On Mon, Oct 24, 2022 at 10:31 AM Yedidyah Bar David <d...@redhat.com> wrote: > > Hi all, > > $Subject is currently broken. > > We do not have yet an open bug for this but did have a few related > (but different) ones, including: > > https://bugzilla.redhat.com/show_bug.cgi?id=2122174 > https://bugzilla.redhat.com/show_bug.cgi?id=2113980 > > While looking at this, I decided it's about time to have > ovirt-system-tests test this flow, as it seems it's not tested enough > otherwise. > > Right now, I managed to make it all work, but do have some open > questions, thus current email. > > What I have right now > ===================== > 1. This harmless patch to the engine, to just add new library code, > only to be used (for now) by grafana setup code (later): > > https://github.com/oVirt/ovirt-engine/pull/669 > > I see no obvious reason to not merge it already, but if it turns out > that only grafana setup is going to ever use it, it might be easier to > move this code there. In principle it can be useful also for OVN, as > commented there. > > 2. This patch to DWH. It's "mandatory", but not enough to get a > complete solution. Should be ready for merge. Requires above engine > patch. > > https://github.com/oVirt/ovirt-dwh/pull/57 >
I also ran basic-suite on the two of them together - that's just a sanity test, the patches should mostly be irrelevant on the same machine - and it passed, so I think we can merge them. As noted, this isn't enough. https://redir.apps.ovirt.org/dj/job/ds-ost-baremetal_manual/56399/ > 3. This PR for ovirt-system-tests: > > https://github.com/oVirt/ovirt-system-tests/pull/293 > > What's inside: > > 3.1. "Make grafana test use grafana_fqdn" - should be trivial and harmless. > > 3.2. "WIP: Add separate-machine-basic-suite-master" - started as a > copy of basic-suite-master. Much of it is links to there. To review > the rest, you can compare with relevant files in basic-suite. "WIP", > because it's not enough, see later, but is probably more-or-less also > ready for merging. > > 3.3. "WIP: Add the dwh/grafana host name to keycloak redirect URIs" - > this is where my main question/issue is. Without this, our setup code > sets redirectUris to point only at the engine machine, so when trying > to login to grafana with SSO, you get an error from keycloak, e.g. as > in: > > https://stackoverflow.com/questions/51275797/invalid-redirect-uri-keycloak-when-client-is-not-on-localhost > > When configuring things manually, it's up to the user to handle all of > this. This applies either to oVirt users that want to do this > manually, or to RHV users, where keycloak is not integrated: > > https://blogs.ovirt.org/2019/01/federate-ovirt-engine-authentication-to-openid-connect-infrastructure/ > > https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/administration_guide/index#Configuring_RHSSO_ldap > > So it sounds like it makes sense to fix this in dwh/grafana setup > code, not in OST, right? But this is slightly more risky and annoying, > as we'll need to prompt asking the user for the keycloak admin > password. Perhaps we do want to do this anyway, but perhaps it's > enough to document how to do this manually (and keep this patch in OST > as an implementation of this document). > > 3.4. "WIP: Copy test_verify_engine_certs to test_001" not sure I > always needed it, but should be harmless. Perhaps should be done more > nicely somehow also for other suites. > > Opinions/comments/ideas/suggestions/whatever are most welcome! > > Thanks and best regards, > -- > Didi -- Didi _______________________________________________ Devel mailing list -- devel@ovirt.org To unsubscribe send an email to devel-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/devel@ovirt.org/message/IODRRQLAWL5DR6QFDAWAECPEEXKBIFVI/
