ManageIQ  ...
I would like to use it, But i am getting "Unable to obtain a collection: 'security_groups' in a service: 'neutron' through API. Please, fix your OpenStack ins... "  All the time. (On Network --> Providers --> **** Network Manager page )



чт, 14 февр. 2019 г. в 16:24, Dominik Holler <dholler@redhat.com>:
On Thu, 14 Feb 2019 15:28:52 +0300
Андрей Русаков <anrusakov@gmail.com> wrote:

> Hi
>
> I was able to fix the problem.
> I am not 100% sure, but seems like restart ovirt-provider-ovn didn't apply
> changes.
>
> So, what i did.
> I perform secret Update, and restart services, and no changes.
> Then i change debug, but log file didn't appear, so i perform stop/start...
> And from this moment of time everything is working fine.
>

Thanks for letting me know!

> Should i enable "Automatic Synchronization" that you mention on first
> message?
>

If you are adding or deleting networks on the ovirt-provider-ovn, e.g.
by ManageIQ or ansible, "Automatic Synchronization" would provide you
the comfort of keeping the representation of of ovn network in oVirt
updated.
If you are not accessing the ovirt-provider-ovn directly, it will add
no value.

> Andrey
>
> вт, 12 февр. 2019 г. в 22:39, Dominik Holler <dholler@redhat.com>:
>
> > On Tue, 12 Feb 2019 21:06:24 +0300
> > Андрей Русаков <anrusakov@gmail.com> wrote:
> >
> > > Hi Dominik,
> > > Thank you for your reply.
> > >
> > > Automatic Synchronization  is Disabled already.
> > >
> > > yes,
> > > /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
> > > is in place.
> > > I  google a bit (before starting new thread) and find similar problem
> > (the
> > > case was in wrong/missing ovirt-sso-client-secret), and i try to update
> > > ovirt-sso-client-secret.
> >
> > How did you update the secret?
> > The procedure would be
> > 1. Run /usr/share/ovirt-engine/bin/ovirt-register-sso-client-tool.sh
> >    with
> >    Client Id: ovirt-provider-ovn
> >    Client CA Certificate File Location:
> > /etc/pki/ovirt-engine/certs/engine.cer
> >    Callback Prefix URL: https://<ENGINE_FQDN>:443/ovirt-engine/
> > 2. Use the SSO_CLIENT_SECRET from the outfile produced by the previous
> >    command in
> >    /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
> > 3. Restart ovirt-engine and ovirt-provider-ovn
> >    systemctl restart ovirt-engine
> >    systemctl restart ovirt-provider-ovn
> >
> >
> > If this does not solve the problem and you want to use the
> > ovirt-provider-ovn, please increase logging in ovirt-provider-ovn via
> > sudo sed -i.$(date +%F-%H-%M) 's/INFO/DEBUG/gi'
> > /etc/ovirt-provider-ovn/logger.conf
> > systemctl restart ovirt-provider-ovn
> >
> > and share the ovirt-provider-ovn.log with the error after the restart.
> >
> >
> > > But it didn't help
> > >
> > > Andrey.
> > >
> > > вт, 12 февр. 2019 г. в 20:04, Dominik Holler <dholler@redhat.com>:
> > >
> > > > On Tue, 12 Feb 2019 16:50:06 -0000
> > > > Andrey  Rusakov <anrusakov@gmail.com> wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > Recently i upgrade my oVirt installation 4.2.8 to 4.3.
> > > > > I was able to login right after upgrade (yum, setup, reboot).
> > > > > But according to logs, account locks in 2-3 minutes.
> > > > >
> > > > > 2019-02-12 15:44:57,228+03 ERROR
> > > > [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-1) []
> > > > OAuthException invalid_grant: The provided authorization grant for the
> > auth
> > > > code has expired.
> > > > > 2019-02-12 15:44:57,232+03 ERROR
> > > > [org.ovirt.engine.core.aaa.filters.SsoRestApiAuthFilter] (default
> > task-2)
> > > > [] Cannot authenticate using authentication Headers: invalid_grant: The
> > > > provided authorization grant for the auth code has expired.
> > > > > 2019-02-12 15:44:57,307+03 INFO
> > > > [org.ovirt.engine.extension.aaa.jdbc.core.Authentication] (default
> > task-2)
> > > > [] locking user: admin due to interval failures
> > > > >
> > > > > I was able to unlock admin using CLI, but every time i go to OVN
> > config
> > > > it locks immediately.
> > > > >
> > > > > Checking OVN service logs i can see
> > > > >
> > > > > code 401, message Unauthorized
> > > > > "POST /v2.0/tokens HTTP/1.1" 401 -
> > > > >
> > > > > And
> > > > > "Error during SSO authentication invalid_grant : The provided
> > > > authorization grant for the auth code has expired."
> > > > > On OVN web page.
> > > > >
> > > >
> > > >
> > > > For a timely fix, please disable automatic synchronization of the
> > > > ovirt-provider-ovn via web UI Administration -> Providers ->
> > > > ovirt-provider-ovn -> Edit -> Disable Automatic Synchronization
> > > >
> > > > Is there a file
> > > > /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
> > > > ?
> > > >
> > > > > Is it possible to  renew authorization grant or ...?
> > > > >
> > > > > _______________________________________________
> > > > > Users mailing list -- users@ovirt.org
> > > > > To unsubscribe send an email to users-leave@ovirt.org
> > > > > Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> > > > > oVirt Code of Conduct:
> > > > https://www.ovirt.org/community/about/community-guidelines/
> > > > > List Archives:
> > > >
> > https://lists.ovirt.org/archives/list/users@ovirt.org/message/FRTJIQSQGCANHY7HKQAPPBHGLRN2LDJK/
> > > >
> > > >
> > >
> >
> >
>



--
С Уважением.
Русаков Андрей.