<div dir="ltr"><div><div>Good morning ,<br><br>"You
need to have correctly set up engine FQDN and it has to be resolvable.
If you don't have correctly set engine FQDN, you can fix that using ovirt-engine-rename tool, more info can be found at:<br><br><a href="https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/" target="_blank">https://www.ovirt.org/<wbr>documentation/how-to/<wbr>networking/<span class="">changing</span>-engine-<wbr><span class="">hostname</span>/</a> "<br><br></div>can I make the procedure with host and vms in production?<br><br></div>Thanks.<br></div><div class="gmail_extra"><br><div class="gmail_quote">2016-08-03 14:34 GMT-03:00 Martin Perina <span dir="ltr"><<a href="mailto:mperina@redhat.com" target="_blank">mperina@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Wed, Aug 3, 2016 at 5:25 PM, Fabrice Bacchella <span dir="ltr"><<a href="mailto:fabrice.bacchella@icloud.com" target="_blank">fabrice.bacchella@icloud.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Next step :<br>
<br>
The UI says, even with a restarted navigator:<br>
<br>
org.codehaus.jackson.<wbr>JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null') at [Source: java.io.StringReader@74749f78; line: 3, column: 2]<br></blockquote></span><div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">I haven't seen this error before, could you please share server.log and engine.log?<br></div> </div><span class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
<br>
I shift-reload, got a welcome screen, click on "Administration portal". I then got a warning. The vhost for ovirt is "ovirt.mydomain", but I got a redirect to:<br>
<a href="https://ovirt.mydomain/ovirt-engine/webadmin/sso/login?&app_url=https%3A%2F%2Fovirt.mydomain%2Fovirt-engine%2Fwebadmin%2F%3Flocale%3Den_US&locale=en_US" rel="noreferrer" target="_blank">https://ovirt.mydomain/ovirt-<wbr>engine/webadmin/sso/login?&<wbr>app_url=https%3A%2F%2Fovirt.<wbr>mydomain%2Fovirt-engine%<wbr>2Fwebadmin%2F%3Flocale%3Den_<wbr>US&locale=en_US</a><br>
that then redirect to:<br>
<a href="https://realhost.mydomain:443/ovirt-engine/sso/oauth/authorize?client_id=ovirt-engine-core&response_type=code&redirect_uri=https%3A%2F%2Fovirt.mydomain%3A443%2Fovirt-engine%2Fwebadmin%2Fsso%2Foauth2-callback&scope=ovirt-app-admin+ovirt-app-portal+ovirt-ext%3Dauth%3Asequence-priority%3D%7E&state=5ku3vXkfb10" rel="noreferrer" target="_blank">https://realhost.mydomain:443/<wbr>ovirt-engine/sso/oauth/<wbr>authorize?client_id=ovirt-<wbr>engine-core&response_type=<wbr>code&redirect_uri=https%3A%2F%<wbr>2Fovirt.mydomain%3A443%<wbr>2Fovirt-engine%2Fwebadmin%<wbr>2Fsso%2Foauth2-callback&scope=<wbr>ovirt-app-admin+ovirt-app-<wbr>portal+ovirt-ext%3Dauth%<wbr>3Asequence-priority%3D%7E&<wbr>state=5ku3vXkfb10</a><br>
<br>
And it fail with again with still:<br>
org.codehaus.jackson.<wbr>JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null') at [Source: java.io.StringReader@328a4512; line: 3, column: 2] </blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Many requests were send to ovirt.mydomain, but just one to realhost.mydomain:443, I don't know why.<br></blockquote></span><div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">You need to have correctly set up engine FQDN and it has to be resolvable. If you don't have correctly set engine FQDN, you can fix that </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">using ovirt-engine-rename tool, more info can be found at:<br><br><a href="https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/" target="_blank">https://www.ovirt.org/<wbr>documentation/how-to/<wbr>networking/changing-engine-<wbr>hostname/</a><br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">Also be aware that you need to use that engine FQDN to access oVirt 4.0<br><br></div></div><span class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
I didn't ask for any SSO, I already use my own (CAS), it was working well and the update never ask for activating something new.<br></blockquote></span><div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">This is one of the oVirt 4.0 features, we have implemented OAUTH SSO for all engine parts: webadmin, userportal and restapi. If you are using CAS (althought it's officially supported by oVirt), that probably means you have configured cas authentication on Apache, passing authenticated username using aaa-misc as authn extension and aaa-ldap as authz extension (to get group memberships for authenticated user). If that's true then please take a look at <br><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1342192" target="_blank">https://bugzilla.redhat.com/<wbr>show_bug.cgi?id=1342192</a><br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">there are some changes on Apache configuration (the bug is for kerberos, but I suspect similar config is needed also for cas module in apache).<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline"><br></div></div><span class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
<br>
> Le 3 août 2016 à 15:09, Martin Perina <<a href="mailto:mperina@redhat.com" target="_blank">mperina@redhat.com</a>> a écrit :<br>
><br>
> Hi,<br>
> please follow steps as described in BZ:<br>
><br>
> 1. Create /etc/ovirt-engine/engine.conf.<wbr>d/99-custom-truststore.conf (you may choose different filename but it has to end with '.conf' suffix) with following content:<br>
><br>
> ENGINE_HTTPS_PKI_TRUST_STORE=<wbr>"<full path to your java keystore>"<br>
> ENGINE_HTTPS_PKI_TRUST_STORE_<wbr>PASSWORD="<password to your java keystore>"<br>
><br>
> 2. Restart the engine<br>
><br>
> If the above doesn't work please attach server.log/engine.log<br>
><br>
> Thanks<br>
><br>
> Martin Perina<br>
<br>
</blockquote></span></div><br></div></div>
<br>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br>
<br></blockquote></div><br></div>