Re: [Users] SSO from user portal to Windows 7 guest

From: "Itamar Heim" <iheim(a)redhat.com To: "simon" <simon(a)simminfo.com Cc: "Frantisek Kobzik" <fkobzik(a)redhat.com&gt;, users(a)ovirt.org, "Yair Zaslavsky" <yzaslavs(a)redhat.com Sent: Thursday, February 20, 2014 9:15:11 AM Subject: Re: [Users] SSO from user portal to Windows 7 guest On 02/20/2014 07:31 AM, simon wrote: > > On February 18, 2014 at 4:47 PM Itamar Heim <iheim(a)redhat.com&gt; wrote: > > > On 02/18/2014 06:59 PM, SimmInfo wrote: > > > Yes, I make my tests from user portal. > > > > > Envoyé de mon iPad > > > > >> Le 2014-02-18 à 09:14, Itamar Heim <iheim(a)redhat.com&gt; a écrit : > > > > > >>> On 02/18/2014 03:36 PM, SimmInfo wrote: > > >>> Ok, > > >> > > >>> I tested it on a 3.4 beta2. Build a VM (win7 32) check "Guest > agent" as SSO option in vm config. > > >> > > >>> Same result as the 3.3.3 engine. No sso but lock screen on spice > session termination. > > >> > > >>> Nothing in engine.log about VmLogon nor Guest agent reportion to > the engine but Admin portal populated with vm ip, user connected, ip of > the connected user (very useful info), installed app, etc. > > >> > > >>> Is there another way to know if the agent is correctly reporting > to the engine? > > >> > > >>> Will test today with a fedora host. > > > > > >> just to make sure - did you notice the important point of SSO only > works if you login from the user portal, not from the webadmin? > > > > > >> > > >>> Thanks! > > >> > > >>> My test config : > > >> > > >>> Engine 3.4 beta2 on CentOS 6.5 > > >>> Node CentOS 6.5 with vdsm from prerelease repo. > > >>> Storage iscsi > > >> > > >> > > >>>> Le 2014-02-17 à 04:24, Frantisek Kobzik <fkobzik(a)redhat.com&gt; a > écrit : > > >>> > > >>>> Yes, that's a valid point (however it _should_ be set to 'Guest > Agent' by default). > > >>> > > >>>> To sum it up, SSO should happen (on the engine side) if all > these conditions are true: > > >>>> - user is connecting via userportal (not webadmin), > > >>>> - guest agent presence is reported to engine, > > >>>> - state of VM is strictly "Up" > > >>>> - VM has SSO method set to "Guest agent" (Itamar's mail). > > >>> > > >>>> If these conditions are fulfilled and SSO still doesn't work, > there must be something wrong with the engine (or with reporting GA > presence). > > >>> > > >>>> Also VmLogon command should print some information to engine's > log - could you take a look? > > >>> > > >>>> Cheers, > > >>>> Franta. > > >>> > > >>> > > >>>> ----- Original Message ----- > > >>>> From: "Itamar Heim" <iheim(a)redhat.com > > >>>> To: "SimmInfo" <simon(a)simminfo.com&gt;, users(a)ovirt.org, "Frantisek > Kobzik" <fkobzik(a)redhat.com > > >>>> Sent: Monday, February 17, 2014 3:35:08 AM > > >>>> Subject: Re: [Users] SSO from user portal to Windows 7 guest > > >>> > > >>>>> On 02/15/2014 07:51 AM, SimmInfo wrote: > > >>>>> Ok, after more investigation on agent logs and some code > modification it seem that the agent is receiving commands from virtio > device. As it should. I have seen commands lock-screen, shutdown, etc... > But not the "login" command. Look like engine trouble... I will do more > testing tomorrow. > > >>>> > > >>>>> Simon > > >>>>> _______________________________________________ > > >>>>> Users mailing list > > >>>>> Users(a)ovirt.org > > >>>>> http://lists.ovirt.org/mailman/listinfo/users > > >>> > > >>>> make sure it is enabled for the VM? > > >>> > > >>>> commit abd645d5af8a5e4f7986bef00f470171a63be823 > > >>>> Author: Frantisek Kobzik <fkobzik(a)redhat.com > > >>>> Date: Tue Nov 26 11:16:26 2013 +0100 > > >>> > > >>>> frontend: Allow enabling/disabling SSO > > >>> > > >>>> This small feature allows controlling SSO per VM. > > >>>> Changes: > > >>>> - new radio buttons in New/Edit VM/Template/VmPool dialog. > > >>> > > >>>> Change-Id: I213110a1554cd67b6cd8560477b5d7551e89f24e > > >>>> Signed-off-by: Frantisek Kobzik <fkobzik(a)redhat.com > > >>>> Bug-Url: https://bugzilla.redhat.com/1035279 > > > > > > engine log? > Get no time for testing with fedora guest but there is some log output > of the connection to the vm from user portal : > I've noticed that error : *Error in finding LDAP servers for domain > rstemis.reg01.rtss.qc.ca using user levsim01(a)CSSSBASQUES.REG01.RTSS.QC.CA* > This domain : *rstemis.reg01.rtss.qc.ca* is not my domain but another > domain member of the same forest...

> 2014-02-20 00:02:47,721 INFO > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > (org.ovirt.thread.pool-6-thread-40) [63705695] Correlation ID: 63705695, > Job ID: bba86395-6eaa-4539-9557-2a0ba45b161c, Call Stack: null, Custom > Event ID: -1, Message: VM test was started by admin (Host: > csl01basqu0vh01.csssbasques.reg01.rtss.qc.ca). > 2014-02-20 00:02:50,795 INFO > [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] > (DefaultQuartzScheduler_Worker-47) VM test > 8bf43efc-9424-4ffd-b5c6-1c92623267ea moved from WaitForLaunch -- > PoweringUp > 2014-02-20 00:02:50,804 INFO > [org.ovirt.engine.core.vdsbroker.vdsbroker.FullListVdsCommand] > (DefaultQuartzScheduler_Worker-47) START, FullListVdsCommand(HostName = > csl01basqu0vh01.csssbasques.reg01.rtss.qc.ca, HostId = > 0e900351-de49-4646-a4b1-394343e32f81, > vds=Host[csl01basqu0vh01.csssbasques.reg01.rtss.qc.ca], > vmIds=[8bf43efc-9424-4ffd-b5c6-1c92623267ea]), log id: 4714a293 > 2014-02-20 00:02:50,813 INFO > [org.ovirt.engine.core.vdsbroker.vdsbroker.FullListVdsCommand] > (DefaultQuartzScheduler_Worker-47) FINISH, FullListVdsCommand, return: > [Ljava.util.HashMap;@1bbd855a, log id: 4714a293 > 2014-02-20 00:02:50,815 INFO > [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] > (DefaultQuartzScheduler_Worker-47) Received a console Device without an > address when processing VM 8bf43efc-9424-4ffd-b5c6-1c92623267ea devices, > skipping device: {alias=console0, specParams={}, device=console, > type=console, deviceId=dd007a77-cbf1-4c58-9cea-39427e770d5d} > 2014-02-20 00:03:48,442 INFO > [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] > (DefaultQuartzScheduler_Worker-44) VM test > 8bf43efc-9424-4ffd-b5c6-1c92623267ea moved from PoweringUp --> Up > 2014-02-20 00:03:48,449 INFO > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > (DefaultQuartzScheduler_Worker-44) Correlation ID: 63705695, Job ID: > bba86395-6eaa-4539-9557-2a0ba45b161c, Call Stack: null, Custom Event ID: > -1, Message: VM test started on Host > csl01basqu0vh01.csssbasques.reg01.rtss.qc.ca > 2014-02-20 00:03:59,757 WARN > [org.ovirt.engine.core.bll.GetConfigurationValueQuery] > (ajp--127.0.0.1-8702-2) calling GetConfigurationValueQuery > (UserMessageOfTheDay) with null version, using default general for version > 2014-02-20 00:04:21,710 INFO > [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] > (DefaultQuartzScheduler_Worker-99) VM test > 8bf43efc-9424-4ffd-b5c6-1c92623267ea moved from Up --> RebootInProgress > 2014-02-20 00:05:01,101 INFO > [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] > (DefaultQuartzScheduler_Worker-66) VM test > 8bf43efc-9424-4ffd-b5c6-1c92623267ea moved from RebootInProgress --> Up > 2014-02-20 00:05:31,126 ERROR > [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] > (ajp--127.0.0.1-8702-5) Error in finding LDAP servers for domain > rstemis.reg01.rtss.qc.ca using user levsim01(a)CSSSBASQUES.REG01.RTSS.QC.CA > 2014-02-20 00:05:31,593 INFO > [org.ovirt.engine.core.bll.LoginUserCommand] (ajp--127.0.0.1-8702-5) > Running command: LoginUserCommand internal: false. > 2014-02-20 00:05:31,600 INFO > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > (ajp--127.0.0.1-8702-5) Correlation ID: null, Call Stack: null, Custom > Event ID: -1, Message: User levsim01 logged in. > 2014-02-20 00:05:34,780 INFO > [org.ovirt.engine.core.bll.SetVmTicketCommand] (ajp--127.0.0.1-8702-5) > [6916f2f] Running command: SetVmTicketCommand internal: false. Entities > affected : ID: 8bf43efc-9424-4ffd-b5c6-1c92623267ea Type: VM > 2014-02-20 00:05:34,787 INFO > [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] > (ajp--127.0.0.1-8702-5) [6916f2f] START, SetVmTicketVDSCommand(HostName > = csl01basqu0vh01.csssbasques.reg01.rtss.qc.ca, HostId = > 0e900351-de49-4646-a4b1-394343e32f81, > vmId=8bf43efc-9424-4ffd-b5c6-1c92623267ea, ticket=y5bNXmtoILn7, > validTime=120,m userName=levsim01, > userId=4643e1c0-bd18-493c-8c51-a342802168b0), log id: 44ef4679 > 2014-02-20 00:05:34,806 INFO > [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] > (ajp--127.0.0.1-8702-5) [6916f2f] FINISH, SetVmTicketVDSCommand, log id: > 44ef4679 > 2014-02-20 00:05:34,813 INFO > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > (ajp--127.0.0.1-8702-5) [6916f2f] Correlation ID: 6916f2f, Call Stack: > null, Custom Event ID: -1, Message: user levsim01 initiated console > session for VM test > 2014-02-20 00:05:49,829 INFO > [org.ovirt.engine.core.bll.SetVmTicketCommand] (ajp--127.0.0.1-8702-4) > [50148fc] Running command: SetVmTicketCommand internal: false. Entities > affected : ID: 8bf43efc-9424-4ffd-b5c6-1c92623267ea Type: VM > 2014-02-20 00:05:49,832 INFO > [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] > (ajp--127.0.0.1-8702-4) [50148fc] START, SetVmTicketVDSCommand(HostName > = csl01basqu0vh01.csssbasques.reg01.rtss.qc.ca, HostId = > 0e900351-de49-4646-a4b1-394343e32f81, > vmId=8bf43efc-9424-4ffd-b5c6-1c92623267ea, ticket=thO14QusWk0w, > validTime=120,m userName=levsim01, > userId=4643e1c0-bd18-493c-8c51-a342802168b0), log id: b7b1cf > 2014-02-20 00:05:49,849 INFO > [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] > (ajp--127.0.0.1-8702-4) [50148fc] FINISH, SetVmTicketVDSCommand, log id: > b7b1cf > 2014-02-20 00:05:49,862 INFO > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > (ajp--127.0.0.1-8702-4) [50148fc] Correlation ID: 50148fc, Call Stack: > null, Custom Event ID: -1, Message: user levsim01 initiated console > session for VM test > 2014-02-20 00:05:52,547 INFO > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > (DefaultQuartzScheduler_Worker-59) Correlation ID: null, Call Stack: > null, Custom Event ID: -1, Message: User > levsim01(a)csssbasques.reg01.rtss.qc.ca is connected to VM test. > 2014-02-20 00:06:07,732 INFO > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > (DefaultQuartzScheduler_Worker-81) Correlation ID: null, Call Stack: > null, Custom Event ID: -1, Message: User > levsim01(a)csssbasques.reg01.rtss.qc.ca got disconnected from VM test. > Also, i get this error each hour : > 2014-02-19 23:46:15,522 ERROR > [org.ovirt.engine.core.utils.timer.SchedulerUtilQuartzImpl] > (DefaultQuartzScheduler_Worker-37) Failed to invoke scheduled method > refreshAllUsers: java.lang.reflect.InvocationTargetException > at sun.reflect.GeneratedMethodAccessor175.invoke(Unknown Source) > [:1.7.0_51] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > [rt.jar:1.7.0_51] > at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_51] > at > org.ovirt.engine.core.utils.timer.JobWrapper.execute(JobWrapper.java:60) > [scheduler.jar:] > at org.quartz.core.JobRunShell.run(JobRunShell.java:213) [quartz.jar:] > at > org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:557) > [quartz.jar:] > Caused by: java.lang.NullPointerException > at > org.ovirt.engine.core.bll.DbUserCacheManager.refreshUser(DbUserCacheManager.java:220) > [bll.jar:] > at > org.ovirt.engine.core.bll.DbUserCacheManager.refreshUsers(DbUserCacheManager.java:137) > [bll.jar:] > at > org.ovirt.engine.core.bll.DbUserCacheManager.refreshAllUsers(DbUserCacheManager.java:92) > [bll.jar:] > ... 6 more > Somthing wrong with my directory config? > Thanks yair?