----- Original Message ----- > From: "T-Sinjon" <tscbj1...@gmail.com> > To: "Roy Golan" <rgo...@redhat.com> > Cc: "Oved Ourfalli" <ov...@redhat.com>, users@ovirt.org > Sent: Tuesday, May 22, 2012 5:33:06 AM > Subject: Re: [Users] engine-manage-domains can't add user , domain > > HI, Roy > > I have update my engine to newest use ' rpm -Uvh ' - > > I used rpms from > http://jenkins.ovirt.org/view/ovirt_engine/job/ovirt_engine_create_rpms/ > . > > [root@ovirt-engine ~]# rpm -qa | grep ovirt-engine > ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 > ovirt-engine-config-3.1.0_0001-1.8.fc16.x86_64 > ovirt-engine-log-collector-3.1.0_0001-1.8.fc16.x86_64 > ovirt-engine-3.1.0_0001-1.8.fc16.x86_64 > ovirt-engine-image-uploader-3.1.0_0001-1.8.fc16.x86_64 > ovirt-engine-restapi-3.1.0_0001-1.8.fc16.x86_64 > ovirt-engine-sdk-1.3-1.fc16.noarch > ovirt-engine-tools-common-3.1.0_0001-1.8.fc16.x86_64 > ovirt-engine-backend-3.1.0_0001-1.8.fc16.x86_64 > ovirt-engine-jbossas-1.2-2.fc16.x86_64 > ovirt-engine-iso-uploader-3.1.0_0001-1.8.fc16.x86_64 > ovirt-engine-setup-3.1.0_0001-1.8.fc16.x86_64 > ovirt-engine-userportal-3.1.0_0001-1.8.fc16.x86_64 > ovirt-engine-jboss-deps-3.1.0_0001-1.8.fc16.x86_64 > ovirt-engine-webadmin-portal-3.1.0_0001-1.8.fc16.x86_64 > ovirt-engine-genericapi-3.1.0_0001-1.8.fc16.x86_64 > ovirt-engine-notification-service-3.1.0_0001-1.8.fc16.x86_64 > > and now I add domain again , it still have error and there's no log > can find from engine-manage-domains.log, what should i do now ? > > [root@ovirt-engine ~]# engine-manage-domains -action=add > -domain=local -user=admin -provider=IPA -interactive > Failed reading current configuration. Details: Error "Error fetching > LDAPProviderTypes value: no such entry with version 'general'." > while reading configuration value LDAPProviderTypes. > Looks like your database isn't updated. I'm not sure whether a database upgrade is run automatically when you update the RPMs, but according to the error you get it is probably isn't.
In the RPM ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 you should have an upgrade script. (use rpm -qil on ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 to find out where it is, as I'm not sure exactly where it's installed). Run it using the command" ./upgrade.sh -u postgres It will upgrade your database. Oved > On 15 May, 2012, at 5:10 PM, Roy Golan wrote: > > > On 05/15/2012 08:48 AM, Yair Zaslavsky wrote: > >> On 05/15/2012 08:35 AM, Oved Ourfalli wrote: > >>> > >>> ----- Original Message ----- > >>>> From: "T-Sinjon"<tscbj1...@gmail.com> > >>>> To: "Oved Ourfalli"<ov...@redhat.com> > >>>> Cc: users@ovirt.org > >>>> Sent: Tuesday, May 15, 2012 5:53:16 AM > >>>> Subject: Re: [Users] engine-manage-domains can't add user , > >>>> domain > >>>> > >>>> after use kinit login tsinjon , the error changes to , why this > >>>> happened? > >>>> > >>>> [root@ovirt-engine ~]# engine-manage-domains -action=add > >>>> -domain='local' -user='tsinjon' -interactive > >>>> Enter password: > >>>> > >>>> No user in Directory was found for tsinjon@LOCAL. Trying next > >>>> LDAP > >>>> server in list > >>>> Failure while testing domain local. Details: No user information > >>>> was > >>>> found for user > >>>> > >>> Can't see why kinit matters here, but looking at your command I > >>> noticed you used single quotes for the user and domain name. > >>> I'm not sure it knows to handle this correctly. > >>> Did you try without the quotes? > >>> > >>> Also, what version are you working with? > >>> We had a problem a few weeks ago, of identifying the correct ldap > >>> provider. To fix that we added an option to specify the ldap > >>> provider type. It determines which query will be used in order > >>> to get the user details. > >>> > >>> cc-ing Roy, which added this. iirc it is mandatory to provide > >>> this option, so you probably don't have this option in your > >>> environment. > >>> Roy - is there an upstream release with this fix? > >> Oved - this was merged upstream. > >> T-Sinjon - have you cloned the git repo and compiled or are you > >> using RPMs? > > T-Sinjon - once your updated you'll be able to specify the which > > type is your LDAP server and overcome this problem. > > > > e.g. > > engine-manage-domains -action=add -domain='local' -provider=ipa > > -user='tsinjon' -interactive > > > > > >> > >> > >>> Regards, > >>> Oved > >>>> On 15 May, 2012, at 10:47 AM, T-Sinjon wrote: > >>>> > >>>>> I have added those SRV info into my zone file , and it did go , > >>>>> the log looks fine , but engine-manage-domains still return > >>>>> error > >>>>> > >>>>> 2012-05-15 10:45:19,222 INFO > >>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating > >>>>> kerberos configuration for domain(s): local > >>>>> 2012-05-15 10:45:19,258 INFO > >>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] > >>>>> Successfully > >>>>> created kerberos configuration for domain(s): local > >>>>> 2012-05-15 10:45:19,259 INFO > >>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing > >>>>> kerberos configuration for domain: local > >>>>> > >>>>> [root@ovirt-engine ~]# engine-manage-domains -action=add > >>>>> -domain='local' -user='tsinjon' -interactive > >>>>> Enter password: > >>>>> > >>>>> Error: exception message: Integrity check on decrypted field > >>>>> failed (31) - PREAUTH_FAILED > >>>>> Failure while testing domain local. Details: Kerberos error. > >>>>> Please > >>>>> check log for further details. > >>>>> > >>>>> > >>>>> On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote: > >>>>> > >>>>>> > >>>>>> ----- Original Message ----- > >>>>>>> From: "T-Sinjon"<tscbj1...@gmail.com> > >>>>>>> To: users@ovirt.org > >>>>>>> Sent: Monday, May 14, 2012 5:07:46 PM > >>>>>>> Subject: [Users] engine-manage-domains can't add user , > >>>>>>> domain > >>>>>>> > >>>>>>> > >>>>>>> I use FreeIPA to authenticate users, ipa user-add has no > >>>>>>> problem, > >>>>>>> but when i do : > >>>>>>> > >>>>>>> [root@ovirt-engine ~]# engine-manage-domains -action=add > >>>>>>> -domain='local' -user='tsinjon' -interactive > >>>>>>> > >>>>>>> Error: Authentication Failed. Please verify the fully > >>>>>>> qualified > >>>>>>> domain name that is used for authentication is correct.. > >>>>>>> Problematic > >>>>>>> domain is: local > >>>>>>> Failure while applying Kerberos configuration. Details: > >>>>>>> Authentication Failed. Please verify the fully qualified > >>>>>>> domain > >>>>>>> name > >>>>>>> that is used for authentication is correct. > >>>>>>> > >>>>>>> and log from engine-manage-domains.log : > >>>>>>> > >>>>>>> 2012-05-14 21:58:47,892 INFO > >>>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating > >>>>>>> kerberos configuration for domain(s): local > >>>>>>> 2012-05-14 21:58:47,923 ERROR > >>>>>>> [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting > >>>>>>> SRV > >>>>>>> list > >>>>>>> for protocol _tcp and domain LOCAL Exception message is DNS > >>>>>>> name > >>>>>>> not > >>>>>>> found [response code 3] > >>>>>>> > >>>>>>> my domain is 'local' , like ovirt-engine.local > >>>>>>> 、ovirt-node-1.local > >>>>>>> …etc > >>>>>>> > >>>>>>> What can i do to get through it? > >>>>>>> > >>>>>> The utility (and also the ovirt engine) are relying on DNS SRV > >>>>>> records in order to find LDAP and kerberos servers (supporting > >>>>>> Active directory, IPA or RHDS). > >>>>>> So, in order to work with it you must have the following in > >>>>>> the > >>>>>> DNS > >>>>>> 1. PTR record for your LDAP server > >>>>>> 2. LDAP SRV record for your LDAP server > >>>>>> 3. LDAP kerberos record for your LDAP server > >>>>>> > >>>>>> If you don't really have access to the DNS you can install a > >>>>>> package called "dnsmasq", and perform this changes by yourself > >>>>>> in > >>>>>> its config file. > >>>>>> > >>>>>> Oved > >>>>>>> _______________________________________________ > >>>>>>> Users mailing list > >>>>>>> Users@ovirt.org > >>>>>>> http://lists.ovirt.org/mailman/listinfo/users > >>>>>>> > >>>> > >>> _______________________________________________ > >>> Users mailing list > >>> Users@ovirt.org > >>> http://lists.ovirt.org/mailman/listinfo/users > > > > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users