[Users] tool engine-manage-domains

victor nunes victor.rebli at gmail.com
Wed Dec 5 19:14:49 EST 2012


Hello,

I'm going to do all these tests, but a question.

I need to configure Kerberos on the server LDAP?

Att,

2012/12/4 Yair Zaslavsky <yzaslavs at redhat.com>

> Hi,
> Several things -
> a. I think logging at this point should be improved
> b. Since the log is not informative enough, please try the following:
> 1. Check that  your credentials are correct
> 2. Check you have no clock skew issue (the time difference between the
> machine running manage-domains and your ldap server should be less or equal
> to 5 minutes).
> 3. Connection refused so there is some connectivity issue -
> please query your ldap SRV records for the domain (IMHO dig SRV _ldap._tcp.
> viperde.com.br should do the trick)
> please try to connect to these ldap servers manually -
>
> For example, if the returned host from the dig SRV query is
> aaa.viperde.com.br
>
> perform:
> telnet aaa.viperde.com.br 389
>
> Turns out that I did not have telnet installed on my fc17 machine -
> I used yum install telnet to install it.
>
> Kind regards,
>
> Yair
>
>
> ------------------------------
>
> *From: *"victor nunes" <victor.rebli at gmail.com>
> *To: *"Itamar Heim" <iheim at redhat.com>
> *Cc: *"Yair Zaslavsky" <yzaslavs at redhat.com>, users at ovirt.org
> *Sent: *Tuesday, December 4, 2012 3:28:56 AM
> *Subject: *Re: [Users] tool engine-manage-domains
>
>
> Thanks for the reply.
>
> I do not have another machine to the power configuar FreeIPA.
>
> I have a machine, I do not have access, which is an LDAP server installed
> on it.
> I configured a machine that is oVirt-manage as ldap client, I configured
> the dns, but in time to include the domain happens the following error:
>
> Error: exception message: Connection refused
> Failure while testing domain viprede.com.br. Details: Kerberos error.
> Please check log for further Top details.
>
> in the logs, I have the following lines:
>
> 03/12/2012 20:25:26,390 INFO
> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos
> configuration for domain (s): viprede.com.br
> 03/12/2012 20:25:26,422 INFO
> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created
> kerberos configuration for domain (s): viprede.com.br
> 03/12/2012 20:25:26,422 INFO
> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos
> configuration for domain: viprede.com.br.
>
> So what could be this error?
>
> 2012/11/29 Itamar Heim <iheim at redhat.com>
>
>> On 11/29/2012 05:58 AM, victor nunes wrote:
>>
>>>
>>>
>>> 2012/11/29 Yair Zaslavsky <yzaslavs at redhat.com <mailto:
>>> yzaslavs at redhat.com>>
>>>
>>>
>>>     Hi,
>>>     Can you redirect your question to users at ovirt.org
>>>     <mailto:users at ovirt.org>?
>>>
>>>     I think others will help you to forward your question to relevant
>>>     people here (not sure I can provide a good answer).
>>>
>>>
>>>
>>>     On 11/29/2012 03:26 AM, victor nunes wrote:
>>>
>>>         So I'm trying to install FreeIPA on the same machine that
>>>         oVirt-manage,
>>>         but at the time of installation, the following error occurs:
>>>
>>>         FreeIPA-server conflicts with 1: mod_ssl-2.2.22-4.fc17.x86_64
>>>
>>>
>>>         Looking for a solution to the problem, I discovered that this is
>>>         a bug
>>>         reported by others.
>>>
>>>         Follow the link to the bug reported:
>>>         https://bugzilla.redhat.com/__**show_bug.cgi?id=840098<https://bugzilla.redhat.com/__show_bug.cgi?id=840098>
>>>
>>>         <https://bugzilla.redhat.com/**show_bug.cgi?id=840098<https://bugzilla.redhat.com/show_bug.cgi?id=840098>
>>> >
>>>
>>>         Then, using oo FreeIPA not be possible, which otherwise I have
>>>         to add
>>>         new domains and users?
>>>
>>>         Em 8 de novembro de 2012 02:41, Yair Zaslavsky
>>>         <yzaslavs at redhat.com <mailto:yzaslavs at redhat.com>
>>>         <mailto:yzaslavs at redhat.com <mailto:yzaslavs at redhat.com>>>
>>> escreveu:
>>>
>>>
>>>
>>>              Hi,
>>>              You cannot create new users for the internal domain.
>>>              The internal domain was developed for quick POC, just to
>>>         allow login
>>>              to the system without the need for ldap provider.
>>>              I recommend you install some ldap server (i.e - free IPA)
>>>         and try to
>>>              work with it.
>>>
>>>
>>>
>>>              On 11/08/2012 01:08 AM, victor nunes wrote:
>>>
>>>                  Sorry.
>>>
>>>                  Att,
>>>
>>>                  2012/11/7 victor nunes <victor.rebli at gmail.com
>>>         <mailto:victor.rebli at gmail.com**>
>>>                  <mailto:victor.rebli at gmail.com
>>>         <mailto:victor.rebli at gmail.com**>__>
>>>                  <mailto:victor.rebli at gmail.com
>>>         <mailto:victor.rebli at gmail.com**> <mailto:victor.rebli at gmail.com
>>>         <mailto:victor.rebli at gmail.com**>__>__>>
>>>
>>>
>>>
>>>
>>>                       Thanks for the reply.
>>>
>>>                       As the command "engine-manage-domains" works with
>>>         ldap, how
>>>                  can I
>>>                       create another user in the field "internal", and
>>> user
>>>                  "admin" that
>>>                       is created when you installed the engine-setup?
>>>
>>>                       2012/11/4 Yair Zaslavsky <yzaslavs at redhat.com
>>>         <mailto:yzaslavs at redhat.com>
>>>                  <mailto:yzaslavs at redhat.com <mailto:yzaslavs at redhat.com
>>> >>
>>>                       <mailto:yzaslavs at redhat.com
>>>         <mailto:yzaslavs at redhat.com> <mailto:yzaslavs at redhat.com
>>>         <mailto:yzaslavs at redhat.com>>>**>
>>>
>>>
>>>
>>>                           Hi,
>>>                           The specified tool handle only ldap domains,
>>>         and not the
>>>                           internal domain.
>>>                           What would you like to change at the internal
>>>         domain?
>>>                           I suggest you try to use engine-config for
>>> this.
>>>
>>>
>>>
>>>
>>>         ------------------------------**____--------------------------**
>>> --__--__------------
>>>
>>>
>>>
>>>                               *From: *"victor nunes"
>>>         <victor.rebli at gmail.com <mailto:victor.rebli at gmail.com**>
>>>                  <mailto:victor.rebli at gmail.com
>>>         <mailto:victor.rebli at gmail.com**>__>
>>>                               <mailto:victor.rebli at gmail.com
>>>         <mailto:victor.rebli at gmail.com**>
>>>                  <mailto:victor.rebli at gmail.com
>>>         <mailto:victor.rebli at gmail.com**>__>__>>
>>>
>>>                               *To: *users at ovirt.org
>>>         <mailto:users at ovirt.org> <mailto:users at ovirt.org
>>>         <mailto:users at ovirt.org>>
>>>                  <mailto:users at ovirt.org <mailto:users at ovirt.org>
>>>         <mailto:users at ovirt.org <mailto:users at ovirt.org>>>
>>>
>>>                               *Sent: *Sunday, November 4, 2012 12:18:55
>>> AM
>>>                               *Subject: *[Users] tool
>>> engine-manage-domains
>>>
>>>
>>>
>>>                               I'm trying to change the default domain,
>>> the
>>>                  "internal" with
>>>                               the following command:
>>>
>>>                               engine-manage-domains -action=edit
>>>         -domain=internal
>>>
>>>                               However, i am getting the following
>>> message:
>>>
>>>                               "Domain internal doesn't exist int the
>>>         configuration"
>>>
>>>                               This is my domain admin user that is
>>>         configured in the
>>>                               installation ovirt-setup.
>>>
>>>                               So, how can i fix it to include a user in
>>>         this domain?
>>>
>>>
>>>                               Att,
>>>
>>>
>>>
>>>
>>>                               --
>>>                               “Encarada do ponto de vista da juventude,
>>>         a vida
>>>                  parece um
>>>                               futuro
>>>                               indefinidamente longo, ao passo que, na
>>>         velhice,
>>>                  ela parece
>>>                               um passado
>>>                               deveras curto. Assim, a vida no seu início
>>> se
>>>                  apresenta do
>>>                               mesmo modo
>>>                               que as coisas quando as olhamos através de
>>> um
>>>                  binóculo usado
>>>                               ao contrário; mas, ao
>>>                               seu final, ela se parece com as coisas
>>>           tal qual
>>>                  são vistas
>>>                               quando o binóculo
>>>                               é usado de modo normal. Um homem precisa
>>> ter
>>>                  envelhecido e
>>>                               vivido
>>>                               bastante para perceber como a vida é
>>> curta”.
>>>
>>>                                         (Poema de Arthur Schopenhauer)
>>>
>>>
>>>           ______________________________**_____________________
>>>
>>>                               Users mailing list
>>>         Users at ovirt.org <mailto:Users at ovirt.org> <mailto:Users at ovirt.org
>>>          <mailto:Users at ovirt.org>> <mailto:Users at ovirt.org
>>>         <mailto:Users at ovirt.org>
>>>                  <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>>
>>>
>>>         http://lists.ovirt.org/____**mailman/listinfo/users<http://lists.ovirt.org/____mailman/listinfo/users>
>>>         <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
>>> >
>>>
>>>
>>>                  <http://lists.ovirt.org/__**mailman/listinfo/users<http://lists.ovirt.org/__mailman/listinfo/users>
>>>         <http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
>>> >>
>>>
>>>
>>>
>>>
>>>
>>>                       --
>>>                       “Encarada do ponto de vista da juventude, a vida
>>>         parece um
>>>                  futuro
>>>                       indefinidamente longo, ao passo que, na velhice,
>>>         ela parece
>>>                  um passado
>>>                       deveras curto. Assim, a vida no seu início se
>>>         apresenta do
>>>                  mesmo modo
>>>                       que as coisas quando as olhamos através de um
>>>         binóculo usado ao
>>>                       contrário; mas, ao
>>>                       seu final, ela se parece com as coisas  tal qual
>>>         são vistas
>>>                  quando o
>>>                       binóculo
>>>                       é usado de modo normal. Um homem precisa ter
>>>         envelhecido e
>>>                  vivido
>>>                       bastante para perceber como a vida é curta”.
>>>
>>>                                 (Poema de Arthur Schopenhauer)
>>>
>>>
>>>
>>>
>>>                  --
>>>                  “Encarada do ponto de vista da juventude, a vida parece
>>>         um futuro
>>>                  indefinidamente longo, ao passo que, na velhice, ela
>>>         parece um
>>>                  passado
>>>                  deveras curto. Assim, a vida no seu início se apresenta
>>>         do mesmo
>>>                  modo
>>>                  que as coisas quando as olhamos através de um binóculo
>>>         usado ao
>>>                  contrário; mas, ao
>>>                  seu final, ela se parece com as coisas  tal qual são
>>>         vistas quando o
>>>                  binóculo
>>>                  é usado de modo normal. Um homem precisa ter
>>>         envelhecido e vivido
>>>                  bastante para perceber como a vida é curta”.
>>>
>>>                             (Poema de Arthur Schopenhauer)
>>>
>>>
>>>
>>>
>>>         --
>>>         “Encarada do ponto de vista da juventude, a vida parece um futuro
>>>         indefinidamente longo, ao passo que, na velhice, ela parece um
>>>         passado
>>>         deveras curto. Assim, a vida no seu início se apresenta do mesmo
>>>         modo
>>>         que as coisas quando as olhamos através de um binóculo usado ao
>>>         contrário; mas, ao
>>>         seu final, ela se parece com as coisas  tal qual são vistas
>>> quando o
>>>         binóculo
>>>         é usado de modo normal. Um homem precisa ter envelhecido e vivido
>>>         bastante para perceber como a vida é curta”.
>>>
>>>                    (Poema de Arthur Schopenhauer)
>>>
>>>
>>>
>>>
>>> --
>>> “Encarada do ponto de vista da juventude, a vida parece um futuro
>>> indefinidamente longo, ao passo que, na velhice, ela parece um passado
>>> deveras curto. Assim, a vida no seu início se apresenta do mesmo modo
>>> que as coisas quando as olhamos através de um binóculo usado ao
>>> contrário; mas, ao
>>> seu final, ela se parece com as coisas  tal qual são vistas quando o
>>> binóculo
>>> é usado de modo normal. Um homem precisa ter envelhecido e vivido
>>> bastante para perceber como a vida é curta”.
>>>
>>>           (Poema de Arthur Schopenhauer)
>>>
>>>
>>> ______________________________**_________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org/mailman/listinfo/users>
>>>
>>>
>> there are three issues with installing freeipa on same machine as ovirt:
>> 1. the mod_ssl, which is solvable, but requires some work on our side.
>> 2. we faced some upgrade issues around this use case, though non are
>> relevant right now iirc.
>> 3. freeipa will override the default apache homepage redirection ovirt
>> placed.
>>
>> have you considered running freeipa in a guest? you can still use
>> admin at internal for issues with that guest if needed.
>>
>
>
>
> --
> “Encarada do ponto de vista da juventude, a vida parece um futuro
> indefinidamente longo, ao passo que, na velhice, ela parece um passado
> deveras curto. Assim, a vida no seu início se apresenta do mesmo modo
> que as coisas quando as olhamos através de um binóculo usado ao contrário;
> mas, ao
> seu final, ela se parece com as coisas  tal qual são vistas quando o
> binóculo
> é usado de modo normal. Um homem precisa ter envelhecido e vivido
> bastante para perceber como a vida é curta”.
>
>          (Poema de Arthur Schopenhauer)
>
>
>


-- 
“Encarada do ponto de vista da juventude, a vida parece um futuro
indefinidamente longo, ao passo que, na velhice, ela parece um passado
deveras curto. Assim, a vida no seu início se apresenta do mesmo modo
que as coisas quando as olhamos através de um binóculo usado ao contrário;
mas, ao
seu final, ela se parece com as coisas  tal qual são vistas quando o
binóculo
é usado de modo normal. Um homem precisa ter envelhecido e vivido
bastante para perceber como a vida é curta”.

         (Poema de Arthur Schopenhauer)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20121205/19d614b7/attachment-0002.html>


More information about the Users mailing list