[ovirt-users] Unable to login to the WEB UI

Fabrice Bacchella fabrice.bacchella at icloud.com
Wed Aug 10 22:50:02 UTC 2016


I'm not sure it's a good idea if you're running 4.0. This procedure does half of the job as it don't touch the custom java trust store and missing parts are mandatory for ovirt 4. So I'm now stuck with an unreachable UI after
an upgrade and I don't know if I can roll back. 

> Le 10 août 2016 à 17:30, Marcelo Leandro <marceloltmm at gmail.com> a écrit :
> 
> Good morning ,
> 
> "You need to have correctly set up engine FQDN and it has to be resolvable. If you don't have correctly set engine FQDN, you can fix that ​​using ovirt​-engine-rename tool, more info can be found at:
> 
> https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/ <https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/> "
> 
> can I make the procedure with host and vms in production?
> 
> Thanks.
> 
> 2016-08-03 14:34 GMT-03:00 Martin Perina <mperina at redhat.com <mailto:mperina at redhat.com>>:
> 
> 
> On Wed, Aug 3, 2016 at 5:25 PM, Fabrice Bacchella <fabrice.bacchella at icloud.com <mailto:fabrice.bacchella at icloud.com>> wrote:
> Next step :
> 
> The UI says, even with a restarted navigator:
> 
> org.codehaus.jackson.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null') at [Source: java.io.StringReader at 74749f78; line: 3, column: 2]
> 
> ​I haven't seen this error before, could you please share server.log and engine.log?
>> 
> 
> I shift-reload, got a welcome screen, click on "Administration portal". I then got a warning. The vhost for ovirt is "ovirt.mydomain", but I got a redirect to:
> https://ovirt.mydomain/ovirt-engine/webadmin/sso/login?&app_url=https%3A%2F%2Fovirt.mydomain%2Fovirt-engine%2Fwebadmin%2F%3Flocale%3Den_US&locale=en_US <https://ovirt.mydomain/ovirt-engine/webadmin/sso/login?&app_url=https%3A%2F%2Fovirt.mydomain%2Fovirt-engine%2Fwebadmin%2F%3Flocale%3Den_US&locale=en_US>
> that then redirect to:
> https://realhost.mydomain:443/ovirt-engine/sso/oauth/authorize?client_id=ovirt-engine-core&response_type=code&redirect_uri=https%3A%2F%2Fovirt.mydomain%3A443%2Fovirt-engine%2Fwebadmin%2Fsso%2Foauth2-callback&scope=ovirt-app-admin+ovirt-app-portal+ovirt-ext%3Dauth%3Asequence-priority%3D%7E&state=5ku3vXkfb10 <https://realhost.mydomain/ovirt-engine/sso/oauth/authorize?client_id=ovirt-engine-core&response_type=code&redirect_uri=https%3A%2F%2Fovirt.mydomain%3A443%2Fovirt-engine%2Fwebadmin%2Fsso%2Foauth2-callback&scope=ovirt-app-admin+ovirt-app-portal+ovirt-ext%3Dauth%3Asequence-priority%3D%7E&state=5ku3vXkfb10>
> 
> And it fail with again with still:
> org.codehaus.jackson.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null') at [Source: java.io.StringReader at 328a4512; line: 3, column: 2]​ 
> 
> Many requests were send to ovirt.mydomain, but just one to realhost.mydomain:443, I don't know why.
> 
> ​You need to have correctly set up engine FQDN and it has to be resolvable. If you don't have correctly set engine FQDN, you can fix that ​​using ovirt​-engine-rename tool, more info can be found at:
> 
> https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/ <https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/>
> 
> Also be aware that you need to use that engine FQDN to access oVirt 4.0
> 
> 
> I didn't ask for any SSO, I already use my own (CAS), it was working well and the update never ask for activating something new.
> 
> ​This is one of the oVirt 4.0 features​, we have implemented OAUTH SSO for all engine parts: webadmin, userportal and restapi. If you are using CAS (althought it's officially supported by oVirt), that probably means you have configured cas authentication on Apache, passing authenticated username using aaa-misc as authn extension and aaa-ldap as authz extension (to get group memberships for authenticated user). If that's true then please take a look at 
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1342192 <https://bugzilla.redhat.com/show_bug.cgi?id=1342192>
> 
> there are some changes on Apache configuration (the bug is for kerberos, but I suspect similar config is needed also for cas module in apache).
> 
> 
> 
> > Le 3 août 2016 à 15:09, Martin Perina <mperina at redhat.com <mailto:mperina at redhat.com>> a écrit :
> >
> > Hi,
> > please follow steps as described in BZ:
> >
> > 1. Create /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf (you may choose different filename but it has to end with '.conf' suffix) with following content:
> >
> >   ENGINE_HTTPS_PKI_TRUST_STORE="<full path to your java keystore>"
> >   ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="<password to your java keystore>"
> >
> > 2. Restart the engine
> >
> > If the above doesn't work please attach server.log/engine.log
> >
> > Thanks
> >
> > Martin Perina
> 
> 
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org <mailto:Users at ovirt.org>
> http://lists.ovirt.org/mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users>
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160811/31523c47/attachment-0001.html>


More information about the Users mailing list