So I think I have narrowed it down to the OVN settings. The only problem now
is, is that when I want to update the OVN settings, it fails with “Failed to
communicate with External Provider. See logs for details”
When checking the logs, I see an error stating the “root hostname does not
match” (In the OVN settings via the WebUI, I see that it also points to the old
hostname)
A bit of background on this, when the engine was initially built, it was
configured with a different hostname, which was then changed, but somehow it is
still referencing the old hostname. When I run the change hostname scripts
(/usr/share/ovirt-engine/setup/bin/ovirt-engine-rename) it runs through
everything, until it needs to modify the certs. (I have attached the screenshot)
I am really not sure where to go from here, and I believe that most of this has
to do with the certs (And I am just grasping at straws here)
I am starting to think that it would just be easier to deploy everything from
scratch, but if anybody has any ideas, I would appreciate it.
Thank you
Anton Louw
Cloud Engineer: Storage and Virtualization
______________________________________
D: 087 805 1572 | M: N/A
A: Rutherford Estate, 1 Scott Street, Waverley, Johannesburg
anton.l...@voxtelecom.co.za
www.vox.co.za
From: Anton Louw via Users <users@ovirt.org>
Sent: 18 June 2020 12:39
To: users@ovirt.org
Subject: [ovirt-users] Cannot authenticate user Invalid scopes: ovirt-app-api
Hi All,
A new issue 😊
We have configured oVirt to use KeyCloak for authentication. This all works, I
can log into the WebUI etc, but as soon as I need to talk to the API, it gives
me the “invalid scopes” error. I have double checked KeyCloak, and the scopes
are added. I went through the logs, but there is nothing telling me exactly
what the actual cause is.
I get the below when trying to get a token from the engine:
“{"error_code":"access_denied","error":"Cannot authenticate user Invalid
scopes: ovirt-app-api ovirt-ext=token-info:authz-search
ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate
ovirt-ext=token:password-access."}”
Does anybody have any idea where this is going wrong?
Thanks
Anton Louw
Cloud Engineer: Storage and Virtualization at Vox
________________________________
T: 087 805 0000 | D: 087 805 1572
M: N/A
E: anton.l...@voxtelecom.co.za<mailto:anton.l...@voxtelecom.co.za>
A: Rutherford Estate, 1 Scott Street, Waverley, Johannesburg
www.vox.co.za<http://www.vox.co.za>
[F]<https://www.facebook.com/voxtelecomZA>
[T]<https://www.twitter.com/voxtelecom>
[I]<https://www.instagram.com/voxtelecomza>
[L]<https://www.linkedin.com/company/voxtelecom>
[Y]<https://www.youtube.com/user/VoxTelecom>
[#VoxBrand]<https://www.vox.co.za/fibre/fibre-to-the-home/?prod=HOME>
Disclaimer
The contents of this email are confidential to the sender and the intended
recipient. Unless the contents are clearly and entirely of a personal nature,
they are subject to copyright in favour of the holding company of the Vox group
of companies. Any recipient who receives this email in error should immediately
report the error to the sender and permanently delete this email from all
storage devices.
This email has been scanned for viruses and malware, and may have been
automatically archived by Mimecast Ltd, an innovator in Software as a Service
(SaaS) for business. Providing a safer and more useful place for your human
generated data. Specializing in; Security, archiving and compliance. To find
out more Click
Here<https://www.voxtelecom.co.za/security/mimecast/?prod=Enterprise>.
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VLKF3BWJJ2TQJDT5EGA2VU2WFNDZHBAW/
