Re: [ovirt-users] Ovirtmgmt, webinterfaces and VLANs

2017-08-25 Thread Alexis HAUSER
different FQDN are necessary, right ? I heard HA requires to access to the engine FQDN... Do you have any idea how to solve this situation ? Alexis On 24 August 2017 at 15:39, Alexis HAUSER <alexis.hau...@imt-atlantique.fr> wrote: > > In the way Ovirt is currently designed, is

[ovirt-users] Ovirtmgmt, webinterfaces and VLANs

2017-08-24 Thread Alexis HAUSER
Hi, In the way Ovirt is currently designed, is there a way to separate the following elements in different VLANs : 1) Communication betweem nodes (hypervisors) and engine (manager) 2) Access to webadmin interface 3) access to user web interface It seems that the following elements all

[ovirt-users] 4.0 : hosts connecting/non responsive and data domains inactive

2017-05-11 Thread Alexis HAUSER
After rebooting the manager VM, hosts are connecting/non responsive and data domains inactive. Here are the engine and vdsmd logs. Any ideas ? Engine logs : 2017-05-11 17:28:09,302 WARN [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (DefaultQuartzScheduler5)

[ovirt-users] Bonding type

2017-04-25 Thread Alexis HAUSER
Hi, I would like to bond 2 NICS from RHV side. There 2 links would go on 2 separates switch. Which kind of bond would you advice me to use (betweem the 4 proposed mode or the custom mode) ? Regardes ___ Users mailing list Users@ovirt.org

[ovirt-users] Extending data domain size

2017-04-21 Thread Alexis HAUSER
Hi, Is it possible in ovirt-4.0 to extend the size of a data domain ? In theory it should be possible with LVM to do it, but does ovirt provide this functionality ? Regards ___ Users mailing list Users@ovirt.org

[ovirt-users] Networking setup

2017-04-12 Thread Alexis HAUSER
Hi, I have an Ovirt installation with 3 nodes (5 soon), containing 6 network cards (8 soon), a multipath iSCSI array and I would like to know how you would advice me to choose which link to bond or not. I thought about : 1+2 : ovirtmgmt (bond) 3+4 : iSCSI (multipath) 5 : VM and Display

[ovirt-users] Separating NFS network flow

2017-04-06 Thread Alexis HAUSER
Hi, Is there a way to separate the network flow from NFS ? I know it is possible to do it with VM, display, ovirtmgmt, iSCSI, but what about NFS ? Does it use ovirtmgmt ? Thanks in advance ___ Users mailing list Users@ovirt.org

[ovirt-users] VM Permissions (3.6)

2017-03-06 Thread Alexis HAUSER
hi, I'm trying to figure out how to manage VM permissions with ovirt. >From what I've understood, if you add a user to user role in the system >preferences, this user can access every VM and resources on the cluster, with >the associated permissions; right ? Now, if I want to control who has

[ovirt-users] VM Permissions (3.6)

2017-03-05 Thread Alexis HAUSER
hi, I'm trying to figure out how to manage VM permissions with ovirt. >From what I've understood, if you add a user to user role in the system >preferences, this user can access every VM and resources on the cluster, with >the associated permissions; right ? Now, if I want to control who has

Re: [ovirt-users] 3.6 : Hosted engine High Availability

2016-08-30 Thread Alexis HAUSER
Ok, now after removing it, it auto-adds itself to the web interface. I tries to "install" and fails with just after the step "installating host stage: termination" "host is not rechable". I can ping it and its FQDN from the engine and other host. Any ideas ?

Re: [ovirt-users] 3.6 : Hosted engine High Availability

2016-08-29 Thread Alexis HAUSER
>No, in both the case it's referring to the host you are going to add to >your engine (the host where you are running hosted-engine --deploy): the >first one is a label to easily identify your host, the second one the >address to reach it. Thanks, then it means only the default label is wrong,

Re: [ovirt-users] 3.6 : Hosted engine High Availability

2016-08-29 Thread Alexis HAUSER
lla about this and if not I'll open one. - Mail original - De: "Simone Tiraboschi" <stira...@redhat.com> À: "Alexis HAUSER" <alexis.hau...@telecom-bretagne.eu> Cc: "users" <users@ovirt.org> Envoyé: Jeudi 25 Août 2016 16:56:17 Objet: Re: [ovirt-user

Re: [ovirt-users] 3.6 : Hosted engine High Availability

2016-08-25 Thread Alexis HAUSER
> This is that part that confused me a bit : I need to set up a new FQDN for > the engine, but a different one right ? So each engine on each node needs a > different FQDN ? > No, you have just to use a sensate globally resolvable FQDN for your > additional host: 'localhost.localdomain' is

Re: [ovirt-users] 3.6 : Hosted engine High Availability

2016-08-25 Thread Alexis HAUSER
>This instead is an issue of your env: >your additional host is still named 'localhost.localdomain': of course >the engine VM will be able to resolve it but it will not reach your >host; in that case the engine will just try to add the engine VM >itself as an host creating a mess. >Since we saw

Re: [ovirt-users] 3.6 : Hosted engine High Availability

2016-08-25 Thread Alexis HAUSER
>No, it's not: you have to point to the same storage server you used >for the first host, hosted-engine-setup will detect the existing >installation and it will ask if you are going to add an additional >host. >At that point it will consume the answer file saved on the shared storage. This is

[ovirt-users] 3.6 : Hosted engine High Availability

2016-08-25 Thread Alexis HAUSER
Hi, I'm trying to "deploy" the hosted engine (3.6) on a second node for HA. I used hosted-engine --delpoy, answering the script questions it's a new host setup. However it is requesting me for a FQDN, an engine name and a password for admin@internal. Is this a normal behavior ? It seems

[ovirt-users] 3.6 : VLAN / non VLAN

2016-08-18 Thread Alexis HAUSER
hi, I'd like to know what happens when you create a new network, tagged with VLAN for example 25 and using em2 : - the packets outgoing from em2.25 are tagged, right ? - the packets outgoing from em2 are tagged or not ? - the result is packets inside ovirt are tagged, but when you go out of it

Re: [ovirt-users] 3.6 : iSCSI LUN not detected

2016-08-11 Thread Alexis HAUSER
> Yes, you cannot remove the master storage domain, so you need to create > another > domain and make it the master. Then you will be able to detach the > original storage > domain properly. > Nir I would love to do that...But it's not possible as long as the master data domain is in

Re: [ovirt-users] 3.6 : iSCSI LUN not detected

2016-08-11 Thread Alexis HAUSER
> Hi Alexis > Were you able to resolve your storage LUN issue? > Regards, > Kevin I am trying the suggested solution on this post by Nir Soffer : reconnect the storage to the older hypervisor and detach it correctly...But it doesn't work : >From the DC : 1. I set the storage (which is

Re: [ovirt-users] 3.6 : iSCSI LUN not detected

2016-08-10 Thread Alexis HAUSER
d_storage :) - Mail original - De: "Simone Tiraboschi" <stira...@redhat.com> À: "Alexis HAUSER" <alexis.hau...@telecom-bretagne.eu> Cc: "users" <users@ovirt.org> Envoyé: Mercredi 10 Août 2016 11:37:15 Objet: Re: [ovirt-users] 3.6 : iSCSI L

[ovirt-users] 3.6 : iSCSI LUN not detected

2016-08-10 Thread Alexis HAUSER
Hi, I am reinstalling a new Node with a new hosted-engine and I would like to import an iSCSI storage from a previous ovirt installation. However, I can see all LUN present on that iSCSI but the one I want... I checked from the iSCSI array and this disk still exists, it's just not detected

Re: [ovirt-users] 3.6 : Hosted_Storage unattached

2016-08-09 Thread Alexis HAUSER
Actually, I solved my problem by solving a bug I was affected by (SELinux preventing to add storage domain), removing the unattached hosted_storage and restarting ovirt-engine. It added it automatically with the VM as usual :) - Mail original - De: "Alexis HAUSER" &

[ovirt-users] 3.6 : Hosted_Storage unattached

2016-08-09 Thread Alexis HAUSER
Hi, I installed a new node with a new hosted engine, version 3.6, added a data domain, but I can't see the hosted_storage. I tried to use the "import storage" on it but it keeps having unattached status, and in the logs I can see : "2016-08-09 05:39:32,821 WARN

Re: [ovirt-users] 3.6 : Moving the hosted-engine to another storage

2016-07-28 Thread Alexis HAUSER
>Unfortunately we know that migrating from HE to HE is not as simple as >from physical to HE: >https://bugzilla.redhat.com/show_bug.cgi?id=1240466#c21 >In general the issue is that the DB backup form the old hosted-engine >VM contains a lot of references to the previous hosted-engine env and >you

[ovirt-users] 3.6 : Moving the hosted-engine to another storage

2016-07-27 Thread Alexis HAUSER
Hi, I'm currently using an NFS storage for my hosted-engine. However, this NFS server will be removed soon. I'd like to move the hosted-engine to an iSCSI storage. How can I proceed ? The options for moving/copying VM disk don't seem to be available for the hosted engine in the web interface.

Re: [ovirt-users] Network settings for multiple hosts

2016-07-22 Thread Alexis HAUSER
Ok I start to understand where was the problem : [81387.469731] CPU: 1 PID: 20688 Comm: umount Tainted: G I 3.10.0-327.13.1.el7.x86_64 #1 [81387.469733] Hardware name: Dell Inc. PowerEdge R610/086HF8, BIOS 1.2.6 07/17/2009 [81387.469734]

[ovirt-users] Network settings for multiple hosts

2016-07-22 Thread Alexis HAUSER
Hi, Since I use several hosts with ovirt, I get very unstable reactions everytime I change anything about networks... What are the requirement for networks when using multiple hosts ? If I add a logical network to a NIC to my first host, the second host becomes non operationnal...Do I really

Re: [ovirt-users] ovirt-3.6 : Hosted-engine crashed and can't restart

2016-07-21 Thread Alexis HAUSER
> The issue seams here: please ensure that you can correctly connect > your storage server. > Can you please attach vdsm logs? Yes actually I figured out it was a DNS problem : as mentioned in the messages from the log I provided, it wasn't able to reach the NFS where the engine was (as it

[ovirt-users] ovirt-3.6 : Hosted-engine crashed and can't restart

2016-07-20 Thread Alexis HAUSER
After assigning an IP adress to a VLAN network (it was using DHCP by default) that was on the same NIC than ovirtmgmt, my hosted-engine crashed and can't start again...I have no idea how to fix this. I had a similar issue some months ago but with a different error. I tried to restart the ha

Re: [ovirt-users] Migration Failure Due to network

2016-07-20 Thread Alexis HAUSER
> Use "Clusters" -> "Logical Networks" -> "Manage Networks" for assigning > network for migrations. It's ovirtmgmt by default. Note that migration > network has to have IPs on hosts. Nice, do you think I should dedicate a link only for migration, for safety ? >Hosts have VDSM configuration

[ovirt-users] Migration Failure Due to network

2016-07-19 Thread Alexis HAUSER
Here are the two Events I can see : Host Hypervisor has network interface which exceeded the defined threshold [95%] (em1: transmit rate[98%], receive rate [4%]) Migration failed (VM: Clone-ubuntu, Source: Hypervisor, Destination: hypervisor22). Any ideas ? It it not the first time I have

Re: [ovirt-users] Host non operationnal due to an iSCSI problem

2016-07-19 Thread Alexis HAUSER
>Normally you should not have to do that. It could be that it was not >allowed access, and you'd have to leave it a while for the host to retry. It looped on retrying to make it work for 24 hours...It was authorized. But actually when I first add the host, it didn't have authorization. I added

Re: [ovirt-users] Host non operationnal due to an iSCSI problem

2016-07-19 Thread Alexis HAUSER
>I'm still finding this hard to understand. If you are using iSCSI, you >/are/ using a server (called the "Target" in SCSI speak). Is the iSCSI >storage actually on the first host? It's a Dell bay (or "storage array", I think that's the correct name in english...) > How did you actually do

Re: [ovirt-users] Host non operationnal due to an iSCSI problem

2016-07-19 Thread Alexis HAUSER
> I don't understand. iSCSI is a network storage protocol. What do you > mean by "I access it directly"? When you set up the first host with an > iSCSI storage domain, you would have had to point it to an IP address, > "discover" the LUNs and then attach to them. This sets up the domain. As I

Re: [ovirt-users] Host non operationnal due to an iSCSI problem

2016-07-19 Thread Alexis HAUSER
>Sounds like a possible networking problem. Have you assigned IP >addresses to the storage interfaces on this new host? hum, What do you mean by storage interfaces ? The other host on the same network can access it. > If you're using > VLANs, are they set up correctly on your switch ports

[ovirt-users] Host non operationnal due to an iSCSI problem

2016-07-19 Thread Alexis HAUSER
Hi, I just added a second host but it can't become operational, because it can't access to the iSCSI storage domain. My first question : is it normal or not, is RHEV really able to manage the fact an iSCSI LUN can be accessed from multiple hosts ? I don't find anything in the logs, except

[ovirt-users] Kernel related errors with Fedora 24 Guest

2016-07-13 Thread Alexis HAUSER
This doesn't looks really good, right ? Should I report that somewhere ? I actually had this bug when using RHEL7 profile for a Fedora 24 (to provide enough vram, because the default with other profiles is really lower). [Wed Jul 13 11:00:12 2016] [ cut here ] [Wed Jul

Re: [ovirt-users] Changing video memory size

2016-07-12 Thread Alexis HAUSER
> That's right. You can add similar lines for other OSes as needed. Is there a way to change it for all os in a row ? something like "os.all.devices.display.vramMultiplier.value = 2" How is that memory used on the hypervisor ? Will this use the physical vram for the same amount or will it

Re: [ovirt-users] Changing video memory size

2016-07-12 Thread Alexis HAUSER
> Look for vramMultiplier in osinfo-defaults.properties file. > The following formula applies: vram_size = vramMultiplier * vgamem > You must restart Engine to apply the new setting. The only thin I found about it in that file is : os.rhel_7x64.devices.display.vramMultiplier.value = 2 I am not

[ovirt-users] Changing video memory size

2016-07-11 Thread Alexis HAUSER
Hi, I would like to change the video memory size (vram_size parameter), how can I proceed ? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Stuck process in the "Tasks" tab (webadmin interface)

2016-07-08 Thread Alexis HAUSER
3.6.5 So this is a bug ? - Mail original - De: "Arman Khalatyan" <arm2...@gmail.com> À: "Alexis HAUSER" <alexis.hau...@telecom-bretagne.eu> Cc: "users" <users@ovirt.org> Envoyé: Vendredi 8 Juillet 2016 09:38:21 Objet: Re: [ovirt-u

Re: [ovirt-users] Stuck process in the "Tasks" tab (webadmin interface)

2016-07-06 Thread Alexis HAUSER
> Restart engine, or run engine-setup it will clear Zombie tasks. Still having this stuck task since may 20, restarting engine didn't fix it. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Can't move VMs from a data domain to another

2016-07-06 Thread Alexis HAUSER
Hi, I was using a NFS storage and I'm now moving all VMs from there to an iSCSI. I successfully moved most VMs disks but now when I try to move those made from template using thin and VMs from pool, I get the following error : "the template that this VM is based on doesn't exit on any storage

Re: [ovirt-users] Ovirt-guest-agent intégration in Ubuntu 16.04 Xenial

2016-07-06 Thread Alexis HAUSER
Sorry it's a standard Ubuntu, not Ubuntu-Mate ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Ovirt-guest-agent intégration in Ubuntu 16.04 Xenial

2016-07-06 Thread Alexis HAUSER
This is what happens when I try to start the ovirt-guest-agent in Ubuntu-Mate 16.04 Xenial, any ideas ? /etc/init.d/ovirt-guest-agent status ● ovirt-guest-agent.service - oVirt Guest Agent Loaded: loaded (/lib/systemd/system/ovirt-guest-agent.service; disabled; vendor preset: enabled)

Re: [ovirt-users] VDI experience to share?

2016-06-28 Thread Alexis HAUSER
>On that same note... I would love to deploy several Thin clients around my >house using a single Centos Server for my kids to use. >Is this still not possible? >Do I still have to assign each of my kids a vm? >Regards, >-- >Fernando Fuentes >ffuen...@txweather.org

[ovirt-users] Stuck process in the "Tasks" tab (webadmin interface)

2016-06-17 Thread Alexis HAUSER
hi, I realized that I still have a process of creating a VM pool in the Tasks since...May 20... How can I check if there is a stuck job or something still trying to do it ? If nothing is going on, how can I clear this from the event logs ? ___ Users

Re: [ovirt-users] VDI experience to share?

2016-06-17 Thread Alexis HAUSER
>we were looking for a prepackaged solution because of the lack of >human resources to devote to the project. >But if pursuing this research becomes too exhausting we would probably >develop a linux solution and in that case the kind of terminal you >suggested is interesting indeed. Hi, I'm

Re: [ovirt-users] RHEV-M installation failure

2016-06-15 Thread Alexis HAUSER
It is telling you where is the log file to check : Log file is located at /var/log/ovirt-hosted-engine-setup/ovirt-hosted-engine-setup-20160614145427-u8mxun.log That would give more details ___ Users mailing list Users@ovirt.org

Re: [ovirt-users] Problem accessing to hosted-engine after wrong network config

2016-06-13 Thread Alexis HAUSER
>Thanks for the report. >Can you please summarize how you solved the wrong-vlan issue? Thanks. Actually, this isn't very clear. After changing the ovirtmgmt VLAN, I wasn't able to access the web interface anymore (or even to ping the FQDN of the hosted-engine VM). After trying a lot of

Re: [ovirt-users] hosted-engine vm-status stale data and cluster seems "broken"

2016-06-13 Thread Alexis HAUSER
> http://imgur.com/a/6xkaS I had similar errors with one single host and a hosted-engine VM. My case should be totally different, but one thing you could try first is to check VM is really up. In my issues, VM was shown by hosted-engine command as up, but was down. with vdsClient command, you

Re: [ovirt-users] Problem accessing to hosted-engine after wrong network config

2016-06-09 Thread Alexis HAUSER
Actually I found my answer : it was just a problem on the NFS share, no relationship with ovirt itself, sorry about that. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Problem accessing to hosted-engine after wrong network config

2016-06-09 Thread Alexis HAUSER
ot;inavtive" and "unknown" Any ideas ? - Mail original - De: "Alexis HAUSER" <alexis.hau...@telecom-bretagne.eu> À: "Martin Polednik" <mpoled...@redhat.com> Cc: "users" <users@ovirt.org> Envoyé: Mercredi 8 Juin 2016

Re: [ovirt-users] Problem accessing to hosted-engine after wrong network config

2016-06-08 Thread Alexis HAUSER
>Wouldn't there be another way to access console from the hypervisor to the >hosted-engine (without X) ? >Not really if you don't have network afaik. Have you done the virsh >command with root permissions? >sudo virsh list >sudo virsh console vm >If list even under root permissions doesn't show

Re: [ovirt-users] Problem accessing to hosted-engine after wrong network config

2016-06-08 Thread Alexis HAUSER
Wouldn't there be another way to access console from the hypervisor to the hosted-engine (without X) ? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Problem accessing to hosted-engine after wrong network config

2016-06-08 Thread Alexis HAUSER
>I'm not sure about first part, but it should be accessible from >engine's hypervisor using QEMU console. You can list VMs running on >the host with >$ virsh -r list That would be nice, but the list is empty...However I can see it with vdsClient -s 0 list and hosted-engine --vm-status after

[ovirt-users] Problem accessing to hosted-engine after wrong network config

2016-06-08 Thread Alexis HAUSER
hi, I made a terrible and stupid mistake : I changed the VLAN of the wrong ovirt network interface : ovirtmgmt... I now don't have anymore access to my hosted engine. I can still access to the host hypervisor anyway. Any idea how I can change the ovirtmgmt VLAN (disabling the option enable

[ovirt-users] Changing ticket duration for VMs

2016-06-07 Thread Alexis HAUSER
Hi, I'm looking for a way to change the duration of all tickets from all VMs. How can I do this ? I'd like to change it to 5 min instead of 2 min. It seems it is possible to change these parameters using the RestAPI, with "action.grace_period.expiry" or "action.ticket.value"... Anyway, these

[ovirt-users] Automated users/groups creation and updating them

2016-06-01 Thread Alexis HAUSER
Hi, I'm trying to find what are the different ways / approaches to automated users/groups creation, based on a LDAP/AD database. This is my first problematic : when a LDAP/AD provider is joined, and a user is created in ovirt from this provider, the user heritates a part of the attributes

Re: [ovirt-users] Can't perform search after setting up an Active Directory

2016-05-31 Thread Alexis HAUSER
>> Thank you, this actually works. Yes, I'll remove it as soon as possible. >> Now with RHEV + AD, it seems better than RHEV + LDAP for groups : it finds >> most of the groups a user belongs to. RHEV + LDAP is only able to find one >> group a user belongs to >>(which is not the same group found

Re: [ovirt-users] Can't perform search after setting up an Active Directory

2016-05-31 Thread Alexis HAUSER
>Until administrators will fix AD servers, in order to use SSL you can >temporarily use following setup: > pool.default.serverset.single.server = AD1 > pool.default.dc-resolve.enable = false > pool.default.ssl.startTLS = true >But this is only temporary solution and you should switch back to

Re: [ovirt-users] Can't perform search after setting up an Active Directory

2016-05-31 Thread Alexis HAUSER
>Oh, I see it, we was blind all the time. The problem is in AD2 and AD3. >AD1 and AD4 are fine. >So yes the problem is on AD side but only for AD2 and AD3, that's why it >worked for >aaa-ldap-setup :) >So actually this command shouldn't work for you: > LDAPTLS_CACERT=/somewhere/myca.pem

Re: [ovirt-users] Can't perform search after setting up an Active Directory

2016-05-30 Thread Alexis HAUSER
>Default password is 'changeit' (without quotes). >Hmm, can you please try use the .jks file generated by aaa-ldap-setup >tool? Just to be sure. I still have the same error with the default jks >Anyway, the strange thing is that aaa-ldap-setup tool passes, but >extension don't work later.

Re: [ovirt-users] Can't perform search after setting up an Active Directory

2016-05-30 Thread Alexis HAUSER
>This is output of installation script >'ovirt-engine-extension-aaa-ldap-setup', which is written in python, but >aaa-ldap extension in Java. So the strange thing is that you can connect >via >startTLS in python script, but later you can't connect with aaa-ldap >Java extension. >Can you please

Re: [ovirt-users] Can't perform search after setting up an Active Directory

2016-05-30 Thread Alexis HAUSER
>'ovirt-engine-extensions-tool' logs would be more helpfull. Here it is : https://bpaste.net/show/a166df875909 I can't see anything else than this SSL error and what seems to be a missing python module : "ImportError: No module named dnf" Can you see something else or do you have any idea of

Re: [ovirt-users] Can't perform search after setting up an Active Directory

2016-05-27 Thread Alexis HAUSER
>Well startTLS is prefered always before ldaps, not only in AD. So maybe >you can open >documentation bug, so we will properly describe how this DNS SRV server >set works and what >needs to be done, to get it properly working. Ok, I'll do that. I counted : that will be my 18th bug in my list

Re: [ovirt-users] Can't perform search after setting up an Active Directory

2016-05-27 Thread Alexis HAUSER
>you use '_ldaps._tcp' in ovirt not '_ldap._tcp' as in dig. >And '_ldaps' is what's missing in your DNS. Oh ! you're right, I didn't even see that ! I was confused by all this. I'll ask someone to add these SRV records. >Unfortunatelly using '_ldaps._tcp' is not any standart. But that's what

Re: [ovirt-users] Can't perform search after setting up an Active Directory

2016-05-26 Thread Alexis HAUSER
This is really weird : If I manually run : dig _ldap._tcp.my_forst_name.com SRV I can see the 4 AD servers in ANSWER, AUTHORITY and ADDITIONAL SECTION If I use : pool.default.serverset.srvrecord.service = ldaps In the logs I see this : "An error occurred while attempting to query DNS in order to

Re: [ovirt-users] Can't perform search after setting up an Active Directory

2016-05-26 Thread Alexis HAUSER
>> Where should I add this ? in /etc/hosts ? Somewhere in the ovirt config ? On >> the DNS server I'm using ? >On DNS you are using, usually on AD DNS. Well actually this DNS name doesn't exist and seem to be only an unspecified variable in ovirt...I have no reason to create a DNS entry for it.

Re: [ovirt-users] Can't perform search after setting up an Active Directory

2016-05-26 Thread Alexis HAUSER
>Please don't port 636 for DNS server, 636 is only for LDAPS protocol: >vars.dns = dns://one.of.adservers.com ​ Ok, but as I explained, even without using 636, the result is the same. When using the option "pool.default.serverset.srvrecord.service = ldaps" and "dns://one.of.adservers.com" I get

Re: [ovirt-users] Can't perform search after setting up an Active Directory

2016-05-26 Thread Alexis HAUSER
>You use 389 with SSL? I guess you wrongly specified it. >But, if you want to use SSL and you have it on 636, then you should >create new SRV dns >records for example: _ldaps._tcp.university.mydomain.com ... 636 Where should I add this ? in /etc/hosts ? Somewhere in the ovirt config ? On the

Re: [ovirt-users] Can't perform search after setting up an Active Directory

2016-05-25 Thread Alexis HAUSER
>Can you please send what's happening during initialization of engine? >(logs right after ovirt-engine is restarted). >Or run this command and send output of file 'login.log': > $ ovirt-engine-extensions-tool --log-level=FINEST --log-file=login.log >aaa login-user --profile=ad

[ovirt-users] Can't perform search after setting up an Active Directory

2016-05-25 Thread Alexis HAUSER
Hi, I added an Active Directory server to RHEV, but I can't perform any search and I don't see any namespace in the interface. I'm able to perform search using with the same search user DN / passwd and certificate : LDAPTLS_CACERT=/somewhere/myca.pem ldapsearch -H ldaps://myserver.com -x -D

Re: [ovirt-users] Clone, template, pools : how does it uses disk space ?

2016-05-23 Thread Alexis HAUSER
>Regarding your examples, I cannot say exactly because of lack of some >details. What storage type are you using? How do you measure the space used >on the physical disk? simply df -h on the PC sharing the NFS storage. >> For example, when making a VM from template, using pre-allocated disk >>

[ovirt-users] Clone, template, pools : how does it uses disk space ?

2016-05-23 Thread Alexis HAUSER
Hi, I would like to know what happens to storage when using the different method of cloning or generating VMs using templates / pools. I'd like to know also in what case VM and virtual disks are totally independent and in what case they are not. Sadly the RHEV documentation doesn't really

Re: [ovirt-users] Errors while trying to join an external LDPA provider

2016-05-23 Thread Alexis HAUSER
> As I explained, my groups are not in the same dn path than my users. As it > is not possible to add multiple dn path, my only solution is to use users. > ​Well, that's the 1st time I've heard​ about LDAP setup where users and > groups of one domain are not under same baseDN. Usually all LDAP

Re: [ovirt-users] Errors while trying to join an external LDPA provider

2016-05-18 Thread Alexis HAUSER
>> Is their a way to search for attributes into the ovirt web interface, for >> example "memberof" ? >> >> I can't imagine adding hundreds or thousand of users one by one...What >> would be the solutions ? >> >You can assign specific permission to the group that relevant users are >member of (we

Re: [ovirt-users] Errors while trying to join an external LDPA provider

2016-05-17 Thread Alexis HAUSER
> > > > Is it possible now to search for groups instead of users / manipulate > > groups in the web interface ? > Sure, if you type some search term into UI users/permissions dialog it > will also search for groups. Is their a way to search for attributes into the ovirt web interface, for

Re: [ovirt-users] Errors while trying to join an external LDPA provider

2016-05-03 Thread Alexis HAUSER
> > > > Is it possible now to search for groups instead of users / manipulate > > groups in the web interface ? > Sure, if you type some search term into UI users/permissions dialog it > will also search for groups. Thank you for all your answers, we can say my problem is now solved >Note in

Re: [ovirt-users] Errors while trying to join an external LDPA provider

2016-05-03 Thread Alexis HAUSER
>Or do you use rfc2307? You can find out running this command: > LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://myldap -b >'ou=people,o=unix,dc=somewhere,dc=any' -D >'cn=mysearchuser,ou=admin,o=unix,dc=somewhere,dc=any' -W >'(&(objectClass=posixAccount)(uid=*)(uid=myuser))' >If ^this

Re: [ovirt-users] Errors while trying to join an external LDPA provider

2016-05-03 Thread Alexis HAUSER
>> However, I can't login with any user...But with ldapsearch I can find those >> users with uid=user >> >> I used ovirt-engine-extensions-tool aaa login-user --profile=xxx >> --user-name=xxx >> and I realize now what is the problem : the available namespaces shows the >> wrong dn. It should

Re: [ovirt-users] Errors while trying to join an external LDPA provider

2016-05-03 Thread Alexis HAUSER
>Are you sure you've specified correct CA? > >Can you try running this command: > LDAPTLS_CACERT=your_ldap_ca_cert.crt ldapsearch -H ldaps://@HOST@ -x >-D '@USERDN@' -w '@USERPW@' -b '@BASEDN@' > >If it fail then most probably you have incorrect CA certificate. >If it succeed, please open bug

Re: [ovirt-users] Errors while trying to join an external LDPA provider

2016-05-02 Thread Alexis HAUSER
>>I am unsure I understand. What is missing in interactive setup to >>properly setup TLS? >>You just enter CA certificte path/url/system and Java keystore file is >>created for you by the tool. >I'll try to generate a new file with the interactive setup and tell you if the >result is

Re: [ovirt-users] Errors while trying to join an external LDPA provider

2016-05-02 Thread Alexis HAUSER
>> Yes this is actually the tool I used first, then I modified manually as on >> the documentation. >> >> The problem in this approach is the fact you need a .profile file to be able >> to set up a TLS connection between the LDAP >and the engine. But this file >> is generated after the

Re: [ovirt-users] Errors while trying to join an external LDPA provider

2016-05-02 Thread Alexis HAUSER
>> Should I report this on the bugzilla ? >> >You can, but I beleive this is not bug, but some misconfiguration, many >times I've tried completelly simillar setup and it worked. > >Btw.. did you used 'ovirt-engine-extension-aaa-ldap-setup'? If not you >can install it. > $ yum install

Re: [ovirt-users] Errors while trying to join an external LDPA provider

2016-04-29 Thread Alexis HAUSER
>> pool.default.ssl.truststore.file = /tmp/.jks > > Maybe trailing space here ^ ? > >> pool.default.ssl.truststore.password = >> > > Sadly it doesn't help > >So please ensure also that file '/tmp/.jks' is readable by ovirt >user. The configuration looks fine. > All permissions are

Re: [ovirt-users] Errors while trying to join an external LDPA provider

2016-04-29 Thread Alexis HAUSER
>> pool.default.ssl.truststore.file = /tmp/.jks > > Maybe trailing space here ^ ? > >> pool.default.ssl.truststore.password = >> > > Sadly it doesn't help > >So please ensure also that file '/tmp/.jks' is readable by ovirt >user. The configuration looks fine. All permissions are

Re: [ovirt-users] Errors while trying to join an external LDPA provider

2016-04-28 Thread Alexis HAUSER
> pool.default.ssl.truststore.file = /tmp/.jks Maybe trailing space here ^ ? > pool.default.ssl.truststore.password = > Sadly it doesn't help ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Errors while trying to join an external LDPA provider

2016-04-28 Thread Alexis HAUSER
Hi, I'm using 3.6.3.4-1.el7.centos and I'm having troubles joining an LDAP provider. When I try to login into the new profile, I get a "general command validation failure" error. This is what I can get from ovirt-engine/engine.log : tail -n 400 /var/log/ovirt-engine/engine.log | grep -i