12:44 p.m.
Hi,
I'm using curl and I followed steps in [1] and double checked the
permissions.
I've tested API access vs. webadmin access (see below).
$ curl -v --negotiate -X GET -H "Accept: application/xml" -k
https://server8.funfurt.de/ovirt-engine/webadmin/?locale=de_DE
# Result: HTTP 401
$ kinit
$ curl -v --negotiate -X GET -H "Accept: application/xml" -k
https://server8.funfurt.de/ovirt-engine/webadmin/?locale=de_DE # Result:
HTTP 200
$ curl --negotiate -v -u : -X GET -H "Accept: application/xml" -k
https://server8.funfurt.de/api/vms # Result: HTTP 401
Therfore I believe httpd config is fine.
For engine.log and and properties file see attachment.
I've also attached console output from curl.
Thanks and regards
Marcel
On 14.04.2016 08:11, Ondra Machacek wrote:
On 04/14/2016 08:06 AM, Ondra Machacek wrote:
> On 04/13/2016 10:43 PM, Marcel Galke wrote:
>> Hello,
>>
>> I need to automatically create a list of all the VMs and the storage
>> path to their disks in the data center for offline storage for desaster
>> recovery. We have oVirt 3.6 and IPA 4.2.0.
>> To achieve this my idea was to query the API using Kerberos
>> authentication and a keytab. This could then run as cronjob.
>> Using username and password is not an option.
>>
>> To configure oVirt for use with IPA I've run engine-manage-domains but
>> the result is not exactly what I'm looking for (despite from the fact,
>> that I can add direcotry users etc.).
>> Next I tried the generic LDAP provider as per documentation
>>
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtuali...
>>
>>
>
> Just to be sure did you followed these steps[1]?
> If yes and it don't work, it would be nice if you can share a properties
> files you have and engine.log(the part when engine starts). Please also
> ensure twice you have correct permissions on properties files, keytab
> and apache confiig.
>
> Also ensure your browser is correctly setup. Example for firefox[2].
Sorry, I've just realized you use API.
So do you use SDKs or curl? Make sure you use kerberos properly in both
cases.
For cur its: curl --negotiate
For SDKs[1], there is a parameter 'kerberos=true' in creation of api
object.
[1]
http://www.ovirt.org/develop/release-management/features/infra/kerberos-s...
>
> It don't work only for API or for UserPortal and Webadmin as well? Or
> you set it up only for API?
>
> [1]
>
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtuali...
>
>
> [2]
>
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/5/...
>
>
>
>>
>> It was quite easy to get Apache to authenticate against IPA, but I did
>> not manage to access the API. Each try ended with an "HTTP/1.1 401
>> Unauthorized".
>> At the moment Apache authentication appears first and then the RESTAPI
>> auth dialog comes up.
>> Some facts about my setup:
>> oVirt Host:
>> -OS: CentOS 6.7
>> -Engine Version: 3.6
>> IPA Host:
>> -OS: CentOS 7.2
>> -IPA Version: 4.2.0
>>
>>
>> I might mix some things up. Please help me to find out how to achieve my
>> goal. I can provide more information if required.
>>
>> Thanks a lot!
>>
>>
>> Best regards
>> Marcel
>> _______________________________________________
>> Users mailing list
>> Users(a)ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users