Thanks Rohit .
Updating the parameter as suggested by you worked for Us and reported
issue has been resolved .
Thanks Again
On 8/7/24 15:55, Rohit Yadav wrote:
Can you try to change via MySQL client, try something like this:
update cloud.configuration set value='true' where
name='dynamic.apichecker.enabled';
And then restart your management servers.
However, pl also read https://www.shapeblue.com/dynamic-roles-in-cloudstack/
and
https://docs.cloudstack.apache.org/en/4.19.1.1/adminguide/accounts.html#using-dynamic-roles
Regards.
________________________________
From: Biswajit Banerjee <[email protected]>
Sent: Wednesday, August 7, 2024 3:42:28 PM
To: [email protected] <[email protected]>
Subject: Re: Upgrade to 4.19.1.0 from 4.15.1 - Issues
Hi Rohit ,
Not Able to enable dynamic.apichecker.enabled . Having issue as
(cmk) > update configuration name=dynamic.apichecker.enabled value=true
Error: (HTTP 431, error code 9999) Restricted configuration update not
allowed.
On 8/7/24 13:38, Rohit Yadav wrote:
All,
If you're facing this issues, chances are you are using an old/deprecated
static role checker. Please see if enabling the dynamic checker and restarting
the management server fixes your issue -
https://github.com/apache/cloudstack/issues/9491#issuecomment-2272758422
Regards.
________________________________
From: Janis Viklis | Files.fm <[email protected]>
Sent: Tuesday, August 6, 2024 18:58
To: [email protected] <[email protected]>
Subject: Re: Upgrade to 4.19.1.0 from 4.15.1 - Issues
+1. Same issues, multiple/different messages depending on user type:
Root admin: The given command 'readyForShutdown' either does not exist,
is not available for user. Unable to proceed. Please contact your
administrator.
User: The given command 'listAnnotations' either does not exist, is not
available for user. Unable to proceed. Please contact your administrator.
https://cloudstack_host/client/api/?command=readyForShutdown&response=json
{
"readyforshutdownresponse": {
"uuidList": [],
"errorcode": 401,
"cserrorcode": 9999,
"errortext": "The given command 'readyForShutdown' either does
not exist, is not available for user."
}
}
2024-08-06 16:24:30,351 DEBUG [c.c.a.ApiServlet]
(qtp1386883398-1735:ctx-929d21c8) (logid:c95b3248) ===START===
10.10.10.31 -- GET command=readyForShutdown&response=json
2024-08-06 16:24:30,351 DEBUG [c.c.a.ApiServlet]
(qtp1386883398-1735:ctx-929d21c8) (logid:c95b3248) Two factor
authentication is already verified for the user 2, so skipping
2024-08-06 16:24:30,375 DEBUG [c.c.a.ApiServer]
(qtp1386883398-1735:ctx-929d21c8 ctx-0017b621) (logid:c95b3248) CIDRs
from which account 'Account
[{"accountName":"admin","id":2,"uuid":"f0e7fdf6-48f1-11e6-a9f1-00163e44393e"}]'
is allowed to perform API calls: 0.0.0.0/0
2024-08-06 16:24:30,391 DEBUG [c.c.a.ApiServlet]
(qtp1386883398-1735:ctx-929d21c8 ctx-0017b621) (logid:c95b3248)
===END=== 10.10.10.31 -- GET command=readyForShutdown&response=json
Janis
On 2024-08-06 10:25, Biswajit Banerjee wrote:
Github issue raise at https://github.com/apache/cloudstack/issues/9491
On 8/6/24 10:54, Biswajit Banerjee wrote:
Thanks Rohit for quick response
We have created account and assigned them to root admin roles . does
it means custom root admin role ?
We will raise the case at github .
On 8/5/24 16:20, Rohit Yadav wrote:
Hi Biswajit - are you using custom Root Admin roles?
The CloudStack safe shutdown feature added this API
(https://github.com/apache/cloudstack/pull/6755) and you may need to
check and allow this API for your root admin roles if they already
don't have this API allowed. However, I sense skimming quickly the
feature doesn't seems to allow a way to disable it - perhaps you can
review for your use-cases and log an issue here -
https://github.com/apache/cloudstack/issues
Regards.
________________________________
From: Biswajit Banerjee <[email protected]>
Sent: Monday, August 5, 2024 15:18
To: [email protected] <[email protected]>
Subject: Re: Upgrade to 4.19.1.0 from 4.15.1 - Issues
Thanks Rohit
Our console access has been sorted out by enabling novnc console via
global config .
Can You Please help us with
We are getting repeated error on ACS webUI with admin users saying "The
given command '*readyForShutdown'* either does not exist, is not
available for user. Unable to proceed. Please contact your
administrator" every Second . how can we disable this repeated
message .
Thanks
Biswajit
On 8/5/24 11:31, Rohit Yadav wrote:
Can you try this:
1.
Try the UI in a different browser or incognito mode to rule our
UI-related caching issues
2.
Have you upgraded all your management servers to 4.19.1.0?
3.
And all your KVM hosts - are they all Up and in healthy states?
Have you secured them all? For example, after upgrading your hosts
you can ensure that libvirtd runs on TLS secured port 15914, or use
thishttps://cloudstack.apache.org/api/apidocs-4.19/apis/provisionCertificate.html
4.
As a workaround, you can set the auth strictness
(ca.plugin.root.auth.strictness global setting via mgmt server UI)
to false and try #3
5.
Repeat your tests again by destroying your CPVM
Regards.
________________________________
From: Biswajit Banerjee<[email protected]>
Sent: Monday, August 5, 2024 11:23
To:[email protected] <[email protected]>
Subject: Re: Upgrade to 4.19.1.0 from 4.15.1 - Issues
Hi Experts ,
Please Help on the stated issues
Thanks
Biswajit
On 8/2/24 18:58, Biswajit Banerjee wrote:
Yes , there are 23 KVM hosts , all has been upgraded .
FYI we are still using Centos7.9 on all hosts .
On 8/2/24 18:14, Wei ZHOU wrote:
Have you upgraded all cloudstack-agent (if you use kvm) ?
-Wei
On Fri, Aug 2, 2024 at 2:33 PM Biswajit Banerjee
<[email protected]> wrote:
After destroying the VM , it gets automatically recreated . I
presume
that is what is expected .
Let me Know if any thing else is required .
Also about " 'readyForShutdown' either does not exist, is not
available for user. Unable to proceed " Please guide me
On 8/2/24 17:59, Biswajit Banerjee wrote:
Yes destroyed CPVM Many times but did not work .
On 8/2/24 13:16, Wei ZHOU wrote:
Hi,
Have you destroy/recreate the CPVM ?
-Wei
On Fri, Aug 2, 2024 at 12:55 AM Biswajit Banerjee
<[email protected]> wrote:
Hello,
We have Upgraded ACS 4.15.1 to 4.19.1.0 . Every thing are
fine apart
from 2 issues
1. We are getting repeated error on ACS webUI with admin
users
saying "
The given command 'readyForShutdown' either does not
exist,
is not
available for user. Unable to proceed. Please contact
your
administrator" every Second . how can we disable this
repeated
message . please Guide
2. Console proxy gives " Access is denied for the
console session
" and
Following is the error in /var/log/cloud.log
/A2024-08-01 22:38:48,121 INFO [cloud.consoleproxy.ConsoleProxy]
(Console-Proxy-Main:null) Setting reconnectMaxRetry=5
2024-08-01 22:38:48,127 INFO
[cloud.consoleproxy.ConsoleProxyBaseServerFactoryImpl]
(Console-Proxy-Main:null) create HTTP server instance at
port: 80
2024-08-01 22:38:48,718 INFO [cloud.consoleproxy.ConsoleProxy]
(Console-Proxy-Main:null) Listening for HTTP CMDs on port 8001
2024-08-01 22:39:29,274 INFO [cloud.consoleproxy.ConsoleProxy]
(Thread-12:null) Session null has already been used, cannot
connect
*2024-08-01 22:39:29,278 WARN [cloud.consoleproxy.ConsoleProxy]
(Thread-12:null) External authenticator failed authentication
request
for vm 3cdf6590-ffa2-40e8-966c-63cc42534c26 with sid
uDFk1uQZy9YBz5ZRSSB1SA
2024-08-01 22:39:29,281 WARN
[cloud.consoleproxy.ConsoleProxyAjaxHandler] (Thread-12:null)
Failed to
create viewer due to External authenticator failed request
for vm
3cdf6590-ffa2-40e8-966c-63cc42534c26 with sid
uDFk1uQZy9YBz5ZRSSB1SA
com.cloud.consoleproxy.AuthenticationException: External
authenticator
failed request for vm 3cdf6590-ffa2-40e8-966c-63cc42534c26
with sid
uDFk1uQZy9YBz5ZRSSB1SA*
at
com.cloud.consoleproxy.ConsoleProxy.authenticationExternally(ConsoleProxy.java:564)
at
com.cloud.consoleproxy.ConsoleProxy.getAjaxVncViewer(ConsoleProxy.java:494)
at
com.cloud.consoleproxy.ConsoleProxyAjaxHandler.doHandle(ConsoleProxyAjaxHandler.java:142)
at
com.cloud.consoleproxy.ConsoleProxyAjaxHandler.handle(ConsoleProxyAjaxHandler.java:51)
at
jdk.httpserver/com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:77)
at
jdk.httpserver/sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:82)
at
jdk.httpserver/com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:80)
at
jdk.httpserver/sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:848)
at
jdk.httpserver/com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:77)
at
jdk.httpserver/sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:817)
at java.base/java.lang.Thread.run(Thread.java:829)
2024-08-01 22:40:18,843 INFO [cloud.consoleproxy.ConsoleProxy]
(Thread-14:null) Session null has already been used, cannot
connect
2024-08-01 22:40:18,861 WARN [cloud.consoleproxy.ConsoleProxy]
(Thread-14:null) External authenticator failed authentication
request
for vm 3cdf6590-ffa2-40e8-966c-63cc42534c26 with sid
uDFk1uQZy9YBz5ZRSSB1SA
2024-08-01 22:40:18,862 WARN
[cloud.consoleproxy.ConsoleProxyAjaxHandler] (Thread-14:null)
Failed to
create viewer due to External authenticator failed request
for vm
3cdf6590-ffa2-40e8-966c-63cc42534c26 with sid
uDFk1uQZy9YBz5ZRSSB1SA
com.cloud.consoleproxy.AuthenticationException: External
authenticator
failed request for vm 3cdf6590-ffa2-40e8-966c-63cc42534c26
with sid
uDFk1uQZy9YBz5ZRSSB1SA
at
com.cloud.consoleproxy.ConsoleProxy.authenticationExternally(ConsoleProxy.java:564)
at
com.cloud.consoleproxy.ConsoleProxy.getAjaxVncViewer(ConsoleProxy.java:494)
at
com.cloud.consoleproxy.ConsoleProxyAjaxHandler.doHandle(ConsoleProxyAjaxHandler.java:142)
at
com.cloud.consoleproxy.ConsoleProxyAjaxHandler.handle(ConsoleProxyAjaxHandler.java:51)
at
jdk.httpserver/com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:77)
at
jdk.httpserver/sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:82)
at
jdk.httpserver/com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:80)
at
jdk.httpserver/sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:848)
at
jdk.httpserver/com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:77)
at
jdk.httpserver/sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:817)
at java.base/java.lang.Thread.run(Thread.java:829)
/Please guide us to resolve the issue .
TIA
Regards
Biswajit
