On 07/27/2012 10:15 PM, Brent Bolin wrote:
I have been seeing selinux denials. I'm not sure if it was for the allinone plugin.
Should selinux be enabled or disabled?
enabled, but doesn't mean it doesn't have bugs: - try with disabled - report the denials
On Fri, Jul 27, 2012 at 1:54 PM, Yaniv Kaul <ykaul@redhat.com> wrote:
Did you look for selinux denials?
----- Original Message -----
I was not able to get this working using beta ovirt-engine-setup-plugin-allinone rpm
Used answer file as recommended on the wiki. I didn't document the exact error, but the install failed.
I did another install using F16 Installing VDSM from rpm
[ovirt-engine-3.0] name=ovirt-engine-3.0 baseurl=http://www.ovirt.org/releases/3.0/rpm/Fedora/16 enabled=1 gpgcheck=0
And then doing engine-setup
And then installing spice-xpi
Can't explain it but it's working from the F16 desktop using FF :)
On Thu, Jul 26, 2012 at 5:13 AM, Itamar Heim <iheim@redhat.com> wrote:
On 07/26/2012 01:10 PM, David Jaša wrote:
Brent Bolin píše v St 25. 07. 2012 v 13:46 -0500:
I have seen this. Can give it a try.
At this point I'm not sure if it's a problem with my configuration. Or making console connections with either vnc or spice. The ports are clearly running -
netstat -an|grep 590 tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
When using plain old kvm, virt-manager I could just simply connect using any vnc or virt-viewer or x11 virtmanager.
I'm not sure what ovirt is doing with tls etc...
As Itamar already said, it: * sets up TLS and enforces it. * sets up temporary ticket
If you want to connect to the console manually, you have to set up the ticket - on the server, follow these steps in order to achieve it (from top of my head, can contain typos): VM_UUID="$(vdsClient -s 0 list table | grep $VM_NAME | awk '{print $1}')" vdsClient -s 0 setVmTicket $VM_UUID $PASSWORD $TIMEOUT
For TLS, you'll need CA file and host subject in case of host name used on CLI not matching host name in server cert CN. Assuming you're connecting from some other computer: SUBJECT="$(ssh root@$HOST 'grep Subject: /etc/pki/vdsm/libvirt-spice/server-cert.pem' | sed -e 's/, /,/')" scp root@$HOST:/etc/pki/rhevm/ca.pem $CA_FILE remote-viewer --spice-ca-file=$CA_FILE --spice-host-subject=$SUBJECT spice://$HOST/?port=$PORT,tls-port=$SECURE_PORT # it will ask for password in pop-up window # OR you can use "good old" spicec: spicec --ca-file=$CA_FILE --host-subject=$SUBJECT -h $HOST -p $PORT -s $SECURE_PORT -w $PASSWORD
David
PS: given all the info, I guess you've run into some instance of this downstream bug: https://bugzilla.redhat.com/show_bug.cgi?id=839548
brent - this only fails user portal. are you failing from webadmin as well?
Not being able to get console access is a definite show stopper. And it shouldn't be rocket science to do it. And it should be accessible from either linux or windows clients. Does vSphere (windows only) ring a bell?
On Wed, Jul 25, 2012 at 1:09 PM, Itamar Heim <iheim@redhat.com> wrote: > > > would it be relevant for you to try the 3.1 beta? > it has this which should cover your 'all in one' needs: > http://www.ovirt.org/wiki/Feature/AllInOne > > > > On 07/25/2012 06:52 PM, Brent Bolin wrote: >> >> >> Thanks David for your reply - >> >> I have completely flushed all iptables rules 'iptables --flush" >> - >> >> iptables -L -v -n >> Chain INPUT (policy ACCEPT 1775K packets, 627M bytes) >> pkts bytes target prot opt in out source >> destination >> >> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) >> pkts bytes target prot opt in out source >> destination >> >> Chain OUTPUT (policy ACCEPT 1754K packets, 589M bytes) >> pkts bytes target prot opt in out source >> destination >> >> >> The base host is Fedora 16 running with desktop >> >> First installed vdsm and then ovirt-engine >> >> Single network bridge installed, but there is another 1GB nic >> that >> isn't >> being used - >> >> eth0 Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A >> inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:99656 errors:0 dropped:0 overruns:0 >> frame:0 >> TX packets:51508 errors:0 dropped:0 overruns:0 >> carrier:0 >> collisions:0 txqueuelen:1000 >> RX bytes:63007897 (60.0 MiB) TX bytes:18148736 >> (17.3 MiB) >> >> lo Link encap:Local Loopback >> inet addr:127.0.0.1 Mask:255.0.0.0 >> inet6 addr: ::1/128 Scope:Host >> UP LOOPBACK RUNNING MTU:16436 Metric:1 >> RX packets:1814674 errors:0 dropped:0 overruns:0 >> frame:0 >> TX packets:1814674 errors:0 dropped:0 overruns:0 >> carrier:0 >> collisions:0 txqueuelen:0 >> RX bytes:646274067 (616.3 MiB) TX bytes:646274067 >> (616.3 >> MiB) >> >> ovirtmgmt Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A >> inet addr:192.168.0.118 Bcast:192.168.0.255 >> Mask:255.255.255.0 >> inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:70706 errors:0 dropped:0 overruns:0 >> frame:0 >> TX packets:48717 errors:0 dropped:0 overruns:0 >> carrier:0 >> collisions:0 txqueuelen:0 >> RX bytes:52195637 (49.7 MiB) TX bytes:14942359 >> (14.2 MiB) >> >> vnet0 Link encap:Ethernet HWaddr FE:1A:4A:A8:00:00 >> inet6 addr: fe80::fc1a:4aff:fea8:0/64 Scope:Link >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:3 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:14 errors:0 dropped:0 overruns:1 >> carrier:0 >> collisions:0 txqueuelen:500 >> RX bytes:1299 (1.2 KiB) TX bytes:2760 (2.6 KiB) >> >> After ovirt engine is installed logged into the interface and >> configured >> the host using 127.0.0.1 . Host reboots. Host shows up in the >> admin >> interface only complaining about power management that isn't >> configured. >> >> >> Here >> >> <https://picasaweb.google.com/lh/photo/3vclaT_6d3uy2QODU6xp_zyLvDWH8k_pPWnP_LVb4fM?feat=directlink> >> >> is a screen shot of the web interface >> >> The only configuration settings I've changed are in the >> qemu.conf to >> either tls=0 or tls=1 >> >> spice-gtk-0.11-4.fc16.x86_64 >> spice-client-0.10.1-1.fc16.x86_64 >> spice-glib-0.11-4.fc16.x86_64 >> spice-gtk3-0.11-4.fc16.x86_64 >> spice-xpi-2.7-3.fc16.x86_64 >> spice-gtk-tools-0.11-4.fc16.x86_64 >> spice-server-0.10.1-1.fc16.x86_64 >> >> The link in the admin interface shows available(using FF). >> When I >> click >> it opens a spicec:0 dialog and just closes >> >> If I try to open from a shell I get things like this - >> >> Brief window open and then error - >> >> spicec -h 127.0.0.1 -p 5900 >> Warning: connect error 5 - need secured connection >> >> >> >> >> >> >> >> On Wed, Jul 25, 2012 at 10:04 AM, David Jaša <djasa@redhat.com >> <mailto:djasa@redhat.com>> wrote: >> > Hi Brent, >> > >> > first guess: have a look if your iptables setup allow >> > connection to >> the >> > qemu processes. RHEV 3.0 documentation (publicly accesible) >> > says >> that a >> > host needs these ports open: >> > port 22 for SSH, >> > ports 5634 to 6166 for guest console connections, >> > port 16514 for libvirt virtual machine migration >> > traffic, >> > ports 49152 to 49216 for VDSM virtual machine >> > migration >> traffic, >> > and >> > port 54321 for the Red Hat Enterprise >> > Virtualization >> Manager. >> > >> > If you have ovirt-engine running onu the same machine as >> > vdsm, most >> of >> > the ports don't need to be accessible from outside but >> > "guest >> console" >> > ports do. >> > >> > If it isn't iptables, please share at least: >> > * what your actual topology is (engine on the physical >> > host?) >> > * if you use some custom tls settings such as tls switched >> > off >> > * what spice client & xpi versions are you using >> > * how exactly the client failed (showed error window? with >> > what >> error? >> > just didn't launch?) >> > >> > In your email, you didn't write any debugging hints apart >> > from the >> setup >> > being single-host one... >> > >> > David >> > >> > >> > Brent Bolin píše v St 25. 07. 2012 v 09:00 -0500: >> >> About 6 months ago I asked on this list if it was possible >> >> to >> install >> >> ovirt on a single host. Thread got long and winded and >> >> lost >> interest. >> >> >> >> Started looking at the project again about two days ago. >> >> What I >> >> really didn't understand was using a base Fedora install. >> Installing >> >> vdsm and then installing ovirt engine. >> >> >> >> So everything is up. Created data center, storage, >> >> cluster, host >> and >> >> virtual machine. >> >> >> >> But I can't get there from here. I can't get console >> >> running to >> >> configure the booted install. >> >> >> >> I've tried VNC, Spice, Firefox with spice-xpi plugin. >> >> >> >> Tried tweaking, turning, touching, swearing @ >> /etc/libvirt/qemu.conf >> >> settings. tls settings. Not even sure if this is the >> >> right place >> to >> >> be checking. >> >> >> >> This is a show stopper. >> >> >> >> LSB Version: :core-4.0-amd64:core-4.0-noarch >> >> Distributor ID: Fedora >> >> Description: Fedora release 16 (Verne) >> >> Release: 16 >> >> Codename: Verne >> >> >> >> [root@ovirt # rpm -qa|grep ovirt-engine >> >> ovirt-engine-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-jbossas-1.2-2.fc16.x86_64 >> >> ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64 >> >> >> >> Any input would be appreciated >> >> _______________________________________________ >> >> Users mailing list >> >> Users@ovirt.org <mailto:Users@ovirt.org> >> >> >> http://lists.ovirt.org/mailman/listinfo/users >> > >> > -- >> > >> > David Jaša, RHCE >> > >> > SPICE QE based in Brno >> > GPG Key: 22C33E24 >> > Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 >> > 3E24 >> > >> > >> > >> >> >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >> > > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users