[jira] [Commented] (CLOUDSTACK-10236) Unable to login to ACS after upgrading 4.5 -> 4.11
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16337487#comment-16337487 ] ASF subversion and git services commented on CLOUDSTACK-10236: -- Commit 170b6ce20dd4fc2f1fd3ad84833f440d955d2987 in cloudstack's branch refs/heads/master from [~rohithsharma] [ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=170b6ce ] CLOUDSTACK-10236: Enable dynamic roles for missing props file (#2426) Automate dynamic roles migration for missing props file - In case commands.properties file is missing, enables dynamic roles. - Adds a new -D or --default flag to migrate-dynamicroles.py script to simply update the global setting and use the default role-rule permissions. - Add warning message, ask admins to move to dynamic roles during upgrade Signed-off-by: Rohit Yadav > Unable to login to ACS after upgrading 4.5 -> 4.11 > --- > > Key: CLOUDSTACK-10236 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10236 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.11.0.0 >Reporter: Boris Stoyanov >Assignee: Rohit Yadav >Priority: Blocker > Fix For: 4.11.0.0 > > > I've upgraded my CentOS6 env from 4.5 to 4.11 and ended up not being able to > login. I'm getting 'Session expired' message right after I enter my admin > username and password. Here's the management log output: > > {code:java} > 2018-01-17 13:07:47,383 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Attempting to log in user: > admin in domain 1 > 2018-01-17 13:07:47,389 DEBUG [o.a.c.s.a.PBKDF2UserAuthenticator] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Retrieving user: admin > 2018-01-17 13:07:48,248 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) CIDRs from which account > 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed to perform API > calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,249 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) User: admin in domain 1 has > successfully logged in > 2018-01-17 13:07:48,260 INFO [c.c.a.ApiServer] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Current user logged in under > UTC timezone > 2018-01-17 13:07:48,260 INFO [c.c.a.ApiServer] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Timezone offset from UTC is: > 0.0 > 2018-01-17 13:07:48,267 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) ===END=== 10.1.0.1 – POST > 2018-01-17 13:07:48,340 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-390d3282) (logid:b98a9144) ===START=== 10.1.0.1 – GET > command=listCapabilities&response=json&_=1516194514030 > 2018-01-17 13:07:48,349 DEBUG [c.c.a.ApiServer] > (qtp1310540333-16:ctx-390d3282 ctx-0509900f) (logid:b98a9144) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,372 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-390d3282 ctx-0509900f) (logid:b98a9144) ===END=== > 10.1.0.1 – GET command=listCapabilities&response=json&_=1516194514030 > 2018-01-17 13:07:48,439 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-495f6fd0) (logid:67992211) ===START=== 10.1.0.1 – GET > command=listZones&response=json&_=1516194514137 > 2018-01-17 13:07:48,449 DEBUG [c.c.a.ApiServer] > (qtp1310540333-19:ctx-495f6fd0 ctx-606dcc84) (logid:67992211) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,474 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-495f6fd0 ctx-606dcc84) (logid:67992211) ===END=== > 10.1.0.1 – GET command=listZones&response=json&_=1516194514137 > 2018-01-17 13:07:48,549 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-f2bcf13f) (logid:f73a6f0c) ===START=== 10.1.0.1 – GET > command=cloudianIsEnabled&response=json&_=1516194514249 > 2018-01-17 13:07:48,556 DEBUG [c.c.a.ApiServer] > (qtp1310540333-16:ctx-f2bcf13f ctx-3e6a3a41) (logid:f73a6f0c) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,579 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-f2bcf13f ctx-3e6a3a41) (logid:f73a6f0c) ===END=== > 10.1.0.1 – GET command=cloudianIsEnabled&response=json&_=1516194514249 > 2018-01-17 13:07:48,645 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-560f926e) (logid:62a5cb2f) ===START=== 10.1.0.1 – GET > command=quotaIsEnabled&response=json&_=1516194514343 > 2018-01-17 13:07:48,653 DEBUG [c.c.a.ApiServ
[jira] [Commented] (CLOUDSTACK-10236) Unable to login to ACS after upgrading 4.5 -> 4.11
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16337476#comment-16337476 ] ASF subversion and git services commented on CLOUDSTACK-10236: -- Commit 170b6ce20dd4fc2f1fd3ad84833f440d955d2987 in cloudstack's branch refs/heads/4.11 from [~rohithsharma] [ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=170b6ce ] CLOUDSTACK-10236: Enable dynamic roles for missing props file (#2426) Automate dynamic roles migration for missing props file - In case commands.properties file is missing, enables dynamic roles. - Adds a new -D or --default flag to migrate-dynamicroles.py script to simply update the global setting and use the default role-rule permissions. - Add warning message, ask admins to move to dynamic roles during upgrade Signed-off-by: Rohit Yadav > Unable to login to ACS after upgrading 4.5 -> 4.11 > --- > > Key: CLOUDSTACK-10236 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10236 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.11.0.0 >Reporter: Boris Stoyanov >Assignee: Rohit Yadav >Priority: Blocker > Fix For: 4.11.0.0 > > > I've upgraded my CentOS6 env from 4.5 to 4.11 and ended up not being able to > login. I'm getting 'Session expired' message right after I enter my admin > username and password. Here's the management log output: > > {code:java} > 2018-01-17 13:07:47,383 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Attempting to log in user: > admin in domain 1 > 2018-01-17 13:07:47,389 DEBUG [o.a.c.s.a.PBKDF2UserAuthenticator] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Retrieving user: admin > 2018-01-17 13:07:48,248 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) CIDRs from which account > 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed to perform API > calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,249 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) User: admin in domain 1 has > successfully logged in > 2018-01-17 13:07:48,260 INFO [c.c.a.ApiServer] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Current user logged in under > UTC timezone > 2018-01-17 13:07:48,260 INFO [c.c.a.ApiServer] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Timezone offset from UTC is: > 0.0 > 2018-01-17 13:07:48,267 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) ===END=== 10.1.0.1 – POST > 2018-01-17 13:07:48,340 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-390d3282) (logid:b98a9144) ===START=== 10.1.0.1 – GET > command=listCapabilities&response=json&_=1516194514030 > 2018-01-17 13:07:48,349 DEBUG [c.c.a.ApiServer] > (qtp1310540333-16:ctx-390d3282 ctx-0509900f) (logid:b98a9144) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,372 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-390d3282 ctx-0509900f) (logid:b98a9144) ===END=== > 10.1.0.1 – GET command=listCapabilities&response=json&_=1516194514030 > 2018-01-17 13:07:48,439 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-495f6fd0) (logid:67992211) ===START=== 10.1.0.1 – GET > command=listZones&response=json&_=1516194514137 > 2018-01-17 13:07:48,449 DEBUG [c.c.a.ApiServer] > (qtp1310540333-19:ctx-495f6fd0 ctx-606dcc84) (logid:67992211) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,474 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-495f6fd0 ctx-606dcc84) (logid:67992211) ===END=== > 10.1.0.1 – GET command=listZones&response=json&_=1516194514137 > 2018-01-17 13:07:48,549 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-f2bcf13f) (logid:f73a6f0c) ===START=== 10.1.0.1 – GET > command=cloudianIsEnabled&response=json&_=1516194514249 > 2018-01-17 13:07:48,556 DEBUG [c.c.a.ApiServer] > (qtp1310540333-16:ctx-f2bcf13f ctx-3e6a3a41) (logid:f73a6f0c) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,579 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-f2bcf13f ctx-3e6a3a41) (logid:f73a6f0c) ===END=== > 10.1.0.1 – GET command=cloudianIsEnabled&response=json&_=1516194514249 > 2018-01-17 13:07:48,645 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-560f926e) (logid:62a5cb2f) ===START=== 10.1.0.1 – GET > command=quotaIsEnabled&response=json&_=1516194514343 > 2018-01-17 13:07:48,653 DEBUG [c.c.a.ApiServer
[jira] [Commented] (CLOUDSTACK-10236) Unable to login to ACS after upgrading 4.5 -> 4.11
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16337473#comment-16337473 ] ASF GitHub Bot commented on CLOUDSTACK-10236: - rhtyd closed pull request #2426: CLOUDSTACK-10236: Enable dynamic roles for missing props file URL: https://github.com/apache/cloudstack/pull/2426 This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade41000to41100.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade41000to41100.java index 53c2340665f..20294d16518 100644 --- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade41000to41100.java +++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade41000to41100.java @@ -31,6 +31,7 @@ import org.apache.log4j.Logger; import com.cloud.hypervisor.Hypervisor; +import com.cloud.utils.PropertiesUtil; import com.cloud.utils.exception.CloudRuntimeException; public class Upgrade41000to41100 implements DbUpgrade { @@ -65,10 +66,27 @@ public boolean supportsRollingUpgrade() { @Override public void performDataMigration(Connection conn) { +checkAndEnableDynamicRoles(conn); validateUserDataInBase64(conn); updateSystemVmTemplates(conn); } +private void checkAndEnableDynamicRoles(final Connection conn) { +final Map apiMap = PropertiesUtil.processConfigFile(new String[] { "commands.properties" }); +if (apiMap == null || apiMap.isEmpty()) { +if (LOG.isDebugEnabled()) { +LOG.debug("No commands.properties file was found, enabling dynamic roles by setting dynamic.apichecker.enabled to true if not already enabled."); +} +try (final PreparedStatement updateStatement = conn.prepareStatement("INSERT INTO cloud.configuration (category, instance, name, default_value, value) VALUES ('Advanced', 'DEFAULT', 'dynamic.apichecker.enabled', 'false', 'true') ON DUPLICATE KEY UPDATE value='true'")) { +updateStatement.executeUpdate(); +} catch (SQLException e) { +LOG.error("Failed to set dynamic.apichecker.enabled to true, please run migrate-dynamicroles.py script to manually migrate to dynamic roles.", e); +} +} else { +LOG.warn("Old commands.properties static checker is deprecated, please use migrate-dynamicroles.py to migrate to dynamic roles. Refer http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/latest/accounts.html#using-dynamic-roles";); +} +} + private void validateUserDataInBase64(Connection conn) { try (final PreparedStatement selectStatement = conn.prepareStatement("SELECT `id`, `user_data` FROM `cloud`.`user_vm` WHERE `user_data` IS NOT NULL;"); final ResultSet selectResultSet = selectStatement.executeQuery()) { diff --git a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java index fc78268fc62..f3dc3a3b8d7 100644 --- a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java +++ b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java @@ -39,6 +39,7 @@ // This is the default API access checker that grab's the user's account // based on the account type, access is granted +@Deprecated public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIChecker { protected static final Logger LOGGER = Logger.getLogger(StaticRoleBasedAPIAccessChecker.class); diff --git a/scripts/util/migrate-dynamicroles.py b/scripts/util/migrate-dynamicroles.py index cbb83f91783..35dfe662513 100755 --- a/scripts/util/migrate-dynamicroles.py +++ b/scripts/util/migrate-dynamicroles.py @@ -55,6 +55,14 @@ def migrateApiRolePermissions(apis, conn): if (octetKey[role] & int(apis[api])) > 0: runSql(conn, "INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`, `sort_order`) values (UUID(), %d, '%s', 'ALLOW', %d);" % (role, api, sortOrder)) sortOrder += 1 +print("Static role permissions from commands.properties have been migrated into the db") + + +def enableDynamicApiChecker(conn): +runSql(conn, "UPDATE `cloud`.`configuration` SET value='true' where name='dynamic.apichecker.enabled'") +conn.commit() +conn.close() +print("Dynamic role based API checker has been enabled!") def main(): @@ -71,6 +79,8 @@ def main(): help="Host or IP of the MySQL server") parser.add_
[jira] [Commented] (CLOUDSTACK-10236) Unable to login to ACS after upgrading 4.5 -> 4.11
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16337472#comment-16337472 ] ASF GitHub Bot commented on CLOUDSTACK-10236: - rhtyd commented on issue #2426: CLOUDSTACK-10236: Enable dynamic roles for missing props file URL: https://github.com/apache/cloudstack/pull/2426#issuecomment-360111511 Thanks, merging this based on code reviews and test results. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Unable to login to ACS after upgrading 4.5 -> 4.11 > --- > > Key: CLOUDSTACK-10236 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10236 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.11.0.0 >Reporter: Boris Stoyanov >Assignee: Rohit Yadav >Priority: Blocker > Fix For: 4.11.0.0 > > > I've upgraded my CentOS6 env from 4.5 to 4.11 and ended up not being able to > login. I'm getting 'Session expired' message right after I enter my admin > username and password. Here's the management log output: > > {code:java} > 2018-01-17 13:07:47,383 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Attempting to log in user: > admin in domain 1 > 2018-01-17 13:07:47,389 DEBUG [o.a.c.s.a.PBKDF2UserAuthenticator] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Retrieving user: admin > 2018-01-17 13:07:48,248 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) CIDRs from which account > 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed to perform API > calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,249 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) User: admin in domain 1 has > successfully logged in > 2018-01-17 13:07:48,260 INFO [c.c.a.ApiServer] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Current user logged in under > UTC timezone > 2018-01-17 13:07:48,260 INFO [c.c.a.ApiServer] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Timezone offset from UTC is: > 0.0 > 2018-01-17 13:07:48,267 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) ===END=== 10.1.0.1 – POST > 2018-01-17 13:07:48,340 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-390d3282) (logid:b98a9144) ===START=== 10.1.0.1 – GET > command=listCapabilities&response=json&_=1516194514030 > 2018-01-17 13:07:48,349 DEBUG [c.c.a.ApiServer] > (qtp1310540333-16:ctx-390d3282 ctx-0509900f) (logid:b98a9144) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,372 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-390d3282 ctx-0509900f) (logid:b98a9144) ===END=== > 10.1.0.1 – GET command=listCapabilities&response=json&_=1516194514030 > 2018-01-17 13:07:48,439 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-495f6fd0) (logid:67992211) ===START=== 10.1.0.1 – GET > command=listZones&response=json&_=1516194514137 > 2018-01-17 13:07:48,449 DEBUG [c.c.a.ApiServer] > (qtp1310540333-19:ctx-495f6fd0 ctx-606dcc84) (logid:67992211) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,474 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-495f6fd0 ctx-606dcc84) (logid:67992211) ===END=== > 10.1.0.1 – GET command=listZones&response=json&_=1516194514137 > 2018-01-17 13:07:48,549 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-f2bcf13f) (logid:f73a6f0c) ===START=== 10.1.0.1 – GET > command=cloudianIsEnabled&response=json&_=1516194514249 > 2018-01-17 13:07:48,556 DEBUG [c.c.a.ApiServer] > (qtp1310540333-16:ctx-f2bcf13f ctx-3e6a3a41) (logid:f73a6f0c) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,579 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-f2bcf13f ctx-3e6a3a41) (logid:f73a6f0c) ===END=== > 10.1.0.1 – GET command=cloudianIsEnabled&response=json&_=1516194514249 > 2018-01-17 13:07:48,645 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-560f926e) (logid:62a5cb2f) ===START=== 10.1.0.1 – GET > command=quotaIsEnabled&response=json&_=1516194514343 > 2018-01-17 13:07:48,653 DEBUG [c.c.a.ApiServer] > (qtp1310540333-19:ctx-560f926e ctx-c9a2914a) (logid:62a5cb2f) CIDRs from > which account 'Acct[3daa963c
[jira] [Commented] (CLOUDSTACK-10236) Unable to login to ACS after upgrading 4.5 -> 4.11
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16337307#comment-16337307 ] ASF GitHub Bot commented on CLOUDSTACK-10236: - rhtyd commented on issue #2426: CLOUDSTACK-10236: Enable dynamic roles for missing props file URL: https://github.com/apache/cloudstack/pull/2426#issuecomment-360082799 We've enough code review and test results. I'll wait for @borisstoyanov 's test results, then we may merge. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Unable to login to ACS after upgrading 4.5 -> 4.11 > --- > > Key: CLOUDSTACK-10236 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10236 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.11.0.0 >Reporter: Boris Stoyanov >Assignee: Rohit Yadav >Priority: Blocker > Fix For: 4.11.0.0 > > > I've upgraded my CentOS6 env from 4.5 to 4.11 and ended up not being able to > login. I'm getting 'Session expired' message right after I enter my admin > username and password. Here's the management log output: > > {code:java} > 2018-01-17 13:07:47,383 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Attempting to log in user: > admin in domain 1 > 2018-01-17 13:07:47,389 DEBUG [o.a.c.s.a.PBKDF2UserAuthenticator] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Retrieving user: admin > 2018-01-17 13:07:48,248 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) CIDRs from which account > 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed to perform API > calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,249 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) User: admin in domain 1 has > successfully logged in > 2018-01-17 13:07:48,260 INFO [c.c.a.ApiServer] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Current user logged in under > UTC timezone > 2018-01-17 13:07:48,260 INFO [c.c.a.ApiServer] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Timezone offset from UTC is: > 0.0 > 2018-01-17 13:07:48,267 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) ===END=== 10.1.0.1 – POST > 2018-01-17 13:07:48,340 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-390d3282) (logid:b98a9144) ===START=== 10.1.0.1 – GET > command=listCapabilities&response=json&_=1516194514030 > 2018-01-17 13:07:48,349 DEBUG [c.c.a.ApiServer] > (qtp1310540333-16:ctx-390d3282 ctx-0509900f) (logid:b98a9144) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,372 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-390d3282 ctx-0509900f) (logid:b98a9144) ===END=== > 10.1.0.1 – GET command=listCapabilities&response=json&_=1516194514030 > 2018-01-17 13:07:48,439 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-495f6fd0) (logid:67992211) ===START=== 10.1.0.1 – GET > command=listZones&response=json&_=1516194514137 > 2018-01-17 13:07:48,449 DEBUG [c.c.a.ApiServer] > (qtp1310540333-19:ctx-495f6fd0 ctx-606dcc84) (logid:67992211) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,474 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-495f6fd0 ctx-606dcc84) (logid:67992211) ===END=== > 10.1.0.1 – GET command=listZones&response=json&_=1516194514137 > 2018-01-17 13:07:48,549 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-f2bcf13f) (logid:f73a6f0c) ===START=== 10.1.0.1 – GET > command=cloudianIsEnabled&response=json&_=1516194514249 > 2018-01-17 13:07:48,556 DEBUG [c.c.a.ApiServer] > (qtp1310540333-16:ctx-f2bcf13f ctx-3e6a3a41) (logid:f73a6f0c) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,579 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-f2bcf13f ctx-3e6a3a41) (logid:f73a6f0c) ===END=== > 10.1.0.1 – GET command=cloudianIsEnabled&response=json&_=1516194514249 > 2018-01-17 13:07:48,645 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-560f926e) (logid:62a5cb2f) ===START=== 10.1.0.1 – GET > command=quotaIsEnabled&response=json&_=1516194514343 > 2018-01-17 13:07:48,653 DEBUG [c.c.a.ApiServer] > (qtp1310540333-19:ctx-560f926e ctx-c9a2914a) (logid:62a5
[jira] [Commented] (CLOUDSTACK-10236) Unable to login to ACS after upgrading 4.5 -> 4.11
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16337309#comment-16337309 ] ASF GitHub Bot commented on CLOUDSTACK-10236: - rhtyd commented on issue #2426: CLOUDSTACK-10236: Enable dynamic roles for missing props file URL: https://github.com/apache/cloudstack/pull/2426#issuecomment-360082799 We've enough code review and test results LGTM. I'll wait for @borisstoyanov 's test results, then we may merge. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Unable to login to ACS after upgrading 4.5 -> 4.11 > --- > > Key: CLOUDSTACK-10236 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10236 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.11.0.0 >Reporter: Boris Stoyanov >Assignee: Rohit Yadav >Priority: Blocker > Fix For: 4.11.0.0 > > > I've upgraded my CentOS6 env from 4.5 to 4.11 and ended up not being able to > login. I'm getting 'Session expired' message right after I enter my admin > username and password. Here's the management log output: > > {code:java} > 2018-01-17 13:07:47,383 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Attempting to log in user: > admin in domain 1 > 2018-01-17 13:07:47,389 DEBUG [o.a.c.s.a.PBKDF2UserAuthenticator] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Retrieving user: admin > 2018-01-17 13:07:48,248 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) CIDRs from which account > 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed to perform API > calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,249 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) User: admin in domain 1 has > successfully logged in > 2018-01-17 13:07:48,260 INFO [c.c.a.ApiServer] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Current user logged in under > UTC timezone > 2018-01-17 13:07:48,260 INFO [c.c.a.ApiServer] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Timezone offset from UTC is: > 0.0 > 2018-01-17 13:07:48,267 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) ===END=== 10.1.0.1 – POST > 2018-01-17 13:07:48,340 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-390d3282) (logid:b98a9144) ===START=== 10.1.0.1 – GET > command=listCapabilities&response=json&_=1516194514030 > 2018-01-17 13:07:48,349 DEBUG [c.c.a.ApiServer] > (qtp1310540333-16:ctx-390d3282 ctx-0509900f) (logid:b98a9144) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,372 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-390d3282 ctx-0509900f) (logid:b98a9144) ===END=== > 10.1.0.1 – GET command=listCapabilities&response=json&_=1516194514030 > 2018-01-17 13:07:48,439 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-495f6fd0) (logid:67992211) ===START=== 10.1.0.1 – GET > command=listZones&response=json&_=1516194514137 > 2018-01-17 13:07:48,449 DEBUG [c.c.a.ApiServer] > (qtp1310540333-19:ctx-495f6fd0 ctx-606dcc84) (logid:67992211) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,474 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-495f6fd0 ctx-606dcc84) (logid:67992211) ===END=== > 10.1.0.1 – GET command=listZones&response=json&_=1516194514137 > 2018-01-17 13:07:48,549 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-f2bcf13f) (logid:f73a6f0c) ===START=== 10.1.0.1 – GET > command=cloudianIsEnabled&response=json&_=1516194514249 > 2018-01-17 13:07:48,556 DEBUG [c.c.a.ApiServer] > (qtp1310540333-16:ctx-f2bcf13f ctx-3e6a3a41) (logid:f73a6f0c) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,579 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-f2bcf13f ctx-3e6a3a41) (logid:f73a6f0c) ===END=== > 10.1.0.1 – GET command=cloudianIsEnabled&response=json&_=1516194514249 > 2018-01-17 13:07:48,645 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-560f926e) (logid:62a5cb2f) ===START=== 10.1.0.1 – GET > command=quotaIsEnabled&response=json&_=1516194514343 > 2018-01-17 13:07:48,653 DEBUG [c.c.a.ApiServer] > (qtp1310540333-19:ctx-560f926e ctx-c9a2914a) (logid
[jira] [Commented] (CLOUDSTACK-10236) Unable to login to ACS after upgrading 4.5 -> 4.11
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16337152#comment-16337152 ] ASF GitHub Bot commented on CLOUDSTACK-10236: - borisstoyanov commented on issue #2426: CLOUDSTACK-10236: Enable dynamic roles for missing props file URL: https://github.com/apache/cloudstack/pull/2426#issuecomment-360060946 Yes, I'm on it @rhtyd This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Unable to login to ACS after upgrading 4.5 -> 4.11 > --- > > Key: CLOUDSTACK-10236 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10236 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.11.0.0 >Reporter: Boris Stoyanov >Assignee: Rohit Yadav >Priority: Blocker > Fix For: 4.11.0.0 > > > I've upgraded my CentOS6 env from 4.5 to 4.11 and ended up not being able to > login. I'm getting 'Session expired' message right after I enter my admin > username and password. Here's the management log output: > > {code:java} > 2018-01-17 13:07:47,383 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Attempting to log in user: > admin in domain 1 > 2018-01-17 13:07:47,389 DEBUG [o.a.c.s.a.PBKDF2UserAuthenticator] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Retrieving user: admin > 2018-01-17 13:07:48,248 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) CIDRs from which account > 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed to perform API > calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,249 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) User: admin in domain 1 has > successfully logged in > 2018-01-17 13:07:48,260 INFO [c.c.a.ApiServer] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Current user logged in under > UTC timezone > 2018-01-17 13:07:48,260 INFO [c.c.a.ApiServer] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Timezone offset from UTC is: > 0.0 > 2018-01-17 13:07:48,267 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) ===END=== 10.1.0.1 – POST > 2018-01-17 13:07:48,340 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-390d3282) (logid:b98a9144) ===START=== 10.1.0.1 – GET > command=listCapabilities&response=json&_=1516194514030 > 2018-01-17 13:07:48,349 DEBUG [c.c.a.ApiServer] > (qtp1310540333-16:ctx-390d3282 ctx-0509900f) (logid:b98a9144) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,372 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-390d3282 ctx-0509900f) (logid:b98a9144) ===END=== > 10.1.0.1 – GET command=listCapabilities&response=json&_=1516194514030 > 2018-01-17 13:07:48,439 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-495f6fd0) (logid:67992211) ===START=== 10.1.0.1 – GET > command=listZones&response=json&_=1516194514137 > 2018-01-17 13:07:48,449 DEBUG [c.c.a.ApiServer] > (qtp1310540333-19:ctx-495f6fd0 ctx-606dcc84) (logid:67992211) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,474 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-495f6fd0 ctx-606dcc84) (logid:67992211) ===END=== > 10.1.0.1 – GET command=listZones&response=json&_=1516194514137 > 2018-01-17 13:07:48,549 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-f2bcf13f) (logid:f73a6f0c) ===START=== 10.1.0.1 – GET > command=cloudianIsEnabled&response=json&_=1516194514249 > 2018-01-17 13:07:48,556 DEBUG [c.c.a.ApiServer] > (qtp1310540333-16:ctx-f2bcf13f ctx-3e6a3a41) (logid:f73a6f0c) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,579 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-f2bcf13f ctx-3e6a3a41) (logid:f73a6f0c) ===END=== > 10.1.0.1 – GET command=cloudianIsEnabled&response=json&_=1516194514249 > 2018-01-17 13:07:48,645 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-560f926e) (logid:62a5cb2f) ===START=== 10.1.0.1 – GET > command=quotaIsEnabled&response=json&_=1516194514343 > 2018-01-17 13:07:48,653 DEBUG [c.c.a.ApiServer] > (qtp1310540333-19:ctx-560f926e ctx-c9a2914a) (logid:62a5cb2f) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa80107
[jira] [Commented] (CLOUDSTACK-10236) Unable to login to ACS after upgrading 4.5 -> 4.11
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16337148#comment-16337148 ] ASF GitHub Bot commented on CLOUDSTACK-10236: - rhtyd commented on issue #2426: CLOUDSTACK-10236: Enable dynamic roles for missing props file URL: https://github.com/apache/cloudstack/pull/2426#issuecomment-360060400 @borisstoyanov can you help with upgrade related testing? This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Unable to login to ACS after upgrading 4.5 -> 4.11 > --- > > Key: CLOUDSTACK-10236 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10236 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.11.0.0 >Reporter: Boris Stoyanov >Assignee: Rohit Yadav >Priority: Blocker > Fix For: 4.11.0.0 > > > I've upgraded my CentOS6 env from 4.5 to 4.11 and ended up not being able to > login. I'm getting 'Session expired' message right after I enter my admin > username and password. Here's the management log output: > > {code:java} > 2018-01-17 13:07:47,383 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Attempting to log in user: > admin in domain 1 > 2018-01-17 13:07:47,389 DEBUG [o.a.c.s.a.PBKDF2UserAuthenticator] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Retrieving user: admin > 2018-01-17 13:07:48,248 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) CIDRs from which account > 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed to perform API > calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,249 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) User: admin in domain 1 has > successfully logged in > 2018-01-17 13:07:48,260 INFO [c.c.a.ApiServer] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Current user logged in under > UTC timezone > 2018-01-17 13:07:48,260 INFO [c.c.a.ApiServer] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Timezone offset from UTC is: > 0.0 > 2018-01-17 13:07:48,267 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) ===END=== 10.1.0.1 – POST > 2018-01-17 13:07:48,340 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-390d3282) (logid:b98a9144) ===START=== 10.1.0.1 – GET > command=listCapabilities&response=json&_=1516194514030 > 2018-01-17 13:07:48,349 DEBUG [c.c.a.ApiServer] > (qtp1310540333-16:ctx-390d3282 ctx-0509900f) (logid:b98a9144) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,372 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-390d3282 ctx-0509900f) (logid:b98a9144) ===END=== > 10.1.0.1 – GET command=listCapabilities&response=json&_=1516194514030 > 2018-01-17 13:07:48,439 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-495f6fd0) (logid:67992211) ===START=== 10.1.0.1 – GET > command=listZones&response=json&_=1516194514137 > 2018-01-17 13:07:48,449 DEBUG [c.c.a.ApiServer] > (qtp1310540333-19:ctx-495f6fd0 ctx-606dcc84) (logid:67992211) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,474 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-495f6fd0 ctx-606dcc84) (logid:67992211) ===END=== > 10.1.0.1 – GET command=listZones&response=json&_=1516194514137 > 2018-01-17 13:07:48,549 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-f2bcf13f) (logid:f73a6f0c) ===START=== 10.1.0.1 – GET > command=cloudianIsEnabled&response=json&_=1516194514249 > 2018-01-17 13:07:48,556 DEBUG [c.c.a.ApiServer] > (qtp1310540333-16:ctx-f2bcf13f ctx-3e6a3a41) (logid:f73a6f0c) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,579 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-f2bcf13f ctx-3e6a3a41) (logid:f73a6f0c) ===END=== > 10.1.0.1 – GET command=cloudianIsEnabled&response=json&_=1516194514249 > 2018-01-17 13:07:48,645 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-560f926e) (logid:62a5cb2f) ===START=== 10.1.0.1 – GET > command=quotaIsEnabled&response=json&_=1516194514343 > 2018-01-17 13:07:48,653 DEBUG [c.c.a.ApiServer] > (qtp1310540333-19:ctx-560f926e ctx-c9a2914a) (logid:62a5cb2f) CIDRs from > which account 'Acct[3daa963c-fb
[jira] [Commented] (CLOUDSTACK-10236) Unable to login to ACS after upgrading 4.5 -> 4.11
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16337092#comment-16337092 ] ASF GitHub Bot commented on CLOUDSTACK-10236: - blueorangutan commented on issue #2426: CLOUDSTACK-10236: Enable dynamic roles for missing props file URL: https://github.com/apache/cloudstack/pull/2426#issuecomment-360049690 Trillian test result (tid-2185) Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7 Total time taken: 39834 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr2426-t2185-kvm-centos7.zip Intermitten failure detected: /marvin/tests/smoke/test_deploy_virtio_scsi_vm.py Intermitten failure detected: /marvin/tests/smoke/test_public_ip_range.py Intermitten failure detected: /marvin/tests/smoke/test_templates.py Intermitten failure detected: /marvin/tests/smoke/test_usage.py Intermitten failure detected: /marvin/tests/smoke/test_volumes.py Intermitten failure detected: /marvin/tests/smoke/test_vpc_redundant.py Smoke tests completed. 63 look OK, 4 have error(s) Only failed tests results shown below: Test | Result | Time (s) | Test File --- | --- | --- | --- test_04_extract_template | `Failure` | 128.36 | test_templates.py ContextSuite context=TestISOUsage>:setup | `Error` | 0.00 | test_usage.py test_06_download_detached_volume | `Failure` | 138.70 | test_volumes.py test_04_rvpc_network_garbage_collector_nics | `Failure` | 291.01 | test_vpc_redundant.py This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Unable to login to ACS after upgrading 4.5 -> 4.11 > --- > > Key: CLOUDSTACK-10236 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10236 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.11.0.0 >Reporter: Boris Stoyanov >Assignee: Rohit Yadav >Priority: Blocker > Fix For: 4.11.0.0 > > > I've upgraded my CentOS6 env from 4.5 to 4.11 and ended up not being able to > login. I'm getting 'Session expired' message right after I enter my admin > username and password. Here's the management log output: > > {code:java} > 2018-01-17 13:07:47,383 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Attempting to log in user: > admin in domain 1 > 2018-01-17 13:07:47,389 DEBUG [o.a.c.s.a.PBKDF2UserAuthenticator] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Retrieving user: admin > 2018-01-17 13:07:48,248 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) CIDRs from which account > 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed to perform API > calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,249 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) User: admin in domain 1 has > successfully logged in > 2018-01-17 13:07:48,260 INFO [c.c.a.ApiServer] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Current user logged in under > UTC timezone > 2018-01-17 13:07:48,260 INFO [c.c.a.ApiServer] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Timezone offset from UTC is: > 0.0 > 2018-01-17 13:07:48,267 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) ===END=== 10.1.0.1 – POST > 2018-01-17 13:07:48,340 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-390d3282) (logid:b98a9144) ===START=== 10.1.0.1 – GET > command=listCapabilities&response=json&_=1516194514030 > 2018-01-17 13:07:48,349 DEBUG [c.c.a.ApiServer] > (qtp1310540333-16:ctx-390d3282 ctx-0509900f) (logid:b98a9144) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,372 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-390d3282 ctx-0509900f) (logid:b98a9144) ===END=== > 10.1.0.1 – GET command=listCapabilities&response=json&_=1516194514030 > 2018-01-17 13:07:48,439 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-495f6fd0) (logid:67992211) ===START=== 10.1.0.1 – GET > command=listZones&response=json&_=1516194514137 > 2018-01-17 13:07:48,449 DEBUG [c.c.a.ApiServer] > (qtp1310540333-19:ctx-495f6fd0 ctx-606dcc84) (logid:67992211) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,474 DEBUG [c.c.a
[jira] [Commented] (CLOUDSTACK-10236) Unable to login to ACS after upgrading 4.5 -> 4.11
[ https://issues.apache.org/jira/browse/CLOUDSTACK-10236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16336324#comment-16336324 ] Rohit Yadav commented on CLOUDSTACK-10236: -- Resolution discussed - https://issues.apache.org/jira/browse/CLOUDSTACK-10249 > Unable to login to ACS after upgrading 4.5 -> 4.11 > --- > > Key: CLOUDSTACK-10236 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10236 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.11.0.0 >Reporter: Boris Stoyanov >Assignee: Rohit Yadav >Priority: Blocker > Fix For: 4.11.0.0 > > > I've upgraded my CentOS6 env from 4.5 to 4.11 and ended up not being able to > login. I'm getting 'Session expired' message right after I enter my admin > username and password. Here's the management log output: > > {code:java} > 2018-01-17 13:07:47,383 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Attempting to log in user: > admin in domain 1 > 2018-01-17 13:07:47,389 DEBUG [o.a.c.s.a.PBKDF2UserAuthenticator] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Retrieving user: admin > 2018-01-17 13:07:48,248 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) CIDRs from which account > 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed to perform API > calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,249 DEBUG [c.c.u.AccountManagerImpl] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) User: admin in domain 1 has > successfully logged in > 2018-01-17 13:07:48,260 INFO [c.c.a.ApiServer] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Current user logged in under > UTC timezone > 2018-01-17 13:07:48,260 INFO [c.c.a.ApiServer] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) Timezone offset from UTC is: > 0.0 > 2018-01-17 13:07:48,267 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-404c4037) (logid:2d1dd5ba) ===END=== 10.1.0.1 – POST > 2018-01-17 13:07:48,340 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-390d3282) (logid:b98a9144) ===START=== 10.1.0.1 – GET > command=listCapabilities&response=json&_=1516194514030 > 2018-01-17 13:07:48,349 DEBUG [c.c.a.ApiServer] > (qtp1310540333-16:ctx-390d3282 ctx-0509900f) (logid:b98a9144) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,372 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-390d3282 ctx-0509900f) (logid:b98a9144) ===END=== > 10.1.0.1 – GET command=listCapabilities&response=json&_=1516194514030 > 2018-01-17 13:07:48,439 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-495f6fd0) (logid:67992211) ===START=== 10.1.0.1 – GET > command=listZones&response=json&_=1516194514137 > 2018-01-17 13:07:48,449 DEBUG [c.c.a.ApiServer] > (qtp1310540333-19:ctx-495f6fd0 ctx-606dcc84) (logid:67992211) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,474 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-495f6fd0 ctx-606dcc84) (logid:67992211) ===END=== > 10.1.0.1 – GET command=listZones&response=json&_=1516194514137 > 2018-01-17 13:07:48,549 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-f2bcf13f) (logid:f73a6f0c) ===START=== 10.1.0.1 – GET > command=cloudianIsEnabled&response=json&_=1516194514249 > 2018-01-17 13:07:48,556 DEBUG [c.c.a.ApiServer] > (qtp1310540333-16:ctx-f2bcf13f ctx-3e6a3a41) (logid:f73a6f0c) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,579 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-16:ctx-f2bcf13f ctx-3e6a3a41) (logid:f73a6f0c) ===END=== > 10.1.0.1 – GET command=cloudianIsEnabled&response=json&_=1516194514249 > 2018-01-17 13:07:48,645 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-560f926e) (logid:62a5cb2f) ===START=== 10.1.0.1 – GET > command=quotaIsEnabled&response=json&_=1516194514343 > 2018-01-17 13:07:48,653 DEBUG [c.c.a.ApiServer] > (qtp1310540333-19:ctx-560f926e ctx-c9a2914a) (logid:62a5cb2f) CIDRs from > which account 'Acct[3daa963c-fb6a-11e7-ae7e-06efa8010701-admin]' is allowed > to perform API calls: 0.0.0.0/0,::/0 > 2018-01-17 13:07:48,658 DEBUG [c.c.a.ApiServer] > (qtp1310540333-19:ctx-560f926e ctx-c9a2914a) (logid:62a5cb2f) The given > command 'quotaIsEnabled' either does not exist, is not available for user, or > not available from ip address '/10.1.0.1'. > 2018-01-17 13:07:48,660 DEBUG [c.c.a.ApiServlet] > (qtp1310540333-19:ctx-560f926e ctx-c9a2914a) (logid:62a5cb2f) ===END=== > 10.1.0.1 – GET