[ovirt-users] Unable to use the SPICE HTML5 tool

Gianluca Cecchi gianluca.cecchi at gmail.com
Thu Jun 11 10:16:26 UTC 2015


On Thu, Jun 11, 2015 at 11:57 AM, <nicolas at devels.es> wrote:

> El 2015-06-11 08:55, Simone Tiraboschi escribió:
>
>>
>>
> Indeed, checking the Javascript console I discovered where the culprit is.
> This ovirt engine machine had formerly a FQDN that was changed afterwards
> (I used the .../setup/bin/ovirt-engine-rename script), so at installation
> time, SSL certs were issued for that FQDN. The ovirt-engine-rename script
> regenerated the engine certs, but seems that it didn't do the work for the
> websocket proxy, so the old FQDN cert is still used and a connection cannot
> be established with the daemon (logically, due to the mismatch). I can't
> find any documentation on how to regenerate the websocket proxy cert,
> though. Is there some script for that, or at least some manual way to
> accomplish it?
>
> Thanks for your help.
>
>
>

Based on an environment in 3.3.2 I solved a situation with webSocketProxy
Enabled only after original install + update thanks to Alon advises.

See full lthread here:
http://lists.ovirt.org/pipermail/users/2013-December/018554.html

Possibly it can apply to your environment too

You could do the following:

1. remove

In /etc/pki/ovirt-engine/keys/:
websocket-proxy.key.nopass
websocket-proxy.p12

In /etc/pki/ovirt-engine/certs/:
websocket-proxy.cer


2. run setup using:

# engine-setup --otopi-environment="OVESETUP_CONFIG/websocketProxyConfig=
bool:True"

and this should create websocket proxy certificates/keys in correct way....

Be sure to make backups and verify better, in particular it this is a
production environment.
HIH,
Gianluca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20150611/accb2ddc/attachment-0001.html>


More information about the Users mailing list