[Users-pt] oVirt 3.4 + Ipa Server
Amador Pahim
apahim at redhat.com
Fri Oct 10 12:38:15 UTC 2014
Parece que aqui na users-pt ninguém tem muita experiência com oVirt+IPA.
Espero que tenhas mais sorte na users. Se ninguém ajudar, abre um
bugzilla que algum devel vai ter que olhar pra esse problema. Seria
legal tb se você pudesse testar com o 3.5rc5 pra ver se o problema persiste.
On 10/10/2014 09:07 AM, Marcelo Donato wrote:
> Olá,
>
> Estou tendo problemas para utilizar oVirt com IPA.
> Abaixo se encontram os Logs e comandos utilizados.
> Desde já agradeço por alguma sugestão.
>
>
> *********************************************************************
> Ipa Server - 10.30.0.25
> LSB Version:
> :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
> Distributor ID: CentOS
> Description: CentOS release 6.5 (Final)
> Release: 6.5
> Codename: Final
> # rpm -qa | grep ipa
> ipa-server-3.0.0-37.el6.x86_64
> ipa-pki-ca-theme-9.0.3-7.el6.noarch
> ipa-python-3.0.0-37.el6.x86_64
> ipa-pki-common-theme-9.0.3-7.el6.noarch
> ipa-admintools-3.0.0-37.el6.x86_64
> ipa-server-selinux-3.0.0-37.el6.x86_64
> ipa-client-3.0.0-37.el6.x86_64
>
>
> # dig _kerberos._tcp.din.uem.br <http://tcp.din.uem.br>
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>>
> _kerberos._tcp.din.uem.br <http://tcp.din.uem.br>
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34293
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;_kerberos._tcp.din.uem.br <http://tcp.din.uem.br>.INA
>
> ;; AUTHORITY SECTION:
> din.uem.br <http://din.uem.br>.3600INSOAns1.din.uem.br
> <http://ns1.din.uem.br>. root.din.uem.br <http://root.din.uem.br>.
> 2014100841 1800 900 60480 3600
>
> ;; Query time: 1 msec
> ;; SERVER: 186.233.152.33#53(186.233.152.33)
> ;; WHEN: Thu Oct 9 14:19:05 2014
> ;; MSG SIZE rcvd: 88
>
>
>
>
> # dig _ldap._tcp.din.uem.br <http://tcp.din.uem.br>
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>>
> _ldap._tcp.din.uem.br <http://tcp.din.uem.br>
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21167
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;_ldap._tcp.din.uem.br <http://tcp.din.uem.br>.INA
>
> ;; AUTHORITY SECTION:
> din.uem.br <http://din.uem.br>.3600INSOAns1.din.uem.br
> <http://ns1.din.uem.br>. root.din.uem.br <http://root.din.uem.br>.
> 2014100841 1800 900 60480 3600
>
> ;; Query time: 1 msec
> ;; SERVER: 186.233.152.33#53(186.233.152.33)
> ;; WHEN: Thu Oct 9 14:20:16 2014
> ;; MSG SIZE rcvd: 84
>
>
> /var/log/dirsrv/slapd-DIN-UEM-BR/access
> -------------------------------------------------------------------------------------------------------------------------
> conn=3 op=210 SRCH base="dc=din,dc=uem,dc=br" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=admin at DIN.UEM.BR
> <mailto:admin at DIN.UEM.BR>))" attrs="krbPrincipalName krbCanonicalName
> ipaKrbPrincipalAlias krbUPEnabled k
> conn=3 op=210 RESULT err=0 tag=101 nentries=1 etime=0
> conn=3 op=211 SRCH base="cn=DIN.UEM.BR
> <http://DIN.UEM.BR>,cn=kerberos,dc=din,dc=uem,dc=br" scope=0
> filter="(objectClass=krbticketpolicyaux)" attrs="krbMaxTicketLife
> krbMaxRenewableAge krbTicketFlags"
> conn=3 op=211 RESULT err=0 tag=101 nentries=1 etime=0
> conn=3 op=212 SRCH base="dc=din,dc=uem,dc=br" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/DIN.UEM.BR at DIN.UEM.BR
> <mailto:DIN.UEM.BR at DIN.UEM.BR>)(krbPrincipalName=krbtgt/DIN.UEM
> conn=3 op=212 RESULT err=0 tag=101 nentries=1 etime=0
> conn=3 op=213 SRCH base="cn=global_policy,cn=DIN.UEM.BR
> <http://DIN.UEM.BR>,cn=kerberos,dc=din,dc=uem,dc=br" scope=0
> filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
> krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength
> krbPwdMaxFailure krbPwdF
> conn=3 op=213 RESULT err=0 tag=101 nentries=1 etime=0
> conn=50 fd=66 slot=66 connection from 10.30.0.23 to 10.30.0.25
> conn=50 op=-1 fd=66 closed error 34 (Numerical result out of range) - B2
>
>
> /var/log/ovirt-engine/engine-manage-domains.log
> -------------------------------------------------------------------------------------------------------------------------
> 2014-10-09 11:23:05,901 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Loaded file
> "/usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.conf".
> 2014-10-09 11:23:05,903 INFO
> [org.ovirt.engine.core.utils.LocalConfig] The file
> "/etc/ovirt-engine/engine.conf" doesn't exist or isn't readable. Will
> return an empty set of properties.
> 2014-10-09 11:23:05,904 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Loaded file
> "/etc/ovirt-engine/engine.conf.d/10-setup-database.conf".
> 2014-10-09 11:23:05,905 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Loaded file
> "/etc/ovirt-engine/engine.conf.d/10-setup-jboss.conf".
> 2014-10-09 11:23:05,906 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Loaded file
> "/etc/ovirt-engine/engine.conf.d/10-setup-pki.conf".
> 2014-10-09 11:23:05,907 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Loaded file
> "/etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf".
> 2014-10-09 11:23:05,908 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Loaded file
> "/etc/ovirt-engine/engine.conf.d/20-ovirt-engine-reports.conf".
> 2014-10-09 11:23:05,909 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_AJP_ENABLED" is "true".
> 2014-10-09 11:23:05,909 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_AJP_PORT" is "8702".
> 2014-10-09 11:23:05,909 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_APPS" is "engine.ear
> "/var/lib/ovirt-engine-reports/ovirt-engine-reports.war"".
> 2014-10-09 11:23:05,910 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_CACHE" is "/var/cache/ovirt-engine".
> 2014-10-09 11:23:05,910 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_DB_CHECK_INTERVAL" is "1000".
> 2014-10-09 11:23:05,910 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_DB_CONNECTION_TIMEOUT" is "300000".
> 2014-10-09 11:23:05,910 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_DB_DATABASE" is "engine".
> 2014-10-09 11:23:05,910 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_DB_DRIVER" is "org.postgresql.Driver".
> 2014-10-09 11:23:05,910 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_DB_HOST" is "localhost".
> 2014-10-09 11:23:05,910 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_DB_MAX_CONNECTIONS" is "100".
> 2014-10-09 11:23:05,910 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_DB_MIN_CONNECTIONS" is "1".
> 2014-10-09 11:23:05,911 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_DB_PASSWORD" is "***".
> 2014-10-09 11:23:05,911 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_DB_PORT" is "5432".
> 2014-10-09 11:23:05,911 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_DB_SECURED" is "False".
> 2014-10-09 11:23:05,911 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_DB_SECURED_VALIDATION" is "False".
> 2014-10-09 11:23:05,911 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_DB_URL" is
> "jdbc:postgresql://localhost:5432/engine?sslfactory=org.postgresql.ssl.NonValidatingFactory".
> 2014-10-09 11:23:05,911 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_DB_USER" is "engine".
> 2014-10-09 11:23:05,912 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_DEBUG_ADDRESS" is "".
> 2014-10-09 11:23:05,912 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_DOC" is "/usr/share/doc/ovirt-engine".
> 2014-10-09 11:23:05,912 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_ETC" is "/etc/ovirt-engine".
> 2014-10-09 11:23:05,912 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_FQDN" is "ovirtm.din.uem.br <http://ovirtm.din.uem.br>".
> 2014-10-09 11:23:05,912 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_GROUP" is "ovirt".
> 2014-10-09 11:23:05,912 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_HEAP_MAX" is "1g".
> 2014-10-09 11:23:05,913 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_HEAP_MIN" is "1g".
> 2014-10-09 11:23:05,913 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_HTTPS_ENABLED" is "false".
> 2014-10-09 11:23:05,913 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_HTTPS_PORT" is "None".
> 2014-10-09 11:23:05,913 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_HTTPS_PROTOCOLS" is "SSLv3,TLSv1,TLSv1.1,TLSv1.2".
> 2014-10-09 11:23:05,913 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_HTTP_ENABLED" is "false".
> 2014-10-09 11:23:05,913 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_HTTP_PORT" is "None".
> 2014-10-09 11:23:05,914 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_JAVA_MODULEPATH" is
> "/usr/share/ovirt-engine/modules:/var/lib/ovirt-engine-reports/modules".
> 2014-10-09 11:23:05,914 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_JVM_ARGS" is " -XX:+HeapDumpOnOutOfMemoryError
> -XX:HeapDumpPath="/var/log/ovirt-engine/dump"".
> 2014-10-09 11:23:05,914 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_LOG" is "/var/log/ovirt-engine".
> 2014-10-09 11:23:05,914 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_LOG_TO_CONSOLE" is "false".
> 2014-10-09 11:23:05,914 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_MANUAL" is "/usr/share/ovirt-engine/manual".
> 2014-10-09 11:23:05,914 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_PERM_MAX" is "256m".
> 2014-10-09 11:23:05,914 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_PERM_MIN" is "256m".
> 2014-10-09 11:23:05,915 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_PKI" is "/etc/pki/ovirt-engine".
> 2014-10-09 11:23:05,915 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_PKI_CA" is "/etc/pki/ovirt-engine/ca.pem".
> 2014-10-09 11:23:05,915 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_PKI_ENGINE_CERT" is "/etc/pki/ovirt-engine/certs/engine.cer".
> 2014-10-09 11:23:05,915 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_PKI_ENGINE_STORE" is "/etc/pki/ovirt-engine/keys/engine.p12".
> 2014-10-09 11:23:05,915 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_PKI_ENGINE_STORE_ALIAS" is "1".
> 2014-10-09 11:23:05,915 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_PKI_ENGINE_STORE_PASSWORD" is "***".
> 2014-10-09 11:23:05,915 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_PKI_TRUST_STORE" is "/etc/pki/ovirt-engine/.truststore".
> 2014-10-09 11:23:05,915 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_PKI_TRUST_STORE_PASSWORD" is "***".
> 2014-10-09 11:23:05,916 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_PROPERTIES" is " jsse.enableSNIExtension=false".
> 2014-10-09 11:23:05,916 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_PROXY_ENABLED" is "true".
> 2014-10-09 11:23:05,916 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_PROXY_HTTPS_PORT" is "443".
> 2014-10-09 11:23:05,916 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_PROXY_HTTP_PORT" is "80".
> 2014-10-09 11:23:05,916 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_REPORTS_UI" is "/var/lib/ovirt-engine/reports.xml".
> 2014-10-09 11:23:05,916 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_STOP_INTERVAL" is "1".
> 2014-10-09 11:23:05,916 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_STOP_TIME" is "10".
> 2014-10-09 11:23:05,916 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_TMP" is "/var/tmp/ovirt-engine".
> 2014-10-09 11:23:05,917 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_UP_MARK" is "/var/lib/ovirt-engine/engine.up".
> 2014-10-09 11:23:05,917 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_URI" is "/ovirt-engine".
> 2014-10-09 11:23:05,917 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_USER" is "ovirt".
> 2014-10-09 11:23:05,917 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_USR" is "/usr/share/ovirt-engine".
> 2014-10-09 11:23:05,917 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_VAR" is "/var/lib/ovirt-engine".
> 2014-10-09 11:23:05,917 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "ENGINE_VERBOSE_GC" is "false".
> 2014-10-09 11:23:05,917 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "JBOSS_HOME" is "/usr/share/jboss-as".
> 2014-10-09 11:23:05,917 INFO
> [org.ovirt.engine.core.utils.LocalConfig] Value of property
> "SENSITIVE_KEYS" is
> ",ENGINE_DB_PASSWORD,ENGINE_PKI_TRUST_STORE_PASSWORD,ENGINE_PKI_ENGINE_STORE_PASSWORD".
> 2014-10-09 11:23:39,328 INFO
> [org.ovirt.engine.core.domains.ManageDomains] Creating kerberos
> configuration for domain(s): din.uem.br <http://din.uem.br>
> 2014-10-09 11:23:39,357 INFO
> [org.ovirt.engine.core.domains.ManageDomains] Successfully created
> kerberos configuration for domain(s): din.uem.br <http://din.uem.br>
> 2014-10-09 11:23:39,357 INFO
> [org.ovirt.engine.core.domains.ManageDomains] Testing kerberos
> configuration for domain: din.uem.br <http://din.uem.br>
> 2014-10-09 11:23:39,572 ERROR
> [org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck] Error:
> exception message: Cannot get a KDC reply
> 2014-10-09 11:23:39,577 ERROR
> [org.ovirt.engine.core.domains.ManageDomains] Failure while testing
> domain din.uem.br <http://din.uem.br>. Details: Kerberos error. Please
> check log for further details.
> *********************************************************************
> oVirt Manager - 10.30.0.23
> LSB Version:
> :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
> Distributor ID: CentOS
> Description: CentOS release 6.5 (Final)
> Release: 6.5
> Codename: Final
>
>
> # rpm -qa | grep -i ovirt
>
> ovirt-engine-dwh-setup-3.4.0-2.el6.noarch
> ovirt-engine-dwh-3.4.0-2.el6.noarch
> ovirt-hosted-engine-ha-1.1.2-1.el6.noarch
> ovirt-engine-setup-plugin-websocket-proxy-3.4.0-1.el6.noarch
> ovirt-engine-cli-3.4.0.5-1.el6.noarch
> ovirt-engine-restapi-3.4.0-1.el6.noarch
> ovirt-engine-dbscripts-3.4.0-1.el6.noarch
> ovirt-release-11.2.0-1.noarch
> ovirt-engine-sdk-python-3.4.0.7-1.el6.noarch
> ovirt-host-deploy-1.2.0-1.el6.noarch
> ovirt-engine-reports-setup-3.4.0-2.el6.noarch
> ovirt-engine-lib-3.4.0-1.el6.noarch
> ovirt-engine-websocket-proxy-3.4.0-1.el6.noarch
> ovirt-log-collector-3.4.1-1.el6.noarch
> ovirt-engine-setup-plugin-ovirt-engine-common-3.4.0-1.el6.noarch
> ovirt-host-deploy-java-1.2.0-1.el6.noarch
> ovirt-engine-tools-3.4.0-1.el6.noarch
> ovirt-engine-userportal-3.4.0-1.el6.noarch
> ovirt-engine-setup-plugin-ovirt-engine-3.4.0-1.el6.noarch
> ovirt-engine-backend-3.4.0-1.el6.noarch
> ovirt-engine-reports-3.4.0-2.el6.noarch
> ovirt-engine-setup-base-3.4.0-1.el6.noarch
> ovirt-iso-uploader-3.4.0-1.el6.noarch
> ovirt-image-uploader-3.4.0-1.el6.noarch
> ovirt-engine-webadmin-portal-3.4.0-1.el6.noarch
> ovirt-engine-setup-3.4.0-1.el6.noarch
> ovirt-engine-3.4.0-1.el6.noarch
>
>
> engine-manage-domains add --domain=din.uem.br <http://din.uem.br>
> --provider=ipa --user=admin
> Enter password:
> Error: exception message: Cannot get a KDC reply
> Failure while testing domain din.uem.br <http://din.uem.br>. Details:
> Kerberos error. Please check log for further details.
>
>
> At. Donato.
>
>
>
>
> --
> Ao encaminhar esta mensagem, por favor:
> 1. Apague o meu e-mail e o meu nome.
> 2. Apague também os endereços dos amigos antes de reenviar
> 3. Use Cco ou Bcc para enviar mensagens!
> Dificulte a disseminação de vírus e spam.
>
>
> _______________________________________________
> Users-pt mailing list
> Users-pt at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users-pt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users-pt/attachments/20141010/9dded4d4/attachment.html>
More information about the Users-pt
mailing list