[ovirt-users] Re: Disk blocked

2024-07-03 Thread Louis Barbonnais 
Yes, I have imported the CA and the test is successful. However, when I try to 
validate, it indicates that the ISO image is "Locked"
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/32GAYR3XILCLCLXBQK4EN7M6WNKCCWS5/

[ovirt-users] Re: Disk blocked

2024-07-03 Thread Nathanaël Blanchet via Users 
Le mercredi 03 juillet 2024 à 07:02 +, Louis Barbonnais a écrit :
> Yes, I have imported the CA and the test is successful. However, when
> I try to validate, it indicates that the ISO image is "Locked"
You could try several things:
 *  restart engine: systemctl restart ovirt-engine (no effect on the
   virtualization layer)
 *  try to unlock any locked disk with unlock_entity.sh utility
   /usr/share/ovirt-engine/setup/dbutils/unlock_entity.sh -q -t
   all___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/32GAYR3XILCLCLXBQK4EN7M6WNKCCWS5/

-- 
Nathanaël Blanchet Administrateur Systèmes et Réseaux Service
Informatique et REseau (SIRE) Département des systèmes d'information
227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5   
Tél. 33 (0)4 67 54 84 55 Fax  33 (0)4 67 54 84 14 blanc...@abes.fr
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/SS4RFPATFJNIK6FOXERJFKKH5JU7E4OT/

[ovirt-users] Re: Disk blocked

2024-07-03 Thread Louis Barbonnais 
What I have in the web interface after click of "OK":

Alias : Windows10 
ID : 28a9a01c-2e45-4968-ad03-d86d63c894fc
Attached To Storage Domain(s) : oVirt_Host-Local
Virtual Size : 4 GiB
Status : Locked
Type : Image
Description : 22H2

Previously, I click on “test” and the result is : Connection to ovirt-imageio 
was successful.

I do not know the correct command for unlock_entity.sh.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/4SIRLDUM4NWJF4EM4YEJT4HEOARC2VH6/

[ovirt-users] Re: Disk blocked

2024-07-03 Thread Louis Barbonnais 
OK, thank you, I use this command to unlock ISO disk :

/usr/share/ovirt-engine/setup/dbutils/unlock_entity.sh -t disk -i *ID DISK*
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/4LQ7E2OXNX37FDNBKK6EIGUNQO233XZ5/

[ovirt-users] Re: Disk blocked

2024-07-03 Thread Louis Barbonnais 
I can unlock and delete it, but I cannot use it. When I upload an image, it 
immediately becomes locked and does not load into oVirt.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/A2NEZEJSDREKJND2V55DS2UGSXLSV2VH/

[ovirt-users] Certificate verification error for qemu while migrating

2024-07-03 Thread Julien Deberles 
Hello,
I'm running ovirt 4.4.10 and I have the following error while I launch a VM 
migration :

Jul  3 12:37:07 ssc-sati-02 journal[958949]: Certificate [session] owner does 
not match the hostname myhostname
Jul  3 12:37:07 ssc-sati-02 journal[958949]: Certificate check failed 
Certificate [session] owner does not match the hostname myhostname
Jul  3 12:37:07 ssc-sati-02 journal[958949]: authentication failed: Failed to 
verify peer's certificate
Jul  3 12:37:07 ssc-sati-02 journal[958949]: operation failed: Failed to 
connect to remote libvirt URI qemu+tls://myhostname/system: authentication 
failed: Failed to verify peer's certificate

To avoid this error I set the following paramaters inside the 
/etc/libvirt/qemu.conf and restard vdsmd daemon.
migrate_tls_x509_verify = 0
default_tls_x509_verify = 0

But I still have the same error. Can you help me to understand why this set of 
parameters are not working as exepected ?

kind regards,
Julien
 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/DKKGCDQNEVGHQPPIU6UVQBGBRCHBJBTH/

[ovirt-users] deploy ovirt-engine4.5.6 on rockylinux9 encounter cross-origin frame error when visiting webadmin

2024-07-03 Thread taleintervenor 
We have deployed ovirt-engine on rocky9.4, "engine-setup" runs all green and 
said it completed successfully.
But when we visit https://ovirtmu.pi.sjtu.edu.cn/ovirt-engine/webadmin, UI 
report the error as:
```
2024-07-03 15:45:58,692+08 ERROR 
[org.ovirt.engine.ui.frontend.server.gwt.OvirtRemoteLoggingService] (default 
task-3) [] Uncaught exception: com.google.gwt.event.shared.UmbrellaException: 
Exception caught: (SecurityError) : Failed to read a named property 'kCb' from 
'Window': Blocked a frame with origin "https://ovirtmu.pi.sjtu.edu.cn"; from 
accessing a cross-origin frame.
at java.lang.Throwable.Throwable(Throwable.java:72)
at java.lang.RuntimeException.RuntimeException(RuntimeException.java:32)
at 
com.google.web.bindery.event.shared.UmbrellaException.UmbrellaException(UmbrellaException.java:64)
at Unknown.new t8(webadmin-0.js)
at com.google.gwt.event.shared.EventBus.$castFireEvent(EventBus.java:65)
at 
org.ovirt.engine.ui.webadmin.system.MessageReceivedEvent.fire(MessageReceivedEvent.java:21)
at 
org.ovirt.engine.ui.webadmin.system.PostMessageDispatcher.onMessage(PostMessageDispatcher.java:27)
at Unknown.c(webadmin-0.js)
Caused by: com.google.gwt.core.client.JavaScriptException: (SecurityError) : 
Failed to read a named property 'kCb' from 'Window': Blocked a frame with 
origin "https://ovirtmu.pi.sjtu.edu.cn"; from accessing a cross-origin frame.
at com.google.gwt.lang.Cast.instanceOfJso(Cast.java:211)
at 
org.ovirt.engine.ui.webadmin.plugin.jsni.JsArrayHelper.createMixedArray(JsArrayHelper.java:36)
at 
org.ovirt.engine.ui.webadmin.plugin.PluginEventHandler.lambda$16(PluginEventHandler.java:105)
at 
org.ovirt.engine.ui.webadmin.system.MessageReceivedEvent.$dispatch(MessageReceivedEvent.java:50)
at 
org.ovirt.engine.ui.webadmin.system.MessageReceivedEvent.dispatch(MessageReceivedEvent.java:50)
at com.google.gwt.event.shared.GwtEvent.dispatch(GwtEvent.java:76)
at 
com.google.web.bindery.event.shared.SimpleEventBus.$doFire(SimpleEventBus.java:173)
... 4 more
```

Version of ovirt-engine is ovirt-engine-4.5.6-1.el9.noarch, and the setup 
options are:
  --== CONFIGURATION PREVIEW ==--

  Application mode: both
  Default SAN wipe after delete   : False
  Host FQDN   : ovirtmu.pi.sjtu.edu.cn
  Firewall manager: firewalld
  Update Firewall : True
  Set up Cinderlib integration: False
  Configure local Engine database : True
  Set application as default page : True
  Configure Apache SSL: True
  Keycloak installation   : True
  Engine database host: localhost
  Engine database port: 5432
  Engine database secured connection  : False
  Engine database host name validation: False
  Engine database name: engine
  Engine database user name   : engine
  Engine installation : True
  PKI organization: pi.sjtu.edu.cn
  Set up ovirt-provider-ovn   : True
  DWH installation: True
  DWH database host   : localhost
  DWH database port   : 5432
  Configure local DWH database: True
  Grafana integration : False
  Keycloak database host  : localhost
  Keycloak database port  : 5432
  Keycloak database secured connection: False
  Keycloak database host name validation  : False
  Keycloak database name  : ovirt_engine_keycloak
  Keycloak database user name : ovirt_engine_keycloak
  Configure local Keycloak database   : True
  Configure VMConsole Proxy   : True
  Configure WebSocket Proxy   : True


Can anyone provide some suggestions on positioning the problem?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/KB2QAA6RZBTVHEJTOLI4UXCQ5F4V7XHG/

[ovirt-users] Re: [SOLVED] Re: Re: How to re-enroll (or renew) host certificates for a single-host hosted-engine deployment?

2024-07-03 Thread Pavel Vinnik via Users 
Hi,
Can you please walk your "trick" method step-by-step for me?
I have a single-hosted hosted-engine deployment. I have renewed the engine 
certificates using "engine-setup --offline" but struggling with enrolling new 
certificates for host. Host certificates are not expired for now, but i'd like 
to renew them.
Thanks in advance!
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/B7E2SIOSCFLRW6FUKYOXCTHMGI3WR5AN/

[ovirt-users] Re: New oVirt release ???

2024-07-03 Thread Dirk 


I see it documented there now too.  When I checked just a couple weeks 
ago, it still said the engine was based on CentOS Stream 8.


So does this mean that if I start with a fresh v4.5.5 oVirt Node (CentOS 
Stream 9) installation and use it to deploy the hosted engine, the 
engine will also be Stream 9.???  If yes, wonderful.


---


On 6/28/2024 2:41 AM, Sandro Bonazzola wrote:



Il giorno ven 28 giu 2024 alle ore 11:32 Nathanaël Blanchet via Users 
mailto:users@ovirt.org>> ha scritto:


Le vendredi 28 juin 2024 à 02:05 -0700, Diggy a écrit :
 >
 > Any movement towards a new oVirt release now that CentOS Stream 8 is
 > officially at EOL and the current engine is based on it?
engine and hosts can officially be installed on CentOS Stream 9 while
it is not documented. There is no major known bug.


I see it documented here: https://ovirt.org/download/index.html 

and the installation guide 
 mentions "The oVirt Engine must run on Enterprise Linux 8.7 or later." which well... not explicitly says it but includes 9.x


 >
 > Do I see oVirt v4.6 in my near future?  I'm looking for a reason to
 > build a fresh oVirt environment and migrate our 100+ VMs to it.  :)
oVirt development has been hung up since RHV eol, but some company may
continue it after finding a devops:

https://lists.ovirt.org/archives/list/users@ovirt.org/message/GPD6DRW2WTD42T24Z3SYTCER4K7GOM5R/
 

 >
 > ---
 > ___
 > Users mailing list -- users@ovirt.org 
 > To unsubscribe send an email to users-le...@ovirt.org

 > Privacy Statement: https://www.ovirt.org/privacy-policy.html

 > oVirt Code of Conduct:
 > https://www.ovirt.org/community/about/community-guidelines/

 > List Archives:
 >

https://lists.ovirt.org/archives/list/users@ovirt.org/message/KSCJTSM5VMB6BP2C2X32DU7GD6OZON5R/
 


-- 
Nathanaël Blanchet


Administrateur Systèmes et Réseaux
Service Informatique et REseau (SIRE)
Département des systèmes d'information
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax  33 (0)4 67 54 84 14
blanc...@abes.fr 
___
Users mailing list -- users@ovirt.org 
To unsubscribe send an email to users-le...@ovirt.org

Privacy Statement: https://www.ovirt.org/privacy-policy.html

oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/

List Archives:

https://lists.ovirt.org/archives/list/users@ovirt.org/message/NVHYQW34SERJFAFIUANKY4RWHPQ4RIQ3/
 




--
Sandro Bonazzola

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7GVMOKS4EP5MWQCKHPJIPBTJQ7HY4OIH/

[ovirt-users] Re: engine-setup fails: "Failed to execute stage 'Misc configuration': Command '/usr/bin/ovirt-aaa-jdbc-tool' failed to execute"

2024-07-03 Thread Brent S. 
For cross-reference, the same issue has been reported in GitHub[0] with no 
resolve or response yet.

To make matters clear, this completely prevents engine installation across 
AlmaLinux 9.x, Rocky 9.x, *and* Centos 9 Stream. This is a major blocker to new 
installs.

[0] https://github.com/oVirt/ovirt-engine/issues/945
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7PJMCROBVG2VLQVENY5SYTGCP5DHJSFZ/

[ovirt-users] Re: engine-setup fails: "Failed to execute stage 'Misc configuration': Command '/usr/bin/ovirt-aaa-jdbc-tool' failed to execute"

2024-07-03 Thread Yedidyah Bar David 
On Wed, Jun 19, 2024 at 10:38 PM Brent S.  wrote:

> As a quick update to this:
>
> # ovirt-aaa-jdbc-tool
>
>
> Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
>
>
>
> Jun 19, 2024 7:28:14 PM
> org.ovirt.engine.extension.aaa.jdbc.binding.cli.Cli main
>
>
> SEVERE: Unexpected Exception invoking Cli: Could not read properties from:
> /etc/ovirt-engine/aaa/internal.properties
>
> Which is, of course, the same message in the log.
>
> This is probably expected, since *engine-setup never actually created the
> file*:
>

Are you sure about this?


>
> # ls -la /etc/ovirt-engine/aaa
> total 4
> drwxr-xr-x.  2 root root6 Jun 19 19:27 .
> drwxr-xr-x. 18 root root 4096 Jun 19 19:27 ..
> #
>

I guess you checked the above only after engine-setup failed/finished,
right?


>
> And:
>
> 2024-06-19 19:27:10,917+ DEBUG
> otopi.plugins.ovirt_engine_setup.ovirt_engine.config.aaajdbc
> plugin.execute:923 execute-output:
> ['/usr/share/ovirt-engine-extension-aaa-jdbc/dbscripts/schema.sh', '-s',
> '[REDACTED_REMOTE_DB_HOST]', '-p', '5432', '-u',
> '[REDACTED_REMOTE_DB_USER]', '-d', '[REDACTED_REMOTE_DB_NAME]', '-e',
> 'aaa_jdbc', '-l', '/root/ovirt-engine-setup.log', '-c', 'apply'] stderr:
>
>
> 2024-06-19 19:27:10,917+ DEBUG otopi.transaction
> transaction._prepare:61 preparing 'File transaction for
> '/etc/ovirt-engine/aaa/internal.properties''
> 2024-06-19 19:27:10,917+ DEBUG otopi.filetransaction
> filetransaction.prepare:184 file
> '/etc/ovirt-engine/aaa/internal.properties' missing
>

Indeed


> 2024-06-19 19:27:10,920+ DEBUG otopi.transaction
> transaction._prepare:61 preparing 'File transaction for
> '/etc/ovirt-engine/extensions.d/internal-authn.properties''
> 2024-06-19 19:27:10,920+ DEBUG otopi.filetransaction
> filetransaction.prepare:184 file
> '/etc/ovirt-engine/extensions.d/internal-authn.properties' missing
> 2024-06-19 19:27:10,921+ DEBUG otopi.transaction
> transaction._prepare:61 preparing 'File transaction for
> '/etc/ovirt-engine/extensions.d/internal-authz.properties''
> 2024-06-19 19:27:10,921+ DEBUG otopi.filetransaction
> filetransaction.prepare:184 file
> '/etc/ovirt-engine/extensions.d/internal-authz.properties' missing
> 2024-06-19 19:27:10,921+ DEBUG
> otopi.plugins.ovirt_engine_setup.ovirt_engine.config.aaajdbc
> plugin.executeRaw:808 execute: ('/usr/bin/ovirt-aaa-jdbc-tool',
> (...)
>
> Is this because I'm using remote databases for the DWH? I was under the
> impression this was supported, especially given that engine-setup prompts
> for the host and it is documented.
>

I don't think that's related.

If you grep ovirt-engine sources, you'll find internal.properties in:

packaging/setup/ovirt_engine_setup/engine/constants.py:

AAA_JDBC_CONFIG_DB = os.path.join(
OVIRT_ENGINE_SYSCONFDIR,
'aaa',
'internal.properties'
)

If you then grep for AAA_JDBC_CONFIG_DB, you see it in:

packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/config/aaajdbc.py:

def _setupAuth(self):
self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append(
filetransaction.FileTransaction(
name=oenginecons.FileLocations.AAA_JDBC_CONFIG_DB,
...
visibleButUnsafe=True,
...
def _setupAdminUser(self):
toolArgs = (
oenginecons.FileLocations.AAA_JDBC_TOOL,
'--db-config=%s' % oenginecons.FileLocations.AAA_JDBC_CONFIG_DB,
)
...
@plugin.event(
stage=plugin.Stages.STAGE_MISC,
name=AAA_JDBC_SETUP_ADMIN_USER,
after=(
oengcommcons.Stages.DB_SCHEMA,
oengcommcons.Stages.DB_CONNECTION_AVAILABLE,
oenginecons.Stages.CONFIG_EXTENSIONS_UPGRADE,
),
before=(
oenginecons.Stages.CONFIG_AAA_ADMIN_USER_SETUP,
),
condition=lambda self: self.environment[
oenginecons.ConfigEnv.ADMIN_USER_AUTHZ_TYPE
] == self.AAA_JDBC_AUTHZ_TYPE,
)
def _misc(self):
# TODO: if we knew that aaa-jdbc package was upgraded by
engine-setup
# TODO: we could display summary note that custom profiles have to
be
# TODO: upgraded manually
self._setupSchema()
self._setupAuth()
self._setupAdminUser()
...

This means that:
At STAGE_MISC, _misc calls _setupAuth, which creates this file, and then it
calls
_setupAdminUser which tries to use it. Latter fails, and engine-setup rolls
back
the MAIN_TRANSACTION, including removing the file.

I'd start debugging this issue by:
1. Patching _setupAuth to wait (e.g. using dialog.queryBoolean, search the
source
for examples) after it creates the file, so that I can investigate it
2. Patching _setupAdminUser to wait after it runs the tool, so that I can
try to
investigate the failure - e.g. run it myself under strace, if the existing
logging
is not enough.

You can try using the otopi plugin wait_on_error for this, instead of
patching.

Good luck and best regards,
-- 
Didi
___

[ovirt-users] Re: engine-setup fails: "Failed to execute stage 'Misc configuration': Command '/usr/bin/ovirt-aaa-jdbc-tool' failed to execute"

2024-07-03 Thread Yedidyah Bar David 
On Thu, Jul 4, 2024 at 9:11 AM Yedidyah Bar David  wrote:

> On Wed, Jun 19, 2024 at 10:38 PM Brent S.  wrote:
>
>> As a quick update to this:
>>
>> # ovirt-aaa-jdbc-tool
>>
>>
>> Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
>>
>>
>>
>> Jun 19, 2024 7:28:14 PM
>> org.ovirt.engine.extension.aaa.jdbc.binding.cli.Cli main
>>
>>
>> SEVERE: Unexpected Exception invoking Cli: Could not read properties
>> from: /etc/ovirt-engine/aaa/internal.properties
>>
>> Which is, of course, the same message in the log.
>>
>> This is probably expected, since *engine-setup never actually created the
>> file*:
>>
>
> Are you sure about this?
>
>
>>
>> # ls -la /etc/ovirt-engine/aaa
>> total 4
>> drwxr-xr-x.  2 root root6 Jun 19 19:27 .
>> drwxr-xr-x. 18 root root 4096 Jun 19 19:27 ..
>> #
>>
>
> I guess you checked the above only after engine-setup failed/finished,
> right?
>
>
>>
>> And:
>>
>> 2024-06-19 19:27:10,917+ DEBUG
>> otopi.plugins.ovirt_engine_setup.ovirt_engine.config.aaajdbc
>> plugin.execute:923 execute-output:
>> ['/usr/share/ovirt-engine-extension-aaa-jdbc/dbscripts/schema.sh', '-s',
>> '[REDACTED_REMOTE_DB_HOST]', '-p', '5432', '-u',
>> '[REDACTED_REMOTE_DB_USER]', '-d', '[REDACTED_REMOTE_DB_NAME]', '-e',
>> 'aaa_jdbc', '-l', '/root/ovirt-engine-setup.log', '-c', 'apply'] stderr:
>>
>>
>> 2024-06-19 19:27:10,917+ DEBUG otopi.transaction
>> transaction._prepare:61 preparing 'File transaction for
>> '/etc/ovirt-engine/aaa/internal.properties''
>> 2024-06-19 19:27:10,917+ DEBUG otopi.filetransaction
>> filetransaction.prepare:184 file
>> '/etc/ovirt-engine/aaa/internal.properties' missing
>>
>
> Indeed
>
>
>> 2024-06-19 19:27:10,920+ DEBUG otopi.transaction
>> transaction._prepare:61 preparing 'File transaction for
>> '/etc/ovirt-engine/extensions.d/internal-authn.properties''
>> 2024-06-19 19:27:10,920+ DEBUG otopi.filetransaction
>> filetransaction.prepare:184 file
>> '/etc/ovirt-engine/extensions.d/internal-authn.properties' missing
>> 2024-06-19 19:27:10,921+ DEBUG otopi.transaction
>> transaction._prepare:61 preparing 'File transaction for
>> '/etc/ovirt-engine/extensions.d/internal-authz.properties''
>> 2024-06-19 19:27:10,921+ DEBUG otopi.filetransaction
>> filetransaction.prepare:184 file
>> '/etc/ovirt-engine/extensions.d/internal-authz.properties' missing
>> 2024-06-19 19:27:10,921+ DEBUG
>> otopi.plugins.ovirt_engine_setup.ovirt_engine.config.aaajdbc
>> plugin.executeRaw:808 execute: ('/usr/bin/ovirt-aaa-jdbc-tool',
>> (...)
>>
>> Is this because I'm using remote databases for the DWH? I was under the
>> impression this was supported, especially given that engine-setup prompts
>> for the host and it is documented.
>>
>
> I don't think that's related.
>
> If you grep ovirt-engine sources, you'll find internal.properties in:
>
> packaging/setup/ovirt_engine_setup/engine/constants.py:
>
> AAA_JDBC_CONFIG_DB = os.path.join(
> OVIRT_ENGINE_SYSCONFDIR,
> 'aaa',
> 'internal.properties'
> )
>
> If you then grep for AAA_JDBC_CONFIG_DB, you see it in:
>
> packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/config/aaajdbc.py:
>
> def _setupAuth(self):
> self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append(
> filetransaction.FileTransaction(
> name=oenginecons.FileLocations.AAA_JDBC_CONFIG_DB,
> ...
> visibleButUnsafe=True,
>

Forgot to mention: You can check otopi sources:src/otopi/filetransaction.py
to see what this means.


> ...
> def _setupAdminUser(self):
> toolArgs = (
> oenginecons.FileLocations.AAA_JDBC_TOOL,
> '--db-config=%s' %
> oenginecons.FileLocations.AAA_JDBC_CONFIG_DB,
> )
> ...
> @plugin.event(
> stage=plugin.Stages.STAGE_MISC,
> name=AAA_JDBC_SETUP_ADMIN_USER,
> after=(
> oengcommcons.Stages.DB_SCHEMA,
> oengcommcons.Stages.DB_CONNECTION_AVAILABLE,
> oenginecons.Stages.CONFIG_EXTENSIONS_UPGRADE,
> ),
> before=(
> oenginecons.Stages.CONFIG_AAA_ADMIN_USER_SETUP,
> ),
> condition=lambda self: self.environment[
> oenginecons.ConfigEnv.ADMIN_USER_AUTHZ_TYPE
> ] == self.AAA_JDBC_AUTHZ_TYPE,
> )
> def _misc(self):
> # TODO: if we knew that aaa-jdbc package was upgraded by
> engine-setup
> # TODO: we could display summary note that custom profiles have to
> be
> # TODO: upgraded manually
> self._setupSchema()
> self._setupAuth()
> self._setupAdminUser()
> ...
>
> This means that:
> At STAGE_MISC, _misc calls _setupAuth, which creates this file, and then
> it calls
> _setupAdminUser which tries to use it. Latter fails, and engine-setup
> rolls back
> the MAIN_TRANSACTION, including removing the file.
>
> I'd start debugging this issue by:
> 1. Patching _setupAuth to wait (e.g. using dialog.queryBoolean, search the
> source
> for examples) af