This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-API] RE: PERMISSION_DENIED on get_this_host

To: 'Hinrich Aue' <Hinrich.Aue@xxxxxxxxx>, "xen-api@xxxxxxxxxxxxxxxxxxx" <xen-api@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-API] RE: PERMISSION_DENIED on get_this_host
From: Marcus Granado <Marcus.Granado@xxxxxxxxxxxxx>
Date: Fri, 19 Mar 2010 18:33:12 +0000
Accept-language: en-US
Acceptlanguage: en-US
Delivery-date: Fri, 19 Mar 2010 11:38:57 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <51AD54C8AF46C34B9BED3350565674823E1BE8ABC9@xxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-api-request@lists.xensource.com?subject=help>
List-id: Discussion of API issues surrounding Xen <xen-api.lists.xensource.com>
List-post: <mailto:xen-api@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=unsubscribe>
References: <51AD54C8AF46C34B9BED3350565674823E1BE8ABC9@xxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-api-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcrGoN1h2bJJc1p4RFyE/mmtPf1Z6gA8SFcQ
Thread-topic: PERMISSION_DENIED on get_this_host

Hi Hinrich,


Have a look at the XE commands subject-list, subject-add, subject-role-add. It’s only possible to log in to XenServer by using a subject with a role. But since you say you were able to successfully log in, you should already have one. You can also have a look at /var/log/xensource.log and see if you find any relevant debug messages when calling get_this_host.


It works for me with root, and both with a pool-admin user and a read-only user (h04 is the master):


$ python

Python 2.5.2 (r252:60911, Jan 20 2010, 21:48:48)

[GCC 4.2.4 (Ubuntu 4.2.4-1ubuntu3)] on linux2

Type "help", "copyright", "credits" or "license" for more information.

>>> import xmlrpclib

>>> x=xmlrpclib.Server("http://h04")


>>> session_root=x.session.login_with_password("root","password")['Value']

>>> x.session.get_this_host(session_root,session_root)

{'Status': 'Success', 'Value': 'OpaqueRef:4a50d6df-fd5f-5262-0c49-979f0a0d48bf'}


>>> session_ad_user_pool_admin=x.session.login_with_password("user_pool_admin","password")['Value']

>>> x.session.get_this_host(session_ad_user_pool_admin,session_ad_user_pool_admin)

{'Status': 'Success', 'Value': 'OpaqueRef:4a50d6df-fd5f-5262-0c49-979f0a0d48bf'}


>>> session_ad_user_read_only=x.session.login_with_password("user_read_only","password")['Value']

>>> x.session.get_this_host(session_ad_user_read_only,session_ad_user_read_only)

{'Status': 'Success', 'Value': 'OpaqueRef:4a50d6df-fd5f-5262-0c49-979f0a0d48bf'}


>>> x.host.get_all_records(session_ad_user_read_only)

{'Status': 'Success', 'Value': {'OpaqueRef:4a50d6df-fd5f-5262-0c49-979f0a0d48bf': { 'hostname': 'h04', 'name_label': 'h04', 'PBDs': ['OpaqueRef:c6938a14-e867-a825-a2e8-8caf6c46d19a', 'OpaqueRef:da701650-470e-f279-243a-e64aee6d12df', 'OpaqueRef:badd8c04-a95f-983e-9cfd-ce44e332d486', 'OpaqueRef:c6bccba6-21c2-dca5-4331-f3958880a86b'], 'supported_bootloaders': ['pygrub', 'eliloader'], 'host_CPUs': ['OpaqueRef:e4d4b690-5ae5-0f08-6895-059b43fdcdb1', 'OpaqueRef:5c93742e-dba1-6d93-91ba-df33ecdc308a'], 'API_version_minor': '7', 'allowed_operations': ['vm_migrate', 'evacuate', 'shutdown', 'provision', 'reboot', 'vm_resume', 'vm_start'], 'cpu_info': {'physical_features': '0000e3bd-bfebfbff-00000001-20100000', 'modelname': 'Intel(R) Core(TM)2 CPU          6400  @ 2.13GHz', 'vendor': 'GenuineIntel', 'features': '0000e3bd-bfebfbff-00000001-20100000', 'family': '6', 'maskable': 'false', 'cpu_count': '2', 'flags': 'fpu de tsc msr pae mce cx8 apic sep mtrr mca cmov pat clflush acpi mmx fxsr sse sse2 ss ht nx constant_tsc pni vmx est ssse3', 'stepping': '2', 'model': '15', 'features_after_reboot': '0000e3bd-bfebfbff-00000001-20100000', 'speed': '2131.206'}, 'API_version_vendor_implementation': {}, 'name_description': 'Default install of XenServer', 'API_version_vendor': 'XenSource', 'uuid': '029ee6db-74e4-46a7-b044-5fd7f3fe32f8', 'ha_statefiles': [],  'capabilities': ['xen-3.0-x86_64', 'xen-3.0-x86_32p', 'hvm-3.0-x86_32', 'hvm-3.0-x86_32p', 'hvm-3.0-x86_64', ''], 'PIFs': ['OpaqueRef:1b76df2b-c3a7-d56c-e164-8c5454f99788', 'OpaqueRef:db76d2f......


From: xen-api-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-api-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Hinrich Aue
Sent: 18 March 2010 13:43
To: xen-api@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-API] PERMISSION_DENIED on get_this_host


Hello list,


I was able to successfully log into xen api xmlrpc with username and password.


After that I called get_this_host – and I get




I don’t have any idea how to find out where to set the right permissions, of what actually failed due to invalid permissions.


Any clues?


Thanks in advance - Hinrich

Hinrich Aue
Sr. SW Engineer
Kofax Development GmbH

Wentzinger Strasse 19
79106 Freiburg

Tel: +49 (0) 761 45269 57234
Fax: +49 (0) 761 45269 58734


This communication is only for the use of the intended recipient. It may contain confidential or proprietary information. If you are not the intended recipient or have received this communication in error, please notify the sender via phone and destroy this communication immediately.

Kofax Deutschland AG
Sitz der Gesellschaft: Freiburg i.Brg.
Amtsgericht Freiburg: HRB 5319
Vorstand: Jörg Grundmann (Vorsitzender), Gabriele Froning
Aufsichtsratsvorsitzender: Stefan Gaiser


xen-api mailing list
<Prev in Thread] Current Thread [Next in Thread>