<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">I'm not sure it's a good idea if you're running 4.0. This procedure does half of the job as it don't touch the custom java trust store and missing parts are mandatory for ovirt 4. So I'm now stuck with an unreachable UI after</div><div class="">an upgrade and I don't know if I can roll back. </div><br class=""><div><blockquote type="cite" class=""><div class="">Le 10 août 2016 à 17:30, Marcelo Leandro <<a href="mailto:marceloltmm@gmail.com" class="">marceloltmm@gmail.com</a>> a écrit :</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class=""><div class="">Good morning ,<br class=""><br class="">"You
need to have correctly set up engine FQDN and it has to be resolvable.
If you don't have correctly set engine FQDN, you can fix that using ovirt-engine-rename tool, more info can be found at:<br class=""><br class=""><a href="https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/" target="_blank" class="">https://www.ovirt.org/<wbr class="">documentation/how-to/<wbr class="">networking/<span class="">changing</span>-engine-<wbr class=""><span class="">hostname</span>/</a> "<br class=""><br class=""></div>can I make the procedure with host and vms in production?<br class=""><br class=""></div>Thanks.<br class=""></div><div class="gmail_extra"><br class=""><div class="gmail_quote">2016-08-03 14:34 GMT-03:00 Martin Perina <span dir="ltr" class=""><<a href="mailto:mperina@redhat.com" target="_blank" class="">mperina@redhat.com</a>></span>:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class=""><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br class=""></div><div class="gmail_extra"><br class=""><div class="gmail_quote"><span class="">On Wed, Aug 3, 2016 at 5:25 PM, Fabrice Bacchella <span dir="ltr" class=""><<a href="mailto:fabrice.bacchella@icloud.com" target="_blank" class="">fabrice.bacchella@icloud.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Next step :<br class="">
<br class="">
The UI says, even with a restarted navigator:<br class="">
<br class="">
org.codehaus.jackson.<wbr class="">JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null') at [Source: java.io.StringReader@74749f78; line: 3, column: 2]<br class=""></blockquote></span><div class=""><br class=""><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">I haven't seen this error before, could you please share server.log and engine.log?<br class=""></div> </div><span class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br class="">
<br class="">
I shift-reload, got a welcome screen, click on "Administration portal". I then got a warning. The vhost for ovirt is "ovirt.mydomain", but I got a redirect to:<br class="">
<a href="https://ovirt.mydomain/ovirt-engine/webadmin/sso/login?&app_url=https%3A%2F%2Fovirt.mydomain%2Fovirt-engine%2Fwebadmin%2F%3Flocale%3Den_US&locale=en_US" rel="noreferrer" target="_blank" class="">https://ovirt.mydomain/ovirt-<wbr class="">engine/webadmin/sso/login?&<wbr class="">app_url=https%3A%2F%2Fovirt.<wbr class="">mydomain%2Fovirt-engine%<wbr class="">2Fwebadmin%2F%3Flocale%3Den_<wbr class="">US&locale=en_US</a><br class="">
that then redirect to:<br class="">
<a href="https://realhost.mydomain/ovirt-engine/sso/oauth/authorize?client_id=ovirt-engine-core&response_type=code&redirect_uri=https%3A%2F%2Fovirt.mydomain%3A443%2Fovirt-engine%2Fwebadmin%2Fsso%2Foauth2-callback&scope=ovirt-app-admin+ovirt-app-portal+ovirt-ext%3Dauth%3Asequence-priority%3D%7E&state=5ku3vXkfb10" rel="noreferrer" target="_blank" class="">https://realhost.mydomain:443/<wbr class="">ovirt-engine/sso/oauth/<wbr class="">authorize?client_id=ovirt-<wbr class="">engine-core&response_type=<wbr class="">code&redirect_uri=https%3A%2F%<wbr class="">2Fovirt.mydomain%3A443%<wbr class="">2Fovirt-engine%2Fwebadmin%<wbr class="">2Fsso%2Foauth2-callback&scope=<wbr class="">ovirt-app-admin+ovirt-app-<wbr class="">portal+ovirt-ext%3Dauth%<wbr class="">3Asequence-priority%3D%7E&<wbr class="">state=5ku3vXkfb10</a><br class="">
<br class="">
And it fail with again with still:<br class="">
org.codehaus.jackson.<wbr class="">JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null') at [Source: java.io.StringReader@328a4512; line: 3, column: 2] </blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br class="">
Many requests were send to ovirt.mydomain, but just one to realhost.mydomain:443, I don't know why.<br class=""></blockquote></span><div class=""><br class=""><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">You need to have correctly set up engine FQDN and it has to be resolvable. If you don't have correctly set engine FQDN, you can fix that </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">using ovirt-engine-rename tool, more info can be found at:<br class=""><br class=""><a href="https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/" target="_blank" class="">https://www.ovirt.org/<wbr class="">documentation/how-to/<wbr class="">networking/changing-engine-<wbr class="">hostname/</a><br class=""><br class=""></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">Also be aware that you need to use that engine FQDN to access oVirt 4.0<br class=""><br class=""></div></div><span class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br class="">
I didn't ask for any SSO, I already use my own (CAS), it was working well and the update never ask for activating something new.<br class=""></blockquote></span><div class=""><br class=""><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">This is one of the oVirt 4.0 features, we have implemented OAUTH SSO for all engine parts: webadmin, userportal and restapi. If you are using CAS (althought it's officially supported by oVirt), that probably means you have configured cas authentication on Apache, passing authenticated username using aaa-misc as authn extension and aaa-ldap as authz extension (to get group memberships for authenticated user). If that's true then please take a look at <br class=""><br class=""><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1342192" target="_blank" class="">https://bugzilla.redhat.com/<wbr class="">show_bug.cgi?id=1342192</a><br class=""><br class=""></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">there are some changes on Apache configuration (the bug is for kerberos, but I suspect similar config is needed also for cas module in apache).<br class=""></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline"><br class=""></div></div><span class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br class="">
<br class="">
> Le 3 août 2016 à 15:09, Martin Perina <<a href="mailto:mperina@redhat.com" target="_blank" class="">mperina@redhat.com</a>> a écrit :<br class="">
><br class="">
> Hi,<br class="">
> please follow steps as described in BZ:<br class="">
><br class="">
> 1. Create /etc/ovirt-engine/engine.conf.<wbr class="">d/99-custom-truststore.conf (you may choose different filename but it has to end with '.conf' suffix) with following content:<br class="">
><br class="">
> ENGINE_HTTPS_PKI_TRUST_STORE=<wbr class="">"<full path to your java keystore>"<br class="">
> ENGINE_HTTPS_PKI_TRUST_STORE_<wbr class="">PASSWORD="<password to your java keystore>"<br class="">
><br class="">
> 2. Restart the engine<br class="">
><br class="">
> If the above doesn't work please attach server.log/engine.log<br class="">
><br class="">
> Thanks<br class="">
><br class="">
> Martin Perina<br class="">
<br class="">
</blockquote></span></div><br class=""></div></div>
<br class="">______________________________<wbr class="">_________________<br class="">
Users mailing list<br class="">
<a href="mailto:Users@ovirt.org" class="">Users@ovirt.org</a><br class="">
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank" class="">http://lists.ovirt.org/<wbr class="">mailman/listinfo/users</a><br class="">
<br class=""></blockquote></div><br class=""></div>
</div></blockquote></div><br class=""></body></html>