9:44 p.m.
I'm trying on FC24, using python-ovirt-engine-sdk4-4.1.0
-0.0.20161003git056315d.fc24.x86_64 to add a DC, and failing - against
master. The client is unhappy:
File
"/home/ykaul/ovirt-system-tests/basic-suite-master/test-scenarios/002_bootstrap.py",
line 98, in add_dc4
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py", line
4347, in add
response = self._connection.send(request)
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line
276, in send
return self.__send(request)
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line
298, in __send
self._sso_token = self._get_access_token()
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line
460, in _get_access_token
sso_response = self._get_sso_response(self._sso_url, post_data)
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line
498, in _get_sso_response
return json.loads(body_buf.getvalue().decode('utf-8'))
File "/usr/lib64/python2.7/json/__init__.py", line 339, in loads
return _default_decoder.decode(s)
File "/usr/lib64/python2.7/json/decoder.py", line 364, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib64/python2.7/json/decoder.py", line 382, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
Surprisingly, I now can't find that RPM of this SDK in resources.ovirt.org
now.
I've tried with http://resources.ovirt.org/pub/ovirt-master-snapshot/rp
m/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004git
f94eeb5.fc24.x86_64.rpm
- same result.
Did not see anything obvious on server or engine logs.
The code:
def add_dc4(api):
nt.assert_true(api != None)
dcs_service = api.system_service().data_centers_service()
nt.assert_true(
dc = dcs_service.add(
sdk4.types.DataCenter(
name=DC_NAME4,
description='APIv4 DC',
local=False,
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_
MIN),
),
)
)
And the api object is from:
return sdk4.Connection(
url=url,
username=constants.ENGINE_USER,
password=str(self.metadata['ovirt-engine-password']),
insecure=True,
debug=True,
)
9:33 a.m.
On 10/07/2016 09:44 PM, Yaniv Kaul wrote:
I'm trying on FC24, using
python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64 to add
a DC, and failing - against master. The client is unhappy:
File
"/home/ykaul/ovirt-system-tests/basic-suite-master/test-scenarios/002_bootstrap.py",
line 98, in add_dc4
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py", line
4347, in add
response = self._connection.send(request)
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line
276, in send
return self.__send(request)
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line
298, in __send
self._sso_token = self._get_access_token()
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line
460, in _get_access_token
sso_response = self._get_sso_response(self._sso_url, post_data)
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line
498, in _get_sso_response
return json.loads(body_buf.getvalue().decode('utf-8'))
File "/usr/lib64/python2.7/json/__init__.py", line 339, in loads
return _default_decoder.decode(s)
File "/usr/lib64/python2.7/json/decoder.py", line 364, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib64/python2.7/json/decoder.py", line 382, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
This error means something wrong during authentication.
The JSON SSO response returned something unexpected.
Anyway I've tried with current master and everything is fine for me.
Can you please send debug log of the SDK?
import loggging
logging.basicConfig(level=logging.DEBUG, filename='/tmp/debug.log')
return sdk4.Connection(
url=url,
username=constants.ENGINE_USER,
password=str(self.metadata['ovirt-engine-password']),
insecure=True,
log=logging.getLogger(),
debug=True,
)
Surprisingly, I now can't find that RPM of this SDK in
resources.ovirt.org <http://resources.ovirt.org> now.
I've tried
with
http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
- same result.
Did not see anything obvious on server or engine logs.
The code:
def add_dc4(api):
nt.assert_true(api != None)
dcs_service = api.system_service().data_centers_service()
nt.assert_true(
dc = dcs_service.add(
sdk4.types.DataCenter(
name=DC_NAME4,
description='APIv4 DC',
local=False,
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
),
)
)
And the api object is from:
return sdk4.Connection(
url=url,
username=constants.ENGINE_USER,
password=str(self.metadata['ovirt-engine-password']),
insecure=True,
debug=True,
)
_______________________________________________
Devel mailing list
Devel(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel
9:35 a.m.
On 10/07/2016 09:44 PM, Yaniv Kaul wrote:
I'm trying on FC24, using
python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64 to add
a DC, and failing - against master. The client is unhappy:
File
"/home/ykaul/ovirt-system-tests/basic-suite-master/test-scenarios/002_bootstrap.py",
line 98, in add_dc4
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py", line
4347, in add
response = self._connection.send(request)
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line
276, in send
return self.__send(request)
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line
298, in __send
self._sso_token = self._get_access_token()
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line
460, in _get_access_token
sso_response = self._get_sso_response(self._sso_url, post_data)
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line
498, in _get_sso_response
return json.loads(body_buf.getvalue().decode('utf-8'))
File "/usr/lib64/python2.7/json/__init__.py", line 339, in loads
return _default_decoder.decode(s)
File "/usr/lib64/python2.7/json/decoder.py", line 364, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib64/python2.7/json/decoder.py", line 382, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
That is what happens when you try to connect version 3 of the server
with version 4 of the SDK: OAuth authentication fails with this
unexpected error. Are you sure you are using version 4 of the engine?
Can you try a simpler request? For example, try this example:
https://github.com/oVirt/ovirt-engine-sdk/blob/master/sdk/examples/test_c...
That will generate an "example.log" file. Can you share it? Take into
account that the log will contain your password, so make sure to remove
it or share it privately.
Surprisingly, I now can't find that RPM of this SDK in
resources.ovirt.org <http://resources.ovirt.org> now.
I've tried
with
http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
- same result.
Did not see anything obvious on server or engine logs.
The code:
def add_dc4(api):
nt.assert_true(api != None)
dcs_service = api.system_service().data_centers_service()
nt.assert_true(
dc = dcs_service.add(
sdk4.types.DataCenter(
name=DC_NAME4,
description='APIv4 DC',
local=False,
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
),
)
)
And the api object is from:
return sdk4.Connection(
url=url,
username=constants.ENGINE_USER,
password=str(self.metadata['ovirt-engine-password']),
insecure=True,
debug=True,
)
_______________________________________________
Devel mailing list
Devel(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
12:04 a.m.
On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <ykaul(a)redhat.com> wrote:
I'm trying on FC24, using python-ovirt-engine-sdk4-4.1.0
-0.0.20161003git056315d.fc24.x86_64 to add a DC, and failing - against
master. The client is unhappy:
File
"/home/ykaul/ovirt-system-tests/basic-suite-master/test-scenarios/002_bootstrap.py",
line 98, in add_dc4
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py", line
4347, in add
response = self._connection.send(request)
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line
276, in send
return self.__send(request)
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line
298, in __send
self._sso_token = self._get_access_token()
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line
460, in _get_access_token
sso_response = self._get_sso_response(self._sso_url, post_data)
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line
498, in _get_sso_response
return json.loads(body_buf.getvalue().decode('utf-8'))
File "/usr/lib64/python2.7/json/__init__.py", line 339, in loads
return _default_decoder.decode(s)
File "/usr/lib64/python2.7/json/decoder.py", line 364, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib64/python2.7/json/decoder.py", line 382, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
Surprisingly, I now can't find that RPM of this SDK in resources.ovirt.org
now.
I've tried with http://resources.ovirt.org/pub/ovirt-master-snapshot/rp
m/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004git
f94eeb5.fc24.x86_64.rpm
- same result.
Did not see anything obvious on server or engine logs.
The code:
def add_dc4(api):
nt.assert_true(api != None)
dcs_service = api.system_service().data_centers_service()
nt.assert_true(
dc = dcs_service.add(
sdk4.types.DataCenter(
name=DC_NAME4,
description='APIv4 DC',
local=False,
version=sdk4.types.Version(maj
or=DC_VER_MAJ,minor=DC_VER_MIN),
),
)
)
And the api object is from:
return sdk4.Connection(
url=url,
username=constants.ENGINE_USER,
password=str(self.metadata['ovirt-engine-password']),
insecure=True,
debug=True,
)
The clue is actually on the HTTPd logs:
192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST
/ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
And indeed, from the deubg log:
begin captured logging << --------------------\n
root: DEBUG: Trying 192.168.203.3...\n
root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port 443 (#0)\n
root: DEBUG: Initializing NSS with certpath: sql:/etc/pki/nssdb\n
root: DEBUG: skipping SSL peer certificate verification\n
root: DEBUG: ALPN/NPN, server did not agree to a protocol\n
root: DEBUG: SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n
root: DEBUG: Server certificate:\n
root: DEBUG: subject: CN=engine,O=Test,C=US\n
root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n
root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n
root: DEBUG: common name: engine\nroot: DEBUG: issuer:
CN=engine.38998,O=Test,C=US\n
*root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n*
*root: DEBUG: Host: 192.168.203.3\n*
*root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n*
*root: DEBUG: Accept: application/json\n*
*root: DEBUG: Content-Length: 78\n*
*root: DEBUG: Content-Type: application/x-www-form-urlencoded\nroot: DEBUG:
username=admin%40internal&scope=ovirt-app-api&password=123&grant_type=password\n*
*root: DEBUG: upload completely sent off: 78 out of 78 bytes\n*
*root: DEBUG: HTTP/1.1 404 Not Found\n*
*root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n*
*root: DEBUG: Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips\n*
*root: DEBUG: Content-Length: 74\n*
*root: DEBUG: Content-Type: text/html; charset=UTF-8\n*
*root: DEBUG: \n*
*root: DEBUG:
<html><head><title>Error</title></head><body>404 -
Not
Found</body></html>\n*
root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n
--------------------- >> end captured logging
10:13 a.m.
On 10/13/2016 12:04 AM, Yaniv Kaul wrote:
On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <ykaul(a)redhat.com
<mailto:ykaul@redhat.com>> wrote:
I'm trying on FC24, using
python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64 to
add a DC, and failing - against master. The client is unhappy:
File
"/home/ykaul/ovirt-system-tests/basic-suite-master/test-scenarios/002_bootstrap.py",
line 98, in add_dc4
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py",
line 4347, in add
response = self._connection.send(request)
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
line 276, in send
return self.__send(request)
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
line 298, in __send
self._sso_token = self._get_access_token()
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
line 460, in _get_access_token
sso_response = self._get_sso_response(self._sso_url, post_data)
File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
line 498, in _get_sso_response
return json.loads(body_buf.getvalue().decode('utf-8'))
File "/usr/lib64/python2.7/json/__init__.py", line 339, in loads
return _default_decoder.decode(s)
File "/usr/lib64/python2.7/json/decoder.py", line 364, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib64/python2.7/json/decoder.py", line 382, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
Surprisingly, I now can't find that RPM of this SDK in
resources.ovirt.org <http://resources.ovirt.org> now.
I've tried
with
http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
- same result.
Did not see anything obvious on server or engine logs.
The code:
def add_dc4(api):
nt.assert_true(api != None)
dcs_service = api.system_service().data_centers_service()
nt.assert_true(
dc = dcs_service.add(
sdk4.types.DataCenter(
name=DC_NAME4,
description='APIv4 DC',
local=False,
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
),
)
)
And the api object is from:
return sdk4.Connection(
url=url,
username=constants.ENGINE_USER,
password=str(self.metadata['ovirt-engine-password']),
insecure=True,
debug=True,
)
The clue is actually on the HTTPd logs:
192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST
/ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
And indeed, from the deubg log:
begin captured logging << --------------------\n
root: DEBUG: Trying 192.168.203.3...\n
root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port 443 (#0)\n
root: DEBUG: Initializing NSS with certpath: sql:/etc/pki/nssdb\n
root: DEBUG: skipping SSL peer certificate verification\n
root: DEBUG: ALPN/NPN, server did not agree to a protocol\n
root: DEBUG: SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n
root: DEBUG: Server certificate:\n
root: DEBUG: subject: CN=engine,O=Test,C=US\n
root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n
root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n
root: DEBUG: common name: engine\nroot: DEBUG: issuer:
CN=engine.38998,O=Test,C=US\n
*root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n*
*root: DEBUG: Host: 192.168.203.3\n*
*root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n*
*root: DEBUG: Accept: application/json\n*
*root: DEBUG: Content-Length: 78\n*
*root: DEBUG: Content-Type: application/x-www-form-urlencoded\nroot:
DEBUG:
username=admin%40internal&scope=ovirt-app-api&password=123&grant_type=password\n*
*root: DEBUG: upload completely sent off: 78 out of 78 bytes\n*
*root: DEBUG: HTTP/1.1 404 Not Found\n*
*root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n*
*root: DEBUG: Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips\n*
*root: DEBUG: Content-Length: 74\n*
*root: DEBUG: Content-Type: text/html; charset=UTF-8\n*
*root: DEBUG: \n*
*root: DEBUG:
<html><head><title>Error</title></head><body>404 -
Not
Found</body></html>\n*
root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n
--------------------- >> end captured logging
That definitively looks like version 3 of the engine. Either that or
version 4 of the engine with web server configuration modified so that
the SSO doesn't work as expected.
What do you get if you run this against that server?
curl \
--verbose \
--insecure \
--request GET \
--user "admin@internal:yourpassword" \
--header "Version: 4" \
--header "Accept: application/xml" \
"https://thatserver/ovirt-engine/api"
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
1:45 p.m.
On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández <jhernand(a)redhat.com>
wrote:
On 10/13/2016 12:04 AM, Yaniv Kaul wrote:
> On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <ykaul(a)redhat.com
> <mailto:ykaul@redhat.com>> wrote:
>
> I'm trying on FC24, using
> python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64 to
> add a DC, and failing - against master. The client is unhappy:
> File
> "/home/ykaul/ovirt-system-tests/basic-suite-master/test-
scenarios/002_bootstrap.py",
> line 98, in add_dc4
> version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
> File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py",
> line 4347, in add
> response = self._connection.send(request)
> File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
> line 276, in send
> return self.__send(request)
> File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
> line 298, in __send
> self._sso_token = self._get_access_token()
> File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
> line 460, in _get_access_token
> sso_response = self._get_sso_response(self._sso_url, post_data)
> File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
> line 498, in _get_sso_response
> return json.loads(body_buf.getvalue().decode('utf-8'))
> File "/usr/lib64/python2.7/json/__init__.py", line 339, in loads
> return _default_decoder.decode(s)
> File "/usr/lib64/python2.7/json/decoder.py", line 364, in decode
> obj, end = self.raw_decode(s, idx=_w(s, 0).end())
> File "/usr/lib64/python2.7/json/decoder.py", line 382, in
raw_decode
> raise ValueError("No JSON object could be decoded")
> ValueError: No JSON object could be decoded
>
>
> Surprisingly, I now can't find that RPM of this SDK in
> resources.ovirt.org <http://resources.ovirt.org> now.
>
> I've tried
> with http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
20161004gitf94eeb5.fc24.x86_64.rpm
> <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
20161004gitf94eeb5.fc24.x86_64.rpm>
>
> - same result.
>
> Did not see anything obvious on server or engine logs.
> The code:
> def add_dc4(api):
> nt.assert_true(api != None)
> dcs_service = api.system_service().data_centers_service()
> nt.assert_true(
> dc = dcs_service.add(
> sdk4.types.DataCenter(
> name=DC_NAME4,
> description='APIv4 DC',
> local=False,
>
> version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
> ),
> )
> )
>
>
> And the api object is from:
> return sdk4.Connection(
> url=url,
> username=constants.ENGINE_USER,
> password=str(self.metadata['
ovirt-engine-password']),
> insecure=True,
> debug=True,
> )
>
>
> The clue is actually on the HTTPd logs:
> 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST
> /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
>
> And indeed, from the deubg log:
> begin captured logging << --------------------\n
> root: DEBUG: Trying 192.168.203.3...\n
> root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port 443 (#0)\n
> root: DEBUG: Initializing NSS with certpath: sql:/etc/pki/nssdb\n
> root: DEBUG: skipping SSL peer certificate verification\n
> root: DEBUG: ALPN/NPN, server did not agree to a protocol\n
> root: DEBUG: SSL connection using TLS_ECDHE_RSA_WITH_AES_128_
GCM_SHA256\n
> root: DEBUG: Server certificate:\n
> root: DEBUG: subject: CN=engine,O=Test,C=US\n
> root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n
> root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n
> root: DEBUG: common name: engine\nroot: DEBUG: issuer:
> CN=engine.38998,O=Test,C=US\n
> *root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n*
> *root: DEBUG: Host: 192.168.203.3\n*
> *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n*
> *root: DEBUG: Accept: application/json\n*
> *root: DEBUG: Content-Length: 78\n*
> *root: DEBUG: Content-Type: application/x-www-form-urlencoded\nroot:
> DEBUG:
> username=admin%40internal&scope=ovirt-app-api&password=
123&grant_type=password\n*
> *root: DEBUG: upload completely sent off: 78 out of 78 bytes\n*
> *root: DEBUG: HTTP/1.1 404 Not Found\n*
> *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n*
> *root: DEBUG: Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips\n*
> *root: DEBUG: Content-Length: 74\n*
> *root: DEBUG: Content-Type: text/html; charset=UTF-8\n*
> *root: DEBUG: \n*
> *root: DEBUG:
<html><head><title>Error</title></head><body>404 -
Not
> Found</body></html>\n*
> root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n
> --------------------- >> end captured logging
>
That definitively looks like version 3 of the engine. Either that or
version 4 of the engine with web server configuration modified so that
the SSO doesn't work as expected.
What do you get if you run this against that server?
Attached.
Y.
curl \
--verbose \
--insecure \
--request GET \
--user "admin@internal:yourpassword" \
--header "Version: 4" \
--header "Accept: application/xml" \
"https://thatserver/ovirt-engine/api"
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
1:57 p.m.
On 10/14/2016 01:45 PM, Yaniv Kaul wrote:
On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández <jhernand(a)redhat.com
<mailto:jhernand@redhat.com>> wrote:
On 10/13/2016 12:04 AM, Yaniv Kaul wrote:
> On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <ykaul(a)redhat.com
<mailto:ykaul@redhat.com>
> <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>> wrote:
>
> I'm trying on FC24, using
>
python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64 to
> add a DC, and failing - against master. The client is unhappy:
> File
>
"/home/ykaul/ovirt-system-tests/basic-suite-master/test-scenarios/002_bootstrap.py",
> line 98, in add_dc4
> version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
> File
"/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py",
> line 4347, in add
> response = self._connection.send(request)
> File
"/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
> line 276, in send
> return self.__send(request)
> File
"/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
> line 298, in __send
> self._sso_token = self._get_access_token()
> File
"/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
> line 460, in _get_access_token
> sso_response = self._get_sso_response(self._sso_url,
post_data)
> File
"/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
> line 498, in _get_sso_response
> return json.loads(body_buf.getvalue().decode('utf-8'))
> File "/usr/lib64/python2.7/json/__init__.py", line 339, in
loads
> return _default_decoder.decode(s)
> File "/usr/lib64/python2.7/json/decoder.py", line 364, in
decode
> obj, end = self.raw_decode(s, idx=_w(s, 0).end())
> File "/usr/lib64/python2.7/json/decoder.py", line 382, in
raw_decode
> raise ValueError("No JSON object could be decoded")
> ValueError: No JSON object could be decoded
>
>
> Surprisingly, I now can't find that RPM of this SDK in
> resources.ovirt.org <http://resources.ovirt.org>
<http://resources.ovirt.org> now.
>
> I've tried
> with
http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
>
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
>
> - same result.
>
> Did not see anything obvious on server or engine logs.
> The code:
> def add_dc4(api):
> nt.assert_true(api != None)
> dcs_service = api.system_service().data_centers_service()
> nt.assert_true(
> dc = dcs_service.add(
> sdk4.types.DataCenter(
> name=DC_NAME4,
> description='APIv4 DC',
> local=False,
>
> version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
> ),
> )
> )
>
>
> And the api object is from:
> return sdk4.Connection(
> url=url,
> username=constants.ENGINE_USER,
>
password=str(self.metadata['ovirt-engine-password']),
> insecure=True,
> debug=True,
> )
>
>
> The clue is actually on the HTTPd logs:
> 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST
> /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
>
> And indeed, from the deubg log:
> begin captured logging << --------------------\n
> root: DEBUG: Trying 192.168.203.3...\n
> root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port 443
(#0)\n
> root: DEBUG: Initializing NSS with certpath: sql:/etc/pki/nssdb\n
> root: DEBUG: skipping SSL peer certificate verification\n
> root: DEBUG: ALPN/NPN, server did not agree to a protocol\n
> root: DEBUG: SSL connection using
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n
> root: DEBUG: Server certificate:\n
> root: DEBUG: subject: CN=engine,O=Test,C=US\n
> root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n
> root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n
> root: DEBUG: common name: engine\nroot: DEBUG: issuer:
> CN=engine.38998,O=Test,C=US\n
> *root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n*
> *root: DEBUG: Host: 192.168.203.3\n*
> *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n*
> *root: DEBUG: Accept: application/json\n*
> *root: DEBUG: Content-Length: 78\n*
> *root: DEBUG: Content-Type: application/x-www-form-urlencoded\nroot:
> DEBUG:
>
username=admin%40internal&scope=ovirt-app-api&password=123&grant_type=password\n*
> *root: DEBUG: upload completely sent off: 78 out of 78 bytes\n*
> *root: DEBUG: HTTP/1.1 404 Not Found\n*
> *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n*
> *root: DEBUG: Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips\n*
> *root: DEBUG: Content-Length: 74\n*
> *root: DEBUG: Content-Type: text/html; charset=UTF-8\n*
> *root: DEBUG: \n*
> *root: DEBUG:
<html><head><title>Error</title></head><body>404 -
Not
> Found</body></html>\n*
> root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n
> --------------------- >> end captured logging
>
That definitively looks like version 3 of the engine. Either that or
version 4 of the engine with web server configuration modified so that
the SSO doesn't work as expected.
What do you get if you run this against that server?
Attached.
Y.
OK, that is version 4.1 of the engine, so next question is why the SSO
service is not responding. Do you see any message in
/var/log/ovirt-engine/server.log about "enginesso.war" not being
deployed? Did you do any modification to the
/etc/httpd/conf.d/z-ovirt-engine.conf file?
Ravi, Martin, any idea of why the SSO service may not be working?
curl \
--verbose \
--insecure \
--request GET \
--user "admin@internal:yourpassword" \
--header "Version: 4" \
--header "Accept: application/xml" \
"https://thatserver/ovirt-engine/api
<https://thatserver/ovirt-engine/api>"
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
2:50 p.m.
Hi Yaniv,
Can you check the output of https:://<engine>/ovirt-engine/sso/status in
your browser and see if the SSO service is active.
If SSO is deployed, you should see an output similar to the one below. Also
are you able to login to webadmin using the browser?
{"status_description":"SSO Webapp
Deployed","version":"0","status":"active"}
Please share the content of
/etc/ovirt-engine/engine.conf.d/11-setup-sso.conf
Thanks
Ravi
On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández <jhernand(a)redhat.com> wrote:
On 10/14/2016 01:45 PM, Yaniv Kaul wrote:
>
>
> On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández <jhernand(a)redhat.com
> <mailto:jhernand@redhat.com>> wrote:
>
> On 10/13/2016 12:04 AM, Yaniv Kaul wrote:
> > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <ykaul(a)redhat.com
<mailto:ykaul@redhat.com>
> > <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>> wrote:
> >
> > I'm trying on FC24, using
> >
> python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64
to
> > add a DC, and failing - against master. The client is unhappy:
> > File
> >
> "/home/ykaul/ovirt-system-tests/basic-suite-master/test-
scenarios/002_bootstrap.py",
> > line 98, in add_dc4
> > version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_
MIN),
> > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.
py",
> > line 4347, in add
> > response = self._connection.send(request)
> > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.
py",
> > line 276, in send
> > return self.__send(request)
> > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.
py",
> > line 298, in __send
> > self._sso_token = self._get_access_token()
> > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.
py",
> > line 460, in _get_access_token
> > sso_response = self._get_sso_response(self._sso_url,
> post_data)
> > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.
py",
> > line 498, in _get_sso_response
> > return json.loads(body_buf.getvalue().decode('utf-8'))
> > File "/usr/lib64/python2.7/json/__init__.py", line 339, in
loads
> > return _default_decoder.decode(s)
> > File "/usr/lib64/python2.7/json/decoder.py", line 364, in
decode
> > obj, end = self.raw_decode(s, idx=_w(s, 0).end())
> > File "/usr/lib64/python2.7/json/decoder.py", line 382, in
> raw_decode
> > raise ValueError("No JSON object could be decoded")
> > ValueError: No JSON object could be decoded
> >
> >
> > Surprisingly, I now can't find that RPM of this SDK in
> > resources.ovirt.org <http://resources.ovirt.org>
> <http://resources.ovirt.org> now.
> >
> > I've tried
> > with
> http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
20161004gitf94eeb5.fc24.x86_64.rpm
> <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
20161004gitf94eeb5.fc24.x86_64.rpm>
> >
> <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
20161004gitf94eeb5.fc24.x86_64.rpm
> <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
20161004gitf94eeb5.fc24.x86_64.rpm>>
> >
> > - same result.
> >
> > Did not see anything obvious on server or engine logs.
> > The code:
> > def add_dc4(api):
> > nt.assert_true(api != None)
> > dcs_service = api.system_service().data_centers_service()
> > nt.assert_true(
> > dc = dcs_service.add(
> > sdk4.types.DataCenter(
> > name=DC_NAME4,
> > description='APIv4 DC',
> > local=False,
> >
> > version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
> > ),
> > )
> > )
> >
> >
> > And the api object is from:
> > return sdk4.Connection(
> > url=url,
> > username=constants.ENGINE_USER,
> >
> password=str(self.metadata['ovirt-engine-password']),
> > insecure=True,
> > debug=True,
> > )
> >
> >
> > The clue is actually on the HTTPd logs:
> > 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST
> > /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
> >
> > And indeed, from the deubg log:
> > begin captured logging << --------------------\n
> > root: DEBUG: Trying 192.168.203.3...\n
> > root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port 443
> (#0)\n
> > root: DEBUG: Initializing NSS with certpath: sql:/etc/pki/nssdb\n
> > root: DEBUG: skipping SSL peer certificate verification\n
> > root: DEBUG: ALPN/NPN, server did not agree to a protocol\n
> > root: DEBUG: SSL connection using
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n
> > root: DEBUG: Server certificate:\n
> > root: DEBUG: subject: CN=engine,O=Test,C=US\n
> > root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n
> > root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n
> > root: DEBUG: common name: engine\nroot: DEBUG: issuer:
> > CN=engine.38998,O=Test,C=US\n
> > *root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n*
> > *root: DEBUG: Host: 192.168.203.3\n*
> > *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n*
> > *root: DEBUG: Accept: application/json\n*
> > *root: DEBUG: Content-Length: 78\n*
> > *root: DEBUG: Content-Type: application/x-www-form-
urlencoded\nroot:
> > DEBUG:
> >
> username=admin%40internal&scope=ovirt-app-api&password=
123&grant_type=password\n*
> > *root: DEBUG: upload completely sent off: 78 out of 78 bytes\n*
> > *root: DEBUG: HTTP/1.1 404 Not Found\n*
> > *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n*
> > *root: DEBUG: Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips\n*
> > *root: DEBUG: Content-Length: 74\n*
> > *root: DEBUG: Content-Type: text/html; charset=UTF-8\n*
> > *root: DEBUG: \n*
> > *root: DEBUG:
<html><head><title>Error</title></head><body>404 -
Not
> > Found</body></html>\n*
> > root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n
> > --------------------- >> end captured logging
> >
>
> That definitively looks like version 3 of the engine. Either that or
> version 4 of the engine with web server configuration modified so
that
> the SSO doesn't work as expected.
>
> What do you get if you run this against that server?
>
>
> Attached.
> Y.
>
OK, that is version 4.1 of the engine, so next question is why the SSO
service is not responding. Do you see any message in
/var/log/ovirt-engine/server.log about "enginesso.war" not being
deployed? Did you do any modification to the
/etc/httpd/conf.d/z-ovirt-engine.conf file?
Ravi, Martin, any idea of why the SSO service may not be working?
>
>
> curl \
> --verbose \
> --insecure \
> --request GET \
> --user "admin@internal:yourpassword" \
> --header "Version: 4" \
> --header "Accept: application/xml" \
> "https://thatserver/ovirt-engine/api
> <https://thatserver/ovirt-engine/api>"
>
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
6:52 p.m.
On Fri, Oct 14, 2016 at 3:50 PM, Ravi Nori <rnori(a)redhat.com> wrote:
Hi Yaniv,
Can you check the output of https:://<engine>/ovirt-engine/sso/status in
your browser and see if the SSO service is active.
If SSO is deployed, you should see an output similar to the one below.
Also are you able to login to webadmin using the browser?
I am able to login using the webui.
{"status_description":"SSO Webapp
Deployed","version":"0","
status":"active"}
Indeed:
{"status_description":"SSO Webapp
Deployed","version":"0","status":"active"}
(not sure what 'version 0' means?)
Please share the content of /etc/ovirt-engine/engine.conf.
d/11-setup-sso.conf
[root@lago-basic-suite-master-engine ~]# cat
/etc/ovirt-engine/engine.conf.d/11-setup-sso.conf
ENGINE_SSO_CLIENT_ID="ovirt-engine-core"
ENGINE_SSO_CLIENT_SECRET="bsOabtD7gE2McwLe80P109UV800XLx4O"
ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso"
ENGINE_SSO_SERVICE_URL="https://localhost:443/ovirt-engine/sso"
ENGINE_SSO_SERVICE_SSL_VERIFY_HOST=false
ENGINE_SSO_SERVICE_SSL_VERIFY_CHAIN=true
SSO_ALTERNATE_ENGINE_FQDNS=""
SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/"
Thanks,
Y.
Thanks
Ravi
On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández <jhernand(a)redhat.com>
wrote:
> On 10/14/2016 01:45 PM, Yaniv Kaul wrote:
> >
> >
> > On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández <jhernand(a)redhat.com
> > <mailto:jhernand@redhat.com>> wrote:
> >
> > On 10/13/2016 12:04 AM, Yaniv Kaul wrote:
> > > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <ykaul(a)redhat.com
> <mailto:ykaul@redhat.com>
> > > <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>>
wrote:
> > >
> > > I'm trying on FC24, using
> > >
> > python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64
> to
> > > add a DC, and failing - against master. The client is unhappy:
> > > File
> > >
> > "/home/ykaul/ovirt-system-tests/basic-suite-master/test-scen
> arios/002_bootstrap.py",
> > > line 98, in add_dc4
> > > version=sdk4.types.Version(ma
> jor=DC_VER_MAJ,minor=DC_VER_MIN),
> > > File "/usr/lib64/python2.7/site-pac
> kages/ovirtsdk4/services.py",
> > > line 4347, in add
> > > response = self._connection.send(request)
> > > File "/usr/lib64/python2.7/site-pac
> kages/ovirtsdk4/__init__.py",
> > > line 276, in send
> > > return self.__send(request)
> > > File "/usr/lib64/python2.7/site-pac
> kages/ovirtsdk4/__init__.py",
> > > line 298, in __send
> > > self._sso_token = self._get_access_token()
> > > File "/usr/lib64/python2.7/site-pac
> kages/ovirtsdk4/__init__.py",
> > > line 460, in _get_access_token
> > > sso_response = self._get_sso_response(self._sso_url,
> > post_data)
> > > File "/usr/lib64/python2.7/site-pac
> kages/ovirtsdk4/__init__.py",
> > > line 498, in _get_sso_response
> > > return json.loads(body_buf.getvalue().decode('utf-8'))
> > > File "/usr/lib64/python2.7/json/__init__.py", line 339,
in
> loads
> > > return _default_decoder.decode(s)
> > > File "/usr/lib64/python2.7/json/decoder.py", line 364,
in
> decode
> > > obj, end = self.raw_decode(s, idx=_w(s, 0).end())
> > > File "/usr/lib64/python2.7/json/decoder.py", line 382,
in
> > raw_decode
> > > raise ValueError("No JSON object could be decoded")
> > > ValueError: No JSON object could be decoded
> > >
> > >
> > > Surprisingly, I now can't find that RPM of this SDK in
> > > resources.ovirt.org <http://resources.ovirt.org>
> > <http://resources.ovirt.org> now.
> > >
> > > I've tried
> > > with
> > http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc
> 24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94e
> eb5.fc24.x86_64.rpm
> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/f
> c24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94
> eeb5.fc24.x86_64.rpm>
> > >
> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc
> 24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94e
> eb5.fc24.x86_64.rpm
> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/f
> c24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94
> eeb5.fc24.x86_64.rpm>>
> > >
> > > - same result.
> > >
> > > Did not see anything obvious on server or engine logs.
> > > The code:
> > > def add_dc4(api):
> > > nt.assert_true(api != None)
> > > dcs_service = api.system_service().data_centers_service()
> > > nt.assert_true(
> > > dc = dcs_service.add(
> > > sdk4.types.DataCenter(
> > > name=DC_NAME4,
> > > description='APIv4 DC',
> > > local=False,
> > >
> > > version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MI
> N),
> > > ),
> > > )
> > > )
> > >
> > >
> > > And the api object is from:
> > > return sdk4.Connection(
> > > url=url,
> > > username=constants.ENGINE_USER,
> > >
> > password=str(self.metadata['ovirt-engine-password']),
> > > insecure=True,
> > > debug=True,
> > > )
> > >
> > >
> > > The clue is actually on the HTTPd logs:
> > > 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST
> > > /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
> > >
> > > And indeed, from the deubg log:
> > > begin captured logging << --------------------\n
> > > root: DEBUG: Trying 192.168.203.3...\n
> > > root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port 443
> > (#0)\n
> > > root: DEBUG: Initializing NSS with certpath: sql:/etc/pki/nssdb\n
> > > root: DEBUG: skipping SSL peer certificate verification\n
> > > root: DEBUG: ALPN/NPN, server did not agree to a protocol\n
> > > root: DEBUG: SSL connection using
> > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n
> > > root: DEBUG: Server certificate:\n
> > > root: DEBUG: subject: CN=engine,O=Test,C=US\n
> > > root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n
> > > root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n
> > > root: DEBUG: common name: engine\nroot: DEBUG: issuer:
> > > CN=engine.38998,O=Test,C=US\n
> > > *root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n*
> > > *root: DEBUG: Host: 192.168.203.3\n*
> > > *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n*
> > > *root: DEBUG: Accept: application/json\n*
> > > *root: DEBUG: Content-Length: 78\n*
> > > *root: DEBUG: Content-Type: application/x-www-form-urlenco
> ded\nroot:
> > > DEBUG:
> > >
> > username=admin%40internal&scope=ovirt-app-api&password=123&
> grant_type=password\n*
> > > *root: DEBUG: upload completely sent off: 78 out of 78 bytes\n*
> > > *root: DEBUG: HTTP/1.1 404 Not Found\n*
> > > *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n*
> > > *root: DEBUG: Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips\n*
> > > *root: DEBUG: Content-Length: 74\n*
> > > *root: DEBUG: Content-Type: text/html; charset=UTF-8\n*
> > > *root: DEBUG: \n*
> > > *root: DEBUG:
<html><head><title>Error</title></head><body>404 -
> Not
> > > Found</body></html>\n*
> > > root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n
> > > --------------------- >> end captured logging
> > >
> >
> > That definitively looks like version 3 of the engine. Either that or
> > version 4 of the engine with web server configuration modified so
> that
> > the SSO doesn't work as expected.
> >
> > What do you get if you run this against that server?
> >
> >
> > Attached.
> > Y.
> >
>
> OK, that is version 4.1 of the engine, so next question is why the SSO
> service is not responding. Do you see any message in
> /var/log/ovirt-engine/server.log about "enginesso.war" not being
> deployed? Did you do any modification to the
> /etc/httpd/conf.d/z-ovirt-engine.conf file?
>
> Ravi, Martin, any idea of why the SSO service may not be working?
>
> >
> >
> > curl \
> > --verbose \
> > --insecure \
> > --request GET \
> > --user "admin@internal:yourpassword" \
> > --header "Version: 4" \
> > --header "Accept: application/xml" \
> > "https://thatserver/ovirt-engine/api
> > <https://thatserver/ovirt-engine/api>"
> >
>
>
> --
> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
> 3ºD, 28016 Madrid, Spain
> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
>
7:12 p.m.
SSO configuration looks good.
Can you please share any additional httpd configuration in
/etc/httpd/conf.d. Anything to do with LocationMatch for ovirt-engine urls.
On Fri, Oct 14, 2016 at 12:52 PM, Yaniv Kaul <ykaul(a)redhat.com> wrote:
On Fri, Oct 14, 2016 at 3:50 PM, Ravi Nori <rnori(a)redhat.com> wrote:
> Hi Yaniv,
>
> Can you check the output of https:://<engine>/ovirt-engine/sso/status in
> your browser and see if the SSO service is active.
>
> If SSO is deployed, you should see an output similar to the one below.
> Also are you able to login to webadmin using the browser?
>
I am able to login using the webui.
>
> {"status_description":"SSO Webapp
Deployed","version":"0","statu
> s":"active"}
>
Indeed:
{"status_description":"SSO Webapp
Deployed","version":"0","
status":"active"}
(not sure what 'version 0' means?)
>
> Please share the content of /etc/ovirt-engine/engine.conf.
> d/11-setup-sso.conf
>
[root@lago-basic-suite-master-engine ~]# cat
/etc/ovirt-engine/engine.conf.d/11-setup-sso.conf
ENGINE_SSO_CLIENT_ID="ovirt-engine-core"
ENGINE_SSO_CLIENT_SECRET="bsOabtD7gE2McwLe80P109UV800XLx4O"
ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso"
ENGINE_SSO_SERVICE_URL="https://localhost:443/ovirt-engine/sso"
ENGINE_SSO_SERVICE_SSL_VERIFY_HOST=false
ENGINE_SSO_SERVICE_SSL_VERIFY_CHAIN=true
SSO_ALTERNATE_ENGINE_FQDNS=""
SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/"
Thanks,
Y.
>
> Thanks
>
> Ravi
>
>
>
>
>
> On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández <jhernand(a)redhat.com>
> wrote:
>
>> On 10/14/2016 01:45 PM, Yaniv Kaul wrote:
>> >
>> >
>> > On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández <jhernand(a)redhat.com
>> > <mailto:jhernand@redhat.com>> wrote:
>> >
>> > On 10/13/2016 12:04 AM, Yaniv Kaul wrote:
>> > > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <ykaul(a)redhat.com
>> <mailto:ykaul@redhat.com>
>> > > <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>>
wrote:
>> > >
>> > > I'm trying on FC24, using
>> > >
>> > python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64
>> to
>> > > add a DC, and failing - against master. The client is
>> unhappy:
>> > > File
>> > >
>> > "/home/ykaul/ovirt-system-tests/basic-suite-master/test-scen
>> arios/002_bootstrap.py",
>> > > line 98, in add_dc4
>> > > version=sdk4.types.Version(ma
>> jor=DC_VER_MAJ,minor=DC_VER_MIN),
>> > > File "/usr/lib64/python2.7/site-pac
>> kages/ovirtsdk4/services.py",
>> > > line 4347, in add
>> > > response = self._connection.send(request)
>> > > File "/usr/lib64/python2.7/site-pac
>> kages/ovirtsdk4/__init__.py",
>> > > line 276, in send
>> > > return self.__send(request)
>> > > File "/usr/lib64/python2.7/site-pac
>> kages/ovirtsdk4/__init__.py",
>> > > line 298, in __send
>> > > self._sso_token = self._get_access_token()
>> > > File "/usr/lib64/python2.7/site-pac
>> kages/ovirtsdk4/__init__.py",
>> > > line 460, in _get_access_token
>> > > sso_response = self._get_sso_response(self._sso_url,
>> > post_data)
>> > > File "/usr/lib64/python2.7/site-pac
>> kages/ovirtsdk4/__init__.py",
>> > > line 498, in _get_sso_response
>> > > return
json.loads(body_buf.getvalue().decode('utf-8'))
>> > > File "/usr/lib64/python2.7/json/__init__.py", line
339,
>> in loads
>> > > return _default_decoder.decode(s)
>> > > File "/usr/lib64/python2.7/json/decoder.py", line
364, in
>> decode
>> > > obj, end = self.raw_decode(s, idx=_w(s, 0).end())
>> > > File "/usr/lib64/python2.7/json/decoder.py", line
382, in
>> > raw_decode
>> > > raise ValueError("No JSON object could be
decoded")
>> > > ValueError: No JSON object could be decoded
>> > >
>> > >
>> > > Surprisingly, I now can't find that RPM of this SDK in
>> > > resources.ovirt.org <http://resources.ovirt.org>
>> > <http://resources.ovirt.org> now.
>> > >
>> > > I've tried
>> > > with
>> > http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc
>> 24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94e
>> eb5.fc24.x86_64.rpm
>> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/f
>> c24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94
>> eeb5.fc24.x86_64.rpm>
>> > >
>> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc
>> 24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94e
>> eb5.fc24.x86_64.rpm
>> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/f
>> c24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94
>> eeb5.fc24.x86_64.rpm>>
>> > >
>> > > - same result.
>> > >
>> > > Did not see anything obvious on server or engine logs.
>> > > The code:
>> > > def add_dc4(api):
>> > > nt.assert_true(api != None)
>> > > dcs_service = api.system_service().data_cent
>> ers_service()
>> > > nt.assert_true(
>> > > dc = dcs_service.add(
>> > > sdk4.types.DataCenter(
>> > > name=DC_NAME4,
>> > > description='APIv4 DC',
>> > > local=False,
>> > >
>> > > version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MI
>> N),
>> > > ),
>> > > )
>> > > )
>> > >
>> > >
>> > > And the api object is from:
>> > > return sdk4.Connection(
>> > > url=url,
>> > > username=constants.ENGINE_USER,
>> > >
>> > password=str(self.metadata['ovirt-engine-password']),
>> > > insecure=True,
>> > > debug=True,
>> > > )
>> > >
>> > >
>> > > The clue is actually on the HTTPd logs:
>> > > 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST
>> > > /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
>> > >
>> > > And indeed, from the deubg log:
>> > > begin captured logging << --------------------\n
>> > > root: DEBUG: Trying 192.168.203.3...\n
>> > > root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port 443
>> > (#0)\n
>> > > root: DEBUG: Initializing NSS with certpath: sql:/etc/pki/nssdb\n
>> > > root: DEBUG: skipping SSL peer certificate verification\n
>> > > root: DEBUG: ALPN/NPN, server did not agree to a protocol\n
>> > > root: DEBUG: SSL connection using
>> > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n
>> > > root: DEBUG: Server certificate:\n
>> > > root: DEBUG: subject: CN=engine,O=Test,C=US\n
>> > > root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n
>> > > root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n
>> > > root: DEBUG: common name: engine\nroot: DEBUG: issuer:
>> > > CN=engine.38998,O=Test,C=US\n
>> > > *root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n*
>> > > *root: DEBUG: Host: 192.168.203.3\n*
>> > > *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n*
>> > > *root: DEBUG: Accept: application/json\n*
>> > > *root: DEBUG: Content-Length: 78\n*
>> > > *root: DEBUG: Content-Type: application/x-www-form-urlenco
>> ded\nroot:
>> > > DEBUG:
>> > >
>> > username=admin%40internal&scope=ovirt-app-api&password=123&
>> grant_type=password\n*
>> > > *root: DEBUG: upload completely sent off: 78 out of 78 bytes\n*
>> > > *root: DEBUG: HTTP/1.1 404 Not Found\n*
>> > > *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n*
>> > > *root: DEBUG: Server: Apache/2.4.6 (CentOS)
>> OpenSSL/1.0.1e-fips\n*
>> > > *root: DEBUG: Content-Length: 74\n*
>> > > *root: DEBUG: Content-Type: text/html; charset=UTF-8\n*
>> > > *root: DEBUG: \n*
>> > > *root: DEBUG:
<html><head><title>Error</title></head><body>404
>> - Not
>> > > Found</body></html>\n*
>> > > root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n
>> > > --------------------- >> end captured logging
>> > >
>> >
>> > That definitively looks like version 3 of the engine. Either that
>> or
>> > version 4 of the engine with web server configuration modified so
>> that
>> > the SSO doesn't work as expected.
>> >
>> > What do you get if you run this against that server?
>> >
>> >
>> > Attached.
>> > Y.
>> >
>>
>> OK, that is version 4.1 of the engine, so next question is why the SSO
>> service is not responding. Do you see any message in
>> /var/log/ovirt-engine/server.log about "enginesso.war" not being
>> deployed? Did you do any modification to the
>> /etc/httpd/conf.d/z-ovirt-engine.conf file?
>>
>> Ravi, Martin, any idea of why the SSO service may not be working?
>>
>> >
>> >
>> > curl \
>> > --verbose \
>> > --insecure \
>> > --request GET \
>> > --user "admin@internal:yourpassword" \
>> > --header "Version: 4" \
>> > --header "Accept: application/xml" \
>> > "https://thatserver/ovirt-engine/api
>> > <https://thatserver/ovirt-engine/api>"
>> >
>>
>>
>> --
>> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
>> 3ºD, 28016 Madrid, Spain
>> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
>>
>
>
10 p.m.
On Oct 14, 2016 7:13 PM, "Ravi Nori" <rnori(a)redhat.com> wrote:
SSO configuration looks good.
Can you please share any additional httpd configuration in
/etc/httpd/conf.d.
Anything to do with LocationMatch for ovirt-engine urls.
This is a standard ovirt-system-tests on Lago installation, nothing out of
the ordinary, but I'll check.
Y.
On Fri, Oct 14, 2016 at 12:52 PM, Yaniv Kaul <ykaul(a)redhat.com> wrote:
>
>
>
> On Fri, Oct 14, 2016 at 3:50 PM, Ravi Nori <rnori(a)redhat.com> wrote:
>>
>> Hi Yaniv,
>>
>> Can you check the output of https:://<engine>/ovirt-engine/sso/status
in your browser and see if the SSO service is active.
>>
>> If SSO is deployed, you should see an output similar to the one below.
Also
are you able to login to webadmin using the browser?
>
>
> I am able to login using the webui.
>
>>
>>
>> {"status_description":"SSO Webapp
Deployed","version":"0","status":"active"}
>
>
> Indeed:
> {"status_description":"SSO Webapp
Deployed","version":"0","status":"active"}
>
> (not sure what 'version 0' means?)
>
>>
>>
>> Please share the content of
/etc/ovirt-engine/engine.conf.d/11-setup-sso.conf
>
>
> [root@lago-basic-suite-master-engine ~]# cat
/etc/ovirt-engine/engine.conf.d/11-setup-sso.conf
> ENGINE_SSO_CLIENT_ID="ovirt-engine-core"
> ENGINE_SSO_CLIENT_SECRET="bsOabtD7gE2McwLe80P109UV800XLx4O"
> ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso"
> ENGINE_SSO_SERVICE_URL="https://localhost:443/ovirt-engine/sso"
> ENGINE_SSO_SERVICE_SSL_VERIFY_HOST=false
> ENGINE_SSO_SERVICE_SSL_VERIFY_CHAIN=true
> SSO_ALTERNATE_ENGINE_FQDNS=""
> SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/"
>
>
> Thanks,
> Y.
>
>
>>
>>
>> Thanks
>>
>> Ravi
>>
>>
>>
>>
>>
>> On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández <jhernand(a)redhat.com>
wrote:
>>>
>>> On 10/14/2016 01:45 PM, Yaniv Kaul wrote:
>>> >
>>> >
>>> > On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández
<jhernand(a)redhat.com
>>> > <mailto:jhernand@redhat.com>> wrote:
>>> >
>>> > On 10/13/2016 12:04 AM, Yaniv Kaul wrote:
>>> > > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul
<ykaul(a)redhat.com
<mailto:ykaul@redhat.com>
>>> > > <mailto:ykaul@redhat.com
<mailto:ykaul@redhat.com>>> wrote:
>>> > >
>>> > > I'm trying on FC24, using
>>> > >
>>> >
python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64
to
>>> > > add a DC, and failing - against master.
The client is
unhappy:
>>> > > File
>>> > >
>>> >
"/home/ykaul/ovirt-system-tests/basic-suite-master/test-scenarios/002_bootstrap.py",
>>> > > line 98, in add_dc4
>>> > >
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
>>> > > File
"/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py",
>>>> > > line 4347, in add
>>>> > > response = self._connection.send(request)
>>> > > File
"/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
>>>> > > line 276, in send
>>>> > > return self.__send(request)
>>> > > File
"/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
>>>> > > line 298, in __send
>>>> > > self._sso_token = self._get_access_token()
>>> > > File
"/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
>>>> > > line 460, in _get_access_token
>>>> > > sso_response =
self._get_sso_response(self._sso_url,
>>>> > post_data)
>>> > > File
"/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
>>> > > line 498, in _get_sso_response
>>> > > return
json.loads(body_buf.getvalue().decode('utf-8'))
>>> > > File "/usr/lib64/python2.7/json/__init__.py",
line 339,
in loads
>>> > > return _default_decoder.decode(s)
>>> > > File "/usr/lib64/python2.7/json/decoder.py",
line 364,
in decode
>>> > > obj, end = self.raw_decode(s,
idx=_w(s, 0).end())
>>> > > File "/usr/lib64/python2.7/json/decoder.py",
line 382, in
>>> > raw_decode
>>> > > raise ValueError("No JSON object could be
decoded")
>>> > > ValueError: No JSON object could be decoded
>>> > >
>>> > >
>>> > > Surprisingly, I now can't find that RPM of this SDK in
>>> > > resources.ovirt.org <http://resources.ovirt.org>
>>> > <http://resources.ovirt.org> now.
>>> > >
>>> > > I've tried
>>> > > with
>>> >
http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
>>> > <
http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
>>> > >
>>> > <
http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
>>> > <
http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
>
>>> > >
>>> > > - same result.
>>> > >
>>> > > Did not see anything obvious on server or engine logs.
>>> > > The code:
>>> > > def add_dc4(api):
>>> > > nt.assert_true(api != None)
>>> > > dcs_service =
api.system_service().data_centers_service()
>>> > > nt.assert_true(
>>> > > dc = dcs_service.add(
>>> > > sdk4.types.DataCenter(
>>> > > name=DC_NAME4,
>>> > > description='APIv4 DC',
>>> > > local=False,
>>> > >
>>> > >
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
>>> > > ),
>>> > > )
>>> > > )
>>> > >
>>> > >
>>> > > And the api object is from:
>>> > > return sdk4.Connection(
>>> > > url=url,
>>> > > username=constants.ENGINE_USER,
>>> > >
>>> > password=str(self.metadata['ovirt-engine-password']),
>>> > > insecure=True,
>>> > > debug=True,
>>> > > )
>>> > >
>>> > >
>>> > > The clue is actually on the HTTPd logs:
>>> > > 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST
>>> > > /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
>>> > >
>>> > > And indeed, from the deubg log:
>>> > > begin captured logging << --------------------\n
>>> > > root: DEBUG: Trying 192.168.203.3...\n
>>> > > root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port
443
>>> > (#0)\n
>>> > > root: DEBUG: Initializing NSS with certpath:
sql:/etc/pki/nssdb\n
>>> > > root: DEBUG: skipping SSL peer certificate
verification\n
>>> > > root: DEBUG: ALPN/NPN, server did not agree to a protocol\n
>>> > > root: DEBUG: SSL connection using
>>> > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n
>>> > > root: DEBUG: Server certificate:\n
>>> > > root: DEBUG: subject: CN=engine,O=Test,C=US\n
>>> > > root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n
>>> > > root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n
>>> > > root: DEBUG: common name: engine\nroot: DEBUG: issuer:
>>> > > CN=engine.38998,O=Test,C=US\n
>>> > > *root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n*
>>> > > *root: DEBUG: Host: 192.168.203.3\n*
>>> > > *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n*
>>> > > *root: DEBUG: Accept: application/json\n*
>>> > > *root: DEBUG: Content-Length: 78\n*
>>> > > *root: DEBUG: Content-Type:
application/x-www-form-urlencoded\nroot:
>>> > > DEBUG:
>>> > >
>>> >
username=admin%40internal&scope=ovirt-app-api&password=123&grant_type=password\n*
>>> > > *root: DEBUG: upload completely sent off:
78 out of 78 bytes\n*
>>> > > *root: DEBUG: HTTP/1.1 404 Not Found\n*
>>> > > *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n*
>>> > > *root: DEBUG: Server: Apache/2.4.6 (CentOS)
OpenSSL/1.0.1e-fips\n*
>>> > > *root: DEBUG: Content-Length: 74\n*
>>> > > *root: DEBUG: Content-Type: text/html; charset=UTF-8\n*
>>> > > *root: DEBUG: \n*
>>> > > *root: DEBUG:
<html><head><title>Error</title></head><body>404
- Not
>>> > > Found</body></html>\n*
>>> > > root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n
>>> > > --------------------- >> end captured logging
>>> > >
>>> >
>>> > That definitively looks like version 3 of the engine. Either
that or
>>> > version 4 of the engine with web server
configuration modified
so that
>>> > the SSO doesn't work as expected.
>>> >
>>> > What do you get if you run this against that server?
>>> >
>>> >
>>> > Attached.
>>> > Y.
>>> >
>>>
>>> OK, that is version 4.1 of the engine, so next question is why the SSO
>>> service is not responding. Do you see any message in
>>> /var/log/ovirt-engine/server.log about "enginesso.war" not being
>>> deployed? Did you do any modification to the
>>> /etc/httpd/conf.d/z-ovirt-engine.conf file?
>>>
>>> Ravi, Martin, any idea of why the SSO service may not be working?
>>>
>>> >
>>> >
>>> > curl \
>>> > --verbose \
>>> > --insecure \
>>> > --request GET \
>>> > --user "admin@internal:yourpassword" \
>>> > --header "Version: 4" \
>>> > --header "Accept: application/xml" \
>>> > "https://thatserver/ovirt-engine/api
>>> > <https://thatserver/ovirt-engine/api>"
>>> >
>>>
>>>
>>> --
>>> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
>>> 3ºD, 28016 Madrid, Spain
>>> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat
S.L.
>>
>>
>
12:04 a.m.
Also can you please try following command to directly obtain token from
SSO. Can replace engine with FQDN and IP to see if both work
curl -v -k -H "Accept: application/json" 'https://
<engine>:443/ovirt-engine/sso/oauth/token?grant_type=password&username=admin@internal
&password=123&scope=ovirt-app-api'
You should see output similar to the one below
{"access_token":"K0sBa0D3rLtmNTdMJ-Q4FzOgCtGGY2cSFSCwbLkG94te9nDdmEzHSizsFaOeNMdwOziIv3l2-Uqm8bxWkMpwMA","scope":"ovirt-app-api
ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search
ovirt-ext=token-info:validate","exp":-381399824,"token_type":"bearer"}
Thanks
Ravi
On Fri, Oct 14, 2016 at 4:00 PM, Yaniv Kaul <ykaul(a)redhat.com> wrote:
On Oct 14, 2016 7:13 PM, "Ravi Nori"
<rnori(a)redhat.com> wrote:
>
> SSO configuration looks good.
>
> Can you please share any additional httpd configuration in
/etc/httpd/conf.d. Anything to do with LocationMatch for ovirt-engine urls.
This is a standard ovirt-system-tests on Lago installation, nothing out of
the ordinary, but I'll check.
Y.
>
> On Fri, Oct 14, 2016 at 12:52 PM, Yaniv Kaul <ykaul(a)redhat.com> wrote:
>>
>>
>>
>> On Fri, Oct 14, 2016 at 3:50 PM, Ravi Nori <rnori(a)redhat.com> wrote:
>>>
>>> Hi Yaniv,
>>>
>>> Can you check the output of https:://<engine>/ovirt-engine/sso/status
in your browser and see if the SSO service is active.
>>>
>>> If SSO is deployed, you should see an output similar to the one below.
Also are you able to login to webadmin using the browser?
>>
>>
>> I am able to login using the webui.
>>
>>>
>>>
>>> {"status_description":"SSO Webapp
Deployed","version":"0","
status":"active"}
>>
>>
>> Indeed:
>> {"status_description":"SSO Webapp
Deployed","version":"0","
status":"active"}
>>
>> (not sure what 'version 0' means?)
>>
>>>
>>>
>>> Please share the content of /etc/ovirt-engine/engine.conf.
d/11-setup-sso.conf
>>
>>
>> [root@lago-basic-suite-master-engine ~]# cat
/etc/ovirt-engine/engine.conf.d/11-setup-sso.conf
>> ENGINE_SSO_CLIENT_ID="ovirt-engine-core"
>> ENGINE_SSO_CLIENT_SECRET="bsOabtD7gE2McwLe80P109UV800XLx4O"
>> ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso"
>> ENGINE_SSO_SERVICE_URL="https://localhost:443/ovirt-engine/sso"
>> ENGINE_SSO_SERVICE_SSL_VERIFY_HOST=false
>> ENGINE_SSO_SERVICE_SSL_VERIFY_CHAIN=true
>> SSO_ALTERNATE_ENGINE_FQDNS=""
>> SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/"
>>
>>
>> Thanks,
>> Y.
>>
>>
>>>
>>>
>>> Thanks
>>>
>>> Ravi
>>>
>>>
>>>
>>>
>>>
>>> On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández <jhernand(a)redhat.com>
wrote:
>>>>
>>>> On 10/14/2016 01:45 PM, Yaniv Kaul wrote:
>>>> >
>>>> >
>>>> > On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández <
jhernand(a)redhat.com
>>>> > <mailto:jhernand@redhat.com>> wrote:
>>>> >
>>>> > On 10/13/2016 12:04 AM, Yaniv Kaul wrote:
>>>> > > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul
<ykaul(a)redhat.com
<mailto:ykaul@redhat.com>
>>>> > > <mailto:ykaul@redhat.com
<mailto:ykaul@redhat.com>>> wrote:
>>>> > >
>>>> > > I'm trying on FC24, using
>>>> > >
>>>> >
python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64
to
>>>> > > add a DC, and failing - against master. The client is
unhappy:
>>>> > > File
>>>> > >
>>>> > "/home/ykaul/ovirt-system-tests/basic-suite-master/test-
scenarios/002_bootstrap.py",
>>>> > > line 98, in add_dc4
>>>> > > version=sdk4.types.Version(
major=DC_VER_MAJ,minor=DC_VER_MIN),
>>>> > > File "/usr/lib64/python2.7/site-
packages/ovirtsdk4/services.py",
>>>> > > line 4347, in add
>>>> > > response = self._connection.send(request)
>>>> > > File "/usr/lib64/python2.7/site-
packages/ovirtsdk4/__init__.py",
>>>> > > line 276, in send
>>>> > > return self.__send(request)
>>>> > > File "/usr/lib64/python2.7/site-
packages/ovirtsdk4/__init__.py",
>>>> > > line 298, in __send
>>>> > > self._sso_token = self._get_access_token()
>>>> > > File "/usr/lib64/python2.7/site-
packages/ovirtsdk4/__init__.py",
>>>> > > line 460, in _get_access_token
>>>> > > sso_response =
self._get_sso_response(self._sso_url,
>>>> > post_data)
>>>> > > File "/usr/lib64/python2.7/site-
packages/ovirtsdk4/__init__.py",
>>>> > > line 498, in _get_sso_response
>>>> > > return json.loads(body_buf.getvalue()
.decode('utf-8'))
>>>> > > File
"/usr/lib64/python2.7/json/__init__.py", line
339, in loads
>>>> > > return _default_decoder.decode(s)
>>>> > > File
"/usr/lib64/python2.7/json/decoder.py", line 364,
in decode
>>>> > > obj, end = self.raw_decode(s, idx=_w(s, 0).end())
>>>> > > File
"/usr/lib64/python2.7/json/decoder.py", line 382,
in
>>>> > raw_decode
>>>> > > raise ValueError("No JSON object could be
decoded")
>>>> > > ValueError: No JSON object could be decoded
>>>> > >
>>>> > >
>>>> > > Surprisingly, I now can't find that RPM of this
SDK in
>>>> > > resources.ovirt.org
<http://resources.ovirt.org>
>>>> > <http://resources.ovirt.org> now.
>>>> > >
>>>> > > I've tried
>>>> > > with
>>>> > http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
20161004gitf94eeb5.fc24.x86_64.rpm
>>>> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
20161004gitf94eeb5.fc24.x86_64.rpm>
>>>> > >
>>>> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
20161004gitf94eeb5.fc24.x86_64.rpm
>>>> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
20161004gitf94eeb5.fc24.x86_64.rpm>>
>>>> > >
>>>> > > - same result.
>>>> > >
>>>> > > Did not see anything obvious on server or engine
logs.
>>>> > > The code:
>>>> > > def add_dc4(api):
>>>> > > nt.assert_true(api != None)
>>>> > > dcs_service = api.system_service().data_
centers_service()
>>>> > > nt.assert_true(
>>>> > > dc = dcs_service.add(
>>>> > > sdk4.types.DataCenter(
>>>> > > name=DC_NAME4,
>>>> > > description='APIv4 DC',
>>>> > > local=False,
>>>> > >
>>>> > >
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_
MIN),
>>>> > > ),
>>>> > > )
>>>> > > )
>>>> > >
>>>> > >
>>>> > > And the api object is from:
>>>> > > return sdk4.Connection(
>>>> > > url=url,
>>>> > > username=constants.ENGINE_USER,
>>>> > >
>>>> > password=str(self.metadata['ovirt-engine-password']),
>>>> > > insecure=True,
>>>> > > debug=True,
>>>> > > )
>>>> > >
>>>> > >
>>>> > > The clue is actually on the HTTPd logs:
>>>> > > 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST
>>>> > > /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
>>>> > >
>>>> > > And indeed, from the deubg log:
>>>> > > begin captured logging << --------------------\n
>>>> > > root: DEBUG: Trying 192.168.203.3...\n
>>>> > > root: DEBUG: Connected to 192.168.203.3 (192.168.203.3)
port
443
>>>> > (#0)\n
>>>> > > root: DEBUG: Initializing NSS with certpath:
sql:/etc/pki/nssdb\n
>>>> > > root: DEBUG: skipping SSL peer certificate verification\n
>>>> > > root: DEBUG: ALPN/NPN, server did not agree to a
protocol\n
>>>> > > root: DEBUG: SSL connection using
>>>> > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n
>>>> > > root: DEBUG: Server certificate:\n
>>>> > > root: DEBUG: subject: CN=engine,O=Test,C=US\n
>>>> > > root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n
>>>> > > root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n
>>>> > > root: DEBUG: common name: engine\nroot: DEBUG: issuer:
>>>> > > CN=engine.38998,O=Test,C=US\n
>>>> > > *root: DEBUG: POST /ovirt-engine/sso/oauth/token
HTTP/1.1\n*
>>>> > > *root: DEBUG: Host: 192.168.203.3\n*
>>>> > > *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n*
>>>> > > *root: DEBUG: Accept: application/json\n*
>>>> > > *root: DEBUG: Content-Length: 78\n*
>>>> > > *root: DEBUG: Content-Type: application/x-www-form-
urlencoded\nroot:
>>>> > > DEBUG:
>>>> > >
>>>> >
username=admin%40internal&scope=ovirt-app-api&password=
123&grant_type=password\n*
>>>> > > *root: DEBUG: upload completely sent off: 78 out of 78
bytes\n*
>>>> > > *root: DEBUG: HTTP/1.1 404 Not Found\n*
>>>> > > *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n*
>>>> > > *root: DEBUG: Server: Apache/2.4.6 (CentOS)
OpenSSL/1.0.1e-fips\n*
>>>> > > *root: DEBUG: Content-Length: 74\n*
>>>> > > *root: DEBUG: Content-Type: text/html; charset=UTF-8\n*
>>>> > > *root: DEBUG: \n*
>>>> > > *root: DEBUG:
<html><head><title>Error</title></head><body>404
- Not
>>>> > > Found</body></html>\n*
>>>> > > root: DEBUG: Connection #0 to host 192.168.203.3 left
intact\n
>>>> > > --------------------- >> end captured logging
>>>> > >
>>>> >
>>>> > That definitively looks like version 3 of the engine. Either
that or
>>>> > version 4 of the engine with web server configuration modified
so that
>>>> > the SSO doesn't work as expected.
>>>> >
>>>> > What do you get if you run this against that server?
>>>> >
>>>> >
>>>> > Attached.
>>>> > Y.
>>>> >
>>>>
>>>> OK, that is version 4.1 of the engine, so next question is why the SSO
>>>> service is not responding. Do you see any message in
>>>> /var/log/ovirt-engine/server.log about "enginesso.war" not
being
>>>> deployed? Did you do any modification to the
>>>> /etc/httpd/conf.d/z-ovirt-engine.conf file?
>>>>
>>>> Ravi, Martin, any idea of why the SSO service may not be working?
>>>>
>>>> >
>>>> >
>>>> > curl \
>>>> > --verbose \
>>>> > --insecure \
>>>> > --request GET \
>>>> > --user "admin@internal:yourpassword" \
>>>> > --header "Version: 4" \
>>>> > --header "Accept: application/xml" \
>>>> > "https://thatserver/ovirt-engine/api
>>>> > <https://thatserver/ovirt-engine/api>"
>>>> >
>>>>
>>>>
>>>> --
>>>> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
>>>> 3ºD, 28016 Madrid, Spain
>>>> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat
S.L.
>>>
>>>
>>
>
11:12 a.m.
On Sat, Oct 15, 2016 at 1:04 AM, Ravi Nori <rnori(a)redhat.com> wrote:
Also can you please try following command to directly obtain token
from
SSO. Can replace engine with FQDN and IP to see if both work
curl -v -k -H "Accept: application/json"
'https://<engine>:443/ovirt-
engine/sso/oauth/token?grant_type=password&username=admin@
internal&password=123&scope=ovirt-app-api'
You should see output similar to the one below
{"access_token":"K0sBa0D3rLtmNTdMJ-Q4FzOgCtGGY2cSFSCwbLkG94te9nDd
mEzHSizsFaOeNMdwOziIv3l2-Uqm8bxWkMpwMA","scope":"ovirt-app-api
ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search
ovirt-ext=token-info:validate","exp":-381399824,"token_type":"bearer"}
Sorry it took me so long to get back to it, but here it is:
{"access_token":"eA8w0DaapkKAQ8tfHakzA-R0l-mjD_CsTlAqBaH4iVVjXxQN33poXzt9UhPJLxMU8YOvVNX6LICcxL1EeAiAlw","scope":"ovirt-app-api
ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search
ovirt-ext=token-info:validate","exp":["java.lang.Long",1479290132000],"token_type":"bearer"}
And here's the difference between the SDK and the manual curl command in
ssl_access log:
192.168.201.1 - - [09/Nov/2016:04:52:19 -0500] "POST
/ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
192.168.201.1 - - [09/Nov/2016:04:55:32 -0500] "GET
/ovirt-engine/sso/oauth/token?grant_type=password&username=admin@internal&password=123&scope=ovirt-app-api
HTTP/1.1" 200 295
Thanks
Ravi
On Fri, Oct 14, 2016 at 4:00 PM, Yaniv Kaul <ykaul(a)redhat.com> wrote:
> On Oct 14, 2016 7:13 PM, "Ravi Nori" <rnori(a)redhat.com> wrote:
> >
> > SSO configuration looks good.
> >
> > Can you please share any additional httpd configuration in
> /etc/httpd/conf.d. Anything to do with LocationMatch for ovirt-engine urls.
>
> This is a standard ovirt-system-tests on Lago installation, nothing out
> of the ordinary, but I'll check.
> Y.
>
> >
> > On Fri, Oct 14, 2016 at 12:52 PM, Yaniv Kaul <ykaul(a)redhat.com> wrote:
> >>
> >>
> >>
> >> On Fri, Oct 14, 2016 at 3:50 PM, Ravi Nori <rnori(a)redhat.com> wrote:
> >>>
> >>> Hi Yaniv,
> >>>
> >>> Can you check the output of
https:://<engine>/ovirt-engine/sso/status
> in your browser and see if the SSO service is active.
> >>>
> >>> If SSO is deployed, you should see an output similar to the one
> below. Also are you able to login to webadmin using the browser?
> >>
> >>
> >> I am able to login using the webui.
> >>
> >>>
> >>>
> >>> {"status_description":"SSO Webapp
Deployed","version":"0","statu
> s":"active"}
> >>
> >>
> >> Indeed:
> >> {"status_description":"SSO Webapp
Deployed","version":"0","statu
> s":"active"}
> >>
> >> (not sure what 'version 0' means?)
> >>
> >>>
> >>>
> >>> Please share the content of /etc/ovirt-engine/engine.conf.
> d/11-setup-sso.conf
> >>
> >>
> >> [root@lago-basic-suite-master-engine ~]# cat
> /etc/ovirt-engine/engine.conf.d/11-setup-sso.conf
> >> ENGINE_SSO_CLIENT_ID="ovirt-engine-core"
> >> ENGINE_SSO_CLIENT_SECRET="bsOabtD7gE2McwLe80P109UV800XLx4O"
> >> ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso"
> >> ENGINE_SSO_SERVICE_URL="https://localhost:443/ovirt-engine/sso"
> >> ENGINE_SSO_SERVICE_SSL_VERIFY_HOST=false
> >> ENGINE_SSO_SERVICE_SSL_VERIFY_CHAIN=true
> >> SSO_ALTERNATE_ENGINE_FQDNS=""
> >> SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/"
> >>
> >>
> >> Thanks,
> >> Y.
> >>
> >>
> >>>
> >>>
> >>> Thanks
> >>>
> >>> Ravi
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández
<jhernand(a)redhat.com>
> wrote:
> >>>>
> >>>> On 10/14/2016 01:45 PM, Yaniv Kaul wrote:
> >>>> >
> >>>> >
> >>>> > On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández <
> jhernand(a)redhat.com
> >>>> > <mailto:jhernand@redhat.com>> wrote:
> >>>> >
> >>>> > On 10/13/2016 12:04 AM, Yaniv Kaul wrote:
> >>>> > > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <
> ykaul(a)redhat.com <mailto:ykaul@redhat.com>
> >>>> > > <mailto:ykaul@redhat.com
<mailto:ykaul@redhat.com>>> wrote:
> >>>> > >
> >>>> > > I'm trying on FC24, using
> >>>> > >
> >>>> >
python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64
> to
> >>>> > > add a DC, and failing - against master. The client
is
> unhappy:
> >>>> > > File
> >>>> > >
> >>>> >
"/home/ykaul/ovirt-system-tests/basic-suite-master/test-scen
> arios/002_bootstrap.py",
> >>>> > > line 98, in add_dc4
> >>>> > > version=sdk4.types.Version(ma
> jor=DC_VER_MAJ,minor=DC_VER_MIN),
> >>>> > > File "/usr/lib64/python2.7/site-pac
> kages/ovirtsdk4/services.py",
> >>>> > > line 4347, in add
> >>>> > > response = self._connection.send(request)
> >>>> > > File "/usr/lib64/python2.7/site-pac
> kages/ovirtsdk4/__init__.py",
> >>>> > > line 276, in send
> >>>> > > return self.__send(request)
> >>>> > > File "/usr/lib64/python2.7/site-pac
> kages/ovirtsdk4/__init__.py",
> >>>> > > line 298, in __send
> >>>> > > self._sso_token = self._get_access_token()
> >>>> > > File "/usr/lib64/python2.7/site-pac
> kages/ovirtsdk4/__init__.py",
> >>>> > > line 460, in _get_access_token
> >>>> > > sso_response =
self._get_sso_response(self._sso_url,
> >>>> > post_data)
> >>>> > > File "/usr/lib64/python2.7/site-pac
> kages/ovirtsdk4/__init__.py",
> >>>> > > line 498, in _get_sso_response
> >>>> > > return json.loads(body_buf.getvalue()
> .decode('utf-8'))
> >>>> > > File
"/usr/lib64/python2.7/json/__init__.py", line
> 339, in loads
> >>>> > > return _default_decoder.decode(s)
> >>>> > > File
"/usr/lib64/python2.7/json/decoder.py", line
> 364, in decode
> >>>> > > obj, end = self.raw_decode(s, idx=_w(s,
0).end())
> >>>> > > File
"/usr/lib64/python2.7/json/decoder.py", line
> 382, in
> >>>> > raw_decode
> >>>> > > raise ValueError("No JSON object could be
decoded")
> >>>> > > ValueError: No JSON object could be decoded
> >>>> > >
> >>>> > >
> >>>> > > Surprisingly, I now can't find that RPM of
this SDK in
> >>>> > > resources.ovirt.org
<http://resources.ovirt.org>
> >>>> > <http://resources.ovirt.org> now.
> >>>> > >
> >>>> > > I've tried
> >>>> > > with
> >>>> >
http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc
> 24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94e
> eb5.fc24.x86_64.rpm
> >>>> >
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/f
> c24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94
> eeb5.fc24.x86_64.rpm>
> >>>> > >
> >>>> >
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc
> 24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94e
> eb5.fc24.x86_64.rpm
> >>>> >
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/f
> c24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94
> eeb5.fc24.x86_64.rpm>>
> >>>> > >
> >>>> > > - same result.
> >>>> > >
> >>>> > > Did not see anything obvious on server or engine
logs.
> >>>> > > The code:
> >>>> > > def add_dc4(api):
> >>>> > > nt.assert_true(api != None)
> >>>> > > dcs_service = api.system_service().data_cent
> ers_service()
> >>>> > > nt.assert_true(
> >>>> > > dc = dcs_service.add(
> >>>> > > sdk4.types.DataCenter(
> >>>> > > name=DC_NAME4,
> >>>> > > description='APIv4 DC',
> >>>> > > local=False,
> >>>> > >
> >>>> > > version=sdk4.types.Version(ma
> jor=DC_VER_MAJ,minor=DC_VER_MIN),
> >>>> > > ),
> >>>> > > )
> >>>> > > )
> >>>> > >
> >>>> > >
> >>>> > > And the api object is from:
> >>>> > > return sdk4.Connection(
> >>>> > > url=url,
> >>>> > > username=constants.ENGINE_USER,
> >>>> > >
> >>>> >
password=str(self.metadata['ovirt-engine-password']),
> >>>> > > insecure=True,
> >>>> > > debug=True,
> >>>> > > )
> >>>> > >
> >>>> > >
> >>>> > > The clue is actually on the HTTPd logs:
> >>>> > > 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400]
"POST
> >>>> > > /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
> >>>> > >
> >>>> > > And indeed, from the deubg log:
> >>>> > > begin captured logging <<
--------------------\n
> >>>> > > root: DEBUG: Trying 192.168.203.3...\n
> >>>> > > root: DEBUG: Connected to 192.168.203.3
(192.168.203.3) port
> 443
> >>>> > (#0)\n
> >>>> > > root: DEBUG: Initializing NSS with certpath:
> sql:/etc/pki/nssdb\n
> >>>> > > root: DEBUG: skipping SSL peer certificate
verification\n
> >>>> > > root: DEBUG: ALPN/NPN, server did not agree to a
protocol\n
> >>>> > > root: DEBUG: SSL connection using
> >>>> > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n
> >>>> > > root: DEBUG: Server certificate:\n
> >>>> > > root: DEBUG: subject: CN=engine,O=Test,C=US\n
> >>>> > > root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n
> >>>> > > root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n
> >>>> > > root: DEBUG: common name: engine\nroot: DEBUG:
issuer:
> >>>> > > CN=engine.38998,O=Test,C=US\n
> >>>> > > *root: DEBUG: POST /ovirt-engine/sso/oauth/token
HTTP/1.1\n*
> >>>> > > *root: DEBUG: Host: 192.168.203.3\n*
> >>>> > > *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n*
> >>>> > > *root: DEBUG: Accept: application/json\n*
> >>>> > > *root: DEBUG: Content-Length: 78\n*
> >>>> > > *root: DEBUG: Content-Type:
application/x-www-form-urlenco
> ded\nroot:
> >>>> > > DEBUG:
> >>>> > >
> >>>> >
username=admin%40internal&scope=ovirt-app-api&password=123&
> grant_type=password\n*
> >>>> > > *root: DEBUG: upload completely sent off: 78 out of
78
> bytes\n*
> >>>> > > *root: DEBUG: HTTP/1.1 404 Not Found\n*
> >>>> > > *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n*
> >>>> > > *root: DEBUG: Server: Apache/2.4.6 (CentOS)
> OpenSSL/1.0.1e-fips\n*
> >>>> > > *root: DEBUG: Content-Length: 74\n*
> >>>> > > *root: DEBUG: Content-Type: text/html;
charset=UTF-8\n*
> >>>> > > *root: DEBUG: \n*
> >>>> > > *root: DEBUG:
<html><head><title>Error</title></head><body>404
> - Not
> >>>> > > Found</body></html>\n*
> >>>> > > root: DEBUG: Connection #0 to host 192.168.203.3 left
> intact\n
> >>>> > > --------------------- >> end captured logging
> >>>> > >
> >>>> >
> >>>> > That definitively looks like version 3 of the engine.
Either
> that or
> >>>> > version 4 of the engine with web server configuration
modified
> so that
> >>>> > the SSO doesn't work as expected.
> >>>> >
> >>>> > What do you get if you run this against that server?
> >>>> >
> >>>> >
> >>>> > Attached.
> >>>> > Y.
> >>>> >
> >>>>
> >>>> OK, that is version 4.1 of the engine, so next question is why the
> SSO
> >>>> service is not responding. Do you see any message in
> >>>> /var/log/ovirt-engine/server.log about "enginesso.war" not
being
> >>>> deployed? Did you do any modification to the
> >>>> /etc/httpd/conf.d/z-ovirt-engine.conf file?
> >>>>
> >>>> Ravi, Martin, any idea of why the SSO service may not be working?
> >>>>
> >>>> >
> >>>> >
> >>>> > curl \
> >>>> > --verbose \
> >>>> > --insecure \
> >>>> > --request GET \
> >>>> > --user "admin@internal:yourpassword" \
> >>>> > --header "Version: 4" \
> >>>> > --header "Accept: application/xml" \
> >>>> > "https://thatserver/ovirt-engine/api
> >>>> > <https://thatserver/ovirt-engine/api>"
> >>>> >
> >>>>
> >>>>
> >>>> --
> >>>> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3,
planta
> >>>> 3ºD, 28016 Madrid, Spain
> >>>> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red
Hat
> S.L.
> >>>
> >>>
> >>
> >
>
7:05 p.m.
On 11/09/2016 11:12 AM, Yaniv Kaul wrote:
On Sat, Oct 15, 2016 at 1:04 AM, Ravi Nori <rnori(a)redhat.com
<mailto:rnori@redhat.com>> wrote:
Also can you please try following command to directly obtain token
from SSO. Can replace engine with FQDN and IP to see if both work
curl -v -k -H "Accept: application/json"
'https://<engine>:443/ovirt-engine/sso/oauth/token?grant_type=password&username=admin@internal&password=123&scope=ovirt-app-api'
You should see output similar to the one below
{"access_token":"K0sBa0D3rLtmNTdMJ-Q4FzOgCtGGY2cSFSCwbLkG94te9nDdmEzHSizsFaOeNMdwOziIv3l2-Uqm8bxWkMpwMA","scope":"ovirt-app-api
ovirt-ext=token-info:authz-search
ovirt-ext=token-info:public-authz-search
ovirt-ext=token-info:validate","exp":-381399824,"token_type":"bearer"}
Sorry it took me so long to get back to it, but here it is:
{"access_token":"eA8w0DaapkKAQ8tfHakzA-R0l-mjD_CsTlAqBaH4iVVjXxQN33poXzt9UhPJLxMU8YOvVNX6LICcxL1EeAiAlw","scope":"ovirt-app-api
ovirt-ext=token-info:authz-search
ovirt-ext=token-info:public-authz-search
ovirt-ext=token-info:validate","exp":["java.lang.Long",1479290132000],"token_type":"bearer"}
That "java.lang.Long" there is an error, but not related to this
problem, as the SDK doesn't use the "exp" attribute. I guess it is a
side effect of the recent change to use "long" instead of "int",
looks
like the JSON library used in the engine doesn't like longs.
And here's the difference between the SDK and the manual curl
command in
ssl_access log:
192.168.201.1 - - [09/Nov/2016:04:52:19 -0500] "POST
/ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
192.168.201.1 - - [09/Nov/2016:04:55:32 -0500] "GET
/ovirt-engine/sso/oauth/token?grant_type=password&username=admin@internal&password=123&scope=ovirt-app-api
HTTP/1.1" 200 295
That difference is by design. The SDK uses POST to avoid sending the
credentials (specially the password) as a query parameter, as that is
most probably logged and archived.
We discovered recently an issue with the Python SDK, due to a bug in the
"pycurl" library:
Debug mode raises UnicodeDecodeError: 'utf8' codec can't decode byte
0x8d in position 7: invalid start byte
https://bugzilla.redhat.com/1392878
It isn't exactly the same problem, but as the cause of that bug is a
pointer that is used after releasing, it can cause all kinds of strange
effects.
Please try the latest build of the SDK.
Thanks
Ravi
On Fri, Oct 14, 2016 at 4:00 PM, Yaniv Kaul <ykaul(a)redhat.com
<mailto:ykaul@redhat.com>> wrote:
On Oct 14, 2016 7:13 PM, "Ravi Nori" <rnori(a)redhat.com
<mailto:rnori@redhat.com>> wrote:
>
> SSO configuration looks good.
>
> Can you please share any additional httpd configuration in
/etc/httpd/conf.d. Anything to do with LocationMatch for ovirt-engine urls.
This is a standard ovirt-system-tests on Lago installation,
nothing out of the ordinary, but I'll check.
Y.
>
> On Fri, Oct 14, 2016 at 12:52 PM, Yaniv Kaul <ykaul(a)redhat.com
<mailto:ykaul@redhat.com>> wrote:
>>
>>
>>
>> On Fri, Oct 14, 2016 at 3:50 PM, Ravi Nori <rnori(a)redhat.com
<mailto:rnori@redhat.com>> wrote:
>>>
>>> Hi Yaniv,
>>>
>>> Can you check the output of
https:://<engine>/ovirt-engine/sso/status in your browser and
see if the SSO service is active.
>>>
>>> If SSO is deployed, you should see an output similar to the
one below. Also are you able to login to webadmin using the
browser?
>>
>>
>> I am able to login using the webui.
>>
>>>
>>>
>>> {"status_description":"SSO Webapp
Deployed","version":"0","status":"active"}
>>
>>
>> Indeed:
>> {"status_description":"SSO Webapp
Deployed","version":"0","status":"active"}
>>
>> (not sure what 'version 0' means?)
>>
>>>
>>>
>>> Please share the content of
/etc/ovirt-engine/engine.conf.d/11-setup-sso.conf
>>
>>
>> [root@lago-basic-suite-master-engine ~]# cat
/etc/ovirt-engine/engine.conf.d/11-setup-sso.conf
>> ENGINE_SSO_CLIENT_ID="ovirt-engine-core"
>> ENGINE_SSO_CLIENT_SECRET="bsOabtD7gE2McwLe80P109UV800XLx4O"
>>
ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso"
>>
ENGINE_SSO_SERVICE_URL="https://localhost:443/ovirt-engine/sso
<https://localhost:443/ovirt-engine/sso>"
>> ENGINE_SSO_SERVICE_SSL_VERIFY_HOST=false
>> ENGINE_SSO_SERVICE_SSL_VERIFY_CHAIN=true
>> SSO_ALTERNATE_ENGINE_FQDNS=""
>> SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/"
>>
>>
>> Thanks,
>> Y.
>>
>>
>>>
>>>
>>> Thanks
>>>
>>> Ravi
>>>
>>>
>>>
>>>
>>>
>>> On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández
<jhernand(a)redhat.com <mailto:jhernand@redhat.com>> wrote:
>>>>
>>>> On 10/14/2016 01:45 PM, Yaniv Kaul wrote:
>>>> >
>>>> >
>>>> > On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández
<jhernand(a)redhat.com <mailto:jhernand@redhat.com>
>>>> > <mailto:jhernand@redhat.com
<mailto:jhernand@redhat.com>>> wrote:
>>>> >
>>>> > On 10/13/2016 12:04 AM, Yaniv Kaul wrote:
>>>> > > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul
<ykaul(a)redhat.com <mailto:ykaul@redhat.com>
<mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>
>>>> > > <mailto:ykaul@redhat.com
<mailto:ykaul@redhat.com>
<mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>>> wrote:
>>>> > >
>>>> > > I'm trying on FC24, using
>>>> > >
>>>> >
python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64 to
>>>> > > add a DC, and failing - against master. The
client is unhappy:
>>>> > > File
>>>> > >
>>>> >
"/home/ykaul/ovirt-system-tests/basic-suite-master/test-scenarios/002_bootstrap.py",
>>>> > > line 98, in add_dc4
>>>> > >
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
>>>> > > File
"/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py",
>>>> > > line 4347, in add
>>>> > > response = self._connection.send(request)
>>>> > > File
"/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
>>>> > > line 276, in send
>>>> > > return self.__send(request)
>>>> > > File
"/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
>>>> > > line 298, in __send
>>>> > > self._sso_token =
self._get_access_token()
>>>> > > File
"/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
>>>> > > line 460, in _get_access_token
>>>> > > sso_response =
self._get_sso_response(self._sso_url,
>>>> > post_data)
>>>> > > File
"/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
>>>> > > line 498, in _get_sso_response
>>>> > > return
json.loads(body_buf.getvalue().decode('utf-8'))
>>>> > > File
"/usr/lib64/python2.7/json/__init__.py",
line 339, in loads
>>>> > > return _default_decoder.decode(s)
>>>> > > File
"/usr/lib64/python2.7/json/decoder.py",
line 364, in decode
>>>> > > obj, end = self.raw_decode(s, idx=_w(s,
0).end())
>>>> > > File
"/usr/lib64/python2.7/json/decoder.py",
line 382, in
>>>> > raw_decode
>>>> > > raise ValueError("No JSON object
could be
decoded")
>>>> > > ValueError: No JSON object could be decoded
>>>> > >
>>>> > >
>>>> > > Surprisingly, I now can't find that RPM of
this
SDK in
>>>> > > resources.ovirt.org
<http://resources.ovirt.org> <http://resources.ovirt.org>
>>>> > <http://resources.ovirt.org> now.
>>>> > >
>>>> > > I've tried
>>>> > > with
>>>> >
http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
>>>> >
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
>>>> > >
>>>> >
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
>>>> >
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
>>>> > >
>>>> > > - same result.
>>>> > >
>>>> > > Did not see anything obvious on server or
engine logs.
>>>> > > The code:
>>>> > > def add_dc4(api):
>>>> > > nt.assert_true(api != None)
>>>> > > dcs_service =
api.system_service().data_centers_service()
>>>> > > nt.assert_true(
>>>> > > dc = dcs_service.add(
>>>> > > sdk4.types.DataCenter(
>>>> > > name=DC_NAME4,
>>>> > > description='APIv4
DC',
>>>> > > local=False,
>>>> > >
>>>> > >
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
>>>> > > ),
>>>> > > )
>>>> > > )
>>>> > >
>>>> > >
>>>> > > And the api object is from:
>>>> > > return sdk4.Connection(
>>>> > > url=url,
>>>> > >
username=constants.ENGINE_USER,
>>>> > >
>>>> >
password=str(self.metadata['ovirt-engine-password']),
>>>> > > insecure=True,
>>>> > > debug=True,
>>>> > > )
>>>> > >
>>>> > >
>>>> > > The clue is actually on the HTTPd logs:
>>>> > > 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400]
"POST
>>>> > > /ovirt-engine/sso/oauth/token HTTP/1.1" 404
74
>>>> > >
>>>> > > And indeed, from the deubg log:
>>>> > > begin captured logging <<
--------------------\n
>>>> > > root: DEBUG: Trying 192.168.203.3...\n
>>>> > > root: DEBUG: Connected to 192.168.203.3
(192.168.203.3) port 443
>>>> > (#0)\n
>>>> > > root: DEBUG: Initializing NSS with certpath:
sql:/etc/pki/nssdb\n
>>>> > > root: DEBUG: skipping SSL peer certificate
verification\n
>>>> > > root: DEBUG: ALPN/NPN, server did not agree to a
protocol\n
>>>> > > root: DEBUG: SSL connection using
>>>> > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n
>>>> > > root: DEBUG: Server certificate:\n
>>>> > > root: DEBUG: subject: CN=engine,O=Test,C=US\n
>>>> > > root: DEBUG: start date: Oct 11 21:55:29 2016
GMT\n
>>>> > > root: DEBUG: expire date: Sep 16 21:55:29 2021
GMT\n
>>>> > > root: DEBUG: common name: engine\nroot: DEBUG:
issuer:
>>>> > > CN=engine.38998,O=Test,C=US\n
>>>> > > *root: DEBUG: POST /ovirt-engine/sso/oauth/token
HTTP/1.1\n*
>>>> > > *root: DEBUG: Host: 192.168.203.3\n*
>>>> > > *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n*
>>>> > > *root: DEBUG: Accept: application/json\n*
>>>> > > *root: DEBUG: Content-Length: 78\n*
>>>> > > *root: DEBUG: Content-Type:
application/x-www-form-urlencoded\nroot:
>>>> > > DEBUG:
>>>> > >
>>>> >
username=admin%40internal&scope=ovirt-app-api&password=123&grant_type=password\n*
>>>> > > *root: DEBUG: upload completely sent off: 78 out
of
78 bytes\n*
>>>> > > *root: DEBUG: HTTP/1.1 404 Not Found\n*
>>>> > > *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27
GMT\n*
>>>> > > *root: DEBUG: Server: Apache/2.4.6 (CentOS)
OpenSSL/1.0.1e-fips\n*
>>>> > > *root: DEBUG: Content-Length: 74\n*
>>>> > > *root: DEBUG: Content-Type: text/html;
charset=UTF-8\n*
>>>> > > *root: DEBUG: \n*
>>>> > > *root: DEBUG:
<html><head><title>Error</title></head><body>404 -
Not
>>>> > > Found</body></html>\n*
>>>> > > root: DEBUG: Connection #0 to host 192.168.203.3
left intact\n
>>>> > > --------------------- >> end captured
logging
>>>> > >
>>>> >
>>>> > That definitively looks like version 3 of the engine.
Either that or
>>>> > version 4 of the engine with web server configuration
modified so that
>>>> > the SSO doesn't work as expected.
>>>> >
>>>> > What do you get if you run this against that server?
>>>> >
>>>> >
>>>> > Attached.
>>>> > Y.
>>>> >
>>>>
>>>> OK, that is version 4.1 of the engine, so next question is
why the SSO
>>>> service is not responding. Do you see any message in
>>>> /var/log/ovirt-engine/server.log about "enginesso.war"
not
being
>>>> deployed? Did you do any modification to the
>>>> /etc/httpd/conf.d/z-ovirt-engine.conf file?
>>>>
>>>> Ravi, Martin, any idea of why the SSO service may not be
working?
>>>>
>>>> >
>>>> >
>>>> > curl \
>>>> > --verbose \
>>>> > --insecure \
>>>> > --request GET \
>>>> > --user "admin@internal:yourpassword" \
>>>> > --header "Version: 4" \
>>>> > --header "Accept: application/xml" \
>>>> > "https://thatserver/ovirt-engine/api
<https://thatserver/ovirt-engine/api>
>>>> > <https://thatserver/ovirt-engine/api
<https://thatserver/ovirt-engine/api>>"
>>>> >
>>>>
>>>>
>>>> --
>>>> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea
3, planta
>>>> 3ºD, 28016 Madrid, Spain
>>>> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941
- Red Hat S.L.
>>>
>>>
>>
>
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
9:33 a.m.
On Wed, Nov 9, 2016 at 8:05 PM, Juan Hernández <jhernand(a)redhat.com> wrote:
On 11/09/2016 11:12 AM, Yaniv Kaul wrote:
>
>
> On Sat, Oct 15, 2016 at 1:04 AM, Ravi Nori <rnori(a)redhat.com
> <mailto:rnori@redhat.com>> wrote:
>
> Also can you please try following command to directly obtain token
> from SSO. Can replace engine with FQDN and IP to see if both work
>
> curl -v -k -H "Accept: application/json"
> 'https://<engine>:443/ovirt-engine/sso/oauth/token?grant_
type=password&username=admin@internal&password=123&scope=ovirt-app-api'
>
> You should see output similar to the one below
>
>
{"access_token":"K0sBa0D3rLtmNTdMJ-Q4FzOgCtGGY2cSFSCwbLkG94te9nDd
mEzHSizsFaOeNMdwOziIv3l2-Uqm8bxWkMpwMA","scope":"ovirt-app-api
> ovirt-ext=token-info:authz-search
> ovirt-ext=token-info:public-authz-search
>
ovirt-ext=token-info:validate","exp":-381399824,"token_type"
:"bearer"}
>
>
> Sorry it took me so long to get back to it, but here it is:
> {"access_token":"eA8w0DaapkKAQ8tfHakzA-R0l-mjD_
CsTlAqBaH4iVVjXxQN33poXzt9UhPJLxMU8YOvVNX6LICcxL1EeAiAlw","
scope":"ovirt-app-api
> ovirt-ext=token-info:authz-search
> ovirt-ext=token-info:public-authz-search
> ovirt-ext=token-info:validate","exp":["java.lang.Long",
1479290132000],"token_type":"bearer"}
>
That "java.lang.Long" there is an error, but not related to this
problem, as the SDK doesn't use the "exp" attribute. I guess it is a
side effect of the recent change to use "long" instead of "int",
looks
like the JSON library used in the engine doesn't like longs.
> And here's the difference between the SDK and the manual curl command in
> ssl_access log:
> 192.168.201.1 - - [09/Nov/2016:04:52:19 -0500] "POST
> /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
> 192.168.201.1 - - [09/Nov/2016:04:55:32 -0500] "GET
> /ovirt-engine/sso/oauth/token?grant_type=password&username=
admin@internal&password=123&scope=ovirt-app-api
> HTTP/1.1" 200 295
>
That difference is by design. The SDK uses POST to avoid sending the
credentials (specially the password) as a query parameter, as that is
most probably logged and archived.
We discovered recently an issue with the Python SDK, due to a bug in the
"pycurl" library:
Debug mode raises UnicodeDecodeError: 'utf8' codec can't decode byte
0x8d in position 7: invalid start byte
https://bugzilla.redhat.com/1392878
It isn't exactly the same problem, but as the cause of that bug is a
pointer that is used after releasing, it can cause all kinds of strange
effects.
Please try the latest build of the SDK.
I thought I was:
python-ovirt-engine-sdk4-4.1.0-0.1.a0.20161108gitaad5627.fc24.x86_64
>
>
> Thanks
>
> Ravi
>
> On Fri, Oct 14, 2016 at 4:00 PM, Yaniv Kaul <ykaul(a)redhat.com
> <mailto:ykaul@redhat.com>> wrote:
>
> On Oct 14, 2016 7:13 PM, "Ravi Nori" <rnori(a)redhat.com
> <mailto:rnori@redhat.com>> wrote:
> >
> > SSO configuration looks good.
> >
> > Can you please share any additional httpd configuration in
/etc/httpd/conf.d. Anything to do with LocationMatch for ovirt-engine urls.
>
> This is a standard ovirt-system-tests on Lago installation,
> nothing out of the ordinary, but I'll check.
> Y.
>
> >
> > On Fri, Oct 14, 2016 at 12:52 PM, Yaniv Kaul <ykaul(a)redhat.com
> <mailto:ykaul@redhat.com>> wrote:
> >>
> >>
> >>
> >> On Fri, Oct 14, 2016 at 3:50 PM, Ravi Nori <rnori(a)redhat.com
> <mailto:rnori@redhat.com>> wrote:
> >>>
> >>> Hi Yaniv,
> >>>
> >>> Can you check the output of
> https:://<engine>/ovirt-engine/sso/status in your browser and
> see if the SSO service is active.
> >>>
> >>> If SSO is deployed, you should see an output similar to the
> one below. Also are you able to login to webadmin using the
> browser?
> >>
> >>
> >> I am able to login using the webui.
> >>
> >>>
> >>>
> >>> {"status_description":"SSO Webapp
>
Deployed","version":"0","status":"active"}
> >>
> >>
> >> Indeed:
> >> {"status_description":"SSO Webapp
>
Deployed","version":"0","status":"active"}
> >>
> >> (not sure what 'version 0' means?)
> >>
> >>>
> >>>
> >>> Please share the content of
> /etc/ovirt-engine/engine.conf.d/11-setup-sso.conf
> >>
> >>
> >> [root@lago-basic-suite-master-engine ~]# cat
> /etc/ovirt-engine/engine.conf.d/11-setup-sso.conf
> >> ENGINE_SSO_CLIENT_ID="ovirt-engine-core"
> >>
ENGINE_SSO_CLIENT_SECRET="bsOabtD7gE2McwLe80P109UV800XLx4O"
> >> ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-
engine/sso"
> >>
> ENGINE_SSO_SERVICE_URL="https://localhost:443/ovirt-engine/sso
> <https://localhost:443/ovirt-engine/sso>"
> >> ENGINE_SSO_SERVICE_SSL_VERIFY_HOST=false
> >> ENGINE_SSO_SERVICE_SSL_VERIFY_CHAIN=true
> >> SSO_ALTERNATE_ENGINE_FQDNS=""
> >>
SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/"
> >>
> >>
> >> Thanks,
> >> Y.
> >>
> >>
> >>>
> >>>
> >>> Thanks
> >>>
> >>> Ravi
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández
> <jhernand(a)redhat.com <mailto:jhernand@redhat.com>> wrote:
> >>>>
> >>>> On 10/14/2016 01:45 PM, Yaniv Kaul wrote:
> >>>> >
> >>>> >
> >>>> > On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández
> <jhernand(a)redhat.com <mailto:jhernand@redhat.com>
> >>>> > <mailto:jhernand@redhat.com
> <mailto:jhernand@redhat.com>>> wrote:
> >>>> >
> >>>> > On 10/13/2016 12:04 AM, Yaniv Kaul wrote:
> >>>> > > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul
> <ykaul(a)redhat.com <mailto:ykaul@redhat.com>
> <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>
> >>>> > > <mailto:ykaul@redhat.com
<mailto:ykaul@redhat.com>
> <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>>>
wrote:
> >>>> > >
> >>>> > > I'm trying on FC24, using
> >>>> > >
> >>>> >
> python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64
to
> >>>> > > add a DC, and failing - against master.
The
> client is unhappy:
> >>>> > > File
> >>>> > >
> >>>> >
> "/home/ykaul/ovirt-system-tests/basic-suite-master/test-
scenarios/002_bootstrap.py",
> >>>> > > line 98, in add_dc4
> >>>> > >
> version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
> >>>> > > File
> "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py",
> >>>> > > line 4347, in add
> >>>> > > response =
self._connection.send(request)
> >>>> > > File
> "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
> >>>> > > line 276, in send
> >>>> > > return self.__send(request)
> >>>> > > File
> "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
> >>>> > > line 298, in __send
> >>>> > > self._sso_token =
self._get_access_token()
> >>>> > > File
> "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
> >>>> > > line 460, in _get_access_token
> >>>> > > sso_response =
> self._get_sso_response(self._sso_url,
> >>>> > post_data)
> >>>> > > File
> "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
> >>>> > > line 498, in _get_sso_response
> >>>> > > return
> json.loads(body_buf.getvalue().decode('utf-8'))
> >>>> > > File
"/usr/lib64/python2.7/json/__init__.py",
> line 339, in loads
> >>>> > > return _default_decoder.decode(s)
> >>>> > > File
"/usr/lib64/python2.7/json/decoder.py",
> line 364, in decode
> >>>> > > obj, end = self.raw_decode(s,
idx=_w(s,
> 0).end())
> >>>> > > File
"/usr/lib64/python2.7/json/decoder.py",
> line 382, in
> >>>> > raw_decode
> >>>> > > raise ValueError("No JSON object
could be
> decoded")
> >>>> > > ValueError: No JSON object could be
decoded
> >>>> > >
> >>>> > >
> >>>> > > Surprisingly, I now can't find that
RPM of this
> SDK in
> >>>> > > resources.ovirt.org
> <http://resources.ovirt.org> <http://resources.ovirt.org>
> >>>> > <http://resources.ovirt.org> now.
> >>>> > >
> >>>> > > I've tried
> >>>> > > with
> >>>> >
> http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
20161004gitf94eeb5.fc24.x86_64.rpm
> <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
20161004gitf94eeb5.fc24.x86_64.rpm>
> >>>> >
> <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
20161004gitf94eeb5.fc24.x86_64.rpm
> <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
20161004gitf94eeb5.fc24.x86_64.rpm>>
> >>>> > >
> >>>> >
> <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
20161004gitf94eeb5.fc24.x86_64.rpm
> <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
20161004gitf94eeb5.fc24.x86_64.rpm>
> >>>> >
> <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
20161004gitf94eeb5.fc24.x86_64.rpm
> <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
20161004gitf94eeb5.fc24.x86_64.rpm>>>
> >>>> > >
> >>>> > > - same result.
> >>>> > >
> >>>> > > Did not see anything obvious on server
or
> engine logs.
> >>>> > > The code:
> >>>> > > def add_dc4(api):
> >>>> > > nt.assert_true(api != None)
> >>>> > > dcs_service =
> api.system_service().data_centers_service()
> >>>> > > nt.assert_true(
> >>>> > > dc = dcs_service.add(
> >>>> > > sdk4.types.DataCenter(
> >>>> > > name=DC_NAME4,
> >>>> > > description='APIv4
DC',
> >>>> > > local=False,
> >>>> > >
> >>>> > >
> version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
> >>>> > > ),
> >>>> > > )
> >>>> > > )
> >>>> > >
> >>>> > >
> >>>> > > And the api object is from:
> >>>> > > return sdk4.Connection(
> >>>> > > url=url,
> >>>> > >
username=constants.ENGINE_USER,
> >>>> > >
> >>>> > password=str(self.metadata['
ovirt-engine-password']),
> >>>> > > insecure=True,
> >>>> > > debug=True,
> >>>> > > )
> >>>> > >
> >>>> > >
> >>>> > > The clue is actually on the HTTPd logs:
> >>>> > > 192.168.203.1 - - [12/Oct/2016:17:56:27
-0400] "POST
> >>>> > > /ovirt-engine/sso/oauth/token HTTP/1.1"
404 74
> >>>> > >
> >>>> > > And indeed, from the deubg log:
> >>>> > > begin captured logging <<
--------------------\n
> >>>> > > root: DEBUG: Trying 192.168.203.3...\n
> >>>> > > root: DEBUG: Connected to 192.168.203.3
> (192.168.203.3) port 443
> >>>> > (#0)\n
> >>>> > > root: DEBUG: Initializing NSS with certpath:
> sql:/etc/pki/nssdb\n
> >>>> > > root: DEBUG: skipping SSL peer certificate
> verification\n
> >>>> > > root: DEBUG: ALPN/NPN, server did not agree
to a
> protocol\n
> >>>> > > root: DEBUG: SSL connection using
> >>>> > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n
> >>>> > > root: DEBUG: Server certificate:\n
> >>>> > > root: DEBUG: subject:
CN=engine,O=Test,C=US\n
> >>>> > > root: DEBUG: start date: Oct 11 21:55:29 2016
GMT\n
> >>>> > > root: DEBUG: expire date: Sep 16 21:55:29
2021 GMT\n
> >>>> > > root: DEBUG: common name: engine\nroot:
DEBUG:
issuer:
> >>>> > > CN=engine.38998,O=Test,C=US\n
> >>>> > > *root: DEBUG: POST
/ovirt-engine/sso/oauth/token
> HTTP/1.1\n*
> >>>> > > *root: DEBUG: Host: 192.168.203.3\n*
> >>>> > > *root: DEBUG: User-Agent:
PythonSDK/4.1.0a0\n*
> >>>> > > *root: DEBUG: Accept: application/json\n*
> >>>> > > *root: DEBUG: Content-Length: 78\n*
> >>>> > > *root: DEBUG: Content-Type:
> application/x-www-form-urlencoded\nroot:
> >>>> > > DEBUG:
> >>>> > >
> >>>> >
> username=admin%40internal&scope=ovirt-app-api&password=
123&grant_type=password\n*
> >>>> > > *root: DEBUG: upload completely sent off: 78
out of
> 78 bytes\n*
> >>>> > > *root: DEBUG: HTTP/1.1 404 Not Found\n*
> >>>> > > *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27
GMT\n*
> >>>> > > *root: DEBUG: Server: Apache/2.4.6 (CentOS)
> OpenSSL/1.0.1e-fips\n*
> >>>> > > *root: DEBUG: Content-Length: 74\n*
> >>>> > > *root: DEBUG: Content-Type: text/html;
charset=UTF-8\n*
> >>>> > > *root: DEBUG: \n*
> >>>> > > *root: DEBUG:
>
<html><head><title>Error</title></head><body>404 -
Not
> >>>> > > Found</body></html>\n*
> >>>> > > root: DEBUG: Connection #0 to host
192.168.203.3
> left intact\n
> >>>> > > --------------------- >> end captured
logging
> >>>> > >
> >>>> >
> >>>> > That definitively looks like version 3 of the
engine.
> Either that or
> >>>> > version 4 of the engine with web server
configuration
> modified so that
> >>>> > the SSO doesn't work as expected.
> >>>> >
> >>>> > What do you get if you run this against that
server?
> >>>> >
> >>>> >
> >>>> > Attached.
> >>>> > Y.
> >>>> >
> >>>>
> >>>> OK, that is version 4.1 of the engine, so next question is
> why the SSO
> >>>> service is not responding. Do you see any message in
> >>>> /var/log/ovirt-engine/server.log about
"enginesso.war" not
> being
> >>>> deployed? Did you do any modification to the
> >>>> /etc/httpd/conf.d/z-ovirt-engine.conf file?
> >>>>
> >>>> Ravi, Martin, any idea of why the SSO service may not be
> working?
> >>>>
> >>>> >
> >>>> >
> >>>> > curl \
> >>>> > --verbose \
> >>>> > --insecure \
> >>>> > --request GET \
> >>>> > --user "admin@internal:yourpassword"
\
> >>>> > --header "Version: 4" \
> >>>> > --header "Accept: application/xml" \
> >>>> > "https://thatserver/ovirt-engine/api
> <https://thatserver/ovirt-engine/api>
> >>>> > <https://thatserver/ovirt-engine/api
> <https://thatserver/ovirt-engine/api>>"
> >>>> >
> >>>>
> >>>>
> >>>> --
> >>>> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif.
Gorbea
> 3, planta
> >>>> 3ºD, 28016 Madrid, Spain
> >>>> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941
> - Red Hat S.L.
> >>>
> >>>
> >>
> >
>
>
>
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
9:47 a.m.
On 11/10/2016 09:33 AM, Yaniv Kaul wrote:
On Wed, Nov 9, 2016 at 8:05 PM, Juan Hernández <jhernand(a)redhat.com
<mailto:jhernand@redhat.com>> wrote:
On 11/09/2016 11:12 AM, Yaniv Kaul wrote:
>
>
> On Sat, Oct 15, 2016 at 1:04 AM, Ravi Nori <rnori(a)redhat.com
<mailto:rnori@redhat.com>
> <mailto:rnori@redhat.com <mailto:rnori@redhat.com>>> wrote:
>
> Also can you please try following command to directly obtain token
> from SSO. Can replace engine with FQDN and IP to see if both work
>
> curl -v -k -H "Accept: application/json"
>
'https://<engine>:443/ovirt-engine/sso/oauth/token?grant_type=password&username=admin@internal&password=123&scope=ovirt-app-api'
>
> You should see output similar to the one below
>
>
{"access_token":"K0sBa0D3rLtmNTdMJ-Q4FzOgCtGGY2cSFSCwbLkG94te9nDdmEzHSizsFaOeNMdwOziIv3l2-Uqm8bxWkMpwMA","scope":"ovirt-app-api
> ovirt-ext=token-info:authz-search
> ovirt-ext=token-info:public-authz-search
>
ovirt-ext=token-info:validate","exp":-381399824,"token_type":"bearer"}
>
>
> Sorry it took me so long to get back to it, but here it is:
>
{"access_token":"eA8w0DaapkKAQ8tfHakzA-R0l-mjD_CsTlAqBaH4iVVjXxQN33poXzt9UhPJLxMU8YOvVNX6LICcxL1EeAiAlw","scope":"ovirt-app-api
> ovirt-ext=token-info:authz-search
> ovirt-ext=token-info:public-authz-search
>
ovirt-ext=token-info:validate","exp":["java.lang.Long",1479290132000],"token_type":"bearer"}
>
That "java.lang.Long" there is an error, but not related to this
problem, as the SDK doesn't use the "exp" attribute. I guess it is a
side effect of the recent change to use "long" instead of "int",
looks
like the JSON library used in the engine doesn't like longs.
> And here's the difference between the SDK and the manual curl command in
> ssl_access log:
> 192.168.201.1 - - [09/Nov/2016:04:52:19 -0500] "POST
> /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
> 192.168.201.1 - - [09/Nov/2016:04:55:32 -0500] "GET
>
/ovirt-engine/sso/oauth/token?grant_type=password&username=admin@internal&password=123&scope=ovirt-app-api
> HTTP/1.1" 200 295
>
That difference is by design. The SDK uses POST to avoid sending the
credentials (specially the password) as a query parameter, as that is
most probably logged and archived.
We discovered recently an issue with the Python SDK, due to a bug in the
"pycurl" library:
Debug mode raises UnicodeDecodeError: 'utf8' codec can't decode byte
0x8d in position 7: invalid start byte
https://bugzilla.redhat.com/1392878
<https://bugzilla.redhat.com/1392878>
It isn't exactly the same problem, but as the cause of that bug is a
pointer that is used after releasing, it can cause all kinds of strange
effects.
Please try the latest build of the SDK.
I thought I was:
python-ovirt-engine-sdk4-4.1.0-0.1.a0.20161108gitaad5627.fc24.x86_64
Yes, that build contains the fix, so we can discard it as the source of
your problem.
>
>
> Thanks
>
> Ravi
>
> On Fri, Oct 14, 2016 at 4:00 PM, Yaniv Kaul <ykaul(a)redhat.com
<mailto:ykaul@redhat.com>
> <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>> wrote:
>
> On Oct 14, 2016 7:13 PM, "Ravi Nori" <rnori(a)redhat.com
<mailto:rnori@redhat.com>
> <mailto:rnori@redhat.com <mailto:rnori@redhat.com>>>
wrote:
> >
> > SSO configuration looks good.
> >
> > Can you please share any additional httpd configuration in
/etc/httpd/conf.d. Anything to do with LocationMatch for ovirt-engine urls.
>
> This is a standard ovirt-system-tests on Lago installation,
> nothing out of the ordinary, but I'll check.
> Y.
>
> >
> > On Fri, Oct 14, 2016 at 12:52 PM, Yaniv Kaul <ykaul(a)redhat.com
<mailto:ykaul@redhat.com>
> <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>>
wrote:
> >>
> >>
> >>
> >> On Fri, Oct 14, 2016 at 3:50 PM, Ravi Nori <rnori(a)redhat.com
<mailto:rnori@redhat.com>
> <mailto:rnori@redhat.com <mailto:rnori@redhat.com>>>
wrote:
> >>>
> >>> Hi Yaniv,
> >>>
> >>> Can you check the output of
> https:://<engine>/ovirt-engine/sso/status in your browser and
> see if the SSO service is active.
> >>>
> >>> If SSO is deployed, you should see an output similar
to the
> one below. Also are you able to login to webadmin using the
> browser?
> >>
> >>
> >> I am able to login using the webui.
> >>
> >>>
> >>>
> >>> {"status_description":"SSO Webapp
>
Deployed","version":"0","status":"active"}
> >>
> >>
> >> Indeed:
> >> {"status_description":"SSO Webapp
>
Deployed","version":"0","status":"active"}
> >>
> >> (not sure what 'version 0' means?)
> >>
> >>>
> >>>
> >>> Please share the content of
> /etc/ovirt-engine/engine.conf.d/11-setup-sso.conf
> >>
> >>
> >> [root@lago-basic-suite-master-engine ~]# cat
> /etc/ovirt-engine/engine.conf.d/11-setup-sso.conf
> >> ENGINE_SSO_CLIENT_ID="ovirt-engine-core"
> >>
ENGINE_SSO_CLIENT_SECRET="bsOabtD7gE2McwLe80P109UV800XLx4O"
> >>
ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso"
> >>
>
ENGINE_SSO_SERVICE_URL="https://localhost:443/ovirt-engine/sso
<https://localhost:443/ovirt-engine/sso>
> <https://localhost:443/ovirt-engine/sso
<https://localhost:443/ovirt-engine/sso>>"
> >> ENGINE_SSO_SERVICE_SSL_VERIFY_HOST=false
> >> ENGINE_SSO_SERVICE_SSL_VERIFY_CHAIN=true
> >> SSO_ALTERNATE_ENGINE_FQDNS=""
> >>
SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/"
> >>
> >>
> >> Thanks,
> >> Y.
> >>
> >>
> >>>
> >>>
> >>> Thanks
> >>>
> >>> Ravi
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández
> <jhernand(a)redhat.com <mailto:jhernand@redhat.com>
<mailto:jhernand@redhat.com <mailto:jhernand@redhat.com>>> wrote:
> >>>>
> >>>> On 10/14/2016 01:45 PM, Yaniv Kaul wrote:
> >>>> >
> >>>> >
> >>>> > On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández
> <jhernand(a)redhat.com <mailto:jhernand@redhat.com>
<mailto:jhernand@redhat.com <mailto:jhernand@redhat.com>>
> >>>> > <mailto:jhernand@redhat.com
<mailto:jhernand@redhat.com>
> <mailto:jhernand@redhat.com
<mailto:jhernand@redhat.com>>>> wrote:
> >>>> >
> >>>> > On 10/13/2016 12:04 AM, Yaniv Kaul wrote:
> >>>> > > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv
Kaul
> <ykaul(a)redhat.com <mailto:ykaul@redhat.com>
<mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>
> <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>
<mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>>
> >>>> > > <mailto:ykaul@redhat.com
<mailto:ykaul@redhat.com> <mailto:ykaul@redhat.com
<mailto:ykaul@redhat.com>>
> <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>
<mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>>>> wrote:
> >>>> > >
> >>>> > > I'm trying on FC24, using
> >>>> > >
> >>>> >
>
python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64 to
> >>>> > > add a DC, and failing - against
master. The
> client is unhappy:
> >>>> > > File
> >>>> > >
> >>>> >
>
"/home/ykaul/ovirt-system-tests/basic-suite-master/test-scenarios/002_bootstrap.py",
> >>>> > > line 98, in add_dc4
> >>>> > >
>
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
> >>>> > > File
> "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py",
> >>>> > > line 4347, in add
> >>>> > > response =
self._connection.send(request)
> >>>> > > File
> "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
> >>>> > > line 276, in send
> >>>> > > return self.__send(request)
> >>>> > > File
> "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
> >>>> > > line 298, in __send
> >>>> > > self._sso_token =
self._get_access_token()
> >>>> > > File
> "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
> >>>> > > line 460, in _get_access_token
> >>>> > > sso_response =
> self._get_sso_response(self._sso_url,
> >>>> > post_data)
> >>>> > > File
> "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
> >>>> > > line 498, in _get_sso_response
> >>>> > > return
> json.loads(body_buf.getvalue().decode('utf-8'))
> >>>> > > File
"/usr/lib64/python2.7/json/__init__.py",
> line 339, in loads
> >>>> > > return
_default_decoder.decode(s)
> >>>> > > File
"/usr/lib64/python2.7/json/decoder.py",
> line 364, in decode
> >>>> > > obj, end = self.raw_decode(s,
idx=_w(s,
> 0).end())
> >>>> > > File
"/usr/lib64/python2.7/json/decoder.py",
> line 382, in
> >>>> > raw_decode
> >>>> > > raise ValueError("No JSON
object could be
> decoded")
> >>>> > > ValueError: No JSON object could be
decoded
> >>>> > >
> >>>> > >
> >>>> > > Surprisingly, I now can't find
that RPM
of this
> SDK in
> >>>> > > resources.ovirt.org
<http://resources.ovirt.org>
> <http://resources.ovirt.org> <http://resources.ovirt.org>
> >>>> > <http://resources.ovirt.org> now.
> >>>> > >
> >>>> > > I've tried
> >>>> > > with
> >>>> >
>
http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
>
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
> >>>> >
>
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
>
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
> >>>> > >
> >>>> >
>
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
>
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
> >>>> >
>
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
>
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
<http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/pyth...
> >>>> > >
> >>>> > > - same result.
> >>>> > >
> >>>> > > Did not see anything obvious on
server or
> engine logs.
> >>>> > > The code:
> >>>> > > def add_dc4(api):
> >>>> > > nt.assert_true(api != None)
> >>>> > > dcs_service =
> api.system_service().data_centers_service()
> >>>> > > nt.assert_true(
> >>>> > > dc = dcs_service.add(
> >>>> > > sdk4.types.DataCenter(
> >>>> > > name=DC_NAME4,
> >>>> > >
description='APIv4 DC',
> >>>> > > local=False,
> >>>> > >
> >>>> > >
>
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
> >>>> > > ),
> >>>> > > )
> >>>> > > )
> >>>> > >
> >>>> > >
> >>>> > > And the api object is from:
> >>>> > > return sdk4.Connection(
> >>>> > > url=url,
> >>>> > >
username=constants.ENGINE_USER,
> >>>> > >
> >>>> >
password=str(self.metadata['ovirt-engine-password']),
> >>>> > > insecure=True,
> >>>> > > debug=True,
> >>>> > > )
> >>>> > >
> >>>> > >
> >>>> > > The clue is actually on the HTTPd logs:
> >>>> > > 192.168.203.1 - - [12/Oct/2016:17:56:27
-0400] "POST
> >>>> > > /ovirt-engine/sso/oauth/token
HTTP/1.1" 404 74
> >>>> > >
> >>>> > > And indeed, from the deubg log:
> >>>> > > begin captured logging <<
--------------------\n
> >>>> > > root: DEBUG: Trying 192.168.203.3...\n
> >>>> > > root: DEBUG: Connected to 192.168.203.3
> (192.168.203.3) port 443
> >>>> > (#0)\n
> >>>> > > root: DEBUG: Initializing NSS with
certpath:
> sql:/etc/pki/nssdb\n
> >>>> > > root: DEBUG: skipping SSL peer
certificate
> verification\n
> >>>> > > root: DEBUG: ALPN/NPN, server did not
agree to a
> protocol\n
> >>>> > > root: DEBUG: SSL connection using
> >>>> > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n
> >>>> > > root: DEBUG: Server certificate:\n
> >>>> > > root: DEBUG: subject:
CN=engine,O=Test,C=US\n
> >>>> > > root: DEBUG: start date: Oct 11 21:55:29
2016
GMT\n
> >>>> > > root: DEBUG: expire date: Sep 16
21:55:29
2021 GMT\n
> >>>> > > root: DEBUG: common name: engine\nroot:
DEBUG: issuer:
> >>>> > > CN=engine.38998,O=Test,C=US\n
> >>>> > > *root: DEBUG: POST
/ovirt-engine/sso/oauth/token
> HTTP/1.1\n*
> >>>> > > *root: DEBUG: Host: 192.168.203.3\n*
> >>>> > > *root: DEBUG: User-Agent:
PythonSDK/4.1.0a0\n*
> >>>> > > *root: DEBUG: Accept:
application/json\n*
> >>>> > > *root: DEBUG: Content-Length: 78\n*
> >>>> > > *root: DEBUG: Content-Type:
> application/x-www-form-urlencoded\nroot:
> >>>> > > DEBUG:
> >>>> > >
> >>>> >
>
username=admin%40internal&scope=ovirt-app-api&password=123&grant_type=password\n*
> >>>> > > *root: DEBUG: upload completely sent off:
78
out of
> 78 bytes\n*
> >>>> > > *root: DEBUG: HTTP/1.1 404 Not Found\n*
> >>>> > > *root: DEBUG: Date: Wed, 12 Oct 2016
21:56:27
GMT\n*
> >>>> > > *root: DEBUG: Server: Apache/2.4.6
(CentOS)
> OpenSSL/1.0.1e-fips\n*
> >>>> > > *root: DEBUG: Content-Length: 74\n*
> >>>> > > *root: DEBUG: Content-Type: text/html;
charset=UTF-8\n*
> >>>> > > *root: DEBUG: \n*
> >>>> > > *root: DEBUG:
>
<html><head><title>Error</title></head><body>404 -
Not
> >>>> > > Found</body></html>\n*
> >>>> > > root: DEBUG: Connection #0 to host
192.168.203.3
> left intact\n
> >>>> > > --------------------- >> end
captured logging
> >>>> > >
> >>>> >
> >>>> > That definitively looks like version 3 of the
engine.
> Either that or
> >>>> > version 4 of the engine with web server
configuration
> modified so that
> >>>> > the SSO doesn't work as expected.
> >>>> >
> >>>> > What do you get if you run this against that
server?
> >>>> >
> >>>> >
> >>>> > Attached.
> >>>> > Y.
> >>>> >
> >>>>
> >>>> OK, that is version 4.1 of the engine, so next
question is
> why the SSO
> >>>> service is not responding. Do you see any message in
> >>>> /var/log/ovirt-engine/server.log about
"enginesso.war" not
> being
> >>>> deployed? Did you do any modification to the
> >>>> /etc/httpd/conf.d/z-ovirt-engine.conf file?
> >>>>
> >>>> Ravi, Martin, any idea of why the SSO service may not
be
> working?
> >>>>
> >>>> >
> >>>> >
> >>>> > curl \
> >>>> > --verbose \
> >>>> > --insecure \
> >>>> > --request GET \
> >>>> > --user
"admin@internal:yourpassword" \
> >>>> > --header "Version: 4" \
> >>>> > --header "Accept: application/xml"
\
> >>>> > "https://thatserver/ovirt-engine/api
<https://thatserver/ovirt-engine/api>
> <https://thatserver/ovirt-engine/api
<https://thatserver/ovirt-engine/api>>
> >>>> > <https://thatserver/ovirt-engine/api
<https://thatserver/ovirt-engine/api>
> <https://thatserver/ovirt-engine/api
<https://thatserver/ovirt-engine/api>>>"
> >>>> >
> >>>>
> >>>>
> >>>> --
> >>>> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif.
Gorbea
> 3, planta
> >>>> 3ºD, 28016 Madrid, Spain
> >>>> Inscrita en el Reg. Mercantil de Madrid – C.I.F.
B82657941
> - Red Hat S.L.
> >>>
> >>>
> >>
> >
>
>
>
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat
S.L.
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
2994
days inactive
3028
days old
15 comments
4 participants
participants (4)
-
Juan Hernández -
Ondra Machacek -
Ravi Nori -
Yaniv Kaul