------=_Part_16589028_1483637646.1478507679601 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi,=20 ----- Le 4 Nov 16, =C3=A0 18:22, Greg Sheremeta <gshereme@redhat.com> a =C3= =A9crit :=20
Sorry for the delay. Did anyone help out on this yet? If not, I can look = now.
No problem. No evolution on this side, if you can take a look, it will be n= ice.=20 Thank you.=20
Greg
On Mon, Oct 24, 2016 at 8:52 AM, Martin Perina < mperina@redhat.com > wro= te:
Alex/Greg, could you please take a look?
Thanks
Martin
On Mon, Oct 24, 2016 at 2:02 PM, Baptiste Agasse < baptiste.agasse@lyra-network.com > wrote:
Hi,
----- Le 24 Oct 16, =C3=A0 11:25, Martin Perina < mperina@redhat.com > = a =C3=A9crit :
On Mon, Oct 24, 2016 at 11:18 AM, Baptiste Agasse < baptiste.agasse@lyra-network.com > wrote:
Hi Ondra,
----- Le 24 Oct 16, =C3=A0 10:36, Ondra Machacek omachace@redhat.com = a =C3=A9crit :
On 10/21/2016 12:00 PM, Baptiste Agasse wrote: > Hi all,
> We use ovirt 4.0.4 with FreeIPA as external provider. The external= provider was > configured via the 'ovirt-engine-extension-aaa-ldap-setup' command= . The > authentication works fine, but in the webui, when you go on the 'A= ctive User > Sessions', all users uuid is showed as '00000000-0000-0000-0000-00= 0000000000'. > Other problem, maybe related, when a user create a VM, by default = a permission > is created with the role of 'UserVmManager'. On the 'Permissions' = pane, we see > a line with no value for User, Authorization provider, Namespace. = The only > value set on this line is the role (UserVmManager in that case). W= hen we try to > remove this line, an exception occurs in the webui that prevent de= letion of > this line.
I've never see such issue with FreeIPA. Can you please share what's your IPA version?
Can you also please share the log of error which occurs, when you t= ry to remove the permission?
We have multiple ovirt envs, all ovirt version are the same as descri= bed, but FreeIPA servers are in different versions on these envs. We have one = env with FreeIPA on CentOS 6 (ipa-server-3.0.0-42.el6.centos.x86_64) and the o= ther on FreeIPA on CentOS 7 (ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64). = The both envs have the same problem. On our envs, the role mapping in oVirt is= done on user groups and not on individual users.
For the permission problem, the problem only occurs when the VM is cr= eated via the user webui. Creating VM with API or admin webui is OK. When we tr= y to remove the permission, an UI exception occurs and no logs on the engi= ne.log side. I've attached screenshots and ui.log.
=E2=80=8BUnfortunately by default UI code is obfuscated, so we cannot = find exact issue. Could you please perform following steps and send us new ui.log?
1. Install UI debug packages yum install ovirt-engine-webadmin-portal-debuginfo ovirt-engine-userportal-debuginfo=E2=80=8B
=E2=80=8B2. Restart ovirt-engine systemctl restart ovirt-engine
3. Reproduce the error and share up-to-date ui.log with use
If needed more info about UI logs can be found at http://www.ovirt.org/develop/developer-guide/engine/engine-debug-obfus= cated-ui/
I've reproduced the error, see attached engine.log at VM creation time = and the ui.log when trying to remove inconsistent permission.
Thanks.
Thanks
Martin Perina =E2=80=8B
> This behavior is verified on all our oVirt environments (oVirt 4.0= .4 + FreeIPA)
> Someone hit the same problem ?
> Have a nice day.
> Regards.
Regards.
-- Baptiste AGASSE
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Baptiste AGASSE
-- Greg Sheremeta, MBA Red Hat, Inc. Sr. Software Engineer gshereme@redhat.com
mperina@redhat.com</a>> a =C3=A9crit :<br></span></div><div><blockquote=
<br> > On 10/21/2016 12:00 PM, Baptiste Agasse wrote:<br> >> Hi a= ll,<br> >><br> >> We use ovirt 4.0.4 with FreeIPA as external p= rovider. The external provider was<br> >> configured via the 'ovirt-e= ngine-extension-aaa-ldap-setup' command. The<br> >> authentication wo= rks fine, but in the webui, when you go on the 'Active User<br> >> Se= ssions', all users uuid is showed as '00000000-0000-0000-0000-000000000000'= .<br> >> Other problem, maybe related, when a user create a VM, by de= fault a permission<br> >> is created with the role of 'UserVmManager'= . On the 'Permissions' pane, we see<br> >> a line with no value for U= ser, Authorization provider, Namespace. The only<br> >> value set on =
>> Regards.<br><br> Regards.<span class=3D"m_-9203100326600061929HO= EnZb"><span style=3D"color: #888888;" data-mce-style=3D"color: #888888;" co= lor=3D"#888888"><br><span class=3D"m_-9203100326600061929m_9032670009760378= 103gmail-HOEnZb"><span style=3D"color: #888888;" data-mce-style=3D"color: #= 888888;"><br> --<br> Baptiste AGASSE<br> </span></span><br>________________= _______________________________<br> Users mailing list<br><a href=3D"mailto= :Users@ovirt.org" target=3D"_blank" data-mce-href=3D"mailto:Users@ovirt.org= ">Users@ovirt.org</a><br><a href=3D"http://lists.ovirt.org/mailman/listinfo= /users" rel=3D"noreferrer" target=3D"_blank" data-mce-href=3D"http://lists.= ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/u= sers</a><br><br></span></span></blockquote></div></div></div><span class=3D= "m_-9203100326600061929HOEnZb"><span style=3D"color: #888888;" data-mce-sty= le=3D"color: #888888;" color=3D"#888888"><br></span></span></blockquote></d= iv><span class=3D"m_-9203100326600061929HOEnZb"><span class=3D"m_-920310032= 6600061929HOEnZb"><span style=3D"color: #888888;" data-mce-style=3D"color: = #888888;" color=3D"#888888"><br></span></span></span><div>-- <br></div><div= Baptiste AGASSE<br></div></div></div></blockquote></div><br></div></div></=
--=20 Baptiste AGASSE=20 Lyra Network France, Senior GNU/Linux engineer=20 109 Rue de l'innovation, 31670 Lab=C3=A8ge - France=20 Phone: (+33)5.67.22.31.87=20 Fax: (+33)5.67.22.31.61=20 E-mail: baptiste.agasse@lyra-network.com=20 Website: http://www.lyra-network.com=20 ------=_Part_16589028_1483637646.1478507679601 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><body><div style=3D"font-family: arial, helvetica, sans-serif; font-s= ize: 12pt; color: #000000"><div>Hi,<br></div><div><br></div><div><span id= =3D"zwchr" data-marker=3D"__DIVIDER__">----- Le 4 Nov 16, =C3=A0 18:22, Gre= g Sheremeta <gshereme@redhat.com> a =C3=A9crit :<br></span></div><div= data-marker=3D"__QUOTED_TEXT__"><blockquote style=3D"border-left: 2px soli= d #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: n= ormal; font-style: normal; text-decoration: none; font-family: Helvetica,Ar= ial,sans-serif; font-size: 12pt;" data-mce-style=3D"border-left: 2px solid = #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: nor= mal; font-style: normal; text-decoration: none; font-family: Helvetica,Aria= l,sans-serif; font-size: 12pt;"><div dir=3D"ltr">Sorry for the delay. Did a= nyone help out on this yet? If not, I can look now.</div></blockquote><div>= <br></div><div>No problem. No evolution on this side, if you can take a loo= k, it will be nice.<br data-mce-bogus=3D"1"></div><div><br data-mce-bogus= =3D"1"></div><div>Thank you.<br data-mce-bogus=3D"1"></div><div><br data-mc= e-bogus=3D"1"></div><blockquote style=3D"border-left: 2px solid #1010FF; ma= rgin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-s= tyle: normal; text-decoration: none; font-family: Helvetica,Arial,sans-seri= f; font-size: 12pt;" data-mce-style=3D"border-left: 2px solid #1010FF; marg= in-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-sty= le: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif;= font-size: 12pt;"><div dir=3D"ltr"><br><div>Greg</div><br></div><div class= =3D"gmail_extra"><br><div class=3D"gmail_quote">On Mon, Oct 24, 2016 at 8:5= 2 AM, Martin Perina <span dir=3D"ltr"><<a href=3D"mailto:mperina@redhat.= com" target=3D"_blank" data-mce-href=3D"mailto:mperina@redhat.com">mperina@= redhat.com</a>></span> wrote:<br><blockquote class=3D"gmail_quote" style= =3D"margin: 0 0 0 .8ex; border-left: 1px #ccc solid; padding-left: 1ex;" da= ta-mce-style=3D"margin: 0 0 0 .8ex; border-left: 1px #ccc solid; padding-le= ft: 1ex;"><div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-famil= y: arial,helvetica,sans-serif;" data-mce-style=3D"font-family: arial,helvet= ica,sans-serif;">Alex/Greg, could you please take a look?<br><br></div><div= class=3D"gmail_default" style=3D"font-family: arial,helvetica,sans-serif;"= data-mce-style=3D"font-family: arial,helvetica,sans-serif;">Thanks<span cl= ass=3D"HOEnZb"><span style=3D"color: #888888;" data-mce-style=3D"color: #88= 8888;" color=3D"#888888"><br><br></span></span></div><div class=3D"gmail_de= fault" style=3D"font-family: arial,helvetica,sans-serif;" data-mce-style=3D= "font-family: arial,helvetica,sans-serif;">Martin<br><br></div></div><div c= lass=3D"HOEnZb"><div class=3D"h5"><div class=3D"gmail_extra"><br><div class= =3D"gmail_quote">On Mon, Oct 24, 2016 at 2:02 PM, Baptiste Agasse <span dir= =3D"ltr"><<a href=3D"mailto:baptiste.agasse@lyra-network.com" target=3D"= _blank" data-mce-href=3D"mailto:baptiste.agasse@lyra-network.com">baptiste.= agasse@lyra-network.com</a>></span> wrote:<br><blockquote class=3D"gmail= _quote" style=3D"margin: 0 0 0 .8ex; border-left: 1px #ccc solid; padding-l= eft: 1ex;" data-mce-style=3D"margin: 0 0 0 .8ex; border-left: 1px #ccc soli= d; padding-left: 1ex;"><div><div style=3D"font-family: arial,helvetica,sans= -serif; font-size: 12pt; color: #000000;" data-mce-style=3D"font-family: ar= ial,helvetica,sans-serif; font-size: 12pt; color: #000000;"><div>Hi,<br></d= iv><br><div><span id=3D"m_-9203100326600061929m_9032670009760378103zwchr">-= ---- Le 24 Oct 16, =C3=A0 11:25, Martin Perina <<a href=3D"mailto:mperin= a@redhat.com" target=3D"_blank" data-mce-href=3D"mailto:mperina@redhat.com"= style=3D"border-left: 2px solid #1010ff; margin-left: 5px; padding-left: 5= px; color: #000; font-weight: normal; font-style: normal; text-decoration: = none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;" data-mce-s= tyle=3D"border-left: 2px solid #1010ff; margin-left: 5px; padding-left: 5px= ; color: #000; font-weight: normal; font-style: normal; text-decoration: no= ne; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><div dir=3D"= ltr"><div class=3D"gmail_default" style=3D"font-family: arial,helvetica,san= s-serif;" data-mce-style=3D"font-family: arial,helvetica,sans-serif;"><br><= /div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Mon, Oct = 24, 2016 at 11:18 AM, Baptiste Agasse <span dir=3D"ltr"><<a href=3D"mail= to:baptiste.agasse@lyra-network.com" target=3D"_blank" data-mce-href=3D"mai= lto:baptiste.agasse@lyra-network.com">baptiste.agasse@lyra-network.com</a>&= gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin: 0px= 0px 0px 0.8ex; border-left: 1px solid #cccccc; padding-left: 1ex;" data-mc= e-style=3D"margin: 0px 0px 0px 0.8ex; border-left: 1px solid #cccccc; paddi= ng-left: 1ex;">Hi Ondra,<br><br> ----- Le 24 Oct 16, =C3=A0 10:36, Ondra Ma= chacek <a href=3D"mailto:omachace@redhat.com" target=3D"_blank" data-mce-hr= ef=3D"mailto:omachace@redhat.com">omachace@redhat.com</a> a =C3=A9crit :<br= this line is the role (UserVmManager in that case). When we try to<br> >= > remove this line, an exception occurs in the webui that prevent deleti= on of<br> >> this line.<br> ><br> > I've never see such issue w= ith FreeIPA. Can you please share what's<br> > your IPA version?<br> >= ;<br> > Can you also please share the log of error which occurs, when yo= u try<br> > to remove the permission?<br><br> We have multiple ovirt env= s, all ovirt version are the same as described, but FreeIPA servers are in = different versions on these envs. We have one env with FreeIPA on CentOS 6 = (ipa-server-3.0.0-42.el6.centos.x86_64) and the other on FreeIPA on CentOS = 7 (ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64). The both envs have the s= ame problem. On our envs, the role mapping in oVirt is done on user groups = and not on individual users.<br><br> For the permission problem, the proble= m only occurs when the VM is created via the user webui. Creating VM with A= PI or admin webui is OK. When we try to remove the permission, an UI except= ion occurs and no logs on the engine.log side. I've attached screenshots an= d ui.log.<br></blockquote><div><br><div class=3D"gmail_default" style=3D"fo= nt-family: arial,helvetica,sans-serif; display: inline;" data-mce-style=3D"= font-family: arial,helvetica,sans-serif; display: inline;">=E2=80=8BUnfortu= nately by default UI code is obfuscated, so we cannot find exact issue. Cou= ld you please perform following steps and send us new ui.log?<br><br></div>= <div class=3D"gmail_default" style=3D"font-family: arial,helvetica,sans-ser= if; display: inline;" data-mce-style=3D"font-family: arial,helvetica,sans-s= erif; display: inline;">1. Install UI debug packages<br> = yum install ovirt-engine-webadmin-portal-debuginfo ovirt-engine-user= portal-debuginfo=E2=80=8B</div><br><br><div style=3D"font-family: arial,hel= vetica,sans-serif;" class=3D"gmail_default" data-mce-style=3D"font-family: = arial,helvetica,sans-serif;">=E2=80=8B2. Restart ovirt-engine<br></div><div= style=3D"font-family: arial,helvetica,sans-serif;" class=3D"gmail_default"= data-mce-style=3D"font-family: arial,helvetica,sans-serif;"> &n= bsp; systemctl restart ovirt-engine<br><br></div><div style=3D"= font-family: arial,helvetica,sans-serif;" class=3D"gmail_default" data-mce-= style=3D"font-family: arial,helvetica,sans-serif;">3. Reproduce the error a= nd share up-to-date ui.log with use<br><br></div><div style=3D"font-family:= arial,helvetica,sans-serif;" class=3D"gmail_default" data-mce-style=3D"fon= t-family: arial,helvetica,sans-serif;">If needed more info about UI logs ca= n be found at <a href=3D"http://www.ovirt.org/develop/developer-guide/engin= e/engine-debug-obfuscated-ui/" target=3D"_blank" data-mce-href=3D"http://ww= w.ovirt.org/develop/developer-guide/engine/engine-debug-obfuscated-ui/">htt= p://www.ovirt.org/develop/developer-guide/engine/engine-debug-obfuscated-ui= /</a><br data-mce-bogus=3D"1"></div></div></div></div></div></blockquote><b= r><div>I've reproduced the error, see attached engine.log at VM creation ti= me and the ui.log when trying to remove inconsistent permission.<br></div><= br><div>Thanks.<br></div><br><blockquote style=3D"border-left: 2px solid #1= 010ff; margin-left: 5px; padding-left: 5px; color: #000; font-weight: norma= l; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,= sans-serif; font-size: 12pt;" data-mce-style=3D"border-left: 2px solid #101= 0ff; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal;= font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sa= ns-serif; font-size: 12pt;"><div dir=3D"ltr"><div class=3D"gmail_extra"><di= v class=3D"gmail_quote"><div><div style=3D"font-family: arial,helvetica,san= s-serif;" class=3D"gmail_default" data-mce-style=3D"font-family: arial,helv= etica,sans-serif;"><br><br></div><div style=3D"font-family: arial,helvetica= ,sans-serif;" class=3D"gmail_default" data-mce-style=3D"font-family: arial,= helvetica,sans-serif;">Thanks<br><br></div><div style=3D"font-family: arial= ,helvetica,sans-serif;" class=3D"gmail_default" data-mce-style=3D"font-fami= ly: arial,helvetica,sans-serif;">Martin Perina<br>=E2=80=8B</div><br></div>= <blockquote class=3D"gmail_quote" style=3D"margin: 0px 0px 0px 0.8ex; borde= r-left: 1px solid #cccccc; padding-left: 1ex;" data-mce-style=3D"margin: 0p= x 0px 0px 0.8ex; border-left: 1px solid #cccccc; padding-left: 1ex;"><br> &= gt;<br> >><br> >> This behavior is verified on all our oVirt en= vironments (oVirt 4.0.4 + FreeIPA)<br> >><br> >> Someone hit th= e same problem ?<br> >><br> >> Have a nice day.<br> >><br= div></blockquote></div><br><br clear=3D"all"><br>-- <br><div class=3D"gmail= _signature"><div dir=3D"ltr"><div>Greg Sheremeta, MBA<br>Red Hat, Inc.<br>S= r. Software Engineer<br><a href=3D"mailto:gshereme@redhat.com" target=3D"_b= lank" data-mce-href=3D"mailto:gshereme@redhat.com">gshereme@redhat.com</a><= br></div></div></div></div><br></blockquote></div><div><br></div><div data-= marker=3D"__SIG_POST__">-- <br></div><div>Baptiste AGASSE<br>Lyra Network F= rance, Senior GNU/Linux engineer<br>109 Rue de l'innovation, 31670 Lab=C3= =A8ge - France<br>Phone: (+33)5.67.22.31.87<br>Fax: (+33)5.67.22.31.61<br>E= -mail: baptiste.agasse@lyra-network.com<br>Website: http://www.lyra-network= .com</div></div></body></html> ------=_Part_16589028_1483637646.1478507679601--