Hi Callum, I took a look at this, but got in the weeds pretty quickly with squid configuration. I can help more offline, but it might be a while.
It'll probably be easier if you can provide me exact steps for how I could reproduce. Looks like I need to generate some keys. Can you create and share a simple reproducer? Greg On Thu, Sep 20, 2018 at 11:37 AM Callum Smith <[email protected]> wrote: > Dear Greg, > > Did you manage to get any further with this, reverse proxy is rather > critical to this project. > > Regards, > Callum > > -- > > Callum Smith > Research Computing Core > Wellcome Trust Centre for Human Genetics > University of Oxford > e. [email protected] > > On 6 Aug 2018, at 12:13, Greg Sheremeta <[email protected]> wrote: > > I'll look into it and get back to you. > > On Mon, Aug 6, 2018 at 7:02 AM Callum Smith <[email protected]> wrote: > >> Dear Greg, >> >> So what's the go-to here, it seems so close but something in the API ajax >> is failing. >> >> Regards, >> Callum >> >> -- >> >> Callum Smith >> Research Computing Core >> Wellcome Trust Centre for Human Genetics >> University of Oxford >> e. [email protected] >> >> On 27 Jul 2018, at 12:21, Greg Sheremeta <[email protected]> wrote: >> >> On Fri, Jul 27, 2018 at 4:39 AM Callum Smith <[email protected]> >> wrote: >> >>> Dear Greg, >>> >>> Indeed, always the latest and greatest for us while trying to get this >>> running. >>> >>> https://www.ovirt.org/documentation/security/squid-reverse-proxy/ >>> >> >> Arrggghh, that is referring to the old GWT UserPortal and not the new >> react-based VM Portal. (I'll delete it / mark it obsolete. I apologize for >> the out-of-date state of our documentation. I am working on improving it.) >> >> Unfortunately we have never tested VM Portal with squid. >> >> @Lukas Svaty <[email protected]> any chance you or someone on the team >> can assist? >> >> >>> >>> And the squid.conf file looks like this: >>> >>> https_port 443 accel key=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.key >>> cert=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.crt >>> defaultsite=ovirtengine.cluster >>> cache_peer ovirtengine.cluster parent 443 0 no-query originserver ssl >>> sslcafile=/etc/squid/ca.pem sslflags=DONT_VERIFY_PEER name=engine >>> cache_peer_access engine allow all >>> ssl_bump allow all >>> http_port 3128 >>> acl ovirt_nodes dst 192.168.64.0/24 >>> acl ovirt_engine dstdomain .ovirtengine.cluster >>> acl all_ips src 1.1.1.1/1 >>> http_access allow ovirt_nodes ovirt_engine >>> http_access allow all_ips >>> http_access allow all >>> >>> >>> # Following are from: >>> # https://access.redhat.com/solutions/425693 >>> >>> # Leave coredumps in the first cache dir >>> coredump_dir /var/spool/squid >>> >>> # RHEV and Spice may leave connections idle for long periods >>> pconn_timeout 12 hours >>> request_timeout 12 hours >>> read_timeout 12 hours >>> >>> # We need approx 20 open filehandles per spice client >>> max_filedesc 16384 >>> >>> Regards, >>> Callum >>> >>> -- >>> >>> Callum Smith >>> Research Computing Core >>> Wellcome Trust Centre for Human Genetics >>> University of Oxford >>> e. [email protected] >>> >>> On 27 Jul 2018, at 01:15, Greg Sheremeta <[email protected]> wrote: >>> >>> From your other thread, I'm guessing 4.2.4. >>> >>> Can you send the link to the squid guide you used? >>> >>> On Wed, Jul 25, 2018 at 7:55 PM Greg Sheremeta <[email protected]> >>> wrote: >>> >>>> Hi Callum, >>>> >>>> What version of ovirt-web-ui is this? >>>> >>>> Greg >>>> >>>> On Wed, Jul 18, 2018 at 7:12 AM Callum Smith <[email protected]> >>>> wrote: >>>> >>>>> Dear All, >>>>> >>>>> Those error logs are relevant only to another issue, please ignore. >>>>> >>>>> There appears to be a problem to do with authentication through the >>>>> squid proxy though, which presents differently in Safari and Firefox: >>>>> >>>>> >>>>> Sorry for the screenshots but its the only way i can extract this data >>>>> due to the page-refresh. >>>>> >>>>> Regards, >>>>> Callum >>>>> >>>>> -- >>>>> >>>>> Callum Smith >>>>> Research Computing Core >>>>> Wellcome Trust Centre for Human Genetics >>>>> University of Oxford >>>>> e. [email protected] >>>>> >>>>> On 18 Jul 2018, at 10:54, Callum Smith <[email protected]> wrote: >>>>> >>>>> Dear All, >>>>> >>>>> Some relevant error logs: >>>>> >>>>> 2018-07-18 10:51:33,554+01 INFO >>>>> [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-9) >>>>> [557ca876] Running command >>>>> : CreateUserSessionCommand internal: false. >>>>> 2018-07-18 10:51:33,575+01 INFO >>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>>> (default task-9) [557ca876] E >>>>> VENT_ID: USER_VDC_LOGIN(30), User callum@Biomedical Research >>>>> Computing connecting from '192.168.1.241' using session 'wiWA25wdaRP1zay >>>>> iyTSGBJKpvi89LdzgKqeX12BcZhNVhpV2BIA+zkAnT50xOSDglxnhfAi3S2ZiODls8JYFUA==' >>>>> logged in. >>>>> 2018-07-18 10:51:34,135+01 ERROR >>>>> [org.ovirt.engine.core.bll.GetSystemStatisticsQuery] (default task-5) >>>>> [8d830cdb-fc11-4e68-94e6-73309 >>>>> 65c4488] Query execution failed due to insufficient permissions. >>>>> 2018-07-18 10:51:34,205+01 ERROR >>>>> [org.ovirt.engine.core.bll.GetPermissionsForObjectQuery] (default task-26) >>>>> [ba1825f1-60fb-44cd-8b57- >>>>> ea701cf698c0] Query execution failed due to insufficient permissions. >>>>> 2018-07-18 10:51:34,242+01 ERROR >>>>> [org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default >>>>> task-26) [] Operation Faile >>>>> d: query execution failed due to insufficient permissions. >>>>> 2018-07-18 10:51:34,389+01 ERROR >>>>> [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] >>>>> (default task-17) [02965366 >>>>> -44b0-4370-ab83-4781065e46c2] Query execution failed due to >>>>> insufficient permissions. >>>>> 2018-07-18 10:51:34,393+01 ERROR >>>>> [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] >>>>> (default task-17) [02965366 >>>>> -44b0-4370-ab83-4781065e46c2] Query execution failed due to >>>>> insufficient permissions. >>>>> 2018-07-18 10:51:34,394+01 ERROR >>>>> [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] >>>>> (default task-17) [02965366 >>>>> -44b0-4370-ab83-4781065e46c2] Query execution failed due to >>>>> insufficient permissions. >>>>> 2018-07-18 10:51:34,396+01 ERROR >>>>> [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] >>>>> (default task-17) [02965366 >>>>> -44b0-4370-ab83-4781065e46c2] Query execution failed due to >>>>> insufficient permissions. >>>>> 2018-07-18 10:51:59,195+01 WARN >>>>> [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-18) >>>>> [7881a832] User '9386d6f5-f172-4cdb >>>>> -abca-62492a357888' is trying to take the console of virtual machine >>>>> 'ddb23e0a-01d5-403c-89ab-37c400d2c938', but the console is alrea >>>>> dy taken by user 'd021fc10-4f7c-11e8-88cb-00163e6a7aff'. >>>>> 2018-07-18 10:51:59,197+01 INFO >>>>> [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-18) >>>>> [7881a832] No permission found for >>>>> user '9386d6f5-f172-4cdb-abca-62492a357888' or one of the groups he is >>>>> member of, when running action 'SetVmTicket', Required permiss >>>>> ions are: Action type: 'USER' Action group: 'RECONNECT_TO_VM' Object >>>>> type: 'VM' Object ID: 'ddb23e0a-01d5-403c-89ab-37c400d2c938'. >>>>> 2018-07-18 10:51:59,197+01 WARN >>>>> [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-18) >>>>> [7881a832] Validation of action 'Se >>>>> tVmTicket' failed for user callum@Biomedical Research Computing. >>>>> Reasons: VAR__ACTION__SET,VAR__TYPE__VM_TICKET,USER_CANNOT_FORCE_REC >>>>> ONNECT_TO_VM >>>>> 2018-07-18 10:51:59,198+01 ERROR >>>>> [org.ovirt.engine.api.restapi.resource.BackendVmGraphicsConsoleResource] >>>>> (default task-18) [] Operat >>>>> ion Failed: USER_CANNOT_FORCE_RECONNECT_TO_VM >>>>> >>>>> Seems like there's a permission missing in there - this is a newly >>>>> attached LDAP group. >>>>> >>>>> Regards, >>>>> Callum >>>>> >>>>> -- >>>>> >>>>> Callum Smith >>>>> Research Computing Core >>>>> Wellcome Trust Centre for Human Genetics >>>>> University of Oxford >>>>> e. [email protected] >>>>> >>>>> On 17 Jul 2018, at 10:02, Callum Smith <[email protected]> wrote: >>>>> >>>>> Dear All, >>>>> >>>>> Does anyone know how to set such options in the web-ui? >>>>> >>>>> Regards, >>>>> Callum >>>>> >>>>> -- >>>>> >>>>> Callum Smith >>>>> Research Computing Core >>>>> Wellcome Trust Centre for Human Genetics >>>>> University of Oxford >>>>> e. [email protected] >>>>> >>>>> On 12 Jul 2018, at 11:09, Callum Smith <[email protected]> wrote: >>>>> >>>>> Dear oVirt Gurus, >>>>> >>>>> Using the oVirt user VM portal seems to not work through the squid >>>>> proxy setup (configured as per the guide). The page loads and login works >>>>> fine through the proxy, but the asynchronous requests just hang. I've >>>>> attached a screenshot, but you can see the "api" endpoint just hanging in >>>>> a >>>>> web inspector: >>>>> "https://proxyfqdn/ovirt-engine/api/"; >>>>> >>>>> <Screen Shot 2018-07-12 at 11.06.50.png> >>>>> >>>>> This works fine when not going through the proxy. >>>>> >>>>> Is there a way to force noVNC HTML as the console mode through the >>>>> web-ui, or at least have it as an option if not default? >>>>> >>>>> The console seems not to work when logged in with a base 'user role'. >>>>> >>>>> Regards, >>>>> Callum >>>>> >>>>> -- >>>>> >>>>> Callum Smith >>>>> Research Computing Core >>>>> Wellcome Trust Centre for Human Genetics >>>>> University of Oxford >>>>> e. [email protected] >>>>> >>>>> _______________________________________________ >>>>> Users mailing list -- [email protected] >>>>> To unsubscribe send an email to [email protected] >>>>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >>>>> oVirt Code of Conduct: >>>>> https://www.ovirt.org/community/about/community-guidelines/ >>>>> List Archives: >>>>> https://lists.ovirt.org/archives/list/[email protected]/message/VZIGGZZ2IIHBZ65QCX5PLB65DEMRQD4X/ >>>>> >>>>> >>>>> _______________________________________________ >>>>> Users mailing list -- [email protected] >>>>> To unsubscribe send an email to [email protected] >>>>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >>>>> oVirt Code of Conduct: >>>>> https://www.ovirt.org/community/about/community-guidelines/ >>>>> List Archives: >>>>> https://lists.ovirt.org/archives/list/[email protected]/message/7NBOGYVL4EAH4QQI6ETPMFNXC5VSTZCP/ >>>>> >>>>> >>>>> _______________________________________________ >>>>> Users mailing list -- [email protected] >>>>> To unsubscribe send an email to [email protected] >>>>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >>>>> oVirt Code of Conduct: >>>>> https://www.ovirt.org/community/about/community-guidelines/ >>>>> List Archives: >>>>> https://lists.ovirt.org/archives/list/[email protected]/message/XSH4JVJPKMWWSOWVDMURWF6BXKBTYUCT/ >>>>> >>>>> >>>>> _______________________________________________ >>>>> Users mailing list -- [email protected] >>>>> To unsubscribe send an email to [email protected] >>>>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >>>>> oVirt Code of Conduct: >>>>> https://www.ovirt.org/community/about/community-guidelines/ >>>>> List Archives: >>>>> https://lists.ovirt.org/archives/list/[email protected]/message/RYFQ2ZGCERCNSEUUPB62UEPATJ7R4URU/ >>>>> >>>> >>>> >>>> -- >>>> GREG SHEREMETA >>>> >>>> SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX >>>> Red Hat NA >>>> >>>> <https://www.redhat.com/> >>>> >>>> [email protected] IRC: gshereme >>>> <https://red.ht/sig> >>>> >>> >>> >>> -- >>> GREG SHEREMETA >>> >>> SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX >>> Red Hat NA >>> >>> <https://www.redhat.com/> >>> >>> [email protected] IRC: gshereme >>> <https://red.ht/sig> >>> >>> >>> >> >> -- >> GREG SHEREMETA >> >> SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX >> Red Hat NA >> >> <https://www.redhat.com/> >> >> [email protected] IRC: gshereme >> <https://red.ht/sig> >> >> >> > > -- > GREG SHEREMETA > > SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX > Red Hat NA > > <https://www.redhat.com/> > > [email protected] IRC: gshereme > <https://red.ht/sig> > > > -- GREG SHEREMETA SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX Red Hat NA <https://www.redhat.com/> [email protected] IRC: gshereme <https://red.ht/sig>
_______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/KXJOYX6JHXPCHSINTGKFLINE3YGYCSVU/
