On Fri, Oct 14, 2016 at 12:52 PM, Yaniv Kaul <ykaul@redhat.com> wrote:

On Fri, Oct 14, 2016 at 3:50 PM, Ravi Nori <rnori@redhat.com> wrote:
Hi Yaniv,

Can you check the output of https:://<engine>/ovirt-engine/sso/status in your browser and see if the SSO service is active.

If SSO is deployed, you should see an output similar to the one below. Also are you able to login to webadmin using the browser?

I am able to login using the webui.

{"status_description":"SSO Webapp Deployed","version":"0","status":"active"}

Indeed:
{"status_description":"SSO Webapp Deployed","version":"0","status":"active"}

(not sure what 'version 0' means?)

Please share the content of /etc/ovirt-engine/engine.conf.d/11-setup-sso.conf

[root@lago-basic-suite-master-engine ~]# cat /etc/ovirt-engine/engine.conf.d/11-setup-sso.conf
ENGINE_SSO_CLIENT_ID="ovirt-engine-core"
ENGINE_SSO_CLIENT_SECRET="bsOabtD7gE2McwLe80P109UV800XLx4O"
ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso"
ENGINE_SSO_SERVICE_URL="https://localhost:443/ovirt-engine/sso"
ENGINE_SSO_SERVICE_SSL_VERIFY_HOST=false
ENGINE_SSO_SERVICE_SSL_VERIFY_CHAIN=true
SSO_ALTERNATE_ENGINE_FQDNS=""
SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/"

Thanks,
Y.
Thanks

Ravi
On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández <jhernand@redhat.com> wrote:
On 10/14/2016 01:45 PM, Yaniv Kaul wrote:
>
>
> On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández <jhernand@redhat.com
> <mailto:jhernand@redhat.com>> wrote:
>
> On 10/13/2016 12:04 AM, Yaniv Kaul wrote:
> > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <ykaul@redhat.com <mailto:ykaul@redhat.com>

> > <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>> wrote:
> >
> > I'm trying on FC24, using
> >
> python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64 to
> > add a DC, and failing - against master. The client is unhappy:
> > File
> >
> "/home/ykaul/ovirt-system-tests/basic-suite-master/test-scenarios/002_bootstrap.py",
> > line 98, in add_dc4
> > version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
> > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py",
> > line 4347, in add
> > response = self._connection.send(request)
> > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
> > line 276, in send
> > return self.__send(request)
> > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
> > line 298, in __send
> > self._sso_token = self._get_access_token()
> > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
> > line 460, in _get_access_token
> > sso_response = self._get_sso_response(self._sso_url,
> post_data)
> > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
> > line 498, in _get_sso_response
> > return json.loads(body_buf.getvalue().decode('utf-8'))
> > File "/usr/lib64/python2.7/json/__init__.py", line 339, in loads
> > return _default_decoder.decode(s)
> > File "/usr/lib64/python2.7/json/decoder.py", line 364, in decode
> > obj, end = self.raw_decode(s, idx=_w(s, 0).end())
> > File "/usr/lib64/python2.7/json/decoder.py", line 382, in
> raw_decode
> > raise ValueError("No JSON object could be decoded")
> > ValueError: No JSON object could be decoded
> >
> >
> > Surprisingly, I now can't find that RPM of this SDK in
> > resources.ovirt.org <http://resources.ovirt.org>
> <http://resources.ovirt.org> now.
> >
> > I've tried
> > with
> http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm
> <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm>
> >
> <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm
> <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm>>
> >
> > - same result.
> >
> > Did not see anything obvious on server or engine logs.
> > The code:
> > def add_dc4(api):
> > nt.assert_true(api != None)
> > dcs_service = api.system_service().data_centers_service()
> > nt.assert_true(
> > dc = dcs_service.add(
> > sdk4.types.DataCenter(
> > name=DC_NAME4,
> > description='APIv4 DC',
> > local=False,
> >
> > version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
> > ),
> > )
> > )
> >
> >
> > And the api object is from:
> > return sdk4.Connection(
> > url=url,
> > username=constants.ENGINE_USER,
> >
> password=str(self.metadata['ovirt-engine-password']),
> > insecure=True,
> > debug=True,
> > )
> >
> >
> > The clue is actually on the HTTPd logs:
> > 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST
> > /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
> >
> > And indeed, from the deubg log:
> > begin captured logging << --------------------\n
> > root: DEBUG: Trying 192.168.203.3...\n
> > root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port 443
> (#0)\n
> > root: DEBUG: Initializing NSS with certpath: sql:/etc/pki/nssdb\n
> > root: DEBUG: skipping SSL peer certificate verification\n
> > root: DEBUG: ALPN/NPN, server did not agree to a protocol\n
> > root: DEBUG: SSL connection using
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n
> > root: DEBUG: Server certificate:\n
> > root: DEBUG: subject: CN=engine,O=Test,C=US\n
> > root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n
> > root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n
> > root: DEBUG: common name: engine\nroot: DEBUG: issuer:
> > CN=engine.38998,O=Test,C=US\n
> > *root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n*
> > *root: DEBUG: Host: 192.168.203.3\n*
> > *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n*
> > *root: DEBUG: Accept: application/json\n*
> > *root: DEBUG: Content-Length: 78\n*
> > *root: DEBUG: Content-Type: application/x-www-form-urlencoded\nroot:
> > DEBUG:
> >
> username=admin%40internal&scope=ovirt-app-api&password=123&grant_type=password\n*
> > *root: DEBUG: upload completely sent off: 78 out of 78 bytes\n*
> > *root: DEBUG: HTTP/1.1 404 Not Found\n*
> > *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n*
> > *root: DEBUG: Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips\n*
> > *root: DEBUG: Content-Length: 74\n*
> > *root: DEBUG: Content-Type: text/html; charset=UTF-8\n*
> > *root: DEBUG: \n*
> > *root: DEBUG: <html><head><title>Error</title></head><body>404 - Not
> > Found</body></html>\n*
> > root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n
> > --------------------- >> end captured logging
> >
>
> That definitively looks like version 3 of the engine. Either that or
> version 4 of the engine with web server configuration modified so that
> the SSO doesn't work as expected.
>
> What do you get if you run this against that server?
>
>
> Attached.
> Y.
>

OK, that is version 4.1 of the engine, so next question is why the SSO
service is not responding. Do you see any message in
/var/log/ovirt-engine/server.log about "enginesso.war" not being
deployed? Did you do any modification to the
/etc/httpd/conf.d/z-ovirt-engine.conf file?

Ravi, Martin, any idea of why the SSO service may not be working?

>
>
> curl \
> --verbose \
> --insecure \
> --request GET \
> --user "admin@internal:yourpassword" \
> --header "Version: 4" \
> --header "Accept: application/xml" \
> "https://thatserver/ovirt-engine/api
> <https://thatserver/ovirt-engine/api>"
>

--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.