From: wb <webmaster@jbsky.fr>
To: "pve-devel@lists.proxmox.com" <pve-devel@lists.proxmox.com>
Subject: [pve-devel] RE : pve-devel Digest, Vol 132, Issue 53
Date: Mon, 24 May 2021 23:45:02 +0200 [thread overview]
Message-ID: <02c8e0ce3079939415c742edf16c0966@mwinf5d78.me-wanadoo.net> (raw)
In-Reply-To: <mailman.1.1621850401.15220.pve-devel@lists.proxmox.com>
Hi Dietmar,
Thank you for your feedback.
However, since I am starting on a new installation, I am surprised to get this kind of answer.
« Your cluster fs is not working (pmxcfs). See you run on a broken installation. »
Or
« You need a working PVE installation before doing any API calls... »
With the following command, I have the process up!
ps aux | grep pmxcfs
I think I have enough knowledge about SAML and Perl to do it, however, the support of a dev would be ideal at least on the lock part.
I'm trying to implement a new api so that Proxmox authentication works with SAMLv2.
I would have preferred to have more info on the following part :
# this is just a readonly copy, the relevant one is in status.c from pmxcfs
# observed files are the one we can get directly through IPCC, they are cached
# using a computed version and only those can be used by the cfs_*_file methods
To try to bring a little more element, I added a file to the following list in the PVE::Cluster file
my $observed = {
'request.tmp' => 1,
Still in the PVE::Cluster file, It is well in the following part that it blocks :
If I take the error message from the first email,
« error during cfs-locked \'file-request_tmp\' operation: pve cluster filesystem not online /etc/pve/priv/lock. »
If I test the dir /etc/pve/priv/lock, it exists!
Do the files we add in PVE::Cluster file need to be listed in /var/lib/pve-cluster/config.db, if so, any spec please?
Thanking you in advance,
Sincerely,
Julien BLAIS
De : pve-devel-request@lists.proxmox.com
Envoyé le :lundi 24 mai 2021 12:00
À : pve-devel@lists.proxmox.com
Objet :pve-devel Digest, Vol 132, Issue 53
Send pve-devel mailing list submissions to
pve-devel@lists.proxmox.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
or, via email, send a message with subject or body 'help' to
pve-devel-request@lists.proxmox.com
You can reach the person managing the list at
pve-devel-owner@lists.proxmox.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of pve-devel digest..."
Today's Topics:
1. cfs-locked 'authkey' operation: pve cluster filesystem not
online (wb)
2. Re: cfs-locked 'authkey' operation: pve cluster filesystem
not online (Dietmar Maurer)
----------------------------------------------------------------------
Message: 1
Date: Sun, 23 May 2021 23:23:23 +0200
From: wb <webmaster@jbsky.fr>
To: "pve-devel@lists.proxmox.com" <pve-devel@lists.proxmox.com>
Subject: [pve-devel] cfs-locked 'authkey' operation: pve cluster
filesystem not online
Message-ID:
<fb0ddc9e61de4c98f1498ff4375b9689@mwinf5d62.me-wanadoo.net>
Content-Type: text/plain; charset="utf-8"
Hello to all.
I have the plan to implement the SSO authentication feature with the SAML protocol.
However, I have an error that prevents me from validating the authentication process.
It is about the locks.
The first step is to store the request_saml_id. If I try to create a file by your libraries, I get an 500 error with msg:
error during cfs-locked \'file-request_tmp\' operation: pve cluster filesystem not online /etc/pve/priv/lock.
https://github.com/jbsky/proxmox-saml2-auth/commit/d75dc621aae719c8fdd251859af9641cda0e526b
Ok, I can make a temp workaround.
2nd step?:
When I try to create a ticket with the function create_ticket in package PVE::API2::AccessControl;
I've got this error :
authentication failure; rhost=127.0.0.1 user=admin@DOM msg=error during cfs-locked 'authkey' operation: pve cluster filesystem not online /etc/pve/priv/lock
src : https://github.com/jbsky/proxmox-saml2-auth/commit/93b02727d2e172968c14c4ce3a7c27e8d5c0feb0
I have really bad luck with these locks!
Can you help me to understand the prerequisites to make the lock work?
If you want init a redirect to an identity provider(IdP, ex: Keycloak), use this url :
https://pve/api2/html/access/saml?realm=DOM
After an authentication side IdP, the IdP post to pve at https://pve/api2/html/access/saml.
I'm sorry to work on a separate repository, it's because I don't know your components very well.
I would be grateful if you could tell me how to debug these locks.
Thanking you in advance,
Sincerely,
Julien BLAIS
------------------------------
Message: 2
Date: Mon, 24 May 2021 09:45:15 +0200 (CEST)
From: Dietmar Maurer <dietmar@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
wb <webmaster@jbsky.fr>
Subject: Re: [pve-devel] cfs-locked 'authkey' operation: pve cluster
filesystem not online
Message-ID: <606562427.786.1621842315013@webmail.proxmox.com>
Content-Type: text/plain; charset=UTF-8
Hi Julien,
> Hello to all.
>
> I have the plan to implement the SSO authentication feature with the SAML protocol.
> However, I have an error that prevents me from validating the authentication process.
> It is about the locks.
> The first step is to store the request_saml_id. If I try to create a file by your libraries, I get an 500 error with msg:
> error during cfs-locked \'file-request_tmp\' operation: pve cluster filesystem not online /etc/pve/priv/lock.
Your cluster fs is not working (pmxcfs). See you run on a broken installation.
> https://github.com/jbsky/proxmox-saml2-auth/commit/d75dc621aae719c8fdd251859af9641cda0e526b
> Ok, I can make a temp workaround.
>
> 2nd step?:
> When I try to create a ticket with the function create_ticket in package PVE::API2::AccessControl;
> I've got this error :
> authentication failure; rhost=127.0.0.1 user=admin@DOM msg=error during cfs-locked 'authkey' operation: pve cluster filesystem not online /etc/pve/priv/lock
Again, the pmxcfs is not online.
> src : https://github.com/jbsky/proxmox-saml2-auth/commit/93b02727d2e172968c14c4ce3a7c27e8d5c0feb0
>
> I have really bad luck with these locks!
> Can you help me to understand the prerequisites to make the lock work?
You need a working PVE installation before doing any API calls...
------------------------------
Subject: Digest Footer
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
------------------------------
End of pve-devel Digest, Vol 132, Issue 53
******************************************
next parent reply other threads:[~2021-05-24 21:45 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <mailman.1.1621850401.15220.pve-devel@lists.proxmox.com>
2021-05-24 21:45 ` wb [this message]
2021-05-25 6:11 ` Thomas Lamprecht
2021-05-25 20:20 ` [pve-devel] RE : " wb
[not found] ` <e86b4b273756ab5b78d9948086eb04cb@mwinf5d07.me-wanadoo.net>
2021-05-26 6:22 ` Thomas Lamprecht
2021-05-26 22:28 ` [pve-devel] RE : " wb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=02c8e0ce3079939415c742edf16c0966@mwinf5d78.me-wanadoo.net \
--to=webmaster@jbsky.fr \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.