Oneadmin authentication issue for all one* commands - not solved after trying available fixes

Community Support General
1

Hi ,

Running minione 6.0.0.1 with KVM.
I changed oneadmin password trying to fix the annoying “FireEdge private endpoint is not working, please contact your cloud administrator” alert in sunstone portal.
using below method:
oneuser passwd 0
echo ‘oneadmin:PASSWORD’ > /var/lib/one/.one/one_auth

After reboot of the server, every one* commands like oneuser, onevm etc are throwign this error
“User couldn’t be authenticated, aborting call.”

All the vm creations etc are working, sunstone is working.

But nothing works commandline.
And the error "“FireEdge private endpoint is not working, please contact your cloud administrator” didnt go away even after setting just alphanumeric simple password lowercase.

Also tried resetting password on oneadmin through this process

#!/bin/bash
systemctl stop opennebula
one_pass=“ThePassword”
one_auth="$(echo -n $one_pass | openssl sha1)"
one_auth="${one_auth##[[:space:]]}"*
one_xml="$(sqlite3 ~oneadmin/one.db “select body from user_pool where name=‘oneadmin’;”)"
one_xml_new="$(echo “$one_xml” | sed -e "s|.|$one_auth|")"*
cp ~oneadmin/one.db ~oneadmin/one.db.orig
sqlite3 ~oneadmin/one.db “update user_pool set body=’$one_xml_new’ where name=‘oneadmin’;”
sed -i -e "s|oneadmin:.|oneadmin:$one_pass|" ~oneadmin/.one/one_auth*
systemctl start opennebula

Any thoughts, please…

2

Please set the fireedge public endpoint in sunstone-server.conf

3

Thanks tino.
Is it possible to disable fireedge service end point for public or that service altogeather, so sunstone wont complain about it.

if I set host to 0.0.0.0, it complains “FireEdge private endpoint is not working”
If set to 127.0.0.1 “FireEdge public endpoint is not working”

Another thing on one* commands is still an issue,
Verified if this is the bug of login template as suggested in OpenNebula 6.0 Authentication stopped working - #3 by AaronLea

in 6.0.0.1, there is no login template in the xml for oneuser too.
Interesting whatelse the issue could be

4

Defining fireedge host to 127.0.0.1 in /etc/one/fireedge-server.conf

# FireEdge server host
host: '127.0.0.1'

and commenting fireedge related variables in /etc/one/sunstone-server.conf

#:private_fireedge_endpoint: http://localhost:2616
#:public_fireedge_endpoint: http://localhost:2616

Should satisfy the sunstone checks for fireedge (and disable the fireedge in sunstone)

Hope this helps…

Best Regards,
Anton Todorov

1 Like
5

Yes it did help. Thank you so much for the guidance Anton.

Any thoughts around the one commands error, “User couldn’t be authenticated, aborting call.”

6

What DB backed you are using? sqlite or MySQL?

7 
one_auth="$(echo -n $one_pass | openssl sha1)"

And what is the OpenNebula version? Asking because sha1 is deprecated in flavor of sha256

8

This is a working example:

[root@one512 ~]# cat ~oneadmin/.one/one_auth
oneadmin:storpool
[root@one512 .one]# echo -n storpool | openssl sha256
(stdin)= c8a51c959348b6d8d98d1f5c1b5385433e64f8f992735d0da5fa832634dcb8d8
[root@one512 ~]# mysql opennebula -e "select * from user_pool where oid=0;"
+-----+----------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------+------+---------+---------+---------+
| oid | name     | body                                                                                                                                                                                                                                                                                                                                                                                                         | uid  | gid  | owner_u | group_u | other_u |
+-----+----------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------+------+---------+---------+---------+
|   0 | oneadmin | <USER><ID>0</ID><GID>0</GID><GROUPS><ID>0</ID></GROUPS><GNAME>oneadmin</GNAME><NAME>oneadmin</NAME><PASSWORD><![CDATA[c8a51c959348b6d8d98d1f5c1b5385433e64f8f992735d0da5fa832634dcb8d8]]></PASSWORD><AUTH_DRIVER><![CDATA[core]]></AUTH_DRIVER><ENABLED>1</ENABLED><TEMPLATE><TOKEN_PASSWORD><![CDATA[03523f89fa96f017efffeb888225fb9f1f5db61ce6e07d8d0a47878859f683f1]]></TOKEN_PASSWORD></TEMPLATE></USER> |    0 |    0 |       1 |       0 |       0 |
+-----+----------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------+------+---------+---------+---------+
1 Like
9

I’m using 6.0.0.1 , sqlite backend.

sha1 could be it then, I had to purge the previous install and did a fresh one.
Thanks for the hints, much appreciated Anton!