From mmorsi at redhat.com Tue Apr 1 04:26:16 2008 From: mmorsi at redhat.com (Mohammed Morsi) Date: Tue, 01 Apr 2008 00:26:16 -0400 Subject: [Ovirt-devel] [patch] Even Better Exceptions For ruby-libvirt bindings In-Reply-To: <1206999005.9106.15.camel@localhost.localdomain> References: <47F14A3F.20200@redhat.com> <47F14B47.4000100@redhat.com> <47F15088.8090600@redhat.com> <1206999005.9106.15.camel@localhost.localdomain> Message-ID: <47F1B968.7020506@redhat.com> David Lutterkort wrote: > On Mon, 2008-03-31 at 16:58 -0400, Mohammed Morsi wrote: > >> Oy, let me try this one more time (last time I promise ;-) ). >> > > Seems like third time is indeed the charm :) > > >> diff -r de489d66999d ext/libvirt/_libvirt.c >> --- a/ext/libvirt/_libvirt.c Mon Mar 31 10:00:40 2008 -0700 >> +++ b/ext/libvirt/_libvirt.c Mon Mar 31 16:55:03 2008 -0400 >> >> @@ -111,6 +119,16 @@ static virConnectPtr conn(VALUE s) { >> return conn; >> } >> >> +/* Errors */ >> +static VALUE create_error(VALUE error, char* method, char* msg, >> + virConnectPtr conn){ >> + extern VALUE ruby_errinfo; >> + ruby_errinfo = rb_exc_new2(error, msg); >> + rb_iv_set(ruby_errinfo, "@method_name", rb_str_new2(method)); >> + rb_iv_set(ruby_errinfo, "@vir_connect_ptr", connect_new(conn)); >> + return ruby_errinfo; >> +}; >> + >> > > I don't like the idea of storing the connection in the exception. If > there is virError information that seems useful, it should be retrieved > when the exception is created, and put into the exception object. > > Alright simple enough, now that I know how any information can be stored in the exception. I'm not fully sure what the cases are in which virError is useful and should be stored. But these can be worked out as I go along. >> /* Error handling */ >> -#define _E(cond, conn, fn) \ >> - do { if (cond) vir_error(conn, fn); } while(0) >> - >> -NORETURN(static void vir_error(virConnectPtr conn, const char *fn)); >> - >> -static void vir_error(virConnectPtr conn, const char *fn) { >> - rb_raise(rb_eSystemCallError, "libvir call %s failed", fn); >> +#define _E(cond, excep) \ >> + do { if (cond) vir_error(excep); } while(0) >> + >> +NORETURN(static void vir_error(VALUE exception)); >> + >> +static void vir_error(VALUE exception) { >> + printf("libvir call %s failed\n", STR2CSTR(rb_iv_get(exception, >> "@method_name"))); >> + rb_exc_raise(exception); >> } >> > > I assume the printf is a remain from debugging - that needs to be > removed. > I put in the printf because I swapped rb_raise to rb_exc_raise. I had to do this because of how the exception object is constructed. rb_raise takes a message with the exception and simply feeds it into printf, something which rb_exc_raise does not, and I was assuming this was the expected/required behaviour so I put it in. Simple enough to change. > The _E macro has two purposes: (1) remove the visual clutter from error > checking and (2) avoid creating things at the point where errors are > checked. > > The way it is now, e.g. in > > >> @@ -396,7 +415,7 @@ VALUE libvirt_conn_version(VALUE s) { >> virConnectPtr conn = connect_get(s); >> >> r = virConnectGetVersion(conn, &v); >> - _E(r < 0, conn, "virConnectGetVersion"); >> + _E(r < 0, create_error(e_RetrieveError, "virConnectGetVersion", "", conn)); >> >> return ULONG2NUM(v); >> } >> > > an exception is allocated every time there is an error check. Can you > change it so that create_error is only called when there actually is a > need to throw an exception ? _E should be changed so that the above use > looks something like > > _E(r < 0, e_RetrieveError, "virConnectGetVersion", conn); > I was actually thinking about the _E and the continuous exception creation as well and I don't think its an issue. Its been a while so feel free to correct me if I'm wrong, but I believe the #define preprocessor macro will evaluate before compilation, replacing all the calls to _E(condition, exception) with if(condition) vir_error(create_error(....)). Thus when the code is actually compiled, the error objects do no get created unless the condition is true. > It also looks like the third argument to create_error is always the > empty string, so it could be dropped, at least from the invocation of > _E. > The string is actually required for exception instantiation. I can change it so that when the code creates the next exception, it uses the method_name string instead. I just thought it was useful to have an additional, error-specific, message other than "libvir call %s failed". > Also, the only reason to pass the connection here would be to get more > error information from libvirt. If that's not needed, that argument > should be removed, too. I probably should have done that from the very > beginning. > > Well thats the thing, is it the case that in some cases it is needed and some it isn't? Once again, I'm a little unclear on how virError mention previously fits into the equation and was under the impression that the info you needed to handle the exception properly was stored in the vir_connect_ptr >> + // create 'method_name' and 'vir_connect_ptr' attributes on >> e_Error class >> + rb_define_attr(e_Error, "method_name", 1, 1); >> + rb_define_attr(e_Error, "vir_connect_ptr", 1, 1); >> > > This is a very small nit, but I'd prefer a less OO centric name for the > attribute holding the name of the libvirt function than > 'method_name' ... maybe 'libvirt_function' or 'libvirt_function_name' > Easy as pie :-) > David > > For the most part everything mentioned will be simple to do, but I will need some more info / specifics. I'll ping you about it sometime tomorrow. -Mo From dlutter at redhat.com Tue Apr 1 05:58:08 2008 From: dlutter at redhat.com (David Lutterkort) Date: Mon, 31 Mar 2008 22:58:08 -0700 Subject: [Ovirt-devel] [patch] Even Better Exceptions For ruby-libvirt bindings In-Reply-To: <47F1B968.7020506@redhat.com> References: <47F14A3F.20200@redhat.com> <47F14B47.4000100@redhat.com> <47F15088.8090600@redhat.com> <1206999005.9106.15.camel@localhost.localdomain> <47F1B968.7020506@redhat.com> Message-ID: <1207029488.9106.17.camel@localhost.localdomain> On Tue, 2008-04-01 at 00:26 -0400, Mohammed Morsi wrote: > David Lutterkort wrote: > > > > an exception is allocated every time there is an error check. Can you > > change it so that create_error is only called when there actually is a > > need to throw an exception ? _E should be changed so that the above use > > looks something like > > > > _E(r < 0, e_RetrieveError, "virConnectGetVersion", conn); > > > I was actually thinking about the _E and the continuous exception > creation as well and I don't think its an issue. No idea what I was on when I wrote the above - you are perfectly right. David From meyering at redhat.com Tue Apr 1 10:39:08 2008 From: meyering at redhat.com (Jim Meyering) Date: Tue, 01 Apr 2008 12:39:08 +0200 Subject: [Ovirt-devel] [PATCH] common-post.ks: Set LC_ALL=C as well as LANG=C Message-ID: <87fxu53lmb.fsf@rho.meyering.net> I've just committed this tiny change: common-post.ks: Set LC_ALL=C as well as LANG=C. other details: - Using single quotes means the reader doesn't have to wonder if there's a variable reference or a backtick in the string. - Redirect only once, to reduce duplication. diff --git a/ovirt-host-creator/common-post.ks b/ovirt-host-creator/common-post.ks index ad50be6..e3cd334 100644 --- a/ovirt-host-creator/common-post.ks +++ b/ovirt-host-creator/common-post.ks @@ -222,9 +222,10 @@ rm -f /etc/krb5.conf # with a single entry "1" echo 1 | /usr/sbin/packer >& /dev/null -# force logins (via ssh, etc) to use C language, since we remove locales -echo "# oVirt: force our LANG to C since we don't have locale stuff" >> /etc/profile -echo "export LANG=C" >> /etc/profile +# force logins (via ssh, etc) to use C locale, since we remove locales +{ echo '# oVirt: force our locale to C since we don't have locale stuff' + echo 'export LC_ALL=C LANG=C' +} >> /etc/profile # here, remove a bunch of files we don't need that are just eating up space. # it breaks rpm slightly, but it's not too bad -- 1.5.5.rc2.7.g0b2fe From mmorsi at redhat.com Tue Apr 1 16:57:12 2008 From: mmorsi at redhat.com (Mohammed Morsi) Date: Tue, 01 Apr 2008 12:57:12 -0400 Subject: [Ovirt-devel] [patch] Even Better Exceptions For ruby-libvirt bindings In-Reply-To: <1206999005.9106.15.camel@localhost.localdomain> References: <47F14A3F.20200@redhat.com> <47F14B47.4000100@redhat.com> <47F15088.8090600@redhat.com> <1206999005.9106.15.camel@localhost.localdomain> Message-ID: <47F26968.9000501@redhat.com> Updated and attached. Good news is everything compiles fine and everything seems to work. Due to request, I did not add the libvirt exception structure to the ruby-libvirt exception object, rather the message field is copied over. For the next revision the code, domain, level, other message fields, and anything else anyone needs will also be included. Enjoy! -------------- next part -------------- A non-text attachment was scrubbed... Name: _libvirt.c.patch Type: text/x-patch Size: 22005 bytes Desc: not available URL: From dlutter at redhat.com Tue Apr 1 18:24:32 2008 From: dlutter at redhat.com (David Lutterkort) Date: Tue, 01 Apr 2008 18:24:32 +0000 Subject: [Ovirt-devel] [patch] Even Better Exceptions For ruby-libvirt bindings In-Reply-To: <47F26968.9000501@redhat.com> References: <47F14A3F.20200@redhat.com> <47F14B47.4000100@redhat.com> <47F15088.8090600@redhat.com> <1206999005.9106.15.camel@localhost.localdomain> <47F26968.9000501@redhat.com> Message-ID: <1207074272.9106.26.camel@localhost.localdomain> Just a couple small things: > diff -r de489d66999d ext/libvirt/_libvirt.c > --- a/ext/libvirt/_libvirt.c Mon Mar 31 10:00:40 2008 -0700 > +++ b/ext/libvirt/_libvirt.c Tue Apr 01 12:52:49 2008 -0400 > static VALUE m_libvirt; > static VALUE c_connect; > +static VALUE c_vir_error; This isn't used and can just be removed (together with the definition of the class in Init_libvirt). > +/* Errors */ > +static VALUE create_error(VALUE error, char* method, char* msg, > + virConnectPtr conn){ > + extern VALUE ruby_errinfo; clalancette actually spotted this: why is ruby_errinfo extern ? > + // create 'libvirt_function_name' and 'vir_connect_ptr' > attributes on e_Error class > + rb_define_attr(e_Error, "libvirt_function_name", 1, 1); > + rb_define_attr(e_Error, "vir_error", 1, 1); Can we call this attribute libvirt_message ? vir_error is kinda generic. Also, is there any point in having setters for them ? I don't think that's needed. David From clalance at redhat.com Tue Apr 1 18:42:53 2008 From: clalance at redhat.com (Chris Lalancette) Date: Tue, 01 Apr 2008 14:42:53 -0400 Subject: [Ovirt-devel] [patch] Even Better Exceptions For ruby-libvirt bindings In-Reply-To: <47F26968.9000501@redhat.com> References: <47F14A3F.20200@redhat.com> <47F14B47.4000100@redhat.com> <47F15088.8090600@redhat.com> <1206999005.9106.15.camel@localhost.localdomain> <47F26968.9000501@redhat.com> Message-ID: <47F2822D.6020002@redhat.com> Mohammed Morsi wrote: > Updated and attached. Good news is everything compiles fine and > everything seems to work. Due to request, I did not add the libvirt > exception structure to the ruby-libvirt exception object, rather the > message field is copied over. For the next revision the code, domain, > level, other message fields, and anything else anyone needs will also be > included. Enjoy! > + > + > +// define additional errors here > +static VALUE e_Error; // Error - generic error > +static VALUE e_ConnectionError; // ConnectionError - error durring connection establishment > +static VALUE e_DefinitionError; // DefinitionError - error during data definition > +static VALUE e_RetrieveError; // RetrievalError - error during data retrieval > +static VALUE e_OperationError; // OperationError - error during other various operations >From a quick glance, it's unclear to me what the difference between e_Error and e_OperationError is; what exactly is your intent here? > + > + /* > + * Class Libvirt::VirError - core Libvirt error structure wrapper > + */ > + c_vir_error = rb_define_class_under(m_libvirt, "VirError", rb_cObject); What is this used for? There is only the static at the top of the file, and then this define_class, but no additional methods or subclasses. What's the intent here? Besides the cleanup I've mentioned here, this is a definite improvement over the current exception implementation. Once this is fixed, it will get an ACK from me. Chris Lalancette From hbrock at redhat.com Tue Apr 1 20:08:32 2008 From: hbrock at redhat.com (Hugh O. Brock) Date: Tue, 1 Apr 2008 16:08:32 -0400 Subject: [Ovirt-devel] [Patch] default quota UI for host collection In-Reply-To: <47F14E6B.8000305@redhat.com> References: <47F14E6B.8000305@redhat.com> Message-ID: <20080401200804.GD3009@redhat.com> On Mon, Mar 31, 2008 at 04:49:47PM -0400, Scott Seago wrote: > I've added default quota to the Host Collection UI. If a quota is set on > the Host Collection, it will be applied, by default, to all VM Libraries in > this collection -- any VM Library that sets or edits a quota will override > the default quota. > > Scott > diff --git a/wui/src/app/controllers/quota_controller.rb b/wui/src/app/controllers/quota_controller.rb > index 5563b40..ec842ff 100644 > --- a/wui/src/app/controllers/quota_controller.rb > +++ b/wui/src/app/controllers/quota_controller.rb > @@ -25,7 +25,7 @@ class QuotaController < ApplicationController > def set_perms > @user = get_login_user > if @quota.host_collection > - @Is_admin = @quota.host_collection.is_admin(@user) > + @is_admin = @quota.host_collection.is_admin(@user) > @can_monitor = @quota.host_collection.can_monitor(@user) > @can_delegate = @quota.host_collection.can_delegate(@user) > elsif @quota.vm_library > @@ -41,7 +41,7 @@ class QuotaController < ApplicationController > > def redirect_to_parent > if @quota.host_collection > - redirect_to :controller => 'pool', :action => 'show', :id => @quota.host_collection > + redirect_to :controller => 'collection', :action => 'show', :id => @quota.host_collection > elsif @quota.vm_library > redirect_to :controller => 'library', :action => 'show', :id => @quota.vm_library > else > @@ -124,7 +124,7 @@ class QuotaController < ApplicationController > flash[:notice] = 'destroying quota failed ' > end > if pool_id > - redirect_to :controller => 'pool', :action => 'show', :id => pool_id > + redirect_to :controller => 'collection', :action => 'show', :id => pool_id > elsif vm_library_id > redirect_to :controller => 'library', :action => 'show', :id => vm_library_id > else > diff --git a/wui/src/app/models/host_collection.rb b/wui/src/app/models/host_collection.rb > index 3d906c3..41ea00f 100644 > --- a/wui/src/app/models/host_collection.rb > +++ b/wui/src/app/models/host_collection.rb > @@ -32,4 +32,34 @@ class HostCollection < HardwarePool > def get_controller > 'collection' > end > + > + def total_resources > + the_quota = nil > + pool = self > + while not(pool.nil?) and (pool[:type] == HostCollection.name) > + if pool.quota > + the_quota = pool.quota > + pool = nil > + else > + pool = pool.superpool > + end > + end > + if the_quota.nil? > + Quota.get_resource_hash(nil, nil, nil, nil, nil) > + else > + the_quota.total_resources > + end > + end > + > + def full_resources(exclude_vm = nil) > + total = total_resources > + labels = [["CPUs", :cpus, ""], > + ["Memory", :memory_in_mb, "(mb)"], > + ["NICs", :nics, ""], > + ["VMs", :vms, ""], > + ["Disk", :storage_in_gb, "(gb)"]] > + return {:total => total, :labels => labels} > + end > + > + > end > diff --git a/wui/src/app/views/collection/show.html.erb b/wui/src/app/views/collection/show.html.erb > index 046199e..b2bfc2d 100644 > --- a/wui/src/app/views/collection/show.html.erb > +++ b/wui/src/app/views/collection/show.html.erb > @@ -31,6 +31,32 @@ > > > > +
> +
Default VM Library Resources
> +
Statistics Data
> +
> +
> + > + > + > + > + > + > + <% resources = @collection.full_resources %> > + <% for item in resources[:labels] %> > + <% total_limit = resources[:total][item[1]] > + total_limit = "unlimited" if total_limit.nil? %> > + > + > + > + > + <% end %> > +
default values for VM Libraries
<%= item[0]%>:<%= total_limit %> > + <%= item[2]%>
> + > +
> +
> +
> > > > @@ -59,6 +85,12 @@ > >
>
<%= link_to 'Edit Collection Properties', { :action => 'edit', :id => @collection }, { :class => "edit" } %>
> + <%if @collection.quota -%> > + <%= link_to 'Edit default Quota', { :controller => 'quota', :action => 'edit', :id => @collection.quota }, { :class => "edit" } %> > + <%= link_to 'Remove default Quota', { :controller => 'quota', :action => 'destroy', :id => @collection.quota }, :confirm => 'Are you sure?', :method=> :post, :class => "remove" %> > + <% else -%> > + <%= link_to 'Edit Quota', { :controller => 'quota', :action => 'new', :host_collection_id => @collection }, { :class => "edit" } %> > + <% end -%> >
<%= link_to_if @can_delegate, 'User Permissions', { :controller => 'permission', :action => 'new', :hardware_pool_id => @collection }, { :class => "edit" } %>
> > +1, looks great. --Hugh From clalance at redhat.com Tue Apr 1 21:02:51 2008 From: clalance at redhat.com (Chris Lalancette) Date: Tue, 01 Apr 2008 17:02:51 -0400 Subject: [Ovirt-devel] [patch] Even Better Exceptions For ruby-libvirt bindings In-Reply-To: <47F2822D.6020002@redhat.com> References: <47F14A3F.20200@redhat.com> <47F14B47.4000100@redhat.com> <47F15088.8090600@redhat.com> <1206999005.9106.15.camel@localhost.localdomain> <47F26968.9000501@redhat.com> <47F2822D.6020002@redhat.com> Message-ID: <47F2A2FB.1000804@redhat.com> Chris Lalancette wrote: > Mohammed Morsi wrote: >> Updated and attached. Good news is everything compiles fine and >> everything seems to work. Due to request, I did not add the libvirt >> exception structure to the ruby-libvirt exception object, rather the >> message field is copied over. For the next revision the code, domain, >> level, other message fields, and anything else anyone needs will also be >> included. Enjoy! Actually, besides my previous points, let me ask a question. Given the following code snippet: #!/usr/bin/ruby require 'libvirt' conn = Libvirt::open conn = Libvirt::open('foo') conn = Libvirt::open('qemu+tcp://foo.perf.redhat.com/system') Currently, these three open calls snippets all fail with ArgumentError. As I understand your new code, these will all now end up with "e_ConnectionError", with some string set showing what the error was. However, that's still not fine-grained enough; in the first case, it's a programming error, so I want to strack trace the whole program. In the second case, it's a user error (entering the wrong connection string in the database), so I want to fail gracefully with the error message. In the third case, the user did everything right, but the network or the box wasn't up, so I want to fail gracefully with the error message. So, with the above example in mind, is there any way to get that sort of fine-grained information? The answer may be no, depending on what kind of information you get out of libvirt, but if it is possible, that's a lot more useful. Chris Lalancette From berrange at redhat.com Tue Apr 1 21:05:26 2008 From: berrange at redhat.com (Daniel P. Berrange) Date: Tue, 1 Apr 2008 22:05:26 +0100 Subject: [Ovirt-devel] [patch] Even Better Exceptions For ruby-libvirt bindings In-Reply-To: <47F2A2FB.1000804@redhat.com> References: <47F14A3F.20200@redhat.com> <47F14B47.4000100@redhat.com> <47F15088.8090600@redhat.com> <1206999005.9106.15.camel@localhost.localdomain> <47F26968.9000501@redhat.com> <47F2822D.6020002@redhat.com> <47F2A2FB.1000804@redhat.com> Message-ID: <20080401210526.GJ31765@redhat.com> On Tue, Apr 01, 2008 at 05:02:51PM -0400, Chris Lalancette wrote: > Chris Lalancette wrote: > > Mohammed Morsi wrote: > >> Updated and attached. Good news is everything compiles fine and > >> everything seems to work. Due to request, I did not add the libvirt > >> exception structure to the ruby-libvirt exception object, rather the > >> message field is copied over. For the next revision the code, domain, > >> level, other message fields, and anything else anyone needs will also be > >> included. Enjoy! > > Actually, besides my previous points, let me ask a question. Given the > following code snippet: > > #!/usr/bin/ruby > > require 'libvirt' > > conn = Libvirt::open > > conn = Libvirt::open('foo') > > conn = Libvirt::open('qemu+tcp://foo.perf.redhat.com/system') > > Currently, these three open calls snippets all fail with ArgumentError. As I > understand your new code, these will all now end up with "e_ConnectionError", > with some string set showing what the error was. However, that's still not > fine-grained enough; in the first case, it's a programming error, so I want to > strack trace the whole program. In the second case, it's a user error (entering > the wrong connection string in the database), so I want to fail gracefully with > the error message. In the third case, the user did everything right, but the > network or the box wasn't up, so I want to fail gracefully with the error message. No, all three of those are the same & should be handled the same way. The first should call virConnectOpen(NULL) letting libvirt probe the hypervisor and is *not* a programming error. All 3 should fail gracefully with the error message libvirt provides in the virErrorPtr object. Dan. -- |: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| From hbrock at redhat.com Tue Apr 1 21:20:07 2008 From: hbrock at redhat.com (Hugh O. Brock) Date: Tue, 1 Apr 2008 17:20:07 -0400 Subject: [Ovirt-devel] maintaining a mirror for remotees Message-ID: <20080401212004.GE3009@redhat.com> One of the joys of working remotely is that you don't generally have access to your own local repository of distro spins and packages for doing installs. This makes virtualization development a real pain because it seems like you're always trying to whip up some VM or other and then having to download 800MB of packages from some slow mirror. The alternative to this is to maintain your own local mirror. Yum has an utility called "reposync" that supposedly does this for you. However it is not very smart -- if the same package is in f7-i386 and f7-x86_64, for example, which happens frequently, reposync will happily download both copies. Dan Berrange patched reposync to fix this at some point, although the patches didn't make it upstream as far as I know. What the patched version does is check any package directory you specify to see if the package you are about to download exists. If it does, rather than downloading it again, reposync hardlinks to it, so that as far as yum knows you have the same package in both directories. This saves many gigabytes of storage and bandwidth. To make all this work you need a current version of yum-utils (I believe that's the package name), plus the patched reposync (attached). I run the thing from a script that I have also attached to keep current copies of f7, f7-updates, f8, f8-updates, and rawhide (all for both i386 and x86_64). Dan, because he is the man, also grabs SRPMS, but I don't have the mojo for that so I don't bother with it. I run this from a cron job at 7 p.m. daily and it is usually finished by the time I come in the next morning (unless there has been a major release the night before). You need to set up yum.conf files for each repository you sync to tell reposync where to look for the packages. You can pick your favorite mirror here or just use download.fedora.redhat.com. Also note that if you need isos in a repo you have to download them separately, but you really only have to do that once so no biggie. Enjoy, --Hugh -------------- next part -------------- #!/usr/bin/python -tt # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # copyright 2006 Duke University # author seth vidal # sync all or the newest packages from a repo to the local path # TODO: # have it print out list of changes # make it work with mirrorlists (silly, really) # man page/more useful docs # deal nicely with a package changing but not changing names (ie: replacement) # criteria # if a package is not the same and smaller then reget it # if a package is not the same and larger, delete it and get it again # always replace metadata files if they're not the same. import os import sys import shutil import stat from optparse import OptionParser from urlparse import urljoin import yum import yum.Errors from yum.misc import getCacheDir from yum.constants import * from yum.packages import parsePackages from yum.packageSack import ListPackageSack import rpmUtils.arch import logging from urlgrabber.progress import TextMeter # for yum 2.4.X compat def sortPkgObj(pkg1 ,pkg2): """sorts a list of yum package objects by name""" if pkg1.name > pkg2.name: return 1 elif pkg1.name == pkg2.name: return 0 else: return -1 class RepoSync(yum.YumBase): def __init__(self, opts): yum.YumBase.__init__(self) self.logger = logging.getLogger('yum.verbose.reposync') self.opts = opts def localpkgs(dir): names = os.listdir(dir) cache = {} for name in names: fn = os.path.join(dir, name) try: st = os.lstat(fn) except os.error: continue if stat.S_ISDIR(st.st_mode): subcache= localpkgs(fn) for pkg in subcache.keys(): cache[pkg] = subcache[pkg] elif stat.S_ISREG(st.st_mode) and name.endswith(".rpm"): cache[name] = { 'path': fn, 'size': st.st_size, 'device': st.st_dev } return cache def parseArgs(): usage = """ Reposync is used to synchronize a remote yum repository to a local directory using yum to retrieve the packages. %s [options] """ % sys.argv[0] parser = OptionParser(usage=usage) parser.add_option("-c", "--config", default='/etc/yum.conf', help='config file to use (defaults to /etc/yum.conf)') parser.add_option("-a", "--arch", default=None, help='act as if running the specified arch (default: current arch, note: does not override $releasever)') parser.add_option("-r", "--repoid", default=[], action='append', help="specify repo ids to query, can be specified multiple times (default is all enabled)") parser.add_option("-e", "--cachedir", help="directory in which to store metadata") parser.add_option("-t", "--tempcache", default=False, action="store_true", help="Use a temp dir for storing/accessing yum-cache") parser.add_option("-d", "--delete", default=False, action="store_true", help="delete local packages no longer present in repository") parser.add_option("-k", "--package-cache", default=[], dest='pkgcache', action='append', help="additional directory to search for pre-existing packages") parser.add_option("-p", "--download_path", dest='destdir', default=os.getcwd(), help="Path to download packages to: defaults to current dir") parser.add_option("-g", "--gpgcheck", default=False, action="store_true", help="Remove packages that fail GPG signature checking after downloading") parser.add_option("-u", "--urls", default=False, action="store_true", help="Just list urls of what would be downloaded, don't download") parser.add_option("-n", "--newest-only", dest='newest', default=False, action="store_true", help="Download only newest packages per-repo") parser.add_option("-q", "--quiet", default=False, action="store_true", help="Output as little as possible") (opts, args) = parser.parse_args() return (opts, args) def main(): (opts, junk) = parseArgs() if not os.path.exists(opts.destdir) and not opts.urls: try: os.makedirs(opts.destdir) except OSError, e: print >> sys.stderr, "Error: Cannot create destination dir %s" % opts.destdir sys.exit(1) if not os.access(opts.destdir, os.W_OK) and not opts.urls: print >> sys.stderr, "Error: Cannot write to destination dir %s" % opts.destdir sys.exit(1) my = RepoSync(opts=opts) my.doConfigSetup(fn=opts.config, init_plugins=False) # Populate cache of existing download RPMs from other # repositories we can link to pkgcache = {} for dir in opts.pkgcache: cache = localpkgs(dir) for k in cache.keys(): pkgcache[k] = cache[k] # Force unprivileged users to have a private temporary cachedir # if they've not given an explicit cachedir if os.getuid() != 0 and not opts.cachedir: opts.tempcache = True if opts.tempcache: cachedir = getCacheDir() if cachedir is None: print >> sys.stderr, "Error: Could not make cachedir, exiting" sys.exit(50) my.repos.setCacheDir(cachedir) elif opts.cachedir: my.repos.setCacheDir(opts.cachedir) if len(opts.repoid) > 0: myrepos = [] # find the ones we want for glob in opts.repoid: myrepos.extend(my.repos.findRepos(glob)) # disable them all for repo in my.repos.repos.values(): repo.disable() # enable the ones we like for repo in myrepos: repo.enable() # Use progress bar display when downloading repo metadata # and package files if not opts.quiet: my.repos.setProgressBar(TextMeter(fo=sys.stdout)) my.doRpmDBSetup() my.doRepoSetup() my.doSackSetup(rpmUtils.arch.getArchList(opts.arch)) for repo in my.repos.listEnabled(): reposack = ListPackageSack(my.pkgSack.returnPackages(repoid=repo.id)) if opts.newest: download_list = reposack.returnNewestByNameArch() else: download_list = list(reposack) local_repo_path = opts.destdir + '/' + repo.id # make sure the repo subdir is here before we go on. if not os.path.exists(local_repo_path): try: os.makedirs(local_repo_path) except IOError, e: my.logger.error("Could not make repo subdir: %s" % e) my.closeRpmDB() sys.exit(1) # Check if there's any local files no longer on the remote # repo which need purging if opts.delete: current_pkgs = localpkgs(local_repo_path) download_set = {} for pkg in download_list: remote = pkg.returnSimple('relativepath') rpmname = os.path.basename(remote) download_set[rpmname] = 1 for pkg in current_pkgs: if download_set.has_key(pkg): continue if not opts.quiet: my.logger.info("Removing obsolete %s", pkg) os.unlink(current_pkgs[pkg]['path']) download_list.sort(sortPkgObj) n = 0 for pkg in download_list: n = n + 1 repo = my.repos.getRepo(pkg.repoid) remote = pkg.returnSimple('relativepath') rpmname = os.path.basename(remote) local = local_repo_path + '/' + remote localdir = os.path.dirname(local) pkg.localpath = local # Hack: to set the localpath we want. if not os.path.exists(localdir): os.makedirs(localdir) # If we have a local RPM with same name, and it is # on the same storage device, and it has same size # then we can hardlink it into local dir. if (not os.path.exists(local) and pkgcache.has_key(rpmname) and os.stat(local_repo_path).st_dev == pkgcache[rpmname]['device'] and pkgcache[rpmname]['size'] == int(pkg.returnSimple('packagesize'))): if not opts.quiet: my.logger.info("[%s: %-5d of %-5d ] Linking existing %s" % (repo.id, n, len(download_list), remote)) os.link(pkgcache[rpmname]['path'], local) # Optionally check gpg signature of local package if os.path.exists(local) and opts.gpgcheck: result, error = my.sigCheckPkg(pkg) if result != 0: if not opts.quiet: my.logger.error("[%s: %-5d of %-5d ] Removing non-matching %s" % (repo.id, n, len(download_list), remote)) os.unlink(local) # If we have a local pkg with same name, check its size if (os.path.exists(local)): if os.path.getsize(local) == int(pkg.returnSimple('packagesize')): if not opts.quiet: my.logger.error("[%s: %-5d of %-5d ] Skipping existing %s" % (repo.id, n, len(download_list), remote)) continue # If we're just printing URLs, skip to next repo if opts.urls: url = urljoin(repo.urls[0],remote) print '%s' % url continue # Disable cache otherwise things won't download repo.cache = 0 if not opts.quiet: my.logger.info( '[%s: %-5d of %-5d ] Downloading %s' % (repo.id, n, len(download_list), remote)) path = repo.getPackage(pkg) if opts.gpgcheck: result, error = my.sigCheckPkg(pkg) if result != 0: if result == 1: my.logger.warning('Removing %s, due to missing GPG key.' % rpmname) elif result == 2: my.logger.warning('Removing %s due to failed signature check.' % rpmname) else: my.logger.warning('Removing %s due to failed signature check: %s' % (rpmname, error)) os.unlink(path) continue if not os.path.exists(local) or not os.path.samefile(path, local): shutil.copy2(path, local) my.closeRpmDB() if __name__ == "__main__": main() -------------- next part -------------- A non-text attachment was scrubbed... Name: reposync-fedora.sh Type: application/x-sh Size: 1590 bytes Desc: not available URL: From mmorsi at redhat.com Wed Apr 2 00:23:45 2008 From: mmorsi at redhat.com (Mohammed Morsi) Date: Tue, 01 Apr 2008 20:23:45 -0400 Subject: [Ovirt-devel] [patch] Even Better Exceptions For ruby-libvirt bindings In-Reply-To: <20080401210526.GJ31765@redhat.com> References: <47F14A3F.20200@redhat.com> <47F14B47.4000100@redhat.com> <47F15088.8090600@redhat.com> <1206999005.9106.15.camel@localhost.localdomain> <47F26968.9000501@redhat.com> <47F2822D.6020002@redhat.com> <47F2A2FB.1000804@redhat.com> <20080401210526.GJ31765@redhat.com> Message-ID: <47F2D211.3030208@redhat.com> Attached is the new patch incorporating everyone's feedback, specifically: * c_vir_error gone, just was a relic from the last patch * exception attributes are now read only * vir_error attribute changed to libvirt_message. * removed e_OperationError, replaced instances with base e_Error * Cleaned up some of the specific errors * Other specific error info has not been added yet. The current implementation has the basis for adding data to each error. If more granularity is desired, I say we commit what is there now and we can add more info if needed. (specifically relating to the "connection" error which is now thrown by the "open" method, more information can be added to discriminate against, but I need to know specifically what is needed and how it is set (eg. a boolean which I should set upon inspecting the return value of virConnectOpen, the actual return value, etc)). -------------- next part -------------- A non-text attachment was scrubbed... Name: _libvirt.c.patch Type: text/x-patch Size: 22895 bytes Desc: not available URL: From tyan at redhat.com Wed Apr 2 09:01:27 2008 From: tyan at redhat.com (Yan Tian) Date: Wed, 02 Apr 2008 17:01:27 +0800 Subject: [virt-devel] [ovirt-devel] oVirt installation issues In-Reply-To: <47F0E37E.3070206@redhat.com> References: <47F09B34.8080801@redhat.com> <47F0E37E.3070206@redhat.com> Message-ID: <47F34B67.7070508@redhat.com> Hi Perry, I tried on both Weybridge Beta and local machine. Old issues were resolved besides unable to download the kickstart file |http://ovirt.org/download/wui-rel-devel-x86_64.ks|. http://faye.nay.redhat.com/tyan/oVirt/screenshot/1.png Did you use this kickstart file for f8 guest installation? Thanks TianYan|| Perry N. Myers wrote: > Yan Tian wrote: >> Hi all, >> >> Last week we tried to setup the devel env using F8 on Weybridge SDP >> machines, but met with some issues. It was summarized as the >> attachment. Thanks for your help and suggestions. > > TianYan, > > I'll try to assist with some of these issues. As a reminder, all > technical discussions regarding oVirt should happen on ovirt-devel, > since this is a public and open source project. The only issue from > your pdf that should be kept internal and on virt-devel is the issue > that is specific to the Weybridge platform (i.e. #1 in your liest > about the FATAL error) > > Installation on Weybridge: > > 1. Enter the BIOS and in the BIOS change the following settings: > Advanced Tab->Intel AMT Configuration->Intel AMT Support [DISABLED] > Advanced Tab->LT Configuration->LT Initialization [DISABLED] > Advanced Tab->LT Configuration->BIOS AC[CLEAN] [DISABLED] > Advanced Tab->LT Configuration->BIOS AC[CHECK] [DISABLED] > Advanced Tab->CPU Configuration->Vanderpool Technology [ENABLED] > Chipset Tab->North Bridge Configuration->VT-d [ENABLED] > Chipset Tab->South Bridge Configuration->Enable/Disable ICH > Internal Devices->GbE Controller [ENABLED] > Chipset Tab->South Bridge Configuration->Enable/Disable ICH > Internal Devices->GbE LAN Boot [ENABLED] > > Once all of the above BIOS settings are set, save the BIOS config > and reboot. You'll also want to delete any partitions on the system > that have a partition ID of 0x71 or 0x72. These are the partitions > that vPro used and should be deleted for oVirt. > > 2. What version of the BIOS is on the Weybridge in question? Is it > the 961 BIOS? Is this a Weybridge Beta or Weybridge Qual machine? > > What is the ouput of the following commands: > lspci -n | head -1 > (if you see 8086:29c0 you have a Beta, 8086:20b0 is a Qual) > > I've used Fedora 8 and 9 beta on my Weybridge Beta boxes and have not > seen this issue. > > What is the output of > ethtool eth0 > dmesg > > 3. I need more information to assist with this issue. What were the > steps that you followed, so that I can try to reproduce your error. > > 4. We don't run on host systems that are RHEL5.1 presently. Stick to > using host systems that are Fedora 8 (with all updates applied). > > 5. Same thing, use Fedora 8 as the host not RHEL5.1. Also please note > that the standard Fedora 8 DVDs do not work. You need to use the > Fedora Unity respin DVD that is hosted at ovirt.org to install a F8 > guest. This is because the original F8 DVD had an anaconda bug in > it. Please see Mark Wagner's email on ovirt-devel titled, "known > problem when installing a guest from a CD / DVD" > > Installation on local machine: > > 1. Need more details here. Can you provide me the output of the > following commands: > > on the host: > ifconfig > cat /etc/sysconfig/network-scripts/ifcfg-eth0 > cat /etc/sysconfig/network-scripts/ifcfg-dummybridge > brctl show > virsh -c qemu:///system dumpxml > > on the guest: > ifconfig > cat /etc/sysconfig/network-scripts/ifcfg-eth0 > > Thanks, > > Perry > -- ??/Tian Yan Quality Engineer Red Hat China Tel: +86 10 6260 8122 Fax: +86 10 6260 8199 E-mail: tyan at redhat.com From meyering at redhat.com Wed Apr 2 10:22:05 2008 From: meyering at redhat.com (Jim Meyering) Date: Wed, 02 Apr 2008 12:22:05 +0200 Subject: [Ovirt-devel] updated XML-munging dev-install perl script: ovirt-mod-xml.sh Message-ID: <878wzwwo8i.fsf@rho.meyering.net> FYI, last night I updated the XML-munging dev-install perl script, ovirt-mod-xml.sh, to be more robust, and to be a no-op if it's accidentally run more than once (suggestion from Chris Lalancette): http://hg.et.redhat.com/virt/websites/ovirt-web--devel?cs=dec23fa70b33 It's not yet live on the web site, so if there are any bugs, it'd be good to fix them now. This is the script referenced in step #6 on this page: http://ovirt.org/devel-install.html From apevec at redhat.com Wed Apr 2 11:03:29 2008 From: apevec at redhat.com (Alan Pevec) Date: Wed, 02 Apr 2008 13:03:29 +0200 Subject: [virt-devel] [ovirt-devel] oVirt installation issues In-Reply-To: <47F34B67.7070508@redhat.com> References: <47F09B34.8080801@redhat.com> <47F0E37E.3070206@redhat.com> <47F34B67.7070508@redhat.com> Message-ID: <47F36801.4000009@redhat.com> Yan Tian wrote: > I tried on both Weybridge Beta and local machine. Old issues were > resolved besides unable to download the kickstart file > |http://ovirt.org/download/wui-rel-devel-x86_64.ks|. > http://faye.nay.redhat.com/tyan/oVirt/screenshot/1.png Can you access that URL from your host machine? Try: wget -S http://ovirt.org/download/wui-rel-devel-x86_64.ks If that works, please verify libvirt networking config and send us the output of following: # virsh net-list # brctl show # iptables -t nat -nL # iptables -nL # virsh dumpxml developer From mmorsi at redhat.com Wed Apr 2 17:45:19 2008 From: mmorsi at redhat.com (Mohammed Morsi) Date: Wed, 02 Apr 2008 13:45:19 -0400 Subject: [Ovirt-devel] [patch] Even Better Exceptions For ruby-libvirt bindings In-Reply-To: <47F2D211.3030208@redhat.com> References: <47F14A3F.20200@redhat.com> <47F14B47.4000100@redhat.com> <47F15088.8090600@redhat.com> <1206999005.9106.15.camel@localhost.localdomain> <47F26968.9000501@redhat.com> <47F2822D.6020002@redhat.com> <47F2A2FB.1000804@redhat.com> <20080401210526.GJ31765@redhat.com> <47F2D211.3030208@redhat.com> Message-ID: <47F3C62F.1030702@redhat.com> Mohammed Morsi wrote: > Attached is the new patch incorporating everyone's feedback, > specifically: > * c_vir_error gone, just was a relic from the last patch > * exception attributes are now read only > * vir_error attribute changed to libvirt_message. > * removed e_OperationError, replaced instances with base e_Error > * Cleaned up some of the specific errors > * Other specific error info has not been added yet. The current > implementation has the basis for adding data to each error. If more > granularity is desired, I say we commit what is there now and we can > add more info if needed. (specifically relating to the "connection" > error which is now thrown by the "open" method, more information can > be added to discriminate against, but I need to know specifically what > is needed and how it is set (eg. a boolean which I should set upon > inspecting the return value of virConnectOpen, the actual return > value, etc)). > > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Ovirt-devel mailing list > Ovirt-devel at redhat.com > https://www.redhat.com/mailman/listinfo/ovirt-devel Improved patch where I fixed few compilation errors (not sure how they crept in there) -------------- next part -------------- A non-text attachment was scrubbed... Name: _libvirt.c.patch Type: text/x-patch Size: 23567 bytes Desc: not available URL: From dlutter at redhat.com Wed Apr 2 18:03:43 2008 From: dlutter at redhat.com (David Lutterkort) Date: Wed, 02 Apr 2008 11:03:43 -0700 Subject: [Ovirt-devel] [patch] Even Better Exceptions For ruby-libvirt bindings In-Reply-To: <47F3C62F.1030702@redhat.com> References: <47F14A3F.20200@redhat.com> <47F14B47.4000100@redhat.com> <47F15088.8090600@redhat.com> <1206999005.9106.15.camel@localhost.localdomain> <47F26968.9000501@redhat.com> <47F2822D.6020002@redhat.com> <47F2A2FB.1000804@redhat.com> <20080401210526.GJ31765@redhat.com> <47F2D211.3030208@redhat.com> <47F3C62F.1030702@redhat.com> Message-ID: <1207159423.29056.6.camel@localhost.localdomain> On Wed, 2008-04-02 at 13:45 -0400, Mohammed Morsi wrote: > Mohammed Morsi wrote: > > Attached is the new patch incorporating everyone's feedback, > > specifically: Ok ... just committed that. David From jguiditt at redhat.com Thu Apr 3 19:57:03 2008 From: jguiditt at redhat.com (jay) Date: Thu, 03 Apr 2008 15:57:03 -0400 Subject: [Ovirt-devel] [Patch] 1st pass at paging Message-ID: <47F5368F.40606@redhat.com> For this first pass, I added paging to just one place (the host list in pool/show) so everyone could agree/disagree on the path. Once this is set, I can quickly add it in the various places it will be needed. Background: * I am using a rails plugin for the actual pagination called will_paginate. This basically extends active record by adding a wrapper to the find method. The license for this plugin has been approved by Brian Faustyn, who told me it was MIT and should be fine with our gpl code. * For the javascript, I am using jquery and a jquery plugin. These are also MIT licenses. I have not included these libraries in the patch as they are 3rd party code ad I wasn't sure what our process was on that.. Just let me know if anyone wants them included in the patch. -j -------------- next part -------------- A non-text attachment was scrubbed... Name: paging.patch Type: text/x-patch Size: 5364 bytes Desc: not available URL: From sseago at redhat.com Wed Apr 2 21:23:13 2008 From: sseago at redhat.com (Scott Seago) Date: Wed, 02 Apr 2008 17:23:13 -0400 Subject: [Ovirt-devel] [Patch] 1st pass at paging In-Reply-To: <47F5368F.40606@redhat.com> References: <47F5368F.40606@redhat.com> Message-ID: <47F3F941.8030807@redhat.com> jay wrote: > For this first pass, I added paging to just one place (the host list > in pool/show) so everyone could agree/disagree on the path. Once this > is set, I can quickly add it in the various places it will be needed. > Background: > * I am using a rails plugin for the actual pagination called > will_paginate. This basically extends active record by adding a > wrapper to the find method. The license for this plugin has been > approved by Brian Faustyn, who told me it was MIT and should be fine > with our gpl code. > * For the javascript, I am using jquery and a jquery plugin. These > are also MIT licenses. > > I have not included these libraries in the patch as they are 3rd > party code ad I wasn't sure what our process was on that.. Just let > me know if anyone wants them included in the patch. > I think it looks fine overall -- we do need the libraries in the patch, since I think we'd agreed that for the plugin we'd just bundle it with the WUI. So wherever in the rails checkout these need to be we should include them -- in additon to the appropriate license file. We'll also need to update the RPM spec to reflect the fact that we've got MIT and GPL code in there. Scott From jguiditt at redhat.com Thu Apr 3 18:45:41 2008 From: jguiditt at redhat.com (Jason Guiditta) Date: Thu, 03 Apr 2008 14:45:41 -0400 Subject: [Ovirt-devel] [Patch] 1st pass at paging In-Reply-To: <47F3F941.8030807@redhat.com> References: <47F5368F.40606@redhat.com> <47F3F941.8030807@redhat.com> Message-ID: <47F525D5.6030301@redhat.com> Scott Seago wrote: > jay wrote: >> For this first pass, I added paging to just one place (the host list >> in pool/show) so everyone could agree/disagree on the path. Once this >> is set, I can quickly add it in the various places it will be >> needed. Background: >> * I am using a rails plugin for the actual pagination called >> will_paginate. This basically extends active record by adding a >> wrapper to the find method. The license for this plugin has been >> approved by Brian Faustyn, who told me it was MIT and should be fine >> with our gpl code. >> * For the javascript, I am using jquery and a jquery plugin. These >> are also MIT licenses. >> >> I have not included these libraries in the patch as they are 3rd >> party code ad I wasn't sure what our process was on that.. Just let >> me know if anyone wants them included in the patch. >> > I think it looks fine overall -- we do need the libraries in the > patch, since I think we'd agreed that for the plugin we'd just bundle > it with the WUI. So wherever in the rails checkout these need to be we > should include them -- in additon to the appropriate license file. > We'll also need to update the RPM spec to reflect the fact that we've > got MIT and GPL code in there. > > Scott I'm back from the future, and I brought a patch for the new libraries with me! I kept it separate from the original, so it wouldn't be too huge, but let me know if it would be better to combine them. Licenses are included with the appropriate code. Let me know how the spec should be changed if you want me to do that, and I will send along a patch for that as well. Lastly, yes, we agreed these would be bundled in the wui app (plugins go in vendor/plugins) and the patch should reflect the correct info there. -------------- next part -------------- A non-text attachment was scrubbed... Name: plugin_and_js.patch Type: text/x-patch Size: 118166 bytes Desc: not available URL: From pmyers at redhat.com Thu Apr 3 19:25:20 2008 From: pmyers at redhat.com (Perry N. Myers) Date: Thu, 03 Apr 2008 15:25:20 -0400 Subject: [Ovirt-devel] [PATCH] Change default rootpw for kickstarts to 'ovirt' for development Message-ID: <47F52F20.40907@redhat.com> Signed-off-by: Perry Myers diff --git a/ovirt-host-creator/common-install.ks b/ovirt-host-creator/common-install.ks index 828d265..6933cd3 100644 --- a/ovirt-host-creator/common-install.ks +++ b/ovirt-host-creator/common-install.ks @@ -7,9 +7,10 @@ firewall --disabled part / --size 450 services --enabled=ntpd,collectd,iptables bootloader --timeout=1 +rootpw ovirt repo --name=f8 --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-8&arch=$basearch repo --name=f8-updates --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f8&arch=$basearch # Not using rawhide currently #repo --name=rawhide --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=$basearch -repo --name=ovirt-host --baseurl=http://ovirt.et.redhat.com/repos/ovirt-host-repo/$basearch/ \ No newline at end of file +repo --name=ovirt-host --baseurl=http://ovirt.et.redhat.com/repos/ovirt-host-repo/$basearch/ diff --git a/wui-appliance/appliance-doc b/wui-appliance/appliance-doc index 68311ca..0422dbf 100644 --- a/wui-appliance/appliance-doc +++ b/wui-appliance/appliance-doc @@ -64,7 +64,7 @@ cdrom lang en_US.UTF-8 keyboard us network --device eth0 --bootproto dhcp -rootpw --iscrypted $1$HNOucon/$m69RprODwQn4XjzVUi9TU0 +rootpw ovirt firewall --enabled --port=22:tcp authconfig --enableshadow --enablemd5 selinux --enforcing diff --git a/wui-appliance/common-install.ks b/wui-appliance/common-install.ks index cdf423b..b29e85d 100644 --- a/wui-appliance/common-install.ks +++ b/wui-appliance/common-install.ks @@ -1,7 +1,7 @@ lang en_US.UTF-8 keyboard us network --device eth0 --bootproto dhcp -rootpw --iscrypted $1$HNOucon/$m69RprODwQn4XjzVUi9TU0 +rootpw ovirt firewall --disabled authconfig --enableshadow --enablemd5 selinux --disabled From clalance at redhat.com Thu Apr 3 19:28:38 2008 From: clalance at redhat.com (Chris Lalancette) Date: Thu, 03 Apr 2008 15:28:38 -0400 Subject: [Ovirt-devel] [PATCH] Change default rootpw for kickstarts to 'ovirt' for development In-Reply-To: <47F52F20.40907@redhat.com> References: <47F52F20.40907@redhat.com> Message-ID: <47F52FE6.80703@redhat.com> Perry N. Myers wrote: > Signed-off-by: Perry Myers > > diff --git a/ovirt-host-creator/common-install.ks b/ovirt-host-creator/common-install.ks > index 828d265..6933cd3 100644 > --- a/ovirt-host-creator/common-install.ks > +++ b/ovirt-host-creator/common-install.ks > @@ -7,9 +7,10 @@ firewall --disabled > part / --size 450 > services --enabled=ntpd,collectd,iptables > bootloader --timeout=1 > +rootpw ovirt Good, this makes debugging easier on the host side, and makes it the same as the WUI side. ACK Chris Lalancette From pmyers at redhat.com Fri Apr 4 00:13:01 2008 From: pmyers at redhat.com (Perry N. Myers) Date: Thu, 03 Apr 2008 20:13:01 -0400 Subject: [Ovirt-devel] [PATCH] fix ntp for the managed node and add ntp to default dhcp for dev app Message-ID: <47F5728D.7080706@redhat.com> ntpdate on the hosts only runs if there is something in /etc/ntp/step-tickers. The managed node doesn't have anything in there presently. If ntpdate doesn't run at startup, ntpd may refuse to synchronize with ntp servers if the time differential is too great. If clocks are not synchronized, kerberos fails which in turn makes libvirt comms fail. This patch adds dhclient exit hooks capability for setting step-tickers using the dhcp ntp-servers field. In addition ovirtbr0 has PEERNTP set which enables /etc/ntp.conf setting. For the developer setup, the dev wui host has dhcp set to send option ntp-servers so that nodes can get it as their ntp server (since nodes can't access the outside world) Signed-off-by: Perry Myers diff --git a/ovirt-host-creator/common-post.ks b/ovirt-host-creator/common-post.ks index a387bdf..6ebfe2c 100644 --- a/ovirt-host-creator/common-post.ks +++ b/ovirt-host-creator/common-post.ks @@ -44,7 +44,7 @@ libvirt-auth-method' BRIDGE=ovirtbr`echo $eth | cut -b4-` echo -e "DEVICE=$eth\nONBOOT=yes\nBRIDGE=$BRIDGE" \ > /etc/sysconfig/network-scripts/ifcfg-$eth - echo -e "DEVICE=$BRIDGE\nBOOTPROTO=dhcp\nONBOOT=yes\nTYPE=Bridge" \ + echo -e "DEVICE=$BRIDGE\nBOOTPROTO=dhcp\nONBOOT=yes\nTYPE=Bridge\nPEERNTP=yes" \ > /etc/sysconfig/network-scripts/ifcfg-$BRIDGE printf 'DHCLIENTARGS="-R %s"\n' $(printf "$dhcp_options"|tr '\n' ,)\ >> /etc/sysconfig/network-scripts/ifcfg-$BRIDGE @@ -136,6 +136,12 @@ if [ -n "$new_libvirt_auth_method" ]; then fi fi fi + +if [ -n "$new_ntp_servers" ]; then + for ntp_server in $new_ntp_servers; do + echo "$ntp_server" >> /etc/ntp/step-tickers + done +fi EOF chmod +x /etc/dhclient-exit-hooks diff --git a/wui-appliance/devel-post.ks b/wui-appliance/devel-post.ks index 3f03dbb..77ab16d 100644 --- a/wui-appliance/devel-post.ks +++ b/wui-appliance/devel-post.ks @@ -23,6 +23,7 @@ option libvirt-auth-method code 202 = text; subnet 192.168.50.0 netmask 255.255.255.0 { option domain-name "priv.ovirt.org"; option domain-name-servers 192.168.50.2; + option ntp-servers 192.168.50.2; next-server 192.168.50.2; option routers 192.168.50.1; option libvirt-auth-method "krb5:192.168.50.2:8089/config"; From imain at redhat.com Fri Apr 4 00:11:17 2008 From: imain at redhat.com (Ian Main) Date: Thu, 3 Apr 2008 17:11:17 -0700 Subject: [Ovirt-devel] [PATCH] Change default rootpw for kickstarts to 'ovirt' for development In-Reply-To: <47F52FE6.80703@redhat.com> References: <47F52F20.40907@redhat.com> <47F52FE6.80703@redhat.com> Message-ID: <20080403171117.4b9423c1@tp> On Thu, 03 Apr 2008 15:28:38 -0400 Chris Lalancette wrote: > Perry N. Myers wrote: > > Signed-off-by: Perry Myers > > > > diff --git a/ovirt-host-creator/common-install.ks b/ovirt-host-creator/common-install.ks > > index 828d265..6933cd3 100644 > > --- a/ovirt-host-creator/common-install.ks > > +++ b/ovirt-host-creator/common-install.ks > > @@ -7,9 +7,10 @@ firewall --disabled > > part / --size 450 > > services --enabled=ntpd,collectd,iptables > > bootloader --timeout=1 > > +rootpw ovirt > > Good, this makes debugging easier on the host side, and makes it the same as the > WUI side. Also apparently a necessity for f9 beta.. it sets it to * by default (can't log in). Another ACK just for fun! :) Ian From pmyers at redhat.com Fri Apr 4 01:18:07 2008 From: pmyers at redhat.com (Perry N. Myers) Date: Thu, 03 Apr 2008 21:18:07 -0400 Subject: [Ovirt-devel] [PATCH] restructure wui kickstarts and create setup scripts for RPM Message-ID: <47F581CF.8030501@redhat.com> Restructured the wui production and devel kickstart posts so that most of the functionality is moved into two scripts (ovirt-add-host and ovirt-wui-install). The post sections now contain just those steps that are specific to creating a production or development appliance. This way, users who want to install on existing OSs can just run ovirt-wui-install manually. Spec file is updated to pull in the new scripts and omit the outdated scripts. Removed the references to the FreeIPA F7 repo, since those RPMs were very out of date. Until we move to F9, we need to put the ipa RPMs into the ovirt-management repository. NOTE: The ovirt-fix-ipa script is a temporary hack so that the ipa server can run on the same host as the oVirt WUI. As soon as we get RPMs from FreeIPA that have the ipa server running in /ipa this will go away. This seems like a huge patch, but a lot of it is moving blocks of code from the .ks files to other scripts. Most of the functionality is maintained. Signed-off-by: Perry Myers diff --git a/wui-appliance/common-post.ks b/wui-appliance/common-post.ks index 9b1efa6..3bd6b4d 100644 --- a/wui-appliance/common-post.ks +++ b/wui-appliance/common-post.ks @@ -19,94 +19,45 @@ cat < /etc/issue EOF cp /etc/issue /etc/issue.net -# postgres commands used at first boot to setup the database -cat > /usr/share/ovirt-wui/psql.cmds << \EOF -CREATE USER ovirt WITH PASSWORD 'v23zj59an'; -CREATE DATABASE ovirt; -GRANT ALL PRIVILEGES ON DATABASE ovirt to ovirt; -CREATE DATABASE ovirt_test; -GRANT ALL PRIVILEGES ON DATABASE ovirt_test to ovirt; -EOF -chmod a+r /usr/share/ovirt-wui/psql.cmds - -# turn on tftp in xinetd -sed -i -e 's/\(.*\)disable\(.*\)= yes/\1disable\2= no/' /etc/xinetd.d/tftp - -# setup an NTP step-ticker -echo "0.fedora.pool.ntp.org" >> /etc/ntp/step-tickers - -# setup gssapi in the mech_list -if [ `egrep -c '^mech_list: gssapi' /etc/sasl2/libvirt.conf` -eq 0 ]; then - sed -i -e 's/^\([[:space:]]*mech_list.*\)/#\1/' /etc/sasl2/libvirt.conf - echo "mech_list: gssapi" >> /etc/sasl2/libvirt.conf -fi - -# a script to create the default principals we need -cat > /root/create_default_principals.py << \EOF -#!/usr/bin/python - -import krbV -import os, string, re -import socket -import shutil - -def kadmin_local(command): - ret = os.system("/usr/kerberos/sbin/kadmin.local -q '" + command + "'") - if ret != 0: - raise - -default_realm = krbV.Context().default_realm - -# here, generate the libvirt/ principle for this machine, necessary -# for taskomatic and host-browser -this_libvirt_princ = 'libvirt/' + socket.gethostname() + '@' + default_realm -kadmin_local('addprinc -randkey +requires_preauth ' + this_libvirt_princ) -kadmin_local('ktadd -k /usr/share/ovirt-wui/ovirt.keytab ' + this_libvirt_princ) - -# We need to replace the KrbAuthRealms in the ovirt-wui http configuration -# file to be the correct Realm (i.e. default_realm) -ovirtconfname = '/etc/httpd/conf.d/ovirt-wui.conf' -ipaconfname = '/etc/httpd/conf.d/ipa.conf' - -# make sure we skip this on subsequent runs of this script -if string.find(file(ipaconfname, 'rb').read(), '') < 0: - ipaconf = open(ipaconfname, 'r') - ipatext = ipaconf.readlines() - ipaconf.close() - - ipaconf2 = open(ipaconfname, 'w') - print >>ipaconf2, "Listen 8089" - print >>ipaconf2, "NameVirtualHost *:8089" - print >>ipaconf2, "" - for line in ipatext: - newline = re.sub(r'(.*RewriteCond %{HTTP_HOST}.*)', r'#\1', line) - newline = re.sub(r'(.*RewriteRule \^/\(.*\).*)', r'#\1', newline) - newline = re.sub(r'(.*RewriteCond %{SERVER_PORT}.*)', r'#\1', newline) - newline = re.sub(r'(.*RewriteCond %{REQUEST_URI}.*)', r'#\1', newline) - ipaconf2.write(newline) - print >>ipaconf2, "" - ipaconf2.close() - -ovirtconf = open(ovirtconfname, 'r') -ovirttext = ovirtconf.readlines() -ovirtconf.close() - -ovirtconf2 = open(ovirtconfname, 'w') -for line in ovirttext: - newline = re.sub(r'(.*)KrbAuthRealms.*', r'\1KrbAuthRealms ' + default_realm, line) - ovirtconf2.write(newline) -ovirtconf2.close() -EOF -chmod +x /root/create_default_principals.py - -# set up the yum repos -cat > /etc/yum.repos.d/freeipa.repo << \EOF -[freeipa] -name=FreeIPA Development -baseurl=http://freeipa.com/downloads/devel/rpms/F7/$basearch/ -enabled=1 -gpgcheck=0 +cat > /etc/init.d/ovirt-wui-first-run << \EOF +#!/bin/bash +# +# ovirt-wui-first-run First run configuration for Ovirt WUI appliance +# +# chkconfig: 3 96 01 +# description: ovirt wui appliance first run configuration +# + +# Source functions library +. /etc/init.d/functions + +start() { + echo -n "Starting ovirt-wui-first-run: " + + /usr/bin/ovirt-wui-install > /var/log/ovirt-wui-first-run.log 2>&1 + + RETVAL=$? + if [ $RETVAL -eq 0 ]; then + echo_success + else + echo_failure + fi + echo +} + +case "$1" in + start) + start + ;; + *) + echo "Usage: ovirt-wui-first-run {start}" + exit 2 +esac + +/sbin/chkconfig ovirt-wui-first-run off EOF +chmod +x /etc/init.d/ovirt-wui-first-run +/sbin/chkconfig ovirt-wui-first-run on cat > /etc/yum.repos.d/ovirt-management.repo << \EOF [ovirt-management] diff --git a/wui-appliance/devel-post.ks b/wui-appliance/devel-post.ks index e6df344..7494506 100644 --- a/wui-appliance/devel-post.ks +++ b/wui-appliance/devel-post.ks @@ -167,13 +167,13 @@ chmod +x /etc/dhclient-exit-hooks # make sure that we get a kerberos principal on every boot echo "/etc/cron.hourly/ovirtadmin.cron" >> /etc/rc.d/rc.local -cat > /etc/init.d/ovirt-app-first-run << \EOF +cat > /etc/init.d/ovirt-wui-dev-first-run << \EOF #!/bin/bash # -# ovirt-app-first-run First run configuration for Ovirt WUI appliance +# ovirt-wui-dev-first-run First run configuration for Ovirt WUI Dev appliance # -# chkconfig: 3 99 01 -# description: ovirt appliance first run configuration +# chkconfig: 3 95 01 +# description: ovirt dev wui appliance first run configuration # # Source functions library @@ -182,35 +182,17 @@ cat > /etc/init.d/ovirt-app-first-run << \EOF KADMIN=/usr/kerberos/sbin/kadmin.local start() { - echo -n "Starting ovirt-app-first-run: " + echo -n "Starting ovirt-dev-wui-first-run: " ( # set up freeipa - /usr/sbin/ipa-server-install -r PRIV.OVIRT.ORG -p ovirtwui -P ovirtwui -a ovirtwui --hostname management.priv.ovirt.org -u admin -U + /usr/sbin/ipa-server-install -r PRIV.OVIRT.ORG -p ovirtwui -P ovirtwui -a ovirtwui --hostname management.priv.ovirt.org -u dirsrv -U # now create the ovirtadmin user $KADMIN -q 'addprinc -randkey ovirtadmin at PRIV.OVIRT.ORG' $KADMIN -q 'ktadd -k /usr/share/ovirt-wui/ovirtadmin.tab ovirtadmin at PRIV.OVIRT.ORG' /etc/cron.hourly/ovirtadmin.cron - /root/create_default_principals.py - - # create_default_principals munges the apache config, so we have to - # restart it here - service httpd restart - - service postgresql initdb - echo "local all all trust" > /var/lib/pgsql/data/pg_hba.conf - echo "host all all 127.0.0.1 255.255.255.0 trust" >> /var/lib/pgsql/data/pg_hba.conf - service postgresql start - - su - postgres -c "/usr/bin/psql -f /usr/share/ovirt-wui/psql.cmds" - - cd /usr/share/ovirt-wui ; rake db:migrate - /usr/bin/ovirt_grant_admin_privileges.sh ovirtadmin - - service ovirt-wui restart - - ) > /root/ovirt-app-first-run.log 2>&1 + ) > /var/log/ovirt-wui-dev-first-run.log 2>&1 RETVAL=$? if [ $RETVAL -eq 0 ]; then echo_success @@ -225,14 +207,14 @@ case "$1" in start ;; *) - echo "Usage: ovirt {start}" + echo "Usage: ovirt-wui-dev-first-run {start}" exit 2 esac -/sbin/chkconfig ovirt-app-first-run off +/sbin/chkconfig ovirt-wui-dev-first-run off EOF -chmod +x /etc/init.d/ovirt-app-first-run -/sbin/chkconfig ovirt-app-first-run on +chmod +x /etc/init.d/ovirt-wui-dev-first-run +/sbin/chkconfig ovirt-wui-dev-first-run on # Setup the iscsi stuff to be ready on each boot. Since tgtadm does not use # a config file append what we need to the rc.local file. Note that this for diff --git a/wui-appliance/production-post.ks b/wui-appliance/production-post.ks index 875f391..e69de29 100644 --- a/wui-appliance/production-post.ks +++ b/wui-appliance/production-post.ks @@ -1,76 +0,0 @@ -cat > /root/add_host_principal.py << \EOF -#!/usr/bin/python - -import krbV -import os -import socket -import shutil -import sys - -def kadmin_local(command): - ret = os.system("/usr/kerberos/sbin/kadmin.local -q '" + command + "'") - if ret != 0: - raise - -def get_ip(hostname): - return socket.gethostbyname(hostname) - -if len(sys.argv) != 2: - print "Usage: add_host_principal.py " - sys.exit(1) - - -default_realm = krbV.Context().default_realm - -ipaddr = get_ip(sys.argv[1]) - -libvirt_princ = 'libvirt/' + sys.argv[1] + '@' + default_realm -outname = '/usr/share/ipa/html/' + ipaddr + '-libvirt.tab' - -# here, generate the libvirt/ principle for this machine, necessary -# for taskomatic and host-browser -kadmin_local('addprinc -randkey +requires_preauth ' + libvirt_princ) -kadmin_local('ktadd -k ' + outname + ' ' + libvirt_princ) - -# make sure it is readable by apache -os.chmod(outname, 0644) -EOF -chmod +x /root/add_host_principal.py - -cat > /etc/init.d/ovirt-app-first-run << \EOF -#!/bin/bash -# -# ovirt-app-first-run First run configuration for Ovirt WUI appliance -# -# chkconfig: 3 99 01 -# description: ovirt appliance first run configuration -# - -# Source functions library -. /etc/init.d/functions - -start() { - service postgresql initdb - echo "local all all trust" > /var/lib/pgsql/data/pg_hba.conf - echo "host all all 127.0.0.1 255.255.255.0 trust" >> /var/lib/pgsql/data/pg_hba.conf - service postgresql start - - su - postgres -c "/usr/bin/psql -f /usr/share/ovirt-wui/psql.cmds" - - cd /usr/share/ovirt-wui ; rake db:migrate - /usr/bin/ovirt_grant_admin_privileges.sh admin -} - -case "$1" in - start) - start - ;; - *) - echo "Usage: ovirt {start}" - exit 2 -esac - -chkconfig ovirt-app-first-run off -EOF -chmod +x /etc/init.d/ovirt-app-first-run -/sbin/chkconfig ovirt-app-first-run on \ No newline at end of file diff --git a/wui-appliance/wui-app-i386.ks b/wui-appliance/wui-app-i386.ks index 4d53c0b..38f80d4 100644 --- a/wui-appliance/wui-app-i386.ks +++ b/wui-appliance/wui-app-i386.ks @@ -8,7 +8,6 @@ url --url http://download.fedora.redhat.com/pub/fedora/linux/releases/8/Fedora/i repo --name=f8 --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-8&arch=i386 repo --name=f8-updates --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f8&arch=i386 -repo --name=freeipa --baseurl=http://freeipa.com/downloads/devel/rpms/F7/i386/ --includepkgs=ipa* repo --name=ovirt-management --baseurl=http://ovirt.et.redhat.com/repos/ovirt-management-repo/i386/ %packages diff --git a/wui-appliance/wui-app-x86_64.ks b/wui-appliance/wui-app-x86_64.ks index 6d192b3..4dfa1a3 100644 --- a/wui-appliance/wui-app-x86_64.ks +++ b/wui-appliance/wui-app-x86_64.ks @@ -7,7 +7,6 @@ url --url http://download.fedora.redhat.com/pub/fedora/linux/releases/8/Fedora/x repo --name=f8 --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-8&arch=x86_64 repo --name=f8-updates --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f8&arch=x86_64 -repo --name=freeipa --baseurl=http://freeipa.com/downloads/devel/rpms/F7/x86_64/ --includepkgs=ipa* repo --name=ovirt-management --baseurl=http://ovirt.et.redhat.com/repos/ovirt-management-repo/x86_64/ %packages diff --git a/wui-appliance/wui-devel-i386.ks b/wui-appliance/wui-devel-i386.ks index 4b3502f..f552521 100644 --- a/wui-appliance/wui-devel-i386.ks +++ b/wui-appliance/wui-devel-i386.ks @@ -12,7 +12,6 @@ logvol /iscsi5 --name=iSCSI5 --vgname=VolGroup00 --size=64 --grow repo --name=f8 --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-8&arch=i386 repo --name=f8-updates --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f8&arch=i386 -repo --name=freeipa --baseurl=http://freeipa.com/downloads/devel/rpms/F7/i386/ --includepkgs=ipa* repo --name=ovirt-management --baseurl=http://ovirt.et.redhat.com/repos/ovirt-management-repo/i386/ %packages diff --git a/wui-appliance/wui-devel-x86_64.ks b/wui-appliance/wui-devel-x86_64.ks index 871ca87..e4b7076 100644 --- a/wui-appliance/wui-devel-x86_64.ks +++ b/wui-appliance/wui-devel-x86_64.ks @@ -12,7 +12,6 @@ logvol /iscsi5 --name=iSCSI5 --vgname=VolGroup00 --size=64 --grow repo --name=f8 --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-8&arch=x86_64 repo --name=f8-updates --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f8&arch=x86_64 -repo --name=freeipa --baseurl=http://freeipa.com/downloads/devel/rpms/F7/x86_64/ --includepkgs=ipa* repo --name=ovirt-management --baseurl=http://ovirt.et.redhat.com/repos/ovirt-management-repo/x86_64/ %packages diff --git a/wui/ovirt-wui.spec b/wui/ovirt-wui.spec index a627a73..d8a21fa 100644 --- a/wui/ovirt-wui.spec +++ b/wui/ovirt-wui.spec @@ -83,9 +83,9 @@ touch %{buildroot}%{_localstatedir}/log/%{name}/host-status.log %{__rm} -f %{buildroot}%{app_root}/host-browser/*.c %{__rm} -f %{buildroot}%{app_root}/task-omatic/.gitignore -%{__cp} -a %{pbuild}/scripts/ovirt_create_db.sh %{buildroot}%{_bindir} -%{__cp} -a %{pbuild}/scripts/ovirt_grant_admin_privileges.sh %{buildroot}%{_bindir} -%{__cp} -a %{pbuild}/scripts/ovirt_reset_db.sh %{buildroot}%{_bindir} +%{__cp} -a %{pbuild}/scripts/ovirt-add-host %{buildroot}%{_bindir} +%{__cp} -a %{pbuild}/scripts/ovirt-wui-install %{buildroot}%{_bindir} +%{__cp} -a %{pbuild}/scripts/ovirt-fix-ipa %{buildroot}%{_bindir} %{__rm} -rf %{buildroot}%{app_root}/tmp %{__mkdir} %{buildroot}%{_localstatedir}/lib/%{name}/tmp %{__ln_s} %{_localstatedir}/lib/%{name}/tmp %{buildroot}%{app_root}/tmp @@ -96,9 +96,9 @@ rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,0755) -%{_bindir}/ovirt_create_db.sh -%{_bindir}/ovirt_grant_admin_privileges.sh -%{_bindir}/ovirt_reset_db.sh +%{_bindir}/ovirt-wui-install +%{_bindir}/ovirt-add-host +%{_bindir}/ovirt-fix-ipa %{_initrddir}/%{name} %config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf %doc diff --git a/wui/scripts/ovirt-add-host b/wui/scripts/ovirt-add-host new file mode 100755 index 0000000..700e2ac --- /dev/null +++ b/wui/scripts/ovirt-add-host @@ -0,0 +1,38 @@ +#!/usr/bin/python + +import krbV +import os +import socket +import shutil +import sys + +def kadmin_local(command): + ret = os.system("/usr/kerberos/sbin/kadmin.local -q '" + command + "'") + if ret != 0: + raise + +def get_ip(hostname): + return socket.gethostbyname(hostname) + +if len(sys.argv) < 2: + print "Usage: ovirt-add-host hostname [outfile]" + sys.exit(1) + +default_realm = krbV.Context().default_realm + +ipaddr = get_ip(sys.argv[1]) + +libvirt_princ = 'libvirt/' + sys.argv[1] + '@' + default_realm +if len(sys.argv) > 2: + outname = sys.argv[2] +else: + outname = '/usr/share/ipa/html/' + ipaddr + '-libvirt.tab' + +# here, generate the libvirt/ principle for this machine, necessary +# for taskomatic and host-browser +kadmin_local('addprinc -randkey +requires_preauth ' + libvirt_princ) +kadmin_local('ktadd -k ' + outname + ' ' + libvirt_princ) + +if len(sys.argv) <= 2: + # make sure it is readable by apache + os.chmod(outname, 0644) diff --git a/wui/scripts/ovirt-fix-ipa b/wui/scripts/ovirt-fix-ipa new file mode 100755 index 0000000..9e4aa14 --- /dev/null +++ b/wui/scripts/ovirt-fix-ipa @@ -0,0 +1,28 @@ +#!/usr/bin/python + +import os, string, re + +ipaConfName = '/etc/httpd/conf.d/ipa.conf' +ipaRewriteConfName = '/etc/httpd/conf.d/ipa-rewrite.conf' + +# make sure we skip this on subsequent runs of this script +if string.find(file(ipaConfName, 'rb').read(), '') < 0: + ipaConf = open(ipaConfName, 'r') + ipaText = ipaConf.readlines() + ipaConf.close() + + ipaConf2 = open(ipaConfName, 'w') + print >>ipaConf2, "Listen 8089" + print >>ipaConf2, "NameVirtualHost *:8089" + print >>ipaConf2, "" + for line in ipaText: + ipaConf2.write(line) + print >>ipaConf2, "" + ipaConf2.close() + +if os.path.isfile(ipaRewriteConfName): + os.remove(ipaRewriteConfName) + ipaRewriteConf = open(ipaRewriteConfName, 'w') + print >>ipaRewriteConf, "" + ipaRewriteConf.close() + diff --git a/wui/scripts/ovirt-wui-install b/wui/scripts/ovirt-wui-install new file mode 100755 index 0000000..4462b6a --- /dev/null +++ b/wui/scripts/ovirt-wui-install @@ -0,0 +1,121 @@ +#!/bin/bash + +OVIRT_DIR=/usr/share/ovirt-wui +OVIRT_CFG=/etc/ovirt-wui + +DATABASE=ovirt +USERNAME=ovirt + +EXISTS_FILE=${OVIRT_CFG}/db/exists +PW_FILE=${OVIRT_CFG}/db/dbaccess +STEP_TICKER=0.fedora.pool.ntp.org +STEP_FILE=/etc/ntp/step-tickers +SASL_FILE=/etc/sasl2/libvirt.conf + +DISABLE_SVCS="libvirtd" +ENABLE_SVCS="ntpd httpd postgresql ovirt-wui" + +usage() { + echo "usage: $0 [-p password]" + echo " -p : password to use for database connections, if omitted" + echo " a random password will be generated" + exit 1 +} >&2 + +PASSWD= +for i ; do + case $1 in + -p) + [ $# -lt 2 ] && usage + PASSWD="$2" + shift; shift;; + -?|-*) + usage;; + esac +done + +{ +for svc in $DISABLE_SVCS ; do + chkconfig $svc off + service $svc off +done + +for svc in $ENABLE_SVCS ; do + chkconfig $svc on +done +} > /dev/null 2>&1 + +# setup an NTP step-ticker +if [ -f $STEP_FILE ]; then + if ! grep "^$${STEP_TICKER}$" $STEP_FILE > /dev/null 2>&1 ; then + echo $STEP_TICKER >> $STEP_FILE + fi +fi + +# setup gssapi in the mech_list +if [ `egrep -c '^mech_list: gssapi' $SASL_FILE` -eq 0 ]; then + sed -i -e 's/^\([[:space:]]*mech_list.*\)/#\1/' $SASL_FILE + echo "mech_list: gssapi" >> $SASL_FILE +fi + +service postgresql stop > /dev/null 2>&1 +service postgresql initdb > /dev/null 2>&1 +echo "local all all trust" > /var/lib/pgsql/data/pg_hba.conf +echo "host all all 127.0.0.1 255.255.255.0 trust" >> /var/lib/pgsql/data/pg_hba.conf +service postgresql stop > /dev/null 2>&1 +service postgresql start +[ $? != 0 ] && echo "Failed to start database" && exit 1 + +if [ -z $PASSWD ]; then + # generate random pg user password + PASSWD=$(/usr/bin/pwgen -1 -n 8 -s) +fi + +echo -e "${PASSWD}\n" > $PW_FILE + +# drop old db +su - postgres -c "/usr/bin/dropdb $DATABASE > /dev/null 2>&1" + +# create new DB +su - postgres -c "/usr/bin/createdb $DATABASE" +[ $? != 0 ] && echo "Failed to create database $DATABASE" && exit 1 + +su - postgres -c "psql --dbname $DATABASE < /dev/null 2>&1 + +su - postgres -c "psql --dbname $DATABASE < $PW_FILE - -#drop old db -/usr/bin/dropdb $DATABASE - -#create new DB -/usr/bin/createdb $DATABASE - - -psql --dbname $DATABASE < Attached is the patch containing the first set of test fixtures. There isn't a huge collection of them yet, but I tried to make sure I covered every possible data relationship. The tests still fail, quite ugly might I add, and I started checking in small improvements to the actual cases to start getting them to work. -------------- next part -------------- A non-text attachment was scrubbed... Name: test.patch Type: text/x-patch Size: 16730 bytes Desc: not available URL: From pmyers at redhat.com Fri Apr 4 07:05:47 2008 From: pmyers at redhat.com (Perry N. Myers) Date: Fri, 04 Apr 2008 03:05:47 -0400 Subject: [Ovirt-devel] [PATCH] add tftp enable back in In-Reply-To: <47F581CF.8030501@redhat.com> References: <47F581CF.8030501@redhat.com> Message-ID: <47F5D34B.9000103@redhat.com> The previous patch inadvertently removed the tftp enable from the devel kickstart. This adds it back in... diff --git a/wui-appliance/devel-post.ks b/wui-appliance/devel-post.ks index 7494506..e1c7433 100644 --- a/wui-appliance/devel-post.ks +++ b/wui-appliance/devel-post.ks @@ -9,6 +9,9 @@ HWADDR=00:16:3E:12:34:56 ONBOOT=yes EOF +# turn on tftp in xinetd +sed -i -e 's/\(.*\)disable\(.*\)= yes/\1disable\2= no/' /etc/xinetd.d/tftp + # make sure our "hostname" resolves to management.priv.ovirt.org sed -i -e 's/^HOSTNAME.*/HOSTNAME=management.priv.ovirt.org/' /etc/sysconfig/network From pmyers at redhat.com Fri Apr 4 07:10:38 2008 From: pmyers at redhat.com (Perry N. Myers) Date: Fri, 04 Apr 2008 03:10:38 -0400 Subject: [Ovirt-devel] [PATCH] get rid of dhcp-hooks and use DNS SRV records Message-ID: <47F5D46E.2090508@redhat.com> Remove use of dhcp options for communicating the location of services to the managed node. Instead this is done using DNS SRV records. dhcp exit hooks are only used for setting step-tickers now. The managed node moves most of what was in exit hooks to a new init script called ovirt. The devel wui setup now adds the DNS SRV records to the default DNS zone file. Signed-off-by: Perry Myers diff --git a/ovirt-host-creator/common-pkgs.ks b/ovirt-host-creator/common-pkgs.ks index 62d47dc..196373a 100644 --- a/ovirt-host-creator/common-pkgs.ks +++ b/ovirt-host-creator/common-pkgs.ks @@ -21,6 +21,7 @@ cyrus-sasl-lib collectd tftp nc +bind-utils -policycoreutils -audit-libs-python -hdparm diff --git a/ovirt-host-creator/common-post.ks b/ovirt-host-creator/common-post.ks index 6ebfe2c..146889a 100644 --- a/ovirt-host-creator/common-post.ks +++ b/ovirt-host-creator/common-post.ks @@ -26,18 +26,6 @@ cat > /etc/init.d/ovirt-early << \EOF start() { -dhcp_options='subnet-mask -broadcast-address -time-offset -routers -domain-name -domain-name-servers -host-name -nis-domain -nis-servers -ntp-servers -libvirt-auth-method' - # find all of the ethernet devices in the system ETHDEVS=$(cd /sys/class/net && ls -d eth*) for eth in $ETHDEVS; do @@ -46,8 +34,6 @@ libvirt-auth-method' > /etc/sysconfig/network-scripts/ifcfg-$eth echo -e "DEVICE=$BRIDGE\nBOOTPROTO=dhcp\nONBOOT=yes\nTYPE=Bridge\nPEERNTP=yes" \ > /etc/sysconfig/network-scripts/ifcfg-$BRIDGE - printf 'DHCLIENTARGS="-R %s"\n' $(printf "$dhcp_options"|tr '\n' ,)\ - >> /etc/sysconfig/network-scripts/ifcfg-$BRIDGE done # find all of the partitions on the system @@ -75,24 +61,12 @@ libvirt-auth-method' done } -stop() { - # nothing to do - return -} - case "$1" in start) start ;; - stop) - stop - ;; - restart) - stop - start - ;; *) - echo "Usage: ovirt-early {start|stop|restart}" + echo "Usage: ovirt-early {start}" exit 2 esac EOF @@ -103,40 +77,7 @@ chmod +x /etc/init.d/ovirt-early # just to get a boot warning to shut up touch /etc/resolv.conf -echo "Setting up dhclient" -cat > /etc/dhclient.conf << EOF -option libvirt-auth-method code 202 = text; -EOF - -# NOTE that libvirt_auth_method is handled in the exit-hooks cat > /etc/dhclient-exit-hooks << \EOF -if [ -n "$new_libvirt_auth_method" ]; then - METHOD=`echo $new_libvirt_auth_method | cut -d':' -f1` - SERVER=`echo $new_libvirt_auth_method | cut -d':' -f2-` - IP=`echo $new_libvirt_auth_method | cut -d':' -f2 | cut -d'/' -f1` - if [ $METHOD = "krb5" ]; then - mkdir -p /etc/libvirt - # here, we wait for the "host-keyadd" service to finish adding our - # keytab and returning to us; note that we will try 5 times and - # then give up - tries=0 - while [ "$VAL" != "SUCCESS" -a $tries -lt 5 ]; do - VAL=`echo "KERB" | /usr/bin/nc $IP 6666` - if [ "$VAL" == "SUCCESS" ]; then - break - fi - tries=$(( $tries + 1 )) - sleep 1 - done - if [ ! -r /etc/libvirt/krb5.tab ]; then - /usr/bin/wget -q http://$SERVER/$new_ip_address-libvirt.tab -O /etc/libvirt/krb5.tab - fi - if [ ! -r /etc/krb5.conf ]; then - rm -f /etc/krb5.conf ; /usr/bin/wget -q http://$SERVER/krb5.ini -O /etc/krb5.conf - fi - fi -fi - if [ -n "$new_ntp_servers" ]; then for ntp_server in $new_ntp_servers; do echo "$ntp_server" >> /etc/ntp/step-tickers @@ -145,6 +86,77 @@ fi EOF chmod +x /etc/dhclient-exit-hooks +echo "Writing ovirt init script" +# ovirt startup script to do krb init +cat > /etc/init.d/ovirt << \EOF +#!/bin/bash +# +# ovirt Start ovirt services +# +# chkconfig: 3 11 99 +# description: ovirt services +# + +# Source functions library +. /etc/init.d/functions + +start() { + echo -n $"Starting ovirt: " + IPA=$(/usr/bin/dig +short -t srv _ipa._tcp.$(/bin/dnsdomainname)) + HOST=$(echo $IPA | head -1 | awk '{print $4}') + PORT=$(echo $IPA | head -1 | awk '{print $3}') + + mkdir -p /etc/libvirt + # here, we wait for the "host-keyadd" service to finish adding our + # keytab and returning to us; note that we will try 5 times and + # then give up + tries=0 + while [ "$VAL" != "SUCCESS" -a $tries -lt 5 ]; do + VAL=`echo "KERB" | /usr/bin/nc $HOST 6666` + if [ "$VAL" == "SUCCESS" ]; then + break + fi + tries=$(( $tries + 1 )) + sleep 1 + echo -n "." + done + + if [ "$VAL" != "SUCCESS" ]; then + echo -n "Failed generating keytab" ; failure ; echo ; exit 1 + fi + + if [ ! -s /etc/libvirt/krb5.tab ]; then + /usr/bin/wget -q http://$HOST:$PORT/config/$(/bin/hostname -i)-libvirt.tab -O /etc/libvirt/krb5.tab + if [ $? -ne 0 ]; then + echo -n "Failed getting keytab" ; failure ; echo ; exit 1 + fi + fi + + if [ ! -s /etc/krb5.conf ]; then + rm -f /etc/krb5.conf + /usr/bin/wget -q http://$HOST:$PORT/config/krb5.ini -O /etc/krb5.conf + if [ "$?" -ne 0 ]; then + echo "Failed getting krb5.conf" ; failure ; echo ; exit 1 + fi + fi + + success + echo +} + +case "$1" in + start) + start + ;; + *) + echo "Usage: ovirt {start}" + exit 2 +esac +EOF + +chmod +x /etc/init.d/ovirt +/sbin/chkconfig ovirt on + echo "Setting up libvirt interfaces" # make libvirtd listen on the external interfaces sed -i -e 's/^#\(LIBVIRTD_ARGS="--listen"\).*/\1/' /etc/sysconfig/libvirtd diff --git a/wui-appliance/devel-post.ks b/wui-appliance/devel-post.ks index e1c7433..86c456a 100644 --- a/wui-appliance/devel-post.ks +++ b/wui-appliance/devel-post.ks @@ -23,15 +23,12 @@ allow bootp; ddns-update-style interim; ignore client-updates; -option libvirt-auth-method code 202 = text; - subnet 192.168.50.0 netmask 255.255.255.0 { option domain-name "priv.ovirt.org"; option domain-name-servers 192.168.50.2; option ntp-servers 192.168.50.2; next-server 192.168.50.2; option routers 192.168.50.1; - option libvirt-auth-method "krb5:192.168.50.2:8089/config"; filename "pxelinux.0"; host node3 { fixed-address 192.168.50.3; @@ -114,6 +111,9 @@ management IN A 192.168.50.2 node3 IN A 192.168.50.3 node4 IN A 192.168.50.4 node5 IN A 192.168.50.5 +_ovirt._tcp IN SRV 0 0 80 management +_ipa._tcp IN SRV 0 0 8089 management +_ldap._tcp IN SRV 0 0 389 management EOF cat > /var/named/chroot/var/named/50.168.192.in-addr.arpa.zone << \EOF From meyering at redhat.com Fri Apr 4 12:31:27 2008 From: meyering at redhat.com (Jim Meyering) Date: Fri, 04 Apr 2008 14:31:27 +0200 Subject: [Ovirt-devel] [PATCH] ovirt-mod-xml.sh: more robust; update from ovirt-web--devel Message-ID: <87r6dlol7k.fsf@rho.meyering.net> I noticed today that ovirt-mod-xml.sh is in ovirt.git. Now that there's an improved version in the web repo (ovirt-web--devel), I've just updated this version to match: ovirt-mod-xml.sh: more robust; update from ovirt-web--devel * wui-appliance/ovirt-mod-xml.sh: Exit nonzero for any failure. Now, running multiple times does not insert multiple blocks. More reliable clean-up. diff --git a/wui-appliance/ovirt-mod-xml.sh b/wui-appliance/ovirt-mod-xml.sh index 5cd385e..cc8bb82 100755 --- a/wui-appliance/ovirt-mod-xml.sh +++ b/wui-appliance/ovirt-mod-xml.sh @@ -1,14 +1,26 @@ #!/bin/bash -TMPFILE=`mktemp` +# Remove the temporary file on exit or signal. +trap 'st=$?; rm -rf "$tmpfile" && exit $st' 0 +trap 'exit $?' 1 2 13 15 -virsh -c qemu:///system dumpxml developer > $TMPFILE && +tmpfile=`mktemp` || exit 1 -perl -ni -e '$m = m!!; print; $m and print ' \ - -e 'qq( \n) .' \ - -e 'qq( \n) .' \ - -e 'qq( \n) .' \ - -e 'qq( \n)' $TMPFILE && +virsh -c qemu:///system dumpxml developer > "$tmpfile" || exit 1 -virsh -c qemu:///system define $TMPFILE -rm -f $TMPFILE +mac=00:16:3e:12:34:56 + +# If this MAC address is already in the XML, stop now. +grep $mac "$tmpfile" > /dev/null && + { echo 1>&2 "$0: you seem to have already run this script"; exit 1; } + +err=1 +# Add an interface block right after the only existing one. +perl -ni -e '$m = m!!; print; $m and print ' \ + -e 'qq( \n) .' \ + -e 'qq( \n) .' \ + -e 'qq( \n) .' \ + -e 'qq( \n)' "$tmpfile" && +virsh -c qemu:///system define "$tmpfile" && err=0 + +exit $err -- 1.5.5.rc3.1.gaece From hbrock at redhat.com Fri Apr 4 13:40:48 2008 From: hbrock at redhat.com (Hugh O. Brock) Date: Fri, 4 Apr 2008 09:40:48 -0400 Subject: [Ovirt-devel] [PATCH] fix ntp for the managed node and add ntp to default dhcp for dev app In-Reply-To: <47F5728D.7080706@redhat.com> References: <47F5728D.7080706@redhat.com> Message-ID: <20080404134048.GC8570@redhat.com> On Thu, Apr 03, 2008 at 08:13:01PM -0400, Perry N. Myers wrote: > ntpdate on the hosts only runs if there is something in > /etc/ntp/step-tickers. The managed node doesn't have anything in there > presently. If ntpdate doesn't run at startup, ntpd may refuse to > synchronize with ntp servers if the time differential is too great. If > clocks are not synchronized, kerberos fails which in turn makes libvirt > comms fail. > > This patch adds dhclient exit hooks capability for setting step-tickers > using the dhcp ntp-servers field. In addition ovirtbr0 has PEERNTP set > which enables /etc/ntp.conf setting. > > For the developer setup, the dev wui host has dhcp set to send option > ntp-servers so that nodes can get it as their ntp server (since nodes > can't access the outside world) > > Signed-off-by: Perry Myers > > diff --git a/ovirt-host-creator/common-post.ks b/ovirt-host-creator/common-post.ks > index a387bdf..6ebfe2c 100644 > --- a/ovirt-host-creator/common-post.ks > +++ b/ovirt-host-creator/common-post.ks > @@ -44,7 +44,7 @@ libvirt-auth-method' > BRIDGE=ovirtbr`echo $eth | cut -b4-` > echo -e "DEVICE=$eth\nONBOOT=yes\nBRIDGE=$BRIDGE" \ > > /etc/sysconfig/network-scripts/ifcfg-$eth > - echo -e "DEVICE=$BRIDGE\nBOOTPROTO=dhcp\nONBOOT=yes\nTYPE=Bridge" \ > + echo -e "DEVICE=$BRIDGE\nBOOTPROTO=dhcp\nONBOOT=yes\nTYPE=Bridge\nPEERNTP=yes" \ > > /etc/sysconfig/network-scripts/ifcfg-$BRIDGE > printf 'DHCLIENTARGS="-R %s"\n' $(printf "$dhcp_options"|tr '\n' ,)\ > >> /etc/sysconfig/network-scripts/ifcfg-$BRIDGE > @@ -136,6 +136,12 @@ if [ -n "$new_libvirt_auth_method" ]; then > fi > fi > fi > + > +if [ -n "$new_ntp_servers" ]; then > + for ntp_server in $new_ntp_servers; do > + echo "$ntp_server" >> /etc/ntp/step-tickers > + done > +fi > EOF > chmod +x /etc/dhclient-exit-hooks > > diff --git a/wui-appliance/devel-post.ks b/wui-appliance/devel-post.ks > index 3f03dbb..77ab16d 100644 > --- a/wui-appliance/devel-post.ks > +++ b/wui-appliance/devel-post.ks > @@ -23,6 +23,7 @@ option libvirt-auth-method code 202 = text; > subnet 192.168.50.0 netmask 255.255.255.0 { > option domain-name "priv.ovirt.org"; > option domain-name-servers 192.168.50.2; > + option ntp-servers 192.168.50.2; > next-server 192.168.50.2; > option routers 192.168.50.1; > option libvirt-auth-method "krb5:192.168.50.2:8089/config"; Very cool... ACK From clalance at redhat.com Fri Apr 4 14:30:32 2008 From: clalance at redhat.com (Chris Lalancette) Date: Fri, 04 Apr 2008 10:30:32 -0400 Subject: [Ovirt-devel] [PATCH] fix ntp for the managed node and add ntp to default dhcp for dev app In-Reply-To: <47F5728D.7080706@redhat.com> References: <47F5728D.7080706@redhat.com> Message-ID: <47F63B88.9@redhat.com> Perry N. Myers wrote: > ntpdate on the hosts only runs if there is something in > /etc/ntp/step-tickers. The managed node doesn't have anything in there > presently. If ntpdate doesn't run at startup, ntpd may refuse to > synchronize with ntp servers if the time differential is too great. If > clocks are not synchronized, kerberos fails which in turn makes libvirt > comms fail. > > This patch adds dhclient exit hooks capability for setting step-tickers > using the dhcp ntp-servers field. In addition ovirtbr0 has PEERNTP set > which enables /etc/ntp.conf setting. > > For the developer setup, the dev wui host has dhcp set to send option > ntp-servers so that nodes can get it as their ntp server (since nodes > can't access the outside world) This one is a no-brainer. I'm just surprised there isn't a more "standard" way to do it with the ifcfg scripts, but doing it in an exit-hook is fine, since we don't need an additional dhcp option. ACK Chris Lalancette From jim at meyering.net Fri Apr 4 15:28:32 2008 From: jim at meyering.net (Jim Meyering) Date: Fri, 04 Apr 2008 17:28:32 +0200 Subject: [Ovirt-devel] virsh define appears to succeed, but doesn't add bridge Message-ID: <87d4p5od0f.fsf@rho.meyering.net> While trying to test this tiny script on rawhide, http://hg.et.redhat.com/virt/websites/ovirt-web--devel?f=e4f3ee8de5a1;file=ovirt-mod-xml.sh I was surprised to see I couldn't provoke this failure: echo 1>&2 "$0: you seem to have already run this script"; exit 1; } The idea is to dump xml, insert 4 lines describing a bridge, and use virsh "define" to apply the new definition. However, that last step doesn't seem to work, even though virsh exits successfully. If the new XML is somehow insufficient, the least it could do is give a diagnostic. Otherwise it has to honor the request. # cat $tmpfile developer f2af0696-77ea-dd8f-3f6c-cf3f38d5216e 524288 524288 1 hvm destroy destroy destroy /usr/bin/qemu-kvm # virsh -c qemu:///system define "$tmpfile" Domain developer defined from /t/jt2884.FGSiY6/tmp.JVPZ4LBMVf # virsh -c qemu:///system dumpxml developer developer f2af0696-77ea-dd8f-3f6c-cf3f38d5216e 524288 524288 1 hvm destroy destroy destroy /usr/bin/qemu-kvm From meyering at redhat.com Fri Apr 4 15:34:50 2008 From: meyering at redhat.com (Jim Meyering) Date: Fri, 04 Apr 2008 17:34:50 +0200 Subject: [Ovirt-devel] create-wui-appliance.sh: useful script! Message-ID: <87abk9ocpx.fsf@rho.meyering.net> Hi Perry, Thanks for the create-wui-appliance.sh script. It nicely eliminates several annoyingly manual steps. Here are some small changes. I've tested the result. Barring objections I'll push soon. create-wui-appliance.sh: mostly-minor changes * wui-appliance/create-wui-appliance.sh: Remove unnecessary quotes in var=... RHS. Remove unnecessary braces in ${VAR_NAME}/. Don't redirect function definition. Use 'cat<&2; } +try_h() { printf "Try \`$ME -h' for more information.\n" >&2; } +die() { warn "$@"; try_h; exit 1; } + NAME=developer RAM=512 -IMGNAME=${NAME}.img +IMGNAME=$NAME.img IMGSIZE=6 -usage() { - echo "usage: $0 -i install_iso [-d image_dir] [-a x86_64|i386] [-m MAC]" - echo " -i: location of installation ISO" - echo " -d: directory to place virtual disk (default: /var/lib/libvirt/images)" - echo " -a: architecture for the virtual machine (default: x86_64)" - echo " -m: specify fixed MAC address for the primary network interface" - exit 1 -} >&2 - MAC= ISO= -IMGDIR=/var/lib/libvirt/images -ARCH=x86_64 -for i ; do - case $1 in - -i) - [ $# -lt 2 ] && usage - ISO="$2" - shift; shift;; - -d) - [ $# -lt 2 ] && usage - IMGDIR="$2" - shift; shift;; - -a) - [ $# -lt 2 ] && usage - ARCH="$2" - shift; shift;; - -m) - [ $# -lt 2 ] && usage - MAC="$2" - shift; shift;; - -?|-*) - usage;; +IMGDIR_DEFAULT=/var/lib/libvirt/images +ARCH_DEFAULT=x86_64 + +ARCH=$ARCH_DEFAULT +IMGDIR=$IMGDIR_DEFAULT + +usage() { + case $# in 1) warn "$1"; try_h; exit 1;; esac + cat <&2 - usage -fi +test -z "$ISO" && usage "no ISO file specified" +test -r "$ISO" || usage "missing or unreadable ISO file: \`$ISO'" -if [[ "$ARCH" != "i386" && "$ARCH" != "x86_64" ]]; then - echo "Please specify a valid architecture" >&2 - usage -fi +case $ARCH in + i386|x86_64);; + *) usage "invalid architecture: \`$ARCH'";; +esac -if [ -n $MAC ]; then +if [ -n "$MAC" ]; then MAC="-m $MAC" fi @@ -59,8 +62,8 @@ mkdir -p $IMGDIR virsh destroy $NAME > /dev/null 2>&1 virsh undefine $NAME > /dev/null 2>&1 -virt-install -n $NAME -r $RAM -f $IMGDIR/$IMGNAME -s $IMGSIZE --vnc \ - --accelerate -v -c $ISO --os-type=linux --arch=$ARCH \ +virt-install -n $NAME -r $RAM -f "$IMGDIR/$IMGNAME" -s $IMGSIZE --vnc \ + --accelerate -v -c "$ISO" --os-type=linux --arch=$ARCH \ --noreboot $MAC ./ovirt-mod-xml.sh virsh start $NAME diff --git a/wui-appliance/ovirt-mod-xml.sh b/wui-appliance/ovirt-mod-xml.sh old mode 100755 new mode 100644 -- 1.5.5.rc3.1.gaece From pmyers at redhat.com Fri Apr 4 16:10:52 2008 From: pmyers at redhat.com (Perry N. Myers) Date: Fri, 04 Apr 2008 12:10:52 -0400 Subject: [Ovirt-devel] create-wui-appliance.sh: useful script! In-Reply-To: <87abk9ocpx.fsf@rho.meyering.net> References: <87abk9ocpx.fsf@rho.meyering.net> Message-ID: <47F6530C.3010906@redhat.com> Jim Meyering wrote: > Hi Perry, > > Thanks for the create-wui-appliance.sh script. > It nicely eliminates several annoyingly manual steps. > > Here are some small changes. I've tested the result. > Barring objections I'll push soon. > > create-wui-appliance.sh: mostly-minor changes > * wui-appliance/create-wui-appliance.sh: Remove unnecessary > quotes in var=... RHS. Remove unnecessary braces in ${VAR_NAME}/. > Don't redirect function definition. Use 'cat< echo. Add quotes around various $VAR uses, in case they contains shell > meta-characters. Hoist default arch and image dir definitions, > and use them in usage. Use bash's built-in "getopts" function. > Accept "-h" option (for help). Upon usage error, refer to -h, > rather than printing full usage. Thanks for cleaning this up. :) I had no idea there was getopt for bash... I've been parsing script cmdline args manually for years. Lots of other good techniques in here for me to absorb too. ACK Perry From sseago at redhat.com Fri Apr 4 19:05:18 2008 From: sseago at redhat.com (Scott Seago) Date: Fri, 04 Apr 2008 15:05:18 -0400 Subject: [Ovirt-devel] [Patch] add Host task type -- will be needed for Migration Message-ID: <47F67BEE.7040904@redhat.com> First round of migration-related code: Added HostTask as another Task type for taskomatic to deal with. This will be used for the "clear host" migration functionality when we implement the migration UI. Scott -------------- next part -------------- A non-text attachment was scrubbed... Name: add-host-tasks.patch Type: text/x-patch Size: 4419 bytes Desc: not available URL: From apevec at redhat.com Fri Apr 4 19:50:28 2008 From: apevec at redhat.com (Alan Pevec) Date: Fri, 04 Apr 2008 21:50:28 +0200 Subject: [Ovirt-devel] create-wui-appliance.sh: useful script! In-Reply-To: <87abk9ocpx.fsf@rho.meyering.net> References: <87abk9ocpx.fsf@rho.meyering.net> Message-ID: <47F68684.5050109@redhat.com> Jim Meyering wrote: > Thanks for the create-wui-appliance.sh script. > It nicely eliminates several annoyingly manual steps. > Here are some small changes. I've tested the result. Here's one more to create dummybridge via libvirt. You must remove manually created dummybridge first: - stop VMs - ifdown dummybridge; brctl delbr dummybridge; find /etc/sysconfig/ -name ifcfg-dummybridge -exec rm {} \; diff --git a/wui-appliance/create-wui-appliance.sh b/wui-appliance/create-wui-appliance.sh index 0167576..b152cc5 100755 --- a/wui-appliance/create-wui-appliance.sh +++ b/wui-appliance/create-wui-appliance.sh @@ -55,6 +55,15 @@ if [ -n $MAC ]; then MAC="-m $MAC" fi +TMPXML=$(mktemp) || exit 1 +cat > $TMPXML < dummy +EOF +virsh net-define $TMPXML +rm $TMPXML +virsh net-start dummy +virsh net-autostart dummy + mkdir -p $IMGDIR virsh destroy $NAME > /dev/null 2>&1 From pmyers at redhat.com Fri Apr 4 20:15:36 2008 From: pmyers at redhat.com (Perry N. Myers) Date: Fri, 04 Apr 2008 16:15:36 -0400 Subject: [Ovirt-devel] create-wui-appliance.sh: useful script! In-Reply-To: <47F68684.5050109@redhat.com> References: <87abk9ocpx.fsf@rho.meyering.net> <47F68684.5050109@redhat.com> Message-ID: <47F68C68.3010704@redhat.com> Alan Pevec wrote: > Jim Meyering wrote: >> Thanks for the create-wui-appliance.sh script. >> It nicely eliminates several annoyingly manual steps. >> Here are some small changes. I've tested the result. > > Here's one more to create dummybridge via libvirt. You must remove > manually created dummybridge first: > - stop VMs > - ifdown dummybridge; brctl delbr dummybridge; find /etc/sysconfig/ > -name ifcfg-dummybridge -exec rm {} \; ACK. Looks good. Perry From jim at meyering.net Fri Apr 4 21:44:29 2008 From: jim at meyering.net (Jim Meyering) Date: Fri, 04 Apr 2008 23:44:29 +0200 Subject: [Ovirt-devel] create-wui-appliance.sh: useful script! In-Reply-To: <47F68684.5050109@redhat.com> (Alan Pevec's message of "Fri, 04 Apr 2008 21:50:28 +0200") References: <87abk9ocpx.fsf@rho.meyering.net> <47F68684.5050109@redhat.com> Message-ID: <87sky1mh1e.fsf@rho.meyering.net> Alan Pevec wrote: > Jim Meyering wrote: >> Thanks for the create-wui-appliance.sh script. >> It nicely eliminates several annoyingly manual steps. >> Here are some small changes. I've tested the result. > > Here's one more to create dummybridge via libvirt. You must remove manually created dummybridge first: > - stop VMs > - ifdown dummybridge; brctl delbr dummybridge; find /etc/sysconfig/ -name ifcfg-dummybridge -exec rm {} \; > > diff --git a/wui-appliance/create-wui-appliance.sh b/wui-appliance/create-wui-appliance.sh > index 0167576..b152cc5 100755 > --- a/wui-appliance/create-wui-appliance.sh > +++ b/wui-appliance/create-wui-appliance.sh > @@ -55,6 +55,15 @@ if [ -n $MAC ]; then > MAC="-m $MAC" > fi > > +TMPXML=$(mktemp) || exit 1 > +cat > $TMPXML < + dummy > +EOF > +virsh net-define $TMPXML > +rm $TMPXML > +virsh net-start dummy > +virsh net-autostart dummy > + Hi Alan, Looks good. At first, I was going to suggest removing $TMPXML via a 'trap' so we're sure not to leave around the temporary, but we can do even better and eliminate the temporary file completely. Instead use bash's process substitution; untested: gen_dummy() { cat <<\EOF dummy EOF } virsh net-define <(gen_dummy) virsh net-start dummy virsh net-autostart dummy From clalance at redhat.com Mon Apr 7 15:33:02 2008 From: clalance at redhat.com (Chris Lalancette) Date: Mon, 07 Apr 2008 11:33:02 -0400 Subject: [Ovirt-devel] [PATCH] get rid of dhcp-hooks and use DNS SRV records In-Reply-To: <47F5D46E.2090508@redhat.com> References: <47F5D46E.2090508@redhat.com> Message-ID: <47FA3EAE.6060909@redhat.com> Perry N. Myers wrote: > Remove use of dhcp options for communicating the location of services to the > managed node. Instead this is done using DNS SRV records. dhcp exit hooks > are only used for setting step-tickers now. The managed node moves most > of what was in exit hooks to a new init script called ovirt. The devel > wui setup now adds the DNS SRV records to the default DNS zone file. > > Signed-off-by: Perry Myers > +start() { > + echo -n $"Starting ovirt: " > + IPA=$(/usr/bin/dig +short -t srv _ipa._tcp.$(/bin/dnsdomainname)) > + HOST=$(echo $IPA | head -1 | awk '{print $4}') > + PORT=$(echo $IPA | head -1 | awk '{print $3}') > + > + mkdir -p /etc/libvirt I don't think we need this; the libvirt package should own /etc/libvirt, so I'm pretty sure this will always exist. Otherwise, this patch looks pretty good. We don't seem to use _ovirt._tcp DNS SRV record yet, but we probably will for monitoring in the near future, so leave it. ACK Chris Lalancette From clalance at redhat.com Mon Apr 7 15:37:26 2008 From: clalance at redhat.com (Chris Lalancette) Date: Mon, 07 Apr 2008 11:37:26 -0400 Subject: [Ovirt-devel] [PATCH] restructure wui kickstarts and create setup scripts for RPM In-Reply-To: <47F581CF.8030501@redhat.com> References: <47F581CF.8030501@redhat.com> Message-ID: <47FA3FB6.7050302@redhat.com> Perry N. Myers wrote: > Restructured the wui production and devel kickstart posts so that most of > the functionality is moved into two scripts (ovirt-add-host and > ovirt-wui-install). > > The post sections now contain just those steps that are specific to > creating a production or development appliance. This way, users who want > to install on existing OSs can just run ovirt-wui-install manually. > > Spec file is updated to pull in the new scripts and omit the outdated > scripts. Removed the references to the FreeIPA F7 repo, since those RPMs > were very out of date. Until we move to F9, we need to put the ipa RPMs > into the ovirt-management repository. > > NOTE: The ovirt-fix-ipa script is a temporary hack so that the ipa server > can run on the same host as the oVirt WUI. As soon as we get RPMs from > FreeIPA that have the ipa server running in /ipa this will go away. > > This seems like a huge patch, but a lot of it is moving blocks of code > from the .ks files to other scripts. Most of the functionality is maintained. > > Signed-off-by: Perry Myers Well, there is a lot of code motion in here, but overall I think it is a good cleanup to reduce code duplication. ACK Chris Lalancette From apevec at redhat.com Mon Apr 7 17:41:12 2008 From: apevec at redhat.com (Alan Pevec) Date: Mon, 07 Apr 2008 19:41:12 +0200 Subject: [Ovirt-devel] create-wui-appliance.sh: useful script! In-Reply-To: <87sky1mh1e.fsf@rho.meyering.net> References: <87abk9ocpx.fsf@rho.meyering.net> <47F68684.5050109@redhat.com> <87sky1mh1e.fsf@rho.meyering.net> Message-ID: <47FA5CB8.6050800@redhat.com> Jim Meyering wrote: > gen_dummy() { > cat <<\EOF > > dummy > > > > EOF > } > > virsh net-define <(gen_dummy) > virsh net-start dummy > virsh net-autostart dummy virsh doesn't seem to read stdin and doesn't accept - as a filename - need to file a BZ for that BTW, with libvirt-defined bridge we can avoid ovirt-mod-xml.sh: --- a/wui-appliance/create-wui-appliance.sh +++ b/wui-appliance/create-wui-appliance.sh @@ -64,8 +64,7 @@ virsh destroy $NAME > /dev/null 2>&1 virsh undefine $NAME > /dev/null 2>&1 virt-install -n $NAME -r $RAM -f "$IMGDIR/$IMGNAME" -s $IMGSIZE --vnc \ --accelerate -v -c "$ISO" --os-type=linux --arch=$ARCH \ - --noreboot $MAC -./ovirt-mod-xml.sh + --noreboot $MAC -w network:default -w network:dummy virsh start $NAME virt-viewer $NAME & To have a completely scripted developer setup we just miss --extra-args ks=http://ovirt.org/download/wui-rel-devel-$(uname -i).ks which should work with virt-install tip. From jim at meyering.net Mon Apr 7 21:42:57 2008 From: jim at meyering.net (Jim Meyering) Date: Mon, 07 Apr 2008 23:42:57 +0200 Subject: [Ovirt-devel] create-wui-appliance.sh: useful script! In-Reply-To: <47FA5CB8.6050800@redhat.com> (Alan Pevec's message of "Mon, 07 Apr 2008 19:41:12 +0200") References: <87abk9ocpx.fsf@rho.meyering.net> <47F68684.5050109@redhat.com> <87sky1mh1e.fsf@rho.meyering.net> <47FA5CB8.6050800@redhat.com> Message-ID: <87d4p149zy.fsf@rho.meyering.net> Alan Pevec wrote: > Jim Meyering wrote: >> gen_dummy() { >> cat <<\EOF >> >> dummy >> >> >> >> EOF >> } >> >> virsh net-define <(gen_dummy) >> virsh net-start dummy >> virsh net-autostart dummy > > virsh doesn't seem to read stdin and doesn't accept - as a filename - need to file a BZ for that Hi Alan, That fails because the file (pipe) bash creates is not "regular", so when libvirt's __virFileReadAll function stats it, it can't determine the file size up front. I'll fix that function to work also with files for which stat doesn't provide a length. > BTW, with libvirt-defined bridge we can avoid ovirt-mod-xml.sh: > > --- a/wui-appliance/create-wui-appliance.sh > +++ b/wui-appliance/create-wui-appliance.sh > @@ -64,8 +64,7 @@ virsh destroy $NAME > /dev/null 2>&1 > virsh undefine $NAME > /dev/null 2>&1 > virt-install -n $NAME -r $RAM -f "$IMGDIR/$IMGNAME" -s $IMGSIZE --vnc \ > --accelerate -v -c "$ISO" --os-type=linux --arch=$ARCH \ > - --noreboot $MAC > -./ovirt-mod-xml.sh > + --noreboot $MAC -w network:default -w network:dummy Nice! ACK. > virsh start $NAME > virt-viewer $NAME & > > To have a completely scripted developer setup we just miss --extra-args ks=http://ovirt.org/download/wui-rel-devel-$(uname -i).ks > which should work with virt-install tip. From imain at redhat.com Thu Apr 10 17:39:23 2008 From: imain at redhat.com (Ian Main) Date: Thu, 10 Apr 2008 10:39:23 -0700 Subject: [Ovirt-devel] [PATCH] ovirt-host to Fedora 9 Beta. Message-ID: <20080410103923.3e45f7ea@tp.mains.net> Here's the patch to bring the ovirt host up to fedora 9 beta. Simple stuff. I'm sure someone else could have done this a lot faster, but at least I learned a bunch about kickstarts and yum repos etc. ;) Ian -------------- next part -------------- A non-text attachment was scrubbed... Name: ovirt_b9.patch Type: text/x-patch Size: 1748 bytes Desc: not available URL: From imain at redhat.com Thu Apr 10 17:46:32 2008 From: imain at redhat.com (Ian Main) Date: Thu, 10 Apr 2008 10:46:32 -0700 Subject: [Ovirt-devel] [PATCH] Error out early if tftpboot exists. Message-ID: <20080410104632.1b055e3a@tp.mains.net> This simple patch just adds a warning if tftpboot already exists before doing all the work to create a pxe boot image. I hadn't noticed the error a few times as it gets lost in the noise after all the other output it generates. Signed-off-by: Ian Main Ian From imain at redhat.com Thu Apr 10 17:51:50 2008 From: imain at redhat.com (Ian Main) Date: Thu, 10 Apr 2008 10:51:50 -0700 Subject: [Ovirt-devel] [PATCH] Error out early if tftpboot exists. In-Reply-To: <20080410104632.1b055e3a@tp.mains.net> References: <20080410104632.1b055e3a@tp.mains.net> Message-ID: <20080410105150.5f6b43e6@tp.mains.net> Doh, patch is attached. :) Ian On Thu, 10 Apr 2008 10:46:32 -0700 Ian Main wrote: > > This simple patch just adds a warning if tftpboot already exists before doing all the work to create a pxe boot image. I hadn't noticed the error a few times as it gets lost in the noise after all the other output it generates. > > Signed-off-by: Ian Main > > Ian > > _______________________________________________ > Ovirt-devel mailing list > Ovirt-devel at redhat.com > https://www.redhat.com/mailman/listinfo/ovirt-devel -------------- next part -------------- A non-text attachment was scrubbed... Name: ovirt_pxe.diff Type: text/x-patch Size: 495 bytes Desc: not available URL: From clalance at redhat.com Thu Apr 10 17:54:51 2008 From: clalance at redhat.com (Chris Lalancette) Date: Thu, 10 Apr 2008 13:54:51 -0400 Subject: [Ovirt-devel] [PATCH] Error out early if tftpboot exists. In-Reply-To: <20080410105150.5f6b43e6@tp.mains.net> References: <20080410104632.1b055e3a@tp.mains.net> <20080410105150.5f6b43e6@tp.mains.net> Message-ID: <47FE546B.60303@redhat.com> Ian Main wrote: > Ian Main wrote: > >> This simple patch just adds a warning if tftpboot already exists before doing all the work to create a pxe boot image. I hadn't noticed the error a few times as it gets lost in the noise after all the other output it generates. It's good to warn before doing all of the work to create the liveCD, so ACK Chris Lalancette From jim at meyering.net Fri Apr 11 07:10:53 2008 From: jim at meyering.net (Jim Meyering) Date: Fri, 11 Apr 2008 09:10:53 +0200 Subject: [Ovirt-devel] [PATCH] Error out early if tftpboot exists. In-Reply-To: <20080410105150.5f6b43e6@tp.mains.net> (Ian Main's message of "Thu, 10 Apr 2008 10:51:50 -0700") References: <20080410104632.1b055e3a@tp.mains.net> <20080410105150.5f6b43e6@tp.mains.net> Message-ID: <87ej9coohu.fsf@rho.meyering.net> Ian Main wrote: >> This simple patch just adds a warning if tftpboot already exists before doing all the work to create a pxe boot image. I hadn't noticed the error a few times as it gets lost in the noise after all the other output it generates. Hi Ian, Good idea! If you put that code in the definition of the create_iso function, users of ovirt-cd.sh, ovirt-flash.sh, and ovirt-flash-static.sh scripts will benefit, too. > diff --git a/ovirt-host-creator/ovirt-pxe.sh b/ovirt-host-creator/ovirt-pxe.sh > index 8db83bf..022eec9 100755 > --- a/ovirt-host-creator/ovirt-pxe.sh > +++ b/ovirt-host-creator/ovirt-pxe.sh > @@ -28,6 +28,12 @@ else > exit 1 > fi > > +if [ -e tftpboot ]; then > + echo "tftboot/ directory already exists! Cowardly not overwriting." > + echo "Please rename or delete old version prior to running this script." > + exit 1 > +fi > + > ISO=`create_iso $ISO` || exit 1 > > /usr/bin/livecd-iso-to-pxeboot $ISO From apevec at redhat.com Fri Apr 11 07:36:09 2008 From: apevec at redhat.com (Alan Pevec) Date: Fri, 11 Apr 2008 09:36:09 +0200 Subject: [Ovirt-devel] [PATCH] Error out early if tftpboot exists. In-Reply-To: <87ej9coohu.fsf@rho.meyering.net> References: <20080410104632.1b055e3a@tp.mains.net> <20080410105150.5f6b43e6@tp.mains.net> <87ej9coohu.fsf@rho.meyering.net> Message-ID: <47FF14E9.7070504@redhat.com> Jim Meyering wrote: > If you put that code in the definition of the create_iso function, > users of ovirt-cd.sh, ovirt-flash.sh, and ovirt-flash-static.sh scripts > will benefit, too. But only ovirt-pxe.sh cares about tftpboot/ right? Otherwise we're fine since iso filename includes timestamp. >> diff --git a/ovirt-host-creator/ovirt-pxe.sh b/ovirt-host-creator/ovirt-pxe.sh >> index 8db83bf..022eec9 100755 >> --- a/ovirt-host-creator/ovirt-pxe.sh >> +++ b/ovirt-host-creator/ovirt-pxe.sh >> @@ -28,6 +28,12 @@ else >> exit 1 >> fi >> >> +if [ -e tftpboot ]; then >> + echo "tftboot/ directory already exists! Cowardly not overwriting." ^^^ p missing >> + echo "Please rename or delete old version prior to running this script." >> + exit 1 >> +fi >> + From jim at meyering.net Fri Apr 11 08:34:07 2008 From: jim at meyering.net (Jim Meyering) Date: Fri, 11 Apr 2008 10:34:07 +0200 Subject: [Ovirt-devel] [PATCH] Error out early if tftpboot exists. In-Reply-To: <47FF14E9.7070504@redhat.com> (Alan Pevec's message of "Fri, 11 Apr 2008 09:36:09 +0200") References: <20080410104632.1b055e3a@tp.mains.net> <20080410105150.5f6b43e6@tp.mains.net> <87ej9coohu.fsf@rho.meyering.net> <47FF14E9.7070504@redhat.com> Message-ID: <87y77kn62o.fsf@rho.meyering.net> Alan Pevec wrote: > Jim Meyering wrote: >> If you put that code in the definition of the create_iso function, >> users of ovirt-cd.sh, ovirt-flash.sh, and ovirt-flash-static.sh scripts >> will benefit, too. > > But only ovirt-pxe.sh cares about tftpboot/ right? > Otherwise we're fine since iso filename includes timestamp. Yep. Silly me. Thanks Alan. Sorry, Ian ;-) >>> diff --git a/ovirt-host-creator/ovirt-pxe.sh b/ovirt-host-creator/ovirt-pxe.sh >>> index 8db83bf..022eec9 100755 >>> --- a/ovirt-host-creator/ovirt-pxe.sh >>> +++ b/ovirt-host-creator/ovirt-pxe.sh >>> @@ -28,6 +28,12 @@ else >>> exit 1 >>> fi >>> >>> +if [ -e tftpboot ]; then >>> + echo "tftboot/ directory already exists! Cowardly not overwriting." > ^^^ p missing >>> + echo "Please rename or delete old version prior to running this script." >>> + exit 1 >>> +fi >>> + From mmorsi at redhat.com Sat Apr 12 00:12:42 2008 From: mmorsi at redhat.com (Mohammed Morsi) Date: Fri, 11 Apr 2008 20:12:42 -0400 Subject: [Ovirt-devel] [patch] oVirt / Cobbler Integration Message-ID: <47FFFE7A.3060604@redhat.com> Attached is the first attempt to integrate the cobbler xmlrpc API into oVirt. As it stands, cobbler can be enabled / configured via config/cobbler.yml and oVirt will call out to the remote cobbler server to retrieve and set profiles for systems. It should be fairly simple / straightforward to add cobbler functionality to oVirt, we simply need to add new methods to the cobbler_helper and invoke them in the appropriate places. Have a great weekend, -Mo -------------- next part -------------- A non-text attachment was scrubbed... Name: ovirt_cobbler.patch Type: text/x-patch Size: 6896 bytes Desc: not available URL: From sseago at redhat.com Mon Apr 14 15:47:58 2008 From: sseago at redhat.com (Scott Seago) Date: Mon, 14 Apr 2008 11:47:58 -0400 Subject: [Ovirt-devel] [Patch] hardware pool/vm resource pool model redesign Message-ID: <48037CAE.9080905@redhat.com> This patch refactors the Hardware Pool and VM Resource Pool models. The OrgPool/NetworkMap/HostCollection subclasses of HardwarePool are removed entirely -- the HardwarePool hierarchy is once again completely flexible. You can have a single host pool or a deep hierarchy. VM Library has been renamed to VM Resource Pool. At a model level, Hardware Pools and VM Resource Pools now inherit from a common (abstract) Pool class -- but this is not exposed in the UI. In addition to the simpler (and more flexible) Hardware Pool hierarchy, the other main focus for this change is to allow a hierarchy of VM Resource Pools. The model now supports this, although the views do not (yet) allow the creation of nested VM Resource Pools. In addition, the quota/resource usage calculations do not yet deal with nested VM Pools. Anyway, here's the (somewhat large) patch... -------------- next part -------------- A non-text attachment was scrubbed... Name: pool-model-redesign.patch Type: text/x-patch Size: 209648 bytes Desc: not available URL: From hbrock at redhat.com Mon Apr 14 18:59:37 2008 From: hbrock at redhat.com (Hugh O. Brock) Date: Mon, 14 Apr 2008 14:59:37 -0400 Subject: [Ovirt-devel] [Patch] hardware pool/vm resource pool model redesign In-Reply-To: <48037CAE.9080905@redhat.com> References: <48037CAE.9080905@redhat.com> Message-ID: <20080414185937.GL3324@redhat.com> On Mon, Apr 14, 2008 at 11:47:58AM -0400, Scott Seago wrote: > This patch refactors the Hardware Pool and VM Resource Pool models. The > OrgPool/NetworkMap/HostCollection subclasses of HardwarePool are removed > entirely -- the HardwarePool hierarchy is once again completely flexible. > You can have a single host pool or a deep hierarchy. VM Library has been > renamed to VM Resource Pool. At a model level, Hardware Pools and VM > Resource Pools now inherit from a common (abstract) Pool class -- but this > is not exposed in the UI. > > In addition to the simpler (and more flexible) Hardware Pool hierarchy, the > other main focus for this change is to allow a hierarchy of VM Resource > Pools. The model now supports this, although the views do not (yet) allow > the creation of nested VM Resource Pools. In addition, the quota/resource > usage calculations do not yet deal with nested VM Pools. > > Anyway, here's the (somewhat large) patch... Yikes, that's huge! ACK based on your assurance that it works and the knowledge that we'll need more cleanup as we go along. One question: What is the indentation standard for ruby/rails code? I notice you're using 2 spaces, is that normal? Thanks, --Hugh From meyering at redhat.com Mon Apr 14 19:02:47 2008 From: meyering at redhat.com (Jim Meyering) Date: Mon, 14 Apr 2008 21:02:47 +0200 Subject: [Ovirt-devel] wui-appliance: avoid some duplication Message-ID: <878wzg5kfc.fsf@rho.meyering.net> We all know about the duplication in x86_64 vs i386 .ks files in wui-appliance/ and don't like having to make identical changes twice (one of the nominally-sync'd files had even diverged, albeit just by a single blank line), so this change removes the duplicated files and generates them from the ones that are left behind, among other things. These changes depend on GNU make. wui-appliance/Makefile: generate some files Generate each wui-*-i386.ks file from the corresponding x86_64.ks one. Ensure that generated files are read-only. Generate and use dependencies. * wui-appliance/wui-app-i386.ks: Remove file. Now generated. * wui-appliance/wui-devel-i386.ks: Likewise. * wui-appliance/.gitignore: New file. --- wui-appliance/.gitignore | 7 +++++ wui-appliance/Makefile | 47 ++++++++++++++++++++++++++++++++++----- wui-appliance/wui-app-i386.ks | 22 ------------------ wui-appliance/wui-devel-i386.ks | 30 ------------------------ 4 files changed, 48 insertions(+), 58 deletions(-) create mode 100644 wui-appliance/.gitignore delete mode 100644 wui-appliance/wui-app-i386.ks delete mode 100644 wui-appliance/wui-devel-i386.ks diff --git a/wui-appliance/.gitignore b/wui-appliance/.gitignore new file mode 100644 index 0000000..ef1c605 --- /dev/null +++ b/wui-appliance/.gitignore @@ -0,0 +1,7 @@ +.deps +wui-app-i386.ks +wui-devel-i386.ks +wui-rel-app-i386.ks +wui-rel-app-x86_64.ks +wui-rel-devel-i386.ks +wui-rel-devel-x86_64.ks diff --git a/wui-appliance/Makefile b/wui-appliance/Makefile index 1999457..439185c 100644 --- a/wui-appliance/Makefile +++ b/wui-appliance/Makefile @@ -1,10 +1,45 @@ all: ks -ks: - ksflatten wui-app-i386.ks > wui-rel-app-i386.ks - ksflatten wui-app-x86_64.ks > wui-rel-app-x86_64.ks - ksflatten wui-devel-i386.ks > wui-rel-devel-i386.ks - ksflatten wui-devel-x86_64.ks > wui-rel-devel-x86_64.ks +primary_src = \ + wui-app-x86_64.ks \ + wui-devel-x86_64.ks + +rel_ks = \ + wui-rel-app-i386.ks \ + wui-rel-app-x86_64.ks \ + wui-rel-devel-i386.ks \ + wui-rel-devel-x86_64.ks + +ks: $(rel_ks) + +define ks-flatten + rm -f $@ $@-t + ksflatten $< > $@-t + chmod a=r $@-t + mv $@-t $@ +endef + +wui-rel-app-%.ks: wui-app-%.ks + $(ks-flatten) + +wui-rel-devel-%.ks: wui-devel-%.ks + $(ks-flatten) + +# Generate each wui-*-i386.ks file from the corresponding x86_64.ks one. +wui-%-i386.ks: wui-%-x86_64.ks + rm -f $@ $@-t + sed 's/x86_64/i386/' $< > $@-t + chmod a=r $@-t + mv $@-t $@ + +# Generate dependencies. +include .deps +.deps: $(primary_src) + rm -f .deps + for i in $^; do \ + sed -n '/^%include \(.*\.ks\)$$/s//'"$$i: "'\1/p' $$i >> $@-t; \ + done + mv $@-t $@ clean: - rm -f *-rel-* + rm -f wui-devel-i386.ks wui-app-i386.ks $(rel_ks) .deps diff --git a/wui-appliance/wui-app-i386.ks b/wui-appliance/wui-app-i386.ks deleted file mode 100644 index 38f80d4..0000000 --- a/wui-appliance/wui-app-i386.ks +++ /dev/null @@ -1,22 +0,0 @@ -# Kickstart file automatically generated by anaconda. - -install - -url --url http://download.fedora.redhat.com/pub/fedora/linux/releases/8/Fedora/i386/os/ - -%include common-install.ks - -repo --name=f8 --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-8&arch=i386 -repo --name=f8-updates --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f8&arch=i386 -repo --name=ovirt-management --baseurl=http://ovirt.et.redhat.com/repos/ovirt-management-repo/i386/ - -%packages -%include common-pkgs.ks - -%post - -%include common-post.ks - -%include production-post.ks - -%end diff --git a/wui-appliance/wui-devel-i386.ks b/wui-appliance/wui-devel-i386.ks deleted file mode 100644 index 519c18c..0000000 --- a/wui-appliance/wui-devel-i386.ks +++ /dev/null @@ -1,30 +0,0 @@ -# Kickstart file automatically generated by anaconda. - -install -url --url http://download.fedora.redhat.com/pub/fedora/linux/releases/8/Fedora/i386/os/ - -%include common-install.ks - -%include devel-install.ks - -repo --name=f8 --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-8&arch=i386 -repo --name=f8-updates --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f8&arch=i386 -repo --name=ovirt-management --baseurl=http://ovirt.et.redhat.com/repos/ovirt-management-repo/i386/ - -%packages -%include common-pkgs.ks - -%post - -%include common-post.ks - -%include devel-post.ks - -# get the PXE boot image; this can take a while -PXE_URL=http://ovirt.org/download -IMAGE=ovirt-pxe-host-image-i386-0.4.tar.bz2 -wget ${PXE_URL}/$IMAGE -O /tmp/$IMAGE -tar -C / -jxvf /tmp/$IMAGE -rm -f /tmp/$IMAGE - -%end -- 1.5.5.50.gab781 From slinabery at gmail.com Mon Apr 14 19:10:38 2008 From: slinabery at gmail.com (steve linabery) Date: Mon, 14 Apr 2008 14:10:38 -0500 Subject: [Ovirt-devel] transaction support in ruby/rails Message-ID: <769584de0804141210l5765f7tbbef9d8f952534f4@mail.gmail.com> Hi Ovirt, Per discussion on IRC today, here is a link to some info on how to do transactions (in the RDBMS sense) with ActiveRecord objects in Rails. http://api.rubyonrails.org/classes/ActiveRecord/Transactions/ClassMethods.html Good day. --Steve Linabery From clalance at redhat.com Mon Apr 14 19:48:36 2008 From: clalance at redhat.com (Chris Lalancette) Date: Mon, 14 Apr 2008 15:48:36 -0400 Subject: [Ovirt-devel] wui-appliance: avoid some duplication In-Reply-To: <878wzg5kfc.fsf@rho.meyering.net> References: <878wzg5kfc.fsf@rho.meyering.net> Message-ID: <4803B514.7020806@redhat.com> Jim Meyering wrote: > We all know about the duplication in x86_64 vs i386 .ks files in > wui-appliance/ and don't like having to make identical changes twice > (one of the nominally-sync'd files had even diverged, albeit > just by a single blank line), so this change removes the duplicated > files and generates them from the ones that are left behind, among > other things. These changes depend on GNU make. > > wui-appliance/Makefile: generate some files > > Generate each wui-*-i386.ks file from the corresponding x86_64.ks one. > Ensure that generated files are read-only. > Generate and use dependencies. > * wui-appliance/wui-app-i386.ks: Remove file. Now generated. > * wui-appliance/wui-devel-i386.ks: Likewise. > * wui-appliance/.gitignore: New file. This will make life much easier from a maintenance POV. This will mess up a little bit of what I'm doing currently, but it's well worth it for the long term. We should probably also consider doing something like this in ovirt-host-creator, although it is trickier there because of the package differences. In any case... ACK Chris Lalancette From sseago at redhat.com Mon Apr 14 20:10:28 2008 From: sseago at redhat.com (Scott Seago) Date: Mon, 14 Apr 2008 16:10:28 -0400 Subject: [Ovirt-devel] [Patch] hardware pool/vm resource pool model redesign In-Reply-To: <20080414185937.GL3324@redhat.com> References: <48037CAE.9080905@redhat.com> <20080414185937.GL3324@redhat.com> Message-ID: <4803BA34.9000300@redhat.com> Hugh O. Brock wrote: > > > Yikes, that's huge! > > ACK based on your assurance that it works and the knowledge that we'll > need more cleanup as we go along. > > Yeah, it's pretty huge -- I couldn't think of any obvious way to check in parts of this and have a semi-working system. Yes, we'll probably need some additional cleanup and fixes -- in particular I haven't run anyof this w/ taskomatic or the other back-end daemons. > One question: What is the indentation standard for ruby/rails code? I > notice you're using 2 spaces, is that normal? > > Does seem to be. I stuck w/ 2 spaces because that's what emacs ruby-mode does :-) -- but some poking around the other ruby code in rails seems to indicate that this is the norm. Scott From jguiditt at redhat.com Mon Apr 14 21:09:07 2008 From: jguiditt at redhat.com (Jason Guiditta) Date: Mon, 14 Apr 2008 17:09:07 -0400 Subject: [Ovirt-devel] [Patch] hardware pool/vm resource pool model redesign In-Reply-To: <4803BA34.9000300@redhat.com> References: <48037CAE.9080905@redhat.com> <20080414185937.GL3324@redhat.com> <4803BA34.9000300@redhat.com> Message-ID: <4803C7F3.80409@redhat.com> Scott Seago wrote: > Hugh O. Brock wrote: > >> One question: What is the indentation standard for ruby/rails code? I >> notice you're using 2 spaces, is that normal? >> >> > Does seem to be. I stuck w/ 2 spaces because that's what emacs > ruby-mode does :-) -- but some poking around the other ruby code in > rails seems to indicate that this is the norm. > > Scott 2 spaces is the standard I have seen as well. Little adjustment for me coming from 4 spaces in javaland... From imain at redhat.com Tue Apr 15 00:48:26 2008 From: imain at redhat.com (Ian Main) Date: Mon, 14 Apr 2008 17:48:26 -0700 Subject: [Ovirt-devel] [PATCH] Error out early if tftpboot exists. In-Reply-To: <87y77kn62o.fsf@rho.meyering.net> References: <20080410104632.1b055e3a@tp.mains.net> <20080410105150.5f6b43e6@tp.mains.net> <87ej9coohu.fsf@rho.meyering.net> <47FF14E9.7070504@redhat.com> <87y77kn62o.fsf@rho.meyering.net> Message-ID: <20080414174826.5ada10bc@tp.mains.net> On Fri, 11 Apr 2008 10:34:07 +0200 Jim Meyering wrote: > Alan Pevec wrote: > > Jim Meyering wrote: > >> If you put that code in the definition of the create_iso function, > >> users of ovirt-cd.sh, ovirt-flash.sh, and ovirt-flash-static.sh scripts > >> will benefit, too. > > > > But only ovirt-pxe.sh cares about tftpboot/ right? > > Otherwise we're fine since iso filename includes timestamp. > > Yep. Silly me. > Thanks Alan. Sorry, Ian ;-) heh, not a problem :). I was also thinking about having it so that the ovirt-cd.sh will create a symlink for you to a ovirt-host.iso or something every time which points to the latest build. Any thoughts on that? I often boot them in VMs so it'd be helpful cause you can just use the same definition with the symlink in it. Ian From apevec at redhat.com Tue Apr 15 08:35:17 2008 From: apevec at redhat.com (Alan Pevec) Date: Tue, 15 Apr 2008 10:35:17 +0200 Subject: [Ovirt-devel] Re: [Fedora-livecd-list] [PATCH] mkliveinitrd: wait for udev queue to clear before killing udevd In-Reply-To: <1208216066.16377.45.camel@aglarond.local> References: <4803DFE0.5070600@redhat.com> <1208216066.16377.45.camel@aglarond.local> Message-ID: <480468C5.3090304@redhat.com> Jeremy Katz wrote: > On Tue, 2008-04-15 at 00:51 +0200, Alan Pevec wrote: >> mkliveinitrd: wait for udev queue to clear before killing udevd >> >> udevd doesn't seem to cleanup on kill, so let it clear events from /dev/.udev/queue/ >> >> Or should this be filed as udevd bug (cleanup .udev/queue/ on startup and/or kill) ? > > We've already done one udevsettle for 30 seconds -- how does this any > more guarantee that things are cleared? I suspect this should probably We do dmsetup etc. in the meantime so more udev events appear. And if all is good, it won't hang 30 sec, it continues immediately. btw, we have unconditional 5s sleep here: http://git.fedorahosted.org/git/?p=mkinitrd;a=blob;f=mkliveinitrd;h=84fcc8036d47613e33c6f3c79003900ae7b6fcae;hb=HEAD#l653 Can we remove that? > be handled in udev. But what exactly are you seeing as the symptom? start_udev after switching root times out (after default 180s) on its udevsettle and after boot is finished, I still see an event /devices/virtual/block/dm-1 in exported queue /dev/.udev/queue/ - I assume this is b/c we killed previous instance of udevd before event could be cleared. It's a race condition - for me it shows up when PXE booting oVirt liveCD (created with livecd-iso-to-pxeboot), never when booting the same ISO directly (both F9 KVM guests on F8 host). If I add eshell, which pauses just before killing udevd, event is cleared. I agree this might be seen as a workaround but killing udevd just like that doesn't seem polite. Then again udevd should prolly clear its exported queue on startup, so I'm CCing Harald to weigh in. From apevec at redhat.com Tue Apr 15 08:55:36 2008 From: apevec at redhat.com (Alan Pevec) Date: Tue, 15 Apr 2008 10:55:36 +0200 Subject: [Ovirt-devel] Re: [Fedora-livecd-list] [PATCH] mkliveinitrd: wait for udev queue to clear before killing udevd In-Reply-To: <480469D5.2010200@redhat.com> References: <4803DFE0.5070600@redhat.com> <1208216066.16377.45.camel@aglarond.local> <480468C5.3090304@redhat.com> <480469D5.2010200@redhat.com> Message-ID: <48046D88.7090100@redhat.com> Harald Hoyer wrote: > If I understand that correctly, a udevd is running in initrd, which is > killed and then normal boot with rc.sysinit start and start_udev is called. yes > Since start_udev replays all events anyway, why don't you kill udevd and > remove the old queue? Also possible solution. But shouldn't udevd, for robustness, cleanup /dev/.udev/queue/ on its startup? From harald at redhat.com Tue Apr 15 08:39:49 2008 From: harald at redhat.com (Harald Hoyer) Date: Tue, 15 Apr 2008 10:39:49 +0200 Subject: [Ovirt-devel] Re: [Fedora-livecd-list] [PATCH] mkliveinitrd: wait for udev queue to clear before killing udevd In-Reply-To: <480468C5.3090304@redhat.com> References: <4803DFE0.5070600@redhat.com> <1208216066.16377.45.camel@aglarond.local> <480468C5.3090304@redhat.com> Message-ID: <480469D5.2010200@redhat.com> Alan Pevec wrote: > Jeremy Katz wrote: >> On Tue, 2008-04-15 at 00:51 +0200, Alan Pevec wrote: >>> mkliveinitrd: wait for udev queue to clear before killing udevd >>> >>> udevd doesn't seem to cleanup on kill, so let it clear events from >>> /dev/.udev/queue/ >>> >>> Or should this be filed as udevd bug (cleanup .udev/queue/ on startup >>> and/or kill) ? >> >> We've already done one udevsettle for 30 seconds -- how does this any >> more guarantee that things are cleared? I suspect this should probably > > We do dmsetup etc. in the meantime so more udev events appear. And if > all is good, it won't hang 30 sec, it continues immediately. > > btw, we have unconditional 5s sleep here: > http://git.fedorahosted.org/git/?p=mkinitrd;a=blob;f=mkliveinitrd;h=84fcc8036d47613e33c6f3c79003900ae7b6fcae;hb=HEAD#l653 > > Can we remove that? > >> be handled in udev. But what exactly are you seeing as the symptom? > > start_udev after switching root times out (after default 180s) on its > udevsettle and after boot is finished, I still see an event > /devices/virtual/block/dm-1 in exported queue /dev/.udev/queue/ - I > assume this is b/c we killed previous instance of udevd before event > could be cleared. > It's a race condition - for me it shows up when PXE booting oVirt liveCD > (created with livecd-iso-to-pxeboot), never when booting the same ISO > directly (both F9 KVM guests on F8 host). If I add eshell, which pauses > just before killing udevd, event is cleared. > > I agree this might be seen as a workaround but killing udevd just like > that doesn't seem polite. > Then again udevd should prolly clear its exported queue on startup, so > I'm CCing Harald to weigh in. > If I understand that correctly, a udevd is running in initrd, which is killed and then normal boot with rc.sysinit start and start_udev is called. Since start_udev replays all events anyway, why don't you kill udevd and remove the old queue? -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3636 bytes Desc: S/MIME Cryptographic Signature URL: From harald at redhat.com Tue Apr 15 08:59:10 2008 From: harald at redhat.com (Harald Hoyer) Date: Tue, 15 Apr 2008 10:59:10 +0200 Subject: [Ovirt-devel] Re: [Fedora-livecd-list] [PATCH] mkliveinitrd: wait for udev queue to clear before killing udevd In-Reply-To: <48046D88.7090100@redhat.com> References: <4803DFE0.5070600@redhat.com> <1208216066.16377.45.camel@aglarond.local> <480468C5.3090304@redhat.com> <480469D5.2010200@redhat.com> <48046D88.7090100@redhat.com> Message-ID: <48046E5E.1070000@redhat.com> Alan Pevec wrote: > Harald Hoyer wrote: >> If I understand that correctly, a udevd is running in initrd, which is >> killed and then normal boot with rc.sysinit start and start_udev is >> called. > > yes > >> Since start_udev replays all events anyway, why don't you kill udevd >> and remove the old queue? > > Also possible solution. But shouldn't udevd, for robustness, cleanup > /dev/.udev/queue/ on its startup? Well, yes, start_udev could rm -fr /dev/.udev/queue/. Udevd is not really meant to be restarted cleanly. Either you kill an old udevd and throw away what is left, or just remount /dev with a fresh tmpfs. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3636 bytes Desc: S/MIME Cryptographic Signature URL: From jim at meyering.net Tue Apr 15 11:41:24 2008 From: jim at meyering.net (Jim Meyering) Date: Tue, 15 Apr 2008 13:41:24 +0200 Subject: [Ovirt-devel] [PATCH] Error out early if tftpboot exists. In-Reply-To: <20080414174826.5ada10bc@tp.mains.net> (Ian Main's message of "Mon, 14 Apr 2008 17:48:26 -0700") References: <20080410104632.1b055e3a@tp.mains.net> <20080410105150.5f6b43e6@tp.mains.net> <87ej9coohu.fsf@rho.meyering.net> <47FF14E9.7070504@redhat.com> <87y77kn62o.fsf@rho.meyering.net> <20080414174826.5ada10bc@tp.mains.net> Message-ID: <87prsrxs4b.fsf@rho.meyering.net> Ian Main wrote: > I was thinking about having it so that the > ovirt-cd.sh will create a symlink for you to a ovirt-host.iso or something > every time which points to the latest build. Any thoughts on that? > I often boot them in VMs so it'd be helpful cause you can just use the > same definition with the symlink in it. Good idea. One way to do it would be simply to make ovirt-cd print the $ISO upon success. Then you can do whatever you want with the resulting image. I.e., change this: -ISO=`create_iso $ISO` +ISO=`create_iso $ISO` && echo "$ISO" || exit 1 Then (untested) you can run ovirt-cd.sh like this to get your latest symlink: ovirt_iso=$(ovirt-cd.sh base-image.iso) && ln -sf --backup=numbered "$ovirt_iso" $HOME/ovirt-cd-latest.iso From clalance at redhat.com Tue Apr 15 13:56:34 2008 From: clalance at redhat.com (Chris Lalancette) Date: Tue, 15 Apr 2008 09:56:34 -0400 Subject: [Ovirt-devel] Branched off for 0.0.4 release Message-ID: <4804B412.3070906@redhat.com> All, Since sseago committed the model changes to git, I've branched off right before that commit so that we can so a 0.0.4 release. I've named this branch "release-0.4", going with the same convention we used for 0.3. It's not yet ready, in that it needs a lot of testing and the production appliance install needs work, so feel free to jump in, test, and provide feedback/patches. To pull release-0.4 into your git repo, do: $ git checkout --track -b release-0.4 origin/release-0.4 I'll send out another announcement when we think 0.0.4 is ready. Chris Lalancette From katzj at redhat.com Tue Apr 15 16:40:34 2008 From: katzj at redhat.com (Jeremy Katz) Date: Tue, 15 Apr 2008 12:40:34 -0400 Subject: [Ovirt-devel] Re: [Fedora-livecd-list] [PATCH] mkliveinitrd: wait for udev queue to clear before killing udevd In-Reply-To: <48046D88.7090100@redhat.com> References: <4803DFE0.5070600@redhat.com> <1208216066.16377.45.camel@aglarond.local> <480468C5.3090304@redhat.com> <480469D5.2010200@redhat.com> <48046D88.7090100@redhat.com> Message-ID: <1208277634.16377.100.camel@aglarond.local> On Tue, 2008-04-15 at 10:55 +0200, Alan Pevec wrote: > Harald Hoyer wrote: > > Since start_udev replays all events anyway, why don't you kill udevd and > > remove the old queue? > > Also possible solution. But shouldn't udevd, for robustness, cleanup /dev/.udev/queue/ on its startup? Especially as we really would rather not have to know the details of exactly what udev is using as its queue in the initrd. Hard-coding details like this in places has bitten us way too many times Jeremy From apevec at redhat.com Tue Apr 15 21:22:07 2008 From: apevec at redhat.com (Alan Pevec) Date: Tue, 15 Apr 2008 23:22:07 +0200 Subject: [Ovirt-devel] [PATCH] use Fedora9 for building oVirt host images Message-ID: <48051C7F.9020608@redhat.com> use Fedora9 for building oVirt host images - http://ovirt.org/repos/ovirt/9/ yum repo (incoming) contains only collectd for now - livecd-creator --skip-minimize to avoid osmin.img - not needed for oVirt host - network service is not enabled by default in F9 - add serial console, workaround for F9 livecd KVM guest dying with standard console only. VNC console will go blank but node will continue to boot and it's accessible via ssh or libvirt RPC. You can also access it via ttyS0 mini-howto: access serial console of a KVM guest (thanks Gerd and Chris): # cat > /usr/bin/qemu-kvm-serial < to /usr/bin/qemu-kvm-serial redefine and restart guest. telnet localhost 10057 to access guest's ttyS0 diff --git a/ovirt-host-creator/common-install.ks b/ovirt-host-creator/common-install.ks index bb6b317..752f837 100644 --- a/ovirt-host-creator/common-install.ks +++ b/ovirt-host-creator/common-install.ks @@ -5,12 +5,9 @@ auth --useshadow --enablemd5 selinux --disabled firewall --disabled part / --size 450 -services --enabled=ntpd,collectd,iptables +services --enabled=ntpd,collectd,iptables,network bootloader --timeout=1 rootpw --iscrypted Xa8QeYfWrtscM -repo --name=f8 --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-8&arch=$basearch -repo --name=f8-updates --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f8&arch=$basearch -# Not using rawhide currently -#repo --name=rawhide --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=$basearch -repo --name=ovirt-host --baseurl=http://ovirt.et.redhat.com/repos/ovirt-host-repo/$basearch/ +repo --name=f9 --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=$basearch +repo --name=ovirt-host --baseurl=http://ovirt.org/repos/ovirt/9/$basearch/ diff --git a/ovirt-host-creator/ovirt-common.sh b/ovirt-host-creator/ovirt-common.sh index 8dfd365..2ada16e 100644 --- a/ovirt-host-creator/ovirt-common.sh +++ b/ovirt-host-creator/ovirt-common.sh @@ -2,10 +2,10 @@ create_iso() { KICKSTART=ovirt-`uname -i`.ks if [ $# -eq 0 ]; then LABEL=ovirt-`date +%Y%m%d%H%M` - /usr/bin/livecd-creator -c $KICKSTART -f $LABEL 1>&2 && + /usr/bin/livecd-creator --skip-minimize -c $KICKSTART -f $LABEL 1>&2 && echo $LABEL.iso elif [ $# -eq 1 ]; then - /usr/bin/livecd-creator -c $KICKSTART -b $1 1>&2 && + /usr/bin/livecd-creator --skip-minimize -c $KICKSTART -b $1 1>&2 && echo $1 else return 1 diff --git a/ovirt-host-creator/ovirt-pxe.sh b/ovirt-host-creator/ovirt-pxe.sh index 8db83bf..6bdc540 100755 --- a/ovirt-host-creator/ovirt-pxe.sh +++ b/ovirt-host-creator/ovirt-pxe.sh @@ -31,3 +31,7 @@ fi ISO=`create_iso $ISO` || exit 1 /usr/bin/livecd-iso-to-pxeboot $ISO + +# workaround for console=tty dying during start_udev in F9 KVM guest +sed -i -e 's/ *console=[a-zA-Z0-9,]*//g;s/ *APPEND.*/& console=tty console=ttyS0,115200/' tftpboot/pxelinux.cfg/default + From pmyers at redhat.com Tue Apr 15 22:03:34 2008 From: pmyers at redhat.com (Perry N. Myers) Date: Tue, 15 Apr 2008 18:03:34 -0400 Subject: [Ovirt-devel] [PATCH] use Fedora9 for building oVirt host images In-Reply-To: <48051C7F.9020608@redhat.com> References: <48051C7F.9020608@redhat.com> Message-ID: <48052636.3010808@redhat.com> Alan Pevec wrote: > use Fedora9 for building oVirt host images > > - http://ovirt.org/repos/ovirt/9/ yum repo (incoming) contains only > collectd for now > - livecd-creator --skip-minimize to avoid osmin.img - not needed for > oVirt host > - network service is not enabled by default in F9 > - add serial console, workaround for F9 livecd KVM guest dying with > standard console only. > VNC console will go blank but node will continue to boot and it's > accessible via ssh or libvirt RPC. > You can also access it via ttyS0 There is still the 180s delay problem with udev in this though right? Is there any workaround for that yet? Perry From imain at redhat.com Tue Apr 15 23:22:48 2008 From: imain at redhat.com (Ian Main) Date: Tue, 15 Apr 2008 16:22:48 -0700 Subject: [Ovirt-devel] [PATCH] use Fedora9 for building oVirt host images In-Reply-To: <48051C7F.9020608@redhat.com> References: <48051C7F.9020608@redhat.com> Message-ID: <20080415162248.0eae71c2@tp.mains.net> I just put the repo up, for those who want to try it. Ian On Tue, 15 Apr 2008 23:22:07 +0200 Alan Pevec wrote: > use Fedora9 for building oVirt host images > > - http://ovirt.org/repos/ovirt/9/ yum repo (incoming) contains only collectd for now > - livecd-creator --skip-minimize to avoid osmin.img - not needed for oVirt host > - network service is not enabled by default in F9 > - add serial console, workaround for F9 livecd KVM guest dying with standard console only. > VNC console will go blank but node will continue to boot and it's accessible via ssh or libvirt RPC. > You can also access it via ttyS0 > > mini-howto: access serial console of a KVM guest (thanks Gerd and Chris): > # cat > /usr/bin/qemu-kvm-serial < #!/bin/sh > > exec /usr/bin/qemu-kvm -serial telnet:localhost:10057,server,nowait "$@" > > EOF > # chmod +x /usr/bin/qemu-kvm-serial > then change to /usr/bin/qemu-kvm-serial > redefine and restart guest. telnet localhost 10057 to access guest's ttyS0 > > diff --git a/ovirt-host-creator/common-install.ks b/ovirt-host-creator/common-install.ks > index bb6b317..752f837 100644 > --- a/ovirt-host-creator/common-install.ks > +++ b/ovirt-host-creator/common-install.ks > @@ -5,12 +5,9 @@ auth --useshadow --enablemd5 > selinux --disabled > firewall --disabled > part / --size 450 > -services --enabled=ntpd,collectd,iptables > +services --enabled=ntpd,collectd,iptables,network > bootloader --timeout=1 > rootpw --iscrypted Xa8QeYfWrtscM > > -repo --name=f8 --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-8&arch=$basearch > -repo --name=f8-updates --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f8&arch=$basearch > -# Not using rawhide currently > -#repo --name=rawhide --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=$basearch > -repo --name=ovirt-host --baseurl=http://ovirt.et.redhat.com/repos/ovirt-host-repo/$basearch/ > +repo --name=f9 --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=$basearch > +repo --name=ovirt-host --baseurl=http://ovirt.org/repos/ovirt/9/$basearch/ > > diff --git a/ovirt-host-creator/ovirt-common.sh b/ovirt-host-creator/ovirt-common.sh > index 8dfd365..2ada16e 100644 > --- a/ovirt-host-creator/ovirt-common.sh > +++ b/ovirt-host-creator/ovirt-common.sh > @@ -2,10 +2,10 @@ create_iso() { > KICKSTART=ovirt-`uname -i`.ks > if [ $# -eq 0 ]; then > LABEL=ovirt-`date +%Y%m%d%H%M` > - /usr/bin/livecd-creator -c $KICKSTART -f $LABEL 1>&2 && > + /usr/bin/livecd-creator --skip-minimize -c $KICKSTART -f $LABEL 1>&2 && > echo $LABEL.iso > elif [ $# -eq 1 ]; then > - /usr/bin/livecd-creator -c $KICKSTART -b $1 1>&2 && > + /usr/bin/livecd-creator --skip-minimize -c $KICKSTART -b $1 1>&2 && > echo $1 > else > return 1 > diff --git a/ovirt-host-creator/ovirt-pxe.sh b/ovirt-host-creator/ovirt-pxe.sh > index 8db83bf..6bdc540 100755 > --- a/ovirt-host-creator/ovirt-pxe.sh > +++ b/ovirt-host-creator/ovirt-pxe.sh > @@ -31,3 +31,7 @@ fi > ISO=`create_iso $ISO` || exit 1 > > /usr/bin/livecd-iso-to-pxeboot $ISO > + > +# workaround for console=tty dying during start_udev in F9 KVM guest > +sed -i -e 's/ *console=[a-zA-Z0-9,]*//g;s/ *APPEND.*/& console=tty console=ttyS0,115200/' tftpboot/pxelinux.cfg/default > + > > _______________________________________________ > Ovirt-devel mailing list > Ovirt-devel at redhat.com > https://www.redhat.com/mailman/listinfo/ovirt-devel From apevec at redhat.com Wed Apr 16 01:40:28 2008 From: apevec at redhat.com (Alan Pevec) Date: Wed, 16 Apr 2008 03:40:28 +0200 Subject: [Ovirt-devel] [PATCH] use Fedora9 for building oVirt host images In-Reply-To: <48052636.3010808@redhat.com> References: <48051C7F.9020608@redhat.com> <48052636.3010808@redhat.com> Message-ID: <4805590C.1050907@redhat.com> Perry N. Myers wrote: > There is still the 180s delay problem with udev in this though right? Right, forgot about that one. There's hot-potato discussion w/ livecd/mkinitrd/udev upstream about where to handle it. In the meantime, I'll put forked mkinitrd RPM in /repos/ovirt/9/ From jim at meyering.net Wed Apr 16 12:04:45 2008 From: jim at meyering.net (Jim Meyering) Date: Wed, 16 Apr 2008 14:04:45 +0200 Subject: [Ovirt-devel] [PATCH] use Fedora9 for building oVirt host images In-Reply-To: <48051C7F.9020608@redhat.com> (Alan Pevec's message of "Tue, 15 Apr 2008 23:22:07 +0200") References: <48051C7F.9020608@redhat.com> Message-ID: <87ve2ikntu.fsf@rho.meyering.net> Alan Pevec wrote: ... > diff --git a/ovirt-host-creator/ovirt-pxe.sh b/ovirt-host-creator/ovirt-pxe.sh > index 8db83bf..6bdc540 100755 > --- a/ovirt-host-creator/ovirt-pxe.sh > +++ b/ovirt-host-creator/ovirt-pxe.sh > @@ -31,3 +31,7 @@ fi > ISO=`create_iso $ISO` || exit 1 > > /usr/bin/livecd-iso-to-pxeboot $ISO > + > +# workaround for console=tty dying during start_udev in F9 KVM guest > +sed -i -e 's/ *console=[a-zA-Z0-9,]*//g;s/ *APPEND.*/& console=tty console=ttyS0,115200/' tftpboot/pxelinux.cfg/default > + Hi Alan, That looks good. ACK. One nit: the " *" parts before "console=" and "APPEND". If you use two spaces, " *", or "\<", then it won't mistakenly match things like an imaginary noconsole=something_else option or "DO_NOT_APPEND". And it'd be nice for reviewers and overall readability to keep line length < 80, e.g.,: sed -i -e 's/ *console=[a-zA-Z0-9,]*//g' \ -e 's/ *APPEND.*/& console=tty console=ttyS0,115200/' \ tftpboot/pxelinux.cfg/default From sseago at redhat.com Wed Apr 16 13:17:54 2008 From: sseago at redhat.com (Scott Seago) Date: Wed, 16 Apr 2008 09:17:54 -0400 Subject: [Ovirt-devel] [patch] oVirt / Cobbler Integration In-Reply-To: <47FFFE7A.3060604@redhat.com> References: <47FFFE7A.3060604@redhat.com> Message-ID: <4805FC82.9030902@redhat.com> Mohammed Morsi wrote: > Attached is the first attempt to integrate the cobbler xmlrpc API into > oVirt. As it stands, cobbler can be enabled / configured via > config/cobbler.yml and oVirt will call out to the remote cobbler > server to retrieve and set profiles for systems. It should be fairly > simple / straightforward to add cobbler functionality to oVirt, we > simply need to add new methods to the cobbler_helper and invoke them > in the appropriate places. > > Have a great weekend, > -Mo > Hi Mo, A few general comments/questions: 1) Michael is currently adding Kerberos support to Cobbler -- I'm not sure how stable that is now, but since we're already using kerberos for everything else, it might make sense to use it for Cobbler auth too. 2) The way this is written now, the cobbler profile is set on the VM show page -- however, the profile is only useful for initial creation, so we really need to include the cobbler profile on the VM creation form -- so we'll need, at minimum, to add a cobbler profile field to the vm DB model 3) You're using the description field as the cobbler system identifier -- this isn't currently constrained to be unique, and it can change at any time. At one point, Cobbler's only way of identifying a system was by mac address -- I'm not sure if this is still the case, or if it supports UUIDs too, but in any case we need to use the right identifier. The final point is one that way may not want to tackle now, but we should keep in mind that Cobbler won't be the only provisioning mechanism supported. We'll need to support ISO images, and possibly other mechanisms. I'm not sure of the best way to do this. The simplest would be to just add an install_iso field to vms, in addition to the cobbler_profile field -- but this might become a bit unwieldy if we add more provisioning types, or if these provisioning types require additional metadata. Another way would be to create an InstallImage or Provisioning ActiveRecord class -- with subclasses for CobblerProfile, IsoImage, etc. include a :has_one relation in Vm. Scott From Brian.Carb at unisys.com Wed Apr 16 17:41:10 2008 From: Brian.Carb at unisys.com (Carb, Brian A) Date: Wed, 16 Apr 2008 12:41:10 -0500 Subject: [Ovirt-devel] Authentication problem with ovirt Message-ID: <089B0D75973E1241B941D0A9854F23FC0BCF5458@USEA-EXCH2.na.uis.unisys.com> Hello, I've been trying unsuccessfully for some time to get ovirt to work , and I was hoping someone in this forum could help. My problem seems to be in the freeipa kerberos authentication. I've downloaded the ovirt pre-built image, started it via kvm, logged in and set up the network. I've setup a dns server along with the required reverse-lookup zone. I also successfully completed the the ipa-server-install, and created the default principals. When I perform the freeipa troubleshooting, 'kinit admin', klist, and 'ldpasearch -Y GSSAPI -b "dc=site" uid=admin' all work fine. However, the ipa -finduser utility test fails - 'ipa-finduser admin' returns: Unable to connect to IPA server: Not Found. Also, i get an authentication error when trying to access the appliance from firefox (after making the required about:config changes). Any suggestions about where/how to debug? Thanks. brian carb unisys corporation - malvern, pa brian.carb at unisys.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From clalance at redhat.com Wed Apr 16 18:19:30 2008 From: clalance at redhat.com (Chris Lalancette) Date: Wed, 16 Apr 2008 14:19:30 -0400 Subject: [Ovirt-devel] Authentication problem with ovirt In-Reply-To: <089B0D75973E1241B941D0A9854F23FC0BCF5458@USEA-EXCH2.na.uis.unisys.com> References: <089B0D75973E1241B941D0A9854F23FC0BCF5458@USEA-EXCH2.na.uis.unisys.com> Message-ID: <48064332.1060402@redhat.com> Carb, Brian A wrote: > Hello, > > I've been trying unsuccessfully for some time to get ovirt to work , and > I was hoping someone in this forum could help. My problem seems to be > in the freeipa kerberos authentication. > > I've downloaded the ovirt pre-built image, started it via kvm, logged > in and set up the network. I've setup a dns server along with the > required reverse-lookup zone. I also successfully completed the the > ipa-server-install, and created the default principals. > > When I perform the freeipa troubleshooting, 'kinit admin', klist, and > 'ldpasearch -Y GSSAPI -b "dc=site" uid=admin' all work fine. However, > the ipa -finduser utility test fails - 'ipa-finduser admin' returns: > Unable to connect to IPA server: Not Found. Also, i get an > authentication error when trying to access the appliance from firefox > (after making the required about:config changes). > > Any suggestions about where/how to debug? Thanks. OK, it seems you have most of the right things setup. In all honesty, I haven't tried the ipa-finduser command before, so I can't speak to that; I'll concentrate on firefox for now. What kind of authentication error do you get, exactly? The way it works is that apache handles the initial request, checks some of the kerberos header stuff, changes a few things, and then passes that request onto the Rails UI. So there are two places you can fail authentication there: either on the initial connection to the apache web server, or on the pass-off between apache and the Rails UI. You can tell which is failing by the authentication error you get, which might give us some further clues. Also, just in terms of debugging, you'll probably want to watch 2 things: 1) /var/log/krb5kdc.log on the freeipa server; that will tell you who is trying to authenticate with which credentials, and whether they succeeded or not. 2) Start firefox like: $ NSPR_LOG_FILE=/tmp/firefox.log NSPR_LOG_MODULES=negotiateauth:5 firefox Which will dump a little bit of additional information about what the failure was to /tmp/firefox.log. If this doesn't seem to help, you can hop on #ovirt on Freenode, and we might be able to do a little more interactive debugging. Chris Lalancette From Brian.Carb at unisys.com Wed Apr 16 19:08:45 2008 From: Brian.Carb at unisys.com (Carb, Brian A) Date: Wed, 16 Apr 2008 14:08:45 -0500 Subject: [Ovirt-devel] Authentication problem with ovirt In-Reply-To: <48064332.1060402@redhat.com> References: <089B0D75973E1241B941D0A9854F23FC0BCF5458@USEA-EXCH2.na.uis.unisys.com> <48064332.1060402@redhat.com> Message-ID: <089B0D75973E1241B941D0A9854F23FC0BCF57F7@USEA-EXCH2.na.uis.unisys.com> thanks chris. the firefox log shows: -148293968[89daeb0]: using REQ_DELEGATE -148293968[89daeb0]: service = perf189.site -148293968[89daeb0]: using negotiate-gss -148293968[89daeb0]: entering nsAuthGSSAPI::nsAuthGSSAPI() -148293968[89daeb0]: Attempting to load user specified library [libgssapi_krb5.so.2] -148293968[89daeb0]: Attempting to load gss functions -148293968[89daeb0]: entering nsAuthGSSAPI::Init() -148293968[89daeb0]: nsHttpNegotiateAuth::GenerateCredentials() [challenge=Negotiate] -148293968[89daeb0]: entering nsAuthGSSAPI::GetNextToken() -148293968[89daeb0]: gss_init_sec_context() failed: Miscellaneous failure No credentials cache found -148293968[89daeb0]: leaving nsAuthGSSAPI::GetNextToken [rv=80004005] -148293968[89daeb0]: using REQ_DELEGATE -148293968[89daeb0]: service = perf189.site -148293968[89daeb0]: using negotiate-gss -148293968[89daeb0]: entering nsAuthGSSAPI::nsAuthGSSAPI() -148293968[89daeb0]: entering nsAuthGSSAPI::Init() -148293968[89daeb0]: nsHttpNegotiateAuth::GenerateCredentials() [challenge=Negotiate] -148293968[89daeb0]: entering nsAuthGSSAPI::GetNextToken() -148293968[89daeb0]: gss_init_sec_context() failed: Miscellaneous failure No credentials cache found -148293968[89daeb0]: leaving nsAuthGSSAPI::GetNextToken [rv=80004005] Also, the krb5kdc log does not show any entry containg the ip address or hostname of the machine that's running the firefox browser. brian carb unisys corporation - malvern, pa brian.carb at unisys.com -----Original Message----- From: Chris Lalancette [mailto:clalance at redhat.com] Sent: Wednesday, April 16, 2008 2:19 PM To: Carb, Brian A Cc: ovirt-devel at redhat.com Subject: Re: [Ovirt-devel] Authentication problem with ovirt Carb, Brian A wrote: > Hello, > > I've been trying unsuccessfully for some time to get ovirt to work , > and I was hoping someone in this forum could help. My problem seems > to be in the freeipa kerberos authentication. > > I've downloaded the ovirt pre-built image, started it via kvm, logged > in and set up the network. I've setup a dns server along with the > required reverse-lookup zone. I also successfully completed the the > ipa-server-install, and created the default principals. > > When I perform the freeipa troubleshooting, 'kinit admin', klist, and > 'ldpasearch -Y GSSAPI -b "dc=site" uid=admin' all work fine. However, > the ipa -finduser utility test fails - 'ipa-finduser admin' returns: > Unable to connect to IPA server: Not Found. Also, i get an > authentication error when trying to access the appliance from firefox > (after making the required about:config changes). > > Any suggestions about where/how to debug? Thanks. OK, it seems you have most of the right things setup. In all honesty, I haven't tried the ipa-finduser command before, so I can't speak to that; I'll concentrate on firefox for now. What kind of authentication error do you get, exactly? The way it works is that apache handles the initial request, checks some of the kerberos header stuff, changes a few things, and then passes that request onto the Rails UI. So there are two places you can fail authentication there: either on the initial connection to the apache web server, or on the pass-off between apache and the Rails UI. You can tell which is failing by the authentication error you get, which might give us some further clues. Also, just in terms of debugging, you'll probably want to watch 2 things: 1) /var/log/krb5kdc.log on the freeipa server; that will tell you who is trying to authenticate with which credentials, and whether they succeeded or not. 2) Start firefox like: $ NSPR_LOG_FILE=/tmp/firefox.log NSPR_LOG_MODULES=negotiateauth:5 firefox Which will dump a little bit of additional information about what the failure was to /tmp/firefox.log. If this doesn't seem to help, you can hop on #ovirt on Freenode, and we might be able to do a little more interactive debugging. Chris Lalancette From apevec at redhat.com Wed Apr 16 23:26:48 2008 From: apevec at redhat.com (Alan Pevec) Date: Thu, 17 Apr 2008 01:26:48 +0200 Subject: [Ovirt-devel] [PATCH] use Fedora9 for building oVirt host images In-Reply-To: <4805590C.1050907@redhat.com> References: <48051C7F.9020608@redhat.com> <48052636.3010808@redhat.com> <4805590C.1050907@redhat.com> Message-ID: <48068B38.1060409@redhat.com> Alan Pevec wrote: > Perry N. Myers wrote: >> There is still the 180s delay problem with udev in this though right? > > Right, forgot about that one. There's hot-potato discussion w/ > livecd/mkinitrd/udev upstream about where to handle it. > In the meantime, I'll put forked mkinitrd RPM in /repos/ovirt/9/ patch is pushed to git master and repos are ready, containing pkgs not in Fedora yet: collectd, work-in-progress from https://bugzilla.redhat.com/show_bug.cgi?id=442371 and patched mkliveinitrd to avoid timeouts during boot: diff --git a/mkliveinitrd b/mkliveinitrd index 84fcc80..105e239 100755 --- a/mkliveinitrd +++ b/mkliveinitrd @@ -650,7 +650,6 @@ do_live_overlay() { if [ -z "$setup" ]; then if [ -n "$devspec" -a -n "$pathspec" ]; then echo "Unable to find persistent overlay; using temporary" - sleep 5 fi dd if=/dev/null of=/overlay bs=1024 count=1 seek=$((512*1024)) 2> /dev/null @@ -818,6 +817,10 @@ fi if [ -x /sysroot$init ] ; then # Leave initramfs and transition to rootfs + if [ "$quiet" != "1" ] ; then + echo "waiting for system to settle before $init" + fi + /sbin/udevsettle --timeout=30 || : kill `pidof udevd` if [ "$quiet" != "1" ] ; then echo "transfering control to $init" From meyering at redhat.com Thu Apr 17 16:24:51 2008 From: meyering at redhat.com (Jim Meyering) Date: Thu, 17 Apr 2008 18:24:51 +0200 Subject: [Ovirt-devel] now-useless rule in Makefile on release-0.4 branch Message-ID: <87tzi0a1po.fsf@rho.meyering.net> With recent changes on the branch, it looks like this first rule is useless, since there are no longer any wui-app-*.ks files wui-rel-%.ks: wui-app-%.ks $(ks-flatten) wui-rel-%.ks: wui-devel-%.ks $(ks-flatten) Besides, since the target is the same as the following one, it's either redundant(runs ks-flatten twice) or ignored -- I don't know the make rule for that, off hand) diff --git a/wui-appliance/Makefile b/wui-appliance/Makefile index e02ecb8..0e91ff4 100644 --- a/wui-appliance/Makefile +++ b/wui-appliance/Makefile @@ -16,9 +16,6 @@ define ks-flatten mv $@-t $@ endef -wui-rel-%.ks: wui-app-%.ks - $(ks-flatten) - wui-rel-%.ks: wui-devel-%.ks $(ks-flatten) From apevec at redhat.com Thu Apr 17 22:11:56 2008 From: apevec at redhat.com (Alan Pevec) Date: Fri, 18 Apr 2008 00:11:56 +0200 Subject: [Ovirt-devel] [PATCH] misc-scripts/mount-livecd.sh - rebuild livecd iso for quick testing Message-ID: <4807CB2C.2050102@redhat.com> rebuild livecd iso for quick testing adds setup-rw and rebuild options to mount-livecd.sh for quick&dirty modifications of LiveCD iso inst diff --git a/misc-scripts/mount-livecd.sh b/misc-scripts/mount-livecd.sh index 9fb2be9..b8ca5f4 100755 --- a/misc-scripts/mount-livecd.sh +++ b/misc-scripts/mount-livecd.sh @@ -1,10 +1,59 @@ #!/bin/bash +tmp=/tmp/livecd +squash=$tmp/squash +iso=$tmp/iso +initrd0=$tmp/initrd0 + setup() { + if grep -q /mnt/livecd-tmp /proc/mounts + then + echo "Already mounted, run $0 teardown" + exit 1 + fi mkdir -p /mnt/livecd-tmp /mnt/livecd-tmp2 /mnt/livecd-tmp3 mount -o loop $1 /mnt/livecd-tmp mount -o loop /mnt/livecd-tmp/LiveOS/squashfs.img /mnt/livecd-tmp2 +} + +setup_ro() { + setup $1 mount -o loop /mnt/livecd-tmp2/LiveOS/ext3fs.img /mnt/livecd-tmp3 + echo "Read-only LiveCD rootfs at /mnt/livecd-tmp3" +} + +setup_rw() { + setup $1 + rm -rf $tmp + mkdir -p $squash/LiveOS $iso/LiveOS $iso/isolinux $initrd0 + cp -v --sparse=always /mnt/livecd-tmp2/LiveOS/ext3fs.img \ + $squash/LiveOS/ext3fs.img + mount -o loop $squash/LiveOS/ext3fs.img /mnt/livecd-tmp3 + cd $initrd0 + pax -zrf /mnt/livecd-tmp/isolinux/initrd0.img + cd /mnt/livecd-tmp/isolinux/ + cp isolinux.* *c32 vmlinuz0 $iso/isolinux/ + echo "Writable LiveCD rootfs at /mnt/livecd-tmp3" + echo " initramfs at $initrd0" + echo " isolinux at $iso/isolinux" +} + +rebuild() { + if [ ! -d $tmp ] + then + echo "Run $0 setup-rw" + exit 1 + fi + umount /mnt/livecd-tmp3 + mksquashfs $squash $iso/LiveOS/squashfs.img + pushd $initrd0 + pax -wzx sv4cpio -f $iso/isolinux/initrd0.img * + popd + cdlabel=$(/lib/udev/vol_id -l $1) + # from imgcreate/live.py + mkisofs -J -r -hide-rr-moved -hide-joliet-trans-tbl -V $cdlabel -o $1 \ + -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot \ + -boot-info-table -boot-load-size 4 $iso } teardown() { @@ -12,10 +61,11 @@ teardown() { umount /mnt/livecd-tmp2 umount /mnt/livecd-tmp rmdir /mnt/livecd-tmp* + rm -rf $tmp } usage() { - echo "Usage: mount-livecd " + echo "Usage: mount-livecd " } if [ $# -ne 2 ]; then @@ -25,7 +75,13 @@ fi case "$1" in setup) - setup $2 + setup_ro $2 + ;; + setup-rw) + setup_rw $2 + ;; + rebuild) + rebuild $2 ;; teardown) teardown From hbrock at redhat.com Fri Apr 18 17:47:29 2008 From: hbrock at redhat.com (Hugh O. Brock) Date: Fri, 18 Apr 2008 13:47:29 -0400 Subject: [Ovirt-devel] oVirt permissions Message-ID: <20080418174729.GN24242@redhat.com> Hi all. Perry, Scott, and I met yesterday to discuss some holes in the oVirt permission system. We know there are some use cases that aren't handled by the current three-permission setup, so we came up with the following which seems to handle just about everything. We'll have 4 permission levels that are hierarchical, meaning the top-level permission implies all lower levels and so on. Permission levels are attached to "pools", either hardware pools or VM resource pools, and they are inherited by subpools of those pools. For the moment we do not attach permission levels directly to VMs although we may do so in the future if it is necessary. Permission levels could be called: 1. "User Admin" or "Super Admin" 2. "Administrator" 3. "User" 4. "Monitor" or "View" Permission level 1 mainly implies the ability to grant permissions and quota to other users, along with all lower-level permissions. Permission level 2 implies the ability to create and delete hardware pools and virtual machine resource pools, and create, delete, and manipulate the objects in those pools (hosts, storage servers, quota, VMs, and so on). This includes the ability to create and delete VMs in a VM resource pool. Permission level 3 grants the ability to start/stop/suspend/resume/save/restore VMs in a virtual machine resource pool, along with accessing the console of a VM. Permission level 4 implies the ability to view objects in the oVirt hierarchy. We think this will address the lion's share of permission-related use cases. Comments encouraged. Take care, --Hugh From sseago at redhat.com Mon Apr 21 13:39:27 2008 From: sseago at redhat.com (Scott Seago) Date: Mon, 21 Apr 2008 09:39:27 -0400 Subject: [Ovirt-devel] [Patch] better nested set plugin Message-ID: <480C990F.8030602@redhat.com> This patch integrates the betternestedset ActiveRecord plugin. We'll be using this for the Pool model (Hardware Pools and VM Pools) -------------- next part -------------- A non-text attachment was scrubbed... Name: betternestedset-plugin.patch Type: text/x-patch Size: 123680 bytes Desc: not available URL: From sseago at redhat.com Mon Apr 21 13:44:23 2008 From: sseago at redhat.com (Scott Seago) Date: Mon, 21 Apr 2008 09:44:23 -0400 Subject: [Ovirt-devel] [Patch] refactor Pool models to use nested sets Message-ID: <480C9A37.9080407@redhat.com> Refactor Pool models (Hardware and VM) to implement the nested set model. As part of this I've refactored the way the various daemon processes include the model code and connect to the database, since we also have to include the betternestedset plugin code. Now all non-rails services that need to access the ovirt models just need to include dutils/active_record_env.rb -- this will include the nested set stuff, connect to the db, and include all of the ovirt models. -------------- next part -------------- A non-text attachment was scrubbed... Name: nested-set-refactor.patch Type: text/x-patch Size: 33214 bytes Desc: not available URL: From jguiditt at redhat.com Mon Apr 21 17:18:16 2008 From: jguiditt at redhat.com (Jason Guiditta) Date: Mon, 21 Apr 2008 13:18:16 -0400 Subject: [Ovirt-devel] [Patch] refactor Pool models to use nested sets In-Reply-To: <480C9A37.9080407@redhat.com> References: <480C9A37.9080407@redhat.com> Message-ID: <1208798296.3599.15.camel@localhost.localdomain> On Mon, 2008-04-21 at 09:44 -0400, Scott Seago wrote: > Refactor Pool models (Hardware and VM) to implement the nested set > model. As part of this I've refactored the way the various daemon > processes include the model code and connect to the database, since we > also have to include the betternestedset plugin code. Now all non-rails > services that need to access the ovirt models just need to include > dutils/active_record_env.rb -- this will include the nested set stuff, > connect to the db, and include all of the ovirt models. > _______________________________________________ > Ovirt-devel mailing list > Ovirt-devel at redhat.com > https://www.redhat.com/mailman/listinfo/ovirt-devel Looks fine to me overall, with a couple of thoughts/comments/questions: * In HardwareController + @parent = Pool.find(params[:parent_id]) + @perm_obj = @parent should we check for the param? What if it is null? looks like the next @perm_obj depends on it being there (this applies in multiple places actually) * Why reverse_each in Pool here rather than just each? + self_and_ancestors.reverse_each do |the_pool| * Why do we have some views that are .rthml and others that are .html.erb? diff --git a/wui/src/app/views/dashboard/index.html.erb b/wui/src/app/views/dashboard/index.html.erb * Is there is way we can specify this path w/o being absolute? Maybe a setable env var or maybe use gems for our resuable components? And what if the wui is on a different box than the daemons, since we were planning to split them out into their own rpm(I thought)? diff --git a/wui/src/dutils/active_record_env.rb b/wui/src/dutils/active_record_env.rb +$: << File.join(File.dirname(__FILE__), "../app") +$: << File.join(File.dirname(__FILE__), "../vendor/plugins/betternestedset/lib") +require '/usr/share/ovirt-wui/vendor/plugins/betternestedset/init.rb' + +def database_connect + $dbconfig = YAML::load(ERB.new(IO.read('/usr/share/ovirt-wui/config/database.yml')).result) So I guess really only the first is a possible enhancement for right now, the rest are just things to consider. From sseago at redhat.com Mon Apr 21 17:38:52 2008 From: sseago at redhat.com (Scott Seago) Date: Mon, 21 Apr 2008 13:38:52 -0400 Subject: [Ovirt-devel] [Patch] refactor Pool models to use nested sets In-Reply-To: <1208798296.3599.15.camel@localhost.localdomain> References: <480C9A37.9080407@redhat.com> <1208798296.3599.15.camel@localhost.localdomain> Message-ID: <480CD12C.10406@redhat.com> Jason Guiditta wrote: > On Mon, 2008-04-21 at 09:44 -0400, Scott Seago wrote: > >> Refactor Pool models (Hardware and VM) to implement the nested set >> model. As part of this I've refactored the way the various daemon >> processes include the model code and connect to the database, since we >> also have to include the betternestedset plugin code. Now all non-rails >> services that need to access the ovirt models just need to include >> dutils/active_record_env.rb -- this will include the nested set stuff, >> connect to the db, and include all of the ovirt models. >> _______________________________________________ >> Ovirt-devel mailing list >> Ovirt-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/ovirt-devel >> > > Looks fine to me overall, with a couple of thoughts/comments/questions: > * In HardwareController > + @parent = Pool.find(params[:parent_id]) > + @perm_obj = @parent > should we check for the param? What if it is null? looks like the > next @perm_obj depends on it being there (this applies in multiple > places actually) > Yeah -- we probably should do this -- although as a general controller cleanup -- not part of this patch. There are various places that we assume a certain input parameter. Although the only way this param _won't_ be sent will be if the user is typing in random URLs -- we should provide a saner error message. if @parent is null here, then the error message will probably amount to trying to call permissions checks on a null obj, rather than "parent_id is required" > * Why reverse_each in Pool here rather than just each? > + self_and_ancestors.reverse_each do |the_pool| > Because we want to find the match closest to the current pool. i.e. if we're looking for the quota, we want the one for "this object or closest parent" rather than that of the root object. The self_and_ancestors method returns the root first. > * Why do we have some views that are .rthml and others that > are .html.erb? > Hmm. good question. All the initial views were rhtml -- but the rails 2.0 scaffolding generates .html.erb files. In fact, the templates we're using don't really differ based on the filename now. I think what happened was that when bclark generated new model templates, he kept those names. Or maybe it was me? In any case, it's mostly an artifact of generating rails scaffolding (that's since been mostly deleted) under different rails versions. Perhaps we should clean that up as part of the new html mockup integration. > * Is there is way we can specify this path w/o being absolute? Maybe a > setable env var or maybe use gems for our resuable components? And what > if the wui is on a different box than the daemons, since we were > planning to split them out into their own rpm(I thought)? > Hmm. Well I'm not sure if splitting off the rails models into a gem really fits into rails notion of where things should go. We could do a symlink there I guess. If it's just a matter of splitting off into separate RPMs -- that's more a packaging question than where things go. i.e. we can generate an ovirt-models RPM that includes everything in: /usr/share/ovirt-wui/vendor/plugins/betternestedset/ /usr/share/ovirt-wui/app/models/ /usr/share/ovirt-wui/app/util/ /usr/share/ovirt-wui/dutils/ Then ovirt-wui, ovirt-taskomatic, etc. can require this RPM and the current paths will still work. On the other hand, it's probably a better idea to put the Ruby search path stuff in the calling environment for taskomatic, etc. anyway -- which then avoids the problem of path location in the code itself. > So I guess really only the first is a possible enhancement for right > now, the rest are just things to consider. > > OK. so it sounds like we chould include the first thing above in a separate cleanup task for all the controllers and URL vars (unless it's better to fix this one instance now). Similarly the absolute path fixing needs to be done when we figure out how we're changing the way we run taskomatic, etc. Is there anything (above or otherwise) that I ought to modify in this patch before pushing it? Scott From jguiditt at redhat.com Mon Apr 21 18:11:19 2008 From: jguiditt at redhat.com (Jason Guiditta) Date: Mon, 21 Apr 2008 14:11:19 -0400 Subject: [Ovirt-devel] [Patch] refactor Pool models to use nested sets In-Reply-To: <480CD12C.10406@redhat.com> References: <480C9A37.9080407@redhat.com> <1208798296.3599.15.camel@localhost.localdomain> <480CD12C.10406@redhat.com> Message-ID: <480CD8C7.3090300@redhat.com> Scott Seago wrote: > > OK. so it sounds like we chould include the first thing above in a > separate cleanup task for all the controllers and URL vars (unless > it's better to fix this one instance now). Similarly the absolute path > fixing needs to be done when we figure out how we're changing the way > we run taskomatic, etc. > > Is there anything (above or otherwise) that I ought to modify in this > patch before pushing it? > > Scott Nope, I think those things can be done in subsequent cleanup tasks, ACK. -j From apevec at redhat.com Tue Apr 22 09:54:48 2008 From: apevec at redhat.com (Alan Pevec) Date: Tue, 22 Apr 2008 11:54:48 +0200 Subject: [Ovirt-devel] [PATCH] Remove obsolete SRPMs Message-ID: <480DB5E8.9060202@redhat.com> Remove obsolete SRPMs collectd is now in Fedora https://bugzilla.redhat.com/show_bug.cgi?id=442371 newer kvm is in Fedora Left is rubygem-kerberos for which likely upstream is http://rubyforge.org/projects/krb5-auth/ Should RPM be renamed to rubygem-krb5-auth before submitting to Fedora? diff --git a/srpms/collectd-4.2.3.100.g79b0797-1.ovirt.src.rpm b/srpms/collectd- deleted file mode 100644 index 1db7d78..0000000 Binary files a/srpms/collectd-4.2.3.100.g79b0797-1.ovirt.src.rpm and /dev/null d diff --git a/srpms/kvm-54-2modules.fc8.src.rpm b/srpms/kvm-54-2modules.fc8.src.r deleted file mode 100644 index 1ac7ca9..0000000 Binary files a/srpms/kvm-54-2modules.fc8.src.rpm and /dev/null differ From clalance at redhat.com Tue Apr 22 13:09:42 2008 From: clalance at redhat.com (Chris Lalancette) Date: Tue, 22 Apr 2008 09:09:42 -0400 Subject: [Ovirt-devel] [PATCH] Remove obsolete SRPMs In-Reply-To: <480DB5E8.9060202@redhat.com> References: <480DB5E8.9060202@redhat.com> Message-ID: <480DE396.70505@redhat.com> Alan Pevec wrote: > Left is rubygem-kerberos for which likely upstream is http://rubyforge.org/projects/krb5-auth/ > Should RPM be renamed to rubygem-krb5-auth before submitting to Fedora? Yeah, I still need to upload code to that project and do some testing (I am now an admin on it). I hate changing the name, but that's also probably the correct thing to do. I'll let you know when I make some progress on it. Chris Lalancette From apevec at redhat.com Tue Apr 22 22:37:20 2008 From: apevec at redhat.com (Alan Pevec) Date: Wed, 23 Apr 2008 00:37:20 +0200 Subject: [Ovirt-devel] [PATCH] start init.d/ovirt-functions Message-ID: <480E68A0.6040507@redhat.com> a place to collect reusable shell functions for ovirt* scripts diff --git a/ovirt-host-creator/common-post.ks b/ovirt-host-creator/common-post.ks index 146889a..fd373bd 100644 --- a/ovirt-host-creator/common-post.ks +++ b/ovirt-host-creator/common-post.ks @@ -10,6 +10,18 @@ cat > /etc/sysconfig/iptables << \EOF COMMIT EOF +echo "Writing ovirt-functions script" +# common functions +cat > /etc/init.d/ovirt-functions << \EOF +# -*-Shell-script-*- + +find_srv() { + local dnsreply=$(dig +short -t srv _$1._$2.$(dnsdomainname)) + SRV_HOST=$(echo $dnsreply | awk 'NR==1 {print $4}') + SRV_PORT=$(echo $dnsreply | awk 'NR==1 {print $3}') +} +EOF + echo "Writing ovirt-early init script" # next the dynamic bridge setup service cat > /etc/init.d/ovirt-early << \EOF @@ -99,12 +111,11 @@ cat > /etc/init.d/ovirt << \EOF # Source functions library . /etc/init.d/functions +. /etc/init.d/ovirt-functions start() { echo -n $"Starting ovirt: " - IPA=$(/usr/bin/dig +short -t srv _ipa._tcp.$(/bin/dnsdomainname)) - HOST=$(echo $IPA | head -1 | awk '{print $4}') - PORT=$(echo $IPA | head -1 | awk '{print $3}') + find_srv ipa tcp mkdir -p /etc/libvirt # here, we wait for the "host-keyadd" service to finish adding our @@ -112,7 +123,7 @@ start() { # then give up tries=0 while [ "$VAL" != "SUCCESS" -a $tries -lt 5 ]; do - VAL=`echo "KERB" | /usr/bin/nc $HOST 6666` + VAL=`echo "KERB" | /usr/bin/nc $SRV_HOST 6666` if [ "$VAL" == "SUCCESS" ]; then break fi @@ -126,7 +137,7 @@ start() { fi if [ ! -s /etc/libvirt/krb5.tab ]; then - /usr/bin/wget -q http://$HOST:$PORT/config/$(/bin/hostname -i)-libvirt.tab -O /etc/libvirt/krb5.tab + /usr/bin/wget -q http://$SRV_HOST:$SRV_PORT/config/$(/bin/hostname -i)-libvirt.tab -O /etc/libvirt/krb5.tab if [ $? -ne 0 ]; then echo -n "Failed getting keytab" ; failure ; echo ; exit 1 fi @@ -134,7 +145,7 @@ start() { if [ ! -s /etc/krb5.conf ]; then rm -f /etc/krb5.conf - /usr/bin/wget -q http://$HOST:$PORT/config/krb5.ini -O /etc/krb5.conf + /usr/bin/wget -q http://$SRV_HOST:$SRV_PORT/config/krb5.ini -O /etc/krb5.conf if [ "$?" -ne 0 ]; then echo "Failed getting krb5.conf" ; failure ; echo ; exit 1 fi From hbrock at redhat.com Tue Apr 22 22:37:42 2008 From: hbrock at redhat.com (Hugh O. Brock) Date: Tue, 22 Apr 2008 18:37:42 -0400 Subject: [Ovirt-devel] Re: List of performance stats to monitor In-Reply-To: <480908C9.80101@redhat.com> References: <480908C9.80101@redhat.com> Message-ID: <20080422223742.GC20896@redhat.com> On Fri, Apr 18, 2008 at 04:47:05PM -0400, mark wagner wrote: > Mark, this looks great, I'm forwarding it out to ovirt-devel with comments in-line (and a few edits). > > Here is a crack at the performance stats to monitor and a "prioritized" > list for implementation (which is what Tim was looking for). The assumption > I'm making is that list is for the beta release and that we are only > interested in performance statistics of the host at this point in time. > The main goal as I see it is to use the performance stats as a basic health > check of the data center. The ability to dig into certain areas is also > important, but not the main priority. > > In order to come with the list for basic monitoring, it took a bit of > thinking differently from the performance tuning tools that we do. > Basically we tend to drill into very specific things while a basic health > check is a different aspect. > > The main things involve number of VMs, CPU, Disk and memory consumption. > Networking would be fourth on the list. > > The other aspect of this involves the proposed aggregate level monitoring. > Rolling the stats up to a resource pool level is useful for capacity > planning type of activities but doesn't always reflect potential resource > issues within the pool. Sort of analogous to looking at the average CPU > consumption on a 16 CPU system and seeing a 6% ave utilization on the box > and wondering why a single threaded app is not performing well. However, > after poking around a bit, aggregate model does seem to work in many places > and seems appropriate for this level of work. Sure... I think ultimately we're going to want both a ton of different ways to aggreagate, as *well* as the ability to drill all the way down to individual VMs. But understood we don't have to have all that in place for the beta. > So I've grouped things into three levels of priority. These should apply > equally across the aggregate levels unless indicated otherwise. I am also > using the data that we appear to be able to get from collectd and > potentially libvirt although I have yet to set it up and try it. > > Group 1 > ------------ > Load average > the 1, 5, and 15 min averages like top provides. we should consider > using a "stacked view" to show individual machines with in as well (lower > priority) > > Storage Space > used and available > > Memory > In use and available (like top) > Allocated and unassigned ( so if you have 16GB on a host and only have > 4GB allocated to VM, you'd have 12 unassigned) > > VM's > not sure if we get this out of libvirt and stored but, number of > configured VMs, number of running vms, ( number of zombies ?) Yes, this is all critical, and I think easily doable with current libvirt + collectd combo. > Group 2 > ------------- > CPU utilization > display the normal user, nice, sys, idle, wait type of stats for a > single host > > Network stats > Throughput rates, error rollups (note rolling up all errors makes it > easier to spot things ) > > Disk Stats > io/sec, bytes / sec, wait times, (Q's ?) > Mmmm I am salivating... However I see all of this kind of data as drill-down (and, without diving too far into implementation, as generated outside of the WUI and handed over to it in .png form or something of that nature) > Group 3 > ---------------- > Load Average > we should consider using a "stacked view" to show individual machines > with in as well - move up priority list if easy to do > > Network > specific error info broken out by type - maybe limited to host by host > w/no rollup > > > That is the high level break down of what I think we should try. Most of > these stats use plugins to collectd. We can also potentially write our own > if needed. For instance, when doing DB tuning one of the things I use is > iostat to get data on the disk queues and latencies. > > I'll dig into more as well over the weekend. There were several sites I > saw that use collectd and have some stuff on the web for instance > http://csg.sph.umich.edu/docs/cluster/stats/ (click on the graphs) This looks great. We'll need to coordinate between you, Jay, Ian, and Tim on the Group 1 bits to figure out how we're going to get them onto the screen in the UI. Group 2 bits I'm happy pulling pngs out with rrdtool for the beta, I think -- does anyone else have thoughts on this? Thanks, and let me know, --Hugh From jim at meyering.net Wed Apr 23 09:30:40 2008 From: jim at meyering.net (Jim Meyering) Date: Wed, 23 Apr 2008 11:30:40 +0200 Subject: [Ovirt-devel] [PATCH] start init.d/ovirt-functions In-Reply-To: <480E68A0.6040507@redhat.com> (Alan Pevec's message of "Wed, 23 Apr 2008 00:37:20 +0200") References: <480E68A0.6040507@redhat.com> Message-ID: <87d4ogapfj.fsf@rho.meyering.net> Alan Pevec wrote: > a place to collect reusable shell functions for ovirt* scripts > > diff --git a/ovirt-host-creator/common-post.ks b/ovirt-host-creator/common-post.ks > index 146889a..fd373bd 100644 > --- a/ovirt-host-creator/common-post.ks > +++ b/ovirt-host-creator/common-post.ks > @@ -10,6 +10,18 @@ cat > /etc/sysconfig/iptables << \EOF > COMMIT > EOF > > +echo "Writing ovirt-functions script" > +# common functions > +cat > /etc/init.d/ovirt-functions << \EOF > +# -*-Shell-script-*- > + > +find_srv() { > + local dnsreply=$(dig +short -t srv _$1._$2.$(dnsdomainname)) > + SRV_HOST=$(echo $dnsreply | awk 'NR==1 {print $4}') > + SRV_PORT=$(echo $dnsreply | awk 'NR==1 {print $3}') > +} > +EOF Hi Alan, That looks like a fine change. I don't know how robust we want things like this to be, but it might be nice (at least for whomever is diagnosing when things go wrong) if find_srv provided a way for callers to detect when dig or dnsdomainname fails. Actually, for simple parsing like that, there's a bourne shell idiom that lets you avoids the cost (and risk of failure of) the two pipes and uses of awk: [ using "set" like this sets the shell's positional parameters, $1, $2, etc. The leading "_" is in case $dnsreply starts with "-", which would make "set" do the wrong thing. The following "shift" removes the added "_" ] set _ $dnsreply; shift SRV_PORT=$3 SRV_HOST=$4 From sseago at redhat.com Wed Apr 23 19:04:43 2008 From: sseago at redhat.com (Scott Seago) Date: Wed, 23 Apr 2008 15:04:43 -0400 Subject: [Ovirt-devel] [Patch] refactor permissions to reflect new roles/permission levels Message-ID: <480F884B.8030202@redhat.com> This refactors the permissions model to support the latest permissions/roles design. The prior code handled privileges independently -- so an administrator would need to be granted each privilege separately. The new model grants roles to users, currently "Super Admin", "Administrator", "User", and "Monitor". Each role then has several associated privileges (Super Admin gets all of them, Monitor only gets to view objects, etc.) So the user permissions code (where users are granted access) works on the Roles -- but the permissions checks are by privilege. Currently the role-privilege mapping is maintained in the Permission class code, rather than in the DB. If necessary, this could later be moved into the database (if, for example, we wanted to make it configurable, etc.) Scott -------------- next part -------------- A non-text attachment was scrubbed... Name: permissions-refactoring.patch Type: text/x-patch Size: 29645 bytes Desc: not available URL: From imain at redhat.com Thu Apr 24 19:40:41 2008 From: imain at redhat.com (Ian Main) Date: Thu, 24 Apr 2008 12:40:41 -0700 Subject: [Ovirt-devel] [PATCH] Setup collectd for performance stats Message-ID: <20080424124041.08be9c03@tp.mains.net> This patch configures collectd on the host and wui appliance so that it logs performance data via unicast to the wui appliance. The collectd server is specified via dns srv records the same as other services. Signed-off-by: Ian Main diff --git a/ovirt-host-creator/common-post.ks b/ovirt-host-creator/common-post.ks index ac3cca1..5ac50c6 100644 --- a/ovirt-host-creator/common-post.ks +++ b/ovirt-host-creator/common-post.ks @@ -156,6 +156,12 @@ start() { fi fi + find_srv collectd tcp + if [ -f /etc/collectd.conf.in ]; then + sed -e s/@COLLECTD_SERVER@/$SRV_HOST/ -e s/@COLLECTD_PORT@/$SRV_PORT/ /etc/collectd.conf.in > /etc/collectd.conf + service collectd restart + fi + success echo } @@ -231,9 +237,9 @@ EOF cp /etc/issue /etc/issue.net -echo "Setting up collectd" +echo "Setting up collectd configuration" # setup collectd configuration -cat > /etc/collectd.conf << \EOF +cat > /etc/collectd.conf.in << \EOF LoadPlugin logfile LoadPlugin network LoadPlugin libvirt @@ -247,7 +253,7 @@ LoadPlugin cpu - Server "224.0.0.1" + Server "@COLLECTD_SERVER@" @COLLECTD_PORT@ EOF diff --git a/wui-appliance/common-install.ks b/wui-appliance/common-install.ks index 10cccd0..dfea0b2 100644 --- a/wui-appliance/common-install.ks +++ b/wui-appliance/common-install.ks @@ -5,7 +5,7 @@ rootpw --iscrypted Xa8QeYfWrtscM firewall --disabled authconfig --enableshadow --enablemd5 selinux --disabled -services --disabled=iptables,yum-updatesd,libvirtd,bluetooth,cups,gpm,pcscd,NetworkManager,NetworkManagerDispatcher --enabled=ntpd,httpd,postgresql,ovirt-wui,tgtd,nfs +services --disabled=iptables,yum-updatesd,libvirtd,bluetooth,cups,gpm,pcscd,NetworkManager,NetworkManagerDispatcher --enabled=ntpd,httpd,postgresql,ovirt-wui,tgtd,nfs,collectd timezone --utc America/New_York text diff --git a/wui-appliance/wui-devel-x86_64.ks b/wui-appliance/wui-devel-x86_64.ks index 52e05c3..c7ccdd7 100644 --- a/wui-appliance/wui-devel-x86_64.ks +++ b/wui-appliance/wui-devel-x86_64.ks @@ -81,6 +81,30 @@ chmod +x /etc/dhclient-exit-hooks # make sure that we get a kerberos principal on every boot echo "/etc/cron.hourly/ovirtadmin.cron" >> /etc/rc.d/rc.local +# make collectd.conf. +cat > /etc/collectd.conf << \EOF +LoadPlugin network +LoadPlugin logfile +LoadPlugin rrdtool + + + LogLevel info + File STDOUT + + + + Listen "0.0.0.0" + + + + DataDir "/var/lib/collectd/rrd" + CacheTimeout 120 + CacheFlush 900 + + +EOF + + cat > /etc/init.d/ovirt-wui-dev-first-run << \EOF #!/bin/bash # @@ -151,6 +175,7 @@ start() { -W _ovirt._tcp,management.priv.ovirt.org,80 \ -W _ipa._tcp,management.priv.ovirt.org,8089 \ -W _ldap._tcp,managment.priv.ovirt.org,389 \ + -W _collectd._tcp,management.priv.ovirt.org,25826 \ --enable-tftp --tftp-root=/tftpboot -M pxelinux.0 \ -O option:router,192.168.50.1 -O option:ntp-server,192.168.50.2 \ -R -S 192.168.122.1 From apevec at redhat.com Thu Apr 24 20:51:50 2008 From: apevec at redhat.com (Alan Pevec) Date: Thu, 24 Apr 2008 22:51:50 +0200 Subject: [Ovirt-devel] [PATCH] Setup collectd for performance stats In-Reply-To: <20080424124041.08be9c03@tp.mains.net> References: <20080424124041.08be9c03@tp.mains.net> Message-ID: <4810F2E6.8080300@redhat.com> Ian Main wrote: > This patch configures collectd on the host and wui appliance so that it logs performance data via unicast to the wui appliance. The collectd server is specified via dns srv records the same as other services. > > Signed-off-by: Ian Main ACK just few questions in-line > diff --git a/ovirt-host-creator/common-post.ks b/ovirt-host-creator/common-post.ks > index ac3cca1..5ac50c6 100644 > --- a/ovirt-host-creator/common-post.ks > +++ b/ovirt-host-creator/common-post.ks > @@ -156,6 +156,12 @@ start() { > fi > fi > > + find_srv collectd tcp > + if [ -f /etc/collectd.conf.in ]; then Not sure how could we recover in case SRV lookup fails, but just in case: + if [ -f /etc/collectd.conf.in -a $SRV_HOST -a $SRV_PORT ]; then > + > + Listen "0.0.0.0" > + Is there any security on collectd's listening port or anyone can connect? Not critical if we require separate management network From apevec at redhat.com Thu Apr 24 23:34:25 2008 From: apevec at redhat.com (Alan Pevec) Date: Fri, 25 Apr 2008 01:34:25 +0200 Subject: [Ovirt-devel] [PATCH] get host networking configuration from ovirt server Message-ID: <48111901.8010105@redhat.com> get host networking configuration from oVirt server PXE-boot interface[1] is temporarily setup early in the boot sequence (init.d/ovirt-early) and configuration[2] is retrieved from oVirt server. hostname is put in the requested URL to allow per host configuration, but for now all hosts get the same config: eth0 bridged to ovirtbr0 bridge [1] IPAPPEND 2 in pxelinux config appends MAC of the PXE-booted NIC to the kernel cmdln e.g. BOOTIF=01-00-16-3e-12-34-57 [2] current implementation is a list of augtool commands, see http://augeas.net/tour.html diff --git a/ovirt-host-creator/common-pkgs.ks b/ovirt-host-creator/common-pkgs.ks index 4bd00e3..89a1796 100644 --- a/ovirt-host-creator/common-pkgs.ks +++ b/ovirt-host-creator/common-pkgs.ks @@ -21,6 +21,7 @@ cyrus-sasl-lib collectd collectd-virt tftp +augeas nc bind-utils -policycoreutils diff --git a/ovirt-host-creator/common-post.ks b/ovirt-host-creator/common-post.ks index 03ac4ae..a8f67d5 100644 --- a/ovirt-host-creator/common-post.ks +++ b/ovirt-host-creator/common-post.ks @@ -40,18 +40,60 @@ cat > /etc/init.d/ovirt-early << \EOF # Source functions library . /etc/init.d/functions +. /etc/init.d/ovirt-functions -start() { +configure_from_network() { + DEVICE=$1 + if [ $DEVICE ]; then + echo -n "." + # setup temporary interface to retrieve configuration + echo "network --device $DEVICE --bootproto dhcp" | nash + if [ $? -eq 0 ]; then + echo -n "." + # from network-scripts/ifup-post + IPADDR=$(LANG=C ip -o -4 addr ls dev ${DEVICE} | awk '{ print $4 ; exit }') + eval $(/bin/ipcalc --silent --hostname ${IPADDR} ; echo "status=$?") + if [ "$status" = "0" ]; then + hostname $HOSTNAME + # retrieve remote config + find_srv ovirt tcp + echo -n "." + if [ $SRV_HOST -a $SRV_PORT ]; then + curl -s http://$SRV_HOST:$SRV_PORT/ovirt/cfgdb/$(hostname) \ + | augtool > /dev/null 2>&1 + if [ $? -eq 0 ]; then + return + fi + fi + fi + fi + fi + # default oVirt network configuration: + # bridge each ethernet device in the system + ETHDEVS=$(cd /sys/class/net && ls -d eth*) + for eth in $ETHDEVS; do + BRIDGE=ovirtbr`echo $eth | cut -b4-` + echo -e "DEVICE=$eth\nONBOOT=yes\nBRIDGE=$BRIDGE" \ + > /etc/sysconfig/network-scripts/ifcfg-$eth + echo -e "DEVICE=$BRIDGE\nBOOTPROTO=dhcp\nONBOOT=yes\nTYPE=Bridge\nPEERNTP=yes" \ + > /etc/sysconfig/network-scripts/ifcfg-$BRIDGE + done +} - # find all of the ethernet devices in the system - ETHDEVS=$(cd /sys/class/net && ls -d eth*) - for eth in $ETHDEVS; do - BRIDGE=ovirtbr`echo $eth | cut -b4-` - echo -e "DEVICE=$eth\nONBOOT=yes\nBRIDGE=$BRIDGE" \ - > /etc/sysconfig/network-scripts/ifcfg-$eth - echo -e "DEVICE=$BRIDGE\nBOOTPROTO=dhcp\nONBOOT=yes\nTYPE=Bridge\nPEERNTP=yes" \ - > /etc/sysconfig/network-scripts/ifcfg-$BRIDGE +start() { + # find boot interface from cmdline + # IPAPPEND 2 in pxelinux.cfg appends e.g. BOOTIF=01-00-16-3e-12-34-57 + BOOTIF= + for i in $(cat /proc/cmdline); do + case $i in + BOOTIF=*) + BOOTMAC=$(echo $i | cut -d- -f2- | sed 's/-/:/g') + BOOTIF=$(grep -l $BOOTMAC /sys/class/net/eth*/address|rev|cut -d/ -f2|rev) + ;; + esac done + configure_from_network $BOOTIF + # find all of the partitions on the system diff --git a/ovirt-host-creator/ovirt-pxe.sh b/ovirt-host-creator/ovirt-pxe.sh index 2ed107a..43796aa 100755 --- a/ovirt-host-creator/ovirt-pxe.sh +++ b/ovirt-host-creator/ovirt-pxe.sh @@ -37,4 +37,10 @@ sed -i -e 's/\ /var/www/html/ovirt-cfgdb << \EOF +rm /files/etc/sysconfig/network-scripts/ifcfg-eth0 +set /files/etc/sysconfig/network-scripts/ifcfg-eth0/DEVICE eth0 +set /files/etc/sysconfig/network-scripts/ifcfg-eth0/ONBOOT yes +set /files/etc/sysconfig/network-scripts/ifcfg-eth0/BRIDGE ovirtbr0 +rm /files/etc/sysconfig/network-scripts/ifcfg-ovirtbr0 +set /files/etc/sysconfig/network-scripts/ifcfg-ovirtbr0/DEVICE ovirtbr0 +set /files/etc/sysconfig/network-scripts/ifcfg-ovirtbr0/BOOTPROTO dhcp +set /files/etc/sysconfig/network-scripts/ifcfg-ovirtbr0/ONBOOT y +set /files/etc/sysconfig/network-scripts/ifcfg-ovirtbr0/TYPE Bridge +set /files/etc/sysconfig/network-scripts/ifcfg-ovirtbr0/PEERNTP yes +save +EOF + diff --git a/wui/conf/ovirt-wui.conf b/wui/conf/ovirt-wui.conf index 3e7115a..022e6e4 100644 --- a/wui/conf/ovirt-wui.conf +++ b/wui/conf/ovirt-wui.conf @@ -46,4 +46,6 @@ ProxyPassReverse /ovirt/images ! ProxyPassReverse /ovirt/stylesheets ! ProxyPassReverse /ovirt/errors ! +# XXX default configuration db, all hosts get the same config +RewriteRule ^/ovirt/cfgdb /var/www/html/ovirt-cfgdb From mmorsi at redhat.com Fri Apr 25 17:00:43 2008 From: mmorsi at redhat.com (Mohammed Morsi) Date: Fri, 25 Apr 2008 13:00:43 -0400 Subject: [Ovirt-devel] [patch] Interface overhaul Message-ID: <48120E3B.7040909@redhat.com> The first patch to overhaul the oVirt interface to match the new mockups. All the major components are there but since the content is still in format of the current site, things look fugly. The tab display logic is based on what controller is currently being invoked. To get the tabs working, I created new actions for each functional component (hosts, vms, storage, etc) and reused the existing partial rendered components. If all looks well here, I will start working on the model test cases, updating the test fixtures to accommodate the recent model changes. -Mo -------------- next part -------------- A non-text attachment was scrubbed... Name: updatedwui.patch Type: text/x-patch Size: 18426 bytes Desc: not available URL: From mmorsi at redhat.com Fri Apr 25 17:36:37 2008 From: mmorsi at redhat.com (Mohammed Morsi) Date: Fri, 25 Apr 2008 13:36:37 -0400 Subject: [Ovirt-devel] [patch] Interface overhaul In-Reply-To: <48120E3B.7040909@redhat.com> References: <48120E3B.7040909@redhat.com> Message-ID: <481216A5.1050200@redhat.com> Mohammed Morsi wrote: > The first patch to overhaul the oVirt interface to match the new > mockups. All the major components are there but since the content is > still in format of the current site, things look fugly. The tab > display logic is based on what controller is currently being invoked. > To get the tabs working, I created new actions for each functional > component (hosts, vms, storage, etc) and reused the existing partial > rendered components. If all looks well here, I will start working on > the model test cases, updating the test fixtures to accommodate the > recent model changes. > > -Mo > ------------------------------------------------------------------------ > > _______________________________________________ > Ovirt-devel mailing list > Ovirt-devel at redhat.com > https://www.redhat.com/mailman/listinfo/ovirt-devel Updated patch to fix a problem Scott pointed out with the 'Users Access' tab. Also it should be noted that the tabs are just href url's, they are not yet wired up to refresh the page content dynamically. I figure this can be easily done once we have our javascript framework up and in place -Mo -------------- next part -------------- A non-text attachment was scrubbed... Name: updatewui.patch Type: text/x-patch Size: 18666 bytes Desc: not available URL: From clalance at redhat.com Mon Apr 28 02:13:57 2008 From: clalance at redhat.com (Chris Lalancette) Date: Sun, 27 Apr 2008 22:13:57 -0400 Subject: [Ovirt-devel] UI for changing managed node state Message-ID: <481532E5.1090904@redhat.com> All (but especially those working on the UI), One thing that we are woefully weak on right now is showing the state of the managed nodes in the datacenter/collection (Iain and I had something of a conversation about this on Friday). In fact, we have no state at all, once the node has contacted us initially. This obviously needs to change; we need to know the state of the host. On the backend, we actually already have a daemon to periodically check machines we manage, called host-status. We need to display this data on the UI. However, we actually need something further. Take the following situation: 1. 3 virtual machines are started on some node, node X 2. node X crashes for whatever reason 3. Admin reboots node X At this point, you would think it would be safe to restart the 3 VMs that were on node X when it crashed. However, it is actually not; we can't be sure whether node X actually crashed, or we couldn't contact it at the moment due to some (transient) network failure. The result of this is that we need some sort of fence, that will *really* shoot the node in the head, and make sure we don't corrupt guest disks. Since we don't currently have the code for that, Dan suggested the "manual fence"; that is, the admin walks over and has to manual power cycle the box. I think that's the right short-term solution. This requires a UI to move a managed node from the "unknown/can't be contacted" state, back to "alive", once the admin has rebooted the box. I know this is a long e-mail, so the short of it is: 1) We need to display host health/status on the UI 2) We need the ability in the UI to move a host from one (arbitrary?) state to another (arbitrary?) state. Thoughts? Chris Lalancette From mwagner at redhat.com Mon Apr 28 03:41:17 2008 From: mwagner at redhat.com (mark wagner) Date: Sun, 27 Apr 2008 23:41:17 -0400 Subject: [Ovirt-devel] UI for changing managed node state In-Reply-To: <481532E5.1090904@redhat.com> References: <481532E5.1090904@redhat.com> Message-ID: <4815475D.4040903@redhat.com> Chris Lalancette wrote: > All (but especially those working on the UI), > One thing that we are woefully weak on right now is showing the state of > the managed nodes in the datacenter/collection (Iain and I had something of a > conversation about this on Friday). In fact, we have no state at all, once the > node has contacted us initially. This obviously needs to change; we need to > know the state of the host. On the backend, we actually already have a daemon > to periodically check machines we manage, called host-status. We need to > display this data on the UI. > However, we actually need something further. Take the following situation: > > 1. 3 virtual machines are started on some node, node X > 2. node X crashes for whatever reason > 3. Admin reboots node X > > At this point, you would think it would be safe to restart the 3 VMs that were > on node X when it crashed. > However, it is actually not; we can't be sure > whether node X actually crashed, or we couldn't contact it at the moment due to > some (transient) network failure. > Um, I think I know where you are going but in the example you give, the admin reboots the node, so we know that it has been rebooted, correct ? Or are saying that the admin initiated a reboot via the wui and we can't tell if the wui actually rebooted the system ? If we have reestablished connectivity to the host we could check the "uptime" of the box to determine how long it has been up. Not sure if we can get this from libvirt or collectd but there other ways to get the data. In a properly implemented system we could also look for other signs of activity, for instance, is the host reading from or writing to storage? Also, not sure that it has just be a "transient" network failure. The mechanisms we are currently implementing to get this data are based on UDP which is unreliable. If there is heavy network usage, there is no guarantee of the data getting through. There are also lots of other pieces to solving this lack of contact. Is this the only host that we don't see or are there others "missing" as well. Being able to include some knowledge of network topology and power "grids" at some point in the future will help determine if a circuit breaker popped or if a switch is down. > The result of this is that we need some sort of fence, that will *really* > shoot the node in the head, and make sure we don't corrupt guest disks. Not sure that resetting a host running guests is the best thing to do in an attempt to not corrupt the data on the disks, especially if we are not sure that the guests / system are really down or that we just can't get to it via the network. > Since > we don't currently have the code for that, Dan suggested the "manual fence"; > that is, the admin walks over and has to manual power cycle the box. I think > that's the right short-term solution. This requires a UI to move a managed node > from the "unknown/can't be contacted" state, back to "alive", once the admin has > rebooted the box. > > I know this is a long e-mail, so the short of it is: > 1) We need to display host health/status on the UI > 2) We need the ability in the UI to move a host from one (arbitrary?) state to > another (arbitrary?) state. > And if some of these states include things like "reboot initiated, boot initiated", etc we can refine our need to shoot things in the head. As an example, if we tell a host to reboot, when it comes back up, we should be able to check "uptime" to make sure that it really did reboot. Also, by logging the command to reboot and the time contact is reestablished, we can build a "map" of reboot times for the hosts going forward. Establishing baselines for individual hosts would allow us to trigger warnings in the future once a host has exceeded its "typical" reboot time. > Thoughts? > Chris Lalancette > > I understand that there are valid concerns about being able to determine the state of guests. I do think that this can be mitigated by also monitoring the state of the guests. I think that people assume that we can't do that because collectd and libvirt can't get us info on things like a windoze guest. However, I would propose that we look at the issues to be solved and then pick an implementation instead of picking an implementation and saying what can't be done. > _______________________________________________ > Ovirt-devel mailing list > Ovirt-devel at redhat.com > https://www.redhat.com/mailman/listinfo/ovirt-devel > So, one piece of this puzzle that hasn't been really clear to me is how we are controlling the host. Are there plans to try using an IPMI interface ? Will we be able to tap into remote controlled power strips ? Closing thought I'd like to share: When I break it down, I view oVirt as Network Management system. It provisions, monitors and manages systems over the network. I'm not saying its not specialized, but if you compare it to management systems out there, it does the same basic functionality just on a different set of problems. I think that if we approach it that way, we will find that there are lot of solutions to these issues available to us. -mark From meyering at redhat.com Mon Apr 28 07:53:59 2008 From: meyering at redhat.com (Jim Meyering) Date: Mon, 28 Apr 2008 09:53:59 +0200 Subject: [Ovirt-devel] readability/maintainability .ks tweaks Message-ID: <87hcdmbejs.fsf@rho.meyering.net> Maybe I'm missing something, but the xargs use seems like a no-op with bash. Though, with zsh, it does change newlines to spaces when there is more than one swap device -- maybe that's why it snuck in? echo -e is really nasty on a portability front, so it rang a bell for me, (of course, since we are assuming bash, it's fine here), but from a readability perspective, I prefer the way printf lets you separate the lines. readability/maintainability .ks tweaks * ovirt-host-creator/common-post.ks: Remove an unnecessary use of xargs. Double-quote some $var-containing sed arguments -- just in case. Shorten and split some long lines. Use printf rather than echo -e to ease readability/maintainability with long, \n-separated strings. diff --git a/ovirt-host-creator/common-post.ks b/ovirt-host-creator/common-post.ks index 03ac4ae..18ab8d8 100644 --- a/ovirt-host-creator/common-post.ks +++ b/ovirt-host-creator/common-post.ks @@ -47,10 +47,11 @@ start() { ETHDEVS=$(cd /sys/class/net && ls -d eth*) for eth in $ETHDEVS; do BRIDGE=ovirtbr`echo $eth | cut -b4-` - echo -e "DEVICE=$eth\nONBOOT=yes\nBRIDGE=$BRIDGE" \ + printf '%s\n' "DEVICE=$eth" ONBOOT=yes "BRIDGE=$BRIDGE" \ > /etc/sysconfig/network-scripts/ifcfg-$eth - echo -e "DEVICE=$BRIDGE\nBOOTPROTO=dhcp\nONBOOT=yes\nTYPE=Bridge\nPEERNTP=yes" \ - > /etc/sysconfig/network-scripts/ifcfg-$BRIDGE + printf '%s\n' "DEVICE=$BRIDGE" BOOTPROTO=dhcp \ + ONBOOT=yes TYPE=Bridge PEERNTP=yes \ + > /etc/sysconfig/network-scripts/ifcfg-$BRIDGE done # find all of the partitions on the system @@ -66,12 +67,14 @@ start() { SWAPDEVS="$LVMDEVS" for dev in $BLOCKDEVS; do - SWAPDEVS="$SWAPDEVS `/sbin/fdisk -l $dev 2>/dev/null | tr '*' ' ' | awk '$5 ~ /82/ {print $1}' | xargs`" + SWAPDEVS="$SWAPDEVS `/sbin/fdisk -l $dev 2>/dev/null | tr '*' ' ' \ + | awk '$5 ~ /82/ {print $1}'`" done # now check if any of these partitions are swap, and activate if so for device in $SWAPDEVS; do - sig=`dd if=$device bs=1 count=10 skip=$(( $PAGESIZE - 10 )) 2>/dev/null` + sig=`dd if=$device bs=1 count=10 skip=$(( $PAGESIZE - 10 )) \ + 2>/dev/null` if [ "$sig" = "SWAPSPACE2" ]; then /sbin/swapon $device fi @@ -142,7 +145,8 @@ start() { fi if [ ! -s /etc/libvirt/krb5.tab ]; then - /usr/bin/wget -q http://$SRV_HOST:$SRV_PORT/config/$(/bin/hostname -i)-libvirt.tab -O /etc/libvirt/krb5.tab + wget -q http://$SRV_HOST:$SRV_PORT/config/$(hostname -i)-libvirt.tab \ + -O /etc/libvirt/krb5.tab if [ $? -ne 0 ]; then echo -n "Failed getting keytab" ; failure ; echo ; exit 1 fi @@ -150,7 +154,7 @@ start() { if [ ! -s /etc/krb5.conf ]; then rm -f /etc/krb5.conf - /usr/bin/wget -q http://$SRV_HOST:$SRV_PORT/config/krb5.ini -O /etc/krb5.conf + wget -q http://$SRV_HOST:$SRV_PORT/config/krb5.ini -O /etc/krb5.conf if [ "$?" -ne 0 ]; then echo "Failed getting krb5.conf" ; failure ; echo ; exit 1 fi @@ -158,7 +162,9 @@ start() { find_srv collectd tcp if [ -f /etc/collectd.conf.in -a $SRV_HOST -a $SRV_PORT ]; then - sed -e s/@COLLECTD_SERVER@/$SRV_HOST/ -e s/@COLLECTD_PORT@/$SRV_PORT/ /etc/collectd.conf.in > /etc/collectd.conf + sed -e "s/@COLLECTD_SERVER@/$SRV_HOST/" \ + -e "s/@COLLECTD_PORT@/$SRV_PORT/" /etc/collectd.conf.in \ + > /etc/collectd.conf service collectd restart fi @@ -309,7 +315,8 @@ $RM /usr/share/terminfo $RM /usr/share/X11 $RM /usr/share/i18n -find /usr/share/zoneinfo -regextype egrep -type f ! -regex ".*/EST.*|.*/GMT" -exec $RM {} \; +find /usr/share/zoneinfo -regextype egrep -type f \ + ! -regex ".*/EST.*|.*/GMT" -exec $RM {} \; $RM /usr/lib/locale $RM /usr/lib/syslinux -- 1.5.5.1.68.gbdcd8 From apevec at redhat.com Mon Apr 28 08:54:03 2008 From: apevec at redhat.com (Alan Pevec) Date: Mon, 28 Apr 2008 10:54:03 +0200 Subject: [Ovirt-devel] readability/maintainability .ks tweaks In-Reply-To: <87hcdmbejs.fsf@rho.meyering.net> References: <87hcdmbejs.fsf@rho.meyering.net> Message-ID: <481590AB.5040105@redhat.com> Jim Meyering wrote: > readability/maintainability .ks tweaks > * ovirt-host-creator/common-post.ks: Remove an unnecessary use of xargs. > Double-quote some $var-containing sed arguments -- just in case. > Shorten and split some long lines. > Use printf rather than echo -e to ease readability/maintainability > with long, \n-separated strings. ack, thanks! Please check-in and I'll repost "get host networking configuration from ovirt server" to include your fixes. > - SWAPDEVS="$SWAPDEVS `/sbin/fdisk -l $dev 2>/dev/null | tr '*' ' ' | awk '$5 ~ /82/ {print $1}' | xargs`" > + SWAPDEVS="$SWAPDEVS `/sbin/fdisk -l $dev 2>/dev/null | tr '*' ' ' \ > + | awk '$5 ~ /82/ {print $1}'`" or + SWAPDEVS="$SWAPDEVS `sfdisk -d $dev 2>/dev/null \ + | awk 'substr($0,49,2) == "82" { print $1}' or just delegate swap probing to udev? e.g. --- a/ovirt-host-creator/common-post.ks +++ b/ovirt-host-creator/common-post.ks @@ -65,14 +65,11 @@ start() { LVMDEVS="$DEVICES `/usr/sbin/lvscan | awk '{print $2}' | tr -d \"'\"`" SWAPDEVS="$LVMDEVS" - for dev in $BLOCKDEVS; do - SWAPDEVS="$SWAPDEVS `/sbin/fdisk -l $dev 2>/dev/null | tr '*' ' ' | awk '$5 ~ /82/ {print $1}' | xargs`" - done # now check if any of these partitions are swap, and activate if so for device in $SWAPDEVS; do - sig=`dd if=$device bs=1 count=10 skip=$(( $PAGESIZE - 10 )) 2>/dev/null` - if [ "$sig" = "SWAPSPACE2" ]; then + eval `/lib/udev/vol_id $device 2>/dev/null` + if [ "$ID_FS_TYPE" = "swap" ]; then swapon $device fi done From jim at meyering.net Mon Apr 28 10:40:07 2008 From: jim at meyering.net (Jim Meyering) Date: Mon, 28 Apr 2008 12:40:07 +0200 Subject: [Ovirt-devel] readability/maintainability .ks tweaks In-Reply-To: <481590AB.5040105@redhat.com> (Alan Pevec's message of "Mon, 28 Apr 2008 10:54:03 +0200") References: <87hcdmbejs.fsf@rho.meyering.net> <481590AB.5040105@redhat.com> Message-ID: <87zlre9sag.fsf@rho.meyering.net> Alan Pevec wrote: > Jim Meyering wrote: >> readability/maintainability .ks tweaks >> * ovirt-host-creator/common-post.ks: Remove an unnecessary use of xargs. >> Double-quote some $var-containing sed arguments -- just in case. >> Shorten and split some long lines. >> Use printf rather than echo -e to ease readability/maintainability >> with long, \n-separated strings. > > ack, thanks! > Please check-in and I'll repost "get host networking configuration from ovirt server" to include your fixes. Hi Alan, Thanks for the quick review. Pushed. >> - SWAPDEVS="$SWAPDEVS `/sbin/fdisk -l $dev 2>/dev/null | tr '*' ' ' | awk '$5 ~ /82/ {print $1}' | xargs`" >> + SWAPDEVS="$SWAPDEVS `/sbin/fdisk -l $dev 2>/dev/null | tr '*' ' ' \ >> + | awk '$5 ~ /82/ {print $1}'`" > > or > + SWAPDEVS="$SWAPDEVS `sfdisk -d $dev 2>/dev/null \ + > | awk 'substr($0,49,2) == "82" { print $1}' sfdisk might well be better (I don't know), but we can't use column offsets like that. For example, on one of my systems, "49" doesn't work because the ID starts at column 51 -- it's sensitive to the width of preceding columns e.g., the maximum block count. > or just delegate swap probing to udev? e.g. > --- a/ovirt-host-creator/common-post.ks > +++ b/ovirt-host-creator/common-post.ks > @@ -65,14 +65,11 @@ start() { > LVMDEVS="$DEVICES `/usr/sbin/lvscan | awk '{print $2}' | tr -d \"'\"`" > > SWAPDEVS="$LVMDEVS" > - for dev in $BLOCKDEVS; do > - SWAPDEVS="$SWAPDEVS `/sbin/fdisk -l $dev 2>/dev/null | tr '*' ' ' | awk '$5 ~ /82/ {print $1}' | xargs`" > - done > > # now check if any of these partitions are swap, and activate if so > for device in $SWAPDEVS; do > - sig=`dd if=$device bs=1 count=10 skip=$(( $PAGESIZE - 10 )) 2>/dev/null` > - if [ "$sig" = "SWAPSPACE2" ]; then > + eval `/lib/udev/vol_id $device 2>/dev/null` > + if [ "$ID_FS_TYPE" = "swap" ]; then > swapon $device > fi > done Oh, nice! I haven't used /lib/udev/vol_id enough yet ;-) I much prefer that. I assume udev is reliable enough. To be on the safe side: - quote the string you eval - test $ID_FS_TYPE only if eval succeeds; otherwise, you could test a value from a preceding device - quote the device name - I prefer $(...) to `...` because you can nest the former - I have a small preference for "test expr && ..." over "if [expr]; then ... fi" partly because it's shorter and there's less syntax (i.e. less to type and less to get wrong ;-) ID_FS_TYPE= id_fs=$(/lib/udev/vol_id "$device" 2>/dev/null) \ && eval "$id_fs" \ && test "$ID_FS_TYPE" = swap \ && swapon "$device" [caveat: untested ;-) ] From berrange at redhat.com Mon Apr 28 13:01:06 2008 From: berrange at redhat.com (Daniel P. Berrange) Date: Mon, 28 Apr 2008 14:01:06 +0100 Subject: [Ovirt-devel] UI for changing managed node state In-Reply-To: <4815475D.4040903@redhat.com> References: <481532E5.1090904@redhat.com> <4815475D.4040903@redhat.com> Message-ID: <20080428130106.GD26721@redhat.com> On Sun, Apr 27, 2008 at 11:41:17PM -0400, mark wagner wrote: > Chris Lalancette wrote: > > However, we actually need something further. Take the following > > situation: > > > >1. 3 virtual machines are started on some node, node X > >2. node X crashes for whatever reason > >3. Admin reboots node X > > > >At this point, you would think it would be safe to restart the 3 VMs that > >were > >on node X when it crashed. > >However, it is actually not; we can't be sure > >whether node X actually crashed, or we couldn't contact it at the moment > >due to > >some (transient) network failure. > > > Um, I think I know where you are going but in the example you give, the > admin reboots the node, so we know that it has been rebooted, correct ? > Or are saying that the admin initiated a reboot via the wui and we can't > tell if the wui actually rebooted the system ? You cannot assume anything about the admin initiated reboot - it may have rebooted, it may have hung on shutdown, but still have the VMs running without network connectivity, and any nubmer of other fun problems. No matter what the circumstance / scenario, if there is a loss of connectivity to the machine from the oVirt admin box, then it has to be fenced to provide the guarentee > If we have reestablished connectivity to the host we could check the > "uptime" of the box to determine how long it has been up. Not sure if we > can get this from libvirt or collectd but there other ways to get the > data. In a properly implemented system we could also look for other > signs of activity, for instance, is the host reading from or writing to > storage? Nope, no heuristics. Heuristics lead to data loss. If there's any doubt about a machine's operation, then it has to be shot before we consider moving the VMs elsewhere. > > The result of this is that we need some sort of fence, that will > > *really* > >shoot the node in the head, and make sure we don't corrupt guest disks. > Not sure that resetting a host running guests is the best thing to do in > an attempt to not corrupt the data on the disks, especially if we are > not sure that the guests / system are really down or that we just can't > get to it via the network. If we can't reach the host via the networks, then we have no way of knowing how badly doomed the machine is. It might be sufferring transient network failure and will come back, or it might have under serious hadware failure. We have to assume the worst, fence the machine, and restart the VMs on a new host. .... unless the guest VM admin has explicitly requested that a VM not be auto-restarted on host failure. > So, one piece of this puzzle that hasn't been really clear to me is how > we are controlling the host. Are there plans to try using an IPMI > interface ? ClusterSuite in Fedora ships with a fencing script that can use IPMI, so its definitely one option. > Will we be able to tap into remote controlled power strips ? If the power strip is one of those supported by clustersuite fencing agents, then yes. Dan. -- |: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| From mwagner at redhat.com Mon Apr 28 15:00:09 2008 From: mwagner at redhat.com (mark wagner) Date: Mon, 28 Apr 2008 11:00:09 -0400 Subject: [Ovirt-devel] UI for changing managed node state In-Reply-To: <20080428130106.GD26721@redhat.com> References: <481532E5.1090904@redhat.com> <4815475D.4040903@redhat.com> <20080428130106.GD26721@redhat.com> Message-ID: <4815E679.3010500@redhat.com> Daniel P. Berrange wrote: > On Sun, Apr 27, 2008 at 11:41:17PM -0400, mark wagner wrote: > >> Chris Lalancette wrote: >> >>> However, we actually need something further. Take the following >>> situation: >>> >>> 1. 3 virtual machines are started on some node, node X >>> 2. node X crashes for whatever reason >>> 3. Admin reboots node X >>> >>> At this point, you would think it would be safe to restart the 3 VMs that >>> were >>> on node X when it crashed. >>> However, it is actually not; we can't be sure >>> whether node X actually crashed, or we couldn't contact it at the moment >>> due to >>> some (transient) network failure. >>> >>> >> Um, I think I know where you are going but in the example you give, the >> admin reboots the node, so we know that it has been rebooted, correct ? >> Or are saying that the admin initiated a reboot via the wui and we can't >> tell if the wui actually rebooted the system ? >> > > You cannot assume anything about the admin initiated reboot - it may have > rebooted, it may have hung on shutdown, but still have the VMs running > without network connectivity, and any nubmer of other fun problems. No > matter what the circumstance / scenario, if there is a loss of connectivity > to the machine from the oVirt admin box, then it has to be fenced to > provide the guarentee > > >> If we have reestablished connectivity to the host we could check the >> "uptime" of the box to determine how long it has been up. Not sure if we >> can get this from libvirt or collectd but there other ways to get the >> data. In a properly implemented system we could also look for other >> signs of activity, for instance, is the host reading from or writing to >> storage? >> > > Nope, no heuristics. Heuristics lead to data loss. If there's any doubt > about a machine's operation, then it has to be shot before we consider > moving the VMs elsewhere. > I don't see how you can make a blanket statement that "Heuristics lead to data loss." I would argue that lack of heuristics can lead to needless data loss. If we can get to a console on the box then we can determine much more about the state. (if we need to send someone to manually push a button on the system then they could have access to the console) Perhaps the network cable came unplugged or the network switch is having issues, a hard reboot in this situation could easily cause some form of data corruption and is easily diagnosed and avoided. This is especially true if we are using multiple networks, with the management features being on one and main access being on another. Blowing away a system that has just one interface down could easily be avoided with some simple diagnostics. I don't disagree that there are some instances where the only course of action will be a hard reset, just that it should not be the default action anytime you lose connectivity. > >>> The result of this is that we need some sort of fence, that will >>> *really* >>> shoot the node in the head, and make sure we don't corrupt guest disks. >>> >> Not sure that resetting a host running guests is the best thing to do in >> an attempt to not corrupt the data on the disks, especially if we are >> not sure that the guests / system are really down or that we just can't >> get to it via the network. >> > > If we can't reach the host via the networks, then we have no way of knowing > how badly doomed the machine is. It might be sufferring transient network > failure and will come back, or it might have under serious hadware failure. > We have to assume the worst, fence the machine, and restart the VMs on a > new host. .... unless the guest VM admin has explicitly requested that a > VM not be auto-restarted on host failure. > So I guess I'm confused on how this all works. You previously stated no Heuristics, but since everything is designed with a push model is there any effort for the wui to try and contact the host or do we send out a hitman with the first missed stats update ? Keep in mind that the push model that has been selected is by design, unreliable. So there clearly needs to be some type of logic to determine if a machine is down. This issue will only getting worse as more hosts are added to the system. > >> So, one piece of this puzzle that hasn't been really clear to me is how >> we are controlling the host. Are there plans to try using an IPMI >> interface ? >> > > ClusterSuite in Fedora ships with a fencing script that can use IPMI, > so its definitely one option. > > >> Will we be able to tap into remote controlled power strips ? >> > > If the power strip is one of those supported by clustersuite fencing > agents, then yes. > > Dan. > From hbrock at redhat.com Mon Apr 28 15:19:05 2008 From: hbrock at redhat.com (Hugh O. Brock) Date: Mon, 28 Apr 2008 11:19:05 -0400 Subject: [Ovirt-devel] [patch] Interface overhaul In-Reply-To: <481216A5.1050200@redhat.com> References: <48120E3B.7040909@redhat.com> <481216A5.1050200@redhat.com> Message-ID: <20080428151905.GF20896@redhat.com> On Fri, Apr 25, 2008 at 01:36:37PM -0400, Mohammed Morsi wrote: > Mohammed Morsi wrote: >> The first patch to overhaul the oVirt interface to match the new mockups. >> All the major components are there but since the content is still in >> format of the current site, things look fugly. The tab display logic is >> based on what controller is currently being invoked. To get the tabs >> working, I created new actions for each functional component (hosts, vms, >> storage, etc) and reused the existing partial rendered components. If all >> looks well here, I will start working on the model test cases, updating >> the test fixtures to accommodate the recent model changes. >> >> -Mo >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Ovirt-devel mailing list >> Ovirt-devel at redhat.com >> https://www.redhat.com/mailman/listinfo/ovirt-devel > Updated patch to fix a problem Scott pointed out with the 'Users Access' > tab. Also it should be noted that the tabs are just href url's, they are > not yet wired up to refresh the page content dynamically. I figure this can > be easily done once we have our javascript framework up and in place > > -Mo ACK based on Scott's review... --Hugh From clalance at redhat.com Mon Apr 28 15:23:30 2008 From: clalance at redhat.com (Chris Lalancette) Date: Mon, 28 Apr 2008 11:23:30 -0400 Subject: [Ovirt-devel] Release 0.4 of oVirt Message-ID: <4815EBF2.4070901@redhat.com> I'm pleased to announce release 0.4 of oVirt. This is mostly a bugfix release; a lot of the underlying infrastructure has been changed around, which should make further development easier. Nevertheless, there are a few new features: * New "bundled" mode of installation, which provides all services and can manage physical machines * Improved installation for developer and bundled mode * Easy transition from developer to bundled mode and back * Ability to use NFS as a backing store for guest images In addition, we have a new website look, although navigation is almost exactly the same as before. Installation instructions are available here: http://ovirt.org/install-instructions.html To checkout this release from the source repository, you'll want to: $ git clone git://git.et.redhat.com/ovirt.git $ cd ovirt $ git checkout --track -b release-0.4 origin/release-0.4 Thanks to everyone who contributed ideas, patches, and documentation! From Julien.Garet at inria.fr Mon Apr 28 16:06:41 2008 From: Julien.Garet at inria.fr (Julien Garet) Date: Mon, 28 Apr 2008 18:06:41 +0200 Subject: [Ovirt-devel] OVirt with OpenLDAP & Kerberos 5 Message-ID: <4815F611.7080809@inria.fr> Hello, We are trying to find a software to manage our virtualization servers and ovirt seems to be the one that fulfills all of our needs. But our architecture is based on mandriva 2008.0. We already have an LDAP & Kerberos architecture (based on openLDAP and Heimdal Krb5) and are quite cold on trying to migrate everything into freeIPA (too much work , only because ovirt needs it :-(). Is the a way to plug ovirt on different LDAP/Kerberos servers ? Cheers, Julien GARET -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4288 bytes Desc: S/MIME Cryptographic Signature URL: From hbrock at redhat.com Mon Apr 28 16:35:25 2008 From: hbrock at redhat.com (Hugh O. Brock) Date: Mon, 28 Apr 2008 12:35:25 -0400 Subject: [Ovirt-devel] OVirt with OpenLDAP & Kerberos 5 In-Reply-To: <4815F611.7080809@inria.fr> References: <4815F611.7080809@inria.fr> Message-ID: <20080428163525.GH20896@redhat.com> On Mon, Apr 28, 2008 at 06:06:41PM +0200, Julien Garet wrote: > Hello, > > We are trying to find a software to manage our virtualization servers > and ovirt seems to be the one that fulfills all of our needs. But our > architecture is based on mandriva 2008.0. We already have an LDAP & > Kerberos architecture (based on openLDAP and Heimdal Krb5) and are quite > cold on trying to migrate everything into freeIPA (too much work , only > because ovirt needs it :-(). > > Is the a way to plug ovirt on different LDAP/Kerberos servers ? > Hi there! oVirt should work with any Kerberos server, although some of our install scripts use IPA-specific tools. This is easy enough to get around however. In the medium-term we will be moving more and more of our user/group model into LDAP. While there may be advantages to using IPA for your LDAP server for oVirt, we do not intend to do anything IPA-specific in that area either. So to sum up, yes, but it may require a bit of effort (not too much). Thanks for your interest in oVirt! Take care, --Hugh From slinabery at gmail.com Tue Apr 29 15:24:47 2008 From: slinabery at gmail.com (steve linabery) Date: Tue, 29 Apr 2008 10:24:47 -0500 Subject: [Ovirt-devel] [PATCH] fix attribute in grant_admin_privileges Message-ID: <769584de0804290824h42aa3051p55f46b5dac6bae06@mail.gmail.com> Hi Ovirt, Had to use grant_admin_privileges last night and noticed it was using an old attribute name. Thanks, Steve -------------- next part -------------- A non-text attachment was scrubbed... Name: fix-grant_admin_privileges.patch Type: text/x-patch Size: 528 bytes Desc: not available URL: From hbrock at redhat.com Tue Apr 29 15:34:34 2008 From: hbrock at redhat.com (Hugh O. Brock) Date: Tue, 29 Apr 2008 11:34:34 -0400 Subject: [Ovirt-devel] [PATCH] fix attribute in grant_admin_privileges In-Reply-To: <769584de0804290824h42aa3051p55f46b5dac6bae06@mail.gmail.com> References: <769584de0804290824h42aa3051p55f46b5dac6bae06@mail.gmail.com> Message-ID: <20080429153433.GM20896@redhat.com> On Tue, Apr 29, 2008 at 10:24:47AM -0500, steve linabery wrote: > Hi Ovirt, > > Had to use grant_admin_privileges last night and noticed it was using > an old attribute name. > > Thanks, > Steve > diff --git a/wui/src/script/grant_admin_privileges b/wui/src/script/grant_admin_privileges > index 7729ac7..77ef359 100755 > --- a/wui/src/script/grant_admin_privileges > +++ b/wui/src/script/grant_admin_privileges > @@ -6,7 +6,7 @@ require 'active_record_env' > > $hwpool = HardwarePool.get_default_pool > if $hwpool > - Permission.new( { :role => Permission::ROLE_SUPER_ADMIN, > + Permission.new( { :user_role => Permission::ROLE_SUPER_ADMIN, > :user => ARGV[0], > :pool_id => $hwpool.id}).save > end Ahh yeah that would be a problem, wouldn't it? ACK --Hugh From apevec at redhat.com Wed Apr 30 20:04:55 2008 From: apevec at redhat.com (Alan Pevec) Date: Wed, 30 Apr 2008 22:04:55 +0200 Subject: [Ovirt-devel] obsolete content to remove from ovirt.org website Message-ID: <4818D0E7.7080104@redhat.com> Proposed removal list, please review: http://ovirt.org/download/Fedora-Unity-20080204-8-x86_64-DVD.iso http://ovirt.org/download/ovirt-pxe-host-image-* # except 0.4 http://ovirt.org/download/wui-appliance.* http://ovirt.org/download/wui-rel-{app|devel}-*.ks http://ovirt.org/download/ovirt-mod-xml.sh http://ovirt.org/download/ovirt-appliance*.txt http://ovirt.org/repos/ovirt/i386/ http://ovirt.org/repos/ovirt/src/ http://ovirt.org/repos/ovirt/x86_64/ http://ovirt.org/repos/ovirt-host/9-Beta/ http://ovirt.org/repos/ovirt-management-repo/i386/collectd-4.2.3.100.g79b0797-1.ovirt.i386.rpm # when collectd hits stable: FEDORA-2008-3311 http://ovirt.org/repos/ovirt-management-repo/i386/ipa-*0.99* # ipa 1.0 in F8 updates http://ovirt.org/repos/ovirt-management-repo/i386/libvirt* # libvirt 0.4.2 in F8 updates http://ovirt.org/repos/ovirt-management-repo/i386/ruby-libvirt* # ruby-libvirt 0.0.7 in F8 updates This leaves only ovirt-wui + rubygem-kerberos in current F8 wui-appliance repo, and augeas + collectd in F9 oVirt host repo http://ovirt.org/repos/ovirt/9/ ap From dpierce at redhat.com Wed Apr 30 20:49:16 2008 From: dpierce at redhat.com (Darryl L. Pierce) Date: Wed, 30 Apr 2008 16:49:16 -0400 Subject: [Ovirt-devel] Weekly status Message-ID: <4818DB4C.60100@redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Got the following packages approved for Fedora: - - rubygem-activeldap - - rubygem-hoe - - rubygem-rubyforge I'm 95% complete on wrapping LDAP for the WUI. The main blockers are my inexperience with Ruby, but I'm making progress. This task should be completed within a day, with tests in place. Since starting tracking (on 27 April), I've spent 3 hours working on RHX related tasks. On a positive note, tonite's the last night of my biology class. After the final exam, I only have my C++ final to take and them I'm on break till August! :) - -- Darryl L. Pierce - Phone: (919) 754-4383 "In matters of style, swim with the current; In matters of principle, stand like a rock." - Thomas Jefferson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFIGNtMjaT4DmxOfxsRAj0jAKC0dLXfrDYaKassiGziW205nwvz9ACg1yq9 10Qp14BCVv+R8wptHXvj11s= =2OMV -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: dpierce.vcf Type: text/x-vcard Size: 265 bytes Desc: not available URL:
<%= pluralize @collection.permissions.admins.size, "Admin" %>