Re: [ovirt-users] Losing IP config on host

[David LeVene]

Hi Rein,

Not sure if you are using IPv6, but I ran into this issue it wouldn't configure 
things correctly. If I fixed it manually after a reboot it would fail again. 
There is a patch that is being released in ovirt 3.6.4 which resolves the issue 
I was having.

Your issue might be related - 
http://lists.ovirt.org/pipermail/users/2016-March/038201.html which is fixed in 
https://gerrit.ovirt.org/#/c/54237

The RH guys will generally ask for your vdsm logs and maybe supervdsm (see the 
above post for more information on where they are located). Looking in these 
logs might guide you as well.

Regards
David

-Original Message-
From: users-boun...@ovirt.org [mailto:users-boun...@ovirt.org] On Behalf Of 
Rein van Weerden
Sent: Thursday, March 24, 2016 07:16
To: users@ovirt.org
Subject: [ovirt-users] Losing IP config on host

Hi All,

When creating a new host i lose the ip configuration on the host while creating 
the interfaces.
Please advice.

Using:
oVirt engine 3.6.3.4-1 on CentOS 7
oVirt engine SDK python 3.6.3.0

->Rein.




___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
This email and any attachments may contain confidential and proprietary 
information of Blackboard that is for the sole use of the intended recipient. 
If you are not the intended recipient, disclosure, copying, re-distribution or 
other use of any of this information is strictly prohibited. Please immediately 
notify the sender and delete this transmission if you received this email in 
error.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Delete Failed to update OVF disks, OVF data isn't updated on those OVF stores (Data Center Default, Storage Domain hostedengine_nfs).

[Paul Groeneweg | Pazion]

After the 3.6 updates ( which didn't went without a hitch )

I get the following errors in my event log:

Failed to update OVF disks 18c50ea6-4654-4525-b241-09e15acf5e99, OVF data
isn't updated on those OVF stores (Data Center Default, Storage Domain
hostedengine_nfs).

VDSM command failed: Could not acquire resource. Probably resource factory
threw an exception.: ()

http://screencast.com/t/S8cfXMsdGM

When I check on file there is some data, but not updated:
http://screencast.com/t/hbXQFlou

When I check in the web interface I see 2 OVF files listed. What are these
for, can I delete them? http://screencast.com/t/ymnzsNHj7e

Hopefully someone knows what to do about these warnings/erros and whether I
can delete the OVF files.

Best Regards,
Paul Groeneweg
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Losing IP config on host

[Rein van Weerden]

Hi All,

When creating a new host i lose the ip configuration on the host while creating 
the interfaces.
Please advice.

Using:
oVirt engine 3.6.3.4-1 on CentOS 7
oVirt engine SDK python 3.6.3.0

->Rein.




___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] seria consol setup

[Fabrice Bacchella]

>> 
>> su - ovirt-vmconsole -c '/usr/libexec/ovirt-vmconsole-proxy-keys --debug
>> list'
>> ERROR: Internal error
>> 
>> --debug don't provide any help
> 
> You should find them in the journal/system logger; otherwise it is a 
> {different,new} bug.
> 

Ok, I found it in /var/log/messages :
... ovirt-vmconsole-list: ERROR main:274 Error: hostname 'localhost' doesn't 
match u'FQDN'

But why as I do have in 
/etc/ovirt-engine/ovirt-vmconsole-proxy-helper.conf.d/10-setup.conf 
ENGINE_VERIFY_HOST=False


That's the default, I didn't changed it.




___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Storage Diversity Options oVirt 3.6

[Clint Boggio]

Thank you Simone !

> On Mar 22, 2016, at 8:44 AM, Simone Tiraboschi  wrote:
> 
> 
> 
>> On Fri, Mar 18, 2016 at 5:27 PM, Clint Boggio  wrote:
>> Greetings all, and Happy Friday;
>> 
>> I'm running oVirt 3.6 management engine that is currently overseeing 4
>> compute nodes, attached to iSCSI storage over Infiniband. The compute
>> nodes have 8 hot-swap hard drive slots, with each only having 2 slots
>> occupied in a hardware RAID array level one for the hypervisor to live
>> on.
>> 
>> Would it be possible for me to set up each compute node with a second
>> array in the remaining 6 hot-swap slots, and utilize that new space for
>> a nice fault tolerant GlusterFS storage array ?
> 
> That schema is called hyper-converged.
> Please see:
> https://fosdem.org/2016/schedule/event/virt_iaas_ovirt_hyperconverge/attachments/slides/1119/export/events/attachments/virt_iaas_ovirt_hyperconverge/slides/1119/presentation_fosdem.pdf
> 
> Take care that currently it's not production ready.
>  
>> 
>> 1. Would the system allow me to add the Gluster storage to the existing
>> datacenter/cluster that is currently using iSCSI ?
>> 
>> 2. Would I be able to configure all aspects of the Gluster
>> environment(except the hardware RAID array)through the GUI ?
>> 
>> 3. What hardware RAID level would be optimal for  this configuration ?
>> (RHEV documentation says RAID 6 is "Mandatory")
>> 
>> 4. Will the system support live migration between storage domains ?
>> 
>> I'm reading through the gluster documentation now to get a better
>> understanding of it's inner workings. Is there a good source for Gluster
>> on oVirt that i can reference as well ?
>> 
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] seria consol setup

[Francesco Romani]

- Original Message -
> From: "Fabrice Bacchella" 
> To: "Francesco Romani" 
> Cc: "Yedidyah Bar David" , "users" 
> Sent: Wednesday, March 23, 2016 4:29:15 PM
> Subject: Re: [ovirt-users] seria consol setup
> 
> I'm trying, my configuration is still incomplete, I added in my httpd.conf:
> 
> 
> ServerName XXX
> DocumentRoot htdocs
> 
> RedirectMatch ^/$ /ovirt-engine/
> 
> SSLEngine on
> SSLCertificateFile /etc/pki/ovirt-engine/certs/apache.cer
> SSLCertificateKeyFile /etc/pki/ovirt-engine/keys/apache.key.nopass
> SSLCACertificateFile /etc/pki/ovirt-engine/apache-ca.pem
> 
> RequestHeader unset Expect early
> 
>  
> ^/(ovirt-engine($|/)|api($|/)|RHEVManagerWeb/|OvirtEngineWeb/|ca.crt$|engine.ssh.key.txt$|rhevm.ssh.key.txt$)>
> ProxyPassMatch ajp://127.0.0.1:8702 timeout=3600 retry=5
> 
> AddOutputFilterByType DEFLATE text/javascript text/css text/html
> text/xml text/json application/xml application/json
> application/x-yaml
> 
> 
> 
> 
> and in /etc/ovirt-engine/ovirt-vmconsole-proxy-helper.conf.d/99-my.conf
> ENGINE_BASE_URL=https://localhost:1443/ovirt-engine/
> 
> but no progress :
> 
> su - ovirt-vmconsole -c '/usr/libexec/ovirt-vmconsole-proxy-keys --debug
> list'
> ERROR: Internal error
> 
> --debug don't provide any help

You should find them in the journal/system logger; otherwise it is a 
{different,new} bug.

Bests,


-- 
Francesco Romani
RedHat Engineering Virtualization R & D
Phone: 8261328
IRC: fromani
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] [ANN] oVirt 3.6.4 Second Release Candidate is now available for testing

[Ondřej Svoboda]

Hi Sandro,

I just ran yum -y install 
http://plain.resources.ovirt.org/pub/yum-repo/ovirt-release36.rpm 
 
on my fresh EL7 (not CentOS) system.


In /etc/yum.repos.d/ovirt-3.6-dependencies.repo, there was a broken 
centos-ovirt36 source:


http://mirror.centos.org/centos/7Server/virt/x86_64/ovirt-3.6/repodata/repomd.xml 
: 
[Errno 14] HTTP Error 404 - Not Found


I had to disable this repo before I was even able to update my system.

[centos-ovirt36]
name=CentOS-$releasever - oVirt 3.6
baseurl=http://mirror.centos.org/centos/$releasever/virt/$basearch/ovirt-3.6/
gpgcheck=0
enabled=1
skip_if_unavailable = 1
keepcache = 0

Then I managed to install ovirt-engine all right, so I think the above 
repo should simply not be enabled in ovirt-release36.rpm 
.


Thanks for your reply.
Ondra

On 22.3.2016 18:28, Sandro Bonazzola wrote:
The oVirt Project is pleased to announce the availability of the 
Second Release Candidate of oVirt 3.6.4 for testing, as of March 22nd, 
2016


This release is available now for:
* Fedora 22
* Red Hat Enterprise Linux 6.7
* CentOS Linux 6.7 (or similar)
* Red Hat Enterprise Linux 7.2 or later
* CentOS Linux (or similar) 7.2 or later

This release supports Hypervisor Hosts running:
* Red Hat Enterprise Linux 7.2 or later
* CentOS Linux (or similar) 7.2 or later
* Fedora 22

This release is also available with experimental support for:
* Debian 8.3 Jessie

This release candidate includes the following updated packages:

  * ovirt-engine

  * ovirt-hosted-engine-ha


See the release notes [1] for installation / upgrade instructions and 
a list of new features and bugs fixed.


Notes:
* A new oVirt Live ISO will be available soon [2].
* Mirrors[3] might need up to one day to synchronize.

Additional Resources:
* Read more about the oVirt 3.6.3 release 
highlights:http://www.ovirt.org/release/3.6.4/

* Get more oVirt Project updates on Twitter: https://twitter.com/ovirt
* Check out the latest project news on the oVirt blog: 
http://www.ovirt.org/blog/


[1] http://www.ovirt.org/release/3.6.4/
[2] http://resources.ovirt.org/pub/ovirt-3.6-pre/iso/
[3] http://www.ovirt.org/Repository_mirrors#Current_mirrors


--
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com 


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] seria consol setup

[Fabrice Bacchella]

I'm trying, my configuration is still incomplete, I added in my httpd.conf:


ServerName XXX
DocumentRoot htdocs

RedirectMatch ^/$ /ovirt-engine/

SSLEngine on
SSLCertificateFile /etc/pki/ovirt-engine/certs/apache.cer
SSLCertificateKeyFile /etc/pki/ovirt-engine/keys/apache.key.nopass
SSLCACertificateFile /etc/pki/ovirt-engine/apache-ca.pem

RequestHeader unset Expect early


ProxyPassMatch ajp://127.0.0.1:8702 timeout=3600 retry=5

AddOutputFilterByType DEFLATE text/javascript text/css text/html 
text/xml text/json application/xml application/json application/x-yaml




and in /etc/ovirt-engine/ovirt-vmconsole-proxy-helper.conf.d/99-my.conf
ENGINE_BASE_URL=https://localhost:1443/ovirt-engine/

but no progress :

su - ovirt-vmconsole -c '/usr/libexec/ovirt-vmconsole-proxy-keys --debug list'
ERROR: Internal error

--debug don't provide any help

but 
curl -vk -XPOST https://localhost:1443/ovirt-engine/services/vmconsole-proxy
fails of course, but because the query is no good. More messages from 
ovirt-vmconsole-proxy-keys would be very helpfull.


> Le 23 mars 2016 à 13:32, Francesco Romani  a écrit :
> 
> - Original Message -
>> From: "Fabrice Bacchella" 
>> To: "Francesco Romani" 
>> Cc: "Yedidyah Bar David" , "users" 
>> Sent: Wednesday, March 23, 2016 1:21:11 PM
>> Subject: Re: [ovirt-users] seria consol setup
>> 
>> 
>>> Le 23 mars 2016 à 12:32, Francesco Romani  a écrit :
>>> 
>>> - Original Message -
 From: "Yedidyah Bar David" 
 To: "Fabrice Bacchella" , "Francesco Romani"
 
 Cc: "users" 
 Sent: Wednesday, March 23, 2016 12:28:52 PM
 Subject: Re: [ovirt-users] seria consol setup
>>> 
> I can always use puppet to modify just this line, it will be fine for me.
> 
> The point 4 in Automatic Setup is not very helpfull:
> "   • once the setup succesfully run, and once ovirt-engine is
> running,
> you can log in and register a SSH key. (TODO: add picture)"
> 
> what does it mean ?
>>> 
>>> It just means that you need to add SSH public keys for the users which want
>>> to use
>>> the serial console.
>>> 
>>> E.g. log in user portal
>>> in the top right corner there is the $user drop down menu, click on it
>>> select "options"
>>> paste public key here
>>> 
>>> HTH,
>> 
>> It tried that, I didn't work.
> 
> What didn't work? Adding the keys or -AFAIK- the full authentication?
> 
>> By digging in log and configuration, I think
>> it's because I have an Apache server in front of ovirt-engine, using a
>> specific SSO authentication module (using CAS), so the certificate-base
>> authentication is failing, if my comprehension is good. So you should add a
>> few line about that in the documentation.
> 
> Will improve in this regard
> 
>> Should I make the proxy helper
>> talks directly to tomcat by playing with ENGINE_BASE_URL in
>> /etc/ovirt-engine/ovirt-vmconsole-proxy-helper.conf.d ?
> 
> Yes, the proxy helper is supposed to talk directly with the Engine.
> 
>> There is also a small glitch in the documentation:
>> su - ovirt-vmconsole -c 'ovirt-vmconsole-proxy-keys list'
>> but it should be:
>> su - ovirt-vmconsole -c '/usr/libexec/ovirt-vmconsole-proxy-keys list'
> 
> Thanks, will fix.
> 
> Bests,
> 
> -- 
> Francesco Romani
> RedHat Engineering Virtualization R & D
> Phone: 8261328
> IRC: fromani

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] seria consol setup

[Fabrice Bacchella]

> Le 23 mars 2016 à 13:32, Francesco Romani  a écrit :
> 

>>> E.g. log in user portal
>>> in the top right corner there is the $user drop down menu, click on it
>>> select "options"
>>> paste public key here
>>> 
>>> HTH,
>> 
>> It tried that, I didn't work.
> 
> What didn't work? Adding the keys or -AFAIK- the full authentication?

I was still unable to connect, but for the reasons explained latter.

So i will continue to play with my apache setup to check it if can resolve that.

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] seria consol setup

[Francesco Romani]

- Original Message -
> From: "Fabrice Bacchella" 
> To: "Francesco Romani" 
> Cc: "Yedidyah Bar David" , "users" 
> Sent: Wednesday, March 23, 2016 1:21:11 PM
> Subject: Re: [ovirt-users] seria consol setup
> 
> 
> > Le 23 mars 2016 à 12:32, Francesco Romani  a écrit :
> > 
> > - Original Message -
> >> From: "Yedidyah Bar David" 
> >> To: "Fabrice Bacchella" , "Francesco Romani"
> >> 
> >> Cc: "users" 
> >> Sent: Wednesday, March 23, 2016 12:28:52 PM
> >> Subject: Re: [ovirt-users] seria consol setup
> > 
> >>> I can always use puppet to modify just this line, it will be fine for me.
> >>> 
> >>> The point 4 in Automatic Setup is not very helpfull:
> >>> "   • once the setup succesfully run, and once ovirt-engine is
> >>> running,
> >>> you can log in and register a SSH key. (TODO: add picture)"
> >>> 
> >>> what does it mean ?
> > 
> > It just means that you need to add SSH public keys for the users which want
> > to use
> > the serial console.
> > 
> > E.g. log in user portal
> > in the top right corner there is the $user drop down menu, click on it
> > select "options"
> > paste public key here
> > 
> > HTH,
> 
> It tried that, I didn't work.

What didn't work? Adding the keys or -AFAIK- the full authentication?

> By digging in log and configuration, I think
> it's because I have an Apache server in front of ovirt-engine, using a
> specific SSO authentication module (using CAS), so the certificate-base
> authentication is failing, if my comprehension is good. So you should add a
> few line about that in the documentation.

Will improve in this regard

> Should I make the proxy helper
> talks directly to tomcat by playing with ENGINE_BASE_URL in
> /etc/ovirt-engine/ovirt-vmconsole-proxy-helper.conf.d ?

Yes, the proxy helper is supposed to talk directly with the Engine.

> There is also a small glitch in the documentation:
> su - ovirt-vmconsole -c 'ovirt-vmconsole-proxy-keys list'
> but it should be:
> su - ovirt-vmconsole -c '/usr/libexec/ovirt-vmconsole-proxy-keys list'

Thanks, will fix.

Bests,

-- 
Francesco Romani
RedHat Engineering Virtualization R & D
Phone: 8261328
IRC: fromani
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] seria consol setup

[Fabrice Bacchella]

> Le 23 mars 2016 à 12:32, Francesco Romani  a écrit :
> 
> - Original Message -
>> From: "Yedidyah Bar David" 
>> To: "Fabrice Bacchella" , "Francesco Romani" 
>> 
>> Cc: "users" 
>> Sent: Wednesday, March 23, 2016 12:28:52 PM
>> Subject: Re: [ovirt-users] seria consol setup
> 
>>> I can always use puppet to modify just this line, it will be fine for me.
>>> 
>>> The point 4 in Automatic Setup is not very helpfull:
>>> "   • once the setup succesfully run, and once ovirt-engine is running,
>>> you can log in and register a SSH key. (TODO: add picture)"
>>> 
>>> what does it mean ?
> 
> It just means that you need to add SSH public keys for the users which want 
> to use
> the serial console.
> 
> E.g. log in user portal
> in the top right corner there is the $user drop down menu, click on it
> select "options"
> paste public key here
> 
> HTH,

It tried that, I didn't work. By digging in log and configuration, I think it's 
because I have an Apache server in front of ovirt-engine, using a specific SSO 
authentication module (using CAS), so the certificate-base authentication is 
failing, if my comprehension is good. So you should add a few line about that 
in the documentation. Should I make the proxy helper talks directly to tomcat 
by playing with ENGINE_BASE_URL in 
/etc/ovirt-engine/ovirt-vmconsole-proxy-helper.conf.d ? On a https enabled 
connector for tomcat ?

I have actually in my apache configuration:


AuthType CAS
Require valid-user
CASAuthNHeader X-Remote-User

ProxyPassMatch ajp://127.0.0.1:8702 timeout=3600 retry=5

AddOutputFilterByType DEFLATE text/javascript text/css text/html 
text/xml text/json application/xml application/json application/x-yaml





There is also a small glitch in the documentation:
su - ovirt-vmconsole -c 'ovirt-vmconsole-proxy-keys list'
but it should be:
su - ovirt-vmconsole -c '/usr/libexec/ovirt-vmconsole-proxy-keys list'
  
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] seria consol setup

[Fabrice Bacchella]

> Le 23 mars 2016 à 13:07, Yedidyah Bar David  a écrit :
> 
> On Wed, Mar 23, 2016 at 1:46 PM, Fabrice Bacchella
>  wrote:
>> 
>>> Le 23 mars 2016 à 12:28, Yedidyah Bar David  a écrit :
>>> 
>>> On Wed, Mar 23, 2016 at 1:04 PM, Fabrice Bacchella
>>>  wrote:
 I'm reading the documentation here :
   http://www.ovirt.org/documentation/admin-guide/serial-console-setup/
 
 After a few strace, I found the ssh configuration used for the custom ssh 
 that listen on port :
 /usr/share/ovirt-vmconsole/ovirt-vmconsole-proxy/ovirt-vmconsole-proxy-sshd/sshd_config
 
 And I have a big problem with it.
 It says "GSSAPIAuthentication no" but public key authentication is not 
 allowed in my data center, we use kerberos every where.
 So I wonder if I can edit this file ? How is it managed by ovirt ?
>>> 
>>> In general, things under /usr are only packaged, not "managed". So a
>>> next upgrade will overwrite your changes.
>> 
>> Ok, so I just need to take care how modifications and upgrade are done 
>> (using puppet) and everything should be fine.
> 
> But isn't the below enough?

It is, but I need to add to many options, it will become clumsy. So I'm keeping 
it in my mind.


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] seria consol setup

[Yedidyah Bar David]

On Wed, Mar 23, 2016 at 1:46 PM, Fabrice Bacchella
 wrote:
>
>> Le 23 mars 2016 à 12:28, Yedidyah Bar David  a écrit :
>>
>> On Wed, Mar 23, 2016 at 1:04 PM, Fabrice Bacchella
>>  wrote:
>>> I'm reading the documentation here :
>>>http://www.ovirt.org/documentation/admin-guide/serial-console-setup/
>>>
>>> After a few strace, I found the ssh configuration used for the custom ssh 
>>> that listen on port :
>>> /usr/share/ovirt-vmconsole/ovirt-vmconsole-proxy/ovirt-vmconsole-proxy-sshd/sshd_config
>>>
>>> And I have a big problem with it.
>>> It says "GSSAPIAuthentication no" but public key authentication is not 
>>> allowed in my data center, we use kerberos every where.
>>> So I wonder if I can edit this file ? How is it managed by ovirt ?
>>
>> In general, things under /usr are only packaged, not "managed". So a
>> next upgrade will overwrite your changes.
>
> Ok, so I just need to take care how modifications and upgrade are done (using 
> puppet) and everything should be fine.

But isn't the below enough?

>>
>> Seems like both its systemd unit and sysv init script read
>> /etc/sysconfig/ovirt-vmconsole-proxy-sshd if it exists and add
>> ${OPTIONS} to sshd's command line. So you can try to:
>>
>> echo 'OPTIONS="-o GSSAPIAuthentication=yes"' >>
>> /etc/sysconfig/ovirt-vmconsole-proxy-sshd
>>
>>
>
> I tried that. It works. I now have pure kerberos only problems. But that's a 
> good direction.

Good.

So that should be enough, no? IIRC command-line options override conf
file in sshd, no need to play games with rpm/yum.

Thanks for the report.

Best,
-- 
Didi
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] seria consol setup

[Fabrice Bacchella]

> Le 23 mars 2016 à 12:28, Yedidyah Bar David  a écrit :
> 
> On Wed, Mar 23, 2016 at 1:04 PM, Fabrice Bacchella
>  wrote:
>> I'm reading the documentation here :
>>http://www.ovirt.org/documentation/admin-guide/serial-console-setup/
>> 
>> After a few strace, I found the ssh configuration used for the custom ssh 
>> that listen on port :
>> /usr/share/ovirt-vmconsole/ovirt-vmconsole-proxy/ovirt-vmconsole-proxy-sshd/sshd_config
>> 
>> And I have a big problem with it.
>> It says "GSSAPIAuthentication no" but public key authentication is not 
>> allowed in my data center, we use kerberos every where.
>> So I wonder if I can edit this file ? How is it managed by ovirt ?
> 
> In general, things under /usr are only packaged, not "managed". So a
> next upgrade will overwrite your changes.

Ok, so I just need to take care how modifications and upgrade are done (using 
puppet) and everything should be fine.
> 
> Seems like both its systemd unit and sysv init script read
> /etc/sysconfig/ovirt-vmconsole-proxy-sshd if it exists and add
> ${OPTIONS} to sshd's command line. So you can try to:
> 
> echo 'OPTIONS="-o GSSAPIAuthentication=yes"' >>
> /etc/sysconfig/ovirt-vmconsole-proxy-sshd
> 
> 

I tried that. It works. I now have pure kerberos only problems. But that's a 
good direction.

> and restart it.
> 


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] seria consol setup

[Francesco Romani]

- Original Message -
> From: "Yedidyah Bar David" 
> To: "Fabrice Bacchella" , "Francesco Romani" 
> 
> Cc: "users" 
> Sent: Wednesday, March 23, 2016 12:28:52 PM
> Subject: Re: [ovirt-users] seria consol setup

> > I can always use puppet to modify just this line, it will be fine for me.
> >
> > The point 4 in Automatic Setup is not very helpfull:
> > "   • once the setup succesfully run, and once ovirt-engine is running,
> > you can log in and register a SSH key. (TODO: add picture)"
> >
> > what does it mean ?

It just means that you need to add SSH public keys for the users which want to 
use
the serial console.

E.g. log in user portal
in the top right corner there is the $user drop down menu, click on it
select "options"
paste public key here

HTH,

-- 
Francesco Romani
RedHat Engineering Virtualization R & D
Phone: 8261328
IRC: fromani
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] seria consol setup

[Yedidyah Bar David]

On Wed, Mar 23, 2016 at 1:04 PM, Fabrice Bacchella
 wrote:
> I'm reading the documentation here :
> http://www.ovirt.org/documentation/admin-guide/serial-console-setup/
>
> After a few strace, I found the ssh configuration used for the custom ssh 
> that listen on port :
> /usr/share/ovirt-vmconsole/ovirt-vmconsole-proxy/ovirt-vmconsole-proxy-sshd/sshd_config
>
> And I have a big problem with it.
> It says "GSSAPIAuthentication no" but public key authentication is not 
> allowed in my data center, we use kerberos every where.
> So I wonder if I can edit this file ? How is it managed by ovirt ?

In general, things under /usr are only packaged, not "managed". So a
next upgrade will overwrite your changes.

Seems like both its systemd unit and sysv init script read
/etc/sysconfig/ovirt-vmconsole-proxy-sshd if it exists and add
${OPTIONS} to sshd's command line. So you can try to:

echo 'OPTIONS="-o GSSAPIAuthentication=yes"' >>
/etc/sysconfig/ovirt-vmconsole-proxy-sshd

and restart it.

> I can always use puppet to modify just this line, it will be fine for me.
>
> The point 4 in Automatic Setup is not very helpfull:
> "   • once the setup succesfully run, and once ovirt-engine is running, 
> you can log in and register a SSH key. (TODO: add picture)"
>
> what does it mean ?

No idea. Adding Francesco.
-- 
Didi
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] seria consol setup

[Fabrice Bacchella]

I'm reading the documentation here :
http://www.ovirt.org/documentation/admin-guide/serial-console-setup/

After a few strace, I found the ssh configuration used for the custom ssh that 
listen on port :
/usr/share/ovirt-vmconsole/ovirt-vmconsole-proxy/ovirt-vmconsole-proxy-sshd/sshd_config

And I have a big problem with it.
It says "GSSAPIAuthentication no" but public key authentication is not allowed 
in my data center, we use kerberos every where.
So I wonder if I can edit this file ? How is it managed by ovirt ?
I can always use puppet to modify just this line, it will be fine for me.

The point 4 in Automatic Setup is not very helpfull:
"   • once the setup succesfully run, and once ovirt-engine is running, you 
can log in and register a SSH key. (TODO: add picture)"

what does it mean ?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] [hosted-engine] The VDSM host was found in a failed state

[Wee Sritippho]

Hi Didi,

It was indeed the iptable issue. I forgot to open the udp ports.

Here are the versions of relevant packages:

Host:
libgovirt-0.3.3-1.el7_2.1.x86_64
ovirt-engine-appliance-3.6-20160301.1.el7.centos.noarch
ovirt-release36-005-1.noarch
ovirt-vmconsole-1.0.0-1.el7.centos.noarch
ovirt-vmconsole-host-1.0.0-1.el7.centos.noarch
ovirt-host-deploy-1.4.1-1.el7.centos.noarch
ovirt-hosted-engine-ha-1.3.4.3-1.el7.centos.noarch
ovirt-engine-sdk-python-3.6.3.0-1.el7.centos.noarch
ovirt-setup-lib-1.0.1-1.el7.centos.noarch
ovirt-hosted-engine-setup-1.3.3.4-1.el7.centos.noarch
vdsm-jsonrpc-4.17.23-1.el7.noarch
vdsm-infra-4.17.23-1.el7.noarch
vdsm-hook-vmfex-dev-4.17.23-1.el7.noarch
vdsm-cli-4.17.23-1.el7.noarch
vdsm-gluster-4.17.23-1.el7.noarch
vdsm-yajsonrpc-4.17.23-1.el7.noarch
vdsm-python-4.17.23-1.el7.noarch
vdsm-4.17.23-1.el7.noarch
vdsm-xmlrpc-4.17.23-1.el7.noarch

Engine (ovirt-engine-appliance-3.6-20160301.1.el7.centos.noarch):
ovirt-engine-lib-3.6.3.4-1.el7.centos.noarch
ovirt-engine-websocket-proxy-3.6.3.4-1.el7.centos.noarch
ovirt-engine-wildfly-8.2.1-1.el7.x86_64
ovirt-engine-tools-3.6.3.4-1.el7.centos.noarch
ovirt-engine-setup-3.6.3.4-1.el7.centos.noarch
ovirt-iso-uploader-3.6.0-1.el7.centos.noarch
ovirt-engine-extensions-api-impl-3.6.3.4-1.el7.centos.noarch
ovirt-engine-cli-3.6.2.0-1.el7.centos.noarch
ovirt-engine-setup-base-3.6.3.4-1.el7.centos.noarch
ovirt-engine-setup-plugin-websocket-proxy-3.6.3.4-1.el7.centos.noarch
ovirt-engine-webadmin-portal-3.6.3.4-1.el7.centos.noarch
ovirt-engine-backend-3.6.3.4-1.el7.centos.noarch
ovirt-engine-restapi-3.6.3.4-1.el7.centos.noarch
ovirt-engine-setup-plugin-vmconsole-proxy-helper-3.6.3.4-1.el7.centos.noarch
ovirt-engine-setup-plugin-ovirt-engine-3.6.3.4-1.el7.centos.noarch
ovirt-engine-3.6.3.4-1.el7.centos.noarch
ovirt-guest-agent-common-1.0.11-1.el7.noarch
ovirt-release36-003-1.noarch
ovirt-engine-sdk-python-3.6.3.0-1.el7.centos.noarch
ovirt-image-uploader-3.6.0-1.el7.centos.noarch
ovirt-engine-extension-aaa-jdbc-1.0.6-1.el7.noarch
ovirt-host-deploy-1.4.1-1.el7.centos.noarch
ovirt-engine-wildfly-overlay-8.0.4-1.el7.noarch
ovirt-vmconsole-proxy-1.0.0-1.el7.centos.noarch
ovirt-engine-setup-plugin-ovirt-engine-common-3.6.3.4-1.el7.centos.noarch
ovirt-host-deploy-java-1.4.1-1.el7.centos.noarch
ovirt-engine-dbscripts-3.6.3.4-1.el7.centos.noarch
ovirt-engine-vmconsole-proxy-helper-3.6.3.4-1.el7.centos.noarch
ovirt-engine-userportal-3.6.3.4-1.el7.centos.noarch
ovirt-setup-lib-1.0.1-1.el7.centos.noarch
ovirt-vmconsole-1.0.0-1.el7.centos.noarch

And here are the log files (press 'Raw' to view full file):
https://gist.github.com/anonymous/24627289549e35317b7f

Thank you,
Wee


On 23/3/2559 14:11, Yedidyah Bar David wrote:

On Wed, Mar 23, 2016 at 6:40 AM, Wee Sritippho  wrote:

Hi,

I'm installing oVirt hosted-engine using a fibre channel storage. During the
deployment I found this error:

 [ ERROR ] The VDSM host was found in a failed state. Please check engine
and bootstrap installation logs.
 [ ERROR ] Unable to add hosted_engine_1 to the manager

Tried to reinstall the host via web GUI, but got this error:

 Host hosted_engine_1 installation failed. Host is not reachable.

How do I fix this?


You were asked:

 iptables was detected on your computer, do you wish setup to configure it?

and replied 'No'. So it later told you:

  The following network ports should be opened:
  tcp:5900
  tcp:5901
  udp:5900
  udp:5901
  An example of the required configuration for iptables
can be found at:
  /etc/ovirt-hosted-engine/iptables.example

Did you?

Also, your vdsm.log has lots of noise found on the hosted-engine storage.
Something like:

https://bugzilla.redhat.com/show_bug.cgi?id=1238823

Please provide versions of relevant packages on host and engine vm and HA logs
(/var/log/ovirt-hosted-engine-ha/*).

Adding Martin.


P.S. The log files were about 10 MB so I zipped it all

Thanks.

You can also upload to some file-sharing service and post a link, might be
more comfortable for some of the subscribers of this list.

Best,



---
ซอฟต์แวร์ Avast แอนตี้ไวรัสตรวจสอบหาไวรัสจากอีเมลนี้แล้ว
https://www.avast.com/antivirus

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] glusterfs public key failure for rpm

[Sandro Bonazzola]

ovirt-release36 RPMs have been updated with the new glusterfs key url.
Thanks,

On Tue, Mar 22, 2016 at 5:47 PM, Fabrice Bacchella <
fabrice.bacche...@orange.fr> wrote:

> The command
> rpm --import
> https://download.gluster.org/pub/gluster/glusterfs/LATEST/rsa.pub
> worked too.
> >
>
> > Le 22 mars 2016 à 17:46, Robert Story  a écrit :
> >
> > On Tue, 22 Mar 2016 17:28:20 +0100 Fabrice wrote:
> > FB> I tried to add a new host on a RHEL7, but it fails.
> > FB>
> > FB> In the ovirt-host-deploy-20160322171347-XXX-6ba9d4a3.log file, I
> found:
> > FB>
> > FB> warning:
> /var/cache/yum/x86_64/7/ovirt-3.6-glusterfs-epel/packages/glusterfs-libs-3.7.9-1.el7.x86_64.rpm:
> > FB> Header V4 RSA/SHA256 Signature, key ID d5dc52dc: NOKEY Retrieving key
> > FB> from
> https://download.gluster.org/pub/gluster/glusterfs/LATEST/pub.key
> >
> > Try this patch, it worked for me:
> >
> > diff --git a/yum.repos.d/ovirt-3.5-dependencies.repo
> b/yum.repos.d/ovirt-3.5-dependencies.repo
> > index c1914bb..3ef8a28 100644
> > --- a/yum.repos.d/ovirt-3.5-dependencies.repo
> > +++ b/yum.repos.d/ovirt-3.5-dependencies.repo
> > @@ -14,7 +14,7 @@ baseurl=
> http://download.gluster.org/pub/gluster/glusterfs/LATEST/EPEL.repo/epel-
> > enabled=1
> > skip_if_unavailable=1
> > gpgcheck=1
> > -gpgkey=
> https://download.gluster.org/pub/gluster/glusterfs/LATEST/pub.key
> > +gpgkey=
> https://download.gluster.org/pub/gluster/glusterfs/LATEST/rsa.pub
> >
> > [ovirt-3.5-glusterfs-noarch-epel]
> > name=GlusterFS is a clustered file-system capable of scaling to several
> petabytes.
> > @@ -22,7 +22,7 @@ baseurl=
> http://download.gluster.org/pub/gluster/glusterfs/LATEST/EPEL.repo/epel-
> > enabled=1
> > skip_if_unavailable=1
> > gpgcheck=1
> > -gpgkey=
> https://download.gluster.org/pub/gluster/glusterfs/LATEST/pub.key
> > +gpgkey=
> https://download.gluster.org/pub/gluster/glusterfs/LATEST/rsa.pub
> >
> > [ovirt-3.5-patternfly1-noarch-epel]
> > name=Copr repo for patternfly1 owned by patternfly
> >
> >
> > Robert
> >
> > --
> > Senior Software Engineer @ Parsons
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>



-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] [hosted-engine] The VDSM host was found in a failed state

[Yedidyah Bar David]

On Wed, Mar 23, 2016 at 6:40 AM, Wee Sritippho  wrote:
> Hi,
>
> I'm installing oVirt hosted-engine using a fibre channel storage. During the
> deployment I found this error:
>
> [ ERROR ] The VDSM host was found in a failed state. Please check engine
> and bootstrap installation logs.
> [ ERROR ] Unable to add hosted_engine_1 to the manager
>
> Tried to reinstall the host via web GUI, but got this error:
>
> Host hosted_engine_1 installation failed. Host is not reachable.
>
> How do I fix this?
>

You were asked:

iptables was detected on your computer, do you wish setup to configure it?

and replied 'No'. So it later told you:

 The following network ports should be opened:
 tcp:5900
 tcp:5901
 udp:5900
 udp:5901
 An example of the required configuration for iptables
can be found at:
 /etc/ovirt-hosted-engine/iptables.example

Did you?

Also, your vdsm.log has lots of noise found on the hosted-engine storage.
Something like:

https://bugzilla.redhat.com/show_bug.cgi?id=1238823

Please provide versions of relevant packages on host and engine vm and HA logs
(/var/log/ovirt-hosted-engine-ha/*).

Adding Martin.

> P.S. The log files were about 10 MB so I zipped it all

Thanks.

You can also upload to some file-sharing service and post a link, might be
more comfortable for some of the subscribers of this list.

Best,
-- 
Didi
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users