[ovirt-users] Re: How to fix ovn apparent inconsistency?

On Thu, Mar 21, 2019 at 3:07 PM Gianluca Cecchi <gianluca.cecchi(a)gmail.com&gt; wrote: Any way to reset admin@internal password previously set up for OVN? When adding provider I get this during test: Failed to communicate with the external provider, see log for additional details. and in /var/log/ovirt-provider-ovn.log 2019-03-21 15:36:52,735 root Error during SSO authentication Cannot authenticate user 'admin@internal': Unable to log in. Verify your login information or contact the system administrator.. : access_denied Traceback (most recent call last): File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 134, in _handle_request method, path_parts, content File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, in handle_request return self.call_response_handler(handler, content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in call_response_handler return response_handler(content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line 62, in post_tokens user_password=user_password) File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 26, in create_token return auth.core.plugin.create_token(user_at_domain, user_password) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/plugin.py", line 48, in create_token timeout=self._timeout()) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, in create_token username, password, engine_url, ca_file, timeout) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91, in _get_sso_token timeout=timeout File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 55, in wrapper _check_for_error(response) File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 181, in _check_for_error result['error'], details)) Unauthorized: Error during SSO authentication Cannot authenticate user 'admin@internal': Unable to log in. Verify your login information or contact the system administrator.. : access_denied from last setup log on Februray I see --== PRODUCT OPTIONS ==-- Configure ovirt-provider-ovn (Yes, No) [Yes]: . . . (Yes, No) [No]: Yes oVirt OVN provider user[admin@internal]: oVirt OVN provider password: --== STORAGE CONFIGURATION ==-- . . . From /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf I see # This file is automatically generated by engine-setup. Please do not edit manually [OVN REMOTE] ovn-remote=ssl:127.0.0.1:6641 [SSL] https-enabled=true ssl-cacert-file=/etc/pki/ovirt-engine/ca.pem ssl-cert-file=/etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer ssl-key-file=/etc/pki/ovirt-engine/keys/ovirt-provider-ovn.key.nopass [OVIRT] ovirt-sso-client-secret=<my_secret_omitted> ovirt-host=https://ovmgr1.mydomain:443 ovirt-sso-client-id=ovirt-provider-ovn ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem [PROVIDER] provider-host=ovmgr1.mydomain [root@ovmgr1 ~]# ll /etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer -rw-r--r--. 1 root root 1953 Feb 6 15:19 /etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer [root@ovmgr1 ~]# ll /etc/pki/ovirt-engine/keys/ovirt-provider-ovn.key.nopass -rw-------. 1 root root 1828 Feb 6 15:19 /etc/pki/ovirt-engine/keys/ovirt-provider-ovn.key.nopass [root@ovmgr1 ~]# openssl x509 -in /etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer -text -noout Certificate: . . . Validity Not Before: Feb 5 14:19:25 2019 GMT Not After : Jan 11 14:19:25 2024 GMT . . . I'm trying to add with name "MYOVN" from web admin gui: should I use instead another name? Gianluca