[ovirt-users] external users problem
Baptiste Agasse
baptiste.agasse at lyra-network.com
Mon Oct 24 12:02:30 UTC 2016
Hi,
----- Le 24 Oct 16, à 11:25, Martin Perina <mperina at redhat.com> a écrit :
> On Mon, Oct 24, 2016 at 11:18 AM, Baptiste Agasse <
> baptiste.agasse at lyra-network.com > wrote:
>> Hi Ondra,
>> ----- Le 24 Oct 16, à 10:36, Ondra Machacek omachace at redhat.com a écrit :
>> > On 10/21/2016 12:00 PM, Baptiste Agasse wrote:
>> >> Hi all,
>> >> We use ovirt 4.0.4 with FreeIPA as external provider. The external provider was
>> >> configured via the 'ovirt-engine-extension-aaa-ldap-setup' command. The
>> >> authentication works fine, but in the webui, when you go on the 'Active User
>> >> Sessions', all users uuid is showed as '00000000-0000-0000-0000-000000000000'.
>> >> Other problem, maybe related, when a user create a VM, by default a permission
>> >> is created with the role of 'UserVmManager'. On the 'Permissions' pane, we see
>> >> a line with no value for User, Authorization provider, Namespace. The only
>> >> value set on this line is the role (UserVmManager in that case). When we try to
>> >> remove this line, an exception occurs in the webui that prevent deletion of
>> >> this line.
>> > I've never see such issue with FreeIPA. Can you please share what's
>> > your IPA version?
>> > Can you also please share the log of error which occurs, when you try
>> > to remove the permission?
>> We have multiple ovirt envs, all ovirt version are the same as described, but
>> FreeIPA servers are in different versions on these envs. We have one env with
>> FreeIPA on CentOS 6 (ipa-server-3.0.0-42.el6.centos.x86_64) and the other on
>> FreeIPA on CentOS 7 (ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64). The both
>> envs have the same problem. On our envs, the role mapping in oVirt is done on
>> user groups and not on individual users.
>> For the permission problem, the problem only occurs when the VM is created via
>> the user webui. Creating VM with API or admin webui is OK. When we try to
>> remove the permission, an UI exception occurs and no logs on the engine.log
>> side. I've attached screenshots and ui.log.
> Unfortunately by default UI code is obfuscated, so we cannot find exact issue.
> Could you please perform following steps and send us new ui.log?
> 1. Install UI debug packages
> yum install ovirt-engine-webadmin-portal-debuginfo
> ovirt-engine-userportal-debuginfo
> 2. Restart ovirt-engine
> systemctl restart ovirt-engine
> 3. Reproduce the error and share up-to-date ui.log with use
> If needed more info about UI logs can be found at
> http://www.ovirt.org/develop/developer-guide/engine/engine-debug-obfuscated-ui/
I've reproduced the error, see attached engine.log at VM creation time and the ui.log when trying to remove inconsistent permission.
Thanks.
> Thanks
> Martin Perina
>
>> >> This behavior is verified on all our oVirt environments (oVirt 4.0.4 + FreeIPA)
>> >> Someone hit the same problem ?
>> >> Have a nice day.
>> >> Regards.
>> Regards.
>> --
>> Baptiste AGASSE
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
--
Baptiste AGASSE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20161024/f45b38be/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: engine.log
Type: text/x-log
Size: 16063 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20161024/f45b38be/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ui.log
Type: text/x-log
Size: 5540 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20161024/f45b38be/attachment-0003.bin>
More information about the Users
mailing list