Sorry for the delay. Did anyone help out on this yet? If not, I can look
now.
Greg
On Mon, Oct 24, 2016 at 8:52 AM, Martin Perina <mperina(a)redhat.com> wrote:
Alex/Greg, could you please take a look?
Thanks
Martin
On Mon, Oct 24, 2016 at 2:02 PM, Baptiste Agasse <
baptiste.agasse(a)lyra-network.com> wrote:
> Hi,
>
> ----- Le 24 Oct 16, à 11:25, Martin Perina <mperina(a)redhat.com> a écrit :
>
>
>
> On Mon, Oct 24, 2016 at 11:18 AM, Baptiste Agasse <
> baptiste.agasse(a)lyra-network.com> wrote:
>
>> Hi Ondra,
>>
>> ----- Le 24 Oct 16, à 10:36, Ondra Machacek omachace(a)redhat.com a écrit
>> :
>>
>> > On 10/21/2016 12:00 PM, Baptiste Agasse wrote:
>> >> Hi all,
>> >>
>> >> We use ovirt 4.0.4 with FreeIPA as external provider. The external
>> provider was
>> >> configured via the 'ovirt-engine-extension-aaa-ldap-setup'
command.
>> The
>> >> authentication works fine, but in the webui, when you go on the
>> 'Active User
>> >> Sessions', all users uuid is showed as
'00000000-0000-0000-0000-00000
>> 0000000'.
>> >> Other problem, maybe related, when a user create a VM, by default a
>> permission
>> >> is created with the role of 'UserVmManager'. On the
'Permissions'
>> pane, we see
>> >> a line with no value for User, Authorization provider, Namespace. The
>> only
>> >> value set on this line is the role (UserVmManager in that case). When
>> we try to
>> >> remove this line, an exception occurs in the webui that prevent
>> deletion of
>> >> this line.
>> >
>> > I've never see such issue with FreeIPA. Can you please share what's
>> > your IPA version?
>> >
>> > Can you also please share the log of error which occurs, when you try
>> > to remove the permission?
>>
>> We have multiple ovirt envs, all ovirt version are the same as
>> described, but FreeIPA servers are in different versions on these envs. We
>> have one env with FreeIPA on CentOS 6 (ipa-server-3.0.0-42.el6.centos.x86_64)
>> and the other on FreeIPA on CentOS 7
(ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64).
>> The both envs have the same problem. On our envs, the role mapping in oVirt
>> is done on user groups and not on individual users.
>>
>> For the permission problem, the problem only occurs when the VM is
>> created via the user webui. Creating VM with API or admin webui is OK. When
>> we try to remove the permission, an UI exception occurs and no logs on the
>> engine.log side. I've attached screenshots and ui.log.
>>
>
> Unfortunately by default UI code is obfuscated, so we cannot find exact
> issue. Could you please perform following steps and send us new ui.log?
>
> 1. Install UI debug packages
> yum install ovirt-engine-webadmin-portal-debuginfo
> ovirt-engine-userportal-debuginfo
>
>
> 2. Restart ovirt-engine
> systemctl restart ovirt-engine
>
> 3. Reproduce the error and share up-to-date ui.log with use
>
> If needed more info about UI logs can be found at
>
http://www.ovirt.org/develop/developer-guide/engine/engine-d
> ebug-obfuscated-ui/
>
>
> I've reproduced the error, see attached engine.log at VM creation time
> and the ui.log when trying to remove inconsistent permission.
>
> Thanks.
>
>
>
> Thanks
>
> Martin Perina
>
>
>
>> >
>> >>
>> >> This behavior is verified on all our oVirt environments (oVirt 4.0.4
>> + FreeIPA)
>> >>
>> >> Someone hit the same problem ?
>> >>
>> >> Have a nice day.
>> >>
>> >> Regards.
>>
>> Regards.
>>
>> --
>> Baptiste AGASSE
>>
>> _______________________________________________
>> Users mailing list
>> Users(a)ovirt.org
>>
http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>
> --
> Baptiste AGASSE
>
--
Greg Sheremeta, MBA
Red Hat, Inc.
Sr. Software Engineer
gshereme(a)redhat.com