[ovirt-devel] oVirt desktopLogin using ovirtsdk for python

Pavel Zelensky pzelensky at gmail.com
Fri Dec 19 04:14:06 UTC 2014


Hi Guys

Any news on it?

--
Pavel

> On 16 Dec 2014, at 17:05, Juan Hernández <jhernand at redhat.com> wrote:
> 
>> On 12/16/2014 11:01 AM, Pavel Zelensky wrote:
>> Hi
>> 
>> What version of the engine are you using exactly? And what is your
>> authentication configuration?
>> 
>> [root at ovirt ~]# rpm -qa|grep ovirt-eng
>> ovirt-engine-3.5.0.1-1.el6.noarch
>> 
>> # engine-manage-domains list
>> Domain: ov.jetlab.local
>>    User name: pzelensky at OV.JETLAB.LOCAL
>> Manage Domains completed successfully
>> 
>> # cat engine-manage-domains.conf
>> jaasFile=/usr/share/ovirt-engine/conf/jaas.conf
>> krb5confFile=/etc/ovirt-engine/krb5.conf
>> engineConfigExecutable=/usr/share/ovirt-engine/bin/engine-config.sh
>> localHostEntry=localhost
>> useDnsLookup=true
>> [root at ovirt engine-manage-domains]# cat /etc/ovirt-engine/krb5.conf
>> 
>> [libdefaults]
>> 
>> default_realm = OV.JETLAB.LOCAL
>> dns_lookup_realm = true
>> dns_lookup_kdc = true
>> ticket_lifetime = 10h
>> renew_lifetime = 7d
>> forwardable = no
>> default_tkt_enctypes = arcfour-hmac-md5
>> udp_preference_limit = 1
>> 
>> #realms
>> 
>> And also SDK version: ovirt_engine_sdk_python-3.5.0.8-py2.7
>> So oVirt authenticates users using connection to MS AD which is based on
>> Windows 2012R2
>> 
>> --
>> Pavel
>> 
> 
> I reproduced this in my environment. Apparently the password is lost
> somewhere in the authentication process. Yair, can you please take a look?
> 
>> 
>> 
>> 
>> On Tue, Dec 16, 2014 at 12:04 PM, Juan Hernández <jhernand at redhat.com
>> <mailto:jhernand at redhat.com>> wrote:
>> 
>>>    On 12/15/2014 08:37 PM, Pavel Zelensky wrote:
>>> Hi
>>> 
>>> I think it's not good idea, but I've done it:
>>> 
>>> 2014-12-15 22:21:37,485 INFO  [org.ovirt.engine.core.bll.VmLogonCommand]
>>> (ajp--127.0.0.1-8702-6) [None] Running command: VmLogonCommand internal:
>>> false. Entities affected :  ID: 202ca21f-5167-4107-b1dd-2a7a5d64b32a
>>> Type: VMAction group CONNECT_TO_VM with role type USER
>>> 2014-12-15 22:21:37,495 INFO
>>> [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand]
>>> (ajp--127.0.0.1-8702-6) [None] START, VmLogonVDSCommand(HostName =
>>> ceph2, HostId = c7a7c873-b68a-44f8-bebf-37ca3aa1caa8,
>>> vmId=202ca21f-5167-4107-b1dd-2a7a5d64b32a, domain=internal,
>>> password=null, userName=admin), log id: 776ac4b1
>>> 2014-12-15 22:21:37,514 INFO
>>> [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand]
>>> (ajp--127.0.0.1-8702-6) [None] FINISH, VmLogonVDSCommand, log id: 776ac4b1
>>> 2014-12-15 22:21:41,155 INFO
>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>>> (DefaultQuartzScheduler_Worker-47) Correlation ID: null, Call Stack:
>>> null, Custom Event ID: -1, Message: User admin is connected to VM w7ent-01.
>>> 
>>> Looks pretty the same, also trying to login as admin at internal into Win7
>>> workstation assigned to MS domain shouldn't work.
>>> 
>> 
>>    I just wanted to check if with admin at internal you still get
>>    password=null (they use different authentication mechanisms).
>> 
>>> BTW, when I'm connecting to the same VM using the same domain user
>>> account through user portal - everything is Ok, and SSO works pretty
>>> good. In that case in logfile I'm getting this (password=[asterisks]):
>>> 2014-12-14 22:45:21,010 INFO
>>> [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand]
>>> (ajp--127.0.0.1-8702-4) [6f5a076f] START, VmLogonVDSCommand(HostName =
>>> ceph2, HostId = c7a7c873-b68a-44f8-bebf-37ca3aa1caa8,
>>> vmId=202ca21f-5167-4107-b1dd-2a7a5d64b32a, domain=ov.jetlab.local,
>>> password=******, userName=test4), log id: 7cc2d16a
>>> 
>>> that's why I think that problem is in python sdk. It uses JSESSIONID and
>>> not sending password every time it executing command through REST API.
>>> May be with api.vm.logon() method It should send password again? But how
>>> I can do it?
>>> 
>>> Pavel
>>> 
>> 
>>    No, you shouldn't (and can't) sent the password again. This isn't a
>>    problem in the Python SDK, but in the backend or the RESTAPI.
>> 
>> 
>>> 
>>> On Mon, Dec 15, 2014 at 8:41 PM, Juan Hernández <jhernand at redhat.com <mailto:jhernand at redhat.com>
>>> <mailto:jhernand at redhat.com <mailto:jhernand at redhat.com>>> wrote:
>>> 
>>>>    On 12/15/2014 05:57 PM, Pavel Zelensky wrote:
>>>> 
>>>> Hi guys,
>>>> 
>>>> I'm expiriencing some problems trying to invoke
>>    api.vm.logon() method
>>>> which I believe will call for desktopLogin on the VM and
>>    provide vm
>>>> console with user logged in for remote-viewer.
>>>> 
>>>> But it results in the following records in logfile:
>>>> 2014-12-12 16:07:01,314 INFO
>>>    [org.ovirt.engine.core.bll.VmLogonCommand]
>>>> (ajp--127.0.0.1-8702-3) [7cfe61d3] Running command:
>>    VmLogonCommand
>>>> internal: false. Entities affected :  ID:
>>>> a7c151a4-2d63-4172-a840-190748a3dbc1 Type: VMAction group
>>>    CONNECT_TO_VM
>>>> with role type USER
>>>> 2014-12-12 16:07:01,320 INFO
>>>> [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand]
>>>> (ajp--127.0.0.1-8702-3) [7cfe61d3] START,
>>    VmLogonVDSCommand(HostName =
>>>> ceph4, HostId = bbaad505-34a3-4a52-ab52-0446724cae30,
>>>> vmId=a7c151a4-2d63-4172-a840-190748a3dbc1,
>>    domain=ov.jetlab.local,
>>>> password=null, userName=test4), log id: 5d458d88
>>>> 2014-12-12 16:07:01,536 INFO
>>>> [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand]
>>>> (ajp--127.0.0.1-8702-3) [7cfe61d3] FINISH,
>>    VmLogonVDSCommand, log id:
>>>> 5d458d88
>>>> 
>>>> I think that problem is in second line: 'password=null'. Engine
>>>    doesn't
>>>> get user password thus desktopLogin fails. In remote-viewer I'm
>>>    getting
>>>> black screen instead of users's desktop.
>>>> 
>>>> Is there any solution for this?
>>>> 
>>> 
>>>    Looks like an authentication problem. Can you try the same with
>>>    admin at internal?
>>> 
>>>    --
>>>    Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3,
>>    planta
>>>    3ºD, 28016 Madrid, Spain
>>>    Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 -
>>    Red Hat
>>>    S.L.
>>> 
>>> 
>>> 
>>> --
>>> Pavel
>> 
>> 
>>    --
>>    Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
>>    3ºD, 28016 Madrid, Spain
>>    Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat
>>    S.L.
>> 
>> 
>> 
>> -- 
>> ПЗ
> 
> 
> -- 
> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
> 3ºD, 28016 Madrid, Spain
> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.



More information about the Devel mailing list