<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">Le 11 août 2016 à 11:37, Fabrice Bacchella <<a href="mailto:fabrice.bacchella@icloud.com" class="">fabrice.bacchella@icloud.com</a>> a écrit :</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html charset=utf-8" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">Le 11 août 2016 à 09:31, Martin Perina <<a href="mailto:mperina@redhat.com" class="">mperina@redhat.com</a>> a écrit :</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Hi Fabrice,<br class=""><br class=""></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">so it seems to me that ovirt-engine-rename didn't work as expected, because you have changed ENGINE_FQDN in 10-setup-protocols.conf. We don't support user updates on automatically generated files in /etc/ovirt-engine/engine.conf.d/. Please next time you'd like to change something, change it in 99-custom-???.conf file.<br class=""></div></div></div></blockquote><div class=""><br class=""></div>I roll back this change, as you said it was not enough and then the rename command..</div><div class=""><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br class=""></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Now how to get things working: I'm afraid it would be long and painful process, but let's try:<br class=""><br class=""></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">1. Change manually ENGINE_FQDN to the new value you have used as new FQDN in ovirt-engine-rename in those files:<br class=""><br class=""> /etc/ovirt-engine/engine.conf.<wbr class="">d/10-setup-protocols.conf<br class=""> /etc/ovirt-engine/<wbr class="">imageuploader.conf.d/10-<wbr class="">engine-setup.conf<br class="">
/etc/ovirt-engine/isouploader.<wbr class="">conf.d/10-engine-setup.conf<br class="">
/etc/ovirt-engine/<wbr class="">logcollector.conf.d/10-engine-<wbr class="">setup.conf<br class=""><br class=""></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">2. Now, let's check your custom certificates, I know you are using your custom CA, does the trustore you have set into ENGINE_HTTPS_PKI_TRUST_STORE contains all certificates which are needed to verify HTTPS certificates you have set in Apache for new FQDN? If so, then please restart your engine and try<br class=""><br class=""></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Thanks<br class=""><br class=""></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Martin Perina<br class=""></div></div></div></blockquote></div><br class=""><div class="">I'm not sur the PKI part is the biggest problem. I managed to get it work after a rename and using a custom truststore with all the needed CA.</div><div class=""><br class=""></div><div class="">My main problem is with this strange </div><div class="">User login failure: java.lang.RuntimeException: server_error: org.codehaus.jackson.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')</div><div class=""><br class=""></div><div class="">that no one seems to understand where it came from. Ravi suggest to do not use custom certificate, but I think it's impossible to test this now, because of the incomplete operation of the rename command. So I will but back my trust store and we should focus on this message.</div><div class=""><br class=""></div><div class="">By the way, I'm on irc on the channel with the nick FabriceB.</div></div></div></blockquote><br class=""></div><div>Ok we finally nailed that problem with the help of Ravi Nori. Because of the new SSO settings, ovirt-engine made a called to itself, from within the same process. But it needed to go through apache to authentify itself by itself and was intercepted by my SSO setup. I will need to rewrite it and split URL.</div><div><br class=""></div><div><br class=""></div><br class=""></body></html>