Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
bigo1981
@bigo1981
Would appreciate any information on how these things correlate with each other and any possible solutions to help alleviate this issue
bigo1981
@bigo1981

Just to provide some more data we updated the logs to show debug data and we are seeing a single vm retire task perform this query 1200 times with a different id each time. Is this expected behavior? In total we had over 70K lines for one retire.

Q-task_id([r5000000588240_vm_retire_task_5000000757649]) (85.3ms) SELECT "vms"."id" FROM "vms" WHERE (LOWER((SELECT "users"."userid" FROM "users" WHERE "users"."id" = "vms"."evm_owner_id")) = '**')

Jason Frey
@Fryguy
cc @gtanzillo ^
Nick LaMuro
@NickLaMuro
worth nothing that the LOWER stuff is probably from the AuthenticationMixin, and is probably either a scope, or a virtual_attribute
bigo1981
@bigo1981
Is this something that can be easily disabled or is this because of how we have something configured? It doesn't make sense to make this call for every user when we already know the vm owner.
Jason Frey
@Fryguy
if you're somehow able to narrow down where that line is coming from that might help
It feels like an N+1 error, but in retirement I don't understand why that would happen, since we are retiring a single entity
bigo1981
@bigo1981
@Fryguy Any suggestion on some ways i can try to narrow down where this is coming from? I tried to look through the appliance code to try and figure out what was calling this code but nothing stood out right away.
Evert Mulder
@evertmulder
Hi all. I am currently testing out manageiq kasparov and we were using LDAP intergration for authentication. Since this option was removed I started testing with "OpenID connect with keycloak" and us this for authentication and disabled local logins. I deploy manageiq using the manageiq operator on openshift. The UI is using the OpenID connect flow now, but the api (/api/auth) is still using the database authentication... Is there a way to authenticate the API when using the OpenID connect flow?
Evert Mulder
@evertmulder
Jason Frey
@Fryguy
@evertmulder Note that LDAP is still there, you just have to use the httpd-init container instead of the httpd container
it requires higher privilveges, hence why it's not the default
Evert Mulder
@evertmulder
@Fryguy I managed to get the OpenID Connect flow working. I followed the instruction from https://www.manageiq.org/docs/reference/latest/auth/openid_connect.html. But I did need to change one setting: In the Group Membership mapper I needed add groups to the access token as well. Otherwise the introspection endpoint did not show the groups and I could not login to the API. I will try the httpd-init container today.
thesystemninjaneer
@thesystemninjaneer
happy monday! I'm automating the deployment of a miq jansa-2 container on an AWS ec2 instance. is it possible to enable Embedded Ansible server role via an MIQ API call, appliance_console_cli, or some other IaC tooling?
Peter McGowan
@pemcg
@thesystemninjaneer You might be able to use configure_server_settings.rb in the tools directory (I’ve only ever tried this on a VM appliance rather than podified though). There’s an example playbook that uses this here: https://github.com/pemcg/configure-for-migration-analytics/blob/master/tasks/configure-server-settings.yml
1 reply
lrhamann
@lrhamann
I am using the podified version of manageiq. I am trying to retire a VM using the api/vms/xxx REST api. The api returns a success response but the VM is not being retired. Here is an example:
curl --insecure -H "Content-type: application/json" -d '{
  "action": "retire"
}' 'https://inframgmtinstall.apps.b-cp4mcm-23-1.cp.fyre.com/api/vms/702' --user "admin:smartvm"
{"success":true,"message":"VM id:702 name:'Lrh-rhcos-4.2' retiring","href":"https://inframgmtinstall.apps.b-cp4mcm-23-1.cp.fyre.com/api/vms/702"}%
Jason Frey
@Fryguy
@abellotti Is that the right action?
Alberto Bellotti
@abellotti
I think newer builds now also support "request_retire" as per https://www.manageiq.org/docs/reference/latest/api/reference/vms.html though retire is still there. I think request_retire goes through an automate role.
lrhamann
@lrhamann
More info on the retire request. After the REST api is issued the "Retirement State" for the VM is set to "initializing" but the VM never is retired.
Alberto Bellotti
@abellotti
weird, sounds like the provider role is not enabled to get those retire events. Any errors in the logs ?
Jason Frey
@Fryguy
@lrhamann you should also be able to trace the request through the automate logs (grep for the q-task-id, I think that is shared among them)
lrhamann
@lrhamann

I see the following in the logs.
production.log

[----] I, [2021-03-26T15:28:31.985878 #8133:2b093270cb58]  INFO -- : Started POST "/api/vms/68" for 9.211.146.90 at 2021-03-26 15:28:31 -0400
[----] I, [2021-03-26T15:28:31.995340 #8133:2b093270cb58]  INFO -- : Processing by Api::VmsController#update as JSON
[----] I, [2021-03-26T15:28:31.995492 #8133:2b093270cb58]  INFO -- :   Parameters: {"c_id"=>"68", "vm"=>{}}
[----] I, [2021-03-26T15:28:32.400886 #8133:2b093270cb58]  INFO -- : Completed 200 OK in 405ms (Views: 0.2ms | ActiveRecord: 14.2ms | Allocations: 12025)

evm.log

[----] I, [2021-03-26T15:28:32.397823 #8133:2b093270cb58]  INFO -- : MIQ(ManageIQ::Providers::Vmware::InfraManager::Vm#retire_now) Vm: retirement for [id:<68>, name:<Lrh-rhcos-4.2>] got updated while waiting to be unlocked and is now initializing

I do not find any reference to this transaction in the automate log but I do not understand what I need to be looking for.

Jason Frey
@Fryguy
was there anything in the automate logs on any generic pod, or were they all empty?
lrhamann
@lrhamann
I am currently testing using the appliance version of manageiq.
Jason Frey
@Fryguy
FYI, api is currently :red_circle: - I think it was ManageIQ/manageiq#21207, and @jrafanie is on it
Joe Rafaniello
@jrafanie
I'm not a fan but I'm not sure how to avoid it when the api tests dynamically create features on demand for tests that don't correctly specify which features they need to seed...
ashkuren
@ashkuren
Hi guys, please advise if there are an api endpoints for:
  1. Adding Automation Domain from git
  2. Managing Ansible credentials
  3. Managing Ansible repositories
Jason Frey
@Fryguy
  1. Yes, there is a git import action on the current automate_domains called "create_from_git" (we don't have it documented on https://www.manageiq.org/docs/reference/latest/api/reference/automate_domains.html, but I just opened an issue to get that documented)
\3. Ansible repositoriures are "configuration_script_sources": https://www.manageiq.org/docs/reference/latest/api/reference/configuration_script_sources.html
Nick LaMuro
@NickLaMuro
heh, "repositoriures"
Jason Frey
@Fryguy
it's French
Nick LaMuro
@NickLaMuro
lol
Jason Frey
@Fryguy
\2. I think you create ansible credentials via the authentications endpoint: https://www.manageiq.org/docs/reference/latest/api/reference/authentications.html
13 replies
Nick LaMuro
@NickLaMuro
yeah, I was just about to say that
Andrey Menezes
@AndreyMenezes
Hi guys, I'm trying to add another group to a user through the API. How to do this?
ashkuren
@ashkuren
@Fryguy thank you!
Rashed Mehmood
@rashidramk
Hi guys, I'm sending http POST api request using postman, but when I check my api logs, request method is GET. This issues is on Kasparov, the same api working fine on Ivanchuk.
Jason Frey
@Fryguy
all posts are becoming gets or just a specific one?
Rashed Mehmood
@rashidramk
All post requests.
all posts requests that I calling from API.
Jason Frey
@Fryguy
how weird - can you share the Postman setup and the logs?
Rashed Mehmood
@rashidramk

This the Postman request and response:
URL: http://10.0.2.4/api/automations/post_automation
Method: POST
Body:
{"action": "post_automation",
"endpoint": "test"
}

Error:
{
"error": {
"kind": "not_found",
"message": "Invalid Automation id post_automation specified",
"klass": "Api::NotFoundError"
}
}

And here is log from server: Server LOG:

[----] I, [2021-06-18T10:42:45.126035 #8947:2ae9ec479d4c] INFO -- : MIQ(Api::AutomationsController.log_request_initiated)
[----] I, [2021-06-18T10:42:45.126389 #8947:2ae9ec479d4c] INFO -- : MIQ(Api::AutomationsController.log_request) API Request: {:requested_at=>"2021-06-18 1
4:42:45 UTC", :method=>"GET", :url=>"https://10.0.2.4/api/automations/post_automation"}
[----] I, [2021-06-18T10:42:45.531784 #8947:2ae9ec479d4c] INFO -- : MIQ(Api::AutomationsController.log_request) Authentication: {:type=>"basic", :token=>nil,
:x_miq_group=>nil, :user=>"admin"}
[----] I, [2021-06-18T10:42:45.535616 #8947:2ae9ec479d4c] INFO -- : MIQ(Api::AutomationsController.log_request) Authorization: {:user=>"admin", :group=>"Evm
Group-super_administrator", :role=>"EvmRole-super_administrator", :tenant=>"My Company"}
[----] I, [2021-06-18T10:42:45.536217 #8947:2ae9ec479d4c] INFO -- : MIQ(Api::AutomationsController.log_request) Request: {:method=>:get, :action=>"rea
d", :fullpath=>"/api/automations/post_automation", :url=>"https://10.0.2.4/api/automations/post_automation", :base=>"https://10.0.2.4", :path=>"/api/automatio
ns/post_automation", :prefix=>"/api", :version=>"4.1.0", :api_prefix=>"https://10.0.2.4/api", :collection=>"automations", :c_suffix=>nil, :collection_id=>"pos
t_automation", :subcollection=>nil, :subcollection_id=>nil}

The same request on Postman is working fine for my other manageiq with ivanchuk
Jason Frey
@Fryguy
I wonder if that's a nuance of it being an error or an invalid id - do you get the same problesm with "valid" requests?
ashkuren
@ashkuren
is this a standard enpoint /api/automations ?
Rashed Mehmood
@rashidramk
This is valid type of request, the main issue is, it is converting POST request to GET and then error comes as invalid id. As I mentioned same request is working with version ivanchuk and I checked the log and it is still POST request.

is this a standard enpoint /api/automations ?

I'm adding custom API. Its working fine on other VM.

Jason Frey
@Fryguy
right, I'm asking whether you hvae this POST/GET switch with other endpoints like, say, /api/vms