[pve-devel] RE : pve-devel Digest, Vol 132, Issue 53

wb webmaster at jbsky.fr
Mon May 24 23:45:02 CEST 2021 

Hi Dietmar,

Thank you for your feedback.

However, since I am starting on a new installation, I am surprised to get this kind of answer.
« Your cluster fs is not working (pmxcfs). See you run on a broken installation. »
Or 
« You need a working PVE installation before doing any API calls... »

With the following command, I have the process up!

ps aux | grep pmxcfs


I think I have enough knowledge about SAML and Perl to do it, however, the support of a dev would be ideal at least on the lock part.

I'm trying to implement a new api so that Proxmox authentication works with SAMLv2.

I would have preferred to have more info on the following part :
# this is just a readonly copy, the relevant one is in status.c from pmxcfs
# observed files are the one we can get directly through IPCC, they are cached
# using a computed version and only those can be used by the cfs_*_file methods

To try to bring a little more element, I added a file to the following list in the PVE::Cluster file
my $observed = {
    'request.tmp' => 1,

Still in the PVE::Cluster file, It is well in the following part that it blocks :


If I take the error message from the first email,
«  error during cfs-locked \'file-request_tmp\' operation: pve cluster filesystem not online /etc/pve/priv/lock. »
If I test the dir /etc/pve/priv/lock, it exists!

Do the files we add in PVE::Cluster file need to be listed in /var/lib/pve-cluster/config.db, if so, any spec please?

Thanking you in advance, 

Sincerely,

Julien BLAIS


De : pve-devel-request at lists.proxmox.com
Envoyé le :lundi 24 mai 2021 12:00
À : pve-devel at lists.proxmox.com
Objet :pve-devel Digest, Vol 132, Issue 53

Send pve-devel mailing list submissions to
	pve-devel at lists.proxmox.com

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
or, via email, send a message with subject or body 'help' to
	pve-devel-request at lists.proxmox.com

You can reach the person managing the list at
	pve-devel-owner at lists.proxmox.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of pve-devel digest..."


Today's Topics:

   1. cfs-locked 'authkey' operation: pve cluster filesystem not
      online (wb)
   2. Re: cfs-locked 'authkey' operation: pve cluster filesystem
      not online (Dietmar Maurer)


----------------------------------------------------------------------

Message: 1
Date: Sun, 23 May 2021 23:23:23 +0200
From: wb <webmaster at jbsky.fr>
To: "pve-devel at lists.proxmox.com" <pve-devel at lists.proxmox.com>
Subject: [pve-devel] cfs-locked 'authkey' operation: pve cluster
	filesystem not online
Message-ID:
	<fb0ddc9e61de4c98f1498ff4375b9689 at mwinf5d62.me-wanadoo.net>
Content-Type: text/plain; charset="utf-8"

Hello to all.

I have the plan to implement the SSO authentication feature with the SAML protocol.
However, I have an error that prevents me from validating the authentication process.
It is about the locks.
The first step is to store the request_saml_id. If I try to create a file by your libraries, I get an 500 error with msg:
error during cfs-locked \'file-request_tmp\' operation: pve cluster filesystem not online /etc/pve/priv/lock.
https://github.com/jbsky/proxmox-saml2-auth/commit/d75dc621aae719c8fdd251859af9641cda0e526b
Ok, I can make a temp workaround.

2nd step?:
When I try to create a ticket with the function create_ticket in package PVE::API2::AccessControl;
I've got this error :
authentication failure; rhost=127.0.0.1 user=admin at DOM msg=error during cfs-locked 'authkey' operation: pve cluster filesystem not online /etc/pve/priv/lock
src : https://github.com/jbsky/proxmox-saml2-auth/commit/93b02727d2e172968c14c4ce3a7c27e8d5c0feb0

I have really bad luck with these locks!
Can you help me to understand the prerequisites to make the lock work?


If you want init a redirect to an identity provider(IdP, ex: Keycloak), use this url :
https://pve/api2/html/access/saml?realm=DOM

After an authentication side IdP, the IdP post to pve at https://pve/api2/html/access/saml.


I'm sorry to work on a separate repository, it's because I don't know your components very well.

I would be grateful if you could tell me how to debug these locks.

Thanking you in advance, 

Sincerely,

Julien BLAIS


------------------------------

Message: 2
Date: Mon, 24 May 2021 09:45:15 +0200 (CEST)
From: Dietmar Maurer <dietmar at proxmox.com>
To: Proxmox VE development discussion <pve-devel at lists.proxmox.com>,
	wb <webmaster at jbsky.fr>
Subject: Re: [pve-devel] cfs-locked 'authkey' operation: pve cluster
	filesystem not online
Message-ID: <606562427.786.1621842315013 at webmail.proxmox.com>
Content-Type: text/plain; charset=UTF-8

Hi Julien,


> Hello to all.
> 
> I have the plan to implement the SSO authentication feature with the SAML protocol.
> However, I have an error that prevents me from validating the authentication process.
> It is about the locks.
> The first step is to store the request_saml_id. If I try to create a file by your libraries, I get an 500 error with msg:
> error during cfs-locked \'file-request_tmp\' operation: pve cluster filesystem not online /etc/pve/priv/lock.

Your cluster fs is not working (pmxcfs). See you run on a broken installation.

> https://github.com/jbsky/proxmox-saml2-auth/commit/d75dc621aae719c8fdd251859af9641cda0e526b
> Ok, I can make a temp workaround.
> 
> 2nd step?:
> When I try to create a ticket with the function create_ticket in package PVE::API2::AccessControl;
> I've got this error :
> authentication failure; rhost=127.0.0.1 user=admin at DOM msg=error during cfs-locked 'authkey' operation: pve cluster filesystem not online /etc/pve/priv/lock

Again, the pmxcfs is not online.

> src : https://github.com/jbsky/proxmox-saml2-auth/commit/93b02727d2e172968c14c4ce3a7c27e8d5c0feb0
> 
> I have really bad luck with these locks!
> Can you help me to understand the prerequisites to make the lock work?

You need a working PVE installation before doing any API calls...




------------------------------

Subject: Digest Footer

_______________________________________________
pve-devel mailing list
pve-devel at lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


------------------------------

End of pve-devel Digest, Vol 132, Issue 53
******************************************

More information about the pve-devel mailing list