Re: [ovirt-users] connecting to windows 10 vm with tdp

2016-04-18 Thread Yair Zaslavsky
Maybe this can help 

http://www.ovirt.org/documentation/internal/guest-agent/understanding-guest-agents-and-other-tools/
 


- Original Message -

From: "Yair Zaslavsky" <yzaslav...@aconex.com> 
To: "Zeev Mindali" <ze...@chippc.com> 
Cc: users@ovirt.org 
Sent: Monday, 18 April, 2016 4:42:17 PM 
Subject: Re: [ovirt-users] connecting to windows 10 vm with tdp 

Out of curiosity, did you try to use spice? 
I assume your VM is running windows OS, based on the mentioning of RDP? 



- Original Message -

From: "Zeev Mindali" <ze...@chippc.com> 
To: users@ovirt.org 
Sent: Monday, 18 April, 2016 3:54:28 PM 
Subject: [ovirt-users] connecting to windows 10 vm with tdp 



Dear all, 



I have ovirt 3.6 on centos 7.2. 

I would like to connect with rdp to my vm , but I didn't found how I can enable 
this option, it's allways in gray 

Thanks for the help 









Zeev Mindali 
Windows & Mobile Developer 
Chip PC, 5 Nahum Hat St. 
Haifa 
Israel 3508504 

Tel +972-4-8501121 
Fax +972-4-8501088 
Cell +972-52-4043142 
Email ze...@chippc.com 
Web www.chippc.com 



___ 
Users mailing list 
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users 


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] connecting to windows 10 vm with tdp

2016-04-18 Thread Yair Zaslavsky
Out of curiosity, did you try to use spice? 
I assume your VM is running windows OS, based on the mentioning of RDP? 



- Original Message -

From: "Zeev Mindali"  
To: users@ovirt.org 
Sent: Monday, 18 April, 2016 3:54:28 PM 
Subject: [ovirt-users] connecting to windows 10 vm with tdp 



Dear all, 



I have ovirt 3.6 on centos 7.2. 

I would like to connect with rdp to my vm , but I didn't found how I can enable 
this option, it's allways in gray 

Thanks for the help 









Zeev Mindali 
Windows & Mobile Developer 
Chip PC, 5 Nahum Hat St. 
Haifa 
Israel 3508504 

Tel +972-4-8501121 
Fax +972-4-8501088 
Cell +972-52-4043142 
Email ze...@chippc.com 
Web www.chippc.com 



___ 
Users mailing list 
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Educational use case question

2016-04-14 Thread Yair Zaslavsky


- Original Message -

From: "Alex Crow"  
To: users@ovirt.org 
Sent: Thursday, 14 April, 2016 3:15:44 PM 
Subject: Re: [ovirt-users] Educational use case question 

This certainly works. Console can be reached via a browser plugin or 
Virt-Viewer (available for Windows). Self-hosted engine is the way to 
go, and is production-ready, especially if you want to add more nodes later. 

On 14/04/16 03:33, Michael Hall wrote: 
> Yes but what about the student sitting on the Windows machine in the 
> lab who wants to install and interact with her VM via it's GUI ... 
> like is possible in Virtual Machine Manager on RHEL/CentOS 7 ... 
> except she'd be doing it remotely via an in-browser console ... like 
> Digital Ocean do for example. 

I dont think digital ocean is the correct analogy. 
As a digital ocean user, I have console in which I can create vms, right? But 
who installed the virtualization software for that? 
If you're thinking of a digital ocean, the analogy should be a provider that 
exposes ovirt web admin/user portal as management console to its customers. 

> 

-- 
This message is intended only for the addressee and may contain 
confidential information. Unless you are that person, you may not 
disclose its contents or use it in any way and are requested to delete 
the message along with any attachments and notify us immediately. 
This email is not intended to, nor should it be taken to, constitute advice. 
The information provided is correct to our knowledge & belief and must not 
be used as a substitute for obtaining tax, regulatory, investment, legal or 
any other appropriate advice. 

"Transact" is operated by Integrated Financial Arrangements Ltd. 
29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300. 
(Registered office: as above; Registered in England and Wales under 
number: 3727592). Authorised and regulated by the Financial Conduct 
Authority (entered on the Financial Services Register; no. 190856). 
___ 
Users mailing list 
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Educational use case question

2016-04-13 Thread Yair Zaslavsky
Be advised that after installation is done, you can manage VMs using the ovirt 
webadmin. 


- Original Message -

From: "Michael Hall"  
To: users@ovirt.org 
Sent: Thursday, 14 April, 2016 12:19:28 PM 
Subject: Re: [ovirt-users] Educational use case question 

Thanks Julian, I'm in Mildura in VIC. 

I was hoping for a "pure" web-based client console solution, not something like 
the VMware desktop client. 


Anyway, I'm not going to get too hung up on this. Even if we go VMware because 
it "just works" and everyone's happy with it, we'll still do plenty of 
CentOS/Fedora. 

There is also a case to be made that our students are much more likely to 
encounter VMware in a corporate environment that KVM. And Windows. And iPads. 
Yawn. 

Thanks 

On Thu, Apr 14, 2016 at 11:22 AM, Julian De Marchi < jul...@jdcomputers.com.au 
> wrote: 


Hey Michael, 

> I am teaching IT subjects in TAFE (a kind of post-secondary technical 
> college) in Australia. 

Great news for this tech to be in tafe. I remember my time at Logan tafe got me 
into linux. 




We are currently looking for a virtualisation platform that will allow 
students to install and manage VMs via web interface. 

VMware is being proposed but I am trying to get KVM and the RedHat 
ecosystem in the lab as much as possible. 

I have reasonable experience with running virt manager on CentOS 7, but 
oVirt is new. I have it installed and running OK but am not sure how to 
proceed with configuration. 

I basically want to run a single physical server which will be the KVM 
host, the ISO and data store, and the home of oVirt engine ... in other 
words a complete oVirt-managed KVM virtualisation platform running on one 
physical machine (32GB RAM). It will only ever need to run a handful of VMs 
with little or no real data or load. Is this possible/feasible? 

If possible/feasible, where should oVirt engine go ... on the host itself, 
or into a VM guest? 



If it was me, I would do the engine install on the metal host itself. Will be a 
lot easier for you, as long as you _know_ you will not be adding more metal 
nodes to the oVirt setup. 

I would also be looking into the "VM Pool" feature for your student. This will 
give you a pool of VMs which after use can be reset to a default configuration. 



The web interface is what is making oVirt an attractive option at this 
stage, as students will be working from Windows clients on a corporate 
network. Do VM GUI display well in the browser? 



I have no experience using oVirt from Windows, but if there is a splice client 
available I see no reason why it shouldn't work. 

If you're local to QLD, I am more then happy to help in person. 

--julian 

___ 
Users mailing list 
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users 





___ 
Users mailing list 
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users 


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Educational use case question

2016-04-13 Thread Yair Zaslavsky
As far as I remember, oVirt does come with an all in one configuration , but 
looks like it was deprecated at 3.6, So can you try out the self hosted engine? 

https://www.ovirt.org/develop/release-management/features/engine/self-hosted-engine/
 



- Original Message -

From: "Michael Hall"  
To: users@ovirt.org 
Sent: Thursday, 14 April, 2016 11:10:03 AM 
Subject: [ovirt-users] Educational use case question 

Hi 

I am teaching IT subjects in TAFE (a kind of post-secondary technical college) 
in Australia. 

We are currently looking for a virtualisation platform that will allow students 
to install and manage VMs via web interface. 

VMware is being proposed but I am trying to get KVM and the RedHat ecosystem in 
the lab as much as possible. 

I have reasonable experience with running virt manager on CentOS 7, but oVirt 
is new. I have it installed and running OK but am not sure how to proceed with 
configuration. 

I basically want to run a single physical server which will be the KVM host, 
the ISO and data store, and the home of oVirt engine ... in other words a 
complete oVirt-managed KVM virtualisation platform running on one physical 
machine (32GB RAM). It will only ever need to run a handful of VMs with little 
or no real data or load. Is this possible/feasible? 

If possible/feasible, where should oVirt engine go ... on the host itself, or 
into a VM guest? 

The web interface is what is making oVirt an attractive option at this stage, 
as students will be working from Windows clients on a corporate network. Do VM 
GUI display well in the browser? 

Thanks for any advice 

Mike Hall 

___ 
Users mailing list 
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] delete hang task

2016-02-18 Thread Yair Zaslavsky
When I worked on Ovirt (a year ago) there was a tool that did it, please look 
for some cleaner tool or something like that. 
In addition, last itme I touched the code I was strongly against such a 
solution, are you sure that the task is not running on VDSM side? 


CC'ing some relevant people. 


- Original Message -

From: "Nathanaël Blanchet"  
To: users@ovirt.org 
Sent: Friday, February 19, 2016 12:51:06 AM 
Subject: Re: [ovirt-users] delete hang task 

Hello, 

I met the same issue, so I worked a little bit for you :) 
On the engine : 

* QUERY : -q 

PGPASSWORD=X /usr/share/ovirt-engine/setup/dbutils/unlock_entity.sh -q -t 
snapshot -u engine 
296c010e-3c1d-4008-84b3-5cd39cff6aa1 | 525a4dda-dbbb-4872-a5f1-8ac2aed48392 

* REMOVE 

PGPASSWORD=X /usr/share/ovirt-engine/setup/dbutils/unlock_entity.sh -t 
snapshot -u engine 525a4dda-dbbb-4872-a5f1-8ac2aed48392 

Ref : 
http://lists.ovirt.org/pipermail/users/2015-November/035686.html 


Le 18/02/2016 14:25, p...@email.cz a écrit : 


Hello, 
I'm testing oVirt 3.6 for failover and have total issue. 
Snapshot VM will hang on ZFS filesystem. 
But the main questionis is : how can I cancel any unfinished tasks in ovirt ??? 
I didn't find any "normal" solution, except deleting record from ovirt DB 
manually 

any idea ? - no one is missing this functionality ??? 
regs. 
Pa. 


___
Users mailing list Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users 



-- 
Nathanaël Blanchet

Supervision réseau
Pôle Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5   
Tél. 33 (0)4 67 54 84 55
Fax  33 (0)4 67 54 84 14 blanc...@abes.fr 

___ 
Users mailing list 
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] ovirt live + user/groups/roles management

2015-12-15 Thread Yair Zaslavsky


- Original Message -

From: "Sandro Bonazzola" <sbona...@redhat.com> 
To: "Yair Zaslavsky" <yzaslav...@aconex.com> 
Cc: "Doron Fediuck" <dfedi...@redhat.com>, "users" <users@ovirt.org>, "Yaniv 
Kaul" <yk...@redhat.com>, "Lev Veyde" <lve...@redhat.com> 
Sent: Wednesday, December 16, 2015 1:48:54 AM 
Subject: Re: [ovirt-users] ovirt live + user/groups/roles management 



On Tue, Dec 15, 2015 at 12:36 AM, Yair Zaslavsky < yzaslav...@aconex.com > 
wrote: 






From: "Doron Fediuck" < dfedi...@redhat.com > 
To: "Yair Zaslavsky" < yzaslav...@aconex.com > 
Cc: "users" < users@ovirt.org >, "Yaniv Kaul" < yk...@redhat.com >, "Lev Veyde" 
< lve...@redhat.com >, "Sandro Bonazzola" < sbona...@redhat.com > 
Sent: Tuesday, December 15, 2015 10:16:27 AM 
Subject: Re: [ovirt-users] ovirt live + user/groups/roles management 




On Dec 11, 2015 03:39, "Yair Zaslavsky" < yzaslav...@aconex.com > wrote: 
> 
> Hi all, 
Hello Yair. 

> I am interested in installing oVirt live , I am currently not interested to 
> spawn actual VMs, but rather interested to check roles/groups/users 
> management : 
> 
> a. Is there a built in JDBC support for users/groups management, or do I need 
> to configure freeIPA/openLdap as my external provider? 
> 
oVirt live is running in memory as a live CD. Anything you do will be gone once 
the machine power off. So you may want to decide if this is right for you. To 
the point there's a new AAA framework which allows you to use jdbc extension: 
http://www.ovirt.org/Features/AAA 

> b. If I do not wish to run VMs at the moment, do I need to have nested 
> virtualization configured? 
No. This is running in memory but not in a VM. 






I figured that much by now, i wanted to refresh my memory how the 
users/roles/groups thing works 

I am perfectly well with the fact everything will be wiped out when i turn the 
machine off. This means that if I want to configure AAA, i should do that every 
time i start the machine (of course create my own live cd ). 

The installation of ovirt live looks nice, good job on that, however I did 
encounter an error at installation , I am attaching logs 

I tried to install it on a VM that i created with VirtualBox 










looks like the engine wasn't yet ready when the host-deploy part started trying 
to connect to it. 


Is this a known issue or would you like me to a file a bug? 

In addition, are new RFEs accepted to ovirt-live? after the installation and 
thoughts about AAA I have some ideas. 













> 
> 
> Cheers, 
> Yair Zaslavsky 
> Senior SW Engineer, Aconex 
> 
> 
> ___ 
> Users mailing list 
> Users@ovirt.org 
> http://lists.ovirt.org/mailman/listinfo/users 
> 







-- 
Sandro Bonazzola 
Better technology. Faster innovation. Powered by community collaboration. 
See how it works at redhat.com 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[ovirt-users] ovirt live + user/groups/roles management

2015-12-10 Thread Yair Zaslavsky
Hi all, 
I am interested in installing oVirt live , I am currently not interested to 
spawn actual VMs, but rather interested to check roles/groups/users management 
: 

a. Is there a built in JDBC support for users/groups management, or do I need 
to configure freeIPA/openLdap as my external provider? 

b. If I do not wish to run VMs at the moment, do I need to have nested 
virtualization configured? 


Cheers, 
Yair Zaslavsky 
Senior SW Engineer, Aconex 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Ovirt Engine Clear All tasks

2015-01-06 Thread Yair Zaslavsky


- Original Message -
 From: Donny Davis do...@cloudspin.me
 To: users users@ovirt.org
 Sent: Saturday, January 3, 2015 12:00:43 AM
 Subject: [ovirt-users] Ovirt Engine Clear All tasks
 
 I tried to migrate disks from one storage domain to another, and it is
 taking an unreasonable amount of time to complete. The disks have been
 migrating for 6 hours, and is bringing my system to it's knees.
 
 I have used the taskcleaner utility when the engine was stopped, and
 when I start the engine, it starts trying to migrate the disks again.
 
 How can I fix this

I wonder if the command_entities table in the DB included any entries.
In addition, I wonder what was the status of tasks at SPM at that time.

 
 Thanks
 
 --
 Donny Davis
 CloudSpin.me
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] templates and freeipa

2015-01-06 Thread Yair Zaslavsky


- Original Message -
 From: Jim Kinney jim.kin...@gmail.com
 To: users@ovirt.org
 Sent: Friday, October 31, 2014 8:55:46 PM
 Subject: [ovirt-users] templates and freeipa
 
 Ovirt 3.5 is running well for me and I have freeIPA controlling access to
 the user portal. I would like to provide templates of various linux setups
 that all have freeipa for user authentication in the VM for my developers
 to be able to create a new VM from and then log in using their freeIPA
 access and sudo control. I'm wanting to group developers by project and use
 freeIPA to set sudo commands as needed (group A get oracle, group B get
 postgresql, etc). Wanting to maximize developer ability while minimizing my
 clean up time :-) They will be able to delete VMs they create.
 
 It's possible to do a kickstart deploy with freeIPA registration but a
 template from that will be a problem as it will have the same keys for all
 VMs.
 
 Is there a post-creation scripting process I can attach to in ovirt or
 should I look at a default root user  and script that personalizes the new
 VM?

טYou mean something like the vdsm hooks?
Bare in mind that the create verb in VDSM is more about running a VM. the 
creation of its metadata is done at engine.

 
 --
 --
 James P. Kinney III
 
 Every time you stop a school, you will have to build a jail. What you gain
 at one end you lose at the other. It's like feeding a dog on his own tail.
 It won't fatten the dog.
 - Speech 11/23/1900 Mark Twain
 
 
 *http://heretothereideas.blogspot.com/
 http://heretothereideas.blogspot.com/*
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Debug Environment for RHEVM

2015-01-06 Thread Yair Zaslavsky


- Original Message -
 From: Vered Volansky ve...@redhat.com
 To: Chao Xie xiec.f...@cn.fujitsu.com
 Cc: users@ovirt.org
 Sent: Monday, December 22, 2014 8:26:56 AM
 Subject: Re: [ovirt-users] Debug Environment for RHEVM
 
 Hi,
 
 It's not that you can't debug RHEV at all, it's just that the instructions in
 the link you cited is will not work as is.
 The packaging, hierarchy and even file names are different.
 
 Regards,
 Vered

It is possible to open the remote debug port for RHEV-M.
The (not so ) tricky part will be to get the exact code-base as of the version 
(i.e - find the proper git tag).
In addition, are you sure you want to debug RHEVM and not oVirt?

Cheers,
Yair

 
 - Original Message -
  From: Chao Xie xiec.f...@cn.fujitsu.com
  To: users@ovirt.org
  Sent: Monday, December 22, 2014 3:55:13 AM
  Subject: [ovirt-users] Debug Environment for RHEVM
  
  
  
  HI,
  
  
  
  I found there is a debug environment for oVirt:
  http://wiki.ovirt.org/OVirt_Engine_Development_Environment
  
  Is it also useful for RHEVM source code?
  
  
  
  Best Regards,
  
  Xie
  
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
  
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] How can I add usernames in ovirt? i.e., is admin account

2015-01-05 Thread Yair Zaslavsky


- Original Message -
 From: Sandvik Agustin agustinsand...@gmail.com
 To: users@ovirt.org
 Sent: Monday, January 5, 2015 8:47:30 PM
 Subject: Re: [ovirt-users] How can I add usernames in ovirt? i.e.,is 
 admin account
 
 Hi,
 
 
 Thanks guys for the quick reply and I really appreciate it, I'll look upon
 your suggestions right now. By the way, I forgot to mention that I'm
 using oVirt
 Engine Version: 3.5.0.1-1.el6. Thanks Again, I'll update you guys about my
 progress.

That should work (i.e - as long as you use version 3.5.x, we had the ability to 
add users at the past as well, but it would be better to use the path Alon 
suggested).
Regarding FreeIPA - depends on the amount of machines you have to spare, it is 
possible to set the FreeIPA server on a different machine (i.e, not have engine 
and FreeIPA co-hosted).
But as suggested before , 389ds works just fine.

Cheers,
Yair

 
 Thanks Again.
 
 On Tue, Jan 6, 2015 at 2:39 AM, Donny Davis do...@cloudspin.me wrote:
 
  Ensure you don't try to install freeipa to the manager machine, there will
  be conflicts.
 
  389ds works and is really easy to setup
 
  Regards
  DonnyOn Jan 5, 2015 11:36 AM, Donny Davis do...@cloudspin.me wrote:
  
   I did a write up on AAA LDAP.
  
   https://cloudspin.me/ovirt-simple-ldap-aaa/
  
   Hope its helpful
  
   DonnyOn Jan 5, 2015 11:26 AM, Alon Bar-Lev alo...@redhat.com wrote:
   
Hello,
   
For now you need to use somekind of LDAP with
  ovirt-engine-extension-ldap[1][2] package.
In future we will support database based repository.
   
Until someone from infra will have the time to publish the latest
  version of the package, please download it directly from here[3], please
  note that until engine-3.5.1 is out you will need to specify full path in
  config.profile.file.1 variable at authn and authz extension configuration.
   
Regards,
Alon
   
[1]
  http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD
[2] http://www.ovirt.org/Features/AAA
[3]
  http://jenkins.ovirt.org/job/ovirt-engine-extension-aaa-ldap_any_create-rpms_manual/6/
   
- Original Message -
 From: Sandvik Agustin agustinsand...@gmail.com
 To: users@ovirt.org
 Sent: Monday, January 5, 2015 8:14:27 PM
 Subject: [ovirt-users] How can I add usernames in ovirt? i.e., is
  admin account

 Hi guys,

 Good day, I just want to know if how can I add usernames in ovirt?
  i.e., is
 admin account is already exist and I want to create another account
  i.e.,
 users or clients account.


 TIA

 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
   ___
   Users mailing list
   Users@ovirt.org
   http://lists.ovirt.org/mailman/listinfo/users
 
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Adding domain to oVirt to 3.5 issue

2014-12-05 Thread Yair Zaslavsky
We will also need log of the generic ldap extensin, can you please provide it?

Thanks!


- Original Message -
 From: Juan Jose jj197...@gmail.com
 To: Alon Bar-Lev alo...@redhat.com
 Cc: Ondra Machacek omach...@redhat.com, Yair Zaslavsky 
 yzasl...@redhat.com, users@ovirt.org
 Sent: Friday, December 5, 2014 1:10:06 PM
 Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
 
 Hello Alon,
 
 I have deleted Legacy domain with engine-manage-domain, and I have changed
 configuration to absolute file name as you can see:
 
 /etc/ovirt-engine/extensions.d/siee-local-authn.properties:
 
 ovirt.engine.extension.name = siee-local-authn
 ovirt.engine.extension.bindings.method = jbossmodule
 ovirt.engine.extension.binding.jbossmodule.module =
 org.ovirt.engine-extensions.aaa.ldap
 ovirt.engine.extension.binding.jbossmodule.class =
 org.ovirt.engineextensions.aaa.ldap.AuthnExtension
 ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
 ovirt.engine.aaa.authn.profile.name = siee
 ovirt.engine.aaa.authn.authz.plugin = siee-local-authz
 config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties
 
 /etc/ovirt-engine/extensions.d/siee-local-authz.properties:
 
 ovirt.engine.extension.name = siee-local-authz
 ovirt.engine.extension.bindings.method = jbossmodule
 ovirt.engine.extension.binding.jbossmodule.module =
 org.ovirt.engine-extensions.aaa.ldap
 ovirt.engine.extension.binding.jbossmodule.class =
 org.ovirt.engineextensions.aaa.ldap.AuthzExtension
 ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
 config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties
 
 I had configured relative file name because the example
 /usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/extensions.d/domain1-authz.properties
 has a relative file name.
 
 I have done the same: delete engine.log, restart ovirt-engine and try log
 in and the same error is showed, General command validation failure.
 
 Attach engine.log file.
 
 Thanks,
 
 Juanjo.
 
 
 On Fri, Dec 5, 2014 at 9:52 AM, Alon Bar-Lev alo...@redhat.com wrote:
 
 
  Hi!
 
  You have the following errors:
 
  2014-12-05 09:32:31,778 INFO
  [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
  thread 1-5) Loading extension 'siee-local-authn'
  2014-12-05 09:32:31,819 ERROR
  [org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager] (MSC
  service thread 1-5) Could not load extension based on configuration file
  '/etc/ovirt-engine/extensions.d/siee-local-authn.properties'. Please check
  the configuration file is valid. Exception message is: Error loading
  extension 'siee-local-authn': /aaa/siee.properties (No such file or
  directory)
  2014-12-05 09:32:31,823 INFO
  [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
  thread 1-5) Loading extension 'siee-local-authz'
  2014-12-05 09:32:31,824 ERROR
  [org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager] (MSC
  service thread 1-5) Could not load extension based on configuration file
  '/etc/ovirt-engine/extensions.d/siee-local-authz.properties'. Please check
  the configuration file is valid. Exception message is: Error loading
  extension 'siee-local-authz': /aaa/siee.properties (No such file or
  directory)
 
  Per my last message, you should provide absolute file names if you use
  3.5.0.
  Please see inline comments bellow.
 
  Also, you are trying to authenticate with the legacy provider:
 
  2014-12-05 09:33:04,871 ERROR
  [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
  (ajp--127.0.0.1-8702-5) Failed ldap search server
  ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to
  Authentication Failed. Please verify the username and password.. We should
  not try the next server
 
  Can you please use engine-manage-domains to remove the legacy (old)
  domain, so we reduce confusion?
 
  Thanks!
 
  - Original Message -
   From: Juan Jose jj197...@gmail.com
   To: Alon Bar-Lev alo...@redhat.com
   Cc: Ondra Machacek omach...@redhat.com, Yair Zaslavsky 
  yzasl...@redhat.com, users@ovirt.org
   Sent: Friday, December 5, 2014 10:43:01 AM
   Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
  
   Hello Alon,
  
   I have done what you have said. My new configuration files are:
  
   /etc/ovirt-engine/extensions.d/siee-local-authn.properties:
  
   ovirt.engine.extension.name = siee-local-authn
   ovirt.engine.extension.bindings.method = jbossmodule
   ovirt.engine.extension.binding.jbossmodule.module =
   org.ovirt.engine-extensions.aaa.ldap
   ovirt.engine.extension.binding.jbossmodule.class =
   org.ovirt.engineextensions.aaa.ldap.AuthnExtension
   ovirt.engine.extension.provides =
  org.ovirt.engine.api.extensions.aaa.Authn
   ovirt.engine.aaa.authn.profile.name = siee
   ovirt.engine.aaa.authn.authz.plugin = siee-local-authz
   config.profile.file.1 = aaa/siee.properties
 
  should be: /etc/ovirt-engine

Re: [ovirt-users] Adding domain to oVirt to 3.5 issue

2014-11-26 Thread Yair Zaslavsky


- Original Message -
 From: Juan Jose jj197...@gmail.com
 To: Yair Zaslavsky yzasl...@redhat.com, Ondra Machacek 
 omach...@redhat.com, alo...@redhat.com,
 users@ovirt.org
 Sent: Wednesday, November 26, 2014 1:01:37 PM
 Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
 
 Hello everybody,
 
 I will try to configure ovirt-engine-extension-aaa-ldap package as Alon
 says.

+1 please do.

 
 By other side, I have executed the command kinit and the response is:
 
 kinit: Client not found in Kerberos database while getting initial
 credentials

I am sure you did tht, but just to be on the safe side - did u perform kinit 
principal@REALM?

 
 My /etc/krb5.conf files is (adserver.siee.local is my AD server based in
 Samba 4), I have modified this file to exchange EXAMPLE.COM by siee.local
 and adserver.siee.local:
 
 /etc/krb5.conf:
 [logging]
  default = FILE:/var/log/krb5libs.log
  kdc = FILE:/var/log/krb5kdc.log
  admin_server = FILE:/var/log/kadmind.log
 
 [libdefaults]
  default_realm = SIEE.LOCAL
  dns_lookup_realm = false
  dns_lookup_kdc = false
  ticket_lifetime = 24h
  renew_lifetime = 7d
  forwardable = true
 
 [realms]
  SIEE.LOCAL = {
   kdc = adserver.siee.local
   admin_server = adserver.siee.local
  }
 
 [domain_realm]
  .siee.local = SIEE.LOCAL
  siee.local = SIEE.LOCAL
 
 
 My /etc/ovirt-engine/krb5.conf:
 
 [libdefaults]
 
 default_realm = SIEE.LOCAL
 dns_lookup_realm = true
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = no
 default_tkt_enctypes = arcfour-hmac-md5
 udp_preference_limit = 1
 
 #realms
 
 #domain_realm
 
 This last file is the same that I had before my upgrade to oVirt 3.5.
 
 Many thanks again,
 
 Juanjo.
 
 
 On Wed, Nov 26, 2014 at 5:37 AM, Yair Zaslavsky yzasl...@redhat.com wrote:
 
 
 
  - Original Message -
   From: Juan Jose jj197...@gmail.com
   To: Ondra Machacek omach...@redhat.com, Yair Zaslavsky 
  yzasl...@redhat.com, alo...@redhat.com,
   users@ovirt.org
   Sent: Tuesday, November 25, 2014 6:09:18 PM
   Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
  
   Hello again,
  
   Yes the password is correct, I can login in a Windows machine to my
  domain
   siee.local with the user Juanjo. Moreover I have chanbged this user
   password to simpler one and the result is the same.
  
   I have logged in administration portal with internal admin user and I try
   to navigate through the domain to find user to assign some user in a VM
  but
   nothing is showed as you can see in the attached screen  image and any
   error is faced in administration portal, but the
   /var/log/ovirt-engine/engine.log show this:
  
   2014-11-25 17:02:05,355 ERROR
  
  [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
   (ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information
  was
   invalid (24)
   2014-11-25 17:02:05,356 ERROR
  
  [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
   (ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username
   and password.
   2014-11-25 17:02:05,357 ERROR
   [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
   (ajp--127.0.0.1-8702-5) Failed ldap search server
   ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to
   Authentication Failed. Please verify the username and password.. We
  should
   not try the next server
   2014-11-25 17:02:05,359 ERROR
  
  [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
   (ajp--127.0.0.1-8702-5) Failed to run command
  LdapSearchUserByQueryCommand.
   Domain is siee.local. User is juanjo@SIEE.LOCAL.
   2014-11-25 17:02:05,402 ERROR
  
  [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
   (ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information
  was
   invalid (24)
   2014-11-25 17:02:05,404 ERROR
  
  [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
   (ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username
   and password.
   2014-11-25 17:02:05,406 ERROR
   [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
   (ajp--127.0.0.1-8702-5) Failed ldap search server
   ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to
   Authentication Failed. Please verify the username and password.. We
  should
   not try the next server
   2014-11-25 17:02:05,408 ERROR
  
  [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
   (ajp--127.0.0.1-8702-5) Failed to run command
   LdapSearchGroupsByQueryCommand. Domain is siee.local. User is
   juanjo@SIEE.LOCAL.
  
   every time I click Go button. Moreover I haven't changed anything from
  my
   Samba4 AD and it is working handling my siee.local domain. This error is
   showed since oVirt 3.5 upgrade.
  
   Many thanks in advance,
  
   Juanjo

Re: [ovirt-users] Adding domain to oVirt to 3.5 issue

2014-11-25 Thread Yair Zaslavsky


- Original Message -
 From: Juan Jose jj197...@gmail.com
 To: Ondra Machacek omach...@redhat.com, Yair Zaslavsky 
 yzasl...@redhat.com, alo...@redhat.com,
 users@ovirt.org
 Sent: Tuesday, November 25, 2014 6:09:18 PM
 Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
 
 Hello again,
 
 Yes the password is correct, I can login in a Windows machine to my domain
 siee.local with the user Juanjo. Moreover I have chanbged this user
 password to simpler one and the result is the same.
 
 I have logged in administration portal with internal admin user and I try
 to navigate through the domain to find user to assign some user in a VM but
 nothing is showed as you can see in the attached screen  image and any
 error is faced in administration portal, but the
 /var/log/ovirt-engine/engine.log show this:
 
 2014-11-25 17:02:05,355 ERROR
 [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
 (ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was
 invalid (24)
 2014-11-25 17:02:05,356 ERROR
 [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
 (ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username
 and password.
 2014-11-25 17:02:05,357 ERROR
 [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
 (ajp--127.0.0.1-8702-5) Failed ldap search server
 ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to
 Authentication Failed. Please verify the username and password.. We should
 not try the next server
 2014-11-25 17:02:05,359 ERROR
 [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
 (ajp--127.0.0.1-8702-5) Failed to run command LdapSearchUserByQueryCommand.
 Domain is siee.local. User is juanjo@SIEE.LOCAL.
 2014-11-25 17:02:05,402 ERROR
 [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
 (ajp--127.0.0.1-8702-5) Kerberos error: Pre-authentication information was
 invalid (24)
 2014-11-25 17:02:05,404 ERROR
 [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy]
 (ajp--127.0.0.1-8702-5) Authentication Failed. Please verify the username
 and password.
 2014-11-25 17:02:05,406 ERROR
 [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
 (ajp--127.0.0.1-8702-5) Failed ldap search server
 ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to
 Authentication Failed. Please verify the username and password.. We should
 not try the next server
 2014-11-25 17:02:05,408 ERROR
 [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase]
 (ajp--127.0.0.1-8702-5) Failed to run command
 LdapSearchGroupsByQueryCommand. Domain is siee.local. User is
 juanjo@SIEE.LOCAL.
 
 every time I click Go button. Moreover I haven't changed anything from my
 Samba4 AD and it is working handling my siee.local domain. This error is
 showed since oVirt 3.5 upgrade.
 
 Many thanks in advance,
 
 Juanjo.

As Alon suggested, you can try the next provider for 3.5
However, until you do so, can you use kinit in order to perform kerberos 
authentication with the problematic user?

Cheers,
Yair

 
 
 
 On Tue, Nov 25, 2014 at 2:29 PM, Ondra Machacek omach...@redhat.com wrote:
 
  Also, can you please try to search within this domain,
  not only login to it? Does it fail or works good?
 
  (in webadmin go to users tab and click add,
   select your domain and search for users).
 
  - Original Message -
   From: Alon Bar-Lev alo...@redhat.com
   To: Juan Jose jj197...@gmail.com
   Cc: Ondra Machacek omach...@redhat.com, Yair Zaslavsky 
  yzasl...@redhat.com, users@ovirt.org
   Sent: Tuesday, November 25, 2014 1:49:20 PM
   Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
  
   2014-11-25 12:54:10,687 ERROR
   [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
   (ajp--127.0.0.1-8702-5) Failed ldap search server
   ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to
   Authentication Failed. Please verify the username and password.. We
  should
   not try the next server
  
  
   - Original Message -
From: Juan Jose jj197...@gmail.com
To: Ondra Machacek omach...@redhat.com, alo...@redhat.com, Yair
Zaslavsky yzasl...@redhat.com,
users@ovirt.org
Sent: Tuesday, November 25, 2014 2:29:26 PM
Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
   
Hello Ondra and everybody,
   
It works with my other user:
   
engine-manage-domains add --domain=siee.local --provider=ad
  --user=juanjo
--add-permissions
Enter password:
Successfully added domain siee.local. oVirt Engine restart is required
  in
order for the changes to take place (service ovirt-engine restart).
Manage Domains completed successfully
   
But after restarted ovirt-engine if I try to loging with juanjo in
  the
administrator portal and I

Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

2014-11-22 Thread Yair Zaslavsky


- Original Message -
 From: Ondra Machacek omach...@redhat.com
 To: Yair Zaslavsky yzasl...@redhat.com
 Cc: cameron christensen cameron.christen...@uk2group.com, Alon Bar-Lev 
 alo...@redhat.com, users@ovirt.org
 Sent: Thursday, November 20, 2014 6:09:53 PM
 Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA
 
 Hi,
 
 just tried it too.
 I was not successfull to reproduce, but the problem is that
 the domain part of LDAPSecurityAuthentication is uppercase
 as Cameron wrote.
 
 In 3.4 it is OK when it's upper case - everything works OK,
 but in 3.5 it's not.
 
 I checked differences and something like this would be enough, Yair?
 
 diff --git
 a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java
 b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExte
 index f5ab28d..ccaf04a 100644
 ---
 a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java
 +++
 b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java
 @@ -240,7 +240,7 @@ public class EngineExtensionsManager extends
 ExtensionsManager {
  )
  );
  }
 -if (nameValue[0].equals(domain)) {
 +if (nameValue[0].equalsIgnoreCase(domain)) {
  result = nameValue[1];
  break;
  }
 
 
 Ondra

Looks fine, but please email me in private a testing environment where I can 
check that.

Thanks!

P.S:
Another option worth trying is simply remove and add the domain, but hey, if 
you're already in 3.5, and removed the domain, why not use he generic ldap 
provider?

 
 
 - Original Message -
  From: Alon Bar-Lev alonbl at redhat.com
  To: Cameron Christensen cameron.christensen at uk2group.com, Yair
  Zaslavsky yzaslavs at redhat.com
  Cc: users at ovirt.org
  Sent: Monday, November 17, 2014 11:48:15 PM
  Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
  IPA
  
  
  
  - Original Message -
   From: Cameron Christensen cameron.christensen at uk2group.com
   To: Alon Bar-Lev alonbl at redhat.com
   Cc: users at ovirt.org
   Sent: Monday, November 17, 2014 11:43:34 PM
   Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
   IPA
   
   
   
   On Mon, 2014-11-17 at 14:39 -0500, Alon Bar-Lev wrote:

- Original Message -
 From: Cameron Christensen cameron.christensen at uk2group.com
 To: users at ovirt.org
 Sent: Friday, November 14, 2014 5:39:54 PM
 Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
 IPA
 
 Hello,
 
 I upgraded to ovirt 3.5.0 and can no longer authenticate to IPA.
 Starting up ovrit-engine the extension manager fails to properly load
 the service that handles Kerberos/LDAP.

This is probably a bug, can you please execute the following and paste
result:

# PGPASSWORD=@PASSWORD@ psql -U engine -d engine -c select * from
vdc_options where option_name='LDAPSecurityAuthentication'

   
option_id |option_name |   option_value| version
   ---++---+-
  165 | LDAPSecurityAuthentication | example.org:GSSAPI | general
   
   I replaced my domain name with 'example.org'
   
  
  I thought it will be empty... and it contains valid value. Yair?
 
 No, this is fine actually.
 
  
  Any I truly suggest you try out the new provider... Much easier to resolve
  any issue, current and future, including easier to debug.
  
  Alon
  
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] LDAP

2014-11-20 Thread Yair Zaslavsky


- Original Message -
 From: Koen Vanoppen vanoppen.k...@gmail.com
 To: users@ovirt.org
 Sent: Thursday, November 20, 2014 10:51:06 AM
 Subject: [ovirt-users] LDAP
 
 Hello everybody,
 
 We updated our ovirt to 3.5, but now we see some errors concerning LDAP. I
 already searched oonline for a guide for the AAA config, but can't seem to
 find something...
 Does anybody already has a clear how-to for the AAA config?
 
 This is the error we get sometimes in our engine.log (we are still able to
 login with ldap btw):
 
 2014-11-20 06:42:06,539 ERROR
 [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher]
 (ajp--127.0.0.1-8702-32) Failed ldap search server
 ldap://***.brussels.airport:*** using user @BRUSSELS.AIRPORT due to :
 [LDAP: error code 34 - 208F: LdapErr: DSID-0C09074B, comment: Error
 processing name, data 0, v23f0]; nested exception is
 javax.naming.InvalidNameException: : [LDAP: error code 34 - 208F:
 LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0];
 remaining name ''. We should try the next server
 
 Kind regards,
 
 Koen

So i understand this is not 100% right?
Can you share more on the upgrade? Are you working with openldap? Have you 
upgraded anything else?

 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

2014-11-19 Thread Yair Zaslavsky


- Original Message -
 From: Alon Bar-Lev alo...@redhat.com
 To: Cameron Christensen cameron.christen...@uk2group.com, Yair 
 Zaslavsky yzasl...@redhat.com
 Cc: users@ovirt.org
 Sent: Monday, November 17, 2014 11:48:15 PM
 Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA
 
 
 
 - Original Message -
  From: Cameron Christensen cameron.christen...@uk2group.com
  To: Alon Bar-Lev alo...@redhat.com
  Cc: users@ovirt.org
  Sent: Monday, November 17, 2014 11:43:34 PM
  Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
  IPA
  
  
  
  On Mon, 2014-11-17 at 14:39 -0500, Alon Bar-Lev wrote:
   
   - Original Message -
From: Cameron Christensen cameron.christen...@uk2group.com
To: users@ovirt.org
Sent: Friday, November 14, 2014 5:39:54 PM
Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
IPA

Hello,

I upgraded to ovirt 3.5.0 and can no longer authenticate to IPA.
Starting up ovrit-engine the extension manager fails to properly load
the service that handles Kerberos/LDAP.
   
   This is probably a bug, can you please execute the following and paste
   result:
   
   # PGPASSWORD=@PASSWORD@ psql -U engine -d engine -c select * from
   vdc_options where option_name='LDAPSecurityAuthentication'
   
  
   option_id |option_name |   option_value| version
  ---++---+-
 165 | LDAPSecurityAuthentication | example.org:GSSAPI | general
  
  I replaced my domain name with 'example.org'
  
 
 I thought it will be empty... and it contains valid value. Yair?

No, this is fine actually.

 
 Any I truly suggest you try out the new provider... Much easier to resolve
 any issue, current and future, including easier to debug.
 
 Alon
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

2014-11-19 Thread Yair Zaslavsky


- Original Message -
 From: Cameron Christensen cameron.christen...@uk2group.com
 To: Alon Bar-Lev alo...@redhat.com
 Cc: Yair Zaslavsky yzasl...@redhat.com, users@ovirt.org
 Sent: Tuesday, November 18, 2014 6:21:18 PM
 Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA
 
 On Mon, 2014-11-17 at 16:48 -0500, Alon Bar-Lev wrote:
  
  - Original Message -
   From: Cameron Christensen cameron.christen...@uk2group.com
   To: Alon Bar-Lev alo...@redhat.com
   Cc: users@ovirt.org
   Sent: Monday, November 17, 2014 11:43:34 PM
   Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
   IPA
   
   
   
   On Mon, 2014-11-17 at 14:39 -0500, Alon Bar-Lev wrote:

- Original Message -
 From: Cameron Christensen cameron.christen...@uk2group.com
 To: users@ovirt.org
 Sent: Friday, November 14, 2014 5:39:54 PM
 Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
 IPA
 
 Hello,
 
 I upgraded to ovirt 3.5.0 and can no longer authenticate to IPA.
 Starting up ovrit-engine the extension manager fails to properly load
 the service that handles Kerberos/LDAP.

This is probably a bug, can you please execute the following and paste
result:

# PGPASSWORD=@PASSWORD@ psql -U engine -d engine -c select * from
vdc_options where option_name='LDAPSecurityAuthentication'

   
option_id |option_name |   option_value| version
   ---++---+-
  165 | LDAPSecurityAuthentication | example.org:GSSAPI | general
   
   I replaced my domain name with 'example.org'
   
  
  I thought it will be empty... and it contains valid value. Yair?
  
 Looking through the vdc_options table I noticed that many of the LDAP*
 and Ad* settings use two different spellings for the Kerberos/LDAP
 domain. One in all upper case letters, EXAMPLE.ORG and one in all lower
 case, example.org. (I'm guessing this is to handle either spelling of
 the domain?)
 
 I updated LDAPSecurityAuthentication and set the option_value to use
 both the upper case and lower case domain name,
 'EXAMPLE.ORG:GSSAPI,example.org:GSSAPI'.
 
 select * from vdc_options where option_name =
 'LDAPSecurityAuthentication';
  option_id |option_name |option_value
 | version
 ---++-+-
165 | LDAPSecurityAuthentication |
 EXAMPLE.ORG:GSSAPI,example.org:GSSAPI | general

Just so we can continue to investigate -
if u would like to get your ldap and kerberos SRV records , to which domain 
will you send them in your setup?

dig SRV _ldap._tcp.EXAMPLE.ORG

or

dig SRV _ldap._tcp.example.org?


same goes to

_kerberos._tcp.example.org and _kerberos._tcp.EXAMPLE.ORG

Cheers,
Yair

 
 Using both domain names I am able to authenticate, authorize and pull
 account information from the IPA server once again.
 
 Thanks for pointing me at the right location.
 
 Cameron
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] webhook

2014-11-08 Thread Yair Zaslavsky


- Original Message -
 From: Vojtech Szocs vsz...@redhat.com
 To: Yair Zaslavsky yzasl...@redhat.com
 Cc: Barak Azulay bazu...@redhat.com, Oved Ourfali ov...@redhat.com, 
 users@ovirt.org
 Sent: Friday, November 7, 2014 5:16:48 PM
 Subject: Re: [ovirt-users] webhook
 
 
 
 - Original Message -
  From: Yair Zaslavsky yzasl...@redhat.com
  To: Vojtech Szocs vsz...@redhat.com
  Cc: Barak Azulay bazu...@redhat.com, Oved Ourfali ov...@redhat.com,
  users@ovirt.org
  Sent: Thursday, November 6, 2014 2:59:53 PM
  Subject: Re: [ovirt-users] webhook
  
  
  
  - Original Message -
   From: Vojtech Szocs vsz...@redhat.com
   To: Barak Azulay bazu...@redhat.com
   Cc: Oved Ourfali ov...@redhat.com, users@ovirt.org
   Sent: Thursday, November 6, 2014 3:38:56 PM
   Subject: Re: [ovirt-users] webhook
   
   
   
   - Original Message -
From: Barak Azulay bazu...@redhat.com
To: Vojtech Szocs vsz...@redhat.com
Cc: Einav Cohen eco...@redhat.com, Oved Ourfali
ov...@redhat.com,
users@ovirt.org
Sent: Tuesday, November 4, 2014 5:15:35 PM
Subject: Re: [ovirt-users] webhook



- Original Message -
 From: Vojtech Szocs vsz...@redhat.com
 To: Einav Cohen eco...@redhat.com
 Cc: Oved Ourfali ov...@redhat.com, users@ovirt.org
 Sent: Tuesday, November 4, 2014 2:12:05 PM
 Subject: Re: [ovirt-users] webhook
 
 
 
 - Original Message -
  From: Einav Cohen eco...@redhat.com
  To: Vojtech Szocs vsz...@redhat.com
  Cc: Oved Ourfali ov...@redhat.com, users@ovirt.org
  Sent: Friday, October 31, 2014 8:01:34 PM
  Subject: Re: [ovirt-users] webhook
  
   - Original Message -
   From: Vojtech Szocs vsz...@redhat.com
   Sent: Friday, October 31, 2014 11:51:53 AM
   
   Hi,
   
   if I get this correctly, you'd like to be notified when certain
   event
   happens (VM created/deleted/etc.) and react upon that. I see
   multiple
   possible approaches here:
   
   0, improve Engine extension API (refer to Alon Bar-Lev for
   details)
  - if extensions can be packaged as JARs and these JARs could
  include
web fragments [1] it would mean the possibility to deploy
custom
servlets onto existing Engine instance (in context of webapp
that
processes extensions)
  - your custom Java servlet could query REST interface (or be
  notified
once something happens, but AFAIK we don't have that
implemented
yet)
and do whatever logic is needed
  - once I asked Alon about ^^ but never got response from him
  - IMHO this would be a nice way to deploy custom Java code on
  Engine
   
   [1]
   https://blogs.oracle.com/swchan/entry/servlet_3_0_web_fragment
   
   1, improve UI plugin API
  - add VirtualMachineDataLoaded event fired upon each refresh
  of
VM data in UI table (generalization - {Entity}DataLoaded)
  - this is similar to existing {Entity}SelectionChange events
  
  relying on changes in the UI table is a bad idea:
  
  (1) potentially missing events:
  the UI displays paginated data; if my VMs are sorted by name, and
  I have 1000 VMs in my setup, and I just added a VM named z, it
  will
  be added to the last page which is not displayed right now, so I
  wouldn't even be aware that something was added.
  
  (2) potentially creating fake events:
  changes in the displayed data in the UI can occur due to change in
  the
  Search query; if I have 50 VMs in my setup, and I initially had the
  Vms: search query, and now I change it to VMs: name = a*, which
  results in displaying only 10 VMs, this may falsely hint on removal
  of 40 VMs from the system.
 
 Agreed, that was a bad idea :) UI data is constrained by things like
 search query, pagination, sorting etc. Scratch my previous idea.
 
 As mentioned before, notification of relevant events occuring in
 system
 should be the way to go. Either Engine will provide mechanism to
 notify
 other systems (i.e. email notifier) or other system will
 poll/listen-to
 changes in Engine (i.e. via REST API).
 
 Idea for consideration, if every change to oVirt system would be sent
 to some event bus, we could easily implement different notification
 mechanisms (like websocket in addition to email), and web apps living
 in Engine EAR context could also register to that event bus (imagine
 WebAdmin servlet that listens for changes and pushes them to
 clients).

This can/should be done through the notification service,
currently it supports email  snmp traps ... but it could be extended
(very
easily)
   
   Cool, maybe something we could

Re: [ovirt-users] User management

2014-11-07 Thread Yair Zaslavsky


- Original Message -
 From: Koen Vanoppen vanoppen.k...@gmail.com
 To: users@ovirt.org
 Sent: Friday, November 7, 2014 1:01:13 PM
 Subject: [ovirt-users] User management
 
 Dear all,
 
 I have a question concerning the creation of VM's. Is there a way to see
 which user (Ldap login) created wich VM? Can we somehow query this trough
 the API?

Well, at first I thought this should be done by browsing the permissions 
collection in REST-API, but then I realized that we can get this info from the 
events
for example -

YOUR_URL:/api/events

then you will see something like -

Vm my-vm-13 was created by a...@acme.com

Cheers,
Yair

 
 Kind regards,
 
 Koen
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] how to 'reset' a failed install?

2014-11-07 Thread Yair Zaslavsky


- Original Message -
 From: Robert Story rst...@tislabs.com
 To: users@ovirt.org
 Sent: Saturday, November 8, 2014 3:09:02 AM
 Subject: [ovirt-users] how to 'reset' a failed install?
 
 I've been doing lots of unsuccessful 3.5 hosted-engine installs in my lab,
 where it's easy for me to re-install the OS if I need to start over. Now I
 need to try an install in a remote datacenter where I won't be able to
 re-install the OS. So I was wondering if there is a way to 'reset' a failed
 install so that another install can be attempted...
 
 My thoughts so far are:
 
 - stop vdsm, supervdsm, and libvirt
 - use etckeeper to reset everything under /etc
 - delete old log files
 - delete hosted_engine storage domain on storage (if install got that far)
 - restart vdsm, supervdsm, and libvirt
 
 What am I missing? Maybe some remnants in /var (hmm, probably the vdsm
 persistent config)? Anything else?

The VDSM log to be erased?

Out of curiosity, do you want to automate this process?

CC'ing Alon and Sandro who can probably give more meaningful advice than me.

Cheers,
Yair


 
 
 Robert
 
 --
 Senior Software Engineer @ Parsons
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] webhook

2014-11-06 Thread Yair Zaslavsky
 it
would be to implement the infrastructure for that.
If the latter: this will catch actions that were performed either
via the GUI or outside the GUI; in this case, it would probably be
better to use an Engine extension API (solution 0 above) rather
than a UI plugin, since it will be more reliable, will be active
even when the GUI is not in use, etc.
   
   It was meant simply as polling Engine via oVirtJS / REST API.
   
   But then again, any UI plugin-based solution has the drawback that
   web GUI must be active (open) in order for plugin to be active.
   

 
 The disadvantage of 1, and 2, is that WebAdmin GUI must be open.
 In any case, if you'd like to explore the possibility of doing this
 via UI plugin, I'm here to help.
 
 Vojtech
 
 
 - Original Message -
  From: Oved Ourfali ov...@redhat.com
  To: Yair Zaslavsky yzasl...@redhat.com
  Cc: Koen Vanoppen vanoppen.k...@gmail.com, users@ovirt.org,
  Vojtech
  Szocs vsz...@redhat.com
  Sent: Thursday, October 30, 2014 2:10:12 PM
  Subject: Re: [ovirt-users] webhook
  
  Hi
  
  CC-ing also Vojtech, the father of the UI plugins.
  
  Anyway, the only way to accomplish that via UI plugins at the
  moment
  is
  via
  adding a new action menu item, that in the background deleted the
  VM,
  and
  reports to Foreman.
  I would be nice to have a hook for different UI action items, but
  it
  isn't
  available at the moment.
  There are plenty code samples for UI plugins, most of them
  available
  at:
  http://www.ovirt.org/Features/UIPlugins
  
  I must say that I'm not sure webhooks are the right approach for
  that,
  as
  I
  guess it is relevant only in environments in which one doesn't use
  the
  API/CLI/SDK
  but.. it will be a cool feature!
  
  Regards,
  Oved
  
  - Original Message -
   From: Yair Zaslavsky yzasl...@redhat.com
   To: Koen Vanoppen vanoppen.k...@gmail.com
   Cc: Oved Ourfali ov...@redhat.com, users@ovirt.org
   Sent: Thursday, October 30, 2014 1:44:38 PM
   Subject: Re: [ovirt-users] webhook
   
   Oved - can we implement something like this using ui-plugins?
   
   
   - Original Message -
From: Koen Vanoppen vanoppen.k...@gmail.com
To: users@ovirt.org
Sent: Monday, October 27, 2014 4:06:40 PM
Subject: [ovirt-users] webhook

Hi all,

Just a quick question. Is it possible to set a webhook on the
removal
and
creation of a new vm? So we can send to foreman a delete action
when
the
VM
is deleted...

Kind regards,

Koen

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

   ___
   Users mailing list
   Users@ovirt.org
   http://lists.ovirt.org/mailman/listinfo/users
   
  
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 

   ___
   Users mailing list
   Users@ovirt.org
   http://lists.ovirt.org/mailman/listinfo/users
   
   
   
  
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Cancelling a running task

2014-11-05 Thread Yair Zaslavsky


- Original Message -
 From: Liron Aravot lara...@redhat.com
 To: Eli Mesika emes...@redhat.com
 Cc: users@ovirt.org
 Sent: Wednesday, November 5, 2014 2:51:37 PM
 Subject: Re: [ovirt-users] Cancelling a running task
 
 
 
 - Original Message -
  From: Eli Mesika emes...@redhat.com
  To: Daniel Lang daniel.l...@redi.com
  Cc: users@ovirt.org
  Sent: Wednesday, November 5, 2014 2:23:00 PM
  Subject: Re: [ovirt-users] Cancelling a running task
  
  
  
  - Original Message -
   From: Daniel Lang daniel.l...@redi.com
   To: users@ovirt.org users@ovirt.org
   Sent: Tuesday, November 4, 2014 6:24:48 PM
   Subject: [ovirt-users] Cancelling a running task
   
   
   
   I am creating a VM and the copy from template operation has gone haywire
   causing significant performance issues on the host server. I’d like to
   cancel the copying image action (it’s been running ~3hours on a 3GB disk
   image copy) but I cannot find anything in the web UI to cancel a task. Is
   there a command line tool to cancel the running task?
  
  login to your SPM host and run the following
  
  vdsClient -s 0 getAllTasksStatuses
  
  You can than use
  
  stopTask
  TaskID
  stop async task
  
  and then
  
  clearTask
  TaskID
  clear async task
  
  
  
 I suggest to only stop the task/tasks and let the ovirt engine to perform the
 clearance of the tasks.

+1 - I agree with Liron.
Let AsyncTaskManager handle the task clearing - it will also remove relevant 
entries from db.
Ravi, what do you think?

 
   
   
   
   The oVirt version is 3.4 and vdsm version 4.14.
   
   
   
   Thanks for any advice or links to documentation/man pages.
   
   
   
   Daniel Lang
   
   © Copyright 2014 REDI Global Technologies LLC (“REDI”), member FINRA,
   SIPC.
   All rights reserved. The information contained in and accompanying this
   communication may be confidential, subject to legal privilege, or
   otherwise
   protected from disclosure, and is intended solely for the use of the
   intended recipient(s). If you are not the intended recipient of this
   communication, please delete and destroy all copies in your possession,
   notify the sender that you have received this communication in error, and
   note that any review or dissemination of, or the taking of any action in
   reliance on, this communication is expressly prohibited. E-mail messages
   may
   contain computer viruses or other defects, may not be accurately
   replicated
   on other systems, or may be intercepted, deleted or interfered with
   without
   the knowledge of the sender or the intended recipient. REDI makes no
   warranties in relation to these matters. Please note that REDI reserves
   the
   right to intercept, monitor, and retain e-mail messages to and from its
   systems as permitted by applicable law. If you are not comfortable with
   the
   risks associated with e-mail messages, you may decide not to use e-mail
   to
   communicate with REDI.
   
   ___
   Users mailing list
   Users@ovirt.org
   http://lists.ovirt.org/mailman/listinfo/users
   
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
  
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] [ovirt-devel] [RFC] oVirt mobile client

2014-10-31 Thread Yair Zaslavsky


- Original Message -
 From: Greg Sheremeta gsher...@redhat.com
 To: users users@ovirt.org, de...@ovirt.org
 Sent: Friday, October 31, 2014 3:49:11 AM
 Subject: [ovirt-devel] [RFC] oVirt mobile client
 
 Hi,
 
 The focus of our OPW internship program starting in December will be
 mobile and/or lightweight engine clients -- hopefully integrating the
 new ovirt.js project.

+100

Sorry for the ignorant question - does this mean the technology will be web 
based or native? (i.e - java on top of android, Swift/Objective-C on top of IOS)


 
 I see that there are some already existing mobile clients for oVirt.
 I'm trying to grasp what we have and what the needs are.
 
 moVirt: https://github.com/matobet/moVirt (mbetak)
 This appears to be more of a lightweight webadmin. No console access,
 but I believe it's planned as part of OPW. (?)

I spoke with mbetak about this a few months ago.
When you speak of console, you mean to actually view the VM using spice? sounds 
very interesting.
If I recall, Alon levy (a former red hatter) worked on some spice 
implementation for html5 or something like that.

Anyway, back in TLV I also had some ideas around that. Do you have some IRC 
meetings or something that I can join?

Cheers,
Yair


 
 nomad: http://www.ovirt.org/Project_Proposal_-_Nomad and
 https://github.com/Vizuri/ovirt-nomad
 Looks dead -- last commit 3 years ago.
 Anyone know more about this one?
 
 That's all I see on the first few pages of google.
 
 When I think of a mobile client for oVirt, I think the most useful
 part would be the user portal -- simple operations for start, stop,
 and the ability to view the console of vms. moVirt mentions it wants
 to support some basic management operations, though. I think it would
 be difficult to do complex management in a mobile client. (I'm biased
 towards huge screens, though.)
 
 I'd like to see an official subproject started that coordinates our
 mobile efforts.
 
 Is this possible? What would it take to start it?
 
 What would people like to see in such an app?
 
 Greg Sheremeta
 Red Hat, Inc.
 Sr. Software Engineer, RHEV
 Cell: 919-807-1086
 gsher...@redhat.com
 ___
 Devel mailing list
 de...@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/devel
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] [ovirt-devel] [RFC] oVirt mobile client

2014-10-31 Thread Yair Zaslavsky


- Original Message -
 From: Yair Zaslavsky yzasl...@redhat.com
 To: Greg Sheremeta gsher...@redhat.com
 Cc: users users@ovirt.org, de...@ovirt.org
 Sent: Friday, October 31, 2014 8:03:58 AM
 Subject: Re: [ovirt-users] [ovirt-devel] [RFC] oVirt mobile client
 
 
 
 - Original Message -
  From: Greg Sheremeta gsher...@redhat.com
  To: users users@ovirt.org, de...@ovirt.org
  Sent: Friday, October 31, 2014 3:49:11 AM
  Subject: [ovirt-devel] [RFC] oVirt mobile client
  
  Hi,
  
  The focus of our OPW internship program starting in December will be
  mobile and/or lightweight engine clients -- hopefully integrating the
  new ovirt.js project.
 
 +100
 
 Sorry for the ignorant question - does this mean the technology will be web
 based or native? (i.e - java on top of android, Swift/Objective-C on top of
 IOS)
 
 
  
  I see that there are some already existing mobile clients for oVirt.
  I'm trying to grasp what we have and what the needs are.
  
  moVirt: https://github.com/matobet/moVirt (mbetak)
  This appears to be more of a lightweight webadmin. No console access,
  but I believe it's planned as part of OPW. (?)
 
 I spoke with mbetak about this a few months ago.
 When you speak of console, you mean to actually view the VM using spice?
 sounds very interesting.
 If I recall, Alon levy (a former red hatter) worked on some spice
 implementation for html5 or something like that.
 
 Anyway, back in TLV I also had some ideas around that. Do you have some IRC
 meetings or something that I can join?
 
 Cheers,
 Yair
 
 
  
  nomad: http://www.ovirt.org/Project_Proposal_-_Nomad and
  https://github.com/Vizuri/ovirt-nomad
  Looks dead -- last commit 3 years ago.
  Anyone know more about this one?
  
  That's all I see on the first few pages of google.
  
  When I think of a mobile client for oVirt, I think the most useful
  part would be the user portal -- simple operations for start, stop,
  and the ability to view the console of vms. moVirt mentions it wants
  to support some basic management operations, though. I think it would
  be difficult to do complex management in a mobile client. (I'm biased
  towards huge screens, though.)

Sorry, I was very excited about the news, so I forgot to answer the rest.
I agree about user portal - sounds good to begin with. 
Another idea I had in the past is to have an app (push-based) that will push 
events to a special client.
We will have a push sever that will get notifications from the event notifier, 
and this server will push the events to registered clients.

  
  I'd like to see an official subproject started that coordinates our
  mobile efforts.
  
  Is this possible? What would it take to start it?

What do you mean is that possible? technically sounds feasible to me (well, 
we'll need to figure out about the console, but an mgmt app without the 
console, why not?) )

  
  What would people like to see in such an app?
  
  Greg Sheremeta
  Red Hat, Inc.
  Sr. Software Engineer, RHEV
  Cell: 919-807-1086
  gsher...@redhat.com
  ___
  Devel mailing list
  de...@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/devel
  
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] [ovirt-devel] [RFC] oVirt mobile client

2014-10-31 Thread Yair Zaslavsky


- Original Message -
 From: Yair Zaslavsky yzasl...@redhat.com
 To: Greg Sheremeta gsher...@redhat.com
 Cc: users users@ovirt.org, de...@ovirt.org
 Sent: Friday, October 31, 2014 12:16:33 PM
 Subject: Re: [ovirt-users] [ovirt-devel] [RFC] oVirt mobile client
 
 
 
 - Original Message -
  From: Yair Zaslavsky yzasl...@redhat.com
  To: Greg Sheremeta gsher...@redhat.com
  Cc: users users@ovirt.org, de...@ovirt.org
  Sent: Friday, October 31, 2014 8:03:58 AM
  Subject: Re: [ovirt-users] [ovirt-devel] [RFC] oVirt mobile client
  
  
  
  - Original Message -
   From: Greg Sheremeta gsher...@redhat.com
   To: users users@ovirt.org, de...@ovirt.org
   Sent: Friday, October 31, 2014 3:49:11 AM
   Subject: [ovirt-devel] [RFC] oVirt mobile client
   
   Hi,
   
   The focus of our OPW internship program starting in December will be
   mobile and/or lightweight engine clients -- hopefully integrating the
   new ovirt.js project.
  
  +100
  
  Sorry for the ignorant question - does this mean the technology will be web
  based or native? (i.e - java on top of android, Swift/Objective-C on top of
  IOS)
  
  
   
   I see that there are some already existing mobile clients for oVirt.
   I'm trying to grasp what we have and what the needs are.
   
   moVirt: https://github.com/matobet/moVirt (mbetak)
   This appears to be more of a lightweight webadmin. No console access,
   but I believe it's planned as part of OPW. (?)
  
  I spoke with mbetak about this a few months ago.
  When you speak of console, you mean to actually view the VM using spice?
  sounds very interesting.
  If I recall, Alon levy (a former red hatter) worked on some spice
  implementation for html5 or something like that.
  
  Anyway, back in TLV I also had some ideas around that. Do you have some IRC
  meetings or something that I can join?
  
  Cheers,
  Yair
  
  
   
   nomad: http://www.ovirt.org/Project_Proposal_-_Nomad and
   https://github.com/Vizuri/ovirt-nomad
   Looks dead -- last commit 3 years ago.
   Anyone know more about this one?
   
   That's all I see on the first few pages of google.
   
   When I think of a mobile client for oVirt, I think the most useful
   part would be the user portal -- simple operations for start, stop,
   and the ability to view the console of vms. moVirt mentions it wants
   to support some basic management operations, though. I think it would
   be difficult to do complex management in a mobile client. (I'm biased
   towards huge screens, though.)
 
 Sorry, I was very excited about the news, so I forgot to answer the rest.
 I agree about user portal - sounds good to begin with.
 Another idea I had in the past is to have an app (push-based) that will push
 events to a special client.
 We will have a push sever that will get notifications from the event
 notifier, and this server will push the events to registered clients.
 
   
   I'd like to see an official subproject started that coordinates our
   mobile efforts.
   
   Is this possible? What would it take to start it?
 
 What do you mean is that possible? technically sounds feasible to me (well,
 we'll need to figure out about the console, but an mgmt app without the
 console, why not?) )
 
   
   What would people like to see in such an app?

Regarding console - I guess this link has to do with how to display a web page 
in native app (I asked a mobile developer friend of mine)  -

http://developer.android.com/reference/android/webkit/WebView.html

And this ovirt page can help with spice client for html5 ?

http://www.ovirt.org/Features/SpiceHTML5

Cheers,
Yair


   
   Greg Sheremeta
   Red Hat, Inc.
   Sr. Software Engineer, RHEV
   Cell: 919-807-1086
   gsher...@redhat.com
   ___
   Devel mailing list
   de...@ovirt.org
   http://lists.ovirt.org/mailman/listinfo/devel
   
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
  
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] webhook

2014-10-31 Thread Yair Zaslavsky


- Original Message -
 From: Einav Cohen eco...@redhat.com
 To: Vojtech Szocs vsz...@redhat.com
 Cc: Oved Ourfali ov...@redhat.com, users@ovirt.org
 Sent: Friday, October 31, 2014 9:01:34 PM
 Subject: Re: [ovirt-users] webhook
 
  - Original Message -
  From: Vojtech Szocs vsz...@redhat.com
  Sent: Friday, October 31, 2014 11:51:53 AM
  
  Hi,
  
  if I get this correctly, you'd like to be notified when certain event
  happens (VM created/deleted/etc.) and react upon that. I see multiple
  possible approaches here:
  
  0, improve Engine extension API (refer to Alon Bar-Lev for details)
 - if extensions can be packaged as JARs and these JARs could include
   web fragments [1] it would mean the possibility to deploy custom
   servlets onto existing Engine instance (in context of webapp that
   processes extensions)
 - your custom Java servlet could query REST interface (or be notified
   once something happens, but AFAIK we don't have that implemented yet)
   and do whatever logic is needed
 - once I asked Alon about ^^ but never got response from him
 - IMHO this would be a nice way to deploy custom Java code on Engine

Please allow me to step in as someone who worked on the extensions API as well,
There are more missing bits here.
You are referring to the webapp side, but this is not enough.
We have also the engine side which has to become more pluggable.
In addition, we will probably need to handle all kinds of issues that rise from 
our singletons at engine - class loading might be an issue here, no?
You don't want the X-ton (doubleton, tripleton, etc..) phenomena in your 
setup - you don't want for example X instances of AsyncTaskManager.
I think that in general we should strive to turn engine into way more 
pluggable/modular than it is now, imagine an engine microkernel (for those of 
you who did not hear the term microkernel, I am referring you to jboss 
architecture) - we should have a thin microkernel and the rest of the code 
should be pluggable, using the extension API (and perhaps web fragments as 
well).
What do you think?

  
  [1] https://blogs.oracle.com/swchan/entry/servlet_3_0_web_fragment
  
  1, improve UI plugin API
 - add VirtualMachineDataLoaded event fired upon each refresh of
   VM data in UI table (generalization - {Entity}DataLoaded)
 - this is similar to existing {Entity}SelectionChange events
 
 relying on changes in the UI table is a bad idea:
 
 (1) potentially missing events:
 the UI displays paginated data; if my VMs are sorted by name, and
 I have 1000 VMs in my setup, and I just added a VM named z, it will
 be added to the last page which is not displayed right now, so I
 wouldn't even be aware that something was added.
 
 (2) potentially creating fake events:
 changes in the displayed data in the UI can occur due to change in the
 Search query; if I have 50 VMs in my setup, and I initially had the
 Vms: search query, and now I change it to VMs: name = a*, which
 results in displaying only 10 VMs, this may falsely hint on removal
 of 40 VMs from the system.
 
  
  2, write UI plugin that uses oVirtJS to periodically check VM events
 
 not sure if this is referring to VM-related events in the code (e.g.
 hooking to the click on OK within the New VM / Remove VM dialog,
 or hooking to the Success callback of the action response, or
 something similar), or to the VM-related Events (i.e. the ones that
 are displayed in the GUI within the Events main-tab / bottom section).
 If the former: can be done, I assume, though not sure how complex it
 would be to implement the infrastructure for that.
 If the latter: this will catch actions that were performed either
 via the GUI or outside the GUI; in this case, it would probably be
 better to use an Engine extension API (solution 0 above) rather
 than a UI plugin, since it will be more reliable, will be active
 even when the GUI is not in use, etc.
 
  
  The disadvantage of 1, and 2, is that WebAdmin GUI must be open.
  In any case, if you'd like to explore the possibility of doing this
  via UI plugin, I'm here to help.
  
  Vojtech
  
  
  - Original Message -
   From: Oved Ourfali ov...@redhat.com
   To: Yair Zaslavsky yzasl...@redhat.com
   Cc: Koen Vanoppen vanoppen.k...@gmail.com, users@ovirt.org, Vojtech
   Szocs vsz...@redhat.com
   Sent: Thursday, October 30, 2014 2:10:12 PM
   Subject: Re: [ovirt-users] webhook
   
   Hi
   
   CC-ing also Vojtech, the father of the UI plugins.
   
   Anyway, the only way to accomplish that via UI plugins at the moment is
   via
   adding a new action menu item, that in the background deleted the VM,
   and
   reports to Foreman.
   I would be nice to have a hook for different UI action items, but it
   isn't
   available at the moment.
   There are plenty code samples for UI plugins, most of them available at:
   http://www.ovirt.org/Features/UIPlugins
   
   I must say that I'm not sure webhooks are the right

Re: [ovirt-users] webhook

2014-10-30 Thread Yair Zaslavsky
Oved - can we implement something like this using ui-plugins?


- Original Message -
 From: Koen Vanoppen vanoppen.k...@gmail.com
 To: users@ovirt.org
 Sent: Monday, October 27, 2014 4:06:40 PM
 Subject: [ovirt-users] webhook
 
 Hi all,
 
 Just a quick question. Is it possible to set a webhook on the removal and
 creation of a new vm? So we can send to foreman a delete action when the VM
 is deleted...
 
 Kind regards,
 
 Koen
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] webhook

2014-10-30 Thread Yair Zaslavsky


- Original Message -
 From: Barak Azulay bazu...@redhat.com
 To: Omer Frenkel ofren...@redhat.com, vanoppen koen 
 vanoppen.k...@gmail.com, Mooli Tayer
 mta...@redhat.com
 Cc: Oved Ourfali ov...@redhat.com, users@ovirt.org
 Sent: Thursday, October 30, 2014 11:10:55 PM
 Subject: Re: [ovirt-users] webhook
 
 
 
 - Original Message -
  From: Barak Azulay bazu...@redhat.com
  To: Omer Frenkel ofren...@redhat.com, vanoppen koen
  vanoppen.k...@gmail.com
  Cc: Oved Ourfali ov...@redhat.com, users@ovirt.org
  Sent: Thursday, October 30, 2014 10:55:56 PM
  Subject: Re: [ovirt-users] webhook
  
  
  
  - Original Message -
   From: Omer Frenkel ofren...@redhat.com
   To: Oved Ourfali ov...@redhat.com, Yair Zaslavsky
   yzasl...@redhat.com
   Cc: users@ovirt.org
   Sent: Thursday, October 30, 2014 3:54:37 PM
   Subject: Re: [ovirt-users] webhook
   
   can't the event-notifications be used?
   notify some email on delete operation (not sure there is a notification
   for
   this today..)
   and hook on the email to run the script?
  
  I agree that notification sounds like the best option,
  Although I would use the SNMP traps for that.
  If you already have a SNMP monitoring system you can catch the trap there
  and
  do your foreman magic.
 
 
 I assume the relevant notification is USER_REMOVE_VM_FINISHED(113)
 Mooli / Omer please approve .

+1
From what I saw this is the relevant event.
Which has the textual represenation of VM ${VmName} was successfully removed

 
  
   
   - Original Message -
From: Oved Ourfali ov...@redhat.com
To: Yair Zaslavsky yzasl...@redhat.com
Cc: users@ovirt.org
Sent: Thursday, October 30, 2014 3:10:12 PM
Subject: Re: [ovirt-users] webhook

Hi

CC-ing also Vojtech, the father of the UI plugins.

Anyway, the only way to accomplish that via UI plugins at the moment is
via
adding a new action menu item, that in the background deleted the VM,
and
reports to Foreman.
I would be nice to have a hook for different UI action items, but it
isn't
available at the moment.
There are plenty code samples for UI plugins, most of them available
at:
http://www.ovirt.org/Features/UIPlugins

I must say that I'm not sure webhooks are the right approach for that,
as
I
guess it is relevant only in environments in which one doesn't use the
API/CLI/SDK
but.. it will be a cool feature!

Regards,
Oved

- Original Message -
 From: Yair Zaslavsky yzasl...@redhat.com
 To: Koen Vanoppen vanoppen.k...@gmail.com
 Cc: Oved Ourfali ov...@redhat.com, users@ovirt.org
 Sent: Thursday, October 30, 2014 1:44:38 PM
 Subject: Re: [ovirt-users] webhook
 
 Oved - can we implement something like this using ui-plugins?
 
 
 - Original Message -
  From: Koen Vanoppen vanoppen.k...@gmail.com
  To: users@ovirt.org
  Sent: Monday, October 27, 2014 4:06:40 PM
  Subject: [ovirt-users] webhook
  
  Hi all,
  
  Just a quick question. Is it possible to set a webhook on the
  removal
  and
  creation of a new vm? So we can send to foreman a delete action
  when
  the
  VM
  is deleted...
  
  Kind regards,
  
  Koen
  
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
  
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

   ___
   Users mailing list
   Users@ovirt.org
   http://lists.ovirt.org/mailman/listinfo/users
   
   
   
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
  
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Live snapshot failed but still there ??

2014-10-29 Thread Yair Zaslavsky


- Original Message -
 From: Punit Dambiwal hypu...@gmail.com
 To: users@ovirt.org
 Sent: Wednesday, October 29, 2014 4:59:12 AM
 Subject: [ovirt-users] Live snapshot failed but still there ??
 
 Hi,
 
 I try to create the live snapshot it failed because of the VM filesystem
 inconsistency but in the engine dashboard it shows it created ??
 
 Screen shots attached

Can you attach relevant engine.log and server.log?

 
 Thanks,
 Punit
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] [Fwd: options for root and password]

2014-10-21 Thread Yair Zaslavsky


- Original Message -
 From: Alon Bar-Lev alo...@redhat.com
 To: Sven Kieske s.kie...@mittwald.de
 Cc: users@ovirt.org
 Sent: Tuesday, October 21, 2014 10:49:02 AM
 Subject: Re: [ovirt-users] [Fwd: options for root and password]
 
 
 
 - Original Message -
  From: Sven Kieske s.kie...@mittwald.de
  To: users@ovirt.org
  Sent: Tuesday, October 21, 2014 10:40:39 AM
  Subject: Re: [ovirt-users] [Fwd: options for root and password]
  
  
  On 21/10/14 09:21, Sven Kieske wrote:
   I don't know if this is still valid, I don't find any
   options regarding public/private keys in ovirt 3.3. but
   I would be very interested in this topic to tighten security.
  
  It just turns out this already works in ovirt 3.3.2
  maybe even earlier, but I would like to know
  if the point about host key validation on the mentioned wiki
  page is still true, as I think this would be cve-worthy.
 
 When host is added its ssh fingerprint is recorded in database, and is
 enforced from this point on.
 Only at Edit Host dialog it can be modified.
 You can also pre-fetch the fingerprint before adding the host at Add Host
 dialog in order to confirm that it is the correct host, it will add this
 fingerprint to database and enforce it when adding the host too.


CC'ing Yaniv Bronheim who was the feature owner for ssh fingerprint usage 
during host addition.
I guess Yaniv can confirm exactly which version it was added.


 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] ovirt presentation template -- google docs format?

2014-10-14 Thread Yair Zaslavsky


- Original Message -
 From: Lior Vernia lver...@redhat.com
 To: Greg Sheremeta gsher...@redhat.com
 Cc: Dave Neary dne...@redhat.com, users users@ovirt.org
 Sent: Wednesday, October 15, 2014 2:51:16 AM
 Subject: Re: [ovirt-users] ovirt presentation template -- google docs format?
 
 Speaking of which, may I hijack this thread in order to ask why we don't
 have a slideshow template that looks like a slideshow template? With
 non-white background, colors in general, some graphics/patterns,
 thought-out bullet design, etc.?

+1 here, you're more UI oriented person than I am , Lior , but now that you 
raised it, it suddenly popped into me as well - I would also like to see some 
improvement in that area.
Thanks for the initiative!

Yair

 
 This template just doesn't look like it means business. Not business
 as in the money-making way, business as in talking about a serious
 project with a serious brand. But maybe that's just me...
 
 On 14/10/14 16:06, Greg Sheremeta wrote:
  Anyone have a Google Docs format of this? [1]
  
  Alternatively, I can make one if someone can find me that logo. I can't
  find a
  high-res logo anywhere.
  
  [1] http://www.ovirt.org/File:OVirt-Template.odp
  
  Thanks,
  Greg
  
  Greg Sheremeta
  Red Hat, Inc.
  Sr. Software Engineer, RHEV
  Cell: 919-807-1086
  gsher...@redhat.com
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
  
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] How to mapping LDAP users in AAA

2014-10-13 Thread Yair Zaslavsky


- Original Message -
 From: lofyer lof...@gmail.com
 To: users users@ovirt.org
 Sent: Tuesday, October 14, 2014 5:10:56 AM
 Subject: [ovirt-users] How to mapping LDAP users in AAA
 
 I've got a LDAP server without kerberos and I am trying to intergrate
 its users to oVirt-3.5 with AAA.
 ==

Which ldap server is that, what vendor?

 /etc/ovirt-engine/aaa/example.properties:
 
 include = openldap.properties
 
 vars.user = cn=directory manager
 vars.password = mypassword
 vars.server = example.com
 
 #pool.default.ssl.startTLS = false
 #pool.default.ssl.truststore.file = /etc/ldap_tls/ca_cert.pem
 #pool.default.ssl.truststore.password = admin
 
 pool.default.serverset.single.server = ${global:vars.server}
 pool.default.auth.simple.bindDN = ${global:vars.user}
 pool.default.auth.simple.password = ${global:vars.password}
 ==
 
 This is my basic ldap infomation:
 
 ou=Groups
 |
 + cn=UserGroup1
 |
 + cn=UserGroup2
 
 ou=UserGroup1
 |
 + cn=user1
 |
 + cn=user2
 
 
 ou=UserGroup2
 |
 + cn=user3
 |
 + cn=user4
 
 ==
 
 Now I can see example.com in web portal but I cannot list users in UG1
 or UG2.
 
 I find that I could map DN, ID NAME, DISPLAY in the config file. What
 should I add in the config file then?
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt 3.4 + Ipa Server

2014-10-10 Thread Yair Zaslavsky


- Original Message -
 From: Alon Bar-Lev alo...@redhat.com
 To: Marcelo Donato don...@din.uem.br
 Cc: users@ovirt.org
 Sent: Thursday, October 9, 2014 8:30:47 PM
 Subject: Re: [ovirt-users] oVirt 3.4 + Ipa Server
 
 
 Can't help you with this one, but be aware that these kind of issues are all
 solved in 3.5 in which we do not mix kerberos and ldap.
 
 - Original Message -
  From: Marcelo Donato don...@din.uem.br
  To: users@ovirt.org
  Sent: Thursday, October 9, 2014 8:25:34 PM
  Subject: [ovirt-users] oVirt 3.4 + Ipa Server
  
  
  Hello,
  I've problems for utilization IPA Server with oVirt.
  Below is the error log and corresponding access, commands and log entries.
  Thanks for helping me.
  * Ipa
  Server - 10.30.0.25
  LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
  Distributor ID: CentOS
  Description: CentOS release 6.5 (Final)
  Release: 6.5
  Codename: Final
  # rpm -qa | grep ipa
  ipa-server-3.0.0-37.el6.x86_64
  ipa-pki-ca-theme-9.0.3-7.el6.noarch
  ipa-python-3.0.0-37.el6.x86_64
  ipa-pki-common-theme-9.0.3-7.el6.noarch
  ipa-admintools-3.0.0-37.el6.x86_64
  ipa-server-selinux-3.0.0-37.el6.x86_64
  ipa-client-3.0.0-37.el6.x86_64
  
  
  # dig _kerberos._ tcp.din.uem.br

Shouldn't this be dig SRV _kerberos._ tcp.din.uem.br ?

  
  ;  DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1  _kerberos._
  tcp.din.uem.br
  ;; global options: +cmd
  ;; Got answer:
  ;; -HEADER- opcode: QUERY, status: NOERROR, id: 34293
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
  
  ;; QUESTION SECTION:
  ;_kerberos._ tcp.din.uem.br . IN A
  
  ;; AUTHORITY SECTION:
  din.uem.br . 3600 IN SOA ns1.din.uem.br . root.din.uem.br . 2014100841 1800
  900 60480 3600
  
  ;; Query time: 1 msec
  ;; SERVER: 186.233.152.33#53(186.233.152.33)
  ;; WHEN: Thu Oct 9 14:19:05 2014
  ;; MSG SIZE rcvd: 88
  
  
  
  
  # dig _ldap._ tcp.din.uem.br
  
  ;  DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1  _ldap._
  tcp.din.uem.br
  ;; global options: +cmd
  ;; Got answer:
  ;; -HEADER- opcode: QUERY, status: NOERROR, id: 21167
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
  
  ;; QUESTION SECTION:
  ;_ldap._ tcp.din.uem.br . IN A
  
  ;; AUTHORITY SECTION:
  din.uem.br . 3600 IN SOA ns1.din.uem.br . root.din.uem.br . 2014100841 1800
  900 60480 3600
  
  ;; Query time: 1 msec
  ;; SERVER: 186.233.152.33#53(186.233.152.33)
  ;; WHEN: Thu Oct 9 14:20:16 2014
  ;; MSG SIZE rcvd: 84
  
  
  /var/log/dirsrv/slapd-DIN-UEM-BR/access
  -
  conn=3 op=210 SRCH base=dc=din,dc=uem,dc=br scope=2
  filter=((|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=
  ad...@din.uem.br )) attrs=krbPrincipalName krbCanonicalName
  ipaKrbPrincipalAlias krbUPEnabled k
  conn=3 op=210 RESULT err=0 tag=101 nentries=1 etime=0
  conn=3 op=211 SRCH base=cn= DIN.UEM.BR ,cn=kerberos,dc=din,dc=uem,dc=br
  scope=0 filter=(objectClass=krbticketpolicyaux) attrs=krbMaxTicketLife
  krbMaxRenewableAge krbTicketFlags
  conn=3 op=211 RESULT err=0 tag=101 nentries=1 etime=0
  conn=3 op=212 SRCH base=dc=din,dc=uem,dc=br scope=2
  filter=((|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/
  din.uem...@din.uem.br )(krbPrincipalName=krbtgt/DIN.UEM
  conn=3 op=212 RESULT err=0 tag=101 nentries=1 etime=0
  conn=3 op=213 SRCH base=cn=global_policy,cn= DIN.UEM.BR
  ,cn=kerberos,dc=din,dc=uem,dc=br scope=0 filter=(objectClass=*)
  attrs=krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength
  krbPwdHistoryLength krbPwdMaxFailure krbPwdF
  conn=3 op=213 RESULT err=0 tag=101 nentries=1 etime=0
  conn=50 fd=66 slot=66 connection from 10.30.0.23 to 10.30.0.25
  conn=50 op=-1 fd=66 closed error 34 (Numerical result out of range) - B2
  
  
  /var/log/ovirt-engine/engine-manage-domains.log
  -
  2014-10-09 11:23:05,901 INFO [org.ovirt.engine.core.utils.LocalConfig]
  Loaded
  file /usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.conf.
  2014-10-09 11:23:05,903 INFO [org.ovirt.engine.core.utils.LocalConfig] The
  file /etc/ovirt-engine/engine.conf doesn't exist or isn't readable. Will
  return an empty set of properties.
  2014-10-09 11:23:05,904 INFO [org.ovirt.engine.core.utils.LocalConfig]
  Loaded
  file /etc/ovirt-engine/engine.conf.d/10-setup-database.conf.
  2014-10-09 11:23:05,905 INFO [org.ovirt.engine.core.utils.LocalConfig]
  Loaded
  file /etc/ovirt-engine/engine.conf.d/10-setup-jboss.conf.
  2014-10-09 11:23:05,906 INFO [org.ovirt.engine.core.utils.LocalConfig]
  Loaded
  file /etc/ovirt-engine/engine.conf.d/10-setup-pki.conf.
  2014-10-09 11:23:05,907 INFO 

Re: [ovirt-users] oVirt 3.4 + Ipa Server

2014-10-10 Thread Yair Zaslavsky


- Original Message -
 From: Marcelo Donato don...@din.uem.br
 To: Yair Zaslavsky yzasl...@redhat.com
 Cc: Alon Bar-Lev alo...@redhat.com, users@ovirt.org
 Sent: Friday, October 10, 2014 3:20:57 PM
 Subject: Re: [ovirt-users] oVirt 3.4 + Ipa Server
 
 Below is result.
 
 
 # dig SRV _kerberos._ tcp.din.uem.br
 
 ;  DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1  SRV _kerberos._
 tcp.din.uem.br
 ;; global options: +cmd
 ;; Got answer:
 ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 55207
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
 
 ;; QUESTION SECTION:
 ;_kerberos._. IN SRV
 
 ;; AUTHORITY SECTION:
 . 10668 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2014101000 1800
 900 604800 86400

The resutlt is invalid -
I have tried it myself with an unexisting DNS entry - got the same.
You probably have some issue with your IPA setup, I'm afraid.

The result should contain answer section

; ANSWER SECTION:
_kerberos._tcp.yair.test. 600 IN SRV 0 100 88 machine1.yair.test.
_kerberos._tcp.yair.test. 600 IN SRV 0 100 88 machine2.yair.test.

Notice the number 88 - that's the default port number for kerberos.


 
 ;; Query time: 1 msec
 ;; SERVER: 10.30.0.15#53(10.30.0.15)
 ;; WHEN: Fri Oct 10 09:15:56 2014
 ;; MSG SIZE  rcvd: 104
 
 ;; Got answer:
 ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 9293
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
 
 ;; QUESTION SECTION:
 ;tcp.din.uem.br. IN SRV
 
 ;; AUTHORITY SECTION:
 din.uem.br. 3468 IN SOA ns2.din.uem.br. analistas.din.uem.br. 2014032613
 1800 900 60480 3600
 
 ;; Query time: 0 msec
 ;; SERVER: 10.30.0.15#53(10.30.0.15)
 ;; WHEN: Fri Oct 10 09:15:56 2014
 ;; MSG SIZE  rcvd: 82
 
 
 
 
 --
 Ao encaminhar esta mensagem, por favor:
 1. Apague o meu e-mail e o meu nome.
 2. Apague também os endereços dos amigos antes de reenviar
 3. Use Cco ou Bcc para enviar mensagens!
 Dificulte a disseminação de vírus e spam.
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] New Feature: engine NIC health check

2014-10-10 Thread Yair Zaslavsky


- Original Message -
 From: Martin Mucha mmu...@redhat.com
 To: engine-de...@ovirt.org, users@ovirt.org
 Sent: Wednesday, October 8, 2014 2:33:06 PM
 Subject: [ovirt-users] New Feature: engine NIC health check
 
 Hi,
 
 here's link for new feature, related to monitoring engine's NIC, trying to
 detect failure on engine itself and it that case block fencing.
 http://www.ovirt.org/Features/engine_NIC_health_check
 
 thanks for every input, namely for one addressing some of opened issues.
 
 M.

I was curious  on how you perform the health check, so I read the feature page 
- good to learn more Java :)
Regarding open issues -
a. Yes, IMHO the scanning interval should be configured via engine-config - do 
you see a reason why not to do that? Maybe we should set a minimal interval 
value and enforSce it?
b. Same for the no faiures since.. interval
c. I dont like the name of the table you're suggesting. Please consider an 
alternative. Also you may want to consider having a view that returns you the 
static infomration of the nic + the stats part (dynamic part? maybe just 
nic_state ? ) Why would u like to purge old data and not just hold a record per 
nic and update per each interval? in this case, no purging is required.
Maybe for DWH you will want some info on the history of the status of the 
nics... but I'm not sure if this is relevant for now.
d. If you go with my view suggestion, you  might consider displaying the 
state at REST-API

Yair

 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Getting Started with oVirt

2014-10-03 Thread Yair Zaslavsky
Hi Saloni,
Welcome to oVirt :)
Several answers to get you started -
First of all, check out the project homepage -

http://www.ovirt.org/Home

Look at the download page -

http://www.ovirt.org/Download

For development (including how to get the code) - look here -

http://www.ovirt.org/Develop

And also subscribe to de...@ovirt.org mailing list

You can also find many useful youtube videos that were created by my 
colleagues, for example this one,
a lecture held by one of the manintainers -

https://www.youtube.com/watch?v=O6LAQxBzf6g

You can also find us on IRC - irc.oftc.net , #ovirt (for example,my nick there 
is yzaslavs) - feel free to drop by and ask questions


I hope all this helps,

Yair




- Original Message -
 From: Saloni Baweja salonibawej...@gmail.com
 To: users@ovirt.org
 Sent: Friday, October 3, 2014 6:14:10 PM
 Subject: [ovirt-users] Getting Started with oVirt
 
 I am an aspirant for OPW and found oVirt interesting. But, I don't
 know much about virtualized networks, storage etc and am just a
 beginner. It would be great if I get guidance about how to start
 understanding about oVirt, what exactly is oVirt. How can I get
 acquainted with oVirt and understand its code, working ( as a mere
 beginner ) so that I can start contributing towards this ?
 --
 Build your own dreams, or someone else will hire you to build theirs. ;)
 
 Saloni Baweja
 
 Blog: salonibaweja10.wordpress.com/
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] ovirt-engine admin GUI

2014-09-30 Thread Yair Zaslavsky


- Original Message -
 From: Eli Mesika emes...@redhat.com
 To: Simon Barrett simon.barr...@tradingscreen.com
 Cc: users@ovirt.org
 Sent: Tuesday, September 30, 2014 5:31:00 PM
 Subject: Re: [ovirt-users] ovirt-engine admin GUI
 
 
 
 - Original Message -
  From: Simon Barrett simon.barr...@tradingscreen.com
  To: users@ovirt.org
  Sent: Tuesday, September 30, 2014 3:37:37 PM
  Subject: [ovirt-users] ovirt-engine admin GUI
  
  
  
  Is there a way to configure the “pause” button to prompt with a
  confirmation
  dialog box in the same way that the “shutdown” button does (Are you sure
  you
  want to Shut down the following Virtual Machines?) . VM’s with large
  amounts
  of memory in use take a while to pause so could be out of action for a
  while
  if pause was clicked by mistake.
  
  
  
  I looked through the engine-config options but couldn’t see anything.

IMHO, I think the word configure is somewhat misleading, hence I would not 
expect this to be at engine-config, this should probably be pure UI stuff.
 
 Seems like it is not supported in 3.5 , you can open a RFE on oVirt
 https://bugzilla.redhat.com/enter_bug.cgi?product=oVirt

+1

 
  
  
  
  Thanks,
  
  
  
  Simon
  
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
  
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] error to add domain in rhevm

2014-09-18 Thread Yair Zaslavsky


- Original Message -
 From: linisha m linish...@cms.com
 To: users@ovirt.org
 Sent: Thursday, September 18, 2014 3:08:20 PM
 Subject: [ovirt-users] error to add domain in rhevm
 
 Sir
  I can’t  add domain using the command rhevm-manage-domains. The command
 that I executed is rhevm-manage-domains –action=add –domain=example.com
 –user=rhevadmin –provider=IPA –interactive.
 The error is Failed to find example.com domain, client not find un
 Kerberos database.
 Can u please tell me the solution for this problem as far as possible.
 
 
 
 Thanks
 Linisha M


Hi Linisha, can you please first state what versio nof ovirt you're using?
Second, looks like for some reason your example.com domain cannot be found. 
can you please try and
dig _ldap._tcp.example.com 

and 

dig _kerberos._tcp.example.com

and provide us the results?

Many thanks,
Yair


 
 
 
 
 DISCLAIMER: The information contained in this communication, including any
 attachments (‘email’) is privileged, confidential or otherwise protected by
 disclosure and is intended only for the individuals or entities named above
 and any others who have been specifically authorized to receive it. Any
 unauthorized dissemination, copying or use of the contents of this email is
 strictly prohibited and may be in violation of law. If you are not the
 intended recipient, please do not read, copy and use or disclose to others
 the contents of this communication. Please notify the sender that you have
 received this e-mail in error by replying to this e-mail copying to
 i...@cms.com and thereafter please delete the e-mail from your system.
 Nothing contained in this disclaimer shall be construed in any way to grant
 permission to transmit confidential information via CMS Group’s e-mail
 system or as a waiver of any confidentiality or privilege. CMS Info Systems
 Pvt. Ltd. (including its group companies) shall not be liable for the
 improper or incomplete transmission of the information contained in this
 communication nor for any delay in its receipt or damage to your system. You
 will appreciate that e-mail transmission cannot be guaranteed to be secure
 or error-free as its contents are susceptible to loss, damage, interception,
 destruction, etc. Before opening any attachments please check them for
 viruses and defects. Please note that any views or opinions presented in
 this email are those of the author and do not necessarily represent those of
 CMS Info Systems Pvt. Ltd. (including its group companies).
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] [RFI] oVirt 3.6 Planning

2014-09-15 Thread Yair Zaslavsky
Switch our providers (i.e - neutron) to extapi based extensions.



- Original Message -
 From: Itamar Heim ih...@redhat.com
 To: users@ovirt.org
 Sent: Friday, September 12, 2014 3:22:41 PM
 Subject: [ovirt-users] [RFI] oVirt 3.6 Planning
 
 With oVirt 3.5 nearing GA, time to ask for what do you want to see in
 oVirt 3.6?
 
 Thanks,
 Itamar
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Engine Hardware Crash

2014-09-10 Thread Yair Zaslavsky
Just to make sure, this means that when it comes to file system , etc.. you 
also have your storage resources available, right?

You lost the engine with the db, am I correct ?

I'm CCing someone that might have the exact answer for that.


- Original Message -
 From: Maurice James mja...@media-node.com
 To: users users@ovirt.org
 Sent: Wednesday, September 10, 2014 3:46:35 PM
 Subject: [ovirt-users] Engine Hardware Crash
 
 I just recently had the hardware that acts as the engine crash. I have a
 blinking amber light on the server. I have servers on the remaining hosts.
 How do I, or can I use vdsm to interact with the VMs that are still present
 on those hosts without the engine?
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] adding machine to openldap + kerberos with a keytab

2014-09-10 Thread Yair Zaslavsky


- Original Message -
 From: William Law w...@stanford.edu
 To: users users@ovirt.org
 Sent: Thursday, September 11, 2014 1:53:04 AM
 Subject: [ovirt-users] adding machine to openldap + kerberos with a keytab
 
 Hi,
 
 When I try to use engine-manage-domains it seems to expect an account to sign
 in with.  Is there any way to use a key tab?  It seems like it does all this
 under the surface eventually; I'd just like to do it up front.
 
 Even a pointer to manual adding instructions would be very helpful.
 
 Thanks,
 
 Will

Hi Will,
No way to perform this with manage domains at the moment.

Not sure if we will invest in this, as in oVirt 3.5 we introduce a pluggable 
architecture for AAA, based on extensions + configuration files 
managed-domains should be used to support existing setups that will undergo 
upgrade to 3.5 (or of course, will remain in their current versions).

 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] adding machine to openldap + kerberos with a keytab

2014-09-10 Thread Yair Zaslavsky


- Original Message -
 From: William Law w...@stanford.edu
 To: Yair Zaslavsky yzasl...@redhat.com
 Cc: users users@ovirt.org
 Sent: Thursday, September 11, 2014 2:11:08 AM
 Subject: Re: [ovirt-users] adding machine to openldap + kerberos with a keytab
 
 OK, thanks.  Is there a way to perform it without manage-domains currently or
 in 3.5?

in 3.5  - you can add new authn (authentication) and authz (authorization) 
providers by using configuration files.

 
 Regards,
 
 Will
 
 On Sep 10, 2014, at 4:07 PM, Yair Zaslavsky yzasl...@redhat.com wrote:
 
  
  
  - Original Message -
  From: William Law w...@stanford.edu
  To: users users@ovirt.org
  Sent: Thursday, September 11, 2014 1:53:04 AM
  Subject: [ovirt-users] adding machine to openldap + kerberos with a keytab
  
  Hi,
  
  When I try to use engine-manage-domains it seems to expect an account to
  sign
  in with.  Is there any way to use a key tab?  It seems like it does all
  this
  under the surface eventually; I'd just like to do it up front.
  
  Even a pointer to manual adding instructions would be very helpful.
  
  Thanks,
  
  Will
  
  Hi Will,
  No way to perform this with manage domains at the moment.
  
  Not sure if we will invest in this, as in oVirt 3.5 we introduce a
  pluggable architecture for AAA, based on extensions + configuration files
  managed-domains should be used to support existing setups that will undergo
  upgrade to 3.5 (or of course, will remain in their current versions).
  
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
  
 
 
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Ovirt and Fedora 20

2014-08-26 Thread Yair Zaslavsky


- Original Message -
 From: Jamie Bohr jamieb...@gmail.com
 To: Users@ovirt.org
 Sent: Wednesday, August 27, 2014 5:59:07 AM
 Subject: [ovirt-users] Ovirt and Fedora 20
 
 I followed the instructions on
 http://www.ovirt.org/Quick_Start_Guide#Install_oVirt_Engine_.28Fedora_.2F_Red_Hat_Enterprise_Linux_.2F_CentOS.29
 for installing ovirt on a Fedora 20 instance.  I
 expanded jboss-as-web-7.0.2.Final into /opt/jboss-as-web-7.0.2.Final and
 ran engine-setup --jboss-home=/opt/jboss-as-web-7.0.2.Final.

Can you please elaborate why this is the jboss version you're using and where 
did you download from?
AFAIK this is not the correct jboss version that should be used, but
jboss-as-7.1.1

Thanks,
Yair


 
 Everything appeared fine however the web interface will not start, the
 following appear in the console.log file:
 
 Could not load Logmanager org.jboss.logmanager
 
 I looked for that error in reference to ovirt but did not find anything
 relevant,  hoping someone on this list can point me in the right direction.
 
 Sorry if this was double posted, it was not in my sent item and it was late
 yesterday when I thought I sent it.
 
 --
 Jamie Bohr
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Ovirt and Fedora 20

2014-08-26 Thread Yair Zaslavsky


- Original Message -
 From: Jamie Bohr jamieb...@gmail.com
 To: Users@ovirt.org
 Sent: Wednesday, August 27, 2014 6:15:48 AM
 Subject: Re: [ovirt-users] Ovirt and Fedora 20
 
 I had an error of Failed to parse configuration of which
 https://bugzilla.redhat.com/show_bug.cgi?id=1062318 indicated to download
 http://download.jboss.org/jbossas/7.1/jboss-as-7.1.1.Final/jboss-as-7.1.1.Final.zip

Hi Jamie,
Your setup indicates you're trying to setup to some other version, and not 
jboss-as-7.1.1
As you wrote , you ran -
engine-setup --jboss-home=/opt/jboss-as-web-7.0.2.Final

Therefore I suggest to try and install the correct jboss version and run setup 
again.
I hope this helps,
Yair


 .
 
 
 On Tue, Aug 26, 2014 at 9:59 PM, Jamie Bohr jamieb...@gmail.com wrote:
 
  I followed the instructions on
  http://www.ovirt.org/Quick_Start_Guide#Install_oVirt_Engine_.28Fedora_.2F_Red_Hat_Enterprise_Linux_.2F_CentOS.29
  for installing ovirt on a Fedora 20 instance.  I
  expanded jboss-as-web-7.0.2.Final into /opt/jboss-as-web-7.0.2.Final and
  ran engine-setup --jboss-home=/opt/jboss-as-web-7.0.2.Final.
 
  Everything appeared fine however the web interface will not start, the
  following appear in the console.log file:
 
  Could not load Logmanager org.jboss.logmanager
 
  I looked for that error in reference to ovirt but did not find anything
  relevant,  hoping someone on this list can point me in the right direction.
 
  Sorry if this was double posted, it was not in my sent item and it was
  late yesterday when I thought I sent it.
 
  --
  Jamie Bohr
 
 
 
 
 --
 Jamie Bohr
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] HELP - Storage Domains dot not active anymore.

2014-08-25 Thread Yair Zaslavsky


- Original Message -
 From: Fagner Patricio fagner.patri...@gmail.com
 To: users users@ovirt.org
 Sent: Monday, August 25, 2014 5:04:17 PM
 Subject: [ovirt-users] HELP - Storage Domains dot not active anymore.
 
 Hello everybody, i have a big trouble here.
 After a reboot in my ovirt datacenter two of three storage domain do not
 active anymore.
 I have very important VM in there.
 
 What can i do, please help me.
 
 Whats log I search for a clue what is going on?

You should search engine.log and vdsm.log

Is it possible you send us the logs to help you out?

Thanks,
Yair

 
 The storage domains are fedora 20 machines with tgtd service on it.
 
 --
 Fagner Patrício
 João Pessoa - PB
 Brasil
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] HELP - Storage Domains dot not active anymore.

2014-08-25 Thread Yair Zaslavsky


- Original Message -
 From: Fagner Patricio fagner.patri...@gmail.com
 To: users users@ovirt.org
 Sent: Monday, August 25, 2014 5:29:50 PM
 Subject: Re: [ovirt-users] HELP - Storage Domains dot not active anymore.
 
 Here my logs
 
 vdms.log
 
 https://mega.co.nz/#!8EJRWSLC!AhYjR0_jplgjl4alK_L8LaRdoofH3bslAS4slUZilkE
 
 engine.log
 
 https://mega.co.nz/#!1dwQ1RqB!9jHMdwM-6hxYoWavioFjEzvoO39MdSQnw1axuVDw9Ig
 
 Thanks for any help.


From a quick glance I can see you had some connectivity issues with your vdsm 
host? this is probably the reboot you refer to.
After that I see at engine log the following -

OneVGReturnForXmlRpc [mStatus=StatusForXmlRpc [mCode=506, mMessage=Volume Group 
does not exist: ('vg_uuid: 7OKSEI-SprM-3NlZ-dl5y-4vTp-2mFd-zrcPY7',)]]

Looks like you have an issue with one of your VGs?

CC'ing someone who might be more of a help


 
 
 
 2014-08-25 11:06 GMT-03:00 Yair Zaslavsky yzasl...@redhat.com:
 
 
 
  - Original Message -
   From: Fagner Patricio fagner.patri...@gmail.com
   To: users users@ovirt.org
   Sent: Monday, August 25, 2014 5:04:17 PM
   Subject: [ovirt-users] HELP - Storage Domains dot not active anymore.
  
   Hello everybody, i have a big trouble here.
   After a reboot in my ovirt datacenter two of three storage domain do not
   active anymore.
   I have very important VM in there.
  
   What can i do, please help me.
  
   Whats log I search for a clue what is going on?
 
  You should search engine.log and vdsm.log
 
  Is it possible you send us the logs to help you out?
 
  Thanks,
  Yair
 
  
   The storage domains are fedora 20 machines with tgtd service on it.
  
   --
   Fagner Patrício
   João Pessoa - PB
   Brasil
  
   ___
   Users mailing list
   Users@ovirt.org
   http://lists.ovirt.org/mailman/listinfo/users
  
 
 
 
 
 --
 Fagner Patrício
 João Pessoa - PB
 Brasil
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] ovirt with 389 server inactive groups

2014-08-17 Thread Yair Zaslavsky


- Original Message -
 From: Paul Robert Marino prmari...@gmail.com
 To: Yair Zaslavsky yzasl...@redhat.com
 Cc: Itamar Heim ih...@redhat.com, users@ovirt.org
 Sent: Sunday, August 17, 2014 4:33:30 PM
 Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
 
 here are the results of the queries you asked for
 
 
 group_ids
 
   |
 
  groups
 
 ---+-
 -
 
  
 ----,----,----,----,----,----
 | core.ux.medi
 a.cbs.net/groups/sysadmin,domain here/groups/pmarino,domain
 here/groups/pd managers,domain here/groups/qa managers,domain
 here/groups/accounting managers,domain here/directory administrat
 ors
 (1 row)
 
 
 engine=# select id, name from ad_groups;
   id  | name
 --+---
  eee0----123456789eee | Everyone
  2a8a8401-fc9e-11e3-8742-861538ea406a | domain here/Groups/sysadmin
 (2 rows)

It does look that there is something wrong in the association of users to their 
group IDS.
Just to make sure I'm not missing anything -
Did you first add the goup, and then added users (that belong to a group) 
either by adding users, or by adding a permission?

Yair

 
 
 
 On Wed, Aug 13, 2014 at 10:49 PM, Yair Zaslavsky yzasl...@redhat.com wrote:
 
 
  - Original Message -
  From: Paul Robert Marino prmari...@gmail.com
  To: Yair Zaslavsky yzasl...@redhat.com
  Cc: Itamar Heim ih...@redhat.com, users@ovirt.org
  Sent: Wednesday, August 13, 2014 11:47:40 PM
  Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
 
  Ok so before I open a bug ticket I want to confirm I'm not doing any
  thing wrong here.
  I upgraded to 3.4
  now it says Active:false  on LDAP groups.
 
  Again I tried to add the sysadmin group from the directory server and
  set the power user and super user roles on the group
  it shows up as domain name/Groups/sysadmin
  I adder the permisions by clicking on the configure link on the top of
  the screen and set them in the System Permissions tab
 
  Sounds good so far.
  I assume also you see the permissiosn in the permissions sub tab when you
  click the group.
 
 
  I added a user (pmarino) to the system which shows in the Directory
  Group tab shows sysadmingroups   domian name among others
  however it only shows in the Permissions tab the permissions inherited
  by Everyone it does not show any permissions inherited by the
  sysadmin group.
 
  This is not good - I mean, should have worked.
 
 
  just to prove it didnt work I logged out and attempted to log back in
  as the user (pmarino) it wouldn't let me log in
 
  I logged back in as the internal admin user then I added the SuperUser
  permissions directly to the pmarino account and logged back out again.
  Now when I logged in as pmarino it gave me the access I expected.
 
  Can I please ask you to provide some database info ?
 
  It will be awesome if you can provide the following SQL queries results -
 
  select group_ids, groups from users where username ilike '%pmarino%';
 
  In addition, please perform - select id, name from ad_groups;
 
  Thanks for your help.
 
  P.S - As far as I understand the two bugs mentioend by Itamar (I mean, the
  solution to the bugs) should have fixed your issue as well.
 
 
 
 
 
 
  Here is the relevant portion of the engine log
  
  2014-08-13 16:00:38,801 INFO
  [org.ovirt.engine.core.bll.AddGroupCommand] (ajp-/127.0.0.1:8702-5)
  [1e7fa420] Running command: AddGroupCommand internal: false. Entities
  affected :  ID: aaa0----123456789aaa Type: System
  2014-08-13 16:00:38,813 INFO
  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
  (ajp-/127.0.0.1:8702-5) [1e7fa420] Correlation ID: 1e7fa420, Call
  Stack: null, Custom Event ID: -1, Message: User 'domain
  name/Groups/sysadmin' was added successfully to the system.
  2014-08-13 16:09:01,352 INFO
  [org.ovirt.engine.core.bll.AddSystemPermissionCommand]
  (org.ovirt.thread.pool-4-thread-24) [75cab17c] Running command:
  AddSystemPermissionCommand internal: false. Entities affected :  ID:
  aaa0----123456789aaa Type: System,  ID:
  aaa0----123456789aaa Type: System
  2014-08-13 16:09

Re: [ovirt-users] ovirt with 389 server inactive groups

2014-08-17 Thread Yair Zaslavsky


- Original Message -
 From: Paul Robert Marino prmari...@gmail.com
 To: Yair Zaslavsky yzasl...@redhat.com
 Cc: users@ovirt.org
 Sent: Sunday, August 17, 2014 6:32:15 PM
 Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
 
 I think we now have enough for a proper ticket.
 I will create one latter today. also since I have RHEV support for my
 production instances I will also create a matching case with Red Hat.

Thank you very much for your help here!
Please add a link to this mailing list thread when you open the ticket.

Many thanks,
Yair

 
 
 
 On Sun, Aug 17, 2014 at 11:27 AM, Paul Robert Marino
 prmari...@gmail.com wrote:
  Ok
  I dug in a little further it looks like them memberof plugin in 389
  server is making them lowercase which from an LDAP and or Posix
  perspective is not a problem but this seems to be the root cause of
  the issue of the difference.
  while this behavior is strange it is not invalid because DN's are case
  insensitive.
 
  The easiest way to fix this is to change the query of the group from
  the ad_groups table to an ilike. The potential problem here is it
  conflicts with SAM in windows where group names are case sensitive.
  This is definitely a conflict in design between AD and LDAP's core design.
  Interestingly I can add roles to the group and there is no problem it
  sets it correctly so somewhere else in the code an ilike is being uses
  to query the groups table.
 
 
  On Sun, Aug 17, 2014 at 11:05 AM, Paul Robert Marino
  prmari...@gmail.com wrote:
  I found why the group_ids field is wrong
 
  If you look at the ad_groups table then mane for the group is domain
  here/Groups/sysadmin however if you look at the groups field in the
  users table it says domain here/groups/sysadmin
  I tried updating the name field in the ad_groups table to match
  domain here/groups/sysadmin then removed and added a user now the
  if for that group in the group_ids field is being set correctly.
 
  This is at least a usable workaround for now. now we need to find the
  root cause.
 
 
  On Sun, Aug 17, 2014 at 10:39 AM, Paul Robert Marino
  prmari...@gmail.com wrote:
  confirmed that does seem to be the cause I updated the group_ids field
  of a user to the appropriate Id's from ad_groups and it fixed that
  user.
  in answer to your question Did you first add the goup, and then added
  users (that belong to a group) either by adding users, or by adding a
  permission? Ive tried it ever different way I can think of the
  results are always the same.
 
 
  On Sun, Aug 17, 2014 at 9:46 AM, Yair Zaslavsky yzasl...@redhat.com
  wrote:
 
 
  - Original Message -
  From: Paul Robert Marino prmari...@gmail.com
  To: Yair Zaslavsky yzasl...@redhat.com
  Cc: Itamar Heim ih...@redhat.com, users@ovirt.org
  Sent: Sunday, August 17, 2014 4:33:30 PM
  Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
 
  here are the results of the queries you asked for
 
 
  group_ids
 
|
 
   groups
 
  ---+-
  -
  
   
  ----,----,----,----,----,----
  | domain here/groups/sysadmin,domain here/groups/pmarino,domain
  here/groups/pd managers,domain here/groups/qa managers,domain
  here/groups/accounting managers,domain here/directory administrat
  ors
  (1 row)
 
 
  engine=# select id, name from ad_groups;
id  | name
  --+---
   eee0----123456789eee | Everyone
   2a8a8401-fc9e-11e3-8742-861538ea406a | domain here/Groups/sysadmin
  (2 rows)
 
  It does look that there is something wrong in the association of users
  to their group IDS.
  Just to make sure I'm not missing anything -
  Did you first add the goup, and then added users (that belong to a
  group) either by adding users, or by adding a permission?
 
  Yair
 
 
 
 
  On Wed, Aug 13, 2014 at 10:49 PM, Yair Zaslavsky yzasl...@redhat.com
  wrote:
  
  
   - Original Message -
   From: Paul Robert Marino prmari...@gmail.com
   To: Yair Zaslavsky yzasl...@redhat.com
   Cc: Itamar Heim ih...@redhat.com, users@ovirt.org
   Sent: Wednesday, August 13, 2014 11:47:40 PM
   Subject: Re: [ovirt-users] ovirt with 389 server inactive groups

Re: [ovirt-users] ovirt with 389 server inactive groups

2014-08-13 Thread Yair Zaslavsky


- Original Message -
 From: Paul Robert Marino prmari...@gmail.com
 To: Yair Zaslavsky yzasl...@redhat.com
 Cc: Itamar Heim ih...@redhat.com, users@ovirt.org
 Sent: Wednesday, August 13, 2014 11:47:40 PM
 Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
 
 Ok so before I open a bug ticket I want to confirm I'm not doing any
 thing wrong here.
 I upgraded to 3.4
 now it says Active:false  on LDAP groups.
 
 Again I tried to add the sysadmin group from the directory server and
 set the power user and super user roles on the group
 it shows up as domain name/Groups/sysadmin
 I adder the permisions by clicking on the configure link on the top of
 the screen and set them in the System Permissions tab

Sounds good so far.
I assume also you see the permissiosn in the permissions sub tab when you click 
the group.

 
 I added a user (pmarino) to the system which shows in the Directory
 Group tab shows sysadmingroups   domian name among others
 however it only shows in the Permissions tab the permissions inherited
 by Everyone it does not show any permissions inherited by the
 sysadmin group.

This is not good - I mean, should have worked.

 
 just to prove it didnt work I logged out and attempted to log back in
 as the user (pmarino) it wouldn't let me log in
 
 I logged back in as the internal admin user then I added the SuperUser
 permissions directly to the pmarino account and logged back out again.
 Now when I logged in as pmarino it gave me the access I expected.

Can I please ask you to provide some database info ?

It will be awesome if you can provide the following SQL queries results -

select group_ids, groups from users where username ilike '%pmarino%';

In addition, please perform - select id, name from ad_groups;

Thanks for your help.

P.S - As far as I understand the two bugs mentioend by Itamar (I mean, the 
solution to the bugs) should have fixed your issue as well.



 
 
 
 Here is the relevant portion of the engine log
 
 2014-08-13 16:00:38,801 INFO
 [org.ovirt.engine.core.bll.AddGroupCommand] (ajp-/127.0.0.1:8702-5)
 [1e7fa420] Running command: AddGroupCommand internal: false. Entities
 affected :  ID: aaa0----123456789aaa Type: System
 2014-08-13 16:00:38,813 INFO
 [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
 (ajp-/127.0.0.1:8702-5) [1e7fa420] Correlation ID: 1e7fa420, Call
 Stack: null, Custom Event ID: -1, Message: User 'domain
 name/Groups/sysadmin' was added successfully to the system.
 2014-08-13 16:09:01,352 INFO
 [org.ovirt.engine.core.bll.AddSystemPermissionCommand]
 (org.ovirt.thread.pool-4-thread-24) [75cab17c] Running command:
 AddSystemPermissionCommand internal: false. Entities affected :  ID:
 aaa0----123456789aaa Type: System,  ID:
 aaa0----123456789aaa Type: System
 2014-08-13 16:09:01,371 INFO
 [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
 (org.ovirt.thread.pool-4-thread-24) [75cab17c] Correlation ID:
 75cab17c, Call Stack: null, Custom Event ID: -1, Message: User/Group
 domain name/Groups/sysadmin was granted permission for Role
 SuperUser on System by admin.
 2014-08-13 16:10:40,963 INFO
 [org.ovirt.engine.core.bll.AddSystemPermissionCommand]
 (org.ovirt.thread.pool-4-thread-26) [b42abcb] Running command:
 AddSystemPermissionCommand internal: false. Entities affected :  ID:
 aaa0----123456789aaa Type: System,  ID:
 aaa0----123456789aaa Type: System
 2014-08-13 16:10:40,979 INFO
 [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
 (org.ovirt.thread.pool-4-thread-26) [b42abcb] Correlation ID: b42abcb,
 Call Stack: null, Custom Event ID: -1, Message: User/Group domain
 name/Groups/sysadmin was granted permission for Role PowerUserRole on
 System by admin.
 2014-08-13 16:20:53,891 INFO
 [org.ovirt.engine.core.bll.AddUserCommand] (ajp-/127.0.0.1:8702-4)
 [58e00be1] Running command: AddUserCommand internal: false. Entities
 affected :  ID: aaa0----123456789aaa Type: System
 2014-08-13 16:20:53,919 INFO
 [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
 (ajp-/127.0.0.1:8702-4) [58e00be1] Correlation ID: 58e00be1, Call
 Stack: null, Custom Event ID: -1, Message: User 'pmarino' was added
 successfully to the system.
 2014-08-13 16:35:52,202 INFO
 [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
 (ajp-/127.0.0.1:8702-10) Correlation ID: null, Call Stack: null,
 Custom Event ID: -1, Message: User pmarino failed to log in.
 2014-08-13 16:35:52,202 WARN
 [org.ovirt.engine.core.bll.LoginAdminUserCommand]
 (ajp-/127.0.0.1:8702-10) CanDoAction of action LoginAdminUser failed.
 Reasons:USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
 2014-08-13 16:39:48,048 INFO
 [org.ovirt.engine.core.bll.AddSystemPermissionCommand]
 (org.ovirt.thread.pool-4-thread-31) [5ba3c874] Running command:
 AddSystemPermissionCommand internal: false. Entities affected :  ID

Re: [ovirt-users] ovirt with 389 server inactive groups

2014-08-11 Thread Yair Zaslavsky


- Original Message -
 From: Alon Bar-Lev alo...@redhat.com
 To: Maurice James mja...@media-node.com
 Cc: users@ovirt.org
 Sent: Saturday, August 9, 2014 9:33:16 AM
 Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
 
 
 
 - Original Message -
  From: Maurice James mja...@media-node.com
  To: Alon Bar-Lev alo...@redhat.com
  Cc: Itamar Heim ih...@redhat.com, users@ovirt.org
  Sent: Saturday, August 9, 2014 3:47:04 AM
  Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
  
  Does this still require the use of kerberos? Will 389-ds work on its own?
 
 In 3.5 we introduced pure ldap support[1], obsoleting the kerberos/ldap mix.
 
 It will be great to receive feedback[2].
 
 389ds is not supported directly, I think it is similar to IPA as it uses 389.
 Maybe I should rename the profile of ipa to 389 if it works properly.
 

Sorry for the very late response, I was on PTO -
Prior to 3.5 - 389ds was supported via the RHDS provider 
AFAIK,
389ds is upstream version for RHDS...

 Regards,
 Alon
 
 [1]
 http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=master
 [2] http://lists.ovirt.org/pipermail/devel/2014-August/008367.html
 
  
  - Original Message -
  From: Alon Bar-Lev alo...@redhat.com
  To: Itamar Heim ih...@redhat.com
  Cc: users@ovirt.org
  Sent: Friday, August 8, 2014 3:45:07 PM
  Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
  
  
  
  - Original Message -
   From: Itamar Heim ih...@redhat.com
   To: Paul Robert Marino prmari...@gmail.com, users@ovirt.org
   Sent: Friday, August 8, 2014 10:37:11 PM
   Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
   
   On 08/07/2014 07:06 PM, Paul Robert Marino wrote:
I have ovirt engine running and connected to a 389 server with the
memberof plugin enabled and working properly.
   
I can add users and assign them to roles without any issues.
   
when I look at a user I can see all the LDAP groups they are a member
of.
   
when I run engine-manage-domains  -action=validate it tells me the
domain is valid.
   
here is my problem when I try to assign a role to an LDAP group it
looks like it works but in the general tab when under the group it
tells me the status is Inactive.
   
dose any one know how to enable the group?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
   
   
   3.4 or new 3.5 Generic LDAP provider?
  
  
  On case this is 3.5 it is known issue, all groups will be seen as inactive,
  this field will probably be removed from UI, as groups are no longer
  fetched
  periodically.
  This field is totally ignored.
  
  Alon
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
  
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] ovirt with 389 server inactive groups

2014-08-11 Thread Yair Zaslavsky
I have checked the codebase of 3.3 -
the active field is used for presentation purpose only.
Alon has addressed our plans for this in his previous comments.
I hope this clarifies more..

Yair


- Original Message -
 From: Itamar Heim ih...@redhat.com
 To: Alon Bar-Lev alo...@redhat.com, Paul Robert Marino 
 prmari...@gmail.com
 Cc: users@ovirt.org
 Sent: Sunday, August 10, 2014 11:54:05 PM
 Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
 
 On 08/10/2014 10:50 PM, Alon Bar-Lev wrote:
 
 
  - Original Message -
  From: Paul Robert Marino prmari...@gmail.com
  To: Alon Bar-Lev alo...@redhat.com
  Cc: Maurice James mja...@media-node.com, users@ovirt.org
  Sent: Sunday, August 10, 2014 10:43:14 PM
  Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
 
  Sorry for my delayed response to this
 
  I am using ovirt 3.3.
  I am using Kerberos 5, and all of the DNS requirements are in place.
  Finally 389 server is the upstream project for RHDS and one of the
  upstream projects for IPA.
  So I chose to set it as RHDS because its an identical match.
 
  User authentication works just fine my problem is adding roles to groups.
  I can assign a role to a group but the group always shows an inactive
  status; however if I assign a role directly to to a user it works
  fine.
  In addition if I drill down into a user it knows what groups in the
  389 server the user is a member of.
 
  finally I can't see any error in the logs when adding a role to a group
 
 
  Please open a bug, I am unsure that it will be addressed before 3.5, as we
  have done major rework for the authentication and authorization to make it
  much more versatile. Even if there will be a fix it will be provided to
  3.4.z.
 
  It will be best if you want to test this scenario in 3.5 release candidate
  and the new ldap provider, so we can address the issue before 3.5 release
  if exists.
 
 
 could also be one of these fixed in 3.4:
 3.4.0 - Bug 1065615 - When adding a user that belongs to a group, it
 does not inherit the group permissions
 3.4.1 - Bug 1069562 - When assigning permissions to user that belongs to
 a group indirectly, it does not inherit the group permissions
 
 
 
  On Sat, Aug 9, 2014 at 2:33 AM, Alon Bar-Lev alo...@redhat.com wrote:
 
 
  - Original Message -
  From: Maurice James mja...@media-node.com
  To: Alon Bar-Lev alo...@redhat.com
  Cc: Itamar Heim ih...@redhat.com, users@ovirt.org
  Sent: Saturday, August 9, 2014 3:47:04 AM
  Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
 
  Does this still require the use of kerberos? Will 389-ds work on its
  own?
 
  In 3.5 we introduced pure ldap support[1], obsoleting the kerberos/ldap
  mix.
 
  It will be great to receive feedback[2].
 
  389ds is not supported directly, I think it is similar to IPA as it uses
  389. Maybe I should rename the profile of ipa to 389 if it works
  properly.
 
  Regards,
  Alon
 
  [1]
  http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=master
  [2] http://lists.ovirt.org/pipermail/devel/2014-August/008367.html
 
 
  - Original Message -
  From: Alon Bar-Lev alo...@redhat.com
  To: Itamar Heim ih...@redhat.com
  Cc: users@ovirt.org
  Sent: Friday, August 8, 2014 3:45:07 PM
  Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
 
 
 
  - Original Message -
  From: Itamar Heim ih...@redhat.com
  To: Paul Robert Marino prmari...@gmail.com, users@ovirt.org
  Sent: Friday, August 8, 2014 10:37:11 PM
  Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
 
  On 08/07/2014 07:06 PM, Paul Robert Marino wrote:
  I have ovirt engine running and connected to a 389 server with the
  memberof plugin enabled and working properly.
 
  I can add users and assign them to roles without any issues.
 
  when I look at a user I can see all the LDAP groups they are a member
  of.
 
  when I run engine-manage-domains  -action=validate it tells me the
  domain is valid.
 
  here is my problem when I try to assign a role to an LDAP group it
  looks like it works but in the general tab when under the group it
  tells me the status is Inactive.
 
  dose any one know how to enable the group?
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
 
 
  3.4 or new 3.5 Generic LDAP provider?
 
 
  On case this is 3.5 it is known issue, all groups will be seen as
  inactive,
  this field will probably be removed from UI, as groups are no longer
  fetched
  periodically.
  This field is totally ignored.
 
  Alon
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
 
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
 
  ___
  Users mailing list
  

Re: [ovirt-users] ovirt with 389 server inactive groups

2014-08-11 Thread Yair Zaslavsky


- Original Message -
 From: Yair Zaslavsky yzasl...@redhat.com
 To: Itamar Heim ih...@redhat.com
 Cc: users@ovirt.org
 Sent: Monday, August 11, 2014 8:13:53 PM
 Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
 
 I have checked the codebase of 3.3 -
 the active field is used for presentation purpose only.

Presentation wise only - means that it is not used for our permissions 
calculation , for example.

 Alon has addressed our plans for this in his previous comments.
 I hope this clarifies more..
 
 Yair
 
 
 - Original Message -
  From: Itamar Heim ih...@redhat.com
  To: Alon Bar-Lev alo...@redhat.com, Paul Robert Marino
  prmari...@gmail.com
  Cc: users@ovirt.org
  Sent: Sunday, August 10, 2014 11:54:05 PM
  Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
  
  On 08/10/2014 10:50 PM, Alon Bar-Lev wrote:
  
  
   - Original Message -
   From: Paul Robert Marino prmari...@gmail.com
   To: Alon Bar-Lev alo...@redhat.com
   Cc: Maurice James mja...@media-node.com, users@ovirt.org
   Sent: Sunday, August 10, 2014 10:43:14 PM
   Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
  
   Sorry for my delayed response to this
  
   I am using ovirt 3.3.
   I am using Kerberos 5, and all of the DNS requirements are in place.
   Finally 389 server is the upstream project for RHDS and one of the
   upstream projects for IPA.
   So I chose to set it as RHDS because its an identical match.
  
   User authentication works just fine my problem is adding roles to
   groups.
   I can assign a role to a group but the group always shows an inactive
   status; however if I assign a role directly to to a user it works
   fine.
   In addition if I drill down into a user it knows what groups in the
   389 server the user is a member of.
  
   finally I can't see any error in the logs when adding a role to a group
  
  
   Please open a bug, I am unsure that it will be addressed before 3.5, as
   we
   have done major rework for the authentication and authorization to make
   it
   much more versatile. Even if there will be a fix it will be provided to
   3.4.z.
  
   It will be best if you want to test this scenario in 3.5 release
   candidate
   and the new ldap provider, so we can address the issue before 3.5 release
   if exists.
  
  
  could also be one of these fixed in 3.4:
  3.4.0 - Bug 1065615 - When adding a user that belongs to a group, it
  does not inherit the group permissions
  3.4.1 - Bug 1069562 - When assigning permissions to user that belongs to
  a group indirectly, it does not inherit the group permissions
  
  
  
   On Sat, Aug 9, 2014 at 2:33 AM, Alon Bar-Lev alo...@redhat.com wrote:
  
  
   - Original Message -
   From: Maurice James mja...@media-node.com
   To: Alon Bar-Lev alo...@redhat.com
   Cc: Itamar Heim ih...@redhat.com, users@ovirt.org
   Sent: Saturday, August 9, 2014 3:47:04 AM
   Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
  
   Does this still require the use of kerberos? Will 389-ds work on its
   own?
  
   In 3.5 we introduced pure ldap support[1], obsoleting the kerberos/ldap
   mix.
  
   It will be great to receive feedback[2].
  
   389ds is not supported directly, I think it is similar to IPA as it
   uses
   389. Maybe I should rename the profile of ipa to 389 if it works
   properly.
  
   Regards,
   Alon
  
   [1]
   http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=master
   [2] http://lists.ovirt.org/pipermail/devel/2014-August/008367.html
  
  
   - Original Message -
   From: Alon Bar-Lev alo...@redhat.com
   To: Itamar Heim ih...@redhat.com
   Cc: users@ovirt.org
   Sent: Friday, August 8, 2014 3:45:07 PM
   Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
  
  
  
   - Original Message -
   From: Itamar Heim ih...@redhat.com
   To: Paul Robert Marino prmari...@gmail.com, users@ovirt.org
   Sent: Friday, August 8, 2014 10:37:11 PM
   Subject: Re: [ovirt-users] ovirt with 389 server inactive groups
  
   On 08/07/2014 07:06 PM, Paul Robert Marino wrote:
   I have ovirt engine running and connected to a 389 server with the
   memberof plugin enabled and working properly.
  
   I can add users and assign them to roles without any issues.
  
   when I look at a user I can see all the LDAP groups they are a
   member
   of.
  
   when I run engine-manage-domains  -action=validate it tells me the
   domain is valid.
  
   here is my problem when I try to assign a role to an LDAP group it
   looks like it works but in the general tab when under the group it
   tells me the status is Inactive.
  
   dose any one know how to enable the group?
   ___
   Users mailing list
   Users@ovirt.org
   http://lists.ovirt.org/mailman/listinfo/users
  
  
   3.4 or new 3.5 Generic LDAP provider?
  
  
   On case this is 3.5 it is known issue, all groups will be seen as
   inactive

Re: [ovirt-users] Relationship bw storage domain uuid/images/children and VM's

2014-07-18 Thread Yair Zaslavsky


- Original Message -
 From: Steve Dainard sdain...@miovision.com
 To: users users@ovirt.org
 Sent: Thursday, July 17, 2014 7:51:31 PM
 Subject: [ovirt-users] Relationship bw storage domain uuid/images/children
 and VM's
 
 Hello,
 
 I'd like to get an understanding of the relationship between VM's using a
 storage domain, and the child directories listed under .../storage domain
 name/storage domain uuid/images/.
 
 Running through some backup scenarios I'm noticing a significant difference
 between the number of provisioned VM's using a storage domain (21) +
 templates (6) versus the number of child directories under images/ (107).

Can you please elaborate (if possible) on the number of images per VM that 
you're having in your setup?

 
 Running RHEV 3.4 trial.
 
 Thanks,
 Steve
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Help....

2014-06-17 Thread Yair Zaslavsky
Please provide full engine.log and full server.log

Thanks!

In addition, what version did you upgrade from?


- Original Message -
 From: Koen Vanoppen vanoppen.k...@gmail.com
 To: users@ovirt.org
 Sent: Wednesday, June 18, 2014 7:55:15 AM
 Subject: [ovirt-users] Help
 
 This happend after the update to 3.4.2 when I start the engine. I can't
 login anymore... This is the error. Any Idea's? PLease
 
 2014-06-18 06:51:45,728 ERROR
 [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo]
 (DefaultQuartzScheduler_Worker-79) ResourceManager::refreshVdsRunTimeInfo:
 Error: IllegalStateException: JBAS011049: Component is stopped, vds =
 b34902ea-ad11-45d3-96ee-47de1864e4e0 : mercury1
 2014-06-18 06:51:45,736 ERROR
 [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo]
 (DefaultQuartzScheduler_Worker-79) IllegalStateException: JBAS011049:
 Component is stopped: java.lang.IllegalStateException: JBAS011049:
 Component is stopped
 at
 org.jboss.as.ee.component.BasicComponent.waitForComponentStart(BasicComponent.java:104)
 [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
 at
 org.jboss.as.ee.component.BasicComponent.constructComponentInstance(BasicComponent.java:127)
 [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
 at
 org.jboss.as.ee.component.BasicComponent.createInstance(BasicComponent.java:85)
 [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
 at
 org.jboss.as.ejb3.component.stateless.StatelessSessionComponent$1.create(StatelessSessionComponent.java:66)
 [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
 at
 org.jboss.as.ejb3.component.stateless.StatelessSessionComponent$1.create(StatelessSessionComponent.java:63)
 [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
 at org.jboss.as.ejb3.pool.AbstractPool.create(AbstractPool.java:60)
 [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
 at
 org.jboss.as.ejb3.pool.strictmax.StrictMaxPool.get(StrictMaxPool.java:123)
 [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
 at
 org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:47)
 [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
 at
 org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
 [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
 at
 org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
 [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
 at
 org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
 [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
 at
 org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
 [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
 at
 org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
 [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
 at
 org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
 [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
 at
 org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
 [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
 at
 org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
 [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
 at
 org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
 [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
 at
 org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
 [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
 at
 org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
 [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
 at
 org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
 [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
 at
 org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
 [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
 at
 org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
 [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
 at
 org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)
 [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
 at
 org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
 [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
 at
 org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
 [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
 at
 org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
 [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
 at
 org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
 [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
 at
 org.ovirt.engine.core.common.businessentities.IVdsEventListener$$$view6.addExternallyManagedVms(Unknown
 Source)
 at
 

Re: [ovirt-users] problem engine-manage-domains add ldap domain

2014-06-12 Thread Yair Zaslavsky
I helped Lucas resolve this over IRC.
This was an issue with his kerberos setup.
Lucas, care to share here what issue did you discover?

Yair


- Original Message -
 From: lucas castro lucascastrobor...@gmail.com
 To: users@ovirt.org
 Sent: Wednesday, June 11, 2014 9:50:48 PM
 Subject: [ovirt-users] problem engine-manage-domains add ldap domain
 
 I'm trying to add a ldap domain to ovirt-engine,
 but getting problem with that.
 
 I sent three files with the engine-manage-domains log
 the krb5 config generated for testing
 and the tcpdump port 53 from my dns server
 
 can anybody help me to find what is happening?
 --
 contatos:
 Celular: ( 99 ) 9143-5954 - Vivo
 skype: lucasd3castro
 msn: lucascastrobor...@hotmail.com
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Delete snapshots

2014-05-10 Thread Yair Zaslavsky
From what I see in the code of the remove snapshot command,
the vm should be in DOWN state in order for the snapshot to be removed (well, 
this is of course just one of the conditions).


- Original Message -
 From: Maurice James mja...@media-node.com
 To: users users@ovirt.org
 Sent: Sunday, May 11, 2014 2:53:39 AM
 Subject: [ovirt-users] Delete snapshots
 
 
 Is it possible to delete snapshots on running VMs?
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Users losing permissions when user portal session times out

2014-05-08 Thread Yair Zaslavsky


- Original Message -
 From: Jeff Clay jeffc...@gmail.com
 To: users@ovirt.org, paul thornton paul.thorn...@infotech-enterprises.com
 Sent: Thursday, May 8, 2014 9:09:00 AM
 Subject: [ovirt-users] Users losing permissions when user portal session  
 times out
 
 I finally have everything working pretty good. I have noticed that if I log
 in to the user portal as a user with the regular UserRole granted and
 only the the pool objects and the user portal session times I can not log
 back in. The user portal shows the message the the user is not authorized
 to perform this function. When I log in as admin and go to users then
 view the permissions for the user I was just logged in as, the user no
 longer shows the UserRole role even though the permissions on the pool
 objects still show the role is granted. I have to delete the user from the
 Users list and logging back in will refresh the permissions. I have ovirt
 integrated with my active directory for logins. I am granting permissions
 based on active directory groups. To grant the permissions, I am selecting
 the object (usually a pool), then selecting the permissions tab and then
 clicking add; I do a search for the group, i click the check box next to
 it and click ok. The group permissions seem to remain on the object when
 the user portal session times out, but the actual user that timed out loses
 all permissions/roles. I have no idea what could be causing this other than
 some sort of bug. Any ideas?
 
 Thanks in advance.

This is a known issue, and IIRC was resolved by Oved.
Oved, am I correct here?

 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Users losing permissions when user portal session times out

2014-05-08 Thread Yair Zaslavsky
Jeff, which ovrit version are you using?
Thanks.


- Original Message -
 From: Yair Zaslavsky yzasl...@redhat.com
 To: Jeff Clay jeffc...@gmail.com
 Cc: Oved Ourfalli ov...@redhat.com, paul thornton 
 paul.thorn...@infotech-enterprises.com, users@ovirt.org
 Sent: Thursday, May 8, 2014 10:05:46 AM
 Subject: Re: [ovirt-users] Users losing permissions when user portal  session 
 times out
 
 
 
 - Original Message -
  From: Jeff Clay jeffc...@gmail.com
  To: users@ovirt.org, paul thornton
  paul.thorn...@infotech-enterprises.com
  Sent: Thursday, May 8, 2014 9:09:00 AM
  Subject: [ovirt-users] Users losing permissions when user portal session
  times out
  
  I finally have everything working pretty good. I have noticed that if I log
  in to the user portal as a user with the regular UserRole granted and
  only the the pool objects and the user portal session times I can not log
  back in. The user portal shows the message the the user is not authorized
  to perform this function. When I log in as admin and go to users then
  view the permissions for the user I was just logged in as, the user no
  longer shows the UserRole role even though the permissions on the pool
  objects still show the role is granted. I have to delete the user from the
  Users list and logging back in will refresh the permissions. I have ovirt
  integrated with my active directory for logins. I am granting permissions
  based on active directory groups. To grant the permissions, I am selecting
  the object (usually a pool), then selecting the permissions tab and then
  clicking add; I do a search for the group, i click the check box next to
  it and click ok. The group permissions seem to remain on the object when
  the user portal session times out, but the actual user that timed out loses
  all permissions/roles. I have no idea what could be causing this other than
  some sort of bug. Any ideas?
  
  Thanks in advance.
 
 This is a known issue, and IIRC was resolved by Oved.
 Oved, am I correct here?
 
  
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
  
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - feature pages

2014-05-05 Thread Yair Zaslavsky


- Original Message -
 From: Gilad Chaplik gchap...@redhat.com
 To: Yair Zaslavsky yzasl...@redhat.com
 Cc: Arthur Berezin abere...@redhat.com, users users@ovirt.org
 Sent: Monday, May 5, 2014 10:57:01 AM
 Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - 
 feature  pages
 
 - Original Message -
  From: Yair Zaslavsky yzasl...@redhat.com
  To: Arthur Berezin abere...@redhat.com
  Cc: Gilad Chaplik gchap...@redhat.com, users users@ovirt.org
  Sent: Monday, May 5, 2014 6:39:02 AM
  Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check -
  feature pages
  
  
  
  - Original Message -
   From: Arthur Berezin abere...@redhat.com
   To: Gilad Chaplik gchap...@redhat.com
   Cc: users users@ovirt.org
   Sent: Sunday, May 4, 2014 5:35:59 PM
   Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check -
   feature   pages
   
   In this case engine periodically checks health of hosts' power management
   as
   HA relies on it.
   
   Arthur
   
   - Original Message -
   
From: Gilad Chaplik gchap...@redhat.com
To: Eli Mesika emes...@redhat.com
Cc: users users@ovirt.org, Arthur Berezin abere...@redhat.com
Sent: Sunday, May 4, 2014 5:26:45 PM
Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check
-
feature pages
   
Hi Eli,
   
Here is my comment :)
Why engine needs to send the status health check, isn't there any 3rd
parties
that does it, that we can integrate with?
If found, it probably has /less (known) bugs/more features/ and it's
already
written, tested, documented, allows further integration and probably
deals
with scale.
   
btw, fixed some typos in your pages :-)
   
Thanks,
Gilad.
  
  Hi, what 3rd party for example do you refer to?
  The PM code already exists at engine,
  And you're also using quartz for scheduling.
  
 
 Yair,
 
 You're are raising some good points, but imo the entire host monitoring (inc
 getVdsStats, etc.) should be externalized.
 There are 2 major issues that we still don't cover:
 - No HA for monitoring, who checks the hosts when the engine is down.
 - No scale - the engine is a bottle-neck in network and compute.
 Although the above is a huge arch change, we need to start somewhere, this
 feature sounds like a candidate to introduce it.
 
 About the examples:
 http://sixrevisions.com/tools/10-free-server-network-monitoring-tools-that-kick-ass/
 The main goal of the feature if my suggestion is taken, is to select to most
 appropriate one.
 
 Thanks,
 Gilad.


Well, Nagios is being considered to be used or used by Gluster guys.
However, it will still require (AFAIK) to code some nagios plugin to perfrom 
the health check.
In addition, you will have to report somehow the state change to engine.
IMHO, this a bit of an overkill (look also at the time that the check is run - 
once in an hour, so it can't be compared to getVmStats).


 
  
   
- Original Message -
 From: Eli Mesika emes...@redhat.com
 To: users users@ovirt.org
 Cc: Arthur Berezin abere...@redhat.com
 Sent: Sunday, May 4, 2014 12:18:47 PM
 Subject: [ovirt-users] oVirt 3.5 : Power Management Health Check -
 feature pages

 Hi

 The following wiki pages were added to the Power Management Health
 Check
 feature planned for oVirt 3.5

 http://www.ovirt.org/Features/PMHealthCheck
 http://www.ovirt.org/Features/Design/DetailedPMHealthCheck

 Your comments/questions are mostly welcomed.

 Thanks
 Eli Mesika
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users

   
   ___
   Users mailing list
   Users@ovirt.org
   http://lists.ovirt.org/mailman/listinfo/users
   
  
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - feature pages

2014-05-05 Thread Yair Zaslavsky


- Original Message -
 From: Gilad Chaplik gchap...@redhat.com
 To: Arthur Berezin abere...@redhat.com
 Cc: users users@ovirt.org, Yair Zaslavsky yzasl...@redhat.com
 Sent: Monday, May 5, 2014 11:52:25 AM
 Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - 
 feature  pages
 
 - Original Message -
  From: Arthur Berezin abere...@redhat.com
  To: Gilad Chaplik gchap...@redhat.com
  Cc: users users@ovirt.org, Yair Zaslavsky yzasl...@redhat.com
  Sent: Monday, May 5, 2014 11:30:24 AM
  Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check -
  feature pages
  
  - Original Message -
  
   From: Yair Zaslavsky yzasl...@redhat.com
   To: Gilad Chaplik gchap...@redhat.com
   Cc: Arthur Berezin abere...@redhat.com, users users@ovirt.org
   Sent: Monday, May 5, 2014 11:10:10 AM
   Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check -
   feature pages
  
   - Original Message -
From: Gilad Chaplik gchap...@redhat.com
To: Yair Zaslavsky yzasl...@redhat.com
Cc: Arthur Berezin abere...@redhat.com, users users@ovirt.org
Sent: Monday, May 5, 2014 10:57:01 AM
Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check
-
feature pages
   
- Original Message -
 From: Yair Zaslavsky yzasl...@redhat.com
 To: Arthur Berezin abere...@redhat.com
 Cc: Gilad Chaplik gchap...@redhat.com, users users@ovirt.org
 Sent: Monday, May 5, 2014 6:39:02 AM
 Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health
 Check
 -
 feature pages



 - Original Message -
  From: Arthur Berezin abere...@redhat.com
  To: Gilad Chaplik gchap...@redhat.com
  Cc: users users@ovirt.org
  Sent: Sunday, May 4, 2014 5:35:59 PM
  Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health
  Check
  -
  feature pages
 
  In this case engine periodically checks health of hosts' power
  management
  as
  HA relies on it.
 
  Arthur
 
  - Original Message -
 
   From: Gilad Chaplik gchap...@redhat.com
   To: Eli Mesika emes...@redhat.com
   Cc: users users@ovirt.org, Arthur Berezin
   abere...@redhat.com
   Sent: Sunday, May 4, 2014 5:26:45 PM
   Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health
   Check
   -
   feature pages
 
   Hi Eli,
 
   Here is my comment :)
   Why engine needs to send the status health check, isn't there any
   3rd
   parties
   that does it, that we can integrate with?
   If found, it probably has /less (known) bugs/more features/ and
   it's
   already
   written, tested, documented, allows further integration and
   probably
   deals
   with scale.
 
   btw, fixed some typos in your pages :-)
 
   Thanks,
   Gilad.

 Hi, what 3rd party for example do you refer to?
 The PM code already exists at engine,
 And you're also using quartz for scheduling.

   
Yair,
   
You're are raising some good points, but imo the entire host monitoring
(inc
getVdsStats, etc.) should be externalized.
There are 2 major issues that we still don't cover:
- No HA for monitoring, who checks the hosts when the engine is down.
- No scale - the engine is a bottle-neck in network and compute.
Although the above is a huge arch change, we need to start somewhere,
this
feature sounds like a candidate to introduce it.
   
About the examples:
http://sixrevisions.com/tools/10-free-server-network-monitoring-tools-that-kick-ass/
The main goal of the feature if my suggestion is taken, is to select to
most
appropriate one.
   
Thanks,
Gilad.
  
   Well, Nagios is being considered to be used or used by Gluster guys.
   However, it will still require (AFAIK) to code some nagios plugin to
   perfrom
   the health check.
   In addition, you will have to report somehow the state change to engine.
   IMHO, this a bit of an overkill (look also at the time that the check is
   run
   - once in an hour, so it can't be compared to getVmStats).
  +1
  These monitoring tools bring a lot of value, and there are some initial
  integrations that we might want to look into[1][2].
  But it's an overkill for this RFE - run PM Check periodically, in
  addition
  to initial PM check at host setup stage.
  
  [1] https://github.com/monitoring-ui-plugin/development
  [2]
  http://exchange.nagios.org/directory/Plugins/Operating-Systems/*-Virtual-Environments/Others/check_rhev3/details
 
 
 -1 on overkill.
 As I mentioned, proper monitoring is a huge feature; it should be gradually
 introduced, IMO this is a good starting point.
 We can look at it as an overkill _or_ as a jumpborad, that will reduce
 learning curve and future integrations issues.

IMHO this will increase also deployment complexity

Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - feature pages

2014-05-04 Thread Yair Zaslavsky


- Original Message -
 From: Arthur Berezin abere...@redhat.com
 To: Gilad Chaplik gchap...@redhat.com
 Cc: users users@ovirt.org
 Sent: Sunday, May 4, 2014 5:35:59 PM
 Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check - 
 feature  pages
 
 In this case engine periodically checks health of hosts' power management as
 HA relies on it.
 
 Arthur
 
 - Original Message -
 
  From: Gilad Chaplik gchap...@redhat.com
  To: Eli Mesika emes...@redhat.com
  Cc: users users@ovirt.org, Arthur Berezin abere...@redhat.com
  Sent: Sunday, May 4, 2014 5:26:45 PM
  Subject: Re: [ovirt-users] oVirt 3.5 : Power Management Health Check -
  feature pages
 
  Hi Eli,
 
  Here is my comment :)
  Why engine needs to send the status health check, isn't there any 3rd
  parties
  that does it, that we can integrate with?
  If found, it probably has /less (known) bugs/more features/ and it's
  already
  written, tested, documented, allows further integration and probably deals
  with scale.
 
  btw, fixed some typos in your pages :-)
 
  Thanks,
  Gilad.

Hi, what 3rd party for example do you refer to?
The PM code already exists at engine,
And you're also using quartz for scheduling.


 
  - Original Message -
   From: Eli Mesika emes...@redhat.com
   To: users users@ovirt.org
   Cc: Arthur Berezin abere...@redhat.com
   Sent: Sunday, May 4, 2014 12:18:47 PM
   Subject: [ovirt-users] oVirt 3.5 : Power Management Health Check -
   feature pages
  
   Hi
  
   The following wiki pages were added to the Power Management Health
   Check
   feature planned for oVirt 3.5
  
   http://www.ovirt.org/Features/PMHealthCheck
   http://www.ovirt.org/Features/Design/DetailedPMHealthCheck
  
   Your comments/questions are mostly welcomed.
  
   Thanks
   Eli Mesika
   ___
   Users mailing list
   Users@ovirt.org
   http://lists.ovirt.org/mailman/listinfo/users
  
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] ovirt 3.4 and FreeIPA authentication

2014-04-30 Thread Yair Zaslavsky

As mentioned by Sven,
As far as I know all these bugs were solved for 3.4.1
However,

if possible, I would like to get the following information -

a. select user_id, username, group_ids from users where username = 
'THE_USER_YOU_TRIED_TO_LOGIN_WITH';
b. select id, name from ad_groups;



- Original Message -
 From: Peter Harris doilooksensi...@gmail.com
 To: Users@ovirt.org
 Sent: Wednesday, April 30, 2014 11:55:04 AM
 Subject: [ovirt-users] ovirt 3.4 and FreeIPA authentication
 
 I have just create an oVirt 3.4 server as part of my test environment prior
 to moving from my production 3.3 environment.
 
 I authenticate against FreeIPA 3.0.0
 
 I generally add a group in IPA, add the permissions in ovirt against the
 group, and then add/remove users from the groups in IPA.
 
 With oVirt3.4, I have justed added my vmadmin IPA group to ovirt, and given
 it the SuperUser role.
 
 I try to log in to oVirt 3.4 as myself (I am in the vmadmin group), and I
 can authenticate fine, but I do not have SuperUser privileges. If I log in
 to my live Ovirt (3.3), I do have SuperUser privileges.
 
 Has something changed? Or is there an extra step I have to take that I have
 missed to propogate privileges.
 
 Thanks
 
 Peter
 
 P.S. All work done in the ovirt Admin portal gui so far, not tried the CLI
 yet.
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] ovirt 3.4 and FreeIPA authentication

2014-04-30 Thread Yair Zaslavsky


- Original Message -
 From: Yair Zaslavsky yzasl...@redhat.com
 To: Peter Harris doilooksensi...@gmail.com
 Cc: Users@ovirt.org, Sven Kieske s.kie...@mittwald.de
 Sent: Wednesday, April 30, 2014 12:19:57 PM
 Subject: Re: [ovirt-users] ovirt 3.4 and FreeIPA authentication
 
 
 As mentioned by Sven,
 As far as I know all these bugs were solved for 3.4.1
 However,
 
 if possible, I would like to get the following information -
 
 a. select user_id, username, group_ids from users where username =
 'THE_USER_YOU_TRIED_TO_LOGIN_WITH';
 b. select id, name from ad_groups;

of course this should be collected from the database.

 
 
 
 - Original Message -
  From: Peter Harris doilooksensi...@gmail.com
  To: Users@ovirt.org
  Sent: Wednesday, April 30, 2014 11:55:04 AM
  Subject: [ovirt-users] ovirt 3.4 and FreeIPA authentication
  
  I have just create an oVirt 3.4 server as part of my test environment prior
  to moving from my production 3.3 environment.
  
  I authenticate against FreeIPA 3.0.0
  
  I generally add a group in IPA, add the permissions in ovirt against the
  group, and then add/remove users from the groups in IPA.
  
  With oVirt3.4, I have justed added my vmadmin IPA group to ovirt, and given
  it the SuperUser role.
  
  I try to log in to oVirt 3.4 as myself (I am in the vmadmin group), and I
  can authenticate fine, but I do not have SuperUser privileges. If I log in
  to my live Ovirt (3.3), I do have SuperUser privileges.
  
  Has something changed? Or is there an extra step I have to take that I have
  missed to propogate privileges.
  
  Thanks
  
  Peter
  
  P.S. All work done in the ovirt Admin portal gui so far, not tried the CLI
  yet.
  
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
  
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Error creating Disks

2014-04-14 Thread Yair Zaslavsky
Hi,
IMHO not enough info is provided,
Can you please provide full engine.log and relevant vdsm.log?

THanks,
Yair


- Original Message -
 From: Maurice James mja...@media-node.com
 To: users@ovirt.org
 Sent: Monday, April 14, 2014 5:00:37 PM
 Subject: [ovirt-users] Error creating Disks
 
 oVirt Engine Version: 3.4.1-0.0.master.20140412010845.git43746c6.el6
 
 
 While attempting to create a disk on an NFS storage domain, it fails with the
 following error in the engine.log
 
 
 
 
 2014-04-14 09:58:12,127 ERROR
 [org.ovirt.engine.core.vdsbroker.vdsbroker.HSMGetAllTasksStatusesVDSCommand]
 (DefaultQuartzScheduler_Worker-72) Failed in HSMGetAllTasksStatusesVDS
 method
 2014-04-14 09:58:12,139 ERROR [org.ovirt.engine.core.bll.SPMAsyncTask]
 (DefaultQuartzScheduler_Worker-72) BaseAsyncTask::LogEndTaskFailure: Task
 ee6ce682-bd76-467a-82d2-d227229cb9de (Parent Command AddDisk, Parameters
 Type org.ovirt.engine.core.common.asynctasks.AsyncTaskParameters) ended with
 failure:
 2014-04-14 09:58:12,159 ERROR [org.ovirt.engine.core.bll.AddDiskCommand]
 (org.ovirt.thread.pool-6-thread-9) [483e53d6] Ending command with failure:
 org.ovirt.engine.core.bll.AddDiskCommand
 2014-04-14 09:58:12,212 ERROR
 [org.ovirt.engine.core.bll.AddImageFromScratchCommand]
 (org.ovirt.thread.pool-6-thread-9) [ab1e0be] Ending command with failure:
 org.ovirt.engine.core.bll.AddImageFromScratchCommand
 
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Error creating Disks

2014-04-14 Thread Yair Zaslavsky
Hi Federico, 
Can you please take a look? 


- Original Message -
 From: Maurice James mja...@media-node.com
 To: Yair Zaslavsky yzasl...@redhat.com
 Cc: users@ovirt.org
 Sent: Monday, April 14, 2014 5:44:44 PM
 Subject: Re: [ovirt-users] Error creating Disks
 
 Logs attached
 
 - Original Message -
 From: Yair Zaslavsky yzasl...@redhat.com
 To: Maurice James mja...@media-node.com
 Cc: users@ovirt.org
 Sent: Monday, April 14, 2014 10:33:03 AM
 Subject: Re: [ovirt-users] Error creating Disks
 
 Hi,
 IMHO not enough info is provided,
 Can you please provide full engine.log and relevant vdsm.log?
 
 THanks,
 Yair
 
 
 - Original Message -
  From: Maurice James mja...@media-node.com
  To: users@ovirt.org
  Sent: Monday, April 14, 2014 5:00:37 PM
  Subject: [ovirt-users] Error creating Disks
  
  oVirt Engine Version: 3.4.1-0.0.master.20140412010845.git43746c6.el6
  
  
  While attempting to create a disk on an NFS storage domain, it fails with
  the
  following error in the engine.log
  
  
  
  
  2014-04-14 09:58:12,127 ERROR
  [org.ovirt.engine.core.vdsbroker.vdsbroker.HSMGetAllTasksStatusesVDSCommand]
  (DefaultQuartzScheduler_Worker-72) Failed in HSMGetAllTasksStatusesVDS
  method
  2014-04-14 09:58:12,139 ERROR [org.ovirt.engine.core.bll.SPMAsyncTask]
  (DefaultQuartzScheduler_Worker-72) BaseAsyncTask::LogEndTaskFailure: Task
  ee6ce682-bd76-467a-82d2-d227229cb9de (Parent Command AddDisk, Parameters
  Type org.ovirt.engine.core.common.asynctasks.AsyncTaskParameters) ended
  with
  failure:
  2014-04-14 09:58:12,159 ERROR [org.ovirt.engine.core.bll.AddDiskCommand]
  (org.ovirt.thread.pool-6-thread-9) [483e53d6] Ending command with failure:
  org.ovirt.engine.core.bll.AddDiskCommand
  2014-04-14 09:58:12,212 ERROR
  [org.ovirt.engine.core.bll.AddImageFromScratchCommand]
  (org.ovirt.thread.pool-6-thread-9) [ab1e0be] Ending command with failure:
  org.ovirt.engine.core.bll.AddImageFromScratchCommand
  
  
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
  
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] does SPM can run over ovirt-engine host ?

2014-04-14 Thread Yair Zaslavsky
Hi Tamer,
Are you familiar with the all in one feature?

http://www.ovirt.org/Feature/AllInOne

I'm not sure if this can help you now, as you probably  don't want to 
re-install ovirt, right?


- Original Message -
 From: Tamer Lima tamer.amer...@gmail.com
 To: users@ovirt.org
 Sent: Monday, April 14, 2014 5:13:12 PM
 Subject: [ovirt-users] does SPM can run over ovirt-engine host ?
 
 Hello,
 
 When I create virtual machine from a template (centos6.5, 2 cores, 8GB mem,
 500GB hd)  this process takes almost 2 hours.   I click on New VM button
 and just select the template and click ok.
 
 engine.log show me high network consumption (98%)  between  engine-server
 host and SPM host.
 
 I tried to make my engine-server host a spm host too, but without sucess.
 
 
 Does SPM can run over on the same ovirt-engine machine ?
 
 Am I make something wrong? Or create VM from template is really slow ?
 
 
 my servers :
 srv-0202  = ovirt-engine  , vdsm
 srv-0203 = spm , vdsm
 srv-0204 = vdsm
 These servers are dell blades connected on a 100GB switch.
 
 
 
 thanks
 
 
 
 
 This is what I know about SPM:
 http://www.ovirt.org/Storage_-_oVirt_workshop_November_2011
 
 = Storage Pool Manager (SPM) A role assigned to one host in a data center
 granting it sole authority over:
 
- Creation, deletion, an dmanipulation of virtula disk images, snapshots
and templates
   - Templates: you can create on VM as a golden image and provision to
   multiple VMs (QCOW layers)
- Allocation of storage for sparse block devices (on SAN)
   - Thin provisinoing (see below)
- Single metadata writer:
   - SPM lease mechanism (Chockler and Malkhi 2004, Light-Weight Leases
   for Storage-Cnntric Coordination)
   - Storage-centric mailbox
- This role can be migrated to any host in data center
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] Disable auth basic in API

2014-04-13 Thread Yair Zaslavsky


- Original Message -
 From: Jose Manuel Marquez Alhambra jm.marq...@ayto-miguelturra.es
 To: users@ovirt.org
 Sent: Saturday, April 12, 2014 12:28:31 AM
 Subject: [ovirt-users] Disable auth basic in API
 
 Hi,
 
 I’m testing a connection broker that uses oVirt's API. At the moment, the
 connection broker doesn’t work because it doesn’t send the basic
 authentication to oVirt's API. I contacted the developers and they're
 investigating the error. While they solve the error, I would like to
 continue testing the connection broker. Is there any way to disable auth
 basic in oVirt's API?
 
 I’m using it in a testing environment (oVirt 3.4 at CentOS 6), so I’m not
 worried about security risks.
 
 Thank you.
 
 Regards,
 
 Jose

Please elaborate more on what you're trying to achieve,
I'm not sure I fully understood.

Thanks in advance,

Yair

 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] [Users] A mobile monitoring application for oVirt

2014-04-09 Thread Yair Zaslavsky
Awesome,
Do you need help in developing that?
Are you getting the information via notification of events, or are you polling?



- Original Message -
 From: Martin Betak mbe...@redhat.com
 To: users@ovirt.org
 Sent: Thursday, April 3, 2014 5:37:05 PM
 Subject: [Users] A mobile monitoring application for oVirt
 
 Hello oVirt users,
 
 I'm in the process of developing a simple monitoring application for oVirt on
 the Android platform.
 This is still under heavy development, but first usable version can be found
 at [1]
 Please note that this is still a development preview so it can be a little
 unstable and the UI design is not yet perfect
 (well ... design by programmer :-)) but I hope it could be useful. All
 comments, remarks,
 feature requests and general feedback are very welcome. You can file any
 issues directly at [2].
 
 Below follow the details of using and configuring the app.
 
 Description:
 
 The goal of this project was to create a simple Android app that would enable
 oVirt admins to configure conditions on Vms, Clusters,
 or whole datacenter upon which they want to be notified. At the moment you
 can configure 3 types of Triggers:
 - when Vm CPU is over given level
 - when Vm Memory usage is over given level
 - when Vm enters given state (Down, Unknown ...)
 You can also choose if you want just simple standard android notification or
 also want the device to vibrate.
 
 You can also define all these triggers on per-Vm, per-Cluster or global
 level.
 
 Configuration:
 
 On first run the app will prompt you to enter connection parameters of your
 running oVirt engine instance.
 API URL should be in the form of http://host:port/ovirt-engine/api
 Username is user@domain i.e. admin@internal
 Password is ... well the above user's password :-)
 
 sadly only http (not https) is supported so far for endpoint url.
 
 If you have any more questions feel free to use this thread and I'll do my
 best to answer them :-)
 
 Best regards,
 
 Martin
 
 
 [1] https://github.com/matobet/moVirt/blob/master/moVirt/moVirt.apk
 [2] https://github.com/matobet/moVirt/issues
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [ovirt-users] help.. vm trapped in limbo aka can't acquire exclusive lock

2014-04-09 Thread Yair Zaslavsky
Can you please attach full engine.log?

Many thanks,
Yair


- Original Message -
 From: Jeremiah Jahn jerem...@goodinassociates.com
 To: users@ovirt.org
 Sent: Thursday, April 10, 2014 2:18:48 AM
 Subject: [ovirt-users] help.. vm trapped in limbo aka can't acquire   
 exclusive lock
 
 I can't start it, I can't migrate it. I tried to migrate it before,
 but the machine was stuck in a read only state. The migration failed
 because the machine it was being migrated to was also in a read only
 state. somewhere  in the process the lock obviously got lost, and I
 can't get it back...
 
 
 
 2014-04-09 18:11:16,675 INFO  [org.ovirt.engine.core.bll.RunVmCommand]
 (ajp--127.0.0.1-8702-3) [58b40832] Failed to Acquire Lock to object
 EngineLock [exclusiveLocks= key: b0108933-deb2-4fa0-ae74-e10cefbb0cea
 value: VM
 , sharedLocks= ]
 
 
 2014-04-09 18:11:16,676 WARN  [org.ovirt.engine.core.bll.RunVmCommand]
 (ajp--127.0.0.1-8702-3) [58b40832] CanDoAction of action RunVm failed.
 Reasons:VAR__ACTION__RUN,VAR__TYPE__VM,ACTION_TYPE_FAILED_VM_IS_BEING_MIGRATED,$VmName
 web.judici
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] Login Error using AD domain

2014-04-07 Thread Yair Zaslavsky
Hi,
Seems you still have some issue in your environment if this error is reported, 
you can try to kinit yourself and check.
For that you will need an appropriate krb5.conf file to be placed at 
/etc/krb5.conf - and to perform

kinit user@REALM

the content of the krb5.conf file can be:


[libdefaults]
default_realm = YOUR_REALM
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = no
no-addresses = false
default_tkt_enctypes = arcfour-hmac-md5
udp_preference_limit = 1 


- Original Message -
 From: Jeff Clay jeffc...@gmail.com
 To: users@ovirt.org
 Sent: Tuesday, April 8, 2014 12:09:23 AM
 Subject: [Users] Login Error using AD domain
 
 This was working fine, now I get the error below in engine.log when I try
 to log in. The clock times are the same. I even changed the time service on
 the domain controller to use the same NTP source as the engine server. I
 have rebooted the domain controller to make sure that all settings were
 applied, but I still get this error. I can log into our other AD domain
 without issue, the problem is just with this particular domain.
 
 
 2014-04-07 16:05:07,453 ERROR
 [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy]
 (ajp--127.0.0.1-8702-7) Kerberos error: Clock skew too great (37)
 2014-04-07 16:05:07,454 ERROR
 [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy]
 (ajp--127.0.0.1-8702-7) Authentication Failed. The Engine clock is not
 synchronized with directory services (must be within 5 minutes difference).
 Please verify the clocks are synchronized
 2014-04-07 16:05:07,456 ERROR
 [org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
 (ajp--127.0.0.1-8702-7) Failed ldap search server ldap://par-dc1:389 using
 user jc...@corporate.wellsco.net due to Authentication Failed. The Engine
 clock is not synchronized with directory services (must be within 5 minutes
 difference). Please verify the clocks are synchronized. We should try the
 next server
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] Unable to log into user portal with user account

2014-04-06 Thread Yair Zaslavsky
Hi,
1. When you log in to to the admin portal, and check the permissions the user 
have, does it have the UserRole?
2. Can you please provide us the following SQL queries (using psql)

select user_name, groupIds from users;

select id,name from ad_groups;


3. In addition - have you manually added your user to oVirt before the login 
attempt, or did you just add the mentioned group + gave it permissions?

Thanks,
Yair



- Original Message -
 From: Jeff Clay jeffc...@gmail.com
 To: users@ovirt.org
 Sent: Monday, April 7, 2014 3:01:55 AM
 Subject: [Users] Unable to log into user portal with user account
 
 I have attached an AD domain. I can log in to the admin and user portals
 with the credentials used to add the domain. I made a new user on the AD
 for testing. I have added BuiltIn\Users and Domain\Users to the UserRole in
 Ovirt. When I try to log in to the UserPortal with a regular user account I
 get the error that the user isn't authorized to perform the action.
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] Unable to log into user portal with user account

2014-04-06 Thread Yair Zaslavsky


- Original Message -
 From: Jeff Clay jeffc...@gmail.com
 To: Yair Zaslavsky yzasl...@redhat.com, users@ovirt.org
 Sent: Monday, April 7, 2014 4:28:09 AM
 Subject: Re: [Users] Unable to log into user portal with user account
 
 I added the domain using engine-manage-domains and then I went into the
 engine admin portal and added the groups I mentioned and assigned those
 groups to the UserRole for ovirt. I'm not familiar with psql at all, every
 iteration of running the queries you requested has failed.

Ok, after you fail to login to userportal, can you login to the admin portal, 
and check for the user you tried to login with what are the permissions he has?

Thanks,
Yair

 
 
 On Sun, Apr 6, 2014 at 7:27 PM, Yair Zaslavsky yzasl...@redhat.com wrote:
 
  Hi,
  1. When you log in to to the admin portal, and check the permissions the
  user have, does it have the UserRole?
  2. Can you please provide us the following SQL queries (using psql)
 
  select user_name, groupIds from users;

Should be select username, group_ids from users;  - sorry, my bad.

 
  select id,name from ad_groups;
 
 
  3. In addition - have you manually added your user to oVirt before the
  login attempt, or did you just add the mentioned group + gave it
  permissions?
 
  Thanks,
  Yair
 
 
 
  - Original Message -
   From: Jeff Clay jeffc...@gmail.com
   To: users@ovirt.org
   Sent: Monday, April 7, 2014 3:01:55 AM
   Subject: [Users] Unable to log into user portal with user account
  
   I have attached an AD domain. I can log in to the admin and user portals
   with the credentials used to add the domain. I made a new user on the AD
   for testing. I have added BuiltIn\Users and Domain\Users to the UserRole
  in
   Ovirt. When I try to log in to the UserPortal with a regular user
  account I
   get the error that the user isn't authorized to perform the action.
  
   ___
   Users mailing list
   Users@ovirt.org
   http://lists.ovirt.org/mailman/listinfo/users
  
 
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] Error removing external group

2014-03-29 Thread Yair Zaslavsky
Gilad, I suspect this is with users and groups upgraded from 3.3.
Did you install engine of ovirt 3.3 and upgrade it to 3.4?


- Original Message -
 From: Gilad Chaplik gchap...@redhat.com
 To: Kobi Ianku kia...@redhat.com
 Cc: Yair Zaslavsky yzasl...@redhat.com, users@ovirt.org, Maurice James 
 midnightst...@msn.com
 Sent: Sunday, March 30, 2014 2:08:35 AM
 Subject: Re: [Users] Error removing external group
 
 - Original Message -
  From: Maurice James midnightst...@msn.com
  To: Yair Zaslavsky yzasl...@redhat.com
  Cc: Gilad Chaplik gchap...@redhat.com, users@ovirt.org
  Sent: Saturday, March 29, 2014 5:18:58 PM
  Subject: RE: [Users] Error removing external group
  
  I will give that a try
 
 let's test it tomorrow morning. we have the setup :-)
 
  
  -Original Message-
  From: Yair Zaslavsky [mailto:yzasl...@redhat.com]
  Sent: Friday, March 28, 2014 10:22 PM
  To: Maurice James
  Cc: Gilad Chaplik; users@ovirt.org
  Subject: Re: [Users] Error removing external group
  
  Maurice,
  What happens if you add the same group again and try to remove it again?
  
  
  - Original Message -
   From: Maurice James midnightst...@msn.com
   To: Yair Zaslavsky yzasl...@redhat.com
   Cc: Gilad Chaplik gchap...@redhat.com, users@ovirt.org
   Sent: Friday, March 28, 2014 8:07:37 PM
   Subject: RE: [Users] Error removing external group
   
   Yes it was in there from 3.3
   
Date: Thu, 27 Mar 2014 22:11:58 -0400
From: yzasl...@redhat.com
To: midnightst...@msn.com
CC: gchap...@redhat.com; users@ovirt.org
Subject: Re: [Users] Error removing external group

Maurice,
Is the group that you removed was added from 3.3 , before you
upgraded to 3.4?


- Original Message -
 From: Maurice James midnightst...@msn.com
 To: Gilad Chaplik gchap...@redhat.com
 Cc: users@ovirt.org
 Sent: Thursday, March 27, 2014 5:52:04 PM
 Subject: Re: [Users] Error removing external group
 
 
 I yanked it out of the database. That part is all good now. Im not
 sure how it got stuck though
 
 
 
 
  Date: Thu, 27 Mar 2014 11:34:58 -0400
  From: gchap...@redhat.com
  To: midnightst...@msn.com
  CC: users@ovirt.org; kia...@redhat.com
  Subject: Re: [Users] Error removing external group
  
  we're there for quota, we will take a look as well, it's 'on our
  way'
  :-)
  
  Thanks,
  Gilad.
  
  - Original Message -
   From: Maurice James midnightst...@msn.com
   To: users@ovirt.org
   Sent: Thursday, March 27, 2014 4:01:25 PM
   Subject: [Users] Error removing external group
   
   Version 3.4.0-1.el6
   
   I'm attempting to remove a group from the users tab in the UI
   and I'm seeing the following error in the engine.log
   
   
   2014-03-27 09:59:01,247 ERROR
   [org.ovirt.engine.core.bll.MultipleActionsRunner]
   (ajp--127.0.0.1-8702-8)
   [30e4f6c2] Failed to execute multiple actions of type:
   RemoveGroup:
   java.lang.NullPointerException at
   org.ovirt.engine.core.authentication.provisional.ProvisionalDi
   rectory.mapGroup(ProvisionalDirectory.java:211)
   [bll.jar:]
   at
   org.ovirt.engine.core.authentication.provisional.ProvisionalDi
   rectory.findGroup(ProvisionalDirectory.java:187)
   [bll.jar:]
   at
   org.ovirt.engine.core.bll.AdGroupsHandlingCommandBase.getAdGro
   up(AdGroupsHandlingCommandBase.java:49)
   [bll.jar:]
   at
   org.ovirt.engine.core.bll.AdGroupsHandlingCommandBase.getAdGro
   upName(AdGroupsHandlingCommandBase.java:38)
   [bll.jar:]
   at
   org.ovirt.engine.core.bll.AdGroupsHandlingCommandBase.getDescr
   iption(AdGroupsHandlingCommandBase.java:57)
   [bll.jar:]
   at
   org.ovirt.engine.core.bll.CommandBase.canDoActionOnly(CommandB
   ase.java:326)
   [bll.jar:]
   at
   org.ovirt.engine.core.bll.MultipleActionsRunner.execute(Multip
   leActionsRunner.java:76)
   [bll.jar:]
   at
   org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backe
   nd.java:549)
   [bll.jar:]
   at
   org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backe
   nd.java:565)
   [bll.jar:]
   at
   org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.j
   ava:519)
   [bll.jar:]
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   [rt.jar:1.7.0_51] at
   sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess
   orImpl.java:57)
   [rt.jar:1.7.0_51]
   at
   sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth
   odAccessorImpl.java:43)
   [rt.jar:1.7.0_51]
   at java.lang.reflect.Method.invoke(Method.java:606)
   [rt.jar:1.7.0_51] at
   org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFac
   tory

Re: [Users] Cannot add IPA server to ovirt

2014-03-28 Thread Yair Zaslavsky

- Original Message -
 From: René Koch rk...@linuxland.at
 To: Demeter Tibor tdeme...@itsmart.hu
 Cc: users@ovirt.org
 Sent: Friday, March 28, 2014 11:30:44 AM
 Subject: Re: [Users] Cannot add IPA server to ovirt
 
 On 03/28/2014 09:19 AM, Demeter Tibor wrote:
  Hi,
 
  I made an IPA server for testing purposes, but I cannot add to ovirt
  3.4. The IPA server seems to be working good.
 
  When I add IPA to ovirt, I get this error mesage:
 
  [root@ovirttest etc]# engine-manage-domains add --domain=itsmart.local
  --user=admin --provider=ipa
  --ldap-servers=ldap1.itsmart.local,ldap2.itsmart.local
  No KDC can be obtained for domain itsmart.local
 
 I guess oVirt isn't able to find the Kerberos server due to missing SRV
 records?

Seems to me this is the reason.
Please check by dig SRV _kerberos._tcp.itsmart.local

 
 
 
  What does mean this?
 
  Can me help anyone?
 
 
  Thanks,
 
 
  Tibor
 
 
 
 
 
 
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] Error removing external group

2014-03-28 Thread Yair Zaslavsky
Maurice,
What happens if you add the same group again and try to remove it again?


- Original Message -
 From: Maurice James midnightst...@msn.com
 To: Yair Zaslavsky yzasl...@redhat.com
 Cc: Gilad Chaplik gchap...@redhat.com, users@ovirt.org
 Sent: Friday, March 28, 2014 8:07:37 PM
 Subject: RE: [Users] Error removing external group
 
 Yes it was in there from 3.3
 
  Date: Thu, 27 Mar 2014 22:11:58 -0400
  From: yzasl...@redhat.com
  To: midnightst...@msn.com
  CC: gchap...@redhat.com; users@ovirt.org
  Subject: Re: [Users] Error removing external group
  
  Maurice,
  Is the group that you removed was added from 3.3 , before you upgraded to
  3.4?
  
  
  - Original Message -
   From: Maurice James midnightst...@msn.com
   To: Gilad Chaplik gchap...@redhat.com
   Cc: users@ovirt.org
   Sent: Thursday, March 27, 2014 5:52:04 PM
   Subject: Re: [Users] Error removing external group
   
   
   I yanked it out of the database. That part is all good now. Im not sure
   how
   it got stuck though
   
   
   
   
Date: Thu, 27 Mar 2014 11:34:58 -0400
From: gchap...@redhat.com
To: midnightst...@msn.com
CC: users@ovirt.org; kia...@redhat.com
Subject: Re: [Users] Error removing external group

we're there for quota, we will take a look as well, it's 'on our way'
:-)

Thanks,
Gilad.

- Original Message -
 From: Maurice James midnightst...@msn.com
 To: users@ovirt.org
 Sent: Thursday, March 27, 2014 4:01:25 PM
 Subject: [Users] Error removing external group
 
 Version 3.4.0-1.el6
 
 I'm attempting to remove a group from the users tab in the UI and I'm
 seeing
 the following error in the engine.log
 
 
 2014-03-27 09:59:01,247 ERROR
 [org.ovirt.engine.core.bll.MultipleActionsRunner]
 (ajp--127.0.0.1-8702-8)
 [30e4f6c2] Failed to execute multiple actions of type: RemoveGroup:
 java.lang.NullPointerException
 at
 org.ovirt.engine.core.authentication.provisional.ProvisionalDirectory.mapGroup(ProvisionalDirectory.java:211)
 [bll.jar:]
 at
 org.ovirt.engine.core.authentication.provisional.ProvisionalDirectory.findGroup(ProvisionalDirectory.java:187)
 [bll.jar:]
 at
 org.ovirt.engine.core.bll.AdGroupsHandlingCommandBase.getAdGroup(AdGroupsHandlingCommandBase.java:49)
 [bll.jar:]
 at
 org.ovirt.engine.core.bll.AdGroupsHandlingCommandBase.getAdGroupName(AdGroupsHandlingCommandBase.java:38)
 [bll.jar:]
 at
 org.ovirt.engine.core.bll.AdGroupsHandlingCommandBase.getDescription(AdGroupsHandlingCommandBase.java:57)
 [bll.jar:]
 at
 org.ovirt.engine.core.bll.CommandBase.canDoActionOnly(CommandBase.java:326)
 [bll.jar:]
 at
 org.ovirt.engine.core.bll.MultipleActionsRunner.execute(MultipleActionsRunner.java:76)
 [bll.jar:]
 at
 org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:549)
 [bll.jar:]
 at
 org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:565)
 [bll.jar:]
 at
 org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:519)
 [bll.jar:]
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 [rt.jar:1.7.0_51]
 at
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
 [rt.jar:1.7.0_51]
 at
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 [rt.jar:1.7.0_51]
 at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51]
 at
 org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
 [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
 at
 org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
 [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
 at
 org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
 [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
 at
 org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13)
 [bll.jar:]
 at sun.reflect.GeneratedMethodAccessor139.invoke(Unknown Source)
 [:1.7.0_51]
 at
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 [rt.jar:1.7.0_51]
 at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51]
 at
 org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
 [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
 at
 org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
 [jboss-invocation-1.1.1.Final.jar:1.1.1.Final

Re: [Users] Cannot login with AD user after upgrade 3.3-3.4

2014-03-28 Thread Yair Zaslavsky
Looks like a bug in upgrade from 3.3 to 3.4
I will file a bug on that.

https://bugzilla.redhat.com/show_bug.cgi?id=1082195


- Original Message -
 From: Markus Stockhausen stockhau...@collogia.de
 To: ovirt-users users@ovirt.org
 Sent: Friday, March 28, 2014 11:56:32 PM
 Subject: Re: [Users] Cannot login with AD user after upgrade 3.3-3.4
 
  Hello,
 
  my upgrade from 3.3 to 3.4 went quite well. Only problem
  afterwards is I'm unable to log into the engine with one of
  my attached AD users. Internal admin user works fine.
 
  system permissions before and after the upgrade are as follows:
 
  mydomain.com/builtin/Administrators SuperUser
  mydomain.com/builtin/Administrators PowerUserRole
 
 sorry for the noise. User/group assignments in the domain
 were changed in parallel. So user had effectively no access
 rights.
 
 Markus
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] Cannot login with AD user after upgrade 3.3-3.4

2014-03-28 Thread Yair Zaslavsky
Markus, which version of ovirt 3.3 did you upgrade from? and to which version 
of 3.4?


- Original Message -
 From: Yair Zaslavsky yzasl...@redhat.com
 To: Markus Stockhausen stockhau...@collogia.de
 Cc: ovirt-users users@ovirt.org
 Sent: Saturday, March 29, 2014 6:01:24 AM
 Subject: Re: [Users] Cannot login with AD user after upgrade 3.3-3.4
 
 Looks like a bug in upgrade from 3.3 to 3.4
 I will file a bug on that.
 
 https://bugzilla.redhat.com/show_bug.cgi?id=1082195
 
 
 - Original Message -
  From: Markus Stockhausen stockhau...@collogia.de
  To: ovirt-users users@ovirt.org
  Sent: Friday, March 28, 2014 11:56:32 PM
  Subject: Re: [Users] Cannot login with AD user after upgrade 3.3-3.4
  
   Hello,
  
   my upgrade from 3.3 to 3.4 went quite well. Only problem
   afterwards is I'm unable to log into the engine with one of
   my attached AD users. Internal admin user works fine.
  
   system permissions before and after the upgrade are as follows:
  
   mydomain.com/builtin/Administrators SuperUser
   mydomain.com/builtin/Administrators PowerUserRole
  
  sorry for the noise. User/group assignments in the domain
  were changed in parallel. So user had effectively no access
  rights.
  
  Markus
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
  
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] Error removing external group

2014-03-27 Thread Yair Zaslavsky
Maurice,
Is the group that you removed was added from 3.3 , before you upgraded to 3.4?


- Original Message -
 From: Maurice James midnightst...@msn.com
 To: Gilad Chaplik gchap...@redhat.com
 Cc: users@ovirt.org
 Sent: Thursday, March 27, 2014 5:52:04 PM
 Subject: Re: [Users] Error removing external group
 
 
 I yanked it out of the database. That part is all good now. Im not sure how
 it got stuck though
 
 
 
 
  Date: Thu, 27 Mar 2014 11:34:58 -0400
  From: gchap...@redhat.com
  To: midnightst...@msn.com
  CC: users@ovirt.org; kia...@redhat.com
  Subject: Re: [Users] Error removing external group
  
  we're there for quota, we will take a look as well, it's 'on our way' :-)
  
  Thanks,
  Gilad.
  
  - Original Message -
   From: Maurice James midnightst...@msn.com
   To: users@ovirt.org
   Sent: Thursday, March 27, 2014 4:01:25 PM
   Subject: [Users] Error removing external group
   
   Version 3.4.0-1.el6
   
   I'm attempting to remove a group from the users tab in the UI and I'm
   seeing
   the following error in the engine.log
   
   
   2014-03-27 09:59:01,247 ERROR
   [org.ovirt.engine.core.bll.MultipleActionsRunner] (ajp--127.0.0.1-8702-8)
   [30e4f6c2] Failed to execute multiple actions of type: RemoveGroup:
   java.lang.NullPointerException
   at
   org.ovirt.engine.core.authentication.provisional.ProvisionalDirectory.mapGroup(ProvisionalDirectory.java:211)
   [bll.jar:]
   at
   org.ovirt.engine.core.authentication.provisional.ProvisionalDirectory.findGroup(ProvisionalDirectory.java:187)
   [bll.jar:]
   at
   org.ovirt.engine.core.bll.AdGroupsHandlingCommandBase.getAdGroup(AdGroupsHandlingCommandBase.java:49)
   [bll.jar:]
   at
   org.ovirt.engine.core.bll.AdGroupsHandlingCommandBase.getAdGroupName(AdGroupsHandlingCommandBase.java:38)
   [bll.jar:]
   at
   org.ovirt.engine.core.bll.AdGroupsHandlingCommandBase.getDescription(AdGroupsHandlingCommandBase.java:57)
   [bll.jar:]
   at
   org.ovirt.engine.core.bll.CommandBase.canDoActionOnly(CommandBase.java:326)
   [bll.jar:]
   at
   org.ovirt.engine.core.bll.MultipleActionsRunner.execute(MultipleActionsRunner.java:76)
   [bll.jar:]
   at
   org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:549)
   [bll.jar:]
   at
   org.ovirt.engine.core.bll.Backend.runMultipleActionsImpl(Backend.java:565)
   [bll.jar:]
   at org.ovirt.engine.core.bll.Backend.runMultipleActions(Backend.java:519)
   [bll.jar:]
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   [rt.jar:1.7.0_51]
   at
   sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
   [rt.jar:1.7.0_51]
   at
   sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   [rt.jar:1.7.0_51]
   at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51]
   at
   org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
   [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
   at
   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
   [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
   at
   org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374)
   [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
   at
   org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13)
   [bll.jar:]
   at sun.reflect.GeneratedMethodAccessor139.invoke(Unknown Source)
   [:1.7.0_51]
   at
   sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   [rt.jar:1.7.0_51]
   at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51]
   at
   org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123)
   [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
   at
   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
   [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
   at
   org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
   [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
   at
   org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
   [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
   at
   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
   [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
   at
   org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
   [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
   at
   org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
   [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
   at
   org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
   

Re: [Users] External group permissions

2014-03-26 Thread Yair Zaslavsky


- Original Message -
 From: Maurice James midnightst...@msn.com
 To: users@ovirt.org
 Sent: Wednesday, March 26, 2014 11:48:21 AM
 Subject: [Users] External group permissions
 
 I used engine-manage-domains to allow external authentication from active
 directory to my ovirt management ui. I assigned and ad group super user and
 power user permissions on the DC. I cant get any user to login to the
 webadmin portal. In the log says that they have no permission. Which right
 do I have to assign to the group in order for its member to be able to login
 to the web ui?
 

1. Which ovirt version are you using?
2. May I get the following results from postgresql ?

a. select user_id, name, group_ids from users;
b. select id from ad_groups;
c. select select * from permissions;


Many thanks,
Yair


 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] External group permissions

2014-03-26 Thread Yair Zaslavsky


- Original Message -
 From: Yair Zaslavsky yzasl...@redhat.com
 To: Maurice James midnightst...@msn.com
 Cc: users@ovirt.org
 Sent: Wednesday, March 26, 2014 12:20:02 PM
 Subject: Re: [Users] External group permissions
 
 
 
 - Original Message -
  From: Maurice James midnightst...@msn.com
  To: users@ovirt.org
  Sent: Wednesday, March 26, 2014 11:48:21 AM
  Subject: [Users] External group permissions
  
  I used engine-manage-domains to allow external authentication from active
  directory to my ovirt management ui. I assigned and ad group super user and
  power user permissions on the DC. I cant get any user to login to the
  webadmin portal. In the log says that they have no permission. Which right
  do I have to assign to the group in order for its member to be able to
  login
  to the web ui?
  
 
 1. Which ovirt version are you using?
 2. May I get the following results from postgresql ?
 
 a. select user_id, name, group_ids from users;
 b. select id from ad_groups;

Actually select id,name from ad_groups;

 c. select select * from permissions;

Typo - I meant select * from permissions of course.
 
 
 Many thanks,
 Yair
 
 
  
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
  
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] API read-only access / roles

2014-03-26 Thread Yair Zaslavsky


- Original Message -
 From: Itamar Heim ih...@redhat.com
 To: Sven Kieske s.kie...@mittwald.de, Users@ovirt.org List 
 Users@ovirt.org, Yair Zaslavsky
 yzasl...@redhat.com
 Sent: Wednesday, March 26, 2014 12:46:28 PM
 Subject: Re: [Users] API read-only access / roles
 
 On 03/26/2014 06:39 AM, Sven Kieske wrote:
 
 
  Am 26.03.2014 11:21, schrieb Itamar Heim:
  On 03/26/2014 06:16 AM, Sven Kieske wrote:
  Hi,
 
  as we now have setup ldap, now the question which
  never got answered in the first place:
 
  1.
  which rights do I need for read only access?
 
  as stated in BZ just login rights won't suffice.
 
  an admin role with login? why not?
  i thought we even pre-created such a default read only role by now:
  Bug 1038222 - [RFE] Read Only Admin role in AP
 
  (and you can create one yourself in 3.3 as well iirc)
 
  What would happen if I create this user myself
  and I want to upgrade to 3.4 somewhere in time?
 
  My guess would be the upgrade would fail if this
  user gets added automatically, because it is already
  there?
 
 
 its not a user. its a system defined role.
 you can create a user defined role (with a different name)
 you should do this via the GUI in 3.3, not via the db (then the uuid
 will be different as well, and no upgrade issues)

Regarding your upgrade question -
I would like to add that although we have a hard-coded internal admin user, 
your read only user (that is, a user you assigned the role you created) is 
not a hard coded one. I don't think we will go for a strategy of adding another 
hardcoded user for read only , so you should not have upgrade issues.

 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] Logs using syslog

2014-03-26 Thread Yair Zaslavsky
Hi Eduardo,
We have an open RFE for that -

https://bugzilla.redhat.com/show_bug.cgi?id=1078738

In general, 
JBoss AS 7.1 has moved from log4j logging to java.util logging and the syslog 
handler is not working anymore,
From various sources I have read at the internet looks like the solution is to 
develop a custom syslog handler, pack it as a jboss module, and then
configure it in share/ovirt-engine/services/ovirt-engine/ovirt-engine.xml.in 



- Original Message -
 From: Eduardo Ramos edua...@freedominterface.org
 To: users@ovirt.org Users@ovirt.org
 Sent: Thursday, March 13, 2014 5:12:25 PM
 Subject: [Users] Logs using syslog
 
 Hi all!
 
 Is there a way to log engine messages to a syslog? I searched for
 'syslog' in /etc/ovirt-engine/*, but not results.
 
 Thanks
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] Upgrade from 3.4.0-0.9 to 3.4.0-0.12

2014-03-06 Thread Yair Zaslavsky


- Original Message -
 From: Maurice James midnightst...@msn.com
 To: users@ovirt.org
 Sent: Friday, March 7, 2014 1:49:23 AM
 Subject: [Users] Upgrade from 3.4.0-0.9 to 3.4.0-0.12
 
 I got the following error while trying to upgrade
 
  
 
 ;; -HEADER- opcode: QUERY, status: NOERROR, id: 35994
 
 psql:upgrade/03_04_0600_event_notification_methods.sql:10: ERROR:  column
 notification_method contains null values

Maurice,
As far as I understand, this was resolved by 
https://bugzilla.redhat.com/show_bug.cgi?id=1072549
 (CC'ing Eli who worked on this bug)
Eli - I see the patch has script numbering of 03_05 - is there a plan to 
provide 03_04 script for that fix?

Yair



 
 2014-03-06 18:33:46 ERROR otopi.context context._executeMethod:161 Failed to
 execute stage 'Misc configuration': Command
 '/usr/share/ovirt-engine/dbscripts/upgrade.sh' failed to execute
 
 psql:/var/lib/ovirt-engine/backups/engine-20140306183332.9FQBdD.sql:16:
 ERROR:  language plpgsql already exists
 
 2014-03-06 18:42:58 ERROR otopi.plugins.ovirt_engine_common.base.core.misc
 misc._terminate:150 Execution of setup failed
 
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] Permissions

2014-02-25 Thread Yair Zaslavsky


- Original Message -
 From: Maurice James midnightst...@msn.com
 To: Yair Zaslavsky yzasl...@redhat.com
 Cc: Eli Mesika emes...@redhat.com, users@ovirt.org
 Sent: Wednesday, February 26, 2014 1:35:03 AM
 Subject: RE: [Users] Permissions
 
 Here are the logs that I grabbed while trying to move disks between storage
 domains

It shows you have permissions issues.
Just to make sure - is this a user that belongs to a group that has 
permissions? I think you wrote in previous emails it is.
Can you, as suggested in previous email, try to perform this operation with a 
direct user that has the permissions (i.e - not inherited from a group?)

Thanks,
Yair

 
 -Original Message-
 From: Yair Zaslavsky [mailto:yzasl...@redhat.com]
 Sent: Monday, February 24, 2014 8:56 PM
 To: Maurice James
 Cc: Eli Mesika; users@ovirt.org
 Subject: Re: [Users] Permissions
 
 
 
 - Original Message -
  From: Maurice James midnightst...@msn.com
  To: Eli Mesika emes...@redhat.com
  Cc: users@ovirt.org
  Sent: Tuesday, February 25, 2014 3:33:52 AM
  Subject: Re: [Users] Permissions
  
  I will have to get the logs to you tomorrow when I go to the office.
  Until then,  I have a user group from AD with the Power User and
  Super User
   permissions over the Data Center. They do not have permission to move
  disks  between storage domains. Is this by design?
 
 Maurice, quick question here - when you write they don't have permissions
 do you mean to users of the group?
 if so, are you using ovirt engine 3.4 beta2 or a development environment?
 
 Perhaps the following bug has to do with what you're experiencing?
 
 https://bugzilla.redhat.com/1065615
 
 
 Yair
 
  
  
  -Original Message-
  From: Eli Mesika [mailto:emes...@redhat.com]
  Sent: Sunday, February 23, 2014 3:34 PM
  To: Maurice James
  Cc: users@ovirt.org
  Subject: Re: [Users] Permissions
  
  
  
  - Original Message -
   From: Maurice James midnightst...@msn.com
   To: users@ovirt.org
   Sent: Friday, February 21, 2014 9:25:12 PM
   Subject: [Users] Permissions
   
   I have an LDAP user with Power User and Super User permissions at
   the Data Center level. Why dont I have permission to migrate disks
   between storage domains?
  
  Hi Maurice
  
  Can you elaborate please and attach a screen-shot of the error you got
  and the relevant engine.log
  
   
   oVirt Engine Version: 3.3.3-2.el6
   
   ___
   Users mailing list
   Users@ovirt.org
   http://lists.ovirt.org/mailman/listinfo/users
   
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
  
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] Creating oVirt users

2014-02-24 Thread Yair Zaslavsky
Hi Drew,
In order to be able to add users, you will have to use the 
engine-manage-domains tool and setup a domain.
a domain uses kerberos authentication and LDAP for authorization.
engine-manage-domains supports several ldap vendors , among are - active 
directory, IPA, RHDS, openLdap.
once will add a user at a given domain that will be used to authenticate during 
searching for users and groups.
For example, if you have a domain named example.com, which is which has a 
machine a.example.com which co-hosts ldap server (IPA) + KDC, and the dns 
records for kerberos and ldap are properly set, and you will like to add user 
named myuser then you can use :
engine-manage-domains add --user=myuser --domain=example.com --provider=IPA.
if you want to be able to login with this user, and not just with the admin of 
of internal, please also specify --add-permissions

Hope this helps,
Yair


- Original Message -
 From: Drew Showers d...@augurworks.com
 To: users@ovirt.org
 Sent: Tuesday, February 25, 2014 1:49:45 AM
 Subject: [Users] Creating oVirt users
 
 Hello,
 
 How do I create users? I see where to add users and create roles, but can't
 figure out how to get users on the add user list.
 
 Thanks in advance!
 Drew
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] Permissions

2014-02-24 Thread Yair Zaslavsky


- Original Message -
 From: Maurice James midnightst...@msn.com
 To: Eli Mesika emes...@redhat.com
 Cc: users@ovirt.org
 Sent: Tuesday, February 25, 2014 3:33:52 AM
 Subject: Re: [Users] Permissions
 
 I will have to get the logs to you tomorrow when I go to the office. Until
 then,
  I have a user group from AD with the Power User and Super User
  permissions over the Data Center. They do not have permission to move disks
  between storage domains. Is this by design?

Maurice, quick question here - when you write they don't have permissions do 
you mean to users of the group? 
if so, are you using ovirt engine 3.4 beta2 or a development environment?

Perhaps the following bug has to do with what you're experiencing?

https://bugzilla.redhat.com/1065615


Yair

 
 
 -Original Message-
 From: Eli Mesika [mailto:emes...@redhat.com]
 Sent: Sunday, February 23, 2014 3:34 PM
 To: Maurice James
 Cc: users@ovirt.org
 Subject: Re: [Users] Permissions
 
 
 
 - Original Message -
  From: Maurice James midnightst...@msn.com
  To: users@ovirt.org
  Sent: Friday, February 21, 2014 9:25:12 PM
  Subject: [Users] Permissions
  
  I have an LDAP user with Power User and Super User permissions at the
  Data Center level. Why dont I have permission to migrate disks between
  storage domains?
 
 Hi Maurice
 
 Can you elaborate please and attach a screen-shot of the error you got and
 the relevant engine.log
 
  
  oVirt Engine Version: 3.3.3-2.el6
  
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
  
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] API read-only access / roles

2014-02-22 Thread Yair Zaslavsky


- Original Message -
 From: Juan Hernandez jhern...@redhat.com
 To: Sven Kieske s.kie...@mittwald.de, Users@ovirt.org List 
 Users@ovirt.org
 Cc: Itamar Heim ih...@redhat.com, Yair Zaslavsky yzasl...@redhat.com
 Sent: Saturday, February 22, 2014 2:22:14 PM
 Subject: Re: [Users] API read-only access / roles
 
 On 02/20/2014 04:51 PM, Itamar Heim wrote:
  On 02/20/2014 05:24 PM, Sven Kieske wrote:
  Hi,
 
  is nobody interested in this feature at all?
  it would be a huge security gain, while lowering
  the bars for having a read only user if this could get shipped with 3.4:
  
  we are very interested, but we want to do this based on the
  authentication re-factoring, which in itself, barely made the 3.4 timeline.
  Yair - are we pluggable yet, that someone could add such a user by
  dropping a jar somewhere, or still on going work towards 3.5?

As Juan mentioned in his email, it should be possible to plug in at 3.4 as well.
However, we're changing the configuration format at 3.5 as we're changing the 
mechanism to use the extensions mechanism - both Directory and Authenticator 
are extensions, the configuration for
directory (authorization extension) and authenciator (authentication extension) 
will look a bit different.




  
 
 Pugglability of authentication already works in 3.4. By default it uses
 the previous mechanism, but the administrator can change this. In order
 to change you need to create the /etc/ovirt-engine/auth.conf.d directory
 and then create inside one or more authentication profiles
 configuration files. An authentication profile is a combination of an
 authenticator and a directory. The authenticator is used to check
 the credentials (the user name and password) and the directory is used
 to search users and their details. For example, if you want to use local
 authentication (the users, passwords, and groups of the OS) you can
 create a local.conf file with the following content:
 
   #
   # The name of the profile. This is what will be displayed in the
   # combo box in the login page.
   #
   name=local
 
   #
   # Needed to enable the profile, by default all profiles are
   # disabled.
   #
   enabled=true
 
   #
   # The configuration of the authenticator used by the profile. The
   # type and the module are mandatory, the rest are optional and
   # the default values are as shown below.
   #
   authenticator.type=ssh
   authenticator.module=org.ovirt.engine.core.authentication.ssh
   # authenticator.host=localhost
   # authenticator.port=22
   # authenticator.timeout=10
 
   #
   # The configuration of the directory:
   #
   directory.type=nss
   directory.module=org.ovirt.engine.core.authentication.nss
 
 For this to work you need to install some additional modules, which
 aren't currently part of the engine. This is where plugabillity comes in
 place. This modules can be built externally. I created modules for SSH
 authentication and NSS (Name Service Switch) directory. The source is
 available here:
 
 https://github.com/jhernand/ovirt-engine-ssh-authenticator
 https://github.com/jhernand/ovirt-engine-nss-directory
 
 The NSS directory also needs JNA (Java Native Access):
 
 https://github.com/jhernand/ovirt-engine-jna-module
 
 Installing these extensions is very easy, just build from source and
 uncompress the generated .zip files to /usr/share/ovirt-engine/modules.
 In case you don't want to build from source you can use the RPMs that I
 created. The source for the .spec files is here:
 
 https://github.com/jhernand/ovirt-engine-rpms
 
 If you don't want to build form source you can use a yum repository that
 I created with binaries for Fedora 20 (should work in CentOS as well):
 
 http://jhernand.fedorapeople.org/repo
 
 So, to summarize:
 
 # cat  /etc/yum.repos.d/my.repo .
 [my]
 name=my
 baseurl=http://jhernand.fedorapeople.org/repo
 enabled=1
 gpgcheck=0
 .
 
 # yum -y install \
 ovirt-engine-ssh-authenticator \
 ovirt-engine-nss-directory
 
 # mkdir -p /etc/ovirt-engine/auth.conf.d
 
 # cat  /etc/ovirt-engine/auth.conf.d/local.conf .
 name=local
 enabled=true
 authenticator.type=ssh
 authenticator.module=org.ovirt.engine.core.authentication.ssh
 directory.type=nss
 directory.module=org.ovirt.engine.core.authentication.nss
 .
 
 # systemctl restart ovirt-engine
 
 Then you can login with admin@internal, add some local users and
 permissions, and then use them to login to the GUI or the API.
 
 Take into account that I created these modules as a way to test the new
 authentication infrastructure, so they may have limitations or issues. I
 appreciate any feedback.
 
 
  Am 19.02.2014 15:32, schrieb Sven Kieske: I just looked into my test vm
  with the 3.4 beta
  and I can't see such an user there.
 
  I created an RFE at: https://bugzilla.redhat.com/show_bug.cgi?id=1067036
 
 
  I really hope this can get included in 3.4 (I know it's late)
  as it should be a very very minor change at engine-setup.
 
  Thanks
 
  Am 19.02.2014 14:55, schrieb Sven Kieske

Re: [Users] API read-only access / roles

2014-02-22 Thread Yair Zaslavsky


- Original Message -
 From: Yair Zaslavsky yzasl...@redhat.com
 To: Juan Hernandez jhern...@redhat.com
 Cc: Users@ovirt.org List Users@ovirt.org
 Sent: Sunday, February 23, 2014 8:55:07 AM
 Subject: Re: [Users] API read-only access / roles
 
 
 
 - Original Message -
  From: Juan Hernandez jhern...@redhat.com
  To: Sven Kieske s.kie...@mittwald.de, Users@ovirt.org List
  Users@ovirt.org
  Cc: Itamar Heim ih...@redhat.com, Yair Zaslavsky
  yzasl...@redhat.com
  Sent: Saturday, February 22, 2014 2:22:14 PM
  Subject: Re: [Users] API read-only access / roles
  
  On 02/20/2014 04:51 PM, Itamar Heim wrote:
   On 02/20/2014 05:24 PM, Sven Kieske wrote:
   Hi,
  
   is nobody interested in this feature at all?
   it would be a huge security gain, while lowering
   the bars for having a read only user if this could get shipped with 3.4:
   
   we are very interested, but we want to do this based on the
   authentication re-factoring, which in itself, barely made the 3.4
   timeline.
   Yair - are we pluggable yet, that someone could add such a user by
   dropping a jar somewhere, or still on going work towards 3.5?
 
 As Juan mentioned in his email, it should be possible to plug in at 3.4 as
 well.
 However, we're changing the configuration format at 3.5 as we're changing the
 mechanism to use the extensions mechanism - both Directory and Authenticator
 are extensions, the configuration for
 directory (authorization extension) and authenciator (authentication
 extension) will look a bit different.

CC'ed Sven as well, 
In addition bare in mind as Directory and Authenticator will be extensions, 
there will be some interface change.

Yair

 
 
 
 
   
  
  Pugglability of authentication already works in 3.4. By default it uses
  the previous mechanism, but the administrator can change this. In order
  to change you need to create the /etc/ovirt-engine/auth.conf.d directory
  and then create inside one or more authentication profiles
  configuration files. An authentication profile is a combination of an
  authenticator and a directory. The authenticator is used to check
  the credentials (the user name and password) and the directory is used
  to search users and their details. For example, if you want to use local
  authentication (the users, passwords, and groups of the OS) you can
  create a local.conf file with the following content:
  
#
# The name of the profile. This is what will be displayed in the
# combo box in the login page.
#
name=local
  
#
# Needed to enable the profile, by default all profiles are
# disabled.
#
enabled=true
  
#
# The configuration of the authenticator used by the profile. The
# type and the module are mandatory, the rest are optional and
# the default values are as shown below.
#
authenticator.type=ssh
authenticator.module=org.ovirt.engine.core.authentication.ssh
# authenticator.host=localhost
# authenticator.port=22
# authenticator.timeout=10
  
#
# The configuration of the directory:
#
directory.type=nss
directory.module=org.ovirt.engine.core.authentication.nss
  
  For this to work you need to install some additional modules, which
  aren't currently part of the engine. This is where plugabillity comes in
  place. This modules can be built externally. I created modules for SSH
  authentication and NSS (Name Service Switch) directory. The source is
  available here:
  
  https://github.com/jhernand/ovirt-engine-ssh-authenticator
  https://github.com/jhernand/ovirt-engine-nss-directory
  
  The NSS directory also needs JNA (Java Native Access):
  
  https://github.com/jhernand/ovirt-engine-jna-module
  
  Installing these extensions is very easy, just build from source and
  uncompress the generated .zip files to /usr/share/ovirt-engine/modules.
  In case you don't want to build from source you can use the RPMs that I
  created. The source for the .spec files is here:
  
  https://github.com/jhernand/ovirt-engine-rpms
  
  If you don't want to build form source you can use a yum repository that
  I created with binaries for Fedora 20 (should work in CentOS as well):
  
  http://jhernand.fedorapeople.org/repo
  
  So, to summarize:
  
  # cat  /etc/yum.repos.d/my.repo .
  [my]
  name=my
  baseurl=http://jhernand.fedorapeople.org/repo
  enabled=1
  gpgcheck=0
  .
  
  # yum -y install \
  ovirt-engine-ssh-authenticator \
  ovirt-engine-nss-directory
  
  # mkdir -p /etc/ovirt-engine/auth.conf.d
  
  # cat  /etc/ovirt-engine/auth.conf.d/local.conf .
  name=local
  enabled=true
  authenticator.type=ssh
  authenticator.module=org.ovirt.engine.core.authentication.ssh
  directory.type=nss
  directory.module=org.ovirt.engine.core.authentication.nss
  .
  
  # systemctl restart ovirt-engine
  
  Then you can login with admin@internal, add some local users and
  permissions, and then use them to login to the GUI or the API.
  
  Take into account that I created

Re: [Users] new oVirt look-and-feel -- feature page

2014-02-18 Thread Yair Zaslavsky
Looks really great, can't wait to see more :)


- Original Message -
 From: Greg Sheremeta gsher...@redhat.com
 To: users users@ovirt.org, a...@ovirt.org
 Sent: Tuesday, February 18, 2014 11:19:18 PM
 Subject: new oVirt look-and-feel -- feature page
 
 Hi,
 
 Please check out the feature page for the new oVirt look-and-feel, PatternFly
 based: http://www.ovirt.org/Features/NewLookAndFeelPatternFlyPhase1.
 
 Comments are welcome.
 
 Thanks,
 Greg
 
 Greg Sheremeta
 Red Hat, Inc.
 Sr. Software Engineer, RHEV
 Cell: 919-807-1086
 gsher...@redhat.com
 ___
 Arch mailing list
 a...@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/arch
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


[Users] ovirt test day 2

2014-02-12 Thread Yair Zaslavsky

Hi,
I tested the following:

https://bugzilla.redhat.com/1053646easily collapsible left-pane - was 
not included in test day 1 (I was supposed to test it back then) - works fine.

https://bugzilla.redhat.com/1054209 - read only disks - works fine.

https://bugzilla.redhat.com/1054219 - Only comment is - IMHO it should be 
considered having disks marked as read only (where applicable) in templates - 
disks and perhaps also when showing the disks of each snapshot.

other bugs opened:
https://bugzilla.redhat.com/show_bug.cgi?id=1064601


Yair
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] ovirt 3.4.0-0.5.beta1 and OpenLDAP groups

2014-02-02 Thread Yair Zaslavsky


- Original Message -
 From: Winfried de Heiden - Voorwinde w...@dds.nl
 To: users@ovirt.org
 Sent: Sunday, February 2, 2014 5:09:01 PM
 Subject: [Users] ovirt 3.4.0-0.5.beta1 and OpenLDAP groups
 
 Hi All,
 
 I managed to use OpenLDAP to integrate with oVirt 3.4.0-0.5.beta1. For
 this, I followed (more or less, I used a Raspberry Pi and Raspbian)
 instructions as found on http://www.ovirt.org/LDAP_Quick_Start
 
 It all seems to work well, I am able to connect to a domain, login etc.
 and assign some roles to users.
 However, I cannot use (ldap) groups it seems. I cann add a group in the
 ovirt gui, but (in the tab General) Active remain false.
 
 A I missing something...?

HI Winfried, I have a question for you -
When you add the group , can you use one of its user to perform an operation 
the group has permission to perform? for example, if the group has login 
permissions, can you login with a user that belongs to the group?
I'm looking at the code, and this might be an issue that the active flag is 
simply not set on a group.

 
 Winfried
 
 
 
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] ovirt 3.4.0-0.5.beta1 and OpenLDAP groups

2014-02-02 Thread Yair Zaslavsky


- Original Message -
 From: Itamar Heim ih...@redhat.com
 To: Yair Zaslavsky yzasl...@redhat.com, Winfried de Heiden - Voorwinde 
 w...@dds.nl
 Cc: users@ovirt.org
 Sent: Monday, February 3, 2014 1:32:00 AM
 Subject: Re: [Users] ovirt 3.4.0-0.5.beta1 and OpenLDAP groups
 
 On 02/02/2014 11:01 PM, Yair Zaslavsky wrote:
 
 
  - Original Message -
  From: Winfried de Heiden - Voorwinde w...@dds.nl
  To: users@ovirt.org
  Sent: Sunday, February 2, 2014 5:09:01 PM
  Subject: [Users] ovirt 3.4.0-0.5.beta1 and OpenLDAP groups
 
  Hi All,
 
  I managed to use OpenLDAP to integrate with oVirt 3.4.0-0.5.beta1. For
  this, I followed (more or less, I used a Raspberry Pi and Raspbian)
  instructions as found on http://www.ovirt.org/LDAP_Quick_Start
 
  It all seems to work well, I am able to connect to a domain, login etc.
  and assign some roles to users.
  However, I cannot use (ldap) groups it seems. I cann add a group in the
  ovirt gui, but (in the tab General) Active remain false.
 
  A I missing something...?
 
  HI Winfried, I have a question for you -
  When you add the group , can you use one of its user to perform an
  operation the group has permission to perform? for example, if the group
  has login permissions, can you login with a user that belongs to the
  group?
  I'm looking at the code, and this might be an issue that the active flag
  is simply not set on a group.
 
 Yair - why would active be set on a group?

Itamar - I don't think there is a sense in that.
At engine-core-  not being set.
At UI - I think the code should be revisited, in AdElementListModel there are 
places where we create user objects and store in side them group information. 
later on we store these objects at the groups collection of the model, and this 
model is being used to present the list of users and groups. 
 
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] Ovirt 3.4 - Fail to set permissions to VM

2014-01-29 Thread Yair Zaslavsky
Yes,
A fix was already submitted for review.


- Original Message -
 From: Jonas Israelsson jo...@israelsson.com
 To: Oved Ourfalli ov...@redhat.com
 Cc: users@ovirt.org, Juan Hernandez jhern...@redhat.com, Yair Zaslavsky 
 yzasl...@redhat.com
 Sent: Wednesday, January 29, 2014 2:44:46 PM
 Subject: Re: [Users] Ovirt 3.4 - Fail to set permissions to VM
 
 
 On 29/01/14 07:29, Oved Ourfalli wrote:
  Hi Jonas
 
  Apparently there is a quite new bug open about this issue
  (https://bugzilla.redhat.com/1057147).
  CC-ing Juan and Yair - perhaps the'll know what's the source of the issue,
  as I think they were the last ones to make changes in it.
 Jupp, got it.
 
 Sorry for not checking there first..
 
 
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] Manage domains

2014-01-23 Thread Yair Zaslavsky


- Original Message -
 From: Itamar Heim ih...@redhat.com
 To: Maurice James midnightst...@msn.com, users@ovirt.org, Barak Azulay 
 bazu...@redhat.com, Juan Antonio
 Hernandez Fernandez jhern...@redhat.com
 Sent: Thursday, January 23, 2014 11:03:48 PM
 Subject: Re: [Users] Manage domains
 
 On 01/23/2014 08:06 PM, Maurice James wrote:
 
  No matter what provider I use, it keeps complaining about kerberos
  
  From: midnightst...@msn.com
  To: users@ovirt.org
  Date: Thu, 23 Jan 2014 12:13:03 -0500
  Subject: [Users] Manage domains
 
  In version 3.4. The authentication has been refactored. How do I add
  389-ds as my authentication backend without the use of Kerberos? This
  was supposed to be possible in 3.4

H
 
  ___ Users mailing list
  Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
 
 
  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users
 
 
 the refactoring happened, I'm not sure the new functionality made it.
 maybe if its low risk could be looked at for following through.

Hi, the refactoring included introduction of new infrastructure to support 
loose coupling between authentication and directory related operations.
It also includes a tested bridge - between the new interfaces and the old 
code.
The new ldap directory code is still under development. 
manage-domains is still working only with Kerberos for authentication.

You can see more at 
http://www.ovirt.org/Features/Authentication-Rewrite

You will see that what I described in this email is related to Phase 1

Hope this helps ,
Yair



 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] Problem adding an IPA server to oVirt

2014-01-20 Thread Yair Zaslavsky
Hi Adam,
Looks like you have problems in running the Root DSE query.
I would like you to try and troubleshoot by comparing this to the execution of -

ldapsearch -x -h YOUR_IPA_SERVER_IP_ADDRESS -s base

- Original Message -
 From: Adam Litke ali...@redhat.com
 To: users@ovirt.org
 Sent: Tuesday, January 21, 2014 12:12:03 AM
 Subject: [Users] Problem adding an IPA server to oVirt
 
 Hi,
 
 I am trying to set up an oVirt environment with an IPA provider and
 am hitting a GeneralException that I am unsure how to debug.  I have
 configured freeIPA in a Fedora VM using the supplied configuration
 script and I can 'kinit admin' from the ovirt-engine machine.  When I
 run the manage-domains command I get the following exception:
 
 I didn't realize it, but I had to add _kerberos srv records to my
 dnsmasq.conf in order for the script to even find my KDC.
 
 ./engine-manage-domains -action=add -provider=IPA -domain=alitke.net
 -user=admin -interactive -ldapServers=directory.alitke.net
 Enter password:
 General error has occurednull
 java.lang.NegativeArraySizeException
   at
 sun.security.jgss.krb5.CipherHelper.aes256Encrypt(CipherHelper.java:1367)
   at
 sun.security.jgss.krb5.CipherHelper.encryptData(CipherHelper.java:722)
   at
 sun.security.jgss.krb5.WrapToken_v2.init(WrapToken_v2.java:200)
   at
 sun.security.jgss.krb5.Krb5Context.wrap(Krb5Context.java:861)
   at
 sun.security.jgss.GSSContextImpl.wrap(GSSContextImpl.java:385)
   at
 com.sun.security.sasl.gsskerb.GssKrb5Base.wrap(GssKrb5Base.java:104)
   at
 com.sun.jndi.ldap.sasl.SaslOutputStream.write(SaslOutputStream.java:89)
   at
 com.sun.jndi.ldap.Connection.writeRequest(Connection.java:430)
   at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:555)
   at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
   at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
   at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
   at
 com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
   at
 com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
   at
 com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
   at
 javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
   at
 org.ovirt.engine.core.ldap.RootDSEData.init(RootDSEData.java:52)
   at
 org.ovirt.engine.core.utils.kerberos.JndiAction.getDomainDN(JndiAction.java:254)
   at
 org.ovirt.engine.core.utils.kerberos.JndiAction.run(JndiAction.java:87)
   at java.security.AccessController.doPrivileged(Native Method)
   at javax.security.auth.Subject.doAs(Subject.java:356)
   at
 org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.promptSuccessfulAuthentication(KerberosConfigCheck.java:174)
   at
 org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.validateKerberosInstallation(KerberosConfigCheck.java:150)
   at
 org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.checkInstallation(KerberosConfigCheck.java:135)
   at
 org.ovirt.engine.core.domains.ManageDomains.checkKerberosConfiguration(ManageDomains.java:739)
   at
 org.ovirt.engine.core.domains.ManageDomains.testConfiguration(ManageDomains.java:909)
   at
 org.ovirt.engine.core.domains.ManageDomains.addDomain(ManageDomains.java:531)
   at
 org.ovirt.engine.core.domains.ManageDomains.runCommand(ManageDomains.java:308)
   at
 org.ovirt.engine.core.domains.ManageDomains.main(ManageDomains.java:205)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
   at
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:606)
   at org.jboss.modules.Module.run(Module.java:260)
   at org.jboss.modules.Main.main(Main.java:291)
 Failure while testing domain %1$s. Details: %2$s: One of the
 parameters for this error is null and no default message to show
 
 Any thoughts on what might be going wrong?
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] New user to oVirt, and I haz a sad so far...

2014-01-17 Thread Yair Zaslavsky
Gabi, why not share with us engine.log for your failure of adding the disk?

Yair


- Original Message -
 From: Gabi C gab...@gmail.com
 To: Will Dennis (Live.com) willardden...@live.com
 Cc: users@ovirt.org
 Sent: Friday, January 17, 2014 9:53:55 AM
 Subject: Re: [Users] New user to oVirt, and I haz a sad so far...
 
 've been there! :-D
 
 I mean exactly same issuse you had on Centos, I had on Fedora 19.
 Did you disable selinux on nodes? 'cause that's what is causing SSh
 connection closing
 
 My setup:
 
 1 engine on vmware  - fedora 19, up-to-date
 
 
 2 nodes on IBM x series 3650  - fedora 19 based -oVirt Node - 3.0.3 -
 1.1.fc19 with nodes beig in glusterfs cluster also.
 
 
 Right now, I'm banging my head against Operation Add-Disk failed to
 complete. , message I have got after adding a new virtual machine and try
 to addd its disk
 
 
 On Fri, Jan 17, 2014 at 6:08 AM, Will Dennis (Live.com) 
 willardden...@live.com wrote:
 
  Hi all, ready for a story? (well, more of a rant, but hopefully it will be
  a
  good UX tale, and may even be entertaining.)
 
  Had one of the groups come to me at work this week and request a OpenStack
  setup. When I sat down and discussed their needs, it turns out that they
  really only need a multi-hypervisor setup where they can spin up VMs for
  their research projects. The VMs should be fairly long-lived, and will have
  persistent storage. Their other request is that the storage should be local
  on the hypervisor nodes (they plan to use Intel servers with 8-10 2TB
  drives
  for VM storage on each node.) They desire this in order to keep the VM I/O
  local - they do not have a SAN of any sort anyhow, and they do not care
  about live migration, etc.
 
  In any case, knowing that they did not want to afford a VMware setup (which
  is what I'm used to using), I proposed using oVirt to fill their needs,
  having heard and read up on it a bit (It's open-source VMware, right?)
  even though I had not used it before (I have however made single-node KVM
  hypervisors for their group before, utilizing Open vSwitch, libvirt,
  virt-manager etc., so I'm not completely ignorant of KVM/libvirt etc.)
 
  In any case, I took one of their older servers which was already running
  CentOS 6.5, installed the requisite packages on it, and in short order had
  an engine server up and running (oVirt 3.3.2). That seems to have been the
  easy part :-/  Now came the installation of a hypervisor node. I downloaded
  and burned an ISO of the latest oVirt node installer
  (ovirt-node-iso-3.0.3-1.1.vdsm.fc19.iso) and tried to install it on one of
  their target Intel servers. On the 1st try I got to the end of the setup
  TUI, invoked the Install link, and was promptly thrown an error (sorry, but
  forgot what it was, something like press X for a command prompt, or
  Reboot.) No problem, I rebooted, selected booting off the CD again, waited
  until the TUI came up, and when I tried to move past the first screen, it
  threw me out to a login prompt. OK, enough of that (the server takes a long
  time to reboot, and then boot off the CD) - I then thought I would try it
  on
  a VMware Workstation VM (yes, I get the irony, but VMware wkstn can handle
  nested virt, so it's a great testbed platform for OpenStack, etc.) because
  that would install a heck of a lot faster. That went a lot better - got the
  oVirt node 3.0.3 installed on the first try.
 
  More pain was soon to follow, however.  I logged in and started configuring
  the node. The TUI was easy enough - much like an ESXi node ;)  I set the
  NIC
  to IPv4 static, entered in the correct IP info, registered a DNS name for
  the IP I had assigned, and then tested pinging the engine, all was good. I
  then moved on to the section where you define the engine. I entered in the
  FQDN of the engine, verified the key fingerprint, and clicked the Save and
  Register link at the bottom. That seemed to work, so I completed the rest
  of the TUI, and then looked at the oVirt engine web UI. There was my new
  node, ready for authorization. I clicked the link to authorize it, and
  after
  a while, the UI came back with Install Failed status. Hmmm. So I went
  back
  to the node's TUI, and now some of the screens said that the IP addr was
  unconfigured? I went then to the Network screen, and sure enough, the NIC
  at
  the bottom showed Unconfigured. WTF? So I went and entered in the correct
  info back in the IPv4 section, and then arrowed down to the Save link and
  clicked it - and the next screen said something like No info needing
  changes, nothing to do. Wh? Went back to the network setup screen, NIC
  still showing Unconfigured even though the IPv4 info still was there. I
  did a ping test at this point from the Ping link on the network setup page,
  and what do you know - I could still ping IP's (the engine, the default gw,
  etc.) But as I moved around the TUI, other screens still said that the
  network was 

Re: [Users] Ovirt Engine single point of failure

2014-01-09 Thread Yair Zaslavsky


- Original Message -
 From: Hans Emmanuel hansemman...@gmail.com
 To: users@ovirt.org
 Sent: Friday, January 10, 2014 7:40:23 AM
 Subject: [Users] Ovirt Engine single point of failure
 
 Hi all ,
 
 I am planning to setup an ovirt cluster with two hosts + 1 ovirt engine .
 But this setup have a draw back of single point of failure chance for
 ovirt engine. So what happens if ovirt engine goes down ? All VMs will be
 down ? Or it wont affect  the ovirt nodes and VMs ?  Please advice /

Hi,
If ovirt engine crashes, your VMs will not go down.

 
 --
 *Hans Emmanuel*
 
 *NOthing to FEAR but something to FEEL..*
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


Re: [Users] Ovirt Engine single point of failure

2014-01-09 Thread Yair Zaslavsky
Alan,
IMHO this is not the scenario described in the original question - or maybe I 
did not understand well the original question?
I assume the original question is about a scenario where engine restarts, and 
not about a catastrophic failure as you describe here.


- Original Message -
 From: Alan Murrell li...@murrell.ca
 To: users@ovirt.org
 Sent: Friday, January 10, 2014 9:01:14 AM
 Subject: Re: [Users] Ovirt Engine single point of failure
 
 OK, so just so I understand this, in the described scenario of three
 servers: one management server/engine and two nodes, let's say the
 management server suffers catastrophic hard disk failure where no data
 can be recovered from it, nor were any backups made.
 
 Is it possible to perform a new installation of ovirt-engine, add the
 two existing nodes, and everything just works?  Or would you at least
 need to do some reconfiguring (e.g., re-add the logical networks etc.)
 
 Basically, even though the nodes were part of the now-dead ovirt-engine,
 there would be no problem in getting them added in to the
 newly-installed ovirt-engine?
 
 -Alan
 
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


  1   2   >