4:16 p.m.
This is a multi-part message in MIME format.
------=_NextPart_000_0019_01D1DEB4.405C10B0
Content-Type: text/plain;
charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
SSO part as simple as emitting correctly formed json to spice socket, - =
as I=E2=80=99ve mentioned before, this works fine with windows guests.
Problem is only with linux guests. As for undocummented API, yes, =
=E2=80=93 you are right, documentation should help alot. It takes time =
to reverse engineer code.
But having full oVirt solution or not does not change the thing, that =
there=E2=80=99s something wrong with linux kde plugin. I=E2=80=99m very =
confident, that this will persist if used Linux guest on oVirt. Perhaps =
this is just Debian oriented problem, so I was wondering if anyone had =
the same issue here.
From: Yaniv Kaul=20
Sent: Friday, July 15, 2016 3:57 PM
To: tadas(a)ring.lt=20
Cc: users=20
Subject: Re: [ovirt-users] Debian linux and oVirt SSO
=20
Part of the issue is that you are missing quite a bit of the =
orchestration that oVirt performs to make SSO work...
There may some other issues, but I warmly suggest using oVirt and not =
the undocumented APIs - which may or may not change in the future, =
between the agent and other components.
Y.
Steps I've made:
got oVirt guest agent up and running, I can communicate with it from
hypervisor:
socat /var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm-
vdi.0 -
{"__name__": "os-version", "version":
"4.6.0-1-amd64"}
Compiled and copied pam_ovirt_cred.so to =
/lib/x86_64-linux-gnu/security
Configured /etc/pam.d/kdm-ovirt-cred with:
%PAM-1.0
auth required pam_ovirt_cred.so
auth include password-auth
account include password-auth
password include password-auth
session required pam_selinux.so close
session required pam_selinux.so open
session include password-auth
Compiled and copied kgreet_ovirtcred.so to /usr/lib/kde4
Configured /etc/kde4/kdm/kdmrc with:
PluginsLogin=3Dovirtcred
Symptoms:
After starting kdm, I get login prompt with barely visible title (I
assume it should spell "oVirt Authentication" from
kgreet_ovirtcred.cpp). Username and password boxes are inactive - i
cannot enter anything to them. After emitting username/password to
oVirt agent, I can see the following log entries:
Dummy-1::INFO::2016-07-15 12:29:51,628::CredServer::207::root::The
following users are allowed to connect: [0]
Dummy-1::INFO::2016-07-15 12:29:51,629::CredServer::273::root::Opening
credentials channel...
Dummy-1::INFO::2016-07-15 =
12:29:51,629::CredServer::132::root::Emitting
user authenticated signal (509542).
CredChannel::INFO::2016-07-15
12:29:56,634::CredServer::241::root::Credentials channel timed out.
The only thing that worries me, - are the entries in kdm.log file:
klauncher(6100) kdemain: No DBUS session-bus found. Check if you have
started the DBUS server.=20
Since oVirt guest agent sends wakeup message to greeter plugin via
Dbus, perhaps this is the problem? Maybe someone had the same problem
here?
This happens on Debian 8 and 9.
Thank you.
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
------=_NextPart_000_0019_01D1DEB4.405C10B0
Content-Type: text/html;
charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD></HEAD>
<BODY dir=3Dltr>
<DIV dir=3Dltr>
<DIV style=3D"FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR:
#000000">
<DIV>SSO part as simple as emitting correctly formed json to spice =
socket, - as=20
I=E2=80=99ve mentioned before, this works fine with windows =
guests.</DIV>
<DIV>Problem is only with linux guests. As for undocummented API, yes, =
=E2=80=93 you are=20
right, documentation should help alot. It takes time to reverse engineer =
code.</DIV>
<DIV>But having full oVirt solution or not does not change the thing, =
that=20
there=E2=80=99s something wrong with linux kde plugin. I=E2=80=99m very =
confident, that this=20
will persist if used Linux guest on oVirt. Perhaps this is just Debian =
oriented=20
problem, so I was wondering if anyone had the same issue here.</DIV>
<DIV> </DIV>
<DIV=20
style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
"Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; =
DISPLAY: inline'>
<DIV style=3D"FONT: 10pt tahoma">
<DIV> </DIV>
<DIV style=3D"BACKGROUND: #f5f5f5">
<DIV style=3D"font-color: black"><B>From:</B> <A =
title=3Dykaul(a)redhat.com=20
href=3D"mailto:ykaul@redhat.com">Yaniv Kaul</A> </DIV>
<DIV><B>Sent:</B> Friday, July 15, 2016 3:57 PM</DIV>
<DIV><B>To:</B> <A title=3Dtadas(a)ring.lt=20
href=3D"mailto:tadas@ring.lt">tadas@ring.lt</A> </DIV>
<DIV><B>Cc:</B> <A title=3Dusers(a)ovirt.org =
href=3D"mailto:users@ovirt.org">users</A>=20
</DIV>
<DIV><B>Subject:</B> Re: [ovirt-users] Debian linux and oVirt=20
SSO</DIV></DIV></DIV>
<DIV> </DIV></DIV>
<DIV=20
style=3D'FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: =
"Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; =
DISPLAY: inline'>
<DIV dir=3Dltr>
<DIV><BR> </DIV>
<DIV class=3Dgmail_extra>
<DIV class=3Dgmail_quote>
<DIV> </DIV>
<DIV>Part of the issue is that you are missing quite a bit of the =
orchestration=20
that oVirt performs to make SSO work...</DIV>
<DIV>There may some other issues, but I warmly suggest using oVirt and =
not the=20
undocumented APIs - which may or may not change in the future, between =
the agent=20
and other components.</DIV>
<DIV>Y.</DIV>
<DIV> </DIV>
<BLOCKQUOTE class=3Dgmail_quote=20
style=3D"PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc =
1px solid"><BR>Steps=20
I've made:<BR>got oVirt guest agent up and running, I can communicate =
with it=20
from<BR>hypervisor:<BR><BR>socat=20
=
/var/lib/libvirt/qemu/channel/target/domain-80-KDE64_1/com.kvm-<BR>vdi.0 =
-<BR>{"__name__": "os-version", "version": =
"4.6.0-1-amd64"}<BR>Compiled and=20
copied pam_ovirt_cred.so to =
/lib/x86_64-linux-gnu/security<BR><BR>Configured=20
/etc/pam.d/kdm-ovirt-cred=20
=
with:<BR><BR>%PAM-1.0<BR>auth =20
required =20
pam_ovirt_cred.so<BR>auth =20
include =20
password-auth<BR>account =20
include =
password-auth<BR>password =20
include =20
password-auth<BR>session =
required =20
pam_selinux.so close<BR>session =20
required pam_selinux.so=20
open<BR>session =
include =20
password-auth<BR><BR>Compiled and copied kgreet_ovirtcred.so to=20
/usr/lib/kde4<BR><BR>Configured /etc/kde4/kdm/kdmrc=20
with:<BR><BR>PluginsLogin=3Dovirtcred<BR><BR>Symptoms:<BR>After
=
starting kdm, I=20
get login prompt with barely visible title (I<BR>assume it should =
spell "oVirt=20
Authentication" from<BR>kgreet_ovirtcred.cpp). Username and password =
boxes are=20
inactive - i<BR>cannot enter anything to them. After emitting=20
username/password to<BR>oVirt agent, I can see the following log=20
entries:<BR><BR>Dummy-1::INFO::2016-07-15=20
12:29:51,628::CredServer::207::root::The<BR>following users are =
allowed to=20
connect: [0]<BR>Dummy-1::INFO::2016-07-15=20
12:29:51,629::CredServer::273::root::Opening<BR>credentials=20
channel...<BR>Dummy-1::INFO::2016-07-15=20
12:29:51,629::CredServer::132::root::Emitting<BR>user authenticated =
signal=20
=
(509542).<BR>CredChannel::INFO::2016-07-15<BR>12:29:56,634::CredServer::2=
41::root::Credentials=20
channel timed out.<BR><BR>The only thing that worries me, - are the =
entries in=20
kdm.log file:<BR><BR>klauncher(6100) kdemain: No DBUS session-bus =
found. Check=20
if you have<BR>started the DBUS server. <BR><BR>Since oVirt guest =
agent sends=20
wakeup message to greeter plugin via<BR>Dbus, perhaps this is the =
problem?=20
Maybe someone had the same problem<BR>here?<BR>This happens on Debian =
8 and=20
9.<BR><BR>Thank=20
=
you.<BR><BR><BR>_______________________________________________<BR>Users
=
mailing list<BR><A =
href=3D"mailto:Users@ovirt.org">Users@ovirt.org</A><BR><A=20
href=3D"http://lists.ovirt.org/mailman/listinfo/users" =
rel=3Dnoreferrer=20
=
target=3D_blank>http://lists.ovirt.org/mailman/listinfo/users</A>...
OCKQUOTE></DIV>
<DIV> </DIV></DIV></DIV></DIV></DIV></DIV></BODY></HTML>
------=_NextPart_000_0019_01D1DEB4.405C10B0--