<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, May 12, 2017 at 1:18 PM, Fabrice Bacchella <span dir="ltr">&lt;<a href="mailto:fabrice.bacchella@orange.fr" target="_blank">fabrice.bacchella@orange.fr</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">The request is indeed quite slow within ovirt, using the setup given by Juan:<br>
<br>
/ovirt-engine/sso/oauth/token-<wbr>http-auth 7001ms<br>
<br>
I was not able to authenticate jboss-cli.sh, I don&#39;t know why: &#39;admin@internal-authz&#39;: No valid profile found in credentials.<br></blockquote><div><br></div><div>It should be admin@internal.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
So I tried to modifie usr/share/ovirt-engine/<wbr>services/ovirt-engine/<a href="http://ovirt-engine-logging.properties.in" rel="noreferrer" target="_blank">ovirt-<wbr>engine-logging.properties.in</a>, adding:<br>
org.ovirt.engineextensions.<wbr>aaa=ALL<br>
org.ovirt.engine.core.bll.aaa=<wbr>ALL<br>
and then restart ovirt-engine. But that changed nothing. That&#39;s not the good syntax ?<br></blockquote><div><br></div><div>You must change the file in <a href="http://ovirt-engine.xml.in">ovirt-engine.xml.in</a> same file as Juan send above.<br></div><div>See here: <a href="https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/ovirt-engine-extension-aaa-ldap-1.0/README#L377">https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/ovirt-engine-extension-aaa-ldap-1.0/README#L377</a><br><br></div><div>But I think better to use JBoss CLI, you don&#39;t have to restart oVirt engine then.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div class="gmail-HOEnZb"><div class="gmail-h5"><br>
<br>
<br>
<br>
&gt; Le 12 mai 2017 à 09:25, Ondra Machacek &lt;<a href="mailto:omachace@redhat.com">omachace@redhat.com</a>&gt; a écrit :<br>
&gt;<br>
&gt; I am not aware of anything, but debug log of all aaa stuff would help,<br>
&gt; to understand what takes the most time.<br>
&gt;<br>
&gt;  - org.ovirt.engineextensions.<wbr>aaa.ldap<br>
&gt;  - org.ovirt.engineextensions.<wbr>aaa.misc<br>
&gt;  - org.ovirt.engine.core.aaa<br>
&gt;  - org.ovirt.engine.core.sso<br>
&gt;<br>
&gt; To enable it in runtime, please follow:<br>
&gt;<br>
&gt;  <a href="https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/master/README#L469" rel="noreferrer" target="_blank">https://github.com/oVirt/<wbr>ovirt-engine-extension-aaa-<wbr>ldap/blob/master/README#L469</a><br>
&gt;<br>
&gt; On Thu, May 11, 2017 at 7:24 PM, Fabrice Bacchella &lt;<a href="mailto:fabrice.bacchella@orange.fr">fabrice.bacchella@orange.fr</a>&gt; wrote:<br>
&gt; I&#39;m using kerberos authentication in ovirt for the URL /sso/oauth/token-http-auth, but kerberos is done in Apache using auth_gssapi_module and it&#39;s quite slow, about 6s for a request.<br>
&gt;<br>
&gt; I&#39;m trying to understand if it&#39;s apache or ovirt-engine that are slow. Is there a way to get response time metered for http requests inside ovirt instead of seen from apache ?<br>
&gt;<br>
&gt; ______________________________<wbr>_________________<br>
&gt; Users mailing list<br>
&gt; <a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
&gt; <a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br>
&gt;<br>
<br>
</div></div></blockquote></div><br></div></div>