------PXLRQ3P0G6SY9KXSTS097IKHZKWG31 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Hi all, Is there any way to bypass the FQDN access requirement on ovirt 4? On previous versions I was able to access ovirt engine using IP. It is impractical to access with FQDN when doing remote port forwarding. Thanx, Alex -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ------PXLRQ3P0G6SY9KXSTS097IKHZKWG31 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit Hi all,<br> <br> Is there any way to bypass the FQDN access requirement on ovirt 4? On previous versions I was able to access ovirt engine using IP. It is impractical to access with FQDN when doing remote port forwarding.<br> <br> Thanx,<br> Alex<br> -- <br> Sent from my Android device with K-9 Mail. Please excuse my brevity. ------PXLRQ3P0G6SY9KXSTS097IKHZKWG31--
Hi, please take a look at [1], since oVirt 4.0.4 you can defined alternate names (or IPs) to access engine. Regards Martin Perina [1] https://bugzilla.redhat.com/show_bug.cgi?id=1325746 On Thu, Jan 26, 2017 at 6:59 PM, rightkicktech.gmail.com < rightkicktech@gmail.com> wrote:
Hi all,
Is there any way to bypass the FQDN access requirement on ovirt 4? On previous versions I was able to access ovirt engine using IP. It is impractical to access with FQDN when doing remote port forwarding.
Thanx, Alex -- Sent from my Android device with K-9 Mail. Please excuse my brevity. _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
------7NAHD9WQR1SQBJD2ULI7XEJE3F4GHU Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Thank you Martin=2E I will check that=2E On January 26, 2017 9:39:42 PM GMT+02:00, Martin Perina <mperina@redhat=2E= com> wrote:
Hi,
please take a look at [1], since oVirt 4=2E0=2E4 you can defined alternat= e names (or IPs) to access engine=2E
Regards
Martin Perina
[1] https://bugzilla=2Eredhat=2Ecom/show_bug=2Ecgi?id=3D1325746
On Thu, Jan 26, 2017 at 6:59 PM, rightkicktech=2Egmail=2Ecom < rightkicktech@gmail=2Ecom> wrote:
Hi all,
Is there any way to bypass the FQDN access requirement on ovirt 4? On previous versions I was able to access ovirt engine using IP=2E It is impractical to access with FQDN when doing remote port forwarding=2E
Thanx, Alex -- Sent from my Android device with K-9 Mail=2E Please excuse my brevity= =2E _______________________________________________ Users mailing list Users@ovirt=2Eorg http://lists=2Eovirt=2Eorg/mailman/listinfo/users
On Thu, Jan 26, 2017 at 6:59 PM, <a href=3D"http://rightkicktech=2Egmail= =2Ecom">rightkicktech=2Egmail=2Ecom</a> <span dir=3D"ltr"><<a href=3D"ma= ilto:rightkicktech@gmail=2Ecom" target=3D"_blank">rightkicktech@gmail=2Ecom= </a>></span> wrote:<br /><blockquote class=3D"gmail_quote" style=3D"marg= in:0 0 0 =2E8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all,<br /> <br /> Is there any way to bypass the FQDN access requirement on ovirt 4? On prev= ious versions I was able to access ovirt engine using IP=2E It is impractic= al to access with FQDN when doing remote port forwarding=2E<br /> <br /> Thanx,<br /> Alex<span class=3D"HOEnZb"><font color=3D"#888888"><br /> -- <br /> Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E</= font></span><br />______________________________<wbr />_________________<br= /> Users mailing list<br /> <a href=3D"mailto:Users@ovirt=2Eorg">Users@ovirt=2Eorg</a><br /> <a href=3D"http://lists=2Eovirt=2Eorg/mailman/listinfo/users" rel=3D"noref= errer" target=3D"_blank">http://lists=2Eovirt=2Eorg/<wbr />mailman/listinfo= /users</a><br /> <br /></blockquote></div><br /></div> </blockquote></div><br> -- <br> Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E</=
--=20 Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E ------7NAHD9WQR1SQBJD2ULI7XEJE3F4GHU Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><head></head><body>Thank you Martin=2E<br> I will check that=2E<br><br><div class=3D"gmail_quote">On January 26, 2017= 9:39:42 PM GMT+02:00, Martin Perina <mperina@redhat=2Ecom> wrote:<bl= ockquote class=3D"gmail_quote" style=3D"margin: 0pt 0pt 0pt 0=2E8ex; border= -left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"> <div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:arial,h= elvetica,sans-serif">Hi,<br /><br /></div><div class=3D"gmail_default" styl= e=3D"font-family:arial,helvetica,sans-serif">please take a look at [1], sin= ce oVirt 4=2E0=2E4 you can defined alternate names (or IPs) to access engin= e=2E<br /><br /></div><div class=3D"gmail_default" style=3D"font-family:ari= al,helvetica,sans-serif">Regards<br /><br /></div><div class=3D"gmail_defau= lt" style=3D"font-family:arial,helvetica,sans-serif">Martin Perina<br /><br= />[1] <a href=3D"https://bugzilla=2Eredhat=2Ecom/show_bug=2Ecgi?id=3D13257= 46">https://bugzilla=2Eredhat=2Ecom/show_bug=2Ecgi?id=3D1325746</a><br /><b= r /></div></div><div class=3D"gmail_extra"><br /><div class=3D"gmail_quote"= body></html> ------7NAHD9WQR1SQBJD2ULI7XEJE3F4GHU--
------5MFD2E68UZYA51PWOUWQUH3ON86T9A Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, I added the IP address at 11-setup-sso=2Econf (found at /etc/ovirt-engine/= engine=2Econf=2Ed), at line SSO_ALTERNATE_ENGINE_FQDNS=3D"IP"=2E Then restarted engine=2E I can access now engine vm using IP, but I cannot when connecting remotely= using localhost and port forwarding through ssh=2E I tried to add also loc= alhost as alternate fqdn without any luck=2E=20 Any idea? Many thanx, Alex On January 27, 2017 1:10:33 AM GMT+02:00, Alex <rightkicktech@gmail=2Ecom>= wrote:
Thank you Martin=2E I will check that=2E
On January 26, 2017 9:39:42 PM GMT+02:00, Martin Perina <mperina@redhat=2Ecom> wrote:
Hi,
please take a look at [1], since oVirt 4=2E0=2E4 you can defined alterna= te names (or IPs) to access engine=2E
Regards
Martin Perina
[1] https://bugzilla=2Eredhat=2Ecom/show_bug=2Ecgi?id=3D1325746
On Thu, Jan 26, 2017 at 6:59 PM, rightkicktech=2Egmail=2Ecom < rightkicktech@gmail=2Ecom> wrote:
Hi all,
Is there any way to bypass the FQDN access requirement on ovirt 4? On previous versions I was able to access ovirt engine using IP=2E It is impractical to access with FQDN when doing remote port forwarding=2E
Thanx, Alex -- Sent from my Android device with K-9 Mail=2E Please excuse my brevity= =2E _______________________________________________ Users mailing list Users@ovirt=2Eorg http://lists=2Eovirt=2Eorg/mailman/listinfo/users
--=20 Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E
On Thu, Jan 26, 2017 at 6:59 PM, <a href=3D"http://rightkicktech=2Egmail= =2Ecom">rightkicktech=2Egmail=2Ecom</a> <span dir=3D"ltr"><<a href=3D"ma= ilto:rightkicktech@gmail=2Ecom" target=3D"_blank">rightkicktech@gmail=2Ecom= </a>></span> wrote:<br /><blockquote class=3D"gmail_quote" style=3D"marg= in:0 0 0 =2E8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all,<br /> <br /> Is there any way to bypass the FQDN access requirement on ovirt 4? On prev= ious versions I was able to access ovirt engine using IP=2E It is impractic= al to access with FQDN when doing remote port forwarding=2E<br /> <br /> Thanx,<br /> Alex<span class=3D"HOEnZb"><font color=3D"#888888"><br /> -- <br /> Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E</= font></span><br />______________________________<wbr />_________________<br= /> Users mailing list<br /> <a href=3D"mailto:Users@ovirt=2Eorg">Users@ovirt=2Eorg</a><br /> <a href=3D"http://lists=2Eovirt=2Eorg/mailman/listinfo/users" rel=3D"noref= errer" target=3D"_blank">http://lists=2Eovirt=2Eorg/<wbr />mailman/listinfo= /users</a><br /> <br /></blockquote></div><br /></div> </blockquote></div><br /></blockquote></div><br> -- <br> Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E</=
--=20 Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E ------5MFD2E68UZYA51PWOUWQUH3ON86T9A Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><head></head><body>Hi,<br> <br> I added the IP address at 11-setup-sso=2Econf (found at /etc/ovirt-engine/= engine=2Econf=2Ed), at line SSO_ALTERNATE_ENGINE_FQDNS=3D"IP"=2E<= br> Then restarted engine=2E<br> I can access now engine vm using IP, but I cannot when connecting remotely= using localhost and port forwarding through ssh=2E I tried to add also loc= alhost as alternate fqdn without any luck=2E <br> Any idea?<br> <br> Many thanx,<br> Alex<br> <br><br><div class=3D"gmail_quote">On January 27, 2017 1:10:33 AM GMT+02:0= 0, Alex <rightkicktech@gmail=2Ecom> wrote:<blockquote class=3D"gmail_= quote" style=3D"margin: 0pt 0pt 0pt 0=2E8ex; border-left: 1px solid rgb(204= , 204, 204); padding-left: 1ex;"> Thank you Martin=2E<br /> I will check that=2E<br /><br /><div class=3D"gmail_quote">On January 26, = 2017 9:39:42 PM GMT+02:00, Martin Perina <mperina@redhat=2Ecom> wrote= :<blockquote class=3D"gmail_quote" style=3D"margin: 0pt 0pt 0pt 0=2E8ex; bo= rder-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"> <div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:arial,h= elvetica,sans-serif">Hi,<br /><br /></div><div class=3D"gmail_default" styl= e=3D"font-family:arial,helvetica,sans-serif">please take a look at [1], sin= ce oVirt 4=2E0=2E4 you can defined alternate names (or IPs) to access engin= e=2E<br /><br /></div><div class=3D"gmail_default" style=3D"font-family:ari= al,helvetica,sans-serif">Regards<br /><br /></div><div class=3D"gmail_defau= lt" style=3D"font-family:arial,helvetica,sans-serif">Martin Perina<br /><br= />[1] <a href=3D"https://bugzilla=2Eredhat=2Ecom/show_bug=2Ecgi?id=3D13257= 46">https://bugzilla=2Eredhat=2Ecom/show_bug=2Ecgi?id=3D1325746</a><br /><b= r /></div></div><div class=3D"gmail_extra"><br /><div class=3D"gmail_quote"= body></html> ------5MFD2E68UZYA51PWOUWQUH3ON86T9A--
On 01/27/2017 11:56 AM, Alex wrote:
Hi,
I added the IP address at 11-setup-sso.conf (found at /etc/ovirt-engine/engine.conf.d), at line SSO_ALTERNATE_ENGINE_FQDNS="IP". Then restarted engine. I can access now engine vm using IP, but I cannot when connecting remotely using localhost and port forwarding through ssh. I tried to add also localhost as alternate fqdn without any luck. Any idea?
Many thanx, Alex
Make sure to include also the port number that you are using. For example, if you are using port 10000 then you will need this: SSO_ALTERNATE_ENGINE_FQDNS="localhost:10000" I'd also suggest to avoid modifying the 11-setup-sso.conf file, as it will be overwritten if you run 'engine-setup' again, during an upgrade, for example. Instead of that try to create your own 99-my.conf file, for example. Also, if you want this just for SSH, I'd suggest to use the SSH SOCKS proxy support instead. For example, I reach all my systems via SSH, using 'server.example.com' as the SSH gateway. I start SSH like this: ssh -D 127.0.0.1:10000 server.example.com And then I configure my browser to use 127.0.0.1:10000 as SOCKS proxy for *.example.com.
On January 27, 2017 1:10:33 AM GMT+02:00, Alex <rightkicktech@gmail.com> wrote:
Thank you Martin. I will check that.
On January 26, 2017 9:39:42 PM GMT+02:00, Martin Perina <mperina@redhat.com> wrote:
Hi,
please take a look at [1], since oVirt 4.0.4 you can defined alternate names (or IPs) to access engine.
Regards
Martin Perina
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1325746
On Thu, Jan 26, 2017 at 6:59 PM, rightkicktech.gmail.com <http://rightkicktech.gmail.com> <rightkicktech@gmail.com <mailto:rightkicktech@gmail.com>> wrote:
Hi all,
Is there any way to bypass the FQDN access requirement on ovirt 4? On previous versions I was able to access ovirt engine using IP. It is impractical to access with FQDN when doing remote port forwarding.
Thanx, Alex -- Sent from my Android device with K-9 Mail. Please excuse my brevity. _______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
------W8UEK94U7L2X0W96XO4VAKONZ7LXWP Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Hi, To clarify my previous. When adding localhost at SSO_ALTERNATE_ENGINE_FQDNS="localhost", then i was able to access through port forwarding. I tried to add IP and localhost, comma separated SSO_ALTERNATE_ENGINE_FQDNS="10.0.0.10,localhost", and in this case i could not use localhost. Does this variable accepts comma separated values? Thanx for the socks proxy. Yes, thats my last tactic when facing issues with port forwarding, though i need to go through two hops and makes it a bit more complex. The first hop does not have direct access to destination network and I dont have direct SSH access to final hop. I will also add a custom config next to 11-setup-sso.conf file. Thanx for pointing it out. Alex On January 27, 2017 1:32:14 PM EET, "Juan Hernández" <jhernand@redhat.com> wrote:
On 01/27/2017 11:56 AM, Alex wrote:
Hi,
I added the IP address at 11-setup-sso.conf (found at /etc/ovirt-engine/engine.conf.d), at line SSO_ALTERNATE_ENGINE_FQDNS="IP". Then restarted engine. I can access now engine vm using IP, but I cannot when connecting remotely using localhost and port forwarding through ssh. I tried to add also localhost as alternate fqdn without any luck. Any idea?
Many thanx, Alex
Make sure to include also the port number that you are using. For example, if you are using port 10000 then you will need this:
SSO_ALTERNATE_ENGINE_FQDNS="localhost:10000"
I'd also suggest to avoid modifying the 11-setup-sso.conf file, as it will be overwritten if you run 'engine-setup' again, during an upgrade, for example. Instead of that try to create your own 99-my.conf file, for example.
Also, if you want this just for SSH, I'd suggest to use the SSH SOCKS proxy support instead. For example, I reach all my systems via SSH, using 'server.example.com' as the SSH gateway. I start SSH like this:
ssh -D 127.0.0.1:10000 server.example.com
And then I configure my browser to use 127.0.0.1:10000 as SOCKS proxy for *.example.com.
On January 27, 2017 1:10:33 AM GMT+02:00, Alex
<rightkicktech@gmail.com>
wrote:
Thank you Martin. I will check that.
On January 26, 2017 9:39:42 PM GMT+02:00, Martin Perina <mperina@redhat.com> wrote:
Hi,
please take a look at [1], since oVirt 4.0.4 you can defined alternate names (or IPs) to access engine.
Regards
Martin Perina
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1325746
On Thu, Jan 26, 2017 at 6:59 PM, rightkicktech.gmail.com <http://rightkicktech.gmail.com> <rightkicktech@gmail.com <mailto:rightkicktech@gmail.com>> wrote:
Hi all,
Is there any way to bypass the FQDN access requirement on ovirt 4? On previous versions I was able to access ovirt engine using IP. It is impractical to access with FQDN when doing remote port forwarding.
Thanx, Alex -- Sent from my Android device with K-9 Mail. Please excuse my brevity. _______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Sent from my Android device with K-9 Mail. Please excuse my brevity. ------W8UEK94U7L2X0W96XO4VAKONZ7LXWP Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit <html><head></head><body>Hi,<br> <br> To clarify my previous. When adding localhost at SSO_ALTERNATE_ENGINE_FQDNS="localhost", then i was able to access through port forwarding. I tried to add IP and localhost, comma separated SSO_ALTERNATE_ENGINE_FQDNS="<a href="http://10.0.0.10">10.0.0.10</a>,localhost";, and in this case i could not use localhost. <br> Does this variable accepts comma separated values?<br> <br> Thanx for the socks proxy. Yes, thats my last tactic when facing issues with port forwarding, though i need to go through two hops and makes it a bit more complex. The first hop does not have direct access to destination network and I dont have direct SSH access to final hop.<br> <br> I will also add a custom config next to 11-setup-sso.conf file. Thanx for pointing it out.<br> <br> Alex<br> <br><br><div class="gmail_quote">On January 27, 2017 1:32:14 PM EET, "Juan Hernández" <jhernand@redhat.com> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"> <pre class="k9mail">On 01/27/2017 11:56 AM, Alex wrote:<br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"> Hi,<br /> <br /> I added the IP address at 11-setup-sso.conf (found at<br /> /etc/ovirt-engine/engine.conf.d), at line SSO_ALTERNATE_ENGINE_FQDNS="IP".<br /> Then restarted engine.<br /> I can access now engine vm using IP, but I cannot when connecting<br /> remotely using localhost and port forwarding through ssh. I tried to add<br /> also localhost as alternate fqdn without any luck.<br /> Any idea?<br /> <br /> Many thanx,<br /> Alex<br /> <br /></blockquote><br />Make sure to include also the port number that you are using. For<br />example, if you are using port 10000 then you will need this:<br /><br /> SSO_ALTERNATE_ENGINE_FQDNS="localhost:10000"<br /><br />I'd also suggest to avoid modifying the 11-setup-sso.conf file, as it<br />will be overwritten if you run 'engine-setup' again, during an upgrade,<br />for example. Instead of that try to create your own 99-my.conf file, for<br />example.<br /><br />Also, if you want this just for SSH, I'd suggest to use the SSH SOCKS<br />proxy support instead. For example, I reach all my systems via SSH,<br />using '<a href="http://server.example.com">server.example.com</a>' as the SSH gateway. I start SSH like this:<br /><br /> ssh -D <a href="127.0.0.1:10000">127.0.0.1:10000</a> <a href="http://server.example.com">server.example.com</a><br /><br />And then I configure my browser to use <a href="127.0.0.1:10000">127.0.0.1:10000</a> as SOCKS proxy<br />for *.<a href="http://example.com">example.com</a>.<br /><br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"> <br /> On January 27, 2017 1:10:33 AM GMT+02:00, Alex <rightkicktech@gmail.com><br /> wrote:<br /> <br /> Thank you Martin.<br /> I will check that.<br /> <br /> On January 26, 2017 9:39:42 PM GMT+02:00, Martin Perina<br /> <mperina@redhat.com> wrote:<br /> <br /> Hi,<br /> <br /> please take a look at [1], since oVirt 4.0.4 you can defined<br /> alternate names (or IPs) to access engine.<br /> <br /> Regards<br /> <br /> Martin Perina<br /> <br /> [1] <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1325746">https://bugzilla.redhat.com/show_bug.cgi?id=1325746</a><br /> <br /> <br /> On Thu, Jan 26, 2017 at 6:59 PM, <a href="http://rightkicktech.gmail.com">rightkicktech.gmail.com</a><br /> <<a href="http://rightkicktech.gmail.com">http://rightkicktech.gmail.com</a>>; <rightkicktech@gmail.com<br /> <mailto:rightkicktech@gmail.com>> wrote:<br /> <br /> Hi all,<br /> <br /> Is there any way to bypass the FQDN access requirement on<br /> ovirt 4? On previous versions I was able to access ovirt<br /> engine using IP. It is impractical to access with FQDN when<br /> doing remote port forwarding.<br /> <br /> Thanx,<br /> Alex<br /> -- <br /> Sent from my Android device with K-9 Mail. Please excuse my<br /> brevity.<br /><hr /><br /> Users mailing list<br /> Users@ovirt.org <mailto:Users@ovirt.org><br /> <a href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a><br /> <<a href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a>><br /> <br /> <br /> <br /> <br /> -- <br /> Sent from my Android device with K-9 Mail. Please excuse my brevity.<br /> <br /> <br /><hr /><br /> Users mailing list<br /> Users@ovirt.org<br /> <a href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a><br /> <br /></blockquote><br /></pre></blockquote></div><br> -- <br> Sent from my Android device with K-9 Mail. Please excuse my brevity.</body></html> ------W8UEK94U7L2X0W96XO4VAKONZ7LXWP--
On 01/27/2017 01:40 PM, rightkicktech.gmail.com wrote:
Hi,
To clarify my previous. When adding localhost at SSO_ALTERNATE_ENGINE_FQDNS="localhost", then i was able to access through port forwarding. I tried to add IP and localhost, comma separated SSO_ALTERNATE_ENGINE_FQDNS="10.0.0.10 <http://10.0.0.10>,localhost", and in this case i could not use localhost. Does this variable accepts comma separated values?
It is a space separated list. It is documented here: https://github.com/oVirt/ovirt-engine/blob/master/packaging/services/ovirt-e...
Thanx for the socks proxy. Yes, thats my last tactic when facing issues with port forwarding, though i need to go through two hops and makes it a bit more complex. The first hop does not have direct access to destination network and I dont have direct SSH access to final hop.
I will also add a custom config next to 11-setup-sso.conf file. Thanx for pointing it out.
Alex
On January 27, 2017 1:32:14 PM EET, "Juan Hernández" <jhernand@redhat.com> wrote:
On 01/27/2017 11:56 AM, Alex wrote:
Hi,
I added the IP address at 11-setup-sso.conf (found at /etc/ovirt-engine/engine.conf.d), at line SSO_ALTERNATE_ENGINE_FQDNS="IP". Then restarted engine. I can access now engine vm using IP, but I cannot when connecting remotely using localhost and port forwarding through ssh. I tried to add also localhost as alternate fqdn without any luck. Any idea?
Many thanx, Alex
Make sure to include also the port number that you are using. For example, if you are using port 10000 then you will need this:
SSO_ALTERNATE_ENGINE_FQDNS="localhost:10000"
I'd also suggest to avoid modifying the 11-setup-sso.conf file, as it will be overwritten if you run 'engine-setup' again, during ! an upgrade, for example. Instead of that try to create your own 99-my.conf file, for example.
Also, if you want this just for SSH, I'd suggest to use the SSH SOCKS proxy support instead. For example, I reach all my systems via SSH, using 'server.example.com <http://server.example.com>' as the SSH gateway. I start SSH like this:
ssh -D 127.0.0.1:10000 server.example.com <http://server.example.com>
And then I configure my browser to use 127.0.0.1:10000 as SOCKS proxy for *.example.com <http://example.com>.
On January 27, 2017 1:10:33 AM GMT+02:00, Alex <rightkicktech@gmail.com> wrote:
Thank you Martin. I will check that.
On January 26, 2! 017 9:39:42 PM GMT+02:00, Martin Perina <mperina@redhat.com> wrote:
Hi,
please take a look at [1], since oVirt 4.0.4 you can defined alternate names (or IPs) to access engine.
Regards
Martin Perina
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1325746
On Thu, Jan 26, 2017 at 6:59 PM, rightkicktech.gmail.com <http://rightkicktech.gmail.com> <http://rightkicktech.gmail.com> <rightkicktech@gmail.com <mailto:rightkicktech@gmail.com>> wrote:
Hi all,
Is there any way to bypass the FQDN access requirement on ovirt 4? On previous versions I was able to access ovirt engine us! ing IP. It is impractical to access with FQDN when doing remote port forwarding.
Thanx, Alex -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ------------------------------------------------------------------------
Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
------------------------------------------------------------------------
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
------4C4ZOZSL6LPEXTJBT19MRPSDY1MSYE Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Hi, I put space instead of comma. I confirm now that I have access on FQDN, IP and localhost. Many thanx! Alex On January 27, 2017 2:47:27 PM EET, "Juan Hernández" <jhernand@redhat.com> wrote:
On 01/27/2017 01:40 PM, rightkicktech.gmail.com wrote:
Hi,
To clarify my previous. When adding localhost at SSO_ALTERNATE_ENGINE_FQDNS="localhost", then i was able to access through port forwarding. I tried to add IP and localhost, comma separated SSO_ALTERNATE_ENGINE_FQDNS="10.0.0.10 <http://10.0.0.10>,localhost", and in this case i could not use localhost. Does this variable accepts comma separated values?
It is a space separated list. It is documented here:
https://github.com/oVirt/ovirt-engine/blob/master/packaging/services/ovirt-e...
Thanx for the socks proxy. Yes, thats my last tactic when facing issues with port forwarding, though i need to go through two hops and makes it a bit more complex. The first hop does not have direct access to destination network and I dont have direct SSH access to final hop.
I will also add a custom config next to 11-setup-sso.conf file. Thanx for pointing it out.
Alex
On January 27, 2017 1:32:14 PM EET, "Juan Hernández" <jhernand@redhat.com> wrote:
On 01/27/2017 11:56 AM, Alex wrote:
Hi,
I added the IP address at 11-setup-sso.conf (found at /etc/ovirt-engine/engine.conf.d), at line SSO_ALTERNATE_ENGINE_FQDNS="IP". Then restarted engine. I can access now engine vm using IP, but I cannot when connecting remotely using localhost and port forwarding through ssh. I tried to add also localhost as alternate fqdn without any luck. Any idea?
Many thanx, Alex
Make sure to include also the port number that you are using. For example, if you are using port 10000 then you will need this:
SSO_ALTERNATE_ENGINE_FQDNS="localhost:10000"
I'd also suggest to avoid modifying the 11-setup-sso.conf file, as it will be overwritten if you run 'engine-setup' again, during ! an upgrade, for example. Instead of that try to create your own 99-my.conf file, for example.
Also, if you want this just for SSH, I'd suggest to use the SSH SOCKS proxy support instead. For example, I reach all my systems via SSH, using 'server.example.com <http://server.example.com>' as the SSH gateway. I start SSH like this:
ssh -D 127.0.0.1:10000 server.example.com <http://server.example.com>
And then I configure my browser to use 127.0.0.1:10000 as SOCKS proxy for *.example.com <http://example.com>.
On January 27, 2017 1:10:33 AM GMT+02:00, Alex <rightkicktech@gmail.com> wrote:
Thank you Martin. I will check that.
On January 26, 2! 017 9:39:42 PM GMT+02:00, Martin Perina <mperina@redhat.com> wrote:
Hi,
please take a look at [1], since oVirt 4.0.4 you can defined alternate names (or IPs) to access engine.
Regards
Martin Perina
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1325746
On Thu, Jan 26, 2017 at 6:59 PM, rightkicktech.gmail.com <http://rightkicktech.gmail.com> <http://rightkicktech.gmail.com> <rightkicktech@gmail.com <mailto:rightkicktech@gmail.com>> wrote:
Hi all,
Is there any way to bypass the FQDN access requirement on ovirt 4? On previous versions I was able to access ovirt engine us! ing IP. It is impractical to access with FQDN when doing remote port forwarding.
Thanx, Alex -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
------------------------------------------------------------------------
Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
-- Sent from my Android device with K-9 Mail. Please excuse my
brevity.
------------------------------------------------------------------------
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
-- Sent from my Android device with K-9 Mail. Please excuse my brevity. ------4C4ZOZSL6LPEXTJBT19MRPSDY1MSYE Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit <html><head></head><body>Hi,<br> <br> I put space instead of comma.<br> I confirm now that I have access on FQDN, IP and localhost.<br> <br> Many thanx!<br> <br> Alex<br><br><div class="gmail_quote">On January 27, 2017 2:47:27 PM EET, "Juan Hernández" <jhernand@redhat.com> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"> <pre class="k9mail">On 01/27/2017 01:40 PM, <a href="http://rightkicktech.gmail.com">rightkicktech.gmail.com</a> wrote:<br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"> Hi,<br /> <br /> To clarify my previous. When adding localhost at<br /> SSO_ALTERNATE_ENGINE_FQDNS="localhost", then i was able to access<br /> through port forwarding. I tried to add IP and localhost, comma<br /> separated SSO_ALTERNATE_ENGINE_FQDNS="<a href="http://10.0.0.10">10.0.0.10</a><br /> <<a href="http://10.0.0.10">http://10.0.0.10</a>>,localhost", and in this case i could not use localhost.<br /> Does this variable accepts comma separated values?<br /> <br /></blockquote><br />It is a space separated list. It is documented here:<br /><br /><br /><a href="https://github.com/oVirt/ovirt-engine/blob/master/packaging/services/ovirt-engine/ovirt-engine.conf.in#L363-L366">https://github.com/oVirt/ovirt-engine/blob/master/packaging/services/ovirt-engine/ovirt-engine.conf.in#L363-L366</a><br /><br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"> Thanx for the socks proxy. Yes, thats my last tactic when facing issues<br /> with port forwarding, though i need to go through two hops and makes it<br /> a bit more complex. The first hop does not have direct access to<br /> destination network and I dont have direct SSH access to final hop.<br /> <br /> I will also add a custom config next to 11-setup-sso.conf file. Thanx<br /> for pointing it out.<br /> <br /> Alex<br /> <br /> <br /> On January 27, 2017 1:32:14 PM EET, "Juan Hernández"<br /> <jhernand@redhat.com> wrote:<br /> <br /> On 01/27/2017 11:56 AM, Alex wrote:<br /> <br /> Hi,<br /> <br /> I added the IP address at 11-setup-sso.conf (found at<br /> /etc/ovirt-engine/engine.conf.d), at line<br /> SSO_ALTERNATE_ENGINE_FQDNS="IP".<br /> Then restarted engine.<br /> I can access now engine vm using IP, but I cannot when connecting<br /> remotely using localhost and port forwarding through ssh. I<br /> tried to add<br /> also localhost as alternate fqdn without any luck.<br /> Any idea?<br /> <br /> Many thanx,<br /> Alex<br /> <br /> <br /> Make sure to include also the port number that you are using. For<br /> example, if you are using port 10000 then you will need this:<br /> <br /> SSO_ALTERNATE_ENGINE_FQDNS="localhost:10000"<br /> <br /> I'd also suggest to avoid modifying the 11-setup-sso.conf file, as it<br /> will be overwritten if you run 'engine-setup' again, during !<br /> an<br /> upgrade,<br /> for example. Instead of that try to create your own 99-my.conf file, for<br /> example.<br /> <br /> Also, if you want this just for SSH, I'd suggest to use the SSH SOCKS<br /> proxy support instead. For example, I reach all my systems via SSH,<br /> using '<a href="http://server.example.com">server.example.com</a> <<a href="http://server.example.com">http://server.example.com</a>>;' as the SSH gateway. I start SSH like this:<br /> <br /> ssh -D <a href="127.0.0.1:10000">127.0.0.1:10000</a> <a href="http://server.example.com">server.example.com</a> <<a href="http://server.example.com">http://server.example.com</a>><br /> <br /> And then I configure my browser to use <a href="127.0.0.1:10000">127.0.0.1:10000</a> as SOCKS proxy<br /> for *.<a href="http://example.com">example.com</a> <<a href="http://example.com">http://example.com</a>>.<br /> <br /> <br /> On January 27, 2017 1:10:33 AM GMT+02:00, Alex<br /> <rightkicktech@gmail.com><br /> wrote:<br /> <br /> Thank you Martin.<br /> I will check that.<br /> <br /> On January 26, 2! 017 9:39:42 PM GMT+02:00, Martin Perina<br /> <mperina@redhat.com> wrote:<br /> <br /> Hi,<br /> <br /> please take a look at [1], since oVirt 4.0.4 you can defined<br /> alternate names (or IPs) to access engine.<br /> <br /> Regards<br /> <br /> Martin Perina<br /> <br /> [1] <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1325746">https://bugzilla.redhat.com/show_bug.cgi?id=1325746</a><br /> <br /> <br /> On Thu, Jan 26, 2017 at 6:59 PM, <a href="http://rightkicktech.gmail.com">rightkicktech.gmail.com</a><br /> <<a href="http://rightkicktech.gmail.com">http://rightkicktech.gmail.com</a>><br /> <<a href="http://rightkicktech.gmail.com">http://rightkicktech.gmail.com</a>>; <rightkicktech@gmail.com<br /> <mailto:rightkicktech@gmail.com>> wrote:<br /> <br /> Hi all,<br /> <br /> Is there any way to bypass the FQDN access requirement on<br /> ovirt 4? On previous versions I was able to access ovirt<br /> engine us! ing IP. It is impractical to access with FQDN when<br /> doing remote port forwarding.<br /> <br /> Thanx,<br /> Alex<br /> -- <br /> Sent from my Android device with K-9 Mail. Please excuse my<br /> brevity.<br /><hr /><br /> <br /> Users mailing list<br /> Users@ovirt.org <mailto:Users@ovirt.org><br /> <a href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a><br /> <<a href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a>><br /> <br /> <br /> <br /> <br /> -- <br /> Sent from my Android device with K-9 Mail. Please excuse my brevity.<br /> <br /> <br /><hr /><br /> <br /> Users mailing list<br /> Users@ovirt.org<br /> <a href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a><br /> <br /> <br /> <br /> -- <br /> Sent from my Android device with K-9 Mail. Please excuse my brevity.<br /></blockquote><br /></pre></blockquote></div><br> -- <br> Sent from my Android device with K-9 Mail. Please excuse my brevity.</body></html> ------4C4ZOZSL6LPEXTJBT19MRPSDY1MSYE--
On Jan 27, 2017 12:32 PM, "Juan Hernández" <jhernand@redhat.com> wrote: On 01/27/2017 11:56 AM, Alex wrote:
Hi,
I added the IP address at 11-setup-sso.conf (found at /etc/ovirt-engine/engine.conf.d), at line SSO_ALTERNATE_ENGINE_FQDNS="IP". Then restarted engine. I can access now engine vm using IP, but I cannot when connecting remotely using localhost and port forwarding through ssh. I tried to add also localhost as alternate fqdn without any luck. Any idea?
Many thanx, Alex
Make sure to include also the port number that you are using. For example, if you are using port 10000 then you will need this: SSO_ALTERNATE_ENGINE_FQDNS="localhost:10000" I'd also suggest to avoid modifying the 11-setup-sso.conf file, as it will be overwritten if you run 'engine-setup' again, during an upgrade, for example. Instead of that try to create your own 99-my.conf file, for example. Also, if you want this just for SSH, I'd suggest to use the SSH SOCKS proxy support instead. For example, I reach all my systems via SSH, using 'server.example.com' as the SSH gateway. I start SSH like this: ssh -D 127.0.0.1:10000 server.example.com And then I configure my browser to use 127.0.0.1:10000 as SOCKS proxy for *.example.com. +1 to the SOCKS proxy - I use it too. You still need to be able to DNS resolve on your host - though I believe there is a way to resolve over SOCKS as well. Y.
On January 27, 2017 1:10:33 AM GMT+02:00, Alex <rightkicktech@gmail.com> wrote:
Thank you Martin. I will check that.
On January 26, 2017 9:39:42 PM GMT+02:00, Martin Perina <mperina@redhat.com> wrote:
Hi,
please take a look at [1], since oVirt 4.0.4 you can defined alternate names (or IPs) to access engine.
Regards
Martin Perina
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1325746
On Thu, Jan 26, 2017 at 6:59 PM, rightkicktech.gmail.com <http://rightkicktech.gmail.com> <rightkicktech@gmail.com <mailto:rightkicktech@gmail.com>> wrote:
Hi all,
Is there any way to bypass the FQDN access requirement on ovirt 4? On previous versions I was able to access ovirt engine using IP. It is impractical to access with FQDN when doing remote port forwarding.
Thanx, Alex -- Sent from my Android device with K-9 Mail. Please excuse my brevity. _______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
On 01/28/2017 09:28 AM, Yaniv Kaul wrote:
On Jan 27, 2017 12:32 PM, "Juan Hernández" <jhernand@redhat.com <mailto:jhernand@redhat.com>> wrote:
On 01/27/2017 11:56 AM, Alex wrote: > Hi, > > I added the IP address at 11-setup-sso.conf (found at > /etc/ovirt-engine/engine.conf.d), at line SSO_ALTERNATE_ENGINE_FQDNS="IP". > Then restarted engine. > I can access now engine vm using IP, but I cannot when connecting > remotely using localhost and port forwarding through ssh. I tried to add > also localhost as alternate fqdn without any luck. > Any idea? > > Many thanx, > Alex >
Make sure to include also the port number that you are using. For example, if you are using port 10000 then you will need this:
SSO_ALTERNATE_ENGINE_FQDNS="localhost:10000"
I'd also suggest to avoid modifying the 11-setup-sso.conf file, as it will be overwritten if you run 'engine-setup' again, during an upgrade, for example. Instead of that try to create your own 99-my.conf file, for example.
Also, if you want this just for SSH, I'd suggest to use the SSH SOCKS proxy support instead. For example, I reach all my systems via SSH, using 'server.example.com <http://server.example.com>' as the SSH gateway. I start SSH like this:
ssh -D 127.0.0.1:10000 <http://127.0.0.1:10000> server.example.com <http://server.example.com>
And then I configure my browser to use 127.0.0.1:10000 <http://127.0.0.1:10000> as SOCKS proxy for *.example.com <http://example.com>.
+1 to the SOCKS proxy - I use it too. You still need to be able to DNS resolve on your host - though I believe there is a way to resolve over SOCKS as well. Y.
I use Firefox, and it has a "Proxy DNS when using SOCKS 5" option that you can tick/untick. I am not 100% sure, but I believe that other browsers just enable it by default when a SOCKS5 proxy is used.
> > On January 27, 2017 1:10:33 AM GMT+02:00, Alex <rightkicktech@gmail.com <mailto:rightkicktech@gmail.com>> > wrote: > > Thank you Martin. > I will check that. > > On January 26, 2017 9:39:42 PM GMT+02:00, Martin Perina > <mperina@redhat.com <mailto:mperina@redhat.com>> wrote: > > Hi, > > please take a look at [1], since oVirt 4.0.4 you can defined > alternate names (or IPs) to access engine. > > Regards > > Martin Perina > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1325746 <https://bugzilla.redhat.com/show_bug.cgi?id=1325746> > > > On Thu, Jan 26, 2017 at 6:59 PM, rightkicktech.gmail.com <http://rightkicktech.gmail.com> > <http://rightkicktech.gmail.com <http://rightkicktech.gmail.com>> <rightkicktech@gmail.com <mailto:rightkicktech@gmail.com> > <mailto:rightkicktech@gmail.com <mailto:rightkicktech@gmail.com>>> wrote: > > Hi all, > > Is there any way to bypass the FQDN access requirement on > ovirt 4? On previous versions I was able to access ovirt > engine using IP. It is impractical to access with FQDN when > doing remote port forwarding. > > Thanx, > Alex > -- > Sent from my Android device with K-9 Mail. Please excuse my > brevity. > _______________________________________________ > Users mailing list > Users@ovirt.org <mailto:Users@ovirt.org> <mailto:Users@ovirt.org <mailto:Users@ovirt.org>> > http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users> > <http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>> > > > > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. > > > _______________________________________________ > Users mailing list > Users@ovirt.org <mailto:Users@ovirt.org> > http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users> >
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
participants (5)
-
Alex -
Juan Hernández -
Martin Perina -
rightkicktech.gmail.com
-
Yaniv Kaul