[ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/

aleksey.maksimov at it-kb.ru aleksey.maksimov at it-kb.ru
Tue Aug 16 07:33:54 UTC 2016


Jiri, I did not hide information. Tell me what the log file should show and I will show

16.08.2016, 10:29, "Jiri Belka" <jbelka at redhat.com>:
> It does have logs, filenames "hide" real data.
>
> You should reveal logs and what each file is and
> which exact commands you were executing.
>
> Vague statements won't help much. It does work for me,
> there much be something strange in your setup but we
> cannot know what without details.
>
> j.
>
> ----- Original Message -----
> From: "aleksey maksimov" <aleksey.maksimov at it-kb.ru>
> To: "Jiri Belka" <jbelka at redhat.com>
> Cc: "users" <users at ovirt.org>
> Sent: Monday, August 15, 2016 6:18:48 PM
> Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/
>
> I tried a version of Nicolás.
> No success :((
>
> 1) I create full bundle cert file:
>
> # cat /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/apache-ca.pem > /etc/pki/ovirt-engine/certs/apache-with-ca.cer
> # openssl verify /etc/pki/ovirt-engine/certs/apache-with-ca.cer
>
> /etc/pki/ovirt-engine/certs/apache-with-ca.cer: OK
>
> 2) I changed config file:
>
> # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
>
> PROXY_PORT=6100
> SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache-with-ca.cer
> SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
> SSL_ONLY=True
> FORCE_DATA_VERIFICATION=False
>
> 3) I restarted the service
>
> # service ovirt-websocket-proxy restart
>
> Problem still exists :(
> Any ideas how to trablshut problem?
>
> 14.08.2016, 08:59, "aleksey.maksimov at it-kb.ru" <aleksey.maksimov at it-kb.ru>:
>>  Hi Jiri.
>>  But your variant does not work, too
>>
>>  # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
>>  PROXY_PORT=6100
>>  SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem
>>  SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
>>  CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
>>  SSL_ONLY=True
>>
>>  Some error:
>>  WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/eyJ...0=[object Event]
>>
>>  any ideas how to trablshut problem?
>>
>>  14.08.2016, 01:53, "Jiri Belka" <jbelka at redhat.com>:
>>>   I have different files for those variables, maybe this is the case?
>>>
>>>   Review again.
>>>
>>>   j.
>>>
>>>   ----- Original Message -----
>>>   From: "aleksey maksimov" <aleksey.maksimov at it-kb.ru>
>>>   To: "Jiri Belka" <jbelka at redhat.com>
>>>   Cc: "users" <users at ovirt.org>
>>>   Sent: Saturday, August 13, 2016 4:57:45 PM
>>>   Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/
>>>
>>>   I changed my file /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf to:
>>>
>>>   PROXY_PORT=6100
>>>   #SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/websocket-proxy.cer
>>>   #SSL_KEY=/etc/pki/ovirt-engine/keys/websocket-proxy.key.nopass
>>>   #CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
>>>   SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer
>>>   SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
>>>   CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/apache-ca.pem
>>>   SSL_ONLY=True
>>>
>>>   ...and restart HostedEngine VM.
>>>   Problem still exists.
>>>
>>>   13.08.2016, 17:52, "aleksey.maksimov at it-kb.ru" <aleksey.maksimov at it-kb.ru>:
>>>>    It does not work for me. any ideas?
>>>>
>>>>    02.08.2016, 17:22, "Jiri Belka" <jbelka at redhat.com>:
>>>>>     This works for me:
>>>>>
>>>>>     # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
>>>>>     PROXY_PORT=6100
>>>>>     SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem
>>>>>     SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
>>>>>     CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
>>>>>     SSL_ONLY=True
>>>>>
>>>>>     ----- Original Message -----
>>>>>     From: "aleksey maksimov" <aleksey.maksimov at it-kb.ru>
>>>>>     To: "users" <users at ovirt.org>
>>>>>     Sent: Monday, August 1, 2016 12:13:38 PM
>>>>>     Subject: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/
>>>>>
>>>>>     Hello oVirt guru`s !
>>>>>
>>>>>     I have successfully replaced the oVirt 4 site SSL-certificate according to the instructions from "Replacing oVirt SSL Certificate"
>>>>>     section in "oVirt Administration Guide"
>>>>>     http://www.ovirt.org/documentation/admin-guide/administration-guide/
>>>>>
>>>>>     3 files have been replaced:
>>>>>
>>>>>     /etc/pki/ovirt-engine/certs/apache.cer
>>>>>     /etc/pki/ovirt-engine/keys/apache.key.nopass
>>>>>     /etc/pki/ovirt-engine/apache-ca.pem
>>>>>
>>>>>     Now the oVirt site using my certificate and everything works fine, but when I try to use SPICE HTML5 browser client in Firefox or Chrome I see a gray screen and message under the button "Toggle messages output":
>>>>>
>>>>>     WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/eyJ...0=[object Event]
>>>>>
>>>>>     Before replacing certificates SPICE HTML5 browser client works.
>>>>>     Native SPICE client works fine.
>>>>>
>>>>>     Tell me what to do with SPICE HTML5 browser client?
>>>>>     _______________________________________________
>>>>>     Users mailing list
>>>>>     Users at ovirt.org
>>>>>     http://lists.ovirt.org/mailman/listinfo/users



More information about the Users mailing list