Re: [ovirt-devel] [ovirt-users] oVirt 3.5 test day 2 results
- Original Message - > From: "Sven Kieske" > To: devel@ovirt.org > Sent: Thursday, July 31, 2014 3:35:08 PM > Subject: Re: [ovirt-devel] [ovirt-users] oVirt 3.5 test day 2 results > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 30.07.2014 18:14, Simone Tiraboschi wrote: > > A previous attempt used ssh and scp to do all automatically but it > > was rejected being judged not so secure. > So who judged it? > Maybe he/she could share some > reasoning how this could be more > insecure and more error prone > than a clumsy do-this-by-hand-setup ? I just discussed it with Alon as it involves security concerns. I think we found a good compromise adding also the opportunity to save the CSR into a file still asking to the user to manually transfer and sign it on the other host. I'm going to fix it. ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
Re: [ovirt-devel] [ovirt-users] oVirt 3.5 test day 2 results
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 30.07.2014 18:14, Simone Tiraboschi wrote: > A previous attempt used ssh and scp to do all automatically but it > was rejected being judged not so secure. So who judged it? Maybe he/she could share some reasoning how this could be more insecure and more error prone than a clumsy do-this-by-hand-setup ? -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQGcBAEBAgAGBQJT2kYMAAoJEAq0kGAWDrqlgIUL/3H3U0shaJ/X7UySEo5ULYEv 8WmDmqAFdFjIsVrIEAxVCYrqlgLRqNCkL+1IhUn82ng3k22iREwmGXcV33LvDBEG wAMg2U4JgHJwF874cyMSWObl+N6VxfNjoRrKkUDXm4mMr+iJExvZXcFCQ5qfSKKD RnCITKz/Xvnh0DFck0+OQ82SvgG49izZaKxYFHZ+p+0OFRN2IeFZfuhot41eMmHw tmxJnz6REqbipcJS2+QYrjwlAk2Ocu+u4nIXHHtWTLUw4QJ3NSFTUF+LbCctevyL sH72xveBmmBCgQN10rkZy8dtgVlBPkb91IXYTW1Mv3VOp0fNO/MG3gDYksYFOBM6 /CPItVBv1lWK5NDIchKBjYQXpfYfberS8shl/4KrB4017xSbsGzL9xH376y84GYV hvls+xdRyvxFlh9po9SK68Vd6Ds3TIJ0HoN50KZKzANAY+NdQzdIz9KzSB8s3kT+ SJ1ujbULWYT9yIMUMH29iQnNbrPqklY/UnBcXCHkBQ== =E+4w -END PGP SIGNATURE- ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
Re: [ovirt-devel] [ovirt-users] oVirt 3.5 test day 2 results
- Original Message - > From: "Jiri Belka" > To: "Simone Tiraboschi" > Cc: "users" , devel@ovirt.org > Sent: Thursday, July 31, 2014 8:26:20 AM > Subject: Re: [ovirt-users] [ovirt-devel] oVirt 3.5 test day 2 results > > > > '...no so usable', this is joke. It's real design failure. Do not take > > > this personally but whoever approved this did bad job. > > > > No, of course: I'm not so proud of it too. :-) > > > > A previous attempt used ssh and scp to do all automatically but it was > > rejected being judged not so secure. > > Avoiding to use ssh and scp so seams a strong requirement; if you have any > > better idea feel free to propose it. > > I will not repeat myself again in details, all setup should be done from > Admin portal, same was one adds a host. > > Anyway, job spent time on this work is useless. I hope it will be moved > to trash bin, this is ridiculous. > > What is obvious is that who designed this is not UNIX sysadmin oriented > junkie. > > j. > The big part of this task was indeed to properly complete the modularization of engine setup: now you can run engine-setup only for the websocket-proxy stuff and it don't try anymore to setup jboss AS and DBMS stuff as it did in the past. We need that in any case. The work on the console UI for websocket proxy cert was quite small since the 'interface' is really simple. Of course we can do better, but I'm not so sure we really need it now. Actual solution can be judged cumbersome but I think that only a few sysadmin are really going to install the websocket proxy on a separate host; I'm almost sure that they aren't going to move it one day on an host and one day on another so a bit of manual work on my opinion can be acceptable on that. Simone ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
Re: [ovirt-devel] [ovirt-users] oVirt 3.5 test day 2 results
On Thu, 31 Jul 2014 08:26:20 +0200 Jiri Belka wrote: > > > '...no so usable', this is joke. It's real design failure. Do not take > > > this personally but whoever approved this did bad job. > > > > No, of course: I'm not so proud of it too. :-) > > > > A previous attempt used ssh and scp to do all automatically but it was > > rejected being judged not so secure. > > Avoiding to use ssh and scp so seams a strong requirement; if you have any > > better idea feel free to propose it. > > I will not repeat myself again in details, all setup should be done from > Admin portal, same was one adds a host. > > Anyway, job spent time on this work is useless. I hope it will be moved > to trash bin, this is ridiculous. > > What is obvious is that who designed this is not UNIX sysadmin oriented > junkie. FYA https://bugzilla.redhat.com/show_bug.cgi?id=1116017 ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
Re: [ovirt-devel] [ovirt-users] oVirt 3.5 test day 2 results
> > '...no so usable', this is joke. It's real design failure. Do not take > > this personally but whoever approved this did bad job. > > No, of course: I'm not so proud of it too. :-) > > A previous attempt used ssh and scp to do all automatically but it was > rejected being judged not so secure. > Avoiding to use ssh and scp so seams a strong requirement; if you have any > better idea feel free to propose it. I will not repeat myself again in details, all setup should be done from Admin portal, same was one adds a host. Anyway, job spent time on this work is useless. I hope it will be moved to trash bin, this is ridiculous. What is obvious is that who designed this is not UNIX sysadmin oriented junkie. j. ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
Re: [ovirt-devel] [ovirt-users] oVirt 3.5 test day 2 results
- Original Message - > From: "Jiri Belka" > To: "Simone Tiraboschi" > Cc: "Francesco Romani" , "users" , > devel@ovirt.org > Sent: Wednesday, July 30, 2014 4:06:23 PM > Subject: Re: [ovirt-users] [ovirt-devel] oVirt 3.5 test day 2 results > > On Wed, 30 Jul 2014 09:04:10 -0400 (EDT) > Simone Tiraboschi wrote: > > > We choose that way to avoid to ask to the user to provide the root password > > of the engine host, in order to automatically copying files via SCP or > > executing commands over ssh on the remote host, for security reasons. > > I agree with you that due to that assumption this result is not so usable. > > '...no so usable', this is joke. It's real design failure. Do not take > this personally but whoever approved this did bad job. No, of course: I'm not so proud of it too. :-) A previous attempt used ssh and scp to do all automatically but it was rejected being judged not so secure. Avoiding to use ssh and scp so seams a strong requirement; if you have any better idea feel free to propose it. Simone ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
Re: [ovirt-devel] [ovirt-users] oVirt 3.5 test day 2 results
On Wed, 30 Jul 2014 09:04:10 -0400 (EDT) Simone Tiraboschi wrote: > We choose that way to avoid to ask to the user to provide the root password > of the engine host, in order to automatically copying files via SCP or > executing commands over ssh on the remote host, for security reasons. > I agree with you that due to that assumption this result is not so usable. '...no so usable', this is joke. It's real design failure. Do not take this personally but whoever approved this did bad job. j. ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
Re: [ovirt-devel] [ovirt-users] oVirt 3.5 test day 2 results - NUMA
- Original Message -
> From: "Martin Perina"
> To: devel@ovirt.org, "us...@ovirt.org List"
> Sent: Wednesday, July 30, 2014 1:26:49 PM
> Subject: [ovirt-users] oVirt 3.5 test day 2 results - NUMA
>
> Hi,
>
> I tried to test NUMA feature. Unfortunately the feature has no UI yet,
> so I tested just db content and REST API calls:
>
>
> 1) Two NUMA hosts added to 3.5 cluster with shared NFS storage using webadmin
>
> 2) Database:
> a) Both hosts have is_numa_supported=true, auto_numa_balancing=1 in
> vds_dynamic table
> b) Both hosts have 2 records in numa_nodes tables (consistent with
> numactl info)
> c) Both hosts have 24 records in numa_node_cpu_map, 12 per numa node
> (consistent with numactl info)
>
> 3) REST API:
> a) URL /ovirt-engine/api/hosts/{HOST_ID} contains numa related data:
> enable
> true
>
> b) URL /ovirt-engine/api/hosts/{HOST_ID}/numanodes works (consistent with
> numactl info)
>
> c) URL /ovirt-engine/api/hosts/{HOST_ID}/numanodes/{NODE_ID}/statistics
> works
>
> 4) Installed two VMs (one RHEL 6, one RHEL 7), both requires 16GB of RAM,
> with balloon enabled
>and 8GB guarantied.
>
> 5) Database:
> a) Both vms have numatune_mode=preferred in vm_static
>
> 6) REST API for VM related data:
>a) URL /ovirt-engine/api/vms/{VM_ID} contains numa related data:
> preferred
>
>b) URL /ovirt-engine/api/vms/{VM_ID}/numanodes works, but returns only:
>
thanks for the elaborate report, few question:
What was reported in the element?
Did you pin the nodes?
>
> 6) VMs migration between hosts worked fine
VM migration with/out numa pinning?
>
>
>
> Martin Perina
> ___
> Users mailing list
> us...@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
___
Devel mailing list
Devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel
Re: [ovirt-devel] [ovirt-users] oVirt 3.5 test day 2 results
On Jul 30, 2014, at 11:54 , Shirly Radco wrote: > Hi, > > I tested 557125 - internationalize exitMessage; use meaningful exitCode > > These are the tests I made : > > power off from inside the guest - > VM testexitmessage is down. Exit message: User shut down from within the guest > ID 61 > > power off from inside the admin portal - > VM testexitmessage powered off by admin (Host: yanivs) (Reason: Not > Specified). > ID 33 > > shotdown from inside the admin portal - > VM shutdown initiated by admin on VM testexitmessage (Host: yanivs) (Reason: > Not Specified) > ID73 > VM testexitmessage is down. Exit message: User shut down from within the guest > ID61 > > > shotdown from inside the guest - > VM testexitmessage is down. Exit message: User shut down from within the guest > ID 61 > > reboot from guest - > no exit reason. > > In espanol > > shotdown from inside the admin portal - > VM shutdown initiated by admin on VM testexitmessage (Host: yanivs) (Reason: > Not Specified). > ID 73 > VM testexitmessage is down. Exit message: User shut down from within the guest > ID 61 > > > In Deutsch > > power off from inside the admin portal - > VM testexitmessage powered off by admin (Host: yanivs) (Reason: Not > Specified). > ID 33 > > > Conclutions: > 1. I don't see translations for local langueges for the events in the admin > portal. Right, it's not part of the feature. It's only about returning a unique id for each different reason so it can be used for internationalization later > 2. In case of shotdown from inside the admin portal we get 2 messages > instead of one. The second one(ID61) is incorrect. this is likely a bug (adding Francesco) I think the libvirt eventloop's if detail == libvirt.VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN: self.user_destroy = True assumption is not correct Thanks, michal > > Best regards, > > --- > Shirly Radco > BI Software Engineer > Red Hat Israel Ltd. > ___ > Devel mailing list > Devel@ovirt.org > http://lists.ovirt.org/mailman/listinfo/devel ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
[ovirt-devel] [ovirt-users] oVirt 3.5 test day 2 results
Hi, I tested 557125 - internationalize exitMessage; use meaningful exitCode These are the tests I made : power off from inside the guest - VM testexitmessage is down. Exit message: User shut down from within the guest ID 61 power off from inside the admin portal - VM testexitmessage powered off by admin (Host: yanivs) (Reason: Not Specified). ID 33 shotdown from inside the admin portal - VM shutdown initiated by admin on VM testexitmessage (Host: yanivs) (Reason: Not Specified) ID73 VM testexitmessage is down. Exit message: User shut down from within the guest ID61 shotdown from inside the guest - VM testexitmessage is down. Exit message: User shut down from within the guest ID 61 reboot from guest - no exit reason. In espanol shotdown from inside the admin portal - VM shutdown initiated by admin on VM testexitmessage (Host: yanivs) (Reason: Not Specified). ID 73 VM testexitmessage is down. Exit message: User shut down from within the guest ID 61 In Deutsch power off from inside the admin portal - VM testexitmessage powered off by admin (Host: yanivs) (Reason: Not Specified). ID 33 Conclutions: 1. I don't see translations for local langueges for the events in the admin portal. 2. In case of shotdown from inside the admin portal we get 2 messages instead of one. The second one(ID61) is incorrect. Best regards, --- Shirly Radco BI Software Engineer Red Hat Israel Ltd. ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
