ovirtvm-console : Failed to execute login on behalf - for user
by Nathanaël Blanchet
This is a multi-part message in MIME format.
--------------BB4C4DF1A3B16FBCD0105975
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Hi,
with 4.1 beta2, I try to use ovirtvm-console with my AD imported account=20
with issue "Failed to execute login on behalf - for user xxx".
* I can login with name into the webadmin as a superuser.
* I don't meet any issue with 4.0.x
* whatever the pub key is it is the same
* All other AD and local accounts work as expected with ovirtvm-console
Regarding the engine logs, it seems that some character of my name are=20
not recognized:
2017-01-09 17:35:52,014+01 ERROR=20
[org.ovirt.engine.core.sso.utils.SsoUtils] (default task-29) []=20
OAuthException server_error: java.text.ParseException: Invalid character=20
' ' encountered.
2017-01-09 17:35:52,016+01 ERROR=20
[org.ovirt.engine.core.bll.aaa.LoginOnBehalfCommand] (default task-1)=20
[50439863] Unable to create engine session: EngineException: user=20
sblanchet(a)levant.abes.fr in domain 'abes.fr-authz (Failed with error=20
PRINCIPAL_NOT_FOUND and code 5200)
2017-01-09 17:35:52,024+01 ERROR=20
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]=20
(default task-1) [50439863] Correlation ID: 50439863, Call Stack: null,=20
Custom Event ID: -1, Message: Failed to execute login on behalf - for=20
user sblanchet(a)levant.abes.fr.
2017-01-09 17:35:52,025+01 ERROR=20
[org.ovirt.engine.core.services.VMConsoleProxyServlet] (default task-1)=20
[50439863] Error processing request: : java.lang.RuntimeException:=20
Unable to create session using LoginOnBehalf
--=20
Nathana=C3=ABl Blanchet
Supervision r=C3=A9seau
P=C3=B4le Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5 =09
T=C3=A9l. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
blanchet(a)abes.fr
--------------BB4C4DF1A3B16FBCD0105975
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"content-type" content=3D"text/html; charset=3Dutf=
-8">
</head>
<body text=3D"#000000" bgcolor=3D"#FFFFFF">
<p>Hi,</p>
<p>with 4.1 beta2, I try to use ovirtvm-console with my AD imported
account with issue "Failed to execute login on behalf - for user
xxx". <br>
</p>
<ul>
<li>I can login with name into the webadmin as a superuser.<br>
</li>
<li>I don't meet any issue with 4.0.x <br>
</li>
<li>whatever the pub key is it is the same</li>
<li>All other AD and local accounts work as expected with
ovirtvm-console</li>
</ul>
<p>Regarding the engine logs, it seems that some character of my
name are not recognized:</p>
<p>2017-01-09 17:35:52,014+01 ERROR
[org.ovirt.engine.core.sso.utils.SsoUtils] (default task-29) []
OAuthException server_error: java.text.ParseException: Invalid
character ' ' encountered.<br>
2017-01-09 17:35:52,016+01 ERROR
[org.ovirt.engine.core.bll.aaa.LoginOnBehalfCommand] (default
task-1) [50439863] Unable to create engine session:
EngineException:=C2=A0 user <a class=3D"moz-txt-link-abbreviated" h=
ref=3D"mailto:sblanchet@levant.abes.fr">sblanchet(a)levant.abes.fr</a> in d=
omain
'abes.fr-authz (Failed with error PRINCIPAL_NOT_FOUND and code
5200)<br>
2017-01-09 17:35:52,024+01 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirect=
or]
(default task-1) [50439863] Correlation ID: 50439863, Call Stack:
null, Custom Event ID: -1, Message: Failed to execute login on
behalf - for user <a class=3D"moz-txt-link-abbreviated" href=3D"mai=
lto:sblanchet@levant.abes.fr">sblanchet(a)levant.abes.fr</a>.<br>
2017-01-09 17:35:52,025+01 ERROR
[org.ovirt.engine.core.services.VMConsoleProxyServlet] (default
task-1) [50439863] Error processing request: :
java.lang.RuntimeException: Unable to create session using
LoginOnBehalf<br>
</p>
<br>
<pre class=3D"moz-signature" cols=3D"72">--=20
Nathana=C3=ABl Blanchet
Supervision r=C3=A9seau
P=C3=B4le Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5 =09
T=C3=A9l. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
<a class=3D"moz-txt-link-abbreviated" href=3D"mailto:blanchet@abes.fr">bl=
anchet(a)abes.fr</a> </pre>
</body>
</html>
--------------BB4C4DF1A3B16FBCD0105975--
7 years, 11 months
[Ovirt 4.0 - Storage Domain] Fail to upload ISO using engine-iso-uploader
by TranceWorldLogic .
Hi,
I am trying to upload ISO image using engine-iso-uploader command as shown
below.
I have received error as shown below.
# engine-iso-uploader -i vms_isos_myHost -u admin@internal -r
ovirt.lab.com:443 upload /tmp/ubuntu.iso
Uploading, please wait...
ERROR: mount.nfs: access denied by server while mounting 190.68.5.100:
/nfs_share/iso
My NFS configuration as shown below:
# cat /etc/exports
/nfs_share/iso
190.68.5.100(rw,sync,no_subtree_check,all_squash,anonuid=36,anongid=36)
/nfs_share/data
190.68.5.100(rw,sync,no_subtree_check,all_squash,anonuid=36,anongid=36)
And please note that I have provided proper file and folder permission as
mention in below link.
http://www.ovirt.org/documentation/how-to/troubleshooting/troubleshooting...
Please help !!!
Thanks,
~Rohit
7 years, 11 months
Master storage domain in locked state
by knarra
Hi,
I have three glusterfs storage domains present on my system. data
(master), vmstore and engine. I tried moving the master storage domain
to maintenance state , it was stuck in preparing for maintenance for a
long time and then i rebooted my hosts. Now i see that the master domain
moves to maintenance state but vmstore which is master now is stuck in
locked state. Any idea how to come out of this situation.
Any help is much appreciated.
Thanks
kasturi
7 years, 11 months
Can't shut down VM
by Peter Calum
Hi,
I have a VM hanging in powering down state, the same VM has at snapshot
hanging in state locked. - How do i solve this ?
vmId='6d820a57-efef-431d-b98f-99e8fe13b6ac',
oVirt Engine Version: 4.0.5.5-1.el7.centos
engine log attached.
--
Venlig hilsen / Kind regards
Peter Calum
7 years, 11 months
VDSM service won't start
by paul.greene.va
All,
I'm having an issue with the vdsmd service refusing to start on a fresh
install of RHEL 7.2, RHEV version 4.0.
It initially came up correctly, and the command "ip a" showed a
"vdsmdummy" interface and a "ovirtmgmt" interface. However after a
couple of reboots, those interfaces disappeared, and running "systemctl
status vdsmd" generated the message "Dependency failed for Virtual
Desktop Service Manager/Job vdsmd.service/start failed with result
'dependency'". Didn't say what dependency though
I have 3 hosts where this happening on 2 out of 3 hosts. For some odd
reason, the one host isn't having any problems.
In a Google search I found an instance where system clock timing was out
of sync, and that messed it up. I checked all three hosts, as well as
the RHEV manager and they all had chronyd running and the clocks
appeared to be in sync.
After a reboot the virtual interfaces usually initially come up, but go
down again within a few minutes.
Running journalctl -xe gives these three messages:
"failed to start Virtual Desktop Server Manager network restoration"
"Dependency failed for Virtual Desktop Server Manager" (but it doesn't
say which dependency failed"
"Dependency failed for MOM instance configured for VDSM purposes"
(again, doesn't way which dependency)
Any suggestions?
Paul
7 years, 11 months
Reminder: we have Wildfly's web mgmt console (with auth)
by Roy Golan
For quite some time now we can access Wildfly's web console on
https://127.0.0.1:8706
It's the UI equivalent of jboss.cli but much more convenient. Example of
tasks you can perform there:
- Change logging settings, live
- Tweak the managed thread pool (will send a different thread about it)
- Shutdown/reload the service
- Tweak db connection details
- Get info/stats on the running setup EE components and more
One of the main advantages over the old jmx method is that it uses a plugin
to authenticate the engine user so your credentials should be admin@internal
or any superuser for that matter.
The default is to expose it to localhost and that could be change in
services/ovirt-engine/ovirt-engine.xml.in.For firewalled setups, you can
ssh tunnel your machine to overcome that as always.
R
7 years, 11 months
DWH URL in 4.0.6 ??
by Devin Acosta
I upgraded to the latest 4.0.6 and show that the Data Ware House process is
running, did they change how you access the GUI for it?
Going to: https://{fqdn}/ovirt-engine-reports/
no longer functions on any of my deployments?
--
Devin Acosta
Red Hat Certified Architect, LinuxStack
602-354-1220 || devin(a)linuxguru.co
7 years, 11 months
[ANN] oVirt 4.0.6 Release is now available
by Sandro Bonazzola
The oVirt Project is pleased to announce the general availability of oVirt
4.0.6, as of January 10th, 2016.
This release is available now for:
* Red Hat Enterprise Linux 7.3 or later
* CentOS Linux (or similar) 7.3 or later
* Fedora 23 (tech preview)
This release supports Hypervisor Hosts running:
* Red Hat Enterprise Linux 7.3 or later
* CentOS Linux (or similar) 7.3 or later
* Fedora 23 (tech preview)
* oVirt Next Generation Node 4.0
This update is the sixth in a series of stabilization updates to the 4.0
series.
4.0.6 brings 4 enhancements and 59 bugfixes, including 24 high or urgent
severity fixes, on top of oVirt 4.0 series
See the release notes [1] for installation / upgrade instructions and a
list of new features and bugs fixed.
Notes:
* A new oVirt Live ISO is already available. [2]
* A new oVirt Next Generation Node will be available soon [2]
* A new oVirt Engine Appliance is already available for Red Hat Enterprise
Linux and CentOS Linux (or similar)
* Mirrors[3] might need up to one day to synchronize.
Additional Resources:
* Read more about the oVirt 4.0.6 release highlights:
http://www.ovirt.org/release/4.0.6/
* Get more oVirt Project updates on Twitter: https://twitter.com/ovirt
* Check out the latest project news on the oVirt blog:
http://www.ovirt.org/blog/
[1] http://www.ovirt.org/release/4.0.6/
[2] http://resources.ovirt.org/pub/ovirt-4.0-pre/iso/
[3] http://www.ovirt.org/Repository_mirrors#Current_mirrors
--
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
7 years, 11 months
question regarding fencing proxies
by cmc
Hi,
Can someone tell me how the engine decides which power management
proxy/proxies to use (using default cluster/dc config)? I am using
drac 7 for a fence agent in my two host cluster, and have noticed that
one of the hosts cannot contact the drac. My guess is that the engine
is using one host to as a power management proxy and hosts cannot
reach their own drac as they are on the same interface + vlan.
Example scenario:
Engine uses host 2 as power management proxy. It can contact host 1’s
drac, but cannot contact its own drac. In the case of host 2 being
unreachable/kdumping etc, would the engine switch to use host 1 as the
proxy to contact host 2’s drac?
Thanks,
Cam
PS: I'd like to use the APC as an additional fencing agent, each host
has two PSUs connected to two different APCs. Is there a guide on how
to specify two ports on two different PDUs to control power on a host?
7 years, 11 months
