Hi Callum,

We figured it out. Please see https://github.com/oVirt/ovirt-web-ui/issues/938#issuecomment-464067457
Let me know if that helps?

Greg


On Tue, Jan 29, 2019 at 8:31 PM Greg Sheremeta <gshereme@redhat.com> wrote:
Hey,

https://github.com/oVirt/ovirt-web-ui/issues/938

You can follow progress there. Thank you for reporting.

Best wishes,
Greg

On Wed, Oct 24, 2018 at 11:41 AM Callum Smith <callum@well.ox.ac.uk> wrote:
Dear Greg,

Here's my config, this is based on the original guide and some other stuff that i found to help make it work.
Squid Cache: Version 3.5.20

https_port 443 accel key=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.key cert=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.crt defaultsite=<ovirt engine node>
cache_peer <ovirt engine node> parent 443 0 no-query originserver ssl sslcafile=/etc/squid/ca.pem sslflags=DONT_VERIFY_PEER name=engine
cache_peer_access engine allow all
ssl_bump allow all
http_port 3128
acl ovirt_nodes dst <ovirt engine hosts subnet>
acl ovirt_engine dstdomain .<ovirt engine node>
acl all_ips src 1.1.1.1/1
http_access allow ovirt_nodes ovirt_engine
http_access allow all_ips
http_access allow all


# Following are from:

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# RHEV and Spice may leave connections idle for long periods
pconn_timeout   12 hours
request_timeout 12 hours
read_timeout    12 hours

# We need approx 20 open filehandles per spice client
max_filedesc 16384

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. callum@well.ox.ac.uk

On 3 Oct 2018, at 00:39, Greg Sheremeta <gshereme@redhat.com> wrote:

Hi Callum,

I took a look at this, but got in the weeds pretty quickly with squid configuration. I can help more offline, but it might be a while.

It'll probably be easier if you can provide me exact steps for how I could reproduce. Looks like I need to generate some keys. Can you create and share a simple reproducer?

Greg


On Thu, Sep 20, 2018 at 11:37 AM Callum Smith <callum@well.ox.ac.uk> wrote:
Dear Greg,

Did you manage to get any further with this, reverse proxy is rather critical to this project.

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. callum@well.ox.ac.uk

On 6 Aug 2018, at 12:13, Greg Sheremeta <gshereme@redhat.com> wrote:

I'll look into it and get back to you.

On Mon, Aug 6, 2018 at 7:02 AM Callum Smith <callum@well.ox.ac.uk> wrote:
Dear Greg,

So what's the go-to here, it seems so close but something in the API ajax is failing.

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. callum@well.ox.ac.uk

On 27 Jul 2018, at 12:21, Greg Sheremeta <gshereme@redhat.com> wrote:

On Fri, Jul 27, 2018 at 4:39 AM Callum Smith <callum@well.ox.ac.uk> wrote:
Dear Greg,

Indeed, always the latest and greatest for us while trying to get this running.


Arrggghh, that is referring to the old GWT UserPortal and not the new react-based VM Portal. (I'll delete it / mark it obsolete. I apologize for the out-of-date state of our documentation. I am working on improving it.)

Unfortunately we have never tested VM Portal with squid.

@Lukas Svaty any chance you or someone on the team can assist?
 

And the squid.conf file looks like this:

https_port 443 accel key=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.key cert=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.crt defaultsite=ovirtengine.cluster
cache_peer ovirtengine.cluster parent 443 0 no-query originserver ssl sslcafile=/etc/squid/ca.pem sslflags=DONT_VERIFY_PEER name=engine
cache_peer_access engine allow all
ssl_bump allow all
http_port 3128
acl ovirt_nodes dst 192.168.64.0/24
acl ovirt_engine dstdomain .ovirtengine.cluster
acl all_ips src 1.1.1.1/1
http_access allow ovirt_nodes ovirt_engine
http_access allow all_ips
http_access allow all


# Following are from:

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# RHEV and Spice may leave connections idle for long periods
pconn_timeout   12 hours
request_timeout 12 hours
read_timeout    12 hours

# We need approx 20 open filehandles per spice client
max_filedesc 16384

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. callum@well.ox.ac.uk

On 27 Jul 2018, at 01:15, Greg Sheremeta <gshereme@redhat.com> wrote:

From your other thread, I'm guessing 4.2.4.

Can you send the link to the squid guide you used?

On Wed, Jul 25, 2018 at 7:55 PM Greg Sheremeta <gshereme@redhat.com> wrote:
Hi Callum,

What version of ovirt-web-ui is this?

Greg

On Wed, Jul 18, 2018 at 7:12 AM Callum Smith <callum@well.ox.ac.uk> wrote:
Dear All,

Those error logs are relevant only to another issue, please ignore.

There appears to be a problem to do with authentication through the squid proxy though, which presents differently in Safari and Firefox:


Sorry for the screenshots but its the only way i can extract this data due to the page-refresh.

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. callum@well.ox.ac.uk

On 18 Jul 2018, at 10:54, Callum Smith <callum@well.ox.ac.uk> wrote:

Dear All,

Some relevant error logs:

2018-07-18 10:51:33,554+01 INFO  [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-9) [557ca876] Running command
: CreateUserSessionCommand internal: false.
2018-07-18 10:51:33,575+01 INFO  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-9) [557ca876] E
VENT_ID: USER_VDC_LOGIN(30), User callum@Biomedical Research Computing connecting from '192.168.1.241' using session 'wiWA25wdaRP1zay
iyTSGBJKpvi89LdzgKqeX12BcZhNVhpV2BIA+zkAnT50xOSDglxnhfAi3S2ZiODls8JYFUA==' logged in.
2018-07-18 10:51:34,135+01 ERROR [org.ovirt.engine.core.bll.GetSystemStatisticsQuery] (default task-5) [8d830cdb-fc11-4e68-94e6-73309
65c4488] Query execution failed due to insufficient permissions.
2018-07-18 10:51:34,205+01 ERROR [org.ovirt.engine.core.bll.GetPermissionsForObjectQuery] (default task-26) [ba1825f1-60fb-44cd-8b57-
ea701cf698c0] Query execution failed due to insufficient permissions.
2018-07-18 10:51:34,242+01 ERROR [org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default task-26) [] Operation Faile
d: query execution failed due to insufficient permissions.
2018-07-18 10:51:34,389+01 ERROR [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] (default task-17) [02965366
-44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient permissions.
2018-07-18 10:51:34,393+01 ERROR [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] (default task-17) [02965366
-44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient permissions.
2018-07-18 10:51:34,394+01 ERROR [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] (default task-17) [02965366
-44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient permissions.
2018-07-18 10:51:34,396+01 ERROR [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] (default task-17) [02965366
-44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient permissions.
2018-07-18 10:51:59,195+01 WARN  [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-18) [7881a832] User '9386d6f5-f172-4cdb
-abca-62492a357888' is trying to take the console of virtual machine 'ddb23e0a-01d5-403c-89ab-37c400d2c938', but the console is alrea
dy taken by user 'd021fc10-4f7c-11e8-88cb-00163e6a7aff'.
2018-07-18 10:51:59,197+01 INFO  [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-18) [7881a832] No permission found for
user '9386d6f5-f172-4cdb-abca-62492a357888' or one of the groups he is member of, when running action 'SetVmTicket', Required permiss
ions are: Action type: 'USER' Action group: 'RECONNECT_TO_VM' Object type: 'VM'  Object ID: 'ddb23e0a-01d5-403c-89ab-37c400d2c938'.
2018-07-18 10:51:59,197+01 WARN  [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-18) [7881a832] Validation of action 'Se
tVmTicket' failed for user callum@Biomedical Research Computing. Reasons: VAR__ACTION__SET,VAR__TYPE__VM_TICKET,USER_CANNOT_FORCE_REC
ONNECT_TO_VM
2018-07-18 10:51:59,198+01 ERROR [org.ovirt.engine.api.restapi.resource.BackendVmGraphicsConsoleResource] (default task-18) [] Operat
ion Failed: USER_CANNOT_FORCE_RECONNECT_TO_VM

Seems like there's a permission missing in there - this is a newly attached LDAP group.

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. callum@well.ox.ac.uk

On 17 Jul 2018, at 10:02, Callum Smith <callum@well.ox.ac.uk> wrote:

Dear All,

Does anyone know how to set such options in the web-ui?

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. callum@well.ox.ac.uk

On 12 Jul 2018, at 11:09, Callum Smith <callum@well.ox.ac.uk> wrote:

Dear oVirt Gurus,

Using the oVirt user VM portal seems to not work through the squid proxy setup (configured as per the guide). The page loads and login works fine through the proxy, but the asynchronous requests just hang. I've attached a screenshot, but you can see the "api" endpoint just hanging in a web inspector:

<Screen Shot 2018-07-12 at 11.06.50.png>

This works fine when not going through the proxy.

Is there a way to force noVNC HTML as the console mode through the web-ui, or at least have it as an option if not default?

The console seems not to work when logged in with a base 'user role'.

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. callum@well.ox.ac.uk

_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/VZIGGZZ2IIHBZ65QCX5PLB65DEMRQD4X/

_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/7NBOGYVL4EAH4QQI6ETPMFNXC5VSTZCP/

_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/XSH4JVJPKMWWSOWVDMURWF6BXKBTYUCT/

_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/RYFQ2ZGCERCNSEUUPB62UEPATJ7R4URU/


-- 
GREG SHEREMETA

SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX

gshereme@redhat.com    IRC: gshereme


-- 
GREG SHEREMETA

SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX

gshereme@redhat.com    IRC: gshereme



-- 
GREG SHEREMETA

SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX

gshereme@redhat.com    IRC: gshereme



-- 
GREG SHEREMETA

SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX

gshereme@redhat.com    IRC: gshereme



-- 
GREG SHEREMETA

SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX

gshereme@redhat.com    IRC: gshereme



--

GREG SHEREMETA

SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX

Red Hat NA

gshereme@redhat.com    IRC: gshereme



--

GREG SHEREMETA

SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX

Red Hat NA

gshereme@redhat.com    IRC: gshereme