March 2017 - Users - Ovirt List Archives

oVirt and Openstack Neutron: network not working

by Luca 'remix_tj' Lorenzetto

Hello, i have a oVirt 4.1 setup attached to an openstack newton. I imported a network from my openstack setup without issues. I attached a VM to that network, but dhcp isn't working. Tried setting fixed ip, but still not working. I've seen a new qbr* bridge appeared and so tried to tcpdump on it. I've seen only arp requests, but no arp replies. Openstack is using openvswitch, and here i can use ovs-vsctl show to see the status of the switch. Here i see instead a linuxbridge. How do i check if everything is flowing correctly? Nodes are based on ovirt-node-ng 4.1. Luca -- "E' assurdo impiegare gli uomini di intelligenza eccellente per fare calcoli che potrebbero essere affidati a chiunque se si usassero delle macchine" Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716) "Internet è la più grande biblioteca del mondo. Ma il problema è che i libri sono tutti sparsi sul pavimento" John Allen Paulos, Matematico (1945-vivente) Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <lorenzetto.luca(a)gmail.com>

7 years, 6 months

2
15
0 / 0

Re: [ovirt-users] oVirt Hosted Engine Setup fails

by Manuel Luis Aznar

Hello to all there again, I was having some troubles while installing ovirt Hosted Engine, I took some look at the hosted engine setup logs while I was running the hosted-engine --deploy and I found the following in the ovirt hosted engine setup logs: lvm requires configuration libvirt is not configured for vdsm yet FAILED: conflicting vdsm and libvirt-qemu tls configuration. vdsm.conf with ssl=True requires the following changes: libvirtd.conf: listen_tcp=0, auth_tcp="sasl", listen_tls=1 qemu.conf: spice_tls=1. When I saw this I stopped the setup and edited this two files (vdsm.conf and qemu.conf) set the stated configurations and run the deploy again. All was fine and I dont have any trouble the installation finished successfully. This was using ovirt-release41-pre.rpm repo. I will be trying the same installation with ovirt-release41.rpm (when I have time) and I will report what happened. Thanks for all Manuel Luis Aznar 2017-03-06 1:31 GMT+00:00 Manuel Luis Aznar <manuel.luis.aznar(a)gmail.com>: > Hey there, > > I have been loking around, of course as of now the following I am going to > say I suppose is not anything new to you: > > This is the status of libvirtd: > > â libvirtd.service - Virtualization daemon > Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; > vendor preset: enabled) > Drop-In: /etc/systemd/system/libvirtd.service.d > ââunlimited-core.conf > Active: active (running) since lun 2017-03-06 01:25:05 WET; 1min 37s ago > Docs: man:libvirtd(8) > http://libvirt.org > Main PID: 24350 (libvirtd) > CGroup: /system.slice/libvirtd.service > ââ24350 /usr/sbin/libvirtd --listen > > mar 06 01:25:05 host1.bajada.es systemd[1]: Starting Virtualization > daemon... > mar 06 01:25:05 host1.bajada.es systemd[1]: Started Virtualization daemon. > > > After looking at the state I fire up the VM engine with the command > "hosted-engine --vm-start" and I got the following: > > > VM exists and is down, destroying it > Machine destroyed > > ed786811-0321-431e-be4b-2d03764c1b02 > Status = WaitForLaunch > nicModel = rtl8139,pv > statusTime = 4374100040 <(437)%20410-0040> > emulatedMachine = pc > pid = 0 > vmName = HostedEngine > devices = [{'index': '2', 'iface': 'ide', 'specParams': {}, > 'readonly': 'true', 'deviceId': '506df4eb-e783-4451-a8a6-993fa4dbb381', > 'address': {'bus': '1', 'controller': '0', 'type': 'drive', 'target': '0', > 'unit': '0'}, 'device': 'cdrom', 'shared': 'false', 'path': '', 'type': > 'disk'}, {'index': '0', 'iface': 'virtio', 'format': 'raw', 'bootOrder': > '1', 'poolID': '00000000-0000-0000-0000-000000000000', 'volumeID': > '2bc39472-1a4b-4c7d-8ef9-1212182ad802', 'imageID': > '08288fcf-6b12-4bd1-84d3-259992e7aa6d', 'specParams': {}, 'readonly': > 'false', 'domainID': 'f44afe8d-56f9-4e1e-beee-4daa548dbad8', 'optional': > 'false', 'deviceId': '08288fcf-6b12-4bd1-84d3-259992e7aa6d', 'address': > {'slot': '0x06', 'bus': '0x00', 'domain': '0x0000', 'type': 'pci', > 'function': '0x0'}, 'device': 'disk', 'shared': 'exclusive', > 'propagateErrors': 'off', 'type': 'disk'}, {'device': 'scsi', 'model': > 'virtio-scsi', 'type': 'controller'}, {'nicModel': 'pv', 'macAddr': > '00:16:3e:65:a6:4e', 'linkActive': 'true', 'network': 'ovirtmgmt', > 'specParams': {}, 'deviceId': '84b82c6c-bcca-4983-82d5-8d1e3ab3811a', > 'address': {'slot': '0x03', 'bus': '0x00', 'domain': '0x0000', 'type': > 'pci', 'function': '0x0'}, 'device': 'bridge', 'type': 'interface'}, > {'device': 'console', 'specParams': {}, 'type': 'console', 'deviceId': > '6236af73-8dab-4d14-b950-fb4ad01d4420', 'alias': 'console0'}, {'device': > 'vga', 'alias': 'video0', 'type': 'video'}, {'device': 'virtio', > 'specParams': {'source': 'random'}, 'model': 'virtio', 'type': 'rng'}] > guestDiskMapping = {} > vmType = kvm > clientIp = > displaySecurePort = -1 > memSize = 4096 > displayPort = -1 > cpuType = Broadwell > spiceSecureChannels = smain,sdisplay,sinputs, > scursor,splayback,srecord,ssmartcard,susbredir > smp = 2 > displayIp = 0 > display = vnc > maxVCpus = 6 > > > After that if I look again at the status of libvirtd I obtain: > > > â libvirtd.service - Virtualization daemon > Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; > vendor preset: enabled) > Drop-In: /etc/systemd/system/libvirtd.service.d > ââunlimited-core.conf > Active: active (running) since lun 2017-03-06 01:25:05 WET; 5min ago > Docs: man:libvirtd(8) > http://libvirt.org > Main PID: 24350 (libvirtd) > CGroup: /system.slice/libvirtd.service > ââ24350 /usr/sbin/libvirtd --listen > > mar 06 01:25:05 host1.bajada.es systemd[1]: Starting Virtualization > daemon... > mar 06 01:25:05 host1.bajada.es systemd[1]: Started Virtualization daemon. > mar 06 01:29:39 host1.bajada.es libvirtd[24350]: libvirt version: 2.0.0, > package: 10.el7_3.5 (CentOS BuildSystem <http://bugs.centos.org>, > 2017-03-03-02:09:45, c1bm.rdu2.centos.org) > mar 06 01:29:39 host1.bajada.es libvirtd[24350]: hostname: host1.bajada.es > mar 06 01:29:39 host1.bajada.es libvirtd[24350]: FallÃ³ al conectar con > el socket de monitor: No existe el proceso > mar 06 01:29:39 host1.bajada.es libvirtd[24350]: internal error: process > exited while connecting to monitor: Could not access KVM kernel module: > Permission denied > failed to initialize KVM: > Permission denied > > > So the libvirtd is the problem, as i said this is nothing new to you of > course... > > Thanks again for any help > Manuel > > > 2017-03-05 18:51 GMT+00:00 Manuel Luis Aznar <manuel.luis.aznar(a)gmail.com> > : > >> Hey there again, >> >> >> Can you check if you have KVM modules loaded? >> >> In order to check that I fire up the following command: "lsmod | grep >> kvm" >> >> Result was: >> >> kvm_intel 170181 0 >> kvm 554609 1 kvm_intel >> irqbypass 13503 1 kvm >> >> >> Also check group owner for "/dev/kvm". I fire this: "ls -la /dev/kvm". >> The result was: >> >> crw-rw-rw-+ 1 root kvm 10, 232 mar 5 03:35 /dev/kvm >> >> >> Also I check if there were some remain packages pending to install for >> kvm and qemu and I got: >> >> yum install \*kvm\* >> >> The result is, that the system need to install the following: >> >> Instalando: >> centos-release-qemu-ev noarch 1.0-1.el7 >> extras 11 k >> qemu-guest-agent x86_64 10:2.5.0-3.el7 >> base 133 k >> qemu-kvm-ev-debuginfo x86_64 >> 10:2.6.0-28.el7_3.3.1 ovirt-4.0 12 M >> vdsm-hook-faqemu noarch >> 4.18.21-1.el7.centos ovirt-4.0 >> 15 k >> vdsm-hook-qemucmdline noarch 4.18.21-1.el7.centos >> ovirt-4.0 11 k >> Instalando para las dependencias: >> centos-release-virt-common noarch 1-1.el7.centos >> extras 4.5 k >> >> >> Checking libvirtd service status I got: >> >> libvirtd.service - Virtualization daemon >> Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; >> vendor preset: enabled) >> Drop-In: /etc/systemd/system/libvirtd.service.d >> ââunlimited-core.conf >> Active: active (running) since dom 2017-03-05 15:56:11 WET; 2h 51min >> ago >> Docs: man:libvirtd(8) >> http://libvirt.org >> Main PID: 19415 (libvirtd) >> CGroup: /system.slice/libvirtd.service >> 19415 /usr/sbin/libvirtd --listen >> >> mar 05 15:56:10 host1.bajada.es systemd[1]: Starting Virtualization >> daemon... >> mar 05 15:56:11 host1.bajada.es systemd[1]: Started Virtualization >> daemon. >> mar 05 16:00:04 host1.bajada.es libvirtd[19415]: libvirt version: 2.0.0, >> package: 10.el7_3.5 (CentOS BuildSystem <http://bugs.centos.org>, >> 2017-03-03-02:09:45, c1bm.rdu2.centos.org) >> mar 05 16:00:04 host1.bajada.es libvirtd[19415]: hostname: >> host1.bajada.es >> mar 05 16:00:04 host1.bajada.es libvirtd[19415]: Failed to connect to >> the socket monitor: process does not exits >> >> (Fallo al conectar con el socket de monitor: No existe el proceso) >> mar 05 16:00:04 host1.bajada.es libvirtd[19415]: internal error: process >> exited while connecting to monitor: Could not access KVM kernel module: >> Permission denied >> failed to initialize >> KVM: Permission denied >> >> >> Thanks for all in advance >> I will be waiting for you. Any help appreciated >> Manuel >> >> 2017-03-05 17:33 GMT+00:00 Artyom Lukianov <alukiano(a)redhat.com>: >> >>> I found this one under the vdsm log: >>> libvirtError: internal error: process exited while connecting to >>> monitor: Could not access KVM kernel module: Permission denied >>> failed to initialize KVM: Permission denied >>> Thread-70::INFO::2017-03-05 16:00:04,325::vm::1330::virt.vm::(setDownStatus) >>> vmId=`ed786811-0321-431e-be4b-2d03764c1b02`::Changed state to Down: >>> internal error: process exited while connecting to monitor: Could not >>> access KVM kernel module: Permission denied >>> failed to initialize KVM: Permission denied (code=1) >>> Thread-70::INFO::2017-03-05 16:00:04,325::guestagent::430::virt.vm::(stop) >>> vmId=`ed786811-0321-431e-be4b-2d03764c1b02`::Stopping connection >>> Thread-70::DEBUG::2017-03-05 16:00:04,325::vmchannels::238::vds::(unregister) >>> Delete fileno 52 from listener. >>> Thread-70::DEBUG::2017-03-05 16:00:04,325::vmchannels::66::vds::(_unregister_fd) >>> Failed to unregister FD from epoll (ENOENT): 52 >>> Thread-70::DEBUG::2017-03-05 16:00:04,326::__init__::209::jsonrpc.Notification::(emit) >>> Sending event {"params": {"ed786811-0321-431e-be4b-2d03764c1b02": >>> {"status": "Down", "exitReason": 1, "exitMessage": "internal error: process >>> exited while connecting to monitor: Could not access KVM kernel module: >>> Permission denied\nfailed to initialize KVM: Permission denied", >>> "exitCode": 1}, "notify_time": 4339924730}, "jsonrpc": "2.0", "method": >>> "|virt|VM_status|ed786811-0321-431e-be4b-2d03764c1b02"} >>> >>> Can you check if you have KVM modules loaded? Also, check group owner >>> for "/dev/kvm". >>> Best Regards >>> >>> >>> On Sat, Mar 4, 2017 at 4:24 PM, Manuel Luis Aznar < >>> manuel.luis.aznar(a)gmail.com> wrote: >>> >>>> Hello there again, >>>> >>>> The error on the first email was using the repo ovirt-release41.rpm ( >>>> http://resources.ovirt.org/pub/yum-repo/ovirt-release41.rpm), so as I >>>> were getting the same error again and again I am currently trying with >>>> ovirt-release41-snapshot.rpm (http://resources.ovirt.org/pu >>>> b/yum-repo/ovirt-release41-snapshot.rpm) and the result is nearly the >>>> same. >>>> >>>> After creating the VM on the installation I got the same error with the >>>> command "systemctl status vdsmd": >>>> >>>> mar 04 14:10:19 host1.bajada.es vdsm[20443]: vdsm root ERROR failed to >>>> retrieve Hosted Engine HA info >>>> >>>> Traceback (most recent call last): >>>> File "/usr/lib/python2.7/site-packages/vdsm/host/api.py", >>>> line 231, in _getHaInfo >>>> stats = instance.get_all_stats() >>>> File "/usr/lib/python2.7/site-packa >>>> ges/ovirt_hosted_engine_ha/client/client.py", line 102, in >>>> get_all_stats >>>> with broker.connection(self._retries, self._wait): >>>> File "/usr/lib64/python2.7/contextlib.py", line 17, in >>>> __enter__ >>>> return self.gen.next() >>>> File "/usr/lib/python2.7/site-packa >>>> ges/ovirt_hosted_engine_ha/lib/brokerlink.py", line 99, in connection >>>> self.connect(retries, wait) >>>> File "/usr/lib/python2.7/site-packa >>>> ges/ovirt_hosted_engine_ha/lib/brokerlink.py", line 78, in connect >>>> raise BrokerConnectionError(error_msg) >>>> BrokerConnectionError: Failed to connect to broker, the number >>>> of errors has exceeded the limit (1) >>>> >>>> mar 04 14:10:34 host1.bajada.es vdsm[20443]: vdsm >>>> ovirt_hosted_engine_ha.lib.brokerlink.BrokerLink ERROR Failed to >>>> connect to broker, the number of errors has exceeded the limit (1) >>>> >>>> I have noticed that the ovirt-ha-agent and ovirt-ha-broker services was >>>> not running. I guess if this have something to do with the error in vsmd >>>> service log. >>>> >>>> But in this case the ovirt-hosted-engine-installation prints the vnc >>>> connection and I can connect to the engine VM. >>>> >>>> Thanks for all in advance >>>> Any help would be appreciated >>>> Manuel Luis Aznar >>>> >>>> 2017-03-03 21:48 GMT+00:00 Manuel Luis Aznar < >>>> manuel.luis.aznar(a)gmail.com>: >>>> >>>>> Hello there, >>>>> >>>>> I am having some trouble when deploying an oVirt 4.1 hosted engine >>>>> installation. >>>>> >>>>> When I m just to end the installation and the hosted engine setup >>>>> script is about to start the Vm engine (appliance) it fails saying "The VM >>>>> is not powring up". >>>>> >>>>> If I double check the service vdsmd i get this error all the time: >>>>> >>>>> vdsm root ERROR failed to retrieve Hosted Engine HA info >>>>> Traceback (most recent call last): >>>>> File "/usr/lib/python2.7/site-packages/vdsm/host/api.py", line >>>>> 231, in _getHaInfo >>>>> stats = instance.get_all_stats() >>>>> File "/usr/lib/python2.7/site-packages/ovirt_hosted_engine_ha/client/client.py", >>>>> line 102, in get_all_stats >>>>> with broker.connection(self._retries, self._wait): >>>>> File "/usr/lib64/python2.7/contextlib.py", line 17, in __enter__ >>>>> return self.gen.next() >>>>> File "/usr/lib/python2.7/site-packages/ovirt_hosted_engine_ha/lib/brokerlink.py", >>>>> line 99, in connection >>>>> self.connect(retries, wait) >>>>> File "/usr/lib/python2.7/site-packages/ovirt_hosted_engine_ha/lib/brokerlink.py", >>>>> line 78, in connect >>>>> raise BrokerConnectionError(error_msg) >>>>> BrokerConnectionError: Failed to connect to broker, the number of >>>>> errors has exceeded the limit (1) >>>>> >>>>> Did anyone have experimented the same problem?¿? Any hint on How to >>>>> solved it?¿? I have tried several times with clean installations and always >>>>> getting the same... >>>>> >>>>> The host where I am trying to do the installation have CentOS 7... >>>>> >>>>> >>>>> Thanks for all in advance >>>>> Will be waiting for any hint to see what I am doing wrong... >>>>> Manuel Luis Aznar >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> Users(a)ovirt.org >>>> http://lists.ovirt.org/mailman/listinfo/users >>>> >>>> >>> >> >

7 years, 6 months

3
12
0 / 0

ovirt-ha-agent cpu usage

by Gianluca Cecchi

Hello, I have a test machine that is a nuc6 with an i5 and 32G of ram and SSD disks. It is configured as a single host environment with Self Hosted Engine VM. Both host and SHE are CentOS 7.2 and oVirt version is 3.6.6.2-1.el7 I notice that having 3 VMs powered on and making nothing special (engine VM, a CentOS 7 VM and a Fedora 24 VM) the ovirt-ha-agent process on host often spikes its cpu usage. See for example this quick video with top command running on host that reflects what happens continuously. https://drive.google.com/file/d/0BwoPbcrMv8mvYUVRMFlLVmxRdXM/view?usp=sha... Is it normal that ovirt-ha-agent consumes all this amount of cpu? Going into /var/log/ovirt-hosted-engine-ha/agent.log I see nothing special, only messages of type "INFO". The same for broker.log Thanks, Gianluca

7 years, 7 months

8
29
0 / 0

Gluster and oVirt 4.0 questions

by Jim Kusznir

hello: I've been running my ovirt Version 4.0.5.5-1.el7.centos cluster for a while now, and am now revisiting some aspects of it for ensuring that I have good reliability. My cluster is a 3 node cluster, with gluster nodes running on each node. After running my cluster a bit, I'm realizing I didn't do a very optimal job of allocating the space on my disk to the different gluster mount points. Fortunately, they were created with LVM, so I'm hoping that I can resize them without much trouble. I have a domain for iso, domain for export, and domain for storage, all thin provisioned; then a domain for the engine, not thin provisioned. I'd like to expand the storage domain, and possibly shrink the engine domain and make that space also available to the main storage domain. Is it as simple as expanding the LVM partition, or are there more steps involved? Do I need to take the node offline? second, I've noticed that the first two nodes seem to have a full copy of the data (the disks are in use), but the 3rd node appears to not be using any of its storage space...It is participating in the gluster cluster, though. Third, currently gluster shares the same network as the VM networks. I'd like to put it on its own network. I'm not sure how to do this, as when I tried to do it at install time, I never got the cluster to come online; I had to make them share the same network to make that work. Ovirt questions: I've noticed that recently, I don't appear to be getting software updates anymore. I used to get update available notifications on my nodes every few days; I haven't seen one for a couple weeks now. is something wrong? I have a windows 10 x64 VM. I get a warning that my VM type does not match the installed OS. All works fine, but I've quadrouple-checked that it does match. Is this a known bug? I have a UPS that all three nodes and the networking are on. It is a USB UPS. How should I best integrate monitoring in? I could put a raspberry pi up and then run NUT or similar on it, but is there a "better" way with oVirt? Thanks! --Jim

7 years, 7 months

4
9
0 / 0

Hosted engine Single Sign-On to VM with freeIPA not working

by Paul

This is a multipart message in MIME format. ------=_NextPart_000_0050_01D18069.35C995E0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hi, I am having an issue with getting SSO to work when a standard user(UserRole) logs in to the UserPortal. The user has permission to use only this VM, so after login the console is automatically opened for that VM. Problem is that it doesn't login on the VM system with the provided credentials. Manual login at the console works without any issues. HBAC-rule check on IPA shows access is granted. Client has SELINUX in permissive mode and a disabled firewalld. On the client side I do see some PAM related errors in the logs (see details below). Extensive Google search on error 17 "Failure setting user credentials" didn't show helpful information :-( AFAIK this is did a pretty standard set-up, all working with RH-family products. I would expect others to encounter this issue as well. If someone knows any solution or has some directions to fix this it would be greatly appreciated. Thanks, Paul ------------------------------------------------------ System setup: I have 3 systems The connection between the Engine and IPA is working fine. (I can log in with IPA users etc.) Connection is made according to this document: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat ion/3.6/html-single/Administration_Guide/index.html#sect-Configuring_an_Exte rnal_LDAP_Provider Configuration of the client is done according to this document: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat ion/3.6/html/Virtual_Machine_Management_Guide/chap-Additional_Configuration. html#sect-Configuring_Single_Sign-On_for_Virtual_Machines --- Hosted Engine: [root@engine ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) [root@engine ~]# uname -a Linux engine.DOMAIN.COM 3.10.0-327.10.1.el7.x86_64 #1 SMP Tue Feb 16 17:03:50 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux [root@engine ~]# rpm -qa | grep ovirt ovirt-vmconsole-1.0.0-1.el7.centos.noarch ovirt-engine-restapi-3.6.2.6-1.el7.centos.noarch ovirt-setup-lib-1.0.1-1.el7.centos.noarch ovirt-engine-setup-plugin-ovirt-engine-common-3.6.3.4-1.el7.centos.noarch ovirt-engine-setup-3.6.3.4-1.el7.centos.noarch ovirt-image-uploader-3.6.0-1.el7.centos.noarch ovirt-engine-extension-aaa-jdbc-1.0.5-1.el7.noarch ovirt-host-deploy-1.4.1-1.el7.centos.noarch ovirt-engine-extension-aaa-ldap-setup-1.1.2-1.el7.centos.noarch ovirt-engine-wildfly-overlay-8.0.4-1.el7.noarch ovirt-engine-wildfly-8.2.1-1.el7.x86_64 ovirt-vmconsole-proxy-1.0.0-1.el7.centos.noarch ovirt-engine-tools-3.6.2.6-1.el7.centos.noarch ovirt-engine-dbscripts-3.6.2.6-1.el7.centos.noarch ovirt-engine-backend-3.6.2.6-1.el7.centos.noarch ovirt-engine-3.6.2.6-1.el7.centos.noarch ovirt-engine-extension-aaa-ldap-1.1.2-1.el7.centos.noarch ovirt-engine-setup-base-3.6.3.4-1.el7.centos.noarch ovirt-engine-setup-plugin-ovirt-engine-3.6.3.4-1.el7.centos.noarch ovirt-engine-setup-plugin-websocket-proxy-3.6.3.4-1.el7.centos.noarch ovirt-engine-vmconsole-proxy-helper-3.6.3.4-1.el7.centos.noarch ovirt-engine-cli-3.6.2.0-1.el7.centos.noarch ovirt-host-deploy-java-1.4.1-1.el7.centos.noarch ovirt-engine-userportal-3.6.2.6-1.el7.centos.noarch ovirt-engine-webadmin-portal-3.6.2.6-1.el7.centos.noarch ovirt-guest-agent-common-1.0.11-1.el7.noarch ovirt-release36-003-1.noarch ovirt-iso-uploader-3.6.0-1.el7.centos.noarch ovirt-engine-lib-3.6.3.4-1.el7.centos.noarch ovirt-engine-sdk-python-3.6.3.0-1.el7.centos.noarch ovirt-engine-setup-plugin-vmconsole-proxy-helper-3.6.3.4-1.el7.centos.noarch ovirt-engine-websocket-proxy-3.6.3.4-1.el7.centos.noarch ovirt-log-collector-3.6.1-1.el7.centos.noarch ovirt-engine-extensions-api-impl-3.6.3.4-1.el7.centos.noarch --- FreeIPA: [root@ipa01 ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) [root@ipa01 ~]# uname -a Linux ipa01.DOMAIN.COM 3.10.0-327.10.1.el7.x86_64 #1 SMP Tue Feb 16 17:03:50 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux [root@ipa01 ~]# rpm -qa | grep ipa ipa-python-4.2.0-15.el7_2.6.x86_64 ipa-client-4.2.0-15.el7_2.6.x86_64 python-libipa_hbac-1.13.0-40.el7_2.1.x86_64 python-iniparse-0.4-9.el7.noarch libipa_hbac-1.13.0-40.el7_2.1.x86_64 sssd-ipa-1.13.0-40.el7_2.1.x86_64 ipa-admintools-4.2.0-15.el7_2.6.x86_64 ipa-server-4.2.0-15.el7_2.6.x86_64 ipa-server-dns-4.2.0-15.el7_2.6.x86_64 --- Client: [root@test06 ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) [root@test06 ~]# uname -a Linux test06.DOMAIN.COM 3.10.0-327.10.1.el7.x86_64 #1 SMP Tue Feb 16 17:03:50 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux [root@test06 ~]# rpm -qa | grep ipa python-libipa_hbac-1.13.0-40.el7_2.1.x86_64 python-iniparse-0.4-9.el7.noarch sssd-ipa-1.13.0-40.el7_2.1.x86_64 ipa-client-4.2.0-15.0.1.el7.centos.6.x86_64 libipa_hbac-1.13.0-40.el7_2.1.x86_64 ipa-python-4.2.0-15.0.1.el7.centos.6.x86_64 device-mapper-multipath-0.4.9-85.el7.x86_64 device-mapper-multipath-libs-0.4.9-85.el7.x86_64 [root@test06 ~]# rpm -qa | grep guest-agent qemu-guest-agent-2.3.0-4.el7.x86_64 ovirt-guest-agent-pam-module-1.0.11-1.el7.x86_64 ovirt-guest-agent-gdm-plugin-1.0.11-1.el7.noarch ovirt-guest-agent-common-1.0.11-1.el7.noarch --------------------------------------------------- Relevant logs: --- Engine: //var/log/ovirt-engine/engine 2016-03-17 15:22:10,516 INFO [org.ovirt.engine.core.bll.aaa.LoginUserCommand] (default task-22) [] Running command: LoginUserCommand internal: false. 2016-03-17 15:22:10,568 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-22) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User test6@DOMAIN logged in. 2016-03-17 15:22:13,795 WARN [org.ovirt.engine.core.dal.job.ExecutionMessageDirector] (default task-6) [7400ae46] The message key 'VmLogon' is missing from 'bundles/ExecutionMessages' 2016-03-17 15:22:13,839 INFO [org.ovirt.engine.core.bll.VmLogonCommand] (default task-6) [7400ae46] Running command: VmLogonCommand internal: false. Entities affected : ID: 64a84b40-6050-4a96-a59d-d557a317c38c Type: VMAction group CONNECT_TO_VM with role type USER 2016-03-17 15:22:13,842 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand] (default task-6) [7400ae46] START, VmLogonVDSCommand(HostName = host01, VmLogonVDSCommandParameters:{runAsync='true', hostId='225157c0-224b-4aa6-9210-db4de7c7fc30', vmId='64a84b40-6050-4a96-a59d-d557a317c38c', domain='DOMAIN-authz', password='***', userName='test6@DOMAIN'}), log id: 2015a1e0 2016-03-17 15:22:14,848 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand] (default task-6) [7400ae46] FINISH, VmLogonVDSCommand, log id: 2015a1e0 2016-03-17 15:22:15,317 INFO [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-18) [10dad788] Running command: SetVmTicketCommand internal: true. Entities affected : ID: 64a84b40-6050-4a96-a59d-d557a317c38c Type: VMAction group CONNECT_TO_VM with role type USER 2016-03-17 15:22:15,322 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (default task-18) [10dad788] START, SetVmTicketVDSCommand(HostName = host01, SetVmTicketVDSCommandParameters:{runAsync='true', hostId='225157c0-224b-4aa6-9210-db4de7c7fc30', vmId='64a84b40-6050-4a96-a59d-d557a317c38c', protocol='SPICE', ticket='rd8avqvdBnRl', validTime='120', userName='test6', userId='10b2da3e-6401-4a09-a330-c0780bc0faef', disconnectAction='LOCK_SCREEN'}), log id: 72efb73b 2016-03-17 15:22:16,340 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (default task-18) [10dad788] FINISH, SetVmTicketVDSCommand, log id: 72efb73b 2016-03-17 15:22:16,377 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-18) [10dad788] Correlation ID: 10dad788, Call Stack: null, Custom Event ID: -1, Message: User test6@DOMAIN initiated console session for VM test06 2016-03-17 15:22:19,418 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (DefaultQuartzScheduler_Worker-53) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User test6@DOMAIN-authz is connected to VM test06. --- Client: /var/log/ovirt-guest-agent/ovirt-guest-agent.log MainThread::INFO::2016-03-17 15:20:58,145::ovirt-guest-agent::57::root::Starting oVirt guest agent CredServer::INFO::2016-03-17 15:20:58,214::CredServer::257::root::CredServer is running... Dummy-1::INFO::2016-03-17 15:20:58,216::OVirtAgentLogic::294::root::Received an external command: lock-screen... Dummy-1::INFO::2016-03-17 15:22:13,104::OVirtAgentLogic::294::root::Received an external command: login... Dummy-1::INFO::2016-03-17 15:22:13,104::CredServer::207::root::The following users are allowed to connect: [0] Dummy-1::INFO::2016-03-17 15:22:13,104::CredServer::273::root::Opening credentials channel... Dummy-1::INFO::2016-03-17 15:22:13,105::CredServer::132::root::Emitting user authenticated signal (651416). CredChannel::INFO::2016-03-17 15:22:13,188::CredServer::225::root::Incomming connection from user: 0 process: 2570 CredChannel::INFO::2016-03-17 15:22:13,188::CredServer::232::root::Sending user's credential (token: 651416) Dummy-1::INFO::2016-03-17 15:22:13,189::CredServer::277::root::Credentials channel was closed. /var/log/secure Mar 17 15:21:07 test06 gdm-launch-environment]: pam_unix(gdm-launch-environment:session): session opened for user gdm by (uid=0) Mar 17 15:21:10 test06 polkitd[749]: Registered Authentication Agent for unix-session:c1 (system bus name :1.34 [gnome-shell --mode=gdm], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Mar 17 15:22:13 test06 gdm-ovirtcred]: pam_sss(gdm-ovirtcred:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=test6 Mar 17 15:22:13 test06 gdm-ovirtcred]: pam_sss(gdm-ovirtcred:auth): received for user test6: 17 (Failure setting user credentials) /var/log/sssd/krb5_child.log (debug-level 10) (Thu Mar 17 15:22:13 2016) [[sssd[krb5_child[2575]]]] [get_and_save_tgt] (0x0020): 1234: [-1765328360][Preauthentication failed] (Thu Mar 17 15:22:13 2016) [[sssd[krb5_child[2575]]]] [map_krb5_error] (0x0020): 1303: [-1765328360][Preauthentication failed] (Thu Mar 17 15:22:13 2016) [[sssd[krb5_child[2575]]]] [k5c_send_data] (0x0200): Received error code 1432158215 (Thu Mar 17 15:22:13 2016) [[sssd[krb5_child[2575]]]] [pack_response_packet] (0x2000): response packet size: [4] (Thu Mar 17 15:22:13 2016) [[sssd[krb5_child[2575]]]] [k5c_send_data] (0x4000): Response sent. (Thu Mar 17 15:22:13 2016) [[sssd[krb5_child[2575]]]] [main] (0x0400): krb5_child completed successfully /var/log/sssd/sssd_DOMAIN.COM.log (debug-level 10) (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [be_pam_handler] (0x0100): Got request with the following data (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): domain: DOMAIN.COM (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): user: test6 (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): service: gdm-ovirtcred (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): tty: (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): ruser: (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): rhost: (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): authtok type: 1 (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): priv: 1 (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): cli_pid: 2570 (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): logon name: not set (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [krb5_auth_queue_send] (0x1000): Wait queue of user [test6] is empty, running request [0x7fe30df03cc0] immediately. (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [krb5_setup] (0x4000): No mapping for: test6 (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fe30df07120 (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fe30df16590 (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [ldb] (0x4000): Running timer event 0x7fe30df07120 "ltdb_callback" (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [ldb] (0x4000): Destroying timer event 0x7fe30df16590 "ltdb_timeout" (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [ldb] (0x4000): Ending timer event 0x7fe30df07120 "ltdb_callback" (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [get_server_status] (0x1000): Status of server 'ipa01.DOMAIN.COM' is 'working' (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [get_port_status] (0x1000): Port status of port 389 for server 'ipa01.DOMAIN.COM' is 'working' (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6 seconds (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [resolve_srv_send] (0x0200): The status of SRV lookup is resolved (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [get_server_status] (0x1000): Status of server 'ipa01.DOMAIN.COM' is 'working' (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [be_resolve_server_process] (0x1000): Saving the first resolved server (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [be_resolve_server_process] (0x0200): Found address for server ipa01.DOMAIN.COM: [10.0.1.21] TTL 1200 (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [ipa_resolve_callback] (0x0400): Constructed uri 'ldap://ipa01.DOMAIN.COM' (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sss_krb5_realm_has_proxy] (0x0040): profile_get_values failed. (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [child_handler_setup] (0x2000): Setting up signal handler up for pid [2575] (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [child_handler_setup] (0x2000): Signal handler set up for pid [2575] (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [write_pipe_handler] (0x0400): All data has been sent! (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [child_sig_handler] (0x1000): Waiting for child [2575]. (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [child_sig_handler] (0x0100): child [2575] finished successfully. (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [read_pipe_handler] (0x0400): EOF received, client finished (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [check_wait_queue] (0x1000): Wait queue for user [test6] is empty. (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [krb5_auth_queue_done] (0x1000): krb5_auth_queue request [0x7fe30df03cc0] done. (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_print_server] (0x2000): Searching 10.0.1.21 (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(cn=ipaConfig)(objectClass=ipaGuiConfig))][cn=etc,dc=DOMAIN,dc=com]. (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaMigrationEnabled] (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSELinuxUserMapDefault] (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSELinuxUserMapOrder] (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 122 (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_op_add] (0x2000): New operation 122 timeout 60 (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_process_result] (0x2000): Trace: sh[0x7fe30deef090], connected[1], ops[0x7fe30df094a0], ldap[0x7fe30def2920] (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_parse_entry] (0x1000): OriginalDN: [cn=ipaConfig,cn=etc,dc=DOMAIN,dc=com]. (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaMigrationEnabled] (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaSELinuxUserMapDefault] (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaSELinuxUserMapOrder] (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_process_result] (0x2000): Trace: sh[0x7fe30deef090], connected[1], ops[0x7fe30df094a0], ldap[0x7fe30def2920] (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_op_destructor] (0x2000): Operation 122 finished (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_id_op_destroy] (0x4000): releasing operation connection (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [ipa_get_migration_flag_done] (0x0100): Password migration is not enabled. (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 17, <NULL>) [Success (Failure setting user credentials)] (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [be_pam_handler_callback] (0x0100): Sending result [17][DOMAIN.COM] (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [be_pam_handler_callback] (0x0100): Sent result [17][DOMAIN.COM] (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_process_result] (0x2000): Trace: sh[0x7fe30deef090], connected[1], ops[(nil)], ldap[0x7fe30def2920] (Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! ------=_NextPart_000_0050_01D18069.35C995E0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" = xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" = xmlns=3D"http://www.w3.org/TR/REC-html40"><head><meta = http-equiv=3DContent-Type content=3D"text/html; = charset=3Dus-ascii"><meta name=3DGenerator content=3D"Microsoft Word 15 = (filtered medium)"><style></style></head><body lang=3DEN-US = link=3D"#0563C1" vlink=3D"#954F72"><div class=3DWordSection1>Hi,<o:p></o:p><o:p> </o:p>I am having = an issue with getting SSO to work when a standard user(UserRole) logs in = to the UserPortal.<o:p></o:p>The user has = permission to use only this VM, so after login the console is = automatically opened for that VM.<o:p></o:p>Problem is that it doesn't login on the VM system with = the provided credentials. Manual login at the console works without any = issues. <o:p></o:p>HBAC-rule check on IPA shows = access is granted. Client has SELINUX in permissive mode and a disabled = firewalld. <o:p></o:p><o:p> </o:p>On the client side I do see some PAM related errors in = the logs (see details below). Extensive Google search on error 17 = "Failure setting user credentials" didn't show helpful = information :-(<o:p></o:p><o:p> </o:p>AFAIK this = is did a pretty standard set-up, all working with RH-family products. I = would expect others to encounter this issue as well. <o:p></o:p>If someone knows any solution or has some directions = to fix this it would be greatly appreciated.<o:p></o:p><o:p> </o:p>Thanks,<o:p></o:p><o:p> </o:p>Paul<o:p></o:p><o:p> </o:p>------------------------------------------------------<= o:p></o:p>System setup: I have 3 systems = <o:p></o:p><o:p> </o:p>The connection between the Engine and IPA is working = fine. (I can log in with IPA users etc.) Connection is made according to = this document: = https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtuali= zation/3.6/html-single/Administration_Guide/index.html#sect-Configuring_a= n_External_LDAP_Provider<o:p></o:p><o:p> </o:p>Configuration of the client is done according to this = document: = https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtuali= zation/3.6/html/Virtual_Machine_Management_Guide/chap-Additional_Configur= ation.html#sect-Configuring_Single_Sign-On_for_Virtual_Machines<o:p></o:p= ><o:p> </o:p>--- = Hosted Engine:<o:p></o:p>[root@engine ~]# cat = /etc/redhat-release<o:p></o:p>CentOS Linux = release 7.2.1511 (Core)<o:p></o:p>[root@engine = ~]# uname -a<o:p></o:p>Linux engine.DOMAIN.COM = 3.10.0-327.10.1.el7.x86_64 #1 SMP Tue Feb 16 17:03:50 UTC 2016 x86_64 = x86_64 x86_64 GNU/Linux<o:p></o:p>[root@engine = ~]# rpm -qa | grep ovirt<o:p></o:p>ovirt-vmconsole-1.0.0-1.el7.centos.noarch<o:p></o:p></p= >ovirt-engine-restapi-3.6.2.6-1.el7.centos.noarch<o:p></= o:p>ovirt-setup-lib-1.0.1-1.el7.centos.noarch<o:p></o:p></p= >ovirt-engine-setup-plugin-ovirt-engine-common-3.6.3.4-1= .el7.centos.noarch<o:p></o:p>ovirt-engine-setup-3.6.3.4-1.el7.centos.noarch<o:p></o:= p>ovirt-image-uploader-3.6.0-1.el7.centos.noarch<o:p></o:= p>ovirt-engine-extension-aaa-jdbc-1.0.5-1.el7.noarch<o:p>= </o:p>ovirt-host-deploy-1.4.1-1.el7.centos.noarch<o:p></o:p><= /p>ovirt-engine-extension-aaa-ldap-setup-1.1.2-1.el7.cento= s.noarch<o:p></o:p>ovirt-engine-wildfly-overlay-8.0.4-1.el7.noarch<o:p></o= :p>ovirt-engine-wildfly-8.2.1-1.el7.x86_64<o:p></o:p><= p = class=3DMsoNormal>ovirt-vmconsole-proxy-1.0.0-1.el7.centos.noarch<o:p></o= :p>ovirt-engine-tools-3.6.2.6-1.el7.centos.noarch<o:p></o:= p>ovirt-engine-dbscripts-3.6.2.6-1.el7.centos.noarch<o:p>= </o:p>ovirt-engine-backend-3.6.2.6-1.el7.centos.noarch<o:p></= o:p>ovirt-engine-3.6.2.6-1.el7.centos.noarch<o:p></o:p>= ovirt-engine-extension-aaa-ldap-1.1.2-1.el7.centos.noar= ch<o:p></o:p>ovirt-engine-setup-base-3.6.3.4-1.el7.centos.noarch<o:p= ></o:p>ovirt-engine-setup-plugin-ovirt-engine-3.6.3.4-1.el7.ce= ntos.noarch<o:p></o:p>ovirt-engine-setup-plugin-websocket-proxy-3.6.3.4-1.el7= .centos.noarch<o:p></o:p>ovirt-engine-vmconsole-proxy-helper-3.6.3.4-1.el7.cento= s.noarch<o:p></o:p>ovirt-engine-cli-3.6.2.0-1.el7.centos.noarch<o:p></o:p>= ovirt-host-deploy-java-1.4.1-1.el7.centos.noarch<o:p></= o:p>ovirt-engine-userportal-3.6.2.6-1.el7.centos.noarch<o:p= ></o:p>ovirt-engine-webadmin-portal-3.6.2.6-1.el7.centos.noarc= h<o:p></o:p>ovirt-guest-agent-common-1.0.11-1.el7.noarch<o:p></o:p>= ovirt-release36-003-1.noarch<o:p></o:p>ovirt-iso-uploader-3.6.0-1.el7.centos.noarch<o:p></o:p>= ovirt-engine-lib-3.6.3.4-1.el7.centos.noarch<o:p></o:p>= ovirt-engine-sdk-python-3.6.3.0-1.el7.centos.noarch<o:p= ></o:p>ovirt-engine-setup-plugin-vmconsole-proxy-helper-3.6.3.= 4-1.el7.centos.noarch<o:p></o:p>ovirt-engine-websocket-proxy-3.6.3.4-1.el7.centos.noarc= h<o:p></o:p>ovirt-log-collector-3.6.1-1.el7.centos.noarch<o:p></o:p= >ovirt-engine-extensions-api-impl-3.6.3.4-1.el7.centos.n= oarch<o:p></o:p><o:p> </o:p>--- FreeIPA:<o:p></o:p>[root@ipa01 ~]# cat = /etc/redhat-release<o:p></o:p>CentOS Linux = release 7.2.1511 (Core) <o:p></o:p>[root@ipa01 = ~]#  uname -a<o:p></o:p>Linux = ipa01.DOMAIN.COM 3.10.0-327.10.1.el7.x86_64 #1 SMP Tue Feb 16 17:03:50 = UTC 2016 x86_64 x86_64 x86_64 GNU/Linux<o:p></o:p>[root@ipa01 ~]# rpm -qa | grep ipa<o:p></o:p>ipa-python-4.2.0-15.el7_2.6.x86_64<o:p></o:p>ipa-client-4.2.0-15.el7_2.6.x86_64<o:p></o:p>python-libipa_hbac-1.13.0-40.el7_2.1.x86_64<o:p></o:p><= /p>python-iniparse-0.4-9.el7.noarch<o:p></o:p>libipa_hbac-1.13.0-40.el7_2.1.x86_64<o:p></o:p>sssd-ipa-1.13.0-40.el7_2.1.x86_64<o:p></o:p>ipa-admintools-4.2.0-15.el7_2.6.x86_64<o:p></o:p><p= class=3DMsoNormal>ipa-server-4.2.0-15.el7_2.6.x86_64<o:p></o:p>ipa-server-dns-4.2.0-15.el7_2.6.x86_64<o:p></o:p><p= class=3DMsoNormal><o:p> </o:p>--- = Client:<o:p></o:p>[root@test06 ~]# cat = /etc/redhat-release<o:p></o:p>CentOS Linux = release 7.2.1511 (Core) <o:p></o:p>[root@test06 = ~]# uname -a<o:p></o:p>Linux test06.DOMAIN.COM = 3.10.0-327.10.1.el7.x86_64 #1 SMP Tue Feb 16 17:03:50 UTC 2016 x86_64 = x86_64 x86_64 GNU/Linux<o:p></o:p>[root@test06 = ~]# rpm -qa | grep ipa<o:p></o:p>python-libipa_hbac-1.13.0-40.el7_2.1.x86_64<o:p></o:p><= /p>python-iniparse-0.4-9.el7.noarch<o:p></o:p>sssd-ipa-1.13.0-40.el7_2.1.x86_64<o:p></o:p>ipa-client-4.2.0-15.0.1.el7.centos.6.x86_64<o:p></o:p><= /p>libipa_hbac-1.13.0-40.el7_2.1.x86_64<o:p></o:p>ipa-python-4.2.0-15.0.1.el7.centos.6.x86_64<o:p></o:p><= /p>device-mapper-multipath-0.4.9-85.el7.x86_64<o:p></o:p><= /p>device-mapper-multipath-libs-0.4.9-85.el7.x86_64<o:p></= o:p>[root@test06 ~]# rpm -qa | grep = guest-agent<o:p></o:p>qemu-guest-agent-2.3.0-4.el7.x86_64<o:p></o:p>ovirt-guest-agent-pam-module-1.0.11-1.el7.x86_64<o:p></= o:p>ovirt-guest-agent-gdm-plugin-1.0.11-1.el7.noarch<o:p></= o:p>ovirt-guest-agent-common-1.0.11-1.el7.noarch<o:p></o:p>= <o:p> </o:p>---------------------------------------------------<o:p= ></o:p>Relevant logs:<o:p></o:p>--- Engine:<o:p></o:p>//var/log/ovirt-engine/engine<o:p></o:p>2016-03-17 15:22:10,516 INFO  = [org.ovirt.engine.core.bll.aaa.LoginUserCommand] (default task-22) [] = Running command: LoginUserCommand internal: false.<o:p></o:p>2016-03-17 15:22:10,568 INFO  = [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] = (default task-22) [] Correlation ID: null, Call Stack: null, Custom = Event ID: -1, Message: User test6@DOMAIN logged in.<o:p></o:p>2016-03-17 15:22:13,795 WARN  = [org.ovirt.engine.core.dal.job.ExecutionMessageDirector] (default = task-6) [7400ae46] The message key 'VmLogon' is missing from = 'bundles/ExecutionMessages'<o:p></o:p>2016-03-17 15:22:13,839 INFO  = [org.ovirt.engine.core.bll.VmLogonCommand] (default task-6) [7400ae46] = Running command: VmLogonCommand internal: false. Entities affected = :  ID: 64a84b40-6050-4a96-a59d-d557a317c38c Type: VMAction group = CONNECT_TO_VM with role type USER<o:p></o:p>2016-03-17 15:22:13,842 INFO  = [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand] (default = task-6) [7400ae46] START, VmLogonVDSCommand(HostName =3D host01, = VmLogonVDSCommandParameters:{runAsync=3D'true', = hostId=3D'225157c0-224b-4aa6-9210-db4de7c7fc30', = vmId=3D'64a84b40-6050-4a96-a59d-d557a317c38c', domain=3D'DOMAIN-authz', = password=3D'***', userName=3D'test6@DOMAIN'}), log id: = 2015a1e0<o:p></o:p>2016-03-17 15:22:14,848 = INFO  [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand] = (default task-6) [7400ae46] FINISH, VmLogonVDSCommand, log id: = 2015a1e0<o:p></o:p>2016-03-17 15:22:15,317 = INFO  [org.ovirt.engine.core.bll.SetVmTicketCommand] (default = task-18) [10dad788] Running command: SetVmTicketCommand internal: true. = Entities affected :  ID: 64a84b40-6050-4a96-a59d-d557a317c38c Type: = VMAction group CONNECT_TO_VM with role type USER<o:p></o:p>2016-03-17 15:22:15,322 INFO  = [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] = (default task-18) [10dad788] START, SetVmTicketVDSCommand(HostName =3D = host01, SetVmTicketVDSCommandParameters:{runAsync=3D'true', = hostId=3D'225157c0-224b-4aa6-9210-db4de7c7fc30', = vmId=3D'64a84b40-6050-4a96-a59d-d557a317c38c', protocol=3D'SPICE', = ticket=3D'rd8avqvdBnRl', validTime=3D'120', userName=3D'test6', = userId=3D'10b2da3e-6401-4a09-a330-c0780bc0faef', = disconnectAction=3D'LOCK_SCREEN'}), log id: 72efb73b<o:p></o:p>2016-03-17 15:22:16,340 INFO  = [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] = (default task-18) [10dad788] FINISH, SetVmTicketVDSCommand, log id: = 72efb73b<o:p></o:p>2016-03-17 15:22:16,377 = INFO  = [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] = (default task-18) [10dad788] Correlation ID: 10dad788, Call Stack: null, = Custom Event ID: -1, Message: User test6@DOMAIN initiated console = session for VM test06<o:p></o:p>2016-03-17 = 15:22:19,418 INFO  = [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] = (DefaultQuartzScheduler_Worker-53) [] Correlation ID: null, Call Stack: = null, Custom Event ID: -1, Message: User test6@DOMAIN-authz is connected = to VM test06.<o:p></o:p><o:p> </o:p>--- Client:<o:p></o:p>/var/log/ovirt-guest-agent/ovirt-guest-agent.log<o:p></= o:p>MainThread::INFO::2016-03-17 = 15:20:58,145::ovirt-guest-agent::57::root::Starting oVirt guest = agent<o:p></o:p>CredServer::INFO::2016-03-17 = 15:20:58,214::CredServer::257::root::CredServer is = running...<o:p></o:p>Dummy-1::INFO::2016-03-17 = 15:20:58,216::OVirtAgentLogic::294::root::Received an external command: = lock-screen...<o:p></o:p>Dummy-1::INFO::2016-03-17 = 15:22:13,104::OVirtAgentLogic::294::root::Received an external command: = login...<o:p></o:p>Dummy-1::INFO::2016-03-17 = 15:22:13,104::CredServer::207::root::The following users are allowed to = connect: [0]<o:p></o:p>Dummy-1::INFO::2016-03-17 = 15:22:13,104::CredServer::273::root::Opening credentials = channel...<o:p></o:p>Dummy-1::INFO::2016-03-17 = 15:22:13,105::CredServer::132::root::Emitting user authenticated signal = (651416).<o:p></o:p>CredChannel::INFO::2016-03-17 = 15:22:13,188::CredServer::225::root::Incomming connection from user: 0 = process: 2570<o:p></o:p>CredChannel::INFO::2016-03-17 = 15:22:13,188::CredServer::232::root::Sending user's credential (token: = 651416)<o:p></o:p>Dummy-1::INFO::2016-03-17 = 15:22:13,189::CredServer::277::root::Credentials channel was = closed.<o:p></o:p><o:p> </o:p>/var/log/secure<o:p></o:p>Mar = 17 15:21:07 test06 gdm-launch-environment]: = pam_unix(gdm-launch-environment:session): session opened for user gdm by = (uid=3D0)<o:p></o:p>Mar 17 15:21:10 test06 = polkitd[749]: Registered Authentication Agent for unix-session:c1 = (system bus name :1.34 [gnome-shell --mode=3Dgdm], object path = /org/freedesktop/PolicyKit1/AuthenticationAgent, locale = en_US.UTF-8)<o:p></o:p>Mar 17 15:22:13 test06 = gdm-ovirtcred]: pam_sss(gdm-ovirtcred:auth): authentication failure; = logname=3D uid=3D0 euid=3D0 tty=3D ruser=3D rhost=3D = user=3Dtest6<o:p></o:p>Mar 17 15:22:13 test06 gdm-ovirtcred]: = pam_sss(gdm-ovirtcred:auth): received for user test6: 17 (Failure = setting user credentials)<o:p></o:p><o:p> </o:p>/var/log/sssd/krb5_child.log (debug-level = 10)<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [[sssd[krb5_child[2575]]]] [get_and_save_tgt] (0x0020): 1234: = [-1765328360][Preauthentication failed]<o:p></o:p>(Thu Mar 17 15:22:13 = 2016) [[sssd[krb5_child[2575]]]] [map_krb5_error] (0x0020): 1303: = [-1765328360][Preauthentication failed]<o:p></o:p>(Thu Mar 17 15:22:13 = 2016) [[sssd[krb5_child[2575]]]] [k5c_send_data] (0x0200): Received = error code 1432158215<o:p></o:p>(Thu = Mar 17 15:22:13 2016) [[sssd[krb5_child[2575]]]] [pack_response_packet] = (0x2000): response packet size: [4]<o:p></o:p>(Thu Mar 17 15:22:13 2016) [[sssd[krb5_child[2575]]]] = [k5c_send_data] (0x4000): Response sent.<o:p></o:p>(Thu Mar 17 15:22:13 2016) [[sssd[krb5_child[2575]]]] = [main] (0x0400): krb5_child completed successfully<o:p></o:p><o:p> </o:p>/var/log/sssd/sssd_DOMAIN.COM.log (debug-level = 10)<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [be_pam_handler] (0x0100): Got request with the = following data<o:p></o:p>(Thu Mar 17 15:22:13 = 2016) [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): command: = PAM_AUTHENTICATE<o:p></o:p>(Thu Mar 17 15:22:13 = 2016) [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): domain: = DOMAIN.COM<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): user: = test6<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): service: = gdm-ovirtcred<o:p></o:p>(Thu Mar 17 15:22:13 = 2016) [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): = tty:<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): = ruser:<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): = rhost:<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): authtok type: = 1<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): newauthtok type: = 0<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): priv: = 1<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): cli_pid: = 2570<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [pam_print_data] (0x0100): logon name: not = set<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [krb5_auth_queue_send] (0x1000): Wait queue of = user [test6] is empty, running request [0x7fe30df03cc0] = immediately.<o:p></o:p>(Thu Mar 17 15:22:13 = 2016) [sssd[be[DOMAIN.COM]]] [krb5_setup] (0x4000): No mapping for: = test6<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [ldb] (0x4000): Added timed event = "ltdb_callback": 0x7fe30df07120<o:p></o:p><o:p> </o:p>(Thu Mar 17 = 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [ldb] (0x4000): Added timed event = "ltdb_timeout": 0x7fe30df16590<o:p></o:p><o:p> </o:p>(Thu Mar 17 = 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [ldb] (0x4000): Running timer = event 0x7fe30df07120 "ltdb_callback"<o:p></o:p><o:p> </o:p>(Thu Mar 17 = 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [ldb] (0x4000): Destroying timer = event 0x7fe30df16590 "ltdb_timeout"<o:p></o:p><o:p> </o:p>(Thu Mar 17 = 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [ldb] (0x4000): Ending timer event = 0x7fe30df07120 "ltdb_callback"<o:p></o:p><o:p> </o:p>(Thu Mar 17 = 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [fo_resolve_service_send] = (0x0100): Trying to resolve service 'IPA'<o:p></o:p>(Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] = [get_server_status] (0x1000): Status of server 'ipa01.DOMAIN.COM' is = 'working'<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [get_port_status] (0x1000): Port status of port = 389 for server 'ipa01.DOMAIN.COM' is 'working'<o:p></o:p>(Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] = [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6 = seconds<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [resolve_srv_send] (0x0200): The status of SRV = lookup is resolved<o:p></o:p>(Thu Mar 17 = 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [get_server_status] (0x1000): = Status of server 'ipa01.DOMAIN.COM' is 'working'<o:p></o:p>(Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] = [be_resolve_server_process] (0x1000): Saving the first resolved = server<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [be_resolve_server_process] (0x0200): Found = address for server ipa01.DOMAIN.COM: [10.0.1.21] TTL = 1200<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [ipa_resolve_callback] (0x0400): Constructed uri = 'ldap://ipa01.DOMAIN.COM'<o:p></o:p>(Thu Mar 17 = 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sss_krb5_realm_has_proxy] = (0x0040): profile_get_values failed.<o:p></o:p>(Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] = [child_handler_setup] (0x2000): Setting up signal handler up for pid = [2575]<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [child_handler_setup] (0x2000): Signal handler = set up for pid [2575]<o:p></o:p>(Thu Mar 17 = 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [write_pipe_handler] (0x0400): All = data has been sent!<o:p></o:p>(Thu Mar 17 = 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [child_sig_handler] (0x1000): = Waiting for child [2575].<o:p></o:p><o:p> </o:p>(Thu Mar 17 = 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [child_sig_handler] (0x0100): = child [2575] finished successfully.<o:p></o:p>(Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] = [read_pipe_handler] (0x0400): EOF received, client = finished<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [check_wait_queue] (0x1000): Wait queue for user = [test6] is empty.<o:p></o:p>(Thu Mar 17 = 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [krb5_auth_queue_done] (0x1000): = krb5_auth_queue request [0x7fe30df03cc0] done.<o:p></o:p>(Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] = [sdap_id_op_connect_step] (0x4000): reusing cached = connection<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [sdap_print_server] (0x2000): Searching = 10.0.1.21<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [sdap_get_generic_ext_step] (0x0400): calling = ldap_search_ext with = [(&(cn=3DipaConfig)(objectClass=3DipaGuiConfig))][cn=3Detc,dc=3DDOMAI= N,dc=3Dcom].<o:p></o:p>(Thu Mar 17 15:22:13 = 2016) [sssd[be[DOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): = Requesting attrs: [ipaMigrationEnabled]<o:p></o:p>(Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] = [sdap_get_generic_ext_step] (0x1000): Requesting attrs: = [ipaSELinuxUserMapDefault]<o:p></o:p>(Thu Mar = 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_get_generic_ext_step] = (0x1000): Requesting attrs: [ipaSELinuxUserMapOrder]<o:p></o:p>(Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] = [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid =3D = 122<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [sdap_op_add] (0x2000): New operation 122 timeout = 60<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [sdap_process_result] (0x2000): Trace: = sh[0x7fe30deef090], connected[1], ops[0x7fe30df094a0], = ldap[0x7fe30def2920]<o:p></o:p>(Thu Mar 17 = 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_process_message] (0x4000): = Message type: [LDAP_RES_SEARCH_ENTRY]<o:p></o:p>(Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] = [sdap_parse_entry] (0x1000): OriginalDN: = [cn=3DipaConfig,cn=3Detc,dc=3DDOMAIN,dc=3Dcom].<o:p></o:p>(Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] = [sdap_parse_range] (0x2000): No sub-attributes for = [ipaMigrationEnabled]<o:p></o:p>(Thu Mar 17 = 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_parse_range] (0x2000): No = sub-attributes for [ipaSELinuxUserMapDefault]<o:p></o:p>(Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] = [sdap_parse_range] (0x2000): No sub-attributes for = [ipaSELinuxUserMapOrder]<o:p></o:p>(Thu Mar 17 = 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_process_result] (0x2000): = Trace: sh[0x7fe30deef090], connected[1], ops[0x7fe30df094a0], = ldap[0x7fe30def2920]<o:p></o:p>(Thu Mar 17 = 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [sdap_process_message] (0x4000): = Message type: [LDAP_RES_SEARCH_RESULT]<o:p></o:p>(Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] = [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no = errmsg set<o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [sdap_op_destructor] (0x2000): Operation 122 = finished <o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [sdap_id_op_destroy] (0x4000): releasing = operation connection <o:p></o:p>(Thu Mar 17 = 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [ipa_get_migration_flag_done] = (0x0100): Password migration is not enabled. <o:p></o:p>(Thu Mar 17 15:22:13 = 2016) [sssd[be[DOMAIN.COM]]] [be_pam_handler_callback] (0x0100): Backend = returned: (0, 17, <NULL>) [Success (Failure setting user = credentials)] <o:p></o:p>(Thu Mar 17 = 15:22:13 2016) [sssd[be[DOMAIN.COM]]] [be_pam_handler_callback] = (0x0100): Sending result [17][DOMAIN.COM] <o:p></o:p>(Thu Mar 17 15:22:13 2016) [sssd[be[DOMAIN.COM]]] = [be_pam_handler_callback] (0x0100): Sent result [17][DOMAIN.COM] = <o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [sdap_process_result] (0x2000): Trace: = sh[0x7fe30deef090], connected[1], ops[(nil)], ldap[0x7fe30def2920] = <o:p></o:p>(Thu Mar 17 15:22:13 2016) = [sssd[be[DOMAIN.COM]]] [sdap_process_result] (0x2000): Trace: = ldap_result found nothing!<o:p></o:p><o:p> </o:p> = <o:p></o:p><o:p> </o:p><o:p> </o:p><o:p> </o:p><o:p> </o:p><o:p> </o:p><o:p> </o:p><o:p> </o:p></div></body></html> ------=_NextPart_000_0050_01D18069.35C995E0--

7 years, 7 months

2
5
0 / 0

Best Storage Option: iSCSI/NFS/GlusterFS?

by Charles Tassell

Hi Everyone, I'm about to setup an oVirt cluster with two hosts hitting a Linux storage server. Since the Linux box can provide the storage in pretty much any form, I'm wondering which option is "best." Our primary focus is on reliability, with performance being a close second. Since we will only be using a single storage server I was thinking NFS would probably beat out GlusterFS, and that NFSv4 would be a better choice than NFSv3. I had assumed that that iSCSI would be better performance wise, but from what I'm seeing online that might not be the case. Our servers will be using a 1G network backbone for regular traffic and a dedicated 10G backbone with LACP for redundancy and extra bandwidth for storage traffic if that makes a difference. I'll probably try to do some performance benchmarks with 2-3 options, but the reliability issue is a little harder to test for. Has anyone had any particularly bad experiences with a particular storage option? We have been using iSCSI with a Dell MD3x00 SAN and have run into a bunch of issues with the multipath setup, but that won't be a problem with the new SAN since it's only got a single controller interface.

7 years, 7 months

4
8
0 / 0

After adding ISCSI storage on ovirt 4.0 (both engine and node) , storage doesnt come up

by martin chamambo

For some reason when i add iscsi storage on my ovirtNode it works like a charm , but when i reboot the ovirtengine and node , the storage doesnt come up and on the storage tab , i have noticed that the USE HOST dropdown is empty NB:iscsi and iscsid are running on the node and the LUN is active

7 years, 7 months

2
2
0 / 0

Python-SDK4: How to list user permissions?

by nicolas＠devels.es

Hi, I'm trying to get a user's list of permissions, i.e., list all permissions a user have on VMs and VmPools. In SDK3 that was easy as I could run (being 'u' a User object): for perm in u.permissions.list(): vm = perm.get_vm() vmpool = perm.get_vmpool() if vm or vmpool: print "User has some permissions!" In SDK4 I cannot reproduce the same logic. u.permissions returns an empty list ([]). What I have so far is something like this: for u in users_serv.list(): if u.user_name == 'admin@internal': continue vms_service = sys_serv.vms_service() for vm in vms_service.list(): vms = vms_service.vm_service(id=vm.id) ps = vms.permissions_service() for perm in ps.list(): perm_service = ps.permission_service(id=perm.id) getperm = perm_service.get() if getperm.user.user_name == u.user_name: print "Permission for %s" % (u.user_name) if getperm.vm: print "VM: %s" % (getperm.vm.id) if getperm.vm_pool: print "VmPool: %s" % (getperm.vm_pool.id) However, this seems a bit overkill. We have nearly 850 VMs and for a single user this takes about 25 minutes to run. Additionally, it doesn't seem to return any permission, although I know this user has some permissions over 2 VMs (not sure where is it messed up). I also tried using the system_service.permissions_service() but it seems to return only the global permissions. Is there an easier way to do this? Thanks!

7 years, 7 months

5
14
0 / 0

Installation of ovirtNode3.6 on VMware workstation is failing

by martin chamambo

Good day I am using ovirtEngine 4.0 and ovirtnode 4.0 .... on the same engine i also need to test ovirtNode 3.6 since its supported. Initially i struggled with installing ovirt engine 4.0 until i selected LVM thin provisioning the same trick is not working with ovirtNode3.6 ....any type of partition ,standard partition ,LVM ,LVM thin provisioning is not working is there anyone who experienced the same issue

7 years, 7 months

3
6
0 / 0

New SAN Storage Domain: Cannot deactivate Logical Volume

by Николаев Алексей

7 years, 7 months

3
8
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Users March 2017