Bug 1261382
Summary: | [aaa] When engine-setup is run after upgrade again, admin@internal get expired password | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] oVirt | Reporter: | Nikolai Sednev <nsednev> | ||||
Component: | ovirt-engine-installer | Assignee: | Martin Perina <mperina> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | Ondra Machacek <omachace> | ||||
Severity: | urgent | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 3.6 | CC: | alonbl, bazulay, bugs, ecohen, gklein, lsurette, mperina, omachace, oourfali, rbalakri, Rhev-m-bugs, yeylon | ||||
Target Milestone: | --- | ||||||
Target Release: | 3.6.0 | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | infra | ||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2015-09-10 11:52:43 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1164870 | ||||||
Bug Blocks: | 917035 | ||||||
Attachments: |
|
Description
Nikolai Sednev
2015-09-09 08:31:52 UTC
Created attachment 1071618 [details]
engine logs
I also tried to check if hosts and engine synced, then alligned them with required ntp configurations and that didn't helped, although time was the same on both hosts and the engine. I tried to change password for the user and also failed, while was using steps defined here: http://www.ovirt.org/Engine_config_examples # engine-config -s AdminPassword=interactive Error setting AdminPassword's value. No such entry. Please disregard the sentence "Additional info: At some point I was able to log in, I'm not really understand why, so adding all logs to this bug.". It actually not happened (mixed up with another engine). (In reply to Nikolai Sednev from comment #2) > I also tried to check if hosts and engine synced, then alligned them with > required ntp configurations and that didn't helped, although time was the > same on both hosts and the engine. > > I tried to change password for the user and also failed, while was using > steps defined here: http://www.ovirt.org/Engine_config_examples > > # engine-config -s AdminPassword=interactive > Error setting AdminPassword's value. No such entry. In RHEV 3.6 'internal' domain is managed by aaa-jdbc provider. So if you want to change 'admin@internal' password please execute: ovirt-aaa-jdbc-tool user password-reset admin --password-valid-to="2025-08-15 10:30:00Z" More info can be found at http://www.ovirt.org/Features/AAA_JDBC#Password_management (In reply to Martin Perina from comment #4) > (In reply to Nikolai Sednev from comment #2) > > I also tried to check if hosts and engine synced, then alligned them with > > required ntp configurations and that didn't helped, although time was the > > same on both hosts and the engine. > > > > I tried to change password for the user and also failed, while was using > > steps defined here: http://www.ovirt.org/Engine_config_examples > > > > # engine-config -s AdminPassword=interactive > > Error setting AdminPassword's value. No such entry. > > In RHEV 3.6 'internal' domain is managed by aaa-jdbc provider. So if you > want to change 'admin@internal' password please execute: > > ovirt-aaa-jdbc-tool user password-reset admin > --password-valid-to="2025-08-15 10:30:00Z" > > More info can be found at > http://www.ovirt.org/Features/AAA_JDBC#Password_management Martin, I'd expect the 'old' method to return an error explaining the user to use the new method... I succeed reproduce. Steps: 1) install 3.5 2) change needed repos to for 3.6 3) yum update rhevm-setup 4) engine-setup 5) engine-setup After step 4) there is not created proper jdbc schemas (not sure why). In this step also correct password expiration is set. Auth[zn] files are created as follows: authn: ovirt.engine.extension.name = internal-authn ... ovirt.engine.aaa.authn.profile.name = internal ovirt.engine.aaa.authn.authz.plugin = internal config.authn.user.name = admin config.authn.user.password = ********** authz: ovirt.engine.extension.name = internal ..... config.authz.user.name = admin config.authz.user.id = fdfc627c-d875-11e0-90f0-83df133b58cc Only after step 5) proper jdbc schema is created. With proper properties files. But in this step only admin user created, but it doesn't have correctly setup password. Why there is that intermediate step and why the correct jdbc schema is not created in step 4? That seems to be the issue, unless it's needed for some reason. Btw. you can resolve the issue if you install package 'ovirt-engine-extension-aaa-jdbc' just before upgrade, so I believe it's kind of duplicate of bug 1260573 *** This bug has been marked as a duplicate of bug 1260573 *** |