[ovirt-users] Ovirt 4.0 and EL 7.4

Pavel Gashev Pax at acronis.com
Thu Oct 5 11:26:00 UTC 2017


Full /etc/sasl2/libvirt.conf:
mech_list: digest-md5
sasldb_path: /etc/libvirt/passwd.db

Also note that VDSM has to be patched to work on 7.4 with no issues. oVirt 3.6 and 4.1 have required fixes, but oVirt 4.0 doesn’t. 

On 04/10/2017, 18:44, "users-bounces at ovirt.org on behalf of Alan Griffiths" <users-bounces at ovirt.org on behalf of apgriffiths79 at gmail.com> wrote:

    That didn't seem to make any difference.
    
    I can make it work by disabling authentication
    
    auth_unix_rw="none"  in /etc/libvirt/libvirtd.conf
    
    On 4 October 2017 at 15:05, VONDRA Alain <AVONDRA at unicef.fr> wrote:
    > Hi,
    > Did you modify your /etc/sasl2/libvirt.conf, because the update has modify the way to authenticate from md5 to gssapi.
    >
    > If not just change this line :
    > mech_list: gssapi
    > to
    > mech_list: digest-md5
    >
    > And restart services
    >
    > As mentioned in the libvirt.conf file :
    >
    > # NB, previously DIGEST-MD5 was set as the default mechanism for
    > # libvirt. Per RFC 6331 this is vulnerable to many serious security
    > # flaws and should no longer be used. Thus GSSAPI is now the default.
    > #
    > # To use GSSAPI requires that a libvirtd service principal is
    > # added to the Kerberos server for each host running libvirtd.
    > # This principal needs to be exported to the keytab file listed below
    >
    > Alain
    >
    >
    >
    > Alain VONDRA
    >
    > Chargé d'Exploitation et de Sécurité des Systèmes d'Information
    > Direction Administrative et Financière
    > +33 1 44 39 77 76
    >
    > UNICEF France
    > 3 rue Duguay Trouin  75006
    > PARIS
    > www.unicef.fr
    > -----Message d'origine-----
    > De : users-bounces at ovirt.org [mailto:users-bounces at ovirt.org] De la part de Alan Griffiths
    > Envoyé : mercredi 4 octobre 2017 15:50
    > À : Ovirt Users <users at ovirt.org>
    > Objet : [ovirt-users] Ovirt 4.0 and EL 7.4
    >
    > Hi,
    >
    > Is 4.0 supported/known to work on CentOS 7.4?
    >
    > I've just tried to upgrade one of the hosts in my lab from 7.3 to 7.4 and now vdsm-network fails to start with
    >
    > vdsm-tool: libvirt: XML-RPC error : authentication failed: authentication failed
    >
    > To even get this far I had to exclude gluster packages as 7.4 introduces 3.8 but ovirt 4.0 repo is still on 3.7.
    >
    > So, more generally. If I'm on ovirt 4.0, gluster 3.7 and EL 7.3. What is the best ordering for getting to ovirt 4.1 and EL 7.4?
    >
    > Thanks,
    >
    > Alan
    > _______________________________________________
    > Users mailing list
    > Users at ovirt.org
    > http://lists.ovirt.org/mailman/listinfo/users
    _______________________________________________
    Users mailing list
    Users at ovirt.org
    http://lists.ovirt.org/mailman/listinfo/users
    



More information about the Users mailing list