Hi Callum, We figured it out. Please see https://github.com/oVirt/ovirt-web-ui/issues/938#issuecomment-464067457 Let me know if that helps?
Greg On Tue, Jan 29, 2019 at 8:31 PM Greg Sheremeta <gsher...@redhat.com> wrote: > Hey, > > https://github.com/oVirt/ovirt-web-ui/issues/938 > > You can follow progress there. Thank you for reporting. > > Best wishes, > Greg > > On Wed, Oct 24, 2018 at 11:41 AM Callum Smith <cal...@well.ox.ac.uk> > wrote: > >> Dear Greg, >> >> Here's my config, this is based on the original guide and some other >> stuff that i found to help make it work. >> Squid Cache: Version 3.5.20 >> >> https_port 443 accel key=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.key >> cert=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.crt defaultsite=<ovirt >> engine node> >> cache_peer <ovirt engine node> parent 443 0 no-query originserver ssl >> sslcafile=/etc/squid/ca.pem sslflags=DONT_VERIFY_PEER name=engine >> cache_peer_access engine allow all >> ssl_bump allow all >> http_port 3128 >> acl ovirt_nodes dst <ovirt engine hosts subnet> >> acl ovirt_engine dstdomain .<ovirt engine node> >> acl all_ips src 1.1.1.1/1 >> http_access allow ovirt_nodes ovirt_engine >> http_access allow all_ips >> http_access allow all >> >> >> # Following are from: >> # https://access.redhat.com/solutions/425693 >> >> # Leave coredumps in the first cache dir >> coredump_dir /var/spool/squid >> >> # RHEV and Spice may leave connections idle for long periods >> pconn_timeout 12 hours >> request_timeout 12 hours >> read_timeout 12 hours >> >> # We need approx 20 open filehandles per spice client >> max_filedesc 16384 >> >> Regards, >> Callum >> >> -- >> >> Callum Smith >> Research Computing Core >> Wellcome Trust Centre for Human Genetics >> University of Oxford >> e. cal...@well.ox.ac.uk >> >> On 3 Oct 2018, at 00:39, Greg Sheremeta <gsher...@redhat.com> wrote: >> >> Hi Callum, >> >> I took a look at this, but got in the weeds pretty quickly with squid >> configuration. I can help more offline, but it might be a while. >> >> It'll probably be easier if you can provide me exact steps for how I >> could reproduce. Looks like I need to generate some keys. Can you create >> and share a simple reproducer? >> >> Greg >> >> >> On Thu, Sep 20, 2018 at 11:37 AM Callum Smith <cal...@well.ox.ac.uk> >> wrote: >> >>> Dear Greg, >>> >>> Did you manage to get any further with this, reverse proxy is rather >>> critical to this project. >>> >>> Regards, >>> Callum >>> >>> -- >>> >>> Callum Smith >>> Research Computing Core >>> Wellcome Trust Centre for Human Genetics >>> University of Oxford >>> e. cal...@well.ox.ac.uk >>> >>> On 6 Aug 2018, at 12:13, Greg Sheremeta <gsher...@redhat.com> wrote: >>> >>> I'll look into it and get back to you. >>> >>> On Mon, Aug 6, 2018 at 7:02 AM Callum Smith <cal...@well.ox.ac.uk> >>> wrote: >>> >>>> Dear Greg, >>>> >>>> So what's the go-to here, it seems so close but something in the API >>>> ajax is failing. >>>> >>>> Regards, >>>> Callum >>>> >>>> -- >>>> >>>> Callum Smith >>>> Research Computing Core >>>> Wellcome Trust Centre for Human Genetics >>>> University of Oxford >>>> e. cal...@well.ox.ac.uk >>>> >>>> On 27 Jul 2018, at 12:21, Greg Sheremeta <gsher...@redhat.com> wrote: >>>> >>>> On Fri, Jul 27, 2018 at 4:39 AM Callum Smith <cal...@well.ox.ac.uk> >>>> wrote: >>>> >>>>> Dear Greg, >>>>> >>>>> Indeed, always the latest and greatest for us while trying to get this >>>>> running. >>>>> >>>>> https://www.ovirt.org/documentation/security/squid-reverse-proxy/ >>>>> >>>> >>>> Arrggghh, that is referring to the old GWT UserPortal and not the new >>>> react-based VM Portal. (I'll delete it / mark it obsolete. I apologize for >>>> the out-of-date state of our documentation. I am working on improving it.) >>>> >>>> Unfortunately we have never tested VM Portal with squid. >>>> >>>> @Lukas Svaty <lsv...@redhat.com> any chance you or someone on the team >>>> can assist? >>>> >>>> >>>>> >>>>> And the squid.conf file looks like this: >>>>> >>>>> https_port 443 accel >>>>> key=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.key >>>>> cert=/etc/squid/rescomp-vmgw.well.ox.ac.uk.proxy.crt >>>>> defaultsite=ovirtengine.cluster >>>>> cache_peer ovirtengine.cluster parent 443 0 no-query originserver ssl >>>>> sslcafile=/etc/squid/ca.pem sslflags=DONT_VERIFY_PEER name=engine >>>>> cache_peer_access engine allow all >>>>> ssl_bump allow all >>>>> http_port 3128 >>>>> acl ovirt_nodes dst 192.168.64.0/24 >>>>> acl ovirt_engine dstdomain .ovirtengine.cluster >>>>> acl all_ips src 1.1.1.1/1 >>>>> http_access allow ovirt_nodes ovirt_engine >>>>> http_access allow all_ips >>>>> http_access allow all >>>>> >>>>> >>>>> # Following are from: >>>>> # https://access.redhat.com/solutions/425693 >>>>> >>>>> # Leave coredumps in the first cache dir >>>>> coredump_dir /var/spool/squid >>>>> >>>>> # RHEV and Spice may leave connections idle for long periods >>>>> pconn_timeout 12 hours >>>>> request_timeout 12 hours >>>>> read_timeout 12 hours >>>>> >>>>> # We need approx 20 open filehandles per spice client >>>>> max_filedesc 16384 >>>>> >>>>> Regards, >>>>> Callum >>>>> >>>>> -- >>>>> >>>>> Callum Smith >>>>> Research Computing Core >>>>> Wellcome Trust Centre for Human Genetics >>>>> University of Oxford >>>>> e. cal...@well.ox.ac.uk >>>>> >>>>> On 27 Jul 2018, at 01:15, Greg Sheremeta <gsher...@redhat.com> wrote: >>>>> >>>>> From your other thread, I'm guessing 4.2.4. >>>>> >>>>> Can you send the link to the squid guide you used? >>>>> >>>>> On Wed, Jul 25, 2018 at 7:55 PM Greg Sheremeta <gsher...@redhat.com> >>>>> wrote: >>>>> >>>>>> Hi Callum, >>>>>> >>>>>> What version of ovirt-web-ui is this? >>>>>> >>>>>> Greg >>>>>> >>>>>> On Wed, Jul 18, 2018 at 7:12 AM Callum Smith <cal...@well.ox.ac.uk> >>>>>> wrote: >>>>>> >>>>>>> Dear All, >>>>>>> >>>>>>> Those error logs are relevant only to another issue, please ignore. >>>>>>> >>>>>>> There appears to be a problem to do with authentication through the >>>>>>> squid proxy though, which presents differently in Safari and Firefox: >>>>>>> >>>>>>> >>>>>>> Sorry for the screenshots but its the only way i can extract this >>>>>>> data due to the page-refresh. >>>>>>> >>>>>>> Regards, >>>>>>> Callum >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Callum Smith >>>>>>> Research Computing Core >>>>>>> Wellcome Trust Centre for Human Genetics >>>>>>> University of Oxford >>>>>>> e. cal...@well.ox.ac.uk >>>>>>> >>>>>>> On 18 Jul 2018, at 10:54, Callum Smith <cal...@well.ox.ac.uk> wrote: >>>>>>> >>>>>>> Dear All, >>>>>>> >>>>>>> Some relevant error logs: >>>>>>> >>>>>>> 2018-07-18 10:51:33,554+01 INFO >>>>>>> [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default >>>>>>> task-9) >>>>>>> [557ca876] Running command >>>>>>> : CreateUserSessionCommand internal: false. >>>>>>> 2018-07-18 10:51:33,575+01 INFO >>>>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] >>>>>>> (default task-9) [557ca876] E >>>>>>> VENT_ID: USER_VDC_LOGIN(30), User callum@Biomedical Research >>>>>>> Computing connecting from '192.168.1.241' using session 'wiWA25wdaRP1zay >>>>>>> iyTSGBJKpvi89LdzgKqeX12BcZhNVhpV2BIA+zkAnT50xOSDglxnhfAi3S2ZiODls8JYFUA==' >>>>>>> logged in. >>>>>>> 2018-07-18 10:51:34,135+01 ERROR >>>>>>> [org.ovirt.engine.core.bll.GetSystemStatisticsQuery] (default task-5) >>>>>>> [8d830cdb-fc11-4e68-94e6-73309 >>>>>>> 65c4488] Query execution failed due to insufficient permissions. >>>>>>> 2018-07-18 10:51:34,205+01 ERROR >>>>>>> [org.ovirt.engine.core.bll.GetPermissionsForObjectQuery] (default >>>>>>> task-26) >>>>>>> [ba1825f1-60fb-44cd-8b57- >>>>>>> ea701cf698c0] Query execution failed due to insufficient permissions. >>>>>>> 2018-07-18 10:51:34,242+01 ERROR >>>>>>> [org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default >>>>>>> task-26) [] Operation Faile >>>>>>> d: query execution failed due to insufficient permissions. >>>>>>> 2018-07-18 10:51:34,389+01 ERROR >>>>>>> [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] >>>>>>> (default task-17) [02965366 >>>>>>> -44b0-4370-ab83-4781065e46c2] Query execution failed due to >>>>>>> insufficient permissions. >>>>>>> 2018-07-18 10:51:34,393+01 ERROR >>>>>>> [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] >>>>>>> (default task-17) [02965366 >>>>>>> -44b0-4370-ab83-4781065e46c2] Query execution failed due to >>>>>>> insufficient permissions. >>>>>>> 2018-07-18 10:51:34,394+01 ERROR >>>>>>> [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] >>>>>>> (default task-17) [02965366 >>>>>>> -44b0-4370-ab83-4781065e46c2] Query execution failed due to >>>>>>> insufficient permissions. >>>>>>> 2018-07-18 10:51:34,396+01 ERROR >>>>>>> [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] >>>>>>> (default task-17) [02965366 >>>>>>> -44b0-4370-ab83-4781065e46c2] Query execution failed due to >>>>>>> insufficient permissions. >>>>>>> 2018-07-18 10:51:59,195+01 WARN >>>>>>> [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-18) >>>>>>> [7881a832] User '9386d6f5-f172-4cdb >>>>>>> -abca-62492a357888' is trying to take the console of virtual machine >>>>>>> 'ddb23e0a-01d5-403c-89ab-37c400d2c938', but the console is alrea >>>>>>> dy taken by user 'd021fc10-4f7c-11e8-88cb-00163e6a7aff'. >>>>>>> 2018-07-18 10:51:59,197+01 INFO >>>>>>> [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-18) >>>>>>> [7881a832] No permission found for >>>>>>> user '9386d6f5-f172-4cdb-abca-62492a357888' or one of the groups he >>>>>>> is member of, when running action 'SetVmTicket', Required permiss >>>>>>> ions are: Action type: 'USER' Action group: 'RECONNECT_TO_VM' Object >>>>>>> type: 'VM' Object ID: 'ddb23e0a-01d5-403c-89ab-37c400d2c938'. >>>>>>> 2018-07-18 10:51:59,197+01 WARN >>>>>>> [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-18) >>>>>>> [7881a832] Validation of action 'Se >>>>>>> tVmTicket' failed for user callum@Biomedical Research Computing. >>>>>>> Reasons: VAR__ACTION__SET,VAR__TYPE__VM_TICKET,USER_CANNOT_FORCE_REC >>>>>>> ONNECT_TO_VM >>>>>>> 2018-07-18 10:51:59,198+01 ERROR >>>>>>> [org.ovirt.engine.api.restapi.resource.BackendVmGraphicsConsoleResource] >>>>>>> (default task-18) [] Operat >>>>>>> ion Failed: USER_CANNOT_FORCE_RECONNECT_TO_VM >>>>>>> >>>>>>> Seems like there's a permission missing in there - this is a newly >>>>>>> attached LDAP group. >>>>>>> >>>>>>> Regards, >>>>>>> Callum >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Callum Smith >>>>>>> Research Computing Core >>>>>>> Wellcome Trust Centre for Human Genetics >>>>>>> University of Oxford >>>>>>> e. cal...@well.ox.ac.uk >>>>>>> >>>>>>> On 17 Jul 2018, at 10:02, Callum Smith <cal...@well.ox.ac.uk> wrote: >>>>>>> >>>>>>> Dear All, >>>>>>> >>>>>>> Does anyone know how to set such options in the web-ui? >>>>>>> >>>>>>> Regards, >>>>>>> Callum >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Callum Smith >>>>>>> Research Computing Core >>>>>>> Wellcome Trust Centre for Human Genetics >>>>>>> University of Oxford >>>>>>> e. cal...@well.ox.ac.uk >>>>>>> >>>>>>> On 12 Jul 2018, at 11:09, Callum Smith <cal...@well.ox.ac.uk> wrote: >>>>>>> >>>>>>> Dear oVirt Gurus, >>>>>>> >>>>>>> Using the oVirt user VM portal seems to not work through the squid >>>>>>> proxy setup (configured as per the guide). The page loads and login >>>>>>> works >>>>>>> fine through the proxy, but the asynchronous requests just hang. I've >>>>>>> attached a screenshot, but you can see the "api" endpoint just hanging >>>>>>> in a >>>>>>> web inspector: >>>>>>> "https://proxyfqdn/ovirt-engine/api/" >>>>>>> >>>>>>> <Screen Shot 2018-07-12 at 11.06.50.png> >>>>>>> >>>>>>> This works fine when not going through the proxy. >>>>>>> >>>>>>> Is there a way to force noVNC HTML as the console mode through the >>>>>>> web-ui, or at least have it as an option if not default? >>>>>>> >>>>>>> The console seems not to work when logged in with a base 'user role'. >>>>>>> >>>>>>> Regards, >>>>>>> Callum >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Callum Smith >>>>>>> Research Computing Core >>>>>>> Wellcome Trust Centre for Human Genetics >>>>>>> University of Oxford >>>>>>> e. cal...@well.ox.ac.uk >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Users mailing list -- users@ovirt.org >>>>>>> To unsubscribe send an email to users-le...@ovirt.org >>>>>>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >>>>>>> oVirt Code of Conduct: >>>>>>> https://www.ovirt.org/community/about/community-guidelines/ >>>>>>> List Archives: >>>>>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/VZIGGZZ2IIHBZ65QCX5PLB65DEMRQD4X/ >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Users mailing list -- users@ovirt.org >>>>>>> To unsubscribe send an email to users-le...@ovirt.org >>>>>>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >>>>>>> oVirt Code of Conduct: >>>>>>> https://www.ovirt.org/community/about/community-guidelines/ >>>>>>> List Archives: >>>>>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/7NBOGYVL4EAH4QQI6ETPMFNXC5VSTZCP/ >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Users mailing list -- users@ovirt.org >>>>>>> To unsubscribe send an email to users-le...@ovirt.org >>>>>>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >>>>>>> oVirt Code of Conduct: >>>>>>> https://www.ovirt.org/community/about/community-guidelines/ >>>>>>> List Archives: >>>>>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/XSH4JVJPKMWWSOWVDMURWF6BXKBTYUCT/ >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Users mailing list -- users@ovirt.org >>>>>>> To unsubscribe send an email to users-le...@ovirt.org >>>>>>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >>>>>>> oVirt Code of Conduct: >>>>>>> https://www.ovirt.org/community/about/community-guidelines/ >>>>>>> List Archives: >>>>>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/RYFQ2ZGCERCNSEUUPB62UEPATJ7R4URU/ >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> GREG SHEREMETA >>>>>> >>>>>> SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX >>>>>> Red Hat NA >>>>>> >>>>>> <https://www.redhat.com/> >>>>>> >>>>>> gsher...@redhat.com IRC: gshereme >>>>>> <https://red.ht/sig> >>>>>> >>>>> >>>>> >>>>> -- >>>>> GREG SHEREMETA >>>>> >>>>> SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX >>>>> Red Hat NA >>>>> >>>>> <https://www.redhat.com/> >>>>> >>>>> gsher...@redhat.com IRC: gshereme >>>>> <https://red.ht/sig> >>>>> >>>>> >>>>> >>>> >>>> -- >>>> GREG SHEREMETA >>>> >>>> SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX >>>> Red Hat NA >>>> >>>> <https://www.redhat.com/> >>>> >>>> gsher...@redhat.com IRC: gshereme >>>> <https://red.ht/sig> >>>> >>>> >>>> >>> >>> -- >>> GREG SHEREMETA >>> >>> SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX >>> Red Hat NA >>> >>> <https://www.redhat.com/> >>> >>> gsher...@redhat.com IRC: gshereme >>> <https://red.ht/sig> >>> >>> >>> >> >> -- >> GREG SHEREMETA >> >> SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX >> Red Hat NA >> >> <https://www.redhat.com/> >> >> gsher...@redhat.com IRC: gshereme >> <https://red.ht/sig> >> >> >> > > -- > > GREG SHEREMETA > > SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX > > Red Hat NA > > <https://www.redhat.com/> > > gsher...@redhat.com IRC: gshereme > <https://red.ht/sig> > -- GREG SHEREMETA SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX Red Hat NA <https://www.redhat.com/> gsher...@redhat.com IRC: gshereme <https://red.ht/sig>
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/QZWV3LW3ZMEK7FWH42AIGZM7JVAJQYC4/