[ovirt-users] Unable to login to the WEB UI

Fabrice Bacchella fabrice.bacchella at icloud.com
Fri Aug 12 09:11:38 UTC 2016 

> Le 11 août 2016 à 11:37, Fabrice Bacchella <fabrice.bacchella at icloud.com> a écrit :
> 
> 
>> Le 11 août 2016 à 09:31, Martin Perina <mperina at redhat.com <mailto:mperina at redhat.com>> a écrit :
>> 
>> Hi Fabrice,
>> 
>> so it seems to me that ovirt-engine-rename didn't work as expected, because you have changed ENGINE_FQDN in 10-setup-protocols.conf. We don't support user updates on automatically generated files in /etc/ovirt-engine/engine.conf.d/. Please next time you'd like to change something, change it in 99-custom-???.conf file.
> 
> I roll back this change, as you said it was not enough and then the rename command..
> 
>> 
>> Now how to get things working: I'm afraid it would be long and painful process, but let's try:
>> 
>> 1. Change manually ENGINE_FQDN to the new value you have used as new FQDN in ovirt-engine-rename in those files:
>> 
>>     /etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf
>>     /etc/ovirt-engine/imageuploader.conf.d/10-engine-setup.conf
>>     /etc/ovirt-engine/isouploader.conf.d/10-engine-setup.conf
>>     /etc/ovirt-engine/logcollector.conf.d/10-engine-setup.conf
>> 
>> 2. Now, let's check your custom certificates, I know you are using your custom CA, does the trustore you have set into ENGINE_HTTPS_PKI_TRUST_STORE contains all certificates which are needed to verify HTTPS certificates you have set in Apache for new FQDN? If so, then please restart your engine and try
>> 
>> Thanks
>> 
>> Martin Perina
> 
> I'm not sur the PKI part is the biggest problem. I managed to get it work after a rename and using a custom truststore with all the needed CA.
> 
> My main problem is with this strange 
> User login failure: java.lang.RuntimeException: server_error: org.codehaus.jackson.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')
> 
> that no one seems to understand where it came from. Ravi suggest to do not use custom certificate, but I think it's impossible to test this now, because of the incomplete operation of the rename command. So I will but back my trust store and we should focus on this message.
> 
> By the way, I'm on irc on the channel with the nick FabriceB.

Ok we finally nailed that problem with the help of Ravi Nori. Because of the new SSO settings, ovirt-engine made a called to itself, from within the same process. But it needed to go through apache to authentify itself by itself and was intercepted by my SSO setup. I will need to rewrite it and split URL.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160812/44476ca5/attachment-0001.html>

More information about the Users mailing list