7:07 a.m.
Olá,
Estou tendo problemas para utilizar oVirt com IPA.
Abaixo se encontram os Logs e comandos utilizados.
Desde já agradeço por alguma sugestão.
********************************************************************* Ipa
Server - 10.30.0.25
LSB Version:
:base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 6.5 (Final)
Release: 6.5
Codename: Final
# rpm -qa | grep ipa
ipa-server-3.0.0-37.el6.x86_64
ipa-pki-ca-theme-9.0.3-7.el6.noarch
ipa-python-3.0.0-37.el6.x86_64
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-admintools-3.0.0-37.el6.x86_64
ipa-server-selinux-3.0.0-37.el6.x86_64
ipa-client-3.0.0-37.el6.x86_64
# dig _kerberos._tcp.din.uem.br
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>>
_kerberos._
tcp.din.uem.br
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34293
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;_kerberos._tcp.din.uem.br. IN A
;; AUTHORITY SECTION:
din.uem.br. 3600 IN SOA ns1.din.uem.br. root.din.uem.br. 2014100841 1800
900 60480 3600
;; Query time: 1 msec
;; SERVER: 186.233.152.33#53(186.233.152.33)
;; WHEN: Thu Oct 9 14:19:05 2014
;; MSG SIZE rcvd: 88
# dig _ldap._tcp.din.uem.br
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>>
_ldap._tcp.din.uem.br
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21167
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;_ldap._tcp.din.uem.br. IN A
;; AUTHORITY SECTION:
din.uem.br. 3600 IN SOA ns1.din.uem.br. root.din.uem.br. 2014100841 1800
900 60480 3600
;; Query time: 1 msec
;; SERVER: 186.233.152.33#53(186.233.152.33)
;; WHEN: Thu Oct 9 14:20:16 2014
;; MSG SIZE rcvd: 84
/var/log/dirsrv/slapd-DIN-UEM-BR/access
-------------------------------------------------------------------------------------------------------------------------
conn=3 op=210 SRCH base="dc=din,dc=uem,dc=br" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=
admin(a)DIN.UEM.BR))" attrs="krbPrincipalName krbCanonicalName
ipaKrbPrincipalAlias krbUPEnabled k
conn=3 op=210 RESULT err=0 tag=101 nentries=1 etime=0
conn=3 op=211 SRCH base="cn=DIN.UEM.BR,cn=kerberos,dc=din,dc=uem,dc=br"
scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
conn=3 op=211 RESULT err=0 tag=101 nentries=1 etime=0
conn=3 op=212 SRCH base="dc=din,dc=uem,dc=br" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/
DIN.UEM.BR(a)DIN.UEM.BR)(krbPrincipalName=krbtgt/DIN.UEM
conn=3 op=212 RESULT err=0 tag=101 nentries=1 etime=0
conn=3 op=213 SRCH
base="cn=global_policy,cn=DIN.UEM.BR,cn=kerberos,dc=din,dc=uem,dc=br"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdF
conn=3 op=213 RESULT err=0 tag=101 nentries=1 etime=0
conn=50 fd=66 slot=66 connection from 10.30.0.23 to 10.30.0.25
conn=50 op=-1 fd=66 closed error 34 (Numerical result out of range) - B2
/var/log/ovirt-engine/engine-manage-domains.log
-------------------------------------------------------------------------------------------------------------------------
2014-10-09 11:23:05,901 INFO [org.ovirt.engine.core.utils.LocalConfig]
Loaded file
"/usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.conf".
2014-10-09 11:23:05,903 INFO [org.ovirt.engine.core.utils.LocalConfig] The
file "/etc/ovirt-engine/engine.conf" doesn't exist or isn't readable.
Will
return an empty set of properties.
2014-10-09 11:23:05,904 INFO [org.ovirt.engine.core.utils.LocalConfig]
Loaded file "/etc/ovirt-engine/engine.conf.d/10-setup-database.conf".
2014-10-09 11:23:05,905 INFO [org.ovirt.engine.core.utils.LocalConfig]
Loaded file "/etc/ovirt-engine/engine.conf.d/10-setup-jboss.conf".
2014-10-09 11:23:05,906 INFO [org.ovirt.engine.core.utils.LocalConfig]
Loaded file "/etc/ovirt-engine/engine.conf.d/10-setup-pki.conf".
2014-10-09 11:23:05,907 INFO [org.ovirt.engine.core.utils.LocalConfig]
Loaded file "/etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf".
2014-10-09 11:23:05,908 INFO [org.ovirt.engine.core.utils.LocalConfig]
Loaded file "/etc/ovirt-engine/engine.conf.d/20-ovirt-engine-reports.conf".
2014-10-09 11:23:05,909 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_AJP_ENABLED" is "true".
2014-10-09 11:23:05,909 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_AJP_PORT" is "8702".
2014-10-09 11:23:05,909 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_APPS" is "engine.ear
"/var/lib/ovirt-engine-reports/ovirt-engine-reports.war"".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_CACHE" is "/var/cache/ovirt-engine".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_CHECK_INTERVAL" is "1000".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_CONNECTION_TIMEOUT" is "300000".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_DATABASE" is "engine".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_DRIVER" is "org.postgresql.Driver".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_HOST" is "localhost".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_MAX_CONNECTIONS" is "100".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_MIN_CONNECTIONS" is "1".
2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_PASSWORD" is "***".
2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_PORT" is "5432".
2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_SECURED" is "False".
2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_SECURED_VALIDATION" is "False".
2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_URL" is
"jdbc:postgresql://localhost:5432/engine?sslfactory=org.postgresql.ssl.NonValidatingFactory".
2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_USER" is "engine".
2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DEBUG_ADDRESS" is "".
2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DOC" is "/usr/share/doc/ovirt-engine".
2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_ETC" is "/etc/ovirt-engine".
2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_FQDN" is "ovirtm.din.uem.br".
2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_GROUP" is "ovirt".
2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_HEAP_MAX" is "1g".
2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_HEAP_MIN" is "1g".
2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_HTTPS_ENABLED" is "false".
2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_HTTPS_PORT" is "None".
2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_HTTPS_PROTOCOLS" is
"SSLv3,TLSv1,TLSv1.1,TLSv1.2".
2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_HTTP_ENABLED" is "false".
2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_HTTP_PORT" is "None".
2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_JAVA_MODULEPATH" is
"/usr/share/ovirt-engine/modules:/var/lib/ovirt-engine-reports/modules".
2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_JVM_ARGS" is " -XX:+HeapDumpOnOutOfMemoryError
-XX:HeapDumpPath="/var/log/ovirt-engine/dump"".
2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_LOG" is "/var/log/ovirt-engine".
2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_LOG_TO_CONSOLE" is "false".
2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_MANUAL" is
"/usr/share/ovirt-engine/manual".
2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PERM_MAX" is "256m".
2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PERM_MIN" is "256m".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PKI" is "/etc/pki/ovirt-engine".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PKI_CA" is "/etc/pki/ovirt-engine/ca.pem".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PKI_ENGINE_CERT" is
"/etc/pki/ovirt-engine/certs/engine.cer".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PKI_ENGINE_STORE" is
"/etc/pki/ovirt-engine/keys/engine.p12".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PKI_ENGINE_STORE_ALIAS" is "1".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PKI_ENGINE_STORE_PASSWORD" is "***".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PKI_TRUST_STORE" is
"/etc/pki/ovirt-engine/.truststore".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PKI_TRUST_STORE_PASSWORD" is "***".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PROPERTIES" is "
jsse.enableSNIExtension=false".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PROXY_ENABLED" is "true".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PROXY_HTTPS_PORT" is "443".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PROXY_HTTP_PORT" is "80".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_REPORTS_UI" is
"/var/lib/ovirt-engine/reports.xml".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_STOP_INTERVAL" is "1".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_STOP_TIME" is "10".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_TMP" is "/var/tmp/ovirt-engine".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_UP_MARK" is
"/var/lib/ovirt-engine/engine.up".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_URI" is "/ovirt-engine".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_USER" is "ovirt".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_USR" is "/usr/share/ovirt-engine".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_VAR" is "/var/lib/ovirt-engine".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_VERBOSE_GC" is "false".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "JBOSS_HOME" is "/usr/share/jboss-as".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "SENSITIVE_KEYS" is
",ENGINE_DB_PASSWORD,ENGINE_PKI_TRUST_STORE_PASSWORD,ENGINE_PKI_ENGINE_STORE_PASSWORD".
2014-10-09 11:23:39,328 INFO [org.ovirt.engine.core.domains.ManageDomains]
Creating kerberos configuration for domain(s): din.uem.br
2014-10-09 11:23:39,357 INFO [org.ovirt.engine.core.domains.ManageDomains]
Successfully created kerberos configuration for domain(s): din.uem.br
2014-10-09 11:23:39,357 INFO [org.ovirt.engine.core.domains.ManageDomains]
Testing kerberos configuration for domain: din.uem.br
2014-10-09 11:23:39,572 ERROR
[org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck] Error:
exception message: Cannot get a KDC reply
2014-10-09 11:23:39,577 ERROR [org.ovirt.engine.core.domains.ManageDomains]
Failure while testing domain din.uem.br. Details: Kerberos error. Please
check log for further details.
********************************************************************* oVirt
Manager - 10.30.0.23
LSB Version:
:base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 6.5 (Final)
Release: 6.5
Codename: Final
# rpm -qa | grep -i ovirt
ovirt-engine-dwh-setup-3.4.0-2.el6.noarch
ovirt-engine-dwh-3.4.0-2.el6.noarch
ovirt-hosted-engine-ha-1.1.2-1.el6.noarch
ovirt-engine-setup-plugin-websocket-proxy-3.4.0-1.el6.noarch
ovirt-engine-cli-3.4.0.5-1.el6.noarch
ovirt-engine-restapi-3.4.0-1.el6.noarch
ovirt-engine-dbscripts-3.4.0-1.el6.noarch
ovirt-release-11.2.0-1.noarch
ovirt-engine-sdk-python-3.4.0.7-1.el6.noarch
ovirt-host-deploy-1.2.0-1.el6.noarch
ovirt-engine-reports-setup-3.4.0-2.el6.noarch
ovirt-engine-lib-3.4.0-1.el6.noarch
ovirt-engine-websocket-proxy-3.4.0-1.el6.noarch
ovirt-log-collector-3.4.1-1.el6.noarch
ovirt-engine-setup-plugin-ovirt-engine-common-3.4.0-1.el6.noarch
ovirt-host-deploy-java-1.2.0-1.el6.noarch
ovirt-engine-tools-3.4.0-1.el6.noarch
ovirt-engine-userportal-3.4.0-1.el6.noarch
ovirt-engine-setup-plugin-ovirt-engine-3.4.0-1.el6.noarch
ovirt-engine-backend-3.4.0-1.el6.noarch
ovirt-engine-reports-3.4.0-2.el6.noarch
ovirt-engine-setup-base-3.4.0-1.el6.noarch
ovirt-iso-uploader-3.4.0-1.el6.noarch
ovirt-image-uploader-3.4.0-1.el6.noarch
ovirt-engine-webadmin-portal-3.4.0-1.el6.noarch
ovirt-engine-setup-3.4.0-1.el6.noarch
ovirt-engine-3.4.0-1.el6.noarch
engine-manage-domains add --domain=din.uem.br --provider=ipa --user=admin
Enter password:
Error: exception message: Cannot get a KDC reply
Failure while testing domain din.uem.br. Details: Kerberos error. Please
check log for further details.
At. Donato.
--
Ao encaminhar esta mensagem, por favor:
1. Apague o meu e-mail e o meu nome.
2. Apague também os endereços dos amigos antes de reenviar
3. Use Cco ou Bcc para enviar mensagens!
Dificulte a disseminação de vírus e spam.
7:38 a.m.
Parece que aqui na users-pt ninguém tem muita experiência com oVirt+IPA.
Espero que tenhas mais sorte na users. Se ninguém ajudar, abre um
bugzilla que algum devel vai ter que olhar pra esse problema. Seria
legal tb se você pudesse testar com o 3.5rc5 pra ver se o problema persiste.
On 10/10/2014 09:07 AM, Marcelo Donato wrote:
Olá,
Estou tendo problemas para utilizar oVirt com IPA.
Abaixo se encontram os Logs e comandos utilizados.
Desde já agradeço por alguma sugestão.
*********************************************************************
Ipa Server - 10.30.0.25
LSB Version:
:base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 6.5 (Final)
Release: 6.5
Codename: Final
# rpm -qa | grep ipa
ipa-server-3.0.0-37.el6.x86_64
ipa-pki-ca-theme-9.0.3-7.el6.noarch
ipa-python-3.0.0-37.el6.x86_64
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-admintools-3.0.0-37.el6.x86_64
ipa-server-selinux-3.0.0-37.el6.x86_64
ipa-client-3.0.0-37.el6.x86_64
# dig _kerberos._tcp.din.uem.br <http://tcp.din.uem.br>
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>>
_kerberos._tcp.din.uem.br <http://tcp.din.uem.br>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34293
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;_kerberos._tcp.din.uem.br <http://tcp.din.uem.br>.INA
;; AUTHORITY SECTION:
din.uem.br <http://din.uem.br>.3600INSOAns1.din.uem.br
<http://ns1.din.uem.br>;. root.din.uem.br <http://root.din.uem.br>;.
2014100841 1800 900 60480 3600
;; Query time: 1 msec
;; SERVER: 186.233.152.33#53(186.233.152.33)
;; WHEN: Thu Oct 9 14:19:05 2014
;; MSG SIZE rcvd: 88
# dig _ldap._tcp.din.uem.br <http://tcp.din.uem.br>
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>>
_ldap._tcp.din.uem.br <http://tcp.din.uem.br>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21167
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;_ldap._tcp.din.uem.br <http://tcp.din.uem.br>.INA
;; AUTHORITY SECTION:
din.uem.br <http://din.uem.br>.3600INSOAns1.din.uem.br
<http://ns1.din.uem.br>;. root.din.uem.br <http://root.din.uem.br>;.
2014100841 1800 900 60480 3600
;; Query time: 1 msec
;; SERVER: 186.233.152.33#53(186.233.152.33)
;; WHEN: Thu Oct 9 14:20:16 2014
;; MSG SIZE rcvd: 84
/var/log/dirsrv/slapd-DIN-UEM-BR/access
-------------------------------------------------------------------------------------------------------------------------
conn=3 op=210 SRCH base="dc=din,dc=uem,dc=br" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=admin(a)DIN.UEM.BR
<mailto:admin@DIN.UEM.BR>))" attrs="krbPrincipalName krbCanonicalName
ipaKrbPrincipalAlias krbUPEnabled k
conn=3 op=210 RESULT err=0 tag=101 nentries=1 etime=0
conn=3 op=211 SRCH base="cn=DIN.UEM.BR
<http://DIN.UEM.BR>,cn=kerberos,dc=din,dc=uem,dc=br" scope=0
filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
conn=3 op=211 RESULT err=0 tag=101 nentries=1 etime=0
conn=3 op=212 SRCH base="dc=din,dc=uem,dc=br" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/DIN.UEM.BR(a)DIN.UEM.BR
<mailto:DIN.UEM.BR@DIN.UEM.BR>)(krbPrincipalName=krbtgt/DIN.UEM
conn=3 op=212 RESULT err=0 tag=101 nentries=1 etime=0
conn=3 op=213 SRCH base="cn=global_policy,cn=DIN.UEM.BR
<http://DIN.UEM.BR>,cn=kerberos,dc=din,dc=uem,dc=br" scope=0
filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength
krbPwdMaxFailure krbPwdF
conn=3 op=213 RESULT err=0 tag=101 nentries=1 etime=0
conn=50 fd=66 slot=66 connection from 10.30.0.23 to 10.30.0.25
conn=50 op=-1 fd=66 closed error 34 (Numerical result out of range) - B2
/var/log/ovirt-engine/engine-manage-domains.log
-------------------------------------------------------------------------------------------------------------------------
2014-10-09 11:23:05,901 INFO
[org.ovirt.engine.core.utils.LocalConfig] Loaded file
"/usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.conf".
2014-10-09 11:23:05,903 INFO
[org.ovirt.engine.core.utils.LocalConfig] The file
"/etc/ovirt-engine/engine.conf" doesn't exist or isn't readable. Will
return an empty set of properties.
2014-10-09 11:23:05,904 INFO
[org.ovirt.engine.core.utils.LocalConfig] Loaded file
"/etc/ovirt-engine/engine.conf.d/10-setup-database.conf".
2014-10-09 11:23:05,905 INFO
[org.ovirt.engine.core.utils.LocalConfig] Loaded file
"/etc/ovirt-engine/engine.conf.d/10-setup-jboss.conf".
2014-10-09 11:23:05,906 INFO
[org.ovirt.engine.core.utils.LocalConfig] Loaded file
"/etc/ovirt-engine/engine.conf.d/10-setup-pki.conf".
2014-10-09 11:23:05,907 INFO
[org.ovirt.engine.core.utils.LocalConfig] Loaded file
"/etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf".
2014-10-09 11:23:05,908 INFO
[org.ovirt.engine.core.utils.LocalConfig] Loaded file
"/etc/ovirt-engine/engine.conf.d/20-ovirt-engine-reports.conf".
2014-10-09 11:23:05,909 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_AJP_ENABLED" is "true".
2014-10-09 11:23:05,909 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_AJP_PORT" is "8702".
2014-10-09 11:23:05,909 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_APPS" is "engine.ear
"/var/lib/ovirt-engine-reports/ovirt-engine-reports.war"".
2014-10-09 11:23:05,910 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_CACHE" is "/var/cache/ovirt-engine".
2014-10-09 11:23:05,910 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_DB_CHECK_INTERVAL" is "1000".
2014-10-09 11:23:05,910 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_DB_CONNECTION_TIMEOUT" is "300000".
2014-10-09 11:23:05,910 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_DB_DATABASE" is "engine".
2014-10-09 11:23:05,910 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_DB_DRIVER" is "org.postgresql.Driver".
2014-10-09 11:23:05,910 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_DB_HOST" is "localhost".
2014-10-09 11:23:05,910 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_DB_MAX_CONNECTIONS" is "100".
2014-10-09 11:23:05,910 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_DB_MIN_CONNECTIONS" is "1".
2014-10-09 11:23:05,911 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_DB_PASSWORD" is "***".
2014-10-09 11:23:05,911 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_DB_PORT" is "5432".
2014-10-09 11:23:05,911 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_DB_SECURED" is "False".
2014-10-09 11:23:05,911 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_DB_SECURED_VALIDATION" is "False".
2014-10-09 11:23:05,911 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_DB_URL" is
"jdbc:postgresql://localhost:5432/engine?sslfactory=org.postgresql.ssl.NonValidatingFactory".
2014-10-09 11:23:05,911 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_DB_USER" is "engine".
2014-10-09 11:23:05,912 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_DEBUG_ADDRESS" is "".
2014-10-09 11:23:05,912 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_DOC" is "/usr/share/doc/ovirt-engine".
2014-10-09 11:23:05,912 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_ETC" is "/etc/ovirt-engine".
2014-10-09 11:23:05,912 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_FQDN" is "ovirtm.din.uem.br
<http://ovirtm.din.uem.br>";.
2014-10-09 11:23:05,912 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_GROUP" is "ovirt".
2014-10-09 11:23:05,912 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_HEAP_MAX" is "1g".
2014-10-09 11:23:05,913 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_HEAP_MIN" is "1g".
2014-10-09 11:23:05,913 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_HTTPS_ENABLED" is "false".
2014-10-09 11:23:05,913 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_HTTPS_PORT" is "None".
2014-10-09 11:23:05,913 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_HTTPS_PROTOCOLS" is "SSLv3,TLSv1,TLSv1.1,TLSv1.2".
2014-10-09 11:23:05,913 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_HTTP_ENABLED" is "false".
2014-10-09 11:23:05,913 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_HTTP_PORT" is "None".
2014-10-09 11:23:05,914 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_JAVA_MODULEPATH" is
"/usr/share/ovirt-engine/modules:/var/lib/ovirt-engine-reports/modules".
2014-10-09 11:23:05,914 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_JVM_ARGS" is " -XX:+HeapDumpOnOutOfMemoryError
-XX:HeapDumpPath="/var/log/ovirt-engine/dump"".
2014-10-09 11:23:05,914 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_LOG" is "/var/log/ovirt-engine".
2014-10-09 11:23:05,914 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_LOG_TO_CONSOLE" is "false".
2014-10-09 11:23:05,914 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_MANUAL" is "/usr/share/ovirt-engine/manual".
2014-10-09 11:23:05,914 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_PERM_MAX" is "256m".
2014-10-09 11:23:05,914 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_PERM_MIN" is "256m".
2014-10-09 11:23:05,915 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_PKI" is "/etc/pki/ovirt-engine".
2014-10-09 11:23:05,915 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_PKI_CA" is "/etc/pki/ovirt-engine/ca.pem".
2014-10-09 11:23:05,915 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_PKI_ENGINE_CERT" is
"/etc/pki/ovirt-engine/certs/engine.cer".
2014-10-09 11:23:05,915 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_PKI_ENGINE_STORE" is
"/etc/pki/ovirt-engine/keys/engine.p12".
2014-10-09 11:23:05,915 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_PKI_ENGINE_STORE_ALIAS" is "1".
2014-10-09 11:23:05,915 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_PKI_ENGINE_STORE_PASSWORD" is "***".
2014-10-09 11:23:05,915 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_PKI_TRUST_STORE" is "/etc/pki/ovirt-engine/.truststore".
2014-10-09 11:23:05,915 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_PKI_TRUST_STORE_PASSWORD" is "***".
2014-10-09 11:23:05,916 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_PROPERTIES" is " jsse.enableSNIExtension=false".
2014-10-09 11:23:05,916 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_PROXY_ENABLED" is "true".
2014-10-09 11:23:05,916 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_PROXY_HTTPS_PORT" is "443".
2014-10-09 11:23:05,916 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_PROXY_HTTP_PORT" is "80".
2014-10-09 11:23:05,916 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_REPORTS_UI" is "/var/lib/ovirt-engine/reports.xml".
2014-10-09 11:23:05,916 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_STOP_INTERVAL" is "1".
2014-10-09 11:23:05,916 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_STOP_TIME" is "10".
2014-10-09 11:23:05,916 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_TMP" is "/var/tmp/ovirt-engine".
2014-10-09 11:23:05,917 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_UP_MARK" is "/var/lib/ovirt-engine/engine.up".
2014-10-09 11:23:05,917 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_URI" is "/ovirt-engine".
2014-10-09 11:23:05,917 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_USER" is "ovirt".
2014-10-09 11:23:05,917 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_USR" is "/usr/share/ovirt-engine".
2014-10-09 11:23:05,917 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_VAR" is "/var/lib/ovirt-engine".
2014-10-09 11:23:05,917 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"ENGINE_VERBOSE_GC" is "false".
2014-10-09 11:23:05,917 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"JBOSS_HOME" is "/usr/share/jboss-as".
2014-10-09 11:23:05,917 INFO
[org.ovirt.engine.core.utils.LocalConfig] Value of property
"SENSITIVE_KEYS" is
",ENGINE_DB_PASSWORD,ENGINE_PKI_TRUST_STORE_PASSWORD,ENGINE_PKI_ENGINE_STORE_PASSWORD".
2014-10-09 11:23:39,328 INFO
[org.ovirt.engine.core.domains.ManageDomains] Creating kerberos
configuration for domain(s): din.uem.br <http://din.uem.br>
2014-10-09 11:23:39,357 INFO
[org.ovirt.engine.core.domains.ManageDomains] Successfully created
kerberos configuration for domain(s): din.uem.br <http://din.uem.br>
2014-10-09 11:23:39,357 INFO
[org.ovirt.engine.core.domains.ManageDomains] Testing kerberos
configuration for domain: din.uem.br <http://din.uem.br>
2014-10-09 11:23:39,572 ERROR
[org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck] Error:
exception message: Cannot get a KDC reply
2014-10-09 11:23:39,577 ERROR
[org.ovirt.engine.core.domains.ManageDomains] Failure while testing
domain din.uem.br <http://din.uem.br>;. Details: Kerberos error. Please
check log for further details.
*********************************************************************
oVirt Manager - 10.30.0.23
LSB Version:
:base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 6.5 (Final)
Release: 6.5
Codename: Final
# rpm -qa | grep -i ovirt
ovirt-engine-dwh-setup-3.4.0-2.el6.noarch
ovirt-engine-dwh-3.4.0-2.el6.noarch
ovirt-hosted-engine-ha-1.1.2-1.el6.noarch
ovirt-engine-setup-plugin-websocket-proxy-3.4.0-1.el6.noarch
ovirt-engine-cli-3.4.0.5-1.el6.noarch
ovirt-engine-restapi-3.4.0-1.el6.noarch
ovirt-engine-dbscripts-3.4.0-1.el6.noarch
ovirt-release-11.2.0-1.noarch
ovirt-engine-sdk-python-3.4.0.7-1.el6.noarch
ovirt-host-deploy-1.2.0-1.el6.noarch
ovirt-engine-reports-setup-3.4.0-2.el6.noarch
ovirt-engine-lib-3.4.0-1.el6.noarch
ovirt-engine-websocket-proxy-3.4.0-1.el6.noarch
ovirt-log-collector-3.4.1-1.el6.noarch
ovirt-engine-setup-plugin-ovirt-engine-common-3.4.0-1.el6.noarch
ovirt-host-deploy-java-1.2.0-1.el6.noarch
ovirt-engine-tools-3.4.0-1.el6.noarch
ovirt-engine-userportal-3.4.0-1.el6.noarch
ovirt-engine-setup-plugin-ovirt-engine-3.4.0-1.el6.noarch
ovirt-engine-backend-3.4.0-1.el6.noarch
ovirt-engine-reports-3.4.0-2.el6.noarch
ovirt-engine-setup-base-3.4.0-1.el6.noarch
ovirt-iso-uploader-3.4.0-1.el6.noarch
ovirt-image-uploader-3.4.0-1.el6.noarch
ovirt-engine-webadmin-portal-3.4.0-1.el6.noarch
ovirt-engine-setup-3.4.0-1.el6.noarch
ovirt-engine-3.4.0-1.el6.noarch
engine-manage-domains add --domain=din.uem.br <http://din.uem.br>
--provider=ipa --user=admin
Enter password:
Error: exception message: Cannot get a KDC reply
Failure while testing domain din.uem.br <http://din.uem.br>;. Details:
Kerberos error. Please check log for further details.
At. Donato.
--
Ao encaminhar esta mensagem, por favor:
1. Apague o meu e-mail e o meu nome.
2. Apague também os endereços dos amigos antes de reenviar
3. Use Cco ou Bcc para enviar mensagens!
Dificulte a disseminação de vírus e spam.
_______________________________________________
Users-pt mailing list
Users-pt(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users-pt
8:56 a.m.
Seguindo a sugestão do Amador, fui para a versão 3.5 do oVirt já que na 3.4
não tive sucesso.
Na nova versão, oVirt e FreeIpa trabalhando perfeitamente em conjunto.
Abaixo a solução para a questão.
Mais uma vez agradeço ao Amador, tanto pela sugestão quanto pela atenção, e
ao Alon Bar que resolveu o problema.
#####################################################
Resolved By "Alon Bar-Lev" <alonbl(a)redhat.com>
1. install ovirt-engine-extension-aaa-ldap, it is available in
ovirt-3.5-snapshots repository.
2. create /etc/ovirt-engine/extensions.d/din.intranet-authz.properties
ovirt.engine.extension.name = din-intranet-authz
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engineextensions.aaa.ldap.AuthzExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 = /etc/ovirt-engine/aaa/din.intranet.properties
3. create /etc/ovirt-engine/extensions.d/din.intranet-authn.properties
ovirt.engine.extension.name = din-intranet-authn
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engineextensions.aaa.ldap.AuthnExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
ovirt.engine.aaa.authn.profile.name = din.intranet
ovirt.engine.aaa.authn.authz.plugin = din-intranet-authz
config.profile.file.1 = /etc/ovirt-engine/aaa/din.intranet.properties
4. create /etc/ovirt-engine/aaa/din.intranet.properties
include = <ipa.properties>
vars.user = uid=admin,cn=users,cn=accounts,dc=din,dc=intranet
vars.password = 123456
vars.server = ipa1.din.intranet
pool.default.serverset.single.server = ${global:vars.server}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
5. restart engine.
--
Ao encaminhar esta mensagem, por favor:
1. Apague o meu e-mail e o meu nome.
2. Apague também os endereços dos amigos antes de reenviar
3. Use Cco ou Bcc para enviar mensagens!
Dificulte a disseminação de vírus e spam.
11:47 a.m.
Legal Marcelo,
Depois do ultimo update do IPA, ele parou de funcionar para o oVirt 3.4.
O oVirt 3.4 tinha os métodos de acesso hard-coded, dificultando a
alteração de qualquer método de conexão. Com o oVirt 3.5 e a nova
estrutura de AAA que o Alon desenvolveu, que permite adicionarmos
qualquer provedor de autenticação e customizar da forma que precisarmos,
o oVirt ficou bem mais flexível.
Ótimo que isso resolveu seu problema. Você se importa de escrever um
post sobre isso? Podemos colocar na wiki do projeto.
On 10/31/2014 10:56 AM, Marcelo Donato wrote:
Seguindo a sugestão do Amador, fui para a versão 3.5 do oVirt já que
na 3.4 não tive sucesso.
Na nova versão, oVirt e FreeIpa trabalhando perfeitamente em conjunto.
Abaixo a solução para a questão.
Mais uma vez agradeço ao Amador, tanto pela sugestão quanto pela
atenção, e ao Alon Bar que resolveu o problema.
#####################################################
Resolved By "Alon Bar-Lev" <alonbl(a)redhat.com
<mailto:alonbl@redhat.com>>
1. install ovirt-engine-extension-aaa-ldap, it is available in
ovirt-3.5-snapshots repository.
2. create /etc/ovirt-engine/extensions.d/din.intranet-authz.properties
ovirt.engine.extension.name <http://ovirt.engine.extension.name/> =
din-intranet-authz
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engineextensions.aaa.ldap.AuthzExtension
ovirt.engine.extension.provides =
org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 = /etc/ovirt-engine/aaa/din.intranet.properties
3. create /etc/ovirt-engine/extensions.d/din.intranet-authn.properties
ovirt.engine.extension.name <http://ovirt.engine.extension.name/> =
din-intranet-authn
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engineextensions.aaa.ldap.AuthnExtension
ovirt.engine.extension.provides =
org.ovirt.engine.api.extensions.aaa.Authn
ovirt.engine.aaa.authn.profile.name
<http://ovirt.engine.aaa.authn.profile.name/> = din.intranet
ovirt.engine.aaa.authn.authz.plugin = din-intranet-authz
config.profile.file.1 = /etc/ovirt-engine/aaa/din.intranet.properties
4. create /etc/ovirt-engine/aaa/din.intranet.properties
include = <ipa.properties>
vars.user = uid=admin,cn=users,cn=accounts,dc=din,dc=intranet
vars.password = 123456
vars.server = ipa1.din.intranet
pool.default.serverset.single.server = ${global:vars.server}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
5. restart engine.
--
Ao encaminhar esta mensagem, por favor:
1. Apague o meu e-mail e o meu nome.
2. Apague também os endereços dos amigos antes de reenviar
3. Use Cco ou Bcc para enviar mensagens!
Dificulte a disseminação de vírus e spam.
4:37 p.m.
Marcelo,
Parabéns, ficou ótima a sua solução estou fazendo um deploy do oVirt 3.5
+ Glusterfs 3.5.2 + CTDB 2.5.1 em alguns hosts físicos e esta ficando
legal, após finalizar e ter todos as questões de HA resolvidas e tudo
alinhado compartilharei aqui na lista tb.
Cheers,
firemanxbr
2014-10-31 14:47 GMT-02:00 Amador Pahim <apahim(a)redhat.com>:
Legal Marcelo,
Depois do ultimo update do IPA, ele parou de funcionar para o oVirt 3.4. O
oVirt 3.4 tinha os métodos de acesso hard-coded, dificultando a alteração
de qualquer método de conexão. Com o oVirt 3.5 e a nova estrutura de AAA
que o Alon desenvolveu, que permite adicionarmos qualquer provedor de
autenticação e customizar da forma que precisarmos, o oVirt ficou bem mais
flexível.
Ótimo que isso resolveu seu problema. Você se importa de escrever um post
sobre isso? Podemos colocar na wiki do projeto.
On 10/31/2014 10:56 AM, Marcelo Donato wrote:
Seguindo a sugestão do Amador, fui para a versão 3.5 do oVirt já que na
3.4 não tive sucesso.
Na nova versão, oVirt e FreeIpa trabalhando perfeitamente em conjunto.
Abaixo a solução para a questão.
Mais uma vez agradeço ao Amador, tanto pela sugestão quanto pela
atenção, e ao Alon Bar que resolveu o problema.
#####################################################
Resolved By "Alon Bar-Lev" <alonbl(a)redhat.com>
1. install ovirt-engine-extension-aaa-ldap, it is available in
ovirt-3.5-snapshots repository.
2. create /etc/ovirt-engine/extensions.d/din.intranet-authz.properties
ovirt.engine.extension.name = din-intranet-authz
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engineextensions.aaa.ldap.AuthzExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.
extensions.aaa.Authz
config.profile.file.1 = /etc/ovirt-engine/aaa/din.intranet.properties
3. create /etc/ovirt-engine/extensions.d/din.intranet-authn.properties
ovirt.engine.extension.name = din-intranet-authn
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engineextensions.aaa.ldap.AuthnExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.
extensions.aaa.Authn
ovirt.engine.aaa.authn.profile.name = din.intranet
ovirt.engine.aaa.authn.authz.plugin = din-intranet-authz
config.profile.file.1 = /etc/ovirt-engine/aaa/din.intranet.properties
4. create /etc/ovirt-engine/aaa/din.intranet.properties
include = <ipa.properties>
vars.user = uid=admin,cn=users,cn=accounts,dc=din,dc=intranet
vars.password = 123456
vars.server = ipa1.din.intranet
pool.default.serverset.single.server = ${global:vars.server}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
5. restart engine.
--
Ao encaminhar esta mensagem, por favor:
1. Apague o meu e-mail e o meu nome.
2. Apague também os endereços dos amigos antes de reenviar
3. Use Cco ou Bcc para enviar mensagens!
Dificulte a disseminação de vírus e spam.
_______________________________________________
Users-pt mailing list
Users-pt(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users-pt
3458
days inactive
3479
days old
4 comments
3 participants
participants (3)
-
Amador Pahim -
Marcelo Barbosa -
Marcelo Donato