[ovirt-devel] [ovirt-users] [OVIRT-3.5-TEST-DAY-3] Optaplanner

Martin Sivak msivak at redhat.com
Mon Sep 22 12:04:32 UTC 2014 

> Disabling mixed "active" content in browser is not a proper solution.
> UI plugin should load its content in a way that is compatible with
> protocol (i.e. HTTPS) used for enclosing page.

It is the only solution when the remote service does not support SSL. We might include SSL in some later version, but not for 3.5.

> Loading HTTP content in HTTPS page is considered security vulnerability
> and should be avoided. By default, Firefox blocks mixed "active" content.

I noticed and there is nothing I can do about that, but I never saw the rationale for that. Although I can see how M-i-M could compromise https page if handled poorly.

> This happens when WebAdmin page is loaded as HTTPS and UI plugin uses
> "active" content (XHR object, <script> etc.) that loads data as HTTP.

JSON is hardly active. But again.. I can't change the browser.

--
Martin Sivák
msivak at redhat.com
Red Hat Czech
RHEV-M SLA / Brno, CZ

----- Original Message -----
> 
> 
> ----- Original Message -----
> > From: "Piotr Kliczewski" <piotr.kliczewski at gmail.com>
> > To: devel at ovirt.org
> > Sent: Wednesday, September 17, 2014 5:25:23 PM
> > Subject: [ovirt-devel] [ovirt-users] [OVIRT-3.5-TEST-DAY-3] Optaplanner
> > 
> > Hi,
> > 
> > I followed deployment manual from [1] and configured two DCs with
> > single cluster each.
> > During configuration of the UI I noticed that in optimizer result tab there
> > was:
> > 
> > Status: Data refresh failed: undefined
> > 
> > with Martin's help we found that when setting
> > 
> > security.mixed_content.block_active_content
> 
> This happens when WebAdmin page is loaded as HTTPS and UI plugin uses
> "active" content (XHR object, <script> etc.) that loads data as HTTP.
> 
> Loading HTTP content in HTTPS page is considered security vulnerability
> and should be avoided. By default, Firefox blocks mixed "active" content.
> 
> More details here: https://support.mozilla.org/en-US/questions/967115
> 
> Disabling mixed "active" content in browser is not a proper solution.
> UI plugin should load its content in a way that is compatible with
> protocol (i.e. HTTPS) used for enclosing page.
> 
> > 
> > to false in FF configuration it works and I can see:
> > 
> > Status: Solution received
> > 
> > During the installation of second host network configuration failed
> > and I opened BZ [2].
> > When I restored network configuration to the host I wanted to
> > provision vms to see optaplanner
> > suggestions but my rhel6 failed to start any vms due to:
> > 
> > Thread-8102::DEBUG::2014-09-17
> > 16:36:16,216::libvirtconnection::143::root::(wrapper) Unknown
> > libvirterror: ecode: 38 edom: 0 level: 2 message: Child quit during
> > startup handshake: Input/output error
> > Thread-8102::DEBUG::2014-09-17
> > 16:36:16,217::vm::2289::vm.Vm::(_startUnderlyingVm)
> > vmId=`9343ea99-4c27-47d3-a4b6-4bd37013ae99`::_ongoingCreations
> > released
> > Thread-8102::ERROR::2014-09-17
> > 16:36:16,217::vm::2326::vm.Vm::(_startUnderlyingVm)
> > vmId=`9343ea99-4c27-47d3-a4b6-4bd37013ae99`::The vm start process
> > failed
> > Traceback (most recent call last):
> >   File "/usr/share/vdsm/virt/vm.py", line 2266, in _startUnderlyingVm
> >     self._run()
> >   File "/usr/share/vdsm/virt/vm.py", line 3368, in _run
> >     self._connection.createXML(domxml, flags),
> >   File "/usr/lib64/python2.6/site-packages/vdsm/libvirtconnection.py",
> > line 111, in wrapper
> >     ret = f(*args, **kwargs)
> >   File "/usr/lib64/python2.6/site-packages/libvirt.py", line 2665, in
> >   createXML
> >     if ret is None:raise libvirtError('virDomainCreateXML() failed',
> >     conn=self)
> > libvirtError: Child quit during startup handshake: Input/output error
> > Thread-8102::DEBUG::2014-09-17
> > 16:36:16,218::vm::2838::vm.Vm::(setDownStatus)
> > vmId=`9343ea99-4c27-47d3-a4b6-4bd37013ae99`::Changed state to Down:
> > Child quit during startup handshake: Input/output error (code=1)
> > 
> > Vdsm is not able to start any vms but engine still thinks that host is
> > 'UP'.
> > 
> > Thanks,
> > Piotr
> > 
> > [1] http://www.ovirt.org/Features/Optaplanner
> > [2] https://bugzilla.redhat.com/show_bug.cgi?id=1142909
> > _______________________________________________
> > Devel mailing list
> > Devel at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/devel
> > 
> _______________________________________________
> Devel mailing list
> Devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/devel
>

More information about the Devel mailing list