Bug 1532568
| Summary: | Authentication provider does not recover during runtime | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [oVirt] ovirt-engine-extension-aaa-ldap | Reporter: | Bernhard Seidl <info> | ||||
| Component: | General | Assignee: | Ondra Machacek <omachace> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Petr Matyáš <pmatyas> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 1.3.7 | CC: | audgiri, bugs, lleistne, lsvaty, mperina, omachace, v.astafiev | ||||
| Target Milestone: | ovirt-4.3.2 | Flags: | rule-engine:
ovirt-4.3+
lleistne: testing_ack+ |
||||
| Target Release: | 1.3.9 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | ovirt-engine-extension-aaa-ldap-1.3.9 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 1640961 1693835 (view as bug list) | Environment: | |||||
| Last Closed: | 2019-03-19 10:05:23 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1640961, 1693835 | ||||||
| Attachments: |
|
||||||
Curently we don't re-initialize the connection pools, when it failed at engine startup initialization. The ldap must be connective during engine startup, but we do re-connect successfully when the machine is non-reponsive after the initialization. Verified on ovirt-engine-extension-aaa-ldap-1.3.9-1.el7ev.noarch This bugzilla is included in oVirt 4.3.2 release, published on March 19th 2019. Since the problem described in this bug report should be resolved in oVirt 4.3.2 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report. |
Created attachment 1378986 [details] Logfile Description of problem: In case the extension fails due to a name resolution oder network problem. The extension stops working and does not recover after the problem has been resolved. Version-Release number of selected component (if applicable): master(1.3.7) How reproducible: 100% Steps to Reproduce: 1. Setup a engine 2. setup ldap authentication 3. Test ldap login and search 4. Block access to the configured ldap server (firewall or shutdown) 5. restart engine using 'systemctl restart ovirt-engine' 6. Try to login using ldap provider 7. Remove the block 8. Try again to login using ldap provider Actual results: Login fails Expected results: Login should succeed Additional info: Interesting log messages: WARN [org.ovirt.engineextensions.aaa.ldap.Framework] (ServerService Thread Pool -- 42) [] Ignoring records from pool: 'authz' INFO [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (ServerService Thread Pool -- 42) [] [ovirt-engine-extension-aaa-ldap.authz::test-authz] Available Namespaces: [] INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (ServerService Thread Pool -- 42) [] Extension 'test-authz' initialized Workaround: Restart engine using 'systemctl restart ovirt-engine'