Created attachment 1378986 [details] Logfile Description of problem: In case the extension fails due to a name resolution oder network problem. The extension stops working and does not recover after the problem has been resolved. Version-Release number of selected component (if applicable): master(1.3.7) How reproducible: 100% Steps to Reproduce: 1. Setup a engine 2. setup ldap authentication 3. Test ldap login and search 4. Block access to the configured ldap server (firewall or shutdown) 5. restart engine using 'systemctl restart ovirt-engine' 6. Try to login using ldap provider 7. Remove the block 8. Try again to login using ldap provider Actual results: Login fails Expected results: Login should succeed Additional info: Interesting log messages: WARN [org.ovirt.engineextensions.aaa.ldap.Framework] (ServerService Thread Pool -- 42) [] Ignoring records from pool: 'authz' INFO [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (ServerService Thread Pool -- 42) [] [ovirt-engine-extension-aaa-ldap.authz::test-authz] Available Namespaces: [] INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (ServerService Thread Pool -- 42) [] Extension 'test-authz' initialized Workaround: Restart engine using 'systemctl restart ovirt-engine'
Curently we don't re-initialize the connection pools, when it failed at engine startup initialization. The ldap must be connective during engine startup, but we do re-connect successfully when the machine is non-reponsive after the initialization.
Verified on ovirt-engine-extension-aaa-ldap-1.3.9-1.el7ev.noarch
This bugzilla is included in oVirt 4.3.2 release, published on March 19th 2019. Since the problem described in this bug report should be resolved in oVirt 4.3.2 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.