oVirt Metrics Store Installation - Error during SSO authentication

Hi, oVirt 4.3.5 changed certificate to one from an official CA configured active directory auth no kerberos / no ldapS as per: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/htm... ANSIBLE_JINJA2_EXTENSIONS="jinja2.ext.do" ./configure_ovirt_machines_for_metrics.sh --playbook=ovirt-metrics-store-installation.yml --ask-vault-pass -vvvv During installation of the metrics store following error appears: TASK [oVirt.image-template : Login to oVirt] ********************************************************************************************************* task path: /usr/share/ansible/roles/ovirt.image-template/tasks/qcow2_image.yml:41 <localhost> ESTABLISH LOCAL CONNECTION FOR USER: root <localhost> EXEC /bin/sh -c 'echo ~root && sleep 0' <localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1571121133.7-63276692983944 `" && echo ansible-tmp-1571121133.7-63276692983944="` echo /root/.ansible/tmp/ansible-tmp-1571121133.7-63276692983944 `" ) && sleep 0' Using module file /usr/lib/python2.7/site-packages/ansible/modules/cloud/ovirt/ovirt_auth.py <localhost> PUT /root/.ansible/tmp/ansible-local-32046wbKds4/tmpyM5Ro2 TO /root/.ansible/tmp/ansible-tmp-1571121133.7-63276692983944/AnsiballZ_ovirt_auth.py <localhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1571121133.7-63276692983944/ /root/.ansible/tmp/ansible-tmp-1571121133.7-63276692983944/AnsiballZ_ovirt_auth.py && sleep 0' <localhost> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1571121133.7-63276692983944/AnsiballZ_ovirt_auth.py && sleep 0' <localhost> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1571121133.7-63276692983944/ > /dev/null 2>&1 && sleep 0' The full traceback is: Traceback (most recent call last): File "/tmp/ansible_ovirt_auth_payload_2cmBY9/__main__.py", line 276, in main token = connection.authenticate() File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 382, in authenticate self._sso_token = self._get_access_token() File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 628, in _get_access_token sso_error[1] AuthError: Error during SSO authentication access_denied : Cannot authenticate user 'xxx@xxxx.LOCAL': No valid profile found in credentials.. fatal: [localhost]: FAILED! => { "changed": false, "invocation": { "module_args": { "ca_file": "/etc/pki/ovirt-engine/apache-ca.pem", "compress": true, "headers": null, "hostname": "ovirt-poc.xxxx.at", "insecure": false, "kerberos": false, "ovirt_auth": null, "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "state": "present", "timeout": 0, "token": null, "url": "https://ovirt-poc.xxxx.at/ovirt-engine/api", "username": "xxx@xxx.LOCAL" } }, "msg": "Error during SSO authentication access_denied : Cannot authenticate user 'xxx@xxx.LOCAL': No valid profile found in credentials.." } TASK [oVirt.image-template : Remove downloaded image] ************************************************************************************************ task path: /usr/share/ansible/roles/ovirt.image-template/tasks/qcow2_image.yml:210 skipping: [localhost] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [oVirt.image-template : Remove vm] ************************************************************************************************************** task path: /usr/share/ansible/roles/ovirt.image-template/tasks/qcow2_image.yml:216 fatal: [localhost]: FAILED! => { "msg": "The conditional check 'ovirt_templates | length == 0' failed. The error was: error while evaluating conditional (ovirt_templates | length == 0): 'ovirt_templates' is undefined\n\nThe error appears to be in '/usr/share/ansible/roles/ovirt.image-template/tasks/qcow2_image.yml': line 216, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: Remove vm\n ^ here\n" } ############################################### Double-checked the credentials in "metrics-store-config.yml" and "secure_vars.yaml" and tried with admin@internal with same error. Any hints on this?

I also cannot authenticate e.g. with curl -u admin@internal:pass https://xxxx.at/ovirt-engine/api access_denied: Cannot authenticate user 'ADMIN@INTERNAL': No valid profile found in credentials. How can I specify the profile?

I updated to 4.3.6 and tried again with admin@internal - this time it works... But got into another trouble: our servers are only allowed to use internal repositories and gitlab. After deployment of the "ovirt-metrics-installer" VM that installer VM tries to load from external repositories. I manually connected to the vm and redirected the URL's of the repofiles to our internal repo - but of course the ansible installer scripts replace the repofiles and the installation script fails. Anybody else through this?

Hi, Where did you update the repos in the ovirt-metrics-installer" VM ? Did you add the additional repos to /etc/yum.repos.d/ ? You will also need to add the OpenShift repos to the second VM (master0 VM). Best, -- Shirly Radco BI Principal Software Engineer Red Hat <https://www.redhat.com/> <https://www.redhat.com/> On Tue, Oct 15, 2019 at 4:10 PM Markus Schaufler < markus.schaufler@digit-all.at> wrote:
I updated to 4.3.6 and tried again with admin@internal - this time it works...
But got into another trouble: our servers are only allowed to use internal repositories and gitlab. After deployment of the "ovirt-metrics-installer" VM that installer VM tries to load from external repositories. I manually connected to the vm and redirected the URL's of the repofiles to our internal repo - but of course the ansible installer scripts replace the repofiles and the installation script fails.
Anybody else through this? _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/ADQ6ZZSE3M337D...
participants (2)
-
Markus Schaufler
-
Shirly Radco