Re: [ovirt-users] Failed to check for available updates on host * with message 'Command returned failure code 1 during SSH session 'root@*
IPv6 disabled in my ifcfg files # cat /etc/sysconfig/network-scripts/ifcfg-ovirtmgmt | grep IPV6 IPV6INIT=no And running the command "yum update" manually operates successfully. 13.09.2016, 22:25, "Gianluca Cecchi":On Tue, Sep 13, 2016 at 10:59 AM, wrote:nslookup resolves names on the engine and hosts without ipv6 address:# nslookup mirrorlist.centos.orgServer: 10.1.0.10Address: 10.1.0.10#53Non-authoritative answer:Name: mirrorlist.centos.orgAddress: 67.219.148.138Name: mirrorlist.centos.orgAddress: 85.236.43.108Name: mirrorlist.centos.orgAddress: 212.69.166.138Name: mirrorlist.centos.orgAddress: 216.176.179.218Why oVirt updates checking process trying to use ipv6 ? I had a similar problem some days ago with a CentOS 7 system, but it was general and unrelated to ovirt itself.If I remember correctly the problem was that originally it was configured by anaconda with NetworkManager and ipv6 and yum worked well.Then I stopped and disabled NetworkManager service (the "network" service is already enabled by default, so no action for it) but I didn't remove all the IPV6 entries inside the anaconda-configured ifcfg-eno16780032 file in my /etc/sysconfig/network-scripts directoryI also created a /etc/sysctl.d/noipv6.conf file with:net.ipv6.conf.all.disable_ipv6 = 1net.ipv6.conf.default.disable_ipv6 = 1 But I got the ipv6 problem when trying in general to run "yum update"After wiping ipv6 entries in ifcfg-xxx file all went well.Could it be that in some ifcfg-* files you still have any reference to ipv6? Also, I had to run systemctl restart network HIH,Gianluca ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Failed to check for available updates on host * with message 'Command returned failure code 1 during SSH session 'root@*
Hi oVirt guru`s! # getent ahosts mirrorlist.centos.org 216.176.179.218 STREAM mirrorlist.centos.org216.176.179.218 DGRAM216.176.179.218 RAW67.219.148.138 STREAM67.219.148.138 DGRAM67.219.148.138 RAW85.236.43.108 STREAM85.236.43.108 DGRAM85.236.43.108 RAW212.69.166.138 STREAM212.69.166.138 DGRAM212.69.166.138 RAW # ip addr | grep inet6 (no output) 13.09.2016, 21:58, "Edward Haas": On Tue, Sep 13, 2016 at 12:55 PM, Martin Perina wrote: On Tue, Sep 13, 2016 at 10:59 AM, wrote:nslookup resolves names on the engine and hosts without ipv6 address:# nslookup mirrorlist.centos.orgServer: 10.1.0.10Address: 10.1.0.10#53Non-authoritative answer:Name: mirrorlist.centos.orgAddress: 67.219.148.138Name: mirrorlist.centos.orgAddress: 85.236.43.108Name: mirrorlist.centos.orgAddress: 212.69.166.138Name: mirrorlist.centos.orgAddress: 216.176.179.218Why oVirt updates checking process trying to use ipv6 ?13.09.2016, 08:26, "aleksey.maksi...@it-kb.ru" :> Yesterday I changed the settings the host to:>> net.ipv6.conf.all.disable_ipv6 = 1> net.ipv6.conf.default.disable_ipv6 = 1>> I deleted the last two lines in /etc/sysctl.conf and rebooted host.>> Tonight - problem repeated:>> 2016-09-13 01:11:13 ERROR otopi.context context._executeMethod:151 Failed to execute stage 'Environment packages setup': Cannot find a valid baseurl for repo: base/7/x86_64> 2016-09-13 01:11:13 DEBUG otopi.transaction transaction.abort:119 aborting 'Yum Transaction'> 2016-09-13 01:11:13 INFO otopi.plugins.otopi.packagers.yumpackager yumpackager.info:80 Yum Performing yum transaction rollback> Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7=x86_64=os=stock error was> 14: curl#7 - "Failed to connect to 2604:1580:fe02:2::10: Network is unreachable">> Why so? Didi, any idea why otopi (or python underneath, not sure) is using IPv6 addresses when IPv6 is disabled on the host? Could you please resolve it with "getent ahosts " ?Please add the output from "ip addr", if you see there an IPv6 address, something is enabling the ipv6 on that iface. >> 12.09.2016, 17:34, "Martin Perina" :>> On Mon, Sep 12, 2016 at 3:34 PM, wrote:>>> My /etc/sysctl.conf is:>> net.ipv6.conf.all.disable_ipv6 = 1>>> net.ipv6.conf.default.disable_ipv6 = 1>>> net.ipv6.conf.lo.disable_ipv6 = 0>>> net.ipv6.conf.ovirtmgmt.disable_ipv6 = 0 I'm not networking expert, but last two lines means that you have IPv6 enabled on loopback and ovirtmgmt network interfaces (but disabled on all others). So you shouldn't be surprised to get IPv6 address from DNS resolver if ovirtmgmt supports IPv6. Dan/Edward, am I right?>> >>> Last two lines was added for http://lists.ovirt.org/pipermail/users/2016-July/041443.html>> My configuration file is bad ??>> 12.09.2016, 16:22, "Martin Perina" : On Mon, Sep 12, 2016 at 2:49 PM, wrote:> Ok. I found log-file /var/log/ovirt-engine/host-deploy/ovirt-host-mgmt-20160912020013-kom-ad01-vm31.holding.com-null.log with this:>> ...> 2016-09-12 02:00:13 ERROR otopi.plugins.otopi.packagers.yumpackager yumpackager.error:85 Yum Cannot queue package iproute: Cannot find a valid baseurl for repo: base/7/x86_64> 2016-09-12 02:00:13 DEBUG otopi.context context._executeMethod:142 method exception> Traceback (most recent call last):> File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/context.py", line 132, in _executeMethod> method['method']()> File "/tmp/ovirt-B4lcSm14u9/otopi-plugins/otopi/network/hostname.py", line 54, in _internal_packages> self.packager.install(packages=('iproute',))> File "/tmp/ovirt-B4lcSm14u9/otopi-plugins/otopi/packagers/yumpackager.py", line 295, in install> ignoreErrors=ignoreErrors> File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line 851, in install> **kwargs> File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line 495, in _queue> provides = self._queryProvides(packages=(package,))> File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line 433, in _queryProvides> for po in self._yb.searchPackageProvides(args=packages):> File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 3429, in searchPackageProvides> where = self.returnPackagesByDep(arg)> File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 4255, in returnPackagesByDep> return self.pkgSack.searchProvides(depstring)> File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 1079, in > pkgSack = property(fget=lambda self: self._getSacks(),> File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 784, in _getSacks> self.repos.populateSack(which=repos)> File "/usr/lib/python2.7/site-packages/yum/repos.py", line 344, in
Re: [ovirt-users] Associate IP addresses to MAC addresses (anti-spoofing rules)
I forgot to comment It is a public network (Public IP) I have 2 servers and 1 router I hired a "IP block" that can be accessed through the router For example: Network: 165.112.12.112/28 IPs: 165.112.12.113 - 167.114.12.125 Gateway: 165.112.12.126 (router) I provide to my client a public IP directly in VM I want to prevent a customer responds by another customer or take another ip available for himself Since that my client has access to the "User Portal" The "clean-traffic" filter will prevent it change the ip when it shut down and restart the VM? Thanks, André 2016-09-13 5:57 GMT-03:00 Marcin Mirecki: > Hi André, > > The best separation would be providing a separate network for each > customer. > This way you could protect them from other malicious users on your > internal networks. > Please describe your env in some more detail. > > Thanks, > Marcin > > > > - Original Message - > > From: "André Gustavo" > > To: Users@ovirt.org > > Sent: Monday, September 12, 2016 8:33:40 PM > > Subject: [ovirt-users] Associate IP addresses to MAC addresses > (anti-spoofing rules) > > > > Aloha, > > > > I'm using oVirt 4 in my hosting. > > > > However, easily a customer can change the IP to another client (IP > spoofing) > > > > In vNIC profiles, altered Network Filter > > from "VDSM-on-mac-spoofing" to "no-ip-spoofing" > > > > It worked partially, but if the client power off 'vm' and turn on the > 'vm', > > he can perform the change in IP > > > > I tried to use eptables, but also had problems > > http://ebtables.netfilter.org/examples/basic.html#ex_anti-spoof > > > > > > What is the best option? > > > > > > -- > > --- > > André Gustavo Timermann > > Curitiba/PR - Brasil > > > > ___ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > > -- --- André Gustavo Timermann ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [ovirt 3.6] Logical network not working
On Tue, Sep 13, 2016 at 9:20 PM, Edward Haaswrote: > > > On Mon, Sep 12, 2016 at 3:14 PM, Luca 'remix_tj' Lorenzetto > wrote: >> >> On Mon, Sep 12, 2016 at 2:11 PM, Colin Coe wrote: >> > So is the problem getting traffic between two different VLANs working? >> > If >> > so, have you double checked your routing? >> >> No, the issue is that VM cannot still ping the gateway of it's own >> network. >> >> Resuming: >> >> VM can ping the host interface assigned to the logical network (eno5) >> VM cannot ping gateway >> >> Host can ping gateway and VM >> >> External machine (e.g. gateway) cannot ping VM >> External machine can ping the host interface assigned to the logical >> network (eno5) > > > I may be missing something here, and a diagram would have helped. > Assuming this is your setup, see how vlan tagging matters and translates to > the network: > > [pc]---[switch] 828>[eno5]-[eno5.828][bridge][vNIC - > regular iface, no vlan] > > In this setup, eno5 and eno5.828 should not have any IP defined, that is not > legal. You need the address on the bridge. > And you are not suppose to add it manually, but set it through Engine. Yes, i reported a wrong information. Sorry. I added the ip address starting via the engine to the bridge Development. > Based on your description, setting an address on eno5, means that your gw/pc > is not residing on a VLAN, or you have no trunk between eno > to it. [cut] > and fix the data flow diagram if it is not correct. > The data flow now is the following, after disabling VLAN settings on engine and changing the port as native interface. [pc]---[switch] [eno5]---[bridge][vNIC - regular iface, no vlan] Before was as you reported. VLAN usage has been disable to check if something was wrong on my setup on the host. As you can see on my previous emails, seems that the issue is about the linux bridge, which is not forwarding ARP packets from the external network (traffic incoming to eno5) to the vtap (vnet0, which reports mac address different from the one seen inside the VM) > Perhaps it will be better to just add here the output of from the host: > ip addr 1: lo: mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eno1: mtu 1500 qdisc mq master bond0 state UP qlen 1000 link/ether 00:21:5a:9b:ba:8d brd ff:ff:ff:ff:ff:ff 3: eno2: mtu 1500 qdisc mq master bond0 state UP qlen 1000 link/ether 00:21:5a:9b:ba:8d brd ff:ff:ff:ff:ff:ff 4: eno3: mtu 1500 qdisc mq master bond1 state UP qlen 1000 link/ether 00:21:5a:9b:ba:91 brd ff:ff:ff:ff:ff:ff 5: eno4: mtu 1500 qdisc mq master bond1 state UP qlen 1000 link/ether 00:21:5a:9b:ba:91 brd ff:ff:ff:ff:ff:ff 6: eno5: mtu 1500 qdisc mq master Development state UP qlen 1000 link/ether 00:21:5a:9b:ba:95 brd ff:ff:ff:ff:ff:ff 7: eno6: mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:21:5a:9b:ba:97 brd ff:ff:ff:ff:ff:ff 8: bond0: mtu 1500 qdisc noqueue master ovirtmgmt state UP link/ether 00:21:5a:9b:ba:8d brd ff:ff:ff:ff:ff:ff 9: bond1: mtu 1500 qdisc noqueue state UP link/ether 00:21:5a:9b:ba:91 brd ff:ff:ff:ff:ff:ff inet 172.25.44.57/22 brd 172.25.47.255 scope global bond1 valid_lft forever preferred_lft forever 10: ;vdsmdummy;: mtu 1500 qdisc noop state DOWN link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 12: ovirtmgmt: mtu 1500 qdisc noqueue state UP link/ether 00:21:5a:9b:ba:8d brd ff:ff:ff:ff:ff:ff inet 10.5.12.48/22 brd 10.5.15.255 scope global ovirtmgmt valid_lft forever preferred_lft forever 31: Development: mtu 1500 qdisc noqueue state UP link/ether 00:21:5a:9b:ba:95 brd ff:ff:ff:ff:ff:ff inet 10.5.30.12/22 brd 10.5.31.255 scope global Development valid_lft forever preferred_lft forever 32: vnet0: mtu 1500 qdisc pfifo_fast master Development state UNKNOWN qlen 500 link/ether fe:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff > brctl show bridge name bridge id STP enabled interfaces ;vdsmdummy; 8000. no Development8000.00215a9bba95 no eno5 vnet0 ovirtmgmt 8000.00215a9bba8d no bond0 > vdsClient -s 0 getVdsCaps > HBAInventory = {'FC': [{'model': '554FLB - HP FlexFabric 10Gb 2-port
Re: [ovirt-users] Failed to check for available updates on host * with message 'Command returned failure code 1 during SSH session 'root@*
On Tue, Sep 13, 2016 at 10:59 AM,wrote: > nslookup resolves names on the engine and hosts without ipv6 address: > > # nslookup mirrorlist.centos.org > > Server: 10.1.0.10 > Address:10.1.0.10#53 > > Non-authoritative answer: > Name: mirrorlist.centos.org > Address: 67.219.148.138 > Name: mirrorlist.centos.org > Address: 85.236.43.108 > Name: mirrorlist.centos.org > Address: 212.69.166.138 > Name: mirrorlist.centos.org > Address: 216.176.179.218 > > Why oVirt updates checking process trying to use ipv6 ? > > I had a similar problem some days ago with a CentOS 7 system, but it was general and unrelated to ovirt itself. If I remember correctly the problem was that originally it was configured by anaconda with NetworkManager and ipv6 and yum worked well. Then I stopped and disabled NetworkManager service (the "network" service is already enabled by default, so no action for it) but I didn't remove all the IPV6 entries inside the anaconda-configured ifcfg-eno16780032 file in my /etc/sysconfig/network-scripts directory I also created a /etc/sysctl.d/noipv6.conf file with: net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 But I got the ipv6 problem when trying in general to run "yum update" After wiping ipv6 entries in ifcfg-xxx file all went well. Could it be that in some ifcfg-* files you still have any reference to ipv6? Also, I had to run systemctl restart network HIH, Gianluca ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [ovirt 3.6] Logical network not working
On Mon, Sep 12, 2016 at 3:14 PM, Luca 'remix_tj' Lorenzetto < lorenzetto.l...@gmail.com> wrote: > On Mon, Sep 12, 2016 at 2:11 PM, Colin Coewrote: > > So is the problem getting traffic between two different VLANs working? > If > > so, have you double checked your routing? > > No, the issue is that VM cannot still ping the gateway of it's own network. > > Resuming: > > VM can ping the host interface assigned to the logical network (eno5) > VM cannot ping gateway > > Host can ping gateway and VM > > External machine (e.g. gateway) cannot ping VM > External machine can ping the host interface assigned to the logical > network (eno5) > I may be missing something here, and a diagram would have helped. Assuming this is your setup, see how vlan tagging matters and translates to the network: [pc]---[switch] [eno5]-[eno5.828][bridge][vNIC - regular iface, no vlan] In this setup, eno5 and eno5.828 should not have any IP defined, that is not legal. You need the address on the bridge. And you are not suppose to add it manually, but set it through Engine. Based on your description, setting an address on eno5, means that your gw/pc is not residing on a VLAN, or you have no trunk between eno to it. Perhaps it will be better to just add here the output of from the host: ip addr brctl show vdsClient -s 0 getVdsCaps and fix the data flow diagram if it is not correct. > > -- > "E' assurdo impiegare gli uomini di intelligenza eccellente per fare > calcoli che potrebbero essere affidati a chiunque se si usassero delle > macchine" > Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716) > > "Internet è la più grande biblioteca del mondo. > Ma il problema è che i libri sono tutti sparsi sul pavimento" > John Allen Paulos, Matematico (1945-vivente) > > Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , < > lorenzetto.l...@gmail.com> > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Failed to check for available updates on host * with message 'Command returned failure code 1 during SSH session 'root@*
On Tue, Sep 13, 2016 at 8:26 AM,wrote: > 2604:1580:fe02:2::10 Probably yum/DNF not explicitly asking for IPv4 (and perhaps happy eyeballs[1] is used on the stack?) Y. [1] https://en.wikipedia.org/wiki/Happy_Eyeballs ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Failed to check for available updates on host * with message 'Command returned failure code 1 during SSH session 'root@*
On Tue, Sep 13, 2016 at 12:55 PM, Martin Perinawrote: > > > On Tue, Sep 13, 2016 at 10:59 AM, wrote: > >> nslookup resolves names on the engine and hosts without ipv6 address: >> >> # nslookup mirrorlist.centos.org >> >> Server: 10.1.0.10 >> Address:10.1.0.10#53 >> >> Non-authoritative answer: >> Name: mirrorlist.centos.org >> Address: 67.219.148.138 >> Name: mirrorlist.centos.org >> Address: 85.236.43.108 >> Name: mirrorlist.centos.org >> Address: 212.69.166.138 >> Name: mirrorlist.centos.org >> Address: 216.176.179.218 >> >> Why oVirt updates checking process trying to use ipv6 ? >> >> >> 13.09.2016, 08:26, "aleksey.maksi...@it-kb.ru" > >: >> > Yesterday I changed the settings the host to: >> > >> > net.ipv6.conf.all.disable_ipv6 = 1 >> > net.ipv6.conf.default.disable_ipv6 = 1 >> > >> > I deleted the last two lines in /etc/sysctl.conf and rebooted host. >> > >> > Tonight - problem repeated: >> > >> > 2016-09-13 01:11:13 ERROR otopi.context context._executeMethod:151 >> Failed to execute stage 'Environment packages setup': Cannot find a valid >> baseurl for repo: base/7/x86_64 >> > 2016-09-13 01:11:13 DEBUG otopi.transaction transaction.abort:119 >> aborting 'Yum Transaction' >> > 2016-09-13 01:11:13 INFO otopi.plugins.otopi.packagers.yumpackager >> yumpackager.info:80 Yum Performing yum transaction rollback >> > Could not retrieve mirrorlist http://mirrorlist.centos.org/? >> release=7=x86_64=os=stock error was >> > 14: curl#7 - "Failed to connect to 2604:1580:fe02:2::10: Network is >> unreachable" >> > >> > Why so? >> > > Didi, any idea why otopi (or python underneath, not sure) is using IPv6 > addresses when IPv6 is disabled on the host? > Could you please resolve it with "getent ahosts " ? Please add the output from "ip addr", if you see there an IPv6 address, something is enabling the ipv6 on that iface. > > >> > >> > 12.09.2016, 17:34, "Martin Perina" : >> >> On Mon, Sep 12, 2016 at 3:34 PM, wrote: >> >>> My /etc/sysctl.conf is: >> >>> >> >>> net.ipv6.conf.all.disable_ipv6 = 1 >> >>> net.ipv6.conf.default.disable_ipv6 = 1 >> >>> net.ipv6.conf.lo.disable_ipv6 = 0 >> >>> net.ipv6.conf.ovirtmgmt.disable_ipv6 = 0 >> >> >> >> I'm not networking expert, but last two lines means that you have >> IPv6 enabled on loopback and ovirtmgmt network interfaces (but disabled on >> all others). So you shouldn't be surprised to get IPv6 address from DNS >> resolver if ovirtmgmt supports IPv6. Dan/Edward, am I right? >> >> >> >>> Last two lines was added for http://lists.ovirt.org/piperma >> il/users/2016-July/041443.html >> >>> >> >>> My configuration file is bad ?? >> >>> >> >>> 12.09.2016, 16:22, "Martin Perina" : >> On Mon, Sep 12, 2016 at 2:49 PM, wrote: >> > Ok. I found log-file /var/log/ovirt-engine/host-dep >> loy/ovirt-host-mgmt-20160912020013-kom-ad01-vm31.holding.com-null.log >> with this: >> > >> > ... >> > 2016-09-12 02:00:13 ERROR otopi.plugins.otopi.packagers.yumpackager >> yumpackager.error:85 Yum Cannot queue package iproute: Cannot find a valid >> baseurl for repo: base/7/x86_64 >> > 2016-09-12 02:00:13 DEBUG otopi.context context._executeMethod:142 >> method exception >> > Traceback (most recent call last): >> > File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/context.py", line >> 132, in _executeMethod >> > method['method']() >> > File "/tmp/ovirt-B4lcSm14u9/otopi-plugins/otopi/network/hostname.py", >> line 54, in _internal_packages >> > self.packager.install(packages=('iproute',)) >> > File >> > "/tmp/ovirt-B4lcSm14u9/otopi-plugins/otopi/packagers/yumpackager.py", >> line 295, in install >> > ignoreErrors=ignoreErrors >> > File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line >> 851, in install >> > **kwargs >> > File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line >> 495, in _queue >> > provides = self._queryProvides(packages=(package,)) >> > File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line >> 433, in _queryProvides >> > for po in self._yb.searchPackageProvides(args=packages): >> > File "/usr/lib/python2.7/site-packages/yum/__init__.py", line >> 3429, in searchPackageProvides >> > where = self.returnPackagesByDep(arg) >> > File "/usr/lib/python2.7/site-packages/yum/__init__.py", line >> 4255, in returnPackagesByDep >> > return self.pkgSack.searchProvides(depstring) >> > File "/usr/lib/python2.7/site-packages/yum/__init__.py", line >> 1079, in >> > pkgSack = property(fget=lambda self: self._getSacks(), >> > File "/usr/lib/python2.7/site-packages/yum/__init__.py", line >> 784, in _getSacks >> > self.repos.populateSack(which=repos) >> > File "/usr/lib/python2.7/site-packages/yum/repos.py", line
Re: [ovirt-users] oVirt 4 + Foreman
Hi, Thanks, that was the problem, it works now. Regards, Arsène On 09/08/2016 06:16 PM, Karli Sjöberg wrote: Den 8 sep 2016 15:32 skrev Arsène Gschwind: > > Hi, > > Sorry for this late reply, i've been busy with some other projects in the last weeks. > > I did some log analysing and could find the following in the foreman log when trying to add foreman as an external provider for oVirt: > > 2016-09-08 15:20:03 [app] [I] Started GET "/api/v2" for 10.0.10.10 at 2016-09-08 15:20:03 +0200 > > 2016-09-08 15:20:03 [app] [I] Processing by Api::V2::HomeController#index as JSON > > 2016-09-08 15:20:03 [app] [I] Parameters: {"apiv"=>"v2", "home"=>{}} > > 2016-09-08 15:20:03 [app] [I] Authorized user ovirt(oVirt org) > > 2016-09-08 15:20:03 [app] [I] Rendered api/v2/home/index.json.rabl (81.8ms) > > 2016-09-08 15:20:03 [app] [I] Completed 200 OK in 104ms (Views: 82.3ms | ActiveRecord: 4.6ms) > > 2016-09-08 15:20:03 [app] [I] Started GET "/api/v2/discovered_hosts" for 10.0.10.10 at 2016-09-08 15:20:03 +0200 > > 2016-09-08 15:20:03 [app] [F] > > | ActionController::RoutingError (No route matches [GET] "/api/v2/discovered_hosts"): > > | actionpack (4.2.5.1) lib/action_dispatch/middleware/debug_exceptions.rb:21:in `call' > > | actionpack (4.2.5.1) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call' > > | railties (4.2.5.1) lib/rails/rack/logger.rb:38:in `call_app' > > It looks like ovirt is calling an api method which doesn't exist : /api/v2/discovered_hosts > > an extract from ovirt-engine.log > > 2016-09-08 15:20:00,862 INFO [org.ovirt.engine.core.vdsbroker.gluster.GlusterVolumesListVDSCommand] (DefaultQuartzScheduler3) [] FINISH, GlusterVolumesListVDSCommand, return: {d6f938d1-8886-40f3-8210-e5be397f951c=org.ovirt.engine.core.c > > ommon.businessentities.gluster.GlusterVolumeEntity@a32edae4, 7ef3b155-47d7-4405-aa70-82a9b8be4033=org.ovirt.engine.core.common.businessentities.gluster.GlusterVolumeEntity@d94d8f95, af169181-d72e-4325-9947-d7dd09e512f0=org.ovirt.engine.c > > ore.common.businessentities.gluster.GlusterVolumeEntity@2a649db3, 6d3c8561-4e52-4221-9473-88fd48ef4909=org.ovirt.engine.core.common.businessentities.gluster.GlusterVolumeEntity@a35e1b82}, log id: 5ffa2bf1 > > 2016-09-08 15:20:03,173 INFO [org.ovirt.engine.core.bll.provider.ImportProviderCertificateCommand] (default task-24) [146f761a] Running command: ImportProviderCertificateCommand internal: false. Entities affected : ID: aaa0--00 > > 00--123456789aaa Type: SystemAction group CREATE_STORAGE_POOL with role type ADMIN > > 2016-09-08 15:20:03,178 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-24) [146f761a] Correlation ID: 146f761a, Call Stack: null, Custom Event ID: -1, Message: Certificate for provider spfy-dep was imported. (User: admin@internal-authz) > > 2016-09-08 15:20:03,295 INFO [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default task-23) [6f5d9746] Running command: TestProviderConnectivityCommand internal: false. Entities affected : ID: aaa0----123456789aaa Type: SystemAction group CREATE_STORAGE_POOL with role type ADMIN > > 2016-09-08 15:20:03,955 ERROR [org.ovirt.engine.core.bll.host.provider.foreman.ForemanHostProviderProxy] (default task-23) [6f5d9746] Exception is https://spfy-dep.host.sapify.ch:443/api/v2/discovered_hosts > > 2016-09-08 15:20:03,955 ERROR [org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand] (default task-23) [6f5d9746] Command 'org.ovirt.engine.core.bll.provider.TestProviderConnectivityCommand' failed: EngineException: https://spfy-dep.host.sapify.ch:443/api/v2/discovered_hosts (Failed with error PROVIDER_FAILURE and code 5050) > > 2016-09-08 15:20:04,279 INFO [org.ovirt.engine.core.vdsbroker.monitoring.VmsStatisticsFetcher] (DefaultQuartzScheduler4) [] Fetched 3 VMs from VDS 'd36d9aff-a953-466b-bdf7-70ba4f63e180' > > > Thanks for any hint/help. That's a plugin you need to install into Foreman: https://theforeman.org/plugins/foreman_discovery/2.0/ /K > > rgds, > Arsène > > > > On 08/22/2016 08:22 AM, Oved Ourfali wrote: >> >> Can you please attach the complete logs of ovirt and foreman? >> >> >> On Wed, Aug 17, 2016 at 10:25 AM, Martin Perina wrote: >>> >>> Adding Yaniv ... >>> >>> On Wed, Aug 17, 2016 at 9:16 AM, Arsène Gschwind wrote: Hi, Thanks a lot this did work on the Foreman side using https:///ovirt-engine/api/v3 . But on the oVirt Side, to define Foreman as an external provider, it still doesn't work, is there also a special URL to enter? I didn't find anything in the docs. Thanks for any hint. Regards, Arsène On 08/16/2016 05:01 PM, Juan Hernández wrote: > > On 08/16/2016 11:58 AM, Arsène Gschwind wrote: >> >> Hi, >> >>
Re: [ovirt-users] ovirt-engine client_secret
On Tue, Sep 13, 2016 at 6:43 PM, Maton, Brettwrote: > I did try that, but it stopped because the database was already populated. > It shouldn't be an issue: you are supposed to be able to migrate also or especially if you used the system in the past. > > I'll give it another go... > > On 13 September 2016 at 17:23, Simone Tiraboschi > wrote: > >> >> >> On Tue, Sep 13, 2016 at 6:07 PM, Maton, Brett >> wrote: >> >>> Hi, >>> >>> I had installed ovirt-engine on a physical host, but want to move it >>> to a hosted vm instead, >>> I created a VM and installed ovirt-engine. >>> >>> Stopped the engine on the physical host and ran engine-setup on the >>> VM, connecting it to the existing remote database. >>> Started ovirt-engine and ovirt-engine-dwhd >>> >>> DNS adjusted to point at the new VM instead of physical machine. >>> >>> I can get the the web-ui but when I try to login I get: >>> >>> Invalid request, parameter 'client_secret' not found or contains >>> invalid value. >>> >>> Can I generate a new client_secret or is there another trick ? >>> >> >> Please follow this: >> http://www.ovirt.org/develop/developer-guide/engine/migrate- >> to-hosted-engine/ >> >> The migration path is based on backup/restore which also takes care of >> certs, secrets and so on. >> >> >>> >>> Thanks in advance >>> >>> ___ >>> Users mailing list >>> Users@ovirt.org >>> http://lists.ovirt.org/mailman/listinfo/users >>> >>> >> > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt-engine client_secret
I did try that, but it stopped because the database was already populated. I'll give it another go... On 13 September 2016 at 17:23, Simone Tiraboschiwrote: > > > On Tue, Sep 13, 2016 at 6:07 PM, Maton, Brett > wrote: > >> Hi, >> >> I had installed ovirt-engine on a physical host, but want to move it to >> a hosted vm instead, >> I created a VM and installed ovirt-engine. >> >> Stopped the engine on the physical host and ran engine-setup on the VM, >> connecting it to the existing remote database. >> Started ovirt-engine and ovirt-engine-dwhd >> >> DNS adjusted to point at the new VM instead of physical machine. >> >> I can get the the web-ui but when I try to login I get: >> >> Invalid request, parameter 'client_secret' not found or contains >> invalid value. >> >> Can I generate a new client_secret or is there another trick ? >> > > Please follow this: > http://www.ovirt.org/develop/developer-guide/engine/ > migrate-to-hosted-engine/ > > The migration path is based on backup/restore which also takes care of > certs, secrets and so on. > > >> >> Thanks in advance >> >> ___ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >> >> > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt-engine client_secret
On Tue, Sep 13, 2016 at 6:07 PM, Maton, Brettwrote: > Hi, > > I had installed ovirt-engine on a physical host, but want to move it to > a hosted vm instead, > I created a VM and installed ovirt-engine. > > Stopped the engine on the physical host and ran engine-setup on the VM, > connecting it to the existing remote database. > Started ovirt-engine and ovirt-engine-dwhd > > DNS adjusted to point at the new VM instead of physical machine. > > I can get the the web-ui but when I try to login I get: > > Invalid request, parameter 'client_secret' not found or contains > invalid value. > > Can I generate a new client_secret or is there another trick ? > Please follow this: http://www.ovirt.org/develop/developer-guide/engine/migrate-to-hosted-engine/ The migration path is based on backup/restore which also takes care of certs, secrets and so on. > > Thanks in advance > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] ovirt-engine client_secret
Hi, I had installed ovirt-engine on a physical host, but want to move it to a hosted vm instead, I created a VM and installed ovirt-engine. Stopped the engine on the physical host and ran engine-setup on the VM, connecting it to the existing remote database. Started ovirt-engine and ovirt-engine-dwhd DNS adjusted to point at the new VM instead of physical machine. I can get the the web-ui but when I try to login I get: Invalid request, parameter 'client_secret' not found or contains invalid value. Can I generate a new client_secret or is there another trick ? Thanks in advance ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] problem adding OpenStackImage Provider with python-ovirt-engine-sdk4
On 09/13/2016 05:15 PM, Ondra Machacek wrote: Hi, it's a bug, can you please open it? The problem is that we send tag 'open_stack_image_provider' instead of 'openstack_image_provider'. Thank you, Ondra Hi Ondra, Here is the bug id https://bugzilla.redhat.com/show_bug.cgi?id=1375634. Thanks kasturi On 09/13/2016 01:34 PM, knarra wrote: Hi, I am trying to add glance repository to Ovirt using ovirtsdk4 and i am facing the error below. Below is my code snippet which i am running. connection = sdk.Connection(url=conf["URL"],username=conf["UI_USERNAME"], password=conf["UI_PASSWORD"], insecure=True, debug=True) def create_external_providers(): openstack_services = connection.system_service().openstack_image_providers_service() openstack_s = openstack_services.add(types.OpenStackImageProvider(name='my_glance_instance', description='new', url='http://glance.ovirt.org:9292/')) openstack_service = openstack_services.openstack_service(openstack_s.id) /usr/bin/python2.7 /home/ramakasturinarra/PycharmProjects/hosted_engine_deploy_hc/addresource.py Traceback (most recent call last): File "/home/ramakasturinarra/PycharmProjects/hosted_engine_deploy_hc/addresource.py", line 169, in create_external_providers() File "/home/ramakasturinarra/PycharmProjects/hosted_engine_deploy_hc/addresource.py", line 162, in create_external_providers openstack_s = openstack_services.add(types.OpenStackImageProvider(name='my_glance_instance', description='new', url='http://glance.ovirt.org:9292/')) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py", line 10265, in add self._check_fault(response) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/service.py", line 95, in _check_fault Service._raise_error(response, fault) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/service.py", line 69, in _raise_error raise Error(msg) ovirtsdk4.Error: Fault reason is "Request syntactically incorrect.". Fault detail is "For correct usage, see: https://rhev-engine1.lab.eng.blr.redhat.com/ovirt-engine/api/v4/model#services/openstack-image-providers/methods/add;. HTTP response code is 400. Process finished with exit code 1 I see the following error in the engine.log: = 2016-09-13 07:11:09,882 ERROR [org.ovirt.engine.api.restapi.resource.validation.IOExceptionMapper] (default task-11) [] IO exception while processing "POST" request for path "/openstackimageproviders" Caused by: javax.xml.bind.UnmarshalException: unexpected element (uri:"", local:"open_stack_image_provider"). Expected elements are <{}action>,<{}affinity_group>,<{}affinity _groups>,<{}affinity_label>,<{}affinity_labels>,<{}agent>,<{}agent_configuration>,<{}agent_configurations>,<{}agents>,<{}api>,<{}api_summaries>,<{}api_summary>,<{}api_summar y_item>,<{}api_summary_items>,<{}apis>,<{}application>,<{}applications>,<{}authorized_key>,<{}authorized_keys>,<{}balance>,<{}balances>,<{}bios>,<{}bioss>,<{}block_statistic >,<{}block_statistics>,<{}body>,<{}bonding>,<{}bondings>,<{}bookmark>,<{}bookmarks>,<{}boot>,<{}boot_menu>,<{}boot_menus>,<{}boots>,<{}brick>,<{}brick_memoryinfo>,<{}brick_p rofile_detail>,<{}brick_profile_details>,<{}bricks>,<{}cdrom>,<{}cdroms>,<{}certificate>,<{}certificates>,<{}cloud_init>,<{}cloud_inits>,<{}cluster>,<{}cluster_level>,<{}clu ster_levels>,<{}clusters>,<{}configuration>,<{}configurations>,<{}console>,<{}consoles>,<{}core>,<{}cores>,<{}cpu>,<{}cpu_profile>,<{}cpu_profiles>,<{}cpu_topologies>,<{}cpu _topology>,<{}cpu_tune>,<{}cpu_tunes>,<{}cpu_type>,<{}cpu_types>,<{}cpus>,<{}creation>,<{}creation_states>,<{}custom_properties>,<{}custom_property>,<{}data_center>,<{}data_ centers>,<{}detailedLink>,<{}detailedLinks>,<{}device>,<{}devices>,<{}disk>,<{}disk_attachment>,<{}disk_attachments>,<{}disk_profile>,<{}disk_profiles>,<{}disk_snapshot>,<{} disk_snapshots>,<{}disks>,<{}display>,<{}displays>,<{}dns>,<{}dnss>,<{}domain>,<{}domains>,<{}entity_profile_detail>,<{}entity_profile_details>,<{}error_handling>,<{}error_h andlings>,<{}event>,<{}events>,<{}external_compute_resource>,<{}external_compute_resources>,<{}external_discovered_host>,<{}external_discovered_hosts>,<{}external_host>,<{}e xternal_host_group>,<{}external_host_groups>,<{}external_host_provider>,<{}external_host_providers>,<{}external_hosts>,<{}external_provider>,<{}external_providers>,<{}fault> ,<{}faults>,<{}fencing_policies>,<{}fencing_policy>,<{}file>,<{}files>,<{}filter>,<{}filters>,<{}floppies>,<{}floppy>,<{}fop_statistic engine version : ovirt4.0.3 sdkversion : python-ovirt-engine-sdk4-4.0.0-0.6.a6.fc23.x86_64 Can some one please help me to resolve this issue? Thanks kasturi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org
Re: [ovirt-users] intel skylake oVirt 4.0
- Original Message - > From: "Roman Nikolayevich Drovalev"> To: Users@ovirt.org > Sent: Thursday, September 8, 2016 7:04:37 AM > Subject: [ovirt-users] intel skylake oVirt 4.0 > > Hello all! > > Currently, the oVirt 4.0 not on the list of supported processors for the > cluster "Intel Skylake" ! > Is it possible to add hosts to the new processor in the cluster pool or you > must wait for the update oVirt ? Hi, the proper support requires one update of the low level stack, like libvirt and qemu, so the best way is to wait for the updated packages to come; unfortunately, this may require a long cycle, since those packages are most often provided by your distribution. HTH, -- Francesco Romani RedHat Engineering Virtualization R & D Phone: 8261328 IRC: fromani ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Associate IP addresses to MAC addresses (anti-spoofing rules)
Andre, Please also try the clean-traffic filter. This filter should prevent MAC, IP and ARP spoofing, all in one. Thanks, Marcin - Original Message - > From: "Marcin Mirecki"> To: "André Gustavo" > Cc: Users@ovirt.org > Sent: Tuesday, September 13, 2016 10:57:09 AM > Subject: Re: [ovirt-users] Associate IP addresses to MAC addresses > (anti-spoofing rules) > > Hi André, > > The best separation would be providing a separate network for each customer. > This way you could protect them from other malicious users on your internal > networks. > Please describe your env in some more detail. > > Thanks, > Marcin > > > > - Original Message - > > From: "André Gustavo" > > To: Users@ovirt.org > > Sent: Monday, September 12, 2016 8:33:40 PM > > Subject: [ovirt-users] Associate IP addresses to MAC addresses > > (anti-spoofing rules) > > > > Aloha, > > > > I'm using oVirt 4 in my hosting. > > > > However, easily a customer can change the IP to another client (IP > > spoofing) > > > > In vNIC profiles, altered Network Filter > > from "VDSM-on-mac-spoofing" to "no-ip-spoofing" > > > > It worked partially, but if the client power off 'vm' and turn on the 'vm', > > he can perform the change in IP > > > > I tried to use eptables, but also had problems > > http://ebtables.netfilter.org/examples/basic.html#ex_anti-spoof > > > > > > What is the best option? > > > > > > -- > > --- > > André Gustavo Timermann > > Curitiba/PR - Brasil > > > > ___ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Ovirt 4.0 & virt-viewer & SSO token
Adding Tomas. On Tue, Sep 13, 2016 at 11:36 AM, Ondra Machacekwrote: > Hi, > > we don't support it. What oVirt does is, that it pass the > username/password to the VM, not the token. > > You can read more here[1]. But I doubt the proposed solution will be > implemented. So you need to use it as is for now. > > [1] http://www.ovirt.org/develop/release-management/features/infra/sso/ > > Ondra > > On 09/12/2016 06:17 PM, KY LO wrote: > >> Hi all, >> >> How can I use SSO token for authentication with Ovirt 4 when using >> virt-viewer? Any special configuration needed? I can't seem to find much >> information on the use of SSO token with Ovirt4. Thanks. >> >> regards, >> Philip Lo >> >> >> >> >> ___ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >> >> ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] problem adding OpenStackImage Provider with python-ovirt-engine-sdk4
Hi, it's a bug, can you please open it? The problem is that we send tag 'open_stack_image_provider' instead of 'openstack_image_provider'. Thank you, Ondra On 09/13/2016 01:34 PM, knarra wrote: Hi, I am trying to add glance repository to Ovirt using ovirtsdk4 and i am facing the error below. Below is my code snippet which i am running. connection = sdk.Connection(url=conf["URL"],username=conf["UI_USERNAME"], password=conf["UI_PASSWORD"], insecure=True, debug=True) def create_external_providers(): openstack_services = connection.system_service().openstack_image_providers_service() openstack_s = openstack_services.add(types.OpenStackImageProvider(name='my_glance_instance', description='new', url='http://glance.ovirt.org:9292/')) openstack_service = openstack_services.openstack_service(openstack_s.id) /usr/bin/python2.7 /home/ramakasturinarra/PycharmProjects/hosted_engine_deploy_hc/addresource.py Traceback (most recent call last): File "/home/ramakasturinarra/PycharmProjects/hosted_engine_deploy_hc/addresource.py", line 169, in create_external_providers() File "/home/ramakasturinarra/PycharmProjects/hosted_engine_deploy_hc/addresource.py", line 162, in create_external_providers openstack_s = openstack_services.add(types.OpenStackImageProvider(name='my_glance_instance', description='new', url='http://glance.ovirt.org:9292/')) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py", line 10265, in add self._check_fault(response) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/service.py", line 95, in _check_fault Service._raise_error(response, fault) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/service.py", line 69, in _raise_error raise Error(msg) ovirtsdk4.Error: Fault reason is "Request syntactically incorrect.". Fault detail is "For correct usage, see: https://rhev-engine1.lab.eng.blr.redhat.com/ovirt-engine/api/v4/model#services/openstack-image-providers/methods/add;. HTTP response code is 400. Process finished with exit code 1 I see the following error in the engine.log: = 2016-09-13 07:11:09,882 ERROR [org.ovirt.engine.api.restapi.resource.validation.IOExceptionMapper] (default task-11) [] IO exception while processing "POST" request for path "/openstackimageproviders" Caused by: javax.xml.bind.UnmarshalException: unexpected element (uri:"", local:"open_stack_image_provider"). Expected elements are <{}action>,<{}affinity_group>,<{}affinity _groups>,<{}affinity_label>,<{}affinity_labels>,<{}agent>,<{}agent_configuration>,<{}agent_configurations>,<{}agents>,<{}api>,<{}api_summaries>,<{}api_summary>,<{}api_summar y_item>,<{}api_summary_items>,<{}apis>,<{}application>,<{}applications>,<{}authorized_key>,<{}authorized_keys>,<{}balance>,<{}balances>,<{}bios>,<{}bioss>,<{}block_statistic >,<{}block_statistics>,<{}body>,<{}bonding>,<{}bondings>,<{}bookmark>,<{}bookmarks>,<{}boot>,<{}boot_menu>,<{}boot_menus>,<{}boots>,<{}brick>,<{}brick_memoryinfo>,<{}brick_p rofile_detail>,<{}brick_profile_details>,<{}bricks>,<{}cdrom>,<{}cdroms>,<{}certificate>,<{}certificates>,<{}cloud_init>,<{}cloud_inits>,<{}cluster>,<{}cluster_level>,<{}clu ster_levels>,<{}clusters>,<{}configuration>,<{}configurations>,<{}console>,<{}consoles>,<{}core>,<{}cores>,<{}cpu>,<{}cpu_profile>,<{}cpu_profiles>,<{}cpu_topologies>,<{}cpu _topology>,<{}cpu_tune>,<{}cpu_tunes>,<{}cpu_type>,<{}cpu_types>,<{}cpus>,<{}creation>,<{}creation_states>,<{}custom_properties>,<{}custom_property>,<{}data_center>,<{}data_ centers>,<{}detailedLink>,<{}detailedLinks>,<{}device>,<{}devices>,<{}disk>,<{}disk_attachment>,<{}disk_attachments>,<{}disk_profile>,<{}disk_profiles>,<{}disk_snapshot>,<{} disk_snapshots>,<{}disks>,<{}display>,<{}displays>,<{}dns>,<{}dnss>,<{}domain>,<{}domains>,<{}entity_profile_detail>,<{}entity_profile_details>,<{}error_handling>,<{}error_h andlings>,<{}event>,<{}events>,<{}external_compute_resource>,<{}external_compute_resources>,<{}external_discovered_host>,<{}external_discovered_hosts>,<{}external_host>,<{}e xternal_host_group>,<{}external_host_groups>,<{}external_host_provider>,<{}external_host_providers>,<{}external_hosts>,<{}external_provider>,<{}external_providers>,<{}fault> ,<{}faults>,<{}fencing_policies>,<{}fencing_policy>,<{}file>,<{}files>,<{}filter>,<{}filters>,<{}floppies>,<{}floppy>,<{}fop_statistic engine version : ovirt4.0.3 sdkversion : python-ovirt-engine-sdk4-4.0.0-0.6.a6.fc23.x86_64 Can some one please help me to resolve this issue? Thanks kasturi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] problem adding OpenStackImage Provider with python-ovirt-engine-sdk4
Hi, I am trying to add glance repository to Ovirt using ovirtsdk4 and i am facing the error below. Below is my code snippet which i am running. connection = sdk.Connection(url=conf["URL"],username=conf["UI_USERNAME"],password=conf["UI_PASSWORD"], insecure=True,debug=True) def create_external_providers(): openstack_services = connection.system_service().openstack_image_providers_service() openstack_s =openstack_services.add(types.OpenStackImageProvider(name='my_glance_instance',description='new',url='http://glance.ovirt.org:9292/')) openstack_service =openstack_services.openstack_service(openstack_s.id) /usr/bin/python2.7 /home/ramakasturinarra/PycharmProjects/hosted_engine_deploy_hc/addresource.py Traceback (most recent call last): File "/home/ramakasturinarra/PycharmProjects/hosted_engine_deploy_hc/addresource.py", line 169, in create_external_providers() File "/home/ramakasturinarra/PycharmProjects/hosted_engine_deploy_hc/addresource.py", line 162, in create_external_providers openstack_s = openstack_services.add(types.OpenStackImageProvider(name='my_glance_instance', description='new', url='http://glance.ovirt.org:9292/')) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py", line 10265, in add self._check_fault(response) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/service.py", line 95, in _check_fault Service._raise_error(response, fault) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/service.py", line 69, in _raise_error raise Error(msg) ovirtsdk4.Error: Fault reason is "Request syntactically incorrect.". Fault detail is "For correct usage, see: https://rhev-engine1.lab.eng.blr.redhat.com/ovirt-engine/api/v4/model#services/openstack-image-providers/methods/add;. HTTP response code is 400. Process finished with exit code 1 I see the following error in the engine.log: = 2016-09-13 07:11:09,882 ERROR [org.ovirt.engine.api.restapi.resource.validation.IOExceptionMapper] (default task-11) [] IO exception while processing "POST" request for path "/openstackimageproviders" Caused by: javax.xml.bind.UnmarshalException: unexpected element (uri:"", local:"open_stack_image_provider"). Expected elements are <{}action>,<{}affinity_group>,<{}affinity _groups>,<{}affinity_label>,<{}affinity_labels>,<{}agent>,<{}agent_configuration>,<{}agent_configurations>,<{}agents>,<{}api>,<{}api_summaries>,<{}api_summary>,<{}api_summar y_item>,<{}api_summary_items>,<{}apis>,<{}application>,<{}applications>,<{}authorized_key>,<{}authorized_keys>,<{}balance>,<{}balances>,<{}bios>,<{}bioss>,<{}block_statistic >,<{}block_statistics>,<{}body>,<{}bonding>,<{}bondings>,<{}bookmark>,<{}bookmarks>,<{}boot>,<{}boot_menu>,<{}boot_menus>,<{}boots>,<{}brick>,<{}brick_memoryinfo>,<{}brick_p rofile_detail>,<{}brick_profile_details>,<{}bricks>,<{}cdrom>,<{}cdroms>,<{}certificate>,<{}certificates>,<{}cloud_init>,<{}cloud_inits>,<{}cluster>,<{}cluster_level>,<{}clu ster_levels>,<{}clusters>,<{}configuration>,<{}configurations>,<{}console>,<{}consoles>,<{}core>,<{}cores>,<{}cpu>,<{}cpu_profile>,<{}cpu_profiles>,<{}cpu_topologies>,<{}cpu _topology>,<{}cpu_tune>,<{}cpu_tunes>,<{}cpu_type>,<{}cpu_types>,<{}cpus>,<{}creation>,<{}creation_states>,<{}custom_properties>,<{}custom_property>,<{}data_center>,<{}data_ centers>,<{}detailedLink>,<{}detailedLinks>,<{}device>,<{}devices>,<{}disk>,<{}disk_attachment>,<{}disk_attachments>,<{}disk_profile>,<{}disk_profiles>,<{}disk_snapshot>,<{} disk_snapshots>,<{}disks>,<{}display>,<{}displays>,<{}dns>,<{}dnss>,<{}domain>,<{}domains>,<{}entity_profile_detail>,<{}entity_profile_details>,<{}error_handling>,<{}error_h andlings>,<{}event>,<{}events>,<{}external_compute_resource>,<{}external_compute_resources>,<{}external_discovered_host>,<{}external_discovered_hosts>,<{}external_host>,<{}e xternal_host_group>,<{}external_host_groups>,<{}external_host_provider>,<{}external_host_providers>,<{}external_hosts>,<{}external_provider>,<{}external_providers>,<{}fault> ,<{}faults>,<{}fencing_policies>,<{}fencing_policy>,<{}file>,<{}files>,<{}filter>,<{}filters>,<{}floppies>,<{}floppy>,<{}fop_statistic engine version : ovirt4.0.3 sdkversion : python-ovirt-engine-sdk4-4.0.0-0.6.a6.fc23.x86_64 Can some one please help me to resolve this issue? Thanks kasturi ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Failed to check for available updates on host * with message 'Command returned failure code 1 during SSH session 'root@*
On Tue, Sep 13, 2016 at 10:59 AM,wrote: > nslookup resolves names on the engine and hosts without ipv6 address: > > # nslookup mirrorlist.centos.org > > Server: 10.1.0.10 > Address:10.1.0.10#53 > > Non-authoritative answer: > Name: mirrorlist.centos.org > Address: 67.219.148.138 > Name: mirrorlist.centos.org > Address: 85.236.43.108 > Name: mirrorlist.centos.org > Address: 212.69.166.138 > Name: mirrorlist.centos.org > Address: 216.176.179.218 > > Why oVirt updates checking process trying to use ipv6 ? > > > 13.09.2016, 08:26, "aleksey.maksi...@it-kb.ru" >: > > Yesterday I changed the settings the host to: > > > > net.ipv6.conf.all.disable_ipv6 = 1 > > net.ipv6.conf.default.disable_ipv6 = 1 > > > > I deleted the last two lines in /etc/sysctl.conf and rebooted host. > > > > Tonight - problem repeated: > > > > 2016-09-13 01:11:13 ERROR otopi.context context._executeMethod:151 > Failed to execute stage 'Environment packages setup': Cannot find a valid > baseurl for repo: base/7/x86_64 > > 2016-09-13 01:11:13 DEBUG otopi.transaction transaction.abort:119 > aborting 'Yum Transaction' > > 2016-09-13 01:11:13 INFO otopi.plugins.otopi.packagers.yumpackager > yumpackager.info:80 Yum Performing yum transaction rollback > > Could not retrieve mirrorlist http://mirrorlist.centos.org/? > release=7=x86_64=os=stock error was > > 14: curl#7 - "Failed to connect to 2604:1580:fe02:2::10: Network is > unreachable" > > > > Why so? > Didi, any idea why otopi (or python underneath, not sure) is using IPv6 addresses when IPv6 is disabled on the host? > > > > 12.09.2016, 17:34, "Martin Perina" : > >> On Mon, Sep 12, 2016 at 3:34 PM, wrote: > >>> My /etc/sysctl.conf is: > >>> > >>> net.ipv6.conf.all.disable_ipv6 = 1 > >>> net.ipv6.conf.default.disable_ipv6 = 1 > >>> net.ipv6.conf.lo.disable_ipv6 = 0 > >>> net.ipv6.conf.ovirtmgmt.disable_ipv6 = 0 > >> > >> I'm not networking expert, but last two lines means that you have IPv6 > enabled on loopback and ovirtmgmt network interfaces (but disabled on all > others). So you shouldn't be surprised to get IPv6 address from DNS > resolver if ovirtmgmt supports IPv6. Dan/Edward, am I right? > >> > >>> Last two lines was added for http://lists.ovirt.org/ > pipermail/users/2016-July/041443.html > >>> > >>> My configuration file is bad ?? > >>> > >>> 12.09.2016, 16:22, "Martin Perina" : > On Mon, Sep 12, 2016 at 2:49 PM, wrote: > > Ok. I found log-file /var/log/ovirt-engine/host- > deploy/ovirt-host-mgmt-20160912020013-kom-ad01-vm31.holding.com-null.log > with this: > > > > ... > > 2016-09-12 02:00:13 ERROR otopi.plugins.otopi.packagers.yumpackager > yumpackager.error:85 Yum Cannot queue package iproute: Cannot find a valid > baseurl for repo: base/7/x86_64 > > 2016-09-12 02:00:13 DEBUG otopi.context context._executeMethod:142 > method exception > > Traceback (most recent call last): > > File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/context.py", line > 132, in _executeMethod > > method['method']() > > File "/tmp/ovirt-B4lcSm14u9/otopi-plugins/otopi/network/hostname.py", > line 54, in _internal_packages > > self.packager.install(packages=('iproute',)) > > File > > "/tmp/ovirt-B4lcSm14u9/otopi-plugins/otopi/packagers/yumpackager.py", > line 295, in install > > ignoreErrors=ignoreErrors > > File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line > 851, in install > > **kwargs > > File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line > 495, in _queue > > provides = self._queryProvides(packages=(package,)) > > File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line > 433, in _queryProvides > > for po in self._yb.searchPackageProvides(args=packages): > > File "/usr/lib/python2.7/site-packages/yum/__init__.py", line > 3429, in searchPackageProvides > > where = self.returnPackagesByDep(arg) > > File "/usr/lib/python2.7/site-packages/yum/__init__.py", line > 4255, in returnPackagesByDep > > return self.pkgSack.searchProvides(depstring) > > File "/usr/lib/python2.7/site-packages/yum/__init__.py", line > 1079, in > > pkgSack = property(fget=lambda self: self._getSacks(), > > File "/usr/lib/python2.7/site-packages/yum/__init__.py", line > 784, in _getSacks > > self.repos.populateSack(which=repos) > > File "/usr/lib/python2.7/site-packages/yum/repos.py", line 344, > in populateSack > > self.doSetup() > > File "/usr/lib/python2.7/site-packages/yum/repos.py", line 158, > in doSetup > > self.ayum.plugins.run('postreposetup') > > File "/usr/lib/python2.7/site-packages/yum/plugins.py", line 188, > in run > > func(conduitcls(self, self.base, conf, **kwargs)) > > File
Re: [ovirt-users] Ovirt 4.0 & virt-viewer & SSO token
Hi, we don't support it. What oVirt does is, that it pass the username/password to the VM, not the token. You can read more here[1]. But I doubt the proposed solution will be implemented. So you need to use it as is for now. [1] http://www.ovirt.org/develop/release-management/features/infra/sso/ Ondra On 09/12/2016 06:17 PM, KY LO wrote: Hi all, How can I use SSO token for authentication with Ovirt 4 when using virt-viewer? Any special configuration needed? I can't seem to find much information on the use of SSO token with Ovirt4. Thanks. regards, Philip Lo ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Failed to check for available updates on host * with message 'Command returned failure code 1 during SSH session 'root@*
nslookup resolves names on the engine and hosts without ipv6 address: # nslookup mirrorlist.centos.org Server: 10.1.0.10 Address:10.1.0.10#53 Non-authoritative answer: Name: mirrorlist.centos.org Address: 67.219.148.138 Name: mirrorlist.centos.org Address: 85.236.43.108 Name: mirrorlist.centos.org Address: 212.69.166.138 Name: mirrorlist.centos.org Address: 216.176.179.218 Why oVirt updates checking process trying to use ipv6 ? 13.09.2016, 08:26, "aleksey.maksi...@it-kb.ru": > Yesterday I changed the settings the host to: > > net.ipv6.conf.all.disable_ipv6 = 1 > net.ipv6.conf.default.disable_ipv6 = 1 > > I deleted the last two lines in /etc/sysctl.conf and rebooted host. > > Tonight - problem repeated: > > 2016-09-13 01:11:13 ERROR otopi.context context._executeMethod:151 Failed to > execute stage 'Environment packages setup': Cannot find a valid baseurl for > repo: base/7/x86_64 > 2016-09-13 01:11:13 DEBUG otopi.transaction transaction.abort:119 aborting > 'Yum Transaction' > 2016-09-13 01:11:13 INFO otopi.plugins.otopi.packagers.yumpackager > yumpackager.info:80 Yum Performing yum transaction rollback > Could not retrieve mirrorlist > http://mirrorlist.centos.org/?release=7=x86_64=os=stock error > was > 14: curl#7 - "Failed to connect to 2604:1580:fe02:2::10: Network is > unreachable" > > Why so? > > 12.09.2016, 17:34, "Martin Perina" : >> On Mon, Sep 12, 2016 at 3:34 PM, wrote: >>> My /etc/sysctl.conf is: >>> >>> net.ipv6.conf.all.disable_ipv6 = 1 >>> net.ipv6.conf.default.disable_ipv6 = 1 >>> net.ipv6.conf.lo.disable_ipv6 = 0 >>> net.ipv6.conf.ovirtmgmt.disable_ipv6 = 0 >> >> I'm not networking expert, but last two lines means that you have IPv6 >> enabled on loopback and ovirtmgmt network interfaces (but disabled on all >> others). So you shouldn't be surprised to get IPv6 address from DNS resolver >> if ovirtmgmt supports IPv6. Dan/Edward, am I right? >> >>> Last two lines was added for >>> http://lists.ovirt.org/pipermail/users/2016-July/041443.html >>> >>> My configuration file is bad ?? >>> >>> 12.09.2016, 16:22, "Martin Perina" : On Mon, Sep 12, 2016 at 2:49 PM, wrote: > Ok. I found log-file > /var/log/ovirt-engine/host-deploy/ovirt-host-mgmt-20160912020013-kom-ad01-vm31.holding.com-null.log > with this: > > ... > 2016-09-12 02:00:13 ERROR otopi.plugins.otopi.packagers.yumpackager > yumpackager.error:85 Yum Cannot queue package iproute: Cannot find a > valid baseurl for repo: base/7/x86_64 > 2016-09-12 02:00:13 DEBUG otopi.context context._executeMethod:142 method > exception > Traceback (most recent call last): > File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/context.py", line 132, in > _executeMethod > method['method']() > File "/tmp/ovirt-B4lcSm14u9/otopi-plugins/otopi/network/hostname.py", > line 54, in _internal_packages > self.packager.install(packages=('iproute',)) > File > "/tmp/ovirt-B4lcSm14u9/otopi-plugins/otopi/packagers/yumpackager.py", > line 295, in install > ignoreErrors=ignoreErrors > File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line 851, in > install > **kwargs > File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line 495, in > _queue > provides = self._queryProvides(packages=(package,)) > File "/tmp/ovirt-B4lcSm14u9/pythonlib/otopi/miniyum.py", line 433, in > _queryProvides > for po in self._yb.searchPackageProvides(args=packages): > File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 3429, in > searchPackageProvides > where = self.returnPackagesByDep(arg) > File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 4255, in > returnPackagesByDep > return self.pkgSack.searchProvides(depstring) > File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 1079, in > > pkgSack = property(fget=lambda self: self._getSacks(), > File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 784, in > _getSacks > self.repos.populateSack(which=repos) > File "/usr/lib/python2.7/site-packages/yum/repos.py", line 344, in > populateSack > self.doSetup() > File "/usr/lib/python2.7/site-packages/yum/repos.py", line 158, in > doSetup > self.ayum.plugins.run('postreposetup') > File "/usr/lib/python2.7/site-packages/yum/plugins.py", line 188, in run > func(conduitcls(self, self.base, conf, **kwargs)) > File "/usr/lib/yum-plugins/fastestmirror.py", line 197, in > postreposetup_hook > if downgrade_ftp and _len_non_ftp(repo.urls) == 1: > File "/usr/lib/python2.7/site-packages/yum/yumRepo.py", line 871, in > > urls = property(fget=lambda self: self._geturls(), >
Re: [ovirt-users] Associate IP addresses to MAC addresses (anti-spoofing rules)
Hi André, The best separation would be providing a separate network for each customer. This way you could protect them from other malicious users on your internal networks. Please describe your env in some more detail. Thanks, Marcin - Original Message - > From: "André Gustavo"> To: Users@ovirt.org > Sent: Monday, September 12, 2016 8:33:40 PM > Subject: [ovirt-users] Associate IP addresses to MAC addresses > (anti-spoofing rules) > > Aloha, > > I'm using oVirt 4 in my hosting. > > However, easily a customer can change the IP to another client (IP spoofing) > > In vNIC profiles, altered Network Filter > from "VDSM-on-mac-spoofing" to "no-ip-spoofing" > > It worked partially, but if the client power off 'vm' and turn on the 'vm', > he can perform the change in IP > > I tried to use eptables, but also had problems > http://ebtables.netfilter.org/examples/basic.html#ex_anti-spoof > > > What is the best option? > > > -- > --- > André Gustavo Timermann > Curitiba/PR - Brasil > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users