On Thu, Mar 21, 2019 at 3:07 PM Gianluca Cecchi <gianluca.cecchi@gmail.com> wrote:

 



Output is this

 name | name 
------+------
(0 rows)

So I should be in the safe side, I hope.
Thanks again for insights! 
Gianluca

Any way to reset admin@internal password previously set up for OVN? When adding provider
I get this during test:
Failed to communicate with the external provider, see log for additional details.

and in /var/log/ovirt-provider-ovn.log

2019-03-21 15:36:52,735 root Error during SSO authentication Cannot authenticate user 'admin@internal': Unable to log in. Verify your login information or contact the system administrator.. : access_denied
Traceback (most recent call last):
  File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 134, in _handle_request
    method, path_parts, content
  File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, in handle_request
    return self.call_response_handler(handler, content, parameters)
  File "/usr/share/ovirt-provider-ovn/handlers/keystone.py", line 33, in call_response_handler
    return response_handler(content, parameters)
  File "/usr/share/ovirt-provider-ovn/handlers/keystone_responses.py", line 62, in post_tokens
    user_password=user_password)
  File "/usr/share/ovirt-provider-ovn/auth/plugin_facade.py", line 26, in create_token
    return auth.core.plugin.create_token(user_at_domain, user_password)
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/plugin.py", line 48, in create_token
    timeout=self._timeout())
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 75, in create_token
    username, password, engine_url, ca_file, timeout)
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 91, in _get_sso_token
    timeout=timeout
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 55, in wrapper
    _check_for_error(response)
  File "/usr/share/ovirt-provider-ovn/auth/plugins/ovirt/sso.py", line 181, in _check_for_error
    result['error'], details))
Unauthorized: Error during SSO authentication Cannot authenticate user 'admin@internal': Unable to log in. Verify your login information or contact the system administrator.. : access_denied


from last setup log  on Februray I see

          --== PRODUCT OPTIONS ==--
         
          Configure ovirt-provider-ovn (Yes, No) [Yes]: 
. . .

          (Yes, No) [No]: Yes
          oVirt OVN provider user[admin@internal]: 
          oVirt OVN provider password: 
         
          --== STORAGE CONFIGURATION ==--
         
. . .

From /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf I see

# This file is automatically generated by engine-setup. Please do not edit manually
[OVN REMOTE]
ovn-remote=ssl:127.0.0.1:6641
[SSL]
https-enabled=true
ssl-cacert-file=/etc/pki/ovirt-engine/ca.pem
ssl-cert-file=/etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer
ssl-key-file=/etc/pki/ovirt-engine/keys/ovirt-provider-ovn.key.nopass
[OVIRT]
ovirt-sso-client-secret=<my_secret_omitted>
ovirt-sso-client-id=ovirt-provider-ovn
ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem
[PROVIDER]
provider-host=ovmgr1.mydomain

[root@ovmgr1 ~]# ll /etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer
-rw-r--r--. 1 root root 1953 Feb  6 15:19 /etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer
[root@ovmgr1 ~]# ll /etc/pki/ovirt-engine/keys/ovirt-provider-ovn.key.nopass
-rw-------. 1 root root 1828 Feb  6 15:19 /etc/pki/ovirt-engine/keys/ovirt-provider-ovn.key.nopass
[root@ovmgr1 ~]# 

openssl x509 -in /etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer -text -noout
Certificate:
. . .
        Validity
            Not Before: Feb  5 14:19:25 2019 GMT
            Not After : Jan 11 14:19:25 2024 GMT
. . .

I'm trying to add with name "MYOVN" from web admin gui: should I use instead another name?

Gianluca