Re: [ovirt-users] ansible and list of vms

On Tue, May 9, 2017 at 6:52 PM, Nathanaël Blanchet wrote: > Hello, > > I didn't find anyway to easy list all my vms thanks to the ansible > modules... > I tried the ovirt4.py script which is able to list the whole facts, so vms > list, when the number of them is small in a test datacenter, but in

Re: [ovirt-users] ansible and list of vms

was possible to do > the same with an ansible module. > > That's mean we need several tools to do different tasks, it is not a very > convergent way to proceed... but it is feasable. > > Le 10/05/2017 à 07:56, Ondra Machacek a écrit : > > > > On Tue, May 9, 2017 at

Re: [ovirt-users] ansible and list of vms

On Wed, May 10, 2017 at 12:38 PM, Nathanaël Blanchet wrote: > Le 10/05/2017 à 10:29, Ondra Machacek a écrit : > > Not sure I understand. You can use Ansible module to list VMs, you > can use ovirt_vms _facts[1] module. > > For example to get only stopped VMs, you can use fol

Re: [ovirt-users] ansible and list of vms

module shipped with 2.3. > > Knowing that each *facts module has the same structure auth/pattern, is > there a way to play a generic playbook independant from the role, like: > > - hosts: localhost > connection: local > roles: > - ovirt_facts (with somewhere a variab

Re: [ovirt-users] slow kerberos authentication

I am not aware of anything, but debug log of all aaa stuff would help, to understand what takes the most time. - org.ovirt.engineextensions.aaa.ldap - org.ovirt.engineextensions.aaa.misc - org.ovirt.engine.core.aaa - org.ovirt.engine.core.sso To enable it in runtime, please follow: https://

Re: [ovirt-users] slow kerberos authentication

ovirt-engine-extension-aaa-ldap-1.0/README#L377 But I think better to use JBoss CLI, you don't have to restart oVirt engine then. > > > > > > Le 12 mai 2017 à 09:25, Ondra Machacek a écrit : > > > > I am not aware of anything, but debug log of all aaa

Re: [ovirt-users] slow kerberos authentication

This is new feature in aaa-ldap tracked here[1]. By default for AD profiles we use this feature, and it should increase performance in most cases. But if this is not the case for you, can you just try to change the profile from: include = to include = And see if it will be better? [1] htt

Re: [ovirt-users] ansible and list of vms

x27;id') | join(' ') }}" > > or something like > > msg: "{{ ovirt_snapshots.vm | map(attribute='name') | map(attribute='id') > | join(' ') }}" > > Thanks for helping. > > ps: I tried nearly all modules, and the pe

Re: [ovirt-users] add direct LUN disk to a VM with python SDK

I've sent following example to our Python SDK, feel free to try and review: https://gerrit.ovirt.org/#/c/77003/1 Also you may checkout relevant Ansible module, which support this functionality as well: http://docs.ansible.com/ansible/ovirt_disks_module.html On Wed, May 17, 2017 at 1:21 PM, G

Re: [ovirt-users] adding a nic with its network with ansible module

Hi, this was fixed by the this PR[1], but it didn't get to 2.3. So if it's OK to you you can download the ovirt_nics module from the devel branch and add it to your library path. [1] https://github.com/ansible/ansible/pull/22684 On Mon, May 22, 2017 at 11:34 AM, Nathanaël Blanchet wrote: > Hel

Re: [ovirt-users] active directory

Or you can try the migration tool: https://github.com/oVirt/ovirt-engine-kerbldap-migration Check the README, there are instructions how to procceed. On Wed, Jun 7, 2017 at 8:33 AM, Latchezar Filtchev wrote: > This can help you: > > > > http://lists.ovirt.org/pipermail/users/2016-September/042

Re: [ovirt-users] active directory

O== > Execution === > 2017-06-08 11:26:09,698+08 INFO > ==== > 2017-06-08 11:26:09,698+08 INFOIteration: 0 > 2017-06-08 11:26:09,699+0

Re: [ovirt-users] ovirt can't find user

How do you login? Do you use webadmin or API/SDK, if using SDK, don't you use kerberos=True? On Wed, Jun 28, 2017 at 5:21 PM, Fabrice Bacchella wrote: > I tried to add a user in ovirt, but it's not identified: > 2017-06-28 16:48:48,505+02 ERROR > [org.ovirt.engine.core.sso.utils.NegotiateAuthUtil

Re: [ovirt-users] ovirt can't find user

On Thu, Jun 29, 2017 at 5:16 PM, Fabrice Bacchella wrote: > >> Le 29 juin 2017 à 14:42, Fabrice Bacchella a >> écrit : >> >> >>> Le 29 juin 2017 à 13:41, Ondra Machacek a écrit : >>> >>> How do you login? Do you use webadmin or API/SDK, i

Re: [ovirt-users] user permissions

Please read the description of this commit: https://gerrit.ovirt.org/#/c/74173/ Change the value of property 'ENGINE_API_FILTER_BY_DEFAULT' to true, and it will work, if you use 4.1.1. On Wed, Jul 5, 2017 at 5:55 PM, Fabrice Bacchella wrote: > I'm trying to give a user the permissions to stop

Re: [ovirt-users] ovirt can't find user

On Tue, Jul 4, 2017 at 6:05 PM, Fabrice Bacchella wrote: > >> Le 1 juil. 2017 à 09:09, Fabrice Bacchella a >> écrit : >> >> >>> Le 30 juin 2017 à 23:25, Ondra Machacek a écrit : >>> >>> On Thu, Jun 29, 2017 at 5:16 PM, Fabrice Bacchella &

Re: [ovirt-users] Active Directory authentication setup

This is most probably certificate issue. Can you please share output of following command: $ ldapsearch -d 1 -H ldaps://DC3.home.doonga.org -x -s base -b '' And also the output of following command: $ openssl x509 -in /path/to/your/active_diretory_ca.pem -text -noout Are you sure you added a

Re: [ovirt-users] user can see other user's vms

Hi, one possible way is to add PowerUserRole to user on datacenter where you want the users to operate. That way, they only can create VMs from templates which are public or they have direct permissions on and if the VM is created they can use only that VM, and not any other. On Wed, Jul 26, 2017

Re: [ovirt-users] oVirt LDAP user authentication troubleshooting

The best is to use this tool: $ ovirt-engine-extensions-tool --log-level=FINEST aaa search --extension-name=your-openldap-authz-name --entity-name=myuser It prints pretty verbose output, which you can analyze. On Mon, Aug 7, 2017 at 9:01 AM, NUNIN Roberto wrote: > I’ve two oVirt 4.1.4.2-1 pods

Re: [ovirt-users] installation of hosts using public key

On Thu, Aug 10, 2017 at 2:12 PM, Fabrice Bacchella < fabrice.bacche...@orange.fr> wrote: > > Le 10 août 2017 à 10:52, Ondra Machacek a écrit : > > > > Creates a new host. The host is created based on the attributes of >> the host parameter. The name, address an

Re: [ovirt-users] testing REST API

On Fri, Aug 18, 2017 at 11:38 PM, wodel youchi wrote: > > Hi; > > I am reading the REST API Guide, it's the first time that I am testing this. > > I have hard time to use OAuth authentication to make queries. > > I can get the token with curl and with a firefox REST module > curl --cacert ca.crt -

Re: [ovirt-users] oVirt automation through Ansible and cloud-init in oVirt 4.1.5 + Ansible 2.3.1

On Sat, Sep 9, 2017 at 2:02 AM, Julián Tete wrote: > oVirt Version: 4.1.5 > > Ansible: 2.3.1 > > Hello Friends of oVirt > > I want to automate the creation, provisioning and deployment of virtual > machines in oVirt, using Ansible. > > I want to use a non-cloud image for the template. It has cloud

Re: [ovirt-users] ansible ovirt_vms parameter cloud_init_nics

On Wed, Sep 27, 2017 at 9:32 AM, TranceWorldLogic . wrote: > Hi, > > I was trying to initialize more than one nic via cloud init using ansible as > shown below > > vars: >myNicList: [ { nic_name: "eth0, nic_boot_protocol: "dhcp", nic_on_boot: > "true"},{ nic_name: "eth0, nic_boot_protocol: "dh

Re: [ovirt-users] Failure while using ovirt-image-template role

On Thu, Sep 28, 2017 at 12:23 AM, Marc Seward wrote: > Hi, > > I'm trying to use the ovirt-image-template role to import a Glance image as > a template into ovirt and I'm running into this error with > python-ovirt-engine-sdk4-4.1.6-1.el7ev.x86_64 > > I'd appreciate any pointers. > > > TASK [ovirt

Re: [ovirt-users] Having issue with external IPA

On Sun, Oct 1, 2017 at 1:07 PM, Yan Naing Myint wrote: > Hello guys, > > I'm having problem with adding users from my FreeIPA server to oVirt. > 1. Status of ovirt-engine-extension-aaa-ldap-setup is success with RHDS > 2. I cannot add IPA users in oVirt webadmin panel > 3. In oVirt web admin panel

Re: [ovirt-users] How to import a qcow2 disk into ovirt

Check this log file on engine machine: /var/log/ovirt-imageio-proxy/image-proxy.log And this on the host which is used to upload: /var/log/ovirt-imageio-daemon/daemon.log Any errors there? On Wed, Oct 4, 2017 at 2:38 PM, nicola.gentile.to wrote: > Thanks Alexander, > > nothing not work > al

Re: [ovirt-users] Fwd: ovirt-engine-extension-aaa-ldap active directory

It fails on SSL handshake: sun.security.validator.ValidatorException: No trusted certificate found How did you create 'polito.it.jks' file? By aaa-setup tool? Are use sure you've entered correct CA certificate there? On Wed, Oct 11, 2017 at 1:30 PM, nicola gentile wrote: > 2017-10-11 10:11 GMT+

Re: [ovirt-users] Fwd: ovirt-engine-extension-aaa-ldap active directory

> I noticed that the CA certificate was expired, than I download new > certificate and I run aaa-setup tool. > > is there a specific place to put the certificate file ca? I put in root home. > > Thank a lot > > Nick > > 2017-10-11 14:18 GMT+02:00 Ondra Machac

Re: [ovirt-users] Fwd: ovirt-engine-extension-aaa-ldap active directory

PM, nicola gentile wrote: > I do this already. > The CA certificate that i download is fine also for ldap? > > Nick > > 2017-10-11 14:56 GMT+02:00 Ondra Machacek : >> You can download it just a temporary, for example to /tmp. >> Then aaa-setup-tool wil create jks file

Re: [ovirt-users] Testing ansible playbook against a mock engine?

On Wed, Oct 25, 2017 at 9:40 AM, Luca 'remix_tj' Lorenzetto wrote: > Hello, > > i'm planning to create a big standardization playbook for my > environment to ensure that all the required configs (networks, hosts, > host's nics and networks) are correctly set up. > Since i don't want to test ag

[ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

Hi, just tried it too. I was not successfull to reproduce, but the problem is that the domain part of LDAPSecurityAuthentication is uppercase as Cameron wrote. In 3.4 it is OK when it's upper case - everything works OK, but in 3.5 it's not. I checked differences and something like this would be

Re: [ovirt-users] Adding domain to oVirt to 3.5 issue

Please try to run your command with domain in lower case: engine-manage-domains add --domain=siee.local --provider=ad --user=Administrator - Original Message - > From: "Alon Bar-Lev" > To: "Juan Jose" > Cc: users@ovirt.org, "Yair Zaslavsky"

Re: [ovirt-users] Adding domain to oVirt to 3.5 issue

ion'" - Original Message - > From: "Alon Bar-Lev" > To: "Ondra Machacek" > Cc: jj197...@gmail.com, users@ovirt.org, "Yair Zaslavsky" > > Sent: Monday, November 24, 2014 1:49:11 PM > Subject: Re: [ovirt-users] Adding domain to oVir

Re: [ovirt-users] Adding domain to oVirt to 3.5 issue

vdc_options set > option_value='siee.local:GSSAPI' where > option_name='LDAPSecurityAuthentication'", I receive the same response: > > psql: FATAL: Ident authentication failed for user "engine" > > Is there any problem? > > Many than

Re: [ovirt-users] Adding domain to oVirt to 3.5 issue

Alon Bar-Lev" > To: "Juan Jose" > Cc: "Ondra Machacek" , "Yair Zaslavsky" > , users@ovirt.org > Sent: Tuesday, November 25, 2014 1:49:20 PM > Subject: Re: [ovirt-users] Adding domai

Re: [ovirt-users] Adding domain to oVirt to 3.5 issue

Also, can you please try to search within this domain, not only login to it? Does it fail or works good? (in webadmin go to users tab and click add, select your domain and search for users). - Original Message - > From: "Alon Bar-Lev" > To: "Juan Jose" >

Re: [ovirt-users] Adding domain to oVirt to 3.5 issue

--- Original Message - > From: "Juan Jose" > To: "Alon Bar-Lev" > Cc: "Ondra Machacek" , "Yair Zaslavsky" > , users@ovirt.org > Sent: Friday, November 28, 2014 1:03:30 PM > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > >

Re: [ovirt-users] Info on changing IPA server hostname in oVirt

Hi, please take a look here[1]. [1] - https://bugzilla.redhat.com/show_bug.cgi?id=1156577 - Original Message - > From: "Gianluca Cecchi" > To: "users" > Sent: Wednesday, December 10, 2014 4:11:30 PM > Subject: [ovirt-users] Info on changing IPA server hostname in oVirt > > Hello, > in

Re: [ovirt-users] Info on changing IPA server hostname in oVirt

Fix is not included in ovirt-engine-3.5.0.1-1.el6.noarch. It's fixed since org.ovirt.engine-root-3.5.0-18. You can find newer version here[1]. [1] - http://resources.ovirt.org/pub/ovirt-3.5-snapshot/ - Original Message - > From: "Gianluca Cecchi" > To: "Ond

Re: [ovirt-users] Info on changing IPA server hostname in oVirt

Alon, can you advice, please? - Original Message - > From: "Gianluca Cecchi" > To: "Ondra Machacek" > Cc: "users" > Sent: Wednesday, December 10, 2014 5:25:40 PM > Subject: Re: [ovirt-users] Info on changing IPA server hostname in oVir

Re: [ovirt-users] how to rename disk alias on python sdk

Hi, update method has now only vm disk, not floating disk. Ondra - Original Message - > From: "Amedeo Salvati" > To: users@ovirt.org > Sent: Thursday, December 11, 2014 11:29:07 AM > Subject: [ovirt-users] how to rename disk alias on python sdk > > Hello all, > > I want to rename a di

Re: [ovirt-users] Setting Base DN for LDAP authentication

Hi, On 01/09/2015 07:31 AM, jdel...@web.de wrote: Hello, I'm trying to configure LDAP authentication with oVirt 3.5 and ovirt-engine-extension-aaa-ldap. I chose the simple bind transport example. But the given examples are missing the explicit specification of a base dn. Could you please adv

Re: [ovirt-users] Error authenticating bind using the AAA OpenLDAP module

Hi, On 01/14/2015 04:53 PM, Bruno Rodriguez wrote: Good afternoon, We cannot access to Ovirt using LDAP authentication against our openldap server. We created the following files in /etc/ovirt-engine/extensions.d (the organization name is not example.org and the passwords a

Re: [ovirt-users] Error authenticating bind using the AAA OpenLDAP module

x27;s unable to bind anyway ... Thank you, Bruno On Wed, Jan 14, 2015 at 5:50 PM, Ondra Machacek mailto:omach...@redhat.com>> wrote: Hi, On 01/14/2015 04:53 PM, Bruno Rodriguez wrote: Good afternoon, We cannot access to Ovirt using LDAP authentication against

Re: [ovirt-users] Error authenticating bind using the AAA OpenLDAP module

On 01/15/2015 10:36 AM, Alon Bar-Lev wrote: - Original Message - From: "Bruno Rodriguez" To: "Ondra Machacek" Cc: "Esther Accion" , users@ovirt.org Sent: Thursday, January 15, 2015 11:20:57 AM Subject: Re: [ovirt-users] Error authenticating bind usin

Re: [ovirt-users] oVirt 3.5.1 user permissions

On 01/29/2015 09:35 AM, Nikolai Bochev wrote: Hello, I've been running ovirt hosted engine for around a month already without any major interruptions. Last week i tied it to freeipa, to be able to give permissions to other people, but so far no success because of the following problem : All u

Re: [ovirt-users] oVirt 3.5.1 user permissions

ll ? On Thu, Jan 29, 2015 at 10:56 AM, Ondra Machacek mailto:omach...@redhat.com>> wrote: On 01/29/2015 09:35 AM, Nikolai Bochev wrote: Hello, I've been running ovirt hosted engine for around a month already without any major interruptions. Last we

Re: [ovirt-users] AAA

On 01/29/2015 11:41 AM, Koen Vanoppen wrote: Can somebody help me setting up AAA for ovirt 3.5.1? I'm getting this now: 2015-01-29 11:35:36,889 WARN [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread 1-1) [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot initia

Re: [ovirt-users] AAA

needed for new provider. It searches for global catalog like this: dig @${vars.dns} -t SRV _gc._tcp.${vars.domain} So you need to have this SRV record in DNS, if you want to use srvrecord serverset type. Or you don't have to if you use single server type. Thanks for the reply! 2015-01-29

Re: [ovirt-users] AAA

in.com> in the dns... Isn't there another > > > way it just resolves the dns servers I gave him? > > > > > > > Microsoft Domain controller must have gc service entry within DNS to work > > properly. > > 1. Are you sure you have Microsoft

Re: [ovirt-users] AAA

> > > > > > Microsoft Domain controller must have gc service entry within DNS to work > > properly. > > 1. Are you sure you have Microsoft DNS installed on srvdc03.mydomain.com <http

Re: [ovirt-users] AAA

ord is that you didn't have them never and you just used '--ldapServers' parameter, that's why manage-domains worked with your domain. Now you are using DNS, not static configuration of ldap servers. 2015-01-29 14:48 GMT+01:00 Ondra Machacek mailto:omach...@redhat.com>>

Re: [ovirt-users] Ovirt qouta

Assigning it to group and add your users into that group should do the job. On 02/04/2015 11:04 PM, Donny Davis wrote: Does anyone know if there if a way to set quotas without manually doing it for each user. As many of you already know I am the proprietor of cloudspin.me where I offer IaaS f

Re: [ovirt-users] WebGUI: User permissions to Data Center

Hi, On 03/24/2015 09:52 AM, shimano wrote: > Hi guys, > > I'd like my users to have access to their VMs via Web UserPortal. And I've > got it but only in a half, because they see their VMs in Basic view where > they cannot create or manage VMs. In Extended view they have an error: > > "Not avail

Re: [ovirt-users] WebGUI: User permissions to Data Center

enario of use? > > But my next question is: Can VM Pools be created and managed from User > Portal? No, it's not possible. You can only use it, if you have appropriate permissions. > > > 2015-03-24 10:14 GMT+01:00 Ondra Machacek : > >> Hi, >> >&g

Re: [ovirt-users] Strange issue after upgrade

Hi, do you use ovirt-3.6? If yes and you run 'yum update', then please run also 'engine-setup' again. For more info please read: /usr/share/doc/ovirt-engine-extension-aaa-jdbc-1.0.4/README.admin Ondra On 12/16/2015 11:55 AM, Stefano Danzi wrote: Hello, today yum ugraded my ovirt environment

Re: [ovirt-users] AAA/ldap/3.6 Issues - WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize LDAP framework, deferring initialization.

Hi, if I read your logs correctly than you are using IPv6 and no IPv4, right? ovirt-engine-extension-aaa-ldap-setup was designed to be easy and support only very basic setups, so there is not support to properly configure it. If the above is true, you have two options, which should help you. 1

Re: [ovirt-users] [BUG] Cannot remove quota

One possible way is to change DataCenter quota mode to Disabled. Then you can remove quota which is assigned to vm. On 01/15/2016 10:41 AM, zhangjian2011 wrote: HI, all: I found that if the quota is applied to a VM, then the quota can’t be remove. (Even if I change DataCenter to Aud

Re: [ovirt-users] [BUG] Cannot remove quota

ow. (the quota tab disappeared) So I can't remove quota. Is there any other way to delete it?? Regards, Jian On 01/15/2016 11:29 PM, Ondra Machacek wrote: One possible way is to change DataCenter quota mode to Disabled. Then you can remove quota which is assigned to vm. On

Re: [ovirt-users] AAA/ldap/3.6 Issues - WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize LDAP framework, deferring initialization.

Hi, I can see that 'ovirt-engine-aaa-ldap-setup' successfully connect to 'ldap://bbgpvmas100.prozess.bbg:389', but later it says connection refused on to 'bbgpvmas100.prozess.bbg/10.157.8.25:389'. Don't you have more 'A' records set for 'bbgpvmas100.prozess.bbg'? Can you please assure that yo

Re: [ovirt-users] not able to select profile in console after update

Hi, You cannot see it only in UserPortal or also in Webadmin? Can you please send engine.log? Maybe you hit same issue as described here[1]. Ondra [1] http://lists.ovirt.org/pipermail/users/2016-January/037313.html On 01/18/2016 05:24 PM, Johan Vermeulen wrote: Hello All, I have installed a

Re: [ovirt-users] oVirt 3.6.1 with FreeIPA Auth domain performance

Hi, the best thing you can do is to migrate to new AAA ldap[1], as anyway you will have to do so in 4.0, as manage-domains will be removed, so I think better invest time to migration, then to searching for root cause. We will be happy to help you with migration. You can also try migration tool[2]

Re: [ovirt-users] User cannot add a disk to a VM - permission error

On 03/09/2016 05:02 AM, Will Dennis wrote: Trying to understand the oVirt user permissions system… I have a user who I have granted the “PowerUserRole” role to, with the role description being “User Role, allowed to create VMs, Templates and Disks.” When I log into the User Portal with this us

Re: [ovirt-users] User with extended tab in User Panel?

It's bug[1], should be fixed in 3.6.5. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1316849 On 03/19/2016 09:11 AM, James Michels wrote: Sorry, there was an another one: UserProfileEditor on (System) which someone mistakenly granted probably, but removing it makes no difference, user still s

Re: [ovirt-users] Hosted engine Single Sign-On to VM with freeIPA not working

Hi, your authz name should match kerberos name. So please change your authz name from 'DOMAIN-authz' to 'DOMAIN' Please see this bz[1] for more detail. Ondra [1] https://bugzilla.redhat.com/show_bug.cgi?id=1133137#c7 On 03/17/2016 04:22 PM, Paul wrote: Hi, I am having an issue with getting

Re: [ovirt-users] Hosted engine Single Sign-On to VM with freeIPA not working

setting user credentials) Any suggestions? -----Original Message- From: Ondra Machacek [mailto:omach...@redhat.com] Sent: donderdag 17 maart 2016 16:58 To: Paul ; users@ovirt.org Subject: Re: [ovirt-users] Hosted engine Single Sign-On to VM with freeIPA not working Hi, your authz name should match

Re: [ovirt-users] Active Directory (LDAP) user auth is slow

Hi, if you remove user, then also permissions of that user to vms will be removed. And yes, you will have to add all those permissions back to users from new profile. But, you can try migration tool[1], to migrate all users to new AAA profile. If you have any problem with it, you can ask. On

Re: [ovirt-users] Active Directory (LDAP) user auth is slow

On 03/24/2016 03:02 PM, Karli Sjöberg wrote: Den 24 mars 2016 13:49 skrev Ondra Machacek : > > Hi, > > if you remove user, then also permissions of that user to vms will be > removed. > And yes, you will have to add all those permissions back to users from > new pr

Re: [ovirt-users] oVirt 3.6 AAA LDAP cannot not log in when end of UPN is different from domain base

On 03/24/2016 06:16 PM, Karli Sjöberg wrote: Hi! Starting new thread instead of jacking someone else´s. Managed to migrate from old 'engine-manage-domains' auth to aaa-ldap using: #| ovirt-engine-kerbldap-migration-tool --domain baz.foo.bar --cacert /tmp/ca.crt --apply | All OK, no errors,

Re: [ovirt-users] oVirt 3.6 AAA LDAP cannot not log in when end of UPN is different from domain base

On 03/24/2016 11:14 PM, Karli Sjöberg wrote: Den 24 mars 2016 7:26 em skrev Ondra Machacek : > > On 03/24/2016 06:16 PM, Karli Sjöberg wrote: > > Hi! > > > > > > Starting new thread instead of jacking someone else´s. > > > > > > Managed

Re: [ovirt-users] oVirt 3.6 AAA LDAP cannot not log in when end of UPN is different from domain base

On 03/25/2016 12:26 AM, Karli Sjöberg wrote: Den 25 mars 2016 12:10 fm skrev Karli Sjöberg : > > > Den 24 mars 2016 11:26 em skrev Ondra Machacek : > > > > On 03/24/2016 11:14 PM, Karli Sjöberg wrote: > > > > > > Den 24 mars 2016 7:26 em skrev Ond

Re: [ovirt-users] oVirt 3.6 AAA LDAP cannot not log in when end of UPN is different from domain base

rn = u...@baz.foo.bar config.mapUser.regex.replacement = u...@foo.bar And that isn't very useful. Please advice! /K On 03/25/2016 12:26 AM, Karli Sjöberg wrote: Den 25 mars 2016 12:10 fm skrev Karli Sjöberg : > > > Den 24 mars 2016 11:26 em skrev Ondra Mac

Re: [ovirt-users] oVirt 3.6 AAA LDAP cannot not log in when end of UPN is different from domain base

On 03/26/2016 02:09 PM, Karli Sjöberg wrote: On 26 Mar 2016, at 13:49, Karli Sjöberg mailto:karli.sjob...@slu.se>> wrote: On 26 Mar 2016, at 11:35, Ondra Machacek mailto:omach...@redhat.com>> wrote: For me it's working completelly fine: ... config.map

Re: [ovirt-users] oVirt 3.6 AAA LDAP cannot not log in when end of UPN is different from domain base

On 03/27/2016 11:40 AM, Karli Sjöberg wrote: On 26 Mar 2016, at 21:32, Ondra Machacek wrote: On 03/26/2016 02:09 PM, Karli Sjöberg wrote: On 26 Mar 2016, at 13:49, Karli Sjöberg mailto:karli.sjob...@slu.se>> wrote: On 26 Mar 2016, at 11:35, Ondra Machacek mailto:omach...@redh

Re: [ovirt-users] User permission error in add new disk using API

On 03/30/2016 01:31 PM, Vishal Panchal wrote: Hello, I got following error during add new disk using API but on other side from admin panel I can create new disk. *Error :* Cannot add Virtual Machine Disk. The user doesn't have permissions to attach Disk Profile to the Disk.* Please see this[

Re: [ovirt-users] User permission error in add new disk using API

uot;:"51200","size":"51200","interface":"virtio","format":"cow","sparse":true,"bootable":true} That request is syntactically correct. But as explained by Ondra Machacek there is a bug that makes this fail:

Re: [ovirt-users] RESTAPI and kerberos authentication

On 04/13/2016 10:43 PM, Marcel Galke wrote: Hello, I need to automatically create a list of all the VMs and the storage path to their disks in the data center for offline storage for desaster recovery. We have oVirt 3.6 and IPA 4.2.0. To achieve this my idea was to query the API using Kerberos a

Re: [ovirt-users] RESTAPI and kerberos authentication

On 04/14/2016 08:06 AM, Ondra Machacek wrote: On 04/13/2016 10:43 PM, Marcel Galke wrote: Hello, I need to automatically create a list of all the VMs and the storage path to their disks in the data center for offline storage for desaster recovery. We have oVirt 3.6 and IPA 4.2.0. To achieve

Re: [ovirt-users] RESTAPI and kerberos authentication

curl. Thanks and regards Marcel On 14.04.2016 08:11, Ondra Machacek wrote: On 04/14/2016 08:06 AM, Ondra Machacek wrote: On 04/13/2016 10:43 PM, Marcel Galke wrote: Hello, I need to automatically create a list of all the VMs and the storage path to their disks in the data center for offline st

Re: [ovirt-users] Cannot add new users via api after AAA migration

On 04/18/2016 12:37 PM, Karli Sjöberg wrote: Hi! A little background: https://www.mail-archive.com/users@ovirt.org/msg31815.html Trying to add new user from webadmin gives: 2016-04-18 12:19:14,448 INFO [org.ovirt.engine.core.bll.aaa.AddUserCommand] (default task-10) [53227bd6] Running command

Re: [ovirt-users] ldap servers configuration can be misleading with AD

On 04/19/2016 04:37 PM, Fabrice Bacchella wrote: I tried to plug ovirt using my company AD. But I have a problem, the DNS srv records are not well managed and I can't use them so I changed pool.default.serverset.type from srvrecord to failover. With AD you should use srvrecord, unless you hav

Re: [ovirt-users] ldap servers configuration can be misleading with AD

On 04/19/2016 07:46 PM, Fabrice Bacchella wrote: Le 19 avr. 2016 à 17:35, Ondra Machacek a écrit : On 04/19/2016 04:37 PM, Fabrice Bacchella wrote: I tried to plug ovirt using my company AD. But I have a problem, the DNS srv records are not well managed and I can't use them so I ch

Re: [ovirt-users] ldap servers configuration can be misleading with AD

On 04/20/2016 10:33 AM, Fabrice Bacchella wrote: Le 20 avr. 2016 à 10:16, Ondra Machacek a écrit : On 04/19/2016 07:46 PM, Fabrice Bacchella wrote: Le 19 avr. 2016 à 17:35, Ondra Machacek a écrit : On 04/19/2016 04:37 PM, Fabrice Bacchella wrote: I tried to plug ovirt using my company

Re: [ovirt-users] Errors while trying to join an external LDPA provider

On 04/28/2016 02:59 PM, Alexis HAUSER wrote: Hi, I'm using 3.6.3.4-1.el7.centos and I'm having troubles joining an LDAP provider. When I try to login into the new profile, I get a "general command validation failure" error. This is what I can get from ovirt-engine/engine.log : tail -n 400

Re: [ovirt-users] Errors while trying to join an external LDPA provider

On 04/28/2016 06:02 PM, Alexis HAUSER wrote: pool.default.ssl.truststore.file = /tmp/.jks Maybe trailing space here ^ ? pool.default.ssl.truststore.password = Sadly it doesn't help So please ensure also that file '/tmp/.jks' is readable by ovirt user. The configuration

Re: [ovirt-users] Errors while trying to join an external LDPA provider

On 04/29/2016 02:27 PM, Alexis HAUSER wrote: pool.default.ssl.truststore.file = /tmp/.jks Maybe trailing space here ^ ? pool.default.ssl.truststore.password = Sadly it doesn't help So please ensure also that file '/tmp/.jks' is readable by ovirt user. The configuration l

Re: [ovirt-users] Errors while trying to join an external LDPA provider

On 04/29/2016 03:03 PM, Alexis HAUSER wrote: pool.default.ssl.truststore.file = /tmp/.jks Maybe trailing space here ^ ? pool.default.ssl.truststore.password = Sadly it doesn't help So please ensure also that file '/tmp/.jks' is readable by ovirt user. The configuration l

Re: [ovirt-users] Errors while trying to join an external LDPA provider

On 05/02/2016 09:35 AM, Alexis HAUSER wrote: Should I report this on the bugzilla ? You can, but I beleive this is not bug, but some misconfiguration, many times I've tried completelly simillar setup and it worked. Btw.. did you used 'ovirt-engine-extension-aaa-ldap-setup'? If not you can

Re: [ovirt-users] Errors while trying to join an external LDPA provider

On 05/02/2016 03:02 PM, Alexis HAUSER wrote: I am unsure I understand. What is missing in interactive setup to properly setup TLS? You just enter CA certificte path/url/system and Java keystore file is created for you by the tool. I'll try to generate a new file with the interactive setup a

Re: [ovirt-users] Errors while trying to join an external LDPA provider

On 05/03/2016 10:28 AM, Alexis HAUSER wrote: Are you sure you've specified correct CA? Can you try running this command: LDAPTLS_CACERT=your_ldap_ca_cert.crt ldapsearch -H ldaps://@HOST@ -x -D '@USERDN@' -w '@USERPW@' -b '@BASEDN@' If it fail then most probably you have incorrect CA certific

Re: [ovirt-users] Errors while trying to join an external LDPA provider

On 05/03/2016 11:03 AM, Alexis HAUSER wrote: However, I can't login with any user...But with ldapsearch I can find those users with uid=user I used ovirt-engine-extensions-tool aaa login-user --profile=xxx --user-name=xxx and I realize now what is the problem : the available namespaces show

Re: [ovirt-users] Errors while trying to join an external LDPA provider

On 05/03/2016 11:58 AM, Alexis HAUSER wrote: Thank you, now I see the correct namespace shown, but still no way to login with any user...Any idea ? Hard to say without logs, can you please share log output of ovirt-engine-extensions-tool? Please run it with: ovirt-engine-extensions-tool -

Re: [ovirt-users] Errors while trying to join an external LDPA provider

On 05/03/2016 03:13 PM, Alexis HAUSER wrote: Or do you use rfc2307? You can find out running this command: LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://myldap -b 'ou=people,o=unix,dc=somewhere,dc=any' -D 'cn=mysearchuser,ou=admin,o=unix,dc=somewhere,dc=any' -W '(&(objectClass=posixAccount)(

Re: [ovirt-users] AAA LDAP timeout

Hi, thanks for the point, we will add it to the doc. The configuration option you are interested in is this: pool.default.connection-options.responseTimeoutMillis = 6 just add it to your profile properties (/etc/ovirt-engine/aaa/your_profile.properties) Ondra On 05/18/2016 11:34 AM,

Re: [ovirt-users] add user permissions to a template

If I understand correctly, then 'copy template permissions' is feature you are looking for. When you are creating vm from the template, click on 'Show advanced options' and then you can see 'copy template permissions' checkbox, which will do the work for you. On 05/25/2016 11:44 AM, Nathanaë

Re: [ovirt-users] Can't perform search after setting up an Active Directory

On 05/25/2016 12:20 PM, Alexis HAUSER wrote: Hi, I added an Active Directory server to RHEV, but I can't perform any search and I don't see any namespace in the interface. I'm able to perform search using with the same search user DN / passwd and certificate : LDAPTLS_CACERT=/somewhere/myca.

Re: [ovirt-users] Can't perform search after setting up an Active Directory

On 05/25/2016 03:47 PM, Alexis HAUSER wrote: Can you please send what's happening during initialization of engine? (logs right after ovirt-engine is restarted). Or run this command and send output of file 'login.log': $ ovirt-engine-extensions-tool --log-level=FINEST --log-file=login.log

Re: [ovirt-users] Can't perform search after setting up an Active Directory

On 05/26/2016 10:11 AM, Alexis HAUSER wrote: You use 389 with SSL? I guess you wrongly specified it. But, if you want to use SSL and you have it on 636, then you should create new SRV dns records for example: _ldaps._tcp.university.mydomain.com ... 636 Where should I add this ? in /etc/hosts ?

Re: [ovirt-users] Can't perform search after setting up an Active Directory

On 05/26/2016 11:56 AM, Alexis HAUSER wrote: Where should I add this ? in /etc/hosts ? Somewhere in the ovirt config ? On the DNS server I'm using ? On DNS you are using, usually on AD DNS. Well actually this DNS name doesn't exist and seem to be only an unspecified variable in ovirt...I hav

Re: [ovirt-users] Can't perform search after setting up an Active Directory

On 05/26/2016 03:35 PM, Alexis HAUSER wrote: So it means that aaa-ldap then tries to do following: LDAPTLS_CACERT=/somewhere/myca.pem ldapsearch -H ldaps://mydomain.com:389 -x -D 'CN=Something,DC=myserver,DC=come' -w 'mypaswd' -b 'CN=users,DC=something,DC=com' Which won't work, because you do lda

  1   2   3   4   >