[ovirt-users] roles for foreman integration user

Jorick Astrego j.astrego at netbulae.eu
Thu Jan 22 13:48:45 UTC 2015


Ah sorry, could have checked myself. Trying to get 3.5.1 running for DEV
in a hurry ;-)

    Processing by ComputeResourcesController#test_connection as */*
      Parameters: {"utf8"=>"✓",
    "authenticity_token"=>"D/PZVxVpow1glpUBkxcD90WsMJjAxilbdWgXClgf7C8=", "compute_resource"=>{"name"=>"engineen",
    "provider"=>"Ovirt", "description"=>"",
    "url"=>"https://ovirt-engine.netbulae.test/api",
    "user"=>"test-admin at netbulae.test", "password"=>"[FILTERED]",
    "location_ids"=>["", "2"], "organization_ids"=>["", "1"]},
    "cr_id"=>"null"}
    CR_ID IS null
    String does not start with the prefix 'encrypted-', so
    Foreman::Model::Ovirt engineen was not decrypted
    String does not start with the prefix 'encrypted-', so
    Foreman::Model::Ovirt engineen was not decrypted
    String does not start with the prefix 'encrypted-', so
    Foreman::Model::Ovirt engineen was not decrypted
    String does not start with the prefix 'encrypted-', so
    Foreman::Model::Ovirt engineen was not decrypted
    String does not start with the prefix 'encrypted-', so
    Foreman::Model::Ovirt engineen was not decrypted
    String does not start with the prefix 'encrypted-', so
    Foreman::Model::Ovirt engineen was not decrypted

And the other side:

    2015-01-22 13:59:20,034 INFO 
    [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
    (org.ovirt.thread.pool-8-thread-8) [1414b745] Correlation ID:
    1414b745, Call Stack: null, Custom Event ID: -1, Message: User/Group
    test- was granted permission for Role DataCenterAdmin on System by
    2015-01-22 14:00:21,674 ERROR
    [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
    (ajp--127.0.0.1-8702-1) User test-admin authentication failed.
    profile is netbulae.mgmt. Invocation Result code is 0. Authn result
    code is CREDENTIALS_EXPIRED
    2015-01-22 14:00:21,763 ERROR
    [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
    (ajp--127.0.0.1-8702-6) User test-admin authentication failed.
    profile is netbulae.mgmt. Invocation Result code is 0. Authn result
    code is CREDENTIALS_EXPIRED
    2015-01-22 14:00:21,849 ERROR
    [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
    (ajp--127.0.0.1-8702-5) User test-admin authentication failed.
    profile is netbulae.mgmt. Invocation Result code is 0. Authn result
    code is CREDENTIALS_EXPIRED
    2015-01-22 14:09:39,982 ERROR
    [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
    (ajp--127.0.0.1-8702-1) User test-admin authentication failed.
    profile is netbulae.mgmt. Invocation Result code is 0. Authn result
    code is CREDENTIALS_EXPIRED
    2015-01-22 14:09:40,071 ERROR
    [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
    (ajp--127.0.0.1-8702-8) User test-adminauthentication failed.
    profile is netbulae.mgmt. Invocation Result code is 0. Authn result
    code is CREDENTIALS_EXPIRED
    2015-01-22 14:09:40,203 ERROR
    [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
    (ajp--127.0.0.1-8702-2) User test-admin authentication failed.
    profile is netbulae.mgmt. Invocation Result code is 0. Authn result
    code is CREDENTIALS_EXPIRED


Cheers, Jorick


On 01/22/2015 02:29 PM, Oved Ourfali wrote:
> You need to share the logs on both ends (ovirt+foreman) for us to understand it.
>
> Thanks,
> Oved
>
> ----- Original Message -----
>> From: "Jorick Astrego" <j.astrego at netbulae.eu>
>> To: "Oved Ourfali" <ovedo at redhat.com>
>> Cc: users at ovirt.org
>> Sent: Thursday, January 22, 2015 3:25:51 PM
>> Subject: Re: [ovirt-users] roles for foreman integration user
>>
>> I will check, but I now also have the problem in reverse. The compute
>> resource in foreman 1.6 will only work with admin at internal. Gave the
>> external user the superuser role to test but still permission denied.
>>
>> I also cannot login to the api with this user manually, do I have to
>> configure external authentication for api access somewhere else?
>>
>> Thanks for all the help!
>>
>> Jorick
>>
>> On 01/22/2015 01:58 PM, Oved Ourfali wrote:
>>> Have a look at the prerequisites section in
>>> http://www.ovirt.org/Features/ForemanIntegration#Bare-Metal_Provisioning
>>> It specifies what you must be able to do in Foreman for the integration to
>>> work.
>>> (currently we require proper permissions to view relevant bare-metal hosts,
>>> host groups, compute resources and execute provision request - which is a
>>> request to add a host).
>>>
>>> It is not the complete set of specific roles in Foreman, but it can help do
>>> the mapping.
>>>
>>> CC-ing also Ohad from the Foreman team, which can help if the information
>>> in the wiki isn't enough.
>>>
>>> Thanks,
>>> Oved
>>>
>>> ----- Original Message -----
>>>> From: "Jorick Astrego" <j.astrego@ netbulae.eu >
>>>> To: users@ ovirt.org
>>>> Sent: Thursday, January 22, 2015 2:48:34 PM
>>>> Subject: [ovirt-users] roles for foreman integration user
>>>>
>>>> Hi,
>>>>
>>>> Quick question, which foreman roles does the foreman integration user
>>>> require in the foreman.
>>>>
>>>> I've tried a couple of permission settings but can only get the test to
>>>> work when the use has role admin.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Met vriendelijke groet, With kind regards,
>>>>
>>>> Jorick Astrego
>>>>
>>>> Netbulae Virtualization Experts
>>>>
>>>> Tel: 053 20 30 270 info@ netbulae.eu Staalsteden 4-3A KvK 08198180
>>>> Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users@ ovirt.org
>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>
>>
>>
>>
>> Met vriendelijke groet, With kind regards,
>>
>> Jorick Astrego
>>
>> Netbulae Virtualization Experts
>>
>> Tel: 053 20 30 270 	info at netbulae.eu 	Staalsteden 4-3A 	KvK 08198180
>> 	Fax: 053 20 30 271 	www.netbulae.eu 	7547 TA Enschede 	BTW NL821234584B01
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>




Met vriendelijke groet, With kind regards,

Jorick Astrego

Netbulae Virtualization Experts 

----------------

	Tel: 053 20 30 270 	info at netbulae.eu 	Staalsteden 4-3A 	KvK 08198180
 	Fax: 053 20 30 271 	www.netbulae.eu 	7547 TA Enschede 	BTW NL821234584B01

----------------

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20150122/58f76c97/attachment-0001.html>


More information about the Users mailing list