So as I said before I added the CA cert to my MAC (and I can see it in the MAC’s Keychain).  But its still not working.  For humor I will try adding the CA to my Windows VM and see if that produces a different result.

Louis
-<<—->>-
Louis Bohm
louisbohm@gmail.com


On May 27, 2020, at 11:01 AM, Scott Dickerson <sdickers@redhat.com> wrote:


On Wed, May 27, 2020 at 7:42 AM Louis Bohm <louisbohm@gmail.com> wrote:
OS: Oracle Linux 7.8 (unbreakable kernel)
Using Oracle Linux Virtualization Manager: Software Version:4.3.6.6-1.0.9.el7

Since I am running all of it on one physical machine I opted to install the ovirt-engine using the accept defaults option.

When I try to start a noVNC console I see this in the messages file:
May 26 16:49:12 lfg-kvm saslpasswd2: Could not find keytab file: /etc/qemu/krb5.tab: No such file or directory
May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found
May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found
May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found
May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found
May 26 16:49:14 lfg-kvm journal: 2020-05-26 16:49:14,704-0400 ovirt-websocket-proxy: INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618)
May 26 16:49:14 lfg-kvm ovirt-websocket-proxy.py: ovirt-websocket-proxy[14582] INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618)

I have checked the following:
[root@lfg-kvm ~]#  engine-config -g WebSocketProxy
WebSocketProxy: lfg-kvm.corp.lfg.com:6100 version: general
[root@lfg-kvm ~]# engine-config -g SpiceProxyDefault
SpiceProxyDefault: http://lfg-kvm.corp.lfg.com:6100 version: general

This is a brand new install.

I also am unable to get a VNC console up and running.  I have tried with an Ubuntu VM running on my MAC where I installed virt-manager.  The viewer comes up for a second says it cannot connect and then shutsdown.


If you're only using noVNC, then you need to make sure you import the CA Cert and trust it in your browser.  There is no way to interactively accept the self-signed cert from the engine when noVNC connects via the websocket proxy.
 
Anyone have any clue?
-<<—->>-
Louis Bohm

_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM6LUVF2WC2UW5JQCNCX/


-- 
Scott Dickerson
Senior Software Engineer
RHV-M Engineering - UX Team
Red Hat, Inc