<div dir="ltr"><div><div><div><div>192.168.200.1 - - [09/Nov/2016:05:45:35 +0000] &quot;GET /ovirt-engine/login?scope=ovirt-ext%3Dauth<br>%3Aidentity HTTP/1.1&quot; 302 -<br>192.168.200.1 - - [09/Nov/2016:05:45:36 +0000] &quot;GET /ovirt-engine/sso/oauth/authorize?client_id=ovirt-engine-core&amp;response_type=code&amp;engine_url=https%3A%2F%2Fhc-engine.lago.local%3A8443%2Fovirt-engine&amp;redirect_uri=https%3A%2F%2Fhc-engine.lago.local%3A8443%2Fovirt-engine%2Foauth2-callback&amp;scope=ovirt-ext%3Dauth%3Aidentity&amp;locale=en_US HTTP/1.1&quot; 302 -<br>192.168.200.1 - - [09/Nov/2016:05:45:36 +0000] &quot;GET /ovirt-engine/oauth2-callback?error_code=server_error&amp;error=The+client+is+not+authorized+to+request+an+authorization.+It%27s+required+to+access+the+system+using+FQDN. HTTP/1.1&quot; 302 -<br>127.0.0.1 - - [09/Nov/2016:05:45:36 +0000] &quot;POST /ovirt-engine/sso/status HTTP/1.1&quot; 200 76<br><br></div>Thanks, Nadav! so the local port 8443 was the issue. I would have thought the engine-url would be https%3A%2F%2Fhc-engine.lago.local%3A443 not https%3A%2F%2Fhc-engine.lago.local%3A8443<br><br></div></div></div><div><div><div><br></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Nov 8, 2016 at 9:23 PM, Nadav Goldin <span dir="ltr">&lt;<a href="mailto:ngoldin@redhat.com" target="_blank">ngoldin@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Try looking at the httpd logs on the engine VM:<br>
/var/lib/httpd/ssl_access_log while attempting to log and check it<br>
actually gets the proper fqdn, it should be something like(here with<br>
&quot;engine&quot; as the fqdn):<br>
<br>
192.168.200.1 - - [08/Nov/2016:10:46:41 -0500] &quot;GET<br>
/ovirt-engine/sso/oauth/<wbr>authorize?client_id=ovirt-<wbr>engine-core&amp;response_type=<wbr>code&amp;app_url=https%3A%2F%<wbr>2Fengine%2Fovirt-engine%<wbr>2Fwebadmin%2F%3Flocale%3Den_<wbr>US&amp;engine_url=https%3A%2F%<wbr>2Fengine%3A443%2Fovirt-engine&amp;<wbr>redirect_uri=https%3A%2F%<wbr>2Fengine%3A443%2Fovirt-engine%<wbr>2Fwebadmin%2Fsso%2Foauth2-<wbr>callback&amp;scope=ovirt-app-<wbr>admin+ovirt-app-portal+ovirt-<wbr>ext%3Dauth%3Asequence-<wbr>priority%3D%7E<br>
HTTP/1.1&quot; 3<br>
<br>
and here with a wrong fqdn(127.0.0.1):<br>
192.168.200.1 - - [08/Nov/2016:10:50:56 -0500] &quot;GET<br>
/ovirt-engine/sso/oauth/<wbr>authorize?client_id=ovirt-<wbr>engine-core&amp;response_type=<wbr>code&amp;app_url=https%3A%2F%<wbr>2F127.0.0.1%2Fovirt-engine%<wbr>2Fwebadmin%2F%3Flocale%3Den_<wbr>US&amp;engine_url=https%3A%2F%<wbr>2F127.0.0.1%3A443%2Fovirt-<wbr>engine&amp;redirect_uri=https%3A%<wbr>2F%2F127.0.0.1%3A443%2Fovirt-<wbr>engine%2Fwebadmin%2Fsso%<wbr>2Foauth2-callback&amp;scope=ovirt-<wbr>app-admin+ovirt-app-portal+<wbr>ovirt-ext%3Dauth%3Asequence-<wbr>priority%3D%7E<br>
HTTP/1.1&quot; 302 -<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
On Tue, Nov 8, 2016 at 12:07 PM, Sahina Bose &lt;<a href="mailto:sabose@redhat.com">sabose@redhat.com</a>&gt; wrote:<br>
&gt;<br>
&gt;<br>
&gt; On Tue, Nov 8, 2016 at 3:26 PM, Nadav Goldin &lt;<a href="mailto:ngoldin@redhat.com">ngoldin@redhat.com</a>&gt; wrote:<br>
&gt;&gt;<br>
&gt;&gt; Hi Sahina,<br>
&gt;&gt; the entries in /etc/hosts need to match the ones given in the answer<br>
&gt;&gt; file[1], maybe you configured something else?, this is from the master<br>
&gt;&gt; suite:<br>
&gt;&gt; &gt;OVESETUP_CONFIG/fqdn=str:<wbr>engine<br>
&gt;&gt; &gt;OVESETUP_ENGINE_CONFIG/fqdn=<wbr>str:engine<br>
&gt;&gt;<br>
&gt;&gt; [1]<br>
&gt;&gt; <a href="https://gerrit.ovirt.org/gitweb?p=ovirt-system-tests.git;a=blob;f=common/answer-files/el7_master.conf;h=8b7bd0b5aca905e270df9ce679998f7ae7d111b5;hb=HEAD" rel="noreferrer" target="_blank">https://gerrit.ovirt.org/<wbr>gitweb?p=ovirt-system-tests.<wbr>git;a=blob;f=common/answer-<wbr>files/el7_master.conf;h=<wbr>8b7bd0b5aca905e270df9ce679998f<wbr>7ae7d111b5;hb=HEAD</a><br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; [root@rhsdev-grafton1 deployment-basic_suite_hc]# grep ENGINE_FQDN<br>
&gt; current/test_logs/002_<wbr>bootstrap.add_dc_quota-<wbr>20161108124733/lago_basic_<wbr>suite_hc_engine/_var_log_<wbr>ovirt-engine/engine.log<br>
&gt; 2016-11-08 07:12:05,737 INFO<br>
&gt; [org.ovirt.engine.core.uutils.<wbr>config.ShellLikeConfd] (ServerService Thread<br>
&gt; Pool -- 45) [] Value of property &#39;ENGINE_FQDN&#39; is &#39;hc-engine.lago.local&#39;.<br>
&gt;<br>
&gt; And in<br>
&gt; <a href="https://gerrit.ovirt.org/#/c/57283/4/basic_suite_hc/generate-hc-answerfile.sh" rel="noreferrer" target="_blank">https://gerrit.ovirt.org/#/c/<wbr>57283/4/basic_suite_hc/<wbr>generate-hc-answerfile.sh</a><br>
&gt; - &#39;hc-engine.lago.local&#39; is passed to substitute fqdn value in answer file.<br>
&gt;<br>
&gt;<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; On Tue, Nov 8, 2016 at 11:47 AM, Sahina Bose &lt;<a href="mailto:sabose@redhat.com">sabose@redhat.com</a>&gt; wrote:<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; On Tue, Nov 8, 2016 at 3:01 PM, Nicolas Ecarnot &lt;<a href="mailto:nicolas@ecarnot.net">nicolas@ecarnot.net</a>&gt;<br>
&gt;&gt; &gt; wrote:<br>
&gt;&gt; &gt;&gt;<br>
&gt;&gt; &gt;&gt; Le 08/11/2016 à 09:25, Sahina Bose a écrit :<br>
&gt;&gt; &gt;&gt;<br>
&gt;&gt; &gt;&gt;<br>
&gt;&gt; &gt;&gt; 2. Cannot access the web url of engine:<br>
&gt;&gt; &gt;&gt; I&#39;ve setup tunnelling: ssh -L<br>
&gt;&gt; &gt;&gt; hc-engine.lago.local:8443:hc-<wbr>engine.lago.local:443<br>
&gt;&gt; &gt;&gt; <a href="mailto:root@rhsdev-grafton1.lab.eng.blr.redhat.com">root@rhsdev-grafton1.lab.eng.<wbr>blr.redhat.com</a><br>
&gt;&gt; &gt;&gt; But continue getting the error:<br>
&gt;&gt; &gt;&gt; The client is not authorized to request an authorization. It&#39;s required<br>
&gt;&gt; &gt;&gt; to<br>
&gt;&gt; &gt;&gt; access the system using FQDN.<br>
&gt;&gt; &gt;&gt;<br>
&gt;&gt; &gt;&gt;<br>
&gt;&gt; &gt;&gt; Would this be relevant?<br>
&gt;&gt; &gt;&gt;<br>
&gt;&gt; &gt;&gt;<br>
&gt;&gt; &gt;&gt;<br>
&gt;&gt; &gt;&gt; <a href="http://lists.ovirt.org/pipermail/lago-devel/Week-of-Mon-20160926/000244.html" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>pipermail/lago-devel/Week-of-<wbr>Mon-20160926/000244.html</a><br>
&gt;&gt; &gt;&gt;<br>
&gt;&gt; &gt;&gt; (Especially the part about /etc/hosts)<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; I did follow this thread -<br>
&gt;&gt; &gt; on my laptop, which is where I&#39;m trying the browser<br>
&gt;&gt; &gt; /etc/hosts<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; 127.0.0.1 hc-engine.lago.local<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; on the host running the engine i.e<br>
&gt;&gt; &gt; <a href="http://rhsdev-grafton1.lab.eng.blr.redhat.com" rel="noreferrer" target="_blank">rhsdev-grafton1.lab.eng.blr.<wbr>redhat.com</a><br>
&gt;&gt; &gt; /etc/hosts<br>
&gt;&gt; &gt; 192.168.200.99 hc-engine.lago.local<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; hostname on the engine VM = hc-engine.lago.local<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; What am I missing?<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt;&gt; --<br>
&gt;&gt; &gt;&gt; Nicolas ECARNOT<br>
&gt;&gt; &gt;&gt;<br>
&gt;&gt; &gt;&gt;<br>
&gt;&gt; &gt;&gt; ______________________________<wbr>_________________<br>
&gt;&gt; &gt;&gt; lago-devel mailing list<br>
&gt;&gt; &gt;&gt; <a href="mailto:lago-devel@ovirt.org">lago-devel@ovirt.org</a><br>
&gt;&gt; &gt;&gt; <a href="http://lists.ovirt.org/mailman/listinfo/lago-devel" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/lago-devel</a><br>
&gt;&gt; &gt;&gt;<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; ______________________________<wbr>_________________<br>
&gt;&gt; &gt; lago-devel mailing list<br>
&gt;&gt; &gt; <a href="mailto:lago-devel@ovirt.org">lago-devel@ovirt.org</a><br>
&gt;&gt; &gt; <a href="http://lists.ovirt.org/mailman/listinfo/lago-devel" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/lago-devel</a><br>
&gt;&gt; &gt;<br>
&gt;<br>
&gt;<br>
</div></div></blockquote></div><br></div>