[ovirt-users] Re: Ovirt API and CLI

2020-03-02 Thread Fabrice Bacchella
I wrote this cli a few years ago:

https://github.com/fbacchella/ovirtcmd 

I'm still using it but didn't have time to improve it since. It might give you 
some idea.

> Le 27 févr. 2020 à 10:43, Eugène Ngontang  a écrit :
> 
> Hi,
> 
> I'm trying to find out there a sort of API or ovirt CLI/SDK in order to be 
> able to interact with my ovirt VMS and associated resources.
> 
> In my architecture, I have an Ovirt virtualization host, with a self-hosted 
> engine VM to manage VMs.
> 
> From the host I have the virsh command to list VMs status, but this doesn't 
> really let me get into VMs management actions like : create, delete, get, 
> reboot, get VMs wide informations (IPs, name, disks.)
> So each time I have to login to the hosted engine web admin page to explore 
> VM, but I'd really like to play with my Ovirt resources from my command line 
> or programatically.
> 
> The ovirt API documentation I've found is really poor, I don't know if 
> someone here has already got the same need and had a good solution.
> 
> Thanks for your help.
> 
> Regards,
> Eugène NG


___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/6KVNH47A5LX5YLMLYBMAMVOUTP6XMCJK/


[ovirt-users] Re: Tesla P4 and /sys/class/mdev_bus/

2019-11-13 Thread Fabrice Bacchella
What version do you talk about ?
The nvidia driver is:

modinfo nvidia
filename:   /lib/modules/3.10.0-1062.4.1.el7.x86_64/extra/nvidia.ko.xz
alias:  char-major-195-*
version:418.87.01



> Le 13 nov. 2019 à 16:04, Kenneth Weade  a écrit :
> 
> ​Ovirt 4.3 only works with new 8.2 drivers from nvidia for some reason.  We 
> ran into the same issue.  9.3/9.4 to be released later this month.
> 
> Kenneth Weade
> 
> From: Fabrice Bacchella 
> Sent: Wednesday, November 13, 2019 4:21 AM
> To: users
> Subject: [ovirt-users] Tesla P4 and /sys/class/mdev_bus/
>  
> I have a Tesla P4 installed on a HPE ProLiant DL360 Gen10 on a CentOS 7.7. 
> The setup was running fine since at least February. I made a successful 
> upgrade from oVirt 4.2 to 4.3 and CentOS 7.6 to CentOS 7.7. I was using in 
> oVirt in a pass-througth setting.
> 
> I made a minor upgrade a few days ago. And since the VM is unable to see the 
> Tesla P4. I think that the main problem is with mdev. vdsm-client Host 
> hostdevListByCaps | grep mdev return nothing. There is no directory 
> /sys/class/mdev_bus.
>  I tried a full modload: modprobe nvidia_vgpu_vfio nvidia vfio_mdev mdev 
> vfio_iommu_type1 vfio nvidia nvidia-modeset nvidia-drm nvidia-uvm vfio-pci. 
> But it does nothing.
> 
> Why did my kernel think the P4 is not mdev-compatible any more ? How can I 
> check that ? I think it break when upgrading my kernel from 
> kernel-3.10.0-1062.1.2.el7.x86_64 to kernel-3.10.0-1062.4.1.el7.x86_64.
> 
> I tried with both the nouveau driver and the nvidia driver.

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/KGZHLNTJUIMZG2JXIJYFLWMZOEGMVXX5/


[ovirt-users] Tesla P4 and /sys/class/mdev_bus/

2019-11-13 Thread Fabrice Bacchella
I have a Tesla P4 installed on a HPE ProLiant DL360 Gen10 on a CentOS 7.7. The 
setup was running fine since at least February. I made a successful upgrade 
from oVirt 4.2 to 4.3 and CentOS 7.6 to CentOS 7.7. I was using in oVirt in a 
pass-througth setting.

I made a minor upgrade a few days ago. And since the VM is unable to see the 
Tesla P4. I think that the main problem is with mdev. vdsm-client Host 
hostdevListByCaps | grep mdev return nothing. There is no directory 
/sys/class/mdev_bus. I tried a full modload: modprobe nvidia_vgpu_vfio nvidia 
vfio_mdev mdev vfio_iommu_type1 vfio nvidia nvidia-modeset nvidia-drm 
nvidia-uvm vfio-pci. But it does nothing.

Why did my kernel think the P4 is not mdev-compatible any more ? How can I 
check that ? I think it break when upgrading my kernel from 
kernel-3.10.0-1062.1.2.el7.x86_64 to kernel-3.10.0-1062.4.1.el7.x86_64.

I tried with both the nouveau driver and the nvidia driver.___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZDRD6GMUMP62B3QKQEZIPAPGX6ITTFXP/


[ovirt-users] CPU Pinning topology

2019-11-06 Thread Fabrice Bacchella
I'm trying to understand the field "CPU Pinning topology" in the "Ressource 
Allocation" tab, that looks it needed by High Performance VM.

I have this hardware:

# lscpu 
Architecture:  x86_64
CPU(s):48
On-line CPU(s) list:   0-47
Thread(s) per core:2
Core(s) per socket:12
Socket(s): 2
NUMA node(s):  2

And I want to run a 22 vCPU vm on it, so no SMT, and 11 vCPU mapped to each 
socket.

The only explanation I found about this field content was here:
https://rhv.bradmin.org/ovirt-engine/docs/Virtual_Machine_Management_Guide/appe-Reference_Settings_in_Administration_Portal_and_User_Portal_Windows.html#Virtual_Machine_Resource_Allocation_settings_explained

and I can wrap my head around it. Do I need to given explicit mapping for all 
the 22 vCPU ? And dig in lscpu -e or numactl -H to find how each pCPU is 
identified ?___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/LWM2V4ULCHWM74CRLDTYTX6QC3Z6F3FR/


[ovirt-users] ovirt and jackson security

2019-10-16 Thread Fabrice Bacchella
When I launch ovirt 4.3.6, I see in the command line of the ovirt-engine:

-Djackson.deserialization.whitelist.packages=org,com,java,javax

That whitelist almost everything. Isn't that dangerous ?

When I read this: 
https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
 I think the white list should be as small as possible.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GZODZPENEN2RU5LJDWXSEYKVRCFPIHOU/


[ovirt-users] Problem with ovirt 4.3 and systemd-journal-gateway

2019-10-08 Thread Fabrice Bacchella
I'm forwarding logs using systemd-journal-gateway 
(https://www.freedesktop.org/software/systemd/man/systemd-journal-gatewayd.service.html)

But it fails with ovirt 4.3 on CentOS 7.7:

lsb_release -a
LSB Version::core-4.1-amd64:core-4.1-noarch
Distributor ID: CentOS
Description:CentOS Linux release 7.7.1908 (Core)
Release:7.7.1908
Codename:   Core


yum update
...
Error: Package: systemd-journal-gateway-219-67.el7_7.1.x86_64 (@updates)
   Requires: libmicrohttpd.so.10()(64bit)
   Removing: libmicrohttpd-0.9.33-2.el7.x86_64 (@base)
   libmicrohttpd.so.10()(64bit)
   Updated By: 1:libmicrohttpd-0.9.59-2.el7.x86_64 
(ovirt-4.3-centos-opstools)
  ~libmicrohttpd.so.12()(64bit)


Is that a known bug ?___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/EKDKNI6XMQYOJHHR3IKERBKPOMCLWHF7/


[ovirt-users] Strange storage data center failure

2019-04-02 Thread Fabrice Bacchella
I have a storage data center that I can't use. It's a local one.

When I look on vdsm.log:
2019-04-02 10:55:48,336+0200 INFO  (jsonrpc/2) [vdsm.api] FINISH 
connectStoragePool error=Cannot find master domain: 
u'spUUID=063d1217-6194-48a0-943e-3d873f2147de, 
msdUUID=49b1bd15-486a-4064-878e-8030c8108e09' from=:::X,59590, 
task_id=a56a5869-a219-4659-baa3-04f673b2ad55 (api:50)
2019-04-02 10:55:48,336+0200 ERROR (jsonrpc/2) [storage.TaskManager.Task] 
(Task='a56a5869-a219-4659-baa3-04f673b2ad55') Unexpected error (task:875)
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/vdsm/storage/task.py", line 882, in 
_run
return fn(*args, **kargs)
  File "", line 2, in connectStoragePool
  File "/usr/lib/python2.7/site-packages/vdsm/common/api.py", line 48, in method
ret = func(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/vdsm/storage/hsm.py", line 1035, in 
connectStoragePool
spUUID, hostID, msdUUID, masterVersion, domainsMap)
  File "/usr/lib/python2.7/site-packages/vdsm/storage/hsm.py", line 1097, in 
_connectStoragePool
res = pool.connect(hostID, msdUUID, masterVersion)
  File "/usr/lib/python2.7/site-packages/vdsm/storage/sp.py", line 700, in 
connect
self.__rebuild(msdUUID=msdUUID, masterVersion=masterVersion)
  File "/usr/lib/python2.7/site-packages/vdsm/storage/sp.py", line 1274, in 
__rebuild
self.setMasterDomain(msdUUID, masterVersion)
  File "/usr/lib/python2.7/site-packages/vdsm/storage/sp.py", line 1495, in 
setMasterDomain
raise se.StoragePoolMasterNotFound(self.spUUID, msdUUID)
StoragePoolMasterNotFound: Cannot find master domain: 
u'spUUID=063d1217-6194-48a0-943e-3d873f2147de, 
msdUUID=49b1bd15-486a-4064-878e-8030c8108e09'
2019-04-02 10:55:48,336+0200 INFO  (jsonrpc/2) [storage.TaskManager.Task] 
(Task='a56a5869-a219-4659-baa3-04f673b2ad55') aborting: Task is aborted: 
"Cannot find master domain: u'spUUID=063d1217-6194-48a0-943e-3d873f2147de, 
msdUUID=49b1bd15-486a-4064-878e-8030c8108e09'" - code 304 (task:1181)

2019-04-02 11:44:50,862+0200 INFO  (jsonrpc/0) [vdsm.api] FINISH getSpmStatus 
error=Unknown pool id, pool not connected: 
(u'063d1217-6194-48a0-943e-3d873f2147de',) from=:::10.83.16.34,46546, 
task_id=cfb1c871-b1d4-4b1a-b2a5-f91ddfaba
54b (api:50)
2019-04-02 11:44:50,862+0200 ERROR (jsonrpc/0) [storage.TaskManager.Task] 
(Task='cfb1c871-b1d4-4b1a-b2a5-f91ddfaba54b') Unexpected error (task:875)
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/vdsm/storage/task.py", line 882, in 
_run
return fn(*args, **kargs)
  File "", line 2, in getSpmStatus
  File "/usr/lib/python2.7/site-packages/vdsm/common/api.py", line 48, in method
ret = func(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/vdsm/storage/hsm.py", line 634, in 
getSpmStatus
pool = self.getPool(spUUID)
  File "/usr/lib/python2.7/site-packages/vdsm/storage/hsm.py", line 350, in 
getPool
raise se.StoragePoolUnknown(spUUID)
StoragePoolUnknown: Unknown pool id, pool not connected: 
(u'063d1217-6194-48a0-943e-3d873f2147de',)


063d1217-6194-48a0-943e-3d873f2147de is indeed the datacenter id and 
49b1bd15-486a-4064-878e-8030c8108e09 the storage domain:


  
fcp

  
  

  
  v4
  

  


On engine.log, I'm also getting:
2019-04-02 11:43:57,531+02 INFO  
[org.ovirt.engine.core.vdsbroker.vdsbroker.HSMGetAllTasksStatusesVDSCommand] 
(EE-ManagedThreadFactory-engineScheduled-Thread-12) [] Command 
'org.ovirt.engine.core.vdsbroker.vdsbroker.HSMGetAllTasksStatusesVDSCommand' 
return value '
TaskStatusListReturn:{status='Status [code=654, message=Not SPM: ()]'}
'

lsblk shows that the requested volumes are here:

lsblk 
NAME
MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
cciss!c0d1  
104:16   0  1.9T  0 disk 
|-49b1bd15--486a--4064--878e--8030c8108e09-metadata 
253:00  512M  0 lvm  
|-49b1bd15--486a--4064--878e--8030c8108e09-outbox   
253:10  128M  0 lvm  
|-49b1bd15--486a--4064--878e--8030c8108e09-xleases  
253:201G  0 lvm  
|-49b1bd15--486a--4064--878e--8030c8108e09-leases   
253:302G  0 lvm  
|-49b1bd15--486a--4064--878e--8030c8108e09-ids  
253:40  128M  0 lvm  
|-49b1bd15--486a--4064--878e--8030c8108e09-inbox
253:50  128M  0 lvm  
|-49b1bd15--486a--4064--878e--8030c8108e09-master   
253:601G  0 lvm  
|-49b1bd15--486a--4064--878e--8030c8108e09-6225ddc3--b600--49ef--8de4--6e53bf4cad1f
 253:70  128M  0 lvm  
`-49b1bd15--486a--4064--878e--8030c8108e09-bdac3a3a--8633--41bf--921d--db2cf31f5d1c
 253:80  128M  0 lvm  

There is no usefull data on them. So I don't mind destroying everything. 

[ovirt-users] ovirt and blk-mq

2019-03-13 Thread Fabrice Bacchella
When checking block device configuration, on an ovirt configuration using a 
SAN, I found this line:

dm/use_blk_mq:0

Did someone try it, by adding in the kernel command line: 
dm_mod.use_blk_mq=y

I'm not sure, but it might improve performance on multipath, even on spinning 
rust.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/Y7MIRKLDCOJWLRS2EI5WE4XMZEWK5RBD/


[ovirt-users] Re: Timestamp offset in engine.log

2019-03-09 Thread Fabrice Bacchella


> Le 7 mars 2019 à 15:26, Ian Fraser  a écrit :
> 
> Hello, 
> 
> I am trying to follow the instructions for installing the metrics store
> and a prerequisite is ensuring the timestamps in /var/log/ovirt-
> engine/engine.log include a UTC offset (at bottom of this page: 
> https://www.ovirt.org/documentation/metrics-install-guide/Introduction.html
> ). Mine currently do not (i.e. they look like "2019-03-07
> 14:14:23,223Z").

Z is a UTC offset, it's an alias to +00:00
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/H6M5SHE24MIVXWHQ6YVKPRZS4KLPV5M4/


[ovirt-users] Re: Which option is best for storage?

2019-01-04 Thread Fabrice Bacchella
It works with SAN on SAS too, with a cost between iSCSI and FC.

> Le 4 janv. 2019 à 08:31, ge...@pdclouds.com.au a écrit :
> 
> Hi,
> 
> Which is the preferred option for connecting oVirt VM farm to SAN/NAS?
> 
> NFS (10G), iSCSI (10G) or FC (8G)?
> 
> We are confused, some people say iSCSI is preferred and others say NFS 
> performs the better than iSCSI, but FC is most expensive but performs the 
> best overall
> 
> Would value expert opinion.
> 
> Cheers
> Geoff 
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/HEIWQ5DOON47MPF4ZKE2RGD3ZEJAQ5QK/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RPFVRRNIQMGNEXQ7ESF6XWAZS5GZOAPD/


[ovirt-users] Re: Lots of storage.MailBox.SpmMailMonitor

2018-11-23 Thread Fabrice Bacchella


> Le 22 nov. 2018 à 20:53, Nir Soffer  a écrit :
> 
> On Thu, Nov 22, 2018, 13:43 Fabrice Bacchella  <mailto:fabrice.bacche...@icloud.com> wrote:
> My vdsm log files are huge:
> 
> -rw-r--r--  1 vdsm kvm  1.8G Nov 22 11:32 vdsm.log
> 
> And this is juste half an hour of logs:
> 
> $ head -1 vdsm.log
> 2018-11-22 11:01:12,132+0100 ERROR (mailbox-spm) 
> [storage.MailBox.SpmMailMonitor] mailbox 2 checksum failed, not clearing 
> mailbox, clearing new mail (data='...lots of data', 
> expected='\xa4\x06\x08\x00') (mailbox:612)
> 

> 
> blkdiscard -z /dev/domain-uuid/{inbox,outbox}

This command solved my problem for now. They was too much logs to send. So I 
purged all my logs and will open a bug if this problem come again.___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RASLCKC3MTFNZOQEDEIJKU32UNZK3VXW/


[ovirt-users] Lots of storage.MailBox.SpmMailMonitor

2018-11-22 Thread Fabrice Bacchella
My vdsm log files are huge:

-rw-r--r--  1 vdsm kvm  1.8G Nov 22 11:32 vdsm.log

And this is juste half an hour of logs:

$ head -1 vdsm.log
2018-11-22 11:01:12,132+0100 ERROR (mailbox-spm) 
[storage.MailBox.SpmMailMonitor] mailbox 2 checksum failed, not clearing 
mailbox, clearing new mail (data='...lots of data', 
expected='\xa4\x06\x08\x00') (mailbox:612)

I just upgraded vdsm:
$ rpm -qi vdsm
Name: vdsm
Version : 4.20.43

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FJ6KIEOXEEFFZSJOT2ZF4TRKQ5NCP4OQ/


[ovirt-users] Re: huge page in ovirt 4.2.7

2018-11-15 Thread Fabrice Bacchella


> Le 14 nov. 2018 à 21:47, Sharon Gratch  a écrit :
> 
> Hi Fabrice,
> 
> The "hugepages" custom property value in oVirt should be set to size of the 
> pages in KiB (i.e. 1GiB = 1048576, 2MiB = 2048).
> In addition, it is recommended to set the huge page size of the VM to the 
> largest size supported by the host.
> 
> In the configuration you sent, the huge page size of the VM is set to 64 KiB 
> and since the VM's allocated memory size is at least 32,768 MiB then it 
> requires at least (32768 * 1024/64=) 524,288 pages. Since you only have 120 
> pages declared in the host then it failed with an error "...there are not 
> enough free huge pages to run the VM".
> 
> 
> So to solve the problem, please change the VM's huge page size to be the same 
> as the host's huge page supported size which is 1GiB and therefore hugepages 
> value should be 1048576 KiB instead of 64:
> 
>   hugepages
>   1048576
> 
> 

Indeed, it solve directly the problem. Thanks!

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZGWAMY4VZTKMBSEHSWPNBRTF57SAKXCZ/


[ovirt-users] huge page in ovirt 4.2.7

2018-11-14 Thread Fabrice Bacchella
I'm trying to understand huge page in oVirt, I'm quite sure to understand it 
well.

I have an host with 128GiB. I have configured reserved huge page:

cat /proc/cmdline 

... hugepagesz=1GB hugepages=120

$ grep -r . /sys/kernel/mm/hugepages
/sys/kernel/mm/hugepages/hugepages-1048576kB/nr_overcommit_hugepages:0
/sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages:120
/sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages_mempolicy:120
/sys/kernel/mm/hugepages/hugepages-1048576kB/surplus_hugepages:0
/sys/kernel/mm/hugepages/hugepages-1048576kB/resv_hugepages:0
/sys/kernel/mm/hugepages/hugepages-1048576kB/free_hugepages:120
/sys/kernel/mm/hugepages/hugepages-2048kB/nr_overcommit_hugepages:0
/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages:0
/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages_mempolicy:0
/sys/kernel/mm/hugepages/hugepages-2048kB/surplus_hugepages:0
/sys/kernel/mm/hugepages/hugepages-2048kB/resv_hugepages:0
/sys/kernel/mm/hugepages/hugepages-2048kB/free_hugepages:0

I have a big VM running on it:
  

  hugepages
  64

  
  68719476736, aka 65536 MiB
  
34359738368, aka 32768 MiB
68719476736
  

And it keep failing when I want to start it:
/var/log/ovirt-engine/engine.log:2018-11-14 12:56:06,937+01 ERROR 
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default 
task-66) [13c13a2c-f973-4ba2-b8bd-260e5b35a047] EVENT_ID: 
USER_FAILED_RUN_VM(54), Failed to run VM XXX due to a failed validation: 
[Cannot run VM. There is no host that satisfies current scheduling constraints. 
See below for details:, The host XXX did not satisfy internal filter HugePages 
because there are not enough free huge pages to run the VM.]

The huge page fs is mounted:

$ findmnt
| |-/dev/hugepages1G  hugetlbfs  hugetlbfs   
rw,relatime,pagesize=1G
| `-/dev/hugepageshugetlbfs  hugetlbfs   rw,relatime

What am I missing ?___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VTYKTSSAXQQLS5HO5KOQSBDIHPTAHTOR/


[ovirt-users] Re: high load on hosts

2018-10-24 Thread Fabrice Bacchella


> Le 23 oct. 2018 à 16:30, Oliver Riesener  a 
> écrit :
> 
> Yes, you are right, load 30 with a 2 CPU VM is nearly impossible.
> 
Load on linux is a poor indicator, Brendan explan why: 
http://www.brendangregg.com/blog/2017-08-08/linux-load-averages.html

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/A3BPDDF7T33HXYFP5JCEMZG43YE7JWLM/


[ovirt-users] Re: [ANN] oVirt 4.2.6 is now generally available

2018-09-05 Thread Fabrice Bacchella


> Le 3 sept. 2018 à 18:31, Nir Soffer  a écrit :
> 
> On Mon, Sep 3, 2018 at 5:07 PM Fabrice Bacchella  <mailto:fabrice.bacche...@orange.fr>> wrote:
> In the release notes, I see:
> 
> • BZ 1622700 [downstream clone - 4.2.6] [RFE][Dalton] - Blacklist all local 
> disk in multipath on RHEL / RHEV Host (RHEL 7.5)
> Feature:
> Blacklist local devices in multipath. 
> 
> Reason: 
> multipath repeatedly logs irrelevant errors for local devices.
> 
> Result: 
> Local devices are blacklisted, and no irrelevant errors are logged anymore.
> 
> What defines a local disk ? I'm using a SAN on SAS. For many peoples, SAS is 
> only for local disks, but that's not the case. Will other 4.2.6 will detect 
> that ?
> 
> We don't have any support for SAS.
> 

What you call SAS is any block device we might want to attach directly and let 
oVirt manage. I was doing the same thing on old HPE hardware, using old smart 
array controlers. I gave the raw device to ovirt. After an upgrade, it fails as 
it was
blacklisted. I need to add it  to the blacklist exceptions:

cat /etc/multipath/conf.d/enable-sas.conf 
blacklist_exceptions {
protocol "cciss"
}

I think your default rule is quite hard, and can brake many existing setup:

multipathd show blacklist
...
protocol rules:
- blacklist:
(config file rule) .*
- exceptions:
(config file rule) (scsi:fcp|scsi:iscsi)
(config file rule) cciss  <-- mine

 

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/LBMFW6QF44VBW3MYRF6WBYWS5CCSMIRK/


[ovirt-users] Re: problem with multipath.conf

2018-09-05 Thread Fabrice Bacchella
In almost the same configuration, the protocol was detected as being 
scsi:unspec, did you try that ?

> 
> Le 5 sept. 2018 à 10:23, g.vasilopou...@uoc.gr a écrit :
> 
> Thank you very much for your answer, somehow the exception did not work, but 
> I guess it is ok it is not a shared storage, it is a dual sas port external 
> JBOD box. I guess multipath is not really needed in that case
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/7AC3XX5SSIE26YT5Y2WVHKISDX6S7NAW/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YHTLASZXFA2OSOXL7UDRVCLL4RJ26A37/


[ovirt-users] Re: [ANN] oVirt 4.2.6 is now generally available

2018-09-05 Thread Fabrice Bacchella


> Le 4 sept. 2018 à 21:56, Nir Soffer  a écrit :
> 
> 

> For reference, I just installed multipath on CentOS:
> 
> # cat /etc/redhat-release 
> CentOS Linux release 7.5.1804 (Core) 
> 
> # rpm -q device-mapper-multipath
> device-mapper-multipath-0.4.9-119.el7_5.1.x86_64
> 
> # lsblk
> NAMEMAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
> sda   8:00   50G  0 disk 
> ├─sda18:101G  0 part /boot
> └─sda28:20   49G  0 part 
>   ├─centos_voodoo4-root 253:00 45.1G  0 lvm  /
>   └─centos_voodoo4-swap 253:10  3.9G  0 lvm  [SWAP]
> sr0  11:01 1024M  0 rom  
> 
> # multipathd show paths format "%d %P"
> dev protocol   
> sda scsi:unspec
> 
> # man multipath.conf 
> ...
> blacklist section
> ...
>protocol Regular expression of the protocol to be excluded. 
> See below for a list of recognized protocols
> ...
>The  protocol strings that multipath recognizes are scsi:fcp, 
> scsi:spi, scsi:ssa, scsi:sbp, scsi:srp, scsi:iscsi, scsi:sas, scsi:adt, 
> scsi:ata, scsi:unspec, ccw, cciss, nvme, and
>undef.  The protocol that a path is using can be viewed by running 
> multipathd show paths format "%d %P"
> 

My version:
device-mapper-multipath-0.4.9-119.el7.x86_64

yours:
> device-mapper-multipath-0.4.9-119.el7_5.1.x86_64

So this is quite new.

After a yum update it's much 'better':

~$ sudo multipathd show paths format "%d %P"
dev  protocol   
sddi scsi:unspec
sddj scsi:unspec
sda  scsi:unspec
sdc  scsi:unspec
sdd  scsi:unspec

But as it's not in the blacklist_exceptions, that's what I will need to add.

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/C2LI5HWVME5SJ2RXJDG2E2PQHWV3G5C6/


[ovirt-users] Re: [ANN] oVirt 4.2.6 is now generally available

2018-09-04 Thread Fabrice Bacchella


> Le 3 sept. 2018 à 19:15, Nir Soffer  a écrit :

Thank you for you help, but I'm still not out of trouble.

> 
> On Mon, Sep 3, 2018 at 8:01 PM Fabrice Bacchella 
>  wrote:
> 
>> Le 3 sept. 2018 à 18:31, Nir Soffer  a écrit :
>> 
>> On Mon, Sep 3, 2018 at 5:07 PM Fabrice Bacchella 
>>  wrote:
>> In the release notes, I see:
>> 
>> • BZ 1622700 [downstream clone - 4.2.6] [RFE][Dalton] - Blacklist all local 
>> disk in multipath on RHEL / RHEV Host (RHEL 7.5)
>> Feature:
>> Blacklist local devices in multipath. 
>> 
>> Reason: 
>> multipath repeatedly logs irrelevant errors for local devices.
>> 
>> Result: 
>> Local devices are blacklisted, and no irrelevant errors are logged anymore.
>> 
>> What defines a local disk ? I'm using a SAN on SAS. For many peoples, SAS is 
>> only for local disks, but that's not the case. Will other 4.2.6 will detect 
>> that ?
>> 
>> We don't have any support for SAS.
>> 
>> If you SAS drives are attached to the host using FC or iSCSI, you are fine.
> 
> Nope, they are attached using SAS.
> 
> I guess oVirt see them as FCP devices?

yes, in ovirt UI, I've configured my storage to be on FCP, and everything 
worked well since 3.6.

> 
> Are these disks connected to multiple hosts?

Yes, that's a real SAN, multi-attached to HPE's blades
> 
> Please share the output of:
> 
> vdsm-client Host getDeviceList

Things are strange:

{
"status": "used", 
"vendorID": "HP iLO", 
"GUID": "HP_iLO_LUN_01_Media_0_02660A01-0:1", 
"capacity": "1073741824", 
"fwrev": "2.10", 
"discard_zeroes_data": 0, 
"vgUUID": "", 
"pathlist": [], 
"pvsize": "", 
"discard_max_bytes": 0, 
"pathstatus": [
{
"capacity": "1073741824", 
"physdev": "sddj", 
"type": "FCP", 
"state": "active", 
"lun": "1"
}
], 
"devtype": "FCP", 
"physicalblocksize": "512", 
"pvUUID": "", 
"serial": "", 
"logicalblocksize": "512", 
"productID": "LUN 01 Media 0"
},
...
{
"status": "used", 
"vendorID": "HP", 
"GUID": "3600c0ff0002631c42168f1560100", 
"capacity": "1198996324352", 
"fwrev": "G22x", 
"discard_zeroes_data": 0, 
"vgUUID": "xGCmpC-DhHe-3v6v-6LJw-iS24-ExCE-0Hv48U", 
"pathlist": [], 
"pvsize": "1198698528768", 
"discard_max_bytes": 0, 
"pathstatus": [
{
"capacity": "1198996324352", 
"physdev": "sdc", 
"type": "FCP", 
"state": "active", 
"lun": "16"
}, 
{
"capacity": "1198996324352", 
"physdev": "sds", 
"type": "FCP", 
"state": "active", 
"lun": "16"
}, 


...

The first one is an embedded flash drive:
lrwxrwxrwx 1 root root 10 Jul 12 17:11 
/dev/disk/by-id/usb-HP_iLO_LUN_01_Media_0_02660A01-0:1 -> ../../sddj
lrwxrwxrwx 1 root root 10 Jul 12 17:11 
/dev/disk/by-path/pci-:00:14.0-usb-0:3.1:1.0-scsi-0:0:0:1 -> ../../sddj

So why "type": "FCP",  ?

The second is indeed a SAS drives behind a SAS SAN (a MSA 2040 SAS from HPE).


>  ...
> Where do I find the protocol multipath thinks the drives are using ?
> 
> multipath.conf(5) says:
> 
>The protocol strings that multipath recognizes are scsi:fcp, scsi:spi, 
> scsi:ssa, scsi:sbp,
>scsi:srp, scsi:iscsi, scsi:sas, scsi:adt, scsi:ata, scsi:unspec, ccw, 
> cciss, nvme,  and
>undef.  The protocol that a path is using can be viewed by running 
> multipathd show
>paths format "%d %P"

I have a centos 7.5:

lsb_release -a
LSB Version::core-4.1-amd64:core-4.1-noarch
Distributor ID: CentOS
Description:CentOS Linux release 7.5.1804 (Core) 
Release:7.5.1804
C

[ovirt-users] Re: [ANN] oVirt 4.2.6 is now generally available

2018-09-03 Thread Fabrice Bacchella


> Le 3 sept. 2018 à 18:31, Nir Soffer  a écrit :
> 
> On Mon, Sep 3, 2018 at 5:07 PM Fabrice Bacchella  <mailto:fabrice.bacche...@orange.fr>> wrote:
> In the release notes, I see:
> 
> • BZ 1622700 [downstream clone - 4.2.6] [RFE][Dalton] - Blacklist all local 
> disk in multipath on RHEL / RHEV Host (RHEL 7.5)
> Feature:
> Blacklist local devices in multipath. 
> 
> Reason: 
> multipath repeatedly logs irrelevant errors for local devices.
> 
> Result: 
> Local devices are blacklisted, and no irrelevant errors are logged anymore.
> 
> What defines a local disk ? I'm using a SAN on SAS. For many peoples, SAS is 
> only for local disks, but that's not the case. Will other 4.2.6 will detect 
> that ?
> 
> We don't have any support for SAS.
> 
> If you SAS drives are attached to the host using FC or iSCSI, you are fine.

Nope, they are attached using SAS.

In /dev/disk, they show as:

ls -l /dev/disk/by-*/*:16
lrwxrwxrwx 1 root root  9 Sep  3 18:01 
/dev/disk/by-path/pci-:87:00.0-scsi-0:2:1:16 -> ../../sdc
lrwxrwxrwx 1 root root  9 Sep  3 18:01 
/dev/disk/by-path/pci-:87:00.0-scsi-0:2:2:16 -> ../../sds
lrwxrwxrwx 1 root root 10 Sep  3 18:01 
/dev/disk/by-path/pci-:87:00.0-scsi-0:2:3:16 -> ../../sdai
lrwxrwxrwx 1 root root 10 Sep  3 18:01 
/dev/disk/by-path/pci-:87:00.0-scsi-0:2:4:16 -> ../../sdaz
lrwxrwxrwx 1 root root 10 Sep  3 18:01 
/dev/disk/by-path/pci-:87:00.0-scsi-0:2:5:16 -> ../../sdbq
lrwxrwxrwx 1 root root 10 Sep  3 18:01 
/dev/disk/by-path/pci-:87:00.0-scsi-0:2:6:16 -> ../../sdar
lrwxrwxrwx 1 root root 10 Sep  3 18:01 
/dev/disk/by-path/pci-:87:00.0-scsi-0:2:7:16 -> ../../sdch
lrwxrwxrwx 1 root root 10 Sep  3 18:01 
/dev/disk/by-path/pci-:87:00.0-scsi-0:2:8:16 -> ../../sdcv

ls -l /dev/disk/by-* | grep sdcv
lrwxrwxrwx 1 root root 10 Sep  3 18:01 scsi-3600c0ff0002631c42168f1560100 
-> ../../sdcv
lrwxrwxrwx 1 root root 10 Sep  3 18:01 wwn-0x600c0ff0002631c42168f1560100 
-> ../../sdcv
lrwxrwxrwx 1 root root 10 Sep  3 18:01 pci-:87:00.0-scsi-0:2:8:16 -> 
../../sdcv



> 
> If your drives are connected in another way, you probably need to edit 
> /etc/multipath.conf.
> 
> The current setting is:
> 
> blacklist_exceptions {
> protocol "(scsi:fcp|scsi:iscsi)"  
>   
>   
> }
> 

Where do I find the protocol multipath thinks the drives are using ?
 ___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/N4LNGVS5AK4PQJ4WHNQZ6ZFYANZJZLTK/


[ovirt-users] Re: [ANN] oVirt 4.2.6 is now generally available

2018-09-03 Thread Fabrice Bacchella
In the release notes, I see:

• BZ 1622700 [downstream clone - 4.2.6] [RFE][Dalton] - Blacklist all local 
disk in multipath on RHEL / RHEV Host (RHEL 7.5)
Feature:
Blacklist local devices in multipath. 

Reason: 
multipath repeatedly logs irrelevant errors for local devices.

Result: 
Local devices are blacklisted, and no irrelevant errors are logged anymore.

What defines a local disk ? I'm using a SAN on SAS. For many peoples, SAS is 
only for local disks, but that's not the case. Will other 4.2.6 will detect 
that ?

BZ 1622700 is private, I can't check it.


> Le 3 sept. 2018 à 13:57, Sandro Bonazzola  a écrit :
> 
> The oVirt Project is pleased to announce the general availability of oVirt 
> 4.2.6, as of September 3rd, 2018.
>  
> This update is the sixth in a series of stabilization updates to the 4.2 
> series.
> This is pre-release software. This pre-release should not to be used in 
> production.
>  
> This release is available now for:
> * Red Hat Enterprise Linux 7.5 or later
> * CentOS Linux (or similar) 7.5 or later
>  
> This release supports Hypervisor Hosts running:
> * Red Hat Enterprise Linux 7.5 or later
> * CentOS Linux (or similar) 7.5 or later
>  
> See the release notes [1] for installation / upgrade instructions and
> a list of new features and bugs fixed.
>  
> Notes:
> - oVirt Appliance is available
> - oVirt Node is available [2]
> - oVirt Windows Guest Tools is available [2]
>  
> Additional Resources:
> * Read more about the oVirt 4.2.6 release 
> highlights:http://www.ovirt.org/release/4.2.6/
> * Get more oVirt Project updates on Twitter: https://twitter.com/ovirt
> * Check out the latest project news on the oVirt 
> blog:http://www.ovirt.org/blog/
>  
> [1] http://www.ovirt.org/release/4.2.6/
> [2] http://resources.ovirt.org/pub/ovirt-4.2/iso/
> 
> -- 
> SANDRO BONAZZOLA
> MANAGER, SOFTWARE ENGINEERING, EMEA R RHV
> Red Hat EMEA
> sbona...@redhat.com   
> 
> 
> 
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/RFEQ5JK2RZM3Q7U3RDARIV7ZPDMHSPW2/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/D4GNS3AHS3PV7LACHWK5TOP6DVWB2URD/


[ovirt-users] Re: Self hosted to bare metal engine

2018-07-25 Thread Fabrice Bacchella
I never used self-hosted, I don't know if there is something particular about 
that.

But the idea is that ovirt can run quite a longtime without the engine.

> Le 25 juil. 2018 à 20:37, Christophe TREFOIS  a 
> écrit :
> 
> Here is from self hosted to VM non oVirt.
> 
> Do you know it’s the similar process?
> 
> Thanks
> 
> Sent from my iPhone
> 
>> On 25 Jul 2018, at 19:10, Fabrice Bacchella  
>> wrote:
>> 
>> I have done something similar once, from a non-ovirt VM to bare metal. I run 
>> it as a disaster recovery, with an ovirt backup. Everything went fine. I 
>> didn't change the hostname, to be sure ; I don't know if it provides any 
>> help.
>> 
>>> Le 25 juil. 2018 à 18:42, Christophe TREFOIS  a 
>>> écrit :
>>> 
>>> Hi,
>>> 
>>> What would be the process to go from self hosted engine to bare metal 
>>> engine?
>>> 
>>> (Actually it would move to a VM in a VMware cluster) 
>>> 
>>> All user guides I found are from bare metal to self hosted.
>>> 
>>> Thanks for any tips or pointers
>>> Christophe 
>>> 
>> 
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/Q5BXQ7V743IH6MHLMF3PFJT5P7J6IFOM/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/CUADAF2KCDWHHWDZ4ITM7XLONGNLEBK5/


[ovirt-users] Re: Self hosted to bare metal engine

2018-07-25 Thread Fabrice Bacchella
I have done something similar once, from a non-ovirt VM to bare metal. I run it 
as a disaster recovery, with an ovirt backup. Everything went fine. I didn't 
change the hostname, to be sure ; I don't know if it provides any help.

> Le 25 juil. 2018 à 18:42, Christophe TREFOIS  a 
> écrit :
> 
> Hi,
> 
> What would be the process to go from self hosted engine to bare metal engine?
> 
> (Actually it would move to a VM in a VMware cluster) 
> 
> All user guides I found are from bare metal to self hosted.
> 
> Thanks for any tips or pointers
> Christophe 
> 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/H33KP3XRUJPWVKIHIWEMB4IXHHWQEDQE/


[ovirt-users] Re: interface up when not used

2018-07-25 Thread Fabrice Bacchella


> Le 25 juil. 2018 à 13:42, Edward Haas  a écrit :
> 
> 
> 
> On Tue, Jul 24, 2018 at 1:08 PM, Fabrice Bacchella 
> mailto:fabrice.bacche...@orange.fr>> wrote:
> 
> 
>> Le 24 juil. 2018 à 11:50, Dominik Holler > <mailto:dhol...@redhat.com>> a écrit :
>> 
>> On Tue, 24 Jul 2018 11:04:58 +0200
>> Fabrice Bacchella > <mailto:fabrice.bacche...@orange.fr>> wrote:
>> 
>>> To monitoring the network interfaces, I have a script that check if
>>> ifAdminStatus and ifOperStatus values matches in snmp.
>>> 
>>> But with oVirt it fails on a server with 4 physical interfaces, but
>>> only two connected, and return an error:
>>> 
>> 
>> You want that eth0 and eth1 are UP, and eth2 and eth3 are DOWN?
> 
> Yes.
> 
>> 
>>> snmptable XXX IF-MIB::ifTable | less
>>> SNMP table: IF-MIB::ifTable
>>> 
>>> ifIndex ifDescr ifAdminStatus ifOperStatus
>>>   1  loup   up
>>>   2eth0up   up
>>>   3eth1up   up
>>>   4eth2up down
>>>   5eth3up down
>>>  24 ;vdsmdummy;  down down
>>>  25   vnet0up   up
>>> 
>>> 
>>> And indeed on the server:
>>> 
>>> ip link show eth2
>>> 4: eth2:  mtu 1500 qdisc mq state
>>> DOWN mode DEFAULT group default qlen 1000 link/ether
>>> 40:a8:f0:30:81:1a brd ff:ff:ff:ff:ff:ff
>>> 
>> 
>> looks like eth2 is DOWN, as expected.
> 
> It's in state DOWN, but marked UP anyway.
> 
> A really DOWN interface is shown as (on another server, not an ovirt host):
> 
> 4: eth2:  mtu 1500 qdisc noop state DOWN mode DEFAULT 
> group default qlen 1000
> link/ether a0:d3:c1:fa:8c:8a brd ff:ff:ff:ff:ff:ff
> 
> 
>> 
>> eth2 seems to be in state DOWN, which seems to be reflected in
>> ifOperStatus.
> 
> Yes it match. The state is reflected in the ifOperStatus. The ifAdminStatus 
> match the UP in the <...>
> 
>> 
>> Is the issue that ifAdminStatus is up for eth2 and eth3, but you want
>> it to be down?
> 
> That's it. I never ask it to be in such state.
> 
> 
> If eth2 and eth3 are not defined under oVirt control, I see no reason for the 
> system to touch it.
> Perhaps, you machine has these interfaces under NetworkManager control (you 
> can do "nmcli device" to check it),
> in that case, NM will keep the admin state up and monitor it.
> If you want it down, mark the interfaces as unmanaged (by NM) and perform an 
> ifdown on them.
> 
> Let us know if it helped.
>  

I added:

diff --git a/NetworkManager/NetworkManager.conf 
b/NetworkManager/NetworkManager.conf
index 1979ea6..420aba5 100644
--- a/NetworkManager/NetworkManager.conf
+++ b/NetworkManager/NetworkManager.conf
@@ -48,3 +48,5 @@
 #
 #level=TRACE
 #domains=ALL
+[keyfile]
+unmanaged-devices=eth2;eth3


And indeed it solves my problem with no unwanted side effects.___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/47HN5WUYQ2NKNM4NHO224AKA64GPRBE5/


[ovirt-users] Re: interface up when not used

2018-07-25 Thread Fabrice Bacchella


> Le 25 juil. 2018 à 13:42, Edward Haas  a écrit :
> 
> 
> 
> On Tue, Jul 24, 2018 at 1:08 PM, Fabrice Bacchella 
>  wrote:
> 
> 
>> Le 24 juil. 2018 à 11:50, Dominik Holler  a écrit :
>> 
>> On Tue, 24 Jul 2018 11:04:58 +0200
>> Fabrice Bacchella  wrote:
>> 
>>> To monitoring the network interfaces, I have a script that check if
>>> ifAdminStatus and ifOperStatus values matches in snmp.
>>> 
>>> But with oVirt it fails on a server with 4 physical interfaces, but
>>> only two connected, and return an error:
>>> 
>> 
>> You want that eth0 and eth1 are UP, and eth2 and eth3 are DOWN?
> 
> Yes.
> 
>> 
>>> snmptable XXX IF-MIB::ifTable | less
>>> SNMP table: IF-MIB::ifTable
>>> 
>>> ifIndex ifDescr ifAdminStatus ifOperStatus
>>>   1  loup   up
>>>   2eth0up   up
>>>   3eth1up   up
>>>   4eth2up down
>>>   5eth3up down
>>>  24 ;vdsmdummy;  down down
>>>  25   vnet0up   up
>>> 
>>> 
>>> And indeed on the server:
>>> 
>>> ip link show eth2
>>> 4: eth2:  mtu 1500 qdisc mq state
>>> DOWN mode DEFAULT group default qlen 1000 link/ether
>>> 40:a8:f0:30:81:1a brd ff:ff:ff:ff:ff:ff
>>> 
>> 
>> looks like eth2 is DOWN, as expected.
> 
> It's in state DOWN, but marked UP anyway.
> 
> A really DOWN interface is shown as (on another server, not an ovirt host):
> 
> 4: eth2:  mtu 1500 qdisc noop state DOWN mode DEFAULT 
> group default qlen 1000
> link/ether a0:d3:c1:fa:8c:8a brd ff:ff:ff:ff:ff:ff
> 
> 
>> 
>> eth2 seems to be in state DOWN, which seems to be reflected in
>> ifOperStatus.
> 
> Yes it match. The state is reflected in the ifOperStatus. The ifAdminStatus 
> match the UP in the <...>
> 
>> 
>> Is the issue that ifAdminStatus is up for eth2 and eth3, but you want
>> it to be down?
> 
> That's it. I never ask it to be in such state.
> 
> 
> If eth2 and eth3 are not defined under oVirt control, I see no reason for the 
> system to touch it.
> Perhaps, you machine has these interfaces under NetworkManager control (you 
> can do "nmcli device" to check it),
> in that case, NM will keep the admin state up and monitor it.
> If you want it down, mark the interfaces as unmanaged (by NM) and perform an 
> ifdown on them.
> 
> Let us know if it helped.
>  

nmcli indeed shows:
DEVICE   TYPE  STATE CONNECTION 
eth2 ethernet  disconnected  -- 
eth3 ethernet  disconnected  -- 
vnet0tun   disconnected  -- 
bond0bond  unmanaged -- 
eth0 ethernet  unmanaged -- 
eth1 ethernet  unmanaged -- 

I wonder why it wants to manage vnet0 too.

That's exactly for think kind of things that I usually uninstall any 
NetworkManager components on my servers. But oVirt wants it, it should them 
managed them:

yum erase NetworkManager
...
Removing for dependencies:
 cockpit-networkmanagernoarch   
  169-1.el7.centos   @extras
149 k
 cockpit-ovirt-dashboard   noarch   
  0.11.28-1.el7  @ovirt-4.2 
 15 M
 ovirt-hostx86_64   
  4.2.3-1.el7@ovirt-4.2 
 11 k
 ovirt-hosted-engine-setup noarch   
  2.2.22.1-1.el7 @ovirt-4.2 
2.2 M



___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/EOHEDY6ANEMZRJWY7WOURBJDGGFJ7TAV/


[ovirt-users] Re: interface up when not used

2018-07-24 Thread Fabrice Bacchella


> Le 24 juil. 2018 à 11:50, Dominik Holler  a écrit :
> 
> On Tue, 24 Jul 2018 11:04:58 +0200
> Fabrice Bacchella  <mailto:fabrice.bacche...@orange.fr>> wrote:
> 
>> To monitoring the network interfaces, I have a script that check if
>> ifAdminStatus and ifOperStatus values matches in snmp.
>> 
>> But with oVirt it fails on a server with 4 physical interfaces, but
>> only two connected, and return an error:
>> 
> 
> You want that eth0 and eth1 are UP, and eth2 and eth3 are DOWN?

Yes.

> 
>> snmptable XXX IF-MIB::ifTable | less
>> SNMP table: IF-MIB::ifTable
>> 
>> ifIndex ifDescr ifAdminStatus ifOperStatus
>>   1  loup   up
>>   2eth0up   up
>>   3eth1up   up
>>   4eth2up down
>>   5eth3up down
>>  24 ;vdsmdummy;  down down
>>  25   vnet0up   up
>> 
>> 
>> And indeed on the server:
>> 
>> ip link show eth2
>> 4: eth2:  mtu 1500 qdisc mq state
>> DOWN mode DEFAULT group default qlen 1000 link/ether
>> 40:a8:f0:30:81:1a brd ff:ff:ff:ff:ff:ff
>> 
> 
> looks like eth2 is DOWN, as expected.

It's in state DOWN, but marked UP anyway.

A really DOWN interface is shown as (on another server, not an ovirt host):

4: eth2:  mtu 1500 qdisc noop state DOWN mode DEFAULT 
group default qlen 1000
link/ether a0:d3:c1:fa:8c:8a brd ff:ff:ff:ff:ff:ff


> 
> eth2 seems to be in state DOWN, which seems to be reflected in
> ifOperStatus.

Yes it match. The state is reflected in the ifOperStatus. The ifAdminStatus 
match the UP in the <...>

> 
> Is the issue that ifAdminStatus is up for eth2 and eth3, but you want
> it to be down?

That's it. I never ask it to be in such state.

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/345OZ3DDR36GUJUU4LBIERUOFQ5PTJPX/


[ovirt-users] interface up when not used

2018-07-24 Thread Fabrice Bacchella
To monitoring the network interfaces, I have a script that check if 
ifAdminStatus and ifOperStatus values matches in snmp.

But with oVirt it fails on a server with 4 physical interfaces, but only two 
connected, and return an error:

snmptable XXX IF-MIB::ifTable | less
SNMP table: IF-MIB::ifTable

 ifIndex ifDescr ifAdminStatus ifOperStatus
   1  loup   up
   2eth0up   up
   3eth1up   up
   4eth2up down
   5eth3up down
  24 ;vdsmdummy;  down down
  25   vnet0up   up


And indeed on the server:

ip link show eth2
4: eth2:  mtu 1500 qdisc mq state DOWN mode 
DEFAULT group default qlen 1000
link/ether 40:a8:f0:30:81:1a brd ff:ff:ff:ff:ff:ff


It's up, but I don't configured it on oVirt, removed ifcg-eth2. Is there a way 
to disable it ?___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/EPEBBNM3MACG5SPKGPZIHXERWRWB6MHE/


[ovirt-users] Re: Is enabling Epel repo will break the installation?

2018-07-24 Thread Fabrice Bacchella
oVirt developpers are not big fan of epel anyway. So don't expect this 
situation to change soon.

To be sure that epel don't interfere in any way with oVirt epel, rather than 
excluding collected, I changed the priority of oVirt's epel:

in /etc/yum.repos.d/ovirt-4.2-dependencies.repo
[ovirt-4.2-epel]
...
priority=10

The default priority is 99, so whatever package ovirt choose to add in it, it 
will win other epel.


> Le 23 juil. 2018 à 15:33, Arman Khalatyan  a écrit :
> 
> Hello,
> As I remember some time ago the epel collectd was in conflict with the
> ovirt one.
> Is it still the case?
> Thanks,
> Arman.

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/2RWZTOKOAPQTHF7HKEPJ6FV5XZ6CE4LV/


[ovirt-users] Re: ovirt, postfix and sendmail

2018-07-06 Thread Fabrice Bacchella


> Le 6 juil. 2018 à 15:46, Sandro Bonazzola  a écrit :
> 
> 

> I pushed a change for 4.3 requiring server(smtp) instead of postfix. On EL7 
> server(smtp) resolves by default to postfix so nothing really change except 
> you can now install another MTA and remove postfix.
> On Fedora, server(smtp) resolves to exim but I added a Suggest clause pulling 
> in postfix if nothing provides server(smtp).
> 

Nice ! Thank you.


___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FPF3DAUYB2TQKGMFYAJLBGJI6U2V6FXF/


[ovirt-users] Re: ovirt, postfix and sendmail

2018-07-04 Thread Fabrice Bacchella


> Le 4 juil. 2018 à 11:03, Yedidyah Bar David  a écrit :
> 
> On Wed, Jul 4, 2018 at 11:04 AM, Fabrice Bacchella
>  wrote:
>> ovirt in version 4.2 choose to incorporate postfix as a mandatory MTA:
> 
> This was added in 4.0, AFAIU:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1301966
> 
> IMHO the bug is somewhat incorrect. HA sends its email using smtplib,
> which IIUC does not require a local /usr/sbin/sendmail . Indeed, the
> default is to send through 'localhost:25', and for this to work you
> need some MTA listening there. But admins might find it perfectly
> reasonable to not have any sendmail locally, although this is the unix
> tradition, and configure everything to send through a remote MTA.
> hosted-engine --deploy already asks about this, so should be easy to
> do there. Other common stuff, such as crond, also allow doing this. So
> ideally, if the admin accepts the default 'localhost:25', the script
> should try to connect there (perhaps also if user provides custom
> values?), and if it fails, or if the other side does not look like an
> MTA (e.g. does not accept a HELO or EHLO, not sure what's the best
> way), prompt, and if 'localhost', suggest to install some MTA. But
> email is a hard problem, not sure how complex we need to make the
> setup script...
> 
>> 
>> yum erase postfix
>> ...
>> Removing:
>> postfix x86_64
>> 2:2.10.1-6.el7@base 12 M
>> Removing for dependencies:
>> cockpit-ovirt-dashboard noarch
>> 0.11.28-1.el7 @ovirt-4.215 M
>> ovirt-host  x86_64
>> 4.2.3-1.el7   @ovirt-4.211 k
>> ovirt-hosted-engine-setup   noarch
>> 2.2.22.1-1.el7@ovirt-4.2   2.2 M
>> 
>> Is there a way to change that ? It's not about postfix being inferior or
>> superior to other solutions. It's that it didn't ask any thing, didn't check
>> if one was already installed. It's just installed.
>> 
>> For example:
>> rpm -q --provides postfix
>> MTA
>> config(postfix) = 2:2.10.1-6.el7
>> postfix = 2:2.10.1-6.el7
>> postfix(x86-64) = 2:2.10.1-6.el7
>> server(smtp)
>> smtpd
>> smtpdaemon
>> 
>> rpm -q --provides sendmail
>> MTA
>> config(sendmail) = 8.14.7-5.el7
>> sendmail = 8.14.7-5.el7
>> sendmail(x86-64) = 8.14.7-5.el7
>> server(smtp)
>> smtpdaemon
>> 
>> There is a lot of other dependencies to declare other than postfix, MTA
>> would have been better.
> 
> I agree, and suggest to open an RFE on ovirt-host (and elsewhere?
> didn't check) to change the Requires:.
> 
> Seems like the thing we want to require is 'server(smtp)':
> 
> https://fedoraproject.org/wiki/Features/ServerProvides
> 
> Best regards,

Done:

https://bugzilla.redhat.com/show_bug.cgi?id=1598085
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7ZFPH67MIQNWALAE4T2WXX3UVM6UAWSE/


[ovirt-users] Re: ovirt, postfix and sendmail

2018-07-04 Thread Fabrice Bacchella
>> 
>> 
>> There is a lot of other dependencies to declare other than postfix, MTA
>> would have been better.
> 
> I agree, and suggest to open an RFE on ovirt-host (and elsewhere?
> didn't check) to change the Requires:.
> 

ovirt-host have a lot of dependencies:
rpm -q --requires  ovirt-host
NetworkManager-config-server
cockpit
cockpit-dashboard
cockpit-machines-ovirt
cockpit-networkmanager
cockpit-ovirt-dashboard
dracut-fips
firewalld
glusterfs-rdma
ipa-client
katello-agent
mailx
net-snmp
net-snmp-utils
ovirt-host-dependencies = 4.2.3-1.el7
ovirt-hosted-engine-setup
ovirt-provider-ovn-driver
postfix
python-firewall
rng-tools
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
screen
sysstat
tcpdump
vdsm-hook-ethtool-options
vdsm-hook-fcoe
vdsm-hook-openstacknet
vdsm-hook-vfio-mdev
vdsm-hook-vhostmd
vdsm-hook-vmfex-dev

Many of thee are useless depending of your setup.
rng-tools, for example, but my hardware don't provides any of the needed random 
generators.
screen, tcpdump ? I'm quite surprised.
glusterfs-rdma, I'm not doing glusterfs, and I don't have any hardware to do 
rdma

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/O524TQERFSF36ZAXYFFMANMEH6247GCE/


[ovirt-users] Re: ovirt, postfix and sendmail

2018-07-04 Thread Fabrice Bacchella

> 
> 
> I agree, and suggest to open an RFE on ovirt-host (and elsewhere?
> didn't check) to change the Requires:.
> 

On what product:
https://bugzilla.redhat.com/enter_bug.cgi?classification=oVirt 


I don't know which one to choose.

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GCMLPZB2NU7NG7NO6OD2GSEFRGLQXC7D/


[ovirt-users] ovirt, postfix and sendmail

2018-07-04 Thread Fabrice Bacchella
ovirt in version 4.2 choose to incorporate postfix as a mandatory MTA:

yum erase postfix
...
Removing:
 postfix x86_64   
2:2.10.1-6.el7@base 12 M
Removing for dependencies:
 cockpit-ovirt-dashboard noarch   
0.11.28-1.el7 @ovirt-4.215 M
 ovirt-host  x86_64   
4.2.3-1.el7   @ovirt-4.211 k
 ovirt-hosted-engine-setup   noarch   
2.2.22.1-1.el7@ovirt-4.2   2.2 M

Is there a way to change that ? It's not about postfix being inferior or 
superior to other solutions. It's that it didn't ask any thing, didn't check if 
one was already installed. It's just installed.

For example:
rpm -q --provides postfix
MTA
config(postfix) = 2:2.10.1-6.el7
postfix = 2:2.10.1-6.el7
postfix(x86-64) = 2:2.10.1-6.el7
server(smtp)
smtpd
smtpdaemon

rpm -q --provides sendmail
MTA
config(sendmail) = 8.14.7-5.el7
sendmail = 8.14.7-5.el7
sendmail(x86-64) = 8.14.7-5.el7
server(smtp)
smtpdaemon

There is a lot of other dependencies to declare other than postfix, MTA would 
have been better.___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/74572PMISFPD7ODKXRLBBCA7IA5ATPZ7/


[ovirt-users] Re: oVirt 4.2 and CLI options

2018-06-03 Thread Fabrice Bacchella
Hi, I'm the author of ovirtcmd, so feel free to ask any questions.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/6QFF5YVFL2GGUZBFBZNYEDMMGTZQBOWF/


Re: [ovirt-users] Issues with ZFS volume creation

2018-04-03 Thread Fabrice Bacchella
Or try to create the vdev on the multipath devices, what does lsblk -s says ? 
It will show you the top level device to be used.

> Le 3 avr. 2018 à 10:53, Staniforth, Paul  a 
> écrit :
> 
> Hello Tal,
>  ZFS is probably detecting a partition table on the disks, 
> you could delete the partition tables on /dev/sda,/dev/sdb  ... etc, or you 
> could use the force option of ZFS create making sure they aren't mounted 
> somewhere.
> 
> Regards,
>Paul S.
> From: users-boun...@ovirt.org  on behalf of Tal 
> Bar-Or 
> Sent: 25 March 2018 15:54
> To: users
> Subject: [ovirt-users] Issues with ZFS volume creation
>  
> 
> Hello All,
> I know this question is might be out of Ovirt scope, but I don't have 
> anywhere else to ask for this issue (ZFS users mailing doesn't work), so I am 
> trying my luck here anyway
> so the issues go as follows :
> 
> Installed ZFS on top of CentOs 7.4 with Ovirt 4.2 , on physical Dell R720 
> with 15 sas  10 k 1.2TB each attached to PERC H310 adapter, disks are 
> configured to non-raid, all went OK, but when I am trying to create new zfs 
> pool using the following command:
>  
> zpool create -m none -o ashift=12 zvol raidz2 sda sdb sdc sdd sde sdf sdg sdh 
> sdi sdj sdk sdl sdm
> I get the following error below:
> /dev/sda is in use and contains a unknown filesystem.
> /dev/sdb is in use and contains a unknown filesystem.
> /dev/sdc is in use and contains a unknown filesystem.
> /dev/sdd is in use and contains a unknown filesystem.
> /dev/sde is in use and contains a unknown filesystem.
> /dev/sdf is in use and contains a unknown filesystem.
> /dev/sdg is in use and contains a unknown filesystem.
> /dev/sdh is in use and contains a unknown filesystem.
> /dev/sdi is in use and contains a unknown filesystem.
> /dev/sdj is in use and contains a unknown filesystem.
> /dev/sdk is in use and contains a unknown filesystem.
> /dev/sdl is in use and contains a unknown filesystem.
> /dev/sdm is in use and contains a unknown filesystem.
> 
> When typing command lsblk I get the following output below, all seems ok, any 
> idea what could be wrong?
> Please advice
> Thanks
> 
> # lsblk
> NAMEMAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
> sda   8:00  1.1T  0 disk
> └─35000cca07245c0ec 253:20  1.1T  0 mpath
> sdb   8:16   0  1.1T  0 disk
> └─35000cca072463898 253:10   0  1.1T  0 mpath
> sdc   8:32   0  1.1T  0 disk
> └─35000cca0724540e8 253:80  1.1T  0 mpath
> sdd   8:48   0  1.1T  0 disk
> └─35000cca072451b68 253:70  1.1T  0 mpath
> sde   8:64   0  1.1T  0 disk
> └─35000cca07245f578 253:30  1.1T  0 mpath
> sdf   8:80   0  1.1T  0 disk
> └─35000cca07246c568 253:11   0  1.1T  0 mpath
> sdg   8:96   0  1.1T  0 disk
> └─35000cca0724620c8 253:12   0  1.1T  0 mpath
> sdh   8:112  0  1.1T  0 disk
> └─35000cca07245d2b8 253:13   0  1.1T  0 mpath
> sdi   8:128  0  1.1T  0 disk
> └─35000cca07245f0e8 253:40  1.1T  0 mpath
> sdj   8:144  0  1.1T  0 disk
> └─35000cca072418958 253:50  1.1T  0 mpath
> sdk   8:160  0  1.1T  0 disk
> └─35000cca072429700 253:10  1.1T  0 mpath
> sdl   8:176  0  1.1T  0 disk
> └─35000cca07245d848 253:90  1.1T  0 mpath
> sdm   8:192  0  1.1T  0 disk
> └─35000cca0724625a8 253:00  1.1T  0 mpath
> sdn   8:208  0  1.1T  0 disk
> └─35000cca07245f5ac 253:60  1.1T  0 mpath
> 
> 
> -- 
> Tal Bar-or
> To view the terms under which this email is distributed, please go to:- 
> http://disclaimer.leedsbeckett.ac.uk/disclaimer/disclaimer.html
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] Problem with repo virtio-win-stable

2018-03-12 Thread Fabrice Bacchella
I'm trying to setup a local cache of the repository virtio-win-stable, using 
Sonatype's nexus3. But it's a little picky about content-type and this 
repository setup is not to it's taste:

it's says :
2018-03-12 15:47:21,025+0100 WARN  [qtp2016749412-36]  *UNKNOWN 
org.sonatype.nexus.repository.view.handlers.ExceptionHandler - Invalid content: 
GET 
/repodata/5048716d95c37bb6e0df68263c13daea16145384c34bd950dba45bf69e39ea98-primary.xml.gz:
 org.sonatype.nexus.repository.InvalidContentException: Detected content type 
[application/xml, application/x-xml, text/xml], but expected 
[application/x-gzip, application/gzip, application/x-tgz, 
application/gzip-compressed, application/gzipped, application/x-gunzip, 
application/x-gzip-compressed, gzip/document]: 
repodata/5048716d95c37bb6e0df68263c13daea16145384c34bd950dba45bf69e39ea98-primary.xml.gz

And indeed:

$ curl -JORLv 
https://fedorapeople.org/groups/virt/virtio-win/repo/stable/repodata/5048716d95c37bb6e0df68263c13daea16145384c34bd950dba45bf69e39ea98-primary.xml.gz

return:
< Content-Encoding: gzip
< Content-Type: text/plain; charset=UTF-8

The file content is right:
$ zless 
5048716d95c37bb6e0df68263c13daea16145384c34bd950dba45bf69e39ea98-primary.xml.gz

http://linux.duke.edu/metadata/common; 
xmlns:rpm="http://linux.duke.edu/metadata/rpm; packages="5">

For sac-gdeploy, I get:
$ curl -JORLv 
https://copr-be.cloud.fedoraproject.org/results/sac/gdeploy/epel-7-x86_64/repodata/0f79cb019e43ae53bda93bae802a611f1fb025859729da143c5459ca2b5590b6-primary.xml.gz
 

...
< Content-Type: application/x-gzip

This repository is the only one broken out of 14 I already setup, from Elastic, 
Postgres and other oVirt repositories.

With who should I get in touch to correct that problem ?

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] database restoration

2018-02-18 Thread Fabrice Bacchella


> Le 18 févr. 2018 à 08:05, Yedidyah Bar David <d...@redhat.com> a écrit :
> 
> On Fri, Feb 16, 2018 at 1:04 PM, Fabrice Bacchella
> <fabrice.bacche...@orange.fr <mailto:fabrice.bacche...@orange.fr>> wrote:
>> I'm running a restoration test and getting the following log generated by 
>> engine-backup --mode=restore:
> 
> Which version?

9.2, distribution package.

> 
> Did you also get any error on stdout/stderr, or only in the log?

Only the logs

> TL;DR no need to worry, can be ignored.
> ...

Thanks, looks good to me.



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] database restoration

2018-02-16 Thread Fabrice Bacchella
I'm running a restoration test and getting the following log generated by 
engine-backup --mode=restore:

pg_restore: [archiver (db)] Error while PROCESSING TOC:
pg_restore: [archiver (db)] Error from TOC entry 4274; 0 0 COMMENT EXTENSION 
plpgsql 
pg_restore: [archiver (db)] could not execute query: ERROR:  must be owner of 
extension plpgsql
Command was: COMMENT ON EXTENSION plpgsql IS 'PL/pgSQL procedural language';



pg_restore: WARNING:  no privileges could be revoked for "public"
pg_restore: WARNING:  no privileges could be revoked for "public"
pg_restore: WARNING:  no privileges were granted for "public"
pg_restore: WARNING:  no privileges were granted for "public"
WARNING: errors ignored on restore: 1

Do I need to worry, as this error is ignored ?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt CLI Question

2018-02-09 Thread Fabrice Bacchella


> Le 8 févr. 2018 à 09:44, Ondra Machacek  a écrit :
>> Is this project part of oVirt distro? It looks like in state of active
>> development with last updates 2 months ago.
>> https://github.com/fbacchella/ovirtcmd
> 
> No, it isn't part of oVirt distribution.
> 

It's my projet. Do you have any question about it ?

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Q: ext4 noatime/nidiratime for oVirt node mount points

2018-01-04 Thread Fabrice Bacchella
Both are no brainer to activate (noatime is a superset of nodiratime, see 
https://lwn.net/Articles/244941/) for every mount point, unless you really know 
why you need exact atime.

If you want to be super-safe, use relatime. You will get not-exact but usable 
atime, to know if a file was acceded after write.

More informations:
https://en.wikipedia.org/wiki/Stat_(system_call)#Criticism_of_atime


> Le 4 janv. 2018 à 12:46, andreil1  a écrit :
> 
> Hi !
> 
> Is it safe to turn on these options (noatime, nodiratime) in oVirt node fstab 
> for these mount points?
> /home
> /
> /tmp
> /var
> /var/log
> /var/log/audit
> 
> Node 4.2 installed on CentOS, not with node DVD.
> 
> Thanks.
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Configuring ilo4 on hp blade gen 9

2017-10-05 Thread Fabrice Bacchella
I have HP blades too (ProLiant BL460c Gen9). I have set the fencing to ilo4 and 
everything works fine.

Nothing special on the ilo side, just up to date firmware.

> Le 5 oct. 2017 à 09:53, Gianluca Cecchi  a écrit :
> 
> Hello,
> on 4.1.6 I'm configuring fencing on HP blades Gen9.
> It seems I'm able to use ilo_ssh as agent and that I have only to set 22 as 
> the port and ssh=1 in options 
> 
> Question: why ssh=1??? the agent is named ilo_ssh shouldn't be obvious???
> The same form command line I MUST set -x even if I use fence_ilo_ssh command
> 
> Nevertheless, this way I get successful test
> 
> Sometimes I don't get the same result if I run from shell eg:
> 
> fence_ilo_ssh -a ilo_ip -l fenceuser -S /usr/local/bin/my_fence_script.sh -x 
> -o status 
> 
> I get sometimes:
> Unable to connect/login to fencing device
> 
> I think it could be some sort of delay timeout.
> In fence_ilo_ssh I see these kinds of timeouts in help
> 
>--power-timeout=[seconds]  Test X seconds for status change after 
> ON/OFF
>--shell-timeout=[seconds]  Wait X seconds for cmd prompt after issuing 
> command
>--login-timeout=[seconds]  Wait X seconds for cmd prompt after login
>--power-wait=[seconds] Wait X seconds after issuing ON/OFF
>--delay=[seconds]  Wait X seconds before fencing is started
> 
> How do they map with gui settings options in case I would use some of them?
> 
> Also, how do I map the command line option
> 
> -4, --inet4-only
> 
> Perhaps inet4_only=1 ?
> 
> I see that 
> 
> ssh=1,inet4_only=1 
> works
> 
> but also
> ssh=1,inet4_only=1,foo=1
> works
> 
> So it is not a reliable test to verify syntax...
> 
> All in all do you think it is the best agent for ilo4 based blades?
> I have made some test with fence_ilo4 but unable to get success... what 
> should I enable on ilo web administration page in this case, if you think the 
> agent would be better for any reason?
> 
> Thanks,
> Gianluca
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] epel and collectd

2017-09-13 Thread Fabrice Bacchella

> Le 13 sept. 2017 à 10:39, Sandro Bonazzola  a écrit :
> 
>  In general, I still consider EPEL harmful so just dropped the part related 
> to collectd. 
> 

What kind of problems do you have with it ?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] epel and collectd

2017-09-12 Thread Fabrice Bacchella
In the releases notes, even for the 4.6 rc, I see:

https://www.ovirt.org/release/4.1.6/
...
OpsTools currently includes collectd 5.7.0, and the write_http plugin is 
packaged separately.

But if I check the current state:
yum list collectd-write_http collectd
...
collectd.x86_64 
5.7.2-1.el7 
 @centos-opstools-release
collectd-write_http.x86_64  
5.7.2-1.el7 
 @centos-opstools-release

So I think the warning is not needed any more. One can uses both ovirt and epel 
without any special check.

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] automatic creation of single host cluster

2017-08-23 Thread Fabrice Bacchella

> Le 23 août 2017 à 15:52, Yaniv Kaul <yk...@redhat.com> a écrit :
> 
> 
> 
> On Wed, Aug 23, 2017 at 1:11 PM, Fabrice Bacchella 
> <fabrice.bacche...@orange.fr <mailto:fabrice.bacche...@orange.fr>> wrote:
> I'm still playing with my sdk4 python wrapper 
> (https://github.com/fbacchella/ovirtcmd 
> <https://github.com/fbacchella/ovirtcmd>).
> 
> In the last update, I tried to make writing of custom script simpler.
> 
> As an example, i wrote a wrapper for single node cluster installation.
> 
> I have a bunch of old ProLiant DL185 G5. I configured them to be single-node 
> cluster. I create two disks on them, one will be system, the second on will 
> be directly used by oVirt, without a file system on it. Three VLAN are added 
> to the server. It used with:
> 
> ovcmd eval -v host_name $hostname samples/single_node_cluster.py
> 
> The code for this script is found at 
> https://github.com/fbacchella/ovirtcmd/blob/master/samples/single_node_cluster.py
>  
> <https://github.com/fbacchella/ovirtcmd/blob/master/samples/single_node_cluster.py>
> 
> 
> Thanks for sharing. I quite like ovlib.
> How do you pass parameters to the script?

It's prepared in the variables of the eval. The argument -v host_name $hostname 
create a variable called hostname with value $hostname that will be global for 
the script.

> 
> Lastly, I wonder how it compares to oVirt Ansible roles[1].

I don't know, I'm not a ansible user, we're running on puppet.

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] automatic creation of single host cluster

2017-08-23 Thread Fabrice Bacchella
I'm still playing with my sdk4 python wrapper 
(https://github.com/fbacchella/ovirtcmd).

In the last update, I tried to make writing of custom script simpler.

As an example, i wrote a wrapper for single node cluster installation.

I have a bunch of old ProLiant DL185 G5. I configured them to be single-node 
cluster. I create two disks on them, one will be system, the second on will be 
directly used by oVirt, without a file system on it. Three VLAN are added to 
the server. It used with:

ovcmd eval -v host_name $hostname samples/single_node_cluster.py

The code for this script is found at 
https://github.com/fbacchella/ovirtcmd/blob/master/samples/single_node_cluster.py


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] broken authz

2017-08-21 Thread Fabrice Bacchella
Since a few days, I can't connect any more to ovirt. I'm using an ldap authz.

In the log I see:
2017-08-21 11:41:56,513+01 DEBUG 
[org.ovirt.engineextensions.aaa.ldap.Framework] (default task-14) [] Creating 
SearchRequest
2017-08-21 11:41:56,514+01 DEBUG 
[org.ovirt.engineextensions.aaa.ldap.Framework] (default task-14) [] 
SearchRequest: SearchRequest(baseDN='CN=Partitions,', scope=SUB, deref=NEVER, 
sizeLimit=0, timeLimit=0, 
filter='&(objectClass=crossRef)(nCName=)(nETBIOSName=*)', attrs={nCName, 
dnsRoot})
2017-08-21 11:41:56,514+01 DEBUG 
[org.ovirt.engineextensions.aaa.ldap.Framework] (default task-14) [] 
getConnectionPoolEntry Entry name='authz', dn='CN=Partitions,'
2017-08-21 11:41:56,514+01 DEBUG 
[org.ovirt.engineextensions.aaa.ldap.Framework] (default task-14) [] Sequence 
ad-open-vars default domain failed due to exception: Unexpected comma or 
semicolon found at the end of the DN string.
2017-08-21 11:41:56,514+01 DEBUG 
[org.ovirt.engineextensions.aaa.ldap.Framework] (default task-14) [] Exception 
during sequence: LDAPException(resultCode=34 (invalid DN syntax), 
errorMessage='Unexpected comma or semicolon found at the end of the DN string.')
at com.unboundid.ldap.sdk.DN.(DN.java:629) 
[unboundid-ldapsdk.jar:3.2.0]
at com.unboundid.ldap.sdk.DN.normalize(DN.java:1483) 
[unboundid-ldapsdk.jar:3.2.0]
at com.unboundid.ldap.sdk.DN.normalize(DN.java:1460) 
[unboundid-ldapsdk.jar:3.2.0]
at 
org.ovirt.engineextensions.aaa.ldap.Framework.getDNDomainComponent(Framework.java:235)
 [ovirt-engine-extension-aaa-ldap.jar:]
at 
org.ovirt.engineextensions.aaa.ldap.Framework.getConnectionPoolEntry(Framework.java:827)
 [ovirt-engine-extension-aaa-ldap.jar:]


Indeed it's looking for 'CN=Partitions,'. But that's not in my ovirt's 
configuration. So it's must be coming from AD. But I was unable to find it. I 
think I will need it to report it to my AD admins.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Need some help understanding memory allocation

2017-08-11 Thread Fabrice Bacchella
What does /proc/meminfo says ?

Memory usage is a complex thing.

> Le 10 août 2017 à 23:23, Wesley Stewart  a écrit :
> 
> I am a little confused on why my CentOS box is using so much RAM.  I 
> currently have a small test setup which only has 12GB of ram total.
> 
> When I log into the administrative interface it tells me:
> 
> Memory
> 
> 4.3
> Available
> of 15.5 GiB 
> Over commit: 39% (allocated 45%)
> 
> 11.1 GB Used
> 
> Currently I am only running 3 VMs with memory allocations as follows:
> 
> Defined Memory:
> 1024 MB
> Physical Memory Guaranteed:
> 1024 MB
> 
> Defined Memory:
> 3072 MB
> Physical Memory Guaranteed:
> 3072 MB
> 
> Defined Memory:
> 2048 MB
> Physical Memory Guaranteed:
> 2048 MB
> Or 6144MB used by VM
> 
> If I SSH into my ovirt host, and run TOP and sort by memory, the top usage 
> items are:
> 31896 qemu  21.5% 727:21.44 qemu-kvm
>  6008 qemu14.6% 190:33.70 qemu-kvm
>  3019 ovirt13.6%  35:47.64 java
>  5800 qemu 8.5% 784:26.88 qemu-kvm
>  2565 ovirt3.9%  62:58.00 java
> 
> Everything else is pretty small compared, but for the OVIRT/QEMU we roughly 
> get
> Total: 62% = 7.45GB
> 
> So I am a bit confused as to the Ram being reported to me by the system 
> (15.5GGB, but the system only has 12GB), and assuming OVIRT is using around 
> 7-8GB, does a bare minimal install of CentOS really need 4-5GB of Ram to run?
> 
> This is a bare minimal install of CentOS7 running only Webmin and oVirt.  I 
> think there are several things I don't understand here, and I am quite new to 
> oVirt and would like to learn, so please excuse my inexperience if this is a 
> silly question!
> 
> Thanks either way, I am really happy I ditched my ESXi box :D
> 
> 
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] installation of hosts using public key

2017-08-10 Thread Fabrice Bacchella
Done :
https://bugzilla.redhat.com/show_bug.cgi?id=1480213

> Le 10 août 2017 à 10:49, Oved Ourfali <oourf...@redhat.com> a écrit :
> 
> Thanks Fabrice.
> It is probably as a result of the UI redesign.
> We're still fixing issues in the UI.
> Can you open a bug on this issue, attach the relevant screenshots and etc? 
> Please also put UX as the oVirt team.
> 
> Thanks,
> Oved
> 
> On Thu, Aug 10, 2017 at 11:10 AM, Fabrice Bacchella 
> <fabrice.bacche...@orange.fr <mailto:fabrice.bacche...@orange.fr>> wrote:
> This method of connection to host for installation don't seems be treated as 
> a first class citizen.
> 
> The UI is broken on Safari and Firefox, it only works on Chrome:
> 
> Safari:
> 
> 
> Firefox:
> 
> 
> Chrome:
> 
> 
> On my Mac, Chrome is the only browser that display it. It's a very old bug.
> 



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] installation of hosts using public key

2017-08-10 Thread Fabrice Bacchella

> Le 10 août 2017 à 10:52, Ondra Machacek  a écrit :
> 
> 

> Creates a new host. The host is created based on the attributes of the host 
> parameter. The name, address and root_password properties are required.
> 
> But what to do if I don't have a root password to give ?
> 
> It's just true/false, you can't specify which key to use, it's using the 
> default one:
> 
> types.Host(
>   ssh=types.Ssh(
>authentication_method=types.SshAuthenticationMethod.PUBLICKEY,
>   ),
>   ...
> )
> 

I tried, it works.

But it's strange, because then, root_password which is mandatory, can be filled 
with None. So why it should be mandatory ?

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] How to extract root ssh

2017-08-10 Thread Fabrice Bacchella

> Le 10 août 2017 à 07:51, Yedidyah Bar David <d...@redhat.com> a écrit :
> 
> On Wed, Aug 9, 2017 at 5:27 PM, Fabrice Bacchella
> <fabrice.bacche...@orange.fr> wrote:
>> 
>>> Le 9 août 2017 à 16:03, Yedidyah Bar David <d...@redhat.com> a écrit :
>>> 
>>> On Wed, Aug 9, 2017 at 4:35 PM, Fabrice Bacchella
>>> <fabrice.bacche...@orange.fr> wrote:
>>>> oVirt own a private ssh keys that it can use to do remote installation on
>>>> host, instead of using a password. But I didn't found at
>>>> https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html/rest_api_guide/
>>>> how to find it's public key. Where can I found it ?
>>> 
>>> For the public key, see:
>>> 
>>> http://www.ovirt.org/develop/release-management/features/infra/pki/#services
>>> 
>>> Not sure if it's part of the API, or if it should be - adding Juan.
>> 
>> I'm writing code to create automatically datacenter/cluster/host, without 
>> storing the root password in scripts.
> 
> How do you provision your hosts? If using pxe or cloud-init or
> something like that, you can arrange to add a public key to the
> authorized keys during installation, and then you can use the matching
> private key later on for management, with no relation to oVirt.

I have no problem putting it in hosts, they are prepared using puppet, and the 
public key is pushed at this time.

> 
>> Having a way to have the sdk automatically get it would be nice. Having a 
>> known URL is good enough, but it it's not obvious to find it.
> 
> Doc patches/Blog posts/etc. are welcome :-)

A simple service like /api/pki-resource that does the same thing that  
/ovirt-engine/services/pki-resource?resource=RESOURCE=FORMAT would make 
finding it much easier. It could simply send a redirect or wrap the content.

Code using the sdk already have all the http connexion stuff prepared, it juste 
another sdk call. Calling /ovirt-engine/services/pki-resource make writing 
custom code mandatory.


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] How to extract root ssh

2017-08-09 Thread Fabrice Bacchella

> Le 9 août 2017 à 16:03, Yedidyah Bar David <d...@redhat.com> a écrit :
> 
> On Wed, Aug 9, 2017 at 4:35 PM, Fabrice Bacchella
> <fabrice.bacche...@orange.fr> wrote:
>> oVirt own a private ssh keys that it can use to do remote installation on
>> host, instead of using a password. But I didn't found at
>> https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html/rest_api_guide/
>> how to find it's public key. Where can I found it ?
> 
> For the public key, see:
> 
> http://www.ovirt.org/develop/release-management/features/infra/pki/#services
> 
> Not sure if it's part of the API, or if it should be - adding Juan.

I'm writing code to create automatically datacenter/cluster/host, without 
storing the root password in scripts. Having a way to have the sdk 
automatically get it would be nice. Having a known URL is good enough, but it 
it's not obvious to find it.

The resource is missing content-disposition, and the date is not optimal:

$ curl -JORLkv 
'https:///ovirt-engine/services/pki-resource?format=OPENSSH-PUBKEY=engine-certificate'
< HTTP/1.1 200 OK
< Date: Wed, 09 Aug 2017 14:22:49 GMT
< Server: Apache
< Set-Cookie: locale=en_US; path=/; HttpOnly; Max-Age=2147483647; Expires=Mon, 
27-Aug-2085 17:36:56 GMT
< Content-Type: text/plain; charset=ISO-8859-1
< Content-Length: 394

$ls 
...
pki-resource\?format\=OPENSSH-PUBKEY\\=engine-certificate 

See curl(1)

   -J, --remote-header-name
  (HTTP)  This  option tells the -O, --remote-name option to use 
the server-specified Content-Disposition filename instead of extracting a
  filename from the URL.

  If the server specifies a file name and a file with that name 
already exists in the current working directory it will not be overwritten
  and an error will occur. If the server doesn't specify a file 
name then this option has no effect.

  There's  no  attempt  to  decode %-sequences (yet) in the 
provided file name, so this option may provide you with rather unexpected file
  names.

  WARNING: Exercise judicious use of this option, especially on 
Windows. A rogue server could send you the name of a  DLL  or  other  file
  that could possibly be loaded automatically by Windows or some 
third party software.

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] How to extract root ssh

2017-08-09 Thread Fabrice Bacchella
oVirt own a private ssh keys that it can use to do remote installation on host, 
instead of using a password. But I didn't found at 
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html/rest_api_guide/
 

 how to find it's public key. Where can I found it ?

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Users Digest, Vol 71, Issue 37

2017-08-08 Thread Fabrice Bacchella

> Le 8 août 2017 à 14:53, Moacir Ferreira  a écrit :
> 
> But if you receive a 9000 MTU frame on an "input" interface that results 
> sending it out on an interface of a 1500 MTU, then if you set DF bit the 
> frame will just be dropped by the router.

The frame will be dropped and the router will send an ICMP message "packet to 
big" to the sender, it's network stack will received that, learn that the PMTU 
is lower and try with smaller fragment, see 
https://en.wikipedia.org/wiki/Path_MTU_Discovery.

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Good practices

2017-08-08 Thread Fabrice Bacchella

> Le 8 août 2017 à 15:24, FERNANDO FREDIANI  a écrit 
> :
> 
> That's something on the way RAID works, regardless what most 'super-ultra' 
> powerfull hardware controller you may have. RAID 5 or 6 will never have the 
> same write performance as a RAID 10 o 0 for example. Writeback caches can 
> deal with bursts well but they have a limit therefore there will always be a 
> penalty compared to what else you could have.

Hardware RAID5/6 can have better performance with quite common hardware that 
software RAID0. I have seen many time on on even old servers that write latency 
(hitting the cache) was smaller that read latency that was going directly to 
the disk. I'm not talking about 'super-ultra' powerfull hardware. An HP Smart 
Array P440ar with 2 GB flash is sell at 560€, public price. Not cheap, but not 
ultra powerfull.

It's now a matter of identifying the bootle neck, and how much money you can 
throw at it.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Users Digest, Vol 71, Issue 37

2017-08-08 Thread Fabrice Bacchella
The border router will do like any other router on the world. If the DF bit is 
set (common case) or if it's IPv6, it will not fragment but send an ICMP.

> Le 8 août 2017 à 13:34, Moacir Ferreira <moacirferre...@hotmail.com> a écrit :
> 
> True! But in some point of the network it may be necessary to make the MTU 
> 1500. For example, if your data need to cross the Internet. The border router 
> in between your LAN and the Internet will have to fragment a large frame back 
> to a normal one to send it over the Internet. This router will just "die" if 
> you have a heavy load. 
> 
> Moacir
> 
> From: Fabrice Bacchella <fabrice.bacche...@orange.fr 
> <mailto:fabrice.bacche...@orange.fr>>
> Sent: Tuesday, August 8, 2017 12:23 PM
> To: Moacir Ferreira
> Cc: users@ovirt.org <mailto:users@ovirt.org>
> Subject: Re: [ovirt-users] Users Digest, Vol 71, Issue 37
>  
> 
>> Le 8 août 2017 à 11:49, Moacir Ferreira <moacirferre...@hotmail.com 
>> <mailto:moacirferre...@hotmail.com>> a écrit :
>> 
>> This is by far more complex. A good NIC will have an offload engine (LSO - 
>> Large Segment Offload) and, if so, the NIC driver will report a MTU of 64K 
>> to the IP stack. The IP stack will then send data to the NIC as if the MTU 
>> were 64K and the NIC will fragment it to the size of the "declared" MTU on 
>> the interface so PMTUD will not be efficient in such scenario. If all this 
>> takes place in the server, then you get no problem. But if a standard router 
>> is configured to support 9K jumbo frame in one interface (i.e.: LAN 
>> connection) and 1500 in another (i.e.: WAN connection) then the router will 
>> be responsible for the fragmentation.
> 
> That's happen only if the bit don't fragment is not set, otherwise router are 
> not allowed to do that and send back a "packet to big" ICMP, it's called path 
> mtu discovery. To my knowledge, it's usually set, and even mandatory on IPv6.

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Users Digest, Vol 71, Issue 37

2017-08-08 Thread Fabrice Bacchella

> Le 8 août 2017 à 11:49, Moacir Ferreira  a écrit :
> 
> This is by far more complex. A good NIC will have an offload engine (LSO - 
> Large Segment Offload) and, if so, the NIC driver will report a MTU of 64K to 
> the IP stack. The IP stack will then send data to the NIC as if the MTU were 
> 64K and the NIC will fragment it to the size of the "declared" MTU on the 
> interface so PMTUD will not be efficient in such scenario. If all this takes 
> place in the server, then you get no problem. But if a standard router is 
> configured to support 9K jumbo frame in one interface (i.e.: LAN connection) 
> and 1500 in another (i.e.: WAN connection) then the router will be 
> responsible for the fragmentation.

That's happen only if the bit don't fragment is not set, otherwise router are 
not allowed to do that and send back a "packet to big" ICMP, it's called path 
mtu discovery. To my knowledge, it's usually set, and even mandatory on IPv6.

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Good practices

2017-08-08 Thread Fabrice Bacchella

> Le 8 août 2017 à 08:50, Yaniv Kaul  a écrit :
> 

> Storage is usually the slowest link in the chain. I personally believe that 
> spending the money on NVMe drives makes more sense than 40Gb (except [1], 
> which is suspiciously cheap!)
> 
> Y.
> [1] http://a.co/4hsCTqG 

http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04374078

It's supported on old Gen8 servers (G10 is comming). It must be coming from an 
attic.


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Good practices

2017-08-08 Thread Fabrice Bacchella

> Le 8 août 2017 à 04:08, FERNANDO FREDIANI  a écrit 
> :

> Even if you have a Hardware RAID Controller with Writeback cache you will 
> have a significant performance penalty and may not fully use all the 
> resources you mentioned you have.
> 

Nope again,from my experience with HP Smart Array and write back cache, write, 
that goes in the cache, are even faster that read that must goes to the disks. 
of course if the write are too fast and to big, they will over overflow the 
cache. But on todays controller they are multi-gigabyte cache, you must write a 
lot to fill them. And if you can afford 40Gb card, you can afford decent 
controller.



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Good practices

2017-08-07 Thread Fabrice Bacchella
>> Moacir: Yes! This is another reason to have separate networks for 
>> north/south and east/west. In that way I can use the standard MTU on the 
>> 10Gb NICs and jumbo frames on the file/move 40Gb NICs.

Why not Jumbo frame every where ?___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Good practices

2017-08-07 Thread Fabrice Bacchella

> Le 7 août 2017 à 17:41, FERNANDO FREDIANI  a écrit 
> :
> 

> Yet another downside of having a RAID (specially RAID 5 or 6) is that it 
> reduces considerably the write speeds as each group of disks will end up 
> having the write speed of a single disk as all other disks of that group have 
> to wait for each other to write as well.
> 

That's not true if you have medium to high range hardware raid. For example, HP 
Smart Array come with a flash cache of about 1 or 2 Gb that hides that from the 
OS.___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] mirror

2017-07-18 Thread Fabrice Bacchella

> Le 18 juil. 2017 à 12:10, Barak Korren <bkor...@redhat.com> a écrit :
> 
> On 18 July 2017 at 12:57, Fabrice Bacchella <fabrice.bacche...@orange.fr> 
> wrote:
>> I'm reading https://www.ovirt.org/develop/infra/repository-mirrors/
>> 
>> It says:
>> 
>> You'll find in resources.ovirt.org a user named mirror
>> 
>> I'm looking at http://resources.ovirt.org and don't see anything about that 
>> user. Where should I look ?
> 
> These are instructions for members of the oVirt infra team, with ssh
> access to resources.ovirt.org.
> 
> If you want to host a public oVirt mirror, please send a request to
> infra-support.ovirt.org with an SSH public key of the mirror server
> attached and someone from infra will contact you with instructions on
> how to proceed.
> 

I can't host a public mirror, but I was thinking more about hosting a private 
mirror using rsync instead of ftp/http to get content.

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] mirror

2017-07-18 Thread Fabrice Bacchella
I'm reading https://www.ovirt.org/develop/infra/repository-mirrors/

It says:

You'll find in resources.ovirt.org a user named mirror

I'm looking at http://resources.ovirt.org and don't see anything about that 
user. Where should I look ?

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] ovirt can't find user

2017-07-09 Thread Fabrice Bacchella
Done in : https://bugzilla.redhat.com/show_bug.cgi?id=1468878.

> Le 7 juil. 2017 à 13:51, Ondra Machacek <omach...@redhat.com> a écrit :
> 
> On Tue, Jul 4, 2017 at 6:05 PM, Fabrice Bacchella
> <fabrice.bacche...@orange.fr> wrote:
>> 
>>> Le 1 juil. 2017 à 09:09, Fabrice Bacchella <fabrice.bacche...@orange.fr> a 
>>> écrit :
>>> 
>>> 
>>>> Le 30 juin 2017 à 23:25, Ondra Machacek <omach...@redhat.com> a écrit :
>>>> 
>>>> On Thu, Jun 29, 2017 at 5:16 PM, Fabrice Bacchella
>>>> <fabrice.bacche...@orange.fr> wrote:
>>>>> 
>>>>>> Le 29 juin 2017 à 14:42, Fabrice Bacchella <fabrice.bacche...@orange.fr> 
>>>>>> a écrit :
>>>>>> 
>>>>>> 
>>>>>>> Le 29 juin 2017 à 13:41, Ondra Machacek <omach...@redhat.com> a écrit :
>>>>>>> 
>>>>>>> How do you login? Do you use webadmin or API/SDK, if using SDK, don't
>>>>>>> you use kerberos=True?
>>>>>> 
>>>>>> Ok, got it.
>>>>>> It's tested with the sdk, using kerberos. But Kerberos authentication is 
>>>>>> done in Apache and I configure a profile for that, so I needed to add: 
>>>>>> config.artifact.arg = X-Remote-User in my 
>>>>>> /etc/ovirt-engine/extensions.d/MyProfile.authn.properties. But this is 
>>>>>> missing from internal-authn.properties. So rexecutor@internal  is 
>>>>>> checked with my profil, and not found. But as the internal profil don't 
>>>>>> know about X-Remote-User, it can't check the user and fails silently. 
>>>>>> That's why I'm getting only one line. Perhaps the log line should have 
>>>>>> said the extensions name that was failing, not the generic "External 
>>>>>> Authentication" that did'nt caught my eye.
>>>>>> 
>>>>>> I will check that as soon as I have a few minutes to spare and tell you.
>>>>> 
>>>>> I'm starting to understand. I need two authn modules, both using 
>>>>> org.ovirt.engineextensions.aaa.misc.http.AuthnExtension but with a 
>>>>> different authz.plugin. Is that possible ? If I do what, in what order 
>>>>> the different Authn will be tried ? Are they all tried until one succeed  
>>>>> both authn and authz ?
>>>>> 
>>>> 
>>>> Yes you can have multiple authn profiles and it tries to login until
>>>> one succeed:
>>>> 
>>>> https://github.com/oVirt/ovirt-engine/blob/de46aa78f3117cbe436ab10926ac0c23fcdd7cfc/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/NegotiationFilter.java#L125
>>>> 
>>>> The order isn't guaranteed, but I think it's not important, or is it for 
>>>> you?
>>> 
>>> I'm not sure. As I need two 
>>> org.ovirt.engineextensions.aaa.misc.http.AuthnExtension, the authentication 
>>> will always succeed. It's the auhtz that fails as user as either in one 
>>> backend or the other. So if ExtMap output = profile.getAuthn().invoke(..) 
>>> calls the authz part I will be fine.
>>> 
>> 
>> I think it's not possible to have 2 
>> org.ovirt.engineextensions.aaa.misc.http.AuthnExtension with different authz.
>> 
>> The first authz ldap based backend is tried and return:
>> 2017-07-04 17:50:25,711+02 DEBUG 
>> [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (default task-2) [] 
>> Exception: java.lang.RuntimeException: Cannot resolve principal 'rexecutor'
>>at 
>> org.ovirt.engineextensions.aaa.ldap.AuthzExtension.doFetchPrincipalRecord(AuthzExtension.java:579)
>>  [ovirt-engine-extension-aaa-ldap.jar:]
>>at 
>> org.ovirt.engineextensions.aaa.ldap.AuthzExtension.invoke(AuthzExtension.java:478)
>>  [ovirt-engine-extension-aaa-ldap.jar:]
>>at 
>> org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:49)
>>at 
>> org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:73)
>>at 
>> org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109)
>>at 
>> org.ovirt.engine.core.sso.utils.NegotiateAuthUtils.doAuth(NegotiateAuthUtils.java:122)
>>at 
>> org.ovirt.engine.core.sso.utils.NegotiateAuthUtils.doAuth(NegotiateAuthUtils.java:68)
>>at 

Re: [ovirt-users] user permissions

2017-07-07 Thread Fabrice Bacchella
OK, I remember having seen that. But it slip out of my mind. Thanks

> Le 7 juil. 2017 à 13:43, Ondra Machacek <omach...@redhat.com> a écrit :
> 
> Please read the description of this commit:
> 
> https://gerrit.ovirt.org/#/c/74173/
> 
> Change the value of property 'ENGINE_API_FILTER_BY_DEFAULT' to true,
> and it will work, if you use 4.1.1.
> 
> 
> On Wed, Jul 5, 2017 at 5:55 PM, Fabrice Bacchella
> <fabrice.bacche...@orange.fr> wrote:
>> I'm trying to give a user the permissions to stop/start a specific server.
>> 
>> This user is given the generic UserRole for the System.
>> 
>> I tried to give him the roles :
>> UserVmManager
>> UserVmRunTimeManager
>> UserInstanceManager
>> InstanceCreator
>> UserRole
>> 
>> for that specific VM, I always get: query execution failed due to 
>> insufficient permissions.
>> 
>> As soon as I give him the SuperUser role, he can stop/start it.
>> 
>> What role should I give him for that VM ? I don't want to give the privilege 
>> to destroy the vm, or add disks. But he should be able to change the os 
>> settings too.
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] ovirt can't find user

2017-07-07 Thread Fabrice Bacchella
Ok.

> Le 7 juil. 2017 à 13:51, Ondra Machacek <omach...@redhat.com> a écrit :
> 
> On Tue, Jul 4, 2017 at 6:05 PM, Fabrice Bacchella
> <fabrice.bacche...@orange.fr> wrote:
>> 
>>> Le 1 juil. 2017 à 09:09, Fabrice Bacchella <fabrice.bacche...@orange.fr> a 
>>> écrit :
>>> 
>>> 
>>>> Le 30 juin 2017 à 23:25, Ondra Machacek <omach...@redhat.com> a écrit :
>>>> 
>>>> On Thu, Jun 29, 2017 at 5:16 PM, Fabrice Bacchella
>>>> <fabrice.bacche...@orange.fr> wrote:
>>>>> 
>>>>>> Le 29 juin 2017 à 14:42, Fabrice Bacchella <fabrice.bacche...@orange.fr> 
>>>>>> a écrit :
>>>>>> 
>>>>>> 
>>>>>>> Le 29 juin 2017 à 13:41, Ondra Machacek <omach...@redhat.com> a écrit :
>>>>>>> 
>>>>>>> How do you login? Do you use webadmin or API/SDK, if using SDK, don't
>>>>>>> you use kerberos=True?
>>>>>> 
>>>>>> Ok, got it.
>>>>>> It's tested with the sdk, using kerberos. But Kerberos authentication is 
>>>>>> done in Apache and I configure a profile for that, so I needed to add: 
>>>>>> config.artifact.arg = X-Remote-User in my 
>>>>>> /etc/ovirt-engine/extensions.d/MyProfile.authn.properties. But this is 
>>>>>> missing from internal-authn.properties. So rexecutor@internal  is 
>>>>>> checked with my profil, and not found. But as the internal profil don't 
>>>>>> know about X-Remote-User, it can't check the user and fails silently. 
>>>>>> That's why I'm getting only one line. Perhaps the log line should have 
>>>>>> said the extensions name that was failing, not the generic "External 
>>>>>> Authentication" that did'nt caught my eye.
>>>>>> 
>>>>>> I will check that as soon as I have a few minutes to spare and tell you.
>>>>> 
>>>>> I'm starting to understand. I need two authn modules, both using 
>>>>> org.ovirt.engineextensions.aaa.misc.http.AuthnExtension but with a 
>>>>> different authz.plugin. Is that possible ? If I do what, in what order 
>>>>> the different Authn will be tried ? Are they all tried until one succeed  
>>>>> both authn and authz ?
>>>>> 
>>>> 
>>>> Yes you can have multiple authn profiles and it tries to login until
>>>> one succeed:
>>>> 
>>>> https://github.com/oVirt/ovirt-engine/blob/de46aa78f3117cbe436ab10926ac0c23fcdd7cfc/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/NegotiationFilter.java#L125
>>>> 
>>>> The order isn't guaranteed, but I think it's not important, or is it for 
>>>> you?
>>> 
>>> I'm not sure. As I need two 
>>> org.ovirt.engineextensions.aaa.misc.http.AuthnExtension, the authentication 
>>> will always succeed. It's the auhtz that fails as user as either in one 
>>> backend or the other. So if ExtMap output = profile.getAuthn().invoke(..) 
>>> calls the authz part I will be fine.
>>> 
>> 
>> I think it's not possible to have 2 
>> org.ovirt.engineextensions.aaa.misc.http.AuthnExtension with different authz.
>> 
>> The first authz ldap based backend is tried and return:
>> 2017-07-04 17:50:25,711+02 DEBUG 
>> [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (default task-2) [] 
>> Exception: java.lang.RuntimeException: Cannot resolve principal 'rexecutor'
>>at 
>> org.ovirt.engineextensions.aaa.ldap.AuthzExtension.doFetchPrincipalRecord(AuthzExtension.java:579)
>>  [ovirt-engine-extension-aaa-ldap.jar:]
>>at 
>> org.ovirt.engineextensions.aaa.ldap.AuthzExtension.invoke(AuthzExtension.java:478)
>>  [ovirt-engine-extension-aaa-ldap.jar:]
>>at 
>> org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:49)
>>at 
>> org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:73)
>>at 
>> org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109)
>>at 
>> org.ovirt.engine.core.sso.utils.NegotiateAuthUtils.doAuth(NegotiateAuthUtils.java:122)
>>at 
>> org.ovirt.engine.core.sso.utils.NegotiateAuthUtils.doAuth(NegotiateAuthUtils.java:68)
>>at 
>> org.ovirt.engine.core.sso.utils.NonInteractiveAuth$2.doAuth(NonInteractiveAuth.

Re: [ovirt-users] user permissions

2017-07-06 Thread Fabrice Bacchella
It's getting stranger. I have written code to dump roles and permits for a 
given user.

./ovcmd user -n rexecutor roles | gsort -V
...
has role 'InstanceCreator' on vm 'fa42'
has role 'UserInstanceManager' on vm 'fa42'
has role 'UserRole' on vm 'fa42'
has role 'UserVmManager' on vm 'fa42'
has role 'UserVmRunTimeManager' on vm 'fa42'

So no super-user role for that VM.

./ovcmd user -n rexecutor permits
...
vm/fa42:
  add_users_and_groups_from_directory
  assign_cpu_profile
  attach_disk
  change_vm_cd
  configure_vm_network
  configure_vm_storage
  connect_to_vm
  create_disk
  create_vm
  delete_disk
  delete_vm
  edit_disk_properties
  edit_vm_properties
  hibernate_vm
  login
  manipulate_permissions
  reboot_vm
  run_vm
  shut_down_vm
  sparsify_disk
  stop_vm

./ovcmd  -u rexecutor@internal --passwordfile=/tmp/passwordfile vm -n fa42 stop
The action "vm stop" failed with: query execution failed due to insufficient 
permissions.

The role has the stop_vm but it can't stop it.

Now I add the SuperUser role for that VM.

./ovcmd user -n rexecutor roles | gsort -V
...
has role 'InstanceCreator' on vm 'fa42'
has role 'SuperUser' on vm 'fa42'
has role 'UserInstanceManager' on vm 'fa42'
has role 'UserRole' on vm 'fa42'
has role 'UserVmManager' on vm 'fa42'
has role 'UserVmRunTimeManager' on vm 'fa42'


The permits are the same:

./ovcmd user -n rexecutor permits
vm/fa42:
  add_users_and_groups_from_directory
  assign_cpu_profile
  attach_disk
  change_vm_cd
  configure_vm_network
  configure_vm_storage
  connect_to_vm
  create_disk
  create_vm
  delete_disk
  delete_vm
  edit_disk_properties
  edit_vm_properties
  hibernate_vm
  login
  manipulate_permissions
  reboot_vm
  run_vm
  shut_down_vm
  sparsify_disk
  stop_vm

./ovcmd  -u rexecutor@internal --passwordfile=/tmp/passwordfile vm -n fa42 stop
(OK)

But now it can stop the vm. Why ?


> Le 5 juil. 2017 à 17:55, Fabrice Bacchella <fabrice.bacche...@orange.fr> a 
> écrit :
> 
> I'm trying to give a user the permissions to stop/start a specific server.
> 
> This user is given the generic UserRole for the System.
> 
> I tried to give him the roles :
> UserVmManager
> UserVmRunTimeManager
> UserInstanceManager
> InstanceCreator
> UserRole
> 
> for that specific VM, I always get: query execution failed due to 
> insufficient permissions.
> 
> As soon as I give him the SuperUser role, he can stop/start it.
> 
> What role should I give him for that VM ? I don't want to give the privilege 
> to destroy the vm, or add disks. But he should be able to change the os 
> settings too.
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] user permissions

2017-07-05 Thread Fabrice Bacchella
I'm trying to give a user the permissions to stop/start a specific server.

This user is given the generic UserRole for the System.

I tried to give him the roles :
UserVmManager
UserVmRunTimeManager
UserInstanceManager
InstanceCreator
UserRole

for that specific VM, I always get: query execution failed due to insufficient 
permissions.

As soon as I give him the SuperUser role, he can stop/start it.

What role should I give him for that VM ? I don't want to give the privilege to 
destroy the vm, or add disks. But he should be able to change the os settings 
too.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] ovirt can't find user

2017-07-04 Thread Fabrice Bacchella

> Le 1 juil. 2017 à 09:09, Fabrice Bacchella <fabrice.bacche...@orange.fr> a 
> écrit :
> 
> 
>> Le 30 juin 2017 à 23:25, Ondra Machacek <omach...@redhat.com> a écrit :
>> 
>> On Thu, Jun 29, 2017 at 5:16 PM, Fabrice Bacchella
>> <fabrice.bacche...@orange.fr> wrote:
>>> 
>>>> Le 29 juin 2017 à 14:42, Fabrice Bacchella <fabrice.bacche...@orange.fr> a 
>>>> écrit :
>>>> 
>>>> 
>>>>> Le 29 juin 2017 à 13:41, Ondra Machacek <omach...@redhat.com> a écrit :
>>>>> 
>>>>> How do you login? Do you use webadmin or API/SDK, if using SDK, don't
>>>>> you use kerberos=True?
>>>> 
>>>> Ok, got it.
>>>> It's tested with the sdk, using kerberos. But Kerberos authentication is 
>>>> done in Apache and I configure a profile for that, so I needed to add: 
>>>> config.artifact.arg = X-Remote-User in my 
>>>> /etc/ovirt-engine/extensions.d/MyProfile.authn.properties. But this is 
>>>> missing from internal-authn.properties. So rexecutor@internal  is checked 
>>>> with my profil, and not found. But as the internal profil don't know about 
>>>> X-Remote-User, it can't check the user and fails silently. That's why I'm 
>>>> getting only one line. Perhaps the log line should have said the 
>>>> extensions name that was failing, not the generic "External 
>>>> Authentication" that did'nt caught my eye.
>>>> 
>>>> I will check that as soon as I have a few minutes to spare and tell you.
>>> 
>>> I'm starting to understand. I need two authn modules, both using 
>>> org.ovirt.engineextensions.aaa.misc.http.AuthnExtension but with a 
>>> different authz.plugin. Is that possible ? If I do what, in what order the 
>>> different Authn will be tried ? Are they all tried until one succeed  both 
>>> authn and authz ?
>>> 
>> 
>> Yes you can have multiple authn profiles and it tries to login until
>> one succeed:
>> 
>> https://github.com/oVirt/ovirt-engine/blob/de46aa78f3117cbe436ab10926ac0c23fcdd7cfc/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/NegotiationFilter.java#L125
>> 
>> The order isn't guaranteed, but I think it's not important, or is it for you?
> 
> I'm not sure. As I need two 
> org.ovirt.engineextensions.aaa.misc.http.AuthnExtension, the authentication 
> will always succeed. It's the auhtz that fails as user as either in one 
> backend or the other. So if ExtMap output = profile.getAuthn().invoke(..) 
> calls the authz part I will be fine.
> 

I think it's not possible to have 2 
org.ovirt.engineextensions.aaa.misc.http.AuthnExtension with different authz.

The first authz ldap based backend is tried and return:
2017-07-04 17:50:25,711+02 DEBUG 
[org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (default task-2) [] 
Exception: java.lang.RuntimeException: Cannot resolve principal 'rexecutor'
at 
org.ovirt.engineextensions.aaa.ldap.AuthzExtension.doFetchPrincipalRecord(AuthzExtension.java:579)
 [ovirt-engine-extension-aaa-ldap.jar:]
at 
org.ovirt.engineextensions.aaa.ldap.AuthzExtension.invoke(AuthzExtension.java:478)
 [ovirt-engine-extension-aaa-ldap.jar:]
at 
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:49)
at 
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:73)
at 
org.ovirt.engine.core.extensions.mgr.ExtensionProxy.invoke(ExtensionProxy.java:109)
at 
org.ovirt.engine.core.sso.utils.NegotiateAuthUtils.doAuth(NegotiateAuthUtils.java:122)
at 
org.ovirt.engine.core.sso.utils.NegotiateAuthUtils.doAuth(NegotiateAuthUtils.java:68)
at 
org.ovirt.engine.core.sso.utils.NonInteractiveAuth$2.doAuth(NonInteractiveAuth.java:51)
at 
org.ovirt.engine.core.sso.servlets.OAuthTokenServlet.issueTokenUsingHttpHeaders(OAuthTokenServlet.java:183)
at 
org.ovirt.engine.core.sso.servlets.OAuthTokenServlet.service(OAuthTokenServlet.java:72)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at 
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at 
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at 
org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:73)
at 
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at 
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at 
org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter

Re: [ovirt-users] ovirt can't find user

2017-07-01 Thread Fabrice Bacchella

> Le 30 juin 2017 à 23:25, Ondra Machacek <omach...@redhat.com> a écrit :
> 
> On Thu, Jun 29, 2017 at 5:16 PM, Fabrice Bacchella
> <fabrice.bacche...@orange.fr> wrote:
>> 
>>> Le 29 juin 2017 à 14:42, Fabrice Bacchella <fabrice.bacche...@orange.fr> a 
>>> écrit :
>>> 
>>> 
>>>> Le 29 juin 2017 à 13:41, Ondra Machacek <omach...@redhat.com> a écrit :
>>>> 
>>>> How do you login? Do you use webadmin or API/SDK, if using SDK, don't
>>>> you use kerberos=True?
>>> 
>>> Ok, got it.
>>> It's tested with the sdk, using kerberos. But Kerberos authentication is 
>>> done in Apache and I configure a profile for that, so I needed to add: 
>>> config.artifact.arg = X-Remote-User in my 
>>> /etc/ovirt-engine/extensions.d/MyProfile.authn.properties. But this is 
>>> missing from internal-authn.properties. So rexecutor@internal  is checked 
>>> with my profil, and not found. But as the internal profil don't know about 
>>> X-Remote-User, it can't check the user and fails silently. That's why I'm 
>>> getting only one line. Perhaps the log line should have said the extensions 
>>> name that was failing, not the generic "External Authentication" that 
>>> did'nt caught my eye.
>>> 
>>> I will check that as soon as I have a few minutes to spare and tell you.
>> 
>> I'm starting to understand. I need two authn modules, both using 
>> org.ovirt.engineextensions.aaa.misc.http.AuthnExtension but with a different 
>> authz.plugin. Is that possible ? If I do what, in what order the different 
>> Authn will be tried ? Are they all tried until one succeed  both authn and 
>> authz ?
>> 
> 
> Yes you can have multiple authn profiles and it tries to login until
> one succeed:
> 
> https://github.com/oVirt/ovirt-engine/blob/de46aa78f3117cbe436ab10926ac0c23fcdd7cfc/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/NegotiationFilter.java#L125
> 
> The order isn't guaranteed, but I think it's not important, or is it for you?

I'm not sure. As I need two 
org.ovirt.engineextensions.aaa.misc.http.AuthnExtension, the authentication 
will always succeed. It's the auhtz that fails as user as either in one backend 
or the other. So if ExtMap output = profile.getAuthn().invoke(..) calls the 
authz part I will be fine.


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] ovirt can't find user

2017-06-29 Thread Fabrice Bacchella

> Le 29 juin 2017 à 14:42, Fabrice Bacchella <fabrice.bacche...@orange.fr> a 
> écrit :
> 
> 
>> Le 29 juin 2017 à 13:41, Ondra Machacek <omach...@redhat.com> a écrit :
>> 
>> How do you login? Do you use webadmin or API/SDK, if using SDK, don't
>> you use kerberos=True?
> 
> Ok, got it.
> It's tested with the sdk, using kerberos. But Kerberos authentication is done 
> in Apache and I configure a profile for that, so I needed to add: 
> config.artifact.arg = X-Remote-User in my 
> /etc/ovirt-engine/extensions.d/MyProfile.authn.properties. But this is 
> missing from internal-authn.properties. So rexecutor@internal  is checked 
> with my profil, and not found. But as the internal profil don't know about 
> X-Remote-User, it can't check the user and fails silently. That's why I'm 
> getting only one line. Perhaps the log line should have said the extensions 
> name that was failing, not the generic "External Authentication" that did'nt 
> caught my eye.
> 
> I will check that as soon as I have a few minutes to spare and tell you.

I'm starting to understand. I need two authn modules, both using 
org.ovirt.engineextensions.aaa.misc.http.AuthnExtension but with a different 
authz.plugin. Is that possible ? If I do what, in what order the different 
Authn will be tried ? Are they all tried until one succeed  both authn and 
authz ?

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] ovirt can't find user

2017-06-29 Thread Fabrice Bacchella

> Le 29 juin 2017 à 13:41, Ondra Machacek  a écrit :
> 
> How do you login? Do you use webadmin or API/SDK, if using SDK, don't
> you use kerberos=True?

Ok, got it.
It's tested with the sdk, using kerberos. But Kerberos authentication is done 
in Apache and I configure a profile for that, so I needed to add: 
config.artifact.arg = X-Remote-User in my 
/etc/ovirt-engine/extensions.d/MyProfile.authn.properties. But this is missing 
from internal-authn.properties. So rexecutor@internal  is checked with my 
profil, and not found. But as the internal profil don't know about 
X-Remote-User, it can't check the user and fails silently. That's why I'm 
getting only one line. Perhaps the log line should have said the extensions 
name that was failing, not the generic "External Authentication" that did'nt 
caught my eye.

I will check that as soon as I have a few minutes to spare and tell you.


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] ovirt can't find user

2017-06-28 Thread Fabrice Bacchella
I tried to add a user in ovirt, but it's not identified:
2017-06-28 16:48:48,505+02 ERROR 
[org.ovirt.engine.core.sso.utils.NegotiateAuthUtils] (default task-22) [] 
External Authentication Failed: Cannot resolve principal 'rexecutor@internal'


/usr/bin/ovirt-aaa-jdbc-tool user  show rexecutor
-- User rexecutor(b1727291-5ad4-4575-b8ec-53bdc9ce4aef) --
Namespace: *
Name: rexecutor
ID: b1727291-5ad4-4575-b8ec-53bdc9ce4aef
Display Name: 
Email: 
First Name: 
Last Name: 
Department: 
Title: 
Description: 
Account Disabled: false
Account Locked: false
Account Unlocked At: 2017-06-16 13:49:31Z
Account Valid From: 2017-06-15 16:41:14Z
Account Valid To: 2217-06-15 16:41:14Z
Account Without Password: true
Last successful Login At: 1970-01-01 00:00:00Z
Last unsuccessful Login At: 1970-01-01 00:00:00Z
Password Valid To: 2025-08-15 10:30:00Z

It's listed as a known user:

  
  
62313732373239312D356164342D343537352D623865632D353362646339636534616566
  
  
  
  *
  rexecutor
  rexecutor@internal-authz
  
internal-authz
  
  
  
  
  


My admin domain authentication looks OK:
config.datasource.jdbcurl=jdbc:postgresql://pgdb:5432/ovirt_engine?sslfactory=org.postgresql.ssl.NonValidatingFactory
config.datasource.dbuser=ovirt
config.datasource.dbpassword=XXX
config.datasource.jdbcdriver=org.postgresql.Driver
config.datasource.schemaname=aaa_jdbc

It tried to increase org.ovirt.engine.core.sso.utils debug log level by 
modifying /usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.xml.in

diff ovirt-engine.xml.in*
201,204d200
<   
< 
<   
< 

I just got in the log:
2017-06-28 17:17:09,404+02 DEBUG 
[org.ovirt.engine.core.sso.utils.NonInteractiveAuth] (default task-7) [] 
Performing Negotiate Auth
2017-06-28 17:17:09,404+02 DEBUG 
[org.ovirt.engine.core.sso.utils.NegotiateAuthUtils] (default task-7) [] 
Performing external authentication
2017-06-28 17:17:09,410+02 ERROR 
[org.ovirt.engine.core.sso.utils.NegotiateAuthUtils] (default task-7) [] 
External Authentication Failed: Cannot resolve principal 'rexecutor@internal'
2017-06-28 17:17:09,410+02 DEBUG 
[org.ovirt.engine.core.sso.utils.NegotiateAuthUtils] (default task-7) [] 
External Authentication Failed: Class: class 
org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException
Input:
{Extkey[name=EXTENSION_INVOKE_COMMAND;type=class 
org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df],
 Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class 
java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3,
 Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class 
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface
 
java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[DC=XXX],
 Extkey[name=EXTENSION_LICENSE;type=class 
java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL
 2.0, Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class 
org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*,
 Extkey[name=EXTENSION_NAME;type=class 
java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=ovirt-engine-extension-aaa-ldap.authz,
 Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface 
org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.ovirt-engine-extension-aaa-ldap.authz.XXX-authz),
 Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface 
java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[],
 Extkey[name=EXTENSION_VERSION;type=class 
java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=1.3.1,
 Extkey[name=EXTENSION_PROVIDES;type=interface 
java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz],
 Extkey[name=EXTENSION_AUTHOR;type=class 
java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The
 oVirt Project, Extkey[name=EXTENSION_LOCALE;type=class 
java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US,
 Extkey[name=EXTENSION_CONFIGURATION_FILE;type=class 
java.lang.String;uuid=EXTENSION_CONFIGURATION_FILE[4fb0ffd3-983c-4f3f-98ff-9660bd67af6a];]=/etc/ovirt-engine/extensions.d/-authz.properties,
 Extkey[name=EXTENSION_HOME_URL;type=class 
java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=http://www.ovirt.org,
 Extkey[name=EXTENSION_CONFIGURATION;type=class 
java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***,
 

[ovirt-users] CVE-2017-1000364

2017-06-28 Thread Fabrice Bacchella
Distributions like Redhat and Ubuntu issued a buggy patch for CVE-2017-1000364.

http://www.openwall.com/lists/oss-security/2017/06/22/6 


Many applications are affected:
 
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1698919 


Did oVirt's team did check it ? Can we safely apply this patch ?___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Frustration defines the deployment of Hosted Engine

2017-06-26 Thread Fabrice Bacchella


> 4. There is any good SPICE client for macOS? Or should I just use the HTML5 
> version instead?
> 
> I'm afraid not.
> Y.

There is one spice client, RemoveViewer, but I will not call it good, it's very 
slow. So I tend to use the embedded vnc viewer.

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] OVirt 4.1.2 - trim/discard on HDD/XFS/NFS contraproductive

2017-06-18 Thread Fabrice Bacchella

> Le 18 juin 2017 à 08:00, Idan Shaby  a écrit :
> If you don't need live discarding, shutdown the VM and disable the "Enable 
> Discard" option. That will cause qemu to ignore the live UNMAP SCSI commands 
> coming from the guest and not pass it on to the underlying storage.
> Note that this makes fstrim completely redundant, as the purpose of the 
> command is to discard unused blocks under the given path.

Redundant ? Useless you mean ? From my comprehension, the purpose to fstrim is 
to send UNMAP SCSI on batch instead of mount -o discard that send them 
synchronously.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] ovirt sdk and pipelining

2017-06-16 Thread Fabrice Bacchella

> Le 16 juin 2017 à 10:13, Juan Hernández <jhern...@redhat.com> a écrit :
> 
> On 06/16/2017 09:52 AM, Fabrice Bacchella wrote:
>> I just read the blog entry about performance increate in for the python sdk 
>> (https://www.ovirt.org/blog/2017/05/higher-performance-for-python-sdk/).
>> 
>> I'm quite sceptical about pipelining.

> In our tests pipe-lining dramatically increases the performance in large
> scale environments with high latency. In our tests with 4000 virtual
> machines 1 disks and 150ms of latency retrieving the complete
> inventory is reduced from approx 1 hour to approx 2 minutes.
> 

Bench are the ultimate judge. So if it works in many different use case for , 
that's nice and intersting.


> Note that the usage of the HTTP protocol in this scenario is very
> different from the typical usage when a browser retrieves a web page.

Indeed, all the literature is about interactive usage. A very different use 
case.

> 
>> It also talks about multiple connection, but don't use pycurl.CurlShare(). I 
>> thing this might be very helpfull, as it allows to share cookies, see 
>> https://curl.haxx.se/libcurl/c/CURLOPT_SHARE.html. 
>> 
> 
> The SDK uses the curl "multi" mechanism, which automatically shares the
> DNS cache.

This: https://curl.haxx.se/libcurl/c/CURLOPT_DNS_USE_GLOBAL_CACHE.html ?

WARNING: this option is considered obsolete. Stop using it. Switch over to 
using the share interface instead! See CURLOPT_SHARE and curl_share_init.


> In addition version 4 of the SDK does not use cookies. So
> this shouldn't be relevant.

From some of my own code:
self._share.setopt(pycurl.SH_SHARE, pycurl.LOCK_DATA_COOKIE)
self._share.setopt(pycurl.SH_SHARE, pycurl.LOCK_DATA_DNS)
self._share.setopt(pycurl.SH_SHARE, pycurl.LOCK_DATA_SSL_SESSION)

And users apaches settings can use cookies for custom usages.

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] ovirt sdk and pipelining

2017-06-16 Thread Fabrice Bacchella
I just read the blog entry about performance increate in for the python sdk 
(https://www.ovirt.org/blog/2017/05/higher-performance-for-python-sdk/).

I'm quite sceptical about pipelining.

A few explanation about that can be found at:
https://devcentral.f5.com/articles/http-pipelining-a-security-risk-without-real-performance-benefits
https://stackoverflow.com/questions/14810890/what-are-the-disadvantages-of-using-http-pipelining

It also talks about multiple connection, but don't use pycurl.CurlShare(). I 
thing this might be very helpfull, as it allows to share cookies, see 
https://curl.haxx.se/libcurl/c/CURLOPT_SHARE.html. 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Performance differences between ext4 and XFS

2017-06-13 Thread Fabrice Bacchella
I just got bitten by this particular problem, on a heavily used disk image. I'm 
trying to defragment the disk images. Hop this will help.


> Le 8 juin 2017 à 07:19, Markus Stockhausen  a écrit :
> 
> Hi Fernando, 
> 
> we personally like XFS very much. But XFS + qcow2 (even for snapshots in 
> OVirt)
> comes close to a no-go these days. We are experience excessive fragmentation.
> For more info see unresolved Redhat Info:
> 
> https://access.redhat.com/solutions/532663 
> 
> 
> Even with tuning the XFS allocation policy on the qcow2 directory with 
> 
> xfs_io -c 'extsize -R 2M' 
> 
> A nice 3rd party explanation can be found here:
> 
> https://blog.codecentric.de/en/2017/04/xfs-possible-memory-allocation-deadlock-kmem_alloc/
>  
> 
> 
> Markus
> 
> Von: users-boun...@ovirt.org  
> [users-boun...@ovirt.org ]" im Auftrag von 
> "FERNANDO FREDIANI [fernando.fredi...@upx.com 
> ]
> Gesendet: Mittwoch, 7. Juni 2017 23:35
> An: users@ovirt.org 
> Betreff: [ovirt-users] Performance differences between ext4 and XFS
> 
> Just wanted to find out what filesystem people are using to host Virtual 
> Machines in qcow2 files in a filesystem in Localstorage, ext4 or XFS ?
> 
> I normally like XFS for big files which is the case fo VMs, but wondered if 
> anyone could see any performance advantage when compared with ext4.
> 
> Fernando
> ___
> Users mailing list
> Users@ovirt.org 
> http://lists.ovirt.org/mailman/listinfo/users 
> 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Migrating oVirt cluster from 4.0 to 4.1

2017-06-12 Thread Fabrice Bacchella

> Le 12 juin 2017 à 19:58, Pavel Gashev  a écrit :
> 
> Karli,
>  
> Almost everything can be updated without system reboot. Even kernel, see 
> http://KernelCare.com/ 
>  

High uptime is a thing of the past.

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Python-SDK4: Managing accents?

2017-06-12 Thread Fabrice Bacchella
Did you try with python 3 ? UTF management changed a lot with this version, it 
might works better in your case.

> Le 12 juin 2017 à 12:33, nico...@devels.es a écrit :
> 
> Hi,
> 
> We're running Python SDK (ovirt-engine-sdk-python) ver 4.1.4 and we're having 
> some issues getting values that contain accents. For example, this snippet 
> fails:
> 
>import ovirtsdk4 as sdk
>import ovirtsdk4.types as types
> 
># Create the connection to the server:
>connection = sdk.Connection(
>url='https://fqdn/ovirt-engine/api',
>username='...',
>password='...',
>ca_file='...',
>debug=True,
>)
> 
>users_service = connection.system_service().users_service()
>users = users_service.list()
> 
>connection.close()
> 
> This snippet fails in the "users = users_service.list()" line, because one of 
> the records have a tilde (ó).
> 
> The trace is:
> Traceback (most recent call last):
>  File "lista_users", line 23, in 
>users = users_service.list()
>  File 
> "/home/ovirt/prueba/ejemplo2/lib/python2.7/site-packages/ovirtsdk4/services.py",
>  line 22155, in list
>return self._internal_get(headers, query, wait)
>  File 
> "/home/ovirt/prueba/ejemplo2/lib/python2.7/site-packages/ovirtsdk4/service.py",
>  line 202, in _internal_get
>return future.wait() if wait else future
>  File 
> "/home/ovirt/prueba/ejemplo2/lib/python2.7/site-packages/ovirtsdk4/service.py",
>  line 53, in wait
>return self._code(response)
>  File 
> "/home/ovirt/prueba/ejemplo2/lib/python2.7/site-packages/ovirtsdk4/service.py",
>  line 197, in callback
>return self._internal_read_body(response)
>  File 
> "/home/ovirt/prueba/ejemplo2/lib/python2.7/site-packages/ovirtsdk4/service.py",
>  line 310, in _internal_read_body
>return reader.Reader.read(response.body)
>  File 
> "/home/ovirt/prueba/ejemplo2/lib/python2.7/site-packages/ovirtsdk4/reader.py",
>  line 297, in read
>cursor = xml.XmlReader(io.BytesIO(source.encode('utf-8')))
> UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 1899: 
> ordinal not in range(128)
> 
> Opening the source code (ovirtsdk4/reader.py) file and seeking the exact line 
> that fails I can see:
> 
>if isinstance(source, str):
>cursor = xml.XmlReader(io.BytesIO(source.encode('utf-8')))
> 
> If I add a line just after the 'if' being "cursor = cursor.decode('utf-8')", 
> it seems to work, but I guess the source code should handle this kind of 
> situations.
> 
> Is this a known issue? Should I open a BZ? Any workaround meanwhile?
> 
> Thanks.
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] chrony or ntp ?

2017-06-11 Thread Fabrice Bacchella

> Le 10 juin 2017 à 22:21, Michal Skrivanek <mskri...@redhat.com> a écrit :
> 
>> On 09 Jun 2017, at 15:48, Fabrice Bacchella <fabrice.bacche...@orange.fr> 
>> wrote:
>> 
>> 
>> People might be suprised. I'm currently trying to understand what chrony did 
>> to my ntpd setup, it look like it killed it and puppet has hard time to 
>> reconfigure it.
>> 
>> And as it's not a 'ovirt update' but instead vdsm update seems to happen 
>> more frequently, some people might forget to read release notes and be 
>> disappointed.
> 
> We do not configure anything. Just pull in dependency. You're free to
> disable the service as a common admin task. As long as you replace it
> with other time synchronization solution

Yes, that's I've done, but beware of user complain about broken ntp service 
because their specially crafted ntpd configuration now lying dead. I detected 
it because my puppet setup tried to uninstall chrony and failed. What about 
other users ? Does the default chrony settings always works, for every one ?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] ovirt client developpement

2017-06-09 Thread Fabrice Bacchella

> Le 9 juin 2017 à 16:25, Luca 'remix_tj' Lorenzetto 
> <lorenzetto.l...@gmail.com> a écrit :
> 
> On Fri, Jun 9, 2017 at 4:19 PM, Fabrice Bacchella
> <fabrice.bacche...@orange.fr> wrote:
>> For my ovirt cli, I would like to have unit tests. But there is nothing to 
>> test in standalone mode, I need a running ovirt with a database in a known 
>> state.
>> 
>> Is there some where a docker images with a toy setup, or a mock ovirt engine 
>> that can be downloaded and used for that ?
> 
> Maybe you can run lago
> http://lago.readthedocs.io/en/stable/README.html and setup an ovirt
> env on the fly?

That's not a answer to my question. I can always build one manually. I know how 
to build a VM/contenaire from that, but I will still need to fill it with fake 
data, and needs to update it for every release of ovirt.

With a prebuild system, provided by oVirt people, I could also run it on 
release candidate and help them find bugs.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] ovirt client developpement

2017-06-09 Thread Fabrice Bacchella
For my ovirt cli, I would like to have unit tests. But there is nothing to test 
in standalone mode, I need a running ovirt with a database in a known state.

Is there some where a docker images with a toy setup, or a mock ovirt engine 
that can be downloaded and used for that ?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] chrony or ntp ?

2017-06-09 Thread Fabrice Bacchella

People might be suprised. I'm currently trying to understand what chrony did to 
my ntpd setup, it look like it killed it and puppet has hard time to 
reconfigure it.

And as it's not a 'ovirt update' but instead vdsm update seems to happen more 
frequently, some people might forget to read release notes and be disappointed.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] chrony or ntp ?

2017-06-09 Thread Fabrice Bacchella
Other strange dependencies:
rpm -q --requires vdsm

returns:
sos
tree
NetworkManager-config-server

I don't use NetworkManager-config-server and never used it. There is just this 
lonely components.
I'm running Centos, not Redhat, what 'sos' is good for in this case ?
tree is for interactive shell, who can a python application needs it ?

There is a lot of other tools like openvswitch's and iscsi's that are not used 
in my setup. But I can understand that they are always installed. A modular 
approach would have been better but much more complicated to implement.

which, every one use it , even if it's not the best solution instead of the 
bash builtin 'type -p' (bash is part of the requires) or more portable 'command 
-v', it's all explained at: https://unix.stackexchange.com/a/85250. But I must 
live with this.

> Le 9 juin 2017 à 11:05, Fabrice Bacchella <fabrice.bacche...@orange.fr> a 
> écrit :
> 
> I haven't switched from ntp to chrony. So I have configured my puppet to 
> remove it as it's now part of default installation of rhel.
> 
> I works well with everything except on vdsm, since last upgrade:
> 
> # yum erase chrony
> ..
> Removing for dependencies:
> vdsm  x86_64  
>  4.19.15-1.el7.centos   @ovirt-4.1
>2.6 M
> vdsm-hook-vmfex-dev   noarch  
>  4.19.15-1.el7.centos   @ovirt-4.1
> 21 k
> 
> 
> Why vdsm depends on chrony ? Any time synchronisation solution is good. Is 
> that the role of ovirt to chose for me ?
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] chrony or ntp ?

2017-06-09 Thread Fabrice Bacchella
I haven't switched from ntp to chrony. So I have configured my puppet to remove 
it as it's now part of default installation of rhel.

I works well with everything except on vdsm, since last upgrade:

 # yum erase chrony
..
Removing for dependencies:
 vdsm  x86_64   
4.19.15-1.el7.centos   @ovirt-4.1   
2.6 M
 vdsm-hook-vmfex-dev   noarch   
4.19.15-1.el7.centos   @ovirt-4.1   
 21 k


Why vdsm depends on chrony ? Any time synchronisation solution is good. Is that 
the role of ovirt to chose for me ?

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Postgres errors after updating to 9.5.7 from 9.5.4

2017-05-24 Thread Fabrice Bacchella
> 
> Le 24 mai 2017 à 16:26, Yedidyah Bar David  a écrit :
>> 

>> A good solution usually used by java app is to provide the need jars. That
>> the purpose of maven like tools.
>> 
> 
> We can also simply add to the spec file '< 9.3' or something like that,
> until we fix the code to support newer.
> 
> You are more than welcome to open a bug for this!

Done:

https://bugzilla.redhat.com/show_bug.cgi?id=1455262

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] perf tool ?

2017-05-24 Thread Fabrice Bacchella
I'm playing with perf in vm and getting inconsistent result. But I wonder if 
it's a kvm, ovirt or hardware problem.

On a ovirt's vm:
$ sudo perf list | grep Hardware | wc -l
1
$ lscpu
...
Model name:Intel Core Processor (Haswell, no TSX)

On another ovirt's vm:
$ sudo perf list | grep Hardware | wc -l
27
$ lscpu
...
Model name:AMD Opteron 23xx (Gen 3 Class Opteron)

On a libvirtm vm:
sudo perf list | grep Hardware | wc -l
1
lscpu
...
Model name:Westmere E56xx/L56xx/X56xx (Nehalem-C)
...

Look's like intel CPU don't expose hardware events. Is there an option on kvm 
or ovirt to help that ?

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Postgres errors after updating to 9.5.7 from 9.5.4

2017-05-24 Thread Fabrice Bacchella

> Le 24 mai 2017 à 15:25, supp...@jac-properties.com a écrit :
> 
> Which makes sense seeing as that's what Red Hat officially supports.  It just 
> made sense for our infrastructure to put it on our postgres cluster that is 
> running 9.5.x.  Unfortunately things like this happen sometimes when running 
> a slightly unsupported infrastructure.
> 
> 
> 
> Is this worth putting in an RFE?  Support for postgresql-jdbc 42+ and 
> postgresql 9.5+
> 
A good solution usually used by java app is to provide the need jars. That the 
purpose of maven like tools.

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] terminating sessions

2017-05-24 Thread Fabrice Bacchella
And tasks are not available through the REST API, I think.

> Le 24 mai 2017 à 11:07, Martin Perina <mper...@redhat.com> a écrit :
> 
> Hi,
> 
> there is no direct link between sessions and commands executed by them in UI. 
> You can take a look into Tasks tab in bottom right corner, if there are any 
> long running tasks. 
> 
> Ravi, would it be possible to display sessionId inside Tasks to be able to 
> identify which command belongs to which session?
> 
> 
> Martin Perina
> 
> 
> On Wed, May 24, 2017 at 9:21 AM, Fabrice Bacchella 
> <fabrice.bacche...@orange.fr <mailto:fabrice.bacche...@orange.fr>> wrote:
> No one has the answer ?
> 
>> Le 18 mai 2017 à 09:58, Sandro Bonazzola <sbona...@redhat.com 
>> <mailto:sbona...@redhat.com>> a écrit :
>> 
>> Adding some people who may be able to answer
>> 
>> On Wed, May 17, 2017 at 11:45 AM, Fabrice Bacchella 
>> <fabrice.bacche...@orange.fr <mailto:fabrice.bacche...@orange.fr>> wrote:
>> I'm back with a long list of sessions, many of them started since many days. 
>> How can I get informations about them ?
>> 
>> > Le 3 mai 2017 à 18:52, Fabrice Bacchella <fabrice.bacche...@orange.fr 
>> > <mailto:fabrice.bacche...@orange.fr>> a écrit :
>> >
>> > In the UI, I see 73 open sessions, all open by me.
>> >
>> > In ovirt logs, I see a lot of :
>> > 2017-05-03 18:49:31,483+02 INFO  
>> > [org.ovirt.engine.core.bll.aaa.SessionDataContainer] 
>> > (DefaultQuartzScheduler3) [dcf02fc4-72c3-4237-8855-d4e474766088] Not 
>> > removing session 
>> > 'B/GWJOxyLh3pXQPPitfCk29iiJ3XWMerYdNmOdZyc9ceqD+oAW/hhhZDXCltK+N4yRo9TgunhGR7w7YEELOI5A==',
>> >  session has running commands for user ''.
>> >
>> > And indeed I can't close those sessions in the UI.
>> >
>> >
>> > I have two questions:
>> >
>> > Are those sessions accessible using the API ?
>> > How to know what running command is waiting ?
>> >
> 
> 
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] terminating sessions

2017-05-24 Thread Fabrice Bacchella
No one has the answer ?

> Le 18 mai 2017 à 09:58, Sandro Bonazzola <sbona...@redhat.com> a écrit :
> 
> Adding some people who may be able to answer
> 
> On Wed, May 17, 2017 at 11:45 AM, Fabrice Bacchella 
> <fabrice.bacche...@orange.fr <mailto:fabrice.bacche...@orange.fr>> wrote:
> I'm back with a long list of sessions, many of them started since many days. 
> How can I get informations about them ?
> 
> > Le 3 mai 2017 à 18:52, Fabrice Bacchella <fabrice.bacche...@orange.fr 
> > <mailto:fabrice.bacche...@orange.fr>> a écrit :
> >
> > In the UI, I see 73 open sessions, all open by me.
> >
> > In ovirt logs, I see a lot of :
> > 2017-05-03 18:49:31,483+02 INFO  
> > [org.ovirt.engine.core.bll.aaa.SessionDataContainer] 
> > (DefaultQuartzScheduler3) [dcf02fc4-72c3-4237-8855-d4e474766088] Not 
> > removing session 
> > 'B/GWJOxyLh3pXQPPitfCk29iiJ3XWMerYdNmOdZyc9ceqD+oAW/hhhZDXCltK+N4yRo9TgunhGR7w7YEELOI5A==',
> >  session has running commands for user ''.
> >
> > And indeed I can't close those sessions in the UI.
> >
> >
> > I have two questions:
> >
> > Are those sessions accessible using the API ?
> > How to know what running command is waiting ?
> >


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Postgres errors after updating to 9.5.7 from 9.5.4

2017-05-24 Thread Fabrice Bacchella
In /etc/yum.repos.d/pgdg-94-centos.repo, I added :

[pgdg94]
...
exclude=postgresql-jdbc


> Le 23 mai 2017 à 23:06, supp...@jac-properties.com a écrit :
> 
> Wow, that looks almost exactly like what we're seeing.
> 
> Unfortunately, downgrading from postgresql-jdbc-42.1.1 to 42.0.0, restarting 
> ovirt-engine and rerunning engine-setup produces the same error messages.
> 
> Logan
> 
>> On May 23, 2017 at 3:39 PM Yedidyah Bar David  wrote:
>> 
>> 
>> On Tue, May 23, 2017 at 11:19 PM, Logan Kuhn  
>> wrote:
>>> Hi
>>> 
>>> We recently upgraded from postgres 9.5.4 to 9.5.6 and then to 9.5.7.  We
>>> restarted ovirt-engine between 9.5.4 and it worked as expected.  After we
>>> updated to 9.5.7 we have started to get postgres errors in engine.log and a
>>> 404 error in the browser when we try to start ovirt-engine.
>>> 
>>> Updates were done on client and server to keep them in sync.
>>> 
>>> The error is complaining about a missing function, but we can verify that
>>> the function exists in the database.  We've also restored engine and
>>> ovirt_engine_history from a backup at 8am this morning when it was working
>>> and before we upgraded to 9.5.7 with no apparent help and run engine-setup
>>> afterwards, still no luck.
>>> 
>>> 2017-05-23 15:07:48,418 INFO  [org.ovirt.engine.core.dal.dbbroker.DbFacade]
>>> (ServerService Thread Pool -- 51) [] Initializing the DbFacade
>>> 2017-05-23 15:07:48,480 INFO  [org.ovirt.engine.core.bll.Backend]
>>> (ServerService Thread Pool -- 51) [] Start initializing Backend
>>> 2017-05-23 15:07:48,502 ERROR
>>> [org.ovirt.engine.core.bll.network.macpool.MacPoolPerDc] (ServerService
>>> Thread Pool -- 46) [] Error initializing: PreparedStatementCallback; bad SQL
>>> grammar [select * from  getallmacpoolrangesbymacpoolid()]; nested exception
>>> is org.postgresql.util.PSQL
>>> Exception: ERROR: function getallmacpoolrangesbymacpoolid() does not exist
>>> Hint: No function matches the given name and argument types. You might need
>>> to add explicit type casts.
>>> Position: 16
>>> 2017-05-23 15:07:48,517 ERROR [org.ovirt.engine.core.bll.Backend]
>>> (ServerService Thread Pool -- 51) [] Error during initialization:
>>> org.jboss.weld.exceptions.WeldException: WELD-49: Unable to invoke
>>> public void
>>> org.ovirt.engine.core.bll.hostedengine.PreviousHostedEngineHost.cre
>>> ate() on
>>> org.ovirt.engine.core.bll.hostedengine.PreviousHostedEngineHost@3a35f461
>>>   at
>>> org.jboss.weld.injection.producer.DefaultLifecycleCallbackInvoker.invokeMethods(DefaultLifecycleCallbackInvoker.java:100)
>>> [weld-core-impl-2.3.5.Final.jar:2.3.5.Final]
>>>   at
>>> org.jboss.weld.injection.producer.DefaultLifecycleCallbackInvoker.postConstruct(DefaultLifecycleCallbackInvoker.java:81)
>>> [weld-core-impl-2.3.5.Final.jar:2.3.5.Final]
>>>   at
>>> org.jboss.weld.injection.producer.BasicInjectionTarget.postConstruct(BasicInjectionTarget.java:126)
>>> [weld-core-impl-2.3.5.Final.jar:2.3.5.Final]
>>>   at org.jboss.weld.bean.ManagedBean.create(ManagedBean.java:162)
>>> [weld-core-impl-2.3.5.Final.jar:2.3.5.Final]
>>>   at
>>> org.jboss.weld.context.AbstractContext.get(AbstractContext.java:96)
>>> [weld-core-impl-2.3.5.Final.jar:2.3.5.Final]
>>>   at
>>> org.jboss.weld.bean.ContextualInstanceStrategy$DefaultContextualInstanceStrategy.get(ContextualInstanceStrategy.java:101)
>>> [weld-core-impl-2.3.5.Final.jar:2.3.5.Final]
>>>   at
>>> org.jboss.weld.bean.ContextualInstanceStrategy$ApplicationScopedContextualInstanceStrategy.get(ContextualInstanceStrategy.java:141)
>>> [weld-core-impl-2.3.5.Final.jar:2.3.5.Final]
>>>   at
>>> org.jboss.weld.bean.ContextualInstance.get(ContextualInstance.java:50)
>>> [weld-core-impl-2.3.5.Final.jar:2.3.5.Final]
>>>   at
>>> org.jboss.weld.manager.BeanManagerImpl.getReference(BeanManagerImpl.java:742)
>>> [weld-core-impl-2.3.5.Final.jar:2.3.5.Final]
>>>   at
>>> org.jboss.weld.bean.builtin.InstanceImpl.getBeanInstance(InstanceImpl.java:189)
>>> [weld-core-impl-2.3.5.Final.jar:2.3.5.Final]
>>>   at
>>> org.jboss.weld.bean.builtin.InstanceImpl.get(InstanceImpl.java:100)
>>> [weld-core-impl-2.3.5.Final.jar:2.3.5.Final]
>>>   at org.ovirt.engine.core.bll.Backend.loadService(Backend.java:301)
>>> [bll.jar:]
>>>   at org.ovirt.engine.core.bll.Backend.initialize(Backend.java:212)
>>> [bll.jar:]
>>>   at org.ovirt.engine.core.bll.Backend.create(Backend.java:159)
>>> [bll.jar:]
>>>   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> [rt.jar:1.8.0_131]
>>>   at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>> [rt.jar:1.8.0_131]
>>>   at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> [rt.jar:1.8.0_131]
>>>   at java.lang.reflect.Method.invoke(Method.java:498)
>>> [rt.jar:1.8.0_131]
>>>   at
>>> 

[ovirt-users] vm migration failure and jobs

2017-05-17 Thread Fabrice Bacchella
I'm switching a host to maintenance state and it's failing because of problem 
migrating one of it's VM.

I'm listing the current jobs running in ovirt and getting that list:
$ ./ovcmd job list -t '{id!s} {description!s} {start_time!s}'
00ebb251-2229-4178-82cd-dff421de96ea Moving Host nb0104 to Maintenance 
2017-05-17 12:48:59.598000+02:00
fb83ab93-0455-4cde-a93f-3a43b7346ef9 Moving Host nb0104 to Maintenance 
2017-05-17 12:43:56.902000+02:00
f9b85fd3-5ef4-4b16-8472-3dc4119880d1 Moving Host nb0104 to Maintenance 
2017-05-17 12:38:53.918000+02:00
9c7b8799-56e7-480a-9066-9dde49eebda6 Moving Host nb0104 to Maintenance 
2017-05-17 12:33:50.689000+02:00
f6afaf10-1676-4573-91af-170f80a0a67e Moving Host nb0104 to Maintenance 
2017-05-17 12:28:48.602000+02:00
f32c55b4-ec62-49ca-84e6-70ac7922895c Moving Host nb0104 to Maintenance 
2017-05-17 12:23:46.118000+02:00
b7443f5f-21f3-4ed7-8230-00e772e6b678 Moving Host nb0104 to Maintenance 
2017-05-17 12:18:43.86+02:00
5c57a6e9-05f9-434d-a581-748638b601a8 Moving Host nb0104 to Maintenance 
2017-05-17 12:13:41.558000+02:00
3a499570-d4c1-4d7e-a5bb-d487e19c8dc9 Moving Host nb0104 to Maintenance 
2017-05-17 12:08:39.96+02:00
03d2202f-f884-4fb0-95e7-f78733c93265 Moving Host nb0104 to Maintenance 
2017-05-17 12:03:34.449000+02:00
f246eafd-c1d0-4e9e-b87c-962f9a494b97 Moving Host nb0104 to Maintenance 
2017-05-17 11:58:29.952000+02:00
904c932b-e695-4b8b-b975-8148e5800992 Moving Host nb0104 to Maintenance 
2017-05-17 11:53:27.592000+02:00
6dd2dce7-9b82-47b0-a39c-ff7e90e6c6ef Moving Host nb0104 to Maintenance 
2017-05-17 11:48:24.683000+02:00
69ea38e4-5b22-4c3a-8650-71c1ca059801 Moving Host nb0104 to Maintenance 
2017-05-17 11:43:20.137000+02:00
a321ab67-ae12-44e0-a787-75bd818c6821 Moving Host nb0104 to Maintenance 
2017-05-17 11:38:18.115000+02:00
ffd29e6f-51f5-4da4-a8c1-e027431377e2 Moving Host nb0104 to Maintenance 
2017-05-17 11:33:15.927000+02:00
3c7a07d4-8136-4309-ae47-3b35a77b206a Moving Host nb0104 to Maintenance 
2017-05-17 11:28:11.985000+02:00
a5f50eed-35d3-46e7-af2b-684bae7e918f Moving Host nb0104 to Maintenance 
2017-05-17 11:23:09.829000+02:00
d307dd44-e1c1-4fd1-9471-1602f0aef541 Moving Host nb0104 to Maintenance 
2017-05-17 11:18:06.736000+02:00
ad56ebec-9c12-4b2c-91a3-5043d76257c9 Moving Host nb0104 to Maintenance 
2017-05-17 11:13:02.169000+02:00
1f2debf4-15a3-483e-be66-2afff331a83b Moving Host nb0104 to Maintenance 
2017-05-17 11:07:59.661000+02:00
 
So each failed job launch a new one but don't terminate.

Is that an expected situation ?___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] terminating sessions

2017-05-17 Thread Fabrice Bacchella
I'm back with a long list of sessions, many of them started since many days. 
How can I get informations about them ?

> Le 3 mai 2017 à 18:52, Fabrice Bacchella <fabrice.bacche...@orange.fr> a 
> écrit :
> 
> In the UI, I see 73 open sessions, all open by me.
> 
> In ovirt logs, I see a lot of :
> 2017-05-03 18:49:31,483+02 INFO  
> [org.ovirt.engine.core.bll.aaa.SessionDataContainer] 
> (DefaultQuartzScheduler3) [dcf02fc4-72c3-4237-8855-d4e474766088] Not removing 
> session 
> 'B/GWJOxyLh3pXQPPitfCk29iiJ3XWMerYdNmOdZyc9ceqD+oAW/hhhZDXCltK+N4yRo9TgunhGR7w7YEELOI5A==',
>  session has running commands for user ''.
> 
> And indeed I can't close those sessions in the UI.
> 
> 
> I have two questions:
> 
> Are those sessions accessible using the API ?
> How to know what running command is waiting ?
> 
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] searching users and field mapping

2017-05-12 Thread Fabrice Bacchella
When I export a user I find values like:

  
  
39323336363566612D37622D346532612D396530632D316630396536643634636432
  
  
  admin
  *
  admin
  admin@internal-authz
  
internal-authz
  
  
  
  
  

They are the same that one defined from the type in sdk 
(http://ovirt.github.io/ovirt-engine-sdk/master/types.m.html#ovirtsdk4.types.User).

If I look in 
http://www.ovirt.org/documentation/admin-guide/appe-Using_Search_Bookmarks_and_Tags/,
 I see fields like pool, group that I don't map to fields in the type.

In the search bar in the UI, I also see fields like login, directory or type. 
The mapping is less obvious, even if I can guess that login maps to principal.

But I wonder why such name discrepancy exists and if they are documented 
somewhere.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] slow kerberos authentication

2017-05-12 Thread Fabrice Bacchella
It works much better now. Goes from 6s to less than 500ms. Not blazing fast but 
much more usable, thanks a lot.

> Le 12 mai 2017 à 15:58, Ondra Machacek <omach...@redhat.com> a écrit :
> 
> This is new feature in aaa-ldap tracked here[1].
> By default for AD profiles we use this feature, and it should
> increase performance in most cases.
> 
> But if this is not the case for you, can you just try to change the profile
> from:
> 
>  include = 
> 
> to
> 
>  include = 
> 
> And see if it will be better?
> 
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1393407 
> <https://bugzilla.redhat.com/show_bug.cgi?id=1393407>
> 
> On Fri, May 12, 2017 at 2:54 PM, Fabrice Bacchella 
> <fabrice.bacche...@orange.fr <mailto:fabrice.bacche...@orange.fr>> wrote:
> I found that:
> 
> http://dunnry.com/blog/TransitiveLinkValueFilterEvaluation.aspx 
> <http://dunnry.com/blog/TransitiveLinkValueFilterEvaluation.aspx>
> 
> 
>> Le 12 mai 2017 à 14:44, Fabrice Bacchella <fabrice.bacche...@orange.fr 
>> <mailto:fabrice.bacche...@orange.fr>> a écrit :
>> 
>> Ok, I found where it's slow, it's a ldapsearch on our AD:
>> 
>> time ldapsearch -a never -E pr=100/noprompt -H ldap://ad1 <> -b DC=... -s 
>> sub '(&(groupType:1.2.840.113556.1.4.803:=2147483648 
>> <tel:(214)%20748-3648>)(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=userdn)))'
>>  objectGUID name description
>> 
>> # numResponses: 70
>> # numEntries: 66
>> # numReferences: 3
>> 
>> real 0m10.801s
>> user 0m0.007s
>> sys  0m0.012s
>> 
>> That matches the log line:
>> 2017-05-12 14:22:17,413+02 DEBUG 
>> [org.ovirt.engineextensions.aaa.ldap.Framework] (pool-25-thread-2) [] 
>> Performing SearchRequest 'SearchRequest(baseDN='...', scope=SUB, 
>> deref=NEVER, sizeLimit=0, timeLimit=0, 
>> filter='&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648)(member:1.2.840.113556.1.4.1941:=...)',
>>  attrs={objectGUID, name, description}, 
>> controls={SimplePagedResultsControl(pageSize=100, isCritical=false)})' 
>> request on server '...'
>> 2017-05-12 14:22:24,456+02 DEBUG 
>> [org.ovirt.engineextensions.aaa.ldap.Framework] (pool-25-thread-1) [] 
>> SearchResult: SearchResult(resultCode=0 (success), messageID=3, 
>> entriesReturned=66, referencesReturned=0, 
>> responseControls={SimplePagedResultsControl(pageSize=0, isCritical=false)})
>> 
>> 
>> And without 1.2.840.113556.1.4.1941
>> 
>> # numResponses: 54
>> # numEntries: 50
>> # numReferences: 3
>> 
>> real 0m0.051s
>> user 0m0.008s
>> sys  0m0.007s
>> 
>> So it's an AD problem. 1.2.840.113556.1.4.1941 make it slow, but without it, 
>> the result is not the same. But I don't know if it's an AD or ovirt problem. 
>> I'll keep investigating.
>> 
>> Thank's for your help.
>> ___
>> Users mailing list
>> Users@ovirt.org <mailto:Users@ovirt.org>
>> http://lists.ovirt.org/mailman/listinfo/users 
>> <http://lists.ovirt.org/mailman/listinfo/users>
> 
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] slow kerberos authentication

2017-05-12 Thread Fabrice Bacchella
I found that:

http://dunnry.com/blog/TransitiveLinkValueFilterEvaluation.aspx


> Le 12 mai 2017 à 14:44, Fabrice Bacchella <fabrice.bacche...@orange.fr> a 
> écrit :
> 
> Ok, I found where it's slow, it's a ldapsearch on our AD:
> 
> time ldapsearch -a never -E pr=100/noprompt -H ldap://ad1 <ldap://ad1> -b 
> DC=... -s sub 
> '(&(groupType:1.2.840.113556.1.4.803:=2147483648)(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=userdn)))'
>  objectGUID name description
> 
> # numResponses: 70
> # numEntries: 66
> # numReferences: 3
> 
> real  0m10.801s
> user  0m0.007s
> sys   0m0.012s
> 
> That matches the log line:
> 2017-05-12 14:22:17,413+02 DEBUG 
> [org.ovirt.engineextensions.aaa.ldap.Framework] (pool-25-thread-2) [] 
> Performing SearchRequest 'SearchRequest(baseDN='...', scope=SUB, deref=NEVER, 
> sizeLimit=0, timeLimit=0, 
> filter='&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648)(member:1.2.840.113556.1.4.1941:=...)',
>  attrs={objectGUID, name, description}, 
> controls={SimplePagedResultsControl(pageSize=100, isCritical=false)})' 
> request on server '...'
> 2017-05-12 14:22:24,456+02 DEBUG 
> [org.ovirt.engineextensions.aaa.ldap.Framework] (pool-25-thread-1) [] 
> SearchResult: SearchResult(resultCode=0 (success), messageID=3, 
> entriesReturned=66, referencesReturned=0, 
> responseControls={SimplePagedResultsControl(pageSize=0, isCritical=false)})
> 
> 
> And without 1.2.840.113556.1.4.1941
> 
> # numResponses: 54
> # numEntries: 50
> # numReferences: 3
> 
> real  0m0.051s
> user  0m0.008s
> sys   0m0.007s
> 
> So it's an AD problem. 1.2.840.113556.1.4.1941 make it slow, but without it, 
> the result is not the same. But I don't know if it's an AD or ovirt problem. 
> I'll keep investigating.
> 
> Thank's for your help.
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] slow kerberos authentication

2017-05-12 Thread Fabrice Bacchella
Ok, I found where it's slow, it's a ldapsearch on our AD:

time ldapsearch -a never -E pr=100/noprompt -H ldap://ad1 -b DC=... -s sub 
'(&(groupType:1.2.840.113556.1.4.803:=2147483648)(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=userdn)))'
 objectGUID name description

# numResponses: 70
# numEntries: 66
# numReferences: 3

real0m10.801s
user0m0.007s
sys 0m0.012s

That matches the log line:
2017-05-12 14:22:17,413+02 DEBUG 
[org.ovirt.engineextensions.aaa.ldap.Framework] (pool-25-thread-2) [] 
Performing SearchRequest 'SearchRequest(baseDN='...', scope=SUB, deref=NEVER, 
sizeLimit=0, timeLimit=0, 
filter='&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648)(member:1.2.840.113556.1.4.1941:=...)',
 attrs={objectGUID, name, description}, 
controls={SimplePagedResultsControl(pageSize=100, isCritical=false)})' request 
on server '...'
2017-05-12 14:22:24,456+02 DEBUG 
[org.ovirt.engineextensions.aaa.ldap.Framework] (pool-25-thread-1) [] 
SearchResult: SearchResult(resultCode=0 (success), messageID=3, 
entriesReturned=66, referencesReturned=0, 
responseControls={SimplePagedResultsControl(pageSize=0, isCritical=false)})


And without 1.2.840.113556.1.4.1941

# numResponses: 54
# numEntries: 50
# numReferences: 3

real0m0.051s
user0m0.008s
sys 0m0.007s

So it's an AD problem. 1.2.840.113556.1.4.1941 make it slow, but without it, 
the result is not the same. But I don't know if it's an AD or ovirt problem. 
I'll keep investigating.

Thank's for your help.___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] slow kerberos authentication

2017-05-12 Thread Fabrice Bacchella

> Le 12 mai 2017 à 13:35, Ondra Machacek <omach...@redhat.com> a écrit :
> 
> 
> 
> On Fri, May 12, 2017 at 1:18 PM, Fabrice Bacchella 
> <fabrice.bacche...@orange.fr <mailto:fabrice.bacche...@orange.fr>> wrote:
> The request is indeed quite slow within ovirt, using the setup given by Juan:
> 
> /ovirt-engine/sso/oauth/token-http-auth 7001ms
> 
> I was not able to authenticate jboss-cli.sh, I don't know why: 
> 'admin@internal-authz': No valid profile found in credentials.
> 
> It should be admin@internal.
>  

Indeed, but an export don't show that:


  
  
39323336363566612D37622D346532612D396530632D316630396536643634636432
  
  
  admin
  *
  admin
  admin@internal-authz
  
internal-authz
  
  
  
  
  



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] slow kerberos authentication

2017-05-12 Thread Fabrice Bacchella
The request is indeed quite slow within ovirt, using the setup given by Juan:

/ovirt-engine/sso/oauth/token-http-auth 7001ms

I was not able to authenticate jboss-cli.sh, I don't know why: 
'admin@internal-authz': No valid profile found in credentials.

So I tried to modifie 
usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine-logging.properties.in,
 adding:
org.ovirt.engineextensions.aaa=ALL
org.ovirt.engine.core.bll.aaa=ALL
and then restart ovirt-engine. But that changed nothing. That's not the good 
syntax ?




> Le 12 mai 2017 à 09:25, Ondra Machacek <omach...@redhat.com> a écrit :
> 
> I am not aware of anything, but debug log of all aaa stuff would help,
> to understand what takes the most time.
> 
>  - org.ovirt.engineextensions.aaa.ldap
>  - org.ovirt.engineextensions.aaa.misc
>  - org.ovirt.engine.core.aaa
>  - org.ovirt.engine.core.sso
> 
> To enable it in runtime, please follow:
> 
>  
> https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/master/README#L469
> 
> On Thu, May 11, 2017 at 7:24 PM, Fabrice Bacchella 
> <fabrice.bacche...@orange.fr> wrote:
> I'm using kerberos authentication in ovirt for the URL 
> /sso/oauth/token-http-auth, but kerberos is done in Apache using 
> auth_gssapi_module and it's quite slow, about 6s for a request.
> 
> I'm trying to understand if it's apache or ovirt-engine that are slow. Is 
> there a way to get response time metered for http requests inside ovirt 
> instead of seen from apache ?
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


  1   2   3   >