[ovirt-users] Adding domain to oVirt to 3.5 issue

Alon Bar-Lev alonbl at redhat.com
Fri Dec 5 13:01:34 UTC 2014


Hi!

I tested the configuration and it worked properly.

----- Original Message -----
> From: "Juan Jose" <jj197005 at gmail.com>
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: "Ondra Machacek" <omachace at redhat.com>, "Yair Zaslavsky" <yzaslavs at redhat.com>, users at ovirt.org
> Sent: Friday, December 5, 2014 1:10:06 PM
> Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
> 
> Hello Alon,
> 
> I have deleted Legacy domain with engine-manage-domain, and I have changed
> configuration to absolute file name as you can see:
> 
> /etc/ovirt-engine/extensions.d/siee-local-authn.properties:
> 
> ovirt.engine.extension.name = siee-local-authn
> ovirt.engine.extension.bindings.method = jbossmodule
> ovirt.engine.extension.binding.jbossmodule.module =
> org.ovirt.engine-extensions.aaa.ldap
> ovirt.engine.extension.binding.jbossmodule.class =
> org.ovirt.engineextensions.aaa.ldap.AuthnExtension
> ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
> ovirt.engine.aaa.authn.profile.name = siee
> ovirt.engine.aaa.authn.authz.plugin = siee-local-authz
> config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties

Please move this file to /etc/ovirt-engine/aaa/siee.properties, it should not reside within the extensions.d

> 
> /etc/ovirt-engine/extensions.d/siee-local-authz.properties:
> 
> ovirt.engine.extension.name = siee-local-authz
> ovirt.engine.extension.bindings.method = jbossmodule
> ovirt.engine.extension.binding.jbossmodule.module =
> org.ovirt.engine-extensions.aaa.ldap
> ovirt.engine.extension.binding.jbossmodule.class =
> org.ovirt.engineextensions.aaa.ldap.AuthzExtension
> ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
> config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties

Same.

> 
> I had configured relative file name because the example
> /usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/extensions.d/domain1-authz.properties
> has a relative file name.

Yes, as I wrote, this relative is coming int 3.5.1.

> I have done the same: delete engine.log, restart ovirt-engine and try log
> in and the same error is showed, "General command validation failure."

Please first refer the startup errors, there is no much sense to try login if startup fails... :)

In your case:

2014-12-05 11:25:05,575 ERROR [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread 1-2) [ovirt-engine-extension-aaa-ldap.authz::siee-local-authz] Cannot initialize LDAP framework, deferring initialization. Error: null

Which is as if something missing.

I took your configuration as-is and it does work, in the exception of moving /etc/ovirt-engine/extensions.d/aaa to /etc/ovirt-engine/aaa as it should be, please perform this change and modify the file locations within extension properties file.

I need to figure out what is happening, so from README[1], please follow the following instructions and restart engine so we get more verbose logs.

Update:
  /usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.xml.in

Make sure handle level name is ALL for ENGINE, if not set like I am unsure if in 3.5.0 this was the case:
---
      <file-handler name="ENGINE" autoflush="true">
        <level name="ALL"/>
---

Add the following before the <root-logger> line:
---
      <logger category="org.ovirt.engineextensions.aaa.ldap">
        <level name="ALL"/>
      </logger>
---

Restart the engine and send the engine.log, this way I can see what happening during initialization.

Thanks for checking it out, hopefully something trivial is missing,
Alon

[1] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l230



More information about the Users mailing list