RHDS provider AFAIK, 389ds is upstream version for RHDS... Regards, Alon [1] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=master [2] http://lists.ovirt.org/pipermail/devel/2014-August/008367.html - Original Message - From: Alon Bar-Lev alo...@redhat.com To: Itamar Heim ih...@redhat.com Cc: users@ovirt.org Sent: Friday, August 8, 2014 3:45:07 PM Subject: Re: [ovirt-users] ovirt with 389 server inactive groups - Original Message - From: Itamar Heim ih...@redhat.com To: Paul Robert Marino prmari...@gmail.com, users@ovirt.org Sent: Friday, August 8, 2014 10:37:11 PM Subject: Re: [ovirt-users] ovirt with 389 server inactive groups On 08/07/2014 07:06 PM, Paul Robert Marino wrote: I have ovirt engine running and connected to a 389 server with the memberof plugin enabled and working properly. I can add users and assign them to roles without any issues. when I look at a user I can see all the LDAP groups they are a member of. when I run engine-manage-domains -action=validate it tells me the domain is valid. here is my problem when I try to assign a role to an LDAP group it looks like it works but in the general tab when under the group it tells me the status is Inactive. dose any one know how to enable the group? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users 3.4 or new 3.5 Generic LDAP provider? On case this is 3.5 it is known issue, all groups will be seen as inactive, this field will probably be removed from UI, as groups are no longer fetched periodically. This field is totally ignored. Alon ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt with 389 server inactive groups
I have checked the codebase of 3.3 - the active field is used for presentation purpose only. Alon has addressed our plans for this in his previous comments. I hope this clarifies more.. Yair - Original Message - From: Itamar Heim ih...@redhat.com To: Alon Bar-Lev alo...@redhat.com, Paul Robert Marino prmari...@gmail.com Cc: users@ovirt.org Sent: Sunday, August 10, 2014 11:54:05 PM Subject: Re: [ovirt-users] ovirt with 389 server inactive groups On 08/10/2014 10:50 PM, Alon Bar-Lev wrote: - Original Message - From: Paul Robert Marino prmari...@gmail.com To: Alon Bar-Lev alo...@redhat.com Cc: Maurice James mja...@media-node.com, users@ovirt.org Sent: Sunday, August 10, 2014 10:43:14 PM Subject: Re: [ovirt-users] ovirt with 389 server inactive groups Sorry for my delayed response to this I am using ovirt 3.3. I am using Kerberos 5, and all of the DNS requirements are in place. Finally 389 server is the upstream project for RHDS and one of the upstream projects for IPA. So I chose to set it as RHDS because its an identical match. User authentication works just fine my problem is adding roles to groups. I can assign a role to a group but the group always shows an inactive status; however if I assign a role directly to to a user it works fine. In addition if I drill down into a user it knows what groups in the 389 server the user is a member of. finally I can't see any error in the logs when adding a role to a group Please open a bug, I am unsure that it will be addressed before 3.5, as we have done major rework for the authentication and authorization to make it much more versatile. Even if there will be a fix it will be provided to 3.4.z. It will be best if you want to test this scenario in 3.5 release candidate and the new ldap provider, so we can address the issue before 3.5 release if exists. could also be one of these fixed in 3.4: 3.4.0 - Bug 1065615 - When adding a user that belongs to a group, it does not inherit the group permissions 3.4.1 - Bug 1069562 - When assigning permissions to user that belongs to a group indirectly, it does not inherit the group permissions On Sat, Aug 9, 2014 at 2:33 AM, Alon Bar-Lev alo...@redhat.com wrote: - Original Message - From: Maurice James mja...@media-node.com To: Alon Bar-Lev alo...@redhat.com Cc: Itamar Heim ih...@redhat.com, users@ovirt.org Sent: Saturday, August 9, 2014 3:47:04 AM Subject: Re: [ovirt-users] ovirt with 389 server inactive groups Does this still require the use of kerberos? Will 389-ds work on its own? In 3.5 we introduced pure ldap support[1], obsoleting the kerberos/ldap mix. It will be great to receive feedback[2]. 389ds is not supported directly, I think it is similar to IPA as it uses 389. Maybe I should rename the profile of ipa to 389 if it works properly. Regards, Alon [1] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=master [2] http://lists.ovirt.org/pipermail/devel/2014-August/008367.html - Original Message - From: Alon Bar-Lev alo...@redhat.com To: Itamar Heim ih...@redhat.com Cc: users@ovirt.org Sent: Friday, August 8, 2014 3:45:07 PM Subject: Re: [ovirt-users] ovirt with 389 server inactive groups - Original Message - From: Itamar Heim ih...@redhat.com To: Paul Robert Marino prmari...@gmail.com, users@ovirt.org Sent: Friday, August 8, 2014 10:37:11 PM Subject: Re: [ovirt-users] ovirt with 389 server inactive groups On 08/07/2014 07:06 PM, Paul Robert Marino wrote: I have ovirt engine running and connected to a 389 server with the memberof plugin enabled and working properly. I can add users and assign them to roles without any issues. when I look at a user I can see all the LDAP groups they are a member of. when I run engine-manage-domains -action=validate it tells me the domain is valid. here is my problem when I try to assign a role to an LDAP group it looks like it works but in the general tab when under the group it tells me the status is Inactive. dose any one know how to enable the group? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users 3.4 or new 3.5 Generic LDAP provider? On case this is 3.5 it is known issue, all groups will be seen as inactive, this field will probably be removed from UI, as groups are no longer fetched periodically. This field is totally ignored. Alon ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list
Re: [ovirt-users] ovirt with 389 server inactive groups
- Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Itamar Heim ih...@redhat.com Cc: users@ovirt.org Sent: Monday, August 11, 2014 8:13:53 PM Subject: Re: [ovirt-users] ovirt with 389 server inactive groups I have checked the codebase of 3.3 - the active field is used for presentation purpose only. Presentation wise only - means that it is not used for our permissions calculation , for example. Alon has addressed our plans for this in his previous comments. I hope this clarifies more.. Yair - Original Message - From: Itamar Heim ih...@redhat.com To: Alon Bar-Lev alo...@redhat.com, Paul Robert Marino prmari...@gmail.com Cc: users@ovirt.org Sent: Sunday, August 10, 2014 11:54:05 PM Subject: Re: [ovirt-users] ovirt with 389 server inactive groups On 08/10/2014 10:50 PM, Alon Bar-Lev wrote: - Original Message - From: Paul Robert Marino prmari...@gmail.com To: Alon Bar-Lev alo...@redhat.com Cc: Maurice James mja...@media-node.com, users@ovirt.org Sent: Sunday, August 10, 2014 10:43:14 PM Subject: Re: [ovirt-users] ovirt with 389 server inactive groups Sorry for my delayed response to this I am using ovirt 3.3. I am using Kerberos 5, and all of the DNS requirements are in place. Finally 389 server is the upstream project for RHDS and one of the upstream projects for IPA. So I chose to set it as RHDS because its an identical match. User authentication works just fine my problem is adding roles to groups. I can assign a role to a group but the group always shows an inactive status; however if I assign a role directly to to a user it works fine. In addition if I drill down into a user it knows what groups in the 389 server the user is a member of. finally I can't see any error in the logs when adding a role to a group Please open a bug, I am unsure that it will be addressed before 3.5, as we have done major rework for the authentication and authorization to make it much more versatile. Even if there will be a fix it will be provided to 3.4.z. It will be best if you want to test this scenario in 3.5 release candidate and the new ldap provider, so we can address the issue before 3.5 release if exists. could also be one of these fixed in 3.4: 3.4.0 - Bug 1065615 - When adding a user that belongs to a group, it does not inherit the group permissions 3.4.1 - Bug 1069562 - When assigning permissions to user that belongs to a group indirectly, it does not inherit the group permissions On Sat, Aug 9, 2014 at 2:33 AM, Alon Bar-Lev alo...@redhat.com wrote: - Original Message - From: Maurice James mja...@media-node.com To: Alon Bar-Lev alo...@redhat.com Cc: Itamar Heim ih...@redhat.com, users@ovirt.org Sent: Saturday, August 9, 2014 3:47:04 AM Subject: Re: [ovirt-users] ovirt with 389 server inactive groups Does this still require the use of kerberos? Will 389-ds work on its own? In 3.5 we introduced pure ldap support[1], obsoleting the kerberos/ldap mix. It will be great to receive feedback[2]. 389ds is not supported directly, I think it is similar to IPA as it uses 389. Maybe I should rename the profile of ipa to 389 if it works properly. Regards, Alon [1] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=master [2] http://lists.ovirt.org/pipermail/devel/2014-August/008367.html - Original Message - From: Alon Bar-Lev alo...@redhat.com To: Itamar Heim ih...@redhat.com Cc: users@ovirt.org Sent: Friday, August 8, 2014 3:45:07 PM Subject: Re: [ovirt-users] ovirt with 389 server inactive groups - Original Message - From: Itamar Heim ih...@redhat.com To: Paul Robert Marino prmari...@gmail.com, users@ovirt.org Sent: Friday, August 8, 2014 10:37:11 PM Subject: Re: [ovirt-users] ovirt with 389 server inactive groups On 08/07/2014 07:06 PM, Paul Robert Marino wrote: I have ovirt engine running and connected to a 389 server with the memberof plugin enabled and working properly. I can add users and assign them to roles without any issues. when I look at a user I can see all the LDAP groups they are a member of. when I run engine-manage-domains -action=validate it tells me the domain is valid. here is my problem when I try to assign a role to an LDAP group it looks like it works but in the general tab when under the group it tells me the status is Inactive. dose any one know how to enable the group? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users 3.4 or new 3.5 Generic LDAP provider? On case this is 3.5 it is known issue, all groups will be seen as inactive
Re: [ovirt-users] Relationship bw storage domain uuid/images/children and VM's
- Original Message - From: Steve Dainard sdain...@miovision.com To: users users@ovirt.org Sent: Thursday, July 17, 2014 7:51:31 PM Subject: [ovirt-users] Relationship bw storage domain uuid/images/children and VM's Hello, I'd like to get an understanding of the relationship between VM's using a storage domain, and the child directories listed under .../storage domain name/storage domain uuid/images/. Running through some backup scenarios I'm noticing a significant difference between the number of provisioned VM's using a storage domain (21) + templates (6) versus the number of child directories under images/ (107). Can you please elaborate (if possible) on the number of images per VM that you're having in your setup? Running RHEV 3.4 trial. Thanks, Steve ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Help....
Please provide full engine.log and full server.log Thanks! In addition, what version did you upgrade from? - Original Message - From: Koen Vanoppen vanoppen.k...@gmail.com To: users@ovirt.org Sent: Wednesday, June 18, 2014 7:55:15 AM Subject: [ovirt-users] Help This happend after the update to 3.4.2 when I start the engine. I can't login anymore... This is the error. Any Idea's? PLease 2014-06-18 06:51:45,728 ERROR [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] (DefaultQuartzScheduler_Worker-79) ResourceManager::refreshVdsRunTimeInfo: Error: IllegalStateException: JBAS011049: Component is stopped, vds = b34902ea-ad11-45d3-96ee-47de1864e4e0 : mercury1 2014-06-18 06:51:45,736 ERROR [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] (DefaultQuartzScheduler_Worker-79) IllegalStateException: JBAS011049: Component is stopped: java.lang.IllegalStateException: JBAS011049: Component is stopped at org.jboss.as.ee.component.BasicComponent.waitForComponentStart(BasicComponent.java:104) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.BasicComponent.constructComponentInstance(BasicComponent.java:127) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.BasicComponent.createInstance(BasicComponent.java:85) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.component.stateless.StatelessSessionComponent$1.create(StatelessSessionComponent.java:66) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.component.stateless.StatelessSessionComponent$1.create(StatelessSessionComponent.java:63) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.pool.AbstractPool.create(AbstractPool.java:60) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.pool.strictmax.StrictMaxPool.get(StrictMaxPool.java:123) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:47) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.ovirt.engine.core.common.businessentities.IVdsEventListener$$$view6.addExternallyManagedVms(Unknown Source) at
Re: [ovirt-users] problem engine-manage-domains add ldap domain
I helped Lucas resolve this over IRC. This was an issue with his kerberos setup. Lucas, care to share here what issue did you discover? Yair - Original Message - From: lucas castro lucascastrobor...@gmail.com To: users@ovirt.org Sent: Wednesday, June 11, 2014 9:50:48 PM Subject: [ovirt-users] problem engine-manage-domains add ldap domain I'm trying to add a ldap domain to ovirt-engine, but getting problem with that. I sent three files with the engine-manage-domains log the krb5 config generated for testing and the tcpdump port 53 from my dns server can anybody help me to find what is happening? -- contatos: Celular: ( 99 ) 9143-5954 - Vivo skype: lucasd3castro msn: lucascastrobor...@hotmail.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Delete snapshots
From what I see in the code of the remove snapshot command, the vm should be in DOWN state in order for the snapshot to be removed (well, this is of course just one of the conditions). - Original Message - From: Maurice James mja...@media-node.com To: users users@ovirt.org Sent: Sunday, May 11, 2014 2:53:39 AM Subject: [ovirt-users] Delete snapshots Is it possible to delete snapshots on running VMs? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Users losing permissions when user portal session times out
- Original Message - From: Jeff Clay jeffc...@gmail.com To: users@ovirt.org, paul thornton paul.thorn...@infotech-enterprises.com Sent: Thursday, May 8, 2014 9:09:00 AM Subject: [ovirt-users] Users losing permissions when user portal session times out I finally have everything working pretty good. I have noticed that if I log in to the user portal as a user with the regular UserRole granted and only the the pool objects and the user portal session times I can not log back in. The user portal shows the message the the user is not authorized to perform this function. When I log in as admin and go to users then view the permissions for the user I was just logged in as, the user no longer shows the UserRole role even though the permissions on the pool objects still show the role is granted. I have to delete the user from the Users list and logging back in will refresh the permissions. I have ovirt integrated with my active directory for logins. I am granting permissions based on active directory groups. To grant the permissions, I am selecting the object (usually a pool), then selecting the permissions tab and then clicking add; I do a search for the group, i click the check box next to it and click ok. The group permissions seem to remain on the object when the user portal session times out, but the actual user that timed out loses all permissions/roles. I have no idea what could be causing this other than some sort of bug. Any ideas? Thanks in advance. This is a known issue, and IIRC was resolved by Oved. Oved, am I correct here? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Users losing permissions when user portal session times out
Jeff, which ovrit version are you using? Thanks. - Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Jeff Clay jeffc...@gmail.com Cc: Oved Ourfalli ov...@redhat.com, paul thornton paul.thorn...@infotech-enterprises.com, users@ovirt.org Sent: Thursday, May 8, 2014 10:05:46 AM Subject: Re: [ovirt-users] Users losing permissions when user portal session times out - Original Message - From: Jeff Clay jeffc...@gmail.com To: users@ovirt.org, paul thornton paul.thorn...@infotech-enterprises.com Sent: Thursday, May 8, 2014 9:09:00 AM Subject: [ovirt-users] Users losing permissions when user portal session times out I finally have everything working pretty good. I have noticed that if I log in to the user portal as a user with the regular UserRole granted and only the the pool objects and the user portal session times I can not log back in. The user portal shows the message the the user is not authorized to perform this function. When I log in as admin and go to users then view the permissions for the user I was just logged in as, the user no longer shows the UserRole role even though the permissions on the pool objects still show the role is granted. I have to delete the user from the Users list and logging back in will refresh the permissions. I have ovirt integrated with my active directory for logins. I am granting permissions based on active directory groups. To grant the permissions, I am selecting the object (usually a pool), then selecting the permissions tab and then clicking add; I do a search for the group, i click the check box next to it and click ok. The group permissions seem to remain on the object when the user portal session times out, but the actual user that timed out loses all permissions/roles. I have no idea what could be causing this other than some sort of bug. Any ideas? Thanks in advance. This is a known issue, and IIRC was resolved by Oved. Oved, am I correct here? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - feature pages
- Original Message - From: Gilad Chaplik gchap...@redhat.com To: Yair Zaslavsky yzasl...@redhat.com Cc: Arthur Berezin abere...@redhat.com, users users@ovirt.org Sent: Monday, May 5, 2014 10:57:01 AM Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - feature pages - Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Arthur Berezin abere...@redhat.com Cc: Gilad Chaplik gchap...@redhat.com, users users@ovirt.org Sent: Monday, May 5, 2014 6:39:02 AM Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - feature pages - Original Message - From: Arthur Berezin abere...@redhat.com To: Gilad Chaplik gchap...@redhat.com Cc: users users@ovirt.org Sent: Sunday, May 4, 2014 5:35:59 PM Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - feature pages In this case engine periodically checks health of hosts' power management as HA relies on it. Arthur - Original Message - From: Gilad Chaplik gchap...@redhat.com To: Eli Mesika emes...@redhat.com Cc: users users@ovirt.org, Arthur Berezin abere...@redhat.com Sent: Sunday, May 4, 2014 5:26:45 PM Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - feature pages Hi Eli, Here is my comment :) Why engine needs to send the status health check, isn't there any 3rd parties that does it, that we can integrate with? If found, it probably has /less (known) bugs/more features/ and it's already written, tested, documented, allows further integration and probably deals with scale. btw, fixed some typos in your pages :-) Thanks, Gilad. Hi, what 3rd party for example do you refer to? The PM code already exists at engine, And you're also using quartz for scheduling. Yair, You're are raising some good points, but imo the entire host monitoring (inc getVdsStats, etc.) should be externalized. There are 2 major issues that we still don't cover: - No HA for monitoring, who checks the hosts when the engine is down. - No scale - the engine is a bottle-neck in network and compute. Although the above is a huge arch change, we need to start somewhere, this feature sounds like a candidate to introduce it. About the examples: http://sixrevisions.com/tools/10-free-server-network-monitoring-tools-that-kick-ass/ The main goal of the feature if my suggestion is taken, is to select to most appropriate one. Thanks, Gilad. Well, Nagios is being considered to be used or used by Gluster guys. However, it will still require (AFAIK) to code some nagios plugin to perfrom the health check. In addition, you will have to report somehow the state change to engine. IMHO, this a bit of an overkill (look also at the time that the check is run - once in an hour, so it can't be compared to getVmStats). - Original Message - From: Eli Mesika emes...@redhat.com To: users users@ovirt.org Cc: Arthur Berezin abere...@redhat.com Sent: Sunday, May 4, 2014 12:18:47 PM Subject: [ovirt-users] oVirt 3.5 : Power Management Health Check - feature pages Hi The following wiki pages were added to the Power Management Health Check feature planned for oVirt 3.5 http://www.ovirt.org/Features/PMHealthCheck http://www.ovirt.org/Features/Design/DetailedPMHealthCheck Your comments/questions are mostly welcomed. Thanks Eli Mesika ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - feature pages
- Original Message - From: Gilad Chaplik gchap...@redhat.com To: Arthur Berezin abere...@redhat.com Cc: users users@ovirt.org, Yair Zaslavsky yzasl...@redhat.com Sent: Monday, May 5, 2014 11:52:25 AM Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - feature pages - Original Message - From: Arthur Berezin abere...@redhat.com To: Gilad Chaplik gchap...@redhat.com Cc: users users@ovirt.org, Yair Zaslavsky yzasl...@redhat.com Sent: Monday, May 5, 2014 11:30:24 AM Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - feature pages - Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Gilad Chaplik gchap...@redhat.com Cc: Arthur Berezin abere...@redhat.com, users users@ovirt.org Sent: Monday, May 5, 2014 11:10:10 AM Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - feature pages - Original Message - From: Gilad Chaplik gchap...@redhat.com To: Yair Zaslavsky yzasl...@redhat.com Cc: Arthur Berezin abere...@redhat.com, users users@ovirt.org Sent: Monday, May 5, 2014 10:57:01 AM Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - feature pages - Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Arthur Berezin abere...@redhat.com Cc: Gilad Chaplik gchap...@redhat.com, users users@ovirt.org Sent: Monday, May 5, 2014 6:39:02 AM Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - feature pages - Original Message - From: Arthur Berezin abere...@redhat.com To: Gilad Chaplik gchap...@redhat.com Cc: users users@ovirt.org Sent: Sunday, May 4, 2014 5:35:59 PM Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - feature pages In this case engine periodically checks health of hosts' power management as HA relies on it. Arthur - Original Message - From: Gilad Chaplik gchap...@redhat.com To: Eli Mesika emes...@redhat.com Cc: users users@ovirt.org, Arthur Berezin abere...@redhat.com Sent: Sunday, May 4, 2014 5:26:45 PM Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - feature pages Hi Eli, Here is my comment :) Why engine needs to send the status health check, isn't there any 3rd parties that does it, that we can integrate with? If found, it probably has /less (known) bugs/more features/ and it's already written, tested, documented, allows further integration and probably deals with scale. btw, fixed some typos in your pages :-) Thanks, Gilad. Hi, what 3rd party for example do you refer to? The PM code already exists at engine, And you're also using quartz for scheduling. Yair, You're are raising some good points, but imo the entire host monitoring (inc getVdsStats, etc.) should be externalized. There are 2 major issues that we still don't cover: - No HA for monitoring, who checks the hosts when the engine is down. - No scale - the engine is a bottle-neck in network and compute. Although the above is a huge arch change, we need to start somewhere, this feature sounds like a candidate to introduce it. About the examples: http://sixrevisions.com/tools/10-free-server-network-monitoring-tools-that-kick-ass/ The main goal of the feature if my suggestion is taken, is to select to most appropriate one. Thanks, Gilad. Well, Nagios is being considered to be used or used by Gluster guys. However, it will still require (AFAIK) to code some nagios plugin to perfrom the health check. In addition, you will have to report somehow the state change to engine. IMHO, this a bit of an overkill (look also at the time that the check is run - once in an hour, so it can't be compared to getVmStats). +1 These monitoring tools bring a lot of value, and there are some initial integrations that we might want to look into[1][2]. But it's an overkill for this RFE - run PM Check periodically, in addition to initial PM check at host setup stage. [1] https://github.com/monitoring-ui-plugin/development [2] http://exchange.nagios.org/directory/Plugins/Operating-Systems/*-Virtual-Environments/Others/check_rhev3/details -1 on overkill. As I mentioned, proper monitoring is a huge feature; it should be gradually introduced, IMO this is a good starting point. We can look at it as an overkill _or_ as a jumpborad, that will reduce learning curve and future integrations issues. IMHO this will increase also deployment complexity
Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - feature pages
- Original Message - From: Arthur Berezin abere...@redhat.com To: Gilad Chaplik gchap...@redhat.com Cc: users users@ovirt.org Sent: Sunday, May 4, 2014 5:35:59 PM Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - feature pages In this case engine periodically checks health of hosts' power management as HA relies on it. Arthur - Original Message - From: Gilad Chaplik gchap...@redhat.com To: Eli Mesika emes...@redhat.com Cc: users users@ovirt.org, Arthur Berezin abere...@redhat.com Sent: Sunday, May 4, 2014 5:26:45 PM Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - feature pages Hi Eli, Here is my comment :) Why engine needs to send the status health check, isn't there any 3rd parties that does it, that we can integrate with? If found, it probably has /less (known) bugs/more features/ and it's already written, tested, documented, allows further integration and probably deals with scale. btw, fixed some typos in your pages :-) Thanks, Gilad. Hi, what 3rd party for example do you refer to? The PM code already exists at engine, And you're also using quartz for scheduling. - Original Message - From: Eli Mesika emes...@redhat.com To: users users@ovirt.org Cc: Arthur Berezin abere...@redhat.com Sent: Sunday, May 4, 2014 12:18:47 PM Subject: [ovirt-users] oVirt 3.5 : Power Management Health Check - feature pages Hi The following wiki pages were added to the Power Management Health Check feature planned for oVirt 3.5 http://www.ovirt.org/Features/PMHealthCheck http://www.ovirt.org/Features/Design/DetailedPMHealthCheck Your comments/questions are mostly welcomed. Thanks Eli Mesika ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt 3.4 and FreeIPA authentication
As mentioned by Sven, As far as I know all these bugs were solved for 3.4.1 However, if possible, I would like to get the following information - a. select user_id, username, group_ids from users where username = 'THE_USER_YOU_TRIED_TO_LOGIN_WITH'; b. select id, name from ad_groups; - Original Message - From: Peter Harris doilooksensi...@gmail.com To: Users@ovirt.org Sent: Wednesday, April 30, 2014 11:55:04 AM Subject: [ovirt-users] ovirt 3.4 and FreeIPA authentication I have just create an oVirt 3.4 server as part of my test environment prior to moving from my production 3.3 environment. I authenticate against FreeIPA 3.0.0 I generally add a group in IPA, add the permissions in ovirt against the group, and then add/remove users from the groups in IPA. With oVirt3.4, I have justed added my vmadmin IPA group to ovirt, and given it the SuperUser role. I try to log in to oVirt 3.4 as myself (I am in the vmadmin group), and I can authenticate fine, but I do not have SuperUser privileges. If I log in to my live Ovirt (3.3), I do have SuperUser privileges. Has something changed? Or is there an extra step I have to take that I have missed to propogate privileges. Thanks Peter P.S. All work done in the ovirt Admin portal gui so far, not tried the CLI yet. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt 3.4 and FreeIPA authentication
- Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Peter Harris doilooksensi...@gmail.com Cc: Users@ovirt.org, Sven Kieske s.kie...@mittwald.de Sent: Wednesday, April 30, 2014 12:19:57 PM Subject: Re: [ovirt-users] ovirt 3.4 and FreeIPA authentication As mentioned by Sven, As far as I know all these bugs were solved for 3.4.1 However, if possible, I would like to get the following information - a. select user_id, username, group_ids from users where username = 'THE_USER_YOU_TRIED_TO_LOGIN_WITH'; b. select id, name from ad_groups; of course this should be collected from the database. - Original Message - From: Peter Harris doilooksensi...@gmail.com To: Users@ovirt.org Sent: Wednesday, April 30, 2014 11:55:04 AM Subject: [ovirt-users] ovirt 3.4 and FreeIPA authentication I have just create an oVirt 3.4 server as part of my test environment prior to moving from my production 3.3 environment. I authenticate against FreeIPA 3.0.0 I generally add a group in IPA, add the permissions in ovirt against the group, and then add/remove users from the groups in IPA. With oVirt3.4, I have justed added my vmadmin IPA group to ovirt, and given it the SuperUser role. I try to log in to oVirt 3.4 as myself (I am in the vmadmin group), and I can authenticate fine, but I do not have SuperUser privileges. If I log in to my live Ovirt (3.3), I do have SuperUser privileges. Has something changed? Or is there an extra step I have to take that I have missed to propogate privileges. Thanks Peter P.S. All work done in the ovirt Admin portal gui so far, not tried the CLI yet. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Error creating Disks
Hi, IMHO not enough info is provided, Can you please provide full engine.log and relevant vdsm.log? THanks, Yair - Original Message - From: Maurice James mja...@media-node.com To: users@ovirt.org Sent: Monday, April 14, 2014 5:00:37 PM Subject: [ovirt-users] Error creating Disks oVirt Engine Version: 3.4.1-0.0.master.20140412010845.git43746c6.el6 While attempting to create a disk on an NFS storage domain, it fails with the following error in the engine.log 2014-04-14 09:58:12,127 ERROR [org.ovirt.engine.core.vdsbroker.vdsbroker.HSMGetAllTasksStatusesVDSCommand] (DefaultQuartzScheduler_Worker-72) Failed in HSMGetAllTasksStatusesVDS method 2014-04-14 09:58:12,139 ERROR [org.ovirt.engine.core.bll.SPMAsyncTask] (DefaultQuartzScheduler_Worker-72) BaseAsyncTask::LogEndTaskFailure: Task ee6ce682-bd76-467a-82d2-d227229cb9de (Parent Command AddDisk, Parameters Type org.ovirt.engine.core.common.asynctasks.AsyncTaskParameters) ended with failure: 2014-04-14 09:58:12,159 ERROR [org.ovirt.engine.core.bll.AddDiskCommand] (org.ovirt.thread.pool-6-thread-9) [483e53d6] Ending command with failure: org.ovirt.engine.core.bll.AddDiskCommand 2014-04-14 09:58:12,212 ERROR [org.ovirt.engine.core.bll.AddImageFromScratchCommand] (org.ovirt.thread.pool-6-thread-9) [ab1e0be] Ending command with failure: org.ovirt.engine.core.bll.AddImageFromScratchCommand ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Error creating Disks
Hi Federico, Can you please take a look? - Original Message - From: Maurice James mja...@media-node.com To: Yair Zaslavsky yzasl...@redhat.com Cc: users@ovirt.org Sent: Monday, April 14, 2014 5:44:44 PM Subject: Re: [ovirt-users] Error creating Disks Logs attached - Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Maurice James mja...@media-node.com Cc: users@ovirt.org Sent: Monday, April 14, 2014 10:33:03 AM Subject: Re: [ovirt-users] Error creating Disks Hi, IMHO not enough info is provided, Can you please provide full engine.log and relevant vdsm.log? THanks, Yair - Original Message - From: Maurice James mja...@media-node.com To: users@ovirt.org Sent: Monday, April 14, 2014 5:00:37 PM Subject: [ovirt-users] Error creating Disks oVirt Engine Version: 3.4.1-0.0.master.20140412010845.git43746c6.el6 While attempting to create a disk on an NFS storage domain, it fails with the following error in the engine.log 2014-04-14 09:58:12,127 ERROR [org.ovirt.engine.core.vdsbroker.vdsbroker.HSMGetAllTasksStatusesVDSCommand] (DefaultQuartzScheduler_Worker-72) Failed in HSMGetAllTasksStatusesVDS method 2014-04-14 09:58:12,139 ERROR [org.ovirt.engine.core.bll.SPMAsyncTask] (DefaultQuartzScheduler_Worker-72) BaseAsyncTask::LogEndTaskFailure: Task ee6ce682-bd76-467a-82d2-d227229cb9de (Parent Command AddDisk, Parameters Type org.ovirt.engine.core.common.asynctasks.AsyncTaskParameters) ended with failure: 2014-04-14 09:58:12,159 ERROR [org.ovirt.engine.core.bll.AddDiskCommand] (org.ovirt.thread.pool-6-thread-9) [483e53d6] Ending command with failure: org.ovirt.engine.core.bll.AddDiskCommand 2014-04-14 09:58:12,212 ERROR [org.ovirt.engine.core.bll.AddImageFromScratchCommand] (org.ovirt.thread.pool-6-thread-9) [ab1e0be] Ending command with failure: org.ovirt.engine.core.bll.AddImageFromScratchCommand ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] does SPM can run over ovirt-engine host ?
Hi Tamer, Are you familiar with the all in one feature? http://www.ovirt.org/Feature/AllInOne I'm not sure if this can help you now, as you probably don't want to re-install ovirt, right? - Original Message - From: Tamer Lima tamer.amer...@gmail.com To: users@ovirt.org Sent: Monday, April 14, 2014 5:13:12 PM Subject: [ovirt-users] does SPM can run over ovirt-engine host ? Hello, When I create virtual machine from a template (centos6.5, 2 cores, 8GB mem, 500GB hd) this process takes almost 2 hours. I click on New VM button and just select the template and click ok. engine.log show me high network consumption (98%) between engine-server host and SPM host. I tried to make my engine-server host a spm host too, but without sucess. Does SPM can run over on the same ovirt-engine machine ? Am I make something wrong? Or create VM from template is really slow ? my servers : srv-0202 = ovirt-engine , vdsm srv-0203 = spm , vdsm srv-0204 = vdsm These servers are dell blades connected on a 100GB switch. thanks This is what I know about SPM: http://www.ovirt.org/Storage_-_oVirt_workshop_November_2011 = Storage Pool Manager (SPM) A role assigned to one host in a data center granting it sole authority over: - Creation, deletion, an dmanipulation of virtula disk images, snapshots and templates - Templates: you can create on VM as a golden image and provision to multiple VMs (QCOW layers) - Allocation of storage for sparse block devices (on SAN) - Thin provisinoing (see below) - Single metadata writer: - SPM lease mechanism (Chockler and Malkhi 2004, Light-Weight Leases for Storage-Cnntric Coordination) - Storage-centric mailbox - This role can be migrated to any host in data center ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Disable auth basic in API
- Original Message - From: Jose Manuel Marquez Alhambra jm.marq...@ayto-miguelturra.es To: users@ovirt.org Sent: Saturday, April 12, 2014 12:28:31 AM Subject: [ovirt-users] Disable auth basic in API Hi, I’m testing a connection broker that uses oVirt's API. At the moment, the connection broker doesn’t work because it doesn’t send the basic authentication to oVirt's API. I contacted the developers and they're investigating the error. While they solve the error, I would like to continue testing the connection broker. Is there any way to disable auth basic in oVirt's API? I’m using it in a testing environment (oVirt 3.4 at CentOS 6), so I’m not worried about security risks. Thank you. Regards, Jose Please elaborate more on what you're trying to achieve, I'm not sure I fully understood. Thanks in advance, Yair ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [Users] A mobile monitoring application for oVirt
Awesome, Do you need help in developing that? Are you getting the information via notification of events, or are you polling? - Original Message - From: Martin Betak mbe...@redhat.com To: users@ovirt.org Sent: Thursday, April 3, 2014 5:37:05 PM Subject: [Users] A mobile monitoring application for oVirt Hello oVirt users, I'm in the process of developing a simple monitoring application for oVirt on the Android platform. This is still under heavy development, but first usable version can be found at [1] Please note that this is still a development preview so it can be a little unstable and the UI design is not yet perfect (well ... design by programmer :-)) but I hope it could be useful. All comments, remarks, feature requests and general feedback are very welcome. You can file any issues directly at [2]. Below follow the details of using and configuring the app. Description: The goal of this project was to create a simple Android app that would enable oVirt admins to configure conditions on Vms, Clusters, or whole datacenter upon which they want to be notified. At the moment you can configure 3 types of Triggers: - when Vm CPU is over given level - when Vm Memory usage is over given level - when Vm enters given state (Down, Unknown ...) You can also choose if you want just simple standard android notification or also want the device to vibrate. You can also define all these triggers on per-Vm, per-Cluster or global level. Configuration: On first run the app will prompt you to enter connection parameters of your running oVirt engine instance. API URL should be in the form of http://host:port/ovirt-engine/api Username is user@domain i.e. admin@internal Password is ... well the above user's password :-) sadly only http (not https) is supported so far for endpoint url. If you have any more questions feel free to use this thread and I'll do my best to answer them :-) Best regards, Martin [1] https://github.com/matobet/moVirt/blob/master/moVirt/moVirt.apk [2] https://github.com/matobet/moVirt/issues ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] help.. vm trapped in limbo aka can't acquire exclusive lock
Can you please attach full engine.log? Many thanks, Yair - Original Message - From: Jeremiah Jahn jerem...@goodinassociates.com To: users@ovirt.org Sent: Thursday, April 10, 2014 2:18:48 AM Subject: [ovirt-users] help.. vm trapped in limbo aka can't acquire exclusive lock I can't start it, I can't migrate it. I tried to migrate it before, but the machine was stuck in a read only state. The migration failed because the machine it was being migrated to was also in a read only state. somewhere in the process the lock obviously got lost, and I can't get it back... 2014-04-09 18:11:16,675 INFO [org.ovirt.engine.core.bll.RunVmCommand] (ajp--127.0.0.1-8702-3) [58b40832] Failed to Acquire Lock to object EngineLock [exclusiveLocks= key: b0108933-deb2-4fa0-ae74-e10cefbb0cea value: VM , sharedLocks= ] 2014-04-09 18:11:16,676 WARN [org.ovirt.engine.core.bll.RunVmCommand] (ajp--127.0.0.1-8702-3) [58b40832] CanDoAction of action RunVm failed. Reasons:VAR__ACTION__RUN,VAR__TYPE__VM,ACTION_TYPE_FAILED_VM_IS_BEING_MIGRATED,$VmName web.judici ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Login Error using AD domain
Hi, Seems you still have some issue in your environment if this error is reported, you can try to kinit yourself and check. For that you will need an appropriate krb5.conf file to be placed at /etc/krb5.conf - and to perform kinit user@REALM the content of the krb5.conf file can be: [libdefaults] default_realm = YOUR_REALM dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = no no-addresses = false default_tkt_enctypes = arcfour-hmac-md5 udp_preference_limit = 1 - Original Message - From: Jeff Clay jeffc...@gmail.com To: users@ovirt.org Sent: Tuesday, April 8, 2014 12:09:23 AM Subject: [Users] Login Error using AD domain This was working fine, now I get the error below in engine.log when I try to log in. The clock times are the same. I even changed the time service on the domain controller to use the same NTP source as the engine server. I have rebooted the domain controller to make sure that all settings were applied, but I still get this error. I can log into our other AD domain without issue, the problem is just with this particular domain. 2014-04-07 16:05:07,453 ERROR [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-7) Kerberos error: Clock skew too great (37) 2014-04-07 16:05:07,454 ERROR [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-7) Authentication Failed. The Engine clock is not synchronized with directory services (must be within 5 minutes difference). Please verify the clocks are synchronized 2014-04-07 16:05:07,456 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp--127.0.0.1-8702-7) Failed ldap search server ldap://par-dc1:389 using user jc...@corporate.wellsco.net due to Authentication Failed. The Engine clock is not synchronized with directory services (must be within 5 minutes difference). Please verify the clocks are synchronized. We should try the next server ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Unable to log into user portal with user account
Hi, 1. When you log in to to the admin portal, and check the permissions the user have, does it have the UserRole? 2. Can you please provide us the following SQL queries (using psql) select user_name, groupIds from users; select id,name from ad_groups; 3. In addition - have you manually added your user to oVirt before the login attempt, or did you just add the mentioned group + gave it permissions? Thanks, Yair - Original Message - From: Jeff Clay jeffc...@gmail.com To: users@ovirt.org Sent: Monday, April 7, 2014 3:01:55 AM Subject: [Users] Unable to log into user portal with user account I have attached an AD domain. I can log in to the admin and user portals with the credentials used to add the domain. I made a new user on the AD for testing. I have added BuiltIn\Users and Domain\Users to the UserRole in Ovirt. When I try to log in to the UserPortal with a regular user account I get the error that the user isn't authorized to perform the action. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Unable to log into user portal with user account
- Original Message - From: Jeff Clay jeffc...@gmail.com To: Yair Zaslavsky yzasl...@redhat.com, users@ovirt.org Sent: Monday, April 7, 2014 4:28:09 AM Subject: Re: [Users] Unable to log into user portal with user account I added the domain using engine-manage-domains and then I went into the engine admin portal and added the groups I mentioned and assigned those groups to the UserRole for ovirt. I'm not familiar with psql at all, every iteration of running the queries you requested has failed. Ok, after you fail to login to userportal, can you login to the admin portal, and check for the user you tried to login with what are the permissions he has? Thanks, Yair On Sun, Apr 6, 2014 at 7:27 PM, Yair Zaslavsky yzasl...@redhat.com wrote: Hi, 1. When you log in to to the admin portal, and check the permissions the user have, does it have the UserRole? 2. Can you please provide us the following SQL queries (using psql) select user_name, groupIds from users; Should be select username, group_ids from users; - sorry, my bad. select id,name from ad_groups; 3. In addition - have you manually added your user to oVirt before the login attempt, or did you just add the mentioned group + gave it permissions? Thanks, Yair - Original Message - From: Jeff Clay jeffc...@gmail.com To: users@ovirt.org Sent: Monday, April 7, 2014 3:01:55 AM Subject: [Users] Unable to log into user portal with user account I have attached an AD domain. I can log in to the admin and user portals with the credentials used to add the domain. I made a new user on the AD for testing. I have added BuiltIn\Users and Domain\Users to the UserRole in Ovirt. When I try to log in to the UserPortal with a regular user account I get the error that the user isn't authorized to perform the action. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Error removing external group
Gilad, I suspect this is with users and groups upgraded from 3.3. Did you install engine of ovirt 3.3 and upgrade it to 3.4? - Original Message - From: Gilad Chaplik gchap...@redhat.com To: Kobi Ianku kia...@redhat.com Cc: Yair Zaslavsky yzasl...@redhat.com, users@ovirt.org, Maurice James midnightst...@msn.com Sent: Sunday, March 30, 2014 2:08:35 AM Subject: Re: [Users] Error removing external group - Original Message - From: Maurice James midnightst...@msn.com To: Yair Zaslavsky yzasl...@redhat.com Cc: Gilad Chaplik gchap...@redhat.com, users@ovirt.org Sent: Saturday, March 29, 2014 5:18:58 PM Subject: RE: [Users] Error removing external group I will give that a try let's test it tomorrow morning. we have the setup :-) -Original Message- From: Yair Zaslavsky [mailto:yzasl...@redhat.com] Sent: Friday, March 28, 2014 10:22 PM To: Maurice James Cc: Gilad Chaplik; users@ovirt.org Subject: Re: [Users] Error removing external group Maurice, What happens if you add the same group again and try to remove it again? - Original Message - From: Maurice James midnightst...@msn.com To: Yair Zaslavsky yzasl...@redhat.com Cc: Gilad Chaplik gchap...@redhat.com, users@ovirt.org Sent: Friday, March 28, 2014 8:07:37 PM Subject: RE: [Users] Error removing external group Yes it was in there from 3.3 Date: Thu, 27 Mar 2014 22:11:58 -0400 From: yzasl...@redhat.com To: midnightst...@msn.com CC: gchap...@redhat.com; users@ovirt.org Subject: Re: [Users] Error removing external group Maurice, Is the group that you removed was added from 3.3 , before you upgraded to 3.4? - Original Message - From: Maurice James midnightst...@msn.com To: Gilad Chaplik gchap...@redhat.com Cc: users@ovirt.org Sent: Thursday, March 27, 2014 5:52:04 PM Subject: Re: [Users] Error removing external group I yanked it out of the database. That part is all good now. Im not sure how it got stuck though Date: Thu, 27 Mar 2014 11:34:58 -0400 From: gchap...@redhat.com To: midnightst...@msn.com CC: users@ovirt.org; kia...@redhat.com Subject: Re: [Users] Error removing external group we're there for quota, we will take a look as well, it's 'on our way' :-) Thanks, Gilad. - Original Message - From: Maurice James midnightst...@msn.com To: users@ovirt.org Sent: Thursday, March 27, 2014 4:01:25 PM Subject: [Users] Error removing external group Version 3.4.0-1.el6 I'm attempting to remove a group from the users tab in the UI and I'm seeing the following error in the engine.log 2014-03-27 09:59:01,247 ERROR [org.ovirt.engine.core.bll.MultipleActionsRunner] (ajp--127.0.0.1-8702-8) [30e4f6c2] Failed to execute multiple actions of type: RemoveGroup: java.lang.NullPointerException at org.ovirt.engine.core.authentication.provisional.ProvisionalDi rectory.mapGroup(ProvisionalDirectory.java:211) [bll.jar:] at org.ovirt.engine.core.authentication.provisional.ProvisionalDi rectory.findGroup(ProvisionalDirectory.java:187) [bll.jar:] at org.ovirt.engine.core.bll.AdGroupsHandlingCommandBase.getAdGro up(AdGroupsHandlingCommandBase.java:49) [bll.jar:] at org.ovirt.engine.core.bll.AdGroupsHandlingCommandBase.getAdGro upName(AdGroupsHandlingCommandBase.java:38) [bll.jar:] at org.ovirt.engine.core.bll.AdGroupsHandlingCommandBase.getDescr iption(AdGroupsHandlingCommandBase.java:57) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.canDoActionOnly(CommandB ase.java:326) [bll.jar:] at org.ovirt.engine.core.bll.MultipleActionsRunner.execute(Multip leActionsRunner.java:76) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backe nd.java:549) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backe nd.java:565) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.j ava:519) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess orImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth odAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFac tory
Re: [Users] Cannot add IPA server to ovirt
- Original Message - From: René Koch rk...@linuxland.at To: Demeter Tibor tdeme...@itsmart.hu Cc: users@ovirt.org Sent: Friday, March 28, 2014 11:30:44 AM Subject: Re: [Users] Cannot add IPA server to ovirt On 03/28/2014 09:19 AM, Demeter Tibor wrote: Hi, I made an IPA server for testing purposes, but I cannot add to ovirt 3.4. The IPA server seems to be working good. When I add IPA to ovirt, I get this error mesage: [root@ovirttest etc]# engine-manage-domains add --domain=itsmart.local --user=admin --provider=ipa --ldap-servers=ldap1.itsmart.local,ldap2.itsmart.local No KDC can be obtained for domain itsmart.local I guess oVirt isn't able to find the Kerberos server due to missing SRV records? Seems to me this is the reason. Please check by dig SRV _kerberos._tcp.itsmart.local What does mean this? Can me help anyone? Thanks, Tibor ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Error removing external group
Maurice, What happens if you add the same group again and try to remove it again? - Original Message - From: Maurice James midnightst...@msn.com To: Yair Zaslavsky yzasl...@redhat.com Cc: Gilad Chaplik gchap...@redhat.com, users@ovirt.org Sent: Friday, March 28, 2014 8:07:37 PM Subject: RE: [Users] Error removing external group Yes it was in there from 3.3 Date: Thu, 27 Mar 2014 22:11:58 -0400 From: yzasl...@redhat.com To: midnightst...@msn.com CC: gchap...@redhat.com; users@ovirt.org Subject: Re: [Users] Error removing external group Maurice, Is the group that you removed was added from 3.3 , before you upgraded to 3.4? - Original Message - From: Maurice James midnightst...@msn.com To: Gilad Chaplik gchap...@redhat.com Cc: users@ovirt.org Sent: Thursday, March 27, 2014 5:52:04 PM Subject: Re: [Users] Error removing external group I yanked it out of the database. That part is all good now. Im not sure how it got stuck though Date: Thu, 27 Mar 2014 11:34:58 -0400 From: gchap...@redhat.com To: midnightst...@msn.com CC: users@ovirt.org; kia...@redhat.com Subject: Re: [Users] Error removing external group we're there for quota, we will take a look as well, it's 'on our way' :-) Thanks, Gilad. - Original Message - From: Maurice James midnightst...@msn.com To: users@ovirt.org Sent: Thursday, March 27, 2014 4:01:25 PM Subject: [Users] Error removing external group Version 3.4.0-1.el6 I'm attempting to remove a group from the users tab in the UI and I'm seeing the following error in the engine.log 2014-03-27 09:59:01,247 ERROR [org.ovirt.engine.core.bll.MultipleActionsRunner] (ajp--127.0.0.1-8702-8) [30e4f6c2] Failed to execute multiple actions of type: RemoveGroup: java.lang.NullPointerException at org.ovirt.engine.core.authentication.provisional.ProvisionalDirectory.mapGroup(ProvisionalDirectory.java:211) [bll.jar:] at org.ovirt.engine.core.authentication.provisional.ProvisionalDirectory.findGroup(ProvisionalDirectory.java:187) [bll.jar:] at org.ovirt.engine.core.bll.AdGroupsHandlingCommandBase.getAdGroup(AdGroupsHandlingCommandBase.java:49) [bll.jar:] at org.ovirt.engine.core.bll.AdGroupsHandlingCommandBase.getAdGroupName(AdGroupsHandlingCommandBase.java:38) [bll.jar:] at org.ovirt.engine.core.bll.AdGroupsHandlingCommandBase.getDescription(AdGroupsHandlingCommandBase.java:57) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.canDoActionOnly(CommandBase.java:326) [bll.jar:] at org.ovirt.engine.core.bll.MultipleActionsRunner.execute(MultipleActionsRunner.java:76) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:549) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:565) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:519) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13) [bll.jar:] at sun.reflect.GeneratedMethodAccessor139.invoke(Unknown Source) [:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final
Re: [Users] Cannot login with AD user after upgrade 3.3-3.4
Looks like a bug in upgrade from 3.3 to 3.4 I will file a bug on that. https://bugzilla.redhat.com/show_bug.cgi?id=1082195 - Original Message - From: Markus Stockhausen stockhau...@collogia.de To: ovirt-users users@ovirt.org Sent: Friday, March 28, 2014 11:56:32 PM Subject: Re: [Users] Cannot login with AD user after upgrade 3.3-3.4 Hello, my upgrade from 3.3 to 3.4 went quite well. Only problem afterwards is I'm unable to log into the engine with one of my attached AD users. Internal admin user works fine. system permissions before and after the upgrade are as follows: mydomain.com/builtin/Administrators SuperUser mydomain.com/builtin/Administrators PowerUserRole sorry for the noise. User/group assignments in the domain were changed in parallel. So user had effectively no access rights. Markus ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Cannot login with AD user after upgrade 3.3-3.4
Markus, which version of ovirt 3.3 did you upgrade from? and to which version of 3.4? - Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Markus Stockhausen stockhau...@collogia.de Cc: ovirt-users users@ovirt.org Sent: Saturday, March 29, 2014 6:01:24 AM Subject: Re: [Users] Cannot login with AD user after upgrade 3.3-3.4 Looks like a bug in upgrade from 3.3 to 3.4 I will file a bug on that. https://bugzilla.redhat.com/show_bug.cgi?id=1082195 - Original Message - From: Markus Stockhausen stockhau...@collogia.de To: ovirt-users users@ovirt.org Sent: Friday, March 28, 2014 11:56:32 PM Subject: Re: [Users] Cannot login with AD user after upgrade 3.3-3.4 Hello, my upgrade from 3.3 to 3.4 went quite well. Only problem afterwards is I'm unable to log into the engine with one of my attached AD users. Internal admin user works fine. system permissions before and after the upgrade are as follows: mydomain.com/builtin/Administrators SuperUser mydomain.com/builtin/Administrators PowerUserRole sorry for the noise. User/group assignments in the domain were changed in parallel. So user had effectively no access rights. Markus ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Error removing external group
Maurice, Is the group that you removed was added from 3.3 , before you upgraded to 3.4? - Original Message - From: Maurice James midnightst...@msn.com To: Gilad Chaplik gchap...@redhat.com Cc: users@ovirt.org Sent: Thursday, March 27, 2014 5:52:04 PM Subject: Re: [Users] Error removing external group I yanked it out of the database. That part is all good now. Im not sure how it got stuck though Date: Thu, 27 Mar 2014 11:34:58 -0400 From: gchap...@redhat.com To: midnightst...@msn.com CC: users@ovirt.org; kia...@redhat.com Subject: Re: [Users] Error removing external group we're there for quota, we will take a look as well, it's 'on our way' :-) Thanks, Gilad. - Original Message - From: Maurice James midnightst...@msn.com To: users@ovirt.org Sent: Thursday, March 27, 2014 4:01:25 PM Subject: [Users] Error removing external group Version 3.4.0-1.el6 I'm attempting to remove a group from the users tab in the UI and I'm seeing the following error in the engine.log 2014-03-27 09:59:01,247 ERROR [org.ovirt.engine.core.bll.MultipleActionsRunner] (ajp--127.0.0.1-8702-8) [30e4f6c2] Failed to execute multiple actions of type: RemoveGroup: java.lang.NullPointerException at org.ovirt.engine.core.authentication.provisional.ProvisionalDirectory.mapGroup(ProvisionalDirectory.java:211) [bll.jar:] at org.ovirt.engine.core.authentication.provisional.ProvisionalDirectory.findGroup(ProvisionalDirectory.java:187) [bll.jar:] at org.ovirt.engine.core.bll.AdGroupsHandlingCommandBase.getAdGroup(AdGroupsHandlingCommandBase.java:49) [bll.jar:] at org.ovirt.engine.core.bll.AdGroupsHandlingCommandBase.getAdGroupName(AdGroupsHandlingCommandBase.java:38) [bll.jar:] at org.ovirt.engine.core.bll.AdGroupsHandlingCommandBase.getDescription(AdGroupsHandlingCommandBase.java:57) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.canDoActionOnly(CommandBase.java:326) [bll.jar:] at org.ovirt.engine.core.bll.MultipleActionsRunner.execute(MultipleActionsRunner.java:76) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:549) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:565) [bll.jar:] at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:519) [bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_51] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13) [bll.jar:] at sun.reflect.GeneratedMethodAccessor139.invoke(Unknown Source) [:1.7.0_51] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_51] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
Re: [Users] External group permissions
- Original Message - From: Maurice James midnightst...@msn.com To: users@ovirt.org Sent: Wednesday, March 26, 2014 11:48:21 AM Subject: [Users] External group permissions I used engine-manage-domains to allow external authentication from active directory to my ovirt management ui. I assigned and ad group super user and power user permissions on the DC. I cant get any user to login to the webadmin portal. In the log says that they have no permission. Which right do I have to assign to the group in order for its member to be able to login to the web ui? 1. Which ovirt version are you using? 2. May I get the following results from postgresql ? a. select user_id, name, group_ids from users; b. select id from ad_groups; c. select select * from permissions; Many thanks, Yair ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] External group permissions
- Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Maurice James midnightst...@msn.com Cc: users@ovirt.org Sent: Wednesday, March 26, 2014 12:20:02 PM Subject: Re: [Users] External group permissions - Original Message - From: Maurice James midnightst...@msn.com To: users@ovirt.org Sent: Wednesday, March 26, 2014 11:48:21 AM Subject: [Users] External group permissions I used engine-manage-domains to allow external authentication from active directory to my ovirt management ui. I assigned and ad group super user and power user permissions on the DC. I cant get any user to login to the webadmin portal. In the log says that they have no permission. Which right do I have to assign to the group in order for its member to be able to login to the web ui? 1. Which ovirt version are you using? 2. May I get the following results from postgresql ? a. select user_id, name, group_ids from users; b. select id from ad_groups; Actually select id,name from ad_groups; c. select select * from permissions; Typo - I meant select * from permissions of course. Many thanks, Yair ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] API read-only access / roles
- Original Message - From: Itamar Heim ih...@redhat.com To: Sven Kieske s.kie...@mittwald.de, Users@ovirt.org List Users@ovirt.org, Yair Zaslavsky yzasl...@redhat.com Sent: Wednesday, March 26, 2014 12:46:28 PM Subject: Re: [Users] API read-only access / roles On 03/26/2014 06:39 AM, Sven Kieske wrote: Am 26.03.2014 11:21, schrieb Itamar Heim: On 03/26/2014 06:16 AM, Sven Kieske wrote: Hi, as we now have setup ldap, now the question which never got answered in the first place: 1. which rights do I need for read only access? as stated in BZ just login rights won't suffice. an admin role with login? why not? i thought we even pre-created such a default read only role by now: Bug 1038222 - [RFE] Read Only Admin role in AP (and you can create one yourself in 3.3 as well iirc) What would happen if I create this user myself and I want to upgrade to 3.4 somewhere in time? My guess would be the upgrade would fail if this user gets added automatically, because it is already there? its not a user. its a system defined role. you can create a user defined role (with a different name) you should do this via the GUI in 3.3, not via the db (then the uuid will be different as well, and no upgrade issues) Regarding your upgrade question - I would like to add that although we have a hard-coded internal admin user, your read only user (that is, a user you assigned the role you created) is not a hard coded one. I don't think we will go for a strategy of adding another hardcoded user for read only , so you should not have upgrade issues. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Logs using syslog
Hi Eduardo, We have an open RFE for that - https://bugzilla.redhat.com/show_bug.cgi?id=1078738 In general, JBoss AS 7.1 has moved from log4j logging to java.util logging and the syslog handler is not working anymore, From various sources I have read at the internet looks like the solution is to develop a custom syslog handler, pack it as a jboss module, and then configure it in share/ovirt-engine/services/ovirt-engine/ovirt-engine.xml.in - Original Message - From: Eduardo Ramos edua...@freedominterface.org To: users@ovirt.org Users@ovirt.org Sent: Thursday, March 13, 2014 5:12:25 PM Subject: [Users] Logs using syslog Hi all! Is there a way to log engine messages to a syslog? I searched for 'syslog' in /etc/ovirt-engine/*, but not results. Thanks ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Upgrade from 3.4.0-0.9 to 3.4.0-0.12
- Original Message - From: Maurice James midnightst...@msn.com To: users@ovirt.org Sent: Friday, March 7, 2014 1:49:23 AM Subject: [Users] Upgrade from 3.4.0-0.9 to 3.4.0-0.12 I got the following error while trying to upgrade ;; -HEADER- opcode: QUERY, status: NOERROR, id: 35994 psql:upgrade/03_04_0600_event_notification_methods.sql:10: ERROR: column notification_method contains null values Maurice, As far as I understand, this was resolved by https://bugzilla.redhat.com/show_bug.cgi?id=1072549 (CC'ing Eli who worked on this bug) Eli - I see the patch has script numbering of 03_05 - is there a plan to provide 03_04 script for that fix? Yair 2014-03-06 18:33:46 ERROR otopi.context context._executeMethod:161 Failed to execute stage 'Misc configuration': Command '/usr/share/ovirt-engine/dbscripts/upgrade.sh' failed to execute psql:/var/lib/ovirt-engine/backups/engine-20140306183332.9FQBdD.sql:16: ERROR: language plpgsql already exists 2014-03-06 18:42:58 ERROR otopi.plugins.ovirt_engine_common.base.core.misc misc._terminate:150 Execution of setup failed ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Permissions
- Original Message - From: Maurice James midnightst...@msn.com To: Yair Zaslavsky yzasl...@redhat.com Cc: Eli Mesika emes...@redhat.com, users@ovirt.org Sent: Wednesday, February 26, 2014 1:35:03 AM Subject: RE: [Users] Permissions Here are the logs that I grabbed while trying to move disks between storage domains It shows you have permissions issues. Just to make sure - is this a user that belongs to a group that has permissions? I think you wrote in previous emails it is. Can you, as suggested in previous email, try to perform this operation with a direct user that has the permissions (i.e - not inherited from a group?) Thanks, Yair -Original Message- From: Yair Zaslavsky [mailto:yzasl...@redhat.com] Sent: Monday, February 24, 2014 8:56 PM To: Maurice James Cc: Eli Mesika; users@ovirt.org Subject: Re: [Users] Permissions - Original Message - From: Maurice James midnightst...@msn.com To: Eli Mesika emes...@redhat.com Cc: users@ovirt.org Sent: Tuesday, February 25, 2014 3:33:52 AM Subject: Re: [Users] Permissions I will have to get the logs to you tomorrow when I go to the office. Until then, I have a user group from AD with the Power User and Super User permissions over the Data Center. They do not have permission to move disks between storage domains. Is this by design? Maurice, quick question here - when you write they don't have permissions do you mean to users of the group? if so, are you using ovirt engine 3.4 beta2 or a development environment? Perhaps the following bug has to do with what you're experiencing? https://bugzilla.redhat.com/1065615 Yair -Original Message- From: Eli Mesika [mailto:emes...@redhat.com] Sent: Sunday, February 23, 2014 3:34 PM To: Maurice James Cc: users@ovirt.org Subject: Re: [Users] Permissions - Original Message - From: Maurice James midnightst...@msn.com To: users@ovirt.org Sent: Friday, February 21, 2014 9:25:12 PM Subject: [Users] Permissions I have an LDAP user with Power User and Super User permissions at the Data Center level. Why dont I have permission to migrate disks between storage domains? Hi Maurice Can you elaborate please and attach a screen-shot of the error you got and the relevant engine.log oVirt Engine Version: 3.3.3-2.el6 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Creating oVirt users
Hi Drew, In order to be able to add users, you will have to use the engine-manage-domains tool and setup a domain. a domain uses kerberos authentication and LDAP for authorization. engine-manage-domains supports several ldap vendors , among are - active directory, IPA, RHDS, openLdap. once will add a user at a given domain that will be used to authenticate during searching for users and groups. For example, if you have a domain named example.com, which is which has a machine a.example.com which co-hosts ldap server (IPA) + KDC, and the dns records for kerberos and ldap are properly set, and you will like to add user named myuser then you can use : engine-manage-domains add --user=myuser --domain=example.com --provider=IPA. if you want to be able to login with this user, and not just with the admin of of internal, please also specify --add-permissions Hope this helps, Yair - Original Message - From: Drew Showers d...@augurworks.com To: users@ovirt.org Sent: Tuesday, February 25, 2014 1:49:45 AM Subject: [Users] Creating oVirt users Hello, How do I create users? I see where to add users and create roles, but can't figure out how to get users on the add user list. Thanks in advance! Drew ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Permissions
- Original Message - From: Maurice James midnightst...@msn.com To: Eli Mesika emes...@redhat.com Cc: users@ovirt.org Sent: Tuesday, February 25, 2014 3:33:52 AM Subject: Re: [Users] Permissions I will have to get the logs to you tomorrow when I go to the office. Until then, I have a user group from AD with the Power User and Super User permissions over the Data Center. They do not have permission to move disks between storage domains. Is this by design? Maurice, quick question here - when you write they don't have permissions do you mean to users of the group? if so, are you using ovirt engine 3.4 beta2 or a development environment? Perhaps the following bug has to do with what you're experiencing? https://bugzilla.redhat.com/1065615 Yair -Original Message- From: Eli Mesika [mailto:emes...@redhat.com] Sent: Sunday, February 23, 2014 3:34 PM To: Maurice James Cc: users@ovirt.org Subject: Re: [Users] Permissions - Original Message - From: Maurice James midnightst...@msn.com To: users@ovirt.org Sent: Friday, February 21, 2014 9:25:12 PM Subject: [Users] Permissions I have an LDAP user with Power User and Super User permissions at the Data Center level. Why dont I have permission to migrate disks between storage domains? Hi Maurice Can you elaborate please and attach a screen-shot of the error you got and the relevant engine.log oVirt Engine Version: 3.3.3-2.el6 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] API read-only access / roles
- Original Message - From: Juan Hernandez jhern...@redhat.com To: Sven Kieske s.kie...@mittwald.de, Users@ovirt.org List Users@ovirt.org Cc: Itamar Heim ih...@redhat.com, Yair Zaslavsky yzasl...@redhat.com Sent: Saturday, February 22, 2014 2:22:14 PM Subject: Re: [Users] API read-only access / roles On 02/20/2014 04:51 PM, Itamar Heim wrote: On 02/20/2014 05:24 PM, Sven Kieske wrote: Hi, is nobody interested in this feature at all? it would be a huge security gain, while lowering the bars for having a read only user if this could get shipped with 3.4: we are very interested, but we want to do this based on the authentication re-factoring, which in itself, barely made the 3.4 timeline. Yair - are we pluggable yet, that someone could add such a user by dropping a jar somewhere, or still on going work towards 3.5? As Juan mentioned in his email, it should be possible to plug in at 3.4 as well. However, we're changing the configuration format at 3.5 as we're changing the mechanism to use the extensions mechanism - both Directory and Authenticator are extensions, the configuration for directory (authorization extension) and authenciator (authentication extension) will look a bit different. Pugglability of authentication already works in 3.4. By default it uses the previous mechanism, but the administrator can change this. In order to change you need to create the /etc/ovirt-engine/auth.conf.d directory and then create inside one or more authentication profiles configuration files. An authentication profile is a combination of an authenticator and a directory. The authenticator is used to check the credentials (the user name and password) and the directory is used to search users and their details. For example, if you want to use local authentication (the users, passwords, and groups of the OS) you can create a local.conf file with the following content: # # The name of the profile. This is what will be displayed in the # combo box in the login page. # name=local # # Needed to enable the profile, by default all profiles are # disabled. # enabled=true # # The configuration of the authenticator used by the profile. The # type and the module are mandatory, the rest are optional and # the default values are as shown below. # authenticator.type=ssh authenticator.module=org.ovirt.engine.core.authentication.ssh # authenticator.host=localhost # authenticator.port=22 # authenticator.timeout=10 # # The configuration of the directory: # directory.type=nss directory.module=org.ovirt.engine.core.authentication.nss For this to work you need to install some additional modules, which aren't currently part of the engine. This is where plugabillity comes in place. This modules can be built externally. I created modules for SSH authentication and NSS (Name Service Switch) directory. The source is available here: https://github.com/jhernand/ovirt-engine-ssh-authenticator https://github.com/jhernand/ovirt-engine-nss-directory The NSS directory also needs JNA (Java Native Access): https://github.com/jhernand/ovirt-engine-jna-module Installing these extensions is very easy, just build from source and uncompress the generated .zip files to /usr/share/ovirt-engine/modules. In case you don't want to build from source you can use the RPMs that I created. The source for the .spec files is here: https://github.com/jhernand/ovirt-engine-rpms If you don't want to build form source you can use a yum repository that I created with binaries for Fedora 20 (should work in CentOS as well): http://jhernand.fedorapeople.org/repo So, to summarize: # cat /etc/yum.repos.d/my.repo . [my] name=my baseurl=http://jhernand.fedorapeople.org/repo enabled=1 gpgcheck=0 . # yum -y install \ ovirt-engine-ssh-authenticator \ ovirt-engine-nss-directory # mkdir -p /etc/ovirt-engine/auth.conf.d # cat /etc/ovirt-engine/auth.conf.d/local.conf . name=local enabled=true authenticator.type=ssh authenticator.module=org.ovirt.engine.core.authentication.ssh directory.type=nss directory.module=org.ovirt.engine.core.authentication.nss . # systemctl restart ovirt-engine Then you can login with admin@internal, add some local users and permissions, and then use them to login to the GUI or the API. Take into account that I created these modules as a way to test the new authentication infrastructure, so they may have limitations or issues. I appreciate any feedback. Am 19.02.2014 15:32, schrieb Sven Kieske: I just looked into my test vm with the 3.4 beta and I can't see such an user there. I created an RFE at: https://bugzilla.redhat.com/show_bug.cgi?id=1067036 I really hope this can get included in 3.4 (I know it's late) as it should be a very very minor change at engine-setup. Thanks Am 19.02.2014 14:55, schrieb Sven Kieske
Re: [Users] new oVirt look-and-feel -- feature page
Looks really great, can't wait to see more :) - Original Message - From: Greg Sheremeta gsher...@redhat.com To: users users@ovirt.org, a...@ovirt.org Sent: Tuesday, February 18, 2014 11:19:18 PM Subject: new oVirt look-and-feel -- feature page Hi, Please check out the feature page for the new oVirt look-and-feel, PatternFly based: http://www.ovirt.org/Features/NewLookAndFeelPatternFlyPhase1. Comments are welcome. Thanks, Greg Greg Sheremeta Red Hat, Inc. Sr. Software Engineer, RHEV Cell: 919-807-1086 gsher...@redhat.com ___ Arch mailing list a...@ovirt.org http://lists.ovirt.org/mailman/listinfo/arch ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] ovirt test day 2
Hi, I tested the following: https://bugzilla.redhat.com/1053646easily collapsible left-pane - was not included in test day 1 (I was supposed to test it back then) - works fine. https://bugzilla.redhat.com/1054209 - read only disks - works fine. https://bugzilla.redhat.com/1054219 - Only comment is - IMHO it should be considered having disks marked as read only (where applicable) in templates - disks and perhaps also when showing the disks of each snapshot. other bugs opened: https://bugzilla.redhat.com/show_bug.cgi?id=1064601 Yair ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] ovirt 3.4.0-0.5.beta1 and OpenLDAP groups
- Original Message - From: Winfried de Heiden - Voorwinde w...@dds.nl To: users@ovirt.org Sent: Sunday, February 2, 2014 5:09:01 PM Subject: [Users] ovirt 3.4.0-0.5.beta1 and OpenLDAP groups Hi All, I managed to use OpenLDAP to integrate with oVirt 3.4.0-0.5.beta1. For this, I followed (more or less, I used a Raspberry Pi and Raspbian) instructions as found on http://www.ovirt.org/LDAP_Quick_Start It all seems to work well, I am able to connect to a domain, login etc. and assign some roles to users. However, I cannot use (ldap) groups it seems. I cann add a group in the ovirt gui, but (in the tab General) Active remain false. A I missing something...? HI Winfried, I have a question for you - When you add the group , can you use one of its user to perform an operation the group has permission to perform? for example, if the group has login permissions, can you login with a user that belongs to the group? I'm looking at the code, and this might be an issue that the active flag is simply not set on a group. Winfried ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] ovirt 3.4.0-0.5.beta1 and OpenLDAP groups
- Original Message - From: Itamar Heim ih...@redhat.com To: Yair Zaslavsky yzasl...@redhat.com, Winfried de Heiden - Voorwinde w...@dds.nl Cc: users@ovirt.org Sent: Monday, February 3, 2014 1:32:00 AM Subject: Re: [Users] ovirt 3.4.0-0.5.beta1 and OpenLDAP groups On 02/02/2014 11:01 PM, Yair Zaslavsky wrote: - Original Message - From: Winfried de Heiden - Voorwinde w...@dds.nl To: users@ovirt.org Sent: Sunday, February 2, 2014 5:09:01 PM Subject: [Users] ovirt 3.4.0-0.5.beta1 and OpenLDAP groups Hi All, I managed to use OpenLDAP to integrate with oVirt 3.4.0-0.5.beta1. For this, I followed (more or less, I used a Raspberry Pi and Raspbian) instructions as found on http://www.ovirt.org/LDAP_Quick_Start It all seems to work well, I am able to connect to a domain, login etc. and assign some roles to users. However, I cannot use (ldap) groups it seems. I cann add a group in the ovirt gui, but (in the tab General) Active remain false. A I missing something...? HI Winfried, I have a question for you - When you add the group , can you use one of its user to perform an operation the group has permission to perform? for example, if the group has login permissions, can you login with a user that belongs to the group? I'm looking at the code, and this might be an issue that the active flag is simply not set on a group. Yair - why would active be set on a group? Itamar - I don't think there is a sense in that. At engine-core- not being set. At UI - I think the code should be revisited, in AdElementListModel there are places where we create user objects and store in side them group information. later on we store these objects at the groups collection of the model, and this model is being used to present the list of users and groups. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Ovirt 3.4 - Fail to set permissions to VM
Yes, A fix was already submitted for review. - Original Message - From: Jonas Israelsson jo...@israelsson.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org, Juan Hernandez jhern...@redhat.com, Yair Zaslavsky yzasl...@redhat.com Sent: Wednesday, January 29, 2014 2:44:46 PM Subject: Re: [Users] Ovirt 3.4 - Fail to set permissions to VM On 29/01/14 07:29, Oved Ourfalli wrote: Hi Jonas Apparently there is a quite new bug open about this issue (https://bugzilla.redhat.com/1057147). CC-ing Juan and Yair - perhaps the'll know what's the source of the issue, as I think they were the last ones to make changes in it. Jupp, got it. Sorry for not checking there first.. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Manage domains
- Original Message - From: Itamar Heim ih...@redhat.com To: Maurice James midnightst...@msn.com, users@ovirt.org, Barak Azulay bazu...@redhat.com, Juan Antonio Hernandez Fernandez jhern...@redhat.com Sent: Thursday, January 23, 2014 11:03:48 PM Subject: Re: [Users] Manage domains On 01/23/2014 08:06 PM, Maurice James wrote: No matter what provider I use, it keeps complaining about kerberos From: midnightst...@msn.com To: users@ovirt.org Date: Thu, 23 Jan 2014 12:13:03 -0500 Subject: [Users] Manage domains In version 3.4. The authentication has been refactored. How do I add 389-ds as my authentication backend without the use of Kerberos? This was supposed to be possible in 3.4 H ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users the refactoring happened, I'm not sure the new functionality made it. maybe if its low risk could be looked at for following through. Hi, the refactoring included introduction of new infrastructure to support loose coupling between authentication and directory related operations. It also includes a tested bridge - between the new interfaces and the old code. The new ldap directory code is still under development. manage-domains is still working only with Kerberos for authentication. You can see more at http://www.ovirt.org/Features/Authentication-Rewrite You will see that what I described in this email is related to Phase 1 Hope this helps , Yair ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Problem adding an IPA server to oVirt
Hi Adam, Looks like you have problems in running the Root DSE query. I would like you to try and troubleshoot by comparing this to the execution of - ldapsearch -x -h YOUR_IPA_SERVER_IP_ADDRESS -s base - Original Message - From: Adam Litke ali...@redhat.com To: users@ovirt.org Sent: Tuesday, January 21, 2014 12:12:03 AM Subject: [Users] Problem adding an IPA server to oVirt Hi, I am trying to set up an oVirt environment with an IPA provider and am hitting a GeneralException that I am unsure how to debug. I have configured freeIPA in a Fedora VM using the supplied configuration script and I can 'kinit admin' from the ovirt-engine machine. When I run the manage-domains command I get the following exception: I didn't realize it, but I had to add _kerberos srv records to my dnsmasq.conf in order for the script to even find my KDC. ./engine-manage-domains -action=add -provider=IPA -domain=alitke.net -user=admin -interactive -ldapServers=directory.alitke.net Enter password: General error has occurednull java.lang.NegativeArraySizeException at sun.security.jgss.krb5.CipherHelper.aes256Encrypt(CipherHelper.java:1367) at sun.security.jgss.krb5.CipherHelper.encryptData(CipherHelper.java:722) at sun.security.jgss.krb5.WrapToken_v2.init(WrapToken_v2.java:200) at sun.security.jgss.krb5.Krb5Context.wrap(Krb5Context.java:861) at sun.security.jgss.GSSContextImpl.wrap(GSSContextImpl.java:385) at com.sun.security.sasl.gsskerb.GssKrb5Base.wrap(GssKrb5Base.java:104) at com.sun.jndi.ldap.sasl.SaslOutputStream.write(SaslOutputStream.java:89) at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:430) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:555) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) at org.ovirt.engine.core.ldap.RootDSEData.init(RootDSEData.java:52) at org.ovirt.engine.core.utils.kerberos.JndiAction.getDomainDN(JndiAction.java:254) at org.ovirt.engine.core.utils.kerberos.JndiAction.run(JndiAction.java:87) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:356) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.promptSuccessfulAuthentication(KerberosConfigCheck.java:174) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.validateKerberosInstallation(KerberosConfigCheck.java:150) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.checkInstallation(KerberosConfigCheck.java:135) at org.ovirt.engine.core.domains.ManageDomains.checkKerberosConfiguration(ManageDomains.java:739) at org.ovirt.engine.core.domains.ManageDomains.testConfiguration(ManageDomains.java:909) at org.ovirt.engine.core.domains.ManageDomains.addDomain(ManageDomains.java:531) at org.ovirt.engine.core.domains.ManageDomains.runCommand(ManageDomains.java:308) at org.ovirt.engine.core.domains.ManageDomains.main(ManageDomains.java:205) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.jboss.modules.Module.run(Module.java:260) at org.jboss.modules.Main.main(Main.java:291) Failure while testing domain %1$s. Details: %2$s: One of the parameters for this error is null and no default message to show Any thoughts on what might be going wrong? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] New user to oVirt, and I haz a sad so far...
Gabi, why not share with us engine.log for your failure of adding the disk? Yair - Original Message - From: Gabi C gab...@gmail.com To: Will Dennis (Live.com) willardden...@live.com Cc: users@ovirt.org Sent: Friday, January 17, 2014 9:53:55 AM Subject: Re: [Users] New user to oVirt, and I haz a sad so far... 've been there! :-D I mean exactly same issuse you had on Centos, I had on Fedora 19. Did you disable selinux on nodes? 'cause that's what is causing SSh connection closing My setup: 1 engine on vmware - fedora 19, up-to-date 2 nodes on IBM x series 3650 - fedora 19 based -oVirt Node - 3.0.3 - 1.1.fc19 with nodes beig in glusterfs cluster also. Right now, I'm banging my head against Operation Add-Disk failed to complete. , message I have got after adding a new virtual machine and try to addd its disk On Fri, Jan 17, 2014 at 6:08 AM, Will Dennis (Live.com) willardden...@live.com wrote: Hi all, ready for a story? (well, more of a rant, but hopefully it will be a good UX tale, and may even be entertaining.) Had one of the groups come to me at work this week and request a OpenStack setup. When I sat down and discussed their needs, it turns out that they really only need a multi-hypervisor setup where they can spin up VMs for their research projects. The VMs should be fairly long-lived, and will have persistent storage. Their other request is that the storage should be local on the hypervisor nodes (they plan to use Intel servers with 8-10 2TB drives for VM storage on each node.) They desire this in order to keep the VM I/O local - they do not have a SAN of any sort anyhow, and they do not care about live migration, etc. In any case, knowing that they did not want to afford a VMware setup (which is what I'm used to using), I proposed using oVirt to fill their needs, having heard and read up on it a bit (It's open-source VMware, right?) even though I had not used it before (I have however made single-node KVM hypervisors for their group before, utilizing Open vSwitch, libvirt, virt-manager etc., so I'm not completely ignorant of KVM/libvirt etc.) In any case, I took one of their older servers which was already running CentOS 6.5, installed the requisite packages on it, and in short order had an engine server up and running (oVirt 3.3.2). That seems to have been the easy part :-/ Now came the installation of a hypervisor node. I downloaded and burned an ISO of the latest oVirt node installer (ovirt-node-iso-3.0.3-1.1.vdsm.fc19.iso) and tried to install it on one of their target Intel servers. On the 1st try I got to the end of the setup TUI, invoked the Install link, and was promptly thrown an error (sorry, but forgot what it was, something like press X for a command prompt, or Reboot.) No problem, I rebooted, selected booting off the CD again, waited until the TUI came up, and when I tried to move past the first screen, it threw me out to a login prompt. OK, enough of that (the server takes a long time to reboot, and then boot off the CD) - I then thought I would try it on a VMware Workstation VM (yes, I get the irony, but VMware wkstn can handle nested virt, so it's a great testbed platform for OpenStack, etc.) because that would install a heck of a lot faster. That went a lot better - got the oVirt node 3.0.3 installed on the first try. More pain was soon to follow, however. I logged in and started configuring the node. The TUI was easy enough - much like an ESXi node ;) I set the NIC to IPv4 static, entered in the correct IP info, registered a DNS name for the IP I had assigned, and then tested pinging the engine, all was good. I then moved on to the section where you define the engine. I entered in the FQDN of the engine, verified the key fingerprint, and clicked the Save and Register link at the bottom. That seemed to work, so I completed the rest of the TUI, and then looked at the oVirt engine web UI. There was my new node, ready for authorization. I clicked the link to authorize it, and after a while, the UI came back with Install Failed status. Hmmm. So I went back to the node's TUI, and now some of the screens said that the IP addr was unconfigured? I went then to the Network screen, and sure enough, the NIC at the bottom showed Unconfigured. WTF? So I went and entered in the correct info back in the IPv4 section, and then arrowed down to the Save link and clicked it - and the next screen said something like No info needing changes, nothing to do. Wh? Went back to the network setup screen, NIC still showing Unconfigured even though the IPv4 info still was there. I did a ping test at this point from the Ping link on the network setup page, and what do you know - I could still ping IP's (the engine, the default gw, etc.) But as I moved around the TUI, other screens still said that the network was
Re: [Users] Ovirt Engine single point of failure
- Original Message - From: Hans Emmanuel hansemman...@gmail.com To: users@ovirt.org Sent: Friday, January 10, 2014 7:40:23 AM Subject: [Users] Ovirt Engine single point of failure Hi all , I am planning to setup an ovirt cluster with two hosts + 1 ovirt engine . But this setup have a draw back of single point of failure chance for ovirt engine. So what happens if ovirt engine goes down ? All VMs will be down ? Or it wont affect the ovirt nodes and VMs ? Please advice / Hi, If ovirt engine crashes, your VMs will not go down. -- *Hans Emmanuel* *NOthing to FEAR but something to FEEL..* ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Ovirt Engine single point of failure
Alan, IMHO this is not the scenario described in the original question - or maybe I did not understand well the original question? I assume the original question is about a scenario where engine restarts, and not about a catastrophic failure as you describe here. - Original Message - From: Alan Murrell li...@murrell.ca To: users@ovirt.org Sent: Friday, January 10, 2014 9:01:14 AM Subject: Re: [Users] Ovirt Engine single point of failure OK, so just so I understand this, in the described scenario of three servers: one management server/engine and two nodes, let's say the management server suffers catastrophic hard disk failure where no data can be recovered from it, nor were any backups made. Is it possible to perform a new installation of ovirt-engine, add the two existing nodes, and everything just works? Or would you at least need to do some reconfiguring (e.g., re-add the logical networks etc.) Basically, even though the nodes were part of the now-dead ovirt-engine, there would be no problem in getting them added in to the newly-installed ovirt-engine? -Alan ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Authentication
Work is in progress, led by Juan Hernandez (CC'ed) See - http://gerrit.ovirt.org/#/q/status:open+project:ovirt-engine+branch:master+topic:directory_refactoring,n,z - Original Message - From: Maurice James midnightst...@msn.com To: users@ovirt.org Sent: Monday, December 16, 2013 4:12:47 PM Subject: [Users] Authentication I was curious to know how is the update of the authentication options coming. Right now the only option for external authentication involves the use of Kerberos. I am interested in using an LDAP only model (389-ds) without Kerberos. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users