8:25 p.m.
Hello,
I've problems for utilization IPA Server with oVirt.
Below is the error log and corresponding access, commands and log entries.
Thanks for helping me.
********************************************************************* Ipa
Server - 10.30.0.25
LSB Version:
:base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 6.5 (Final)
Release: 6.5
Codename: Final
# rpm -qa | grep ipa
ipa-server-3.0.0-37.el6.x86_64
ipa-pki-ca-theme-9.0.3-7.el6.noarch
ipa-python-3.0.0-37.el6.x86_64
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-admintools-3.0.0-37.el6.x86_64
ipa-server-selinux-3.0.0-37.el6.x86_64
ipa-client-3.0.0-37.el6.x86_64
# dig _kerberos._tcp.din.uem.br
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>>
_kerberos._
tcp.din.uem.br
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34293
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;_kerberos._tcp.din.uem.br. IN A
;; AUTHORITY SECTION:
din.uem.br. 3600 IN SOA ns1.din.uem.br. root.din.uem.br. 2014100841 1800
900 60480 3600
;; Query time: 1 msec
;; SERVER: 186.233.152.33#53(186.233.152.33)
;; WHEN: Thu Oct 9 14:19:05 2014
;; MSG SIZE rcvd: 88
# dig _ldap._tcp.din.uem.br
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>>
_ldap._tcp.din.uem.br
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21167
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;_ldap._tcp.din.uem.br. IN A
;; AUTHORITY SECTION:
din.uem.br. 3600 IN SOA ns1.din.uem.br. root.din.uem.br. 2014100841 1800
900 60480 3600
;; Query time: 1 msec
;; SERVER: 186.233.152.33#53(186.233.152.33)
;; WHEN: Thu Oct 9 14:20:16 2014
;; MSG SIZE rcvd: 84
/var/log/dirsrv/slapd-DIN-UEM-BR/access
-------------------------------------------------------------------------------------------------------------------------
conn=3 op=210 SRCH base="dc=din,dc=uem,dc=br" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=
admin(a)DIN.UEM.BR))" attrs="krbPrincipalName krbCanonicalName
ipaKrbPrincipalAlias krbUPEnabled k
conn=3 op=210 RESULT err=0 tag=101 nentries=1 etime=0
conn=3 op=211 SRCH base="cn=DIN.UEM.BR,cn=kerberos,dc=din,dc=uem,dc=br"
scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
conn=3 op=211 RESULT err=0 tag=101 nentries=1 etime=0
conn=3 op=212 SRCH base="dc=din,dc=uem,dc=br" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/
DIN.UEM.BR(a)DIN.UEM.BR)(krbPrincipalName=krbtgt/DIN.UEM
conn=3 op=212 RESULT err=0 tag=101 nentries=1 etime=0
conn=3 op=213 SRCH
base="cn=global_policy,cn=DIN.UEM.BR,cn=kerberos,dc=din,dc=uem,dc=br"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdF
conn=3 op=213 RESULT err=0 tag=101 nentries=1 etime=0
conn=50 fd=66 slot=66 connection from 10.30.0.23 to 10.30.0.25
conn=50 op=-1 fd=66 closed error 34 (Numerical result out of range) - B2
/var/log/ovirt-engine/engine-manage-domains.log
-------------------------------------------------------------------------------------------------------------------------
2014-10-09 11:23:05,901 INFO [org.ovirt.engine.core.utils.LocalConfig]
Loaded file
"/usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.conf".
2014-10-09 11:23:05,903 INFO [org.ovirt.engine.core.utils.LocalConfig] The
file "/etc/ovirt-engine/engine.conf" doesn't exist or isn't readable.
Will
return an empty set of properties.
2014-10-09 11:23:05,904 INFO [org.ovirt.engine.core.utils.LocalConfig]
Loaded file "/etc/ovirt-engine/engine.conf.d/10-setup-database.conf".
2014-10-09 11:23:05,905 INFO [org.ovirt.engine.core.utils.LocalConfig]
Loaded file "/etc/ovirt-engine/engine.conf.d/10-setup-jboss.conf".
2014-10-09 11:23:05,906 INFO [org.ovirt.engine.core.utils.LocalConfig]
Loaded file "/etc/ovirt-engine/engine.conf.d/10-setup-pki.conf".
2014-10-09 11:23:05,907 INFO [org.ovirt.engine.core.utils.LocalConfig]
Loaded file "/etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf".
2014-10-09 11:23:05,908 INFO [org.ovirt.engine.core.utils.LocalConfig]
Loaded file "/etc/ovirt-engine/engine.conf.d/20-ovirt-engine-reports.conf".
2014-10-09 11:23:05,909 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_AJP_ENABLED" is "true".
2014-10-09 11:23:05,909 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_AJP_PORT" is "8702".
2014-10-09 11:23:05,909 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_APPS" is "engine.ear
"/var/lib/ovirt-engine-reports/ovirt-engine-reports.war"".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_CACHE" is "/var/cache/ovirt-engine".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_CHECK_INTERVAL" is "1000".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_CONNECTION_TIMEOUT" is "300000".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_DATABASE" is "engine".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_DRIVER" is "org.postgresql.Driver".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_HOST" is "localhost".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_MAX_CONNECTIONS" is "100".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_MIN_CONNECTIONS" is "1".
2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_PASSWORD" is "***".
2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_PORT" is "5432".
2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_SECURED" is "False".
2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_SECURED_VALIDATION" is "False".
2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_URL" is
"jdbc:postgresql://localhost:5432/engine?sslfactory=org.postgresql.ssl.NonValidatingFactory".
2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DB_USER" is "engine".
2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DEBUG_ADDRESS" is "".
2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_DOC" is "/usr/share/doc/ovirt-engine".
2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_ETC" is "/etc/ovirt-engine".
2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_FQDN" is "ovirtm.din.uem.br".
2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_GROUP" is "ovirt".
2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_HEAP_MAX" is "1g".
2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_HEAP_MIN" is "1g".
2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_HTTPS_ENABLED" is "false".
2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_HTTPS_PORT" is "None".
2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_HTTPS_PROTOCOLS" is
"SSLv3,TLSv1,TLSv1.1,TLSv1.2".
2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_HTTP_ENABLED" is "false".
2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_HTTP_PORT" is "None".
2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_JAVA_MODULEPATH" is
"/usr/share/ovirt-engine/modules:/var/lib/ovirt-engine-reports/modules".
2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_JVM_ARGS" is " -XX:+HeapDumpOnOutOfMemoryError
-XX:HeapDumpPath="/var/log/ovirt-engine/dump"".
2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_LOG" is "/var/log/ovirt-engine".
2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_LOG_TO_CONSOLE" is "false".
2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_MANUAL" is
"/usr/share/ovirt-engine/manual".
2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PERM_MAX" is "256m".
2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PERM_MIN" is "256m".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PKI" is "/etc/pki/ovirt-engine".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PKI_CA" is "/etc/pki/ovirt-engine/ca.pem".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PKI_ENGINE_CERT" is
"/etc/pki/ovirt-engine/certs/engine.cer".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PKI_ENGINE_STORE" is
"/etc/pki/ovirt-engine/keys/engine.p12".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PKI_ENGINE_STORE_ALIAS" is "1".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PKI_ENGINE_STORE_PASSWORD" is "***".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PKI_TRUST_STORE" is
"/etc/pki/ovirt-engine/.truststore".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PKI_TRUST_STORE_PASSWORD" is "***".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PROPERTIES" is "
jsse.enableSNIExtension=false".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PROXY_ENABLED" is "true".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PROXY_HTTPS_PORT" is "443".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_PROXY_HTTP_PORT" is "80".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_REPORTS_UI" is
"/var/lib/ovirt-engine/reports.xml".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_STOP_INTERVAL" is "1".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_STOP_TIME" is "10".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_TMP" is "/var/tmp/ovirt-engine".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_UP_MARK" is
"/var/lib/ovirt-engine/engine.up".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_URI" is "/ovirt-engine".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_USER" is "ovirt".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_USR" is "/usr/share/ovirt-engine".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_VAR" is "/var/lib/ovirt-engine".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "ENGINE_VERBOSE_GC" is "false".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "JBOSS_HOME" is "/usr/share/jboss-as".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
Value of property "SENSITIVE_KEYS" is
",ENGINE_DB_PASSWORD,ENGINE_PKI_TRUST_STORE_PASSWORD,ENGINE_PKI_ENGINE_STORE_PASSWORD".
2014-10-09 11:23:39,328 INFO [org.ovirt.engine.core.domains.ManageDomains]
Creating kerberos configuration for domain(s): din.uem.br
2014-10-09 11:23:39,357 INFO [org.ovirt.engine.core.domains.ManageDomains]
Successfully created kerberos configuration for domain(s): din.uem.br
2014-10-09 11:23:39,357 INFO [org.ovirt.engine.core.domains.ManageDomains]
Testing kerberos configuration for domain: din.uem.br
2014-10-09 11:23:39,572 ERROR
[org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck] Error:
exception message: Cannot get a KDC reply
2014-10-09 11:23:39,577 ERROR [org.ovirt.engine.core.domains.ManageDomains]
Failure while testing domain din.uem.br. Details: Kerberos error. Please
check log for further details.
********************************************************************* oVirt
Manager - 10.30.0.23
LSB Version:
:base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 6.5 (Final)
Release: 6.5
Codename: Final
# rpm -qa | grep -i ovirt
ovirt-engine-dwh-setup-3.4.0-2.el6.noarch
ovirt-engine-dwh-3.4.0-2.el6.noarch
ovirt-hosted-engine-ha-1.1.2-1.el6.noarch
ovirt-engine-setup-plugin-websocket-proxy-3.4.0-1.el6.noarch
ovirt-engine-cli-3.4.0.5-1.el6.noarch
ovirt-engine-restapi-3.4.0-1.el6.noarch
ovirt-engine-dbscripts-3.4.0-1.el6.noarch
ovirt-release-11.2.0-1.noarch
ovirt-engine-sdk-python-3.4.0.7-1.el6.noarch
ovirt-host-deploy-1.2.0-1.el6.noarch
ovirt-engine-reports-setup-3.4.0-2.el6.noarch
ovirt-engine-lib-3.4.0-1.el6.noarch
ovirt-engine-websocket-proxy-3.4.0-1.el6.noarch
ovirt-log-collector-3.4.1-1.el6.noarch
ovirt-engine-setup-plugin-ovirt-engine-common-3.4.0-1.el6.noarch
ovirt-host-deploy-java-1.2.0-1.el6.noarch
ovirt-engine-tools-3.4.0-1.el6.noarch
ovirt-engine-userportal-3.4.0-1.el6.noarch
ovirt-engine-setup-plugin-ovirt-engine-3.4.0-1.el6.noarch
ovirt-engine-backend-3.4.0-1.el6.noarch
ovirt-engine-reports-3.4.0-2.el6.noarch
ovirt-engine-setup-base-3.4.0-1.el6.noarch
ovirt-iso-uploader-3.4.0-1.el6.noarch
ovirt-image-uploader-3.4.0-1.el6.noarch
ovirt-engine-webadmin-portal-3.4.0-1.el6.noarch
ovirt-engine-setup-3.4.0-1.el6.noarch
ovirt-engine-3.4.0-1.el6.noarch
engine-manage-domains add --domain=din.uem.br --provider=ipa --user=admin
Enter password:
Error: exception message: Cannot get a KDC reply
Failure while testing domain din.uem.br. Details: Kerberos error. Please
check log for further details.
At. Donato.
--
Ao encaminhar esta mensagem, por favor:
1. Apague o meu e-mail e o meu nome.
2. Apague também os endereços dos amigos antes de reenviar
3. Use Cco ou Bcc para enviar mensagens!
Dificulte a disseminação de vírus e spam.
8:30 p.m.
Can't help you with this one, but be aware that these kind of issues are all solved in
3.5 in which we do not mix kerberos and ldap.
----- Original Message -----
From: "Marcelo Donato" <donato(a)din.uem.br>
To: users(a)ovirt.org
Sent: Thursday, October 9, 2014 8:25:34 PM
Subject: [ovirt-users] oVirt 3.4 + Ipa Server
Hello,
I've problems for utilization IPA Server with oVirt.
Below is the error log and corresponding access, commands and log entries.
Thanks for helping me.
********************************************************************* Ipa
Server - 10.30.0.25
LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 6.5 (Final)
Release: 6.5
Codename: Final
# rpm -qa | grep ipa
ipa-server-3.0.0-37.el6.x86_64
ipa-pki-ca-theme-9.0.3-7.el6.noarch
ipa-python-3.0.0-37.el6.x86_64
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-admintools-3.0.0-37.el6.x86_64
ipa-server-selinux-3.0.0-37.el6.x86_64
ipa-client-3.0.0-37.el6.x86_64
# dig _kerberos._ tcp.din.uem.br
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>>
_kerberos._
tcp.din.uem.br
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34293
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;_kerberos._ tcp.din.uem.br . IN A
;; AUTHORITY SECTION:
din.uem.br . 3600 IN SOA ns1.din.uem.br . root.din.uem.br . 2014100841 1800
900 60480 3600
;; Query time: 1 msec
;; SERVER: 186.233.152.33#53(186.233.152.33)
;; WHEN: Thu Oct 9 14:19:05 2014
;; MSG SIZE rcvd: 88
# dig _ldap._ tcp.din.uem.br
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> _ldap._
tcp.din.uem.br
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21167
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;_ldap._ tcp.din.uem.br . IN A
;; AUTHORITY SECTION:
din.uem.br . 3600 IN SOA ns1.din.uem.br . root.din.uem.br . 2014100841 1800
900 60480 3600
;; Query time: 1 msec
;; SERVER: 186.233.152.33#53(186.233.152.33)
;; WHEN: Thu Oct 9 14:20:16 2014
;; MSG SIZE rcvd: 84
/var/log/dirsrv/slapd-DIN-UEM-BR/access
-------------------------------------------------------------------------------------------------------------------------
conn=3 op=210 SRCH base="dc=din,dc=uem,dc=br" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=
admin(a)DIN.UEM.BR ))" attrs="krbPrincipalName krbCanonicalName
ipaKrbPrincipalAlias krbUPEnabled k
conn=3 op=210 RESULT err=0 tag=101 nentries=1 etime=0
conn=3 op=211 SRCH base="cn= DIN.UEM.BR ,cn=kerberos,dc=din,dc=uem,dc=br"
scope=0 filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
krbMaxRenewableAge krbTicketFlags"
conn=3 op=211 RESULT err=0 tag=101 nentries=1 etime=0
conn=3 op=212 SRCH base="dc=din,dc=uem,dc=br" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/
DIN.UEM.BR(a)DIN.UEM.BR )(krbPrincipalName=krbtgt/DIN.UEM
conn=3 op=212 RESULT err=0 tag=101 nentries=1 etime=0
conn=3 op=213 SRCH base="cn=global_policy,cn= DIN.UEM.BR
,cn=kerberos,dc=din,dc=uem,dc=br" scope=0 filter="(objectClass=*)"
attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength
krbPwdHistoryLength krbPwdMaxFailure krbPwdF
conn=3 op=213 RESULT err=0 tag=101 nentries=1 etime=0
conn=50 fd=66 slot=66 connection from 10.30.0.23 to 10.30.0.25
conn=50 op=-1 fd=66 closed error 34 (Numerical result out of range) - B2
/var/log/ovirt-engine/engine-manage-domains.log
-------------------------------------------------------------------------------------------------------------------------
2014-10-09 11:23:05,901 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded
file "/usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.conf".
2014-10-09 11:23:05,903 INFO [org.ovirt.engine.core.utils.LocalConfig] The
file "/etc/ovirt-engine/engine.conf" doesn't exist or isn't readable.
Will
return an empty set of properties.
2014-10-09 11:23:05,904 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded
file "/etc/ovirt-engine/engine.conf.d/10-setup-database.conf".
2014-10-09 11:23:05,905 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded
file "/etc/ovirt-engine/engine.conf.d/10-setup-jboss.conf".
2014-10-09 11:23:05,906 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded
file "/etc/ovirt-engine/engine.conf.d/10-setup-pki.conf".
2014-10-09 11:23:05,907 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded
file "/etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf".
2014-10-09 11:23:05,908 INFO [org.ovirt.engine.core.utils.LocalConfig] Loaded
file "/etc/ovirt-engine/engine.conf.d/20-ovirt-engine-reports.conf".
2014-10-09 11:23:05,909 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_AJP_ENABLED" is "true".
2014-10-09 11:23:05,909 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_AJP_PORT" is "8702".
2014-10-09 11:23:05,909 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_APPS" is "engine.ear
"/var/lib/ovirt-engine-reports/ovirt-engine-reports.war"".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_CACHE" is "/var/cache/ovirt-engine".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_DB_CHECK_INTERVAL" is "1000".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_DB_CONNECTION_TIMEOUT" is "300000".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_DB_DATABASE" is "engine".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_DB_DRIVER" is "org.postgresql.Driver".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_DB_HOST" is "localhost".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_DB_MAX_CONNECTIONS" is "100".
2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_DB_MIN_CONNECTIONS" is "1".
2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_DB_PASSWORD" is "***".
2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_DB_PORT" is "5432".
2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_DB_SECURED" is "False".
2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_DB_SECURED_VALIDATION" is "False".
2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_DB_URL" is
"jdbc:postgresql://localhost:5432/engine?sslfactory=org.postgresql.ssl.NonValidatingFactory".
2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_DB_USER" is "engine".
2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_DEBUG_ADDRESS" is "".
2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_DOC" is "/usr/share/doc/ovirt-engine".
2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_ETC" is "/etc/ovirt-engine".
2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_FQDN" is " ovirtm.din.uem.br ".
2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_GROUP" is "ovirt".
2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_HEAP_MAX" is "1g".
2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_HEAP_MIN" is "1g".
2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_HTTPS_ENABLED" is "false".
2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_HTTPS_PORT" is "None".
2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_HTTPS_PROTOCOLS" is
"SSLv3,TLSv1,TLSv1.1,TLSv1.2".
2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_HTTP_ENABLED" is "false".
2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_HTTP_PORT" is "None".
2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_JAVA_MODULEPATH" is
"/usr/share/ovirt-engine/modules:/var/lib/ovirt-engine-reports/modules".
2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_JVM_ARGS" is " -XX:+HeapDumpOnOutOfMemoryError
-XX:HeapDumpPath="/var/log/ovirt-engine/dump"".
2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_LOG" is "/var/log/ovirt-engine".
2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_LOG_TO_CONSOLE" is "false".
2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_MANUAL" is "/usr/share/ovirt-engine/manual".
2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_PERM_MAX" is "256m".
2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_PERM_MIN" is "256m".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_PKI" is "/etc/pki/ovirt-engine".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_PKI_CA" is "/etc/pki/ovirt-engine/ca.pem".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_PKI_ENGINE_CERT" is
"/etc/pki/ovirt-engine/certs/engine.cer".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_PKI_ENGINE_STORE" is
"/etc/pki/ovirt-engine/keys/engine.p12".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_PKI_ENGINE_STORE_ALIAS" is "1".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_PKI_ENGINE_STORE_PASSWORD" is "***".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_PKI_TRUST_STORE" is
"/etc/pki/ovirt-engine/.truststore".
2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_PKI_TRUST_STORE_PASSWORD" is "***".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_PROPERTIES" is " jsse.enableSNIExtension=false".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_PROXY_ENABLED" is "true".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_PROXY_HTTPS_PORT" is "443".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_PROXY_HTTP_PORT" is "80".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_REPORTS_UI" is
"/var/lib/ovirt-engine/reports.xml".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_STOP_INTERVAL" is "1".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_STOP_TIME" is "10".
2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_TMP" is "/var/tmp/ovirt-engine".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_UP_MARK" is "/var/lib/ovirt-engine/engine.up".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_URI" is "/ovirt-engine".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_USER" is "ovirt".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_USR" is "/usr/share/ovirt-engine".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_VAR" is "/var/lib/ovirt-engine".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "ENGINE_VERBOSE_GC" is "false".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "JBOSS_HOME" is "/usr/share/jboss-as".
2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig] Value
of property "SENSITIVE_KEYS" is
",ENGINE_DB_PASSWORD,ENGINE_PKI_TRUST_STORE_PASSWORD,ENGINE_PKI_ENGINE_STORE_PASSWORD".
2014-10-09 11:23:39,328 INFO [org.ovirt.engine.core.domains.ManageDomains]
Creating kerberos configuration for domain(s): din.uem.br
2014-10-09 11:23:39,357 INFO [org.ovirt.engine.core.domains.ManageDomains]
Successfully created kerberos configuration for domain(s): din.uem.br
2014-10-09 11:23:39,357 INFO [org.ovirt.engine.core.domains.ManageDomains]
Testing kerberos configuration for domain: din.uem.br
2014-10-09 11:23:39,572 ERROR
[org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck] Error: exception
message: Cannot get a KDC reply
2014-10-09 11:23:39,577 ERROR [org.ovirt.engine.core.domains.ManageDomains]
Failure while testing domain din.uem.br . Details: Kerberos error. Please
check log for further details.
********************************************************************* oVirt
Manager - 10.30.0.23
LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 6.5 (Final)
Release: 6.5
Codename: Final
# rpm -qa | grep -i ovirt
ovirt-engine-dwh-setup-3.4.0-2.el6.noarch
ovirt-engine-dwh-3.4.0-2.el6.noarch
ovirt-hosted-engine-ha-1.1.2-1.el6.noarch
ovirt-engine-setup-plugin-websocket-proxy-3.4.0-1.el6.noarch
ovirt-engine-cli-3.4.0.5-1.el6.noarch
ovirt-engine-restapi-3.4.0-1.el6.noarch
ovirt-engine-dbscripts-3.4.0-1.el6.noarch
ovirt-release-11.2.0-1.noarch
ovirt-engine-sdk-python-3.4.0.7-1.el6.noarch
ovirt-host-deploy-1.2.0-1.el6.noarch
ovirt-engine-reports-setup-3.4.0-2.el6.noarch
ovirt-engine-lib-3.4.0-1.el6.noarch
ovirt-engine-websocket-proxy-3.4.0-1.el6.noarch
ovirt-log-collector-3.4.1-1.el6.noarch
ovirt-engine-setup-plugin-ovirt-engine-common-3.4.0-1.el6.noarch
ovirt-host-deploy-java-1.2.0-1.el6.noarch
ovirt-engine-tools-3.4.0-1.el6.noarch
ovirt-engine-userportal-3.4.0-1.el6.noarch
ovirt-engine-setup-plugin-ovirt-engine-3.4.0-1.el6.noarch
ovirt-engine-backend-3.4.0-1.el6.noarch
ovirt-engine-reports-3.4.0-2.el6.noarch
ovirt-engine-setup-base-3.4.0-1.el6.noarch
ovirt-iso-uploader-3.4.0-1.el6.noarch
ovirt-image-uploader-3.4.0-1.el6.noarch
ovirt-engine-webadmin-portal-3.4.0-1.el6.noarch
ovirt-engine-setup-3.4.0-1.el6.noarch
ovirt-engine-3.4.0-1.el6.noarch
engine-manage-domains add --domain= din.uem.br --provider=ipa --user=admin
Enter password:
Error: exception message: Cannot get a KDC reply
Failure while testing domain din.uem.br . Details: Kerberos error. Please
check log for further details.
At. Donato.
--
Ao encaminhar esta mensagem, por favor:
1. Apague o meu e-mail e o meu nome.
2. Apague também os endereços dos amigos antes de reenviar
3. Use Cco ou Bcc para enviar mensagens!
Dificulte a disseminação de vírus e spam.
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
3:10 p.m.
----- Original Message -----
From: "Alon Bar-Lev" <alonbl(a)redhat.com>
To: "Marcelo Donato" <donato(a)din.uem.br>
Cc: users(a)ovirt.org
Sent: Thursday, October 9, 2014 8:30:47 PM
Subject: Re: [ovirt-users] oVirt 3.4 + Ipa Server
Can't help you with this one, but be aware that these kind of issues are all
solved in 3.5 in which we do not mix kerberos and ldap.
----- Original Message -----
> From: "Marcelo Donato" <donato(a)din.uem.br>
> To: users(a)ovirt.org
> Sent: Thursday, October 9, 2014 8:25:34 PM
> Subject: [ovirt-users] oVirt 3.4 + Ipa Server
>
>
> Hello,
> I've problems for utilization IPA Server with oVirt.
> Below is the error log and corresponding access, commands and log entries.
> Thanks for helping me.
> ********************************************************************* Ipa
> Server - 10.30.0.25
> LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
> Distributor ID: CentOS
> Description: CentOS release 6.5 (Final)
> Release: 6.5
> Codename: Final
> # rpm -qa | grep ipa
> ipa-server-3.0.0-37.el6.x86_64
> ipa-pki-ca-theme-9.0.3-7.el6.noarch
> ipa-python-3.0.0-37.el6.x86_64
> ipa-pki-common-theme-9.0.3-7.el6.noarch
> ipa-admintools-3.0.0-37.el6.x86_64
> ipa-server-selinux-3.0.0-37.el6.x86_64
> ipa-client-3.0.0-37.el6.x86_64
>
>
> # dig _kerberos._ tcp.din.uem.br
Shouldn't this be dig SRV _kerberos._ tcp.din.uem.br ?
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>>
_kerberos._
> tcp.din.uem.br
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34293
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;_kerberos._ tcp.din.uem.br . IN A
>
> ;; AUTHORITY SECTION:
> din.uem.br . 3600 IN SOA ns1.din.uem.br . root.din.uem.br . 2014100841 1800
> 900 60480 3600
>
> ;; Query time: 1 msec
> ;; SERVER: 186.233.152.33#53(186.233.152.33)
> ;; WHEN: Thu Oct 9 14:19:05 2014
> ;; MSG SIZE rcvd: 88
>
>
>
>
> # dig _ldap._ tcp.din.uem.br
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>>
_ldap._
> tcp.din.uem.br
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21167
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;_ldap._ tcp.din.uem.br . IN A
>
> ;; AUTHORITY SECTION:
> din.uem.br . 3600 IN SOA ns1.din.uem.br . root.din.uem.br . 2014100841 1800
> 900 60480 3600
>
> ;; Query time: 1 msec
> ;; SERVER: 186.233.152.33#53(186.233.152.33)
> ;; WHEN: Thu Oct 9 14:20:16 2014
> ;; MSG SIZE rcvd: 84
>
>
> /var/log/dirsrv/slapd-DIN-UEM-BR/access
>
-------------------------------------------------------------------------------------------------------------------------
> conn=3 op=210 SRCH base="dc=din,dc=uem,dc=br" scope=2
>
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=
> admin(a)DIN.UEM.BR ))" attrs="krbPrincipalName krbCanonicalName
> ipaKrbPrincipalAlias krbUPEnabled k
> conn=3 op=210 RESULT err=0 tag=101 nentries=1 etime=0
> conn=3 op=211 SRCH base="cn= DIN.UEM.BR ,cn=kerberos,dc=din,dc=uem,dc=br"
> scope=0 filter="(objectClass=krbticketpolicyaux)"
attrs="krbMaxTicketLife
> krbMaxRenewableAge krbTicketFlags"
> conn=3 op=211 RESULT err=0 tag=101 nentries=1 etime=0
> conn=3 op=212 SRCH base="dc=din,dc=uem,dc=br" scope=2
>
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/
> DIN.UEM.BR(a)DIN.UEM.BR )(krbPrincipalName=krbtgt/DIN.UEM
> conn=3 op=212 RESULT err=0 tag=101 nentries=1 etime=0
> conn=3 op=213 SRCH base="cn=global_policy,cn= DIN.UEM.BR
> ,cn=kerberos,dc=din,dc=uem,dc=br" scope=0 filter="(objectClass=*)"
> attrs="krbMaxPwdLife krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength
> krbPwdHistoryLength krbPwdMaxFailure krbPwdF
> conn=3 op=213 RESULT err=0 tag=101 nentries=1 etime=0
> conn=50 fd=66 slot=66 connection from 10.30.0.23 to 10.30.0.25
> conn=50 op=-1 fd=66 closed error 34 (Numerical result out of range) - B2
>
>
> /var/log/ovirt-engine/engine-manage-domains.log
>
-------------------------------------------------------------------------------------------------------------------------
> 2014-10-09 11:23:05,901 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Loaded
> file "/usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.conf".
> 2014-10-09 11:23:05,903 INFO [org.ovirt.engine.core.utils.LocalConfig] The
> file "/etc/ovirt-engine/engine.conf" doesn't exist or isn't
readable. Will
> return an empty set of properties.
> 2014-10-09 11:23:05,904 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Loaded
> file "/etc/ovirt-engine/engine.conf.d/10-setup-database.conf".
> 2014-10-09 11:23:05,905 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Loaded
> file "/etc/ovirt-engine/engine.conf.d/10-setup-jboss.conf".
> 2014-10-09 11:23:05,906 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Loaded
> file "/etc/ovirt-engine/engine.conf.d/10-setup-pki.conf".
> 2014-10-09 11:23:05,907 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Loaded
> file "/etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf".
> 2014-10-09 11:23:05,908 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Loaded
> file "/etc/ovirt-engine/engine.conf.d/20-ovirt-engine-reports.conf".
> 2014-10-09 11:23:05,909 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_AJP_ENABLED" is "true".
> 2014-10-09 11:23:05,909 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_AJP_PORT" is "8702".
> 2014-10-09 11:23:05,909 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_APPS" is "engine.ear
> "/var/lib/ovirt-engine-reports/ovirt-engine-reports.war"".
> 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_CACHE" is "/var/cache/ovirt-engine".
> 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_DB_CHECK_INTERVAL" is "1000".
> 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_DB_CONNECTION_TIMEOUT" is "300000".
> 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_DB_DATABASE" is "engine".
> 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_DB_DRIVER" is "org.postgresql.Driver".
> 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_DB_HOST" is "localhost".
> 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_DB_MAX_CONNECTIONS" is "100".
> 2014-10-09 11:23:05,910 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_DB_MIN_CONNECTIONS" is "1".
> 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_DB_PASSWORD" is "***".
> 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_DB_PORT" is "5432".
> 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_DB_SECURED" is "False".
> 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_DB_SECURED_VALIDATION" is "False".
> 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_DB_URL" is
>
"jdbc:postgresql://localhost:5432/engine?sslfactory=org.postgresql.ssl.NonValidatingFactory".
> 2014-10-09 11:23:05,911 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_DB_USER" is "engine".
> 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_DEBUG_ADDRESS" is "".
> 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_DOC" is "/usr/share/doc/ovirt-engine".
> 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_ETC" is "/etc/ovirt-engine".
> 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_FQDN" is " ovirtm.din.uem.br ".
> 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_GROUP" is "ovirt".
> 2014-10-09 11:23:05,912 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_HEAP_MAX" is "1g".
> 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_HEAP_MIN" is "1g".
> 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_HTTPS_ENABLED" is "false".
> 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_HTTPS_PORT" is "None".
> 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_HTTPS_PROTOCOLS" is
"SSLv3,TLSv1,TLSv1.1,TLSv1.2".
> 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_HTTP_ENABLED" is "false".
> 2014-10-09 11:23:05,913 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_HTTP_PORT" is "None".
> 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_JAVA_MODULEPATH" is
> "/usr/share/ovirt-engine/modules:/var/lib/ovirt-engine-reports/modules".
> 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_JVM_ARGS" is " -XX:+HeapDumpOnOutOfMemoryError
> -XX:HeapDumpPath="/var/log/ovirt-engine/dump"".
> 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_LOG" is "/var/log/ovirt-engine".
> 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_LOG_TO_CONSOLE" is "false".
> 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_MANUAL" is
"/usr/share/ovirt-engine/manual".
> 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_PERM_MAX" is "256m".
> 2014-10-09 11:23:05,914 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_PERM_MIN" is "256m".
> 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_PKI" is "/etc/pki/ovirt-engine".
> 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_PKI_CA" is "/etc/pki/ovirt-engine/ca.pem".
> 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_PKI_ENGINE_CERT" is
> "/etc/pki/ovirt-engine/certs/engine.cer".
> 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_PKI_ENGINE_STORE" is
> "/etc/pki/ovirt-engine/keys/engine.p12".
> 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_PKI_ENGINE_STORE_ALIAS" is "1".
> 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_PKI_ENGINE_STORE_PASSWORD" is "***".
> 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_PKI_TRUST_STORE" is
> "/etc/pki/ovirt-engine/.truststore".
> 2014-10-09 11:23:05,915 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_PKI_TRUST_STORE_PASSWORD" is "***".
> 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_PROPERTIES" is "
jsse.enableSNIExtension=false".
> 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_PROXY_ENABLED" is "true".
> 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_PROXY_HTTPS_PORT" is "443".
> 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_PROXY_HTTP_PORT" is "80".
> 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_REPORTS_UI" is
"/var/lib/ovirt-engine/reports.xml".
> 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_STOP_INTERVAL" is "1".
> 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_STOP_TIME" is "10".
> 2014-10-09 11:23:05,916 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_TMP" is "/var/tmp/ovirt-engine".
> 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_UP_MARK" is
"/var/lib/ovirt-engine/engine.up".
> 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_URI" is "/ovirt-engine".
> 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_USER" is "ovirt".
> 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_USR" is "/usr/share/ovirt-engine".
> 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_VAR" is "/var/lib/ovirt-engine".
> 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "ENGINE_VERBOSE_GC" is "false".
> 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "JBOSS_HOME" is "/usr/share/jboss-as".
> 2014-10-09 11:23:05,917 INFO [org.ovirt.engine.core.utils.LocalConfig]
> Value
> of property "SENSITIVE_KEYS" is
>
",ENGINE_DB_PASSWORD,ENGINE_PKI_TRUST_STORE_PASSWORD,ENGINE_PKI_ENGINE_STORE_PASSWORD".
> 2014-10-09 11:23:39,328 INFO [org.ovirt.engine.core.domains.ManageDomains]
> Creating kerberos configuration for domain(s): din.uem.br
> 2014-10-09 11:23:39,357 INFO [org.ovirt.engine.core.domains.ManageDomains]
> Successfully created kerberos configuration for domain(s): din.uem.br
> 2014-10-09 11:23:39,357 INFO [org.ovirt.engine.core.domains.ManageDomains]
> Testing kerberos configuration for domain: din.uem.br
> 2014-10-09 11:23:39,572 ERROR
> [org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck] Error: exception
> message: Cannot get a KDC reply
> 2014-10-09 11:23:39,577 ERROR [org.ovirt.engine.core.domains.ManageDomains]
> Failure while testing domain din.uem.br . Details: Kerberos error. Please
> check log for further details.
> ********************************************************************* oVirt
> Manager - 10.30.0.23
> LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
> Distributor ID: CentOS
> Description: CentOS release 6.5 (Final)
> Release: 6.5
> Codename: Final
>
>
> # rpm -qa | grep -i ovirt
>
> ovirt-engine-dwh-setup-3.4.0-2.el6.noarch
> ovirt-engine-dwh-3.4.0-2.el6.noarch
> ovirt-hosted-engine-ha-1.1.2-1.el6.noarch
> ovirt-engine-setup-plugin-websocket-proxy-3.4.0-1.el6.noarch
> ovirt-engine-cli-3.4.0.5-1.el6.noarch
> ovirt-engine-restapi-3.4.0-1.el6.noarch
> ovirt-engine-dbscripts-3.4.0-1.el6.noarch
> ovirt-release-11.2.0-1.noarch
> ovirt-engine-sdk-python-3.4.0.7-1.el6.noarch
> ovirt-host-deploy-1.2.0-1.el6.noarch
> ovirt-engine-reports-setup-3.4.0-2.el6.noarch
> ovirt-engine-lib-3.4.0-1.el6.noarch
> ovirt-engine-websocket-proxy-3.4.0-1.el6.noarch
> ovirt-log-collector-3.4.1-1.el6.noarch
> ovirt-engine-setup-plugin-ovirt-engine-common-3.4.0-1.el6.noarch
> ovirt-host-deploy-java-1.2.0-1.el6.noarch
> ovirt-engine-tools-3.4.0-1.el6.noarch
> ovirt-engine-userportal-3.4.0-1.el6.noarch
> ovirt-engine-setup-plugin-ovirt-engine-3.4.0-1.el6.noarch
> ovirt-engine-backend-3.4.0-1.el6.noarch
> ovirt-engine-reports-3.4.0-2.el6.noarch
> ovirt-engine-setup-base-3.4.0-1.el6.noarch
> ovirt-iso-uploader-3.4.0-1.el6.noarch
> ovirt-image-uploader-3.4.0-1.el6.noarch
> ovirt-engine-webadmin-portal-3.4.0-1.el6.noarch
> ovirt-engine-setup-3.4.0-1.el6.noarch
> ovirt-engine-3.4.0-1.el6.noarch
>
>
> engine-manage-domains add --domain= din.uem.br --provider=ipa --user=admin
> Enter password:
> Error: exception message: Cannot get a KDC reply
> Failure while testing domain din.uem.br . Details: Kerberos error. Please
> check log for further details.
>
>
> At. Donato.
>
>
>
>
> --
> Ao encaminhar esta mensagem, por favor:
> 1. Apague o meu e-mail e o meu nome.
> 2. Apague também os endereços dos amigos antes de reenviar
> 3. Use Cco ou Bcc para enviar mensagens!
> Dificulte a disseminação de vírus e spam.
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
3:20 p.m.
Below is result.
# dig SRV _kerberos._ tcp.din.uem.br
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> SRV
_kerberos._
tcp.din.uem.br
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55207
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;_kerberos._. IN SRV
;; AUTHORITY SECTION:
. 10668 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2014101000 1800
900 604800 86400
;; Query time: 1 msec
;; SERVER: 10.30.0.15#53(10.30.0.15)
;; WHEN: Fri Oct 10 09:15:56 2014
;; MSG SIZE rcvd: 104
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9293
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;tcp.din.uem.br. IN SRV
;; AUTHORITY SECTION:
din.uem.br. 3468 IN SOA ns2.din.uem.br. analistas.din.uem.br. 2014032613
1800 900 60480 3600
;; Query time: 0 msec
;; SERVER: 10.30.0.15#53(10.30.0.15)
;; WHEN: Fri Oct 10 09:15:56 2014
;; MSG SIZE rcvd: 82
--
Ao encaminhar esta mensagem, por favor:
1. Apague o meu e-mail e o meu nome.
2. Apague também os endereços dos amigos antes de reenviar
3. Use Cco ou Bcc para enviar mensagens!
Dificulte a disseminação de vírus e spam.
3:57 p.m.
----- Original Message -----
From: "Marcelo Donato" <donato(a)din.uem.br>
To: "Yair Zaslavsky" <yzaslavs(a)redhat.com>
Cc: "Alon Bar-Lev" <alonbl(a)redhat.com>, users(a)ovirt.org
Sent: Friday, October 10, 2014 3:20:57 PM
Subject: Re: [ovirt-users] oVirt 3.4 + Ipa Server
Below is result.
# dig SRV _kerberos._ tcp.din.uem.br
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> SRV
_kerberos._
tcp.din.uem.br
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55207
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;_kerberos._. IN SRV
;; AUTHORITY SECTION:
. 10668 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2014101000 1800
900 604800 86400
The resutlt is invalid -
I have tried it myself with an unexisting DNS entry - got the same.
You probably have some issue with your IPA setup, I'm afraid.
The result should contain answer section
; ANSWER SECTION:
_kerberos._tcp.yair.test. 600 IN SRV 0 100 88 machine1.yair.test.
_kerberos._tcp.yair.test. 600 IN SRV 0 100 88 machine2.yair.test.
Notice the number 88 - that's the default port number for kerberos.
;; Query time: 1 msec
;; SERVER: 10.30.0.15#53(10.30.0.15)
;; WHEN: Fri Oct 10 09:15:56 2014
;; MSG SIZE rcvd: 104
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9293
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;tcp.din.uem.br. IN SRV
;; AUTHORITY SECTION:
din.uem.br. 3468 IN SOA ns2.din.uem.br. analistas.din.uem.br. 2014032613
1800 900 60480 3600
;; Query time: 0 msec
;; SERVER: 10.30.0.15#53(10.30.0.15)
;; WHEN: Fri Oct 10 09:15:56 2014
;; MSG SIZE rcvd: 82
--
Ao encaminhar esta mensagem, por favor:
1. Apague o meu e-mail e o meu nome.
2. Apague também os endereços dos amigos antes de reenviar
3. Use Cco ou Bcc para enviar mensagens!
Dificulte a disseminação de vírus e spam.
7:49 p.m.
oVirt 3.4 is not possible to integrate with IPA?
--
Ao encaminhar esta mensagem, por favor:
1. Apague o meu e-mail e o meu nome.
2. Apague também os endereços dos amigos antes de reenviar
3. Use Cco ou Bcc para enviar mensagens!
Dificulte a disseminação de vírus e spam.
8:44 p.m.
I have the latest 3.4 version and it works with FreeIPA. An earlier version
did not properly populate the users sections for adding users to Ovirt.
When I rebuilt with the latest 3.4 version, I did NOT join the Ovirt host
to the domain using ipa-join tools. I only joined it using the
engine-manage-domain tools.
2014-10-13 12:49 GMT-04:00 Marcelo Donato <donato(a)din.uem.br>:
oVirt 3.4 is not possible to integrate with IPA?
--
Ao encaminhar esta mensagem, por favor:
1. Apague o meu e-mail e o meu nome.
2. Apague também os endereços dos amigos antes de reenviar
3. Use Cco ou Bcc para enviar mensagens!
Dificulte a disseminação de vírus e spam.
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
--
--
James P. Kinney III
Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
*http://heretothereideas.blogspot.com/
<http://heretothereideas.blogspot.com/>*
3:53 a.m.
Hi Jim.
oVirt + FreeIPA, I'm in trouble, can you help me?
--
Ao encaminhar esta mensagem, por favor:
1. Apague o meu e-mail e o meu nome.
2. Apague também os endereços dos amigos antes de reenviar
3. Use Cco ou Bcc para enviar mensagens!
Dificulte a disseminação de vírus e spam.
3692
days inactive
3697
days old
7 comments
4 participants
participants (4)
-
Alon Bar-Lev -
Jim Kinney -
Marcelo Donato -
Yair Zaslavsky