user permissions
by Zhong Qiang
Hi,
I tried to give a user the permissions for vms. when this user log in
vm portal ,get messages "No VM available."
this user was granted follow roles:
UserVmManager
UserRole
engine logs:
2018-01-10 20:32:33,938-05 INFO
[org.ovirt.engine.core.bll.AddPermissionCommand]
(EE-ManagedThreadFactory-engine-Thread-7438)
[9b5a405a-c956-4d69-b286-f6b22cbf3c12] Running command:
AddPermissionCommand internal: false. Entities affected : ID:
1cf75959-7992-43fe-a1f7-ed6c0c48fd35 Type: VMAction group
MANIPULATE_PERMISSIONS with role type USER, ID:
1cf75959-7992-43fe-a1f7-ed6c0c48fd35 Type: VMAction group
ADD_USERS_AND_GROUPS_FROM_DIRECTORY with role type USER
2018-01-10 20:32:33,944-05 INFO
[org.ovirt.engine.core.bll.aaa.AddUserCommand]
(EE-ManagedThreadFactory-engine-Thread-7438) [787deac0] Running command:
AddUserCommand internal: true. Entities affected :
ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group
MANIPULATE_USERS with role type ADMIN
2018-01-10 20:32:33,981-05 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(EE-ManagedThreadFactory-engine-Thread-7438) [787deac0] EVENT_ID:
USER_ADD(149), User 'zhongq(a)ctcnet.com' was added successfully to the
system.
2018-01-10 20:32:34,036-05 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(EE-ManagedThreadFactory-engine-Thread-7438) [787deac0] EVENT_ID:
USER_ADD_PERMISSION(850), User/Group zhongq(a)ctcnet.com, Namespace
DC=ctcnet,DC=com, Authorization provider: ctcnet.com-authz was granted
permission for Role UserRole on VM ubuntu16.04-64, by admin@internal-authz.
2018-01-10 20:38:06,263-05 INFO
[org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-4) []
User zhongq(a)ctcnet.com successfully logged in with scopes: ovirt-app-admin
ovirt-app-api ovirt-app-portal ovirt-ext=auth:sequence-priority=~
ovirt-ext=revoke:revoke-all ovirt-ext=token-info:authz-search
ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate
ovirt-ext=token:passwor
d-access
2018-01-10 20:38:06,301-05 INFO
[org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-5)
[2a6c3d14] Running command: CreateUserSessionCommand internal: false.
2018-01-10 20:38:06,338-05 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-5) [2a6c3d14] EVENT_ID: USER_VDC_LOGIN(30), User
zhongq@ctcnet.com(a)ctcnet.com-authz connecting from '10.10.19.228' using
session
'z0/9HgB4mjzfDnIN4P/fe4A3fzwWIWWcR9xKDvsI/XXgHZApjRp1BCufgtSK6n3kvA/ScdP4qqGqiX01lyJHSQ=='
logged in.
2018-01-10 20:38:06,956-05 ERROR
[org.ovirt.engine.core.bll.GetSystemStatisticsQuery] (default task-14)
[06c80cc6-ad15-4d82-a907-21ab9a5c1cc4] Query execution failed due to
insufficient permissions.
2018-01-10 20:38:07,044-05 ERROR
[org.ovirt.engine.core.bll.GetPermissionsForObjectQuery] (default task-20)
[1b7a6564-534d-4df5-a2b7-52da214b95cd] Query execution failed due to
insufficient permissions.
2018-01-10 20:38:07,045-05 ERROR
[org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default
task-20) [] Operation Failed: query execution failed due to insufficient
permissions.
6 years, 3 months
ovirt-live 4.2 - missing stable ISO? + Networking question - when to setup host & in NM or ifcfg?
by Sam McLeod
--Apple-Mail=_C8B56014-332F-4A8D-8A2A-EDDDF68CE520
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
I'm trying to find the stable / current oVirt-live ISO to download.
According to the official documentation, it looks like there is only the =
legacy 4.1 ISO, or nightly / unstable builds of 4.2(.2?)?
SRC: https://www.ovirt.org/download/ovirt-live/ =
<https://www.ovirt.org/download/ovirt-live/>
---
Alternatively, if one is to deploy the 'self-hosted-engine' on top of =
CentOS 7.4, the documentation doesn't make it clear what you should vs =
shouldn't setup on the host prior to deploying the hosted engine.
For example, some big questions pop up around networking, e.g.:
- Should I be setting those up during CentOS's install using the =
installer (which I believe configures them with Network Manager), or =
should I be setting up the ifcfg files manually by hand without touching =
Network Manager via the server's remote console after the install has =
finished?
- Is it OK for me to setup my first two NICs in a mode 1 (A/P) or 4 =
(XOR) bond (these are connected to a 'dumb' switch and provide internet =
access and later will be used for management activities such as vm =
migrations).
- Is it OK for me to setup my second two NICs in a LACP bond (required =
as they connect to our core switches) and to add VLANs on top of that =
bond, include the storage VLAN required for iSCSI access which is later =
required to host the hosted-engine?
SRC: =
https://www.ovirt.org/documentation/self-hosted/chap-Deploying_Self-Hosted=
_Engine/ =
<https://www.ovirt.org/documentation/self-hosted/chap-Deploying_Self-Hoste=
d_Engine/>
---
I think the hardest thing is that the documentation for oVirt seems very =
poorly maintained, or it's at least scattered around various links or =
different guides.
Perhaps this isn't obvious to people that are already familiar with the =
components, terminology and setup practises of oVirt / RHEV, but for =
someone like me coming from XenServer - it's confusing as anything.
Example diagram of infrastructure: https://i.imgur.com/U4hCP3a.png =
<https://i.imgur.com/U4hCP3a.png>
--
Sam McLeod (protoporpoise on IRC)
https://smcleod.net
https://twitter.com/s_mcleod
Words are my own opinions and do not necessarily represent those of my =
employer or partners.
--Apple-Mail=_C8B56014-332F-4A8D-8A2A-EDDDF68CE520
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; =
charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;" class=3D""><div =
class=3D"">I'm trying to find the stable / current oVirt-live ISO to =
download.</div><div class=3D""><br class=3D""></div><div =
class=3D"">According to the official documentation, it looks like there =
is only the legacy 4.1 ISO, or nightly / unstable builds of =
4.2(.2?)?</div><div class=3D""><br class=3D""></div><div =
class=3D"">SRC: <a =
href=3D"https://www.ovirt.org/download/ovirt-live/" =
class=3D"">https://www.ovirt.org/download/ovirt-live/</a></div><div =
class=3D""><br class=3D""></div><div class=3D"">---</div><div =
class=3D""><br class=3D""></div><div class=3D"">Alternatively, if one is =
to deploy the 'self-hosted-engine' on top of CentOS 7.4, the =
documentation doesn't make it clear what you should vs shouldn't setup =
on the host prior to deploying the hosted engine.</div><div class=3D""><br=
class=3D""></div><div class=3D"">For example, some big questions pop up =
around networking, e.g.:</div><div class=3D""><br class=3D""></div><div =
class=3D"">- Should I be setting those up during CentOS's install using =
the installer (which I believe configures them with Network Manager), or =
should I be setting up the ifcfg files manually by hand without =
touching Network Manager via the server's remote console after the =
install has finished?</div><div class=3D""><br class=3D""></div><div =
class=3D"">- Is it OK for me to setup my first two NICs in a mode 1 =
(A/P) or 4 (XOR) bond (these are connected to a 'dumb' switch and =
provide internet access and later will be used for management activities =
such as vm migrations).</div><div class=3D""><br class=3D""></div><div =
class=3D"">- Is it OK for me to setup my second two NICs in a LACP bond =
(required as they connect to our core switches) and to add VLANs on top =
of that bond, include the storage VLAN required for iSCSI access which =
is later required to host the hosted-engine?</div><div class=3D""><br =
class=3D""></div><div class=3D"">SRC: <a =
href=3D"https://www.ovirt.org/documentation/self-hosted/chap-Deploying_Sel=
f-Hosted_Engine/" =
class=3D"">https://www.ovirt.org/documentation/self-hosted/chap-Deploying_=
Self-Hosted_Engine/</a></div><div class=3D""><br class=3D""></div><div =
class=3D"">---</div><div class=3D""><br class=3D""></div><div class=3D"">I=
think the hardest thing is that the documentation for oVirt seems very =
poorly maintained, or it's at least scattered around various links or =
different guides.</div><div class=3D""><br class=3D""></div><div =
class=3D"">Perhaps this isn't obvious to people that are already =
familiar with the components, terminology and setup practises of oVirt / =
RHEV, but for someone like me coming from XenServer - it's confusing as =
anything.</div><div class=3D""><br class=3D""></div><div class=3D""><br =
class=3D""></div><div class=3D"">Example diagram of =
infrastructure: <a href=3D"https://i.imgur.com/U4hCP3a.png" =
class=3D"">https://i.imgur.com/U4hCP3a.png</a></div><div class=3D""><br =
class=3D""></div><div class=3D""><div class=3D"">
<div dir=3D"auto" style=3D"color: rgb(0, 0, 0); letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: =
break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" =
class=3D""><div dir=3D"auto" style=3D"color: rgb(0, 0, 0); =
letter-spacing: normal; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; word-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;" class=3D""><div =
dir=3D"auto" style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
line-break: after-white-space;" class=3D""><div style=3D"color: rgb(0, =
0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;">--<br =
class=3D"">Sam McLeod (protoporpoise on IRC)</div><div style=3D"color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: =
normal; font-variant-caps: normal; font-weight: normal; letter-spacing: =
normal; text-align: start; text-indent: 0px; text-transform: none; =
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: =
0px;"><a href=3D"https://smcleod.net" =
class=3D"">https://smcleod.net</a><br =
class=3D"">https://twitter.com/s_mcleod<br class=3D""><br class=3D"">Words=
are my own opinions and do not necessarily represent those of =
my employer or partners.</div></div></div></div>
</div>
<br class=3D""></div></body></html>=
--Apple-Mail=_C8B56014-332F-4A8D-8A2A-EDDDF68CE520--
6 years, 3 months
Hosted Engine and network isolation
by Luca 'remix_tj' Lorenzetto
Hello,
i just completed the setup of my 4.1 new cluster and i'm validating
against a set of certification tests i did in the earlier version.
One of the test was consisting on isolating the host where
hosted-engine vm is running, setting ports on the switch down. Storage
domain hosting the engine is FC.
Up to 4.0.4, that was the version we was using during that tests,
isolating the host was causing a restart of the engine vm on another
available host with the fence of the isolated host.
Now, with 4.1.8, isolating the host doesn't restart the engine on the
other host, only moves the status of the host2 to
EngineUnexpectedlyDown, while host1 is isolated, with the engine vm
still running on it.
Is this due to storage leases? What should be the right action to take
in case of isolated host for moving engine away?
Thank you,
Luca
--
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)
Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <lorenzetto.luca(a)gmail.com>
6 years, 3 months
Planned restart of production services
by Evgheni Dereveanchin
Hi everyone,
I will be restarting several production systems within the following hour
to apply security updates.
The following services may be unreachable for some period of time:
- resources.ovirt.org - package repositories
- gerrit.ovirt.org - code review
- jenkins.ovirt.org - CI master
It will not be possible to submit/review patches, clone repositories or run
CI jobs during this period. Package repositories will also be unreachable
for a short period of time.
I will announce you once the maintenance is complete.
--
Regards,
Evgheni Dereveanchin
6 years, 3 months
oVirt 4.2 CEPH support
by Abdurrahman A. Ibrahim
Hello,
I read in RHV 4.2 Beta release note that CEPH will be supported using iSCSI.
I have tried to check community documentation regarding CEPH support but
there was no luck. Do we have such document?
Best regards,
Ab
6 years, 3 months
ovirt 4.2 upgrade questions
by Peter Hudec
Hi,
maybe it was already here, but I haven't found it quickly in archive ;(
I upgrade the hosted engine and one hots, my notes and questions.
The upgrade goes well, I only needed to manually fix the memy value in
database for hosted engine
[ ERROR ] schema.sh: FATAL: Cannot execute sql command:
--file=/usr/share/ovirt-engine/dbscripts/upgrade/04_02_0140_add_max_memory_constraint.sql
[ ERROR ] Failed to execute stage 'Misc configuration': Engine schema
refresh failed
1) firewalld
after upgrade the hot server, the i needed to stop firewalld. It seems,
that, the rules are not generated correctly. The engine was not able to
connect to the host. How do I could fix it?
2) old repo removal
Could i remove the 4.1 repo? If yes, what is the best way to do that?
3) Hosted Engine HA:
Hosted Engine HA on upgraded hosts is 3400, the same as on the 4.1
hosts. Is this good or bad?
regards
Peter
--
*Peter Hudec*
Infraštruktúrny architekt
phudec(a)cnc.sk <mailto:phudec@cnc.sk>
*CNC, a.s.*
Borská 6, 841 04 Bratislava
Recepcia: +421 2 35 000 100
Mobil:+421 905 997 203
*www.cnc.sk* <http:///www.cnc.sk>
6 years, 3 months
Behaviour when attaching shared iSCSI storage with existing data
by Sam McLeod
--Apple-Mail=_0EC3C8C4-0EB1-4E35-A593-42CEA5D59791
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
If one was to attach a shared iSCSI LUN as 'storage' to an oVirt data =
centre that contains existing data - how does oVirt behave?
For example the LUN might be partitioned as LVM, then contain existing =
filesystems etc...
=20
- Would oVirt see that there is existing data on the LUN and simply =
attach it as any other linux initiator (client) world, or would it try =
to wipe the LUN clean and reinitialise it?
Context: Investigating migration from XenServer to oVirt (4.2.0)
All our iSCSI storage is currently attached to XenServer hosts, =
XenServer formats those raw LUNs with LVM and VMs are stored within =
them.
If the answer to this is already out there and I should have found it by =
searching, I apologise, please point me to the link and I'll RTFM.
--
Sam McLeod
https://smcleod.net
https://twitter.com/s_mcleod
--Apple-Mail=_0EC3C8C4-0EB1-4E35-A593-42CEA5D59791
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; =
charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;" class=3D""><div =
class=3D"">If one was to attach a shared iSCSI LUN as 'storage' to an =
oVirt data centre that contains existing data - how does oVirt =
behave?</div><div class=3D""><br class=3D""></div><div class=3D"">For =
example the LUN might be partitioned as LVM, then contain existing =
filesystems etc...</div><div class=3D""> </div><div class=3D"">- =
Would oVirt see that there is existing data on the LUN and simply attach =
it as any other linux initiator (client) world, or would it try to wipe =
the LUN clean and reinitialise it?</div><div class=3D""><br =
class=3D""></div><div class=3D""><br class=3D""></div><div =
class=3D"">Context: Investigating migration from XenServer to oVirt =
(4.2.0)</div><div class=3D""><br class=3D""></div><div class=3D"">All =
our iSCSI storage is currently attached to XenServer hosts, XenServer =
formats those raw LUNs with LVM and VMs are stored within =
them.</div><div class=3D""><br class=3D""></div><div class=3D""><br =
class=3D""></div><div class=3D""><br class=3D""></div><div class=3D""><i =
class=3D"">If the answer to this is already out there and I should have =
found it by searching, I apologise, please point me to the link and I'll =
RTFM.</i></div><div class=3D""><div class=3D"">
<div dir=3D"auto" style=3D"color: rgb(0, 0, 0); letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: =
break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" =
class=3D""><div dir=3D"auto" style=3D"color: rgb(0, 0, 0); =
letter-spacing: normal; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; word-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;" class=3D""><div =
dir=3D"auto" style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
line-break: after-white-space;" class=3D""><div style=3D"color: rgb(0, =
0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><br =
class=3D"">--<br class=3D"">Sam McLeod<br class=3D""><a =
href=3D"https://smcleod.net" class=3D"">https://smcleod.net</a><br =
class=3D"">https://twitter.com/s_mcleod</div></div></div></div>
</div>
<br class=3D""></div></body></html>=
--Apple-Mail=_0EC3C8C4-0EB1-4E35-A593-42CEA5D59791--
6 years, 3 months
Suggestions on changing hosts' network
by Gianluca Cecchi
Hello,
I have a 4.1 cluster based on FC storage domain.
There are 2 hosts that are oVirt node-ng
The engine is external to the oVirt environment
Currently the network situation for ovirtmgmt is this one:
engine on network1 (eg 192.168.1.x/24)
host1 and host2 on network2 (eg 192.168.2.x/24)
network1 and network2 routed through a gw
I have to physically move host1 and host2 so that I should change their ip
with one on network1.
When I added the hosts in oVirt I used as Hostname/IP field their dns
hostname
What is the simplest approach?
I can also give total downtime without particular problems as this is a
test environment.
I think I can put all infra into maintenance, change dns configuration but
then I have also to change hosts network configuration itself...
Possibly the best thing to do is remove/add the hosts? I have some doubts
about the workflow to follow for removal/add and if for an oVirt-ng node I
can change its ip configuration in an easy way.. perhaps from cockpit and
then reboot and connect via cockpit to the new ip
Thanks in advance for any suggestion
Gianluca
6 years, 3 months
Rebuilding my infra..
by carl langlois
Hi all
After screwing my infra with the update to 4.2 (probably a bad
manipulation), i am planning a rebuild of the entire infra. First i want to
replace my NFS storage with a glusterfs storage. All documentation tell me
that i need 3 hosts.. but for the moment i only have 2 but planning to had
more later.
So does it make sense to start with 2 hosts and use glusterfs as the
storage domain(lets says with a replicate of two with all its limitations).
If it make sense,
1- what is the best way to do it.
2- how hard will it be to had the 3rd host when available and make it
replica 2+arbiter.
Also in a setup where i have 3 hosts (replica 2+arbiter) does all the 3
hosts can run users vm?
Thanks for your inputs.
Carl
6 years, 3 months
