----- Original Message ----- > On 05/22/2012 08:34 AM, Oved Ourfalli wrote: > > > > ----- Original Message ----- > >> From: "T-Sinjon"<tscbj1...@gmail.com> > >> To: "Roy Golan"<rgo...@redhat.com> > >> Cc: "Oved Ourfalli"<ov...@redhat.com>, users@ovirt.org > >> Sent: Tuesday, May 22, 2012 5:33:06 AM > >> Subject: Re: [Users] engine-manage-domains can't add user , domain > >> > >> HI, Roy > >> > >> I have update my engine to newest use ' rpm -Uvh ' - > >> > >> I used rpms from > >> http://jenkins.ovirt.org/view/ovirt_engine/job/ovirt_engine_create_rpms/ > >> . > >> > >> [root@ovirt-engine ~]# rpm -qa | grep ovirt-engine > >> ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 > >> ovirt-engine-config-3.1.0_0001-1.8.fc16.x86_64 > >> ovirt-engine-log-collector-3.1.0_0001-1.8.fc16.x86_64 > >> ovirt-engine-3.1.0_0001-1.8.fc16.x86_64 > >> ovirt-engine-image-uploader-3.1.0_0001-1.8.fc16.x86_64 > >> ovirt-engine-restapi-3.1.0_0001-1.8.fc16.x86_64 > >> ovirt-engine-sdk-1.3-1.fc16.noarch > >> ovirt-engine-tools-common-3.1.0_0001-1.8.fc16.x86_64 > >> ovirt-engine-backend-3.1.0_0001-1.8.fc16.x86_64 > >> ovirt-engine-jbossas-1.2-2.fc16.x86_64 > >> ovirt-engine-iso-uploader-3.1.0_0001-1.8.fc16.x86_64 > >> ovirt-engine-setup-3.1.0_0001-1.8.fc16.x86_64 > >> ovirt-engine-userportal-3.1.0_0001-1.8.fc16.x86_64 > >> ovirt-engine-jboss-deps-3.1.0_0001-1.8.fc16.x86_64 > >> ovirt-engine-webadmin-portal-3.1.0_0001-1.8.fc16.x86_64 > >> ovirt-engine-genericapi-3.1.0_0001-1.8.fc16.x86_64 > >> ovirt-engine-notification-service-3.1.0_0001-1.8.fc16.x86_64 > >> > >> and now I add domain again , it still have error and there's no > >> log > >> can find from engine-manage-domains.log, what should i do now ? > >> > >> [root@ovirt-engine ~]# engine-manage-domains -action=add > >> -domain=local -user=admin -provider=IPA -interactive > >> Failed reading current configuration. Details: Error "Error > >> fetching > >> LDAPProviderTypes value: no such entry with version 'general'." > >> while reading configuration value LDAPProviderTypes. > >> > > Looks like your database isn't updated. > > I'm not sure whether a database upgrade is run automatically when > > you update the RPMs, but according to the error you get it is > > probably isn't. > if rpm -Uvh didn't fire the upgrade script its a bug. > pls attach /var/log/ovirt-engine/ovirt-engine-upgrade.log to see if > something went wrong
This is completely not true. We don't support rpm -Uvh rhevm at all, the right way to upgrade rpms is using the engine-upgrade utility. Also, since you have a "devel" rpms, it is recommended to do a clean install of the rpms. > > In the RPM ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 you > > should have an upgrade script. > > (use rpm -qil on ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 > > to find out where it is, as I'm not sure exactly where it's > > installed). > > > > Run it using the command" ./upgrade.sh -u postgres > > It will upgrade your database. > > > > Oved > >> On 15 May, 2012, at 5:10 PM, Roy Golan wrote: > >> > >>> On 05/15/2012 08:48 AM, Yair Zaslavsky wrote: > >>>> On 05/15/2012 08:35 AM, Oved Ourfalli wrote: > >>>>> ----- Original Message ----- > >>>>>> From: "T-Sinjon"<tscbj1...@gmail.com> > >>>>>> To: "Oved Ourfalli"<ov...@redhat.com> > >>>>>> Cc: users@ovirt.org > >>>>>> Sent: Tuesday, May 15, 2012 5:53:16 AM > >>>>>> Subject: Re: [Users] engine-manage-domains can't add user , > >>>>>> domain > >>>>>> > >>>>>> after use kinit login tsinjon , the error changes to , why > >>>>>> this > >>>>>> happened? > >>>>>> > >>>>>> [root@ovirt-engine ~]# engine-manage-domains -action=add > >>>>>> -domain='local' -user='tsinjon' -interactive > >>>>>> Enter password: > >>>>>> > >>>>>> No user in Directory was found for tsinjon@LOCAL. Trying next > >>>>>> LDAP > >>>>>> server in list > >>>>>> Failure while testing domain local. Details: No user > >>>>>> information > >>>>>> was > >>>>>> found for user > >>>>>> > >>>>> Can't see why kinit matters here, but looking at your command I > >>>>> noticed you used single quotes for the user and domain name. > >>>>> I'm not sure it knows to handle this correctly. > >>>>> Did you try without the quotes? > >>>>> > >>>>> Also, what version are you working with? > >>>>> We had a problem a few weeks ago, of identifying the correct > >>>>> ldap > >>>>> provider. To fix that we added an option to specify the ldap > >>>>> provider type. It determines which query will be used in order > >>>>> to get the user details. > >>>>> > >>>>> cc-ing Roy, which added this. iirc it is mandatory to provide > >>>>> this option, so you probably don't have this option in your > >>>>> environment. > >>>>> Roy - is there an upstream release with this fix? > >>>> Oved - this was merged upstream. > >>>> T-Sinjon - have you cloned the git repo and compiled or are you > >>>> using RPMs? > >>> T-Sinjon - once your updated you'll be able to specify the which > >>> type is your LDAP server and overcome this problem. > >>> > >>> e.g. > >>> engine-manage-domains -action=add -domain='local' -provider=ipa > >>> -user='tsinjon' -interactive > >>> > >>> > >>>> > >>>>> Regards, > >>>>> Oved > >>>>>> On 15 May, 2012, at 10:47 AM, T-Sinjon wrote: > >>>>>> > >>>>>>> I have added those SRV info into my zone file , and it did go > >>>>>>> , > >>>>>>> the log looks fine , but engine-manage-domains still return > >>>>>>> error > >>>>>>> > >>>>>>> 2012-05-15 10:45:19,222 INFO > >>>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] > >>>>>>> Creating > >>>>>>> kerberos configuration for domain(s): local > >>>>>>> 2012-05-15 10:45:19,258 INFO > >>>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] > >>>>>>> Successfully > >>>>>>> created kerberos configuration for domain(s): local > >>>>>>> 2012-05-15 10:45:19,259 INFO > >>>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] > >>>>>>> Testing > >>>>>>> kerberos configuration for domain: local > >>>>>>> > >>>>>>> [root@ovirt-engine ~]# engine-manage-domains -action=add > >>>>>>> -domain='local' -user='tsinjon' -interactive > >>>>>>> Enter password: > >>>>>>> > >>>>>>> Error: exception message: Integrity check on decrypted field > >>>>>>> failed (31) - PREAUTH_FAILED > >>>>>>> Failure while testing domain local. Details: Kerberos error. > >>>>>>> Please > >>>>>>> check log for further details. > >>>>>>> > >>>>>>> > >>>>>>> On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote: > >>>>>>> > >>>>>>>> ----- Original Message ----- > >>>>>>>>> From: "T-Sinjon"<tscbj1...@gmail.com> > >>>>>>>>> To: users@ovirt.org > >>>>>>>>> Sent: Monday, May 14, 2012 5:07:46 PM > >>>>>>>>> Subject: [Users] engine-manage-domains can't add user , > >>>>>>>>> domain > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> I use FreeIPA to authenticate users, ipa user-add has no > >>>>>>>>> problem, > >>>>>>>>> but when i do : > >>>>>>>>> > >>>>>>>>> [root@ovirt-engine ~]# engine-manage-domains -action=add > >>>>>>>>> -domain='local' -user='tsinjon' -interactive > >>>>>>>>> > >>>>>>>>> Error: Authentication Failed. Please verify the fully > >>>>>>>>> qualified > >>>>>>>>> domain name that is used for authentication is correct.. > >>>>>>>>> Problematic > >>>>>>>>> domain is: local > >>>>>>>>> Failure while applying Kerberos configuration. Details: > >>>>>>>>> Authentication Failed. Please verify the fully qualified > >>>>>>>>> domain > >>>>>>>>> name > >>>>>>>>> that is used for authentication is correct. > >>>>>>>>> > >>>>>>>>> and log from engine-manage-domains.log : > >>>>>>>>> > >>>>>>>>> 2012-05-14 21:58:47,892 INFO > >>>>>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] > >>>>>>>>> Creating > >>>>>>>>> kerberos configuration for domain(s): local > >>>>>>>>> 2012-05-14 21:58:47,923 ERROR > >>>>>>>>> [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting > >>>>>>>>> SRV > >>>>>>>>> list > >>>>>>>>> for protocol _tcp and domain LOCAL Exception message is DNS > >>>>>>>>> name > >>>>>>>>> not > >>>>>>>>> found [response code 3] > >>>>>>>>> > >>>>>>>>> my domain is 'local' , like ovirt-engine.local > >>>>>>>>> 、ovirt-node-1.local > >>>>>>>>> …etc > >>>>>>>>> > >>>>>>>>> What can i do to get through it? > >>>>>>>>> > >>>>>>>> The utility (and also the ovirt engine) are relying on DNS > >>>>>>>> SRV > >>>>>>>> records in order to find LDAP and kerberos servers > >>>>>>>> (supporting > >>>>>>>> Active directory, IPA or RHDS). > >>>>>>>> So, in order to work with it you must have the following in > >>>>>>>> the > >>>>>>>> DNS > >>>>>>>> 1. PTR record for your LDAP server > >>>>>>>> 2. LDAP SRV record for your LDAP server > >>>>>>>> 3. LDAP kerberos record for your LDAP server > >>>>>>>> > >>>>>>>> If you don't really have access to the DNS you can install a > >>>>>>>> package called "dnsmasq", and perform this changes by > >>>>>>>> yourself > >>>>>>>> in > >>>>>>>> its config file. > >>>>>>>> > >>>>>>>> Oved > >>>>>>>>> _______________________________________________ > >>>>>>>>> Users mailing list > >>>>>>>>> Users@ovirt.org > >>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users > >>>>>>>>> > >>>>> _______________________________________________ > >>>>> Users mailing list > >>>>> Users@ovirt.org > >>>>> http://lists.ovirt.org/mailman/listinfo/users > >> _______________________________________________ > >> Users mailing list > >> Users@ovirt.org > >> http://lists.ovirt.org/mailman/listinfo/users > >> > > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users