Hi,
I can confirm that RHEVM works fine with oVirt (internal users) and theoretically it
should work with your Keycloak.
Have you tried creating a service account in keycloak and then logging-in in the admin
portal with those credentials ?
Best Regards,
Strahil Nikolov
On Thu, Jul 18, 2024 at 8:10,
justindavis@mail.utexas.edu<justindavis(a)mail.utexas.edu> wrote: Hello Folks
Is the "fence_rhevm" package compatible with oVirt >4.5? We're converting
our legacy RHV cluster to a new install of oVirt latest with NFS backed storage.
Everything has been working smoothly with the exception of the RHV-M fencing device on
this newly provisioned oVirt 4.5.7 cluster with RHEL 9.4 hosts -- I haven't been able
to get authentication working between the fencing device and the manager appliance. The
same configuration is working on both the legacy RHV 4.4 cluster (RHV nodes) and a test
oVirt 4.5.6 cluster (RHEL 8.9 hosts).
The primary difference that comes to mind between my test and new cluster is that the
newest one was installed with Keycloak SSO default configs while it was disabled on the
older test environment.
I suspect it has something to do with dropping basic auth?
Assuming this is the case, can Keycloak be removed without having to rebuild the cluster?
Are there any significant drawbacks to disabling it? I've found docs for converting
from AAA to Keycloak, but not the reverse.
I see on the mailing list that the `ovirt-aaa-jdbc-tool` is deprecated and that Keycloak
is strongly recommended moving forward -- is it possible to integrate an internal Keycloak
implementation with the existing "fence_rhevm" package?
The errors I'm seeing are:
401 Unauthorized
This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.
I've tried every variation of the <domain> value suggested -- including
"admin@internal", "admin@ovirt@internal",
"@admin@ovirt@internal-authz"
Thanks in advance,
Justin
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement:
https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BQGPHXOUFWU...