[ovirt-users] roles for foreman integration user

Jorick Astrego j.astrego at netbulae.eu
Thu Jan 22 14:38:22 UTC 2015


Nope, I just reset the password twice in FreeIPA. Once with a random
password and next with a very simple password


    2015-01-22 15:31:09,344 INFO 
    [org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
    (ajp--127.0.0.1-8702-5) Cant login user "test-admin" with
    authentication profile "netbulae.test" because the authentication
    failed.
    2015-01-22 15:31:09,366 ERROR
    [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
    (ajp--127.0.0.1-8702-5) Correlation ID: null, Call Stack: null,
    Custom Event ID: -1, Message: User test-admin at netbulae.test failed
    to log in.
    2015-01-22 15:31:09,367 WARN 
    [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand]
    (ajp--127.0.0.1-8702-5) CanDoAction of action LoginAdminUser failed
    for user  test-admin at netbulae.test. Reasons: USER_PASSWORD_EXPIRED

On the ipa side, I don't see any authentication attempts in de logs.
ldapsearch with the same account and password on the ipa works fine.


On 01/22/2015 02:55 PM, Oved Ourfali wrote:
> are you able to login with these credentials to oVirt directly?
>
> ----- Original Message -----
>> From: "Jorick Astrego" <j.astrego at netbulae.eu>
>> To: "Oved Ourfali" <ovedo at redhat.com>
>> Cc: "Ohad Levy" <ohadlevy at redhat.com>, users at ovirt.org
>> Sent: Thursday, January 22, 2015 3:48:45 PM
>> Subject: Re: [ovirt-users] roles for foreman integration user
>>
>> Ah sorry, could have checked myself. Trying to get 3.5.1 running for DEV in a
>> hurry ;-)
>>
>>
>>
>> Processing by ComputeResourcesController#test_connection as */*
>> Parameters: {"utf8"=>"✓",
>> "authenticity_token"=>"D/PZVxVpow1glpUBkxcD90WsMJjAxilbdWgXClgf7C8=",
>> "compute_resource"=>{"name"=>"engineen", "provider"=>"Ovirt",
>> "description"=>"", "url"=> "https://ovirt-engine.netbulae.test/api" ,
>> "user"=> "test-admin at netbulae.test" , "password"=>"[FILTERED]",
>> "location_ids"=>["", "2"], "organization_ids"=>["", "1"]}, "cr_id"=>"null"}
>> CR_ID IS null
>> String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
>> engineen was not decrypted
>> String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
>> engineen was not decrypted
>> String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
>> engineen was not decrypted
>> String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
>> engineen was not decrypted
>> String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
>> engineen was not decrypted
>> String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
>> engineen was not decrypted
>>
>> And the other side:
>>
>>
>>
>> 2015-01-22 13:59:20,034 INFO
>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>> (org.ovirt.thread.pool-8-thread-8) [1414b745] Correlation ID: 1414b745, Call
>> Stack: null, Custom Event ID: -1, Message: User/Group test- was granted
>> permission for Role DataCenterAdmin on System by
>> 2015-01-22 14:00:21,674 ERROR
>> [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
>> (ajp--127.0.0.1-8702-1) User test-admin authentication failed. profile is
>> netbulae.mgmt. Invocation Result code is 0. Authn result code is
>> CREDENTIALS_EXPIRED
>> 2015-01-22 14:00:21,763 ERROR
>> [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
>> (ajp--127.0.0.1-8702-6) User test-admin authentication failed. profile is
>> netbulae.mgmt. Invocation Result code is 0. Authn result code is
>> CREDENTIALS_EXPIRED
>> 2015-01-22 14:00:21,849 ERROR
>> [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
>> (ajp--127.0.0.1-8702-5) User test-admin authentication failed. profile is
>> netbulae.mgmt. Invocation Result code is 0. Authn result code is
>> CREDENTIALS_EXPIRED
>> 2015-01-22 14:09:39,982 ERROR
>> [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
>> (ajp--127.0.0.1-8702-1) User test-admin authentication failed. profile is
>> netbulae.mgmt. Invocation Result code is 0. Authn result code is
>> CREDENTIALS_EXPIRED
>> 2015-01-22 14:09:40,071 ERROR
>> [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
>> (ajp--127.0.0.1-8702-8) User test-adminauthentication failed. profile is
>> netbulae.mgmt. Invocation Result code is 0. Authn result code is
>> CREDENTIALS_EXPIRED
>> 2015-01-22 14:09:40,203 ERROR
>> [org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
>> (ajp--127.0.0.1-8702-2) User test-admin authentication failed. profile is
>> netbulae.mgmt. Invocation Result code is 0. Authn result code is
>> CREDENTIALS_EXPIRED
>> Cheers, Jorick
>>
>>
>> On 01/22/2015 02:29 PM, Oved Ourfali wrote:
>>
>>
>>
>> You need to share the logs on both ends (ovirt+foreman) for us to understand
>> it.
>>
>> Thanks,
>> Oved
>>
>> ----- Original Message -----
>>
>>
>>
>> From: "Jorick Astrego" <j.astrego at netbulae.eu> To: "Oved Ourfali"
>> <ovedo at redhat.com> Cc: users at ovirt.org Sent: Thursday, January 22, 2015
>> 3:25:51 PM
>> Subject: Re: [ovirt-users] roles for foreman integration user
>>
>> I will check, but I now also have the problem in reverse. The compute
>> resource in foreman 1.6 will only work with admin at internal. Gave the
>> external user the superuser role to test but still permission denied.
>>
>> I also cannot login to the api with this user manually, do I have to
>> configure external authentication for api access somewhere else?
>>
>> Thanks for all the help!
>>
>> Jorick
>>
>> On 01/22/2015 01:58 PM, Oved Ourfali wrote:
>>
>>
>>
>> Have a look at the prerequisites section in
>> http://www.ovirt.org/Features/ForemanIntegration#Bare-Metal_Provisioning It
>> specifies what you must be able to do in Foreman for the integration to
>> work.
>> (currently we require proper permissions to view relevant bare-metal hosts,
>> host groups, compute resources and execute provision request - which is a
>> request to add a host).
>>
>> It is not the complete set of specific roles in Foreman, but it can help do
>> the mapping.
>>
>> CC-ing also Ohad from the Foreman team, which can help if the information
>> in the wiki isn't enough.
>>
>> Thanks,
>> Oved
>>
>> ----- Original Message -----
>>
>>
>>
>> From: "Jorick Astrego" <j.astrego@ netbulae.eu >
>> To: users@ ovirt.org
>> Sent: Thursday, January 22, 2015 2:48:34 PM
>> Subject: [ovirt-users] roles for foreman integration user
>>
>> Hi,
>>
>> Quick question, which foreman roles does the foreman integration user
>> require in the foreman.
>>
>> I've tried a couple of permission settings but can only get the test to
>> work when the use has role admin.
>>
>>
>>
>>
>>
>> Met vriendelijke groet, With kind regards,
>>
>> Jorick Astrego
>>
>> Netbulae Virtualization Experts
>>
>> Tel: 053 20 30 270 info@ netbulae.eu Staalsteden 4-3A KvK 08198180
>> Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users@ ovirt.org http://lists.ovirt.org/mailman/listinfo/users
>> Met vriendelijke groet, With kind regards,
>>
>> Jorick Astrego
>>
>> Netbulae Virtualization Experts
>>
>> Tel: 053 20 30 270 info at netbulae.eu Staalsteden 4-3A 	KvK 08198180
>> 	Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede 	BTW NL821234584B01
>>
>>
>>
>> _______________________________________________
>> Users mailing list Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>>
>>
>> Met vriendelijke groet, With kind regards,
>>
>> Jorick Astrego
>>
>> Netbulae Virtualization Experts
>>
>> Tel: 053 20 30 270 	info at netbulae.eu 	Staalsteden 4-3A 	KvK 08198180
>> 	Fax: 053 20 30 271 	www.netbulae.eu 	7547 TA Enschede 	BTW NL821234584B01
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>




Met vriendelijke groet, With kind regards,

Jorick Astrego

Netbulae Virtualization Experts 

----------------

	Tel: 053 20 30 270 	info at netbulae.eu 	Staalsteden 4-3A 	KvK 08198180
 	Fax: 053 20 30 271 	www.netbulae.eu 	7547 TA Enschede 	BTW NL821234584B01

----------------

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20150122/53917a80/attachment-0001.html>


More information about the Users mailing list