Description of problem: Log-in fails on clean installation of ovirt engine Version-Release number of selected component (if applicable): up-to-date ovirt-engine master (51e4e8) How reproducible: Steps to Reproduce: 1. Run engine-setup with provided answer file 2. Try logging in 3. Actual results: Login fails Expected results: Login succeeds Additional info: Error when logging in through both web-admin and REST API Log contains this for each connect attempt: 2015-02-10 16:47:57,156 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-3) [] Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User admin@internal failed to log in. 2015-02-10 16:47:57,157 WARN [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-3) [] CanDoAction of action 'LoginAdminUser' failed for user admin@internal. Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION Setup answer file contains: # action=setup [environment:default] OVESETUP_DIALOG/confirmSettings=bool:True OVESETUP_CONFIG/applicationMode=str:both OVESETUP_CONFIG/remoteEngineSetupStyle=none:None OVESETUP_CONFIG/adminPassword=str:123 OVESETUP_CONFIG/storageIsLocal=bool:False OVESETUP_CONFIG/firewallManager=str:iptables OVESETUP_CONFIG/remoteEngineHostRootPassword=none:None OVESETUP_CONFIG/firewallChangesReview=bool:False OVESETUP_CONFIG/updateFirewall=bool:True OVESETUP_CONFIG/remoteEngineHostSshPort=none:None OVESETUP_CONFIG/fqdn=str:engine OVESETUP_CONFIG/storageType=none:None OSETUP_RPMDISTRO/requireRollback=none:None OSETUP_RPMDISTRO/enableUpgrade=none:None OVESETUP_DB/database=str:engine OVESETUP_DB/fixDbViolations=none:None OVESETUP_DB/secured=bool:False OVESETUP_DB/host=str:localhost OVESETUP_DB/user=str:engine OVESETUP_DB/securedHostValidation=bool:False OVESETUP_DB/port=int:5432 OVESETUP_ENGINE_CORE/enable=bool:True OVESETUP_CORE/engineStop=none:None OVESETUP_SYSTEM/memCheckEnabled=bool:True OVESETUP_SYSTEM/nfsConfigEnabled=bool:False OVESETUP_PKI/organization=str:Test OVESETUP_CONFIG/isoDomainMountPoint=none:None OVESETUP_CONFIG/isoDomainName=none:None OVESETUP_CONFIG/isoDomainACL=none:None OVESETUP_AIO/configure=none:None OVESETUP_AIO/storageDomainName=none:None OVESETUP_AIO/storageDomainDir=none:None OVESETUP_PROVISIONING/postgresProvisioningEnabled=bool:True OVESETUP_APACHE/configureRootRedirection=bool:True OVESETUP_APACHE/configureSsl=bool:True OVESETUP_CONFIG/websocketProxyConfig=bool:True
Please note that the displayed message is: User is not authorized to perform this action Rather than: The user name or password is incorrect. that happens when password is invalid.
(In reply to Dima Kuznetsov from comment #1) > Please note that the displayed message is: > User is not authorized to perform this action > > Rather than: > The user name or password is incorrect. > > that happens when password is invalid. So, basically this is not specific to user setup and can be reproduced by login to from webadmin/REST API with wrong password ???
No, it can only be reproduced by logging in with the correct password, when logging with a wrong password it displays a different message.
(In reply to Dima Kuznetsov from comment #3) > No, it can only be reproduced by logging in with the correct password, when > logging with a wrong password it displays a different message. Please read again what you had wrote in comment 1 : ============================================== Please note that the displayed message is: User is not authorized to perform this action Rather than: The user name or password is incorrect. ============================================== So, if the user name and password is correct, why should it display that it is incorrect ??? Please explain ...
I meant to say that password provided is correct and ovirt recognizes it as such.
Root cause[1], 00100_insert_users.sql change. [1] http://gerrit.ovirt.org/#/c/37668/
*** Bug 1192044 has been marked as a duplicate of this bug. ***
The problem is that the upgrade script 03_05_0220_update_user_ids.sql changes the default user is to something else This causes the default user id to be added again with 'fdfc627cd87511e090f083df133b58cc' as user_id , but now the permissions are set on the changed user_id and the new one has no permissions The upgrade script should not change 'fdfc627cd87511e090f083df133b58cc' which is used constantly in : --- start --- git grep "fdfc627c-d875-11e0-90f0-83df133b58cc" PredefinedUsers.java: ADMIN_USER(new Guid("fdfc627c-d875-11e0-90f0-83df133b58cc")); EngineExtensionsManager.java: dirConfig.put("config.authz.user.id", "fdfc627c-d875-11e0-90f0-83df data/00100_insert_users.sql:INSERT INTO users (user_id, name, surname, domain, username, groups, department, role, email, note, status, last_admin_check_status, group_ids data/00600_insert_permissions.sql:INSERT INTO permissions (id, role_id, ad_element_id, object_id, object_type_id) VALUES ('00000003-0003-0003-0003-000000000016', '0000000 data/00600_insert_permissions.sql:INSERT INTO permissions (id, role_id, ad_element_id, object_id, object_type_id) VALUES ('00000006-0006-0006-0006-00000000016d', '0000000 --- end --- Setting NEEDINFO on Yair that wrote this upgrade script
(In reply to Alon Bar-Lev from comment #6) > Root cause[1], 00100_insert_users.sql change. > > [1] http://gerrit.ovirt.org/#/c/37668/ Agree, that;s the problem cause , please ignore comment 8
it changes the uuid psql type into a string.
Verified on 3.6.0-0.0.master.20150427173543.git61dec8c.el6
oVirt 3.6.0 has been released on November 4th, 2015 and should fix this issue. If problems still persist, please open a new BZ and reference this one.