Unable to use the SPICE HTML5 tool
This is a multi-part message in MIME format. --------------040801010109090109090703 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Hi, I'm using oVirt 3.5.2 on a CentOS box. As far as the engine goes everything is working fine, except that I can't start the SPICE HTML5 tool for any of the installed machines I have. I've installed the oVirt guest agent on the VM side, websocket-proxy is running and port 6100 is listening on the engine box: # systemctl status ovirt-websocket-proxy ovirt-websocket-proxy.service - oVirt Engine websockets proxy Loaded: loaded (/usr/lib/systemd/system/ovirt-websocket-proxy.service; enabled) Active: active (running) # netstat -atpn | grep 6100 tcp 0 0 0.0.0.0:6100 0.0.0.0:* LISTEN 7227/python Also, I imported the CA cert (https://fqdn/ca.crt) on the browser. However, once I run the SPICE HTML5 client from the userportal, all I get is an empty grey square with the two "Send ctrl+alt+delete" and "Toggle messages output" buttons at the bottom. Nothing in the logs about this issue. I tried to run it both with Chromium and Firefox on a linux box. Is there anything that I am missing? I've run out of ideas... Thanks. Nicolás --------------040801010109090109090703 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit <html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> </head> <body bgcolor="#FFFFFF" text="#000000"> Hi,<br> <br> I'm using oVirt 3.5.2 on a CentOS box. As far as the engine goes everything is working fine, except that I can't start the SPICE HTML5 tool for any of the installed machines I have.<br> <br> I've installed the oVirt guest agent on the VM side, websocket-proxy is running and port 6100 is listening on the engine box:<br> <blockquote># systemctl status ovirt-websocket-proxy<br> ovirt-websocket-proxy.service - oVirt Engine websockets proxy<br> Loaded: loaded (/usr/lib/systemd/system/ovirt-websocket-proxy.service; enabled)<br> Active: active (running)<br> <br> # netstat -atpn | grep 6100<br> tcp 0 0 0.0.0.0:6100 0.0.0.0:* LISTEN 7227/python<br> </blockquote> Also, I imported the CA cert (<a class="moz-txt-link-freetext" href="https://fqdn/ca.crt">https://fqdn/ca.crt</a>) on the browser. However, once I run the SPICE HTML5 client from the userportal, all I get is an empty grey square with the two "Send ctrl+alt+delete" and "Toggle messages output" buttons at the bottom. Nothing in the logs about this issue. I tried to run it both with Chromium and Firefox on a linux box.<br> <br> Is there anything that I am missing? I've run out of ideas...<br> <br> Thanks.<br> <br> Nicolás<br> <br> <br> </body> </html> --------------040801010109090109090703--
This is a multi-part message in MIME format. --------------050309060608020605000001 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit On 10-6-2015 19:04, Nicolás wrote:
Hi,
I'm using oVirt 3.5.2 on a CentOS box. As far as the engine goes everything is working fine, except that I can't start the SPICE HTML5 tool for any of the installed machines I have.
I've installed the oVirt guest agent on the VM side, websocket-proxy is running and port 6100 is listening on the engine box:
# systemctl status ovirt-websocket-proxy ovirt-websocket-proxy.service - oVirt Engine websockets proxy Loaded: loaded (/usr/lib/systemd/system/ovirt-websocket-proxy.service; enabled) Active: active (running)
# netstat -atpn | grep 6100 tcp 0 0 0.0.0.0:6100 0.0.0.0:* LISTEN 7227/python
Also, I imported the CA cert (https://fqdn/ca.crt) on the browser. However, once I run the SPICE HTML5 client from the userportal, all I get is an empty grey square with the two "Send ctrl+alt+delete" and "Toggle messages output" buttons at the bottom. Nothing in the logs about this issue. I tried to run it both with Chromium and Firefox on a linux box.
Is there anything that I am missing? I've run out of ideas...
Did you enable port 6100 on the client side?. Try telnetting to the websocket-proxy from the workstation you're using Chromium/FF on. Joop --------------050309060608020605000001 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">On 10-6-2015 19:04, Nicolás wrote:<br> </div> <blockquote cite="mid:55786E09.70909@devels.es" type="cite"> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> Hi,<br> <br> I'm using oVirt 3.5.2 on a CentOS box. As far as the engine goes everything is working fine, except that I can't start the SPICE HTML5 tool for any of the installed machines I have.<br> <br> I've installed the oVirt guest agent on the VM side, websocket-proxy is running and port 6100 is listening on the engine box:<br> <blockquote># systemctl status ovirt-websocket-proxy<br> ovirt-websocket-proxy.service - oVirt Engine websockets proxy<br> Loaded: loaded (/usr/lib/systemd/system/ovirt-websocket-proxy.service; enabled)<br> Active: active (running)<br> <br> # netstat -atpn | grep 6100<br> tcp 0 0 0.0.0.0:6100 0.0.0.0:* LISTEN 7227/python<br> </blockquote> Also, I imported the CA cert (<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://fqdn/ca.crt">https://fqdn/ca.crt</a>) on the browser. However, once I run the SPICE HTML5 client from the userportal, all I get is an empty grey square with the two "Send ctrl+alt+delete" and "Toggle messages output" buttons at the bottom. Nothing in the logs about this issue. I tried to run it both with Chromium and Firefox on a linux box.<br> <br> Is there anything that I am missing? I've run out of ideas...<br> <br> </blockquote> Did you enable port 6100 on the client side?. Try telnetting to the websocket-proxy from the workstation you're using Chromium/FF on.<br> <br> Joop<br> <br> </body> </html> --------------050309060608020605000001--
El 2015-06-11 06:59, Joop escribió:
On 10-6-2015 19:04, Nicolás wrote:
Hi,
I'm using oVirt 3.5.2 on a CentOS box. As far as the engine goes everything is working fine, except that I can't start the SPICE HTML5 tool for any of the installed machines I have.
I've installed the oVirt guest agent on the VM side, websocket-proxy is running and port 6100 is listening on the engine box:
# systemctl status ovirt-websocket-proxy ovirt-websocket-proxy.service - oVirt Engine websockets proxy Loaded: loaded (/usr/lib/systemd/system/ovirt-websocket-proxy.service; enabled) Active: active (running)
# netstat -atpn | grep 6100 tcp 0 0 0.0.0.0:6100 0.0.0.0:* LISTEN 7227/python Also, I imported the CA cert (https://fqdn/ca.crt [1]) on the browser. However, once I run the SPICE HTML5 client from the userportal, all I get is an empty grey square with the two "Send ctrl+alt+delete" and "Toggle messages output" buttons at the bottom. Nothing in the logs about this issue. I tried to run it both with Chromium and Firefox on a linux box.
Is there anything that I am missing? I've run out of ideas... Did you enable port 6100 on the client side?. Try telnetting to the websocket-proxy from the workstation you're using Chromium/FF on.
Joop
By client side do you mean where the ovirt-engine is running? If so, yes, it's listening on that port. I can also telnet to that port: $ telnet ovirtenginebox 6100 Trying 10.X.X.X... Connected to ovirtenginebox. Escape character is '^]'. Thanks
Links: ------ [1] https://fqdn/ca.crt
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
El 2015-06-11 08:04, nicolas@devels.es escribió:
El 2015-06-11 06:59, Joop escribió:
On 10-6-2015 19:04, Nicolás wrote:
Hi,
I'm using oVirt 3.5.2 on a CentOS box. As far as the engine goes everything is working fine, except that I can't start the SPICE HTML5 tool for any of the installed machines I have.
I've installed the oVirt guest agent on the VM side, websocket-proxy is running and port 6100 is listening on the engine box:
# systemctl status ovirt-websocket-proxy ovirt-websocket-proxy.service - oVirt Engine websockets proxy Loaded: loaded (/usr/lib/systemd/system/ovirt-websocket-proxy.service; enabled) Active: active (running)
# netstat -atpn | grep 6100 tcp 0 0 0.0.0.0:6100 0.0.0.0:* LISTEN 7227/python Also, I imported the CA cert (https://fqdn/ca.crt [1]) on the browser. However, once I run the SPICE HTML5 client from the userportal, all I get is an empty grey square with the two "Send ctrl+alt+delete" and "Toggle messages output" buttons at the bottom. Nothing in the logs about this issue. I tried to run it both with Chromium and Firefox on a linux box.
Is there anything that I am missing? I've run out of ideas... Did you enable port 6100 on the client side?. Try telnetting to the websocket-proxy from the workstation you're using Chromium/FF on.
Joop
By client side do you mean where the ovirt-engine is running? If so, yes, it's listening on that port. I can also telnet to that port:
$ telnet ovirtenginebox 6100 Trying 10.X.X.X... Connected to ovirtenginebox. Escape character is '^]'.
Thanks
I just found out that actually there are some lines in the ovirt-engine's log whenever I try to run the HTML5 client: 2015-06-11 08:26:08,402 INFO [org.ovirt.engine.core.bll.SetVmTicketCommand] (ajp--127.0.0.1-8702-10) [5a92c038] Running command: SetVmTicketCommand internal: false. Entities affected : ID: 5efbe47d-8f27-46a1-a663-20882b9f4b6a Type: VMAction group CONNECT_TO_VM with role type USER 2015-06-11 08:26:08,442 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-10) [5a92c038] START, SetVmTicketVDSCommand(HostName = hostmachine, HostId = 3ec39b7a-f0a9-4df6-8c14-db2e73a493e2, vmId=5efbe47d-8f27-46a1-a663-20882b9f4b6a, ticket=nEaTH3mqR30x, validTime=120,m userName=user, userId=f3365dd8-963b-4a56-b81f-b9444dfd62e2), log id: 2e6ef305 2015-06-11 08:26:08,459 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-10) [5a92c038] FINISH, SetVmTicketVDSCommand, log id: 2e6ef305 2015-06-11 08:26:08,475 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-10) [5a92c038] Correlation ID: 5a92c038, Call Stack: null, Custom Event ID: -1, Message: user user@domain initiated console session for VM Pool-ADMSIS-1 2015-06-11 08:26:08,502 WARN [org.ovirt.engine.core.dal.job.ExecutionMessageDirector] (ajp--127.0.0.1-8702-10) [4458db3] The message key VmLogon is missing from bundles/ExecutionMessages 2015-06-11 08:26:08,534 INFO [org.ovirt.engine.core.bll.VmLogonCommand] (ajp--127.0.0.1-8702-10) [4458db3] Running command: VmLogonCommand internal: false. Entities affected : ID: 5efbe47d-8f27-46a1-a663-20882b9f4b6a Type: VMAction group CONNECT_TO_VM with role type USER 2015-06-11 08:26:08,574 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand] (ajp--127.0.0.1-8702-10) [4458db3] START, VmLogonVDSCommand(HostName = hostmachine, HostId = 3ec39b7a-f0a9-4df6-8c14-db2e73a493e2, vmId=5efbe47d-8f27-46a1-a663-20882b9f4b6a, domain=domain-authz, password=******, userName=user@domain), log id: 14f0c410 2015-06-11 08:26:08,579 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand] (ajp--127.0.0.1-8702-10) [4458db3] FINISH, VmLogonVDSCommand, log id: 14f0c410 None of them seem to be error messages, though.
Links: ------ [1] https://fqdn/ca.crt
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
----- Original Message -----
From: nicolas@devels.es To: users@ovirt.org Sent: Thursday, June 11, 2015 9:30:23 AM Subject: Re: [ovirt-users] Unable to use the SPICE HTML5 tool
El 2015-06-11 08:04, nicolas@devels.es escribió:
El 2015-06-11 06:59, Joop escribió:
On 10-6-2015 19:04, Nicolás wrote:
Hi,
I'm using oVirt 3.5.2 on a CentOS box. As far as the engine goes everything is working fine, except that I can't start the SPICE HTML5 tool for any of the installed machines I have.
I've installed the oVirt guest agent on the VM side, websocket-proxy is running and port 6100 is listening on the engine box:
# systemctl status ovirt-websocket-proxy ovirt-websocket-proxy.service - oVirt Engine websockets proxy Loaded: loaded (/usr/lib/systemd/system/ovirt-websocket-proxy.service; enabled) Active: active (running)
# netstat -atpn | grep 6100 tcp 0 0 0.0.0.0:6100 0.0.0.0:* LISTEN 7227/python Also, I imported the CA cert (https://fqdn/ca.crt [1]) on the browser. However, once I run the SPICE HTML5 client from the userportal, all I get is an empty grey square with the two "Send ctrl+alt+delete" and "Toggle messages output" buttons at the bottom. Nothing in the logs about this issue. I tried to run it both with Chromium and Firefox on a linux box.
Did you tried to click on the "Toggle messages output" button? is something there? Can you please check your browser Javascript console (Ctrl+Shift+J) for errors?
Is there anything that I am missing? I've run out of ideas... Did you enable port 6100 on the client side?. Try telnetting to the websocket-proxy from the workstation you're using Chromium/FF on.
Joop
By client side do you mean where the ovirt-engine is running? If so, yes, it's listening on that port. I can also telnet to that port:
$ telnet ovirtenginebox 6100 Trying 10.X.X.X... Connected to ovirtenginebox. Escape character is '^]'.
Thanks
I just found out that actually there are some lines in the ovirt-engine's log whenever I try to run the HTML5 client:
2015-06-11 08:26:08,402 INFO [org.ovirt.engine.core.bll.SetVmTicketCommand] (ajp--127.0.0.1-8702-10) [5a92c038] Running command: SetVmTicketCommand internal: false. Entities affected : ID: 5efbe47d-8f27-46a1-a663-20882b9f4b6a Type: VMAction group CONNECT_TO_VM with role type USER 2015-06-11 08:26:08,442 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-10) [5a92c038] START, SetVmTicketVDSCommand(HostName = hostmachine, HostId = 3ec39b7a-f0a9-4df6-8c14-db2e73a493e2, vmId=5efbe47d-8f27-46a1-a663-20882b9f4b6a, ticket=nEaTH3mqR30x, validTime=120,m userName=user, userId=f3365dd8-963b-4a56-b81f-b9444dfd62e2), log id: 2e6ef305 2015-06-11 08:26:08,459 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-10) [5a92c038] FINISH, SetVmTicketVDSCommand, log id: 2e6ef305 2015-06-11 08:26:08,475 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-10) [5a92c038] Correlation ID: 5a92c038, Call Stack: null, Custom Event ID: -1, Message: user user@domain initiated console session for VM Pool-ADMSIS-1 2015-06-11 08:26:08,502 WARN [org.ovirt.engine.core.dal.job.ExecutionMessageDirector] (ajp--127.0.0.1-8702-10) [4458db3] The message key VmLogon is missing from bundles/ExecutionMessages 2015-06-11 08:26:08,534 INFO [org.ovirt.engine.core.bll.VmLogonCommand] (ajp--127.0.0.1-8702-10) [4458db3] Running command: VmLogonCommand internal: false. Entities affected : ID: 5efbe47d-8f27-46a1-a663-20882b9f4b6a Type: VMAction group CONNECT_TO_VM with role type USER 2015-06-11 08:26:08,574 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand] (ajp--127.0.0.1-8702-10) [4458db3] START, VmLogonVDSCommand(HostName = hostmachine, HostId = 3ec39b7a-f0a9-4df6-8c14-db2e73a493e2, vmId=5efbe47d-8f27-46a1-a663-20882b9f4b6a, domain=domain-authz, password=******, userName=user@domain), log id: 14f0c410 2015-06-11 08:26:08,579 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand] (ajp--127.0.0.1-8702-10) [4458db3] FINISH, VmLogonVDSCommand, log id: 14f0c410
None of them seem to be error messages, though.
Links: ------ [1] https://fqdn/ca.crt
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
El 2015-06-11 08:55, Simone Tiraboschi escribió:
----- Original Message -----
From: nicolas@devels.es To: users@ovirt.org Sent: Thursday, June 11, 2015 9:30:23 AM Subject: Re: [ovirt-users] Unable to use the SPICE HTML5 tool
El 2015-06-11 08:04, nicolas@devels.es escribió:
El 2015-06-11 06:59, Joop escribió:
On 10-6-2015 19:04, Nicolás wrote:
Hi,
I'm using oVirt 3.5.2 on a CentOS box. As far as the engine goes everything is working fine, except that I can't start the SPICE HTML5 tool for any of the installed machines I have.
I've installed the oVirt guest agent on the VM side, websocket-proxy is running and port 6100 is listening on the engine box:
# systemctl status ovirt-websocket-proxy ovirt-websocket-proxy.service - oVirt Engine websockets proxy Loaded: loaded (/usr/lib/systemd/system/ovirt-websocket-proxy.service; enabled) Active: active (running)
# netstat -atpn | grep 6100 tcp 0 0 0.0.0.0:6100 0.0.0.0:* LISTEN 7227/python Also, I imported the CA cert (https://fqdn/ca.crt [1]) on the browser. However, once I run the SPICE HTML5 client from the userportal, all I get is an empty grey square with the two "Send ctrl+alt+delete" and "Toggle messages output" buttons at the bottom. Nothing in the logs about this issue. I tried to run it both with Chromium and Firefox on a linux box.
Did you tried to click on the "Toggle messages output" button? is something there? Can you please check your browser Javascript console (Ctrl+Shift+J) for errors?
Indeed, checking the Javascript console I discovered where the culprit is. This ovirt engine machine had formerly a FQDN that was changed afterwards (I used the .../setup/bin/ovirt-engine-rename script), so at installation time, SSL certs were issued for that FQDN. The ovirt-engine-rename script regenerated the engine certs, but seems that it didn't do the work for the websocket proxy, so the old FQDN cert is still used and a connection cannot be established with the daemon (logically, due to the mismatch). I can't find any documentation on how to regenerate the websocket proxy cert, though. Is there some script for that, or at least some manual way to accomplish it? Thanks for your help.
Is there anything that I am missing? I've run out of ideas... Did you enable port 6100 on the client side?. Try telnetting to the websocket-proxy from the workstation you're using Chromium/FF on.
Joop
By client side do you mean where the ovirt-engine is running? If so, yes, it's listening on that port. I can also telnet to that port:
$ telnet ovirtenginebox 6100 Trying 10.X.X.X... Connected to ovirtenginebox. Escape character is '^]'.
Thanks
I just found out that actually there are some lines in the ovirt-engine's log whenever I try to run the HTML5 client:
2015-06-11 08:26:08,402 INFO [org.ovirt.engine.core.bll.SetVmTicketCommand] (ajp--127.0.0.1-8702-10) [5a92c038] Running command: SetVmTicketCommand internal: false. Entities affected : ID: 5efbe47d-8f27-46a1-a663-20882b9f4b6a Type: VMAction group CONNECT_TO_VM with role type USER 2015-06-11 08:26:08,442 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-10) [5a92c038] START, SetVmTicketVDSCommand(HostName = hostmachine, HostId = 3ec39b7a-f0a9-4df6-8c14-db2e73a493e2, vmId=5efbe47d-8f27-46a1-a663-20882b9f4b6a, ticket=nEaTH3mqR30x, validTime=120,m userName=user, userId=f3365dd8-963b-4a56-b81f-b9444dfd62e2), log id: 2e6ef305 2015-06-11 08:26:08,459 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-10) [5a92c038] FINISH, SetVmTicketVDSCommand, log id: 2e6ef305 2015-06-11 08:26:08,475 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-10) [5a92c038] Correlation ID: 5a92c038, Call Stack: null, Custom Event ID: -1, Message: user user@domain initiated console session for VM Pool-ADMSIS-1 2015-06-11 08:26:08,502 WARN [org.ovirt.engine.core.dal.job.ExecutionMessageDirector] (ajp--127.0.0.1-8702-10) [4458db3] The message key VmLogon is missing from bundles/ExecutionMessages 2015-06-11 08:26:08,534 INFO [org.ovirt.engine.core.bll.VmLogonCommand] (ajp--127.0.0.1-8702-10) [4458db3] Running command: VmLogonCommand internal: false. Entities affected : ID: 5efbe47d-8f27-46a1-a663-20882b9f4b6a Type: VMAction group CONNECT_TO_VM with role type USER 2015-06-11 08:26:08,574 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand] (ajp--127.0.0.1-8702-10) [4458db3] START, VmLogonVDSCommand(HostName = hostmachine, HostId = 3ec39b7a-f0a9-4df6-8c14-db2e73a493e2, vmId=5efbe47d-8f27-46a1-a663-20882b9f4b6a, domain=domain-authz, password=******, userName=user@domain), log id: 14f0c410 2015-06-11 08:26:08,579 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand] (ajp--127.0.0.1-8702-10) [4458db3] FINISH, VmLogonVDSCommand, log id: 14f0c410
None of them seem to be error messages, though.
Links: ------ [1] https://fqdn/ca.crt
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
On Thu, Jun 11, 2015 at 11:57 AM, <nicolas@devels.es> wrote:
El 2015-06-11 08:55, Simone Tiraboschi escribió:
Indeed, checking the Javascript console I discovered where the culprit is. This ovirt engine machine had formerly a FQDN that was changed afterwards (I used the .../setup/bin/ovirt-engine-rename script), so at installation time, SSL certs were issued for that FQDN. The ovirt-engine-rename script regenerated the engine certs, but seems that it didn't do the work for the websocket proxy, so the old FQDN cert is still used and a connection cannot be established with the daemon (logically, due to the mismatch). I can't find any documentation on how to regenerate the websocket proxy cert, though. Is there some script for that, or at least some manual way to accomplish it?
Thanks for your help.
Based on an environment in 3.3.2 I solved a situation with webSocketProxy Enabled only after original install + update thanks to Alon advises. See full lthread here: http://lists.ovirt.org/pipermail/users/2013-December/018554.html Possibly it can apply to your environment too You could do the following: 1. remove In /etc/pki/ovirt-engine/keys/: websocket-proxy.key.nopass websocket-proxy.p12 In /etc/pki/ovirt-engine/certs/: websocket-proxy.cer 2. run setup using: # engine-setup --otopi-environment="OVESETUP_CONFIG/websocketProxyConfig= bool:True" and this should create websocket proxy certificates/keys in correct way.... Be sure to make backups and verify better, in particular it this is a production environment. HIH, Gianluca
El 2015-06-11 11:16, Gianluca Cecchi escribió:
On Thu, Jun 11, 2015 at 11:57 AM, <nicolas@devels.es> wrote:
El 2015-06-11 08:55, Simone Tiraboschi escribió:
Indeed, checking the Javascript console I discovered where the culprit is. This ovirt engine machine had formerly a FQDN that was changed afterwards (I used the .../setup/bin/ovirt-engine-rename script), so at installation time, SSL certs were issued for that FQDN. The ovirt-engine-rename script regenerated the engine certs, but seems that it didn't do the work for the websocket proxy, so the old FQDN cert is still used and a connection cannot be established with the daemon (logically, due to the mismatch). I can't find any documentation on how to regenerate the websocket proxy cert, though. Is there some script for that, or at least some manual way to accomplish it?
Thanks for your help.
Based on an environment in 3.3.2 I solved a situation with webSocketProxy Enabled only after original install + update thanks to Alon advises.
See full lthread here: http://lists.ovirt.org/pipermail/users/2013-December/018554.html [1]
Possibly it can apply to your environment too
You could do the following:
1. remove
In /etc/pki/ovirt-engine/keys/: websocket-proxy.key.nopass
websocket-proxy.p12
In /etc/pki/ovirt-engine/certs/: websocket-proxy.cer
2. run setup using:
# engine-setup --otopi-environment="OVESETUP_CONFIG/websocketProxyConfig=bool:True"
and this should create websocket proxy certificates/keys in correct way....
Unfortunately not. The process seems to run: [...] [ INFO ] Configuring WebSocket Proxy [...] But once it ends, there are no certs. Neither restarting the daemon works. Thanks for the hint, anyway.
Be sure to make backups and verify better, in particular it this is a production environment. HIH, Gianluca
Links: ------ [1] http://lists.ovirt.org/pipermail/users/2013-December/018554.html
participants (5)
-
Gianluca Cecchi -
Joop -
nicolas@devels.es -
Nicolás
-
Simone Tiraboschi