[ovirt-users] seria consol setup

[Fabrice Bacchella]

I'm trying, my configuration is still incomplete, I added in my httpd.conf:

<VirtualHost *:1443>
    ServerName XXX
    DocumentRoot htdocs

    RedirectMatch ^/$ /ovirt-engine/
    
    SSLEngine on
    SSLCertificateFile /etc/pki/ovirt-engine/certs/apache.cer
    SSLCertificateKeyFile /etc/pki/ovirt-engine/keys/apache.key.nopass
    SSLCACertificateFile /etc/pki/ovirt-engine/apache-ca.pem

    RequestHeader unset Expect early
    
    <LocationMatch ^/(ovirt-engine($|/)|api($|/)|RHEVManagerWeb/|OvirtEngineWeb/|ca.crt$|engine.ssh.key.txt$|rhevm.ssh.key.txt$)>
        ProxyPassMatch ajp://127.0.0.1:8702 timeout=3600 retry=5

        AddOutputFilterByType DEFLATE text/javascript text/css text/html text/xml text/json application/xml application/json application/x-yaml
    </LocationMatch>

</VirtualHost>

and in /etc/ovirt-engine/ovirt-vmconsole-proxy-helper.conf.d/99-my.conf
ENGINE_BASE_URL=https://localhost:1443/ovirt-engine/

but no progress :

su - ovirt-vmconsole -c '/usr/libexec/ovirt-vmconsole-proxy-keys --debug list'
ERROR: Internal error

--debug don't provide any help

but 
curl -vk -XPOST https://localhost:1443/ovirt-engine/services/vmconsole-proxy
fails of course, but because the query is no good. More messages from ovirt-vmconsole-proxy-keys would be very helpfull.


> Le 23 mars 2016 à 13:32, Francesco Romani <fromani at redhat.com> a écrit :
> 
> ----- Original Message -----
>> From: "Fabrice Bacchella" <fabrice.bacchella at orange.fr>
>> To: "Francesco Romani" <fromani at redhat.com>
>> Cc: "Yedidyah Bar David" <didi at redhat.com>, "users" <users at ovirt.org>
>> Sent: Wednesday, March 23, 2016 1:21:11 PM
>> Subject: Re: [ovirt-users] seria consol setup
>> 
>> 
>>> Le 23 mars 2016 à 12:32, Francesco Romani <fromani at redhat.com> a écrit :
>>> 
>>> ----- Original Message -----
>>>> From: "Yedidyah Bar David" <didi at redhat.com>
>>>> To: "Fabrice Bacchella" <fabrice.bacchella at orange.fr>, "Francesco Romani"
>>>> <fromani at redhat.com>
>>>> Cc: "users" <users at ovirt.org>
>>>> Sent: Wednesday, March 23, 2016 12:28:52 PM
>>>> Subject: Re: [ovirt-users] seria consol setup
>>> 
>>>>> I can always use puppet to modify just this line, it will be fine for me.
>>>>> 
>>>>> The point 4 in Automatic Setup is not very helpfull:
>>>>> "       • once the setup succesfully run, and once ovirt-engine is
>>>>> running,
>>>>> you can log in and register a SSH key. (TODO: add picture)"
>>>>> 
>>>>> what does it mean ?
>>> 
>>> It just means that you need to add SSH public keys for the users which want
>>> to use
>>> the serial console.
>>> 
>>> E.g. log in user portal
>>> in the top right corner there is the $user drop down menu, click on it
>>> select "options"
>>> paste public key here
>>> 
>>> HTH,
>> 
>> It tried that, I didn't work.
> 
> What didn't work? Adding the keys or -AFAIK- the full authentication?
> 
>> By digging in log and configuration, I think
>> it's because I have an Apache server in front of ovirt-engine, using a
>> specific SSO authentication module (using CAS), so the certificate-base
>> authentication is failing, if my comprehension is good. So you should add a
>> few line about that in the documentation.
> 
> Will improve in this regard
> 
>> Should I make the proxy helper
>> talks directly to tomcat by playing with ENGINE_BASE_URL in
>> /etc/ovirt-engine/ovirt-vmconsole-proxy-helper.conf.d ?
> 
> Yes, the proxy helper is supposed to talk directly with the Engine.
> 
>> There is also a small glitch in the documentation:
>> su - ovirt-vmconsole -c 'ovirt-vmconsole-proxy-keys list'
>> but it should be:
>> su - ovirt-vmconsole -c '/usr/libexec/ovirt-vmconsole-proxy-keys list'
> 
> Thanks, will fix.
> 
> Bests,
> 
> -- 
> Francesco Romani
> RedHat Engineering Virtualization R & D
> Phone: 8261328
> IRC: fromani