[Users] engine-manage-domains can't add user , domain

Ofer Schreiber oschreib at redhat.com
Tue May 22 09:00:44 UTC 2012



----- Original Message -----
> On 05/22/2012 08:34 AM, Oved Ourfalli wrote:
> >
> > ----- Original Message -----
> >> From: "T-Sinjon"<tscbj1989 at gmail.com>
> >> To: "Roy Golan"<rgolan at redhat.com>
> >> Cc: "Oved Ourfalli"<ovedo at redhat.com>, users at ovirt.org
> >> Sent: Tuesday, May 22, 2012 5:33:06 AM
> >> Subject: Re: [Users] engine-manage-domains can't add user , domain
> >>
> >> HI, Roy
> >>
> >> I have update my engine to newest use ' rpm -Uvh ' -
> >>
> >> I used rpms from
> >> http://jenkins.ovirt.org/view/ovirt_engine/job/ovirt_engine_create_rpms/
> >>   .
> >>
> >> [root at ovirt-engine ~]# rpm -qa | grep ovirt-engine
> >> ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64
> >> ovirt-engine-config-3.1.0_0001-1.8.fc16.x86_64
> >> ovirt-engine-log-collector-3.1.0_0001-1.8.fc16.x86_64
> >> ovirt-engine-3.1.0_0001-1.8.fc16.x86_64
> >> ovirt-engine-image-uploader-3.1.0_0001-1.8.fc16.x86_64
> >> ovirt-engine-restapi-3.1.0_0001-1.8.fc16.x86_64
> >> ovirt-engine-sdk-1.3-1.fc16.noarch
> >> ovirt-engine-tools-common-3.1.0_0001-1.8.fc16.x86_64
> >> ovirt-engine-backend-3.1.0_0001-1.8.fc16.x86_64
> >> ovirt-engine-jbossas-1.2-2.fc16.x86_64
> >> ovirt-engine-iso-uploader-3.1.0_0001-1.8.fc16.x86_64
> >> ovirt-engine-setup-3.1.0_0001-1.8.fc16.x86_64
> >> ovirt-engine-userportal-3.1.0_0001-1.8.fc16.x86_64
> >> ovirt-engine-jboss-deps-3.1.0_0001-1.8.fc16.x86_64
> >> ovirt-engine-webadmin-portal-3.1.0_0001-1.8.fc16.x86_64
> >> ovirt-engine-genericapi-3.1.0_0001-1.8.fc16.x86_64
> >> ovirt-engine-notification-service-3.1.0_0001-1.8.fc16.x86_64
> >>
> >> and now I add domain again , it still have error and there's no
> >> log
> >> can find from engine-manage-domains.log, what should i do now ?
> >>
> >> [root at ovirt-engine ~]# engine-manage-domains -action=add
> >> -domain=local -user=admin -provider=IPA -interactive
> >> Failed reading current configuration. Details: Error "Error
> >> fetching
> >> LDAPProviderTypes value: no such entry with version 'general'."
> >> while reading configuration value LDAPProviderTypes.
> >>
> > Looks like your database isn't updated.
> > I'm not sure whether a database upgrade is run automatically when
> > you update the RPMs, but according to the error you get it is
> > probably isn't.
> if rpm -Uvh didn't fire the upgrade script its a bug.
> pls attach /var/log/ovirt-engine/ovirt-engine-upgrade.log to see if
> something went wrong

This is completely not true.
We don't support rpm -Uvh rhevm at all, the right way to upgrade rpms is using the engine-upgrade utility.
Also, since you have a "devel" rpms, it is recommended to do a clean install of the rpms.



> > In the RPM ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64 you
> > should have an upgrade script.
> > (use rpm -qil on ovirt-engine-dbscripts-3.1.0_0001-1.8.fc16.x86_64
> > to find out where it is, as I'm not sure exactly where it's
> > installed).
> >
> > Run it using the command" ./upgrade.sh -u postgres
> > It will upgrade your database.
> >
> > Oved
> >> On 15 May, 2012, at 5:10 PM, Roy Golan wrote:
> >>
> >>> On 05/15/2012 08:48 AM, Yair Zaslavsky wrote:
> >>>> On 05/15/2012 08:35 AM, Oved Ourfalli wrote:
> >>>>> ----- Original Message -----
> >>>>>> From: "T-Sinjon"<tscbj1989 at gmail.com>
> >>>>>> To: "Oved Ourfalli"<ovedo at redhat.com>
> >>>>>> Cc: users at ovirt.org
> >>>>>> Sent: Tuesday, May 15, 2012 5:53:16 AM
> >>>>>> Subject: Re: [Users] engine-manage-domains can't add user ,
> >>>>>> domain
> >>>>>>
> >>>>>> after use kinit login tsinjon ,  the error changes to , why
> >>>>>> this
> >>>>>> happened?
> >>>>>>
> >>>>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
> >>>>>> -domain='local' -user='tsinjon' -interactive
> >>>>>> Enter password:
> >>>>>>
> >>>>>> No user in Directory was found for tsinjon at LOCAL. Trying next
> >>>>>> LDAP
> >>>>>> server in list
> >>>>>> Failure while testing domain local. Details: No user
> >>>>>> information
> >>>>>> was
> >>>>>> found for user
> >>>>>>
> >>>>> Can't see why kinit matters here, but looking at your command I
> >>>>> noticed you used single quotes for the user and domain name.
> >>>>> I'm not sure it knows to handle this correctly.
> >>>>> Did you try without the quotes?
> >>>>>
> >>>>> Also, what version are you working with?
> >>>>> We had a problem a few weeks ago, of identifying the correct
> >>>>> ldap
> >>>>> provider. To fix that we added an option to specify the ldap
> >>>>> provider type. It determines which query will be used in order
> >>>>> to get the user details.
> >>>>>
> >>>>> cc-ing Roy, which added this. iirc it is mandatory to provide
> >>>>> this option, so you probably don't have this option in your
> >>>>> environment.
> >>>>> Roy - is there an upstream release with this fix?
> >>>> Oved - this was merged upstream.
> >>>> T-Sinjon - have you cloned the git repo and compiled or are you
> >>>> using RPMs?
> >>> T-Sinjon - once your updated you'll be able to specify the which
> >>> type is your LDAP server and overcome this problem.
> >>>
> >>> e.g.
> >>> engine-manage-domains -action=add -domain='local' -provider=ipa
> >>> -user='tsinjon' -interactive
> >>>
> >>>
> >>>>
> >>>>> Regards,
> >>>>> Oved
> >>>>>> On 15 May, 2012, at 10:47 AM, T-Sinjon wrote:
> >>>>>>
> >>>>>>> I have added those SRV info into my zone file , and it did go
> >>>>>>> ,
> >>>>>>>   the log looks fine , but engine-manage-domains still return
> >>>>>>>   error
> >>>>>>>
> >>>>>>> 2012-05-15 10:45:19,222 INFO
> >>>>>>>   [org.ovirt.engine.core.utils.kerberos.ManageDomains]
> >>>>>>>   Creating
> >>>>>>> kerberos configuration for domain(s): local
> >>>>>>> 2012-05-15 10:45:19,258 INFO
> >>>>>>>   [org.ovirt.engine.core.utils.kerberos.ManageDomains]
> >>>>>>>   Successfully
> >>>>>>> created kerberos configuration for domain(s): local
> >>>>>>> 2012-05-15 10:45:19,259 INFO
> >>>>>>>   [org.ovirt.engine.core.utils.kerberos.ManageDomains]
> >>>>>>>   Testing
> >>>>>>> kerberos configuration for domain: local
> >>>>>>>
> >>>>>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
> >>>>>>> -domain='local' -user='tsinjon' -interactive
> >>>>>>> Enter password:
> >>>>>>>
> >>>>>>> Error:  exception message: Integrity check on decrypted field
> >>>>>>> failed (31) - PREAUTH_FAILED
> >>>>>>> Failure while testing domain local. Details: Kerberos error.
> >>>>>>> Please
> >>>>>>> check log for further details.
> >>>>>>>
> >>>>>>>
> >>>>>>> On 14 May, 2012, at 10:12 PM, Oved Ourfalli wrote:
> >>>>>>>
> >>>>>>>> ----- Original Message -----
> >>>>>>>>> From: "T-Sinjon"<tscbj1989 at gmail.com>
> >>>>>>>>> To: users at ovirt.org
> >>>>>>>>> Sent: Monday, May 14, 2012 5:07:46 PM
> >>>>>>>>> Subject: [Users] engine-manage-domains can't add user ,
> >>>>>>>>> domain
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> I use FreeIPA to authenticate users,  ipa user-add has no
> >>>>>>>>> problem,
> >>>>>>>>> but when i do :
> >>>>>>>>>
> >>>>>>>>> [root at ovirt-engine ~]# engine-manage-domains -action=add
> >>>>>>>>> -domain='local' -user='tsinjon' -interactive
> >>>>>>>>>
> >>>>>>>>> Error: Authentication Failed. Please verify the fully
> >>>>>>>>> qualified
> >>>>>>>>> domain name that is used for authentication is correct..
> >>>>>>>>> Problematic
> >>>>>>>>> domain is: local
> >>>>>>>>> Failure while applying Kerberos configuration. Details:
> >>>>>>>>> Authentication Failed. Please verify the fully qualified
> >>>>>>>>> domain
> >>>>>>>>> name
> >>>>>>>>> that is used for authentication is correct.
> >>>>>>>>>
> >>>>>>>>> and log from engine-manage-domains.log :
> >>>>>>>>>
> >>>>>>>>> 2012-05-14 21:58:47,892 INFO
> >>>>>>>>> [org.ovirt.engine.core.utils.kerberos.ManageDomains]
> >>>>>>>>> Creating
> >>>>>>>>> kerberos configuration for domain(s): local
> >>>>>>>>> 2012-05-14 21:58:47,923 ERROR
> >>>>>>>>> [org.ovirt.engine.core.dns.DnsSRVLocator] Error in getting
> >>>>>>>>> SRV
> >>>>>>>>> list
> >>>>>>>>> for protocol _tcp and domain LOCAL Exception message is DNS
> >>>>>>>>> name
> >>>>>>>>> not
> >>>>>>>>> found [response code 3]
> >>>>>>>>>
> >>>>>>>>> my domain is 'local'   , like ovirt-engine.local
> >>>>>>>>> 、ovirt-node-1.local
> >>>>>>>>> …etc
> >>>>>>>>>
> >>>>>>>>> What can i do to get through it?
> >>>>>>>>>
> >>>>>>>> The utility (and also the ovirt engine) are relying on DNS
> >>>>>>>> SRV
> >>>>>>>> records in order to find LDAP and kerberos servers
> >>>>>>>> (supporting
> >>>>>>>> Active directory, IPA or RHDS).
> >>>>>>>> So, in order to work with it you must have the following in
> >>>>>>>> the
> >>>>>>>> DNS
> >>>>>>>> 1. PTR record for your LDAP server
> >>>>>>>> 2. LDAP SRV record for your LDAP server
> >>>>>>>> 3. LDAP kerberos record for your LDAP server
> >>>>>>>>
> >>>>>>>> If you don't really have access to the DNS you can install a
> >>>>>>>> package called "dnsmasq", and perform this changes by
> >>>>>>>> yourself
> >>>>>>>> in
> >>>>>>>> its config file.
> >>>>>>>>
> >>>>>>>> Oved
> >>>>>>>>> _______________________________________________
> >>>>>>>>> Users mailing list
> >>>>>>>>> Users at ovirt.org
> >>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users
> >>>>>>>>>
> >>>>> _______________________________________________
> >>>>> Users mailing list
> >>>>> Users at ovirt.org
> >>>>> http://lists.ovirt.org/mailman/listinfo/users
> >> _______________________________________________
> >> Users mailing list
> >> Users at ovirt.org
> >> http://lists.ovirt.org/mailman/listinfo/users
> >>
> 
> 



More information about the Users mailing list