[Users] engine-manage-domains can't add user , domain

T-Sinjon tscbj1989 at gmail.com
Tue May 22 07:38:23 UTC 2012 

Thk Roy,it did help me ! when i update my database then engine-manage-domain goes fine!

I really prefer to attach the log ,but  there has no such file /var/log/ovirt-engine/ovirt-engine-upgrade.log

[root at ovirt-engine ~]# ls -ld  /var/log/ovirt-engine/ovirt-engine-upgrade.log
ls: cannot access /var/log/ovirt-engine/ovirt-engine-upgrade.log: No such file or directory
[root at ovirt-engine ~]# find /var/log/ -iname "*upgrade*"
nothing..

Anything else can i help?

On 22 May, 2012, at 3:04 PM, Roy Golan wrote:

> On 05/22/2012 08:34 AM, Oved Ourfalli wrote:
>> 
>> ----- Original Message -----
>>> From: "T-Sinjon"<tscbj1989 at gmail.com>
>>> To: "Roy Golan"<rgolan at redhat.com>
>>> Cc: "Oved Ourfalli"<ovedo at redhat.com>, users at ovirt.org
>>> Sent: Tuesday, May 22, 2012 5:33:06 AM
>>> Subject: Re: [Users] engine-manage-domains can't add user , domain
>>> 
>>> HI, Roy
>>> 
>>> I have update my engine to newest use ' rpm -Uvh ' -
>>> 
>>> I used rpms from
>>> http://jenkins.ovirt.org/view/ovirt_engine/job/ovirt_engine_create_rpms/
>>>  .
>>> 
>>> [root at ovirt-engine ~]# rpm -qa | grep ovirt-engine
>>> ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64
>>> ovirt-engine-config-3.1.0_0001-1.8.fc16.x86_64
>>> ovirt-engine-log-collector-3.1.0_0001-1.8.fc16.x86_64
>>> ovirt-engine-3.1.0_0001-1.8.fc16.x86_64
>>> ovirt-engine-image-uploader-3.1.0_0001-1.8.fc16.x86_64
>>> ovirt-engine-restapi-3.1.0_0001-1.8.fc16.x86_64
>>> ovirt-engine-sdk-1.3-1.fc16.noarch
>>> ovirt-engine-tools-common-3.1.0_0001-1.8.fc16.x86_64
>>> ovirt-engine-backend-3.1.0_0001-1.8.fc16.x86_64
>>> ovirt-engine-jbossas-1.2-2.fc16.x86_64
>>> ovirt-engine-iso-uploader-3.1.0_0001-1.8.fc16.x86_64
>>> ovirt-engine-setup-3.1.0_0001-1.8.fc16.x86_64
>>> ovirt-engine-userportal-3.1.0_0001-1.8.fc16.x86_64
>>> ovirt-engine-jboss-deps-3.1.0_0001-1.8.fc16.x86_64
>>> ovirt-engine-webadmin-portal-3.1.0_0001-1.8.fc16.x86_64
>>> ovirt-engine-genericapi-3.1.0_0001-1.8.fc16.x86_64
>>> ovirt-engine-notification-service-3.1.0_0001-1.8.fc16.x86_64
>>> 
>>> and now I add domain again , it still have error and there's no log
>>> can find from engine-manage-domains.log, what should i do now ?
>>> 
>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
>>> -domain=local -user=admin -provider=IPA -interactive
>>> Failed reading current configuration. Details: Error "Error fetching
>>> LDAPProviderTypes value: no such entry with version 'general'."
>>> while reading configuration value LDAPProviderTypes.
>>> 
>> Looks like your database isn't updated.
>> I'm not sure whether a database upgrade is run automatically when you update the RPMs, but according to the error you get it is probably isn't.
> if rpm -Uvh didn't fire the upgrade script its a bug.
> pls attach /var/log/ovirt-engine/ovirt-engine-upgrade.log to see if something went wrong
>> In the RPM ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 you should have an upgrade script.
>> (use rpm -qil on ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 to find out where it is, as I'm not sure exactly where it's installed).
>> 
>> Run it using the command" ./upgrade.sh -u postgres
>> It will upgrade your database.
>> 
>> Oved
>>> On 15 May, 2012, at 5:10 PM, Roy Golan wrote:
>>> 
>>>> On 05/15/2012 08:48 AM, Yair Zaslavsky wrote:
>>>>> On 05/15/2012 08:35 AM, Oved Ourfalli wrote:
>>>>>> ----- Original Message -----
>>>>>>> From: "T-Sinjon"<tscbj1989 at gmail.com>
>>>>>>> To: "Oved Ourfalli"<ovedo at redhat.com>
>>>>>>> Cc: users at ovirt.org
>>>>>>> Sent: Tuesday, May 15, 2012 5:53:16 AM
>>>>>>> Subject: Re: [Users] engine-manage-domains can't add user ,
>>>>>>> domain
>>>>>>> 
>>>>>>> after use kinit login tsinjon ,  the error changes to , why this
>>>>>>> happened?
>>>>>>> 
>>>>>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
>>>>>>> -domain='local' -user='tsinjon' -interactive
>>>>>>> Enter password:
>>>>>>> 
>>>>>>> No user in Directory was found for tsinjon at LOCAL. Trying next
>>>>>>> LDAP
>>>>>>> server in list
>>>>>>> Failure while testing domain local. Details: No user information
>>>>>>> was
>>>>>>> found for user
>>>>>>> 
>>>>>> Can't see why kinit matters here, but looking at your command I
>>>>>> noticed you used single quotes for the user and domain name.
>>>>>> I'm not sure it knows to handle this correctly.
>>>>>> Did you try without the quotes?
>>>>>> 
>>>>>> Also, what version are you working with?
>>>>>> We had a problem a few weeks ago, of identifying the correct ldap
>>>>>> provider. To fix that we added an option to specify the ldap
>>>>>> provider type. It determines which query will be used in order
>>>>>> to get the user details.
>>>>>> 
>>>>>> cc-ing Roy, which added this. iirc it is mandatory to provide
>>>>>> this option, so you probably don't have this option in your
>>>>>> environment.
>>>>>> Roy - is there an upstream release with this fix?
>>>>> Oved - this was merged upstream.
>>>>> T-Sinjon - have you cloned the git repo and compiled or are you
>>>>> using RPMs?
>>>> T-Sinjon - once your updated you'll be able to specify the which
>>>> type is your LDAP server and overcome this problem.
>>>> 
>>>> e.g.
>>>> engine-manage-domains -action=add -domain='local' -provider=ipa
>>>> -user='tsinjon' -interactive
>>>> 
>>>> 
>>>>> 
>>>>>> Regards,
>>>>>> Oved
>>>>>>> On 15 May, 2012, at 10:47 AM, T-Sinjon wrote:
>>>>>>> 
>>>>>>>> I have added those SRV info into my zone file , and it did go ,
>>>>>>>>  the log looks fine , but engine-manage-domains still return
>>>>>>>>  error
>>>>>>>> 
>>>>>>>> 2012-05-15 10:45:19,222 INFO
>>>>>>>>  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating
>>>>>>>> kerberos configuration for domain(s): local
>>>>>>>> 2012-05-15 10:45:19,258 INFO
>>>>>>>>  [org.ovirt.engine.core.utils.kerberos.ManageDomains]
>>>>>>>>  Successfully
>>>>>>>> created kerberos configuration for domain(s): local
>>>>>>>> 2012-05-15 10:45:19,259 INFO
>>>>>>>>  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing
>>>>>>>> kerberos configuration for domain: local
>>>>>>>> 
>>>>>>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
>>>>>>>> -domain='local' -user='tsinjon' -interactive
>>>>>>>> Enter password:
>>>>>>>> 
>>>>>>>> Error:  exception message: Integrity check on decrypted field
>>>>>>>> failed (31) - PREAUTH_FAILED
>>>>>>>> Failure while testing domain local. Details: Kerberos error.
>>>>>>>> Please
>>>>>>>> check log for further details.
>>>>>>>> 
>>>>>>>> 
>>>>>>>> On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote:
>>>>>>>> 
>>>>>>>>> ----- Original Message -----
>>>>>>>>>> From: "T-Sinjon"<tscbj1989 at gmail.com>
>>>>>>>>>> To: users at ovirt.org
>>>>>>>>>> Sent: Monday, May 14, 2012 5:07:46 PM
>>>>>>>>>> Subject: [Users] engine-manage-domains can't add user ,
>>>>>>>>>> domain
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> I use FreeIPA to authenticate users,  ipa user-add has no
>>>>>>>>>> problem,
>>>>>>>>>> but when i do :
>>>>>>>>>> 
>>>>>>>>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
>>>>>>>>>> -domain='local' -user='tsinjon' -interactive
>>>>>>>>>> 
>>>>>>>>>> Error: Authentication Failed. Please verify the fully
>>>>>>>>>> qualified
>>>>>>>>>> domain name that is used for authentication is correct..
>>>>>>>>>> Problematic
>>>>>>>>>> domain is: local
>>>>>>>>>> Failure while applying Kerberos configuration. Details:
>>>>>>>>>> Authentication Failed. Please verify the fully qualified
>>>>>>>>>> domain
>>>>>>>>>> name
>>>>>>>>>> that is used for authentication is correct.
>>>>>>>>>> 
>>>>>>>>>> and log from engine-manage-domains.log :
>>>>>>>>>> 
>>>>>>>>>> 2012-05-14 21:58:47,892 INFO
>>>>>>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating
>>>>>>>>>> kerberos configuration for domain(s): local
>>>>>>>>>> 2012-05-14 21:58:47,923 ERROR
>>>>>>>>>> [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting
>>>>>>>>>> SRV
>>>>>>>>>> list
>>>>>>>>>> for protocol _tcp and domain LOCAL Exception message is DNS
>>>>>>>>>> name
>>>>>>>>>> not
>>>>>>>>>> found [response code 3]
>>>>>>>>>> 
>>>>>>>>>> my domain is 'local'   , like ovirt-engine.local
>>>>>>>>>> 、ovirt-node-1.local
>>>>>>>>>> …etc
>>>>>>>>>> 
>>>>>>>>>> What can i do to get through it?
>>>>>>>>>> 
>>>>>>>>> The utility (and also the ovirt engine) are relying on DNS SRV
>>>>>>>>> records in order to find LDAP and kerberos servers (supporting
>>>>>>>>> Active directory, IPA or RHDS).
>>>>>>>>> So, in order to work with it you must have the following in
>>>>>>>>> the
>>>>>>>>> DNS
>>>>>>>>> 1. PTR record for your LDAP server
>>>>>>>>> 2. LDAP SRV record for your LDAP server
>>>>>>>>> 3. LDAP kerberos record for your LDAP server
>>>>>>>>> 
>>>>>>>>> If you don't really have access to the DNS you can install a
>>>>>>>>> package called "dnsmasq", and perform this changes by yourself
>>>>>>>>> in
>>>>>>>>> its config file.
>>>>>>>>> 
>>>>>>>>> Oved
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Users mailing list
>>>>>>>>>> Users at ovirt.org
>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>>>>>> 
>>>>>> _______________________________________________
>>>>>> Users mailing list
>>>>>> Users at ovirt.org
>>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>> 
>

More information about the Users mailing list