Dear oVirt,

 

In our software tests, we deploy oVirt VMs using ansible and teardown also using ansible.

 

We noticed that each time we run nightly tests, using Jenkins user in ovirt, in one of the Jobs, first task, creating VM, fails with following error,

 

TASK [Login to oVirt] **********************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AuthError: Error during SSO authentication invalid_grant : The provided authorization grant for the username and password has expired.
fatal: [PVyrZMy0-csm-2.avinity.tv -> localhost]: FAILED! => {"changed": false, "msg": "Error during SSO authentication invalid_grant : The provided authorization grant for the username and password has expired."}

 

Immediately after, Token seem to be renewed and all other VMs are created without issue.

 

The play looks like following:

 

---

# file: provision-ovirt.yml

- name: Create VM in OVirt

  hosts: ovirt-vms

  gather_facts: false

  vars:

    - state: running

  pre_tasks:

    - name: Login to oVirt

      delegate_to: localhost

      ovirt_auth:

         url: "{{ ovirt_engine_url }}"

         username: "{{ ovirt_engine_user }}"

         password: "{{ ovirt_engine_password }}"

         ca_file: "{{ ovirt_engine_cafile | default(omit) }}"

         insecure: "{{ ovirt_engine_insecure | default(true) }}"

      run_once: true

  tasks:

    - name: "Get agent keys"

      delegate_to: localhost

      command: ssh-add -L

      register: ssh_agent_pubkeys

      run_once: true

      changed_when: False

    - name: Create new VMs from template

      delegate_to: localhost

      ovirt_vm:

        auth: "{{ ovirt_auth }}"

        name: "{{ inventory_hostname_short }}"

        nics:

        - name: nic1

          profile_name: tenant1

          interface: virtio

        cloud_init_nics:

        - nic_name: eth0

          nic_boot_protocol: dhcp

          nic_on_boot: true

        cloud_init:

          host_name: "{{ inventory_hostname_short }}"

          authorized_ssh_keys: "{{ ssh_agent_pubkeys.stdout }}"

        state: "{{ state }}"

        cluster: "{{ovirt_cluster}}"

        template: "{{ images_to_template[os_image] }}"

        instance_type: "{{ os_flavor_to_ovirt_instance_type[os_flavor] }}"

    - name: "Wait until the ansible user can log into the host (cloud-init needs to have finished)"

      command: ssh -oPasswordAuthentication=no -oStrictHostKeyChecking=no {{ansible_user}}@{{inventory_hostname}} exit

      register: ssh_output

      delegate_to: localhost

      until: ssh_output.rc == 0

      retries: 30

      delay: 5

      changed_when: False

  post_tasks:

    - name: Logout from oVirt

      delegate_to: localhost

      run_once: true

      ovirt_auth:

        state: absent

        ovirt_auth: "{{ ovirt_auth }}"

      tags:

        - always

 

How does token relates to user session in oVirt? We would expect that once we logout, token should be expired and upon new login just get renewed/new token to proceed.

Is it a bug? Is it in the play that we are doing something incorrectly?

 

Kindly awaiting your eply.

 

 

— — —
Met vriendelijke groet / Kind regards,

Marko Vrgotic