[ovirt-users] roles for foreman integration user

Oved Ourfali ovedo at redhat.com
Thu Jan 22 13:55:06 UTC 2015


are you able to login with these credentials to oVirt directly?

----- Original Message -----
> From: "Jorick Astrego" <j.astrego at netbulae.eu>
> To: "Oved Ourfali" <ovedo at redhat.com>
> Cc: "Ohad Levy" <ohadlevy at redhat.com>, users at ovirt.org
> Sent: Thursday, January 22, 2015 3:48:45 PM
> Subject: Re: [ovirt-users] roles for foreman integration user
> 
> Ah sorry, could have checked myself. Trying to get 3.5.1 running for DEV in a
> hurry ;-)
> 
> 
> 
> Processing by ComputeResourcesController#test_connection as */*
> Parameters: {"utf8"=>"✓",
> "authenticity_token"=>"D/PZVxVpow1glpUBkxcD90WsMJjAxilbdWgXClgf7C8=",
> "compute_resource"=>{"name"=>"engineen", "provider"=>"Ovirt",
> "description"=>"", "url"=> "https://ovirt-engine.netbulae.test/api" ,
> "user"=> "test-admin at netbulae.test" , "password"=>"[FILTERED]",
> "location_ids"=>["", "2"], "organization_ids"=>["", "1"]}, "cr_id"=>"null"}
> CR_ID IS null
> String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
> engineen was not decrypted
> String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
> engineen was not decrypted
> String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
> engineen was not decrypted
> String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
> engineen was not decrypted
> String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
> engineen was not decrypted
> String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
> engineen was not decrypted
> 
> And the other side:
> 
> 
> 
> 2015-01-22 13:59:20,034 INFO
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (org.ovirt.thread.pool-8-thread-8) [1414b745] Correlation ID: 1414b745, Call
> Stack: null, Custom Event ID: -1, Message: User/Group test- was granted
> permission for Role DataCenterAdmin on System by
> 2015-01-22 14:00:21,674 ERROR
> [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
> (ajp--127.0.0.1-8702-1) User test-admin authentication failed. profile is
> netbulae.mgmt. Invocation Result code is 0. Authn result code is
> CREDENTIALS_EXPIRED
> 2015-01-22 14:00:21,763 ERROR
> [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
> (ajp--127.0.0.1-8702-6) User test-admin authentication failed. profile is
> netbulae.mgmt. Invocation Result code is 0. Authn result code is
> CREDENTIALS_EXPIRED
> 2015-01-22 14:00:21,849 ERROR
> [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
> (ajp--127.0.0.1-8702-5) User test-admin authentication failed. profile is
> netbulae.mgmt. Invocation Result code is 0. Authn result code is
> CREDENTIALS_EXPIRED
> 2015-01-22 14:09:39,982 ERROR
> [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
> (ajp--127.0.0.1-8702-1) User test-admin authentication failed. profile is
> netbulae.mgmt. Invocation Result code is 0. Authn result code is
> CREDENTIALS_EXPIRED
> 2015-01-22 14:09:40,071 ERROR
> [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
> (ajp--127.0.0.1-8702-8) User test-adminauthentication failed. profile is
> netbulae.mgmt. Invocation Result code is 0. Authn result code is
> CREDENTIALS_EXPIRED
> 2015-01-22 14:09:40,203 ERROR
> [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
> (ajp--127.0.0.1-8702-2) User test-admin authentication failed. profile is
> netbulae.mgmt. Invocation Result code is 0. Authn result code is
> CREDENTIALS_EXPIRED
> Cheers, Jorick
> 
> 
> On 01/22/2015 02:29 PM, Oved Ourfali wrote:
> 
> 
> 
> You need to share the logs on both ends (ovirt+foreman) for us to understand
> it.
> 
> Thanks,
> Oved
> 
> ----- Original Message -----
> 
> 
> 
> From: "Jorick Astrego" <j.astrego at netbulae.eu> To: "Oved Ourfali"
> <ovedo at redhat.com> Cc: users at ovirt.org Sent: Thursday, January 22, 2015
> 3:25:51 PM
> Subject: Re: [ovirt-users] roles for foreman integration user
> 
> I will check, but I now also have the problem in reverse. The compute
> resource in foreman 1.6 will only work with admin at internal. Gave the
> external user the superuser role to test but still permission denied.
> 
> I also cannot login to the api with this user manually, do I have to
> configure external authentication for api access somewhere else?
> 
> Thanks for all the help!
> 
> Jorick
> 
> On 01/22/2015 01:58 PM, Oved Ourfali wrote:
> 
> 
> 
> Have a look at the prerequisites section in
> http://www.ovirt.org/Features/ForemanIntegration#Bare-Metal_Provisioning It
> specifies what you must be able to do in Foreman for the integration to
> work.
> (currently we require proper permissions to view relevant bare-metal hosts,
> host groups, compute resources and execute provision request - which is a
> request to add a host).
> 
> It is not the complete set of specific roles in Foreman, but it can help do
> the mapping.
> 
> CC-ing also Ohad from the Foreman team, which can help if the information
> in the wiki isn't enough.
> 
> Thanks,
> Oved
> 
> ----- Original Message -----
> 
> 
> 
> From: "Jorick Astrego" <j.astrego@ netbulae.eu >
> To: users@ ovirt.org
> Sent: Thursday, January 22, 2015 2:48:34 PM
> Subject: [ovirt-users] roles for foreman integration user
> 
> Hi,
> 
> Quick question, which foreman roles does the foreman integration user
> require in the foreman.
> 
> I've tried a couple of permission settings but can only get the test to
> work when the use has role admin.
> 
> 
> 
> 
> 
> Met vriendelijke groet, With kind regards,
> 
> Jorick Astrego
> 
> Netbulae Virtualization Experts
> 
> Tel: 053 20 30 270 info@ netbulae.eu Staalsteden 4-3A KvK 08198180
> Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
> 
> 
> 
> _______________________________________________
> Users mailing list
> Users@ ovirt.org http://lists.ovirt.org/mailman/listinfo/users
> Met vriendelijke groet, With kind regards,
> 
> Jorick Astrego
> 
> Netbulae Virtualization Experts
> 
> Tel: 053 20 30 270 info at netbulae.eu Staalsteden 4-3A 	KvK 08198180
> 	Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede 	BTW NL821234584B01
> 
> 
> 
> _______________________________________________
> Users mailing list Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
> 
> 
> 
> Met vriendelijke groet, With kind regards,
> 
> Jorick Astrego
> 
> Netbulae Virtualization Experts
> 
> Tel: 053 20 30 270 	info at netbulae.eu 	Staalsteden 4-3A 	KvK 08198180
> 	Fax: 053 20 30 271 	www.netbulae.eu 	7547 TA Enschede 	BTW NL821234584B01
> 
> 
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 



More information about the Users mailing list