This is a multi-part message in MIME format. ------------MIME-2638369536-379142252-delim Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable On 04/09/2015 10=3A12 AM=2C Sandro Bonazzola wrote=3A =3E Il 09/04/2015 10=3A03=2C Vinzenz Feenstra ha scritto=3A =3E=3E On 04/09/2015 09=3A55 AM=2C Jorick Astrego wrote=3A =3E=3E=3E =3E=3E=3E On 04/09/2015 08=3A56 AM=2C Vinzenz Feenstra wrote=3A =3E=3E=3E=3E On 04/08/2015 04=3A34 PM=2C Jorick Astrego wrote=3A =3E=3E=3E=3E=3E Hi=2C =3E=3E=3E=3E Hi=2C =3E=3E=3E=3E=3E Testing 3=2E5=2E2rc3=2C I see AVC denied messages for the o= vrit-guest agent =28installed through cloud-init=29=2E =3E=3E=3E=3E=3E =3E=3E=3E=3E=3E type=3DAVC msg=3Daudit=281428510418=2E333=3A142=29=3A a= vc=3A denied =7B read =7D for pid=3D1113 comm=3D=22ovirt-guest-age=22 na= me=3D=22online=22 dev=3Dsysfs ino=3D23 =3E=3E=3E=3E=3E scontext=3Dsystem=5Fu=3Asystem=5Fr=3Arhev=5Fagentd=5Ft= =3As0 tcontext=3Dsystem=5Fu=3Aobject=5Fr=3Asysfs=5Ft=3As0 tclass=3Dfile =3E=3E=3E=3E=3E type=3DAVC msg=3Daudit=281428510418=2E333=3A142=29=3A a= vc=3A denied =7B open =7D for pid=3D1113 comm=3D=22ovirt-guest-age=22 na= me=3D=22online=22 dev=3Dsysfs ino=3D23 =3E=3E=3E=3E=3E scontext=3Dsystem=5Fu=3Asystem=5Fr=3Arhev=5Fagentd=5Ft= =3As0 tcontext=3Dsystem=5Fu=3Aobject=5Fr=3Asysfs=5Ft=3As0 tclass=3Dfile =3E=3E=3E=3E=3E type=3DSYSCALL msg=3Daudit=281428510418=2E333=3A142=29= =3A arch=3Dc000003e syscall=3D2 success=3Dyes exit=3D6 a0=3D7f8a655612b8 a1= =3D80000 a2=3D2803ff a3=3D0 items=3D0 ppid=3D1 =3E=3E=3E=3E=3E pid=3D1113 auid=3D4294967295 uid=3D175 gid=3D175 euid= =3D175 suid=3D175 fsuid=3D175 egid=3D175 sgid=3D175 fsgid=3D175 tty=3D=28no= ne=29 ses=3D4294967295 =3E=3E=3E=3E=3E comm=3D=22ovirt-guest-age=22 exe=3D=22/usr/bin/python= =22 subj=3Dsystem=5Fu=3Asystem=5Fr=3Arhev=5Fagentd=5Ft=3As0 key=3D=28null= =29 =3E=3E=3E=3E=3E =3E=3E=3E=3E=3E And when I check the rpm I see=3A =3E=3E=3E=3E=3E =3E=3E=3E=3E=3E rpm -qa=7Cgrep ovirt =3E=3E=3E=3E=3E ovirt-release-el6-10=2E0=2E1-3=2Enoarch =3E=3E=3E=3E=3E ovirt-guest-agent-1=2E0=2E8-1=2Eel6=2Enoarch =3E=3E=3E=3E=3E =3E=3E=3E=3E Well the latest guest agent is always available on epel for el= 5/6/7 and for fedora in the fedora repos I am not sure why it=27s not avail= able in the =3E=3E=3E=3E public ovirt repositories=2C however that was somehow always a= problem with ovirt releases=2C but I recommend anyway to use epel for the= ovirt guest =3E=3E=3E=3E agent due to the fact that I am releasing the guest agent alwa= ys to epel and it will get updated from there=2E =3E=3E=3E=3E =3E=3E=3E=3E Please also note that the repo location has changed=2E ovirt-3= =2E5 for el6 is now here=3A http=3A//resources=2Eovirt=2Eorg/pub/ovirt-3=2E= 5/rpm/el6/ =3E=3E=3E=3E =3E=3E=3E=3E However what I don=27t know=2C is how the 3=2E3=2E3 repository= got installed for you=2C I am not sure that this was done by the bare =27c= loud-init=27=2C that might =3E=3E=3E=3E be specific to your cloud init configuration=2E =3E=3E=3E Well that can=27t be specific=2E I completely wipe the test envir= onment every couple weeks and just provisioned a completely fresh ovirt 3= =2E5=2E2rc3 install=2E =3E=3E=3E =3E=3E=3E Normally I don=27t use cloud-init as we have foreman=2C but I was= testing it=2E The only thing I did was=2C create new VM and checked the cl= oud-init/sysprep =3E=3E=3E checkbox=2E The rest oVirt did automatically=2E =3E=3E=3E =3E=3E=3E What I think is happening is that the CentOS 6=2E5 image in the o= virt-image-repository glance provider is outdated=2E I used this as templat= e for quick =3E=3E=3E testing=2E =3E=3E=3E =3E=3E=3E Does anyone know who maintains these images=3F =3E=3E Sandro=2C do you by any chance know who does=3F =3E Nobody maintains actively the images in the glance repository=2E =3E I raised the issue a while ago=5B1=5D and proposed as =22get involved= =22 task to provide updated images=5B2=5D for the glance repository=2E =3E Once new images will be available=2C Oved can upload them into the glan= ce repository=2E =3E =3E =5B1=5D http=3A//lists=2Eovirt=2Eorg/pipermail/devel/2015-April/010193= =2Ehtml =3E =5B2=5D http=3A//lists=2Eovirt=2Eorg/pipermail/devel/2015-April/010199= =2Ehtml =3E =3E Ok=2C I will schedule some time to update them as I had been planning to =22get involved=22 some more =3B-=29 Will upload somewhere next week=2E Met vriendelijke groet=2C With kind regards=2C Jorick Astrego Netbulae Virtualization Experts=20 ---------------- =09Tel=3A 053 20 30 270 =09info=40netbulae=2Eeu =09Staalsteden 4-3A =09KvK= 08198180 =09Fax=3A 053 20 30 271 =09www=2Enetbulae=2Eeu =097547 TA Enschede =09BTW= NL821234584B01 ---------------- ------------MIME-2638369536-379142252-delim Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable =3Chtml=3E =3Cbody=3E <br> <br> On 04/09/2015 10:12 AM, Sandro Bonazzola wrote: <br> <font color=3D"#000000">> Il 09/04/2015 10:03, Vinzenz Feenstra ha scrit= to: </font><br> <font color=3D"#000000">>> On 04/09/2015 09:55 AM, Jorick Astrego wro= te: </font><br> <font color=3D"#000000">>>> </font><br> <font color=3D"#000000">>>> On 04/09/2015 08:56 AM, Vinzenz Feenst= ra wrote: </font><br> <font color=3D"#000000">>>>> On 04/08/2015 04:34 PM, Jorick Ast= rego wrote: </font><br> <font color=3D"#000000">>>>>> Hi, </font><br> <font color=3D"#000000">>>>> Hi, </font><br> <font color=3D"#000000">>>>>> Testing 3.5.2rc3, I see AVC de= nied messages for the ovrit-guest agent (installed through cloud-init). = ;</font><br> <font color=3D"#000000">>>>>> </font><br> <font color=3D"#000000">>>>>> type= =3DAVC msg=3Daudit(1428510418.333:142): avc: denied { read } fo= r pid=3D1113 comm=3D"ovirt-guest-age" name=3D"online&q= uot; dev=3Dsysfs ino=3D23 </font><br> <font color=3D"#000000">>>>>> sconte= xt=3Dsystem_u:system_r:rhev_agentd_t:s0 tcontext=3Dsystem_u:object_r:sysfs_= t:s0 tclass=3Dfile </font><br> <font color=3D"#000000">>>>>> type= =3DAVC msg=3Daudit(1428510418.333:142): avc: denied { open } fo= r pid=3D1113 comm=3D"ovirt-guest-age" name=3D"online&q= uot; dev=3Dsysfs ino=3D23 </font><br> <font color=3D"#000000">>>>>> sconte= xt=3Dsystem_u:system_r:rhev_agentd_t:s0 tcontext=3Dsystem_u:object_r:sysfs_= t:s0 tclass=3Dfile </font><br> <font color=3D"#000000">>>>>> type= =3DSYSCALL msg=3Daudit(1428510418.333:142): arch=3Dc000003e syscall=3D2 suc= cess=3Dyes exit=3D6 a0=3D7f8a655612b8 a1=3D80000 a2=3D2803ff a3=3D0 items= =3D0 ppid=3D1 </font><br> <font color=3D"#000000">>>>>> pid=3D= 1113 auid=3D4294967295 uid=3D175 gid=3D175 euid=3D175 suid=3D175 fsuid=3D17= 5 egid=3D175 sgid=3D175 fsgid=3D175 tty=3D(none) ses=3D4294967295 </fon= t><br> <font color=3D"#000000">>>>>> comm= =3D"ovirt-guest-age" exe=3D"/usr/bin/python" subj=3Dsys= tem_u:system_r:rhev_agentd_t:s0 key=3D(null) </font><br> <font color=3D"#000000">>>>>> </font><br> <font color=3D"#000000">>>>>> And when I check the rpm I see= : </font><br> <font color=3D"#000000">>>>>> </font><br> <font color=3D"#000000">>>>>> rpm -q= a|grep ovirt </font><br> <font color=3D"#000000">>>>>> ovirt-= release-el6-10.0.1-3.noarch </font><br> <font color=3D"#000000">>>>>> ovirt-= guest-agent-1.0.8-1.el6.noarch </font><br> <font color=3D"#000000">>>>>> </font><br> <font color=3D"#000000">>>>> Well the latest guest agent is alw= ays available on epel for el5/6/7 and for fedora in the fedora repos I am n= ot sure why it's not available in the </font><br> <font color=3D"#000000">>>>> public ovirt repositories, however= that was somehow always a problem with ovirt releases, but I recommend any= way to use epel for the ovirt guest </font><br> <font color=3D"#000000">>>>> agent due to the fact that I am re= leasing the guest agent always to epel and it will get updated from there.&= #13;</font><br> <font color=3D"#000000">>>>> </font><br> <font color=3D"#000000">>>>> Please also note that the repo loc= ation has changed. ovirt-3.5 for el6 is now here: <a href=3D"http://resourc= es.ovirt.org/pub/ovirt-3.5/rpm/el6/">http://resources.ovirt.org/pub/ovirt-3= .5/rpm/el6/</a> </font><br> <font color=3D"#000000">>>>> </font><br> <font color=3D"#000000">>>>> However what I don't know, is how = the 3.3.3 repository got installed for you, I am not sure that this was don= e by the bare 'cloud-init', that might </font><br> <font color=3D"#000000">>>>> be specific to your cloud init con= figuration. </font><br> <font color=3D"#000000">>>> Well that can't be specific. I complet= ely wipe the test environment every couple weeks and just provisioned a com= pletely fresh ovirt 3.5.2rc3 install. </font><br> <font color=3D"#000000">>>> </font><br> <font color=3D"#000000">>>> Normally I don't use cloud-init as we = have foreman, but I was testing it. The only thing I did was, create new VM= and checked the cloud-init/sysprep </font><br> <font color=3D"#000000">>>> checkbox. The rest oVirt did automatic= ally. </font><br> <font color=3D"#000000">>>> </font><br> <font color=3D"#000000">>>> What I think is happening is that the = CentOS 6.5 image in the ovirt-image-repository glance provider is outdated.= I used this as template for quick </font><br> <font color=3D"#000000">>>> testing. </font><br> <font color=3D"#000000">>>> </font><br> <font color=3D"#000000">>>> Does anyone know who maintains these i= mages? </font><br> <font color=3D"#000000">>> Sandro, do you by any chance know who does= ? </font><br> <font color=3D"#000000">> Nobody maintains actively the images in the gl= ance repository. </font><br> <font color=3D"#000000">> I raised the issue a while ago[1] and proposed= as "get involved" task to provide updated images[2] for the glan= ce repository. </font><br> <font color=3D"#000000">> Once new images will be available, Oved can up= load them into the glance repository. </font><br> <font color=3D"#000000">> </font><br> <font color=3D"#000000">> [1] <a href=3D"http://lists.ovirt.org/pipermai= l/devel/2015-April/010193.html">http://lists.ovirt.org/pipermail/devel/2015= -April/010193.html</a> </font><br> <font color=3D"#000000">> [2] <a href=3D"http://lists.ovirt.org/pipermai= l/devel/2015-April/010199.html">http://lists.ovirt.org/pipermail/devel/2015= -April/010199.html</a> </font><br> <font color=3D"#000000">> </font><br> <font color=3D"#000000">> </font><br> Ok, I will schedule some time to update them as I had been planning to = <br> "get involved" some more ;-) <br> <br> Will upload somewhere next week. <br> <br> <br> = =3CBR /=3E =3CBR /=3E =3Cb style=3D=22color=3A=23604c78=22=3E=3C/b=3E=3Cbr=3E=3Cspan style=3D=22c= olor=3A=23604c78=3B=22=3E=3Cfont color=3D=22000000=22=3E=3Cspan style=3D=22= mso-fareast-language=3Aen-gb=3B=22 lang=3D=22NL=22=3EMet vriendelijke groet= =2C With kind regards=2C=3Cbr=3E=3Cbr=3E=3C/span=3EJorick Astrego=3C/font= =3E=3C/span=3E=3Cb style=3D=22color=3A=23604c78=22=3E=3Cbr=3E=3Cbr=3ENetbul= ae Virtualization Experts =3C/b=3E=3Cbr=3E=3Chr style=3D=22border=3Anone=3B= border-top=3A1px solid =23ccc=3B=22=3E=3Ctable style=3D=22width=3A 522px=22= =3E=3Ctbody=3E=3Ctr=3E=3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px= =22=3ETel=3A 053 20 30 270=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bf= ont-size=3A 10px=22=3Einfo=40netbulae=2Eeu=3C/td=3E =3Ctd style=3D=22wid= th=3A 130px=3Bfont-size=3A 10px=22=3EStaalsteden 4-3A=3C/td=3E =3Ctd sty= le=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EKvK 08198180=3C/td=3E=3C/tr= =3E=3Ctr=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EFax= =3A 053 20 30 271=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size= =3A 10px=22=3Ewww=2Enetbulae=2Eeu=3C/td=3E =3Ctd style=3D=22width=3A 130= px=3Bfont-size=3A 10px=22=3E7547 TA Enschede=3C/td=3E =3Ctd style=3D=22w= idth=3A 130px=3Bfont-size=3A 10px=22=3EBTW NL821234584B01=3C/td=3E=3C/tr=3E= =3C/tbody=3E=3C/table=3E=3Cbr=3E=3Chr style=3D=22border=3Anone=3Bborder-top= =3A1px solid =23ccc=3B=22=3E=3CBR /=3E =3C/body=3E =3C/html=3E ------------MIME-2638369536-379142252-delim--