It’s me again now with 2 questions, hope there’s no problem. Let’s see:
It seems I am unable to log in into my sunstone GUI. I can see the login page but I cannot authenticate. Whenever I put serveradmin (I changed its password with oneuser passwd and changed the sunstone_auth file to reflect the changes) it fires a warning saying ‘invalid username or password’ both putting the normal and the hash. However, whenever I put oneadmin and put the password hashed it fires this: ‘OpenNebula is not running or there was a server exception’ check the server logs and I will put it down here.
Wed Apr 15 18:35:07 2015 [E]: User serveradmin could not be authenticated
Wed Apr 15 18:35:07 2015 [E]: [UserInfo] User couldn’t be authenticated, aborting call.
Wed Apr 15 18:35:07 2015 [I]: Unauthorized login attempt
Wed Apr 15 18:35:07 2015 [I]: 172.18.10.8 - - [15/Apr/2015 18:35:07] “POST /login HTTP/1.1” 401 - 0.0033
Wed Apr 15 18:35:52 2015 [E]: [UserInfo] User couldn’t be authenticated, aborting call.
Wed Apr 15 18:35:52 2015 [I]: 172.18.10.8 - - [15/Apr/2015 18:35:52] “POST /login HTTP/1.1” 500 - 0.0432
The first three lines correspond when I use serveradmin either with normal password or hashed one. The last one represents when I use the hashed one for oneadmin. Any ideas? Something that it’s not running that I should run manually?
After playing a little with the CLI with the image of ttylinux and being able to install it and run on my test host I wanted to try a image I created, I executed and it seems my datastore is full. There’s no space available. Is there a way to purge this? Maybe it’s because I created a bunch of images and then deleted them and some are still there? When I execute onedatastore list it seems theres 2 images in the datastore but whenever I put onedatastore show ID it only appears the only image I have in oneimage list
Any help you can provide with this will be a relief and deeply appreciated. I am a newbie to OpenNebula.
After that update the sunstone_auth, oneflow_auth and onegate_auth files in your /var/lib/one/.one/ directory.
Restart oned and sunstone-server
Could you try running the onefsck command, it will fix inconsistent values in the database.
Regarding the capacity of the datastore, opennebula uses the following script to determine it (just a df command). Try checking if the directory has unused files, using the oneimage command you can retrieve the source of the image.
I tried all of this changing each and even rebooting the machine as a last resort even creating a new user for server purpouses and adding it to the same files in plain text and still seem unable to connect. I have checked the configuration of the sunstone server and accesed to the xml_rpc address and it seems working just fine (it says that POST is the only thing that it understands). Something else that you can tell me to check? Here’s the result of the .log of sunstone server.
Thu Apr 16 11:33:30 2015 [E]: User serveruser could not be authenticated
Thu Apr 16 11:33:30 2015 [E]: [UserInfo] User couldn’t be authenticated, aborting call.
Thu Apr 16 11:33:30 2015 [I]: Unauthorized login attempt
Thu Apr 16 11:33:30 2015 [I]: 172.18.10.8 - - [16/Apr/2015 11:33:30] “POST /login HTTP/1.1” 401 - 0.0061
And the .error
== Sinatra/1.3.2 has taken the stage on 9869 for development with backup from Thin
I couldnt find onefsck, probably in another package beside opennebula and opennebula-sunstone? I do however run onedb fsck which is the one I could dig from the documentation. And here is the only think it found…
First stop OpenNebula. Lock file found: /var/lock/one/one
Seeing this now I remember that the image I was testing stayed in lock more than 24 hours (I’m guessing it run out of space) therefore I executed oneimage delete. And I think that’s why the onedatastore list shows 2 images but when I run oneimage list it only shows one. I have checked the folders and indeed there’s one which consumes all the space in the datastore (which I guess is the one that I deleted and stayed in lock but wasn’t actually deleted from the datastore) Can I safely delete this folder or should I do something specific before and after to make it as clean as possible?
Thank you so much for all the help provided so far.
Deleted and now space is vastly free in the datastore, though it uses more space than intended by the image of tiny linux. Any idea why is this?
Sorry, I created this same user with the cipher as you showed for the serveradmin. Yes, I am using plain one in the sunstone_auth. I checked that the sunstone server was stopped, and indeed it stops, when it runs it shows:
It’s not imperative that I get access to the GUI since I have been using the CLI since the beggining (but it will be nice to be able to do so since some things in the documentation seem more easy in the GUI than in the CLI).
Thanks in advance! Regards
So after a lot of trouble, I managed to enter my sunstone GUI by changing the authorization from OpenNebula to Sunstone.
I changed it by reverse engineering your sandbox and discovered you guys have that authorization method of sunstone instead of opennebula. However I’m still missing why is that I couldn’t use it like that.
Also, I can only enter Sunstone with the oneadmin user and not with the serveradmin as you claim in your documentation.
Thanks for all the help, hope you can make it clearer for me
The serveradmin is not able to interact with sunstone/cli. This is a user that allows other components to authenticate on behave of other users. For example if you are using x509 certificates in sunstone, Apache will authenticate the user and then Sunstone will send a signed token using the serverdamin user telling OpenNebula that the user is already authenticated and authorized.
Setting the opennebula auth instead of the sunstone one you are forcing two authentication steps, the one done by sunstone with the Basic Auth header and a second one by the OpenNebula driver defined for that user.
Using the opennebula auth should not fail, I don’t what could be the problem. But you can use both methods, we set the opennebula method by default for deployments using and ldap authentication in previous releases the default method was sunstone.