WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-api

RE: [Xen-API] Authentication mismatch in API to create pool

To: 'Marco Sinhoreli' <msinhore@xxxxxxxxx>, xen-api <xen-api@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-API] Authentication mismatch in API to create pool
From: Marcus Granado <Marcus.Granado@xxxxxxxxxxxxx>
Date: Wed, 25 Nov 2009 18:57:39 +0000
Accept-language: en-US
Acceptlanguage: en-US
Cc:
Delivery-date: Wed, 25 Nov 2009 10:57:43 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20fe3cf60911241659k142dc4d4y6311f082823d2d93@xxxxxxxxxxxxxx>
List-help: <mailto:xen-api-request@lists.xensource.com?subject=help>
List-id: Discussion of API issues surrounding Xen <xen-api.lists.xensource.com>
List-post: <mailto:xen-api@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=unsubscribe>
References: <20fe3cf60911241659k142dc4d4y6311f082823d2d93@xxxxxxxxxxxxxx>
Sender: xen-api-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcptapioiiDVKmgGT3iHDMoD7V0YlAAkiusg
Thread-topic: [Xen-API] Authentication mismatch in API to create pool
Hi Marco,
You should use the same service-name throughout the pool. You should either:
- join the hosts to the pool first and only then enable the external 
authentication on the pool running pool-enable-external-auth once; in this case 
each host in the pool will have its external authentication automatically 
enabled (recommended)
- enable the external authentication in each host with the same service-name 
(maybe using host-enable-external-auth), and then join the hosts to the pool
After that, you can use subject-add to specify the users or groups you want to 
be able to log in the pool, and subject-role-add to assign roles to them (you 
need to have a role in order to be able to log in).
Btw, the PAM auth-type doesn't need the config:user param.

Cheers,

> -----Original Message-----
> From: xen-api-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-api-
> bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Marco Sinhoreli
> Sent: 25 November 2009 00:59
> To: xen-api
> Subject: [Xen-API] Authentication mismatch in API to create pool
> 
> Hello everybody,
> 
> I'm trying to create a pool with PAM authentication enabled in my XCP
> hosts. I have a rpm package used to configure the hosts. I'm running
> these commands:
> 
> <code>
>     xe pool-enable-external-auth auth-type=PAM config:user=xswm
> service-name=$(hostname)
>     xe subject-add subject-name=xswm
>     subject_uuid=$(xe subject-list  | awk '/^uuid/{print $5}')
>    role_uuid=$(xe role-list  name=pool-operator params=uuid | awk
> '/^uuid/{print $5}')
>    xe subject-role-add uuid=${subject_uuid} role-uuid=${role_uuid}
> </code>
> 
> This is configured in all hosts using the same user. Looking for code
> to create pool in API, I saw this entries in file xapi_pool.ml:
> 
> <code>
>                debug "Verifying if external auth configuration of
> master %s (auth_type=%s service_name=%s) matches that of slave-to-be
> %s (auth-type=%s servi\
> ce_name=%s)"
>                         (Client.Host.get_name_label ~rpc ~session_id
> ~self:master) master_auth_type master_auth_service_name
>                         (Db.Host.get_name_label ~__context
> ~self:slavetobe) slavetobe_auth_type slavetobe_auth_service_name;
>                 if (slavetobe_auth_type <> master_auth_type)
>               || (slavetobe_auth_service_name <> master_auth_service_name)
> then begin
>                         error "Cannot join pool whose external
> authentication configuration is different";
>                         raise
> (Api_errors.Server_error(Api_errors.pool_joining_external_auth_mismatch,
> []))
>                 end in
> </code>
> 
> This check isn't let me create the pool, is returning this message:
> 
> <code>
> Cannot join pool whose external authentication configuration is
> different.
> </code>
> 
> Well, as I told, I have the same auth method in all hosts using and
> connecting with the same user. Is this some routine mistake or is this
> right?
> 
> PS: I'm using in XenServer 5.0.0 a PAM user without problem.
> 
> Cheers,
> 
> --
> Marco Sinhoreli
> 
> _______________________________________________
> xen-api mailing list
> xen-api@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/mailman/listinfo/xen-api
_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-api
<Prev in Thread] Current Thread [Next in Thread>