From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 3A70972046 for ; Sun, 23 May 2021 23:31:02 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 2C8A91D5FD for ; Sun, 23 May 2021 23:31:02 +0200 (CEST) Received: from smtp.smtpout.orange.fr (smtp05.smtpout.orange.fr [80.12.242.127]) by firstgate.proxmox.com (Proxmox) with ESMTP id 1B6521D5E9 for ; Sun, 23 May 2021 23:31:01 +0200 (CEST) Received: from dovecot.localdomain ([90.118.15.232]) by mwinf5d62 with ME id 8MPQ2500150Qfqq03MPQCp; Sun, 23 May 2021 23:23:24 +0200 X-ME-Helo: dovecot.localdomain X-ME-Auth: anVsaWVuLmJsYWlzNUBvcmFuZ2UuZnI= X-ME-Date: Sun, 23 May 2021 23:23:24 +0200 X-ME-IP: 90.118.15.232 Message-ID: MIME-Version: 1.0 To: "pve-devel@lists.proxmox.com" From: wb Date: Sun, 23 May 2021 23:23:23 +0200 Importance: normal X-Priority: 3 X-SPAM-LEVEL: Spam detection results: 1 HTML_MESSAGE 0.001 HTML included in message KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust RCVD_IN_MSPIKE_H2 -0.001 Average reputation (+2) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: [pve-devel] cfs-locked 'authkey' operation: pve cluster filesystem not online X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 May 2021 21:31:02 -0000 Hello to all. I have the plan to implement the SSO authentication feature with the SAML p= rotocol. However, I have an error that prevents me from validating the authenticatio= n process. It is about the locks. The first step is to store the request_saml_id. If I try to create a file b= y your libraries, I get an 500 error with msg: error during cfs-locked \'file-request_tmp\' operation: pve cluster filesys= tem not online /etc/pve/priv/lock. https://github.com/jbsky/proxmox-saml2-auth/commit/d75dc621aae719c8fdd25185= 9af9641cda0e526b Ok, I can make a temp workaround. 2nd step=C2=A0: When I try to create a ticket with the function create_ticket in package PV= E::API2::AccessControl; I've got this error : authentication failure; rhost=3D127.0.0.1 user=3Dadmin@DOM msg=3Derror duri= ng cfs-locked 'authkey' operation: pve cluster filesystem not online /etc/p= ve/priv/lock src : https://github.com/jbsky/proxmox-saml2-auth/commit/93b02727d2e172968c= 14c4ce3a7c27e8d5c0feb0 I have really bad luck with these locks! Can you help me to understand the prerequisites to make the lock work? If you want init a redirect to an identity provider(IdP, ex: Keycloak), use= this url : https://pve/api2/html/access/saml?realm=3DDOM After an authentication side IdP, the IdP post to pve at https://pve/api2/h= tml/access/saml. I'm sorry to work on a separate repository, it's because I don't know your = components very well. I would be grateful if you could tell me how to debug these locks. Thanking you in advance,=20 Sincerely, Julien BLAIS