Slightly confused by KeyCloak
by theo.pirkl@hesge.ch
Hi there,
We've decided to use oVirt for our school datacenter and I'm setting up a PoC to show it could work for our needs.
So far, I've managed to deploy a single hosted engine to iSCSI by using the hosted-engine deploy script. So far, so good, I can create VMs, I've had a few problems, but nothing I couldn't figure out.
What got me confused is the KeyCloak link with oVirt. My goal is to allow students to register to oVirt so that they can spin up VMs, images, and so on.
I've created a group in KeyCloak named "ovirt-student" that is automatically assigned to new users.
I have also linked oVirt to this group by going into the engine web UI and adding the group to oVirt's group list.
I have given system permissions to the ovirt-student group such as VMCreator. I've then tried to connect to a dummy user called "test". My results are as follows :
- The user does not seem to have the correct rights as it cannot create new VMs in the VM portal;
- The admin interface does not suggest the user is a part of the ovirt-student group;
However, when I add the test user to the ovirt-administrator group, no problem at all, the user is an admin, alright.
My question is as follows : what do I need to do so that the groups in KeyCloak and oVirt are synced ?
Thanks a lot,
TP
1 year, 10 months
VM disks & Logical Volume
by duparchy@esrf.fr
Hi,
Following the Daca Center and Cluster upgrade to 4.6 compatibility, LV volumes of VM disks are not there anymore.
How VM disks are accessed / mounted ?
1 year, 10 months
Storage Domain stuck in Maintainance mode
by kushagra.gupta@hsc.com
Hi Team,
I am new to oVirt.
I have installed version 4.4.10
I am trying to create a new Storage domain of type POSIX compliant FS type.
I have a ceph cluster configure on IPV6.
I was able to create the domain using the following link:
https://www.ovirt.org/documentation/administration_guide/#Understanding_S...
Eventhough the domain was created, it's stuck in maintenance mode.
On checking the engine.log
```
2023-01-04 14:58:14,422+05 ERROR [org.ovirt.engine.core.vdsbroker.irsbroker.DetachStorageDomainVDSCommand] (EE-ManagedThreadFactory-engine-Thread-8455) [22bc
4e1c-115b-45e3-839e-e47f7786eb0a] Failed in 'DetachStorageDomainVDS' method
2023-01-04 14:58:14,452+05 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engine-Thread-8455) [22bc4e1
c-115b-45e3-839e-e47f7786eb0a] EVENT_ID: IRS_BROKER_COMMAND_FAILURE(10,803), VDSM command DetachStorageDomainVDS failed: Storage domain does not exist: ('738
57322-c523-46ec-9d90-5d5451d51e93',)
2023-01-04 14:58:14,453+05 ERROR [org.ovirt.engine.core.vdsbroker.irsbroker.DetachStorageDomainVDSCommand] (EE-ManagedThreadFactory-engine-Thread-8455) [22bc4e1c-115b-45e3-839e-e47f7786eb0a] Command 'DetachStorageDomainVDSCommand( DetachStorageDomainVDSCommandParameters:{storagePoolId='537e6452-8b7a-11ed-a21c-00163e750630', ignoreFailoverLimit='false', storageDomainId='73857322-c523-46ec-9d90-5d5451d51e93', masterDomainId='00000000-0000-0000-0000-000000000000', masterVersion='1', force='false'})' execution failed: IRSGenericException: IRSErrorException: Failed to DetachStorageDomainVDS, error = Storage domain does not exist: ('73857322-c523-46ec-9d90-5d5451d51e93',), code = 358
2023-01-04 14:58:14,453+05 INFO [org.ovirt.engine.core.vdsbroker.irsbroker.DetachStorageDomainVDSCommand] (EE-ManagedThreadFactory-engine-Thread-8455) [22bc
4e1c-115b-45e3-839e-e47f7786eb0a] FINISH, DetachStorageDomainVDSCommand, return: , log id: fb86a82
2023-01-04 14:58:14,453+05 ERROR [org.ovirt.engine.core.bll.storage.domain.DetachStorageDomainFromPoolCommand] (EE-ManagedThreadFactory-engine-Thread-8455) [22bc4e1c-115b-45e3-839e-e47f7786eb0a] Command 'org.ovirt.engine.core.bll.storage.domain.DetachStorageDomainFromPoolCommand' failed: EngineException: org.ovirt.engine.core.vdsbroker.irsbroker.IrsOperationFailedNoFailoverException: IRSGenericException: IRSErrorException: Failed to DetachStorageDomainVDS, error = Storage domain does not exist: ('73857322-c523-46ec-9d90-5d5451d51e93',), code = 358 (Failed with error StorageDomainDoesNotExist and code 358)
2023-01-04 14:58:14,453+05 INFO [org.ovirt.engine.core.bll.CommandCompensator] (EE-ManagedThreadFactory-engine-Thread-8455) [22bc4e1c-115b-45e3-839e-e47f7786eb0a] Command [id=b2b2c6de-97b6-4e01-8589-fc4b22eeecb9]: Compensating CHANGED_STATUS_ONLY of org.ovirt.engine.core.common.businessentities.StoragePoolIsoMap; snapshot: EntityStatusSnapshot:{id='StoragePoolIsoMapId:{storagePoolId='537e6452-8b7a-11ed-a21c-00163e750630', storageId='73857322-c523-46ec-9d90-5d5451d51e93'}', status='Maintenance'}.
2023-01-04 14:58:14,555+05 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engine-Thread-8455) [22bc4e1c-115b-45e3-839e-e47f7786eb0a] EVENT_ID: USER_DETACH_STORAGE_DOMAIN_FROM_POOL_FAILED(965), Failed to detach Storage Domain POSIXDOMAIN from Data Center Default. (User: admin@internal-authz)
```
I tried the following link:
https://lists.ovirt.org/pipermail/users/2012-August/009044.html
But this also did not work.
On the other hand on the same ceph node configured NFS server and created a storage domain for that on ovirt and it became active immidiately.
Could anyone please help me out with this?
Thanks and Regards
Kushagra Gupta
1 year, 10 months
can't add user in GUI of Version 4.4
by stephane.beausoleil@cgi.com
hi,
on previous version of the ovirt manager we could had simple local users now the gui interface Add button does nothing?
What is going on.
For day to day management it is faster and easier then using the cli.
1 year, 10 months
aggregate multiple hosts
by csokasi.lehel@gmail.com
I would like to ask if it is possible to aggregate multiple hosts to a single virtual machine.
1 year, 10 months
user unlocked but remains locked on 4.4.10
by Gianluca Cecchi
Hello,
I have a user that had validity until end of last year.
He tried to access but now it gets locked.
I tried to password reset and/or unlock but he continues to get the message
that the account is locked.
And in fact I see
# ovirt-aaa-jdbc-tool user show myuser
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
-- User vale(485fc2a3-3faa-4e75-9965-b5a3067433e0) --
Namespace: *
Name: myuser
ID: 485fc2a3-3faa-4e75-9965-b5a3067433e0
Display Name: myuser
Email:
First Name: My
Last Name: User
Department:
Title:
Description:
Account Disabled: false
Account Locked: true
Account Unlocked At: 2023-01-12 10:30:00Z
Account Valid From: 2021-03-12 09:47:15Z
Account Valid To: 2221-03-12 09:47:15Z
Account Without Password: false
Last successful Login At: 2022-12-31 23:06:06Z
Last unsuccessful Login At: 2023-01-12 09:30:00Z
Password Valid To: 2023-12-31 23:59:59Z
#
How to get "Account Locked: false"? Any other method?
Tried sequence of commands:
# ovirt-aaa-jdbc-tool user password-reset myuser
--password-valid-to='2023-12-31 23:59:59Z' --force
# ovirt-aaa-jdbc-tool user unlock myuser
tried also to restart ovirt-engine service without luck
Thanks in advance,
Gianluca
1 year, 10 months
java code example for vdsm rpc client call
by yongshengmaa@126.com
Hello
I have compiled vdsm-jsonrpc-java and got the jar files. Now I need to access the vdsm server on ovirt node. Where can I find the Java example for the rpc calls?
Thanks!
1 year, 10 months
ovirt migrate vm's
by Sam zz
Just curious to know, Is it possible to migrate vm's from ovirt to plain qemu/kvm? Also, Does engine-cleanup delete the guest VM's?
1 year, 10 months
Virt-Viewer fullscreen multi-monitor dragging stops at edge
by jamie.briscoe@johnstonnc.com
In linux, using virt-viewer to connect to a windows vm in fullscreen with multiple monitors I can not drag windows across monitors. The mouse stops at the edge. I have to release the mouse, then click and drag the window again. I don't have that issue using windows as the client to connect to the vm. Anybody else have this issue?
1 year, 10 months
Floppy removed in Ovirt 4.4 and SysPrep not working
by raviteja
Hi Guys
Happy New Year. We recently upgraded our oVirt version from 4.3 to 4.4. We have noticed floppy is removed in run once mode. So We are unable to proceed with Automated customisation(Assigning hostname, IP address and setting initial login creds) of Windows VM's.
Anyone tried sysprep without floppy. We are using oVirt Ansible module for provisioning the VM and it uses a custom xml template(jinja2) for OS customization.
Thanks in Advance.
1 year, 10 months
