date:20160928


On 09/28/2016 05:14 PM, cmc wrote:

Hi,

I'm trying to use the directory services provided by the
ovirt-engine-extension-aaa-ldap, and I can get it to successfully login
when I run the tests in the setup script, but when I login via the GUI,
it gives me:

unexpected error was encountered during validation processing:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated'

and fails login. It looks a bit like it is expecting to already be
joined to the domain, so I tried doing that manually via realmd and
sssd. It involved installing a lot of packages, such as kerberos and
samba, which I am nervous about on an engine host. Anyway, once I was
joined, it still gives me the same 'peer not authenticated' message.
Does it need to be separately bound to the domain, i.e., do you need all
the other stuff installed and running for it to work, or is the
ovirt-engine-extension-aaa-ldap package all that is needed?


Not really. aaa-ldap by default uses just simple bind, no gssapi.
If you have any problems with certificate I would suggest you to check 
if you are using the correct one, correctly. More info for it can be

found here:


https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;h=1f4381e4f0d22acdda63c56a84863fcb0f72bc3a;hb=HEAD#l397



Anyway, I ran the ovirt-engine-extensions-tool --log-level=FINEST
--log-file=/tmp/aaa.log aaa search --extension-name=domain-authz command
suggested in an earlier post, and it only gave me one exception, which was:

2016-09-28 16:08:15 SEVERE  Extension domain-authz could not be found
2016-09-28 16:08:15 FINEException:
org.ovirt.engine.core.extensions.mgr.ConfigurationException: Extension
domain-authz could not be found


Well, you need to replace 'domain-authz', with your real authz-name to
see any reasonable results.



Thanks for any help,

Cam



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] the 'ISO_DOMAIN' storage space always smaller than 1G

2016-09-28 Thread ??????

hello:
Ovirt-engine-4.0.2.6 is installed.
but the 'ISO_DOMAIN' storage space always smaller than 1G.
the status always 'Unattached'.
That's why?
Thank you !

330AF182@B592FE2F.D5B1EC57
Description: Binary data
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt Active Directory Integration

Hi,

Thank you very much.

Thanks & Regards,

Anantha Raghava

eXza Technology Consulting & Services

Do not print this e-mail unless required. Save Paper & trees.

On Thursday 29 September 2016 11:43 AM, Ondra Machacek wrote:

Hi,

I would suggest you reading this:

https://access.redhat.com/documentation/en/red-hat-virtualization/4.0/single/administration-guide/#sect-User_Authorization

And if you have doubt with anything you can ask here.

Ondra

On 09/28/2016 05:40 PM, Anantha Raghava wrote:

Hi,

I am able to add the user to oVirt and assign role. Just to test, I
assigned one user as "super user" and I am able to login to
Administrator Portal.

Need to read a bit more about roles and their predefined rights. Any
suggestions in this regard?

Thanks & Regards,

Anantha Raghava

eXza Technology Consulting & Services

Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 03:46 PM, Anantha Raghava wrote:

Hello Ondra,

It's working now. It browses though the directory and fetching the
user / group details.

Thanks for your quick support.

Thanks & Regards,

Anantha Raghava

eXza Technology Consulting & Services

Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 02:03 PM, Anantha Raghava wrote:

Thanks Ondra. Will check this & revert back.

Thanks & Regards,

Anantha Raghava

eXza Technology Consulting & Services

Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 02:02 PM, Ondra Machacek wrote:
Yes, you can. You can use different profile name and those setups
can exist together, or you can you same name and the
aaa-setup-tool will ask you if you want to override the existing one.

- Anantha Raghava wrote:

Thanks for quick response Ondra.

Before I make another attempt to properly configure, can I
re-execute

the ovirt aaa ldap setup again without disturbing the current setup?
Will that help me to correct the problem?

Thanks & Regards,

Anantha Raghava

eXza Technology Consulting & Services

Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 01:23 PM, Ondra Machacek wrote:

- Anantha Raghava wrote:

Hello Ondra

Please find the attached file. I have also attached the setup
log file.
I find the errors & warnings there too. But I am unable to
figure out

what really went wrong.

One more thing, while setting aaa-ldap extension, since it
threw error
on user DN, did not properly recognise, I used "anonymous",
also did not

perform the Login Test. Are these the root cause?
Yes, it is root cause. Active directory usually has anonymous
bind disabled. You can enter UPN instead of DN, if you want. In
your case it will be something like vdiad...@rvce.in. Please
note that AD usually use CN attribute in DN, not uid attribute,
that may be the problem in your DN.

Thanks & Regards,

Anantha Raghava

eXza Technology Consulting & Services

Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 12:18 PM, Ondra Machacek wrote:

On 09/28/2016 05:25 AM, Anantha Raghava wrote:

Hi,

I am trying to integrate the oVirt Engine with Active
Directory to
enable user logins. I installed the ovirt ldap extension and
executed
the setup. The process completed successfully and the profile
is visible

in engine log in page.

Most probably it wasn't successful, because as you can see in
screenshot there is no 'namespace', you should see there
something, if

configuration is correct.

Can you please send output of the following command?

$ ovirt-engine-extensions-tool --log-level=FINEST
--log-file=/tmp/aaa.log aaa search --extension-name=domain-authz

There should be some ERROR or WARN.

Thanks.

Now, when I try to add the user and assign the roles, it is
not allowing
me to browse through the profile & the user list. Infact the
"GO" button

gets deactivated as shown in the screenshot.

How do I set this right and get the user list?

Thanks & Regards,

Anantha Raghava

eXza Technology Consulting & Services

Do not print this e-mail unless required. Save Paper & trees.

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt Active Directory Integration

Hi,

I would suggest you reading this:

https://access.redhat.com/documentation/en/red-hat-virtualization/4.0/single/administration-guide/#sect-User_Authorization

And if you have doubt with anything you can ask here.

Ondra

On 09/28/2016 05:40 PM, Anantha Raghava wrote:

Hi,

I am able to add the user to oVirt and assign role. Just to test, I
assigned one user as "super user" and I am able to login to
Administrator Portal.

Need to read a bit more about roles and their predefined rights. Any
suggestions in this regard?

Thanks & Regards,

Anantha Raghava

eXza Technology Consulting & Services

Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 03:46 PM, Anantha Raghava wrote:

Hello Ondra,

It's working now. It browses though the directory and fetching the
user / group details.

Thanks for your quick support.

Thanks & Regards,

Anantha Raghava

eXza Technology Consulting & Services

Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 02:03 PM, Anantha Raghava wrote:

Thanks Ondra. Will check this & revert back.

Thanks & Regards,

Anantha Raghava

eXza Technology Consulting & Services

Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 02:02 PM, Ondra Machacek wrote:

Yes, you can. You can use different profile name and those setups can exist
together, or you can you same name and the aaa-setup-tool will ask you if you
want to override the existing one.

- Anantha Raghava wrote:

Thanks for quick response Ondra.

Before I make another attempt to properly configure, can I re-execute
the ovirt aaa ldap setup again without disturbing the current setup?
Will that help me to correct the problem?

Thanks & Regards,

Anantha Raghava

eXza Technology Consulting & Services

Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 01:23 PM, Ondra Machacek wrote:

- Anantha Raghava wrote:

Hello Ondra

Please find the attached file. I have also attached the setup log file.
I find the errors & warnings there too. But I am unable to figure out
what really went wrong.

One more thing, while setting aaa-ldap extension, since it threw error
on user DN, did not properly recognise, I used "anonymous", also did not
perform the Login Test. Are these the root cause?

Yes, it is root cause. Active directory usually has anonymous bind disabled.
You can enter UPN instead of DN, if you want. In your case it will be something
like vdiad...@rvce.in. Please note that AD usually use CN attribute in DN, not
uid attribute, that may be the problem in your DN.

Thanks & Regards,

Anantha Raghava

eXza Technology Consulting & Services

Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 12:18 PM, Ondra Machacek wrote:

On 09/28/2016 05:25 AM, Anantha Raghava wrote:

Hi,

I am trying to integrate the oVirt Engine with Active Directory to
enable user logins. I installed the ovirt ldap extension and executed
the setup. The process completed successfully and the profile is visible
in engine log in page.

Most probably it wasn't successful, because as you can see in
screenshot there is no 'namespace', you should see there something, if
configuration is correct.

Can you please send output of the following command?

$ ovirt-engine-extensions-tool --log-level=FINEST
--log-file=/tmp/aaa.log aaa search --extension-name=domain-authz

There should be some ERROR or WARN.

Thanks.

Now, when I try to add the user and assign the roles, it is not allowing
me to browse through the profile & the user list. Infact the "GO" button
gets deactivated as shown in the screenshot.

How do I set this right and get the user list?

Thanks & Regards,

Anantha Raghava

eXza Technology Consulting & Services

Do not print this e-mail unless required. Save Paper & trees.

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Certificates in a hosted-engine cluster

On Wed, Sep 28, 2016, 3:37 PM Nicolas Ecarnot  wrote:

> Le 28/09/2016 à 21:35, Joshua Doll a écrit :
> > I've found,
> > http://www.ovirt.org/develop/release-management/features/infra/pki/
> >
> > It seems to be for versions 3.2 and 3.3, is it still valid?
>
> At least, I followed that for 3.6.x and was very happy with it.
>
> --
> Nicolas ECARNOT
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

Trying not top post so forgive me if I am or just generally making ugly
emails. I'm on my phone, my work has a very strict policy regarding mailing
list posting.

I am running 4.0.3, but will give this a go using this list.

Thanks for the help, Josh

>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Certificates in a hosted-engine cluster

2016-09-28 Thread Nicolas Ecarnot


Le 28/09/2016 à 21:35, Joshua Doll a écrit :

I've found,
http://www.ovirt.org/develop/release-management/features/infra/pki/

It seems to be for versions 3.2 and 3.3, is it still valid?


At least, I followed that for 3.6.x and was very happy with it.

--
Nicolas ECARNOT
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Certificates in a hosted-engine cluster

I've found,
http://www.ovirt.org/develop/release-management/features/infra/pki/

It seems to be for versions 3.2 and 3.3, is it still valid?

Thanks, Josh

On Wed, Sep 28, 2016, 3:24 PM Joshua Doll  wrote:

> I asked this question earlier, but I am not sure my email made it to the
> list. I have a two node cluster, and would like to replace all the self
> signed certificates with certs from my new enterprise CA. I cannot find a
> list of all the certificates that need to be replaced. My goal is to
> replace the CA that ovirt made with the new enterprise CA, bit I do not
> know all the certificates involved and their locations.
>
> Thanks, Josh
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Certificates in a hosted-engine cluster

I asked this question earlier, but I am not sure my email made it to the
list. I have a two node cluster, and would like to replace all the self
signed certificates with certs from my new enterprise CA. I cannot find a
list of all the certificates that need to be replaced. My goal is to
replace the CA that ovirt made with the new enterprise CA, bit I do not
know all the certificates involved and their locations.

Thanks, Josh
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] ovirt-engine-extension-aaa-ldap-setup > [ ERROR ] Invalid CA certificate: unknown error (_ssl.c:2988)

2016-09-28 Thread aleksey . maksimov

Yes. You're right. Thank you.

> "Please select method to obtain PEM encoded CA certificate"
>
> File means the PEM file not the jks file. The jks is created by
> aaa-ldap-setup.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] global vs local maintenance with single host

2016-09-28 Thread Gervais de Montbrun

Hi Gianluca,

Instead of editing the system's built in systemd configuration, you can do the 
following...

Create a file called /etc/systemd/system/ovirt-ha-broker.service

# My custom ovirt-ha-broker.service config that ensures NFS starts before 
ovirt-ha-broker.service
# thanks Gervais for this tip!  :-)

.include /usr/lib/systemd/system/ovirt-ha-broker.service

[Unit]
After=nfs-server.service

Then disable and enable ovirt-ha-broker.service (systemctl disable 
ovirt-ha-broker.service ; systemctl enable ovirt-ha-broker.service) and you 
should see that it is using your customized systemd unit definition. You can 
see that systemd is using your file by running systemctl status 
ovirt-ha-broker.service. You'll see something like "Loaded: loaded 
(/etc/systemd/system/ovirt-ha-broker.service;" in the output.

Your file will survive updates and therefore always wait for nfs to start prior 
to starting. You can do the same for your other customizations.

Cheers,
Gervais



> On Sep 28, 2016, at 1:31 PM, Gianluca Cecchi  
> wrote:
> 
> On Sun, Sep 4, 2016 at 10:54 AM, Yedidyah Bar David  > wrote:
> On Sat, Sep 3, 2016 at 1:18 PM, Gianluca Cecchi
> mailto:gianluca.cec...@gmail.com>> wrote:
> > Hello,
> > how do the two modes apply in case of single host?
> > During an upgrade phase, after having upgraded the self hosted engine and
> > leaving global maintenance and having checked all is ok, what is the correct
> > mode then to put host if I want finally to update it too?
> 
> The docs say to put hosts to maintenance from the engine before upgrading 
> them.
> 
> This is (also) so that VMs on them are migrated away to other hosts.
> 
> With a single host, you have no other hosts to migrate VMs to.
> 
> So you should do something like this:
> 
> 1. Set global maintenance (because you are going to take down the
> engine and its vm)
> 2. Shutdown all other VMs
> 3. Shutdown engine vm from itself
> At this point, you should be able to simply stop HA services. But it
> might be cleaner to first set local maintenance. Not sure but perhaps
> this might be required for vdsm. So:
> 4. Set local maintenance
> 5. Stop HA services. If setting local maintenance didn't work, perhaps
> better stop also vdsm services. This stop should obviously happen
> automatically by yum/rpm, but perhaps better do this manually to see
> that it worked.
> 6. yum (or dnf) update stuff.
> 7. Start HA services
> 8. Check status. I think you'll see that both local and global maint
> are still set.
> 9. Set maintenance to none
> 10. Check status again - I think that after some time HA will decide
> to start engine vm and should succeed.
> 11. Start all other VMs.
> 
> Didn't try this myself.
> 
> Best,
> --
> Didi
> 
> Hello Didi,
> I would like to leverage the update I have to do on 2 small different lab 
> environments to crosscheck the steps suggested.
> They are both single host environments with self hosted engine.
> One is 4.0.2 and the other is 4.0.3. Both on CentoS 7.2
> I plan to migrate to the just released 4.0.4
> 
> One note: in both environments the storage is NFS and is provided by the host 
> itself, so a corner case (for all hosted_storage domain, main data domain and 
> iso storage domain).
> I customized the init scripts, basically for start phase of the server and to 
> keep in count of the NFS service, but probably something has to be done for 
> stop too?
> 
> 1) In /usr/lib/systemd/system/ovirt-ha-broker.service
> 
> added in section [Unit]
> 
> After=nfs-server.service
> 
> The file is overwritten at update so one has to keep in mind this
> 
> 2) also in vdsmd.service changed 
> from:
> After=multipathd.service libvirtd.service iscsid.service rpcbind.service \
>   supervdsmd.service sanlock.service vdsm-network.service
> 
> to:
> After=multipathd.service libvirtd.service iscsid.service rpcbind.service \
>   supervdsmd.service sanlock.service vdsm-network.service \
>   nfs-server.service
> 
> Do you think any order setup I have to put in place related to NFS service 
> and oVirt services stop?
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] global vs local maintenance with single host

2016-09-28 Thread Gianluca Cecchi

On Sun, Sep 4, 2016 at 10:54 AM, Yedidyah Bar David  wrote:

> On Sat, Sep 3, 2016 at 1:18 PM, Gianluca Cecchi
>  wrote:
> > Hello,
> > how do the two modes apply in case of single host?
> > During an upgrade phase, after having upgraded the self hosted engine and
> > leaving global maintenance and having checked all is ok, what is the
> correct
> > mode then to put host if I want finally to update it too?
>
> The docs say to put hosts to maintenance from the engine before upgrading
> them.
>
> This is (also) so that VMs on them are migrated away to other hosts.
>
> With a single host, you have no other hosts to migrate VMs to.
>
> So you should do something like this:
>
> 1. Set global maintenance (because you are going to take down the
> engine and its vm)
> 2. Shutdown all other VMs
> 3. Shutdown engine vm from itself
> At this point, you should be able to simply stop HA services. But it
> might be cleaner to first set local maintenance. Not sure but perhaps
> this might be required for vdsm. So:
> 4. Set local maintenance
> 5. Stop HA services. If setting local maintenance didn't work, perhaps
> better stop also vdsm services. This stop should obviously happen
> automatically by yum/rpm, but perhaps better do this manually to see
> that it worked.
> 6. yum (or dnf) update stuff.
> 7. Start HA services
> 8. Check status. I think you'll see that both local and global maint
> are still set.
> 9. Set maintenance to none
> 10. Check status again - I think that after some time HA will decide
> to start engine vm and should succeed.
> 11. Start all other VMs.
>
> Didn't try this myself.
>
> Best,
> --
> Didi
>

Hello Didi,
I would like to leverage the update I have to do on 2 small different lab
environments to crosscheck the steps suggested.
They are both single host environments with self hosted engine.
One is 4.0.2 and the other is 4.0.3. Both on CentoS 7.2
I plan to migrate to the just released 4.0.4

One note: in both environments the storage is NFS and is provided by the
host itself, so a corner case (for all hosted_storage domain, main data
domain and iso storage domain).
I customized the init scripts, basically for start phase of the server and
to keep in count of the NFS service, but probably something has to be done
for stop too?

1) In /usr/lib/systemd/system/ovirt-ha-broker.service

added in section [Unit]

After=nfs-server.service

The file is overwritten at update so one has to keep in mind this

2) also in vdsmd.service changed
from:
After=multipathd.service libvirtd.service iscsid.service rpcbind.service \
  supervdsmd.service sanlock.service vdsm-network.service

to:
After=multipathd.service libvirtd.service iscsid.service rpcbind.service \
  supervdsmd.service sanlock.service vdsm-network.service \
  nfs-server.service

Do you think any order setup I have to put in place related to NFS service
and oVirt services stop?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt Active Directory Integration


Hi,

I am able to add the user to oVirt and assign role. Just to test, I 
assigned one user as "super user" and I am able to login to 
Administrator Portal.


Need to read a bit more about roles and their predefined rights. Any 
suggestions in this regard?


--

Thanks & Regards,


Anantha Raghava

eXza Technology Consulting & Services



Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 03:46 PM, Anantha Raghava wrote:


Hello Ondra,

It's working now. It browses though the directory and fetching the 
user / group details.


Thanks for your quick support.

--

Thanks & Regards,


Anantha Raghava

eXza Technology Consulting & Services


Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 02:03 PM, Anantha Raghava wrote:


Thanks Ondra. Will check this & revert back.

--

Thanks & Regards,


Anantha Raghava

eXza Technology Consulting & Services


Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 02:02 PM, Ondra Machacek wrote:

Yes, you can. You can use different profile name and those setups can exist 
together, or you can you same name and the aaa-setup-tool will ask you if you 
want to override the existing one.

- Anantha Raghava  wrote:

Thanks for quick response Ondra.

Before I make another attempt to properly configure, can I re-execute
the ovirt aaa ldap setup again without disturbing the current setup?
Will that help me to correct the problem?

--

Thanks & Regards,


Anantha Raghava

eXza Technology Consulting & Services


Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 01:23 PM, Ondra Machacek wrote:

- Anantha Raghava  wrote:

Hello Ondra

Please find the attached file. I have also attached the setup log file.
I find the errors & warnings there too. But I am unable to figure out
what really went wrong.

One more thing, while setting aaa-ldap extension, since it threw error
on user DN, did not properly recognise, I used "anonymous", also did not
perform the Login Test. Are these the root cause?

Yes, it is root cause. Active directory usually has anonymous bind disabled. 
You can enter UPN instead of DN, if you want. In your case it will be something 
likevdiad...@rvce.in. Please note that AD usually use CN attribute in DN, not 
uid attribute, that may be the problem in your DN.

--

Thanks & Regards,


Anantha Raghava

eXza Technology Consulting & Services



Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 12:18 PM, Ondra Machacek wrote:

On 09/28/2016 05:25 AM, Anantha Raghava wrote:

Hi,

I am trying to integrate the oVirt Engine with Active Directory to
enable user logins. I installed the ovirt ldap extension and executed
the setup. The process completed successfully and the profile is visible
in engine log in page.

Most probably it wasn't successful, because as you can see in
screenshot there is no 'namespace', you should see there something, if
configuration is correct.

Can you please send output of the following command?

   $ ovirt-engine-extensions-tool --log-level=FINEST
--log-file=/tmp/aaa.log aaa search --extension-name=domain-authz

There should be some ERROR or WARN.

Thanks.


Now, when I try to add the user and assign the roles, it is not allowing
me to browse through the profile & the user list. Infact the "GO" button
gets deactivated as shown in the screenshot.

How do I set this right and get the user list?

--

Thanks & Regards,


Anantha Raghava

eXza Technology Consulting & Services


Do not print this e-mail unless required. Save Paper & trees.



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users







___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] oVirt AD integration problems

2016-09-28 Thread cmc

Hi,

I'm trying to use the directory services provided by the
ovirt-engine-extension-aaa-ldap, and I can get it to successfully login
when I run the tests in the setup script, but when I login via the GUI, it
gives me:

unexpected error was encountered during validation processing:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated'

and fails login. It looks a bit like it is expecting to already be joined
to the domain, so I tried doing that manually via realmd and sssd. It
involved installing a lot of packages, such as kerberos and samba, which I
am nervous about on an engine host. Anyway, once I was joined, it still
gives me the same 'peer not authenticated' message. Does it need to be
separately bound to the domain, i.e., do you need all the other stuff
installed and running for it to work, or is the
ovirt-engine-extension-aaa-ldap package all that is needed?

Anyway, I ran the ovirt-engine-extensions-tool --log-level=FINEST
--log-file=/tmp/aaa.log aaa search --extension-name=domain-authz command
suggested in an earlier post, and it only gave me one exception, which was:

2016-09-28 16:08:15 SEVERE  Extension domain-authz could not be found
2016-09-28 16:08:15 FINEException:
org.ovirt.engine.core.extensions.mgr.ConfigurationException: Extension
domain-authz could not be found

Thanks for any help,

Cam
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] change disk profile

2016-09-28 Thread vasily.lamy...@megafon.ru

Hello
I change disk profile. After OK they returned to defult disk profile with
unlimited (iops,mbs)
I try add new disk and try create new vm. Always disk profile automatically
changed to default unlimited.
How can I change disk profile.

Ламыкин Василий
Старший инженер по эксплуатации сервисных платформ
Столичный ф-ал ПАО "МегаФон

+7 (926) 500-3308
[МегаФон лого+знак РУС B2C]

Информация в этом сообщении предназначена исключительно для конкретных лиц,
которым она адресована. В сообщении может содержаться конфиденциальная
информация, которая не может быть раскрыта или использована кем-либо, кроме
адресатов. Если вы не адресат этого сообщения, то использование, переадресация,
копирование или распространение содержания сообщения или его части незаконно и
запрещено. Если Вы получили это сообщение ошибочно, пожалуйста, незамедлительно
сообщите отправителю об этом и удалите со всем содержимым само сообщение и
любые возможные его копии и приложения.

The information contained in this communication is intended solely for the use
of the individual or entity to whom it is addressed and others authorized to
receive it. It may contain confidential or legally privileged information. The
contents may not be disclosed or used by anyone other than the addressee. If
you are not the intended recipient(s), any use, disclosure, copying,
distribution or any action taken or omitted to be taken in reliance on it is
prohibited and may be unlawful. If you have received this communication in
error please notify us immediately by responding to this email and then delete
the e-mail and all attachments and any copies thereof.

[ovirt-users] VM pauses/hangs after migration

2016-09-28 Thread Davide Ferrari

Hello

trying to migrate a VM from one host to another, a big VM with 96GB of RAM,
I found that when the migration completes, the VM goes to a paused satte
and cannot be resumed. The libvirt/qemu log it gives is this:

2016-09-28T12:18:15.679176Z qemu-kvm: error while loading state section id
2(ram)
2016-09-28T12:18:15.680010Z qemu-kvm: load of migration failed:
Input/output error
2016-09-28 12:18:15.872+: shutting down
2016-09-28 12:22:21.467+: starting up libvirt version: 1.2.17, package:
13.el7_2.5 (CentOS BuildSystem ,
2016-06-23-14:23:27, worker1.bsys.centos.org), qemu version: 2.3.0
(qemu-kvm-ev-2.3.0-31.el7.16.1)
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
QEMU_AUDIO_DRV=spice /usr/libexec/qemu-kvm -name front04.billydomain.com -S
-machine pc-i440fx-rhel7.2.0,accel=kvm,usb=off -cpu Haswell-noTSX -m
size=100663296k,slots=16,maxmem=4294967296k -realtime mlock=off -smp
32,sockets=16,cores=1,threads=2 -numa node,nodeid=0,cpus=0-31,mem=98304
-uuid 4511d1c0-6607-418f-ae75-34f605b2ad68 -smbios
type=1,manufacturer=oVirt,product=oVirt
Node,version=7-2.1511.el7.centos.2.10,serial=4C4C4544-004A-3310-8054-B2C04F474432,uuid=4511d1c0-6607-418f-ae75-34f605b2ad68
-no-user-config -nodefaults -chardev
socket,id=charmonitor,path=/var/lib/libvirt/qemu/
domain-front04.billydomain.com/monitor.sock,server,nowait -mon
chardev=charmonitor,id=monitor,mode=control -rtc
base=2016-09-28T14:22:21,driftfix=slew -global
kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -boot strict=on
-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device
virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x7 -device
virtio-serial-pci,id=virtio-serial0,max_ports=16,bus=pci.0,addr=0x4 -drive
if=none,id=drive-ide0-1-0,readonly=on,format=raw -device
ide-cd,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive
file=/rhev/data-center/0001-0001-0001-0001-03e3/ba2bd397-9222-424d-aecc-eb652c0169d9/images/b5b49d5c-2378-4639-9469-362e37ae7473/24fd0d3c-309b-458d-9818-4321023afacf,if=none,id=drive-virtio-disk0,format=qcow2,serial=b5b49d5c-2378-4639-9469-362e37ae7473,cache=none,werror=stop,rerror=stop,aio=threads
-device
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1
-drive
file=/rhev/data-center/0001-0001-0001-0001-03e3/ba2bd397-9222-424d-aecc-eb652c0169d9/images/f02ac1ce-52cd-4b81-8b29-f8006d0469e0/ff4e49c6-3084-4234-80a1-18a67615c527,if=none,id=drive-virtio-disk1,format=raw,serial=f02ac1ce-52cd-4b81-8b29-f8006d0469e0,cache=none,werror=stop,rerror=stop,aio=threads
-device
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x8,drive=drive-virtio-disk1,id=virtio-disk1
-netdev tap,fd=30,id=hostnet0,vhost=on,vhostfd=31 -device
virtio-net-pci,netdev=hostnet0,id=net0,mac=00:1a:4a:16:01:56,bus=pci.0,addr=0x3
-chardev
socket,id=charchannel0,path=/var/lib/libvirt/qemu/channels/4511d1c0-6607-418f-ae75-34f605b2ad68.com.redhat.rhevm.vdsm,server,nowait
-device
virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.rhevm.vdsm
-chardev
socket,id=charchannel1,path=/var/lib/libvirt/qemu/channels/4511d1c0-6607-418f-ae75-34f605b2ad68.org.qemu.guest_agent.0,server,nowait
-device
virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=org.qemu.guest_agent.0
-chardev spicevmc,id=charchannel2,name=vdagent -device
virtserialport,bus=virtio-serial0.0,nr=3,chardev=charchannel2,id=channel2,name=com.redhat.spice.0
-vnc 192.168.10.225:1,password -k es -spice
tls-port=5902,addr=192.168.10.225,x509-dir=/etc/pki/vdsm/libvirt-spice,tls-channel=default,tls-channel=main,tls-channel=display,tls-channel=inputs,tls-channel=cursor,tls-channel=playback,tls-channel=record,tls-channel=smartcard,tls-channel=usbredir,seamless-migration=on
-k es -device
qxl-vga,id=video0,ram_size=67108864,vram_size=8388608,vgamem_mb=16,bus=pci.0,addr=0x2
-incoming tcp:0.0.0.0:49156 -device
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 -msg timestamp=on
Domain id=5 is tainted: hook-script
red_dispatcher_loadvm_commands:
KVM: entry failed, hardware error 0x8
RAX=ffed RBX=8817ba00c000 RCX=0100
RDX=
RSI= RDI=0046 RBP=8817ba00fe98
RSP=8817ba00fe98
R8 = R9 = R10=
R11=
R12=0006 R13=8817ba00c000 R14=8817ba00c000
R15=
RIP=81058e96 RFL=00010286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =   
CS =0010   00a09b00 DPL=0 CS64 [-RA]
SS =0018   00c09300 DPL=0 DS   [-WA]
DS =   
FS =   
GS = 8817def8  
LDT=   
TR =0040 8817def93b80 2087 8b00 DPL=0 TSS64-busy
GDT= 8817def89000 007f
IDT= ff529000 0fff
CR0=80050033 CR2=00

[ovirt-users] Move VM between Datastores

2016-09-28 Thread Carlos García Gómez

Hello,

How can I move some VM from one Datastore (NFS) to another Datastore 
(FibreChannel)?

Regards

-

Sistemas de Información y Comunicaciones
Fundación Integra. http://www.f-integra.org

Teléfono: +34 968 277847
Teléfono: +34 968 355161
Fax: +34 968 355131
Correo F-Integra: carlos.gar...@f-integra.org
Correo Personal: cgg1...@gmail.com

--

Este mensaje y los posibles documentos adjuntos al mismo son confidenciales y 
dirigidos exclusivamente a los destinatarios de los mismos. Si por un error de 
transmisión, o equivocación en la dirección de envío, usted ha recibido este 
mensaje y no es el destinatario de la información, por favor, notifíqueselo
al remitente y borre este mensaje, sin usar, informar, distribuir, imprimir, 
copiar o difundir el mensaje, total o parcialmente, por ningún medio. Gracias.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Time synchronization in guest OS for Hosted Engine VM (for Kerberos)

2016-09-28 Thread Robert Story

On Tue, 27 Sep 2016 13:22:29 -0400 (EDT) Michal wrote:
MS> > On 27 Sep 2016, at 19:12, aleksey.maksi...@it-kb.ru wrote:
MS> > 
MS> > I'm afraid that in the future OS time may get out of sync because of 
kvm-clock
MS> > And as a result Kerberos may stop working
MS> > I hope I explained clearly  
MS> 
MS> Sorry, not really. You said you set up ntpd/chrony correctly. So how can 
the time get out of sync? Why do you think it can be because of kvmclock 
anyway? Do you refer to some specific bug?

I'd guess that it's a misunderstanding of what kvmclock is. Someone
guessing based on the name might think that it keeps the vm time in sync
with the host. Which might lead one to think it would conflict with ntp
(two different things trying to manage time).

If you know that kvmclock is essentially just a way to monitor the passage
of time (tick-tock-tick-tock) using the host's timer, then it makes sense
that you need also need ntp to tweak the current time to adjust for the
minor drift inherit in any clock.


Robert

-- 
Senior Software Engineer @ Parsons


pgpFr50IROpBx.pgp
Description: OpenPGP digital signature
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Snapshot deletion failure

2016-09-28 Thread Marcelo Leandro

Hi Ala,
When running Live Merge.
I create the live snapshot and when I try delete snapshot  and has this
error.
I saw the bug https://bugzilla.redhat.com/1368203 , but I not move the disk
to another domain.
Thanks.

Marcelo Leandro

2016-09-28 9:19 GMT-03:00 Ala Hino :

> Hi Marcelo,
>
> This error indicates that the image you are trying to delete doesn't exist.
> When do you get this error? When running Live Merge or Live Storage
> Migration (LSM)?
>
> Please note that we fixed in LSM area where the VM went down while we
> tried to delete the auto-generated snapshot. See https://bugzilla.redhat.
> com/1368203 .
>
> -Ala
>
> On Wed, Sep 28, 2016 at 3:07 PM, Marcelo Leandro 
> wrote:
>
>> Hello, I have the same problem but i use the ovirt version
>> 4.0.4.4-1.el7.centos .
>>
>> My logs.
>>
>>
>> Engine.log
>>
>> 2016-09-28 08:18:00,947 INFO  [org.ovirt.engine.core.vdsbrok
>> er.monitoring.VmJobsMonitoring] (DefaultQuartzScheduler1) [7013b545] VM
>> Job [4dd2b885-2452-4520-b20a-928edea50836]: In progress (no change)
>> 2016-09-28 08:18:08,010 INFO  
>> [org.ovirt.engine.core.bll.snapshots.RemoveSnapshotCommand]
>> (default task-54) [5a27e364] Lock Acquired to object
>> 'EngineLock:{exclusiveLocks='[eb73a967-1908-46e9-9de2-9706bf29643a=> ACTION_TYPE_FAILED_OBJECT_LOCKED>]', sharedLocks='null'}'
>> 2016-09-28 08:18:09,169 INFO  
>> [org.ovirt.engine.core.bll.snapshots.RemoveSnapshotCommand]
>> (default task-54) [5a27e364] Running command: RemoveSnapshotCommand
>> internal: false. Entities affected :  ID: 
>> eb73a967-1908-46e9-9de2-9706bf29643a
>> Type: VMAction group MANIPULATE_VM_SNAPSHOTS with role type USER
>> 2016-09-28 08:18:09,185 INFO  
>> [org.ovirt.engine.core.bll.snapshots.RemoveSnapshotCommand]
>> (default task-54) [5a27e364] Lock freed to object
>> 'EngineLock:{exclusiveLocks='[eb73a967-1908-46e9-9de2-9706bf29643a=> ACTION_TYPE_FAILED_OBJECT_LOCKED>]', sharedLocks='null'}'
>> 2016-09-28 08:18:09,265 INFO  [org.ovirt.engine.core.bll.sna
>> pshots.RemoveSnapshotSingleDiskLiveCommand] (pool-7-thread-3) [354939e9]
>> Running command: RemoveSnapshotSingleDiskLiveCommand internal: true.
>> Entities affected :  ID: ---- Type:
>> Storage
>> 2016-09-28 08:18:09,302 INFO  [org.ovirt.engine.core.dal.dbb
>> roker.auditloghandling.AuditLogDirector] (default task-54) []
>> Correlation ID: 5a27e364, Job ID: 661f8f55-30c6-4735-bb0a-fdcd3ac4004a,
>> Call Stack: null, Custom Event ID: -1, Message: Snapshot 'Backup the VM'
>> deletion for VM 'SRV-ActPrint' was initiated by admin@internal.
>> 2016-09-28 08:18:10,197 INFO  [org.ovirt.engine.core.bll.sna
>> pshots.RemoveSnapshotSingleDiskLiveCommand] (DefaultQuartzScheduler4)
>> [354939e9] Executing Live Merge command step 'EXTEND'
>> 2016-09-28 08:18:10,254 INFO  [org.ovirt.engine.core.bll.MergeExtendCommand]
>> (pool-7-thread-7) [57c94fc3] Running command: MergeExtendCommand internal:
>> true. Entities affected :  ID: 6e5cce71-3438-4045-9d54-607123e0557e
>> Type: Storage
>> 2016-09-28 08:18:10,255 INFO  [org.ovirt.engine.core.bll.MergeExtendCommand]
>> (pool-7-thread-7) [57c94fc3] Refreshing volume
>> c08d86ed-46f1-44bc-9476-0cc2c6aed367 on host
>> f22d87b9-4449-4a71-8529-58095dd81b6f
>> 2016-09-28 08:18:10,275 INFO  
>> [org.ovirt.engine.core.bll.RefreshVolumeCommand]
>> (pool-7-thread-7) [47625ba4] Running command: RefreshVolumeCommand
>> internal: true.
>> 2016-09-28 08:18:10,275 INFO  [org.ovirt.engine.core.vdsbrok
>> er.vdsbroker.RefreshVolumeVDSCommand] (pool-7-thread-7) [47625ba4]
>> START, RefreshVolumeVDSCommand(HostName = Host04,
>> RefreshVolumeVDSCommandParameters:{runAsync='true',
>> hostId='f22d87b9-4449-4a71-8529-58095dd81b6f',
>> storagePoolId='77e24b20-9d21-4952-a089-3c5c592b4e6d',
>> storageDomainId='6e5cce71-3438-4045-9d54-607123e0557e',
>> imageGroupId='9fc0b2f6-d786-4a21-8f5c-b22b23df4aaa',
>> imageId='c08d86ed-46f1-44bc-9476-0cc2c6aed367'}), log id: 77b9ded4
>> 2016-09-28 08:18:11,245 INFO  [org.ovirt.engine.core.bll.Con
>> currentChildCommandsExecutionCallback] (DefaultQuartzScheduler8)
>> [354939e9] Command 'RemoveSnapshot' (id: 
>> '18613dc9-d8c8-45c4-9fbe-a298e701ead5')
>> waiting on child command id: 'fd866748-3211-4d48-9908-12eb6078a69e'
>> type:'RemoveSnapshotSingleDiskLive' to complete
>> 2016-09-28 08:18:11,810 INFO  [org.ovirt.engine.core.vdsbrok
>> er.vdsbroker.RefreshVolumeVDSCommand] (pool-7-thread-7) [47625ba4]
>> FINISH, RefreshVolumeVDSCommand, log id: 77b9ded4
>> 2016-09-28 08:18:11,810 INFO  
>> [org.ovirt.engine.core.bll.RefreshVolumeCommand]
>> (pool-7-thread-7) [47625ba4] Successfully refreshed volume
>> 'c08d86ed-46f1-44bc-9476-0cc2c6aed367' on host
>> 'f22d87b9-4449-4a71-8529-58095dd81b6f'
>> 2016-09-28 08:18:12,267 INFO  [org.ovirt.engine.core.bll.sna
>> pshots.RemoveSnapshotSingleDiskLiveCommand] (DefaultQuartzScheduler10)
>> [354939e9] Waiting on Live Merge command step 'EXTEND' to finalize
>> 2016-09-28 08:18:14,294 INFO  [org.ovirt.engine.core.bll.sna
>> pshots.RemoveSnapshotSingleDiskL

Re: [ovirt-users] Snapshot deletion failure

2016-09-28 Thread Ala Hino

Hi Marcelo,

This error indicates that the image you are trying to delete doesn't exist.
When do you get this error? When running Live Merge or Live Storage
Migration (LSM)?

Please note that we fixed in LSM area where the VM went down while we tried
to delete the auto-generated snapshot. See
https://bugzilla.redhat.com/1368203 .

-Ala

On Wed, Sep 28, 2016 at 3:07 PM, Marcelo Leandro 
wrote:

> Hello, I have the same problem but i use the ovirt version
> 4.0.4.4-1.el7.centos .
>
> My logs.
>
>
> Engine.log
>
> 2016-09-28 08:18:00,947 INFO  
> [org.ovirt.engine.core.vdsbroker.monitoring.VmJobsMonitoring]
> (DefaultQuartzScheduler1) [7013b545] VM Job 
> [4dd2b885-2452-4520-b20a-928edea50836]:
> In progress (no change)
> 2016-09-28 08:18:08,010 INFO  
> [org.ovirt.engine.core.bll.snapshots.RemoveSnapshotCommand]
> (default task-54) [5a27e364] Lock Acquired to object
> 'EngineLock:{exclusiveLocks='[eb73a967-1908-46e9-9de2-9706bf29643a= ACTION_TYPE_FAILED_OBJECT_LOCKED>]', sharedLocks='null'}'
> 2016-09-28 08:18:09,169 INFO  
> [org.ovirt.engine.core.bll.snapshots.RemoveSnapshotCommand]
> (default task-54) [5a27e364] Running command: RemoveSnapshotCommand
> internal: false. Entities affected :  ID: eb73a967-1908-46e9-9de2-9706bf29643a
> Type: VMAction group MANIPULATE_VM_SNAPSHOTS with role type USER
> 2016-09-28 08:18:09,185 INFO  
> [org.ovirt.engine.core.bll.snapshots.RemoveSnapshotCommand]
> (default task-54) [5a27e364] Lock freed to object
> 'EngineLock:{exclusiveLocks='[eb73a967-1908-46e9-9de2-9706bf29643a= ACTION_TYPE_FAILED_OBJECT_LOCKED>]', sharedLocks='null'}'
> 2016-09-28 08:18:09,265 INFO  [org.ovirt.engine.core.bll.snapshots.
> RemoveSnapshotSingleDiskLiveCommand] (pool-7-thread-3) [354939e9] Running
> command: RemoveSnapshotSingleDiskLiveCommand internal: true. Entities
> affected :  ID: ---- Type: Storage
> 2016-09-28 08:18:09,302 INFO  [org.ovirt.engine.core.dal.
> dbbroker.auditloghandling.AuditLogDirector] (default task-54) []
> Correlation ID: 5a27e364, Job ID: 661f8f55-30c6-4735-bb0a-fdcd3ac4004a,
> Call Stack: null, Custom Event ID: -1, Message: Snapshot 'Backup the VM'
> deletion for VM 'SRV-ActPrint' was initiated by admin@internal.
> 2016-09-28 08:18:10,197 INFO  [org.ovirt.engine.core.bll.snapshots.
> RemoveSnapshotSingleDiskLiveCommand] (DefaultQuartzScheduler4) [354939e9]
> Executing Live Merge command step 'EXTEND'
> 2016-09-28 08:18:10,254 INFO  [org.ovirt.engine.core.bll.MergeExtendCommand]
> (pool-7-thread-7) [57c94fc3] Running command: MergeExtendCommand internal:
> true. Entities affected :  ID: 6e5cce71-3438-4045-9d54-607123e0557e Type:
> Storage
> 2016-09-28 08:18:10,255 INFO  [org.ovirt.engine.core.bll.MergeExtendCommand]
> (pool-7-thread-7) [57c94fc3] Refreshing volume 
> c08d86ed-46f1-44bc-9476-0cc2c6aed367
> on host f22d87b9-4449-4a71-8529-58095dd81b6f
> 2016-09-28 08:18:10,275 INFO  [org.ovirt.engine.core.bll.RefreshVolumeCommand]
> (pool-7-thread-7) [47625ba4] Running command: RefreshVolumeCommand
> internal: true.
> 2016-09-28 08:18:10,275 INFO  
> [org.ovirt.engine.core.vdsbroker.vdsbroker.RefreshVolumeVDSCommand]
> (pool-7-thread-7) [47625ba4] START, RefreshVolumeVDSCommand(HostName =
> Host04, RefreshVolumeVDSCommandParameters:{runAsync='true',
> hostId='f22d87b9-4449-4a71-8529-58095dd81b6f',
> storagePoolId='77e24b20-9d21-4952-a089-3c5c592b4e6d',
> storageDomainId='6e5cce71-3438-4045-9d54-607123e0557e',
> imageGroupId='9fc0b2f6-d786-4a21-8f5c-b22b23df4aaa',
> imageId='c08d86ed-46f1-44bc-9476-0cc2c6aed367'}), log id: 77b9ded4
> 2016-09-28 08:18:11,245 INFO  [org.ovirt.engine.core.bll.
> ConcurrentChildCommandsExecutionCallback] (DefaultQuartzScheduler8)
> [354939e9] Command 'RemoveSnapshot' (id: 
> '18613dc9-d8c8-45c4-9fbe-a298e701ead5')
> waiting on child command id: 'fd866748-3211-4d48-9908-12eb6078a69e' 
> type:'RemoveSnapshotSingleDiskLive'
> to complete
> 2016-09-28 08:18:11,810 INFO  
> [org.ovirt.engine.core.vdsbroker.vdsbroker.RefreshVolumeVDSCommand]
> (pool-7-thread-7) [47625ba4] FINISH, RefreshVolumeVDSCommand, log id:
> 77b9ded4
> 2016-09-28 08:18:11,810 INFO  [org.ovirt.engine.core.bll.RefreshVolumeCommand]
> (pool-7-thread-7) [47625ba4] Successfully refreshed volume
> 'c08d86ed-46f1-44bc-9476-0cc2c6aed367' on host 'f22d87b9-4449-4a71-8529-
> 58095dd81b6f'
> 2016-09-28 08:18:12,267 INFO  [org.ovirt.engine.core.bll.snapshots.
> RemoveSnapshotSingleDiskLiveCommand] (DefaultQuartzScheduler10)
> [354939e9] Waiting on Live Merge command step 'EXTEND' to finalize
> 2016-09-28 08:18:14,294 INFO  [org.ovirt.engine.core.bll.snapshots.
> RemoveSnapshotSingleDiskLiveCommand] (DefaultQuartzScheduler9) [354939e9]
> Executing Live Merge command step 'MERGE'
> 2016-09-28 08:18:14,347 INFO  [org.ovirt.engine.core.bll.MergeCommand]
> (pool-7-thread-2) [15ef379f] Running command: MergeCommand internal: true.
> Entities affected :  ID: 6e5cce71-3438-4045-9d54-607123e0557e Type:
> Storage
> 2016-09-28 08:18:14,348 INFO  
> [org.ovirt.engine.

Re: [ovirt-users] Time synchronization in guest OS for Hosted Engine VM (for Kerberos)

2016-09-28 Thread aleksey . maksimov

Robert, you're right. 
Thanks for clarifying.

28.09.2016, 15:10, "Robert Story" :
> On Tue, 27 Sep 2016 13:22:29 -0400 (EDT) Michal wrote:
> MS> > On 27 Sep 2016, at 19:12, aleksey.maksi...@it-kb.ru wrote:
> MS> >
> MS> > I'm afraid that in the future OS time may get out of sync because of 
> kvm-clock
> MS> > And as a result Kerberos may stop working
> MS> > I hope I explained clearly
> MS>
> MS> Sorry, not really. You said you set up ntpd/chrony correctly. So how can 
> the time get out of sync? Why do you think it can be because of kvmclock 
> anyway? Do you refer to some specific bug?
>
> I'd guess that it's a misunderstanding of what kvmclock is. Someone
> guessing based on the name might think that it keeps the vm time in sync
> with the host. Which might lead one to think it would conflict with ntp
> (two different things trying to manage time).
>
> If you know that kvmclock is essentially just a way to monitor the passage
> of time (tick-tock-tick-tock) using the host's timer, then it makes sense
> that you need also need ntp to tweak the current time to adjust for the
> minor drift inherit in any clock.
>
> Robert
>
> --
> Senior Software Engineer @ Parsons
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Snapshot deletion failure

2016-09-28 Thread Marcelo Leandro

Hello, I have the same problem but i use the ovirt version
4.0.4.4-1.el7.centos .

My logs.


Engine.log

2016-09-28 08:18:00,947 INFO
[org.ovirt.engine.core.vdsbroker.monitoring.VmJobsMonitoring]
(DefaultQuartzScheduler1) [7013b545] VM Job
[4dd2b885-2452-4520-b20a-928edea50836]: In progress (no change)
2016-09-28 08:18:08,010 INFO
[org.ovirt.engine.core.bll.snapshots.RemoveSnapshotCommand] (default
task-54) [5a27e364] Lock Acquired to object
'EngineLock:{exclusiveLocks='[eb73a967-1908-46e9-9de2-9706bf29643a=]', sharedLocks='null'}'
2016-09-28 08:18:09,169 INFO
[org.ovirt.engine.core.bll.snapshots.RemoveSnapshotCommand] (default
task-54) [5a27e364] Running command: RemoveSnapshotCommand internal: false.
Entities affected :  ID: eb73a967-1908-46e9-9de2-9706bf29643a Type:
VMAction group MANIPULATE_VM_SNAPSHOTS with role type USER
2016-09-28 08:18:09,185 INFO
[org.ovirt.engine.core.bll.snapshots.RemoveSnapshotCommand] (default
task-54) [5a27e364] Lock freed to object
'EngineLock:{exclusiveLocks='[eb73a967-1908-46e9-9de2-9706bf29643a=]', sharedLocks='null'}'
2016-09-28 08:18:09,265 INFO
[org.ovirt.engine.core.bll.snapshots.RemoveSnapshotSingleDiskLiveCommand]
(pool-7-thread-3) [354939e9] Running command:
RemoveSnapshotSingleDiskLiveCommand internal: true. Entities affected :
ID: ---- Type: Storage
2016-09-28 08:18:09,302 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-54) [] Correlation ID: 5a27e364, Job ID:
661f8f55-30c6-4735-bb0a-fdcd3ac4004a, Call Stack: null, Custom Event ID:
-1, Message: Snapshot 'Backup the VM' deletion for VM 'SRV-ActPrint' was
initiated by admin@internal.
2016-09-28 08:18:10,197 INFO
[org.ovirt.engine.core.bll.snapshots.RemoveSnapshotSingleDiskLiveCommand]
(DefaultQuartzScheduler4) [354939e9] Executing Live Merge command step
'EXTEND'
2016-09-28 08:18:10,254 INFO
[org.ovirt.engine.core.bll.MergeExtendCommand] (pool-7-thread-7) [57c94fc3]
Running command: MergeExtendCommand internal: true. Entities affected :
ID: 6e5cce71-3438-4045-9d54-607123e0557e Type: Storage
2016-09-28 08:18:10,255 INFO
[org.ovirt.engine.core.bll.MergeExtendCommand] (pool-7-thread-7) [57c94fc3]
Refreshing volume c08d86ed-46f1-44bc-9476-0cc2c6aed367 on host
f22d87b9-4449-4a71-8529-58095dd81b6f
2016-09-28 08:18:10,275 INFO
[org.ovirt.engine.core.bll.RefreshVolumeCommand] (pool-7-thread-7)
[47625ba4] Running command: RefreshVolumeCommand internal: true.
2016-09-28 08:18:10,275 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.RefreshVolumeVDSCommand]
(pool-7-thread-7) [47625ba4] START, RefreshVolumeVDSCommand(HostName =
Host04, RefreshVolumeVDSCommandParameters:{runAsync='true',
hostId='f22d87b9-4449-4a71-8529-58095dd81b6f',
storagePoolId='77e24b20-9d21-4952-a089-3c5c592b4e6d',
storageDomainId='6e5cce71-3438-4045-9d54-607123e0557e',
imageGroupId='9fc0b2f6-d786-4a21-8f5c-b22b23df4aaa',
imageId='c08d86ed-46f1-44bc-9476-0cc2c6aed367'}), log id: 77b9ded4
2016-09-28 08:18:11,245 INFO
[org.ovirt.engine.core.bll.ConcurrentChildCommandsExecutionCallback]
(DefaultQuartzScheduler8) [354939e9] Command 'RemoveSnapshot' (id:
'18613dc9-d8c8-45c4-9fbe-a298e701ead5') waiting on child command id:
'fd866748-3211-4d48-9908-12eb6078a69e' type:'RemoveSnapshotSingleDiskLive'
to complete
2016-09-28 08:18:11,810 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.RefreshVolumeVDSCommand]
(pool-7-thread-7) [47625ba4] FINISH, RefreshVolumeVDSCommand, log id:
77b9ded4
2016-09-28 08:18:11,810 INFO
[org.ovirt.engine.core.bll.RefreshVolumeCommand] (pool-7-thread-7)
[47625ba4] Successfully refreshed volume
'c08d86ed-46f1-44bc-9476-0cc2c6aed367' on host
'f22d87b9-4449-4a71-8529-58095dd81b6f'
2016-09-28 08:18:12,267 INFO
[org.ovirt.engine.core.bll.snapshots.RemoveSnapshotSingleDiskLiveCommand]
(DefaultQuartzScheduler10) [354939e9] Waiting on Live Merge command step
'EXTEND' to finalize
2016-09-28 08:18:14,294 INFO
[org.ovirt.engine.core.bll.snapshots.RemoveSnapshotSingleDiskLiveCommand]
(DefaultQuartzScheduler9) [354939e9] Executing Live Merge command step
'MERGE'
2016-09-28 08:18:14,347 INFO  [org.ovirt.engine.core.bll.MergeCommand]
(pool-7-thread-2) [15ef379f] Running command: MergeCommand internal: true.
Entities affected :  ID: 6e5cce71-3438-4045-9d54-607123e0557e Type: Storage
2016-09-28 08:18:14,348 INFO
[org.ovirt.engine.core.vdsbroker.vdsbroker.MergeVDSCommand]
(pool-7-thread-2) [15ef379f] START, MergeVDSCommand(HostName = Host04,
MergeVDSCommandParameters:{runAsync='true',
hostId='f22d87b9-4449-4a71-8529-58095dd81b6f',
vmId='eb73a967-1908-46e9-9de2-9706bf29643a',
storagePoolId='77e24b20-9d21-4952-a089-3c5c592b4e6d',
storageDomainId='6e5cce71-3438-4045-9d54-607123e0557e',
imageGroupId='9fc0b2f6-d786-4a21-8f5c-b22b23df4aaa',
imageId='95fefce5-7599-460f-b38c-377323659b52',
baseImageId='c08d86ed-46f1-44bc-9476-0cc2c6aed367',
topImageId='95fefce5-7599-460f-b38c-377323659b52', bandwidth='0'}), log id:
544f03ae
2016-09-28 08:18:15,335 INFO
[org.ovirt.engine.core.bll.ConcurrentChild

[ovirt-users] Replacing Certificates in hosted-engine cluster

Hi, I have a two node cluster running a hosted-engine setup. I have stood
up an enterprise CA and would like to replace the ovirt self signed
certificates. I can't find a list of all the certificates online. Is there
a list, or can someone point me in the right direction?

Thanks, Josh
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt Active Directory Integration


Hello Ondra,

It's working now. It browses though the directory and fetching the user 
/ group details.


Thanks for your quick support.

--

Thanks & Regards,


Anantha Raghava

eXza Technology Consulting & Services


Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 02:03 PM, Anantha Raghava wrote:


Thanks Ondra. Will check this & revert back.

--

Thanks & Regards,


Anantha Raghava

eXza Technology Consulting & Services


Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 02:02 PM, Ondra Machacek wrote:

Yes, you can. You can use different profile name and those setups can exist 
together, or you can you same name and the aaa-setup-tool will ask you if you 
want to override the existing one.

- Anantha Raghava  wrote:

Thanks for quick response Ondra.

Before I make another attempt to properly configure, can I re-execute
the ovirt aaa ldap setup again without disturbing the current setup?
Will that help me to correct the problem?

--

Thanks & Regards,


Anantha Raghava

eXza Technology Consulting & Services


Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 01:23 PM, Ondra Machacek wrote:

- Anantha Raghava  wrote:

Hello Ondra

Please find the attached file. I have also attached the setup log file.
I find the errors & warnings there too. But I am unable to figure out
what really went wrong.

One more thing, while setting aaa-ldap extension, since it threw error
on user DN, did not properly recognise, I used "anonymous", also did not
perform the Login Test. Are these the root cause?

Yes, it is root cause. Active directory usually has anonymous bind disabled. 
You can enter UPN instead of DN, if you want. In your case it will be something 
likevdiad...@rvce.in. Please note that AD usually use CN attribute in DN, not 
uid attribute, that may be the problem in your DN.

--

Thanks & Regards,


Anantha Raghava

eXza Technology Consulting & Services



Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 12:18 PM, Ondra Machacek wrote:

On 09/28/2016 05:25 AM, Anantha Raghava wrote:

Hi,

I am trying to integrate the oVirt Engine with Active Directory to
enable user logins. I installed the ovirt ldap extension and executed
the setup. The process completed successfully and the profile is visible
in engine log in page.

Most probably it wasn't successful, because as you can see in
screenshot there is no 'namespace', you should see there something, if
configuration is correct.

Can you please send output of the following command?

   $ ovirt-engine-extensions-tool --log-level=FINEST
--log-file=/tmp/aaa.log aaa search --extension-name=domain-authz

There should be some ERROR or WARN.

Thanks.


Now, when I try to add the user and assign the roles, it is not allowing
me to browse through the profile & the user list. Infact the "GO" button
gets deactivated as shown in the screenshot.

How do I set this right and get the user list?

--

Thanks & Regards,


Anantha Raghava

eXza Technology Consulting & Services


Do not print this e-mail unless required. Save Paper & trees.



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users





___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt Active Directory Integration


Thanks Ondra. Will check this & revert back.

--

Thanks & Regards,


Anantha Raghava

eXza Technology Consulting & Services


Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 02:02 PM, Ondra Machacek wrote:

Yes, you can. You can use different profile name and those setups can exist 
together, or you can you same name and the aaa-setup-tool will ask you if you 
want to override the existing one.

- Anantha Raghava  wrote:

Thanks for quick response Ondra.

Before I make another attempt to properly configure, can I re-execute
the ovirt aaa ldap setup again without disturbing the current setup?
Will that help me to correct the problem?

--

Thanks & Regards,


Anantha Raghava

eXza Technology Consulting & Services


Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 01:23 PM, Ondra Machacek wrote:

- Anantha Raghava  wrote:

Hello Ondra

Please find the attached file. I have also attached the setup log file.
I find the errors & warnings there too. But I am unable to figure out
what really went wrong.

One more thing, while setting aaa-ldap extension, since it threw error
on user DN, did not properly recognise, I used "anonymous", also did not
perform the Login Test. Are these the root cause?

Yes, it is root cause. Active directory usually has anonymous bind disabled. 
You can enter UPN instead of DN, if you want. In your case it will be something 
like vdiad...@rvce.in. Please note that AD usually use CN attribute in DN, not 
uid attribute, that may be the problem in your DN.

--

Thanks & Regards,


Anantha Raghava

eXza Technology Consulting & Services



Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 12:18 PM, Ondra Machacek wrote:

On 09/28/2016 05:25 AM, Anantha Raghava wrote:

Hi,

I am trying to integrate the oVirt Engine with Active Directory to
enable user logins. I installed the ovirt ldap extension and executed
the setup. The process completed successfully and the profile is visible
in engine log in page.

Most probably it wasn't successful, because as you can see in
screenshot there is no 'namespace', you should see there something, if
configuration is correct.

Can you please send output of the following command?

   $ ovirt-engine-extensions-tool --log-level=FINEST
--log-file=/tmp/aaa.log aaa search --extension-name=domain-authz

There should be some ERROR or WARN.

Thanks.


Now, when I try to add the user and assign the roles, it is not allowing
me to browse through the profile & the user list. Infact the "GO" button
gets deactivated as shown in the screenshot.

How do I set this right and get the user list?

--

Thanks & Regards,


Anantha Raghava

eXza Technology Consulting & Services


Do not print this e-mail unless required. Save Paper & trees.



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt Active Directory Integration

Yes, you can. You can use different profile name and those setups can exist 
together, or you can you same name and the aaa-setup-tool will ask you if you 
want to override the existing one.

- Anantha Raghava  wrote:
> Thanks for quick response Ondra.
> 
> Before I make another attempt to properly configure, can I re-execute 
> the ovirt aaa ldap setup again without disturbing the current setup? 
> Will that help me to correct the problem?
> 
> -- 
> 
> Thanks & Regards,
> 
> 
> Anantha Raghava
> 
> eXza Technology Consulting & Services
> 
> 
> Do not print this e-mail unless required. Save Paper & trees.
> 
> On Wednesday 28 September 2016 01:23 PM, Ondra Machacek wrote:
> > - Anantha Raghava  wrote:
> >> Hello Ondra
> >>
> >> Please find the attached file. I have also attached the setup log file.
> >> I find the errors & warnings there too. But I am unable to figure out
> >> what really went wrong.
> >>
> >> One more thing, while setting aaa-ldap extension, since it threw error
> >> on user DN, did not properly recognise, I used "anonymous", also did not
> >> perform the Login Test. Are these the root cause?
> > Yes, it is root cause. Active directory usually has anonymous bind 
> > disabled. You can enter UPN instead of DN, if you want. In your case it 
> > will be something like vdiad...@rvce.in. Please note that AD usually use CN 
> > attribute in DN, not uid attribute, that may be the problem in your DN.
> >> -- 
> >>
> >> Thanks & Regards,
> >>
> >>
> >> Anantha Raghava
> >>
> >> eXza Technology Consulting & Services
> >>
> >>
> >>
> >> Do not print this e-mail unless required. Save Paper & trees.
> >>
> >> On Wednesday 28 September 2016 12:18 PM, Ondra Machacek wrote:
> >>> On 09/28/2016 05:25 AM, Anantha Raghava wrote:
>  Hi,
> 
>  I am trying to integrate the oVirt Engine with Active Directory to
>  enable user logins. I installed the ovirt ldap extension and executed
>  the setup. The process completed successfully and the profile is visible
>  in engine log in page.
> >>> Most probably it wasn't successful, because as you can see in
> >>> screenshot there is no 'namespace', you should see there something, if
> >>> configuration is correct.
> >>>
> >>> Can you please send output of the following command?
> >>>
> >>>   $ ovirt-engine-extensions-tool --log-level=FINEST
> >>> --log-file=/tmp/aaa.log aaa search --extension-name=domain-authz
> >>>
> >>> There should be some ERROR or WARN.
> >>>
> >>> Thanks.
> >>>
>  Now, when I try to add the user and assign the roles, it is not allowing
>  me to browse through the profile & the user list. Infact the "GO" button
>  gets deactivated as shown in the screenshot.
> 
>  How do I set this right and get the user list?
> 
>  -- 
> 
>  Thanks & Regards,
> 
> 
>  Anantha Raghava
> 
>  eXza Technology Consulting & Services
> 
> 
>  Do not print this e-mail unless required. Save Paper & trees.
> 
> 
> 
>  ___
>  Users mailing list
>  Users@ovirt.org
>  http://lists.ovirt.org/mailman/listinfo/users
> 
> 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt Active Directory Integration


Thanks for quick response Ondra.

Before I make another attempt to properly configure, can I re-execute 
the ovirt aaa ldap setup again without disturbing the current setup? 
Will that help me to correct the problem?


--

Thanks & Regards,


Anantha Raghava

eXza Technology Consulting & Services


Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 01:23 PM, Ondra Machacek wrote:

- Anantha Raghava  wrote:

Hello Ondra

Please find the attached file. I have also attached the setup log file.
I find the errors & warnings there too. But I am unable to figure out
what really went wrong.

One more thing, while setting aaa-ldap extension, since it threw error
on user DN, did not properly recognise, I used "anonymous", also did not
perform the Login Test. Are these the root cause?

Yes, it is root cause. Active directory usually has anonymous bind disabled. 
You can enter UPN instead of DN, if you want. In your case it will be something 
like vdiad...@rvce.in. Please note that AD usually use CN attribute in DN, not 
uid attribute, that may be the problem in your DN.

--

Thanks & Regards,


Anantha Raghava

eXza Technology Consulting & Services



Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 28 September 2016 12:18 PM, Ondra Machacek wrote:

On 09/28/2016 05:25 AM, Anantha Raghava wrote:

Hi,

I am trying to integrate the oVirt Engine with Active Directory to
enable user logins. I installed the ovirt ldap extension and executed
the setup. The process completed successfully and the profile is visible
in engine log in page.

Most probably it wasn't successful, because as you can see in
screenshot there is no 'namespace', you should see there something, if
configuration is correct.

Can you please send output of the following command?

  $ ovirt-engine-extensions-tool --log-level=FINEST
--log-file=/tmp/aaa.log aaa search --extension-name=domain-authz

There should be some ERROR or WARN.

Thanks.


Now, when I try to add the user and assign the roles, it is not allowing
me to browse through the profile & the user list. Infact the "GO" button
gets deactivated as shown in the screenshot.

How do I set this right and get the user list?

--

Thanks & Regards,


Anantha Raghava

eXza Technology Consulting & Services


Do not print this e-mail unless required. Save Paper & trees.



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] [Review] oVirt and Gluster - Integrated solution for Disaster Recovery

2016-09-28 Thread Sahina Bose

[Forwarding to a wider audience]

Feature page outlining the proposed solution is at
http://www.ovirt.org/develop/release-management/features/gluster/gluster-dr/
Please review and provide feedback.

thanks,
sahina

-- Forwarded message --
From: Sahina Bose 
Date: Wed, Sep 14, 2016 at 5:51 PM
Subject: Integrating oVirt and Gluster geo-replication to provide a DR
solution
To: devel 


Hi all,

Though there are many solutions that integrate with oVirt to provide
disaster recovery for the guest images, these solutions either rely on
backup agents running on guests or third party software and are complicated
to setup

Since oVirt already integrates with glusterfs, we can leverage gluster's
geo-replication feature to mirror contents to a remote/secondary site
periodically for disaster recovery, without the need for additional software

Please review the PR[1] for the feature page outlining the solution and
integration in oVirt.
Comments and feedback welcome.

[1] https://github.com/oVirt/ovirt-site/pull/453

thanks,
sahina
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt Active Directory Integration