I have been seeing selinux denials. I'm not sure if it was for the allinone plugin.
Should selinux be enabled or disabled? On Fri, Jul 27, 2012 at 1:54 PM, Yaniv Kaul <[email protected]> wrote: > Did you look for selinux denials? > > ----- Original Message ----- >> I was not able to get this working using beta >> ovirt-engine-setup-plugin-allinone rpm >> >> Used answer file as recommended on the wiki. I didn't document the >> exact error, but the install failed. >> >> I did another install using F16 Installing VDSM from rpm >> >> [ovirt-engine-3.0] >> name=ovirt-engine-3.0 >> baseurl=http://www.ovirt.org/releases/3.0/rpm/Fedora/16 >> enabled=1 >> gpgcheck=0 >> >> >> And then doing engine-setup >> >> And then installing spice-xpi >> >> Can't explain it but it's working from the F16 desktop using FF :) >> >> >> >> On Thu, Jul 26, 2012 at 5:13 AM, Itamar Heim <[email protected]> >> wrote: >> > On 07/26/2012 01:10 PM, David Jaša wrote: >> >> >> >> Brent Bolin píše v St 25. 07. 2012 v 13:46 -0500: >> >>> >> >>> I have seen this. Can give it a try. >> >>> >> >>> At this point I'm not sure if it's a problem with my >> >>> configuration. >> >>> Or making console connections with either vnc or spice. The >> >>> ports are >> >>> clearly running - >> >>> >> >>> netstat -an|grep 590 >> >>> tcp 0 0 0.0.0.0:5900 0.0.0.0:* >> >>> LISTEN >> >>> tcp 0 0 0.0.0.0:5901 0.0.0.0:* >> >>> LISTEN >> >>> >> >>> >> >>> When using plain old kvm, virt-manager I could just simply >> >>> connect >> >>> using any vnc or virt-viewer or x11 virtmanager. >> >>> >> >>> I'm not sure what ovirt is doing with tls etc... >> >>> >> >> >> >> As Itamar already said, it: >> >> * sets up TLS and enforces it. >> >> * sets up temporary ticket >> >> >> >> If you want to connect to the console manually, you have to set up >> >> the >> >> ticket - on the server, follow these steps in order to achieve it >> >> (from >> >> top of my head, can contain typos): >> >> VM_UUID="$(vdsClient -s 0 list table | grep $VM_NAME | awk '{print >> >> $1}')" >> >> vdsClient -s 0 setVmTicket $VM_UUID $PASSWORD $TIMEOUT >> >> >> >> For TLS, you'll need CA file and host subject in case of host name >> >> used >> >> on CLI not matching host name in server cert CN. Assuming you're >> >> connecting from some other computer: >> >> SUBJECT="$(ssh root@$HOST 'grep Subject: >> >> /etc/pki/vdsm/libvirt-spice/server-cert.pem' | sed -e 's/, /,/')" >> >> scp root@$HOST:/etc/pki/rhevm/ca.pem $CA_FILE >> >> remote-viewer --spice-ca-file=$CA_FILE >> >> --spice-host-subject=$SUBJECT >> >> spice://$HOST/?port=$PORT,tls-port=$SECURE_PORT >> >> # it will ask for password in pop-up window >> >> # OR you can use "good old" spicec: >> >> spicec --ca-file=$CA_FILE --host-subject=$SUBJECT -h $HOST -p >> >> $PORT -s >> >> $SECURE_PORT -w $PASSWORD >> >> >> >> David >> >> >> >> PS: given all the info, I guess you've run into some instance of >> >> this >> >> downstream bug: https://bugzilla.redhat.com/show_bug.cgi?id=839548 >> > >> > >> > brent - this only fails user portal. are you failing from webadmin >> > as well? >> > >> > >> >> >> >> >> >>> Not being able to get console access is a definite show stopper. >> >>> And >> >>> it shouldn't be rocket science to do it. And it should be >> >>> accessible >> >>> from either linux or windows clients. Does vSphere (windows >> >>> only) >> >>> ring a bell? >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> On Wed, Jul 25, 2012 at 1:09 PM, Itamar Heim <[email protected]> >> >>> wrote: >> >>>> >> >>>> >> >>>> would it be relevant for you to try the 3.1 beta? >> >>>> it has this which should cover your 'all in one' needs: >> >>>> http://www.ovirt.org/wiki/Feature/AllInOne >> >>>> >> >>>> >> >>>> >> >>>> On 07/25/2012 06:52 PM, Brent Bolin wrote: >> >>>>> >> >>>>> >> >>>>> Thanks David for your reply - >> >>>>> >> >>>>> I have completely flushed all iptables rules 'iptables --flush" >> >>>>> - >> >>>>> >> >>>>> iptables -L -v -n >> >>>>> Chain INPUT (policy ACCEPT 1775K packets, 627M bytes) >> >>>>> pkts bytes target prot opt in out source >> >>>>> destination >> >>>>> >> >>>>> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) >> >>>>> pkts bytes target prot opt in out source >> >>>>> destination >> >>>>> >> >>>>> Chain OUTPUT (policy ACCEPT 1754K packets, 589M bytes) >> >>>>> pkts bytes target prot opt in out source >> >>>>> destination >> >>>>> >> >>>>> >> >>>>> The base host is Fedora 16 running with desktop >> >>>>> >> >>>>> First installed vdsm and then ovirt-engine >> >>>>> >> >>>>> Single network bridge installed, but there is another 1GB nic >> >>>>> that >> >>>>> isn't >> >>>>> being used - >> >>>>> >> >>>>> eth0 Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A >> >>>>> inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link >> >>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> >>>>> RX packets:99656 errors:0 dropped:0 overruns:0 >> >>>>> frame:0 >> >>>>> TX packets:51508 errors:0 dropped:0 overruns:0 >> >>>>> carrier:0 >> >>>>> collisions:0 txqueuelen:1000 >> >>>>> RX bytes:63007897 (60.0 MiB) TX bytes:18148736 >> >>>>> (17.3 MiB) >> >>>>> >> >>>>> lo Link encap:Local Loopback >> >>>>> inet addr:127.0.0.1 Mask:255.0.0.0 >> >>>>> inet6 addr: ::1/128 Scope:Host >> >>>>> UP LOOPBACK RUNNING MTU:16436 Metric:1 >> >>>>> RX packets:1814674 errors:0 dropped:0 overruns:0 >> >>>>> frame:0 >> >>>>> TX packets:1814674 errors:0 dropped:0 overruns:0 >> >>>>> carrier:0 >> >>>>> collisions:0 txqueuelen:0 >> >>>>> RX bytes:646274067 (616.3 MiB) TX bytes:646274067 >> >>>>> (616.3 >> >>>>> MiB) >> >>>>> >> >>>>> ovirtmgmt Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A >> >>>>> inet addr:192.168.0.118 Bcast:192.168.0.255 >> >>>>> Mask:255.255.255.0 >> >>>>> inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link >> >>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> >>>>> RX packets:70706 errors:0 dropped:0 overruns:0 >> >>>>> frame:0 >> >>>>> TX packets:48717 errors:0 dropped:0 overruns:0 >> >>>>> carrier:0 >> >>>>> collisions:0 txqueuelen:0 >> >>>>> RX bytes:52195637 (49.7 MiB) TX bytes:14942359 >> >>>>> (14.2 MiB) >> >>>>> >> >>>>> vnet0 Link encap:Ethernet HWaddr FE:1A:4A:A8:00:00 >> >>>>> inet6 addr: fe80::fc1a:4aff:fea8:0/64 Scope:Link >> >>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> >>>>> RX packets:3 errors:0 dropped:0 overruns:0 frame:0 >> >>>>> TX packets:14 errors:0 dropped:0 overruns:1 >> >>>>> carrier:0 >> >>>>> collisions:0 txqueuelen:500 >> >>>>> RX bytes:1299 (1.2 KiB) TX bytes:2760 (2.6 KiB) >> >>>>> >> >>>>> After ovirt engine is installed logged into the interface and >> >>>>> configured >> >>>>> the host using 127.0.0.1 . Host reboots. Host shows up in the >> >>>>> admin >> >>>>> interface only complaining about power management that isn't >> >>>>> configured. >> >>>>> >> >>>>> >> >>>>> Here >> >>>>> >> >>>>> <https://picasaweb.google.com/lh/photo/3vclaT_6d3uy2QODU6xp_zyLvDWH8k_pPWnP_LVb4fM?feat=directlink> >> >>>>> >> >>>>> is a screen shot of the web interface >> >>>>> >> >>>>> The only configuration settings I've changed are in the >> >>>>> qemu.conf to >> >>>>> either tls=0 or tls=1 >> >>>>> >> >>>>> spice-gtk-0.11-4.fc16.x86_64 >> >>>>> spice-client-0.10.1-1.fc16.x86_64 >> >>>>> spice-glib-0.11-4.fc16.x86_64 >> >>>>> spice-gtk3-0.11-4.fc16.x86_64 >> >>>>> spice-xpi-2.7-3.fc16.x86_64 >> >>>>> spice-gtk-tools-0.11-4.fc16.x86_64 >> >>>>> spice-server-0.10.1-1.fc16.x86_64 >> >>>>> >> >>>>> The link in the admin interface shows available(using FF). >> >>>>> When I >> >>>>> click >> >>>>> it opens a spicec:0 dialog and just closes >> >>>>> >> >>>>> If I try to open from a shell I get things like this - >> >>>>> >> >>>>> Brief window open and then error - >> >>>>> >> >>>>> spicec -h 127.0.0.1 -p 5900 >> >>>>> Warning: connect error 5 - need secured connection >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>> >> >>>>> On Wed, Jul 25, 2012 at 10:04 AM, David Jaša <[email protected] >> >>>>> <mailto:[email protected]>> wrote: >> >>>>> > Hi Brent, >> >>>>> > >> >>>>> > first guess: have a look if your iptables setup allow >> >>>>> > connection to >> >>>>> the >> >>>>> > qemu processes. RHEV 3.0 documentation (publicly accesible) >> >>>>> > says >> >>>>> that a >> >>>>> > host needs these ports open: >> >>>>> > port 22 for SSH, >> >>>>> > ports 5634 to 6166 for guest console connections, >> >>>>> > port 16514 for libvirt virtual machine migration >> >>>>> > traffic, >> >>>>> > ports 49152 to 49216 for VDSM virtual machine >> >>>>> > migration >> >>>>> traffic, >> >>>>> > and >> >>>>> > port 54321 for the Red Hat Enterprise >> >>>>> > Virtualization >> >>>>> Manager. >> >>>>> > >> >>>>> > If you have ovirt-engine running onu the same machine as >> >>>>> > vdsm, most >> >>>>> of >> >>>>> > the ports don't need to be accessible from outside but >> >>>>> > "guest >> >>>>> console" >> >>>>> > ports do. >> >>>>> > >> >>>>> > If it isn't iptables, please share at least: >> >>>>> > * what your actual topology is (engine on the physical >> >>>>> > host?) >> >>>>> > * if you use some custom tls settings such as tls switched >> >>>>> > off >> >>>>> > * what spice client & xpi versions are you using >> >>>>> > * how exactly the client failed (showed error window? with >> >>>>> > what >> >>>>> error? >> >>>>> > just didn't launch?) >> >>>>> > >> >>>>> > In your email, you didn't write any debugging hints apart >> >>>>> > from the >> >>>>> setup >> >>>>> > being single-host one... >> >>>>> > >> >>>>> > David >> >>>>> > >> >>>>> > >> >>>>> > Brent Bolin píše v St 25. 07. 2012 v 09:00 -0500: >> >>>>> >> About 6 months ago I asked on this list if it was possible >> >>>>> >> to >> >>>>> install >> >>>>> >> ovirt on a single host. Thread got long and winded and >> >>>>> >> lost >> >>>>> interest. >> >>>>> >> >> >>>>> >> Started looking at the project again about two days ago. >> >>>>> >> What I >> >>>>> >> really didn't understand was using a base Fedora install. >> >>>>> Installing >> >>>>> >> vdsm and then installing ovirt engine. >> >>>>> >> >> >>>>> >> So everything is up. Created data center, storage, >> >>>>> >> cluster, host >> >>>>> and >> >>>>> >> virtual machine. >> >>>>> >> >> >>>>> >> But I can't get there from here. I can't get console >> >>>>> >> running to >> >>>>> >> configure the booted install. >> >>>>> >> >> >>>>> >> I've tried VNC, Spice, Firefox with spice-xpi plugin. >> >>>>> >> >> >>>>> >> Tried tweaking, turning, touching, swearing @ >> >>>>> /etc/libvirt/qemu.conf >> >>>>> >> settings. tls settings. Not even sure if this is the >> >>>>> >> right place >> >>>>> to >> >>>>> >> be checking. >> >>>>> >> >> >>>>> >> This is a show stopper. >> >>>>> >> >> >>>>> >> LSB Version: :core-4.0-amd64:core-4.0-noarch >> >>>>> >> Distributor ID: Fedora >> >>>>> >> Description: Fedora release 16 (Verne) >> >>>>> >> Release: 16 >> >>>>> >> Codename: Verne >> >>>>> >> >> >>>>> >> [root@ovirt # rpm -qa|grep ovirt-engine >> >>>>> >> ovirt-engine-3.0.0_0001-1.6.fc16.x86_64 >> >>>>> >> ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64 >> >>>>> >> ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64 >> >>>>> >> ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64 >> >>>>> >> ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64 >> >>>>> >> ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64 >> >>>>> >> ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64 >> >>>>> >> ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64 >> >>>>> >> ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64 >> >>>>> >> ovirt-engine-jbossas-1.2-2.fc16.x86_64 >> >>>>> >> ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64 >> >>>>> >> ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64 >> >>>>> >> ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64 >> >>>>> >> ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64 >> >>>>> >> ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64 >> >>>>> >> >> >>>>> >> Any input would be appreciated >> >>>>> >> _______________________________________________ >> >>>>> >> Users mailing list >> >>>>> >> [email protected] <mailto:[email protected]> >> >>>>> >> >>>>> >> http://lists.ovirt.org/mailman/listinfo/users >> >>>>> > >> >>>>> > -- >> >>>>> > >> >>>>> > David Jaša, RHCE >> >>>>> > >> >>>>> > SPICE QE based in Brno >> >>>>> > GPG Key: 22C33E24 >> >>>>> > Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 >> >>>>> > 3E24 >> >>>>> > >> >>>>> > >> >>>>> > >> >>>>> >> >>>>> >> >>>>> _______________________________________________ >> >>>>> Users mailing list >> >>>>> [email protected] >> >>>>> http://lists.ovirt.org/mailman/listinfo/users >> >>>>> >> >>>> >> >>>> >> >>> _______________________________________________ >> >>> Users mailing list >> >>> [email protected] >> >>> http://lists.ovirt.org/mailman/listinfo/users >> >> >> >> >> > >> > >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.ovirt.org/mailman/listinfo/users >> _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
