<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Nope, I just reset the password twice in FreeIPA. Once with a random
password and next with a very simple password<br>
<br>
<br>
<blockquote>2015-01-22 15:31:09,344 INFO
[org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
(ajp--127.0.0.1-8702-5) Cant login user "test-admin" with
authentication profile "netbulae.test" because the authentication
failed.<br>
2015-01-22 15:31:09,366 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-5) Correlation ID: null, Call Stack: null,
Custom Event ID: -1, Message: User <a class="moz-txt-link-abbreviated" href="mailto:test-admin@netbulae.test">test-admin@netbulae.test</a> failed
to log in.<br>
2015-01-22 15:31:09,367 WARN
[org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand]
(ajp--127.0.0.1-8702-5) CanDoAction of action LoginAdminUser
failed for user <a class="moz-txt-link-abbreviated" href="mailto:test-admin@netbulae.test">test-admin@netbulae.test</a>. Reasons:
USER_PASSWORD_EXPIRED<br>
<br>
</blockquote>
On the ipa side, I don't see any authentication attempts in de logs.
ldapsearch with the same account and password on the ipa works fine.<br>
<br>
<br>
<div class="moz-cite-prefix">On 01/22/2015 02:55 PM, Oved Ourfali
wrote:<br>
</div>
<blockquote
cite="mid:1782147377.13447945.1421934906755.JavaMail.zimbra@redhat.com"
type="cite">
<pre wrap="">are you able to login with these credentials to oVirt directly?
----- Original Message -----
</pre>
<blockquote type="cite">
<pre wrap="">From: "Jorick Astrego" <a class="moz-txt-link-rfc2396E" href="mailto:j.astrego@netbulae.eu"><j.astrego@netbulae.eu></a>
To: "Oved Ourfali" <a class="moz-txt-link-rfc2396E" href="mailto:ovedo@redhat.com"><ovedo@redhat.com></a>
Cc: "Ohad Levy" <a class="moz-txt-link-rfc2396E" href="mailto:ohadlevy@redhat.com"><ohadlevy@redhat.com></a>, <a class="moz-txt-link-abbreviated" href="mailto:users@ovirt.org">users@ovirt.org</a>
Sent: Thursday, January 22, 2015 3:48:45 PM
Subject: Re: [ovirt-users] roles for foreman integration user
Ah sorry, could have checked myself. Trying to get 3.5.1 running for DEV in a
hurry ;-)
Processing by ComputeResourcesController#test_connection as */*
Parameters: {"utf8"=>"✓",
"authenticity_token"=>"D/PZVxVpow1glpUBkxcD90WsMJjAxilbdWgXClgf7C8=",
"compute_resource"=>{"name"=>"engineen", "provider"=>"Ovirt",
"description"=>"", "url"=> <a class="moz-txt-link-rfc2396E" href="https://ovirt-engine.netbulae.test/api">"https://ovirt-engine.netbulae.test/api"</a> ,
"user"=> <a class="moz-txt-link-rfc2396E" href="mailto:test-admin@netbulae.test">"test-admin@netbulae.test"</a> , "password"=>"[FILTERED]",
"location_ids"=>["", "2"], "organization_ids"=>["", "1"]}, "cr_id"=>"null"}
CR_ID IS null
String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
engineen was not decrypted
String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
engineen was not decrypted
String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
engineen was not decrypted
String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
engineen was not decrypted
String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
engineen was not decrypted
String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
engineen was not decrypted
And the other side:
2015-01-22 13:59:20,034 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(org.ovirt.thread.pool-8-thread-8) [1414b745] Correlation ID: 1414b745, Call
Stack: null, Custom Event ID: -1, Message: User/Group test- was granted
permission for Role DataCenterAdmin on System by
2015-01-22 14:00:21,674 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-1) User test-admin authentication failed. profile is
netbulae.mgmt. Invocation Result code is 0. Authn result code is
CREDENTIALS_EXPIRED
2015-01-22 14:00:21,763 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-6) User test-admin authentication failed. profile is
netbulae.mgmt. Invocation Result code is 0. Authn result code is
CREDENTIALS_EXPIRED
2015-01-22 14:00:21,849 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-5) User test-admin authentication failed. profile is
netbulae.mgmt. Invocation Result code is 0. Authn result code is
CREDENTIALS_EXPIRED
2015-01-22 14:09:39,982 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-1) User test-admin authentication failed. profile is
netbulae.mgmt. Invocation Result code is 0. Authn result code is
CREDENTIALS_EXPIRED
2015-01-22 14:09:40,071 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-8) User test-adminauthentication failed. profile is
netbulae.mgmt. Invocation Result code is 0. Authn result code is
CREDENTIALS_EXPIRED
2015-01-22 14:09:40,203 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-2) User test-admin authentication failed. profile is
netbulae.mgmt. Invocation Result code is 0. Authn result code is
CREDENTIALS_EXPIRED
Cheers, Jorick
On 01/22/2015 02:29 PM, Oved Ourfali wrote:
You need to share the logs on both ends (ovirt+foreman) for us to understand
it.
Thanks,
Oved
----- Original Message -----
From: "Jorick Astrego" <a class="moz-txt-link-rfc2396E" href="mailto:j.astrego@netbulae.eu"><j.astrego@netbulae.eu></a> To: "Oved Ourfali"
<a class="moz-txt-link-rfc2396E" href="mailto:ovedo@redhat.com"><ovedo@redhat.com></a> Cc: <a class="moz-txt-link-abbreviated" href="mailto:users@ovirt.org">users@ovirt.org</a> Sent: Thursday, January 22, 2015
3:25:51 PM
Subject: Re: [ovirt-users] roles for foreman integration user
I will check, but I now also have the problem in reverse. The compute
resource in foreman 1.6 will only work with admin@internal. Gave the
external user the superuser role to test but still permission denied.
I also cannot login to the api with this user manually, do I have to
configure external authentication for api access somewhere else?
Thanks for all the help!
Jorick
On 01/22/2015 01:58 PM, Oved Ourfali wrote:
Have a look at the prerequisites section in
<a class="moz-txt-link-freetext" href="http://www.ovirt.org/Features/ForemanIntegration#Bare-Metal_Provisioning">http://www.ovirt.org/Features/ForemanIntegration#Bare-Metal_Provisioning</a> It
specifies what you must be able to do in Foreman for the integration to
work.
(currently we require proper permissions to view relevant bare-metal hosts,
host groups, compute resources and execute provision request - which is a
request to add a host).
It is not the complete set of specific roles in Foreman, but it can help do
the mapping.
CC-ing also Ohad from the Foreman team, which can help if the information
in the wiki isn't enough.
Thanks,
Oved
----- Original Message -----
From: "Jorick Astrego" <j.astrego@ netbulae.eu >
To: users@ ovirt.org
Sent: Thursday, January 22, 2015 2:48:34 PM
Subject: [ovirt-users] roles for foreman integration user
Hi,
Quick question, which foreman roles does the foreman integration user
require in the foreman.
I've tried a couple of permission settings but can only get the test to
work when the use has role admin.
Met vriendelijke groet, With kind regards,
Jorick Astrego
Netbulae Virtualization Experts
Tel: 053 20 30 270 info@ netbulae.eu Staalsteden 4-3A KvK 08198180
Fax: 053 20 30 271 <a class="moz-txt-link-abbreviated" href="http://www.netbulae.eu">www.netbulae.eu</a> 7547 TA Enschede BTW NL821234584B01
_______________________________________________
Users mailing list
Users@ ovirt.org <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a>
Met vriendelijke groet, With kind regards,
Jorick Astrego
Netbulae Virtualization Experts
Tel: 053 20 30 270 <a class="moz-txt-link-abbreviated" href="mailto:info@netbulae.eu">info@netbulae.eu</a> Staalsteden 4-3A KvK 08198180
Fax: 053 20 30 271 <a class="moz-txt-link-abbreviated" href="http://www.netbulae.eu">www.netbulae.eu</a> 7547 TA Enschede BTW NL821234584B01
_______________________________________________
Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a>
<a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a>
Met vriendelijke groet, With kind regards,
Jorick Astrego
Netbulae Virtualization Experts
Tel: 053 20 30 270 <a class="moz-txt-link-abbreviated" href="mailto:info@netbulae.eu">info@netbulae.eu</a> Staalsteden 4-3A KvK 08198180
Fax: 053 20 30 271 <a class="moz-txt-link-abbreviated" href="http://www.netbulae.eu">www.netbulae.eu</a> 7547 TA Enschede BTW NL821234584B01
_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a>
<a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a>
</pre>
</blockquote>
</blockquote>
<br>
<BR />
<BR />
<b style="color:#604c78"></b><br><span style="color:#604c78;"><font color="000000"><span style="mso-fareast-language:en-gb;" lang="NL">Met vriendelijke groet, With kind regards,<br><br></span>Jorick Astrego</font></span><b style="color:#604c78"><br><br>Netbulae Virtualization Experts </b><br><hr style="border:none;border-top:1px solid #ccc;"><table style="width: 522px"><tbody><tr><td style="width: 130px;font-size: 10px">Tel: 053 20 30 270</td> <td style="width: 130px;font-size: 10px">info@netbulae.eu</td> <td style="width: 130px;font-size: 10px">Staalsteden 4-3A</td> <td style="width: 130px;font-size: 10px">KvK 08198180</td></tr><tr> <td style="width: 130px;font-size: 10px">Fax: 053 20 30 271</td> <td style="width: 130px;font-size: 10px">www.netbulae.eu</td> <td style="width: 130px;font-size: 10px">7547 TA Enschede</td> <td style="width: 130px;font-size: 10px">BTW NL821234584B01</td></tr></tbody></table><br><hr style="border:none;border-top:1px solid #ccc;"><BR />
</body>
</html>