[Engine-devel] Any reason to use UUID instead of name or dn?
by Juan Hernandez
Hello all,
I am working on a series of changes with the objective to simplify the
LDAP layer and make it more generic. One of the things that I would like
to do is to use the name or dn attributes to identify the users/group
instead of the UUIDs as we currently do. Can someone explain me if there
is any powerful reason to use the directory specific UUIDs (objectGUID
in ActiveDirectory, nsUniqueId in RHDS, etc) instead of user/group names
or distinguished names?
Thanks in advance,
Juan Hernandez
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
11 years, 5 months
[Engine-devel] about ovirt-shell
by wlbleaboy@126
ÕâÊÇÒ»·â MIME žñÊœµÄ¶à²¿·ÖÓÊŒþ¡£
------=_NextPart_000_000B_01CE56FC.F4262150
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Hi all:
When I connect to ovirt-engine use ovirt-shell like this: It's
failed, I don't know why.
The ovirt-engine is build and deployed by myself and base ovirt-engine 3.2
But when I connect to the ovirt-engine use rmp installed,
ovirt-shell work well.
++++++++++++++++++++++++++++++++++++++++++
Welcome to oVirt shell
++++++++++++++++++++++++++++++++++++++++++
[oVirt shell (disconnected)]# connect --url http://192.168.1.201 --user
admin@internal --password 111111
error: [ERROR]::No response returned from server. If you're using HTTP
protocol
against a SSL secured server, then try using HTTPS instead.
[oVirt shell (disconnected)]#
------=_NextPart_000_000B_01CE56FC.F4262150
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
text-align:justify;
text-justify:inter-ideograph;
font-size:10.5pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"\6279\6CE8\6846\6587\672C Char";
margin:0cm;
margin-bottom:.0001pt;
text-align:justify;
text-justify:inter-ideograph;
font-size:9.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.Char
{mso-style-name:"\6279\6CE8\6846\6587\672C Char";
mso-style-priority:99;
mso-style-link:\6279\6CE8\6846\6587\672C;}
.MsoChpDefault
{mso-style-type:export-only;}
/* Page Definitions */
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3DZH-CN link=3Dblue vlink=3Dpurple =
style=3D'text-justify-trim:punctuation'>
<div class=3DSection1>
<p class=3DMsoNormal><span lang=3DEN-US>Hi all:<o:p></o:p></span></p>
<p class=3DMsoNormal><span =
lang=3DEN-US> When
I connect to ovirt-engine use ovirt-shell like this: It’s failed, =
I don’t
know why.<o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US>The ovirt-engine is build and =
deployed by
myself and base ovirt-engine 3.2<o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
lang=3DEN-US> But
when I connect to the ovirt-engine use rmp installed, ovirt-shell work =
well.<o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p>
<p class=3DMsoNormal><span =
lang=3DEN-US>++++++++++++++++++++++++++++++++++++++++++<o:p></o:p></span>=
</p>
<p class=3DMsoNormal><span lang=3DEN-US> <o:p></o:p></span></p>
<p class=3DMsoNormal><span =
lang=3DEN-US> =
Welcome to oVirt shell<o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US> <o:p></o:p></span></p>
<p class=3DMsoNormal><span =
lang=3DEN-US> ++++++++++++++++++++++++++++++++++++++++++<o:p></o:p><=
/span></p>
<p class=3DMsoNormal><span =
lang=3DEN-US> =
<o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US> =
<o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US>[oVirt shell (disconnected)]# =
connect --url
http://192.168.1.201 --user admin@internal --password =
111111<o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US>error: [ERROR]::No response =
returned from
server. If you're using HTTP protocol<o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US>against a SSL secured server, =
then try
using HTTPS instead.<o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US>[oVirt shell =
(disconnected)]#<o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p>
</div>
</body>
</html>
------=_NextPart_000_000B_01CE56FC.F4262150--
11 years, 5 months
[Engine-devel] for a few clicks less
by Laszlo Hornyak
Hi,
Today the default memory size when creating a VM is 512 MB, this is coming from the Blank template, which is not modifiable by user.
This amount of memory is not enough for a installation for most Linux distros (and possibly for other mainstream OS either) so I think it would make sense to increase the default memory size to 1024 MB, for most users, it would save some time.
This patch changes the memory size for new installations.
http://gerrit.ovirt.org/14747
Thx,
Laszlo
11 years, 5 months
[Engine-devel] Any tips for running ovirt from trunk on Fedora 19 Beta RC2?
by Dax Kelson
I did a git checkout and created rpms with "make rpm".
I used engine-setup-2. Is that correct? engine-setup fails btw
Going to the web page gives a error 503 "The server is temporarily
unable to service your request due to maintenance downtime or capacity
problems. Please try again later."
Under /var/log/ovirt-egine/ I see:
console.log
Exception in thread "main" javax.management.JMRuntimeException: Failed
to load MBeanServerBuilder class
org.jboss.as.jmx.PluggableMBeanServerBuilder:
java.lang.ClassNotFoundException:
org.jboss.as.jmx.PluggableMBeanServerBuilder from [Module
"org.jboss.as.standalone:main" from local module loader @72e1c560
(roots: /usr/share/ovirt-engine/modules,/var/tmp/ovirt-engine/modules)]
at javax.management.MBeanServerFactory.checkMBeanServerBuilder(MBeanServerFactory.java:502)
at javax.management.MBeanServerFactory.getNewMBeanServerBuilder(MBeanServerFactory.java:538)
at javax.management.MBeanServerFactory.newMBeanServer(MBeanServerFactory.java:315)
at javax.management.MBeanServerFactory.createMBeanServer(MBeanServerFactory.java:230)
at javax.management.MBeanServerFactory.createMBeanServer(MBeanServerFactory.java:191)
at java.lang.management.ManagementFactory.getPlatformMBeanServer(ManagementFactory.java:466)
at org.jboss.modules.Main.main(Main.java:286)
Caused by: java.lang.ClassNotFoundException:
org.jboss.as.jmx.PluggableMBeanServerBuilder from [Module
"org.jboss.as.standalone:main" from local module loader @72e1c560
(roots: /usr/share/ovirt-engine/modules,/var/tmp/ovirt-engine/modules)]
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:190)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:468)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:456)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:120)
at javax.management.MBeanServerFactory.loadBuilderClass(MBeanServerFactory.java:445)
at javax.management.MBeanServerFactory.checkMBeanServerBuilder(MBeanServerFactory.java:487)
... 6 more
Traceback (most recent call last):
File "/usr/lib64/python2.7/logging/handlers.py", line 859, in emit
self._connect_unixsocket(self.address)
File "/usr/lib64/python2.7/logging/handlers.py", line 777, in
_connect_unixsocket
self.socket.connect(address)
File "/usr/lib64/python2.7/socket.py", line 224, in meth
return getattr(self._sock,name)(*args)
error: [Errno 9] Bad file descriptor
Logged from file service.py, line 557
from boot.log
11:35:03,354 INFO [org.jboss.modules] JBoss Modules version 1.1.1.GA
11:35:03,499 WARN [org.jboss.modules] Failed to define class
org.jboss.as.jmx.PluggableMBeanServerBuilder in Module
"org.jboss.as.jmx:main" from local module loader @72e1c560 (roots:
/usr/share/ovirt-engine/modules,/var/tmp/ovirt-engine/modules):
org.jboss.modules.ModuleLoadError: Error loading module from
/var/tmp/ovirt-engine/modules/org/jboss/logging/main/module.xml
at org.jboss.modules.ModuleLoadException.toError(ModuleLoadException.java:78)
at org.jboss.modules.Module.getPathsUnchecked(Module.java:1181)
at org.jboss.modules.Module.loadModuleClass(Module.java:512)
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:182)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:468)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:456)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:120)
at java.lang.ClassLoader.defineClass1(Native Method) [rt.jar:1.7.0_19]
at java.lang.ClassLoader.defineClass(ClassLoader.java:791) [rt.jar:1.7.0_19]
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
[rt.jar:1.7.0_19]
at org.jboss.modules.ModuleClassLoader.doDefineOrLoadClass(ModuleClassLoader.java:327)
at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:391)
at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:243)
at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:73)
at org.jboss.modules.Module.loadModuleClass(Module.java:517)
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:182)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:468)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:456)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:120)
at javax.management.MBeanServerFactory.loadBuilderClass(MBeanServerFactory.java:445)
[rt.jar:1.7.0_19]
at javax.management.MBeanServerFactory.checkMBeanServerBuilder(MBeanServerFactory.java:487)
[rt.jar:1.7.0_19]
at javax.management.MBeanServerFactory.getNewMBeanServerBuilder(MBeanServerFactory.java:538)
[rt.jar:1.7.0_19]
at javax.management.MBeanServerFactory.newMBeanServer(MBeanServerFactory.java:315)
[rt.jar:1.7.0_19]
at javax.management.MBeanServerFactory.createMBeanServer(MBeanServerFactory.java:230)
[rt.jar:1.7.0_19]
at javax.management.MBeanServerFactory.createMBeanServer(MBeanServerFactory.java:191)
[rt.jar:1.7.0_19]
at java.lang.management.ManagementFactory.getPlatformMBeanServer(ManagementFactory.java:466)
[rt.jar:1.7.0_19]
at org.jboss.modules.Main.main(Main.java:286)
Caused by: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[27,50]
Message: Failed to add resource root 'jboss-logging.jar' at path
'jboss-logging.jar'
at org.jboss.modules.ModuleXmlParser.parseResourceRoot(ModuleXmlParser.java:898)
at org.jboss.modules.ModuleXmlParser.parseResources(ModuleXmlParser.java:854)
at org.jboss.modules.ModuleXmlParser.parseModuleContents(ModuleXmlParser.java:676)
at org.jboss.modules.ModuleXmlParser.parseDocument(ModuleXmlParser.java:548)
at org.jboss.modules.ModuleXmlParser.parseModuleXml(ModuleXmlParser.java:287)
at org.jboss.modules.ModuleXmlParser.parseModuleXml(ModuleXmlParser.java:242)
at org.jboss.modules.LocalModuleLoader.parseModuleInfoFile(LocalModuleLoader.java:138)
at org.jboss.modules.LocalModuleLoader.findModule(LocalModuleLoader.java:122)
at org.jboss.modules.ModuleLoader.loadModuleLocal(ModuleLoader.java:275)
at org.jboss.modules.ModuleLoader.preloadModule(ModuleLoader.java:222)
at org.jboss.modules.LocalModuleLoader.preloadModule(LocalModuleLoader.java:94)
at org.jboss.modules.Module.addPaths(Module.java:841)
at org.jboss.modules.Module.link(Module.java:1196)
at org.jboss.modules.Module.getPaths(Module.java:1156)
at org.jboss.modules.Module.getPathsUnchecked(Module.java:1179)
... 27 more
11 years, 5 months
[Engine-devel] [REST-API] Support passing auth information without having to use HTTP Authorization header #958874
by Michael Pasternak
https://bugzilla.redhat.com/show_bug.cgi?id=958874
Hi Alon,
(In reply to comment #2)
>
> Regardless of this specific RFE I would like to write that I don't like the
> REST API session mechanism
> [http://wiki.ovirt.org/Features/RESTSessionManagement] solution, as it
> relays on cookies and not explicit API interaction.
authentication in RESTful application is a matter of debate, it can be achieved
in various ways, but session + cookie auth. method is very common and usually effective,
it's biggest disadvantage is that it's not exactly RESfull cause client
have to maintain (story) the cookie and not the server (but i wouldn't call it an
issue at all), besides that it's works perfectly well from the REST PoV,
also some may say that cookies are not strong enough and OAuth for instance
should be used instead, but this is a different story cause in our case, cookie
are for the clients (not browsers [1]) that can store them in a secure way or even
not to store at all (in-memory cookie).
[1] another disadvantage is that webbrowsers not able to access cookie namespace,
but lately i've suggested URI based authentication [2] to support web browsers
as well.
[2] http://lists.ovirt.org/pipermail/engine-devel/2013-April/004235.html
the biggest advantage of the cookie is a session expiration that maintained
by the server and abstracted from the client what is much better from security
PoV than standard authentication mechanisms such as HTTP basic auth for instance
which can be potentially cached.
> I would have expected a
> 'ticket' to be retrieved and that 'ticket' to be disconnected from the
> application server objects. Although we can refer the 'cookie' as a ticket,
> however the requirement to parse it should not be required, there be a
> conflict between two separate applications running on same server, and there
> may be a problem to transfer credentials between servers.
well, this is not exactly correct:
1. client desn't have to decode/parse the cookie and pass credentials, all it need is
just to store the cookie and pass it as is to server on every request.
2. "conflict between two separate applications running on same server"? different cookie
uses different domain & path by spec., can you pls explain what do you mean by this?
>
> If we modify authentication we should support more authentication types, at
> least SPNEGO.
>
> In order to allow SPNEGO and other authentication mechanisms, we better
> force people to use single URI to perform the login and return authenticated
> 'ticket' to continue interaction with application.
this is good for the backend authentication, but is not for the RESTful application,
it's like buying an aeroplane and driving it on a road,
"force people to use single URI to perform the login" means SOAP while we wanted REST
where any URI is considered as entry point and actually a resource address that should
be accessible/manipulatable and authentication should be abstracted/disconnected from
this concept.
SPNEGO is only an implementation detail that can be abstracted for the API.
> This will be much simpler
> implementation at the api side and much more efficient, and as we are
> discussion application-to-application interaction there should be no user
> experience visible issues.
i'm not sure: "force people to use single URI to perform the login" and no
"no user experience visible issues."?
>
> What I recommend is purely applicative rest login command...
IIUC this is SOAP and not REST ...
> ---
> Input: authentication type, authentication credentials
> authentication=http
> authentication=password
> credentials:
> user=user
> password=password
> [OPTIONALLY] HTTP authentication headers
> Output:
> ticket
> ticket issue time (required to avoid clock sync)
> ticket expiration time
> Logic:
> if authentication is http, use http authentication headers to establish user
> authentication. This will allow future SSO.
> if authentication is password, use embedded credentials.
> ---
>
> For every other rest call add http header:
> oVirt-Authentication-Ticket: <ticket>
this is not any different from the today's session based auth. only
instead of oVirt-Authentication-Ticket added cookie.
>
> The backend side will attach the correct security context to the action if
> the header is received.
this is how it's works today.
>
> No need for the prefer mechanism nor multiple authentications. It should be
> easy for javascript implementation to perform the authentication via the
> designated URI, and then pass the ticket if not expired, when expired to
> perform re-authentication with or without involving the user.
again this is how it works today, and you not solving web browser problem as
when ticket expires, they cannot re-authenticate with new oVirt-Authentication-Ticket
cause this header is cached and cannot be changed by the browser in runtime.
--
Michael Pasternak
RedHat, ENG-Virtualization R&D
11 years, 5 months
[Engine-devel] SQL procedure - row mapper
by Sahina Bose
Hi all,
In org.ovirt.engine.core.dal.dbbroker.SimpleJdbcCallsHandler , there's a
map maintained for procedure name and SimpleJdbcCall.
If I have the same procedure with different row mappers, this results in
an error - because the map already contains a mapping for the procedure
name but with different row mapper.
Do we intend to support calling the same procedure with different
RowMappers? If so, I can change this class to handle this.
thanks
sahina
11 years, 5 months
[Engine-devel] how to let engine run scripts with root privilege
by bigclouds
------=_Part_335625_1891521110.1369064678119
Content-Type: text/plain; charset=GBK
Content-Transfer-Encoding: 7bit
hi,
engine run as a normal user, but sometimes we need it to run scripts(start,stop services) which require root privilege.
how to do that?
thanks.
------=_Part_335625_1891521110.1369064678119
Content-Type: text/html; charset=GBK
Content-Transfer-Encoding: 7bit
<div style="line-height:1.7;color:#000000;font-size:14px;font-family:arial"><div>hi,</div><div>engine run as a normal user, but sometimes we need it to run scripts(start,stop services) which require root privilege.</div><div>how to do that?</div><div> </div><div>thanks.</div></div><br><br><span title="neteasefooter"><span id="netease_mail_footer"></span></span>
------=_Part_335625_1891521110.1369064678119--
11 years, 5 months
[Engine-devel] VDSM Java Bindings
by Saggi Mizrahi
A preliminary version on the Java bindings is up on gerrit ready for review. It's been
up for a while now but I noticed I forgot to notify the list.
It currently only supports the TCP transport as the Java implementation of
Proton gave me a lot of grief and I wanted to release things ASAP. Also, receiving unions
is still a bit problematic. The will always arrive as the base form of the union
since detection of the concrete type is not implemented yet. I also don't like how unions
works ATM and would like to come up with a system that makes them more easily detectable.
You can review the code here
http://gerrit.ovirt.org/#/q/status:open+project:vdsm+branch:master+topic:...
An example project showing how to set up a Java project and connect to a VDSM instance.
https://github.com/ficoos/vdsmhello
I would like to have more feedback about how the interface is exported and generated.
Getting the interface right is much more important to me at the moment than performance
tweaks and corner cases.
11 years, 5 months
[Engine-devel] cannot attach ISO with latest master
by Dead Horse
Cannot attach images from the iso storage domain with latest master.
VDSM version is latest master as well
Host = EL6.4
2013-05-13 16:41:02,184 INFO
[org.ovirt.engine.core.vdsbroker.irsbroker.IsoPrefixVDSCommand]
(ajp--127.0.0.1-8702-7) [5d889258] START, IsoPrefixVDSCommand(
storagePoolId = 0cba78bd-f1b7-438f-afac-acd59fab92ae, ignoreFailoverLimit =
false, compatabilityVersion = null), log id: a85d3c0
2013-05-13 16:41:02,196 INFO
[org.ovirt.engine.core.vdsbroker.irsbroker.IsoPrefixVDSCommand]
(ajp--127.0.0.1-8702-7) [5d889258] FINISH, IsoPrefixVDSCommand, return:
/rhev/data-center/mnt/192.168.0.1:_ovirt_dalaran/d6276dc3-1714-4024-9b70-b7971ed5fe35/images/11111111-1111-1111-1111-111111111111,
log id: a85d3c0
2013-05-13 16:41:02,328 WARN [org.ovirt.engine.core.bll.RunVmOnceCommand]
(ajp--127.0.0.1-8702-7) [5d889258] CanDoAction of action RunVmOnce failed.
Reasons:VAR__ACTION__RUN,VAR__TYPE__VM,ERROR_CANNOT_FIND_ISO_IMAGE_PATH
- DHC
11 years, 5 months