thanks Ravi, can I visit engine that is installed by RPM with http? I strongly
want to visit ovirt engine with http. and ovirt-engine is installed RPM.
is this solution available?
Regards
Hongyu Du
From: Ravi Shankar Nori
Date: 2019-02-15 22:15
To: du_hon...@yeah.net
CC: users
Subject: Re: [ovirt-users] Re: access engine by http
I am not sure we can do what you are asking for. A lot of stuff is not going to
work. AFAIK you will need a dedicated machine to run ovirt engine on the
default ports.
On Thu, Feb 14, 2019 at 10:29 PM du_hon...@yeah.net <du_hon...@yeah.net> wrote:
hi Ravi
sorry, I do not understand when I visit http:192.168.122.176:80/ovirt-engine
still redirect to https:192.168.122.176:443/ovirt-engine, I already fix
sso_clients table;
who redirect http to https??
thanks
engine=# select * from sso_clients
engine-# ;
id | client_id |
client_secret
| callback_prefix |
certificate_location
| notification_callback |
description | email |
scope
| trusted | notification_callback_protocol |
notification_callback_verify_host | notification_callback_verify_chain
----+--------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------+-----------------------------------------+-------------------------------------
---+-------------------------------------------------------------+--------------------+-------+-----------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
------------------------+---------+--------------------------------+-----------------------------------+------------------------------------
1 | ovirt-engine-core |
eyJhcnRpZmFjdCI6IkVudmVsb3BlUEJFIiwic2FsdCI6ImRSc3Y1bnNCR2F0b3M1WTNNOHhiQktGaDlSbEd4SnpjWWxmdzY3NmNUaFk9Iiwic2VjcmV0IjoicE5RM2E0TXQ2aU40MU5YVVY3R0ZMZjcvVnZBMWlWWnN
oOE1ERXozQkIwZz0iLCJ2ZXJzaW9uIjoiMSIsIml0ZXJhdGlvbnMiOiI0MDAwIiwiYWxnb3JpdGhtIjoiUEJLREYyV2l0aEhtYWNTSEExIn0=
| http://192.168.122.176:80/ovirt-engine/ |
/etc/pki/ovirt-engine/certs/engine.c
er | http:/192.168.122.176:80/ovirt-engine/services/sso-callback | oVirt Engine
| | openid ovirt-app-portal ovirt-app-admin ovirt-app-api
ovirt-ext=auth:identity ovirt-ext=token:
password-access ovirt-ext=auth:sequence-priority
ovirt-ext=token:login-on-behalf ovirt-ext=token-info:authz-search
ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovir
t-ext=revoke:revoke-all | t | TLS | f
| t
2 | ovirt-provider-ovn |
eyJhcnRpZmFjdCI6IkVudmVsb3BlUEJFIiwic2FsdCI6Ikh0Zlp5eFJEUXB2RmVaOTJCeU83NUxISXR3Uk9Nd05YUWYzd2wyS2lvSkE9Iiwic2VjcmV0IjoiOVlMZldRSHRiZDdBbVVQdnRNcTgwdndzWG8xMzN6a1V
5WXN2dEJxVEttWT0iLCJ2ZXJzaW9uIjoiMSIsIml0ZXJhdGlvbnMiOiI0MDAwIiwiYWxnb3JpdGhtIjoiUEJLREYyV2l0aEhtYWNTSEExIn0=
| http://192.168.122.176:80/ovirt-engine/ |
/etc/pki/ovirt-engine/certs/engine.c
er | http:/192.168.122.176:80/ovirt-engine/services/sso-callback |
ovirt-provider-ovn | | ovirt-app-api ovirt-ext=token-info:validate
ovirt-ext=token-info:public-authz-search
| t | TLS | f
| t
(2 rows)
Regards
Hongyu Du
From: du_hon...@yeah.net
Date: 2019-02-14 23:32
To: Ravi Nori
CC: users
Subject: [ovirt-users] Re: access engine by http
thanks Ravi, because my engine certification is signed by myself, when I visit
my ovirt-engine by browser, browser need add security exception, so I want to
engine by http.
I realise /etc/httpd/conf.d/z-ovirt-engine-proxy.conf redirect /ovirt-engine to
127.0.0.1:8702 , but I do not know how to redirect https , I do not find some
redirect https info.
I fix "ProxyPassMatch ajp://127.0.0.1:8702 timeout=3600 retry=5" to
"ProxyPassMatch ajp://127.0.0.1:8543 timeout=3600 retry=5"?
Regards
Hongyu Du
From: Ravi Shankar Nori
Date: 2019-02-14 23:16
To: du_hon...@yeah.net
CC: Greg Sheremeta; users
Subject: Re: Re: [ovirt-users] access engine by http
Apache uses ajp to communicate with engine on port 8702. You can redirect from
Apache with a simple RewriteCond
to jboss port 8543 but certificate verification is not going to work which will
cause issues with all oVirt tools.
More over oVirt SSO is not going to let you access UI on port other than 443
when installed through rpms.
You will need to fiddle with the database to update the redirect uris in the
sso_clients table.
The best you can do is change the proxy port in
/etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf and keep the AJP in
place.
Why are you trying to by pass Apache?
On Thu, Feb 14, 2019 at 9:25 AM du_hon...@yeah.net <du_hon...@yeah.net> wrote:
sorry I describe errror,
my /etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf
ENGINE_FQDN=localhost.localdomain
ENGINE_PROXY_ENABLED=false
ENGINE_PROXY_HTTP_PORT=None
ENGINE_PROXY_HTTPS_PORT=None
ENGINE_AJP_ENABLED=false
ENGINE_AJP_PORT=None
ENGINE_HTTP_ENABLED=true
ENGINE_HTTPS_ENABLED=false
ENGINE_HTTP_PORT=8080
ENGINE_HTTPS_PORT=8443
I know install ovirt-engine from source in a developer setup, this can visit
engine by http. and not apache in the frontend. but I want to visit engine
that is installed rpm by http?
Besides I realize apache not redirect http to https ovirt jboss redirect http
to https?
Regards
Hongyu Du
From: Greg Sheremeta
Date: 2019-02-14 19:24
To: du_hon...@yeah.net
CC: Ravi Nori; users
Subject: Re: Re: [ovirt-users] access engine by http
Sorry, I'm still not understanding what you are trying to achieve. Nothing is
on 8843 - ?
If you install ovirt-engine from source in a developer setup, it's 8080 http by
default and no apache in front. Maybe try that.
Greg
On Thu, Feb 14, 2019 at 12:14 AM du_hon...@yeah.net <du_hon...@yeah.net> wrote:
hi Greg, Ravi
thanks, https is ok,when I try to visit http://ip:8080/ovirt-engine but still
rediect https://192.168.122.176:8443/tchyp-engine/, I want to know How to
redirect to 8843?
Besides I try to disable ssl by comment /etc/httpd/conf/httpd.conf
#IncludeOptional conf.d/*.conf,
But http is still redirect to https, I should how disable redirect?
I find this file
/usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.xml.in, I try to
delete follow line. but ovirt-engine server is not boot
<socket-binding
name="redirect"
port="{{ HTTPS_PORT }}"/>
/var/log/ovirt-engine/boot.log has some error?
13:12:43,144 INFO [org.jboss.as] WFLYSRV0049: WildFly Full 11.0.0.Final
(WildFly Core 3.0.8.Final) starting
13:12:44,644 INFO [org.jboss.as.controller.management-deprecated] WFLYCTL0028:
Attribute 'security-realm' in the resource at address
'/core-service=management/management-interface=native-interface' is deprecated,
and may be removed in future version. See the attribute description in the
output of the read-resource-description operation to learn more about the
deprecation.
13:12:44,646 INFO [org.jboss.as.controller.management-deprecated] WFLYCTL0028:
Attribute 'security-realm' in the resource at address
'/core-service=management/management-interface=http-interface' is deprecated,
and may be removed in future version. See the attribute description in the
output of the read-resource-description operation to learn more about the
deprecation.
13:12:44,677 INFO [org.jboss.as.controller.management-deprecated] WFLYCTL0028:
Attribute 'security-realm' in the resource at address
'/subsystem=undertow/server=default-server/https-listener=https' is deprecated,
and may be removed in future version. See the attribute description in the
output of the read-resource-description operation to learn more about the
deprecation.
13:12:44,677 INFO [org.jboss.as.controller.management-deprecated] WFLYCTL0028:
Attribute 'enabled-protocols' in the resource at address
'/subsystem=undertow/server=default-server/https-listener=https' is deprecated,
and may be removed in future version. See the attribute description in the
output of the read-resource-description operation to learn more about the
deprecation.
13:12:44,840 INFO [org.jboss.as.server.deployment.scanner] WFLYDS0004: Found
restapi.war in deployment directory. To trigger deployment create a file called
restapi.war.dodeploy
13:12:44,840 INFO [org.jboss.as.server.deployment.scanner] WFLYDS0004: Found
engine.ear in deployment directory. To trigger deployment create a file called
engine.ear.dodeploy
13:12:44,840 INFO [org.jboss.as.server.deployment.scanner] WFLYDS0004: Found
ovirt-web-ui.war in deployment directory. To trigger deployment create a file
called ovirt-web-ui.war.dodeploy
13:12:44,840 INFO [org.jboss.as.server.deployment.scanner] WFLYDS0004: Found
apidoc.war in deployment directory. To trigger deployment create a file called
apidoc.war.dodeploy
13:12:44,895 ERROR [org.jboss.as.controller] WFLYCTL0362: Capabilities required
by resource '/subsystem=undertow/server=default-server/http-listener=http' are
not available:
org.wildfly.network.socket-binding.redirect; Possible registration points
for this capability:
/socket-binding-group=*/socket-binding=*
13:12:44,900 FATAL [org.jboss.as.server] WFLYSRV0056: Server boot has failed in
an unrecoverable manner; exiting. See previous messages for details.
13:12:44,920 INFO [org.jboss.as] WFLYSRV0050: WildFly Full 11.0.0.Final
(WildFly Core 3.0.8.Final) stopped in 13ms
Regards
Hongyu Du
From: Greg Sheremeta
Date: 2019-02-14 04:08
To: du_hon...@yeah.net; Ravi Nori
CC: users
Subject: Re: [ovirt-users] access engine by http
What are you trying to achieve? SSL is good :)
I suspect you have to disable ssl in the apache server
/etc/httpd/conf.d/ssl.conf
but I'm not really sure.
And, if you do, I suspect some things that use certificates won't work, either
(console, disk upload, etc.)
Ravi might know more.
Greg
On Wed, Feb 13, 2019 at 3:39 AM du_hon...@yeah.net <du_hon...@yeah.net> wrote:
I want to access engine by http, after engine-setup success, I fix
/etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf
ENGINE_FQDN=localhost.localdomain
ENGINE_PROXY_ENABLED=false
ENGINE_PROXY_HTTP_PORT=None
ENGINE_PROXY_HTTPS_PORT=None
ENGINE_AJP_ENABLED=false
ENGINE_AJP_PORT=None
ENGINE_HTTP_ENABLED=true
ENGINE_HTTPS_ENABLED=false
ENGINE_HTTP_PORT=8080
ENGINE_HTTPS_PORT=443
but I access http://ip:8080/ovirt-engine , still browser is redirect to https,
I should how to disable redirect?
Regards
Hongyu Du
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5K4Z2Y5ORRCA4QLQLA5BPPJNSEP6JKNN/
--
GREG SHEREMETA
SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX
Red Hat NA
gsher...@redhat.com IRC: gshereme
--
GREG SHEREMETA
SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX
Red Hat NA
gsher...@redhat.com IRC: gshereme
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/36C4KGTUCPZ7S5CA6PQPZT5DIMKA3HHP/
