[Users] engine-manage-domains can't add user , domain

Tue May 22 05:34:12 UTC 2012

----- Original Message -----
> From: "T-Sinjon" <tscbj1989 at gmail.com>
> To: "Roy Golan" <rgolan at redhat.com>
> Cc: "Oved Ourfalli" <ovedo at redhat.com>, users at ovirt.org
> Sent: Tuesday, May 22, 2012 5:33:06 AM
> Subject: Re: [Users] engine-manage-domains can't add user , domain
> 
> HI, Roy
> 
> I have update my engine to newest use ' rpm -Uvh ' -
> 
> I used rpms from
> http://jenkins.ovirt.org/view/ovirt_engine/job/ovirt_engine_create_rpms/
>  .
> 
> [root at ovirt-engine ~]# rpm -qa | grep ovirt-engine
> ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64
> ovirt-engine-config-3.1.0_0001-1.8.fc16.x86_64
> ovirt-engine-log-collector-3.1.0_0001-1.8.fc16.x86_64
> ovirt-engine-3.1.0_0001-1.8.fc16.x86_64
> ovirt-engine-image-uploader-3.1.0_0001-1.8.fc16.x86_64
> ovirt-engine-restapi-3.1.0_0001-1.8.fc16.x86_64
> ovirt-engine-sdk-1.3-1.fc16.noarch
> ovirt-engine-tools-common-3.1.0_0001-1.8.fc16.x86_64
> ovirt-engine-backend-3.1.0_0001-1.8.fc16.x86_64
> ovirt-engine-jbossas-1.2-2.fc16.x86_64
> ovirt-engine-iso-uploader-3.1.0_0001-1.8.fc16.x86_64
> ovirt-engine-setup-3.1.0_0001-1.8.fc16.x86_64
> ovirt-engine-userportal-3.1.0_0001-1.8.fc16.x86_64
> ovirt-engine-jboss-deps-3.1.0_0001-1.8.fc16.x86_64
> ovirt-engine-webadmin-portal-3.1.0_0001-1.8.fc16.x86_64
> ovirt-engine-genericapi-3.1.0_0001-1.8.fc16.x86_64
> ovirt-engine-notification-service-3.1.0_0001-1.8.fc16.x86_64
> 
> and now I add domain again , it still have error and there's no log
> can find from engine-manage-domains.log, what should i do now ?
> 
> [root at ovirt-engine ~]# engine-manage-domains -action=add
> -domain=local -user=admin -provider=IPA -interactive
> Failed reading current configuration. Details: Error "Error fetching
> LDAPProviderTypes value: no such entry with version 'general'."
> while reading configuration value LDAPProviderTypes.
> 
Looks like your database isn't updated.
I'm not sure whether a database upgrade is run automatically when you update the RPMs, but according to the error you get it is probably isn't.

In the RPM ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 you should have an upgrade script.
(use rpm -qil on ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 to find out where it is, as I'm not sure exactly where it's installed).

Run it using the command" ./upgrade.sh -u postgres
It will upgrade your database.

Oved
> On 15 May, 2012, at 5:10 PM, Roy Golan wrote:
> 
> > On 05/15/2012 08:48 AM, Yair Zaslavsky wrote:
> >> On 05/15/2012 08:35 AM, Oved Ourfalli wrote:
> >>> 
> >>> ----- Original Message -----
> >>>> From: "T-Sinjon"<tscbj1989 at gmail.com>
> >>>> To: "Oved Ourfalli"<ovedo at redhat.com>
> >>>> Cc: users at ovirt.org
> >>>> Sent: Tuesday, May 15, 2012 5:53:16 AM
> >>>> Subject: Re: [Users] engine-manage-domains can't add user ,
> >>>> domain
> >>>> 
> >>>> after use kinit login tsinjon ,  the error changes to , why this
> >>>> happened?
> >>>> 
> >>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
> >>>> -domain='local' -user='tsinjon' -interactive
> >>>> Enter password:
> >>>> 
> >>>> No user in Directory was found for tsinjon at LOCAL. Trying next
> >>>> LDAP
> >>>> server in list
> >>>> Failure while testing domain local. Details: No user information
> >>>> was
> >>>> found for user
> >>>> 
> >>> Can't see why kinit matters here, but looking at your command I
> >>> noticed you used single quotes for the user and domain name.
> >>> I'm not sure it knows to handle this correctly.
> >>> Did you try without the quotes?
> >>> 
> >>> Also, what version are you working with?
> >>> We had a problem a few weeks ago, of identifying the correct ldap
> >>> provider. To fix that we added an option to specify the ldap
> >>> provider type. It determines which query will be used in order
> >>> to get the user details.
> >>> 
> >>> cc-ing Roy, which added this. iirc it is mandatory to provide
> >>> this option, so you probably don't have this option in your
> >>> environment.
> >>> Roy - is there an upstream release with this fix?
> >> Oved - this was merged upstream.
> >> T-Sinjon - have you cloned the git repo and compiled or are you
> >> using RPMs?
> > T-Sinjon - once your updated you'll be able to specify the which
> > type is your LDAP server and overcome this problem.
> > 
> > e.g.
> > engine-manage-domains -action=add -domain='local' -provider=ipa
> > -user='tsinjon' -interactive
> > 
> > 
> >> 
> >> 
> >>> Regards,
> >>> Oved
> >>>> On 15 May, 2012, at 10:47 AM, T-Sinjon wrote:
> >>>> 
> >>>>> I have added those SRV info into my zone file , and it did go ,
> >>>>>  the log looks fine , but engine-manage-domains still return
> >>>>>  error
> >>>>> 
> >>>>> 2012-05-15 10:45:19,222 INFO
> >>>>>  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating
> >>>>> kerberos configuration for domain(s): local
> >>>>> 2012-05-15 10:45:19,258 INFO
> >>>>>  [org.ovirt.engine.core.utils.kerberos.ManageDomains]
> >>>>>  Successfully
> >>>>> created kerberos configuration for domain(s): local
> >>>>> 2012-05-15 10:45:19,259 INFO
> >>>>>  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing
> >>>>> kerberos configuration for domain: local
> >>>>> 
> >>>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
> >>>>> -domain='local' -user='tsinjon' -interactive
> >>>>> Enter password:
> >>>>> 
> >>>>> Error:  exception message: Integrity check on decrypted field
> >>>>> failed (31) - PREAUTH_FAILED
> >>>>> Failure while testing domain local. Details: Kerberos error.
> >>>>> Please
> >>>>> check log for further details.
> >>>>> 
> >>>>> 
> >>>>> On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote:
> >>>>> 
> >>>>>> 
> >>>>>> ----- Original Message -----
> >>>>>>> From: "T-Sinjon"<tscbj1989 at gmail.com>
> >>>>>>> To: users at ovirt.org
> >>>>>>> Sent: Monday, May 14, 2012 5:07:46 PM
> >>>>>>> Subject: [Users] engine-manage-domains can't add user ,
> >>>>>>> domain
> >>>>>>> 
> >>>>>>> 
> >>>>>>> I use FreeIPA to authenticate users,  ipa user-add has no
> >>>>>>> problem,
> >>>>>>> but when i do :
> >>>>>>> 
> >>>>>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
> >>>>>>> -domain='local' -user='tsinjon' -interactive
> >>>>>>> 
> >>>>>>> Error: Authentication Failed. Please verify the fully
> >>>>>>> qualified
> >>>>>>> domain name that is used for authentication is correct..
> >>>>>>> Problematic
> >>>>>>> domain is: local
> >>>>>>> Failure while applying Kerberos configuration. Details:
> >>>>>>> Authentication Failed. Please verify the fully qualified
> >>>>>>> domain
> >>>>>>> name
> >>>>>>> that is used for authentication is correct.
> >>>>>>> 
> >>>>>>> and log from engine-manage-domains.log :
> >>>>>>> 
> >>>>>>> 2012-05-14 21:58:47,892 INFO
> >>>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating
> >>>>>>> kerberos configuration for domain(s): local
> >>>>>>> 2012-05-14 21:58:47,923 ERROR
> >>>>>>> [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting
> >>>>>>> SRV
> >>>>>>> list
> >>>>>>> for protocol _tcp and domain LOCAL Exception message is DNS
> >>>>>>> name
> >>>>>>> not
> >>>>>>> found [response code 3]
> >>>>>>> 
> >>>>>>> my domain is 'local'   , like ovirt-engine.local
> >>>>>>> 、ovirt-node-1.local
> >>>>>>> …etc
> >>>>>>> 
> >>>>>>> What can i do to get through it?
> >>>>>>> 
> >>>>>> The utility (and also the ovirt engine) are relying on DNS SRV
> >>>>>> records in order to find LDAP and kerberos servers (supporting
> >>>>>> Active directory, IPA or RHDS).
> >>>>>> So, in order to work with it you must have the following in
> >>>>>> the
> >>>>>> DNS
> >>>>>> 1. PTR record for your LDAP server
> >>>>>> 2. LDAP SRV record for your LDAP server
> >>>>>> 3. LDAP kerberos record for your LDAP server
> >>>>>> 
> >>>>>> If you don't really have access to the DNS you can install a
> >>>>>> package called "dnsmasq", and perform this changes by yourself
> >>>>>> in
> >>>>>> its config file.
> >>>>>> 
> >>>>>> Oved
> >>>>>>> _______________________________________________
> >>>>>>> Users mailing list
> >>>>>>> Users at ovirt.org
> >>>>>>> http://lists.ovirt.org/mailman/listinfo/users
> >>>>>>> 
> >>>> 
> >>> _______________________________________________
> >>> Users mailing list
> >>> Users at ovirt.org
> >>> http://lists.ovirt.org/mailman/listinfo/users
> > 
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 