Re: [ovirt-users] Failed to check for available updates on host * with message 'Command returned failure code 1 during SSH session 'root@*

2016-09-13 Thread aleksey . maksimov 
IPv6 disabled in my ifcfg files # cat /etc/sysconfig/network-scripts/ifcfg-ovirtmgmt | grep IPV6 IPV6INIT=no And running the command "yum update" manually operates successfully.  13.09.2016, 22:25, "Gianluca Cecchi" :On Tue, Sep 13, 2016 at 10:59 AM,  wrote:nslookup resolves names on the engine and hosts without ipv6 address:# nslookup mirrorlist.centos.orgServer:         10.1.0.10Address:        10.1.0.10#53Non-authoritative answer:Name:   mirrorlist.centos.orgAddress: 67.219.148.138Name:   mirrorlist.centos.orgAddress: 85.236.43.108Name:   mirrorlist.centos.orgAddress: 212.69.166.138Name:   mirrorlist.centos.orgAddress: 216.176.179.218Why oVirt updates checking process trying to use ipv6 ?   I had a similar problem some days ago with a CentOS 7 system, but it was general and unrelated to ovirt itself.If I remember correctly the problem was that originally it was configured by anaconda with NetworkManager and ipv6 and yum worked well.Then I stopped and disabled NetworkManager service (the "network" service is already enabled by default, so no action for it)  but I didn't remove all the IPV6 entries inside the anaconda-configured ifcfg-eno16780032 file in my /etc/sysconfig/network-scripts directoryI also created a /etc/sysctl.d/noipv6.conf file with:net.ipv6.conf.all.disable_ipv6 = 1net.ipv6.conf.default.disable_ipv6 = 1 But I got the ipv6 problem when trying in general to run "yum update"After wiping ipv6 entries in ifcfg-xxx file all went well.Could it be that in some ifcfg-* files you still have any reference to ipv6? Also, I had to run systemctl restart network HIH,Gianluca ___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Failed to check for available updates on host * with message 'Command returned failure code 1 during SSH session 'root@*

2016-09-13 Thread aleksey . maksimov 
Hi oVirt guru`s! # getent ahosts mirrorlist.centos.org 216.176.179.218 STREAM mirrorlist.centos.org216.176.179.218 DGRAM216.176.179.218 RAW67.219.148.138  STREAM67.219.148.138  DGRAM67.219.148.138  RAW85.236.43.108   STREAM85.236.43.108   DGRAM85.236.43.108   RAW212.69.166.138  STREAM212.69.166.138  DGRAM212.69.166.138  RAW # ip addr | grep inet6 (no output)  13.09.2016, 21:58, "Edward Haas" :  On Tue, Sep 13, 2016 at 12:55 PM, Martin Perina  wrote:  On Tue, Sep 13, 2016 at 10:59 AM,  wrote:nslookup resolves names on the engine and hosts without ipv6 address:# nslookup mirrorlist.centos.orgServer:         10.1.0.10Address:        10.1.0.10#53Non-authoritative answer:Name:   mirrorlist.centos.orgAddress: 67.219.148.138Name:   mirrorlist.centos.orgAddress: 85.236.43.108Name:   mirrorlist.centos.orgAddress: 212.69.166.138Name:   mirrorlist.centos.orgAddress: 216.176.179.218Why oVirt updates checking process trying to use ipv6 ?13.09.2016, 08:26, "aleksey.maksi...@it-kb.ru" :> Yesterday I changed the settings the host to:>> net.ipv6.conf.all.disable_ipv6 = 1> net.ipv6.conf.default.disable_ipv6 = 1>> I deleted the last two lines in /etc/sysctl.conf and rebooted host.>> Tonight - problem repeated:>> 2016-09-13 01:11:13 ERROR otopi.context context._executeMethod:151 Failed to execute stage 'Environment packages setup': Cannot find a valid baseurl for repo: base/7/x86_64> 2016-09-13 01:11:13 DEBUG otopi.transaction transaction.abort:119 aborting 'Yum Transaction'> 2016-09-13 01:11:13 INFO otopi.plugins.otopi.packagers.yumpackager yumpackager.info:80 Yum Performing yum transaction rollback> Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7=x86_64=os=stock error was> 14: curl#7 - "Failed to connect to 2604:1580:fe02:2::10: Network is unreachable">> Why so? ​Didi, any idea why otopi (or python underneath, not sure) is using IPv6​ addresses when IPv6 is disabled on the host? Could you please resolve it with "getent ahosts " ?Please add the output from "ip addr", if you see there an IPv6 address, something is enabling the ipv6 on that iface.  >> 12.09.2016, 17:34, "Martin Perina" :>> On Mon, Sep 12, 2016 at 3:34 PM,  wrote:>>> My /etc/sysctl.conf is:>> net.ipv6.conf.all.disable_ipv6 = 1>>> net.ipv6.conf.default.disable_ipv6 = 1>>> net.ipv6.conf.lo.disable_ipv6 = 0>>> net.ipv6.conf.ovirtmgmt.disable_ipv6 = 0 ​I'm not networking expert, but last two lines means that you have IPv6 enabled on loopback and ovirtmgmt network interfaces (but disabled on all others). So you shouldn't be surprised to get IPv6 address from DNS resolver if ovirtmgmt supports IPv6. Dan/Edward, am I right?>> ​>>> Last two lines was added for http://lists.ovirt.org/pipermail/users/2016-July/041443.html>> My configuration file is bad ??>> 12.09.2016, 16:22, "Martin Perina" : On Mon, Sep 12, 2016 at 2:49 PM,  wrote:> Ok. I found log-file /var/log/ovirt-engine/host-deploy/ovirt-host-mgmt-20160912020013-kom-ad01-vm31.holding.com-null.log with this:>> ...> 2016-09-12 02:00:13 ERROR otopi.plugins.otopi.packagers.yumpackager yumpackager.error:85 Yum Cannot queue package iproute: Cannot find a valid baseurl for repo: base/7/x86_64> 2016-09-12 02:00:13 DEBUG otopi.context context._executeMethod:142 method exception> Traceback (most recent call last):>   File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/context.py", line 132, in _executeMethod>     method['method']()>   File "/tmp/ovirt-B4lcSm14u9/otopi-plugins/otopi/network/hostname.py", line 54, in _internal_packages>     self.packager.install(packages=('iproute',))>   File "/tmp/ovirt-B4lcSm14u9/otopi-plugins/otopi/packagers/yumpackager.py", line 295, in install>     ignoreErrors=ignoreErrors>   File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line 851, in install>     **kwargs>   File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line 495, in _queue>     provides = self._queryProvides(packages=(package,))>   File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line 433, in _queryProvides>     for po in self._yb.searchPackageProvides(args=packages):>   File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 3429, in searchPackageProvides>     where = self.returnPackagesByDep(arg)>   File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 4255, in returnPackagesByDep>     return self.pkgSack.searchProvides(depstring)>   File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 1079, in >     pkgSack = property(fget=lambda self: self._getSacks(),>   File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 784, in _getSacks>     self.repos.populateSack(which=repos)>   File "/usr/lib/python2.7/site-packages/yum/repos.py", line 344, in

Re: [ovirt-users] Associate IP addresses to MAC addresses (anti-spoofing rules)

2016-09-13 Thread André Gustavo 
I forgot to comment

It is a public network (Public IP)

I have 2 servers and 1 router
I hired a "IP block" that can be accessed through the router

For example:

Network: 165.112.12.112/28
IPs: 165.112.12.113 - 167.114.12.125
Gateway: 165.112.12.126 (router)

I provide to my client a public IP directly in VM

I want to prevent a customer responds by another customer
or take another ip available for himself



Since that my client has access to the "User Portal"
The "clean-traffic" filter will prevent it change the ip when it shut down
and restart the VM?

Thanks,
André

2016-09-13 5:57 GMT-03:00 Marcin Mirecki :

> Hi André,
>
> The best separation would be providing a separate network for each
> customer.
> This way you could protect them from other malicious users on your
> internal networks.
> Please describe your env in some more detail.
>
> Thanks,
> Marcin
>
>
>
> - Original Message -
> > From: "André Gustavo" 
> > To: Users@ovirt.org
> > Sent: Monday, September 12, 2016 8:33:40 PM
> > Subject: [ovirt-users] Associate IP addresses to MAC addresses
> (anti-spoofing rules)
> >
> > Aloha,
> >
> > I'm using oVirt 4 in my hosting.
> >
> > However, easily a customer can change the IP to another client (IP
> spoofing)
> >
> > In vNIC profiles, altered Network Filter
> > from "VDSM-on-mac-spoofing" to "no-ip-spoofing"
> >
> > It worked partially, but if the client power off 'vm' and turn on the
> 'vm',
> > he can perform the change in IP
> >
> > I tried to use eptables, but also had problems
> > http://ebtables.netfilter.org/examples/basic.html#ex_anti-spoof
> >
> >
> > What is the best option?
> >
> >
> > --
> > ---
> > André Gustavo Timermann
> > Curitiba/PR - Brasil
> >
> > ___
> > Users mailing list
> > Users@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >
>



-- 
---
André Gustavo Timermann
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] [ovirt 3.6] Logical network not working

2016-09-13 Thread Luca 'remix_tj' Lorenzetto 
On Tue, Sep 13, 2016 at 9:20 PM, Edward Haas  wrote:
>
>
> On Mon, Sep 12, 2016 at 3:14 PM, Luca 'remix_tj' Lorenzetto
>  wrote:
>>
>> On Mon, Sep 12, 2016 at 2:11 PM, Colin Coe  wrote:
>> > So is the problem getting traffic between two different VLANs working?
>> > If
>> > so, have you double checked your routing?
>>
>> No, the issue is that VM cannot still ping the gateway of it's own
>> network.
>>
>> Resuming:
>>
>> VM can ping the host interface assigned to the logical network (eno5)
>> VM cannot ping gateway
>>
>> Host can ping gateway and VM
>>
>> External machine (e.g. gateway) cannot ping VM
>> External machine can ping the host interface assigned to the logical
>> network (eno5)
>
>
> I may be missing something here, and a diagram would have helped.
> Assuming this is your setup, see how vlan tagging matters and translates to
> the network:
>
> [pc]---[switch] 828>[eno5]-[eno5.828][bridge][vNIC -
> regular iface, no vlan]
>
> In this setup, eno5 and eno5.828 should not have any IP defined, that is not
> legal. You need the address on the bridge.
> And you are not suppose to add it manually, but set it through Engine.

Yes, i reported a wrong information. Sorry.

I added the ip address starting via the engine to the bridge Development.



> Based on your description, setting an address on eno5, means that your gw/pc
> is not residing on a VLAN, or you have no trunk between eno
> to it.
[cut]
> and fix the data flow diagram if it is not correct.
>

The data flow now is the following, after disabling VLAN settings on
engine and changing the port as native interface.

[pc]---[switch][eno5]---[bridge][vNIC - regular iface, no vlan]

Before was as you reported. VLAN usage has been disable to check if
something was wrong on my setup on the host.

As you can see on my previous emails, seems that the issue is about
the linux bridge, which is not forwarding ARP packets from the
external network (traffic incoming to eno5) to the vtap (vnet0, which
reports mac address different from the one seen inside the VM)

> Perhaps it will be better to just add here the output of from the host:
> ip addr

1: lo:  mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
2: eno1:  mtu 1500 qdisc mq
master bond0 state UP qlen 1000
link/ether 00:21:5a:9b:ba:8d brd ff:ff:ff:ff:ff:ff
3: eno2:  mtu 1500 qdisc mq
master bond0 state UP qlen 1000
link/ether 00:21:5a:9b:ba:8d brd ff:ff:ff:ff:ff:ff
4: eno3:  mtu 1500 qdisc mq
master bond1 state UP qlen 1000
link/ether 00:21:5a:9b:ba:91 brd ff:ff:ff:ff:ff:ff
5: eno4:  mtu 1500 qdisc mq
master bond1 state UP qlen 1000
link/ether 00:21:5a:9b:ba:91 brd ff:ff:ff:ff:ff:ff
6: eno5:  mtu 1500 qdisc mq master
Development state UP qlen 1000
link/ether 00:21:5a:9b:ba:95 brd ff:ff:ff:ff:ff:ff
7: eno6:  mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:21:5a:9b:ba:97 brd ff:ff:ff:ff:ff:ff
8: bond0:  mtu 1500 qdisc
noqueue master ovirtmgmt state UP
link/ether 00:21:5a:9b:ba:8d brd ff:ff:ff:ff:ff:ff
9: bond1:  mtu 1500 qdisc
noqueue state UP
link/ether 00:21:5a:9b:ba:91 brd ff:ff:ff:ff:ff:ff
inet 172.25.44.57/22 brd 172.25.47.255 scope global bond1
   valid_lft forever preferred_lft forever
10: ;vdsmdummy;:  mtu 1500 qdisc noop state DOWN
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
12: ovirtmgmt:  mtu 1500 qdisc noqueue state UP
link/ether 00:21:5a:9b:ba:8d brd ff:ff:ff:ff:ff:ff
inet 10.5.12.48/22 brd 10.5.15.255 scope global ovirtmgmt
   valid_lft forever preferred_lft forever
31: Development:  mtu 1500 qdisc
noqueue state UP
link/ether 00:21:5a:9b:ba:95 brd ff:ff:ff:ff:ff:ff
inet 10.5.30.12/22 brd 10.5.31.255 scope global Development
   valid_lft forever preferred_lft forever
32: vnet0:  mtu 1500 qdisc pfifo_fast
master Development state UNKNOWN qlen 500
link/ether fe:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff


> brctl show


bridge name bridge id   STP enabled interfaces
;vdsmdummy; 8000.   no
Development8000.00215a9bba95   no  eno5
vnet0
ovirtmgmt   8000.00215a9bba8d   no  bond0


> vdsClient -s 0 getVdsCaps
>

HBAInventory = {'FC': [{'model': '554FLB - HP FlexFabric 10Gb
2-port

Re: [ovirt-users] Failed to check for available updates on host * with message 'Command returned failure code 1 during SSH session 'root@*

2016-09-13 Thread Gianluca Cecchi 
On Tue, Sep 13, 2016 at 10:59 AM,  wrote:

> nslookup resolves names on the engine and hosts without ipv6 address:
>
> # nslookup mirrorlist.centos.org
>
> Server: 10.1.0.10
> Address:10.1.0.10#53
>
> Non-authoritative answer:
> Name:   mirrorlist.centos.org
> Address: 67.219.148.138
> Name:   mirrorlist.centos.org
> Address: 85.236.43.108
> Name:   mirrorlist.centos.org
> Address: 212.69.166.138
> Name:   mirrorlist.centos.org
> Address: 216.176.179.218
>
> Why oVirt updates checking process trying to use ipv6 ?
>
>

I had a similar problem some days ago with a CentOS 7 system, but it was
general and unrelated to ovirt itself.
If I remember correctly the problem was that originally it was configured
by anaconda with NetworkManager and ipv6 and yum worked well.
Then I stopped and disabled NetworkManager service (the "network" service
is already enabled by default, so no action for it)  but I didn't remove
all the IPV6 entries inside the anaconda-configured ifcfg-eno16780032 file
in my /etc/sysconfig/network-scripts directory
I also created a /etc/sysctl.d/noipv6.conf file with:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

But I got the ipv6 problem when trying in general to run "yum update"
After wiping ipv6 entries in ifcfg-xxx file all went well.
Could it be that in some ifcfg-* files you still have any reference to ipv6?

Also, I had to run
systemctl restart network

HIH,
Gianluca
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] [ovirt 3.6] Logical network not working

2016-09-13 Thread Edward Haas 
On Mon, Sep 12, 2016 at 3:14 PM, Luca 'remix_tj' Lorenzetto <
lorenzetto.l...@gmail.com> wrote:

> On Mon, Sep 12, 2016 at 2:11 PM, Colin Coe  wrote:
> > So is the problem getting traffic between two different VLANs working?
> If
> > so, have you double checked your routing?
>
> No, the issue is that VM cannot still ping the gateway of it's own network.
>
> Resuming:
>
> VM can ping the host interface assigned to the logical network (eno5)
> VM cannot ping gateway
>
> Host can ping gateway and VM
>
> External machine (e.g. gateway) cannot ping VM
> External machine can ping the host interface assigned to the logical
> network (eno5)
>

I may be missing something here, and a diagram would have helped.
Assuming this is your setup, see how vlan tagging matters and translates to
the network:

[pc]---[switch][eno5]-[eno5.828][bridge][vNIC -
regular iface, no vlan]

In this setup, eno5 and eno5.828 should not have any IP defined, that is
not legal. You need the address on the bridge.
And you are not suppose to add it manually, but set it through Engine.
Based on your description, setting an address on eno5, means that your
gw/pc is not residing on a VLAN, or you have no trunk between eno
to it.
Perhaps it will be better to just add here the output of from the host:
ip addr
brctl show
vdsClient -s 0 getVdsCaps

and fix the data flow diagram if it is not correct.


>
> --
> "E' assurdo impiegare gli uomini di intelligenza eccellente per fare
> calcoli che potrebbero essere affidati a chiunque se si usassero delle
> macchine"
> Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
>
> "Internet è la più grande biblioteca del mondo.
> Ma il problema è che i libri sono tutti sparsi sul pavimento"
> John Allen Paulos, Matematico (1945-vivente)
>
> Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <
> lorenzetto.l...@gmail.com>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Failed to check for available updates on host * with message 'Command returned failure code 1 during SSH session 'root@*

2016-09-13 Thread Yaniv Kaul 
On Tue, Sep 13, 2016 at 8:26 AM,  wrote:

> 2604:1580:fe02:2::10


Probably yum/DNF not explicitly asking for IPv4 (and perhaps happy
eyeballs[1] is used on the stack?)
Y.

[1] https://en.wikipedia.org/wiki/Happy_Eyeballs
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Failed to check for available updates on host * with message 'Command returned failure code 1 during SSH session 'root@*

2016-09-13 Thread Edward Haas 
On Tue, Sep 13, 2016 at 12:55 PM, Martin Perina  wrote:

>
>
> On Tue, Sep 13, 2016 at 10:59 AM,  wrote:
>
>> nslookup resolves names on the engine and hosts without ipv6 address:
>>
>> # nslookup mirrorlist.centos.org
>>
>> Server: 10.1.0.10
>> Address:10.1.0.10#53
>>
>> Non-authoritative answer:
>> Name:   mirrorlist.centos.org
>> Address: 67.219.148.138
>> Name:   mirrorlist.centos.org
>> Address: 85.236.43.108
>> Name:   mirrorlist.centos.org
>> Address: 212.69.166.138
>> Name:   mirrorlist.centos.org
>> Address: 216.176.179.218
>>
>> Why oVirt updates checking process trying to use ipv6 ?
>>
>>
>> 13.09.2016, 08:26, "aleksey.maksi...@it-kb.ru" > >:
>> > Yesterday I changed the settings the host to:
>> >
>> > net.ipv6.conf.all.disable_ipv6 = 1
>> > net.ipv6.conf.default.disable_ipv6 = 1
>> >
>> > I deleted the last two lines in /etc/sysctl.conf and rebooted host.
>> >
>> > Tonight - problem repeated:
>> >
>> > 2016-09-13 01:11:13 ERROR otopi.context context._executeMethod:151
>> Failed to execute stage 'Environment packages setup': Cannot find a valid
>> baseurl for repo: base/7/x86_64
>> > 2016-09-13 01:11:13 DEBUG otopi.transaction transaction.abort:119
>> aborting 'Yum Transaction'
>> > 2016-09-13 01:11:13 INFO otopi.plugins.otopi.packagers.yumpackager
>> yumpackager.info:80 Yum Performing yum transaction rollback
>> > Could not retrieve mirrorlist http://mirrorlist.centos.org/?
>> release=7=x86_64=os=stock error was
>> > 14: curl#7 - "Failed to connect to 2604:1580:fe02:2::10: Network is
>> unreachable"
>> >
>> > Why so?
>>
>
> ​Didi, any idea why otopi (or python underneath, not sure) is using IPv6​
> addresses when IPv6 is disabled on the host?
>

Could you please resolve it with "getent ahosts " ?
Please add the output from "ip addr", if you see there an IPv6 address,
something is enabling the ipv6 on that iface.


>
>
>> >
>> > 12.09.2016, 17:34, "Martin Perina" :
>> >> On Mon, Sep 12, 2016 at 3:34 PM,  wrote:
>> >>> My /etc/sysctl.conf is:
>> >>>
>> >>> net.ipv6.conf.all.disable_ipv6 = 1
>> >>> net.ipv6.conf.default.disable_ipv6 = 1
>> >>> net.ipv6.conf.lo.disable_ipv6 = 0
>> >>> net.ipv6.conf.ovirtmgmt.disable_ipv6 = 0
>> >>
>> >> ​I'm not networking expert, but last two lines means that you have
>> IPv6 enabled on loopback and ovirtmgmt network interfaces (but disabled on
>> all others). So you shouldn't be surprised to get IPv6 address from DNS
>> resolver if ovirtmgmt supports IPv6. Dan/Edward, am I right?
>> >> ​
>> >>> Last two lines was added for http://lists.ovirt.org/piperma
>> il/users/2016-July/041443.html
>> >>>
>> >>> My configuration file is bad ??
>> >>>
>> >>> 12.09.2016, 16:22, "Martin Perina" :
>>  On Mon, Sep 12, 2016 at 2:49 PM,  wrote:
>> > Ok. I found log-file /var/log/ovirt-engine/host-dep
>> loy/ovirt-host-mgmt-20160912020013-kom-ad01-vm31.holding.com-null.log
>> with this:
>> >
>> > ...
>> > 2016-09-12 02:00:13 ERROR otopi.plugins.otopi.packagers.yumpackager
>> yumpackager.error:85 Yum Cannot queue package iproute: Cannot find a valid
>> baseurl for repo: base/7/x86_64
>> > 2016-09-12 02:00:13 DEBUG otopi.context context._executeMethod:142
>> method exception
>> > Traceback (most recent call last):
>> >   File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/context.py", line
>> 132, in _executeMethod
>> > method['method']()
>> >   File "/tmp/ovirt-B4lcSm14u9/otopi-plugins/otopi/network/hostname.py",
>> line 54, in _internal_packages
>> > self.packager.install(packages=('iproute',))
>> >   File 
>> > "/tmp/ovirt-B4lcSm14u9/otopi-plugins/otopi/packagers/yumpackager.py",
>> line 295, in install
>> > ignoreErrors=ignoreErrors
>> >   File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line
>> 851, in install
>> > **kwargs
>> >   File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line
>> 495, in _queue
>> > provides = self._queryProvides(packages=(package,))
>> >   File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line
>> 433, in _queryProvides
>> > for po in self._yb.searchPackageProvides(args=packages):
>> >   File "/usr/lib/python2.7/site-packages/yum/__init__.py", line
>> 3429, in searchPackageProvides
>> > where = self.returnPackagesByDep(arg)
>> >   File "/usr/lib/python2.7/site-packages/yum/__init__.py", line
>> 4255, in returnPackagesByDep
>> > return self.pkgSack.searchProvides(depstring)
>> >   File "/usr/lib/python2.7/site-packages/yum/__init__.py", line
>> 1079, in 
>> > pkgSack = property(fget=lambda self: self._getSacks(),
>> >   File "/usr/lib/python2.7/site-packages/yum/__init__.py", line
>> 784, in _getSacks
>> > self.repos.populateSack(which=repos)
>> >   File "/usr/lib/python2.7/site-packages/yum/repos.py", line

Re: [ovirt-users] oVirt 4 + Foreman

2016-09-13 Thread Arsène Gschwind 

Hi,

Thanks, that was the problem, it works now.

Regards,
Arsène


On 09/08/2016 06:16 PM, Karli Sjöberg wrote:



Den 8 sep 2016 15:32 skrev Arsène Gschwind :
>
> Hi,
>
> Sorry for this late reply, i've been busy with some other projects 
in the last weeks.

>
> I did some log analysing and could find the following in the foreman 
log when trying to add foreman as an external provider for oVirt:

>
> 2016-09-08 15:20:03 [app] [I] Started GET "/api/v2" for 10.0.10.10 
at 2016-09-08 15:20:03 +0200

>
> 2016-09-08 15:20:03 [app] [I] Processing by 
Api::V2::HomeController#index as JSON

>
> 2016-09-08 15:20:03 [app] [I]   Parameters: {"apiv"=>"v2", "home"=>{}}
>
> 2016-09-08 15:20:03 [app] [I] Authorized user ovirt(oVirt org)
>
> 2016-09-08 15:20:03 [app] [I]   Rendered api/v2/home/index.json.rabl 
(81.8ms)

>
> 2016-09-08 15:20:03 [app] [I] Completed 200 OK in 104ms (Views: 
82.3ms | ActiveRecord: 4.6ms)

>
> 2016-09-08 15:20:03 [app] [I] Started GET "/api/v2/discovered_hosts" 
for 10.0.10.10 at 2016-09-08 15:20:03 +0200

>
> 2016-09-08 15:20:03 [app] [F]
>
>  | ActionController::RoutingError (No route matches [GET] 
"/api/v2/discovered_hosts"):

>
>  |   actionpack (4.2.5.1) 
lib/action_dispatch/middleware/debug_exceptions.rb:21:in `call'

>
>  |   actionpack (4.2.5.1) 
lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'

>
>  |   railties (4.2.5.1) lib/rails/rack/logger.rb:38:in `call_app'
>
> It looks like ovirt is calling an api method which doesn't exist : 
/api/v2/discovered_hosts

>
> an extract from ovirt-engine.log
>
> 2016-09-08 15:20:00,862 INFO 
[org.ovirt.engine.core.vdsbroker.gluster.GlusterVolumesListVDSCommand] 
(DefaultQuartzScheduler3) [] FINISH, GlusterVolumesListVDSCommand, 
return: {d6f938d1-8886-40f3-8210-e5be397f951c=org.ovirt.engine.core.c

>
> ommon.businessentities.gluster.GlusterVolumeEntity@a32edae4, 
7ef3b155-47d7-4405-aa70-82a9b8be4033=org.ovirt.engine.core.common.businessentities.gluster.GlusterVolumeEntity@d94d8f95, 
af169181-d72e-4325-9947-d7dd09e512f0=org.ovirt.engine.c

>
> ore.common.businessentities.gluster.GlusterVolumeEntity@2a649db3, 
6d3c8561-4e52-4221-9473-88fd48ef4909=org.ovirt.engine.core.common.businessentities.gluster.GlusterVolumeEntity@a35e1b82}, 
log id: 5ffa2bf1

>
> 2016-09-08 15:20:03,173 INFO 
[org.ovirt.engine.core.bll.provider.ImportProviderCertificateCommand] 
(default task-24) [146f761a] Running command: 
ImportProviderCertificateCommand internal: false. Entities affected :  
ID: aaa0--00

>
> 00--123456789aaa Type: SystemAction group CREATE_STORAGE_POOL 
with role type ADMIN

>
> 2016-09-08 15:20:03,178 INFO 
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] 
(default task-24) [146f761a] Correlation ID: 146f761a, Call Stack: 
null, Custom Event ID: -1, Message: Certificate for provider spfy-dep 
was imported. (User: admin@internal-authz)

>
> 2016-09-08 15:20:03,295 INFO 
[org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] 
(default task-23) [6f5d9746] Running command: 
TestProviderConnectivityCommand internal: false. Entities affected :  
ID: aaa0----123456789aaa Type: SystemAction group 
CREATE_STORAGE_POOL with role type ADMIN

>
> 2016-09-08 15:20:03,955 ERROR 
[org.ovirt.engine.core.bll.host.provider.foreman.ForemanHostProviderProxy] 
(default task-23) [6f5d9746] Exception is 
https://spfy-dep.host.sapify.ch:443/api/v2/discovered_hosts

>
> 2016-09-08 15:20:03,955 ERROR 
[org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] 
(default task-23) [6f5d9746] Command 
'org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand' 
failed: EngineException: 
https://spfy-dep.host.sapify.ch:443/api/v2/discovered_hosts (Failed 
with error PROVIDER_FAILURE and code 5050)

>
> 2016-09-08 15:20:04,279 INFO 
[org.ovirt.engine.core.vdsbroker.monitoring.VmsStatisticsFetcher] 
(DefaultQuartzScheduler4) [] Fetched 3 VMs from VDS 
'd36d9aff-a953-466b-bdf7-70ba4f63e180'

>
>
> Thanks for any hint/help.

That's a plugin you need to install into Foreman:
https://theforeman.org/plugins/foreman_discovery/2.0/

/K

>
> rgds,
> Arsène
>
>
>
> On 08/22/2016 08:22 AM, Oved Ourfali wrote:
>>
>> Can you please attach the complete logs of ovirt and foreman?
>>
>>
>> On Wed, Aug 17, 2016 at 10:25 AM, Martin Perina 
 wrote:

>>>
>>> Adding Yaniv ...
>>>
>>> On Wed, Aug 17, 2016 at 9:16 AM, Arsène Gschwind 
 wrote:


 Hi,

 Thanks a lot this did work on the Foreman side using 
https:///ovirt-engine/api/v3 .


 But on the oVirt Side, to define Foreman as an external provider, 
it still doesn't work, is there also a special URL to enter? I didn't 
find anything in the docs.


 Thanks for any hint.

 Regards,
 Arsène


 On 08/16/2016 05:01 PM, Juan Hernández wrote:
>
> On 08/16/2016 11:58 AM, Arsène Gschwind wrote:
>>
>> Hi,
>>
>>

Re: [ovirt-users] ovirt-engine client_secret

2016-09-13 Thread Simone Tiraboschi 
On Tue, Sep 13, 2016 at 6:43 PM, Maton, Brett 
wrote:

> I did try that, but it stopped because the database was already populated.
>

It shouldn't be an issue: you are supposed to be able to migrate also or
especially if you used the system in the past.


>
> I'll give it another go...
>
> On 13 September 2016 at 17:23, Simone Tiraboschi 
> wrote:
>
>>
>>
>> On Tue, Sep 13, 2016 at 6:07 PM, Maton, Brett 
>> wrote:
>>
>>> Hi,
>>>
>>>   I had installed ovirt-engine on a physical host, but want to move it
>>> to a hosted vm instead,
>>>   I created a VM and installed ovirt-engine.
>>>
>>>   Stopped the engine on the physical host and ran engine-setup on the
>>> VM, connecting it to the existing remote database.
>>>   Started ovirt-engine and ovirt-engine-dwhd
>>>
>>>   DNS adjusted to point at the new VM instead of physical machine.
>>>
>>>   I can get the the web-ui but when I try to login I get:
>>>
>>>   Invalid request, parameter 'client_secret' not found or contains
>>> invalid value.
>>>
>>>   Can I generate a new client_secret or is there another trick ?
>>>
>>
>> Please follow this:
>> http://www.ovirt.org/develop/developer-guide/engine/migrate-
>> to-hosted-engine/
>>
>> The migration path is based on backup/restore which also takes care of
>> certs, secrets and so on.
>>
>>
>>>
>>> Thanks in advance
>>>
>>> ___
>>> Users mailing list
>>> Users@ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>>
>>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] ovirt-engine client_secret

2016-09-13 Thread Maton, Brett 
I did try that, but it stopped because the database was already populated.

I'll give it another go...

On 13 September 2016 at 17:23, Simone Tiraboschi 
wrote:

>
>
> On Tue, Sep 13, 2016 at 6:07 PM, Maton, Brett 
> wrote:
>
>> Hi,
>>
>>   I had installed ovirt-engine on a physical host, but want to move it to
>> a hosted vm instead,
>>   I created a VM and installed ovirt-engine.
>>
>>   Stopped the engine on the physical host and ran engine-setup on the VM,
>> connecting it to the existing remote database.
>>   Started ovirt-engine and ovirt-engine-dwhd
>>
>>   DNS adjusted to point at the new VM instead of physical machine.
>>
>>   I can get the the web-ui but when I try to login I get:
>>
>>   Invalid request, parameter 'client_secret' not found or contains
>> invalid value.
>>
>>   Can I generate a new client_secret or is there another trick ?
>>
>
> Please follow this:
> http://www.ovirt.org/develop/developer-guide/engine/
> migrate-to-hosted-engine/
>
> The migration path is based on backup/restore which also takes care of
> certs, secrets and so on.
>
>
>>
>> Thanks in advance
>>
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] ovirt-engine client_secret

2016-09-13 Thread Simone Tiraboschi 
On Tue, Sep 13, 2016 at 6:07 PM, Maton, Brett 
wrote:

> Hi,
>
>   I had installed ovirt-engine on a physical host, but want to move it to
> a hosted vm instead,
>   I created a VM and installed ovirt-engine.
>
>   Stopped the engine on the physical host and ran engine-setup on the VM,
> connecting it to the existing remote database.
>   Started ovirt-engine and ovirt-engine-dwhd
>
>   DNS adjusted to point at the new VM instead of physical machine.
>
>   I can get the the web-ui but when I try to login I get:
>
>   Invalid request, parameter 'client_secret' not found or contains
> invalid value.
>
>   Can I generate a new client_secret or is there another trick ?
>

Please follow this:
http://www.ovirt.org/develop/developer-guide/engine/migrate-to-hosted-engine/

The migration path is based on backup/restore which also takes care of
certs, secrets and so on.


>
> Thanks in advance
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] ovirt-engine client_secret

2016-09-13 Thread Maton, Brett 
Hi,

  I had installed ovirt-engine on a physical host, but want to move it to a
hosted vm instead,
  I created a VM and installed ovirt-engine.

  Stopped the engine on the physical host and ran engine-setup on the VM,
connecting it to the existing remote database.
  Started ovirt-engine and ovirt-engine-dwhd

  DNS adjusted to point at the new VM instead of physical machine.

  I can get the the web-ui but when I try to login I get:

  Invalid request, parameter 'client_secret' not found or contains invalid
value.

  Can I generate a new client_secret or is there another trick ?

Thanks in advance
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] problem adding OpenStackImage Provider with python-ovirt-engine-sdk4

2016-09-13 Thread knarra 

On 09/13/2016 05:15 PM, Ondra Machacek wrote:

Hi,

it's a bug, can you please open it?

The problem is that we send tag 'open_stack_image_provider' instead of 
'openstack_image_provider'.


Thank you,
Ondra


Hi Ondra,

Here is the bug id https://bugzilla.redhat.com/show_bug.cgi?id=1375634.

Thanks
kasturi



On 09/13/2016 01:34 PM, knarra wrote:

Hi,

I am trying to add glance repository to Ovirt using ovirtsdk4 and i
am facing the error below. Below is my code snippet which i am running.

connection = 
sdk.Connection(url=conf["URL"],username=conf["UI_USERNAME"], 
password=conf["UI_PASSWORD"],

insecure=True, debug=True)

def create_external_providers():
openstack_services = 
connection.system_service().openstack_image_providers_service()
openstack_s = 
openstack_services.add(types.OpenStackImageProvider(name='my_glance_instance', 
description='new', url='http://glance.ovirt.org:9292/'))
openstack_service = 
openstack_services.openstack_service(openstack_s.id)



/usr/bin/python2.7
/home/ramakasturinarra/PycharmProjects/hosted_engine_deploy_hc/addresource.py 


Traceback (most recent call last):
  File
"/home/ramakasturinarra/PycharmProjects/hosted_engine_deploy_hc/addresource.py", 


line 169, in 
create_external_providers()
  File
"/home/ramakasturinarra/PycharmProjects/hosted_engine_deploy_hc/addresource.py", 


line 162, in create_external_providers
openstack_s =
openstack_services.add(types.OpenStackImageProvider(name='my_glance_instance', 


description='new', url='http://glance.ovirt.org:9292/'))
  File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py", line
10265, in add
self._check_fault(response)
  File "/usr/lib64/python2.7/site-packages/ovirtsdk4/service.py", line
95, in _check_fault
Service._raise_error(response, fault)
  File "/usr/lib64/python2.7/site-packages/ovirtsdk4/service.py", line
69, in _raise_error
raise Error(msg)
ovirtsdk4.Error: Fault reason is "Request syntactically incorrect.".
Fault detail is "For correct usage, see:
https://rhev-engine1.lab.eng.blr.redhat.com/ovirt-engine/api/v4/model#services/openstack-image-providers/methods/add;. 


HTTP response code is 400.

Process finished with exit code 1


I see the following error in the engine.log:

=

2016-09-13 07:11:09,882 ERROR
[org.ovirt.engine.api.restapi.resource.validation.IOExceptionMapper]
(default task-11) [] IO exception while processing "POST" request for
path "/openstackimageproviders"

Caused by: javax.xml.bind.UnmarshalException: unexpected element
(uri:"", local:"open_stack_image_provider"). Expected elements are
<{}action>,<{}affinity_group>,<{}affinity
 _groups>,<{}affinity_label>,<{}affinity_labels>,<{}agent>,<{}agent_configuration>,<{}agent_configurations>,<{}agents>,<{}api>,<{}api_summaries>,<{}api_summary>,<{}api_summar 

 y_item>,<{}api_summary_items>,<{}apis>,<{}application>,<{}applications>,<{}authorized_key>,<{}authorized_keys>,<{}balance>,<{}balances>,<{}bios>,<{}bioss>,<{}block_statistic 

 >,<{}block_statistics>,<{}body>,<{}bonding>,<{}bondings>,<{}bookmark>,<{}bookmarks>,<{}boot>,<{}boot_menu>,<{}boot_menus>,<{}boots>,<{}brick>,<{}brick_memoryinfo>,<{}brick_p 

 rofile_detail>,<{}brick_profile_details>,<{}bricks>,<{}cdrom>,<{}cdroms>,<{}certificate>,<{}certificates>,<{}cloud_init>,<{}cloud_inits>,<{}cluster>,<{}cluster_level>,<{}clu 

 ster_levels>,<{}clusters>,<{}configuration>,<{}configurations>,<{}console>,<{}consoles>,<{}core>,<{}cores>,<{}cpu>,<{}cpu_profile>,<{}cpu_profiles>,<{}cpu_topologies>,<{}cpu 

 _topology>,<{}cpu_tune>,<{}cpu_tunes>,<{}cpu_type>,<{}cpu_types>,<{}cpus>,<{}creation>,<{}creation_states>,<{}custom_properties>,<{}custom_property>,<{}data_center>,<{}data_ 

 centers>,<{}detailedLink>,<{}detailedLinks>,<{}device>,<{}devices>,<{}disk>,<{}disk_attachment>,<{}disk_attachments>,<{}disk_profile>,<{}disk_profiles>,<{}disk_snapshot>,<{} 

 disk_snapshots>,<{}disks>,<{}display>,<{}displays>,<{}dns>,<{}dnss>,<{}domain>,<{}domains>,<{}entity_profile_detail>,<{}entity_profile_details>,<{}error_handling>,<{}error_h 

 andlings>,<{}event>,<{}events>,<{}external_compute_resource>,<{}external_compute_resources>,<{}external_discovered_host>,<{}external_discovered_hosts>,<{}external_host>,<{}e 



xternal_host_group>,<{}external_host_groups>,<{}external_host_provider>,<{}external_host_providers>,<{}external_hosts>,<{}external_provider>,<{}external_providers>,<{}fault> 

 ,<{}faults>,<{}fencing_policies>,<{}fencing_policy>,<{}file>,<{}files>,<{}filter>,<{}filters>,<{}floppies>,<{}floppy>,<{}fop_statistic 



engine version : ovirt4.0.3

sdkversion : python-ovirt-engine-sdk4-4.0.0-0.6.a6.fc23.x86_64


Can some one please help me to resolve this issue?

Thanks

kasturi



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



___
Users mailing list
Users@ovirt.org

Re: [ovirt-users] intel skylake oVirt 4.0

2016-09-13 Thread Francesco Romani 
- Original Message -
> From: "Roman Nikolayevich Drovalev" 
> To: Users@ovirt.org
> Sent: Thursday, September 8, 2016 7:04:37 AM
> Subject: [ovirt-users] intel skylake oVirt 4.0
> 
> Hello all!
> 
> Currently, the oVirt 4.0 not on the list of supported processors for the
> cluster "Intel Skylake" !
> Is it possible to add hosts to the new processor in the cluster pool or you
> must wait for the update oVirt ?

Hi,

the proper support requires one update of the low level stack, like libvirt and 
qemu,
so the best way is to wait for the updated packages to come; unfortunately, 
this may
require a long cycle, since those packages are most often provided by your 
distribution.

HTH,

-- 
Francesco Romani
RedHat Engineering Virtualization R & D
Phone: 8261328
IRC: fromani
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Associate IP addresses to MAC addresses (anti-spoofing rules)

2016-09-13 Thread Marcin Mirecki 
Andre,

Please also try the clean-traffic filter.
This filter should prevent MAC, IP and ARP spoofing, all in one.

Thanks,
Marcin

- Original Message -
> From: "Marcin Mirecki" 
> To: "André Gustavo" 
> Cc: Users@ovirt.org
> Sent: Tuesday, September 13, 2016 10:57:09 AM
> Subject: Re: [ovirt-users] Associate IP addresses to MAC  addresses   
> (anti-spoofing rules)
> 
> Hi André,
> 
> The best separation would be providing a separate network for each customer.
> This way you could protect them from other malicious users on your internal
> networks.
> Please describe your env in some more detail.
> 
> Thanks,
> Marcin
> 
> 
> 
> - Original Message -
> > From: "André Gustavo" 
> > To: Users@ovirt.org
> > Sent: Monday, September 12, 2016 8:33:40 PM
> > Subject: [ovirt-users] Associate IP addresses to MAC addresses
> > (anti-spoofing rules)
> > 
> > Aloha,
> > 
> > I'm using oVirt 4 in my hosting.
> > 
> > However, easily a customer can change the IP to another client (IP
> > spoofing)
> > 
> > In vNIC profiles, altered Network Filter
> > from "VDSM-on-mac-spoofing" to "no-ip-spoofing"
> > 
> > It worked partially, but if the client power off 'vm' and turn on the 'vm',
> > he can perform the change in IP
> > 
> > I tried to use eptables, but also had problems
> > http://ebtables.netfilter.org/examples/basic.html#ex_anti-spoof
> > 
> > 
> > What is the best option?
> > 
> > 
> > --
> > ---
> > André Gustavo Timermann
> > Curitiba/PR - Brasil
> > 
> > ___
> > Users mailing list
> > Users@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> > 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Ovirt 4.0 & virt-viewer & SSO token

2016-09-13 Thread Martin Perina 
Adding Tomas.


On Tue, Sep 13, 2016 at 11:36 AM, Ondra Machacek 
wrote:

> Hi,
>
> we don't support it. What oVirt does is, that it pass the
> username/password to the VM, not the token.
>
> You can read more here[1]. But I doubt the proposed solution will be
> implemented. So you need to use it as is for now.
>
> [1] http://www.ovirt.org/develop/release-management/features/infra/sso/
>
> Ondra
>
> On 09/12/2016 06:17 PM, KY LO wrote:
>
>> Hi all,
>>
>> How can I use SSO token for authentication with Ovirt 4 when using
>> virt-viewer? Any special configuration needed? I can't seem to find much
>> information on the use of SSO token with Ovirt4. Thanks.
>>
>> regards,
>> Philip Lo
>>
>>
>>
>>
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] problem adding OpenStackImage Provider with python-ovirt-engine-sdk4

2016-09-13 Thread Ondra Machacek 

Hi,

it's a bug, can you please open it?

The problem is that we send tag 'open_stack_image_provider' instead of 
'openstack_image_provider'.


Thank you,
Ondra


On 09/13/2016 01:34 PM, knarra wrote:

Hi,

I am trying to add glance repository to Ovirt using ovirtsdk4 and i
am facing the error below. Below is my code snippet which i am running.

connection = sdk.Connection(url=conf["URL"],username=conf["UI_USERNAME"], 
password=conf["UI_PASSWORD"],
insecure=True, debug=True)

def create_external_providers():
openstack_services = 
connection.system_service().openstack_image_providers_service()
openstack_s = 
openstack_services.add(types.OpenStackImageProvider(name='my_glance_instance', 
description='new', url='http://glance.ovirt.org:9292/'))
openstack_service = openstack_services.openstack_service(openstack_s.id)


/usr/bin/python2.7
/home/ramakasturinarra/PycharmProjects/hosted_engine_deploy_hc/addresource.py
Traceback (most recent call last):
  File
"/home/ramakasturinarra/PycharmProjects/hosted_engine_deploy_hc/addresource.py",
line 169, in 
create_external_providers()
  File
"/home/ramakasturinarra/PycharmProjects/hosted_engine_deploy_hc/addresource.py",
line 162, in create_external_providers
openstack_s =
openstack_services.add(types.OpenStackImageProvider(name='my_glance_instance',
description='new', url='http://glance.ovirt.org:9292/'))
  File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py", line
10265, in add
self._check_fault(response)
  File "/usr/lib64/python2.7/site-packages/ovirtsdk4/service.py", line
95, in _check_fault
Service._raise_error(response, fault)
  File "/usr/lib64/python2.7/site-packages/ovirtsdk4/service.py", line
69, in _raise_error
raise Error(msg)
ovirtsdk4.Error: Fault reason is "Request syntactically incorrect.".
Fault detail is "For correct usage, see:
https://rhev-engine1.lab.eng.blr.redhat.com/ovirt-engine/api/v4/model#services/openstack-image-providers/methods/add;.
HTTP response code is 400.

Process finished with exit code 1


I see the following error in the engine.log:

=

2016-09-13 07:11:09,882 ERROR
[org.ovirt.engine.api.restapi.resource.validation.IOExceptionMapper]
(default task-11) [] IO exception while processing "POST" request for
path "/openstackimageproviders"

Caused by: javax.xml.bind.UnmarshalException: unexpected element
(uri:"", local:"open_stack_image_provider"). Expected elements are
<{}action>,<{}affinity_group>,<{}affinity
 
_groups>,<{}affinity_label>,<{}affinity_labels>,<{}agent>,<{}agent_configuration>,<{}agent_configurations>,<{}agents>,<{}api>,<{}api_summaries>,<{}api_summary>,<{}api_summar
 
y_item>,<{}api_summary_items>,<{}apis>,<{}application>,<{}applications>,<{}authorized_key>,<{}authorized_keys>,<{}balance>,<{}balances>,<{}bios>,<{}bioss>,<{}block_statistic
 
>,<{}block_statistics>,<{}body>,<{}bonding>,<{}bondings>,<{}bookmark>,<{}bookmarks>,<{}boot>,<{}boot_menu>,<{}boot_menus>,<{}boots>,<{}brick>,<{}brick_memoryinfo>,<{}brick_p
 
rofile_detail>,<{}brick_profile_details>,<{}bricks>,<{}cdrom>,<{}cdroms>,<{}certificate>,<{}certificates>,<{}cloud_init>,<{}cloud_inits>,<{}cluster>,<{}cluster_level>,<{}clu
 
ster_levels>,<{}clusters>,<{}configuration>,<{}configurations>,<{}console>,<{}consoles>,<{}core>,<{}cores>,<{}cpu>,<{}cpu_profile>,<{}cpu_profiles>,<{}cpu_topologies>,<{}cpu
 
_topology>,<{}cpu_tune>,<{}cpu_tunes>,<{}cpu_type>,<{}cpu_types>,<{}cpus>,<{}creation>,<{}creation_states>,<{}custom_properties>,<{}custom_property>,<{}data_center>,<{}data_
 
centers>,<{}detailedLink>,<{}detailedLinks>,<{}device>,<{}devices>,<{}disk>,<{}disk_attachment>,<{}disk_attachments>,<{}disk_profile>,<{}disk_profiles>,<{}disk_snapshot>,<{}
 
disk_snapshots>,<{}disks>,<{}display>,<{}displays>,<{}dns>,<{}dnss>,<{}domain>,<{}domains>,<{}entity_profile_detail>,<{}entity_profile_details>,<{}error_handling>,<{}error_h
 
andlings>,<{}event>,<{}events>,<{}external_compute_resource>,<{}external_compute_resources>,<{}external_discovered_host>,<{}external_discovered_hosts>,<{}external_host>,<{}e

xternal_host_group>,<{}external_host_groups>,<{}external_host_provider>,<{}external_host_providers>,<{}external_hosts>,<{}external_provider>,<{}external_providers>,<{}fault>
 
,<{}faults>,<{}fencing_policies>,<{}fencing_policy>,<{}file>,<{}files>,<{}filter>,<{}filters>,<{}floppies>,<{}floppy>,<{}fop_statistic

engine version : ovirt4.0.3

sdkversion : python-ovirt-engine-sdk4-4.0.0-0.6.a6.fc23.x86_64


Can some one please help me to resolve this issue?

Thanks

kasturi



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] problem adding OpenStackImage Provider with python-ovirt-engine-sdk4

2016-09-13 Thread knarra 

Hi,

I am trying to add glance repository to Ovirt using ovirtsdk4 and i 
am facing the error below. Below is my code snippet which i am running.


connection = 
sdk.Connection(url=conf["URL"],username=conf["UI_USERNAME"],password=conf["UI_PASSWORD"],
insecure=True,debug=True)

def create_external_providers():
openstack_services  = 
connection.system_service().openstack_image_providers_service()
openstack_s 
=openstack_services.add(types.OpenStackImageProvider(name='my_glance_instance',description='new',url='http://glance.ovirt.org:9292/'))
openstack_service =openstack_services.openstack_service(openstack_s.id)


/usr/bin/python2.7 
/home/ramakasturinarra/PycharmProjects/hosted_engine_deploy_hc/addresource.py

Traceback (most recent call last):
  File 
"/home/ramakasturinarra/PycharmProjects/hosted_engine_deploy_hc/addresource.py", 
line 169, in 

create_external_providers()
  File 
"/home/ramakasturinarra/PycharmProjects/hosted_engine_deploy_hc/addresource.py", 
line 162, in create_external_providers
openstack_s = 
openstack_services.add(types.OpenStackImageProvider(name='my_glance_instance', 
description='new', url='http://glance.ovirt.org:9292/'))
  File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py", line 
10265, in add

self._check_fault(response)
  File "/usr/lib64/python2.7/site-packages/ovirtsdk4/service.py", line 
95, in _check_fault

Service._raise_error(response, fault)
  File "/usr/lib64/python2.7/site-packages/ovirtsdk4/service.py", line 
69, in _raise_error

raise Error(msg)
ovirtsdk4.Error: Fault reason is "Request syntactically incorrect.". 
Fault detail is "For correct usage, see: 
https://rhev-engine1.lab.eng.blr.redhat.com/ovirt-engine/api/v4/model#services/openstack-image-providers/methods/add;. 
HTTP response code is 400.


Process finished with exit code 1


I see the following error in the engine.log:

=

2016-09-13 07:11:09,882 ERROR 
[org.ovirt.engine.api.restapi.resource.validation.IOExceptionMapper] 
(default task-11) [] IO exception while processing "POST" request for 
path "/openstackimageproviders"


Caused by: javax.xml.bind.UnmarshalException: unexpected element 
(uri:"", local:"open_stack_image_provider"). Expected elements are 
<{}action>,<{}affinity_group>,<{}affinity

 
_groups>,<{}affinity_label>,<{}affinity_labels>,<{}agent>,<{}agent_configuration>,<{}agent_configurations>,<{}agents>,<{}api>,<{}api_summaries>,<{}api_summary>,<{}api_summar
 
y_item>,<{}api_summary_items>,<{}apis>,<{}application>,<{}applications>,<{}authorized_key>,<{}authorized_keys>,<{}balance>,<{}balances>,<{}bios>,<{}bioss>,<{}block_statistic
 
>,<{}block_statistics>,<{}body>,<{}bonding>,<{}bondings>,<{}bookmark>,<{}bookmarks>,<{}boot>,<{}boot_menu>,<{}boot_menus>,<{}boots>,<{}brick>,<{}brick_memoryinfo>,<{}brick_p
 
rofile_detail>,<{}brick_profile_details>,<{}bricks>,<{}cdrom>,<{}cdroms>,<{}certificate>,<{}certificates>,<{}cloud_init>,<{}cloud_inits>,<{}cluster>,<{}cluster_level>,<{}clu
 
ster_levels>,<{}clusters>,<{}configuration>,<{}configurations>,<{}console>,<{}consoles>,<{}core>,<{}cores>,<{}cpu>,<{}cpu_profile>,<{}cpu_profiles>,<{}cpu_topologies>,<{}cpu
 
_topology>,<{}cpu_tune>,<{}cpu_tunes>,<{}cpu_type>,<{}cpu_types>,<{}cpus>,<{}creation>,<{}creation_states>,<{}custom_properties>,<{}custom_property>,<{}data_center>,<{}data_
 
centers>,<{}detailedLink>,<{}detailedLinks>,<{}device>,<{}devices>,<{}disk>,<{}disk_attachment>,<{}disk_attachments>,<{}disk_profile>,<{}disk_profiles>,<{}disk_snapshot>,<{}
 
disk_snapshots>,<{}disks>,<{}display>,<{}displays>,<{}dns>,<{}dnss>,<{}domain>,<{}domains>,<{}entity_profile_detail>,<{}entity_profile_details>,<{}error_handling>,<{}error_h
 
andlings>,<{}event>,<{}events>,<{}external_compute_resource>,<{}external_compute_resources>,<{}external_discovered_host>,<{}external_discovered_hosts>,<{}external_host>,<{}e
 
xternal_host_group>,<{}external_host_groups>,<{}external_host_provider>,<{}external_host_providers>,<{}external_hosts>,<{}external_provider>,<{}external_providers>,<{}fault>

 
,<{}faults>,<{}fencing_policies>,<{}fencing_policy>,<{}file>,<{}files>,<{}filter>,<{}filters>,<{}floppies>,<{}floppy>,<{}fop_statistic

engine version : ovirt4.0.3

sdkversion : python-ovirt-engine-sdk4-4.0.0-0.6.a6.fc23.x86_64


Can some one please help me to resolve this issue?

Thanks

kasturi

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Failed to check for available updates on host * with message 'Command returned failure code 1 during SSH session 'root@*

2016-09-13 Thread Martin Perina 
On Tue, Sep 13, 2016 at 10:59 AM,  wrote:

> nslookup resolves names on the engine and hosts without ipv6 address:
>
> # nslookup mirrorlist.centos.org
>
> Server: 10.1.0.10
> Address:10.1.0.10#53
>
> Non-authoritative answer:
> Name:   mirrorlist.centos.org
> Address: 67.219.148.138
> Name:   mirrorlist.centos.org
> Address: 85.236.43.108
> Name:   mirrorlist.centos.org
> Address: 212.69.166.138
> Name:   mirrorlist.centos.org
> Address: 216.176.179.218
>
> Why oVirt updates checking process trying to use ipv6 ?
>
>
> 13.09.2016, 08:26, "aleksey.maksi...@it-kb.ru"  >:
> > Yesterday I changed the settings the host to:
> >
> > net.ipv6.conf.all.disable_ipv6 = 1
> > net.ipv6.conf.default.disable_ipv6 = 1
> >
> > I deleted the last two lines in /etc/sysctl.conf and rebooted host.
> >
> > Tonight - problem repeated:
> >
> > 2016-09-13 01:11:13 ERROR otopi.context context._executeMethod:151
> Failed to execute stage 'Environment packages setup': Cannot find a valid
> baseurl for repo: base/7/x86_64
> > 2016-09-13 01:11:13 DEBUG otopi.transaction transaction.abort:119
> aborting 'Yum Transaction'
> > 2016-09-13 01:11:13 INFO otopi.plugins.otopi.packagers.yumpackager
> yumpackager.info:80 Yum Performing yum transaction rollback
> > Could not retrieve mirrorlist http://mirrorlist.centos.org/?
> release=7=x86_64=os=stock error was
> > 14: curl#7 - "Failed to connect to 2604:1580:fe02:2::10: Network is
> unreachable"
> >
> > Why so?
>

​Didi, any idea why otopi (or python underneath, not sure) is using IPv6​
addresses when IPv6 is disabled on the host?


> >
> > 12.09.2016, 17:34, "Martin Perina" :
> >> On Mon, Sep 12, 2016 at 3:34 PM,  wrote:
> >>> My /etc/sysctl.conf is:
> >>>
> >>> net.ipv6.conf.all.disable_ipv6 = 1
> >>> net.ipv6.conf.default.disable_ipv6 = 1
> >>> net.ipv6.conf.lo.disable_ipv6 = 0
> >>> net.ipv6.conf.ovirtmgmt.disable_ipv6 = 0
> >>
> >> ​I'm not networking expert, but last two lines means that you have IPv6
> enabled on loopback and ovirtmgmt network interfaces (but disabled on all
> others). So you shouldn't be surprised to get IPv6 address from DNS
> resolver if ovirtmgmt supports IPv6. Dan/Edward, am I right?
> >> ​
> >>> Last two lines was added for http://lists.ovirt.org/
> pipermail/users/2016-July/041443.html
> >>>
> >>> My configuration file is bad ??
> >>>
> >>> 12.09.2016, 16:22, "Martin Perina" :
>  On Mon, Sep 12, 2016 at 2:49 PM,  wrote:
> > Ok. I found log-file /var/log/ovirt-engine/host-
> deploy/ovirt-host-mgmt-20160912020013-kom-ad01-vm31.holding.com-null.log
> with this:
> >
> > ...
> > 2016-09-12 02:00:13 ERROR otopi.plugins.otopi.packagers.yumpackager
> yumpackager.error:85 Yum Cannot queue package iproute: Cannot find a valid
> baseurl for repo: base/7/x86_64
> > 2016-09-12 02:00:13 DEBUG otopi.context context._executeMethod:142
> method exception
> > Traceback (most recent call last):
> >   File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/context.py", line
> 132, in _executeMethod
> > method['method']()
> >   File "/tmp/ovirt-B4lcSm14u9/otopi-plugins/otopi/network/hostname.py",
> line 54, in _internal_packages
> > self.packager.install(packages=('iproute',))
> >   File 
> > "/tmp/ovirt-B4lcSm14u9/otopi-plugins/otopi/packagers/yumpackager.py",
> line 295, in install
> > ignoreErrors=ignoreErrors
> >   File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line
> 851, in install
> > **kwargs
> >   File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line
> 495, in _queue
> > provides = self._queryProvides(packages=(package,))
> >   File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line
> 433, in _queryProvides
> > for po in self._yb.searchPackageProvides(args=packages):
> >   File "/usr/lib/python2.7/site-packages/yum/__init__.py", line
> 3429, in searchPackageProvides
> > where = self.returnPackagesByDep(arg)
> >   File "/usr/lib/python2.7/site-packages/yum/__init__.py", line
> 4255, in returnPackagesByDep
> > return self.pkgSack.searchProvides(depstring)
> >   File "/usr/lib/python2.7/site-packages/yum/__init__.py", line
> 1079, in 
> > pkgSack = property(fget=lambda self: self._getSacks(),
> >   File "/usr/lib/python2.7/site-packages/yum/__init__.py", line
> 784, in _getSacks
> > self.repos.populateSack(which=repos)
> >   File "/usr/lib/python2.7/site-packages/yum/repos.py", line 344,
> in populateSack
> > self.doSetup()
> >   File "/usr/lib/python2.7/site-packages/yum/repos.py", line 158,
> in doSetup
> > self.ayum.plugins.run('postreposetup')
> >   File "/usr/lib/python2.7/site-packages/yum/plugins.py", line 188,
> in run
> > func(conduitcls(self, self.base, conf, **kwargs))
> >   File

Re: [ovirt-users] Ovirt 4.0 & virt-viewer & SSO token

2016-09-13 Thread Ondra Machacek 

Hi,

we don't support it. What oVirt does is, that it pass the
username/password to the VM, not the token.

You can read more here[1]. But I doubt the proposed solution will be
implemented. So you need to use it as is for now.

[1] http://www.ovirt.org/develop/release-management/features/infra/sso/

Ondra

On 09/12/2016 06:17 PM, KY LO wrote:

Hi all,

How can I use SSO token for authentication with Ovirt 4 when using
virt-viewer? Any special configuration needed? I can't seem to find much
information on the use of SSO token with Ovirt4. Thanks.

regards,
Philip Lo




___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Failed to check for available updates on host * with message 'Command returned failure code 1 during SSH session 'root@*

2016-09-13 Thread aleksey . maksimov 
nslookup resolves names on the engine and hosts without ipv6 address:

# nslookup mirrorlist.centos.org

Server: 10.1.0.10
Address:10.1.0.10#53

Non-authoritative answer:
Name:   mirrorlist.centos.org
Address: 67.219.148.138
Name:   mirrorlist.centos.org
Address: 85.236.43.108
Name:   mirrorlist.centos.org
Address: 212.69.166.138
Name:   mirrorlist.centos.org
Address: 216.176.179.218

Why oVirt updates checking process trying to use ipv6 ?


13.09.2016, 08:26, "aleksey.maksi...@it-kb.ru" :
> Yesterday I changed the settings the host to:
>
> net.ipv6.conf.all.disable_ipv6 = 1
> net.ipv6.conf.default.disable_ipv6 = 1
>
> I deleted the last two lines in /etc/sysctl.conf and rebooted host.
>
> Tonight - problem repeated:
>
> 2016-09-13 01:11:13 ERROR otopi.context context._executeMethod:151 Failed to 
> execute stage 'Environment packages setup': Cannot find a valid baseurl for 
> repo: base/7/x86_64
> 2016-09-13 01:11:13 DEBUG otopi.transaction transaction.abort:119 aborting 
> 'Yum Transaction'
> 2016-09-13 01:11:13 INFO otopi.plugins.otopi.packagers.yumpackager 
> yumpackager.info:80 Yum Performing yum transaction rollback
> Could not retrieve mirrorlist 
> http://mirrorlist.centos.org/?release=7=x86_64=os=stock error 
> was
> 14: curl#7 - "Failed to connect to 2604:1580:fe02:2::10: Network is 
> unreachable"
>
> Why so?
>
> 12.09.2016, 17:34, "Martin Perina" :
>> On Mon, Sep 12, 2016 at 3:34 PM,  wrote:
>>> My /etc/sysctl.conf is:
>>>
>>> net.ipv6.conf.all.disable_ipv6 = 1
>>> net.ipv6.conf.default.disable_ipv6 = 1
>>> net.ipv6.conf.lo.disable_ipv6 = 0
>>> net.ipv6.conf.ovirtmgmt.disable_ipv6 = 0
>>
>> ​I'm not networking expert, but last two lines means that you have IPv6 
>> enabled on loopback and ovirtmgmt network interfaces (but disabled on all 
>> others). So you shouldn't be surprised to get IPv6 address from DNS resolver 
>> if ovirtmgmt supports IPv6. Dan/Edward, am I right?
>> ​
>>> Last two lines was added for 
>>> http://lists.ovirt.org/pipermail/users/2016-July/041443.html
>>>
>>> My configuration file is bad ??
>>>
>>> 12.09.2016, 16:22, "Martin Perina" :
 On Mon, Sep 12, 2016 at 2:49 PM,  wrote:
> Ok. I found log-file 
> /var/log/ovirt-engine/host-deploy/ovirt-host-mgmt-20160912020013-kom-ad01-vm31.holding.com-null.log
>  with this:
>
> ...
> 2016-09-12 02:00:13 ERROR otopi.plugins.otopi.packagers.yumpackager 
> yumpackager.error:85 Yum Cannot queue package iproute: Cannot find a 
> valid baseurl for repo: base/7/x86_64
> 2016-09-12 02:00:13 DEBUG otopi.context context._executeMethod:142 method 
> exception
> Traceback (most recent call last):
>   File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/context.py", line 132, in 
> _executeMethod
>     method['method']()
>   File "/tmp/ovirt-B4lcSm14u9/otopi-plugins/otopi/network/hostname.py", 
> line 54, in _internal_packages
>     self.packager.install(packages=('iproute',))
>   File 
> "/tmp/ovirt-B4lcSm14u9/otopi-plugins/otopi/packagers/yumpackager.py", 
> line 295, in install
>     ignoreErrors=ignoreErrors
>   File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line 851, in 
> install
>     **kwargs
>   File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line 495, in 
> _queue
>     provides = self._queryProvides(packages=(package,))
>   File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line 433, in 
> _queryProvides
>     for po in self._yb.searchPackageProvides(args=packages):
>   File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 3429, in 
> searchPackageProvides
>     where = self.returnPackagesByDep(arg)
>   File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 4255, in 
> returnPackagesByDep
>     return self.pkgSack.searchProvides(depstring)
>   File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 1079, in 
> 
>     pkgSack = property(fget=lambda self: self._getSacks(),
>   File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 784, in 
> _getSacks
>     self.repos.populateSack(which=repos)
>   File "/usr/lib/python2.7/site-packages/yum/repos.py", line 344, in 
> populateSack
>     self.doSetup()
>   File "/usr/lib/python2.7/site-packages/yum/repos.py", line 158, in 
> doSetup
>     self.ayum.plugins.run('postreposetup')
>   File "/usr/lib/python2.7/site-packages/yum/plugins.py", line 188, in run
>     func(conduitcls(self, self.base, conf, **kwargs))
>   File "/usr/lib/yum-plugins/fastestmirror.py", line 197, in 
> postreposetup_hook
>     if downgrade_ftp and _len_non_ftp(repo.urls) == 1:
>   File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 871, in 
> 
>     urls = property(fget=lambda self: self._geturls(),
>  

Re: [ovirt-users] Associate IP addresses to MAC addresses (anti-spoofing rules)

2016-09-13 Thread Marcin Mirecki 
Hi André,

The best separation would be providing a separate network for each customer.
This way you could protect them from other malicious users on your internal 
networks.
Please describe your env in some more detail.

Thanks,
Marcin



- Original Message -
> From: "André Gustavo" 
> To: Users@ovirt.org
> Sent: Monday, September 12, 2016 8:33:40 PM
> Subject: [ovirt-users] Associate IP addresses to MAC addresses
> (anti-spoofing rules)
> 
> Aloha,
> 
> I'm using oVirt 4 in my hosting.
> 
> However, easily a customer can change the IP to another client (IP spoofing)
> 
> In vNIC profiles, altered Network Filter
> from "VDSM-on-mac-spoofing" to "no-ip-spoofing"
> 
> It worked partially, but if the client power off 'vm' and turn on the 'vm',
> he can perform the change in IP
> 
> I tried to use eptables, but also had problems
> http://ebtables.netfilter.org/examples/basic.html#ex_anti-spoof
> 
> 
> What is the best option?
> 
> 
> --
> ---
> André Gustavo Timermann
> Curitiba/PR - Brasil
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users