[ovirt-users] Re: ovirt-websocket-proxy errors when trying noVNC

On May 28, 2020, at 12:03 PM, Strahil Nikolov <hunter86_bg(a)yahoo.com&gt; wrote: Are you in the same network segment as the Engine ? Maybe there is a firewall preventing you to reach port 6100/tcp . What is the output from ncat -v engine-FQDN 6100 Best Regards, Strahil Nikolov На 27 май 2020 г. 18:48:31 GMT+03:00, Louis Bohm <louisbohm(a)gmail.com <mailto:louisbohm@gmail.com>> написа: > I am running MAC OS X but I was able to import the CA Cert and I can > see it in my Keychain. However, when I try to bring up the console I > get: > Can't connect to websocket proxy server > wss://lfg-kvm.corp.lfg.com:6100 <wss://lfg-kvm.corp.lfg.com:6100/>. Please check that: > websocket proxy service is running, > firewalls are properly set, > websocket proxy certificate is trusted by your browser. Default CA > certificate > <https://lfg-kvm.corp.lfgardens.com/ovirt-engine/services/pki-resource?res... <https://lfg-kvm.corp.lfgardens.com/ovirt-engine/services/pki-resource?res...;. > > > Louis > -<<—->>- > Louis Bohm > louisbohm(a)gmail.com <mailto:louisbohm@gmail.com> > > <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/p... <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/p... > <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/p... <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/p... > >> On May 27, 2020, at 11:01 AM, Scott Dickerson <sdickers(a)redhat.com <mailto:sdickers@redhat.com>> > wrote: >> >> >> On Wed, May 27, 2020 at 7:42 AM Louis Bohm <louisbohm(a)gmail.com <mailto:louisbohm@gmail.com> > <mailto:louisbohm@gmail.com <mailto:louisbohm@gmail.com>>> wrote: >> OS: Oracle Linux 7.8 (unbreakable kernel) >> Using Oracle Linux Virtualization Manager: Software > Version:4.3.6.6-1.0.9.el7 >> >> Since I am running all of it on one physical machine I opted to > install the ovirt-engine using the accept defaults option. >> >> When I try to start a noVNC console I see this in the messages file: >> May 26 16:49:12 lfg-kvm saslpasswd2: Could not find keytab file: > /etc/qemu/krb5.tab: No such file or directory >> May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from > sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found >> May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from > sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found >> May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from > sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found >> May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from > sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found >> May 26 16:49:14 lfg-kvm journal: 2020-05-26 16:49:14,704-0400 > ovirt-websocket-proxy: INFO msg:824 handler exception: [SSL: > SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown > (_ssl.c:618) >> May 26 16:49:14 lfg-kvm ovirt-websocket-proxy.py: > ovirt-websocket-proxy[14582] INFO msg:824 handler exception: [SSL: > SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown > (_ssl.c:618) >> >> I have checked the following: >> [root@lfg-kvm ~]# engine-config -g WebSocketProxy >> WebSocketProxy: lfg-kvm.corp.lfg.com:6100 <http://lfg-kvm.corp.lfg.com:6100/> > <http://lfg-kvm.corp.lfg.com:6100/ <http://lfg-kvm.corp.lfg.com:6100/>> version: general >> [root@lfg-kvm ~]# engine-config -g SpiceProxyDefault >> SpiceProxyDefault: http://lfg-kvm.corp.lfg.com:6100 <http://lfg-kvm.corp.lfg.com:6100/> > <http://lfg-kvm.corp.lfg.com:6100/ <http://lfg-kvm.corp.lfg.com:6100/>> version: general >> >> This is a brand new install. >> >> I also am unable to get a VNC console up and running. I have tried > with an Ubuntu VM running on my MAC where I installed virt-manager. > The viewer comes up for a second says it cannot connect and then > shutsdown. >> >> >> If you're only using noVNC, then you need to make sure you import the > CA Cert and trust it in your browser. There is no way to interactively > accept the self-signed cert from the engine when noVNC connects via the > websocket proxy. >> >> Anyone have any clue? >> -<<—->>- >> Louis Bohm >> louisbohm(a)gmail.com <mailto:louisbohm@gmail.com> <mailto:louisbohm@gmail.com <mailto:louisbohm@gmail.com>> >> > <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/p... <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/p... > <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/p... <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/p... >> _______________________________________________ >> Users mailing list -- users(a)ovirt.org <mailto:users@ovirt.org> <mailto:users@ovirt.org <mailto:users@ovirt.org>> >> To unsubscribe send an email to users-leave(a)ovirt.org <mailto:users-leave@ovirt.org> > <mailto:users-leave@ovirt.org <mailto:users-leave@ovirt.org>> >> Privacy Statement: https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html> > <https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html>> >> oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> > <https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/>> >> List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJS... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJS... > <https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJS... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJS... >> >> >> -- >> Scott Dickerson >> Senior Software Engineer >> RHV-M Engineering - UX Team >> Red Hat, Inc