[Engine-devel] Small suggestions for engine-log-collector
Hi guys, based on my testing during last week's oVirt 3.4 RC test day [1], I have a couple of small suggestions for engine-log-collector: 1, in /etc/ovirt-engine/logcollector.conf - I think there's typo: #key-file=/etc/pki/engine/keys/engine_id_rsa should be: #key-file=/etc/pki/ovirt-engine/keys/engine_id_rsa 2, to force password-based ssh auth, one has to do this: engine-log-collector -k "" because running this: engine-log-collector -k returns error message: error: -k option requires an argument however, help for -k option mentions *supplying* the argument: If a identity file is not supplied the program will prompt for a password. so either the help text should mention empty string, or -k option should allow missing argument (this was my initial understanding according to help text) Since these are just small things, I'm wondering if I should create RFE or if Keith/others can say if they are relevant. Thanks, Vojtech [1] http://etherpad.ovirt.org/p/3.4-testday-3
----- Original Message -----
From: "Vojtech Szocs" <vszocs@redhat.com> To: "engine-devel" <engine-devel@ovirt.org> Cc: "Keith Robertson" <kroberts@redhat.com>, "Einav Cohen" <ecohen@redhat.com> Sent: Tuesday, March 11, 2014 1:57:11 PM Subject: Small suggestions for engine-log-collector
Hi guys,
based on my testing during last week's oVirt 3.4 RC test day [1], I have a couple of small suggestions for engine-log-collector:
1, in /etc/ovirt-engine/logcollector.conf - I think there's typo:
#key-file=/etc/pki/engine/keys/engine_id_rsa
should be:
#key-file=/etc/pki/ovirt-engine/keys/engine_id_rsa
ACK
2, to force password-based ssh auth, one has to do this:
In the normal scenario, the the ovirt user's public key should be installed into each hypervisor. Unless something has changed as a part of the hypervisor registration process this should be something that we can depend upon. Clearly, there are edge cases where you need to collect logs from a hypervisor that isn't properly registered with the RHEV-M. Was this your situation and how common do you think this scenario is?
engine-log-collector -k ""
Yes, you are nulling out the default value which causes the LC to prompt you for a PW. Perhaps we should document this as opposed to supplying a specific option? Sandro?
because running this:
engine-log-collector -k
returns error message:
error: -k option requires an argument
however, help for -k option mentions *supplying* the argument:
If a identity file is not supplied the program will prompt for a password.
so either the help text should mention empty string, or -k option should allow missing argument (this was my initial understanding according to help text)
Since these are just small things, I'm wondering if I should create RFE or if Keith/others can say if they are relevant.
Thanks, Vojtech
----- Original Message -----
From: "Keith Robertson" <kroberts@redhat.com> To: "Vojtech Szocs" <vszocs@redhat.com> Cc: "engine-devel" <engine-devel@ovirt.org>, "Einav Cohen" <ecohen@redhat.com>, "Sandro Bonazzola" <sbonazzo@redhat.com> Sent: Tuesday, March 11, 2014 7:13:08 PM Subject: Re: Small suggestions for engine-log-collector
----- Original Message -----
From: "Vojtech Szocs" <vszocs@redhat.com> To: "engine-devel" <engine-devel@ovirt.org> Cc: "Keith Robertson" <kroberts@redhat.com>, "Einav Cohen" <ecohen@redhat.com> Sent: Tuesday, March 11, 2014 1:57:11 PM Subject: Small suggestions for engine-log-collector
Hi guys,
based on my testing during last week's oVirt 3.4 RC test day [1], I have a couple of small suggestions for engine-log-collector:
1, in /etc/ovirt-engine/logcollector.conf - I think there's typo:
#key-file=/etc/pki/engine/keys/engine_id_rsa
should be:
#key-file=/etc/pki/ovirt-engine/keys/engine_id_rsa
ACK
http://gerrit.ovirt.org/#/c/25653/
2, to force password-based ssh auth, one has to do this:
In the normal scenario, the the ovirt user's public key should be installed into each hypervisor. Unless something has changed as a part of the hypervisor registration process this should be something that we can depend upon.
My host was F19 VM added to oVirt Engine via WebAdmin GUI. I thought that host deploy script should do the public key registration, though.
Clearly, there are edge cases where you need to collect logs from a hypervisor that isn't properly registered with the RHEV-M. Was this your situation and how common do you think this scenario is?
It was either a misconfiguration on my part or that I skipped some step with regard to public key registration.
engine-log-collector -k ""
Yes, you are nulling out the default value which causes the LC to prompt you for a PW. Perhaps we should document this as opposed to supplying a specific option? Sandro?
Well, the doc text says "If a identity file is not supplied..." which I understood as not supplying option value (i.e. "") at all, but this was just my understanding.
because running this:
engine-log-collector -k
returns error message:
error: -k option requires an argument
however, help for -k option mentions *supplying* the argument:
If a identity file is not supplied the program will prompt for a password.
so either the help text should mention empty string, or -k option should allow missing argument (this was my initial understanding according to help text)
Since these are just small things, I'm wondering if I should create RFE or if Keith/others can say if they are relevant.
Thanks, Vojtech
On 03/12/2014 07:05 AM, Vojtech Szocs wrote:
----- Original Message -----
From: "Keith Robertson" <kroberts@redhat.com> To: "Vojtech Szocs" <vszocs@redhat.com> Cc: "engine-devel" <engine-devel@ovirt.org>, "Einav Cohen" <ecohen@redhat.com>, "Sandro Bonazzola" <sbonazzo@redhat.com> Sent: Tuesday, March 11, 2014 7:13:08 PM Subject: Re: Small suggestions for engine-log-collector
----- Original Message -----
From: "Vojtech Szocs" <vszocs@redhat.com> To: "engine-devel" <engine-devel@ovirt.org> Cc: "Keith Robertson" <kroberts@redhat.com>, "Einav Cohen" <ecohen@redhat.com> Sent: Tuesday, March 11, 2014 1:57:11 PM Subject: Small suggestions for engine-log-collector
Hi guys,
based on my testing during last week's oVirt 3.4 RC test day [1], I have a couple of small suggestions for engine-log-collector:
1, in /etc/ovirt-engine/logcollector.conf - I think there's typo:
#key-file=/etc/pki/engine/keys/engine_id_rsa
should be:
#key-file=/etc/pki/ovirt-engine/keys/engine_id_rsa
ACK
http://gerrit.ovirt.org/#/c/25653/
2, to force password-based ssh auth, one has to do this:
In the normal scenario, the the ovirt user's public key should be installed into each hypervisor. Unless something has changed as a part of the hypervisor registration process this should be something that we can depend upon.
My host was F19 VM added to oVirt Engine via WebAdmin GUI. I thought that host deploy script should do the public key registration, though.
I'm pretty sure that public key registration used to be part of the deploy script. If this is no longer the case it is a fairly major supportability issue.
Clearly, there are edge cases where you need to collect logs from a hypervisor that isn't properly registered with the RHEV-M. Was this your situation and how common do you think this scenario is?
It was either a misconfiguration on my part or that I skipped some step with regard to public key registration.
Understand. The reason why we bias the LC towards public key auth and fall back to PW auth is that the LC needs to make multiple calls[1] to each Hypervisor and, if you're not using public key auth it is definitely a sub-optimal usage experience. Multiply [1] times the N number of hyper-visors and the user's annoyance factor will surely reach a boiling point. ;) [1] - 1 ssh call to launch sos - 1 sftp call to get the report and remove it from /tmp
engine-log-collector -k ""
Yes, you are nulling out the default value which causes the LC to prompt you for a PW. Perhaps we should document this as opposed to supplying a specific option? Sandro?
Well, the doc text says "If a identity file is not supplied..." which I understood as not supplying option value (i.e. "") at all, but this was just my understanding.
Your understanding is correct and you forced the tool not to find the default identity file with a clever null argument. There's nothing wrong with this usage per-se and maybe we should either document it or provide an explicit option to force PW auth.
because running this:
engine-log-collector -k
returns error message:
error: -k option requires an argument
however, help for -k option mentions *supplying* the argument:
If a identity file is not supplied the program will prompt for a password.
so either the help text should mention empty string, or -k option should allow missing argument (this was my initial understanding according to help text)
Since these are just small things, I'm wondering if I should create RFE or if Keith/others can say if they are relevant.
Thanks, Vojtech
-- Keith Robertson Supervisor, Software Engineering Red Hat Subscription Engineering
Il 11/03/2014 19:13, Keith Robertson ha scritto:
----- Original Message -----
From: "Vojtech Szocs" <vszocs@redhat.com> To: "engine-devel" <engine-devel@ovirt.org> Cc: "Keith Robertson" <kroberts@redhat.com>, "Einav Cohen" <ecohen@redhat.com> Sent: Tuesday, March 11, 2014 1:57:11 PM Subject: Small suggestions for engine-log-collector
Hi guys,
based on my testing during last week's oVirt 3.4 RC test day [1], I have a couple of small suggestions for engine-log-collector:
1, in /etc/ovirt-engine/logcollector.conf - I think there's typo:
#key-file=/etc/pki/engine/keys/engine_id_rsa
should be:
#key-file=/etc/pki/ovirt-engine/keys/engine_id_rsa
ACK
merged.
2, to force password-based ssh auth, one has to do this:
In the normal scenario, the the ovirt user's public key should be installed into each hypervisor. Unless something has changed as a part of the hypervisor registration process this should be something that we can depend upon.
Clearly, there are edge cases where you need to collect logs from a hypervisor that isn't properly registered with the RHEV-M. Was this your situation and how common do you think this scenario is?
engine-log-collector -k ""
Yes, you are nulling out the default value which causes the LC to prompt you for a PW. Perhaps we should document this as opposed to supplying a specific option? Sandro?
yes, maybe a better explanation in man page. Vojtech have you opened a bz about that? Thanks for the report and for the patch you submitted!
because running this:
engine-log-collector -k
returns error message:
error: -k option requires an argument
however, help for -k option mentions *supplying* the argument:
If a identity file is not supplied the program will prompt for a password.
so either the help text should mention empty string, or -k option should allow missing argument (this was my initial understanding according to help text)
Since these are just small things, I'm wondering if I should create RFE or if Keith/others can say if they are relevant.
Thanks, Vojtech
-- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com
----- Original Message -----
From: "Sandro Bonazzola" <sbonazzo@redhat.com> To: "Keith Robertson" <kroberts@redhat.com>, "Vojtech Szocs" <vszocs@redhat.com> Cc: "engine-devel" <engine-devel@ovirt.org>, "Einav Cohen" <ecohen@redhat.com> Sent: Thursday, March 13, 2014 1:27:46 PM Subject: Re: Small suggestions for engine-log-collector
Il 11/03/2014 19:13, Keith Robertson ha scritto:
----- Original Message -----
From: "Vojtech Szocs" <vszocs@redhat.com> To: "engine-devel" <engine-devel@ovirt.org> Cc: "Keith Robertson" <kroberts@redhat.com>, "Einav Cohen" <ecohen@redhat.com> Sent: Tuesday, March 11, 2014 1:57:11 PM Subject: Small suggestions for engine-log-collector
Hi guys,
based on my testing during last week's oVirt 3.4 RC test day [1], I have a couple of small suggestions for engine-log-collector:
1, in /etc/ovirt-engine/logcollector.conf - I think there's typo:
#key-file=/etc/pki/engine/keys/engine_id_rsa
should be:
#key-file=/etc/pki/ovirt-engine/keys/engine_id_rsa
ACK
merged.
2, to force password-based ssh auth, one has to do this:
In the normal scenario, the the ovirt user's public key should be installed into each hypervisor. Unless something has changed as a part of the hypervisor registration process this should be something that we can depend upon.
Clearly, there are edge cases where you need to collect logs from a hypervisor that isn't properly registered with the RHEV-M. Was this your situation and how common do you think this scenario is?
engine-log-collector -k ""
Yes, you are nulling out the default value which causes the LC to prompt you for a PW. Perhaps we should document this as opposed to supplying a specific option? Sandro?
yes, maybe a better explanation in man page. Vojtech have you opened a bz about that?
No, first I wanted to hear your opinions :) I didn't open BZ for this yet. I think a better explanation in --help text is sufficient. (small thing) Should I open BZ for this?
Thanks for the report and for the patch you submitted!
because running this:
engine-log-collector -k
returns error message:
error: -k option requires an argument
however, help for -k option mentions *supplying* the argument:
If a identity file is not supplied the program will prompt for a password.
so either the help text should mention empty string, or -k option should allow missing argument (this was my initial understanding according to help text)
Since these are just small things, I'm wondering if I should create RFE or if Keith/others can say if they are relevant.
Thanks, Vojtech
-- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com
Il 14/03/2014 17:58, Vojtech Szocs ha scritto:
----- Original Message -----
From: "Sandro Bonazzola" <sbonazzo@redhat.com> To: "Keith Robertson" <kroberts@redhat.com>, "Vojtech Szocs" <vszocs@redhat.com> Cc: "engine-devel" <engine-devel@ovirt.org>, "Einav Cohen" <ecohen@redhat.com> Sent: Thursday, March 13, 2014 1:27:46 PM Subject: Re: Small suggestions for engine-log-collector
Il 11/03/2014 19:13, Keith Robertson ha scritto:
----- Original Message -----
From: "Vojtech Szocs" <vszocs@redhat.com> To: "engine-devel" <engine-devel@ovirt.org> Cc: "Keith Robertson" <kroberts@redhat.com>, "Einav Cohen" <ecohen@redhat.com> Sent: Tuesday, March 11, 2014 1:57:11 PM Subject: Small suggestions for engine-log-collector
Hi guys,
based on my testing during last week's oVirt 3.4 RC test day [1], I have a couple of small suggestions for engine-log-collector:
1, in /etc/ovirt-engine/logcollector.conf - I think there's typo:
#key-file=/etc/pki/engine/keys/engine_id_rsa
should be:
#key-file=/etc/pki/ovirt-engine/keys/engine_id_rsa
ACK
merged.
2, to force password-based ssh auth, one has to do this:
In the normal scenario, the the ovirt user's public key should be installed into each hypervisor. Unless something has changed as a part of the hypervisor registration process this should be something that we can depend upon.
Clearly, there are edge cases where you need to collect logs from a hypervisor that isn't properly registered with the RHEV-M. Was this your situation and how common do you think this scenario is?
engine-log-collector -k ""
Yes, you are nulling out the default value which causes the LC to prompt you for a PW. Perhaps we should document this as opposed to supplying a specific option? Sandro?
yes, maybe a better explanation in man page. Vojtech have you opened a bz about that?
No, first I wanted to hear your opinions :) I didn't open BZ for this yet.
I think a better explanation in --help text is sufficient. (small thing)
Should I open BZ for this?
yes please, I think both --help and man page should be aligned.
Thanks for the report and for the patch you submitted!
because running this:
engine-log-collector -k
returns error message:
error: -k option requires an argument
however, help for -k option mentions *supplying* the argument:
If a identity file is not supplied the program will prompt for a password.
so either the help text should mention empty string, or -k option should allow missing argument (this was my initial understanding according to help text)
Since these are just small things, I'm wondering if I should create RFE or if Keith/others can say if they are relevant.
Thanks, Vojtech
-- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com
-- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com
----- Original Message -----
From: "Sandro Bonazzola" <sbonazzo@redhat.com> To: "Vojtech Szocs" <vszocs@redhat.com> Cc: "Keith Robertson" <kroberts@redhat.com>, "engine-devel" <engine-devel@ovirt.org>, "Einav Cohen" <ecohen@redhat.com> Sent: Monday, March 17, 2014 8:14:43 AM Subject: Re: Small suggestions for engine-log-collector
Il 14/03/2014 17:58, Vojtech Szocs ha scritto:
----- Original Message -----
From: "Sandro Bonazzola" <sbonazzo@redhat.com> To: "Keith Robertson" <kroberts@redhat.com>, "Vojtech Szocs" <vszocs@redhat.com> Cc: "engine-devel" <engine-devel@ovirt.org>, "Einav Cohen" <ecohen@redhat.com> Sent: Thursday, March 13, 2014 1:27:46 PM Subject: Re: Small suggestions for engine-log-collector
Il 11/03/2014 19:13, Keith Robertson ha scritto:
----- Original Message -----
From: "Vojtech Szocs" <vszocs@redhat.com> To: "engine-devel" <engine-devel@ovirt.org> Cc: "Keith Robertson" <kroberts@redhat.com>, "Einav Cohen" <ecohen@redhat.com> Sent: Tuesday, March 11, 2014 1:57:11 PM Subject: Small suggestions for engine-log-collector
Hi guys,
based on my testing during last week's oVirt 3.4 RC test day [1], I have a couple of small suggestions for engine-log-collector:
1, in /etc/ovirt-engine/logcollector.conf - I think there's typo:
#key-file=/etc/pki/engine/keys/engine_id_rsa
should be:
#key-file=/etc/pki/ovirt-engine/keys/engine_id_rsa
ACK
merged.
2, to force password-based ssh auth, one has to do this:
In the normal scenario, the the ovirt user's public key should be installed into each hypervisor. Unless something has changed as a part of the hypervisor registration process this should be something that we can depend upon.
Clearly, there are edge cases where you need to collect logs from a hypervisor that isn't properly registered with the RHEV-M. Was this your situation and how common do you think this scenario is?
engine-log-collector -k ""
Yes, you are nulling out the default value which causes the LC to prompt you for a PW. Perhaps we should document this as opposed to supplying a specific option? Sandro?
yes, maybe a better explanation in man page. Vojtech have you opened a bz about that?
No, first I wanted to hear your opinions :) I didn't open BZ for this yet.
I think a better explanation in --help text is sufficient. (small thing)
Should I open BZ for this?
yes please, I think both --help and man page should be aligned.
Hi, sorry for my late response. Created BZ with low severity: https://bugzilla.redhat.com/show_bug.cgi?id=1079522 Thanks!
Thanks for the report and for the patch you submitted!
because running this:
engine-log-collector -k
returns error message:
error: -k option requires an argument
however, help for -k option mentions *supplying* the argument:
If a identity file is not supplied the program will prompt for a password.
so either the help text should mention empty string, or -k option should allow missing argument (this was my initial understanding according to help text)
Since these are just small things, I'm wondering if I should create RFE or if Keith/others can say if they are relevant.
Thanks, Vojtech
-- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com
-- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com
participants (3)
-
Keith Robertson -
Sandro Bonazzola -
Vojtech Szocs