[ovirt-users] Communicating with ovirt agent
is there any documentation o oVirt guest agent commands? To be more precise: i need to pass commands to oVirt guest agent from hypervisor. Reading info works fine: socat /var/lib/libvirt/qemu/channel/target/domain-20- win7_32bit/com.redhat.serial.0 - {"applications": ["Python 2.7.12rc1", "SPICE Guest Tools", "Total Commander (Remove or Repair)", "Python 2.7 pywin32-216", "Microsoft .NET Framework 4.6.1", "Git version 2.9.0", "WinRAR 5.40 beta 2 (32- bit)", "Notepad++"], "__name__": "applications"} {"__name__": "host-name", "name": "WIN7_32BIT"} {"__name__": "os-version", "version": "Win 7"} I'm unable to find how to send command (lets say "shutdown") to agent?. echo "shutdown" | socat /var/lib/libvirt/qemu/channel/target/domain-20- win7_32bit/com.redhat.kvm-vdi.0 - Does not seem to work Thank you for your help. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Communicating with ovirt agent
Thank you for reply! Im trying to send JSON-formated shutdown command to windows guest vm now. Here’s small script I’ve written to test that: http://pastebin.com/usAYc7Ww But still I get no reaction from ovirt agent. Surely I’m missing something. From: Vinzenz Feenstra Sent: Friday, July 01, 2016 2:53 PM To: ta...@ring.lt Cc: users@ovirt.org Subject: Re: [ovirt-users] Communicating with ovirt agent On Jul 1, 2016, at 12:05 PM, Tadas =rote: is there any documentation o oVirt guest agent =ommands? To be more precise: i need to pass commands to =Virt guest agent from hypervisor. Reading =nfo works fine: socat =var/lib/libvirt/qemu/channel/target/domain-20- win7_32bit/com.redhat.serial.0 - {"applications": ["Python 2.7.12rc1", "SPICE Guest Tools", =Total Commander (Remove or Repair)", "Python 2.7 =ywin32-216", "Microsoft .NET Framework 4.6.1", "Git =ersion 2.9.0", "WinRAR 5.40 beta 2 (32- bit)", =Notepad++"], "__name__": "applications"} {"__name__": =host-name", "name": "WIN7_32BIT"} {"__name__": =os-version", "version": "Win 7”} Every =ommand has to be send as a whole JSON object and sent as line =erminated by a \n character The =ommands available are currently not documented however. {“__name__”: “name”,=… args} - name: =hutdown parameters: - =imeout: optional integer (seconds) =/span>- reboot: optional boolean - =essage: string - =ame: refresh parameters: - =piVersion: optiona integer =nbsp; this defines what information can be =xchanged - =ame: hibernate: parameters: - state: =isk or mem (default is disk if not specified) if you need more you can look here: https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu=st-agent/OVirtAgentLogic.py#L306 at the parseCommand =unction or just ask here :-) I'm unable to find how to send command (lets =ay "shutdown") to agent?. echo "shutdown" | socat =var/lib/libvirt/qemu/channel/target/domain-20- win7_32bit/com.redhat.kvm-vdi.0 - Does=not seem to work Thank you for your help. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users =___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Communicating with ovirt agent
Thank you very much. Seems to work now. From: Vinzenz Feenstra Sent: Friday, July 01, 2016 5:37 PM To: Tadas Cc: users@ovirt.org Subject: Re: [ovirt-users] Communicating with ovirt agent On Jul 1, 2016, at 4:24 PM, Tadas wrote: Thank you for reply! Im trying to send JSON-formated shutdown command to windows guest vm now. Here’s small script I’ve written to test that: http://pastebin.com/usAYc7Ww But still I get no reaction from ovirt agent. Surely I’m missing something. Yes the newline character send a ‘\n’ at the end and the name key must be surrounded by two underscores like in the replies __name__ not name From: Vinzenz Feenstra Sent: Friday, July 01, 2016 2:53 PM To: ta...@ring.lt Cc: users@ovirt.org Subject: Re: [ovirt-users] Communicating with ovirt agent On Jul 1, 2016, at 12:05 PM, Tadas =rote: is there any documentation o oVirt guest agent =ommands? To be more precise: i need to pass commands to =Virt guest agent from hypervisor. Reading =nfo works fine: socat =var/lib/libvirt/qemu/channel/target/domain-20- win7_32bit/com.redhat.serial.0 - {"applications": ["Python 2.7.12rc1", "SPICE Guest Tools", =Total Commander (Remove or Repair)", "Python 2.7 =ywin32-216", "Microsoft .NET Framework 4.6.1", "Git =ersion 2.9.0", "WinRAR 5.40 beta 2 (32- bit)", =Notepad++"], "__name__": "applications"} {"__name__": =host-name", "name": "WIN7_32BIT"} {"__name__": =os-version", "version": "Win 7”} Every =ommand has to be send as a whole JSON object and sent as line =erminated by a \n character The =ommands available are currently not documented however. {“__name__”: “name”,=… args} - name: =hutdown parameters: - =imeout: optional integer (seconds) =/span>- reboot: optional boolean - =essage: string - =ame: refresh parameters: - =piVersion: optiona integer =nbsp; this defines what information can be =xchanged - =ame: hibernate: parameters: - state: =isk or mem (default is disk if not specified) if you need more you can look here: https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu=st-agent/OVirtAgentLogic.py#L306 at the parseCommand =unction or just ask here :-) I'm unable to find how to send command (lets =ay "shutdown") to agent?. echo "shutdown" | socat =var/lib/libvirt/qemu/channel/target/domain-20- win7_32bit/com.redhat.kvm-vdi.0 - Does=not seem to work Thank you for your help. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users = ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Communicating with ovirt agent
Last question: anything I should know about logging in remotely (SSO)? {"__name__":"login", "parameters":[{"username":"user", "password":"secret"}]} \n should work? From: Tadas Sent: Friday, July 01, 2016 5:51 PM To: users@ovirt.org Subject: Re: [ovirt-users] Communicating with ovirt agent Thank you very much. Seems to work now. From: Vinzenz Feenstra Sent: Friday, July 01, 2016 5:37 PM To: Tadas Cc: users@ovirt.org Subject: Re: [ovirt-users] Communicating with ovirt agent On Jul 1, 2016, at 4:24 PM, Tadas wrote: Thank you for reply! Im trying to send JSON-formated shutdown command to windows guest vm now. Here’s small script I’ve written to test that: http://pastebin.com/usAYc7Ww But still I get no reaction from ovirt agent. Surely I’m missing something. Yes the newline character send a ‘\n’ at the end and the name key must be surrounded by two underscores like in the replies __name__ not name From: Vinzenz Feenstra Sent: Friday, July 01, 2016 2:53 PM To: ta...@ring.lt Cc: users@ovirt.org Subject: Re: [ovirt-users] Communicating with ovirt agent On Jul 1, 2016, at 12:05 PM, Tadas =rote: is there any documentation o oVirt guest agent =ommands? To be more precise: i need to pass commands to =Virt guest agent from hypervisor. Reading =nfo works fine: socat =var/lib/libvirt/qemu/channel/target/domain-20- win7_32bit/com.redhat.serial.0 - {"applications": ["Python 2.7.12rc1", "SPICE Guest Tools", =Total Commander (Remove or Repair)", "Python 2.7 =ywin32-216", "Microsoft .NET Framework 4.6.1", "Git =ersion 2.9.0", "WinRAR 5.40 beta 2 (32- bit)", =Notepad++"], "__name__": "applications"} {"__name__": =host-name", "name": "WIN7_32BIT"} {"__name__": =os-version", "version": "Win 7”} Every =ommand has to be send as a whole JSON object and sent as line =erminated by a \n character The =ommands available are currently not documented however. {“__name__”: “name”,=… args} - name: =hutdown parameters: - =imeout: optional integer (seconds) =/span>- reboot: optional boolean - =essage: string - =ame: refresh parameters: - =piVersion: optiona integer =nbsp; this defines what information can be =xchanged - =ame: hibernate: parameters: - state: =isk or mem (default is disk if not specified) if you need more you can look here: https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu=st-agent/OVirtAgentLogic.py#L306 at the parseCommand =unction or just ask here :-) I'm unable to find how to send command (lets =ay "shutdown") to agent?. echo "shutdown" | socat =var/lib/libvirt/qemu/channel/target/domain-20- win7_32bit/com.redhat.kvm-vdi.0 - Does=not seem to work Thank you for your help. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users = ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Communicating with ovirt agent
Got everything working now. Thank you for your help. For any users, whom it may be useful, heres the code for external (SSO) logins from hypervisor. http://paste.ubuntu.com/18435531/ On Fri, 2016-07-01 at 13:53 +0200, Vinzenz Feenstra wrote: > > > On Jul 1, 2016, at 12:05 PM, Tadas wrote: > > > > > > is there any documentation o oVirt guest agent commands? > > To be more precise: i need to pass commands to oVirt guest agent > > from > > hypervisor. > > Reading info works fine: > > > > socat /var/lib/libvirt/qemu/channel/target/domain-20- > > win7_32bit/com.redhat.serial.0 - > > > > {"applications": ["Python 2.7.12rc1", "SPICE Guest Tools", "Total > > Commander (Remove or Repair)", "Python 2.7 pywin32-216", "Microsoft > > .NET Framework 4.6.1", "Git version 2.9.0", "WinRAR 5.40 beta 2 > > (32- > > bit)", "Notepad++"], "__name__": "applications"} > > {"__name__": "host-name", "name": "WIN7_32BIT"} > > {"__name__": "os-version", "version": "Win 7”} > > Every command has to be send as a whole JSON object and sent as line > terminated by a \n character > > The commands available are currently not documented however. > > {“__name__”: “name”, … args} > > - name: shutdown > parameters: > - timeout: optional integer (seconds) > - reboot: optional boolean > - message: string > > - name: refresh > parameters: > - apiVersion: optiona integer > this defines what information can be exchanged > > - name: hibernate: > parameters: > - state: disk or mem (default is disk if not specified) > > if you need more you can look here: https://github.com/oVirt/ovirt-g > uest-agent/blob/master/ovirt-guest-agent/OVirtAgentLogic.py#L306 at > the parseCommand function > or just ask here :-) > > > > > I'm unable to find how to send command (lets say "shutdown") to > > agent?. > > echo "shutdown" | socat > > /var/lib/libvirt/qemu/channel/target/domain-20- > > win7_32bit/com.redhat.kvm-vdi.0 - > > Does not seem to work > > Thank you for your help. > > ___ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Communicating with ovirt agent
Yes, and it works fine. Though we went for a simplier solution. Also, one of problems is that oVirt is very distribution-oriented. To use it on distributions different than Redhat requires lots of tuning. On Mon, 2016-07-04 at 11:11 +0300, Yaniv Kaul wrote: > > > On Mon, Jul 4, 2016 at 10:25 AM, Tadas wrote: > > I'm developing a simple VDI solution for our university. And I find > > "windows-credprov" and "virt-agent" very useful to provide SSO from > > user dashboard to VM. > > > > But we already provide SSO functionality in oVirt. With Active > Directory integration. > Y. > > > > On Mon, 2016-07-04 at 10:00 +0300, Yaniv Kaul wrote: > > > > > > > > > On Mon, Jul 4, 2016 at 9:16 AM, Tadas wrote: > > > > Got everything working now. > > > > > > Great to hear. > > > What is your use case? > > > Y. > > > > > > > Thank you for your help. > > > > For any users, whom it may be useful, heres the code for > > external > > > > (SSO) > > > > logins from hypervisor. > > > > > > > > http://paste.ubuntu.com/18435531/ > > > > > > > > On Fri, 2016-07-01 at 13:53 +0200, Vinzenz Feenstra wrote: > > > > > > > > > > > On Jul 1, 2016, at 12:05 PM, Tadas wrote: > > > > > > > > > > > > > > > > > > is there any documentation o oVirt guest agent commands? > > > > > > To be more precise: i need to pass commands to oVirt guest > > > > agent > > > > > > from > > > > > > hypervisor. > > > > > > Reading info works fine: > > > > > > > > > > > > socat /var/lib/libvirt/qemu/channel/target/domain-20- > > > > > > win7_32bit/com.redhat.serial.0 - > > > > > > > > > > > > {"applications": ["Python 2.7.12rc1", "SPICE Guest Tools", > > > > "Total > > > > > > Commander (Remove or Repair)", "Python 2.7 pywin32-216", > > > > "Microsoft > > > > > > .NET Framework 4.6.1", "Git version 2.9.0", "WinRAR 5.40 > > beta 2 > > > > > > (32- > > > > > > bit)", "Notepad++"], "__name__": "applications"} > > > > > > {"__name__": "host-name", "name": "WIN7_32BIT"} > > > > > > {"__name__": "os-version", "version": "Win 7”} > > > > > > > > > > Every command has to be send as a whole JSON object and sent > > as > > > > line > > > > > terminated by a \n character > > > > > > > > > > The commands available are currently not documented however. > > > > > > > > > > {“__name__”: “name”, … args} > > > > > > > > > > - name: shutdown > > > > > parameters: > > > > > - timeout: optional integer (seconds) > > > > > - reboot: optional boolean > > > > > - message: string > > > > > > > > > > - name: refresh > > > > > parameters: > > > > > - apiVersion: optiona integer > > > > > this defines what information can be exchanged > > > > > > > > > > - name: hibernate: > > > > > parameters: > > > > > - state: disk or mem (default is disk if not specified) > > > > > > > > > > if you need more you can look here: https://github.com/oVirt > > /ovi > > > > rt-g > > > > > uest-agent/blob/master/ovirt-guest- > > > > agent/OVirtAgentLogic.py#L306 at > > > > > the parseCommand function > > > > > or just ask here :-) > > > > > > > > > > > > > > > > > I'm unable to find how to send command (lets say > > "shutdown") to > > > > > > agent?. > > > > > > echo "shutdown" | socat > > > > > > /var/lib/libvirt/qemu/channel/target/domain-20- > > > > > > win7_32bit/com.redhat.kvm-vdi.0 - > > > > > > Does not seem to work > > > > > > Thank you for your help. > > > > > > ___ > > > > > > Users mailing list > > > > > > Users@ovirt.org > > > > > > http://lists.ovirt.org/mailman/listinfo/users > > > > > > > > > ___ > > > > Users mailing list > > > > Users@ovirt.org > > > > http://lists.ovirt.org/mailman/listinfo/users > > > > > > > > > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Communicating with ovirt agent
We are mostly using Debian based distros (Debian, Ubuntu). And since this is a massive project it takes much time to adopt it to different distro and also maintain it. On the other hand our project is in production at the moment and the only thing that was still unfinished was SSO part. With help of oVirt agents it will take little time to extend SSO in our code. Indeed, it is EL (CentOS, Scientific, etc.) friendly. Which distribution are you looking for? (And of course, patches are welcome). Y. On Mon, 2016-07-04 at 11:11 +0300, Yaniv Kaul wrote: > > > On Mon, Jul 4, 2016 at 10:25 AM, Tadas wrote: > > I'm developing a simple VDI solution for our university. And I find > > "windows-credprov" and "virt-agent" very useful to provide SSO from > > user dashboard to VM. > > > > But we already provide SSO functionality in oVirt. With Active > Directory integration. > Y. > > > > On Mon, 2016-07-04 at 10:00 +0300, Yaniv Kaul wrote: > > > > > > > > > On Mon, Jul 4, 2016 at 9:16 AM, Tadas wrote: > > > > Got everything working now. > > > > > > Great to hear. > > > What is your use case? > > > Y. > > > > > > > Thank you for your help. > > > > For any users, whom it may be useful, heres the code for > > external > > > > (SSO) > > > > logins from hypervisor. > > > > > > > > http://paste.ubuntu.com/18435531/ > > > > > > > > On Fri, 2016-07-01 at 13:53 +0200, Vinzenz Feenstra wrote: > > > > > > > > > > > On Jul 1, 2016, at 12:05 PM, Tadas wrote: > > > > > > > > > > > > > > > > > > is there any documentation o oVirt guest agent commands? > > > > > > To be more precise: i need to pass commands to oVirt guest > > > > agent > > > > > > from > > > > > > hypervisor. > > > > > > Reading info works fine: > > > > > > > > > > > > socat /var/lib/libvirt/qemu/channel/target/domain-20- > > > > > > win7_32bit/com.redhat.serial.0 - > > > > > > > > > > > > {"applications": ["Python 2.7.12rc1", "SPICE Guest Tools", > > > > "Total > > > > > > Commander (Remove or Repair)", "Python 2.7 pywin32-216", > > > > "Microsoft > > > > > > .NET Framework 4.6.1", "Git version 2.9.0", "WinRAR 5.40 > > beta 2 > > > > > > (32- > > > > > > bit)", "Notepad++"], "__name__": "applications"} > > > > > > {"__name__": "host-name", "name": "WIN7_32BIT"} > > > > > > {"__name__": "os-version", "version": "Win 7”} > > > > > > > > > > Every command has to be send as a whole JSON object and sent > > as > > > > line > > > > > terminated by a \n character > > > > > > > > > > The commands available are currently not documented however. > > > > > > > > > > {“__name__”: “name”, … args} > > > > > > > > > > - name: shutdown > > > > > parameters: > > > > > - timeout: optional integer (seconds) > > > > > - reboot: optional boolean > > > > > - message: string > > > > > > > > > > - name: refresh > > > > > parameters: > > > > > - apiVersion: optiona integer > > > > > this defines what information can be exchanged > > > > > > > > > > - name: hibernate: > > > > > parameters: > > > > > - state: disk or mem (default is disk if not specified) > > > > > > > > > > if you need more you can look here: https://github.com/oVirt > > /ovi > > > > rt-g > > > > > uest-agent/blob/master/ovirt-guest- > > > > agent/OVirtAgentLogic.py#L306 at > > > > > the parseCommand function > > > > > or just ask here :-) > > > > > > > > > > > > > > > > > I'm unable to find how to send command (lets say > > "shutdown") to > > > > > > agent?. > > > > > > echo "shutdown" | socat > > > > > > /var/lib/libvirt/qemu/channel/target/domain-20- > > > > > > win7_32bit/com.redhat.kvm-vdi.0 - > > > > > > Does not seem to work > > > > > > Thank you for your help. > > > > > > ___ > > > > > > Users mailing list > > > > > > Users@ovirt.org > > > > > > http://lists.ovirt.org/mailman/listinfo/users > > > > > > > > > ___ > > > > Users mailing list > > > > Users@ovirt.org > > > > http://lists.ovirt.org/mailman/listinfo/users > > > > > > > > > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Debian linux and oVirt SSO
Hello, i'm struggling to get oVirt SSO working on Linux guest VM. I can confirm, that SSO is fully functional on Windows guest (please note it's not a full oVirt installation - I'm just testing oVirt guest agent on virtual machines running on plain KVM hypervisor). Steps I've made: got oVirt guest agent up and running, I can communicate with it from hypervisor: socat /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm- vdi.0 - {"__name__": "os-version", "version": "4.6.0-1-amd64"} Compiled and copied pam_ovirt_cred.so to /lib/x86_64-linux-gnu/security Configured /etc/pam.d/kdm-ovirt-cred with: %PAM-1.0 authrequiredpam_ovirt_cred.so authinclude password-auth account include password-auth passwordinclude password-auth session requiredpam_selinux.so close session requiredpam_selinux.so open session include password-auth Compiled and copied kgreet_ovirtcred.so to /usr/lib/kde4 Configured /etc/kde4/kdm/kdmrc with: PluginsLogin=ovirtcred Symptoms: After starting kdm, I get login prompt with barely visible title (I assume it should spell "oVirt Authentication" from kgreet_ovirtcred.cpp). Username and password boxes are inactive - i cannot enter anything to them. After emitting username/password to oVirt agent, I can see the following log entries: Dummy-1::INFO::2016-07-15 12:29:51,628::CredServer::207::root::The following users are allowed to connect: [0] Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::273::root::Opening credentials channel... Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::132::root::Emitting user authenticated signal (509542). CredChannel::INFO::2016-07-15 12:29:56,634::CredServer::241::root::Credentials channel timed out. The only thing that worries me, - are the entries in kdm.log file: klauncher(6100) kdemain: No DBUS session-bus found. Check if you have started the DBUS server. Since oVirt guest agent sends wakeup message to greeter plugin via Dbus, perhaps this is the problem? Maybe someone had the same problem here? This happens on Debian 8 and 9. Thank you. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Debian linux and oVirt SSO
SSO part as simple as emitting correctly formed json to spice socket, - as I’ve mentioned before, this works fine with windows guests. Problem is only with linux guests. As for undocummented API, yes, – you are right, documentation should help alot. It takes time to reverse engineer code. But having full oVirt solution or not does not change the thing, that there’s something wrong with linux kde plugin. I’m very confident, that this will persist if used Linux guest on oVirt. Perhaps this is just Debian oriented problem, so I was wondering if anyone had the same issue here. From: Yaniv Kaul Sent: Friday, July 15, 2016 3:57 PM To: ta...@ring.lt Cc: users Subject: Re: [ovirt-users] Debian linux and oVirt SSO Part of the issue is that you are missing quite a bit of the orchestration that oVirt performs to make SSO work... There may some other issues, but I warmly suggest using oVirt and not the undocumented APIs - which may or may not change in the future, between the agent and other components. Y. Steps I've made: got oVirt guest agent up and running, I can communicate with it from hypervisor: socat /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm- vdi.0 - {"__name__": "os-version", "version": "4.6.0-1-amd64"} Compiled and copied pam_ovirt_cred.so to /lib/x86_64-linux-gnu/security Configured /etc/pam.d/kdm-ovirt-cred with: %PAM-1.0 authrequiredpam_ovirt_cred.so authinclude password-auth account include password-auth passwordinclude password-auth session requiredpam_selinux.so close session requiredpam_selinux.so open session include password-auth Compiled and copied kgreet_ovirtcred.so to /usr/lib/kde4 Configured /etc/kde4/kdm/kdmrc with: PluginsLogin=ovirtcred Symptoms: After starting kdm, I get login prompt with barely visible title (I assume it should spell "oVirt Authentication" from kgreet_ovirtcred.cpp). Username and password boxes are inactive - i cannot enter anything to them. After emitting username/password to oVirt agent, I can see the following log entries: Dummy-1::INFO::2016-07-15 12:29:51,628::CredServer::207::root::The following users are allowed to connect: [0] Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::273::root::Opening credentials channel... Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::132::root::Emitting user authenticated signal (509542). CredChannel::INFO::2016-07-15 12:29:56,634::CredServer::241::root::Credentials channel timed out. The only thing that worries me, - are the entries in kdm.log file: klauncher(6100) kdemain: No DBUS session-bus found. Check if you have started the DBUS server. Since oVirt guest agent sends wakeup message to greeter plugin via Dbus, perhaps this is the problem? Maybe someone had the same problem here? This happens on Debian 8 and 9. Thank you. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Debian linux and oVirt SSO
Thank you for reply. you =hould just add ovirtcred and not remove all the other options, without =he other options you’re not able to login There are other options, i’ve just changed the folowing parameter: PluginsLogin=ovirtcred should i use somekind of plugin list and add the classic plugin also? eg: PluginsLogin=classic, ovirtcred To me =t looks like that you’re missing https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu=st-agent/org.ovirt.vdsm.Credentials.conf seems you are right. Now i do see ovirt in dbus sessions: DISPLAY=:0.0 dbus-send --system --dest=org.freedesktop.DBus --type=method_call --print-reply /org/freedesktop/DBus org.freedesktop.DBus.ListNames array [ string "org.freedesktop.DBus" string "org.freedesktop.login1" string ":1.72" string ":1.171" string "org.freedesktop.systemd1" string "org.freedesktop.PolicyKit1" string ":1.360" string ":1.66" string "org.freedesktop.PackageKit" string ":1.67" string "org.freedesktop.UPower" string ":1.363" string ":1.0" string "org.freedesktop.UDisks2" string ":1.68" string ":1.364" string "org.ovirt.vdsm.Credentials" string ":1.365" string ":1.366" string "org.freedesktop.RealtimeKit1" ] But still getting the samer error: Dummy-1::INFO::2016-07-15 18:08:12,299::OVirtAgentLogic::294::root::Received an external command: login... Dummy-1::INFO::2016-07-15 18:08:12,300::CredServer::207::root::The following users are allowed to connect: [0] Dummy-1::INFO::2016-07-15 18:08:12,300::CredServer::273::root::Opening credentials channel... Dummy-1::INFO::2016-07-15 18:08:12,300::CredServer::132::root::Emitting user authenticated signal (656949). CredChannel::INFO::2016-07-15 18:08:17,306::CredServer::241::root::Credentials channel timed out. Dummy-1::INFO::2016-07-15 18:08:17,307::CredServer::277::root::Credentials channel was closed. However the KDM support =s basically not really developed anymore as the majority of our users =re rather using GDM. So there’s quite the possibility that =here’s a problem. Well, i’m having different issues while trying to compile gdm plugin: configure: error: Package requirements (dbus-glib-1 >= 0.74 gdmsimplegreeter >= 3.2.1.1 gobject-2.0 >= 2.22.0 gtk+-2.0 >= 2.18.0 ) were not met: Package gdmsimplegreeter was not found in the pkg-config search path. Found no information, o how to get gdmsimplegreeter. Thank you. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users =___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Debian linux and oVirt SSO
Aha. Thank you. Will try this one From: Vinzenz Feenstra Sent: Friday, July 15, 2016 7:35 PM To: Tadas Cc: users@ovirt.org Subject: Re: [ovirt-users] Debian linux and oVirt SSO On Jul 15, 2016, at 5:09 PM, Tadas wrote: Thank you for reply. you =hould just add ovirtcred and not remove all the other options, without =he other options you’re not able to login There are other options, i’ve just changed the folowing parameter: PluginsLogin=ovirtcred should i use somekind of plugin list and add the classic plugin also? eg: PluginsLogin=classic, ovirtcred To me =t looks like that you’re missing https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-gu=st-agent/org.ovirt.vdsm.Credentials.conf seems you are right. Now i do see ovirt in dbus sessions: DISPLAY=:0.0 dbus-send --system --dest=org.freedesktop.DBus --type=method_call --print-reply /org/freedesktop/DBus org.freedesktop.DBus.ListNames array [ string "org.freedesktop.DBus" string "org.freedesktop.login1" string ":1.72" string ":1.171" string "org.freedesktop.systemd1" string "org.freedesktop.PolicyKit1" string ":1.360" string ":1.66" string "org.freedesktop.PackageKit" string ":1.67" string "org.freedesktop.UPower" string ":1.363" string ":1.0" string "org.freedesktop.UDisks2" string ":1.68" string ":1.364" string "org.ovirt.vdsm.Credentials" string ":1.365" string ":1.366" string "org.freedesktop.RealtimeKit1" ] But still getting the samer error: Dummy-1::INFO::2016-07-15 18:08:12,299::OVirtAgentLogic::294::root::Received an external command: login... Dummy-1::INFO::2016-07-15 18:08:12,300::CredServer::207::root::The following users are allowed to connect: [0] Dummy-1::INFO::2016-07-15 18:08:12,300::CredServer::273::root::Opening credentials channel... Dummy-1::INFO::2016-07-15 18:08:12,300::CredServer::132::root::Emitting user authenticated signal (656949). CredChannel::INFO::2016-07-15 18:08:17,306::CredServer::241::root::Credentials channel timed out. Dummy-1::INFO::2016-07-15 18:08:17,307::CredServer::277::root::Credentials channel was closed. However the KDM support =s basically not really developed anymore as the majority of our users =re rather using GDM. So there’s quite the possibility that =here’s a problem. Well, i’m having different issues while trying to compile gdm plugin: configure: error: Package requirements (dbus-glib-1 >= 0.74 gdmsimplegreeter >= 3.2.1.1 gobject-2.0 >= 2.22.0 gtk+-2.0 >= 2.18.0 ) were not met: Package gdmsimplegreeter was not found in the pkg-config search path. Found no information, o how to get gdmsimplegreeter. That’s for GDM < 3.8ish from 3.10 we have the GDM SSO code builtin GNOME you only need that the conf file and the pam extension plus the gdm-ovirtcred pam config Thank you. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users = ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Debian linux and oVirt SSO
After moving to gdm, I've managed to solve the timeout issue. Now i bumped into another one: oVirt agent seem to emit credentials without error: Dummy-1::DEBUG::2016-07-18 09:29:53,293::OVirtAgentLogic::304::root::User log-in (credentials = '\x00\x00\x00\x04test\x00') Dummy-1::INFO::2016-07-18 09:29:53,293::CredServer::207::root::The following users are allowed to connect: [0] Dummy-1::DEBUG::2016-07-18 09:29:53,294::CredServer::272::root::Token: 250954 Dummy-1::INFO::2016-07-18 09:29:53,294::CredServer::273::root::Opening credentials channel... Dummy-1::INFO::2016-07-18 09:29:53,294::CredServer::132::root::Emitting user authenticated signal (250954). Dummy-1::INFO::2016-07-18 09:29:53,349::CredServer::277::root::Credentials channel was closed. But pam module is failing: gdm-ovirtcred]: pam_ovirt_cred(gdm-ovirtcred:auth): Failed to acquire user's credentials After poking a bit I've managed to find, that module fails on: if (ret == -1) { D(("send() failed.")); return -1; } in cred_channel.c Also, i have to mention, that there's no /etc/pamd/password-auth file in Debian Linux. I've copied it from Centos (it is needed by gdm- ovirtcred.pam) > > ___ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Debian linux and oVirt SSO
This is really interesting. pam-ovirt-cred is randomly failing on one of two checks: https://github.com/oVirt/ovirt-guest-agent/blob/master/pam-ovirt-cred/c red_channel.c#L107 and https://github.com/oVirt/ovirt-guest-agent/blob/master/pam-ovirt-cred/c red_channel.c#L134 Theres no pattern, on which step it will fail. Sometimes it fails on writing to socket sometimes on reading: Jul 18 14:11:02 desktop64 cred-debug: recv() failed Jul 18 14:11:14 desktop64 cred-debug: send() failed Jul 18 14:11:18 desktop64 cred-debug: recv() failed Jul 18 14:11:23 desktop64 cred-debug: recv() failed Jul 18 14:11:28 desktop64 cred-debug: send() failed Jul 18 14:11:33 desktop64 cred-debug: recv() failedOn Mon, 2016-07-18 at 09:51 +0300, Tadas wrote: > After moving to gdm, I've managed to solve the timeout issue. Now i > bumped into another one: > oVirt agent seem to emit credentials without error: > > Dummy-1::DEBUG::2016-07-18 > 09:29:53,293::OVirtAgentLogic::304::root::User log-in (credentials = > '\x00\x00\x00\x04test\x00') > Dummy-1::INFO::2016-07-18 09:29:53,293::CredServer::207::root::The > following users are allowed to connect: [0] > Dummy-1::DEBUG::2016-07-18 > 09:29:53,294::CredServer::272::root::Token: > 250954 > Dummy-1::INFO::2016-07-18 > 09:29:53,294::CredServer::273::root::Opening > credentials channel... > Dummy-1::INFO::2016-07-18 > 09:29:53,294::CredServer::132::root::Emitting > user authenticated signal (250954). > Dummy-1::INFO::2016-07-18 > 09:29:53,349::CredServer::277::root::Credentials channel was closed. > > But pam module is failing: > gdm-ovirtcred]: pam_ovirt_cred(gdm-ovirtcred:auth): Failed to acquire > user's credentials > > After poking a bit I've managed to find, that module fails on: > > if (ret == -1) { > D(("send() failed.")); > return -1; > } > > in cred_channel.c > > > Also, i have to mention, that there's no /etc/pamd/password-auth file > in Debian Linux. I've copied it from Centos (it is needed by gdm- > ovirtcred.pam) > > > ___ > > > Users mailing list > > > Users@ovirt.org > > > http://lists.ovirt.org/mailman/listinfo/users > > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Debian linux and oVirt SSO
ovirt agent stops on this line and code below it is not executed: https://github.com/oVirt/ovirt-guest-agent/blob/master/ovirt-guest-agen t/CredServer.py#L147 On Mon, 2016-07-18 at 14:12 +0300, Tadas wrote: > This is really interesting. > pam-ovirt-cred is randomly failing on one of two checks: > > https://github.com/oVirt/ovirt-guest-agent/blob/master/pam-ovirt-cred > /c > red_channel.c#L107 > > and > > https://github.com/oVirt/ovirt-guest-agent/blob/master/pam-ovirt-cred > /c > red_channel.c#L134 > > Theres no pattern, on which step it will fail. Sometimes it fails on > writing to socket sometimes on reading: > > Jul 18 14:11:02 desktop64 cred-debug: recv() failed > Jul 18 14:11:14 desktop64 cred-debug: send() failed > Jul 18 14:11:18 desktop64 cred-debug: recv() failed > Jul 18 14:11:23 desktop64 cred-debug: recv() failed > Jul 18 14:11:28 desktop64 cred-debug: send() failed > Jul 18 14:11:33 desktop64 cred-debug: recv() failedOn Mon, 2016-07-18 > at 09:51 +0300, Tadas wrote: > > After moving to gdm, I've managed to solve the timeout issue. Now i > > bumped into another one: > > oVirt agent seem to emit credentials without error: > > > > Dummy-1::DEBUG::2016-07-18 > > 09:29:53,293::OVirtAgentLogic::304::root::User log-in (credentials > > = > > '\x00\x00\x00\x04test\x00') > > Dummy-1::INFO::2016-07-18 09:29:53,293::CredServer::207::root::The > > following users are allowed to connect: [0] > > Dummy-1::DEBUG::2016-07-18 > > 09:29:53,294::CredServer::272::root::Token: > > 250954 > > Dummy-1::INFO::2016-07-18 > > 09:29:53,294::CredServer::273::root::Opening > > credentials channel... > > Dummy-1::INFO::2016-07-18 > > 09:29:53,294::CredServer::132::root::Emitting > > user authenticated signal (250954). > > Dummy-1::INFO::2016-07-18 > > 09:29:53,349::CredServer::277::root::Credentials channel was > > closed. > > > > But pam module is failing: > > gdm-ovirtcred]: pam_ovirt_cred(gdm-ovirtcred:auth): Failed to > > acquire > > user's credentials > > > > After poking a bit I've managed to find, that module fails on: > > > > if (ret == -1) { > > D(("send() failed.")); > > return -1; > > } > > > > in cred_channel.c > > > > > > Also, i have to mention, that there's no /etc/pamd/password-auth > > file > > in Debian Linux. I've copied it from Centos (it is needed by gdm- > > ovirtcred.pam) > > > > ___ > > > > Users mailing list > > > > Users@ovirt.org > > > > http://lists.ovirt.org/mailman/listinfo/users > > > > > ___ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Fedora 24 SSO
Hello, I'm having problems to get SSO working on Fedora24 guest. The following packages are installed on guest: ovirt-guest-agent-common.noarch1.0.12- 3.fc24@updates ovirt-guest-agent-gdm-plugin.noarch1.0.12- 3.fc24@updates ovirt-guest-agent-pam-module.x86_641.0.12- 3.fc24@updates When user tries to login, the following lines are displayed in ovirt- guest-agent.log Dummy-3::DEBUG::2016-07-22 08:21:09,614::GuestAgentLinux2::152::root::PkgMgr: list_pkgs returns [['kernel-4.5.5-300.fc24', 'xorg-x11-drv-qxl-0.1.4-7.fc24', 'ovirt- guest-agent-common-1.0.12-3.fc24']] Dummy-3::DEBUG::2016-07-22 08:21:09,614::OVirtAgentLogic::197::root::Sending applications with args {'applications': ['kernel-4.5.5-300.fc24', 'xorg-x11-drv-qxl- 0.1.4-7.fc24', 'ovirt-guest-agent-common-1.0.12-3.fc24']} Dummy-2::INFO::2016-07-22 08:21:10,302::OVirtAgentLogic::307::root::Received an external command: login... Dummy-2::DEBUG::2016-07-22 08:21:10,302::OVirtAgentLogic::341::root::User log-in (credentials = '\x00\x00\x00\x04test\x00') Dummy-2::DEBUG::2016-07-22 08:21:10,302::OVirtAgentLogic::280::root::AgentLogicBase::doListen() - in loop before vio.read But guest does not react in any way, it just displays login screen. Also there's anything in /var/log/secure log file. It seems that pam module is not accessed. Thank you. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Fedora 24 SSO
Thank you. This did the trickOn Tue, 2016-07-26 at 12:26 +0200, Vinzenz Feenstra wrote: > > > On Jul 26, 2016, at 11:39 AM, Vinzenz Feenstra > > wrote: > > > > > On Jul 22, 2016, at 7:38 AM, Tadas wrote: > > > > > > Hello, > > > I'm having problems to get SSO working on Fedora24 guest. > > > > > > The following packages are installed on guest: > > > > > > ovirt-guest-agent-common.noarch 1.0.12- > > > 3.fc24 @updates > > > ovirt-guest-agent-gdm-plugin.noarch 1.0.12- > > > 3.fc24 @updates > > > ovirt-guest-agent-pam-module.x86_64 1.0.12- > > > 3.fc24 @updates > > > > > > > > > When user tries to login, the following lines are displayed in > > > ovirt- > > > guest-agent.log > > > > > > > > > Dummy-3::DEBUG::2016-07-22 > > > 08:21:09,614::GuestAgentLinux2::152::root::PkgMgr: list_pkgs > > > returns > > > [['kernel-4.5.5-300.fc24', 'xorg-x11-drv-qxl-0.1.4-7.fc24', > > > 'ovirt- > > > guest-agent-common-1.0.12-3.fc24']] > > > Dummy-3::DEBUG::2016-07-22 > > > 08:21:09,614::OVirtAgentLogic::197::root::Sending applications > > > with > > > args {'applications': ['kernel-4.5.5-300.fc24', 'xorg-x11-drv- > > > qxl- > > > 0.1.4-7.fc24', 'ovirt-guest-agent-common-1.0.12-3.fc24']} > > > Dummy-2::INFO::2016-07-22 > > > 08:21:10,302::OVirtAgentLogic::307::root::Received an external > > > command: > > > login... > > > Dummy-2::DEBUG::2016-07-22 > > > 08:21:10,302::OVirtAgentLogic::341::root::User log-in > > > (credentials = > > > '\x00\x00\x00\x04test\x00') > > > Dummy-2::DEBUG::2016-07-22 > > > 08:21:10,302::OVirtAgentLogic::280::root::AgentLogicBase::doListe > > > n() - > > > in loop before vio.read > > Hello there, > > > > I am sorry for the delay I had to find the time to spin up a new > > test VM for this and was quite busy yesterday. > > > > The reason is a missing dependency which causes the Credential > > Server not to be started. Please run the following commands as > > root: > > > > # dnf install pygobject2 -y && systemctl restart ovirt-guest-agent > > > > and it should work > > > > I will fix the dependency issue in the repository > > The dependency issue is fixed in the fedora updates testing > repository - ovirt-guest-agent-common-1.0.12-4.fc24 contains the fix > > > thanks for your report! > > > > > > > > > > > But guest does not react in any way, it just displays login > > > screen. > > > Also there's anything in /var/log/secure log file. It seems that > > > pam > > > module is not accessed. > > > Thank you. > > > ___ > > > Users mailing list > > > Users@ovirt.org > > > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Debian - based OS and SSO
Hello, still having issues with ovirt SSO and Debian OS. Other OSes (Windows/Fedora 24) works just fine. Some information: OS: Debian 8.5 (jessie) I've followed manual on https://www.ovirt.org/documentation/how-to/gues t-agent/install-the-guest-agent-in-debian/ and installed ovirt-agent. I can get info via spice socket on hypervisor side, this means that agent works fine. I've compiled pam-ovirt-cred and copied it into /lib/x86_64-linux- gnu/security/ I've configured /etc/pamd/gdm-ovirtcred (just copied from working Fedora 24) But still login fails. I can see this in ovirt-agent log file: Dummy-2::INFO::2016-07-28 12:49:51,046::OVirtAgentLogic::270::root::Received an external command: login... Dummy-2::DEBUG::2016-07-28 12:49:51,047::OVirtAgentLogic::304::root::User log-in (credentials = '\x00\x00\x00\x04test\x00') Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::207::root::The following users are allowed to connect: [0] Dummy-2::DEBUG::2016-07-28 12:49:51,047::CredServer::272::root::Token: 760258 Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::273::root::Opening credentials channel... Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::132::root::Emitting user authenticated signal (760258). Dummy-2::INFO::2016-07-28 12:49:51,178::CredServer::277::root::Credentials channel was closed. This looks okay. The error is on pam side (auth.log): Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm- ovirtcred:auth): error retrieving user name: Conversation error Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_ovirt_cred(gdm- ovirtcred:auth): Failed to acquire user's credentials Have no idea, where it fails. Would appreciate, if you could help me here a bit. Thank you. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Debian - based OS and SSO
Thank you for your reply. Strange, but i do not see any errors in gdm debug log, just this: http://paste.ubuntu.com/21275558/ I will try installing debian unstable and several ubuntu versions tomorrow. From: Vinzenz Feenstra Sent: Thursday, July 28, 2016 4:18 PM To: ta...@ring.lt Cc: users Subject: Re: [ovirt-users] Debian - based OS and SSO On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra wrote: On Jul 28, 2016, at 11:53 AM, Tadas wrote: Hello, still having issues with ovirt SSO and Debian OS. Other OSes (Windows/Fedora 24) works just fine. Some information: OS: Debian 8.5 (jessie) I've followed manual on https://www.ovirt.org/documentation/how-to/gues t-agent/install-the-guest-agent-in-debian/ and installed ovirt-agent. I can get info via spice socket on hypervisor side, this means that agent works fine. I've compiled pam-ovirt-cred and copied it into /lib/x86_64-linux- gnu/security/ It should be in /lib/security afaik I've configured /etc/pamd/gdm-ovirtcred (just copied from working Fedora 24) replace in that file all occurences of password-auth with passwd But still login fails. I can see this in ovirt-agent log file: It some how fails for me in some cases with this now: Correction its here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794064 https://bugs.freedesktop.org/show_bug.cgi?id=71525 There’s not much I can do about that though Dummy-2::INFO::2016-07-28 12:49:51,046::OVirtAgentLogic::270::root::Received an external command: login... Dummy-2::DEBUG::2016-07-28 12:49:51,047::OVirtAgentLogic::304::root::User log-in (credentials = '\x00\x00\x00\x04test\x00') Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::207::root::The following users are allowed to connect: [0] Dummy-2::DEBUG::2016-07-28 12:49:51,047::CredServer::272::root::Token: 760258 Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::273::root::Opening credentials channel... Dummy-2::INFO::2016-07-28 12:49:51,047::CredServer::132::root::Emitting user authenticated signal (760258). Dummy-2::INFO::2016-07-28 12:49:51,178::CredServer::277::root::Credentials channel was closed. This looks okay. The error is on pam side (auth.log): Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm- ovirtcred:auth): error retrieving user name: Conversation error Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_ovirt_cred(gdm- ovirtcred:auth): Failed to acquire user's credentials Have no idea, where it fails. Would appreciate, if you could help me here a bit. Thank you. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Debian - based OS and SSO
Yes, it seems that authentication does not work in any of debian releases. Oh well. On Fri, 2016-07-29 at 09:37 +0200, Vinzenz Feenstra wrote: > > > On Jul 28, 2016, at 4:11 PM, Tadas wrote: > > > > Thank you for your reply. > > Strange, but i do not see any errors in gdm debug log, just this: > > http://paste.ubuntu.com/21275558/ > > Well if it works for you, the better. It didn’t work for me though > > > > > > I will try installing debian unstable and several ubuntu versions > > tomorrow. > > > > From: Vinzenz Feenstra > > Sent: Thursday, July 28, 2016 4:18 PM > > To: ta...@ring.lt > > Cc: users > > Subject: Re: [ovirt-users] Debian - based OS and SSO > > > > > > > On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra > > m> wrote: > > > > > > > > > > On Jul 28, 2016, at 11:53 AM, Tadas wrote: > > > > > > > > Hello, > > > > still having issues with ovirt SSO and Debian OS. > > > > Other OSes (Windows/Fedora 24) works just fine. > > > > Some information: > > > > OS: Debian 8.5 (jessie) > > > > I've followed manual on https://www.ovirt.org/documentation/how > > > > -to/gues > > > > t-agent/install-the-guest-agent-in-debian/ and installed ovirt- > > > > agent. > > > > I can get info via spice socket on hypervisor side, this means > > > > that > > > > agent works fine. > > > > I've compiled pam-ovirt-cred and copied it into /lib/x86_64- > > > > linux- > > > > gnu/security/ > > > > > > It should be in /lib/security afaik > > > > > > > I've configured /etc/pamd/gdm-ovirtcred (just copied from > > > > working > > > > Fedora 24) > > > > > > replace in that file all occurences of password-auth with passwd > > > > > > > > > > > > > > But still login fails. I can see this in ovirt-agent log file: > > > > > > It some how fails for me in some cases with this now: > > > > > > > Correction its here: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794064 > > > > > https://bugs.freedesktop.org/show_bug.cgi?id=71525 > > > > > > There’s not much I can do about that though > > > > > > > > > > > > > > > > > Dummy-2::INFO::2016-07-28 > > > > 12:49:51,046::OVirtAgentLogic::270::root::Received an external > > > > command: > > > > login... > > > > Dummy-2::DEBUG::2016-07-28 > > > > 12:49:51,047::OVirtAgentLogic::304::root::User log-in > > > > (credentials = > > > > '\x00\x00\x00\x04test\x00') > > > > Dummy-2::INFO::2016-07-28 > > > > 12:49:51,047::CredServer::207::root::The > > > > following users are allowed to connect: [0] > > > > Dummy-2::DEBUG::2016-07-28 > > > > 12:49:51,047::CredServer::272::root::Token: > > > > 760258 > > > > Dummy-2::INFO::2016-07-28 > > > > 12:49:51,047::CredServer::273::root::Opening > > > > credentials channel... > > > > Dummy-2::INFO::2016-07-28 > > > > 12:49:51,047::CredServer::132::root::Emitting > > > > user authenticated signal (760258). > > > > Dummy-2::INFO::2016-07-28 > > > > 12:49:51,178::CredServer::277::root::Credentials channel was > > > > closed. > > > > > > > > > > > > > > > > > > > > This looks okay. The error is on pam side (auth.log): > > > > > > > > Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_succeed_if(gdm- > > > > ovirtcred:auth): error retrieving user name: Conversation error > > > > Jul 28 12:49:39 desktop64 gdm-ovirtcred]: pam_ovirt_cred(gdm- > > > > ovirtcred:auth): Failed to acquire user's credentials > > > > > > > > Have no idea, where it fails. > > > > Would appreciate, if you could help me here a bit. > > > > Thank you. > > > > > > > > > > > > ___ > > > > Users mailing list > > > > Users@ovirt.org > > > > http://lists.ovirt.org/mailman/listinfo/users > > > > > > > ___ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Debian - based OS and SSO
There's another interesting error thrown out from ovirt-guest agent, when you try to login: Jul 29 13:30:24 jessie python[1969]: Exception in thread CredChannel: Ju l 29 13:30:24 jessie python[1969]: Traceback (most recent call last): Ju l 29 13:30:24 jessie python[1969]: File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner Jul 29 13:30:24 jessie python[1969]: self.run() Jul 29 13:30:24 jessie python[1969]: File "/usr/share/ovirt-guest-agent/CredServer.py", line 217, in run Jul 29 13:30:24 jessie python[1969]: cred = self._read_cred(conn) Jul 29 13:30:24 jessie python[1969]: File "/usr/share/ovirt-guest-agent/CredServer.py", line 146, in _read_cred Ju l 29 13:30:24 jessie python[1969]: conn.setsockopt(socket.SOL_SOCKET, socket.SO_PASSCRED, 1) Jul 29 13:30:24 jessie python[1969]: AttributeError: 'module' object has no attribute 'SO_PASSCRED' On Fri, 2016-07-29 at 13:13 +0300, Tadas wrote: > Yes, it seems that authentication does not work in any of debian > releases. Oh well. > On Fri, 2016-07-29 at 09:37 +0200, Vinzenz Feenstra wrote: > > > > > > > > > > On Jul 28, 2016, at 4:11 PM, Tadas wrote: > > > > > > Thank you for your reply. > > > Strange, but i do not see any errors in gdm debug log, just this: > > > http://paste.ubuntu.com/21275558/ > > > > Well if it works for you, the better. It didn’t work for me though > > > > > > > > > > > > > I will try installing debian unstable and several ubuntu versions > > > tomorrow. > > > > > > From: Vinzenz Feenstra > > > Sent: Thursday, July 28, 2016 4:18 PM > > > To: ta...@ring.lt > > > Cc: users > > > Subject: Re: [ovirt-users] Debian - based OS and SSO > > > > > > > > > > > > > > On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra > > > co > > > > m> wrote: > > > > > > > > > > > > > > > > > > On Jul 28, 2016, at 11:53 AM, Tadas wrote: > > > > > > > > > > Hello, > > > > > still having issues with ovirt SSO and Debian OS. > > > > > Other OSes (Windows/Fedora 24) works just fine. > > > > > Some information: > > > > > OS: Debian 8.5 (jessie) > > > > > I've followed manual on https://www.ovirt.org/documentation/h > > > > > ow > > > > > -to/gues > > > > > t-agent/install-the-guest-agent-in-debian/ and installed > > > > > ovirt- > > > > > agent. > > > > > I can get info via spice socket on hypervisor side, this > > > > > means > > > > > that > > > > > agent works fine. > > > > > I've compiled pam-ovirt-cred and copied it into /lib/x86_64- > > > > > linux- > > > > > gnu/security/ > > > > > > > > It should be in /lib/security afaik > > > > > > > > > > > > > > I've configured /etc/pamd/gdm-ovirtcred (just copied from > > > > > working > > > > > Fedora 24) > > > > > > > > replace in that file all occurences of password-auth with > > > > passwd > > > > > > > > > > > > > > > > > > > > > > > But still login fails. I can see this in ovirt-agent log > > > > > file: > > > > > > > > It some how fails for me in some cases with this now: > > > > > > > > > > Correction its here: > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794064 > > > > > > > > > > > https://bugs.freedesktop.org/show_bug.cgi?id=71525 > > > > > > > > There’s not much I can do about that though > > > > > > > > > > > > > > > > > > > > > > > > > > > Dummy-2::INFO::2016-07-28 > > > > > 12:49:51,046::OVirtAgentLogic::270::root::Received an > > > > > external > > > > > command: > > > > > login... > > > > > Dummy-2::DEBUG::2016-07-28 > > > > > 12:49:51,047::OVirtAgentLogic::304::root::User log-in > > > > > (credentials = > > > > > '\x00\x00\x00\x04test\x00') > > > > > Dummy-2::INFO::2016-07-28 > > > > > 12:49:51,047::CredServer::207::root::The > > > > > following users are allowed
Re: [ovirt-users] Debian - based OS and SSO
As far as I understand, there's something really wrong with credential check on Debian distribution. ovirt-agent fails to set PASSCRED flag on socket and thus throws exception. If i try to catch it, it fails silently and agent is unable to get credentials from pam module via socket. So it fails credential check. If I comment out credential validation segment in CredServer.py, authentication seems to pass, gdm3 tries to load user profile and then crashes: http://paste.ubuntu.com/21391057/ On Fri, 2016-07-29 at 13:35 +0300, Tadas wrote: > There's another interesting error thrown out from ovirt-guest agent, > when you try to login: > > > Jul 29 13:30:24 jessie python[1969]: Exception in thread CredChannel: > Ju > l 29 13:30:24 jessie python[1969]: Traceback (most recent call last): > Ju > l 29 13:30:24 jessie python[1969]: File > "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner > Jul 29 > 13:30:24 jessie python[1969]: self.run() > Jul 29 13:30:24 jessie > python[1969]: File "/usr/share/ovirt-guest-agent/CredServer.py", > line > 217, in run > Jul 29 13:30:24 jessie python[1969]: cred = > self._read_cred(conn) > Jul 29 13:30:24 jessie python[1969]: File > "/usr/share/ovirt-guest-agent/CredServer.py", line 146, in _read_cred > Ju > l 29 13:30:24 jessie > python[1969]: conn.setsockopt(socket.SOL_SOCKET, > socket.SO_PASSCRED, 1) > Jul 29 13:30:24 jessie python[1969]: > AttributeError: 'module' object has no attribute 'SO_PASSCRED' > > > > On Fri, 2016-07-29 at 13:13 +0300, Tadas wrote: > > > > Yes, it seems that authentication does not work in any of debian > > releases. Oh well. > > On Fri, 2016-07-29 at 09:37 +0200, Vinzenz Feenstra wrote: > > > > > > > > > > > > > > > > > > > > > On Jul 28, 2016, at 4:11 PM, Tadas wrote: > > > > > > > > Thank you for your reply. > > > > Strange, but i do not see any errors in gdm debug log, just > > > > this: > > > > http://paste.ubuntu.com/21275558/ > > > > > > Well if it works for you, the better. It didn’t work for me > > > though > > > > > > > > > > > > > > > > > > > > > > I will try installing debian unstable and several ubuntu > > > > versions > > > > tomorrow. > > > > > > > > From: Vinzenz Feenstra > > > > Sent: Thursday, July 28, 2016 4:18 PM > > > > To: ta...@ring.lt > > > > Cc: users > > > > Subject: Re: [ovirt-users] Debian - based OS and SSO > > > > > > > > > > > > > > > > > > > > > > > On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra > > > > t. > > > > > co > > > > > m> wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Jul 28, 2016, at 11:53 AM, Tadas wrote: > > > > > > > > > > > > Hello, > > > > > > still having issues with ovirt SSO and Debian OS. > > > > > > Other OSes (Windows/Fedora 24) works just fine. > > > > > > Some information: > > > > > > OS: Debian 8.5 (jessie) > > > > > > I've followed manual on https://www.ovirt.org/documentation > > > > > > /h > > > > > > ow > > > > > > -to/gues > > > > > > t-agent/install-the-guest-agent-in-debian/ and installed > > > > > > ovirt- > > > > > > agent. > > > > > > I can get info via spice socket on hypervisor side, this > > > > > > means > > > > > > that > > > > > > agent works fine. > > > > > > I've compiled pam-ovirt-cred and copied it into > > > > > > /lib/x86_64- > > > > > > linux- > > > > > > gnu/security/ > > > > > > > > > > It should be in /lib/security afaik > > > > > > > > > > > > > > > > > > > > > > > I've configured /etc/pamd/gdm-ovirtcred (just copied from > > > > > > working > > > > > > Fedora 24) > > > > > > > > > > replace in that file all occurences of password-auth with > > > > > passwd > > > > > > > > > > > > > > > > &
Re: [ovirt-users] Debian - based OS and SSO
Okay, now its different story. ovirt-agent finally passes through all login steps: Dummy-1::INFO::2016-07-29 14:37:38,088::OVirtAgentLogic::294::root::Received an external command: login... Dummy-1::DEBUG::2016-07-29 14:37:38,088::OVirtAgentLogic::328::root::User log-in (credentials = '\x00\x00\x00\x04test\x00') Dummy-1::INFO::2016-07-29 14:37:38,088::CredServer::207::root::The following users are allowed to connect: [0] Dummy-1::DEBUG::2016-07-29 14:37:38,088::CredServer::272::root::Token: 493871 Dummy-1::INFO::2016-07-29 14:37:38,088::CredServer::273::root::Opening credentials channel... Dummy-1::INFO::2016-07-29 14:37:38,089::CredServer::132::root::Emitting user authenticated signal (493871). CredChannel::DEBUG::2016-07-29 14:37:38,159::CredServer::166::root::Receiving user's credential ret = 2 errno = 0 CredChannel::DEBUG::2016-07-29 14:37:38,159::CredServer::177::root::cmsgp: len=28 level=1 type=2 CredChannel::INFO::2016-07-29 14:37:38,159::CredServer::225::root::Incomming connection from user: 0 process: 4343 CredChannel::INFO::2016-07-29 14:37:38,159::CredServer::232::root::Sending user's credential (token: 493871) Dummy-1::INFO::2016-07-29 14:37:38,160::CredServer::277::root::Credentials channel was closed. Though gdm3 fails to load session with following error: http://paste.ubuntu.com/21392715/ On Fri, 2016-07-29 at 13:25 +0200, Vinzenz Feenstra wrote: > > > > On Jul 29, 2016, at 12:35 PM, Tadas wrote: > > > > There's another interesting error thrown out from ovirt-guest > > agent, > > when you try to login: > > > > > > Jul 29 13:30:24 jessie python[1969]: Exception in thread > > CredChannel: > > Ju > > l 29 13:30:24 jessie python[1969]: Traceback (most recent call > > last): > > Ju > > l 29 13:30:24 jessie python[1969]: File > > "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner > > Jul 29 > > 13:30:24 jessie python[1969]: self.run() > > Jul 29 13:30:24 jessie > > python[1969]: File "/usr/share/ovirt-guest-agent/CredServer.py", > > line > > 217, in run > > Jul 29 13:30:24 jessie python[1969]: cred = > > self._read_cred(conn) > > Jul 29 13:30:24 jessie python[1969]: File > > "/usr/share/ovirt-guest-agent/CredServer.py", line 146, in > > _read_cred > > Ju > > l 29 13:30:24 jessie > > python[1969]: conn.setsockopt(socket.SOL_SOCKET, > > socket.SO_PASSCRED, 1) > > Jul 29 13:30:24 jessie python[1969]: > > AttributeError: 'module' object has no attribute ‘SO_PASSCRED' > > I knew I forgot about something, yes you’re right - I fixed that > manually and continued and forgot about it. > > SO_PASSCRED seems not to be actually available by default on python. > The systems we supported so far (excluding the debian based ones) had > this constant available. > Long story short: You can replace socket.SO_PASSCRED with the value > 16 for now and it should work as expected. > > > > > > > > > > > > > On Fri, 2016-07-29 at 13:13 +0300, Tadas wrote: > > > > > > Yes, it seems that authentication does not work in any of debian > > > releases. Oh well. > > > On Fri, 2016-07-29 at 09:37 +0200, Vinzenz Feenstra wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > On Jul 28, 2016, at 4:11 PM, Tadas wrote: > > > > > > > > > > Thank you for your reply. > > > > > Strange, but i do not see any errors in gdm debug log, just > > > > > this: > > > > > http://paste.ubuntu.com/21275558/ > > > > > > > > Well if it works for you, the better. It didn’t work for me > > > > though > > > > > > > > > > > > > > > > > > > > > > > > > > > > I will try installing debian unstable and several ubuntu > > > > > versions > > > > > tomorrow. > > > > > > > > > > From: Vinzenz Feenstra > > > > > Sent: Thursday, July 28, 2016 4:18 PM > > > > > To: ta...@ring.lt > > > > > Cc: users > > > > > Subject: Re: [ovirt-users] Debian - based OS and SSO > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Jul 28, 2016, at 3:11 PM, Vinzenz Feenstra > > > > > hat. > > > > > > co > > > > > > m> wrote: > > > > > > > > &g
Re: [ovirt-users] Debian - based OS and SSO
It seems that gdm3 is trying to start xserver using user, which was passed to pam-ovirt plugin rights. It fails due lack of permissions on some devices. After changing permissions a bit, I'm getting following errors: Jul 29 14:56:01 jessie gdm3: GdmManager: trying to register new display Jul 29 14:56:01 jessie gdm3: GdmManager: Error while retrieving session id for sender: Error getting session id from systemd: No such device or address Jul 29 14:56:01 jessie gdm-x-session: Could not register display: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: No display available Okay, after poking around a bit, i've found solution: On Debian based distros you need this kind of /etc/pam.d/gdm-ovirtcred #%PAM-1.0 authrequiredpam_ovirt_cred.so authinclude passwd account include passwd passwordinclude passwd session requiredpam_systemd.so open session include passwd Now it seems, that login works just fine. THank you for your help. On Fri, 2016-07-29 at 14:41 +0300, Tadas wrote: > Okay, now its different story. ovirt-agent finally passes through all > login steps: > > Dummy-1::INFO::2016-07-29 > 14:37:38,088::OVirtAgentLogic::294::root::Received an external > command: > login... > Dummy-1::DEBUG::2016-07-29 > 14:37:38,088::OVirtAgentLogic::328::root::User log-in (credentials = > '\x00\x00\x00\x04test\x00') > Dummy-1::INFO::2016-07-29 14:37:38,088::CredServer::207::root::The > following users are allowed to connect: [0] > Dummy-1::DEBUG::2016-07-29 > 14:37:38,088::CredServer::272::root::Token: > 493871 > Dummy-1::INFO::2016-07-29 > 14:37:38,088::CredServer::273::root::Opening > credentials channel... > Dummy-1::INFO::2016-07-29 > 14:37:38,089::CredServer::132::root::Emitting > user authenticated signal (493871). > CredChannel::DEBUG::2016-07-29 > 14:37:38,159::CredServer::166::root::Receiving user's credential ret > = > 2 errno = 0 > CredChannel::DEBUG::2016-07-29 > 14:37:38,159::CredServer::177::root::cmsgp: len=28 level=1 type=2 > CredChannel::INFO::2016-07-29 > 14:37:38,159::CredServer::225::root::Incomming connection from user: > 0 > process: 4343 > CredChannel::INFO::2016-07-29 > 14:37:38,159::CredServer::232::root::Sending user's credential > (token: > 493871) > Dummy-1::INFO::2016-07-29 > 14:37:38,160::CredServer::277::root::Credentials channel was closed. > > > Though gdm3 fails to load session with following error: > > http://paste.ubuntu.com/21392715/ > > On Fri, 2016-07-29 at 13:25 +0200, Vinzenz Feenstra wrote: > > > > > > > > > > > On Jul 29, 2016, at 12:35 PM, Tadas wrote: > > > > > > There's another interesting error thrown out from ovirt-guest > > > agent, > > > when you try to login: > > > > > > > > > Jul 29 13:30:24 jessie python[1969]: Exception in thread > > > CredChannel: > > > Ju > > > l 29 13:30:24 jessie python[1969]: Traceback (most recent call > > > last): > > > Ju > > > l 29 13:30:24 jessie python[1969]: File > > > "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner > > > Jul 29 > > > 13:30:24 jessie python[1969]: self.run() > > > Jul 29 13:30:24 jessie > > > python[1969]: File "/usr/share/ovirt-guest- > > > agent/CredServer.py", > > > line > > > 217, in run > > > Jul 29 13:30:24 jessie python[1969]: cred = > > > self._read_cred(conn) > > > Jul 29 13:30:24 jessie python[1969]: File > > > "/usr/share/ovirt-guest-agent/CredServer.py", line 146, in > > > _read_cred > > > Ju > > > l 29 13:30:24 jessie > > > python[1969]: conn.setsockopt(socket.SOL_SOCKET, > > > socket.SO_PASSCRED, 1) > > > Jul 29 13:30:24 jessie python[1969]: > > > AttributeError: 'module' object has no attribute ‘SO_PASSCRED' > > > > I knew I forgot about something, yes you’re right - I fixed that > > manually and continued and forgot about it. > > > > SO_PASSCRED seems not to be actually available by default on > > python. > > The systems we supported so far (excluding the debian based ones) > > had > > this constant available. > > Long story short: You can replace socket.SO_PASSCRED with the value > > 16 for now and it should work as expected. > > > > > > > > > > > > > > > > > > > > > > > > On Fri, 2016-07-29 at 13:13 +0300, Tadas wrote: > > > > > > > > > > > > Yes, it seems that authent
Re: [ovirt-users] Multipath iSCSI with several IPs
Multipath is more a SAN thing, - not a tcp/ip. You should use something like LACP group on two (or more) of your network interfaces. Also you will have to configure your switch accordingly. You will not have to worry about second ip. LACP bonded interface will use one IP, but will fail-over to one of nics if needed. From: James Michels Sent: Thursday, August 4, 2016 5:13 PM To: users Subject: [ovirt-users] Multipath iSCSI with several IPs Hello, I want to add an iSCSI based storage domain. For that I add a domain on the Storage tab with one of the IPs (say 10.10.10.1), but for failover purposes I'd like to use multipath to add a failover IP so if the first one fails, LUNs can be reached via the second (say 10.10.10.2). How can this be done in oVirt 4.0.1? I have not seen a way how to add the second IP for multipath purposes. Thank you James ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] ovirt-Guest-agent CPU usage
Hello groups, we are having problem with ovirt-guest agent on Windows os. When started, agent fully utilizes one core (if machine has single core, then you will see 100% CPU usage, if there are two cores, then you will get 50% usage etc). Usage does not drop and persists for a whole time ovirt agent is running. This happens on windows 7 32 and 64 versions and also on windows 10. Have anybody had the same issue? Thank you. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt-Guest-agent CPU usage
It seems, that if socket is not opened at hypervisor side, ovirt agent starts to loop with loads of "VirtIoCHannel::200::root::Written" messages per second. If hypervisor opens ovirt socket, then cpu usage drops to normal state. Is this intentional? This does not happen on Linux guest. On Thu, 2016-08-11 at 13:05 +0300, Tadas wrote: > Hello groups, > > we are having problem with ovirt-guest agent on Windows os. When > started, agent fully utilizes one core (if machine has single core, > then you will see 100% CPU usage, if there are two cores, then you > will > get 50% usage etc). Usage does not drop and persists for a whole time > ovirt agent is running. This happens on windows 7 32 and 64 versions > and also on windows 10. Have anybody had the same issue? > Thank you. > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt-Guest-agent CPU usage
"socat pathtosocketfile -" This gives me all information about VM from ovirtagent. But as soon as i close reading socket, ovirt agent loops in itself and uses whole single core. If i socat again - load drops and I can see information from agent again. So problem is that you allways need to have socket open for read or write on hypervisor side. If not - ovirt agent will consume one cpu thread. And this happens only in Windows VM. On Thu, 2016-08-11 at 14:01 +0200, Vinzenz Feenstra wrote: > > > > On Aug 11, 2016, at 12:21 PM, Tadas wrote: > > > > It seems, that if socket is not opened at hypervisor side, ovirt > > agent > > starts to loop with loads of "VirtIoCHannel::200::root::Written" > > messages per second. > > You probably don’t have the virtio drivers for the channel > communication installed > > please install the VirtIO Console drivers on that machine and > restart the agent service > > > > > If hypervisor opens ovirt socket, then cpu usage drops to normal > > state. > > Is this intentional? This does not happen on Linux guest. > > On Thu, 2016-08-11 at 13:05 +0300, Tadas wrote: > > > > > > Hello groups, > > > > > > we are having problem with ovirt-guest agent on Windows os. When > > > started, agent fully utilizes one core (if machine has single > > > core, > > > then you will see 100% CPU usage, if there are two cores, then > > > you > > > will > > > get 50% usage etc). Usage does not drop and persists for a whole > > > time > > > ovirt agent is running. This happens on windows 7 32 and 64 > > > versions > > > and also on windows 10. Have anybody had the same issue? > > > Thank you. > > > ___ > > > Users mailing list > > > Users@ovirt.org > > > http://lists.ovirt.org/mailman/listinfo/users > > ___ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt-Guest-agent CPU usage
Sorry, managed to send corrupted message. I do not think there's problems with virtio console drivers. I've installed ovirt guest tools iso from http://resources.ovirt.org/pub. Also I can read data from ovirt agent on hypervisor side by using socat: "socat pathtosocketfile -" This gives me all information about VM from ovirtagent. But as soon as i close reading socket, ovirt agent loops in itself and uses whole single core. If i socat again - load drops and I can see information from agent again. So problem is that you allways need to have socket open for read or write on hypervisor side. If not - ovirt agent will consume one cpu thread. And this happens only in Windows VM. On Thu, 2016-08-11 at 15:13 +0300, Tadas wrote: > "socat pathtosocketfile -" > This gives me all information about VM from ovirtagent. But as soon > as > i close reading socket, ovirt agent loops in itself and uses whole > single core. If i socat again - load drops and I can see information > from agent again. So problem is that you allways need to have socket > open for read or write on hypervisor side. If not - ovirt agent will > consume one cpu thread. And this happens only in Windows VM. > > > On Thu, 2016-08-11 at 14:01 +0200, Vinzenz Feenstra wrote: > > > > > > > > > > > On Aug 11, 2016, at 12:21 PM, Tadas wrote: > > > > > > It seems, that if socket is not opened at hypervisor side, ovirt > > > agent > > > starts to loop with loads of "VirtIoCHannel::200::root::Written" > > > messages per second. > > > > You probably don’t have the virtio drivers for the channel > > communication installed > > > > please install the VirtIO Console drivers on that machine and > > restart the agent service > > > > > > > > > > > If hypervisor opens ovirt socket, then cpu usage drops to normal > > > state. > > > Is this intentional? This does not happen on Linux guest. > > > On Thu, 2016-08-11 at 13:05 +0300, Tadas wrote: > > > > > > > > > > > > Hello groups, > > > > > > > > we are having problem with ovirt-guest agent on Windows os. > > > > When > > > > started, agent fully utilizes one core (if machine has single > > > > core, > > > > then you will see 100% CPU usage, if there are two cores, then > > > > you > > > > will > > > > get 50% usage etc). Usage does not drop and persists for a > > > > whole > > > > time > > > > ovirt agent is running. This happens on windows 7 32 and 64 > > > > versions > > > > and also on windows 10. Have anybody had the same issue? > > > > Thank you. > > > > ___ > > > > Users mailing list > > > > Users@ovirt.org > > > > http://lists.ovirt.org/mailman/listinfo/users > > > ___ > > > Users mailing list > > > Users@ovirt.org > > > http://lists.ovirt.org/mailman/listinfo/users > > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt-Guest-agent CPU usage
I've used http://resources.ovirt.org/pub/ovirt-3.6/iso/oVirt-toolsSetup/3.6-3/oVirt-toolsSetup_3.6-3.fc23.iso But also, i've compiled ovirt guest agent from sources from github and had the same result. -Original Message- From: Vinzenz Feenstra Sent: Thursday, August 11, 2016 3:39 PM To: ta...@ring.lt Cc: users@ovirt.org Subject: Re: [ovirt-users] ovirt-Guest-agent CPU usage On Aug 11, 2016, at 2:20 PM, Tadas wrote: Sorry, managed to send corrupted message. I do not think there's problems with virtio console drivers. I've installed ovirt guest tools iso from http://resources.ovirt.org/pub. Also I can read data from ovirt agent on hypervisor side by using socat: "socat pathtosocketfile -" This gives me all information about VM from ovirtagent. But as soon as i close reading socket, ovirt agent loops in itself and uses whole single core. If i socat again - load drops and I can see information from agent again. So problem is that you allways need to have socket open for read or write on hypervisor side. If not - ovirt agent will consume one cpu thread. And this happens only in Windows VM. Can you please give me the exact version of the ISO you’re using? I need to determine if you have the fixed one or if there’s another bug, the latest version should have this fixed already. On Thu, 2016-08-11 at 15:13 +0300, Tadas wrote: "socat pathtosocketfile -" This gives me all information about VM from ovirtagent. But as soon as i close reading socket, ovirt agent loops in itself and uses whole single core. If i socat again - load drops and I can see information from agent again. So problem is that you allways need to have socket open for read or write on hypervisor side. If not - ovirt agent will consume one cpu thread. And this happens only in Windows VM. On Thu, 2016-08-11 at 14:01 +0200, Vinzenz Feenstra wrote: On Aug 11, 2016, at 12:21 PM, Tadas wrote: It seems, that if socket is not opened at hypervisor side, ovirt agent starts to loop with loads of "VirtIoCHannel::200::root::Written" messages per second. You probably don’t have the virtio drivers for the channel communication installed please install the VirtIO Console drivers on that machine and restart the agent service If hypervisor opens ovirt socket, then cpu usage drops to normal state. Is this intentional? This does not happen on Linux guest. On Thu, 2016-08-11 at 13:05 +0300, Tadas wrote: Hello groups, we are having problem with ovirt-guest agent on Windows os. When started, agent fully utilizes one core (if machine has single core, then you will see 100% CPU usage, if there are two cores, then you will get 50% usage etc). Usage does not drop and persists for a whole time ovirt agent is running. This happens on windows 7 32 and 64 versions and also on windows 10. Have anybody had the same issue? Thank you. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt-Guest-agent CPU usage
I will try to compile it again. I've installed via ovirt commandline "OVirtGuestService.exe -install". Maybe i've managed to put wrong daemon. Will try this again. Thank you. -Original Message- From: Vinzenz Feenstra Sent: Thursday, August 11, 2016 4:24 PM To: Tadas Cc: users@ovirt.org Subject: Re: [ovirt-users] ovirt-Guest-agent CPU usage On Aug 11, 2016, at 3:08 PM, Tadas wrote: I've used http://resources.ovirt.org/pub/ovirt-3.6/iso/oVirt-toolsSetup/3.6-3/oVirt-toolsSetup_3.6-3.fc23.iso Well this one has not the fixed issue But also, i've compiled ovirt guest agent from sources from github and had the same result. The github version starting from March 15th 2016 (master / ovirt-4.0 / ovirt-3.6 branches) should actually not cause 100% CPU usage since there’s a sleep in case of an error, which seems to be happening here. So you installed and started it how then? Are you sure that it doesn’t execute the other one? -Original Message- From: Vinzenz Feenstra Sent: Thursday, August 11, 2016 3:39 PM To: ta...@ring.lt Cc: users@ovirt.org Subject: Re: [ovirt-users] ovirt-Guest-agent CPU usage On Aug 11, 2016, at 2:20 PM, Tadas wrote: Sorry, managed to send corrupted message. I do not think there's problems with virtio console drivers. I've installed ovirt guest tools iso from http://resources.ovirt.org/pub. Also I can read data from ovirt agent on hypervisor side by using socat: "socat pathtosocketfile -" This gives me all information about VM from ovirtagent. But as soon as i close reading socket, ovirt agent loops in itself and uses whole single core. If i socat again - load drops and I can see information from agent again. So problem is that you allways need to have socket open for read or write on hypervisor side. If not - ovirt agent will consume one cpu thread. And this happens only in Windows VM. Can you please give me the exact version of the ISO you’re using? I need to determine if you have the fixed one or if there’s another bug, the latest version should have this fixed already. On Thu, 2016-08-11 at 15:13 +0300, Tadas wrote: "socat pathtosocketfile -" This gives me all information about VM from ovirtagent. But as soon as i close reading socket, ovirt agent loops in itself and uses whole single core. If i socat again - load drops and I can see information from agent again. So problem is that you allways need to have socket open for read or write on hypervisor side. If not - ovirt agent will consume one cpu thread. And this happens only in Windows VM. On Thu, 2016-08-11 at 14:01 +0200, Vinzenz Feenstra wrote: On Aug 11, 2016, at 12:21 PM, Tadas wrote: It seems, that if socket is not opened at hypervisor side, ovirt agent starts to loop with loads of "VirtIoCHannel::200::root::Written" messages per second. You probably don’t have the virtio drivers for the channel communication installed please install the VirtIO Console drivers on that machine and restart the agent service If hypervisor opens ovirt socket, then cpu usage drops to normal state. Is this intentional? This does not happen on Linux guest. On Thu, 2016-08-11 at 13:05 +0300, Tadas wrote: Hello groups, we are having problem with ovirt-guest agent on Windows os. When started, agent fully utilizes one core (if machine has single core, then you will see 100% CPU usage, if there are two cores, then you will get 50% usage etc). Usage does not drop and persists for a whole time ovirt agent is running. This happens on windows 7 32 and 64 versions and also on windows 10. Have anybody had the same issue? Thank you. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt-Guest-agent CPU usage
Thank you again. Recompiling to latest ovirt agent solved issue. -Original Message- From: Vinzenz Feenstra Sent: Thursday, August 11, 2016 4:24 PM To: Tadas Cc: users@ovirt.org Subject: Re: [ovirt-users] ovirt-Guest-agent CPU usage On Aug 11, 2016, at 3:08 PM, Tadas wrote: I've used http://resources.ovirt.org/pub/ovirt-3.6/iso/oVirt-toolsSetup/3.6-3/oVirt-toolsSetup_3.6-3.fc23.iso Well this one has not the fixed issue But also, i've compiled ovirt guest agent from sources from github and had the same result. The github version starting from March 15th 2016 (master / ovirt-4.0 / ovirt-3.6 branches) should actually not cause 100% CPU usage since there’s a sleep in case of an error, which seems to be happening here. So you installed and started it how then? Are you sure that it doesn’t execute the other one? -Original Message- From: Vinzenz Feenstra Sent: Thursday, August 11, 2016 3:39 PM To: ta...@ring.lt Cc: users@ovirt.org Subject: Re: [ovirt-users] ovirt-Guest-agent CPU usage On Aug 11, 2016, at 2:20 PM, Tadas wrote: Sorry, managed to send corrupted message. I do not think there's problems with virtio console drivers. I've installed ovirt guest tools iso from http://resources.ovirt.org/pub. Also I can read data from ovirt agent on hypervisor side by using socat: "socat pathtosocketfile -" This gives me all information about VM from ovirtagent. But as soon as i close reading socket, ovirt agent loops in itself and uses whole single core. If i socat again - load drops and I can see information from agent again. So problem is that you allways need to have socket open for read or write on hypervisor side. If not - ovirt agent will consume one cpu thread. And this happens only in Windows VM. Can you please give me the exact version of the ISO you’re using? I need to determine if you have the fixed one or if there’s another bug, the latest version should have this fixed already. On Thu, 2016-08-11 at 15:13 +0300, Tadas wrote: "socat pathtosocketfile -" This gives me all information about VM from ovirtagent. But as soon as i close reading socket, ovirt agent loops in itself and uses whole single core. If i socat again - load drops and I can see information from agent again. So problem is that you allways need to have socket open for read or write on hypervisor side. If not - ovirt agent will consume one cpu thread. And this happens only in Windows VM. On Thu, 2016-08-11 at 14:01 +0200, Vinzenz Feenstra wrote: On Aug 11, 2016, at 12:21 PM, Tadas wrote: It seems, that if socket is not opened at hypervisor side, ovirt agent starts to loop with loads of "VirtIoCHannel::200::root::Written" messages per second. You probably don’t have the virtio drivers for the channel communication installed please install the VirtIO Console drivers on that machine and restart the agent service If hypervisor opens ovirt socket, then cpu usage drops to normal state. Is this intentional? This does not happen on Linux guest. On Thu, 2016-08-11 at 13:05 +0300, Tadas wrote: Hello groups, we are having problem with ovirt-guest agent on Windows os. When started, agent fully utilizes one core (if machine has single core, then you will see 100% CPU usage, if there are two cores, then you will get 50% usage etc). Usage does not drop and persists for a whole time ovirt agent is running. This happens on windows 7 32 and 64 versions and also on windows 10. Have anybody had the same issue? Thank you. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users