On 04/10/2017 05:38 PM, Giorgio Biacchi wrote:
Hi,
I'm taking over Giulio because he's not at work now. I'm starting to
understand what's happening because we have not that users (and many
others) in the users tab in the admin portal.
We have heavily modified the paradigm of ovirt, VM are bound to thin
clients and not to users, this because we want to reproduce a
lab/classroom environment and we don't use the user portal. We wrote an
alternative administration portal where we define classrooms, thin
clients and associations between clients and VMs.
Windows VMs are joined to a AD domain and linux VMs are joined to IPA,
home dirs are remotely mounted upon user login.
So there's no need to have all that users (over 31000) in the admin
portal because they have no permission on any VM, they can login from
any client to the VM bound to that client.
In the admin portal, if I go to a VM with a logged in user in the "Guest
info" tab I can see which user is logged in because, I think, the guest
agents are aware of the logged in username, but there's no "user object"
in the engine when I try to get that information via API.
Thanks for your time and patience..
Regards,
Giorgio
OK, that makes sense. I think this is a bug in the server then. If the
users are not oVirt users we should just not report them, or maybe
report just the user name and domain, if available. But returning 404
and failing in that case isn't correct, in my opinion. I have opened the
following bug to track this issue:
Don't fail with 404 if session user doesn't exist in the database
https://bugzilla.redhat.com/1440861
On 04/10/2017 01:18 PM, Juan Hernández wrote:
> On 04/10/2017 11:10 AM, Giulio Casella wrote:
>> On 07/04/2017 16:00, Juan Hernández wrote:
>>> I have been trying to reproduce this and I wasn't able. In theory the
>>> 404 error that you get should only happen if the virtual machine
>>> doesn't
>>> exist, but that isn't the case.
>>>
>>> Can you check the server.log file and share the complete stack traces
>>> that should appear after the "HTTP 404 Not Found" message?
>>>
>>
>> No problem, find attached a snippet of server.log.
>>
>> Bye,
>> Giulio
>>
>
> Thanks, that helps. What the engine isn't finding is the user, not the
> virtual machine. Can you provide more information about that user? I
> mean, take the virtual machine and find via the GUI which user is using
> it. Then go to https://.../ovirt-engine/api/users and find that user.
> Share the definition of that user that you get there, if possible.
>
>>> On 03/31/2017 10:25 AM, Giulio Casella wrote:
>>>> On 30/03/2017 20:05, Juan Hernández wrote:
>>>>> On 03/30/2017 01:01 PM, Giulio Casella wrote:
>>>>>> Hi,
>>>>>> I'm trying to obtain a list of users connected to a VM,
using
>>>>>> python SDK
>>>>>> v4.
>>>>>> Here's what I'm doing:
>>>>>>
>>>>>> vm = vms_service.list(search="name=vmname")[0]
>>>>>> vm_service = vms_service.vm_service(vm.id)
>>>>>> sessions = vm_service.sessions_service().list()
>>>>>>
>>>>>> But "sessions" is None.
>>>>>>
>>>>>> Same result using:
>>>>>>
>>>>>> s = connection.follow_link(vm.sessions)
>>>>>>
>>>>>> "s" is None.
>>>>>>
>>>>>> I tried also using curl, and if I connect to:
>>>>>>
>>>>>>
https://my.ovirt.host/ovirt-engine/api/v4/vms/<vmid>/sessions
>>>>>>
>>>>>> I get a beautiful 404.
>>>>>>
>>>>>> Also using v3 of python SDK I obtain the same behaviour.
>>>>>>
>>>>>> So I suspect that retrieving user sessions via API is not
>>>>>> implemented,
>>>>>> is it? If not, what I'm doing wrong?
>>>>>>
>>>>>> I'm using RHV 4.0.6.3-0.1.el7ev
>>>>>>
>>>>>> Thanks in advance,
>>>>>> Giulio
>>>>>>
>>>>>
>>>>> Giulio, you should never get a 404 error from that URL, unless the
>>>>> virtual doesn't exist or isn't visible for you. What user
name are
>>>>> you
>>>>> to create the SDK connection? An administrator or a regular user?
>>>>>
>>>>
>>>> I tried with a regular domain user (with superuser role assigned) and
>>>> admin@internal, with same result.
>>>>
>>>>> Also, please check the /var/log/ovirt-engine/server.log and
>>>>> /var/log/ovirt-engine/engine.log when you send that request. Do
>>>>> you see
>>>>> there something relevant?
>>>>
>>>> server.log reports:
>>>>
>>>> 2017-03-31 10:03:11,346 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>> (default task-33) RESTEASY002010: Failed to execute:
>>>> javax.ws.rs.WebApplicationException: HTTP 404 Not Found
>>>>
>>>> (no surprise here, same message obtained by curl).
>>>>
>>>> engine.log is full of:
>>>>
>>>> ERROR [org.ovirt.engine.core.aaa.filters.SsoRestApiAuthFilter]
>>>> (default
>>>> task-7) [] Cannot authenticate using authentication Headers:
>>>> invalid_grant: The provided authorization grant for the auth code has
>>>> expired
>>>>
>>>> (indipendently of my request)
>>>>
>>>> It's quite strange I can perform almost every other operation (e.g.
>>>> getting other VM parameters, running methods, etc.)
>>>>
>>>>
>>>>>
>>>>> Finally, please run your script with the 'debug=True' option
in the
>>>>> connection, and with a log file, like here:
>>>>>
>>>>>
>>>>>
https://github.com/oVirt/ovirt-engine-sdk/blob/master/sdk/examples/list_v...
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Then share that log file so that we can check what the server is
>>>>> returning exactly. Make sure to remove your password from that log
>>>>> file
>>>>> before sharing it.
>>>>>
>>>> Find attached produced log (passwords purged).
>>>>
>>>> BTW: VM is a Fedora 24, with guest agents correctly installed (I
>>>> can see
>>>> user sessions in admin portal and in postgresql DB).
>>>>
>>>> Thanks,
>>>> Giulio
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users(a)ovirt.org
>>>>
http://lists.ovirt.org/mailman/listinfo/users
>>>>
>>>
>>
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
>
http://lists.ovirt.org/mailman/listinfo/users
>