[one-users] Can't log onto Sunstone [OpenNebula 3.2.0, OpenSUSE 11.4]

biro lehel lehel.biro at yahoo.com
Thu Mar 8 03:26:54 PST 2012 

Indeed, the root of all problems was that  /var/lib/one/remotes/auth/server_cipher/authenticate had no execution permissions. I managed to log on now into Sunstone without problems. Thank you Daniel.

But since this is a file created by OpenNebula, shouldn't this behavior be assured by default? Or at least mentioned somewhere in the documentation? Or is it an issue with my system? (it's the first time I extensively use openSUSE or any other Linux distribution) This last question leads to a more important one: if I had this (seemingly strange) issue, is it possible that I will have problems caused by similar reasons in the future? What should I check?

Thank you,
Lehel.

--- On Wed, 3/7/12, Daniel Molina <dmolina at opennebula.org> wrote:

From: Daniel Molina <dmolina at opennebula.org>
Subject: Re: [one-users] Can't log onto Sunstone [OpenNebula 3.2.0, OpenSUSE 11.4]
To: "biro lehel" <lehel.biro at yahoo.com>
Cc: users at lists.opennebula.org
Date: Wednesday, March 7, 2012, 4:49 PM

Hi,

On 6 March 2012 15:22, biro lehel <lehel.biro at yahoo.com> wrote:
>
> Hello,
>
> I still couldn't fix my problem to log onto Sunstone, as I keep getting the "OpenNebula is not running" error.
>
> The relevant part of oned.log:
>
> Tue Mar  6 16:11:02 2012 [ReM][D]: UserPoolInfo method invoked
> Tue Mar  6 16:11:02 2012 [AuM][D]: Message received: LOG I 2 Command execution fail: /var/lib/one/remotes/auth/server_cipher/authenticate 'serveradmin' '33f166cddc4d8f9ffe2102cea013ff23a286bc58' ukbtkaYnnWypvN2hqaDZgdA5mF3S5R4q/sGkbnHvP9JqTNoUXw8LkewWOwILQLfk
>
> Tue Mar  6 16:11:02 2012 [AuM][I]: Command execution fail: /var/lib/one/remotes/auth/server_cipher/authenticate 'serveradmin' '33f166cddc4d8f9ffe2102cea013ff23a286bc58' ukbtkaYnnWypvN2hqaDZgdA5mF3S5R4q/sGkbnHvP9JqTNoUXw8LkewWOwILQLfk
> Tue Mar  6 16:11:02 2012 [AuM][D]: Message received: LOG I 2 sh: /var/lib/one/remotes/auth/server_cipher/authenticate: Permission denied
>
> Tue Mar  6 16:11:02 2012 [AuM][I]: sh: /var/lib/one/remotes/auth/server_cipher/authenticate: Permission denied
> Tue Mar  6 16:11:02 2012 [AuM][D]: Message received: LOG I 2 ExitCode: 126
>
> Tue Mar  6 16:11:02 2012 [AuM][I]: ExitCode: 126
> Tue Mar  6 16:11:02 2012 [AuM][D]: Message received: AUTHENTICATE FAILURE 2 -
>
> Tue Mar  6 16:11:02 2012 [AuM][E]: Auth Error:
> Tue Mar  6 16:11:02 2012 [ReM][E]: [UserPoolInfo] User couldn't be authenticated, aborting call.
> Tue Mar  6 16:11:09 2012 [VMM][I]: --Mark--
> Tue Mar  6 16:11:09 2012 [InM][I]: --Mark--
> Tue Mar  6 16:11:09 2012 [ReM][D]: HostPoolInfo method invoked
> Tue Mar  6 16:11:09 2012 [ReM][D]: VirtualMachinePoolInfo method invoked
> Tue Mar  6 16:11:09 2012 [ReM][D]: AclInfo method invoked
>
> My questions:


In your log there is a "Permission denied" error on
/var/lib/one/remotes/auth/server_cipher/authenticate. Can you check if
the user running oned has execution permissions on this file?

>
>
>    * Who is "serveradmin"? It's the first time I see such a username;


serveradmin is a user used by the servers (EC2, OCCI, Sunstone...) to
authenticate on behalf of other users. You should not authenticate
with this user or change its password, it is a user used by the
system.

You can find the credentials for this user in the following files for
each server
$ ls $ONE_LOCATION/var/.one/
ec2_auth  occi_auth  sunstone_auth

The content of these files should be:
serveradmin:passinplain

So if you changed the serveradmin password using the CLI, oneuser
passwd serveradmin newpassword you have to update those files as
follows:
$ cat sunstone_auth
serveradmin:newpassword

>
>    * Shouldn't I be logging in with "oneadmin" user, and it's system password (the password with which I normally log into my system)?


You have to log in with oneadmin or a different cloud user, but you
never have to use the serveradmin user.

Cheers

-- 
Daniel Molina
Project Engineer
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120308/89599547/attachment-0003.htm>

More information about the Users mailing list