On Thu, Jul 18, 2024 at 8:10, justindavis@mail.utexas.edu
<justindavis@mail.utexas.edu> wrote:
Hello Folks
Is the "fence_rhevm" package compatible with oVirt >4.5? We're converting our legacy RHV cluster to a new install of oVirt latest with NFS backed storage. Everything has been working smoothly with the exception of the RHV-M fencing device on this newly provisioned oVirt 4.5.7 cluster with RHEL 9.4 hosts -- I haven't been able to get authentication working between the fencing device and the manager appliance. The same configuration is working on both the legacy RHV 4.4 cluster (RHV nodes) and a test oVirt 4.5.6 cluster (RHEL 8.9 hosts).
The primary difference that comes to mind between my test and new cluster is that the newest one was installed with Keycloak SSO default configs while it was disabled on the older test environment.
I suspect it has something to do with dropping basic auth?
Assuming this is the case, can Keycloak be removed without having to rebuild the cluster? Are there any significant drawbacks to disabling it? I've found docs for converting from AAA to Keycloak, but not the reverse.
I see on the mailing list that the `ovirt-aaa-jdbc-tool` is deprecated and that Keycloak is strongly recommended moving forward -- is it possible to integrate an internal Keycloak implementation with the existing "fence_rhevm" package?
The errors I'm seeing are:
401 Unauthorized
This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.
I've tried every variation of the <domain> value suggested -- including "admin@internal", "admin@ovirt@internal", "@admin@ovirt@internal-authz"
Thanks in advance,
Justin
_______________________________________________