On 07/27/2012 10:15 PM, Brent Bolin wrote:
I have been seeing selinux denials. I'm not sure if it was for the
allinone plugin.
Should selinux be enabled or disabled?
enabled, but doesn't mean it doesn't have bugs:
- try with disabled
- report the denials
On Fri, Jul 27, 2012 at 1:54 PM, Yaniv Kaul <[email protected]> wrote:
Did you look for selinux denials?
----- Original Message -----
I was not able to get this working using beta
ovirt-engine-setup-plugin-allinone rpm
Used answer file as recommended on the wiki. I didn't document the
exact error, but the install failed.
I did another install using F16 Installing VDSM from rpm
[ovirt-engine-3.0]
name=ovirt-engine-3.0
baseurl=http://www.ovirt.org/releases/3.0/rpm/Fedora/16
enabled=1
gpgcheck=0
And then doing engine-setup
And then installing spice-xpi
Can't explain it but it's working from the F16 desktop using FF :)
On Thu, Jul 26, 2012 at 5:13 AM, Itamar Heim <[email protected]>
wrote:
On 07/26/2012 01:10 PM, David Jaša wrote:
Brent Bolin píše v St 25. 07. 2012 v 13:46 -0500:
I have seen this. Can give it a try.
At this point I'm not sure if it's a problem with my
configuration.
Or making console connections with either vnc or spice. The
ports are
clearly running -
netstat -an|grep 590
tcp 0 0 0.0.0.0:5900 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:5901 0.0.0.0:*
LISTEN
When using plain old kvm, virt-manager I could just simply
connect
using any vnc or virt-viewer or x11 virtmanager.
I'm not sure what ovirt is doing with tls etc...
As Itamar already said, it:
* sets up TLS and enforces it.
* sets up temporary ticket
If you want to connect to the console manually, you have to set up
the
ticket - on the server, follow these steps in order to achieve it
(from
top of my head, can contain typos):
VM_UUID="$(vdsClient -s 0 list table | grep $VM_NAME | awk '{print
$1}')"
vdsClient -s 0 setVmTicket $VM_UUID $PASSWORD $TIMEOUT
For TLS, you'll need CA file and host subject in case of host name
used
on CLI not matching host name in server cert CN. Assuming you're
connecting from some other computer:
SUBJECT="$(ssh root@$HOST 'grep Subject:
/etc/pki/vdsm/libvirt-spice/server-cert.pem' | sed -e 's/, /,/')"
scp root@$HOST:/etc/pki/rhevm/ca.pem $CA_FILE
remote-viewer --spice-ca-file=$CA_FILE
--spice-host-subject=$SUBJECT
spice://$HOST/?port=$PORT,tls-port=$SECURE_PORT
# it will ask for password in pop-up window
# OR you can use "good old" spicec:
spicec --ca-file=$CA_FILE --host-subject=$SUBJECT -h $HOST -p
$PORT -s
$SECURE_PORT -w $PASSWORD
David
PS: given all the info, I guess you've run into some instance of
this
downstream bug: https://bugzilla.redhat.com/show_bug.cgi?id=839548
brent - this only fails user portal. are you failing from webadmin
as well?
Not being able to get console access is a definite show stopper.
And
it shouldn't be rocket science to do it. And it should be
accessible
from either linux or windows clients. Does vSphere (windows
only)
ring a bell?
On Wed, Jul 25, 2012 at 1:09 PM, Itamar Heim <[email protected]>
wrote:
would it be relevant for you to try the 3.1 beta?
it has this which should cover your 'all in one' needs:
http://www.ovirt.org/wiki/Feature/AllInOne
On 07/25/2012 06:52 PM, Brent Bolin wrote:
Thanks David for your reply -
I have completely flushed all iptables rules 'iptables --flush"
-
iptables -L -v -n
Chain INPUT (policy ACCEPT 1775K packets, 627M bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 1754K packets, 589M bytes)
pkts bytes target prot opt in out source
destination
The base host is Fedora 16 running with desktop
First installed vdsm and then ovirt-engine
Single network bridge installed, but there is another 1GB nic
that
isn't
being used -
eth0 Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A
inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:99656 errors:0 dropped:0 overruns:0
frame:0
TX packets:51508 errors:0 dropped:0 overruns:0
carrier:0
collisions:0 txqueuelen:1000
RX bytes:63007897 (60.0 MiB) TX bytes:18148736
(17.3 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1814674 errors:0 dropped:0 overruns:0
frame:0
TX packets:1814674 errors:0 dropped:0 overruns:0
carrier:0
collisions:0 txqueuelen:0
RX bytes:646274067 (616.3 MiB) TX bytes:646274067
(616.3
MiB)
ovirtmgmt Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A
inet addr:192.168.0.118 Bcast:192.168.0.255
Mask:255.255.255.0
inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:70706 errors:0 dropped:0 overruns:0
frame:0
TX packets:48717 errors:0 dropped:0 overruns:0
carrier:0
collisions:0 txqueuelen:0
RX bytes:52195637 (49.7 MiB) TX bytes:14942359
(14.2 MiB)
vnet0 Link encap:Ethernet HWaddr FE:1A:4A:A8:00:00
inet6 addr: fe80::fc1a:4aff:fea8:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:1
carrier:0
collisions:0 txqueuelen:500
RX bytes:1299 (1.2 KiB) TX bytes:2760 (2.6 KiB)
After ovirt engine is installed logged into the interface and
configured
the host using 127.0.0.1 . Host reboots. Host shows up in the
admin
interface only complaining about power management that isn't
configured.
Here
<https://picasaweb.google.com/lh/photo/3vclaT_6d3uy2QODU6xp_zyLvDWH8k_pPWnP_LVb4fM?feat=directlink>
is a screen shot of the web interface
The only configuration settings I've changed are in the
qemu.conf to
either tls=0 or tls=1
spice-gtk-0.11-4.fc16.x86_64
spice-client-0.10.1-1.fc16.x86_64
spice-glib-0.11-4.fc16.x86_64
spice-gtk3-0.11-4.fc16.x86_64
spice-xpi-2.7-3.fc16.x86_64
spice-gtk-tools-0.11-4.fc16.x86_64
spice-server-0.10.1-1.fc16.x86_64
The link in the admin interface shows available(using FF).
When I
click
it opens a spicec:0 dialog and just closes
If I try to open from a shell I get things like this -
Brief window open and then error -
spicec -h 127.0.0.1 -p 5900
Warning: connect error 5 - need secured connection
On Wed, Jul 25, 2012 at 10:04 AM, David Jaša <[email protected]
<mailto:[email protected]>> wrote:
> Hi Brent,
>
> first guess: have a look if your iptables setup allow
> connection to
the
> qemu processes. RHEV 3.0 documentation (publicly accesible)
> says
that a
> host needs these ports open:
> port 22 for SSH,
> ports 5634 to 6166 for guest console connections,
> port 16514 for libvirt virtual machine migration
> traffic,
> ports 49152 to 49216 for VDSM virtual machine
> migration
traffic,
> and
> port 54321 for the Red Hat Enterprise
> Virtualization
Manager.
>
> If you have ovirt-engine running onu the same machine as
> vdsm, most
of
> the ports don't need to be accessible from outside but
> "guest
console"
> ports do.
>
> If it isn't iptables, please share at least:
> * what your actual topology is (engine on the physical
> host?)
> * if you use some custom tls settings such as tls switched
> off
> * what spice client & xpi versions are you using
> * how exactly the client failed (showed error window? with
> what
error?
> just didn't launch?)
>
> In your email, you didn't write any debugging hints apart
> from the
setup
> being single-host one...
>
> David
>
>
> Brent Bolin píše v St 25. 07. 2012 v 09:00 -0500:
>> About 6 months ago I asked on this list if it was possible
>> to
install
>> ovirt on a single host. Thread got long and winded and
>> lost
interest.
>>
>> Started looking at the project again about two days ago.
>> What I
>> really didn't understand was using a base Fedora install.
Installing
>> vdsm and then installing ovirt engine.
>>
>> So everything is up. Created data center, storage,
>> cluster, host
and
>> virtual machine.
>>
>> But I can't get there from here. I can't get console
>> running to
>> configure the booted install.
>>
>> I've tried VNC, Spice, Firefox with spice-xpi plugin.
>>
>> Tried tweaking, turning, touching, swearing @
/etc/libvirt/qemu.conf
>> settings. tls settings. Not even sure if this is the
>> right place
to
>> be checking.
>>
>> This is a show stopper.
>>
>> LSB Version: :core-4.0-amd64:core-4.0-noarch
>> Distributor ID: Fedora
>> Description: Fedora release 16 (Verne)
>> Release: 16
>> Codename: Verne
>>
>> [root@ovirt # rpm -qa|grep ovirt-engine
>> ovirt-engine-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-jbossas-1.2-2.fc16.x86_64
>> ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64
>> ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64
>>
>> Any input would be appreciated
>> _______________________________________________
>> Users mailing list
>> [email protected] <mailto:[email protected]>
>> http://lists.ovirt.org/mailman/listinfo/users
>
> --
>
> David Jaša, RHCE
>
> SPICE QE based in Brno
> GPG Key: 22C33E24
> Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3
> 3E24
>
>
>
_______________________________________________
Users mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/users
