On Fri, May 12, 2017 at 1:18 PM, Fabrice Bacchella <fabrice.bacchella@orange.fr> wrote:
The request is indeed quite slow within ovirt, using the setup given by Juan:

/ovirt-engine/sso/oauth/token-http-auth 7001ms

I was not able to authenticate jboss-cli.sh, I don't know why: 'admin@internal-authz': No valid profile found in credentials.

It should be admin@internal.
 

So I tried to modifie usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine-logging.properties.in, adding:
org.ovirt.engineextensions.aaa=ALL
org.ovirt.engine.core.bll.aaa=ALL
and then restart ovirt-engine. But that changed nothing. That's not the good syntax ?

You must change the file in ovirt-engine.xml.in same file as Juan send above.
See here: https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/ovirt-engine-extension-aaa-ldap-1.0/README#L377

But I think better to use JBoss CLI, you don't have to restart oVirt engine then.
 




> Le 12 mai 2017 à 09:25, Ondra Machacek <omachace@redhat.com> a écrit :
>
> I am not aware of anything, but debug log of all aaa stuff would help,
> to understand what takes the most time.
>
>  - org.ovirt.engineextensions.aaa.ldap
>  - org.ovirt.engineextensions.aaa.misc
>  - org.ovirt.engine.core.aaa
>  - org.ovirt.engine.core.sso
>
> To enable it in runtime, please follow:
>
https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/master/README#L469
>
> On Thu, May 11, 2017 at 7:24 PM, Fabrice Bacchella <fabrice.bacchella@orange.fr> wrote:
> I'm using kerberos authentication in ovirt for the URL /sso/oauth/token-http-auth, but kerberos is done in Apache using auth_gssapi_module and it's quite slow, about 6s for a request.
>
> I'm trying to understand if it's apache or ovirt-engine that are slow. Is there a way to get response time metered for http requests inside ovirt instead of seen from apache ?
>
> _______________________________________________
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>