Description of problem: HE upgrade 3.5.4 to 3.6 (13) caused to user admin not to be able to log in to the engine or change the password after by using "engine-config -s AdminPassword=interactive". Version-Release number of selected component (if applicable): ovirt-host-deploy-1.4.0-0.0.5.master.el6ev.noarch ovirt-engine-extension-aaa-jdbc-0.0.0-6.el6ev.noarch ovirt-vmconsole-1.0.0-0.0.1.master.el6ev.noarch ovirt-vmconsole-proxy-1.0.0-0.0.1.master.el6ev.noarch rhevm-3.6.0-0.13.master.el6.noarch ovirt-host-deploy-java-1.4.0-0.0.5.master.el6ev.noarch qemu-guest-agent-0.12.1.2-2.479.el6.x86_64 rhevm-guest-agent-common-1.0.10-2.el6ev.noarch How reproducible: 50% Steps to Reproduce: 1.Install HE on two RHEL7.1 hosts with RHEVM3.5.4 latest. 2.Upgrade from latest 3.5.4 to 3.6 while both hosts in global maintenance. 3.Return both hosts from maintenance and log in to the engine. 4.Set one of the hosts to global maintenance (the one that is not running the engine). 5.Upgrade the host to RHEL7.2, while second host remains with the running engine on top of RHEL7.1. 6.Set the host that is running the engine in to global maintenance. 7.On engine via CLI shell install ovirt-vmconsole-proxy. 8.On engine run engine-setup and enable vm-console configuration. 9.When engine-setup finished, try logging in to the engine via WEBUI. Actual results: User admin failed to log in in to the engine via WEBUI. Expected results: User admin should be able to log in. Additional info: At some point I was able to log in, I'm not really understand why, so adding all logs to this bug.
Created attachment 1071618 [details] engine logs
I also tried to check if hosts and engine synced, then alligned them with required ntp configurations and that didn't helped, although time was the same on both hosts and the engine. I tried to change password for the user and also failed, while was using steps defined here: http://www.ovirt.org/Engine_config_examples # engine-config -s AdminPassword=interactive Error setting AdminPassword's value. No such entry.
Please disregard the sentence "Additional info: At some point I was able to log in, I'm not really understand why, so adding all logs to this bug.". It actually not happened (mixed up with another engine).
(In reply to Nikolai Sednev from comment #2) > I also tried to check if hosts and engine synced, then alligned them with > required ntp configurations and that didn't helped, although time was the > same on both hosts and the engine. > > I tried to change password for the user and also failed, while was using > steps defined here: http://www.ovirt.org/Engine_config_examples > > # engine-config -s AdminPassword=interactive > Error setting AdminPassword's value. No such entry. In RHEV 3.6 'internal' domain is managed by aaa-jdbc provider. So if you want to change 'admin@internal' password please execute: ovirt-aaa-jdbc-tool user password-reset admin --password-valid-to="2025-08-15 10:30:00Z" More info can be found at http://www.ovirt.org/Features/AAA_JDBC#Password_management
(In reply to Martin Perina from comment #4) > (In reply to Nikolai Sednev from comment #2) > > I also tried to check if hosts and engine synced, then alligned them with > > required ntp configurations and that didn't helped, although time was the > > same on both hosts and the engine. > > > > I tried to change password for the user and also failed, while was using > > steps defined here: http://www.ovirt.org/Engine_config_examples > > > > # engine-config -s AdminPassword=interactive > > Error setting AdminPassword's value. No such entry. > > In RHEV 3.6 'internal' domain is managed by aaa-jdbc provider. So if you > want to change 'admin@internal' password please execute: > > ovirt-aaa-jdbc-tool user password-reset admin > --password-valid-to="2025-08-15 10:30:00Z" > > More info can be found at > http://www.ovirt.org/Features/AAA_JDBC#Password_management Martin, I'd expect the 'old' method to return an error explaining the user to use the new method...
I succeed reproduce. Steps: 1) install 3.5 2) change needed repos to for 3.6 3) yum update rhevm-setup 4) engine-setup 5) engine-setup After step 4) there is not created proper jdbc schemas (not sure why). In this step also correct password expiration is set. Auth[zn] files are created as follows: authn: ovirt.engine.extension.name = internal-authn ... ovirt.engine.aaa.authn.profile.name = internal ovirt.engine.aaa.authn.authz.plugin = internal config.authn.user.name = admin config.authn.user.password = ********** authz: ovirt.engine.extension.name = internal ..... config.authz.user.name = admin config.authz.user.id = fdfc627c-d875-11e0-90f0-83df133b58cc Only after step 5) proper jdbc schema is created. With proper properties files. But in this step only admin user created, but it doesn't have correctly setup password. Why there is that intermediate step and why the correct jdbc schema is not created in step 4? That seems to be the issue, unless it's needed for some reason.
Btw. you can resolve the issue if you install package 'ovirt-engine-extension-aaa-jdbc' just before upgrade, so I believe it's kind of duplicate of bug 1260573
*** This bug has been marked as a duplicate of bug 1260573 ***