[ovirt-users] [QE][ACTION REQUIRED] oVirt 3.5.0 status - Go / No Go
Hi, We are supposed to start composing oVirt 3.5.0 GA (or RC3, depending on this morning Go / No go Meeting decisions) I think we can use this email for discussing / voting 3.5.0 GA release. Looking at bugzilla status, I vote no go. I also think we should move the build to Wed allowing maintainers to fix pending blockers. Maintainers: - Please be sure that 3.5 snapshot satisfy release criteria[9] - Please be sure that no pending patches are going to block the release - If any patch must block the GA release please raise the issue as soon as possible. - If any packages need a rebase please raise the issue as soon as possible. - Be aware that packages that doesn't need a rebase must be re-built with final release versioning from the RC2 tag. The bug tracker [1] shows the following proposed blockers to be reviewed: Bug ID Whiteboard Status Summary 1143042 infra POSTRepeated error "Failed to create VM external-test" when starting new VM 1143860 infra POSTMarshaling issue in fencing policy using jsonrpc 1142256 integration NEW remote engine-reports-setup does not write conf file to allow accessing reports from engine 1144079 integration ASSIGNEDlocal engine-reports-setup does not write conf file to allow accessing reports from engine The following bugs are keyworded as Regression and not marked as blockers[10] Bug ID Whiteboard Status Summary 1142709 integration NEW Trying to deploy hosted-engine via iSCSI device fails 1138144 storage NEW Failed to autorecover storage domain after unblocking connection with host 1118349 storage NEW [vdsm] Creating DataCenter 3.5 using master domain V1 fails with InquireNotSupportedError 1138314 virtNEW Fail to start vm with payload. Feature freeze is now effective, and branch has been created. All new patches must be backported to 3.5 branch too. Features completed are marked in green on Features Status Table [2] There are still 77 bugs [3] targeted to 3.5.0. Excluding node and documentation bugs we still have 53 bugs [4] targeted to 3.5.0. More in detail [5]: Whiteboard NEW ASSIGNEDPOSTTotal docs13 1 0 14 gluster 8 2 2 12 i18n0 0 1 1 infra 1 0 3 4 integration 1 2 1 4 node7 4 0 11 ppc 2 0 4 6 sla 12 0 7 19 virt3 0 3 6 Total 47 9 21 77 Maintainers / Assignee: - Please ensure that completed features are marked in green on Features Status Table [2] - If you find a blocker bug please remember to add it to the tracker [1] - Please fill release notes, the page has been created here [6] - Please review results from Third Test Day on the etherpad [7] and on the mailing lists - Please update the target to 3.5.1 or later for bugs that won't be in 3.5.0: it will ease gathering the blocking bugs for next releases. Community: - You're welcome to join us testing last release candidate or nightly builds and getting involved in oVirt Quality Assurance[8] [1] http://bugzilla.redhat.com/1073943 [2] http://goo.gl/4SuYdE [3] http://red.ht/1pVEk7H [4] http://red.ht/1zT2mSq [5] http://red.ht/1q7SqNL [6] http://www.ovirt.org/OVirt_3.5_Release_Notes [7] http://etherpad.ovirt.org/p/3.5-testday-3 [8] http://www.ovirt.org/OVirt_Quality_Assurance [9] http://www.ovirt.org/OVirt_3.5_release-management#Release_Criteria_.28WIP.29 [10] http://goo.gl/uavikG Thanks, -- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Can not configure with simple LDAP.
- Original Message - > From: "Fumihide Tani" > To: "Alon Bar-Lev" > Cc: users@ovirt.org > Sent: Monday, September 22, 2014 4:16:17 AM > Subject: Re: [ovirt-users] Can not configure with simple LDAP. > > (2014/09/22 0:16), Alon Bar-Lev wrote: > > > > - Original Message - > >> From: "Fumihide Tani" > >> To: "Alon Bar-Lev" > >> Cc: users@ovirt.org > >> Sent: Sunday, September 21, 2014 6:00:48 PM > >> Subject: Re: [ovirt-users] Can not configure with simple LDAP. > >> > >> Hi, Alon, > >> > >> Following Alon's advice, I added authz-company.properties file to the > >> configuration directory. > >> Then OpenLDAP users can searched from oVirt Web admin. and I could add > >> it's > >> users > >> to the portal successfully. > >> > >> But I have another problem. > >> These OpenLDAP users that I added can not login to ovirt web user portal. > >> > >> User Name: Fumihide (This is shown on Web Admin Portal "Users" tab as > >> "First > >> Name") > >> Password: (I specified it as OpenLDAP's userPassword for "Fumihide") > >> Domain: rxc05271.com (I selected instead of "internal") > >> > >> ? > > 1. What error do you get at ui? > > "The user name or password is incorrect." > > > > > 2. Please look at engine.log while attempting to login, if you see > > something helpful. > > 2014-09-22 09:53:27,669 INFO [org.ovirt.engine.core.bll.aaa.LoginBaseCommand] > (ajp--127.0.0.1-8702-2) Cant login user "Fumihide" with authentication > profile "rxc05271.com" because the authentication failed. > 2014-09-22 09:53:27,685 ERROR > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > (ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom Event > ID: -1, Message: User Fumihide cannot login, please verify the username and > password. > 2014-09-22 09:53:27,693 ERROR > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > (ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom Event > ID: -1, Message: User Fumihide failed to log in. > 2014-09-22 09:53:27,693 WARN [org.ovirt.engine.core.bll.aaa.LoginUserCommand] > (ajp--127.0.0.1-8702-2) CanDoAction of action LoginUser failed. > Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD > > > > > 3. Please make sure that the following is a success: > > $ ldapsearch -h -x -W -D -b > > uid= > > [root@ovirt ~]# ldapsearch -H ldapi:/// -x -W -D > "uid=tani,ou=Users,dc=rxc05271,dc=com" -b 'dc=rxc05271,dc=com' -x > '(uid=tani)' > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base with scope subtree > # filter: (uid=tani) > # requesting: ALL > # > > # tani, Users, rxc05271.com > dn: uid=tani,ou=Users,dc=rxc05271,dc=com > objectClass: inetOrgPerson > objectClass: uidObject > uid: tani > cn: Fumihide Tani > givenName: Fumihide > mail: t...@rxc05271.com > sn: Tani > userPassword:: a3VtaXRhbg== > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > [root@ovirt ~]# > > > > > 4. If working please modify > > /usr/share/ovirt-enigne/services/ovirt-enigne/ovirt-enigne.xml.in > > --- > > > > - > > - > > > > + > > + > > + > > > > --- > > Restart engine, attempt login, send me the output. > > 2014-09-22 10:03:57,517 INFO [org.ovirt.engine.core.bll.aaa.LoginBaseCommand] > (ajp--127.0.0.1-8702-7) Cant login user "Fumihide" with authentication > profile "rxc05271.com" because the authentication failed. > 2014-09-22 10:03:57,534 ERROR > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > (ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom Event > ID: -1, Message: User Fumihide cannot login, please verify the username and > password. > 2014-09-22 10:03:57,545 ERROR > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > (ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom Event > ID: -1, Message: User Fumihide failed to log in. > 2014-09-22 10:03:57,545 WARN [org.ovirt.engine.core.bll.aaa.LoginUserCommand] > (ajp--127.0.0.1-8702-7) CanDoAction of action LoginUser failed. > Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD > > (logger level is not changed to FINEST? outputs is same as above.) > I had a mistake above... the file-handler level should be set to finest. can you confirm? or best send me the engine.xml.in file and I can see what's wrong. thanks! > Thanks, > Fumihide Tani > > > >> Please advice me, it's so thanksfull. > >> > >> Fumihide Tani > >> > >> > >> (2014/09/21 17:13), Alon Bar-Lev wrote: > >>> - Original Message - > From: "Fumihide Tani" > To: "Alon Bar-Lev" > Cc: users@ovirt.org > Sent: Sunday, September 21, 2014 11:11:11 AM > Subject: Re: [ovirt-users] Can not configure with simple LDAP. > > Hi, Alon > > Very thanks for your help. > My problem was solved and the AAA is working now. > I could add LDAP user. :) > >>> G
[ovirt-users] [oVirt 3.4.3] Problem with connect VMs via RDP+Browser plug-in
Hi, like suject I have a problem with connect VM (only Windows type Desctop) I get an Error: Error connecting to Virtual Machine using RPD: DNS Lookup Failed G.Sz. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Bug: Spice port changed!!!!!
Dear David: I am trying figure it out using my way. So I used "virsh edit vm", I change the port the 5980 & 5981, but still not work!!! I found after virsh edit, there is a xml file here /etc/libvirt/qemu which I edit using "virsh edit vm". And I also run this command :"virsh define vm.xml" also not work.Can you tell me where is the file I can fixed the spice port. Sincerely yours, PaulCheung tel: 180-8882-7173 > Subject: Re: [ovirt-users] Bug: Spice port changed! > From: dj...@redhat.com > To: eq2...@msn.com > CC: users@ovirt.org > Date: Thu, 18 Sep 2014 15:27:50 +0200 > > Hi, > > 2) is not a file, it's a key in engine-config > 3) is a VDSM custom hook that needs to be in all the hypervisors in DC/Cluster > > Follow vdsm custom hook documentation (I don't have a link from top of my > head but web or ML archives will surely help). > > David > > On Thu, 2014-09-18 at 14:51 +0800, PaulCheung wrote: > > Dear David, > > > > > > Thank you for your help . Your answer is very professional. > > > > > > I still can't not find a way to stick with static port assignments > > For I don't understand you telling me , 2&3, where I can find the > > file to modify? > > > > > > > > > > > > > > > However, if you _really_ want to stick with static port assignments, > > do > > > the following: > > > 1) designate the port range so that it doesn't collide with other > > ranges > > > in use (e.g. RHEV uses 5900-6023, so 5800-5899 could be safe) > > > 2) add a custom VM properties to the engine for setting of port and > > > tls-port > > > 3) add a vdsm hook to before_vm_start directory on each host that > > will > > > add "port" and "tlsPort" parameters to the graphics element of > > libvirt > > > domain xml > > > > > > > > > > > > > > > > > Sincerely yours, > > PaulCheung > > > > > > tel: 180-8882-7173 > > > > > > > > > Subject: Re: [ovirt-users] Bug: Spice port changed! > > > From: dj...@redhat.com > > > To: eq2...@msn.com > > > CC: users@ovirt.org > > > Date: Wed, 17 Sep 2014 10:40:42 +0200 > > > > > > Hi Paul, > > > > > > This behaviour is by design. It is a bad idea to override it. A good > > > approach to your problem would be to write a launcher script that > > would: > > > 1) connect to the REST API > > > 2) get the VM connection details > > > 3) get new VM ticket > > > 4) write this info down to a temporary .vv file [3] > > > 5) launch remote-viewer > > > > > > Some info how to use REST API is described here [1] and .vv file > > format > > > is documented in virt-viewer sources [2]. Please note that [1] is a > > bit > > > outdated: > > > * you can use HTTP header "filter: true" to be able to log in as > > non-admin > > > * you only have to use password login once when you use > > > "prefer: persistent-auth" HTTP header and you send the cookie you > > got > > > in a response to first request. > > > In the future, the steps 2-4 will become a one step of getting a > > > ready-to-use .vv file from the API [3] but we aren't there yet. > > > > > > [1] > > http://www.ovirt.org/How_to_Connect_to_SPICE_Console_Without_Portal > > > [2] > > https://git.fedorahosted.org/cgit/virt-viewer.git/tree/src/virt-viewer-file.c#n30 > > > [3] https://bugzilla.redhat.com/show_bug.cgi?id=1128763 > > > > > > > > > However, if you _really_ want to stick with static port assignments, > > do > > > the following: > > > 1) designate the port range so that it doesn't collide with other > > ranges > > > in use (e.g. RHEV uses 5900-6023, so 5800-5899 could be safe) > > > 2) add a custom VM properties to the engine for setting of port and > > > tls-port > > > 3) add a vdsm hook to before_vm_start directory on each host that > > will > > > add "port" and "tlsPort" parameters to the graphics element of > > libvirt > > > domain xml > > > > > > > > > Best regards, > > > > > > David > > > > > > On St, 2014-09-17 at 10:41 +0800, PaulCheung wrote: > > > > Dear all, > > > > > > > > > > > > After shutdown the VM, then restart the VM the Vm's spice port is > > > > changed! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Because I have 10 terminal ARM-Box running spice client connected > > to > > > > the vm, but after the VM shutdown and start again, the vm not the > > one > > > > whice the one before. > > > > > > > > > > > > I wish you can let us have a option, to let the VM with a fixed > > spice > > > > port, like: > > > > vm1: spice port : 5900 tls:5901 > > > > vm2: 5902 5903 > > > > > > > > > > > > And I have another recommond: have a fuction to do that : > > > > > > > > > > > > if the vm shutdown by user, it will start the VM automatic. That > > > > means the VM can not be shutdown! > > > > > > > > > > > > > > > > > > > > > > > > > > > > I hope you can have this two fuction! That means a lot to those > > who > > > > are using Terminal box user like me. > > > > > > > > > > > > > > > > > > > > I am sorry for my poor English.
Re: [ovirt-users] Can not configure with simple LDAP.
(2014/09/22 0:16), Alon Bar-Lev wrote: - Original Message - From: "Fumihide Tani" To: "Alon Bar-Lev" Cc: users@ovirt.org Sent: Sunday, September 21, 2014 6:00:48 PM Subject: Re: [ovirt-users] Can not configure with simple LDAP. Hi, Alon, Following Alon's advice, I added authz-company.properties file to the configuration directory. Then OpenLDAP users can searched from oVirt Web admin. and I could add it's users to the portal successfully. But I have another problem. These OpenLDAP users that I added can not login to ovirt web user portal. User Name: Fumihide (This is shown on Web Admin Portal "Users" tab as "First Name") Password: (I specified it as OpenLDAP's userPassword for "Fumihide") Domain: rxc05271.com (I selected instead of "internal") ? 1. What error do you get at ui? "The user name or password is incorrect." 2. Please look at engine.log while attempting to login, if you see something helpful. 2014-09-22 09:53:27,669 INFO [org.ovirt.engine.core.bll.aaa.LoginBaseCommand] (ajp--127.0.0.1-8702-2) Cant login user "Fumihide" with authentication profile "rxc05271.com" because the authentication failed. 2014-09-22 09:53:27,685 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User Fumihide cannot login, please verify the username and password. 2014-09-22 09:53:27,693 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User Fumihide failed to log in. 2014-09-22 09:53:27,693 WARN [org.ovirt.engine.core.bll.aaa.LoginUserCommand] (ajp--127.0.0.1-8702-2) CanDoAction of action LoginUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD 3. Please make sure that the following is a success: $ ldapsearch -h -x -W -D -b uid= [root@ovirt ~]# ldapsearch -H ldapi:/// -x -W -D "uid=tani,ou=Users,dc=rxc05271,dc=com" -b 'dc=rxc05271,dc=com' -x '(uid=tani)' Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: (uid=tani) # requesting: ALL # # tani, Users, rxc05271.com dn: uid=tani,ou=Users,dc=rxc05271,dc=com objectClass: inetOrgPerson objectClass: uidObject uid: tani cn: Fumihide Tani givenName: Fumihide mail: t...@rxc05271.com sn: Tani userPassword:: a3VtaXRhbg== # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root@ovirt ~]# 4. If working please modify /usr/share/ovirt-enigne/services/ovirt-enigne/ovirt-enigne.xml.in --- - - + + + --- Restart engine, attempt login, send me the output. 2014-09-22 10:03:57,517 INFO [org.ovirt.engine.core.bll.aaa.LoginBaseCommand] (ajp--127.0.0.1-8702-7) Cant login user "Fumihide" with authentication profile "rxc05271.com" because the authentication failed. 2014-09-22 10:03:57,534 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User Fumihide cannot login, please verify the username and password. 2014-09-22 10:03:57,545 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User Fumihide failed to log in. 2014-09-22 10:03:57,545 WARN [org.ovirt.engine.core.bll.aaa.LoginUserCommand] (ajp--127.0.0.1-8702-7) CanDoAction of action LoginUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD (logger level is not changed to FINEST? outputs is same as above.) Thanks, Fumihide Tani Please advice me, it's so thanksfull. Fumihide Tani (2014/09/21 17:13), Alon Bar-Lev wrote: - Original Message - From: "Fumihide Tani" To: "Alon Bar-Lev" Cc: users@ovirt.org Sent: Sunday, September 21, 2014 11:11:11 AM Subject: Re: [ovirt-users] Can not configure with simple LDAP. Hi, Alon Very thanks for your help. My problem was solved and the AAA is working now. I could add LDAP user. :) Great. Can you please send me a patch or modified README to make it better? Alon Fumihide Tani (2014/09/21 16:19), Alon Bar-Lev wrote: - Original Message - From: "Alon Bar-Lev" To: "Fumihide Tani" Cc: users@ovirt.org Sent: Sunday, September 21, 2014 10:19:11 AM Subject: Re: [ovirt-users] Can not configure with simple LDAP. Hi, You need to create authz extension as well (authz-company). The configuration you provided is establishing authentication only (authn) which refer to authz-company but you did not add it. The terms are: 1. authn - who the user is. 2. authz - what user is permitted. 3. profile - combination of the two. - # vi /etc/ovirt-engine/extensions.d/authz-company.properties ovirt.engine.extension.name = authz-company ovirt.engine.extension.bindings.method = jb
[ovirt-users] [oVirt 3.4.3] RDP Browser plug-in - SSO
Hi. I have a little problem with log-in to Windows VMs via SSO. When connect to VM in username filed i get a example text "/user@domain" What going on wit this sign " / " -- G.Sz. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Can not configure with simple LDAP.
- Original Message - > From: "Fumihide Tani" > To: "Alon Bar-Lev" > Cc: users@ovirt.org > Sent: Sunday, September 21, 2014 6:00:48 PM > Subject: Re: [ovirt-users] Can not configure with simple LDAP. > > Hi, Alon, > > Following Alon's advice, I added authz-company.properties file to the > configuration directory. > Then OpenLDAP users can searched from oVirt Web admin. and I could add it's > users > to the portal successfully. > > But I have another problem. > These OpenLDAP users that I added can not login to ovirt web user portal. > > User Name: Fumihide (This is shown on Web Admin Portal "Users" tab as "First > Name") > Password: (I specified it as OpenLDAP's userPassword for "Fumihide") > Domain: rxc05271.com (I selected instead of "internal") > > ? 1. What error do you get at ui? 2. Please look at engine.log while attempting to login, if you see something helpful. 3. Please make sure that the following is a success: $ ldapsearch -h -x -W -D -b uid= 4. If working please modify /usr/share/ovirt-enigne/services/ovirt-enigne/ovirt-enigne.xml.in --- - - + + + --- Restart engine, attempt login, send me the output. > > Please advice me, it's so thanksfull. > > Fumihide Tani > > > (2014/09/21 17:13), Alon Bar-Lev wrote: > > > > - Original Message - > >> From: "Fumihide Tani" > >> To: "Alon Bar-Lev" > >> Cc: users@ovirt.org > >> Sent: Sunday, September 21, 2014 11:11:11 AM > >> Subject: Re: [ovirt-users] Can not configure with simple LDAP. > >> > >> Hi, Alon > >> > >> Very thanks for your help. > >> My problem was solved and the AAA is working now. > >> I could add LDAP user. :) > > Great. > > Can you please send me a patch or modified README to make it better? > > > > Alon > > > >> Fumihide Tani > >> > >> (2014/09/21 16:19), Alon Bar-Lev wrote: > >>> - Original Message - > From: "Alon Bar-Lev" > To: "Fumihide Tani" > Cc: users@ovirt.org > Sent: Sunday, September 21, 2014 10:19:11 AM > Subject: Re: [ovirt-users] Can not configure with simple LDAP. > > Hi, > > You need to create authz extension as well (authz-company). > The configuration you provided is establishing authentication only > (authn) > which refer to authz-company but you did not add it. > > The terms are: > 1. authn - who the user is. > 2. authz - what user is permitted. > 3. profile - combination of the two. > > - > # vi /etc/ovirt-engine/extensions.d/authz-company.properties > ovirt.engine.extension.name = authz-company > ovirt.engine.extension.bindings.method = jbossmodule > ovirt.engine.extension.binding.jbossmodule.module = > org.ovirt.engine-extensions.aaa.ldap > ovirt.engine.extension.binding.jbossmodule.class = > org.ovirt.engineextensions.aaa.ldap.AuthnExtension > >>> Sorry: > >>> org.ovirt.engineextensions.aaa.ldap.AuthzExtension > ovirt.engine.extension.provides = > org.ovirt.engine.api.extensions.aaa.Authz > config.profile.file.1 = /etc/ovirt-engine/aaa/rxc05271.properties > -- > > Regards, > Alon > >> > >> > > > > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Can not configure with simple LDAP.
Hi, Alon, Following Alon's advice, I added authz-company.properties file to the configuration directory. Then OpenLDAP users can searched from oVirt Web admin. and I could add it's users to the portal successfully. But I have another problem. These OpenLDAP users that I added can not login to ovirt web user portal. User Name: Fumihide (This is shown on Web Admin Portal "Users" tab as "First Name") Password: (I specified it as OpenLDAP's userPassword for "Fumihide") Domain: rxc05271.com (I selected instead of "internal") ? Please advice me, it's so thanksfull. Fumihide Tani (2014/09/21 17:13), Alon Bar-Lev wrote: - Original Message - From: "Fumihide Tani" To: "Alon Bar-Lev" Cc: users@ovirt.org Sent: Sunday, September 21, 2014 11:11:11 AM Subject: Re: [ovirt-users] Can not configure with simple LDAP. Hi, Alon Very thanks for your help. My problem was solved and the AAA is working now. I could add LDAP user. :) Great. Can you please send me a patch or modified README to make it better? Alon Fumihide Tani (2014/09/21 16:19), Alon Bar-Lev wrote: - Original Message - From: "Alon Bar-Lev" To: "Fumihide Tani" Cc: users@ovirt.org Sent: Sunday, September 21, 2014 10:19:11 AM Subject: Re: [ovirt-users] Can not configure with simple LDAP. Hi, You need to create authz extension as well (authz-company). The configuration you provided is establishing authentication only (authn) which refer to authz-company but you did not add it. The terms are: 1. authn - who the user is. 2. authz - what user is permitted. 3. profile - combination of the two. - # vi /etc/ovirt-engine/extensions.d/authz-company.properties ovirt.engine.extension.name = authz-company ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension Sorry: org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = /etc/ovirt-engine/aaa/rxc05271.properties -- Regards, Alon ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] connetcion noVNC via FireFox only?
Hi. Like subject this is only available on FireFox Browser? and as it is with Internet Explorer? -- G.Sz. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] How to disconnect hosted-engine NFS storage pool?
- Original Message - > From: "Ryan Groten" > To: users@ovirt.org > Sent: Friday, September 19, 2014 1:51:13 AM > Subject: [ovirt-users] How to disconnect hosted-engine NFS storage pool? > > > > I want to unmounted the hosted-engine NFS share without affecting all the > other running VMs on the host. When I shutdown the hosted-engine and enable > global maintenance, the storage pool is still mounted and I can’t unmount it > because the “sanlock” process is using it. > > > > Is there any way to disconnect the storage pool? There is a hosted-engine > --connect-storage option but I see nothing to disconnect it. > > > > Thanks, > > Ryan > Hi Ryan, Hosted engine does not unmount the share since there may be other VMs using it (as a general rule). However this may deserve some additional thoughts. Do you mind opening an RFE for it? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] ovirt loop delete vm which had been removed
Sep 20 16:42:56 whxg-pii-vm01 vdsm vm.Vm WARNING vmId=`ca86997d-a7b8-44df-b418-8e6d49ffebfb`::trying to set state to Powering down when already Down Sep 20 16:42:56 whxg-pii-vm01 vdsm root ERROR Removing file: /var/lib/libvirt/qemu/channels/ca86997d-a7b8-44df-b418-8e6d49ffebfb.com.redhat.rhevm.vdsm failed#012Traceback (most recent call last):#012 File "/usr/lib64/python2.6/site-packages/vdsm/utils.py", line 126, in rmFile#012 os.unlink(fileToRemove)#012OSError: [Errno 13] Permission denied: '/var/lib/libvirt/qemu/channels/ca86997d-a7b8-44df-b418-8e6d49ffebfb.com.redhat.rhevm.vdsm' Sep 20 16:42:56 whxg-pii-vm01 vdsm vds ERROR unexpected error#012Traceback (most recent call last):#012 File "/usr/share/vdsm/BindingXMLRPC.py", line 1070, in wrapper#012res = f(*args, **kwargs)#012 File "/usr/share/vdsm/BindingXMLRPC.py", line 285, in vmDestroy#012return vm.destroy()#012 File "/usr/share/vdsm/API.py", line 331, in destroy#012 res = v.destroy()#012 File "/usr/share/vdsm/vm.py", line 4697, in destroy#012response = self.releaseVm()#012 File "/usr/share/vdsm/vm.py", line 4663, in releaseVm#012self._cleanup()#012 File "/usr/share/vdsm/vm.py", line 3028, in _cleanup#012 self._cleanupGuestAgent()#012 File "/usr/share/vdsm/vm.py", line 2747, in _cleanupGuestAgent#012self._guestSockCleanup(self._guestSocketFile)#012 File "/usr/share/vdsm/vm.py", line 3020, in _guestSockCleanup#012 utils.rmFile(sock)#012 File "/usr/lib64/python2.6/site-packages/vdsm/utils.py", line 126, in rmFile#012 os.unlink(fileToRemove)#012OSError: [Errno 13] Permission denied: '/var/lib/libvirt/qemu/channels/ca86997d-a7b8-44df-b418-8e6d49ffebfb.com.redhat.rhevm.vdsm' Sep 20 16:42:59 whxg-pii-vm01 vdsm vm.Vm WARNING vmId=`ca86997d-a7b8-44df-b418-8e6d49ffebfb`::trying to set state to Powering down when already Down Sep 20 16:42:59 whxg-pii-vm01 vdsm root ERROR Removing file: /var/lib/libvirt/qemu/channels/ca86997d-a7b8-44df-b418-8e6d49ffebfb.com.redhat.rhevm.vdsm failed#012Traceback (most recent call last):#012 File "/usr/lib64/python2.6/site-packages/vdsm/utils.py", line 126, in rmFile#012 os.unlink(fileToRemove)#012OSError: [Errno 13] Permission denied: '/var/lib/libvirt/qemu/channels/ca86997d-a7b8-44df-b418-8e6d49ffebfb.com.redhat.rhevm.vdsm' Sep 20 16:42:59 whxg-pii-vm01 vdsm vds ERROR unexpected error#012Traceback (most recent call last):#012 File "/usr/share/vdsm/BindingXMLRPC.py", line 1070, in wrapper#012res = f(*args, **kwargs)#012 File "/usr/share/vdsm/BindingXMLRPC.py", line 285, in vmDestroy#012return vm.destroy()#012 File "/usr/share/vdsm/API.py", line 331, in destroy#012 res = v.destroy()#012 File "/usr/share/vdsm/vm.py", line 4697, in destroy#012response = self.releaseVm()#012 File "/usr/share/vdsm/vm.py", line 4663, in releaseVm#012self._cleanup()#012 File "/usr/share/vdsm/vm.py", line 3028, in _cleanup#012 self._cleanupGuestAgent()#012 File "/usr/share/vdsm/vm.py", line 2747, in _cleanupGuestAgent#012self._guestSockCleanup(self._guestSocketFile)#012 File "/usr/share/vdsm/vm.py", line 3020, in _guestSockCleanup#012 utils.rmFile(sock)#012 File "/usr/lib64/python2.6/site-packages/vdsm/utils.py", line 126, in rmFile#012 os.unlink(fileToRemove)#012OSError: [Errno 13] Permission denied: '/var/lib/libvirt/qemu/channels/ca86997d-a7b8-44df-b418-8e6d49ffebfb.com.redhat.rhevm.vdsm' Sep 20 16:43:02 whxg-pii-vm01 vdsm vm.Vm WARNING vmId=`ca86997d-a7b8-44df-b418-8e6d49ffebfb`::trying to set state to Powering down when already Down Sep 20 16:43:02 whxg-pii-vm01 vdsm root ERROR Removing file: /var/lib/libvirt/qemu/channels/ca86997d-a7b8-44df-b418-8e6d49ffebfb.com.redhat.rhevm.vdsm failed#012Traceback (most recent call last):#012 File "/usr/lib64/python2.6/site-packages/vdsm/utils.py", line 126, in rmFile#012 os.unlink(fileToRemove)#012OSError: [Errno 13] Permission denied: '/var/lib/libvirt/qemu/channels/ca86997d-a7b8-44df-b418-8e6d49ffebfb.com.redhat.rhevm.vdsm' Sep 20 16:43:02 whxg-pii-vm01 vdsm vds ERROR unexpected error#012Traceback (most recent call last):#012 File "/usr/share/vdsm/BindingXMLRPC.py", line 1070, in wrapper#012res = f(*args, **kwargs)#012 File "/usr/share/vdsm/BindingXMLRPC.py", line 285, in vmDestroy#012return vm.destroy()#012 File "/usr/share/vdsm/API.py", line 331, in destroy#012 res = v.destroy()#012 File "/usr/share/vdsm/vm.py", line 4697, in destroy#012response = self.releaseVm()#012 File "/usr/share/vdsm/vm.py", line 4663, in releaseVm#012self._cleanup()#012 File "/usr/share/vdsm/vm.py", line 3028, in _cleanup#012 self._cleanupGuestAgent()#012 File "/usr/share/vdsm/vm.py", line 2747, in _cleanupGuestAgent#012self._guestSockCleanup(self._guestSocketFile)#012 File "/usr/share/vdsm/vm.py", line 3020, in _guestSockCleanup#012 utils.rmFile(sock)#012 File "/usr/lib64/python2.6/site-packages/vdsm/utils.py", line 126, in rmFile#012 os.unlink(fileToRemove)#012OSError: [Errno 13] Permission denied: '/var/lib/libvirt/q
Re: [ovirt-users] Can not configure with simple LDAP.
- Original Message - > From: "Fumihide Tani" > To: "Alon Bar-Lev" > Cc: users@ovirt.org > Sent: Sunday, September 21, 2014 11:11:11 AM > Subject: Re: [ovirt-users] Can not configure with simple LDAP. > > Hi, Alon > > Very thanks for your help. > My problem was solved and the AAA is working now. > I could add LDAP user. :) Great. Can you please send me a patch or modified README to make it better? Alon > > Fumihide Tani > > (2014/09/21 16:19), Alon Bar-Lev wrote: > > > > - Original Message - > >> From: "Alon Bar-Lev" > >> To: "Fumihide Tani" > >> Cc: users@ovirt.org > >> Sent: Sunday, September 21, 2014 10:19:11 AM > >> Subject: Re: [ovirt-users] Can not configure with simple LDAP. > >> > >> Hi, > >> > >> You need to create authz extension as well (authz-company). > >> The configuration you provided is establishing authentication only (authn) > >> which refer to authz-company but you did not add it. > >> > >> The terms are: > >> 1. authn - who the user is. > >> 2. authz - what user is permitted. > >> 3. profile - combination of the two. > >> > >> - > >> # vi /etc/ovirt-engine/extensions.d/authz-company.properties > >> ovirt.engine.extension.name = authz-company > >> ovirt.engine.extension.bindings.method = jbossmodule > >> ovirt.engine.extension.binding.jbossmodule.module = > >> org.ovirt.engine-extensions.aaa.ldap > >> ovirt.engine.extension.binding.jbossmodule.class = > >> org.ovirt.engineextensions.aaa.ldap.AuthnExtension > > Sorry: > > org.ovirt.engineextensions.aaa.ldap.AuthzExtension > >> ovirt.engine.extension.provides = > >> org.ovirt.engine.api.extensions.aaa.Authz > >> config.profile.file.1 = /etc/ovirt-engine/aaa/rxc05271.properties > >> -- > >> > >> Regards, > >> Alon > > > > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Can not configure with simple LDAP.
Hi, Alon Very thanks for your help. My problem was solved and the AAA is working now. I could add LDAP user. :) Fumihide Tani (2014/09/21 16:19), Alon Bar-Lev wrote: - Original Message - From: "Alon Bar-Lev" To: "Fumihide Tani" Cc: users@ovirt.org Sent: Sunday, September 21, 2014 10:19:11 AM Subject: Re: [ovirt-users] Can not configure with simple LDAP. Hi, You need to create authz extension as well (authz-company). The configuration you provided is establishing authentication only (authn) which refer to authz-company but you did not add it. The terms are: 1. authn - who the user is. 2. authz - what user is permitted. 3. profile - combination of the two. - # vi /etc/ovirt-engine/extensions.d/authz-company.properties ovirt.engine.extension.name = authz-company ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension Sorry: org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = /etc/ovirt-engine/aaa/rxc05271.properties -- Regards, Alon ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Can not configure with simple LDAP.
- Original Message - > From: "Alon Bar-Lev" > To: "Fumihide Tani" > Cc: users@ovirt.org > Sent: Sunday, September 21, 2014 10:19:11 AM > Subject: Re: [ovirt-users] Can not configure with simple LDAP. > > Hi, > > You need to create authz extension as well (authz-company). > The configuration you provided is establishing authentication only (authn) > which refer to authz-company but you did not add it. > > The terms are: > 1. authn - who the user is. > 2. authz - what user is permitted. > 3. profile - combination of the two. > > - > # vi /etc/ovirt-engine/extensions.d/authz-company.properties > ovirt.engine.extension.name = authz-company > ovirt.engine.extension.bindings.method = jbossmodule > ovirt.engine.extension.binding.jbossmodule.module = > org.ovirt.engine-extensions.aaa.ldap > ovirt.engine.extension.binding.jbossmodule.class = > org.ovirt.engineextensions.aaa.ldap.AuthnExtension Sorry: org.ovirt.engineextensions.aaa.ldap.AuthzExtension > ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz > config.profile.file.1 = /etc/ovirt-engine/aaa/rxc05271.properties > -- > > Regards, > Alon ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Can not configure with simple LDAP.
Hi, You need to create authz extension as well (authz-company). The configuration you provided is establishing authentication only (authn) which refer to authz-company but you did not add it. The terms are: 1. authn - who the user is. 2. authz - what user is permitted. 3. profile - combination of the two. - # vi /etc/ovirt-engine/extensions.d/authz-company.properties ovirt.engine.extension.name = authz-company ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = /etc/ovirt-engine/aaa/rxc05271.properties -- Regards, Alon ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users