
<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 9, 2016 at 8:05 PM, Juan Hernández <span dir="ltr">&lt;<a href="mailto:jhernand@redhat.com" target="_blank">jhernand@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-">On 11/09/2016 11:12 AM, Yaniv Kaul wrote:<br>

&gt;<br>

&gt;<br>

&gt; On Sat, Oct 15, 2016 at 1:04 AM, Ravi Nori &lt;<a href="mailto:rnori@redhat.com">rnori@redhat.com</a><br>

</span><span class="gmail-">&gt; &lt;mailto:<a href="mailto:rnori@redhat.com">rnori@redhat.com</a>&gt;&gt; wrote:<br>

&gt;<br>

&gt;     Also can you please try following command to directly obtain token<br>

&gt;     from SSO. Can replace engine with FQDN and IP to see if both work<br>

&gt;<br>

&gt;     curl -v -k -H &quot;Accept: application/json&quot;<br>

&gt;     &#39;https://&lt;engine&gt;:443/ovirt-<wbr>engine/sso/oauth/token?grant_<wbr>type=password&amp;username=admin@<wbr>internal&amp;password=123&amp;scope=<wbr>ovirt-app-api&#39;<br>

&gt;<br>

&gt;     You should see output similar to the one below<br>

&gt;<br>

&gt;     {&quot;access_token&quot;:&quot;<wbr>K0sBa0D3rLtmNTdMJ-<wbr>Q4FzOgCtGGY2cSFSCwbLkG94te9nDd<wbr>mEzHSizsFaOeNMdwOziIv3l2-<wbr>Uqm8bxWkMpwMA&quot;,&quot;scope&quot;:&quot;ovirt-<wbr>app-api<br>

&gt;     ovirt-ext=token-info:authz-<wbr>search<br>

&gt;     ovirt-ext=token-info:public-<wbr>authz-search<br>

&gt;     ovirt-ext=token-info:validate&quot;<wbr>,&quot;exp&quot;:-381399824,&quot;token_type&quot;<wbr>:&quot;bearer&quot;}<br>

&gt;<br>

&gt;<br>

&gt; Sorry it took me so long to get back to it, but here it is:<br>

&gt; {&quot;access_token&quot;:&quot;<wbr>eA8w0DaapkKAQ8tfHakzA-R0l-mjD_<wbr>CsTlAqBaH4iVVjXxQN33poXzt9UhPJ<wbr>LxMU8YOvVNX6LICcxL1EeAiAlw&quot;,&quot;<wbr>scope&quot;:&quot;ovirt-app-api<br>

&gt; ovirt-ext=token-info:authz-<wbr>search<br>

&gt; ovirt-ext=token-info:public-<wbr>authz-search<br>

&gt; ovirt-ext=token-info:validate&quot;<wbr>,&quot;exp&quot;:[&quot;java.lang.Long&quot;,<wbr>1479290132000],&quot;token_type&quot;:&quot;<wbr>bearer&quot;}<br>

&gt;<br>

<br>

</span>That &quot;java.lang.Long&quot; there is an error, but not related to this<br>

problem, as the SDK doesn&#39;t use the &quot;exp&quot; attribute. I guess it is a<br>

side effect of the recent change to use &quot;long&quot; instead of &quot;int&quot;, looks<br>

like the JSON library used in the engine doesn&#39;t like longs.<br>

<span class="gmail-"><br>

&gt; And here&#39;s the difference between the SDK and the manual curl command in<br>

&gt; ssl_access log:<br>

&gt; 192.168.201.1 - - [09/Nov/2016:04:52:19 -0500] &quot;POST<br>

&gt; /ovirt-engine/sso/oauth/token HTTP/1.1&quot; 404 74<br>

&gt; 192.168.201.1 - - [09/Nov/2016:04:55:32 -0500] &quot;GET<br>

&gt; /ovirt-engine/sso/oauth/token?<wbr>grant_type=password&amp;username=<wbr>admin@internal&amp;password=123&amp;<wbr>scope=ovirt-app-api<br>

&gt; HTTP/1.1&quot; 200 295<br>

&gt;<br>

<br>

</span>That difference is by design. The SDK uses POST to avoid sending the<br>

credentials (specially the password) as a query parameter, as that is<br>

most probably logged and archived.<br>

<br>

We discovered recently an issue with the Python SDK, due to a bug in the<br>

&quot;pycurl&quot; library:<br>

<br>

  Debug mode raises UnicodeDecodeError: &#39;utf8&#39; codec can&#39;t decode byte<br>

0x8d in position 7: invalid start byte<br>

  <a href="https://bugzilla.redhat.com/1392878" rel="noreferrer" target="_blank">https://bugzilla.redhat.com/<wbr>1392878</a><br>

<br>

It isn&#39;t exactly the same problem, but as the cause of that bug is a<br>

pointer that is used after releasing, it can cause all kinds of strange<br>

effects.<br>

<br>

Please try the latest build of the SDK.<br></blockquote><div><br></div><div>I thought I was:</div><div>python-ovirt-engine-sdk4-4.1.0-0.1.a0.20161108gitaad5627.fc24.x86_64</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

<span class="gmail-"><br>

&gt;<br>

&gt;<br>

&gt;     Thanks<br>

&gt;<br>

&gt;     Ravi<br>

&gt;<br>

&gt;     On Fri, Oct 14, 2016 at 4:00 PM, Yaniv Kaul &lt;<a href="mailto:ykaul@redhat.com">ykaul@redhat.com</a><br>

</span><span class="gmail-">&gt;     &lt;mailto:<a href="mailto:ykaul@redhat.com">ykaul@redhat.com</a>&gt;&gt; wrote:<br>

&gt;<br>

&gt;         On Oct 14, 2016 7:13 PM, &quot;Ravi Nori&quot; &lt;<a href="mailto:rnori@redhat.com">rnori@redhat.com</a><br>

</span><span class="gmail-">&gt;         &lt;mailto:<a href="mailto:rnori@redhat.com">rnori@redhat.com</a>&gt;&gt; wrote:<br>

&gt;         &gt;<br>

&gt;         &gt; SSO configuration looks good.<br>

&gt;         &gt;<br>

&gt;         &gt; Can you please share any additional httpd configuration in /etc/httpd/conf.d. Anything to do with LocationMatch for ovirt-engine urls.<br>

&gt;<br>

&gt;         This is a standard ovirt-system-tests on Lago installation,<br>

&gt;         nothing out of the ordinary,  but I&#39;ll check.<br>

&gt;         Y.<br>

&gt;<br>

&gt;         &gt;<br>

&gt;         &gt; On Fri, Oct 14, 2016 at 12:52 PM, Yaniv Kaul &lt;<a href="mailto:ykaul@redhat.com">ykaul@redhat.com</a><br>

</span><span class="gmail-">&gt;         &lt;mailto:<a href="mailto:ykaul@redhat.com">ykaul@redhat.com</a>&gt;&gt; wrote:<br>

&gt;         &gt;&gt;<br>

&gt;         &gt;&gt;<br>

&gt;         &gt;&gt;<br>

&gt;         &gt;&gt; On Fri, Oct 14, 2016 at 3:50 PM, Ravi Nori &lt;<a href="mailto:rnori@redhat.com">rnori@redhat.com</a><br>

</span><div><div class="gmail-h5">&gt;         &lt;mailto:<a href="mailto:rnori@redhat.com">rnori@redhat.com</a>&gt;&gt; wrote:<br>

&gt;         &gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt; Hi Yaniv,<br>

&gt;         &gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt; Can you check the output of<br>

&gt;         https:://&lt;engine&gt;/ovirt-<wbr>engine/sso/status in your browser and<br>

&gt;         see if the SSO service is active.<br>

&gt;         &gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt; If SSO is deployed, you should see an output similar to the<br>

&gt;         one below. Also are you able to login to webadmin using the<br>

&gt;         browser?<br>

&gt;         &gt;&gt;<br>

&gt;         &gt;&gt;<br>

&gt;         &gt;&gt; I am able to login using the webui.<br>

&gt;         &gt;&gt;<br>

&gt;         &gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt; {&quot;status_description&quot;:&quot;SSO Webapp<br>

&gt;         Deployed&quot;,&quot;version&quot;:&quot;0&quot;,&quot;<wbr>status&quot;:&quot;active&quot;}<br>

&gt;         &gt;&gt;<br>

&gt;         &gt;&gt;<br>

&gt;         &gt;&gt; Indeed:<br>

&gt;         &gt;&gt; {&quot;status_description&quot;:&quot;SSO Webapp<br>

&gt;         Deployed&quot;,&quot;version&quot;:&quot;0&quot;,&quot;<wbr>status&quot;:&quot;active&quot;}<br>

&gt;         &gt;&gt;<br>

&gt;         &gt;&gt; (not sure what &#39;version 0&#39; means?)<br>

&gt;         &gt;&gt;<br>

&gt;         &gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt; Please share the content of<br>

&gt;         /etc/ovirt-engine/engine.conf.<wbr>d/11-setup-sso.conf<br>

&gt;         &gt;&gt;<br>

&gt;         &gt;&gt;<br>

&gt;         &gt;&gt; [root@lago-basic-suite-master-<wbr>engine ~]# cat<br>

&gt;         /etc/ovirt-engine/engine.conf.<wbr>d/11-setup-sso.conf<br>

&gt;         &gt;&gt; ENGINE_SSO_CLIENT_ID=&quot;ovirt-<wbr>engine-core&quot;<br>

&gt;         &gt;&gt; ENGINE_SSO_CLIENT_SECRET=&quot;<wbr>bsOabtD7gE2McwLe80P109UV800XLx<wbr>4O&quot;<br>

&gt;         &gt;&gt; ENGINE_SSO_AUTH_URL=&quot;https://$<wbr>{ENGINE_FQDN}:443/ovirt-<wbr>engine/sso&quot;<br>

&gt;         &gt;&gt;<br>

&gt;         ENGINE_SSO_SERVICE_URL=&quot;<a href="https://localhost:443/ovirt-engine/sso" rel="noreferrer" target="_blank">https:<wbr>//localhost:443/ovirt-engine/<wbr>sso</a><br>

&gt;         &lt;<a href="https://localhost:443/ovirt-engine/sso" rel="noreferrer" target="_blank">https://localhost:443/ovirt-<wbr>engine/sso</a>&gt;&quot;<br>

&gt;         &gt;&gt; ENGINE_SSO_SERVICE_SSL_VERIFY_<wbr>HOST=false<br>

&gt;         &gt;&gt; ENGINE_SSO_SERVICE_SSL_VERIFY_<wbr>CHAIN=true<br>

&gt;         &gt;&gt; SSO_ALTERNATE_ENGINE_FQDNS=&quot;&quot;<br>

&gt;         &gt;&gt; SSO_ENGINE_URL=&quot;https://${<wbr>ENGINE_FQDN}:443/ovirt-engine/<wbr>&quot;<br>

&gt;         &gt;&gt;<br>

&gt;         &gt;&gt;<br>

&gt;         &gt;&gt; Thanks,<br>

&gt;         &gt;&gt; Y.<br>

&gt;         &gt;&gt;<br>

&gt;         &gt;&gt;<br>

&gt;         &gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt; Thanks<br>

&gt;         &gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt; Ravi<br>

&gt;         &gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt; On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández<br>

</div></div><span class="gmail-">&gt;         &lt;<a href="mailto:jhernand@redhat.com">jhernand@redhat.com</a> &lt;mailto:<a href="mailto:jhernand@redhat.com">jhernand@redhat.com</a>&gt;&gt; wrote:<br>

&gt;         &gt;&gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt;&gt; On 10/14/2016 01:45 PM, Yaniv Kaul wrote:<br>

&gt;         &gt;&gt;&gt;&gt; &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt; On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández<br>

&gt;         &lt;<a href="mailto:jhernand@redhat.com">jhernand@redhat.com</a> &lt;mailto:<a href="mailto:jhernand@redhat.com">jhernand@redhat.com</a>&gt;<br>

</span>&gt;         &gt;&gt;&gt;&gt; &gt; &lt;mailto:<a href="mailto:jhernand@redhat.com">jhernand@redhat.com</a><br>

<div class="gmail-HOEnZb"><div class="gmail-h5">&gt;         &lt;mailto:<a href="mailto:jhernand@redhat.com">jhernand@redhat.com</a>&gt;&gt;&gt; wrote:<br>

&gt;         &gt;&gt;&gt;&gt; &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     On 10/13/2016 12:04 AM, Yaniv Kaul wrote:<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul<br>

&gt;         &lt;<a href="mailto:ykaul@redhat.com">ykaul@redhat.com</a> &lt;mailto:<a href="mailto:ykaul@redhat.com">ykaul@redhat.com</a>&gt;<br>

&gt;         &lt;mailto:<a href="mailto:ykaul@redhat.com">ykaul@redhat.com</a> &lt;mailto:<a href="mailto:ykaul@redhat.com">ykaul@redhat.com</a>&gt;&gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; &lt;mailto:<a href="mailto:ykaul@redhat.com">ykaul@redhat.com</a> &lt;mailto:<a href="mailto:ykaul@redhat.com">ykaul@redhat.com</a>&gt;<br>

&gt;         &lt;mailto:<a href="mailto:ykaul@redhat.com">ykaul@redhat.com</a> &lt;mailto:<a href="mailto:ykaul@redhat.com">ykaul@redhat.com</a>&gt;&gt;&gt;&gt; wrote:<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;     I&#39;m trying on FC24, using<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;<br>

&gt;         python-ovirt-engine-sdk4-4.1.<wbr>0-0.0.20161003git056315d.fc24.<wbr>x86_64 to<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;     add a DC, and failing - against master. The<br>

&gt;         client is unhappy:<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;     File<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;<br>

&gt;         &quot;/home/ykaul/ovirt-system-<wbr>tests/basic-suite-master/test-<wbr>scenarios/002_bootstrap.py&quot;,<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;     line 98, in add_dc4<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;<br>

&gt;          version=sdk4.types.Version(<wbr>major=DC_VER_MAJ,minor=DC_VER_<wbr>MIN),<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;       File<br>

&gt;         &quot;/usr/lib64/python2.7/site-<wbr>packages/ovirtsdk4/services.<wbr>py&quot;,<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;     line 4347, in add<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;         response = self._connection.send(request)<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;       File<br>

&gt;         &quot;/usr/lib64/python2.7/site-<wbr>packages/ovirtsdk4/__init__.<wbr>py&quot;,<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;     line 276, in send<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;         return self.__send(request)<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;       File<br>

&gt;         &quot;/usr/lib64/python2.7/site-<wbr>packages/ovirtsdk4/__init__.<wbr>py&quot;,<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;     line 298, in __send<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;         self._sso_token = self._get_access_token()<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;       File<br>

&gt;         &quot;/usr/lib64/python2.7/site-<wbr>packages/ovirtsdk4/__init__.<wbr>py&quot;,<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;     line 460, in _get_access_token<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;         sso_response =<br>

&gt;         self._get_sso_response(self._<wbr>sso_url,<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     post_data)<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;       File<br>

&gt;         &quot;/usr/lib64/python2.7/site-<wbr>packages/ovirtsdk4/__init__.<wbr>py&quot;,<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;     line 498, in _get_sso_response<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;         return<br>

&gt;         json.loads(body_buf.getvalue()<wbr>.decode(&#39;utf-8&#39;))<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;       File &quot;/usr/lib64/python2.7/json/__<wbr>init__.py&quot;,<br>

&gt;         line 339, in loads<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;         return _default_decoder.decode(s)<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;       File &quot;/usr/lib64/python2.7/json/<wbr>decoder.py&quot;,<br>

&gt;         line 364, in decode<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;         obj, end = self.raw_decode(s, idx=_w(s,<br>

&gt;         0).end())<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;       File &quot;/usr/lib64/python2.7/json/<wbr>decoder.py&quot;,<br>

&gt;         line 382, in<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     raw_decode<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;         raise ValueError(&quot;No JSON object could be<br>

&gt;         decoded&quot;)<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;     ValueError: No JSON object could be decoded<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;     Surprisingly, I now can&#39;t find that RPM of this<br>

&gt;         SDK in<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;     <a href="http://resources.ovirt.org" rel="noreferrer" target="_blank">resources.ovirt.org</a><br>

&gt;         &lt;<a href="http://resources.ovirt.org" rel="noreferrer" target="_blank">http://resources.ovirt.org</a>&gt; &lt;<a href="http://resources.ovirt.org" rel="noreferrer" target="_blank">http://resources.ovirt.org</a>&gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &lt;<a href="http://resources.ovirt.org" rel="noreferrer" target="_blank">http://resources.ovirt.org</a>&gt; now.<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;     I&#39;ve tried<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;     with<br>

&gt;         &gt;&gt;&gt;&gt; &gt;<br>

&gt;          <a href="http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm" rel="noreferrer" target="_blank">http://resources.ovirt.org/<wbr>pub/ovirt-master-snapshot/rpm/<wbr>fc24/x86_64/python-ovirt-<wbr>engine-sdk4-4.0.0-0.1.<wbr>20161004gitf94eeb5.fc24.x86_<wbr>64.rpm</a><br>

&gt;         &lt;<a href="http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm" rel="noreferrer" target="_blank">http://resources.ovirt.org/<wbr>pub/ovirt-master-snapshot/rpm/<wbr>fc24/x86_64/python-ovirt-<wbr>engine-sdk4-4.0.0-0.1.<wbr>20161004gitf94eeb5.fc24.x86_<wbr>64.rpm</a>&gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;<br>

&gt;          &lt;<a href="http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm" rel="noreferrer" target="_blank">http://resources.ovirt.org/<wbr>pub/ovirt-master-snapshot/rpm/<wbr>fc24/x86_64/python-ovirt-<wbr>engine-sdk4-4.0.0-0.1.<wbr>20161004gitf94eeb5.fc24.x86_<wbr>64.rpm</a><br>

&gt;         &lt;<a href="http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm" rel="noreferrer" target="_blank">http://resources.ovirt.org/<wbr>pub/ovirt-master-snapshot/rpm/<wbr>fc24/x86_64/python-ovirt-<wbr>engine-sdk4-4.0.0-0.1.<wbr>20161004gitf94eeb5.fc24.x86_<wbr>64.rpm</a>&gt;&gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;<br>

&gt;         &lt;<a href="http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm" rel="noreferrer" target="_blank">http://resources.ovirt.org/<wbr>pub/ovirt-master-snapshot/rpm/<wbr>fc24/x86_64/python-ovirt-<wbr>engine-sdk4-4.0.0-0.1.<wbr>20161004gitf94eeb5.fc24.x86_<wbr>64.rpm</a><br>

&gt;         &lt;<a href="http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm" rel="noreferrer" target="_blank">http://resources.ovirt.org/<wbr>pub/ovirt-master-snapshot/rpm/<wbr>fc24/x86_64/python-ovirt-<wbr>engine-sdk4-4.0.0-0.1.<wbr>20161004gitf94eeb5.fc24.x86_<wbr>64.rpm</a>&gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;<br>

&gt;          &lt;<a href="http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm" rel="noreferrer" target="_blank">http://resources.ovirt.org/<wbr>pub/ovirt-master-snapshot/rpm/<wbr>fc24/x86_64/python-ovirt-<wbr>engine-sdk4-4.0.0-0.1.<wbr>20161004gitf94eeb5.fc24.x86_<wbr>64.rpm</a><br>

&gt;         &lt;<a href="http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm" rel="noreferrer" target="_blank">http://resources.ovirt.org/<wbr>pub/ovirt-master-snapshot/rpm/<wbr>fc24/x86_64/python-ovirt-<wbr>engine-sdk4-4.0.0-0.1.<wbr>20161004gitf94eeb5.fc24.x86_<wbr>64.rpm</a>&gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;     - same result.<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;     Did not see anything obvious on server or<br>

&gt;         engine logs.<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;     The code:<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;     def add_dc4(api):<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;         nt.assert_true(api != None)<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;         dcs_service =<br>

&gt;         api.system_service().data_<wbr>centers_service()<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;         nt.assert_true(<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;             dc = dcs_service.add(<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;                 sdk4.types.DataCenter(<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;                     name=DC_NAME4,<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;                     description=&#39;APIv4 DC&#39;,<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;                     local=False,<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;<br>

&gt;          version=sdk4.types.Version(<wbr>major=DC_VER_MAJ,minor=DC_VER_<wbr>MIN),<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;                 ),<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;             )<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;         )<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;     And the api object is from:<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;                 return sdk4.Connection(<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;                     url=url,<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;                     username=constants.ENGINE_<wbr>USER,<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;      password=str(self.metadata[&#39;<wbr>ovirt-engine-password&#39;]),<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;                     insecure=True,<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;                     debug=True,<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;                 )<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; The clue is actually on the HTTPd logs:<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] &quot;POST<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; /ovirt-engine/sso/oauth/token HTTP/1.1&quot; 404 74<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; And indeed, from the deubg log:<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; begin captured logging &lt;&lt; --------------------\n<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; root: DEBUG: Trying 192.168.203.3...\n<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; root: DEBUG: Connected to 192.168.203.3<br>

&gt;         (192.168.203.3) port 443<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     (#0)\n<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; root: DEBUG: Initializing NSS with certpath:<br>

&gt;         sql:/etc/pki/nssdb\n<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; root: DEBUG: skipping SSL peer certificate<br>

&gt;         verification\n<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; root: DEBUG: ALPN/NPN, server did not agree to a<br>

&gt;         protocol\n<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; root: DEBUG: SSL connection using<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     TLS_ECDHE_RSA_WITH_AES_128_<wbr>GCM_SHA256\n<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; root: DEBUG: Server certificate:\n<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; root: DEBUG: subject: CN=engine,O=Test,C=US\n<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; root: DEBUG: common name: engine\nroot: DEBUG: issuer:<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; CN=engine.38998,O=Test,C=US\n<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; *root: DEBUG: POST /ovirt-engine/sso/oauth/token<br>

&gt;         HTTP/1.1\n*<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; *root: DEBUG: Host: 192.168.203.3\n*<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n*<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; *root: DEBUG: Accept: application/json\n*<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; *root: DEBUG: Content-Length: 78\n*<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; *root: DEBUG: Content-Type:<br>

&gt;         application/x-www-form-<wbr>urlencoded\nroot:<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; DEBUG:<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;<br>

&gt;          username=admin%40internal&amp;<wbr>scope=ovirt-app-api&amp;password=<wbr>123&amp;grant_type=password\n*<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; *root: DEBUG: upload completely sent off: 78 out of<br>

&gt;         78 bytes\n*<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; *root: DEBUG: HTTP/1.1 404 Not Found\n*<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n*<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; *root: DEBUG: Server: Apache/2.4.6 (CentOS)<br>

&gt;         OpenSSL/1.0.1e-fips\n*<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; *root: DEBUG: Content-Length: 74\n*<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; *root: DEBUG: Content-Type: text/html; charset=UTF-8\n*<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; *root: DEBUG: \n*<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; *root: DEBUG:<br>

&gt;         &lt;html&gt;&lt;head&gt;&lt;title&gt;Error&lt;/<wbr>title&gt;&lt;/head&gt;&lt;body&gt;404 - Not<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; Found&lt;/body&gt;&lt;/html&gt;\n*<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; root: DEBUG: Connection #0 to host 192.168.203.3<br>

&gt;         left intact\n<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt; --------------------- &gt;&gt; end captured logging<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     That definitively looks like version 3 of the engine.<br>

&gt;         Either that or<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     version 4 of the engine with web server configuration<br>

&gt;         modified so that<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     the SSO doesn&#39;t work as expected.<br>

&gt;         &gt;&gt;&gt;&gt; &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     What do you get if you run this against that server?<br>

&gt;         &gt;&gt;&gt;&gt; &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt; Attached.<br>

&gt;         &gt;&gt;&gt;&gt; &gt; Y.<br>

&gt;         &gt;&gt;&gt;&gt; &gt;<br>

&gt;         &gt;&gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt;&gt; OK, that is version 4.1 of the engine, so next question is<br>

&gt;         why the SSO<br>

&gt;         &gt;&gt;&gt;&gt; service is not responding. Do you see any message in<br>

&gt;         &gt;&gt;&gt;&gt; /var/log/ovirt-engine/server.<wbr>log about &quot;enginesso.war&quot; not<br>

&gt;         being<br>

&gt;         &gt;&gt;&gt;&gt; deployed? Did you do any modification to the<br>

&gt;         &gt;&gt;&gt;&gt; /etc/httpd/conf.d/z-ovirt-<wbr>engine.conf file?<br>

&gt;         &gt;&gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt;&gt; Ravi, Martin, any idea of why the SSO service may not be<br>

&gt;         working?<br>

&gt;         &gt;&gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;       curl \<br>

&gt;         &gt;&gt;&gt;&gt; &gt;       --verbose \<br>

&gt;         &gt;&gt;&gt;&gt; &gt;       --insecure \<br>

&gt;         &gt;&gt;&gt;&gt; &gt;       --request GET \<br>

&gt;         &gt;&gt;&gt;&gt; &gt;       --user &quot;admin@internal:yourpassword&quot; \<br>

&gt;         &gt;&gt;&gt;&gt; &gt;       --header &quot;Version: 4&quot; \<br>

&gt;         &gt;&gt;&gt;&gt; &gt;       --header &quot;Accept: application/xml&quot; \<br>

&gt;         &gt;&gt;&gt;&gt; &gt;       &quot;<a href="https://thatserver/ovirt-engine/api" rel="noreferrer" target="_blank">https://thatserver/ovirt-<wbr>engine/api</a><br>

&gt;         &lt;<a href="https://thatserver/ovirt-engine/api" rel="noreferrer" target="_blank">https://thatserver/ovirt-<wbr>engine/api</a>&gt;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;     &lt;<a href="https://thatserver/ovirt-engine/api" rel="noreferrer" target="_blank">https://thatserver/ovirt-<wbr>engine/api</a><br>

&gt;         &lt;<a href="https://thatserver/ovirt-engine/api" rel="noreferrer" target="_blank">https://thatserver/ovirt-<wbr>engine/api</a>&gt;&gt;&quot;<br>

&gt;         &gt;&gt;&gt;&gt; &gt;<br>

&gt;         &gt;&gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt;&gt; --<br>

&gt;         &gt;&gt;&gt;&gt; Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea<br>

&gt;         3, planta<br>

&gt;         &gt;&gt;&gt;&gt; 3ºD, 28016 Madrid, Spain<br>

&gt;         &gt;&gt;&gt;&gt; Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941<br>

&gt;         - Red Hat S.L.<br>

&gt;         &gt;&gt;&gt;<br>

&gt;         &gt;&gt;&gt;<br>

&gt;         &gt;&gt;<br>

&gt;         &gt;<br>

&gt;<br>

&gt;<br>

&gt;<br>

<br>

<br>

--<br>

Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta<br>

3ºD, 28016 Madrid, Spain<br>

Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.<br>

</div></div></blockquote></div><br></div></div>