[ovirt-users] fence_rhevm with oVirt >4.5

Wed, 17 Jul 2024 22:10:05 -0700 

Hello Folks

Is the "fence_rhevm" package compatible with oVirt >4.5? We're converting our 
legacy RHV cluster to a new install of oVirt latest with NFS backed storage. 
Everything has been working smoothly with the exception of the RHV-M fencing 
device on this newly provisioned oVirt 4.5.7 cluster with RHEL 9.4 hosts -- I 
haven't been able to get authentication working between the fencing device and 
the manager appliance. The same configuration is working on both the legacy RHV 
4.4 cluster (RHV nodes) and a test oVirt 4.5.6 cluster (RHEL 8.9 hosts).

The primary difference that comes to mind between my test and new cluster is 
that the newest one was installed with Keycloak SSO default configs while it 
was disabled on the older test environment.

I suspect it has something to do with dropping basic auth?

Assuming this is the case, can Keycloak be removed without having to rebuild 
the cluster? Are there any significant drawbacks to disabling it? I've found 
docs for converting from AAA to Keycloak, but not the reverse.

I see on the mailing list that the `ovirt-aaa-jdbc-tool` is deprecated and that 
Keycloak is strongly recommended moving forward -- is it possible to integrate 
an internal Keycloak implementation with the existing "fence_rhevm" package?

The errors I'm seeing are:

    401 Unauthorized
    This server could not verify that you
    are authorized to access the document
    requested.  Either you supplied the wrong
    credentials (e.g., bad password), or your
    browser doesn't understand how to supply
    the credentials required.

I've tried every variation of the <domain> value suggested -- including 
"admin@internal", "admin@ovirt@internal", "@admin@ovirt@internal-authz"

Thanks in advance,
Justin
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BQGPHXOUFWUZW6TIZIUPY5Y64E6EXUYJ/

Reply via email to