remote-viewer Spice Problem on MacOS
by hpeyerl@plusline.net
Hi all,
we are currently experiencing a weird problem with oVirt and the spice console on MacOS:
Occasionally when our Mac Users are connecting to a Spice Console of any oVirt VM it opens the usual window but just displays the message: "Connected to graphic server". When a Linux user now connects to it and closes the connection the Mac user can also connect again normally.
I have tried https://www.spice-space.org/osx-client.html and https://rizvir.com/articles/ovirt-mac-console/ with exactly the same behaviour. The Issue appears on several different MacOS Versions and we believe it started after our upgrade to oVirt 4.2.
MacOS Version: 10.13.5
oVirt Version: 4.2.3.8-1.el7
Any help or suggestion is greatly appreciated.
Best regards,
Hendrik
7 years
LDAP login extension
by Mariusz Kozakowski
Hello,
We managed to setup oVirt Engine with your help, now we're facing other issue.
I'm trying to configure AD auth for web portal, but unfortunately I got error during ovirt-engine-extension-aaa-ldap-setup:
2018-06-27 09:06:21,926+02 INFO ========================================================================
2018-06-27 09:06:21,926+02 INFO ============================== Execution ===============================
2018-06-27 09:06:21,926+02 INFO ========================================================================
2018-06-27 09:06:21,927+02 INFO Iteration: 0
2018-06-27 09:06:21,928+02 INFO Profile='ad' authn='ad-authn' authz='ad-authz' mapping='null'
2018-06-27 09:06:21,928+02 INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='ad' user='username'
2018-06-27 09:06:21,945+02 INFO API: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='ad' result=SUCCESS
2018-06-27 09:06:21,948+02 INFO --- Begin AuthRecord ---
2018-06-27 09:06:21,949+02 INFO AAA_AUTHN_AUTH_RECORD_PRINCIPAL: username
2018-06-27 09:06:21,949+02 INFO --- End AuthRecord ---
2018-06-27 09:06:21,950+02 INFO API: -->Authz.InvokeCommands.FETCH_PRINCIPAL_RECORD principal='username'
2018-06-27 09:06:21,952+02 WARNING Ignoring records from pool: 'gc'
2018-06-27 09:06:21,953+02 SEVERE Cannot resolve principal 'username'
Do you have any idea what's the issue and what we're missing? As it looks like credentials are correct - passing wrong username gives fail earlier, so issue is somewhere after authentication.
--
Best regards/Pozdrawiam/MfG
Mariusz Kozakowski
Site Reliability Engineer
Dansk Supermarked Group
Baltic Business Park
ul. 1 Maja 38-39
71-627 Szczecin
dansksupermarked.com
7 years
oVirt Authentication and Authorization
by Hari Prasanth Loganathan
Hi Team,
We have three components in our setup
1) Our Script (application using python)
2) Ovirt
3) LDAP (Also integrated to oVirt)
1) Our Python application is authenticating to LDAP and it creates a token
for our application
2) For accessing the API's in oVIrt, I need to contact to the oVirt API
which authenticates and creates a token for it
3) then I need to maintain the token of my application with its mapping to
the ovirt tokenId in my application.
When I want to hit any oVirt API, First I perform the token check in my
application (using my application token) then I need to perform the ovirt
token check in oVirt.
1)
* I would like to know Is there a way to skip the authentication and
authorization in oVIrt? *
2)* Or Is it possible to point the authentication check for oVirt (to my
application / to some URL which I configure) which always return true and
allow for all oVirt API's?*
*I did some analysis and verified the oVirt code in github, Identified that
it is going via a fliter in web.xml which points to the class, Is it
possible to tune this? *
<filter>
<filter-name>RestApiSessionValidationFilter</filter-name>
<filter-class>org.ovirt.engine.core.aaa.filters.RestApiSessionValidationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>RestApiSessionValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>SessionValidationFilter</filter-name>
<filter-class>org.ovirt.engine.core.aaa.filters.SessionValidationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SessionValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>SsoRestApiAuthFilter</filter-name>
<filter-class>org.ovirt.engine.core.aaa.filters.SsoRestApiAuthFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SsoRestApiAuthFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>SsoRestApiNegotiationFilter</filter-name>
<filter-class>org.ovirt.engine.core.aaa.filters.SsoRestApiNegotiationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SsoRestApiNegotiationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
If my query is not clear, please let me know.
Thanks,
Hari
7 years
Re: Engine Setup Error
by Sahina Bose
vdsm.log does indicate an error connecting to the engine gluster volume.
I should have been more specific - I requested for the engine volume mount
logs from the host, under
/var/log/glusterfs/rhev-data-center-mnt-glusterSD...engine.log
Also, please provide output of "gluster volume status engine" and "gluster
peer status"
On Wed, Jul 4, 2018 at 1:04 PM, Sakhi Hadebe <sakhi(a)sanren.ac.za> wrote:
> Thank you for your quick response.
>
> Attached please find the log files:
>
>
>
> On Wed, Jul 4, 2018 at 7:37 AM, Yedidyah Bar David <didi(a)redhat.com>
> wrote:
>
>> On Tue, Jul 3, 2018 at 3:28 PM, Sakhi Hadebe <sakhi(a)sanren.ac.za> wrote:
>> > Hi,
>> >
>> > We are deploying the hosted engine on oVirt-Node-4.2.3.1 using the
>> command
>> > "hosted-engine --deploy".
>> >
>> > After providing answers it runs the ansible script and hit the Error
>> when
>> > creating glusterfs storage domain. Attached the screenshot of the ERROR.
>>
>> Adding Sahina.
>>
>> Please check/share relevant logs from the host. Thanks.
>>
>> Best regards,
>> --
>> Didi
>>
>
>
>
> --
> Regards,
> Sakhi Hadebe
>
> Engineer: South African National Research Network (SANReN)Competency Area, Meraka, CSIR
>
> Tel: +27 12 841 2308 <+27128414213>
> Fax: +27 12 841 4223 <+27128414223>
> Cell: +27 71 331 9622 <+27823034657>
> Email: sakhi(a)sanren.ac.za <shadebe(a)csir.co.za>
>
>
7 years
API token in postgres
by Hari Prasanth Loganathan
Hi Team,
Which postgres table is used to store the relation between sessionId and
SSO token ?
I verified the *github* :
https://github.com/oVirt/ovirt-engine/blob/d910a6e14bdb9fad0f21b8d9f22723...
*Code** :*
QueryReturnValue queryRetVal = FiltersHelper.getBackend(ctx).runPublicQuery(
QueryType.*GetEngineSessionIdForSsoToken*,
new GetEngineSessionIdForSsoTokenQueryParameters(token));
Which table in postgres has the mapping between sessionId and sso token?
Could somebody help me on this?
Thanks,
Hari
7 years
Fresh 4.2 install: engine-setup skipping NFS share step
by davemintz64@gmail.com
Any idea why the install script is not asking me if I want to set up the local ISO nfs share? I thought it might be because I am using the entire disk, but I tried creating a separate partition/mount for ti and it still didn't work.
This is what I see:
--== APACHE CONFIGURATION ==--
Setup can configure the default page of the web server to present the application home page. This may conflict with existing applications.
Do you wish to set the application as the default page of the web server? (Yes, No) [Yes]:
Setup can configure apache to use SSL using a certificate issued from the internal CA.
Do you wish Setup to configure that, or prefer to perform that manually? (Automatic, Manual) [Automatic]:
--== SYSTEM CONFIGURATION ==--
[The NFS questions should be here but it is blank]
--== MISC CONFIGURATION ==--
Please choose Data Warehouse sampling scale:
(1) Basic
(2) Full
Thanks in advance.
Dave
7 years
ovirt-guest-agent-common version and repo
by Gianluca Cecchi
Hello,
on CentOS 7.x VM with epel enabled it seems that latest package
is ovirt-guest-agent-common-1.0.14-1.el7.noarch and from its changelog it
seems far from being up 2 date and released before 4.2.0 release...
* Thu Nov 02 2017 Tomáš Golembiovský <tgolembi(a)redhat.com> - 1.0.14-1
- Bump to version 1.0.14
- Changed link to upstream sources
Am I doing something wrong with it and its repo or is it not so important
component even after upgrading to oVirt 4.2.x?
Thanks,
Gianluca
7 years
Ovirt and L2 Gateway
by carlgrundholm@gmail.com
I have install ovirt 4.2.3 and everything seems to be working fine: I can create virtual (Geneve overlay) networks for communication between virtual machines via the external provider ovirt-provider-ovn by using the OWS switch on the cluster. Live migrations and everything else within the virtual environment works perfectly :-)
For connections from virtual machines to physical VLAN's in a switch, I can also create a logical network which is created using the external provider ovirt-provider-ovn by specifying a connection to a physical VLAN network created as a separate data center network. This method requires that all ovirt-nodes (hosts) in the cluster have access to the physical network though.
What I am looking for is a way to implement a L2 Gateway such that (not all) ovirt nodes (hosts) need to have direct access to the physical network. What I am looking for is a way where virtual machines can communicate with the L2 Gateway via virtual (Geneve overlay) networks. On the L2 Gateway the virtual network shall then be bridged to the physical VLAN on a dedicated network interface. My goal is that the virtual network and the physical network becomes one big broadcast domain.
This concept has been described by different people on the Internet such as these articles:
- https://weiti.org/ovn/2018/01/03/ovn-l2-breakout-options
- https://wiki.openstack.org/wiki/Neutron/L2-GW
How can I accomplish something similar in an ovirt-environment?
Thanks in advance,
Carl Grundholm
7 years
Dedicated underlay network for overlay traffic
by carlgrundholm@gmail.com
I am going to be using OVN Geneve overlay networks extensively and I expect a lot of traffic on the underlay network being used for transmission of the tunnel traffic.
In oVirt the default seems to be that the network "ovirtmgmt" is being used for the underlay network - which could cause problems for management traffic if vms are saturating the link with traffic on different OVN overlay networks.
When selecting a specific cluster, selecting "Logical Networks" and pressing the "Manage Networks" button it is possible to specify that a specific Data Center Network shall be limited to one or more of the following traffic types:
- VM Network
- Management
- Display Network
- Migration Network
- Gluster Network
- Default Route
Here I miss an option called "Underlay Network for OVN Geneve traffic" or similar.
Is there a way - e.g. by editing some configuration files on the oVirt engine and on the oVirt nodes - to divert all overlay Geneve traffic away from the management interface unto a dedicated network interface?
Carl
7 years
