I've run into a small issue I'm looking to resolve. I currently have 5 hosts
I'm working to configure as oVirt Hosts and a single oVirt Manager to manage
them all. The oVirt Manager can talk to the hosts, the hosts show up, they can
be managed, etc.
Our client PCs reside on a different network (and this can't be changed). We
used to just add the interfaces to communicate on the new network but because
of IP spaces and DFARS/NIST requirements, we are moving away from this. I've
set up a reverse proxy so only a single machine serves as the gateway between
the networks. This works for everything except one small issue. If you click
"Host Console" from the ovirt manager, it opens up a new page with port 9090 to
the cockpit page of the host.
I have this working except I am getting a blank page for cockpit after logging
in. What's even more odd, I can use the reverse proxy settings to browse to the
443 port and redirect to 9090 and i can load everything fine, but 9090 to 9090
does not work. I've looked at other threads and posts, including the GitLab
thing, which got me here, but can't get this last missing piece. Is anybody
able to provide any assistance? Based off research it looks like something I
could edit in the cockpit.conf file, except ovirt apparently doesn't make the
cockpit.conf file... and trying to force it through the GUI by adding /settings
to the URL says page not found.
Alternatively I could edit the oVirt Mgr to point to client to the 443 port and
that'd work, if I knew where to edit those hyperlinks upon click.
P.S. this is a test/develop internal network env which is why i have
proxy_ssl_verify off.
Nginx Reverse Proxy config:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream websocket {
server host11.<domain>:9090;
}
server {
listen 80;
server_name host11.<domain>;
return 301 https://$server_name$request_uri;
}
#Allows user to go directly to server (I work!)
server {
listen 443;
server_name host11.<domain>;
ssl on;
ssl_certificate <path to certificate.pem>;
ssl_certificate_key <path to key.pem>;
proxy_ssl_verify off;
location / {
proxy_pass https://websocket;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
# needed for websocket
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# change scheme of "Origin" to https
proxy_set_header Origin https://$host;
gzip off;
}
}
#allows ovirtmgr host console redirect (I don't work)
server {
listen 9090;
server_name host11.<domain>;
ssl on;
ssl_certificate <path to certificate.pem>;
ssl_certificate_key <path to key.pem>;
proxy_ssl_verify off;
location / {
proxy_pass https://websocket;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
# needed for websocket
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# change scheme of "Origin" to https
proxy_set_header Origin https://$host;
gzip off;
}
}
Host Error Log:
#Log in Page
Dec 17 11:22:15 ovirt11 systemd: Cannot add dependency job for unit
lvm2-lvmetad.socket, ignoring: Unit is masked.
Dec 17 11:22:15 ovirt11 systemd: Starting Cockpit Web Service...
Dec 17 11:22:15 ovirt11 systemd: Started Cockpit Web Service.
Dec 17 11:22:16 ovirt11 cockpit-ws: Using certificate:
/etc/cockpit/ws-certs.d/0-self-signed.cert
Dec 17 11:22:16 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT=
MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251
DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=18185 DF PROTO=TCP
SPT=34518 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:42 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT=
MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251
DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54797 DF PROTO=TCP
SPT=34520 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
#after successfully logging in
Dec 17 11:22:42 ovirt11 cockpit-session: pam_ssh_add: Failed adding some keys
Dec 17 11:22:42 ovirt11 systemd-logind: New session 856 of user locadmin.
Dec 17 11:22:42 ovirt11 systemd: Started Session 856 of user locadmin.
Dec 17 11:22:43 ovirt11 cockpit-ws: logged in user session
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT=
MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251
DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=28754 DF PROTO=TCP
SPT=34522 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT=
MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251
DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24281 DF PROTO=TCP
SPT=34524 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT=
MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251
DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=32811 DF PROTO=TCP
SPT=34526 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT=
MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251
DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24156 DF PROTO=TCP
SPT=34528 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT=
MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251
DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=60945 DF PROTO=TCP
SPT=34530 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT=
MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251
DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=31779 DF PROTO=TCP
SPT=34532 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT=
MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251
DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=45849 DF PROTO=TCP
SPT=34534 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT=
MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251
DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=7433 DF PROTO=TCP
SPT=34536 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT=
MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251
DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13932 DF PROTO=TCP
SPT=34538 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT=
MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251
DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=48921 DF PROTO=TCP
SPT=34540 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT=
MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251
DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23475 DF PROTO=TCP
SPT=34542 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT=
MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251
DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21419 DF PROTO=TCP
SPT=34544 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT=
MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251
DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54052 DF PROTO=TCP
SPT=34546 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT=
MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251
DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=34558 DF PROTO=TCP
SPT=34548 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:58 ovirt11 cockpit-ws: session timed out
Dec 17 11:22:58 ovirt11 systemd-logind: Removed session 856.
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JMK45XBR2DTILY2VBRNW6C7GX6KXTZYA/
