On Fri, 22 Mar 2019 14:37:49 +0100 Gianluca Cecchi <[email protected]> wrote:
> On Fri, Mar 22, 2019 at 12:20 PM Dominik Holler <[email protected]> wrote: > [snip] > > > > > Tried also this as detailed by Dominik, renewing certificates: > > > https://www.mail-archive.com/[email protected]/msg53697.html > > > > > > Not understood what to do in step > > > 2. Use the SSO_CLIENT_SECRET from the outfile produced by the previous > > > command in > > > /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf > > > "Use" in which way??? > > > > > > > use as <my_secret_omitted> in > > > > [OVIRT] > > ovirt-sso-client-secret=<my_secret_omitted> > > > > > OK. > I misunderstood/misread behavior of the command > /usr/share/ovirt-engine/bin/ovirt-register-sso-client-tool.sh > > I thought it directly > wrote /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf > Instead it writes a temporary/transient file such as > /var/tmp/ovirt-engine/99_sso_client_1553259220210.conf > now I put the value of this generated file "SSO_CLIENT_SECRET=" inside > my 10-setup-ovirt-provider-ovn.conf and follow the other steps and I'm able > to successfully test the OVN connection > > > > > It seems I have not completely understood the link between SSO and > > > admin@internal as a user for OVN authentication.... > > > > > > > The ovirt-sso-client-id and ovirt-sso-client-secret is required, to > > allow the ovirt-provider-ovn to connect to Engine's SSO for checking to > > user visible username, e.g. admin@internal, and password. > > > > I guess you are already aware of the doc in > > https://github.com/oVirt/ovirt-provider-ovn/#section-ovirt > > > > ovirt-provider-ovn does not store neither the user, e.g. admin@internal > > password nor the session token, it is just forwarded to Engine's SSO to > > check for validity. > > > > If you are interested in the details, the session token is generated > > by _get_sso_token in > > > > https://github.com/oVirt/ovirt-provider-ovn/blob/master/provider/auth/plugins/ovirt/sso.py#L79 > > and validated by another method in > > > > https://github.com/oVirt/ovirt-provider-ovn/blob/master/provider/auth/plugins/ovirt/sso.py#L125 > > where the ovirt-sso-client-id and ovirt-sso-client-secret are > > used as client_id, client_secret. > > > > In your case _get_sso_token is already failing, which does not use the > > ovirt-sso-client-secret. > > > > To solve this praticular issue, the provider in oVirt web admin ui > > should use the usual oVirt password for admin@internal. > > > > > Thanks for all the corollary information! > Now I was also able to create two ovn networks (ovn172 and ovn192) with one > subnet each and on engine I have: > > [root@ovmgr1 log]# ovn-nbctl show > switch fc2fc4e8-ff71-4ec3-ba03-536a870cd483 > (ovirt-ovn192-1e252228-ade7-47c8-acda-5209be358fcf) > port 84c78095-744c-4415-805f-5f739af3d4d3 > addresses: ["00:1a:4a:17:01:53 dynamic"] > switch 9e77163a-c4e4-4abf-a554-0388e6b5e4ce > (ovirt-ovn172-4ac7ba24-aad5-432d-b1d2-672eaeea7d63) > port 899809f2-3ee8-4121-9fff-5e55bb0d5d8b > addresses: ["00:1a:4a:17:01:54 dynamic"] > [root@ovmgr1 log]# > > I'm now able to create/attach an ovn based nic to a VM, but if I try to > power on this VM I get an error in web admin gui > > Failed to run VM p2vorasvi11 > > and in engine.log: > > 2019-03-22 14:30:34,498+01 ERROR > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > (ForkJoinPool-1-worker-5) [] EVENT_ID: VM_DOWN_ERROR(119), VM p2vorasvi11 > is down with error. Exit message: Hook Error: ('',). > > If I put a standard nic the VM is able to start without problem. > Full log in engine.log during startup here: > https://drive.google.com/file/d/1vDY64QaRkb8LWHJ9gD16bsJlyovISNwr/view?usp=sharing > Can you please share the relevant part of vdsm.log, too? > BTW: one strange thing I see in dumped xml in engine.log during startup is: > > <graphics type="spice" port="-1" autoport="yes" passwd="*****" > passwdValidTo="1970-01-01T00:00:01" tlsPort="-1"> > > Gianluca _______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/WRG3H5NSFNTHXALYT4UHIYCQGQ6VOGGC/
