Re: [ovirt-users] roles for foreman integration user
I will check, but I now also have the problem in reverse. The compute resource in foreman 1.6 will only work with admin@internal. Gave the external user the superuser role to test but still permission denied. I also cannot login to the api with this user manually, do I have to configure external authentication for api access somewhere else? Thanks for all the help! Jorick On 01/22/2015 01:58 PM, Oved Ourfali wrote: Have a look at the prerequisites section in http://www.ovirt.org/Features/ForemanIntegration#Bare-Metal_Provisioning It specifies what you must be able to do in Foreman for the integration to work. (currently we require proper permissions to view relevant bare-metal hosts, host groups, compute resources and execute provision request - which is a request to add a host). It is not the complete set of specific roles in Foreman, but it can help do the mapping. CC-ing also Ohad from the Foreman team, which can help if the information in the wiki isn't enough. Thanks, Oved - Original Message - From: Jorick Astrego j.astr...@netbulae.eu To: users@ovirt.org Sent: Thursday, January 22, 2015 2:48:34 PM Subject: [ovirt-users] roles for foreman integration user Hi, Quick question, which foreman roles does the foreman integration user require in the foreman. I've tried a couple of permission settings but can only get the test to work when the use has role admin. Met vriendelijke groet, With kind regards, Jorick Astrego Netbulae Virtualization Experts Tel: 053 20 30 270 i...@netbulae.euStaalsteden 4-3AKvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users Met vriendelijke groet, With kind regards, Jorick Astrego Netbulae Virtualization Experts Tel: 053 20 30 270 i...@netbulae.euStaalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] roles for foreman integration user
You need to share the logs on both ends (ovirt+foreman) for us to understand it. Thanks, Oved - Original Message - From: Jorick Astrego j.astr...@netbulae.eu To: Oved Ourfali ov...@redhat.com Cc: users@ovirt.org Sent: Thursday, January 22, 2015 3:25:51 PM Subject: Re: [ovirt-users] roles for foreman integration user I will check, but I now also have the problem in reverse. The compute resource in foreman 1.6 will only work with admin@internal. Gave the external user the superuser role to test but still permission denied. I also cannot login to the api with this user manually, do I have to configure external authentication for api access somewhere else? Thanks for all the help! Jorick On 01/22/2015 01:58 PM, Oved Ourfali wrote: Have a look at the prerequisites section in http://www.ovirt.org/Features/ForemanIntegration#Bare-Metal_Provisioning It specifies what you must be able to do in Foreman for the integration to work. (currently we require proper permissions to view relevant bare-metal hosts, host groups, compute resources and execute provision request - which is a request to add a host). It is not the complete set of specific roles in Foreman, but it can help do the mapping. CC-ing also Ohad from the Foreman team, which can help if the information in the wiki isn't enough. Thanks, Oved - Original Message - From: Jorick Astrego j.astrego@ netbulae.eu To: users@ ovirt.org Sent: Thursday, January 22, 2015 2:48:34 PM Subject: [ovirt-users] roles for foreman integration user Hi, Quick question, which foreman roles does the foreman integration user require in the foreman. I've tried a couple of permission settings but can only get the test to work when the use has role admin. Met vriendelijke groet, With kind regards, Jorick Astrego Netbulae Virtualization Experts Tel: 053 20 30 270 info@ netbulae.eu Staalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01 ___ Users mailing list Users@ ovirt.org http://lists.ovirt.org/mailman/listinfo/users Met vriendelijke groet, With kind regards, Jorick Astrego Netbulae Virtualization Experts Tel: 053 20 30 270i...@netbulae.euStaalsteden 4-3AKvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] roles for foreman integration user
Ah sorry, could have checked myself. Trying to get 3.5.1 running for DEV
in a hurry ;-)
Processing by ComputeResourcesController#test_connection as */*
Parameters: {utf8=✓,
authenticity_token=D/PZVxVpow1glpUBkxcD90WsMJjAxilbdWgXClgf7C8=,
compute_resource={name=engineen,
provider=Ovirt, description=,
url=https://ovirt-engine.netbulae.test/api;,
user=test-ad...@netbulae.test, password=[FILTERED],
location_ids=[, 2], organization_ids=[, 1]},
cr_id=null}
CR_ID IS null
String does not start with the prefix 'encrypted-', so
Foreman::Model::Ovirt engineen was not decrypted
String does not start with the prefix 'encrypted-', so
Foreman::Model::Ovirt engineen was not decrypted
String does not start with the prefix 'encrypted-', so
Foreman::Model::Ovirt engineen was not decrypted
String does not start with the prefix 'encrypted-', so
Foreman::Model::Ovirt engineen was not decrypted
String does not start with the prefix 'encrypted-', so
Foreman::Model::Ovirt engineen was not decrypted
String does not start with the prefix 'encrypted-', so
Foreman::Model::Ovirt engineen was not decrypted
And the other side:
2015-01-22 13:59:20,034 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(org.ovirt.thread.pool-8-thread-8) [1414b745] Correlation ID:
1414b745, Call Stack: null, Custom Event ID: -1, Message: User/Group
test- was granted permission for Role DataCenterAdmin on System by
2015-01-22 14:00:21,674 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-1) User test-admin authentication failed.
profile is netbulae.mgmt. Invocation Result code is 0. Authn result
code is CREDENTIALS_EXPIRED
2015-01-22 14:00:21,763 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-6) User test-admin authentication failed.
profile is netbulae.mgmt. Invocation Result code is 0. Authn result
code is CREDENTIALS_EXPIRED
2015-01-22 14:00:21,849 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-5) User test-admin authentication failed.
profile is netbulae.mgmt. Invocation Result code is 0. Authn result
code is CREDENTIALS_EXPIRED
2015-01-22 14:09:39,982 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-1) User test-admin authentication failed.
profile is netbulae.mgmt. Invocation Result code is 0. Authn result
code is CREDENTIALS_EXPIRED
2015-01-22 14:09:40,071 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-8) User test-adminauthentication failed.
profile is netbulae.mgmt. Invocation Result code is 0. Authn result
code is CREDENTIALS_EXPIRED
2015-01-22 14:09:40,203 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-2) User test-admin authentication failed.
profile is netbulae.mgmt. Invocation Result code is 0. Authn result
code is CREDENTIALS_EXPIRED
Cheers, Jorick
On 01/22/2015 02:29 PM, Oved Ourfali wrote:
You need to share the logs on both ends (ovirt+foreman) for us to understand
it.
Thanks,
Oved
- Original Message -
From: Jorick Astrego j.astr...@netbulae.eu
To: Oved Ourfali ov...@redhat.com
Cc: users@ovirt.org
Sent: Thursday, January 22, 2015 3:25:51 PM
Subject: Re: [ovirt-users] roles for foreman integration user
I will check, but I now also have the problem in reverse. The compute
resource in foreman 1.6 will only work with admin@internal. Gave the
external user the superuser role to test but still permission denied.
I also cannot login to the api with this user manually, do I have to
configure external authentication for api access somewhere else?
Thanks for all the help!
Jorick
On 01/22/2015 01:58 PM, Oved Ourfali wrote:
Have a look at the prerequisites section in
http://www.ovirt.org/Features/ForemanIntegration#Bare-Metal_Provisioning
It specifies what you must be able to do in Foreman for the integration to
work.
(currently we require proper permissions to view relevant bare-metal hosts,
host groups, compute resources and execute provision request - which is a
request to add a host).
It is not the complete set of specific roles in Foreman, but it can help do
the mapping.
CC-ing also Ohad from the Foreman team, which can help if the information
in the wiki isn't enough.
Thanks,
Oved
- Original Message -
From: Jorick Astrego j.astrego@ netbulae.eu
To: users@ ovirt.org
Sent: Thursday, January 22, 2015 2:48:34 PM
Subject: [ovirt-users] roles for foreman integration user
Hi,
Quick question, which foreman roles does the foreman integration user
require in the foreman.
I've tried a couple of permission settings but can only get the test to
work when the use has role admin.
Met
[ovirt-users] roles for foreman integration user
Hi, Quick question, which foreman roles does the foreman integration user require in the foreman. I've tried a couple of permission settings but can only get the test to work when the use has role admin. Met vriendelijke groet, With kind regards, Jorick Astrego Netbulae Virtualization Experts Tel: 053 20 30 270 i...@netbulae.euStaalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] roles for foreman integration user
are you able to login with these credentials to oVirt directly?
- Original Message -
From: Jorick Astrego j.astr...@netbulae.eu
To: Oved Ourfali ov...@redhat.com
Cc: Ohad Levy ohadl...@redhat.com, users@ovirt.org
Sent: Thursday, January 22, 2015 3:48:45 PM
Subject: Re: [ovirt-users] roles for foreman integration user
Ah sorry, could have checked myself. Trying to get 3.5.1 running for DEV in a
hurry ;-)
Processing by ComputeResourcesController#test_connection as */*
Parameters: {utf8=✓,
authenticity_token=D/PZVxVpow1glpUBkxcD90WsMJjAxilbdWgXClgf7C8=,
compute_resource={name=engineen, provider=Ovirt,
description=, url= https://ovirt-engine.netbulae.test/api; ,
user= test-ad...@netbulae.test , password=[FILTERED],
location_ids=[, 2], organization_ids=[, 1]}, cr_id=null}
CR_ID IS null
String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
engineen was not decrypted
String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
engineen was not decrypted
String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
engineen was not decrypted
String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
engineen was not decrypted
String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
engineen was not decrypted
String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
engineen was not decrypted
And the other side:
2015-01-22 13:59:20,034 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(org.ovirt.thread.pool-8-thread-8) [1414b745] Correlation ID: 1414b745, Call
Stack: null, Custom Event ID: -1, Message: User/Group test- was granted
permission for Role DataCenterAdmin on System by
2015-01-22 14:00:21,674 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-1) User test-admin authentication failed. profile is
netbulae.mgmt. Invocation Result code is 0. Authn result code is
CREDENTIALS_EXPIRED
2015-01-22 14:00:21,763 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-6) User test-admin authentication failed. profile is
netbulae.mgmt. Invocation Result code is 0. Authn result code is
CREDENTIALS_EXPIRED
2015-01-22 14:00:21,849 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-5) User test-admin authentication failed. profile is
netbulae.mgmt. Invocation Result code is 0. Authn result code is
CREDENTIALS_EXPIRED
2015-01-22 14:09:39,982 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-1) User test-admin authentication failed. profile is
netbulae.mgmt. Invocation Result code is 0. Authn result code is
CREDENTIALS_EXPIRED
2015-01-22 14:09:40,071 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-8) User test-adminauthentication failed. profile is
netbulae.mgmt. Invocation Result code is 0. Authn result code is
CREDENTIALS_EXPIRED
2015-01-22 14:09:40,203 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-2) User test-admin authentication failed. profile is
netbulae.mgmt. Invocation Result code is 0. Authn result code is
CREDENTIALS_EXPIRED
Cheers, Jorick
On 01/22/2015 02:29 PM, Oved Ourfali wrote:
You need to share the logs on both ends (ovirt+foreman) for us to understand
it.
Thanks,
Oved
- Original Message -
From: Jorick Astrego j.astr...@netbulae.eu To: Oved Ourfali
ov...@redhat.com Cc: users@ovirt.org Sent: Thursday, January 22, 2015
3:25:51 PM
Subject: Re: [ovirt-users] roles for foreman integration user
I will check, but I now also have the problem in reverse. The compute
resource in foreman 1.6 will only work with admin@internal. Gave the
external user the superuser role to test but still permission denied.
I also cannot login to the api with this user manually, do I have to
configure external authentication for api access somewhere else?
Thanks for all the help!
Jorick
On 01/22/2015 01:58 PM, Oved Ourfali wrote:
Have a look at the prerequisites section in
http://www.ovirt.org/Features/ForemanIntegration#Bare-Metal_Provisioning It
specifies what you must be able to do in Foreman for the integration to
work.
(currently we require proper permissions to view relevant bare-metal hosts,
host groups, compute resources and execute provision request - which is a
request to add a host).
It is not the complete set of specific roles in Foreman, but it can help do
the mapping.
CC-ing also Ohad from the Foreman team, which can help if the information
in the wiki isn't enough.
Thanks,
Oved
- Original Message -
From: Jorick Astrego j.astrego@ netbulae.eu
To: users@ ovirt.org
Sent: Thursday, January 22, 2015 2:48:34 PM
Subject: [ovirt-users] roles for foreman integration user
Hi
Re: [ovirt-users] roles for foreman integration user
Nope, I just reset the password twice in FreeIPA. Once with a random
password and next with a very simple password
2015-01-22 15:31:09,344 INFO
[org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
(ajp--127.0.0.1-8702-5) Cant login user test-admin with
authentication profile netbulae.test because the authentication
failed.
2015-01-22 15:31:09,366 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-5) Correlation ID: null, Call Stack: null,
Custom Event ID: -1, Message: User test-ad...@netbulae.test failed
to log in.
2015-01-22 15:31:09,367 WARN
[org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand]
(ajp--127.0.0.1-8702-5) CanDoAction of action LoginAdminUser failed
for user test-ad...@netbulae.test. Reasons: USER_PASSWORD_EXPIRED
On the ipa side, I don't see any authentication attempts in de logs.
ldapsearch with the same account and password on the ipa works fine.
On 01/22/2015 02:55 PM, Oved Ourfali wrote:
are you able to login with these credentials to oVirt directly?
- Original Message -
From: Jorick Astrego j.astr...@netbulae.eu
To: Oved Ourfali ov...@redhat.com
Cc: Ohad Levy ohadl...@redhat.com, users@ovirt.org
Sent: Thursday, January 22, 2015 3:48:45 PM
Subject: Re: [ovirt-users] roles for foreman integration user
Ah sorry, could have checked myself. Trying to get 3.5.1 running for DEV in a
hurry ;-)
Processing by ComputeResourcesController#test_connection as */*
Parameters: {utf8=✓,
authenticity_token=D/PZVxVpow1glpUBkxcD90WsMJjAxilbdWgXClgf7C8=,
compute_resource={name=engineen, provider=Ovirt,
description=, url= https://ovirt-engine.netbulae.test/api; ,
user= test-ad...@netbulae.test , password=[FILTERED],
location_ids=[, 2], organization_ids=[, 1]}, cr_id=null}
CR_ID IS null
String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
engineen was not decrypted
String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
engineen was not decrypted
String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
engineen was not decrypted
String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
engineen was not decrypted
String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
engineen was not decrypted
String does not start with the prefix 'encrypted-', so Foreman::Model::Ovirt
engineen was not decrypted
And the other side:
2015-01-22 13:59:20,034 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(org.ovirt.thread.pool-8-thread-8) [1414b745] Correlation ID: 1414b745, Call
Stack: null, Custom Event ID: -1, Message: User/Group test- was granted
permission for Role DataCenterAdmin on System by
2015-01-22 14:00:21,674 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-1) User test-admin authentication failed. profile is
netbulae.mgmt. Invocation Result code is 0. Authn result code is
CREDENTIALS_EXPIRED
2015-01-22 14:00:21,763 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-6) User test-admin authentication failed. profile is
netbulae.mgmt. Invocation Result code is 0. Authn result code is
CREDENTIALS_EXPIRED
2015-01-22 14:00:21,849 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-5) User test-admin authentication failed. profile is
netbulae.mgmt. Invocation Result code is 0. Authn result code is
CREDENTIALS_EXPIRED
2015-01-22 14:09:39,982 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-1) User test-admin authentication failed. profile is
netbulae.mgmt. Invocation Result code is 0. Authn result code is
CREDENTIALS_EXPIRED
2015-01-22 14:09:40,071 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-8) User test-adminauthentication failed. profile is
netbulae.mgmt. Invocation Result code is 0. Authn result code is
CREDENTIALS_EXPIRED
2015-01-22 14:09:40,203 ERROR
[org.ovirt.engine.core.aaa.filters.BasicAuthenticationFilter]
(ajp--127.0.0.1-8702-2) User test-admin authentication failed. profile is
netbulae.mgmt. Invocation Result code is 0. Authn result code is
CREDENTIALS_EXPIRED
Cheers, Jorick
On 01/22/2015 02:29 PM, Oved Ourfali wrote:
You need to share the logs on both ends (ovirt+foreman) for us to understand
it.
Thanks,
Oved
- Original Message -
From: Jorick Astrego j.astr...@netbulae.eu To: Oved Ourfali
ov...@redhat.com Cc: users@ovirt.org Sent: Thursday, January 22, 2015
3:25:51 PM
Subject: Re: [ovirt-users] roles for foreman integration user
I will check, but I now also have the problem in reverse. The compute
resource in foreman 1.6 will only work with admin@internal. Gave the
external user the superuser role to test but still permission denied.
I also cannot login
