[lago-devel] Lago - Installation help needed

Yedidyah Bar David didi at redhat.com
Thu Sep 29 08:30:35 UTC 2016 

On Thu, Sep 29, 2016 at 11:28 AM, Yedidyah Bar David <didi at redhat.com> wrote:
> On Thu, Sep 29, 2016 at 10:59 AM, Nicolas Ecarnot <nicolas at ecarnot.net> wrote:
>> Le 29/09/2016 à 08:36, Yedidyah Bar David a écrit :
>>>
>>> On Wed, Sep 28, 2016 at 11:07 PM, Nicolas Ecarnot <nicolas at ecarnot.net>
>>> wrote:
>>>>
>>>> Le 28/09/2016 à 20:47, Yaniv Kaul a écrit :
>>>>
>>>>
>>>>> Apart that, by connecting into the engine VM, I saw that the engine
>>>>> process was running, so I tried to access the web GUI, by running an SSH
>>>>> connection to the bare-metal host :
>>>>> ssh -L 8443:192.168.200.4:443 root at serv-hv-dev01.sdis.isere.fr
>>>>>
>>>>>
>>>>> Accessing https://localhost:8443/ is working, but when trying to access
>>>>> the login screen, I'm left with :
>>>>> "The client is not authorized to request an authorization. It's required
>>>>> to access the system using FQDN."
>>>>
>>>>
>>>>
>>>> Add to your /etc/hosts
>>>> 192.168.200.4 engine
>>>>
>>>> And connect to https://engine
>>>>
>>>>
>>>> Yaniv,
>>>>
>>>>  If you mean : "Change the /etc/hosts of the bare-metal server which is
>>>> running Lago", I already tried that :
>>>>
>>>> root at serv-hv-dev01:/etc# cat /etc/hosts
>>>> 127.0.0.1   localhost localhost.localdomain localhost4
>>>> localhost4.localdomain4
>>>> ::1         localhost localhost.localdomain localhost6
>>>> localhost6.localdomain6
>>>> 192.168.200.4    engine lago-basic-suite-4-0-engine.lago.local
>>>>
>>>> And of course, I adapted the "ssh -L" connection according to it :
>>>> ssh -L 8443:engine:443 root at serv-hv-dev01
>>>> or
>>>> ssh -L 8443:lago-basic-suite-4-0-engine.lago.local:443 root at serv-hv-dev01
>>>>
>>>> If you mean to change the /etc/hosts of the computer I'm initiating the
>>>> ssh
>>>> connection from, it does not seem relevant as it can not reach the
>>>> internal
>>>> 192.168.200/24 virtual subnet.
>>>
>>>
>>> You can do something like this:
>>>
>>> Add to your client's /etc/hosts:
>>>
>>> 127.0.3.1 engine
>>>
>>> And then:
>>>
>>> ssh -L engine:8443:lago-basic-suite-4-0-engine.lago.local:443
>>> root at serv-hv-dev01
>>
>>
>> Hello,
>>
>> Been there, tried that : to no avail.
>>
>> In the engine log, I see :
>>
>> 2016-09-29 03:35:15,236 DEBUG [org.ovirt.engine.core.sso.utils.SsoUtils]
>> (default task-13) [] Parameter app_url not found request, using default
>> value
>> 2016-09-29 03:35:15,236 ERROR [org.ovirt.engine.core.sso.utils.SsoUtils]
>> (default task-13) [] The client is not authorized to request an
>> authorization. It's required to access the system using FQDN.
>> 2016-09-29 03:35:15,236 DEBUG [org.ovirt.engine.core.sso.utils.SsoUtils]
>> (default task-13) [] Exception:
>> org.ovirt.engine.core.sso.utils.OAuthException: The client is not authorized
>> to request an authorization. It's required to access the system using FQDN.
>>         at
>> org.ovirt.engine.core.sso.utils.SsoUtils.validateClientRequest(SsoUtils.java:460)
>> [enginesso.jar:]
>>         at
>> org.ovirt.engine.core.sso.servlets.OAuthAuthorizeServlet.service(OAuthAuthorizeServlet.java:51)
>> [enginesso.jar:]
>>
>>
>>
>> Moreover, reading https://www.ovirt.org/release/4.0.4/ , I see :
>> "it's required to access engine only using the same FQDN which was specified
>> during engine-setup invocation."
>>
>> Isn't it the key of this issue?
>
> Indeed.
>
>> Reading that, should I understand that from the moment this patch was merged
>> in, the "ssh -L" trick could not work anymore?
>
> I still do not understand why not. In your client's browser, just connect to
> https://engine:8443. Does this fail?

If it fails due to the port (no idea), you can try also listening on the
"real" 443 port. If you also have a local httpd already listening on 443,
you'll have to configure it to listen only on specific local addresses, so
that you can have your ssh listen on 443 on the address you use for tunneling.

>
>>
>>
>>
>>>
>>> See also:
>>>
>>> https://bugzilla.redhat.com/show_bug.cgi?id=1325746
>
> You can still try also this one. I didn't yet myself.
>
>>>
>>> I am not aware of lago support for this, patches are likely welcome :-)
>>
>>
>> I would be so glad to be skilled enough to contribute...
>>
>> My skills are limited to testing and reporting.
>
> That's much appreciated as well!
>
> Best,
> --
> Didi



-- 
Didi

More information about the lago-devel mailing list