[Users] ovirt-report Forbidden access error
Hi all I installed ovirt-engine-reports-3.3.2-1.fc19.noarch using yum Now I have reports listed when right clicking on Vms but on any report i see this error: Forbidden You don't have permission to access /ovirt-engine-reports/flow.html on this server. This seems to be related to apache redirection but how to fix it? I have three files in conf.d ovirt-engine-root-redirect.conf z-ovirt-engine-proxy.conf z-ovirt-engine-reports-proxy.conf but can't figure how to fix them I applied no changes to these files Any hint? Thank you
----- Original Message -----
From: "Alessandro Bianchi" <a.bianchi@skynet.it> To: users@ovirt.org Sent: Friday, January 31, 2014 4:13:51 PM Subject: [Users] ovirt-report Forbidden access error
Hi all
I installed
ovirt-engine-reports-3.3.2-1.fc19.noarch using yum
Now I have reports listed when right clicking on Vms but on any report i see this error:
Forbidden
You don't have permission to access /ovirt-engine-reports/flow.html on this server.
This seems to be related to apache redirection but how to fix it?
I have three files in conf.d
ovirt-engine-root-redirect.conf z-ovirt-engine-proxy.conf z-ovirt-engine-reports-proxy.conf
but can't figure how to fix them
I applied no changes to these files
Did you also run 'ovirt-engine-reports-setup' after installing it? Was it a new installation or an upgrade from 3.2? Both engine and reports. Did you install and setup dwh? Note that there are several bugs in dwh/reports 3.3.2, targeted to be fixed in 3.3.3. So you might want to wait till 3.3.3 is released. Regards, -- Didi
----- Original Message -----
From: "Alessandro Bianchi" <a.bianchi@skynet.it> To: users@ovirt.org Sent: Friday, January 31, 2014 4:13:51 PM Subject: [Users] ovirt-report Forbidden access error
Hi all
I installed
ovirt-engine-reports-3.3.2-1.fc19.noarch using yum
Now I have reports listed when right clicking on Vms but on any report i see this error:
Forbidden
You don't have permission to access /ovirt-engine-reports/flow.html on this server.
This seems to be related to apache redirection but how to fix it?
I have three files in conf.d
ovirt-engine-root-redirect.conf z-ovirt-engine-proxy.conf z-ovirt-engine-reports-proxy.conf
but can't figure how to fix them
I applied no changes to these files Hi and thank you for your answer Did you also run 'ovirt-engine-reports-setup' after installing it? yes: I had to fix the pg file setting the user as locally enabled as reported by others to avoid the installation "missing password" error Was it a new installation or an upgrade from 3.2? Both engine and reports. Engine was upgraded from 3.2 and reports are newly installed (not
This is a multi-part message in MIME format. --------------060009020804030200000401 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Il 02/02/2014 07:40, Yedidyah Bar David ha scritto: preoviously installed)
Did you install and setup dwh? yes Note that there are several bugs in dwh/reports 3.3.2, targeted to be fixed in 3.3.3. So you might want to wait till 3.3.3 is released.
Regards, I'll wait
Thank you Best rgards -- SkyNet SRL Via Maggiate 67/a - 28021 Borgomanero (NO) - tel. +39 0322-836487/834765 - fax +39 0322-836608 http://www.skynet.it <http://www.skynet.it/> Autorizzazione Ministeriale n.197 Le informazioni contenute in questo messaggio sono riservate e confidenziali ed è vietata la diffusione in qualunque modo eseguita. Qualora Lei non fosse la persona a cui il presente messaggio è destinato, La invitiamo ad eliminarlo ed a distruggerlo non divulgandolo, dandocene gentilmente comunicazione. Per qualsiasi informazione si prega di contattare info@skynet.it (e-mail dell'azienda). Rif. D.L. 196/2003 --------------060009020804030200000401 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=UTF-8" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <br> <div class="moz-cite-prefix">Il 02/02/2014 07:40, Yedidyah Bar David ha scritto:<br> </div> <blockquote cite="mid:856846774.13151516.1391323214980.JavaMail.root@redhat.com" type="cite"> <pre wrap="">----- Original Message ----- </pre> <blockquote type="cite"> <pre wrap="">From: "Alessandro Bianchi" <a class="moz-txt-link-rfc2396E" href="mailto:a.bianchi@skynet.it"><a.bianchi@skynet.it></a> To: <a class="moz-txt-link-abbreviated" href="mailto:users@ovirt.org">users@ovirt.org</a> Sent: Friday, January 31, 2014 4:13:51 PM Subject: [Users] ovirt-report Forbidden access error Hi all I installed ovirt-engine-reports-3.3.2-1.fc19.noarch using yum Now I have reports listed when right clicking on Vms but on any report i see this error: Forbidden You don't have permission to access /ovirt-engine-reports/flow.html on this server. This seems to be related to apache redirection but how to fix it? I have three files in conf.d ovirt-engine-root-redirect.conf z-ovirt-engine-proxy.conf z-ovirt-engine-reports-proxy.conf but can't figure how to fix them I applied no changes to these files </pre> </blockquote> </blockquote> Hi and thank you for your answer<br> <blockquote cite="mid:856846774.13151516.1391323214980.JavaMail.root@redhat.com" type="cite"> <pre wrap=""> Did you also run 'ovirt-engine-reports-setup' after installing it?</pre> </blockquote> yes: I had to fix the pg file setting the user as locally enabled as reported by others to avoid the installation "missing password" error <br> <blockquote cite="mid:856846774.13151516.1391323214980.JavaMail.root@redhat.com" type="cite"> <pre wrap=""> Was it a new installation or an upgrade from 3.2? Both engine and reports.</pre> </blockquote> Engine was upgraded from 3.2 and reports are newly installed (not preoviously installed)<br> <blockquote cite="mid:856846774.13151516.1391323214980.JavaMail.root@redhat.com" type="cite"> <pre wrap=""> Did you install and setup dwh? </pre> </blockquote> yes<br> <blockquote cite="mid:856846774.13151516.1391323214980.JavaMail.root@redhat.com" type="cite"> <pre wrap=""> Note that there are several bugs in dwh/reports 3.3.2, targeted to be fixed in 3.3.3. So you might want to wait till 3.3.3 is released. Regards, </pre> </blockquote> I'll wait<br> <br> Thank you<br> <br> Best rgards<br> <div class="moz-signature">-- <br> <meta http-equiv="CONTENT-TYPE" content="text/html; charset=UTF-8"> <title></title> <meta name="generator" content="Bluefish 2.0.3"> <meta name="author" content="Alessandro Bianchi"> <meta name="CREATED" content="20100306;9474300"> <meta name="CHANGEDBY" content="Alessandro "> <meta name="CHANGED" content="20100306;10212100"> <style type="text/css"> <!-- P { font-family: "Arial", "Helvetica", sans-serif; font-size: 10pt } P.nome { color: #ff8000; font-family: "Arial", "Helvetica", sans-serif; font-size: 12pt; font-weight: bold; text-align: center } P.indirizzo { color: #0084d1; font-family: "Arial", "Helvetica", sans-serif; font-size: 10pt; font-weight: bold; line-height: 0.48cm; text-align: center } P.info { color: #b3b3b3; font-family: "Arial", "Helvetica", sans-serif; font-size: 9pt } A:link { color: #005dff; text-decoration: none } A:visited { color: #005dff; text-decoration: none } --> </style> <p class="nome">SkyNet SRL</p> <p class="indirizzo">Via Maggiate 67/a - 28021 Borgomanero (NO) - tel. +39 0322-836487/834765 - fax +39 0322-836608</p> <p align="CENTER"><a href="http://www.skynet.it/">http://www.skynet.it</a></p> <p class="indirizzo">Autorizzazione Ministeriale n.197</p> <p class="info">Le informazioni contenute in questo messaggio sono riservate e confidenziali ed è vietata la diffusione in qualunque modo eseguita.<br> Qualora Lei non fosse la persona a cui il presente messaggio è destinato, La invitiamo ad eliminarlo ed a distruggerlo non divulgandolo, dandocene gentilmente comunicazione. <br> Per qualsiasi informazione si prega di contattare <a class="moz-txt-link-abbreviated" href="mailto:info@skynet.it">info@skynet.it</a> (e-mail dell'azienda). Rif. D.L. 196/2003</p> </div> </body> </html> --------------060009020804030200000401--
Il 02/02/2014 07:40, Yedidyah Bar David ha scritto:
----- Original Message -----
From: "Alessandro Bianchi" <a.bianchi@skynet.it> To: users@ovirt.org Sent: Friday, January 31, 2014 4:13:51 PM Subject: [Users] ovirt-report Forbidden access error
Hi all
I installed
ovirt-engine-reports-3.3.2-1.fc19.noarch using yum
Now I have reports listed when right clicking on Vms but on any report i see this error:
Forbidden
You don't have permission to access /ovirt-engine-reports/flow.html on this server.
This seems to be related to apache redirection but how to fix it?
I have three files in conf.d
ovirt-engine-root-redirect.conf z-ovirt-engine-proxy.conf z-ovirt-engine-reports-proxy.conf
but can't figure how to fix them
I applied no changes to these files Did you also run 'ovirt-engine-reports-setup' after installing it? Was it a new installation or an upgrade from 3.2? Both engine and reports. Did you install and setup dwh?
Note that there are several bugs in dwh/reports 3.3.2, targeted to be fixed in 3.3.3. So you might want to wait till 3.3.3 is released.
Regards, Ok
after upgrading to 3.3.3 it asks me to setup dwh again so ovirt-engine-dwh-setup ends with error, log says 2014-02-04 09:01:26::DEBUG::common_utils::907::root:: Executing command --> '/usr/share/ovirt-engine-dwh/db-scripts/upgrade.sh -s localhost -p 5432 -u engine_history -d ovirt_engine_history -l /var/log/ovirt-engine/ovirt-history-db-upgrade-2014_02_04_09_01_26.log -g' in working directory '/usr/share/ovirt-engine-dwh/db-scripts' 2014-02-04 09:01:26::DEBUG::common_utils::962::root:: output = 2014-02-04 09:01:26::DEBUG::common_utils::963::root:: stderr = psql: FATALE: autenticazione con password fallita per l'utente "engine_history" password retrieved from file "/tmp/pgpassNkKGNp.tmp" (autenticazione con password fallita per l'utente "engine_history" = authentication failed for user "engine_history" system language is italian) so it seems a user creation permission problem on the database since I'm not too familiar with pgsql how is it supposed to fix this? It look like it misses the password in some ovirt configuration file but where to edit and how o fix it? Any hint? Thank you Best regards -- SkyNet SRL Via Maggiate 67/a - 28021 Borgomanero (NO) - tel. +39 0322-836487/834765 - fax +39 0322-836608 http://www.skynet.it <http://www.skynet.it/> Autorizzazione Ministeriale n.197 Le informazioni contenute in questo messaggio sono riservate e confidenziali ed è vietata la diffusione in qualunque modo eseguita. Qualora Lei non fosse la persona a cui il presente messaggio è destinato, La invitiamo ad eliminarlo ed a distruggerlo non divulgandolo, dandocene gentilmente comunicazione. Per qualsiasi informazione si prega di contattare info@skynet.it (e-mail dell'azienda). Rif. D.L. 196/2003
On Tue, Feb 4, 2014 at 9:10 AM, Alessandro Bianchi wrote:
in working directory '/usr/share/ovirt-engine-dwh/db-scripts' 2014-02-04 09:01:26::DEBUG::common_utils::962::root:: output = 2014-02-04 09:01:26::DEBUG::common_utils::963::root:: stderr = psql: FATALE: autenticazione con password fallita per l'utente "engine_history" password retrieved from file "/tmp/pgpassNkKGNp.tmp"
(autenticazione con password fallita per l'utente "engine_history" = authentication failed for user "engine_history" system language is italian)
so it seems a user creation permission problem on the database
since I'm not too familiar with pgsql how is it supposed to fix this?
It look like it misses the password in some ovirt configuration file but where to edit and how o fix it?
Any hint?
Thank you
See this thread of mine if you want to start from scratch and you don't have any previous reports/dwh data or you don't mind to loose them. Engine and its data is not impacted at all. Eventually I'm going to open a bug for bad mgmt of pre-existing DB user during setup (eg due to a previously failed in the middle install). http://lists.ovirt.org/pipermail/users/2014-February/020740.html Let us know how it goes. Gianluca
On Tue, Feb 4, 2014 at 10:39 AM, Alessandro Bianchi wrote:
Il 04/02/2014 09:55, Gianluca Cecchi ha scritto:
On Tue, Feb 4, 2014 at 9:10 AM, Alessandro Bianchi wrote:
in working directory '/usr/share/ovirt-engine-dwh/db-scripts' 2014-02-04 09:01:26::DEBUG::common_utils::962::root:: output = 2014-02-04 09:01:26::DEBUG::common_utils::963::root:: stderr = psql: FATALE: autenticazione con password fallita per l'utente "engine_history" password retrieved from file "/tmp/pgpassNkKGNp.tmp"
(autenticazione con password fallita per l'utente "engine_history" = authentication failed for user "engine_history" system language is italian)
so it seems a user creation permission problem on the database
since I'm not too familiar with pgsql how is it supposed to fix this?
It look like it misses the password in some ovirt configuration file but where to edit and how o fix it?
Any hint?
Thank you
See this thread of mine if you want to start from scratch and you don't have any previous reports/dwh data or you don't mind to loose them. Engine and its data is not impacted at all. Eventually I'm going to open a bug for bad mgmt of pre-existing DB user during setup (eg due to a previously failed in the middle install).
http://lists.ovirt.org/pipermail/users/2014-February/020740.html
Let us know how it goes.
Gianluca
Thank you
I'm following the post but I'm stuck at 3)
drop user engine_history; ERRORE: il ruolo "engine_history" non può essere eliminato perché alcuni oggetti ne dipendono DETTAGLI: proprietario di database ovirt_engine_history 300 oggetti nel database ovirt_engine_history
it says "Error: can't remove role engine_history because some object depend on it. Detail: database owner ovirt_engine_history 300 objects in database ovirt_engine history"
Any hint?
Thank you for your help
It seems I forgot a step... let us call 2bis) you have to drop the two DBS before of users: as postgres user - psql drop database ovirt_engine_history; drop database ovirtenginereports; and then you can drop users Gianluca
On Tue, Feb 4, 2014 at 11:10 AM, Alessandro Bianchi <a.bianchi@skynet.it> wrote:
Il 04/02/2014 09:55, Gianluca Cecchi ha scritto:
On Tue, Feb 4, 2014 at 9:10 AM, Alessandro Bianchi wrote:
in working directory '/usr/share/ovirt-engine-dwh/db-scripts' 2014-02-04 09:01:26::DEBUG::common_utils::962::root:: output = 2014-02-04 09:01:26::DEBUG::common_utils::963::root:: stderr = psql: FATALE: autenticazione con password fallita per l'utente "engine_history" password retrieved from file "/tmp/pgpassNkKGNp.tmp"
(autenticazione con password fallita per l'utente "engine_history" = authentication failed for user "engine_history" system language is italian)
so it seems a user creation permission problem on the database
since I'm not too familiar with pgsql how is it supposed to fix this?
It look like it misses the password in some ovirt configuration file but where to edit and how o fix it?
Any hint?
Thank you
See this thread of mine if you want to start from scratch and you don't have any previous reports/dwh data or you don't mind to loose them. Engine and its data is not impacted at all. Eventually I'm going to open a bug for bad mgmt of pre-existing DB user during setup (eg due to a previously failed in the middle install).
http://lists.ovirt.org/pipermail/users/2014-February/020740.html
Let us know how it goes.
Gianluca
Ok with this 2b extra step it works
I have installed everything with no errors, but still have Forbidden access right clicking on Vms -> reports
If I click on the "reports portal" I see this link
http://10.0.0.5/OvirtEngineWeb/ReportsRedirectServlet
I suspect this is something related to apache configuration
access.log shows nothing so were may I see a log of what's happening?
Thank you
Alessandro
I too see that redirect and then when I click I land to https://my-engine/ovirt-engine-reports/login.html and then after login/pwd : https://my-engine/ovirt-engine-reports/flow.html?_flowId=searchFlow I have SpiceProxy configured. Don't know if this impacts apache configuration. In my case it works and in /etc/httpd/conf.d Ihave # ls -lrt total 68 -rw-r--r--. 1 root root 926 Mar 31 2013 BackupPC.conf -rw-r--r--. 1 root root 298 Jul 23 2013 squid.conf -rw-r--r--. 1 root root 516 Jul 31 2013 welcome.conf -rw-r--r--. 1 root root 1252 Jul 31 2013 userdir.conf -rw-r--r--. 1 root root 9426 Jul 31 2013 ssl.conf.20131003112151 -rw-r--r--. 1 root root 2893 Jul 31 2013 autoindex.conf -rw-r--r--. 1 root root 366 Jul 31 2013 README -rw-r--r--. 1 root root 2778 Oct 3 11:21 z-ovirt-engine-proxy.conf.20131119125706 -rw-r--r--. 1 root root 33 Oct 3 11:21 ovirt-engine-root-redirect.conf -rw-r--r--. 1 root root 9444 Oct 3 11:21 ssl.conf -rw-r--r--. 1 root root 2775 Nov 19 12:57 z-ovirt-engine-proxy.conf.20140115003015 -rw-r--r--. 1 root root 1251 Jan 7 15:54 z-ovirt-engine-reports-proxy.conf -rw-r--r--. 1 root root 2788 Jan 15 00:30 z-ovirt-engine-proxy.conf z-ovirt-engine-reports-proxy.conf: <IfModule proxy_ajp_module> <Proxy ajp://localhost:8702> # This is needed to make sure that connections to the application server # are recovered in a short time interval (5 seconds at the moment) # otherwise when the application server is restarted the web server will # refuse to connect during 60 seconds. ProxySet retry=5 # This is needed to make sure that long RESTAPI requests have time to # finish before the web server aborts the request as the default timeout # (controlled by the Timeout directive in httpd.conf) is 60 seconds. ProxySet timeout=3600 </Proxy> <Location /ovirt-engine-reports> ProxyPass ajp://localhost:8702/ovirt-engine-reports <IfModule deflate_module> AddOutputFilterByType DEFLATE text/javascript text/css text/html text/xml text/json application/xml application/json application/x-yaml </IfModule> </Location> </IfModule>
------=_Part_14090284_1728051876.1391514930365 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit
From: "Alessandro Bianchi" <a.bianchi@skynet.it> To: "Gianluca Cecchi" <gianluca.cecchi@gmail.com> Cc: "Yedidyah Bar David" <didi@redhat.com>, "users" <users@ovirt.org> Sent: Tuesday, February 4, 2014 1:19:43 PM Subject: Re: [Users] ovirt-report Forbidden access error
Il 04/02/2014 11:30, Gianluca Cecchi ha scritto:
On Tue, Feb 4, 2014 at 11:10 AM, Alessandro Bianchi <a.bianchi@skynet.it> wrote:
Il 04/02/2014 09:55, Gianluca Cecchi ha scritto:
On Tue, Feb 4, 2014 at 9:10 AM, Alessandro Bianchi wrote:
in working directory '/usr/share/ovirt-engine-dwh/db-scripts'
2014-02-04 09:01:26::DEBUG::common_utils::962::root:: output =
2014-02-04 09:01:26::DEBUG::common_utils::963::root:: stderr = psql: FATALE:
autenticazione con password fallita per l'utente "engine_history"
password retrieved from file "/tmp/pgpassNkKGNp.tmp"
(autenticazione con password fallita per l'utente "engine_history" =
authentication failed for user "engine_history" system language is italian)
so it seems a user creation permission problem on the database
since I'm not too familiar with pgsql how is it supposed to fix this?
It look like it misses the password in some ovirt configuration file but
where to edit and how o fix it?
Any hint?
Thank you
See this thread of mine if you want to start from scratch and you
don't have any previous reports/dwh data or you don't mind to loose
them. Engine and its data is not impacted at all.
Eventually I'm going to open a bug for bad mgmt of pre-existing DB
user during setup (eg due to a previously failed in the middle
install). http://lists.ovirt.org/pipermail/users/2014-February/020740.html Let us know how it goes.
Gianluca
Ok with this 2b extra step it works
I have installed everything with no errors, but still have Forbidden access
right clicking on Vms -> reports
If I click on the "reports portal" I see this link http://10.0.0.5/OvirtEngineWeb/ReportsRedirectServlet I suspect this is something related to apache configuration
access.log shows nothing so were may I see a log of what's happening?
Thank you
Alessandro
I too see that redirect and then when I click I land to https://my-engine/ovirt-engine-reports/login.html and then after login/pwd : https://my-engine/ovirt-engine-reports/flow.html?_flowId=searchFlow I have SpiceProxy configured.
Don't know if this impacts apache configuration.
In my case it works and in /etc/httpd/conf.d
Ihave
# ls -lrt
total 68
-rw-r--r--. 1 root root 926 Mar 31 2013 BackupPC.conf
-rw-r--r--. 1 root root 298 Jul 23 2013 squid.conf
-rw-r--r--. 1 root root 516 Jul 31 2013 welcome.conf
-rw-r--r--. 1 root root 1252 Jul 31 2013 userdir.conf
-rw-r--r--. 1 root root 9426 Jul 31 2013 ssl.conf.20131003112151
-rw-r--r--. 1 root root 2893 Jul 31 2013 autoindex.conf
-rw-r--r--. 1 root root 366 Jul 31 2013 README
-rw-r--r--. 1 root root 2778 Oct 3 11:21
z-ovirt-engine-proxy.conf.20131119125706
-rw-r--r--. 1 root root 33 Oct 3 11:21 ovirt-engine-root-redirect.conf
-rw-r--r--. 1 root root 9444 Oct 3 11:21 ssl.conf
-rw-r--r--. 1 root root 2775 Nov 19 12:57
z-ovirt-engine-proxy.conf.20140115003015
-rw-r--r--. 1 root root 1251 Jan 7 15:54 z-ovirt-engine-reports-proxy.conf
-rw-r--r--. 1 root root 2788 Jan 15 00:30 z-ovirt-engine-proxy.conf
z-ovirt-engine-reports-proxy.conf:
<IfModule proxy_ajp_module>
<Proxy ajp://localhost:8702>
# This is needed to make sure that connections to the application server
# are recovered in a short time interval (5 seconds at the moment)
# otherwise when the application server is restarted the web server will
# refuse to connect during 60 seconds.
ProxySet retry=5
# This is needed to make sure that long RESTAPI requests have time to
# finish before the web server aborts the request as the default timeout
# (controlled by the Timeout directive in httpd.conf) is 60 seconds.
ProxySet timeout=3600
</Proxy>
<Location /ovirt-engine-reports>
ProxyPass ajp://localhost:8702/ovirt-engine-reports
<IfModule deflate_module>
AddOutputFilterByType DEFLATE text/javascript text/css
text/html text/xml text/json application/xml application/json
application/x-yaml
</IfModule>
</Location>
</IfModule>
Uuuuuuh
enterig the URL you showed directely I can login and see reports ok
so it looks link in ovirt main page is somehow wrong! This should work. To help debug this, p lease check/post these:
/etc/httpd/conf.d/z-ovirt-engine-proxy.conf /etc/httpd/conf.d/z-ovirt-engine-reports-proxy.conf /var/log/httpd/error_log /var/log/httpd/ssl_error_log /var/log/httpd/access_log /var/log/httpd/ssl_access_log As user postgres, output of: psql engine -c "select * from vdc_options where option_name='RedirectServletReportsPage';" Thanks! -- Didi ------=_Part_14090284_1728051876.1391514930365 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit <html><body><div style="font-family: times new roman, new york, times, serif; font-size: 12pt; color: #000000"><div></div><blockquote style="border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><b>From: </b>"Alessandro Bianchi" <a.bianchi@skynet.it><br><b>To: </b>"Gianluca Cecchi" <gianluca.cecchi@gmail.com><br><b>Cc: </b>"Yedidyah Bar David" <didi@redhat.com>, "users" <users@ovirt.org><br><b>Sent: </b>Tuesday, February 4, 2014 1:19:43 PM<br><b>Subject: </b>Re: [Users] ovirt-report Forbidden access error<br><div><br></div><br><div><br></div><span style="color:#000000; font-family:sans-serif; font-size:12px; font-weight:normal" class="headerSpan"> <div class="moz-cite-prefix">Il 04/02/2014 11:30, Gianluca Cecchi ha scritto:<br></div> </span><blockquote style="border-left: 2px solid #009900 !important; border-right: 2px solid #009900 !important; padding: 0px 15px 0px 15px; margin: 8px 2px;" cite="mid:CAG2kNCxEmE0iXtmXEcZZDti_=qRn7uE63Rkfo8V0i=AKCr=f5g@mail.gmail.com"><pre>On Tue, Feb 4, 2014 at 11:10 AM, Alessandro Bianchi <a class="moz-txt-link-rfc2396E" href="mailto:a.bianchi@skynet.it" target="_blank"><a.bianchi@skynet.it></a> wrote: </pre><blockquote style="border-left: 2px solid #009900 !important; border-right: 2px solid #009900 !important; padding: 0px 15px 0px 15px; margin: 8px 2px;"><pre>Il 04/02/2014 09:55, Gianluca Cecchi ha scritto: On Tue, Feb 4, 2014 at 9:10 AM, Alessandro Bianchi wrote: in working directory '/usr/share/ovirt-engine-dwh/db-scripts' 2014-02-04 09:01:26::DEBUG::common_utils::962::root:: output = 2014-02-04 09:01:26::DEBUG::common_utils::963::root:: stderr = psql: FATALE: autenticazione con password fallita per l'utente "engine_history" password retrieved from file "/tmp/pgpassNkKGNp.tmp" (autenticazione con password fallita per l'utente "engine_history" = authentication failed for user "engine_history" system language is italian) so it seems a user creation permission problem on the database since I'm not too familiar with pgsql how is it supposed to fix this? It look like it misses the password in some ovirt configuration file but where to edit and how o fix it? Any hint? Thank you See this thread of mine if you want to start from scratch and you don't have any previous reports/dwh data or you don't mind to loose them. Engine and its data is not impacted at all. Eventually I'm going to open a bug for bad mgmt of pre-existing DB user during setup (eg due to a previously failed in the middle install). <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/pipermail/users/2014-February/020740.html" target="_blank">http://lists.ovirt.org/pipermail/users/2014-February/020740.html</a> Let us know how it goes. Gianluca Ok with this 2b extra step it works I have installed everything with no errors, but still have Forbidden access right clicking on Vms -> reports If I click on the "reports portal" I see this link <a class="moz-txt-link-freetext" href="http://10.0.0.5/OvirtEngineWeb/ReportsRedirectServlet" target="_blank">http://10.0.0.5/OvirtEngineWeb/ReportsRedirectServlet</a> I suspect this is something related to apache configuration access.log shows nothing so were may I see a log of what's happening? Thank you Alessandro </pre></blockquote><pre>I too see that redirect and then when I click I land to <a class="moz-txt-link-freetext" href="https://my-engine/ovirt-engine-reports/login.html" target="_blank">https://my-engine/ovirt-engine-reports/login.html</a> and then after login/pwd : <a class="moz-txt-link-freetext" href="https://my-engine/ovirt-engine-reports/flow.html?_flowId=searchFlow" target="_blank">https://my-engine/ovirt-engine-reports/flow.html?_flowId=searchFlow</a> I have SpiceProxy configured. Don't know if this impacts apache configuration. In my case it works and in /etc/httpd/conf.d Ihave # ls -lrt total 68 -rw-r--r--. 1 root root 926 Mar 31 2013 BackupPC.conf -rw-r--r--. 1 root root 298 Jul 23 2013 squid.conf -rw-r--r--. 1 root root 516 Jul 31 2013 welcome.conf -rw-r--r--. 1 root root 1252 Jul 31 2013 userdir.conf -rw-r--r--. 1 root root 9426 Jul 31 2013 ssl.conf.20131003112151 -rw-r--r--. 1 root root 2893 Jul 31 2013 autoindex.conf -rw-r--r--. 1 root root 366 Jul 31 2013 README -rw-r--r--. 1 root root 2778 Oct 3 11:21 z-ovirt-engine-proxy.conf.20131119125706 -rw-r--r--. 1 root root 33 Oct 3 11:21 ovirt-engine-root-redirect.conf -rw-r--r--. 1 root root 9444 Oct 3 11:21 ssl.conf -rw-r--r--. 1 root root 2775 Nov 19 12:57 z-ovirt-engine-proxy.conf.20140115003015 -rw-r--r--. 1 root root 1251 Jan 7 15:54 z-ovirt-engine-reports-proxy.conf -rw-r--r--. 1 root root 2788 Jan 15 00:30 z-ovirt-engine-proxy.conf z-ovirt-engine-reports-proxy.conf: <IfModule proxy_ajp_module> <Proxy ajp://localhost:8702> # This is needed to make sure that connections to the application server # are recovered in a short time interval (5 seconds at the moment) # otherwise when the application server is restarted the web server will # refuse to connect during 60 seconds. ProxySet retry=5 # This is needed to make sure that long RESTAPI requests have time to # finish before the web server aborts the request as the default timeout # (controlled by the Timeout directive in httpd.conf) is 60 seconds. ProxySet timeout=3600 </Proxy> <Location /ovirt-engine-reports> ProxyPass ajp://localhost:8702/ovirt-engine-reports <IfModule deflate_module> AddOutputFilterByType DEFLATE text/javascript text/css text/html text/xml text/json application/xml application/json application/x-yaml </IfModule> </Location> </IfModule> </pre></blockquote> Uuuuuuh<br><div><br></div> enterig the URL you showed directely I can login and see reports ok<br><div><br></div> so it looks link in ovirt main page is somehow wrong!</blockquote><div><br></div><div>This should work. To help debug this, p<span style="font-size: 12pt;">lease check/post these:</span></div><div><br></div><div>/etc/httpd/conf.d/z-ovirt-engine-proxy.conf</div><div>/etc/httpd/conf.d/z-ovirt-engine-reports-proxy.conf</div><div>/var/log/httpd/error_log</div><div>/var/log/httpd/ssl_error_log</div><div>/var/log/httpd/access_log</div><div>/var/log/httpd/ssl_access_log</div><div><br></div><div>As user postgres, output of:</div><div><span style="font-family: Arial, Helvetica, sans-serif; font-size: 10pt;">psql engine -c "select * from vdc_options where option_name='RedirectServletReportsPage';"</span></div><div><br></div><div>Thanks!</div><div>-- <br></div><div><span name="x"></span>Didi<span name="x"></span><br></div><div><br></div><style> <!-- P { font-family: "Arial", "Helvetica", sans-serif; font-size: 10pt } P.nome { color: #ff8000; font-family: "Arial", "Helvetica", sans-serif; font-size: 12pt; font-weight: bold; text-align: center } P.indirizzo { color: #0084d1; font-family: "Arial", "Helvetica", sans-serif; font-size: 10pt; font-weight: bold; line-height: 0.48cm; text-align: center } P.info { color: #b3b3b3; font-family: "Arial", "Helvetica", sans-serif; font-size: 9pt } A:link { color: #005dff; text-decoration: none } A:visited { color: #005dff; text-decoration: none } --> </style></div></body></html> ------=_Part_14090284_1728051876.1391514930365--
Il 04/02/2014 12:55, Yedidyah Bar David ha scritto:
*From: *"Alessandro Bianchi" <a.bianchi@skynet.it> *To: *"Gianluca Cecchi" <gianluca.cecchi@gmail.com> *Cc: *"Yedidyah Bar David" <didi@redhat.com>, "users" <users@ovirt.org> *Sent: *Tuesday, February 4, 2014 1:19:43 PM *Subject: *Re: [Users] ovirt-report Forbidden access error
Il 04/02/2014 11:30, Gianluca Cecchi ha scritto:
On Tue, Feb 4, 2014 at 11:10 AM, Alessandro Bianchi<a.bianchi@skynet.it> wrote:
Il 04/02/2014 09:55, Gianluca Cecchi ha scritto:
On Tue, Feb 4, 2014 at 9:10 AM, Alessandro Bianchi wrote:
in working directory '/usr/share/ovirt-engine-dwh/db-scripts' 2014-02-04 09:01:26::DEBUG::common_utils::962::root:: output = 2014-02-04 09:01:26::DEBUG::common_utils::963::root:: stderr = psql: FATALE: autenticazione con password fallita per l'utente "engine_history" password retrieved from file "/tmp/pgpassNkKGNp.tmp"
(autenticazione con password fallita per l'utente "engine_history" = authentication failed for user "engine_history" system language is italian)
so it seems a user creation permission problem on the database
since I'm not too familiar with pgsql how is it supposed to fix this?
It look like it misses the password in some ovirt configuration file but where to edit and how o fix it?
Any hint?
Thank you
See this thread of mine if you want to start from scratch and you don't have any previous reports/dwh data or you don't mind to loose them. Engine and its data is not impacted at all. Eventually I'm going to open a bug for bad mgmt of pre-existing DB user during setup (eg due to a previously failed in the middle install).
http://lists.ovirt.org/pipermail/users/2014-February/020740.html
Let us know how it goes.
Gianluca
Ok with this 2b extra step it works
I have installed everything with no errors, but still have Forbidden access right clicking on Vms -> reports
If I click on the "reports portal" I see this link
*ATTENZIONE: i link numerici sono spesso utilizzati da malintenzionati* http://10.0.0.5/OvirtEngineWeb/ReportsRedirectServlet
I suspect this is something related to apache configuration
access.log shows nothing so were may I see a log of what's happening?
Thank you
Alessandro
I too see that redirect and then when I click I land to https://my-engine/ovirt-engine-reports/login.html
and then after login/pwd : https://my-engine/ovirt-engine-reports/flow.html?_flowId=searchFlow
I have SpiceProxy configured. Don't know if this impacts apache configuration. In my case it works and in /etc/httpd/conf.d Ihave # ls -lrt total 68 -rw-r--r--. 1 root root 926 Mar 31 2013 BackupPC.conf -rw-r--r--. 1 root root 298 Jul 23 2013 squid.conf -rw-r--r--. 1 root root 516 Jul 31 2013 welcome.conf -rw-r--r--. 1 root root 1252 Jul 31 2013 userdir.conf -rw-r--r--. 1 root root 9426 Jul 31 2013 ssl.conf.20131003112151 -rw-r--r--. 1 root root 2893 Jul 31 2013 autoindex.conf -rw-r--r--. 1 root root 366 Jul 31 2013 README -rw-r--r--. 1 root root 2778 Oct 3 11:21 z-ovirt-engine-proxy.conf.20131119125706 -rw-r--r--. 1 root root 33 Oct 3 11:21 ovirt-engine-root-redirect.conf -rw-r--r--. 1 root root 9444 Oct 3 11:21 ssl.conf -rw-r--r--. 1 root root 2775 Nov 19 12:57 z-ovirt-engine-proxy.conf.20140115003015 -rw-r--r--. 1 root root 1251 Jan 7 15:54 z-ovirt-engine-reports-proxy.conf -rw-r--r--. 1 root root 2788 Jan 15 00:30 z-ovirt-engine-proxy.conf
z-ovirt-engine-reports-proxy.conf: <IfModule proxy_ajp_module>
<Proxy ajp://localhost:8702> # This is needed to make sure that connections to the application server # are recovered in a short time interval (5 seconds at the moment) # otherwise when the application server is restarted the web server will # refuse to connect during 60 seconds. ProxySet retry=5
# This is needed to make sure that long RESTAPI requests have time to # finish before the web server aborts the request as the default timeout # (controlled by the Timeout directive in httpd.conf) is 60 seconds. ProxySet timeout=3600 </Proxy>
<Location /ovirt-engine-reports> ProxyPass ajp://localhost:8702/ovirt-engine-reports <IfModule deflate_module> AddOutputFilterByType DEFLATE text/javascript text/css text/html text/xml text/json application/xml application/json application/x-yaml </IfModule> </Location>
</IfModule>
Uuuuuuh
enterig the URL you showed directely I can login and see reports ok
so it looks link in ovirt main page is somehow wrong!
This should work. To help debug this, please check/post these:
/etc/httpd/conf.d/z-ovirt-engine-proxy.conf /etc/httpd/conf.d/z-ovirt-engine-reports-proxy.conf /var/log/httpd/error_log /var/log/httpd/ssl_error_log /var/log/httpd/access_log /var/log/httpd/ssl_access_log
As user postgres, output of: psql engine -c "select * from vdc_options where option_name='RedirectServletReportsPage';"
Thanks! -- Didi
-- Il messaggio è stato analizzato alla ricerca di virus o contenuti pericolosi da *SkyNet Srl <http://www.skynet.it/>*, ed è risultato non infetto.
This message has been checked for virus or dangerous content by *SkyNet SRL <http://www.skynet.it/>* and seems to be clean.
Ok let's go z-ovirt-engine-proxy.conf # # The name of this file name is very important, the "z-" prefix is used # to force the web server to load this file after all the other # configurations, in particular after the configuration of the required # proxy modules, otherwise the "IfModule" directives fail. # <IfModule proxy_ajp_module> # # Remove the Expect headers from API requests (this is needed to fix a # problem with some API clients): # # This is required because otherwise Expect header, which is hop-by-hop # will be caught by the Apache and will NOT be forwared to the proxy. # # It currenly is used here, which means GLOBALLY for the server. It is done # this way because RequestHeader 'early' doesn't allow using in either # 'Directory' or 'Location' nested clauses. # # TODO: find a way to filter Expect headers for /api name space only. <IfModule headers_module> RequestHeader unset Expect early </IfModule> <Proxy ajp://127.0.0.1:8702> # This is needed to make sure that connections to the application server # are recovered in a short time interval (5 seconds at the moment) # otherwise when the application server is restarted the web server will # refuse to connect during 60 seconds. ProxySet retry=5 # This is needed to make sure that long RESTAPI requests have time to # finish before the web server aborts the request as the default timeout # (controlled by the Timeout directive in httpd.conf) is 60 seconds. ProxySet timeout=3600 </Proxy> Redirect /ovirt-engine /ovirt-engine/ <Location /ovirt-engine/> ProxyPass ajp://127.0.0.1:8702/ </Location> <LocationMatch ^/(UserPortal($|/)|RHEVManagerWeb($|/)|OvirtEngineWeb($|/)|webadmin($|/)|docs($|/)|ovirt-engine-theme/|ovirt-engine-theme-resource/|ca.crt$|engine.ssh.key.txt$|rhevm.ssh.key.txt$|ovirt-engine-files/|ovirt-engine-attachment/|ovirt-engine-novnc-main.html$|ovirt-engine-spicehtml5-main.html$)> ProxyPassMatch ajp://127.0.0.1:8702 timeout=3600 <IfModule deflate_module> AddOutputFilterByType DEFLATE text/javascript text/css text/html text/xml text/json application/xml application/json application/x-yaml </IfModule> </LocationMatch> <Location /api> # # The timeout has to be specified here again because versions of # Apache older than 2.4 don't copy the setting from the Proxy # directive: # ProxyPass ajp://127.0.0.1:8702/api timeout=3600 <IfModule deflate_module> AddOutputFilterByType DEFLATE text/javascript text/css text/html text/xml text/json application/xml application/json application/x-yaml </IfModule> </Location> </IfModule> z-ovirt-engine-reports-proxy.conf # # The name of this file name is very important, the "z-" prefix is used # to force the web server to load this file after all the other # configurations, in particular after the configuration of the required # proxy modules, otherwise the "IfModule" directives fail. # <IfModule proxy_ajp_module> # # Remove the Expect headers from API requests (this is needed to fix a # problem with some API clients): # # This is required because otherwise Expect header, which is hop-by-hop # will be caught by the Apache and will NOT be forwared to the proxy. # # It currenly is used here, which means GLOBALLY for the server. It is done # this way because RequestHeader 'early' doesn't allow using in either # 'Directory' or 'Location' nested clauses. # # TODO: find a way to filter Expect headers for /api name space only. <IfModule headers_module> RequestHeader unset Expect early </IfModule> <Proxy ajp://127.0.0.1:8702> # This is needed to make sure that connections to the application server # are recovered in a short time interval (5 seconds at the moment) # otherwise when the application server is restarted the web server will # refuse to connect during 60 seconds. ProxySet retry=5 # This is needed to make sure that long RESTAPI requests have time to # finish before the web server aborts the request as the default timeout # (controlled by the Timeout directive in httpd.conf) is 60 seconds. ProxySet timeout=3600 </Proxy> Redirect /ovirt-engine /ovirt-engine/ <Location /ovirt-engine/> ProxyPass ajp://127.0.0.1:8702/ </Location> <LocationMatch ^/(UserPortal($|/)|RHEVManagerWeb($|/)|OvirtEngineWeb($|/)|webadmin($|/)|docs($|/)|ovirt-engine-theme/|ovirt-engine-theme-resource/|ca.crt$|engine.ssh.key.txt$|rhevm.ssh.key.txt$|ovirt-engine-files/|ovirt-engine-attachment/|ovirt-engine-novnc-main.html$|ovirt-engine-spicehtml5-main.html$)> ProxyPassMatch ajp://127.0.0.1:8702 timeout=3600 <IfModule deflate_module> AddOutputFilterByType DEFLATE text/javascript text/css text/html text/xml text/json application/xml application/json application/x-yaml </IfModule> </LocationMatch> <Location /api> # # The timeout has to be specified here again because versions of # Apache older than 2.4 don't copy the setting from the Proxy # directive: # ProxyPass ajp://127.0.0.1:8702/api timeout=3600 <IfModule deflate_module> AddOutputFilterByType DEFLATE text/javascript text/css text/html text/xml text/json application/xml application/json application/x-yaml </IfModule> </Location> </IfModule> [root@hypervisor conf.d]# :q -bash: :q: command not found [root@hypervisor conf.d]# cat z-ovirt-engine-reports-proxy.conf # # The name of this file name is very important, the "z-" prefix is used # to force the web server to load this file after all the other # configurations, in particular after the configuration of the required # proxy modules, otherwise the "IfModule" directives fail. # <IfModule proxy_ajp_module> <Proxy ajp://localhost:8702> # This is needed to make sure that connections to the application server # are recovered in a short time interval (5 seconds at the moment) # otherwise when the application server is restarted the web server will # refuse to connect during 60 seconds. ProxySet retry=5 # This is needed to make sure that long RESTAPI requests have time to # finish before the web server aborts the request as the default timeout # (controlled by the Timeout directive in httpd.conf) is 60 seconds. ProxySet timeout=3600 </Proxy> <Location /ovirt-engine-reports> ProxyPass ajp://localhost:8702/ovirt-engine-reports <IfModule deflate_module> AddOutputFilterByType DEFLATE text/javascript text/css text/html text/xml text/json application/xml application/json application/x-yaml </IfModule> </Location> </IfModule> ssl_error_log [Tue Feb 04 10:50:46.221639 2014] [proxy_ajp:error] [pid 7533] [client 192.168.0.17:48201] AH00896: failed to make connection to backend: 127.0.0.1, referer: https://10.0.0.5/webadmin/webadmin/WebAdmin.html?locale=en_US [Tue Feb 04 10:50:51.221036 2014] [proxy:error] [pid 7532] (111)Connection refused: AH00957: AJP: attempt to connect to 127.0.0.1:8702 (127.0.0.1) failed [Tue Feb 04 10:50:51.221057 2014] [proxy:error] [pid 7532] AH00959: ap_proxy_connect_backend disabling worker for (127.0.0.1) for 5s [Tue Feb 04 10:50:51.221062 2014] [proxy_ajp:error] [pid 7532] [client 192.168.0.17:48202] AH00896: failed to make connection to backend: 127.0.0.1, referer: https://10.0.0.5/webadmin/webadmin/WebAdmin.html?locale=en_US [Tue Feb 04 10:50:56.220894 2014] [proxy:error] [pid 7607] (111)Connection refused: AH00957: AJP: attempt to connect to 127.0.0.1:8702 (127.0.0.1) failed [Tue Feb 04 10:50:56.220915 2014] [proxy:error] [pid 7607] AH00959: ap_proxy_connect_backend disabling worker for (127.0.0.1) for 5s [Tue Feb 04 10:50:56.220920 2014] [proxy_ajp:error] [pid 7607] [client 192.168.0.17:48203] AH00896: failed to make connection to backend: 127.0.0.1, referer: https://10.0.0.5/webadmin/webadmin/WebAdmin.html?locale=en_US [Tue Feb 04 10:54:58.223880 2014] [proxy:error] [pid 7611] (111)Connection refused: AH00957: AJP: attempt to connect to 127.0.0.1:8702 (127.0.0.1) failed [Tue Feb 04 10:54:58.223901 2014] [proxy:error] [pid 7611] AH00959: ap_proxy_connect_backend disabling worker for (127.0.0.1) for 5s [Tue Feb 04 10:54:58.223906 2014] [proxy_ajp:error] [pid 7611] [client 192.168.0.17:48210] AH00896: failed to make connection to backend: 127.0.0.1 ssl_access_log 192.168.0.17 - - [04/Feb/2014:12:54:31 +0100] "POST /webadmin/webadmin/GenericApiGWTService HTTP/1.1" 200 11852 192.168.0.17 - - [04/Feb/2014:12:54:36 +0100] "POST /webadmin/webadmin/GenericApiGWTService HTTP/1.1" 200 11852 192.168.0.17 - - [04/Feb/2014:12:54:41 +0100] "POST /webadmin/webadmin/GenericApiGWTService HTTP/1.1" 200 11852 192.168.0.17 - - [04/Feb/2014:12:54:46 +0100] "POST /webadmin/webadmin/GenericApiGWTService HTTP/1.1" 200 11852 192.168.0.17 - - [04/Feb/2014:12:54:51 +0100] "POST /webadmin/webadmin/GenericApiGWTService HTTP/1.1" 200 11852 192.168.0.17 - - [04/Feb/2014:12:54:56 +0100] "POST /webadmin/webadmin/GenericApiGWTService HTTP/1.1" 200 11852 192.168.0.17 - - [04/Feb/2014:12:55:01 +0100] "POST /webadmin/webadmin/GenericApiGWTService HTTP/1.1" 200 11852 192.168.0.17 - - [04/Feb/2014:12:55:06 +0100] "POST /webadmin/webadmin/GenericApiGWTService HTTP/1.1" 200 11852 192.168.0.17 - - [04/Feb/2014:12:55:11 +0100] "POST /webadmin/webadmin/GenericApiGWTService HTTP/1.1" 200 177 192.168.0.17 - - [04/Feb/2014:12:55:11 +0100] "POST /webadmin/webadmin/GenericApiGWTService HTTP/1.1" 200 260 access_log ::1 - - [04/Feb/2014:11:00:26 +0100] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (Fedora) OpenSSL/1.0.0-fips PHP/5.5.8 (internal dummy connection)" ::1 - - [04/Feb/2014:11:01:48 +0100] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (Fedora) OpenSSL/1.0.0-fips PHP/5.5.8 (internal dummy connection)" 192.168.0.17 - - [04/Feb/2014:11:02:10 +0100] "GET /pippo.htm HTTP/1.1" 404 207 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0" 192.168.0.17 - - [04/Feb/2014:11:02:10 +0100] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0" 192.168.0.17 - - [04/Feb/2014:11:02:10 +0100] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0" ::1 - - [04/Feb/2014:11:54:16 +0100] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (Fedora) OpenSSL/1.0.0-fips PHP/5.5.8 (internal dummy connection)" 192.168.0.17 - - [04/Feb/2014:12:17:42 +0100] "GET /ovirt-engine-reports/login.html HTTP/1.1" 302 - "-" "Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0" ::1 - - [04/Feb/2014:12:17:51 +0100] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (Fedora) OpenSSL/1.0.0-fips PHP/5.5.8 (internal dummy connection)" ::1 - - [04/Feb/2014:12:17:52 +0100] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (Fedora) OpenSSL/1.0.0-fips PHP/5.5.8 (internal dummy connection)" ::1 - - [04/Feb/2014:12:55:17 +0100] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (Fedora) OpenSSL/1.0.0-fips PHP/5.5.8 (internal dummy connection)" the login you see is the one after entering http://10.0.0.5/ovirt-engine-reports/login.html as url error_log [Tue Feb 04 10:55:04.198829 2014] [mpm_prefork:notice] [pid 9665] AH00170: caught SIGWINCH, shutting down gracefully [Tue Feb 04 10:55:05.284349 2014] [core:notice] [pid 11365] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0 [Tue Feb 04 10:55:05.285048 2014] [suexec:notice] [pid 11365] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Tue Feb 04 10:55:05.315355 2014] [proxy:warn] [pid 11365] AH01146: Ignoring parameter 'timeout=3600' for worker 'ajp://127.0.0.1:8702' because of worker sharing [Tue Feb 04 10:55:05.315381 2014] [proxy:warn] [pid 11365] AH01146: Ignoring parameter 'timeout=3600' for worker 'ajp://127.0.0.1:8702' because of worker sharing AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using hypervisor.skynet.it. Set the 'ServerName' directive globally to suppress this message [Tue Feb 04 10:55:05.315826 2014] [auth_digest:notice] [pid 11365] AH01757: generating secret for digest authentication ... [Tue Feb 04 10:55:05.316461 2014] [lbmethod_heartbeat:notice] [pid 11365] AH02282: No slotmem from mod_heartmonitor [Tue Feb 04 10:55:05.354876 2014] [mpm_prefork:notice] [pid 11365] AH00163: Apache/2.4.6 (Fedora) OpenSSL/1.0.0-fips PHP/5.5.8 configured -- resuming normal operations [Tue Feb 04 10:55:05.354895 2014] [core:notice] [pid 11365] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND' postgres-# select * from vdc_options where option_name='RedirectServletReportsPage' postgres-# (no results) Let me know if anything else may be useful Thank you and best regards -- SkyNet SRL Via Maggiate 67/a - 28021 Borgomanero (NO) - tel. +39 0322-836487/834765 - fax +39 0322-836608 http://www.skynet.it <http://www.skynet.it/> Autorizzazione Ministeriale n.197 Le informazioni contenute in questo messaggio sono riservate e confidenziali ed è vietata la diffusione in qualunque modo eseguita. Qualora Lei non fosse la persona a cui il presente messaggio è destinato, La invitiamo ad eliminarlo ed a distruggerlo non divulgandolo, dandocene gentilmente comunicazione. Per qualsiasi informazione si prega di contattare info@skynet.it (e-mail dell'azienda). Rif. D.L. 196/2003
----- Original Message -----
From: "Alessandro Bianchi" <a.bianchi@skynet.it> To: "Yedidyah Bar David" <didi@redhat.com> Cc: "Gianluca Cecchi" <gianluca.cecchi@gmail.com>, "users" <users@ovirt.org> Sent: Tuesday, February 4, 2014 2:49:47 PM Subject: Re: [Users] ovirt-report Forbidden access error [snip]
(for now I'll ignore the confs (which seem ok) and the logs (which will require more time to understand)
postgres-# select * from vdc_options where option_name='RedirectServletReportsPage' postgres-# (no results)
This is probably the source of the problem. Can you post all the setup log files (engine, dwh, reports)? The line is normally inserted by engine-setup and updated by reports-setup. -- Didi
On Tue, Feb 4, 2014 at 2:06 PM, Yedidyah Bar David wrote:
----- Original Message -----
From: "Alessandro Bianchi" <a.bianchi@skynet.it> To: "Yedidyah Bar David" <didi@redhat.com> Cc: "Gianluca Cecchi" <gianluca.cecchi@gmail.com>, "users" <users@ovirt.org> Sent: Tuesday, February 4, 2014 2:49:47 PM Subject: Re: [Users] ovirt-report Forbidden access error [snip]
(for now I'll ignore the confs (which seem ok) and the logs (which will require more time to understand)
postgres-# select * from vdc_options where option_name='RedirectServletReportsPage' postgres-# (no results)
This is probably the source of the problem.
Can you post all the setup log files (engine, dwh, reports)?
The line is normally inserted by engine-setup and updated by reports-setup. -- Didi
In fact in my case where it is working I have: engine=# select * from vdc_options where option_name='RedirectServletReportsPage'; option_id | option_name | option_value | version -----------+----------------------------+-----------------------------------------------------------+--------- 281 | RedirectServletReportsPage | https://my-engine:443/ovirt-engine-reports | general (1 row) Gianluca
----- Original Message -----
From: "Gianluca Cecchi" <gianluca.cecchi@gmail.com> To: "Yedidyah Bar David" <didi@redhat.com> Cc: "Alessandro Bianchi" <a.bianchi@skynet.it>, "users" <users@ovirt.org> Sent: Tuesday, February 4, 2014 3:25:37 PM Subject: Re: [Users] ovirt-report Forbidden access error
On Tue, Feb 4, 2014 at 2:06 PM, Yedidyah Bar David wrote:
----- Original Message -----
From: "Alessandro Bianchi" <a.bianchi@skynet.it> To: "Yedidyah Bar David" <didi@redhat.com> Cc: "Gianluca Cecchi" <gianluca.cecchi@gmail.com>, "users" <users@ovirt.org> Sent: Tuesday, February 4, 2014 2:49:47 PM Subject: Re: [Users] ovirt-report Forbidden access error [snip]
(for now I'll ignore the confs (which seem ok) and the logs (which will require more time to understand)
postgres-# select * from vdc_options where option_name='RedirectServletReportsPage' postgres-# (no results)
This is probably the source of the problem.
Can you post all the setup log files (engine, dwh, reports)?
The line is normally inserted by engine-setup and updated by reports-setup. -- Didi
In fact in my case where it is working I have:
engine=# select * from vdc_options where option_name='RedirectServletReportsPage'; option_id | option_name | option_value | version -----------+----------------------------+-----------------------------------------------------------+--------- 281 | RedirectServletReportsPage | https://my-engine:443/ovirt-engine-reports | general (1 row)
Indeed, that's updated to be so by reports setup. But Alessandro reported he does not have this row at all, which is probably some bug or problem in engine-setup. We can quite easily patch reports setup to add this row if it does not exist, but it might imply some deeper problems in the setup which should probably be fixed anyway. -- Didi
------=_Part_14174312_2110267692.1391522159621 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit
From: "Alessandro Bianchi" <a.bianchi@skynet.it> To: "Yedidyah Bar David" <didi@redhat.com> Cc: "Gianluca Cecchi" <gianluca.cecchi@gmail.com>, "users" <users@ovirt.org> Sent: Tuesday, February 4, 2014 3:35:47 PM Subject: Re: [Users] ovirt-report Forbidden access error
Il 04/02/2014 14:06, Yedidyah Bar David ha scritto:
----- Original Message -----
From: "Alessandro Bianchi" <a.bianchi@skynet.it> To: "Yedidyah Bar David" <didi@redhat.com> Cc: "Gianluca Cecchi" <gianluca.cecchi@gmail.com> , "users" <users@ovirt.org> Sent: Tuesday, February 4, 2014 2:49:47 PM
Subject: Re: [Users] ovirt-report Forbidden access error
[snip]
(for now I'll ignore the confs (which seem ok) and the logs (which will
require more time to understand)
postgres-# select * from vdc_options where
option_name='RedirectServletReportsPage'
postgres-#
(no results)
This is probably the source of the problem.
Can you post all the setup log files (engine, dwh, reports)?
The line is normally inserted by engine-setup and updated by reports-setup.
Engine setup is quite older since I didn't install reports at that time It's not supposed to be rotated, you should be able to find it with find /var/log/ovirt-engine -iname "*setup*"
3.3 engine setup keeps them under a subdir setup/, the rest (<=3.2 engine and <=3.3 dwh/reports) keep them directly there (and in 3.4 all will keep in setup/).
Let me know if anything else may help As I said, not having this line might imply there are other problems.
You can try solve this one by adding it. In psql connected to db engine: select fn_db_add_config_value('RedirectServletReportsPage','https://YOUR_FQDN:443/ovirt-engine-reports','general'); (replace YOUR_FQDN with your engine fqdn). -- Didi ------=_Part_14174312_2110267692.1391522159621 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit <html><body><div style="font-family: times new roman, new york, times, serif; font-size: 12pt; color: #000000"><div></div><blockquote style="border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><b>From: </b>"Alessandro Bianchi" <a.bianchi@skynet.it><br><b>To: </b>"Yedidyah Bar David" <didi@redhat.com><br><b>Cc: </b>"Gianluca Cecchi" <gianluca.cecchi@gmail.com>, "users" <users@ovirt.org><br><b>Sent: </b>Tuesday, February 4, 2014 3:35:47 PM<br><b>Subject: </b>Re: [Users] ovirt-report Forbidden access error<br><div><br></div><br><br><span style="color:#000000; font-family:sans-serif; font-size:12px; font-weight:normal" class="headerSpan"> <div class="moz-cite-prefix">Il 04/02/2014 14:06, Yedidyah Bar David ha scritto:<br></div> </span><blockquote style="border-left: 2px solid #009900 !important; border-right: 2px solid #009900 !important; padding: 0px 15px 0px 15px; margin: 8px 2px;" cite="mid:1788360087.14121691.1391519213291.JavaMail.root@redhat.com"><pre>----- Original Message ----- </pre><blockquote style="border-left: 2px solid #009900 !important; border-right: 2px solid #009900 !important; padding: 0px 15px 0px 15px; margin: 8px 2px;"><pre>From: "Alessandro Bianchi" <a class="moz-txt-link-rfc2396E" href="mailto:a.bianchi@skynet.it" target="_blank"><a.bianchi@skynet.it></a> To: "Yedidyah Bar David" <a class="moz-txt-link-rfc2396E" href="mailto:didi@redhat.com" target="_blank"><didi@redhat.com></a> Cc: "Gianluca Cecchi" <a class="moz-txt-link-rfc2396E" href="mailto:gianluca.cecchi@gmail.com" target="_blank"><gianluca.cecchi@gmail.com></a>, "users" <a class="moz-txt-link-rfc2396E" href="mailto:users@ovirt.org" target="_blank"><users@ovirt.org></a> Sent: Tuesday, February 4, 2014 2:49:47 PM Subject: Re: [Users] ovirt-report Forbidden access error </pre></blockquote><pre>[snip] (for now I'll ignore the confs (which seem ok) and the logs (which will require more time to understand) </pre><blockquote style="border-left: 2px solid #009900 !important; border-right: 2px solid #009900 !important; padding: 0px 15px 0px 15px; margin: 8px 2px;"><pre>postgres-# select * from vdc_options where option_name='RedirectServletReportsPage' postgres-# (no results) </pre></blockquote><pre>This is probably the source of the problem. Can you post all the setup log files (engine, dwh, reports)? The line is normally inserted by engine-setup and updated by reports-setup. </pre></blockquote> Engine setup is quite older since I didn't install reports at that time</blockquote><div><br></div><div>It's not supposed to be rotated, you should be able to find it with</div><div>find /var/log/ovirt-engine -iname "*setup*"</div><div><br></div><div>3.3 engine setup keeps them under a subdir setup/, the rest (<=3.2 engine and <=3.3 dwh/reports)</div><div>keep them directly there (and in 3.4 all will keep in setup/).</div><div><br></div><blockquote style="border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><br><br> Let me know if anything else may help</blockquote><div><br></div><div>As I said, not having this line might imply there are other problems.</div><div><br></div><div> You can try solve this one <span style="font-size: 12pt;">by adding it. In psql connected to db engine:</span></div><div> select fn_db_add_config_value('RedirectServletReportsPage','https://YOUR_FQDN:443/ovirt-engine-reports','general');</div><div>(replace YOUR_FQDN with your engine fqdn).</div><div><span style="font-size: 12pt;">-- </span></div><div><span name="x"></span>Didi<span name="x"></span><br></div><div><br></div><style> <!-- P { font-family: "Arial", "Helvetica", sans-serif; font-size: 10pt } P.nome { color: #ff8000; font-family: "Arial", "Helvetica", sans-serif; font-size: 12pt; font-weight: bold; text-align: center } P.indirizzo { color: #0084d1; font-family: "Arial", "Helvetica", sans-serif; font-size: 10pt; font-weight: bold; line-height: 0.48cm; text-align: center } P.info { color: #b3b3b3; font-family: "Arial", "Helvetica", sans-serif; font-size: 9pt } A:link { color: #005dff; text-decoration: none } A:visited { color: #005dff; text-decoration: none } --> </style></div></body></html> ------=_Part_14174312_2110267692.1391522159621--
participants (3)
-
Alessandro Bianchi -
Gianluca Cecchi -
Yedidyah Bar David