Re: [ovirt-users] roles for foreman integration user

From: "Jorick Astrego" <j.astrego(a)netbulae.eu&gt; To: "Oved Ourfali" <ovedo(a)redhat.com&gt; Cc: "Ohad Levy" <ohadlevy(a)redhat.com&gt;, users(a)ovirt.org Sent: Thursday, January 22, 2015 3:48:45 PM Subject: Re: [ovirt-users] roles for foreman integration user Ah sorry, could have checked myself. Trying to get 3.5.1 running for DEV in a hurry ;-) Processing by ComputeResourcesController#test_connection as */* Parameters: {"utf8"=>"✓", "authenticity_token"=>"D/PZVxVpow1glpUBkxcD90WsMJjAxilbdWgXClgf7C8=", "compute_resource"=>{"name"=>"engineen", "provider"=>"Ovirt", "description"=>"", "url"=> "https://ovirt-engine.netbulae.test/api" , "user"=> &quot;test-admin(a)netbulae.test&quot; , "password"=>"[FILTERED]", "location_ids"=>["", "2"], "organization_ids"=>["", "1"]}, "cr_id"=>"null"} CR_ID IS null String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt engineen was not decrypted String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt engineen was not decrypted String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt engineen was not decrypted String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt engineen was not decrypted String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt engineen was not decrypted String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt engineen was not decrypted And the other side: 2015-01-22 13:59:20,034 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (org.ovirt.thread.pool-8-thread-8) [1414b745] Correlation ID: 1414b745, Call Stack: null, Custom Event ID: -1, Message: User/Group test- was granted permission for Role DataCenterAdmin on System by 2015-01-22 14:00:21,674 ERROR [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter] (ajp--127.0.0.1-8702-1) User test-admin authentication failed. profile is netbulae.mgmt. Invocation Result code is 0. Authn result code is CREDENTIALS_EXPIRED 2015-01-22 14:00:21,763 ERROR [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter] (ajp--127.0.0.1-8702-6) User test-admin authentication failed. profile is netbulae.mgmt. Invocation Result code is 0. Authn result code is CREDENTIALS_EXPIRED 2015-01-22 14:00:21,849 ERROR [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter] (ajp--127.0.0.1-8702-5) User test-admin authentication failed. profile is netbulae.mgmt. Invocation Result code is 0. Authn result code is CREDENTIALS_EXPIRED 2015-01-22 14:09:39,982 ERROR [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter] (ajp--127.0.0.1-8702-1) User test-admin authentication failed. profile is netbulae.mgmt. Invocation Result code is 0. Authn result code is CREDENTIALS_EXPIRED 2015-01-22 14:09:40,071 ERROR [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter] (ajp--127.0.0.1-8702-8) User test-adminauthentication failed. profile is netbulae.mgmt. Invocation Result code is 0. Authn result code is CREDENTIALS_EXPIRED 2015-01-22 14:09:40,203 ERROR [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter] (ajp--127.0.0.1-8702-2) User test-admin authentication failed. profile is netbulae.mgmt. Invocation Result code is 0. Authn result code is CREDENTIALS_EXPIRED Cheers, Jorick On 01/22/2015 02:29 PM, Oved Ourfali wrote: You need to share the logs on both ends (ovirt+foreman) for us to understand it. Thanks, Oved ----- Original Message ----- From: "Jorick Astrego" <j.astrego(a)netbulae.eu&gt; To: "Oved Ourfali" <ovedo(a)redhat.com&gt; Cc: users(a)ovirt.org Sent: Thursday, January 22, 2015 3:25:51 PM Subject: Re: [ovirt-users] roles for foreman integration user I will check, but I now also have the problem in reverse. The compute resource in foreman 1.6 will only work with admin@internal. Gave the external user the superuser role to test but still permission denied. I also cannot login to the api with this user manually, do I have to configure external authentication for api access somewhere else? Thanks for all the help! Jorick On 01/22/2015 01:58 PM, Oved Ourfali wrote: Have a look at the prerequisites section in http://www.ovirt.org/Features/ForemanIntegration#Bare-Metal_Provisioning It specifies what you must be able to do in Foreman for the integration to work. (currently we require proper permissions to view relevant bare-metal hosts, host groups, compute resources and execute provision request - which is a request to add a host). It is not the complete set of specific roles in Foreman, but it can help do the mapping. CC-ing also Ohad from the Foreman team, which can help if the information in the wiki isn't enough. Thanks, Oved ----- Original Message ----- From: "Jorick Astrego" <j.astrego@ netbulae.eu > To: users@ ovirt.org Sent: Thursday, January 22, 2015 2:48:34 PM Subject: [ovirt-users] roles for foreman integration user Hi, Quick question, which foreman roles does the foreman integration user require in the foreman. I've tried a couple of permission settings but can only get the test to work when the use has role admin. Met vriendelijke groet, With kind regards, Jorick Astrego Netbulae Virtualization Experts Tel: 053 20 30 270 info@ netbulae.eu Staalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01 _______________________________________________ Users mailing list Users@ ovirt.org http://lists.ovirt.org/mailman/listinfo/users Met vriendelijke groet, With kind regards, Jorick Astrego Netbulae Virtualization Experts Tel: 053 20 30 270 info(a)netbulae.eu Staalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01 _______________________________________________ Users mailing list Users(a)ovirt.org http://lists.ovirt.org/mailman/listinfo/users Met vriendelijke groet, With kind regards, Jorick Astrego Netbulae Virtualization Experts Tel: 053 20 30 270 info(a)netbulae.eu Staalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01 _______________________________________________ Users mailing list Users(a)ovirt.org http://lists.ovirt.org/mailman/listinfo/users