January 2018 - Users - oVirt List Archives

user permissions
by Zhong Qiang 11 Jan '18

11 Jan '18

Hi, I tried to give a user the permissions for vms. when this user log in vm portal ,get messages "No VM available." this user was granted follow roles: UserVmManager UserRole engine logs: 2018-01-10 20:32:33,938-05 INFO [org.ovirt.engine.core.bll.AddPermissionCommand] (EE-ManagedThreadFactory-engine-Thread-7438) [9b5a405a-c956-4d69-b286-f6b22cbf3c12] Running command: AddPermissionCommand internal: false. Entities affected : ID: 1cf75959-7992-43fe-a1f7-ed6c0c48fd35 Type: VMAction group MANIPULATE_PERMISSIONS with role type USER, ID: 1cf75959-7992-43fe-a1f7-ed6c0c48fd35 Type: VMAction group ADD_USERS_AND_GROUPS_FROM_DIRECTORY with role type USER 2018-01-10 20:32:33,944-05 INFO [org.ovirt.engine.core.bll.aaa.AddUserCommand] (EE-ManagedThreadFactory-engine-Thread-7438) [787deac0] Running command: AddUserCommand internal: true. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group MANIPULATE_USERS with role type ADMIN 2018-01-10 20:32:33,981-05 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engine-Thread-7438) [787deac0] EVENT_ID: USER_ADD(149), User 'zhongq(a)ctcnet.com' was added successfully to the system. 2018-01-10 20:32:34,036-05 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engine-Thread-7438) [787deac0] EVENT_ID: USER_ADD_PERMISSION(850), User/Group zhongq(a)ctcnet.com, Namespace DC=ctcnet,DC=com, Authorization provider: ctcnet.com-authz was granted permission for Role UserRole on VM ubuntu16.04-64, by admin@internal-authz. 2018-01-10 20:38:06,263-05 INFO [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-4) [] User zhongq(a)ctcnet.com successfully logged in with scopes: ovirt-app-admin ovirt-app-api ovirt-app-portal ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovirt-ext=token:passwor d-access 2018-01-10 20:38:06,301-05 INFO [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-5) [2a6c3d14] Running command: CreateUserSessionCommand internal: false. 2018-01-10 20:38:06,338-05 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-5) [2a6c3d14] EVENT_ID: USER_VDC_LOGIN(30), User zhongq@ctcnet.com@ctcnet.com-authz connecting from '10.10.19.228' using session 'z0/9HgB4mjzfDnIN4P/fe4A3fzwWIWWcR9xKDvsI/XXgHZApjRp1BCufgtSK6n3kvA/ScdP4qqGqiX01lyJHSQ==' logged in. 2018-01-10 20:38:06,956-05 ERROR [org.ovirt.engine.core.bll.GetSystemStatisticsQuery] (default task-14) [06c80cc6-ad15-4d82-a907-21ab9a5c1cc4] Query execution failed due to insufficient permissions. 2018-01-10 20:38:07,044-05 ERROR [org.ovirt.engine.core.bll.GetPermissionsForObjectQuery] (default task-20) [1b7a6564-534d-4df5-a2b7-52da214b95cd] Query execution failed due to insufficient permissions. 2018-01-10 20:38:07,045-05 ERROR [org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default task-20) [] Operation Failed: query execution failed due to insufficient permissions.

1 1

ovirt-live 4.2 - missing stable ISO? + Networking question - when to setup host & in NM or ifcfg?
by Sam McLeod 11 Jan '18

11 Jan '18

--Apple-Mail=_C8B56014-332F-4A8D-8A2A-EDDDF68CE520 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii I'm trying to find the stable / current oVirt-live ISO to download. According to the official documentation, it looks like there is only the = legacy 4.1 ISO, or nightly / unstable builds of 4.2(.2?)? SRC: https://www.ovirt.org/download/ovirt-live/ = <https://www.ovirt.org/download/ovirt-live/> --- Alternatively, if one is to deploy the 'self-hosted-engine' on top of = CentOS 7.4, the documentation doesn't make it clear what you should vs = shouldn't setup on the host prior to deploying the hosted engine. For example, some big questions pop up around networking, e.g.: - Should I be setting those up during CentOS's install using the = installer (which I believe configures them with Network Manager), or = should I be setting up the ifcfg files manually by hand without touching = Network Manager via the server's remote console after the install has = finished? - Is it OK for me to setup my first two NICs in a mode 1 (A/P) or 4 = (XOR) bond (these are connected to a 'dumb' switch and provide internet = access and later will be used for management activities such as vm = migrations). - Is it OK for me to setup my second two NICs in a LACP bond (required = as they connect to our core switches) and to add VLANs on top of that = bond, include the storage VLAN required for iSCSI access which is later = required to host the hosted-engine? SRC: = https://www.ovirt.org/documentation/self-hosted/chap-Deploying_Self-Hosted= _Engine/ = <https://www.ovirt.org/documentation/self-hosted/chap-Deploying_Self-Hoste= d_Engine/> --- I think the hardest thing is that the documentation for oVirt seems very = poorly maintained, or it's at least scattered around various links or = different guides. Perhaps this isn't obvious to people that are already familiar with the = components, terminology and setup practises of oVirt / RHEV, but for = someone like me coming from XenServer - it's confusing as anything. Example diagram of infrastructure: https://i.imgur.com/U4hCP3a.png = <https://i.imgur.com/U4hCP3a.png> -- Sam McLeod (protoporpoise on IRC) https://smcleod.net https://twitter.com/s_mcleod Words are my own opinions and do not necessarily represent those of my = employer or partners. --Apple-Mail=_C8B56014-332F-4A8D-8A2A-EDDDF68CE520 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; = charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; line-break: after-white-space;" class=3D""><div = class=3D"">I'm trying to find the stable / current oVirt-live ISO to = download.</div><div class=3D""><br class=3D""></div><div = class=3D"">According to the official documentation, it looks like there = is only the legacy 4.1 ISO, or nightly / unstable builds of = 4.2(.2?)?</div><div class=3D""><br class=3D""></div><div = class=3D"">SRC: <a = href=3D"https://www.ovirt.org/download/ovirt-live/" = class=3D"">https://www.ovirt.org/download/ovirt-live/</a></div><div = class=3D""><br class=3D""></div><div class=3D"">---</div><div = class=3D""><br class=3D""></div><div class=3D"">Alternatively, if one is = to deploy the 'self-hosted-engine' on top of CentOS 7.4, the = documentation doesn't make it clear what you should vs shouldn't setup = on the host prior to deploying the hosted engine.</div><div class=3D""><br= class=3D""></div><div class=3D"">For example, some big questions pop up = around networking, e.g.:</div><div class=3D""><br class=3D""></div><div = class=3D"">- Should I be setting those up during CentOS's install using = the installer (which I believe configures them with Network Manager), or = should I be setting up the ifcfg files manually by hand without = touching Network Manager via the server's remote console after the = install has finished?</div><div class=3D""><br class=3D""></div><div = class=3D"">- Is it OK for me to setup my first two NICs in a mode 1 = (A/P) or 4 (XOR) bond (these are connected to a 'dumb' switch and = provide internet access and later will be used for management activities = such as vm migrations).</div><div class=3D""><br class=3D""></div><div = class=3D"">- Is it OK for me to setup my second two NICs in a LACP bond = (required as they connect to our core switches) and to add VLANs on top = of that bond, include the storage VLAN required for iSCSI access which = is later required to host the hosted-engine?</div><div class=3D""><br = class=3D""></div><div class=3D"">SRC: <a = href=3D"https://www.ovirt.org/documentation/self-hosted/chap-Deploying_Sel= f-Hosted_Engine/" = class=3D"">https://www.ovirt.org/documentation/self-hosted/chap-Deploying_= Self-Hosted_Engine/</a></div><div class=3D""><br class=3D""></div><div = class=3D"">---</div><div class=3D""><br class=3D""></div><div class=3D"">I= think the hardest thing is that the documentation for oVirt seems very = poorly maintained, or it's at least scattered around various links or = different guides.</div><div class=3D""><br class=3D""></div><div = class=3D"">Perhaps this isn't obvious to people that are already = familiar with the components, terminology and setup practises of oVirt / = RHEV, but for someone like me coming from XenServer - it's confusing as = anything.</div><div class=3D""><br class=3D""></div><div class=3D""><br = class=3D""></div><div class=3D"">Example diagram of = infrastructure: <a href=3D"https://i.imgur.com/U4hCP3a.png" = class=3D"">https://i.imgur.com/U4hCP3a.png</a></div><div class=3D""><br = class=3D""></div><div class=3D""><div class=3D""> <div dir=3D"auto" style=3D"color: rgb(0, 0, 0); letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: = break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" = class=3D""><div dir=3D"auto" style=3D"color: rgb(0, 0, 0); = letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; word-wrap: break-word; = -webkit-nbsp-mode: space; line-break: after-white-space;" class=3D""><div = dir=3D"auto" style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; = line-break: after-white-space;" class=3D""><div style=3D"color: rgb(0, = 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; = font-variant-caps: normal; font-weight: normal; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;">--<br = class=3D"">Sam McLeod (protoporpoise on IRC)</div><div style=3D"color: = rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: = normal; font-variant-caps: normal; font-weight: normal; letter-spacing: = normal; text-align: start; text-indent: 0px; text-transform: none; = white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: = 0px;"><a href=3D"https://smcleod.net" = class=3D"">https://smcleod.net</a><br = class=3D"">https://twitter.com/s_mcleod<br class=3D""><br class=3D"">Words= are my own opinions and do not necessarily represent those of = my employer or partners.</div></div></div></div> </div> <br class=3D""></div></body></html>= --Apple-Mail=_C8B56014-332F-4A8D-8A2A-EDDDF68CE520--

2 3

Hosted Engine and network isolation
by Luca 'remix_tj' Lorenzetto 10 Jan '18

10 Jan '18

Hello, i just completed the setup of my 4.1 new cluster and i'm validating against a set of certification tests i did in the earlier version. One of the test was consisting on isolating the host where hosted-engine vm is running, setting ports on the switch down. Storage domain hosting the engine is FC. Up to 4.0.4, that was the version we was using during that tests, isolating the host was causing a restart of the engine vm on another available host with the fence of the isolated host. Now, with 4.1.8, isolating the host doesn't restart the engine on the other host, only moves the status of the host2 to EngineUnexpectedlyDown, while host1 is isolated, with the engine vm still running on it. Is this due to storage leases? What should be the right action to take in case of isolated host for moving engine away? Thank you, Luca -- "E' assurdo impiegare gli uomini di intelligenza eccellente per fare calcoli che potrebbero essere affidati a chiunque se si usassero delle macchine" Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716) "Internet è la più grande biblioteca del mondo. Ma il problema è che i libri sono tutti sparsi sul pavimento" John Allen Paulos, Matematico (1945-vivente) Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <lorenzetto.luca(a)gmail.com>

1 0

Planned restart of production services
by Evgheni Dereveanchin 10 Jan '18

10 Jan '18

Hi everyone, I will be restarting several production systems within the following hour to apply security updates. The following services may be unreachable for some period of time: - resources.ovirt.org - package repositories - gerrit.ovirt.org - code review - jenkins.ovirt.org - CI master It will not be possible to submit/review patches, clone repositories or run CI jobs during this period. Package repositories will also be unreachable for a short period of time. I will announce you once the maintenance is complete. -- Regards, Evgheni Dereveanchin

1 2

oVirt 4.2 CEPH support
by Abdurrahman A. Ibrahim 09 Jan '18

09 Jan '18

Hello, I read in RHV 4.2 Beta release note that CEPH will be supported using iSCSI. I have tried to check community documentation regarding CEPH support but there was no luck. Do we have such document? Best regards, Ab

9 11

ovirt 4.2 upgrade questions
by Peter Hudec 09 Jan '18

09 Jan '18

Hi, maybe it was already here, but I haven't found it quickly in archive ;( I upgrade the hosted engine and one hots, my notes and questions. The upgrade goes well, I only needed to manually fix the memy value in database for hosted engine [ ERROR ] schema.sh: FATAL: Cannot execute sql command: --file=/usr/share/ovirt-engine/dbscripts/upgrade/04_02_0140_add_max_memory_constraint.sql [ ERROR ] Failed to execute stage 'Misc configuration': Engine schema refresh failed 1) firewalld after upgrade the hot server, the i needed to stop firewalld. It seems, that, the rules are not generated correctly. The engine was not able to connect to the host. How do I could fix it? 2) old repo removal Could i remove the 4.1 repo? If yes, what is the best way to do that? 3) Hosted Engine HA: Hosted Engine HA on upgraded hosts is 3400, the same as on the 4.1 hosts. Is this good or bad? regards Peter -- *Peter Hudec* Infraštruktúrny architekt phudec(a)cnc.sk <mailto:phudec@cnc.sk> *CNC, a.s.* Borská 6, 841 04 Bratislava Recepcia: +421 2 35 000 100 Mobil:+421 905 997 203 *www.cnc.sk* <http:///www.cnc.sk>

3 15

Behaviour when attaching shared iSCSI storage with existing data
by Sam McLeod 09 Jan '18

09 Jan '18

--Apple-Mail=_0EC3C8C4-0EB1-4E35-A593-42CEA5D59791 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii If one was to attach a shared iSCSI LUN as 'storage' to an oVirt data = centre that contains existing data - how does oVirt behave? For example the LUN might be partitioned as LVM, then contain existing = filesystems etc... =20 - Would oVirt see that there is existing data on the LUN and simply = attach it as any other linux initiator (client) world, or would it try = to wipe the LUN clean and reinitialise it? Context: Investigating migration from XenServer to oVirt (4.2.0) All our iSCSI storage is currently attached to XenServer hosts, = XenServer formats those raw LUNs with LVM and VMs are stored within = them. If the answer to this is already out there and I should have found it by = searching, I apologise, please point me to the link and I'll RTFM. -- Sam McLeod https://smcleod.net https://twitter.com/s_mcleod --Apple-Mail=_0EC3C8C4-0EB1-4E35-A593-42CEA5D59791 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; = charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; line-break: after-white-space;" class=3D""><div = class=3D"">If one was to attach a shared iSCSI LUN as 'storage' to an = oVirt data centre that contains existing data - how does oVirt = behave?</div><div class=3D""><br class=3D""></div><div class=3D"">For = example the LUN might be partitioned as LVM, then contain existing = filesystems etc...</div><div class=3D""> </div><div class=3D"">- = Would oVirt see that there is existing data on the LUN and simply attach = it as any other linux initiator (client) world, or would it try to wipe = the LUN clean and reinitialise it?</div><div class=3D""><br = class=3D""></div><div class=3D""><br class=3D""></div><div = class=3D"">Context: Investigating migration from XenServer to oVirt = (4.2.0)</div><div class=3D""><br class=3D""></div><div class=3D"">All = our iSCSI storage is currently attached to XenServer hosts, XenServer = formats those raw LUNs with LVM and VMs are stored within = them.</div><div class=3D""><br class=3D""></div><div class=3D""><br = class=3D""></div><div class=3D""><br class=3D""></div><div class=3D""><i = class=3D"">If the answer to this is already out there and I should have = found it by searching, I apologise, please point me to the link and I'll = RTFM.</i></div><div class=3D""><div class=3D""> <div dir=3D"auto" style=3D"color: rgb(0, 0, 0); letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: = break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" = class=3D""><div dir=3D"auto" style=3D"color: rgb(0, 0, 0); = letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; word-wrap: break-word; = -webkit-nbsp-mode: space; line-break: after-white-space;" class=3D""><div = dir=3D"auto" style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; = line-break: after-white-space;" class=3D""><div style=3D"color: rgb(0, = 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; = font-variant-caps: normal; font-weight: normal; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><br = class=3D"">--<br class=3D"">Sam McLeod<br class=3D""><a = href=3D"https://smcleod.net" class=3D"">https://smcleod.net</a><br = class=3D"">https://twitter.com/s_mcleod</div></div></div></div> </div> <br class=3D""></div></body></html>= --Apple-Mail=_0EC3C8C4-0EB1-4E35-A593-42CEA5D59791--

3 6

Re: [ovirt-users] How power-saving schedule policy applied?
by Karli Sjöberg 09 Jan '18

09 Jan '18

3 4

Suggestions on changing hosts' network
by Gianluca Cecchi 09 Jan '18

09 Jan '18

Hello, I have a 4.1 cluster based on FC storage domain. There are 2 hosts that are oVirt node-ng The engine is external to the oVirt environment Currently the network situation for ovirtmgmt is this one: engine on network1 (eg 192.168.1.x/24) host1 and host2 on network2 (eg 192.168.2.x/24) network1 and network2 routed through a gw I have to physically move host1 and host2 so that I should change their ip with one on network1. When I added the hosts in oVirt I used as Hostname/IP field their dns hostname What is the simplest approach? I can also give total downtime without particular problems as this is a test environment. I think I can put all infra into maintenance, change dns configuration but then I have also to change hosts network configuration itself... Possibly the best thing to do is remove/add the hosts? I have some doubts about the workflow to follow for removal/add and if for an oVirt-ng node I can change its ip configuration in an easy way.. perhaps from cockpit and then reboot and connect via cockpit to the new ip Thanks in advance for any suggestion Gianluca

4 7

Rebuilding my infra..
by carl langlois 08 Jan '18

08 Jan '18

Hi all After screwing my infra with the update to 4.2 (probably a bad manipulation), i am planning a rebuild of the entire infra. First i want to replace my NFS storage with a glusterfs storage. All documentation tell me that i need 3 hosts.. but for the moment i only have 2 but planning to had more later. So does it make sense to start with 2 hosts and use glusterfs as the storage domain(lets says with a replicate of two with all its limitations). If it make sense, 1- what is the best way to do it. 2- how hard will it be to had the 3rd host when available and make it replica 2+arbiter. Also in a setup where i have 3 hosts (replica 2+arbiter) does all the 3 hosts can run users vm? Thanks for your inputs. Carl

4 4