Le 10 ao=C3=BBt 2016 =C3=A0 17:30, Marcelo Leandro = <marceloltmm@gmail.com> a =C3=A9crit : =20 Good morning , =20 "You need to have correctly set up engine FQDN and it has to be = resolvable. If you don't have correctly set engine FQDN, you can fix =
=20 = https://www.ovirt.org/documentation/how-to/networking/changing-engine-host= name/ = <https://www.ovirt.org/documentation/how-to/networking/changing-engine-hos= tname/> " =20 can I make the procedure with host and vms in production? =20 Thanks. =20 2016-08-03 14:34 GMT-03:00 Martin Perina <mperina@redhat.com = <mailto:mperina@redhat.com>>: =20 =20 On Wed, Aug 3, 2016 at 5:25 PM, Fabrice Bacchella = <fabrice.bacchella@icloud.com <mailto:fabrice.bacchella@icloud.com>> = wrote: Next step : =20 The UI says, even with a restarted navigator: =20 org.codehaus.jackson.JsonParseException: Unexpected character ('<' = (code 60)): expected a valid value (number, String, array, object, = 'true', 'false' or 'null') at [Source: java.io.StringReader@74749f78; =
=20 =E2=80=8BI haven't seen this error before, could you please share = server.log and engine.log? =E2=80=8B=20 =20 =20 I shift-reload, got a welcome screen, click on "Administration =
= https://ovirt.mydomain/ovirt-engine/webadmin/sso/login?&app_url=3Dhttps%3A= %2F%2Fovirt.mydomain%2Fovirt-engine%2Fwebadmin%2F%3Flocale%3Den_US&locale=3D= en_US = <https://ovirt.mydomain/ovirt-engine/webadmin/sso/login?&app_url=3Dhttps%3= A%2F%2Fovirt.mydomain%2Fovirt-engine%2Fwebadmin%2F%3Flocale%3Den_US&locale= =3Den_US> that then redirect to: = https://realhost.mydomain:443/ovirt-engine/sso/oauth/authorize?client_id=3D= ovirt-engine-core&response_type=3Dcode&redirect_uri=3Dhttps%3A%2F%2Fovirt.= mydomain%3A443%2Fovirt-engine%2Fwebadmin%2Fsso%2Foauth2-callback&scope=3Do= virt-app-admin+ovirt-app-portal+ovirt-ext%3Dauth%3Asequence-priority%3D%7E= &state=3D5ku3vXkfb10 = <https://realhost.mydomain/ovirt-engine/sso/oauth/authorize?client_id=3Dov= irt-engine-core&response_type=3Dcode&redirect_uri=3Dhttps%3A%2F%2Fovirt.my= domain%3A443%2Fovirt-engine%2Fwebadmin%2Fsso%2Foauth2-callback&scope=3Dovi= rt-app-admin+ovirt-app-portal+ovirt-ext%3Dauth%3Asequence-priority%3D%7E&s= tate=3D5ku3vXkfb10> =20 And it fail with again with still: org.codehaus.jackson.JsonParseException: Unexpected character ('<' = (code 60)): expected a valid value (number, String, array, object, = 'true', 'false' or 'null') at [Source: java.io.StringReader@328a4512; =
=20 Many requests were send to ovirt.mydomain, but just one to = realhost.mydomain:443, I don't know why. =20 =E2=80=8BYou need to have correctly set up engine FQDN and it has to = be resolvable. If you don't have correctly set engine FQDN, you can fix =
--Apple-Mail=_FD9339EF-8F59-4AFB-9484-EACD0D63D5BA Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 I'm not sure it's a good idea if you're running 4.0. This procedure does = half of the job as it don't touch the custom java trust store and = missing parts are mandatory for ovirt 4. So I'm now stuck with an = unreachable UI after an upgrade and I don't know if I can roll back.=20 that =E2=80=8B=E2=80=8Busing ovirt=E2=80=8B-engine-rename tool, more = info can be found at: line: 3, column: 2] portal". I then got a warning. The vhost for ovirt is "ovirt.mydomain", = but I got a redirect to: line: 3, column: 2]=E2=80=8B=20 that =E2=80=8B=E2=80=8Busing ovirt=E2=80=8B-engine-rename tool, more = info can be found at:
=20 = https://www.ovirt.org/documentation/how-to/networking/changing-engine-host= name/ = <https://www.ovirt.org/documentation/how-to/networking/changing-engine-hos= tname/> =20 Also be aware that you need to use that engine FQDN to access oVirt = 4.0 =20 =20 I didn't ask for any SSO, I already use my own (CAS), it was working = well and the update never ask for activating something new. =20 =E2=80=8BThis is one of the oVirt 4.0 features=E2=80=8B, we have = implemented OAUTH SSO for all engine parts: webadmin, userportal and = restapi. If you are using CAS (althought it's officially supported by = oVirt), that probably means you have configured cas authentication on = Apache, passing authenticated username using aaa-misc as authn extension = and aaa-ldap as authz extension (to get group memberships for = authenticated user). If that's true then please take a look at=20 =20 https://bugzilla.redhat.com/show_bug.cgi?id=3D1342192 = <https://bugzilla.redhat.com/show_bug.cgi?id=3D1342192> =20 there are some changes on Apache configuration (the bug is for = kerberos, but I suspect similar config is needed also for cas module in = apache). =20 =20 =20
Le 3 ao=C3=BBt 2016 =C3=A0 15:09, Martin Perina <mperina@redhat.com = <mailto:mperina@redhat.com>> a =C3=A9crit :
Hi, please follow steps as described in BZ:
1. Create /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf = (you may choose different filename but it has to end with '.conf' = suffix) with following content:
ENGINE_HTTPS_PKI_TRUST_STORE=3D"<full path to your java keystore>" ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD=3D"<password to your java = keystore>"
2. Restart the engine
If the above doesn't work please attach server.log/engine.log
Thanks
Martin Perina =20 =20 =20
Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users = <http://lists.ovirt.org/mailman/listinfo/users> =20 =20
--Apple-Mail=_FD9339EF-8F59-4AFB-9484-EACD0D63D5BA Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html = charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" = class=3D""><div class=3D"">I'm not sure it's a good idea if you're = running 4.0. This procedure does half of the job as it don't touch the = custom java trust store and missing parts are mandatory for ovirt 4. So = I'm now stuck with an unreachable UI after</div><div class=3D"">an = upgrade and I don't know if I can roll back. </div><br = class=3D""><div><blockquote type=3D"cite" class=3D""><div class=3D"">Le = 10 ao=C3=BBt 2016 =C3=A0 17:30, Marcelo Leandro <<a = href=3D"mailto:marceloltmm@gmail.com" = class=3D"">marceloltmm@gmail.com</a>> a =C3=A9crit :</div><br = class=3D"Apple-interchange-newline"><div class=3D""><div dir=3D"ltr" = class=3D""><div class=3D""><div class=3D"">Good morning ,<br = class=3D""><br class=3D"">"You need to have correctly set up engine FQDN and it has to be resolvable.=20= If you don't have correctly set engine FQDN, you can fix that = =E2=80=8B=E2=80=8Busing ovirt=E2=80=8B-engine-rename tool, more info can = be found at:<br class=3D""><br class=3D""><a = href=3D"https://www.ovirt.org/documentation/how-to/networking/changing-eng= ine-hostname/" target=3D"_blank" class=3D"">https://www.ovirt.org/<wbr = class=3D"">documentation/how-to/<wbr class=3D"">networking/<span = class=3D"">changing</span>-engine-<wbr class=3D""><span = class=3D"">hostname</span>/</a> "<br class=3D""><br class=3D""></div>can = I make the procedure with host and vms in production?<br class=3D""><br = class=3D""></div>Thanks.<br class=3D""></div><div = class=3D"gmail_extra"><br class=3D""><div class=3D"gmail_quote">2016-08-03= 14:34 GMT-03:00 Martin Perina <span dir=3D"ltr" class=3D""><<a = href=3D"mailto:mperina@redhat.com" target=3D"_blank" = class=3D"">mperina@redhat.com</a>></span>:<br class=3D""><blockquote = class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc = solid;padding-left:1ex"><div dir=3D"ltr" class=3D""><div = class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif"><br class=3D""></div><div= class=3D"gmail_extra"><br class=3D""><div class=3D"gmail_quote"><span = class=3D"">On Wed, Aug 3, 2016 at 5:25 PM, Fabrice Bacchella <span = dir=3D"ltr" class=3D""><<a href=3D"mailto:fabrice.bacchella@icloud.com"= target=3D"_blank" class=3D"">fabrice.bacchella@icloud.com</a>></span> = wrote:<br class=3D""><blockquote class=3D"gmail_quote" style=3D"margin:0px= 0px 0px 0.8ex;border-left:1px solid = rgb(204,204,204);padding-left:1ex">Next step :<br class=3D""> <br class=3D""> The UI says, even with a restarted navigator:<br class=3D""> <br class=3D""> org.codehaus.jackson.<wbr class=3D"">JsonParseException: Unexpected = character ('<' (code 60)): expected a valid value (number, String, = array, object, 'true', 'false' or 'null') at [Source: = java.io.StringReader@74749f78; line: 3, column: 2]<br = class=3D""></blockquote></span><div class=3D""><br class=3D""><div = class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif;display:inline">=E2=80=8BI= haven't seen this error before, could you please share server.log and = engine.log?<br class=3D"">=E2=80=8B</div> </div><span = class=3D""><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px = 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <br class=3D""> <br class=3D""> I shift-reload, got a welcome screen, click on "Administration portal". = I then got a warning. The vhost for ovirt is "ovirt.mydomain", but I got = a redirect to:<br class=3D""> <a = href=3D"https://ovirt.mydomain/ovirt-engine/webadmin/sso/login?&app_ur= l=3Dhttps%3A%2F%2Fovirt.mydomain%2Fovirt-engine%2Fwebadmin%2F%3Flocale%3De= n_US&locale=3Den_US" rel=3D"noreferrer" target=3D"_blank" = class=3D"">https://ovirt.mydomain/ovirt-<wbr = class=3D"">engine/webadmin/sso/login?&<wbr = class=3D"">app_url=3Dhttps%3A%2F%2Fovirt.<wbr = class=3D"">mydomain%2Fovirt-engine%<wbr = class=3D"">2Fwebadmin%2F%3Flocale%3Den_<wbr = class=3D"">US&locale=3Den_US</a><br class=3D""> that then redirect to:<br class=3D""> <a = href=3D"https://realhost.mydomain/ovirt-engine/sso/oauth/authorize?client_= id=3Dovirt-engine-core&response_type=3Dcode&redirect_uri=3Dhttps%3= A%2F%2Fovirt.mydomain%3A443%2Fovirt-engine%2Fwebadmin%2Fsso%2Foauth2-callb= ack&scope=3Dovirt-app-admin+ovirt-app-portal+ovirt-ext%3Dauth%3Asequen= ce-priority%3D%7E&state=3D5ku3vXkfb10" rel=3D"noreferrer" = target=3D"_blank" class=3D"">https://realhost.mydomain:443/<wbr = class=3D"">ovirt-engine/sso/oauth/<wbr = class=3D"">authorize?client_id=3Dovirt-<wbr = class=3D"">engine-core&response_type=3D<wbr = class=3D"">code&redirect_uri=3Dhttps%3A%2F%<wbr = class=3D"">2Fovirt.mydomain%3A443%<wbr = class=3D"">2Fovirt-engine%2Fwebadmin%<wbr = class=3D"">2Fsso%2Foauth2-callback&scope=3D<wbr = class=3D"">ovirt-app-admin+ovirt-app-<wbr = class=3D"">portal+ovirt-ext%3Dauth%<wbr = class=3D"">3Asequence-priority%3D%7E&<wbr = class=3D"">state=3D5ku3vXkfb10</a><br class=3D""> <br class=3D""> And it fail with again with still:<br class=3D""> org.codehaus.jackson.<wbr class=3D"">JsonParseException: Unexpected = character ('<' (code 60)): expected a valid value (number, String, = array, object, 'true', 'false' or 'null') at [Source: = java.io.StringReader@328a4512; line: 3, column: = 2]=E2=80=8B </blockquote><blockquote class=3D"gmail_quote" = style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid = rgb(204,204,204);padding-left:1ex"> <br class=3D""> Many requests were send to ovirt.mydomain, but just one to = realhost.mydomain:443, I don't know why.<br = class=3D""></blockquote></span><div class=3D""><br class=3D""><div = class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif;display:inline">=E2=80=8BY= ou need to have correctly set up engine FQDN and it has to be = resolvable. If you don't have correctly set engine FQDN, you can fix = that =E2=80=8B</div><div class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif;display:inline">=E2=80=8Bu= sing ovirt=E2=80=8B-engine-rename tool, more info can be found at:<br = class=3D""><br class=3D""><a = href=3D"https://www.ovirt.org/documentation/how-to/networking/changing-eng= ine-hostname/" target=3D"_blank" class=3D"">https://www.ovirt.org/<wbr = class=3D"">documentation/how-to/<wbr = class=3D"">networking/changing-engine-<wbr class=3D"">hostname/</a><br = class=3D""><br class=3D""></div><div class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif;display:inline">Also be = aware that you need to use that engine FQDN to access oVirt 4.0<br = class=3D""><br class=3D""></div></div><span class=3D""><blockquote = class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px = solid rgb(204,204,204);padding-left:1ex"> <br class=3D""> I didn't ask for any SSO, I already use my own (CAS), it was working = well and the update never ask for activating something new.<br = class=3D""></blockquote></span><div class=3D""><br class=3D""><div = class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif;display:inline">=E2=80=8BT= his is one of the oVirt 4.0 features=E2=80=8B, we have implemented OAUTH = SSO for all engine parts: webadmin, userportal and restapi. If you are = using CAS (althought it's officially supported by oVirt), that probably = means you have configured cas authentication on Apache, passing = authenticated username using aaa-misc as authn extension and aaa-ldap as = authz extension (to get group memberships for authenticated user). If = that's true then please take a look at <br class=3D""><br class=3D""><a = href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D1342192" = target=3D"_blank" class=3D"">https://bugzilla.redhat.com/<wbr = class=3D"">show_bug.cgi?id=3D1342192</a><br class=3D""><br = class=3D""></div><div class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif;display:inline">there = are some changes on Apache configuration (the bug is for kerberos, but I = suspect similar config is needed also for cas module in apache).<br = class=3D""></div><div class=3D"gmail_default" = style=3D"font-family:arial,helvetica,sans-serif;display:inline"><br = class=3D""></div></div><span class=3D""><blockquote class=3D"gmail_quote" = style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid = rgb(204,204,204);padding-left:1ex"> <br class=3D""> <br class=3D""> > Le 3 ao=C3=BBt 2016 =C3=A0 15:09, Martin Perina <<a = href=3D"mailto:mperina@redhat.com" target=3D"_blank" = class=3D"">mperina@redhat.com</a>> a =C3=A9crit :<br class=3D""> ><br class=3D""> > Hi,<br class=3D""> > please follow steps as described in BZ:<br class=3D""> ><br class=3D""> > 1. Create /etc/ovirt-engine/engine.conf.<wbr = class=3D"">d/99-custom-truststore.conf (you may choose different = filename but it has to end with '.conf' suffix) with following = content:<br class=3D""> ><br class=3D""> > ENGINE_HTTPS_PKI_TRUST_STORE=3D<wbr class=3D"">"<full = path to your java keystore>"<br class=3D""> > ENGINE_HTTPS_PKI_TRUST_STORE_<wbr = class=3D"">PASSWORD=3D"<password to your java keystore>"<br = class=3D""> ><br class=3D""> > 2. Restart the engine<br class=3D""> ><br class=3D""> > If the above doesn't work please attach server.log/engine.log<br = class=3D""> ><br class=3D""> > Thanks<br class=3D""> ><br class=3D""> > Martin Perina<br class=3D""> <br class=3D""> </blockquote></span></div><br class=3D""></div></div> <br class=3D"">______________________________<wbr = class=3D"">_________________<br class=3D""> Users mailing list<br class=3D""> <a href=3D"mailto:Users@ovirt.org" class=3D"">Users@ovirt.org</a><br = class=3D""> <a href=3D"http://lists.ovirt.org/mailman/listinfo/users" = rel=3D"noreferrer" target=3D"_blank" = class=3D"">http://lists.ovirt.org/<wbr = class=3D"">mailman/listinfo/users</a><br class=3D""> <br class=3D""></blockquote></div><br class=3D""></div> </div></blockquote></div><br class=3D""></body></html>= --Apple-Mail=_FD9339EF-8F59-4AFB-9484-EACD0D63D5BA--