Hi Dietmar,
Thank you for your feedback.
However, since I am starting on a new installation, I am surprised to get this
kind of answer.
« Your cluster fs is not working (pmxcfs). See you run on a broken
installation. »
Or
« You need a working PVE installation before doing any API calls... »
With the following command, I have the process up!
ps aux | grep pmxcfs
I think I have enough knowledge about SAML and Perl to do it, however, the
support of a dev would be ideal at least on the lock part.
I'm trying to implement a new api so that Proxmox authentication works with
SAMLv2.
I would have preferred to have more info on the following part :
# this is just a readonly copy, the relevant one is in status.c from pmxcfs
# observed files are the one we can get directly through IPCC, they are cached
# using a computed version and only those can be used by the cfs_*_file methods
To try to bring a little more element, I added a file to the following list in
the PVE::Cluster file
my $observed = {
'request.tmp' => 1,
Still in the PVE::Cluster file, It is well in the following part that it blocks
:
If I take the error message from the first email,
« error during cfs-locked \'file-request_tmp\' operation: pve cluster
filesystem not online /etc/pve/priv/lock. »
If I test the dir /etc/pve/priv/lock, it exists!
Do the files we add in PVE::Cluster file need to be listed in
/var/lib/pve-cluster/config.db, if so, any spec please?
Thanking you in advance,
Sincerely,
Julien BLAIS
De : pve-devel-requ...@lists.proxmox.com
Envoyé le :lundi 24 mai 2021 12:00
À : pve-devel@lists.proxmox.com
Objet :pve-devel Digest, Vol 132, Issue 53
Send pve-devel mailing list submissions to
pve-devel@lists.proxmox.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
or, via email, send a message with subject or body 'help' to
pve-devel-requ...@lists.proxmox.com
You can reach the person managing the list at
pve-devel-ow...@lists.proxmox.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of pve-devel digest..."
Today's Topics:
1. cfs-locked 'authkey' operation: pve cluster filesystem not
online (wb)
2. Re: cfs-locked 'authkey' operation: pve cluster filesystem
not online (Dietmar Maurer)
----------------------------------------------------------------------
Message: 1
Date: Sun, 23 May 2021 23:23:23 +0200
From: wb <webmas...@jbsky.fr>
To: "pve-devel@lists.proxmox.com" <pve-devel@lists.proxmox.com>
Subject: [pve-devel] cfs-locked 'authkey' operation: pve cluster
filesystem not online
Message-ID:
<fb0ddc9e61de4c98f1498ff4375b9...@mwinf5d62.me-wanadoo.net>
Content-Type: text/plain; charset="utf-8"
Hello to all.
I have the plan to implement the SSO authentication feature with the SAML
protocol.
However, I have an error that prevents me from validating the authentication
process.
It is about the locks.
The first step is to store the request_saml_id. If I try to create a file by
your libraries, I get an 500 error with msg:
error during cfs-locked \'file-request_tmp\' operation: pve cluster filesystem
not online /etc/pve/priv/lock.
https://github.com/jbsky/proxmox-saml2-auth/commit/d75dc621aae719c8fdd251859af9641cda0e526b
Ok, I can make a temp workaround.
2nd step?:
When I try to create a ticket with the function create_ticket in package
PVE::API2::AccessControl;
I've got this error :
authentication failure; rhost=127.0.0.1 user=admin@DOM msg=error during
cfs-locked 'authkey' operation: pve cluster filesystem not online
/etc/pve/priv/lock
src :
https://github.com/jbsky/proxmox-saml2-auth/commit/93b02727d2e172968c14c4ce3a7c27e8d5c0feb0
I have really bad luck with these locks!
Can you help me to understand the prerequisites to make the lock work?
If you want init a redirect to an identity provider(IdP, ex: Keycloak), use
this url :
https://pve/api2/html/access/saml?realm=DOM
After an authentication side IdP, the IdP post to pve at
https://pve/api2/html/access/saml.
I'm sorry to work on a separate repository, it's because I don't know your
components very well.
I would be grateful if you could tell me how to debug these locks.
Thanking you in advance,
Sincerely,
Julien BLAIS
------------------------------
Message: 2
Date: Mon, 24 May 2021 09:45:15 +0200 (CEST)
From: Dietmar Maurer <diet...@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
wb <webmas...@jbsky.fr>
Subject: Re: [pve-devel] cfs-locked 'authkey' operation: pve cluster
filesystem not online
Message-ID: <606562427.786.1621842315...@webmail.proxmox.com>
Content-Type: text/plain; charset=UTF-8
Hi Julien,
> Hello to all.
>
> I have the plan to implement the SSO authentication feature with the SAML
> protocol.
> However, I have an error that prevents me from validating the authentication
> process.
> It is about the locks.
> The first step is to store the request_saml_id. If I try to create a file by
> your libraries, I get an 500 error with msg:
> error during cfs-locked \'file-request_tmp\' operation: pve cluster
> filesystem not online /etc/pve/priv/lock.
Your cluster fs is not working (pmxcfs). See you run on a broken installation.
> https://github.com/jbsky/proxmox-saml2-auth/commit/d75dc621aae719c8fdd251859af9641cda0e526b
> Ok, I can make a temp workaround.
>
> 2nd step?:
> When I try to create a ticket with the function create_ticket in package
> PVE::API2::AccessControl;
> I've got this error :
> authentication failure; rhost=127.0.0.1 user=admin@DOM msg=error during
> cfs-locked 'authkey' operation: pve cluster filesystem not online
> /etc/pve/priv/lock
Again, the pmxcfs is not online.
> src :
> https://github.com/jbsky/proxmox-saml2-auth/commit/93b02727d2e172968c14c4ce3a7c27e8d5c0feb0
>
> I have really bad luck with these locks!
> Can you help me to understand the prerequisites to make the lock work?
You need a working PVE installation before doing any API calls...
------------------------------
Subject: Digest Footer
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
------------------------------
End of pve-devel Digest, Vol 132, Issue 53
******************************************
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
