[ovirt-users] Re: Cannot import a qcow2 image

[Nir Soffer]

On Wed, Jul 4, 2018 at 11:08 AM Etienne Charlier <
etienne.charl...@reduspaceservices.eu> wrote:

> Thanks for getting back to me.
>
>
> I wanted to "protect" my ovirt installation with letsencrypt certificates
> ( to  have a "green" bar in my chrome browser.)
>
I think there is a misconception here. Using the engine builtin CA is more
secure than any other
CA, not less secure. You don't protect anything by using another CA.

What you really need to do is to import the engine CA certificate to your
browser, and this is also
required for communicating with the proxy.

Unless you know what you are doing,  replacing the certificates with your
own is going to be
hard.

>
> I set up a bastion host where I configured letsencrypt.
>
>
> I copied the certificates over the ovirt engine machine  and ran the
> script "convert.sh" ( see attachement). ( still need to automate it to
> handle certificate renew..)
>
>
> Once this was in place, the test connection button  ( in upload image UI)
> gave me "green"  "Connection to ovirt-imageio-proxy was successful."
>
This means that the proxy is configured to use the new CA, but this is not
enough
to upload. The proxy has its own certificates, and they must be signed by
the new
CA.

So to use your own certificates, you have to regenerate both the engine
certificates,
and the proxy certificates, and this process is not easy or documented yet.

If you created everything correctly, you need to configure the proxy to use
the new
certificates.

Finally,  you need to restart ovirt-imgaeio-proxy, since it does not
support reloading
certificates or configuration changes yet.

I think the best solution for you is to use engine builtin PKI, managed by
engine-setup.

To "protect" your ovirt installation, add the engine CA to your browser
using this link:
https://my.engine/ovirt-engine/services/pki-resource?resource=ca-certificate=X509-PEM-CA

You save this file locally, and then you import this certificate into your
browser.

Using Chrome, you do:
1. go to: Settings > Advanced > Manage Certificates > Authorities
2. click "Import"
3. select the certificate
4. check "Trust this certificate for identifying web sites"
5. confirm
6. restart the browser


> Here a copy of engine.log and ovirt-imageio-proxy log files. The ssl paths
> are dumped in the log file
>
> Thanks for your support
> Etienne
>
> --
> *De :* Nir Soffer 
> *Envoyé :* mardi 3 juillet 2018 23:31
> *À :* Etienne Charlier
> *Cc :* users@ovirt.org; Daniel Erez
> *Objet :* Re: [ovirt-users] Cannot import a qcow2 image
>
>
>
> On Tue, Jul 3, 2018 at 11:47 PM Nir Soffer  wrote:
>
>> On Tue, 3 Jul 2018, 15:44 , 
>> wrote:
>>
>>> Hello,
>>>
>>> I' m trying without success to import a qcow2 file into ovirt. I tried
>>> on a ISCSI datadomain and an nfs datadomain.
>>>
>>> I struggled quite a lot to have the "test connection" succed ( I write a
>>> small shell script to "deploy" letsencryt certificates into ovirt engine)
>>>
>>> Doc is not clear on the fact that certificates for imageio-proxy are
>>> different than for main engine…
>>>
>>>
>>> Now, the upload fails with
>>>
>>> Transfer was stopped by system. Reason: failed to add image ticket to
>>> ovirt-imageio-proxy.
>>> Image gets stuck in "transfer paused by system"
>>>
>>> Any idea ?
>>>
>>
>> you probably have bad cretificate configuration in the proxy. Why not use
>> the default certificates generated by engine setup? This is how we test the
>> proxy.
>>
>
> Can  you share the contents of:
> /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf
>
> And the proxy log at
> /var/log/ovirt-imageio-proxy/image-proxy.log
> Showing the time of the error (failed to add image ticket to
> ovirt-imageio-proxy.)
>
> Nir
>
>
>>
>>
>>> ovrit is up to date: 4.2.4 on both engine and hosts.
>>> ___
>>> Users mailing list -- users@ovirt.org
>>> To unsubscribe send an email to users-le...@ovirt.org
>>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
>>> oVirt Code of Conduct:
>>> https://www.ovirt.org/community/about/community-guidelines/
>>> List Archives:
>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/FTC3PBZCRRTI2LBADOPOS2EYRCZ6EQA3/
>>>
>>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/Y6LNIS4HV3HXCUCII5SYLBV67S7HVT5E/

[ovirt-users] Re: hyperconverged cluster - how to change the mount path?

[Hesham Ahmed]

The correct way to allow hosted engine to use other available gluster
peers in case of failure of the specified peer is to pass the
–config-append option during setup as described
https://ovirt.org/develop/release-management/features/sla/self-hosted-engine-gluster-support/

If you want to change that now, then just edit the file
/etc/ovirt-hosted-engine/hosted-engine.conf on all hosts and add the
following line:

mnt_options=backup-volfile-servers=host02:host03

However note that for any new hosted engine deployments, the file has
to be manually edited.
On Wed, Jul 4, 2018 at 4:51 PM Liebe, André-Sebastian
 wrote:
>
> Well, I though this wouldn’t be supported at the moment.
>
> But I seriously doubt changing this in engine’s SQL database will be a good 
> idea at all, since the way hosted-engine’s configuration is shared across 
> each node (/etc/ovirt-hosted-engine/hosted-engine.conf, 
> /var/lib/ovirt-hsoted-engine-ha, configuration inside hosted-engine’s storage 
> domain: hosted-engine.metadata)
>
>
>
> I had hoped hosted-engine or hosted-engine-setup cli could be extended to 
> support this use case. I’m willing to help out testing any (manual) procedure 
> to get this implemented (e.g. undeploy hosted-engine on two of three nodes, 
> make changes to hosted-engine.metadata, hosted-engine.conf, start/stop 
> hosted-engine, run SQL commands inside engine)
>
>
>
> Sincerely
>
> André
>
>
>
> Von: Renout Gerrits [mailto:m...@renout.nl]
> Gesendet: Mittwoch, 4. Juli 2018 12:04
> An: Liebe, André-Sebastian
> Cc: Gobinda Das; Alex K; users
> Betreff: Re: [ovirt-users] Re: hyperconverged cluster - how to change the 
> mount path?
>
>
>
> unsupported, make backups, use at your own risk etc...
>
>
>
> you could update the db if you can't put the storage domain into maintenance
>
> after that put your hosts into maintenance and out again to remount
>
>
>
> find the id of the sd you want to update with:
>
>   engine=# select * from storage_server_connections;
>
>
>
> ensure you have to correct id, the following should point to the old mount 
> point:
>
>   engine=# select connection from storage_server_connections where id=' from output above>';
>
>
>
> next update your db
>
>   engine=# update storage_server_connections set connection=' point' where id='';
>
>
>
>
>
>
>
> On Wed, Jul 4, 2018 at 9:13 AM, Liebe, André-Sebastian 
>  wrote:
>
> Yeah, sorry that doesn’t work.
>
> I can’t set hosted_storage (storage domain where hosted engine runs on) into 
> maintenance mode to being able to edit it.
>
>
>
> André
>
>
>
> Von: Gobinda Das [mailto:go...@redhat.com]
> Gesendet: Montag, 2. Juli 2018 09:00
> An: Alex K
> Cc: Liebe, André-Sebastian; users
> Betreff: Re: [ovirt-users] Re: hyperconverged cluster - how to change the 
> mount path?
>
>
>
> You can do it by using "Manage Domain" option from Starage Domain.
>
>
>
> On Sun, Jul 1, 2018 at 7:02 PM, Alex K  wrote:
>
> The steps roughly would be to put that storage domain in maintenance then 
> edit/redefine it. You have the option to set gluster mount point options for 
> the redundancy part. No need to set dns round robin.
>
>
>
> Alex
>
>
>
> On Sun, Jul 1, 2018, 13:29 Liebe, André-Sebastian  
> wrote:
>
> Hi list,
>
> I'm looking for an advice how to change the mount point of the hosted_storage 
> due to a hostname change.
>
> When I set up our hyperconverged lab cluster (host1, host2, host3) I 
> populated the mount path with host3:/hosted_storage which wasn't very clever 
> as it brings in a single point of failure (i.e. when host3 is down).
> So I thought adding a round robin dns/hosts entry (i.e. gluster1) for host 1 
> to 3 and changing the mount path would be a better idea. But the mount path 
> entry is locked in web gui and I couldn't find any hint how to change it 
> manually (in database, shared and local configuration) in a consistent way 
> without risking the cluster.
> So, is there a step by step guide how to achieve this without reinstalling 
> (from backup)?
>
>
> Sincerely
>
> André-Sebastian Liebe
> Technik / Innovation
>
> gematik
> Gesellschaft für Telematikanwendungen der Gesundheitskarte mbH
> Friedrichstraße 136
> 10117 Berlin
> Telefon: +49 30 40041-197
> Telefax: +49 30 40041-111
> E-Mail:  andre.li...@gematik.de
> www.gematik.de
> ___
> Amtsgericht Berlin-Charlottenburg HRB 96351 B
> Geschäftsführer: Alexander Beyer
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/B2R6G3VCK545RKT5BMAQ5EXO4ZFJSMFG/
>
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: 

[ovirt-users] Re: [Spice-devel] Re: remote-viewer Spice Problem on MacOS

[Hendrik Peyerl]

I have now opened a Bugreport, not sure if it's in the correct section, but 
lets pray ;)
https://gitlab.freedesktop.org/spice/spice/issues/22
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RJAKRWKDKZHFSZFK23W3IT54COXPG5CA/

[ovirt-users] Re: ENGINE_SSO_AUTH_URL configuration

[Martin Perina]

On Wed, Jul 4, 2018 at 3:06 PM, Hari Prasanth Loganathan <
hariprasant...@msystechnologies.com> wrote:

> Hi Martin,
>
> Thanks for pointing this url.
>
> 1) Based on this post, I created a client id using the
> 'ovirt-register-sso-client-tool'
>
>
> select * from sso_clients;
>
>   3 | *test*   | eyJhcnRpZmFjdCI6IkVudmVsb3BlUE
> JFIiwic2FsdCI6IjFuYktJa3JrWEFCc2R5NzNnNFIrc09NWitGNHI1dW5UY2
> s1U2t3cWlCMGs9Iiwic2VjcmV0
> IjoiRTVwNExDQXpxenhGSHFxdmQwNDhTNDRkN3dNMEwrZVQrYTZlK3lXR044
> VT0iLCJ2ZXJzaW9uIjoiMSIsIml0ZXJhdGlvbnMiOiI0MDAwIiwiYWxnb3Jp
> dGhtIjoiUEJLREYyV2l0aEh
> tYWNTSEExIn0= | http://172.30.39.176:9090/api/auth/sso  |
> /root/ssl/ssl/certificate.pem  |
>
>  | oVirt Engine Client |   | openid
> ovirt-app-portal ovirt-app-admin ovirt-app-api ovirt-ext=auth:identity
> ovirt-ex
> t=token:password-access ovirt-ext=auth:sequence-priority
> ovirt-ext=token:login-on-behalf ovirt-ext=token-info:authz-search
> ovirt-ext=token-info
> :public-authz-search ovirt-ext=token-info:validate
> ovirt-ext=revoke:revoke-all | t   | TLS|
> f
>| t
>
>
>
> I will store this sso_client information in my application too.
>
>
> 2) Is it possible to use *JUST* this 'client_id' and 'client_secret' to
> communicate from my application to oVirt instead of oVirt token?
>
>   I mean like My_Application ---> (using client id - test) oVirt
> API
>

​I don't think so, the client id/secret is used only to authenticate OIDC
client to the OIDC server, and not real client to the application ​using
SSO. But leaving this final answer to this question to Ravi, he is our
expert on OIDC. Ravi?


>
> Thanks,
> Hari
>
>
>
>
>
>
> On Wed, Jul 4, 2018 at 5:32 PM, Martin Perina  wrote:
>
>>
>>
>> On Wed, Jul 4, 2018 at 1:54 PM, Hari Prasanth Loganathan <
>> hariprasant...@msystechnologies.com> wrote:
>>
>>> Okay Thanks Martin.
>>> I already come across this blog but curious any way to point the
>>> authentication and authorization to my HTTP URL. so that I don't want to
>>> depend on the ovirt token.
>>>
>>
>> ​There's no way how to replace oVirt SSO with different implementation,
>> you need to use oVirt token.
>>
>> But other than relying on Apache you could also configure your
>> application as OpenID Connect client to oVirt SSO similarly as it's
>> described for Kibana/Elastic search  integration:
>>
>> https://www.ovirt.org/blog/2017/05/openshift-openId-integrat
>> ion-with-engine-sso/​
>>
>> Then you would have only single token for both your application and oVirt
>>
>>
>>>
>>>
>>>
>>>
>>> On Wed, Jul 4, 2018 at 5:04 PM, Martin Perina 
>>> wrote:
>>>


 On Wed, Jul 4, 2018 at 12:02 PM, Hari Prasanth Loganathan <
 hariprasant...@msystechnologies.com> wrote:

> Hi Team,
>
> I want oVirt to point to my Authentication / Authorization HTTP URL,
> so I modified the following property in
> */etc/ovirt-engine/engine.conf.d/11-setup-sso.conf*
>
>
> #ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso;
>   ENGINE_SSO_AUTH_URL="http://172.30.39.176:9090/api/auth/sso;
>
> #SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/;
>   SSO_ENGINE_URL="http://172.30.39.176:9090/api/auth/;
> ​
>

> I verified in the log and found the following message :
>
> engine.log:2018-07-04 15:12:46,238+05 INFO
> [org.ovirt.engine.core.uutils.config.ShellLikeConfd] (ServerService
> Thread Pool -- 42) [] Value of property 'ENGINE_SSO_AUTH_URL' is '
> http://172.30.39.176:9090/api/auth/sso'.
> engine.log:2018-07-04 15:12:46,244+05 INFO
> [org.ovirt.engine.core.uutils.config.ShellLikeConfd] (ServerService
> Thread Pool -- 42) [] Value of property 'SSO_ENGINE_URL' is '
> http://172.30.39.176:9090/api/auth/'.
>
>
> But still it is not point to my Authentication URL, Is there any other
> change we need to make to point the oVirt Authentication to my HTTP URL?
>

 ​Hi,

 what exactly are you trying to achieve? To change URL where engine is
 available or to replace existing oVirt SSO module with custom
 implementation? If the latter, then this is not supported.

 But if you need to configure additional authentication methods, for
 example kerberos SSO or CAS, you can do this using combination of Apache
 with relevant modules + ovirt-engine-extension-aaa-lda
 p/ovirt-engine-extension-aaa-misc packages:

 https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blo
 b/master/README
 https://github.com/oVirt/ovirt-engine-extension-aaa-misc/blo
 b/master/README.http
 https://www.ovirt.org/blog/2016/04/sso/

 Regards

 Martin
 ​

>
> Thanks,
> Hari
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy 

[ovirt-users] Re: hyperconverged cluster - how to change the mount path?

[Liebe , André-Sebastian]

Well, I though this wouldn’t be supported at the moment.
But I seriously doubt changing this in engine’s SQL database will be a good 
idea at all, since the way hosted-engine’s configuration is shared across each 
node (/etc/ovirt-hosted-engine/hosted-engine.conf, 
/var/lib/ovirt-hsoted-engine-ha, configuration inside hosted-engine’s storage 
domain: hosted-engine.metadata)

I had hoped hosted-engine or hosted-engine-setup cli could be extended to 
support this use case. I’m willing to help out testing any (manual) procedure 
to get this implemented (e.g. undeploy hosted-engine on two of three nodes, 
make changes to hosted-engine.metadata, hosted-engine.conf, start/stop 
hosted-engine, run SQL commands inside engine)

Sincerely
André

Von: Renout Gerrits [mailto:m...@renout.nl]
Gesendet: Mittwoch, 4. Juli 2018 12:04
An: Liebe, André-Sebastian
Cc: Gobinda Das; Alex K; users
Betreff: Re: [ovirt-users] Re: hyperconverged cluster - how to change the mount 
path?

unsupported, make backups, use at your own risk etc...

you could update the db if you can't put the storage domain into maintenance
after that put your hosts into maintenance and out again to remount

find the id of the sd you want to update with:
  engine=# select * from storage_server_connections;

ensure you have to correct id, the following should point to the old mount 
point:
  engine=# select connection from storage_server_connections where id='';

next update your db
  engine=# update storage_server_connections set connection='mailto:andre.li...@gematik.de>> wrote:
Yeah, sorry that doesn’t work.
I can’t set hosted_storage (storage domain where hosted engine runs on) into 
maintenance mode to being able to edit it.

André

Von: Gobinda Das [mailto:go...@redhat.com]
Gesendet: Montag, 2. Juli 2018 09:00
An: Alex K
Cc: Liebe, André-Sebastian; users
Betreff: Re: [ovirt-users] Re: hyperconverged cluster - how to change the mount 
path?

You can do it by using "Manage Domain" option from Starage Domain.

On Sun, Jul 1, 2018 at 7:02 PM, Alex K 
mailto:rightkickt...@gmail.com>> wrote:
The steps roughly would be to put that storage domain in maintenance then 
edit/redefine it. You have the option to set gluster mount point options for 
the redundancy part. No need to set dns round robin.

Alex

On Sun, Jul 1, 2018, 13:29 Liebe, André-Sebastian 
mailto:andre.li...@gematik.de>> wrote:
Hi list,

I'm looking for an advice how to change the mount point of the hosted_storage 
due to a hostname change.

When I set up our hyperconverged lab cluster (host1, host2, host3) I populated 
the mount path with host3:/hosted_storage which wasn't very clever as it brings 
in a single point of failure (i.e. when host3 is down).
So I thought adding a round robin dns/hosts entry (i.e. gluster1) for host 1 to 
3 and changing the mount path would be a better idea. But the mount path entry 
is locked in web gui and I couldn't find any hint how to change it manually (in 
database, shared and local configuration) in a consistent way without risking 
the cluster.
So, is there a step by step guide how to achieve this without reinstalling 
(from backup)?


Sincerely

André-Sebastian Liebe
Technik / Innovation

gematik
Gesellschaft für Telematikanwendungen der Gesundheitskarte mbH
Friedrichstraße 136
10117 Berlin
Telefon: +49 30 40041-197
Telefax: +49 30 40041-111
E-Mail:  andre.li...@gematik.de
www.gematik.de
___
Amtsgericht Berlin-Charlottenburg HRB 96351 B
Geschäftsführer: Alexander Beyer
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to 
users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/B2R6G3VCK545RKT5BMAQ5EXO4ZFJSMFG/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to 
users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QKNPBUXPIHNYN2NT63KUCYZOBZO5HUOL/



--
Thanks,
Gobinda

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to 
users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SQJGVJLSRHAXTX6EFU4Z6GPO5IN565CD/



smime.p7s

[ovirt-users] Re: Error with with increasing resources of the HostedEngine. VM values that are locked

[Egor Panov]

We are trying increate memory and count of cpu cores. Engine log is attached. 
Regards,Egor PanovSystem AdministratorSkype: e.panoffTel: + 7 (916) 182-62-13

engine.log
Description: Binary data
This e-mail and the attachments, if any, are confidential and may be legally privileged, and are for the sole use of the intended recipient. If you are not the intended recipient of this e-mail or any part of it, please delete it from your computer.

4 июля 2018 г., в 11:03, Simone Tiraboschi  написал(а):Hi,which values are you trying to increase?can you please attach your engine.log?On Sun, Jul 1, 2018 at 12:28 PM Egor Panov  wrote:Hi, I have problem with increasing resources of the HostedEngine:"There was an attempt to change Hosted Engine VM values that are locked»I read the articleshttps://access.redhat.com/solutions/3023041https://access.redhat.com/solutions/3133781From thus articles "The message from the engine.log the problem comes with not editable filed.» "Inital Run" -> Uncheck "Use Cloud-Init/Sysprep» had  already unchecked. And it means that another field is locked.I did support log-collector with the database dump# ovirt-log-collector --no-hypervisorsBut I didn’t find in output what field is not editable. Can you help me with it? 
Regards,Egor PanovSystem AdministratorSkype: e.panoffTel: + 7 (916) 182-62-13This e-mail and the attachments, if any, are confidential and may be legally privileged, and are for the sole use of the intended recipient. If you are not the intended recipient of this e-mail or any part of it, please delete it from your computer.

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZAE65GA6CNQ6BVGA6UFHNA3JEELJGGYN/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/G6BJZXLWZ7V37Z6ZRKE6NBAVVKPXDV64/

[ovirt-users] Re: ENGINE_SSO_AUTH_URL configuration

[Hari Prasanth Loganathan]

Hi Martin,

Thanks for pointing this url.

1) Based on this post, I created a client id using the
'ovirt-register-sso-client-tool'


select * from sso_clients;

  3 | *test*   |
eyJhcnRpZmFjdCI6IkVudmVsb3BlUEJFIiwic2FsdCI6IjFuYktJa3JrWEFCc2R5NzNnNFIrc09NWitGNHI1dW5UY2s1U2t3cWlCMGs9Iiwic2VjcmV0
IjoiRTVwNExDQXpxenhGSHFxdmQwNDhTNDRkN3dNMEwrZVQrYTZlK3lXR044VT0iLCJ2ZXJzaW9uIjoiMSIsIml0ZXJhdGlvbnMiOiI0MDAwIiwiYWxnb3JpdGhtIjoiUEJLREYyV2l0aEh
tYWNTSEExIn0= | http://172.30.39.176:9090/api/auth/sso  |
/root/ssl/ssl/certificate.pem
|
 | oVirt Engine Client |   | openid
ovirt-app-portal ovirt-app-admin ovirt-app-api ovirt-ext=auth:identity
ovirt-ex
t=token:password-access ovirt-ext=auth:sequence-priority
ovirt-ext=token:login-on-behalf ovirt-ext=token-info:authz-search
ovirt-ext=token-info
:public-authz-search ovirt-ext=token-info:validate
ovirt-ext=revoke:revoke-all | t   | TLS|
f
   | t



I will store this sso_client information in my application too.


2) Is it possible to use *JUST* this 'client_id' and 'client_secret' to
communicate from my application to oVirt instead of oVirt token?

  I mean like My_Application ---> (using client id - test) oVirt
API


Thanks,
Hari






On Wed, Jul 4, 2018 at 5:32 PM, Martin Perina  wrote:

>
>
> On Wed, Jul 4, 2018 at 1:54 PM, Hari Prasanth Loganathan  msystechnologies.com> wrote:
>
>> Okay Thanks Martin.
>> I already come across this blog but curious any way to point the
>> authentication and authorization to my HTTP URL. so that I don't want to
>> depend on the ovirt token.
>>
>
> ​There's no way how to replace oVirt SSO with different implementation,
> you need to use oVirt token.
>
> But other than relying on Apache you could also configure your application
> as OpenID Connect client to oVirt SSO similarly as it's described for
> Kibana/Elastic search  integration:
>
> https://www.ovirt.org/blog/2017/05/openshift-openId-
> integration-with-engine-sso/​
>
> Then you would have only single token for both your application and oVirt
>
>
>>
>>
>>
>>
>> On Wed, Jul 4, 2018 at 5:04 PM, Martin Perina  wrote:
>>
>>>
>>>
>>> On Wed, Jul 4, 2018 at 12:02 PM, Hari Prasanth Loganathan <
>>> hariprasant...@msystechnologies.com> wrote:
>>>
 Hi Team,

 I want oVirt to point to my Authentication / Authorization HTTP URL, so
 I modified the following property in
 */etc/ovirt-engine/engine.conf.d/11-setup-sso.conf*


 #ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso;
   ENGINE_SSO_AUTH_URL="http://172.30.39.176:9090/api/auth/sso;

 #SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/;
   SSO_ENGINE_URL="http://172.30.39.176:9090/api/auth/;
 ​

>>>
 I verified in the log and found the following message :

 engine.log:2018-07-04 15:12:46,238+05 INFO
 [org.ovirt.engine.core.uutils.config.ShellLikeConfd] (ServerService
 Thread Pool -- 42) [] Value of property 'ENGINE_SSO_AUTH_URL' is '
 http://172.30.39.176:9090/api/auth/sso'.
 engine.log:2018-07-04 15:12:46,244+05 INFO
 [org.ovirt.engine.core.uutils.config.ShellLikeConfd] (ServerService
 Thread Pool -- 42) [] Value of property 'SSO_ENGINE_URL' is '
 http://172.30.39.176:9090/api/auth/'.


 But still it is not point to my Authentication URL, Is there any other
 change we need to make to point the oVirt Authentication to my HTTP URL?

>>>
>>> ​Hi,
>>>
>>> what exactly are you trying to achieve? To change URL where engine is
>>> available or to replace existing oVirt SSO module with custom
>>> implementation? If the latter, then this is not supported.
>>>
>>> But if you need to configure additional authentication methods, for
>>> example kerberos SSO or CAS, you can do this using combination of Apache
>>> with relevant modules + ovirt-engine-extension-aaa-lda
>>> p/ovirt-engine-extension-aaa-misc packages:
>>>
>>> https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blo
>>> b/master/README
>>> https://github.com/oVirt/ovirt-engine-extension-aaa-misc/blo
>>> b/master/README.http
>>> https://www.ovirt.org/blog/2016/04/sso/
>>>
>>> Regards
>>>
>>> Martin
>>> ​
>>>

 Thanks,
 Hari

 ___
 Users mailing list -- users@ovirt.org
 To unsubscribe send an email to users-le...@ovirt.org
 Privacy Statement: https://www.ovirt.org/site/privacy-policy/
 oVirt Code of Conduct: https://www.ovirt.org/communit
 y/about/community-guidelines/
 List Archives: https://lists.ovirt.org/archiv
 es/list/users@ovirt.org/message/NZKOGON5PKXSE47J25X72WYCOIGOJ3NW/


>>>
>>>
>>> --
>>> Martin Perina
>>> Associate Manager, Software Engineering
>>> Red Hat Czech s.r.o.
>>>
>>
>>
>
>
> --
> Martin Perina
> Associate Manager, Software Engineering
> Red Hat Czech s.r.o.
>
___
Users mailing list -- 

[ovirt-users] Re: ENGINE_SSO_AUTH_URL configuration

[Martin Perina]

On Wed, Jul 4, 2018 at 1:54 PM, Hari Prasanth Loganathan <
hariprasant...@msystechnologies.com> wrote:

> Okay Thanks Martin.
> I already come across this blog but curious any way to point the
> authentication and authorization to my HTTP URL. so that I don't want to
> depend on the ovirt token.
>

​There's no way how to replace oVirt SSO with different implementation, you
need to use oVirt token.

But other than relying on Apache you could also configure your application
as OpenID Connect client to oVirt SSO similarly as it's described for
Kibana/Elastic search  integration:

https://www.ovirt.org/blog/2017/05/openshift-openId-integration-with-engine-sso/
​

Then you would have only single token for both your application and oVirt


>
>
>
>
> On Wed, Jul 4, 2018 at 5:04 PM, Martin Perina  wrote:
>
>>
>>
>> On Wed, Jul 4, 2018 at 12:02 PM, Hari Prasanth Loganathan <
>> hariprasant...@msystechnologies.com> wrote:
>>
>>> Hi Team,
>>>
>>> I want oVirt to point to my Authentication / Authorization HTTP URL, so
>>> I modified the following property in
>>> */etc/ovirt-engine/engine.conf.d/11-setup-sso.conf*
>>>
>>>
>>> #ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso;
>>>   ENGINE_SSO_AUTH_URL="http://172.30.39.176:9090/api/auth/sso;
>>>
>>> #SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/;
>>>   SSO_ENGINE_URL="http://172.30.39.176:9090/api/auth/;
>>> ​
>>>
>>
>>> I verified in the log and found the following message :
>>>
>>> engine.log:2018-07-04 15:12:46,238+05 INFO
>>> [org.ovirt.engine.core.uutils.config.ShellLikeConfd] (ServerService
>>> Thread Pool -- 42) [] Value of property 'ENGINE_SSO_AUTH_URL' is '
>>> http://172.30.39.176:9090/api/auth/sso'.
>>> engine.log:2018-07-04 15:12:46,244+05 INFO
>>> [org.ovirt.engine.core.uutils.config.ShellLikeConfd] (ServerService
>>> Thread Pool -- 42) [] Value of property 'SSO_ENGINE_URL' is '
>>> http://172.30.39.176:9090/api/auth/'.
>>>
>>>
>>> But still it is not point to my Authentication URL, Is there any other
>>> change we need to make to point the oVirt Authentication to my HTTP URL?
>>>
>>
>> ​Hi,
>>
>> what exactly are you trying to achieve? To change URL where engine is
>> available or to replace existing oVirt SSO module with custom
>> implementation? If the latter, then this is not supported.
>>
>> But if you need to configure additional authentication methods, for
>> example kerberos SSO or CAS, you can do this using combination of Apache
>> with relevant modules + ovirt-engine-extension-aaa-lda
>> p/ovirt-engine-extension-aaa-misc packages:
>>
>> https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/
>> blob/master/README
>> https://github.com/oVirt/ovirt-engine-extension-aaa-misc/
>> blob/master/README.http
>> https://www.ovirt.org/blog/2016/04/sso/
>>
>> Regards
>>
>> Martin
>> ​
>>
>>>
>>> Thanks,
>>> Hari
>>>
>>> ___
>>> Users mailing list -- users@ovirt.org
>>> To unsubscribe send an email to users-le...@ovirt.org
>>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
>>> oVirt Code of Conduct: https://www.ovirt.org/communit
>>> y/about/community-guidelines/
>>> List Archives: https://lists.ovirt.org/archiv
>>> es/list/users@ovirt.org/message/NZKOGON5PKXSE47J25X72WYCOIGOJ3NW/
>>>
>>>
>>
>>
>> --
>> Martin Perina
>> Associate Manager, Software Engineering
>> Red Hat Czech s.r.o.
>>
>
>


-- 
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7WJWKAPT2ZKFWOENVU64LIHCTNLKE7JE/

[ovirt-users] Re: ENGINE_SSO_AUTH_URL configuration

[Hari Prasanth Loganathan]

Okay Thanks Martin.
I already come across this blog but curious any way to point the
authentication and authorization to my HTTP URL. so that I don't want to
depend on the ovirt token.





On Wed, Jul 4, 2018 at 5:04 PM, Martin Perina  wrote:

>
>
> On Wed, Jul 4, 2018 at 12:02 PM, Hari Prasanth Loganathan  msystechnologies.com> wrote:
>
>> Hi Team,
>>
>> I want oVirt to point to my Authentication / Authorization HTTP URL, so I
>> modified the following property in
>> */etc/ovirt-engine/engine.conf.d/11-setup-sso.conf*
>>
>>
>> #ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso;
>>   ENGINE_SSO_AUTH_URL="http://172.30.39.176:9090/api/auth/sso;
>>
>> #SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/;
>>   SSO_ENGINE_URL="http://172.30.39.176:9090/api/auth/;
>> ​
>>
>
>> I verified in the log and found the following message :
>>
>> engine.log:2018-07-04 15:12:46,238+05 INFO  
>> [org.ovirt.engine.core.uutils.config.ShellLikeConfd]
>> (ServerService Thread Pool -- 42) [] Value of property
>> 'ENGINE_SSO_AUTH_URL' is 'http://172.30.39.176:9090/api/auth/sso'.
>> engine.log:2018-07-04 15:12:46,244+05 INFO  
>> [org.ovirt.engine.core.uutils.config.ShellLikeConfd]
>> (ServerService Thread Pool -- 42) [] Value of property 'SSO_ENGINE_URL' is '
>> http://172.30.39.176:9090/api/auth/'.
>>
>>
>> But still it is not point to my Authentication URL, Is there any other
>> change we need to make to point the oVirt Authentication to my HTTP URL?
>>
>
> ​Hi,
>
> what exactly are you trying to achieve? To change URL where engine is
> available or to replace existing oVirt SSO module with custom
> implementation? If the latter, then this is not supported.
>
> But if you need to configure additional authentication methods, for
> example kerberos SSO or CAS, you can do this using combination of Apache
> with relevant modules + ovirt-engine-extension-aaa-
> ldap/ovirt-engine-extension-aaa-misc packages:
>
> https://github.com/oVirt/ovirt-engine-extension-aaa-
> ldap/blob/master/README
> https://github.com/oVirt/ovirt-engine-extension-aaa-
> misc/blob/master/README.http
> https://www.ovirt.org/blog/2016/04/sso/
>
> Regards
>
> Martin
> ​
>
>>
>> Thanks,
>> Hari
>>
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
>> oVirt Code of Conduct: https://www.ovirt.org/communit
>> y/about/community-guidelines/
>> List Archives: https://lists.ovirt.org/archiv
>> es/list/users@ovirt.org/message/NZKOGON5PKXSE47J25X72WYCOIGOJ3NW/
>>
>>
>
>
> --
> Martin Perina
> Associate Manager, Software Engineering
> Red Hat Czech s.r.o.
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JKT6TUGAM26S5MM7UNROZVXUJPBGKB7S/

[ovirt-users] Re: LDAP login extension

[Martin Perina]

On Wed, Jun 27, 2018 at 9:14 AM, Mariusz Kozakowski <
mariusz.kozakow...@sallinggroup.com> wrote:

> Hello,
>
> We managed to setup oVirt Engine with your help, now we're facing other
> issue.
>
> I'm trying to configure AD auth for web portal, but unfortunately I got
> error during ovirt-engine-extension-aaa-ldap-setup:
>
>
>   2018-06-27 09:06:21,926+02 INFO==
> ==
>   2018-06-27 09:06:21,926+02 INFO==
> Execution ===
>   2018-06-27 09:06:21,926+02 INFO==
> ==
>   2018-06-27 09:06:21,927+02 INFOIteration: 0
>   2018-06-27 09:06:21,928+02 INFOProfile='ad' authn='ad-authn'
> authz='ad-authz' mapping='null'
>   2018-06-27 09:06:21,928+02 INFOAPI: 
> -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS
> profile='ad' user='username'
>   2018-06-27 09:06:21,945+02 INFOAPI: 
> <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS
> profile='ad' result=SUCCESS
>   2018-06-27 09:06:21,948+02 INFO--- Begin AuthRecord ---
>   2018-06-27 09:06:21,949+02 INFOAAA_AUTHN_AUTH_RECORD_PRINCIPAL:
> username
>   2018-06-27 09:06:21,949+02 INFO--- End   AuthRecord ---
>   2018-06-27 09:06:21,950+02 INFOAPI:
> -->Authz.InvokeCommands.FETCH_PRINCIPAL_RECORD principal='username'
>   2018-06-27 09:06:21,952+02 WARNING Ignoring records from pool:
> 'gc'
>   2018-06-27 09:06:21,953+02 SEVERE  Cannot resolve principal
> 'username'
>

​Hi,

are you sure that you are trying to configure either "standalone AD domain"
or "AD forrest with ​multi-domain trust" using the tool? I'm asking because
if want to configure AD which is part of AD forrest, you cannot do that
using the tool, as this is advanced configuration. And we don't support
multi-forrest with multi-domain trusts at all.

Could you please describe your AD setup and share with us full output of
aaa-ldap-setup tool?

Thanks

Martin


> Do you have any idea what's the issue and what we're missing? As it looks
> like credentials are correct - passing wrong username gives fail earlier,
> so issue is somewhere after authentication.
>
> --
>
> Best regards/Pozdrawiam/MfG
>
> *Mariusz Kozakowski*
>
> Site Reliability Engineer
>
> Dansk Supermarked Group
> Baltic Business Park
> ul. 1 Maja 38-39
> 71-627 Szczecin
> dansksupermarked.com
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-
> guidelines/
> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/
> message/6BZXOA6ZXMSN5EPC67LNBUSANJLUBHA7/
>
>


-- 
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VD2CTLJTEA2MUKM3DHF2TFMBFIANAGKQ/

[ovirt-users] Re: oVirt Authentication and Authorization

[Martin Perina]

On Fri, Jun 29, 2018 at 1:39 PM, Hari Prasanth Loganathan <
hariprasant...@msystechnologies.com> wrote:

> Thanks Ondra for the response.
>
> *This is my use case : *
>
> We have three components in our setup
>
> 1) Our Script (application using python)
> 2) Ovirt
> 3) LDAP (Also integrated to oVirt)
>
> 1) Our Python application is authenticating to LDAP and it creates a token
> for our application
> 2) For accessing the API's in oVIrt, I need to contact to the oVirt API
> which authenticates and creates a token for it
> 3) then I need to maintain the token of my application with its mapping to
> the ovirt tokenId in my application.
>
> *Difficulty :*
>
>
> *When I want to hit any oVirt API, First I perform the token check in my
> application (using my application token) then I need to perform the ovirt
> token check in oVirt using the ovirt token Id I maintain in the
> application.  *
>
> *To Achieve : *
>
> *So I want a feature, which perform authentication check only in my
> application and then from my application I need to contact the ovirt APIs
> without authentication / authorization check. I don't want ovirt to perform
> authentication / authorization check. *
>
>
> * 1) I would like to know Is there a way to skip the authentication and
> authorization in oVIrt? *
>

​No, but you can configure oVirt to use for example kerberos or CAS to
receive authentication
​

> *2) Or Is it possible to point the authentication validation for oVirt (to
> my application / to some URL which I configure) which always return true
> and allow for all oVirt API's?*
>

​No, as mentioned above you can only configure oVirt to use Apache
authentication (kerberos, CAS, ...)
​

>
> *If any thing is not clear I will update the mail and send you.*
>
>
>
> *Thanks *
>
>
>
>
> On Fri, Jun 29, 2018 at 5:00 PM, Ondra Machacek 
> wrote:
>
>> What's your use-case? You need all users to access without any
>> username/password? Why not rather share some username/password of guest
>> account them?
>>
>> On 06/29/2018 12:39 PM, Hari Prasanth Loganathan wrote:
>>
>>> Guys any update on this, If you have any clarification in my query
>>> please let me know.
>>>
>>> Thanks,
>>> Hari
>>>
>>> On Thu, Jun 28, 2018 at 6:19 PM, Hari Prasanth Loganathan <
>>> hariprasant...@msystechnologies.com >> hnologies.com>> wrote:
>>>
>>> Hi Team,
>>>
>>> We have three components in our setup
>>>
>>> 1) Our Script (application using python)
>>> 2) Ovirt
>>> 3) LDAP (Also integrated to oVirt)
>>>
>>> 1) Our Python application is authenticating to LDAP and it creates a
>>> token for our application
>>> 2) For accessing the API's in oVIrt, I need to contact to the oVirt
>>> API which authenticates and creates a token for it
>>> 3) then I need to maintain the token of my application with its
>>> mapping to the ovirt tokenId in my application.
>>>
>>> When I want to hit any oVirt API, First I perform the token check in
>>> my application (using my application token) then I need to perform
>>> the ovirt token check in oVirt.
>>>
>>> 1)*I would like to know Is there a way to skip the authentication
>>> and authorization in oVIrt?
>>> *
>>> 2)*Or Is it possible to point the authentication check for oVirt (to
>>> my application / to some URL which I configure) which always return
>>> true and allow for all oVirt API's?*
>>>
>>>
>>> *I did some analysis and verified the oVirt code in github,
>>> Identified that it is going via a fliter in web.xml which points to
>>> the class, Is it possible to tune this? *
>>>
>>>
>>> 
>>>  RestApiSessionValidationFilter
>>> org.ovirt.engine
>>> .core.aaa.filters.RestApiSessionValidationFilter
>>>  
>>>  
>>>  RestApiSessionValidationFilter
>>>  /*
>>>  
>>>
>>>  
>>>  SessionValidationFilter
>>> org.ovirt.engine
>>> .core.aaa.filters.SessionValidationFilter
>>>  
>>>  
>>>  SessionValidationFilter
>>>  /*
>>>  
>>>
>>>  
>>>  SsoRestApiAuthFilter
>>> org.ovirt.engine
>>> .core.aaa.filters.SsoRestApiAuthFilter
>>>  
>>>  
>>>  SsoRestApiAuthFilter
>>>  /*
>>>  
>>>
>>>  
>>>  SsoRestApiNegotiationFilter
>>> org.ovirt.engine
>>> .core.aaa.filters.SsoRestApiNegotiationFilter
>>>  
>>>  
>>>  SsoRestApiNegotiationFilter
>>>  /*
>>>  
>>>
>>> If my query is not clear, please let me know.
>>>
>>> Thanks,
>>> Hari
>>>
>>>
>>>
>>>
>>>
>>> ___
>>> Users mailing list -- users@ovirt.org
>>> To unsubscribe send an email to users-le...@ovirt.org
>>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
>>> oVirt Code of 

[ovirt-users] Re: ENGINE_SSO_AUTH_URL configuration

[Martin Perina]

On Wed, Jul 4, 2018 at 12:02 PM, Hari Prasanth Loganathan <
hariprasant...@msystechnologies.com> wrote:

> Hi Team,
>
> I want oVirt to point to my Authentication / Authorization HTTP URL, so I
> modified the following property in
> */etc/ovirt-engine/engine.conf.d/11-setup-sso.conf*
>
>
> #ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso;
>   ENGINE_SSO_AUTH_URL="http://172.30.39.176:9090/api/auth/sso;
>
> #SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/;
>   SSO_ENGINE_URL="http://172.30.39.176:9090/api/auth/;
> ​
>

> I verified in the log and found the following message :
>
> engine.log:2018-07-04 15:12:46,238+05 INFO  
> [org.ovirt.engine.core.uutils.config.ShellLikeConfd]
> (ServerService Thread Pool -- 42) [] Value of property
> 'ENGINE_SSO_AUTH_URL' is 'http://172.30.39.176:9090/api/auth/sso'.
> engine.log:2018-07-04 15:12:46,244+05 INFO  
> [org.ovirt.engine.core.uutils.config.ShellLikeConfd]
> (ServerService Thread Pool -- 42) [] Value of property 'SSO_ENGINE_URL' is '
> http://172.30.39.176:9090/api/auth/'.
>
>
> But still it is not point to my Authentication URL, Is there any other
> change we need to make to point the oVirt Authentication to my HTTP URL?
>

​Hi,

what exactly are you trying to achieve? To change URL where engine is
available or to replace existing oVirt SSO module with custom
implementation? If the latter, then this is not supported.

But if you need to configure additional authentication methods, for example
kerberos SSO or CAS, you can do this using combination of Apache with
relevant modules +
ovirt-engine-extension-aaa-ldap/ovirt-engine-extension-aaa-misc packages:

https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/master/README
https://github.com/oVirt/ovirt-engine-extension-aaa-misc/blob/master/README.http
https://www.ovirt.org/blog/2016/04/sso/

Regards

Martin
​

>
> Thanks,
> Hari
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-
> guidelines/
> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/
> message/NZKOGON5PKXSE47J25X72WYCOIGOJ3NW/
>
>


-- 
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/CGH2QSKU27JLP635KZ63SKTWA3O5VUBC/

[ovirt-users] Re: Engine Setup Error

[Sahina Bose]

vdsm.log does indicate an error connecting to the engine gluster volume.

I should have been more specific - I requested for the engine volume mount
logs from the host, under
/var/log/glusterfs/rhev-data-center-mnt-glusterSD...engine.log

Also, please provide output of "gluster volume status engine" and "gluster
peer status"


On Wed, Jul 4, 2018 at 1:04 PM, Sakhi Hadebe  wrote:

> Thank you for your quick response.
>
> Attached please find the log files:
>
>
>
> On Wed, Jul 4, 2018 at 7:37 AM, Yedidyah Bar David 
> wrote:
>
>> On Tue, Jul 3, 2018 at 3:28 PM, Sakhi Hadebe  wrote:
>> > Hi,
>> >
>> > We are deploying the hosted engine on oVirt-Node-4.2.3.1 using the
>> command
>> > "hosted-engine --deploy".
>> >
>> > After providing answers it runs the ansible script and hit the Error
>> when
>> > creating glusterfs storage domain. Attached the screenshot of the ERROR.
>>
>> Adding Sahina.
>>
>> Please check/share relevant logs from the host. Thanks.
>>
>> Best regards,
>> --
>> Didi
>>
>
>
>
> --
> Regards,
> Sakhi Hadebe
>
> Engineer: South African National Research Network (SANReN)Competency Area, 
> Meraka, CSIR
>
> Tel:   +27 12 841 2308 <+27128414213>
> Fax:   +27 12 841 4223 <+27128414223>
> Cell:  +27 71 331 9622 <+27823034657>
> Email: sa...@sanren.ac.za 
>
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BMM2MM4J3U454TXUA25KM2CI6KETHFT2/

[ovirt-users] GlusterFS 4.1

[Chris Boot]

All,

Now that GlusterFS 4.1 LTS has been released, and is the "default"
version of GlusterFS in CentOS (you get this from
"centos-release-gluster" now), what's the status with regards to oVirt?

How badly is oVirt 4.2.4 likely to break if one were to upgrade the
gluster* packages to 4.1?

Thanks,
Chris

-- 
Chris Boot
bo...@boo.tc
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ECTRCG7EOZBTXQJNB4RKN6JYVHVOWV4S/

[ovirt-users] Re: ovirt, postfix and sendmail

[Fabrice Bacchella]

> Le 4 juil. 2018 à 11:03, Yedidyah Bar David  a écrit :
> 
> On Wed, Jul 4, 2018 at 11:04 AM, Fabrice Bacchella
>  wrote:
>> ovirt in version 4.2 choose to incorporate postfix as a mandatory MTA:
> 
> This was added in 4.0, AFAIU:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1301966
> 
> IMHO the bug is somewhat incorrect. HA sends its email using smtplib,
> which IIUC does not require a local /usr/sbin/sendmail . Indeed, the
> default is to send through 'localhost:25', and for this to work you
> need some MTA listening there. But admins might find it perfectly
> reasonable to not have any sendmail locally, although this is the unix
> tradition, and configure everything to send through a remote MTA.
> hosted-engine --deploy already asks about this, so should be easy to
> do there. Other common stuff, such as crond, also allow doing this. So
> ideally, if the admin accepts the default 'localhost:25', the script
> should try to connect there (perhaps also if user provides custom
> values?), and if it fails, or if the other side does not look like an
> MTA (e.g. does not accept a HELO or EHLO, not sure what's the best
> way), prompt, and if 'localhost', suggest to install some MTA. But
> email is a hard problem, not sure how complex we need to make the
> setup script...
> 
>> 
>> yum erase postfix
>> ...
>> Removing:
>> postfix x86_64
>> 2:2.10.1-6.el7@base 12 M
>> Removing for dependencies:
>> cockpit-ovirt-dashboard noarch
>> 0.11.28-1.el7 @ovirt-4.215 M
>> ovirt-host  x86_64
>> 4.2.3-1.el7   @ovirt-4.211 k
>> ovirt-hosted-engine-setup   noarch
>> 2.2.22.1-1.el7@ovirt-4.2   2.2 M
>> 
>> Is there a way to change that ? It's not about postfix being inferior or
>> superior to other solutions. It's that it didn't ask any thing, didn't check
>> if one was already installed. It's just installed.
>> 
>> For example:
>> rpm -q --provides postfix
>> MTA
>> config(postfix) = 2:2.10.1-6.el7
>> postfix = 2:2.10.1-6.el7
>> postfix(x86-64) = 2:2.10.1-6.el7
>> server(smtp)
>> smtpd
>> smtpdaemon
>> 
>> rpm -q --provides sendmail
>> MTA
>> config(sendmail) = 8.14.7-5.el7
>> sendmail = 8.14.7-5.el7
>> sendmail(x86-64) = 8.14.7-5.el7
>> server(smtp)
>> smtpdaemon
>> 
>> There is a lot of other dependencies to declare other than postfix, MTA
>> would have been better.
> 
> I agree, and suggest to open an RFE on ovirt-host (and elsewhere?
> didn't check) to change the Requires:.
> 
> Seems like the thing we want to require is 'server(smtp)':
> 
> https://fedoraproject.org/wiki/Features/ServerProvides
> 
> Best regards,

Done:

https://bugzilla.redhat.com/show_bug.cgi?id=1598085
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7ZFPH67MIQNWALAE4T2WXX3UVM6UAWSE/

[ovirt-users] Re: hyperconverged cluster - how to change the mount path?

[Renout Gerrits]

unsupported, make backups, use at your own risk etc...

you could update the db if you can't put the storage domain into maintenance
after that put your hosts into maintenance and out again to remount

find the id of the sd you want to update with:
  engine=# select * from storage_server_connections;

ensure you have to correct id, the following should point to the old mount
point:
  engine=# select connection from storage_server_connections where id='';

next update your db
  engine=# update storage_server_connections set connection=' wrote:

> Yeah, sorry that doesn’t work.
>
> I can’t set hosted_storage (storage domain where hosted engine runs on)
> into maintenance mode to being able to edit it.
>
>
>
> André
>
>
>
> *Von:* Gobinda Das [mailto:go...@redhat.com]
> *Gesendet:* Montag, 2. Juli 2018 09:00
> *An:* Alex K
> *Cc:* Liebe, André-Sebastian; users
> *Betreff:* Re: [ovirt-users] Re: hyperconverged cluster - how to change
> the mount path?
>
>
>
> You can do it by using "Manage Domain" option from Starage Domain.
>
>
>
> On Sun, Jul 1, 2018 at 7:02 PM, Alex K  wrote:
>
> The steps roughly would be to put that storage domain in maintenance then
> edit/redefine it. You have the option to set gluster mount point options
> for the redundancy part. No need to set dns round robin.
>
>
>
> Alex
>
>
>
> On Sun, Jul 1, 2018, 13:29 Liebe, André-Sebastian 
> wrote:
>
> Hi list,
>
> I'm looking for an advice how to change the mount point of the
> hosted_storage due to a hostname change.
>
> When I set up our hyperconverged lab cluster (host1, host2, host3) I
> populated the mount path with host3:/hosted_storage which wasn't very
> clever as it brings in a single point of failure (i.e. when host3 is down).
> So I thought adding a round robin dns/hosts entry (i.e. gluster1) for host
> 1 to 3 and changing the mount path would be a better idea. But the mount
> path entry is locked in web gui and I couldn't find any hint how to change
> it manually (in database, shared and local configuration) in a consistent
> way without risking the cluster.
> So, is there a step by step guide how to achieve this without reinstalling
> (from backup)?
>
>
> Sincerely
>
> André-Sebastian Liebe
> Technik / Innovation
>
> gematik
> Gesellschaft für Telematikanwendungen der Gesundheitskarte mbH
> Friedrichstraße 136
> 10117 Berlin
> Telefon: +49 30 40041-197
> Telefax: +49 30 40041-111
> E-Mail:  andre.li...@gematik.de
> www.gematik.de
> ___
> Amtsgericht Berlin-Charlottenburg HRB 96351 B
> Geschäftsführer: Alexander Beyer
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-
> guidelines/
> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/
> message/B2R6G3VCK545RKT5BMAQ5EXO4ZFJSMFG/
>
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-
> guidelines/
> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/
> message/QKNPBUXPIHNYN2NT63KUCYZOBZO5HUOL/
>
>
>
>
>
> --
>
> Thanks,
>
> Gobinda
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-
> guidelines/
> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/
> message/SQJGVJLSRHAXTX6EFU4Z6GPO5IN565CD/
>
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5CN675JLGV6JPPR6W2TXFMZ562ZYPMJJ/

[ovirt-users] ENGINE_SSO_AUTH_URL configuration

[Hari Prasanth Loganathan]

Hi Team,

I want oVirt to point to my Authentication / Authorization HTTP URL, so I
modified the following property in
*/etc/ovirt-engine/engine.conf.d/11-setup-sso.conf*


#ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso;
  ENGINE_SSO_AUTH_URL="http://172.30.39.176:9090/api/auth/sso;

#SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/;
  SSO_ENGINE_URL="http://172.30.39.176:9090/api/auth/;


I verified in the log and found the following message :

engine.log:2018-07-04 15:12:46,238+05 INFO
[org.ovirt.engine.core.uutils.config.ShellLikeConfd] (ServerService Thread
Pool -- 42) [] Value of property 'ENGINE_SSO_AUTH_URL' is '
http://172.30.39.176:9090/api/auth/sso'.
engine.log:2018-07-04 15:12:46,244+05 INFO
[org.ovirt.engine.core.uutils.config.ShellLikeConfd] (ServerService Thread
Pool -- 42) [] Value of property 'SSO_ENGINE_URL' is '
http://172.30.39.176:9090/api/auth/'.


But still it is not point to my Authentication URL, Is there any other
change we need to make to point the oVirt Authentication to my HTTP URL?

Thanks,
Hari
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/NZKOGON5PKXSE47J25X72WYCOIGOJ3NW/

[ovirt-users] Re: ovirt, postfix and sendmail

[Yedidyah Bar David]

On Wed, Jul 4, 2018 at 12:33 PM, Fabrice Bacchella <
fabrice.bacche...@orange.fr> wrote:

>
>
> There is a lot of other dependencies to declare other than postfix, MTA
> would have been better.
>
>
> I agree, and suggest to open an RFE on ovirt-host (and elsewhere?
> didn't check) to change the Requires:.
>
>
> ovirt-host have a lot of dependencies:
>

Indeed


> rpm -q --requires  ovirt-host
> NetworkManager-config-server
> cockpit
> cockpit-dashboard
> cockpit-machines-ovirt
> cockpit-networkmanager
> cockpit-ovirt-dashboard
> dracut-fips
> firewalld
> glusterfs-rdma
> ipa-client
> katello-agent
> mailx
> net-snmp
> net-snmp-utils
> ovirt-host-dependencies = 4.2.3-1.el7
> ovirt-hosted-engine-setup
> ovirt-provider-ovn-driver
> postfix
> python-firewall
> rng-tools
> rpmlib(CompressedFileNames) <= 3.0.4-1
> rpmlib(FileDigests) <= 4.6.0-1
> rpmlib(PayloadFilesHavePrefix) <= 4.0-1
> screen
> sysstat
> tcpdump
> vdsm-hook-ethtool-options
> vdsm-hook-fcoe
> vdsm-hook-openstacknet
> vdsm-hook-vfio-mdev
> vdsm-hook-vhostmd
> vdsm-hook-vmfex-dev
>
> Many of thee are useless depending of your setup.
>

Indeed, but there is obviously a trade-off here.

If we can solve a bug that affects, say, 30% of the setups, by requiring a
package that takes 300KB disk space, and has (hopefully) no
security/administrative/etc. implications, I'd say it's worth adding.


> rng-tools, for example, but my hardware don't provides any of the needed
> random generators.
> screen, tcpdump ? I'm quite surprised.
> glusterfs-rdma, I'm not doing glusterfs, and I don't have any hardware to
> do rdma
>
>
I am pretty certain that each was added with a good reason. Sometimes you
can find the reason in the git commit, or in the linked bug.

If you disagree about a specific item, after accepting the general
reasoning above, feel free to open a bug.

If you disagree with the entire reasoning, it means, practically, that you
want more than one ovirt-node, perhaps many more, which will require much
more work. Would you volunteer to maintain the various flavors?
ovirt-node-gluster-postfix, ovirt-node-ovn-postfix,
ovirt-node-gluster-ovn-postfix, ovirt-node-postfix, ovirt-node-sendmail, ...

While I do not follow closely maintenance of ovirt-host, I was involved in
deciding we do want it, and so far think it was a good decision. Before
that, we had partial lists of requirements duplicated over
ovirt-host-deploy, ovirt-hosted-engine-setup, ovirt-node (and then
ovirt-release, which new ovirt-node uses), and always forgot to update some
of them when adding/updating stuff. Current state, of having everything in
a single (rather large, admittedly) ovirt-host meta-package is much better.
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/I7OWOYIZROVAY7BYA2WWTEP5OZK7I7FY/

[ovirt-users] Re: API token in postgres

[Hari Prasanth Loganathan]

Hi all,

I come to know via code that, It is stored in the in-memory in Concurrent
hash map.

storing the mapping between sessionId and SSOToken in ConcurrentHashMap which
will be in In-Memory.

private ConcurrentMap sessionInfoMap = new
ConcurrentHashMap<>();

https://github.com/oVirt/ovirt-engine/blob/15b0de3a83c090384
29b67cc45ee36aa26096891/backend/manager/modules/bll/src/main/java/org/ovirt/
engine/core/bll/aaa/SessionDataContainer.java

Thanks,
Hari

On Wed, Jul 4, 2018 at 3:05 AM, Hari Prasanth Loganathan <
hariprasant...@msystechnologies.com> wrote:

> Guys, any help is appreciated.
>
> I am not able to find the table in Postgres. Please let me know.
>
> Thanks
>
> On Tue, 3 Jul 2018 at 9:52 PM, Hari Prasanth Loganathan  msystechnologies.com> wrote:
>
>> Hi Guys,
>>
>> Could somebody help on the postgres table, Which table is used to store
>> the mapping between sessionId and sso token?
>>
>> If my query is not clear, please let me know.
>>
>> Thanks,
>> Hari
>>
>> On Tue, Jul 3, 2018 at 6:14 PM, Hari Prasanth Loganathan > msystechnologies.com> wrote:
>>
>>> Hi Team,
>>>
>>> Which postgres table is used to store the relation between sessionId and
>>> SSO token ?
>>>
>>> I verified the *github* : https://github.com/oVirt/ovirt-engine/blob/
>>> d910a6e14bdb9fad0f21b8d9f22723f53db2fd2d/backend/manager/
>>> modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/
>>> SsoRestApiAuthFilter.java
>>>
>>> *Code** :*
>>>
>>> QueryReturnValue queryRetVal = FiltersHelper.getBackend(ctx).
>>> runPublicQuery(
>>> QueryType.*GetEngineSessionIdForSsoToken*,
>>> new GetEngineSessionIdForSsoTokenQueryParameters(token));
>>>
>>>
>>>
>>> Which table in postgres has the mapping between sessionId and sso token?
>>> Could somebody help me on this?
>>>
>>> Thanks,
>>> Hari
>>>
>>
>>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OUUPZCSNYDYE76CPXX2M2RYSHD7AC4KZ/

[ovirt-users] Re: ovirt, postfix and sendmail

[Yedidyah Bar David]

On Wed, Jul 4, 2018 at 12:26 PM, Fabrice Bacchella <
fabrice.bacche...@orange.fr> wrote:

>
>
>
> I agree, and suggest to open an RFE on ovirt-host (and elsewhere?
> didn't check) to change the Requires:.
>
>
> On what product:
> https://bugzilla.redhat.com/enter_bug.cgi?classification=oVirt
>
> I don't know which one to choose.
>

Good question! :-)

When I don't know, I usually check the git repo for previous patches'
'Bug-Url:'. In this case [1], the first patch with a Bug-Url points at a
bug in product "Red Hat Enterprise Virtualization Manager", and the second
one at a bug in product "ovirt-distribution", component "ovirt-host". Since
your request is not specific to RHV but is for oVirt (and obviously applies
also to RHV, but that's irrelevant for now), latter is the best choice.

[1] https://gerrit.ovirt.org/gitweb?p=ovirt-host.git;a=log
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/DTTOJDVRG25TXPVJW3DG35D2FK26WJG2/

[ovirt-users] Re: ovirt, postfix and sendmail

[Fabrice Bacchella]

>> 
>> 
>> There is a lot of other dependencies to declare other than postfix, MTA
>> would have been better.
> 
> I agree, and suggest to open an RFE on ovirt-host (and elsewhere?
> didn't check) to change the Requires:.
> 

ovirt-host have a lot of dependencies:
rpm -q --requires  ovirt-host
NetworkManager-config-server
cockpit
cockpit-dashboard
cockpit-machines-ovirt
cockpit-networkmanager
cockpit-ovirt-dashboard
dracut-fips
firewalld
glusterfs-rdma
ipa-client
katello-agent
mailx
net-snmp
net-snmp-utils
ovirt-host-dependencies = 4.2.3-1.el7
ovirt-hosted-engine-setup
ovirt-provider-ovn-driver
postfix
python-firewall
rng-tools
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
screen
sysstat
tcpdump
vdsm-hook-ethtool-options
vdsm-hook-fcoe
vdsm-hook-openstacknet
vdsm-hook-vfio-mdev
vdsm-hook-vhostmd
vdsm-hook-vmfex-dev

Many of thee are useless depending of your setup.
rng-tools, for example, but my hardware don't provides any of the needed random 
generators.
screen, tcpdump ? I'm quite surprised.
glusterfs-rdma, I'm not doing glusterfs, and I don't have any hardware to do 
rdma

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/O524TQERFSF36ZAXYFFMANMEH6247GCE/

[ovirt-users] Re: ovirt, postfix and sendmail

[Fabrice Bacchella]

> 
> 
> I agree, and suggest to open an RFE on ovirt-host (and elsewhere?
> didn't check) to change the Requires:.
> 

On what product:
https://bugzilla.redhat.com/enter_bug.cgi?classification=oVirt 


I don't know which one to choose.

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GCMLPZB2NU7NG7NO6OD2GSEFRGLQXC7D/

[ovirt-users] Re: ovirt, postfix and sendmail

[Yedidyah Bar David]

On Wed, Jul 4, 2018 at 11:04 AM, Fabrice Bacchella
 wrote:
> ovirt in version 4.2 choose to incorporate postfix as a mandatory MTA:

This was added in 4.0, AFAIU:

https://bugzilla.redhat.com/show_bug.cgi?id=1301966

IMHO the bug is somewhat incorrect. HA sends its email using smtplib,
which IIUC does not require a local /usr/sbin/sendmail . Indeed, the
default is to send through 'localhost:25', and for this to work you
need some MTA listening there. But admins might find it perfectly
reasonable to not have any sendmail locally, although this is the unix
tradition, and configure everything to send through a remote MTA.
hosted-engine --deploy already asks about this, so should be easy to
do there. Other common stuff, such as crond, also allow doing this. So
ideally, if the admin accepts the default 'localhost:25', the script
should try to connect there (perhaps also if user provides custom
values?), and if it fails, or if the other side does not look like an
MTA (e.g. does not accept a HELO or EHLO, not sure what's the best
way), prompt, and if 'localhost', suggest to install some MTA. But
email is a hard problem, not sure how complex we need to make the
setup script...

>
> yum erase postfix
> ...
> Removing:
>  postfix x86_64
> 2:2.10.1-6.el7@base 12 M
> Removing for dependencies:
>  cockpit-ovirt-dashboard noarch
> 0.11.28-1.el7 @ovirt-4.215 M
>  ovirt-host  x86_64
> 4.2.3-1.el7   @ovirt-4.211 k
>  ovirt-hosted-engine-setup   noarch
> 2.2.22.1-1.el7@ovirt-4.2   2.2 M
>
> Is there a way to change that ? It's not about postfix being inferior or
> superior to other solutions. It's that it didn't ask any thing, didn't check
> if one was already installed. It's just installed.
>
> For example:
> rpm -q --provides postfix
> MTA
> config(postfix) = 2:2.10.1-6.el7
> postfix = 2:2.10.1-6.el7
> postfix(x86-64) = 2:2.10.1-6.el7
> server(smtp)
> smtpd
> smtpdaemon
>
> rpm -q --provides sendmail
> MTA
> config(sendmail) = 8.14.7-5.el7
> sendmail = 8.14.7-5.el7
> sendmail(x86-64) = 8.14.7-5.el7
> server(smtp)
> smtpdaemon
>
> There is a lot of other dependencies to declare other than postfix, MTA
> would have been better.

I agree, and suggest to open an RFE on ovirt-host (and elsewhere?
didn't check) to change the Requires:.

Seems like the thing we want to require is 'server(smtp)':

https://fedoraproject.org/wiki/Features/ServerProvides

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/4LUVNYZGJME4JEOJM4HKVL4OTP4PL5D2/

[ovirt-users] ovirt, postfix and sendmail

[Fabrice Bacchella]

ovirt in version 4.2 choose to incorporate postfix as a mandatory MTA:

yum erase postfix
...
Removing:
 postfix x86_64   
2:2.10.1-6.el7@base 12 M
Removing for dependencies:
 cockpit-ovirt-dashboard noarch   
0.11.28-1.el7 @ovirt-4.215 M
 ovirt-host  x86_64   
4.2.3-1.el7   @ovirt-4.211 k
 ovirt-hosted-engine-setup   noarch   
2.2.22.1-1.el7@ovirt-4.2   2.2 M

Is there a way to change that ? It's not about postfix being inferior or 
superior to other solutions. It's that it didn't ask any thing, didn't check if 
one was already installed. It's just installed.

For example:
rpm -q --provides postfix
MTA
config(postfix) = 2:2.10.1-6.el7
postfix = 2:2.10.1-6.el7
postfix(x86-64) = 2:2.10.1-6.el7
server(smtp)
smtpd
smtpdaemon

rpm -q --provides sendmail
MTA
config(sendmail) = 8.14.7-5.el7
sendmail = 8.14.7-5.el7
sendmail(x86-64) = 8.14.7-5.el7
server(smtp)
smtpdaemon

There is a lot of other dependencies to declare other than postfix, MTA would 
have been better.___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/74572PMISFPD7ODKXRLBBCA7IA5ATPZ7/

[ovirt-users] Re: Error with with increasing resources of the HostedEngine. VM values that are locked

[Simone Tiraboschi]

Hi,
which values are you trying to increase?

can you please attach your engine.log?

On Sun, Jul 1, 2018 at 12:28 PM Egor Panov  wrote:

> Hi,
>
> I have problem with increasing resources of the HostedEngine:"There was an
> attempt to change Hosted Engine VM values that are locked»
> I read the articles
> https://access.redhat.com/solutions/3023041
> https://access.redhat.com/solutions/3133781
>
> From thus articles "The message from the engine.log the problem comes with
> not editable filed.»
>
>  "Inital Run" -> Uncheck "Use Cloud-Init/Sysprep» had  already unchecked.
> And it means that another field is locked.
>
> I did support log-collector with the database dump
> # ovirt-log-collector --no-hypervisors
>
> But I didn’t find in output what field is not editable.
>
> Can you help me with it?
>
> Regards,
> Egor Panov
> System Administrator
> Skype: e.panoff
> Tel: + 7 (916) 182-62-13
>
> This e-mail and the attachments, if any, are confidential and may be
> legally privileged, and are for the sole use of the intended recipient. If
> you are not the intended recipient of this e-mail or any part of it, please
> delete it from your computer.
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZAE65GA6CNQ6BVGA6UFHNA3JEELJGGYN/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/Y3ZOFSY33QM3X4AH63MISQJO75DNINWV/

[ovirt-users] Re: oVirt 4.2 Self-hosted engine deployment fails at the end - "failed liveliness check"

[Simone Tiraboschi]

On Sun, Jul 1, 2018 at 1:18 PM Aleksander Maricq  wrote:

> I successfully deployed an oVirt 4.2 self-hosted engine setup just over 6
> months ago, and recently tried to re-install to modify hostnames on the
> engine and hypervisor.  After I cleaned up and re-ran hosted-engine
> --deploy my install failed right at the end (TASK [Wait for the engine to
> come up on the target VM]) with the following error:
> ERROR otopi.ovirt_hosted_engine_setup.ansible_utils
> ansible_utils._process_output:98 fatal
>
> and the following engine vm status:
> Engine status: {"reason": "failed liveliness check", "health": "bad",
> "vm": "up", "detail": "Up"}
>
> I opted to do a clean re-install of CentOS 7.5 and try again, but I keep
> running into the same error (see the attached logs).
>

This kind of error is typically due to the fact that the engine VM got from
DHCP an address that doesn't match what you wrote in /etc/hosts on your
host.
I'd suggest to set a temporary VNV password with
hosted-engine --add-console-password
and then connect to the engine VM over VNC to double check its network
configuration.


>
> Some details that may or may not be helpful:
>  - I'm reusing old mount points without formatting such as /home and my
> previous NFS-exported storage domain LVMs.  The root partition, swap,
> /boot, and the engine destination LVMs were all re-formatted during the
> CentOS 7.5 install or prior to attempted oVirt install.
> - I'm reusing the MAC address from the previous attempt (so that it picks
> up the static entry I put on my router).
> - I currently only have entries in /etc/hosts to map FQDNs to IPs, but the
> install fails the same way whether or not I tell the process to populate
> the engine VM's hosts file.
> - Prior to my re-install of CentOS 7.5 I tried, and was able, to log into
> the engine appliance.  I saw the hosted engine VM was listed as "down", and
> there was some temporary VM (leftover from the install process?) that I
> couldn't do anything to.
>
> Thanks in advance for your help!
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/QQMJWGYSWYKOH6UF6PPLSUJBANEWACML/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/DZJ24IEKYSIXOP25QM6O4IFPGPDO6JYP/

[ovirt-users] VM - Disks - Table too small

[Maton, Brett]

The table which displays disk info is too small when moving disks between
storage domains, probably because the progress bar is added below the
'locked' status but the table doesn't resize to accommodate the taller rows.



​
Tried in Chrome, Edge, Firefox, Internet Explorer & Safari
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3RPM6QVPJRRZSSJR4F6UMMPCDFMYWTOR/

[ovirt-users] Re: Engine Setup Error

[Sahina Bose]

It looks like a problem accessing the engine gluster volume.  Can you
provide the logs from /var/log/gluster/rhev-data*engine.log as well as the
vdsm.log from the host.

On Wed, Jul 4, 2018 at 11:07 AM, Yedidyah Bar David  wrote:

> On Tue, Jul 3, 2018 at 3:28 PM, Sakhi Hadebe  wrote:
> > Hi,
> >
> > We are deploying the hosted engine on oVirt-Node-4.2.3.1 using the
> command
> > "hosted-engine --deploy".
> >
> > After providing answers it runs the ansible script and hit the Error when
> > creating glusterfs storage domain. Attached the screenshot of the ERROR.
>
> Adding Sahina.
>
> Please check/share relevant logs from the host. Thanks.
>
> Best regards,
> --
> Didi
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SA5QSXSHIJPTXZ45JMQWDQV6OJRIKAPK/