10:31 a.m.
Thank you Gianluca for attempting to replicate the issue. Also thank you Marcos for your
input. I replied to your message earlier but for some reason it is not showing up.
Marcos - I had previously responded saying I validated VNC encryption is not enabled. I
also put each host into maintenance mode as you suggested and did a reinstall and it did
not resolve the issue.
Gianluca - My versions as you showed are:
Software version: 4.5.5-1.22.el8
Kernel on the engine: 5.15.0-300.163.18.1.el8uek.x86_64
I have tried Chrome and Firefox with the same results but I don't believe it to be a
browser issue because I can switch to Native VNC instead of noVNC and download the
console.vv file. Look inside of it for the connection info and password and then manually
make the connection with a vnc viewer app and authenticate with the password and get a
blank screen saying "Guest
has not initialized the display (yet)."
The only thing different on our setup I can think of is we had to disable OAuth logins and
use the older AAA authentication since we are still migrating production VMs from OVM into
OLVM. Part of the migration uses virt-v2v command which does not support keycloak
authentication so we were forced to disable it. Our migration process is loosely based on
this article and then tweaked to our specifics
https://blogs.oracle.com/scoter/post/how-to-migrate-oracle-vm-to-oracle-l...
Here are the exact steps we took to disable SSO:
#####
Disable the external SSO in ovirt engine
Edit /etc/ovirt-engine/engine.conf.d/12-setup-keycloak.conf and change:
KEYCLOAK_BUNDLED=false
ENGINE_SSO_ENABLE_EXTERNAL_SSO=false
Disable HTTPD openidc configuration
mv /etc/httpd/conf.d/internalsso-openidc.conf
/etc/httpd/conf.d/internalsso-openidc.conf.disabled
Update oVirt OVN provider
Edit /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
Comment out this line
ovirt-admin-user-name=admin@ovirt@internalsso
Re-run the engine-setup
engine-setup --otopi-environment="OVESETUP_CONFIG/keycloakEnable=bool:False
OVESETUP_CONFIG/keycloakSupported=bool:False" --offline
Restart all related services
systemctl restart ovirt-engine httpd ovirt-provider-ovn grafana-server
With AAA authentication login is "admin"
#####
I will point out we've done prior upgrades with SSO disabled and it has not been an
issue. I only bring it up as we're out of ideas and unsure what has broken console
access. As part of troubleshooting I re-ran the engine-setup command as shown above like
this:
engine-setup --otopi-environment="OVESETUP_CONFIG/keycloakEnable=bool:False
OVESETUP_CONFIG/keycloakSupported=bool:False" --offline
Restarted services and there was no change.
Also one other minor customization we have done some time ago was to make noVNC the
default console for our VMs. We achieved that with the following commands:
engine-config -s ClientModeVncDefault=NoVnc
systemctl restart ovirt-engine
Other than that our install is pretty straight forward.
Our production upgrades have been pushed out till we can find a resolution to what broke
these consoles in lab on upgrade.
Thanks again
Malcolm