11:17 a.m.
This is a multi-part message in MIME format.
------------MIME-2638369536-379142252-delim
Content-Type: text/plain;
charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
On 04/09/2015 10=3A12 AM=2C Sandro Bonazzola wrote=3A
=3E Il 09/04/2015 10=3A03=2C Vinzenz Feenstra ha scritto=3A
=3E=3E On 04/09/2015 09=3A55 AM=2C Jorick Astrego wrote=3A
=3E=3E=3E
=3E=3E=3E On 04/09/2015 08=3A56 AM=2C Vinzenz Feenstra wrote=3A
=3E=3E=3E=3E On 04/08/2015 04=3A34 PM=2C Jorick Astrego wrote=3A
=3E=3E=3E=3E=3E Hi=2C
=3E=3E=3E=3E Hi=2C
=3E=3E=3E=3E=3E Testing 3=2E5=2E2rc3=2C I see AVC denied messages for the o=
vrit-guest agent =28installed through cloud-init=29=2E
=3E=3E=3E=3E=3E
=3E=3E=3E=3E=3E type=3DAVC msg=3Daudit=281428510418=2E333=3A142=29=3A a=
vc=3A denied =7B read =7D for pid=3D1113 comm=3D=22ovirt-guest-age=22 na=
me=3D=22online=22 dev=3Dsysfs ino=3D23
=3E=3E=3E=3E=3E scontext=3Dsystem=5Fu=3Asystem=5Fr=3Arhev=5Fagentd=5Ft=
=3As0 tcontext=3Dsystem=5Fu=3Aobject=5Fr=3Asysfs=5Ft=3As0 tclass=3Dfile
=3E=3E=3E=3E=3E type=3DAVC msg=3Daudit=281428510418=2E333=3A142=29=3A a=
vc=3A denied =7B open =7D for pid=3D1113 comm=3D=22ovirt-guest-age=22 na=
me=3D=22online=22 dev=3Dsysfs ino=3D23
=3E=3E=3E=3E=3E scontext=3Dsystem=5Fu=3Asystem=5Fr=3Arhev=5Fagentd=5Ft=
=3As0 tcontext=3Dsystem=5Fu=3Aobject=5Fr=3Asysfs=5Ft=3As0 tclass=3Dfile
=3E=3E=3E=3E=3E type=3DSYSCALL msg=3Daudit=281428510418=2E333=3A142=29=
=3A arch=3Dc000003e syscall=3D2 success=3Dyes exit=3D6 a0=3D7f8a655612b8 a1=
=3D80000 a2=3D2803ff a3=3D0 items=3D0 ppid=3D1
=3E=3E=3E=3E=3E pid=3D1113 auid=3D4294967295 uid=3D175 gid=3D175 euid=
=3D175 suid=3D175 fsuid=3D175 egid=3D175 sgid=3D175 fsgid=3D175 tty=3D=28no=
ne=29 ses=3D4294967295
=3E=3E=3E=3E=3E comm=3D=22ovirt-guest-age=22 exe=3D=22/usr/bin/python=
=22 subj=3Dsystem=5Fu=3Asystem=5Fr=3Arhev=5Fagentd=5Ft=3As0 key=3D=28null=
=29
=3E=3E=3E=3E=3E
=3E=3E=3E=3E=3E And when I check the rpm I see=3A
=3E=3E=3E=3E=3E
=3E=3E=3E=3E=3E rpm -qa=7Cgrep ovirt
=3E=3E=3E=3E=3E ovirt-release-el6-10=2E0=2E1-3=2Enoarch
=3E=3E=3E=3E=3E ovirt-guest-agent-1=2E0=2E8-1=2Eel6=2Enoarch
=3E=3E=3E=3E=3E
=3E=3E=3E=3E Well the latest guest agent is always available on epel for el=
5/6/7 and for fedora in the fedora repos I am not sure why it=27s not avail=
able in the
=3E=3E=3E=3E public ovirt repositories=2C however that was somehow always a=
problem with ovirt releases=2C but I recommend anyway to use epel for the=
ovirt guest
=3E=3E=3E=3E agent due to the fact that I am releasing the guest agent alwa=
ys to epel and it will get updated from there=2E
=3E=3E=3E=3E
=3E=3E=3E=3E Please also note that the repo location has changed=2E ovirt-3=
=2E5 for el6 is now here=3A http=3A//resources=2Eovirt=2Eorg/pub/ovirt-3=2E=
5/rpm/el6/
=3E=3E=3E=3E
=3E=3E=3E=3E However what I don=27t know=2C is how the 3=2E3=2E3 repository=
got installed for you=2C I am not sure that this was done by the bare =27c=
loud-init=27=2C that might
=3E=3E=3E=3E be specific to your cloud init configuration=2E
=3E=3E=3E Well that can=27t be specific=2E I completely wipe the test envir=
onment every couple weeks and just provisioned a completely fresh ovirt 3=
=2E5=2E2rc3 install=2E
=3E=3E=3E
=3E=3E=3E Normally I don=27t use cloud-init as we have foreman=2C but I was=
testing it=2E The only thing I did was=2C create new VM and checked the cl=
oud-init/sysprep
=3E=3E=3E checkbox=2E The rest oVirt did automatically=2E
=3E=3E=3E
=3E=3E=3E What I think is happening is that the CentOS 6=2E5 image in the o=
virt-image-repository glance provider is outdated=2E I used this as templat=
e for quick
=3E=3E=3E testing=2E
=3E=3E=3E
=3E=3E=3E Does anyone know who maintains these images=3F
=3E=3E Sandro=2C do you by any chance know who does=3F
=3E Nobody maintains actively the images in the glance repository=2E
=3E I raised the issue a while ago=5B1=5D and proposed as =22get involved=
=22 task to provide updated images=5B2=5D for the glance repository=2E
=3E Once new images will be available=2C Oved can upload them into the glan=
ce repository=2E
=3E
=3E =5B1=5D http=3A//lists=2Eovirt=2Eorg/pipermail/devel/2015-April/010193=
=2Ehtml
=3E =5B2=5D http=3A//lists=2Eovirt=2Eorg/pipermail/devel/2015-April/010199=
=2Ehtml
=3E
=3E
Ok=2C I will schedule some time to update them as I had been planning to
=22get involved=22 some more =3B-=29
Will upload somewhere next week=2E
Met vriendelijke groet=2C With kind regards=2C
Jorick Astrego
Netbulae Virtualization Experts=20
----------------
=09Tel=3A 053 20 30 270 =09info=40netbulae=2Eeu =09Staalsteden 4-3A =09KvK=
08198180
=09Fax=3A 053 20 30 271 =09www=2Enetbulae=2Eeu =097547 TA Enschede =09BTW=
NL821234584B01
----------------
------------MIME-2638369536-379142252-delim
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
=3Chtml=3E
=3Cbody=3E
<br>
<br>
On 04/09/2015 10:12 AM, Sandro Bonazzola wrote: <br>
<font color=3D"#000000">> Il 09/04/2015 10:03, Vinzenz Feenstra ha
scrit=
to: </font><br>
<font color=3D"#000000">>> On 04/09/2015 09:55 AM, Jorick
Astrego wro=
te: </font><br>
<font
color=3D"#000000">>>> </font><br>
<font color=3D"#000000">>>> On 04/09/2015 08:56 AM,
Vinzenz Feenst=
ra wrote: </font><br>
<font color=3D"#000000">>>>> On 04/08/2015
04:34 PM, Jorick Ast=
rego wrote: </font><br>
<font color=3D"#000000">>>>>>
Hi, </font><br>
<font color=3D"#000000">>>>>
Hi, </font><br>
<font color=3D"#000000">>>>>> Testing
3.5.2rc3, I see AVC de=
nied messages for the ovrit-guest agent (installed through cloud-init).
=
;</font><br>
<font
color=3D"#000000">>>>>> </font><br>
<font
color=3D"#000000">>>>>>
type=
=3DAVC msg=3Daudit(1428510418.333:142): avc: denied { read } fo=
r pid=3D1113 comm=3D"ovirt-guest-age"
name=3D"online&q=
uot; dev=3Dsysfs ino=3D23 </font><br>
<font
color=3D"#000000">>>>>>
sconte=
xt=3Dsystem_u:system_r:rhev_agentd_t:s0 tcontext=3Dsystem_u:object_r:sysfs_=
t:s0 tclass=3Dfile </font><br>
<font
color=3D"#000000">>>>>>
type=
=3DAVC msg=3Daudit(1428510418.333:142): avc: denied { open } fo=
r pid=3D1113 comm=3D"ovirt-guest-age"
name=3D"online&q=
uot; dev=3Dsysfs ino=3D23 </font><br>
<font
color=3D"#000000">>>>>>
sconte=
xt=3Dsystem_u:system_r:rhev_agentd_t:s0 tcontext=3Dsystem_u:object_r:sysfs_=
t:s0 tclass=3Dfile </font><br>
<font
color=3D"#000000">>>>>>
type=
=3DSYSCALL msg=3Daudit(1428510418.333:142): arch=3Dc000003e syscall=3D2 suc=
cess=3Dyes exit=3D6 a0=3D7f8a655612b8 a1=3D80000 a2=3D2803ff a3=3D0 items=
=3D0 ppid=3D1 </font><br>
<font
color=3D"#000000">>>>>>
pid=3D=
1113 auid=3D4294967295 uid=3D175 gid=3D175 euid=3D175 suid=3D175 fsuid=3D17=
5 egid=3D175 sgid=3D175 fsgid=3D175 tty=3D(none) ses=3D4294967295 </fon=
t><br>
<font
color=3D"#000000">>>>>>
comm=
=3D"ovirt-guest-age" exe=3D"/usr/bin/python"
subj=3Dsys=
tem_u:system_r:rhev_agentd_t:s0 key=3D(null) </font><br>
<font
color=3D"#000000">>>>>> </font><br>
<font color=3D"#000000">>>>>> And when
I check the rpm I see=
: </font><br>
<font
color=3D"#000000">>>>>> </font><br>
<font
color=3D"#000000">>>>>>
rpm -q=
a|grep ovirt </font><br>
<font
color=3D"#000000">>>>>>
ovirt-=
release-el6-10.0.1-3.noarch </font><br>
<font
color=3D"#000000">>>>>>
ovirt-=
guest-agent-1.0.8-1.el6.noarch </font><br>
<font
color=3D"#000000">>>>>> </font><br>
<font color=3D"#000000">>>>> Well the latest
guest agent is alw=
ays available on epel for el5/6/7 and for fedora in the fedora repos I am n=
ot sure why it's not available in the </font><br>
<font color=3D"#000000">>>>> public ovirt
repositories, however=
that was somehow always a problem with ovirt releases, but I recommend any=
way to use epel for the ovirt guest </font><br>
<font color=3D"#000000">>>>> agent due to the
fact that I am re=
leasing the guest agent always to epel and it will get updated from there.&=
#13;</font><br>
<font
color=3D"#000000">>>>> </font><br>
<font color=3D"#000000">>>>> Please also note
that the repo loc=
ation has changed. ovirt-3.5 for el6 is now here: <a href=3D"http://resourc=
es.ovirt.org/pub/ovirt-3.5/rpm/el6/">http://resources.ovirt.org/p...
.5/rpm/el6/</a> </font><br>
<font
color=3D"#000000">>>>> </font><br>
<font color=3D"#000000">>>>> However what I
don't know, is how =
the 3.3.3 repository got installed for you, I am not sure that this was don=
e by the bare 'cloud-init', that might </font><br>
<font color=3D"#000000">>>>> be specific to
your cloud init con=
figuration. </font><br>
<font color=3D"#000000">>>> Well that can't be
specific. I complet=
ely wipe the test environment every couple weeks and just provisioned a com=
pletely fresh ovirt 3.5.2rc3 install. </font><br>
<font
color=3D"#000000">>>> </font><br>
<font color=3D"#000000">>>> Normally I don't use
cloud-init as we =
have foreman, but I was testing it. The only thing I did was, create new VM=
and checked the cloud-init/sysprep </font><br>
<font color=3D"#000000">>>> checkbox. The rest oVirt
did automatic=
ally. </font><br>
<font
color=3D"#000000">>>> </font><br>
<font color=3D"#000000">>>> What I think is happening
is that the =
CentOS 6.5 image in the ovirt-image-repository glance provider is outdated.=
I used this as template for quick </font><br>
<font color=3D"#000000">>>>
testing. </font><br>
<font
color=3D"#000000">>>> </font><br>
<font color=3D"#000000">>>> Does anyone know who
maintains these i=
mages? </font><br>
<font color=3D"#000000">>> Sandro, do you by any chance know
who does=
? </font><br>
<font color=3D"#000000">> Nobody maintains actively the images in
the gl=
ance repository. </font><br>
<font color=3D"#000000">> I raised the issue a while ago[1] and
proposed=
as "get involved" task to provide updated images[2] for the glan=
ce repository. </font><br>
<font color=3D"#000000">> Once new images will be available, Oved
can up=
load them into the glance repository. </font><br>
<font color=3D"#000000">> </font><br>
<font color=3D"#000000">> [1] <a
href=3D"http://lists.ovirt.org/pipermai=
l/devel/2015-April/010193.html">http://lists.ovirt.org/pipermail/...
-April/010193.html</a> </font><br>
<font color=3D"#000000">> [2] <a
href=3D"http://lists.ovirt.org/pipermai=
l/devel/2015-April/010199.html">http://lists.ovirt.org/pipermail/...
-April/010199.html</a> </font><br>
<font color=3D"#000000">> </font><br>
<font color=3D"#000000">> </font><br>
Ok, I will schedule some time to update them as I had been planning to =
<br>
"get involved" some more ;-) <br>
<br>
Will upload somewhere next week. <br>
<br>
<br>
=
=3CBR /=3E
=3CBR /=3E
=3Cb style=3D=22color=3A=23604c78=22=3E=3C/b=3E=3Cbr=3E=3Cspan style=3D=22c=
olor=3A=23604c78=3B=22=3E=3Cfont color=3D=22000000=22=3E=3Cspan style=3D=22=
mso-fareast-language=3Aen-gb=3B=22 lang=3D=22NL=22=3EMet vriendelijke groet=
=2C With kind regards=2C=3Cbr=3E=3Cbr=3E=3C/span=3EJorick Astrego=3C/font=
=3E=3C/span=3E=3Cb style=3D=22color=3A=23604c78=22=3E=3Cbr=3E=3Cbr=3ENetbul=
ae Virtualization Experts =3C/b=3E=3Cbr=3E=3Chr style=3D=22border=3Anone=3B=
border-top=3A1px solid =23ccc=3B=22=3E=3Ctable style=3D=22width=3A 522px=22=
=3E=3Ctbody=3E=3Ctr=3E=3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px=
=22=3ETel=3A 053 20 30 270=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bf=
ont-size=3A 10px=22=3Einfo=40netbulae=2Eeu=3C/td=3E =3Ctd style=3D=22wid=
th=3A 130px=3Bfont-size=3A 10px=22=3EStaalsteden 4-3A=3C/td=3E =3Ctd sty=
le=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EKvK 08198180=3C/td=3E=3C/tr=
=3E=3Ctr=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EFax=
=3A 053 20 30 271=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size=
=3A 10px=22=3Ewww=2Enetbulae=2Eeu=3C/td=3E =3Ctd style=3D=22width=3A 130=
px=3Bfont-size=3A 10px=22=3E7547 TA Enschede=3C/td=3E =3Ctd style=3D=22w=
idth=3A 130px=3Bfont-size=3A 10px=22=3EBTW NL821234584B01=3C/td=3E=3C/tr=3E=
=3C/tbody=3E=3C/table=3E=3Cbr=3E=3Chr style=3D=22border=3Anone=3Bborder-top=
=3A1px solid =23ccc=3B=22=3E=3CBR /=3E
=3C/body=3E
=3C/html=3E
------------MIME-2638369536-379142252-delim--