[one-users] sunstone auth problem

Daniel Molina dmolina at opennebula.org
Fri Apr 15 04:50:15 PDT 2011 

OpenNebula will use nokogiri if installed.

You should try to upgrade the nokogiri gem to the last version If this
does not fix the problem I would try to use REXML, uninstalling the
nokogiri gem and restarting ONE. May be there is a compatibility
problem with ruby 1.8.5 and nokogiri 1.3.1.

On 14 April 2011 19:18, Robert Parrott <parrott at seas.harvard.edu> wrote:
> Hi Daniel et.al.,
>
> nokigiri was installed, as per the installation documentation:
>
> [root ~]# ls -ld /usr/lib/ruby/gems/1.8/gems/noko*
> drwxr-xr-x 4 root root 4096 Apr  8 14:07
> /usr/lib/ruby/gems/1.8/gems/nokogiri-1.3.1
>
> Is there somehing that needs to be done in order to ensure that it it
> used instead of the default REXML?
>
> Rob
>
>
> On Thu, Apr 14, 2011 at 5:07 AM, Daniel Molina <dmolina at opennebula.org> wrote:
>> I think the problem is the ruby version, are you using the default
>> REXML gem? if so, would you mind to try installing the nokogiri gem
>> (and restart both one and sunstone). If this gem is installed
>> OpenNebula will use it instead of REXML.
>>
>> $ gem install nokogiri.
>>
>> Hope this helps
>>
>> On 14 April 2011 00:08, Robert Parrott <parrott at seas.harvard.edu> wrote:
>>> Hi Folks,
>>>
>>> A little more investigation, and I've confirmed that the issue is with
>>> the sunstone code or with some sort of XML parsing issues,
>>>
>>> I can call the "to_xml" method on the user_pool object (again in
>>> SunstoneServer.authorize() method of file SunstoneServer.rb), and I
>>> see the proper XML output, the same as if I execute "oneuser list -x"
>>> on the command line. So the data is there in sunstone.
>>>
>>> However, the query on the XML returns "nil" when in fact the user is
>>> there. I.e. in the sunstone source referred to above, the line
>>>
>>>  user_pass = user_pool["USER[NAME=\"#{user}\"]/PASSWORD"]
>>>
>>> returns "nil" whether or not the data is correct and present. So it
>>> seems that the XPath query, or the XML query library is broken.
>>>
>>> Here's an example of a session, with tons of debugging thrown in:
>>>
>>> user = testuser
>>> sha1_pass = 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
>>> user_pool.info = nil
>>> user_pass = nil
>>> user_pool = #<OpenNebula::UserPool:0x2b6281b765d8>
>>> UserPool methods =
>>> mapmethodsinstance_evalany?to_setsortdupmininstance_variablesinclude?instance_of?to_yaml_propertiesextenddclonepretty_inspecteql?namefind_alleachpretty_print_cycleto_jsonhashidsingleton_methodseach_elementinjecttaintsort_byinstance_variable_getfrozen?has_elements?pretty_printmaxkind_of?methodselectto_adisplayto_xmltypeinitialize_xmlprotected_methodsto_strpartitionpretty_print_inspectgrepinstance_variable_settextis_a?respond_to?to_srejectattrobject_idclassprivate_methods==tainted?__id__===member?to_hashuntaintnil?template_strfindeach_with_indextaguriinspectsendcollectall?pretty_print_instance_variablesinfo=~clonetaguri=retrieve_elementsentriespublic_methods__send__freezeequal?template_like_strdetectfactoryzip[]to_yamlto_yaml_style
>>> user_pool as XML = <USER_POOL>
>>>  <USER>
>>>    <ID>0</ID>
>>>    <NAME>oneadmin</NAME>
>>>    <PASSWORD>5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8</PASSWORD>
>>>    <ENABLED>1</ENABLED>
>>>  </USER>
>>>  <USER>
>>>    <ID>1</ID>
>>>    <NAME>testuser</NAME>
>>>    <PASSWORD>5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8</PASSWORD>
>>>    <ENABLED>1</ENABLED>
>>>  </USER>
>>> </USER_POOL>
>>> USER object static string =
>>> 0oneadmin5baa61e4c9b93f3f0682250b6cf8331b7ee68fd811testuser5baa61e4c9b93f3f0682250b6cf8331b7ee68fd81
>>> USER/NAME  = oneadmintestuser
>>> USER/PASSWORD  =
>>> 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd85baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
>>> USER/ID = 01
>>> USER[NAME="testuser"] = nil
>>>
>>> Assuming that the query is correct, I guess there's an issue in a
>>> parser library. Further input is greatly appreciated.
>>>
>>> Rob
>>>
>>>
>>>
>>>
>>>
>>> On Wed, Apr 13, 2011 at 2:21 PM, Robert Parrott
>>> <parrott at seas.harvard.edu> wrote:
>>>> I've added some debugging to the sunstone, and see the following behavior.
>>>>
>>>> 1) In the build-session method of the sunstone-server.rb, the username
>>>> and password are properly passwd into the server, and the SHA1 hash
>>>> calculated is what is expected.
>>>>
>>>> 2) In the SunstoneServer.authorize() method in the file
>>>> SunstoneServer.rb, the username and  sha1 hash are passed into the
>>>> method properly, but the query to the UserPool object,
>>>>
>>>>   user_pass = user_pool["USER[NAME=\"#{user}\"]/PASSWORD"]
>>>>
>>>> returns "nil."
>>>>
>>>> Thus it is the communication with the oned where the problem lies.
>>>>
>>>> 3) In the oned.log file, I see that the method UserPoolInfo method is
>>>> executed as soon as there is a login attempt from sunstone:
>>>>
>>>> ==> /var/log/one/oned.log <==
>>>> Wed Apr 13 14:11:06 2011 [ReM][D]: UserPoolInfo method invoked
>>>>
>>>>
>>>>
>>>> I've wiped the installation and reinstalled afresh, but with the same
>>>> error. The system is a CentOS 5.5 installation, ruby v1.8.5.
>>>>
>>>>
>>>> Thanks,
>>>> rob
>>>>
>>>
>>>
>>>
>>> --
>>> Robert E. Parrott, Ph.D. (Phys. '06)
>>> Director, Academic and Research Computing
>>> Harvard University Sch. of Eng. and App. Sci.
>>> Maxwell-Dworkin  211,
>>> 33 Oxford St.
>>> Cambridge, MA 02138
>>> (617)-496-1520
>>>
>>
>>
>>
>> --
>> Daniel Molina, Cloud Technology Engineer/Researcher
>> Major Contributor
>> OpenNebula - The Open Source Toolkit for Cloud Computing
>> www.OpenNebula.org | dmolina at opennebula.org
>>
>
>
>
> --
> Robert E. Parrott, Ph.D. (Phys. '06)
> Director, Academic and Research Computing
> Harvard University Sch. of Eng. and App. Sci.
> Maxwell-Dworkin  211,
> 33 Oxford St.
> Cambridge, MA 02138
> (617)-496-1520
>



-- 
Daniel Molina, Cloud Technology Engineer/Researcher
Major Contributor
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org | dmolina at opennebula.org

More information about the Users mailing list