[one-users] LDAP SSL configuration bug
Hi, I've been wrestling with getting LDAP authentication work with opennebula for a while now, the main difficulty being our ldap server only supports TLS/SSL. I've been setting the line in /etc/one/ldap/ldap_auth.conf :auth_method: :simple_tls like the instructions at http://www.opennebula.org/documentation:rel3.4:ldap suggest to do, but it still didn't seem to be communicating via TLS/SSL correctly. After much code diving I see that inside if Net-LDAP it's not the authentication variable that needs that needs to be set, but rather the encryption option needs to get set to :simple_tls for TLS/SSL to work. I managed to get it working by changing my /etc/one/ldap/ldap_auth.conf to :auth_method: :simple :encryption: :simple_tls And then modifying /usr/lib/one/ruby/ldap_auth.rb adding in the line ops[:encryption]=@options[:encryption] if @options[:encryption] in the initialize method just before the creation of the Net::LDAP object. Is it possible to get the code fixed and the documentation updated (assuming the above is all correct?) Regards, Graeme ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] Self Service Portal and Predefined Disk images
Hi, I'm currently evaluating using the opennebula 3.2 self service portal to allow end users to create/start/run their own vms, but I noticed that at the moment the only way for a new user to create a new virtual disk image is to upload their own image via their browser. Currently on the command line we can get them to create a new virtual disk using a disk image template similar to something like NAME = gg-devel PATH = /var/lib/one/importimages/centos6blank.img PUBLIC= NO DESCRIPTION = ggillies centos 6 devel vm PERSISTENT= YES Where /var/lib/one/importimages contains a bunch of different image files we have created for people to import/use. Is there a possibility that the self service portal could be altered so that either we could provide users the option of a filled in dropdown box of disk images from a defined directory to use, and also have the possibility to disable uploading disk images by the browser altogether (perhaps by turning off a plugin the yaml?). Perhaps even just an option to enter in a local path to use as the PATH element for the disk image might be sufficient if a populated drop down can't be made. I'm curious what other people think, or have done something similar. Regards, Graeme ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] quota module throws error on image creation with opennebula 3.2
Hi, I have enabled/attempting to use the quota module in opennebula 3.2 on a RHEL 6 machine which has ruby-1.8.7.352-3.el6.x86_64, and everything works fine except for when I try to create a new image, It gives me a permission denied error, with the following error in the log Mon Jan 23 10:28:54 2012 [AuM][D]: Message received: LOG I 4 /usr/lib/one/ruby/quota.rb:85:in `round': wrong number of arguments (1 for 0) (ArgumentError) Mon Jan 23 10:28:54 2012 [AuM][I]: /usr/lib/one/ruby/quota.rb:85:in `round': wrong number of arguments (1 for 0) (ArgumentError) Mon Jan 23 10:28:54 2012 [AuM][D]: Message received: LOG I 4 from /usr/lib/one/ruby/quota.rb:85 Mon Jan 23 10:28:54 2012 [AuM][I]: from /usr/lib/one/ruby/quota.rb:85 Mon Jan 23 10:28:54 2012 [AuM][D]: Message received: LOG I 4 from /usr/lib/one/ruby/quota.rb:348:in `call' Mon Jan 23 10:28:54 2012 [AuM][I]: from /usr/lib/one/ruby/quota.rb:348:in `call' Mon Jan 23 10:28:54 2012 [AuM][D]: Message received: LOG I 4 from /usr/lib/one/ruby/quota.rb:348:in `get_resources' Mon Jan 23 10:28:54 2012 [AuM][I]: from /usr/lib/one/ruby/quota.rb:348:in `get_resources' Mon Jan 23 10:28:54 2012 [AuM][D]: Message received: LOG I 4 from /usr/lib/one/ruby/quota.rb:347:in `each' Mon Jan 23 10:28:54 2012 [AuM][I]: from /usr/lib/one/ruby/quota.rb:347:in `each' Mon Jan 23 10:28:54 2012 [AuM][D]: Message received: LOG I 4 from /usr/lib/one/ruby/quota.rb:347:in `get_resources' Mon Jan 23 10:28:54 2012 [AuM][I]: from /usr/lib/one/ruby/quota.rb:347:in `get_resources' Mon Jan 23 10:28:54 2012 [AuM][D]: Message received: LOG I 4 from /usr/lib/one/ruby/quota.rb:241:in `check_quotas' Mon Jan 23 10:28:54 2012 [AuM][I]: from /usr/lib/one/ruby/quota.rb:241:in `check_quotas' Mon Jan 23 10:28:54 2012 [AuM][D]: Message received: LOG I 4 from /usr/lib/one/ruby/quota.rb:237:in `authorize' Mon Jan 23 10:28:54 2012 [AuM][I]: from /usr/lib/one/ruby/quota.rb:237:in `authorize' Mon Jan 23 10:28:54 2012 [AuM][D]: Message received: LOG I 4 from /var/lib/one/remotes/auth/quota/authorize:58 Mon Jan 23 10:28:54 2012 [AuM][I]: from /var/lib/one/remotes/auth/quota/authorize:58 Mon Jan 23 10:28:54 2012 [AuM][D]: Message received: LOG I 4 from /var/lib/one/remotes/auth/quota/authorize:52:in `each' Mon Jan 23 10:28:54 2012 [AuM][I]: from /var/lib/one/remotes/auth/quota/authorize:52:in `each' Mon Jan 23 10:28:54 2012 [AuM][D]: Message received: LOG I 4 from /var/lib/one/remotes/auth/quota/authorize:52 Mon Jan 23 10:28:54 2012 [AuM][I]: from /var/lib/one/remotes/auth/quota/authorize:52 Mon Jan 23 10:28:54 2012 [AuM][D]: Message received: LOG I 4 ExitCode: 1 Mon Jan 23 10:28:54 2012 [AuM][I]: ExitCode: 1 Mon Jan 23 10:28:54 2012 [AuM][D]: Message received: AUTHORIZE FAILURE 4 - Mon Jan 23 10:28:54 2012 [AuM][E]: Auth Error: Mon Jan 23 10:28:54 2012 [ReM][E]: [ImageAllocate] User [1] not authorized to perform action on image. Having a quick poke around the internet it looks like the problem is ruby 1.8 round function doesn't take any arguments (but it does in 1.9 and above). I'm assuming this is an easy fix for someone to change line 85 of /usr/lib/one/ruby/quota.rb to be 1.8 compatible? Regards, Graeme ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] Source RPMS?
Hi, I am currently looking at deploying opennebula 3.2 to my environment, however, I want to do some patching to the source rpm with some local changes before rebuilding and deploying. I've looked everywhere high and low, and I can't seem to find the SRPMs for opennebula anywhere? Is there an easy place to find them (in particular, for the Centos 6 3.2 release). If someone can point out a link the SRPMS for me it would be much appreciated. Regards, Graeme ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Error from quota module when trying to create a vm or instantiate a template
Hi, I've done some more investigating and I've got a handle on what the problem is. My VM templates don't define a CPU attribute (as I'm just letting it use the default values) and therefore the code errors out trying to get a CPU value from my vm template which don't have one. This sounds like a bug to me, I'm assuming I should file it at dev.opennebula.org? Regards, Graeme On Mon, Dec 5, 2011 at 3:36 PM, Graeme Gillies graeme.r.gill...@gmail.com wrote: Hi, I have enabled the quota module on my opennebula 3 installation and now whenever I try and create a vm image, either from a template or file from disk, I get the quota module denying me. I have checked the quota limits for the user are ok. Running the command from the oned.log with ruby debug gives the following error message /var/lib/one/remotes/auth/quota/authorize:38: warning: ambiguous first argument; put parentheses or even spaces /var/lib/one/remotes/auth/quota/authorize:57: warning: ambiguous first argument; put parentheses or even spaces Exception `LoadError' at /usr/lib/ruby/site_ruby/1.8/rubygems.rb:1113 - no such file to load -- rubygems/defaults/operating_system Exception `LoadError' at /usr/lib/ruby/site_ruby/1.8/rubygems/config_file.rb:50 - no such file to load -- Win32API Exception `NoMethodError' at /usr/lib/ruby/1.8/rational.rb:78 - undefined method `gcd' for Rational(1, 2):Rational Exception `LoadError' at /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31 - no such file to load -- nokogiri Exception `LoadError' at /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31 - no such file to load -- xmlparser Exception `LoadError' at /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:38 - no such file to load -- xmlparser Exception `LoadError' at /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31 - no such file to load -- sequel /usr/lib/ruby/gems/1.8/gems/sequel-3.29.0/lib/sequel/model/base.rb:817: warning: `*' interpreted as argument prefix /usr/lib/ruby/gems/1.8/gems/sequel-3.29.0/lib/sequel/model/base.rb:631: warning: instance variable @dataset not initialized /usr/lib/ruby/gems/1.8/gems/sequel-3.29.0/lib/sequel/model/base.rb:631: warning: instance variable @dataset not initialized Exception `LoadError' at /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31 - no such file to load -- sqlite3 Exception `LoadError' at /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31 - no such file to load -- sqlite3/1.8/sqlite3_native Exception `LoadError' at /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:38 - no such file to load -- sqlite3/1.8/sqlite3_native Exception `SQLite3::SQLException' at /usr/lib/ruby/gems/1.8/gems/sqlite3-1.3.3/lib/sqlite3/database.rb:91 - index quotas_uid_index already exists Exception `Sequel::DatabaseError' at /usr/lib/ruby/gems/1.8/gems/sequel-3.29.0/lib/sequel/database/misc.rb:254 - SQLite3::SQLException: index quotas_uid_index already exists Exception `SQLite3::SQLException' at /usr/lib/ruby/gems/1.8/gems/sqlite3-1.3.3/lib/sqlite3/database.rb:91 - index usage_uid_index already exists Exception `Sequel::DatabaseError' at /usr/lib/ruby/gems/1.8/gems/sequel-3.29.0/lib/sequel/database/misc.rb:254 - SQLite3::SQLException: index usage_uid_index already exists /usr/lib/ruby/gems/1.8/gems/sequel-3.29.0/lib/sequel/dataset/actions.rb:130: warning: instance variable @row_proc not initialized /usr/lib/ruby/gems/1.8/gems/sequel-3.29.0/lib/sequel/dataset/actions.rb:130: warning: instance variable @row_proc not initialized Exception `TypeError' at /usr/lib/one/ruby/quota.rb:199 - can't convert nil into Float /usr/lib/one/ruby/quota.rb:199:in `Float': can't convert nil into Float (TypeError) from /usr/lib/one/ruby/quota.rb:199:in `send' from /usr/lib/one/ruby/quota.rb:199:in `check_quotas' from /usr/lib/one/ruby/quota.rb:194:in `each' from /usr/lib/one/ruby/quota.rb:194:in `check_quotas' from /usr/lib/one/ruby/quota.rb:184:in `authorize' from /var/lib/one/remotes/auth/quota/authorize:53 from /var/lib/one/remotes/auth/quota/authorize:52:in `each' from /var/lib/one/remotes/auth/quota/authorize:52 output for onequota show 1 uid cpu memory num_vms storage 1 0/3 5120/10240 4/10 0/20480 Any help would be much appreciated. Regards, Graeme ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] VMs instantiated from template have incorrect name?
Hi, I currently have a vm template in onetemplate that looks like the following TEMPLATE 0 INFORMATION ID : 0 NAME : gg-devel USER : ggillies GROUP : users REGISTER TIME : 12/02 14:43:50 PUBLIC : No TEMPLATE CONTENTS CPU=1 DISK=[ BUS=virtio, DRIVER=raw, IMAGE_ID=4, TARGET=vda, TYPE=DISK ] DISK=[ BUS=virtio, SIZE=1024, TARGET=vdb, TYPE=SWAP ] GRAPHICS=[ LISTEN=0.0.0.0, TYPE=vnc ] MEMORY=512 NAME=gg-devel NIC=[ NETWORK_ID=0 ] OS=[ ARCH=x86_64, BOOT=hd ] TEMPLATE_ID=0 You can see in the template the name of the vm is gg-devel. However, when I use onetemplate instantiate 0 And look at the running vm the name is just the generic one-XX ID USER GROUPNAME STAT CPU MEMHOSTNAME TIME 43 ggillies usersone-43 runn 15512M virt-02-cloud.l 00 00:03:25 Is this a bug or intended? I'd like to be able to add vm templates into the library and when they are instantiated have the correct name from the template. I understand that people might be able to instantiate multiple instances of a template, but in that cause, shouldn't every instance after the first have a number appended? In my use case, the disk images are marked as persistent so people won't be able to instantiate more than 1 instance at a time. Any clarification would be much appreciated. Regards, Graeme ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] Any way to force a recalculate of image size and quota use?
Hi, I recently upgraded our opennebula environment to 3.0 and as part of that move I switched from sqlite to mysql database, forcing me to basically start again and re-import all our images, vms, templates, networks etc. I did most the work as the oneadmin user, for example, importing all users images, then used oneimage chown $imageid $username users to give the images back to the original owner. This has all seemed to go fine, however, during the import I noticed a couple of the bigger images have had their size reported incorrectly in opennebula ID USER GROUPNAMESIZE TYPE REGTIME PUB PER STAT RVMS 14 hidden usershidden-storage 14.6G DB 12/04 09:55:48 No Yes used 1 IMAGE 14 INFORMATION ID : 14 NAME : hidden-storage USER : hiden GROUP : users TYPE : DATABLOCK REGISTER TIME : 12/04 09:55:48 PUBLIC : No PERSISTENT : Yes SOURCE : /var/lib/one/images/1e5164009f66cb87de73b6f4c29c9317 SIZE : 14903 STATE : used RUNNING_VMS: 1 but the size of that disk is much larger ls -lah /var/lib/one/images/1e5164009f66cb87de73b6f4c29c9317 -rw-rw 1 oneadmin oneadmin 49G Dec 4 20:26 /var/lib/one/images/1e5164009f66cb87de73b6f4c29c9317 Is there anyway (either through the tools, or someone just writing a ruby script using the opennebula libraries) to make opennebula go through each image in the database and confirm the size is correct to what is on disk? To solve these discrepancies. Also, I enabled the quota module for my installation, and restarted oned. When I do onequota show $userid It gives me uid cpu memory num_vms storage 6 0/3 0/4096 0/3 0/20480 Even though the user does indeed have vms running (and disk images used). Can a similar thing be done as above, and force oneauth to recalculate the quota usage for everyone? Regards, Graeme ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] Error from quota module when trying to create a vm or instantiate a template
Hi, I have enabled the quota module on my opennebula 3 installation and now whenever I try and create a vm image, either from a template or file from disk, I get the quota module denying me. I have checked the quota limits for the user are ok. Running the command from the oned.log with ruby debug gives the following error message /var/lib/one/remotes/auth/quota/authorize:38: warning: ambiguous first argument; put parentheses or even spaces /var/lib/one/remotes/auth/quota/authorize:57: warning: ambiguous first argument; put parentheses or even spaces Exception `LoadError' at /usr/lib/ruby/site_ruby/1.8/rubygems.rb:1113 - no such file to load -- rubygems/defaults/operating_system Exception `LoadError' at /usr/lib/ruby/site_ruby/1.8/rubygems/config_file.rb:50 - no such file to load -- Win32API Exception `NoMethodError' at /usr/lib/ruby/1.8/rational.rb:78 - undefined method `gcd' for Rational(1, 2):Rational Exception `LoadError' at /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31 - no such file to load -- nokogiri Exception `LoadError' at /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31 - no such file to load -- xmlparser Exception `LoadError' at /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:38 - no such file to load -- xmlparser Exception `LoadError' at /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31 - no such file to load -- sequel /usr/lib/ruby/gems/1.8/gems/sequel-3.29.0/lib/sequel/model/base.rb:817: warning: `*' interpreted as argument prefix /usr/lib/ruby/gems/1.8/gems/sequel-3.29.0/lib/sequel/model/base.rb:631: warning: instance variable @dataset not initialized /usr/lib/ruby/gems/1.8/gems/sequel-3.29.0/lib/sequel/model/base.rb:631: warning: instance variable @dataset not initialized Exception `LoadError' at /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31 - no such file to load -- sqlite3 Exception `LoadError' at /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31 - no such file to load -- sqlite3/1.8/sqlite3_native Exception `LoadError' at /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:38 - no such file to load -- sqlite3/1.8/sqlite3_native Exception `SQLite3::SQLException' at /usr/lib/ruby/gems/1.8/gems/sqlite3-1.3.3/lib/sqlite3/database.rb:91 - index quotas_uid_index already exists Exception `Sequel::DatabaseError' at /usr/lib/ruby/gems/1.8/gems/sequel-3.29.0/lib/sequel/database/misc.rb:254 - SQLite3::SQLException: index quotas_uid_index already exists Exception `SQLite3::SQLException' at /usr/lib/ruby/gems/1.8/gems/sqlite3-1.3.3/lib/sqlite3/database.rb:91 - index usage_uid_index already exists Exception `Sequel::DatabaseError' at /usr/lib/ruby/gems/1.8/gems/sequel-3.29.0/lib/sequel/database/misc.rb:254 - SQLite3::SQLException: index usage_uid_index already exists /usr/lib/ruby/gems/1.8/gems/sequel-3.29.0/lib/sequel/dataset/actions.rb:130: warning: instance variable @row_proc not initialized /usr/lib/ruby/gems/1.8/gems/sequel-3.29.0/lib/sequel/dataset/actions.rb:130: warning: instance variable @row_proc not initialized Exception `TypeError' at /usr/lib/one/ruby/quota.rb:199 - can't convert nil into Float /usr/lib/one/ruby/quota.rb:199:in `Float': can't convert nil into Float (TypeError) from /usr/lib/one/ruby/quota.rb:199:in `send' from /usr/lib/one/ruby/quota.rb:199:in `check_quotas' from /usr/lib/one/ruby/quota.rb:194:in `each' from /usr/lib/one/ruby/quota.rb:194:in `check_quotas' from /usr/lib/one/ruby/quota.rb:184:in `authorize' from /var/lib/one/remotes/auth/quota/authorize:53 from /var/lib/one/remotes/auth/quota/authorize:52:in `each' from /var/lib/one/remotes/auth/quota/authorize:52 output for onequota show 1 uid cpu memory num_vms storage 1 0/3 5120/10240 4/10 0/20480 Any help would be much appreciated. Regards, Graeme ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] Dummy Authentication driver available (for Kerberos authentication and others)?
Hi, I am currently evaluating Opennebula 3.0 for use within our organization, and one of our security requirements is that all our systems use Kerberos authentication where possible. I my current deployment scenario, users will be interacting with opennebula via sunstone. I see that currently sunstone supports normal form based authentication, and x509 authentication where you rely on apache/lighthttpd/whatever in front of sunstone to actually authenticate the user (in this case via 2 way SSL auth) and then sunstone just accepts the user as authenticated. What I'd like to do, is use apache with mod_auth_kerb to authenticate users in apache via kerberos, and then have sunstone accept the user as authenticated from apache (similar to how the x509 auth works). Mod_auth_kerb simply sets the CGI value of REMOTE_USER to the authenticated user once authentication is complete, and I'm wondering if there is some sort of dummy auth module for sunstone that simply takes the user as supplied via a header or CGI variable and uses it, trusting the layer in front of it to authenticate the user correctly. If not, is this something worth me lodging a feature request for? Or lodging a feature request to have Kerberos/GSSAPI authentication implemented across opennebula in general? Regards, Graeme ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org