Actions
Bug #16775
closed
[umbrella ticket] problems with virtual machine permissions in a federated cluster
Added by Nico César over 4 years ago. Updated over 4 years ago.
Story points:
-
Description
Webshell session (by typing it directly works.)
As a user if I go to the menu "Virtual machines" I get a Not Found error
Files
| 2020-08-28_11-50_1.png (21.9 KB) 2020-08-28_11-50_1.png | Nico César, 08/28/2020 03:50 PM | ||
| 2020-08-28_11-50.png (19 KB) 2020-08-28_11-50.png | webshell | Nico César, 08/28/2020 03:50 PM |
Updated by Peter Amstutz over 4 years ago
Related, I can't set up a user with this VM.
{"method":"GET","path":"/users/setup","format":"js","controller":"UsersController","action":"setup","status":422,"duration":168.09,"view":0.18,"request_id":"req-9ojtemrlgf3yo46bmn5l",
"params":{"utf8":"✓","user_uuid":"jutro-tpzed-4kzy3ru32jks04c","openid_prefix":"https://www.google.com/accounts/o8/id","vm_uuid":"pirca-2x53u-fajzxqyzqjczi5y","groups":""},"@timestamp
":"2020-08-28T15:54:18.704Z","@version":"1","message":"[422] GET /users/setup (UsersController#setup)"}
#<ArvadosApiClient::ApiErrorResponseException: request failed: https://jutro.arvadosapi.com/arvados/v1/users/setup: 422 Unprocessable Entity: request failed: http://localhost:8004/arv
ados/v1/users/setup: 422 Unprocessable Entity: #<RuntimeError: No vm found for pirca-2x53u-fajzxqyzqjczi5y> (req-d7okbgn8i2w739w83jv2) [API: 422]>
/var/www/arvados-workbench/current/app/models/arvados_api_client.rb:180:in `api'
/var/www/arvados-workbench/current/app/models/user.rb:99:in `setup'
/var/www/arvados-workbench/current/app/controllers/users_controller.rb:223:in `block in setup'
/var/www/arvados-workbench/shared/vendor_bundle/ruby/2.5.0/gems/actionpack-5.0.7.2/lib/action_controller/metal/mime_responds.rb:195:in `respond_to'
/var/www/arvados-workbench/current/app/controllers/users_controller.rb:205:in `setup'
Updated by Peter Amstutz over 4 years ago
Here's the error.
The user setup is being forwarded to jutro. But, the VM exists on pirca, not jutro, so the setup fails with "not found" for the VM.
Aug 28 16:06:36 api.pirca.arvadosapi.com arvados-controller[25922]: {"PID":25922,"RequestID":"req-493kocbjkd1nzznoliv4","level":"info","msg":"response",
"remoteAddr":"127.0.0.1:43616","reqBytes":273,"reqForwardedFor":"10.254.0.199","reqHost":"pirca.arvadosapi.com","reqMethod":"POST",
"reqPath":"arvados/v1/users/setup",
"reqQuery":"","respBody":
"{\"errors\":[\"request failed: https://jutro.arvadosapi.com/arvados/v1/users/setup: 422 Unprocessable Entity: request failed: http://
localhost:8004/arvados/v1/users/setup: 422 Unprocessable Entity: #\\u003cRuntimeError: No vm found for pirca-2x53u-fajzxqyzqjczi5y\\u003e (req-493kocbjkd1nzzno
liv4)\"]}\n","respBytes":296,"respStatus":"Unprocessable Entity","respStatusCode":422,"time":"2020-08-28T16:06:36.400522433Z","timeToStatus":0.023293,"timeTota
l":0.023308,"timeWriteBody":0.000015}
Updated by Peter Amstutz over 4 years ago
Findings:
- There's a real bug setting up federated users with local VMs (#note-2)
- If I log in as nico's user it shows 1 VM in the list on pirca. jutro is not configured with any VMs, so we expect that list to be empty. I can log in with webshell with the nico user.
- The "mrubenfield" user is supposed to have an account on shell, but doesn't. This is why he can't login with webshell. I suspect that arvados-login-sync is skipping him because he hasn't uploaded an ssh public key. However, an ssh key is not needed to log in via webshell, so this is a bug in aravdos-login-sync.
- The javascript timeout hack in webshell UI isn't a factor here, although it is worth fixing. Also, in the process of looking into this, I ran into an issue with rails assets which might be new in 5.2?
Updated by Peter Amstutz over 4 years ago
- Related to Bug #16779: arvados-login-sync incorrectly skips users without an ssh key added
Updated by Peter Amstutz over 4 years ago
- Related to Bug #16773: webshell sends token too early added
Updated by Peter Amstutz over 4 years ago
- Related to Bug #16778: Cannot set up federated user with a VM with LoginCluster added
Updated by Peter Amstutz over 4 years ago
- Subject changed from Regular user can't see virtual machines in a federated cluster to problems with virtual machine permissions in a federated cluster
Updated by Peter Amstutz over 4 years ago
- Subject changed from problems with virtual machine permissions in a federated cluster to [umbrella ticket] problems with virtual machine permissions in a federated cluster
Updated by Peter Amstutz over 4 years ago
- Status changed from New to In Progress
Updated by Peter Amstutz over 4 years ago
- Target version changed from 2020-09-09 Sprint to 2020-09-23 Sprint
Updated by Peter Amstutz over 4 years ago
- Status changed from In Progress to Resolved
Actions