[ovirt-devel] Re: [ovirt-users] VM User with UserRole missing permissions to activate console and other actions
Thanks Greg, it really would be great to resolve this and would really like to not have to clean install the engine on a new hostname (especially without a guarantee that it will work). Migrating is a significant portion of work. Regards, Callum -- Callum Smith Research Computing Core Wellcome Trust Centre for Human Genetics University of Oxford e. cal...@well.ox.ac.uk<mailto:cal...@well.ox.ac.uk> On 27 Jul 2018, at 01:20, Greg Sheremeta mailto:gsher...@redhat.com>> wrote: Adding some people who may be able to help. On Wed, Jul 18, 2018 at 7:15 AM Callum Smith mailto:cal...@well.ox.ac.uk>> wrote: Dear All, Please see the errors below. I'm seeing this in the engine.log when as a user I'm trying to activate either a VM console or reboot a VM which I have access to as a user ("UserRole permission assigned to VM). 2018-07-18 10:51:33,554+01 INFO [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-9) [557ca876] Running command : CreateUserSessionCommand internal: false. 2018-07-18 10:51:33,575+01 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-9) [557ca876] E VENT_ID: USER_VDC_LOGIN(30), User callum@Biomedical Research Computing connecting from '192.168.1.241' using session 'wiWA25wdaRP1zay iyTSGBJKpvi89LdzgKqeX12BcZhNVhpV2BIA+zkAnT50xOSDglxnhfAi3S2ZiODls8JYFUA==' logged in. 2018-07-18 10:51:34,135+01 ERROR [org.ovirt.engine.core.bll.GetSystemStatisticsQuery] (default task-5) [8d830cdb-fc11-4e68-94e6-73309 65c4488] Query execution failed due to insufficient permissions. 2018-07-18 10:51:34,205+01 ERROR [org.ovirt.engine.core.bll.GetPermissionsForObjectQuery] (default task-26) [ba1825f1-60fb-44cd-8b57- ea701cf698c0] Query execution failed due to insufficient permissions. 2018-07-18 10:51:34,242+01 ERROR [org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default task-26) [] Operation Faile d: query execution failed due to insufficient permissions. 2018-07-18 10:51:34,389+01 ERROR [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] (default task-17) [02965366 -44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient permissions. 2018-07-18 10:51:34,393+01 ERROR [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] (default task-17) [02965366 -44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient permissions. 2018-07-18 10:51:34,394+01 ERROR [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] (default task-17) [02965366 -44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient permissions. 2018-07-18 10:51:34,396+01 ERROR [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] (default task-17) [02965366 -44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient permissions. 2018-07-18 10:51:59,195+01 WARN [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-18) [7881a832] User '9386d6f5-f172-4cdb -abca-62492a357888' is trying to take the console of virtual machine 'ddb23e0a-01d5-403c-89ab-37c400d2c938', but the console is alrea dy taken by user 'd021fc10-4f7c-11e8-88cb-00163e6a7aff'. 2018-07-18 10:51:59,197+01 INFO [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-18) [7881a832] No permission found for user '9386d6f5-f172-4cdb-abca-62492a357888' or one of the groups he is member of, when running action 'SetVmTicket', Required permiss ions are: Action type: 'USER' Action group: 'RECONNECT_TO_VM' Object type: 'VM' Object ID: 'ddb23e0a-01d5-403c-89ab-37c400d2c938'. 2018-07-18 10:51:59,197+01 WARN [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-18) [7881a832] Validation of action 'Se tVmTicket' failed for user callum@Biomedical Research Computing. Reasons: VAR__ACTION__SET,VAR__TYPE__VM_TICKET,USER_CANNOT_FORCE_REC ONNECT_TO_VM 2018-07-18 10:51:59,198+01 ERROR [org.ovirt.engine.api.restapi.resource.BackendVmGraphicsConsoleResource] (default task-18) [] Operat ion Failed: USER_CANNOT_FORCE_RECONNECT_TO_VM Regards, Callum -- Callum Smith Research Computing Core Wellcome Trust Centre for Human Genetics University of Oxford e. cal...@well.ox.ac.uk<mailto:cal...@well.ox.ac.uk> ___ Users mailing list -- us...@ovirt.org<mailto:us...@ovirt.org> To unsubscribe send an email to users-le...@ovirt.org<mailto:users-le...@ovirt.org> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/us...@ovirt.org/message/D7GSJDZ32DBIMYRMX3MF2TKVNTP5Q6DW/ -- GREG SHEREMETA SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX Red Hat NA <https://www.redhat.com/> gsher...@redhat.com&l
[ovirt-devel] Re: [ovirt-users] VM User with UserRole missing permissions to activate console and other actions
Dear Scott, You're not wrong, console reports the error: Reducing action: {"type":"VM_ACTIONS_SET_CONSOLE_IN_USE","payload":{"vmId":"a437d298-59b3-4e10-9ced-516edb38a7ea","consoleInUse":false}} helpers.js:19:6 Reducing action: {"type":"SET_VM_CONSOLES","payload":{"vmId":"a437d298-59b3-4e10-9ced-516edb38a7ea","consoles":[{"id":"7370696365","protocol":"spice"},{"id":"766e63","protocol":"vnc"}]}} helpers.js:19:6 Reducing action: {"type":"VM_ACTION_IN_PROGRESS","payload":{"vmId":"a437d298-59b3-4e10-9ced-516edb38a7ea","name":"getConsole","started":false}} helpers.js:19:6 External action console() starts on {"type":"INTERNAL_CONSOLE","payload":{"vmId":"a437d298-59b3-4e10-9ced-516edb38a7ea","consoleId":"7370696365"}} helpers.js:19:6 _httpGet start: url="/ovirt-engine/api/vms/a437d298-59b3-4e10-9ced-516edb38a7ea/graphicsconsoles/7370696365" helpers.js:19:6 _httpGet: url="/ovirt-engine/api/vms/a437d298-59b3-4e10-9ced-516edb38a7ea/graphicsconsoles/7370696365", headers="{"Authorization":"Bearer 5orPWAJBkJx5g1bZDxi7Q3h3oQHFpWZW6XP5rZo_Moy3IShguyuA6VPpa4EB-o7mc8g_gHuua5BdMy8wwet3Yw","Accept-Language":"en_US","Filter":true,"Accept":"application/x-virt-viewer"}" XML Parsing Error: no root element found Location: https://ovirtengine.cluster/ovirt-engine/api/vms/a437d298-59b3-4e10-9ced-516edb38a7ea/graphicsconsoles/7370696365 Line Number 1, Column 1: Ajax failed: {"readyState":4,"responseText":"","status":403,"statusText":"Forbidden"} helpers.js:19:6 External action exception: {"readyState":4,"responseText":"","status":403,"statusText":"Forbidden"} helpers.js:19:6 Reducing action: {"type":"FAILED_EXTERNAL_ACTION","payload":{"message":"Failed to retrieve VM console details\nForbidden","shortMessage":"Failed to retrieve VM console details","type":403,"action":{"type":"INTERNAL_CONSOLE","payload":{"vmId":"a437d298-59b3-4e10-9ced-516edb38a7ea","consoleId":"7370696365" All of the forbidden issues could be misleading, but along with the server-side permissions issues that leads me to believe it could be a combination of both the issue you suggest and another one underlying? We have to go with full release versions ideally as the ovirtengine is in production, I'd rather avoid the master branch version. Regards, Callum -- Callum Smith Research Computing Core Wellcome Trust Centre for Human Genetics University of Oxford e. cal...@well.ox.ac.uk<mailto:cal...@well.ox.ac.uk> On 27 Jul 2018, at 15:25, Scott Dickerson mailto:sdick...@redhat.com>> wrote: Callum, If you are seeing the error when opening the console from VM Portal (web-ui), this sounds a lot like issue [1]. A patch against the ovirt REST api was done to help mitigate some errors that should not happen. I'll take a look to see how it is working in the current master snapshot of ovirt-engine and VM Portal. What version of oVirt are you using? [1] - https://github.com/oVirt/ovirt-web-ui/issues/509 Regards, Scott Dickerson On Fri, Jul 27, 2018 at 4:42 AM, Callum Smith mailto:cal...@well.ox.ac.uk>> wrote: Thanks Greg, it really would be great to resolve this and would really like to not have to clean install the engine on a new hostname (especially without a guarantee that it will work). Migrating is a significant portion of work. Regards, Callum -- Callum Smith Research Computing Core Wellcome Trust Centre for Human Genetics University of Oxford e. cal...@well.ox.ac.uk<mailto:cal...@well.ox.ac.uk> On 27 Jul 2018, at 01:20, Greg Sheremeta mailto:gsher...@redhat.com>> wrote: Adding some people who may be able to help. On Wed, Jul 18, 2018 at 7:15 AM Callum Smith mailto:cal...@well.ox.ac.uk>> wrote: Dear All, Please see the errors below. I'm seeing this in the engine.log when as a user I'm trying to activate either a VM console or reboot a VM which I have access to as a user ("UserRole permission assigned to VM). 2018-07-18 10:51:33,554+01 INFO [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-9) [557ca876] Running command : CreateUserSessionCommand internal: false. 2018-07-18 10:51:33,575+01 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-9) [557ca876] E V
[ovirt-devel] Re: [ovirt-users] VM User with UserRole missing permissions to activate console and other actions
Dear Michal, We’re on the latest release version, 4.2.4. VM Permissions are UserRole and no others. Regards, Callum -- Callum Smith Research Computing Core Wellcome Trust Centre for Human Genetics University of Oxford e. cal...@well.ox.ac.uk<mailto:cal...@well.ox.ac.uk> On 27 Jul 2018, at 18:14, Michal Skrivanek mailto:mskri...@redhat.com>> wrote: On 27 Jul 2018, at 16:37, Callum Smith mailto:cal...@well.ox.ac.uk>> wrote: Dear Scott, You're not wrong, console reports the error: Reducing action: {"type":"VM_ACTIONS_SET_CONSOLE_IN_USE","payload":{"vmId":"a437d298-59b3-4e10-9ced-516edb38a7ea","consoleInUse":false}} helpers.js:19:6 Reducing action: {"type":"SET_VM_CONSOLES","payload":{"vmId":"a437d298-59b3-4e10-9ced-516edb38a7ea","consoles":[{"id":"7370696365","protocol":"spice"},{"id":"766e63","protocol":"vnc"}]}} helpers.js:19:6 Reducing action: {"type":"VM_ACTION_IN_PROGRESS","payload":{"vmId":"a437d298-59b3-4e10-9ced-516edb38a7ea","name":"getConsole","started":false}} helpers.js:19:6 External action console() starts on {"type":"INTERNAL_CONSOLE","payload":{"vmId":"a437d298-59b3-4e10-9ced-516edb38a7ea","consoleId":"7370696365"}} helpers.js:19:6 _httpGet start: url="/ovirt-engine/api/vms/a437d298-59b3-4e10-9ced-516edb38a7ea/graphicsconsoles/7370696365" helpers.js:19:6 _httpGet: url="/ovirt-engine/api/vms/a437d298-59b3-4e10-9ced-516edb38a7ea/graphicsconsoles/7370696365", headers="{"Authorization":"Bearer 5orPWAJBkJx5g1bZDxi7Q3h3oQHFpWZW6XP5rZo_Moy3IShguyuA6VPpa4EB-o7mc8g_gHuua5BdMy8wwet3Yw","Accept-Language":"en_US","Filter":true,"Accept":"application/x-virt-viewer"}" XML Parsing Error: no root element found Location: https://ovirtengine.cluster/ovirt-engine/api/vms/a437d298-59b3-4e10-9ced-516edb38a7ea/graphicsconsoles/7370696365 Line Number 1, Column 1: Ajax failed: {"readyState":4,"responseText":"","status":403,"statusText":"Forbidden"} helpers.js:19:6 External action exception: {"readyState":4,"responseText":"","status":403,"statusText":"Forbidden"} helpers.js:19:6 Reducing action: {"type":"FAILED_EXTERNAL_ACTION","payload":{"message":"Failed to retrieve VM console details\nForbidden","shortMessage":"Failed to retrieve VM console details","type":403,"action":{"type":"INTERNAL_CONSOLE","payload":{"vmId":"a437d298-59b3-4e10-9ced-516edb38a7ea","consoleId":"7370696365" All of the forbidden issues could be misleading, but along with the server-side permissions issues that leads me to believe it could be a combination of both the issue you suggest and another one underlying? We have to go with full release versions ideally as the ovirtengine is in production, I'd rather avoid the master branch version. sure, so which ones do you have? both ovirt-engine and ovirt-web-ui Also please add what all permissions you have set on that VM, and which user tries to access it Regards, Callum -- Callum Smith Research Computing Core Wellcome Trust Centre for Human Genetics University of Oxford e. cal...@well.ox.ac.uk<mailto:cal...@well.ox.ac.uk> On 27 Jul 2018, at 15:25, Scott Dickerson mailto:sdick...@redhat.com>> wrote: Callum, If you are seeing the error when opening the console from VM Portal (web-ui), this sounds a lot like issue [1]. A patch against the ovirt REST api was done to help mitigate some errors that should not happen. I'll take a look to see how it is working in the current master snapshot of ovirt-engine and VM Portal. What version of oVirt are you using? [1] - https://github.com/oVirt/ovirt-web-ui/issues/509 Regards, Scott Dickerson On Fri, Jul 27, 2018 at 4:42 AM, Callum Smith mailto:cal...@well.ox.ac.uk>> wrote: Thanks Greg, it really would be great to resolve this and would really like to not have to clean install the engine on a new hostname (especially without a guarantee that it will work). Migrating is a significant portion of work. Regards, Callum -- Callum Smith Research Computing Core Wellcome Trust Centre for Human Genetics University of Oxford e. cal...@well.ox.ac.uk<mailto:cal...@well.ox.ac.uk> On 27 Jul 2018, at 01:20, Greg Sheremeta mailto:gsher...@redhat.com>> wrote: Adding some people who may be able to help.