12:07 p.m.
Le 16/04/2021 à 10:31, Radoslaw Szwajkowski a écrit :
> [root@air-dev ~]#
> /usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py
> --version "1" keys
> {"keys": [{"entityid":
"d5e69fa0-96a0-4aae-952d-18fe36940248", "entity":
> "sblanchet@levant.abes.fr(a)abes.fr-authz", "key": "ssh-rsa
>
AAAAB3NzaC1yc2EAAAABIwAAAQEAyfrDI84RWtSvFOUvpb9DkbnIuEfZEQAt4ZCXDHNXcmRwa9iXfPbj69gkOJyj7Jhj9RinJn9at4NgJtrO/rRRgT+SzYUWpdO2KWHgRM5v1rpYcw820ZDdAZk+yxCjQsy6kd49q/q6B+Uzg8Kpth+CAV1ubRrBYqFiuT/qQe9y+0N1TkNdASWL38oZH9K0rzbDb4WlU2Er2BCXzoLF2NBk7iyaS3+Y65DqWPPHHdh89nilC6k5N7SCUkSOayrjh7NnErkBAKZ6PPaarZqZhZPrCbHZnu0oqA0XQXKLcYpwuhNwcK8e4ZWsDwMmArnNcmS6JFxnPIrGYxxmv01K6VXVvw=="}],
> "version": 1, "content": "key_list"}
>
> but the same command on the main engine returns empty
>
> [root@air ~]#
> /usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py
> --version "1" keys
>
Empty list (no keys) should look similar to: {"keys": [], "version":
1, "content": "key_list"}
In your case it seems that VMConsoleProxyServlet is not responding
i.e. on my dev env I get a similar result (empty output,error code 1)
when server is down.
it is up
● ovirt-vmconsole-proxy-sshd.service - oVirt VM Console SSH server daemon
Loaded: loaded
(/usr/lib/systemd/system/ovirt-vmconsole-proxy-sshd.service; enabled;
vendor preset: disabled)
Active: active (running) since Fri 2021-04-16 10:50:41 CEST; 1min
27s ago
Main PID: 1914370 (sshd)
Tasks: 1 (limit: 204594)
Memory: 3.5M
CGroup: /system.slice/ovirt-vmconsole-proxy-sshd.service
└─1914370 /usr/sbin/sshd -f
/usr/share/ovirt-vmconsole/ovirt-vmconsole-proxy/ovirt-vmconsole-proxy-sshd/sshd_config
-D
avril 16 10:50:41 air.v100.abes.fr systemd[1]: Started oVirt VM Console
SSH server daemon.
avril 16 10:50:41 air.v100.abes.fr sshd[1914370]: Server listening on
0.0.0.0 port 2222.
avril 16 10:50:41 air.v100.abes.fr sshd[1914370]: Server listening on ::
port 2222.
avril 16 10:52:02 air.v100.abes.fr ovirt-vmconsole[1914540]: 2021-04-16
10:52:02,241+0200 ovirt-vmconsole-list: ERROR main:265 Error: HTTP Error
403: Forbidden
avril 16 10:52:02 air.v100.abes.fr ovirt-vmconsole-proxy-keys[1914536]:
ERROR Key list execution failed rc=1
avril 16 10:52:02 air.v100.abes.fr sshd[1914534]: AuthorizedKeysCommand
/usr/libexec/ovirt-vmconsole-proxy-keys ovirt-vmconsole failed, status 1
avril 16 10:52:02 air.v100.abes.fr ovirt-vmconsole[1914547]: 2021-04-16
10:52:02,806+0200 ovirt-vmconsole-list: ERROR main:265 Error: HTTP Error
403: Forbidden
avril 16 10:52:02 air.v100.abes.fr ovirt-vmconsole-proxy-keys[1914543]:
ERROR Key list execution failed rc=1
avril 16 10:52:02 air.v100.abes.fr sshd[1914534]: AuthorizedKeysCommand
/usr/libexec/ovirt-vmconsole-proxy-keys ovirt-vmconsole failed, status 1
avril 16 10:52:03 air.v100.abes.fr sshd[1914534]: Connection closed by
authenticating user ovirt-vmconsole 10.34.100.131 port 53674 [preauth]
However you can check if DB contains the right data (key is encoded as
JSON string - enclosed in double quotes):
SELECT users.username, user_profiles.property_content::text
FROM user_profiles
JOIN users ON users.user_id = user_profiles.user_id
WHERE user_profiles.property_type= 'SSH_PUBLIC_KEY';
https://air.v100.abes.fr//ovirt-engine/api/users/1bb90486-d431-4554-a6a1-...
<ssh_public_keys/>
is empty
while
https://air-dev.v100.abes.fr/ovirt-engine/api/users/d5e69fa0-96a0-4aae-95...
returns
<ssh_public_keys>
<ssh_public_key
href="/ovirt-engine/api/users/d5e69fa0-96a0-4aae-952d-18fe36940248/sshpublickeys/1fa3fcaf-7475-4c72-9565-b32425d3c8fd"
id="1fa3fcaf-7475-4c72-9565-b32425d3c8fd">
<content>
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAyfrDI84RWtSvFOUvpb9DkbnIuEfZEQAt4ZCXDHNXcmRwa9iXfPbj69gkOJyj7Jhj9RinJn9at4NgJtrO/rRRgT+SzYUWpdO2KWHgRM5v1rpYcw820ZDdAZk+yxCjQsy6kd49q/q6B+Uzg8Kpth+CAV1ubRrBYqFiuT/qQe9y+0N1TkNdASWL38oZH9K0rzbDb4WlU2Er2BCXzoLF2NBk7iyaS3+Y65DqWPPHHdh89nilC6k5N7SCUkSOayrjh7NnErkBAKZ6PPaarZqZhZPrCbHZnu0oqA0XQXKLcYpwuhNwcK8e4ZWsDwMmArnNcmS6JFxnPIrGYxxmv01K6VXVvw==
</content>
<user
href="/ovirt-engine/api/users/d5e69fa0-96a0-4aae-952d-18fe36940248"
id="d5e69fa0-96a0-4aae-952d-18fe36940248"/>
</ssh_public_key>
</ssh_public_keys>
best regards,
Radek
--
Nathanaël Blanchet
Supervision réseau
SIRE
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
blanchet(a)abes.fr