[Ovirt-devel] problem with kerberos (I think)
sylvain.desbureaux at orange-ftgroup.com
sylvain.desbureaux at orange-ftgroup.com
Fri Jul 31 13:55:39 UTC 2009
Now I continue to advance (I hope).
I changed the krb5.conf on my host in order to make it equal to the one of ovirt management.
I've done a kinit ovirtadmin at OPEN.NET
And now when I launch libvirt-qpid, I have the answer put below which basically says that I'm not well authenticated. Maybe do I have to kinit in another way?
2009-07-31 15:55:00 info QMF Agent Initialized: broker=management.open.net:5672 interval=3 storeFile=
2009-07-31 15:55:01 debug QMF Agent attempting to connect to the broker...
2009-07-31 15:55:01 debug ConnectionImpl created for \x00-
2009-07-31 15:55:01 info Connecting to tcp:management.open.net:5672
2009-07-31 15:55:01 debug TCPConnector created for \x00-
2009-07-31 15:55:01 debug RECV [45104 management.open.net:5672] INIT(0-10)
2009-07-31 15:55:01 trace RECV [45104 management.open.net:5672]: Frame[BEbe; channel=0; {ConnectionStartBody: server-properties={qpid.federation_tag:V2:36:str16(ca420bd9-02aa-4a39-9fd5-11e763cb4048)}; mechanisms=str16{V2:6:str16(GSSAPI)}; locales=str16{V2:5:str16(en_US)}; }]
2009-07-31 15:55:01 debug CyrusSasl::start(GSSAPI)
2009-07-31 15:55:01 debug min_ssf: 0, max_ssf: 256
2009-07-31 15:55:01 debug CyrusSasl::start(GSSAPI): selected GSSAPI response: '`\x82\x02\x18\x06 *\x86H\x86\xF7\x12\x01\x02\x02\x01\x00n\x82\x02\x070\x82\x02\x03\xA0\x03\x02\x01\x05\xA1\x03\x02\x01\x0E\xA2\x07\x03\x05\x00 \x00\x00\x00\xA3\x82\x01\x19a\x82\x01\x150\x82\x01\x11\xA0\x03\x02\x01\x05\xA1
\x1B\x08OPEN.NET\xA2%0#\xA0\x03\x02\x01\x03\xA1\x1C0\x1A\x1B\x05qpidd\x1B\x11physical.open.net\xA3\x81\xD60\x81\xD3\xA0\x03\x02\x01\x12\xA1\x03\x02\x01\x03\xA2\x81\xC6\x04\x81\xC3K\x\xA3\xBFP\xE9\xFE\x83\x89\xBCA\xB2\x85h\xFA\xFFd\xCC2\x14\x93q\xC8\x97yxD0\x98\x85\xC1\x16\xA4\xA3\xA9\x08\xE2d
*\x98\xF9x\x8C`G\xF9\x06C\x01\xF8\xDB\xC0\xE4'\xEF\xD3\xB9NBc\xE0\xFC\xB0\xE3/D\xA8\x1F\xEE\x1D\xE8\xBA:H\x1D=\xA5:\xB4BF\xC6`)\x1E\x04e\xB8\xBA\xF4\xB9\x04\x7F\x9E\x8D
8\xC4j3\x17-\x12\xF2\xA4\x81\xD00\x81\xCD\xA0\x03\x02\x01\x12\xA2\x81\xC5\x04\x81\xC2\xC8\x81B\xB96\xF8\xB8\xE6J\xA0Q\xAF\xEA\xDBq*
(\x80i#p\xEFk\x8A\xC5l \x0F\xB6\x003\xC4\x1A1\x85\xD98\xAB\x91\x9C\xC7
;\xFD\xE8u\x90j\x9A\x95`j\x1F\xBB\xD9E\xDD;5e%4\xE8\xB1\x11D\x83<\xD7cL\x03/J\x18N\xE8\xDES+\xD2vDG\xB4=\x88!\xFA
\x80\xC0\x08\xBB\xC9\xAA\xD4\xE13YDT\xDF \xB9/\xB3\xC2Vr\xFA\x99\xDB\xB7j\x009\xD5\x04\x1D\xC2\xB2\xE0\xCA\x124P\xDF\xA9\xAA\xD0Ln\xDD\x9B\xC1Z`\x9B9C\x0E\x7Fa\xF0\x05\xDF\xC2\xA4\xD2e\x85\xD7\x01o\xE5.\xA8\x8F\xDE%\xB1\xA6p\x9A\xC0e\xBApG\xD0!\xA6g\x18\xAD\xB1z\xF4\x8DQ~\xF4\x13\xC1\xD1N\x03\xC7\xD5M\xE1\x83'
2009-07-31 15:55:01 trace SENT [45104 management.open.net:5672]: Frame[BEbe; channel=0; {ConnectionStartOkBody: client-properties={qpid.client_pid:F4:int32(2788),qpid.client_ppid:F4:int32(2247),qpid.client_process:V2:12:str16(libvirt-qpid),qpid.session_flow:F4:int32(1)}; mechanism=GSSAPI; response=xxxxxx; locale=en_US; }]
2009-07-31 15:55:01 trace RECV [45104 management.open.net:5672]: Frame[BEbe; channel=0; {ConnectionCloseBody: reply-code=320; reply-text=connection-forced: Authentication failed; }]
2009-07-31 15:55:01 warning Broker closed connection: 320, connection-forced: Authentication failed
2009-07-31 15:55:01 debug Exception constructed: connection-forced: Authentication failed
2009-07-31 15:55:01 debug Exception constructed: connection-forced: Authentication failed
2009-07-31 15:55:01 debug Connection failed: exception=connection-forced: Authentication failed
--
Sylvain Desbureaux
+33 296 051 380
-----Message d'origine-----
De : DESBUREAUX Sylvain RD-BIZZ-LAN
Envoyé : vendredi 31 juillet 2009 15:27
À : DESBUREAUX Sylvain RD-BIZZ-LAN; ovirt-devel at redhat.com
Objet : RE: [Ovirt-devel] problem with kerberos (I think)
I solved db-omatic crashed with installing ovirt in a __non__ up to date F10. But I still have this when I launch libvirt-qpid from the physical node:
2009-07-31 10:09:32 warning Closing connection due to internal-error: Sasl error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No credentials cache found) (qpid/client/SaslFactory.cpp:226)
--
Sylvain Desbureaux
+33 296 051 380
De : ovirt-devel-bounces at redhat.com [mailto:ovirt-devel-bounces at redhat.com] De la part de sylvain.desbureaux at orange-ftgroup.com
Envoyé : vendredi 31 juillet 2009 10:20
À : ovirt-devel at redhat.com
Objet : [Ovirt-devel] problem with kerberos (I think)
Hi all,
I've got some problems to make work oVirt.
I've installed a Fedora 10 VM the lightest possible (nothing checked, even based) and installed after some packages (wget, sudo, acpid,...) and updated the system.
By the way, acpid should be a dependency of ovirt-installer because the installation fails if it's not available.
I've then installed ovirt (ovirt-server-installer ovirt-server ovirt-node-image ovirt-node-image-pxe) following the doc.
Everything went well (I've tested last year and the new installer is far better than the previous). The only differences I had to make is to shut down the firewall and comment some lines of ovirt-server.conf in httpd conf (see https://bugzilla.redhat.com/show_bug.cgi?id=514536)
I then looked at the logs and I found errors so I launched db-omatic and taskomatic in debug mode to see what the problem is:
Lauching db-omatic.rb:
[root at management ~]# /usr/share/ovirt-server/db-omatic/db_omatic.rb -n
INFO Fri Jul 31 10:04:31 +0200 2009 (7242) dbomatic started.
INFO Fri Jul 31 10:04:31 +0200 2009 (7242) Connecting to amqp://management.open.net:5672
/usr/share/ovirt-server/db-omatic/db_omatic.rb:252:in `object_props': undefined method `[]' for #<Qpid::Qmf::ClassKey:0x7f2a48ae8e80> (NoMethodError)
from /usr/lib/ruby/site_ruby/1.8/qpid/qmf.rb:608:in `handle_content_ind'
from /usr/lib/ruby/site_ruby/1.8/qpid/qmf.rb:1728:in `reply_cb'
from /usr/lib/ruby/site_ruby/1.8/qpid/qmf.rb:1716:in `loop'
from /usr/lib/ruby/site_ruby/1.8/qpid/qmf.rb:1716:in `reply_cb'
from /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in `to_proc'
from /usr/lib/ruby/site_ruby/1.8/qpid/queue.rb:91:in `call'
from /usr/lib/ruby/site_ruby/1.8/qpid/queue.rb:91:in `listen'
from /usr/lib/ruby/site_ruby/1.8/qpid/queue.rb:87:in `loop'
... 12 levels...
from /usr/share/ovirt-server/db-omatic/db_omatic.rb:95:in `initialize'
from /usr/share/ovirt-server/db-omatic/db_omatic.rb:475:in `new'
from /usr/share/ovirt-server/db-omatic/db_omatic.rb:475:in `main'
from /usr/share/ovirt-server/db-omatic/db_omatic.rb:482
ERROR Fri Jul 31 10:04:41 +0200 2009 (7242) Error in db-omatic: #<SystemExit:0x7f2a48a41a90>
ERROR Fri Jul 31 10:04:41 +0200 2009 (7242) /usr/lib/ruby/site_ruby/1.8/qpid/queue.rb:92:in `sleep'/usr/share/ovirt-server/db-omatic/db_omatic.rb:441:in `check_heartbeats'/usr/share/ovirt-server/db-omatic/db_omatic.rb:478:in `main'/usr/share/ovirt-server/db-omatic/db_omatic.rb:482
[root at management ~]#
As you can see db-omatic fails at start.
Launching taskomatic:
[root at management ~]# /usr/share/ovirt-server/task-omatic/taskomatic.rb -n -d
INFO Fri Jul 31 10:07:18 +0200 2009 (7259) Connecting to amqp://management.open.net:5672
INFO Fri Jul 31 10:07:18 +0200 2009 (7259) Cannot implement tasks, not connected to broker. Sleeping.
Iptables is shut down, packets are from F10 or Ovirt Repos
Also when I try to launch libvirt-qpid on the physical machine where ovirt management belongs, I have the following error:
[opennet at physical ~]$ export QPID_TRACE=1
[opennet at physical ~]$ sudo libvirt-qpid --broker management.open.net
[sudo] password for opennet:
libvir: error : this function is not supported by the hypervisor: virNodeGetInfo
Error: virNodeGetInfo Subsystem none: this function is not supported by the hypervisor: virNodeGetInfo in NodeWrap.cpp:NodeWrap:93 code: 3
Creating new pool: default, ptr is 0x1370e00
Syncing volumes.
xml returned device name VolGroup00, path /dev/sda2; volume path is /var/lib/libvirt/images/oVirt_management.img.fresh
libvir: Storage error : invalid storage volume pointer in no storage vol with matching path
adding volume to agent - volume 0x13782a0
done
Created new volume: oVirt_management.img.fresh, ptr is 0x13759c0
xml returned device name VolGroup00, path /dev/sda2; volume path is /var/lib/libvirt/images/oVirt_management.img.old
libvir: Storage error : invalid storage volume pointer in no storage vol with matching path
adding volume to agent - volume 0x13790d0
done
Created new volume: oVirt_management.img.old, ptr is 0x1376c50
xml returned device name VolGroup00, path /dev/sda2; volume path is /var/lib/libvirt/images/oVirt_management.img
libvir: Storage error : invalid storage volume pointer in no storage vol with matching path
adding volume to agent - volume 0x1377ee0
done
Created new volume: oVirt_management.img, ptr is 0x1379a30
xml returned device name VolGroup00, path /dev/sda2; volume path is /var/lib/libvirt/images/oVirt.img
libvir: Storage error : invalid storage volume pointer in no storage vol with matching path
adding volume to agent - volume 0x1378060
done
Created new volume: oVirt.img, ptr is 0x137aa60
Verifying volume oVirt_management.img.fresh
Verifying volume oVirt_management.img.old
Verifying volume oVirt_management.img
Verifying volume oVirt.img
Updating volume info
Updating volume info
Updating volume info
Updating volume info
Created new pool: default, ptr is 0x1370e00
Verifying pool default
Syncing volumes.
Verifying volume oVirt_management.img.fresh
Verifying volume oVirt_management.img.old
Verifying volume oVirt_management.img
Verifying volume oVirt.img
Updating volume info
Updating volume info
Updating volume info
Updating volume info
2009-07-31 10:09:32 warning Closing connection due to internal-error: Sasl error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No credentials cache found) (qpid/client/SaslFactory.cpp:226)
2009-07-31 10:09:34 warning Closing connection due to internal-error: Sasl error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No credentials cache found) (qpid/client/SaslFactory.cpp:226)
Here is the list of installed packages:
ovirt-docs.noarch 0.99-1.fc10 @ovirt
ovirt-node-image.x86_64 1.0.1-1.fc10 @ovirt
ovirt-node-image-pxe.x86_64 1.0.1-1.fc10 @ovirt
ovirt-release.noarch 0.99-1.fc10 installed
ovirt-server.noarch 0.99-1.fc10 @ovirt
ovirt-server-installer.noarch 0.99-1.fc10 @ovirt
libvirt.x86_64 0.6.3-0.86.git1a9cca4 @ovirt
krb5-libs.x86_64 1.6.3-18.fc10 installed
krb5-server.x86_64 1.6.3-18.fc10 @updates
krb5-server-ldap.x86_64 1.6.3-18.fc10 @updates
krb5-workstation.x86_64 1.6.3-18.fc10 @updates
qpidc.x86_64 0.5.790661-1.fc10 @updates
qpidd.x86_64 0.5.790661-1.fc10 @updates
I've seen in the mailing list a post of a guy having a similar problem but there's no answers for resolving it (https://www.redhat.com/archives/ovirt-devel/2009-April/msg00136.html) (I did all the things asked in the mails but I have the good behavior, i.e. time and dns correctly configured)
Thanks in advance for any reply you could make,
Sylvain Desbureaux
Recherche et Développement, Service aux entreprises
Ingénieur concepteur développeur de services réseaux pour les entreprises
tél. 02 96 05 13 80
sylvain.desbureaux at orange-ftgroup.com
More information about the ovirt-devel
mailing list