Can't add DC with API v4 - client issue
I'm trying on FC24, using python-ovirt-engine-sdk4-4.1.0 -0.0.20161003git056315d.fc24.x86_64 to add a DC, and failing - against master. The client is unhappy: File "/home/ykaul/ovirt-system-tests/basic-suite-master/test-scenarios/002_bootstrap.py", line 98, in add_dc4 version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN), File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py", line 4347, in add response = self._connection.send(request) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 276, in send return self.__send(request) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 298, in __send self._sso_token = self._get_access_token() File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 460, in _get_access_token sso_response = self._get_sso_response(self._sso_url, post_data) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 498, in _get_sso_response return json.loads(body_buf.getvalue().decode('utf-8')) File "/usr/lib64/python2.7/json/__init__.py", line 339, in loads return _default_decoder.decode(s) File "/usr/lib64/python2.7/json/decoder.py", line 364, in decode obj, end = self.raw_decode(s, idx=_w(s, 0).end()) File "/usr/lib64/python2.7/json/decoder.py", line 382, in raw_decode raise ValueError("No JSON object could be decoded") ValueError: No JSON object could be decoded Surprisingly, I now can't find that RPM of this SDK in resources.ovirt.org now. I've tried with http://resources.ovirt.org/pub/ovirt-master-snapshot/rp m/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004git f94eeb5.fc24.x86_64.rpm - same result. Did not see anything obvious on server or engine logs. The code: def add_dc4(api): nt.assert_true(api != None) dcs_service = api.system_service().data_centers_service() nt.assert_true( dc = dcs_service.add( sdk4.types.DataCenter( name=DC_NAME4, description='APIv4 DC', local=False, version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_ MIN), ), ) ) And the api object is from: return sdk4.Connection( url=url, username=constants.ENGINE_USER, password=str(self.metadata['ovirt-engine-password']), insecure=True, debug=True, )
On 10/07/2016 09:44 PM, Yaniv Kaul wrote:
I'm trying on FC24, using python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64 to add a DC, and failing - against master. The client is unhappy: File "/home/ykaul/ovirt-system-tests/basic-suite-master/test-scenarios/002_bootstrap.py", line 98, in add_dc4 version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN), File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py", line 4347, in add response = self._connection.send(request) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 276, in send return self.__send(request) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 298, in __send self._sso_token = self._get_access_token() File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 460, in _get_access_token sso_response = self._get_sso_response(self._sso_url, post_data) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 498, in _get_sso_response return json.loads(body_buf.getvalue().decode('utf-8')) File "/usr/lib64/python2.7/json/__init__.py", line 339, in loads return _default_decoder.decode(s) File "/usr/lib64/python2.7/json/decoder.py", line 364, in decode obj, end = self.raw_decode(s, idx=_w(s, 0).end()) File "/usr/lib64/python2.7/json/decoder.py", line 382, in raw_decode raise ValueError("No JSON object could be decoded") ValueError: No JSON object could be decoded
This error means something wrong during authentication. The JSON SSO response returned something unexpected. Anyway I've tried with current master and everything is fine for me. Can you please send debug log of the SDK? import loggging logging.basicConfig(level=logging.DEBUG, filename='/tmp/debug.log') return sdk4.Connection( url=url, username=constants.ENGINE_USER, password=str(self.metadata['ovirt-engine-password']), insecure=True, log=logging.getLogger(), debug=True, )
Surprisingly, I now can't find that RPM of this SDK in resources.ovirt.org <http://resources.ovirt.org> now.
I've tried with http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-... <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm>
- same result.
Did not see anything obvious on server or engine logs. The code: def add_dc4(api): nt.assert_true(api != None) dcs_service = api.system_service().data_centers_service() nt.assert_true( dc = dcs_service.add( sdk4.types.DataCenter( name=DC_NAME4, description='APIv4 DC', local=False,
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN), ), ) )
And the api object is from: return sdk4.Connection( url=url, username=constants.ENGINE_USER, password=str(self.metadata['ovirt-engine-password']), insecure=True, debug=True, )
_______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
On 10/07/2016 09:44 PM, Yaniv Kaul wrote:
I'm trying on FC24, using python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64 to add a DC, and failing - against master. The client is unhappy: File "/home/ykaul/ovirt-system-tests/basic-suite-master/test-scenarios/002_bootstrap.py", line 98, in add_dc4 version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN), File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py", line 4347, in add response = self._connection.send(request) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 276, in send return self.__send(request) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 298, in __send self._sso_token = self._get_access_token() File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 460, in _get_access_token sso_response = self._get_sso_response(self._sso_url, post_data) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 498, in _get_sso_response return json.loads(body_buf.getvalue().decode('utf-8')) File "/usr/lib64/python2.7/json/__init__.py", line 339, in loads return _default_decoder.decode(s) File "/usr/lib64/python2.7/json/decoder.py", line 364, in decode obj, end = self.raw_decode(s, idx=_w(s, 0).end()) File "/usr/lib64/python2.7/json/decoder.py", line 382, in raw_decode raise ValueError("No JSON object could be decoded") ValueError: No JSON object could be decoded
That is what happens when you try to connect version 3 of the server with version 4 of the SDK: OAuth authentication fails with this unexpected error. Are you sure you are using version 4 of the engine? Can you try a simpler request? For example, try this example: https://github.com/oVirt/ovirt-engine-sdk/blob/master/sdk/examples/test_conn... That will generate an "example.log" file. Can you share it? Take into account that the log will contain your password, so make sure to remove it or share it privately.
Surprisingly, I now can't find that RPM of this SDK in resources.ovirt.org <http://resources.ovirt.org> now.
I've tried with http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-... <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm>
- same result.
Did not see anything obvious on server or engine logs. The code: def add_dc4(api): nt.assert_true(api != None) dcs_service = api.system_service().data_centers_service() nt.assert_true( dc = dcs_service.add( sdk4.types.DataCenter( name=DC_NAME4, description='APIv4 DC', local=False,
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN), ), ) )
And the api object is from: return sdk4.Connection( url=url, username=constants.ENGINE_USER, password=str(self.metadata['ovirt-engine-password']), insecure=True, debug=True, )
_______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
-- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <ykaul@redhat.com> wrote:
I'm trying on FC24, using python-ovirt-engine-sdk4-4.1.0 -0.0.20161003git056315d.fc24.x86_64 to add a DC, and failing - against master. The client is unhappy: File "/home/ykaul/ovirt-system-tests/basic-suite-master/test-scenarios/002_bootstrap.py", line 98, in add_dc4 version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN), File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py", line 4347, in add response = self._connection.send(request) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 276, in send return self.__send(request) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 298, in __send self._sso_token = self._get_access_token() File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 460, in _get_access_token sso_response = self._get_sso_response(self._sso_url, post_data) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 498, in _get_sso_response return json.loads(body_buf.getvalue().decode('utf-8')) File "/usr/lib64/python2.7/json/__init__.py", line 339, in loads return _default_decoder.decode(s) File "/usr/lib64/python2.7/json/decoder.py", line 364, in decode obj, end = self.raw_decode(s, idx=_w(s, 0).end()) File "/usr/lib64/python2.7/json/decoder.py", line 382, in raw_decode raise ValueError("No JSON object could be decoded") ValueError: No JSON object could be decoded
Surprisingly, I now can't find that RPM of this SDK in resources.ovirt.org now.
I've tried with http://resources.ovirt.org/pub/ovirt-master-snapshot/rp m/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004git f94eeb5.fc24.x86_64.rpm
- same result.
Did not see anything obvious on server or engine logs. The code: def add_dc4(api): nt.assert_true(api != None) dcs_service = api.system_service().data_centers_service() nt.assert_true( dc = dcs_service.add( sdk4.types.DataCenter( name=DC_NAME4, description='APIv4 DC', local=False, version=sdk4.types.Version(maj or=DC_VER_MAJ,minor=DC_VER_MIN), ), ) )
And the api object is from: return sdk4.Connection( url=url, username=constants.ENGINE_USER, password=str(self.metadata['ovirt-engine-password']), insecure=True, debug=True, )
The clue is actually on the HTTPd logs: 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74 And indeed, from the deubg log: begin captured logging << --------------------\n root: DEBUG: Trying 192.168.203.3...\n root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port 443 (#0)\n root: DEBUG: Initializing NSS with certpath: sql:/etc/pki/nssdb\n root: DEBUG: skipping SSL peer certificate verification\n root: DEBUG: ALPN/NPN, server did not agree to a protocol\n root: DEBUG: SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n root: DEBUG: Server certificate:\n root: DEBUG: subject: CN=engine,O=Test,C=US\n root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n root: DEBUG: common name: engine\nroot: DEBUG: issuer: CN=engine.38998,O=Test,C=US\n *root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n* *root: DEBUG: Host: 192.168.203.3\n* *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n* *root: DEBUG: Accept: application/json\n* *root: DEBUG: Content-Length: 78\n* *root: DEBUG: Content-Type: application/x-www-form-urlencoded\nroot: DEBUG: username=admin%40internal&scope=ovirt-app-api&password=123&grant_type=password\n* *root: DEBUG: upload completely sent off: 78 out of 78 bytes\n* *root: DEBUG: HTTP/1.1 404 Not Found\n* *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n* *root: DEBUG: Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips\n* *root: DEBUG: Content-Length: 74\n* *root: DEBUG: Content-Type: text/html; charset=UTF-8\n* *root: DEBUG: \n* *root: DEBUG: <html><head><title>Error</title></head><body>404 - Not Found</body></html>\n* root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n --------------------- >> end captured logging
On 10/13/2016 12:04 AM, Yaniv Kaul wrote:
On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <ykaul@redhat.com <mailto:ykaul@redhat.com>> wrote:
I'm trying on FC24, using python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64 to add a DC, and failing - against master. The client is unhappy: File "/home/ykaul/ovirt-system-tests/basic-suite-master/test-scenarios/002_bootstrap.py", line 98, in add_dc4 version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN), File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py", line 4347, in add response = self._connection.send(request) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 276, in send return self.__send(request) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 298, in __send self._sso_token = self._get_access_token() File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 460, in _get_access_token sso_response = self._get_sso_response(self._sso_url, post_data) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 498, in _get_sso_response return json.loads(body_buf.getvalue().decode('utf-8')) File "/usr/lib64/python2.7/json/__init__.py", line 339, in loads return _default_decoder.decode(s) File "/usr/lib64/python2.7/json/decoder.py", line 364, in decode obj, end = self.raw_decode(s, idx=_w(s, 0).end()) File "/usr/lib64/python2.7/json/decoder.py", line 382, in raw_decode raise ValueError("No JSON object could be decoded") ValueError: No JSON object could be decoded
Surprisingly, I now can't find that RPM of this SDK in resources.ovirt.org <http://resources.ovirt.org> now.
I've tried with http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-... <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm>
- same result.
Did not see anything obvious on server or engine logs. The code: def add_dc4(api): nt.assert_true(api != None) dcs_service = api.system_service().data_centers_service() nt.assert_true( dc = dcs_service.add( sdk4.types.DataCenter( name=DC_NAME4, description='APIv4 DC', local=False,
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN), ), ) )
And the api object is from: return sdk4.Connection( url=url, username=constants.ENGINE_USER, password=str(self.metadata['ovirt-engine-password']), insecure=True, debug=True, )
The clue is actually on the HTTPd logs: 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
And indeed, from the deubg log: begin captured logging << --------------------\n root: DEBUG: Trying 192.168.203.3...\n root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port 443 (#0)\n root: DEBUG: Initializing NSS with certpath: sql:/etc/pki/nssdb\n root: DEBUG: skipping SSL peer certificate verification\n root: DEBUG: ALPN/NPN, server did not agree to a protocol\n root: DEBUG: SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n root: DEBUG: Server certificate:\n root: DEBUG: subject: CN=engine,O=Test,C=US\n root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n root: DEBUG: common name: engine\nroot: DEBUG: issuer: CN=engine.38998,O=Test,C=US\n *root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n* *root: DEBUG: Host: 192.168.203.3\n* *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n* *root: DEBUG: Accept: application/json\n* *root: DEBUG: Content-Length: 78\n* *root: DEBUG: Content-Type: application/x-www-form-urlencoded\nroot: DEBUG: username=admin%40internal&scope=ovirt-app-api&password=123&grant_type=password\n* *root: DEBUG: upload completely sent off: 78 out of 78 bytes\n* *root: DEBUG: HTTP/1.1 404 Not Found\n* *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n* *root: DEBUG: Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips\n* *root: DEBUG: Content-Length: 74\n* *root: DEBUG: Content-Type: text/html; charset=UTF-8\n* *root: DEBUG: \n* *root: DEBUG: <html><head><title>Error</title></head><body>404 - Not Found</body></html>\n* root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n --------------------- >> end captured logging
That definitively looks like version 3 of the engine. Either that or version 4 of the engine with web server configuration modified so that the SSO doesn't work as expected. What do you get if you run this against that server? curl \ --verbose \ --insecure \ --request GET \ --user "admin@internal:yourpassword" \ --header "Version: 4" \ --header "Accept: application/xml" \ "https://thatserver/ovirt-engine/api" -- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández <jhernand@redhat.com> wrote:
On 10/13/2016 12:04 AM, Yaniv Kaul wrote:
On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <ykaul@redhat.com <mailto:ykaul@redhat.com>> wrote:
I'm trying on FC24, using python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64 to add a DC, and failing - against master. The client is unhappy: File "/home/ykaul/ovirt-system-tests/basic-suite-master/test- scenarios/002_bootstrap.py", line 98, in add_dc4 version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN), File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py", line 4347, in add response = self._connection.send(request) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 276, in send return self.__send(request) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 298, in __send self._sso_token = self._get_access_token() File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 460, in _get_access_token sso_response = self._get_sso_response(self._sso_url, post_data) File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", line 498, in _get_sso_response return json.loads(body_buf.getvalue().decode('utf-8')) File "/usr/lib64/python2.7/json/__init__.py", line 339, in loads return _default_decoder.decode(s) File "/usr/lib64/python2.7/json/decoder.py", line 364, in decode obj, end = self.raw_decode(s, idx=_w(s, 0).end()) File "/usr/lib64/python2.7/json/decoder.py", line 382, in raw_decode raise ValueError("No JSON object could be decoded") ValueError: No JSON object could be decoded
Surprisingly, I now can't find that RPM of this SDK in resources.ovirt.org <http://resources.ovirt.org> now.
I've tried with http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/ fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1. 20161004gitf94eeb5.fc24.x86_64.rpm <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/ fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1. 20161004gitf94eeb5.fc24.x86_64.rpm>
- same result.
Did not see anything obvious on server or engine logs. The code: def add_dc4(api): nt.assert_true(api != None) dcs_service = api.system_service().data_centers_service() nt.assert_true( dc = dcs_service.add( sdk4.types.DataCenter( name=DC_NAME4, description='APIv4 DC', local=False,
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN), ), ) )
And the api object is from: return sdk4.Connection( url=url, username=constants.ENGINE_USER, password=str(self.metadata[' ovirt-engine-password']), insecure=True, debug=True, )
The clue is actually on the HTTPd logs: 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
And indeed, from the deubg log: begin captured logging << --------------------\n root: DEBUG: Trying 192.168.203.3...\n root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port 443 (#0)\n root: DEBUG: Initializing NSS with certpath: sql:/etc/pki/nssdb\n root: DEBUG: skipping SSL peer certificate verification\n root: DEBUG: ALPN/NPN, server did not agree to a protocol\n root: DEBUG: SSL connection using TLS_ECDHE_RSA_WITH_AES_128_ GCM_SHA256\n root: DEBUG: Server certificate:\n root: DEBUG: subject: CN=engine,O=Test,C=US\n root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n root: DEBUG: common name: engine\nroot: DEBUG: issuer: CN=engine.38998,O=Test,C=US\n *root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n* *root: DEBUG: Host: 192.168.203.3\n* *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n* *root: DEBUG: Accept: application/json\n* *root: DEBUG: Content-Length: 78\n* *root: DEBUG: Content-Type: application/x-www-form-urlencoded\nroot: DEBUG: username=admin%40internal&scope=ovirt-app-api&password= 123&grant_type=password\n* *root: DEBUG: upload completely sent off: 78 out of 78 bytes\n* *root: DEBUG: HTTP/1.1 404 Not Found\n* *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n* *root: DEBUG: Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips\n* *root: DEBUG: Content-Length: 74\n* *root: DEBUG: Content-Type: text/html; charset=UTF-8\n* *root: DEBUG: \n* *root: DEBUG: <html><head><title>Error</title></head><body>404 - Not Found</body></html>\n* root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n --------------------- >> end captured logging
That definitively looks like version 3 of the engine. Either that or version 4 of the engine with web server configuration modified so that the SSO doesn't work as expected.
What do you get if you run this against that server?
Attached. Y.
curl \ --verbose \ --insecure \ --request GET \ --user "admin@internal:yourpassword" \ --header "Version: 4" \ --header "Accept: application/xml" \ "https://thatserver/ovirt-engine/api"
-- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
On 10/14/2016 01:45 PM, Yaniv Kaul wrote:
On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández <jhernand@redhat.com <mailto:jhernand@redhat.com>> wrote:
On 10/13/2016 12:04 AM, Yaniv Kaul wrote: > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <ykaul@redhat.com <mailto:ykaul@redhat.com> > <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>> wrote: > > I'm trying on FC24, using > python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64 to > add a DC, and failing - against master. The client is unhappy: > File > "/home/ykaul/ovirt-system-tests/basic-suite-master/test-scenarios/002_bootstrap.py", > line 98, in add_dc4 > version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN), > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py", > line 4347, in add > response = self._connection.send(request) > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", > line 276, in send > return self.__send(request) > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", > line 298, in __send > self._sso_token = self._get_access_token() > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", > line 460, in _get_access_token > sso_response = self._get_sso_response(self._sso_url, post_data) > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", > line 498, in _get_sso_response > return json.loads(body_buf.getvalue().decode('utf-8')) > File "/usr/lib64/python2.7/json/__init__.py", line 339, in loads > return _default_decoder.decode(s) > File "/usr/lib64/python2.7/json/decoder.py", line 364, in decode > obj, end = self.raw_decode(s, idx=_w(s, 0).end()) > File "/usr/lib64/python2.7/json/decoder.py", line 382, in raw_decode > raise ValueError("No JSON object could be decoded") > ValueError: No JSON object could be decoded > > > Surprisingly, I now can't find that RPM of this SDK in > resources.ovirt.org <http://resources.ovirt.org> <http://resources.ovirt.org> now. > > I've tried > with http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-... <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-... <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm>> > > - same result. > > Did not see anything obvious on server or engine logs. > The code: > def add_dc4(api): > nt.assert_true(api != None) > dcs_service = api.system_service().data_centers_service() > nt.assert_true( > dc = dcs_service.add( > sdk4.types.DataCenter( > name=DC_NAME4, > description='APIv4 DC', > local=False, > > version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN), > ), > ) > ) > > > And the api object is from: > return sdk4.Connection( > url=url, > username=constants.ENGINE_USER, > password=str(self.metadata['ovirt-engine-password']), > insecure=True, > debug=True, > ) > > > The clue is actually on the HTTPd logs: > 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST > /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74 > > And indeed, from the deubg log: > begin captured logging << --------------------\n > root: DEBUG: Trying 192.168.203.3...\n > root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port 443 (#0)\n > root: DEBUG: Initializing NSS with certpath: sql:/etc/pki/nssdb\n > root: DEBUG: skipping SSL peer certificate verification\n > root: DEBUG: ALPN/NPN, server did not agree to a protocol\n > root: DEBUG: SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n > root: DEBUG: Server certificate:\n > root: DEBUG: subject: CN=engine,O=Test,C=US\n > root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n > root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n > root: DEBUG: common name: engine\nroot: DEBUG: issuer: > CN=engine.38998,O=Test,C=US\n > *root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n* > *root: DEBUG: Host: 192.168.203.3\n* > *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n* > *root: DEBUG: Accept: application/json\n* > *root: DEBUG: Content-Length: 78\n* > *root: DEBUG: Content-Type: application/x-www-form-urlencoded\nroot: > DEBUG: > username=admin%40internal&scope=ovirt-app-api&password=123&grant_type=password\n* > *root: DEBUG: upload completely sent off: 78 out of 78 bytes\n* > *root: DEBUG: HTTP/1.1 404 Not Found\n* > *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n* > *root: DEBUG: Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips\n* > *root: DEBUG: Content-Length: 74\n* > *root: DEBUG: Content-Type: text/html; charset=UTF-8\n* > *root: DEBUG: \n* > *root: DEBUG: <html><head><title>Error</title></head><body>404 - Not > Found</body></html>\n* > root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n > --------------------- >> end captured logging >
That definitively looks like version 3 of the engine. Either that or version 4 of the engine with web server configuration modified so that the SSO doesn't work as expected.
What do you get if you run this against that server?
Attached. Y.
OK, that is version 4.1 of the engine, so next question is why the SSO service is not responding. Do you see any message in /var/log/ovirt-engine/server.log about "enginesso.war" not being deployed? Did you do any modification to the /etc/httpd/conf.d/z-ovirt-engine.conf file? Ravi, Martin, any idea of why the SSO service may not be working?
curl \ --verbose \ --insecure \ --request GET \ --user "admin@internal:yourpassword" \ --header "Version: 4" \ --header "Accept: application/xml" \ "https://thatserver/ovirt-engine/api <https://thatserver/ovirt-engine/api>"
-- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
Hi Yaniv, Can you check the output of https:://<engine>/ovirt-engine/sso/status in your browser and see if the SSO service is active. If SSO is deployed, you should see an output similar to the one below. Also are you able to login to webadmin using the browser? {"status_description":"SSO Webapp Deployed","version":"0","status":"active"} Please share the content of /etc/ovirt-engine/engine.conf.d/11-setup-sso.conf Thanks Ravi On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández <jhernand@redhat.com> wrote:
On 10/14/2016 01:45 PM, Yaniv Kaul wrote:
On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández <jhernand@redhat.com <mailto:jhernand@redhat.com>> wrote:
On 10/13/2016 12:04 AM, Yaniv Kaul wrote: > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <ykaul@redhat.com
<mailto:ykaul@redhat.com>
> <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>> wrote: > > I'm trying on FC24, using > python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64
to
> add a DC, and failing - against master. The client is unhappy: > File > "/home/ykaul/ovirt-system-tests/basic-suite-master/test-
scenarios/002_bootstrap.py",
> line 98, in add_dc4 > version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_
MIN),
> File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.
py",
> line 4347, in add > response = self._connection.send(request) > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.
py",
> line 276, in send > return self.__send(request) > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.
py",
> line 298, in __send > self._sso_token = self._get_access_token() > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.
py",
> line 460, in _get_access_token > sso_response = self._get_sso_response(self._sso_url, post_data) > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.
py",
> line 498, in _get_sso_response > return json.loads(body_buf.getvalue().decode('utf-8')) > File "/usr/lib64/python2.7/json/__init__.py", line 339, in
loads
> return _default_decoder.decode(s) > File "/usr/lib64/python2.7/json/decoder.py", line 364, in
decode
> obj, end = self.raw_decode(s, idx=_w(s, 0).end()) > File "/usr/lib64/python2.7/json/decoder.py", line 382, in raw_decode > raise ValueError("No JSON object could be decoded") > ValueError: No JSON object could be decoded > > > Surprisingly, I now can't find that RPM of this SDK in > resources.ovirt.org <http://resources.ovirt.org> <http://resources.ovirt.org> now. > > I've tried > with http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1. 20161004gitf94eeb5.fc24.x86_64.rpm
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1. 20161004gitf94eeb5.fc24.x86_64.rpm>
> <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1. 20161004gitf94eeb5.fc24.x86_64.rpm
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1. 20161004gitf94eeb5.fc24.x86_64.rpm>>
> > - same result. > > Did not see anything obvious on server or engine logs. > The code: > def add_dc4(api): > nt.assert_true(api != None) > dcs_service = api.system_service().data_centers_service() > nt.assert_true( > dc = dcs_service.add( > sdk4.types.DataCenter( > name=DC_NAME4, > description='APIv4 DC', > local=False, > > version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN), > ), > ) > ) > > > And the api object is from: > return sdk4.Connection( > url=url, > username=constants.ENGINE_USER, > password=str(self.metadata['ovirt-engine-password']), > insecure=True, > debug=True, > ) > > > The clue is actually on the HTTPd logs: > 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST > /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74 > > And indeed, from the deubg log: > begin captured logging << --------------------\n > root: DEBUG: Trying 192.168.203.3...\n > root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port 443 (#0)\n > root: DEBUG: Initializing NSS with certpath: sql:/etc/pki/nssdb\n > root: DEBUG: skipping SSL peer certificate verification\n > root: DEBUG: ALPN/NPN, server did not agree to a protocol\n > root: DEBUG: SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n > root: DEBUG: Server certificate:\n > root: DEBUG: subject: CN=engine,O=Test,C=US\n > root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n > root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n > root: DEBUG: common name: engine\nroot: DEBUG: issuer: > CN=engine.38998,O=Test,C=US\n > *root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n* > *root: DEBUG: Host: 192.168.203.3\n* > *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n* > *root: DEBUG: Accept: application/json\n* > *root: DEBUG: Content-Length: 78\n* > *root: DEBUG: Content-Type: application/x-www-form-
urlencoded\nroot:
> DEBUG: > username=admin%40internal&scope=ovirt-app-api&password=
123&grant_type=password\n*
> *root: DEBUG: upload completely sent off: 78 out of 78 bytes\n* > *root: DEBUG: HTTP/1.1 404 Not Found\n* > *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n* > *root: DEBUG: Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips\n* > *root: DEBUG: Content-Length: 74\n* > *root: DEBUG: Content-Type: text/html; charset=UTF-8\n* > *root: DEBUG: \n* > *root: DEBUG: <html><head><title>Error</title></head><body>404 -
Not
> Found</body></html>\n* > root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n > --------------------- >> end captured logging >
That definitively looks like version 3 of the engine. Either that or version 4 of the engine with web server configuration modified so
that
the SSO doesn't work as expected.
What do you get if you run this against that server?
Attached. Y.
OK, that is version 4.1 of the engine, so next question is why the SSO service is not responding. Do you see any message in /var/log/ovirt-engine/server.log about "enginesso.war" not being deployed? Did you do any modification to the /etc/httpd/conf.d/z-ovirt-engine.conf file?
Ravi, Martin, any idea of why the SSO service may not be working?
curl \ --verbose \ --insecure \ --request GET \ --user "admin@internal:yourpassword" \ --header "Version: 4" \ --header "Accept: application/xml" \ "https://thatserver/ovirt-engine/api <https://thatserver/ovirt-engine/api>"
-- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
On Fri, Oct 14, 2016 at 3:50 PM, Ravi Nori <rnori@redhat.com> wrote:
Hi Yaniv,
Can you check the output of https:://<engine>/ovirt-engine/sso/status in your browser and see if the SSO service is active.
If SSO is deployed, you should see an output similar to the one below. Also are you able to login to webadmin using the browser?
I am able to login using the webui.
{"status_description":"SSO Webapp Deployed","version":"0"," status":"active"}
Indeed: {"status_description":"SSO Webapp Deployed","version":"0","status":"active"} (not sure what 'version 0' means?)
Please share the content of /etc/ovirt-engine/engine.conf. d/11-setup-sso.conf
[root@lago-basic-suite-master-engine ~]# cat /etc/ovirt-engine/engine.conf.d/11-setup-sso.conf ENGINE_SSO_CLIENT_ID="ovirt-engine-core" ENGINE_SSO_CLIENT_SECRET="bsOabtD7gE2McwLe80P109UV800XLx4O" ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso" ENGINE_SSO_SERVICE_URL="https://localhost:443/ovirt-engine/sso" ENGINE_SSO_SERVICE_SSL_VERIFY_HOST=false ENGINE_SSO_SERVICE_SSL_VERIFY_CHAIN=true SSO_ALTERNATE_ENGINE_FQDNS="" SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/" Thanks, Y.
Thanks
Ravi
On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández <jhernand@redhat.com> wrote:
On 10/14/2016 01:45 PM, Yaniv Kaul wrote:
On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández <jhernand@redhat.com <mailto:jhernand@redhat.com>> wrote:
On 10/13/2016 12:04 AM, Yaniv Kaul wrote: > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <ykaul@redhat.com
<mailto:ykaul@redhat.com>
> <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>> wrote: > > I'm trying on FC24, using > python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64
to
> add a DC, and failing - against master. The client is unhappy: > File > "/home/ykaul/ovirt-system-tests/basic-suite-master/test-scen
arios/002_bootstrap.py",
> line 98, in add_dc4 > version=sdk4.types.Version(ma
jor=DC_VER_MAJ,minor=DC_VER_MIN),
> File "/usr/lib64/python2.7/site-pac
kages/ovirtsdk4/services.py",
> line 4347, in add > response = self._connection.send(request) > File "/usr/lib64/python2.7/site-pac
kages/ovirtsdk4/__init__.py",
> line 276, in send > return self.__send(request) > File "/usr/lib64/python2.7/site-pac
kages/ovirtsdk4/__init__.py",
> line 298, in __send > self._sso_token = self._get_access_token() > File "/usr/lib64/python2.7/site-pac
kages/ovirtsdk4/__init__.py",
> line 460, in _get_access_token > sso_response = self._get_sso_response(self._sso_url, post_data) > File "/usr/lib64/python2.7/site-pac
kages/ovirtsdk4/__init__.py",
> line 498, in _get_sso_response > return json.loads(body_buf.getvalue().decode('utf-8')) > File "/usr/lib64/python2.7/json/__init__.py", line 339, in
loads
> return _default_decoder.decode(s) > File "/usr/lib64/python2.7/json/decoder.py", line 364, in
decode
> obj, end = self.raw_decode(s, idx=_w(s, 0).end()) > File "/usr/lib64/python2.7/json/decoder.py", line 382, in raw_decode > raise ValueError("No JSON object could be decoded") > ValueError: No JSON object could be decoded > > > Surprisingly, I now can't find that RPM of this SDK in > resources.ovirt.org <http://resources.ovirt.org> <http://resources.ovirt.org> now. > > I've tried > with http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc
24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94e eb5.fc24.x86_64.rpm
c24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94 eeb5.fc24.x86_64.rpm>
> <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc
24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94e eb5.fc24.x86_64.rpm
c24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94 eeb5.fc24.x86_64.rpm>>
> > - same result. > > Did not see anything obvious on server or engine logs. > The code: > def add_dc4(api): > nt.assert_true(api != None) > dcs_service = api.system_service().data_centers_service() > nt.assert_true( > dc = dcs_service.add( > sdk4.types.DataCenter( > name=DC_NAME4, > description='APIv4 DC', > local=False, > > version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MI
N),
> ), > ) > ) > > > And the api object is from: > return sdk4.Connection( > url=url, > username=constants.ENGINE_USER, > password=str(self.metadata['ovirt-engine-password']), > insecure=True, > debug=True, > ) > > > The clue is actually on the HTTPd logs: > 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST > /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74 > > And indeed, from the deubg log: > begin captured logging << --------------------\n > root: DEBUG: Trying 192.168.203.3...\n > root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port 443 (#0)\n > root: DEBUG: Initializing NSS with certpath: sql:/etc/pki/nssdb\n > root: DEBUG: skipping SSL peer certificate verification\n > root: DEBUG: ALPN/NPN, server did not agree to a protocol\n > root: DEBUG: SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n > root: DEBUG: Server certificate:\n > root: DEBUG: subject: CN=engine,O=Test,C=US\n > root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n > root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n > root: DEBUG: common name: engine\nroot: DEBUG: issuer: > CN=engine.38998,O=Test,C=US\n > *root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n* > *root: DEBUG: Host: 192.168.203.3\n* > *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n* > *root: DEBUG: Accept: application/json\n* > *root: DEBUG: Content-Length: 78\n* > *root: DEBUG: Content-Type: application/x-www-form-urlenco
ded\nroot:
> DEBUG: > username=admin%40internal&scope=ovirt-app-api&password=123&
grant_type=password\n*
> *root: DEBUG: upload completely sent off: 78 out of 78 bytes\n* > *root: DEBUG: HTTP/1.1 404 Not Found\n* > *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n* > *root: DEBUG: Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips\n* > *root: DEBUG: Content-Length: 74\n* > *root: DEBUG: Content-Type: text/html; charset=UTF-8\n* > *root: DEBUG: \n* > *root: DEBUG: <html><head><title>Error</title></head><body>404 -
Not
> Found</body></html>\n* > root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n > --------------------- >> end captured logging >
That definitively looks like version 3 of the engine. Either that or version 4 of the engine with web server configuration modified so
that
the SSO doesn't work as expected.
What do you get if you run this against that server?
Attached. Y.
OK, that is version 4.1 of the engine, so next question is why the SSO service is not responding. Do you see any message in /var/log/ovirt-engine/server.log about "enginesso.war" not being deployed? Did you do any modification to the /etc/httpd/conf.d/z-ovirt-engine.conf file?
Ravi, Martin, any idea of why the SSO service may not be working?
curl \ --verbose \ --insecure \ --request GET \ --user "admin@internal:yourpassword" \ --header "Version: 4" \ --header "Accept: application/xml" \ "https://thatserver/ovirt-engine/api <https://thatserver/ovirt-engine/api>"
-- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
SSO configuration looks good. Can you please share any additional httpd configuration in /etc/httpd/conf.d. Anything to do with LocationMatch for ovirt-engine urls. On Fri, Oct 14, 2016 at 12:52 PM, Yaniv Kaul <ykaul@redhat.com> wrote:
On Fri, Oct 14, 2016 at 3:50 PM, Ravi Nori <rnori@redhat.com> wrote:
Hi Yaniv,
Can you check the output of https:://<engine>/ovirt-engine/sso/status in your browser and see if the SSO service is active.
If SSO is deployed, you should see an output similar to the one below. Also are you able to login to webadmin using the browser?
I am able to login using the webui.
{"status_description":"SSO Webapp Deployed","version":"0","statu s":"active"}
Indeed: {"status_description":"SSO Webapp Deployed","version":"0"," status":"active"}
(not sure what 'version 0' means?)
Please share the content of /etc/ovirt-engine/engine.conf. d/11-setup-sso.conf
[root@lago-basic-suite-master-engine ~]# cat /etc/ovirt-engine/engine.conf.d/11-setup-sso.conf ENGINE_SSO_CLIENT_ID="ovirt-engine-core" ENGINE_SSO_CLIENT_SECRET="bsOabtD7gE2McwLe80P109UV800XLx4O" ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso" ENGINE_SSO_SERVICE_URL="https://localhost:443/ovirt-engine/sso" ENGINE_SSO_SERVICE_SSL_VERIFY_HOST=false ENGINE_SSO_SERVICE_SSL_VERIFY_CHAIN=true SSO_ALTERNATE_ENGINE_FQDNS="" SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/"
Thanks, Y.
Thanks
Ravi
On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández <jhernand@redhat.com> wrote:
On 10/14/2016 01:45 PM, Yaniv Kaul wrote:
On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández <jhernand@redhat.com <mailto:jhernand@redhat.com>> wrote:
On 10/13/2016 12:04 AM, Yaniv Kaul wrote: > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <ykaul@redhat.com
<mailto:ykaul@redhat.com>
> <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>> wrote: > > I'm trying on FC24, using > python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64
to
> add a DC, and failing - against master. The client is
unhappy:
> File > "/home/ykaul/ovirt-system-tests/basic-suite-master/test-scen
arios/002_bootstrap.py",
> line 98, in add_dc4 > version=sdk4.types.Version(ma
jor=DC_VER_MAJ,minor=DC_VER_MIN),
> File "/usr/lib64/python2.7/site-pac
kages/ovirtsdk4/services.py",
> line 4347, in add > response = self._connection.send(request) > File "/usr/lib64/python2.7/site-pac
kages/ovirtsdk4/__init__.py",
> line 276, in send > return self.__send(request) > File "/usr/lib64/python2.7/site-pac
kages/ovirtsdk4/__init__.py",
> line 298, in __send > self._sso_token = self._get_access_token() > File "/usr/lib64/python2.7/site-pac
kages/ovirtsdk4/__init__.py",
> line 460, in _get_access_token > sso_response = self._get_sso_response(self._sso_url, post_data) > File "/usr/lib64/python2.7/site-pac
kages/ovirtsdk4/__init__.py",
> line 498, in _get_sso_response > return json.loads(body_buf.getvalue().decode('utf-8')) > File "/usr/lib64/python2.7/json/__init__.py", line 339,
in loads
> return _default_decoder.decode(s) > File "/usr/lib64/python2.7/json/decoder.py", line 364, in
decode
> obj, end = self.raw_decode(s, idx=_w(s, 0).end()) > File "/usr/lib64/python2.7/json/decoder.py", line 382, in raw_decode > raise ValueError("No JSON object could be decoded") > ValueError: No JSON object could be decoded > > > Surprisingly, I now can't find that RPM of this SDK in > resources.ovirt.org <http://resources.ovirt.org> <http://resources.ovirt.org> now. > > I've tried > with http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc
24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94e eb5.fc24.x86_64.rpm
c24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94 eeb5.fc24.x86_64.rpm>
> <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc
24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94e eb5.fc24.x86_64.rpm
c24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94 eeb5.fc24.x86_64.rpm>>
> > - same result. > > Did not see anything obvious on server or engine logs. > The code: > def add_dc4(api): > nt.assert_true(api != None) > dcs_service = api.system_service().data_cent
ers_service()
> nt.assert_true( > dc = dcs_service.add( > sdk4.types.DataCenter( > name=DC_NAME4, > description='APIv4 DC', > local=False, > > version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MI
N),
> ), > ) > ) > > > And the api object is from: > return sdk4.Connection( > url=url, > username=constants.ENGINE_USER, > password=str(self.metadata['ovirt-engine-password']), > insecure=True, > debug=True, > ) > > > The clue is actually on the HTTPd logs: > 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST > /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74 > > And indeed, from the deubg log: > begin captured logging << --------------------\n > root: DEBUG: Trying 192.168.203.3...\n > root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port 443 (#0)\n > root: DEBUG: Initializing NSS with certpath: sql:/etc/pki/nssdb\n > root: DEBUG: skipping SSL peer certificate verification\n > root: DEBUG: ALPN/NPN, server did not agree to a protocol\n > root: DEBUG: SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n > root: DEBUG: Server certificate:\n > root: DEBUG: subject: CN=engine,O=Test,C=US\n > root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n > root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n > root: DEBUG: common name: engine\nroot: DEBUG: issuer: > CN=engine.38998,O=Test,C=US\n > *root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n* > *root: DEBUG: Host: 192.168.203.3\n* > *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n* > *root: DEBUG: Accept: application/json\n* > *root: DEBUG: Content-Length: 78\n* > *root: DEBUG: Content-Type: application/x-www-form-urlenco
ded\nroot:
> DEBUG: > username=admin%40internal&scope=ovirt-app-api&password=123&
grant_type=password\n*
> *root: DEBUG: upload completely sent off: 78 out of 78 bytes\n* > *root: DEBUG: HTTP/1.1 404 Not Found\n* > *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n* > *root: DEBUG: Server: Apache/2.4.6 (CentOS)
OpenSSL/1.0.1e-fips\n*
> *root: DEBUG: Content-Length: 74\n* > *root: DEBUG: Content-Type: text/html; charset=UTF-8\n* > *root: DEBUG: \n* > *root: DEBUG: <html><head><title>Error</title></head><body>404
- Not
> Found</body></html>\n* > root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n > --------------------- >> end captured logging >
That definitively looks like version 3 of the engine. Either that
or
version 4 of the engine with web server configuration modified so
that
the SSO doesn't work as expected.
What do you get if you run this against that server?
Attached. Y.
OK, that is version 4.1 of the engine, so next question is why the SSO service is not responding. Do you see any message in /var/log/ovirt-engine/server.log about "enginesso.war" not being deployed? Did you do any modification to the /etc/httpd/conf.d/z-ovirt-engine.conf file?
Ravi, Martin, any idea of why the SSO service may not be working?
curl \ --verbose \ --insecure \ --request GET \ --user "admin@internal:yourpassword" \ --header "Version: 4" \ --header "Accept: application/xml" \ "https://thatserver/ovirt-engine/api <https://thatserver/ovirt-engine/api>"
-- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
On Oct 14, 2016 7:13 PM, "Ravi Nori" <rnori@redhat.com> wrote:
>
> SSO configuration looks good.
>
> Can you please share any additional httpd configuration in
/etc/httpd/conf.d. Anything to do with LocationMatch for ovirt-engine urls.
This is a standard ovirt-system-tests on Lago installation, nothing out of
the ordinary, but I'll check.
Y.
>
> On Fri, Oct 14, 2016 at 12:52 PM, Yaniv Kaul <ykaul@redhat.com> wrote:
>>
>>
>>
>> On Fri, Oct 14, 2016 at 3:50 PM, Ravi Nori <rnori@redhat.com> wrote:
>>>
>>> Hi Yaniv,
>>>
>>> Can you check the output of https:://<engine>/ovirt-engine/sso/status
in your browser and see if the SSO service is active.
>>>
>>> If SSO is deployed, you should see an output similar to the one below.
Also are you able to login to webadmin using the browser?
>>
>>
>> I am able to login using the webui.
>>
>>>
>>>
>>> {"status_description":"SSO Webapp
Deployed","version":"0","status":"active"}
>>
>>
>> Indeed:
>> {"status_description":"SSO Webapp
Deployed","version":"0","status":"active"}
>>
>> (not sure what 'version 0' means?)
>>
>>>
>>>
>>> Please share the content of
/etc/ovirt-engine/engine.conf.d/11-setup-sso.conf
>>
>>
>> [root@lago-basic-suite-master-engine ~]# cat
/etc/ovirt-engine/engine.conf.d/11-setup-sso.conf
>> ENGINE_SSO_CLIENT_ID="ovirt-engine-core"
>> ENGINE_SSO_CLIENT_SECRET="bsOabtD7gE2McwLe80P109UV800XLx4O"
>> ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso"
>> ENGINE_SSO_SERVICE_URL="https://localhost:443/ovirt-engine/sso"
>> ENGINE_SSO_SERVICE_SSL_VERIFY_HOST=false
>> ENGINE_SSO_SERVICE_SSL_VERIFY_CHAIN=true
>> SSO_ALTERNATE_ENGINE_FQDNS=""
>> SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/"
>>
>>
>> Thanks,
>> Y.
>>
>>
>>>
>>>
>>> Thanks
>>>
>>> Ravi
>>>
>>>
>>>
>>>
>>>
>>> On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández <jhernand@redhat.com>
wrote:
>>>>
>>>> On 10/14/2016 01:45 PM, Yaniv Kaul wrote:
>>>> >
>>>> >
>>>> > On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández <jhernand@redhat.com
>>>> > <mailto:jhernand@redhat.com>> wrote:
>>>> >
>>>> > On 10/13/2016 12:04 AM, Yaniv Kaul wrote:
>>>> > > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <ykaul@redhat.com
<mailto:ykaul@redhat.com>
>>>> > > <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>> wrote:
>>>> > >
>>>> > > I'm trying on FC24, using
>>>> > >
>>>> >
python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64 to
>>>> > > add a DC, and failing - against master. The client is
unhappy:
>>>> > > File
>>>> > >
>>>> >
"/home/ykaul/ovirt-system-tests/basic-suite-master/test-scenarios/002_bootstrap.py",
>>>> > > line 98, in add_dc4
>>>> > >
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
>>>> > > File
"/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py",
>>>> > > line 4347, in add
>>>> > > response = self._connection.send(request)
>>>> > > File
"/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
>>>> > > line 276, in send
>>>> > > return self.__send(request)
>>>> > > File
"/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
>>>> > > line 298, in __send
>>>> > > self._sso_token = self._get_access_token()
>>>> > > File
"/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
>>>> > > line 460, in _get_access_token
>>>> > > sso_response = self._get_sso_response(self._sso_url,
>>>> > post_data)
>>>> > > File
"/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py",
>>>> > > line 498, in _get_sso_response
>>>> > > return json.loads(body_buf.getvalue().decode('utf-8'))
>>>> > > File "/usr/lib64/python2.7/json/__init__.py", line 339,
in loads
>>>> > > return _default_decoder.decode(s)
>>>> > > File "/usr/lib64/python2.7/json/decoder.py", line 364,
in decode
>>>> > > obj, end = self.raw_decode(s, idx=_w(s, 0).end())
>>>> > > File "/usr/lib64/python2.7/json/decoder.py", line 382, in
>>>> > raw_decode
>>>> > > raise ValueError("No JSON object could be decoded")
>>>> > > ValueError: No JSON object could be decoded
>>>> > >
>>>> > >
>>>> > > Surprisingly, I now can't find that RPM of this SDK in
>>>> > > resources.ovirt.org <http://resources.ovirt.org>
>>>> > <http://resources.ovirt.org> now.
>>>> > >
>>>> > > I've tried
>>>> > > with
>>>> >
http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm
>>>> > <
http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm
>
>>>> > >
>>>> > <
http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm
>>>> > <
http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm
>>
>>>> > >
>>>> > > - same result.
>>>> > >
>>>> > > Did not see anything obvious on server or engine logs.
>>>> > > The code:
>>>> > > def add_dc4(api):
>>>> > > nt.assert_true(api != None)
>>>> > > dcs_service =
api.system_service().data_centers_service()
>>>> > > nt.assert_true(
>>>> > > dc = dcs_service.add(
>>>> > > sdk4.types.DataCenter(
>>>> > > name=DC_NAME4,
>>>> > > description='APIv4 DC',
>>>> > > local=False,
>>>> > >
>>>> > >
version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN),
>>>> > > ),
>>>> > > )
>>>> > > )
>>>> > >
>>>> > >
>>>> > > And the api object is from:
>>>> > > return sdk4.Connection(
>>>> > > url=url,
>>>> > > username=constants.ENGINE_USER,
>>>> > >
>>>> > password=str(self.metadata['ovirt-engine-password']),
>>>> > > insecure=True,
>>>> > > debug=True,
>>>> > > )
>>>> > >
>>>> > >
>>>> > > The clue is actually on the HTTPd logs:
>>>> > > 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST
>>>> > > /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
>>>> > >
>>>> > > And indeed, from the deubg log:
>>>> > > begin captured logging << --------------------\n
>>>> > > root: DEBUG: Trying 192.168.203.3...\n
>>>> > > root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port
443
>>>> > (#0)\n
>>>> > > root: DEBUG: Initializing NSS with certpath:
sql:/etc/pki/nssdb\n
>>>> > > root: DEBUG: skipping SSL peer certificate verification\n
>>>> > > root: DEBUG: ALPN/NPN, server did not agree to a protocol\n
>>>> > > root: DEBUG: SSL connection using
>>>> > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n
>>>> > > root: DEBUG: Server certificate:\n
>>>> > > root: DEBUG: subject: CN=engine,O=Test,C=US\n
>>>> > > root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n
>>>> > > root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n
>>>> > > root: DEBUG: common name: engine\nroot: DEBUG: issuer:
>>>> > > CN=engine.38998,O=Test,C=US\n
>>>> > > *root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n*
>>>> > > *root: DEBUG: Host: 192.168.203.3\n*
>>>> > > *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n*
>>>> > > *root: DEBUG: Accept: application/json\n*
>>>> > > *root: DEBUG: Content-Length: 78\n*
>>>> > > *root: DEBUG: Content-Type:
application/x-www-form-urlencoded\nroot:
>>>> > > DEBUG:
>>>> > >
>>>> >
username=admin%40internal&scope=ovirt-app-api&password=123&grant_type=password\n*
>>>> > > *root: DEBUG: upload completely sent off: 78 out of 78 bytes\n*
>>>> > > *root: DEBUG: HTTP/1.1 404 Not Found\n*
>>>> > > *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n*
>>>> > > *root: DEBUG: Server: Apache/2.4.6 (CentOS)
OpenSSL/1.0.1e-fips\n*
>>>> > > *root: DEBUG: Content-Length: 74\n*
>>>> > > *root: DEBUG: Content-Type: text/html; charset=UTF-8\n*
>>>> > > *root: DEBUG: \n*
>>>> > > *root: DEBUG: <html><head><title>Error</title></head><body>404
- Not
>>>> > > Found</body></html>\n*
>>>> > > root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n
>>>> > > --------------------- >> end captured logging
>>>> > >
>>>> >
>>>> > That definitively looks like version 3 of the engine. Either
that or
>>>> > version 4 of the engine with web server configuration modified
so that
>>>> > the SSO doesn't work as expected.
>>>> >
>>>> > What do you get if you run this against that server?
>>>> >
>>>> >
>>>> > Attached.
>>>> > Y.
>>>> >
>>>>
>>>> OK, that is version 4.1 of the engine, so next question is why the SSO
>>>> service is not responding. Do you see any message in
>>>> /var/log/ovirt-engine/server.log about "enginesso.war" not being
>>>> deployed? Did you do any modification to the
>>>> /etc/httpd/conf.d/z-ovirt-engine.conf file?
>>>>
>>>> Ravi, Martin, any idea of why the SSO service may not be working?
>>>>
>>>> >
>>>> >
>>>> > curl \
>>>> > --verbose \
>>>> > --insecure \
>>>> > --request GET \
>>>> > --user "admin@internal:yourpassword" \
>>>> > --header "Version: 4" \
>>>> > --header "Accept: application/xml" \
>>>> > "https://thatserver/ovirt-engine/api
>>>> > <https://thatserver/ovirt-engine/api>"
>>>> >
>>>>
>>>>
>>>> --
>>>> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
>>>> 3ºD, 28016 Madrid, Spain
>>>> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat
S.L.
>>>
>>>
>>
>
Also can you please try following command to directly obtain token from
SSO. Can replace engine with FQDN and IP to see if both work
curl -v -k -H "Accept: application/json" 'https://
<engine>:443/ovirt-engine/sso/oauth/token?grant_type=password&username=admin@internal
&password=123&scope=ovirt-app-api'
You should see output similar to the one below
{"access_token":"K0sBa0D3rLtmNTdMJ-Q4FzOgCtGGY2cSFSCwbLkG94te9nDdmEzHSizsFaOeNMdwOziIv3l2-Uqm8bxWkMpwMA","scope":"ovirt-app-api
ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search
ovirt-ext=token-info:validate","exp":-381399824,"token_type":"bearer"}
Thanks
Ravi
On Fri, Oct 14, 2016 at 4:00 PM, Yaniv Kaul <ykaul@redhat.com> wrote:
> On Oct 14, 2016 7:13 PM, "Ravi Nori" <rnori@redhat.com> wrote:
> >
> > SSO configuration looks good.
> >
> > Can you please share any additional httpd configuration in
> /etc/httpd/conf.d. Anything to do with LocationMatch for ovirt-engine urls.
>
> This is a standard ovirt-system-tests on Lago installation, nothing out of
> the ordinary, but I'll check.
> Y.
>
> >
> > On Fri, Oct 14, 2016 at 12:52 PM, Yaniv Kaul <ykaul@redhat.com> wrote:
> >>
> >>
> >>
> >> On Fri, Oct 14, 2016 at 3:50 PM, Ravi Nori <rnori@redhat.com> wrote:
> >>>
> >>> Hi Yaniv,
> >>>
> >>> Can you check the output of https:://<engine>/ovirt-engine/sso/status
> in your browser and see if the SSO service is active.
> >>>
> >>> If SSO is deployed, you should see an output similar to the one below.
> Also are you able to login to webadmin using the browser?
> >>
> >>
> >> I am able to login using the webui.
> >>
> >>>
> >>>
> >>> {"status_description":"SSO Webapp Deployed","version":"0","
> status":"active"}
> >>
> >>
> >> Indeed:
> >> {"status_description":"SSO Webapp Deployed","version":"0","
> status":"active"}
> >>
> >> (not sure what 'version 0' means?)
> >>
> >>>
> >>>
> >>> Please share the content of /etc/ovirt-engine/engine.conf.
> d/11-setup-sso.conf
> >>
> >>
> >> [root@lago-basic-suite-master-engine ~]# cat
> /etc/ovirt-engine/engine.conf.d/11-setup-sso.conf
> >> ENGINE_SSO_CLIENT_ID="ovirt-engine-core"
> >> ENGINE_SSO_CLIENT_SECRET="bsOabtD7gE2McwLe80P109UV800XLx4O"
> >> ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso"
> >> ENGINE_SSO_SERVICE_URL="https://localhost:443/ovirt-engine/sso"
> >> ENGINE_SSO_SERVICE_SSL_VERIFY_HOST=false
> >> ENGINE_SSO_SERVICE_SSL_VERIFY_CHAIN=true
> >> SSO_ALTERNATE_ENGINE_FQDNS=""
> >> SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/"
> >>
> >>
> >> Thanks,
> >> Y.
> >>
> >>
> >>>
> >>>
> >>> Thanks
> >>>
> >>> Ravi
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández <jhernand@redhat.com>
> wrote:
> >>>>
> >>>> On 10/14/2016 01:45 PM, Yaniv Kaul wrote:
> >>>> >
> >>>> >
> >>>> > On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández <
> jhernand@redhat.com
> >>>> > <mailto:jhernand@redhat.com>> wrote:
> >>>> >
> >>>> > On 10/13/2016 12:04 AM, Yaniv Kaul wrote:
> >>>> > > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <ykaul@redhat.com
> <mailto:ykaul@redhat.com>
> >>>> > > <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>> wrote:
> >>>> > >
> >>>> > > I'm trying on FC24, using
> >>>> > >
> >>>> > python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64
> to
> >>>> > > add a DC, and failing - against master. The client is
> unhappy:
> >>>> > > File
> >>>> > >
> >>>> > "/home/ykaul/ovirt-system-tests/basic-suite-master/test-
> scenarios/002_bootstrap.py",
> >>>> > > line 98, in add_dc4
> >>>> > > version=sdk4.types.Version(
> major=DC_VER_MAJ,minor=DC_VER_MIN),
> >>>> > > File "/usr/lib64/python2.7/site-
> packages/ovirtsdk4/services.py",
> >>>> > > line 4347, in add
> >>>> > > response = self._connection.send(request)
> >>>> > > File "/usr/lib64/python2.7/site-
> packages/ovirtsdk4/__init__.py",
> >>>> > > line 276, in send
> >>>> > > return self.__send(request)
> >>>> > > File "/usr/lib64/python2.7/site-
> packages/ovirtsdk4/__init__.py",
> >>>> > > line 298, in __send
> >>>> > > self._sso_token = self._get_access_token()
> >>>> > > File "/usr/lib64/python2.7/site-
> packages/ovirtsdk4/__init__.py",
> >>>> > > line 460, in _get_access_token
> >>>> > > sso_response = self._get_sso_response(self._sso_url,
> >>>> > post_data)
> >>>> > > File "/usr/lib64/python2.7/site-
> packages/ovirtsdk4/__init__.py",
> >>>> > > line 498, in _get_sso_response
> >>>> > > return json.loads(body_buf.getvalue()
> .decode('utf-8'))
> >>>> > > File "/usr/lib64/python2.7/json/__init__.py", line
> 339, in loads
> >>>> > > return _default_decoder.decode(s)
> >>>> > > File "/usr/lib64/python2.7/json/decoder.py", line 364,
> in decode
> >>>> > > obj, end = self.raw_decode(s, idx=_w(s, 0).end())
> >>>> > > File "/usr/lib64/python2.7/json/decoder.py", line 382,
> in
> >>>> > raw_decode
> >>>> > > raise ValueError("No JSON object could be decoded")
> >>>> > > ValueError: No JSON object could be decoded
> >>>> > >
> >>>> > >
> >>>> > > Surprisingly, I now can't find that RPM of this SDK in
> >>>> > > resources.ovirt.org <http://resources.ovirt.org>
> >>>> > <http://resources.ovirt.org> now.
> >>>> > >
> >>>> > > I've tried
> >>>> > > with
> >>>> > http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
> fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
> 20161004gitf94eeb5.fc24.x86_64.rpm
> >>>> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
> fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
> 20161004gitf94eeb5.fc24.x86_64.rpm>
> >>>> > >
> >>>> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
> fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
> 20161004gitf94eeb5.fc24.x86_64.rpm
> >>>> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
> fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
> 20161004gitf94eeb5.fc24.x86_64.rpm>>
> >>>> > >
> >>>> > > - same result.
> >>>> > >
> >>>> > > Did not see anything obvious on server or engine logs.
> >>>> > > The code:
> >>>> > > def add_dc4(api):
> >>>> > > nt.assert_true(api != None)
> >>>> > > dcs_service = api.system_service().data_
> centers_service()
> >>>> > > nt.assert_true(
> >>>> > > dc = dcs_service.add(
> >>>> > > sdk4.types.DataCenter(
> >>>> > > name=DC_NAME4,
> >>>> > > description='APIv4 DC',
> >>>> > > local=False,
> >>>> > >
> >>>> > > version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_
> MIN),
> >>>> > > ),
> >>>> > > )
> >>>> > > )
> >>>> > >
> >>>> > >
> >>>> > > And the api object is from:
> >>>> > > return sdk4.Connection(
> >>>> > > url=url,
> >>>> > > username=constants.ENGINE_USER,
> >>>> > >
> >>>> > password=str(self.metadata['ovirt-engine-password']),
> >>>> > > insecure=True,
> >>>> > > debug=True,
> >>>> > > )
> >>>> > >
> >>>> > >
> >>>> > > The clue is actually on the HTTPd logs:
> >>>> > > 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST
> >>>> > > /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
> >>>> > >
> >>>> > > And indeed, from the deubg log:
> >>>> > > begin captured logging << --------------------\n
> >>>> > > root: DEBUG: Trying 192.168.203.3...\n
> >>>> > > root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port
> 443
> >>>> > (#0)\n
> >>>> > > root: DEBUG: Initializing NSS with certpath:
> sql:/etc/pki/nssdb\n
> >>>> > > root: DEBUG: skipping SSL peer certificate verification\n
> >>>> > > root: DEBUG: ALPN/NPN, server did not agree to a protocol\n
> >>>> > > root: DEBUG: SSL connection using
> >>>> > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n
> >>>> > > root: DEBUG: Server certificate:\n
> >>>> > > root: DEBUG: subject: CN=engine,O=Test,C=US\n
> >>>> > > root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n
> >>>> > > root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n
> >>>> > > root: DEBUG: common name: engine\nroot: DEBUG: issuer:
> >>>> > > CN=engine.38998,O=Test,C=US\n
> >>>> > > *root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n*
> >>>> > > *root: DEBUG: Host: 192.168.203.3\n*
> >>>> > > *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n*
> >>>> > > *root: DEBUG: Accept: application/json\n*
> >>>> > > *root: DEBUG: Content-Length: 78\n*
> >>>> > > *root: DEBUG: Content-Type: application/x-www-form-
> urlencoded\nroot:
> >>>> > > DEBUG:
> >>>> > >
> >>>> > username=admin%40internal&scope=ovirt-app-api&password=
> 123&grant_type=password\n*
> >>>> > > *root: DEBUG: upload completely sent off: 78 out of 78
> bytes\n*
> >>>> > > *root: DEBUG: HTTP/1.1 404 Not Found\n*
> >>>> > > *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n*
> >>>> > > *root: DEBUG: Server: Apache/2.4.6 (CentOS)
> OpenSSL/1.0.1e-fips\n*
> >>>> > > *root: DEBUG: Content-Length: 74\n*
> >>>> > > *root: DEBUG: Content-Type: text/html; charset=UTF-8\n*
> >>>> > > *root: DEBUG: \n*
> >>>> > > *root: DEBUG: <html><head><title>Error</title></head><body>404
> - Not
> >>>> > > Found</body></html>\n*
> >>>> > > root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n
> >>>> > > --------------------- >> end captured logging
> >>>> > >
> >>>> >
> >>>> > That definitively looks like version 3 of the engine. Either
> that or
> >>>> > version 4 of the engine with web server configuration modified
> so that
> >>>> > the SSO doesn't work as expected.
> >>>> >
> >>>> > What do you get if you run this against that server?
> >>>> >
> >>>> >
> >>>> > Attached.
> >>>> > Y.
> >>>> >
> >>>>
> >>>> OK, that is version 4.1 of the engine, so next question is why the SSO
> >>>> service is not responding. Do you see any message in
> >>>> /var/log/ovirt-engine/server.log about "enginesso.war" not being
> >>>> deployed? Did you do any modification to the
> >>>> /etc/httpd/conf.d/z-ovirt-engine.conf file?
> >>>>
> >>>> Ravi, Martin, any idea of why the SSO service may not be working?
> >>>>
> >>>> >
> >>>> >
> >>>> > curl \
> >>>> > --verbose \
> >>>> > --insecure \
> >>>> > --request GET \
> >>>> > --user "admin@internal:yourpassword" \
> >>>> > --header "Version: 4" \
> >>>> > --header "Accept: application/xml" \
> >>>> > "https://thatserver/ovirt-engine/api
> >>>> > <https://thatserver/ovirt-engine/api>"
> >>>> >
> >>>>
> >>>>
> >>>> --
> >>>> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
> >>>> 3ºD, 28016 Madrid, Spain
> >>>> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat
> S.L.
> >>>
> >>>
> >>
> >
>
On Sat, Oct 15, 2016 at 1:04 AM, Ravi Nori <rnori@redhat.com> wrote:
> Also can you please try following command to directly obtain token from
> SSO. Can replace engine with FQDN and IP to see if both work
>
> curl -v -k -H "Accept: application/json" 'https://<engine>:443/ovirt-
> engine/sso/oauth/token?grant_type=password&username=admin@
> internal&password=123&scope=ovirt-app-api'
>
> You should see output similar to the one below
>
> {"access_token":"K0sBa0D3rLtmNTdMJ-Q4FzOgCtGGY2cSFSCwbLkG94te9nDd
> mEzHSizsFaOeNMdwOziIv3l2-Uqm8bxWkMpwMA","scope":"ovirt-app-api
> ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search
> ovirt-ext=token-info:validate","exp":-381399824,"token_type":"bearer"}
>
Sorry it took me so long to get back to it, but here it is:
{"access_token":"eA8w0DaapkKAQ8tfHakzA-R0l-mjD_CsTlAqBaH4iVVjXxQN33poXzt9UhPJLxMU8YOvVNX6LICcxL1EeAiAlw","scope":"ovirt-app-api
ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search
ovirt-ext=token-info:validate","exp":["java.lang.Long",1479290132000],"token_type":"bearer"}
And here's the difference between the SDK and the manual curl command in
ssl_access log:
192.168.201.1 - - [09/Nov/2016:04:52:19 -0500] "POST
/ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
192.168.201.1 - - [09/Nov/2016:04:55:32 -0500] "GET
/ovirt-engine/sso/oauth/token?grant_type=password&username=admin@internal&password=123&scope=ovirt-app-api
HTTP/1.1" 200 295
> Thanks
>
> Ravi
>
> On Fri, Oct 14, 2016 at 4:00 PM, Yaniv Kaul <ykaul@redhat.com> wrote:
>
>> On Oct 14, 2016 7:13 PM, "Ravi Nori" <rnori@redhat.com> wrote:
>> >
>> > SSO configuration looks good.
>> >
>> > Can you please share any additional httpd configuration in
>> /etc/httpd/conf.d. Anything to do with LocationMatch for ovirt-engine urls.
>>
>> This is a standard ovirt-system-tests on Lago installation, nothing out
>> of the ordinary, but I'll check.
>> Y.
>>
>> >
>> > On Fri, Oct 14, 2016 at 12:52 PM, Yaniv Kaul <ykaul@redhat.com> wrote:
>> >>
>> >>
>> >>
>> >> On Fri, Oct 14, 2016 at 3:50 PM, Ravi Nori <rnori@redhat.com> wrote:
>> >>>
>> >>> Hi Yaniv,
>> >>>
>> >>> Can you check the output of https:://<engine>/ovirt-engine/sso/status
>> in your browser and see if the SSO service is active.
>> >>>
>> >>> If SSO is deployed, you should see an output similar to the one
>> below. Also are you able to login to webadmin using the browser?
>> >>
>> >>
>> >> I am able to login using the webui.
>> >>
>> >>>
>> >>>
>> >>> {"status_description":"SSO Webapp Deployed","version":"0","statu
>> s":"active"}
>> >>
>> >>
>> >> Indeed:
>> >> {"status_description":"SSO Webapp Deployed","version":"0","statu
>> s":"active"}
>> >>
>> >> (not sure what 'version 0' means?)
>> >>
>> >>>
>> >>>
>> >>> Please share the content of /etc/ovirt-engine/engine.conf.
>> d/11-setup-sso.conf
>> >>
>> >>
>> >> [root@lago-basic-suite-master-engine ~]# cat
>> /etc/ovirt-engine/engine.conf.d/11-setup-sso.conf
>> >> ENGINE_SSO_CLIENT_ID="ovirt-engine-core"
>> >> ENGINE_SSO_CLIENT_SECRET="bsOabtD7gE2McwLe80P109UV800XLx4O"
>> >> ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso"
>> >> ENGINE_SSO_SERVICE_URL="https://localhost:443/ovirt-engine/sso"
>> >> ENGINE_SSO_SERVICE_SSL_VERIFY_HOST=false
>> >> ENGINE_SSO_SERVICE_SSL_VERIFY_CHAIN=true
>> >> SSO_ALTERNATE_ENGINE_FQDNS=""
>> >> SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/"
>> >>
>> >>
>> >> Thanks,
>> >> Y.
>> >>
>> >>
>> >>>
>> >>>
>> >>> Thanks
>> >>>
>> >>> Ravi
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>> On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández <jhernand@redhat.com>
>> wrote:
>> >>>>
>> >>>> On 10/14/2016 01:45 PM, Yaniv Kaul wrote:
>> >>>> >
>> >>>> >
>> >>>> > On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández <
>> jhernand@redhat.com
>> >>>> > <mailto:jhernand@redhat.com>> wrote:
>> >>>> >
>> >>>> > On 10/13/2016 12:04 AM, Yaniv Kaul wrote:
>> >>>> > > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <
>> ykaul@redhat.com <mailto:ykaul@redhat.com>
>> >>>> > > <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>> wrote:
>> >>>> > >
>> >>>> > > I'm trying on FC24, using
>> >>>> > >
>> >>>> > python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64
>> to
>> >>>> > > add a DC, and failing - against master. The client is
>> unhappy:
>> >>>> > > File
>> >>>> > >
>> >>>> > "/home/ykaul/ovirt-system-tests/basic-suite-master/test-scen
>> arios/002_bootstrap.py",
>> >>>> > > line 98, in add_dc4
>> >>>> > > version=sdk4.types.Version(ma
>> jor=DC_VER_MAJ,minor=DC_VER_MIN),
>> >>>> > > File "/usr/lib64/python2.7/site-pac
>> kages/ovirtsdk4/services.py",
>> >>>> > > line 4347, in add
>> >>>> > > response = self._connection.send(request)
>> >>>> > > File "/usr/lib64/python2.7/site-pac
>> kages/ovirtsdk4/__init__.py",
>> >>>> > > line 276, in send
>> >>>> > > return self.__send(request)
>> >>>> > > File "/usr/lib64/python2.7/site-pac
>> kages/ovirtsdk4/__init__.py",
>> >>>> > > line 298, in __send
>> >>>> > > self._sso_token = self._get_access_token()
>> >>>> > > File "/usr/lib64/python2.7/site-pac
>> kages/ovirtsdk4/__init__.py",
>> >>>> > > line 460, in _get_access_token
>> >>>> > > sso_response = self._get_sso_response(self._sso_url,
>> >>>> > post_data)
>> >>>> > > File "/usr/lib64/python2.7/site-pac
>> kages/ovirtsdk4/__init__.py",
>> >>>> > > line 498, in _get_sso_response
>> >>>> > > return json.loads(body_buf.getvalue()
>> .decode('utf-8'))
>> >>>> > > File "/usr/lib64/python2.7/json/__init__.py", line
>> 339, in loads
>> >>>> > > return _default_decoder.decode(s)
>> >>>> > > File "/usr/lib64/python2.7/json/decoder.py", line
>> 364, in decode
>> >>>> > > obj, end = self.raw_decode(s, idx=_w(s, 0).end())
>> >>>> > > File "/usr/lib64/python2.7/json/decoder.py", line
>> 382, in
>> >>>> > raw_decode
>> >>>> > > raise ValueError("No JSON object could be decoded")
>> >>>> > > ValueError: No JSON object could be decoded
>> >>>> > >
>> >>>> > >
>> >>>> > > Surprisingly, I now can't find that RPM of this SDK in
>> >>>> > > resources.ovirt.org <http://resources.ovirt.org>
>> >>>> > <http://resources.ovirt.org> now.
>> >>>> > >
>> >>>> > > I've tried
>> >>>> > > with
>> >>>> > http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc
>> 24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94e
>> eb5.fc24.x86_64.rpm
>> >>>> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/f
>> c24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94
>> eeb5.fc24.x86_64.rpm>
>> >>>> > >
>> >>>> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc
>> 24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94e
>> eb5.fc24.x86_64.rpm
>> >>>> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/f
>> c24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94
>> eeb5.fc24.x86_64.rpm>>
>> >>>> > >
>> >>>> > > - same result.
>> >>>> > >
>> >>>> > > Did not see anything obvious on server or engine logs.
>> >>>> > > The code:
>> >>>> > > def add_dc4(api):
>> >>>> > > nt.assert_true(api != None)
>> >>>> > > dcs_service = api.system_service().data_cent
>> ers_service()
>> >>>> > > nt.assert_true(
>> >>>> > > dc = dcs_service.add(
>> >>>> > > sdk4.types.DataCenter(
>> >>>> > > name=DC_NAME4,
>> >>>> > > description='APIv4 DC',
>> >>>> > > local=False,
>> >>>> > >
>> >>>> > > version=sdk4.types.Version(ma
>> jor=DC_VER_MAJ,minor=DC_VER_MIN),
>> >>>> > > ),
>> >>>> > > )
>> >>>> > > )
>> >>>> > >
>> >>>> > >
>> >>>> > > And the api object is from:
>> >>>> > > return sdk4.Connection(
>> >>>> > > url=url,
>> >>>> > > username=constants.ENGINE_USER,
>> >>>> > >
>> >>>> > password=str(self.metadata['ovirt-engine-password']),
>> >>>> > > insecure=True,
>> >>>> > > debug=True,
>> >>>> > > )
>> >>>> > >
>> >>>> > >
>> >>>> > > The clue is actually on the HTTPd logs:
>> >>>> > > 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST
>> >>>> > > /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
>> >>>> > >
>> >>>> > > And indeed, from the deubg log:
>> >>>> > > begin captured logging << --------------------\n
>> >>>> > > root: DEBUG: Trying 192.168.203.3...\n
>> >>>> > > root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port
>> 443
>> >>>> > (#0)\n
>> >>>> > > root: DEBUG: Initializing NSS with certpath:
>> sql:/etc/pki/nssdb\n
>> >>>> > > root: DEBUG: skipping SSL peer certificate verification\n
>> >>>> > > root: DEBUG: ALPN/NPN, server did not agree to a protocol\n
>> >>>> > > root: DEBUG: SSL connection using
>> >>>> > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n
>> >>>> > > root: DEBUG: Server certificate:\n
>> >>>> > > root: DEBUG: subject: CN=engine,O=Test,C=US\n
>> >>>> > > root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n
>> >>>> > > root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n
>> >>>> > > root: DEBUG: common name: engine\nroot: DEBUG: issuer:
>> >>>> > > CN=engine.38998,O=Test,C=US\n
>> >>>> > > *root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n*
>> >>>> > > *root: DEBUG: Host: 192.168.203.3\n*
>> >>>> > > *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n*
>> >>>> > > *root: DEBUG: Accept: application/json\n*
>> >>>> > > *root: DEBUG: Content-Length: 78\n*
>> >>>> > > *root: DEBUG: Content-Type: application/x-www-form-urlenco
>> ded\nroot:
>> >>>> > > DEBUG:
>> >>>> > >
>> >>>> > username=admin%40internal&scope=ovirt-app-api&password=123&
>> grant_type=password\n*
>> >>>> > > *root: DEBUG: upload completely sent off: 78 out of 78
>> bytes\n*
>> >>>> > > *root: DEBUG: HTTP/1.1 404 Not Found\n*
>> >>>> > > *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n*
>> >>>> > > *root: DEBUG: Server: Apache/2.4.6 (CentOS)
>> OpenSSL/1.0.1e-fips\n*
>> >>>> > > *root: DEBUG: Content-Length: 74\n*
>> >>>> > > *root: DEBUG: Content-Type: text/html; charset=UTF-8\n*
>> >>>> > > *root: DEBUG: \n*
>> >>>> > > *root: DEBUG: <html><head><title>Error</title></head><body>404
>> - Not
>> >>>> > > Found</body></html>\n*
>> >>>> > > root: DEBUG: Connection #0 to host 192.168.203.3 left
>> intact\n
>> >>>> > > --------------------- >> end captured logging
>> >>>> > >
>> >>>> >
>> >>>> > That definitively looks like version 3 of the engine. Either
>> that or
>> >>>> > version 4 of the engine with web server configuration modified
>> so that
>> >>>> > the SSO doesn't work as expected.
>> >>>> >
>> >>>> > What do you get if you run this against that server?
>> >>>> >
>> >>>> >
>> >>>> > Attached.
>> >>>> > Y.
>> >>>> >
>> >>>>
>> >>>> OK, that is version 4.1 of the engine, so next question is why the
>> SSO
>> >>>> service is not responding. Do you see any message in
>> >>>> /var/log/ovirt-engine/server.log about "enginesso.war" not being
>> >>>> deployed? Did you do any modification to the
>> >>>> /etc/httpd/conf.d/z-ovirt-engine.conf file?
>> >>>>
>> >>>> Ravi, Martin, any idea of why the SSO service may not be working?
>> >>>>
>> >>>> >
>> >>>> >
>> >>>> > curl \
>> >>>> > --verbose \
>> >>>> > --insecure \
>> >>>> > --request GET \
>> >>>> > --user "admin@internal:yourpassword" \
>> >>>> > --header "Version: 4" \
>> >>>> > --header "Accept: application/xml" \
>> >>>> > "https://thatserver/ovirt-engine/api
>> >>>> > <https://thatserver/ovirt-engine/api>"
>> >>>> >
>> >>>>
>> >>>>
>> >>>> --
>> >>>> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
>> >>>> 3ºD, 28016 Madrid, Spain
>> >>>> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat
>> S.L.
>> >>>
>> >>>
>> >>
>> >
>>
>
>
On 11/09/2016 11:12 AM, Yaniv Kaul wrote:
On Sat, Oct 15, 2016 at 1:04 AM, Ravi Nori <rnori@redhat.com <mailto:rnori@redhat.com>> wrote:
Also can you please try following command to directly obtain token from SSO. Can replace engine with FQDN and IP to see if both work
curl -v -k -H "Accept: application/json" 'https://<engine>:443/ovirt-engine/sso/oauth/token?grant_type=password&username=admin@internal&password=123&scope=ovirt-app-api'
You should see output similar to the one below
{"access_token":"K0sBa0D3rLtmNTdMJ-Q4FzOgCtGGY2cSFSCwbLkG94te9nDdmEzHSizsFaOeNMdwOziIv3l2-Uqm8bxWkMpwMA","scope":"ovirt-app-api ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate","exp":-381399824,"token_type":"bearer"}
Sorry it took me so long to get back to it, but here it is: {"access_token":"eA8w0DaapkKAQ8tfHakzA-R0l-mjD_CsTlAqBaH4iVVjXxQN33poXzt9UhPJLxMU8YOvVNX6LICcxL1EeAiAlw","scope":"ovirt-app-api ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate","exp":["java.lang.Long",1479290132000],"token_type":"bearer"}
That "java.lang.Long" there is an error, but not related to this problem, as the SDK doesn't use the "exp" attribute. I guess it is a side effect of the recent change to use "long" instead of "int", looks like the JSON library used in the engine doesn't like longs.
And here's the difference between the SDK and the manual curl command in ssl_access log: 192.168.201.1 - - [09/Nov/2016:04:52:19 -0500] "POST /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74 192.168.201.1 - - [09/Nov/2016:04:55:32 -0500] "GET /ovirt-engine/sso/oauth/token?grant_type=password&username=admin@internal&password=123&scope=ovirt-app-api HTTP/1.1" 200 295
That difference is by design. The SDK uses POST to avoid sending the credentials (specially the password) as a query parameter, as that is most probably logged and archived. We discovered recently an issue with the Python SDK, due to a bug in the "pycurl" library: Debug mode raises UnicodeDecodeError: 'utf8' codec can't decode byte 0x8d in position 7: invalid start byte https://bugzilla.redhat.com/1392878 It isn't exactly the same problem, but as the cause of that bug is a pointer that is used after releasing, it can cause all kinds of strange effects. Please try the latest build of the SDK.
Thanks
Ravi
On Fri, Oct 14, 2016 at 4:00 PM, Yaniv Kaul <ykaul@redhat.com <mailto:ykaul@redhat.com>> wrote:
On Oct 14, 2016 7:13 PM, "Ravi Nori" <rnori@redhat.com <mailto:rnori@redhat.com>> wrote: > > SSO configuration looks good. > > Can you please share any additional httpd configuration in /etc/httpd/conf.d. Anything to do with LocationMatch for ovirt-engine urls.
This is a standard ovirt-system-tests on Lago installation, nothing out of the ordinary, but I'll check. Y.
> > On Fri, Oct 14, 2016 at 12:52 PM, Yaniv Kaul <ykaul@redhat.com <mailto:ykaul@redhat.com>> wrote: >> >> >> >> On Fri, Oct 14, 2016 at 3:50 PM, Ravi Nori <rnori@redhat.com <mailto:rnori@redhat.com>> wrote: >>> >>> Hi Yaniv, >>> >>> Can you check the output of https:://<engine>/ovirt-engine/sso/status in your browser and see if the SSO service is active. >>> >>> If SSO is deployed, you should see an output similar to the one below. Also are you able to login to webadmin using the browser? >> >> >> I am able to login using the webui. >> >>> >>> >>> {"status_description":"SSO Webapp Deployed","version":"0","status":"active"} >> >> >> Indeed: >> {"status_description":"SSO Webapp Deployed","version":"0","status":"active"} >> >> (not sure what 'version 0' means?) >> >>> >>> >>> Please share the content of /etc/ovirt-engine/engine.conf.d/11-setup-sso.conf >> >> >> [root@lago-basic-suite-master-engine ~]# cat /etc/ovirt-engine/engine.conf.d/11-setup-sso.conf >> ENGINE_SSO_CLIENT_ID="ovirt-engine-core" >> ENGINE_SSO_CLIENT_SECRET="bsOabtD7gE2McwLe80P109UV800XLx4O" >> ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso" >> ENGINE_SSO_SERVICE_URL="https://localhost:443/ovirt-engine/sso <https://localhost:443/ovirt-engine/sso>" >> ENGINE_SSO_SERVICE_SSL_VERIFY_HOST=false >> ENGINE_SSO_SERVICE_SSL_VERIFY_CHAIN=true >> SSO_ALTERNATE_ENGINE_FQDNS="" >> SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/" >> >> >> Thanks, >> Y. >> >> >>> >>> >>> Thanks >>> >>> Ravi >>> >>> >>> >>> >>> >>> On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández <jhernand@redhat.com <mailto:jhernand@redhat.com>> wrote: >>>> >>>> On 10/14/2016 01:45 PM, Yaniv Kaul wrote: >>>> > >>>> > >>>> > On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández <jhernand@redhat.com <mailto:jhernand@redhat.com> >>>> > <mailto:jhernand@redhat.com <mailto:jhernand@redhat.com>>> wrote: >>>> > >>>> > On 10/13/2016 12:04 AM, Yaniv Kaul wrote: >>>> > > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <ykaul@redhat.com <mailto:ykaul@redhat.com> <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>> >>>> > > <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com> <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>>> wrote: >>>> > > >>>> > > I'm trying on FC24, using >>>> > > >>>> > python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64 to >>>> > > add a DC, and failing - against master. The client is unhappy: >>>> > > File >>>> > > >>>> > "/home/ykaul/ovirt-system-tests/basic-suite-master/test-scenarios/002_bootstrap.py", >>>> > > line 98, in add_dc4 >>>> > > version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN), >>>> > > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py", >>>> > > line 4347, in add >>>> > > response = self._connection.send(request) >>>> > > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", >>>> > > line 276, in send >>>> > > return self.__send(request) >>>> > > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", >>>> > > line 298, in __send >>>> > > self._sso_token = self._get_access_token() >>>> > > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", >>>> > > line 460, in _get_access_token >>>> > > sso_response = self._get_sso_response(self._sso_url, >>>> > post_data) >>>> > > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", >>>> > > line 498, in _get_sso_response >>>> > > return json.loads(body_buf.getvalue().decode('utf-8')) >>>> > > File "/usr/lib64/python2.7/json/__init__.py", line 339, in loads >>>> > > return _default_decoder.decode(s) >>>> > > File "/usr/lib64/python2.7/json/decoder.py", line 364, in decode >>>> > > obj, end = self.raw_decode(s, idx=_w(s, 0).end()) >>>> > > File "/usr/lib64/python2.7/json/decoder.py", line 382, in >>>> > raw_decode >>>> > > raise ValueError("No JSON object could be decoded") >>>> > > ValueError: No JSON object could be decoded >>>> > > >>>> > > >>>> > > Surprisingly, I now can't find that RPM of this SDK in >>>> > > resources.ovirt.org <http://resources.ovirt.org> <http://resources.ovirt.org> >>>> > <http://resources.ovirt.org> now. >>>> > > >>>> > > I've tried >>>> > > with >>>> > http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-... <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm> >>>> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-... <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm>> >>>> > > >>>> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-... <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm> >>>> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-... <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm>>> >>>> > > >>>> > > - same result. >>>> > > >>>> > > Did not see anything obvious on server or engine logs. >>>> > > The code: >>>> > > def add_dc4(api): >>>> > > nt.assert_true(api != None) >>>> > > dcs_service = api.system_service().data_centers_service() >>>> > > nt.assert_true( >>>> > > dc = dcs_service.add( >>>> > > sdk4.types.DataCenter( >>>> > > name=DC_NAME4, >>>> > > description='APIv4 DC', >>>> > > local=False, >>>> > > >>>> > > version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN), >>>> > > ), >>>> > > ) >>>> > > ) >>>> > > >>>> > > >>>> > > And the api object is from: >>>> > > return sdk4.Connection( >>>> > > url=url, >>>> > > username=constants.ENGINE_USER, >>>> > > >>>> > password=str(self.metadata['ovirt-engine-password']), >>>> > > insecure=True, >>>> > > debug=True, >>>> > > ) >>>> > > >>>> > > >>>> > > The clue is actually on the HTTPd logs: >>>> > > 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST >>>> > > /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74 >>>> > > >>>> > > And indeed, from the deubg log: >>>> > > begin captured logging << --------------------\n >>>> > > root: DEBUG: Trying 192.168.203.3...\n >>>> > > root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port 443 >>>> > (#0)\n >>>> > > root: DEBUG: Initializing NSS with certpath: sql:/etc/pki/nssdb\n >>>> > > root: DEBUG: skipping SSL peer certificate verification\n >>>> > > root: DEBUG: ALPN/NPN, server did not agree to a protocol\n >>>> > > root: DEBUG: SSL connection using >>>> > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n >>>> > > root: DEBUG: Server certificate:\n >>>> > > root: DEBUG: subject: CN=engine,O=Test,C=US\n >>>> > > root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n >>>> > > root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n >>>> > > root: DEBUG: common name: engine\nroot: DEBUG: issuer: >>>> > > CN=engine.38998,O=Test,C=US\n >>>> > > *root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n* >>>> > > *root: DEBUG: Host: 192.168.203.3\n* >>>> > > *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n* >>>> > > *root: DEBUG: Accept: application/json\n* >>>> > > *root: DEBUG: Content-Length: 78\n* >>>> > > *root: DEBUG: Content-Type: application/x-www-form-urlencoded\nroot: >>>> > > DEBUG: >>>> > > >>>> > username=admin%40internal&scope=ovirt-app-api&password=123&grant_type=password\n* >>>> > > *root: DEBUG: upload completely sent off: 78 out of 78 bytes\n* >>>> > > *root: DEBUG: HTTP/1.1 404 Not Found\n* >>>> > > *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n* >>>> > > *root: DEBUG: Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips\n* >>>> > > *root: DEBUG: Content-Length: 74\n* >>>> > > *root: DEBUG: Content-Type: text/html; charset=UTF-8\n* >>>> > > *root: DEBUG: \n* >>>> > > *root: DEBUG: <html><head><title>Error</title></head><body>404 - Not >>>> > > Found</body></html>\n* >>>> > > root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n >>>> > > --------------------- >> end captured logging >>>> > > >>>> > >>>> > That definitively looks like version 3 of the engine. Either that or >>>> > version 4 of the engine with web server configuration modified so that >>>> > the SSO doesn't work as expected. >>>> > >>>> > What do you get if you run this against that server? >>>> > >>>> > >>>> > Attached. >>>> > Y. >>>> > >>>> >>>> OK, that is version 4.1 of the engine, so next question is why the SSO >>>> service is not responding. Do you see any message in >>>> /var/log/ovirt-engine/server.log about "enginesso.war" not being >>>> deployed? Did you do any modification to the >>>> /etc/httpd/conf.d/z-ovirt-engine.conf file? >>>> >>>> Ravi, Martin, any idea of why the SSO service may not be working? >>>> >>>> > >>>> > >>>> > curl \ >>>> > --verbose \ >>>> > --insecure \ >>>> > --request GET \ >>>> > --user "admin@internal:yourpassword" \ >>>> > --header "Version: 4" \ >>>> > --header "Accept: application/xml" \ >>>> > "https://thatserver/ovirt-engine/api <https://thatserver/ovirt-engine/api> >>>> > <https://thatserver/ovirt-engine/api <https://thatserver/ovirt-engine/api>>" >>>> > >>>> >>>> >>>> -- >>>> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta >>>> 3ºD, 28016 Madrid, Spain >>>> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L. >>> >>> >> >
-- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
On Wed, Nov 9, 2016 at 8:05 PM, Juan Hernández <jhernand@redhat.com> wrote:
On 11/09/2016 11:12 AM, Yaniv Kaul wrote:
On Sat, Oct 15, 2016 at 1:04 AM, Ravi Nori <rnori@redhat.com <mailto:rnori@redhat.com>> wrote:
Also can you please try following command to directly obtain token from SSO. Can replace engine with FQDN and IP to see if both work
curl -v -k -H "Accept: application/json" 'https://<engine>:443/ovirt-engine/sso/oauth/token?grant_
type=password&username=admin@internal&password=123&scope=ovirt-app-api'
You should see output similar to the one below
{"access_token":"K0sBa0D3rLtmNTdMJ-Q4FzOgCtGGY2cSFSCwbLkG94te9nDd
mEzHSizsFaOeNMdwOziIv3l2-Uqm8bxWkMpwMA","scope":"ovirt-app-api
ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate","exp":-381399824,"token_type"
:"bearer"}
Sorry it took me so long to get back to it, but here it is: {"access_token":"eA8w0DaapkKAQ8tfHakzA-R0l-mjD_
CsTlAqBaH4iVVjXxQN33poXzt9UhPJLxMU8YOvVNX6LICcxL1EeAiAlw"," scope":"ovirt-app-api
ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate","exp":["java.lang.Long", 1479290132000],"token_type":"bearer"}
That "java.lang.Long" there is an error, but not related to this problem, as the SDK doesn't use the "exp" attribute. I guess it is a side effect of the recent change to use "long" instead of "int", looks like the JSON library used in the engine doesn't like longs.
And here's the difference between the SDK and the manual curl command in ssl_access log: 192.168.201.1 - - [09/Nov/2016:04:52:19 -0500] "POST /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74 192.168.201.1 - - [09/Nov/2016:04:55:32 -0500] "GET /ovirt-engine/sso/oauth/token?grant_type=password&username= admin@internal&password=123&scope=ovirt-app-api HTTP/1.1" 200 295
That difference is by design. The SDK uses POST to avoid sending the credentials (specially the password) as a query parameter, as that is most probably logged and archived.
We discovered recently an issue with the Python SDK, due to a bug in the "pycurl" library:
Debug mode raises UnicodeDecodeError: 'utf8' codec can't decode byte 0x8d in position 7: invalid start byte https://bugzilla.redhat.com/1392878
It isn't exactly the same problem, but as the cause of that bug is a pointer that is used after releasing, it can cause all kinds of strange effects.
Please try the latest build of the SDK.
I thought I was: python-ovirt-engine-sdk4-4.1.0-0.1.a0.20161108gitaad5627.fc24.x86_64
Thanks
Ravi
On Fri, Oct 14, 2016 at 4:00 PM, Yaniv Kaul <ykaul@redhat.com <mailto:ykaul@redhat.com>> wrote:
On Oct 14, 2016 7:13 PM, "Ravi Nori" <rnori@redhat.com <mailto:rnori@redhat.com>> wrote: > > SSO configuration looks good. > > Can you please share any additional httpd configuration in
/etc/httpd/conf.d. Anything to do with LocationMatch for ovirt-engine urls.
This is a standard ovirt-system-tests on Lago installation, nothing out of the ordinary, but I'll check. Y.
> > On Fri, Oct 14, 2016 at 12:52 PM, Yaniv Kaul <ykaul@redhat.com <mailto:ykaul@redhat.com>> wrote: >> >> >> >> On Fri, Oct 14, 2016 at 3:50 PM, Ravi Nori <rnori@redhat.com <mailto:rnori@redhat.com>> wrote: >>> >>> Hi Yaniv, >>> >>> Can you check the output of https:://<engine>/ovirt-engine/sso/status in your browser and see if the SSO service is active. >>> >>> If SSO is deployed, you should see an output similar to the one below. Also are you able to login to webadmin using the browser? >> >> >> I am able to login using the webui. >> >>> >>> >>> {"status_description":"SSO Webapp Deployed","version":"0","status":"active"} >> >> >> Indeed: >> {"status_description":"SSO Webapp Deployed","version":"0","status":"active"} >> >> (not sure what 'version 0' means?) >> >>> >>> >>> Please share the content of /etc/ovirt-engine/engine.conf.d/11-setup-sso.conf >> >> >> [root@lago-basic-suite-master-engine ~]# cat /etc/ovirt-engine/engine.conf.d/11-setup-sso.conf >> ENGINE_SSO_CLIENT_ID="ovirt-engine-core" >> ENGINE_SSO_CLIENT_SECRET="bsOabtD7gE2McwLe80P109UV800XLx4O" >> ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-
engine/sso"
>> ENGINE_SSO_SERVICE_URL="https://localhost:443/ovirt-engine/sso <https://localhost:443/ovirt-engine/sso>" >> ENGINE_SSO_SERVICE_SSL_VERIFY_HOST=false >> ENGINE_SSO_SERVICE_SSL_VERIFY_CHAIN=true >> SSO_ALTERNATE_ENGINE_FQDNS="" >> SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/" >> >> >> Thanks, >> Y. >> >> >>> >>> >>> Thanks >>> >>> Ravi >>> >>> >>> >>> >>> >>> On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández <jhernand@redhat.com <mailto:jhernand@redhat.com>> wrote: >>>> >>>> On 10/14/2016 01:45 PM, Yaniv Kaul wrote: >>>> > >>>> > >>>> > On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández <jhernand@redhat.com <mailto:jhernand@redhat.com> >>>> > <mailto:jhernand@redhat.com <mailto:jhernand@redhat.com>>> wrote: >>>> > >>>> > On 10/13/2016 12:04 AM, Yaniv Kaul wrote: >>>> > > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <ykaul@redhat.com <mailto:ykaul@redhat.com> <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>> >>>> > > <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com> <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>>> wrote: >>>> > > >>>> > > I'm trying on FC24, using >>>> > > >>>> > python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64
to
>>>> > > add a DC, and failing - against master. The client is unhappy: >>>> > > File >>>> > > >>>> > "/home/ykaul/ovirt-system-tests/basic-suite-master/test-
scenarios/002_bootstrap.py",
>>>> > > line 98, in add_dc4 >>>> > > version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN), >>>> > > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py", >>>> > > line 4347, in add >>>> > > response = self._connection.send(request) >>>> > > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", >>>> > > line 276, in send >>>> > > return self.__send(request) >>>> > > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", >>>> > > line 298, in __send >>>> > > self._sso_token = self._get_access_token() >>>> > > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", >>>> > > line 460, in _get_access_token >>>> > > sso_response = self._get_sso_response(self._sso_url, >>>> > post_data) >>>> > > File "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", >>>> > > line 498, in _get_sso_response >>>> > > return json.loads(body_buf.getvalue().decode('utf-8')) >>>> > > File "/usr/lib64/python2.7/json/__init__.py", line 339, in loads >>>> > > return _default_decoder.decode(s) >>>> > > File "/usr/lib64/python2.7/json/decoder.py", line 364, in decode >>>> > > obj, end = self.raw_decode(s, idx=_w(s, 0).end()) >>>> > > File "/usr/lib64/python2.7/json/decoder.py", line 382, in >>>> > raw_decode >>>> > > raise ValueError("No JSON object could be decoded") >>>> > > ValueError: No JSON object could be decoded >>>> > > >>>> > > >>>> > > Surprisingly, I now can't find that RPM of this SDK in >>>> > > resources.ovirt.org <http://resources.ovirt.org> <http://resources.ovirt.org> >>>> > <http://resources.ovirt.org> now. >>>> > > >>>> > > I've tried >>>> > > with >>>> > http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1. 20161004gitf94eeb5.fc24.x86_64.rpm
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1. 20161004gitf94eeb5.fc24.x86_64.rpm>
>>>> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1. 20161004gitf94eeb5.fc24.x86_64.rpm
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1. 20161004gitf94eeb5.fc24.x86_64.rpm>>
>>>> > > >>>> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1. 20161004gitf94eeb5.fc24.x86_64.rpm
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1. 20161004gitf94eeb5.fc24.x86_64.rpm>
>>>> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1. 20161004gitf94eeb5.fc24.x86_64.rpm
fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1. 20161004gitf94eeb5.fc24.x86_64.rpm>>>
>>>> > > >>>> > > - same result. >>>> > > >>>> > > Did not see anything obvious on server or engine logs. >>>> > > The code: >>>> > > def add_dc4(api): >>>> > > nt.assert_true(api != None) >>>> > > dcs_service = api.system_service().data_centers_service() >>>> > > nt.assert_true( >>>> > > dc = dcs_service.add( >>>> > > sdk4.types.DataCenter( >>>> > > name=DC_NAME4, >>>> > > description='APIv4 DC', >>>> > > local=False, >>>> > > >>>> > > version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN), >>>> > > ), >>>> > > ) >>>> > > ) >>>> > > >>>> > > >>>> > > And the api object is from: >>>> > > return sdk4.Connection( >>>> > > url=url, >>>> > > username=constants.ENGINE_USER, >>>> > > >>>> > password=str(self.metadata['
ovirt-engine-password']),
>>>> > > insecure=True, >>>> > > debug=True, >>>> > > ) >>>> > > >>>> > > >>>> > > The clue is actually on the HTTPd logs: >>>> > > 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST >>>> > > /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74 >>>> > > >>>> > > And indeed, from the deubg log: >>>> > > begin captured logging << --------------------\n >>>> > > root: DEBUG: Trying 192.168.203.3...\n >>>> > > root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port 443 >>>> > (#0)\n >>>> > > root: DEBUG: Initializing NSS with certpath: sql:/etc/pki/nssdb\n >>>> > > root: DEBUG: skipping SSL peer certificate verification\n >>>> > > root: DEBUG: ALPN/NPN, server did not agree to a protocol\n >>>> > > root: DEBUG: SSL connection using >>>> > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n >>>> > > root: DEBUG: Server certificate:\n >>>> > > root: DEBUG: subject: CN=engine,O=Test,C=US\n >>>> > > root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n >>>> > > root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n >>>> > > root: DEBUG: common name: engine\nroot: DEBUG:
issuer:
>>>> > > CN=engine.38998,O=Test,C=US\n >>>> > > *root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n* >>>> > > *root: DEBUG: Host: 192.168.203.3\n* >>>> > > *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n* >>>> > > *root: DEBUG: Accept: application/json\n* >>>> > > *root: DEBUG: Content-Length: 78\n* >>>> > > *root: DEBUG: Content-Type: application/x-www-form-urlencoded\nroot: >>>> > > DEBUG: >>>> > > >>>> > username=admin%40internal&scope=ovirt-app-api&password=
123&grant_type=password\n*
>>>> > > *root: DEBUG: upload completely sent off: 78 out of 78 bytes\n* >>>> > > *root: DEBUG: HTTP/1.1 404 Not Found\n* >>>> > > *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n* >>>> > > *root: DEBUG: Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips\n* >>>> > > *root: DEBUG: Content-Length: 74\n* >>>> > > *root: DEBUG: Content-Type: text/html;
charset=UTF-8\n*
>>>> > > *root: DEBUG: \n* >>>> > > *root: DEBUG: <html><head><title>Error</title></head><body>404 - Not >>>> > > Found</body></html>\n* >>>> > > root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n >>>> > > --------------------- >> end captured logging >>>> > > >>>> > >>>> > That definitively looks like version 3 of the engine. Either that or >>>> > version 4 of the engine with web server configuration modified so that >>>> > the SSO doesn't work as expected. >>>> > >>>> > What do you get if you run this against that server? >>>> > >>>> > >>>> > Attached. >>>> > Y. >>>> > >>>> >>>> OK, that is version 4.1 of the engine, so next question is why the SSO >>>> service is not responding. Do you see any message in >>>> /var/log/ovirt-engine/server.log about "enginesso.war" not being >>>> deployed? Did you do any modification to the >>>> /etc/httpd/conf.d/z-ovirt-engine.conf file? >>>> >>>> Ravi, Martin, any idea of why the SSO service may not be working? >>>> >>>> > >>>> > >>>> > curl \ >>>> > --verbose \ >>>> > --insecure \ >>>> > --request GET \ >>>> > --user "admin@internal:yourpassword" \ >>>> > --header "Version: 4" \ >>>> > --header "Accept: application/xml" \ >>>> > "https://thatserver/ovirt-engine/api <https://thatserver/ovirt-engine/api> >>>> > <https://thatserver/ovirt-engine/api <https://thatserver/ovirt-engine/api>>" >>>> > >>>> >>>> >>>> -- >>>> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta >>>> 3ºD, 28016 Madrid, Spain >>>> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L. >>> >>> >> >
-- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
On 11/10/2016 09:33 AM, Yaniv Kaul wrote:
On Wed, Nov 9, 2016 at 8:05 PM, Juan Hernández <jhernand@redhat.com <mailto:jhernand@redhat.com>> wrote:
On 11/09/2016 11:12 AM, Yaniv Kaul wrote: > > > On Sat, Oct 15, 2016 at 1:04 AM, Ravi Nori <rnori@redhat.com <mailto:rnori@redhat.com> > <mailto:rnori@redhat.com <mailto:rnori@redhat.com>>> wrote: > > Also can you please try following command to directly obtain token > from SSO. Can replace engine with FQDN and IP to see if both work > > curl -v -k -H "Accept: application/json" > 'https://<engine>:443/ovirt-engine/sso/oauth/token?grant_type=password&username=admin@internal&password=123&scope=ovirt-app-api' > > You should see output similar to the one below > > {"access_token":"K0sBa0D3rLtmNTdMJ-Q4FzOgCtGGY2cSFSCwbLkG94te9nDdmEzHSizsFaOeNMdwOziIv3l2-Uqm8bxWkMpwMA","scope":"ovirt-app-api > ovirt-ext=token-info:authz-search > ovirt-ext=token-info:public-authz-search > ovirt-ext=token-info:validate","exp":-381399824,"token_type":"bearer"} > > > Sorry it took me so long to get back to it, but here it is: > {"access_token":"eA8w0DaapkKAQ8tfHakzA-R0l-mjD_CsTlAqBaH4iVVjXxQN33poXzt9UhPJLxMU8YOvVNX6LICcxL1EeAiAlw","scope":"ovirt-app-api > ovirt-ext=token-info:authz-search > ovirt-ext=token-info:public-authz-search > ovirt-ext=token-info:validate","exp":["java.lang.Long",1479290132000],"token_type":"bearer"} >
That "java.lang.Long" there is an error, but not related to this problem, as the SDK doesn't use the "exp" attribute. I guess it is a side effect of the recent change to use "long" instead of "int", looks like the JSON library used in the engine doesn't like longs.
> And here's the difference between the SDK and the manual curl command in > ssl_access log: > 192.168.201.1 - - [09/Nov/2016:04:52:19 -0500] "POST > /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74 > 192.168.201.1 - - [09/Nov/2016:04:55:32 -0500] "GET > /ovirt-engine/sso/oauth/token?grant_type=password&username=admin@internal&password=123&scope=ovirt-app-api > HTTP/1.1" 200 295 >
That difference is by design. The SDK uses POST to avoid sending the credentials (specially the password) as a query parameter, as that is most probably logged and archived.
We discovered recently an issue with the Python SDK, due to a bug in the "pycurl" library:
Debug mode raises UnicodeDecodeError: 'utf8' codec can't decode byte 0x8d in position 7: invalid start byte https://bugzilla.redhat.com/1392878 <https://bugzilla.redhat.com/1392878>
It isn't exactly the same problem, but as the cause of that bug is a pointer that is used after releasing, it can cause all kinds of strange effects.
Please try the latest build of the SDK.
I thought I was: python-ovirt-engine-sdk4-4.1.0-0.1.a0.20161108gitaad5627.fc24.x86_64
Yes, that build contains the fix, so we can discard it as the source of your problem.
> > > Thanks > > Ravi > > On Fri, Oct 14, 2016 at 4:00 PM, Yaniv Kaul <ykaul@redhat.com <mailto:ykaul@redhat.com> > <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>> wrote: > > On Oct 14, 2016 7:13 PM, "Ravi Nori" <rnori@redhat.com <mailto:rnori@redhat.com> > <mailto:rnori@redhat.com <mailto:rnori@redhat.com>>> wrote: > > > > SSO configuration looks good. > > > > Can you please share any additional httpd configuration in /etc/httpd/conf.d. Anything to do with LocationMatch for ovirt-engine urls. > > This is a standard ovirt-system-tests on Lago installation, > nothing out of the ordinary, but I'll check. > Y. > > > > > On Fri, Oct 14, 2016 at 12:52 PM, Yaniv Kaul <ykaul@redhat.com <mailto:ykaul@redhat.com> > <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>> wrote: > >> > >> > >> > >> On Fri, Oct 14, 2016 at 3:50 PM, Ravi Nori <rnori@redhat.com <mailto:rnori@redhat.com> > <mailto:rnori@redhat.com <mailto:rnori@redhat.com>>> wrote: > >>> > >>> Hi Yaniv, > >>> > >>> Can you check the output of > https:://<engine>/ovirt-engine/sso/status in your browser and > see if the SSO service is active. > >>> > >>> If SSO is deployed, you should see an output similar to the > one below. Also are you able to login to webadmin using the > browser? > >> > >> > >> I am able to login using the webui. > >> > >>> > >>> > >>> {"status_description":"SSO Webapp > Deployed","version":"0","status":"active"} > >> > >> > >> Indeed: > >> {"status_description":"SSO Webapp > Deployed","version":"0","status":"active"} > >> > >> (not sure what 'version 0' means?) > >> > >>> > >>> > >>> Please share the content of > /etc/ovirt-engine/engine.conf.d/11-setup-sso.conf > >> > >> > >> [root@lago-basic-suite-master-engine ~]# cat > /etc/ovirt-engine/engine.conf.d/11-setup-sso.conf > >> ENGINE_SSO_CLIENT_ID="ovirt-engine-core" > >> ENGINE_SSO_CLIENT_SECRET="bsOabtD7gE2McwLe80P109UV800XLx4O" > >> ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso" > >> > ENGINE_SSO_SERVICE_URL="https://localhost:443/ovirt-engine/sso <https://localhost:443/ovirt-engine/sso> > <https://localhost:443/ovirt-engine/sso <https://localhost:443/ovirt-engine/sso>>" > >> ENGINE_SSO_SERVICE_SSL_VERIFY_HOST=false > >> ENGINE_SSO_SERVICE_SSL_VERIFY_CHAIN=true > >> SSO_ALTERNATE_ENGINE_FQDNS="" > >> SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/" > >> > >> > >> Thanks, > >> Y. > >> > >> > >>> > >>> > >>> Thanks > >>> > >>> Ravi > >>> > >>> > >>> > >>> > >>> > >>> On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández > <jhernand@redhat.com <mailto:jhernand@redhat.com> <mailto:jhernand@redhat.com <mailto:jhernand@redhat.com>>> wrote: > >>>> > >>>> On 10/14/2016 01:45 PM, Yaniv Kaul wrote: > >>>> > > >>>> > > >>>> > On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández > <jhernand@redhat.com <mailto:jhernand@redhat.com> <mailto:jhernand@redhat.com <mailto:jhernand@redhat.com>> > >>>> > <mailto:jhernand@redhat.com <mailto:jhernand@redhat.com> > <mailto:jhernand@redhat.com <mailto:jhernand@redhat.com>>>> wrote: > >>>> > > >>>> > On 10/13/2016 12:04 AM, Yaniv Kaul wrote: > >>>> > > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul > <ykaul@redhat.com <mailto:ykaul@redhat.com> <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>> > <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com> <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>> > >>>> > > <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com> <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>> > <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com> <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>>>> wrote: > >>>> > > > >>>> > > I'm trying on FC24, using > >>>> > > > >>>> > > python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64 to > >>>> > > add a DC, and failing - against master. The > client is unhappy: > >>>> > > File > >>>> > > > >>>> > > "/home/ykaul/ovirt-system-tests/basic-suite-master/test-scenarios/002_bootstrap.py", > >>>> > > line 98, in add_dc4 > >>>> > > > version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN), > >>>> > > File > "/usr/lib64/python2.7/site-packages/ovirtsdk4/services.py", > >>>> > > line 4347, in add > >>>> > > response = self._connection.send(request) > >>>> > > File > "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", > >>>> > > line 276, in send > >>>> > > return self.__send(request) > >>>> > > File > "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", > >>>> > > line 298, in __send > >>>> > > self._sso_token = self._get_access_token() > >>>> > > File > "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", > >>>> > > line 460, in _get_access_token > >>>> > > sso_response = > self._get_sso_response(self._sso_url, > >>>> > post_data) > >>>> > > File > "/usr/lib64/python2.7/site-packages/ovirtsdk4/__init__.py", > >>>> > > line 498, in _get_sso_response > >>>> > > return > json.loads(body_buf.getvalue().decode('utf-8')) > >>>> > > File "/usr/lib64/python2.7/json/__init__.py", > line 339, in loads > >>>> > > return _default_decoder.decode(s) > >>>> > > File "/usr/lib64/python2.7/json/decoder.py", > line 364, in decode > >>>> > > obj, end = self.raw_decode(s, idx=_w(s, > 0).end()) > >>>> > > File "/usr/lib64/python2.7/json/decoder.py", > line 382, in > >>>> > raw_decode > >>>> > > raise ValueError("No JSON object could be > decoded") > >>>> > > ValueError: No JSON object could be decoded > >>>> > > > >>>> > > > >>>> > > Surprisingly, I now can't find that RPM of this > SDK in > >>>> > > resources.ovirt.org <http://resources.ovirt.org> > <http://resources.ovirt.org> <http://resources.ovirt.org> > >>>> > <http://resources.ovirt.org> now. > >>>> > > > >>>> > > I've tried > >>>> > > with > >>>> > > http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-... <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-... <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm>> > >>>> > > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-... <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-... <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm>>> > >>>> > > > >>>> > > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-... <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-... <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm>> > >>>> > > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-... <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-... <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm>>>> > >>>> > > > >>>> > > - same result. > >>>> > > > >>>> > > Did not see anything obvious on server or > engine logs. > >>>> > > The code: > >>>> > > def add_dc4(api): > >>>> > > nt.assert_true(api != None) > >>>> > > dcs_service = > api.system_service().data_centers_service() > >>>> > > nt.assert_true( > >>>> > > dc = dcs_service.add( > >>>> > > sdk4.types.DataCenter( > >>>> > > name=DC_NAME4, > >>>> > > description='APIv4 DC', > >>>> > > local=False, > >>>> > > > >>>> > > > version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MIN), > >>>> > > ), > >>>> > > ) > >>>> > > ) > >>>> > > > >>>> > > > >>>> > > And the api object is from: > >>>> > > return sdk4.Connection( > >>>> > > url=url, > >>>> > > username=constants.ENGINE_USER, > >>>> > > > >>>> > password=str(self.metadata['ovirt-engine-password']), > >>>> > > insecure=True, > >>>> > > debug=True, > >>>> > > ) > >>>> > > > >>>> > > > >>>> > > The clue is actually on the HTTPd logs: > >>>> > > 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST > >>>> > > /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74 > >>>> > > > >>>> > > And indeed, from the deubg log: > >>>> > > begin captured logging << --------------------\n > >>>> > > root: DEBUG: Trying 192.168.203.3...\n > >>>> > > root: DEBUG: Connected to 192.168.203.3 > (192.168.203.3) port 443 > >>>> > (#0)\n > >>>> > > root: DEBUG: Initializing NSS with certpath: > sql:/etc/pki/nssdb\n > >>>> > > root: DEBUG: skipping SSL peer certificate > verification\n > >>>> > > root: DEBUG: ALPN/NPN, server did not agree to a > protocol\n > >>>> > > root: DEBUG: SSL connection using > >>>> > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n > >>>> > > root: DEBUG: Server certificate:\n > >>>> > > root: DEBUG: subject: CN=engine,O=Test,C=US\n > >>>> > > root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n > >>>> > > root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n > >>>> > > root: DEBUG: common name: engine\nroot: DEBUG: issuer: > >>>> > > CN=engine.38998,O=Test,C=US\n > >>>> > > *root: DEBUG: POST /ovirt-engine/sso/oauth/token > HTTP/1.1\n* > >>>> > > *root: DEBUG: Host: 192.168.203.3\n* > >>>> > > *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n* > >>>> > > *root: DEBUG: Accept: application/json\n* > >>>> > > *root: DEBUG: Content-Length: 78\n* > >>>> > > *root: DEBUG: Content-Type: > application/x-www-form-urlencoded\nroot: > >>>> > > DEBUG: > >>>> > > > >>>> > > username=admin%40internal&scope=ovirt-app-api&password=123&grant_type=password\n* > >>>> > > *root: DEBUG: upload completely sent off: 78 out of > 78 bytes\n* > >>>> > > *root: DEBUG: HTTP/1.1 404 Not Found\n* > >>>> > > *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n* > >>>> > > *root: DEBUG: Server: Apache/2.4.6 (CentOS) > OpenSSL/1.0.1e-fips\n* > >>>> > > *root: DEBUG: Content-Length: 74\n* > >>>> > > *root: DEBUG: Content-Type: text/html; charset=UTF-8\n* > >>>> > > *root: DEBUG: \n* > >>>> > > *root: DEBUG: > <html><head><title>Error</title></head><body>404 - Not > >>>> > > Found</body></html>\n* > >>>> > > root: DEBUG: Connection #0 to host 192.168.203.3 > left intact\n > >>>> > > --------------------- >> end captured logging > >>>> > > > >>>> > > >>>> > That definitively looks like version 3 of the engine. > Either that or > >>>> > version 4 of the engine with web server configuration > modified so that > >>>> > the SSO doesn't work as expected. > >>>> > > >>>> > What do you get if you run this against that server? > >>>> > > >>>> > > >>>> > Attached. > >>>> > Y. > >>>> > > >>>> > >>>> OK, that is version 4.1 of the engine, so next question is > why the SSO > >>>> service is not responding. Do you see any message in > >>>> /var/log/ovirt-engine/server.log about "enginesso.war" not > being > >>>> deployed? Did you do any modification to the > >>>> /etc/httpd/conf.d/z-ovirt-engine.conf file? > >>>> > >>>> Ravi, Martin, any idea of why the SSO service may not be > working? > >>>> > >>>> > > >>>> > > >>>> > curl \ > >>>> > --verbose \ > >>>> > --insecure \ > >>>> > --request GET \ > >>>> > --user "admin@internal:yourpassword" \ > >>>> > --header "Version: 4" \ > >>>> > --header "Accept: application/xml" \ > >>>> > "https://thatserver/ovirt-engine/api <https://thatserver/ovirt-engine/api> > <https://thatserver/ovirt-engine/api <https://thatserver/ovirt-engine/api>> > >>>> > <https://thatserver/ovirt-engine/api <https://thatserver/ovirt-engine/api> > <https://thatserver/ovirt-engine/api <https://thatserver/ovirt-engine/api>>>" > >>>> > > >>>> > >>>> > >>>> -- > >>>> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea > 3, planta > >>>> 3ºD, 28016 Madrid, Spain > >>>> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 > - Red Hat S.L. > >>> > >>> > >> > > > > >
-- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
-- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
participants (4)
-
Juan Hernández -
Ondra Machacek -
Ravi Nori -
Yaniv Kaul