From lhornyak at redhat.com Thu Nov 1 08:43:14 2012 From: lhornyak at redhat.com (Laszlo Hornyak) Date: Thu, 1 Nov 2012 04:43:14 -0400 (EDT) Subject: [Engine-devel] operation mode In-Reply-To: <1468143136.2780490.1351759294726.JavaMail.root@redhat.com> Message-ID: <1153605388.2785506.1351759394992.JavaMail.root@redhat.com> Hi, I have just run into this. Vm's have an OperationMode attribute, it can be FullVirtualized or ParaVirtualized. It appears the attribute does not play in any decision, not sent to vdsm. Can it be removed or anyone need it? thx, Laszlo From lhornyak at redhat.com Thu Nov 1 08:57:33 2012 From: lhornyak at redhat.com (Laszlo Hornyak) Date: Thu, 1 Nov 2012 04:57:33 -0400 (EDT) Subject: [Engine-devel] operation mode In-Reply-To: <1153605388.2785506.1351759394992.JavaMail.root@redhat.com> Message-ID: <1105967946.2803136.1351760253765.JavaMail.root@redhat.com> The same question applies to HypervisorType, since only KVM is supported. ----- Original Message ----- > From: "Laszlo Hornyak" > To: "engine-devel" > Sent: Thursday, November 1, 2012 9:43:14 AM > Subject: [Engine-devel] operation mode > > Hi, > > I have just run into this. Vm's have an OperationMode attribute, it > can be FullVirtualized or ParaVirtualized. It appears the attribute > does not play in any decision, not sent to vdsm. Can it be removed > or anyone need it? > > thx, > Laszlo > _______________________________________________ > Engine-devel mailing list > Engine-devel at ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel > From shaohef at linux.vnet.ibm.com Thu Nov 1 09:23:49 2012 From: shaohef at linux.vnet.ibm.com (Sheldon) Date: Thu, 01 Nov 2012 17:23:49 +0800 Subject: [Engine-devel] [help]how to get the CA certificate when uploader ISO In-Reply-To: <50912982.5000606@redhat.com> References: <508FA5CB.8040504@linux.vnet.ibm.com> <508FA70D.1010802@redhat.com> <508FB647.9020002@linux.vnet.ibm.com> <508FC373.8080901@redhat.com> <5090B9D7.8050302@linux.vnet.ibm.com> <50912982.5000606@redhat.com> Message-ID: <50923FA5.3080903@linux.vnet.ibm.com> On 10/31/2012 09:37 PM, Keith Robertson wrote: > On 10/31/2012 01:40 AM, Sheldon wrote: >> I make a domain name "ISO", Domain type is ISO, Storage Type is NFS, >> Format is V1 >> >> $ sudo engine-iso-uploader -v --iso-domain=ISO upload >> Fedora-17-x86_64-DVD.iso >> [sudo] password for ovirt: >> Please provide the REST API username for oVirt Engine (CTRL+D to >> abort): admin at internal >> Please provide the REST API password for the admin at internal oVirt >> Engine user (CTRL+D to abort): >> ERROR: Problem connecting to the REST API. Is the service available >> and does the CA certificate exist? >> ERROR: 'NoneType' object is not iterable >> INFO: Use the -h option to see usage. > > Just to be clear the error in [1] is simply a symptom. It isn't the > root cause. The root cause is quite possibly the CA certificate. > > I have created a patch in [2] that I'd appreciate if you could test as > it will provide more debugging information about why the API creation > is failing. Simply follow the steps in [3] > > Cheers, > Keith > > [1] ERROR: 'NoneType' object is not iterable > [2] http://gerrit.ovirt.org/8954 > [3] > Step 1: git clone http://gerrit.ovirt.org/p/ovirt-iso-uploader.git > Step 2: Cherry pick the patch... > git fetch git://gerrit.ovirt.org/ovirt-iso-uploader > refs/changes/54/8954/2 && git cherry-pick FETCH_HEAD > Step 3: export APP_VERSION=3.0.0; export APP_RELEASE=1 > Step 4: cd ovirt-iso-uploader > Step 5: make > Step 6: Notice the ovirt-iso-uploader*.rpm location in the STDOUT > Step 7: yum install /path/to/ovirt-iso-uploader*.rpm still error. but different debug info. $ sudo engine-iso-uploader -v --iso-domain=ISO upload RHEL6.3-20120531.0-Server-x86_64-DVD1.iso Please provide the REST API username for oVirt Engine (CTRL+D to abort): admin at internal Please provide the REST API password for the admin at internal oVirt Engine user (CTRL+D to abort): DEBUG: url(https://localhost:443/api) DEBUG: user(admin at internal) DEBUG: ca(/etc/pki/ovirt-engine/ca.pem) DEBUG: insecure(False) ERROR: Problem connecting to the REST API. Is the service available and does the CA certificate exist? Error: [ERROR]::oVirt API connection failure, [Errno 111] Connection refused DEBUG: Unable to get host and path information from API. -- Sheldon Feng(???) IBM Linux Technology Center -------------- next part -------------- An HTML attachment was scrubbed... URL: From kroberts at redhat.com Thu Nov 1 13:52:19 2012 From: kroberts at redhat.com (Keith Robertson) Date: Thu, 01 Nov 2012 09:52:19 -0400 Subject: [Engine-devel] [help]how to get the CA certificate when uploader ISO In-Reply-To: <50923FA5.3080903@linux.vnet.ibm.com> References: <508FA5CB.8040504@linux.vnet.ibm.com> <508FA70D.1010802@redhat.com> <508FB647.9020002@linux.vnet.ibm.com> <508FC373.8080901@redhat.com> <5090B9D7.8050302@linux.vnet.ibm.com> <50912982.5000606@redhat.com> <50923FA5.3080903@linux.vnet.ibm.com> Message-ID: <50927E93.7060307@redhat.com> On 11/01/2012 05:23 AM, Sheldon wrote: > On 10/31/2012 09:37 PM, Keith Robertson wrote: >> On 10/31/2012 01:40 AM, Sheldon wrote: >>> I make a domain name "ISO", Domain type is ISO, Storage Type is NFS, >>> Format is V1 >>> >>> $ sudo engine-iso-uploader -v --iso-domain=ISO upload >>> Fedora-17-x86_64-DVD.iso >>> [sudo] password for ovirt: >>> Please provide the REST API username for oVirt Engine (CTRL+D to >>> abort): admin at internal >>> Please provide the REST API password for the admin at internal oVirt >>> Engine user (CTRL+D to abort): >>> ERROR: Problem connecting to the REST API. Is the service available >>> and does the CA certificate exist? >>> ERROR: 'NoneType' object is not iterable >>> INFO: Use the -h option to see usage. >> >> Just to be clear the error in [1] is simply a symptom. It isn't the >> root cause. The root cause is quite possibly the CA certificate. >> >> I have created a patch in [2] that I'd appreciate if you could test >> as it will provide more debugging information about why the API >> creation is failing. Simply follow the steps in [3] >> >> Cheers, >> Keith >> >> [1] ERROR: 'NoneType' object is not iterable >> [2] http://gerrit.ovirt.org/8954 >> [3] >> Step 1: git clone http://gerrit.ovirt.org/p/ovirt-iso-uploader.git >> Step 2: Cherry pick the patch... >> git fetch git://gerrit.ovirt.org/ovirt-iso-uploader >> refs/changes/54/8954/2 && git cherry-pick FETCH_HEAD >> Step 3: export APP_VERSION=3.0.0; export APP_RELEASE=1 >> Step 4: cd ovirt-iso-uploader >> Step 5: make >> Step 6: Notice the ovirt-iso-uploader*.rpm location in the STDOUT >> Step 7: yum install /path/to/ovirt-iso-uploader*.rpm > > still error. but different debug info. Yes. The patch adds additional debug info. > > $ sudo engine-iso-uploader -v --iso-domain=ISO upload > RHEL6.3-20120531.0-Server-x86_64-DVD1.iso > Please provide the REST API username for oVirt Engine (CTRL+D to > abort): admin at internal > Please provide the REST API password for the admin at internal oVirt > Engine user (CTRL+D to abort): > DEBUG: url(https://localhost:443/api) > DEBUG: user(admin at internal) > DEBUG: ca(/etc/pki/ovirt-engine/ca.pem) > DEBUG: insecure(False) > ERROR: Problem connecting to the REST API. Is the service available > and does the CA certificate exist? Error: [ERROR]::oVirt API > connection failure, Now we're getting to the good stuff as you can see that you are getting a connection refused. Questions for you: 1) Are you *certain* that 'https://localhost:443/api' is accessible from the local system, that it is the address of your oVirt engine, and is not being blocked by a FW? Easy test on the local box point your browser at that url. 2) Are you certain that the CA is valid? To verify this you will need to issue a 'curl' statement and supply the CA. Example: curl -v -k -u $USER:$PASS --cacert /etc/pki/ovirt-engine/ca.pem -X GET -H 'Accept: application/xml' 'https://localhost:443/api/api/vms > [Errno 111] Connection refused > DEBUG: Unable to get host and path information from API. > > > -- > Sheldon Feng(???) > IBM Linux Technology Center -------------- next part -------------- An HTML attachment was scrubbed... URL: From iheim at redhat.com Thu Nov 1 18:35:27 2012 From: iheim at redhat.com (Itamar Heim) Date: Thu, 01 Nov 2012 20:35:27 +0200 Subject: [Engine-devel] operation mode In-Reply-To: <1153605388.2785506.1351759394992.JavaMail.root@redhat.com> References: <1153605388.2785506.1351759394992.JavaMail.root@redhat.com> Message-ID: <5092C0EF.6010704@redhat.com> On 11/01/2012 10:43 AM, Laszlo Hornyak wrote: > Hi, > > I have just run into this. Vm's have an OperationMode attribute, it can be FullVirtualized or ParaVirtuaized. It appears the attribute does not play in any decision, not sent to vdsm. Can it be removed or anyone need it? wow, that's old... iirc, back in 2007, some cases required to boot with qemu instead of kvm (some real mode stuff (ghost?)) i think can be removed... > > thx, > Laszlo > _______________________________________________ > Engine-devel mailing list > Engine-devel at ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel > From iheim at redhat.com Thu Nov 1 19:16:48 2012 From: iheim at redhat.com (Itamar Heim) Date: Thu, 01 Nov 2012 21:16:48 +0200 Subject: [Engine-devel] operation mode In-Reply-To: <1105967946.2803136.1351760253765.JavaMail.root@redhat.com> References: <1105967946.2803136.1351760253765.JavaMail.root@redhat.com> Message-ID: <5092CAA0.6070202@redhat.com> On 11/01/2012 10:57 AM, Laszlo Hornyak wrote: > The same question applies to HypervisorType, since only KVM is supported. I think this one is worth a bit more thinking before removing actually, but if you remove it in a single patch, easy enough to revert should we want to add something like this back (and the enum is far from all that needs to be done anyway for such a thing) > > ----- Original Message ----- >> From: "Laszlo Hornyak" >> To: "engine-devel" >> Sent: Thursday, November 1, 2012 9:43:14 AM >> Subject: [Engine-devel] operation mode >> >> Hi, >> >> I have just run into this. Vm's have an OperationMode attribute, it >> can be FullVirtualized or ParaVirtualized. It appears the attribute >> does not play in any decision, not sent to vdsm. Can it be removed >> or anyone need it? >> >> thx, >> Laszlo >> _______________________________________________ >> Engine-devel mailing list >> Engine-devel at ovirt.org >> http://lists.ovirt.org/mailman/listinfo/engine-devel >> > _______________________________________________ > Engine-devel mailing list > Engine-devel at ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel > From lhornyak at redhat.com Thu Nov 1 21:07:00 2012 From: lhornyak at redhat.com (Laszlo Hornyak) Date: Thu, 1 Nov 2012 17:07:00 -0400 (EDT) Subject: [Engine-devel] operation mode In-Reply-To: <5092C0EF.6010704@redhat.com> Message-ID: <2114390018.3246777.1351804020272.JavaMail.root@redhat.com> ----- Original Message ----- > From: "Itamar Heim" > To: "Laszlo Hornyak" > Cc: "engine-devel" > Sent: Thursday, November 1, 2012 7:35:27 PM > Subject: Re: [Engine-devel] operation mode > > On 11/01/2012 10:43 AM, Laszlo Hornyak wrote: > > Hi, > > > > I have just run into this. Vm's have an OperationMode attribute, it > > can be FullVirtualized or ParaVirtuaized. It appears the attribute > > does not play in any decision, not sent > to vdsm. Can it be removed or anyone need it? > > wow, that's old... > iirc, back in 2007, some cases required to boot with qemu instead of > kvm > (some real mode stuff (ghost?)) > > i think can be removed... http://gerrit.ovirt.org/8986 > > > > > thx, > > Laszlo > > _______________________________________________ > > Engine-devel mailing list > > Engine-devel at ovirt.org > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > > > > From lhornyak at redhat.com Thu Nov 1 21:13:12 2012 From: lhornyak at redhat.com (Laszlo Hornyak) Date: Thu, 1 Nov 2012 17:13:12 -0400 (EDT) Subject: [Engine-devel] operation mode In-Reply-To: <5092CAA0.6070202@redhat.com> Message-ID: <638216585.3248344.1351804392348.JavaMail.root@redhat.com> ----- Original Message ----- > From: "Itamar Heim" > To: "Laszlo Hornyak" > Cc: "engine-devel" > Sent: Thursday, November 1, 2012 8:16:48 PM > Subject: Re: [Engine-devel] operation mode > > On 11/01/2012 10:57 AM, Laszlo Hornyak wrote: > > The same question applies to HypervisorType, since only KVM is > > supported. > > I think this one is worth a bit more thinking before removing > actually, > but if you remove it in a single patch, easy enough to revert should > we > want to add something like this back (and the enum is far from all > that > needs to be done anyway for such a thing) Do you plan to support hypervisors other than qemu+kvm? > > > > > ----- Original Message ----- > >> From: "Laszlo Hornyak" > >> To: "engine-devel" > >> Sent: Thursday, November 1, 2012 9:43:14 AM > >> Subject: [Engine-devel] operation mode > >> > >> Hi, > >> > >> I have just run into this. Vm's have an OperationMode attribute, > >> it > >> can be FullVirtualized or ParaVirtualized. It appears the > >> attribute > >> does not play in any decision, not sent to vdsm. Can it be removed > >> or anyone need it? > >> > >> thx, > >> Laszlo > >> _______________________________________________ > >> Engine-devel mailing list > >> Engine-devel at ovirt.org > >> http://lists.ovirt.org/mailman/listinfo/engine-devel > >> > > _______________________________________________ > > Engine-devel mailing list > > Engine-devel at ovirt.org > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > > > > From lhornyak at redhat.com Thu Nov 1 21:33:30 2012 From: lhornyak at redhat.com (Laszlo Hornyak) Date: Thu, 1 Nov 2012 17:33:30 -0400 (EDT) Subject: [Engine-devel] ovirt on wikipedia In-Reply-To: <5090DBA7.6090808@redhat.com> Message-ID: <1598090670.3255913.1351805610056.JavaMail.root@redhat.com> ----- Original Message ----- > From: "Yaniv Kaul" > To: "Laszlo Hornyak" > Cc: "engine-devel" > Sent: Wednesday, October 31, 2012 9:04:55 AM > Subject: Re: [Engine-devel] ovirt on wikipedia > > On 10/29/2012 05:40 PM, Laszlo Hornyak wrote: > > Hi, > > > > http://en.wikipedia.org/wiki/OVirt > > At the moment there are OVirt pages in english, russian and > > hungarian. > > Any volunteers to write czech, hebrew, german, spanish, catalan? - > > just to mention the languages some ovirt-developers speak :-) > > > > Laszlo > > _______________________________________________ > > Engine-devel mailing list > > Engine-devel at ovirt.org > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > While I could have translated it to Hebrew, I thought it might be > more > productive to beef-up the English content. > I've added information on networking, frontends and API. Once I get > how > to edit with table of contents, I'll split to: > release history > components > features For the hungarian page I broke it down to - history - components - storage - console protocols - references (release notes, blog, wiki) and indeed some content is missing there :) Btw, is there a logo that could be uploaded? I guess the ASL license is good enough for wikipedia, but it would need some editing. The one on the stickers would be probably better. > > Y. > > From mpastern at redhat.com Fri Nov 2 06:49:08 2012 From: mpastern at redhat.com (Michael Pasternak) Date: Fri, 02 Nov 2012 08:49:08 +0200 Subject: [Engine-devel] ovirt-sdk 3.2.0.3 released Message-ID: <50936CE4.5080007@redhat.com> For more details see [1]. [1] http://wiki.ovirt.org/wiki/SDK#Change_Log -- Michael Pasternak RedHat, ENG-Virtualization R&D From mpastern at redhat.com Fri Nov 2 06:56:03 2012 From: mpastern at redhat.com (Michael Pasternak) Date: Fri, 02 Nov 2012 08:56:03 +0200 Subject: [Engine-devel] ovirt-cli 3.2.0.6 released In-Reply-To: <50936CE4.5080007@redhat.com> References: <50936CE4.5080007@redhat.com> Message-ID: <50936E83.3050105@redhat.com> For more details see [1]. [1] http://wiki.ovirt.org/wiki/CLI#Change_Log -- Michael Pasternak RedHat, ENG-Virtualization R&D From mpastern at redhat.com Fri Nov 2 07:44:40 2012 From: mpastern at redhat.com (Michael Pasternak) Date: Fri, 02 Nov 2012 09:44:40 +0200 Subject: [Engine-devel] ovirt-sdk at pypi Message-ID: <509379E8.8040803@redhat.com> >From now on latest ovirt-sdk will be available at pypi, for more details see [1]. [1] http://wiki.ovirt.org/wiki/SDK#pypi -- Michael Pasternak RedHat, ENG-Virtualization R&D From mpastern at redhat.com Fri Nov 2 07:44:49 2012 From: mpastern at redhat.com (Michael Pasternak) Date: Fri, 02 Nov 2012 09:44:49 +0200 Subject: [Engine-devel] ovirt-cli at pypi Message-ID: <509379F1.5000801@redhat.com> >From now on latest ovirt-cli will be available at pypi, for more details see [1]. [1] http://wiki.ovirt.org/wiki/CLI#pypi -- Michael Pasternak RedHat, ENG-Virtualization R&D From shaohef at linux.vnet.ibm.com Fri Nov 2 08:01:00 2012 From: shaohef at linux.vnet.ibm.com (Sheldon) Date: Fri, 02 Nov 2012 16:01:00 +0800 Subject: [Engine-devel] [help]how to get the CA certificate when uploader ISO In-Reply-To: <50927E93.7060307@redhat.com> References: <508FA5CB.8040504@linux.vnet.ibm.com> <508FA70D.1010802@redhat.com> <508FB647.9020002@linux.vnet.ibm.com> <508FC373.8080901@redhat.com> <5090B9D7.8050302@linux.vnet.ibm.com> <50912982.5000606@redhat.com> <50923FA5.3080903@linux.vnet.ibm.com> <50927E93.7060307@redhat.com> Message-ID: <50937DBC.3040109@linux.vnet.ibm.com> On 11/01/2012 09:52 PM, Keith Robertson wrote: > On 11/01/2012 05:23 AM, Sheldon wrote: >> On 10/31/2012 09:37 PM, Keith Robertson wrote: >>> On 10/31/2012 01:40 AM, Sheldon wrote: >>>> I make a domain name "ISO", Domain type is ISO, Storage Type is >>>> NFS, Format is V1 >>>> >>>> $ sudo engine-iso-uploader -v --iso-domain=ISO upload >>>> Fedora-17-x86_64-DVD.iso >>>> [sudo] password for ovirt: >>>> Please provide the REST API username for oVirt Engine (CTRL+D to >>>> abort): admin at internal >>>> Please provide the REST API password for the admin at internal oVirt >>>> Engine user (CTRL+D to abort): >>>> ERROR: Problem connecting to the REST API. Is the service >>>> available and does the CA certificate exist? >>>> ERROR: 'NoneType' object is not iterable >>>> INFO: Use the -h option to see usage. >>> >>> Just to be clear the error in [1] is simply a symptom. It isn't the >>> root cause. The root cause is quite possibly the CA certificate. >>> >>> I have created a patch in [2] that I'd appreciate if you could test >>> as it will provide more debugging information about why the API >>> creation is failing. Simply follow the steps in [3] >>> >>> Cheers, >>> Keith >>> >>> [1] ERROR: 'NoneType' object is not iterable >>> [2] http://gerrit.ovirt.org/8954 >>> [3] >>> Step 1: git clone http://gerrit.ovirt.org/p/ovirt-iso-uploader.git >>> Step 2: Cherry pick the patch... >>> git fetch git://gerrit.ovirt.org/ovirt-iso-uploader >>> refs/changes/54/8954/2 && git cherry-pick FETCH_HEAD >>> Step 3: export APP_VERSION=3.0.0; export APP_RELEASE=1 >>> Step 4: cd ovirt-iso-uploader >>> Step 5: make >>> Step 6: Notice the ovirt-iso-uploader*.rpm location in the STDOUT >>> Step 7: yum install /path/to/ovirt-iso-uploader*.rpm >> >> still error. but different debug info. > Yes. The patch adds additional debug info. >> >> $ sudo engine-iso-uploader -v --iso-domain=ISO upload >> RHEL6.3-20120531.0-Server-x86_64-DVD1.iso >> Please provide the REST API username for oVirt Engine (CTRL+D to >> abort): admin at internal >> Please provide the REST API password for the admin at internal oVirt >> Engine user (CTRL+D to abort): >> DEBUG: url(https://localhost:443/api) >> DEBUG: user(admin at internal) >> DEBUG: ca(/etc/pki/ovirt-engine/ca.pem) >> DEBUG: insecure(False) >> ERROR: Problem connecting to the REST API. Is the service available >> and does the CA certificate exist? Error: [ERROR]::oVirt API >> connection failure, > Now we're getting to the good stuff as you can see that you are > getting a connection refused. Questions for you: > > 1) Are you *certain* that 'https://localhost:443/api' is accessible > from the local system, that it is the address of your oVirt engine, > and is not being blocked by a FW? Easy test on the local box point > your browser at that url. I have edited the tls port, it is not 443. It is 4301. I can access https://localhost:4301/api' > > 2) Are you certain that the CA is valid? To verify this you will need > to issue a 'curl' statement and supply the CA. Example: > curl -v -k -u $USER:$PASS --cacert /etc/pki/ovirt-engine/ca.pem -X > GET -H 'Accept: application/xml' 'https://localhost:443/api/api/vms also: $ curl -v -k -u admin at internal:letmein! --cacert /etc/pki/ovirt-engine/ca.pem -X GET -H 'Accept: application/xml' 'https://localhost:4301/api/vms' is ok and I designate the tls port, now it can work. $ sudo engine-iso-uploader -rlocalhost:4301 -v --iso-domain=ISO upload Fedora-17-x86_64-DVD.iso Thank you. >> [Errno 111] Connection refused >> DEBUG: Unable to get host and path information from API. >> >> >> -- >> Sheldon Feng(???) >> IBM Linux Technology Center > -- Sheldon Feng(???) IBM Linux Technology Center -------------- next part -------------- An HTML attachment was scrubbed... URL: From asegurap at redhat.com Fri Nov 2 09:27:50 2012 From: asegurap at redhat.com (Antoni Segura Puimedon) Date: Fri, 2 Nov 2012 05:27:50 -0400 (EDT) Subject: [Engine-devel] ovirt-sdk at pypi In-Reply-To: <509379E8.8040803@redhat.com> Message-ID: <589674525.6895023.1351848470859.JavaMail.root@redhat.com> Great Michael! I will update the wiki part I did the other day for different distros. ----- Original Message ----- > From: "Michael Pasternak" > To: "engine-devel" > Cc: users at ovirt.org > Sent: Friday, November 2, 2012 8:44:40 AM > Subject: [Engine-devel] ovirt-sdk at pypi > > From now on latest ovirt-sdk will be available at pypi, > for more details see [1]. > > [1] http://wiki.ovirt.org/wiki/SDK#pypi > > -- > > Michael Pasternak > RedHat, ENG-Virtualization R&D > _______________________________________________ > Engine-devel mailing list > Engine-devel at ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel > From iheim at redhat.com Fri Nov 2 09:52:44 2012 From: iheim at redhat.com (Itamar Heim) Date: Fri, 02 Nov 2012 11:52:44 +0200 Subject: [Engine-devel] [help]how to get the CA certificate when uploader ISO In-Reply-To: <50937DBC.3040109@linux.vnet.ibm.com> References: <508FA5CB.8040504@linux.vnet.ibm.com> <508FA70D.1010802@redhat.com> <508FB647.9020002@linux.vnet.ibm.com> <508FC373.8080901@redhat.com> <5090B9D7.8050302@linux.vnet.ibm.com> <50912982.5000606@redhat.com> <50923FA5.3080903@linux.vnet.ibm.com> <50927E93.7060307@redhat.com> <50937DBC.3040109@linux.vnet.ibm.com> Message-ID: <509397EC.9000209@redhat.com> On 11/02/2012 10:01 AM, Sheldon wrote: > On 11/01/2012 09:52 PM, Keith Robertson wrote: >> On 11/01/2012 05:23 AM, Sheldon wrote: >>> On 10/31/2012 09:37 PM, Keith Robertson wrote: >>>> On 10/31/2012 01:40 AM, Sheldon wrote: >>>>> I make a domain name "ISO", Domain type is ISO, Storage Type is >>>>> NFS, Format is V1 >>>>> >>>>> $ sudo engine-iso-uploader -v --iso-domain=ISO upload >>>>> Fedora-17-x86_64-DVD.iso >>>>> [sudo] password for ovirt: >>>>> Please provide the REST API username for oVirt Engine (CTRL+D to >>>>> abort): admin at internal >>>>> Please provide the REST API password for the admin at internal oVirt >>>>> Engine user (CTRL+D to abort): >>>>> ERROR: Problem connecting to the REST API. Is the service >>>>> available and does the CA certificate exist? >>>>> ERROR: 'NoneType' object is not iterable >>>>> INFO: Use the -h option to see usage. >>>> >>>> Just to be clear the error in [1] is simply a symptom. It isn't the >>>> root cause. The root cause is quite possibly the CA certificate. >>>> >>>> I have created a patch in [2] that I'd appreciate if you could test >>>> as it will provide more debugging information about why the API >>>> creation is failing. Simply follow the steps in [3] >>>> >>>> Cheers, >>>> Keith >>>> >>>> [1] ERROR: 'NoneType' object is not iterable >>>> [2] http://gerrit.ovirt.org/8954 >>>> [3] >>>> Step 1: git clone http://gerrit.ovirt.org/p/ovirt-iso-uploader.git >>>> Step 2: Cherry pick the patch... >>>> git fetch git://gerrit.ovirt.org/ovirt-iso-uploader >>>> refs/changes/54/8954/2 && git cherry-pick FETCH_HEAD >>>> Step 3: export APP_VERSION=3.0.0; export APP_RELEASE=1 >>>> Step 4: cd ovirt-iso-uploader >>>> Step 5: make >>>> Step 6: Notice the ovirt-iso-uploader*.rpm location in the STDOUT >>>> Step 7: yum install /path/to/ovirt-iso-uploader*.rpm >>> >>> still error. but different debug info. >> Yes. The patch adds additional debug info. >>> >>> $ sudo engine-iso-uploader -v --iso-domain=ISO upload >>> RHEL6.3-20120531.0-Server-x86_64-DVD1.iso >>> Please provide the REST API username for oVirt Engine (CTRL+D to >>> abort): admin at internal >>> Please provide the REST API password for the admin at internal oVirt >>> Engine user (CTRL+D to abort): >>> DEBUG: url(https://localhost:443/api) >>> DEBUG: user(admin at internal) >>> DEBUG: ca(/etc/pki/ovirt-engine/ca.pem) >>> DEBUG: insecure(False) >>> ERROR: Problem connecting to the REST API. Is the service available >>> and does the CA certificate exist? Error: [ERROR]::oVirt API >>> connection failure, >> Now we're getting to the good stuff as you can see that you are >> getting a connection refused. Questions for you: >> >> 1) Are you *certain* that 'https://localhost:443/api' is accessible >> from the local system, that it is the address of your oVirt engine, >> and is not being blocked by a FW? Easy test on the local box point >> your browser at that url. > I have edited the tls port, it is not 443. It is 4301. > I can access https://localhost:4301/api' >> >> 2) Are you certain that the CA is valid? To verify this you will need >> to issue a 'curl' statement and supply the CA. Example: >> curl -v -k -u $USER:$PASS --cacert /etc/pki/ovirt-engine/ca.pem -X >> GET -H 'Accept: application/xml' 'https://localhost:443/api/api/vms > also: > $ curl -v -k -u admin at internal:letmein! --cacert > /etc/pki/ovirt-engine/ca.pem -X GET -H 'Accept: application/xml' > 'https://localhost:4301/api/vms' > is ok > > and I designate the tls port, now it can work. > $ sudo engine-iso-uploader -rlocalhost:4301 -v --iso-domain=ISO upload > Fedora-17-x86_64-DVD.iso > > Thank you. not sure how common are non-default ports. i guess on a local run, the tool can get these parameters from the engine config, but that's won't work for a remote run. From lhornyak at redhat.com Fri Nov 2 10:18:41 2012 From: lhornyak at redhat.com (Laszlo Hornyak) Date: Fri, 2 Nov 2012 06:18:41 -0400 (EDT) Subject: [Engine-devel] eclipse juno vs gwt In-Reply-To: <1990229886.3463319.1351851256712.JavaMail.root@redhat.com> Message-ID: <1160690454.3463590.1351851521226.JavaMail.root@redhat.com> Hi, Just noticed that eclipse juno is adding @Ovewrride annotations to methods that are actually overriding something, like in many cases clone and equals methods in some of the classes. This is fine for the java compiler, but it in some cases the GWT compiler is not going to accept this annotation. E.g. if the return type is different than the method with same name in the superclass. Juno is doing this by default without asking, when saving the file. So be extra-careful when editing java classes if they are shared with GWT Laszlo From kroberts at redhat.com Fri Nov 2 11:02:28 2012 From: kroberts at redhat.com (Keith Robertson) Date: Fri, 02 Nov 2012 07:02:28 -0400 Subject: [Engine-devel] [help]how to get the CA certificate when uploader ISO In-Reply-To: <50937DBC.3040109@linux.vnet.ibm.com> References: <508FA5CB.8040504@linux.vnet.ibm.com> <508FA70D.1010802@redhat.com> <508FB647.9020002@linux.vnet.ibm.com> <508FC373.8080901@redhat.com> <5090B9D7.8050302@linux.vnet.ibm.com> <50912982.5000606@redhat.com> <50923FA5.3080903@linux.vnet.ibm.com> <50927E93.7060307@redhat.com> <50937DBC.3040109@linux.vnet.ibm.com> Message-ID: <5093A844.1040005@redhat.com> On 11/02/2012 04:01 AM, Sheldon wrote: > On 11/01/2012 09:52 PM, Keith Robertson wrote: >> On 11/01/2012 05:23 AM, Sheldon wrote: >>> On 10/31/2012 09:37 PM, Keith Robertson wrote: >>>> On 10/31/2012 01:40 AM, Sheldon wrote: >>>>> I make a domain name "ISO", Domain type is ISO, Storage Type is >>>>> NFS, Format is V1 >>>>> >>>>> $ sudo engine-iso-uploader -v --iso-domain=ISO upload >>>>> Fedora-17-x86_64-DVD.iso >>>>> [sudo] password for ovirt: >>>>> Please provide the REST API username for oVirt Engine (CTRL+D to >>>>> abort): admin at internal >>>>> Please provide the REST API password for the admin at internal oVirt >>>>> Engine user (CTRL+D to abort): >>>>> ERROR: Problem connecting to the REST API. Is the service >>>>> available and does the CA certificate exist? >>>>> ERROR: 'NoneType' object is not iterable >>>>> INFO: Use the -h option to see usage. >>>> >>>> Just to be clear the error in [1] is simply a symptom. It isn't >>>> the root cause. The root cause is quite possibly the CA certificate. >>>> >>>> I have created a patch in [2] that I'd appreciate if you could test >>>> as it will provide more debugging information about why the API >>>> creation is failing. Simply follow the steps in [3] >>>> >>>> Cheers, >>>> Keith >>>> >>>> [1] ERROR: 'NoneType' object is not iterable >>>> [2] http://gerrit.ovirt.org/8954 >>>> [3] >>>> Step 1: git clone http://gerrit.ovirt.org/p/ovirt-iso-uploader.git >>>> Step 2: Cherry pick the patch... >>>> git fetch git://gerrit.ovirt.org/ovirt-iso-uploader >>>> refs/changes/54/8954/2 && git cherry-pick FETCH_HEAD >>>> Step 3: export APP_VERSION=3.0.0; export APP_RELEASE=1 >>>> Step 4: cd ovirt-iso-uploader >>>> Step 5: make >>>> Step 6: Notice the ovirt-iso-uploader*.rpm location in the STDOUT >>>> Step 7: yum install /path/to/ovirt-iso-uploader*.rpm >>> >>> still error. but different debug info. >> Yes. The patch adds additional debug info. >>> >>> $ sudo engine-iso-uploader -v --iso-domain=ISO upload >>> RHEL6.3-20120531.0-Server-x86_64-DVD1.iso >>> Please provide the REST API username for oVirt Engine (CTRL+D to >>> abort): admin at internal >>> Please provide the REST API password for the admin at internal oVirt >>> Engine user (CTRL+D to abort): >>> DEBUG: url(https://localhost:443/api) >>> DEBUG: user(admin at internal) >>> DEBUG: ca(/etc/pki/ovirt-engine/ca.pem) >>> DEBUG: insecure(False) >>> ERROR: Problem connecting to the REST API. Is the service available >>> and does the CA certificate exist? Error: [ERROR]::oVirt API >>> connection failure, >> Now we're getting to the good stuff as you can see that you are >> getting a connection refused. Questions for you: >> >> 1) Are you *certain* that 'https://localhost:443/api' is accessible >> from the local system, that it is the address of your oVirt engine, >> and is not being blocked by a FW? Easy test on the local box point >> your browser at that url. > I have edited the tls port, it is not 443. It is 4301. OK, here *here* is the problem. The ISO Uploader has been configured to use 'localhost:443' while you have customized it to 'localhost:4301'. You need to edit /etc/ovirt-engine/logcollector.conf and set the variable that tells the uploader which host/port combination to use. Note: The other 2 tools will have similar issues (ie. Log Collector and Image Uploader) and, they each have conf files in /etc/ovirt-engine. > I can access https://localhost:4301/api' >> >> 2) Are you certain that the CA is valid? To verify this you will >> need to issue a 'curl' statement and supply the CA. Example: >> curl -v -k -u $USER:$PASS --cacert /etc/pki/ovirt-engine/ca.pem -X >> GET -H 'Accept: application/xml' 'https://localhost:443/api/api/vms > also: > $ curl -v -k -u admin at internal:letmein! --cacert > /etc/pki/ovirt-engine/ca.pem -X GET -H 'Accept: application/xml' > 'https://localhost:4301/api/vms' > is ok > > and I designate the tls port, now it can work. > $ sudo engine-iso-uploader -rlocalhost:4301 -v --iso-domain=ISO upload > Fedora-17-x86_64-DVD.iso > > Thank you. >>> [Errno 111] Connection refused >>> DEBUG: Unable to get host and path information from API. >>> >>> >>> -- >>> Sheldon Feng(???) >>> IBM Linux Technology Center >> > > > -- > Sheldon Feng(???) > IBM Linux Technology Center -------------- next part -------------- An HTML attachment was scrubbed... URL: From jhernand at redhat.com Fri Nov 2 13:42:10 2012 From: jhernand at redhat.com (Juan Hernandez) Date: Fri, 02 Nov 2012 14:42:10 +0100 Subject: [Engine-devel] Time to bump version to 3.2.0? Message-ID: <5093CDB2.8010208@redhat.com> I think that it is time to bump the version number in the POMs and in the RPM spec to 3.2.0: http://gerrit.ovirt.org/8993 In general I think that we should do this immediately after each release, bumping to the next expected version number. Thoughts? -- Direcci?n Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3?D, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid ? C.I.F. B82657941 - Red Hat S.L. From lhornyak at redhat.com Fri Nov 2 13:54:53 2012 From: lhornyak at redhat.com (Laszlo Hornyak) Date: Fri, 2 Nov 2012 09:54:53 -0400 (EDT) Subject: [Engine-devel] Time to bump version to 3.2.0? In-Reply-To: <5093CDB2.8010208@redhat.com> Message-ID: <363958346.3631462.1351864493355.JavaMail.root@redhat.com> Hi Juan, I think it is time to correct the version, but I was always wondering why we do not use the -SNAPSHOT versioning the maven developers designed? I think once we start pushing artifacts to public repositories, it will be a pain to have released version in our pom files. I think frontend and backend plugin developers will need this. http://www.sonatype.com/books/mvnref-book/reference/pom-relationships-sect-pom-syntax.html Laszlo ----- Original Message ----- > From: "Juan Hernandez" > To: engine-devel at ovirt.org > Sent: Friday, November 2, 2012 2:42:10 PM > Subject: [Engine-devel] Time to bump version to 3.2.0? > > I think that it is time to bump the version number in the POMs and in > the RPM spec to 3.2.0: > > http://gerrit.ovirt.org/8993 > > In general I think that we should do this immediately after each > release, bumping to the next expected version number. > > Thoughts? > -- > Direcci?n Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta > 3?D, 28016 Madrid, Spain > Inscrita en el Reg. Mercantil de Madrid ? C.I.F. B82657941 - Red Hat > S.L. > _______________________________________________ > Engine-devel mailing list > Engine-devel at ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel > From jhernand at redhat.com Fri Nov 2 14:47:09 2012 From: jhernand at redhat.com (Juan Hernandez) Date: Fri, 02 Nov 2012 15:47:09 +0100 Subject: [Engine-devel] Time to bump version to 3.2.0? In-Reply-To: <363958346.3631462.1351864493355.JavaMail.root@redhat.com> References: <363958346.3631462.1351864493355.JavaMail.root@redhat.com> Message-ID: <5093DCED.4040600@redhat.com> On 11/02/2012 02:54 PM, Laszlo Hornyak wrote: > Hi Juan, > > I think it is time to correct the version, but I was always wondering why we do not use the -SNAPSHOT versioning the maven developers designed? I think once we start pushing artifacts to public repositories, it will be a pain to have released version in our pom files. I think frontend and backend plugin developers will need this. > > http://www.sonatype.com/books/mvnref-book/reference/pom-relationships-sect-pom-syntax.html Well, I don't have anything against that, but it will break some of the things that we currently do in the Makefile. We deploy artifacts to a local temporary directory during the build process, and we expect them to be named "whatever-3.2.0.jar". If we use the SNAPSHOT capability then they will be named "whatever-3.2.0-20121102.143802-1.jar" and that breaks our build. I prefer not to touch the Makefile at this point, but I am open to fix it and use SNAPSHOT in the future. > ----- Original Message ----- >> From: "Juan Hernandez" >> To: engine-devel at ovirt.org >> Sent: Friday, November 2, 2012 2:42:10 PM >> Subject: [Engine-devel] Time to bump version to 3.2.0? >> >> I think that it is time to bump the version number in the POMs and in >> the RPM spec to 3.2.0: >> >> http://gerrit.ovirt.org/8993 >> >> In general I think that we should do this immediately after each >> release, bumping to the next expected version number. >> >> Thoughts? >> -- >> Direcci?n Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta >> 3?D, 28016 Madrid, Spain >> Inscrita en el Reg. Mercantil de Madrid ? C.I.F. B82657941 - Red Hat >> S.L. >> _______________________________________________ >> Engine-devel mailing list >> Engine-devel at ovirt.org >> http://lists.ovirt.org/mailman/listinfo/engine-devel >> > _______________________________________________ > Engine-devel mailing list > Engine-devel at ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel > -- Direcci?n Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3?D, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid ? C.I.F. B82657941 - Red Hat S.L. From Christopher.Morrissey at netapp.com Fri Nov 2 22:40:59 2012 From: Christopher.Morrissey at netapp.com (Morrissey, Christopher) Date: Fri, 2 Nov 2012 22:40:59 +0000 Subject: [Engine-devel] eclipse juno vs gwt In-Reply-To: <1160690454.3463590.1351851521226.JavaMail.root@redhat.com> References: <1990229886.3463319.1351851256712.JavaMail.root@redhat.com> <1160690454.3463590.1351851521226.JavaMail.root@redhat.com> Message-ID: Hi Laszlo, I have several methods that define the @Override annotation and return something different from the super class. I haven't had any problems compiling them in GWT. The return value does extend from the return value of the super class, although this is a requirement in Java as well so I'm not sure where the difference is. -Chris -----Original Message----- From: engine-devel-bounces at ovirt.org [mailto:engine-devel-bounces at ovirt.org] On Behalf Of Laszlo Hornyak Sent: Friday, November 02, 2012 6:19 AM To: engine-devel Subject: [Engine-devel] eclipse juno vs gwt Hi, Just noticed that eclipse juno is adding @Ovewrride annotations to methods that are actually overriding something, like in many cases clone and equals methods in some of the classes. This is fine for the java compiler, but it in some cases the GWT compiler is not going to accept this annotation. E.g. if the return type is different than the method with same name in the superclass. Juno is doing this by default without asking, when saving the file. So be extra-careful when editing java classes if they are shared with GWT Laszlo _______________________________________________ Engine-devel mailing list Engine-devel at ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel From Christopher.Morrissey at netapp.com Fri Nov 2 22:43:23 2012 From: Christopher.Morrissey at netapp.com (Morrissey, Christopher) Date: Fri, 2 Nov 2012 22:43:23 +0000 Subject: [Engine-devel] eclipse juno vs gwt References: <1990229886.3463319.1351851256712.JavaMail.root@redhat.com> <1160690454.3463590.1351851521226.JavaMail.root@redhat.com> Message-ID: Sorry to follow up my own question, but can you give some specific cases where this would be a problem? Thanks! -Chris -----Original Message----- From: Morrissey, Christopher Sent: Friday, November 02, 2012 6:41 PM To: 'Laszlo Hornyak'; engine-devel Subject: RE: [Engine-devel] eclipse juno vs gwt Hi Laszlo, I have several methods that define the @Override annotation and return something different from the super class. I haven't had any problems compiling them in GWT. The return value does extend from the return value of the super class, although this is a requirement in Java as well so I'm not sure where the difference is. -Chris -----Original Message----- From: engine-devel-bounces at ovirt.org [mailto:engine-devel-bounces at ovirt.org] On Behalf Of Laszlo Hornyak Sent: Friday, November 02, 2012 6:19 AM To: engine-devel Subject: [Engine-devel] eclipse juno vs gwt Hi, Just noticed that eclipse juno is adding @Ovewrride annotations to methods that are actually overriding something, like in many cases clone and equals methods in some of the classes. This is fine for the java compiler, but it in some cases the GWT compiler is not going to accept this annotation. E.g. if the return type is different than the method with same name in the superclass. Juno is doing this by default without asking, when saving the file. So be extra-careful when editing java classes if they are shared with GWT Laszlo _______________________________________________ Engine-devel mailing list Engine-devel at ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel From msalem at redhat.com Sun Nov 4 07:01:04 2012 From: msalem at redhat.com (Muli Salem) Date: Sun, 4 Nov 2012 02:01:04 -0500 (EST) Subject: [Engine-devel] ovirt on wikipedia In-Reply-To: <165147602.449665.1351525228071.JavaMail.root@redhat.com> Message-ID: <983612.80.1352012082301.JavaMail.msalem@dhcp-1-23.tlv.redhat.com> Hi all, Will take care of the Hebrew part. Although I would love to help more, I still need to work on my Spanish :) Muli ----- Original Message ----- From: "Laszlo Hornyak" To: "engine-devel" Sent: Monday, 29 October, 2012 5:40:28 PM Subject: [Engine-devel] ovirt on wikipedia Hi, http://en.wikipedia.org/wiki/OVirt At the moment there are OVirt pages in english, russian and hungarian. Any volunteers to write czech, hebrew, german, spanish, catalan? - just to mention the languages some ovirt-developers speak :-) Laszlo _______________________________________________ Engine-devel mailing list Engine-devel at ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel From mpastern at redhat.com Sun Nov 4 08:12:05 2012 From: mpastern at redhat.com (Michael Pasternak) Date: Sun, 04 Nov 2012 10:12:05 +0200 Subject: [Engine-devel] ovirt-sdk at pypi In-Reply-To: <2001787234.6895372.1351848581473.JavaMail.root@redhat.com> References: <2001787234.6895372.1351848581473.JavaMail.root@redhat.com> Message-ID: <50962355.6060503@redhat.com> Hi Toni, do: 1. nics = api.hosts.get(name=xxx).nics 2. nics_arr = nics.list() (change nics_arr as you need, according to __doc__, also see [1]) 3. my_nics = params.HostNics(host_nic=[nics_arr[0],nics_arr[1],...]) or my_nics = params.HostNics(host_nic=nics_arr) 4. nics.setupnetworks(action=params.Action(host_nics=my_nics)) [1] http://wiki.ovirt.org/wiki/SDK#Development_tips On 11/02/2012 11:29 AM, Antoni Segura Puimedon wrote: > Hi Michael, > > One question though, I would like to use the setupNetworks command > and the docstring says that I should use params (ovirtsdk.xml.params) > and inside those ivars. I don't know how or were these ivars are to > be used. Could you point me where I should look at or, alternatively, > give me an example? > > Thanks a lot for this nice api. > > Best, > > Toni > > ----- Original Message ----- >> From: "Michael Pasternak" >> To: "engine-devel" >> Cc: users at ovirt.org >> Sent: Friday, November 2, 2012 8:44:40 AM >> Subject: [Engine-devel] ovirt-sdk at pypi >> >> From now on latest ovirt-sdk will be available at pypi, >> for more details see [1]. >> >> [1] http://wiki.ovirt.org/wiki/SDK#pypi >> >> -- >> >> Michael Pasternak >> RedHat, ENG-Virtualization R&D >> _______________________________________________ >> Engine-devel mailing list >> Engine-devel at ovirt.org >> http://lists.ovirt.org/mailman/listinfo/engine-devel >> -- Michael Pasternak RedHat, ENG-Virtualization R&D From asegurap at redhat.com Sun Nov 4 09:50:13 2012 From: asegurap at redhat.com (Antoni Segura Puimedon) Date: Sun, 4 Nov 2012 04:50:13 -0500 (EST) Subject: [Engine-devel] ovirt-sdk at pypi In-Reply-To: <50962355.6060503@redhat.com> Message-ID: <53206607.7070405.1352022613524.JavaMail.root@redhat.com> Thanks! ----- Original Message ----- > From: "Michael Pasternak" > To: "Antoni Segura Puimedon" > Cc: "engine-devel" > Sent: Sunday, November 4, 2012 9:12:05 AM > Subject: Re: [Engine-devel] ovirt-sdk at pypi > > > > Hi Toni, > > do: > > 1. nics = api.hosts.get(name=xxx).nics > 2. nics_arr = nics.list() > (change nics_arr as you need, according to __doc__, also see [1]) > 3. my_nics = params.HostNics(host_nic=[nics_arr[0],nics_arr[1],...]) > or > my_nics = params.HostNics(host_nic=nics_arr) > 4. nics.setupnetworks(action=params.Action(host_nics=my_nics)) > > [1] http://wiki.ovirt.org/wiki/SDK#Development_tips > > On 11/02/2012 11:29 AM, Antoni Segura Puimedon wrote: > > Hi Michael, > > > > One question though, I would like to use the setupNetworks command > > and the docstring says that I should use params > > (ovirtsdk.xml.params) > > and inside those ivars. I don't know how or were these ivars are to > > be used. Could you point me where I should look at or, > > alternatively, > > give me an example? > > > > Thanks a lot for this nice api. > > > > Best, > > > > Toni > > > > ----- Original Message ----- > >> From: "Michael Pasternak" > >> To: "engine-devel" > >> Cc: users at ovirt.org > >> Sent: Friday, November 2, 2012 8:44:40 AM > >> Subject: [Engine-devel] ovirt-sdk at pypi > >> > >> From now on latest ovirt-sdk will be available at pypi, > >> for more details see [1]. > >> > >> [1] http://wiki.ovirt.org/wiki/SDK#pypi > >> > >> -- > >> > >> Michael Pasternak > >> RedHat, ENG-Virtualization R&D > >> _______________________________________________ > >> Engine-devel mailing list > >> Engine-devel at ovirt.org > >> http://lists.ovirt.org/mailman/listinfo/engine-devel > >> > > > -- > > Michael Pasternak > RedHat, ENG-Virtualization R&D > From msalem at redhat.com Sun Nov 4 17:17:20 2012 From: msalem at redhat.com (Muli Salem) Date: Sun, 4 Nov 2012 12:17:20 -0500 (EST) Subject: [Engine-devel] ovirt on wikipedia In-Reply-To: <983612.80.1352012082301.JavaMail.msalem@dhcp-1-23.tlv.redhat.com> Message-ID: <3700803.163.1352049055445.JavaMail.msalem@dhcp-1-23.tlv.redhat.com> Hi, The Hebrew wiki for oVirt can be found in: http://he.wikipedia.org/wiki/OVirt You are more than welcome to make changes/add stuff. Cheers, Muli ----- Original Message ----- From: "Muli Salem" To: "Laszlo Hornyak" Cc: "engine-devel" Sent: Sunday, 4 November, 2012 9:01:04 AM Subject: Re: [Engine-devel] ovirt on wikipedia Hi all, Will take care of the Hebrew part. Although I would love to help more, I still need to work on my Spanish :) Muli ----- Original Message ----- From: "Laszlo Hornyak" To: "engine-devel" Sent: Monday, 29 October, 2012 5:40:28 PM Subject: [Engine-devel] ovirt on wikipedia Hi, http://en.wikipedia.org/wiki/OVirt At the moment there are OVirt pages in english, russian and hungarian. Any volunteers to write czech, hebrew, german, spanish, catalan? - just to mention the languages some ovirt-developers speak :-) Laszlo _______________________________________________ Engine-devel mailing list Engine-devel at ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel From mpastern at redhat.com Mon Nov 5 05:51:49 2012 From: mpastern at redhat.com (Michael Pasternak) Date: Mon, 05 Nov 2012 07:51:49 +0200 Subject: [Engine-devel] [Users] Related to python script for Attach Cd (.iso) to a vm In-Reply-To: References: Message-ID: <509753F5.2080305@redhat.com> Hi Romil, In general you can use api guide [1] for this, anyway here is example: 1. create vm ============ ... 2. insert cdrom =============== vm = api.vms.get(name="myvm") cdrom = vm.cdroms.get(id="00000000-0000-0000-0000-000000000000") isofile = params.File(id="myiso.iso") cdrom.set_file(isofile) cdrom.update() 3. change boot order (to boot from cdrom and then from hd) ========================================================== os=params.OperatingSystem(boot=[params.Boot(dev='cdrom'), params.Boot(dev='hd')], ...) api.vms.add(params.VM(name='myvm2', os=os, cluster=api.clusters.get('mycluster'), template=api.templates.get('mytemplate'))) 4. run vm ========= ... [1] https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Virtualization/3.1-Beta/html-single/Developer_Guide/index.html#sect-REST_API_Guide-Example-Attach_CDROM On 11/02/2012 09:56 AM, Romil Gupta wrote: > > Hello , > > *I want to write a script to attach a '.iso' image to a vm * > so ,can you please help me or tell me some api so that i can continue my work !!! > I have some '.iso ' file in my storage . > > script *rhevm_test.py* > > from ovirtsdk.api import API > from ovirtsdk.xml import params > import time > > rhevm_uri = "https://rhevm301.xxx.xx.com:8443/api" > rhevm_username = "admin at rhevm301.xxx.xx.com " > rhevm_password = "iso*help" > > api = API(url=rhevm_uri, username=rhevm_username, password=rhevm_password) > print "Connected to RHEVM Successful" > > MB = 1024*1024 > GB = 1024*MB > VM_NAME = 'test_vm' > DESCRIP = 'testing vm' > CLUSTER_NAME = 'Default' > STORAGE_NAME = 'rhevmVMdata' > > domain_name= 'rhevmiso' > domain_type = 'ISO' > > > try: > api.vms.add(params.VM(name=VM_NAME,description=DESCRIP, memory=2*GB,cluster=api.clusters.get(CLUSTER_NAME), template=api.templates.get('Blank') , cdroms = > 'CentOS-6.2-x86_64-LiveCD.iso ')) > > print 'VM created' > > api.vms.get(VM_NAME).nics.add(params.NIC(name='nic1', network=params.Network(name='rhevm'), interface='Red Hat VirtIO')) > print 'NIC added to VM' > > > api.vms.get(VM_NAME).disks.add(params.Disk(storage_domains=params.StorageDomains(storage_domain=[api.storagedomains.get(STORAGE_NAME)]),size=512*MB,status=None,interface='VirtIO',format='Preallocated',sparse=True,bootable=True)) > > print 'Disk added to VM' > print 'Waiting for VM to reach Down status' > while api.vms.get(VM_NAME).status.state != 'down': > time.sleep(1) > except Exception as e: > print 'Failed to create VM with disk and NIC\n%s' % str(e) > > time.sleep(10) > > try: > if api.vms.get(VM_NAME).status.state != 'up': > print 'Starting VM' > api.vms.get(VM_NAME).start() > print 'Waiting for VM to reach Up status' > while api.vms.get(VM_NAME).status.state != 'up': > time.sleep(1) > else: > print 'VM already up' > except Exception as e: > print 'Failed to Start VM:\n%s' % str(e) > > > and got some exceptions > > Connected to RHEVM Successful > Failed to create VM with disk and NIC > 'str' object has no attribute 'export' > Failed to Start VM: > 'NoneType' object has no attribute 'status' > > if i remove this cdroms = 'CentOS-6.2-x86_64-LiveCD.iso ' the code will works fine and it will create a vm with blank template w/o any '.iso' attached !! > > > * > * > * > * > * > * > * > * > *With Regards,* > *Romil* > > > > > > _______________________________________________ > Users mailing list > Users at ovirt.org > http://lists.ovirt.org/mailman/listinfo/users -- Michael Pasternak RedHat, ENG-Virtualization R&D From mpastern at redhat.com Mon Nov 5 05:55:28 2012 From: mpastern at redhat.com (Michael Pasternak) Date: Mon, 05 Nov 2012 07:55:28 +0200 Subject: [Engine-devel] [Users] Related to python script for Attach Cd (.iso) to a vm In-Reply-To: <509753F5.2080305@redhat.com> References: <509753F5.2080305@redhat.com> Message-ID: <509754D0.7050900@redhat.com> On 11/05/2012 07:51 AM, Michael Pasternak wrote: > Hi Romil, > > In general you can use api guide [1] for this, anyway here is example: > > 1. create vm > ============ > ... > > 2. insert cdrom > =============== > > vm = api.vms.get(name="myvm") > cdrom = vm.cdroms.get(id="00000000-0000-0000-0000-000000000000") > isofile = params.File(id="myiso.iso") > cdrom.set_file(isofile) > cdrom.update() > > 3. change boot order (to boot from cdrom and then from hd) > ========================================================== > > os=params.OperatingSystem(boot=[params.Boot(dev='cdrom'), params.Boot(dev='hd')], ...) > api.vms.add(params.VM(name='myvm2', > os=os, > cluster=api.clusters.get('mycluster'), > template=api.templates.get('mytemplate'))) use this ^ example for #1, or update boot order using same semantics on existent vm. > > 4. run vm > ========= > ... > > [1] https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Virtualization/3.1-Beta/html-single/Developer_Guide/index.html#sect-REST_API_Guide-Example-Attach_CDROM -- Michael Pasternak RedHat, ENG-Virtualization R&D From mpastern at redhat.com Mon Nov 5 08:34:15 2012 From: mpastern at redhat.com (Michael Pasternak) Date: Mon, 05 Nov 2012 10:34:15 +0200 Subject: [Engine-devel] [Users] Related to python script for Attach Cd (.iso) to a vm In-Reply-To: References: <509753F5.2080305@redhat.com> <509754D0.7050900@redhat.com> Message-ID: <50977A07.5070901@redhat.com> On 11/05/2012 09:58 AM, Romil Gupta wrote: > Do we have any refresh or update function in ovirt sdk so that after coping the image RHEVM will get refresh automatically ?? > > Regards, > Romil yes, just do GET on /api/storagedomains/xxx/files -- Michael Pasternak RedHat, ENG-Virtualization R&D From mpastern at redhat.com Mon Nov 5 14:04:07 2012 From: mpastern at redhat.com (Michael Pasternak) Date: Mon, 05 Nov 2012 16:04:07 +0200 Subject: [Engine-devel] Fwd: [Users] Related to python script for Attach Cd (.iso) to a vm In-Reply-To: References: <509753F5.2080305@redhat.com> <509754D0.7050900@redhat.com> <50977A07.5070901@redhat.com> Message-ID: <5097C757.4080400@redhat.com> On 11/05/2012 01:23 PM, Romil Gupta wrote: > > On 11/05/2012 09:58 AM, Romil Gupta wrote: >> Do we have any refresh or update function in ovirt sdk so that after coping the image RHEVM will get refresh automatically ?? >> >> Regards, >> Romil > > yes, just do GET on /api/storagedomains/xxx/files > -- > > Michael Pasternak > RedHat, ENG-Virtualization R&D > > > Hi, > > I have to write a python script using ovirt sdk ! > Please tell me the refresh iso domain function in python :) sdk using very same semantics as apy does, sd = api.storagedomains.get(name="iso_domain") sd.files.list() // will produce [GET on /api/storagedomains/xxx/files] > > Regards , > Romil -- Michael Pasternak RedHat, ENG-Virtualization R&D From mpastern at redhat.com Mon Nov 5 14:47:58 2012 From: mpastern at redhat.com (Michael Pasternak) Date: Mon, 05 Nov 2012 16:47:58 +0200 Subject: [Engine-devel] Fwd: [Users] Related to python script for Attach Cd (.iso) to a vm In-Reply-To: References: <509753F5.2080305@redhat.com> <509754D0.7050900@redhat.com> <50977A07.5070901@redhat.com> <5097C757.4080400@redhat.com> Message-ID: <5097D19E.1030504@redhat.com> On 11/05/2012 04:22 PM, Romil Gupta wrote: > HI, > I already tried this : > > api.storagedomains.get(name='rhevmiso').update() > print 'updated' > rhevmiso=api.storagedomains.get(name='rhevmiso').files.list() > for iso in rhevmiso: > print ' iso --> %s \n' % iso > image = api.storagedomains.get(name='rhevmiso').files.get(name='tinycore.iso') > print 'image found %s' %image > try: > api.vms.get(VM_NAME).cdroms.add(params.CdRom(name='cdrom',file=image)) > print 'image added to VM' > except Exception as e: > print 'Failed to add image \n%s' % str(e) > > > But ,*it will not show the latest image that I have copied to 'rhevmiso' storage domain i.e tinycore.iso* > > and o/p is : > image found none > Failed to add image \n%s' % str(e) > > > Please help me !! listing files in api should force iso-refresh [1], make sure your iso-upload is succeeded and your iso file has right permissions, if it's not the case, it's sounds like a bug, please file ovirt-engine bug on this. [1] queryParams.setForceRefresh(true); > > > Regards > Romil > > > On Mon, Nov 5, 2012 at 7:34 PM, Michael Pasternak > wrote: > > On 11/05/2012 01:23 PM, Romil Gupta wrote: > > > > On 11/05/2012 09:58 AM, Romil Gupta wrote: > >> Do we have any refresh or update function in ovirt sdk so that after coping the image RHEVM will get refresh automatically ?? > >> > >> Regards, > >> Romil > > > > yes, just do GET on /api/storagedomains/xxx/files > > -- > > > > Michael Pasternak > > RedHat, ENG-Virtualization R&D > > > > > > Hi, > > > > I have to write a python script using ovirt sdk ! > > Please tell me the refresh iso domain function in python :) > > sdk using very same semantics as apy does, > > sd = api.storagedomains.get(name="iso_domain") > sd.files.list() // will produce [GET on /api/storagedomains/xxx/files] > > > > > > Regards , > > Romil > > > -- > > Michael Pasternak > RedHat, ENG-Virtualization R&D > > > > > -- > I don't wish to be everything to everyone, but I would like to be something to someone. -- Michael Pasternak RedHat, ENG-Virtualization R&D From lhornyak at redhat.com Mon Nov 5 17:08:05 2012 From: lhornyak at redhat.com (Laszlo Hornyak) Date: Mon, 5 Nov 2012 12:08:05 -0500 (EST) Subject: [Engine-devel] eclipse juno vs gwt In-Reply-To: Message-ID: <1099622011.5129712.1352135285352.JavaMail.root@redhat.com> http://youtu.be/XQ0JmfKs21g ----- Original Message ----- > From: "Christopher Morrissey" > To: "Laszlo Hornyak" , "engine-devel" > Sent: Friday, November 2, 2012 11:43:23 PM > Subject: RE: [Engine-devel] eclipse juno vs gwt > > Sorry to follow up my own question, but can you give some specific > cases where this would be a problem? Thanks! > > -Chris > > > -----Original Message----- > From: Morrissey, Christopher > Sent: Friday, November 02, 2012 6:41 PM > To: 'Laszlo Hornyak'; engine-devel > Subject: RE: [Engine-devel] eclipse juno vs gwt > > Hi Laszlo, > > I have several methods that define the @Override annotation and > return something different from the super class. I haven't had any > problems compiling them in GWT. The return value does extend from > the return value of the super class, although this is a requirement > in Java as well so I'm not sure where the difference is. > > -Chris > > > -----Original Message----- > From: engine-devel-bounces at ovirt.org > [mailto:engine-devel-bounces at ovirt.org] On Behalf Of Laszlo Hornyak > Sent: Friday, November 02, 2012 6:19 AM > To: engine-devel > Subject: [Engine-devel] eclipse juno vs gwt > > Hi, > > Just noticed that eclipse juno is adding @Ovewrride annotations to > methods that are actually overriding something, like in many cases > clone and equals methods in some of the classes. This is fine for > the java compiler, but it in some cases the GWT compiler is not > going to accept this annotation. E.g. if the return type is > different than the method with same name in the superclass. > > Juno is doing this by default without asking, when saving the file. > So be extra-careful when editing java classes if they are shared > with GWT > > Laszlo > _______________________________________________ > Engine-devel mailing list > Engine-devel at ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel > From lhornyak at redhat.com Mon Nov 5 17:10:11 2012 From: lhornyak at redhat.com (Laszlo Hornyak) Date: Mon, 5 Nov 2012 12:10:11 -0500 (EST) Subject: [Engine-devel] ovirt on wikipedia In-Reply-To: <3700803.163.1352049055445.JavaMail.msalem@dhcp-1-23.tlv.redhat.com> Message-ID: <815962368.5130014.1352135411843.JavaMail.root@redhat.com> Thank you, Muli! :) ----- Original Message ----- > From: "Muli Salem" > To: "engine-devel" > Cc: "Laszlo Hornyak" > Sent: Sunday, November 4, 2012 6:17:20 PM > Subject: Re: [Engine-devel] ovirt on wikipedia > > Hi, > > The Hebrew wiki for oVirt can be found in: > http://he.wikipedia.org/wiki/OVirt > > You are more than welcome to make changes/add stuff. > > Cheers, > Muli > > ----- Original Message ----- > From: "Muli Salem" > To: "Laszlo Hornyak" > Cc: "engine-devel" > Sent: Sunday, 4 November, 2012 9:01:04 AM > Subject: Re: [Engine-devel] ovirt on wikipedia > > Hi all, > > Will take care of the Hebrew part. > Although I would love to help more, I still need to work on my > Spanish :) > > Muli > > ----- Original Message ----- > From: "Laszlo Hornyak" > To: "engine-devel" > Sent: Monday, 29 October, 2012 5:40:28 PM > Subject: [Engine-devel] ovirt on wikipedia > > Hi, > > http://en.wikipedia.org/wiki/OVirt > At the moment there are OVirt pages in english, russian and > hungarian. > Any volunteers to write czech, hebrew, german, spanish, catalan? - > just to mention the languages some ovirt-developers speak :-) > > Laszlo > _______________________________________________ > Engine-devel mailing list > Engine-devel at ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel > From mlipchuk at redhat.com Tue Nov 6 12:48:19 2012 From: mlipchuk at redhat.com (Maor Lipchuk) Date: Tue, 06 Nov 2012 14:48:19 +0200 Subject: [Engine-devel] eclipse juno vs gwt In-Reply-To: <1099622011.5129712.1352135285352.JavaMail.root@redhat.com> References: <1099622011.5129712.1352135285352.JavaMail.root@redhat.com> Message-ID: <50990713.1010506@redhat.com> Hi Laszlo, Why not change the eclipse configuration, that it won't add @override annotation when saving the class (Java - Editor -Save Actions) but instead use warning instead (java - compiler - Errors/Warnings) Regards, Maor On 11/05/2012 07:08 PM, Laszlo Hornyak wrote: > http://youtu.be/XQ0JmfKs21g > > > > ----- Original Message ----- >> From: "Christopher Morrissey" >> To: "Laszlo Hornyak" , "engine-devel" >> Sent: Friday, November 2, 2012 11:43:23 PM >> Subject: RE: [Engine-devel] eclipse juno vs gwt >> >> Sorry to follow up my own question, but can you give some specific >> cases where this would be a problem? Thanks! >> >> -Chris >> >> >> -----Original Message----- >> From: Morrissey, Christopher >> Sent: Friday, November 02, 2012 6:41 PM >> To: 'Laszlo Hornyak'; engine-devel >> Subject: RE: [Engine-devel] eclipse juno vs gwt >> >> Hi Laszlo, >> >> I have several methods that define the @Override annotation and >> return something different from the super class. I haven't had any >> problems compiling them in GWT. The return value does extend from >> the return value of the super class, although this is a requirement >> in Java as well so I'm not sure where the difference is. >> >> -Chris >> >> >> -----Original Message----- >> From: engine-devel-bounces at ovirt.org >> [mailto:engine-devel-bounces at ovirt.org] On Behalf Of Laszlo Hornyak >> Sent: Friday, November 02, 2012 6:19 AM >> To: engine-devel >> Subject: [Engine-devel] eclipse juno vs gwt >> >> Hi, >> >> Just noticed that eclipse juno is adding @Ovewrride annotations to >> methods that are actually overriding something, like in many cases >> clone and equals methods in some of the classes. This is fine for >> the java compiler, but it in some cases the GWT compiler is not >> going to accept this annotation. E.g. if the return type is >> different than the method with same name in the superclass. >> >> Juno is doing this by default without asking, when saving the file. >> So be extra-careful when editing java classes if they are shared >> with GWT >> >> Laszlo >> _______________________________________________ >> Engine-devel mailing list >> Engine-devel at ovirt.org >> http://lists.ovirt.org/mailman/listinfo/engine-devel >> > _______________________________________________ > Engine-devel mailing list > Engine-devel at ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel > From lpeer at redhat.com Tue Nov 6 13:56:56 2012 From: lpeer at redhat.com (Livnat Peer) Date: Tue, 06 Nov 2012 15:56:56 +0200 Subject: [Engine-devel] Managing permissions on network Message-ID: <50991728.8070702@redhat.com> Hi All, This is a proposal for handling network permissions in oVirt. In this proposal we took the more permissive approach as we find it simple and a good starting point, we also think a more restrict approach makes the configuration of a network cumbersome for ovirt administrators. Inputs are welcomed as always... Here is an overview of the approach, for more detailed description please read the wiki page: http://wiki.ovirt.org/wiki/Feature/NetworkPermissions --------------------------------------------------------------------------- Admin ====== -> For creating a network in a data center you need to be a Superuser or a DCAdmin or a networkAdmin on the DC. -> After creating the network you can manipulate the network if you are a DCAdmin or a networkAdmin on the relevant network (or the whole DC). -> For attaching the network to cluster you need to be a networkAdmin on the network (no requirement to have permission on the cluster) -> Cluster administrator can not attach/detach a network from the cluster, the motivation for this is that as long as the network is not attached to the cluster it is not part of the cluster resources thus can not be managed by the cluster administrator. In addition once a network is attached to a cluster the cluster administrator can change the network from required to non-required for controlling the impact of the network within the cluster. -> For setting a network on the host you need to be host administrator on the host and you don't need to be network administrator. This implies that if you are a host administrator you can add/remove all the cluster networks from your host without the need for network related permissions (this is the permissive approach). User ==== -> For attaching a network to a Vnic in the VM you need to have the role of VmNetworkUser on the network and vmAdmin on the VM. -> In user portal - the list of shown network for a user will include only the list of networks the user is allowed to attach to its vnics (instead of all cluster's networks). Port-mirroring =============== -> For configuring in the VM port mirroring you need to have the role of VmAdvancedNetworkUser on the network and vmAdmin on the VM. VmAdvancedNetworkUser includes the VmNetworkUser actions in addition to port mirroring. For all DB upgrade information and new roles/action groups please review the wiki. Thanks, Livnat & Moti From lhornyak at redhat.com Tue Nov 6 15:24:37 2012 From: lhornyak at redhat.com (Laszlo Hornyak) Date: Tue, 6 Nov 2012 10:24:37 -0500 (EST) Subject: [Engine-devel] eclipse juno vs gwt In-Reply-To: <50990713.1010506@redhat.com> Message-ID: <1857250570.5694606.1352215477363.JavaMail.root@redhat.com> That's what I was looking for! Thank you, Maor! :) ----- Original Message ----- > From: "Maor Lipchuk" > To: "Laszlo Hornyak" > Cc: "Christopher Morrissey" , "engine-devel" > Sent: Tuesday, November 6, 2012 1:48:19 PM > Subject: Re: [Engine-devel] eclipse juno vs gwt > > Hi Laszlo, > Why not change the eclipse configuration, that it won't add @override > annotation when saving the class (Java - Editor -Save Actions) > but instead use warning instead (java - compiler - Errors/Warnings) > > Regards, > Maor > > On 11/05/2012 07:08 PM, Laszlo Hornyak wrote: > > http://youtu.be/XQ0JmfKs21g > > > > > > > > ----- Original Message ----- > >> From: "Christopher Morrissey" > >> To: "Laszlo Hornyak" , "engine-devel" > >> > >> Sent: Friday, November 2, 2012 11:43:23 PM > >> Subject: RE: [Engine-devel] eclipse juno vs gwt > >> > >> Sorry to follow up my own question, but can you give some specific > >> cases where this would be a problem? Thanks! > >> > >> -Chris > >> > >> > >> -----Original Message----- > >> From: Morrissey, Christopher > >> Sent: Friday, November 02, 2012 6:41 PM > >> To: 'Laszlo Hornyak'; engine-devel > >> Subject: RE: [Engine-devel] eclipse juno vs gwt > >> > >> Hi Laszlo, > >> > >> I have several methods that define the @Override annotation and > >> return something different from the super class. I haven't had any > >> problems compiling them in GWT. The return value does extend from > >> the return value of the super class, although this is a > >> requirement > >> in Java as well so I'm not sure where the difference is. > >> > >> -Chris > >> > >> > >> -----Original Message----- > >> From: engine-devel-bounces at ovirt.org > >> [mailto:engine-devel-bounces at ovirt.org] On Behalf Of Laszlo > >> Hornyak > >> Sent: Friday, November 02, 2012 6:19 AM > >> To: engine-devel > >> Subject: [Engine-devel] eclipse juno vs gwt > >> > >> Hi, > >> > >> Just noticed that eclipse juno is adding @Ovewrride annotations to > >> methods that are actually overriding something, like in many cases > >> clone and equals methods in some of the classes. This is fine for > >> the java compiler, but it in some cases the GWT compiler is not > >> going to accept this annotation. E.g. if the return type is > >> different than the method with same name in the superclass. > >> > >> Juno is doing this by default without asking, when saving the > >> file. > >> So be extra-careful when editing java classes if they are shared > >> with GWT > >> > >> Laszlo > >> _______________________________________________ > >> Engine-devel mailing list > >> Engine-devel at ovirt.org > >> http://lists.ovirt.org/mailman/listinfo/engine-devel > >> > > _______________________________________________ > > Engine-devel mailing list > > Engine-devel at ovirt.org > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > > > > From snmishra at linux.vnet.ibm.com Tue Nov 6 16:54:44 2012 From: snmishra at linux.vnet.ibm.com (snmishra at linux.vnet.ibm.com) Date: Tue, 06 Nov 2012 08:54:44 -0800 Subject: [Engine-devel] Updated screen shots for GlusterFS. Message-ID: <20121106085444.Horde.QMGOMJir309QmUDU6jBTigA@imap.linux.ibm.com> Hi, The wiki page at http://wiki.ovirt.org/wiki/Features/GlusterFS_Storage_Domain#Usability_enhancements has been updated with screenshots to support Gluster FS. Please review and provide feedback. 1. What other screens need updates? 2. How to autofill VFSType text box with "glusterfs". It is grayed out but should be pre-filled with "glusterfs". I am new to UI. Need help. 3. Patches are located at http://gerrit.ovirt.org/#/dashboard/1000137 Regards Sharad Mishra IBM From michal.skrivanek at redhat.com Tue Nov 6 21:39:58 2012 From: michal.skrivanek at redhat.com (Michal Skrivanek) Date: Tue, 6 Nov 2012 22:39:58 +0100 Subject: [Engine-devel] SPICE IP override Message-ID: <2CEBE9E7-1C7A-4E52-AE42-04D51983FF6F@redhat.com> Hi all, On behalf of Tomas - please check out the proposal for enhancing our SPICE integration to allow to return a custom IP/FQDN instead of the host IP address. http://wiki.ovirt.org/wiki/Features/Display_Address_Override All comments are welcome... Thanks, michal From simon at redhat.com Wed Nov 7 08:52:14 2012 From: simon at redhat.com (Simon Grinberg) Date: Wed, 7 Nov 2012 03:52:14 -0500 (EST) Subject: [Engine-devel] SPICE IP override In-Reply-To: <2CEBE9E7-1C7A-4E52-AE42-04D51983FF6F@redhat.com> Message-ID: <1197121097.6204891.1352278334446.JavaMail.root@redhat.com> ----- Original Message ----- > From: "Michal Skrivanek" > To: engine-devel at ovirt.org > Sent: Tuesday, November 6, 2012 10:39:58 PM > Subject: [Engine-devel] SPICE IP override > > Hi all, > On behalf of Tomas - please check out the proposal for enhancing our > SPICE integration to allow to return a custom IP/FQDN instead of the > host IP address. > http://wiki.ovirt.org/wiki/Features/Display_Address_Override > All comments are welcome... My 2 cents, This works under the assumption that all the users are either outside of the organization or inside. But think of some of the following scenarios based on a topology where users in the main office are inside the corporate network while users on remote offices / WAN are on a detached different network on the other side of the NAT / public firewall : With current 'per host override' proposal: 1. Admin from the main office won't be able to access the VM console 2. No Mixed environment, meaning that you have to have designated clusters for remote offices users vs main office users - otherwise connectivity to the console is determined based on scheduler decision, or may break by live migration. 3. Based on #2, If I'm a user travelling between offices I'll have to ask the admin to turn off my VM and move it to internal cluster before I can reconnect My suggestion is to covert this to 'alternative' IP/FQDN sending the spice client both internal fqdn/ip and the alternative. The spice client should detect which is available of the two and auto-connect. This requires enhancement of the spice client, but still solves all the issues raised above (actually it solves about 90% of the use cases I've heard about in the past). Another alternative is for the engine to 'guess' or 'elect' which to use, alternative or main, based on the IP of the client - meaning admin provides the client ranges for providing internal host address vs alternative - but this is more complicated compared for the previous suggestion Thoughts? Simon. > > Thanks, > michal > > _______________________________________________ > Engine-devel mailing list > Engine-devel at ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel > From iheim at redhat.com Wed Nov 7 09:46:24 2012 From: iheim at redhat.com (Itamar Heim) Date: Wed, 07 Nov 2012 10:46:24 +0100 Subject: [Engine-devel] SPICE IP override In-Reply-To: <1197121097.6204891.1352278334446.JavaMail.root@redhat.com> References: <1197121097.6204891.1352278334446.JavaMail.root@redhat.com> Message-ID: <509A2DF0.7080702@redhat.com> On 11/07/2012 09:52 AM, Simon Grinberg wrote: > > > ----- Original Message ----- >> From: "Michal Skrivanek" >> To: engine-devel at ovirt.org >> Sent: Tuesday, November 6, 2012 10:39:58 PM >> Subject: [Engine-devel] SPICE IP override >> >> Hi all, >> On behalf of Tomas - please check out the proposal for enhancing our >> SPICE integration to allow to return a custom IP/FQDN instead of the >> host IP address. >> http://wiki.ovirt.org/wiki/Features/Display_Address_Override >> All comments are welcome... > > My 2 cents, > > This works under the assumption that all the users are either outside of the organization or inside. > But think of some of the following scenarios based on a topology where users in the main office are inside the corporate network while users on remote offices / WAN are on a detached different network on the other side of the NAT / public firewall : > > With current 'per host override' proposal: > 1. Admin from the main office won't be able to access the VM console > 2. No Mixed environment, meaning that you have to have designated clusters for remote offices users vs main office users - otherwise connectivity to the console is determined based on scheduler decision, or may break by live migration. > 3. Based on #2, If I'm a user travelling between offices I'll have to ask the admin to turn off my VM and move it to internal cluster before I can reconnect > > My suggestion is to covert this to 'alternative' IP/FQDN sending the spice client both internal fqdn/ip and the alternative. The spice client should detect which is available of the two and auto-connect. > > This requires enhancement of the spice client, but still solves all the issues raised above (actually it solves about 90% of the use cases I've heard about in the past). > > Another alternative is for the engine to 'guess' or 'elect' which to use, alternative or main, based on the IP of the client - meaning admin provides the client ranges for providing internal host address vs alternative - but this is more complicated compared for the previous suggestion > > Thoughts? i think this is over complicating things. I'd expect someone that wants to handle internal and external differently to use DNS, and resolve the DNS differently for external and internal clients. (note this is different from specifying the spice proxy address at cluster level, which is something you want user to choose if they want to enable or not per their location) From iheim at redhat.com Wed Nov 7 09:49:00 2012 From: iheim at redhat.com (Itamar Heim) Date: Wed, 07 Nov 2012 10:49:00 +0100 Subject: [Engine-devel] SPICE IP override In-Reply-To: <2CEBE9E7-1C7A-4E52-AE42-04D51983FF6F@redhat.com> References: <2CEBE9E7-1C7A-4E52-AE42-04D51983FF6F@redhat.com> Message-ID: <509A2E8C.3050503@redhat.com> On 11/06/2012 10:39 PM, Michal Skrivanek wrote: > Hi all, > On behalf of Tomas - please check out the proposal for enhancing our SPICE integration to allow to return a custom IP/FQDN instead of the host IP address. > http://wiki.ovirt.org/wiki/Features/Display_Address_Override > All comments are welcome... > > Thanks, > michal please note users don't see/get the host entities, so REST API should provide this info under the vm display element. From simon at redhat.com Wed Nov 7 09:52:25 2012 From: simon at redhat.com (Simon Grinberg) Date: Wed, 7 Nov 2012 04:52:25 -0500 (EST) Subject: [Engine-devel] SPICE IP override In-Reply-To: <509A2DF0.7080702@redhat.com> Message-ID: <1190246211.6251087.1352281945100.JavaMail.root@redhat.com> ----- Original Message ----- > From: "Itamar Heim" > To: "Simon Grinberg" > Cc: engine-devel at ovirt.org > Sent: Wednesday, November 7, 2012 10:46:24 AM > Subject: Re: [Engine-devel] SPICE IP override > > On 11/07/2012 09:52 AM, Simon Grinberg wrote: > > > > > > ----- Original Message ----- > >> From: "Michal Skrivanek" > >> To: engine-devel at ovirt.org > >> Sent: Tuesday, November 6, 2012 10:39:58 PM > >> Subject: [Engine-devel] SPICE IP override > >> > >> Hi all, > >> On behalf of Tomas - please check out the proposal for enhancing > >> our > >> SPICE integration to allow to return a custom IP/FQDN instead of > >> the > >> host IP address. > >> http://wiki.ovirt.org/wiki/Features/Display_Address_Override > >> All comments are welcome... > > > > My 2 cents, > > > > This works under the assumption that all the users are either > > outside of the organization or inside. > > But think of some of the following scenarios based on a topology > > where users in the main office are inside the corporate network > > while users on remote offices / WAN are on a detached different > > network on the other side of the NAT / public firewall : > > > > With current 'per host override' proposal: > > 1. Admin from the main office won't be able to access the VM > > console > > 2. No Mixed environment, meaning that you have to have designated > > clusters for remote offices users vs main office users - otherwise > > connectivity to the console is determined based on scheduler > > decision, or may break by live migration. > > 3. Based on #2, If I'm a user travelling between offices I'll have > > to ask the admin to turn off my VM and move it to internal cluster > > before I can reconnect > > > > My suggestion is to covert this to 'alternative' IP/FQDN sending > > the spice client both internal fqdn/ip and the alternative. The > > spice client should detect which is available of the two and > > auto-connect. > > > > This requires enhancement of the spice client, but still solves all > > the issues raised above (actually it solves about 90% of the use > > cases I've heard about in the past). > > > > Another alternative is for the engine to 'guess' or 'elect' which > > to use, alternative or main, based on the IP of the client - > > meaning admin provides the client ranges for providing internal > > host address vs alternative - but this is more complicated > > compared for the previous suggestion > > > > Thoughts? > > i think this is over complicating things. > I'd expect someone that wants to handle internal and external > differently to use DNS, and resolve the DNS differently for external > and > internal clients. That will not necessarily solve the issue - what about WAN users from home? the DNS is not under their control -> they need redirection to the public facing NAT servers. + At least currently (and this must change, unless you accept the proposal I've raised) the engine sends fqdn if the display network in on the engine management network and IP on any other selected Display-Network. No DNS will help you in this case, so you still need alternate FQDN. > > (note this is different from specifying the spice proxy address at > cluster level, which is something you want user to choose if they > want > to enable or not per their location) > _______________________________________________ > Engine-devel mailing list > Engine-devel at ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel > From iheim at redhat.com Wed Nov 7 10:12:30 2012 From: iheim at redhat.com (Itamar Heim) Date: Wed, 07 Nov 2012 11:12:30 +0100 Subject: [Engine-devel] SPICE IP override In-Reply-To: <1190246211.6251087.1352281945100.JavaMail.root@redhat.com> References: <1190246211.6251087.1352281945100.JavaMail.root@redhat.com> Message-ID: <509A340E.9040901@redhat.com> On 11/07/2012 10:52 AM, Simon Grinberg wrote: > > > ----- Original Message ----- >> From: "Itamar Heim" >> To: "Simon Grinberg" >> Cc: engine-devel at ovirt.org >> Sent: Wednesday, November 7, 2012 10:46:24 AM >> Subject: Re: [Engine-devel] SPICE IP override >> >> On 11/07/2012 09:52 AM, Simon Grinberg wrote: >>> >>> >>> ----- Original Message ----- >>>> From: "Michal Skrivanek" >>>> To: engine-devel at ovirt.org >>>> Sent: Tuesday, November 6, 2012 10:39:58 PM >>>> Subject: [Engine-devel] SPICE IP override >>>> >>>> Hi all, >>>> On behalf of Tomas - please check out the proposal for enhancing >>>> our >>>> SPICE integration to allow to return a custom IP/FQDN instead of >>>> the >>>> host IP address. >>>> http://wiki.ovirt.org/wiki/Features/Display_Address_Override >>>> All comments are welcome... >>> >>> My 2 cents, >>> >>> This works under the assumption that all the users are either >>> outside of the organization or inside. >>> But think of some of the following scenarios based on a topology >>> where users in the main office are inside the corporate network >>> while users on remote offices / WAN are on a detached different >>> network on the other side of the NAT / public firewall : >>> >>> With current 'per host override' proposal: >>> 1. Admin from the main office won't be able to access the VM >>> console >>> 2. No Mixed environment, meaning that you have to have designated >>> clusters for remote offices users vs main office users - otherwise >>> connectivity to the console is determined based on scheduler >>> decision, or may break by live migration. >>> 3. Based on #2, If I'm a user travelling between offices I'll have >>> to ask the admin to turn off my VM and move it to internal cluster >>> before I can reconnect >>> >>> My suggestion is to covert this to 'alternative' IP/FQDN sending >>> the spice client both internal fqdn/ip and the alternative. The >>> spice client should detect which is available of the two and >>> auto-connect. >>> >>> This requires enhancement of the spice client, but still solves all >>> the issues raised above (actually it solves about 90% of the use >>> cases I've heard about in the past). >>> >>> Another alternative is for the engine to 'guess' or 'elect' which >>> to use, alternative or main, based on the IP of the client - >>> meaning admin provides the client ranges for providing internal >>> host address vs alternative - but this is more complicated >>> compared for the previous suggestion >>> >>> Thoughts? >> >> i think this is over complicating things. >> I'd expect someone that wants to handle internal and external >> differently to use DNS, and resolve the DNS differently for external >> and >> internal clients. > > That will not necessarily solve the issue - what about WAN users from home? the DNS is not under their control -> they need redirection to the public facing NAT servers. if a public service, not relevant. if a private service, i expect they would be using a VPN, with dns resolution provided by the organization for external vpn users, if they need to resolve IPs differently internally and externally. > > + At least currently (and this must change, unless you accept the proposal I've raised) the engine sends fqdn if the display network in on the engine management network and IP on any other selected Display-Network. not with this patch, which sends the dns the admin configured, regardless of display logical network used. > > No DNS will help you in this case, so you still need alternate FQDN. > >> >> (note this is different from specifying the spice proxy address at >> cluster level, which is something you want user to choose if they >> want >> to enable or not per their location) >> _______________________________________________ >> Engine-devel mailing list >> Engine-devel at ovirt.org >> http://lists.ovirt.org/mailman/listinfo/engine-devel >> From ewoud+ovirt at kohlvanwijngaarden.nl Wed Nov 7 10:16:28 2012 From: ewoud+ovirt at kohlvanwijngaarden.nl (Ewoud Kohl van Wijngaarden) Date: Wed, 7 Nov 2012 11:16:28 +0100 Subject: [Engine-devel] SPICE IP override In-Reply-To: <1197121097.6204891.1352278334446.JavaMail.root@redhat.com> References: <2CEBE9E7-1C7A-4E52-AE42-04D51983FF6F@redhat.com> <1197121097.6204891.1352278334446.JavaMail.root@redhat.com> Message-ID: <20121107101628.GZ2094@bogey.xentower.nl> On Wed, Nov 07, 2012 at 03:52:14AM -0500, Simon Grinberg wrote: > ----- Original Message ----- > > From: "Michal Skrivanek" > > To: engine-devel at ovirt.org > > Sent: Tuesday, November 6, 2012 10:39:58 PM > > Subject: [Engine-devel] SPICE IP override > > > > Hi all, > > On behalf of Tomas - please check out the proposal for enhancing our > > SPICE integration to allow to return a custom IP/FQDN instead of the > > host IP address. > > http://wiki.ovirt.org/wiki/Features/Display_Address_Override > > All comments are welcome... > > My 2 cents, > > This works under the assumption that all the users are either outside > of the organization or inside. > But think of some of the following scenarios based on a topology where > users in the main office are inside the corporate network while users > on remote offices / WAN are on a detached different network on the > other side of the NAT / public firewall : > > With current 'per host override' proposal: > 1. Admin from the main office won't be able to access the VM console > 2. No Mixed environment, meaning that you have to have designated > clusters for remote offices users vs main office users - otherwise > connectivity to the console is determined based on scheduler > decision, or may break by live migration. > 3. Based on #2, If I'm a user travelling between offices I'll have to > ask the admin to turn off my VM and move it to internal cluster > before I can reconnect > > My suggestion is to covert this to 'alternative' IP/FQDN sending the > spice client both internal fqdn/ip and the alternative. The spice > client should detect which is available of the two and auto-connect. > > This requires enhancement of the spice client, but still solves all > the issues raised above (actually it solves about 90% of the use cases > I've heard about in the past). > > Another alternative is for the engine to 'guess' or 'elect' which to > use, alternative or main, based on the IP of the client - meaning > admin provides the client ranges for providing internal host address > vs alternative - but this is more complicated compared for the > previous suggestion > > Thoughts? I agree with where you're going with this. The story I'd like to see supported is close to this. We have external customers who should know nothing about our internal network, but should be able to access the console of their VMs. Currently we do this with a custom frontend which uses the API (and is about as old as the RHEV 2.2 API) and a TCP proxy, but we'd like to move to the standard UI. Currently the console connection prevents us from doing so. Users are able to create VMs based on the resources they have (RAM, CPU, storage, network) without admin intervention. This means we'd like to see this override on a cluster / DC / global level so there is no need for admin intervention. Ideally this would also come with a programmable proxy so the engine can enable/disable forwards instead of a NAT firewall. From djasa at redhat.com Wed Nov 7 10:23:27 2012 From: djasa at redhat.com (David =?UTF-8?Q?Ja=C5=A1a?=) Date: Wed, 07 Nov 2012 11:23:27 +0100 Subject: [Engine-devel] SPICE IP override In-Reply-To: <20121107101628.GZ2094@bogey.xentower.nl> References: <2CEBE9E7-1C7A-4E52-AE42-04D51983FF6F@redhat.com> <1197121097.6204891.1352278334446.JavaMail.root@redhat.com> <20121107101628.GZ2094@bogey.xentower.nl> Message-ID: <1352283807.13273.67.camel@dhcp-29-7.brq.redhat.com> Ewoud Kohl van Wijngaarden p??e v St 07. 11. 2012 v 11:16 +0100: > On Wed, Nov 07, 2012 at 03:52:14AM -0500, Simon Grinberg wrote: > > ----- Original Message ----- > > > From: "Michal Skrivanek" > > > To: engine-devel at ovirt.org > > > Sent: Tuesday, November 6, 2012 10:39:58 PM > > > Subject: [Engine-devel] SPICE IP override > > > > > > Hi all, > > > On behalf of Tomas - please check out the proposal for enhancing our > > > SPICE integration to allow to return a custom IP/FQDN instead of the > > > host IP address. > > > http://wiki.ovirt.org/wiki/Features/Display_Address_Override > > > All comments are welcome... > > > > My 2 cents, > > > > This works under the assumption that all the users are either outside > > of the organization or inside. > > But think of some of the following scenarios based on a topology where > > users in the main office are inside the corporate network while users > > on remote offices / WAN are on a detached different network on the > > other side of the NAT / public firewall : > > > > With current 'per host override' proposal: > > 1. Admin from the main office won't be able to access the VM console > > 2. No Mixed environment, meaning that you have to have designated > > clusters for remote offices users vs main office users - otherwise > > connectivity to the console is determined based on scheduler > > decision, or may break by live migration. > > 3. Based on #2, If I'm a user travelling between offices I'll have to > > ask the admin to turn off my VM and move it to internal cluster > > before I can reconnect > > > > My suggestion is to covert this to 'alternative' IP/FQDN sending the > > spice client both internal fqdn/ip and the alternative. The spice > > client should detect which is available of the two and auto-connect. > > > > This requires enhancement of the spice client, but still solves all > > the issues raised above (actually it solves about 90% of the use cases > > I've heard about in the past). > > > > Another alternative is for the engine to 'guess' or 'elect' which to > > use, alternative or main, based on the IP of the client - meaning > > admin provides the client ranges for providing internal host address > > vs alternative - but this is more complicated compared for the > > previous suggestion > > > > Thoughts? > > I agree with where you're going with this. The story I'd like to see > supported is close to this. We have external customers who should know > nothing about our internal network, but should be able to access the > console of their VMs. Currently we do this with a custom frontend which > uses the API (and is about as old as the RHEV 2.2 API) and a TCP proxy, > but we'd like to move to the standard UI. Currently the console > connection prevents us from doing so. You could do that with this proposal, if you: 1) DNAT some external-facing IPs to your hypervisor display network IPs 2) resolve display network FQDN to the DNATing machine IPs for external queries. David > > Users are able to create VMs based on the resources they have (RAM, CPU, > storage, network) without admin intervention. This means we'd like to > see this override on a cluster / DC / global level so there is no need > for admin intervention. Ideally this would also come with a programmable > proxy so the engine can enable/disable forwards instead of a NAT > firewall. > _______________________________________________ > Engine-devel mailing list > Engine-devel at ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel -- David Ja?a, RHCE SPICE QE based in Brno GPG Key: 22C33E24 Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24 From masayag at redhat.com Wed Nov 7 10:26:49 2012 From: masayag at redhat.com (Moti Asayag) Date: Wed, 07 Nov 2012 12:26:49 +0200 Subject: [Engine-devel] Managing permissions on network In-Reply-To: <50991728.8070702@redhat.com> References: <50991728.8070702@redhat.com> Message-ID: <509A3769.9090907@redhat.com> On 11/06/2012 03:56 PM, Livnat Peer wrote: > Hi All, > > This is a proposal for handling network permissions in oVirt. > > In this proposal we took the more permissive approach as we find it > simple and a good starting point, we also think a more restrict approach > makes the configuration of a network cumbersome for ovirt administrators. > > Inputs are welcomed as always... > > Here is an overview of the approach, for more detailed description > please read the wiki page: > http://wiki.ovirt.org/wiki/Feature/NetworkPermissions > > --------------------------------------------------------------------------- > Admin > ====== > > -> For creating a network in a data center you need to be a Superuser or > a DCAdmin or a networkAdmin on the DC. > > -> After creating the network you can manipulate the network if you are > a DCAdmin or a networkAdmin on the relevant network (or the whole DC). > > -> For attaching the network to cluster you need to be a networkAdmin on > the network (no requirement to have permission on the cluster) > > -> Cluster administrator can not attach/detach a network from the > cluster, the motivation for this is that as long as the network is not > attached to the cluster it is not part of the cluster resources thus can > not be managed by the cluster administrator. > In addition once a network is attached to a cluster the cluster > administrator can change the network from required to non-required for > controlling the impact of the network within the cluster. I'd like to clarify that NetworkAdmin is authorized to update the cluster network's properties (set network as display network or set network as required/optional). NetworkAdmin is capable of doing so with permissions on the Network only (not on the cluster). The ClusterAdmin is capable of updating the cluster network's properties as well. A restrictive approach would be requiring permissions on both Cluster and Network with NetworkAdmin role in order to perform those actions. This approach assures that changes committed for a network within a cluster could be performed by user that owns permissions on both network and cluster. However it will make the permission granting process a bit toilsome: Granting the NetworkAdmin role of a specific cluster and also a NetworkAdmin per each network to be assigned for the cluster. I'd like to get opinions for the approaches mentioned above. > > -> For setting a network on the host you need to be host administrator > on the host and you don't need to be network administrator. > This implies that if you are a host administrator you can add/remove all > the cluster networks from your host without the need for network related > permissions (this is the permissive approach). > > User > ==== > > -> For attaching a network to a Vnic in the VM you need to have the role > of VmNetworkUser on the network and vmAdmin on the VM. > > -> In user portal - the list of shown network for a user will include > only the list of networks the user is allowed to attach to its vnics > (instead of all cluster's networks). > > Port-mirroring > =============== > > -> For configuring in the VM port mirroring you need to have the role > of VmAdvancedNetworkUser on the network and vmAdmin on the VM. > VmAdvancedNetworkUser includes the VmNetworkUser actions in addition to > port mirroring. > > > > > For all DB upgrade information and new roles/action groups please review > the wiki. > > Thanks, > Livnat & Moti > From ewoud+ovirt at kohlvanwijngaarden.nl Wed Nov 7 11:08:02 2012 From: ewoud+ovirt at kohlvanwijngaarden.nl (Ewoud Kohl van Wijngaarden) Date: Wed, 7 Nov 2012 12:08:02 +0100 Subject: [Engine-devel] SPICE IP override In-Reply-To: <1352283807.13273.67.camel@dhcp-29-7.brq.redhat.com> References: <2CEBE9E7-1C7A-4E52-AE42-04D51983FF6F@redhat.com> <1197121097.6204891.1352278334446.JavaMail.root@redhat.com> <20121107101628.GZ2094@bogey.xentower.nl> <1352283807.13273.67.camel@dhcp-29-7.brq.redhat.com> Message-ID: <20121107110801.GA2094@bogey.xentower.nl> On Wed, Nov 07, 2012 at 11:23:27AM +0100, David Ja?a wrote: > Ewoud Kohl van Wijngaarden p??e v St 07. 11. 2012 v 11:16 +0100: > > On Wed, Nov 07, 2012 at 03:52:14AM -0500, Simon Grinberg wrote: > > > ----- Original Message ----- > > > > From: "Michal Skrivanek" > > > > To: engine-devel at ovirt.org > > > > Sent: Tuesday, November 6, 2012 10:39:58 PM > > > > Subject: [Engine-devel] SPICE IP override > > > > > > > > Hi all, > > > > On behalf of Tomas - please check out the proposal for enhancing our > > > > SPICE integration to allow to return a custom IP/FQDN instead of the > > > > host IP address. > > > > http://wiki.ovirt.org/wiki/Features/Display_Address_Override > > > > All comments are welcome... > > > > > > My 2 cents, > > > > > > This works under the assumption that all the users are either outside > > > of the organization or inside. > > > But think of some of the following scenarios based on a topology where > > > users in the main office are inside the corporate network while users > > > on remote offices / WAN are on a detached different network on the > > > other side of the NAT / public firewall : > > > > > > With current 'per host override' proposal: > > > 1. Admin from the main office won't be able to access the VM console > > > 2. No Mixed environment, meaning that you have to have designated > > > clusters for remote offices users vs main office users - otherwise > > > connectivity to the console is determined based on scheduler > > > decision, or may break by live migration. > > > 3. Based on #2, If I'm a user travelling between offices I'll have to > > > ask the admin to turn off my VM and move it to internal cluster > > > before I can reconnect > > > > > > My suggestion is to covert this to 'alternative' IP/FQDN sending the > > > spice client both internal fqdn/ip and the alternative. The spice > > > client should detect which is available of the two and auto-connect. > > > > > > This requires enhancement of the spice client, but still solves all > > > the issues raised above (actually it solves about 90% of the use cases > > > I've heard about in the past). > > > > > > Another alternative is for the engine to 'guess' or 'elect' which to > > > use, alternative or main, based on the IP of the client - meaning > > > admin provides the client ranges for providing internal host address > > > vs alternative - but this is more complicated compared for the > > > previous suggestion > > > > > > Thoughts? > > > > I agree with where you're going with this. The story I'd like to see > > supported is close to this. We have external customers who should know > > nothing about our internal network, but should be able to access the > > console of their VMs. Currently we do this with a custom frontend which > > uses the API (and is about as old as the RHEV 2.2 API) and a TCP proxy, > > but we'd like to move to the standard UI. Currently the console > > connection prevents us from doing so. > > You could do that with this proposal, if you: > 1) DNAT some external-facing IPs to your hypervisor display network IPs > 2) resolve display network FQDN to the DNATing machine IPs for external > queries. I imagine you need 1 external-facing IP per host, which makes it expensive to scale since IPv4 space is very limited. This is why I suggested a proxy. In theory this could also be used to modify a forward to have seamless host migrations because the end point for the client wouldn't change. From djasa at redhat.com Wed Nov 7 11:40:50 2012 From: djasa at redhat.com (David =?UTF-8?Q?Ja=C5=A1a?=) Date: Wed, 07 Nov 2012 12:40:50 +0100 Subject: [Engine-devel] SPICE IP override In-Reply-To: <20121107110801.GA2094@bogey.xentower.nl> References: <2CEBE9E7-1C7A-4E52-AE42-04D51983FF6F@redhat.com> <1197121097.6204891.1352278334446.JavaMail.root@redhat.com> <20121107101628.GZ2094@bogey.xentower.nl> <1352283807.13273.67.camel@dhcp-29-7.brq.redhat.com> <20121107110801.GA2094@bogey.xentower.nl> Message-ID: <1352288450.13273.87.camel@dhcp-29-7.brq.redhat.com> Ewoud Kohl van Wijngaarden p??e v St 07. 11. 2012 v 12:08 +0100: > On Wed, Nov 07, 2012 at 11:23:27AM +0100, David Ja?a wrote: > > Ewoud Kohl van Wijngaarden p??e v St 07. 11. 2012 v 11:16 +0100: > > > On Wed, Nov 07, 2012 at 03:52:14AM -0500, Simon Grinberg wrote: > > > > ----- Original Message ----- > > > > > From: "Michal Skrivanek" > > > > > To: engine-devel at ovirt.org > > > > > Sent: Tuesday, November 6, 2012 10:39:58 PM > > > > > Subject: [Engine-devel] SPICE IP override > > > > > > > > > > Hi all, > > > > > On behalf of Tomas - please check out the proposal for enhancing our > > > > > SPICE integration to allow to return a custom IP/FQDN instead of the > > > > > host IP address. > > > > > http://wiki.ovirt.org/wiki/Features/Display_Address_Override > > > > > All comments are welcome... > > > > > > > > My 2 cents, > > > > > > > > This works under the assumption that all the users are either outside > > > > of the organization or inside. > > > > But think of some of the following scenarios based on a topology where > > > > users in the main office are inside the corporate network while users > > > > on remote offices / WAN are on a detached different network on the > > > > other side of the NAT / public firewall : > > > > > > > > With current 'per host override' proposal: > > > > 1. Admin from the main office won't be able to access the VM console > > > > 2. No Mixed environment, meaning that you have to have designated > > > > clusters for remote offices users vs main office users - otherwise > > > > connectivity to the console is determined based on scheduler > > > > decision, or may break by live migration. > > > > 3. Based on #2, If I'm a user travelling between offices I'll have to > > > > ask the admin to turn off my VM and move it to internal cluster > > > > before I can reconnect > > > > > > > > My suggestion is to covert this to 'alternative' IP/FQDN sending the > > > > spice client both internal fqdn/ip and the alternative. The spice > > > > client should detect which is available of the two and auto-connect. > > > > > > > > This requires enhancement of the spice client, but still solves all > > > > the issues raised above (actually it solves about 90% of the use cases > > > > I've heard about in the past). > > > > > > > > Another alternative is for the engine to 'guess' or 'elect' which to > > > > use, alternative or main, based on the IP of the client - meaning > > > > admin provides the client ranges for providing internal host address > > > > vs alternative - but this is more complicated compared for the > > > > previous suggestion > > > > > > > > Thoughts? > > > > > > I agree with where you're going with this. The story I'd like to see > > > supported is close to this. We have external customers who should know > > > nothing about our internal network, but should be able to access the > > > console of their VMs. Currently we do this with a custom frontend which > > > uses the API (and is about as old as the RHEV 2.2 API) and a TCP proxy, > > > but we'd like to move to the standard UI. Currently the console > > > connection prevents us from doing so. > > > > You could do that with this proposal, if you: > > 1) DNAT some external-facing IPs to your hypervisor display network IPs > > 2) resolve display network FQDN to the DNATing machine IPs for external > > queries. > > I imagine you need 1 external-facing IP per host, which makes it > expensive to scale since IPv4 space is very limited. That's the cost of quick-to-implement solution. If it is possible to have per-host display port range, you could work this limitation around by setting non-overlapping ranges for each host and use a single proxy or DNAT machine that would decide which port to forward based on the range. David > This is why I > suggested a proxy. In theory this could also be used to modify a forward > to have seamless host migrations because the end point for the client > wouldn't change. > _______________________________________________ > Engine-devel mailing list > Engine-devel at ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel -- David Ja?a, RHCE SPICE QE based in Brno GPG Key: 22C33E24 Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24 From ewoud+ovirt at kohlvanwijngaarden.nl Wed Nov 7 12:42:04 2012 From: ewoud+ovirt at kohlvanwijngaarden.nl (Ewoud Kohl van Wijngaarden) Date: Wed, 7 Nov 2012 13:42:04 +0100 Subject: [Engine-devel] SPICE IP override In-Reply-To: <1352288450.13273.87.camel@dhcp-29-7.brq.redhat.com> References: <2CEBE9E7-1C7A-4E52-AE42-04D51983FF6F@redhat.com> <1197121097.6204891.1352278334446.JavaMail.root@redhat.com> <20121107101628.GZ2094@bogey.xentower.nl> <1352283807.13273.67.camel@dhcp-29-7.brq.redhat.com> <20121107110801.GA2094@bogey.xentower.nl> <1352288450.13273.87.camel@dhcp-29-7.brq.redhat.com> Message-ID: <20121107124204.GB2094@bogey.xentower.nl> On Wed, Nov 07, 2012 at 12:40:50PM +0100, David Ja?a wrote: > Ewoud Kohl van Wijngaarden p??e v St 07. 11. 2012 v 12:08 +0100: > > On Wed, Nov 07, 2012 at 11:23:27AM +0100, David Ja?a wrote: > > > Ewoud Kohl van Wijngaarden p??e v St 07. 11. 2012 v 11:16 +0100: > > > > On Wed, Nov 07, 2012 at 03:52:14AM -0500, Simon Grinberg wrote: > > > > > ----- Original Message ----- > > > > > > From: "Michal Skrivanek" > > > > > > To: engine-devel at ovirt.org > > > > > > Sent: Tuesday, November 6, 2012 10:39:58 PM > > > > > > Subject: [Engine-devel] SPICE IP override > > > > > > > > > > > > Hi all, > > > > > > On behalf of Tomas - please check out the proposal for enhancing our > > > > > > SPICE integration to allow to return a custom IP/FQDN instead of the > > > > > > host IP address. > > > > > > http://wiki.ovirt.org/wiki/Features/Display_Address_Override > > > > > > All comments are welcome... > > > > > > > > > > My 2 cents, > > > > > > > > > > This works under the assumption that all the users are either outside > > > > > of the organization or inside. > > > > > But think of some of the following scenarios based on a topology where > > > > > users in the main office are inside the corporate network while users > > > > > on remote offices / WAN are on a detached different network on the > > > > > other side of the NAT / public firewall : > > > > > > > > > > With current 'per host override' proposal: > > > > > 1. Admin from the main office won't be able to access the VM console > > > > > 2. No Mixed environment, meaning that you have to have designated > > > > > clusters for remote offices users vs main office users - otherwise > > > > > connectivity to the console is determined based on scheduler > > > > > decision, or may break by live migration. > > > > > 3. Based on #2, If I'm a user travelling between offices I'll have to > > > > > ask the admin to turn off my VM and move it to internal cluster > > > > > before I can reconnect > > > > > > > > > > My suggestion is to covert this to 'alternative' IP/FQDN sending the > > > > > spice client both internal fqdn/ip and the alternative. The spice > > > > > client should detect which is available of the two and auto-connect. > > > > > > > > > > This requires enhancement of the spice client, but still solves all > > > > > the issues raised above (actually it solves about 90% of the use cases > > > > > I've heard about in the past). > > > > > > > > > > Another alternative is for the engine to 'guess' or 'elect' which to > > > > > use, alternative or main, based on the IP of the client - meaning > > > > > admin provides the client ranges for providing internal host address > > > > > vs alternative - but this is more complicated compared for the > > > > > previous suggestion > > > > > > > > > > Thoughts? > > > > > > > > I agree with where you're going with this. The story I'd like to see > > > > supported is close to this. We have external customers who should know > > > > nothing about our internal network, but should be able to access the > > > > console of their VMs. Currently we do this with a custom frontend which > > > > uses the API (and is about as old as the RHEV 2.2 API) and a TCP proxy, > > > > but we'd like to move to the standard UI. Currently the console > > > > connection prevents us from doing so. > > > > > > You could do that with this proposal, if you: > > > 1) DNAT some external-facing IPs to your hypervisor display network IPs > > > 2) resolve display network FQDN to the DNATing machine IPs for external > > > queries. > > > > I imagine you need 1 external-facing IP per host, which makes it > > expensive to scale since IPv4 space is very limited. > > That's the cost of quick-to-implement solution. > > If it is possible to have per-host display port range, you could work > this limitation around by setting non-overlapping ranges for each host > and use a single proxy or DNAT machine that would decide which port to > forward based on the range. I was also thinking about port ranges, but I have no idea how hard it is to implement. It does sound like a good balance between quick-to-implement and usability in production. From emesika at redhat.com Wed Nov 7 19:43:42 2012 From: emesika at redhat.com (Eli Mesika) Date: Wed, 7 Nov 2012 14:43:42 -0500 (EST) Subject: [Engine-devel] [Design for 3.2 RFE] Improving proxy selection algorithm for Power Management operations Message-ID: <647522806.7885833.1352317422827.JavaMail.root@redhat.com> Hi Please review , any comments are welcomed Requirements : http://wiki.ovirt.org/wiki/Features/HostPMProxyPreferences Detailed Design : http://wiki.ovirt.org/wiki/Features/Design/DetailedHostPMProxyPreferences DR for this RFE will be next week, exact schedule & place will follow. Thanks Eli From iheim at redhat.com Thu Nov 8 15:25:48 2012 From: iheim at redhat.com (Itamar Heim) Date: Thu, 08 Nov 2012 16:25:48 +0100 Subject: [Engine-devel] [Design for 3.2 RFE] Improving proxy selection algorithm for Power Management operations In-Reply-To: <647522806.7885833.1352317422827.JavaMail.root@redhat.com> References: <647522806.7885833.1352317422827.JavaMail.root@redhat.com> Message-ID: <509BCEFC.70406@redhat.com> On 11/07/2012 08:43 PM, Eli Mesika wrote: > Hi > > Please review , any comments are welcomed > > Requirements : http://wiki.ovirt.org/wiki/Features/HostPMProxyPreferences > Detailed Design : http://wiki.ovirt.org/wiki/Features/Design/DetailedHostPMProxyPreferences > > DR for this RFE will be next week, exact schedule & place will follow. 1. what's the logic on deciding to move to next proxy ? is it per action (restart being comprised of stop and start. can the stop and start happen from different proxies)? 2. I'm guessing for 'engine' as proxy, vdsm will be installed with engine on same host. is the plan to teat it as a separate instance of vdsm, listening on a separate port, or to assume an all-in-one deployment always? if it is added as a host, just for fencing, it requires special treatment for that host. while if added as a separate instance (on a different tcp port), it doesn't have to be defined as a host in the system. iirc, we can install vdsm, and launch multiple instances of it (at least we could in the past). 3. i didn't understand the fqdn/ip proxy mode, if it is not an existing host in the system, how will engine communicate with it over secure xml/rpc? (i can understand selecting a specific host, but not a text box for fqdn/ip). thanks, Itamar From emesika at redhat.com Thu Nov 8 16:09:05 2012 From: emesika at redhat.com (Eli Mesika) Date: Thu, 8 Nov 2012 11:09:05 -0500 (EST) Subject: [Engine-devel] [Design for 3.2 RFE] Improving proxy selection algorithm for Power Management operations In-Reply-To: <509BCEFC.70406@redhat.com> Message-ID: <2010870482.8227071.1352390945807.JavaMail.root@redhat.com> ----- Original Message ----- > From: "Itamar Heim" > To: "Eli Mesika" > Cc: "engine-devel" , "Dan Kenigsberg" > Sent: Thursday, November 8, 2012 5:25:48 PM > Subject: Re: [Engine-devel] [Design for 3.2 RFE] Improving proxy selection algorithm for Power Management operations > > On 11/07/2012 08:43 PM, Eli Mesika wrote: > > Hi > > > > Please review , any comments are welcomed > > > > Requirements : > > http://wiki.ovirt.org/wiki/Features/HostPMProxyPreferences > > Detailed Design : > > http://wiki.ovirt.org/wiki/Features/Design/DetailedHostPMProxyPreferences > > > > DR for this RFE will be next week, exact schedule & place will > > follow. > > 1. what's the logic on deciding to move to next proxy ? is it per > action > (restart being comprised of stop and start. can the stop and start > happen from different proxies)? Yes, it is per action so stop & start may use different proxies. > > 2. I'm guessing for 'engine' as proxy, vdsm will be installed with > engine on same host. > > is the plan to teat it as a separate instance of vdsm, listening on a > separate port, or to assume an all-in-one deployment always? > if it is added as a host, just for fencing, it requires special > treatment for that host. while if added as a separate instance (on a > different tcp port), it doesn't have to be defined as a host in the > system. > > iirc, we can install vdsm, and launch multiple instances of it (at > least > we could in the past). we have 3 options here 1) VDSM instance 2) Lightweight VDSM (with only PM abilities) 3) Accessing the fenece-agents package scripts directly I have talked with danken , he think we should apply 3) > > 3. i didn't understand the fqdn/ip proxy mode, if it is not an > existing > host in the system, how will engine communicate with it over secure > xml/rpc? (i can understand selecting a specific host, but not a text > box > for fqdn/ip). Good point, I will change the design accordingly > > thanks, > Itamar > From emesika at redhat.com Thu Nov 8 16:17:10 2012 From: emesika at redhat.com (Eli Mesika) Date: Thu, 8 Nov 2012 11:17:10 -0500 (EST) Subject: [Engine-devel] [Design for 3.2 RFE] Adding support for external events In-Reply-To: <65374848.8228742.1352391200770.JavaMail.root@redhat.com> Message-ID: <1170459730.8229589.1352391430661.JavaMail.root@redhat.com> Hi Please review , any comments are welcomed (please note that API section is still in TBD) RFE :https://bugzilla.redhat.com/show_bug.cgi?id=873223 Requirements : http://wiki.ovirt.org/wiki/Features/ExternalEvents Detailed Design :http://wiki.ovirt.org/wiki/Features/Design/DetailedExternalEvents DR for this RFE will follow. Thanks Eli From iheim at redhat.com Fri Nov 9 08:38:41 2012 From: iheim at redhat.com (Itamar Heim) Date: Fri, 09 Nov 2012 09:38:41 +0100 Subject: [Engine-devel] [Design for 3.2 RFE] Improving proxy selection algorithm for Power Management operations In-Reply-To: <647522806.7885833.1352317422827.JavaMail.root@redhat.com> References: <647522806.7885833.1352317422827.JavaMail.root@redhat.com> Message-ID: <509CC111.6050608@redhat.com> On 11/07/2012 08:43 PM, Eli Mesika wrote: > Hi > > Please review , any comments are welcomed > > Requirements : http://wiki.ovirt.org/wiki/Features/HostPMProxyPreferences > Detailed Design : http://wiki.ovirt.org/wiki/Features/Design/DetailedHostPMProxyPreferences > > DR for this RFE will be next week, exact schedule & place will follow. > some comments on the Detailed part: > The default value for this column will be : 'engine,cluster,dc' 1. so if this is not passed via REST API, this will be the default value? 2. i didn't see any comment about backward compatibility/upgrade (since the default value now is actually "DC", so setting a different default will change behavior in upgrade, which it shouldn't). 3. would it make sense to make this default value per compatibility version? otherwise, adding a 3.1 host via API in 3.1 and 3.2 will give different behavior (since default for this in 3.1 is "DC"). > API we also want to allow defining different types of fencing going forward, how will the new API support this (proxy list will be per fence type?). see note above for default value behavior for api backward compatibility as well > Installation/Upgrade see note above for upgrade wrt default value and backward compatibility > pre-defined values I'm not sure how important is the random ip/host vs. engine/cluster/dc. but if you keep it (and change it to configured hosts in the system), then you should keep hosts uuid's. (it adds complexity, since those hosts can be deleted, and if only such a host was defined, it leaves another host without PM configured, so you'll be asked to add more and more validations. my 2 cents: supporting "another specific host", rather than engine/cluster/dc is adding complexity, and should be given a valid use case to justify that complexity (and even if needed, i'd consider doing the implementation in two phases) > FenceWrapper i understand danken suggested going this way, rather than than another instance of vdsm. is vdsm only calling these scripts today and all logic is in engine, or does vdsm has any logic in wrapping these scripts (not a blocker to doing FenceWrapper, just worth extracting that logic from vdsm to such a script, then using it in both. i hope answer is 'no logic'...) From iheim at redhat.com Fri Nov 9 08:55:58 2012 From: iheim at redhat.com (Itamar Heim) Date: Fri, 09 Nov 2012 09:55:58 +0100 Subject: [Engine-devel] [Design for 3.2 RFE] Adding support for external events In-Reply-To: <1170459730.8229589.1352391430661.JavaMail.root@redhat.com> References: <1170459730.8229589.1352391430661.JavaMail.root@redhat.com> Message-ID: <509CC51E.5050604@redhat.com> On 11/08/2012 05:17 PM, Eli Mesika wrote: > Hi > > Please review , any comments are welcomed (please note that API section is still in TBD) > > RFE :https://bugzilla.redhat.com/show_bug.cgi?id=873223 > Requirements : http://wiki.ovirt.org/wiki/Features/ExternalEvents > Events are classified as NORMAL , WARNING or ERROR and UI will display different icon according to that. any reason to not allow external ALERTs? > Detailed Design :http://wiki.ovirt.org/wiki/Features/Design/DetailedExternalEvents > Adding is_external boolean field to audit_log with a default value of false hmmm, i'm not sure it makes sense to inject any event, just flagging it as external. why not just add a new AuditLogType of 'External' (i.e., just another event id? it is easy enough to search for it, etc. > New command is exposed currently only to SuperUser I assume you mean there is a new permission, which by default is added only to superuser role, and admin can add it to other custom roles? I also assume this is only relevant to admin users, not to user roles? other questions: 1. worth detailing all fields of the event which could be passed to this. 2. can an admin add events to entities they don't have permissions on (I'm guessing yes, since admins aren't filtered from seeing all entities, so implicitly, they have permission to all entities) otherwise (if intent is to limit permisisons), an event is an action on multiple entities, so for any field which is passed for the event (vm_id, (vds)host_id, etc.), you'd need to check admin has 'AddExternalEvent' permission on. the main reason i think doing permissions may hold merit is it will allow to give this permission by default in more roles, rather than only for superuser, which may make it more viable for UI plugins that would try to leverage this. 3. REST API modeling for adding an event (is that a PUT on the event collection, a POST)? can it be done only on root events collection, or on events of entities as well (taking the entity id from url, rather than as a parameter), etc. From emesika at redhat.com Fri Nov 9 09:52:07 2012 From: emesika at redhat.com (Eli Mesika) Date: Fri, 9 Nov 2012 04:52:07 -0500 (EST) Subject: [Engine-devel] [Design for 3.2 RFE] Improving proxy selection algorithm for Power Management operations In-Reply-To: <509CC111.6050608@redhat.com> Message-ID: <2909492.8559766.1352454727559.JavaMail.root@redhat.com> ----- Original Message ----- > From: "Itamar Heim" > To: "Eli Mesika" > Cc: "engine-devel" , "Michael Pasternak" , "Simon Grinberg" > , "Dan Kenigsberg" > Sent: Friday, November 9, 2012 10:38:41 AM > Subject: Re: [Engine-devel] [Design for 3.2 RFE] Improving proxy selection algorithm for Power Management operations > > On 11/07/2012 08:43 PM, Eli Mesika wrote: > > Hi > > > > Please review , any comments are welcomed > > > > Requirements : > > http://wiki.ovirt.org/wiki/Features/HostPMProxyPreferences > > Detailed Design : > > http://wiki.ovirt.org/wiki/Features/Design/DetailedHostPMProxyPreferences > > > > DR for this RFE will be next week, exact schedule & place will > > follow. > > > > some comments on the Detailed part: > > > The default value for this column will be : 'engine,cluster,dc' > > 1. so if this is not passed via REST API, this will be the default > value? Yes > 2. i didn't see any comment about backward compatibility/upgrade > (since > the default value now is actually "DC", so setting a different > default > will change behavior in upgrade, which it shouldn't). > 3. would it make sense to make this default value per compatibility > version? otherwise, adding a 3.1 host via API in 3.1 and 3.2 will > give > different behavior (since default for this in 3.1 is "DC"). Currently, this default is only reflected in the BLL , but you are right, we should add a new configuration value per version that will have the default value, then we can be backward compatible and support the new default value for 3.2. I will add this to the design > > > API > > we also want to allow defining different types of fencing going > forward, > how will the new API support this (proxy list will be per fence > type?). I had talked with that with Simon, there is no requirement for a proxy list per agent type. The RFE of supporting secondary agent per Host is orthogonal to this RFE as well > > see note above for default value behavior for api backward > compatibility > as well > > > Installation/Upgrade > > see note above for upgrade wrt default value and backward > compatibility OK, see my comments above... > > > pre-defined values > > I'm not sure how important is the random ip/host vs. > engine/cluster/dc. > but if you keep it (and change it to configured hosts in the system), > then you should keep hosts uuid's. > (it adds complexity, since those hosts can be deleted, and if only > such > a host was defined, it leaves another host without PM configured, so > you'll be asked to add more and more validations. > > my 2 cents: supporting "another specific host", rather than > engine/cluster/dc is adding complexity, and should be given a valid > use > case to justify that complexity (and even if needed, i'd consider > doing > the implementation in two phases) Agree, this will be much simpler ... Simon, if you have no objection to that, I will change it to support only engine,cluster,datacenter for now... > > > FenceWrapper > > i understand danken suggested going this way, rather than than > another > instance of vdsm. > is vdsm only calling these scripts today and all logic is in engine, > or > does vdsm has any logic in wrapping these scripts (not a blocker to > doing FenceWrapper, just worth extracting that logic from vdsm to > such a > script, then using it in both. i hope answer is 'no logic'...) vdsm has some logic that maps between the call passed to it from engine and the actual parameters generated for the script. AFAIK, this logic only "builds" the correct arguments for the command according to the agent type > From iheim at redhat.com Fri Nov 9 10:02:37 2012 From: iheim at redhat.com (Itamar Heim) Date: Fri, 09 Nov 2012 11:02:37 +0100 Subject: [Engine-devel] [Design for 3.2 RFE] Improving proxy selection algorithm for Power Management operations In-Reply-To: <2909492.8559766.1352454727559.JavaMail.root@redhat.com> References: <2909492.8559766.1352454727559.JavaMail.root@redhat.com> Message-ID: <509CD4BD.4010606@redhat.com> On 11/09/2012 10:52 AM, Eli Mesika wrote: >> > >> > > FenceWrapper >> > >> >i understand danken suggested going this way, rather than than >> >another >> >instance of vdsm. >> >is vdsm only calling these scripts today and all logic is in engine, >> >or >> >does vdsm has any logic in wrapping these scripts (not a blocker to >> >doing FenceWrapper, just worth extracting that logic from vdsm to >> >such a >> >script, then using it in both. i hope answer is 'no logic'...) > vdsm has some logic that maps between the call passed to it from engine and the actual parameters generated for the script. > AFAIK, this logic only "builds" the correct arguments for the command according to the agent type > can we extract it to an external wrapper? I'd hate to fix bugs/changes twice for this. From emesika at redhat.com Fri Nov 9 10:06:05 2012 From: emesika at redhat.com (Eli Mesika) Date: Fri, 9 Nov 2012 05:06:05 -0500 (EST) Subject: [Engine-devel] [Design for 3.2 RFE] Improving proxy selection algorithm for Power Management operations In-Reply-To: <509CD4BD.4010606@redhat.com> Message-ID: <1357032386.8570374.1352455565925.JavaMail.root@redhat.com> ----- Original Message ----- > From: "Itamar Heim" > To: "Eli Mesika" > Cc: "engine-devel" , "Michael Pasternak" , "Simon Grinberg" > , "Dan Kenigsberg" > Sent: Friday, November 9, 2012 12:02:37 PM > Subject: Re: [Engine-devel] [Design for 3.2 RFE] Improving proxy selection algorithm for Power Management operations > > On 11/09/2012 10:52 AM, Eli Mesika wrote: > > >> > > >> > > FenceWrapper > >> > > >> >i understand danken suggested going this way, rather than than > >> >another > >> >instance of vdsm. > >> >is vdsm only calling these scripts today and all logic is in > >> >engine, > >> >or > >> >does vdsm has any logic in wrapping these scripts (not a blocker > >> >to > >> >doing FenceWrapper, just worth extracting that logic from vdsm to > >> >such a > >> >script, then using it in both. i hope answer is 'no logic'...) > > vdsm has some logic that maps between the call passed to it from > > engine and the actual parameters generated for the script. > > AFAIK, this logic only "builds" the correct arguments for the > > command according to the agent type > > > > can we extract it to an external wrapper? > I'd hate to fix bugs/changes twice for this. I'll check it with danken on SUN > From sander at hoentjen.eu Fri Nov 9 16:07:39 2012 From: sander at hoentjen.eu (Sander Hoentjen) Date: Fri, 09 Nov 2012 17:07:39 +0100 Subject: [Engine-devel] SPICE IP override In-Reply-To: <1352288450.13273.87.camel@dhcp-29-7.brq.redhat.com> References: <2CEBE9E7-1C7A-4E52-AE42-04D51983FF6F@redhat.com> <1197121097.6204891.1352278334446.JavaMail.root@redhat.com> <20121107101628.GZ2094@bogey.xentower.nl> <1352283807.13273.67.camel@dhcp-29-7.brq.redhat.com> <20121107110801.GA2094@bogey.xentower.nl> <1352288450.13273.87.camel@dhcp-29-7.brq.redhat.com> Message-ID: <1352477259.24625.15.camel@peecee.hoentjen.eu> On Wed, 2012-11-07 at 12:40 +0100, David Ja?a wrote: > Ewoud Kohl van Wijngaarden p??e v St 07. 11. 2012 v 12:08 +0100: > > On Wed, Nov 07, 2012 at 11:23:27AM +0100, David Ja?a wrote: > > > Ewoud Kohl van Wijngaarden p??e v St 07. 11. 2012 v 11:16 +0100: > > > > On Wed, Nov 07, 2012 at 03:52:14AM -0500, Simon Grinberg wrote: > > > > > ----- Original Message ----- > > > > > > From: "Michal Skrivanek" > > > > > > To: engine-devel at ovirt.org > > > > > > Sent: Tuesday, November 6, 2012 10:39:58 PM > > > > > > Subject: [Engine-devel] SPICE IP override > > > > > > > > > > > > Hi all, > > > > > > On behalf of Tomas - please check out the proposal for enhancing our > > > > > > SPICE integration to allow to return a custom IP/FQDN instead of the > > > > > > host IP address. > > > > > > http://wiki.ovirt.org/wiki/Features/Display_Address_Override > > > > > > All comments are welcome... > > > > > > > > > > My 2 cents, > > > > > > > > > > This works under the assumption that all the users are either outside > > > > > of the organization or inside. > > > > > But think of some of the following scenarios based on a topology where > > > > > users in the main office are inside the corporate network while users > > > > > on remote offices / WAN are on a detached different network on the > > > > > other side of the NAT / public firewall : > > > > > > > > > > With current 'per host override' proposal: > > > > > 1. Admin from the main office won't be able to access the VM console > > > > > 2. No Mixed environment, meaning that you have to have designated > > > > > clusters for remote offices users vs main office users - otherwise > > > > > connectivity to the console is determined based on scheduler > > > > > decision, or may break by live migration. > > > > > 3. Based on #2, If I'm a user travelling between offices I'll have to > > > > > ask the admin to turn off my VM and move it to internal cluster > > > > > before I can reconnect > > > > > > > > > > My suggestion is to covert this to 'alternative' IP/FQDN sending the > > > > > spice client both internal fqdn/ip and the alternative. The spice > > > > > client should detect which is available of the two and auto-connect. > > > > > > > > > > This requires enhancement of the spice client, but still solves all > > > > > the issues raised above (actually it solves about 90% of the use cases > > > > > I've heard about in the past). > > > > > > > > > > Another alternative is for the engine to 'guess' or 'elect' which to > > > > > use, alternative or main, based on the IP of the client - meaning > > > > > admin provides the client ranges for providing internal host address > > > > > vs alternative - but this is more complicated compared for the > > > > > previous suggestion > > > > > > > > > > Thoughts? > > > > > > > > I agree with where you're going with this. The story I'd like to see > > > > supported is close to this. We have external customers who should know > > > > nothing about our internal network, but should be able to access the > > > > console of their VMs. Currently we do this with a custom frontend which > > > > uses the API (and is about as old as the RHEV 2.2 API) and a TCP proxy, > > > > but we'd like to move to the standard UI. Currently the console > > > > connection prevents us from doing so. > > > > > > You could do that with this proposal, if you: > > > 1) DNAT some external-facing IPs to your hypervisor display network IPs > > > 2) resolve display network FQDN to the DNATing machine IPs for external > > > queries. > > > > I imagine you need 1 external-facing IP per host, which makes it > > expensive to scale since IPv4 space is very limited. > > That's the cost of quick-to-implement solution. > > If it is possible to have per-host display port range, you could work > this limitation around by setting non-overlapping ranges for each host > and use a single proxy or DNAT machine that would decide which port to > forward based on the range. I am a colleague of Ewoud, and want to explain a bit more about how we currently have implemented this. All our virtualization hosts, but also the manager only live in the internal network. We have written a webapplication that is a self-service portal for our customers. This webapplication lives on a host that is publicly reachable. This host can also reach the virtualization servers on the internal network. Now for all actions except for viewing a console the webhost only needs to access the api, so what happens when a user wants to view the console (we currently use vnc): On the webhost we have reserved a number of ports. Api request is made to get the host/port, and we set the ticket (vnc password). We create a tunnel (currently use socat, but can of course also be DNAT or any kind of proxy) that connects one of the free ports on the external webhost to the host/port combo we got back from the api. This is a very simple implementation, but it works well in our experience. For added points you can make the proxy smarter, things like handling vm migrations and maybe adding websockets support for a html5 spice client ;) Kind regards, Sander From djasa at redhat.com Fri Nov 9 16:38:17 2012 From: djasa at redhat.com (David =?UTF-8?Q?Ja=C5=A1a?=) Date: Fri, 09 Nov 2012 17:38:17 +0100 Subject: [Engine-devel] SPICE IP override In-Reply-To: <1352477259.24625.15.camel@peecee.hoentjen.eu> References: <2CEBE9E7-1C7A-4E52-AE42-04D51983FF6F@redhat.com> <1197121097.6204891.1352278334446.JavaMail.root@redhat.com> <20121107101628.GZ2094@bogey.xentower.nl> <1352283807.13273.67.camel@dhcp-29-7.brq.redhat.com> <20121107110801.GA2094@bogey.xentower.nl> <1352288450.13273.87.camel@dhcp-29-7.brq.redhat.com> <1352477259.24625.15.camel@peecee.hoentjen.eu> Message-ID: <1352479097.13273.266.camel@dhcp-29-7.brq.redhat.com> Sander Hoentjen p??e v P? 09. 11. 2012 v 17:07 +0100: > On Wed, 2012-11-07 at 12:40 +0100, David Ja?a wrote: > > Ewoud Kohl van Wijngaarden p??e v St 07. 11. 2012 v 12:08 +0100: > > > On Wed, Nov 07, 2012 at 11:23:27AM +0100, David Ja?a wrote: > > > > Ewoud Kohl van Wijngaarden p??e v St 07. 11. 2012 v 11:16 +0100: > > > > > On Wed, Nov 07, 2012 at 03:52:14AM -0500, Simon Grinberg wrote: > > > > > > ----- Original Message ----- > > > > > > > From: "Michal Skrivanek" > > > > > > > To: engine-devel at ovirt.org > > > > > > > Sent: Tuesday, November 6, 2012 10:39:58 PM > > > > > > > Subject: [Engine-devel] SPICE IP override > > > > > > > > > > > > > > Hi all, > > > > > > > On behalf of Tomas - please check out the proposal for enhancing our > > > > > > > SPICE integration to allow to return a custom IP/FQDN instead of the > > > > > > > host IP address. > > > > > > > http://wiki.ovirt.org/wiki/Features/Display_Address_Override > > > > > > > All comments are welcome... > > > > > > > > > > > > My 2 cents, > > > > > > > > > > > > This works under the assumption that all the users are either outside > > > > > > of the organization or inside. > > > > > > But think of some of the following scenarios based on a topology where > > > > > > users in the main office are inside the corporate network while users > > > > > > on remote offices / WAN are on a detached different network on the > > > > > > other side of the NAT / public firewall : > > > > > > > > > > > > With current 'per host override' proposal: > > > > > > 1. Admin from the main office won't be able to access the VM console > > > > > > 2. No Mixed environment, meaning that you have to have designated > > > > > > clusters for remote offices users vs main office users - otherwise > > > > > > connectivity to the console is determined based on scheduler > > > > > > decision, or may break by live migration. > > > > > > 3. Based on #2, If I'm a user travelling between offices I'll have to > > > > > > ask the admin to turn off my VM and move it to internal cluster > > > > > > before I can reconnect > > > > > > > > > > > > My suggestion is to covert this to 'alternative' IP/FQDN sending the > > > > > > spice client both internal fqdn/ip and the alternative. The spice > > > > > > client should detect which is available of the two and auto-connect. > > > > > > > > > > > > This requires enhancement of the spice client, but still solves all > > > > > > the issues raised above (actually it solves about 90% of the use cases > > > > > > I've heard about in the past). > > > > > > > > > > > > Another alternative is for the engine to 'guess' or 'elect' which to > > > > > > use, alternative or main, based on the IP of the client - meaning > > > > > > admin provides the client ranges for providing internal host address > > > > > > vs alternative - but this is more complicated compared for the > > > > > > previous suggestion > > > > > > > > > > > > Thoughts? > > > > > > > > > > I agree with where you're going with this. The story I'd like to see > > > > > supported is close to this. We have external customers who should know > > > > > nothing about our internal network, but should be able to access the > > > > > console of their VMs. Currently we do this with a custom frontend which > > > > > uses the API (and is about as old as the RHEV 2.2 API) and a TCP proxy, > > > > > but we'd like to move to the standard UI. Currently the console > > > > > connection prevents us from doing so. > > > > > > > > You could do that with this proposal, if you: > > > > 1) DNAT some external-facing IPs to your hypervisor display network IPs > > > > 2) resolve display network FQDN to the DNATing machine IPs for external > > > > queries. > > > > > > I imagine you need 1 external-facing IP per host, which makes it > > > expensive to scale since IPv4 space is very limited. > > > > That's the cost of quick-to-implement solution. > > > > If it is possible to have per-host display port range, you could work > > this limitation around by setting non-overlapping ranges for each host > > and use a single proxy or DNAT machine that would decide which port to > > forward based on the range. > > I am a colleague of Ewoud, and want to explain a bit more about how we > currently have implemented this. > All our virtualization hosts, but also the manager only live in the > internal network. We have written a webapplication that is a > self-service portal for our customers. This webapplication lives on a > host that is publicly reachable. This host can also reach the > virtualization servers on the internal network. Now for all actions > except for viewing a console the webhost only needs to access the api, > so what happens when a user wants to view the console (we currently use > vnc): > On the webhost we have reserved a number of ports. > Api request is made to get the host/port, and we set the ticket (vnc > password). > We create a tunnel (currently use socat, but can of course also be DNAT > or any kind of proxy) that connects one of the free ports on the > external webhost to the host/port combo we got back from the api. > This is a very simple implementation, but it works well in our > experience. This would work with spice as well apart from one thing -- migration. To support it really cleanly in these cases, one of these two things would have to exist: * spice proxy that would handle migrations on client behalf (but then you'd lose end-to-end encryption) * tweak to libvirt and vdsm and engine (engine via upcoming engine plugins maybe?) so that when migration with connected client is about to begin, vdsm will ask engine for external ip/fqdn:port that will match the ports it is about to configure for qemu and instruct libvirt to send these values to client_migrate_info qemu command instead of direct host/port/tls-port values. 2nd way seems more appropriate to me but the "ask engine to ask for external ip and ports" sounds like something that won't be easy to get properly. David > > For added points you can make the proxy smarter, things like handling vm > migrations and maybe adding websockets support for a html5 spice > client ;) > > Kind regards, > Sander > > > > _______________________________________________ > Engine-devel mailing list > Engine-devel at ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel -- David Ja?a, RHCE SPICE QE based in Brno GPG Key: 22C33E24 Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24 From ykaul at redhat.com Fri Nov 9 18:30:52 2012 From: ykaul at redhat.com (Yaniv Kaul) Date: Fri, 09 Nov 2012 20:30:52 +0200 Subject: [Engine-devel] SPICE IP override In-Reply-To: <509A340E.9040901@redhat.com> References: <1190246211.6251087.1352281945100.JavaMail.root@redhat.com> <509A340E.9040901@redhat.com> Message-ID: <509D4BDC.7070801@redhat.com> On 11/07/2012 12:12 PM, Itamar Heim wrote: > On 11/07/2012 10:52 AM, Simon Grinberg wrote: >> >> >> ----- Original Message ----- >>> From: "Itamar Heim" >>> To: "Simon Grinberg" >>> Cc: engine-devel at ovirt.org >>> Sent: Wednesday, November 7, 2012 10:46:24 AM >>> Subject: Re: [Engine-devel] SPICE IP override >>> >>> On 11/07/2012 09:52 AM, Simon Grinberg wrote: >>>> >>>> >>>> ----- Original Message ----- >>>>> From: "Michal Skrivanek" >>>>> To: engine-devel at ovirt.org >>>>> Sent: Tuesday, November 6, 2012 10:39:58 PM >>>>> Subject: [Engine-devel] SPICE IP override >>>>> >>>>> Hi all, >>>>> On behalf of Tomas - please check out the proposal for enhancing >>>>> our >>>>> SPICE integration to allow to return a custom IP/FQDN instead of >>>>> the >>>>> host IP address. >>>>> http://wiki.ovirt.org/wiki/Features/Display_Address_Override >>>>> All comments are welcome... >>>> >>>> My 2 cents, >>>> >>>> This works under the assumption that all the users are either >>>> outside of the organization or inside. >>>> But think of some of the following scenarios based on a topology >>>> where users in the main office are inside the corporate network >>>> while users on remote offices / WAN are on a detached different >>>> network on the other side of the NAT / public firewall : >>>> >>>> With current 'per host override' proposal: >>>> 1. Admin from the main office won't be able to access the VM >>>> console >>>> 2. No Mixed environment, meaning that you have to have designated >>>> clusters for remote offices users vs main office users - otherwise >>>> connectivity to the console is determined based on scheduler >>>> decision, or may break by live migration. >>>> 3. Based on #2, If I'm a user travelling between offices I'll have >>>> to ask the admin to turn off my VM and move it to internal cluster >>>> before I can reconnect >>>> >>>> My suggestion is to covert this to 'alternative' IP/FQDN sending >>>> the spice client both internal fqdn/ip and the alternative. The >>>> spice client should detect which is available of the two and >>>> auto-connect. >>>> >>>> This requires enhancement of the spice client, but still solves all >>>> the issues raised above (actually it solves about 90% of the use >>>> cases I've heard about in the past). >>>> >>>> Another alternative is for the engine to 'guess' or 'elect' which >>>> to use, alternative or main, based on the IP of the client - >>>> meaning admin provides the client ranges for providing internal >>>> host address vs alternative - but this is more complicated >>>> compared for the previous suggestion >>>> >>>> Thoughts? >>> >>> i think this is over complicating things. >>> I'd expect someone that wants to handle internal and external >>> differently to use DNS, and resolve the DNS differently for external >>> and >>> internal clients. >> >> That will not necessarily solve the issue - what about WAN users from >> home? the DNS is not under their control -> they need redirection to >> the public facing NAT servers. > > if a public service, not relevant. > if a private service, i expect they would be using a VPN, with dns > resolution provided by the organization for external vpn users, if > they need to resolve IPs differently internally and externally. If they are using VPN, they don't need all that NAT stuff. If they are using VPN and STILL need that NAT stuff, it is probably on the same box (FW+NAT+VPN), and then it's a non-issue. If the VPN and the NAT is NOT on the same setup, best of luck to them. Y. > >> >> + At least currently (and this must change, unless you accept the >> proposal I've raised) the engine sends fqdn if the display network in >> on the engine management network and IP on any other selected >> Display-Network. > > not with this patch, which sends the dns the admin configured, > regardless of display logical network used. > >> >> No DNS will help you in this case, so you still need alternate FQDN. >> >>> >>> (note this is different from specifying the spice proxy address at >>> cluster level, which is something you want user to choose if they >>> want >>> to enable or not per their location) >>> _______________________________________________ >>> Engine-devel mailing list >>> Engine-devel at ovirt.org >>> http://lists.ovirt.org/mailman/listinfo/engine-devel >>> > > > _______________________________________________ > Engine-devel mailing list > Engine-devel at ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel From deadhorseconsulting at gmail.com Fri Nov 9 20:28:18 2012 From: deadhorseconsulting at gmail.com (Dead Horse) Date: Fri, 9 Nov 2012 14:28:18 -0600 Subject: [Engine-devel] engine database upgrade failure with latest Message-ID: I built the latest ovirt-engine from GIT and attempted to upgrade. Version that I attempting to upgrade was built Monday from master (commit: a665ec3af7b2dd04e80007b1c062868d3e049fce). Below is the what was logged by engine-upgrade: 2012-11-09 14:15:54::DEBUG::engine-upgrade::425::root:: DB Update started 2012-11-09 14:15:54::DEBUG::common_utils::390::root:: Executing command --> '/usr/share/ovirt-engine/dbscripts/upgrade.sh -s localhost -p 5432 -u engine -d engine_2012_11_09_14_12_52' 2012-11-09 14:15:58::DEBUG::common_utils::428::root:: output = upgrade script detected a change in Config, View or Stored Procedure... 2012-11-09 14:15:58::DEBUG::common_utils::429::root:: stderr = psql:create_functions.sql:666: ERROR: must be owner of function uuid_generate_v1 2012-11-09 14:15:58::DEBUG::common_utils::430::root:: retcode = 3 2012-11-09 14:15:58::ERROR::engine-upgrade::1072::root:: Traceback (most recent call last): File "/usr/bin/engine-upgrade", line 1059, in main runFunc([db.update], MSG_INFO_DB_UPDATE) File "/usr/bin/engine-upgrade", line 607, in runFunc func() File "/usr/bin/engine-upgrade", line 442, in update output, rc = utils.execCmd(cmdList=cmd, failOnError=True, msg=MSG_ERROR_UPDATE_DB) File "/usr/share/ovirt-engine/scripts/common_utils.py", line 433, in execCmd raise Exception(msg) Exception: Error: Database update failed - DHC -------------- next part -------------- An HTML attachment was scrubbed... URL: From alonbl at redhat.com Fri Nov 9 20:32:11 2012 From: alonbl at redhat.com (Alon Bar-Lev) Date: Fri, 9 Nov 2012 15:32:11 -0500 (EST) Subject: [Engine-devel] engine database upgrade failure with latest In-Reply-To: Message-ID: <120348863.8209230.1352493131554.JavaMail.root@redhat.com> Strange... This[1] patch should have solved this. It is merged to master. Are you using master? [1] http://gerrit.ovirt.org/#/c/8955/ ----- Original Message ----- > From: "Dead Horse" > To: engine-devel at ovirt.org > Sent: Friday, November 9, 2012 10:28:18 PM > Subject: [Engine-devel] engine database upgrade failure with latest > > > I built the latest ovirt-engine from GIT and attempted to upgrade. > Version that I attempting to upgrade was built Monday from master > (commit: a665ec3af7b2dd04e80007b1c062868d3e049fce). > > Below is the what was logged by engine-upgrade: > 2012-11-09 14:15:54::DEBUG::engine-upgrade::425::root:: DB Update > started > 2012-11-09 14:15:54::DEBUG::common_utils::390::root:: Executing > command --> '/usr/share/ovirt-engine/dbscripts/upgrade.sh -s > localhost -p 5432 -u engine -d engine_2012_11_09_14_12_52' > 2012-11-09 14:15:58::DEBUG::common_utils::428::root:: output = > upgrade script detected a change in Config, View or Stored > Procedure... > > 2012-11-09 14:15:58::DEBUG::common_utils::429::root:: stderr = > psql:create_functions.sql:666: ERROR: must be owner of function > uuid_generate_v1 > > 2012-11-09 14:15:58::DEBUG::common_utils::430::root:: retcode = 3 > 2012-11-09 14:15:58::ERROR::engine-upgrade::1072::root:: Traceback > (most recent call last): > File "/usr/bin/engine-upgrade", line 1059, in main > runFunc([db.update], MSG_INFO_DB_UPDATE) > File "/usr/bin/engine-upgrade", line 607, in runFunc > func() > File "/usr/bin/engine-upgrade", line 442, in update > output, rc = utils.execCmd(cmdList=cmd, failOnError=True, > msg=MSG_ERROR_UPDATE_DB) > File "/usr/share/ovirt-engine/scripts/common_utils.py", line 433, in > execCmd > raise Exception(msg) > Exception: Error: Database update failed > > - DHC > > > _______________________________________________ > Engine-devel mailing list > Engine-devel at ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel > From deadhorseconsulting at gmail.com Fri Nov 9 20:42:28 2012 From: deadhorseconsulting at gmail.com (Dead Horse) Date: Fri, 9 Nov 2012 14:42:28 -0600 Subject: [Engine-devel] engine database upgrade failure with latest In-Reply-To: <120348863.8209230.1352493131554.JavaMail.root@redhat.com> References: <120348863.8209230.1352493131554.JavaMail.root@redhat.com> Message-ID: cloned via git clone http://gerrit.ovirt.org/p/ovirt-engine (so master by default) current master commit appears to me as: commit2dc9b518099ec1ac3995abf1483f43cdcb6eb2b8 On Fri, Nov 9, 2012 at 2:32 PM, Alon Bar-Lev wrote: > > Strange... > > This[1] patch should have solved this. It is merged to master. > Are you using master? > > [1] http://gerrit.ovirt.org/#/c/8955/ > > ----- Original Message ----- > > From: "Dead Horse" > > To: engine-devel at ovirt.org > > Sent: Friday, November 9, 2012 10:28:18 PM > > Subject: [Engine-devel] engine database upgrade failure with latest > > > > > > I built the latest ovirt-engine from GIT and attempted to upgrade. > > Version that I attempting to upgrade was built Monday from master > > (commit: a665ec3af7b2dd04e80007b1c062868d3e049fce). > > > > Below is the what was logged by engine-upgrade: > > 2012-11-09 14:15:54::DEBUG::engine-upgrade::425::root:: DB Update > > started > > 2012-11-09 14:15:54::DEBUG::common_utils::390::root:: Executing > > command --> '/usr/share/ovirt-engine/dbscripts/upgrade.sh -s > > localhost -p 5432 -u engine -d engine_2012_11_09_14_12_52' > > 2012-11-09 14:15:58::DEBUG::common_utils::428::root:: output = > > upgrade script detected a change in Config, View or Stored > > Procedure... > > > > 2012-11-09 14:15:58::DEBUG::common_utils::429::root:: stderr = > > psql:create_functions.sql:666: ERROR: must be owner of function > > uuid_generate_v1 > > > > 2012-11-09 14:15:58::DEBUG::common_utils::430::root:: retcode = 3 > > 2012-11-09 14:15:58::ERROR::engine-upgrade::1072::root:: Traceback > > (most recent call last): > > File "/usr/bin/engine-upgrade", line 1059, in main > > runFunc([db.update], MSG_INFO_DB_UPDATE) > > File "/usr/bin/engine-upgrade", line 607, in runFunc > > func() > > File "/usr/bin/engine-upgrade", line 442, in update > > output, rc = utils.execCmd(cmdList=cmd, failOnError=True, > > msg=MSG_ERROR_UPDATE_DB) > > File "/usr/share/ovirt-engine/scripts/common_utils.py", line 433, in > > execCmd > > raise Exception(msg) > > Exception: Error: Database update failed > > > > - DHC > > > > > > _______________________________________________ > > Engine-devel mailing list > > Engine-devel at ovirt.org > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alonbl at redhat.com Fri Nov 9 20:49:24 2012 From: alonbl at redhat.com (Alon Bar-Lev) Date: Fri, 9 Nov 2012 15:49:24 -0500 (EST) Subject: [Engine-devel] engine database upgrade failure with latest In-Reply-To: Message-ID: <210237391.8211710.1352494164990.JavaMail.root@redhat.com> You wrote version from Monday... (a665ec3af7b2dd04e80007b1c062868d3e049fce) Which was before patch was applied. ----- Original Message ----- > From: "Dead Horse" > To: "Alon Bar-Lev" > Cc: engine-devel at ovirt.org > Sent: Friday, November 9, 2012 10:42:28 PM > Subject: Re: [Engine-devel] engine database upgrade failure with latest > > cloned via git clone http://gerrit.ovirt.org/p/ovirt-engine (so > master by default) > current master commit appears to me as: > commit 2dc9b518099ec1ac3995abf1483f43cdcb6eb2b8 > > > > On Fri, Nov 9, 2012 at 2:32 PM, Alon Bar-Lev < alonbl at redhat.com > > wrote: > > > > Strange... > > This[1] patch should have solved this. It is merged to master. > Are you using master? > > [1] http://gerrit.ovirt.org/#/c/8955/ > > > > ----- Original Message ----- > > From: "Dead Horse" < deadhorseconsulting at gmail.com > > > To: engine-devel at ovirt.org > > Sent: Friday, November 9, 2012 10:28:18 PM > > Subject: [Engine-devel] engine database upgrade failure with latest > > > > > > I built the latest ovirt-engine from GIT and attempted to upgrade. > > Version that I attempting to upgrade was built Monday from master > > (commit: a665ec3af7b2dd04e80007b1c062868d3e049fce). > > > > Below is the what was logged by engine-upgrade: > > 2012-11-09 14:15:54::DEBUG::engine-upgrade::425::root:: DB Update > > started > > 2012-11-09 14:15:54::DEBUG::common_utils::390::root:: Executing > > command --> '/usr/share/ovirt-engine/dbscripts/upgrade.sh -s > > localhost -p 5432 -u engine -d engine_2012_11_09_14_12_52' > > 2012-11-09 14:15:58::DEBUG::common_utils::428::root:: output = > > upgrade script detected a change in Config, View or Stored > > Procedure... > > > > 2012-11-09 14:15:58::DEBUG::common_utils::429::root:: stderr = > > psql:create_functions.sql:666: ERROR: must be owner of function > > uuid_generate_v1 > > > > 2012-11-09 14:15:58::DEBUG::common_utils::430::root:: retcode = 3 > > 2012-11-09 14:15:58::ERROR::engine-upgrade::1072::root:: Traceback > > (most recent call last): > > File "/usr/bin/engine-upgrade", line 1059, in main > > runFunc([db.update], MSG_INFO_DB_UPDATE) > > File "/usr/bin/engine-upgrade", line 607, in runFunc > > func() > > File "/usr/bin/engine-upgrade", line 442, in update > > output, rc = utils.execCmd(cmdList=cmd, failOnError=True, > > msg=MSG_ERROR_UPDATE_DB) > > File "/usr/share/ovirt-engine/scripts/common_utils.py", line 433, > > in > > execCmd > > raise Exception(msg) > > Exception: Error: Database update failed > > > > - DHC > > > > > > _______________________________________________ > > Engine-devel mailing list > > Engine-devel at ovirt.org > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > > > From deadhorseconsulting at gmail.com Fri Nov 9 20:52:32 2012 From: deadhorseconsulting at gmail.com (Dead Horse) Date: Fri, 9 Nov 2012 14:52:32 -0600 Subject: [Engine-devel] engine database upgrade failure with latest In-Reply-To: <210237391.8211710.1352494164990.JavaMail.root@redhat.com> References: <210237391.8211710.1352494164990.JavaMail.root@redhat.com> Message-ID: Correct the version I am attempting to upgrade was built from master on Monday. I just built master from today and attempted to upgrade the running instance I built from master on Monday. On Fri, Nov 9, 2012 at 2:49 PM, Alon Bar-Lev wrote: > You wrote version from Monday... (a665ec3af7b2dd04e80007b1c062868d3e049fce) > Which was before patch was applied. > > ----- Original Message ----- > > From: "Dead Horse" > > To: "Alon Bar-Lev" > > Cc: engine-devel at ovirt.org > > Sent: Friday, November 9, 2012 10:42:28 PM > > Subject: Re: [Engine-devel] engine database upgrade failure with latest > > > > cloned via git clone http://gerrit.ovirt.org/p/ovirt-engine (so > > master by default) > > current master commit appears to me as: > > commit 2dc9b518099ec1ac3995abf1483f43cdcb6eb2b8 > > > > > > > > On Fri, Nov 9, 2012 at 2:32 PM, Alon Bar-Lev < alonbl at redhat.com > > > wrote: > > > > > > > > Strange... > > > > This[1] patch should have solved this. It is merged to master. > > Are you using master? > > > > [1] http://gerrit.ovirt.org/#/c/8955/ > > > > > > > > ----- Original Message ----- > > > From: "Dead Horse" < deadhorseconsulting at gmail.com > > > > To: engine-devel at ovirt.org > > > Sent: Friday, November 9, 2012 10:28:18 PM > > > Subject: [Engine-devel] engine database upgrade failure with latest > > > > > > > > > I built the latest ovirt-engine from GIT and attempted to upgrade. > > > Version that I attempting to upgrade was built Monday from master > > > (commit: a665ec3af7b2dd04e80007b1c062868d3e049fce). > > > > > > Below is the what was logged by engine-upgrade: > > > 2012-11-09 14:15:54::DEBUG::engine-upgrade::425::root:: DB Update > > > started > > > 2012-11-09 14:15:54::DEBUG::common_utils::390::root:: Executing > > > command --> '/usr/share/ovirt-engine/dbscripts/upgrade.sh -s > > > localhost -p 5432 -u engine -d engine_2012_11_09_14_12_52' > > > 2012-11-09 14:15:58::DEBUG::common_utils::428::root:: output = > > > upgrade script detected a change in Config, View or Stored > > > Procedure... > > > > > > 2012-11-09 14:15:58::DEBUG::common_utils::429::root:: stderr = > > > psql:create_functions.sql:666: ERROR: must be owner of function > > > uuid_generate_v1 > > > > > > 2012-11-09 14:15:58::DEBUG::common_utils::430::root:: retcode = 3 > > > 2012-11-09 14:15:58::ERROR::engine-upgrade::1072::root:: Traceback > > > (most recent call last): > > > File "/usr/bin/engine-upgrade", line 1059, in main > > > runFunc([db.update], MSG_INFO_DB_UPDATE) > > > File "/usr/bin/engine-upgrade", line 607, in runFunc > > > func() > > > File "/usr/bin/engine-upgrade", line 442, in update > > > output, rc = utils.execCmd(cmdList=cmd, failOnError=True, > > > msg=MSG_ERROR_UPDATE_DB) > > > File "/usr/share/ovirt-engine/scripts/common_utils.py", line 433, > > > in > > > execCmd > > > raise Exception(msg) > > > Exception: Error: Database update failed > > > > > > - DHC > > > > > > > > > _______________________________________________ > > > Engine-devel mailing list > > > Engine-devel at ovirt.org > > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From deadhorseconsulting at gmail.com Fri Nov 9 21:10:46 2012 From: deadhorseconsulting at gmail.com (Dead Horse) Date: Fri, 9 Nov 2012 15:10:46 -0600 Subject: [Engine-devel] engine database upgrade failure with latest In-Reply-To: References: <210237391.8211710.1352494164990.JavaMail.root@redhat.com> Message-ID: Clarifying further: What is running that I am attempting to upgrade: (parent: 6125e33 ) core: Improve error logging when there are LDAP queries errors 28/9028/2 authorYair Zaslavsky Mon, 5 Nov 2012 10:28:23 +0000 (12:28 +0200)committerYair Zaslavsky Mon, 5 Nov 2012 15:43:40 +0000 (17:43 +0200)commit a665ec3af7b2dd04e80007b1c062868d3e049fcetree f448ae8313c2417dd578469de20e7d332e085490 parent6125e335cbb49730899c6feeb05147db6d0c4eaa What I just built and attempting to upgrade with: (parent: 025b98c ) core: removed getVmNetworkInterfaceDao 05/9105/2 master authorLaszlo Hornyak Wed, 7 Nov 2012 14:25:03 +0000 (15:25 +0100)committerLaszlo Hornyak Thu, 8 Nov 2012 20:01:59 +0000 (21:01 +0100)commit 2dc9b518099ec1ac3995abf1483f43cdcb6eb2b8tree 71f522f4a30dea8871e7d5f95dbd126045aa8135 parent025b98c2a7f7b4a7f4bca417d2dfa95199adfa91 On Fri, Nov 9, 2012 at 2:52 PM, Dead Horse wrote: > Correct the version I am attempting to upgrade was built from master on > Monday. I just built master from today and attempted to upgrade the running > instance I built from master on Monday. > > > > On Fri, Nov 9, 2012 at 2:49 PM, Alon Bar-Lev wrote: > >> You wrote version from Monday... >> (a665ec3af7b2dd04e80007b1c062868d3e049fce) >> Which was before patch was applied. >> >> ----- Original Message ----- >> > From: "Dead Horse" >> > To: "Alon Bar-Lev" >> > Cc: engine-devel at ovirt.org >> > Sent: Friday, November 9, 2012 10:42:28 PM >> > Subject: Re: [Engine-devel] engine database upgrade failure with latest >> > >> > cloned via git clone http://gerrit.ovirt.org/p/ovirt-engine (so >> > master by default) >> > current master commit appears to me as: >> > commit 2dc9b518099ec1ac3995abf1483f43cdcb6eb2b8 >> > >> > >> > >> > On Fri, Nov 9, 2012 at 2:32 PM, Alon Bar-Lev < alonbl at redhat.com > >> > wrote: >> > >> > >> > >> > Strange... >> > >> > This[1] patch should have solved this. It is merged to master. >> > Are you using master? >> > >> > [1] http://gerrit.ovirt.org/#/c/8955/ >> > >> > >> > >> > ----- Original Message ----- >> > > From: "Dead Horse" < deadhorseconsulting at gmail.com > >> > > To: engine-devel at ovirt.org >> > > Sent: Friday, November 9, 2012 10:28:18 PM >> > > Subject: [Engine-devel] engine database upgrade failure with latest >> > > >> > > >> > > I built the latest ovirt-engine from GIT and attempted to upgrade. >> > > Version that I attempting to upgrade was built Monday from master >> > > (commit: a665ec3af7b2dd04e80007b1c062868d3e049fce). >> > > >> > > Below is the what was logged by engine-upgrade: >> > > 2012-11-09 14:15:54::DEBUG::engine-upgrade::425::root:: DB Update >> > > started >> > > 2012-11-09 14:15:54::DEBUG::common_utils::390::root:: Executing >> > > command --> '/usr/share/ovirt-engine/dbscripts/upgrade.sh -s >> > > localhost -p 5432 -u engine -d engine_2012_11_09_14_12_52' >> > > 2012-11-09 14:15:58::DEBUG::common_utils::428::root:: output = >> > > upgrade script detected a change in Config, View or Stored >> > > Procedure... >> > > >> > > 2012-11-09 14:15:58::DEBUG::common_utils::429::root:: stderr = >> > > psql:create_functions.sql:666: ERROR: must be owner of function >> > > uuid_generate_v1 >> > > >> > > 2012-11-09 14:15:58::DEBUG::common_utils::430::root:: retcode = 3 >> > > 2012-11-09 14:15:58::ERROR::engine-upgrade::1072::root:: Traceback >> > > (most recent call last): >> > > File "/usr/bin/engine-upgrade", line 1059, in main >> > > runFunc([db.update], MSG_INFO_DB_UPDATE) >> > > File "/usr/bin/engine-upgrade", line 607, in runFunc >> > > func() >> > > File "/usr/bin/engine-upgrade", line 442, in update >> > > output, rc = utils.execCmd(cmdList=cmd, failOnError=True, >> > > msg=MSG_ERROR_UPDATE_DB) >> > > File "/usr/share/ovirt-engine/scripts/common_utils.py", line 433, >> > > in >> > > execCmd >> > > raise Exception(msg) >> > > Exception: Error: Database update failed >> > > >> > > - DHC >> > > >> > > >> > > _______________________________________________ >> > > Engine-devel mailing list >> > > Engine-devel at ovirt.org >> > > http://lists.ovirt.org/mailman/listinfo/engine-devel >> > > >> > >> > >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From deadhorseconsulting at gmail.com Sat Nov 10 00:14:30 2012 From: deadhorseconsulting at gmail.com (Dead Horse) Date: Fri, 9 Nov 2012 18:14:30 -0600 Subject: [Engine-devel] engine database upgrade failure with latest In-Reply-To: References: <210237391.8211710.1352494164990.JavaMail.root@redhat.com> Message-ID: Very odd I stopped the engine service manually and ran engine-upgrade. This time it succeeded. For fun I removed the engine and re-installed the prior build. I again ran engine-upgrade and the failure reproduced again. I stopped the engine service again and ran engine-upgrade and it succeeded the second attempt. - DHC On Fri, Nov 9, 2012 at 3:10 PM, Dead Horse wrote: > Clarifying further: > What is running that I am attempting to upgrade: > (parent: 6125e33 > ) > core: Improve error logging when there are LDAP queries errors > 28/9028/2 > authorYair Zaslavsky > > > Mon, 5 Nov 2012 10:28:23 +0000 (12:28 +0200)committerYair Zaslavsky > > > Mon, 5 Nov 2012 15:43:40 +0000 (17:43 +0200)commita665ec3af7b2dd04e80007b1c062868d3e049fce > treef448ae8313c2417dd578469de20e7d332e085490 > > parent6125e335cbb49730899c6feeb05147db6d0c4eaa > > > What I just built and attempting to upgrade with: > (parent: 025b98c > ) > core: removed getVmNetworkInterfaceDao > 05/9105/2 > master > authorLaszlo Hornyak > > > Wed, 7 Nov 2012 14:25:03 +0000 (15:25 +0100)committerLaszlo Hornyak > > > Thu, 8 Nov 2012 20:01:59 +0000 (21:01 +0100)commit2dc9b518099ec1ac3995abf1483f43cdcb6eb2b8 > tree71f522f4a30dea8871e7d5f95dbd126045aa8135 > parent 025b98c2a7f7b4a7f4bca417d2dfa95199adfa91 > > > > On Fri, Nov 9, 2012 at 2:52 PM, Dead Horse wrote: > >> Correct the version I am attempting to upgrade was built from master on >> Monday. I just built master from today and attempted to upgrade the running >> instance I built from master on Monday. >> >> >> >> On Fri, Nov 9, 2012 at 2:49 PM, Alon Bar-Lev wrote: >> >>> You wrote version from Monday... >>> (a665ec3af7b2dd04e80007b1c062868d3e049fce) >>> Which was before patch was applied. >>> >>> ----- Original Message ----- >>> > From: "Dead Horse" >>> > To: "Alon Bar-Lev" >>> > Cc: engine-devel at ovirt.org >>> > Sent: Friday, November 9, 2012 10:42:28 PM >>> > Subject: Re: [Engine-devel] engine database upgrade failure with latest >>> > >>> > cloned via git clone http://gerrit.ovirt.org/p/ovirt-engine (so >>> > master by default) >>> > current master commit appears to me as: >>> > commit 2dc9b518099ec1ac3995abf1483f43cdcb6eb2b8 >>> > >>> > >>> > >>> > On Fri, Nov 9, 2012 at 2:32 PM, Alon Bar-Lev < alonbl at redhat.com > >>> > wrote: >>> > >>> > >>> > >>> > Strange... >>> > >>> > This[1] patch should have solved this. It is merged to master. >>> > Are you using master? >>> > >>> > [1] http://gerrit.ovirt.org/#/c/8955/ >>> > >>> > >>> > >>> > ----- Original Message ----- >>> > > From: "Dead Horse" < deadhorseconsulting at gmail.com > >>> > > To: engine-devel at ovirt.org >>> > > Sent: Friday, November 9, 2012 10:28:18 PM >>> > > Subject: [Engine-devel] engine database upgrade failure with latest >>> > > >>> > > >>> > > I built the latest ovirt-engine from GIT and attempted to upgrade. >>> > > Version that I attempting to upgrade was built Monday from master >>> > > (commit: a665ec3af7b2dd04e80007b1c062868d3e049fce). >>> > > >>> > > Below is the what was logged by engine-upgrade: >>> > > 2012-11-09 14:15:54::DEBUG::engine-upgrade::425::root:: DB Update >>> > > started >>> > > 2012-11-09 14:15:54::DEBUG::common_utils::390::root:: Executing >>> > > command --> '/usr/share/ovirt-engine/dbscripts/upgrade.sh -s >>> > > localhost -p 5432 -u engine -d engine_2012_11_09_14_12_52' >>> > > 2012-11-09 14:15:58::DEBUG::common_utils::428::root:: output = >>> > > upgrade script detected a change in Config, View or Stored >>> > > Procedure... >>> > > >>> > > 2012-11-09 14:15:58::DEBUG::common_utils::429::root:: stderr = >>> > > psql:create_functions.sql:666: ERROR: must be owner of function >>> > > uuid_generate_v1 >>> > > >>> > > 2012-11-09 14:15:58::DEBUG::common_utils::430::root:: retcode = 3 >>> > > 2012-11-09 14:15:58::ERROR::engine-upgrade::1072::root:: Traceback >>> > > (most recent call last): >>> > > File "/usr/bin/engine-upgrade", line 1059, in main >>> > > runFunc([db.update], MSG_INFO_DB_UPDATE) >>> > > File "/usr/bin/engine-upgrade", line 607, in runFunc >>> > > func() >>> > > File "/usr/bin/engine-upgrade", line 442, in update >>> > > output, rc = utils.execCmd(cmdList=cmd, failOnError=True, >>> > > msg=MSG_ERROR_UPDATE_DB) >>> > > File "/usr/share/ovirt-engine/scripts/common_utils.py", line 433, >>> > > in >>> > > execCmd >>> > > raise Exception(msg) >>> > > Exception: Error: Database update failed >>> > > >>> > > - DHC >>> > > >>> > > >>> > > _______________________________________________ >>> > > Engine-devel mailing list >>> > > Engine-devel at ovirt.org >>> > > http://lists.ovirt.org/mailman/listinfo/engine-devel >>> > > >>> > >>> > >>> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alonbl at redhat.com Sat Nov 10 11:20:23 2012 From: alonbl at redhat.com (Alon Bar-Lev) Date: Sat, 10 Nov 2012 06:20:23 -0500 (EST) Subject: [Engine-devel] engine database upgrade failure with latest In-Reply-To: Message-ID: <2127103489.8242475.1352546423799.JavaMail.root@redhat.com> Indeed odd, as the engine-upgrade stops the engine service if you answer 'yes' at the beginning. Or maybe you upgrade using unattended mode and this is skipped. ----- Original Message ----- > From: "Dead Horse" > To: "Alon Bar-Lev" > Cc: engine-devel at ovirt.org > Sent: Saturday, November 10, 2012 2:14:30 AM > Subject: Re: [Engine-devel] engine database upgrade failure with latest > > Very odd I stopped the engine service manually and ran > engine-upgrade. This time it succeeded. For fun I removed the engine > and re-installed the prior build. I again ran engine-upgrade and the > failure reproduced again. I stopped the engine service again and ran > engine-upgrade and it succeeded the second attempt. > - DHC > > > > > On Fri, Nov 9, 2012 at 3:10 PM, Dead Horse < > deadhorseconsulting at gmail.com > wrote: > > > Clarifying further: > What is running that I am attempting to upgrade: > > (parent: 6125e33 ) > > core: Improve error logging when there are LDAP queries errors > 28/9028/2 > author Yair Zaslavsky > > > Mon, 5 Nov 2012 10:28:23 +0000 (12:28 +0200) > committer Yair Zaslavsky > > > Mon, 5 Nov 2012 15:43:40 +0000 (17:43 +0200) > commit a665ec3af7b2dd04e80007b1c062868d3e049fce > tree f448ae8313c2417dd578469de20e7d332e085490 > > parent 6125e335cbb49730899c6feeb05147db6d0c4eaa > > What I just built and attempting to upgrade with: > > (parent: 025b98c ) > > core: removed getVmNetworkInterfaceDao 05/9105/2 master > author Laszlo Hornyak > > > Wed, 7 Nov 2012 14:25:03 +0000 (15:25 +0100) > committer Laszlo Hornyak > > > Thu, 8 Nov 2012 20:01:59 +0000 (21:01 +0100) > commit 2dc9b518099ec1ac3995abf1483f43cdcb6eb2b8 > tree 71f522f4a30dea8871e7d5f95dbd126045aa8135 > > parent 025b98c2a7f7b4a7f4bca417d2dfa95199adfa91 > > > > > > > > On Fri, Nov 9, 2012 at 2:52 PM, Dead Horse < > deadhorseconsulting at gmail.com > wrote: > > > Correct the version I am attempting to upgrade was built from master > on Monday. I just built master from today and attempted to upgrade > the running instance I built from master on Monday. > > > > > > > On Fri, Nov 9, 2012 at 2:49 PM, Alon Bar-Lev < alonbl at redhat.com > > wrote: > > > You wrote version from Monday... > (a665ec3af7b2dd04e80007b1c062868d3e049fce) > Which was before patch was applied. > > > ----- Original Message ----- > > From: "Dead Horse" < deadhorseconsulting at gmail.com > > > > > To: "Alon Bar-Lev" < alonbl at redhat.com > > > Cc: engine-devel at ovirt.org > > Sent: Friday, November 9, 2012 10:42:28 PM > > Subject: Re: [Engine-devel] engine database upgrade failure with > > latest > > > > cloned via git clone http://gerrit.ovirt.org/p/ovirt-engine (so > > master by default) > > current master commit appears to me as: > > commit 2dc9b518099ec1ac3995abf1483f43cdcb6eb2b8 > > > > > > > > On Fri, Nov 9, 2012 at 2:32 PM, Alon Bar-Lev < alonbl at redhat.com > > > wrote: > > > > > > > > Strange... > > > > This[1] patch should have solved this. It is merged to master. > > Are you using master? > > > > [1] http://gerrit.ovirt.org/#/c/8955/ > > > > > > > > ----- Original Message ----- > > > From: "Dead Horse" < deadhorseconsulting at gmail.com > > > > To: engine-devel at ovirt.org > > > Sent: Friday, November 9, 2012 10:28:18 PM > > > Subject: [Engine-devel] engine database upgrade failure with > > > latest > > > > > > > > > I built the latest ovirt-engine from GIT and attempted to > > > upgrade. > > > Version that I attempting to upgrade was built Monday from master > > > (commit: a665ec3af7b2dd04e80007b1c062868d3e049fce). > > > > > > Below is the what was logged by engine-upgrade: > > > 2012-11-09 14:15:54::DEBUG::engine-upgrade::425::root:: DB Update > > > started > > > 2012-11-09 14:15:54::DEBUG::common_utils::390::root:: Executing > > > command --> '/usr/share/ovirt-engine/dbscripts/upgrade.sh -s > > > localhost -p 5432 -u engine -d engine_2012_11_09_14_12_52' > > > 2012-11-09 14:15:58::DEBUG::common_utils::428::root:: output = > > > upgrade script detected a change in Config, View or Stored > > > Procedure... > > > > > > 2012-11-09 14:15:58::DEBUG::common_utils::429::root:: stderr = > > > psql:create_functions.sql:666: ERROR: must be owner of function > > > uuid_generate_v1 > > > > > > 2012-11-09 14:15:58::DEBUG::common_utils::430::root:: retcode = 3 > > > 2012-11-09 14:15:58::ERROR::engine-upgrade::1072::root:: > > > Traceback > > > (most recent call last): > > > File "/usr/bin/engine-upgrade", line 1059, in main > > > runFunc([db.update], MSG_INFO_DB_UPDATE) > > > File "/usr/bin/engine-upgrade", line 607, in runFunc > > > func() > > > File "/usr/bin/engine-upgrade", line 442, in update > > > output, rc = utils.execCmd(cmdList=cmd, failOnError=True, > > > msg=MSG_ERROR_UPDATE_DB) > > > File "/usr/share/ovirt-engine/scripts/common_utils.py", line 433, > > > in > > > execCmd > > > raise Exception(msg) > > > Exception: Error: Database update failed > > > > > > - DHC > > > > > > > > > _______________________________________________ > > > Engine-devel mailing list > > > Engine-devel at ovirt.org > > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > > > > > > > > > > From acathrow at redhat.com Sat Nov 10 19:56:41 2012 From: acathrow at redhat.com (Andrew Cathrow) Date: Sat, 10 Nov 2012 14:56:41 -0500 (EST) Subject: [Engine-devel] SPICE IP override In-Reply-To: <1352477259.24625.15.camel@peecee.hoentjen.eu> Message-ID: <13206606.38.1352546039944.JavaMail.javamailuser@localhost> ----- Original Message ----- > From: "Sander Hoentjen" > To: engine-devel at ovirt.org > Sent: Friday, November 9, 2012 11:07:39 AM > Subject: Re: [Engine-devel] SPICE IP override > > On Wed, 2012-11-07 at 12:40 +0100, David Ja?a wrote: > > Ewoud Kohl van Wijngaarden p??e v St 07. 11. 2012 v 12:08 +0100: > > > On Wed, Nov 07, 2012 at 11:23:27AM +0100, David Ja?a wrote: > > > > Ewoud Kohl van Wijngaarden p??e v St 07. 11. 2012 v 11:16 > > > > +0100: > > > > > On Wed, Nov 07, 2012 at 03:52:14AM -0500, Simon Grinberg > > > > > wrote: > > > > > > ----- Original Message ----- > > > > > > > From: "Michal Skrivanek" > > > > > > > To: engine-devel at ovirt.org > > > > > > > Sent: Tuesday, November 6, 2012 10:39:58 PM > > > > > > > Subject: [Engine-devel] SPICE IP override > > > > > > > > > > > > > > Hi all, > > > > > > > On behalf of Tomas - please check out the proposal for > > > > > > > enhancing our > > > > > > > SPICE integration to allow to return a custom IP/FQDN > > > > > > > instead of the > > > > > > > host IP address. > > > > > > > http://wiki.ovirt.org/wiki/Features/Display_Address_Override > > > > > > > All comments are welcome... > > > > > > > > > > > > My 2 cents, > > > > > > > > > > > > This works under the assumption that all the users are > > > > > > either outside > > > > > > of the organization or inside. > > > > > > But think of some of the following scenarios based on a > > > > > > topology where > > > > > > users in the main office are inside the corporate network > > > > > > while users > > > > > > on remote offices / WAN are on a detached different network > > > > > > on the > > > > > > other side of the NAT / public firewall : > > > > > > > > > > > > With current 'per host override' proposal: > > > > > > 1. Admin from the main office won't be able to access the > > > > > > VM console > > > > > > 2. No Mixed environment, meaning that you have to have > > > > > > designated > > > > > > clusters for remote offices users vs main office users - > > > > > > otherwise > > > > > > connectivity to the console is determined based on > > > > > > scheduler > > > > > > decision, or may break by live migration. > > > > > > 3. Based on #2, If I'm a user travelling between offices > > > > > > I'll have to > > > > > > ask the admin to turn off my VM and move it to internal > > > > > > cluster > > > > > > before I can reconnect > > > > > > > > > > > > My suggestion is to covert this to 'alternative' IP/FQDN > > > > > > sending the > > > > > > spice client both internal fqdn/ip and the alternative. The > > > > > > spice > > > > > > client should detect which is available of the two and > > > > > > auto-connect. > > > > > > > > > > > > This requires enhancement of the spice client, but still > > > > > > solves all > > > > > > the issues raised above (actually it solves about 90% of > > > > > > the use cases > > > > > > I've heard about in the past). > > > > > > > > > > > > Another alternative is for the engine to 'guess' or 'elect' > > > > > > which to > > > > > > use, alternative or main, based on the IP of the client - > > > > > > meaning > > > > > > admin provides the client ranges for providing internal > > > > > > host address > > > > > > vs alternative - but this is more complicated compared for > > > > > > the > > > > > > previous suggestion > > > > > > > > > > > > Thoughts? > > > > > > > > > > I agree with where you're going with this. The story I'd like > > > > > to see > > > > > supported is close to this. We have external customers who > > > > > should know > > > > > nothing about our internal network, but should be able to > > > > > access the > > > > > console of their VMs. Currently we do this with a custom > > > > > frontend which > > > > > uses the API (and is about as old as the RHEV 2.2 API) and a > > > > > TCP proxy, > > > > > but we'd like to move to the standard UI. Currently the > > > > > console > > > > > connection prevents us from doing so. > > > > > > > > You could do that with this proposal, if you: > > > > 1) DNAT some external-facing IPs to your hypervisor display > > > > network IPs > > > > 2) resolve display network FQDN to the DNATing machine IPs for > > > > external > > > > queries. > > > > > > I imagine you need 1 external-facing IP per host, which makes it > > > expensive to scale since IPv4 space is very limited. > > > > That's the cost of quick-to-implement solution. > > > > If it is possible to have per-host display port range, you could > > work > > this limitation around by setting non-overlapping ranges for each > > host > > and use a single proxy or DNAT machine that would decide which port > > to > > forward based on the range. > > I am a colleague of Ewoud, and want to explain a bit more about how > we > currently have implemented this. > All our virtualization hosts, but also the manager only live in the > internal network. We have written a webapplication that is a > self-service portal for our customers. This webapplication lives on a > host that is publicly reachable. This host can also reach the > virtualization servers on the internal network. Now for all actions > except for viewing a console the webhost only needs to access the > api, > so what happens when a user wants to view the console (we currently > use > vnc): > On the webhost we have reserved a number of ports. > Api request is made to get the host/port, and we set the ticket (vnc > password). > We create a tunnel (currently use socat, but can of course also be > DNAT > or any kind of proxy) that connects one of the free ports on the > external webhost to the host/port combo we got back from the api. > This is a very simple implementation, but it works well in our > experience. > > For added points you can make the proxy smarter, things like handling > vm > migrations and maybe adding websockets support for a html5 spice > client ;) > the new remote-viewer client no supports a tunneled connection through a proxy like squid. It's not socks or http it's just a tunneled IP connection but will address a number of issues The plan is to add support for this into 3.2 Aic > Kind regards, > Sander > > > > _______________________________________________ > Engine-devel mailing list > Engine-devel at ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel > From alonbl at redhat.com Sat Nov 10 20:34:22 2012 From: alonbl at redhat.com (Alon Bar-Lev) Date: Sat, 10 Nov 2012 15:34:22 -0500 (EST) Subject: [Engine-devel] ovirt-engine master - no hosts in hosts tab! In-Reply-To: <951497915.8249721.1352579393759.JavaMail.root@redhat.com> Message-ID: <1203573587.8249737.1352579662925.JavaMail.root@redhat.com> Hello, Last working: a665ec3af7b2dd04e80007b1c062868d3e049fce from Mon Nov 5 12:28:23 2012 +0200 Master head: 2dc9b518099ec1ac3995abf1483f43cdcb6eb2b8 from Wed Nov 7 15:25:03 2012 +0100 When adding a new host, host is added to database, bootstrap is running, but hosts tab is empty! Did not find anything that directly relates to this, CCing all committers. Please fix, Alon. From emesika at redhat.com Sat Nov 10 21:00:05 2012 From: emesika at redhat.com (Eli Mesika) Date: Sat, 10 Nov 2012 16:00:05 -0500 (EST) Subject: [Engine-devel] ovirt-engine master - no hosts in hosts tab! In-Reply-To: <1203573587.8249737.1352579662925.JavaMail.root@redhat.com> Message-ID: <389690847.8949081.1352581205133.JavaMail.root@redhat.com> ----- Original Message ----- > From: "Alon Bar-Lev" > To: "engine-devel" > Cc: "Laszlo Hornyak" , "Dhandapani" , "Eli Mesika" , > "Daniel Erez" , "Maor Lipchuk" , "Omer Frenkel" , > "Kanagaraj M" , "Sharad Mishra" , "Vered Volansky" > , "Juan Hernandez" , "Shireesh Anjal" , "Shahar > Havivi" , "Michael Kublin" , "Ravi Nori" , "Alona Kaplan" > , "Michael Pasternak" , "Yair Zaslavsky" , "Allon > Mureinik" > Sent: Saturday, November 10, 2012 10:34:22 PM > Subject: ovirt-engine master - no hosts in hosts tab! > > Hello, > > Last working: > a665ec3af7b2dd04e80007b1c062868d3e049fce from Mon Nov 5 12:28:23 2012 > +0200 > > Master head: > 2dc9b518099ec1ac3995abf1483f43cdcb6eb2b8 from Wed Nov 7 15:25:03 2012 > +0100 > > When adding a new host, host is added to database, bootstrap is > running, but hosts tab is empty! > > Did not find anything that directly relates to this, CCing all > committers. Seems that your database is not updated with recent changes Can you please run the upgrade.sh script on your db ? > > Please fix, > Alon. > From alonbl at redhat.com Sat Nov 10 21:03:13 2012 From: alonbl at redhat.com (Alon Bar-Lev) Date: Sat, 10 Nov 2012 16:03:13 -0500 (EST) Subject: [Engine-devel] ovirt-engine master - no hosts in hosts tab! In-Reply-To: <389690847.8949081.1352581205133.JavaMail.root@redhat.com> Message-ID: <355343361.8249970.1352581393597.JavaMail.root@redhat.com> ----- Original Message ----- > From: "Eli Mesika" > To: "Alon Bar-Lev" > Cc: "Laszlo Hornyak" , "Dhandapani" , "Daniel Erez" , "Maor > Lipchuk" , "Omer Frenkel" , "Kanagaraj M" , "Sharad > Mishra" , "Vered Volansky" , "Juan Hernandez" > , "Shireesh Anjal" , "Shahar Havivi" , "Michael > Kublin" , "Ravi Nori" , "Alona Kaplan" , "Michael > Pasternak" , "Yair Zaslavsky" , "Allon Mureinik" , > "engine-devel" > Sent: Saturday, November 10, 2012 11:00:05 PM > Subject: Re: ovirt-engine master - no hosts in hosts tab! > > > > ----- Original Message ----- > > From: "Alon Bar-Lev" > > To: "engine-devel" > > Cc: "Laszlo Hornyak" , "Dhandapani" > > , "Eli Mesika" , > > "Daniel Erez" , "Maor Lipchuk" > > , "Omer Frenkel" , > > "Kanagaraj M" , "Sharad Mishra" > > , "Vered Volansky" > > , "Juan Hernandez" > > , "Shireesh Anjal" , > > "Shahar > > Havivi" , "Michael Kublin" > > , "Ravi Nori" , "Alona > > Kaplan" > > , "Michael Pasternak" , > > "Yair Zaslavsky" , "Allon > > Mureinik" > > Sent: Saturday, November 10, 2012 10:34:22 PM > > Subject: ovirt-engine master - no hosts in hosts tab! > > > > Hello, > > > > Last working: > > a665ec3af7b2dd04e80007b1c062868d3e049fce from Mon Nov 5 12:28:23 > > 2012 > > +0200 > > > > Master head: > > 2dc9b518099ec1ac3995abf1483f43cdcb6eb2b8 from Wed Nov 7 15:25:03 > > 2012 > > +0100 > > > > When adding a new host, host is added to database, bootstrap is > > running, but hosts tab is empty! > > > > Did not find anything that directly relates to this, CCing all > > committers. > > > Seems that your database is not updated with recent changes > Can you please run the upgrade.sh script on your db ? This is fresh install. > > > > > Please fix, > > Alon. > > > From emesika at redhat.com Sat Nov 10 21:18:39 2012 From: emesika at redhat.com (Eli Mesika) Date: Sat, 10 Nov 2012 16:18:39 -0500 (EST) Subject: [Engine-devel] ovirt-engine master - no hosts in hosts tab! In-Reply-To: <355343361.8249970.1352581393597.JavaMail.root@redhat.com> Message-ID: <2044370054.8951893.1352582319213.JavaMail.root@redhat.com> ----- Original Message ----- > From: "Alon Bar-Lev" > To: "Eli Mesika" > Cc: "Laszlo Hornyak" , "Dhandapani" , "Daniel Erez" , "Maor > Lipchuk" , "Omer Frenkel" , "Kanagaraj M" , "Sharad > Mishra" , "Vered Volansky" , "Juan Hernandez" > , "Shireesh Anjal" , "Shahar Havivi" , "Michael > Kublin" , "Ravi Nori" , "Alona Kaplan" , "Michael > Pasternak" , "Yair Zaslavsky" , "Allon Mureinik" , > "engine-devel" > Sent: Saturday, November 10, 2012 11:03:13 PM > Subject: Re: ovirt-engine master - no hosts in hosts tab! > > > > ----- Original Message ----- > > From: "Eli Mesika" > > To: "Alon Bar-Lev" > > Cc: "Laszlo Hornyak" , "Dhandapani" > > , "Daniel Erez" , "Maor > > Lipchuk" , "Omer Frenkel" > > , "Kanagaraj M" , > > "Sharad > > Mishra" , "Vered Volansky" > > , "Juan Hernandez" > > , "Shireesh Anjal" , > > "Shahar Havivi" , "Michael > > Kublin" , "Ravi Nori" , > > "Alona Kaplan" , "Michael > > Pasternak" , "Yair Zaslavsky" > > , "Allon Mureinik" , > > "engine-devel" > > Sent: Saturday, November 10, 2012 11:00:05 PM > > Subject: Re: ovirt-engine master - no hosts in hosts tab! > > > > > > > > ----- Original Message ----- > > > From: "Alon Bar-Lev" > > > To: "engine-devel" > > > Cc: "Laszlo Hornyak" , "Dhandapani" > > > , "Eli Mesika" , > > > "Daniel Erez" , "Maor Lipchuk" > > > , "Omer Frenkel" , > > > "Kanagaraj M" , "Sharad Mishra" > > > , "Vered Volansky" > > > , "Juan Hernandez" > > > , "Shireesh Anjal" > > > , > > > "Shahar > > > Havivi" , "Michael Kublin" > > > , "Ravi Nori" , "Alona > > > Kaplan" > > > , "Michael Pasternak" , > > > "Yair Zaslavsky" , "Allon > > > Mureinik" > > > Sent: Saturday, November 10, 2012 10:34:22 PM > > > Subject: ovirt-engine master - no hosts in hosts tab! > > > > > > Hello, > > > > > > Last working: > > > a665ec3af7b2dd04e80007b1c062868d3e049fce from Mon Nov 5 12:28:23 > > > 2012 > > > +0200 > > > > > > Master head: > > > 2dc9b518099ec1ac3995abf1483f43cdcb6eb2b8 from Wed Nov 7 15:25:03 > > > 2012 > > > +0100 > > > > > > When adding a new host, host is added to database, bootstrap is > > > running, but hosts tab is empty! > > > > > > Did not find anything that directly relates to this, CCing all > > > committers. > > > > > > Seems that your database is not updated with recent changes > > Can you please run the upgrade.sh script on your db ? > > This is fresh install. We had talked in IRC Agreed to try reproducing tomorrow ... > > > > > > > > > Please fix, > > > Alon. > > > > > > From emesika at redhat.com Sat Nov 10 21:40:29 2012 From: emesika at redhat.com (Eli Mesika) Date: Sat, 10 Nov 2012 16:40:29 -0500 (EST) Subject: [Engine-devel] [Design for 3.2 RFE] Adding support for external events In-Reply-To: <509CC51E.5050604@redhat.com> Message-ID: <1368899630.8953606.1352583629355.JavaMail.root@redhat.com> ----- Original Message ----- > From: "Itamar Heim" > To: "Eli Mesika" > Cc: "engine-devel" , "Einav Cohen" , "Michael Pasternak" > > Sent: Friday, November 9, 2012 10:55:58 AM > Subject: Re: [Engine-devel] [Design for 3.2 RFE] Adding support for external events > > On 11/08/2012 05:17 PM, Eli Mesika wrote: > > Hi > > > > Please review , any comments are welcomed (please note that API > > section is still in TBD) > > > > RFE :https://bugzilla.redhat.com/show_bug.cgi?id=873223 > > Requirements : http://wiki.ovirt.org/wiki/Features/ExternalEvents > > > Events are classified as NORMAL , WARNING or ERROR and UI will > > display different icon according to that. > any reason to not allow external ALERTs? Currently we are using ALERTS only for PM events, do we have to allow displaying external Alerts in the Alerts TAB as well??? > > > Detailed Design > > :http://wiki.ovirt.org/wiki/Features/Design/DetailedExternalEvents > > > Adding is_external boolean field to audit_log with a default value > > of false > > hmmm, i'm not sure it makes sense to inject any event, just flagging > it > as external. > why not just add a new AuditLogType of 'External' (i.e., just another > event id? > it is easy enough to search for it, etc. We are adding not one AuditLogType rather , it will be 3 or 4 (depends on we support also Alerts) The additional is_external is defaulted to false , so , existing code is not influenced I think that in the search it will be simpler to refer to is_external rather to the 3 or 4 specific types Also , cleanup of old external events should use this column > > > New command is exposed currently only to SuperUser > > I assume you mean there is a new permission, which by default is > added > only to superuser role, and admin can add it to other custom roles? > I also assume this is only relevant to admin users, not to user > roles? Yes > > other questions: > 1. worth detailing all fields of the event which could be passed to > this. Currently only the severity and the message text as stated in the doc. > 2. can an admin add events to entities they don't have permissions on > (I'm guessing yes, since admins aren't filtered from seeing all > entities, so implicitly, they have permission to all entities) > otherwise (if intent is to limit permisisons), an event is an action > on > multiple entities, so for any field which is passed for the event > (vm_id, (vds)host_id, etc.), you'd need to check admin has > 'AddExternalEvent' permission on. > > the main reason i think doing permissions may hold merit is it will > allow to give this permission by default in more roles, rather than > only > for superuser, which may make it more viable for UI plugins that > would > try to leverage this. I am missing here something, it should be an external event, i.e. additional command invoked by any plug-in What is the relation to current events ? > > 3. REST API modeling for adding an event (is that a PUT on the event > collection, a POST)? > can it be done only on root events collection, or on events of > entities > as well (taking the entity id from url, rather than as a parameter), > etc. > Again, the only info I have from the requirement is to support an additional command. The command invoker is responsible for the event text It seems that you are talking about invoking our events from external plug-ins as well From iheim at redhat.com Sun Nov 11 07:10:32 2012 From: iheim at redhat.com (Itamar Heim) Date: Sun, 11 Nov 2012 09:10:32 +0200 Subject: [Engine-devel] [Design for 3.2 RFE] Adding support for external events In-Reply-To: <1368899630.8953606.1352583629355.JavaMail.root@redhat.com> References: <1368899630.8953606.1352583629355.JavaMail.root@redhat.com> Message-ID: <509F4F68.1060409@redhat.com> On 11/10/2012 11:40 PM, Eli Mesika wrote: > > > ----- Original Message ----- >> From: "Itamar Heim" >> To: "Eli Mesika" >> Cc: "engine-devel" , "Einav Cohen" , "Michael Pasternak" >> >> Sent: Friday, November 9, 2012 10:55:58 AM >> Subject: Re: [Engine-devel] [Design for 3.2 RFE] Adding support for external events >> >> On 11/08/2012 05:17 PM, Eli Mesika wrote: >>> Hi >>> >>> Please review , any comments are welcomed (please note that API >>> section is still in TBD) >>> >>> RFE :https://bugzilla.redhat.com/show_bug.cgi?id=873223 >>> Requirements : http://wiki.ovirt.org/wiki/Features/ExternalEvents >> >>> Events are classified as NORMAL , WARNING or ERROR and UI will >>> display different icon according to that. >> any reason to not allow external ALERTs? > > Currently we are using ALERTS only for PM events, do we have to allow displaying external Alerts in the Alerts TAB as well??? not a must, just asking. if an external system wants to inject an event the temperature of a host is critical, its sounds more like an 'alert' to me than 'error'. > >> >>> Detailed Design >>> :http://wiki.ovirt.org/wiki/Features/Design/DetailedExternalEvents >> >>> Adding is_external boolean field to audit_log with a default value >>> of false >> >> hmmm, i'm not sure it makes sense to inject any event, just flagging >> it >> as external. >> why not just add a new AuditLogType of 'External' (i.e., just another >> event id? >> it is easy enough to search for it, etc. > > We are adding not one AuditLogType rather , it will be 3 or 4 (depends on we support also Alerts) can't we separate the severity from the event id? why are the two tightly coupled? > The additional is_external is defaulted to false , so , existing code is not influenced > I think that in the search it will be simpler to refer to is_external rather to the 3 or 4 specific types > Also , cleanup of old external events should use this column why should cleanup be different for internal and external events? > > >> >>> New command is exposed currently only to SuperUser >> >> I assume you mean there is a new permission, which by default is >> added >> only to superuser role, and admin can add it to other custom roles? >> I also assume this is only relevant to admin users, not to user >> roles? > > Yes > >> >> other questions: >> 1. worth detailing all fields of the event which could be passed to >> this. > > Currently only the severity and the message text as stated in the doc. I don't think this is good enough. idea is to be able to inject events as they relate to entities (host,storage,vm,etc.) > >> 2. can an admin add events to entities they don't have permissions on >> (I'm guessing yes, since admins aren't filtered from seeing all >> entities, so implicitly, they have permission to all entities) >> otherwise (if intent is to limit permisisons), an event is an action >> on >> multiple entities, so for any field which is passed for the event >> (vm_id, (vds)host_id, etc.), you'd need to check admin has >> 'AddExternalEvent' permission on. >> >> the main reason i think doing permissions may hold merit is it will >> allow to give this permission by default in more roles, rather than >> only >> for superuser, which may make it more viable for UI plugins that >> would >> try to leverage this. > > > I am missing here something, it should be an external event, i.e. additional command invoked by any plug-in > What is the relation to current events ? to current entities, not current events. since the external events are about entities... > >> >> 3. REST API modeling for adding an event (is that a PUT on the event >> collection, a POST)? >> can it be done only on root events collection, or on events of >> entities >> as well (taking the entity id from url, rather than as a parameter), >> etc. >> > > Again, the only info I have from the requirement is to support an additional command. > The command invoker is responsible for the event text my question was about the REST modeling of this new command (especially as it is relevant only to the REST API, not to the UI). not sure what you mean by 'event text' here. > It seems that you are talking about invoking our events from external plug-ins as well well, anything external. in any case they would be using the REST API for this. From ykaul at redhat.com Sun Nov 11 07:50:41 2012 From: ykaul at redhat.com (Yaniv Kaul) Date: Sun, 11 Nov 2012 09:50:41 +0200 Subject: [Engine-devel] [Design for 3.2 RFE] Adding support for external events In-Reply-To: <1368899630.8953606.1352583629355.JavaMail.root@redhat.com> References: <1368899630.8953606.1352583629355.JavaMail.root@redhat.com> Message-ID: <509F58D1.6070300@redhat.com> On 11/10/2012 11:40 PM, Eli Mesika wrote: > > ----- Original Message ----- >> From: "Itamar Heim" >> To: "Eli Mesika" >> Cc: "engine-devel" , "Einav Cohen" , "Michael Pasternak" >> >> Sent: Friday, November 9, 2012 10:55:58 AM >> Subject: Re: [Engine-devel] [Design for 3.2 RFE] Adding support for external events >> >> On 11/08/2012 05:17 PM, Eli Mesika wrote: >>> Hi >>> >>> Please review , any comments are welcomed (please note that API >>> section is still in TBD) >>> >>> RFE :https://bugzilla.redhat.com/show_bug.cgi?id=873223 >>> Requirements : http://wiki.ovirt.org/wiki/Features/ExternalEvents >>> Events are classified as NORMAL , WARNING or ERROR and UI will >>> display different icon according to that. >> any reason to not allow external ALERTs? > Currently we are using ALERTS only for PM events, do we have to allow displaying external Alerts in the Alerts TAB as well??? > >>> Detailed Design >>> :http://wiki.ovirt.org/wiki/Features/Design/DetailedExternalEvents >>> Adding is_external boolean field to audit_log with a default value >>> of false >> hmmm, i'm not sure it makes sense to inject any event, just flagging >> it >> as external. >> why not just add a new AuditLogType of 'External' (i.e., just another >> event id? >> it is easy enough to search for it, etc. > We are adding not one AuditLogType rather , it will be 3 or 4 (depends on we support also Alerts) > The additional is_external is defaulted to false , so , existing code is not influenced > I think that in the search it will be simpler to refer to is_external rather to the 3 or 4 specific types > Also , cleanup of old external events should use this column > > >>> New command is exposed currently only to SuperUser >> I assume you mean there is a new permission, which by default is >> added >> only to superuser role, and admin can add it to other custom roles? >> I also assume this is only relevant to admin users, not to user >> roles? > Yes What's the protection against LDAP injection, SQL injection, Javascript injection ... ? How do we sanitize the input of the event? Regardless, what about localization? Can the plugin know in which language it should inject the event? Y. > >> other questions: >> 1. worth detailing all fields of the event which could be passed to >> this. > Currently only the severity and the message text as stated in the doc. > >> 2. can an admin add events to entities they don't have permissions on >> (I'm guessing yes, since admins aren't filtered from seeing all >> entities, so implicitly, they have permission to all entities) >> otherwise (if intent is to limit permisisons), an event is an action >> on >> multiple entities, so for any field which is passed for the event >> (vm_id, (vds)host_id, etc.), you'd need to check admin has >> 'AddExternalEvent' permission on. >> >> the main reason i think doing permissions may hold merit is it will >> allow to give this permission by default in more roles, rather than >> only >> for superuser, which may make it more viable for UI plugins that >> would >> try to leverage this. > > I am missing here something, it should be an external event, i.e. additional command invoked by any plug-in > What is the relation to current events ? > >> 3. REST API modeling for adding an event (is that a PUT on the event >> collection, a POST)? >> can it be done only on root events collection, or on events of >> entities >> as well (taking the entity id from url, rather than as a parameter), >> etc. >> > Again, the only info I have from the requirement is to support an additional command. > The command invoker is responsible for the event text > It seems that you are talking about invoking our events from external plug-ins as well > > > _______________________________________________ > Engine-devel mailing list > Engine-devel at ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel From iheim at redhat.com Sun Nov 11 08:06:19 2012 From: iheim at redhat.com (Itamar Heim) Date: Sun, 11 Nov 2012 10:06:19 +0200 Subject: [Engine-devel] [Design for 3.2 RFE] Adding support for external events In-Reply-To: <509F58D1.6070300@redhat.com> References: <1368899630.8953606.1352583629355.JavaMail.root@redhat.com> <509F58D1.6070300@redhat.com> Message-ID: <509F5C7B.2030801@redhat.com> On 11/11/2012 09:50 AM, Yaniv Kaul wrote: > On 11/10/2012 11:40 PM, Eli Mesika wrote: >> >> ----- Original Message ----- >>> From: "Itamar Heim" >>> To: "Eli Mesika" >>> Cc: "engine-devel" , "Einav Cohen" >>> , "Michael Pasternak" >>> >>> Sent: Friday, November 9, 2012 10:55:58 AM >>> Subject: Re: [Engine-devel] [Design for 3.2 RFE] Adding support for >>> external events >>> >>> On 11/08/2012 05:17 PM, Eli Mesika wrote: >>>> Hi >>>> >>>> Please review , any comments are welcomed (please note that API >>>> section is still in TBD) >>>> >>>> RFE :https://bugzilla.redhat.com/show_bug.cgi?id=873223 >>>> Requirements : http://wiki.ovirt.org/wiki/Features/ExternalEvents >>>> Events are classified as NORMAL , WARNING or ERROR and UI will >>>> display different icon according to that. >>> any reason to not allow external ALERTs? >> Currently we are using ALERTS only for PM events, do we have to allow >> displaying external Alerts in the Alerts TAB as well??? >> >>>> Detailed Design >>>> :http://wiki.ovirt.org/wiki/Features/Design/DetailedExternalEvents >>>> Adding is_external boolean field to audit_log with a default value >>>> of false >>> hmmm, i'm not sure it makes sense to inject any event, just flagging >>> it >>> as external. >>> why not just add a new AuditLogType of 'External' (i.e., just another >>> event id? >>> it is easy enough to search for it, etc. >> We are adding not one AuditLogType rather , it will be 3 or 4 (depends >> on we support also Alerts) >> The additional is_external is defaulted to false , so , existing code >> is not influenced >> I think that in the search it will be simpler to refer to is_external >> rather to the 3 or 4 specific types >> Also , cleanup of old external events should use this column >> >> >>>> New command is exposed currently only to SuperUser >>> I assume you mean there is a new permission, which by default is >>> added >>> only to superuser role, and admin can add it to other custom roles? >>> I also assume this is only relevant to admin users, not to user >>> roles? >> Yes > > What's the protection against LDAP injection, SQL injection, Javascript > injection ... ? > How do we sanitize the input of the event? > > Regardless, what about localization? Can the plugin know in which > language it should inject the event? audit log is not localized at this point. From ykaul at redhat.com Sun Nov 11 09:45:34 2012 From: ykaul at redhat.com (Yaniv Kaul) Date: Sun, 11 Nov 2012 11:45:34 +0200 Subject: [Engine-devel] SPICE IP override In-Reply-To: <1197121097.6204891.1352278334446.JavaMail.root@redhat.com> References: <1197121097.6204891.1352278334446.JavaMail.root@redhat.com> Message-ID: <509F73BE.4020301@redhat.com> On 11/07/2012 10:52 AM, Simon Grinberg wrote: > > ----- Original Message ----- >> From: "Michal Skrivanek" >> To: engine-devel at ovirt.org >> Sent: Tuesday, November 6, 2012 10:39:58 PM >> Subject: [Engine-devel] SPICE IP override >> >> Hi all, >> On behalf of Tomas - please check out the proposal for enhancing our >> SPICE integration to allow to return a custom IP/FQDN instead of the >> host IP address. >> http://wiki.ovirt.org/wiki/Features/Display_Address_Override >> All comments are welcome... > My 2 cents, > > This works under the assumption that all the users are either outside of the organization or inside. > But think of some of the following scenarios based on a topology where users in the main office are inside the corporate network while users on remote offices / WAN are on a detached different network on the other side of the NAT / public firewall : > > With current 'per host override' proposal: > 1. Admin from the main office won't be able to access the VM console > 2. No Mixed environment, meaning that you have to have designated clusters for remote offices users vs main office users - otherwise connectivity to the console is determined based on scheduler decision, or may break by live migration. > 3. Based on #2, If I'm a user travelling between offices I'll have to ask the admin to turn off my VM and move it to internal cluster before I can reconnect > > My suggestion is to covert this to 'alternative' IP/FQDN sending the spice client both internal fqdn/ip and the alternative. The spice client should detect which is available of the two and auto-connect. > > This requires enhancement of the spice client, but still solves all the issues raised above (actually it solves about 90% of the use cases I've heard about in the past). > > Another alternative is for the engine to 'guess' or 'elect' which to use, alternative or main, based on the IP of the client - meaning admin provides the client ranges for providing internal host address vs alternative - but this is more complicated compared for the previous suggestion > > Thoughts? Lets not re-invent the wheel. This problem has been pondered before and solved[1], for all scenarios: internal clients connecting to internal resources; internal clients connecting to external resources, without the need for any intermediate assistance external clients connecting to internal resources, with the need for intermediate assistance. VPN clients connecting to internal resources, with or without an internal IP. Any other solution you'll try to come up with will bring you back to this standard, well known (along with its faults) method. The browser client will use PAC to determine how to connect to the hosts and will deliver this to the client. It's also a good path towards real proxy support for Spice. (Regardless, we still need to deal with the Spice protocol's migration command of course). [1] http://en.wikipedia.org/wiki/Proxy_auto-config > > > Simon. > >> Thanks, >> michal >> >> _______________________________________________ >> Engine-devel mailing list >> Engine-devel at ovirt.org >> http://lists.ovirt.org/mailman/listinfo/engine-devel >> > _______________________________________________ > Engine-devel mailing list > Engine-devel at ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel -------------- next part -------------- An HTML attachment was scrubbed... URL: From emesika at redhat.com Sun Nov 11 11:18:53 2012 From: emesika at redhat.com (Eli Mesika) Date: Sun, 11 Nov 2012 06:18:53 -0500 (EST) Subject: [Engine-devel] [Design for 3.2 RFE] Improving proxy selection algorithm for Power Management operations In-Reply-To: <1357032386.8570374.1352455565925.JavaMail.root@redhat.com> Message-ID: <1008746778.9047332.1352632733372.JavaMail.root@redhat.com> ----- Original Message ----- > From: "Eli Mesika" > To: "Itamar Heim" > Cc: "engine-devel" > Sent: Friday, November 9, 2012 12:06:05 PM > Subject: Re: [Engine-devel] [Design for 3.2 RFE] Improving proxy selection algorithm for Power Management operations > > > > ----- Original Message ----- > > From: "Itamar Heim" > > To: "Eli Mesika" > > Cc: "engine-devel" , "Michael Pasternak" > > , "Simon Grinberg" > > , "Dan Kenigsberg" > > Sent: Friday, November 9, 2012 12:02:37 PM > > Subject: Re: [Engine-devel] [Design for 3.2 RFE] Improving proxy > > selection algorithm for Power Management operations > > > > On 11/09/2012 10:52 AM, Eli Mesika wrote: > > > > >> > > > >> > > FenceWrapper > > >> > > > >> >i understand danken suggested going this way, rather than than > > >> >another > > >> >instance of vdsm. > > >> >is vdsm only calling these scripts today and all logic is in > > >> >engine, > > >> >or > > >> >does vdsm has any logic in wrapping these scripts (not a > > >> >blocker > > >> >to > > >> >doing FenceWrapper, just worth extracting that logic from vdsm > > >> >to > > >> >such a > > >> >script, then using it in both. i hope answer is 'no logic'...) > > > vdsm has some logic that maps between the call passed to it from > > > engine and the actual parameters generated for the script. > > > AFAIK, this logic only "builds" the correct arguments for the > > > command according to the agent type > > > > > > > can we extract it to an external wrapper? > > I'd hate to fix bugs/changes twice for this. > > I'll check it with danken on SUN Well, looked at it a bit , the VDSM code is in fenceNote function in API.py What I think is that we can exclude the fenceNote implementation to a separate fence.py file and call it from the API.py Then we can use one of the following in Java to call the method from fence.py 1) jython 2) org.python.util.PythonInterpreter See http://stackoverflow.com/questions/8898765/calling-python-in-java danken, what do you think ? > > > > _______________________________________________ > Engine-devel mailing list > Engine-devel at ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel > From danken at redhat.com Sun Nov 11 11:27:59 2012 From: danken at redhat.com (Dan Kenigsberg) Date: Sun, 11 Nov 2012 13:27:59 +0200 Subject: [Engine-devel] [Design for 3.2 RFE] Improving proxy selection algorithm for Power Management operations In-Reply-To: <1357032386.8570374.1352455565925.JavaMail.root@redhat.com> References: <509CD4BD.4010606@redhat.com> <1357032386.8570374.1352455565925.JavaMail.root@redhat.com> Message-ID: <20121111112759.GQ28849@redhat.com> On Fri, Nov 09, 2012 at 05:06:05AM -0500, Eli Mesika wrote: > > > ----- Original Message ----- > > From: "Itamar Heim" > > To: "Eli Mesika" > > Cc: "engine-devel" , "Michael Pasternak" , "Simon Grinberg" > > , "Dan Kenigsberg" > > Sent: Friday, November 9, 2012 12:02:37 PM > > Subject: Re: [Engine-devel] [Design for 3.2 RFE] Improving proxy selection algorithm for Power Management operations > > > > On 11/09/2012 10:52 AM, Eli Mesika wrote: > > > > >> > > > >> > > FenceWrapper > > >> > > > >> >i understand danken suggested going this way, rather than than > > >> >another > > >> >instance of vdsm. > > >> >is vdsm only calling these scripts today and all logic is in > > >> >engine, > > >> >or > > >> >does vdsm has any logic in wrapping these scripts (not a blocker > > >> >to > > >> >doing FenceWrapper, just worth extracting that logic from vdsm to > > >> >such a > > >> >script, then using it in both. i hope answer is 'no logic'...) > > > vdsm has some logic that maps between the call passed to it from > > > engine and the actual parameters generated for the script. > > > AFAIK, this logic only "builds" the correct arguments for the > > > command according to the agent type > > > > > > > can we extract it to an external wrapper? > > I'd hate to fix bugs/changes twice for this. > > I'll check it with danken on SUN Saggi has had a nascent attempt to factor the little logic we have out http://gerrit.ovirt.org/#/c/7190/7/vdsm/API.py AFAIR there's nothing there beyond: - log everything but passwords, - build the input stream, - run the script - convert its return code and there's also killing dormant scripts on vdsm exist (which I find not important at all). Dan. From iheim at redhat.com Sun Nov 11 11:44:50 2012 From: iheim at redhat.com (Itamar Heim) Date: Sun, 11 Nov 2012 13:44:50 +0200 Subject: [Engine-devel] [Design for 3.2 RFE] Improving proxy selection algorithm for Power Management operations In-Reply-To: <20121111112759.GQ28849@redhat.com> References: <509CD4BD.4010606@redhat.com> <1357032386.8570374.1352455565925.JavaMail.root@redhat.com> <20121111112759.GQ28849@redhat.com> Message-ID: <509F8FB2.9050601@redhat.com> On 11/11/2012 01:27 PM, Dan Kenigsberg wrote: > On Fri, Nov 09, 2012 at 05:06:05AM -0500, Eli Mesika wrote: >> >> >> ----- Original Message ----- >>> From: "Itamar Heim" >>> To: "Eli Mesika" >>> Cc: "engine-devel" , "Michael Pasternak" , "Simon Grinberg" >>> , "Dan Kenigsberg" >>> Sent: Friday, November 9, 2012 12:02:37 PM >>> Subject: Re: [Engine-devel] [Design for 3.2 RFE] Improving proxy selection algorithm for Power Management operations >>> >>> On 11/09/2012 10:52 AM, Eli Mesika wrote: >>> >>>>>> >>>>>> > FenceWrapper >>>>>> >>>>>> i understand danken suggested going this way, rather than than >>>>>> another >>>>>> instance of vdsm. >>>>>> is vdsm only calling these scripts today and all logic is in >>>>>> engine, >>>>>> or >>>>>> does vdsm has any logic in wrapping these scripts (not a blocker >>>>>> to >>>>>> doing FenceWrapper, just worth extracting that logic from vdsm to >>>>>> such a >>>>>> script, then using it in both. i hope answer is 'no logic'...) >>>> vdsm has some logic that maps between the call passed to it from >>>> engine and the actual parameters generated for the script. >>>> AFAIK, this logic only "builds" the correct arguments for the >>>> command according to the agent type >>>> >>> >>> can we extract it to an external wrapper? >>> I'd hate to fix bugs/changes twice for this. >> >> I'll check it with danken on SUN > > Saggi has had a nascent attempt to factor the little logic we have out > http://gerrit.ovirt.org/#/c/7190/7/vdsm/API.py > AFAIR there's nothing there beyond: > - log everything but passwords, > - build the input stream, > - run the script > - convert its return code > and there's also killing dormant scripts on vdsm exist (which I find not > important at all). if the wrapping isn't doing anything but calling the scripts, then doing it again from java isn't an issue. it's only an issue if there is any business logic in the wrapping. From iheim at redhat.com Sun Nov 11 11:45:53 2012 From: iheim at redhat.com (Itamar Heim) Date: Sun, 11 Nov 2012 13:45:53 +0200 Subject: [Engine-devel] [Design for 3.2 RFE] Improving proxy selection algorithm for Power Management operations In-Reply-To: <1008746778.9047332.1352632733372.JavaMail.root@redhat.com> References: <1008746778.9047332.1352632733372.JavaMail.root@redhat.com> Message-ID: <509F8FF1.7080906@redhat.com> On 11/11/2012 01:18 PM, Eli Mesika wrote: > > > ----- Original Message ----- >> From: "Eli Mesika" >> To: "Itamar Heim" >> Cc: "engine-devel" >> Sent: Friday, November 9, 2012 12:06:05 PM >> Subject: Re: [Engine-devel] [Design for 3.2 RFE] Improving proxy selection algorithm for Power Management operations >> >> >> >> ----- Original Message ----- >>> From: "Itamar Heim" >>> To: "Eli Mesika" >>> Cc: "engine-devel" , "Michael Pasternak" >>> , "Simon Grinberg" >>> , "Dan Kenigsberg" >>> Sent: Friday, November 9, 2012 12:02:37 PM >>> Subject: Re: [Engine-devel] [Design for 3.2 RFE] Improving proxy >>> selection algorithm for Power Management operations >>> >>> On 11/09/2012 10:52 AM, Eli Mesika wrote: >>> >>>>>> >>>>>> > FenceWrapper >>>>>> >>>>>> i understand danken suggested going this way, rather than than >>>>>> another >>>>>> instance of vdsm. >>>>>> is vdsm only calling these scripts today and all logic is in >>>>>> engine, >>>>>> or >>>>>> does vdsm has any logic in wrapping these scripts (not a >>>>>> blocker >>>>>> to >>>>>> doing FenceWrapper, just worth extracting that logic from vdsm >>>>>> to >>>>>> such a >>>>>> script, then using it in both. i hope answer is 'no logic'...) >>>> vdsm has some logic that maps between the call passed to it from >>>> engine and the actual parameters generated for the script. >>>> AFAIK, this logic only "builds" the correct arguments for the >>>> command according to the agent type >>>> >>> >>> can we extract it to an external wrapper? >>> I'd hate to fix bugs/changes twice for this. >> >> I'll check it with danken on SUN > > Well, looked at it a bit , the VDSM code is in fenceNote function in API.py > What I think is that we can exclude the fenceNote implementation to a separate fence.py file and call it from the API.py > Then we can use one of the following in Java to call the method from fence.py > 1) jython > 2) org.python.util.PythonInterpreter > > See http://stackoverflow.com/questions/8898765/calling-python-in-java if this is JNI, i think it won't fly for engine. JNA may be viable. or just shell launch > > danken, what do you think ? > >> >>> >> _______________________________________________ >> Engine-devel mailing list >> Engine-devel at ovirt.org >> http://lists.ovirt.org/mailman/listinfo/engine-devel >> From shaharh at redhat.com Sun Nov 11 11:59:36 2012 From: shaharh at redhat.com (Shahar Havivi) Date: Sun, 11 Nov 2012 13:59:36 +0200 Subject: [Engine-devel] ovirt-engine master - no hosts in hosts tab! In-Reply-To: <2044370054.8951893.1352582319213.JavaMail.root@redhat.com> References: <355343361.8249970.1352581393597.JavaMail.root@redhat.com> <2044370054.8951893.1352582319213.JavaMail.root@redhat.com> Message-ID: <20121111115935.GA24929@redhat.com> On 10.11.12 16:18, Eli Mesika wrote: > > > ----- Original Message ----- > > From: "Alon Bar-Lev" > > To: "Eli Mesika" > > Cc: "Laszlo Hornyak" , "Dhandapani" , "Daniel Erez" , "Maor > > Lipchuk" , "Omer Frenkel" , "Kanagaraj M" , "Sharad > > Mishra" , "Vered Volansky" , "Juan Hernandez" > > , "Shireesh Anjal" , "Shahar Havivi" , "Michael > > Kublin"