[ovirt-devel] oVirt messages from engine to vdsm

Mon May 7 09:22:14 UTC 2018

Hi,

you must have postgresql installed or the engine would not work. I see
I used the engine user there (the second engine is the database name),
but both vdsm fake and my personal notes say to use postgres user.

sudo -i -u postgres
export ENGINE_DB=dbname
psql $ENGINE_DB -c "UPDATE vdc_options set option_value = 'false'
WHERE option_name = 'SSLEnabled';"
psql $ENGINE_DB -c "UPDATE vdc_options set option_value = 'false'
WHERE option_name = 'EncryptHostCommunication';"

So I must have done something differently at that time (the article
was written in 2016).

Best regards

Martin Sivak

On Mon, May 7, 2018 at 10:40 AM, Anastasiya Ruzhanskaya
<anastasiya.ruzhanskaya at frtk.ru> wrote:
> If the engine user is not accessible directly, why then in this command you
> use it?:
>
>  psql -U engine engine -c "UPDATE vdc_options set option_value = 'false'
>                                                  WHERE option_name =
> 'SSLEnabled';"
>
> I am not really good in managing databases, I also didn't have postgresql
> installed after finishing oVirt engine installation and even managing to
> deploy everything. Does it mean that no database was created at all? I have
> chosen automatic and local creation in all fields related to database while
> installing oVirt engine.
>
>
> 2018-05-07 11:00 GMT+03:00 Martin Sivak <msivak at redhat.com>:
>>
>> Hi,
>>
>> I think what you are looking for is mostly this:
>> https://github.com/oVirt/vdsm/blob/master/lib/vdsm/api/vdsm-api.yml
>>
>> The best way to see what the traffic is is to disable SSL. The
>> postgres database is installed and accessible using the postgres user
>> (the engine user is not allowed to access it directly).
>>
>> You might also be interested in the vdsm fake project we use as node
>> simulator. Its readme will tell you exactly how to do this:
>> https://github.com/oVirt/ovirt-vdsmfake
>>
>> I wrote an article some time ago that explained how to setup a
>> development environment without real hosts:
>> https://www.ovirt.org/blog/2016/11/testing-ovirt-changes-without-cluster/
>>
>> Might I ask what you goal is?
>>
>> Best regards
>>
>> --
>> Martin Sivak
>> SLA / oVirt
>>
>> On Sun, May 6, 2018 at 6:26 AM, Anastasiya Ruzhanskaya
>> <anastasiya.ruzhanskaya at frtk.ru> wrote:
>> > Hello everyone!
>> > Currently I want to determine what information is included in messages
>> > passing from oVirt engine to VDSM on ovirt-node.
>> >
>> > I made up a really simple configuration with one VM representing engine,
>> > another - node, a managed to successfully  launch a single VM on this
>> > node.
>> > However, I have chosen to configure everything automatically. Currently
>> > traffic is encrypted with default certificates.
>> > So, there are three options for me and no one of them really works.
>> >
>> > 1) Find the format of messages ( what the fields are, session id for
>> > example) in docs, but I didn't  manage to find it;
>> > 2) Use wireshark to decrypt the traffic and the apply maybe a json
>> > -dissector to the decrypted data. I have tried many solutions ( thanks
>> > god I
>> > have rsa private and public keys but there is another session key which
>> > is
>> > generated every time engine starts to communicate with vdsm, which I
>> > cannot
>> > get with the help of sslkeylog file or ld_preload technology.
>> > Maybe someone knows the exact methodology how to do this correctly?
>> >
>> > 3) Turn off ssl in oVirt. It is simple to do that for vdsm, but for
>> > engine,
>> > according to answers on oVirt site, I should do 2 requests to the
>> > database.
>> > I was really surprised that psql was not installed by oVirt on my
>> > system.
>> > How did it then created a default database? ( I have chosen to create
>> > all
>> > locally and with default configurations).
>> > I mean these two commands :
>> >
>> > https://www.ovirt.org/develop/developer-guide/vdsm/connecting-development-vdsm-to-engine/
>> > . I have a following error there :
>> > psql: FATAL: Peer authentication failed for user "engine"
>> >
>> > Could you please guide my what method is the best and how should I
>> > correct
>> > my faults there?
>> >
>> >
>> > _______________________________________________
>> > Devel mailing list
>> > Devel at ovirt.org
>> > http://lists.ovirt.org/mailman/listinfo/devel
>
>