[ovirt-users] seria consol setup

Fabrice Bacchella fabrice.bacchella at orange.fr
Wed Mar 23 12:21:11 UTC 2016 

> Le 23 mars 2016 à 12:32, Francesco Romani <fromani at redhat.com> a écrit :
> 
> ----- Original Message -----
>> From: "Yedidyah Bar David" <didi at redhat.com>
>> To: "Fabrice Bacchella" <fabrice.bacchella at orange.fr>, "Francesco Romani" <fromani at redhat.com>
>> Cc: "users" <users at ovirt.org>
>> Sent: Wednesday, March 23, 2016 12:28:52 PM
>> Subject: Re: [ovirt-users] seria consol setup
> 
>>> I can always use puppet to modify just this line, it will be fine for me.
>>> 
>>> The point 4 in Automatic Setup is not very helpfull:
>>> "       • once the setup succesfully run, and once ovirt-engine is running,
>>> you can log in and register a SSH key. (TODO: add picture)"
>>> 
>>> what does it mean ?
> 
> It just means that you need to add SSH public keys for the users which want to use
> the serial console.
> 
> E.g. log in user portal
> in the top right corner there is the $user drop down menu, click on it
> select "options"
> paste public key here
> 
> HTH,

It tried that, I didn't work. By digging in log and configuration, I think it's because I have an Apache server in front of ovirt-engine, using a specific SSO authentication module (using CAS), so the certificate-base authentication is failing, if my comprehension is good. So you should add a few line about that in the documentation. Should I make the proxy helper talks directly to tomcat by playing with ENGINE_BASE_URL in /etc/ovirt-engine/ovirt-vmconsole-proxy-helper.conf.d ? On a https enabled connector for tomcat ?

I have actually in my apache configuration:

    <LocationMatch ^/(ovirt-engine($|/)|api($|/)|RHEVManagerWeb/|OvirtEngineWeb/|ca.crt$|engine.ssh.key.txt$|rhevm.ssh.key.txt$)>
        AuthType CAS
        Require valid-user
        CASAuthNHeader X-Remote-User

        ProxyPassMatch ajp://127.0.0.1:8702 timeout=3600 retry=5

        AddOutputFilterByType DEFLATE text/javascript text/css text/html text/xml text/json application/xml application/json application/x-yaml
    </LocationMatch>

</VirtualHost>


There is also a small glitch in the documentation:
su - ovirt-vmconsole -c 'ovirt-vmconsole-proxy-keys list'
but it should be:
su - ovirt-vmconsole -c '/usr/libexec/ovirt-vmconsole-proxy-keys list'

More information about the Users mailing list