date:20130807

[Engine-devel] open-ovf

2013-08-07 Thread Yedidyah Bar David

Hi all,

While reviewing a change to allow using an ovf image in hosted-engine, I
searched and found that there is a project called "open-ovf". It's a
python library to work with ovf images.

Using it might make sense in hosted engine and image-uploader, perhaps
other places.

Did we ever discuss using it? Are there any obvious obstacles?

Best regards,
-- 
Didi
___
Engine-devel mailing list
Engine-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel

[Engine-devel] ovirt 3.3 RC packages

2013-08-07 Thread Ofer Schreiber

Dear maintainers,

As you probably know, we're heading towards the 3.3 release of ovirt.
I'd like to get a short status about your project, and it's readiness for the 
upcoming release.
If your project is blocker free, please let me know of the relevant build to 
pick up into the RC repo.

Current known blockers (as in 
https://bugzilla.redhat.com/show_bug.cgi?id=918494 - Tracker: oVirt 3.3 
release):

ovirt-engine

984586  ovirt-engine-backendinfra   Cannot start a VM with USB 
Native - Exit message: internal error Could not format channel target type.
988299  ovirt-engine-core   gluster Impossible to start VM from 
Gluster Storage Domain
987939  ovirt-engine-installer  integration engine-setup -> engine-cleanup 
-> engine-setup -> fails

vsdm

988004  vdsm   network  [vdsm] OSError: [Errno 2] No such 
file or directory: '/sys/class/net/ovirtmgmt/brif'
988065  vdsm   virt Migration fails - AttributeError: 
'ConsoleDevice' object has no attribute 'alias'
988397  vdsm   network  ovirt-node post-installation setup 
networks fails when NetworkManager is running
988990  vdsm   network  oVirt 3.3 - (vdsm-network): netinfo 
- ValueError: unknown bridge ens3
990854  vdsm   network  Multiple Gateways: Upgrade VDSM to 
3.3 must reconfigure networking on host
990963  vdsmvdsm must require 
selinux-policy-3.12.1-68.fc19

ovirt-node

988986 ovirt-node   libvirt network directory is not 
persisted

other
=
990509 selinux-policy   Current selinux policy prevents 
running a VM with volumes under /var/run/vdsm/storage

Thanks,

Ofer Schreiber
___
Engine-devel mailing list
Engine-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel

Re: [Engine-devel] ovirt 3.3 RC packages

2013-08-07 Thread Sahina Bose



On 08/07/2013 01:42 PM, Ofer Schreiber wrote:

Dear maintainers,

As you probably know, we're heading towards the 3.3 release of ovirt.
I'd like to get a short status about your project, and it's readiness for the 
upcoming release.
If your project is blocker free, please let me know of the relevant build to 
pick up into the RC repo.

Current known blockers (as in 
https://bugzilla.redhat.com/show_bug.cgi?id=918494 - Tracker: oVirt 3.3 
release):

ovirt-engine

984586  ovirt-engine-backendinfra   Cannot start a VM with USB 
Native - Exit message: internal error Could not format channel target type.
988299  ovirt-engine-core   gluster Impossible to start VM from 
Gluster Storage Domain
There's an issue with running this on CentOS 6.4 as there is no qemu 1.3 
available for this distro.
Deepak (deepakcs) has initiated a conversation asking for inputs on how 
to handle this dependency. We could take a call based on the resolution.



987939  ovirt-engine-installer  integration engine-setup -> engine-cleanup -> 
engine-setup -> fails

vsdm

988004  vdsm   network  [vdsm] OSError: [Errno 2] No such 
file or directory: '/sys/class/net/ovirtmgmt/brif'
988065  vdsm   virt Migration fails - AttributeError: 
'ConsoleDevice' object has no attribute 'alias'
988397  vdsm   network  ovirt-node post-installation setup 
networks fails when NetworkManager is running
988990  vdsm   network  oVirt 3.3 - (vdsm-network): netinfo 
- ValueError: unknown bridge ens3
990854  vdsm   network  Multiple Gateways: Upgrade VDSM to 
3.3 must reconfigure networking on host
990963  vdsmvdsm must require 
selinux-policy-3.12.1-68.fc19

ovirt-node

988986 ovirt-node   libvirt network directory is not 
persisted

other
=
990509 selinux-policy   Current selinux policy prevents 
running a VM with volumes under /var/run/vdsm/storage

Thanks,

Ofer Schreiber
___
Engine-devel mailing list
Engine-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel


___
Engine-devel mailing list
Engine-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel

Re: [Engine-devel] [vdsm] How to handle qemu 1.3 dep for Gluster Storage Domain

2013-08-07 Thread Itamar Heim


On 08/07/2013 08:21 AM, Sahina Bose wrote:

[Adding engine-devel]

On 08/06/2013 10:48 AM, Deepak C Shetty wrote:

Hi All,
There were 2 learnings from BZ
https://bugzilla.redhat.com/show_bug.cgi?id=988299

1) Gluster RPM deps were not proper in VDSM when using Gluster Storage
Domain. This has been partly addressed
by the gluster-devel thread @
http://lists.gnu.org/archive/html/gluster-devel/2013-08/msg8.html
and will be fully addressed once Gluster folks ensure their packaging
is friendly enuf for VDSM to consume
just the needed bits. Once that happens, i will be sending a patch to
vdsm.spec.in to update the gluster
deps correctly. So this issue gets addressed in near term.

2) Gluster storage domain needs minimum libvirt 1.0.1 and qemu 1.3.

libvirt 1.0.1 has the support for representing gluster as a network
block device and qemu 1.3 has the
native support for gluster block backend which supports gluster://...
URI way of representing a gluster
based file (aka volume/vmdisk in VDSM case). Many distros (incl.
centos 6.4 in the BZ) won't have qemu
1.3 in their distro repos! How do we handle this dep in VDSM ?

Do we disable gluster storage domain in oVirt engine if VDSM reports
qemu < 1.3 as part of getCapabilities ?
or
Do we ensure qemu 1.3 is present in ovirt.repo assuming ovirt.repo is
always present on VDSM hosts in which
case when VDSM gets installed, qemu 1.3 dep in vdsm.spec.in will
install qemu 1.3 from the ovirt.repo
instead of the distro repo. This means vdsm.spec.in will have qemu >=
1.3 under Requires.


Is this possible to make this a conditional install? That is, only if
Storage Domain = GlusterFS in the Data center, the bootstrapping of host
will install the qemu 1.3 and dependencies.

(The question still remains as to where the qemu 1.3 rpms will be
available)



hosts are installed prior to storage domain definition usually.
we need to find a solution to having a qemu > 1.3 for .el6 (or another 
version of qemu with this feature set).



What will be a good way to handle this ?
Appreciate your response

thanx,
deepak

___
vdsm-devel mailing list
vdsm-de...@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-devel


___
vdsm-devel mailing list
vdsm-de...@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-devel


___
Engine-devel mailing list
Engine-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel

Re: [Engine-devel] users cannot log into userportal

2013-08-07 Thread Itamar Heim


On 08/07/2013 12:10 AM, Dead Horse wrote:

I have found some steps to reproduce this easily.

Start the engine bound to an AD for authentication
log in to the user portal as an AD user which has been granted a Role (I
used PowerUserRole)

Result: Login will succeed
Data from engine.log:
2013-08-06 15:54:10,088 INFO
[org.ovirt.engine.core.bll.LoginUserCommand] (ajp--127.0.0.1-8702-10)
Running command: LoginUserCommand internal: false.
2013-08-06 15:54:10,139 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-10) Correlation ID: 23c4709, Call Stack: null,
Custom Event ID: -1, Message: User ovirttest logged in.

log out of the user portal
Result: log out succeeds
Data from engine.log:
2013-08-06 15:54:12,448 INFO
[org.ovirt.engine.core.bll.LogoutUserCommand] (ajp--127.0.0.1-8702-2)
Running command: LogoutUserCommand internal: false.
2013-08-06 15:54:12,474 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-2) Correlation ID: 52a89e7d, Call Stack: null,
Custom Event ID: -1, Message: User ovirttest logged out.

As the same user log in to the user portal again but this purposely
input the wrong password.
Result: log in will fail
Data from engine.log:
2013-08-06 15:54:20,830 ERROR
[org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-7) Kerberos error: Pre-authentication information
was invalid (24)
2013-08-06 15:54:20,832 ERROR
[org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the
username and password.
2013-08-06 15:54:20,843 ERROR
[org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
(ajp--127.0.0.1-8702-7) Failed ldap search server
LDAP://foodc02.foo.test.com:389  using
user ovirtt...@foo.test.com  due to
Authentication Failed. Please verify the username and password.. We
should not try the next server
2013-08-06 15:54:20,850 ERROR
[org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-7) Kerberos error: Pre-authentication information
was invalid (24)
2013-08-06 15:54:20,851 ERROR
[org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy]
(ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the
username and password.
2013-08-06 15:54:20,852 ERROR
[org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
(ajp--127.0.0.1-8702-7) Failed ldap search server
LDAP://foodc01.foo.test.com:389  using
user ovirtt...@foo.test.com  due to
Authentication Failed. Please verify the username and password.. We
should not try the next server
2013-08-06 15:54:20,853 ERROR
[org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand]
(ajp--127.0.0.1-8702-7) Failed authenticating user: ovirttest to domain
gso.med.ge.com . Ldap Query Type is getUserByName
2013-08-06 15:54:20,854 ERROR
[org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand]
(ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the
username and password.
2013-08-06 15:54:20,855 ERROR
[org.ovirt.engine.core.bll.LoginUserCommand] (ajp--127.0.0.1-8702-7)
USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD : ovirttest
2013-08-06 15:54:20,856 WARN
[org.ovirt.engine.core.bll.LoginUserCommand] (ajp--127.0.0.1-8702-7)
CanDoAction of action LoginUser failed.
Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD

Try again to log in as the same user this time typing the correct password.
Result: Login fails!
Data from engine.log:
2013-08-06 15:54:25,186 ERROR
[org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand]
(ajp--127.0.0.1-8702-7) Failed authenticating user: ovirttest to domain
gso.med.ge.com . Ldap Query Type is getUserByName
2013-08-06 15:54:25,187 ERROR
[org.ovirt.engine.core.bll.LoginUserCommand] (ajp--127.0.0.1-8702-7)
USER_FAILED_TO_AUTHENTICATE : ovirttest
2013-08-06 15:54:25,187 WARN
[org.ovirt.engine.core.bll.LoginUserCommand] (ajp--127.0.0.1-8702-7)
CanDoAction of action LoginUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE

Try again with another AD user.
Result: Login fails!
Data from engine.log:
2013-08-06 15:54:38,056 ERROR
[org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand]
(ajp--127.0.0.1-8702-5) Failed authenticating user: ovirtadmin to domain
gso.med.ge.com . Ldap Query Type is getUserByName
2013-08-06 15:54:38,057 ERROR
[org.ovirt.engine.core.bll.LoginUserCommand] (ajp--127.0.0.1-8702-5)
USER_FAILED_TO_AUTHENTICATE : ovirtadmin
2013-08-06 15:54:38,058 WARN
[org.ovirt.engine.core.bll.LoginUserCommand] (ajp--127.0.0.1-8702-5)
CanDoAction of action LoginUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE

Logging into the admin portal as the admin@internal user will yield that
engine seems to have forgotten about and can no longe

Re: [Engine-devel] Dynamic resource loading in GWT

2013-08-07 Thread Einav Cohen

Hi Roy,

a couple of notes (I could be totally wrong here, GWT experts - please 
review/comment):

- from [1]:
"Provides dynamic string lookup of key/value string pairs defined in a module's 
host HTML page" - 
there is a chance that a gwt dictionary is limited to reading key/value string 
pairs that reside 
within the *gwt module host HTML page* (i.e., within the context of the GWT 
application - 
"http://[server]/webadmin/webadmin/...";) and not outside - need to find that 
out.

- again, from [1]:
"a variety of error conditions (particularly those involving key mismatches) 
cannot be caught until 
runtime. Similarly, the GWT compiler is unable discard unused dictionary values 
since the structure 
cannot be statically analyzed".
(this is expected, as the suggested loading here is dynamic, rather than static)

- not sure exactly how this would work with localization; there is "A Caveat 
Regarding Locale" 
mentioned in [1] - IIUC, we will lose the automatic locale-mapping that we have 
today, and we would 
need to do it ourselves somehow (not a big deal, I suppose, just some extra 
work that needs to be 
done here).


Thanks,
Einav

[1] 
http://www.gwtproject.org/javadoc/latest/com/google/gwt/i18n/client/Dictionary.html

- Original Message -
> From: "Roy Golan" 
> To: "engine-devel" 
> Sent: Wednesday, August 7, 2013 2:59:07 AM
> Subject: [Engine-devel] Dynamic resource loading in GWT
> 
> Painful issue here - we all know the regular drill of maintaining
> messages in many places, I18N files and so on.
> Also there's a patch to make all available timezone an java enum and by
> that share it for free with the UI. its a way better than a backend Query.
> 
> But this is all hard-coded, not flexible, hard to maintain, we all know.
> 
> Why won't we make GWT load a javascript dictionary/dictionaries from a
> servlet or our host page html[1] using GWT Dictionary[3]?
> 
> that way the configuration is shared with the engine, it relies on the
> disk, customers and GSS can change it on-site and so on.
> 
> 
> | index.html | -> | file servlet | -> |read /etc/ovirt-engine/conf/...|
> 
>  ^
>   |
> 
> | GWT loads Dictionary |
> 
> 
> candidates for dynamic resources
> * I18N resources AppErrors...
> * config ( just the UI subset )
> * osinfo ?
> 
> 
> 
> [1] host page html -
> http://www.gwtproject.org/doc/latest/DevGuideOrganizingProjects.html#DevGuideHostPage
> [2] Dynamic string internationalisation -
> http://www.gwtproject.org/doc/latest/DevGuideI18n.html#DevGuideDynamicStringInternationalization
> [3]
> http://www.gwtproject.org/javadoc/latest/com/google/gwt/i18n/client/Dictionary.html
> 
> Thanks,
> Roy
> ___
> Engine-devel mailing list
> Engine-devel@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel
> 
___
Engine-devel mailing list
Engine-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel

Re: [Engine-devel] cannot login after re-deploying development environment

2013-08-07 Thread Einav Cohen

many thanks Alon/Lior for your help - I appreciate it!


Regards,
Einav

- Original Message -
> From: "Lior Vernia" 
> To: "Einav Cohen" 
> Cc: "engine-devel" 
> Sent: Wednesday, August 7, 2013 1:47:19 AM
> Subject: Re: [Engine-devel] cannot login after re-deploying development   
> environment
> 
> Hi Einav,
> 
> Happens to me repeatedly. I reset options "AdminPassword" and
> "LocalAdminPassword" manually in the vdc_options in the DB. Never tried
> the aforementioned "-s AdminPassword=interactive" switch for engine-setup.
> 
> Lior.
> 
> On 06/08/13 20:31, Einav Cohen wrote:
> > Hi,
> > 
> > The following scenario already happened to me several times:
> > 
> > I created a brand new 'engine' data-base, created / deployed
> > development environment [everything works correctly].
> > 
> > After ^^^, I re-create/deploy development environment, this
> > time without creating a brand new 'engine' data-base (i.e. I
> > utilized the existing one). Everything seems to be working
> > correctly, only I cannot login into the web-admin (I fail on
> > USER_FAILED_TO_AUTHENTICATE CanDoAction).
> > 
> > The only workaround I found is to use a brand-new data-base.
> > 
> > Any ideas?
> > 
> > [attached: engine.log, engine-setup output, engine-setup.log]
> > 
> > Thanks in advance.
> > Einav
> > 
> > 
> > 
> > ___
> > Engine-devel mailing list
> > Engine-devel@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/engine-devel
> > 
> ___
> Engine-devel mailing list
> Engine-devel@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel
> 
> 
> 
___
Engine-devel mailing list
Engine-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel

Re: [Engine-devel] Dynamic resource loading in GWT

2013-08-07 Thread Roy Golan


On 08/07/2013 02:08 PM, Einav Cohen wrote:

Hi Roy,

a couple of notes (I could be totally wrong here, GWT experts - please 
review/comment):

- from [1]:
"Provides dynamic string lookup of key/value string pairs defined in a module's host 
HTML page" -
there is a chance that a gwt dictionary is limited to reading key/value string 
pairs that reside
within the *gwt module host HTML page* (i.e., within the context of the GWT 
application -
"http://[server]/webadmin/webadmin/...";) and not outside - need to find that 
out.
well the file servlet resides on [server] so I don't think there a "same 
origin policy" problem here - correct me if I'm wrong (isn't branding 
doing something similar?)


- again, from [1]:
"a variety of error conditions (particularly those involving key mismatches) 
cannot be caught until
runtime. Similarly, the GWT compiler is unable discard unused dictionary values 
since the structure
cannot be statically analyzed".
(this is expected, as the suggested loading here is dynamic, rather than static)

- not sure exactly how this would work with localization; there is "A Caveat 
Regarding Locale"
mentioned in [1] - IIUC, we will lose the automatic locale-mapping that we have 
today, and we would
need to do it ourselves somehow (not a big deal, I suppose, just some extra 
work that needs to be
done here).
indeed but it will pay off. a change off resources means ctrl+F5 and not 
GWT compilation :P



Thanks,
Einav

[1] 
http://www.gwtproject.org/javadoc/latest/com/google/gwt/i18n/client/Dictionary.html

- Original Message -

From: "Roy Golan" 
To: "engine-devel" 
Sent: Wednesday, August 7, 2013 2:59:07 AM
Subject: [Engine-devel] Dynamic resource loading in GWT

Painful issue here - we all know the regular drill of maintaining
messages in many places, I18N files and so on.
Also there's a patch to make all available timezone an java enum and by
that share it for free with the UI. its a way better than a backend Query.

But this is all hard-coded, not flexible, hard to maintain, we all know.

Why won't we make GWT load a javascript dictionary/dictionaries from a
servlet or our host page html[1] using GWT Dictionary[3]?

that way the configuration is shared with the engine, it relies on the
disk, customers and GSS can change it on-site and so on.


| index.html | -> | file servlet | -> |read /etc/ovirt-engine/conf/...|

  ^
   |

| GWT loads Dictionary |


candidates for dynamic resources
* I18N resources AppErrors...
* config ( just the UI subset )
* osinfo ?



[1] host page html -
http://www.gwtproject.org/doc/latest/DevGuideOrganizingProjects.html#DevGuideHostPage
[2] Dynamic string internationalisation -
http://www.gwtproject.org/doc/latest/DevGuideI18n.html#DevGuideDynamicStringInternationalization
[3]
http://www.gwtproject.org/javadoc/latest/com/google/gwt/i18n/client/Dictionary.html

Thanks,
Roy
___
Engine-devel mailing list
Engine-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel



___
Engine-devel mailing list
Engine-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel

Re: [Engine-devel] Dynamic resource loading in GWT

2013-08-07 Thread Tomas Jelinek

Hey Roy,

well, I'm not a fan of using the dictionary - it is an associative array and 
opens a door to
mistakes which will not be handled by compiler like locales.get("naem") will 
not return me the name :)
At least not for data we know how will look like (e.g. for the os info)

We already embed some info into the host page and use it on the client using 
JavaScript Overlay Types [4]. 

You can have a look for example at GwtDynamicHostPageServlet:
request.setAttribute(MD5Attributes.ATTR_USER_INFO.getKey(), 
getUserInfoObject(loggedInUser));
and on the FE side the overlay type is: AutoLoginData

But I would be careful how much info do we want to embed into the host page - 
it can make it significantly big
and influence the performance (for example we are using code splitting [5] to 
download only the parts of the app
we actually need when we need them). To embed too much info which is not always 
needed is a step to the opposite 
direction. I don't say it is wrong, it just has to be considered.

Tomas

[4]: 
http://googlewebtoolkit.blogspot.cz/2008/08/getting-to-really-know-gwt-part-2.html
[5]: http://www.gwtproject.org/doc/latest/DevGuideCodeSplitting.html

- Original Message -
> From: "Einav Cohen" 
> To: "Roy Golan" 
> Cc: "engine-devel" 
> Sent: Wednesday, August 7, 2013 1:08:58 PM
> Subject: Re: [Engine-devel] Dynamic resource loading in GWT
> 
> Hi Roy,
> 
> a couple of notes (I could be totally wrong here, GWT experts - please
> review/comment):
> 
> - from [1]:
> "Provides dynamic string lookup of key/value string pairs defined in a
> module's host HTML page" -
> there is a chance that a gwt dictionary is limited to reading key/value
> string pairs that reside
> within the *gwt module host HTML page* (i.e., within the context of the GWT
> application -
> "http://[server]/webadmin/webadmin/...";) and not outside - need to find that
> out.
> 
> - again, from [1]:
> "a variety of error conditions (particularly those involving key mismatches)
> cannot be caught until
> runtime. Similarly, the GWT compiler is unable discard unused dictionary
> values since the structure
> cannot be statically analyzed".
> (this is expected, as the suggested loading here is dynamic, rather than
> static)
> 
> - not sure exactly how this would work with localization; there is "A Caveat
> Regarding Locale"
> mentioned in [1] - IIUC, we will lose the automatic locale-mapping that we
> have today, and we would
> need to do it ourselves somehow (not a big deal, I suppose, just some extra
> work that needs to be
> done here).
> 
> 
> Thanks,
> Einav
> 
> [1]
> http://www.gwtproject.org/javadoc/latest/com/google/gwt/i18n/client/Dictionary.html
> 
> - Original Message -
> > From: "Roy Golan" 
> > To: "engine-devel" 
> > Sent: Wednesday, August 7, 2013 2:59:07 AM
> > Subject: [Engine-devel] Dynamic resource loading in GWT
> > 
> > Painful issue here - we all know the regular drill of maintaining
> > messages in many places, I18N files and so on.
> > Also there's a patch to make all available timezone an java enum and by
> > that share it for free with the UI. its a way better than a backend Query.
> > 
> > But this is all hard-coded, not flexible, hard to maintain, we all know.
> > 
> > Why won't we make GWT load a javascript dictionary/dictionaries from a
> > servlet or our host page html[1] using GWT Dictionary[3]?
> > 
> > that way the configuration is shared with the engine, it relies on the
> > disk, customers and GSS can change it on-site and so on.
> > 
> > 
> > | index.html | -> | file servlet | -> |read /etc/ovirt-engine/conf/...|
> > 
> >  ^
> >   |
> > 
> > | GWT loads Dictionary |
> > 
> > 
> > candidates for dynamic resources
> > * I18N resources AppErrors...
> > * config ( just the UI subset )
> > * osinfo ?
> > 
> > 
> > 
> > [1] host page html -
> > http://www.gwtproject.org/doc/latest/DevGuideOrganizingProjects.html#DevGuideHostPage
> > [2] Dynamic string internationalisation -
> > http://www.gwtproject.org/doc/latest/DevGuideI18n.html#DevGuideDynamicStringInternationalization
> > [3]
> > http://www.gwtproject.org/javadoc/latest/com/google/gwt/i18n/client/Dictionary.html
> > 
> > Thanks,
> > Roy
> > ___
> > Engine-devel mailing list
> > Engine-devel@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/engine-devel
> > 
> ___
> Engine-devel mailing list
> Engine-devel@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel
> 
___
Engine-devel mailing list
Engine-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel

Re: [Engine-devel] Dynamic resource loading in GWT

2013-08-07 Thread Alexander Wels

On Wednesday, August 07, 2013 02:48:45 PM Roy Golan wrote:
> On 08/07/2013 02:08 PM, Einav Cohen wrote:
> > Hi Roy,
> > 
> > a couple of notes (I could be totally wrong here, GWT experts - please
> > review/comment):
> > 
> > - from [1]:
> > "Provides dynamic string lookup of key/value string pairs defined in a
> > module's host HTML page" - there is a chance that a gwt dictionary is
> > limited to reading key/value string pairs that reside within the *gwt
> > module host HTML page* (i.e., within the context of the GWT application -
> > "http://[server]/webadmin/webadmin/...";) and not outside - need to find
> > that out.
> well the file servlet resides on [server] so I don't think there a "same
> origin policy" problem here - correct me if I'm wrong (isn't branding
> doing something similar?)
> 

Branding is doing exactly what you are suggesting, generating a dictionary in 
the host page, and having the GWT application read it at runtime. The only 
reason we did it like that, is that there is no other way of changing some of 
the messages at runtime. If there was some way of doing it at compile time I 
would have done that. Also the number of resources changed by branding is very 
limited and therefore won't impact the performance as much as doing every 
single resource.

There are advantages and disadvantages of both methods that need to be 
carefully weighed, and the GWT developers themselves did that and came to the 
conclusion that compile time inclusion is the best method for most resources. 
They did however anticipate the need for some runtime resources so they 
included Dictionary etc.

> > - again, from [1]:
> > "a variety of error conditions (particularly those involving key
> > mismatches) cannot be caught until runtime. Similarly, the GWT compiler
> > is unable discard unused dictionary values since the structure cannot be
> > statically analyzed".
> > (this is expected, as the suggested loading here is dynamic, rather than
> > static)
> > 
> > - not sure exactly how this would work with localization; there is "A
> > Caveat Regarding Locale" mentioned in [1] - IIUC, we will lose the
> > automatic locale-mapping that we have today, and we would need to do it
> > ourselves somehow (not a big deal, I suppose, just some extra work that
> > needs to be done here).
> 

The branding allows one to define java property bundles for all the supported 
languages, and will load them at runtime and put the translated strings in the 
Dictionary in the host page. Again I wouldn't recommend doing it for a large 
number of resources.

> indeed but it will pay off. a change off resources means ctrl+F5 and not
> GWT compilation :P
> 

Sure for the developer it would be great, less compiling. However for the user 
not so much, and in the end we are creating the software for the user and the 
needs of the developer are secondary to that. When I say it is not so great 
for the user, I mean the fact that it becomes a lot harder to cache the host 
page (as the contents can change), vs caching the compiled resources is really 
easy as the contents won't chance.

> > 
> > Thanks,
> > Einav
> > 
> > [1]
> > http://www.gwtproject.org/javadoc/latest/com/google/gwt/i18n/client/Dicti
> > onary.html
> > 
> > - Original Message -
> > 
> >> From: "Roy Golan" 
> >> To: "engine-devel" 
> >> Sent: Wednesday, August 7, 2013 2:59:07 AM
> >> Subject: [Engine-devel] Dynamic resource loading in GWT
> >> 
> >> Painful issue here - we all know the regular drill of maintaining
> >> messages in many places, I18N files and so on.
> >> Also there's a patch to make all available timezone an java enum and by
> >> that share it for free with the UI. its a way better than a backend
> >> Query.
> >> 
> >> But this is all hard-coded, not flexible, hard to maintain, we all know.
> >> 
> >> Why won't we make GWT load a javascript dictionary/dictionaries from a
> >> servlet or our host page html[1] using GWT Dictionary[3]?
> >> 
> >> that way the configuration is shared with the engine, it relies on the
> >> disk, customers and GSS can change it on-site and so on.
> >> 
> >> | index.html | -> | file servlet | -> |read /etc/ovirt-engine/conf/...|
> >> | 
> >>   ^
> >> | 
> >> | GWT loads Dictionary |
> >> 
> >> candidates for dynamic resources
> >> * I18N resources AppErrors...
> >> * config ( just the UI subset )
> >> * osinfo ?
> >> 
> >> 
> >> 
> >> [1] host page html -
> >> http://www.gwtproject.org/doc/latest/DevGuideOrganizingProjects.html#DevG
> >> uideHostPage [2] Dynamic string internationalisation -
> >> http://www.gwtproject.org/doc/latest/DevGuideI18n.html#DevGuideDynamicStr
> >> ingInternationalization [3]
> >> http://www.gwtproject.org/javadoc/latest/com/google/gwt/i18n/client/Dicti
> >> onary.html
> >> 
> >> Thanks,
> >> Roy
> >> ___
> >> Engine-devel mailing list
> >> Engine-devel@ovirt.org
> >> http://lists.ovirt.org/mailman/listinfo/engine-devel
> 
> ___

Re: [Engine-devel] Dynamic resource loading in GWT

2013-08-07 Thread Roy Golan


On Wed 07 Aug 2013 03:23:36 PM IDT, Alexander Wels wrote:

On Wednesday, August 07, 2013 02:48:45 PM Roy Golan wrote:

On 08/07/2013 02:08 PM, Einav Cohen wrote:

Hi Roy,

a couple of notes (I could be totally wrong here, GWT experts - please
review/comment):

- from [1]:
"Provides dynamic string lookup of key/value string pairs defined in a
module's host HTML page" - there is a chance that a gwt dictionary is
limited to reading key/value string pairs that reside within the *gwt
module host HTML page* (i.e., within the context of the GWT application -
"http://[server]/webadmin/webadmin/...";) and not outside - need to find
that out.

well the file servlet resides on [server] so I don't think there a "same
origin policy" problem here - correct me if I'm wrong (isn't branding
doing something similar?)



Branding is doing exactly what you are suggesting, generating a dictionary in
the host page, and having the GWT application read it at runtime. The only
reason we did it like that, is that there is no other way of changing some of
the messages at runtime. If there was some way of doing it at compile time I
would have done that. Also the number of resources changed by branding is very
limited and therefore won't impact the performance as much as doing every
single resource.

There are advantages and disadvantages of both methods that need to be
carefully weighed, and the GWT developers themselves did that and came to the
conclusion that compile time inclusion is the best method for most resources.
They did however anticipate the need for some runtime resources so they
included Dictionary etc.


- again, from [1]:
"a variety of error conditions (particularly those involving key
mismatches) cannot be caught until runtime. Similarly, the GWT compiler
is unable discard unused dictionary values since the structure cannot be
statically analyzed".
(this is expected, as the suggested loading here is dynamic, rather than
static)

- not sure exactly how this would work with localization; there is "A
Caveat Regarding Locale" mentioned in [1] - IIUC, we will lose the
automatic locale-mapping that we have today, and we would need to do it
ourselves somehow (not a big deal, I suppose, just some extra work that
needs to be done here).




The branding allows one to define java property bundles for all the supported
languages, and will load them at runtime and put the translated strings in the
Dictionary in the host page. Again I wouldn't recommend doing it for a large
number of resources.

why?
and what number is large?



indeed but it will pay off. a change off resources means ctrl+F5 and not
GWT compilation :P



Sure for the developer it would be great, less compiling. However for the user
not so much,


isn't admin is gaining from it? and development time and bugs around 
messages?


and in the end we are creating the software for the user and the

needs of the developer are secondary to that. When I say it is not so great
for the user, I mean the fact that it becomes a lot harder to cache the host
page (as the contents can change), vs caching the compiled resources is really
easy as the contents won't chance.


in the end both are cached so there is no memory overhead.





Thanks,
Einav

[1]
http://www.gwtproject.org/javadoc/latest/com/google/gwt/i18n/client/Dicti
onary.html

- Original Message -


From: "Roy Golan" 
To: "engine-devel" 
Sent: Wednesday, August 7, 2013 2:59:07 AM
Subject: [Engine-devel] Dynamic resource loading in GWT

Painful issue here - we all know the regular drill of maintaining
messages in many places, I18N files and so on.
Also there's a patch to make all available timezone an java enum and by
that share it for free with the UI. its a way better than a backend
Query.

But this is all hard-coded, not flexible, hard to maintain, we all know.

Why won't we make GWT load a javascript dictionary/dictionaries from a
servlet or our host page html[1] using GWT Dictionary[3]?

that way the configuration is shared with the engine, it relies on the
disk, customers and GSS can change it on-site and so on.

| index.html | -> | file servlet | -> |read /etc/ovirt-engine/conf/...|
|
   ^
|
| GWT loads Dictionary |

candidates for dynamic resources
* I18N resources AppErrors...
* config ( just the UI subset )
* osinfo ?



[1] host page html -
http://www.gwtproject.org/doc/latest/DevGuideOrganizingProjects.html#DevG
uideHostPage [2] Dynamic string internationalisation -
http://www.gwtproject.org/doc/latest/DevGuideI18n.html#DevGuideDynamicStr
ingInternationalization [3]
http://www.gwtproject.org/javadoc/latest/com/google/gwt/i18n/client/Dicti
onary.html

Thanks,
Roy
___
Engine-devel mailing list
Engine-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel


___
Engine-devel mailing list
Engine-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel



_

Re: [Engine-devel] Dynamic resource loading in GWT

2013-08-07 Thread Einav Cohen

[top posting]

in general, gwt applications are not "built" for loading things at run-time. 
for the branding feature, we had to change some of that due to the feature 
requirements.

question is what will we gain from loading dynamically the values that are 
currently being loaded statically. 
for features such as dynamic/user-defined OSs [1] - it makes sense and probably 
even required, however, for error messages, which are not dynamic/user-defined, 
I think that it doesn't.
there are other ways to ease maintenance of error-messages (e.g. maintain only 
one copy of each file, and copy it during compilation time to the relevant 
locations, instead of maintaining several identical files), without introducing 
the disadvantages of dynamic loading.


Thanks,
Einav

[1] http://www.ovirt.org/OS_info

- Original Message -
> From: "Roy Golan" 
> To: aw...@redhat.com
> Cc: engine-devel@ovirt.org
> Sent: Wednesday, August 7, 2013 9:35:30 AM
> Subject: Re: [Engine-devel] Dynamic resource loading in GWT
> 
> On Wed 07 Aug 2013 03:23:36 PM IDT, Alexander Wels wrote:
> > On Wednesday, August 07, 2013 02:48:45 PM Roy Golan wrote:
> >> On 08/07/2013 02:08 PM, Einav Cohen wrote:
> >>> Hi Roy,
> >>>
> >>> a couple of notes (I could be totally wrong here, GWT experts - please
> >>> review/comment):
> >>>
> >>> - from [1]:
> >>> "Provides dynamic string lookup of key/value string pairs defined in a
> >>> module's host HTML page" - there is a chance that a gwt dictionary is
> >>> limited to reading key/value string pairs that reside within the *gwt
> >>> module host HTML page* (i.e., within the context of the GWT application -
> >>> "http://[server]/webadmin/webadmin/...";) and not outside - need to find
> >>> that out.
> >> well the file servlet resides on [server] so I don't think there a "same
> >> origin policy" problem here - correct me if I'm wrong (isn't branding
> >> doing something similar?)
> >>
> >
> > Branding is doing exactly what you are suggesting, generating a dictionary
> > in
> > the host page, and having the GWT application read it at runtime. The only
> > reason we did it like that, is that there is no other way of changing some
> > of
> > the messages at runtime. If there was some way of doing it at compile time
> > I
> > would have done that. Also the number of resources changed by branding is
> > very
> > limited and therefore won't impact the performance as much as doing every
> > single resource.
> >
> > There are advantages and disadvantages of both methods that need to be
> > carefully weighed, and the GWT developers themselves did that and came to
> > the
> > conclusion that compile time inclusion is the best method for most
> > resources.
> > They did however anticipate the need for some runtime resources so they
> > included Dictionary etc.
> >
> >>> - again, from [1]:
> >>> "a variety of error conditions (particularly those involving key
> >>> mismatches) cannot be caught until runtime. Similarly, the GWT compiler
> >>> is unable discard unused dictionary values since the structure cannot be
> >>> statically analyzed".
> >>> (this is expected, as the suggested loading here is dynamic, rather than
> >>> static)
> >>>
> >>> - not sure exactly how this would work with localization; there is "A
> >>> Caveat Regarding Locale" mentioned in [1] - IIUC, we will lose the
> >>> automatic locale-mapping that we have today, and we would need to do it
> >>> ourselves somehow (not a big deal, I suppose, just some extra work that
> >>> needs to be done here).
> >>
> >
> > The branding allows one to define java property bundles for all the
> > supported
> > languages, and will load them at runtime and put the translated strings in
> > the
> > Dictionary in the host page. Again I wouldn't recommend doing it for a
> > large
> > number of resources.
> why?
> and what number is large?
> >
> >> indeed but it will pay off. a change off resources means ctrl+F5 and not
> >> GWT compilation :P
> >>
> >
> > Sure for the developer it would be great, less compiling. However for the
> > user
> > not so much,
> 
> isn't admin is gaining from it? and development time and bugs around
> messages?
> 
>  and in the end we are creating the software for the user and the
> > needs of the developer are secondary to that. When I say it is not so great
> > for the user, I mean the fact that it becomes a lot harder to cache the
> > host
> > page (as the contents can change), vs caching the compiled resources is
> > really
> > easy as the contents won't chance.
> 
> in the end both are cached so there is no memory overhead.
> >
> >
> >>> 
> >>> Thanks,
> >>> Einav
> >>>
> >>> [1]
> >>> http://www.gwtproject.org/javadoc/latest/com/google/gwt/i18n/client/Dicti
> >>> onary.html
> >>>
> >>> - Original Message -
> >>>
>  From: "Roy Golan" 
>  To: "engine-devel" 
>  Sent: Wednesday, August 7, 2013 2:59:07 AM
>  Subject: [Engine-devel] Dynamic resource loading in GWT
> 
>  Painful issue here - w

[Engine-devel] InitBackendServicesOnStartupBean create

2013-08-07 Thread Laszlo Hornyak

Hi,

I made some mistake in the upgrade of my engine (which is my bad) but then I 
noticed that when one service initialization fails, the rest of the services 
are not initialized, but still the engine will start even then and it did not 
even log.

There are some patterns in that single method on initialization, some work with 
'try', some spawn a new thread. Can we have this cleaned up?
What I was thinking of is that each service should be initialized, creating a 
thread is it's own business, exceptions from initialization should be caught, 
logged and engine startup should be prevented if any service fails to 
initialize.

Thx,
Laszlo
___
Engine-devel mailing list
Engine-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel

Re: [Engine-devel] users cannot log into userportal

2013-08-07 Thread Dead Horse

BZ994604 (https://bugzilla.redhat.com/show_bug.cgi?id=994604) has been
opened.
- DHC


On Wed, Aug 7, 2013 at 5:35 AM, Itamar Heim  wrote:

> On 08/07/2013 12:10 AM, Dead Horse wrote:
>
>> I have found some steps to reproduce this easily.
>>
>> Start the engine bound to an AD for authentication
>> log in to the user portal as an AD user which has been granted a Role (I
>> used PowerUserRole)
>>
>> Result: Login will succeed
>> Data from engine.log:
>> 2013-08-06 15:54:10,088 INFO
>> [org.ovirt.engine.core.bll.**LoginUserCommand] (ajp--127.0.0.1-8702-10)
>> Running command: LoginUserCommand internal: false.
>> 2013-08-06 15:54:10,139 INFO
>> [org.ovirt.engine.core.dal.**dbbroker.auditloghandling.**
>> AuditLogDirector]
>> (ajp--127.0.0.1-8702-10) Correlation ID: 23c4709, Call Stack: null,
>> Custom Event ID: -1, Message: User ovirttest logged in.
>>
>> log out of the user portal
>> Result: log out succeeds
>> Data from engine.log:
>> 2013-08-06 15:54:12,448 INFO
>> [org.ovirt.engine.core.bll.**LogoutUserCommand] (ajp--127.0.0.1-8702-2)
>> Running command: LogoutUserCommand internal: false.
>> 2013-08-06 15:54:12,474 INFO
>> [org.ovirt.engine.core.dal.**dbbroker.auditloghandling.**
>> AuditLogDirector]
>> (ajp--127.0.0.1-8702-2) Correlation ID: 52a89e7d, Call Stack: null,
>> Custom Event ID: -1, Message: User ovirttest logged out.
>>
>> As the same user log in to the user portal again but this purposely
>> input the wrong password.
>> Result: log in will fail
>> Data from engine.log:
>> 2013-08-06 15:54:20,830 ERROR
>> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication**
>> Strategy]
>> (ajp--127.0.0.1-8702-7) Kerberos error: Pre-authentication information
>> was invalid (24)
>> 2013-08-06 15:54:20,832 ERROR
>> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication**
>> Strategy]
>> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the
>> username and password.
>> 2013-08-06 15:54:20,843 ERROR
>> [org.ovirt.engine.core.bll.**adbroker.DirectorySearcher]
>> (ajp--127.0.0.1-8702-7) Failed ldap search server
>> LDAP://foodc02.foo.test.com:**389  <
>> http://foodc02.foo.test.com:**389 >
>> using
>> user ovirtt...@foo.test.com  due to
>>
>> Authentication Failed. Please verify the username and password.. We
>> should not try the next server
>> 2013-08-06 15:54:20,850 ERROR
>> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication**
>> Strategy]
>> (ajp--127.0.0.1-8702-7) Kerberos error: Pre-authentication information
>> was invalid (24)
>> 2013-08-06 15:54:20,851 ERROR
>> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication**
>> Strategy]
>> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the
>> username and password.
>> 2013-08-06 15:54:20,852 ERROR
>> [org.ovirt.engine.core.bll.**adbroker.DirectorySearcher]
>> (ajp--127.0.0.1-8702-7) Failed ldap search server
>> LDAP://foodc01.foo.test.com:**389  <
>> http://foodc01.foo.test.com:**389 >
>> using
>> user ovirtt...@foo.test.com  due to
>>
>> Authentication Failed. Please verify the username and password.. We
>> should not try the next server
>> 2013-08-06 15:54:20,853 ERROR
>> [org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand]
>> (ajp--127.0.0.1-8702-7) Failed authenticating user: ovirttest to domain
>> gso.med.ge.com . Ldap Query Type is getUserByName
>>
>> 2013-08-06 15:54:20,854 ERROR
>> [org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand]
>> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the
>> username and password.
>> 2013-08-06 15:54:20,855 ERROR
>> [org.ovirt.engine.core.bll.**LoginUserCommand] (ajp--127.0.0.1-8702-7)
>> USER_FAILED_TO_AUTHENTICATE_**WRONG_USERNAME_OR_PASSWORD : ovirttest
>> 2013-08-06 15:54:20,856 WARN
>> [org.ovirt.engine.core.bll.**LoginUserCommand] (ajp--127.0.0.1-8702-7)
>> CanDoAction of action LoginUser failed.
>> Reasons:USER_FAILED_TO_**AUTHENTICATE_WRONG_USERNAME_**OR_PASSWORD
>>
>> Try again to log in as the same user this time typing the correct
>> password.
>> Result: Login fails!
>> Data from engine.log:
>> 2013-08-06 15:54:25,186 ERROR
>> [org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand]
>> (ajp--127.0.0.1-8702-7) Failed authenticating user: ovirttest to domain
>> gso.med.ge.com . Ldap Query Type is getUserByName
>>
>> 2013-08-06 15:54:25,187 ERROR
>> [org.ovirt.engine.core.bll.**LoginUserCommand] (ajp--127.0.0.1-8702-7)
>> USER_FAILED_TO_AUTHENTICATE : ovirttest
>> 2013-08-06 15:54:25,187 WARN
>> [org.ovirt.engine.core.bll.**LoginUserCommand] (ajp--127.0.0.1-8702-7)
>> CanDoAction of action LoginUser failed. Reasons:USER_FAILED_TO_**
>> AUTHENTICATE
>>
>> Try again with another AD user.
>> Result: Login fails!
>> Data from eng

Re: [Engine-devel] InitBackendServicesOnStartupBean create

2013-08-07 Thread Yair Zaslavsky



- Original Message -
> From: "Laszlo Hornyak" 
> To: "engine-devel" 
> Sent: Wednesday, August 7, 2013 5:59:34 PM
> Subject: [Engine-devel] InitBackendServicesOnStartupBean create
> 
> Hi,
> 
> I made some mistake in the upgrade of my engine (which is my bad) but then I
> noticed that when one service initialization fails, the rest of the services
> are not initialized, but still the engine will start even then and it did
> not even log.
> 
> There are some patterns in that single method on initialization, some work
> with 'try', some spawn a new thread. Can we have this cleaned up?
> What I was thinking of is that each service should be initialized, creating a
> thread is it's own business, exceptions from initialization should be
> caught, logged and engine startup should be prevented if any service fails
> to initialize.

The question is indeed whether we should really fail in case ANY service fails.
In addition, may I suggest spawning a thread for each one of the services 
(unless there is dependency of course), and wait for completion in order to 
reduce startup time?

> 
> Thx,
> Laszlo
> ___
> Engine-devel mailing list
> Engine-devel@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel
> 
___
Engine-devel mailing list
Engine-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel

Re: [Engine-devel] users cannot log into userportal

2013-08-07 Thread Yair Zaslavsky



- Original Message -
> From: "Dead Horse" 
> To: "Itamar Heim" 
> Cc: "engine-devel" , "Yair Zaslavsky" 
> 
> Sent: Wednesday, August 7, 2013 6:14:02 PM
> Subject: Re: [Engine-devel] users cannot log into userportal
> 
> BZ994604 (https://bugzilla.redhat.com/show_bug.cgi?id=994604) has been
> opened.
> - DHC

Thanks for your help DHC,
This was already fixed by rnori.

> 
> 
> On Wed, Aug 7, 2013 at 5:35 AM, Itamar Heim  wrote:
> 
> > On 08/07/2013 12:10 AM, Dead Horse wrote:
> >
> >> I have found some steps to reproduce this easily.
> >>
> >> Start the engine bound to an AD for authentication
> >> log in to the user portal as an AD user which has been granted a Role (I
> >> used PowerUserRole)
> >>
> >> Result: Login will succeed
> >> Data from engine.log:
> >> 2013-08-06 15:54:10,088 INFO
> >> [org.ovirt.engine.core.bll.**LoginUserCommand] (ajp--127.0.0.1-8702-10)
> >> Running command: LoginUserCommand internal: false.
> >> 2013-08-06 15:54:10,139 INFO
> >> [org.ovirt.engine.core.dal.**dbbroker.auditloghandling.**
> >> AuditLogDirector]
> >> (ajp--127.0.0.1-8702-10) Correlation ID: 23c4709, Call Stack: null,
> >> Custom Event ID: -1, Message: User ovirttest logged in.
> >>
> >> log out of the user portal
> >> Result: log out succeeds
> >> Data from engine.log:
> >> 2013-08-06 15:54:12,448 INFO
> >> [org.ovirt.engine.core.bll.**LogoutUserCommand] (ajp--127.0.0.1-8702-2)
> >> Running command: LogoutUserCommand internal: false.
> >> 2013-08-06 15:54:12,474 INFO
> >> [org.ovirt.engine.core.dal.**dbbroker.auditloghandling.**
> >> AuditLogDirector]
> >> (ajp--127.0.0.1-8702-2) Correlation ID: 52a89e7d, Call Stack: null,
> >> Custom Event ID: -1, Message: User ovirttest logged out.
> >>
> >> As the same user log in to the user portal again but this purposely
> >> input the wrong password.
> >> Result: log in will fail
> >> Data from engine.log:
> >> 2013-08-06 15:54:20,830 ERROR
> >> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication**
> >> Strategy]
> >> (ajp--127.0.0.1-8702-7) Kerberos error: Pre-authentication information
> >> was invalid (24)
> >> 2013-08-06 15:54:20,832 ERROR
> >> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication**
> >> Strategy]
> >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the
> >> username and password.
> >> 2013-08-06 15:54:20,843 ERROR
> >> [org.ovirt.engine.core.bll.**adbroker.DirectorySearcher]
> >> (ajp--127.0.0.1-8702-7) Failed ldap search server
> >> LDAP://foodc02.foo.test.com:**389  <
> >> http://foodc02.foo.test.com:**389 >
> >> using
> >> user ovirtt...@foo.test.com  due to
> >>
> >> Authentication Failed. Please verify the username and password.. We
> >> should not try the next server
> >> 2013-08-06 15:54:20,850 ERROR
> >> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication**
> >> Strategy]
> >> (ajp--127.0.0.1-8702-7) Kerberos error: Pre-authentication information
> >> was invalid (24)
> >> 2013-08-06 15:54:20,851 ERROR
> >> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication**
> >> Strategy]
> >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the
> >> username and password.
> >> 2013-08-06 15:54:20,852 ERROR
> >> [org.ovirt.engine.core.bll.**adbroker.DirectorySearcher]
> >> (ajp--127.0.0.1-8702-7) Failed ldap search server
> >> LDAP://foodc01.foo.test.com:**389  <
> >> http://foodc01.foo.test.com:**389 >
> >> using
> >> user ovirtt...@foo.test.com  due to
> >>
> >> Authentication Failed. Please verify the username and password.. We
> >> should not try the next server
> >> 2013-08-06 15:54:20,853 ERROR
> >> [org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand]
> >> (ajp--127.0.0.1-8702-7) Failed authenticating user: ovirttest to domain
> >> gso.med.ge.com . Ldap Query Type is getUserByName
> >>
> >> 2013-08-06 15:54:20,854 ERROR
> >> [org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand]
> >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the
> >> username and password.
> >> 2013-08-06 15:54:20,855 ERROR
> >> [org.ovirt.engine.core.bll.**LoginUserCommand] (ajp--127.0.0.1-8702-7)
> >> USER_FAILED_TO_AUTHENTICATE_**WRONG_USERNAME_OR_PASSWORD : ovirttest
> >> 2013-08-06 15:54:20,856 WARN
> >> [org.ovirt.engine.core.bll.**LoginUserCommand] (ajp--127.0.0.1-8702-7)
> >> CanDoAction of action LoginUser failed.
> >> Reasons:USER_FAILED_TO_**AUTHENTICATE_WRONG_USERNAME_**OR_PASSWORD
> >>
> >> Try again to log in as the same user this time typing the correct
> >> password.
> >> Result: Login fails!
> >> Data from engine.log:
> >> 2013-08-06 15:54:25,186 ERROR
> >> [org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand]
> >> (ajp--127.0.0.1-8702-7) Failed authenticating user: ovirttest to dom

Re: [Engine-devel] users cannot log into userportal

2013-08-07 Thread Yair Zaslavsky



- Original Message -
> From: "Yair Zaslavsky" 
> To: "Dead Horse" 
> Cc: "engine-devel" 
> Sent: Wednesday, August 7, 2013 9:00:34 PM
> Subject: Re: [Engine-devel] users cannot log into userportal
> 
> 
> 
> - Original Message -
> > From: "Dead Horse" 
> > To: "Itamar Heim" 
> > Cc: "engine-devel" , "Yair Zaslavsky"
> > 
> > Sent: Wednesday, August 7, 2013 6:14:02 PM
> > Subject: Re: [Engine-devel] users cannot log into userportal
> > 
> > BZ994604 (https://bugzilla.redhat.com/show_bug.cgi?id=994604) has been
> > opened.
> > - DHC
> 
> Thanks for your help DHC,
> This was already fixed by rnori.

Of course "already fixed" comparing with current time. This was indeed a real 
issue.

> 
> > 
> > 
> > On Wed, Aug 7, 2013 at 5:35 AM, Itamar Heim  wrote:
> > 
> > > On 08/07/2013 12:10 AM, Dead Horse wrote:
> > >
> > >> I have found some steps to reproduce this easily.
> > >>
> > >> Start the engine bound to an AD for authentication
> > >> log in to the user portal as an AD user which has been granted a Role (I
> > >> used PowerUserRole)
> > >>
> > >> Result: Login will succeed
> > >> Data from engine.log:
> > >> 2013-08-06 15:54:10,088 INFO
> > >> [org.ovirt.engine.core.bll.**LoginUserCommand] (ajp--127.0.0.1-8702-10)
> > >> Running command: LoginUserCommand internal: false.
> > >> 2013-08-06 15:54:10,139 INFO
> > >> [org.ovirt.engine.core.dal.**dbbroker.auditloghandling.**
> > >> AuditLogDirector]
> > >> (ajp--127.0.0.1-8702-10) Correlation ID: 23c4709, Call Stack: null,
> > >> Custom Event ID: -1, Message: User ovirttest logged in.
> > >>
> > >> log out of the user portal
> > >> Result: log out succeeds
> > >> Data from engine.log:
> > >> 2013-08-06 15:54:12,448 INFO
> > >> [org.ovirt.engine.core.bll.**LogoutUserCommand] (ajp--127.0.0.1-8702-2)
> > >> Running command: LogoutUserCommand internal: false.
> > >> 2013-08-06 15:54:12,474 INFO
> > >> [org.ovirt.engine.core.dal.**dbbroker.auditloghandling.**
> > >> AuditLogDirector]
> > >> (ajp--127.0.0.1-8702-2) Correlation ID: 52a89e7d, Call Stack: null,
> > >> Custom Event ID: -1, Message: User ovirttest logged out.
> > >>
> > >> As the same user log in to the user portal again but this purposely
> > >> input the wrong password.
> > >> Result: log in will fail
> > >> Data from engine.log:
> > >> 2013-08-06 15:54:20,830 ERROR
> > >> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication**
> > >> Strategy]
> > >> (ajp--127.0.0.1-8702-7) Kerberos error: Pre-authentication information
> > >> was invalid (24)
> > >> 2013-08-06 15:54:20,832 ERROR
> > >> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication**
> > >> Strategy]
> > >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the
> > >> username and password.
> > >> 2013-08-06 15:54:20,843 ERROR
> > >> [org.ovirt.engine.core.bll.**adbroker.DirectorySearcher]
> > >> (ajp--127.0.0.1-8702-7) Failed ldap search server
> > >> LDAP://foodc02.foo.test.com:**389  <
> > >> http://foodc02.foo.test.com:**389 >
> > >> using
> > >> user ovirtt...@foo.test.com  due to
> > >>
> > >> Authentication Failed. Please verify the username and password.. We
> > >> should not try the next server
> > >> 2013-08-06 15:54:20,850 ERROR
> > >> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication**
> > >> Strategy]
> > >> (ajp--127.0.0.1-8702-7) Kerberos error: Pre-authentication information
> > >> was invalid (24)
> > >> 2013-08-06 15:54:20,851 ERROR
> > >> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication**
> > >> Strategy]
> > >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the
> > >> username and password.
> > >> 2013-08-06 15:54:20,852 ERROR
> > >> [org.ovirt.engine.core.bll.**adbroker.DirectorySearcher]
> > >> (ajp--127.0.0.1-8702-7) Failed ldap search server
> > >> LDAP://foodc01.foo.test.com:**389  <
> > >> http://foodc01.foo.test.com:**389 >
> > >> using
> > >> user ovirtt...@foo.test.com  due to
> > >>
> > >> Authentication Failed. Please verify the username and password.. We
> > >> should not try the next server
> > >> 2013-08-06 15:54:20,853 ERROR
> > >> [org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand]
> > >> (ajp--127.0.0.1-8702-7) Failed authenticating user: ovirttest to domain
> > >> gso.med.ge.com . Ldap Query Type is getUserByName
> > >>
> > >> 2013-08-06 15:54:20,854 ERROR
> > >> [org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand]
> > >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the
> > >> username and password.
> > >> 2013-08-06 15:54:20,855 ERROR
> > >> [org.ovirt.engine.core.bll.**LoginUserCommand] (ajp--127.0.0.1-8702-7)
> > >> USER_FAILED_TO_AUTHENTICATE_**WRONG_USERNAME_OR_PASSWORD : ovirttest
> > >> 2013-08-06 15:54:20,856 WARN
> >

Re: [Engine-devel] users cannot log into userportal

2013-08-07 Thread Dead Horse

I see the fix in Gerrit/GIT. Thanks guys! I will test and update results
tomorrow morning.
- DHC


On Wed, Aug 7, 2013 at 1:01 PM, Yair Zaslavsky  wrote:

>
>
> - Original Message -
> > From: "Yair Zaslavsky" 
> > To: "Dead Horse" 
> > Cc: "engine-devel" 
> > Sent: Wednesday, August 7, 2013 9:00:34 PM
> > Subject: Re: [Engine-devel] users cannot log into userportal
> >
> >
> >
> > - Original Message -
> > > From: "Dead Horse" 
> > > To: "Itamar Heim" 
> > > Cc: "engine-devel" , "Yair Zaslavsky"
> > > 
> > > Sent: Wednesday, August 7, 2013 6:14:02 PM
> > > Subject: Re: [Engine-devel] users cannot log into userportal
> > >
> > > BZ994604 (https://bugzilla.redhat.com/show_bug.cgi?id=994604) has been
> > > opened.
> > > - DHC
> >
> > Thanks for your help DHC,
> > This was already fixed by rnori.
>
> Of course "already fixed" comparing with current time. This was indeed a
> real issue.
>
> >
> > >
> > >
> > > On Wed, Aug 7, 2013 at 5:35 AM, Itamar Heim  wrote:
> > >
> > > > On 08/07/2013 12:10 AM, Dead Horse wrote:
> > > >
> > > >> I have found some steps to reproduce this easily.
> > > >>
> > > >> Start the engine bound to an AD for authentication
> > > >> log in to the user portal as an AD user which has been granted a
> Role (I
> > > >> used PowerUserRole)
> > > >>
> > > >> Result: Login will succeed
> > > >> Data from engine.log:
> > > >> 2013-08-06 15:54:10,088 INFO
> > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> (ajp--127.0.0.1-8702-10)
> > > >> Running command: LoginUserCommand internal: false.
> > > >> 2013-08-06 15:54:10,139 INFO
> > > >> [org.ovirt.engine.core.dal.**dbbroker.auditloghandling.**
> > > >> AuditLogDirector]
> > > >> (ajp--127.0.0.1-8702-10) Correlation ID: 23c4709, Call Stack: null,
> > > >> Custom Event ID: -1, Message: User ovirttest logged in.
> > > >>
> > > >> log out of the user portal
> > > >> Result: log out succeeds
> > > >> Data from engine.log:
> > > >> 2013-08-06 15:54:12,448 INFO
> > > >> [org.ovirt.engine.core.bll.**LogoutUserCommand]
> (ajp--127.0.0.1-8702-2)
> > > >> Running command: LogoutUserCommand internal: false.
> > > >> 2013-08-06 15:54:12,474 INFO
> > > >> [org.ovirt.engine.core.dal.**dbbroker.auditloghandling.**
> > > >> AuditLogDirector]
> > > >> (ajp--127.0.0.1-8702-2) Correlation ID: 52a89e7d, Call Stack: null,
> > > >> Custom Event ID: -1, Message: User ovirttest logged out.
> > > >>
> > > >> As the same user log in to the user portal again but this purposely
> > > >> input the wrong password.
> > > >> Result: log in will fail
> > > >> Data from engine.log:
> > > >> 2013-08-06 15:54:20,830 ERROR
> > > >>
> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication**
> > > >> Strategy]
> > > >> (ajp--127.0.0.1-8702-7) Kerberos error: Pre-authentication
> information
> > > >> was invalid (24)
> > > >> 2013-08-06 15:54:20,832 ERROR
> > > >>
> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication**
> > > >> Strategy]
> > > >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the
> > > >> username and password.
> > > >> 2013-08-06 15:54:20,843 ERROR
> > > >> [org.ovirt.engine.core.bll.**adbroker.DirectorySearcher]
> > > >> (ajp--127.0.0.1-8702-7) Failed ldap search server
> > > >> LDAP://foodc02.foo.test.com:**389 
> <
> > > >> http://foodc02.foo.test.com:**389  >>
> > > >> using
> > > >> user ovirtt...@foo.test.com  due
> to
> > > >>
> > > >> Authentication Failed. Please verify the username and password.. We
> > > >> should not try the next server
> > > >> 2013-08-06 15:54:20,850 ERROR
> > > >>
> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication**
> > > >> Strategy]
> > > >> (ajp--127.0.0.1-8702-7) Kerberos error: Pre-authentication
> information
> > > >> was invalid (24)
> > > >> 2013-08-06 15:54:20,851 ERROR
> > > >>
> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication**
> > > >> Strategy]
> > > >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the
> > > >> username and password.
> > > >> 2013-08-06 15:54:20,852 ERROR
> > > >> [org.ovirt.engine.core.bll.**adbroker.DirectorySearcher]
> > > >> (ajp--127.0.0.1-8702-7) Failed ldap search server
> > > >> LDAP://foodc01.foo.test.com:**389 
> <
> > > >> http://foodc01.foo.test.com:**389  >>
> > > >> using
> > > >> user ovirtt...@foo.test.com  due
> to
> > > >>
> > > >> Authentication Failed. Please verify the username and password.. We
> > > >> should not try the next server
> > > >> 2013-08-06 15:54:20,853 ERROR
> > > >> [org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand]
> > > >> (ajp--127.0.0.1-8702-7) Failed authenticating user: ovirttest to
> domain
> > > >> gso.med.ge.com . Ldap Query Type is
> getUserByName
> > > >>
> > > >> 2013-08-06 15:54:20,854 ERROR
>

Re: [Engine-devel] open-ovf

2013-08-07 Thread Keith Robertson


On 08/07/2013 03:28 AM, Yedidyah Bar David wrote:

Hi all,

While reviewing a change to allow using an ovf image in hosted-engine, I
searched and found that there is a project called "open-ovf". It's a
python library to work with ovf images.

Using it might make sense in hosted engine and image-uploader, perhaps
other places.

Did we ever discuss using it? Are there any obvious obstacles?

I have never used it though and it doesn't look very active.

What I did in the Image Uploader was generate Python bindings from the 
OVF XSD using GenerateDS.  GenerateDS has a fairly active community and 
a wildly helpful maintainer.


The Python binder is similar to the Java binder (JAXB).  You feed it an 
XML schema and it will generate bindings that enable you to marshal XML 
into objects vice-versa.  There is no need to muck around with LXML and 
ugly looping which is typical for XML parsers. You work with nice clean 
objects.


My recommendation would be to create an oVirt OVF library which is based 
off bindings from GenerateDS.  You implement the methods that make sense 
to oVirt and skip the *very* large subset of the OVF standard that is 
not applicable to oVirt OVF images.  Such a library could be used by the 
Image Uploader and any other components that require OVF processing 
capabilities.


I would be happy to work with you on abstracting the binder away from 
the Image Uploader so that it could be re-used in other components if 
you are interested.


Keith



Best regards,


___
Engine-devel mailing list
Engine-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel

[Engine-devel] does now engine support join vm to AD

2013-08-07 Thread bigclouds

 hi,all
does now engine support join vm to AD?
on UI there is a configuration option for windows domain, how to use it?

thanks.
___
Engine-devel mailing list
Engine-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel

Re: [Engine-devel] does now engine support join vm to AD

2013-08-07 Thread Omer Frenkel

- Original Message -

> From: "bigclouds" 
> To: "engine-devel" 
> Sent: Thursday, August 8, 2013 3:36:35 AM
> Subject: [Engine-devel] does now engine support join vm to AD

> hi,all
> does now engine support join vm to AD?
> on UI there is a configuration option for windows domain, how to use it?

when creating template with windows os, you need to 'seal' it somehow for 
sysprep, 
then you need to set the domain when creating vm from the template 
(also you can set the windows domain on the template to be set by default to 
vms created for it) 
and when you run the vm for the first time, the windows sysprep takes place and 
the domain should be set there. 
make sure to select the right os on the template/vm since the sysprep is 
different between windows versions. 

for linux im not sure, it might be possible with cloud init, with user-scripts, 
once we have this option (currently not implemented) 

> thanks.

> ___
> Engine-devel mailing list
> Engine-devel@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel
___
Engine-devel mailing list
Engine-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel

[Engine-devel] open-ovf

[Engine-devel] ovirt 3.3 RC packages

Re: [Engine-devel] ovirt 3.3 RC packages

Re: [Engine-devel] [vdsm] How to handle qemu 1.3 dep for Gluster Storage Domain

Re: [Engine-devel] users cannot log into userportal

Re: [Engine-devel] Dynamic resource loading in GWT

Re: [Engine-devel] cannot login after re-deploying development environment

Re: [Engine-devel] Dynamic resource loading in GWT

Re: [Engine-devel] Dynamic resource loading in GWT

Re: [Engine-devel] Dynamic resource loading in GWT

Re: [Engine-devel] Dynamic resource loading in GWT

Re: [Engine-devel] Dynamic resource loading in GWT

[Engine-devel] InitBackendServicesOnStartupBean create

Re: [Engine-devel] users cannot log into userportal

Re: [Engine-devel] InitBackendServicesOnStartupBean create

Re: [Engine-devel] users cannot log into userportal

Re: [Engine-devel] users cannot log into userportal

Re: [Engine-devel] users cannot log into userportal

Re: [Engine-devel] open-ovf

[Engine-devel] does now engine support join vm to AD

Re: [Engine-devel] does now engine support join vm to AD

21 matches

Site Navigation

Mail list logo

Footer information