On Thu, Sep 29, 2016 at 11:28 AM, Yedidyah Bar David <didi(a)redhat.com> wrote:
On Thu, Sep 29, 2016 at 10:59 AM, Nicolas Ecarnot
<nicolas(a)ecarnot.net> wrote:
> Le 29/09/2016 à 08:36, Yedidyah Bar David a écrit :
>>
>> On Wed, Sep 28, 2016 at 11:07 PM, Nicolas Ecarnot <nicolas(a)ecarnot.net>
>> wrote:
>>>
>>> Le 28/09/2016 à 20:47, Yaniv Kaul a écrit :
>>>
>>>
>>>> Apart that, by connecting into the engine VM, I saw that the engine
>>>> process was running, so I tried to access the web GUI, by running an SSH
>>>> connection to the bare-metal host :
>>>> ssh -L 8443:192.168.200.4:443 root(a)serv-hv-dev01.sdis.isere.fr
>>>>
>>>>
>>>> Accessing
https://localhost:8443/ is working, but when trying to access
>>>> the login screen, I'm left with :
>>>> "The client is not authorized to request an authorization. It's
required
>>>> to access the system using FQDN."
>>>
>>>
>>>
>>> Add to your /etc/hosts
>>> 192.168.200.4 engine
>>>
>>> And connect to
https://engine
>>>
>>>
>>> Yaniv,
>>>
>>> If you mean : "Change the /etc/hosts of the bare-metal server which is
>>> running Lago", I already tried that :
>>>
>>> root@serv-hv-dev01:/etc# cat /etc/hosts
>>> 127.0.0.1 localhost localhost.localdomain localhost4
>>> localhost4.localdomain4
>>> ::1 localhost localhost.localdomain localhost6
>>> localhost6.localdomain6
>>> 192.168.200.4 engine lago-basic-suite-4-0-engine.lago.local
>>>
>>> And of course, I adapted the "ssh -L" connection according to it :
>>> ssh -L 8443:engine:443 root@serv-hv-dev01
>>> or
>>> ssh -L 8443:lago-basic-suite-4-0-engine.lago.local:443 root@serv-hv-dev01
>>>
>>> If you mean to change the /etc/hosts of the computer I'm initiating the
>>> ssh
>>> connection from, it does not seem relevant as it can not reach the
>>> internal
>>> 192.168.200/24 virtual subnet.
>>
>>
>> You can do something like this:
>>
>> Add to your client's /etc/hosts:
>>
>> 127.0.3.1 engine
>>
>> And then:
>>
>> ssh -L engine:8443:lago-basic-suite-4-0-engine.lago.local:443
>> root@serv-hv-dev01
>
>
> Hello,
>
> Been there, tried that : to no avail.
>
> In the engine log, I see :
>
> 2016-09-29 03:35:15,236 DEBUG [org.ovirt.engine.core.sso.utils.SsoUtils]
> (default task-13) [] Parameter app_url not found request, using default
> value
> 2016-09-29 03:35:15,236 ERROR [org.ovirt.engine.core.sso.utils.SsoUtils]
> (default task-13) [] The client is not authorized to request an
> authorization. It's required to access the system using FQDN.
> 2016-09-29 03:35:15,236 DEBUG [org.ovirt.engine.core.sso.utils.SsoUtils]
> (default task-13) [] Exception:
> org.ovirt.engine.core.sso.utils.OAuthException: The client is not authorized
> to request an authorization. It's required to access the system using FQDN.
> at
> org.ovirt.engine.core.sso.utils.SsoUtils.validateClientRequest(SsoUtils.java:460)
> [enginesso.jar:]
> at
>
org.ovirt.engine.core.sso.servlets.OAuthAuthorizeServlet.service(OAuthAuthorizeServlet.java:51)
> [enginesso.jar:]
>
>
>
> Moreover, reading
https://www.ovirt.org/release/4.0.4/ , I see :
> "it's required to access engine only using the same FQDN which was
specified
> during engine-setup invocation."
>
> Isn't it the key of this issue?
Indeed.
> Reading that, should I understand that from the moment this patch was merged
> in, the "ssh -L" trick could not work anymore?
I still do not understand why not. In your client's browser, just connect to
https://engine:8443. Does this fail?
If it fails due to the port (no idea), you can try also listening on the
"real" 443 port. If you also have a local httpd already listening on 443,
you'll have to configure it to listen only on specific local addresses, so
that you can have your ssh listen on 443 on the address you use for tunneling.
>
>
>
>>
>> See also:
>>
>>
https://bugzilla.redhat.com/show_bug.cgi?id=1325746
You can still try also this one. I didn't yet myself.
>>
>> I am not aware of lago support for this, patches are likely welcome :-)
>
>
> I would be so glad to be skilled enough to contribute...
>
> My skills are limited to testing and reporting.
That's much appreciated as well!
Best,
--
Didi