[ovirt-users] external users problem
Baptiste Agasse
baptiste.agasse at lyra-network.com
Mon Nov 7 08:34:39 UTC 2016
Hi,
----- Le 4 Nov 16, à 18:22, Greg Sheremeta <gshereme at redhat.com> a écrit :
> Sorry for the delay. Did anyone help out on this yet? If not, I can look now.
No problem. No evolution on this side, if you can take a look, it will be nice.
Thank you.
> Greg
> On Mon, Oct 24, 2016 at 8:52 AM, Martin Perina < mperina at redhat.com > wrote:
>> Alex/Greg, could you please take a look?
>> Thanks
>> Martin
>> On Mon, Oct 24, 2016 at 2:02 PM, Baptiste Agasse <
>> baptiste.agasse at lyra-network.com > wrote:
>>> Hi,
>>> ----- Le 24 Oct 16, à 11:25, Martin Perina < mperina at redhat.com > a écrit :
>>>> On Mon, Oct 24, 2016 at 11:18 AM, Baptiste Agasse <
>>>> baptiste.agasse at lyra-network.com > wrote:
>>>>> Hi Ondra,
>>>>> ----- Le 24 Oct 16, à 10:36, Ondra Machacek omachace at redhat.com a écrit :
>>>>> > On 10/21/2016 12:00 PM, Baptiste Agasse wrote:
>>>>> >> Hi all,
>>>>> >> We use ovirt 4.0.4 with FreeIPA as external provider. The external provider was
>>>>> >> configured via the 'ovirt-engine-extension-aaa-ldap-setup' command. The
>>>>> >> authentication works fine, but in the webui, when you go on the 'Active User
>>>>> >> Sessions', all users uuid is showed as '00000000-0000-0000-0000-000000000000'.
>>>>> >> Other problem, maybe related, when a user create a VM, by default a permission
>>>>> >> is created with the role of 'UserVmManager'. On the 'Permissions' pane, we see
>>>>> >> a line with no value for User, Authorization provider, Namespace. The only
>>>>> >> value set on this line is the role (UserVmManager in that case). When we try to
>>>>> >> remove this line, an exception occurs in the webui that prevent deletion of
>>>>> >> this line.
>>>>> > I've never see such issue with FreeIPA. Can you please share what's
>>>>> > your IPA version?
>>>>> > Can you also please share the log of error which occurs, when you try
>>>>> > to remove the permission?
>>>>> We have multiple ovirt envs, all ovirt version are the same as described, but
>>>>> FreeIPA servers are in different versions on these envs. We have one env with
>>>>> FreeIPA on CentOS 6 (ipa-server-3.0.0-42.el6.centos.x86_64) and the other on
>>>>> FreeIPA on CentOS 7 (ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64). The both
>>>>> envs have the same problem. On our envs, the role mapping in oVirt is done on
>>>>> user groups and not on individual users.
>>>>> For the permission problem, the problem only occurs when the VM is created via
>>>>> the user webui. Creating VM with API or admin webui is OK. When we try to
>>>>> remove the permission, an UI exception occurs and no logs on the engine.log
>>>>> side. I've attached screenshots and ui.log.
>>>> Unfortunately by default UI code is obfuscated, so we cannot find exact issue.
>>>> Could you please perform following steps and send us new ui.log?
>>>> 1. Install UI debug packages
>>>> yum install ovirt-engine-webadmin-portal-debuginfo
>>>> ovirt-engine-userportal-debuginfo
>>>> 2. Restart ovirt-engine
>>>> systemctl restart ovirt-engine
>>>> 3. Reproduce the error and share up-to-date ui.log with use
>>>> If needed more info about UI logs can be found at
>>>> http://www.ovirt.org/develop/developer-guide/engine/engine-debug-obfuscated-ui/
>>> I've reproduced the error, see attached engine.log at VM creation time and the
>>> ui.log when trying to remove inconsistent permission.
>>> Thanks.
>>>> Thanks
>>>> Martin Perina
>>>>
>>>>> >> This behavior is verified on all our oVirt environments (oVirt 4.0.4 + FreeIPA)
>>>>> >> Someone hit the same problem ?
>>>>> >> Have a nice day.
>>>>> >> Regards.
>>>>> Regards.
>>>>> --
>>>>> Baptiste AGASSE
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at ovirt.org
>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>> --
>>> Baptiste AGASSE
> --
> Greg Sheremeta, MBA
> Red Hat, Inc.
> Sr. Software Engineer
> gshereme at redhat.com
--
Baptiste AGASSE
Lyra Network France, Senior GNU/Linux engineer
109 Rue de l'innovation, 31670 Labège - France
Phone: (+33)5.67.22.31.87
Fax: (+33)5.67.22.31.61
E-mail: baptiste.agasse at lyra-network.com
Website: http://www.lyra-network.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20161107/2b186e4b/attachment-0001.html>
More information about the Users
mailing list