[one-users] Sunstone "Error initializing authentication system"

Rodolfo Conte Brufatto rcbrufatto at gmail.com
Tue Nov 27 02:25:49 PST 2012 

BTW, I believe it was from Duverne, not sure... anyway. That did the trick.

On Tue, Nov 27, 2012 at 8:25 AM, Rodolfo Conte Brufatto <
rcbrufatto at gmail.com> wrote:

> Got it all working Daniel, thanks in advance.
> What I actually did was e steps you provided. ried this after a hread
> started by Duverne.
>
> Thanks in advance!
>
>
> On Tue, Nov 27, 2012 at 8:22 AM, Daniel Molina <dmolina at opennebula.org>wrote:
>
>> Hi Rodolfo,
>>
>> On 22 November 2012 13:45, Rodolfo Conte Brufatto <rcbrufatto at gmail.com>
>> wrote:
>> >
>> > Hey guys, I've had a similar issue, nothing in the sunstone.error file
>> and the logs are showing:
>> >
>> > <..>
>> > :auth=>"sunstone"}
>> > Thu Nov 22 10:42:37 2012 [E]: Error initializing authentication system
>> > Thu Nov 22 10:42:37 2012 [E]: [UserPoolInfo] User couldn't be
>> authenticated, aborting call.
>> >
>> >
>> > Checked for the same problem as Valentin, but everything seems to be
>> normal.
>> >
>> > Anything else I might check?
>>
>>
>> * Check that the AUTH_MAD section is enabled in your oned.conf and
>> contains the server_cipher driver
>> * Check that the Auth Manager starts correctly in your oned.conf
>>     Mon Nov 19 16:35:46 2012 [AuM][I]: Loading Auth. Manager driver.
>>     Mon Nov 19 16:35:46 2012 [AuM][I]:      Auth Manager loaded
>> * Check that the serveradmin driver is set to server_cipher (oneuser
>> show serveradmin)
>> * Update the serveradmin user password using the one contained in
>> /var/lib/one/.one/sunstone_auth. Do not forget to add the --sha1
>> option
>>     $ cat /var/lib/one/.one/sunstone_auth
>>     serveradmin:newpass
>>     $oneuser passwd serveradmin newpass --sha1
>>
>> Hope this helps
>>
>>
>> >
>> > Cheers
>> >
>> >
>> >
>> > On Tue, Nov 20, 2012 at 8:56 AM, Daniel Molina <dmolina at opennebula.org>
>> wrote:
>> >>
>> >>
>> >>
>> >> On 20 November 2012 11:54, Valentin Bud <valentin.bud at gmail.com>
>> wrote:
>> >>>
>> >>> On Tue, Nov 20, 2012 at 11:36:11AM +0100, Daniel Molina wrote:
>> >>> > On 20 November 2012 11:04, Valentin Bud <valentin.bud at gmail.com>
>> wrote:
>> >>> >
>> >>> > > Hi Daniel,
>> >>> > >
>> >>> > > Yes, it's there.
>> >>> > >
>> >>> > > ```
>> >>> > > /etc/one/oned.conf
>> >>> > > ...
>> >>> > > AUTH_MAD = [
>> >>> > >  executable = "one_auth_mad",
>> >>> > >  authn = "ssh,x509,ldap,server_cipher,server_x509"
>> >>> > >  ]
>> >>> > > ...
>> >>> > > ```
>> >>> > >
>> >>> >
>> >>> > Could you check in your oned.log if it is loaded:
>> >>> > Mon Nov 19 16:35:46 2012 [AuM][I]: Loading Auth. Manager driver.
>> >>> > Mon Nov 19 16:35:46 2012 [AuM][I]:      Auth Manager loaded
>> >>> >
>> >>> > And check the error in oned.log when the sunstone-server is
>> started. (There
>> >>>
>> >>> I have restarted `one` and yes the Auth. Manager is loaded.
>> >>>
>> >>> `/var/log/one/oned.log`
>> >>> ```
>> >>> Tue Nov 20 11:43:14 2012 [AuM][I]: Loading Auth. Manager driver.
>> >>> Tue Nov 20 11:43:14 2012 [AuM][I]:      Auth Manager loaded
>> >>> ```
>> >>>
>> >>> Issued `sunstone-server start` as `oneadmin` and the logs show:
>> >>>
>> >>> `/var/log/one/oned.log`
>> >>> ```
>> >>> Tue Nov 20 11:45:25 2012 [AuM][D]: Message received: AUTHENTICATE
>> >>> FAILURE 0 Authentication driver 'server_core' not available
>> >>>
>> >>> Tue Nov 20 11:45:25 2012 [AuM][E]: Auth Error: Authentication driver
>> >>> 'server_core' not available
>> >>> Tue Nov 20 11:45:25 2012 [ReM][D]: Req:3952 UID:- UserPoolInfo invoked
>> >>> Tue Nov 20 11:45:25 2012 [ReM][E]: Req:3952 UID:- UserPoolInfo result
>> >>> FAILURE [UserPoolInfo] User couldn't be authenticated, aborting call.
>> >>> ```
>> >>>
>> >>> No `server_core` Authentication driver. I have changed
>> >>> `/etc/one/oned.conf` to include it in `AUTH_MAD`.
>> >>>
>> >>> Again as `oneadmin` issue `sunstone-server start`. Now the `oned.log`
>> >>> shows something different:
>> >>>
>> >>> `/var/log/one/oned.log`
>> >>> ```
>> >>> Tue Nov 20 11:47:52 2012 [AuM][E]: Auth Error:
>> >>> Tue Nov 20 11:47:52 2012 [ReM][D]: Req:8512 UID:- UserPoolInfo invoked
>> >>> Tue Nov 20 11:47:52 2012 [ReM][E]: Req:8512 UID:- UserPoolInfo result
>> >>> FAILURE [UserPoolInfo] User couldn't be authenticated, aborting call.
>> >>> ```
>> >>>
>> >>> Found out what was wrong. User `serveradmin` had `server_core` setup
>> as
>> >>> `AUTH_DRIVER`. Changed it to `server_cipher` and it works now, Sinatra
>> >>> has taken the stage.
>> >>>
>> >>> Thanks you all for time and help.
>> >>>
>> >>
>> >> Great! You're welcome
>> >>
>> >>>
>> >>> Cheers and Goodwill,
>> >>> v
>> >>>
>> >>> > >
>> >>> > > Thank you.
>> >>> > >
>> >>> > > On Tue, Nov 20, 2012 at 10:47:31AM +0100, Daniel Molina wrote:
>> >>> > > > On 20 November 2012 10:41, Valentin Bud <valentin.bud at gmail.com>
>> wrote:
>> >>> > > >
>> >>> > > > > Hi Daniel,
>> >>> > > > > On Tue, Nov 20, 2012 at 10:31:22AM +0100, Daniel Molina wrote:
>> >>> > > > > > Hi Valentin,
>> >>> > > > > >
>> >>> > > > > > On 20 November 2012 08:36, Valentin Bud <
>> valentin.bud at gmail.com>
>> >>> > > wrote:
>> >>> > > > > >
>> >>> > > > > > > Hi Ruben,
>> >>> > > > > > >
>> >>> > > > > > > Thanks for your time. I followed the proposed solution
>> but the
>> >>> > > result
>> >>> > > > > is
>> >>> > > > > > > the same.
>> >>> > > > > > >
>> >>> > > > > > > As `oneadmin`
>> >>> > > > > > > ```
>> >>> > > > > > > $ oneuser show 1 | grep PASS
>> >>> > > > > > > PASSWORD       : afc0f1457b5480afd548d5a09e14171bab315d2c
>> >>> > > > > > >
>> >>> > > > > > > $ oneuser passwd 1 1234 --sha1
>> >>> > > > > > > $ oneuser show 1 | grep PASS
>> >>> > > > > > > PASSWORD       : 7110eda4d09e062aa5e4a390b0a572ac0d2c0220
>> >>> > > > > > >
>> >>> > > > > > > $ echo "serveradmin:1234" > ~/.one/sunstone_auth
>> >>> > > > > > >
>> >>> > > > > >
>> >>> > > > > > You have to update the file in /var/lib/one (If you
>> installed
>> >>> > > > > system-wide)
>> >>> > > > > > $ echo "serveradmin:1234" > /var/lib/one/.one/sunstone_auth
>> >>> > > > >
>> >>> > > > > That was the file, `oneadmin` user has `/var/lib/one` as
>> $HOME (~).
>> >>> > > > > I should have posted using full path not ~ shortcut.
>> >>> > > > >
>> >>> > > > > ```
>> >>> > > > > oneadmin@:~$ cat /var/lib/one/.one/sunstone_auth
>> >>> > > > > serveradmin:1234
>> >>> > > > > ```
>> >>> > > > >
>> >>> > > > > Yes the installation is done system-wide from 3.8.1 sources.
>> >>> > > > >
>> >>> > > >
>> >>> > > > Could you check in your oned.conf, if the AUTH_MAD section
>> exists. It
>> >>> > > > should look like this:
>> >>> > > >
>> >>> > > > AUTH_MAD = [
>> >>> > > >     executable = "one_auth_mad",
>> >>> > > >     authn = "ssh,x509,ldap,server_cipher,server_x509"
>> >>> > > > ]
>> >>> > > >
>> >>> > > >
>> >>> > > > > Thank you. Cheers and Goodwill,
>> >>> > > > > v
>> >>> > > > > >
>> >>> > > > > > Cheers
>> >>> > > > > >
>> >>> > > > > > $ cat ~/.one/sunstone_auth
>> >>> > > > > > > serveradmin:1234
>> >>> > > > > > >
>> >>> > > > > > > $ sunstone-server start
>> >>> > > > > > > Stale .lock detected. Erasing it.
>> >>> > > > > > > Error executing sunstone-server.
>> >>> > > > > > > Check /var/log/one/sunstone.error and
>> /var/log/one/sunstone.log for
>> >>> > > > > more
>> >>> > > > > > > information
>> >>> > > > > > > ```
>> >>> > > > > > >
>> >>> > > > > > > `/var/log/one/sunstone.log`
>> >>> > > > > > >
>> >>> > > > > > > ```
>> >>> > > > > > > --------------------------------------
>> >>> > > > > > > Server configuration
>> >>> > > > > > > --------------------------------------
>> >>> > > > > > > {:vnc_proxy_support_wss=>false,
>> >>> > > > > > >  :vnc_proxy_cert=>nil,
>> >>> > > > > > >  :one_xmlrpc=>"http://localhost:2633/RPC2",
>> >>> > > > > > >  :marketplace_url=>"
>> https://marketplace.c12g.com/appliance",
>> >>> > > > > > >  :vnc_proxy_key=>nil,
>> >>> > > > > > >  :debug_level=>3,
>> >>> > > > > > >
>>  :vnc_proxy_path=>"/usr/share/one/websockify/websocketproxy.py",
>> >>> > > > > > >  :core_auth=>"cipher",
>> >>> > > > > > >  :host=>"127.0.0.1",
>> >>> > > > > > >  :lang=>"en_US",
>> >>> > > > > > >  :vnc_proxy_port=>29876,
>> >>> > > > > > >  :auth=>"sunstone",
>> >>> > > > > > >  :port=>9869,
>> >>> > > > > > >  :tmpdir=>"/var/tmp"}
>> >>> > > > > > >  Tue Nov 20 08:32:16 2012 [E]: Error initializing
>> >>> > > > > > >  authentication system
>> >>> > > > > > >  Tue Nov 20 08:32:16 2012 [E]: [UserPoolInfo] User
>> >>> > > > > > >     couldn't be authenticated, aborting call.
>> >>> > > > > > > ```
>> >>> > > > > > >
>> >>> > > > > > > `/var/log/one/sunstone.error` is empty.
>> >>> > > > > > >
>> >>> > > > > > > Some guidance on how to debug further would be useful.
>> Thank you.
>> >>> > > > > > >
>> >>> > > > > > > Cheers and Goodwill,
>> >>> > > > > > > v
>> >>> > > > > > >
>> >>> > > > > > > On Mon, Nov 19, 2012 at 10:37:02PM +0100, Ruben S.
>> Montero wrote:
>> >>> > > > > > > > Hi
>> >>> > > > > > > >
>> >>> > > > > > > > It is in plain password, try the following to recreate
>> the
>> >>> > > > > serveradmin
>> >>> > > > > > > > passwd and sunstone credentials:
>> >>> > > > > > > >
>> >>> > > > > > > > 1.- oneuser passwd 1 1234 --sha1
>> >>> > > > > > > > 2.-  echo "serveradmin:1234" >
>> /var/lib/one/.one/sunstone_auth
>> >>> > > > > > > > 3.- sunstone-server start
>> >>> > > > > > > >
>> >>> > > > > > > > Cheers
>> >>> > > > > > > >
>> >>> > > > > > > > Ruben
>> >>> > > > > > > >
>> >>> > > > > > > >
>> >>> > > > > > > > On Mon, Nov 19, 2012 at 2:58 PM, Valentin Bud <
>> >>> > > > > valentin.bud at gmail.com
>> >>> > > > > > > >wrote:
>> >>> > > > > > > >
>> >>> > > > > > > > > Hello World,
>> >>> > > > > > > > >
>> >>> > > > > > > > > I have updated today from 3.6 to 3.8.1 from source on
>> a Debian
>> >>> > > > > Squeeze
>> >>> > > > > > > > > machine. I didn't need nor want Sunstone until now.
>> So I have
>> >>> > > > > followed
>> >>> > > > > > > > > the Sunstone documentation [1] to install and
>> configure it.
>> >>> > > > > > > > >
>> >>> > > > > > > > > As `oneadmin` user when I try to start Sunstone I get
>> the
>> >>> > > > > following the
>> >>> > > > > > > > > logs:
>> >>> > > > > > > > >
>> >>> > > > > > > > > ```
>> >>> > > > > > > > > /var/log/one/sunstone.log
>> >>> > > > > > > > > --------------------------------------
>> >>> > > > > > > > > Server configuration
>> >>> > > > > > > > > --------------------------------------
>> >>> > > > > > > > > {:vnc_proxy_support_wss=>false,
>> >>> > > > > > > > >  :vnc_proxy_cert=>nil,
>> >>> > > > > > > > >  :one_xmlrpc=>"http://localhost:2633/RPC2",
>> >>> > > > > > > > >  :marketplace_url=>"
>> https://marketplace.c12g.com/appliance",
>> >>> > > > > > > > >  :vnc_proxy_key=>nil,
>> >>> > > > > > > > >  :debug_level=>3,
>> >>> > > > > > > > >
>> >>> > >  :vnc_proxy_path=>"/usr/share/one/websockify/websocketproxy.py",
>> >>> > > > > > > > >  :core_auth=>"cipher",
>> >>> > > > > > > > >  :host=>"127.0.0.1",
>> >>> > > > > > > > >  :lang=>"en_US",
>> >>> > > > > > > > >  :vnc_proxy_port=>29876,
>> >>> > > > > > > > >  :auth=>"sunstone",
>> >>> > > > > > > > >  :port=>9869,
>> >>> > > > > > > > >  :tmpdir=>"/var/tmp"}
>> >>> > > > > > > > >  Mon Nov 19 14:41:21 2012 [E]: Error initializing
>> >>> > > authentication
>> >>> > > > > system
>> >>> > > > > > > > >  Mon Nov 19 14:41:21 2012 [E]: No such file or
>> directory -
>> >>> > > > > > > > > /var/lib/one/.one/sunstone_auth
>> >>> > > > > > > > >  ```
>> >>> > > > > > > > >
>> >>> > > > > > > > >  Indeed the file in missing.
>> >>> > > > > > > > >
>> >>> > > > > > > > >  ```
>> >>> > > > > > > > >  oneadmin at frontend:~$ ls -al
>> /var/lib/one/.one/sunstone_auth
>> >>> > > > > > > > >  ls: cannot access /var/lib/one/.one/sunstone_auth:
>> No such
>> >>> > > file or
>> >>> > > > > > > > >  directory
>> >>> > > > > > > > >  ```
>> >>> > > > > > > > >
>> >>> > > > > > > > >  It was missing even before I have updated to 3.8.1.
>> I have
>> >>> > > > > created the
>> >>> > > > > > > > >  file with the following contents:
>> >>> > > > > > > > >
>> >>> > > > > > > > >  ```
>> >>> > > > > > > > >  /var/lib/one/.one/sunstone_auth
>> >>> > > > > > > > >  serveradmin:af84cc76ff2f6bbede661a62f4932d739f0e1fb0
>> >>> > > > > > > > >  ```
>> >>> > > > > > > > >
>> >>> > > > > > > > >  The password part is the hashed serveradmin's key as
>> shown by
>> >>> > > > > `oneuser
>> >>> > > > > > > > >  show`.
>> >>> > > > > > > > >
>> >>> > > > > > > > >  ```
>> >>> > > > > > > > >  $ oneuser show serveradmin | grep PASS
>> >>> > > > > > > > >  PASSWORD       :
>> af84cc76ff2f6bbede661a62f4932d739f0e1fb0
>> >>> > > > > > > > >  ```
>> >>> > > > > > > > >
>> >>> > > > > > > > > Trying to start the server again I receive the same
>> error a
>> >>> > > little
>> >>> > > > > bit
>> >>> > > > > > > > > different:
>> >>> > > > > > > > >
>> >>> > > > > > > > > ```
>> >>> > > > > > > > > ...
>> >>> > > > > > > > > Mon Nov 19 14:53:53 2012 [E]: Error initializing
>> authentication
>> >>> > > > > system
>> >>> > > > > > > > > Mon Nov 19 14:53:53 2012 [E]: [UserPoolInfo] User
>> couldn't be
>> >>> > > > > > > > > authenticated, aborting call.
>> >>> > > > > > > > > ```
>> >>> > > > > > > > >
>> >>> > > > > > > > > I didn't know if $HOME/.one/sunstone_auth should list
>> the
>> >>> > > hashed
>> >>> > > > > > > > > password or the clear text one, so I've given it one
>> more try
>> >>> > > and
>> >>> > > > > set
>> >>> > > > > > > up
>> >>> > > > > > > > > the password in clear text. Same output as the one
>> above.
>> >>> > > > > > > > >
>> >>> > > > > > > > > If it matters here goes the content of $HOME/.one
>> directory:
>> >>> > > > > > > > >
>> >>> > > > > > > > > ```
>> >>> > > > > > > > > oneadmin at frontend:~/.one$ ls -1 $HOME/.one
>> >>> > > > > > > > > one_auth
>> >>> > > > > > > > > sunstone_auth
>> >>> > > > > > > > > ```
>> >>> > > > > > > > >
>> >>> > > > > > > > > [1]:
>> http://opennebula.org/documentation:rel3.8:sunstone
>> >>> > > > > > > > >
>> >>> > > > > > > > > Any hints? Thank you.
>> >>> > > > > > > > > v
>> >>> > > > > > > > > _______________________________________________
>> >>> > > > > > > > > Users mailing list
>> >>> > > > > > > > > Users at lists.opennebula.org
>> >>> > > > > > > > >
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>> >>> > > > > > > > >
>> >>> > > > > > > >
>> >>> > > > > > > >
>> >>> > > > > > > >
>> >>> > > > > > > > --
>> >>> > > > > > > > Ruben S. Montero, PhD
>> >>> > > > > > > > Project co-Lead and Chief Architect
>> >>> > > > > > > > OpenNebula - The Open Source Solution for Data Center
>> >>> > > Virtualization
>> >>> > > > > > > > www.OpenNebula.org | rsmontero at opennebula.org |
>> @OpenNebula
>> >>> > > > > > > _______________________________________________
>> >>> > > > > > > Users mailing list
>> >>> > > > > > > Users at lists.opennebula.org
>> >>> > > > > > >
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>> >>> > > > > > >
>> >>> > > > > >
>> >>> > > > > >
>> >>> > > > > >
>> >>> > > > > > --
>> >>> > > > > > Daniel Molina
>> >>> > > > > > Project Engineer
>> >>> > > > > > OpenNebula - The Open Source Solution for Data Center
>> Virtualization
>> >>> > > > > > www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula
>> >>> > > > >
>> >>> > > >
>> >>> > > >
>> >>> > > >
>> >>> > > > --
>> >>> > > > Daniel Molina
>> >>> > > > Project Engineer
>> >>> > > > OpenNebula - The Open Source Solution for Data Center
>> Virtualization
>> >>> > > > www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula
>> >>> > >
>> >>> >
>> >>> >
>> >>> >
>> >>> > --
>> >>> > Daniel Molina
>> >>> > Project Engineer
>> >>> > OpenNebula - The Open Source Solution for Data Center Virtualization
>> >>> > www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula
>> >>
>> >>
>> >>
>> >>
>> >> --
>> >> Daniel Molina
>> >> Project Engineer
>> >> OpenNebula - The Open Source Solution for Data Center Virtualization
>> >> www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula
>> >>
>> >> _______________________________________________
>> >> Users mailing list
>> >> Users at lists.opennebula.org
>> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>> >>
>> >
>> >
>> >
>> > --
>> > Have you tried turning it off and on again?
>>
>>
>>
>>
>> --
>> Daniel Molina
>> Project Engineer
>> OpenNebula - The Open Source Solution for Data Center Virtualization
>> www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula
>>
>
>
>
> --
> Have you tried turning it off and on again?
>



-- 
Have you tried turning it off and on again?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20121127/c80905c8/attachment-0002.htm>

More information about the Users mailing list