Re: [ovirt-users] Users losing permissions when user portal session times out
- Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Jeff Clay jeffc...@gmail.com Cc: Oved Ourfalli ov...@redhat.com, paul thornton paul.thorn...@infotech-enterprises.com, users@ovirt.org Sent: Thursday, May 8, 2014 10:09:55 AM Subject: Re: [ovirt-users] Users losing permissions when user portal session times out Jeff, which ovrit version are you using? Thanks. It sounds similar to the following issues: Bug 1069562 - When assigning permissions to user that belongs to a group indirectly, it does not inherit the group permissions (resolved by me). Bug 1081204 - [AAA] External user UI access unstable (resolved by Yair). iirc both are part of 3.4, but will need to check it out. Let's see what version you're using, and proceed from there. Oved - Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Jeff Clay jeffc...@gmail.com Cc: Oved Ourfalli ov...@redhat.com, paul thornton paul.thorn...@infotech-enterprises.com, users@ovirt.org Sent: Thursday, May 8, 2014 10:05:46 AM Subject: Re: [ovirt-users] Users losing permissions when user portal session times out - Original Message - From: Jeff Clay jeffc...@gmail.com To: users@ovirt.org, paul thornton paul.thorn...@infotech-enterprises.com Sent: Thursday, May 8, 2014 9:09:00 AM Subject: [ovirt-users] Users losing permissions when user portal session times out I finally have everything working pretty good. I have noticed that if I log in to the user portal as a user with the regular UserRole granted and only the the pool objects and the user portal session times I can not log back in. The user portal shows the message the the user is not authorized to perform this function. When I log in as admin and go to users then view the permissions for the user I was just logged in as, the user no longer shows the UserRole role even though the permissions on the pool objects still show the role is granted. I have to delete the user from the Users list and logging back in will refresh the permissions. I have ovirt integrated with my active directory for logins. I am granting permissions based on active directory groups. To grant the permissions, I am selecting the object (usually a pool), then selecting the permissions tab and then clicking add; I do a search for the group, i click the check box next to it and click ok. The group permissions seem to remain on the object when the user portal session times out, but the actual user that timed out loses all permissions/roles. I have no idea what could be causing this other than some sort of bug. Any ideas? Thanks in advance. This is a known issue, and IIRC was resolved by Oved. Oved, am I correct here? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] user portal permissions
Hi Jeff Roles determine two things: 1. What the user can see 2. What the user can do It is important to know on who is the user, what is the role (UserRole? as you also mentioned SuperUser?) and on what object(s) was the role granted on. Assuming it is UserRole, on a specific user, then: If on a VM, then the user can see/operate on this VM. If on a Cluster, then the user can see/operate on all the VMs in this cluster. If on a DC, then the user can see/operate on all the VMs in clusters that are part of this DC. If on System, then the user can see/operate on all the VMs in the system. So the hierarchy is System--DC--Cluster--VM. I hope this clarifies you question. Regards, Oved - Original Message - From: Jeff Clay jeffc...@gmail.com To: users@ovirt.org Sent: Monday, May 5, 2014 10:31:53 PM Subject: [ovirt-users] user portal permissions For some reason, when logged in as a user with a modifed copy role of UserRole (only has login permssion and VM - Basic Operations - Remote Log In permission) the user can see all of the VM's and has the ability to open a console, start, shutdown or suspend any of the VM's. I have verified that all of the VM's only show the SuperUser role in their permissions. I went through all of the roles and verified that the user is only a member of the Copy_of_UserRole. The only thing I can think of is that the user is inheriting permissions from something, but I can't find what it is or where. Any suggestions? Thanks. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Can we request images for the ovirt image repository?
Hi No real form for that. E-mail to this mailing list is a good way to request that for now. I've uploaded the image. Didn't test/play with it yet, but it is there. Oved - Original Message - From: Andrew Lau and...@andrewklau.com To: users users@ovirt.org Sent: Sunday, May 4, 2014 7:11:21 AM Subject: [ovirt-users] Can we request images for the ovirt image repository? Hi, Is there a form where we can request images in the public ovirt image repo? Either way, it'd be nice if we could get the project atomic images added http://rpm-ostree.cloud.fedoraproject.org/project-atomic/images/f20/qemu/ Cheers. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Foreman not starting VM, hangs on finishing creating a new VM
Aren't these the API calls that Foreman does for the provisioning? Each API call both logs in at start and logs out when done. - Original Message - From: Itamar Heim ih...@redhat.com To: Matt . yamakasi@gmail.com Cc: users users@ovirt.org, Oved Ourfalli oourf...@redhat.com, Yair Zaslavsky yzasl...@redhat.com Sent: Thursday, April 24, 2014 11:06:44 AM Subject: Re: [ovirt-users] Foreman not starting VM, hangs on finishing creating a new VM On 04/24/2014 11:05 AM, Matt . wrote: Would it be normal that it does this login runs a couple of times per second ? oved/yair? 2014-04-24 7:50 GMT+02:00 Itamar Heim ih...@redhat.com mailto:ih...@redhat.com: On 04/23/2014 09:50 PM, Matt . wrote: Hi All, I'm having an issue with oVirt 3.4 and Foreman 1.5 RC1 at the moment, it does not start/finish a new provisioned VM/Host., it creates it well on oVirt. I'm sure this worked well on a nightly some dags ago and I didn't update it after it. The foreman bug is shown here: http://projects.theforeman.__org/issues/5132 http://projects.theforeman.org/issues/5132 What I also see in the engine log is a bunch of admin login errors which I cannot place anywhere: 2014-04-23 20:26:44,203 INFO [org.ovirt.engine.core.bll.__LoginUserCommand] (ajp--127.0.0.1-8702-6) Running command: LoginUserCommand internal: false. 2014-04-23 20:26:44,242 INFO [org.ovirt.engine.core.bll.__LogoutUserCommand] (ajp--127.0.0.1-8702-6) [2e4a8183] Running command: LogoutUserCommand internal: false. 2014-04-23 20:26:44,276 INFO [org.ovirt.engine.core.dal.__dbbroker.auditloghandling.__AuditLogDirector] (ajp--127.0.0.1-8702-6) [2e4a8183] Correlation ID: 2e4a8183, Call Stack: null, Custom Event ID: -1, Message: User admin logged out. 2014-04-23 20:26:44,470 INFO [org.ovirt.engine.core.bll.__LoginUserCommand] (ajp--127.0.0.1-8702-1) Running command: LoginUserCommand internal: false. 2014-04-23 20:26:44,510 INFO [org.ovirt.engine.core.bll.__LogoutUserCommand] (ajp--127.0.0.1-8702-1) [5d731a43] Running command: LogoutUserCommand internal: false. 2014-04-23 20:26:44,542 INFO [org.ovirt.engine.core.dal.__dbbroker.auditloghandling.__AuditLogDirector] (ajp--127.0.0.1-8702-1) [5d731a43] Correlation ID: 5d731a43, Call Stack: null, Custom Event ID: -1, Message: User admin logged out. 2014-04-23 20:26:44,575 INFO [org.ovirt.engine.core.bll.__LoginUserCommand] (ajp--127.0.0.1-8702-3) Running command: LoginUserCommand internal: false. 2014-04-23 20:26:44,623 INFO [org.ovirt.engine.core.bll.__RemoveVmCommand] (ajp--127.0.0.1-8702-3) [708f0b9a] Lock Acquired to object EngineLock [exclusiveLocks= key: 7bfc175c-dbcd-43c9-9549-__cde8d3b3b731 value: VM I get the feeling this has something todo with eachother. why do you think above snippet contain an error? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [Users] Importing Image from Glance times out
- Original Message - From: Andrew Lau and...@andrewklau.com To: Oved Ourfalli ov...@redhat.com Cc: users users@ovirt.org Sent: Thursday, April 10, 2014 4:52:56 AM Subject: Re: [ovirt-users] [Users] Importing Image from Glance times out Found the URL - http://glance.ovirt.org:9292/v1/images/imageid On Thu, Apr 10, 2014 at 11:42 AM, Andrew Lau and...@andrewklau.com wrote: Thanks for the quick fix! Is there a way to patch that manually or will we need to wait for the next release? You can either wait for the next release, or take the 3.4 nightly build from http://resources.ovirt.org/pub/ovirt-3.4-snapshot/rpm/ Is there also any chance that those glance images are available through a HTTP method or something, I'd be interested in importing that through the export domain to dig around a little. I see you're already on it :-) Thanks, Andrew. On Wed, Apr 9, 2014 at 10:08 PM, Oved Ourfalli ov...@redhat.com wrote: Posted a fix in: http://gerrit.ovirt.org/#/c/26601/ Being tested and reviewed as we speak. Andrew + Elad - thank you for bringing this issue up, and helping diagnose it. Regards, Oved - Original Message - From: Andrew Lau and...@andrewklau.com To: Oved Ourfalli ov...@redhat.com Cc: users users@ovirt.org Sent: Wednesday, April 9, 2014 1:52:38 PM Subject: Re: [Users] Importing Image from Glance times out Yeah I imported it as a template, I'll try import it as an image now just to verify. On Wed, Apr 9, 2014 at 8:43 PM, Oved Ourfalli ov...@redhat.com wrote: Did you import it as template or just as an image. If as template then it can be nice to see if you're getting the same NullPointerException that Elad gets (although it was fixed a few weeks ago, so perhaps it is another issue). Thanks, Oved - Original Message - From: Andrew Lau and...@andrewklau.com To: Elad Ben Aharon ebena...@redhat.com Cc: Oved Ourfalli ov...@redhat.com, users users@ovirt.org Sent: Wednesday, April 9, 2014 1:37:34 PM Subject: Re: [Users] Importing Image from Glance times out Do you still want the log files? Is there anything in specific you're looking for, or should I just upload the whole files I also wonder, could you compare the md5? Out of the two attempts on the centos image (not docker) the md5sum gave me 62bc26a8a07be5adbef63b2eb1a18aeb If it's different to others, we could assume a failed transfer? I'm assuming it's just the timeout of the import process as the smaller CirrOS image worked fine. On Wed, Apr 9, 2014 at 8:32 PM, Elad Ben Aharon ebena...@redhat.com wrote: Oved, I had the same thing: https://bugzilla.redhat.com/show_bug.cgi?id=1085712 - Original Message - From: Oved Ourfalli ov...@redhat.com To: Andrew Lau and...@andrewklau.com Cc: users users@ovirt.org Sent: Wednesday, April 9, 2014 1:29:57 PM Subject: Re: [Users] Importing Image from Glance times out Do you see any failure in the log? Can you attach both the engine and the vdsm log? iirc the SPM (Federico?) should be the one importing the image, so if you look for a process with curl (ps -ef | grep -i curl) then you'll be able to see the import process (just to check whether it is running or not). Thank you, Oved - Original Message - From: Andrew Lau and...@andrewklau.com To: users users@ovirt.org Sent: Wednesday, April 9, 2014 1:23:59 PM Subject: [Users] Importing Image from Glance times out Hi, Using the new 3.4 public glance repository, I was able to successfully import the tiny 12mb CirrOS image and it appeared in my data store. However when trying the larger CentOS image, it took much longer. For some reason I can only push 50Kbps from any of the ovirt infrastructure so after many hours in the datastore I can see it's finished downloading the full 1gb image but it'll remain locked in the ovirt engine. Any thoughts on why this happens? Thanks, Andrew ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman
Re: [Users] Importing Image from Glance times out
Do you see any failure in the log? Can you attach both the engine and the vdsm log? iirc the SPM (Federico?) should be the one importing the image, so if you look for a process with curl (ps -ef | grep -i curl) then you'll be able to see the import process (just to check whether it is running or not). Thank you, Oved - Original Message - From: Andrew Lau and...@andrewklau.com To: users users@ovirt.org Sent: Wednesday, April 9, 2014 1:23:59 PM Subject: [Users] Importing Image from Glance times out Hi, Using the new 3.4 public glance repository, I was able to successfully import the tiny 12mb CirrOS image and it appeared in my data store. However when trying the larger CentOS image, it took much longer. For some reason I can only push 50Kbps from any of the ovirt infrastructure so after many hours in the datastore I can see it's finished downloading the full 1gb image but it'll remain locked in the ovirt engine. Any thoughts on why this happens? Thanks, Andrew ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Importing Image from Glance times out
Did you import it as template or just as an image. If as template then it can be nice to see if you're getting the same NullPointerException that Elad gets (although it was fixed a few weeks ago, so perhaps it is another issue). Thanks, Oved - Original Message - From: Andrew Lau and...@andrewklau.com To: Elad Ben Aharon ebena...@redhat.com Cc: Oved Ourfalli ov...@redhat.com, users users@ovirt.org Sent: Wednesday, April 9, 2014 1:37:34 PM Subject: Re: [Users] Importing Image from Glance times out Do you still want the log files? Is there anything in specific you're looking for, or should I just upload the whole files I also wonder, could you compare the md5? Out of the two attempts on the centos image (not docker) the md5sum gave me 62bc26a8a07be5adbef63b2eb1a18aeb If it's different to others, we could assume a failed transfer? I'm assuming it's just the timeout of the import process as the smaller CirrOS image worked fine. On Wed, Apr 9, 2014 at 8:32 PM, Elad Ben Aharon ebena...@redhat.com wrote: Oved, I had the same thing: https://bugzilla.redhat.com/show_bug.cgi?id=1085712 - Original Message - From: Oved Ourfalli ov...@redhat.com To: Andrew Lau and...@andrewklau.com Cc: users users@ovirt.org Sent: Wednesday, April 9, 2014 1:29:57 PM Subject: Re: [Users] Importing Image from Glance times out Do you see any failure in the log? Can you attach both the engine and the vdsm log? iirc the SPM (Federico?) should be the one importing the image, so if you look for a process with curl (ps -ef | grep -i curl) then you'll be able to see the import process (just to check whether it is running or not). Thank you, Oved - Original Message - From: Andrew Lau and...@andrewklau.com To: users users@ovirt.org Sent: Wednesday, April 9, 2014 1:23:59 PM Subject: [Users] Importing Image from Glance times out Hi, Using the new 3.4 public glance repository, I was able to successfully import the tiny 12mb CirrOS image and it appeared in my data store. However when trying the larger CentOS image, it took much longer. For some reason I can only push 50Kbps from any of the ovirt infrastructure so after many hours in the datastore I can see it's finished downloading the full 1gb image but it'll remain locked in the ovirt engine. Any thoughts on why this happens? Thanks, Andrew ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Importing Image from Glance times out
Posted a fix in: http://gerrit.ovirt.org/#/c/26601/ Being tested and reviewed as we speak. Andrew + Elad - thank you for bringing this issue up, and helping diagnose it. Regards, Oved - Original Message - From: Andrew Lau and...@andrewklau.com To: Oved Ourfalli ov...@redhat.com Cc: users users@ovirt.org Sent: Wednesday, April 9, 2014 1:52:38 PM Subject: Re: [Users] Importing Image from Glance times out Yeah I imported it as a template, I'll try import it as an image now just to verify. On Wed, Apr 9, 2014 at 8:43 PM, Oved Ourfalli ov...@redhat.com wrote: Did you import it as template or just as an image. If as template then it can be nice to see if you're getting the same NullPointerException that Elad gets (although it was fixed a few weeks ago, so perhaps it is another issue). Thanks, Oved - Original Message - From: Andrew Lau and...@andrewklau.com To: Elad Ben Aharon ebena...@redhat.com Cc: Oved Ourfalli ov...@redhat.com, users users@ovirt.org Sent: Wednesday, April 9, 2014 1:37:34 PM Subject: Re: [Users] Importing Image from Glance times out Do you still want the log files? Is there anything in specific you're looking for, or should I just upload the whole files I also wonder, could you compare the md5? Out of the two attempts on the centos image (not docker) the md5sum gave me 62bc26a8a07be5adbef63b2eb1a18aeb If it's different to others, we could assume a failed transfer? I'm assuming it's just the timeout of the import process as the smaller CirrOS image worked fine. On Wed, Apr 9, 2014 at 8:32 PM, Elad Ben Aharon ebena...@redhat.com wrote: Oved, I had the same thing: https://bugzilla.redhat.com/show_bug.cgi?id=1085712 - Original Message - From: Oved Ourfalli ov...@redhat.com To: Andrew Lau and...@andrewklau.com Cc: users users@ovirt.org Sent: Wednesday, April 9, 2014 1:29:57 PM Subject: Re: [Users] Importing Image from Glance times out Do you see any failure in the log? Can you attach both the engine and the vdsm log? iirc the SPM (Federico?) should be the one importing the image, so if you look for a process with curl (ps -ef | grep -i curl) then you'll be able to see the import process (just to check whether it is running or not). Thank you, Oved - Original Message - From: Andrew Lau and...@andrewklau.com To: users users@ovirt.org Sent: Wednesday, April 9, 2014 1:23:59 PM Subject: [Users] Importing Image from Glance times out Hi, Using the new 3.4 public glance repository, I was able to successfully import the tiny 12mb CirrOS image and it appeared in my data store. However when trying the larger CentOS image, it took much longer. For some reason I can only push 50Kbps from any of the ovirt infrastructure so after many hours in the datastore I can see it's finished downloading the full 1gb image but it'll remain locked in the ovirt engine. Any thoughts on why this happens? Thanks, Andrew ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] using cloud-init?
Did you set the OS type of the VM / template to some linux based OS type? The cloud-init data is passed only to linux VMs. A new patch changed that, and passed it to all non-windows VMs, so if you left the defaults, and the OS type is Other OS, then it doesn't work without the patch. See bug https://bugzilla.redhat.com/show_bug.cgi?id=1072764 Oved - Original Message - From: Jason Brooks jbro...@redhat.com To: users@ovirt.org Sent: Tuesday, March 11, 2014 6:21:37 PM Subject: [Users] using cloud-init? Hi all -- I've been trying, without success, to use cloud-init w/ oVirt 3.4 on Fedora 19 hosts. I've had similar failure in the past, but here are the steps I'm taking currently: 1. Import as template F19 image from ovirt-image-repository glance repo 2. Create new vm based on that template 3. Choose ovirtmgmt as the nic1 for the VM 4. Show advanced options, click initial run, expand authentication, enter a root password, paste my public key into the allowed ssh keys field 5. Hit OK, and then run the VM 6. In the VM's console, I see it complain about No instance datasource found 7. Unsurprisingly, I can't log in w/ pw or ssh. (By the way, are there any default creds for these images? I thought they might be based on the fedora cloud images, but their default uname fedora pw nothing doesn't work) I've tried some other derivations of this, launching from the Run Once menu, filling in various different fields, etc. Any clues? I don't see many people complaining about this, so I'm assuming it's working for other people. I don't know, maybe it's something with Fedora? Thanks, Jason ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] Importing Glance images as oVirt templates
Hi all! In oVirt 3.4 we extended the integration with Glance, allowing to import Glance images as oVirt templates. We also added a public Glance repository to be used by oVirt deployments. A reference to this repository is automatically added in 3.4, so you'll see it in the UI by default, under the name ovirt-image-repository. This repository currently contains only a small set of images, but we hope to extend it soon. The right way to use the Fedora and CentOS images that are there is to import them as templates, create VMs from them, and use cloud-init to configure them. I wrote a blog post on how to use it. Have a look at http://ovedou.blogspot.co.il/2014/03/importing-glance-images-as-ovirt.html Will be happy to hear your comments and answer your questions, Oved ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] [rhevm-api] Assign IP address to VM using Java SDK
- Original Message - From: Shahar Havivi shah...@redhat.com To: users@ovirt.org Cc: Juan Antonio Hernandez Fernandez jhern...@redhat.com, rhevm-...@lists.fedorahosted.org, Tejesh M tejes...@gmail.com Sent: Wednesday, February 12, 2014 11:22:20 PM Subject: Re: [Users] [rhevm-api] Assign IP address to VM using Java SDK On 12.02.14 22:55, Itamar Heim wrote: On 02/12/2014 03:14 PM, Tejesh M wrote: Hi, Can anyone share sample code on how to assign IP address to guest os changing the root password while creating VM from Template using Java SDK? Hi Tejesh, You should start here: http://www.ovirt.org/Api This link will explain the basics for fetching VM via the API using HTTP via curl command line. Every VM have a collection of networks and manipulating them can be seeing here with the REST API examples: http://www.ovirt.org/Features/Design/Network/SetupNetworks#REST the section for you is Attaching a network to a NIC under the REST category. Shahar Havivi. Actually it looks like Tejesh is referring to the Guests and not the hosts, so you can use cloud-init in order to do that. See more in http://www.ovirt.org/Features/Cloud-Init_Integration;. If the VM's operating system is defined as some kind of Linux, then you'll be able to set some stuff using cloud-init, either via the Run-Once Dialog, or in the regular VM properties dialog. Omer - we have REST API support for cloud-init, right? -- Thanks Regards Lucky ___ rhevm-api mailing list rhevm-...@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/rhevm-api this list isn't used any more, moving to users@ovirt.org ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Ovirt 3.4 - Fail to set permissions to VM
Hi Jonas
Apparently there is a quite new bug open about this issue
(https://bugzilla.redhat.com/1057147).
CC-ing Juan and Yair - perhaps the'll know what's the source of the issue, as I
think they were the last ones to make changes in it.
Oved
- Original Message -
From: Jonas Israelsson jo...@israelsson.com
To: users@ovirt.org
Sent: Tuesday, January 28, 2014 11:34:50 AM
Subject: [Users] Ovirt 3.4 - Fail to set permissions to VM
Greetings.
I have set up oVirt to use Openldap for its users store. I managed to
make two users SuperUser but now when trying to add a third as a normal
user and give him permission to a VM it fails. From the log I see it
complains about duplicate key violations.
No matter what user I try to add to this vm I get the same error. Maybe
it's beyond me but I really do not understand why It wants to add
something to the users table (since the user is already there), sounds
like a bug to me..
Anyone else have the same setup as me, and have this working ?
[root@dashboard ovirt-engine]# tail -100 engine.log
2014-01-28 10:19:14,655 INFO
[org.ovirt.engine.core.bll.AddPermissionCommand]
(org.ovirt.thread.pool-6-thread-26) [5c95fa5a] Running command:
AddPermissionCommand internal: false. Entities affected : ID:
18bcf10a-6f63-44ea-8a9b-70f423476473 Type: StoragePool, ID:
aaa0----123456789aaa Type: System
2014-01-28 10:19:14,658 ERROR
[org.ovirt.engine.core.bll.AddPermissionCommand]
(org.ovirt.thread.pool-6-thread-26) [5c95fa5a] Command
org.ovirt.engine.core.bll.AddPermissionCommand throw exception:
org.springframework.dao.DuplicateKeyException:
CallableStatementCallback; SQL [{call insertuser(?, ?, ?, ?, ?, ?, ?, ?,
?, ?, ?, ?, ?)}]; ERROR: duplicate key value violates unique constraint
users_domain_external_id_unique
Where: SQL statement INSERT INTO users(department, domain, email,
groups, name, note, role, active, surname, user_id, username, group_ids,
external_id) VALUES( $1 , $2 , $3 , $4 , $5 , $6 , $7 , $8 , $9
, $10 , $11 , $12 , $13 )
PL/pgSQL function insertuser line 2 at SQL statement; nested exception
is org.postgresql.util.PSQLException: ERROR: duplicate key value
violates unique constraint users_domain_external_id_unique
Where: SQL statement INSERT INTO users(department, domain, email,
groups, name, note, role, active, surname, user_id, username, group_ids,
external_id) VALUES( $1 , $2 , $3 , $4 , $5 , $6 , $7 , $8 , $9
, $10 , $11 , $12 , $13 )
PL/pgSQL function insertuser line 2 at SQL statement
at
org.springframework.jdbc.support.SQLErrorCodeSQLExceptionTranslator.doTranslate(SQLErrorCodeSQLExceptionTranslator.java:241)
[spring-jdbc.jar:3.1.1.RELEASE]
at
org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:72)
[spring-jdbc.jar:3.1.1.RELEASE]
at
org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:1030)
[spring-jdbc.jar:3.1.1.RELEASE]
at
org.springframework.jdbc.core.JdbcTemplate.call(JdbcTemplate.java:1064)
[spring-jdbc.jar:3.1.1.RELEASE]
at
org.springframework.jdbc.core.simple.AbstractJdbcCall.executeCallInternal(AbstractJdbcCall.java:388)
[spring-jdbc.jar:3.1.1.RELEASE]
at
org.springframework.jdbc.core.simple.AbstractJdbcCall.doExecute(AbstractJdbcCall.java:351)
[spring-jdbc.jar:3.1.1.RELEASE]
at
org.springframework.jdbc.core.simple.SimpleJdbcCall.execute(SimpleJdbcCall.java:181)
[spring-jdbc.jar:3.1.1.RELEASE]
at
org.ovirt.engine.core.dao.DbUserDAODbFacadeImpl.save(DbUserDAODbFacadeImpl.java:119)
[dal.jar:]
at
org.ovirt.engine.core.bll.AddPermissionCommand.executeCommand(AddPermissionCommand.java:94)
[bll.jar:]
at
org.ovirt.engine.core.bll.CommandBase.executeWithoutTransaction(CommandBase.java:1114)
[bll.jar:]
at
org.ovirt.engine.core.bll.CommandBase.executeActionInTransactionScope(CommandBase.java:1199)
[bll.jar:]
at
org.ovirt.engine.core.bll.CommandBase.runInTransaction(CommandBase.java:1875)
[bll.jar:]
at
org.ovirt.engine.core.utils.transaction.TransactionSupport.executeInNewTransaction(TransactionSupport.java:210)
[utils.jar:]
at
org.ovirt.engine.core.utils.transaction.TransactionSupport.executeInRequired(TransactionSupport.java:149)
[utils.jar:]
at
org.ovirt.engine.core.utils.transaction.TransactionSupport.executeInScope(TransactionSupport.java:118)
[utils.jar:]
at
org.ovirt.engine.core.bll.CommandBase.execute(CommandBase.java:1219)
[bll.jar:]
at
org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:351)
[bll.jar:]
at
org.ovirt.engine.core.bll.MultipleActionsRunner.executeValidatedCommand(MultipleActionsRunner.java:179)
[bll.jar:]
at
org.ovirt.engine.core.bll.MultipleActionsRunner.runCommands(MultipleActionsRunner.java:151)
[bll.jar:]
Re: [Users] Ovirt Engine single point of failure
For now only for testing purposes, and considering it to be used in the near future once it is more tested/stable. It will be released only on oVirt 3.4 alpha, and I guess it should be complete and tested in 3.4. cc-ing Doron, which is pushing this feature. He should know best about its current status. Thank you, Oved - Original Message - From: Sven Kieske s.kie...@mittwald.de To: users@ovirt.org Sent: Monday, January 13, 2014 10:46:56 AM Subject: Re: [Users] Ovirt Engine single point of failure Hi, do you really advise to use a feature which is not 100% implemented and is just available in an alpha release for a production setup? Or is my assumption incorrect and this feature is already 100% supported? This would be great news. Am 12.01.2014 07:15, schrieb Oved Ourfalli: Consider trying the new hosted engine feature (http://www.ovirt.org/Features/Self_Hosted_Engine). It runs the ovirt engine as a VM inside the engine, and also provides HA solution for it. Oved -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Ovirt Engine single point of failure
Consider trying the new hosted engine feature (http://www.ovirt.org/Features/Self_Hosted_Engine). It runs the ovirt engine as a VM inside the engine, and also provides HA solution for it. Oved - Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Alan Murrell li...@murrell.ca Cc: users@ovirt.org Sent: Friday, January 10, 2014 9:17:53 AM Subject: Re: [Users] Ovirt Engine single point of failure Alan, IMHO this is not the scenario described in the original question - or maybe I did not understand well the original question? I assume the original question is about a scenario where engine restarts, and not about a catastrophic failure as you describe here. - Original Message - From: Alan Murrell li...@murrell.ca To: users@ovirt.org Sent: Friday, January 10, 2014 9:01:14 AM Subject: Re: [Users] Ovirt Engine single point of failure OK, so just so I understand this, in the described scenario of three servers: one management server/engine and two nodes, let's say the management server suffers catastrophic hard disk failure where no data can be recovered from it, nor were any backups made. Is it possible to perform a new installation of ovirt-engine, add the two existing nodes, and everything just works? Or would you at least need to do some reconfiguring (e.g., re-add the logical networks etc.) Basically, even though the nodes were part of the now-dead ovirt-engine, there would be no problem in getting them added in to the newly-installed ovirt-engine? -Alan ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Bug? in tweak vm instance via REST/JSON 3.3.2
- Original Message -
From: Sven Kieske s.kie...@mittwald.de
To: users@ovirt.org
Sent: Thursday, January 9, 2014 10:09:31 AM
Subject: [Users] Bug? in tweak vm instance via REST/JSON 3.3.2
Hi,
we got a problem with starting a vm after changing some of its
parameters via REST (JSON)
this is the command to create the vm (this works):
POST request on https://virt-mgmt-01.internal/api/vms/
{name:vr2,cluster:{id:2ad11b5e-9e74-499a-b317-5a9a3027cfca},template:{id:374a12df-5ffc-4feb-a2bf-c912f059675f}}
Then we tweak memory and cpu:
PUT request on
https://virt-mgmt-01.internal/api/vms/42dba82f-e7ea-40ff-a76e-70056912b47f
{memory:2048,cpu:{topology:{sockets:1,cores:1}}}
and then we start it:
POST request on
https://virt-mgmt-01.internal/api/vms/42dba82f-e7ea-40ff-a76e-70056912b47f/start
{vm:{initialization:{cloudInit:{host:{address:vr2},networkConfiguration:{nics:{nics:[{name:eth0,bootProtocol:STATIC,network:{ip:{address:10.0.1.12,netmask:255.255.255.252,gateway:10.0.1.9}},onBoot:true}]},dns:{servers:{hosts:[{address:46.30.62.99},{address:46.30.62.98},{address:46.30.62.97}]}}},users:{users:[{name:root,password:lPzYG06qV63+Tne7},{name:vr2,password:lPzYG06qV63+Tne7}]},files:{files:[{name:\/foo\/ip-configuration,content:extern_v4address1
185.15.194.7\npassword1 lPzYG06qV63+Tne7,type:PLAINTEXT}]}
the error we get:
Operation Failed,detail:[Cannot run VM. There is no host that
satisfies current scheduling constraints. See bellow for details:]
Do you get any information below? Anything in the logs? (attaching them will be
helpful).
when we start the vm without altering memory and cpu it starts just
fine.
Is this not supported via JSON, or is this a bug?
PS:
BTW there seems to be a spelling bug in the error message (bellow).
Submitted a patch to address that (see below :-) ). I guess it will be merged
soon.
Thank you for bringing this typo to our attention.
http://gerrit.ovirt.org/#/c/23087
Oved
--
Mit freundlichen Grüßen / Regards
Sven Kieske
Systemadministrator
Mittwald CM Service GmbH Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Bug? in tweak vm instance via REST/JSON 3.3.2
- Original Message - From: Sven Kieske s.kie...@mittwald.de To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org Sent: Thursday, January 9, 2014 11:23:43 AM Subject: Re: [Users] Bug? in tweak vm instance via REST/JSON 3.3.2 Hi, thanks for your fast reply. well some of this got already resolved as we just put a little to less memory (dev assumed it was counted in MB ) in the vm, it didn't start that well with less than 1 MB ;) So the VM starts just fine now, however the tweak of the cpu cores still does not work (the vm boots with 1 socket and 1 core instead of 1 socket with 2 cores). cc-ing Juan, the API maintainer, as I know there are some gaps in the JSON implementation. When you GET the VM through the REST-API, do you see 1 socket with 1 core, or 1 socket with 2 cores? What happens if you do the same thing using XML? Thank you, Oved Am 09.01.2014 09:21, schrieb Oved Ourfalli: Do you get any information below? Anything in the logs? (attaching them will be helpful). when we start the vm without altering memory and cpu it starts just fine. Is this not supported via JSON, or is this a bug? PS: BTW there seems to be a spelling bug in the error message (bellow). Submitted a patch to address that (see below :-) ). I guess it will be merged soon. Thank you for bringing this typo to our attention. http://gerrit.ovirt.org/#/c/23087 Oved -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Building Windows virt-viewer
cc-ing spice-devel. Oved - Original Message - From: Lindsay Mathieson lindsay.mathie...@gmail.com To: users@ovirt.org Sent: Monday, December 9, 2013 1:14:46 PM Subject: [Users] Building Windows virt-viewer Is there a guide somewhere on how to do this? for an OSS project I'm finding it remarkably opaque as to how to do this. There are some (incomplete) notes here: http://www.spice-space.org/page/Building_Instructions#Windows_2 Which fail to build (DevStudio 2008). There are some old posts os the spice-dev list which seem to hint the build is done via cross compile from fedora. I need to build the remote viewer for window to incorporate some bug fixes which have made their way into the offical build. Also I'd like to try embedding it in a customised viewer. Thanks, -- Lindsay ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] [Engine-devel] Fwd: Adding users and assigning roles in Ovirt
- Original Message - From: Einav Cohen eco...@redhat.com To: Malini Rao m...@redhat.com, Eldan Hildesheim ehild...@redhat.com, Scott Herold sher...@redhat.com, Arthur Berezin abere...@redhat.com, Yair Zaslavsky yzasl...@redhat.com, Gilad Chaplik gchap...@redhat.com, Oved Ourfalli ov...@redhat.com Cc: Users@ovirt.org users@ovirt.org Sent: Tuesday, December 3, 2013 10:42:44 PM Subject: [Engine-devel] Fwd: Adding users and assigning roles in Ovirt [moving discussion to the users mailing list] while it seems that we all agree that adding some sort of a wizard that will allow easy permission assignment to newly-added users, it doesn't seem like something that can be accomplished soon (e.g. for ovirt 3.4). maybe we can utilize Ramesh's initial suggestion [1] for the short term - allow assignment of *System* permissions in the context of the 'Add User(s)' dialog [with an explicit clarification within the dialog that we are talking about *System* permissions, so that the admin will be aware that the privileges that he can assign in this context would be very permissive] any thoughts? how extensively are system permissions used in oVirt in general? [if adding a system permission is not a common/popular action, there is no reason to expose it in the 'Add User(s)' dialog, since it will probably be hardly used anyway] I guess that most users added in this dialog are users and not administrators, and even for administrators I'm not sure them all get system permissions. It may imply we think it is the best-practice with regards to permissions. In addition, adding system permission in the Configure dialog allow you to also add the user, as it shows you all the users in the directory, and not just the ones that were previously added via the add user dialog, so I think we should leave it as is for now, given this workaround to do both operations in the same dialog. maybe different ideas for short-term solutions? Thanks, Einav [1] http://lists.ovirt.org/pipermail/engine-devel/2013-December/006059.html - Forwarded Message - From: Yair Zaslavsky yzasl...@redhat.com To: Einav Cohen eco...@redhat.com Cc: Oved Ourfalli ov...@redhat.com, engine-de...@ovirt.org Sent: Monday, December 2, 2013 4:09:10 PM Subject: Re: [Engine-devel] Adding users and assigning roles in Ovirt - Original Message - From: Einav Cohen eco...@redhat.com To: Malini Rao m...@redhat.com Cc: Oved Ourfalli ov...@redhat.com, engine-de...@ovirt.org Sent: Monday, December 2, 2013 9:55:45 PM Subject: Re: [Engine-devel] Adding users and assigning roles in Ovirt - Original Message - From: Malini Rao m...@redhat.com Sent: Monday, December 2, 2013 2:20:06 PM Joining in the thread a bit green but wouldn't it be ok to add the new user with the most basic permissions by default ( may be just read only permissions)until the admin goes and deliberately tweaks permissions or assigns a role? this is similar to what Oved has suggested, but I think that it won't really make any difference, since there is very little chance, in my view, that these permissions would be sufficient for anything - the admin would need to assign additional/different permissions at some point anyway, so not much point in allowing that default minimal assignment in the first place - we might as well keep the 'Add User(s)' dialog as is. Also, if we add that roles drop down as Einav mentioned, isn't there a way to only show that drop down if the logged in user is an admin role? the logged in user must be an admin, as the 'Add User(s)' dialog (which is available from the Users main tab) exists only in the web-admin, which is accessible only to admins by definition. +1 on the user adding wizard. I think in general connecting related task flows together will improve the overall UX too. +1 here agreed. Thanks Malini - Original Message - From: Einav Cohen eco...@redhat.com To: Gilad Chaplik gchap...@redhat.com, Ramesh rnach...@redhat.com, Oved Ourfalli ov...@redhat.com Cc: engine-de...@ovirt.org Sent: Monday, December 2, 2013 1:37:57 PM Subject: Re: [Engine-devel] Adding users and assigning roles in Ovirt we should definitely not completely remove the possibility to add permission-less users to the system, due to possible use-cases as Gilad mentioned and/or simply to allow the flexibility of adding the user first, and only then adding the relevant (business entity and) permissions, should the admin choose to do so. the more correct location to add system permissions to a user would probably be a 'Add System Permission' dialog that will be available from the Permissions sub-tab of the Users main tab, however it won't allow to assign system permissions to several users at once, so I
Re: [Users] Fwd: oVirt 3.3.1 REST-API: UML for all Objects?
Perhaps using the RSDL (RESTful service description language) can give you a clue about the different object types, and their fields. Also, it provides information about the different actions you can do, mandatory fields for these actions, and etc. Just go to the API URL, followed by ?rsdl (http://localhost:8700/ovirt-engine/api?rsdl) As a rule we try to make everything available at the UI level also available at API level. Not sure what the current gaps are (if any). Oved - Original Message - From: Sven Kieske s.kie...@mittwald.de To: users@ovirt.org Sent: Tuesday, December 3, 2013 12:33:43 PM Subject: [Users] Fwd: oVirt 3.3.1 REST-API: UML for all Objects? Hi, as I didn't get any reply until today from the REST-API Maintainer, maybe someone on the users list knows where such a list of all objects can be obtained? See below for detailed information. Thank you! Original-Nachricht Betreff: oVirt 3.3.1 REST-API: UML for all Objects? Datum: Fri, 29 Nov 2013 11:07:22 +0100 Von: Sven Kieske s.kie...@mittwald.de An: mpast...@redhat.com Hi, you are listed as the REST-API Maintainer, so I write to you and hope you can help me. We need a description (preferred as UML, but we take anything we can get ) about all Objects which are provided through the Rest-API. We know we can call via REST-API, but it seems not all objects are reported back, e.g. if the object is not set. Example: Via GUI, you can set a description for each VM-Disk, but this does not get reported if I call this disk via REST-API. In the RHEV-API-Guide (Developers Guide) 3.2 there is no such list and browsing via gitweb was also not successful(maybe we looked in the wrong place?). Is there such a list or UML for all accessible REST-API-Objects for oVirt 3.3.1? Or are the objects which can't be seen via REST-API not implemented in the REST-API and are therefore just accessible over GUI? Thanks for your help! -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] Public glance image repository for oVirt
Hi Everyone I thought of adding a new public Glance image repository on oVirt.org, to be used in different oVirt environments. The nice thing about glance compared to current export domain is that it can be attached to multiple oVirt environments / data centers, so it can be a public image repository everyone can use. Would you see such a repository as useful? Would you use it? What type of images/virtual appliances would you find beneficial to have there? If you're interested let me know. If we see enough traction for it then I'll set it up. Thank you, Oved ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Public glance image repository for oVirt
- Original Message - From: Jakub Bittner j.bitt...@nbu.cz To: users@ovirt.org Sent: Monday, December 2, 2013 12:19:17 PM Subject: Re: [Users] Public glance image repository for oVirt Dne 2.12.2013 10:35, Oved Ourfalli napsal(a): Hi Everyone I thought of adding a new public Glance image repository on oVirt.org, to be used in different oVirt environments. The nice thing about glance compared to current export domain is that it can be attached to multiple oVirt environments / data centers, so it can be a public image repository everyone can use. Would you see such a repository as useful? Would you use it? What type of images/virtual appliances would you find beneficial to have there? If you're interested let me know. If we see enough traction for it then I'll set it up. Thank you, Oved ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users Hello, I think it is great idea. But if I may, I have some thoughts/questions... Will that Glance repository be fast enough? Who will provide images to that repository? I guess I'll add some images to it at start, and requests for other images will be sent to in...@ovirt.org, and we'll add what we can. Will be the security of those images somehow guaranteed? As for the performance and security - I'm cc-ing in...@ovirt.org to see what they can say about that. Thank you! Oved About systems: It could be useful for testing days. You know, Fedora XYZ testing day prepared images and so on. Fedora stable, beta. Centos stable. Ubuntu LTS. Debian Stable and Testing. I can imagine lots of images based on products, like fedora with foreman, fedora with (free)ipa, centos with DNS, firewall based distribution and lot of more. :-) ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] hacking at the ovirt db howto?
Useful information can be found in: http://www.ovirt.org/OVirt-DB-Issues Also, some useful commands appear in different wiki pages in the ovirt.org wiki. Just search for psql. Hope it helps, Oved - Original Message - From: Jason Brooks jbro...@redhat.com To: users@ovirt.org Sent: Thursday, October 17, 2013 7:02:35 AM Subject: [Users] hacking at the ovirt db howto? Hi All -- I'm finding myself sometimes in need of hacking at the oVirt DB -- has anyone written a wiki page or something about this? Thanks, Jason --- Jason Brooks Red Hat Open Source and Standards @jasonbrooks | @redhatopen http://community.redhat.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Host USB
See this wiki page about VDSM hooks. http://www.ovirt.org/Vdsm_Hooks Hope it is up to date. I Just skimmed it a bit. I think the step you're missing is configuring the engine to allow using this hook (see section http://www.ovirt.org/Vdsm_Hooks#VM-level_hooks). Hope it helps, Oved - Original Message - From: emi...@gmail.com To: Eduardo Ramos edua...@freedominterface.org, users@ovirt.org Sent: Friday, October 11, 2013 8:59:54 PM Subject: Re: [Users] Host USB I've installed the hook on both host that belong to the cluster where the VM is but I don't get the option to configure. I've also pinned the vm to a host but I get the same options as in any other vm from the cluster. There is something that I'm not doing? Regards! 2013/10/11 Eduardo Ramos edua...@freedominterface.org You're welcome! On 10/11/2013 02:13 PM, emi...@gmail.com wrote: Oh! great! i though that was by modifying the xml by hand. Thanks! 2013/10/11 Eduardo Ramos edua...@freedominterface.org Emitor, You won't put it into a XML. You will configure it in ovirt webadmin. First you have to install hostusb hook on the host machine. Then editing your virtual machine, go to the 'Custom Properties' tab. There, select 'hostusb' and in the right textbox, put the id. Example: 0x1234:0xbeef. You can define several ids, putting '' between them: 0x1234:0xbeef0x:0xabaa. http://imagebin.org/273393 I hope it is what you want. On 10/11/2013 01:56 PM, emi...@gmail.com wrote: Thanks for your answer Eduardo, but i don't know which is the file where i have to put the '0x', I mean the XML file that describes the VM. Where is it located? Regards! 2013/10/11 Eduardo Ramos edua...@freedominterface.org Hi my friend! On the host, you can run 'lsusb' command. It will return you some like this: Bus 002 Device 004: ID 413c:2106 Dell Computer Corp. Dell QuietKey Keyboard You just add '0x' in the begining of ids. On 10/11/2013 01:17 PM, emi...@gmail.com wrote: Hi, I would like to implement the USB pass through from a host to a VM. I don't know how to configure the hook that allow me to do this. Could you give me some guidance with this? I''ve readed this: http://www.ovirt.org/VDSM-Hooks/hostusb But I don't know where is located the VM XML that it's mentioned there. Regards! ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- Emiliano Tortorella +598 98941176 emi...@gmail.com -- Emiliano Tortorella +598 98941176 emi...@gmail.com -- Emiliano Tortorella +598 98941176 emi...@gmail.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Multiple network interfaces on engine?
- Original Message - From: Michael Pasternak mpast...@redhat.com To: Rickard Kristiansson rick...@sanuksystems.com, users@ovirt.org, Oved Ourfalli ov...@redhat.com Cc: Ohad Levy ol...@redhat.com Sent: Monday, September 23, 2013 2:35:40 PM Subject: Re: [Users] Multiple network interfaces on engine? On 09/23/2013 02:23 PM, Rickard Kristiansson wrote: Hmm.. yes, I do have the storage network configured in DC and Cluster, and also attached to all my hypervisors. The question is just how I also attach it to the Engine server, as this isn't visible as a node in the GUI? i think this could be done with puppet, afaik some work for integrating it to oVirt been done lately, though not sure if it's already available, oved? Not sure I understand the use-case, but currently the integration doesn't allow provisioning of any kind on hosts. Oved *Från: *Michael Pasternak mpast...@redhat.com *Till: *Rickard Kristiansson rick...@sanuksystems.com *Kopia: *users@ovirt.org, \René \Koch (ovido)\\ r.k...@ovido.at *Skickat: *måndag, 23 sep 2013 13:20:06 *Ämne: *Re: [Users] Multiple network interfaces on engine? On 09/23/2013 01:50 PM, Rickard Kristiansson wrote: Thanks Michael, I'm still trying to get my head around this, but I can't see how I configure the networks on the engine? For nodes and AOI it's OK, but in my case I am running the engine as a separate server which is not a node and does not show up as a Host in the GUI. Or do I need to add the engine as a host in the GUI as well, to be able to configure it? IIUC your question, you have various options: 1. GUI 2. SDKs 3. CLI you need to create network in DC, attach it to cluster, attach to host NIC/s (if you want it to be atomic operation, i.e you expect connectivity loss during the operation/s, setupnetworks should be used, otherwise you can use attach-network dialogues in UI) *Från: *Michael Pasternak mpast...@redhat.com *Till: *Rickard Kristiansson rick...@sanuksystems.com *Kopia: *users@ovirt.org *Skickat: *måndag, 23 sep 2013 12:21:40 *Ämne: *Re: [Users] Multiple network interfaces on engine? On 09/23/2013 12:54 PM, Rickard Kristiansson wrote: Hi, I want to use two network interfaces connected to different networks in Engine (3.3), where one is for ovirtmgmt and one is for a separate storage network. It works fine for a minute or so after rebooting Engine, but then the configuration is changed by Engine, connecting both interfaces to bond0 and losing connectivity (as obviously you can't bond those two interfaces when they are connected to separate physical networks..). What is the mechanism doing this, please see this [1]. [1] http://www.ovirt.org/Features/Design/Network/SetupNetworks and it is possible to disable this automatic network bonding on the engine so that we can use separate networks on the network interfaces..? attaching logs would help, but i guess it happen cause you did not saved your host network config, i.e when host got rebooted, it performs roll-back to old config, this is actually disaster recovery mechanism. Rickard ** ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- Michael Pasternak RedHat, ENG-Virtualization RD -- Michael Pasternak RedHat, ENG-Virtualization RD -- Michael Pasternak RedHat, ENG-Virtualization RD ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Problem Creating oVirt Engine
- Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Richie@HIP richiepiovane...@healthcareinfopartners.com Cc: users@ovirt.org Sent: Sunday, August 11, 2013 9:49:28 AM Subject: Re: [Users] Problem Creating oVirt Engine - Original Message - From: Richie@HIP richiepiovane...@healthcareinfopartners.com To: Itamar Heim ih...@redhat.com Cc: users@ovirt.org Sent: Saturday, August 10, 2013 5:41:58 AM Subject: Re: [Users] Problem Creating oVirt Engine Last week I dove deep into a fiends network and Active Directory infrastructure trying to install oVirtEngine with default values. I was able to have AD DHCP recognize the VirtualBox oViertEngine VM and it took the better part of three (3) hours to get the DHCP to recognize the Name of the computer; it would show the IP and MAC address, but with empty name. Finally I discovered that the name of the VM Fedora 18 machine had to be defines under System Settings Details Overview Device Name; t had localloop.localdomain and chained to ovirtenine and reotedh P showed e Name of the computer. The DNS entry had to be made by hand since for some reason the DHCP lease was not being copied to the DNS database. Once both of these (DHCP and DNS where death with, oVirtEngine installed as documented - without errors and hangs. Then I opened the Welcome to oVirt Engine / Management web page. Upon trying to open any of the portals, I was asked to verify the certificate; which I accepted. I grid opening the User Portal and upon being presented the Login screen I entered admin as user, and welcome as the password (that's what I defined as password for the test VM I'm creating.) I awaited several minuted and nothing happened. I shut down the oVirtEngine VM, and increased the VM RAM from 4 Gb to 6 Gb. Rebooted and reconnected and was able to enter the Users Portal, albeit after waiting almost a minute. Voila…!!! It works…!!! But then I realized it was a premature celebration. When trying to enter the Administration Portal, seeing the login screen, more than half an hour passed and nothing happened; only a spinning cursor and hardly any disk or LAN activity in the oVirtEngine VM. I copied all the entries in the engine.log related to today. I'm including them as attachment so anyone can tell me why I can;t enter the oVirtEngine Administrator Portal. Neither can I get into the Reports Portal which even shows a message with either a typo, of a british way of expressing legal (it read LeAgal (the uppercase A is my way of showing the typo). Please let me know if you have any suggestions regarding logging into the Administrator Portal. Could it be that at least one node has to exist…? In the engine.log I can see several INFO and WAR messages, but the ERROR ones (which are very few) are to cryptic for me to make sense of them. I saw the log, indeed looks strange. In order to get all the data of the main screen (after login) several queries are run to the engine in order to fetch the data What I would suggest (unless someone else can see something I missed in the log) is to consider to run ovirt-engine in such a way that debug messages will be logged as well. What browser are you using? I recently had a similar issue with Firefox, and when I switched to Chrome and there it worked well. Then, I tried to clear the cache in my Firefox, and it worked well there as well. Hope it helps, Oved oVirt is beginning to come alive on my side; but not quite there yet. Any help appreciated.. RIchie José E (Richie) Piovanetti, MD, MS M: 787-615-4884 | richiepiovane...@healthcareinfopartners.com On Aug 1, 2013, at 3:59 PM, Richie@HIP richiepiovane...@healthcareinfopartners.com wrote: In a conversation via IRC, someone suggested that I activate dnsmask to overcome what appears to be a DNS problem. I'll try that other possibility once I get home later today. In the mean time, what do you mean by fixing the hostname…? I opened and fixed the HOSTNAMES and changed it from localhost-localdomain to localhost.localdomain and that made no difference. Albeit, after changing I didm;t restart, remove ovirtEngine ((using engine-cleanup) and reinstalled via engine-setup. Is that what you mean…? In the mean time, the fact that even if I resolve the issue of oVirtEngine I will not be able to connect to the oVirt Nodes unless I have DNS resolution, apparently means I should do something with resolving via DNS in my home LAN (i.e implement some sort of DNS Cache so I can resolve my home computers via DNS inside my LAN). Any suggestions are MORE THAN WELCOME…!!! Richie José E (Richie) Piovanetti, MD, MS M: 787-615-4884 | richiepiovane...@healthcareinfopartners.com On Aug 1,
Re: [Users] How to add another @internal user
- Original Message - From: Ernest Beinrohr ernest.beinr...@axonpro.sk To: users users@ovirt.org Sent: Monday, May 20, 2013 12:40:47 PM Subject: [Users] How to add another @internal user I'd like to add another user to my ovirt engine 3.2, but all means fail somehow. I installed the engine from http://www.dreyou.org/ovirt/ovirt-engine32/ on centos6 and created a local pgsql database, no IPA. How can I add another user? SO far I have tried: engine-manage-domains -action=add -domain=internal -user=admin@internal -provider=RHDS -interactive engine-manage-domains -action=add -domain=internal -provider='RHDS' -user='nagios' -interactive engine-manage-domains -action=add -domain=axonpro.sk -user=nagios -provider=LDAP -interactive -addPermissions PS: we have a separate LDAP server for our domain, Ideally i'd like to use the credentials from that, but local users is OK too. The engine-manage-domains command is used in order to add new authentication domains to the oVirt engine (supporting RHDS, IPA, Active Directory, Tivoli-DS). The internal domain is a special build-in domain, with one admin user, and you can't add users to it. (A patch a few months ago to support users on top of /etc/passwd, but afair it wasn't approved). Oved -- Ernest Beinrohr, AXON PRO Ing , RHCE , RHCVA , LPIC , +421-2--6241-0360 , +421-903--482-603 icq:28153343, skype:oernii-work , jabber:oer...@jabber.org “The bureaucracy is expanding to meet the needs of the expanding bureaucracy.” ― Oscar Wilde ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Openstack Quantum , Cinder and Glance integration with oVirt.
- Original Message - From: Romil Gupta romilgupt...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users users@ovirt.org Sent: Monday, May 20, 2013 1:15:04 PM Subject: Re: [Users] Openstack Quantum , Cinder and Glance integration with oVirt. Hi , Thanks for the help, I am able to load the ovirt-cinder driver. But , got stuck in creating the volumes. cinder/volume.log: 2013-05-20 14:36:48.161 6699 INFO cinder.service [-] Caught SIGTERM, stopping children 2013-05-20 14:36:48.162 6699 INFO cinder.service [-] Waiting on 1 children to exit 2013-05-20 14:36:48.162 6720 INFO cinder.service [-] Caught SIGTERM, exiting 2013-05-20 14:36:48.175 6699 INFO cinder.service [-] Child 6720 exited with status 1 2013-05-20 14:36:50.572 7116 INFO cinder.volume.manager [-] volume_driver == cinder.volume.drivers.ovirt.OVirtDriver 2013-05-20 14:36:50.573 7116 INFO cinder.service [-] Starting 1 workers 2013-05-20 14:36:50.576 7116 INFO cinder.service [-] Started child 7151 2013-05-20 14:36:50.585 7151 AUDIT cinder.service [-] Starting cinder-volume node (version 2013.1) 2013-05-20 14:36:51.679 INFO cinder.volume.drivers.rhevm [req-0dc7b534-0a06-4073-8769-651549730b65 None None] Connected to oVirt Successful 2013-05-20 14:36:52.178 INFO cinder.volume.manager [req-0dc7b534-0a06-4073-8769-651549730b65 None None] Updating volume status 2013-05-20 14:36:52.331 7151 INFO cinder.openstack.common.rpc.common [-] Connected to AMQP server on localhost:5672 2013-05-20 14:37:37.351 INFO cinder.volume.manager [req-3f3f037e-71aa-4bfa-b40f-1245aa52811d None None] Updating volume status After , I tried cinder create --display-name disk1 5 and got the following in scheduler log : 2013-05-20 14:56:49.499 7094 AUDIT cinder.service [-] SIGTERM received 2013-05-20 14:56:51.485 7460 AUDIT cinder.service [-] Starting cinder-scheduler node (version 2013.1) 2013-05-20 14:56:51.548 7460 INFO cinder.openstack.common.rpc.common [-] Connected to AMQP server on localhost:5672 2013-05-20 14:56:51.860 7460 INFO cinder.openstack.common.rpc.common [-] Connected to AMQP server on localhost:5672 2013-05-20 14:58:11.888 WARNING cinder.scheduler.host_manager [req-644215b3-7e4d-4761-a533-b76db6cfbcaf 724c0c1ff7774234a01d87968a7eb4bc 768105b3d64748ca8776bf8f13e8f3c9] service is down or disabled. 2013-05-20 14:58:11.890 WARNING cinder.scheduler.filters.capacity_filter [req-644215b3-7e4d-4761-a533-b76db6cfbcaf 724c0c1ff7774234a01d87968a7eb4bc 768105b3d64748ca8776bf8f13e8f3c9] Free capacity not set;volume node info collection broken. 2013-05-20 14:58:11.891 WARNING cinder.scheduler.manager [req-644215b3-7e4d-4761-a533-b76db6cfbcaf 724c0c1ff7774234a01d87968a7eb4bc 768105b3d64748ca8776bf8f13e8f3c9] Failed to schedule_create_volume: No valid host was found. 1. Do we need to implement more methods in OVirtDriver for cinder? 2. Why the request is not going to 'create_volume' method in cinder.volume. ovirt.OVirtDriver ? I'm sure that you may need more methods, as this was POC code, so we only put the minimum required. It was based on FOLSOM, so if you're working with a more updated version then the interfaces might have changed. I did that a few months ago, so I currently don't have an environment in which I can test that. However, from the errors it looks like it is an environmental issue, as it didn't even get to the driver (it says it failed to schedule the cinder command). Oved It would be great if you answer the above questions. Thanks, Romil On Sun, May 19, 2013 at 10:44 AM, Oved Ourfalli ov...@redhat.com wrote: Hi Romil. Sorry for the late response. In order to use the cinder driver you need to set the following configuration items in /etc/cinder/cinder.conf volume_driver=cinder.volume.ovirt.OVirtDriver ovirt_engine_url= http://10.35.1.202:8080/api ovirt_engine_username=user@domain ovirt_engine_password=password ovirt_engine_storagedomain=nfs-data1 What did you fail on? Can you attach the cinder log for us to see? Also cc-ing Federico, who worked with me on the driver. Thank you, Oved - Original Message - From: Romil Gupta romilgupt...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users users@ovirt.org Sent: Wednesday, May 15, 2013 5:41:42 PM Subject: Re: [Users] Openstack Quantum , Cinder and Glance integration with oVirt. Hi Oved , I have gone through the code , it would be great if you let me know what are the flags we need to set in the cinder.conf to load the oVirt-cinder driver. Is this the correct flag volume_driver=cinder.volume.drivers.ovirt. OVirtDriver ? If yes , still I am not able to load it. I have also change the following flags based on my setup: volume_opts = [ cfg . StrOpt ( 'ovirt_engine_url' , default = ' http://localhost:8700/api ' , help = '' ), cfg . StrOpt ( 'ovirt_engine_username' , default = 'admin@internal' , help
Re: [Users] Openstack Quantum , Cinder and Glance integration with oVirt.
Hi Romil. Sorry for the late response. In order to use the cinder driver you need to set the following configuration items in /etc/cinder/cinder.conf volume_driver=cinder.volume.ovirt.OVirtDriver ovirt_engine_url=http://10.35.1.202:8080/api; ovirt_engine_username=user@domain ovirt_engine_password=password ovirt_engine_storagedomain=nfs-data1 What did you fail on? Can you attach the cinder log for us to see? Also cc-ing Federico, who worked with me on the driver. Thank you, Oved - Original Message - From: Romil Gupta romilgupt...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users users@ovirt.org Sent: Wednesday, May 15, 2013 5:41:42 PM Subject: Re: [Users] Openstack Quantum , Cinder and Glance integration with oVirt. Hi Oved , I have gone through the code , it would be great if you let me know what are the flags we need to set in the cinder.conf to load the oVirt-cinder driver. Is this the correct flag volume_driver=cinder.volume.drivers.ovirt. OVirtDriver ? If yes , still I am not able to load it. I have also change the following flags based on my setup: volume_opts = [ cfg . StrOpt ( 'ovirt_engine_url' , default = ' http://localhost:8700/api ' , help = '' ), cfg . StrOpt ( 'ovirt_engine_username' , default = 'admin@internal' , help = '' ), cfg . StrOpt ( 'ovirt_engine_password' , default = 'letmein!' , help = '' ), cfg . StrOpt ( 'ovirt_engine_storagedomain' , default = 'OpenStackDomain' , help = '' ), cfg . StrOpt ( 'ovirt_engine_sparse' , default = True , help = '' ), Help me out regarding the same. On Thu, May 9, 2013 at 7:23 PM, Romil Gupta romilgupt...@gmail.com wrote: Thanks for sharing the code and yes I had missed the mail from you earlier. I am just going through the code and would let you know if I need some help from you. On Thu, May 9, 2013 at 7:19 PM, Oved Ourfalli ov...@redhat.com wrote: - Original Message - From: Romil Gupta romilgupt...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users users@ovirt.org Sent: Thursday, May 9, 2013 4:31:23 PM Subject: Re: [Users] Openstack Quantum , Cinder and Glance integration with oVirt. Thanks Itamar, Yes , the intent is to consume oVirt from the Openstack side. Oved: thanks, I would be great if you could share the code. Code was shared earlier on the thread before you got a chance to send your response, but in case you missed it, the code is in: https://github.com/oourfali/openstack-ovirt-driver Also, Itamar added an important note about that: Romil - the POC above expects the glance image to pre-exist as a template (by same name). I think your glance driver for ovirt to directly show the ovirt template from ovirt is a better approach. Let me know if you need more details, Oved On Thu, May 9, 2013 at 6:09 PM, Oved Ourfalli ov...@redhat.com wrote: - Original Message - From: Itamar Heim ih...@redhat.com To: Romil Gupta romilgupt...@gmail.com , Oved Ourfalli oourf...@redhat.com Cc: Mike Kolesnik mkole...@redhat.com , users users@ovirt.org Sent: Thursday, May 9, 2013 3:22:45 PM Subject: Re: [Users] Openstack Quantum , Cinder and Glance integration with oVirt. On 05/09/2013 09:34 AM, Romil Gupta wrote: Thanks Mike , I have already gone through the links you suggested above. As of now I am more interested to know about Cinder and glance integration with oVirt. It would be a great help if you share some references over this. Hi Romil, please note the quantum, glance and cinder integration allow ovirt to consume these services. from what i understood from the blueprint approach you took, you want openstack to consume ovirt. for glance, ovirt will allow to import glance images as templates, but to easily launch openstack instances on ovirt, your glance-ovirt-driver seems a better solution. for cinder, will take more time for ovirt to support a cinder storage domain, but if you want to use openstack with cinder-ovirt-driver, so a nova-ovirt-driver will be able to use the 'cinder' volumes from ovirt, i think oved can share his POC code for this. Romil, if you indeed need that one, let me know. It has been a while since I touched it so need to track it down, and do some cleanups and stuff there before I send it to you, Oved HTH, Itamar On Thu, May 9, 2013 at 11:58 AM, Mike Kolesnik mkole...@redhat.com mailto: mkole...@redhat.com wrote: Hi , Hi Romil, It would be great to know about the Quantum integration with oVirt and eagerly waiting for its release date. Quantum integration is moving along nicely, we already have a working POC with the Quantum Linux Bridge
Re: [Users] Openstack Quantum , Cinder and Glance integration with oVirt.
- Original Message - From: Itamar Heim ih...@redhat.com To: Romil Gupta romilgupt...@gmail.com, Oved Ourfalli oourf...@redhat.com Cc: Mike Kolesnik mkole...@redhat.com, users users@ovirt.org Sent: Thursday, May 9, 2013 3:22:45 PM Subject: Re: [Users] Openstack Quantum , Cinder and Glance integration with oVirt. On 05/09/2013 09:34 AM, Romil Gupta wrote: Thanks Mike , I have already gone through the links you suggested above. As of now I am more interested to know about Cinder and glance integration with oVirt. It would be a great help if you share some references over this. Hi Romil, please note the quantum, glance and cinder integration allow ovirt to consume these services. from what i understood from the blueprint approach you took, you want openstack to consume ovirt. for glance, ovirt will allow to import glance images as templates, but to easily launch openstack instances on ovirt, your glance-ovirt-driver seems a better solution. for cinder, will take more time for ovirt to support a cinder storage domain, but if you want to use openstack with cinder-ovirt-driver, so a nova-ovirt-driver will be able to use the 'cinder' volumes from ovirt, i think oved can share his POC code for this. Romil, if you indeed need that one, let me know. It has been a while since I touched it so need to track it down, and do some cleanups and stuff there before I send it to you, Oved HTH, Itamar On Thu, May 9, 2013 at 11:58 AM, Mike Kolesnik mkole...@redhat.com mailto:mkole...@redhat.com wrote: Hi , Hi Romil, It would be great to know about the Quantum integration with oVirt and eagerly waiting for its release date. Quantum integration is moving along nicely, we already have a working POC with the Quantum Linux Bridge plugin. We are currently working on stabilizing the POC and making it a tech preview for the 3.3 release. You can see the relevant details here: www.ovirt.org/Features/Detailed_Quantum_Integration http://www.ovirt.org/Features/Detailed_Quantum_Integration Also if you're interested in the POC, you can see details (and videso) here: http://www.ovirt.org/Features/Detailed_Quantum_Integration#Proof_of_Concept Regards, Mike If possible, Can anyone please share the references( demo video , ppt ,link or git ) for Cinder and Glance integration. * * *Regards,* *Romil Gupta * ___ Users mailing list Users@ovirt.org mailto:Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- *Thanks Regards,* *Romil Gupta * ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Openstack Quantum , Cinder and Glance integration with oVirt.
- Original Message - From: Romil Gupta romilgupt...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users users@ovirt.org Sent: Thursday, May 9, 2013 4:31:23 PM Subject: Re: [Users] Openstack Quantum , Cinder and Glance integration with oVirt. Thanks Itamar, Yes , the intent is to consume oVirt from the Openstack side. Oved: thanks, I would be great if you could share the code. Code was shared earlier on the thread before you got a chance to send your response, but in case you missed it, the code is in: https://github.com/oourfali/openstack-ovirt-driver Also, Itamar added an important note about that: Romil - the POC above expects the glance image to pre-exist as a template (by same name). I think your glance driver for ovirt to directly show the ovirt template from ovirt is a better approach. Let me know if you need more details, Oved On Thu, May 9, 2013 at 6:09 PM, Oved Ourfalli ov...@redhat.com wrote: - Original Message - From: Itamar Heim ih...@redhat.com To: Romil Gupta romilgupt...@gmail.com , Oved Ourfalli oourf...@redhat.com Cc: Mike Kolesnik mkole...@redhat.com , users users@ovirt.org Sent: Thursday, May 9, 2013 3:22:45 PM Subject: Re: [Users] Openstack Quantum , Cinder and Glance integration with oVirt. On 05/09/2013 09:34 AM, Romil Gupta wrote: Thanks Mike , I have already gone through the links you suggested above. As of now I am more interested to know about Cinder and glance integration with oVirt. It would be a great help if you share some references over this. Hi Romil, please note the quantum, glance and cinder integration allow ovirt to consume these services. from what i understood from the blueprint approach you took, you want openstack to consume ovirt. for glance, ovirt will allow to import glance images as templates, but to easily launch openstack instances on ovirt, your glance-ovirt-driver seems a better solution. for cinder, will take more time for ovirt to support a cinder storage domain, but if you want to use openstack with cinder-ovirt-driver, so a nova-ovirt-driver will be able to use the 'cinder' volumes from ovirt, i think oved can share his POC code for this. Romil, if you indeed need that one, let me know. It has been a while since I touched it so need to track it down, and do some cleanups and stuff there before I send it to you, Oved HTH, Itamar On Thu, May 9, 2013 at 11:58 AM, Mike Kolesnik mkole...@redhat.com mailto: mkole...@redhat.com wrote: Hi , Hi Romil, It would be great to know about the Quantum integration with oVirt and eagerly waiting for its release date. Quantum integration is moving along nicely, we already have a working POC with the Quantum Linux Bridge plugin. We are currently working on stabilizing the POC and making it a tech preview for the 3.3 release. You can see the relevant details here: www.ovirt.org/Features/Detailed_Quantum_Integration http://www.ovirt.org/Features/Detailed_Quantum_Integration Also if you're interested in the POC, you can see details (and videso) here: http://www.ovirt.org/Features/Detailed_Quantum_Integration#Proof_of_Concept Regards, Mike If possible, Can anyone please share the references( demo video , ppt ,link or git ) for Cinder and Glance integration. * * *Regards,* *Romil Gupta * ___ Users mailing list Users@ovirt.org mailto: Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- *Thanks Regards,* *Romil Gupta * ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- Thanks Regards, Romil Gupta ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] usb support ,what is the meaning of native,legacy
Hi, Information about the native vs. legacy USB support is well explained in http://www.ovirt.org/Features/SPICERelatedFeatures As for monitor number, it defines the number of monitor devices on the guest. Practically, what it gets you is a second client window that you can extend your guest desktop onto. (some details on that are also on the same wiki page). Regards, Oved - Original Message - From: bigclouds bigclo...@163.com To: users@ovirt.org Sent: Monday, April 22, 2013 4:55:17 AM Subject: [Users] usb support ,what is the meaning of native,legacy hi,all: 1.if use spice protocol, enable usb support. what is the meaning of 'legacy, native', what is monitor number? thanks ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] ldap
- Original Message - From: Ryan Wilkinson ryanw...@gmail.com To: users@ovirt.org Sent: Thursday, March 28, 2013 2:42:56 PM Subject: [Users] ldap I'm able to set up Active Directory authentication if my ovirt engine is set to use dns that is hosted on the same system as Active Directory. However, if I use static host entries in my engine hosts file instead of using dns I'm getting the error ldap server for domain not found when I issue the command: engine-manage-domains -action=add -domain=’ovirt.local' -user='admin' -provider=ActiveDirectory -interactive from the engine. I've googled to death how to configure static entries on my engine system for the ldap server and it seems that I need to configure my nsswitch and ldap.conf files but still no luck... Any ideas?? Hi Ryan, To work with LDAP you currently need to have both LDAP and Kerberos SRV records in the DNS, as well as PTR record. If you would like to work locally I can suggest working with dnsmasq (lightweight DHCP and caching DNS server) locally, defining these entries there, and setting /etc/resolv.conf properly, so that it would access it. The configuration is in /etc/dnsmasq.conf (or in /etc/dnsmasq.d/...). Example for LDAP and Kerberos records: srv-host=_ldap._tcp.my_domain.com,ad.my_domain.com,389 srv-host=_kerberos._tcp.my_domain.com,ad.my_domain.com,88 and, afaik it also takes /etc/hosts and creates PTR records for the entries there, so that should be enough, if you add your AD host in /etc/hosts (I guess you can also add those manually in dnsmasq). Let me know if you need further assistance. Oved ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] UI lack of ui-plugins
- Original Message - From: bigclouds bigclo...@163.com To: users@ovirt.org Sent: Monday, March 4, 2013 12:07:53 PM Subject: [Users] UI lack of ui-plugins at last i build engine code success, then i start jboss-as. go to http://host:8700, when i click user,admin portal, error occur. 1. it reports ui-plugins is miss. 2. $OVIRT_HOME/backend/manager/conf/engine.conf.defaults ENGINE_USR=username ENGINE_ETC=/etc/ovirt-engine i do not know what ENGINE_USR really is? thanks. ENGINE_USR should be something like /usr/share/ovirt-engine The warning about the ui-plugins directory is probably because it doesn't exist (see bug https://bugzilla.redhat.com/show_bug.cgi?id=895933), but that shouldn't effect anything besides loading UI plugins you wrote/downloaded, so the admin portal should work properly. As far as I know, the ENGINE_USR is currently used only in order to detect the ui-plugins directory. What happens when you just browse to http://host:8700/webadmin ? Does it work? error -msg: 2013-03-04 17:39:10,182 INFO [org.ovirt.engine.core.bll.DbUserCacheManager] (DefaultQuartzScheduler_Worker-1) Start refreshing all users data 2013-03-04 17:39:10,338 INFO [org.ovirt.engine.core.vdsbroker.ResourceManager] (MSC service thread 1-1) Finished initializing ResourceManager 2013-03-04 17:39:10,365 INFO [org.ovirt.engine.core.bll.AsyncTaskManager] (MSC service thread 1-1) Initialization of AsyncTaskManager completed successfully. 2013-03-04 17:39:10,384 INFO [org.ovirt.engine.core.bll.OvfDataUpdater] (MSC service thread 1-1) Initialization of OvfDataUpdater completed successfully. 2013-03-04 17:39:10,388 INFO [org.ovirt.engine.co re.bll.VdsLoadBalancer] (MSC service thread 1-1) Start scheduling to enable vds load balancer 2013-03-04 17:39:10,394 INFO [org.ovirt.engine.core.bll.VdsLoadBalancer] (MSC service thread 1-1) Finished scheduling to enable vds load balancer 2013-03-04 17:39:10,410 INFO [org.ovirt.engine.core.bll.network.MacPoolManager] (pool-10-thread-1) Start initializing MacPoolManager 2013-03-04 17:39:10,450 INFO [org.ovirt.engine.core.bll.InitBackendServicesOnStartupBean] (MSC service thread 1-1) Init VM custom properties utilities 2013-03-04 17:39:10,461 INFO [org.ovirt.engine.core.bll.network.MacPoolManager] (pool-10-thread-1) Finished initializing MacPoolManager 2013-03-04 17:39:10,470 INFO [org.jboss.as] (MSC service thread 1-2) JBAS015951: Admin console listening on http://127.0.0.1:9990 2013-03-04 17:39:10,471 INFO [org.jboss.as] (MSC service thread 1-2) JBAS015874: JBoss AS 7.1.1.Final Brontes started in 11961ms - Started 507 of 594 services (86 services are passive or on-demand) 2013-03-04 17:39:10,560 INFO [org.jboss.as.server] (DeploymentScanner-threads - 2) JBAS018559: Deployed engine.ear 2013-03-04 17:42:22,716 ERROR [org.jboss.remoting.remote.connection] (Remoting ovirtdev read-1) JBREM000200: Remote connection failed: java.io.IOException: Received an invalid message length of 1195725856 2013-03-04 17:42:56,702 ERROR [org.jboss.remoting.remote.connection] (Remoting ovirtdev read-1) JBREM000200: Remote connection failed: java.io.IOException: Received an invalid message length of 1195725856 2013-03-04 17:45:14,258 INFO [org.hibernate.validator.util.Version] (http--0.0.0.0-8700-1) Hibernate Validator 4.2.0.Final 2013-03-04 17:45:14,385 INFO [org.ovirt.engine.core.utils.LocalConfig] (http--0.0.0.0-8700-1) Loaded file /mnt/ovirt-engine/backend/manager/conf/engine.conf.defaults. 2013-03-04 17:45:14,386 INFO [org.ovirt.engine.core.utils.LocalConfig] (http--0.0.0.0-8700-1) Loaded file /etc/sysconfig/ovirt-engine. 2013-03-04 17:45:14,392 INFO [org.ovirt.engine.core.utils.LocalConfig] (http--0.0.0.0-8700-1) Value of property ENGINE_DEBUG_ADDRESS is 0.0.0.0:8787. 2013-03-04 17:45:14,393 INFO [org.ovirt.engine.core.utils.LocalConfig] (http--0.0.0.0-8700-1) Value of property ENGINE_ETC is /etc/ovirt-engine. 2013-03-04 17:45:14,394 INFO [org.ovirt.engine.core.utils.LocalConfig] (http--0.0.0.0-8700-1) Value of property ENGINE_USR is root. 2013-03-04 17:45:14,397 WARN [org.ovirt.engine.ui.frontend.server.gwt.plugin.PluginDataManager] (http--0.0.0.0-8700-1) Cannot list UI plugin descriptor files in [/mnt/ovirt-engine/root/ui-plugins] 2013-03-04 17:48:13,672 WARN [org.ovirt.engine.ui.frontend.server.gwt.plugin.PluginDataManager] (http--0.0.0.0-8700-1) Ca nnot list UI plugin descriptor files in [/mnt/ovirt-engine/root/ui-plugins] ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Introducing oVirt Monitoring UI-Plugin
Extremely Cool! Oved - Original Message - From: René Koch (ovido) r.k...@ovido.at To: ovirt-users users@ovirt.org Sent: Tuesday, February 19, 2013 4:04:13 PM Subject: [Users] Introducing oVirt Monitoring UI-Plugin I'm happy to announce oVirt Monitoring UI-Plugin, which allows the integration of a Nagios or Icinga monitoring solution into oVirt 3.2 webadmin. With this plugin you can access detailed service check results and information including performance graphs within oVirt webadmin for hosts and virtual machines. We look forward to extend this plugin with more Nagios/Icinga features like acknowledgments, comments or service rescheduling, permissions, dashboards, check_mk-integration for virtual machine monitoring and many more. For more information about this project and screenshots please visit https://labs.ovido.at/monitoring/wiki/ovirt-monitoring-ui-plugin The download location is * https://labs.ovido.at/monitoring/wiki/ovirt-monitoring-ui-plugin %3Adownload Please note that this first release is an early development version with some minor CSS bugs on some browsers. If you have any questions or ideas, please drop me an email: r.k...@ovido.at. Thank you for using oVirt Monitoring UI-Plugin. -- Best Regards René Koch Senior Solution Architect ovido gmbh - Das Linux Systemhaus Brünner Straße 163, A-1210 Wien Phone: +43 720 / 530 670 Mobile: +43 660 / 512 21 31 E-Mail: r.k...@ovido.at ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] Slides of my FOSDEM sessions
Hey all, I did two sessions in FOSDEM (and one on the Build a Cloud Day track in Puppet Camp). The slides are available on Slideshare: * Supporting and Using EC2/CIMI on top of Cloud Environments via Deltacloud (same session on FOSDEM and Puppet Camp) - http://www.slideshare.net/OvedOurfali/supporting-and-using-ec2cimi-on-top-of-cloud-environments-via-deltacloud (PDF version in http://goo.gl/NfZcz) * oVirt UI Plugin Infrastructure and the oVirt-Foreman plugin - http://www.slideshare.net/OvedOurfali/ovirt-foremanpluginfosdem (PDF version in http://goo.gl/GSgFd) Enjoy! Oved ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] Community feedback on the new UI-plugin Framework
Hey all, We had an oVirt workshop this week, which included a few sessions about the new oVirt UI Plugin framework, including a Hackaton and a BOF session. I've gathered some feedback we got from the different participants about the framework, and what they would like to see in the future of it. 1. People liked the fact that it is a simple framework, allowing you to do nice extensions rapidly, without the need to know complex technologies (simple javascript knowledge is all you need to know). 2. People want the framework to provide tools for adding UI components (main/sub tabs, dialogs, etc.) that aren't URL based, but are based on components we currently have in oVirt, such as grids, key-value pairs (such as the general sub-tab), action buttons in these custom tabs and etc. The main reason for that is to easily develop a plugin with an oVirt-like look-and-feel. Chris Morrissey from Netapp showed a very nice plugin he wrote that did have an oVirt-like look-and-feel, but it wasn't easy and it required him to to develop something specific for the plugin to interact with, in the 3rd party application (something similar to the work we did in the oVirt-Foreman UI-plugin). 3. Support adding tasks to the system - plugins may trigger asynchronous tasks behind the scene, both oVirt and external ones. oVirt tasks and their progress will be reflected in the tasks management view, but if the flows contain external tasks as well, then it would be hard to track through the oVirt UI. 4. Plugin management * The ability to see what plugins are installed... install new plugins and remove existing ones. * Change the plugin configuration through webadmin * Distinguish between public plugin configuration entries (entries the user to change), to private ones (entries it can't). I guess that this point will be relevant for engine-plugins as well (once support for such plugins will be available) so we should consider providing a similar solution for both. Also, Chris pointed out that it should be taken into consideration as well when working on supporting HA-oVirt-engine, as plugins are vital part of the oVirt environment. If you find the feedback above true, or you have other comments that weren't mentioned here, please share it with us! Thank you, Oved P.S: I guess the slides will be uploaded sometime next week (I guess someone would have asked it soon... so now you have your answer :-) ) ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] UI Plugin issue when switching main tabs
- Original Message -
From: René Koch r.k...@ovido.at
To: Oved Ourfalli ov...@redhat.com
Cc: users@ovirt.org
Sent: Tuesday, January 22, 2013 1:51:58 PM
Subject: Re: [Users] UI Plugin issue when switching main tabs
Thanks a lot for your input - it was really helpfu!
I added a check for argument.length and now it's working as expected.
The working code is:
VirtualMachineSelectionChange: function() {
if (arguments.length == 1) {
var vmName = arguments[0].name;
alert(vmName);
// Reload VM Sub Tab
api.setTabContentUrl('vms-monitoring', conf.url +
'?subtab=vmsname=' + encodeURIComponent(vmName));
}
}
Btw, do you know if I can get the name of a host instead the
hostname/ip?
arguments[0].name; gives me the IP address (value of webadmin column
hostname/ip) but not the name (column name) - (I always use ips
instead of dns names for hypervisors)...
I don't think you can currently do that.
The plan is to expose all the attributes of the entity that are exposed via
REST, also in the plugin api, but currently that's not the case.
Not sure why it doesn't return the name itself (don't know if it is a bug, or
it is as designed), but anyway, other properties will be exposed in the
future.
Thanks,
René
-Original message-
From:Oved Ourfalli ov...@redhat.com
Sent: Tuesday 22nd January 2013 19:34
To: René Koch r.k...@ovido.at
Cc: users@ovirt.org
Subject: Re: [Users] UI Plugin issue when switching main tabs
Found your bug (I think):
You don't check in your code whether there is a selection (if
(arguments.length == 1) for example, if you want to act only when
one is selected).
You'll probably want to do similar logic to the Foreman plugin,
setting the sub-tab content URL only in case one VM is selected,
and setting the URL properly.
The fact that your alert won't show is that you call
arguments[0].name, and it fails when nothing is selected... and I
guess that's the case when you switch tabs.
Didn't check it out, but please check it out... and let me know
what you found :-)
Oved
- Original Message -
From: René Koch r.k...@ovido.at
To: Oved Ourfalli ov...@redhat.com
Cc: users@ovirt.org
Sent: Monday, January 21, 2013 6:05:47 PM
Subject: Re: [Users] UI Plugin issue when switching main tabs
When switching back to vm main tab changing the selection doesn't
work.
No matter which VM I select the VirtualMachineSelectionChange
function isn't called again (as my debug alert window doesn't
appear), but the last vm I selected before switching to another
main
tab is cached in variable vmName...
It works again after restarting engine-service.
I just tested your foreman plugin and it seems that this one is
working as expected.
Regards,
René
-Original message-
From:Oved Ourfalli ov...@redhat.com
Sent: Monday 21st January 2013 14:56
To: René Koch r.k...@ovido.at
Cc: users@ovirt.org; Vojtech Szocs vsz...@redhat.com
Subject: Re: [Users] UI Plugin issue when switching main tabs
I'll let Vojtech (cc-ed) to give a more accurate answer, but,
trying to narrow down the issue: when you switch to a different
main tab and then back to the VM main tab, and change the
selection in there, does it work?
(Trying to understand if the problem is only when doing the
switch,
and it works afterwards, or not).
Thank you,
Oved
- Original Message -
From: René Koch r.k...@ovido.at
To: users@ovirt.org
Sent: Sunday, January 20, 2013 11:07:13 PM
Subject: [Users] UI Plugin issue when switching main tabs
Hi,
I'm working on an UI plugin to integrate Nagios/Icinga into
oVirt
Engine and made some progress, but have an issue when
switching
the
main tabs.
I use VirtualMachineSelectionChange to create URL with name
of vm
(and HostSelectionChange for hosts).
Name is used in my backend code (Perl) for fetching
monitoring
status.
Here's the code of VirtualMachineSelectionChange:
VirtualMachineSelectionChange: function() {
var vmName = arguments[0].name;
alert(vmName);
// Reload VM Sub Tab
api.setTabContentUrl('vms-monitoring', conf.url +
'?subtab=vmsname=' + encodeURIComponent(vmName));
}
Everything works fine as long as I stay in Virtual Machine
main
tab.
When switching to e.g. Disks and back to Virtual Machines
again
the
JavaScript code of start.html isn't processed anymore (or
cached
(?)
as the my generated URL with last vm name will still be sent
back
to
my Perl backend) - added alert() to test this.
oVirt Engine version:
ovirt-engine-3.2.0-1.20130118
Re: [Users] UI Plugin issue when switching main tabs
I'll let Vojtech (cc-ed) to give a more accurate answer, but, trying to narrow
down the issue: when you switch to a different main tab and then back to the VM
main tab, and change the selection in there, does it work?
(Trying to understand if the problem is only when doing the switch, and it
works afterwards, or not).
Thank you,
Oved
- Original Message -
From: René Koch r.k...@ovido.at
To: users@ovirt.org
Sent: Sunday, January 20, 2013 11:07:13 PM
Subject: [Users] UI Plugin issue when switching main tabs
Hi,
I'm working on an UI plugin to integrate Nagios/Icinga into oVirt
Engine and made some progress, but have an issue when switching the
main tabs.
I use VirtualMachineSelectionChange to create URL with name of vm
(and HostSelectionChange for hosts).
Name is used in my backend code (Perl) for fetching monitoring
status.
Here's the code of VirtualMachineSelectionChange:
VirtualMachineSelectionChange: function() {
var vmName = arguments[0].name;
alert(vmName);
// Reload VM Sub Tab
api.setTabContentUrl('vms-monitoring', conf.url +
'?subtab=vmsname=' + encodeURIComponent(vmName));
}
Everything works fine as long as I stay in Virtual Machine main tab.
When switching to e.g. Disks and back to Virtual Machines again the
JavaScript code of start.html isn't processed anymore (or cached (?)
as the my generated URL with last vm name will still be sent back to
my Perl backend) - added alert() to test this.
oVirt Engine version:
ovirt-engine-3.2.0-1.20130118.gitd102d6f.fc18.noarch
Full code of start.hml: http://pastebin.com/iEY6dA6F
Thanks a lot for your help,
René
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] UI Plugins in nightly?
- Original Message - From: René Koch (ovido) r.k...@ovido.at To: ovirt-users users@ovirt.org Sent: Wednesday, January 16, 2013 11:31:39 AM Subject: [Users] UI Plugins in nightly? Hi, I installed oVirt engine on Fedora 18 with latest nightly RPMs and wanted to test the UI plugins, but it seems as this feature is still not available in nightly. According to Oved blog post (http://ovedou.blogspot.co.at/2012/12/ovirt-foreman-ui-plugin.html) custom plugins should be put into: /usr/share/ovirt-engine/ui-plugins UI plugins page on oVirt webpage (http://www.ovirt.org/Features/UIPlugins) I'm not sure whether this directory is automatically created when installing the engine, but the feature is there for sure. (if the directory isn't there then I guess it is a bug). Does it work well when you create this directory (/usr/share/ovirt-engine/ui-plugins) by yourself, and put your plugin files there? proposed /usr/libexec/ovirt/webadmin/extensions as the folder for UI plugins. But neither of these folder does exist in my setup. So I wanted to know if UI plugins are still not packaged and if they will be included in final oVirt 3.2? Thanks a lot. -- Regards, René Koch Senior Solution Architect ovido gmbh - Das Linux Systemhaus Brünner Straße 163, A-1210 Wien Phone: +43 720 / 530 670 Mobile: +43 660 / 512 21 31 E-Mail: r.k...@ovido.at ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] UI Plugins in nightly?
- Original Message - From: René Koch (ovido) r.k...@ovido.at To: ovirt-users users@ovirt.org Sent: Wednesday, January 16, 2013 11:51:10 AM Subject: Re: [Users] UI Plugins in nightly? On Wed, 2013-01-16 at 04:45 -0500, Oved Ourfalli wrote: - Original Message - From: René Koch (ovido) r.k...@ovido.at To: ovirt-users users@ovirt.org Sent: Wednesday, January 16, 2013 11:31:39 AM Subject: [Users] UI Plugins in nightly? Hi, I installed oVirt engine on Fedora 18 with latest nightly RPMs and wanted to test the UI plugins, but it seems as this feature is still not available in nightly. According to Oved blog post (http://ovedou.blogspot.co.at/2012/12/ovirt-foreman-ui-plugin.html) custom plugins should be put into: /usr/share/ovirt-engine/ui-plugins UI plugins page on oVirt webpage (http://www.ovirt.org/Features/UIPlugins) I'm not sure whether this directory is automatically created when installing the engine, but the feature is there for sure. (if the directory isn't there then I guess it is a bug). Does it work well when you create this directory (/usr/share/ovirt-engine/ui-plugins) by yourself, and put your plugin files there? I'll try if this works. Thanks. As I read in your blog that - at the time you created the foreman extension - UI plugins were not included in oVirt RPM packages I thought it's still missing as I don't have this folder on my system. Yes. At start I worked with the patches, that wasn't merged yet, and thus not part of the nightly packages, but they should be there now. I opened a bug on that https://bugzilla.redhat.com/show_bug.cgi?id=895933 Let me know if you need more help. Oved proposed /usr/libexec/ovirt/webadmin/extensions as the folder for UI plugins. But neither of these folder does exist in my setup. So I wanted to know if UI plugins are still not packaged and if they will be included in final oVirt 3.2? Thanks a lot. -- Regards, René Koch Senior Solution Architect ovido gmbh - Das Linux Systemhaus Brünner Straße 163, A-1210 Wien Phone: +43 720 / 530 670 Mobile: +43 660 / 512 21 31 E-Mail: r.k...@ovido.at ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] adding iso images
- Original Message - From: Itamar Heim ih...@redhat.com To: Carl T. Miller c...@carltm.com Cc: users@ovirt.org Sent: Sunday, January 6, 2013 5:25:31 PM Subject: Re: [Users] adding iso images On 01/06/2013 04:57 PM, Carl T. Miller wrote: Is there a way to add an iso image to an nfs share by simply copying a file? Or is there a command to run from one of the hosts? The only method I know is using engine-iso-uploader and it's not working in my environment. you can copy the file as well to the iso domain. need to verify ownership and permission after that. Also make sure you copy it to the most inner directory, which should be something like: /path/to/iso/domain/57dda1c8-1eb5-491d-881a-d8f00223d221/images/---- Because putting it on the root of the iso domain won't make it visible in the engine. Oved ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] oVirt-Foreman UI plugin
Hey all, I've been working on an oVirt-Foreman UI-plugin recently, using oVirt's new UI-plugin infrastructure. It allows users to see Foreman data on oVirt entities, from inside Webadmin. I wrote a blog post describing this plugin, what can he do, some challenges that I faced and solutions, some screenshots, future work and more. Check it out at: ovedou.blogpost.com I'll be happy to hear your feedback both on the blog and on the plugin itself! If you need help installing the plugin feel free to contact me :-) Cheers, Oved ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] [Engine-devel] oVirt-Foreman UI plugin
All links below work for me, from several devices. Is it still broken for someone? - Itamar Heim ih...@redhat.com wrote: On 12/20/2012 06:35 PM, Oved Ourfalli wrote: Hey all, I've been working on an oVirt-Foreman UI-plugin recently, using oVirt's new UI-plugin infrastructure. It allows users to see Foreman data on oVirt entities, from inside Webadmin. I wrote a blog post describing this plugin, what can he do, some challenges that I faced and solutions, some screenshots, future work and more. Check it out at: ovedou.blogpost.com link is broken... http://ovedou.blogspot.co.il/ http://ovedou.blogspot.co.il/2012/12/ovirt-foreman-ui-plugin.html I'll be happy to hear your feedback both on the blog and on the plugin itself! If you need help installing the plugin feel free to contact me :-) Cheers, Oved ___ Engine-devel mailing list engine-de...@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] [Engine-devel] oVirt-Foreman UI plugin
- Christopher Morrissey christopher.morris...@netapp.com wrote: The issue was blogpost.com vs. blogspot.com. Thank you for pointing it out. So the correct link is: http://ovedou.blogspot.com and there you will see the new post. (both links Itamar wrote below will work as well). Sorry for the inconvenience, Oved -Chris -Original Message- From: engine-devel-boun...@ovirt.org [mailto:engine-devel- boun...@ovirt.org] On Behalf Of Oved Ourfalli Sent: Thursday, December 20, 2012 12:52 PM To: Itamar Heim Cc: Ohad Levy; engine-devel; users@oVirt.org; Joseph Magen Subject: Re: [Engine-devel] [Users] oVirt-Foreman UI plugin All links below work for me, from several devices. Is it still broken for someone? - Itamar Heim ih...@redhat.com wrote: On 12/20/2012 06:35 PM, Oved Ourfalli wrote: Hey all, I've been working on an oVirt-Foreman UI-plugin recently, using oVirt's new UI-plugin infrastructure. It allows users to see Foreman data on oVirt entities, from inside Webadmin. I wrote a blog post describing this plugin, what can he do, some challenges that I faced and solutions, some screenshots, future work and more. Check it out at: ovedou.blogpost.com link is broken... http://ovedou.blogspot.co.il/ http://ovedou.blogspot.co.il/2012/12/ovirt-foreman-ui-plugin.html I'll be happy to hear your feedback both on the blog and on the plugin itself! If you need help installing the plugin feel free to contact me :-) Cheers, Oved ___ Engine-devel mailing list engine-de...@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Engine-devel mailing list engine-de...@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel ___ Engine-devel mailing list engine-de...@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Cannot find suitable CPU model for given data
- Original Message -
From: Cristian Falcas cristi.fal...@gmail.com
To: users@ovirt.org
Sent: Sunday, December 9, 2012 5:17:01 PM
Subject: [Users] Cannot find suitable CPU model for given data
Hi,
I get this error with the nightly builds when I start a VM:
libvirtError: internal error Cannot find suitable CPU model for given
data
Log data:
Thread-654::DEBUG::2012-12-09
17:14:18,120::libvirtvm::1485::vm.Vm::(_run)
vmId=`a4a8f349-7fdf-42f4-873e-e70f692c6ca2`::?xml version=1.0
encoding=utf-8?
domain type=kvm
nameq/name
uuida4a8f349-7fdf-42f4-873e-e70f692c6ca2/uuid
memory524288/memory
currentMemory524288/currentMemory
vcpu2/vcpu
devices
channel type=unix
target name=com.redhat.rhevm.vdsm type=virtio/
source mode=bind
path=/var/lib/libvirt/qemu/channels/q.com.redhat.rhevm.vdsm/
/channel
channel type=unix
target name=org.qemu.guest_agent.0 type=virtio/
source mode=bind
path=/var/lib/libvirt/qemu/channels/q.org.qemu.guest_agent.0/
/channel
input bus=ps2 type=mouse/
channel type=spicevmc
target name=com.redhat.spice.0 type=virtio/
/channel
graphics autoport=yes keymap=en-us listen=0 passwd=*
passwdValidTo=1970-01-01T00:00:01 port=-1 tlsPort=-1
type=spice
channel mode=secure name=main/
channel mode=secure name=inputs/
channel mode=secure name=cursor/
channel mode=secure name=playback/
channel mode=secure name=record/
channel mode=secure name=display/
channel mode=secure name=usbredir/
channel mode=secure name=smartcard/
/graphics
console type=pty
target port=0 type=virtio/
/console
sound model=ac97/
video
model heads=1 type=qxl vram=65536/
/video
interface type=bridge
mac address=00:1a:4a:6f:6f:f4/
model type=virtio/
source bridge=ovirtmgmt/
filterref filter=vdsm-no-mac-spoofing/
/interface
memballoon model=virtio/
disk device=cdrom snapshot=no type=file
source
file=/rhev/data-center/21ddcd50-aba8-461a-9ecf-c5762af89355/4f6a2b90-9c70-45e5-8b17-5274ee97ce73/images/----/CentOS-6.3-x86_64-bin-DVD1.iso
startupPolicy=optional/
target bus=ide dev=hdc/
readonly/
serial/serial
boot order=1/
/disk
disk device=disk snapshot=no type=file
source
file=/rhev/data-center/21ddcd50-aba8-461a-9ecf-c5762af89355/81361e6d-2b58-4781-80c2-d908a0fe91cd/images/ffa8728f-6f0c-4b59-99ac-5bef0bd7634e/80a8701a-bf07-4d8a-8d02-8f98e6bb46a1/
target bus=virtio dev=vda/
serialffa8728f-6f0c-4b59-99ac-5bef0bd7634e/serial
driver cache=none error_policy=stop io=threads name=qemu
type=raw/
/disk
/devices
os
type arch=x86_64 machine=pc-0.14hvm/type
smbios mode=sysinfo/
/os
sysinfo type=smbios
system
entry name=manufactureroVirt/entry
entry name=productoVirt Node/entry
entry name=version17-1/entry
entry name=serial30303146-4430-3946-3139-3938/entry
entry name=uuida4a8f349-7fdf-42f4-873e-e70f692c6ca2/entry
/system
/sysinfo
clock adjustment=-43200 offset=variable
timer name=rtc tickpolicy=catchup/
/clock
features
acpi/
/features
cpu match=exact
modelOpteron_G3/model
topology cores=1 sockets=2 threads=1/
/cpu
/domain
Thread-654::DEBUG::2012-12-09
17:14:18,152::vm::672::vm.Vm::(_startUnderlyingVm)
vmId=`a4a8f349-7fdf-42f4-873e-e70f692c6ca2`::_ongoingCreations
released
Thread-654::ERROR::2012-12-09
17:14:18,152::vm::696::vm.Vm::(_startUnderlyingVm)
vmId=`a4a8f349-7fdf-42f4-873e-e70f692c6ca2`::The vm start process
failed
Traceback (most recent call last):
File /usr/share/vdsm/vm.py, line 658, in _startUnderlyingVm
self._run()
File /usr/share/vdsm/libvirtvm.py, line 1511, in _run
self._connection.createXML(domxml, flags),
File /usr/lib64/python2.7/site-packages/vdsm/libvirtconnection.py,
line 111, in wrapper
ret = f(*args, **kwargs)
File /usr/lib64/python2.7/site-packages/libvirt.py, line 2633, in
createXML
if ret is None:raise libvirtError('virDomainCreateXML() failed',
conn=self)
libvirtError: internal error Cannot find suitable CPU model for given
data
Thread-654::DEBUG::2012-12-09
17:14:18,156::vm::1045::vm.Vm::(setDownStatus)
vmId=`a4a8f349-7fdf-42f4-873e-e70f692c6ca2`::Changed state to Down:
internal error Cannot find suitable CPU model for given data
Not sure I'm pointing you at the right direction, but perhaps reading the
following link will help:
http://wiki.libvirt.org/page/Libvirt_identifies_host_processor_as_a_different_model_from_the_hardware_documentation
(especially the last section).
Oved
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] OpenLDAP Simple Authentication in Ovirt Engine
- Original Message - From: Itamar Heim ih...@redhat.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org, Thierry Kauffmann thierry.kauffm...@univ-montp2.fr Sent: Tuesday, December 4, 2012 1:47:52 AM Subject: Re: [Users] OpenLDAP Simple Authentication in Ovirt Engine On 12/02/2012 08:10 AM, Oved Ourfalli wrote: - Original Message - From: Thierry Kauffmann thierry.kauffm...@univ-montp2.fr To: cristi falcas cristi.fal...@gmail.com Cc: users@ovirt.org Sent: Saturday, December 1, 2012 5:56:14 PM Subject: [Users] OpenLDAP Simple Authentication in Ovirt Engine Hi, I am currently testing Ovirt 3.1 standalone on Fedora 17. Until now, I could only use the default user admin@internal. Our Directory at the University is OpenLDAP. We use it for authentication WITHOUT Kerberos : Simple authentication. I wonder how to use this backend to authenticate users and manage groups in Ovirt. Has anyone already set this up ? How to configure Ovirt to use Simple Authentication (No Kerberos). Cheers, -- Thierry Kauffmann Chef du Service Informatique // Facult? des Sciences // Universit? de Montpellier 2 [image: SIF - Service Informatique de la Facult? des Sciences] http://sif.info-ufr.univ-montp2.fr/ [image: UM2 - Universit? de Montpellier 2] http://www.univ-montp2.fr/ Service informatique de la Facult? des Sciences (SIF) Universit? de Montpellier 2 CC437 // Place Eug?ne Bataillon // 34095 Montpellier Cedex 5 T?l : 04 67 14 31 58 email : thierry.kauffm...@univ-montp2.fr web : http://sif.info-ufr.univ-montp2.fr/ http://www.fdsweb.univ-montp2.fr/ ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users Hi, This is a response from an older thread from Yair Zaslavsky: there is no code allowing to add simple-authentication domains to Manage-Domains. In the past we did have the ability to do that, but there are several problematic issues. Best regards, Hi, correct-me if I am wrong but this wiki page ( http://www.ovirt.org/DomainInfrastructure ) states clearly : 1. Authenticating Active Directory, IPA and RHDS using either simple or gssapi authentication 2. Querying the directory using the LDAP protocol 3. Auto deducing the LDAP provider type 4. Easily adding new LDAP provider types 5. Easily adding new query types So what ? We supported simple authentication in the past, but it is no longer supported, that's why you can't set that using the manage domains utility. It may work well in some providers (in the past we supported that for active directory, so I guess it would work there). I don't think we removed SIMPLE from the engine, we just don't recommend using it, since it doesn't encrypt user/password on the network (it is sometime useful for debugging). We indeed didn't remove the engine code. We just blocked it from the utility. Once you have a configured oVirt domain, you can set the LDAPSecurityAuthentication configuration parameter (in the vdc_options table), to use simple, by putting a value of: domain1:SIMPLE,domain2:GSSAPI,domain3:SIMPLE and etc but, if you want to add a new domain with it then you would need to add it manually (can give a detailed explanation on how, if relevant). By default we work GSSAPI (I think the config option is empty by default which is equivalent to working GSSAPI). If/When we would need to support that again it shouldn't be a major effort to add the code... the testing with the different providers will be the hard part. Oved We also don't auto deduce the LDAP provider type anymore, as changes in the providers caused some issues with it. I'll edit the wiki accordingly (btw, I remember removing it from the wiki... so it is weird that it is still there...). Oved -- signature-TK Thierry Kauffmann Chef du Service Informatique // Faculté des Sciences // Université de Montpellier 2 SIF - Service Informatique de la Faculté des SciencesUM2 - Université de Montpellier 2 Service informatique de la Faculté des Sciences (SIF) Université de Montpellier 2 CC437 // Place Eugène Bataillon // 34095 Montpellier Cedex 5 Tél : 04 67 14 31 58 email : thierry.kauffm...@univ-montp2.fr web : http://sif.info-ufr.univ-montp2.fr/ http://www.fdsweb.univ-montp2.fr/ ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org
Re: [Users] OpenLDAP Simple Authentication in Ovirt Engine
- Original Message -
From: Thierry Kauffmann thierry.kauffm...@univ-montp2.fr
To: Oved Ourfalli ov...@redhat.com
Cc: Itamar Heim ih...@redhat.com, users@ovirt.org
Sent: Tuesday, December 4, 2012 10:35:34 AM
Subject: Re: [Users] OpenLDAP Simple Authentication in Ovirt Engine
Le 04/12/2012 09:09, Oved Ourfalli a écrit :
- Original Message -
From: Itamar Heim ih...@redhat.com To: Oved Ourfalli
ov...@redhat.com Cc: users@ovirt.org , Thierry Kauffmann
thierry.kauffm...@univ-montp2.fr Sent: Tuesday, December 4, 2012
1:47:52 AM
Subject: Re: [Users] OpenLDAP Simple Authentication in Ovirt Engine
On 12/02/2012 08:10 AM, Oved Ourfalli wrote:
- Original Message -
From: Thierry Kauffmann thierry.kauffm...@univ-montp2.fr To:
cristi falcas cristi.fal...@gmail.com Cc: users@ovirt.org Sent:
Saturday, December 1, 2012 5:56:14 PM
Subject: [Users] OpenLDAP Simple Authentication in Ovirt Engine
Hi,
I am currently testing Ovirt 3.1 standalone on Fedora 17.
Until now, I could only use the default user admin@internal.
Our Directory at the University is OpenLDAP. We use it for
authentication
WITHOUT Kerberos : Simple authentication.
I wonder how to use this backend to authenticate users and manage
groups
in Ovirt.
Has anyone already set this up ?
How to configure Ovirt to use Simple Authentication (No Kerberos).
Cheers,
--
Thierry Kauffmann
Chef du Service Informatique // Facult? des Sciences // Universit?
de
Montpellier 2
[image: SIF - Service Informatique de la Facult? des Sciences]
http://sif.info-ufr.univ-montp2.fr/ [image:
UM2 - Universit? de Montpellier 2] http://www.univ-montp2.fr/
Service
informatique de la Facult? des Sciences (SIF)
Universit? de Montpellier 2
CC437 // Place Eug?ne Bataillon // 34095 Montpellier Cedex 5
T?l : 04 67 14 31 58
email : thierry.kauffm...@univ-montp2.fr web :
http://sif.info-ufr.univ-montp2.fr/
http://www.fdsweb.univ-montp2.fr/
___
Users mailing list Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users Hi,
This is a response from an older thread from Yair Zaslavsky:
there is no code allowing to add simple-authentication domains
to
Manage-Domains.
In the past we did have the ability to do that, but there are
several
problematic issues.
Best regards, Hi,
correct-me if I am wrong but this wiki page (
http://www.ovirt.org/DomainInfrastructure ) states clearly :
1. Authenticating Active Directory, IPA and RHDS using either
simple or gssapi authentication
2. Querying the directory using the LDAP protocol
3. Auto deducing the LDAP provider type
4. Easily adding new LDAP provider types
5. Easily adding new query types
So what ? We supported simple authentication in the past, but it is
no longer
supported, that's why you can't set that using the manage domains
utility.
It may work well in some providers (in the past we supported that
for active directory, so I guess it would work there). I don't think
we removed SIMPLE from the engine, we just don't
recommend
using it, since it doesn't encrypt user/password on the network (it
is
sometime useful for debugging). We indeed didn't remove the engine
code. We just blocked it from the utility.
Once you have a configured oVirt domain, you can set the
LDAPSecurityAuthentication configuration parameter (in the
vdc_options table), to use simple, by putting a value of:
domain1:SIMPLE,domain2:GSSAPI,domain3:SIMPLE and etc
but, if you want to add a new domain with it then you would need to
add it manually (can give a detailed explanation on how, if
relevant). Yes, I would like to know how to add directly a domain
which is not GSSAPI controlled.
The vdc_options table is a table containing the configuration values of the
engine. Among those, there are directory-related configuration values:
engine=# select * from vdc_options where option_name in
('DomainName','LdapServers','LDAPSecurityAuthentication','LDAPProviderTypes','AdUserName','AdUserPassword');
option_id |option_name | option_value
| version
---++-+-
9 | AdUserName | domain1:user1,domain2:user2
| general
10 | AdUserPassword | domain1:password1,domain2:password2
| general
114 | LdapServers|
deomain1:ldap_server_address1,domain2:ldap_server_address2 | general
64 | DomainName | domain1,domain2
| general
112 | LDAPSecurityAuthentication | domain1:GSSAPI,domain2:SIMPLE
| general
115 | LDAPProviderTypes | domain1:activeDirectory,domain2:ipa
| general
AdUserName is the user
Re: [Users] Failed to start service jboss.deployment.subunit.engine.ear.root.war
And if you do change it, does it work properly?
- Original Message -
From: Mohsen Saeedi mohsen.sae...@gmail.com
To: Oved Ourfalli ov...@redhat.com
Cc: users@ovirt.org
Sent: Tuesday, December 4, 2012 2:51:42 PM
Subject: Re: [Users] Failed to start service
jboss.deployment.subunit.engine.ear.root.war
Yes
I attached the web.xml file. I changed it to configure IE spi ce
active X .
I guess that i forgot to change th is t wo line to correct virt
-viewer version:
servlet
servlet-namevirt-viewer-version.exe/servlet-name
servlet-classorg.ovirt.engine.core.FileServlet/servlet-class
init-param
servlet-mapping
servlet-namevirt-viewer-version.exe/servlet-name
url-pattern/spice/virt-viewer-0.5.3.exe/url-pattern
/servlet-mapping
Thanks.
On 12/03/2012 10:35 AM, Oved Ourfalli wrote:
Hi,
Can you attach the web.xml file
(/var/lib/ovirt-engine/deployments/engine.ear/root.war/WEB-INF/web.xml)
as the log shows jboss fails to parse it.
Caused by:
org.jboss.as.server.deployment.DeploymentUnitProcessingException:
JBAS018014: Failed to parse XML descriptor
/var/lib/ovirt-engine/deployments/engine.ear/root.war/WEB-INF/web.xml
at [130,31]
at
org.jboss.as.web.deployment.WebParsingDeploymentProcessor.deploy(WebParsingDeploymentProcessor.java:114)
at
org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:113)
[jboss-as-server-7.1.1.Final.jar:7.1.1.Final]
... 5 more
Thank you,
Oved
- Original Message -
From: Mohsen Saeedi mohsen.sae...@gmail.com To: users@ovirt.org
Sent: Sunday, December 2, 2012 7:24:36 PM
Subject: [Users] Failed to start service
jboss.deployment.subunit.engine.ear.root.war
Hi
I installed Ovirt and i set up two virtual machine and it was working
very good. then i try to use spice activeX on IE and i changed
web.xml
file as said on this link:
http://wiki.ovirt.org/How_to_Connect_to_SPICE_Console_With_Portal
then i restart jboss-as and ovirt-engine and everything was true.
then i
restart the server and i see some errors on server.log under
ovirt-engine dir.
and in apache ssl_log i saw this error:
GET / HTTP/1.1 404 -
I attached the server.log. the main error is:
2012-12-02 20:30:33,511 ERROR
[org.jboss.as.server.deployment.scanner]
(DeploymentScanner-threads - 1) {JBAS014653: Composite operation
failed
and was rolled back. Steps that failed: = {Operation step-2 =
{JBAS014671: Failed services =
{jboss.deployment.subunit.\engine.ear\.\root.war\.PARSE =
org.jboss.msc.service.StartException in service
jboss.deployment.subunit.\engine.ear\.\root.war\.PARSE: Failed to
process phase PARSE of subdeployment \root.war\ of deployment
\engine.ear\
___
Users mailing list Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Failed to start service jboss.deployment.subunit.engine.ear.root.war
Hi,
Can you attach the web.xml file
(/var/lib/ovirt-engine/deployments/engine.ear/root.war/WEB-INF/web.xml) as the
log shows jboss fails to parse it.
Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException:
JBAS018014: Failed to parse XML descriptor
/var/lib/ovirt-engine/deployments/engine.ear/root.war/WEB-INF/web.xml at
[130,31]
at
org.jboss.as.web.deployment.WebParsingDeploymentProcessor.deploy(WebParsingDeploymentProcessor.java:114)
at
org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:113)
[jboss-as-server-7.1.1.Final.jar:7.1.1.Final]
... 5 more
Thank you,
Oved
- Original Message -
From: Mohsen Saeedi mohsen.sae...@gmail.com
To: users@ovirt.org
Sent: Sunday, December 2, 2012 7:24:36 PM
Subject: [Users] Failed to start service
jboss.deployment.subunit.engine.ear.root.war
Hi
I installed Ovirt and i set up two virtual machine and it was working
very good. then i try to use spice activeX on IE and i changed
web.xml
file as said on this link:
http://wiki.ovirt.org/How_to_Connect_to_SPICE_Console_With_Portal
then i restart jboss-as and ovirt-engine and everything was true.
then i
restart the server and i see some errors on server.log under
ovirt-engine dir.
and in apache ssl_log i saw this error:
GET / HTTP/1.1 404 -
I attached the server.log. the main error is:
2012-12-02 20:30:33,511 ERROR
[org.jboss.as.server.deployment.scanner]
(DeploymentScanner-threads - 1) {JBAS014653: Composite operation
failed
and was rolled back. Steps that failed: = {Operation step-2 =
{JBAS014671: Failed services =
{jboss.deployment.subunit.\engine.ear\.\root.war\.PARSE =
org.jboss.msc.service.StartException in service
jboss.deployment.subunit.\engine.ear\.\root.war\.PARSE: Failed to
process phase PARSE of subdeployment \root.war\ of deployment
\engine.ear\
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] OpenLDAP Simple Authentication in Ovirt Engine
- Original Message - From: Thierry Kauffmann thierry.kauffm...@univ-montp2.fr To: cristi falcas cristi.fal...@gmail.com Cc: users@ovirt.org Sent: Saturday, December 1, 2012 5:56:14 PM Subject: [Users] OpenLDAP Simple Authentication in Ovirt Engine Hi, I am currently testing Ovirt 3.1 standalone on Fedora 17. Until now, I could only use the default user admin@internal. Our Directory at the University is OpenLDAP. We use it for authentication WITHOUT Kerberos : Simple authentication. I wonder how to use this backend to authenticate users and manage groups in Ovirt. Has anyone already set this up ? How to configure Ovirt to use Simple Authentication (No Kerberos). Cheers, -- Thierry Kauffmann Chef du Service Informatique // Facult? des Sciences // Universit? de Montpellier 2 [image: SIF - Service Informatique de la Facult? des Sciences] http://sif.info-ufr.univ-montp2.fr/ [image: UM2 - Universit? de Montpellier 2] http://www.univ-montp2.fr/ Service informatique de la Facult? des Sciences (SIF) Universit? de Montpellier 2 CC437 // Place Eug?ne Bataillon // 34095 Montpellier Cedex 5 T?l : 04 67 14 31 58 email : thierry.kauffm...@univ-montp2.fr web : http://sif.info-ufr.univ-montp2.fr/ http://www.fdsweb.univ-montp2.fr/ ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users Hi, This is a response from an older thread from Yair Zaslavsky: there is no code allowing to add simple-authentication domains to Manage-Domains. In the past we did have the ability to do that, but there are several problematic issues. Best regards, Hi, correct-me if I am wrong but this wiki page ( http://www.ovirt.org/DomainInfrastructure ) states clearly : 1. Authenticating Active Directory, IPA and RHDS using either simple or gssapi authentication 2. Querying the directory using the LDAP protocol 3. Auto deducing the LDAP provider type 4. Easily adding new LDAP provider types 5. Easily adding new query types So what ? We supported simple authentication in the past, but it is no longer supported, that's why you can't set that using the manage domains utility. It may work well in some providers (in the past we supported that for active directory, so I guess it would work there). We also don't auto deduce the LDAP provider type anymore, as changes in the providers caused some issues with it. I'll edit the wiki accordingly (btw, I remember removing it from the wiki... so it is weird that it is still there...). Oved -- signature-TK Thierry Kauffmann Chef du Service Informatique // Faculté des Sciences // Université de Montpellier 2 SIF - Service Informatique de la Faculté des SciencesUM2 - Université de Montpellier 2 Service informatique de la Faculté des Sciences (SIF) Université de Montpellier 2 CC437 // Place Eugène Bataillon // 34095 Montpellier Cedex 5 Tél : 04 67 14 31 58 email : thierry.kauffm...@univ-montp2.fr web : http://sif.info-ufr.univ-montp2.fr/ http://www.fdsweb.univ-montp2.fr/ ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] I don't know how to add AD users
- Original Message - From: Cristian Falcas cristi.fal...@gmail.com To: Yair Zaslavsky yzasl...@redhat.com Cc: users@ovirt.org Sent: Wednesday, November 21, 2012 6:40:34 AM Subject: Re: [Users] I don't know how to add AD users On Wed, Nov 21, 2012 at 5:05 AM, Yair Zaslavsky yzasl...@redhat.com wrote: From: Cristian Falcas cristi.fal...@gmail.com To: Itamar Heim ih...@redhat.com Cc: Yair Zaslavsky yzasl...@redhat.com , users@ovirt.org Sent: Tuesday, November 20, 2012 7:33:39 PM Subject: Re: [Users] I don't know how to add AD users On Tue, Nov 20, 2012 at 3:08 PM, Itamar Heim ih...@redhat.com wrote: On 11/20/2012 03:00 PM, Cristian Falcas wrote: Hi, So there is no way to use the domain I have at work, right? I will need to make a freeipa installation in order to add new users. there is no reason this shouldn't work with active directory 2003 (assuming its forest level isn't still in AD 2000 compatibility mode?). tcpdump for the traffic during engine-manage-domains should help diagnosing why. Cristian On Tue, Nov 20, 2012 at 10:11 AM, Cristian Falcas cristi.fal...@gmail.com mailto: cristi.falcas@gmail. com wrote: On Tue, Nov 20, 2012 at 9:58 AM, Itamar Heim ih...@redhat.com mailto: ih...@redhat.com wrote: On 11/20/2012 09:56 AM, Cristian Falcas wrote: On Tue, Nov 20, 2012 at 9:42 AM, Yair Zaslavsky yzasl...@redhat.com mailto: yzasl...@redhat.com mailto: yzasl...@redhat.com mailto: yzasl...@redhat.com wrote: On 11/20/2012 09:05 AM, Cristian Falcas wrote: On Tue, Nov 20, 2012 at 8:36 AM, Yair Zaslavsky yzasl...@redhat.com mailto: yzasl...@redhat.com mailto: yzasl...@redhat.com mailto: yzasl...@redhat.com mailto: yzasl...@redhat.com mailto: yzasl...@redhat.com mailto: yzasl...@redhat.com mailto: yzasl...@redhat.com wrote: On 11/20/2012 12:39 AM, Cristian Falcas wrote: On Mon, Nov 19, 2012 at 10:53 PM, Itamar Heim ih...@redhat.com mailto: ih...@redhat.com mailto: ih...@redhat.com mailto: ih...@redhat.com mailto: ih...@redhat.com mailto: ih...@redhat.com mailto: ih...@redhat.com mailto: ih...@redhat.com mailto: ih...@redhat.com mailto: ih...@redhat.com mailto: ih...@redhat.com mailto: ih...@redhat.com mailto: ih...@redhat.com mailto: ih...@redhat.com mailto: ih...@redhat.com mailto: ih...@redhat.com wrote: On 11/19/2012 11:29 AM, Vinzenz Feenstra wrote: On 11/19/2012 10:01 AM, Cristian Falcas wrote: Hi, I'm trying to add some users to ovirt using an AD. This is the configuration I used for a mediawiki site, which is working correctly: $wgAuth = new LdapAuthenticationPlugin(); $wgLDAPUseLocal = true; $wgLDAPDomainNames = array( a_domain); $wgLDAPServerNames = array( a_domain= site.example.com http://site.example.com http://site.example.com http://site.example.com http://site.example.com http://site.example.com ); $wgLDAPEncryptionType = array( a_domain=clear); $wgLDAPSearchStrings = array( a_domain=rom_domain\\USER- NAME); $wgLDAPBaseDNs = array( a_domain=dc=company,dc=___ _com); Those are the commands I tried using: engine-manage-domains -action=add -domain= site.example.com http://site.example.com http://site.example.com http://site.example.com http://site.example.com http://site.example.com -provider=ActiveDirectory -user= user.name http://user.name http://user.name http://user.name http://user.name http://user.name -interactive engine-manage-domains -action=add -domain=a_domain -provider=ActiveDirectory -user= user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com __ mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com __ mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com mailto: user.n...@company.com __ -interactive engine-manage-domains -action=add -domain=a_domain -provider=ActiveDirectory -user=user.name@site.example._ ___com mailto: user.name@site mailto: user.name@site . mailto: user.name@site mailto: user.name@site .__ exa m__p__le.com
Re: [Users] Spice Issue
- Original Message - From: Itamar Heim ih...@redhat.com To: Sven Knohsalla s.knohsa...@netbiscuits.com Cc: users@ovirt.org, Oved Ourfalli oourf...@redhat.com Sent: Tuesday, November 20, 2012 11:35:31 PM Subject: Re: [Users] Spice Issue On 11/20/2012 08:28 PM, Sven Knohsalla wrote: Hi, just in progress to test oVirt Engine Version: 3.1.0-2.fc17 + oVirt-node-iso-2.5.5-0.1.fc17 OS Version: oVirt Node - 17 - 1 Kernel Version: 3.6.1 - 1.fc17.x86_64 KVM Version: 1.0.1 - 2.fc17 VDSM Version: 4.10.0.10 *_SPICE Version: 0.10.1 - 5.fc17_ *Running in some kind of spice issue (using win7 + iexplorer9 +Spice ActiveX Plugin 5.0.0.10021) when opening a VM console. Console output of …\ SpiceClient\spicec.exe: Controller: bad channel name “scursor” in secure-channels Spice window doesn’t show anything àThe strange thing is, this client configuration is currently working with oVirt 3.0 engine?! Does anybody knows this behavior/issue? oved, iirc you handled the spice channel configs around this? Adding spice-devel. We pass spice the list of secure channels, each one prefixed with s, denoting a secured channel (no real reason for it... just historical ones I guess). spice should remove the s, and use the cursor channel in this case. Looks like it isn't done in this case. Adding spice-devel, as they should know if it is supposed to work. Anyway, in the engine side, as a workaround you can use the engine-config utility, and set the SpiceSecureChannels to a list of channels without that one, just to see if it works. First query the configuration to see the list of current secured channels (in latest ovirt 3.1, we put all channels there by default). ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Related to extend disk size of existing virtual machine !
- Original Message - From: Romil Gupta romilgupt...@gmail.com To: users@ovirt.org, Michael Pasternak mpast...@redhat.com, Eli Mesika emes...@redhat.com Sent: Wednesday, November 21, 2012 8:19:25 AM Subject: [Users] Related to extend disk size of existing virtual machine ! Hello, To add a disk to VM we use the following : api.vms.get(VM_NAME).disks.add(params.Disk(storage_domains=params.StorageDomains(storage_domain=[api.storagedomains.get(STORAGE_NAME)]), size=512*MB, # type_='system', - disk type is deprecated status=None, interface='virtio', format='cow', sparse=True, bootable=True)) but the type_ attribute is deprecated , so I got the following exception : Failed to add disk status: 400 reason: Bad Request detail: Cannot add Virtual Machine Disk. Disk 1 already marked as system Now , if I try giving disk_type='Data' on GUI of RHEVM then it will be added to VM. I want to know from which ovirt-sdk version you have deprecated attribute disk_type ? According to the changelog, it was done in 3.1.0.3-1. * Mon Jun 25 2012 Michael Pasternak mpast...@redhat.com - 3.1.0.3-1 ... - to Disk type added provisioned_size property and removed /type/ (not supported in 3.1) ... What's the ovirt engine version you're working with? I am currently using ovirt-engine-sdk-3.1.0.3-1.el6.noarch.rpm and I didn't find type_ attribute using this rpm ! How I can extend the disk size of a existing VM in RHEVM ? There is currently no way to extend an existing disk. Help me ! Regards , Romil Gupta ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Related to extend disk size of existing virtual machine !
- Original Message - From: Romil Gupta romilgupt...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org Sent: Wednesday, November 21, 2012 9:17:31 AM Subject: Re: [Users] Related to extend disk size of existing virtual machine ! I m using RHEM 3.0 as a GUI and ovirt-engine-sdk-3.1.0.3-1. el6.noarch.rpm for writting python script ! I have one existing VM in RHEVM3.0 that I have created using Template( memory 2GB , virtual disk = 10 GB ) in RHEVM 3.0 Now , I want to increase the virtual disk size upto 60 GB of VM . How I can do that ??? Due to the fact you're working with an older engine version, I'd suggest you install an older version of the ovirt-sdk RPM, that still contains this argument, and then you'll hopefully be able to add another disk. Regards, Romil On Wed, Nov 21, 2012 at 12:02 PM, Oved Ourfalli ov...@redhat.com wrote: - Original Message - From: Romil Gupta romilgupt...@gmail.com To: users@ovirt.org , Michael Pasternak mpast...@redhat.com , Eli Mesika emes...@redhat.com Sent: Wednesday, November 21, 2012 8:19:25 AM Subject: [Users] Related to extend disk size of existing virtual machine ! Hello, To add a disk to VM we use the following : api.vms.get(VM_NAME).disks.add(params.Disk(storage_domains=params.StorageDomains(storage_domain=[api.storagedomains.get(STORAGE_NAME)]), size=512*MB, # type_='system', - disk type is deprecated status=None, interface='virtio', format='cow', sparse=True, bootable=True)) but the type_ attribute is deprecated , so I got the following exception : Failed to add disk status: 400 reason: Bad Request detail: Cannot add Virtual Machine Disk. Disk 1 already marked as system Now , if I try giving disk_type='Data' on GUI of RHEVM then it will be added to VM. I want to know from which ovirt-sdk version you have deprecated attribute disk_type ? According to the changelog, it was done in 3.1.0.3-1. * Mon Jun 25 2012 Michael Pasternak mpast...@redhat.com - 3.1.0.3-1 ... - to Disk type added provisioned_size property and removed /type/ (not supported in 3.1) ... What's the ovirt engine version you're working with? I am currently using ovirt-engine-sdk-3.1.0.3-1.el6.noarch.rpm and I didn't find type_ attribute using this rpm ! How I can extend the disk size of a existing VM in RHEVM ? There is currently no way to extend an existing disk. Help me ! Regards , Romil Gupta ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- I don't wish to be everything to everyone, but I would like to be something to someone. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[Users] Blog post on working with oVirt via EC2/CIMI APIs using Deltacloud
Hey all, I've created a new blog, http://ovedou.blogspot.com , and the first post is on working with oVirt via EC2/CIMI APIs using Deltacloud. (It may be changed a bit soon, as I'm currently testing the Fedora RPM configuration, but most information and examples will remain the same). More info: This blog post will show how you can use Deltacloud in order to perform basic operations via EC2/CIMI APIs, on top of the oVirt engine. This post is informative and technical, and it is directed for those who are interested in a solution for using oVirt via common cloud APIs. Enjoy! Oved Ourfali http://ovedou.blogspot.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] use of VM payload to set static IP info - ovirt 3.1
Hi there, That is an interesting question. I'm now trying to investigate about it, to see if it is possible to use cloud-init project in order to do that. Will give an update as soon as I find something about it. Feel free to read about cloud-init as well (or maybe other projects if you find them), and share your findings with us. Oved - Original Message - From: Messaoud Benantar mbena...@us.ibm.com To: users@ovirt.org Sent: Wednesday, November 14, 2012 7:12:48 PM Subject: [Users] use of VM payload to set static IP info - ovirt 3.1 Hello folks, in our case we do need to assign static IP information to the KVM VMs that we provision. In looking at RHEV 3.1 i see a new Rest function for sending a payload to a VM. vm ... payloads payload type='cdrom' file name='my.txt' contentsome content/content /file /payload /payloads /vm I was wondering if anyone knows how to use VM payload to set static IP information for a VM (both linux and windows). Thank you. Regards, Messaoud Benantar IBM Corporation ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Ovirt 3.1 and Samba4 AD
- Original Message - From: Jiri Belka jbe...@redhat.com To: users@ovirt.org Sent: Wednesday, November 14, 2012 9:30:39 AM Subject: Re: [Users] Ovirt 3.1 and Samba4 AD On 11/13/2012 09:40 PM, Charlie wrote: I would like to help oVirt gain compatibility with standards-based services like OpenLDAP, but the code's in a language I haven't used and a version control system I haven't used and the wiki has no LDAP interaction design documents (other than the sources themselves) and I've got very limited free time, all of which makes it hard to contribute. +1 We do have some wiki pages that can be useful to set up a development environment, like: http://wiki.ovirt.org/wiki/Working_with_oVirt_Gerrit http://wiki.ovirt.org/wiki/Building_oVirt_engine Architecture page: http://wiki.ovirt.org/wiki/Architecture And specifically, there is a wiki page on the LDAP infrastructure, that can give a clue on what entities we have there, and how to work with them: http://wiki.ovirt.org/wiki/DomainInfrastructure -- Jiri Belka jbe...@redhat.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Ovirt 3.1 and Samba4 AD
- Original Message - From: Oved Ourfalli ov...@redhat.com To: Jiri Belka jbe...@redhat.com, medieval...@gmail.com Cc: users@ovirt.org Sent: Wednesday, November 14, 2012 3:50:45 PM Subject: Re: [Users] Ovirt 3.1 and Samba4 AD - Original Message - From: Jiri Belka jbe...@redhat.com To: users@ovirt.org Sent: Wednesday, November 14, 2012 9:30:39 AM Subject: Re: [Users] Ovirt 3.1 and Samba4 AD On 11/13/2012 09:40 PM, Charlie wrote: I would like to help oVirt gain compatibility with standards-based services like OpenLDAP, but the code's in a language I haven't used and a version control system I haven't used and the wiki has no LDAP interaction design documents (other than the sources themselves) and I've got very limited free time, all of which makes it hard to contribute. +1 We do have some wiki pages that can be useful to set up a development environment, like: http://wiki.ovirt.org/wiki/Working_with_oVirt_Gerrit http://wiki.ovirt.org/wiki/Building_oVirt_engine Architecture page: http://wiki.ovirt.org/wiki/Architecture And specifically, there is a wiki page on the LDAP infrastructure, that can give a clue on what entities we have there, and how to work with them: http://wiki.ovirt.org/wiki/DomainInfrastructure When looking at OpenLDAP before I remember the issue was that we didn't have any standard schema to work with, that had all the different attributes we need. Currently, we require to authenticate to a Kerberos server. Also, the configuration of the different provider queries is done inside the source code, and not configured externally. So, IMO the best way to add a new OpenLDAP provider is first to externalize this configuration, so that anyone can tweak it out according to his schema. I hope the wiki pages above can give a clue on the infrastructure, but we would be more than happy to help guiding you about that. The relevant people are Yair Zaslavsky (yzasl...@redhat.com), and Roy Golan (rgo...@redhat.com), and myself, which did the latest work on this infrastructure, so we would be more than happy to help on IRC, E-mails, phone calls, and etc. Another relevant mailing list is engine-de...@ovirt.org, where most engine developers are, so that's the best place to get guidance regarding git, gerrit, java, and every development matter. Oved -- Jiri Belka jbe...@redhat.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Problem on creating database
Hey Stephen, Is that possible that OVIRT_HOME is not set properly? Maven looks for pom.xml file in the directory tha mvn command is run from, and according to the error there is no such file there (in /home/satimis). Have a nice day, Oved - Original Message - From: Stephen Liu sati...@yahoo.com To: Yair Zaslavsky yzasl...@redhat.com Cc: users@ovirt.org Sent: Friday, November 9, 2012 10:18:46 AM Subject: Re: [Users] Problem on creating database Hi, On running further to install oVirt I encountered following problem; Steps performed; $ cd $OVIRT_HOME $ mvn clean install /usr/lib/jvm/java [INFO] Scanning for projects... [INFO] [INFO] BUILD FAILURE [INFO] [INFO] Total time: 0.110s [INFO] Finished at: Fri Nov 09 12:23:57 HKT 2012 [INFO] Final Memory: 5M/115M [INFO] [ERROR] The goal you specified requires a project to execute but there is no POM in this directory (/home/satimis). Please verify you invoked Maven from the correct directory. - [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MissingProjectException Failure ? $ mvn --version /usr/lib/jvm/java Apache Maven 3.0.4 (rNON-CANONICAL_2012-10-24_11-25_mockbuild; 2012-10-24 19:25:04+0800) Maven home: /usr/share/maven Java version: 1.7.0_09-icedtea, vendor: Oracle Corporation Java home: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.9.x86_64/jre Default locale: en_US, platform encoding: UTF-8 OS name: linux, version: 3.6.5-1.fc17.x86_64, arch: amd64, family: unix B.R. Stephen L From: Yair Zaslavsky yzasl...@redhat.com To: Stephen Liu sati...@yahoo.com Cc: users@ovirt.org Sent: Friday, November 9, 2012 2:53 PM Subject: Re: [Users] Problem on creating database Hi, I'm not sure at what point exactly you see this dropdb failure. I checked the code at the dbscripts folder, and the only place where dropdb is run, is at the beginning of execution of create_db.sh which is run from create_db_devel.sh In addition, when I tried to create with non existing DB, I saw the same print, but the DB was still created. Please elaborate on what is your exact problem? Do you manage to perform psql engine postgres after running the script? You can also send us create_db.sh.log Thanks! From: Stephen Liu sati...@yahoo.com To: users@ovirt.org Sent: Friday, November 9, 2012 7:09:05 AM Subject: [Users] Problem on creating database Hi all, OS - Fedora 17 64bit Manual: http://wiki.ovirt.org/wiki/Building_Ovirt_Engine#Prerequisites Creating the database = $ ls /home/satimis/ | grep ovirt-engine ovirt-engine $OVIRT_HOME = /home/satimis $ cd /home/satimis/ovirt-engine/backend/manager/dbscripts $ sudo ./create_db_devel.sh -u postgres Running original create_db script... Creating the database: engine dropdb: database removal failed: ERROR: database engine does not exist user name is: postgres Creating tables... Creating functions... Creating common functions... Inserting data ... . . Running upgrade sql script upgrade/post_upgrade/0010_add_object_column_white_list_table.sql ... Setting development configuration values ... Development setting done. dropdb: database removal failed: ERROR: database engine does not exist Please advise how to fix the problem? TIA B.R. Stephen L ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Procedure to change engine host name
- Original Message - From: Neil nwilson...@gmail.com To: Juan Hernandez jhern...@redhat.com Cc: users@ovirt.org Sent: Wednesday, October 17, 2012 11:06:24 AM Subject: Re: [Users] Procedure to change engine host name Sorry to repost, anyone got any ideas here? Thanks! Can you check the certificate file for whitespaces, extra characters and etc.? (In some threads about this issue that was usually the problem - apologize in advance if you already read such threads). On Tue, Oct 16, 2012 at 12:27 PM, Neil nwilson...@gmail.com wrote: Hi Juan, Thank you very much for sending through these details, I'm finally getting around to trying to regenerate my certs now, but I'm encountering an issue with importing the old CA as per below... On Fri, Oct 5, 2012 at 5:03 PM, Juan Hernandez jhern...@redhat.com wrote: 5. Regenerate the keystore used by the engine, importing the old CA certificate and the new engine certificate: rm -f /etc/pki/ovirt-engine/.keystore keytool \ -keystore /etc/pki/ovirt-engine/.keystore \ -import \ -alias cacert \ -storepass mypass \ -noprompt \ -file /etc/pki/ovirt-engine/ca.pem [root@backup ovirt-engine]# rm -f /etc/pki/ovirt-engine/.keystore [root@backup ovirt-engine]# keytool \ -keystore /etc/pki/ovirt-engine/.keystore \ -import \ -alias cacert \ -storepass mypass \ -noprompt \ -file /etc/pki/ovirt-engine/ca.pem keytool error: java.lang.Exception: Input not an X.509 certificate My certificate was created on the early release of ovirt-engine 3.1 so not sure if this is perhaps why? Thanks. Regards. Neil Wilson. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] oVirt MCollective Agent
- Original Message - From: Marco Mornati morna...@gmail.com To: users@ovirt.org Sent: Thursday, October 11, 2012 12:06:23 PM Subject: [Users] oVirt MCollective Agent Hello guys, I'm working on a cloud provisioning automatic tool and control ( http://www.kermit.fr ) and I'm actually creating the module to control the virtual farm based on oVirt (and RHEV 3.1 when will be out ;)). That means I created a module to control oVirt using MCollective ( http://docs.puppetlabs.com/mcollective/ ). You can find some information about the agent and the usage on my blog, here: http://blog.mornati.net/2012/10/09/mcollective-ovirt-agent/ And source of the Mcollective oVirt agent here: https://github.com/thinkfr/mcoplugins (ovirt.rb and ovirt.ddl). Even if you are not interested in the agent, I think the ruby file could be useful if you want to use the rbovirt API. I couldn't find any doc about that API on the net, so I created the agent looking to ruby api sources (I think any good project should have a little bit of documentation!!!). Nice work! As for rbovirt, I saw that indeed there isn't a lot of documentation on it. You can have a look at deltacloud, which uses it as well, to see some usage samples (although some are similar to what you already did). I hope rbovirt will expand more, to include some new features that were added in 3.1. You can see the driver they wrote in: https://github.com/apache/deltacloud/blob/master/server/lib/deltacloud/drivers/rhevm/rhevm_driver.rb I'm currently working on testing EC2/CIMI API calls using deltacloud, and pushing some fixes both in deltacloud in rbovirt, but there is indeed a lot of work that needs to be done there. Feel free to contact this mailing list, or the engine-devel mailing list if you have issues, and we'll help. Good luck! Oved Anyway, let me know if you are interested and if you have any suggestion and idea about it. Marco ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Virtual Machine Provisiong
oVirt exposes REST API that allows you to perform almost every operation in the oVirt engine, including provisioning, monitoring, performing different actions on the different entities, and etc. We also have both SDK and CLI, which are based on this REST API. Useful wiki pages: http://wiki.ovirt.org/wiki/Architecture http://wiki.ovirt.org/wiki/SDK http://wiki.ovirt.org/wiki/CLI and I guess you'll find more pages on ovirt.org. Good luck, Oved - Original Message - From: Marco Mornati morna...@gmail.com To: users@ovirt.org Sent: Thursday, October 11, 2012 12:09:53 PM Subject: [Users] Virtual Machine Provisiong Hello guys, I'm trying to integrate an automatic provisioning to my oVirt installation. Something like: API to create VM, NIC and Disk, tool to install SO (??). I'm actually working around aeolus (after a useless test with koan), but I'm not sure I can do what I want. I prefer not to use a PXE to get all things really automatic (something cloud style). Have you got any idea, suggestion and/or guide about it? Thanks a lot Marco ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Virtual Machine Provisiong
Hey Marco. I see. My mistake... We don't have such a feature built-in yet, but I guess there may be other 3rd party products that integrate with oVirt in order to do so. Let's wait for other people to answer this thread. Oved - Original Message - From: Marco Mornati morna...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org Sent: Thursday, October 11, 2012 1:09:56 PM Subject: Re: [Users] Virtual Machine Provisiong Hello Oved, thanks for your response, but, for me, provisioning means Install Operating System and other packages. Is it possibile to do this directly using oVirt? I didn't find anything about it and that's the resason why I'm looking for others tools. By and I can just start oVirt VM in Run Once mode, and putting the mac address in my PXE installation could start automatically. Problem is that I need to modify my PXE to create an automatic system. That's the reason puu me to look for anything else. Marco On Thu, Oct 11, 2012 at 12:25 PM, Oved Ourfalli ov...@redhat.com wrote: oVirt exposes REST API that allows you to perform almost every operation in the oVirt engine, including provisioning, monitoring, performing different actions on the different entities, and etc. We also have both SDK and CLI, which are based on this REST API. Useful wiki pages: http://wiki.ovirt.org/wiki/Architecture http://wiki.ovirt.org/wiki/SDK http://wiki.ovirt.org/wiki/CLI and I guess you'll find more pages on ovirt.org . Good luck, Oved - Original Message - From: Marco Mornati morna...@gmail.com To: users@ovirt.org Sent: Thursday, October 11, 2012 12:09:53 PM Subject: [Users] Virtual Machine Provisiong Hello guys, I'm trying to integrate an automatic provisioning to my oVirt installation. Something like: API to create VM, NIC and Disk, tool to install SO (??). I'm actually working around aeolus (after a useless test with koan), but I'm not sure I can do what I want. I prefer not to use a PXE to get all things really automatic (something cloud style). Have you got any idea, suggestion and/or guide about it? Thanks a lot Marco ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Autostarting VMs ?
- Original Message - From: Rob Coward r...@jive-videos.net To: users@ovirt.org Sent: Thursday, September 20, 2012 4:44:54 PM Subject: [Users] Autostarting VMs ? Hi, I'm new to oVirt and currently just have a single server installed with the allinone setup. All seems to be working well atm, apart from a small gripe about spice consoles not working (out of the box) for non-linux admin consoles. I just have one question that I hope someone on this list might be able to help me with. How do you configure oVirt to auto-start vms when it starts after a system boot ? I assume that there must be a way for this to happen and I'm just missing a really obvious option right under my nose. There is currently no such option for VMs. There is a pre-start option for VM pools, where you est the number of VMs you would like to be available from the Pool, and in this case the engine will make sure (if possible) to start this number of VMs automatically. See feature page in http://wiki.ovirt.org/wiki/Features/PrestartedVm Thanks in advance, Rob ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] ActiveDirectory problems
top posting Hey, According to the call stack, it looks like something is wrong in the root DSE attributes (whether due to a bug in the engine, or some configuration that can be done in AD). Please provide us this information by using the following commands: ldapsearch -LLL -D u...@example.com -h AD-SERVER -b -s base objectClass=* Oved - Original Message - From: Joop jvdw...@xs4all.nl To: users@ovirt.org users@ovirt.org Sent: Saturday, September 15, 2012 1:07:06 AM Subject: [Users] ActiveDirectory problems Hi List, I have been reading the list for quite sometime and I have a question because I can't find the problem myself. I have an oVirt-3.1 setup with 3 nodes (Fed17 install from LiveCD + vdsm) and an engine install. Sofar this all works. Can create VM's, can migrate them, no problems ( well one but thats for another post, vdsmd doesn't start at system start). Version of oVirt thats installed: Installed Packages ovirt-engine.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-backend.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-cli.noarch 3.1.0.6-1.fc17 @ovirt-beta ovirt-engine-config.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-dbscripts.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-genericapi.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-notification-service.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-restapi.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-sdk.noarch 3.1.0.4-1.fc17 @ovirt-beta ovirt-engine-setup.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-tools-common.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-userportal.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-webadmin-portal.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-image-uploader.noarch 3.1.0-0.git9c42c8.fc17 @ovirt-beta ovirt-iso-uploader.noarch 3.1.0-0.git1841d9.fc17 @ovirt-beta ovirt-log-collector.noarch 3.1.0-0.git10d719.fc17 @ovirt-beta Next step is integrating with our AD setup. Ran engine-manage-domains -action=add -provider=ActiveDirectory -domain=nieuwland.local -user=admin -interactive Message is: WARNING: No permissions were added to the Engine. Login either with the internal admin user or with another configured user Successfully added domain nieuwland.local. oVirt Engine restart is required in order for the changes to take place (service Manage Domains completed successfully The specified admin is an DomainAdministrator. The logfile in /var/log/engine/engine-manage-domains also says OK. The resulting krb5.conf in /etc/ovirt-engine looks also OK. The AD servers are resolvable forward and backward. Then I'm lost because when I log into the Admin portal with the internal admin account and goto the Users tab and want to add a user from the nieuwland.local, myself (jvandewege) realm it won't work and I get the following in engine.log 2012-09-14 12:55:26,104 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp--0.0.0.0-8009-12) Failed ldap search server LDAP://digit.nieuwland.local:389 due to java.lang.NullPointerException. We should try the next server: java.lang.NullPointerException at org.ovirt.engine.core.bll.adbroker.ADRootDSE.init(ADRootDSE.java:26) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.RootDSEFactory.get(RootDSEFactory.java:14) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.GetRootDSETask.setRootDSE(GetRootDSETask.java:97) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.GetRootDSETask.call(GetRootDSETask.java:68) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.DirectorySearcher.find(DirectorySearcher.java:91) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.DirectorySearcher.FindOne(DirectorySearcher.java:39) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand.executeQuery(LdapAuthenticateUserCommand.java:44) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.LdapBrokerCommandBase.Execute(LdapBrokerCommandBase.java:68) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.LdapBrokerBase.RunAdAction(LdapBrokerBase.java:18) [engine-bll.jar:] at org.ovirt.engine.core.bll.LoginUserCommand.authenticateUser(LoginUserCommand.java:30) [engine-bll.jar:] at org.ovirt.engine.core.bll.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:177) [engine-bll.jar:] at org.ovirt.engine.core.bll.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:14) [engine-bll.jar:] at org.ovirt.engine.core.bll.CommandBase.InternalCanDoAction(CommandBase.java:486) [engine-bll.jar:] at org.ovirt.engine.core.bll.CommandBase.ExecuteAction(CommandBase.java:261) [engine-bll.jar:] at org.ovirt.engine.core.bll.Backend.Login(Backend.java:481) [engine-bll.jar:] at
Re: [Users] issues regarding rhevm
Hey,
Your script worked in my environment (Fedora 17 with latest SDK RPM built as
you mentioned below, and latest engine).
IMO, the error doesn't seem related to the OS change between our environments.
Are you testing it with the latest SDK and engine?
Oved
- Original Message -
From: Romil Gupta romilgupt...@gmail.com
To: mbu...@redhat.com, users@ovirt.org
Sent: Tuesday, September 11, 2012 12:37:49 PM
Subject: [Users] issues regarding rhevm
Hello ,
I am having a CENTOS machine over tht i have installed ovirt-sdk
using following command :
$ git clone http :// gerrit.ovirt.org/ovirt-engine-sdk
$ yum install -y rpm-build python-devel python-setuptools
$ make rpm
$ yum localinstall
rpmtop/RPMS/noarch/ovirt-engine-sdk-x.y-z.noarch.rpm
thn i have written one script rhevmtest.py :
from ovirtsdk.api import API
from ovirtsdk.xml import params
import time
rhevm_uri = http://rhevm301.abc.xyz.com:8080/api
rhevm_username = ad...@rhevm301.abc.xyz.com
rhevm_password = password
rhevmAPI = API(url=rhevm_uri, username=rhevm_username,
password=rhevm_password)
print Connected to RHEVM Successful
instances = rhevmAPI.vms.list()
I got following errror :
$ python rhevmtest.py
Connected to RHEVM Successful
Traceback (most recent call last):
File romil_test.py, line 13, in module
instances = rhevmAPI.vms.list()
File
/usr/lib/python2.6/site-packages/ovirtsdk/infrastructure/brokers.py,
line 6615, in list
headers={Filter:contextmanager.get('filter')}).get_vm()
AttributeError: 'str' object has no attribute 'get_vm'
Regards
Romil Gupta
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] can't add domain with rhevm-manage-domains
Hey, What's the name of your domain? The query you pasted below shows DOMAIN.LOCAL. However, in the log I see: Failed authenticating user: f35191a to domain fpt.local. Did some reading, and looks like this error happens when the kerberos ticket is requested to the wrong REALM. What version are you working with? Is there anything else in the logs besides what you have put in pastebin? Oved - Original Message - From: Scotto Alberto al.sco...@reply.it To: users@ovirt.org Sent: Friday, August 31, 2012 6:45:15 PM Subject: Re: [Users] can't add domain with rhevm-manage-domains Ok, now it works. Thanks to tcpdump/wireshark I could undesrstand that: - Rhevm-manage-domains sends DNS queries asking for PTR of RHEV-H and another redundant domain server, so I - The LDAP query it sends is ((sAMAccountType=805306368)(userPrincipalName= fptadmin02@DOMAIN.LOCAL) ) but the account “fptadmin02” I was using had a different userPrincipalName So here is how I solved: - adding the missing PTRs in the reverse zone of the DNS server - logging in with another username that has a correct userPrincipalName Anyhow, after restarting jbossas, still I can’t log in the console with a domain username. From wireshark I see it doesn’t even send an LDAP query; it breaks at KRB5 packets with “error_code: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (7)” Here are the logs from rhevm.log http://pastebin.com/kZqn3kzz Alberto Scotto Blue Via Cardinal Massaia, 83 10147 - Torino - ITALY phone: +39 011 29100 al.sco...@reply.it www.reply.it From: users-boun...@ovirt.org [mailto:users-boun...@ovirt.org] On Behalf Of Scotto Alberto Sent: venerdì 31 agosto 2012 11:35 To: users@ovirt.org Subject: [Users] can't add domain with rhevm-manage-domains Hi all, I’m trying to add a domain (active directory), but I can’t get it to work. The command I execute is: rhevm-manage-domains -action=add -domain='FPT.LOCAL' -user='fptadmin' –interactive Attached you can find: - Output of the command - Logs from /var/log/rhevm/rhevm-manage-domains/rhevm-manage-domains.log I found a RHEV KB saying: For Error: LDAP query Failed , make sure the Active Directory server and the RHEVM server have the correct PTR records in the DNS reverse lookup zone file And another one says: It's required to create PTR entry into DNS for the following: · Name Server (NS) - Start of Authority (SOA) Example: WIN-TL8JB8JAG8.ad.mydomain.com. · Active Directory Name Example: ad.mydomain.com. · RHEVM machine Example: rhevm.ad.mydomain.com. We are fulfilling this requirement, as nslookup of these 3 machines’ IP work. Additional info. These commands work (if you need I can paste the full output): #dig SRV _kerberos._tcp.FPT.LOCAL #dig SRV _kerberos._udp.FPT.LOCAL #dig SRV _ldap._tcp.FPT.LOCAL # kinit fptadmin02@FPT.LOCAL # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: fptadmin02@FPT.LOCAL Valid starting Expires Service principal 08/30/12 15:55:46 08/31/12 01:55:51 krbtgt/FPT.LOCAL@FPT.LOCAL renew until 09/06/12 15:55:46 Thank you very much in advance Alberto Scotto Blue Via Cardinal Massaia, 83 10147 - Torino - ITALY phone: +39 011 29100 al.sco...@reply.it www.reply.it -- The information transmitted is intended for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. -- The information transmitted is intended for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Adding LDAP server directly with its FQDN.
- Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: users@ovirt.org Sent: Sunday, July 1, 2012 7:57:25 AM Subject: Re: [Users] Adding LDAP server directly with its FQDN. On 06/29/2012 11:14 PM, snmis...@linux.vnet.ibm.com wrote: Hi, Is there a way to directly add an LDAP server to ovirt? Currently I run engine-manage-domains with -domain=domain-name. This finds all the ldap servers in the domain. Can I skip this and just add the one I want? I have the fqdn of the ldap server. Regards Sharad Mishra IBM Hi Sharad, Currently - no such way. Bare in mind you need to provide also the user ID. In addition - it may be that not all DS providers hold information on the users in the same way, and we perform some normalization in order to store them at DB in the same format. However, I guess we can run this Guid encoding code at engine-manage-domains, and then, it will be possible to add the user (if you provide the baseDN FQDN) to the system. Feel free to suggest a patch ;) In addition, an idea that popped to my head - let's say you want to add 100 users this way - will you provide for every one of them the baseDN? Maybe we should be able to configure a fefault base DN per domain? Hey, We do have an entry in vdc_options called LdapServers. It is a per-domain configuration, just like the other LDAP related configuration options. When looking for LDAP servers, the engine uses the ones in this configuration. If empty, it goes to the DNS. Currently the engine-manage-domains utility doesn't set this option, but if you would like to work with one LDAP server for testing purposes, or as a workaround, then you can set it manually: domain:1ldapserver1, domain2:ldapserver2 Note that it only supports one LDAP server per domain. Oved ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Adding LDAP server directly with its FQDN.
- Original Message - From: Andrew Cathrow acath...@redhat.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org Sent: Sunday, July 1, 2012 2:46:32 PM Subject: Re: [Users] Adding LDAP server directly with its FQDN. - Original Message - From: Oved Ourfalli ov...@redhat.com To: Yair Zaslavsky yzasl...@redhat.com, Sharad Mishra snmis...@linux.vnet.ibm.com Cc: users@ovirt.org Sent: Sunday, July 1, 2012 2:50:53 AM Subject: Re: [Users] Adding LDAP server directly with its FQDN. - Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: users@ovirt.org Sent: Sunday, July 1, 2012 7:57:25 AM Subject: Re: [Users] Adding LDAP server directly with its FQDN. On 06/29/2012 11:14 PM, snmis...@linux.vnet.ibm.com wrote: Hi, Is there a way to directly add an LDAP server to ovirt? Currently I run engine-manage-domains with -domain=domain-name. This finds all the ldap servers in the domain. Can I skip this and just add the one I want? I have the fqdn of the ldap server. Regards Sharad Mishra IBM Hi Sharad, Currently - no such way. Bare in mind you need to provide also the user ID. In addition - it may be that not all DS providers hold information on the users in the same way, and we perform some normalization in order to store them at DB in the same format. However, I guess we can run this Guid encoding code at engine-manage-domains, and then, it will be possible to add the user (if you provide the baseDN FQDN) to the system. Feel free to suggest a patch ;) In addition, an idea that popped to my head - let's say you want to add 100 users this way - will you provide for every one of them the baseDN? Maybe we should be able to configure a fefault base DN per domain? Hey, We do have an entry in vdc_options called LdapServers. It is a per-domain configuration, just like the other LDAP related configuration options. When looking for LDAP servers, the engine uses the ones in this configuration. If empty, it goes to the DNS. Currently the engine-manage-domains utility doesn't set this option, but if you would like to work with one LDAP server for testing purposes, or as a workaround, then you can set it manually: domain:1ldapserver1, domain2:ldapserver2 Would that mean that we can skip all the DNS SRV records? Not the kerberos ones, only the LDAP ones. And, it also currently supports only one LDAP server per domain (this entry was originally used in order to specify that the LDAP server is localhost. Instead of just writing an entry specifying whether the LDAP server is local or not, we did a more general configuration). It is no longer in use for that purpose, but the config entry is still there. Note that it only supports one LDAP server per domain. Oved ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Ovirt - double use of PCI Address
Fix is now merged upstream: http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commit;h=242636a161a1f7ee44bfad2f9a80002b589b685e I verified it on my environment, testing both snapshots and pools. I guess that old VMs you have, that are part of a pool, or were restored from snapshots, can be damaged (as not only the monitors were duplicated, but all the other devices as well, besides disks). Thank you for helping us find the problem, Oved - Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: users@ovirt.org Cc: mohsen saeedi mohsen.sae...@gmail.com, Oved Ourfalli oourf...@redhat.com Sent: Tuesday, June 5, 2012 7:16:12 PM Subject: Re: [Users] Ovirt - double use of PCI Address On 06/05/2012 06:46 PM, Oved Ourfalli wrote: I think that the problem is related to snapshots. I saw that when working with a VM pool, defining some pre-started VMs, then when shutting down a VM then all the devices are created again, which leads to these duplications. Still need to investigate/debug it, on a clean environment, but looks like it is the issue. Oved I would also like to add that maybe its worth to get the XML of the configuration of the snapshot. This information is stored as text under the vm_configuration column of snapshots table. You will always have an active snapshot - this is not the snapshot you're interested at, simply query the snapshots table according to the snapshot description, and you will have the OVF that describes the VM when the snapshot was created. I wonder if the OVF is correctly kept at the snapshot (just suggesting another point of investigation) Yair - Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org, Igor Lvovsky ilvov...@redhat.com Sent: Tuesday, June 5, 2012 6:34:18 PM Subject: Re: [Users] Ovirt - double use of PCI Address Ok. thanks. I'm trying to do all of the under my home server with Ovirt. I'll update you about any problem in this case. Oved Ourfalli ov...@redhat.com wrote on Tue, 05 Jun 2012 11:20:03 -0400 (EDT): - Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org , Igor Lvovsky ilvov...@redhat.com Sent: Tuesday, June 5, 2012 6:10:30 PM Subject: Re: [Users] Ovirt - double use of PCI Address Hi Again I just defined new server on Ovirt admin portal. I think define monitor is for desktop virtualization. is it true? I switched more than two time between spice and vnc. do you think switching between vnc and spice is the reason for this problem? And did the problem occur? Trying to reproduce it now and I can't, although I seem to have some VMs with more than one monitor in the vm_device table, but all have this property set to 1. I'll update you in case I understand the reason. If you have a solid reproduction then please share it. Thank you, Oved I'm going to delete extra video card. but it's very interesting for me to know about reason of this problem. Thanks Oved Ourfalli ov...@redhat.com wrote on Tue, 05 Jun 2012 10:16:07 -0400 (EDT): - Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org , Igor Lvovsky ilvov...@redhat.com Sent: Tuesday, June 5, 2012 5:06:55 PM Subject: Re: [Users] Ovirt - double use of PCI Address Thanks. But i didn't add 3 video card! why there is 3 video card?is it bug? Basically the number of devices should grow or shrink, according to the number of monitors you choose in the VM properties. If it has more then it is a bug. I'll take a look at it. can you please explain more about how can i fix this problem? i must go to the database and then i leave the address as is? i don't understand last your sentence. Thanks for you attention. Thinking of it, if you don't want 3 devices you can just delete two of the three video controllers in order to workaround the issue. In order to do that you'll have to do the following in the database: 1. Find the vm_id of your VM. You can do that by looking at the vm_static table. 2. Then, in the vm_device table, find the video devices. 3. Delete two of the three devices. Let me know if you need more help. Oved Ourfalli ov...@redhat.com wrote on Tue, 05 Jun 2012 10:01:00 -0400 (EDT): - Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org Sent: Tuesday, June 5, 2012 4:42:09 PM Subject: Re: [Users] Ovirt - double use of PCI Address /*Oved Ourfalli ov...@redhat.com */ wrote on Tue, 05 Jun 2012 09:29:19 -0400 (EDT): - Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: users@ovirt.org Sent: Tuesday
Re: [Users] Ovirt - double use of PCI Address
- Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org, Yair Zaslavsky yzasl...@redhat.com Sent: Wednesday, June 6, 2012 11:24:14 AM Subject: Re: [Users] Ovirt - double use of PCI Address Thanks. we should help each other in open source product. I'm trying to work with Ovirt everyday and if i find new problem or bug, i'll send it to lists. I didn't define any pool. as default pool is exist? No. But pool uses snapshots for stateless VMs, and that's where I originally reproduced the problem. i make snapshot from my VM and then create new clone based on snapshot. then i try to start new vm. it failed with double of pci address.then i removed new clone VM. then i try to start old VM (that i created snapshot from it) . but i saw it failed too! then i sent email to this lists and you helped me to solve this problem. thanks. Oved Ourfalli ov...@redhat.com wrote on Wed, 06 Jun 2012 03:20:16 -0400 (EDT): Fix is now merged upstream: http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commit;h=242636a161a1f7ee44bfad2f9a80002b589b685e I verified it on my environment, testing both snapshots and pools. I guess that old VMs you have, that are part of a pool, or were restored from snapshots, can be damaged (as not only the monitors were duplicated, but all the other devices as well, besides disks). Thank you for helping us find the problem, Oved - Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: users@ovirt.org Cc: mohsen saeedi mohsen.sae...@gmail.com , Oved Ourfalli oourf...@redhat.com Sent: Tuesday, June 5, 2012 7:16:12 PM Subject: Re: [Users] Ovirt - double use of PCI Address On 06/05/2012 06:46 PM, Oved Ourfalli wrote: I think that the problem is related to snapshots. I saw that when working with a VM pool, defining some pre-started VMs, then when shutting down a VM then all the devices are created again, which leads to these duplications. Still need to investigate/debug it, on a clean environment, but looks like it is the issue. Oved I would also like to add that maybe its worth to get the XML of the configuration of the snapshot. This information is stored as text under the vm_configuration column of snapshots table. You will always have an active snapshot - this is not the snapshot you're interested at, simply query the snapshots table according to the snapshot description, and you will have the OVF that describes the VM when the snapshot was created. I wonder if the OVF is correctly kept at the snapshot (just suggesting another point of investigation) Yair - Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org , Igor Lvovsky ilvov...@redhat.com Sent: Tuesday, June 5, 2012 6:34:18 PM Subject: Re: [Users] Ovirt - double use of PCI Address Ok. thanks. I'm trying to do all of the under my home server with Ovirt. I'll update you about any problem in this case. Oved Ourfalli ov...@redhat.com wrote on Tue, 05 Jun 2012 11:20:03 -0400 (EDT): - Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org , Igor Lvovsky ilvov...@redhat.com Sent: Tuesday, June 5, 2012 6:10:30 PM Subject: Re: [Users] Ovirt - double use of PCI Address Hi Again I just defined new server on Ovirt admin portal. I think define monitor is for desktop virtualization. is it true? I switched more than two time between spice and vnc. do you think switching between vnc and spice is the reason for this problem? And did the problem occur? Trying to reproduce it now and I can't, although I seem to have some VMs with more than one monitor in the vm_device table, but all have this property set to 1. I'll update you in case I understand the reason. If you have a solid reproduction then please share it. Thank you, Oved I'm going to delete extra video card. but it's very interesting for me to know about reason of this problem. Thanks Oved Ourfalli ov...@redhat.com wrote on Tue, 05 Jun 2012 10:16:07 -0400 (EDT): - Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org , Igor Lvovsky ilvov...@redhat.com Sent: Tuesday, June 5, 2012 5:06:55 PM Subject: Re: [Users] Ovirt - double use of PCI Address Thanks. But i didn't add 3 video card! why there is 3 video card?is it bug? Basically the number of devices should grow or shrink, according to the number of monitors you choose in the VM properties. If it has more then it is a bug. I'll take a look at it. can you please explain more about how can i fix this problem? i must go to the database and then i leave the address as is? i don't understand last your sentence. Thanks for you attention. Thinking
Re: [Users] Ovirt - double use of PCI Address
Stateless VMs are VMs that once shut down, all the information you stored there / configuration changes you made, will be lost. It is useful mostly for testing purposes, temporary usage, provide services to people and etc. - Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org Sent: Wednesday, June 6, 2012 2:31:59 PM Subject: Re: [Users] Ovirt - double use of PCI Address Oved Ourfalli ov...@redhat.com wrote on Wed, 06 Jun 2012 05:03:28 -0400 (EDT): - Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org , Yair Zaslavsky yzasl...@redhat.com Sent: Wednesday, June 6, 2012 11:24:14 AM Subject: Re: [Users] Ovirt - double use of PCI Address Thanks. we should help each other in open source product. I'm trying to work with Ovirt everyday and if i find new problem or bug, i'll send it to lists. I didn't define any pool. as default pool is exist? No. But pool uses snapshots for stateless VMs, and that's where I originally reproduced the problem. oh. yes. I saw stateless but what is the meaning of stateless VMs? I'm sorry to ask a lot of question! Thanks i make snapshot from my VM and then create new clone based on snapshot. then i try to start new vm. it failed with double of pci address.then i removed new clone VM. then i try to start old VM (that i created snapshot from it) . but i saw it failed too! then i sent email to this lists and you helped me to solve this problem. thanks. Oved Ourfalli ov...@redhat.com wrote on Wed, 06 Jun 2012 03:20:16 -0400 (EDT): Fix is now merged upstream: http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commit;h=242636a161a1f7ee44bfad2f9a80002b589b685e I verified it on my environment, testing both snapshots and pools. I guess that old VMs you have, that are part of a pool, or were restored from snapshots, can be damaged (as not only the monitors were duplicated, but all the other devices as well, besides disks). Thank you for helping us find the problem, Oved - Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: users@ovirt.org Cc: mohsen saeedi mohsen.sae...@gmail.com , Oved Ourfalli oourf...@redhat.com Sent: Tuesday, June 5, 2012 7:16:12 PM Subject: Re: [Users] Ovirt - double use of PCI Address On 06/05/2012 06:46 PM, Oved Ourfalli wrote: I think that the problem is related to snapshots. I saw that when working with a VM pool, defining some pre-started VMs, then when shutting down a VM then all the devices are created again, which leads to these duplications. Still need to investigate/debug it, on a clean environment, but looks like it is the issue. Oved I would also like to add that maybe its worth to get the XML of the configuration of the snapshot. This information is stored as text under the vm_configuration column of snapshots table. You will always have an active snapshot - this is not the snapshot you're interested at, simply query the snapshots table according to the snapshot description, and you will have the OVF that describes the VM when the snapshot was created. I wonder if the OVF is correctly kept at the snapshot (just suggesting another point of investigation) Yair - Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org , Igor Lvovsky ilvov...@redhat.com Sent: Tuesday, June 5, 2012 6:34:18 PM Subject: Re: [Users] Ovirt - double use of PCI Address Ok. thanks. I'm trying to do all of the under my home server with Ovirt. I'll update you about any problem in this case. Oved Ourfalli ov...@redhat.com wrote on Tue, 05 Jun 2012 11:20:03 -0400 (EDT): - Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org , Igor Lvovsky ilvov...@redhat.com Sent: Tuesday, June 5, 2012 6:10:30 PM Subject: Re: [Users] Ovirt - double use of PCI Address Hi Again I just defined new server on Ovirt admin portal. I think define monitor is for desktop virtualization. is it true? I switched more than two time between spice and vnc. do you think switching between vnc and spice is the reason for this problem? And did the problem occur? Trying to reproduce it now and I can't, although I seem to have some VMs with more than one monitor in the vm_device table, but all have this property set to 1. I'll update you in case I understand the reason. If you have a solid reproduction then please share it. Thank you, Oved I'm going to delete extra video card. but it's very interesting for me to know about reason of this problem. Thanks Oved Ourfalli ov...@redhat.com wrote on Tue, 05 Jun 2012 10:16:07 -0400 (EDT): - Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com
Re: [Users] oVirt RPM for RHEL Co.
Perhaps this will help: http://www.dreyou.org/ovirt/ (didn't test it, but saw it as an answer here when other people asked about running oVirt on centos). Oved - Original Message - From: Dael Maselli dael.mase...@lnf.infn.it To: users@ovirt.org Sent: Wednesday, June 6, 2012 6:27:48 PM Subject: Re: [Users] oVirt RPM for RHEL Co. Could you please answer this question? Thank you. Dael Maselli. On 27/02/12 12.04, Dael Maselli wrote: Hi, I was waiting the first release impatiently, when it was I suddenly downloaded the Installation Guide and I read: The packages provided via this mechanism are expected to work for users of Fedora, Red Hat Enterprise Linux, and other Enterprise Linux derivatives. I have Scientific Linux and/or Centos, but I can't find the rpm for these system (version 6.2). Do you plan to build and realease also for those OS? Thank you. Dael Maselli. -- ___ Dael Maselli --- INFN-LNF Computing Service -- +39.06.9403.2214 ___ * http://www.lnf.infn.it/ * http://www.infn.it/ * * http://www.FrascatiScienza.it/ * http://www.BucoNero.eu/ * ___ Democracy is two wolves and a lamb voting on what to have for lunch ___ ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- ___ Dael Maselli --- INFN-LNF Computing Service -- +39.06.9403.2214 ___ * http://www.lnf.infn.it/ * http://www.infn.it/ * * http://www.FrascatiScienza.it/ * http://www.BucoNero.eu/ * ___ Democracy is two wolves and a lamb voting on what to have for lunch ___ ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Ovirt - double use of PCI Address
- Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: users@ovirt.org Sent: Tuesday, June 5, 2012 4:24:46 PM Subject: [Users] Ovirt - double use of PCI Address Hi I setup ovirt and some other things. I make a virtual machine (CentOS 6.2). installed and configured it. then power off it and make a snapshot and create clone image from it. when i trying to start new machine, i got this error: 2012-06-05 13:16:15.433+: 2375: error : qemuCollectPCIAddress:743 : XML error: Attempted double use of PCI Address '0:0:2.0' I remove the new machine and try to start old machine. i get the error again! and i'm enable to start old machine. Can you please attach the engine.log and vdsm.log files? Are you working with the most updated upstream code? We had an issue with the monitors, in which the order of the monitor devices is important, as the first one needs to get the address 0:0:2.0, but that issue was fixed. Are you using more than one monitor? The vdsm.log fill will help a lot here, as it contains the VM's domain XML file, which will show us all the devices we send libvirt, and all the addresses that the engine expects to get from it. Any idea? Thanks. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Ovirt - double use of PCI Address
- Original Message -
From: Mohsen Saeedi mohsen.sae...@gmail.com
To: Oved Ourfalli ov...@redhat.com
Cc: users@ovirt.org, Igor Lvovsky ilvov...@redhat.com
Sent: Tuesday, June 5, 2012 5:06:55 PM
Subject: Re: [Users] Ovirt - double use of PCI Address
Thanks. But i didn't add 3 video card! why there is 3 video card?is
it bug?
Basically the number of devices should grow or shrink, according to the number
of monitors you choose in the VM properties.
If it has more then it is a bug.
I'll take a look at it.
can you please explain more about how can i fix this problem? i must
go to the database and then i leave the address as is? i don't
understand last your sentence.
Thanks for you attention.
Thinking of it, if you don't want 3 devices you can just delete two of the
three video controllers in order to workaround the issue.
In order to do that you'll have to do the following in the database:
1. Find the vm_id of your VM. You can do that by looking at the vm_static table.
2. Then, in the vm_device table, find the video devices.
3. Delete two of the three devices.
Let me know if you need more help.
Oved Ourfalli ov...@redhat.com wrote on Tue, 05 Jun 2012 10:01:00
-0400 (EDT):
- Original Message -
From: Mohsen Saeedi mohsen.sae...@gmail.com To: Oved Ourfalli
ov...@redhat.com Cc: users@ovirt.org Sent: Tuesday, June 5, 2012
4:42:09 PM
Subject: Re: [Users] Ovirt - double use of PCI Address
/*Oved Ourfalli ov...@redhat.com */ wrote on Tue, 05 Jun 2012
09:29:19
-0400 (EDT):
- Original Message -
From: Mohsen Saeedi mohsen.sae...@gmail.com To: users@ovirt.org
Sent: Tuesday, June 5, 2012 4:24:46 PM
Subject: [Users] Ovirt - double use of PCI Address
Hi
I setup ovirt and some other things. I make a virtual machine
(CentOS
6.2). installed and configured it. then power off it and make a
snapshot and create clone image from it.
when i trying to start new machine, i got this error:
2012-06-05 13:16:15.433+: 2375: error :
qemuCollectPCIAddress:743
: XML error: Attempted double use of PCI Address '0:0:2.0'
I remove the new machine and try to start old machine. i get the
error again! and i'm enable to start old machine. Can you please
attach the engine.log and vdsm.log files? Yes, I attached both of
them.
Are you working with the most updated upstream code? I'm working with
build from git -
faef6297b0d01203e88040b2707f9abfbd754d3f. more information is
available
here: http://www.dreyou.org/ovirt/ You can see the issue in vdsm.log
file. You have 3 video cards, all on the same address.
video
address domain=0x function=0x0 slot=0x02
type=pci
bus=0x00/
model heads=1 type=qxl vram=65536/
/video
video
address domain=0x function=0x0 slot=0x02
type=pci
bus=0x00/
model heads=1 type=qxl vram=65536/
/video
video
address domain=0x function=0x0 slot=0x02
type=pci
bus=0x00/
model heads=1 type=qxl vram=65536/
/video
Looking at the vdsm code (in vdsm/libvirtvm.py), you can see why such
a thing might happen (also look at the FIXME comment :-) ).
# FIXME. We have an identification problem here.
# Video card device has not unique identifier, except the
alias
# (but backend not aware to device's aliases).
# So, for now we can only assign the address according to
devices order.
for vc in self._devices[vm.VIDEO_DEVICES]:
if not hasattr(vc, 'address') or not hasattr(vc,
'alias'):
vc.alias = alias
vc.address = address
break
# Update vm's conf with address
for dev in self.conf['devices']:
if (dev['type'] == vm.VIDEO_DEVICES) and \
(not dev.get('address') or not dev.get('alias')):
dev['address'] = address
dev['alias'] = alias
break
The code above is responsible to return the engine core the device
addresses, after libvirt executes the VM, so that they will be
persistent, and used in future executions of the VM.
Now, the engine core is aware of the alias (as of the exact commit
you used :-) ), but the first time you run the VM, you can get the
addresses wrong, as the alias isn't taken into account.
Would you like to try to fix this issue? The fix will be to make a
better logic in the code above. Similar examples can be found in
this file, for example in the section that does the same for
controllers.
If not, let me know and I'll go ahead and fix that.
In the meantime, you can
Re: [Users] Ovirt - double use of PCI Address
- Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org, Igor Lvovsky ilvov...@redhat.com Sent: Tuesday, June 5, 2012 6:10:30 PM Subject: Re: [Users] Ovirt - double use of PCI Address Hi Again I just defined new server on Ovirt admin portal. I think define monitor is for desktop virtualization. is it true? I switched more than two time between spice and vnc. do you think switching between vnc and spice is the reason for this problem? And did the problem occur? Trying to reproduce it now and I can't, although I seem to have some VMs with more than one monitor in the vm_device table, but all have this property set to 1. I'll update you in case I understand the reason. If you have a solid reproduction then please share it. Thank you, Oved I'm going to delete extra video card. but it's very interesting for me to know about reason of this problem. Thanks Oved Ourfalli ov...@redhat.com wrote on Tue, 05 Jun 2012 10:16:07 -0400 (EDT): - Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org , Igor Lvovsky ilvov...@redhat.com Sent: Tuesday, June 5, 2012 5:06:55 PM Subject: Re: [Users] Ovirt - double use of PCI Address Thanks. But i didn't add 3 video card! why there is 3 video card?is it bug? Basically the number of devices should grow or shrink, according to the number of monitors you choose in the VM properties. If it has more then it is a bug. I'll take a look at it. can you please explain more about how can i fix this problem? i must go to the database and then i leave the address as is? i don't understand last your sentence. Thanks for you attention. Thinking of it, if you don't want 3 devices you can just delete two of the three video controllers in order to workaround the issue. In order to do that you'll have to do the following in the database: 1. Find the vm_id of your VM. You can do that by looking at the vm_static table. 2. Then, in the vm_device table, find the video devices. 3. Delete two of the three devices. Let me know if you need more help. Oved Ourfalli ov...@redhat.com wrote on Tue, 05 Jun 2012 10:01:00 -0400 (EDT): - Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org Sent: Tuesday, June 5, 2012 4:42:09 PM Subject: Re: [Users] Ovirt - double use of PCI Address /*Oved Ourfalli ov...@redhat.com */ wrote on Tue, 05 Jun 2012 09:29:19 -0400 (EDT): - Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: users@ovirt.org Sent: Tuesday, June 5, 2012 4:24:46 PM Subject: [Users] Ovirt - double use of PCI Address Hi I setup ovirt and some other things. I make a virtual machine (CentOS 6.2). installed and configured it. then power off it and make a snapshot and create clone image from it. when i trying to start new machine, i got this error: 2012-06-05 13:16:15.433+: 2375: error : qemuCollectPCIAddress:743 : XML error: Attempted double use of PCI Address '0:0:2.0' I remove the new machine and try to start old machine. i get the error again! and i'm enable to start old machine. Can you please attach the engine.log and vdsm.log files? Yes, I attached both of them. Are you working with the most updated upstream code? I'm working with build from git - faef6297b0d01203e88040b2707f9abfbd754d3f. more information is available here: http://www.dreyou.org/ovirt/ You can see the issue in vdsm.log file. You have 3 video cards, all on the same address. video address domain=0x function=0x0 slot=0x02 type=pci bus=0x00/ model heads=1 type=qxl vram=65536/ /video video address domain=0x function=0x0 slot=0x02 type=pci bus=0x00/ model heads=1 type=qxl vram=65536/ /video video address domain=0x function=0x0 slot=0x02 type=pci bus=0x00/ model heads=1 type=qxl vram=65536/ /video Looking at the vdsm code (in vdsm/libvirtvm.py), you can see why such a thing might happen (also look at the FIXME comment :-) ). # FIXME. We have an identification problem here. # Video card device has not unique identifier, except the alias # (but backend not aware to device's aliases). # So, for now we can only assign the address according to devices order. for vc in self._devices[vm.VIDEO_DEVICES]: if not hasattr(vc, 'address') or not hasattr(vc, 'alias'): vc.alias = alias
Re: [Users] Ovirt - double use of PCI Address
I think that the problem is related to snapshots. I saw that when working with a VM pool, defining some pre-started VMs, then when shutting down a VM then all the devices are created again, which leads to these duplications. Still need to investigate/debug it, on a clean environment, but looks like it is the issue. Oved - Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org, Igor Lvovsky ilvov...@redhat.com Sent: Tuesday, June 5, 2012 6:34:18 PM Subject: Re: [Users] Ovirt - double use of PCI Address Ok. thanks. I'm trying to do all of the under my home server with Ovirt. I'll update you about any problem in this case. Oved Ourfalli ov...@redhat.com wrote on Tue, 05 Jun 2012 11:20:03 -0400 (EDT): - Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org , Igor Lvovsky ilvov...@redhat.com Sent: Tuesday, June 5, 2012 6:10:30 PM Subject: Re: [Users] Ovirt - double use of PCI Address Hi Again I just defined new server on Ovirt admin portal. I think define monitor is for desktop virtualization. is it true? I switched more than two time between spice and vnc. do you think switching between vnc and spice is the reason for this problem? And did the problem occur? Trying to reproduce it now and I can't, although I seem to have some VMs with more than one monitor in the vm_device table, but all have this property set to 1. I'll update you in case I understand the reason. If you have a solid reproduction then please share it. Thank you, Oved I'm going to delete extra video card. but it's very interesting for me to know about reason of this problem. Thanks Oved Ourfalli ov...@redhat.com wrote on Tue, 05 Jun 2012 10:16:07 -0400 (EDT): - Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org , Igor Lvovsky ilvov...@redhat.com Sent: Tuesday, June 5, 2012 5:06:55 PM Subject: Re: [Users] Ovirt - double use of PCI Address Thanks. But i didn't add 3 video card! why there is 3 video card?is it bug? Basically the number of devices should grow or shrink, according to the number of monitors you choose in the VM properties. If it has more then it is a bug. I'll take a look at it. can you please explain more about how can i fix this problem? i must go to the database and then i leave the address as is? i don't understand last your sentence. Thanks for you attention. Thinking of it, if you don't want 3 devices you can just delete two of the three video controllers in order to workaround the issue. In order to do that you'll have to do the following in the database: 1. Find the vm_id of your VM. You can do that by looking at the vm_static table. 2. Then, in the vm_device table, find the video devices. 3. Delete two of the three devices. Let me know if you need more help. Oved Ourfalli ov...@redhat.com wrote on Tue, 05 Jun 2012 10:01:00 -0400 (EDT): - Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org Sent: Tuesday, June 5, 2012 4:42:09 PM Subject: Re: [Users] Ovirt - double use of PCI Address /*Oved Ourfalli ov...@redhat.com */ wrote on Tue, 05 Jun 2012 09:29:19 -0400 (EDT): - Original Message - From: Mohsen Saeedi mohsen.sae...@gmail.com To: users@ovirt.org Sent: Tuesday, June 5, 2012 4:24:46 PM Subject: [Users] Ovirt - double use of PCI Address Hi I setup ovirt and some other things. I make a virtual machine (CentOS 6.2). installed and configured it. then power off it and make a snapshot and create clone image from it. when i trying to start new machine, i got this error: 2012-06-05 13:16:15.433+: 2375: error : qemuCollectPCIAddress:743 : XML error: Attempted double use of PCI Address '0:0:2.0' I remove the new machine and try to start old machine. i get the error again! and i'm enable to start old machine. Can you please attach the engine.log and vdsm.log files? Yes, I attached both of them. Are you working with the most updated upstream code? I'm working with build from git - faef6297b0d01203e88040b2707f9abfbd754d3f. more information is available here: http://www.dreyou.org/ovirt/ You can see the issue in vdsm.log file. You have 3 video cards, all on the same address. video address domain=0x function=0x0 slot=0x02 type=pci bus=0x00/ model heads=1 type=qxl vram=65536/ /video video address domain=0x function=0x0 slot=0x02 type=pci bus=0x00/ model heads=1 type=qxl vram=65536/ /video video
Re: [Users] Some problems wtith engine
- Original Message - From: Haim Ateya hat...@redhat.com To: ov...@qip.ru Cc: users@ovirt.org Sent: Friday, May 25, 2012 7:15:56 PM Subject: Re: [Users] Some problems wtith engine - Original Message - From: ov...@qip.ru To: users@ovirt.org Sent: Friday, May 25, 2012 9:10:50 AM Subject: [Users] Some problems wtith engine 1. Problem to add second disk to VM I created shared disk and attach it to VM, but then when I tried to start VM got error XML error: Attempted double use of PCI Address '0:0:2.0'. VM not started even I detach and remove second disk. May it is possible to correct VM configuration parameters manually Are you working with the latest upstream? We had an issue of problem with the PCI addresses of the VM monitors, but that issues has been fixed. What's the number of monitors in the VM you are using? The logs Haim mentioned below can indeed help. please attach full vdsm engine log - I would like to have a look on the create vm command both sides and XML sent to libvirt. also attach /var/log/libvirt/qemu/vmName.log 2. Sometimes engine lost the connection to VMs VM is working, but in engine it has status Not Responding, VM is Win2003R2 with no agent installed, now it has UP time 8 days, and i could connect to console using rdp , on vdsm host vdsClient show it status is UP it reminds me of: https://bugzilla.redhat.com/show_bug.cgi?id=821468 what version of libvirt are you running with? # vdsClient -s 0 list table 121119f1-7f82-437e- ba 68- ef 5299de443a 31874 VM01 Up* # virsh -r list --all Id Name State 6 VM01 running but it can't be stopped nor by engine UI nor but vdsClient # vdsClient -s 0 reset 121119f1-7f82-437e- ba 68- ef 5299de443a Not implemented # vdsClient -s 0 shutdown 121119f1-7f82-437e- ba 68- ef 5299de443a 1 mes # but VM still working 3. Can't using fedora16 as a guest. Fedora16 VM minimal install with updates is starting only in single-user mode (i can add packages, do update), but if i do telinit 3 or start it in muili -user mode it freeze what version of qemu-kvm are you running with ? once vm freezes, what does vdsClient list table and virsh -r list tells ? also, please provide /var/log/libvirt/qemu/vmName.log, are there any IO errors ? what the status of the corresponding qemu process on host ? is it on 100% ? 4. Can't restore VMs with old ovf format with first tag ovf :Envelope xmlns:rasd=http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ResourceAllocationSettingData; xmlns:vssd=http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_VirtualSystemSettingData; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns: ovf =http://schemas.dmtf.org/ ovf /envelope/1/ ovf :version=0.9 The error in engine: Failed to read VM 'MailSRV' OVF , it may be corrupted we need engine log. -- ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] cann't login User-Portal with ipa added users
I think that there was such an error, but it was fixed. How updated are you? Is the working and not working scenarios happened with the same source code? Oved - Original Message - From: T-Sinjon tscbj1...@gmail.com To: users@ovirt.org Sent: Wednesday, May 30, 2012 1:06:23 PM Subject: [Users] cann't login User-Portal with ipa added users I use IPA, and i can do ipa user-show tsinjon etc(ipa service is good) few days ago , i could login User-Portal normally, but this time when i'm logging , i failed and the error occurred, engine.log and /var/log/jboss-as/console.log has the same logs as below: What can i do to deal with it? 2012-05-30 17:38:10,066 ERROR [org.ovirt.engine.core.bll.adbroker.GetRootDSE] (http--0.0.0.0-8443-5) [50355357] Failed to query rootDSE for LDAP server ldap://local:389 due to local:389 2012-05-30 17:38:15,072 ERROR [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy] (http--0.0.0.0-8443-5) [50355357] Error from Kerberos: ovirt-engine.local. 2012-05-30 17:38:15,073 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (http--0.0.0.0-8443-5) [50355357] Failed ldap search server ldap://local:389 due to org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException. We should not try the next server: org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException at org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy.authenticateToKDC(GSSAPIDirContextAuthenticationStrategy.java:150) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy.explicitAuth(GSSAPIDirContextAuthenticationStrategy.java:119) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy.authenticate(GSSAPIDirContextAuthenticationStrategy.java:111) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.GSSAPILdapTemplateWrapper.useAuthenticationStrategy(GSSAPILdapTemplateWrapper.java:85) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.PrepareLdapConnectionTask.call(PrepareLdapConnectionTask.java:56) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.DirectorySearcher.find(DirectorySearcher.java:98) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.DirectorySearcher.FindOne(DirectorySearcher.java:39) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand.executeQuery(LdapAuthenticateUserCommand.java:44) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.LdapBrokerCommandBase.Execute(LdapBrokerCommandBase.java:68) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.LdapBrokerBase.RunAdAction(LdapBrokerBase.java:18) [engine-bll.jar:] at org.ovirt.engine.core.bll.LoginUserCommand.authenticateUser(LoginUserCommand.java:30) [engine-bll.jar:] at org.ovirt.engine.core.bll.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:174) [engine-bll.jar:] at org.ovirt.engine.core.bll.LoginBaseCommand.canDoAction(LoginBaseCommand.java:143) [engine-bll.jar:] at org.ovirt.engine.core.bll.CommandBase.InternalCanDoAction(CommandBase.java:486) [engine-bll.jar:] at org.ovirt.engine.core.bll.CommandBase.ExecuteAction(CommandBase.java:261) [engine-bll.jar:] at org.ovirt.engine.core.bll.Backend.runActionImpl(Backend.java:330) [engine-bll.jar:] at org.ovirt.engine.core.bll.Backend.RunAction(Backend.java:288) [engine-bll.jar:] at sun.reflect.GeneratedMethodAccessor181.invoke(Unknown Source) [:1.6.0_24] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [:1.6.0_24] at java.lang.reflect.Method.invoke(Method.java:616) [:1.6.0_24] at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.1.0.Beta1b.jar:] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation-1.1.1.Final.jar:] at org.ovirt.engine.core.utils.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:11) [engine-utils.jar:] at sun.reflect.GeneratedMethodAccessor11.invoke(Unknown Source) [:1.6.0_24] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [:1.6.0_24] at
Re: [Users] engine-manage-domains can't add user , domain
- Original Message - From: T-Sinjon tscbj1...@gmail.com To: users@ovirt.org Sent: Monday, May 14, 2012 5:07:46 PM Subject: [Users] engine-manage-domains can't add user , domain I use FreeIPA to authenticate users, ipa user-add has no problem, but when i do : [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Error: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct.. Problematic domain is: local Failure while applying Kerberos configuration. Details: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct. and log from engine-manage-domains.log : 2012-05-14 21:58:47,892 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): local 2012-05-14 21:58:47,923 ERROR [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting SRV list for protocol _tcp and domain LOCAL Exception message is DNS name not found [response code 3] my domain is 'local' , like ovirt-engine.local 、ovirt-node-1.local …etc What can i do to get through it? The utility (and also the ovirt engine) are relying on DNS SRV records in order to find LDAP and kerberos servers (supporting Active directory, IPA or RHDS). So, in order to work with it you must have the following in the DNS 1. PTR record for your LDAP server 2. LDAP SRV record for your LDAP server 3. LDAP kerberos record for your LDAP server If you don't really have access to the DNS you can install a package called dnsmasq, and perform this changes by yourself in its config file. Oved ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] engine-manage-domains can't add user , domain
- Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Oved Ourfalli ov...@redhat.com Cc: T-Sinjon tscbj1...@gmail.com, users@ovirt.org Sent: Tuesday, May 15, 2012 8:48:26 AM Subject: Re: [Users] engine-manage-domains can't add user , domain On 05/15/2012 08:35 AM, Oved Ourfalli wrote: - Original Message - From: T-Sinjon tscbj1...@gmail.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org Sent: Tuesday, May 15, 2012 5:53:16 AM Subject: Re: [Users] engine-manage-domains can't add user , domain after use kinit login tsinjon , the error changes to , why this happened? [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Enter password: No user in Directory was found for tsinjon@LOCAL. Trying next LDAP server in list Failure while testing domain local. Details: No user information was found for user Can't see why kinit matters here, but looking at your command I noticed you used single quotes for the user and domain name. I'm not sure it knows to handle this correctly. Did you try without the quotes? Also, what version are you working with? We had a problem a few weeks ago, of identifying the correct ldap provider. To fix that we added an option to specify the ldap provider type. It determines which query will be used in order to get the user details. cc-ing Roy, which added this. iirc it is mandatory to provide this option, so you probably don't have this option in your environment. Roy - is there an upstream release with this fix? Oved - this was merged upstream. T-Sinjon - have you cloned the git repo and compiled or are you using RPMs? Yair - he is probably using the RPMs, as it is harder to run the utility from the git repo. Regards, Oved On 15 May, 2012, at 10:47 AM, T-Sinjon wrote: I have added those SRV info into my zone file , and it did go , the log looks fine , but engine-manage-domains still return error 2012-05-15 10:45:19,222 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): local 2012-05-15 10:45:19,258 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): local 2012-05-15 10:45:19,259 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: local [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Enter password: Error: exception message: Integrity check on decrypted field failed (31) - PREAUTH_FAILED Failure while testing domain local. Details: Kerberos error. Please check log for further details. On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote: - Original Message - From: T-Sinjon tscbj1...@gmail.com To: users@ovirt.org Sent: Monday, May 14, 2012 5:07:46 PM Subject: [Users] engine-manage-domains can't add user , domain I use FreeIPA to authenticate users, ipa user-add has no problem, but when i do : [root@ovirt-engine ~]# engine-manage-domains -action=add -domain='local' -user='tsinjon' -interactive Error: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct.. Problematic domain is: local Failure while applying Kerberos configuration. Details: Authentication Failed. Please verify the fully qualified domain name that is used for authentication is correct. and log from engine-manage-domains.log : 2012-05-14 21:58:47,892 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): local 2012-05-14 21:58:47,923 ERROR [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting SRV list for protocol _tcp and domain LOCAL Exception message is DNS name not found [response code 3] my domain is 'local' , like ovirt-engine.local 、ovirt-node-1.local …etc What can i do to get through it? The utility (and also the ovirt engine) are relying on DNS SRV records in order to find LDAP and kerberos servers (supporting Active directory, IPA or RHDS). So, in order to work with it you must have the following in the DNS 1. PTR record for your LDAP server 2. LDAP SRV record for your LDAP server 3. LDAP kerberos record for your LDAP server If you don't really have access to the DNS you can install a package called dnsmasq, and perform this changes by yourself in its config file. Oved ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing
Re: [Users] Password reset
You can use the engine-config utlilty. It is used to show/set config entries. Currently, the admin password is a config entry, so you can do the following: engine-config -s AdminPassword=your_password and it will do the trick. Oved - Original Message - From: Dennis Jacobfeuerborn denni...@conversis.de To: users@ovirt.org Sent: Monday, May 14, 2012 5:41:50 AM Subject: [Users] Password reset Hi, how can I reset the password of the admin@internal user? Regards, Dennis ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Testing LDAP support.
- Original Message -
From: Sharad Mishra snmis...@linux.vnet.ibm.com
To: Itamar Heim ih...@redhat.com
Cc: Oved Ourfalli ov...@redhat.com, users@ovirt.org
Sent: Thursday, April 12, 2012 9:37:46 PM
Subject: Re: [Users] Testing LDAP support.
On Thu, 2012-04-12 at 02:26 +0300, Itamar Heim wrote:
On 04/12/2012 01:09 AM, Sharad Mishra wrote:
On Wed, 2012-04-11 at 10:18 -0400, Oved Ourfalli wrote:
- Original Message -
From: Sharad Mishrasnmis...@linux.vnet.ibm.com
To: Itamar Heimih...@redhat.com
Cc: Oved Ourfalliov...@redhat.com, users@ovirt.org
Sent: Wednesday, April 11, 2012 4:53:37 PM
Subject: Re: [Users] Testing LDAP support.
On Tue, 2012-04-10 at 10:55 +0300, Itamar Heim wrote:
On 04/10/2012 04:51 AM, Sharad Mishra wrote:
On Mon, 2012-04-09 at 12:38 -0700, Sharad Mishra wrote:
On Mon, 2012-04-09 at 14:10 -0400, Oved Ourfalli wrote:
When a call is made to construct InitialDirContext
with
following
settings -
{java.naming.provider.url=ldap://ldapserver.ibm.com:389,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.security.principal=uid=1234567,c=us,ou=ldapserver,o=ibm.com,
java.naming.security.authentication=DIGEST-MD5 GSSAPI,
java.naming.security.credentials=password,
java.naming.referral=follow,
java.naming.ldap.attributes.binary=objectGUID}
How do I configure the ovirt test setup on my workstation to
use LDAP
for authentication? I looked around webadmin GUI but could not
find
it.
-Sharad
If you are working with an installed oVirt environment, you can
use engine-manage-domains utility in order to add/remove/edit
domains.
It will create the krb5.conf file, update database entries, add
permissions for the user you use, and etc.
I was able to move around some jar files and config files to
finally be
able to run engine-manage-domains to add new domains. First I ran
#./engine-manage-domains -action=list
Manage Domains completed successfully
I did not get any domain, which makes sense since I only have
default
setup. then I tried
#./engine-manage-domains -action=add -domain=bluepages.ibm.com
-user=snmis...@us.ibm.com -passwordFile=/tmp/.pwd
where /tmp/.pwd has my ldap password.
I got the following error -
Error: Authentication Failed. Please verify the fully qualified
domain
name that is used for authentication is correct.. Problematic
domain is:
bluepages.ibm.com Failure while applying Kerberos configuration.
Details: Authentication Failed. Please verify the fully qualified
domain
name that is used for authentication is correct.
I also tried -domain=bluepages.ibm.com:389
this is kerberos based auth.
do I need any package/setup on client machine?
usual suspects are dns issues.
doesn't look like its dns issue, I can run ldapsearch from the
command
line.
anything in the manage domains log?
There is nothing in engine or server logs. Where are the manage
domain
logs?
the log is in:
/var/log/ovirt-engine/engine-manage-domains/engine-manage-domains.log
-Sharad
-Sharad
If, however, you are in a development environment, then
currently it is not easy to run this utility, as it requires
some configuration files and jars that are there when you
install the engine, but not there in a development environment.
So, in that case you'll need to run the following (change the
domain name, user name and user guid):
update vdc_options set option_value = 'your domain' where
option_name = 'DomainName';
update vdc_options set option_value = 'your domain:your
user@your domain' where option_name= 'AdUserName';
update vdc_options set option_value = 'your domain:user
guid' where option_name='AdUserId';
update vdc_options set option_value = 'your domain:your
password' where option_name='AdUserPassword';
insert into permissions
(id,role_id,ad_element_id,object_id,object_type_id) values
('choose a random
guid','----0001','user
guid','aaa0----123456789aaa',1);
Also, you'll have to create a krb5.conf file, and place it in
$JBOSS_HOME/standalone/configuration
An example for the contents of this file:
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = no
default_tkt_enctypes = arcfour-hmac-md5
udp_preference_limit = 1
[realms]
EXAMPLE.COM = {
kdc = my_host.example.com.:88
}
[domain_realm]
example.com = EXAMPLE.COM
Note that you need to have the following records for your LDAP
server, defined in the DNS:
* LDAP SRV record
* Kerberos SRV record
* PTR record
(You can use dnsmasq
Re: [Users] Testing LDAP support.
- Original Message -
From: Sharad Mishra snmis...@linux.vnet.ibm.com
To: Itamar Heim ih...@redhat.com
Cc: Oved Ourfalli ov...@redhat.com, users@ovirt.org
Sent: Wednesday, April 11, 2012 4:53:37 PM
Subject: Re: [Users] Testing LDAP support.
On Tue, 2012-04-10 at 10:55 +0300, Itamar Heim wrote:
On 04/10/2012 04:51 AM, Sharad Mishra wrote:
On Mon, 2012-04-09 at 12:38 -0700, Sharad Mishra wrote:
On Mon, 2012-04-09 at 14:10 -0400, Oved Ourfalli wrote:
When a call is made to construct InitialDirContext with
following
settings -
{java.naming.provider.url=ldap://ldapserver.ibm.com:389,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.security.principal=uid=1234567,c=us,ou=ldapserver,o=ibm.com,
java.naming.security.authentication=DIGEST-MD5 GSSAPI,
java.naming.security.credentials=password,
java.naming.referral=follow,
java.naming.ldap.attributes.binary=objectGUID}
How do I configure the ovirt test setup on my workstation to use LDAP
for authentication? I looked around webadmin GUI but could not find
it.
-Sharad
If you are working with an installed oVirt environment, you can use
engine-manage-domains utility in order to add/remove/edit domains.
It will create the krb5.conf file, update database entries, add permissions for
the user you use, and etc.
If, however, you are in a development environment, then currently it is not
easy to run this utility, as it requires some configuration files and jars that
are there when you install the engine, but not there in a development
environment.
So, in that case you'll need to run the following (change the domain name, user
name and user guid):
update vdc_options set option_value = 'your domain' where option_name =
'DomainName';
update vdc_options set option_value = 'your domain:your user@your domain'
where option_name= 'AdUserName';
update vdc_options set option_value = 'your domain:user guid' where
option_name='AdUserId';
update vdc_options set option_value = 'your domain:your password' where
option_name='AdUserPassword';
insert into permissions
(id,role_id,ad_element_id,object_id,object_type_id) values
('choose a random guid','----0001','user
guid','aaa0----123456789aaa',1);
Also, you'll have to create a krb5.conf file, and place it in
$JBOSS_HOME/standalone/configuration
An example for the contents of this file:
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = no
default_tkt_enctypes = arcfour-hmac-md5
udp_preference_limit = 1
[realms]
EXAMPLE.COM = {
kdc = my_host.example.com.:88
}
[domain_realm]
example.com = EXAMPLE.COM
Note that you need to have the following records for your LDAP server, defined
in the DNS:
* LDAP SRV record
* Kerberos SRV record
* PTR record
(You can use dnsmasq if you wish to create those records by yourself - if you
need help with this let me know).
Oved
Can you also attach the jboss log and engine log? (assuming you
are testing it in the ovirt-engine environment).
They can be helpful, as it might be related to some class
loading issue or something similar, and the log might shed
light on that.
I think its my setup that is the issue here. I am unable to run
ldapsearch CLI with DIGEST-MD5 protocol. I am not sure how to
setup/use
secret key with sasl. I am running my queries against a
production ldap
server on which I have user access. I tried to look around on
internet
but did not get a good hit.
have you tried the kebreros based authentication with it?
I see it is supposed to have it:
http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/index.jsp?topic=%2Fliaai%2Fkerberos%2Fliaaikerberos1.htm
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Testing LDAP support.
- Original Message -
From: Sharad Mishra snmis...@linux.vnet.ibm.com
To: users@ovirt.org
Sent: Monday, April 9, 2012 8:19:23 PM
Subject: [Users] Testing LDAP support.
Hi,
I was able to successfully test simple authentication support of IBM
Directory Server (IDS) in ovirt. Next step is to test DIGEST-MD5
support. This protocol is currently supported by my test IDS. But I
get
-
javax.naming.CommunicationException: [LDAP: error code 2 - Protocol
Error]
When a call is made to construct InitialDirContext with following
settings -
{java.naming.provider.url=ldap://ldapserver.ibm.com:389,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.security.principal=uid=1234567,c=us,ou=ldapserver,o=ibm.com,
java.naming.security.authentication=DIGEST-MD5 GSSAPI,
java.naming.security.credentials=password,
java.naming.referral=follow,
java.naming.ldap.attributes.binary=objectGUID}
Do you know what could be going wrong here? I think its something
wrong
with my usage and not in code.
What test cases were run to verify RedHat DS support? I can try to
run
the same for IBM DS before posting the patch.
Hard to tell what went wrong there. I'll try to take a look a bit on the web
(as I assume you did but I guess it can't hurt).
As for RHDS, most tests were done manually:
* Adding users/groups
* Authentication
* Group membership
* Adding / removing / editing RHDS domain with the engine-manage-domains
utility.
* Refresh users/groups.
* Search for users/groups
That's basically the main scenarios.
We have an LdapTester as well. The problem there was to setup the environment
needed for the testing.
It contains test cases for AD/IPA.
Oved
Thanks
Sharad Mishra
IBM
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Frozen login screen - how to debug?
Hey David, What environment are you working on? Are you synched with the latest upstream? Did you make changes in the code. I saw such an issue before on other people's environment, so it might have already been fixed. However, I'm not sure whether it was related to something they did, or that there was such a bug and it was fixed. That's why I'd recommend to get the most updated code. Hope it helps, Oved - Original Message - From: David Li l...@cloudshield.com To: Laszlo Hornyak lhorn...@redhat.com, users@ovirt.org Sent: Thursday, April 5, 2012 7:25:36 PM Subject: Re: [Users] Frozen login screen - how to debug? Hi Laszlo, I am not a GUI guy. What's GWT tool debug? Are there any engine log files that might help? I didn't change any source code on the engine side. - David From: Laszlo Hornyak [lhorn...@redhat.com] Sent: Thursday, April 05, 2012 9:25 AM To: Li, David; users@ovirt.org Subject: Re: [Users] Frozen login screen - how to debug? Hi David, It really does not have to do anything with firefox. I have seen this behavior when something is failing in the frontend code. You can use the GWT tools to debug. Did you change something in the code? I have seen it broken a couple of times when I modified classes shared between frontend and backend, you must be extra carefull when you do such things. Laszlo - Original Message - From: David Li l...@cloudshield.com To: users@ovirt.org Sent: Thursday, April 5, 2012 6:14:43 PM Subject: [Users] Frozen login screen - how to debug? Hi, I am not able to use the ovirt GUI admin login portal. The screen is completely frozen (no response at all) after I enter the admin login name and password. The only indication is a warning message Firefox 3.6 is not currently supported. I am not sure if this makes any sense. The same thing happens on Chrome and IE too. I have no such problem using CLI though. How can I debug this problem? - David ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] FQDN issue with ovirt engine-setup
Can you please provide the error log you get from jboss? There was an issue sent to this mailing list a few weeks ago with a problem in resolving localhost, so that might be your problem as well (the log will help understanding if that's the case). Do you have a localhost entry in /etc/hosts? Oved - Original Message - From: aru mon arumo...@gmail.com To: users@ovirt.org Sent: Saturday, March 17, 2012 12:56:12 AM Subject: [Users] FQDN issue with ovirt engine-setup Hi Team, I am facing some issue with the fqdn resolution while running the engin-setup. I donot have a DNS setup, so i am using the hosts file for fqds resolution. Even though the fqdn is added to the /etc/hosts file the engine-setup is not resolving it. ( this is because of the normal behaviour of the nslookup commnd) So, i used the option to continue the setup without resolving the fqdn. But after completing the setup i can see the war and ear files failing to deploy on jboss with java error of name resolution. Please help me to resolve the issue. Regards, Arumon ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Rest API for vmanager 3.0 (set VM ip address)
- Original Message - From: Messaoud Benantar mbena...@us.ibm.com To: Andrew Cathrow acath...@redhat.com Cc: users@ovirt.org Sent: Tuesday, March 13, 2012 10:15:39 PM Subject: Re: [Users] Rest API for vmanager 3.0 (set VM ip address) Andrew - Unfortunately in our case we assign ip-addresses from a static pool. So i understand the VMPayload feature will include setting up gues_info ip-address, right? Sorry that i have not read any info regarding this functionality -- when will it be available? Thanks. Details on the VMPayload feature can be found in http://www.ovirt.org/wiki/Features/VMPayload Basically, the purpose of the feature is to allow passing a payload to a guest upon startup, exposed as either a CD or Floppy device. So, you can use this in order to pass configuration information to the guest. Regards, Oved Regards, Messaoud Benantar From: Andrew Cathrow acath...@redhat.com To: Messaoud Benantar/Austin/IBM@IBMUS Cc: users@ovirt.org Date: 03/13/2012 03:12 PM Subject: Re: [Users] Rest API for vmanager 3.0 (set VM ip address) Not today, the guest would usually just pickup from DHCP But that's the purpose of the VMPayload feature that's being discussed - a way to pass arbitrary data/config to the VM - Original Message - From: Messaoud Benantar mbena...@us.ibm.com To: Andrew Cathrow acath...@redhat.com Cc: users@ovirt.org Sent: Tuesday, March 13, 2012 4:02:46 PM Subject: Re: [Users] Rest API for vmanager 3.0 (set VM ip address) Andrew -- thanks for the reply. Since guest_info of a vm is not modifiable, is there a way to set a VM's IP address. This seems like a really needed functionality when provisioning VMs through the Rest API. Regards, Messaoud Benantar From: Andrew Cathrow acath...@redhat.com To: Messaoud Benantar/Austin/IBM@IBMUS Cc: users@ovirt.org Date: 03/13/2012 01:30 PM Subject: Re: [Users] Rest API for vmanager 3.0 (set VM ip address) - Original Message - From: Messaoud Benantar mbena...@us.ibm.com To: users@ovirt.org Sent: Tuesday, March 13, 2012 12:13:25 PM Subject: [Users] Rest API for vmanager 3.0 (set VM ip address) Hi everyone, i am using the vmanager's 3.0 Rest API. have created a VM from an existing template (using http POST) and been trying to find a way to set the VMs ip address with no success. I tried supplying the ip address in the guest_info element during VM creation as in: guest_info ips ip address=x.x.x.x/ /ips /guest_info That's a read only property that shows the IP address of the virtual machine reported by the in-guest agent. There's discussion going on about how we pass a payload to a VM that can handle things like in-guest configuration http://www.ovirt.org/wiki/Features/VMPayload But the created VM ends up with the same ip address as that in the template. Anyone attempted to do something similar ? Is there another way of doing it. I tried the nics API but there seem to be no interface to modify a nic's ip address. Thank you. Regards, Messaoud Benantar ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Q on ovirt datacentre and host storage types
- Original Message - From: Xiaofan xiaof...@gmail.com To: Deepak C Shetty deepa...@linux.vnet.ibm.com Cc: users@ovirt.org Sent: Wednesday, February 29, 2012 2:18:03 PM Subject: Re: [Users] Q on ovirt datacentre and host storage types 2012/2/29 Deepak C Shetty deepa...@linux.vnet.ibm.com: Hi, got few basic Qs in my mind. Appreciate a response. 1) Why is it that the data domains must be of the same type as that of datacentre ? What is the goal behind having this constraint ? It seems useful to have a datacentre w/o having any storage restrictions.. i should be able to add hosts w/o worrying abt the storage types... why is it not so... looking to understand the reason behind this design decision. vdsm has no such restriction. But spm works not properly with mixture storage types. For example, say NFS is master domain, and there is also an iscsi domain in pool, in this situation, the size of inbox/outbox in NFS domain is not right, which will cause mailbox exception, 2) If i have a set of host systems all connected to shared FC storage, is there a way for me to configure LUNs exclusively for each host, meaning have ability to control what LUN each hosts sees ? Can this be done using oVirt today ? My understanding is that this cannot be done via ovirt, zoning of LUNs to host has to be done separately and not via ovirt, is that correct ? If I understood you correctly that is indeed not part of ovirt. You can put different LUNs in different data centers, but that won't mean a host in a cluster in one DC won't have access to a LUN defined on another DC (it won't have this access through ovirt, but this access will still be available if it was allowed in the storage controller management). All the hosts in clusters of a specific data center need access to all its storage domains. So you'd probably want to allow not only a host but a set of hosts, to access the LUN which the storage domains resides on. Same for NFS exports. 3) If i have to create and run 1000 VMs (say), how can i automate that using ovirt, what is the best way to do that ? Depends on the scenario. If you are talking about stateless VMs, based on a template, you can use VM Pools. We are also working on supporting pre-started VMs (see feature page in http://ovirt.org/wiki/Features/PrestartedVm), that will enable you to set a number on that VM pool which says how many VMs you would like to be up from the pool (I think the feature is already pushed, but not sure about that). If you want them to be separate, then IMO the best way to do so is to use the either the ovirt-CLI or the ovirt-SDK (again, depends on the exact scenario). Using it you can create VMs, run them, stop them and etc Details on that can be found in: www.ovirt.org/wiki/CLI www.ovirt.org/wiki/SDK Hope it helps, Oved thanx, deepak ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] engine setup failes using seprate /usr partition
- Original Message - From: w...@dds.nl To: users@ovirt.org Sent: Tuesday, February 28, 2012 10:35:39 AM Subject: [Users] engine setup failes using seprate /usr partition Running engine-setup fails when using a seperate /var partion (seperated from /) In /var/log/ovirt-engine/engine-setup_xxx.log: 2012-02-18 14:46:16::ERROR::engine-setup::614::root:: Traceback (most recent call last): File /usr/bin/engine-setup, line 612, in _linkHttpParams os.link(target, link) OSError: [Errno 18] Invalid cross-device link 2012-02-18 14:46:16::ERROR::engine-setup::728::root:: Traceback (most recent call last): File /usr/bin/engine-setup, line 712, in _editRootWar _linkHttpParams() File /usr/bin/engine-setup, line 615, in _linkHttpParams raise Exception(output_messages.ERR_EXP_FAILED_ROOT_WAR) Exception: Could not copy ROOT.war configuration into Jboss profile The installer tries to make a hard link to somewhere is /usr to /etc/ovirt-engine, which is not possible since /usr is on a separate disk partition. One can solve it to move /etc/overt-engine to /usr/local/etc/ovirt-engine en create a symbolic link in /etc/ I would like to report a bug, where can do this? Hey, 1. go to https://bugzilla.redhat.com 2. Create a new account (if you don't already have one), and Sign in 3. Choose New 4. Choose Community Projects 5. Choose oVirt 6. In the components choose ovirt-engine-installer 7. Describe your bug Thank you very much for your time to help us improve oVirt! Oved ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] LDAP
- Original Message - From: Yair Zaslavsky yzasl...@redhat.com To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org Sent: Sunday, February 26, 2012 1:09:16 PM Subject: Re: [Users] LDAP On 02/26/2012 12:57 PM, Oved Ourfalli wrote: - Original Message - From: Yaniv Kaul yk...@redhat.com To: Yair Zaslavsky yzasl...@redhat.com Cc: Oved Ourfalli ov...@redhat.com, users@ovirt.org Sent: Sunday, February 26, 2012 9:47:00 AM Subject: Re: [Users] LDAP On 02/26/2012 09:46 AM, Yair Zaslavsky wrote: On 02/26/2012 09:45 AM, Yair Zaslavsky wrote: On 02/26/2012 09:18 AM, Oved Ourfalli wrote: Found the problem. We are identifying if the LDAP server is AD or not by checking if the root DSE contains the defaultNamingContext attribute. This attribute is not in the LDAP standard, thus it appears in AD, and not in IPA and RHDS... Looking at the rootDSE you provided it looks like it was added to IPA, therefore we identify it as AD. Can you open us a bug on that upstream? Given that issue, I think we should also provide a way to set the ldap provider type (using the engine-manage-domains utility), in order to workaround such issues in the future. Don't you think that now this key (i.e providerType=IPA) kinda becomes mandatory? Or actually, maybe we should have it optional - if set - then this value will be used for providerType, if not - our auto-deduction mechanism takes place. Thoughts? Drop the auto-detection. Y. The pros for adding the auto-detection is the ease of use. The cons are that if it is not good enough it may fail due to changes in the LDAP provider (like what happened in this issue). I think we should improve that, but also make a way to work-around it, using special option of setting the provider type. So what do u think about my suggestion? manage-domains can add explicit provider type - if does not exist, auto-detection is carried out. I agree with it. It looks to me like the right way to go. Thank you, Oved - Original Message - From: Nathan Strattonnat...@robotics.net To: Oved Ourfalliov...@redhat.com Cc: users@ovirt.org Sent: Friday, February 24, 2012 8:31:02 PM Subject: Re: [Users] LDAP On Fri, 24 Feb 2012, Oved Ourfalli wrote: The identification of the provider type is done using the following logic, according to the results from the root DSE query: * if it contains a defaultNamingContext attribute -- AD * else * Check the vendorName attribute * if it is 389 Project then it is IPA * if it is Red Hat then it is RHDS. We added support for AD, IPA and RHDS. I guess that 389ds has a different vendor name. What does your root DSE query show? You can run it using ldapsearch, with the options -LLL -Y GSSAPI -Ddistinguished name of the username -hldap server -b -s base objectClass=* the distinguished name will be something like: uid=username,dc=example,dc=com [root@ipa-master ~]# ldapsearch -LLL -Y GSSAPI -D uid=nathan,cn=users,cn=accounts,dc=blinkmind,dc=net -h localhost -b -s base objectClass=* SASL/GSSAPI authentication started SASL username: ad...@blinkmind.net SASL SSF: 56 SASL data security layer installed. dn: objectClass: top namingContexts: dc=blinkmind,dc=net defaultnamingcontext: dc=blinkmind,dc=net supportedExtension: 2.16.840.1.113730.3.5.7 supportedExtension: 2.16.840.1.113730.3.5.8 supportedExtension: 2.16.840.1.113730.3.5.10 supportedExtension: 2.16.840.1.113730.3.8.10.3 supportedExtension: 1.3.6.1.4.1.4203.1.11.1 supportedExtension: 2.16.840.1.113730.3.8.10.1 supportedExtension: 2.16.840.1.113730.3.5.3 supportedExtension: 2.16.840.1.113730.3.5.12 supportedExtension: 2.16.840.1.113730.3.5.5 supportedExtension: 2.16.840.1.113730.3.5.6 supportedExtension: 2.16.840.1.113730.3.5.9 supportedExtension: 2.16.840.1.113730.3.5.4 supportedExtension: 1.3.6.1.4.1.1466.20037 supportedControl: 2.16.840.1.113730.3.4.2 supportedControl: 2.16.840.1.113730.3.4.3 supportedControl: 2.16.840.1.113730.3.4.4 supportedControl: 2.16.840.1.113730.3.4.5 supportedControl: 1.2.840.113556.1.4.473 supportedControl: 2.16.840.1.113730.3.4.9 supportedControl: 2.16.840.1.113730.3.4.16 supportedControl: 2.16.840.1.113730.3.4.15 supportedControl: 2.16.840.1.113730.3.4.17 supportedControl: 2.16.840.1.113730.3.4.19 supportedControl: 1.3.6.1.4.1.42.2.27.8.5.1 supportedControl: 1.3.6.1.4.1.42.2.27.9.5.2 supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.3.6.1.4.1.42.2.27.9.5.8 supportedControl: 1.3.6.1.4.1.4203.666.5.16 supportedControl: 2.16.840.1.113730.3.4.14 supportedControl: 2.16.840.1.113730.3.4.20 supportedControl: 1.3.6.1.4.1.1466.29539.12 supportedControl: 2.16.840.1.113730.3.4.12 supportedControl: 2.16.840.1.113730.3.4.18 supportedControl: 2.16.840.1.113730.3.4.13 supportedSASLMechanisms: EXTERNAL
Re: [Users] LDAP
Found the problem. We are identifying if the LDAP server is AD or not by checking if the root DSE contains the defaultNamingContext attribute. This attribute is not in the LDAP standard, thus it appears in AD, and not in IPA and RHDS... Looking at the rootDSE you provided it looks like it was added to IPA, therefore we identify it as AD. Can you open us a bug on that upstream? Given that issue, I think we should also provide a way to set the ldap provider type (using the engine-manage-domains utility), in order to workaround such issues in the future. Thank you, Oved - Original Message - From: Nathan Stratton nat...@robotics.net To: Oved Ourfalli ov...@redhat.com Cc: users@ovirt.org Sent: Friday, February 24, 2012 8:31:02 PM Subject: Re: [Users] LDAP On Fri, 24 Feb 2012, Oved Ourfalli wrote: The identification of the provider type is done using the following logic, according to the results from the root DSE query: * if it contains a defaultNamingContext attribute -- AD * else * Check the vendorName attribute * if it is 389 Project then it is IPA * if it is Red Hat then it is RHDS. We added support for AD, IPA and RHDS. I guess that 389ds has a different vendor name. What does your root DSE query show? You can run it using ldapsearch, with the options -LLL -Y GSSAPI -D distinguished name of the username -h ldap server -b -s base objectClass=* the distinguished name will be something like: uid=username,dc=example,dc=com [root@ipa-master ~]# ldapsearch -LLL -Y GSSAPI -D uid=nathan,cn=users,cn=accounts,dc=blinkmind,dc=net -h localhost -b -s base objectClass=* SASL/GSSAPI authentication started SASL username: ad...@blinkmind.net SASL SSF: 56 SASL data security layer installed. dn: objectClass: top namingContexts: dc=blinkmind,dc=net defaultnamingcontext: dc=blinkmind,dc=net supportedExtension: 2.16.840.1.113730.3.5.7 supportedExtension: 2.16.840.1.113730.3.5.8 supportedExtension: 2.16.840.1.113730.3.5.10 supportedExtension: 2.16.840.1.113730.3.8.10.3 supportedExtension: 1.3.6.1.4.1.4203.1.11.1 supportedExtension: 2.16.840.1.113730.3.8.10.1 supportedExtension: 2.16.840.1.113730.3.5.3 supportedExtension: 2.16.840.1.113730.3.5.12 supportedExtension: 2.16.840.1.113730.3.5.5 supportedExtension: 2.16.840.1.113730.3.5.6 supportedExtension: 2.16.840.1.113730.3.5.9 supportedExtension: 2.16.840.1.113730.3.5.4 supportedExtension: 1.3.6.1.4.1.1466.20037 supportedControl: 2.16.840.1.113730.3.4.2 supportedControl: 2.16.840.1.113730.3.4.3 supportedControl: 2.16.840.1.113730.3.4.4 supportedControl: 2.16.840.1.113730.3.4.5 supportedControl: 1.2.840.113556.1.4.473 supportedControl: 2.16.840.1.113730.3.4.9 supportedControl: 2.16.840.1.113730.3.4.16 supportedControl: 2.16.840.1.113730.3.4.15 supportedControl: 2.16.840.1.113730.3.4.17 supportedControl: 2.16.840.1.113730.3.4.19 supportedControl: 1.3.6.1.4.1.42.2.27.8.5.1 supportedControl: 1.3.6.1.4.1.42.2.27.9.5.2 supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.3.6.1.4.1.42.2.27.9.5.8 supportedControl: 1.3.6.1.4.1.4203.666.5.16 supportedControl: 2.16.840.1.113730.3.4.14 supportedControl: 2.16.840.1.113730.3.4.20 supportedControl: 1.3.6.1.4.1.1466.29539.12 supportedControl: 2.16.840.1.113730.3.4.12 supportedControl: 2.16.840.1.113730.3.4.18 supportedControl: 2.16.840.1.113730.3.4.13 supportedSASLMechanisms: EXTERNAL supportedSASLMechanisms: PLAIN supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: ANONYMOUS supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: LOGIN supportedLDAPVersion: 2 supportedLDAPVersion: 3 vendorName: 389 Project vendorVersion: 389-Directory/1.2.10.rc1 B2012.035.328 dataversion: 020120223201756 netscapemdsuffix: cn=ldap://dc=ipa-master,dc=blinkmind,dc=net:389 lastusn: 468 It will help us understand which vendor name is shown in your ldap server, and we might use it in order to improve the identification. It surprises me that IPA is not identified correctly, as 389 Project is the vendor name that was used there (unless it was changed). As for 389ds, as I said before we added RHDS support, so there might be changes in the schema, and also probably the vendor name there is not Red Hat. Looks like 389 Project However I still see: -bash-4.2# engine-manage-domains -action=add -domain=blinkmind.net -user=nathan -interactive Enter password: No user in Directory was found for nat...@blinkmind.net. Trying next LDAP server in list Failure while testing domain blinkmind.net. Details: No user information was found for user On my FreeIPA server I see: [24/Feb/2012:18:28:46 +] conn=144 op=3 SRCH base=dc=blinkmind,dc=net scope=2 filter=((samaccounttype=805306368)(userprincipalname=nat...@blinkmind.net)) attrs=nsUniqueId ipaUniqueID objectguid objectClass javaSerializedData javaClassName javaFactory javaCodebase javaReferenceAddress
Re: [Users] LDAP
- Original Message - From: Nathan Stratton nat...@robotics.net To: Itamar Heim ih...@redhat.com Cc: users@ovirt.org Sent: Wednesday, February 22, 2012 1:03:33 AM Subject: Re: [Users] LDAP On Sun, 19 Feb 2012, Itamar Heim wrote: On 02/19/2012 11:11 PM, Nathan Stratton wrote: On Sun, 19 Feb 2012, Itamar Heim wrote: the current code supports AD, freeIPA/IPA and 389ds/RHDS. if apache directory server is similar to any of them, you could try hacking the code to add support for it. Ok, will go with 389 for now, its in the family, tho Gluster is in the family and you don't support it as a storage file system... : ) please remember you need 389ds with kerberos support. Got it installed and setup, I am able to authenticate from linux boxes with the new 389 LDAP so I know that works. However still running into issues getting ovirt-engine to work with it. http://share.robotics.net/ldap.pcap As you can see from the pcap, I see a DNS SRV query for _ldap._tcp.blinkmind.net and the box does talk to the LDAP box. I don't see anyting on port 88, or a ldap query for the kerberos or does it try to just use the same IP as ldap? 2012-02-21 16:59:48,411 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (http--0.0.0.0-8080-1) Failed ldap search server LDAP://ldap-master.hou.blinkmind.net:389 due to org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException. We should not try the next server: org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException at org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy.authenticateToKDC(GSSAPIDirContextAuthenticationStrategy.java:150) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy.explicitAuth(GSSAPIDirContextAuthenticationStrategy.java:119) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy.authenticate(GSSAPIDirContextAuthenticationStrategy.java:111) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.GSSAPILdapTemplateWrapper.useAuthenticationStrategy(GSSAPILdapTemplateWrapper.java:90) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.PrepareLdapConnectionTask.call(PrepareLdapConnectionTask.java:56) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:108) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:97) [engine-bll.jar:] at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) [:1.6.0_22] at java.util.concurrent.FutureTask.run(FutureTask.java:166) [:1.6.0_22] at org.ovirt.engine.core.utils.threadpool.ThreadPoolUtil$InternalWrapperRunnable.run(ThreadPoolUtil.java:57) [utils-3.0.0-0001.jar:] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [:1.6.0_22] at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) [:1.6.0_22] at java.util.concurrent.FutureTask.run(FutureTask.java:166) [:1.6.0_22] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [:1.6.0_22] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [:1.6.0_22] at java.lang.Thread.run(Thread.java:679) [:1.6.0_22] 2012-02-21 16:59:48,415 ERROR [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] (http--0.0.0.0-8080-1) Failed authenticating user: nathan to domain blinkmind.net. Ldap Query Type is getUserByName 2012-02-21 16:59:48,416 ERROR [org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-1) USER_FAILED_TO_AUTHENTICATE_NO_KDCS_FOUND : nathan 2012-02-21 16:59:48,416 WARN [org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-1) CanDoAction of action LoginAdminUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE_NO_KDCS_FOUND Hey, This error usually happens where there is no krb5.conf file, or there is one, but your domain isn't in that. The krb5.conf file should be located in $JBOSS_HOME/standalone/configuration directory. How did you configure the new domain? Using engine-manage-domains utility? Attaching the full server log and the krb5.conf file may help understand the problem. We query for LDAP SRV records in the engine. In the utility we also query for kerberos SRV records, and update the krb5.conf file accordingly. Then, the kerberos authentication uses the host updated in the krb5.conf file to perform the authentication. Oved ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] LDAP
Hey, More information on the domain infrastructure we have can be found in: http://www.ovirt.org/wiki/DomainInfrastructure (I might update it more soon, but it can give you a basic view of how the domain management in oVirt is working, and what do you need to update in order to support a new ldap provider). Oved - Original Message - From: Itamar Heim ih...@redhat.com To: Nathan Stratton nat...@robotics.net Cc: users@ovirt.org Sent: Sunday, February 19, 2012 11:14:24 PM Subject: Re: [Users] LDAP On 02/19/2012 11:11 PM, Nathan Stratton wrote: On Sun, 19 Feb 2012, Itamar Heim wrote: the current code supports AD, freeIPA/IPA and 389ds/RHDS. if apache directory server is similar to any of them, you could try hacking the code to add support for it. Ok, will go with 389 for now, its in the family, tho Gluster is in the family and you don't support it as a storage file system... : ) please remember you need 389ds with kerberos support. gluster is in the works... see: http://www.ovirt.org/wiki/AddingGlusterSupportToOvirt Just kidding, you guys are great, keep up the good work. Nathan Stratton CTO, BlinkMind, Inc. nathan at robotics.net nathan at blinkmind.com http://www.robotics.net http://www.blinkmind.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Autorecovery feature plan for review
Some comments: 1. I think the amount of time between tests should be configurable. 2. I guess some of the actions done by the autorecovery process should be monitored, so take a look at http://www.ovirt.org/wiki/Features/TaskManagerDetailed#Job_for_System_Monitors; in order to monitor this action. Oved - Original Message - From: Laszlo Hornyak lhorn...@redhat.com To: engine-devel engine-de...@ovirt.org, users@ovirt.org Sent: Monday, February 13, 2012 12:32:34 PM Subject: [Users] Autorecovery feature plan for review Hi, Please review the plan document for autorecovery. http://www.ovirt.org/wiki/Features/Autorecovery Thank you, Laszlo ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
