Perry N. Myers
2008-Jun-04 04:46 UTC
[Ovirt-devel] Testing results of new host-browser code
So, I ran the managed node creation and then the wui creation and things seemed to go ok using the new code for the host-browser... Ran into problems with getting the keytab generated on the wui server: Output from the managed node is:> [root at node3 ~]# /etc/init.d/ovirt start > Starting ovirt: Connecting to server > Starting information exchange... > Sending: UUID=node3.priv.ovirt.org > Sending: HYPERVISOR_TYPE=QEMU > Sending: HOSTNAME=node3.priv.ovirt.org > Sending: CPUSPEED=2992 > Sending: MEMSIZE=498 > Sending: ARCH=x86_64 > Sending: NUMCPUS=1 > Ending information exchange... > response is ERROR No such file or directory - /usr/share/ipa/html/192.168.50.3-libvirt.tab > response[:4] is ERRO > Traceback (most recent call last): > File "/sbin/ovirt-identify-node", line 125, in <module> > identifier.send_host_info() > File "/sbin/ovirt-identify-node", line 91, in send_host_info > raise TypeError, "Did not receive a keytab response: '%s'" % response > TypeError: Did not receive a keytab response: 'ERROR No such file or directory - /usr/share/ipa/html/192.168.50.3-libvirt.tab' > Failed to identify node [FAILED]Output from the host-browser log is:> Connected to 192.168.50.3 > [192.168.50.3] Begin conversation > [192.168.50.3] Begin remote info collection > [192.168.50.3] ::Received - UUID:node3.priv.ovirt.org > [192.168.50.3] ::Received - HYPERVISOR_TYPE:QEMU > [192.168.50.3] ::Received - HOSTNAME:node3.priv.ovirt.org > [192.168.50.3] ::Received - CPUSPEED:2992 > [192.168.50.3] ::Received - MEMSIZE:498 > [192.168.50.3] ::Received - ARCH:x86_64 > [192.168.50.3] ::Received - NUMCPUS:1 > Searching for existing host record... > Writing keytab file: /usr/share/ipa/html/192.168.50.3-libvirt.tab > kadmin: Client not found in Kerberos database while initializing kadmin interface^M > Authenticating as principal libvirt/admin at PRIV.OVIRT.ORG with password. > kadmin: Client not found in Kerberos database while initializing kadmin interface^M > Authenticating as principal libvirt/admin at PRIV.OVIRT.ORG with password. > ERROR No such file or directory - /usr/share/ipa/html/192.168.50.3-libvirt.tab > Disconnected from 192.168.50.3Looks like kadmin.local is having issues with creating the libvirt principal. I was able to successfully create this by hand from the kadmin.local console via: addprinc -randkey libvirt/node3.priv.ovirt.org at PRIV.OVIRT.ORG Otherwise, up to this point things look good. :) Thoughts on this? Perry -- |=- Red Hat, Engineering, Emerging Technologies, Boston -=| |=- Email: pmyers at redhat.com -=| |=- Office: +1 412 474 3552 Mobile: +1 703 362 9622 -=| |=- GnuPG: E65E4F3D 88F9 F1C9 C2F3 1303 01FE 817C C5D2 8B91 E65E 4F3D -=|
Perry N. Myers
2008-Jun-04 05:20 UTC
[Ovirt-devel] Testing results of new host-browser code
Perry N. Myers wrote:> So, I ran the managed node creation and then the wui creation and things > seemed to go ok using the new code for the host-browser... > > Ran into problems with getting the keytab generated on the wui server: > > Output from the managed node is: > >> [root at node3 ~]# /etc/init.d/ovirt start >> Starting ovirt: Connecting to server >> Starting information exchange... >> Sending: UUID=node3.priv.ovirt.org >> Sending: HYPERVISOR_TYPE=QEMU >> Sending: HOSTNAME=node3.priv.ovirt.org >> Sending: CPUSPEED=2992 >> Sending: MEMSIZE=498 >> Sending: ARCH=x86_64 >> Sending: NUMCPUS=1 >> Ending information exchange... >> response is ERROR No such file or directory - >> /usr/share/ipa/html/192.168.50.3-libvirt.tab >> response[:4] is ERRO >> Traceback (most recent call last): >> File "/sbin/ovirt-identify-node", line 125, in <module> >> identifier.send_host_info() >> File "/sbin/ovirt-identify-node", line 91, in send_host_info >> raise TypeError, "Did not receive a keytab response: '%s'" % response >> TypeError: Did not receive a keytab response: 'ERROR No such file or >> directory - /usr/share/ipa/html/192.168.50.3-libvirt.tab' >> Failed to identify node [FAILED] > > Output from the host-browser log is: > >> Connected to 192.168.50.3 >> [192.168.50.3] Begin conversation >> [192.168.50.3] Begin remote info collection >> [192.168.50.3] ::Received - UUID:node3.priv.ovirt.org >> [192.168.50.3] ::Received - HYPERVISOR_TYPE:QEMU >> [192.168.50.3] ::Received - HOSTNAME:node3.priv.ovirt.org >> [192.168.50.3] ::Received - CPUSPEED:2992 >> [192.168.50.3] ::Received - MEMSIZE:498 >> [192.168.50.3] ::Received - ARCH:x86_64 >> [192.168.50.3] ::Received - NUMCPUS:1 >> Searching for existing host record... >> Writing keytab file: /usr/share/ipa/html/192.168.50.3-libvirt.tab >> kadmin: Client not found in Kerberos database while initializing >> kadmin interface^M >> Authenticating as principal libvirt/admin at PRIV.OVIRT.ORG with password. >> kadmin: Client not found in Kerberos database while initializing >> kadmin interface^M >> Authenticating as principal libvirt/admin at PRIV.OVIRT.ORG with password. >> ERROR No such file or directory - >> /usr/share/ipa/html/192.168.50.3-libvirt.tab >> Disconnected from 192.168.50.3 > > Looks like kadmin.local is having issues with creating the libvirt > principal. I was able to successfully create this by hand from the > kadmin.local console via: > > addprinc -randkey libvirt/node3.priv.ovirt.org at PRIV.OVIRT.ORG > > Otherwise, up to this point things look good. :) > > Thoughts on this?I think I found why this fails... In host-browser.rb there is:> def kadmin_local(command) > system("/usr/kerberos/sbin/kadmin -q '" + command + "'") > endIf I change /usr/kerberos/sbin/kadmin to be /usr/kerberos/sbin/kadmin.local, the principal is added fine, the keytab is exported and the /etc/init.d/ovirt script on the managed node works fine. So... we don't want to stick with kadmin.local long term since we want to be able to have separate kerberos and ovirt servers. However, for now unless there is a quick solution to this I'm going to change this to be kadmin.local. Once there is a fix for this we'll change it back to kadmin. Perry> Perry-- |=- Red Hat, Engineering, Emerging Technologies, Boston -=| |=- Email: pmyers at redhat.com -=| |=- Office: +1 412 474 3552 Mobile: +1 703 362 9622 -=| |=- GnuPG: E65E4F3D 88F9 F1C9 C2F3 1303 01FE 817C C5D2 8B91 E65E 4F3D -=|