Hi Callum, We figured it out. Please see https://github.com/oVirt/ovirt-web-ui/issues/938#issuecomment-464067457 Let me know if that helps? Greg On Tue, Jan 29, 2019 at 8:31 PM Greg Sheremeta <gshereme@redhat.com> wrote:
Hey,
https://github.com/oVirt/ovirt-web-ui/issues/938
You can follow progress there. Thank you for reporting.
Best wishes, Greg
On Wed, Oct 24, 2018 at 11:41 AM Callum Smith <callum@well.ox.ac.uk> wrote:
Dear Greg,
Here's my config, this is based on the original guide and some other stuff that i found to help make it work. Squid Cache: Version 3.5.20
https_port 443 accel key=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.key cert=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.crt defaultsite=<ovirt engine node> cache_peer <ovirt engine node> parent 443 0 no-query originserver ssl sslcafile=/etc/squid/ca.pem sslflags=DONT_VERIFY_PEER name=engine cache_peer_access engine allow all ssl_bump allow all http_port 3128 acl ovirt_nodes dst <ovirt engine hosts subnet> acl ovirt_engine dstdomain .<ovirt engine node> acl all_ips src 1.1.1.1/1 http_access allow ovirt_nodes ovirt_engine http_access allow all_ips http_access allow all
# Following are from: # https://access.redhat.com/solutions/425693
# Leave coredumps in the first cache dir coredump_dir /var/spool/squid
# RHEV and Spice may leave connections idle for long periods pconn_timeout 12 hours request_timeout 12 hours read_timeout 12 hours
# We need approx 20 open filehandles per spice client max_filedesc 16384
Regards, Callum
--
Callum Smith Research Computing Core Wellcome Trust Centre for Human Genetics University of Oxford e. callum@well.ox.ac.uk
On 3 Oct 2018, at 00:39, Greg Sheremeta <gshereme@redhat.com> wrote:
Hi Callum,
I took a look at this, but got in the weeds pretty quickly with squid configuration. I can help more offline, but it might be a while.
It'll probably be easier if you can provide me exact steps for how I could reproduce. Looks like I need to generate some keys. Can you create and share a simple reproducer?
Greg
On Thu, Sep 20, 2018 at 11:37 AM Callum Smith <callum@well.ox.ac.uk> wrote:
Dear Greg,
Did you manage to get any further with this, reverse proxy is rather critical to this project.
Regards, Callum
--
Callum Smith Research Computing Core Wellcome Trust Centre for Human Genetics University of Oxford e. callum@well.ox.ac.uk
On 6 Aug 2018, at 12:13, Greg Sheremeta <gshereme@redhat.com> wrote:
I'll look into it and get back to you.
On Mon, Aug 6, 2018 at 7:02 AM Callum Smith <callum@well.ox.ac.uk> wrote:
Dear Greg,
So what's the go-to here, it seems so close but something in the API ajax is failing.
Regards, Callum
--
Callum Smith Research Computing Core Wellcome Trust Centre for Human Genetics University of Oxford e. callum@well.ox.ac.uk
On 27 Jul 2018, at 12:21, Greg Sheremeta <gshereme@redhat.com> wrote:
On Fri, Jul 27, 2018 at 4:39 AM Callum Smith <callum@well.ox.ac.uk> wrote:
Dear Greg,
Indeed, always the latest and greatest for us while trying to get this running.
https://www.ovirt.org/documentation/security/squid-reverse-proxy/
Arrggghh, that is referring to the old GWT UserPortal and not the new react-based VM Portal. (I'll delete it / mark it obsolete. I apologize for the out-of-date state of our documentation. I am working on improving it.)
Unfortunately we have never tested VM Portal with squid.
@Lukas Svaty <lsvaty@redhat.com> any chance you or someone on the team can assist?
And the squid.conf file looks like this:
https_port 443 accel key=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.key cert=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.crt defaultsite=ovirtengine.cluster cache_peer ovirtengine.cluster parent 443 0 no-query originserver ssl sslcafile=/etc/squid/ca.pem sslflags=DONT_VERIFY_PEER name=engine cache_peer_access engine allow all ssl_bump allow all http_port 3128 acl ovirt_nodes dst 192.168.64.0/24 acl ovirt_engine dstdomain .ovirtengine.cluster acl all_ips src 1.1.1.1/1 http_access allow ovirt_nodes ovirt_engine http_access allow all_ips http_access allow all
# Following are from: # https://access.redhat.com/solutions/425693
# Leave coredumps in the first cache dir coredump_dir /var/spool/squid
# RHEV and Spice may leave connections idle for long periods pconn_timeout 12 hours request_timeout 12 hours read_timeout 12 hours
# We need approx 20 open filehandles per spice client max_filedesc 16384
Regards, Callum
--
Callum Smith Research Computing Core Wellcome Trust Centre for Human Genetics University of Oxford e. callum@well.ox.ac.uk
On 27 Jul 2018, at 01:15, Greg Sheremeta <gshereme@redhat.com> wrote:
From your other thread, I'm guessing 4.2.4.
Can you send the link to the squid guide you used?
On Wed, Jul 25, 2018 at 7:55 PM Greg Sheremeta <gshereme@redhat.com> wrote:
Hi Callum,
What version of ovirt-web-ui is this?
Greg
On Wed, Jul 18, 2018 at 7:12 AM Callum Smith <callum@well.ox.ac.uk> wrote:
> Dear All, > > Those error logs are relevant only to another issue, please ignore. > > There appears to be a problem to do with authentication through the > squid proxy though, which presents differently in Safari and Firefox: > > > Sorry for the screenshots but its the only way i can extract this > data due to the page-refresh. > > Regards, > Callum > > -- > > Callum Smith > Research Computing Core > Wellcome Trust Centre for Human Genetics > University of Oxford > e. callum@well.ox.ac.uk > > On 18 Jul 2018, at 10:54, Callum Smith <callum@well.ox.ac.uk> wrote: > > Dear All, > > Some relevant error logs: > > 2018-07-18 10:51:33,554+01 INFO > [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-9) > [557ca876] Running command > : CreateUserSessionCommand internal: false. > 2018-07-18 10:51:33,575+01 INFO > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > (default task-9) [557ca876] E > VENT_ID: USER_VDC_LOGIN(30), User callum@Biomedical Research > Computing connecting from '192.168.1.241' using session 'wiWA25wdaRP1zay > iyTSGBJKpvi89LdzgKqeX12BcZhNVhpV2BIA+zkAnT50xOSDglxnhfAi3S2ZiODls8JYFUA==' > logged in. > 2018-07-18 10:51:34,135+01 ERROR > [org.ovirt.engine.core.bll.GetSystemStatisticsQuery] (default task-5) > [8d830cdb-fc11-4e68-94e6-73309 > 65c4488] Query execution failed due to insufficient permissions. > 2018-07-18 10:51:34,205+01 ERROR > [org.ovirt.engine.core.bll.GetPermissionsForObjectQuery] (default task-26) > [ba1825f1-60fb-44cd-8b57- > ea701cf698c0] Query execution failed due to insufficient permissions. > 2018-07-18 10:51:34,242+01 ERROR > [org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default > task-26) [] Operation Faile > d: query execution failed due to insufficient permissions. > 2018-07-18 10:51:34,389+01 ERROR > [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] > (default task-17) [02965366 > -44b0-4370-ab83-4781065e46c2] Query execution failed due to > insufficient permissions. > 2018-07-18 10:51:34,393+01 ERROR > [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] > (default task-17) [02965366 > -44b0-4370-ab83-4781065e46c2] Query execution failed due to > insufficient permissions. > 2018-07-18 10:51:34,394+01 ERROR > [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] > (default task-17) [02965366 > -44b0-4370-ab83-4781065e46c2] Query execution failed due to > insufficient permissions. > 2018-07-18 10:51:34,396+01 ERROR > [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] > (default task-17) [02965366 > -44b0-4370-ab83-4781065e46c2] Query execution failed due to > insufficient permissions. > 2018-07-18 10:51:59,195+01 WARN > [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-18) > [7881a832] User '9386d6f5-f172-4cdb > -abca-62492a357888' is trying to take the console of virtual machine > 'ddb23e0a-01d5-403c-89ab-37c400d2c938', but the console is alrea > dy taken by user 'd021fc10-4f7c-11e8-88cb-00163e6a7aff'. > 2018-07-18 10:51:59,197+01 INFO > [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-18) > [7881a832] No permission found for > user '9386d6f5-f172-4cdb-abca-62492a357888' or one of the groups he > is member of, when running action 'SetVmTicket', Required permiss > ions are: Action type: 'USER' Action group: 'RECONNECT_TO_VM' Object > type: 'VM' Object ID: 'ddb23e0a-01d5-403c-89ab-37c400d2c938'. > 2018-07-18 10:51:59,197+01 WARN > [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-18) > [7881a832] Validation of action 'Se > tVmTicket' failed for user callum@Biomedical Research Computing. > Reasons: VAR__ACTION__SET,VAR__TYPE__VM_TICKET,USER_CANNOT_FORCE_REC > ONNECT_TO_VM > 2018-07-18 10:51:59,198+01 ERROR > [org.ovirt.engine.api.restapi.resource.BackendVmGraphicsConsoleResource] > (default task-18) [] Operat > ion Failed: USER_CANNOT_FORCE_RECONNECT_TO_VM > > Seems like there's a permission missing in there - this is a newly > attached LDAP group. > > Regards, > Callum > > -- > > Callum Smith > Research Computing Core > Wellcome Trust Centre for Human Genetics > University of Oxford > e. callum@well.ox.ac.uk > > On 17 Jul 2018, at 10:02, Callum Smith <callum@well.ox.ac.uk> wrote: > > Dear All, > > Does anyone know how to set such options in the web-ui? > > Regards, > Callum > > -- > > Callum Smith > Research Computing Core > Wellcome Trust Centre for Human Genetics > University of Oxford > e. callum@well.ox.ac.uk > > On 12 Jul 2018, at 11:09, Callum Smith <callum@well.ox.ac.uk> wrote: > > Dear oVirt Gurus, > > Using the oVirt user VM portal seems to not work through the squid > proxy setup (configured as per the guide). The page loads and login works > fine through the proxy, but the asynchronous requests just hang. I've > attached a screenshot, but you can see the "api" endpoint just hanging in a > web inspector: > "https://proxyfqdn/ovirt-engine/api/" > > <Screen Shot 2018-07-12 at 11.06.50.png> > > This works fine when not going through the proxy. > > Is there a way to force noVNC HTML as the console mode through the > web-ui, or at least have it as an option if not default? > > The console seems not to work when logged in with a base 'user role'. > > Regards, > Callum > > -- > > Callum Smith > Research Computing Core > Wellcome Trust Centre for Human Genetics > University of Oxford > e. callum@well.ox.ac.uk > > _______________________________________________ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-leave@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/VZIGGZZ2IIHBZ6... > > > _______________________________________________ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-leave@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/7NBOGYVL4EAH4Q... > > > _______________________________________________ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-leave@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/XSH4JVJPKMWWSO... > > > _______________________________________________ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-leave@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/RYFQ2ZGCERCNSE... >
-- GREG SHEREMETA
SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX Red Hat NA
gshereme@redhat.com IRC: gshereme <https://red.ht/sig>
-- GREG SHEREMETA
SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX Red Hat NA
gshereme@redhat.com IRC: gshereme <https://red.ht/sig>
-- GREG SHEREMETA
SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX Red Hat NA
gshereme@redhat.com IRC: gshereme <https://red.ht/sig>
-- GREG SHEREMETA
SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX Red Hat NA
gshereme@redhat.com IRC: gshereme <https://red.ht/sig>
-- GREG SHEREMETA
SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX Red Hat NA
gshereme@redhat.com IRC: gshereme <https://red.ht/sig>
--
GREG SHEREMETA
SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX
Red Hat NA
gshereme@redhat.com IRC: gshereme <https://red.ht/sig>
-- GREG SHEREMETA SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX Red Hat NA <https://www.redhat.com/> gshereme@redhat.com IRC: gshereme <https://red.ht/sig>