SSO configuration looks good. Can you please share any additional httpd configuration in /etc/httpd/conf.d. Anything to do with LocationMatch for ovirt-engine urls.
On Fri, Oct 14, 2016 at 12:52 PM, Yaniv Kaul <[email protected]> wrote: > > > On Fri, Oct 14, 2016 at 3:50 PM, Ravi Nori <[email protected]> wrote: > >> Hi Yaniv, >> >> Can you check the output of https:://<engine>/ovirt-engine/sso/status in >> your browser and see if the SSO service is active. >> >> If SSO is deployed, you should see an output similar to the one below. >> Also are you able to login to webadmin using the browser? >> > > I am able to login using the webui. > > >> >> {"status_description":"SSO Webapp Deployed","version":"0","statu >> s":"active"} >> > > Indeed: > {"status_description":"SSO Webapp Deployed","version":"0"," > status":"active"} > > (not sure what 'version 0' means?) > > >> >> Please share the content of /etc/ovirt-engine/engine.conf. >> d/11-setup-sso.conf >> > > [root@lago-basic-suite-master-engine ~]# cat > /etc/ovirt-engine/engine.conf.d/11-setup-sso.conf > ENGINE_SSO_CLIENT_ID="ovirt-engine-core" > ENGINE_SSO_CLIENT_SECRET="bsOabtD7gE2McwLe80P109UV800XLx4O" > ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso"; > ENGINE_SSO_SERVICE_URL="https://localhost:443/ovirt-engine/sso"; > ENGINE_SSO_SERVICE_SSL_VERIFY_HOST=false > ENGINE_SSO_SERVICE_SSL_VERIFY_CHAIN=true > SSO_ALTERNATE_ENGINE_FQDNS="" > SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/"; > > > Thanks, > Y. > > > >> >> Thanks >> >> Ravi >> >> >> >> >> >> On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández <[email protected]> >> wrote: >> >>> On 10/14/2016 01:45 PM, Yaniv Kaul wrote: >>> > >>> > >>> > On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández <[email protected] >>> > <mailto:[email protected]>> wrote: >>> > >>> > On 10/13/2016 12:04 AM, Yaniv Kaul wrote: >>> > > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <[email protected] >>> <mailto:[email protected]> >>> > > <mailto:[email protected] <mailto:[email protected]>>> wrote: >>> > > >>> > > I'm trying on FC24, using >>> > > >>> > python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64 >>> to >>> > > add a DC, and failing - against master. The client is >>> unhappy: >>> > > File >>> > > >>> > "/home/ykaul/ovirt-system-tests/basic-suite-master/test-scen >>> arios/002_bootstrap.py", >>> > > line 98, in add_dc4 >>> > > version=sdk4.types.Version(ma >>> jor=DC_VER_MAJ,minor=DC_VER_MIN), >>> > > File "/usr/lib64/python2.7/site-pac >>> kages/ovirtsdk4/services.py", >>> > > line 4347, in add >>> > > response = self._connection.send(request) >>> > > File "/usr/lib64/python2.7/site-pac >>> kages/ovirtsdk4/__init__.py", >>> > > line 276, in send >>> > > return self.__send(request) >>> > > File "/usr/lib64/python2.7/site-pac >>> kages/ovirtsdk4/__init__.py", >>> > > line 298, in __send >>> > > self._sso_token = self._get_access_token() >>> > > File "/usr/lib64/python2.7/site-pac >>> kages/ovirtsdk4/__init__.py", >>> > > line 460, in _get_access_token >>> > > sso_response = self._get_sso_response(self._sso_url, >>> > post_data) >>> > > File "/usr/lib64/python2.7/site-pac >>> kages/ovirtsdk4/__init__.py", >>> > > line 498, in _get_sso_response >>> > > return json.loads(body_buf.getvalue().decode('utf-8')) >>> > > File "/usr/lib64/python2.7/json/__init__.py", line 339, >>> in loads >>> > > return _default_decoder.decode(s) >>> > > File "/usr/lib64/python2.7/json/decoder.py", line 364, in >>> decode >>> > > obj, end = self.raw_decode(s, idx=_w(s, 0).end()) >>> > > File "/usr/lib64/python2.7/json/decoder.py", line 382, in >>> > raw_decode >>> > > raise ValueError("No JSON object could be decoded") >>> > > ValueError: No JSON object could be decoded >>> > > >>> > > >>> > > Surprisingly, I now can't find that RPM of this SDK in >>> > > resources.ovirt.org <http://resources.ovirt.org> >>> > <http://resources.ovirt.org> now. >>> > > >>> > > I've tried >>> > > with >>> > http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc >>> 24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94e >>> eb5.fc24.x86_64.rpm >>> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/f >>> c24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94 >>> eeb5.fc24.x86_64.rpm> >>> > > >>> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc >>> 24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94e >>> eb5.fc24.x86_64.rpm >>> > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/f >>> c24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94 >>> eeb5.fc24.x86_64.rpm>> >>> > > >>> > > - same result. >>> > > >>> > > Did not see anything obvious on server or engine logs. >>> > > The code: >>> > > def add_dc4(api): >>> > > nt.assert_true(api != None) >>> > > dcs_service = api.system_service().data_cent >>> ers_service() >>> > > nt.assert_true( >>> > > dc = dcs_service.add( >>> > > sdk4.types.DataCenter( >>> > > name=DC_NAME4, >>> > > description='APIv4 DC', >>> > > local=False, >>> > > >>> > > version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_MI >>> N), >>> > > ), >>> > > ) >>> > > ) >>> > > >>> > > >>> > > And the api object is from: >>> > > return sdk4.Connection( >>> > > url=url, >>> > > username=constants.ENGINE_USER, >>> > > >>> > password=str(self.metadata['ovirt-engine-password']), >>> > > insecure=True, >>> > > debug=True, >>> > > ) >>> > > >>> > > >>> > > The clue is actually on the HTTPd logs: >>> > > 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST >>> > > /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74 >>> > > >>> > > And indeed, from the deubg log: >>> > > begin captured logging << --------------------\n >>> > > root: DEBUG: Trying 192.168.203.3...\n >>> > > root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port 443 >>> > (#0)\n >>> > > root: DEBUG: Initializing NSS with certpath: sql:/etc/pki/nssdb\n >>> > > root: DEBUG: skipping SSL peer certificate verification\n >>> > > root: DEBUG: ALPN/NPN, server did not agree to a protocol\n >>> > > root: DEBUG: SSL connection using >>> > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n >>> > > root: DEBUG: Server certificate:\n >>> > > root: DEBUG: subject: CN=engine,O=Test,C=US\n >>> > > root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n >>> > > root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n >>> > > root: DEBUG: common name: engine\nroot: DEBUG: issuer: >>> > > CN=engine.38998,O=Test,C=US\n >>> > > *root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n* >>> > > *root: DEBUG: Host: 192.168.203.3\n* >>> > > *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n* >>> > > *root: DEBUG: Accept: application/json\n* >>> > > *root: DEBUG: Content-Length: 78\n* >>> > > *root: DEBUG: Content-Type: application/x-www-form-urlenco >>> ded\nroot: >>> > > DEBUG: >>> > > >>> > username=admin%40internal&scope=ovirt-app-api&password=123& >>> grant_type=password\n* >>> > > *root: DEBUG: upload completely sent off: 78 out of 78 bytes\n* >>> > > *root: DEBUG: HTTP/1.1 404 Not Found\n* >>> > > *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n* >>> > > *root: DEBUG: Server: Apache/2.4.6 (CentOS) >>> OpenSSL/1.0.1e-fips\n* >>> > > *root: DEBUG: Content-Length: 74\n* >>> > > *root: DEBUG: Content-Type: text/html; charset=UTF-8\n* >>> > > *root: DEBUG: \n* >>> > > *root: DEBUG: <html><head><title>Error</title></head><body>404 >>> - Not >>> > > Found</body></html>\n* >>> > > root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n >>> > > --------------------- >> end captured logging >>> > > >>> > >>> > That definitively looks like version 3 of the engine. Either that >>> or >>> > version 4 of the engine with web server configuration modified so >>> that >>> > the SSO doesn't work as expected. >>> > >>> > What do you get if you run this against that server? >>> > >>> > >>> > Attached. >>> > Y. >>> > >>> >>> OK, that is version 4.1 of the engine, so next question is why the SSO >>> service is not responding. Do you see any message in >>> /var/log/ovirt-engine/server.log about "enginesso.war" not being >>> deployed? Did you do any modification to the >>> /etc/httpd/conf.d/z-ovirt-engine.conf file? >>> >>> Ravi, Martin, any idea of why the SSO service may not be working? >>> >>> > >>> > >>> > curl \ >>> > --verbose \ >>> > --insecure \ >>> > --request GET \ >>> > --user "admin@internal:yourpassword" \ >>> > --header "Version: 4" \ >>> > --header "Accept: application/xml" \ >>> > "https://thatserver/ovirt-engine/api >>> > <https://thatserver/ovirt-engine/api>" >>> > >>> >>> >>> -- >>> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta >>> 3ºD, 28016 Madrid, Spain >>> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L. >>> >> >> >
_______________________________________________ Devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/devel
