Le 16/04/2021 à 10:31, Radoslaw Szwajkowski a écrit :
[root@air-dev ~]# /usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py --version "1" keys {"keys": [{"entityid": "d5e69fa0-96a0-4aae-952d-18fe36940248", "entity": "sblanchet@levant.abes.fr@abes.fr-authz", "key": "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyfrDI84RWtSvFOUvpb9DkbnIuEfZEQAt4ZCXDHNXcmRwa9iXfPbj69gkOJyj7Jhj9RinJn9at4NgJtrO/rRRgT+SzYUWpdO2KWHgRM5v1rpYcw820ZDdAZk+yxCjQsy6kd49q/q6B+Uzg8Kpth+CAV1ubRrBYqFiuT/qQe9y+0N1TkNdASWL38oZH9K0rzbDb4WlU2Er2BCXzoLF2NBk7iyaS3+Y65DqWPPHHdh89nilC6k5N7SCUkSOayrjh7NnErkBAKZ6PPaarZqZhZPrCbHZnu0oqA0XQXKLcYpwuhNwcK8e4ZWsDwMmArnNcmS6JFxnPIrGYxxmv01K6VXVvw=="}], "version": 1, "content": "key_list"}
but the same command on the main engine returns empty
[root@air ~]# /usr/libexec/ovirt-vmconsole-proxy-helper/ovirt-vmconsole-list.py --version "1" keys
Empty list (no keys) should look similar to: {"keys": [], "version": 1, "content": "key_list"} In your case it seems that VMConsoleProxyServlet is not responding i.e. on my dev env I get a similar result (empty output,error code 1) when server is down.
it is up ● ovirt-vmconsole-proxy-sshd.service - oVirt VM Console SSH server daemon Loaded: loaded (/usr/lib/systemd/system/ovirt-vmconsole-proxy-sshd.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2021-04-16 10:50:41 CEST; 1min 27s ago Main PID: 1914370 (sshd) Tasks: 1 (limit: 204594) Memory: 3.5M CGroup: /system.slice/ovirt-vmconsole-proxy-sshd.service └─1914370 /usr/sbin/sshd -f /usr/share/ovirt-vmconsole/ovirt-vmconsole-proxy/ovirt-vmconsole-proxy-sshd/sshd_config -D avril 16 10:50:41 air.v100.abes.fr systemd[1]: Started oVirt VM Console SSH server daemon. avril 16 10:50:41 air.v100.abes.fr sshd[1914370]: Server listening on 0.0.0.0 port 2222. avril 16 10:50:41 air.v100.abes.fr sshd[1914370]: Server listening on :: port 2222. avril 16 10:52:02 air.v100.abes.fr ovirt-vmconsole[1914540]: 2021-04-16 10:52:02,241+0200 ovirt-vmconsole-list: ERROR main:265 Error: HTTP Error 403: Forbidden avril 16 10:52:02 air.v100.abes.fr ovirt-vmconsole-proxy-keys[1914536]: ERROR Key list execution failed rc=1 avril 16 10:52:02 air.v100.abes.fr sshd[1914534]: AuthorizedKeysCommand /usr/libexec/ovirt-vmconsole-proxy-keys ovirt-vmconsole failed, status 1 avril 16 10:52:02 air.v100.abes.fr ovirt-vmconsole[1914547]: 2021-04-16 10:52:02,806+0200 ovirt-vmconsole-list: ERROR main:265 Error: HTTP Error 403: Forbidden avril 16 10:52:02 air.v100.abes.fr ovirt-vmconsole-proxy-keys[1914543]: ERROR Key list execution failed rc=1 avril 16 10:52:02 air.v100.abes.fr sshd[1914534]: AuthorizedKeysCommand /usr/libexec/ovirt-vmconsole-proxy-keys ovirt-vmconsole failed, status 1 avril 16 10:52:03 air.v100.abes.fr sshd[1914534]: Connection closed by authenticating user ovirt-vmconsole 10.34.100.131 port 53674 [preauth]
However you can check if DB contains the right data (key is encoded as JSON string - enclosed in double quotes): SELECT users.username, user_profiles.property_content::text FROM user_profiles JOIN users ON users.user_id = user_profiles.user_id WHERE user_profiles.property_type= 'SSH_PUBLIC_KEY';
https://air.v100.abes.fr//ovirt-engine/api/users/1bb90486-d431-4554-a6a1-376... <ssh_public_keys/> is empty while https://air-dev.v100.abes.fr/ovirt-engine/api/users/d5e69fa0-96a0-4aae-952d-... returns <ssh_public_keys> <ssh_public_key href="/ovirt-engine/api/users/d5e69fa0-96a0-4aae-952d-18fe36940248/sshpublickeys/1fa3fcaf-7475-4c72-9565-b32425d3c8fd" id="1fa3fcaf-7475-4c72-9565-b32425d3c8fd"> <content> ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyfrDI84RWtSvFOUvpb9DkbnIuEfZEQAt4ZCXDHNXcmRwa9iXfPbj69gkOJyj7Jhj9RinJn9at4NgJtrO/rRRgT+SzYUWpdO2KWHgRM5v1rpYcw820ZDdAZk+yxCjQsy6kd49q/q6B+Uzg8Kpth+CAV1ubRrBYqFiuT/qQe9y+0N1TkNdASWL38oZH9K0rzbDb4WlU2Er2BCXzoLF2NBk7iyaS3+Y65DqWPPHHdh89nilC6k5N7SCUkSOayrjh7NnErkBAKZ6PPaarZqZhZPrCbHZnu0oqA0XQXKLcYpwuhNwcK8e4ZWsDwMmArnNcmS6JFxnPIrGYxxmv01K6VXVvw== </content> <user href="/ovirt-engine/api/users/d5e69fa0-96a0-4aae-952d-18fe36940248" id="d5e69fa0-96a0-4aae-952d-18fe36940248"/> </ssh_public_key> </ssh_public_keys>
best regards, Radek
-- Nathanaël Blanchet Supervision réseau SIRE 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanchet@abes.fr