Hi Konstantin,
I was reading your post and wonder that maybe you could help with a similar issue as well.
I also have a problem with certificates and iso/file upload (plus an additional but
probably connected noVNC case) but on a Windows 11 box. The thing is that when I run admin
portal (this is a hosted-engine setup) from a Linux box, one of the KVM hosts, everything
(both upload/noVNC) is working fine, but when run from a Windows box... it doesn't.
On Linux, I just added the ovirt certificate to the browser root trust store.
On Windows, the same setup is not working. It seems that for Chrome and Edge the root
trust stores for browsers and the OS itself are the same, for Firefox there is a
difference as it has - as I understand - its own root trust store. Either way, after
adding certificates to these stores, I can only get the browser not to flag the connection
as insecure, but both upload and noVNC are not working. As I have mentioned, this problem
occurs only under Windows, not Linux.
I would appreciate any help.
Thanks and best wishes,
Adam
Dnia 13 kwi 2023 18:32 "Volenbovskyi, Konstantin"
<Konstantin.Volenbovskyi(a)haufe.com> napisał(a):
Hi,
I think that you might simply need to restart ovirt-imageio-proxy service because it
potentially uses the old certificate/different
from the one used by ovirt-engine service.
And in general I would suggest to troubleshoot that using
https://myhomelab.gr/linux/2020/01/20/replacing_ovirt_ssl.html
You should be able to troubleshoot that using 'curl'/openssl commands: in the way
that it relies on system trust of root CAs and trying engine URL
vs. image-proxy URL might reveal more information. This might mean that you ignore browser
(and its own store of certificate/trust settings...), but start from point that there is
storage of root CAs
and trust exists because HTTPS endpoint provides certificate chain: server certificate
plus certificate of sub-CAs (if needed) that is ultimately signed by root CA that trusted
by your system.
BR,
Konstantin
Am 13.04.23, 15:14 schrieb "Igor Filipovic" <igor.filipovic(a)gmx.com
<mailto:igor.filipovic@gmx.com>>:
Hi, I'm having a trouble on fresh 4.4.10.7 installation (on oracle linux), I'm not
able to upload or download any file using storage domain upload image function. I've
imported CA certificate and have tried on several browsers (firefow, chrome,edge), on
different computers (and browsers are green - claiming that I'm securely connected),
but I'm always getting error regarding CA certificate when I test connection, or when
I try to upload ISO image. I've tried to upload ISO image via cli commands
(upload_disk.py), and that scenario was successful, however this method It is not very
convenient for my co-workers.
I have 5 physical hosts, one is dedicated to run ovirt-engine, and other 4 are kvm
hypervisors. When I try to upload ISO this is what engine.log logs:
2023-04-08 11:00:28,339+02 INFO
[org.ovirt.engine.core.bll.storage.disk.image.TransferImageStatusCommand] (default task-2)
[f6b62add-0a0c-45ee-a985-a76171843382] Running command: TransferImageStatusCommand
internal: false. Entities affected : ID: 1eb97088-b805-4616-af55-0ac9d1d7dfbe Type:
SystemAction group CREATE_DISK with role type USER
2023-04-08 11:00:28,340+02 INFO
[org.ovirt.engine.core.bll.storage.disk.image.ImageTransferUpdater] (default task-2)
[f6b62add-0a0c-45ee-a985-a76171843382] Updating image transfer
a78b18c5-e395-4c29-aa5c-15ffff8a1cb6 (image 4f758325-ac11-4071-a9fa-d180425e8604) phase to
Paused by System (message: 'Sent 0MB')
2023-04-08 11:00:28,363+02 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-2)
[f6b62add-0a0c-45ee-a985-a76171843382] EVENT_ID: UPLOAD_IMAGE_NETWORK_ERROR(1,062), Unable
to upload image to disk 4f758325-ac11-4071-a9fa-d180425e8604 due to a network error.
Ensure ovirt-engine's CA certificate is registered as a trusted CA in the browser. The
certificate can be fetched from
https://engine-dr.somedomain/ovirt-engine/services/pki-resource?resource=...
<
https://engine-dr.somedomain/ovirt-engine/services/pki-resource?resource=...
2023-04-08 11:00:28,363+02 INFO
[org.ovirt.engine.core.bll.storage.disk.image.TransferImageStatusCommand] (default task-2)
[f6b62add-0a0c-45ee-a985-a76171843382] Running command: TransferImageStatusCommand
internal: false. Entities affected : ID: 1eb97088-b805-4616-af55-0ac9d1d7dfbe Type:
SystemAction group CREATE_DISK with role type USER
Can you please point me in some direction to try to fix this?
Thanks, and best regards
Igor
_______________________________________________
Users mailing list -- users(a)ovirt.org <mailto:users@ovirt.org>
To unsubscribe send an email to users-leave(a)ovirt.org
<mailto:users-leave@ovirt.org>
Privacy Statement:
https://www.ovirt.org/privacy-policy.html
<
https://www.ovirt.org/privacy-policy.html>
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
<
https://www.ovirt.org/community/about/community-guidelines/>
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org
<mailto:users@ovirt.org>/message/GDTIYHKLZ33Q4KV5SXIGXQ23L2KKBA3Y/
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement:
https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/HGOCARZ7DLV...