Bug 857094 - RHEV-M will not add IPA realm to rhevm-manage-domains
RHEV-M will not add IPA realm to rhevm-manage-domains
Status: CLOSED INSUFFICIENT_DATA
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-setup (Show other bugs)
3.1.0
Unspecified Unspecified
unspecified Severity high
: ---
: ---
Assigned To: Oved Ourfali
Pavel Stehlik
infra
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-13 10:44 EDT by Bill Sanford
Modified: 2016-02-10 14:17 EST (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-09-27 04:25:06 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
engine-manage-domains.log of the rhevm server (9.65 KB, text/x-log)
2012-09-13 11:13 EDT, Bill Sanford
no flags Details

  None (edit)
Description Bill Sanford 2012-09-13 10:44:42 EDT
Description of problem:
The 'rhevm-manage-domains' command will not add an IPA realm with active IPA administrator.

*** On the RHEV-M server:

[root@rhevm ~]# rhevm-manage-domains -action=add -domain=spice.lab.eng.bos.redhat.com -provider=IPA -user=rhevadmin -interactive -addPermissions
Enter password:

Failure while testing domain spice.lab.eng.bos.redhat.com. Details: Authentication Failed. Please verify the username and password.
[root@rhevm ~]# exit
logout
Connection to 10.16.24.60 closed.

*** On the IPA server: 
[root@dhcp-10-16-62-71 ~]# ssh 10.16.24.63
root@10.16.24.63's password: 
Last login: Thu Sep 13 09:09:21 2012 from 10.16.197.221
[root@spiceipa ~]# kinit rhevadmin
Password for rhevadmin@SPICE.LAB.ENG.BOS.REDHAT.COM: 
[root@spiceipa ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: rhevadmin@SPICE.LAB.ENG.BOS.REDHAT.COM

Valid starting     Expires            Service principal
09/13/12 10:21:20  09/14/12 10:21:14  krbtgt/SPICE.LAB.ENG.BOS.REDHAT.COM@SPICE.LAB.ENG.BOS.REDHAT.COM
[root@spiceipa ~]# 


Version-Release number of selected component (if applicable):
RHEV-M si17

How reproducible:
100% (Tried from both bare metal and VM of IPA install)

Steps to Reproduce:
1. See above
2.
3.
  
Actual results:
rhevm-manage-domains does not add the IPA realm and IPA user and errors.

Expected results:
rhevm-manage-domains adds the IPA realm and IPA user.

Additional info:
Comment 2 Bill Sanford 2012-09-13 11:13:32 EDT
Created attachment 612482 [details]
engine-manage-domains.log of the rhevm server
Comment 3 Oved Ourfali 2012-09-16 01:32:54 EDT
Are the clocks of your engine and your IPA server synchronized?
Comment 4 Bill Sanford 2012-09-17 09:28:17 EDT
They are both synced using ntp.
Comment 5 Bill Sanford 2012-09-17 09:53:17 EDT
I tried the rhevm-manage-domains with the "-realm" switch and I get the usage because it seems that the switch isn't recognized:

[root@rhevm ~]# rhevm-manage-domains -action=add -realm=SPICE.LAB.ENG.BOS.REDHAT.COM -domain=spice.lab.eng.bos.redhat.com -provider=IPA -user=rhevadmin -interactive -addPermissions 
engine-manage-domains: add/edit/delete/validate/list domains
USAGE:
	engine-manage-domains -action=ACTION [-domain=DOMAIN -provider=PROVIDER -user=USER -passwordFile=PASSWORD_FILE -interactive -configFile=PATH -addPermissions] -report
Comment 6 Oved Ourfali 2012-09-19 02:31:12 EDT
(In reply to comment #5)
> I tried the rhevm-manage-domains with the "-realm" switch and I get the
> usage because it seems that the switch isn't recognized:
> 
> [root@rhevm ~]# rhevm-manage-domains -action=add
> -realm=SPICE.LAB.ENG.BOS.REDHAT.COM -domain=spice.lab.eng.bos.redhat.com
> -provider=IPA -user=rhevadmin -interactive -addPermissions 
> engine-manage-domains: add/edit/delete/validate/list domains
> USAGE:
> 	engine-manage-domains -action=ACTION [-domain=DOMAIN -provider=PROVIDER
> -user=USER -passwordFile=PASSWORD_FILE -interactive -configFile=PATH
> -addPermissions] -report

We indeed have no such option in the utility.
Why do you need it in this case?
Comment 7 Yair Zaslavsky 2012-09-19 02:46:44 EDT
In reply to comment #5 and comment #6

our assumption is that realm is the uppercase version of domain provided by -domain.
Comment 8 Oved Ourfali 2012-09-19 03:08:30 EDT
Can you configure that domain in the engine machine, and try doing kinit there?

Note You need to log in before you can comment on or make changes to this bug.