10:29 a.m.
I'm trying, my configuration is still incomplete, I added in my httpd.conf:
<VirtualHost *:1443>
ServerName XXX
DocumentRoot htdocs
RedirectMatch ^/$ /ovirt-engine/
SSLEngine on
SSLCertificateFile /etc/pki/ovirt-engine/certs/apache.cer
SSLCertificateKeyFile /etc/pki/ovirt-engine/keys/apache.key.nopass
SSLCACertificateFile /etc/pki/ovirt-engine/apache-ca.pem
RequestHeader unset Expect early
<LocationMatch
^/(ovirt-engine($|/)|api($|/)|RHEVManagerWeb/|OvirtEngineWeb/|ca.crt$|engine.ssh.key.txt$|rhevm.ssh.key.txt$)>
ProxyPassMatch ajp://127.0.0.1:8702 timeout=3600 retry=5
AddOutputFilterByType DEFLATE text/javascript text/css text/html text/xml
text/json application/xml application/json application/x-yaml
</LocationMatch>
</VirtualHost>
and in /etc/ovirt-engine/ovirt-vmconsole-proxy-helper.conf.d/99-my.conf
ENGINE_BASE_URL=https://localhost:1443/ovirt-engine/
but no progress :
su - ovirt-vmconsole -c '/usr/libexec/ovirt-vmconsole-proxy-keys --debug list'
ERROR: Internal error
--debug don't provide any help
but
curl -vk -XPOST https://localhost:1443/ovirt-engine/services/vmconsole-proxy
fails of course, but because the query is no good. More messages from
ovirt-vmconsole-proxy-keys would be very helpfull.
Le 23 mars 2016 à 13:32, Francesco Romani <fromani(a)redhat.com>
a écrit :
----- Original Message -----
> From: "Fabrice Bacchella" <fabrice.bacchella(a)orange.fr>
> To: "Francesco Romani" <fromani(a)redhat.com>
> Cc: "Yedidyah Bar David" <didi(a)redhat.com>, "users"
<users(a)ovirt.org>
> Sent: Wednesday, March 23, 2016 1:21:11 PM
> Subject: Re: [ovirt-users] seria consol setup
>
>
>> Le 23 mars 2016 à 12:32, Francesco Romani <fromani(a)redhat.com> a écrit :
>>
>> ----- Original Message -----
>>> From: "Yedidyah Bar David" <didi(a)redhat.com>
>>> To: "Fabrice Bacchella" <fabrice.bacchella(a)orange.fr>,
"Francesco Romani"
>>> <fromani(a)redhat.com>
>>> Cc: "users" <users(a)ovirt.org>
>>> Sent: Wednesday, March 23, 2016 12:28:52 PM
>>> Subject: Re: [ovirt-users] seria consol setup
>>
>>>> I can always use puppet to modify just this line, it will be fine for
me.
>>>>
>>>> The point 4 in Automatic Setup is not very helpfull:
>>>> " • once the setup succesfully run, and once ovirt-engine is
>>>> running,
>>>> you can log in and register a SSH key. (TODO: add picture)"
>>>>
>>>> what does it mean ?
>>
>> It just means that you need to add SSH public keys for the users which want
>> to use
>> the serial console.
>>
>> E.g. log in user portal
>> in the top right corner there is the $user drop down menu, click on it
>> select "options"
>> paste public key here
>>
>> HTH,
>
> It tried that, I didn't work.
What didn't work? Adding the keys or -AFAIK- the full authentication?
> By digging in log and configuration, I think
> it's because I have an Apache server in front of ovirt-engine, using a
> specific SSO authentication module (using CAS), so the certificate-base
> authentication is failing, if my comprehension is good. So you should add a
> few line about that in the documentation.
Will improve in this regard
> Should I make the proxy helper
> talks directly to tomcat by playing with ENGINE_BASE_URL in
> /etc/ovirt-engine/ovirt-vmconsole-proxy-helper.conf.d ?
Yes, the proxy helper is supposed to talk directly with the Engine.
> There is also a small glitch in the documentation:
> su - ovirt-vmconsole -c 'ovirt-vmconsole-proxy-keys list'
> but it should be:
> su - ovirt-vmconsole -c '/usr/libexec/ovirt-vmconsole-proxy-keys list'
Thanks, will fix.
Bests,
--
Francesco Romani
RedHat Engineering Virtualization R & D
Phone: 8261328
IRC: fromani