I have been seeing selinux denials. I'm not sure if it was for the
allinone plugin.
Should selinux be enabled or disabled?
On Fri, Jul 27, 2012 at 1:54 PM, Yaniv Kaul <ykaul(a)redhat.com> wrote:
Did you look for selinux denials?
----- Original Message -----
> I was not able to get this working using beta
> ovirt-engine-setup-plugin-allinone rpm
>
> Used answer file as recommended on the wiki. I didn't document the
> exact error, but the install failed.
>
> I did another install using F16 Installing VDSM from rpm
>
> [ovirt-engine-3.0]
> name=ovirt-engine-3.0
>
baseurl=http://www.ovirt.org/releases/3.0/rpm/Fedora/16
> enabled=1
> gpgcheck=0
>
>
> And then doing engine-setup
>
> And then installing spice-xpi
>
> Can't explain it but it's working from the F16 desktop using FF :)
>
>
>
> On Thu, Jul 26, 2012 at 5:13 AM, Itamar Heim <iheim(a)redhat.com>
> wrote:
> > On 07/26/2012 01:10 PM, David Jaša wrote:
> >>
> >> Brent Bolin píše v St 25. 07. 2012 v 13:46 -0500:
> >>>
> >>> I have seen this. Can give it a try.
> >>>
> >>> At this point I'm not sure if it's a problem with my
> >>> configuration.
> >>> Or making console connections with either vnc or spice. The
> >>> ports are
> >>> clearly running -
> >>>
> >>> netstat -an|grep 590
> >>> tcp 0 0 0.0.0.0:5900 0.0.0.0:*
> >>> LISTEN
> >>> tcp 0 0 0.0.0.0:5901 0.0.0.0:*
> >>> LISTEN
> >>>
> >>>
> >>> When using plain old kvm, virt-manager I could just simply
> >>> connect
> >>> using any vnc or virt-viewer or x11 virtmanager.
> >>>
> >>> I'm not sure what ovirt is doing with tls etc...
> >>>
> >>
> >> As Itamar already said, it:
> >> * sets up TLS and enforces it.
> >> * sets up temporary ticket
> >>
> >> If you want to connect to the console manually, you have to set up
> >> the
> >> ticket - on the server, follow these steps in order to achieve it
> >> (from
> >> top of my head, can contain typos):
> >> VM_UUID="$(vdsClient -s 0 list table | grep $VM_NAME | awk '{print
> >> $1}')"
> >> vdsClient -s 0 setVmTicket $VM_UUID $PASSWORD $TIMEOUT
> >>
> >> For TLS, you'll need CA file and host subject in case of host name
> >> used
> >> on CLI not matching host name in server cert CN. Assuming you're
> >> connecting from some other computer:
> >> SUBJECT="$(ssh root@$HOST 'grep Subject:
> >> /etc/pki/vdsm/libvirt-spice/server-cert.pem' | sed -e 's/,
/,/')"
> >> scp root@$HOST:/etc/pki/rhevm/ca.pem $CA_FILE
> >> remote-viewer --spice-ca-file=$CA_FILE
> >> --spice-host-subject=$SUBJECT
> >> spice://$HOST/?port=$PORT,tls-port=$SECURE_PORT
> >> # it will ask for password in pop-up window
> >> # OR you can use "good old" spicec:
> >> spicec --ca-file=$CA_FILE --host-subject=$SUBJECT -h $HOST -p
> >> $PORT -s
> >> $SECURE_PORT -w $PASSWORD
> >>
> >> David
> >>
> >> PS: given all the info, I guess you've run into some instance of
> >> this
> >> downstream bug:
https://bugzilla.redhat.com/show_bug.cgi?id=839548
> >
> >
> > brent - this only fails user portal. are you failing from webadmin
> > as well?
> >
> >
> >>
> >>
> >>> Not being able to get console access is a definite show stopper.
> >>> And
> >>> it shouldn't be rocket science to do it. And it should be
> >>> accessible
> >>> from either linux or windows clients. Does vSphere (windows
> >>> only)
> >>> ring a bell?
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> On Wed, Jul 25, 2012 at 1:09 PM, Itamar Heim <iheim(a)redhat.com>
> >>> wrote:
> >>>>
> >>>>
> >>>> would it be relevant for you to try the 3.1 beta?
> >>>> it has this which should cover your 'all in one' needs:
> >>>>
http://www.ovirt.org/wiki/Feature/AllInOne
> >>>>
> >>>>
> >>>>
> >>>> On 07/25/2012 06:52 PM, Brent Bolin wrote:
> >>>>>
> >>>>>
> >>>>> Thanks David for your reply -
> >>>>>
> >>>>> I have completely flushed all iptables rules 'iptables
--flush"
> >>>>> -
> >>>>>
> >>>>> iptables -L -v -n
> >>>>> Chain INPUT (policy ACCEPT 1775K packets, 627M bytes)
> >>>>> pkts bytes target prot opt in out source
> >>>>> destination
> >>>>>
> >>>>> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
> >>>>> pkts bytes target prot opt in out source
> >>>>> destination
> >>>>>
> >>>>> Chain OUTPUT (policy ACCEPT 1754K packets, 589M bytes)
> >>>>> pkts bytes target prot opt in out source
> >>>>> destination
> >>>>>
> >>>>>
> >>>>> The base host is Fedora 16 running with desktop
> >>>>>
> >>>>> First installed vdsm and then ovirt-engine
> >>>>>
> >>>>> Single network bridge installed, but there is another 1GB nic
> >>>>> that
> >>>>> isn't
> >>>>> being used -
> >>>>>
> >>>>> eth0 Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A
> >>>>> inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link
> >>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> >>>>> RX packets:99656 errors:0 dropped:0 overruns:0
> >>>>> frame:0
> >>>>> TX packets:51508 errors:0 dropped:0 overruns:0
> >>>>> carrier:0
> >>>>> collisions:0 txqueuelen:1000
> >>>>> RX bytes:63007897 (60.0 MiB) TX bytes:18148736
> >>>>> (17.3 MiB)
> >>>>>
> >>>>> lo Link encap:Local Loopback
> >>>>> inet addr:127.0.0.1 Mask:255.0.0.0
> >>>>> inet6 addr: ::1/128 Scope:Host
> >>>>> UP LOOPBACK RUNNING MTU:16436 Metric:1
> >>>>> RX packets:1814674 errors:0 dropped:0 overruns:0
> >>>>> frame:0
> >>>>> TX packets:1814674 errors:0 dropped:0 overruns:0
> >>>>> carrier:0
> >>>>> collisions:0 txqueuelen:0
> >>>>> RX bytes:646274067 (616.3 MiB) TX bytes:646274067
> >>>>> (616.3
> >>>>> MiB)
> >>>>>
> >>>>> ovirtmgmt Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A
> >>>>> inet addr:192.168.0.118 Bcast:192.168.0.255
> >>>>> Mask:255.255.255.0
> >>>>> inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link
> >>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> >>>>> RX packets:70706 errors:0 dropped:0 overruns:0
> >>>>> frame:0
> >>>>> TX packets:48717 errors:0 dropped:0 overruns:0
> >>>>> carrier:0
> >>>>> collisions:0 txqueuelen:0
> >>>>> RX bytes:52195637 (49.7 MiB) TX bytes:14942359
> >>>>> (14.2 MiB)
> >>>>>
> >>>>> vnet0 Link encap:Ethernet HWaddr FE:1A:4A:A8:00:00
> >>>>> inet6 addr: fe80::fc1a:4aff:fea8:0/64 Scope:Link
> >>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> >>>>> RX packets:3 errors:0 dropped:0 overruns:0 frame:0
> >>>>> TX packets:14 errors:0 dropped:0 overruns:1
> >>>>> carrier:0
> >>>>> collisions:0 txqueuelen:500
> >>>>> RX bytes:1299 (1.2 KiB) TX bytes:2760 (2.6 KiB)
> >>>>>
> >>>>> After ovirt engine is installed logged into the interface and
> >>>>> configured
> >>>>> the host using 127.0.0.1 . Host reboots. Host shows up in the
> >>>>> admin
> >>>>> interface only complaining about power management that
isn't
> >>>>> configured.
> >>>>>
> >>>>>
> >>>>> Here
> >>>>>
> >>>>>
<
https://picasaweb.google.com/lh/photo/3vclaT_6d3uy2QODU6xp_zyLvDWH8k_pPWn...
> >>>>>
> >>>>> is a screen shot of the web interface
> >>>>>
> >>>>> The only configuration settings I've changed are in the
> >>>>> qemu.conf to
> >>>>> either tls=0 or tls=1
> >>>>>
> >>>>> spice-gtk-0.11-4.fc16.x86_64
> >>>>> spice-client-0.10.1-1.fc16.x86_64
> >>>>> spice-glib-0.11-4.fc16.x86_64
> >>>>> spice-gtk3-0.11-4.fc16.x86_64
> >>>>> spice-xpi-2.7-3.fc16.x86_64
> >>>>> spice-gtk-tools-0.11-4.fc16.x86_64
> >>>>> spice-server-0.10.1-1.fc16.x86_64
> >>>>>
> >>>>> The link in the admin interface shows available(using FF).
> >>>>> When I
> >>>>> click
> >>>>> it opens a spicec:0 dialog and just closes
> >>>>>
> >>>>> If I try to open from a shell I get things like this -
> >>>>>
> >>>>> Brief window open and then error -
> >>>>>
> >>>>> spicec -h 127.0.0.1 -p 5900
> >>>>> Warning: connect error 5 - need secured connection
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> On Wed, Jul 25, 2012 at 10:04 AM, David Jaša
<djasa(a)redhat.com
> >>>>> <mailto:djasa@redhat.com>> wrote:
> >>>>> > Hi Brent,
> >>>>> >
> >>>>> > first guess: have a look if your iptables setup allow
> >>>>> > connection to
> >>>>> the
> >>>>> > qemu processes. RHEV 3.0 documentation (publicly
accesible)
> >>>>> > says
> >>>>> that a
> >>>>> > host needs these ports open:
> >>>>> > port 22 for SSH,
> >>>>> > ports 5634 to 6166 for guest console
connections,
> >>>>> > port 16514 for libvirt virtual machine migration
> >>>>> > traffic,
> >>>>> > ports 49152 to 49216 for VDSM virtual machine
> >>>>> > migration
> >>>>> traffic,
> >>>>> > and
> >>>>> > port 54321 for the Red Hat Enterprise
> >>>>> > Virtualization
> >>>>> Manager.
> >>>>> >
> >>>>> > If you have ovirt-engine running onu the same machine as
> >>>>> > vdsm, most
> >>>>> of
> >>>>> > the ports don't need to be accessible from outside
but
> >>>>> > "guest
> >>>>> console"
> >>>>> > ports do.
> >>>>> >
> >>>>> > If it isn't iptables, please share at least:
> >>>>> > * what your actual topology is (engine on the physical
> >>>>> > host?)
> >>>>> > * if you use some custom tls settings such as tls
switched
> >>>>> > off
> >>>>> > * what spice client & xpi versions are you using
> >>>>> > * how exactly the client failed (showed error window?
with
> >>>>> > what
> >>>>> error?
> >>>>> > just didn't launch?)
> >>>>> >
> >>>>> > In your email, you didn't write any debugging hints
apart
> >>>>> > from the
> >>>>> setup
> >>>>> > being single-host one...
> >>>>> >
> >>>>> > David
> >>>>> >
> >>>>> >
> >>>>> > Brent Bolin píše v St 25. 07. 2012 v 09:00 -0500:
> >>>>> >> About 6 months ago I asked on this list if it was
possible
> >>>>> >> to
> >>>>> install
> >>>>> >> ovirt on a single host. Thread got long and winded
and
> >>>>> >> lost
> >>>>> interest.
> >>>>> >>
> >>>>> >> Started looking at the project again about two days
ago.
> >>>>> >> What I
> >>>>> >> really didn't understand was using a base Fedora
install.
> >>>>> Installing
> >>>>> >> vdsm and then installing ovirt engine.
> >>>>> >>
> >>>>> >> So everything is up. Created data center, storage,
> >>>>> >> cluster, host
> >>>>> and
> >>>>> >> virtual machine.
> >>>>> >>
> >>>>> >> But I can't get there from here. I can't get
console
> >>>>> >> running to
> >>>>> >> configure the booted install.
> >>>>> >>
> >>>>> >> I've tried VNC, Spice, Firefox with spice-xpi
plugin.
> >>>>> >>
> >>>>> >> Tried tweaking, turning, touching, swearing @
> >>>>> /etc/libvirt/qemu.conf
> >>>>> >> settings. tls settings. Not even sure if this is
the
> >>>>> >> right place
> >>>>> to
> >>>>> >> be checking.
> >>>>> >>
> >>>>> >> This is a show stopper.
> >>>>> >>
> >>>>> >> LSB Version: :core-4.0-amd64:core-4.0-noarch
> >>>>> >> Distributor ID: Fedora
> >>>>> >> Description: Fedora release 16 (Verne)
> >>>>> >> Release: 16
> >>>>> >> Codename: Verne
> >>>>> >>
> >>>>> >> [root@ovirt # rpm -qa|grep ovirt-engine
> >>>>> >> ovirt-engine-3.0.0_0001-1.6.fc16.x86_64
> >>>>> >>
ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64
> >>>>> >> ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64
> >>>>> >> ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64
> >>>>> >>
ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64
> >>>>> >> ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64
> >>>>> >> ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64
> >>>>> >> ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64
> >>>>> >> ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64
> >>>>> >> ovirt-engine-jbossas-1.2-2.fc16.x86_64
> >>>>> >> ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64
> >>>>> >> ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64
> >>>>> >> ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64
> >>>>> >> ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64
> >>>>> >>
ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64
> >>>>> >>
> >>>>> >> Any input would be appreciated
> >>>>> >> _______________________________________________
> >>>>> >> Users mailing list
> >>>>> >> Users(a)ovirt.org <mailto:Users@ovirt.org>
> >>>>>
> >>>>> >>
http://lists.ovirt.org/mailman/listinfo/users
> >>>>> >
> >>>>> > --
> >>>>> >
> >>>>> > David Jaša, RHCE
> >>>>> >
> >>>>> > SPICE QE based in Brno
> >>>>> > GPG Key: 22C33E24
> >>>>> > Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00
22C3
> >>>>> > 3E24
> >>>>> >
> >>>>> >
> >>>>> >
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> Users mailing list
> >>>>> Users(a)ovirt.org
> >>>>>
http://lists.ovirt.org/mailman/listinfo/users
> >>>>>
> >>>>
> >>>>
> >>> _______________________________________________
> >>> Users mailing list
> >>> Users(a)ovirt.org
> >>>
http://lists.ovirt.org/mailman/listinfo/users
> >>
> >>
> >
> >
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
>
http://lists.ovirt.org/mailman/listinfo/users
>