Le 11 ao=C3=BBt 2016 =C3=A0 11:37, Fabrice Bacchella = <fabrice.bacchella@icloud.com> a =C3=A9crit : =20 =20
Le 11 ao=C3=BBt 2016 =C3=A0 09:31, Martin Perina <mperina@redhat.com = <mailto:mperina@redhat.com>> a =C3=A9crit : =20 Hi Fabrice, =20 so it seems to me that ovirt-engine-rename didn't work as expected, = because you have changed ENGINE_FQDN in 10-setup-protocols.conf. We = don't support user updates on automatically generated files in = /etc/ovirt-engine/engine.conf.d/. Please next time you'd like to change = something, change it in 99-custom-???.conf file. =20 I roll back this change, as you said it was not enough and then the = rename command.. =20 =20 Now how to get things working: I'm afraid it would be long and =
=20 1. Change manually ENGINE_FQDN to the new value you have used as new = FQDN in ovirt-engine-rename in those files: =20 /etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf /etc/ovirt-engine/imageuploader.conf.d/10-engine-setup.conf /etc/ovirt-engine/isouploader.conf.d/10-engine-setup.conf /etc/ovirt-engine/logcollector.conf.d/10-engine-setup.conf =20 2. Now, let's check your custom certificates, I know you are using = your custom CA, does the trustore you have set into = ENGINE_HTTPS_PKI_TRUST_STORE contains all certificates which are needed = to verify HTTPS certificates you have set in Apache for new FQDN? If so, =
--Apple-Mail=_F7422B19-9C53-401B-B9C1-3EB9A88300B1 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 painful process, but let's try: then please restart your engine and try
=20 Thanks =20 Martin Perina =20 I'm not sur the PKI part is the biggest problem. I managed to get it = work after a rename and using a custom truststore with all the needed = CA. =20 My main problem is with this strange=20 User login failure: java.lang.RuntimeException: server_error: = org.codehaus.jackson.JsonParseException: Unexpected character ('<' (code = 60)): expected a valid value (number, String, array, object, 'true', = 'false' or 'null') =20 that no one seems to understand where it came from. Ravi suggest to do = not use custom certificate, but I think it's impossible to test this = now, because of the incomplete operation of the rename command. So I = will but back my trust store and we should focus on this message. =20 By the way, I'm on irc on the channel with the nick FabriceB.
Ok we finally nailed that problem with the help of Ravi Nori. Because of = the new SSO settings, ovirt-engine made a called to itself, from within = the same process. But it needed to go through apache to authentify = itself by itself and was intercepted by my SSO setup. I will need to = rewrite it and split URL. --Apple-Mail=_F7422B19-9C53-401B-B9C1-3EB9A88300B1 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html = charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" = class=3D""><br class=3D""><div><blockquote type=3D"cite" class=3D""><div = class=3D"">Le 11 ao=C3=BBt 2016 =C3=A0 11:37, Fabrice Bacchella <<a = href=3D"mailto:fabrice.bacchella@icloud.com" = class=3D"">fabrice.bacchella@icloud.com</a>> a =C3=A9crit :</div><br = class=3D"Apple-interchange-newline"><div class=3D""><meta = http-equiv=3D"Content-Type" content=3D"text/html charset=3Dutf-8" = class=3D""><div style=3D"word-wrap: break-word; -webkit-nbsp-mode: = space; -webkit-line-break: after-white-space;" class=3D""><br = class=3D""><div class=3D""><blockquote type=3D"cite" class=3D""><div = class=3D"">Le 11 ao=C3=BBt 2016 =C3=A0 09:31, Martin Perina <<a = href=3D"mailto:mperina@redhat.com" class=3D"">mperina@redhat.com</a>> = a =C3=A9crit :</div><br class=3D"Apple-interchange-newline"><div = class=3D""><div dir=3D"ltr" class=3D""><div class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif">Hi Fabrice,<br = class=3D""><br class=3D""></div><div class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif">so it seems to me that = ovirt-engine-rename didn't work as expected, because you have changed = ENGINE_FQDN in 10-setup-protocols.conf. We don't support user updates on = automatically generated files in /etc/ovirt-engine/engine.conf.d/. = Please next time you'd like to change something, change it in = 99-custom-???.conf file.<br class=3D""></div></div></div></blockquote><div= class=3D""><br class=3D""></div>I roll back this change, as you said it = was not enough and then the rename command..</div><div class=3D""><br = class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div = dir=3D"ltr" class=3D""><div class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif"><br class=3D""></div><div= class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif">Now how to get things = working: I'm afraid it would be long and painful process, but let's = try:<br class=3D""><br class=3D""></div><div class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif">1. Change manually = ENGINE_FQDN to the new value you have used as new FQDN in = ovirt-engine-rename in those files:<br class=3D""><br = class=3D""> /etc/ovirt-engine/engine.conf.<wbr = class=3D"">d/10-setup-protocols.conf<br class=3D""> = /etc/ovirt-engine/<wbr class=3D"">imageuploader.conf.d/10-<wbr = class=3D"">engine-setup.conf<br class=3D""> /etc/ovirt-engine/isouploader.<wbr = class=3D"">conf.d/10-engine-setup.conf<br class=3D""> /etc/ovirt-engine/<wbr = class=3D"">logcollector.conf.d/10-engine-<wbr class=3D"">setup.conf<br = class=3D""><br class=3D""></div><div class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif">2. Now, let's check = your custom certificates, I know you are using your custom CA, does the = trustore you have set into ENGINE_HTTPS_PKI_TRUST_STORE contains all = certificates which are needed to verify HTTPS certificates you have set = in Apache for new FQDN? If so, then please restart your engine and = try<br class=3D""><br class=3D""></div><div class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif">Thanks<br class=3D""><br = class=3D""></div><div class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif">Martin Perina<br = class=3D""></div></div></div></blockquote></div><br class=3D""><div = class=3D"">I'm not sur the PKI part is the biggest problem. I managed to = get it work after a rename and using a custom truststore with all the = needed CA.</div><div class=3D""><br class=3D""></div><div class=3D"">My = main problem is with this strange </div><div class=3D"">User login = failure: java.lang.RuntimeException: server_error: = org.codehaus.jackson.JsonParseException: Unexpected character ('<' = (code 60)): expected a valid value (number, String, array, object, = 'true', 'false' or 'null')</div><div class=3D""><br class=3D""></div><div = class=3D"">that no one seems to understand where it came from. Ravi = suggest to do not use custom certificate, but I think it's impossible to = test this now, because of the incomplete operation of the rename = command. So I will but back my trust store and we should focus on this = message.</div><div class=3D""><br class=3D""></div><div class=3D"">By = the way, I'm on irc on the channel with the nick = FabriceB.</div></div></div></blockquote><br class=3D""></div><div>Ok we = finally nailed that problem with the help of Ravi Nori. Because of the = new SSO settings, ovirt-engine made a called to itself, from within the = same process. But it needed to go through apache to authentify itself by = itself and was intercepted by my SSO setup. I will need to rewrite it = and split URL.</div><div><br class=3D""></div><div><br = class=3D""></div><br class=3D""></body></html>= --Apple-Mail=_F7422B19-9C53-401B-B9C1-3EB9A88300B1--