11:34 a.m.
------=_Part_16589028_1483637646.1478507679601
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hi,=20
----- Le 4 Nov 16, =C3=A0 18:22, Greg Sheremeta <gshereme(a)redhat.com> a =C3=
=A9crit :=20
Sorry for the delay. Did anyone help out on this yet? If not, I can
look =
now.
No problem. No evolution on this side, if you can take a look, it will be n=
ice.=20
Thank you.=20
Greg
On Mon, Oct 24, 2016 at 8:52 AM, Martin Perina <
mperina(a)redhat.com > wro=
te:
> Alex/Greg, could you please take a look?
> Thanks
> Martin
> On Mon, Oct 24, 2016 at 2:02 PM, Baptiste Agasse <
> baptiste.agasse(a)lyra-network.com > wrote:
>> Hi,
>> ----- Le 24 Oct 16, =C3=A0 11:25, Martin Perina <
mperina(a)redhat.com > =
a =C3=A9crit :
>>> On Mon, Oct 24, 2016 at 11:18 AM, Baptiste Agasse <
>>> baptiste.agasse(a)lyra-network.com > wrote:
>>>> Hi Ondra,
>>>> ----- Le 24 Oct 16, =C3=A0 10:36, Ondra Machacek
omachace(a)redhat.com =
a =C3=A9crit :
>>>> > On 10/21/2016 12:00 PM, Baptiste Agasse wrote:
>>>> >> Hi all,
>>>> >> We use ovirt 4.0.4 with FreeIPA as external
provider. The external=
provider was
>>>> >> configured via the
'ovirt-engine-extension-aaa-ldap-setup' command=
. The
>>>> >> authentication works fine, but in the webui,
when you go on the 'A=
ctive User
>>>> >> Sessions', all users uuid is showed as
'00000000-0000-0000-0000-00=
0000000000'.
>>>> >> Other problem, maybe related, when a user
create a VM, by default =
a permission
>>>> >> is created with the role of
'UserVmManager'. On the 'Permissions' =
pane, we see
>>>> >> a line with no value for User, Authorization
provider, Namespace. =
The only
>>>> >> value set on this line is the role
(UserVmManager in that case). W=
hen we try to
>>>> >> remove this line, an exception occurs in the
webui that prevent de=
letion of
>>>> >> this line.
>>>> > I've never see such issue with FreeIPA. Can
you please share what's
>>>> > your IPA version?
>>>> > Can you also please share the log of error which
occurs, when you t=
ry
>>>> > to remove the permission?
>>>> We have multiple ovirt envs, all ovirt version are
the same as descri=
bed, but
>>>> FreeIPA servers are in different versions on these
envs. We have one =
env with
>>>> FreeIPA on CentOS 6
(ipa-server-3.0.0-42.el6.centos.x86_64) and the o=
ther on
>>>> FreeIPA on CentOS 7
(ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64). =
The both
>>>> envs have the same problem. On our envs, the role
mapping in oVirt is=
done on
>>>> user groups and not on individual users.
>>>> For the permission problem, the problem only occurs
when the VM is cr=
eated via
>>>> the user webui. Creating VM with API or admin webui
is OK. When we tr=
y to
>>>> remove the permission, an UI exception occurs and no
logs on the engi=
ne.log
>>>> side. I've attached screenshots and ui.log.
>>> =E2=80=8BUnfortunately by default UI code is obfuscated,
so we cannot =
find exact issue.
>>> Could you please perform following steps and send us new
ui.log?
>>> 1. Install UI debug packages
>>> yum install ovirt-engine-webadmin-portal-debuginfo
>>> ovirt-engine-userportal-debuginfo=E2=80=8B
>>> =E2=80=8B2. Restart ovirt-engine
>>> systemctl restart ovirt-engine
>>> 3. Reproduce the error and share up-to-date ui.log with
use
>>> If needed more info about UI logs can be found at
>>> http://www.ovirt.org/develop/developer-guide/engine/engine-debug-obfus=
cated-ui/
>> I've reproduced the error, see attached engine.log at VM
creation time =
and the
>> ui.log when trying to remove inconsistent permission.
>> Thanks.
>>> Thanks
>>> Martin Perina
>>> =E2=80=8B
>>>> >> This behavior is verified on all our oVirt
environments (oVirt 4.0=
.4 + FreeIPA)
>>>> >> Someone hit the same problem ?
>>>> >> Have a nice day.
>>>> >> Regards.
>>>> Regards.
>>>> --
>>>> Baptiste AGASSE
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users(a)ovirt.org
>>>> http://lists.ovirt.org/mailman/listinfo/users
>> --
>> Baptiste AGASSE
--
Greg Sheremeta, MBA
Red Hat, Inc.
Sr. Software Engineer
gshereme(a)redhat.com
--=20
Baptiste AGASSE=20
Lyra Network France, Senior GNU/Linux engineer=20
109 Rue de l'innovation, 31670 Lab=C3=A8ge - France=20
Phone: (+33)5.67.22.31.87=20
Fax: (+33)5.67.22.31.61=20
E-mail: baptiste.agasse(a)lyra-network.com=20
Website: http://www.lyra-network.com=20
------=_Part_16589028_1483637646.1478507679601
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html><body><div style=3D"font-family: arial, helvetica, sans-serif;
font-s=
ize: 12pt; color:
#000000"><div>Hi,<br></div><div><br></div><div><span
id=
=3D"zwchr" data-marker=3D"__DIVIDER__">----- Le 4 Nov 16, =C3=A0
18:22, Gre=
g Sheremeta &lt;gshereme(a)redhat.com&gt; a =C3=A9crit
:<br></span></div><div=
data-marker=3D"__QUOTED_TEXT__"><blockquote style=3D"border-left:
2px soli=
d #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: n=
ormal; font-style: normal; text-decoration: none; font-family: Helvetica,Ar=
ial,sans-serif; font-size: 12pt;" data-mce-style=3D"border-left: 2px solid =
#1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: nor=
mal; font-style: normal; text-decoration: none; font-family: Helvetica,Aria=
l,sans-serif; font-size: 12pt;"><div dir=3D"ltr">Sorry for the
delay. Did a=
nyone help out on this yet? If not, I can look
now.</div></blockquote><div>=
<br></div><div>No problem. No evolution on this side, if you can take a
loo=
k, it will be nice.<br data-mce-bogus=3D"1"></div><div><br
data-mce-bogus=
=3D"1"></div><div>Thank you.<br
data-mce-bogus=3D"1"></div><div><br data-mc=
e-bogus=3D"1"></div><blockquote style=3D"border-left: 2px solid
#1010FF; ma=
rgin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-s=
tyle: normal; text-decoration: none; font-family: Helvetica,Arial,sans-seri=
f; font-size: 12pt;" data-mce-style=3D"border-left: 2px solid #1010FF; marg=
in-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-sty=
le: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif;=
font-size: 12pt;"><div
dir=3D"ltr"><br><div>Greg</div><br></div><div
class=
=3D"gmail_extra"><br><div class=3D"gmail_quote">On Mon,
Oct 24, 2016 at 8:5=
2 AM, Martin Perina <span dir=3D"ltr"><<a
href=3D"mailto:mperina@redhat.=
com" target=3D"_blank"
data-mce-href=3D"mailto:mperina@redhat.com">mperina@=
redhat.com</a>></span> wrote:<br><blockquote
class=3D"gmail_quote" style=
=3D"margin: 0 0 0 .8ex; border-left: 1px #ccc solid; padding-left: 1ex;" da=
ta-mce-style=3D"margin: 0 0 0 .8ex; border-left: 1px #ccc solid; padding-le=
ft: 1ex;"><div dir=3D"ltr"><div
class=3D"gmail_default" style=3D"font-famil=
y: arial,helvetica,sans-serif;" data-mce-style=3D"font-family: arial,helvet=
ica,sans-serif;">Alex/Greg, could you please take a
look?<br><br></div><div=
class=3D"gmail_default" style=3D"font-family:
arial,helvetica,sans-serif;"=
data-mce-style=3D"font-family: arial,helvetica,sans-serif;">Thanks<span
cl=
ass=3D"HOEnZb"><span style=3D"color: #888888;"
data-mce-style=3D"color: #88=
8888;"
color=3D"#888888"><br><br></span></span></div><div
class=3D"gmail_de=
fault" style=3D"font-family: arial,helvetica,sans-serif;"
data-mce-style=3D=
"font-family:
arial,helvetica,sans-serif;">Martin<br><br></div></div><div
c=
lass=3D"HOEnZb"><div class=3D"h5"><div
class=3D"gmail_extra"><br><div class=
=3D"gmail_quote">On Mon, Oct 24, 2016 at 2:02 PM, Baptiste Agasse <span
dir=
=3D"ltr"><<a
href=3D"mailto:baptiste.agasse@lyra-network.com" target=3D"=
_blank"
data-mce-href=3D"mailto:baptiste.agasse@lyra-network.com">baptiste.=
agasse(a)lyra-network.com</a>&gt;</span> wrote:<br><blockquote
class=3D"gmail=
_quote" style=3D"margin: 0 0 0 .8ex; border-left: 1px #ccc solid; padding-l=
eft: 1ex;" data-mce-style=3D"margin: 0 0 0 .8ex; border-left: 1px #ccc soli=
d; padding-left: 1ex;"><div><div style=3D"font-family:
arial,helvetica,sans=
-serif; font-size: 12pt; color: #000000;" data-mce-style=3D"font-family: ar=
ial,helvetica,sans-serif; font-size: 12pt; color:
#000000;"><div>Hi,<br></d=
iv><br><div><span
id=3D"m_-9203100326600061929m_9032670009760378103zwchr">-=
---- Le 24 Oct 16, =C3=A0 11:25, Martin Perina <<a href=3D"mailto:mperin=
a(a)redhat.com" target=3D"_blank"
data-mce-href=3D"mailto:mperina@redhat.com"=
mperina(a)redhat.com</a>&gt; a =C3=A9crit
:<br></span></div><div><blockquote=
style=3D"border-left: 2px solid #1010ff; margin-left: 5px; padding-left: 5=
px; color: #000; font-weight: normal; font-style: normal; text-decoration: =
none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;" data-mce-s=
tyle=3D"border-left: 2px solid #1010ff; margin-left: 5px; padding-left: 5px=
; color: #000; font-weight: normal; font-style: normal; text-decoration: no=
ne; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><div
dir=3D"=
ltr"><div class=3D"gmail_default" style=3D"font-family:
arial,helvetica,san=
s-serif;" data-mce-style=3D"font-family:
arial,helvetica,sans-serif;"><br><=
/div><div class=3D"gmail_extra"><br><div
class=3D"gmail_quote">On Mon, Oct =
24, 2016 at 11:18 AM, Baptiste Agasse <span dir=3D"ltr"><<a
href=3D"mail=
to:baptiste.agasse@lyra-network.com" target=3D"_blank"
data-mce-href=3D"mai=
lto:baptiste.agasse@lyra-network.com">baptiste.agasse@lyra-network.com</a>&=
gt;</span> wrote:<br><blockquote class=3D"gmail_quote"
style=3D"margin: 0px=
0px 0px 0.8ex; border-left: 1px solid #cccccc; padding-left: 1ex;" data-mc=
e-style=3D"margin: 0px 0px 0px 0.8ex; border-left: 1px solid #cccccc; paddi=
ng-left: 1ex;">Hi Ondra,<br><br> ----- Le 24 Oct 16, =C3=A0 10:36,
Ondra Ma=
chacek <a href=3D"mailto:omachace@redhat.com" target=3D"_blank"
data-mce-hr=
ef=3D"mailto:omachace@redhat.com">omachace@redhat.com</a> a =C3=A9crit
:<br=
<br> > On 10/21/2016 12:00 PM, Baptiste Agasse
wrote:<br> >> Hi a=
ll,<br> >><br>
>> We use ovirt 4.0.4 with FreeIPA as external p=
rovider. The external provider was<br> >> configured via the
'ovirt-e=
ngine-extension-aaa-ldap-setup' command. The<br> >> authentication
wo=
rks fine, but in the webui, when you go on the 'Active User<br> >>
Se=
ssions', all users uuid is showed as '00000000-0000-0000-0000-000000000000'=
.<br> >> Other problem, maybe related, when a user create a VM, by
de=
fault a permission<br> >> is created with the role of
'UserVmManager'=
. On the 'Permissions' pane, we see<br> >> a line with no
value for U=
ser, Authorization provider, Namespace. The only<br> >> value set on
=
this line is the role (UserVmManager in that case). When we try to<br> >=
> remove this line, an exception occurs in the webui that prevent deleti=
on of<br> >> this line.<br> ><br> > I've
never see such issue w=
ith FreeIPA. Can you please share what's<br> > your IPA
version?<br> >=
;<br> > Can you also please share the log of error which occurs, when yo=
u try<br> > to remove the permission?<br><br> We have multiple
ovirt env=
s, all ovirt version are the same as described, but FreeIPA servers are in =
different versions on these envs. We have one env with FreeIPA on CentOS 6 =
(ipa-server-3.0.0-42.el6.centos.x86_64) and the other on FreeIPA on CentOS =
7 (ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64). The both envs have the s=
ame problem. On our envs, the role mapping in oVirt is done on user groups =
and not on individual users.<br><br> For the permission problem, the proble=
m only occurs when the VM is created via the user webui. Creating VM with A=
PI or admin webui is OK. When we try to remove the permission, an UI except=
ion occurs and no logs on the engine.log side. I've attached screenshots an=
d ui.log.<br></blockquote><div><br><div
class=3D"gmail_default" style=3D"fo=
nt-family: arial,helvetica,sans-serif; display: inline;" data-mce-style=3D"=
font-family: arial,helvetica,sans-serif; display: inline;">=E2=80=8BUnfortu=
nately by default UI code is obfuscated, so we cannot find exact issue. Cou=
ld you please perform following steps and send us new
ui.log?<br><br></div>=
<div class=3D"gmail_default" style=3D"font-family:
arial,helvetica,sans-ser=
if; display: inline;" data-mce-style=3D"font-family: arial,helvetica,sans-s=
erif; display: inline;">1. Install UI debug packages<br>
=
yum install ovirt-engine-webadmin-portal-debuginfo ovirt-engine-user=
portal-debuginfo=E2=80=8B</div><br><br><div
style=3D"font-family: arial,hel=
vetica,sans-serif;" class=3D"gmail_default"
data-mce-style=3D"font-family: =
arial,helvetica,sans-serif;">=E2=80=8B2. Restart
ovirt-engine<br></div><div=
style=3D"font-family: arial,helvetica,sans-serif;"
class=3D"gmail_default"=
data-mce-style=3D"font-family:
arial,helvetica,sans-serif;"> &n=
bsp; systemctl restart
ovirt-engine<br><br></div><div style=3D"=
font-family: arial,helvetica,sans-serif;" class=3D"gmail_default"
data-mce-=
style=3D"font-family: arial,helvetica,sans-serif;">3. Reproduce the error a=
nd share up-to-date ui.log with use<br><br></div><div
style=3D"font-family:=
arial,helvetica,sans-serif;" class=3D"gmail_default"
data-mce-style=3D"fon=
t-family: arial,helvetica,sans-serif;">If needed more info about UI logs ca=
n be found at <a href=3D"http://www.ovirt.org/develop/developer-guide/engin=
e/engine-debug-obfuscated-ui/" target=3D"_blank"
data-mce-href=3D"http://ww=
w.ovirt.org/develop/developer-guide/engine/engine-debug-obfuscated-ui/&qu...
p://www.ovirt.org/develop/developer-guide/engine/engine-debug-obfuscated-ui=
/</a><br
data-mce-bogus=3D"1"></div></div></div></div></div></blockquote><b=
r><div>I've reproduced the error, see attached engine.log at VM creation ti=
me and the ui.log when trying to remove inconsistent
permission.<br></div><=
br><div>Thanks.<br></div><br><blockquote
style=3D"border-left: 2px solid #1=
010ff; margin-left: 5px; padding-left: 5px; color: #000; font-weight: norma=
l; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,=
sans-serif; font-size: 12pt;" data-mce-style=3D"border-left: 2px solid #101=
0ff; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal;=
font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sa=
ns-serif; font-size: 12pt;"><div dir=3D"ltr"><div
class=3D"gmail_extra"><di=
v class=3D"gmail_quote"><div><div style=3D"font-family:
arial,helvetica,san=
s-serif;" class=3D"gmail_default" data-mce-style=3D"font-family:
arial,helv=
etica,sans-serif;"><br><br></div><div
style=3D"font-family: arial,helvetica=
,sans-serif;" class=3D"gmail_default" data-mce-style=3D"font-family:
arial,=
helvetica,sans-serif;">Thanks<br><br></div><div
style=3D"font-family: arial=
,helvetica,sans-serif;" class=3D"gmail_default"
data-mce-style=3D"font-fami=
ly: arial,helvetica,sans-serif;">Martin
Perina<br>=E2=80=8B</div><br></div>=
<blockquote class=3D"gmail_quote" style=3D"margin: 0px 0px 0px 0.8ex;
borde=
r-left: 1px solid #cccccc; padding-left: 1ex;" data-mce-style=3D"margin: 0p=
x 0px 0px 0.8ex; border-left: 1px solid #cccccc; padding-left: 1ex;"><br>
&=
gt;<br> >><br> >> This behavior is verified on all
our oVirt en=
vironments (oVirt 4.0.4 + FreeIPA)<br> >><br> >>
Someone hit th=
e same problem ?<br> >><br> >> Have a nice
day.<br> >><br=
>> Regards.<br><br> Regards.<span
class=3D"m_-9203100326600061929HO=
EnZb"><span style=3D"color:
#888888;" data-mce-style=3D"color: #888888;" co=
lor=3D"#888888"><br><span
class=3D"m_-9203100326600061929m_9032670009760378=
103gmail-HOEnZb"><span style=3D"color: #888888;"
data-mce-style=3D"color: #=
888888;"><br> --<br> Baptiste AGASSE<br>
</span></span><br>________________=
_______________________________<br> Users mailing list<br><a
href=3D"mailto=
:Users@ovirt.org" target=3D"_blank"
data-mce-href=3D"mailto:Users@ovirt.org=
">Users(a)ovirt.org</a><br><a
href=3D"http://lists.ovirt.org/mailman/listinfo=
/users" rel=3D"noreferrer" target=3D"_blank"
data-mce-href=3D"http://lists.=
ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/...
sers</a><br><br></span></span></blockquote></div></div></div><span
class=3D=
"m_-9203100326600061929HOEnZb"><span style=3D"color: #888888;"
data-mce-sty=
le=3D"color: #888888;"
color=3D"#888888"><br></span></span></blockquote></d=
iv><span class=3D"m_-9203100326600061929HOEnZb"><span
class=3D"m_-920310032=
6600061929HOEnZb"><span style=3D"color: #888888;"
data-mce-style=3D"color: =
#888888;"
color=3D"#888888"><br></span></span></span><div>--
<br></div><div=
Baptiste
AGASSE<br></div></div></div></blockquote></div><br></div></div></=
div></blockquote></div><br><br
clear=3D"all"><br>-- <br><div class=3D"gmail=
_signature"><div dir=3D"ltr"><div>Greg Sheremeta,
MBA<br>Red Hat, Inc.<br>S=
r. Software Engineer<br><a href=3D"mailto:gshereme@redhat.com"
target=3D"_b=
lank"
data-mce-href=3D"mailto:gshereme@redhat.com">gshereme@redhat.com</a><=
br></div></div></div></div><br></blockquote></div><div><br></div><div
data-=
marker=3D"__SIG_POST__">-- <br></div><div>Baptiste
AGASSE<br>Lyra Network F=
rance, Senior GNU/Linux engineer<br>109 Rue de l'innovation, 31670 Lab=C3=
=A8ge - France<br>Phone: (+33)5.67.22.31.87<br>Fax:
(+33)5.67.22.31.61<br>E=
-mail: baptiste.agasse(a)lyra-network.com<br>Website: http://www.lyra-network=
.com</div></div></body></html>
------=_Part_16589028_1483637646.1478507679601--