subject:"\[ovirt\-users\] Re\: Using the web\-ui VM portal through a proxy failing"

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

2019-02-15 Thread Greg Sheremeta

Hi Callum,

We figured it out. Please see
https://github.com/oVirt/ovirt-web-ui/issues/938#issuecomment-464067457
Let me know if that helps?

Greg


On Tue, Jan 29, 2019 at 8:31 PM Greg Sheremeta  wrote:

> Hey,
>
> https://github.com/oVirt/ovirt-web-ui/issues/938
>
> You can follow progress there. Thank you for reporting.
>
> Best wishes,
> Greg
>
> On Wed, Oct 24, 2018 at 11:41 AM Callum Smith 
> wrote:
>
>> Dear Greg,
>>
>> Here's my config, this is based on the original guide and some other
>> stuff that i found to help make it work.
>> Squid Cache: Version 3.5.20
>>
>> https_port 443 accel key=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.key
>> cert=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.crt defaultsite=> engine node>
>> cache_peer  parent 443 0 no-query originserver ssl
>> sslcafile=/etc/squid/ca.pem sslflags=DONT_VERIFY_PEER name=engine
>> cache_peer_access engine allow all
>> ssl_bump allow all
>> http_port 3128
>> acl ovirt_nodes dst 
>> acl ovirt_engine dstdomain .
>> acl all_ips src 1.1.1.1/1
>> http_access allow ovirt_nodes ovirt_engine
>> http_access allow all_ips
>> http_access allow all
>>
>>
>> # Following are from:
>> # https://access.redhat.com/solutions/425693
>>
>> # Leave coredumps in the first cache dir
>> coredump_dir /var/spool/squid
>>
>> # RHEV and Spice may leave connections idle for long periods
>> pconn_timeout   12 hours
>> request_timeout 12 hours
>> read_timeout12 hours
>>
>> # We need approx 20 open filehandles per spice client
>> max_filedesc 16384
>>
>> Regards,
>> Callum
>>
>> --
>>
>> Callum Smith
>> Research Computing Core
>> Wellcome Trust Centre for Human Genetics
>> University of Oxford
>> e. cal...@well.ox.ac.uk
>>
>> On 3 Oct 2018, at 00:39, Greg Sheremeta  wrote:
>>
>> Hi Callum,
>>
>> I took a look at this, but got in the weeds pretty quickly with squid
>> configuration. I can help more offline, but it might be a while.
>>
>> It'll probably be easier if you can provide me exact steps for how I
>> could reproduce. Looks like I need to generate some keys. Can you create
>> and share a simple reproducer?
>>
>> Greg
>>
>>
>> On Thu, Sep 20, 2018 at 11:37 AM Callum Smith 
>> wrote:
>>
>>> Dear Greg,
>>>
>>> Did you manage to get any further with this, reverse proxy is rather
>>> critical to this project.
>>>
>>> Regards,
>>> Callum
>>>
>>> --
>>>
>>> Callum Smith
>>> Research Computing Core
>>> Wellcome Trust Centre for Human Genetics
>>> University of Oxford
>>> e. cal...@well.ox.ac.uk
>>>
>>> On 6 Aug 2018, at 12:13, Greg Sheremeta  wrote:
>>>
>>> I'll look into it and get back to you.
>>>
>>> On Mon, Aug 6, 2018 at 7:02 AM Callum Smith 
>>> wrote:
>>>
 Dear Greg,

 So what's the go-to here, it seems so close but something in the API
 ajax is failing.

 Regards,
 Callum

 --

 Callum Smith
 Research Computing Core
 Wellcome Trust Centre for Human Genetics
 University of Oxford
 e. cal...@well.ox.ac.uk

 On 27 Jul 2018, at 12:21, Greg Sheremeta  wrote:

 On Fri, Jul 27, 2018 at 4:39 AM Callum Smith 
 wrote:

> Dear Greg,
>
> Indeed, always the latest and greatest for us while trying to get this
> running.
>
> https://www.ovirt.org/documentation/security/squid-reverse-proxy/
>

 Arrggghh, that is referring to the old GWT UserPortal and not the new
 react-based VM Portal. (I'll delete it / mark it obsolete. I apologize for
 the out-of-date state of our documentation. I am working on improving it.)

 Unfortunately we have never tested VM Portal with squid.

 @Lukas Svaty  any chance you or someone on the team
 can assist?


>
> And the squid.conf file looks like this:
>
> https_port 443 accel
> key=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.key
> cert=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.crt
> defaultsite=ovirtengine.cluster
> cache_peer ovirtengine.cluster parent 443 0 no-query originserver ssl
> sslcafile=/etc/squid/ca.pem sslflags=DONT_VERIFY_PEER name=engine
> cache_peer_access engine allow all
> ssl_bump allow all
> http_port 3128
> acl ovirt_nodes dst 192.168.64.0/24
> acl ovirt_engine dstdomain .ovirtengine.cluster
> acl all_ips src 1.1.1.1/1
> http_access allow ovirt_nodes ovirt_engine
> http_access allow all_ips
> http_access allow all
>
>
> # Following are from:
> # https://access.redhat.com/solutions/425693
>
> # Leave coredumps in the first cache dir
> coredump_dir /var/spool/squid
>
> # RHEV and Spice may leave connections idle for long periods
> pconn_timeout   12 hours
> request_timeout 12 hours
> read_timeout12 hours
>
> # We need approx 20 open filehandles per spice client
> max_filedesc 16384
>
> Regards,
> Callum
>
> --
>
> Callum Smith
> Research Computing Core
> Wellcome Trust Centre for Human Genetics
> Un

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

2019-01-29 Thread Greg Sheremeta

Hey,

https://github.com/oVirt/ovirt-web-ui/issues/938

You can follow progress there. Thank you for reporting.

Best wishes,
Greg

On Wed, Oct 24, 2018 at 11:41 AM Callum Smith  wrote:

> Dear Greg,
>
> Here's my config, this is based on the original guide and some other stuff
> that i found to help make it work.
> Squid Cache: Version 3.5.20
>
> https_port 443 accel key=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.key
> cert=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.crt defaultsite= engine node>
> cache_peer  parent 443 0 no-query originserver ssl
> sslcafile=/etc/squid/ca.pem sslflags=DONT_VERIFY_PEER name=engine
> cache_peer_access engine allow all
> ssl_bump allow all
> http_port 3128
> acl ovirt_nodes dst 
> acl ovirt_engine dstdomain .
> acl all_ips src 1.1.1.1/1
> http_access allow ovirt_nodes ovirt_engine
> http_access allow all_ips
> http_access allow all
>
>
> # Following are from:
> # https://access.redhat.com/solutions/425693
>
> # Leave coredumps in the first cache dir
> coredump_dir /var/spool/squid
>
> # RHEV and Spice may leave connections idle for long periods
> pconn_timeout   12 hours
> request_timeout 12 hours
> read_timeout12 hours
>
> # We need approx 20 open filehandles per spice client
> max_filedesc 16384
>
> Regards,
> Callum
>
> --
>
> Callum Smith
> Research Computing Core
> Wellcome Trust Centre for Human Genetics
> University of Oxford
> e. cal...@well.ox.ac.uk
>
> On 3 Oct 2018, at 00:39, Greg Sheremeta  wrote:
>
> Hi Callum,
>
> I took a look at this, but got in the weeds pretty quickly with squid
> configuration. I can help more offline, but it might be a while.
>
> It'll probably be easier if you can provide me exact steps for how I could
> reproduce. Looks like I need to generate some keys. Can you create and
> share a simple reproducer?
>
> Greg
>
>
> On Thu, Sep 20, 2018 at 11:37 AM Callum Smith 
> wrote:
>
>> Dear Greg,
>>
>> Did you manage to get any further with this, reverse proxy is rather
>> critical to this project.
>>
>> Regards,
>> Callum
>>
>> --
>>
>> Callum Smith
>> Research Computing Core
>> Wellcome Trust Centre for Human Genetics
>> University of Oxford
>> e. cal...@well.ox.ac.uk
>>
>> On 6 Aug 2018, at 12:13, Greg Sheremeta  wrote:
>>
>> I'll look into it and get back to you.
>>
>> On Mon, Aug 6, 2018 at 7:02 AM Callum Smith  wrote:
>>
>>> Dear Greg,
>>>
>>> So what's the go-to here, it seems so close but something in the API
>>> ajax is failing.
>>>
>>> Regards,
>>> Callum
>>>
>>> --
>>>
>>> Callum Smith
>>> Research Computing Core
>>> Wellcome Trust Centre for Human Genetics
>>> University of Oxford
>>> e. cal...@well.ox.ac.uk
>>>
>>> On 27 Jul 2018, at 12:21, Greg Sheremeta  wrote:
>>>
>>> On Fri, Jul 27, 2018 at 4:39 AM Callum Smith 
>>> wrote:
>>>
 Dear Greg,

 Indeed, always the latest and greatest for us while trying to get this
 running.

 https://www.ovirt.org/documentation/security/squid-reverse-proxy/

>>>
>>> Arrggghh, that is referring to the old GWT UserPortal and not the new
>>> react-based VM Portal. (I'll delete it / mark it obsolete. I apologize for
>>> the out-of-date state of our documentation. I am working on improving it.)
>>>
>>> Unfortunately we have never tested VM Portal with squid.
>>>
>>> @Lukas Svaty  any chance you or someone on the team
>>> can assist?
>>>
>>>

 And the squid.conf file looks like this:

 https_port 443 accel
 key=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.key
 cert=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.crt
 defaultsite=ovirtengine.cluster
 cache_peer ovirtengine.cluster parent 443 0 no-query originserver ssl
 sslcafile=/etc/squid/ca.pem sslflags=DONT_VERIFY_PEER name=engine
 cache_peer_access engine allow all
 ssl_bump allow all
 http_port 3128
 acl ovirt_nodes dst 192.168.64.0/24
 acl ovirt_engine dstdomain .ovirtengine.cluster
 acl all_ips src 1.1.1.1/1
 http_access allow ovirt_nodes ovirt_engine
 http_access allow all_ips
 http_access allow all


 # Following are from:
 # https://access.redhat.com/solutions/425693

 # Leave coredumps in the first cache dir
 coredump_dir /var/spool/squid

 # RHEV and Spice may leave connections idle for long periods
 pconn_timeout   12 hours
 request_timeout 12 hours
 read_timeout12 hours

 # We need approx 20 open filehandles per spice client
 max_filedesc 16384

 Regards,
 Callum

 --

 Callum Smith
 Research Computing Core
 Wellcome Trust Centre for Human Genetics
 University of Oxford
 e. cal...@well.ox.ac.uk

 On 27 Jul 2018, at 01:15, Greg Sheremeta  wrote:

 From your other thread, I'm guessing 4.2.4.

 Can you send the link to the squid guide you used?

 On Wed, Jul 25, 2018 at 7:55 PM Greg Sheremeta 
 wrote:

> Hi Callum,
>
> What version of ovirt-web-ui is this?
>
> Greg
>
> On

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

2018-10-24 Thread Callum Smith

Dear Greg,

Here's my config, this is based on the original guide and some other stuff that 
i found to help make it work.
Squid Cache: Version 3.5.20

https_port 443 accel key=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.key 
cert=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.crt defaultsite=
cache_peer  parent 443 0 no-query originserver ssl 
sslcafile=/etc/squid/ca.pem sslflags=DONT_VERIFY_PEER name=engine
cache_peer_access engine allow all
ssl_bump allow all
http_port 3128
acl ovirt_nodes dst 
acl ovirt_engine dstdomain .
acl all_ips src 1.1.1.1/1
http_access allow ovirt_nodes ovirt_engine
http_access allow all_ips
http_access allow all


# Following are from:
# https://access.redhat.com/solutions/425693

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# RHEV and Spice may leave connections idle for long periods
pconn_timeout   12 hours
request_timeout 12 hours
read_timeout12 hours

# We need approx 20 open filehandles per spice client
max_filedesc 16384

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. cal...@well.ox.ac.uk

On 3 Oct 2018, at 00:39, Greg Sheremeta 
mailto:gsher...@redhat.com>> wrote:

Hi Callum,

I took a look at this, but got in the weeds pretty quickly with squid 
configuration. I can help more offline, but it might be a while.

It'll probably be easier if you can provide me exact steps for how I could 
reproduce. Looks like I need to generate some keys. Can you create and share a 
simple reproducer?

Greg


On Thu, Sep 20, 2018 at 11:37 AM Callum Smith 
mailto:cal...@well.ox.ac.uk>> wrote:
Dear Greg,

Did you manage to get any further with this, reverse proxy is rather critical 
to this project.

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. cal...@well.ox.ac.uk

On 6 Aug 2018, at 12:13, Greg Sheremeta 
mailto:gsher...@redhat.com>> wrote:

I'll look into it and get back to you.

On Mon, Aug 6, 2018 at 7:02 AM Callum Smith 
mailto:cal...@well.ox.ac.uk>> wrote:
Dear Greg,

So what's the go-to here, it seems so close but something in the API ajax is 
failing.

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. cal...@well.ox.ac.uk

On 27 Jul 2018, at 12:21, Greg Sheremeta 
mailto:gsher...@redhat.com>> wrote:

On Fri, Jul 27, 2018 at 4:39 AM Callum Smith 
mailto:cal...@well.ox.ac.uk>> wrote:
Dear Greg,

Indeed, always the latest and greatest for us while trying to get this running.

https://www.ovirt.org/documentation/security/squid-reverse-proxy/

Arrggghh, that is referring to the old GWT UserPortal and not the new 
react-based VM Portal. (I'll delete it / mark it obsolete. I apologize for the 
out-of-date state of our documentation. I am working on improving it.)

Unfortunately we have never tested VM Portal with squid.

@Lukas Svaty any chance you or someone on the team 
can assist?


And the squid.conf file looks like this:

https_port 443 accel key=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.key 
cert=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.crt 
defaultsite=ovirtengine.cluster
cache_peer ovirtengine.cluster parent 443 0 no-query originserver ssl 
sslcafile=/etc/squid/ca.pem sslflags=DONT_VERIFY_PEER name=engine
cache_peer_access engine allow all
ssl_bump allow all
http_port 3128
acl ovirt_nodes dst 192.168.64.0/24
acl ovirt_engine dstdomain .ovirtengine.cluster
acl all_ips src 1.1.1.1/1
http_access allow ovirt_nodes ovirt_engine
http_access allow all_ips
http_access allow all


# Following are from:
# https://access.redhat.com/solutions/425693

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# RHEV and Spice may leave connections idle for long periods
pconn_timeout   12 hours
request_timeout 12 hours
read_timeout12 hours

# We need approx 20 open filehandles per spice client
max_filedesc 16384

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. cal...@well.ox.ac.uk

On 27 Jul 2018, at 01:15, Greg Sheremeta 
mailto:gsher...@redhat.com>> wrote:

>From your other thread, I'm guessing 4.2.4.

Can you send the link to the squid guide you used?

On Wed, Jul 25, 2018 at 7:55 PM Greg Sheremeta 
mailto:gsher...@redhat.com>> wrote:
Hi Callum,

What version of ovirt-web-ui is this?

Greg

On Wed, Jul 18, 2018 at 7:12 AM Callum Smith 
mailto:cal...@well.ox.ac.uk>> wrote:
Dear All,

Those error logs are relevant only to another issue, please ignore.

There appears to be a problem to do with authentication through the squid proxy 
though, which presents differently in Safari and Firefox:

[X][X]

Sorry for the screenshots but its the only way i can extract this data du

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

2018-10-02 Thread Greg Sheremeta

Hi Callum,

I took a look at this, but got in the weeds pretty quickly with squid
configuration. I can help more offline, but it might be a while.

It'll probably be easier if you can provide me exact steps for how I could
reproduce. Looks like I need to generate some keys. Can you create and
share a simple reproducer?

Greg


On Thu, Sep 20, 2018 at 11:37 AM Callum Smith  wrote:

> Dear Greg,
>
> Did you manage to get any further with this, reverse proxy is rather
> critical to this project.
>
> Regards,
> Callum
>
> --
>
> Callum Smith
> Research Computing Core
> Wellcome Trust Centre for Human Genetics
> University of Oxford
> e. cal...@well.ox.ac.uk
>
> On 6 Aug 2018, at 12:13, Greg Sheremeta  wrote:
>
> I'll look into it and get back to you.
>
> On Mon, Aug 6, 2018 at 7:02 AM Callum Smith  wrote:
>
>> Dear Greg,
>>
>> So what's the go-to here, it seems so close but something in the API ajax
>> is failing.
>>
>> Regards,
>> Callum
>>
>> --
>>
>> Callum Smith
>> Research Computing Core
>> Wellcome Trust Centre for Human Genetics
>> University of Oxford
>> e. cal...@well.ox.ac.uk
>>
>> On 27 Jul 2018, at 12:21, Greg Sheremeta  wrote:
>>
>> On Fri, Jul 27, 2018 at 4:39 AM Callum Smith 
>> wrote:
>>
>>> Dear Greg,
>>>
>>> Indeed, always the latest and greatest for us while trying to get this
>>> running.
>>>
>>> https://www.ovirt.org/documentation/security/squid-reverse-proxy/
>>>
>>
>> Arrggghh, that is referring to the old GWT UserPortal and not the new
>> react-based VM Portal. (I'll delete it / mark it obsolete. I apologize for
>> the out-of-date state of our documentation. I am working on improving it.)
>>
>> Unfortunately we have never tested VM Portal with squid.
>>
>> @Lukas Svaty  any chance you or someone on the team
>> can assist?
>>
>>
>>>
>>> And the squid.conf file looks like this:
>>>
>>> https_port 443 accel key=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.key
>>> cert=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.crt
>>> defaultsite=ovirtengine.cluster
>>> cache_peer ovirtengine.cluster parent 443 0 no-query originserver ssl
>>> sslcafile=/etc/squid/ca.pem sslflags=DONT_VERIFY_PEER name=engine
>>> cache_peer_access engine allow all
>>> ssl_bump allow all
>>> http_port 3128
>>> acl ovirt_nodes dst 192.168.64.0/24
>>> acl ovirt_engine dstdomain .ovirtengine.cluster
>>> acl all_ips src 1.1.1.1/1
>>> http_access allow ovirt_nodes ovirt_engine
>>> http_access allow all_ips
>>> http_access allow all
>>>
>>>
>>> # Following are from:
>>> # https://access.redhat.com/solutions/425693
>>>
>>> # Leave coredumps in the first cache dir
>>> coredump_dir /var/spool/squid
>>>
>>> # RHEV and Spice may leave connections idle for long periods
>>> pconn_timeout   12 hours
>>> request_timeout 12 hours
>>> read_timeout12 hours
>>>
>>> # We need approx 20 open filehandles per spice client
>>> max_filedesc 16384
>>>
>>> Regards,
>>> Callum
>>>
>>> --
>>>
>>> Callum Smith
>>> Research Computing Core
>>> Wellcome Trust Centre for Human Genetics
>>> University of Oxford
>>> e. cal...@well.ox.ac.uk
>>>
>>> On 27 Jul 2018, at 01:15, Greg Sheremeta  wrote:
>>>
>>> From your other thread, I'm guessing 4.2.4.
>>>
>>> Can you send the link to the squid guide you used?
>>>
>>> On Wed, Jul 25, 2018 at 7:55 PM Greg Sheremeta 
>>> wrote:
>>>
 Hi Callum,

 What version of ovirt-web-ui is this?

 Greg

 On Wed, Jul 18, 2018 at 7:12 AM Callum Smith 
 wrote:

> Dear All,
>
> Those error logs are relevant only to another issue, please ignore.
>
> There appears to be a problem to do with authentication through the
> squid proxy though, which presents differently in Safari and Firefox:
>
>
> Sorry for the screenshots but its the only way i can extract this data
> due to the page-refresh.
>
> Regards,
> Callum
>
> --
>
> Callum Smith
> Research Computing Core
> Wellcome Trust Centre for Human Genetics
> University of Oxford
> e. cal...@well.ox.ac.uk
>
> On 18 Jul 2018, at 10:54, Callum Smith  wrote:
>
> Dear All,
>
> Some relevant error logs:
>
> 2018-07-18 10:51:33,554+01 INFO
>  [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-9)
> [557ca876] Running command
> : CreateUserSessionCommand internal: false.
> 2018-07-18 10:51:33,575+01 INFO
>  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (default task-9) [557ca876] E
> VENT_ID: USER_VDC_LOGIN(30), User callum@Biomedical Research
> Computing connecting from '192.168.1.241' using session 'wiWA25wdaRP1zay
> iyTSGBJKpvi89LdzgKqeX12BcZhNVhpV2BIA+zkAnT50xOSDglxnhfAi3S2ZiODls8JYFUA=='
> logged in.
> 2018-07-18 10:51:34,135+01 ERROR
> [org.ovirt.engine.core.bll.GetSystemStatisticsQuery] (default task-5)
> [8d830cdb-fc11-4e68-94e6-73309
> 65c4488] Query execution failed due to insufficient permissions.
> 2018-07-18 10:51:34,205+01 ERROR

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

2018-09-20 Thread Callum Smith

Dear Greg,

Did you manage to get any further with this, reverse proxy is rather critical 
to this project.

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. cal...@well.ox.ac.uk

On 6 Aug 2018, at 12:13, Greg Sheremeta 
mailto:gsher...@redhat.com>> wrote:

I'll look into it and get back to you.

On Mon, Aug 6, 2018 at 7:02 AM Callum Smith 
mailto:cal...@well.ox.ac.uk>> wrote:
Dear Greg,

So what's the go-to here, it seems so close but something in the API ajax is 
failing.

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. cal...@well.ox.ac.uk

On 27 Jul 2018, at 12:21, Greg Sheremeta 
mailto:gsher...@redhat.com>> wrote:

On Fri, Jul 27, 2018 at 4:39 AM Callum Smith 
mailto:cal...@well.ox.ac.uk>> wrote:
Dear Greg,

Indeed, always the latest and greatest for us while trying to get this running.

https://www.ovirt.org/documentation/security/squid-reverse-proxy/

Arrggghh, that is referring to the old GWT UserPortal and not the new 
react-based VM Portal. (I'll delete it / mark it obsolete. I apologize for the 
out-of-date state of our documentation. I am working on improving it.)

Unfortunately we have never tested VM Portal with squid.

@Lukas Svaty any chance you or someone on the team 
can assist?


And the squid.conf file looks like this:

https_port 443 accel key=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.key 
cert=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.crt 
defaultsite=ovirtengine.cluster
cache_peer ovirtengine.cluster parent 443 0 no-query originserver ssl 
sslcafile=/etc/squid/ca.pem sslflags=DONT_VERIFY_PEER name=engine
cache_peer_access engine allow all
ssl_bump allow all
http_port 3128
acl ovirt_nodes dst 192.168.64.0/24
acl ovirt_engine dstdomain .ovirtengine.cluster
acl all_ips src 1.1.1.1/1
http_access allow ovirt_nodes ovirt_engine
http_access allow all_ips
http_access allow all


# Following are from:
# https://access.redhat.com/solutions/425693

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# RHEV and Spice may leave connections idle for long periods
pconn_timeout   12 hours
request_timeout 12 hours
read_timeout12 hours

# We need approx 20 open filehandles per spice client
max_filedesc 16384

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. cal...@well.ox.ac.uk

On 27 Jul 2018, at 01:15, Greg Sheremeta 
mailto:gsher...@redhat.com>> wrote:

>From your other thread, I'm guessing 4.2.4.

Can you send the link to the squid guide you used?

On Wed, Jul 25, 2018 at 7:55 PM Greg Sheremeta 
mailto:gsher...@redhat.com>> wrote:
Hi Callum,

What version of ovirt-web-ui is this?

Greg

On Wed, Jul 18, 2018 at 7:12 AM Callum Smith 
mailto:cal...@well.ox.ac.uk>> wrote:
Dear All,

Those error logs are relevant only to another issue, please ignore.

There appears to be a problem to do with authentication through the squid proxy 
though, which presents differently in Safari and Firefox:

[X][X]

Sorry for the screenshots but its the only way i can extract this data due to 
the page-refresh.

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. cal...@well.ox.ac.uk

On 18 Jul 2018, at 10:54, Callum Smith 
mailto:cal...@well.ox.ac.uk>> wrote:

Dear All,

Some relevant error logs:

2018-07-18 10:51:33,554+01 INFO  
[org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-9) 
[557ca876] Running command
: CreateUserSessionCommand internal: false.
2018-07-18 10:51:33,575+01 INFO  
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default 
task-9) [557ca876] E
VENT_ID: USER_VDC_LOGIN(30), User callum@Biomedical Research Computing 
connecting from '192.168.1.241' using session 'wiWA25wdaRP1zay
iyTSGBJKpvi89LdzgKqeX12BcZhNVhpV2BIA+zkAnT50xOSDglxnhfAi3S2ZiODls8JYFUA==' 
logged in.
2018-07-18 10:51:34,135+01 ERROR 
[org.ovirt.engine.core.bll.GetSystemStatisticsQuery] (default task-5) 
[8d830cdb-fc11-4e68-94e6-73309
65c4488] Query execution failed due to insufficient permissions.
2018-07-18 10:51:34,205+01 ERROR 
[org.ovirt.engine.core.bll.GetPermissionsForObjectQuery] (default task-26) 
[ba1825f1-60fb-44cd-8b57-
ea701cf698c0] Query execution failed due to insufficient permissions.
2018-07-18 10:51:34,242+01 ERROR 
[org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default 
task-26) [] Operation Faile
d: query execution failed due to insufficient permissions.
2018-07-18 10:51:34,389+01 ERROR 
[org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] 
(default task-17) [02965366
-44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient 
pe

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

2018-08-06 Thread Greg Sheremeta

I'll look into it and get back to you.

On Mon, Aug 6, 2018 at 7:02 AM Callum Smith  wrote:

> Dear Greg,
>
> So what's the go-to here, it seems so close but something in the API ajax
> is failing.
>
> Regards,
> Callum
>
> --
>
> Callum Smith
> Research Computing Core
> Wellcome Trust Centre for Human Genetics
> University of Oxford
> e. cal...@well.ox.ac.uk
>
> On 27 Jul 2018, at 12:21, Greg Sheremeta  wrote:
>
> On Fri, Jul 27, 2018 at 4:39 AM Callum Smith  wrote:
>
>> Dear Greg,
>>
>> Indeed, always the latest and greatest for us while trying to get this
>> running.
>>
>> https://www.ovirt.org/documentation/security/squid-reverse-proxy/
>>
>
> Arrggghh, that is referring to the old GWT UserPortal and not the new
> react-based VM Portal. (I'll delete it / mark it obsolete. I apologize for
> the out-of-date state of our documentation. I am working on improving it.)
>
> Unfortunately we have never tested VM Portal with squid.
>
> @Lukas Svaty  any chance you or someone on the team
> can assist?
>
>
>>
>> And the squid.conf file looks like this:
>>
>> https_port 443 accel key=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.key
>> cert=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.crt
>> defaultsite=ovirtengine.cluster
>> cache_peer ovirtengine.cluster parent 443 0 no-query originserver ssl
>> sslcafile=/etc/squid/ca.pem sslflags=DONT_VERIFY_PEER name=engine
>> cache_peer_access engine allow all
>> ssl_bump allow all
>> http_port 3128
>> acl ovirt_nodes dst 192.168.64.0/24
>> acl ovirt_engine dstdomain .ovirtengine.cluster
>> acl all_ips src 1.1.1.1/1
>> http_access allow ovirt_nodes ovirt_engine
>> http_access allow all_ips
>> http_access allow all
>>
>>
>> # Following are from:
>> # https://access.redhat.com/solutions/425693
>>
>> # Leave coredumps in the first cache dir
>> coredump_dir /var/spool/squid
>>
>> # RHEV and Spice may leave connections idle for long periods
>> pconn_timeout   12 hours
>> request_timeout 12 hours
>> read_timeout12 hours
>>
>> # We need approx 20 open filehandles per spice client
>> max_filedesc 16384
>>
>> Regards,
>> Callum
>>
>> --
>>
>> Callum Smith
>> Research Computing Core
>> Wellcome Trust Centre for Human Genetics
>> University of Oxford
>> e. cal...@well.ox.ac.uk
>>
>> On 27 Jul 2018, at 01:15, Greg Sheremeta  wrote:
>>
>> From your other thread, I'm guessing 4.2.4.
>>
>> Can you send the link to the squid guide you used?
>>
>> On Wed, Jul 25, 2018 at 7:55 PM Greg Sheremeta 
>> wrote:
>>
>>> Hi Callum,
>>>
>>> What version of ovirt-web-ui is this?
>>>
>>> Greg
>>>
>>> On Wed, Jul 18, 2018 at 7:12 AM Callum Smith 
>>> wrote:
>>>
 Dear All,

 Those error logs are relevant only to another issue, please ignore.

 There appears to be a problem to do with authentication through the
 squid proxy though, which presents differently in Safari and Firefox:


 Sorry for the screenshots but its the only way i can extract this data
 due to the page-refresh.

 Regards,
 Callum

 --

 Callum Smith
 Research Computing Core
 Wellcome Trust Centre for Human Genetics
 University of Oxford
 e. cal...@well.ox.ac.uk

 On 18 Jul 2018, at 10:54, Callum Smith  wrote:

 Dear All,

 Some relevant error logs:

 2018-07-18 10:51:33,554+01 INFO
  [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-9)
 [557ca876] Running command
 : CreateUserSessionCommand internal: false.
 2018-07-18 10:51:33,575+01 INFO
  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
 (default task-9) [557ca876] E
 VENT_ID: USER_VDC_LOGIN(30), User callum@Biomedical Research Computing
 connecting from '192.168.1.241' using session 'wiWA25wdaRP1zay
 iyTSGBJKpvi89LdzgKqeX12BcZhNVhpV2BIA+zkAnT50xOSDglxnhfAi3S2ZiODls8JYFUA=='
 logged in.
 2018-07-18 10:51:34,135+01 ERROR
 [org.ovirt.engine.core.bll.GetSystemStatisticsQuery] (default task-5)
 [8d830cdb-fc11-4e68-94e6-73309
 65c4488] Query execution failed due to insufficient permissions.
 2018-07-18 10:51:34,205+01 ERROR
 [org.ovirt.engine.core.bll.GetPermissionsForObjectQuery] (default task-26)
 [ba1825f1-60fb-44cd-8b57-
 ea701cf698c0] Query execution failed due to insufficient permissions.
 2018-07-18 10:51:34,242+01 ERROR
 [org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default
 task-26) [] Operation Faile
 d: query execution failed due to insufficient permissions.
 2018-07-18 10:51:34,389+01 ERROR
 [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery]
 (default task-17) [02965366
 -44b0-4370-ab83-4781065e46c2] Query execution failed due to
 insufficient permissions.
 2018-07-18 10:51:34,393+01 ERROR
 [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery]
 (default task-17) [02965366
 -44b0-4370-ab83-4781065e46c2] Query execution failed due to
 insuf

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

2018-08-06 Thread Callum Smith

Dear Greg,

So what's the go-to here, it seems so close but something in the API ajax is 
failing.

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. cal...@well.ox.ac.uk

On 27 Jul 2018, at 12:21, Greg Sheremeta 
mailto:gsher...@redhat.com>> wrote:

On Fri, Jul 27, 2018 at 4:39 AM Callum Smith 
mailto:cal...@well.ox.ac.uk>> wrote:
Dear Greg,

Indeed, always the latest and greatest for us while trying to get this running.

https://www.ovirt.org/documentation/security/squid-reverse-proxy/

Arrggghh, that is referring to the old GWT UserPortal and not the new 
react-based VM Portal. (I'll delete it / mark it obsolete. I apologize for the 
out-of-date state of our documentation. I am working on improving it.)

Unfortunately we have never tested VM Portal with squid.

@Lukas Svaty any chance you or someone on the team 
can assist?


And the squid.conf file looks like this:

https_port 443 accel key=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.key 
cert=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.crt 
defaultsite=ovirtengine.cluster
cache_peer ovirtengine.cluster parent 443 0 no-query originserver ssl 
sslcafile=/etc/squid/ca.pem sslflags=DONT_VERIFY_PEER name=engine
cache_peer_access engine allow all
ssl_bump allow all
http_port 3128
acl ovirt_nodes dst 192.168.64.0/24
acl ovirt_engine dstdomain .ovirtengine.cluster
acl all_ips src 1.1.1.1/1
http_access allow ovirt_nodes ovirt_engine
http_access allow all_ips
http_access allow all


# Following are from:
# https://access.redhat.com/solutions/425693

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# RHEV and Spice may leave connections idle for long periods
pconn_timeout   12 hours
request_timeout 12 hours
read_timeout12 hours

# We need approx 20 open filehandles per spice client
max_filedesc 16384

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. cal...@well.ox.ac.uk

On 27 Jul 2018, at 01:15, Greg Sheremeta 
mailto:gsher...@redhat.com>> wrote:

>From your other thread, I'm guessing 4.2.4.

Can you send the link to the squid guide you used?

On Wed, Jul 25, 2018 at 7:55 PM Greg Sheremeta 
mailto:gsher...@redhat.com>> wrote:
Hi Callum,

What version of ovirt-web-ui is this?

Greg

On Wed, Jul 18, 2018 at 7:12 AM Callum Smith 
mailto:cal...@well.ox.ac.uk>> wrote:
Dear All,

Those error logs are relevant only to another issue, please ignore.

There appears to be a problem to do with authentication through the squid proxy 
though, which presents differently in Safari and Firefox:

[X][X]

Sorry for the screenshots but its the only way i can extract this data due to 
the page-refresh.

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. cal...@well.ox.ac.uk

On 18 Jul 2018, at 10:54, Callum Smith 
mailto:cal...@well.ox.ac.uk>> wrote:

Dear All,

Some relevant error logs:

2018-07-18 10:51:33,554+01 INFO  
[org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-9) 
[557ca876] Running command
: CreateUserSessionCommand internal: false.
2018-07-18 10:51:33,575+01 INFO  
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default 
task-9) [557ca876] E
VENT_ID: USER_VDC_LOGIN(30), User callum@Biomedical Research Computing 
connecting from '192.168.1.241' using session 'wiWA25wdaRP1zay
iyTSGBJKpvi89LdzgKqeX12BcZhNVhpV2BIA+zkAnT50xOSDglxnhfAi3S2ZiODls8JYFUA==' 
logged in.
2018-07-18 10:51:34,135+01 ERROR 
[org.ovirt.engine.core.bll.GetSystemStatisticsQuery] (default task-5) 
[8d830cdb-fc11-4e68-94e6-73309
65c4488] Query execution failed due to insufficient permissions.
2018-07-18 10:51:34,205+01 ERROR 
[org.ovirt.engine.core.bll.GetPermissionsForObjectQuery] (default task-26) 
[ba1825f1-60fb-44cd-8b57-
ea701cf698c0] Query execution failed due to insufficient permissions.
2018-07-18 10:51:34,242+01 ERROR 
[org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default 
task-26) [] Operation Faile
d: query execution failed due to insufficient permissions.
2018-07-18 10:51:34,389+01 ERROR 
[org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] 
(default task-17) [02965366
-44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient 
permissions.
2018-07-18 10:51:34,393+01 ERROR 
[org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] 
(default task-17) [02965366
-44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient 
permissions.
2018-07-18 10:51:34,394+01 ERROR 
[org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] 
(default task-17) [02965366
-44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient 
permissions.
2018-07-18 10:51:34,396+01

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

2018-07-27 Thread Greg Sheremeta

On Fri, Jul 27, 2018 at 4:39 AM Callum Smith  wrote:

> Dear Greg,
>
> Indeed, always the latest and greatest for us while trying to get this
> running.
>
> https://www.ovirt.org/documentation/security/squid-reverse-proxy/
>

Arrggghh, that is referring to the old GWT UserPortal and not the new
react-based VM Portal. (I'll delete it / mark it obsolete. I apologize for
the out-of-date state of our documentation. I am working on improving it.)

Unfortunately we have never tested VM Portal with squid.

@Lukas Svaty  any chance you or someone on the team can
assist?


>
> And the squid.conf file looks like this:
>
> https_port 443 accel key=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.key
> cert=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.crt
> defaultsite=ovirtengine.cluster
> cache_peer ovirtengine.cluster parent 443 0 no-query originserver ssl
> sslcafile=/etc/squid/ca.pem sslflags=DONT_VERIFY_PEER name=engine
> cache_peer_access engine allow all
> ssl_bump allow all
> http_port 3128
> acl ovirt_nodes dst 192.168.64.0/24
> acl ovirt_engine dstdomain .ovirtengine.cluster
> acl all_ips src 1.1.1.1/1
> http_access allow ovirt_nodes ovirt_engine
> http_access allow all_ips
> http_access allow all
>
>
> # Following are from:
> # https://access.redhat.com/solutions/425693
>
> # Leave coredumps in the first cache dir
> coredump_dir /var/spool/squid
>
> # RHEV and Spice may leave connections idle for long periods
> pconn_timeout   12 hours
> request_timeout 12 hours
> read_timeout12 hours
>
> # We need approx 20 open filehandles per spice client
> max_filedesc 16384
>
> Regards,
> Callum
>
> --
>
> Callum Smith
> Research Computing Core
> Wellcome Trust Centre for Human Genetics
> University of Oxford
> e. cal...@well.ox.ac.uk
>
> On 27 Jul 2018, at 01:15, Greg Sheremeta  wrote:
>
> From your other thread, I'm guessing 4.2.4.
>
> Can you send the link to the squid guide you used?
>
> On Wed, Jul 25, 2018 at 7:55 PM Greg Sheremeta 
> wrote:
>
>> Hi Callum,
>>
>> What version of ovirt-web-ui is this?
>>
>> Greg
>>
>> On Wed, Jul 18, 2018 at 7:12 AM Callum Smith 
>> wrote:
>>
>>> Dear All,
>>>
>>> Those error logs are relevant only to another issue, please ignore.
>>>
>>> There appears to be a problem to do with authentication through the
>>> squid proxy though, which presents differently in Safari and Firefox:
>>>
>>>
>>> Sorry for the screenshots but its the only way i can extract this data
>>> due to the page-refresh.
>>>
>>> Regards,
>>> Callum
>>>
>>> --
>>>
>>> Callum Smith
>>> Research Computing Core
>>> Wellcome Trust Centre for Human Genetics
>>> University of Oxford
>>> e. cal...@well.ox.ac.uk
>>>
>>> On 18 Jul 2018, at 10:54, Callum Smith  wrote:
>>>
>>> Dear All,
>>>
>>> Some relevant error logs:
>>>
>>> 2018-07-18 10:51:33,554+01 INFO
>>>  [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-9)
>>> [557ca876] Running command
>>> : CreateUserSessionCommand internal: false.
>>> 2018-07-18 10:51:33,575+01 INFO
>>>  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>>> (default task-9) [557ca876] E
>>> VENT_ID: USER_VDC_LOGIN(30), User callum@Biomedical Research Computing
>>> connecting from '192.168.1.241' using session 'wiWA25wdaRP1zay
>>> iyTSGBJKpvi89LdzgKqeX12BcZhNVhpV2BIA+zkAnT50xOSDglxnhfAi3S2ZiODls8JYFUA=='
>>> logged in.
>>> 2018-07-18 10:51:34,135+01 ERROR
>>> [org.ovirt.engine.core.bll.GetSystemStatisticsQuery] (default task-5)
>>> [8d830cdb-fc11-4e68-94e6-73309
>>> 65c4488] Query execution failed due to insufficient permissions.
>>> 2018-07-18 10:51:34,205+01 ERROR
>>> [org.ovirt.engine.core.bll.GetPermissionsForObjectQuery] (default task-26)
>>> [ba1825f1-60fb-44cd-8b57-
>>> ea701cf698c0] Query execution failed due to insufficient permissions.
>>> 2018-07-18 10:51:34,242+01 ERROR
>>> [org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default
>>> task-26) [] Operation Faile
>>> d: query execution failed due to insufficient permissions.
>>> 2018-07-18 10:51:34,389+01 ERROR
>>> [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery]
>>> (default task-17) [02965366
>>> -44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient
>>> permissions.
>>> 2018-07-18 10:51:34,393+01 ERROR
>>> [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery]
>>> (default task-17) [02965366
>>> -44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient
>>> permissions.
>>> 2018-07-18 10:51:34,394+01 ERROR
>>> [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery]
>>> (default task-17) [02965366
>>> -44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient
>>> permissions.
>>> 2018-07-18 10:51:34,396+01 ERROR
>>> [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery]
>>> (default task-17) [02965366
>>> -44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient
>>> permissions.
>>> 2018-07-18 10:51:59,195+01 WARN
>>>  [org.ovirt.engine.core.bl

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

2018-07-27 Thread Callum Smith

Dear Greg,

Indeed, always the latest and greatest for us while trying to get this running.

https://www.ovirt.org/documentation/security/squid-reverse-proxy/

And the squid.conf file looks like this:

https_port 443 accel key=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.key 
cert=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.crt 
defaultsite=ovirtengine.cluster
cache_peer ovirtengine.cluster parent 443 0 no-query originserver ssl 
sslcafile=/etc/squid/ca.pem sslflags=DONT_VERIFY_PEER name=engine
cache_peer_access engine allow all
ssl_bump allow all
http_port 3128
acl ovirt_nodes dst 192.168.64.0/24
acl ovirt_engine dstdomain .ovirtengine.cluster
acl all_ips src 1.1.1.1/1
http_access allow ovirt_nodes ovirt_engine
http_access allow all_ips
http_access allow all


# Following are from:
# https://access.redhat.com/solutions/425693

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# RHEV and Spice may leave connections idle for long periods
pconn_timeout   12 hours
request_timeout 12 hours
read_timeout12 hours

# We need approx 20 open filehandles per spice client
max_filedesc 16384

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. cal...@well.ox.ac.uk

On 27 Jul 2018, at 01:15, Greg Sheremeta 
mailto:gsher...@redhat.com>> wrote:

>From your other thread, I'm guessing 4.2.4.

Can you send the link to the squid guide you used?

On Wed, Jul 25, 2018 at 7:55 PM Greg Sheremeta 
mailto:gsher...@redhat.com>> wrote:
Hi Callum,

What version of ovirt-web-ui is this?

Greg

On Wed, Jul 18, 2018 at 7:12 AM Callum Smith 
mailto:cal...@well.ox.ac.uk>> wrote:
Dear All,

Those error logs are relevant only to another issue, please ignore.

There appears to be a problem to do with authentication through the squid proxy 
though, which presents differently in Safari and Firefox:

[X][X]

Sorry for the screenshots but its the only way i can extract this data due to 
the page-refresh.

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. cal...@well.ox.ac.uk

On 18 Jul 2018, at 10:54, Callum Smith 
mailto:cal...@well.ox.ac.uk>> wrote:

Dear All,

Some relevant error logs:

2018-07-18 10:51:33,554+01 INFO  
[org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-9) 
[557ca876] Running command
: CreateUserSessionCommand internal: false.
2018-07-18 10:51:33,575+01 INFO  
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default 
task-9) [557ca876] E
VENT_ID: USER_VDC_LOGIN(30), User callum@Biomedical Research Computing 
connecting from '192.168.1.241' using session 'wiWA25wdaRP1zay
iyTSGBJKpvi89LdzgKqeX12BcZhNVhpV2BIA+zkAnT50xOSDglxnhfAi3S2ZiODls8JYFUA==' 
logged in.
2018-07-18 10:51:34,135+01 ERROR 
[org.ovirt.engine.core.bll.GetSystemStatisticsQuery] (default task-5) 
[8d830cdb-fc11-4e68-94e6-73309
65c4488] Query execution failed due to insufficient permissions.
2018-07-18 10:51:34,205+01 ERROR 
[org.ovirt.engine.core.bll.GetPermissionsForObjectQuery] (default task-26) 
[ba1825f1-60fb-44cd-8b57-
ea701cf698c0] Query execution failed due to insufficient permissions.
2018-07-18 10:51:34,242+01 ERROR 
[org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default 
task-26) [] Operation Faile
d: query execution failed due to insufficient permissions.
2018-07-18 10:51:34,389+01 ERROR 
[org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] 
(default task-17) [02965366
-44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient 
permissions.
2018-07-18 10:51:34,393+01 ERROR 
[org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] 
(default task-17) [02965366
-44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient 
permissions.
2018-07-18 10:51:34,394+01 ERROR 
[org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] 
(default task-17) [02965366
-44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient 
permissions.
2018-07-18 10:51:34,396+01 ERROR 
[org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] 
(default task-17) [02965366
-44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient 
permissions.
2018-07-18 10:51:59,195+01 WARN  [org.ovirt.engine.core.bll.SetVmTicketCommand] 
(default task-18) [7881a832] User '9386d6f5-f172-4cdb
-abca-62492a357888' is trying to take the console of virtual machine 
'ddb23e0a-01d5-403c-89ab-37c400d2c938', but the console is alrea
dy taken by user 'd021fc10-4f7c-11e8-88cb-00163e6a7aff'.
2018-07-18 10:51:59,197+01 INFO  [org.ovirt.engine.core.bll.SetVmTicketCommand] 
(default task-18) [7881a832] No permission found for
user '9386d6f5-f172-4cdb-abca-62492a357888' or one of the groups he is member 
of, when running action 'SetVmTicket', Required permiss
ions are: Action type: 'USER' Action group: 'RECONNECT_TO_

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

2018-07-26 Thread Greg Sheremeta

>From your other thread, I'm guessing 4.2.4.

Can you send the link to the squid guide you used?

On Wed, Jul 25, 2018 at 7:55 PM Greg Sheremeta  wrote:

> Hi Callum,
>
> What version of ovirt-web-ui is this?
>
> Greg
>
> On Wed, Jul 18, 2018 at 7:12 AM Callum Smith  wrote:
>
>> Dear All,
>>
>> Those error logs are relevant only to another issue, please ignore.
>>
>> There appears to be a problem to do with authentication through the squid
>> proxy though, which presents differently in Safari and Firefox:
>>
>>
>> Sorry for the screenshots but its the only way i can extract this data
>> due to the page-refresh.
>>
>> Regards,
>> Callum
>>
>> --
>>
>> Callum Smith
>> Research Computing Core
>> Wellcome Trust Centre for Human Genetics
>> University of Oxford
>> e. cal...@well.ox.ac.uk
>>
>> On 18 Jul 2018, at 10:54, Callum Smith  wrote:
>>
>> Dear All,
>>
>> Some relevant error logs:
>>
>> 2018-07-18 10:51:33,554+01 INFO
>>  [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-9)
>> [557ca876] Running command
>> : CreateUserSessionCommand internal: false.
>> 2018-07-18 10:51:33,575+01 INFO
>>  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>> (default task-9) [557ca876] E
>> VENT_ID: USER_VDC_LOGIN(30), User callum@Biomedical Research Computing
>> connecting from '192.168.1.241' using session 'wiWA25wdaRP1zay
>> iyTSGBJKpvi89LdzgKqeX12BcZhNVhpV2BIA+zkAnT50xOSDglxnhfAi3S2ZiODls8JYFUA=='
>> logged in.
>> 2018-07-18 10:51:34,135+01 ERROR
>> [org.ovirt.engine.core.bll.GetSystemStatisticsQuery] (default task-5)
>> [8d830cdb-fc11-4e68-94e6-73309
>> 65c4488] Query execution failed due to insufficient permissions.
>> 2018-07-18 10:51:34,205+01 ERROR
>> [org.ovirt.engine.core.bll.GetPermissionsForObjectQuery] (default task-26)
>> [ba1825f1-60fb-44cd-8b57-
>> ea701cf698c0] Query execution failed due to insufficient permissions.
>> 2018-07-18 10:51:34,242+01 ERROR
>> [org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default
>> task-26) [] Operation Faile
>> d: query execution failed due to insufficient permissions.
>> 2018-07-18 10:51:34,389+01 ERROR
>> [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery]
>> (default task-17) [02965366
>> -44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient
>> permissions.
>> 2018-07-18 10:51:34,393+01 ERROR
>> [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery]
>> (default task-17) [02965366
>> -44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient
>> permissions.
>> 2018-07-18 10:51:34,394+01 ERROR
>> [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery]
>> (default task-17) [02965366
>> -44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient
>> permissions.
>> 2018-07-18 10:51:34,396+01 ERROR
>> [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery]
>> (default task-17) [02965366
>> -44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient
>> permissions.
>> 2018-07-18 10:51:59,195+01 WARN
>>  [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-18)
>> [7881a832] User '9386d6f5-f172-4cdb
>> -abca-62492a357888' is trying to take the console of virtual machine
>> 'ddb23e0a-01d5-403c-89ab-37c400d2c938', but the console is alrea
>> dy taken by user 'd021fc10-4f7c-11e8-88cb-00163e6a7aff'.
>> 2018-07-18 10:51:59,197+01 INFO
>>  [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-18)
>> [7881a832] No permission found for
>> user '9386d6f5-f172-4cdb-abca-62492a357888' or one of the groups he is
>> member of, when running action 'SetVmTicket', Required permiss
>> ions are: Action type: 'USER' Action group: 'RECONNECT_TO_VM' Object
>> type: 'VM'  Object ID: 'ddb23e0a-01d5-403c-89ab-37c400d2c938'.
>> 2018-07-18 10:51:59,197+01 WARN
>>  [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-18)
>> [7881a832] Validation of action 'Se
>> tVmTicket' failed for user callum@Biomedical Research Computing.
>> Reasons: VAR__ACTION__SET,VAR__TYPE__VM_TICKET,USER_CANNOT_FORCE_REC
>> ONNECT_TO_VM
>> 2018-07-18 10:51:59,198+01 ERROR
>> [org.ovirt.engine.api.restapi.resource.BackendVmGraphicsConsoleResource]
>> (default task-18) [] Operat
>> ion Failed: USER_CANNOT_FORCE_RECONNECT_TO_VM
>>
>> Seems like there's a permission missing in there - this is a newly
>> attached LDAP group.
>>
>> Regards,
>> Callum
>>
>> --
>>
>> Callum Smith
>> Research Computing Core
>> Wellcome Trust Centre for Human Genetics
>> University of Oxford
>> e. cal...@well.ox.ac.uk
>>
>> On 17 Jul 2018, at 10:02, Callum Smith  wrote:
>>
>> Dear All,
>>
>> Does anyone know how to set such options in the web-ui?
>>
>> Regards,
>> Callum
>>
>> --
>>
>> Callum Smith
>> Research Computing Core
>> Wellcome Trust Centre for Human Genetics
>> University of Oxford
>> e. cal...@well.ox.ac.uk
>>
>> On 12 Jul 2018, at 11:09, Callum Smith  wrote:
>>
>> Dear oVirt Gurus,
>>
>> Using the oVirt user VM portal seems to not work

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

2018-07-18 Thread Callum Smith

Dear All,

Some relevant error logs:

2018-07-18 10:51:33,554+01 INFO  
[org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-9) 
[557ca876] Running command
: CreateUserSessionCommand internal: false.
2018-07-18 10:51:33,575+01 INFO  
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default 
task-9) [557ca876] E
VENT_ID: USER_VDC_LOGIN(30), User callum@Biomedical Research Computing 
connecting from '192.168.1.241' using session 'wiWA25wdaRP1zay
iyTSGBJKpvi89LdzgKqeX12BcZhNVhpV2BIA+zkAnT50xOSDglxnhfAi3S2ZiODls8JYFUA==' 
logged in.
2018-07-18 10:51:34,135+01 ERROR 
[org.ovirt.engine.core.bll.GetSystemStatisticsQuery] (default task-5) 
[8d830cdb-fc11-4e68-94e6-73309
65c4488] Query execution failed due to insufficient permissions.
2018-07-18 10:51:34,205+01 ERROR 
[org.ovirt.engine.core.bll.GetPermissionsForObjectQuery] (default task-26) 
[ba1825f1-60fb-44cd-8b57-
ea701cf698c0] Query execution failed due to insufficient permissions.
2018-07-18 10:51:34,242+01 ERROR 
[org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default 
task-26) [] Operation Faile
d: query execution failed due to insufficient permissions.
2018-07-18 10:51:34,389+01 ERROR 
[org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] 
(default task-17) [02965366
-44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient 
permissions.
2018-07-18 10:51:34,393+01 ERROR 
[org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] 
(default task-17) [02965366
-44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient 
permissions.
2018-07-18 10:51:34,394+01 ERROR 
[org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] 
(default task-17) [02965366
-44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient 
permissions.
2018-07-18 10:51:34,396+01 ERROR 
[org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] 
(default task-17) [02965366
-44b0-4370-ab83-4781065e46c2] Query execution failed due to insufficient 
permissions.
2018-07-18 10:51:59,195+01 WARN  [org.ovirt.engine.core.bll.SetVmTicketCommand] 
(default task-18) [7881a832] User '9386d6f5-f172-4cdb
-abca-62492a357888' is trying to take the console of virtual machine 
'ddb23e0a-01d5-403c-89ab-37c400d2c938', but the console is alrea
dy taken by user 'd021fc10-4f7c-11e8-88cb-00163e6a7aff'.
2018-07-18 10:51:59,197+01 INFO  [org.ovirt.engine.core.bll.SetVmTicketCommand] 
(default task-18) [7881a832] No permission found for
user '9386d6f5-f172-4cdb-abca-62492a357888' or one of the groups he is member 
of, when running action 'SetVmTicket', Required permiss
ions are: Action type: 'USER' Action group: 'RECONNECT_TO_VM' Object type: 'VM' 
 Object ID: 'ddb23e0a-01d5-403c-89ab-37c400d2c938'.
2018-07-18 10:51:59,197+01 WARN  [org.ovirt.engine.core.bll.SetVmTicketCommand] 
(default task-18) [7881a832] Validation of action 'Se
tVmTicket' failed for user callum@Biomedical Research Computing. Reasons: 
VAR__ACTION__SET,VAR__TYPE__VM_TICKET,USER_CANNOT_FORCE_REC
ONNECT_TO_VM
2018-07-18 10:51:59,198+01 ERROR 
[org.ovirt.engine.api.restapi.resource.BackendVmGraphicsConsoleResource] 
(default task-18) [] Operat
ion Failed: USER_CANNOT_FORCE_RECONNECT_TO_VM

Seems like there's a permission missing in there - this is a newly attached 
LDAP group.

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. cal...@well.ox.ac.uk

On 17 Jul 2018, at 10:02, Callum Smith 
mailto:cal...@well.ox.ac.uk>> wrote:

Dear All,

Does anyone know how to set such options in the web-ui?

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. cal...@well.ox.ac.uk

On 12 Jul 2018, at 11:09, Callum Smith 
mailto:cal...@well.ox.ac.uk>> wrote:

Dear oVirt Gurus,

Using the oVirt user VM portal seems to not work through the squid proxy setup 
(configured as per the guide). The page loads and login works fine through the 
proxy, but the asynchronous requests just hang. I've attached a screenshot, but 
you can see the "api" endpoint just hanging in a web inspector:
"https://proxyfqdn/ovirt-engine/api/";



This works fine when not going through the proxy.

Is there a way to force noVNC HTML as the console mode through the web-ui, or 
at least have it as an option if not default?

The console seems not to work when logged in with a base 'user role'.

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. cal...@well.ox.ac.uk

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to 
users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
htt

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

2018-07-17 Thread Callum Smith

Dear All,

Does anyone know how to set such options in the web-ui?

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. cal...@well.ox.ac.uk

On 12 Jul 2018, at 11:09, Callum Smith 
mailto:cal...@well.ox.ac.uk>> wrote:

Dear oVirt Gurus,

Using the oVirt user VM portal seems to not work through the squid proxy setup 
(configured as per the guide). The page loads and login works fine through the 
proxy, but the asynchronous requests just hang. I've attached a screenshot, but 
you can see the "api" endpoint just hanging in a web inspector:
"https://proxyfqdn/ovirt-engine/api/";



This works fine when not going through the proxy.

Is there a way to force noVNC HTML as the console mode through the web-ui, or 
at least have it as an option if not default?

The console seems not to work when logged in with a base 'user role'.

Regards,
Callum

--

Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. cal...@well.ox.ac.uk

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to 
users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VZIGGZZ2IIHBZ65QCX5PLB65DEMRQD4X/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7NBOGYVL4EAH4QQI6ETPMFNXC5VSTZCP/

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

[ovirt-users] Re: Using the web-ui VM portal through a proxy failing

12 matches

Site Navigation

Mail list logo

Footer information