Re: [ovirt-users] admin account constantly gets locked
I created https://bugzilla.redhat.com/1568413 to track the issue.
On Thu, 12 Apr 2018 13:57:45 +0200
Martin Perina wrote:
> On Thu, Apr 12, 2018 at 1:04 PM, Martin Perina
> wrote:
>
> >
> >
> > On Thu, Apr 12, 2018 at 12:44 PM, Eitan Raviv
> > wrote:
> >> The recurring denied access for every SyncNetworkProvider might be
> >> because you changed the admin password on the engine but not on the
> >> provider.
> >>
> >> Dominik, will updating to the same password on the provider solve
> >> the denied access?
> >> Martin, does the engine lock out the admin user for failed retries?
> >>
> >
> > Of course, after 5 incorrect logins the account is locked. But I
> > looked at logs and I can't see any login errors, so currently
> > trying to reproduce to find out what's going on ...
> >
>
> OK, so confirmed. If you change password for admin@internal using
> aaa-jdbc-tool and you don't change immediately for OVN provider, then
> admin@interal account is locked.
>
> We should probably change logic in OVN provider to shutdown the OVN
> provider service if authentication failure to engine is raised. Using
> this we will break OVN provider, but
> it seems to me much less severe than locking admin@internal account.
> Dominik, what do you think?
>
>
>
> >
> >
> >
> >>
> >>
> >> HTH
> >>
> >>
> >> On Thu, Apr 12, 2018 at 12:29 PM, Käfer Marcel <
> >> marcel.kae...@putzbrunn.de> wrote:
> >>
> >>> Here are the logfiles…
> >>>
> >>>
> >>>
> >>> Thanks
> >>>
> >>>
> >>>
> >>> *Von:* Eitan Raviv [mailto:era...@redhat.com]
> >>> *Gesendet:* Donnerstag, 12. April 2018 11:12
> >>> *An:* Käfer Marcel
> >>> *Cc:* users@ovirt.org; Martin Perina
> >>> *Betreff:* Re: [ovirt-users] admin account constantly gets locked
> >>>
> >>>
> >>>
> >>> The sync network command is probably unrelated.
> >>>
> >>> Can you attach the full engine and the setup logs?
> >>>
> >>> Martin, this looks a bit like [1]. Any idea?
> >>>
> >>> Thanks
> >>>
> >>>
> >>>
> >>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1410955
> >>>
> >>>
> >>>
> >>> On Thu, Apr 12, 2018 at 10:22 AM, Käfer Marcel <
> >>> marcel.kae...@putzbrunn.de> wrote:
> >>>
> >>> Hello,
> >>>
> >>> a few days ago I installed an ovirt-engine 4.2.2.6 following the
> >>> steps of the documentation. After the installation I logged in to
> >>> the admin page, configured a datadomain and changed the admin
> >>> password. After a few hours I tried to login again, using the new
> >>> password and got "Unable to log in because the user account is
> >>> disabled or locked. Contact the system administrator." So I
> >>> unlocked the admin account from the shell using
> >>> "ovirt-aaa-jdbc-tool user unlock admin" which worked fine and I
> >>> was able to continue working till the next login.
> >>>
> >>> I traced the /var/log/ovirt-engine/engine.log and found this after
> >>> unlocking the admin account again.
> >>>
> >>> 2018-04-12 09:06:19,984+02 INFO [org.ovirt.engine.core.bll.pro
> >>> vider.network.SyncNetworkProviderCommand]
> >>> (EE-ManagedThreadFactory-engineScheduled-Thread-87) [2ed5aa42]
> >>> Lock Acquired to object
> >>> 'EngineLock:{exclusiveLocks='[
> >>> e37c0b9e-09bc-4893-9b0c-c70f56d6ecfc=PROVIDER]',
> >>> sharedLocks=''}' 2018-04-12 09:06:19,991+02 INFO
> >>> [org.ovirt.engine.core.bll.pro
> >>> vider.network.SyncNetworkProviderCommand]
> >>> (EE-ManagedThreadFactory-engineScheduled-Thread-87) [2ed5aa42]
> >>> Running command: SyncNetworkProviderCommand internal: true.
> >>> 2018-04-12 09:06:20,102+02 INFO
> >>> [org.ovirt.engine.extension.aaa.jdbc.core.Authentication]
> >>> (default task-239) [] locking user: admin due to interval
> >>> failures 2018-04-12 09:06:25,046+02 ERROR
> >>> [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-239) []
> >>> OAuthException access_denied: Cannot authenticate user
> >>> 'admin@int
Re: [ovirt-users] admin account constantly gets locked
I created https://bugzilla.redhat.com/1568413 to track the issue.
On Thu, 12 Apr 2018 13:57:45 +0200
Martin Perina wrote:
> On Thu, Apr 12, 2018 at 1:04 PM, Martin Perina
> wrote:
>
> >
> >
> > On Thu, Apr 12, 2018 at 12:44 PM, Eitan Raviv
> > wrote:
> >> The recurring denied access for every SyncNetworkProvider might be
> >> because you changed the admin password on the engine but not on the
> >> provider.
> >>
> >> Dominik, will updating to the same password on the provider solve
> >> the denied access?
> >> Martin, does the engine lock out the admin user for failed retries?
> >>
> >
> > Of course, after 5 incorrect logins the account is locked. But I
> > looked at logs and I can't see any login errors, so currently
> > trying to reproduce to find out what's going on ...
> >
>
> OK, so confirmed. If you change password for admin@internal using
> aaa-jdbc-tool and you don't change immediately for OVN provider, then
> admin@interal account is locked.
>
> We should probably change logic in OVN provider to shutdown the OVN
> provider service if authentication failure to engine is raised. Using
> this we will break OVN provider, but
> it seems to me much less severe than locking admin@internal account.
> Dominik, what do you think?
>
>
>
> >
> >
> >
> >>
> >>
> >> HTH
> >>
> >>
> >> On Thu, Apr 12, 2018 at 12:29 PM, Käfer Marcel <
> >> marcel.kae...@putzbrunn.de> wrote:
> >>
> >>> Here are the logfiles…
> >>>
> >>>
> >>>
> >>> Thanks
> >>>
> >>>
> >>>
> >>> *Von:* Eitan Raviv [mailto:era...@redhat.com]
> >>> *Gesendet:* Donnerstag, 12. April 2018 11:12
> >>> *An:* Käfer Marcel
> >>> *Cc:* users@ovirt.org; Martin Perina
> >>> *Betreff:* Re: [ovirt-users] admin account constantly gets locked
> >>>
> >>>
> >>>
> >>> The sync network command is probably unrelated.
> >>>
> >>> Can you attach the full engine and the setup logs?
> >>>
> >>> Martin, this looks a bit like [1]. Any idea?
> >>>
> >>> Thanks
> >>>
> >>>
> >>>
> >>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1410955
> >>>
> >>>
> >>>
> >>> On Thu, Apr 12, 2018 at 10:22 AM, Käfer Marcel <
> >>> marcel.kae...@putzbrunn.de> wrote:
> >>>
> >>> Hello,
> >>>
> >>> a few days ago I installed an ovirt-engine 4.2.2.6 following the
> >>> steps of the documentation. After the installation I logged in to
> >>> the admin page, configured a datadomain and changed the admin
> >>> password. After a few hours I tried to login again, using the new
> >>> password and got "Unable to log in because the user account is
> >>> disabled or locked. Contact the system administrator." So I
> >>> unlocked the admin account from the shell using
> >>> "ovirt-aaa-jdbc-tool user unlock admin" which worked fine and I
> >>> was able to continue working till the next login.
> >>>
> >>> I traced the /var/log/ovirt-engine/engine.log and found this after
> >>> unlocking the admin account again.
> >>>
> >>> 2018-04-12 09:06:19,984+02 INFO [org.ovirt.engine.core.bll.pro
> >>> vider.network.SyncNetworkProviderCommand]
> >>> (EE-ManagedThreadFactory-engineScheduled-Thread-87) [2ed5aa42]
> >>> Lock Acquired to object
> >>> 'EngineLock:{exclusiveLocks='[
> >>> e37c0b9e-09bc-4893-9b0c-c70f56d6ecfc=PROVIDER]',
> >>> sharedLocks=''}' 2018-04-12 09:06:19,991+02 INFO
> >>> [org.ovirt.engine.core.bll.pro
> >>> vider.network.SyncNetworkProviderCommand]
> >>> (EE-ManagedThreadFactory-engineScheduled-Thread-87) [2ed5aa42]
> >>> Running command: SyncNetworkProviderCommand internal: true.
> >>> 2018-04-12 09:06:20,102+02 INFO
> >>> [org.ovirt.engine.extension.aaa.jdbc.core.Authentication]
> >>> (default task-239) [] locking user: admin due to interval
> >>> failures 2018-04-12 09:06:25,046+02 ERROR
> >>> [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-239) []
> >>> OAuthException access_denied: Cannot authenticate user
> >>> 'admin@int
Re: [ovirt-users] admin account constantly gets locked
On Thu, 12 Apr 2018 13:57:45 +0200
Martin Perina wrote:
> On Thu, Apr 12, 2018 at 1:04 PM, Martin Perina
> wrote:
>
> >
> >
> > On Thu, Apr 12, 2018 at 12:44 PM, Eitan Raviv
> > wrote:
> >> The recurring denied access for every SyncNetworkProvider might be
> >> because you changed the admin password on the engine but not on the
> >> provider.
> >>
> >> Dominik, will updating to the same password on the provider solve
> >> the denied access?
> >> Martin, does the engine lock out the admin user for failed retries?
> >>
> >
> > Of course, after 5 incorrect logins the account is locked. But I
> > looked at logs and I can't see any login errors, so currently
> > trying to reproduce to find out what's going on ...
> >
>
> OK, so confirmed. If you change password for admin@internal using
> aaa-jdbc-tool and you don't change immediately for OVN provider, then
> admin@interal account is locked.
>
> We should probably change logic in OVN provider to shutdown the OVN
> provider service if authentication failure to engine is raised. Using
> this we will break OVN provider, but
> it seems to me much less severe than locking admin@internal account.
> Dominik, what do you think?
>
If we would shutdown the provider an authentication failure, and
engine's admin has no access to engine's host super user shell, there is
no way to recover for engine's admin.
Even the authentication failure might be triggered from outside oVirt
engine, shutting down the provider will disable the start of VMs with
OVN networks.
What is you opinion about the approach if the request comes from inside
engine, e.g. by SyncNetworkProviderCommand or other operations, the
provider object inside engine would be marked as invalid on
authentication error and block all interaction until the
credentials is updated?
>
>
> >
> >
> >
> >>
> >>
> >> HTH
> >>
> >>
> >> On Thu, Apr 12, 2018 at 12:29 PM, Käfer Marcel <
> >> marcel.kae...@putzbrunn.de> wrote:
> >>
> >>> Here are the logfiles…
> >>>
> >>>
> >>>
> >>> Thanks
> >>>
> >>>
> >>>
> >>> *Von:* Eitan Raviv [mailto:era...@redhat.com]
> >>> *Gesendet:* Donnerstag, 12. April 2018 11:12
> >>> *An:* Käfer Marcel
> >>> *Cc:* users@ovirt.org; Martin Perina
> >>> *Betreff:* Re: [ovirt-users] admin account constantly gets locked
> >>>
> >>>
> >>>
> >>> The sync network command is probably unrelated.
> >>>
> >>> Can you attach the full engine and the setup logs?
> >>>
> >>> Martin, this looks a bit like [1]. Any idea?
> >>>
> >>> Thanks
> >>>
> >>>
> >>>
> >>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1410955
> >>>
> >>>
> >>>
> >>> On Thu, Apr 12, 2018 at 10:22 AM, Käfer Marcel <
> >>> marcel.kae...@putzbrunn.de> wrote:
> >>>
> >>> Hello,
> >>>
> >>> a few days ago I installed an ovirt-engine 4.2.2.6 following the
> >>> steps of the documentation. After the installation I logged in to
> >>> the admin page, configured a datadomain and changed the admin
> >>> password. After a few hours I tried to login again, using the new
> >>> password and got "Unable to log in because the user account is
> >>> disabled or locked. Contact the system administrator." So I
> >>> unlocked the admin account from the shell using
> >>> "ovirt-aaa-jdbc-tool user unlock admin" which worked fine and I
> >>> was able to continue working till the next login.
> >>>
> >>> I traced the /var/log/ovirt-engine/engine.log and found this after
> >>> unlocking the admin account again.
> >>>
> >>> 2018-04-12 09:06:19,984+02 INFO [org.ovirt.engine.core.bll.pro
> >>> vider.network.SyncNetworkProviderCommand]
> >>> (EE-ManagedThreadFactory-engineScheduled-Thread-87) [2ed5aa42]
> >>> Lock Acquired to object
> >>> 'EngineLock:{exclusiveLocks='[
> >>> e37c0b9e-09bc-4893-9b0c-c70f56d6ecfc=PROVIDER]',
> >>> sharedLocks=''}' 2018-04-12 09:06:19,991+02 INFO
> >>> [org.ovirt.engine.core.bll.pro
> >>> vider.network.SyncNetworkProviderCommand]
> >>> (EE-ManagedThreadFactory-engin
Re: [ovirt-users] admin account constantly gets locked
On Thu, Apr 12, 2018 at 1:04 PM, Martin Perina wrote:
>
>
> On Thu, Apr 12, 2018 at 12:44 PM, Eitan Raviv wrote:
>
>> The recurring denied access for every SyncNetworkProvider might be
>> because you changed the admin password on the engine but not on the
>> provider.
>>
>> Dominik, will updating to the same password on the provider solve the
>> denied access?
>> Martin, does the engine lock out the admin user for failed retries?
>>
>
> Of course, after 5 incorrect logins the account is locked. But I looked
> at logs and I can't see any login errors, so currently trying to reproduce
> to find out what's going on ...
>
OK, so confirmed. If you change password for admin@internal using
aaa-jdbc-tool and you don't change immediately for OVN provider, then
admin@interal account is locked.
We should probably change logic in OVN provider to shutdown the OVN
provider service if authentication failure to engine is raised. Using this
we will break OVN provider, but
it seems to me much less severe than locking admin@internal account.
Dominik, what do you think?
>
>
>
>>
>>
>> HTH
>>
>>
>> On Thu, Apr 12, 2018 at 12:29 PM, Käfer Marcel <
>> marcel.kae...@putzbrunn.de> wrote:
>>
>>> Here are the logfiles…
>>>
>>>
>>>
>>> Thanks
>>>
>>>
>>>
>>> *Von:* Eitan Raviv [mailto:era...@redhat.com]
>>> *Gesendet:* Donnerstag, 12. April 2018 11:12
>>> *An:* Käfer Marcel
>>> *Cc:* users@ovirt.org; Martin Perina
>>> *Betreff:* Re: [ovirt-users] admin account constantly gets locked
>>>
>>>
>>>
>>> The sync network command is probably unrelated.
>>>
>>> Can you attach the full engine and the setup logs?
>>>
>>> Martin, this looks a bit like [1]. Any idea?
>>>
>>> Thanks
>>>
>>>
>>>
>>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1410955
>>>
>>>
>>>
>>> On Thu, Apr 12, 2018 at 10:22 AM, Käfer Marcel <
>>> marcel.kae...@putzbrunn.de> wrote:
>>>
>>> Hello,
>>>
>>> a few days ago I installed an ovirt-engine 4.2.2.6 following the steps
>>> of the documentation. After the installation I logged in to the admin page,
>>> configured a datadomain and changed the admin password. After a few hours I
>>> tried to login again, using the new password and got "Unable to log in
>>> because the user account is disabled or locked. Contact the system
>>> administrator." So I unlocked the admin account from the shell using
>>> "ovirt-aaa-jdbc-tool user unlock admin" which worked fine and I was able to
>>> continue working till the next login.
>>>
>>> I traced the /var/log/ovirt-engine/engine.log and found this after
>>> unlocking the admin account again.
>>>
>>> 2018-04-12 09:06:19,984+02 INFO [org.ovirt.engine.core.bll.pro
>>> vider.network.SyncNetworkProviderCommand]
>>> (EE-ManagedThreadFactory-engineScheduled-Thread-87)
>>> [2ed5aa42] Lock Acquired to object 'EngineLock:{exclusiveLocks='[
>>> e37c0b9e-09bc-4893-9b0c-c70f56d6ecfc=PROVIDER]', sharedLocks=''}'
>>> 2018-04-12 09:06:19,991+02 INFO [org.ovirt.engine.core.bll.pro
>>> vider.network.SyncNetworkProviderCommand]
>>> (EE-ManagedThreadFactory-engineScheduled-Thread-87)
>>> [2ed5aa42] Running command: SyncNetworkProviderCommand internal: true.
>>> 2018-04-12 09:06:20,102+02 INFO
>>> [org.ovirt.engine.extension.aaa.jdbc.core.Authentication]
>>> (default task-239) [] locking user: admin due to interval failures
>>> 2018-04-12 09:06:25,046+02 ERROR [org.ovirt.engine.core.sso.utils.SsoUtils]
>>> (default task-239) [] OAuthException access_denied: Cannot authenticate
>>> user 'admin@internal': The username or password is incorrect..
>>> 2018-04-12 09:06:25,049+02 ERROR [org.ovirt.engine.core.bll.pro
>>> vider.network.SyncNetworkProviderCommand]
>>> (EE-ManagedThreadFactory-engineScheduled-Thread-87)
>>> [2ed5aa42] Command 'org.ovirt.engine.core.bll.pro
>>> vider.network.SyncNetworkProviderCommand' failed: EngineException:
>>> (Failed with error Unauthorized and code 5050)
>>> 2018-04-12 09:06:25,050+02 INFO [org.ovirt.engine.core.bll.pro
>>> vider.network.SyncNetworkProviderCommand]
>>> (EE-ManagedThreadFactory-engineScheduled-Thread-87)
>>> [2ed5aa42] Lock freed
Re: [ovirt-users] admin account constantly gets locked
On Thu, Apr 12, 2018 at 12:44 PM, Eitan Raviv wrote:
> The recurring denied access for every SyncNetworkProvider might be because
> you changed the admin password on the engine but not on the provider.
>
> Dominik, will updating to the same password on the provider solve the
> denied access?
> Martin, does the engine lock out the admin user for failed retries?
>
Of course, after 5 incorrect logins the account is locked. But I looked at
logs and I can't see any login errors, so currently trying to reproduce to
find out what's going on ...
>
>
> HTH
>
>
> On Thu, Apr 12, 2018 at 12:29 PM, Käfer Marcel > wrote:
>
>> Here are the logfiles…
>>
>>
>>
>> Thanks
>>
>>
>>
>> *Von:* Eitan Raviv [mailto:era...@redhat.com]
>> *Gesendet:* Donnerstag, 12. April 2018 11:12
>> *An:* Käfer Marcel
>> *Cc:* users@ovirt.org; Martin Perina
>> *Betreff:* Re: [ovirt-users] admin account constantly gets locked
>>
>>
>>
>> The sync network command is probably unrelated.
>>
>> Can you attach the full engine and the setup logs?
>>
>> Martin, this looks a bit like [1]. Any idea?
>>
>> Thanks
>>
>>
>>
>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1410955
>>
>>
>>
>> On Thu, Apr 12, 2018 at 10:22 AM, Käfer Marcel <
>> marcel.kae...@putzbrunn.de> wrote:
>>
>> Hello,
>>
>> a few days ago I installed an ovirt-engine 4.2.2.6 following the steps of
>> the documentation. After the installation I logged in to the admin page,
>> configured a datadomain and changed the admin password. After a few hours I
>> tried to login again, using the new password and got "Unable to log in
>> because the user account is disabled or locked. Contact the system
>> administrator." So I unlocked the admin account from the shell using
>> "ovirt-aaa-jdbc-tool user unlock admin" which worked fine and I was able to
>> continue working till the next login.
>>
>> I traced the /var/log/ovirt-engine/engine.log and found this after
>> unlocking the admin account again.
>>
>> 2018-04-12 09:06:19,984+02 INFO [org.ovirt.engine.core.bll.pro
>> vider.network.SyncNetworkProviderCommand]
>> (EE-ManagedThreadFactory-engineScheduled-Thread-87)
>> [2ed5aa42] Lock Acquired to object 'EngineLock:{exclusiveLocks='[
>> e37c0b9e-09bc-4893-9b0c-c70f56d6ecfc=PROVIDER]', sharedLocks=''}'
>> 2018-04-12 09:06:19,991+02 INFO [org.ovirt.engine.core.bll.pro
>> vider.network.SyncNetworkProviderCommand]
>> (EE-ManagedThreadFactory-engineScheduled-Thread-87)
>> [2ed5aa42] Running command: SyncNetworkProviderCommand internal: true.
>> 2018-04-12 09:06:20,102+02 INFO
>> [org.ovirt.engine.extension.aaa.jdbc.core.Authentication]
>> (default task-239) [] locking user: admin due to interval failures
>> 2018-04-12 09:06:25,046+02 ERROR [org.ovirt.engine.core.sso.utils.SsoUtils]
>> (default task-239) [] OAuthException access_denied: Cannot authenticate
>> user 'admin@internal': The username or password is incorrect..
>> 2018-04-12 09:06:25,049+02 ERROR [org.ovirt.engine.core.bll.pro
>> vider.network.SyncNetworkProviderCommand]
>> (EE-ManagedThreadFactory-engineScheduled-Thread-87)
>> [2ed5aa42] Command 'org.ovirt.engine.core.bll.pro
>> vider.network.SyncNetworkProviderCommand' failed: EngineException:
>> (Failed with error Unauthorized and code 5050)
>> 2018-04-12 09:06:25,050+02 INFO [org.ovirt.engine.core.bll.pro
>> vider.network.SyncNetworkProviderCommand]
>> (EE-ManagedThreadFactory-engineScheduled-Thread-87)
>> [2ed5aa42] Lock freed to object 'EngineLock:{exclusiveLocks='[
>> e37c0b9e-09bc-4893-9b0c-c70f56d6ecfc=PROVIDER]', sharedLocks=''}'
>>
>> It seems like the SyncNetworkProviderCommand is somehow locking the admin
>> account. I already restarted the whole machine but it didn't help.
>>
>> Can someone please point me in the right direction, where to find the
>> error?
>>
>> Thanks in advance
>>
>>
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>>
>>
>> --
>>
>> Eitan Raviv
>> IRC: erav (#ovirt #vdsm #devel #rhev-dev)
>>
>
>
>
> --
> Eitan Raviv
> IRC: erav (#ovirt #vdsm #devel #rhev-dev)
>
--
Martin Perina
Associate Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] admin account constantly gets locked
The recurring denied access for every SyncNetworkProvider might be because
you changed the admin password on the engine but not on the provider.
Dominik, will updating to the same password on the provider solve the
denied access?
Martin, does the engine lock out the admin user for failed retries?
HTH
On Thu, Apr 12, 2018 at 12:29 PM, Käfer Marcel
wrote:
> Here are the logfiles…
>
>
>
> Thanks
>
>
>
> *Von:* Eitan Raviv [mailto:era...@redhat.com]
> *Gesendet:* Donnerstag, 12. April 2018 11:12
> *An:* Käfer Marcel
> *Cc:* users@ovirt.org; Martin Perina
> *Betreff:* Re: [ovirt-users] admin account constantly gets locked
>
>
>
> The sync network command is probably unrelated.
>
> Can you attach the full engine and the setup logs?
>
> Martin, this looks a bit like [1]. Any idea?
>
> Thanks
>
>
>
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1410955
>
>
>
> On Thu, Apr 12, 2018 at 10:22 AM, Käfer Marcel
> wrote:
>
> Hello,
>
> a few days ago I installed an ovirt-engine 4.2.2.6 following the steps of
> the documentation. After the installation I logged in to the admin page,
> configured a datadomain and changed the admin password. After a few hours I
> tried to login again, using the new password and got "Unable to log in
> because the user account is disabled or locked. Contact the system
> administrator." So I unlocked the admin account from the shell using
> "ovirt-aaa-jdbc-tool user unlock admin" which worked fine and I was able to
> continue working till the next login.
>
> I traced the /var/log/ovirt-engine/engine.log and found this after
> unlocking the admin account again.
>
> 2018-04-12 09:06:19,984+02 INFO [org.ovirt.engine.core.bll.
> provider.network.SyncNetworkProviderCommand]
> (EE-ManagedThreadFactory-engineScheduled-Thread-87)
> [2ed5aa42] Lock Acquired to object 'EngineLock:{exclusiveLocks='[
> e37c0b9e-09bc-4893-9b0c-c70f56d6ecfc=PROVIDER]', sharedLocks=''}'
> 2018-04-12 09:06:19,991+02 INFO [org.ovirt.engine.core.bll.
> provider.network.SyncNetworkProviderCommand]
> (EE-ManagedThreadFactory-engineScheduled-Thread-87)
> [2ed5aa42] Running command: SyncNetworkProviderCommand internal: true.
> 2018-04-12 09:06:20,102+02 INFO
> [org.ovirt.engine.extension.aaa.jdbc.core.Authentication]
> (default task-239) [] locking user: admin due to interval failures
> 2018-04-12 09:06:25,046+02 ERROR [org.ovirt.engine.core.sso.utils.SsoUtils]
> (default task-239) [] OAuthException access_denied: Cannot authenticate
> user 'admin@internal': The username or password is incorrect..
> 2018-04-12 09:06:25,049+02 ERROR [org.ovirt.engine.core.bll.
> provider.network.SyncNetworkProviderCommand]
> (EE-ManagedThreadFactory-engineScheduled-Thread-87)
> [2ed5aa42] Command
> 'org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand'
> failed: EngineException: (Failed with error Unauthorized and code 5050)
> 2018-04-12 09:06:25,050+02 INFO [org.ovirt.engine.core.bll.
> provider.network.SyncNetworkProviderCommand]
> (EE-ManagedThreadFactory-engineScheduled-Thread-87)
> [2ed5aa42] Lock freed to object 'EngineLock:{exclusiveLocks='[
> e37c0b9e-09bc-4893-9b0c-c70f56d6ecfc=PROVIDER]', sharedLocks=''}'
>
> It seems like the SyncNetworkProviderCommand is somehow locking the admin
> account. I already restarted the whole machine but it didn't help.
>
> Can someone please point me in the right direction, where to find the
> error?
>
> Thanks in advance
>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
>
>
> --
>
> Eitan Raviv
> IRC: erav (#ovirt #vdsm #devel #rhev-dev)
>
--
Eitan Raviv
IRC: erav (#ovirt #vdsm #devel #rhev-dev)
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] admin account constantly gets locked
The sync network command is probably unrelated.
Can you attach the full engine and the setup logs?
Martin, this looks a bit like [1]. Any idea?
Thanks
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1410955
On Thu, Apr 12, 2018 at 10:22 AM, Käfer Marcel
wrote:
> Hello,
>
> a few days ago I installed an ovirt-engine 4.2.2.6 following the steps of
> the documentation. After the installation I logged in to the admin page,
> configured a datadomain and changed the admin password. After a few hours I
> tried to login again, using the new password and got "Unable to log in
> because the user account is disabled or locked. Contact the system
> administrator." So I unlocked the admin account from the shell using
> "ovirt-aaa-jdbc-tool user unlock admin" which worked fine and I was able to
> continue working till the next login.
>
> I traced the /var/log/ovirt-engine/engine.log and found this after
> unlocking the admin account again.
>
> 2018-04-12 09:06:19,984+02 INFO [org.ovirt.engine.core.bll.
> provider.network.SyncNetworkProviderCommand]
> (EE-ManagedThreadFactory-engineScheduled-Thread-87)
> [2ed5aa42] Lock Acquired to object 'EngineLock:{exclusiveLocks='[
> e37c0b9e-09bc-4893-9b0c-c70f56d6ecfc=PROVIDER]', sharedLocks=''}'
> 2018-04-12 09:06:19,991+02 INFO [org.ovirt.engine.core.bll.
> provider.network.SyncNetworkProviderCommand]
> (EE-ManagedThreadFactory-engineScheduled-Thread-87)
> [2ed5aa42] Running command: SyncNetworkProviderCommand internal: true.
> 2018-04-12 09:06:20,102+02 INFO
> [org.ovirt.engine.extension.aaa.jdbc.core.Authentication]
> (default task-239) [] locking user: admin due to interval failures
> 2018-04-12 09:06:25,046+02 ERROR [org.ovirt.engine.core.sso.utils.SsoUtils]
> (default task-239) [] OAuthException access_denied: Cannot authenticate
> user 'admin@internal': The username or password is incorrect..
> 2018-04-12 09:06:25,049+02 ERROR [org.ovirt.engine.core.bll.
> provider.network.SyncNetworkProviderCommand]
> (EE-ManagedThreadFactory-engineScheduled-Thread-87)
> [2ed5aa42] Command
> 'org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand'
> failed: EngineException: (Failed with error Unauthorized and code 5050)
> 2018-04-12 09:06:25,050+02 INFO [org.ovirt.engine.core.bll.
> provider.network.SyncNetworkProviderCommand]
> (EE-ManagedThreadFactory-engineScheduled-Thread-87)
> [2ed5aa42] Lock freed to object 'EngineLock:{exclusiveLocks='[
> e37c0b9e-09bc-4893-9b0c-c70f56d6ecfc=PROVIDER]', sharedLocks=''}'
>
> It seems like the SyncNetworkProviderCommand is somehow locking the admin
> account. I already restarted the whole machine but it didn't help.
>
> Can someone please point me in the right direction, where to find the
> error?
>
> Thanks in advance
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
--
Eitan Raviv
IRC: erav (#ovirt #vdsm #devel #rhev-dev)
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] admin account constantly gets locked
Hello,
a few days ago I installed an ovirt-engine 4.2.2.6 following the steps of the
documentation. After the installation I logged in to the admin page, configured
a datadomain and changed the admin password. After a few hours I tried to login
again, using the new password and got "Unable to log in because the user
account is disabled or locked. Contact the system administrator." So I unlocked
the admin account from the shell using "ovirt-aaa-jdbc-tool user unlock admin"
which worked fine and I was able to continue working till the next login.
I traced the /var/log/ovirt-engine/engine.log and found this after unlocking
the admin account again.
2018-04-12 09:06:19,984+02 INFO
[org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-87) [2ed5aa42] Lock Acquired to
object
'EngineLock:{exclusiveLocks='[e37c0b9e-09bc-4893-9b0c-c70f56d6ecfc=PROVIDER]',
sharedLocks=''}'
2018-04-12 09:06:19,991+02 INFO
[org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-87) [2ed5aa42] Running command:
SyncNetworkProviderCommand internal: true.
2018-04-12 09:06:20,102+02 INFO
[org.ovirt.engine.extension.aaa.jdbc.core.Authentication] (default task-239) []
locking user: admin due to interval failures
2018-04-12 09:06:25,046+02 ERROR [org.ovirt.engine.core.sso.utils.SsoUtils]
(default task-239) [] OAuthException access_denied: Cannot authenticate user
'admin@internal': The username or password is incorrect..
2018-04-12 09:06:25,049+02 ERROR
[org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-87) [2ed5aa42] Command
'org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand' failed:
EngineException: (Failed with error Unauthorized and code 5050)
2018-04-12 09:06:25,050+02 INFO
[org.ovirt.engine.core.bll.provider.network.SyncNetworkProviderCommand]
(EE-ManagedThreadFactory-engineScheduled-Thread-87) [2ed5aa42] Lock freed to
object
'EngineLock:{exclusiveLocks='[e37c0b9e-09bc-4893-9b0c-c70f56d6ecfc=PROVIDER]',
sharedLocks=''}'
It seems like the SyncNetworkProviderCommand is somehow locking the admin
account. I already restarted the whole machine but it didn't help.
Can someone please point me in the right direction, where to find the error?
Thanks in advance
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
