roles for foreman integration user
This is a multi-part message in MIME format. ------------MIME-296752662-1385342177-delim Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi=2C Quick question=2C which foreman roles does the foreman integration user require in the foreman=2E I=27ve tried a couple of permission settings but can only get the test to= work when the use has role admin=2E Met vriendelijke groet=2C With kind regards=2C Jorick Astrego Netbulae Virtualization Experts=20 ---------------- =09Tel=3A 053 20 30 270 =09info=40netbulae=2Eeu =09Staalsteden 4-3A =09KvK= 08198180 =09Fax=3A 053 20 30 271 =09www=2Enetbulae=2Eeu =097547 TA Enschede =09BTW= NL821234584B01 ---------------- ------------MIME-296752662-1385342177-delim Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable =3Chtml=3E =3Cbody=3E Hi, <br> <br> Quick question, which foreman roles does the foreman integration user <= br> require in the foreman. <br> <br> I've tried a couple of permission settings but can only get the test to = ;<br> work when the use has role admin. <br> <br> <br> = =3CBR /=3E =3CBR /=3E =3Cb style=3D=22color=3A=23604c78=22=3E=3C/b=3E=3Cbr=3E=3Cspan style=3D=22c= olor=3A=23604c78=3B=22=3E=3Cfont color=3D=22000000=22=3E=3Cspan style=3D=22= mso-fareast-language=3Aen-gb=3B=22 lang=3D=22NL=22=3EMet vriendelijke groet= =2C With kind regards=2C=3Cbr=3E=3Cbr=3E=3C/span=3EJorick Astrego=3C/font= =3E=3C/span=3E=3Cb style=3D=22color=3A=23604c78=22=3E=3Cbr=3E=3Cbr=3ENetbul= ae Virtualization Experts =3C/b=3E=3Cbr=3E=3Chr style=3D=22border=3Anone=3B= border-top=3A1px solid =23ccc=3B=22=3E=3Ctable style=3D=22width=3A 522px=22= =3E=3Ctbody=3E=3Ctr=3E=3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px= =22=3ETel=3A 053 20 30 270=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bf= ont-size=3A 10px=22=3Einfo=40netbulae=2Eeu=3C/td=3E =3Ctd style=3D=22wid= th=3A 130px=3Bfont-size=3A 10px=22=3EStaalsteden 4-3A=3C/td=3E =3Ctd sty= le=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EKvK 08198180=3C/td=3E=3C/tr= =3E=3Ctr=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EFax= =3A 053 20 30 271=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size= =3A 10px=22=3Ewww=2Enetbulae=2Eeu=3C/td=3E =3Ctd style=3D=22width=3A 130= px=3Bfont-size=3A 10px=22=3E7547 TA Enschede=3C/td=3E =3Ctd style=3D=22w= idth=3A 130px=3Bfont-size=3A 10px=22=3EBTW NL821234584B01=3C/td=3E=3C/tr=3E= =3C/tbody=3E=3C/table=3E=3Cbr=3E=3Chr style=3D=22border=3Anone=3Bborder-top= =3A1px solid =23ccc=3B=22=3E=3CBR /=3E =3C/body=3E =3C/html=3E ------------MIME-296752662-1385342177-delim--
Have a look at the prerequisites section in http://www.ovirt.org/Features/ForemanIntegration#Bare-Metal_Provisioning It specifies what you must be able to do in Foreman for the integration to work. (currently we require proper permissions to view relevant bare-metal hosts, host groups, compute resources and execute provision request - which is a request to add a host). It is not the complete set of specific roles in Foreman, but it can help do the mapping. CC-ing also Ohad from the Foreman team, which can help if the information in the wiki isn't enough. Thanks, Oved ----- Original Message -----
From: "Jorick Astrego" <j.astrego@netbulae.eu> To: users@ovirt.org Sent: Thursday, January 22, 2015 2:48:34 PM Subject: [ovirt-users] roles for foreman integration user
Hi,
Quick question, which foreman roles does the foreman integration user require in the foreman.
I've tried a couple of permission settings but can only get the test to work when the use has role admin.
Met vriendelijke groet, With kind regards,
Jorick Astrego
Netbulae Virtualization Experts
Tel: 053 20 30 270 info@netbulae.eu Staalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
<br> <font color=3D"#000000">>> </font><br> <font color=3D"#000000">>> Tel: 053 20 30 270 info@<= a href=3D"mailto:netbulae.eu">netbulae.eu</a> = Staalsteden 4-3A KvK 0819818= 0 </font><br> <font color=3D"#000000">>> Fax: 05= 3 20 30 271 <a href=3D"http://www.netbul= ae.eu">www.netbulae.eu</a> 7547 TA Enschede &nb= sp; BTW NL821234584B01 </font><br> <font color=3D"#000000">>> </font><br> <font color=3D"#000000">>> </font><br> <font color=3D"#000000">>> </font><br> <font color=3D"#000000">>> __________________________________________= _____ </font><br> <font color=3D"#000000">>> Users mailing list </font><br> <font color=3D"#000000">>> Users@<a href=3D"mailto:ovirt.org">ovirt.o= rg</a> </font><br> <font color=3D"#000000">>> <a href=3D"http://lists.ovirt.org/mailman/=
This is a multi-part message in MIME format. ------------MIME-299019006-895166158-delim Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable I will check=2C but I now also have the problem in reverse=2E The compute= resource in foreman 1=2E6 will only work with admin=40internal=2E Gave the= external user the superuser role to test but still permission denied=2E I also cannot login to the api with this user manually=2C do I have to configure external authentication for api access somewhere else=3F Thanks for all the help! Jorick On 01/22/2015 01=3A58 PM=2C Oved Ourfali wrote=3A =3E Have a look at the prerequisites section in http=3A//www=2Eovirt=2Eorg/= Features/ForemanIntegration=23Bare-Metal=5FProvisioning =3E It specifies what you must be able to do in Foreman for the integration= to work=2E =3E =28currently we require proper permissions to view relevant bare-metal= hosts=2C host groups=2C compute resources and execute provision request -= which is a request to add a host=29=2E =3E =3E It is not the complete set of specific roles in Foreman=2C but it can h= elp do the mapping=2E =3E =3E CC-ing also Ohad from the Foreman team=2C which can help if the informa= tion in the wiki isn=27t enough=2E =3E =3E Thanks=2C =3E Oved =3E =3E ----- Original Message ----- =3E=3E From=3A =22Jorick Astrego=22 =3Cj=2Eastrego=40netbulae=2Eeu=3E =3E=3E To=3A users=40ovirt=2Eorg =3E=3E Sent=3A Thursday=2C January 22=2C 2015 2=3A48=3A34 PM =3E=3E Subject=3A =5Bovirt-users=5D roles for foreman integration user =3E=3E =3E=3E Hi=2C =3E=3E =3E=3E Quick question=2C which foreman roles does the foreman integration u= ser =3E=3E require in the foreman=2E =3E=3E =3E=3E I=27ve tried a couple of permission settings but can only get the te= st to =3E=3E work when the use has role admin=2E =3E=3E =3E=3E =3E=3E =3E=3E =3E=3E =3E=3E Met vriendelijke groet=2C With kind regards=2C =3E=3E =3E=3E Jorick Astrego =3E=3E =3E=3E Netbulae Virtualization Experts =3E=3E =3E=3E Tel=3A 053 20 30 270 =09info=40netbulae=2Eeu =09Staalsteden 4-3A=20= =09KvK 08198180 =3E=3E =09Fax=3A 053 20 30 271 =09www=2Enetbulae=2Eeu =097547 TA Enschede= =09BTW NL821234584B01 =3E=3E =3E=3E =3E=3E =3E=3E =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =3E=3E Users mailing list =3E=3E Users=40ovirt=2Eorg =3E=3E http=3A//lists=2Eovirt=2Eorg/mailman/listinfo/users =3E=3E Met vriendelijke groet=2C With kind regards=2C Jorick Astrego Netbulae Virtualization Experts=20 ---------------- =09Tel=3A 053 20 30 270 =09info=40netbulae=2Eeu =09Staalsteden 4-3A =09KvK= 08198180 =09Fax=3A 053 20 30 271 =09www=2Enetbulae=2Eeu =097547 TA Enschede =09BTW= NL821234584B01 ---------------- ------------MIME-299019006-895166158-delim Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable =3Chtml=3E =3Cbody=3E I will check, but I now also have the problem in reverse. The compute <= br> resource in foreman 1.6 will only work with admin@internal. Gave the <b= r> external user the superuser role to test but still permission denied. <= br> <br> I also cannot login to the api with this user manually, do I have to <b= r> configure external authentication for api access somewhere else? <br> <br> Thanks for all the help! <br> <br> Jorick <br> <br> On 01/22/2015 01:58 PM, Oved Ourfali wrote: <br> <font color=3D"#000000">> Have a look at the prerequisites section in <a= href=3D"http://www.ovirt.org/Features/ForemanIntegration#Bare-Metal_Provis= ioning">http://www.ovirt.org/Features/ForemanIntegration#Bare-Metal_Provisi= oning</a> </font><br> <font color=3D"#000000">> It specifies what you must be able to do in Fo= reman for the integration to work. </font><br> <font color=3D"#000000">> (currently we require proper permissions to vi= ew relevant bare-metal hosts, host groups, compute resources and execute pr= ovision request - which is a request to add a host). </font><br> <font color=3D"#000000">> </font><br> <font color=3D"#000000">> It is not the complete set of specific roles i= n Foreman, but it can help do the mapping. </font><br> <font color=3D"#000000">> </font><br> <font color=3D"#000000">> CC-ing also Ohad from the Foreman team, which = can help if the information in the wiki isn't enough. </font><br> <font color=3D"#000000">> </font><br> <font color=3D"#000000">> Thanks, </font><br> <font color=3D"#000000">> Oved </font><br> <font color=3D"#000000">> </font><br> <font color=3D"#000000">> ----- Original Message ----- </font><br> <font color=3D"#000000">>> From: "Jorick Astrego" <j.ast= rego@<a href=3D"mailto:netbulae.eu">netbulae.eu</a>> </font><br> <font color=3D"#000000">>> To: users@<a href=3D"mailto:ovirt.org">ovi= rt.org</a> </font><br> <font color=3D"#000000">>> Sent: Thursday, January 22, 2015 2:48:34 P= M </font><br> <font color=3D"#000000">>> Subject: [ovirt-users] roles for foreman i= ntegration user </font><br> <font color=3D"#000000">>> </font><br> <font color=3D"#000000">>> Hi, </font><br> <font color=3D"#000000">>> </font><br> <font color=3D"#000000">>> Quick question, which foreman roles does t= he foreman integration user </font><br> <font color=3D"#000000">>> require in the foreman. </font><br> <font color=3D"#000000">>> </font><br> <font color=3D"#000000">>> I've tried a couple of permission settings= but can only get the test to </font><br> <font color=3D"#000000">>> work when the use has role admin. </fo= nt><br> <font color=3D"#000000">>> </font><br> <font color=3D"#000000">>> </font><br> <font color=3D"#000000">>> </font><br> <font color=3D"#000000">>> </font><br> <font color=3D"#000000">>> </font><br> <font color=3D"#000000">>> Met vriendelijke groet, With kind regards,= </font><br> <font color=3D"#000000">>> </font><br> <font color=3D"#000000">>> Jorick Astrego </font><br> <font color=3D"#000000">>> </font><br> <font color=3D"#000000">>> Netbulae Virtualization Experts </font= listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </fon= t><br> <font color=3D"#000000">>> </font><br> <br> = =3CBR /=3E =3CBR /=3E =3Cb style=3D=22color=3A=23604c78=22=3E=3C/b=3E=3Cbr=3E=3Cspan style=3D=22c= olor=3A=23604c78=3B=22=3E=3Cfont color=3D=22000000=22=3E=3Cspan style=3D=22= mso-fareast-language=3Aen-gb=3B=22 lang=3D=22NL=22=3EMet vriendelijke groet= =2C With kind regards=2C=3Cbr=3E=3Cbr=3E=3C/span=3EJorick Astrego=3C/font= =3E=3C/span=3E=3Cb style=3D=22color=3A=23604c78=22=3E=3Cbr=3E=3Cbr=3ENetbul= ae Virtualization Experts =3C/b=3E=3Cbr=3E=3Chr style=3D=22border=3Anone=3B= border-top=3A1px solid =23ccc=3B=22=3E=3Ctable style=3D=22width=3A 522px=22= =3E=3Ctbody=3E=3Ctr=3E=3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px= =22=3ETel=3A 053 20 30 270=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bf= ont-size=3A 10px=22=3Einfo=40netbulae=2Eeu=3C/td=3E =3Ctd style=3D=22wid= th=3A 130px=3Bfont-size=3A 10px=22=3EStaalsteden 4-3A=3C/td=3E =3Ctd sty= le=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EKvK 08198180=3C/td=3E=3C/tr= =3E=3Ctr=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EFax= =3A 053 20 30 271=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size= =3A 10px=22=3Ewww=2Enetbulae=2Eeu=3C/td=3E =3Ctd style=3D=22width=3A 130= px=3Bfont-size=3A 10px=22=3E7547 TA Enschede=3C/td=3E =3Ctd style=3D=22w= idth=3A 130px=3Bfont-size=3A 10px=22=3EBTW NL821234584B01=3C/td=3E=3C/tr=3E= =3C/tbody=3E=3C/table=3E=3Cbr=3E=3Chr style=3D=22border=3Anone=3Bborder-top= =3A1px solid =23ccc=3B=22=3E=3CBR /=3E =3C/body=3E =3C/html=3E ------------MIME-299019006-895166158-delim--
You need to share the logs on both ends (ovirt+foreman) for us to understand it. Thanks, Oved ----- Original Message -----
From: "Jorick Astrego" <j.astrego@netbulae.eu> To: "Oved Ourfali" <ovedo@redhat.com> Cc: users@ovirt.org Sent: Thursday, January 22, 2015 3:25:51 PM Subject: Re: [ovirt-users] roles for foreman integration user
I will check, but I now also have the problem in reverse. The compute resource in foreman 1.6 will only work with admin@internal. Gave the external user the superuser role to test but still permission denied.
I also cannot login to the api with this user manually, do I have to configure external authentication for api access somewhere else?
Thanks for all the help!
Jorick
On 01/22/2015 01:58 PM, Oved Ourfali wrote:
Have a look at the prerequisites section in http://www.ovirt.org/Features/ForemanIntegration#Bare-Metal_Provisioning It specifies what you must be able to do in Foreman for the integration to work. (currently we require proper permissions to view relevant bare-metal hosts, host groups, compute resources and execute provision request - which is a request to add a host).
It is not the complete set of specific roles in Foreman, but it can help do the mapping.
CC-ing also Ohad from the Foreman team, which can help if the information in the wiki isn't enough.
Thanks, Oved
----- Original Message -----
From: "Jorick Astrego" <j.astrego@ netbulae.eu > To: users@ ovirt.org Sent: Thursday, January 22, 2015 2:48:34 PM Subject: [ovirt-users] roles for foreman integration user
Hi,
Quick question, which foreman roles does the foreman integration user require in the foreman.
I've tried a couple of permission settings but can only get the test to work when the use has role admin.
Met vriendelijke groet, With kind regards,
Jorick Astrego
Netbulae Virtualization Experts
Tel: 053 20 30 270 info@ netbulae.eu Staalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
_______________________________________________ Users mailing list Users@ ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Met vriendelijke groet, With kind regards,
Jorick Astrego
Netbulae Virtualization Experts
Tel: 053 20 30 270 info@netbulae.eu Staalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This is a multi-part message in MIME format. --------------000402020709060102060800 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Ah sorry=2C could have checked myself=2E Trying to get 3=2E5=2E1 running fo= r DEV in a hurry =3B-=29 Processing by ComputeResourcesController=23test=5Fconnection as */* Parameters=3A =7B=22utf8=22=3D=3E=22=E2=9C=93=22=2C =22authenticity=5Ftoken=22=3D=3E=22D/PZVxVpow1glpUBkxcD90WsMJjAxilbdWgX= Clgf7C8=3D=22=2C =22compute=5Fresource=22=3D=3E=7B=22name=22=3D=3E=22engine= en=22=2C =22provider=22=3D=3E=22Ovirt=22=2C =22description=22=3D=3E=22=22=2C =22url=22=3D=3E=22https=3A//ovirt-engine=2Enetbulae=2Etest/api=22=2C =22user=22=3D=3E=22test-admin=40netbulae=2Etest=22=2C =22password=22=3D= =3E=22=5BFILTERED=5D=22=2C =22location=5Fids=22=3D=3E=5B=22=22=2C =222=22=5D=2C =22organization=5F= ids=22=3D=3E=5B=22=22=2C =221=22=5D=7D=2C =22cr=5Fid=22=3D=3E=22null=22=7D CR=5FID IS null String does not start with the prefix =27encrypted-=27=2C so Foreman=3A=3AModel=3A=3AOvirt engineen was not decrypted String does not start with the prefix =27encrypted-=27=2C so Foreman=3A=3AModel=3A=3AOvirt engineen was not decrypted String does not start with the prefix =27encrypted-=27=2C so Foreman=3A=3AModel=3A=3AOvirt engineen was not decrypted String does not start with the prefix =27encrypted-=27=2C so Foreman=3A=3AModel=3A=3AOvirt engineen was not decrypted String does not start with the prefix =27encrypted-=27=2C so Foreman=3A=3AModel=3A=3AOvirt engineen was not decrypted String does not start with the prefix =27encrypted-=27=2C so Foreman=3A=3AModel=3A=3AOvirt engineen was not decrypted And the other side=3A 2015-01-22 13=3A59=3A20=2C034 INFO=20 =5Borg=2Eovirt=2Eengine=2Ecore=2Edal=2Edbbroker=2Eauditloghandling=2EAu= ditLogDirector=5D =28org=2Eovirt=2Ethread=2Epool-8-thread-8=29 =5B1414b745=5D Correlation= ID=3A 1414b745=2C Call Stack=3A null=2C Custom Event ID=3A -1=2C Message=3A U= ser/Group test- was granted permission for Role DataCenterAdmin on System by 2015-01-22 14=3A00=3A21=2C674 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthenticationFil= ter=5D =28ajp--127=2E0=2E0=2E1-8702-1=29 User test-admin authentication failed= =2E profile is netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn resu= lt code is CREDENTIALS=5FEXPIRED 2015-01-22 14=3A00=3A21=2C763 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthenticationFil= ter=5D =28ajp--127=2E0=2E0=2E1-8702-6=29 User test-admin authentication failed= =2E profile is netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn resu= lt code is CREDENTIALS=5FEXPIRED 2015-01-22 14=3A00=3A21=2C849 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthenticationFil= ter=5D =28ajp--127=2E0=2E0=2E1-8702-5=29 User test-admin authentication failed= =2E profile is netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn resu= lt code is CREDENTIALS=5FEXPIRED 2015-01-22 14=3A09=3A39=2C982 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthenticationFil= ter=5D =28ajp--127=2E0=2E0=2E1-8702-1=29 User test-admin authentication failed= =2E profile is netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn resu= lt code is CREDENTIALS=5FEXPIRED 2015-01-22 14=3A09=3A40=2C071 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthenticationFil= ter=5D =28ajp--127=2E0=2E0=2E1-8702-8=29 User test-adminauthentication failed= =2E profile is netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn resu= lt code is CREDENTIALS=5FEXPIRED 2015-01-22 14=3A09=3A40=2C203 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthenticationFil= ter=5D =28ajp--127=2E0=2E0=2E1-8702-2=29 User test-admin authentication failed= =2E profile is netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn resu= lt code is CREDENTIALS=5FEXPIRED Cheers=2C Jorick On 01/22/2015 02=3A29 PM=2C Oved Ourfali wrote=3A =3E You need to share the logs on both ends =28ovirt+foreman=29 for us to u= nderstand it=2E =3E =3E Thanks=2C =3E Oved =3E =3E ----- Original Message ----- =3E=3E From=3A =22Jorick Astrego=22 =3Cj=2Eastrego=40netbulae=2Eeu=3E =3E=3E To=3A =22Oved Ourfali=22 =3Covedo=40redhat=2Ecom=3E =3E=3E Cc=3A users=40ovirt=2Eorg =3E=3E Sent=3A Thursday=2C January 22=2C 2015 3=3A25=3A51 PM =3E=3E Subject=3A Re=3A =5Bovirt-users=5D roles for foreman integration use= r =3E=3E =3E=3E I will check=2C but I now also have the problem in reverse=2E The co= mpute =3E=3E resource in foreman 1=2E6 will only work with admin=40internal=2E Ga= ve the =3E=3E external user the superuser role to test but still permission denied= =2E =3E=3E =3E=3E I also cannot login to the api with this user manually=2C do I have= to =3E=3E configure external authentication for api access somewhere else=3F= =3E=3E =3E=3E Thanks for all the help! =3E=3E =3E=3E Jorick =3E=3E =3E=3E On 01/22/2015 01=3A58 PM=2C Oved Ourfali wrote=3A =3E=3E=3E Have a look at the prerequisites section in =3E=3E=3E http=3A//www=2Eovirt=2Eorg/Features/ForemanIntegration=23Bare-Met= al=5FProvisioning =3E=3E=3E It specifies what you must be able to do in Foreman for the integ= ration to =3E=3E=3E work=2E =3E=3E=3E =28currently we require proper permissions to view relevant bare-= metal hosts=2C =3E=3E=3E host groups=2C compute resources and execute provision request -= which is a =3E=3E=3E request to add a host=29=2E =3E=3E=3E =3E=3E=3E It is not the complete set of specific roles in Foreman=2C but it= can help do =3E=3E=3E the mapping=2E =3E=3E=3E =3E=3E=3E CC-ing also Ohad from the Foreman team=2C which can help if the i= nformation =3E=3E=3E in the wiki isn=27t enough=2E =3E=3E=3E =3E=3E=3E Thanks=2C =3E=3E=3E Oved =3E=3E=3E =3E=3E=3E ----- Original Message ----- =3E=3E=3E=3E From=3A =22Jorick Astrego=22 =3Cj=2Eastrego=40 netbulae=2Eeu= =3E =3E=3E=3E=3E To=3A users=40 ovirt=2Eorg =3E=3E=3E=3E Sent=3A Thursday=2C January 22=2C 2015 2=3A48=3A34 PM =3E=3E=3E=3E Subject=3A =5Bovirt-users=5D roles for foreman integration use= r =3E=3E=3E=3E =3E=3E=3E=3E Hi=2C =3E=3E=3E=3E =3E=3E=3E=3E Quick question=2C which foreman roles does the foreman integra= tion user =3E=3E=3E=3E require in the foreman=2E =3E=3E=3E=3E =3E=3E=3E=3E I=27ve tried a couple of permission settings but can only get= the test to =3E=3E=3E=3E work when the use has role admin=2E =3E=3E=3E=3E =3E=3E=3E=3E =3E=3E=3E=3E =3E=3E=3E=3E =3E=3E=3E=3E =3E=3E=3E=3E Met vriendelijke groet=2C With kind regards=2C =3E=3E=3E=3E =3E=3E=3E=3E Jorick Astrego =3E=3E=3E=3E =3E=3E=3E=3E Netbulae Virtualization Experts =3E=3E=3E=3E =3E=3E=3E=3E Tel=3A 053 20 30 270 info=40 netbulae=2Eeu Staalsteden 4-3A Kv= K 08198180 =3E=3E=3E=3E Fax=3A 053 20 30 271 www=2Enetbulae=2Eeu 7547 TA Enschede BTW= NL821234584B01 =3E=3E=3E=3E =3E=3E=3E=3E =3E=3E=3E=3E =3E=3E=3E=3E =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F =3E=3E=3E=3E Users mailing list =3E=3E=3E=3E Users=40 ovirt=2Eorg =3E=3E=3E=3E http=3A//lists=2Eovirt=2Eorg/mailman/listinfo/users =3E=3E=3E=3E =3E=3E =3E=3E =3E=3E =3E=3E Met vriendelijke groet=2C With kind regards=2C =3E=3E =3E=3E Jorick Astrego =3E=3E =3E=3E Netbulae Virtualization Experts =3E=3E =3E=3E Tel=3A 053 20 30 270 =09info=40netbulae=2Eeu =09Staalsteden 4-3A=20= =09KvK 08198180 =3E=3E =09Fax=3A 053 20 30 271 =09www=2Enetbulae=2Eeu =097547 TA Enschede= =09BTW NL821234584B01 =3E=3E =3E=3E =3E=3E =3E=3E =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =3E=3E Users mailing list =3E=3E Users=40ovirt=2Eorg =3E=3E http=3A//lists=2Eovirt=2Eorg/mailman/listinfo/users =3E=3E Met vriendelijke groet=2C With kind regards=2C Jorick Astrego Netbulae Virtualization Experts=20 ---------------- =09Tel=3A 053 20 30 270 =09info=40netbulae=2Eeu =09Staalsteden 4-3A =09KvK= 08198180 =09Fax=3A 053 20 30 271 =09www=2Enetbulae=2Eeu =097547 TA Enschede =09BTW= NL821234584B01 ---------------- --------------000402020709060102060800 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable =3Chtml=3E =3Chead=3E =3Cmeta content=3D=22text/html=3B charset=3Dutf-8=22 http-equiv=3D=22Co= ntent-Type=22=3E =3C/head=3E =3Cbody bgcolor=3D=22=23FFFFFF=22 text=3D=22=23000000=22=3E Ah sorry=2C could have checked myself=2E Trying to get 3=2E5=2E1 runnin= g for DEV in a hurry =3B-=29=3Cbr=3E =3Cbr=3E =3Cblockquote=3EProcessing by ComputeResourcesController=23test=5Fconne= ction as */*=3Cbr=3E =C2=A0 Parameters=3A =7B=22utf8=22=3D=26gt=3B=22=E2=9C=93=22=2C =22authenticity=5Ftoken=22=3D=26gt=3B=22D/PZVxVpow1glpUBkxcD90WsMJjAx= ilbdWgXClgf7C8=3D=22=2C =22compute=5Fresource=22=3D=26gt=3B=7B=22name=22=3D=26gt=3B=22enginee= n=22=2C =22provider=22=3D=26gt=3B=22Ovirt=22=2C =22description=22=3D=26gt=3B= =22=22=2C =22url=22=3D=26gt=3B=3Ca class=3D=22moz-txt-link-rfc2396E=22 href=3D=22https=3A//ovirt-engine=2Enetbulae=2Etest/api=22=3E=22http= s=3A//ovirt-engine=2Enetbulae=2Etest/api=22=3C/a=3E=2C =22user=22=3D=26gt=3B=3Ca class=3D=22moz-txt-link-rfc2396E=22 href=3D=22mailto=3Atest-admin=40netbulae=2Etest=22=3E=22test-admin= =40netbulae=2Etest=22=3C/a=3E=2C =22password=22=3D=26gt=3B=22=5BFILTERED=5D=22=2C =22location=5Fids=22= =3D=26gt=3B=5B=22=22=2C =222=22=5D=2C =22organization=5Fids=22=3D=26gt=3B=5B=22=22=2C =221=22=5D=7D=2C =22c= r=5Fid=22=3D=26gt=3B=22null=22=7D=3Cbr=3E CR=5FID IS null=3Cbr=3E String does not start with the prefix =27encrypted-=27=2C so Foreman=3A=3AModel=3A=3AOvirt engineen was not decrypted=3Cbr=3E String does not start with the prefix =27encrypted-=27=2C so Foreman=3A=3AModel=3A=3AOvirt engineen was not decrypted=3Cbr=3E String does not start with the prefix =27encrypted-=27=2C so Foreman=3A=3AModel=3A=3AOvirt engineen was not decrypted=3Cbr=3E String does not start with the prefix =27encrypted-=27=2C so Foreman=3A=3AModel=3A=3AOvirt engineen was not decrypted=3Cbr=3E String does not start with the prefix =27encrypted-=27=2C so Foreman=3A=3AModel=3A=3AOvirt engineen was not decrypted=3Cbr=3E String does not start with the prefix =27encrypted-=27=2C so Foreman=3A=3AModel=3A=3AOvirt engineen was not decrypted=3Cbr=3E =3Cbr=3E =3C/blockquote=3E And the other side=3A=3Cbr=3E =3Cbr=3E =3Cblockquote=3E2015-01-22 13=3A59=3A20=2C034 INFO=C2=A0 =5Borg=2Eovirt=2Eengine=2Ecore=2Edal=2Edbbroker=2Eauditloghandling=2E= AuditLogDirector=5D =28org=2Eovirt=2Ethread=2Epool-8-thread-8=29 =5B1414b745=5D Correlati= on ID=3A 1414b745=2C Call Stack=3A null=2C Custom Event ID=3A -1=2C Message=3A= User/Group test- was granted permission for Role DataCenterAdmin on System by =3Cbr=3E 2015-01-22 14=3A00=3A21=2C674 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthenticationF= ilter=5D =28ajp--127=2E0=2E0=2E1-8702-1=29 User test-admin authentication fail= ed=2E profile is netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn result code is CREDENTIALS=5FEXPIRED=3Cbr=3E 2015-01-22 14=3A00=3A21=2C763 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthenticationF= ilter=5D =28ajp--127=2E0=2E0=2E1-8702-6=29 User test-admin authentication fail= ed=2E profile is netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn result code is CREDENTIALS=5FEXPIRED=3Cbr=3E 2015-01-22 14=3A00=3A21=2C849 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthenticationF= ilter=5D =28ajp--127=2E0=2E0=2E1-8702-5=29 User test-admin authentication fail= ed=2E profile is netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn result code is CREDENTIALS=5FEXPIRED=3Cbr=3E 2015-01-22 14=3A09=3A39=2C982 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthenticationF= ilter=5D =28ajp--127=2E0=2E0=2E1-8702-1=29 User test-admin authentication fail= ed=2E profile is netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn result code is CREDENTIALS=5FEXPIRED=3Cbr=3E 2015-01-22 14=3A09=3A40=2C071 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthenticationF= ilter=5D =28ajp--127=2E0=2E0=2E1-8702-8=29 User test-adminauthentication faile= d=2E profile is netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn result code is CREDENTIALS=5FEXPIRED=3Cbr=3E 2015-01-22 14=3A09=3A40=2C203 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthenticationF= ilter=5D =28ajp--127=2E0=2E0=2E1-8702-2=29 User test-admin authentication fail= ed=2E profile is netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn result code is CREDENTIALS=5FEXPIRED=3C/blockquote=3E =3Cbr=3E Cheers=2C Jorick=3Cbr=3E =3Cbr=3E =3Cbr=3E =3Cdiv class=3D=22moz-cite-prefix=22=3EOn 01/22/2015 02=3A29 PM=2C Oved= Ourfali wrote=3A=3Cbr=3E =3C/div=3E =3Cblockquote cite=3D=22mid=3A692529860=2E13419979=2E1421933398202=2EJavaMail=2Ezim= bra=40redhat=2Ecom=22 type=3D=22cite=22=3E =3Cpre wrap=3D=22=22=3EYou need to share the logs on both ends =28ovi= rt+foreman=29 for us to understand it=2E Thanks=2C Oved ----- Original Message ----- =3C/pre=3E =3Cblockquote type=3D=22cite=22=3E =3Cpre wrap=3D=22=22=3EFrom=3A =22Jorick Astrego=22 =3Ca class=3D= =22moz-txt-link-rfc2396E=22 href=3D=22mailto=3Aj=2Eastrego=40netbulae=2Eeu= =22=3E=26lt=3Bj=2Eastrego=40netbulae=2Eeu=26gt=3B=3C/a=3E To=3A =22Oved Ourfali=22 =3Ca class=3D=22moz-txt-link-rfc2396E=22 href=3D= =22mailto=3Aovedo=40redhat=2Ecom=22=3E=26lt=3Bovedo=40redhat=2Ecom=26gt=3B= =3C/a=3E Cc=3A =3Ca class=3D=22moz-txt-link-abbreviated=22 href=3D=22mailto=3Ausers= =40ovirt=2Eorg=22=3Eusers=40ovirt=2Eorg=3C/a=3E Sent=3A Thursday=2C January 22=2C 2015 3=3A25=3A51 PM Subject=3A Re=3A =5Bovirt-users=5D roles for foreman integration user I will check=2C but I now also have the problem in reverse=2E The compute= resource in foreman 1=2E6 will only work with admin=40internal=2E Gave the= external user the superuser role to test but still permission denied=2E I also cannot login to the api with this user manually=2C do I have to configure external authentication for api access somewhere else=3F Thanks for all the help! Jorick On 01/22/2015 01=3A58 PM=2C Oved Ourfali wrote=3A =3C/pre=3E =3Cblockquote type=3D=22cite=22=3E =3Cpre wrap=3D=22=22=3EHave a look at the prerequisites section i= n =3Ca class=3D=22moz-txt-link-freetext=22 href=3D=22http=3A//www=2Eovirt=2Eo= rg/Features/ForemanIntegration=23Bare-Metal=5FProvisioning=22=3Ehttp=3A//ww= w=2Eovirt=2Eorg/Features/ForemanIntegration=23Bare-Metal=5FProvisioning=3C/= a=3E It specifies what you must be able to do in Foreman for the integration to= work=2E =28currently we require proper permissions to view relevant bare-metal host= s=2C host groups=2C compute resources and execute provision request - which is a= request to add a host=29=2E It is not the complete set of specific roles in Foreman=2C but it can help= do the mapping=2E CC-ing also Ohad from the Foreman team=2C which can help if the information= in the wiki isn=27t enough=2E Thanks=2C Oved ----- Original Message ----- =3C/pre=3E =3Cblockquote type=3D=22cite=22=3E =3Cpre wrap=3D=22=22=3EFrom=3A =22Jorick Astrego=22 =26lt=3Bj= =2Eastrego=40 netbulae=2Eeu =26gt=3B To=3A users=40 ovirt=2Eorg Sent=3A Thursday=2C January 22=2C 2015 2=3A48=3A34 PM Subject=3A =5Bovirt-users=5D roles for foreman integration user Hi=2C Quick question=2C which foreman roles does the foreman integration user require in the foreman=2E I=27ve tried a couple of permission settings but can only get the test to= work when the use has role admin=2E Met vriendelijke groet=2C With kind regards=2C Jorick Astrego Netbulae Virtualization Experts Tel=3A 053 20 30 270 info=40 netbulae=2Eeu Staalsteden 4-3A KvK 08198180 Fax=3A 053 20 30 271 =3Ca class=3D=22moz-txt-link-abbreviated=22 href=3D=22= http=3A//www=2Enetbulae=2Eeu=22=3Ewww=2Enetbulae=2Eeu=3C/a=3E 7547 TA Ensch= ede BTW NL821234584B01 =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F Users mailing list Users=40 ovirt=2Eorg =3Ca class=3D=22moz-txt-link-freetext=22 href=3D=22http=3A//lists=2Eovirt= =2Eorg/mailman/listinfo/users=22=3Ehttp=3A//lists=2Eovirt=2Eorg/mailman/lis= tinfo/users=3C/a=3E =3C/pre=3E =3C/blockquote=3E =3C/blockquote=3E =3Cpre wrap=3D=22=22=3E Met vriendelijke groet=2C With kind regards=2C Jorick Astrego Netbulae Virtualization Experts Tel=3A 053 20 30 270 =09=3Ca class=3D=22moz-txt-link-abbreviated=22 href=3D= =22mailto=3Ainfo=40netbulae=2Eeu=22=3Einfo=40netbulae=2Eeu=3C/a=3E =09Staal= steden 4-3A =09KvK 08198180 =09Fax=3A 053 20 30 271 =09=3Ca class=3D=22moz-txt-link-abbreviated=22 href= =3D=22http=3A//www=2Enetbulae=2Eeu=22=3Ewww=2Enetbulae=2Eeu=3C/a=3E =097547= TA Enschede =09BTW NL821234584B01 =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F Users mailing list =3Ca class=3D=22moz-txt-link-abbreviated=22 href=3D=22mailto=3AUsers=40ovir= t=2Eorg=22=3EUsers=40ovirt=2Eorg=3C/a=3E =3Ca class=3D=22moz-txt-link-freetext=22 href=3D=22http=3A//lists=2Eovirt= =2Eorg/mailman/listinfo/users=22=3Ehttp=3A//lists=2Eovirt=2Eorg/mailman/lis= tinfo/users=3C/a=3E =3C/pre=3E =3C/blockquote=3E =3C/blockquote=3E =3Cbr=3E =20= =3CBR /=3E =3CBR /=3E =3Cb style=3D=22color=3A=23604c78=22=3E=3C/b=3E=3Cbr=3E=3Cspan style=3D=22c= olor=3A=23604c78=3B=22=3E=3Cfont color=3D=22000000=22=3E=3Cspan style=3D=22= mso-fareast-language=3Aen-gb=3B=22 lang=3D=22NL=22=3EMet vriendelijke groet= =2C With kind regards=2C=3Cbr=3E=3Cbr=3E=3C/span=3EJorick Astrego=3C/font= =3E=3C/span=3E=3Cb style=3D=22color=3A=23604c78=22=3E=3Cbr=3E=3Cbr=3ENetbul= ae Virtualization Experts =3C/b=3E=3Cbr=3E=3Chr style=3D=22border=3Anone=3B= border-top=3A1px solid =23ccc=3B=22=3E=3Ctable style=3D=22width=3A 522px=22= =3E=3Ctbody=3E=3Ctr=3E=3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px= =22=3ETel=3A 053 20 30 270=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bf= ont-size=3A 10px=22=3Einfo=40netbulae=2Eeu=3C/td=3E =3Ctd style=3D=22wid= th=3A 130px=3Bfont-size=3A 10px=22=3EStaalsteden 4-3A=3C/td=3E =3Ctd sty= le=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EKvK 08198180=3C/td=3E=3C/tr= =3E=3Ctr=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EFax= =3A 053 20 30 271=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size= =3A 10px=22=3Ewww=2Enetbulae=2Eeu=3C/td=3E =3Ctd style=3D=22width=3A 130= px=3Bfont-size=3A 10px=22=3E7547 TA Enschede=3C/td=3E =3Ctd style=3D=22w= idth=3A 130px=3Bfont-size=3A 10px=22=3EBTW NL821234584B01=3C/td=3E=3C/tr=3E= =3C/tbody=3E=3C/table=3E=3Cbr=3E=3Chr style=3D=22border=3Anone=3Bborder-top= =3A1px solid =23ccc=3B=22=3E=3CBR /=3E =3C/body=3E =3C/html=3E --------------000402020709060102060800--
are you able to login with these credentials to oVirt directly? ----- Original Message -----
From: "Jorick Astrego" <j.astrego@netbulae.eu> To: "Oved Ourfali" <ovedo@redhat.com> Cc: "Ohad Levy" <ohadlevy@redhat.com>, users@ovirt.org Sent: Thursday, January 22, 2015 3:48:45 PM Subject: Re: [ovirt-users] roles for foreman integration user
Ah sorry, could have checked myself. Trying to get 3.5.1 running for DEV in a hurry ;-)
Processing by ComputeResourcesController#test_connection as */* Parameters: {"utf8"=>"✓", "authenticity_token"=>"D/PZVxVpow1glpUBkxcD90WsMJjAxilbdWgXClgf7C8=", "compute_resource"=>{"name"=>"engineen", "provider"=>"Ovirt", "description"=>"", "url"=> "https://ovirt-engine.netbulae.test/api" , "user"=> "test-admin@netbulae.test" , "password"=>"[FILTERED]", "location_ids"=>["", "2"], "organization_ids"=>["", "1"]}, "cr_id"=>"null"} CR_ID IS null String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt engineen was not decrypted String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt engineen was not decrypted String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt engineen was not decrypted String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt engineen was not decrypted String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt engineen was not decrypted String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt engineen was not decrypted
And the other side:
2015-01-22 13:59:20,034 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (org.ovirt.thread.pool-8-thread-8) [1414b745] Correlation ID: 1414b745, Call Stack: null, Custom Event ID: -1, Message: User/Group test- was granted permission for Role DataCenterAdmin on System by 2015-01-22 14:00:21,674 ERROR [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter] (ajp--127.0.0.1-8702-1) User test-admin authentication failed. profile is netbulae.mgmt. Invocation Result code is 0. Authn result code is CREDENTIALS_EXPIRED 2015-01-22 14:00:21,763 ERROR [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter] (ajp--127.0.0.1-8702-6) User test-admin authentication failed. profile is netbulae.mgmt. Invocation Result code is 0. Authn result code is CREDENTIALS_EXPIRED 2015-01-22 14:00:21,849 ERROR [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter] (ajp--127.0.0.1-8702-5) User test-admin authentication failed. profile is netbulae.mgmt. Invocation Result code is 0. Authn result code is CREDENTIALS_EXPIRED 2015-01-22 14:09:39,982 ERROR [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter] (ajp--127.0.0.1-8702-1) User test-admin authentication failed. profile is netbulae.mgmt. Invocation Result code is 0. Authn result code is CREDENTIALS_EXPIRED 2015-01-22 14:09:40,071 ERROR [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter] (ajp--127.0.0.1-8702-8) User test-adminauthentication failed. profile is netbulae.mgmt. Invocation Result code is 0. Authn result code is CREDENTIALS_EXPIRED 2015-01-22 14:09:40,203 ERROR [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter] (ajp--127.0.0.1-8702-2) User test-admin authentication failed. profile is netbulae.mgmt. Invocation Result code is 0. Authn result code is CREDENTIALS_EXPIRED Cheers, Jorick
On 01/22/2015 02:29 PM, Oved Ourfali wrote:
You need to share the logs on both ends (ovirt+foreman) for us to understand it.
Thanks, Oved
----- Original Message -----
From: "Jorick Astrego" <j.astrego@netbulae.eu> To: "Oved Ourfali" <ovedo@redhat.com> Cc: users@ovirt.org Sent: Thursday, January 22, 2015 3:25:51 PM Subject: Re: [ovirt-users] roles for foreman integration user
I will check, but I now also have the problem in reverse. The compute resource in foreman 1.6 will only work with admin@internal. Gave the external user the superuser role to test but still permission denied.
I also cannot login to the api with this user manually, do I have to configure external authentication for api access somewhere else?
Thanks for all the help!
Jorick
On 01/22/2015 01:58 PM, Oved Ourfali wrote:
Have a look at the prerequisites section in http://www.ovirt.org/Features/ForemanIntegration#Bare-Metal_Provisioning It specifies what you must be able to do in Foreman for the integration to work. (currently we require proper permissions to view relevant bare-metal hosts, host groups, compute resources and execute provision request - which is a request to add a host).
It is not the complete set of specific roles in Foreman, but it can help do the mapping.
CC-ing also Ohad from the Foreman team, which can help if the information in the wiki isn't enough.
Thanks, Oved
----- Original Message -----
From: "Jorick Astrego" <j.astrego@ netbulae.eu > To: users@ ovirt.org Sent: Thursday, January 22, 2015 2:48:34 PM Subject: [ovirt-users] roles for foreman integration user
Hi,
Quick question, which foreman roles does the foreman integration user require in the foreman.
I've tried a couple of permission settings but can only get the test to work when the use has role admin.
Met vriendelijke groet, With kind regards,
Jorick Astrego
Netbulae Virtualization Experts
Tel: 053 20 30 270 info@ netbulae.eu Staalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
_______________________________________________ Users mailing list Users@ ovirt.org http://lists.ovirt.org/mailman/listinfo/users Met vriendelijke groet, With kind regards,
Jorick Astrego
Netbulae Virtualization Experts
Tel: 053 20 30 270 info@netbulae.eu Staalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Met vriendelijke groet, With kind regards,
Jorick Astrego
Netbulae Virtualization Experts
Tel: 053 20 30 270 info@netbulae.eu Staalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This is a multi-part message in MIME format. --------------050109010802010703060809 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Nope=2C I just reset the password twice in FreeIPA=2E Once with a random password and next with a very simple password 2015-01-22 15=3A31=3A09=2C344 INFO=20 =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2Eaaa=2ELoginBaseCommand=5D =28ajp--127=2E0=2E0=2E1-8702-5=29 Cant login user =22test-admin=22 with= authentication profile =22netbulae=2Etest=22 because the authentication= failed=2E 2015-01-22 15=3A31=3A09=2C366 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Edal=2Edbbroker=2Eauditloghandling=2EAu= ditLogDirector=5D =28ajp--127=2E0=2E0=2E1-8702-5=29 Correlation ID=3A null=2C Call Stack= =3A null=2C Custom Event ID=3A -1=2C Message=3A User test-admin=40netbulae=2Etest f= ailed to log in=2E 2015-01-22 15=3A31=3A09=2C367 WARN=20 =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2Eaaa=2ELoginAdminUserCommand=5D= =28ajp--127=2E0=2E0=2E1-8702-5=29 CanDoAction of action LoginAdminUser= failed for user test-admin=40netbulae=2Etest=2E Reasons=3A USER=5FPASSWORD=5F= EXPIRED On the ipa side=2C I don=27t see any authentication attempts in de logs=2E= ldapsearch with the same account and password on the ipa works fine=2E On 01/22/2015 02=3A55 PM=2C Oved Ourfali wrote=3A =3E are you able to login with these credentials to oVirt directly=3F =3E =3E ----- Original Message ----- =3E=3E From=3A =22Jorick Astrego=22 =3Cj=2Eastrego=40netbulae=2Eeu=3E =3E=3E To=3A =22Oved Ourfali=22 =3Covedo=40redhat=2Ecom=3E =3E=3E Cc=3A =22Ohad Levy=22 =3Cohadlevy=40redhat=2Ecom=3E=2C users=40ovirt= =2Eorg =3E=3E Sent=3A Thursday=2C January 22=2C 2015 3=3A48=3A45 PM =3E=3E Subject=3A Re=3A =5Bovirt-users=5D roles for foreman integration use= r =3E=3E =3E=3E Ah sorry=2C could have checked myself=2E Trying to get 3=2E5=2E1 run= ning for DEV in a =3E=3E hurry =3B-=29 =3E=3E =3E=3E =3E=3E =3E=3E Processing by ComputeResourcesController=23test=5Fconnection as */*= =3E=3E Parameters=3A =7B=22utf8=22=3D=3E=22=E2=9C=93=22=2C =3E=3E =22authenticity=5Ftoken=22=3D=3E=22D/PZVxVpow1glpUBkxcD90WsMJjAxilbd= WgXClgf7C8=3D=22=2C =3E=3E =22compute=5Fresource=22=3D=3E=7B=22name=22=3D=3E=22engineen=22=2C= =22provider=22=3D=3E=22Ovirt=22=2C =3E=3E =22description=22=3D=3E=22=22=2C =22url=22=3D=3E =22https=3A//ovirt-= engine=2Enetbulae=2Etest/api=22 =2C =3E=3E =22user=22=3D=3E =22test-admin=40netbulae=2Etest=22 =2C =22password= =22=3D=3E=22=5BFILTERED=5D=22=2C =3E=3E =22location=5Fids=22=3D=3E=5B=22=22=2C =222=22=5D=2C =22organization= =5Fids=22=3D=3E=5B=22=22=2C =221=22=5D=7D=2C =22cr=5Fid=22=3D=3E=22null=22= =7D =3E=3E CR=5FID IS null =3E=3E String does not start with the prefix =27encrypted-=27=2C so Foreman= =3A=3AModel=3A=3AOvirt =3E=3E engineen was not decrypted =3E=3E String does not start with the prefix =27encrypted-=27=2C so Foreman= =3A=3AModel=3A=3AOvirt =3E=3E engineen was not decrypted =3E=3E String does not start with the prefix =27encrypted-=27=2C so Foreman= =3A=3AModel=3A=3AOvirt =3E=3E engineen was not decrypted =3E=3E String does not start with the prefix =27encrypted-=27=2C so Foreman= =3A=3AModel=3A=3AOvirt =3E=3E engineen was not decrypted =3E=3E String does not start with the prefix =27encrypted-=27=2C so Foreman= =3A=3AModel=3A=3AOvirt =3E=3E engineen was not decrypted =3E=3E String does not start with the prefix =27encrypted-=27=2C so Foreman= =3A=3AModel=3A=3AOvirt =3E=3E engineen was not decrypted =3E=3E =3E=3E And the other side=3A =3E=3E =3E=3E =3E=3E =3E=3E 2015-01-22 13=3A59=3A20=2C034 INFO =3E=3E =5Borg=2Eovirt=2Eengine=2Ecore=2Edal=2Edbbroker=2Eauditloghandling= =2EAuditLogDirector=5D =3E=3E =28org=2Eovirt=2Ethread=2Epool-8-thread-8=29 =5B1414b745=5D Correlat= ion ID=3A 1414b745=2C Call =3E=3E Stack=3A null=2C Custom Event ID=3A -1=2C Message=3A User/Group test= - was granted =3E=3E permission for Role DataCenterAdmin on System by =3E=3E 2015-01-22 14=3A00=3A21=2C674 ERROR =3E=3E =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthentication= Filter=5D =3E=3E =28ajp--127=2E0=2E0=2E1-8702-1=29 User test-admin authentication fai= led=2E profile is =3E=3E netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn result code= is =3E=3E CREDENTIALS=5FEXPIRED =3E=3E 2015-01-22 14=3A00=3A21=2C763 ERROR =3E=3E =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthentication= Filter=5D =3E=3E =28ajp--127=2E0=2E0=2E1-8702-6=29 User test-admin authentication fai= led=2E profile is =3E=3E netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn result code= is =3E=3E CREDENTIALS=5FEXPIRED =3E=3E 2015-01-22 14=3A00=3A21=2C849 ERROR =3E=3E =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthentication= Filter=5D =3E=3E =28ajp--127=2E0=2E0=2E1-8702-5=29 User test-admin authentication fai= led=2E profile is =3E=3E netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn result code= is =3E=3E CREDENTIALS=5FEXPIRED =3E=3E 2015-01-22 14=3A09=3A39=2C982 ERROR =3E=3E =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthentication= Filter=5D =3E=3E =28ajp--127=2E0=2E0=2E1-8702-1=29 User test-admin authentication fai= led=2E profile is =3E=3E netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn result code= is =3E=3E CREDENTIALS=5FEXPIRED =3E=3E 2015-01-22 14=3A09=3A40=2C071 ERROR =3E=3E =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthentication= Filter=5D =3E=3E =28ajp--127=2E0=2E0=2E1-8702-8=29 User test-adminauthentication fail= ed=2E profile is =3E=3E netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn result code= is =3E=3E CREDENTIALS=5FEXPIRED =3E=3E 2015-01-22 14=3A09=3A40=2C203 ERROR =3E=3E =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthentication= Filter=5D =3E=3E =28ajp--127=2E0=2E0=2E1-8702-2=29 User test-admin authentication fai= led=2E profile is =3E=3E netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn result code= is =3E=3E CREDENTIALS=5FEXPIRED =3E=3E Cheers=2C Jorick =3E=3E =3E=3E =3E=3E On 01/22/2015 02=3A29 PM=2C Oved Ourfali wrote=3A =3E=3E =3E=3E =3E=3E =3E=3E You need to share the logs on both ends =28ovirt+foreman=29 for us t= o understand =3E=3E it=2E =3E=3E =3E=3E Thanks=2C =3E=3E Oved =3E=3E =3E=3E ----- Original Message ----- =3E=3E =3E=3E =3E=3E =3E=3E From=3A =22Jorick Astrego=22 =3Cj=2Eastrego=40netbulae=2Eeu=3E To=3A= =22Oved Ourfali=22 =3E=3E =3Covedo=40redhat=2Ecom=3E Cc=3A users=40ovirt=2Eorg Sent=3A Thursda= y=2C January 22=2C 2015 =3E=3E 3=3A25=3A51 PM =3E=3E Subject=3A Re=3A =5Bovirt-users=5D roles for foreman integration use= r =3E=3E =3E=3E I will check=2C but I now also have the problem in reverse=2E The co= mpute =3E=3E resource in foreman 1=2E6 will only work with admin=40internal=2E Ga= ve the =3E=3E external user the superuser role to test but still permission denied= =2E =3E=3E =3E=3E I also cannot login to the api with this user manually=2C do I have= to =3E=3E configure external authentication for api access somewhere else=3F= =3E=3E =3E=3E Thanks for all the help! =3E=3E =3E=3E Jorick =3E=3E =3E=3E On 01/22/2015 01=3A58 PM=2C Oved Ourfali wrote=3A =3E=3E =3E=3E =3E=3E =3E=3E Have a look at the prerequisites section in =3E=3E http=3A//www=2Eovirt=2Eorg/Features/ForemanIntegration=23Bare-Metal= =5FProvisioning It =3E=3E specifies what you must be able to do in Foreman for the integration= to =3E=3E work=2E =3E=3E =28currently we require proper permissions to view relevant bare-met= al hosts=2C =3E=3E host groups=2C compute resources and execute provision request - whi= ch is a =3E=3E request to add a host=29=2E =3E=3E =3E=3E It is not the complete set of specific roles in Foreman=2C but it ca= n help do =3E=3E the mapping=2E =3E=3E =3E=3E CC-ing also Ohad from the Foreman team=2C which can help if the info= rmation =3E=3E in the wiki isn=27t enough=2E =3E=3E =3E=3E Thanks=2C =3E=3E Oved =3E=3E =3E=3E ----- Original Message ----- =3E=3E =3E=3E =3E=3E =3E=3E From=3A =22Jorick Astrego=22 =3Cj=2Eastrego=40 netbulae=2Eeu =3E =3E=3E To=3A users=40 ovirt=2Eorg =3E=3E Sent=3A Thursday=2C January 22=2C 2015 2=3A48=3A34 PM =3E=3E Subject=3A =5Bovirt-users=5D roles for foreman integration user =3E=3E =3E=3E Hi=2C =3E=3E =3E=3E Quick question=2C which foreman roles does the foreman integration u= ser =3E=3E require in the foreman=2E =3E=3E =3E=3E I=27ve tried a couple of permission settings but can only get the te= st to =3E=3E work when the use has role admin=2E =3E=3E =3E=3E =3E=3E =3E=3E =3E=3E =3E=3E Met vriendelijke groet=2C With kind regards=2C =3E=3E =3E=3E Jorick Astrego =3E=3E =3E=3E Netbulae Virtualization Experts =3E=3E =3E=3E Tel=3A 053 20 30 270 info=40 netbulae=2Eeu Staalsteden 4-3A KvK 0819= 8180 =3E=3E Fax=3A 053 20 30 271 www=2Enetbulae=2Eeu 7547 TA Enschede BTW NL8212= 34584B01 =3E=3E =3E=3E =3E=3E =3E=3E =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =3E=3E Users mailing list =3E=3E Users=40 ovirt=2Eorg http=3A//lists=2Eovirt=2Eorg/mailman/listinfo/u= sers =3E=3E Met vriendelijke groet=2C With kind regards=2C =3E=3E =3E=3E Jorick Astrego =3E=3E =3E=3E Netbulae Virtualization Experts =3E=3E =3E=3E Tel=3A 053 20 30 270 info=40netbulae=2Eeu Staalsteden 4-3A =09KvK 08= 198180 =3E=3E =09Fax=3A 053 20 30 271 www=2Enetbulae=2Eeu 7547 TA Enschede =09BTW= NL821234584B01 =3E=3E =3E=3E =3E=3E =3E=3E =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =3E=3E Users mailing list Users=40ovirt=2Eorg =3E=3E http=3A//lists=2Eovirt=2Eorg/mailman/listinfo/users =3E=3E =3E=3E =3E=3E =3E=3E =3E=3E Met vriendelijke groet=2C With kind regards=2C =3E=3E =3E=3E Jorick Astrego =3E=3E =3E=3E Netbulae Virtualization Experts =3E=3E =3E=3E Tel=3A 053 20 30 270 =09info=40netbulae=2Eeu =09Staalsteden 4-3A=20= =09KvK 08198180 =3E=3E =09Fax=3A 053 20 30 271 =09www=2Enetbulae=2Eeu =097547 TA Enschede= =09BTW NL821234584B01 =3E=3E =3E=3E =3E=3E =3E=3E =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =3E=3E Users mailing list =3E=3E Users=40ovirt=2Eorg =3E=3E http=3A//lists=2Eovirt=2Eorg/mailman/listinfo/users =3E=3E Met vriendelijke groet=2C With kind regards=2C Jorick Astrego Netbulae Virtualization Experts=20 ---------------- =09Tel=3A 053 20 30 270 =09info=40netbulae=2Eeu =09Staalsteden 4-3A =09KvK= 08198180 =09Fax=3A 053 20 30 271 =09www=2Enetbulae=2Eeu =097547 TA Enschede =09BTW= NL821234584B01 ---------------- --------------050109010802010703060809 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable =3Chtml=3E =3Chead=3E =3Cmeta content=3D=22text/html=3B charset=3Dutf-8=22 http-equiv=3D=22Co= ntent-Type=22=3E =3C/head=3E =3Cbody bgcolor=3D=22=23FFFFFF=22 text=3D=22=23000000=22=3E Nope=2C I just reset the password twice in FreeIPA=2E Once with a rando= m password and next with a very simple password=3Cbr=3E =3Cbr=3E =3Cbr=3E =3Cblockquote=3E2015-01-22 15=3A31=3A09=2C344 INFO=C2=A0 =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2Eaaa=2ELoginBaseCommand=5D =28ajp--127=2E0=2E0=2E1-8702-5=29 Cant login user =22test-admin=22 wi= th authentication profile =22netbulae=2Etest=22 because the authenticati= on failed=2E=3Cbr=3E 2015-01-22 15=3A31=3A09=2C366 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Edal=2Edbbroker=2Eauditloghandling=2E= AuditLogDirector=5D =28ajp--127=2E0=2E0=2E1-8702-5=29 Correlation ID=3A null=2C Call Stac= k=3A null=2C Custom Event ID=3A -1=2C Message=3A User =3Ca class=3D=22moz-txt-link= -abbreviated=22 href=3D=22mailto=3Atest-admin=40netbulae=2Etest=22=3Etest-a= dmin=40netbulae=2Etest=3C/a=3E failed to log in=2E=3Cbr=3E 2015-01-22 15=3A31=3A09=2C367 WARN=C2=A0 =5Borg=2Eovirt=2Eengine=2Ecore=2Ebll=2Eaaa=2ELoginAdminUserCommand=5D= =28ajp--127=2E0=2E0=2E1-8702-5=29 CanDoAction of action LoginAdminUse= r failed for user=C2=A0 =3Ca class=3D=22moz-txt-link-abbreviated=22 hre= f=3D=22mailto=3Atest-admin=40netbulae=2Etest=22=3Etest-admin=40netbulae=2Et= est=3C/a=3E=2E Reasons=3A USER=5FPASSWORD=5FEXPIRED=3Cbr=3E =3Cbr=3E =3C/blockquote=3E On the ipa side=2C I don=27t see any authentication attempts in de logs= =2E ldapsearch with the same account and password on the ipa works fine=2E= =3Cbr=3E =3Cbr=3E =3Cbr=3E =3Cdiv class=3D=22moz-cite-prefix=22=3EOn 01/22/2015 02=3A55 PM=2C Oved= Ourfali wrote=3A=3Cbr=3E =3C/div=3E =3Cblockquote cite=3D=22mid=3A1782147377=2E13447945=2E1421934906755=2EJavaMail=2Ezi= mbra=40redhat=2Ecom=22 type=3D=22cite=22=3E =3Cpre wrap=3D=22=22=3Eare you able to login with these credentials t= o oVirt directly=3F ----- Original Message ----- =3C/pre=3E =3Cblockquote type=3D=22cite=22=3E =3Cpre wrap=3D=22=22=3EFrom=3A =22Jorick Astrego=22 =3Ca class=3D= =22moz-txt-link-rfc2396E=22 href=3D=22mailto=3Aj=2Eastrego=40netbulae=2Eeu= =22=3E=26lt=3Bj=2Eastrego=40netbulae=2Eeu=26gt=3B=3C/a=3E To=3A =22Oved Ourfali=22 =3Ca class=3D=22moz-txt-link-rfc2396E=22 href=3D= =22mailto=3Aovedo=40redhat=2Ecom=22=3E=26lt=3Bovedo=40redhat=2Ecom=26gt=3B= =3C/a=3E Cc=3A =22Ohad Levy=22 =3Ca class=3D=22moz-txt-link-rfc2396E=22 href=3D=22ma= ilto=3Aohadlevy=40redhat=2Ecom=22=3E=26lt=3Bohadlevy=40redhat=2Ecom=26gt=3B= =3C/a=3E=2C =3Ca class=3D=22moz-txt-link-abbreviated=22 href=3D=22mailto=3A= users=40ovirt=2Eorg=22=3Eusers=40ovirt=2Eorg=3C/a=3E Sent=3A Thursday=2C January 22=2C 2015 3=3A48=3A45 PM Subject=3A Re=3A =5Bovirt-users=5D roles for foreman integration user Ah sorry=2C could have checked myself=2E Trying to get 3=2E5=2E1 running fo= r DEV in a hurry =3B-=29 Processing by ComputeResourcesController=23test=5Fconnection as */* Parameters=3A =7B=22utf8=22=3D=26gt=3B=22=E2=9C=93=22=2C =22authenticity=5Ftoken=22=3D=26gt=3B=22D/PZVxVpow1glpUBkxcD90WsMJjAxilbdWg= XClgf7C8=3D=22=2C =22compute=5Fresource=22=3D=26gt=3B=7B=22name=22=3D=26gt=3B=22engineen=22= =2C =22provider=22=3D=26gt=3B=22Ovirt=22=2C =22description=22=3D=26gt=3B=22=22=2C =22url=22=3D=26gt=3B =3Ca class=3D=22= moz-txt-link-rfc2396E=22 href=3D=22https=3A//ovirt-engine=2Enetbulae=2Etest= /api=22=3E=22https=3A//ovirt-engine=2Enetbulae=2Etest/api=22=3C/a=3E =2C =22user=22=3D=26gt=3B =3Ca class=3D=22moz-txt-link-rfc2396E=22 href=3D=22ma= ilto=3Atest-admin=40netbulae=2Etest=22=3E=22test-admin=40netbulae=2Etest=22= =3C/a=3E =2C =22password=22=3D=26gt=3B=22=5BFILTERED=5D=22=2C =22location=5Fids=22=3D=26gt=3B=5B=22=22=2C =222=22=5D=2C =22organization= =5Fids=22=3D=26gt=3B=5B=22=22=2C =221=22=5D=7D=2C =22cr=5Fid=22=3D=26gt=3B= =22null=22=7D CR=5FID IS null String does not start with the prefix =27encrypted-=27=2C so Foreman=3A=3AM= odel=3A=3AOvirt engineen was not decrypted String does not start with the prefix =27encrypted-=27=2C so Foreman=3A=3AM= odel=3A=3AOvirt engineen was not decrypted String does not start with the prefix =27encrypted-=27=2C so Foreman=3A=3AM= odel=3A=3AOvirt engineen was not decrypted String does not start with the prefix =27encrypted-=27=2C so Foreman=3A=3AM= odel=3A=3AOvirt engineen was not decrypted String does not start with the prefix =27encrypted-=27=2C so Foreman=3A=3AM= odel=3A=3AOvirt engineen was not decrypted String does not start with the prefix =27encrypted-=27=2C so Foreman=3A=3AM= odel=3A=3AOvirt engineen was not decrypted And the other side=3A 2015-01-22 13=3A59=3A20=2C034 INFO =5Borg=2Eovirt=2Eengine=2Ecore=2Edal=2Edbbroker=2Eauditloghandling=2EAuditL= ogDirector=5D =28org=2Eovirt=2Ethread=2Epool-8-thread-8=29 =5B1414b745=5D Correlation ID= =3A 1414b745=2C Call Stack=3A null=2C Custom Event ID=3A -1=2C Message=3A User/Group test- was g= ranted permission for Role DataCenterAdmin on System by 2015-01-22 14=3A00=3A21=2C674 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthenticationFilter= =5D =28ajp--127=2E0=2E0=2E1-8702-1=29 User test-admin authentication failed=2E= profile is netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn result code is CREDENTIALS=5FEXPIRED 2015-01-22 14=3A00=3A21=2C763 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthenticationFilter= =5D =28ajp--127=2E0=2E0=2E1-8702-6=29 User test-admin authentication failed=2E= profile is netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn result code is CREDENTIALS=5FEXPIRED 2015-01-22 14=3A00=3A21=2C849 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthenticationFilter= =5D =28ajp--127=2E0=2E0=2E1-8702-5=29 User test-admin authentication failed=2E= profile is netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn result code is CREDENTIALS=5FEXPIRED 2015-01-22 14=3A09=3A39=2C982 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthenticationFilter= =5D =28ajp--127=2E0=2E0=2E1-8702-1=29 User test-admin authentication failed=2E= profile is netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn result code is CREDENTIALS=5FEXPIRED 2015-01-22 14=3A09=3A40=2C071 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthenticationFilter= =5D =28ajp--127=2E0=2E0=2E1-8702-8=29 User test-adminauthentication failed=2E p= rofile is netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn result code is CREDENTIALS=5FEXPIRED 2015-01-22 14=3A09=3A40=2C203 ERROR =5Borg=2Eovirt=2Eengine=2Ecore=2Eaaa=2Efilters=2EBasicAuthenticationFilter= =5D =28ajp--127=2E0=2E0=2E1-8702-2=29 User test-admin authentication failed=2E= profile is netbulae=2Emgmt=2E Invocation Result code is 0=2E Authn result code is CREDENTIALS=5FEXPIRED Cheers=2C Jorick On 01/22/2015 02=3A29 PM=2C Oved Ourfali wrote=3A You need to share the logs on both ends =28ovirt+foreman=29 for us to under= stand it=2E Thanks=2C Oved ----- Original Message ----- From=3A =22Jorick Astrego=22 =3Ca class=3D=22moz-txt-link-rfc2396E=22 href= =3D=22mailto=3Aj=2Eastrego=40netbulae=2Eeu=22=3E=26lt=3Bj=2Eastrego=40netbu= lae=2Eeu=26gt=3B=3C/a=3E To=3A =22Oved Ourfali=22 =3Ca class=3D=22moz-txt-link-rfc2396E=22 href=3D=22mailto=3Aovedo=40redhat= =2Ecom=22=3E=26lt=3Bovedo=40redhat=2Ecom=26gt=3B=3C/a=3E Cc=3A =3Ca class= =3D=22moz-txt-link-abbreviated=22 href=3D=22mailto=3Ausers=40ovirt=2Eorg=22= =3Eusers=40ovirt=2Eorg=3C/a=3E Sent=3A Thursday=2C January 22=2C 2015 3=3A25=3A51 PM Subject=3A Re=3A =5Bovirt-users=5D roles for foreman integration user I will check=2C but I now also have the problem in reverse=2E The compute= resource in foreman 1=2E6 will only work with admin=40internal=2E Gave the= external user the superuser role to test but still permission denied=2E I also cannot login to the api with this user manually=2C do I have to configure external authentication for api access somewhere else=3F Thanks for all the help! Jorick On 01/22/2015 01=3A58 PM=2C Oved Ourfali wrote=3A Have a look at the prerequisites section in =3Ca class=3D=22moz-txt-link-freetext=22 href=3D=22http=3A//www=2Eovirt=2Eo= rg/Features/ForemanIntegration=23Bare-Metal=5FProvisioning=22=3Ehttp=3A//ww= w=2Eovirt=2Eorg/Features/ForemanIntegration=23Bare-Metal=5FProvisioning=3C/= a=3E It specifies what you must be able to do in Foreman for the integration to work=2E =28currently we require proper permissions to view relevant bare-metal host= s=2C host groups=2C compute resources and execute provision request - which is a= request to add a host=29=2E It is not the complete set of specific roles in Foreman=2C but it can help= do the mapping=2E CC-ing also Ohad from the Foreman team=2C which can help if the information= in the wiki isn=27t enough=2E Thanks=2C Oved ----- Original Message ----- From=3A =22Jorick Astrego=22 =26lt=3Bj=2Eastrego=40 netbulae=2Eeu =26gt=3B= To=3A users=40 ovirt=2Eorg Sent=3A Thursday=2C January 22=2C 2015 2=3A48=3A34 PM Subject=3A =5Bovirt-users=5D roles for foreman integration user Hi=2C Quick question=2C which foreman roles does the foreman integration user require in the foreman=2E I=27ve tried a couple of permission settings but can only get the test to= work when the use has role admin=2E Met vriendelijke groet=2C With kind regards=2C Jorick Astrego Netbulae Virtualization Experts Tel=3A 053 20 30 270 info=40 netbulae=2Eeu Staalsteden 4-3A KvK 08198180 Fax=3A 053 20 30 271 =3Ca class=3D=22moz-txt-link-abbreviated=22 href=3D=22= http=3A//www=2Enetbulae=2Eeu=22=3Ewww=2Enetbulae=2Eeu=3C/a=3E 7547 TA Ensch= ede BTW NL821234584B01 =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F Users mailing list Users=40 ovirt=2Eorg =3Ca class=3D=22moz-txt-link-freetext=22 href=3D=22htt= p=3A//lists=2Eovirt=2Eorg/mailman/listinfo/users=22=3Ehttp=3A//lists=2Eovir= t=2Eorg/mailman/listinfo/users=3C/a=3E Met vriendelijke groet=2C With kind regards=2C Jorick Astrego Netbulae Virtualization Experts Tel=3A 053 20 30 270 =3Ca class=3D=22moz-txt-link-abbreviated=22 href=3D=22= mailto=3Ainfo=40netbulae=2Eeu=22=3Einfo=40netbulae=2Eeu=3C/a=3E Staalsteden= 4-3A =09KvK 08198180 =09Fax=3A 053 20 30 271 =3Ca class=3D=22moz-txt-link-abbreviated=22 href=3D= =22http=3A//www=2Enetbulae=2Eeu=22=3Ewww=2Enetbulae=2Eeu=3C/a=3E 7547 TA En= schede =09BTW NL821234584B01 =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F Users mailing list =3Ca class=3D=22moz-txt-link-abbreviated=22 href=3D=22ma= ilto=3AUsers=40ovirt=2Eorg=22=3EUsers=40ovirt=2Eorg=3C/a=3E =3Ca class=3D=22moz-txt-link-freetext=22 href=3D=22http=3A//lists=2Eovirt= =2Eorg/mailman/listinfo/users=22=3Ehttp=3A//lists=2Eovirt=2Eorg/mailman/lis= tinfo/users=3C/a=3E Met vriendelijke groet=2C With kind regards=2C Jorick Astrego Netbulae Virtualization Experts Tel=3A 053 20 30 270 =09=3Ca class=3D=22moz-txt-link-abbreviated=22 href=3D= =22mailto=3Ainfo=40netbulae=2Eeu=22=3Einfo=40netbulae=2Eeu=3C/a=3E =09Staal= steden 4-3A =09KvK 08198180 =09Fax=3A 053 20 30 271 =09=3Ca class=3D=22moz-txt-link-abbreviated=22 href= =3D=22http=3A//www=2Enetbulae=2Eeu=22=3Ewww=2Enetbulae=2Eeu=3C/a=3E =097547= TA Enschede =09BTW NL821234584B01 =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F Users mailing list =3Ca class=3D=22moz-txt-link-abbreviated=22 href=3D=22mailto=3AUsers=40ovir= t=2Eorg=22=3EUsers=40ovirt=2Eorg=3C/a=3E =3Ca class=3D=22moz-txt-link-freetext=22 href=3D=22http=3A//lists=2Eovirt= =2Eorg/mailman/listinfo/users=22=3Ehttp=3A//lists=2Eovirt=2Eorg/mailman/lis= tinfo/users=3C/a=3E =3C/pre=3E =3C/blockquote=3E =3C/blockquote=3E =3Cbr=3E =20= =3CBR /=3E =3CBR /=3E =3Cb style=3D=22color=3A=23604c78=22=3E=3C/b=3E=3Cbr=3E=3Cspan style=3D=22c= olor=3A=23604c78=3B=22=3E=3Cfont color=3D=22000000=22=3E=3Cspan style=3D=22= mso-fareast-language=3Aen-gb=3B=22 lang=3D=22NL=22=3EMet vriendelijke groet= =2C With kind regards=2C=3Cbr=3E=3Cbr=3E=3C/span=3EJorick Astrego=3C/font= =3E=3C/span=3E=3Cb style=3D=22color=3A=23604c78=22=3E=3Cbr=3E=3Cbr=3ENetbul= ae Virtualization Experts =3C/b=3E=3Cbr=3E=3Chr style=3D=22border=3Anone=3B= border-top=3A1px solid =23ccc=3B=22=3E=3Ctable style=3D=22width=3A 522px=22= =3E=3Ctbody=3E=3Ctr=3E=3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px= =22=3ETel=3A 053 20 30 270=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bf= ont-size=3A 10px=22=3Einfo=40netbulae=2Eeu=3C/td=3E =3Ctd style=3D=22wid= th=3A 130px=3Bfont-size=3A 10px=22=3EStaalsteden 4-3A=3C/td=3E =3Ctd sty= le=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EKvK 08198180=3C/td=3E=3C/tr= =3E=3Ctr=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EFax= =3A 053 20 30 271=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size= =3A 10px=22=3Ewww=2Enetbulae=2Eeu=3C/td=3E =3Ctd style=3D=22width=3A 130= px=3Bfont-size=3A 10px=22=3E7547 TA Enschede=3C/td=3E =3Ctd style=3D=22w= idth=3A 130px=3Bfont-size=3A 10px=22=3EBTW NL821234584B01=3C/td=3E=3C/tr=3E= =3C/tbody=3E=3C/table=3E=3Cbr=3E=3Chr style=3D=22border=3Anone=3Bborder-top= =3A1px solid =23ccc=3B=22=3E=3CBR /=3E =3C/body=3E =3C/html=3E --------------050109010802010703060809--
participants (2)
-
Jorick Astrego -
Oved Ourfali