So I think I have narrowed it down to the OVN settings. The only problem now is, is that
when I want to update the OVN settings, it fails with “Failed to communicate with External
Provider. See logs for details”
When checking the logs, I see an error stating the “root hostname does not match” (In the
OVN settings via the WebUI, I see that it also points to the old hostname)
A bit of background on this, when the engine was initially built, it was configured with a
different hostname, which was then changed, but somehow it is still referencing the old
hostname. When I run the change hostname scripts
(/usr/share/ovirt-engine/setup/bin/ovirt-engine-rename) it runs through everything, until
it needs to modify the certs. (I have attached the screenshot)
I am really not sure where to go from here, and I believe that most of this has to do with
the certs (And I am just grasping at straws here)
I am starting to think that it would just be easier to deploy everything from scratch, but
if anybody has any ideas, I would appreciate it.
Thank you
Anton Louw
Cloud Engineer: Storage and Virtualization
______________________________________
D: 087 805 1572 | M: N/A
A: Rutherford Estate, 1 Scott Street, Waverley, Johannesburg
anton.louw(a)voxtelecom.co.za
www.vox.co.za
From: Anton Louw via Users <users(a)ovirt.org>
Sent: 18 June 2020 12:39
To: users(a)ovirt.org
Subject: [ovirt-users] Cannot authenticate user Invalid scopes: ovirt-app-api
Hi All,
A new issue 😊
We have configured oVirt to use KeyCloak for authentication. This all works, I can log
into the WebUI etc, but as soon as I need to talk to the API, it gives me the “invalid
scopes” error. I have double checked KeyCloak, and the scopes are added. I went through
the logs, but there is nothing telling me exactly what the actual cause is.
I get the below when trying to get a token from the engine:
“{"error_code":"access_denied","error":"Cannot
authenticate user Invalid scopes: ovirt-app-api ovirt-ext=token-info:authz-search
ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate
ovirt-ext=token:password-access."}”
Does anybody have any idea where this is going wrong?
Thanks
Anton Louw
Cloud Engineer: Storage and Virtualization at Vox
________________________________
T: 087 805 0000 | D: 087 805 1572
M: N/A
E: anton.louw@voxtelecom.co.za<mailto:anton.louw@voxtelecom.co.za>
A: Rutherford Estate, 1 Scott Street, Waverley, Johannesburg
www.vox.co.za<http://www.vox.co.za>
[
F]<https://www.facebook.com/voxtelecomZA>
[
T]<https://www.twitter.com/voxtelecom>
[
I]<https://www.instagram.com/voxtelecomza>
[
L]<https://www.linkedin.com/company/voxtelecom>
[
Y]<https://www.youtube.com/user/VoxTelecom>
[#VoxBrand]<https://www.vox.co.za/fibre/fibre-to-the-home/?prod=HOME>
Disclaimer
The contents of this email are confidential to the sender and the intended recipient.
Unless the contents are clearly and entirely of a personal nature, they are subject to
copyright in favour of the holding company of the Vox group of companies. Any recipient
who receives this email in error should immediately report the error to the sender and
permanently delete this email from all storage devices.
This email has been scanned for viruses and malware, and may have been automatically
archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business.
Providing a safer and more useful place for your human generated data. Specializing in;
Security, archiving and compliance. To find out more Click
Here<https://www.voxtelecom.co.za/security/mimecast/?prod=Enterprise>.