From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 2457D721BC for ; Mon, 24 May 2021 23:45:43 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 079132545F for ; Mon, 24 May 2021 23:45:13 +0200 (CEST) Received: from smtp.smtpout.orange.fr (smtp02.smtpout.orange.fr [80.12.242.124]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 762BC2543D for ; Mon, 24 May 2021 23:45:10 +0200 (CEST) Received: from dovecot.localdomain ([90.118.15.232]) by mwinf5d78 with ME id 8ll32500250Qfqq03ll329; Mon, 24 May 2021 23:45:04 +0200 X-ME-Helo: dovecot.localdomain X-ME-Auth: anVsaWVuLmJsYWlzNUBvcmFuZ2UuZnI= X-ME-Date: Mon, 24 May 2021 23:45:04 +0200 X-ME-IP: 90.118.15.232 Message-ID: <02c8e0ce3079939415c742edf16c0966@mwinf5d78.me-wanadoo.net> MIME-Version: 1.0 To: "pve-devel@lists.proxmox.com" From: wb Date: Mon, 24 May 2021 23:45:02 +0200 Importance: normal X-Priority: 3 In-Reply-To: References: X-SPAM-LEVEL: Spam detection results: 1 AWL -0.380 Adjusted score from AWL reputation of From: address HTML_MESSAGE 0.001 HTML included in message KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods KAM_LOTSOFHASH 0.25 Emails with lots of hash-like gibberish KAM_NUMSUBJECT 0.5 Subject ends in numbers excluding current years RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust RCVD_IN_MSPIKE_H2 -0.001 Average reputation (+2) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record T_MIME_MALF 0.01 Malformed MIME: headers in body Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: [pve-devel] =?utf-8?q?RE=C2=A0=3A_pve-devel_Digest=2C_Vol_132=2C?= =?utf-8?q?_Issue_53?= X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 May 2021 21:45:43 -0000 Hi Dietmar, Thank you for your feedback. However, since I am starting on a new installation, I am surprised to get t= his kind of answer. =C2=AB=C2=A0Your cluster fs is not working (pmxcfs). See you run on a broke= n installation.=C2=A0=C2=BB Or=20 =C2=AB=C2=A0You need a working PVE installation before doing any API calls.= ..=C2=A0=C2=BB With the following command, I have the process up! ps aux | grep pmxcfs I think I have enough knowledge about SAML and Perl to do it, however, the = support of a dev would be ideal at least on the lock part. I'm trying to implement a new api so that Proxmox authentication works with= SAMLv2. I would have preferred to have more info on the following part=C2=A0: # this is just a readonly copy, the relevant one is in status.c from pmxcfs # observed files are the one we can get directly through IPCC, they are cac= hed # using a computed version and only those can be used by the cfs_*_file met= hods To try to bring a little more element, I added a file to the following list= in the PVE::Cluster file my=C2=A0$observed=C2=A0=3D=C2=A0{ =C2=A0=C2=A0=C2=A0=C2=A0'request.tmp'=C2=A0=3D>=C2=A01, Still in the PVE::Cluster file, It is well in the following part that it bl= ocks=C2=A0: If I take the error message from the first email, =C2=AB=C2=A0 error during cfs-locked \'file-request_tmp\' operation: pve cl= uster filesystem not online /etc/pve/priv/lock.=C2=A0=C2=BB If I test the dir /etc/pve/priv/lock, it exists! Do the files we add in PVE::Cluster file need to be listed in /var/lib/pve-= cluster/config.db, if so, any spec please? Thanking you in advance,=20 Sincerely, Julien BLAIS De=C2=A0: pve-devel-request@lists.proxmox.com Envoy=C3=A9 le=C2=A0:lundi 24 mai 2021 12:00 =C3=80=C2=A0: pve-devel@lists.proxmox.com Objet=C2=A0:pve-devel Digest, Vol 132, Issue 53 Send pve-devel mailing list submissions to pve-devel@lists.proxmox.com To subscribe or unsubscribe via the World Wide Web, visit https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel or, via email, send a message with subject or body 'help' to pve-devel-request@lists.proxmox.com You can reach the person managing the list at pve-devel-owner@lists.proxmox.com When replying, please edit your Subject line so it is more specific than "Re: Contents of pve-devel digest..." Today's Topics: 1. cfs-locked 'authkey' operation: pve cluster filesystem not online (wb) 2. Re: cfs-locked 'authkey' operation: pve cluster filesystem not online (Dietmar Maurer) ---------------------------------------------------------------------- Message: 1 Date: Sun, 23 May 2021 23:23:23 +0200 From: wb To: "pve-devel@lists.proxmox.com" Subject: [pve-devel] cfs-locked 'authkey' operation: pve cluster filesystem not online Message-ID: Content-Type: text/plain; charset=3D"utf-8" Hello to all. I have the plan to implement the SSO authentication feature with the SAML p= rotocol. However, I have an error that prevents me from validating the authenticatio= n process. It is about the locks. The first step is to store the request_saml_id. If I try to create a file b= y your libraries, I get an 500 error with msg: error during cfs-locked \'file-request_tmp\' operation: pve cluster filesys= tem not online /etc/pve/priv/lock. https://github.com/jbsky/proxmox-saml2-auth/commit/d75dc621aae719c8fdd25185= 9af9641cda0e526b Ok, I can make a temp workaround. 2nd step?: When I try to create a ticket with the function create_ticket in package PV= E::API2::AccessControl; I've got this error : authentication failure; rhost=3D127.0.0.1 user=3Dadmin@DOM msg=3Derror duri= ng cfs-locked 'authkey' operation: pve cluster filesystem not online /etc/p= ve/priv/lock src : https://github.com/jbsky/proxmox-saml2-auth/commit/93b02727d2e172968c= 14c4ce3a7c27e8d5c0feb0 I have really bad luck with these locks! Can you help me to understand the prerequisites to make the lock work? If you want init a redirect to an identity provider(IdP, ex: Keycloak), use= this url : https://pve/api2/html/access/saml?realm=3DDOM After an authentication side IdP, the IdP post to pve at https://pve/api2/h= tml/access/saml. I'm sorry to work on a separate repository, it's because I don't know your = components very well. I would be grateful if you could tell me how to debug these locks. Thanking you in advance,=20 Sincerely, Julien BLAIS ------------------------------ Message: 2 Date: Mon, 24 May 2021 09:45:15 +0200 (CEST) From: Dietmar Maurer To: Proxmox VE development discussion , wb Subject: Re: [pve-devel] cfs-locked 'authkey' operation: pve cluster filesystem not online Message-ID: <606562427.786.1621842315013@webmail.proxmox.com> Content-Type: text/plain; charset=3DUTF-8 Hi Julien, > Hello to all. >=20 > I have the plan to implement the SSO authentication feature with the SAML= protocol. > However, I have an error that prevents me from validating the authenticat= ion process. > It is about the locks. > The first step is to store the request_saml_id. If I try to create a file= by your libraries, I get an 500 error with msg: > error during cfs-locked \'file-request_tmp\' operation: pve cluster files= ystem not online /etc/pve/priv/lock. Your cluster fs is not working (pmxcfs). See you run on a broken installati= on. > https://github.com/jbsky/proxmox-saml2-auth/commit/d75dc621aae719c8fdd251= 859af9641cda0e526b > Ok, I can make a temp workaround. >=20 > 2nd step?: > When I try to create a ticket with the function create_ticket in package = PVE::API2::AccessControl; > I've got this error : > authentication failure; rhost=3D127.0.0.1 user=3Dadmin@DOM msg=3Derror du= ring cfs-locked 'authkey' operation: pve cluster filesystem not online /etc= /pve/priv/lock Again, the pmxcfs is not online. > src : https://github.com/jbsky/proxmox-saml2-auth/commit/93b02727d2e17296= 8c14c4ce3a7c27e8d5c0feb0 >=20 > I have really bad luck with these locks! > Can you help me to understand the prerequisites to make the lock work? You need a working PVE installation before doing any API calls... ------------------------------ Subject: Digest Footer _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ------------------------------ End of pve-devel Digest, Vol 132, Issue 53 ******************************************