ovirt-websocket-proxy errors when trying noVNC

OS: Oracle Linux 7.8 (unbreakable kernel) Using Oracle Linux Virtualization Manager: Software Version:4.3.6.6-1.0.9.el7 Since I am running all of it on one physical machine I opted to install the ovirt-engine using the accept defaults option. When I try to start a noVNC console I see this in the messages file: May 26 16:49:12 lfg-kvm saslpasswd2: Could not find keytab file: /etc/qemu/krb5.tab: No such file or directory May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:14 lfg-kvm journal: 2020-05-26 16:49:14,704-0400 ovirt-websocket-proxy: INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618) May 26 16:49:14 lfg-kvm ovirt-websocket-proxy.py: ovirt-websocket-proxy[14582] INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618) I have checked the following: [root@lfg-kvm ~]# engine-config -g WebSocketProxy WebSocketProxy: lfg-kvm.corp.lfg.com:6100 version: general [root@lfg-kvm ~]# engine-config -g SpiceProxyDefault SpiceProxyDefault: http://lfg-kvm.corp.lfg.com:6100 version: general This is a brand new install. I also am unable to get a VNC console up and running. I have tried with an Ubuntu VM running on my MAC where I installed virt-manager. The viewer comes up for a second says it cannot connect and then shutsdown. Anyone have any clue? -<<—->>- Louis Bohm louisbohm@gmail.com <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>

On Wed, May 27, 2020 at 7:42 AM Louis Bohm <louisbohm@gmail.com> wrote:
OS: Oracle Linux 7.8 (unbreakable kernel) Using Oracle Linux Virtualization Manager: Software Version:4.3.6.6-1.0.9.el7
Since I am running all of it on one physical machine I opted to install the ovirt-engine using the accept defaults option.
When I try to start a noVNC console I see this in the messages file:
May 26 16:49:12 lfg-kvm saslpasswd2: Could not find keytab file: /etc/qemu/krb5.tab: No such file or directory May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:14 lfg-kvm journal: 2020-05-26 16:49:14,704-0400 ovirt-websocket-proxy: INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618) May 26 16:49:14 lfg-kvm ovirt-websocket-proxy.py: ovirt-websocket-proxy[14582] INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618)
I have checked the following:
[root@lfg-kvm ~]# engine-config -g WebSocketProxy WebSocketProxy: lfg-kvm.corp.lfg.com:6100 version: general [root@lfg-kvm ~]# engine-config -g SpiceProxyDefault SpiceProxyDefault: http://lfg-kvm.corp.lfg.com:6100 version: general
This is a brand new install.
I also am unable to get a VNC console up and running. I have tried with an Ubuntu VM running on my MAC where I installed virt-manager. The viewer comes up for a second says it cannot connect and then shutsdown.
If you're only using noVNC, then you need to make sure you import the CA Cert and trust it in your browser. There is no way to interactively accept the self-signed cert from the engine when noVNC connects via the websocket proxy.
Anyone have any clue? -<<—->>- Louis Bohm louisbohm@gmail.com
<https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>
<https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM...
-- Scott Dickerson Senior Software Engineer RHV-M Engineering - UX Team Red Hat, Inc

I am running MAC OS X but I was able to import the CA Cert and I can see it in my Keychain. However, when I try to bring up the console I get: Can't connect to websocket proxy server wss://lfg-kvm.corp.lfg.com:6100. Please check that: websocket proxy service is running, firewalls are properly set, websocket proxy certificate is trusted by your browser. Default CA certificate <https://lfg-kvm.corp.lfgardens.com/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA>. Louis -<<—->>- Louis Bohm louisbohm@gmail.com <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>
On May 27, 2020, at 11:01 AM, Scott Dickerson <sdickers@redhat.com> wrote:
On Wed, May 27, 2020 at 7:42 AM Louis Bohm <louisbohm@gmail.com <mailto:louisbohm@gmail.com>> wrote: OS: Oracle Linux 7.8 (unbreakable kernel) Using Oracle Linux Virtualization Manager: Software Version:4.3.6.6-1.0.9.el7
Since I am running all of it on one physical machine I opted to install the ovirt-engine using the accept defaults option.
When I try to start a noVNC console I see this in the messages file: May 26 16:49:12 lfg-kvm saslpasswd2: Could not find keytab file: /etc/qemu/krb5.tab: No such file or directory May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:14 lfg-kvm journal: 2020-05-26 16:49:14,704-0400 ovirt-websocket-proxy: INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618) May 26 16:49:14 lfg-kvm ovirt-websocket-proxy.py: ovirt-websocket-proxy[14582] INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618)
I have checked the following: [root@lfg-kvm ~]# engine-config -g WebSocketProxy WebSocketProxy: lfg-kvm.corp.lfg.com:6100 <http://lfg-kvm.corp.lfg.com:6100/> version: general [root@lfg-kvm ~]# engine-config -g SpiceProxyDefault SpiceProxyDefault: http://lfg-kvm.corp.lfg.com:6100 <http://lfg-kvm.corp.lfg.com:6100/> version: general
This is a brand new install.
I also am unable to get a VNC console up and running. I have tried with an Ubuntu VM running on my MAC where I installed virt-manager. The viewer comes up for a second says it cannot connect and then shutsdown.
If you're only using noVNC, then you need to make sure you import the CA Cert and trust it in your browser. There is no way to interactively accept the self-signed cert from the engine when noVNC connects via the websocket proxy.
Anyone have any clue? -<<—->>- Louis Bohm louisbohm@gmail.com <mailto:louisbohm@gmail.com> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> _______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org> Privacy Statement: https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM6LUVF2WC2UW5JQCNCX/>
-- Scott Dickerson Senior Software Engineer RHV-M Engineering - UX Team Red Hat, Inc

Are you in the same network segment as the Engine ? Maybe there is a firewall preventing you to reach port 6100/tcp . What is the output from ncat -v engine-FQDN 6100 Best Regards, Strahil Nikolov На 27 май 2020 г. 18:48:31 GMT+03:00, Louis Bohm <louisbohm@gmail.com> написа:
I am running MAC OS X but I was able to import the CA Cert and I can see it in my Keychain. However, when I try to bring up the console I get: Can't connect to websocket proxy server wss://lfg-kvm.corp.lfg.com:6100. Please check that: websocket proxy service is running, firewalls are properly set, websocket proxy certificate is trusted by your browser. Default CA certificate <https://lfg-kvm.corp.lfgardens.com/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA>.
Louis -<<—->>- Louis Bohm louisbohm@gmail.com
<https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>
On May 27, 2020, at 11:01 AM, Scott Dickerson <sdickers@redhat.com> wrote:
On Wed, May 27, 2020 at 7:42 AM Louis Bohm <louisbohm@gmail.com <mailto:louisbohm@gmail.com>> wrote: OS: Oracle Linux 7.8 (unbreakable kernel) Using Oracle Linux Virtualization Manager: Software Version:4.3.6.6-1.0.9.el7
Since I am running all of it on one physical machine I opted to install the ovirt-engine using the accept defaults option.
When I try to start a noVNC console I see this in the messages file: May 26 16:49:12 lfg-kvm saslpasswd2: Could not find keytab file: /etc/qemu/krb5.tab: No such file or directory May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:14 lfg-kvm journal: 2020-05-26 16:49:14,704-0400 ovirt-websocket-proxy: INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618) May 26 16:49:14 lfg-kvm ovirt-websocket-proxy.py: ovirt-websocket-proxy[14582] INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618)
I have checked the following: [root@lfg-kvm ~]# engine-config -g WebSocketProxy WebSocketProxy: lfg-kvm.corp.lfg.com:6100 <http://lfg-kvm.corp.lfg.com:6100/> version: general [root@lfg-kvm ~]# engine-config -g SpiceProxyDefault SpiceProxyDefault: http://lfg-kvm.corp.lfg.com:6100 <http://lfg-kvm.corp.lfg.com:6100/> version: general
This is a brand new install.
I also am unable to get a VNC console up and running. I have tried with an Ubuntu VM running on my MAC where I installed virt-manager. The viewer comes up for a second says it cannot connect and then shutsdown.
If you're only using noVNC, then you need to make sure you import the CA Cert and trust it in your browser. There is no way to interactively accept the self-signed cert from the engine when noVNC connects via the websocket proxy.
Anyone have any clue? -<<—->>- Louis Bohm louisbohm@gmail.com <mailto:louisbohm@gmail.com>
<https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>
_______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org> Privacy Statement: https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM6LUVF2WC2UW5JQCNCX/>
-- Scott Dickerson Senior Software Engineer RHV-M Engineering - UX Team Red Hat, Inc

Do not have Ncat on my windows vm but I can telnet to port 6100 on the engine from both my windows vm and my MAC. Louis -<<—->>- Louis Bohm louisbohm@gmail.com <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>
On May 28, 2020, at 12:03 PM, Strahil Nikolov <hunter86_bg@yahoo.com> wrote:
Are you in the same network segment as the Engine ? Maybe there is a firewall preventing you to reach port 6100/tcp . What is the output from ncat -v engine-FQDN 6100
Best Regards, Strahil Nikolov
На 27 май 2020 г. 18:48:31 GMT+03:00, Louis Bohm <louisbohm@gmail.com <mailto:louisbohm@gmail.com>> написа:
I am running MAC OS X but I was able to import the CA Cert and I can see it in my Keychain. However, when I try to bring up the console I get: Can't connect to websocket proxy server wss://lfg-kvm.corp.lfg.com:6100 <wss://lfg-kvm.corp.lfg.com:6100/>. Please check that: websocket proxy service is running, firewalls are properly set, websocket proxy certificate is trusted by your browser. Default CA certificate <https://lfg-kvm.corp.lfgardens.com/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA <https://lfg-kvm.corp.lfgardens.com/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA>>.
Louis -<<—->>- Louis Bohm louisbohm@gmail.com <mailto:louisbohm@gmail.com>
<https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/publ... <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/publ... <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>>
On May 27, 2020, at 11:01 AM, Scott Dickerson <sdickers@redhat.com <mailto:sdickers@redhat.com>> wrote:
On Wed, May 27, 2020 at 7:42 AM Louis Bohm <louisbohm@gmail.com <mailto:louisbohm@gmail.com> <mailto:louisbohm@gmail.com <mailto:louisbohm@gmail.com>>> wrote: OS: Oracle Linux 7.8 (unbreakable kernel) Using Oracle Linux Virtualization Manager: Software Version:4.3.6.6-1.0.9.el7
Since I am running all of it on one physical machine I opted to install the ovirt-engine using the accept defaults option.
When I try to start a noVNC console I see this in the messages file: May 26 16:49:12 lfg-kvm saslpasswd2: Could not find keytab file: /etc/qemu/krb5.tab: No such file or directory May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:14 lfg-kvm journal: 2020-05-26 16:49:14,704-0400 ovirt-websocket-proxy: INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618) May 26 16:49:14 lfg-kvm ovirt-websocket-proxy.py: ovirt-websocket-proxy[14582] INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618)
I have checked the following: [root@lfg-kvm ~]# engine-config -g WebSocketProxy WebSocketProxy: lfg-kvm.corp.lfg.com:6100 <http://lfg-kvm.corp.lfg.com:6100/> <http://lfg-kvm.corp.lfg.com:6100/ <http://lfg-kvm.corp.lfg.com:6100/>> version: general [root@lfg-kvm ~]# engine-config -g SpiceProxyDefault SpiceProxyDefault: http://lfg-kvm.corp.lfg.com:6100 <http://lfg-kvm.corp.lfg.com:6100/> <http://lfg-kvm.corp.lfg.com:6100/ <http://lfg-kvm.corp.lfg.com:6100/>> version: general
This is a brand new install.
I also am unable to get a VNC console up and running. I have tried with an Ubuntu VM running on my MAC where I installed virt-manager. The viewer comes up for a second says it cannot connect and then shutsdown.
If you're only using noVNC, then you need to make sure you import the CA Cert and trust it in your browser. There is no way to interactively accept the self-signed cert from the engine when noVNC connects via the websocket proxy.
Anyone have any clue? -<<—->>- Louis Bohm louisbohm@gmail.com <mailto:louisbohm@gmail.com> <mailto:louisbohm@gmail.com <mailto:louisbohm@gmail.com>>
<https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/publ... <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/publ... <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>>
_______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> <mailto:users@ovirt.org <mailto:users@ovirt.org>> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org> <mailto:users-leave@ovirt.org <mailto:users-leave@ovirt.org>> Privacy Statement: https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html> <https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html>> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> <https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/>> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM6LUVF2WC2UW5JQCNCX/> <https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM6LUVF2WC2UW5JQCNCX/>>
-- Scott Dickerson Senior Software Engineer RHV-M Engineering - UX Team Red Hat, Inc

Hi Louis, can you install a fresh browser and try to open the Engine's web interface. Do you see a certificate warning or it just opens. I'm asking for a fresh browser because some browsers can accept certificates that while the other apps on the system do not accept (certificate is not in the windows cert store). Also, how did you configure the noVNC ? Best Regards, Strahil Nikolov На 28 май 2020 г. 19:17:09 GMT+03:00, Louis Bohm <louisbohm@gmail.com> написа:
Do not have Ncat on my windows vm but I can telnet to port 6100 on the engine from both my windows vm and my MAC.
Louis -<<—->>- Louis Bohm louisbohm@gmail.com
<https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>
On May 28, 2020, at 12:03 PM, Strahil Nikolov <hunter86_bg@yahoo.com> wrote:
Are you in the same network segment as the Engine ? Maybe there is a firewall preventing you to reach port 6100/tcp . What is the output from ncat -v engine-FQDN 6100
Best Regards, Strahil Nikolov
На 27 май 2020 г. 18:48:31 GMT+03:00, Louis Bohm <louisbohm@gmail.com <mailto:louisbohm@gmail.com>> написа:
I am running MAC OS X but I was able to import the CA Cert and I can see it in my Keychain. However, when I try to bring up the console I get: Can't connect to websocket proxy server wss://lfg-kvm.corp.lfg.com:6100 <wss://lfg-kvm.corp.lfg.com:6100/>. Please check that: websocket proxy service is running, firewalls are properly set, websocket proxy certificate is trusted by your browser. Default CA certificate
<https://lfg-kvm.corp.lfgardens.com/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA <https://lfg-kvm.corp.lfgardens.com/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA>>.
Louis -<<—->>- Louis Bohm louisbohm@gmail.com <mailto:louisbohm@gmail.com>
<https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/publ... <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>>
<https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/publ... <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>>
On May 27, 2020, at 11:01 AM, Scott Dickerson <sdickers@redhat.com
wrote:
On Wed, May 27, 2020 at 7:42 AM Louis Bohm <louisbohm@gmail.com
<mailto:louisbohm@gmail.com> <mailto:louisbohm@gmail.com <mailto:louisbohm@gmail.com>>> wrote:
OS: Oracle Linux 7.8 (unbreakable kernel) Using Oracle Linux Virtualization Manager: Software Version:4.3.6.6-1.0.9.el7
Since I am running all of it on one physical machine I opted to install the ovirt-engine using the accept defaults option.
When I try to start a noVNC console I see this in the messages file: May 26 16:49:12 lfg-kvm saslpasswd2: Could not find keytab file: /etc/qemu/krb5.tab: No such file or directory May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:14 lfg-kvm journal: 2020-05-26 16:49:14,704-0400 ovirt-websocket-proxy: INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618) May 26 16:49:14 lfg-kvm ovirt-websocket-proxy.py: ovirt-websocket-proxy[14582] INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618)
I have checked the following: [root@lfg-kvm ~]# engine-config -g WebSocketProxy WebSocketProxy: lfg-kvm.corp.lfg.com:6100 <http://lfg-kvm.corp.lfg.com:6100/> <http://lfg-kvm.corp.lfg.com:6100/ <http://lfg-kvm.corp.lfg.com:6100/>> version: general [root@lfg-kvm ~]# engine-config -g SpiceProxyDefault SpiceProxyDefault: http://lfg-kvm.corp.lfg.com:6100 <http://lfg-kvm.corp.lfg.com:6100/> <http://lfg-kvm.corp.lfg.com:6100/ <http://lfg-kvm.corp.lfg.com:6100/>> version: general
This is a brand new install.
I also am unable to get a VNC console up and running. I have tried with an Ubuntu VM running on my MAC where I installed virt-manager. The viewer comes up for a second says it cannot connect and then shutsdown.
If you're only using noVNC, then you need to make sure you import
CA Cert and trust it in your browser. There is no way to interactively accept the self-signed cert from the engine when noVNC connects via
<mailto:sdickers@redhat.com>> the the
websocket proxy.
Anyone have any clue? -<<—->>- Louis Bohm louisbohm@gmail.com <mailto:louisbohm@gmail.com>
<mailto:louisbohm@gmail.com <mailto:louisbohm@gmail.com>>
<https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/publ... <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>>
<https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/publ... <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>>
_______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> <mailto:users@ovirt.org <mailto:users@ovirt.org>> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org> <mailto:users-leave@ovirt.org <mailto:users-leave@ovirt.org>> Privacy Statement: https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html> <https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html>> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> <https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/>> List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM6LUVF2WC2UW5JQCNCX/>
<https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM6LUVF2WC2UW5JQCNCX/>>
-- Scott Dickerson Senior Software Engineer RHV-M Engineering - UX Team Red Hat, Inc

So as I said before I added the CA cert to my MAC (and I can see it in the MAC’s Keychain). But its still not working. For humor I will try adding the CA to my Windows VM and see if that produces a different result. Louis -<<—->>- Louis Bohm louisbohm@gmail.com <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>
On May 27, 2020, at 11:01 AM, Scott Dickerson <sdickers@redhat.com> wrote:
On Wed, May 27, 2020 at 7:42 AM Louis Bohm <louisbohm@gmail.com <mailto:louisbohm@gmail.com>> wrote: OS: Oracle Linux 7.8 (unbreakable kernel) Using Oracle Linux Virtualization Manager: Software Version:4.3.6.6-1.0.9.el7
Since I am running all of it on one physical machine I opted to install the ovirt-engine using the accept defaults option.
When I try to start a noVNC console I see this in the messages file: May 26 16:49:12 lfg-kvm saslpasswd2: Could not find keytab file: /etc/qemu/krb5.tab: No such file or directory May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:14 lfg-kvm journal: 2020-05-26 16:49:14,704-0400 ovirt-websocket-proxy: INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618) May 26 16:49:14 lfg-kvm ovirt-websocket-proxy.py: ovirt-websocket-proxy[14582] INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618)
I have checked the following: [root@lfg-kvm ~]# engine-config -g WebSocketProxy WebSocketProxy: lfg-kvm.corp.lfg.com:6100 <http://lfg-kvm.corp.lfg.com:6100/> version: general [root@lfg-kvm ~]# engine-config -g SpiceProxyDefault SpiceProxyDefault: http://lfg-kvm.corp.lfg.com:6100 <http://lfg-kvm.corp.lfg.com:6100/> version: general
This is a brand new install.
I also am unable to get a VNC console up and running. I have tried with an Ubuntu VM running on my MAC where I installed virt-manager. The viewer comes up for a second says it cannot connect and then shutsdown.
If you're only using noVNC, then you need to make sure you import the CA Cert and trust it in your browser. There is no way to interactively accept the self-signed cert from the engine when noVNC connects via the websocket proxy.
Anyone have any clue? -<<—->>- Louis Bohm louisbohm@gmail.com <mailto:louisbohm@gmail.com> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> _______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org> Privacy Statement: https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM6LUVF2WC2UW5JQCNCX/>
-- Scott Dickerson Senior Software Engineer RHV-M Engineering - UX Team Red Hat, Inc

If it’s the issue I’m thinking of it’s because Apple Mojave started rejecting carts that have a validity date shorter than a certain period of time which ovirt ca does not follow. I posted another message on this group about it a little while ago and I think a bug report was made. The only way I can get novnc to work in Mac is by using Firefox and making sure the ca is imported and trusted by Firefox. I cannot get it to work with safari or chrome. On Thu, May 28, 2020 at 8:08 AM Louis Bohm <louisbohm@gmail.com> wrote:
So as I said before I added the CA cert to my MAC (and I can see it in the MAC’s Keychain). But its still not working. For humor I will try adding the CA to my Windows VM and see if that produces a different result.
Louis -<<—->>- Louis Bohm louisbohm@gmail.com
<https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>
<https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>
On May 27, 2020, at 11:01 AM, Scott Dickerson <sdickers@redhat.com> wrote:
On Wed, May 27, 2020 at 7:42 AM Louis Bohm <louisbohm@gmail.com> wrote:
OS: Oracle Linux 7.8 (unbreakable kernel) Using Oracle Linux Virtualization Manager: Software Version:4.3.6.6-1.0.9.el7
Since I am running all of it on one physical machine I opted to install the ovirt-engine using the accept defaults option.
When I try to start a noVNC console I see this in the messages file:
May 26 16:49:12 lfg-kvm saslpasswd2: Could not find keytab file: /etc/qemu/krb5.tab: No such file or directory May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:14 lfg-kvm journal: 2020-05-26 16:49:14,704-0400 ovirt-websocket-proxy: INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618) May 26 16:49:14 lfg-kvm ovirt-websocket-proxy.py: ovirt-websocket-proxy[14582] INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618)
I have checked the following:
[root@lfg-kvm ~]# engine-config -g WebSocketProxy WebSocketProxy: lfg-kvm.corp.lfg.com:6100 version: general [root@lfg-kvm ~]# engine-config -g SpiceProxyDefault SpiceProxyDefault: http://lfg-kvm.corp.lfg.com:6100 version: general
This is a brand new install.
I also am unable to get a VNC console up and running. I have tried with an Ubuntu VM running on my MAC where I installed virt-manager. The viewer comes up for a second says it cannot connect and then shutsdown.
If you're only using noVNC, then you need to make sure you import the CA Cert and trust it in your browser. There is no way to interactively accept the self-signed cert from the engine when noVNC connects via the websocket proxy.
Anyone have any clue? -<<—->>- Louis Bohm louisbohm@gmail.com
<https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>
<https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM...
-- Scott Dickerson Senior Software Engineer RHV-M Engineering - UX Team Red Hat, Inc
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/WLZEDVEV5E4XTE...

Here is the bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1832210 On Thu, May 28, 2020 at 8:23 AM Jayme <jaymef@gmail.com> wrote:
If it’s the issue I’m thinking of it’s because Apple Mojave started rejecting carts that have a validity date shorter than a certain period of time which ovirt ca does not follow. I posted another message on this group about it a little while ago and I think a bug report was made.
The only way I can get novnc to work in Mac is by using Firefox and making sure the ca is imported and trusted by Firefox. I cannot get it to work with safari or chrome.
On Thu, May 28, 2020 at 8:08 AM Louis Bohm <louisbohm@gmail.com> wrote:
So as I said before I added the CA cert to my MAC (and I can see it in the MAC’s Keychain). But its still not working. For humor I will try adding the CA to my Windows VM and see if that produces a different result.
Louis -<<—->>- Louis Bohm louisbohm@gmail.com
<https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>
<https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>
On May 27, 2020, at 11:01 AM, Scott Dickerson <sdickers@redhat.com> wrote:
On Wed, May 27, 2020 at 7:42 AM Louis Bohm <louisbohm@gmail.com> wrote:
OS: Oracle Linux 7.8 (unbreakable kernel) Using Oracle Linux Virtualization Manager: Software Version:4.3.6.6-1.0.9.el7
Since I am running all of it on one physical machine I opted to install the ovirt-engine using the accept defaults option.
When I try to start a noVNC console I see this in the messages file:
May 26 16:49:12 lfg-kvm saslpasswd2: Could not find keytab file: /etc/qemu/krb5.tab: No such file or directory May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:14 lfg-kvm journal: 2020-05-26 16:49:14,704-0400 ovirt-websocket-proxy: INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618) May 26 16:49:14 lfg-kvm ovirt-websocket-proxy.py: ovirt-websocket-proxy[14582] INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618)
I have checked the following:
[root@lfg-kvm ~]# engine-config -g WebSocketProxy WebSocketProxy: lfg-kvm.corp.lfg.com:6100 version: general [root@lfg-kvm ~]# engine-config -g SpiceProxyDefault SpiceProxyDefault: http://lfg-kvm.corp.lfg.com:6100 version: general
This is a brand new install.
I also am unable to get a VNC console up and running. I have tried with an Ubuntu VM running on my MAC where I installed virt-manager. The viewer comes up for a second says it cannot connect and then shutsdown.
If you're only using noVNC, then you need to make sure you import the CA Cert and trust it in your browser. There is no way to interactively accept the self-signed cert from the engine when noVNC connects via the websocket proxy.
Anyone have any clue? -<<—->>- Louis Bohm louisbohm@gmail.com
<https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>
<https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM...
-- Scott Dickerson Senior Software Engineer RHV-M Engineering - UX Team Red Hat, Inc
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/WLZEDVEV5E4XTE...

On my Windows 10 VM I imported the CA to the Machine, FF and Chrome. I tried FF, Chrome and Edge. All of them still say that the cert is not valid when I go to the site. All of them say that they are unable to contact the server at port 6100. However, I have verified that port 6100 is open using telnet from both my MAC and Windows VM. So no clue what’s wrong? Is there one specific logfile I should be looking at to see what the error is? Louis -<<—->>- Louis Bohm louisbohm@gmail.com <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>
On May 28, 2020, at 7:24 AM, Jayme <jaymef@gmail.com> wrote:
Here is the bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1832210 <https://bugzilla.redhat.com/show_bug.cgi?id=1832210>
On Thu, May 28, 2020 at 8:23 AM Jayme <jaymef@gmail.com <mailto:jaymef@gmail.com>> wrote: If it’s the issue I’m thinking of it’s because Apple Mojave started rejecting carts that have a validity date shorter than a certain period of time which ovirt ca does not follow. I posted another message on this group about it a little while ago and I think a bug report was made.
The only way I can get novnc to work in Mac is by using Firefox and making sure the ca is imported and trusted by Firefox. I cannot get it to work with safari or chrome.
On Thu, May 28, 2020 at 8:08 AM Louis Bohm <louisbohm@gmail.com <mailto:louisbohm@gmail.com>> wrote: So as I said before I added the CA cert to my MAC (and I can see it in the MAC’s Keychain). But its still not working. For humor I will try adding the CA to my Windows VM and see if that produces a different result.
Louis -<<—->>- Louis Bohm louisbohm@gmail.com <mailto:louisbohm@gmail.com>
<vmware-certified-professional-6-5-data-center-virtualization.1.png> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>
On May 27, 2020, at 11:01 AM, Scott Dickerson <sdickers@redhat.com <mailto:sdickers@redhat.com>> wrote:
On Wed, May 27, 2020 at 7:42 AM Louis Bohm <louisbohm@gmail.com <mailto:louisbohm@gmail.com>> wrote: OS: Oracle Linux 7.8 (unbreakable kernel) Using Oracle Linux Virtualization Manager: Software Version:4.3.6.6-1.0.9.el7
Since I am running all of it on one physical machine I opted to install the ovirt-engine using the accept defaults option.
When I try to start a noVNC console I see this in the messages file: May 26 16:49:12 lfg-kvm saslpasswd2: Could not find keytab file: /etc/qemu/krb5.tab: No such file or directory May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:14 lfg-kvm journal: 2020-05-26 16:49:14,704-0400 ovirt-websocket-proxy: INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618) May 26 16:49:14 lfg-kvm ovirt-websocket-proxy.py: ovirt-websocket-proxy[14582] INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618)
I have checked the following: [root@lfg-kvm ~]# engine-config -g WebSocketProxy WebSocketProxy: lfg-kvm.corp.lfg.com:6100 <http://lfg-kvm.corp.lfg.com:6100/> version: general [root@lfg-kvm ~]# engine-config -g SpiceProxyDefault SpiceProxyDefault: http://lfg-kvm.corp.lfg.com:6100 <http://lfg-kvm.corp.lfg.com:6100/> version: general
This is a brand new install.
I also am unable to get a VNC console up and running. I have tried with an Ubuntu VM running on my MAC where I installed virt-manager. The viewer comes up for a second says it cannot connect and then shutsdown.
If you're only using noVNC, then you need to make sure you import the CA Cert and trust it in your browser. There is no way to interactively accept the self-signed cert from the engine when noVNC connects via the websocket proxy.
Anyone have any clue? -<<—->>- Louis Bohm louisbohm@gmail.com <mailto:louisbohm@gmail.com> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> _______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org> Privacy Statement: https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM6LUVF2WC2UW5JQCNCX/>
-- Scott Dickerson Senior Software Engineer RHV-M Engineering - UX Team Red Hat, Inc
_______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org> Privacy Statement: https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/WLZEDVEV5E4XTE... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/WLZEDVEV5E4XTEM4Y6M4W3VJ4ODSISUS/>

Odd. I normally have issues like that with FF and Chrome but Safari does work for me in those cases. Anyway, I pulled up my Windows 10 VM on my MAC and tried Chrome there after importing the CA. Still same result. So I think its something else. Louis -<<—->>- Louis Bohm louisbohm@gmail.com <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>
On May 28, 2020, at 7:23 AM, Jayme <jaymef@gmail.com> wrote:
If it’s the issue I’m thinking of it’s because Apple Mojave started rejecting carts that have a validity date shorter than a certain period of time which ovirt ca does not follow. I posted another message on this group about it a little while ago and I think a bug report was made.
The only way I can get novnc to work in Mac is by using Firefox and making sure the ca is imported and trusted by Firefox. I cannot get it to work with safari or chrome.
On Thu, May 28, 2020 at 8:08 AM Louis Bohm <louisbohm@gmail.com <mailto:louisbohm@gmail.com>> wrote: So as I said before I added the CA cert to my MAC (and I can see it in the MAC’s Keychain). But its still not working. For humor I will try adding the CA to my Windows VM and see if that produces a different result.
Louis -<<—->>- Louis Bohm louisbohm@gmail.com <mailto:louisbohm@gmail.com>
<vmware-certified-professional-6-5-data-center-virtualization.1.png> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url>
On May 27, 2020, at 11:01 AM, Scott Dickerson <sdickers@redhat.com <mailto:sdickers@redhat.com>> wrote:
On Wed, May 27, 2020 at 7:42 AM Louis Bohm <louisbohm@gmail.com <mailto:louisbohm@gmail.com>> wrote: OS: Oracle Linux 7.8 (unbreakable kernel) Using Oracle Linux Virtualization Manager: Software Version:4.3.6.6-1.0.9.el7
Since I am running all of it on one physical machine I opted to install the ovirt-engine using the accept defaults option.
When I try to start a noVNC console I see this in the messages file: May 26 16:49:12 lfg-kvm saslpasswd2: Could not find keytab file: /etc/qemu/krb5.tab: No such file or directory May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:12 lfg-kvm saslpasswd2: error deleting entry from sasldb: BDB0073 DB_NOTFOUND: No matching key/data pair found May 26 16:49:14 lfg-kvm journal: 2020-05-26 16:49:14,704-0400 ovirt-websocket-proxy: INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618) May 26 16:49:14 lfg-kvm ovirt-websocket-proxy.py: ovirt-websocket-proxy[14582] INFO msg:824 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:618)
I have checked the following: [root@lfg-kvm ~]# engine-config -g WebSocketProxy WebSocketProxy: lfg-kvm.corp.lfg.com:6100 <http://lfg-kvm.corp.lfg.com:6100/> version: general [root@lfg-kvm ~]# engine-config -g SpiceProxyDefault SpiceProxyDefault: http://lfg-kvm.corp.lfg.com:6100 <http://lfg-kvm.corp.lfg.com:6100/> version: general
This is a brand new install.
I also am unable to get a VNC console up and running. I have tried with an Ubuntu VM running on my MAC where I installed virt-manager. The viewer comes up for a second says it cannot connect and then shutsdown.
If you're only using noVNC, then you need to make sure you import the CA Cert and trust it in your browser. There is no way to interactively accept the self-signed cert from the engine when noVNC connects via the websocket proxy.
Anyone have any clue? -<<—->>- Louis Bohm louisbohm@gmail.com <mailto:louisbohm@gmail.com> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> <https://www.youracclaim.com/badges/f11e0d65-21ad-4458-895b-2c5b5cb11134/public_url> _______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org> Privacy Statement: https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/U66GSTI4QJSGPM6LUVF2WC2UW5JQCNCX/>
-- Scott Dickerson Senior Software Engineer RHV-M Engineering - UX Team Red Hat, Inc
_______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org> Privacy Statement: https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/WLZEDVEV5E4XTE... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/WLZEDVEV5E4XTEM4Y6M4W3VJ4ODSISUS/>
participants (4)
-
Jayme
-
Louis Bohm
-
Scott Dickerson
-
Strahil Nikolov