<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 29, 2016 at 11:56 AM, Nicolas Ecarnot <span dir="ltr"><<a href="mailto:nicolas@ecarnot.net" target="_blank">nicolas@ecarnot.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">Le 29/09/2016 à 10:30, Yedidyah Bar David a écrit :<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Thu, Sep 29, 2016 at 11:28 AM, Yedidyah Bar David <<a href="mailto:didi@redhat.com" target="_blank">didi@redhat.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Thu, Sep 29, 2016 at 10:59 AM, Nicolas Ecarnot <<a href="mailto:nicolas@ecarnot.net" target="_blank">nicolas@ecarnot.net</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Le 29/09/2016 à 08:36, Yedidyah Bar David a écrit :<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
On Wed, Sep 28, 2016 at 11:07 PM, Nicolas Ecarnot <<a href="mailto:nicolas@ecarnot.net" target="_blank">nicolas@ecarnot.net</a>><br>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Le 28/09/2016 à 20:47, Yaniv Kaul a écrit :<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Apart that, by connecting into the engine VM, I saw that the engine<br>
process was running, so I tried to access the web GUI, by running an SSH<br>
connection to the bare-metal host :<br>
ssh -L 8443:<a href="http://192.168.200.4:443" rel="noreferrer" target="_blank">192.168.200.4:443</a> <a href="mailto:root@serv-hv-dev01.sdis.isere.fr" target="_blank">root@serv-hv-dev01.sdis.isere.<wbr>fr</a><br>
<br>
<br>
Accessing <a href="https://localhost:8443/" rel="noreferrer" target="_blank">https://localhost:8443/</a> is working, but when trying to access<br>
the login screen, I'm left with :<br>
"The client is not authorized to request an authorization. It's required<br>
to access the system using FQDN."<br>
</blockquote>
<br>
<br>
<br>
Add to your /etc/hosts<br>
192.168.200.4 engine<br>
<br>
And connect to <a href="https://engine" rel="noreferrer" target="_blank">https://engine</a><br>
<br>
<br>
Yaniv,<br>
<br>
If you mean : "Change the /etc/hosts of the bare-metal server which is<br>
running Lago", I already tried that :<br>
<br>
root@serv-hv-dev01:/etc# cat /etc/hosts<br>
127.0.0.1 localhost localhost.localdomain localhost4<br>
localhost4.localdomain4<br>
::1 localhost localhost.localdomain localhost6<br>
localhost6.localdomain6<br>
192.168.200.4 engine <a href="http://lago-basic-suite-4-0-engine.la">lago-basic-suite-4-0-engine.la</a><wbr>go.local<br>
<br>
And of course, I adapted the "ssh -L" connection according to it :<br>
ssh -L 8443:engine:443 root@serv-hv-dev01<br>
or<br>
ssh -L 8443:lago-basic-suite-4-0-engi<wbr>ne.lago.local:443 root@serv-hv-dev01<br>
<br>
If you mean to change the /etc/hosts of the computer I'm initiating the<br>
ssh<br>
connection from, it does not seem relevant as it can not reach the<br>
internal<br>
192.168.200/24 virtual subnet.<br>
</blockquote>
<br>
<br>
You can do something like this:<br>
<br>
Add to your client's /etc/hosts:<br>
<br>
127.0.3.1 engine<br>
<br>
And then:<br>
<br>
ssh -L engine:8443:lago-basic-suite-4<wbr>-0-engine.lago.local:443<br>
root@serv-hv-dev01<br>
</blockquote>
<br>
<br>
Hello,<br>
<br>
Been there, tried that : to no avail.<br>
<br>
In the engine log, I see :<br>
<br>
2016-09-29 03:35:15,236 DEBUG [org.ovirt.engine.core.sso.uti<wbr>ls.SsoUtils]<br>
(default task-13) [] Parameter app_url not found request, using default<br>
value<br>
2016-09-29 03:35:15,236 ERROR [org.ovirt.engine.core.sso.uti<wbr>ls.SsoUtils]<br>
(default task-13) [] The client is not authorized to request an<br>
authorization. It's required to access the system using FQDN.<br>
2016-09-29 03:35:15,236 DEBUG [org.ovirt.engine.core.sso.uti<wbr>ls.SsoUtils]<br>
(default task-13) [] Exception:<br>
org.ovirt.engine.core.sso.util<wbr>s.OAuthException: The client is not authorized<br>
to request an authorization. It's required to access the system using FQDN.<br>
at<br>
org.ovirt.engine.core.sso.util<wbr>s.SsoUtils.validateClientReque<wbr>st(SsoUtils.java:460)<br>
[enginesso.jar:]<br>
at<br>
org.ovirt.engine.core.sso.serv<wbr>lets.OAuthAuthorizeServlet.<wbr>service(OAuthAuthorizeServlet.<wbr>java:51)<br>
[enginesso.jar:]<br>
<br>
<br>
<br>
Moreover, reading <a href="https://www.ovirt.org/release/4.0.4/" rel="noreferrer" target="_blank">https://www.ovirt.org/release/<wbr>4.0.4/</a> , I see :<br>
"it's required to access engine only using the same FQDN which was specified<br>
during engine-setup invocation."<br>
<br>
Isn't it the key of this issue?<br>
</blockquote>
<br>
Indeed.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Reading that, should I understand that from the moment this patch was merged<br>
in, the "ssh -L" trick could not work anymore?<br>
</blockquote>
<br>
I still do not understand why not. In your client's browser, just connect to<br>
<a href="https://engine:8443" rel="noreferrer" target="_blank">https://engine:8443</a>. Does this fail?<br>
</blockquote>
<br>
If it fails due to the port (no idea), you can try also listening on the<br>
"real" 443 port.<br>
</blockquote>
<br></div></div>
Hallelujah! That was it! It seems the port was also part of the problem.<br></blockquote><div><br></div><div>You managed to get Lago with hosted-engine in a 4GB RAM host? That's a Guinness world record! (shame, I managed in 8GB and thought I held that record).</div><div>Nice!</div><div>Y.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Thank you so much for your patience.<br>
Thank you to Didi, Yaniv, Nadav, and everyone who contributed to Lago and its doc.<br>
<br>
But don't relax, as now that I'm able to access Lago based oVirt's webGUI, I'm very likely to found new issues and keep bugging you for the years to come :)<span class="HOEnZb"><font color="#888888"><br>
<br>
<br>
-- <br>
Nicolas ECARNOT<br>
</font></span></blockquote></div><br></div></div>